2015-07-02  John Ferlan  <jferlan@redhat.com>

	phyp: Resolve Coverity FORWARD_NULL
	Commit id 'cd490086' added a VIR_FORCE_CLOSE of the 'sock', but it
	was after the VIR_FREE() of phyp_driver, resulting in a possible/likely
	NULL dereference.

	util: Resolve Coverity FORWARD_NULL
	Convert virPCIDriverDir to return the buffer allocated (or not) and make the
	appropriate check in the caller.

	util: Resolve Coverity FORWARD_NULL
	Convert virPCIDriverFile to return the buffer allocated (or not) and make the
	appropriate check in the caller.

	util: Resolve Coverity FORWARD_NULL
	Convert virPCIFile to return the buffer allocated (or not) and make the
	appropriate check in the caller.

2015-07-01  Michal Privoznik  <mprivozn@redhat.com>

	lxc: Don't pass a local variable address randomly
	So, recently I was testing the LXC driver. You know, startup some
	domains. But to my surprise, I was not able to start a single one:
	  virsh # start --console test
	  error: Reconnected to the hypervisor
	  error: Failed to start domain test
	  error: internal error: guest failed to start: unexpected exit status 125
	So I've start digging. It turns out, that in virExec(), when I printed
	out the @cmd, I got strange values: *(cmd->outfdptr) was certainly not
	valid FD number: it has random value of several millions. This
	obviously made prepareStdFd(childout, STDOUT_FILENO) fail (line 611).
	But outfdptr is set in virCommandSetOutputFD(). The only place within
	LXC driver where the function is called is in
	virLXCProcessBuildControllerCmd(). If you take a closer look at the
	function it looks like this:
	static virCommandPtr
	virLXCProcessBuildControllerCmd(virLXCDriverPtr driver,
	                                ..
	                                int logfd,
	                                const char *pidfile)
	{
	    ...
	    virCommandSetOutputFD(cmd, &logfd);
	    virCommandSetErrorFD(cmd, &logfd);
	    ...
	}
	Yes, you guessed it. @logfd is passed into the function by value.
	However, in the function we try to get its address (an address of a
	local variable) which is no longer valid once function is finished and
	stack is cleaned. Therefore when cmd->outfdptr is evaluated at any
	point after this function, we may get a random number, depending on
	what's currently on the stack. Of course, this may work sometimes too
	- it depends on the compiler how it arranges the code, when the stack
	is wiped out.
	In order to fix this, lets pass a pointer to @logfd instead of
	figuring out (wrong) its value in a function.
	The bug was introduced in e1de5521.

2015-07-01  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity DEADCODE
	Commit id 'f967e7a6' didn't place the closing parentheses quite right
	causing DEADCODE errors since the rc setting/comparison was wrong.

2015-07-01  Peter Krempa  <pkrempa@redhat.com>

	conf: qemu: Taint VMs using custom device tree blob
	Using a custom device tree image may cause unexpected behavior in
	architectures that use this approach to detect platform devices. Since
	usually the device tree is generated by qemu and thus it's not normally
	used let's taint VMs using it to make it obvious as a possible source of
	problems.

	qemu: Audit memory size with memory hotplug operations
	The memory device hot(un)plug was missing calls to the auditing code.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1226234

	conf: audit: Audit physical memory size rather than balloon request
	Since the balloon driver does not guarantee that it returns memory to
	the host, using the value in the audit message is not a good idea.
	This patch removes auditing from updating the balloon size and reports
	the total physical size at startup.

2015-07-01  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid using ".(null)" in UNIX socket path
	The code which generates paths for UNIX socket blindly used target name
	without checking if it was set. Thus for the following device XML
	    <channel type='unix'>
	      <source mode='bind'/>
	      <target type='virtio'/>
	    </channel>
	we would generate "/var/lib/libvirt/qemu/channel/target/NAME.(null)"
	path which works but is not really correct. Let's not use the
	".target_name" suffix at all if target name is not set.
	https://bugzilla.redhat.com/show_bug.cgi?id=1226854

2015-07-01  Peter Krempa  <pkrempa@redhat.com>

	qemu: agent: Don't automatically disable CPU0 via guest agent
	While CPU0 was made unpluggable in Linux a while ago it's not desirable
	to unplug it since some parts of the kernel (suspend-to-ram) still
	depend on it.
	This patch fixes the vCPU selection code in libvirt so that it will not
	be disabled.

2015-07-01  Luyao Huang  <lhuang@redhat.com>

	qemu: End job even if exiting monitor after OpenGraphics(FD) fails

2015-07-01  Ján Tomko  <jtomko@redhat.com>

	qemu: properly free addresses on non-serial chardev unplug
	The target type comparison in qemuDomainDetachChrDevice
	used the VIR_DOMAIN_CHR_SERIAL_TARGET_TYPE enum, so virtio-serial
	addresses were not freed properly for channel devices.
	Call qemuDomainReleaseDeviceAddress uncoditionally and decide
	based on the address type instead of the target/device types.

2015-07-01  Luyao Huang  <lhuang@redhat.com>

	qemu: fix address allocation on chardev attach
	Also check the device type when deciding what type the address should
	be. Commit 9807c47 (aiming to fix another error in address allocation)
	only checked the target type, but its value is different for different
	device types. This resulted in an error when trying to attach
	a channel with target type 'virtio':
	error: Failed to attach device from channel-file.xml
	error: internal error: virtio serial device has invalid address type
	Make the logic for releasing the address dependent only on
	* the address type
	* whether it was allocated earlier
	to avoid copying the device and target type checks.
	https://bugzilla.redhat.com/show_bug.cgi?id=1230039

2015-07-01  Jim Fehlig  <jfehlig@suse.com>

	libxl: Set def->vcpus after successfully modifying live vcpu count
	def->vcpus was never updated after successfully changing the live
	vcpu count of a domain. Subsequent queries for vcpu info would
	return incorrect results.  E.g.:
	virsh vcpucount test
	maximum      config         4
	maximum      live           4
	current      config         4
	current      live           4
	virsh setvcpus test 2
	virsh vcpucount test
	maximum      config         4
	maximum      live           4
	current      config         4
	current      live           4
	After patch, live current config is reported correctly:
	virsh vcpucount test
	maximum      config         4
	maximum      live           4
	current      config         4
	current      live           2
	While fixing this, noticed that the live config was not saved
	to cfg->stateDir via virDomainSaveStatus. Save the live config
	and change error handling of virDomainSave{Config,Status} to
	log a message via VIR_WARN, instead of failing the entire
	DomainSetVcpusFlags operation.

	libxl: honor domainGetXMLDesc() --inactive flag
	The libxl driver always uses virDomainObj->def when formatting
	the domain XML description.  Use virDomainObj->newDef when
	--inactive flag is set.

	libxl: don't remove persistent domain on start failure
	libxlDomainCreateXML() would remove a persistent domain if
	libxlDomainStart() failed.  Check if domain is persistent
	before removing.

	libxl: don't overwrite domain state from statedir config
	When restarting libvirtd and reconnecting to running domains,
	libxlReconnectDomain() would unconditionally set the domain state
	to VIR_DOMAIN_RUNNING, overwriting the state maintained in
	$statedir/<domname>.xml.  A domain in a paused state would have
	the state changed to running, even though it was actually in a
	paused state.

2015-06-30  John Ferlan  <jferlan@redhat.com>

	qemu: Add missing on_crash lifecycle type
	https://bugzilla.redhat.com/show_bug.cgi?id=1201760
	When the domain "<on_crash>coredump-destroy</on_crash>" is set, the
	domain wasn't being destroyed, rather it was being rebooted.
	Add VIR_DOMAIN_LIFECYCLE_CRASH_COREDUMP_DESTROY to the list of
	on_crash types that cause "-no-reboot" to be added to the qemu
	command line.

	Use the correct symbol for 'onCrash'
	Although defined the same way, fortunately there hadn't been any deviation.
	Ensure any assignments to onCrash use VIR_DOMAIN_LIFECYCLE_CRASH_* defs and
	not VIR_DOMAIN_LIFECYCLE_* defs

	mpath: Don't allow more than one mpath pool at a time
	https://bugzilla.redhat.com/show_bug.cgi?id=1232606
	Since an mpath pool contains all the Multipath devices on a host, allowing
	more than one defined on a host at a time should be disallowed under the
	policy of disallowing duplicate source pools for the host.
	Adjust to docs to clarify the Multipath target path value usage for both
	the storage driver (only 1 pool per host) and formatstorage references
	(ignore the target element in favor of the default target mapping of
	/dev/mapper).

	mpath: Update path in CheckPool function
	https://bugzilla.redhat.com/show_bug.cgi?id=1230664
	Per the devmapper docs, use "/dev/mapper" or "/dev/dm-n" in order to
	determine if a device is under control of DM Multipath.
	So add "/dev/mapper" to the virFileExists, leaving the "/dev/mpath"
	as a "legacy" option since it appears for a while it was the preferred
	mechanism, but is no longer maintained

	conf: Validate disk lun using correct types
	https://bugzilla.redhat.com/show_bug.cgi?id=1201143
	The formatdomain.html description for <disk> device 'lun' indicates that
	it must be either a type 'block' or type 'network' with protocol 'iscsi';
	however, we did not make that check until domain startup.
	This caused issues for virt-manager which had an unexpected failure at
	run time rather config time.
	This patch adds a check in post part disk device checking for the specific
	and supported lun types as well as adjusting the test failure to be for
	parse config rather than run time.

2015-06-30  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Storage: Introduce shadow vol for refresh while the main vol builds.
	Libvirt periodically refreshes all volumes in a storage pool, including
	the volumes being cloned.
	While cloning a storage volume from parent, we drop pool locks. Subsequent
	volume refresh sometimes changes allocation for an ongoing copy, and leads
	to corrupt images.
	Fix: Introduce a shadow volume that isolates the volume object under refresh
	from the base which has a copy ongoing.

2015-06-30  Peter Krempa  <pkrempa@redhat.com>

	conf: storage: Fix duplicate check for gluster pools
	The pool name has to be the same too to warrant rejecting a pool
	definition as duplicate. This regression was introduced in commit
	2184ade3a0546b915252cb3b6a5dc88e9a8d2ccf.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1236438

	qemu: event: Clean up VNC monitor handling
	Get rid of spice specific stuff from the handler func and save a few
	lines by reflowing the conditions.

	qemu: event: Properly handle spice events
	Spice events have mostly similar information present in the event JSON
	but they differ in the name of the element containing the port.
	The JSON event also provides connection ID which might be useful in the
	future.
	This patch splits up the event parser code into two functions and the
	SPICE reimplements the event parsing with correct names and drops the
	VNC only stuff.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1236585

	Revert "Introduce QEMU_CAPS_ARM_VIRT_PCI"
	The capability was not used up to the feature freeze.
	This reverts commit 7f3515b4bb677d0ead1887547efc844e4761268a.

	qemu: Close the agent connection only on agent channel events
	processSerialChangedEvent processes events for all channels. Commit
	2af51483 broke all agent interaction if a channel other than the agent
	closes since it did not check that the event actually originated from
	the guest agent channel.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1236924
	Fixes up: https://bugzilla.redhat.com/show_bug.cgi?id=890648

2015-06-30  John Ferlan  <jferlan@redhat.com>

	storage: Set correct vol->type at VolCreate
	https://bugzilla.redhat.com/show_bug.cgi?id=1227664
	If the requested format type for the new entry in the file system pool
	is a 'dir', then be sure to set the vol->type correctly as would be done
	when the pool is refreshed.

2015-06-30  Andrea Bolognani  <abologna@redhat.com>

	Fix typo incomaptible -> incompatible

2015-06-30  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix assignment of the default spicevmc channel name
	Make sure we only assign the default spicevmc channel name to spicevmc
	virtio channels. Caused by commits 3269ee65 and 1133ee2b, which moved
	the assignment from XML parsing code to QEMU but failed to keep the
	logic.
	https://bugzilla.redhat.com/show_bug.cgi?id=1179680

2015-06-29  Jiri Denemark  <jdenemar@redhat.com>

	qemuxml2argv: Remove Haswell CPU from unrelated tests
	Proper Haswell CPU model handling is tested in several
	qemuxml2argv-cpu-* which are run in a special environment. Let's remove
	the CPU model from other tests to make them less fragile.

2015-06-28  Martin Kletzander  <mkletzan@redhat.com>

	Revert "Change livbirt version to 1.3.0 for the next release"
	This reverts commit 9a8d916e89173890d7f7ce538b1ab781192b8440.
	Also some changes that were introduced after that commit are fixed to
	use 1.2.17 instead of 1.3.0

	Temporarily disable admin API
	Don't listen on the admin socket in the daemon and comment out the
	admin devel files out of specfile.
	Library is still being compiled and installed in order to link easily
	without any disturbing modifications to the daemon code.

	spec: Remove admin package specification
	Its only file must be included in the daemon package anyway, since the
	daemon is linked with the admin library and so then it's just an empty
	package until we have virt-admin binary which we can decide later on
	whether to just move it to clients or create a new package for it.

2015-06-27  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity RESOURCE_LEAK
	Commit id '15fa84acb' added the alias fetch, but forgot to free it.

	docs: Clarification for when allowed to use 'lun' for "volume"
	While re-reading what I wrote for commit id '785a8940e', I realized
	I needed to clarify that being able to present as a 'lun', the mode
	property for the pool source element needed to be "host" (or empty)
	and not "direct".
	It was described correctly later in the mode host description, but
	this just ensures it's not missed here as well.

2015-06-27  Laine Stump  <laine@laine.org>

	docs: document when pcie-root/dmi-to-pci-bridge support was added
	Also move the mention of version numbers for the various PCI
	controller models up to the end of the sentence where they are first
	given, to avoid confusion.

	qemu: ignore assumptions about hotplug requirement when address is from config
	Certain PCI buses don't support hotplug, and when automatically
	assigning PCI addresses for devices, libvirt is very conservative in
	its assumptions about whether or not a device will need to be
	hotplugged/unplugged in the future. But if the user manually assigns
	an address, they likely are aware of any hotplug requirements of the
	device (or at least they should be).
	In short, after this patch, automatically PCI address assignment will
	assume that the device must be plugged in to a hot-pluggable slot, but
	manually assignment can place the device in any bus that is
	compatible, regardless of whether or not it supports hotplug. If the
	user makes a mistake and plugs the device into a bus that doesn't
	support hotplug, then later tries to do a hot-unplug, qemu will give
	an appropriate error.
	(in the future we may want to add a "hotpluggable" attribute to all
	devices, with default being "yes" for autoassign, and "no" for manual
	assign).

	qemu: always permit PCI devices to be manually assigned to a PCIe bus
	When support for the pcie-root and dmi-to-pci-bridge buses on a Q35
	machinetype was added, I was concerned that even though qemu at the
	time allowed plugging a PCI device into a PCIe port, that it might not
	be supported in the future. To prevent painful backtracking in the
	possible future where this happened, I disallowed such connections
	except in a few specific cases requested by qemu developers (indicated
	in the code with the flag VIR_PCI_CONNECT_TYPE_EITHER_IF_CONFIG).
	Now that a couple years have passed, there is a clear message from
	qemu that there is no danger in allowing PCI devices to be plugged
	into PCIe ports. This patch eliminates
	VIR_PCI_CONNECT_TYPE_EITHER_IF_CONFIG and changes the code to always
	allow PCI->PCIe or PCIe->PCI connection *when the PCI address is
	specified in the config. (For newly added devices that haven't yet
	been given a PCI address, the auto-placement still prefers using the
	correct type of bus).

	qemu: refactor qemuBuildControllerDevStr to eliminate future duplicate code
	The PCI case of the switch statement in this function contains another
	switch statement with a case for each model. Currently every model
	except pci-root and pcie-root has a check for index > 0 (since only
	those two can have index==0), and the function should never be called
	for those two anyway. If we move the check for !pci[e]-root to the top
	of the pci case, then we can move the check for index > 0 out of the
	individual model cases. This will save repeating that check for the
	three new controller models about to be added.

2015-06-26  Peter Krempa  <pkrempa@redhat.com>

	test: qemu: Make sure that wr_highest_offset_valid gets set properly
	Remove one instance of the field being present so that the code that
	sets that flag can be tested.

	qemu: monitor: Remove qemuMonitorGetBlockExtent
	Now that qemuMonitorGetAllBlockStatsInfo collects also wr_highest_offset
	the whole function can be killed.

	qemu: Refactor qemuDomainGetBlockInfo
	Change the code so that it queries the monitor when the VM is alive.

	qemu: monitor: Open-code retrieval of wr_highest_offset
	Instead of using qemuMonitorJSONDevGetBlockExtent (which I plan to
	remove later) extract the data in place.
	Additionally add a flag that will be set when the wr_highest_offset was
	extracted correctly so that callers can act according to that.
	The test case addition should help make sure that everything works.

	qemu: monitor: Fix indentation in qemuMonitorJSONGetOneBlockStatsInfo

	internal: Introduce virCheckNonEmptyStringArgGoto and reuse it
	The helper makes sure that strings passed to APIs are non-NULL and
	non-empty. This allows to drop some inlined checks where it does not
	make sense.

	vz: Fix build after recent commit
	Function prlsdkGetStatsParam was missing a prototype or the static
	keyword. I went with static since it built successfully.
	Pushed as a build breaker fix.

2015-06-26  Nikolay Shirokovskiy  <nshirokovskiy@parallels.com>

	vz: add memory statistics
	Implemented counters:
	 VIR_DOMAIN_MEMORY_STAT_SWAP_IN
	 VIR_DOMAIN_MEMORY_STAT_SWAP_OUT
	 VIR_DOMAIN_MEMORY_STAT_MINOR_FAULT
	 VIR_DOMAIN_MEMORY_STAT_MAJOR_FAULT
	 VIR_DOMAIN_MEMORY_STAT_AVAILABLE
	 VIR_DOMAIN_MEMORY_STAT_ACTUAL_BALLOON
	 VIR_DOMAIN_MEMORY_STAT_UNUSED
	Comments.
	1. Use vzDomObjFromDomainRef/virDomainObjEndAPI pair to get domain
	object as we use prlsdkGetStatsParam. See previous statistics
	comments.
	2. Balloon statistics is not applicable to containers. Fault
	statistics for containers not provided in PCS6 yet.

	vz: add vcpu statistics
	Comments.
	Replace vzDomObjFromDomain/virObjectUnlock pair
	to vzDomObjFromDomainRef/virDomainObjEndAPI as we
	use prlsdkGetStatsParam. See previous statistics
	comments.

2015-06-26  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: cleanup, make in par net device lookup functions
	Make net device lookup by mac return sdk handle
	instead of quite ephemeral enumeration index. After
	this change there is no need anymore in special
	function of removing device by enumeration index.

2015-06-26  Nikolay Shirokovskiy  <nshirokovskiy@parallels.com>

	vz: add net dev statistiscs
	Populate counters SDK currenly supports:
	 rx_bytes
	 rx_packets
	 tx_bytes
	 tx_packets
	Comments.
	Use vzDomObjFromDomainRef/virDomainObjEndAPI pair to get domain
	object as we use prlsdkGetStatsParam that can release domain
	object lock and thus we need a reference in case domain
	is deleated meanwhile.

2015-06-26  Michal Privoznik  <mprivozn@redhat.com>

	docs: Don't keep temporary files around
	In my previous fix (1310b1358) I've tried to solve an ordering
	issue.  Well, while it worked it has a side effect of keeping a
	temporary file around. My patch was buggy in that sense. Solve
	this by properly marking the dependency without any side effect.

	vz_utils: Reformat
	Honour our formatting style. Adjust indentation so it matches the
	rest of our code.

	vz_storage: Reformat
	Honour our formatting style. Adjust indentation so it matches the
	rest of our code.

	vz_sdk: Reformat
	Honour our formatting style. Adjust indentation so it matches the
	rest of our code.

	vz_network: Reformat
	Honour our formatting style. Adjust indentation so it matches the
	rest of our code.

	vz_driver: Reformat
	Honour our formatting style. Adjust indentation so it matches the
	rest of our code.

	qemuBuildMemoryBackendStr: Honour passed @pagesize
	So far the argument has not much meaning and was practically ignored.
	This is not good since when doing memory hotplug, the size of desired
	hugepage backing is passed in that argument. Taking closer look at the
	tests I'm fixing reveals the bug. For instance, while the following is
	in the test:
	    <memory model='dimm'>
	      <source>
	        <nodemask>1-3</nodemask>
	        <pagesize unit='KiB'>4096</pagesize>
	      </source>
	      <target>
	        <size unit='KiB'>524287</size>
	        <node>0</node>
	      </target>
	      <address type='dimm' slot='0' base='0x100000000'/>
	    </memory>
	the generated commandline corresponding to this XML was:
	    -object memory-backend-ram,id=memdimm0,size=536870912,\
	    host-nodes=1-3,policy=bind
	Have you noticed? Yes, memory-backend-ram! Nothing can be further away
	from the right answer. The hugepage backing is requested in the XML
	and we happily ignore it. This is just not right. It's
	memory-backend-file which should have been used:
	    -object memory-backend-file,id=memdimm0,prealloc=yes,\
	    mem-path=/dev/hugepages4M/libvirt/qemu,size=536870912,\
	    host-nodes=1-3,policy=bind
	The problem is, that @pagesize passed to qemuBuildMemoryBackendStr
	(where this part of commandline is built) was ignored. The hugepage to
	back memory was searched only and only by NUMA nodes pinning. This
	works only for regular guest NUMA nodes.
	Then, I'm changing the hugepages size in the test XMLs too. This is
	simply because in the test suite we create dummy mount points just for
	2M and 1G hugepages. And in the test 4M was requested. I'm sticking to
	2M, but 1G should just work too.

	qemuBuildMemoryBackendStr: Fix hugepages lookup process
	https://bugzilla.redhat.com/show_bug.cgi?id=1196644
	This function constructs the backend (host facing) part of the
	memory device.  At the beginning, the configured hugepages are
	searched to find the best match for given guest NUMA node.
	Configured hugepages can have a @nodeset attribute to specify on
	which guest NUMA nodes should be the hugepages backing used.
	There is, however, one 'corner case'. Users may just tell 'use
	hugepages to back all the nodes'. In other words:
	  <memoryBacking>
	    <hugepages/>
	  </memoryBacking>
	  <cpu>
	    <numa>
	      <cell id='0' cpus='0-1' memory='1024000' unit='KiB'/>
	    </numa>
	  </cpu>
	Our code fails in this case. Well, since there's no @nodeset (nor
	any <page/> child element to <hugepages/>) we fail to lookup the
	default hugepage size to use.

2015-06-26  Luyao Huang  <lhuang@redhat.com>

	conf: Format scheduler priority when it is zero
	https://bugzilla.redhat.com/show_bug.cgi?id=1235116
	According to our XML definition, zero is as valid as any other value.
	Mainly because it should be kernel-agnostic.

2015-06-25  Peter Krempa  <pkrempa@redhat.com>

	test: Refactor testNodeGetCPUMap
	Drop locking of the driver since it is not accessed and simplify the
	code flow.

	test: Refactor vcpu pinning and vcpu info retrieval
	Drop internal data structures and use the proper fields in virDomainDef.
	This allows to greatly simplify the code and allows to remove the
	private data structure that was holding just redundant data.
	This patch also fixes the bogous output where we'd report that a fresh
	VM without vCPU pinning would not run on all vcpus.

	test: Refactor testDomainSetVcpusFlags
	Remove the bogus flag check and refactor the code by using
	virDomainObjGetDefs instead of virDomainObjGetPersistentDef.

	test: Refactor test driver domain object retrieval
	Reuse testDomObjFromDomain to retrieve domain objects in the rest of
	the test driver instead of open-coding it in every API.

	test: Drop locked access to testDriver->domains
	Only self-locking APIs are used and the pointer is immutable so there's
	no need to lock the driver to access the domain list.
	This patch removes locking partially for everything that will not be
	converted to testDomObjFromDomain in the next patch.

	test: Finalize removal of locking from driver->eventState
	Don't lock the driver when registering event callbacks.

	test: Refactor test driver event sending
	Make testObjectEventQueue tolerant to NULL @event and move it so that it
	does not require a prototype. Additionally we are now able to remove
	locking when accessing driver->eventState, since it's using self-locking
	APIs and the pointer is immutable.

	test: Use atomic access to @nextDomID in struct virTestDriver

	test: Annotate few fields of testDriver structure
	Some of the fields are either immutable or self locking, so make a note
	of that for future reference.

	test: Drop unused attribute @path from testDriver struct
	It's filled and then freed, but not used anywhere else.

	test: Extract common parts of test driver data allocation

	test: Extract code to free testDriver into testDriverFree
	Avoid reimplementing it 3 times.

	test: turn 'defaultConn' into a pointer

	test: Drop useless forward declaration

	test: Rename testConn to testDriver

2015-06-25  Luyao Huang  <lhuang@redhat.com>

	qemu: Avoid removing persistent config if migration fails
	When migration fails in qemuMigrationPrepareAny, we unconditionally call
	qemuDomainRemoveInactive, which should only be called for transient
	domains. The check for !vm->persistent was accidentally removed by
	commit 540c339.

2015-06-25  Michal Privoznik  <mprivozn@redhat.com>

	vz: Adapt to driver rename
	In the e6d180f07fb06 commit the parallels driver was renamed to vz.
	However, there was a commit merged later, which was sent to the list
	before the rename. The other commit is 6de12b026b73. Fix all the
	missing renames.

2015-06-25  Eric Blake  <eblake@redhat.com>

	json: enhance parser test
	We already enable the parser option to detect invalid UTF-8, but
	didn't test it.  Also, JSON states that behavior of an object
	with a duplicated key is undefined; we chose to reject it, but
	were not testing it.
	With the enhanced tests in place, we can simplify yajl2
	initialization by relying on parser defaults being sane.
	* src/util/virjson.c (virJSONValueFromString): Simplify.
	* tests/jsontest.c (mymain): Test more bad usage.

	json: even stricter trailing garbage detection
	Since older yajl ignores trailing garbage, a client can cause
	problems by intentionally ending the wrapper array early. Since
	we already track nesting, it's not too much harder to reject
	invalid nesting pops.
	* src/util/virjson. (_virJSONParser): Add field.
	(virJSONValueFromString): Set witness.
	(virJSONParserHandleEndArray): Use it to catch abuse.
	* tests/jsontest.c (mymain): Test it.

	json: reject trailing garbage
	Yajl 2 has a nice feature that it can be configured whether to
	allow multiple JSON objects parsed from a single stream, defaulting
	to off.  And yajl 1.0.12 at least provided a way to tell if all
	input bytes were parsed, or if trailing bytes remained after a
	valid JSON object was parsed.  But we target RHEL 6 yajl 1.0.7,
	which has neither of these.  So fake it by always parsing '[...]'
	instead, so that trailing garbage either trips up the array parse,
	or is easily detected when unwrapping the result.
	* src/util/virjson.c (virJSONValueFromString): With older json,
	wrap text to avoid trailing garbage.
	* tests/jsontest.c (mymain): Add tests for this.

	json: reject javascript comments
	We have been allowing javascript style comments in JSON ever
	since commit 9428f2c (v0.7.5), but qemu doesn't send them, and
	they are not strict JSON.  Reject them for now; if we can later
	prove that it is worthwhile, we can reinstate it at that point
	(or even make it conditional, by adding a bool parameter to
	the libvirt entry point).
	* src/util/virjson.c (virJSONValueFromString): Don't enable
	comment parsing.
	* tests/jsontest.c (mymain): Test it.

	json: cope with older yajl semantics
	Commit ceb496e5 fails on RHEL 6, with yajl 1.0.7, because that
	version of yajl returns yajl_status_insufficient_data when the
	parser is waiting for the rest of a token (this enum value was
	dropped in yajl 2, so we have to wrap it).  It also exposes a
	problem where older yajl silently ignores trailing garbage after
	a successful parse, so this patch works around that by changing
	the testsuite.  Another more invasive patch can add tighter
	semantics to json parsing, but this is sufficient for a minimal
	clean backport.
	While touching this, fix up our error message cleanup. Yajl
	documents that error messages produced by yajl_get_error()
	MUST be cleaned with yajl_free_error(); this is certainly
	true if we were to pass non-NULL allocator callbacks during
	yajl_alloc(), but probably harmless in our usage of passing
	NULL.  But better safe than sorry.
	* src/util/virjson.c (virJSONValueFromString): Allow different
	error code.  Use canonical cleanup of error message.
	(VIR_YAJL_STATUS_OK): New helper macro.
	* tests/jsontest.c (mymain): Wrap text to avoid difference in
	trailing garbage handling

2015-06-25  Dmitry Guryanov  <dguryanov@parallels.com>

	vz: fix syntax-check errors
	Remove braces around single-statement blocks in vz_sdk.c

2015-06-24  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: implementation of attach/detach network devices
	In this patch we add VIR_DOMAIN_DEVICE_NET handlers implementation
	for domainAttachDevice and domainDetachDevice callbacks.
	As soon as we don't support this operation for hypervisor type domains,
	we implement this functionality for containers only.
	In detach procedure we find network device by MAC address.
	Because PrlVmDevNet_GetMacAddress() returns MAC as a UTF-8 encoded
	null-terminated string, we use memcmp() to compare it.
	Also we remove corresponding virtual network by prlsdkDelNetAdapter call.

2015-06-24  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	Test for the new watchdog model diag288
	Adding a test for the new watchdog model diag288.

	Support for the new watchdog model diag288
	This patch provides support for the new watchdog model "diag288".
	Reviewed-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
	Reviewed-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com>

	Test for the new watchdog action inject-nmi
	Adding a test for the new watchdog action "inject-nmi".

	Support for a new watchdog action inject-nmi
	This patch provides support for a new watchdog action "inject-nmi" which
	allows to define an inject of a non-maskable interrupt into a guest.
	Reviewed-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
	Reviewed-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com>

2015-06-24  John Ferlan  <jferlan@redhat.com>

	scsi: Force error for SCSI pools on virStorageBackendSCSIFindLUs failure
	Related to :
	https://bugzilla.redhat.com/show_bug.cgi?id=1171933
	Rather than ignore the return status from virStorageBackendSCSIFindLUs,
	cause a failure to start the pool if a -1 is returned. Issue was noted
	during testing of the bz for iscsi that 'scsi' and 'fc' pools don't fail.

2015-06-24  Michal Privoznik  <mprivozn@redhat.com>

	vircapstest: Properly report error for failed tests
	There are two macros used in the test: CAPSCOMP and CAPS_EXPECT_ERR.
	Both run a test case and if a failure occurred, they set the @ret
	variable to a value of -1 to indicate an error. Well, that's what they
	should do. Due to a typo, they set the variable to a positive one
	effectively masking any failed test.
	Then, we have couple of tests failing. Fix them too.

2015-06-24  John Ferlan  <jferlan@redhat.com>

	conf: Adjust invalid secrettype setting during parse
	Commit id '1feaccf0' attempted to handle an empty secrettype value; however,
	it made a mistake by processing the secretType as if it was the original
	secrettype string.  The 'secretType' is actually whether 'usage' or 'uuid'
	was used.
	Thus adjust part of the change to make the same check for def->src->type !=
	VIR_STORAGE_TYPE_VOLUME before setting auth_secret_usage from the
	secrettype field.
	Luckily the aforementioned commits misdeed would be overwritten by the
	call to virStorageTranslateDiskSourcePool

2015-06-24  Luyao Huang  <lhuang@redhat.com>

	conf: improve the way we format blkiotune and cputune
	Just refactor existing code to use a child buf instead of
	check all element before format <blkiotune> and <cputune>.
	This will avoid the more and more bigger element check during
	we introduce new elements in <blkiotune> and <cputune> in the
	future.

2015-06-24  Martin Kletzander  <mkletzan@redhat.com>

	docs: Fix trivial copy-paste error

2015-06-24  Luyao Huang  <lhuang@redhat.com>

	Improve some errors for openconsole/channel
	Functions like virDomainOpenConsole() and virDomainOpenChannel() accept
	NULL as a dev_name parameter.  Try using alias for the error message if
	dev_name is not specified.
	Before:
	  error: internal error: character device <null> is not using a PTY
	After:
	  error: internal error: character device serial0 is not using a PTY

2015-06-24  Peter Krempa  <pkrempa@redhat.com>

	conf: Enforce scheduler name when parsing XML
	We require the scheduler name attribute in the schemas but the code
	would actually be fine when it was omitted. Make it mandatory.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1234729

2015-06-23  Michal Privoznik  <mprivozn@redhat.com>

	docs: Properly mark acl.html dependencies
	The acl.html file includes aclperms.htmlinc which is generated.
	However, acl.html is generated too from acl.html.tmp. And in fact,
	this is the place where the aclperms file is needed. Fix the
	dependency in Makefile.

2015-06-23  John Ferlan  <jferlan@redhat.com>

	storage: Force setting of disk format type
	Commit id '832a9256' adjusted the code to recognize when the default
	type of "unknown" was provided as the format type and to use "dos" if
	found. Since the pool is built with "dos" and it could cause some
	confusion when formatting the XML after building by seeing "unknown"
	in the output, let's just adjust the pool's setting to "dos" so that
	subsequent formats will see the value.

	docs: Adjust Disk storage rng
	Currently the grammar uses "none" for a "valid" Disk Storage Pool
	format type; however, virStoragePoolFormatDisk uses "unknown" so
	virt-xml-validate will fail to validate when "unknown" is found

2015-06-23  Martin Kletzander  <mkletzan@redhat.com>

	admin: Fix mingw build by reordering includes
	By trying to lead the way of clean includes, I sorted the lines
	alphabetically and that is a problem for mingw builds with gnulib.
	As 'configmake.h' defines DATADIR and 'datatypes.h' transitively
	includes 'winsock.h' that uses 'DATADIR' as a name for a struct,
	it's enough to reorder those.
	Even though this might be worked around in gnulib later on, this
	fixes the build for now.

2015-06-23  Eric Farman  <farman@linux.vnet.ibm.com>

	docs: Correct typos in scsi hostdev and address elements
	The type='scsi' parameter of an address element is ignored
	if placed within a hostdev section, and rejected by the XML
	schema used by virt-xml-validate. Remove it from the doc,
	and correct a typo in the remaining address arguments.
	Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

	docs: Fix XML schema handling of LUN address in hostdev tag
	Defining a domain with a SCSI disk attached via a hostdev
	tag and a source address unit value longer than two digits
	causes an error when editing the domain with virsh edit,
	even if no changes are made to the domain definition.
	The error suggests invalid XML, somewhere:
	  # virsh edit lmb_guest
	  error: XML document failed to validate against schema:
	  Unable to validate doc against /usr/local/share/libvirt/schemas/domain.rng
	  Extra element devices in interleave
	  Element domain failed to validate content
	The virt-xml-validate tool fails with a similar error:
	  # virt-xml-validate lmb_guest.xml
	  Relax-NG validity error : Extra element devices in interleave
	  lmb_guest.xml:17: element devices: Relax-NG validity error :
	  Element domain failed to validate content
	  lmb_guest.xml fails to validate
	The hostdev tag requires a source address to be specified,
	which includes bus, target, and unit address attributes.
	According to the SCSI Architecture Model spec (section
	4.9 of SAM-2), a LUN address is 64 bits and thus could be
	up to 20 decimal digits long.  Unfortunately, the XML
	schema limits this string to just two digits.  Similarly,
	the target field can be up to 32 bits in length, which
	would be 10 decimal digits.
	  # lsscsi -xx
	  [0:0:19:0x4022401100000000]  disk    IBM      2107900          3.44 /dev/sda
	  # lsscsi
	  [0:0:19:1074872354]disk    IBM      2107900          3.44  /dev/sda
	  # cat lmb_guest.xml
	  <domain type='kvm'>
	    <name>lmb_guest</name>
	    <memory unit='MiB'>1024</memory>
	  ...trimmed...
	    <devices>
	      <controller type='scsi' model='virtio-scsi' index='0'/>
	      <hostdev mode='subsystem' type='scsi'>
	        <source>
	          <adapter name='scsi_host0'/>
	          <address bus='0' target='19' unit='1074872354'/>
	        </source>
	      </hostdev>
	  ...trimmed...
	Since the reference unit and target fields are used in
	several places in the XML schema, create a separate one
	specific for SCSI Logical Units that will permit the
	greater length.  This permits both the validation utility
	and the virsh edit command to succeed when a hostdev
	tag is included.
	Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

	Convert SCSI logical unit from unsigned int to unsigned long long
	The SCSI Architecture Model defines a logical unit address
	as 64-bits in length, so change the field accordingly so
	that the entire value could be stored.

	Print SCSI address attributes bus, target, unit as unsigned integer
	The address elements are all unsigned integers, so we should
	use the appropriate print directive when printing it.

	Read SCSI address attributes bus, target, unit as positive integer
	The SCSI address element attributes bus, target, and unit are expected
	to be positive values, so make sure no one provides a negative value since
	the value is stored as an unsigned.

2015-06-23  Eric Blake  <eblake@redhat.com>

	qemu: simplify json parsing
	Rather than grabbing an arbitrary JSON value and then checking
	if it has the right type, we might as well request the correct
	type to begin with.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONIOProcessEvent)
	(qemuMonitorJSONCommandWithFd, qemuMonitorJSONHandleGraphics)
	(qemuMonitorJSONGetStatus, qemuMonitorJSONExtractCPUInfo)
	(qemuMonitorJSONGetVirtType, qemuMonitorJSONGetBalloonInfo)
	(qemuMonitorJSONGetMemoryStats)
	(qemuMonitorJSONDevGetBlockExtent)
	(qemuMonitorJSONGetOneBlockStatsInfo)
	(qemuMonitorJSONGetAllBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacityOne)
	(qemuMonitorJSONBlockStatsUpdateCapacity)
	(qemuMonitorJSONGetBlockExtent)
	(qemuMonitorJSONGetMigrationStatusReply)
	(qemuMonitorJSONGetDumpGuestMemoryCapability)
	(qemuMonitorJSONAddFd, qemuMonitorJSONQueryRxFilterParse)
	(qemuMonitorJSONExtractChardevInfo)
	(qemuMonitorJSONDiskNameLookupOne)
	(qemuMonitorJSONDiskNameLookup)
	(qemuMonitorJSONGetAllBlockJobInfo)
	(qemuMonitorJSONBlockIoThrottleInfo, qemuMonitorJSONGetVersion)
	(qemuMonitorJSONGetMachines, qemuMonitorJSONGetCPUDefinitions)
	(qemuMonitorJSONGetCommands, qemuMonitorJSONGetEvents)
	(qemuMonitorJSONGetKVMState, qemuMonitorJSONGetObjectTypes)
	(qemuMonitorJSONGetObjectListPaths)
	(qemuMonitorJSONGetObjectProps, qemuMonitorJSONGetTargetArch)
	(qemuMonitorJSONGetMigrationCapabilities)
	(qemuMonitorJSONGetStringArray, qemuMonitorJSONAttachCharDev)
	(qemuMonitorJSONGetCPUx86Data, qemuMonitorJSONGetIOThreads)
	(qemuMonitorJSONGetMemoryDeviceInfo): Use shorter idioms.

	json: make it easier to type-check when getting from object
	While working in qemu_monitor_json, I repeatedly found myself
	getting a value then checking if it was an object.  Add some
	wrappers to make this task easier.
	* src/util/virjson.c (virJSONValueObjectGetByType)
	(virJSONValueObjectGetObject, virJSONValueObjectGetArray): New
	functions.
	(virJSONValueObjectGetString, virJSONValueObjectGetNumberInt)
	(virJSONValueObjectGetNumberUint)
	(virJSONValueObjectGetNumberLong)
	(virJSONValueObjectGetNumberUlong)
	(virJSONValueObjectGetNumberDouble)
	(virJSONValueObjectGetBoolean): Simplify.
	(virJSONValueIsNull): Change return type.
	* src/util/virjson.h: Reflect changes.
	* src/libvirt_private.syms (virjson.h): Export them.
	* tests/jsontest.c (testJSONLookup): New test.

	json: fully parse input string
	I was adding a JSON test, and was shocked to find out our parser
	treated the input string of "1" as invalid JSON.  It turns out
	that YAJL specifically documents that it buffers input, and that
	if the last input read could be a prefix to a longer token, then
	you have to explicitly tell the parser that the buffer has ended
	before that token will be processed.
	It doesn't help that yajl 2 renamed the function from what it was
	in yajl 1.
	* src/util/virjson.c (virJSONValueFromString): Complete parse, in
	case buffer ends in possible token prefix.
	* tests/jsontest.c (mymain): Expose the problem.

2015-06-22  Peter Krempa  <pkrempa@redhat.com>

	test: Switch to reference counting with testDomObjFromDomain
	Retrieve domain objects with reference and release them with
	virDomainObjEndAPI.

	test: Reuse virDomainObjGetOneDef in testDomainGetVcpusFlags
	The test driver copies the domain definition correctly so we can reuse
	the helper.

	virsh: blockcopy: Report error if the copy job fails
	When the block job would fail while watching it using the "--wait"
	option for blockcopy, virsh would rather unhelpfully report:
	$ virsh blockcopy vm hdc /tmp/raw.img --granularity 4096 --verbose --wait
	Now in mirroring phase
	Add a special case when the block job vanishes while waiting for it to
	finish to improve the message:
	$ virsh blockcopy vm hdc /tmp/raw.img --granularity 8192 --verbose --wait
	error: Block Copy unexpectedly failed

2015-06-22  Michal Privoznik  <mprivozn@redhat.com>

	virQEMUCapsComputeCmdFlags: Indent correctly
	There's a small formatting problem in the function. One line is
	not correctly indented. Fix this.

2015-06-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: caps: Fix syntax-check failure in version based capabilities
	A single-line 'if' body should not be encased in curly braces. Our
	syntax-check enforces it. Introduced in 7f3515b4bb677d0ead1887547efc844

2015-06-22  Pavel Fedin  <p.fedin@samsung.com>

	Introduce QEMU_CAPS_ARM_VIRT_PCI
	This capability specifies that "virt" machine on ARM has PCI controller. Enabled when version is at least 2.3.0.

2015-06-20  Ian Campbell  <ian.campbell@citrix.com>

	libxl: avoid freeing an uninitialised bitmap
	If vm->def->cputune.nvcpupin is 0 in libxlDomainSetVcpuAffinities (as
	seems to be the case on arm) then the VIR_FREE after cleanup: would be
	operating on an uninitialised pointer in map.map.
	Fix this by using libxl_bitmap_init and libxl_bitmap_dispose in the
	appropriate places (like VIR_FREE, libxl_bitmap_dispose is also
	idempotent, so there is no double free on exit from the loop).
	libxl_bitmap_dispose is slightly preferable since it also sets
	map.size back to 0, avoiding a potential source of confusion.
	This fixes the crashes we've been seeing in the Xen automated tests on
	ARM.
	I had a glance at the handful of other users of libxl_bitmap and none
	of them looked to have a similar issue.

2015-06-19  Vasiliy Tolstov  <v.tolstov@selfip.ru>

	update sheepdog client] update sheepdog client path
	Nnever sheepdog versions have dog client binary
	while old have collie. Check them both.

2015-06-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: cancel drive mirrors when p2p connection breaks
	When a connection to the destination host during a p2p migration drops,
	we know we will have to cancel the migration; it doesn't make sense to
	waste resources by trying to finish the migration. We already do so
	after sending "migrate" command to QEMU and we should do it while
	waiting for drive mirrors to become ready too.

	qemu: Refactor qemuMigrationWaitForCompletion
	Checking status of all part of migration and aborting it when something
	failed is a complex thing which makes the waiting loop hard to read.
	This patch moves all the checks into a separate function similarly to
	what was done for drive mirror loops.

	qemu: Don't pass redundant job name around
	Instead of passing current job name to several functions which already
	know what the current job is we can generate the name where we actually
	need to use it.

	qemu: Refactor qemuMigrationUpdateJobStatus
	Once we start waiting for migration events instead of polling
	query-migrate, priv->job.current will not be regularly updated anymore
	because we will get the current status directly from the events. Thus
	virDomainGetJob{Info,Stats} will have to query QEMU, but they can't just
	blindly update priv->job.current structure. This patch introduces
	qemuMigrationFetchJobStatus which just fills in a caller supplied
	structure and makes qemuMigrationUpdateJobStatus a tiny wrapper around
	it.

	qemu: Refactor qemuDomainGetJob{Info,Stats}
	Move common parts of qemuDomainGetJobInfo and qemuDomainGetJobStats into
	a separate API (qemuDomainGetJobStatsInternal).

	qemu: Do not poll for spice migration status
	QEMU_CAPS_SEAMLESS_MIGRATION capability says QEMU supports
	SPICE_MIGRATE_COMPLETED event. Thus we can just drop all code which
	polls query-spice and replace it with waiting for the event.

	qemu_monitor: Wire up SPICE_MIGRATE_COMPLETED event

	qemu: Use domain condition for asyncAbort
	To avoid polling for asyncAbort flag changes.

	qemu: Cancel disk mirrors after libvirtd restart
	When libvirtd is restarted during migration, we properly cancel the
	ongoing migration (unless it managed to almost finished before the
	restart). But if we were also migrating storage using NBD, we would
	completely forget about the running disk mirrors.

	qemu: Refactor qemuMonitorBlockJobInfo
	"query-block-jobs" QMP command returns all running block jobs at once,
	while qemuMonitorBlockJobInfo would only report one. This is not very
	nice in case we need to check several block jobs. This patch refactors
	the monitor code to always parse all block jobs and store them in a
	hash.

	qemu: Make qemuMigrationCancelDriveMirror usable without async job
	We don't have an async job when reconnecting to existing domains after
	libvirtd restart.

	Pass domain object to private data formatter/parser
	So that they can format private data (e.g., disk private data) stored
	elsewhere in the domain object.

	qemu: Don't mess with disk->mirrorState
	This patch reverts commit 76c61cdca20c106960af033e5d0f5da70177af0f.
	VIR_DOMAIN_DISK_MIRROR_STATE_ABORT says we asked for a block job to be
	aborted rather than saying it was aborted. Let's just use
	VIR_DOMAIN_DISK_MIRROR_STATE_NONE consistently whenever a block job
	finishes since no caller depends on VIR_DOMAIN_DISK_MIRROR_STATE_ABORT
	(anymore) to check whether a block job failed or it was cancelled.

	qemu: Abort migration early if disk mirror failed
	Abort migration as soon as we detect that some of the disk mirrors
	failed. There's no sense in trying to finish memory migration first.

	qemu: Cancel storage migration in parallel
	Instead of cancelling disk mirrors sequentially, let's just call
	block-job-cancel for all migrating disks and then wait until all
	disappear.
	In case we cancel disk mirrors at the end of successful migration we
	also need to check all block jobs completed successfully. Otherwise we
	have to abort the migration.

	qemu: Use domain condition for synchronous block jobs
	By switching block jobs to use domain conditions, we can drop some
	pretty complicated code in NBD storage migration.

	qemu: Properly report failed migration
	Because we are polling we may detect some errors after we asked QEMU for
	migration status even though they occurred before. If this happens and
	QEMU reports migration completed successfully, we would happily report
	the migration succeeded even though we should have cancelled it because
	of the other error.
	In practise it is not a big issue now but it will become a much bigger
	issue once the check for storage migration status is moved inside the
	loop in qemuMigrationWaitForCompletion.

	qemu: Introduce qemuBlockJobUpdate
	The wrapper is useful for calling qemuBlockJobEventProcess with the
	event details stored in disk's privateData, which is the most likely
	usage of qemuBlockJobEventProcess.

	conf: Introduce per-domain condition variable
	Complex jobs, such as migration, need to monitor several events at once,
	which is impossible when each of the event uses its own condition
	variable. This patch adds a single condition variable to each domain
	object. This variable can be used instead of the other event specific
	conditions.

2015-06-19  Michal Privoznik  <mprivozn@redhat.com>

	virNetServerServiceClose: Don't leak sockets
	Well, if a server is being destructed, all underlying services and
	their sockets should disappear with it. But due to bug in our
	implementation this is not the case. Yes, we are closing the sockets,
	but that's not enough. We must also:
	1) Unregister them from the event loop
	2) Unref the service for each socket
	The last step is needed, because each socket callback holds a
	reference to the service object. Since in the first step we are
	unregistering the callbacks, they no longer need the reference.

	virNetSocket: Fix @watch corner case
	Although highly unlikely, nobody says that virEventAddHandle()
	can't return 0 as a handle to socket callback. It can't happen
	with our default implementation since all watches will have value
	1 or greater, but users can register their own callback functions
	(which can re-use unused watch IDs for instance). If this is the
	case, weird things may happen.
	Also, there's a little bug I'm fixing too, upon
	virNetSocketRemoveIOCallback(), the variable holding callback ID
	was not reset. Therefore calling AddIOCallback() once again would
	fail. Not that we are doing it right now, but we might.

	virNetSocketRemoveIOCallback: Be explicit about unref
	When going through the code I've notice that
	virNetSocketAddIOCallback() increases the reference counter of
	@socket. However, its counter part RemoveIOCallback does not. It took
	me a while to realize this disproportion. The AddIOCallback registers
	our own callback which eventually calls the desired callback and then
	unref the @sock. Yeah, a bit complicated but it works. So, lets note
	this hard learned fact in a comment in RemoveIOCallback().

	daemonSetupNetworking: Don't leak services
	When setting up the daemon networking, new services are created. These
	services then have sockets to listen on. Once created, the service
	objects are added to corresponding server object. However, during that
	process, server increases reference counter of the service object. So,
	at the end of the function, we should decrease it again. This way the
	service objects will have only 1 reference, but that's okay since
	servers are the only objects having a reference.

2015-06-19  Peter Krempa  <pkrempa@redhat.com>

	lib: setvcpus: Remove bogus flag check
	Since VIR_DOMAIN_AFFECT_CURRENT is 0 the flag check does not make sense
	as masking @flags with 0 will always equal to false.

2015-06-18  John Ferlan  <jferlan@redhat.com>

	scsi: Adjust return status from getBlockDevice
	https://bugzilla.redhat.com/show_bug.cgi?id=1224233
	Currently it's not possible to determine the difference between a
	fatal memory allocation or failure to open/read the directory error
	with a perhaps less fatal, I didn't find the "block" device in the
	directory (which may be a disk entry without a block device).
	In the case of the latter, we shouldn't cause failure to continue
	searching in the caller (virStorageBackendSCSIFindLUs), rather we
	should allow trying reading the next directory entry.

2015-06-18  Pavel Boldin  <pboldin@mirantis.com>

	virsh: selective block device migration
	Add `virsh migrate' option `--migrate-disks' that allows CLI user to
	explicitly specify block devices to migrate.

	qemu: migration: selective block device migration
	https://bugzilla.redhat.com/show_bug.cgi?id=1203032
	Implement a `migrate_disks' parameters for the QEMU driver. This multi-
	value parameter can be used to explicitly specify what block devices
	are to be migrated using the NBD server. Tunnelled migration using NBD
	is to be done.

	util: add virTypedParamsAddStringList
	The `virTypedParamsAddStringList' function provides interface to add a
	NULL-terminated array of string values as a multi-value to the params.

	util: virTypedParams{Filter,GetStringList}
	Add multikey API:
	 * virTypedParamsFilter that filters all the parameters with specified name.
	 * virTypedParamsGetStringList that returns a list with all the values for
	   specified name and string type.

	util: multi-value parameters in virTypedParamsAdd*
	Allow multi-value parameters to be build using virTypedParamsAdd*
	functions by removing check for duplicates.

	util: multi-value virTypedParameter
	The `virTypedParamsValidate' function now can be instructed to allow
	multiple entries for some of the keys. For this flag the type with
	the `VIR_TYPED_PARAM_MULTIPLE' flag.
	Add unit tests for this new behaviour.

2015-06-18  Michal Privoznik  <mprivozn@redhat.com>

	qemuMigrationDriveMirror: Force raw format for NBD
	When playing with disk migration lately, I've noticed this warning in
	domain logs:
	WARNING: Image format was not specified for 'nbd://masina:49153/drive-virtio-disk0' and probing guessed raw.
	         Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
	         Specify the 'raw' format explicitly to remove the restrictions.
	So I started digging into qemu source code to see what has triggered
	the warning. I'd expect qemu to know formats of guest's disks since we
	tell them on command line. This lead me to qmp_drive_mirror() where
	the following can be found:
	    if (!has_format) {
	        format = mode == NEW_IMAGE_MODE_EXISTING ? NULL : bs->drv->format_name;
	    }
	So, format is automatically initialized from the disk iff mode !=
	"existing". Unfortunately, in migration we are tied to use this mode
	(NBD doesn't support creating new images). Therefore the only way to
	avoid this warning is to pass format. The discussion on the mail-list [1]
	resulted in the code that always forces NBD export as "raw" format.
	[1] https://www.redhat.com/archives/libvir-list/2015-June/msg00153.html

	qemuMigrationBeginPhase: Fix function header indentation
	This function is returning a string (domain XML). Since d3ce7363
	when it was first introduced, it was indented incorrectly:
	static char
	*qemuMigrationBeginPhase(..)

	virDomainDiskGetSource: Mark passed disk as 'const'
	The disk is not changed anywhere in the function. Mark this fact
	in the function header too.

2015-06-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix double space in error message in qemuDomainGetVcpusFlags

	qemu: Jump to correct label in qemuDomainPinIOThread
	If virDomainObjGetDefs used in qemuDomainPinIOThread would fail the code
	would jump to the 'cleanup' label after acquiring the job, thus the VM
	would be locked forever.
	Introduced in commit cac6d639.

	conf: Move vcpu info parsing code into a separate function

	qemu: 'privileged' flag is not really configuration
	The privileged flag will not change while the configuration might
	change. Make the 'privileged' flag member of the driver again and mark
	it immutable. Should that ever change add an accessor that will group
	reads of the state.

	qemu: Reuse virDomainObjGetDefs in qemuDomainGetMemoryParameters
	Simplify the code by restructuring control flow and reusing the better
	helper.

	qemu: Refactor qemuDomainGetMemoryParameters
	Replace the for loops with case inside with temp variables and a macro.

	qemu: Refactor qemuDomainSetNumaParameters
	Use virDomainObjGetDefs and sanitize the control flow.

	qemu: Simplify qemuDomainSetInterfaceParameters by using virDomainObjGetDefs

	qemu: Simplify qemuDomainGetVcpusFlags by using virDomainObjGetOneDef
	virDomainObjGetOneDef is simpler to use than virDomainObjGetDefs

	qemu: Simplify qemuDomainGetEmulatorPinInfo by using virDomainObjGetOneDef
	virDomainObjGetOneDef is simpler to use than virDomainObjGetDefs

	qemu: Simplify qemuDomainGetVcpuPinInfo by using virDomainObjGetOneDef
	virDomainObjGetOneDef is simpler to use than virDomainObjGetDefs

	qemu: Simplify qemuDomainGetNumaParameters by using virDomainObjGetOneDef

	qemu: Simplify qemuDomainGetInterfaceParameters by using virDomainObjGetOneDef

	conf: Introduce helper to help getting correct def for getter functions
	virDomainObjGetOneDef will help to retrieve the correct definition
	pointer from @vm in cases where VIR_DOMAIN_AFFECT_LIVE and
	VIR_DOMAIN_AFFECT_CONFIG are mutually exclusive. The function simply
	returns the correct pointer. This similarly to virDomainObjGetDefs will
	greatly simplify the code.

	conf: Fix virDomainObjGetDefs when getting persistent config on a live vm
	If @flags contains only VIR_DOMAIN_AFFECT_CONFIG and @vm is active, the
	function would return the active config rather than the persistent one
	that it should return. This happened due to the fact that
	virDomainObjGetDefs was checking the updated flags which may not contain
	VIR_DOMAIN_AFFECT_LIVE if it is not requested even if @vm is active.
	Additionally the function would not take the flags into account when
	setting the pointers which was later used to determine whether the code
	needs to update the given configuration.
	The mistake was caught by the virt-test suite.

2015-06-18  James Cowgill  <james410@cowgill.org.uk>

	qemu: implement address for isa-serial
	I needed to specify the iobase address for certain exotic mips configurations.

2015-06-18  Luyao Huang  <lhuang@redhat.com>

	qemu: Add a check for slot and base dimm address conflicts
	When hotplugging a memory device, there wasn't a check to determine
	if there is a conflict with the address space being used by the to
	be added memory device and any existing device which is disallowed by qemu.
	This patch adds a check to ensure the new device address doesn't
	conflict with any existing device.

2015-06-18  Peter Krempa  <pkrempa@redhat.com>

	daemon: Add the admin service to the admin server only if it was allocated
	If the admin service is disabled it would not be allocated, but the NULL
	pointer still would be added to the admin server. Since
	virNetServerAddService would dereference it, the daemon would crash.
	Move the service registration into the block that allocates it.

	rpc: Actually increase reference count on @srv in virNetDaemonAddServer
	VIR_APPEND_ELEMENT would clear @srv to NULL after it successfully
	inserted it thus the reference count could not be increased afterwards.
	Switch to VIR_APPEND_ELEMENT_COPY. This fixes crash after terminating
	the daemon.

2015-06-18  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	parallels: Fix false error messages in libvirt log
	There was many errors in libvirt.log caused by prlsdkDelNet function because
	job variable was always initialized as PRL_INVALID_HANDLE
	In this patch job variable gets return value of PrlSrv_DeleteVirtualNetwork function()

	parallels: Fix initialization of buflen variable in each loop iteration
	We need to initialize buflen every time when we get network adapter's
	friendly name because we call PrlVmDev_GetFriendlyName in a loop

2015-06-18  Ján Tomko  <jtomko@redhat.com>

	remove redundant condition
	If the address type is SPAPRVIO, it will match the != NONE condition.

2015-06-18  Michal Privoznik  <mprivozn@redhat.com>

	virSysinfo: Introduce SMBIOS type 2 support
	https://bugzilla.redhat.com/show_bug.cgi?id=1220527
	This type of information defines attributes of a system
	baseboard. With one exception: board type is yet not implemented
	in qemu so it's not introduced here either.

2015-06-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Report all supported machine types in capabilities
	Some machine types are only reported as canonical names for other
	machine types, which make it a bit harder to find what machine types are
	supported by a specific QEMU binary. Ideally, one would just use
	/capabilities/guest/arch[@name='...']/machine/text() XPath to get a list
	of all supported machine types, but it doesn't work right now.
	For example, we report
	    <machine canonical='pc-i440fx-2.3' maxCpus='255'>pc</machine>
	in guest capabilities, but the corresponding
	    <machine maxCpus='255'>pc-i440fx-2.3</machine>
	is missing.
	This is a result of QMP probing. With "-machine ?" parsing QEMU sends
	us two lines:
	pc                   Standard PC (i440FX + PIIX, 1996) (alias of pc-i440fx-2.3)
	pc-i440fx-2.3        Standard PC (i440FX + PIIX, 1996) (default)
	while query-machines QMP command reports both in the same entry:
	{"name": "pc-i440fx-2.3", "is-default": true, "cpu-max": 255, "alias": "pc"}
	Let's make sure we always report separate <machine/> for both the
	canonical name and its alias and using the canonical name as the default
	machine type (i.e., inserting it before its alias) in case is-default is
	true.
	https://bugzilla.redhat.com/show_bug.cgi?id=1229666

2015-06-18  Michal Privoznik  <mprivozn@redhat.com>

	tests: Sort EXTRA_DIST in the Makefile
	We tend to keep the folders in the EXTRA_DIST sorted alphabetically.
	However, we've failed sometimes and the list is not ordered anymore.
	Reorder it back.

	daemon: Don't just include admin RPC
	So, it's a little paradox that we use the file twice. Firstly to build
	libvirt-admin.la (a client side of the Admin API), then once again to
	build the server side. Well, the problem is, this does not play nicely
	with the distclean since the file is generated. So while it's removed
	in the src/ the distclean running in daemon/ will not find the file
	and fail. The file is needed because it contains the RPC wrappers. So
	let's leave the client code as is and from the daemon/ just link the
	client library. The linker will find desired symbols and use them.

2015-06-18  Laine Stump  <laine@laine.org>

	nodedev: update netdev feature bits before each dumpxml
	As with several other attributes of devices (link status, sriov VF
	list, IOMMU group list), the detdev feature bits aren't automatically
	updated in the nodedev driver's cache when they change. In order to
	get a properly up-to-date list when getting the XML of a device, we
	must reget them in update-caps prior to each dumpxml.
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1232880

2015-06-17  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.spec: Don't expect virt-admin in libvirt-admin yet
	While Martin introduced the binary (and its manpage) in commit
	4e7ccf87133 it was pushed by mistake. Therefore it was reverted in
	220393bfb043. The problem is, the original commit was not quite right
	as the binary was added into the spec file in a different commit:
	55e0c840af. So as long as the binary does not exist, we must remove it
	from the spec file too.

	tests: Follow virnetserver to virnetdaemon transition
	In a4746114582 the virnetserver test was renamed to virnetdaemon.
	Moreover, as the test relies on some data stored under
	virnetserverdata/ the folder was renamed too. But this was not
	reflected in the Makefile. Therefore when building outside of the
	repository, the data folder was not distributed and test failed.

	daemon: Distribute admin_server.h
	The Admin API consists of a few files on daemon side. Notably
	daemon/admin_server.{ch}. While they are both on the repo, only
	the .c file is mentioned in Makefile. Therefore, .h is not
	distributed and 'make rpm' fails.

2015-06-17  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: substitute parallels with vz spec file and Makefile
	Since we have changed the name of the driver to vz, let's
	reference it as vz everywhere.

	parallels: rename all parallels files and driver directory to vz
	This patch moves all src/parallels/parallels* files to vz/vz*
	and fixes build accordingly.
	No functional changes.

	parallels: substitute parallels with vz in strings
	Here we stop referencing vz driver by different names
	in error messages. 'parallels driver', 'Parallels Cloud
	Server', 'Parallels driver' all become just 'vz driver'.
	No functional changes. Only renaming and a bit of rewording.

	parallels: change parallels prefixes to vz
	This patch changes all parallels/vz driver structure and
	function prefixes from parallels to vz.
	No functional changes.

2015-06-17  Michal Privoznik  <mprivozn@redhat.com>

	daemon/Makefile: Add forgotten dependency
	In latest patches we added Admin API. However, the Makefile in daemon
	was missing one dependency: admin_server.c is including generated file
	admin_dispatch.h. However, this dependency was not explicitly marked
	in the Makefile therefore the build happened to fail on some
	occasions.

2015-06-16  Erik Skultety  <eskultet@redhat.com>

	virfile: virDirCreate: Insert blank lines to assure slightly better readability

	util: virfile: Fix 'unknown cause' error if NFS mount point creation fails
	This happens if user requires creation of a directory with specified
	UID/GID permissions. To accomplish this, we use fork approach and
	set particular UID/GID permissions in child process. However, child
	process doesn't have a valid descriptor to a logfile (this is prohibited
	explicitly) and since parent process doesn't handle negative exit codes from
	child in any way, 'uknown cause' error is returned to the user.
	Commit 92d9114e tweaked the way we handle child errors when using fork
	approach to set specific permissions (features originally introduced
	by 98f6f381). The same logic should be used to create directories with
	specified permissions as well.
	https://bugzilla.redhat.com/show_bug.cgi?id=1230137

	util: virDirCreate: Child now exits with positive errno-code
	Previous patch of this series proposed a fix to virDirCreate, so that parent
	process reports an error if child process failed its task.
	However our logic still permits the child to exit with negative errno followed
	by a check of the status on the parent side using WEXITSTATUS which, being
	POSIX compliant, takes the lower 8 bits of the exit code and returns is to
	the caller. However, by taking 8 bits from a negative exit code
	(two's complement) the status value we read and append to stream is
	'2^8 - abs(original exit code)' which doesn't quite reflect the real cause when
	compared to the meaning of errno values.

2015-06-16  Eric W. Biederman  <ebiederm@xmission.com>

	lxc: set nosuid+nodev+noexec flags on /proc/sys mount
	Future kernels will mandate the use of nosuid+nodev+noexec
	flags when mounting the /proc/sys filesystem. Unconditionally
	add them now since they don't harm things regardless and could
	mitigate future security attacks.

2015-06-16  John Ferlan  <jferlan@redhat.com>

	util: Fix Coverity RESOURCE_LEAK
	Commit id 'e44b0269c9' in advertently checked !dir before calling closedir

2015-06-16  Martin Kletzander  <mkletzan@redhat.com>

	lxc: Rename daemon to dmn
	On older systems it shadows global declaration of daemon() function.

	netserver: Remove duplicate forward declaration
	Commit fa14207368820b264123ba8429927b62258f996e added forward
	declaration of virNetServerPtr into virnetserver.h even though we are
	keeping these in virnetserverprogram.h due to older compilers having
	problems with duplicate ones.

	Revert "rpc: Add virNetServerGetNClients"
	This reverts commit 6bda9f8aa2cd07a3defda571c7d61401fd66c226.
	I mistakenly pushed it along with the Admin API series.

	Revert "admin: Add virAdmHello function"
	This reverts commit 5792fabb7b712749147e9d03348c798dc1943651.
	I mistakenly pushed it along with the Admin API series.

	Revert "Example virt-admin"
	This reverts commit 4e7ccf87133ac59f68bdd0b4897178fa9e2feefd.
	I mistakenly pushed it along with the Admin API series.

	Change livbirt version to 1.3.0 for the next release
	Since the background for Admin API is merged upstream, we are bumping
	the minor release version as discussed previously

	Example virt-admin
	You had only one job.  That's what you can say about this example
	binary.  In future, parts of virsh that are usable for this binary
	should be split into separate shell-utils and virt-admin should gain all
	the cool features of virsh without too much code addition.

	admin: Add virAdmHello function
	Just one of the simplest functions that returns string "Clients: X"
	where X is the number of connected clients to daemon's first
	subserver (the original one), so it can be tested using virsh, ipython,
	etc.
	The subserver is gathered by incrementing its reference
	counter (similarly to getting qemu capabilities), so there is no
	deadlock with admin subserver in this API.
	Here you can see how functions should be named in the client (virAdm*)
	and server (adm*).
	There is also a parameter @flags that must be 0, which helps testing
	proper error propagation into the client.

	rpc: Add virNetServerGetNClients
	This function accesses the number of connected clients while properly
	locking the server it returns the data about.

	Add support for admin API in libvirt daemon
	For this to pe properly separated from other protocols used by the
	server, there is second server added which allows access to the whole
	virNetDaemon to its clients.

	Add configuration options for permissions on daemon's admin socket
	This is not going to be very widely used, but for some corner cases and
	easier (unsafe) debugging, it might be nice.

	Add XML files with admin API specification
	No online docs are build from it since it doesn't really fit into our
	document structure and new page will need to be created for it, but this
	is at least a heads-up commit for easier parsing in order to build some
	documentation (or python bindings) later on.

	Add libvirt-admin library
	Initial scratch of the admin library.  It has its own virAdmConnectPtr
	that inherits from virAbstractConnectPtr and thus trivially supports
	error reporting.
	There's pkg-config file added and spec-file adjusted as well.
	Since the library should be "minimalistic" and not depend on any other
	library, the list of files is especially crafted for it.  Most of them
	could've been put to it's own sub-libraries that would be LIBADD'd to
	libvirt_util, libvirt_net_rpc and libvirt_setuid_rpc_client to minimize
	the number of object files being built, but that's a refactoring that
	isn't the orginal aim of this commit.

	Add admin error domain
	Just the addition of VIR_FROM_ADMIN to the enum of error domains.

	Build client headers for admin protocol

	Add admin protocol
	For now there are only CONNECT_OPEN and CONNECT_CLOSE procedures.

	Teach gendispatch how to handle admin dispatching files
	Since this is just a new option for gendispatch, it looks more like a
	cleanup.  The only differences handled by it are connect pointers,
	private pointers and API naming customs.

	tests: Adapt virnetservertest to daemon refactor
	Rename the test to virnetdaemontest and use virNetDaemon objects instead
	of virNetServer inside.

	Move daemon-related parts of virNetServer to virNetDaemon
	This allows to have more servers in one daemon which helps isolating
	some resources.

2015-06-16  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc: properly clean up qemu-nbd
	Add the qemu-nbd tasks to the container cgroup to make sure those will
	be killed when the container is stopped. In order to reliably get the
	qemu-nbd tasks PIDs, we use /sys/devices/virtual/block/<DEV>/pid as
	qemu-nbd is daemonizing itself.

	Add virProcessGetPids to get all tasks of a process
	This function gets all the PIDs listed in /proc/PID/task. This will be
	needed at least to move all qmeu-nbd tasks to the container cgroup.

2015-06-16  John Ferlan  <jferlan@redhat.com>

	storage: Generate correct parameters for CIFS
	https://bugzilla.redhat.com/show_bug.cgi?id=1186969
	When generating the path to the dir for a CIFS/Samba driver, the code
	would generate a source path for the mount using "%s:%s" while the
	mount.cifs expects to see "//%s/%s". So check for the cifsfs and
	format the source path appropriately.
	Additionally, since there is no means to authenticate, the mount
	needs a "-o guest" on the command line in order to anonymously mount
	the Samba directory.

	storage: Adjust command arglist for gluster
	In order for the glusterfs boolean to be set, the pool->def->type must be
	VIR_STORAGE_POOL_NETFS, thus the check within virCommandNewArgList whether
	pool->def->type is VIR_STORAGE_POOL_FS will never be true, so remove it

	storage: Fix the schema and add tests for cifs pool
	Commit id '887dd362' added support for a netfs pool format type 'cifs'
	and 'gluster' in order to add rng support for Samba and glusterfs netfs
	pools. Originally, the CIFS type support was added as part of commit
	id '61fb6979'. Eventually commit id 'b325be12' fixed the gluster rng
	definition to match expectations.
	As it turns out the CIFS rng needed a similar change since the directory
	path is not an absDirPath, rather just a dirPath will be required.

2015-06-16  Guido Günther  <agx@sigxcpu.org>

	configure: Remove check for pkcheck_supports_uid
	We're using Polkit's DBus API so no need to check wether this feature is
	supported. We don't use the result or the path to the pkcheck program
	anywhere.

2015-06-15  Martin Kletzander  <mkletzan@redhat.com>

	tests: Use libvirt properly with initialization and error dispatching
	We were using "complicated" error printing in virnetservertest even
	though we could've just dispatched the error.  Also add some good
	practices that might come in handy (the code may fail without proper
	initialization and event loop).

	Generate JSON with mDNS entries only when built --with-avahi
	One string was already used only if that condition was true, second one
	is added now.  Both are used in a nicer way.

	rpc: Fix possible crash when MDNSAddEntry fails
	If virNetServerMDNSAddEntry() fails when adding a service to a server,
	it doesn't decrease the number of services.  Hence access to their
	members segfaults (e.g. when free()-ing the sruct).

	build: Remove unnecessarily repeated rules for syms -> def
	Suggested-by: Michal Prívozník <mprivozn@redhat.com>

2015-06-15  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: monitor: Add memory balloon support for virtio-ccw
	The search for the memory balloon driver object is extended by a
	second known name "virtio-balloon-ccw" in support for virtio-ccw.
	Reviewed-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com>
	Reviewed-by: Eric Farman <farman@linux.vnet.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>

2015-06-15  Ján Tomko  <jtomko@redhat.com>

	man: clarify usage of virsh blockcopy with --xml
	The --xml option is mandatory if an XML description is used.
	Otherwise the third parameter is treated as the destination.
	https://bugzilla.redhat.com/show_bug.cgi?id=1206406#c3

2015-06-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: emulatorpin: Don't reset pinning when pinning to all cpus
	Similarly to a02a161bb8a6caf0db4dd446ed1cdf53d97b40 remove the default
	pinning assumption from emulatorpin.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1227180

2015-06-15  Michal Privoznik  <mprivozn@redhat.com>

	getOldStyleBlockDevice: Adjust formatting
	Instead of initializing return value to zero (success) and overwriting
	it on every failure just before the control jumps onto 'out' label,
	let's initialize to an error value and set to zero only when we are
	sure about the success. Just follow the pattern we have in the rest of
	the code.

	getNewStyleBlockDevice: Adjust formatting
	Instead of initializing return value to zero (success) and overwriting
	it on every failure just before the control jumps onto 'out' label,
	let's initialize to an error value and set to zero only when we are
	sure about the success. Just follow the pattern we have in the rest of
	the code.

2015-06-15  John Ferlan  <jferlan@redhat.com>

	storage: Disallow wiping an extended disk partition
	https://bugzilla.redhat.com/show_bug.cgi?id=1225694
	Check if the disk partition to be wiped is the extended partition, if
	so then disallow it. Do this via changing the wipeVol backend to check
	the volume before passing to the common virStorageBackendVolWipeLocal

2015-06-15  Ján Tomko  <jtomko@redhat.com>

	qemu caps: spell queue

2015-06-15  John Ferlan  <jferlan@redhat.com>

	qemu: Do not support 'serial' scsi-block 'lun' devices
	https://bugzilla.redhat.com/show_bug.cgi?id=1021480
	Seems the property has been deprecated for qemu, although seemingly ignored.
	This patch enforces from a libvirt perspective that a scsi-block 'lun'
	device should not provide the 'serial' property.

	storage: Need to set secrettype for direct iscsi disk volume
	https://bugzilla.redhat.com/show_bug.cgi?id=1200206
	Commit id '1b4eaa61' added the ability to have a mode='direct' for
	an iscsi disk volume.  It relied on virStorageTranslateDiskSourcePool
	in order to copy any disk source pool authentication information to
	the direct disk volume, but it neglected to also copy the 'secrettype'
	field which ends up being used in the domain volume formatting code.
	Adding a secrettype for this case will allow for proper formatting later
	and allow disk snapshotting to work properly
	Additionally libvirtd restart processing would fail to find the domain
	since the translation processing code is run after domain xml processing,
	so handle the the case where the authdef could have an empty secrettype
	field when processing the auth and additionally ignore performing the
	actual and expected auth secret type checks for a DISK_VOLUME since that
	data will be reassembled later during translation processing of the
	running domain.

2015-06-15  Michal Privoznik  <mprivozn@redhat.com>

	virCapabilitiesDomainDataLookup: Produce saner error message
	During a review, I've noticed this error message that was eventually
	produced when I was trying to define a domain:
	error: invalid argument: could not find capabilities for arch=mips64el
	domaintype=(null)
	Look at the (null). Why is it there? Well, during XML parsing, we try
	to look up the default emulator for given OS type and possibly virt
	type too. And this is the problem, because if we don't want to look up
	by virt type, a -1 is passed to note this fact. Later, the code
	handles -1 just right. Except for error message. When it is
	constructed (in a very fabulous way I must say), the value is compared
	to zero, not -1. And since we don't have any translation from -1 to a
	virt type string, we just print (null).

2015-06-13  Anthony PERARD  <anthony.perard@citrix.com>

	libxl: Add timestamp to the libxl driver log.

2015-06-13  zhang bo  <oscar.zhangbo@huawei.com>

	qemu: update netdevs of the same mac addrs correctly
	If a guest has multiple network devices with the same MAC address,
	when we online update the second device, libvirtd always updates
	the first one.
	commit def31e4c forgot to fix the online updating scenario. We need to
	use virDomainNetFindIdx() to find the correct network device.

2015-06-13  John Ferlan  <jferlan@redhat.com>

	scsi: Need to translate disk source pool in config attach path
	https://bugzilla.redhat.com/show_bug.cgi?id=1228007
	When attaching a scsi volume lun via the attach-device --config or
	--persistent options, there was no translation of the source pool
	like there was for the live path, thus the attempt to modify the config
	would fail since not enough was known about the disk.

2015-06-12  Michal Privoznik  <mprivozn@redhat.com>

	virsysinfo: s/system/sysdef/
	A variable can't be named system, obviously. Well, it can if the
	compiler is new enough to distinguish a variable named system and a
	function call system(). And some older systems, don't have wise
	compiler.
	  CC     util/libvirt_util_la-virsysinfo.lo
	cc1: warnings being treated as errors
	../../src/util/virsysinfo.c: In function 'virSysinfoParseSystem':
	../../src/util/virsysinfo.c:649: error: declaration of 'system' shadows a global declaration [-Wshadow]
	/usr/include/stdlib.h:717: error: shadowed declaration is here [-Wshadow]
	make[3]: *** [util/libvirt_util_la-virsysinfo.lo] Error 1

	cmdNetworkList: Introduce --name, --uuid, --table
	When reviewing some network patches, I've noticed we don't have
	those switches to the 'net-list' command. We should. They are
	merely copied over from 'list' command.

	cmdNetworkList: switch to FILTER
	Instead of sticking to old code pattern use the one laid out by
	cmdList. Use FILTER() macro instead of series of boolean
	variables.

	qemuBuildDriveStr: s/virBufferEscapeString/virBufferAsprintf/
	We are using it to print a value that can't be NULL and does not need
	any escaping anyway.

	virQEMUCapsArch: openrisc vs or32
	With a few exceptions, we assume that qemu binary for given
	architecture has form of qemu-system-$arch. Well, openrisc is yet
	another exception. It's binary is called qemu-system-or32.

	virSysinfoDef: Exempt SYSTEM variables
	Move all the system_* fields into a separate struct. Not only this
	simplifies the code a bit it also helps us to identify whether BIOS
	info is present. We don't have to check all the four variables for
	being not-NULL, but we can just check the pointer to the struct.

	virSysinfoDef: Exempt BIOS variables
	Move all the bios_* fields into a separate struct. Not only this
	simplifies the code a bit it also helps us to identify whether BIOS
	info is present. We don't have to check all the four variables for
	being not-NULL, but we can just check the pointer to the struct.

	tests: Distribute virnetserverdata
	Fairly recently we've introduced virnetservertest. This test has some
	input data stored under tests/virnetserverdata which unfortunately was
	not distributed among with the test. Therefore 'make distcheck'
	failed. Fix this by adding the directory into EXTRA_DIST.

2015-06-11  James Cowgill  <james410@cowgill.org.uk>

	schema: use arch list from basictypes for os arch attribute
	I see no reason to duplicate this list of architectures. This also allows
	more guest architectures to be used with libvirt (like the mips64el qemu
	machine I am trying to run).

2015-06-11  Martin Kletzander  <mkletzan@redhat.com>

	util: add virJSONValueCopy
	Faster version of virJSONValueFromString(virJSONValueToString()).

2015-06-11  Maxime Leroy  <maxime.leroy@6wind.com>

	qemu: add multiqueue vhost-user support
	This patch adds the support of queues attribute of the driver element
	for vhost-user interface type. Example:
	<interface type='vhostuser'>
	      <mac address='52:54:00:ee:96:6d'/>
	      <source type='unix' path='/tmp/vhost2.sock' mode='client'/>
	      <model type='virtio'/>
	      <driver queues='4'/>
	</interface>
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1207692

2015-06-11  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Add capability for vhost-user multiqueue
	The support for this was added in QEMU with commit
	830d70db692e374b55555f4407f96a1ceefdcc97.  Unfortunately we have to do
	another ugly version-based capability check.  The other option would be
	not to check for the capability at all and leave that to qemu as it's
	done with multiqueue tap devices.

2015-06-11  Maxime Leroy  <maxime.leroy@6wind.com>

	docs: Clarify that attribute name is not used for vhostuser

2015-06-11  Martin Kletzander  <mkletzan@redhat.com>

	conf: Ignore multiqueue with one queue.
	Multi != One.  And indeed, libvirt behaves the same way for queues='1'
	as without such setting.  Let's make it clear in the XML.

2015-06-11  Peter Krempa  <pkrempa@redhat.com>

	util: Make virProcessGetAffinity more readable and fix coverity warning
	Store the cpu count in an intermediate variable and reuse it rather than
	caluclating the index.
	Additionally add a coverity silencing comment.

2015-06-11  Jiri Denemark  <jdenemar@redhat.com>

	apibuild: Generate macro/@string attribute
	If a macro has a string value, the @string attribute will contain the
	value. Otherwise @string attribute will be missing.
	For example, the following macro definition from libvirt-domain.h:
	 /**
	  * VIR_MIGRATE_PARAM_URI:
	  * ...
	  */
	 # define VIR_MIGRATE_PARAM_URI               "migrate_uri"
	will result in
	 <macro name='VIR_MIGRATE_PARAM_URI' file='libvirt-domain' string='migrate_uri'>
	   <info><![CDATA[...]]></info>
	 </macro>
	https://bugzilla.redhat.com/show_bug.cgi?id=1229199

	apibuild: Fix indentation

2015-06-11  Daniel P. Berrange  <berrange@redhat.com>

	rpc: add testing of RPC JSON (de)serialization
	The virNetServer class has the ability to serialize its state
	to a JSON file, and then re-load that data after an in-place
	execve() call to re-connect to active file handles. This data
	format is critical ABI that must have compatibility across
	releases, so it should be tested...

	rpc: add API for checking IPv4/6 availability
	The socket test suite has a function for checking if IPv4
	or IPv6 are available, and returning a free socket. The
	first bit of that will be needed in another test, so pull
	that logic out into a separate helper method.

	rpc: allow selection of TCP address family
	By default, getaddrinfo() will return addresses for both
	IPv4 and IPv6 if both protocols are enabled, and so the
	RPC code will listen/connect to both protocols too. There
	may be cases where it is desirable to restrict this to
	just one of the two protocols, so add an 'int family'
	parameter to all the TCP related APIs.

2015-06-11  Eric Blake  <eblake@redhat.com>

	maint: document use of zanata for translations
	Based on recent list questions on how to contribute a translation fix.

2015-06-10  Michal Privoznik  <mprivozn@redhat.com>

	virNumaSetPagePoolSize: Produce friendlier error message
	https://bugzilla.redhat.com/show_bug.cgi?id=1224587
	The function takes two important arguments (among many others): @node
	and @page_size. From these two a path under /sys is constructed. The
	path is then used to read and write the desired size of huge pages
	pool. However, if the path does not exists due to either @node or
	@page_size having nonexistent value (e.g. there's no such NUMA node or
	no page size like -2), an cryptic error message is produced:
	  virsh # allocpages --pagesize 2049 --pagecount 8 --cellno -2
	  error: Failed to open file '/sys/devices/system/node/node-2/hugepages/hugepages-2049kB/nr_hugepages': No such file or directory
	Add two more checks to catch this and therefore produce much more
	friendlier error messages.

2015-06-10  John Ferlan  <jferlan@redhat.com>

	logical: Fix typo in error message

2015-06-10  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	network: escape quotes for dsmasq conf contents
	dnsmasq conf file contents needs to have quotes escaped for it to
	work.  Because of this, the network-create/start for a network with
	quotes in the name fails. The patch escapes strings for the entries
	that go into the conf file.

	conf: fix domaincommon.rng to accept network name with quotes
	The network name is currently of type "deviceName" but it should be
	"text" as name is defined in the network.rng.

2015-06-09  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: fix formatting errors in parallels driver
	This patch fixes several formatting errors, which I
	missed before pushing previous patches. Mostly because
	of missing cppi package.

2015-06-09  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: treat block devices as disks for containers
	We are going to add block devices as disks for containers
	not as filesystems.

	parallels: report SATA bus type for container block devices disks
	As we can add disks based on block devices to containers and bus type
	doesn't have any meaning here, let us report always SATA for them.

	parallels: process '/' mount point correctly for containers
	Since we are going to add block devices as root disks we have
	to specify root mount point for boot block devices. But we
	shouldn't do this if a filesystem disk with such
	target mount point already exists.

	parallels: add isCt parameter to prlsdkGetDiskInfo and prlsdkAddDisk

2015-06-09  Nikolay Shirokovskiy  <nshirokovskiy@parallels.com>

	parallels: add block device statistics to driver
	Statistics provided through PCS SDK. As we have only async interface in SDK we
	need to be subscribed to statistics in order to get it. Trivial solution on
	every stat request to subscribe, wait event and then unsubscribe will lead to
	significant delays in case of a number of successive requests, as the event
	will be delivered on next PCS server notify cycle. On the other hand we don't
	want to keep unnesessary subscribtion. So we take an hibrid solution to
	subcsribe on first request and then keep a subscription while requests are
	active. We populate cache of statistics on subscribtion events and use this
	cache to serve libvirts requests.
	 * Cache details.
	Cache is just handle to last arrived event, we call this cache
	as if this handle is valid it is used to serve synchronous
	statistics requests. We use number of successive events count
	to detect that user lost interest to statistics. We reset this
	count to 0 on every request. If more than PARALLELS_STATISTICS_DROP_COUNT
	successive events arrive we unsubscribe. Special value of -1
	of this counter is used to differentiate between subscribed/unsubscribed state
	to protect from delayed events.
	Values of PARALLELS_STATISTICS_DROP_COUNT and PARALLELS_STATISTICS_TIMEOUT are
	just drop-ins, choosen without special consideration.
	 * Thread safety issues
	Use parallelsDomObjFromDomainRef in parallelsDomainBlockStats as
	we could wait on domain lock down on stack in prlsdkGetStatsParam
	and if we won't keep reference we could get dangling pointer
	on return from wait.

2015-06-09  Peter Krempa  <pkrempa@redhat.com>

	virsh: change-media: Fix behavior with --update without a source
	Docs state that it should behave like eject. Currently the code does not
	do that. This is a regression since f4b5f53027da4fed2250628e11bac4019.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1229592

2015-06-09  Andrea Bolognani  <abologna@redhat.com>

	qemu: Capitalize "storage" in qemuDomainAttachUSBMassStorageDevice()

2015-06-09  Cole Robinson  <crobinso@redhat.com>

	qemu: caps: Advertise arm 32-on-64 KVM option
	We need to use qemu-system-aarch64 to run armv7l KVM VMs on an aarch64
	host.

	qemu: caps: qemu-system-aarch64 supports armv7l
	And it always has, so advertise it similarly to i686

	qemu: command: Support arm 32-on-64 KVM with -cpu aarch64=off
	qemu 2.3.0 added the -cpu host,aarch64=off option, which allows using
	qemu-system-aarch64 KVM to run armv7l VMs.
	Add a capabilities check for it, wire it up in qemu_command, and test
	the command line generation.

2015-06-09  Nikolay Shirokovskiy  <nshirokovskiy@parallels.com>

	parallels: return only success from PCS event handler
	2 reasons to to this.
	1. PCS SDK really don't care of handler return value.
	2. It hard to imagine how notifier can handle
	subscriber failures. Even if there are some situations
	we probably will use some special error codes and
	not just throw error codes we get from SDK itself.

	parallels: simplify event types discrimination
	Use issuer type instead of event type to group
	vm related events. This saves us from
	explicit enumeration of all vm event types in
	prlsdkHandleVmEvent.

2015-06-08  Michal Privoznik  <mprivozn@redhat.com>

	utiltest: Use int8_t instead of char.
	Not every architecture out there has 'char' signed by default.
	For instance, my arm box has it unsigned by default:
	  $ gcc -dM -E - < /dev/null | grep __CHAR_UNSIGNED__
	  #define __CHAR_UNSIGNED__ 1
	Therefore, after 65c61e50 the test if failing for me. Problem is,
	we are trying to assign couple of negative values into char
	assuming some will overflow and some don't. That can't be the
	case if 'char' is unsigned by default. Lets use more explicit types
	instead: int8_t and uint8_t where is no ambiguity.

2015-06-08  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	util: process: fix build on FreeBSD
	Commit 825df8c3 refactored virProcess{Set,Get}Affinity routines,
	however broke BSD implementation because of the incorrect variable
	name. Fix build by using a proper variable name.
	Pushing as trivial and build break fix.

2015-06-08  Peter Krempa  <pkrempa@redhat.com>

	util: Properly return error from virGetUserID and virGetGroupID stubs
	The stubs for the two functions that are compiled on platforms that
	don't have HAVE_GETPWUID_R and friends defined do not return error but
	report an error message. The calling code then assumes that the @uid or
	@gid arguments were filled, which is not the case in the stubs.

2015-06-05  Ján Tomko  <jtomko@redhat.com>

	Turn qemuMonitorFindBalloonObjectPath into a void function
	We were effectively ignoring its errors anyway.

	Do not access the domain definition in qemuMonitorFindBalloonObjectPath
	The monitor code does not hold the virDomainObjPtr lock and should
	not access the defitinion.

	Only call SetMemoryStatsPeriod for virtio memballoon

	Check for balloon model in qemuDomainSetMemoryStatsPeriod
	There's no point in calling the monitor if there is no balloon.

	Only call qemuMonitorGetMemoryStats for virtio memballoon
	There is nothing to get from the monitor for model='none'.

	Invert the condition in qemuDomainMemoryStats
	It only makes sense if qemuMonitorGetMemoryStats is called,
	but the following patch will make that call conditional.

	Add endjob label to qemuDomainMemoryStats
	Reduce the indentation level.

	Remove path argument from qemuMonitorJSONFindLinkPath
	All the callers use "/" anyway.

	Introduce qemuMonitorJSONFindLinkPath
	When traversing through the QOM tree, we're looking for
	a link to a device, e.g.:
	link<virtio-balloon-pci>
	Introduce a helper that will format the link name at the start,
	instead of doing it every time while recursing through the tree.

	Move qemuMonitorFindObjectPath to qemu_monitor_json
	This function is specific to the JSON monitor.

2015-06-05  Daniel P. Berrange  <berrange@redhat.com>

	rpc: Fix reference counting around virNetSocketAddIOCallback
	Ref service passed as a parameter to the callback.  And don't unref the
	socket that is part of the service being passed at another point in code.

	rpc: Don't use unrelated value as privateData of client
	Append privateData of the client only if there are any, otherwise the
	previous value (socket data) will get there again.

	rpc: Make virNetServerAddClient function dynamic
	As opposed to 'static'; by exporting it (privately).

2015-06-05  Martin Kletzander  <mkletzan@redhat.com>

	mdns: Set error when failing due to missing avahi
	When building without avahi support, we used VIR_DEBUG() to note that to
	the user.  However, functions that fail because of that (return NULL/-1)
	did not set the error message.  This was the only file that forgot to do
	such thing.

2015-06-05  John Ferlan  <jferlan@redhat.com>

	storage: Add check for valid FS types in checkPool callback
	https://bugzilla.redhat.com/show_bug.cgi?id=1181087
	The virStorageBackendFileSystemIsMounted is called from three source paths
	checkPool, startPool, and stopPool. Both start and stop validate the FS
	fields before calling *IsMounted; however the check path there is no call.
	This could lead the code into returning a true in "isActive" if for some
	reason the target path for the pool was mounted. The assumption being
	that if it was mounted, then we believe we started/mounted it.
	It's also of note that commit id '81165294' added an error message for
	the start/mount path regarding that the target is already mounted so
	fail the start. That check was adjusted by commit id '13fde7ce' to
	only message if actually mounted.
	At one time this led to the libvirtd restart autostart code to declare
	that the pool was active even though the startPool would inhibit startup
	and the stopPool would inhibit shutdown. The autostart path changed as
	of commit id '2a31c5f0' as part of the keep storage pools started between
	libvirtd restarts.
	This patch adds the same check made prior to start/mount and stop/unmount
	to ensure we have a valid configuration before attempting to see if the
	target is already mounted to declare "isActive" or not. Finding an improper
	configuration will now cause an error at checkPool, which should make it
	so we can no longer be left in a situation where the pool was started and
	we have no way to stop it.

	storage: FS backend adjust error message on error path
	https://bugzilla.redhat.com/show_bug.cgi?id=1181087
	Currently the assumption on the error message is that there are
	no source device paths defined when the number of devices check
	fails, but in reality the XML could have had none or it could have
	had more than the value supported. Adjust the error message accordingly
	to make it clearer what the error really is.

	storage: Refactor storage pool type checks
	Refactor the code for both startPool (*Mount) and stopPool (*Unmount) code
	paths by introducing virStorageBackendFileSystemIsValid.

	storage: Remove extraneous @conn from function comments
	Over time the parameters changed, but the comment wasn't updated

2015-06-05  Eric Blake  <eblake@redhat.com>

	remote: fix odd comma operator
	Commit 1882c0bd accidentally used ',' instead of ';'; oddly
	enough, the result was still syntactically valid (yes, C is
	a fun language).  But it made me do a double take; it's better
	to use idiomatic syntax.
	* daemon/remote.c (remoteRelayDomainEventDeviceAdded): Fix
	harmless typo.

2015-06-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: Update balloon info only if job is allowed
	In qemuDomainUpdateCurrentMemorySize I misplaced the actual update of
	the balloon size to a place where it may not be initialized. Move it a
	few lines above.

	conf: Fix mistakes in pointer usage in virDomainObjGetDefs
	Coverity rightfully determined that in commit 3d021381c71221e563182f03
	I made a mistake in the first check if @persDef is not NULL is
	dereferencing it rather than checking.
	Additionally if the vm is online the code would set @liveDef twice
	rather than modifying @persDef. Fix both mistakes.

2015-06-04  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Check for qemu capability when calling virDomainGetBlockIoTune()
	When getting block device I/O tuning data there is no check for whether
	QEMU supports such options and the call fails on
	qemuMonitorGetBlockIoThrottle() when getting the particular throttle
	data.  So try reporting a better error when blkdeviotune is not
	supported.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1224053

2015-06-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor qemuDomainSetVcpusFlags by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainGetEmulatorPinInfo by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainPinEmulator by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainGetVcpuPinInfo by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainPinVcpuFlags by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainSetBlkioParameters by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainChgIOThread by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainPinIOThread by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainGetIOThreadInfo by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainGetVcpusFlags by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainSetMemoryStatsPeriod by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainSetMemoryFlags by reusing virDomainObjGetDefs

	conf: Add new helpers to resolve virDomainModificationImpact to domain defs
	virDomainLiveConfigHelperMethod that is used for this job now does
	modify the flags but still requires the callers to extract the correct
	definition objects.
	In addition coverity and other static analyzers are usually unhappy as
	they don't grasp the fact that @flags are upadted according to the
	correct def to be present.
	To work this issue around and simplify the calling chain let's add a new
	helper that will work only on drivers that always copy the persistent
	def to a transient at start of a vm. This will allow to drop a few
	arguments. The new function syntax will also fill two definition
	pointers rather than modifying the @flags parameter.

	libxl: Don't remove vcpu pin definition in libxlDomainCleanup
	The vCPU pinning definition gets removed when the domain definition is
	being freed later. If there is no next configuration it would remove the
	configured pinning.

	Revert "cputune: Support cputune for xend driver"
	This reverts commit 01692bb167f7ab81213921ba1116d46a4651ef0e.
	Quoting the original commit message:
	"Not sure if it's the correct way to add cputune xml for xend driver..."
	It is not. The defition created that is converted from the internal xend
	structures would also be leaked since it isn't used any more.
	Revert the commit since it does not make sense to keep the info
	internally.

	qemu: libxl: vcpupin: Don't reset pinning when pinning to all pcpus
	In the pre-NUMA ages pinning a vCPU to all pCPUs was eaqual to deleting
	the pinning info. Now it does not entirely work that way. Pinning a vCPU
	to all pCPUs might be a desired operation. Additionally removal of the
	pinning will result into using the default pinning information at the
	next boot which might be different from all vcpus.
	This patch removes the false assumption that we should remove the
	pinning after pinning to all vCPUs and tweaks the documentation for
	virsh.
	A later patch will implement a new flag for the virDomainPinVcpuFlags
	API that will allow to remove the pinning in a sane way.

	lib: virDomainPinIOThread: Remove spurious overflow check
	Internal structures use unsigned int, so there's no need for this legacy
	check that was copied from the vCPU pinning api.

	conf: Store cpu count as unsigned int
	While we probably won't see machines with more than 65536 cpus for a
	while lets store the cpu count as an integer so that we can avoid quite
	a lot of overflow checks in our code.

	qemu: Refactor qemuDomainGetInfo
	Since the returned structure uses "unsigned long" for memory sizes add a
	few overflow checks to notify the user in case we are not able to
	represent given values.

	qemu: Add helper to update domain balloon size and refactor usage places
	When qemu does not support the balloon event the current memory size
	needs to be queried. Since there are two places that implement the same
	logic, split it out into a function and reuse.

	qemu: process: Update current balloon state to maximum on vm startup
	After libvirt issues the balloon resize command, the current balloon
	size needs to be changed to the maximum memory size since the vCPUs were
	not started and thus the balloon driver could not return the memory.
	Since GetXMLDesc and other APIs return the balloon size without updating
	it in case they are not able to obtain the job and the memory balloon
	does not support the asynchronous event the sizing might be incorrect.

2015-06-04  Ján Tomko  <jtomko@redhat.com>

	Always add 'console' matching the 'serial' device
	We have been formatting the first serial device also
	as a console device, but only if there were no other consoles.
	If there is a <serial> device present in the XML, but no serial
	<console>, or if there isn't any <console> at all but the domain
	definition hasn't gone through a parse->format->parse round-trip,
	the <console> device would not be formatted.
	Change the code to always add the stub device for the first
	serial device.
	Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1089914

	maint: remove incorrect apostrophes from 'its'

	docs: php: remove reference to Red Hat
	Also remove the redudant apostrophe from "it's".

2015-06-04  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	check if console/channel PTY is null before attempting to open
	Console/channel devices have their pty devices assigned when the emulator is
	actually started. If time is spent in guest preparation, someone attempts
	to open the console/channel, the libvirt crashes in virChrdevLockFilePath().
	The patch attempts to fix the crash by adding a check before attempting to
	open.

2015-06-04  Lubomir Rintel  <lkundrak@v3.sk>

	virnetdev: fix moving of 802.11 phys
	There was a couple of problems with the style fixes applied to the original
	patch:
	1.) virFileReadAllQuiet comparison was incorrectly parenthesized when moved
	into a condition, causing the len to be set to the result of comparison. This,
	together with the removed underflow check would underflow the phy buffer.
	2.) The logic was broken. Failure to call "ip" would abort the function, thus
	the "iw" branch would never be reached.
	This aims to fix the issues and work around possible style complains :)

2015-06-03  Peter Krempa  <pkrempa@redhat.com>

	util: process: Refactor and fix virProcessSetAffinity
	Refactor the function to return the bitmap instead of an integer and the
	inner workings so that they make more sense.
	This patch also fixes possible segfault on old systems that was
	introduced by commit:
	commit f1a43a8e4139b028257ef4ed05a81cfb5f8a8741
	Author: Hu Tao <hutao@cn.fujitsu.com>
	Date:   Fri Sep 14 15:46:59 2012 +0800
	    use virBitmap to store cpu affinity info

2015-06-03  Martin Kletzander  <mkletzan@redhat.com>

	util: Clear output broadcast address before filling it in
	Since commit 55ace7c4789c8a7408139460f4b639cee00e5125, the sockettest
	fails without VIR_TEST_DEBUG set.  The problem is found by test number
	42 (co-incidence?), which tests range '192.168.122.1' -
	'192.168.122.255' in network '192.168.122.0/24'.  That is supposed to
	fail because the end address is equal to the broadcast address.
	When comparing these two in 'virSocketAddrEqual(end, &broadcast)',
	there is a check for sin_addr as well as for sin_port.  That port,
	however, is different when we do not enable test debugging.  With the
	testing enabled, the port is 0 (correctly initialized), but without that
	it has a random number there.  And that's because the structure is not
	initialized anywhere.
	By zeroing the structure before filling in the info, we make sure we
	return only the address and not any information that was not requested.
	And the test work once again.

2015-06-03  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Fix Ctrl-C behavior when watching a job
	When watching a job (save, managedsave, dump, migrate) virsh spawns a
	thread to call the appropriate API and waits for the result while
	watching for interruption signals (SIGINT, Ctrl-C on the terminal).
	Whenever such signal is caught, virsh calls virDomainAbortJob, stops
	waiting for the job, and returns the result of virDomainAbortJob.
	This is wrong because the job might have finished in the meantime or it
	might have been cancelled by someone else and virsh would just report
	the failure to abort the job. However, we are not interested in the
	virDomainAbortJob's result at all, we need to keep waiting for the main
	job to finish and report its result instead.
	https://bugzilla.redhat.com/show_bug.cgi?id=1131755

2015-06-03  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Refactor setup of memory ballooning
	Since the monitor code now supports ullongs when setting balloon size,
	drop the legacy code with overflow checking.
	Additionally the comment mentioning that the job is treated as a sync
	job does not make sense any more since the monitor is entered
	asynchronously.

	qemu: monitor: Make qemuMonitorSetBalloon operate on unsinged long long

	monitor: Move documentation for qemuMonitorGetBalloonInfo
	Document the top level function rather than both bottom level ones. It
	makes looking the docs up quicker.

	util: Add macro to overflow check integer assignments
	Add a macro that will allow to simplify overflow checks and make them
	more universal in case data types change.

	libxl: Refactor libxlDomainGetVcpuPinInfo
	Reuse the approach in qemuDomainGetVcpuPinInfo.

	libxl: Unbreak vcpu pinning
	Libxl's vcpu pinning would work only if the vcpu array was ordered and
	was not sparse. Remove the condition and iterate the pinning array
	properly.

	libxl: Reuse virBitmapToData in libxlDomainSetVcpuAffinities

	qemu: Refactor qemuDomainHelperGetVcpus by reusing virBitmapToDataBuf
	Get rid of the unnecessary allocation and copying of the bitmap and
	clean up some unnecesary temporary variables.

	qemu: Reuse virBitmapToDataBuf in qemuDomainGetEmulatorPinInfo

	qemu: Use virBitmapToDataBuf in qemuDomainGetVcpuPinInfo
	Reuse the function so that we can get rid of a lot of temporary
	allocations.

	util: bitmap: Add virBitmapToDataBuf that does not allocate the buffer
	Since some functions can be optimized by reusing the buffers that they
	already have instead of allocating and copying new ones, lets split
	virBitmapToData to two functions where one only converts the data and
	the second one is a wrapper that allocates the buffer if necessary.

	conf: Move pinning information definition closer to the usage place

	conf: Refactor emulatorpin handling
	Store the emulator pinning cpu mask as a pure virBitmap rather than the
	virDomainPinDef since it stores only the bitmap and refactor
	qemuDomainPinEmulator to do the same operations in a much saner way.
	As a side effect virDomainEmulatorPinAdd and virDomainEmulatorPinDel can
	be removed since they don't add any value.

	qemu: Fix possible crash in qemuProcessSetVcpuAffinities
	In case when <vcpu ... cpuset=""> is not specified, the vcpupin array is
	not guaranteed to be allocated to def->vcpus. This would cause a crash
	for TCG since it does not report thread IDs for vCPUs.

2015-06-03  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: set virtType depending on driver name
	We remember driver name in a new field 'drivername' within
	private parallels connection structure. When a new domain
	is defined we use this name to set corresponding virtType.
	We set VIR_DOMAIN_VIRT_VZ for 'vz' driver and
	VIR_DOMAIN_VIRT_PARALLELS for 'Parallels'.

	parallels: recommend to connect to vz:///system when connection fails
	Though parallels:///system is still accepted we will encourage users
	to use vz:///system instead.

	parallels: increment the number of connection drivers
	We need to do this because we have just added a vz driver.

	parallels: add a new vz connection driver and hypervisor structures
	We add this connection driver just as an exact copy with different
	name to keep backward compatibility.
	Vz stands for Virtuozzo, which is a new name of Parallels Cloud Server.

	parallels: accept vz as a driver uri and name
	If 'parallels:///system' uri is specified then connection is made to
	'Parallels' driver and domain type will be VIR_DOMAIN_VIRT_PARALLELS.
	In case of 'vz:///system' connection is established to 'vz' driver
	and domain type will be VIR_DOMAIN_VIRT_VZ.

	parallels: add new guest capabilities assigned to vz driver

	parallels: use newly introduced VIR_DOMAIN_VIRT_VZ
	As soon as we keep backward compatibility we treat this constant
	as synonym to VIR_DOMAIN_VIRT_PARALLELS.

	parallels: introduce vz driver constant and string
	This new name and constant will be used as substitutions for parallels driver one.

2015-06-03  Luyao Huang  <lhuang@redhat.com>

	qemu: Do not release device address on successful RNG attach
	Commit id '980b265d' neglected to check for a successful status when
	deciding whether to release the device address for the RNG attach thus
	the address would be released even though the device was added.

	qemu: Need to return status of RNG device removal
	Commit id '862473fa' neglected to return the status from the
	qemuDomainRemoveRNGDevice call in qemuDomainRemoveDevice causing
	the function to always fail when receiving an RNG device unplug
	event. Additionally the domain status/state would not be updated
	in the processDeviceDeletedEvent path.

	audit: Audit number of iothreads at domain startup
	If the domain has IOThreads defined, then audit the number started
	at domain startup time.

2015-06-03  Eric Blake  <eblake@redhat.com>

	build: silence ar warnings on rawhide
	Newer binutils 'ar' has added an option 'D' for deterministic
	builds, and at least on rawhide, this option is enabled by default.
	But it conflicts with the 'u' optimization where the linker only
	modifies libraries based on file timestamps, but can result in
	different library ordering based on which files were touched last.
	Thus, it results in some noisy compilation, for every CCLD line:
	  CCLD     libvirt_driver_qemu_impl.la
	  ar: `u' modifier ignored since `D' is the default (see `U')
	Upstream automake has decided that defaulting ARFLAGS to 'cru' is
	no longer beneficial, and that switching the default to 'cr' will
	both silence the noise and not penalize modern build systems.
	https://lists.gnu.org/archive/html/automake-patches/2015-06/msg00000.html
	But rather than wait for newer automake to propagate to all systems
	that already have newer binutils, we might as well just use the new
	default ourselves, even on older platforms.
	* configure.ac: Default AR[_]FLAGS to 'cr', not 'cru'.

2015-06-03  Laine Stump  <laine@laine.org>

	util: report all address range errors in virSocketAddrGetRange()
	There are now many more reasons that virSocketAddrGetRange() could
	fail, so it is much more informative to report the error there instead
	of in the caller. (one of the two callers was previously assuming
	success, which is almost surely safe based on the parsing that has
	already happened to the config by that time, but it still is nicer to
	account for an error "just in case")
	Part of fix for: https://bugzilla.redhat.com/show_bug.cgi?id=985653

	network: cleanup range loop in networkDnsmasqConfContents
	This loop had automatic variable definitions mixed with code. This
	patch moves the definitions to the top of the function and puts
	cleanup for them at the bottom. No functional change.
	Part of fix for: https://bugzilla.redhat.com/show_bug.cgi?id=985653

	network: validate DHCP ranges are completely within defined network
	virSocketAddrGetRange() has been updated to take the network address
	and prefix, and now checks that both the start and end of the range
	are within that network, thus validating that the entire range of
	addresses is in the network. For IPv4, it also checks that ranges to
	not start with the "network address" of the subnet, nor end with the
	broadcast address of the subnet (this check doesn't apply to IPv6,
	since IPv6 doesn't have a broadcast or network address)
	Negative tests have been added to the network update and socket tests
	to verify that bad ranges properly generate an error.
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=985653

	test: fix IP address range failure test
	This was revealed when I made a cut-paste mistake in an upgrade to
	virSocketAddrGetRange(), leading to failure to check for the end
	address being outside of the defined network, but a negative test case
	that should have caught the error instead returned success.
	The problem was that testRange in sockettest.c was written so that
	when it expected a failure, even an "unexpected success" would be
	considered as an "expected failure" because of the way the check in
	testRange was done. testRange had this:
	 if (gotsize < 0 || gotsize != size) {
	     return pass ? -1 : 0;
	 } else {
	     return pass ? 0 : -1;
	 }
	but all the tests that expected a failure give "-1" as the expected
	size. So in a case where we expect a failure, we would have pass ==
	false and size == -1. If virSocketAddrGetRange() was incorrectly
	*successful* (returned some positive number), then "gotsize != size"
	would be, e.g. "276 != -1", so we would take the if clause and, since
	pass == false, we would return 0 (success i.e. expected failure).
	The solution is that in the case where we expect failure, we should
	just ignore size - virSocketAddrGetRange() must return -1 in order for
	us to report "expected failure == success".
	Part of fix for: https://bugzilla.redhat.com/show_bug.cgi?id=985653

2015-06-02  Ján Tomko  <jtomko@redhat.com>

	Simplify virNodeCountThreadSiblings
	Use a for loop instead of while.
	Do not opencode c_isxdigit and virHexToBin.

	Report errors in virNodeCountThreadSiblings
	Use virFileReadAll which reports an error when the file is larger
	than the specified maximum.
	https://bugzilla.redhat.com/show_bug.cgi?id=1207849

2015-06-02  Andrea Bolognani  <abologna@redhat.com>

	virsh: Move error messages inside vshCommandOpt*() functions

	virsh: Pass vshControl to all vshCommandOpt*() calls
	This will allow us to use vshError() to report errors from inside
	vshCommandOpt*(), instead of replicating the same logic and error
	messages all over the place.
	We also have more context inside the vshCommandOpt*() functions,
	for example the actual value used on the command line, which means
	we can produce more detailed error messages.
	vshCommandOptBool() is the exception here, because it's explicitly
	designed not to report any error.

	virsh: Make vshCommandOptScaledInt() use vshCommandOpt()
	This aligns it to the other vshCommandOpt*() functions.

	virsh: Improve vshCommandOptTimeoutToMs()
	Use vshCommandOptUInt() instead of parsing the value as a signed
	integer and checking whether it's positive afterwards.
	Improve comments as well.

	virsh: Use standard error messages in vshCommandOptTimeoutToMs()
	I missed this in the first time around, thanks Michal for noticing.

	tests: Add a bunch of new tests to virsh-optparse
	The new tests deal with numeric options of three kinds: regular,
	scaled and timeouts. For each, both valid and invalid inputs
	are provided, hopefully covering all cases: this should allow us
	to avoid regressions when changing the relevant code in virsh.

2015-06-02  Erik Skultety  <eskultet@redhat.com>

	storage: RBD: do not return error when deleting non-existent volume
	RBD API returns negative value of errno, in that case we can silently
	ignore if RBD tries to delete a non-existent volume, just like FS
	backend does.

	storage: Don't update volume objs list before we successfully create one
	We do update pool volume object list before we actually create any
	volume. If buildVol fails, we then try to delete the volume in the
	storage as well as remove it from our structures. The problem is, that
	any backend that supports both buildVol and deleteVol would fail in this
	case which is completely unnecessary. This patch causes the update to
	take place after we know a volume has been created successfully, thus no
	removal in case of a buildVol failure is necessary.
	https://bugzilla.redhat.com/show_bug.cgi?id=1223177

	nwfilter: Fix sscanf off-by-one error in virNWFilterSnoopLeaseFileLoad
	We allocate 16 bytes for IPv4 address and 55 bytes for interface
	key, therefore we should read up to 15/54 bytes and let the last byte
	reserved for terminating null byte in sscanf.
	https://bugzilla.redhat.com/show_bug.cgi?id=1226400

2015-06-02  Peter Krempa  <pkrempa@redhat.com>

	util: process: @pid in virProcessSetAffinity's BSD impl is not unused

2015-06-02  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Incorporates fixes for cross-compiling to mingw on rawhide, where
	gcc 5.1 changes detection of how to properly determine PRIdMAX.
	Also picks up some improvements for compilation on Mac OS X.
	* .gnulib: Update to latest, for at least mingw.

2015-06-02  Jim Fehlig  <jfehlig@suse.com>

	spec: fixes for recently introduced libxl conf files
	Commit 198cc1d3 introduced libxl-lockd and libxl-sanlock config
	files but forgot to add them to the spec file.  Follow-up commit
	62b18d98 added the files to daemon-driver-libxl, but missed adding
	them to the daemon package when configuring libvirt
	--without-driver-modules.  In addition, commit 62b18d98 added
	libxl-sanlock to daemon-driver-libxl, but it should be included
	in lock-sanlock when libvirt is configured --with-sanlock.

2015-06-01  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	libxl: load on FreeBSD
	The libxl tries to check if it's running in dom0 by parsing
	/proc/xen/capabilities and if that fails it doesn't load.
	There's no procfs interface in Xen on FreeBSD, so this check always
	fails.
	In addition to checking procfs, check if /dev/xen/xenstored, that's enough to
	check if we're running in dom0 in FreeBSD case.

2015-06-01  Ján Tomko  <jtomko@redhat.com>

	virsh: make negative values with vol-resize more convenient
	When shrinking a volume by a certain size, instead of typing
	  vol-resize volume 1G --delta --shrink
	we allow the convience of specifying a negative value:
	  vol-resize volume -1G --delta --shrink
	getting the same results with one more character.
	A negative value only makes sense as a delta. Imply the
	--delta parameter if the value is negative.
	Still require --shrink, because the operation is potentially
	destructive.

2015-06-01  Andrea Bolognani  <abologna@redhat.com>

	qemu: Automatically add <panic> element for pSeries guests.
	The guest firmware provides the same functionality as the pvpanic
	device, and the relevant element should always be present in the
	domain XML to reflect this fact, so add it after parsing the
	definition if it wasn't there already.

	qemu: Allow panic device for pSeries guests
	The guest firmware provides the same functionality as the pvpanic
	device, which is not available in QEMU on pSeries, so the domain
	XML should be allowed to contain the <panic> element.
	On the other hand, unlike the pvpanic device, the guest firmware
	can't be configured, so report an error if an address has been
	provided in the XML.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1182388

	qemu: Improve error message for missing QEMU_CAPS_DEVICE_PANIC.

2015-06-01  John Ferlan  <jferlan@redhat.com>

	virsh: Fix printing of XML for pool-create-as
	https://bugzilla.redhat.com/show_bug.cgi?id=1224088
	commit id 'bd00e00e' neglected to add the new adapter source options
	into the if condition that allowed printing the <source> XML fields.
	The <adapter type='fc_host'.../> doesn't require other options in order
	to be complete.

2015-06-01  Daniel P. Berrange  <berrange@redhat.com>

	Post-release version bump to 1.2.17

2015-06-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.16
	- docs/news.html.in libvirt.spec.in: update for the release
	- po/*.po*: regenerate

2015-05-29  Ján Tomko  <jtomko@redhat.com>

	Allocate priv->vioserialaddrs unconditionally
	When attempting to hotplug a virtio-serial console to a domain
	that had no virtio-serial controllers (not even those that
	are added by libvirt when some devices need them) at daemon startup,
	report a user-friendly error:
	error: Failed to attach device from console.xml
	error: internal error: no virtio-serial controllers are available
	instead of crashing the daemon:
	Process terminating with default action of signal 11 (SIGSEGV): dumping core
	 Access not within mapped region at address 0x8
	   at 0x531028F: virDomainVirtioSerialAddrNext (domain_addr.c:916)
	   by 0x531028F: virDomainVirtioSerialAddrAssign (domain_addr.c:1029)
	   by 0x1CBF68: qemuDomainAttachChrDevice (qemu_hotplug.c:1565)
	   by 0x1BCD5E: qemuDomainAttachDeviceLive (qemu_driver.c:7997)
	   by 0x1BCD5E: qemuDomainAttachDeviceFlags (qemu_driver.c:8743)
	Introduced in v1.2.14-30-g5903378.

	Properly free the xmlDocPtr when loading pool state
	Use xmlFreeDoc instead of plain xmlFree.
	4 bytes in 1 blocks are definitely lost in loss record 9 of 1,084
	    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	    by 0x70730D6: xmlStrndup (in /usr/lib64/libxml2.so.2.9.2)
	    by 0x701E3DC: xmlNewDoc (in /usr/lib64/libxml2.so.2.9.2)
	    by 0x70C39F8: xmlSAX2StartDocument (in /usr/lib64/libxml2.so.2.9.2)
	    by 0x7017245: xmlParseDocument (in /usr/lib64/libxml2.so.2.9.2)
	    by 0x7017606: xmlDoRead (in /usr/lib64/libxml2.so.2.9.2)
	    by 0x5309DAD: virXMLParseHelper (virxml.c:742)
	    by 0x5367584: virStoragePoolLoadState (storage_conf.c:1863)

2015-05-29  Jim Fehlig  <jfehlig@suse.com>

	libxl: support QXL video device
	libxl recently gained support for QXL video device.  Support
	it in the libxl driver too.

	libxl: support SPICE graphics for HVM domains

	libxl: change reservedVNCPorts to reservedGraphicsPorts
	A later change will use the PortAllocator for SPICE too.

	libxl: populate build_info vfb in separate function
	For HVM domains, vfb info must be populated in the libxl_domain_build_info
	struct.  Currently this is done in the libxlMakeVfbList function, but IMO
	it would be cleaner to populate the build_info vfb in a separate
	libxlMakeBuildInfoVfb function.  libxlMakeVfbList would then handle only
	vfb devices, simiar to the other libxlMake<device>List functions.
	A future patch will extend libxlMakeBuildInfoVfb to support SPICE.

2015-05-29  John Ferlan  <jferlan@redhat.com>

	storage: Fix problem with disk backend pool allocation calculation
	https://bugzilla.redhat.com/show_bug.cgi?id=1224018
	The disk pool recalculates the pool allocation, capacity, and available
	values each time through processing a newly created disk partition. This
	created an issue with the allocation setting since the code used is shared
	with the refresh path. Each path calls virStorageBackendDiskReadPartitions
	which initializes the pool values and then processes the partition table
	from the 'libvirt_parthelper' utility output with the only difference being
	create passes a specific volume to be processed while refresh pass a NULL
	indicating to process all volumes. That passed volume is check during the
	virStorageBackendDiskMakeVol call to see if the current partition described
	by the volume key already exists. If it exists, then no adjustments are
	made to the allocation and the next entry in the output is checked.
	For the create path this resulted in only the most recently created
	partition size would be accounted for in the 'allocation' setting. This
	patch thus checks whether the incoming volume is NULL before clearing
	the pool allocation value.

	storage: Don't adjust pool alloc/avail values for disk backend
	Commit id '2ac0e647' for https://bugzilla.redhat.com/show_bug.cgi?id=1206521
	was meant to be a generic check for the CreateVol, CreateVolFrom, and
	DeleteVol paths to check if the storage backend's changed the pool's view
	of allocation or available values.
	Unfortunately as it turns out this caused a side effect when the disk backend
	created an extended partition there would be no actual storage removed from
	the pool, thus the changes would not find any change in allocation or
	available and incorrectly update the pool values using the size of the
	extended partition. A subsequent refresh of the pool would reset the
	values appropriately.
	This patch modifies those checks in order to specifically not update the
	pool allocation and available for only the disk backend rather than be
	generic before and after checks.

	Revert "storage: Don't duplicate efforts of backend driver"
	This reverts commit 2ac0e647bdd33d93a374e7ef3eadf2a253c7bf79.

2015-05-29  Laine Stump  <laine@laine.org>

	debug: assure NULLSTR() around all %s args in debug at top of public APIs
	There are also a couple that were very uninformatively just logging
	the value of the pointer rather than the string itself:
	* the "name" arg to virNodeDeviceLookupByName()
	* wwnn and wwpn args to virNodeDeviceLookupSCSIHostByWWN()
	All char*'s that make sense should now have their contents logged
	rather than the pointer, and all %s args should now be inside
	NULLSTR().

	node_device: more informative error log when device isn't found
	In a couple of cases, the node device driver (and the test node device
	driver which likely copied it) was only logging "Node device not
	found" when it couldn't find the requested device. This patch changes
	those cases to log the name (and in the case when it's relevant, the
	wwnn and wwpn) as well.

2015-05-28  Kothapally Madhu Pavan  <kmp@linux.vnet.ibm.com>

	virsh: Fix to list online cpus using virsh capabilities
	Virsh capabilities will list offline cpus as online when
	libvirt is compiled with numactl option disabled. This
	fix will list correct set of online cpus.

2015-05-28  Ján Tomko  <jtomko@redhat.com>

	Fix the event name in vshEventTrayChangePrint
	https://bugzilla.redhat.com/show_bug.cgi?id=1206114#c5
	Reported by: zhenfeng wang <zhwang@redhat.com>

	Fix shrinking volumes with the delta flag
	This never worked.
	In 0.9.10 when this API was introduced, it was intended that
	the SHRINK flag combined with DELTA would shrink the volume by
	the specified capacity (to avoid passing negative numbers).
	See commit 055bbf4.
	When the SHRINK flag was finally implemented for the first backend
	in 1.2.13 (commit aa9aa6a), it was only implemented for the absolute
	values and with the delta flag the volume is always extended,
	regardless of the SHRINK flag.
	Treat the SHRINK flag as a minus sign when used together with DELTA,
	to allow shrinking volumes as was documented in the API since 0.9.10.
	https://bugzilla.redhat.com/show_bug.cgi?id=1220213

	Simplify allocation check in storageVolResize
	Since shrinking a volume below existing allocation is not allowed,
	it is not possible for a successful resize with VOL_RESIZE_ALLOCATE
	to increase the pool's available value.
	Even with the SHRINK flag it is possible to extend the current
	allocation or even the capacity. Remove the overflow when
	computing delta with this flag and do the check even if the
	flag was specified.
	https://bugzilla.redhat.com/show_bug.cgi?id=1073305

2015-05-28  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: suppress console output from parallels SDK
	It is necessary to have unpolluted screen when connecting to
	parallels driver via virsh.
	Otherwise a lot of unexpected output one will get on the console.

2015-05-28  Lubomir Rintel  <lkundrak@v3.sk>

	interface: don't error out if a bond has no interfaces
	It's not a problem at all and causes virt-manager to break down.
	Note: netcf 0.2.8 and earlier generates invalid XML for a bond with no
	interfaces anyway, so in that case this error in libvirt is never
	reached since we fail earlier.

2015-05-27  Andrea Bolognani  <abologna@redhat.com>

	qemu: Limit rtc-reset-reinjection requirement to x86 only.
	The QMP command, like the interrupt reinjection logic it's connected
	to, is only implemented in QEMU when TARGET_I386 is defined, so
	checking for its availability on any other architecture is pointless.
	On the other hand, when we're on x86, we shouldn still make sure that
	rtc-reset-reinjection is available and refuse to set the time
	otherwise.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1211938

2015-05-27  Martin Kletzander  <mkletzan@redhat.com>

	storage_fs: Create directory with UID if needed
	The code already exists there, it just modified different flags.  I just
	noticed this when looking at the code.  This patch is better to view
	with bigger context or '-W'.

2015-05-27  Zhang Bo  <oscar.zhangbo@huawei.com>

	util: make it more robust to calculate timeout value
	When we change system clock to years ago, a certain CPU may use up 100% cputime.
	The reason is that in function virEventPollCalculateTimeout(), we assign the
	unsigned long long result to an INT variable,
	        *timeout = then - now; // timeout is INT, and then/now are long long
	        if (*timeout < 0)
	            *timeout = 0;
	there's a chance that variable @then minus variable @now may be a very large number
	that overflows INT value expression, then *timeout will be negative and be assigned to 0.
	Next the 'poll' in function virEventPollRunOnce() will get into an 'endless' while loop there.
	thus, the cpu that virEventPollRunOnce() thread runs on will go up to 100%.
	Although as we discussed before in https://www.redhat.com/archives/libvir-list/2015-May/msg00400.html
	it should be prohibited to set-time while other applications are running, but it does
	seems to have no harm to make the codes more robust.

2015-05-27  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	zfs: fix storagepoolxml2xml test
	Commit 7c2d65d dropped setting default mode.
	Update zfs tests accordingly.

2015-05-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix compilation error when enum variable size differs from 'int'
	Since commit bcd9a564b631aa virDomainNumatuneGetMode returns the value
	via a pointer rather than in the return value. The change triggered
	problems with platforms where the compiler decides to use a data type of
	size different than integer at the point where we typecast it.
	Work around the issue by using an intermediate variable of the correct
	type that gets casted back by the default typecasting rules.

2015-05-27  Luyao Huang  <lhuang@redhat.com>

	util: improve the sysinfo element XML format
	If the <sysinfo type='smbios'...> ends up not formatting any sub-elements,
	then rather than formatting as:
	  <sysinfo type='smbios'>
	  </sysinfo>
	Just format it more cleanly as:
	  <sysinfo type='smbios'/>

	conf: Avoid formatting empty redirfilter element
	If the redirfilter has no usbdev sub-elements, then do not format anything
	rather than formatting an empty pair of elements:
	    <redirfilter>
	    </redirfilter>

2015-05-27  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Time to update to new gnulib before a release.
	gcc 5.1 introduced a new -Wformat-signedness, and new gnulib now
	turns it on by default.  However, it is still rather lame at the
	moment, because it warns for enums, even though there is no way
	to control the signeness of an enum which does not use any members
	that are negative or larger than INT_MAX, and even though such an
	enum would always print the same for both %d and %u:
	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66249
	In file included from ../../src/util/virarch.c:26:0:
	../../src/util/virarch.c: In function 'virArchFromHost':
	../../src/util/virarch.c:180:15: error: format '%d' expects argument of type 'int', but argument 9 has type 'unsigned int' [-Werror=format=]
	     VIR_DEBUG("Mapped %s to %d (%s)",
	So this patch turns off the new warning as part of enabling all
	other new gcc 5.1 warnings that gnulib now enables.
	* .gnulib: Update to latest, in part for gcc 5.1 interaction.
	* m4/virt-compile-warnings.m4: Ignore -Wformat-signedness, for now.

2015-05-26  John Ferlan  <jferlan@redhat.com>

	qemu: Add libvirt version check to refresh capabilities algorithm
	Rather than an algorithm based solely on libvirtd ctime to refresh the
	capabilities add the element of the libvirt build version into the equation.
	Since that version wouldn't be there prior to this code being run - don't
	fail on reading the capabilities if not found. In this case, the cache
	will always be rebuilt when a new libvirt version is installed.

	qemu: Force capabilities cache refresh if libvirtd date is different
	https://bugzilla.redhat.com/show_bug.cgi?id=1195882
	Original commit id 'cbde3589' indicates that the cache file would be
	discarded if either the QEMU binary or libvirtd 'ctime' changes; however,
	the code only discarded if the QEMU binary time didn't match or if the
	new libvirtd ctime was later than what created the cache file.
	Since many factors come into play with 'ctime' adjustments (including
	perhaps turning back the hands of time), change the logic to also force
	a refresh if the ctime of libvirt is different than what's in the cache.

2015-05-26  Daniel P. Berrange  <berrange@redhat.com>

	docs: update github project name
	The github project was renamed from libvirtproject to libvirt

2015-05-26  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity RESOURCE_LEAK
	Recent changes to the -M/--machine processing code in qemuParseCommandLine
	caused Coverity to determine there was a possible resource leak with how
	the 'list' is managed. Rather than try to add virStringFreeList calls
	everywhere - just promote list to the top of the variables and free it
	within the error processing code. Also required a couple of other tweaks
	in order to avoid double free's.

	conf: Resolve Coverity NEGATIVE_RETURNS
	Commit id '73eda710' added virDomainKeyWrapDefParseXML which uses
	virXPathNodeSet, but does not handle a -1 return thus causing a possible
	loop condition exit problem later when the return value is used.
	Change the logic to return the value from virXPathNodeSet if <= 0

2015-05-26  Cole Robinson  <crobinso@redhat.com>

	storage: fs: Only force directory permissions if required
	Only set directory permissions at pool build time, if:
	- User explicitly requested a mode via the XML
	- The directory needs to be created
	- We need to do the crazy NFS root-squash workaround
	This allows qemu:///session to call build on an existing directory
	like /tmp.

	conf: storage: Don't emit empty <permissions> block

	storage: conf: Don't set any default <mode> in the XML
	The XML parser sets a default <mode> if none is explicitly passed in.
	This is then used at pool/vol creation time, and unconditionally reported
	in the XML.
	The problem with this approach is that it's impossible for other code
	to determine if the user explicitly requested a storage mode. There
	are some cases where we want to make this distinction, but we currently
	can't.
	Handle <mode> parsing like we handle <owner>/<group>: if no value is
	passed in, set it to -1, and adjust the internal consumers to handle
	it.

	docs: formatstorage: Update <permissions> docs
	- Don't redocument the permissions fields for backingstore, just point to
	  the volume docs.
	- Clarify that owner/group are inherited from the parent directory at
	  volume create/pool build time.
	- Clarify that <permissions> fields report runtime values too

2015-05-26  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: fix possible crash in case of errors in prlsdkLoadDomain
	Cleanup code in prlsdkLoadDomain doesn't take into account the fact
	if private domain structure along with freeing function is assigned
	or not. In case it is, we shouldn't call it manually because
	virDomainObjListRemove calls it and frees pdom.
	Also, allocated def structure should be freed only if it's not
	assigned to domain. Otherwise it will be called twice: one time by
	virDomainObjListRemove and the second by prlsdkLoadDomain itself.

	parallels: move up updating parameter in prlsdkLoadDomain
	It is better to get all necessary parameters and check them on newly
	created configuration before actually creating a domain with them or
	applying them to an existing domain.

2015-05-25  Pavel Hrdina  <phrdina@redhat.com>

	virsh: reject negative values for scaled integer
	Some virsh commands have a size parameter, which is handled as scaled
	integer.  We don't have any *feature* that would allow to use '-1' as
	maximum size, so it's safe to reject any negative values for those
	commands.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1159171

2015-05-25  Michal Privoznik  <mprivozn@redhat.com>

	docs: Document new RO repo mirrors
	In the upstream discussion on creating a github mirror [1], it turned
	out that there are some read-only mirrors of our repository. Lets
	advertise them on our downloads page. But do it wisely and discourage
	people in sending a pull requests on GitHub.
	1: https://www.redhat.com/archives/libvir-list/2015-May/msg00775.html

2015-05-24  John Ferlan  <jferlan@redhat.com>

	network: Resolve Coverity FORWARD_NULL
	To silence Coverity just add a 'p &&' in front of the check in
	networkFindUnusedBridgeName after the strchr() call.  Even though
	we know it's not possible to have strchr return NULL since the only
	way into the function is if there is a '%' in def->bridge or it's NULL.

	conf: Resolve Coverity FORWARD_NULL
	Even though it's been pointed out they are false positives:
	http://www.redhat.com/archives/libvir-list/2015-May/msg00301.html
	and
	http://www.redhat.com/archives/libvir-list/2015-May/msg00302.html
	these still show up as Coverity issues. In order to silence Coverity
	add an 'sa_assert' prior to check failure.

	storage: Resolve Coverity FORWARD_NULL
	Coverity points out it's possible for one of the virCommand{Output|Error}*
	API's to have not allocated 'output' and/or 'error' in which case the
	strstr comparison will cause a NULL deref

2015-05-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	zfs: fix storagepoolxml2xml test
	Commit c4d27bd dropped output of owner/group -1.
	Update zfs tests accordingly.

	bhyve: fix build with gcc48
	Build with gcc 4.8 fails with:
	bhyve/bhyve_monitor.c: In function 'bhyveMonitorIO':
	bhyve/bhyve_monitor.c:51:18: error: missing initializer for field 'tv_sec' of 'const struct timespec' [-Werror=missing-field-initializers]
	     const struct timespec zerowait = {};
	Explicitly initialize zerowait to fix the build.

2015-05-24  Pavel Fedin  <p.fedin@samsung.com>

	Add missing XDR_FLAGS
	Fixes build problems on x86_64-cygwin host for aarch64 target:
	  CC       lxc/libvirt_driver_lxc_impl_la-lxc_monitor_protocol.lo
	In file included from lxc/lxc_monitor_protocol.c:7:0:
	lxc/lxc_monitor_protocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory
	  CC       rpc/libvirt_setuid_rpc_client_la-virnetmessage.lo
	In file included from rpc/virnetmessage.h:24:0,
	                 from rpc/virnetmessage.c:26:
	rpc/virnetprotocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory
	  CC       lxc/libvirt_lxc-lxc_monitor_protocol.o
	In file included from lxc/lxc_monitor_protocol.c:7:0:
	lxc/lxc_monitor_protocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory

2015-05-22  Laine Stump  <laine@laine.org>

	util: better error message after failure to initialize firewall backend
	If the firewalld backend wasn't available and libvirt decides to try
	setting up a "direct" backend, it checks for the presence of iptables,
	ip6tables, and ebtables. If they are not found, a message like this is logged:
	  error : virFirewallValidateBackend:193 : direct firewall backend
	          requested, but /usr/sbin/ip6tables is not available:
	          No such file or directory
	But then at a later time if an attempt is made to use the virFirewall
	API, failure will be indicated with:
	  error : virFirewallApply:936 : out of memory
	This patch changes virFirewallApply to first check if a firewall
	backend hadn't been successfully setup, and logs a slightly more
	informative message in that case:
	  error : virFirewallApply:940 : internal error:
	          Failed to initialize a valid firewall backend
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1223876

	interface: allow multiple IPv4 addresses + dhcp on a single interface
	As of netcf-0.2.8, netcf supports configuring multipl IPv4 addresses,
	as well as simultaneously configuring dhcp and static IPv4 addresses,
	on a single interface. This patch updates libvirt's interface.rng to
	allow such configurations.
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1223688

	netdev: fail when setting up an SRIOV VF if PF is offline
	If an SRIOV PF is offline, the kernel won't complain if you set the
	mac address and vlan tag for a VF via this PF, and it will even let
	you assign the VF to a guest using PCI device assignment or macvtap
	passthrough. But in this case (the PF isn't online), the device won't
	be usable in the guest.
	Silently setting the PF online would solve the connectivity problem,
	but as pointed out by Dan Berrange, when an interface is set online
	with no associated config, the kernel will by default turn on IPv6
	autoconf, which could create unexpected security problems for the
	host. For this reason, this patch instead logs an error and fails the
	operation.
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=893738
	Originally filed against RHEL6, but present in every version of
	libvirt until today.

2015-05-22  Cole Robinson  <crobinso@redhat.com>

	storage: conf: Don't output owner/group -1
	-1 is just an internal placeholder and is meaningless to output in the XML.

2015-05-22  Maxim Nestratov  <mnestratov@parallels.com>

	node_device: fix libvirt build if WITH_HAL is defined
	commit ffc40b63b50ecb changed uniond _virNodeDevCapData into a typedef
	named virNodeDevCapData with a struct that contains the union as well
	as a type enum. This change necessitated changing every reference to
	"caps->type" into "caps->data.type", but the author of that patch
	failed to test a build "WITH_HAL". This patch fixes the one place in
	the hal backend that needed changing.

2015-05-22  Michal Privoznik  <mprivozn@redhat.com>

	sysinfo: Fix reports on ARM
	Due to a kernel commit (b4b8f770e), cpuinfo format has changed on
	ARMs. Firstly, 'Processor: ...' may not be reported, it's
	replaced by 'model name: ...'. Secondly, the "Processor" string
	may occur in CPU name, e.g. 'ARMv7 Processor rev 5 (v7l)'.
	Therefore, we must firstly look for 'model name' and then for
	'Processor' if not found.
	Moreover, lines in the cpuinfo file are shuffled, so we better
	not manipulate the pointer to start of internal buffer as we may
	lost some info.

2015-05-21  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainDetachChrDevice: Fix chardev hot-unplug
	Not every chardev is plugged onto virtio-serial bus. However, the
	code introduced in 89e991a2aa36b04 assumes that. Incorrectly.
	With previous patches we have three options where a chardev can
	be plugged: virtio-serial, USB and PCI. This commit fixes the
	detach part. However, since we are not auto allocating USB
	addresses yet, I'm just marking the place where appropriate code
	should go.

	qemuDomainAttachChrDevice: Fix chardev hotplug
	Not every chardev is plugged onto virtio-serial bus. However, the
	code introduced in 89e991a2aa36b04 assumes that. Incorrectly.
	With previous patches we have three options where a chardev can
	be plugged: virtio-serial, USB and PCI. This commit fixes the
	attach part.  However, since we are not auto allocating USB
	addresses yet, I'm just marking the place where appropriate code
	should go.

	qemu: Implement pci-serial
	https://bugzilla.redhat.com/show_bug.cgi?id=998813
	Implementation is pretty straight-forward. Of course, not all qemus
	out there supports the device, so new capability is introduced and
	checked prior each use of the device.

	Introduce pci-serial
	https://bugzilla.redhat.com/show_bug.cgi?id=998813
	Like usb-serial, the pci-serial device allows a serial device to be
	attached to PCI bus. An example XML looks like this:
	  <serial type='dev'>
	    <source path='/dev/ttyS2'/>
	    <target type='pci-serial' port='0'/>
	    <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
	  </serial>

2015-05-21  Peter Krempa  <pkrempa@redhat.com>

	util: Avoid shadow of 'ulong' in virMemoryMaxValue
	Old compilers whine:
	src/util/virutil.c: In function 'virMemoryMaxValue':
	src/util/virutil.c:2612: error: declaration of 'ulong' shadows a global declaration [-Wshadow]
	/usr/include/sys/types.h:151: error: shadowed declaration is here [-Wshadow]
	s/ulong/capped/ to work around the problem

2015-05-21  Ján Tomko  <jtomko@redhat.com>

	qemu: wire up virDomainSetUserPassword
	Base-64 encode the password and pass it to the guest agent
	via the 'guest-set-user-password' command.
	https://bugzilla.redhat.com/show_bug.cgi?id=1174177

	virsh: add set-user-password command
	Expose the virDomainSetUserPassword API in virsh:
	virsh set-user-password dom user 123456

	Introduce virDomainSetUserPassword API
	For setting passwords of users inside the domain.
	With the VIR_DOMAIN_PASSWORD_ENCRYPTED flag set, the password
	is assumed to be already encrypted by the method required
	by the guest OS.
	https://bugzilla.redhat.com/show_bug.cgi?id=1174177

2015-05-21  Jiri Denemark  <jdenemar@redhat.com>

	threadpool: Switch to detached threads
	Using joinable threads does not help anything, but it can lead to memory
	leaks.
	When a worker thread exits, it decreases nWorkers or nPrioWorkers and
	once both nWorkers and nPrioWorkers are zero (i.e., the last worker is
	gone), quit_cond is signaled. When freeing the pool we first tell all
	threads to die and then we are waiting for both nWorkers and
	nPrioWorkers to become zero. At this point we already know all threads
	are gone. So the only reason for calling virThreadJoin of all workers is
	to free the memory allocated for joinable threads. If we avoid
	allocating this memory, we don't need to take care of freeing it.
	Moreover, any memory associated with a worker thread which died before
	we asked it to die (e.g., because virCondWait failed in the thread)
	would be lost anyway since virThreadPoolFree calls virThreadJoin only
	for threads which were running at the time virThreadPoolFree was called.

	Use virDomainDiskByName where appropriate
	Most virDomainDiskIndexByName callers do not care about the index; what
	they really want is a disk def pointer.

	Add wrappers for virDomainDiskIndexBy*
	Sometimes the only thing we need is the pointer to virDomainDiskDef and
	having to call virDomainDiskIndexBy* APIs, storing the disk index, and
	looking it up in the disks array is ugly. After this patch, we can just
	call virDomainDiskBy* and get the pointer in one step.

2015-05-21  Erik Skultety  <eskultet@redhat.com>

	qemu: Log error if domain uses security driver which is not loaded
	When starting a domain, if a domain specifies security drivers we do not have
	loaded, we fail. However we don't check for this during
	reconnect, so any operation relying on security driver functionality would fail.
	If someone e.g. starts a domain with selinux driver loaded, then they change
	the security driver to 'none' in config, restart the daemon and call dump/save/..,
	QEMU will return an error.
	As we shouldn't kill the domain, we should at least log an error to let the
	user know that domain reconnect wasn't completely clean.
	https://bugzilla.redhat.com/show_bug.cgi?id=1183893

2015-05-21  Luyao Huang  <lhuang@redhat.com>

	conf: Restore the XML parser context in virDomainMemoryDefParseXML
	After parsing the memory device XML the function would not restore the
	XML parser context causing invalid XPath starting point for the rest of
	the elements. This is a regression since 3e4230d2.
	The test case addition uses the <idmap> element that is currently unused
	by qemu, but parsed after the memory device definition and formatted
	always.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1223631

2015-05-20  Peter Krempa  <pkrempa@redhat.com>

	conf: Catch memory size overflow earlier
	virDomainParseMemory parses the size and then rounds up while converting
	it to kibibytes. Since the number is limit-checked before the rounding
	it's possible to use a number that would be correctly parsed the first
	time, but not the second time. For numbers not limited to 32 bit systems
	the magic is 9223372036854775807 bytes. That number then can't be parsed
	back in kibibytes.
	To solve the issue add a second overflow check for the few values that
	would cause the problem. Since virDomainParseMemory is used in config
	parsing, this avoids vanishing VMs.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1221504

2015-05-20  Michal Privoznik  <mprivozn@redhat.com>

	virDomainNumatuneGetMode: Report if numatune was defined
	So far, we are not reporting if numatune was even defined. The
	value of zero is blindly returned (which maps onto
	VIR_DOMAIN_NUMATUNE_MEM_STRICT). Unfortunately, we are making
	decisions based on this value. Instead, we should not only return
	the correct value, but report to the caller if the value is valid
	at all.
	For better viewing of this patch use '-w'.

2015-05-20  John Ferlan  <jferlan@redhat.com>

	Taint domains using cdrom-passthrough
	https://bugzilla.redhat.com/show_bug.cgi?id=976387
	For a domain configured using the host cdrom, we should taint the domain
	due to problems encountered when the host and guest try to control the tray.

2015-05-20  Cole Robinson  <crobinso@redhat.com>

	virfile: virDirCreate: Drop redundant FORCE_PERMS flag
	The only two virDirCreate callers already use it

	virfile: virDirCreate: Fix ALLOW_EXIST conditional
	I screwed this up in the previous (post 1.2.16) commits

2015-05-19  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Fix numatune nodeset reporting
	Since af2a1f0587d88656f2c14265a63fbc11ecbd924e,
	qemuDomainGetNumaParameters() returns invalid value for a running
	guest.  The problem is that it is getting the information from cgroups,
	but the parent cgroup is being left alone since the mentioned commit.
	Since the running guest's XML is in sync with cgroups, there is no need
	to look into cgroups (unless someone changes the configuration behind
	libvirt's back).  Returning the info from the definition fixes a bug and
	is also a cleanup.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1221047

2015-05-19  Jim Fehlig  <jfehlig@suse.com>

	xenconfig: fix spice mousemode and copypaste
	From xl.cfg950 man page:
	spiceagent_mouse=BOOLEAN
	Whether SPICE agent is used for client mouse mode. The default is
	true (1) (turn on)
	spicevdagent=BOOLEAN
	Enables spice vdagent. The Spice vdagent is an optional component for
	enhancing user experience and performing guest-oriented management
	tasks. Its features includes: client mouse mode (no need to grab
	mouse by client, no mouse lag), automatic adjustment of screen
	resolution, copy and paste (text and image) between client and domU.
	It also requires vdagent service installed on domU o.s. to work.
	The default is 0.
	spice_clipboard_sharing=BOOLEAN
	Enables Spice clipboard sharing (copy/paste). It requires spicevdagent
	enabled. The default is false (0).
	So if spiceagent_mouse is enabled (client mouse mode) or
	spice_clipboard_sharing is enabled, spicevdagent must be enabled.
	Along with this change, s/spicedvagent/spicevdagent, set
	spiceagent_mouse correctly, and add a test for these spice
	features.

	xenconfig: fix spicepasswd handling
	The logic related to spicedisable_ticketing and spicepasswd was
	inverted.  As per man xl.cfg(5), 'spicedisable_ticketing = 1'
	means no passwd is required.  On the other hand, a passwd is
	required if 'spicedisable_ticketing = 0'.  Fix the logic and
	produce and error if 'spicedisable_ticketing = 0' but spicepasswd
	is not provided.  Also fix the spice cfg test file.

	xenconfig: format spice listenAddr when formating ports
	Move formating of spice listenAddr to the section of code
	where spice ports are formatted.  It is more logical to
	format address and ports together.  Account for the change
	in spice cfg test file by moving 'spicehost'.

	xenconfig: use local variable for graphics def
	'graphics->' is a bit easier to read and type, and makes for
	shorter lines than 'def->graphics[0]->'.

2015-05-18  Laine Stump  <laine@laine.org>

	node_device: replace duplicated code in hal and udev backends
	Both the hal and udev drivers call virPCI*() functions to the the
	SRIOV VF/PF info about PCI devices, and the UDEV backend calls
	virPCI*() to get IOMMU group info. Since there is now a single
	function call in node_device_linux_sysfs.c to do all of this, replace
	all that code in the two backends with calls to
	nodeDeviceSysfsGetPCIRelatedDevCaps().
	Note that this results in the HAL driver (probably) unnecessarily
	calling virPCIDevieAddressGetIOMMUGroupNum(), but in the case that the
	host doesn't support IOMMU groups, that function turns into a NOP (it
	returns -2, which causes the caller to skip the call to
	virPCIDeviceAddressGetIOMMUGroupAddresses()). So in the worst case it
	is a few extra cycles spent, and in the best case a mythical platform
	that supported IOMMU groups but used HAL rather than UDEV would gain
	proper reporting of IOMMU group info.

	node_device: update sriov/iommu info before dumpxml of a device
	Because reloading a PF driver with a different number of VFs doesn't
	result in any sort of event sent from udev to the libvirt node_device
	driver, libvirt's cache of that info can be out of date when a request
	arrives for the info about a device. To fix this, we refresh that data
	at the time of the dumpxml request, similar to what is already done
	for netdev link info and SCSI host capabilities.
	Since the same is true for iommu group information (for example, some
	other device in the same iommu group could have been detached from the
	host), we also create a function to update the iommu group info from
	sysfs, and a common function that does both. (a later patch will call
	this common function from the udev and hal backends).
	This resolves:
	  https://bugzilla.redhat.com/show_bug.cgi?id=981546

	node_device: new functions to get sriov/iommu info from sysfs
	The udev and hal drivers both already call the same functions as these
	new functions added to node_device_linux_sysfs.c, but 1) we need to
	call them from node_device_driver.c, and 2) it would be nice to
	eliminate the duplicated code from the hal and udev backends.

	node device: prepare node_device_linux_sysfs.c to add more functions
	This file contains only a single function, detect_scsi_host_caps(),
	which is declared in node_device_driver.h and called from both the hal
	and udev backends. Other things common to the hal and udev drivers
	can be placed in that file though. As a prelude to adding further
	functions, this patch renames the existing function to something
	closer in line with other internal libvirt function names
	(nodeDeviceSysfsGetSCSIHostCaps()), and puts the declarations into a
	separate .h file.

	nodedev: change if-else if in update_caps to switch
	Makes it nicer as update bits are added for different cap types.

	conf: make virNodeDevCapData an official type
	For some reason a union (_virNodeDevCapData) that had only been
	declared inside the toplevel struct virNodeDevCapsDef was being used
	as an argument to functions all over the place. Since it was only a
	union, the "type" attribute wasn't necessarily sent with it. While
	this works, it just seems wrong.
	This patch creates a toplevel typedef for virNodeDevCapData and
	virNodeDevCapDataPtr, making it a struct that has the type attribute
	as a member, along with an anonymous union of everything that used to
	be in union _virNodeDevCapData. This way we only have to change the
	following:
	  s/union _virNodeDevCapData */virNodeDevCapDataPtr /
	and
	  s/caps->type/caps->data.type/
	This will make me feel less guilty when adding functions that need a
	pointer to one of these.

2015-05-18  Andrea Bolognani  <abologna@redhat.com>

	virsh: Improve handling of send-process-signal --pid.
	Use vshCommandOptLongLong() instead of retrieving the value as a
	string and converting it to a number manually.

	virsh: Fix dommemstat --period option type.
	The option didn't have VSH_OT_INT type even thought it's expected
	to be numeric, as shown by the fact that vshCommandOptInt() is later
	used to retrieve its value.

	virsh: Improve error message on integer value parsing failure.
	Replace more than 30 ad-hoc error messages with a single, generic one
	that contains the name of the option being processed and some hints
	to help the user understand what could have gone wrong.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1207043

2015-05-18  Tony Krowiak  <aekrowia@us.ibm.com>

	libvirt: tests: test protected key mgmt ops support
	Test the support for enabling/disabling CPACF protected key management
	operations for a guest.
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

	libvirt: qemu: enable/disable protected key management ops
	Introduces two new -machine option parameters to the QEMU command to
	enable/disable the CPACF protected key management operations for a guest:
	    aes-key-wrap='on|off'
	    dea-key-wrap='on|off'
	The QEMU code maps the corresponding domain configuration elements to the
	QEMU -machine option parameters to create the QEMU command:
	    <cipher name='aes' state='on'>   --> aes-key-wrap=on
	    <cipher name='aes' state='off'>  --> aes-key-wrap=off
	    <cipher name='dea' state='on'>   --> dea-key-wrap=on
	    <cipher name='dea' state='off'>  --> dea-key-wrap=off
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2015-05-18  Tony Krowiak  <akrowiak@linux.vnet.ibm.com>

	libvirt: Introduce protected key mgmt ops
	Two new domain configuration XML elements are added to enable/disable
	the protected key management operations for a guest:
	    <domain>
	      ...
	      <keywrap>
	        <cipher name='aes|dea' state='on|off'/>
	      </keywrap>
	      ...
	    </domain>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2015-05-16  Jim Fehlig  <jfehlig@suse.com>

	libxl: provide impl for nodeGetSecurityModel
	Currently, the libxl driver does not support any security drivers.
	When the qemu driver has no security driver configued,
	nodeGetSecurityModel succeeds but returns an empty virSecurityModel
	object.  Do the same in the libxl driver instead of reporting
	this function is not supported by the connection driver:
	virNodeGetSecurityModel

2015-05-16  Laine Stump  <laine@laine.org>

	qemu: log error when domain has an unsupported IDE controller
	We have previously effectively ignored all <controller type='ide'>
	elements in a domain definition.
	On the i440fx-based machinetypes there is an IDE controller that is
	included in the chipset and can't be removed (which is the ide
	controller with index='0'>), so it makes sense to ignore that one
	controller. However, if an i440fx domain definition has a 2nd
	controller, nothing catches this error (unless you also have a disk
	attached to it, in which case qemu will complain that you're trying to
	use the ide controller named "ide1", which doesn't exist), and if any
	other type of domain has even a single controller defined, it will be
	incorrectly ignored.
	Ignoring a bogus controller definition isn't such a big problem, as
	long as an error is logged when any disk is attached to that
	non-existent controller. But in the case of q35-based machinetypes,
	the hardcoded id ("alias" in libvirt terms) of its builtin SATA
	controller is "ide", which happens to be the same id as the builtin
	IDE controller on i440fx machinetypes. So libvirt creates a
	commandline believing that it is connecting the disk to the builtin
	(but actually nonexistent) IDE controller, qemu thinks that libvirt
	wanted that disk connected to the builtin SATA controller, and
	everybody is happy.
	Until you try to connect a 2nd disk to the IDE controller. Then qemu
	will complain that you're trying to set unit=1 on a controller that
	requires unit=0 (SATA controllers are organized differently than IDE
	controllers).
	After this patch, if a domain has an IDE controller defined for a
	machinetype that has no IDE controllers, libvirt will log an error
	about the controller itself as it is building the qemu commandline
	(rather than a (possible) error from qemu about disks attached to that
	controller). This is done by adding IDE to the list of controller
	types that are handled in the loop that creates controller command
	strings in qemuBuildCommandline() (previously it would *always* skip
	IDE controllers). Then qemuBuildControllerDevStr() is modified to log
	an appropriate error in the case of IDE controllers.
	In the future, if we add support for extra IDE controllers (piix3-ide
	and/or piix4-ide) we can just add it into the IDE case in
	qemuBuildControllerDevStr(). For now, nobody seems anxious to add
	extra support for an aging and very slow controller, when there are so
	many better options available.
	Resolves:
	https://bugzilla.redhat.com/show_bug.cgi?id=1176071 (Fedora)

	qemu: clean up qemuBuildCommandline loop that builds controller args
	Reorganize the loop that builds controller args to remove unnecessary
	duplicated code and superfluous else clauses. No functional change.

	qemu: remove test for allowing ide controller in s390, rename usb tests
	Back in 2013, commit 877bc089 added in some tests that made sure no
	error was generated on a domain definition that had an automatically
	added usb controller if that domain didn't have a PCI bus to attach
	the usb controller to. This was done because, at that time, libvirt
	was automatically adding a usb controller to *any* domain definition
	that didn't have one.  Along with permitting the controller, two
	s390-specific tests were added to ensure this behavior was maintained
	- one with <controller type='usb' model='none'/> and another (called
	"s390-piix-controllers") that had both usb and ide controllers, but
	nothing attached to them.
	Then in February of this year, commit 09ab9dcc eliminated the annoying
	auto-adding of a usb device for s390 and s390x machines, stating:
	 "Since s390 does not support usb the default creation of a usb
	  controller for a domain should not occur."
	Although, as verified here, the s390 doesn't support usb, and usb
	controllers aren't currently added to s390 domain definitions
	automatically, there are likely still some domain definitions in the
	wild that have a usb controller (which was added *by libvirt*, not by
	the user), so we will keep the tests verifying that behavior for
	now. But this patch changes the names of the tests to reflect that
	they don't actually contain a valid s390 config; this way future
	developers won't propagate the incorrect idea that an s390 virtual
	machine can have a USB (or IDE) bus.
	In the case of the IDE controller, though, libvirt has never
	automatically added an IDE controller unless a user added an IDE disk
	(which itself would have caused an error), and we specifically *do*
	want to begin generating an error when someone tries to add an IDE
	controller to a domain that can't support one. For that reason, while
	renaming the sz390-piix-controllers patch, this patch removes the
	<controller type='ide'...> from it (otherwise the upcoming patch would
	break make check)

	qemu: use controller alias when constructing device/controller args
	This makes sure that that the commandlines generated for devices and
	controller devices are all using the alias that has been set in the
	controller's object as the id of the controller, rather than
	hardcoding a printf (or worse, encoding exceptions to the standard
	${controller}${index} into the logic)
	Since this "fixes" the controller name used for the sata controller,
	the commandline arg for the sata controller in the sata test case had
	to be adjusted to be "sata0" instead of "ahci0". All other tests
	remain unchanged, verifying that the patch causes no other functional
	change.
	Because the function that finds a controller alias based on a device
	def requires a pointer to the full domainDef in order to get the list
	of controllers, the arglist of a few functions had to have this added.

	qemu: fix exceptions in qemuAssignDeviceControllerAlias
	There are a few extra exceptions that weren't being accounted for when
	creating the alias for a controller. This resulted in 1) incorrect
	status XML, and 2) exceptions/printfs of what *should* have been
	directly available in the controller alias when constructing device
	commandline arguments:
	1) The primary (and only) IDE controller on a 440FX machinetype is
	hardcoded to be "ide" in qemu.
	2) The primary SATA controller on a 440FX machinetype is also
	hardcoded to be "ide" in qemu.
	3) On machinetypes that don't support multiple PCI buses, the PCI bus
	is hardcoded in qemu to have the name "pci".
	4) The first usb master controller is "usb", all others are the normal
	"usb%d". (note that usb controllers that are not a "master" will have
	the same index, and thus alias, as the master).
	We needed to pass in the full domainDef and qemuCaps in order to
	properly make the decisions about these exceptions.

	conf: utility to return alias of a controller based on type/index
	Because there are multiple potential reasons for an error, this
	function logs any errors before returning NULL (since the caller won't
	have the information needed to determine which was the reason for
	failure).

2015-05-15  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't give up on first error in qemuMigrationCancelDriverMirror
	When cancelling drive mirror, always try to do that for all disks even
	if it fails for some of them. Report the first error we saw.

	qemu: Keep track of what disks are being migrated
	Instead of redoing the same filtering over and over everytime we need to
	walk through all disks which are being migrated.

	Move QEMU-only fields from virDomainDiskDef into privateData

	Rename virDomainHasBlockjob as qemuDomainHasBlockjob
	And move it to qemu_domain.[ch] because this API is QEMU-only.

	Add privateData to virDomainDiskDef

2015-05-14  Ján Tomko  <jtomko@redhat.com>

	reject out of range memory in SetMemory APIs
	The APIs take the memory value in KiB and we store it in KiB
	internally, but we cannot parse the whole ULONG_MAX range
	on 64-bit systems, because virDomainParseScaledValue
	needs to fit the value in bytes in an unsigned long long.
	https://bugzilla.redhat.com/show_bug.cgi?id=1176739

2015-05-14  Martin Kletzander  <mkletzan@redhat.com>

	Some alignment fixes in lxc_controller and jsontest
	Again, a clean-up for which we don't have proper syntax-check.

	gendispatch: Don't generate long lines
	We don't allow it in normal code, why would it need to be in the
	generated one.  IT also splits the line in perl code so it's readable.

	virnetserver: Remove unnecessary double space
	Since we don't have syntax-check for this, it has to be checked
	manually.  Let's hope this is the only place it happened.

	rpc: Don't mix max_clients and max_workers in PostExecRestart
	This only affected the servers that re-exec themselves, which is only
	virtlockd and it didn't do any mess, so this is mostly a clenaup.

2015-05-14  John Ferlan  <jferlan@redhat.com>

	qemu: Clear autofil fill flag when pinning iothread
	https://bugzilla.redhat.com/show_bug.cgi?id=1218577
	Treat pinning an IOThread via API as if someone added an IOThread to
	ensure the iothreadid doesn't cause the guest to disappear

	conf: Expose iothreadids when delete non sequential iothreadids
	Since 'autofill'd iothreadid entries are not written during XML format
	processing, it is possible that if an iothreadid in the middle of an
	autofilled list would then change it's id on a subsequent restart.
	Thus during the iothreadid deletion, if we determine the delete is not
	the "last" thread, then clear the autofill bit for all iothreadid's
	following the one being deleted (either the first or one in the middle).
	This way, iothreadid's will be printed/saved.

2015-05-14  Luyao Huang  <lhuang@redhat.com>

	virsh: Report an error when cpulist parsing fails
	When parsing a cpulist, the virBitmapParse is used. On an invalid
	bitmap an error is reported, but the error gets cleared
	immediately by subsequent public APIs call, e.g. virDomainFree().
	Moreover, we don't check whether bitmap fits into maximal CPU ID
	on the host. Therefore the following examples failed without any
	error:
	 # virsh vcpupin test3 1 aaa
	 # virsh vcpupin test3 1 1000

2015-05-13  Nikolay Shirokovskiy  <nshirokovskiy@parallels.com>

	parallels: remove connection wide wait timeout
	We have a lot of passing arguments code just to pass connection
	object cause it holds jobTimeout. Taking into account that
	right now this value is defined at compile time let's just
	get rid of it and make arguments list more clear in many
	places.
	In case we later need some runtime configurable timeout
	value we can provide this value through arguments
	function already operate such as a parallels domain
	object etc as this timeouts are operation( and thus
	object) specific in practice.

2015-05-13  zhang bo  <oscar.zhangbo@huawei.com>

	qemuMigrationPrepareAny: Drop useless variable @now
	As of eeb008dbfcf31 the variable is not used anymore. Drop it.

2015-05-13  Andrea Bolognani  <abologna@redhat.com>

	maint: Ignore Vim swap files
	This removes some noise when you're working on the repository
	and also have a bunch of source files open in Vim in another
	terminal.

2015-05-13  Martin Kletzander  <mkletzan@redhat.com>

	Fix build --without-network
	In order not to bring in any link dependencies, bridge driver doesn't
	use the usual stubs as other conditionally-built code does.  However,
	having the function as a macro imposes a problem with possibly unused
	variables if just defined as "0".  This was worked around by using
	(dom=dom, iface=iface, 0) which should act like a 0 if used in a
	condition.  However, gcc still bugs about that, so I came up with
	another way how to fix that.
	Using static inline functions in the header won't collide with anything,
	it fixes the bug and does one thing that the macro didn't do.  It checks
	whenther passed variables are pointers of compatible type.  It has only
	one downside, and that is that we need to either a) define it with
	ATTRIBUTE_UNUSED, which needs an exception in cfg.mk or b) do something
	like ignore_value(variable); in the function body.  I went with the
	first variant.

2015-05-13  Ján Tomko  <jtomko@redhat.com>

	Assign virtio-serial addresses after coldplugging a device
	Otherwise we might allow coldplugging a device
	that uses an address that is already occupied, creating
	an unstartable domain.
	https://bugzilla.redhat.com/show_bug.cgi?id=1220195

2015-05-13  Pavel Hrdina  <phrdina@redhat.com>

	qemu: vnc: error out for invalid port number
	In the XML we have the vnc port number, but QEMU takes on command line
	a vnc screen number, it's port-5900.  We should fail with error message
	that only ports in range [5900,65535] are valid.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1164966

2015-05-13  Michal Privoznik  <mprivozn@redhat.com>

	virSysinfoParseProcessor: Drop useless check for NULL
	VIR_STRDUP plays nicely with NULLs. Theres no need to guard its
	call with check for non-NULL.

2015-05-13  Jim Fehlig  <jfehlig@suse.com>

	libxl: support VNC passwd
	While implementing support for SPICE, I noticed VNC passwd was
	never copied to libxl_device_vfb's vnc.passwd field.

2015-05-13  John Ferlan  <jferlan@redhat.com>

	conf: Remove source host name check for iSCSI
	https://bugzilla.redhat.com/show_bug.cgi?id=1171984
	https://bugzilla.redhat.com/show_bug.cgi?id=1188463
	Remove the check for the source host name for iSCSI source XML processing
	declaring duplicate sources when the source device path and if present the
	initiator of a proposed storage pool matches an existing storage pool.
	The backend iSCSI storage driver uses 'iscsiadm --mode session' to query
	available iscsid target sessions. The output displayed is the IP address
	and the IQN (target path) of known targets. The displayed IP address
	is a resolved address based on the session --login. Additionally, iscsid
	keeps track of the various ways to define the host name (IPv4 Address,
	IPv6 Address, /etc/hosts, etc.) for that IQN (see output of an 'iscsiadm
	--mode node'). If an incoming IQN matches and the host name provided by
	libvirt is resolved to the existing IQN, then iscsid will "reuse" the
	session. Although libvirt could do the same name resolution, if there
	is a difference, iscsid could still declare two seemingly different sources
	to be the same and not create a new session which means libvirt now has
	two storage pools looking at the same source. Thus to avoid any strange
	host name resolution issues, just rely on iscsid for that and do not
	allow multiple pools on the same host to use the same device path (IQN).

	conf: Adjust duplicate source host port check
	Only perform the port number check if the incoming definition actually
	provides it. Since the port number is optional we could erroneously pass
	a duplicate source host check since some storage pool backends which fill
	in the default port number (e.g., iSCSI and sheepdog) for the started pool.

2015-05-12  Luyao Huang  <lhuang@redhat.com>

	qemu: fix double free when RNG cold-plug fails
	https://bugzilla.redhat.com/show_bug.cgi?id=1220809
	When cold-plugging an RNG device but something fails in
	qemuDomainAssignAddresses, we will double free the RNG device.
	Once a device is plugged into the domain, we should set the
	device pointer to NULL to fix this issue.
	...
	5  0x00007fb7d180ac8a in virFree at util/viralloc.c:582
	6  0x00007fb7d1895cdd in virDomainRNGDefFree at conf/domain_conf.c:19786
	7  0x00007fb7d1895d99 in virDomainDeviceDefFree at conf/domain_conf.c:2022
	8  0x00007fb7b92b8baf in qemuDomainAttachDeviceFlags at qemu/qemu_driver.c:8785
	9  0x00007fb7d190c5d7 in virDomainAttachDeviceFlags at libvirt-domain.c:8488
	10 0x00007fb7d23af9d2 in remoteDispatchDomainAttachDeviceFlags at remote_dispatch.h:2842
	...

2015-05-12  Peter Krempa  <pkrempa@redhat.com>

	daemon: Suppress logging of VIR_ERR_NO_DOMAIN_METADATA
	Similarly to other error codes that notify the user that the object does
	not exist lower the priority of VIR_ERR_NO_DOMAIN_METADATA to
	VIR_LOG_DEBUG when writing the log entry.

2015-05-12  Pavel Hrdina  <phrdina@redhat.com>

	conf_capabilities: fix wrong indentation

	XML: escape strings where we should do it
	There is a lot of places, were it's pretty easy for user to enter some
	characters that we need to escape to create a valid XML description.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1197580

2015-05-12  Richard W.M. Jones  <rjones@redhat.com>

	Document that virNodeGetInfo can return mhz == 0.
	On the s/390x architecture, libvirt may already return 0 in the
	node_info->mhz field (see src/nodeinfo.c:linuxNodeInfoCPUPopulate).
	We may also want to return this on aarch64 in future, because
	calculating the proper value requires SMBIOS, which is not available
	on non-server-class systems (specifically on systems which don't
	adhere to the SBSA standard).
	Therefore this change documents the existing behaviour and provides a
	valid path for aarch64.
	Bug-URL: https://bugzilla.redhat.com/1206353

2015-05-12  Michal Privoznik  <mprivozn@redhat.com>

	libvirt-guests: Initialize SYNC_TIME
	https://bugzilla.redhat.com/show_bug.cgi?id=1191227
	Since 0fa15b19 we have this variable SYNC_TIME which allows users to
	synchronize time on domain resume. However, despite what documentation
	says, it's by default on because it's never initialized. Fix this by
	setting it to zero at the beginning of the libvirt-guests script.

2015-05-12  Laine Stump  <laine@laine.org>

	qemu: eliminate duplicated code in qemuBuildDriveDevStr()
	The code to add device type to the commandline was identical for lsi
	and other models of SCSI controllers, but was duplicated (with the
	exception of a minor ordering difference of the if-else clauses) for
	the two cases. This patch replaces those two with a single instance of
	the code just before the if().

	qemu: use qemuDomainMachineIsI440FX() in appropriate place
	This patch makes qemuValideDevicePCISlotsChipsets() more consistent in
	appearance by replacing several clauses of an if with the equivalent
	call to qemuDomainMachineIsI440FX. The if was checking exactly the
	same items, just in a slightly different order.

2015-05-12  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	maint: extend PIE support check
	GCC installed from FreeBSD ports doesn't support building PIE executables
	and fails with:
	/usr/local/bin/ld: /usr/lib/crt1.o: relocation R_X86_64_32 against
	`_DYNAMIC' can not be used when making a shared object; recompile with
	-fPIC
	/usr/lib/crt1.o: error adding symbols: Bad value
	collect2: error: ld returned 1 exit status
	However, the configure check for '-fPIC -DPIC' doesn't catch that. In
	order to catch this case, add '-pie' to CFLAGS in m4/virt-compile-pie.m4
	so it could detect lack of PIE support on configure time and don't fail
	the build.

	bhyve: fix bhyvexml2argvtest build with gcc
	gcc5 reports an error like this:
	bhyvexml2argvtest.c: In function 'testCompareXMLToArgvFiles':
	bhyvexml2argvtest.c:24:18: error: variable 'vm' set but not used
	[-Werror=unused-but-set-variable]
	     virDomainObj vm;
	                  ^
	cc1: all warnings being treated as errors
	Fix by dropping this variable.

2015-05-11  Luyao Huang  <lhuang@redhat.com>

	conf: Report error for unknown shmem ioeventfd value
	https://bugzilla.redhat.com/show_bug.cgi?id=1220265
	Passing the return value to an enum directly is not safe.  Fix this by
	comparing the true integer result of virTristateSwitchTypeFromString().

2015-05-11  Ján Tomko  <jtomko@redhat.com>

	Ignore bridge template names with multiple printf conversions
	For some reason, we allow a bridge name with %d in it, which we replace
	with an unsigned integer to form a bridge name that does not yet exist
	on the host.
	Do not blindly pass it to virAsprintf if it's not the only conversion,
	to prevent crashing on input like:
	<network>
	  <name>test</name>
	  <forward mode='none'/>
	  <bridge name='virbr%d%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s'/>
	</network>
	Ignore any template strings that do not have exactly one %d conversion,
	like we do in various drivers before calling virNetDevTapCreateInBridgePort.

2015-05-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix balloon size handling with memory hot(un)plug
	Since libvirt doesn't call to update the new balloon size in qemu add
	code that will handle tweaking of the size of the current balloon
	statistic until qemu reports the new size using the event.

	conf: Fix up balloon size after removing a memory device from def
	To avoid having the ballooned memory size larger than the actual
	physical memory size, truncate the ballooned size if it overflows.

	conf: Always truncate balloon size to maximum memory size
	Specifying a balloon size more than the memory size of a guest isn't
	something that should be rejected when parsing the XML. Truncate the
	size to the maximum memory size.

	qemu: Convert qemuConnectGetAllDomainStats to use new helpers
	Use the new domain list collection helpers to avoid going through
	virDomainPtrs.
	This additionally implements filter capability when called through the
	api that accepts domain list filters.

	conf: Add helper to convert list of virDomains to a list of virDomainObjs
	Add virDomainObjListConvert that will take a list of virDomains, apply
	filters and return a list of virDomainObjs.

	conf: Refactor domain list collection critical section
	Until now the virDomainListAllDomains API would lock the domain list and
	then every single domain object to access and filter it. This would
	potentially allow a unresponsive VM to block the whole daemon if a
	*listAllDomains call would get stuck.
	To avoid this problem this patch collects a list of referenced domain
	objects first from the list and then unlocks it right away. The
	expensive operation requiring locking of the domain object is executed
	after the list lock is dropped. While a single blocked domain will still
	lock up a listAllDomains call, the domain list won't be held locked and
	thus other APIs won't be blocked.
	Additionally this patch also fixes the lookup code, where we'd ignore
	the vm->removing flag and thus potentially return domain objects that
	would be deleted very soon so calling any API wouldn't make sense.
	As other clients also could benefit from operating on a list of domain
	objects rather than the public domain descriptors a new intermediate
	API - virDomainObjListCollect - is introduced by this patch.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1181074

	conf: Rename virDomainObjListFilter type to virDomainObjListACLFilter
	The passed function is meant to filter domains according to ACL match.

	conf: Extract code to filter domain list into a separate function
	Separate the code to simplify future refactors.

	util: Make the virDomainListFree helper more universal
	Extend it to a universal helper used for clearing lists of any objects.
	Note that the argument type is specifically void * to allow implicit
	typecasting.
	Additionally add a helper that works on non-NULL terminated arrays once
	we know the length.

2015-05-08  Cole Robinson  <crobinso@redhat.com>

	caps: Fix regression defaulting to host arch
	My commit 747761a79 (v1.2.15 only) dropped this bit of logic when filling
	in a default arch in the XML:
	-    /* First try to find one matching host arch */
	-    for (i = 0; i < caps->nguests; i++) {
	-        if (caps->guests[i]->ostype == ostype) {
	-            for (j = 0; j < caps->guests[i]->arch.ndomains; j++) {
	-                if (caps->guests[i]->arch.domains[j]->type == domain &&
	-                    caps->guests[i]->arch.id == caps->host.arch)
	-                    return caps->guests[i]->arch.id;
	-            }
	-        }
	-    }
	That attempt to match host.arch is important, otherwise we end up
	defaulting to i686 on x86_64 host for KVM, which is not intended.
	Duplicate it in the centralized CapsLookup function.
	Additionally add some testcases that would have caught this.
	https://bugzilla.redhat.com/show_bug.cgi?id=1219191

2015-05-07  Cole Robinson  <crobinso@redhat.com>

	tests: Remove redundant aarch64 tests
	My commit 7b9de914 added some aarch64 CPU test cases. I wanted to test
	two different code paths but inadvertently added two of the same test
	cases.
	The second code path (using <cpu><model>host</model</cpu>) isn't easily
	exercised via the qemu tests anyways, I'll need to look elsewhere.
	Regardless, remove the redundant tests for now

2015-05-07  Michal Privoznik  <mprivozn@redhat.com>

	processSerialChangedEvent: Close agent monitor early
	https://bugzilla.redhat.com/show_bug.cgi?id=890648
	So, imagine you've issued an API that involves guest agent. For
	instance, you want to query guest's IP addresses. So the API acquires
	QUERY_JOB, locks the guest agent and issues the agent command.
	However, for some reason, guest agent replies to initial ping
	correctly, but then crashes tragically while executing real command
	(in this case guest-network-get-interfaces). Since initial ping went
	well, libvirt thinks guest agent is accessible and awaits reply to the
	real command. But it will never come. What will is a monitor event.
	Our handler (processSerialChangedEvent) will try to acquire
	MODIFY_JOB, which will fail obviously because the other thread that's
	executing the API already holds a job. So the event handler exits
	early, and the QUERY_JOB is never released nor ended.
	The way how to solve this is to put flag somewhere in the monitor
	internals. The flag is called @running and agent commands are issued
	iff the flag is set. The flag itself is set when we connect to the
	agent socket. And unset whenever we see DISCONNECT event from the
	agent. Moreover, we must wake up all the threads waiting for the
	agent. This is done by signalizing the condition they're waiting on.

	qemuDomainShutdownFlags: check for domain activeness prior to guest presence
	Running shutdown with mode agent on a shutoff domain gives cryptic
	error message:
	    virsh # shutdown --mode agent gentoo
	    error: Failed to shutdown domain gentoo
	    error: Guest agent is not responding: QEMU guest agent is not connected
	After this patch, the error is more clear:
	    virsh # shutdown --mode agent gentoo
	    error: Failed to shutdown domain gentoo
	    error: Requested operation is not valid: domain is not running
	Reported-by: Martin Kletzander <mkletzan@redhat.com>

2015-05-07  Lubomir Rintel  <lkundrak@v3.sk>

	lxc: don't up the veth interfaces unless explicitly asked to
	Upping an interface for no reason and not configuring it is a cardinal sin.
	With the default addrgenmode if eui64 it sticks a link-local address to the
	interface. That is not good, as NetworkManager would see an address configured,
	assume the interface is already configured and won't touch it iself and the
	interface might stay unconfigured until the end of the days.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1124721

2015-05-06  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: multiqueue for ccw devices
	Allow ccw devices to be used with multiqueues. ccw provides a one to
	one relation of fds to queues and does not support the vectors option.
	Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
	Reviewed-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com>
	Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>

2015-05-06  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity FORWARD_NULL
	Coverity points out that qemuMonitorGetAllBlockStatsInfo could return a
	-1 and thus not fill in 'stats' (leaving it NULL). Then the call to
	qemuMonitorBlockStatsUpdateCapacity will dereference it.

	qemu: Resolve Coverity FORWARD_NULL
	Coverity complains over the [n]values pairing in virQEMUCapsFreeStringList
	and rather than make a bunch if "if values" checks prior to calling, by
	just adding the values check inside the free function we avoid the chance
	that somehow nvalues is > 0, while values == NULL

	qemu: Resolve Coverity FORWARD_NULL
	Coverity points out it was possible to have a zero return from
	qemuBuildRNGBackendProps thus not filling in 'props' and then
	causing a NULL dereference on the next call.

	xen: Resolve Coverity FORWARD_NULL
	Coverity found that xenXMConfigCacheAddFile has an error path in which
	no error message and a -1 was not returned which could have resulted in
	a NULL dereference in a VIR_DEBUG statement and of course an erroneous
	0 value returned!

	qemu: Resolve Coverity FORWARD_NULL
	Coverity notes that ->ifname is used after the VIR_FREE done in the
	code path after the call to virNetDevMacVLanDeleteWithVPortProfile
	by a call to virNetDevOpenvswitchRemovePort.
	Since the ->ifname will be VIR_FREE()'d eventually in virDomainNetDefFree
	just remove the extraneous VIR_FREE here.
	When originally added, the Openvswitch code wasn't present and checks
	were made for non NULL prior to use.

	qemu: Resolve Coverity IDENTICAL_BRANCHES
	Coverity complains that in the error paths both the < 0 condition and
	the success path after the qemuDomainObjExitMonitor failure will end
	up going to cleanup.  So just use ignore_value in this error path to
	resolve the complaint.

	vbox: Resolve Coverity RESOURCE_LEAK
	If the virStringSearch() returns a 0 (zero), then each of the uses
	of the call will just jump to cleanup forgetting to free the returned
	empty list. Expand the scope a bit of each use and free at cleanup.

	libxl: Resolve Coverity RESOURCE_LEAK
	The returned socks from virNetSocketNewListenTCP needs to be VIR_FREE'd
	as well as seach of the Close/Unref on all the socks[i] that is
	already done

2015-05-05  Jim Fehlig  <jfehlig@suse.com>

	libxl: support soundhw for hvm domains
	The xend driver and the parsing/formating code in src/xenconfig
	have long supported soundhw.  Add support in the libxl driver too.

	libxl: add logrotate config file
	Add logrotate config for log files in /var/log/libvirt/libxl.

2015-05-05  Luyao Huang  <lhuang@redhat.com>

	docs: fix a small xml error in docs

	conf: Add the cpu duplicate use check for vm numa settings
	https://bugzilla.redhat.com/show_bug.cgi?id=1176020
	We had a check for the vcpu count total number in <numa>
	before, however this check is not good enough. There are
	some examples:
	1. one of cpu id is out of maxvcpus, can set success(cpu count = 5 < 10):
	<vcpu placement='static'>10</vcpu>
	<cell id='0' cpus='0-3,100' memory='512000' unit='KiB'/>
	2. use the same cpu in 2 cell, can set success(cpu count = 8 < 10):
	<vcpu placement='static'>10</vcpu>
	<cell id='0' cpus='0-3' memory='512000' unit='KiB'/>
	<cell id='1' cpus='0-3' memory='512000' unit='KiB'/>
	3. use the same cpu in 2 cell, cannot set success(cpu count = 11 > 10):
	<vcpu placement='static'>10</vcpu>
	<cell id='0' cpus='0-6' memory='512000' unit='KiB'/>
	<cell id='1' cpus='0-3' memory='512000' unit='KiB'/>
	Add a check for numa cpus, check if duplicate use one cpu in more
	than one cell.

2015-05-05  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement GIC
	The only version that's supported in QEMU is version 2, currently.
	Fortunately, it is enabled by aarch64 automatically, so there's
	nothing for us that needs to be put onto command line.

	Introduce GIC feature
	Some platforms, like aarch64, don't have APIC but GIC. So there's
	no reason to have <apic/> feature turned on. However, we are
	still missing <gic/> feature. This commit introduces the feature
	to XML parser and formatter, adds documentation and updates RNG
	schema.

2015-05-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Properly rename persistent def after migration
	When migrating a domain while changing its name and using
	VIR_MIGRATE_PERSIST_DEST flag, libvirt would fail to properly change the
	name in the persistent definition. The inconsistency results in weird
	behavior when dumping domain XML, destroying the domain, restarting
	libvirtd and likely in several other situations.
	Since the new name is already stored in vm->def->name, we just need to
	make sure the persistent definition uses this new name too.
	https://bugzilla.redhat.com/show_bug.cgi?id=1076354

2015-05-05  Cole Robinson  <crobinso@redhat.com>

	polkit: Allow password-less access for 'libvirt' group
	Many users, who admin their own machines, want to be able to access
	system libvirtd via tools like virt-manager without having to enter
	a root password. Just google 'virt-manager without password' and
	you'll find many hits. I've read at least 5 blog posts over the years
	describing slightly different ways of achieving this goal.
	Let's finally add official support for this.
	Install a polkit-1 rules file granting password-less auth for any user
	in the new 'libvirt' group. Create the group on RPM install
	https://bugzilla.redhat.com/show_bug.cgi?id=957300

	storage: fs: Don't try to chown directory unless user requested
	Currently we try to chown any directory passed to virDirCreate,
	even if the user didn't request any explicit owner/group via the
	pool/vol XML.
	This causes issues with qemu:///session: try to build a pool of
	a root owned directory like /tmp, and it fails trying to chown the
	directory to the session user. Instead it should just leave things
	as they are, unless the user requests changing permissions via
	the pool XML.
	Similarly this is annoying if creating a storage pool via system
	libvirtd of an existing directory in user $HOME, it's now owned
	by root.
	The virDirCreate function is pretty convoluted, since it needs to
	fork off in certain specific cases. Try to document that, to make
	it clear where exactly we are changing behavior.

	storage: fs: Don't attempt directory creation if it already exists
	The current code attempts to handle this, but it only catches mkdir
	failing with EEXIST. However if say trying to build /tmp for an
	unprivileged qemu:///session, mkdir will fail with EPERM.
	Rather than catch any errors, just don't attempt mkdir if the directory
	already exists.

	storage: fs: Fill in permissions on pool refresh
	This means pool XML actually reports accurate user/group/mode/label.
	This uses UpdateVolTargetInfoFD in a bit of a hackish way, but it works

	storage: fs: Don't overwrite virDirCreate error
	virDirCreate will give us fine grained details about what actually failed.

2015-05-04  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Don't check migrate parameters
	Just pass anything a user specified to the appropriate API. It's the API
	or libvirtd that should be responsible for checking its parameters.
	https://bugzilla.redhat.com/show_bug.cgi?id=1066375
	https://bugzilla.redhat.com/show_bug.cgi?id=1073233

	qemu: Forbid unsupported parameters for tunnelled migration
	Neither migrate URI nor lister address make any sense for tunnelled
	migration.
	https://bugzilla.redhat.com/show_bug.cgi?id=1066375
	https://bugzilla.redhat.com/show_bug.cgi?id=1073233

2015-05-04  Andrea Bolognani  <abologna@redhat.com>

	tests: Fix grammar in comments.
	Replace all occurrences of "stream write to differences to"
	with "stream to write differences to".

2015-05-04  Marc-André Lureau  <marcandre.lureau@gmail.com>

	tests: add machine vmport qemu test
	Check that the vmport feature is correctly used in qemu commande line.

	qemu: add machine vmport argument
	Fill qemu command line vmport argument as required.

	qemu: add virQEMUCapsSupportsVmport
	The vmport machine argument works with pc machine kind, not with xen for
	example.

	qemu: move qemuDomainMachineIs{I440FX,Q35}
	Move common functions being used by the following
	virQEMUCapsSupportsVmport commit.

	qemu: add QEMU_CAPS_MACHINE_VMPORT_OPT
	Set the capability based on qmp query, or qemu version.  The qmp query
	includes vmport with 2.2, but no longer with 2.3. It lists only
	non-machine specific capabilities, so check the qemu version too until a
	machine-specific query is supported.

	domain/conf: add VIR_DOMAIN_FEATURE_VMPORT

	docs: add domain vmport feature
	A new feature that can be turned on or off.
	The QEMU machine vmport option allows to set the VMWare IO port
	emulation. This emulation is useful for absolute pointer input when the
	guest has vmware input drivers, and is enabled by default for kvm.
	However it is unnecessary for Spice-enabled VM, since the agent already
	handles absolute pointer and multi-monitors. Furthermore, it prevents
	Spice from switching to relative input since the regular ps/2 pointer
	driver is replaced by the vmware driver. It is thus advised to disable
	vmport when using a Spice VM. This will permit the Spice client to
	switch from absolute to relative pointer, as it may be required for
	certain games or applications.

2015-05-04  Jiri Denemark  <jdenemar@redhat.com>

	Bump version to 1.2.16 for new dev cycle

2015-05-04  Luyao Huang  <lhuang@redhat.com>

	qemu: fix the vm deadlock when deleting a nonexistent iothread
	https://bugzilla.redhat.com/show_bug.cgi?id=1218145
	Jump to endjob instead of cleanup to fix this deadlock.

	tools: fix the wrong check when use virsh setvcpus --maximum
	The --maximum option wasn't properly parsed and the equivalent flag
	wasn't set.  Fix this bug and also rewrite the way we check this option
	by using new macro.  The new approach is that --maximum requires
	--config, no other combination is allowed, because they don't make sense.
	The new error will be:
	 # virsh setvcpus test --maximum 10
	 error: Option --config is required by option --maximum
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1204033

2015-05-04  Pavel Hrdina  <phrdina@redhat.com>

	virsh: introduce new macros to help check flag requirements

	qemu: use new macros for setvcpus to check flags and cleanup the code
	Now that we have macros for exclusive flags and flag requirements we can
	use them to cleanup the code for setvcpus and error out for all wrong
	flag combination.

	use new macro helpers to check flag requirements

	use new macro helpers to check exclusive flags

	internal: introduce macro helpers to check flag requirements
	Similar to VIR_EXLUSIVE_FLAGS, it will error out if flag requirement is
	not met.

	internal: introduce macro helpers to reject exclusive flags
	Inspired by commit 7e437ee7 that introduced similar macros for virsh
	commands so we don't have to repeat the same code all over.

2015-05-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.15
	- docs/news.html.in libvirt.spec.in: update for the release
	- po/*.po*: regenerated

2015-05-01  John Ferlan  <jferlan@redhat.com>

	qemu: Fix bus and lun checks when scsi-disk.channel not present
	Found by Laine and discussed a bit on internal IRC.
	Commit id c56fe7f1d6 added support for creating a command line to support
	scsi-disk.channel.
	Series was here:
	http://www.redhat.com/archives/libvir-list/2012-February/msg01052.html
	Which pointed to a design proposal here:
	http://permalink.gmane.org/gmane.comp.emulators.libvirt/50428
	Which states (in part):
	Libvirt should check for the QEMU "scsi-disk.channel" property.  If it
	is unavailable, QEMU will only support channel=lun=0 and 0<=target<=7.
	However, the check added was ensuring that bus != lun *and* bus != 0. So
	if bus == lun and both were non zero, we'd never make the second check.
	Changing this to an *or* check fixes the check, but still is less readable
	than the just checking each for 0

2015-05-01  Pavel Hrdina  <phrdina@redhat.com>

	main: add new generated files to .gitignore
	This means new libxl-lockd.conf and libxl-sanlock.conf

2015-04-30  Pavel Hrdina  <phrdina@redhat.com>

	rpm-build: update %files section for libxl
	Recent commit 198cc1d3 introduced integration of lockd and sanlock into
	libxl, but forget to update libvirt.spec.in to also list new files
	distributed via package.

2015-04-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockjob: Call qemuDomainSupportsBlockJobs only on online VMs
	Since the qemu capabilities are not initialized for offline VMs the
	caller might get suboptimal error message:
	$ virsh blockjob VM PATH --bandwidth 1
	error: unsupported configuration: block jobs not supported with this QEMU binary
	Move the checks after we make sure that the VM is alive.

2015-04-30  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Check address type for USB disks
	Only USB addresses are allowed for USB disks. Report an error if another
	address is configured.
	https://bugzilla.redhat.com/show_bug.cgi?id=1043436

	cpu: Honor vendor_id override in host-model
	https://bugzilla.redhat.com/show_bug.cgi?id=858147

2015-04-30  Ján Tomko  <jtomko@redhat.com>

	iscsi: do not fail to stop a stopped pool
	Just as we allow stopping filesystem pools when they were unmounted
	externally, do not fail to stop an iscsi pool when someone else
	closed the session externally.
	Reported at:
	https://bugzilla.redhat.com/show_bug.cgi?id=1171984

2015-04-30  Jim Fehlig  <jfehlig@suse.com>

	libxl: provide integration with lock manager
	Provide integration with libvirt's lock manager in the libxl driver.

2015-04-29  Cole Robinson  <crobinso@redhat.com>

	domain: conf: Drop unused OSTYPE_AIX
	The phyp driver stuffed it into a DomainDefPtr during its attachdevice
	routine, but the value is never advertised via capabilities so it should
	be safe to drop.
	Have the phyp driver use OSTYPE_LINUX, which is what it advertises via
	capabilities.

2015-04-29  Michael Chapman  <mike@very.puzzling.org>

	qemu: migration: use sync block job helpers
	In qemuMigrationDriveMirror we can start all disk mirrors in parallel.
	We wait until they are all ready, or one of them aborts.
	In qemuMigrationCancelDriveMirror, we wait until all mirrors are
	properly stopped. This is necessary to ensure that destination VM is
	fully in sync with the (paused) source VM.
	If a drive mirror can not be cancelled, then the destination is not in a
	consistent state. In this case it is not safe to continue with the
	migration.

	qemuDomainBlockJobAbort: use sync block job helpers
	The !modern code path needs to call qemuBlockJobEventProcess directly.
	the modern code path will call it via qemuBlockJobSyncWait.

	qemuProcessStop: wake up pending sync block jobs
	Other threads may be blocked in qemuBlockJobSyncWait. Ensure that
	they're woken up when the domain is stopped.

	qemuBlockJobSync*: introduce sync block job helpers
	qemuBlockJobSyncBegin and qemuBlockJobSyncEnd delimit a region of code
	where block job events are processed "synchronously".
	qemuBlockJobSyncWait and qemuBlockJobSyncWaitWithTimeout wait for an
	event generated by a block job.
	The Wait* functions may be called multiple times while the synchronous
	block job is active. Any pending block job event will be processed by
	only when Wait* or End is called.  disk->blockJobStatus is reset by
	these functions, so if it is needed a pointer to a
	virConnectDomainEventBlockJobStatus variable should be passed as the
	last argument. It is safe to pass NULL if you do not care about the
	block job status.
	All functions assume the VM object is locked. The Wait* functions will
	unlock the object for as long as they are waiting. They will return -1
	and report an error if the domain exits before an event is received.
	Typical use is as follows:
	  virQEMUDriverPtr driver;
	  virDomainObjPtr vm; /* locked */
	  virDomainDiskDefPtr disk;
	  virConnectDomainEventBlockJobStatus status;
	  qemuBlockJobSyncBegin(disk);
	  ... start block job ...
	  if (qemuBlockJobSyncWait(driver, vm, disk, &status) < 0) {
	      /* domain died while waiting for event */
	      ret = -1;
	      goto error;
	  }
	  ... possibly start other block jobs
	      or wait for further events ...
	  qemuBlockJobSyncEnd(driver, vm, disk, NULL);
	To perform other tasks periodically while waiting for an event:
	  virQEMUDriverPtr driver;
	  virDomainObjPtr vm; /* locked */
	  virDomainDiskDefPtr disk;
	  virConnectDomainEventBlockJobStatus status;
	  unsigned long long timeout = 500 * 1000ull; /* milliseconds */
	  qemuBlockJobSyncBegin(disk);
	  ... start block job ...
	  do {
	      ... do other task ...
	      if (qemuBlockJobSyncWaitWithTimeout(driver, vm, disk,
	                                          timeout, &status) < 0) {
	          /* domain died while waiting for event */
	          ret = -1;
	          goto error;
	      }
	  } while (status == -1);
	  qemuBlockJobSyncEnd(driver, vm, disk, NULL);

	qemuBlockJobEventProcess: move to new source file
	We will want to use synchronous block jobs from qemu_migration as well,
	so split this function out into a new source file.

2015-04-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: Validate available slot count for memory devices
	While qemu would reject the configuration we can check whether it makes
	sense to plug the device upfront.

	qemu: command: Validate that memory devices slot ID is in range
	slot id, if specified, has to be less than the slots count.

	qemu: conf: Reject memory device if it would exceed configured max size
	If the added memory device would exceed the maximum memory size, reject
	it.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1216046

	qemu: blockCopy: Allow reuse of raw image for shallow block copy
	The documentation states that for shallow block copy the image has to
	have the same guest visible content as backing file of the current
	image if the file is being reused. This condition can be achieved also
	with a raw file (or a qcow without a backing file) so remove the
	condition that would disallow it.
	(This patch additionally fixes crash described in
	 https://bugzilla.redhat.com/show_bug.cgi?id=1215569 )

2015-04-29  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: implement domainDetachDevice and domainDetachDeviceFlags
	New functions utilize previosly added prlsdkDelDisk and prlsdkGetDiskIndex

2015-04-28  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: add prlsdkDelDisk and prlsdkGetDiskIndex functions

2015-04-28  Martin Kletzander  <mkletzan@redhat.com>

	Fix building virnetserverclientmock with MinGW

2015-04-28  Zhang Bo  <oscar.zhangbo@huawei.com>

	tests: free ChardevInfo correctly in qemumonitorjsontest
	The free callback should be qemuMonitorChardevInfoFree rather
	than just 'free' when virHashCreate'ing the chardevInfo hash.
	==29959== 24 bytes in 2 blocks are definitely lost in loss record 19 of 53
	==29959==    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==29959==    by 0xB95C679: strdup (in /lib64/libc-2.20.so)
	==29959==    by 0x63C6546: virStrdup (virstring.c:709)
	==29959==    by 0x4805ED: qemuMonitorJSONExtractChardevInfo (qemu_monitor_json.c:3429)
	==29959==    by 0x4807A5: qemuMonitorJSONGetChardevInfo (qemu_monitor_json.c:3479)
	==29959==    by 0x434AEC: testQemuMonitorJSONqemuMonitorJSONGetChardevInfo (qemumonitorjsontest.c:1824)
	==29959==    by 0x436F2F: virtTestRun (testutils.c:211)
	==29959==    by 0x436932: mymain (qemumonitorjsontest.c:2404)
	==29959==    by 0x4382EA: virtTestMain (testutils.c:863)
	==29959==    by 0x436B27: main (qemumonitorjsontest.c:2423)

	qemu: make qemuMonitorChardevInfoFree non-static
	It would be used in qemumonitorjsontest, thus we make it non-static.

2015-04-28  Cole Robinson  <crobinso@redhat.com>

	storage: fs: Ignore volumes that fail to open with EACCESS/EPERM
	Trying to use qemu:///session to create a storage pool pointing at
	/tmp will usually fail with something like:
	$ virsh pool-start tmp
	error: Failed to start pool tmp
	error: cannot open volume '/tmp/systemd-private-c38cf0418d7a4734a66a8175996c384f-colord.service-kEyiTA': Permission denied
	If any volume in an FS pool can't be opened by the daemon, the refresh
	fails, and the pool can't be used.
	This causes pain for virt-install/virt-manager though. Imaging a user
	downloads a disk image to /tmp. virt-manager wants to import /tmp as
	a storage pool, so we can detect what disk format it is, and set the
	XML correctly. However this case will likely fail as explained above.
	Change the logic here to skip volumes that fail to open. This could
	conceivably cause user complaints along the lines of 'why doesn't
	libvirt show $ROOT-OWNED-VOLUME-FOO', but figuring that currently
	the pool won't even startup, I don't think there are any current
	users that care about that case.
	https://bugzilla.redhat.com/show_bug.cgi?id=1103308

	storage: If driver startup state syncing fails, delete statefile
	If you end up with a state file for a pool that no longer starts up
	or refreshes correctly, the state file is never removed and adds
	noise to the logs everytime libvirtd is started.
	If the initial state syncing fails, delete the statefile.

	storage: Break out storageDriverLoadPoolState
	Will simplify a future patch

	storage: Don't leave stale state file if pool startup fails
	After pool startup we call refreshPool(). If that fails, we leave
	a stale pool state file hanging around.
	Hit this trying to create a pool with qemu:///session containing
	root owned files.

	storage: Fix autostart dir for qemu:///session

2015-04-28  John Ferlan  <jferlan@redhat.com>

	qemu: Remove need for qemuMonitorIOThreadInfoFree
	Replace with just VIR_FREE.

	qemu: qemuProcessDetectIOThreadPIDs invert checks
	If we received zero iothreads from the monitor, but were perhaps
	expecting to receive something, then the code was skipping the check
	to ensure what's in the monitor matches our expectations.  So invert
	the checks to check that what we get back matches expectations and
	then check there are zero iothreads returned.

	qemu: Remove need for qemuDomainParseIOThreadAlias
	Rather than have a separate routine to parse the alias of an iothread
	returned from qemu in order to get the iothread_id value, parse the alias
	when returning and just return the iothread_id in qemuMonitorIOThreadInfoPtr
	This set of patches removes the function, changes the "char *name" to
	"unsigned int" and handles all the fallout.

	conf: Resolve some Coverity errors
	Resolve some Coverity errors with IOThread changes

2015-04-28  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	conf: explicitly initialize 'cpumask' variable
	Build with clang fails with:
	  CC       conf/libvirt_conf_la-domain_conf.lo
	  conf/domain_conf.c:13377:9: error: variable 'cpumask' is used
	  uninitialized whenever 'if' condition is true
	  [-Werror,-Wsometimes-uninitialized]
	      if (!(tmp = virXMLPropString(node, "cpuset"))) {
	                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	and many other similar errors regarding the 'cpuset' variable.
	Fix by explicitly initializing it with NULL.

2015-04-28  Laine Stump  <laine@laine.org>

	network: check newDef for used bridge names in addition to def
	If someone has updated a network to change its bridge name, but the
	network is still active (so that bridge name hasn't taken effect yet),
	we still want to disallow another network from taking that new name.

	network: check for bridge name conflict with existing devices
	Since some people use the same naming convention as libvirt for bridge
	devices they create outside the context of libvirt, it is much nicer
	if we check for those devices when looking for a bridge device name to
	auto-assign to a new network.

	network: move auto-assign of bridge name from XML parser to net driver
	We already check that any auto-assigned bridge device name for a
	virtual network (e.g. "virbr1") doesn't conflict with the bridge name
	for any existing libvirt network (via virNetworkSetBridgeName() in
	conf/network_conf.c).
	We also want to check that the name doesn't conflict with any bridge
	device created on the host system outside the control of libvirt
	(history: possibly due to the ploriferation of references to libvirt's
	bridge devices in HOWTO documents all around the web, it is not
	uncommon for an admin to manually create a bridge in their host's
	system network config and name it "virbrX"). To add such a check to
	virNetworkBridgeInUse() (which is called by virNetworkSetBridgeName())
	we would have to call virNetDevExists() (from util/virnetdev.c); this
	function calls ioctl(SIOCGIFFLAGS), which everyone on the mailing list
	agreed should not be done from an XML parsing function in the conf
	directory.
	To remedy that problem, this patch removes virNetworkSetBridgeName()
	from conf/network_conf.c and puts an identically functioning
	networkBridgeNameValidate() in network/bridge_driver.c (because it's
	reasonable for the bridge driver to call virNetDevExists(), although
	we don't do that yet because I wanted this patch to have as close to 0
	effect on function as possible).
	There are a couple of inevitable changes though:
	1) We no longer check the bridge name during
	   virNetworkLoadConfig(). Close examination of the code shows that
	   this wasn't necessary anyway - the only *correct* way to get XML
	   into the config files is via networkDefine(), and networkDefine()
	   will always call networkValidate(), which previously called
	   virNetworkSetBridgeName() (and now calls
	   networkBridgeNameValidate()). This means that the only way the
	   bridge name can be unset during virNetworkLoadConfig() is if
	   someone edited the config file on disk by hand (which we explicitly
	   prohibit).
	2) Just on the off chance that somebody *has* edited the file by hand,
	   rather than crashing when they try to start their malformed
	   network, a check for non-NULL bridge name has been added to
	   networkStartNetworkVirtual().
	   (For those wondering why I don't instead call
	   networkValidateBridgeName() there to set a bridge name if one
	   wasn't present - the problem is that during
	   networkStartNetworkVirtual(), the lock for the network being
	   started has already been acquired, but the lock for the network
	   list itself *has not* (because we aren't adding/removing a
	   network). But virNetworkBridgeInuse() iterates through *all*
	   networks (including this one) and locks each network as it is
	   checked for a duplicate entry; it is necessary to lock each network
	   even before checking if it is the designated "skip" network because
	   otherwise some other thread might acquire the list lock and delete
	   the very entry we're examining. In the end, permitting a setting of
	   the bridge name during network start would require that we lock the
	   entire network list during any networkStartNetwork(), which
	   eliminates a *lot* of parallelism that we've worked so hard to
	   achieve (it can make a huge difference during libvirtd startup). So
	   rather than try to adjust for someone playing against the rules, I
	   choose to instead give them the error they deserve.)
	3) virNetworkAllocateBridge() (now removed) would leak any "template"
	   string set as the bridge name. Its replacement
	   networkFindUnusedBridgeName() doesn't leak the template string - it
	   is properly freed.

	test: Fix actual vs. expected in virtTestCompareFiles
	Commit ca329299 added a utility function virtTestCompareFiles() to
	eliminate repetitive code in several test programs. It unfortunately
	calls virtTestDifference() with the arguments in the wrong order -
	strcontent is the "actual" output gathered by the test rig, while
	filecontent is the "expected", and virtTestDifference() wants expected
	(filecontent) followed by actual (strcontent), but
	virtTestCompareFiles() does the opposite, which can make the output a
	bit confusing when there is a failure.

2015-04-28  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity DEADCODE
	Coverity notes that the switch() used to check 'connected' values has
	two DEADCODE paths (_DEFAULT & _LAST).  Since 'connected' is a boolean
	it can only be one or the other (CONNECTED or DISCONNECTED), so it just
	seems pointless to use a switch to get "all" values.  Convert to if-else

	virsh: Add iothreadadd and iothreaddel commands
	https://bugzilla.redhat.com/show_bug.cgi?id=1161617
	Add command to allow adding and removing IOThreads from the domain including
	the configuration and live domain.
	$ virsh iothreadadd --help
	  NAME
	    iothreadadd - add an IOThread to the guest domain
	  SYNOPSIS
	    iothreadadd <domain> <id> [--config] [--live] [--current]
	  DESCRIPTION
	    Add an IOThread to the guest domain.
	  OPTIONS
	    [--domain] <string>  domain name, id or uuid
	    [--id] <number>  iothread for the new IOThread
	    --config         affect next boot
	    --live           affect running domain
	    --current        affect current domain
	$ virsh iothreaddel --help
	  NAME
	    iothreaddel - delete an IOThread from the guest domain
	  SYNOPSIS
	    iothreaddel <domain> <id> [--config] [--live] [--current]
	  DESCRIPTION
	    Delete an IOThread from the guest domain.
	  OPTIONS
	    [--domain] <string>  domain name, id or uuid
	    [--id] <number>  iothread_id for the IOThread to delete
	    --config         affect next boot
	    --live           affect running domain
	    --current        affect current domain
	Assuming a running $dom with multiple IOThreads assigned and that
	that the $dom has disks assigned to IOThread 1 and IOThread 2:
	$ virsh iothreadinfo $dom
	 IOThread ID     CPU Affinity
	 ---------------------------------------------------
	  1               2
	  2               3
	  3               0-1
	$ virsh iothreadadd $dom 1
	error: invalid argument: an IOThread is already using iothread_id '1' in iothreadpids
	$ virsh iothreadadd $dom 1 --config
	error: invalid argument: an IOThread is already using iothread_id '1' in persistent iothreadids
	$ virsh iothreadadd $dom 4
	$ virsh iothreadinfo $dom
	 IOThread ID     CPU Affinity
	 ---------------------------------------------------
	  1               2
	  2               3
	  3               0-1
	  4               0-3
	$ virsh iothreadinfo $dom --config
	 IOThread ID     CPU Affinity
	 ---------------------------------------------------
	  1               2
	  2               3
	  3               0-1
	$ virsh iothreadadd $dom 4 --config
	$ virsh iothreadinfo $dom --config
	 IOThread ID     CPU Affinity
	  ---------------------------------------------------
	    1               2
	    2               3
	    3               0-1
	    4               0-3
	Assuming the same original configuration
	$ virsh iothreaddel $dom 1
	error: invalid argument: cannot remove IOThread 1 since it is being used by disk 'vde'
	$ virsh iothreaddel $dom 3
	$ virsh iothreadinfo $dom
	 IOThread ID     CPU Affinity
	 ---------------------------------------------------
	  1               2
	  2               3
	$ virsh iothreadinfo $dom --config
	 IOThread ID     CPU Affinity
	 ---------------------------------------------------
	  1               2
	  2               3
	  3               0-1

	qemu: Add support to Add/Delete IOThreads
	Add qemuDomainAddIOThread and qemuDomainDelIOThread in order to add or
	remove an IOThread to/from the host either for live or config optoins
	The implementation for the 'live' option will use the iothreadpids list
	in order to make decision, while the 'config' option will use the
	iothreadids list.  Additionally, for deletion each may have to adjust
	the iothreadpin list.
	IOThreads are implemented by qmp objects, the code makes use of the existing
	qemuMonitorAddObject or qemuMonitorDelObject APIs.

	domain: Introduce virDomainIOThreadSchedDelId
	We're about to allow IOThreads to be deleted, but an iothreadid may be
	included in some domain thread sched, so add a new API to allow removing
	an iothread from some entry.
	Then during the writing of the threadsched data and an additional check
	to determine whether the bitmap is all clear before writing it out.

	remote: Add support for AddIOThread and DelIOThread
	Add remote support for the add/delete IOThread API's

	Implement virDomainAddIOThread and virDomainDelIOThread
	Add libvirt API's to manage adding and deleting IOThreads to/from the
	domain

	conf: Adjust the iothreadsched expectations
	With iothreadid's allowing any 'id' value for an iothread_id, the
	iothreadsched code needs a slight adjustment to allow for "any"
	unsigned int value in order to create the bitmap of ids that will
	have scheduler adjustments. Adjusted the doc description as well.

	Move iothreadspin information into iothreadids
	Remove the iothreadspin array from cputune and replace with a cpumask
	to be stored in the iothreadids list.
	Adjust the test output because our printing goes in order of the iothreadids
	list now.

	conf: Move virDomainPinIsDuplicate and make static
	Since it's only ever referenced in domain_conf.c, make the function
	static, but also will need to move it to somewhere before it's referenced
	rather than forward referencing it.

	qemu: Use domain iothreadids to IOThread's 'thread_id'
	Add 'thread_id' to the virDomainIOThreadIDDef as a means to store the
	'thread_id' as returned from the live qemu monitor data.
	Remove the iothreadpids list from _qemuDomainObjPrivate and replace with
	the new iothreadids 'thread_id' element.
	Rather than use the default numbering scheme of 1..number of iothreads
	defined for the domain, use the iothreadid's list for the iothread_id
	Since iothreadids list keeps track of the iothread_id's, these are
	now used in place of the many places where a for loop would "know"
	that the ID was "+ 1" from the array element.
	The new tests ensure usage of the <iothreadid> values for an exact number
	of iothreads and the usage of a smaller number of <iothreadid> values than
	iothreads that exist (and usage of the default numbering scheme).

	conf: Add new domain XML element 'iothreadids'
	Adding a new XML element 'iothreadids' in order to allow defining
	specific IOThread ID's rather than relying on the algorithm to assign
	IOThread ID's starting at 1 and incrementing to iothreads count.
	This will allow future patches to be able to add new IOThreads by
	a specific iothread_id and of course delete any exisiting IOThread.
	Each iothreadids element will have 'n' <iothread> children elements
	which will have attribute "id".  The "id" will allow for definition
	of any "valid" (eg > 0) iothread_id value.
	On input, if any <iothreadids> <iothread>'s are provided, they will
	be marked so that we only print out what we read in.
	On input, if no <iothreadids> are provided, the PostParse code will
	self generate a list of ID's starting at 1 and going to the number
	of iothreads defined for the domain (just like the current algorithm
	numbering scheme).  A future patch will rework the existing algorithm
	to make use of the iothreadids list.
	On output, only print out the <iothreadids> if they were read in.

2015-04-27  Martin Kletzander  <mkletzan@redhat.com>

	Cleanup parameters for mock libraries
	All the libraries use same parameters when building, why not have it in
	one place at the begining of the Makefile.
	This will also ensure no new mock library will have a problem with
	missing e.g. MINGW_EXTRA_LDFLAGS.

2015-04-27  Michal Privoznik  <mprivozn@redhat.com>

	Cleanup srcdir usage
	In a lot places we use path like this:
	  $(srcdir)/../src/....
	when in fact it can be:
	  $(top_srcdir)/src/

2015-04-27  zhang bo  <oscar.zhangbo@huawei.com>

	util: fix memleak in virStorageSourceClear
	snapshot and configFile are not freed, free them.

2015-04-27  Pavel Fedin  <p.fedin@samsung.com>

	Add missing linker flags for MinGW build
	This fix should completely close
	https://bugzilla.redhat.com/show_bug.cgi?id=1214605

2015-04-27  John Ferlan  <jferlan@redhat.com>

	storage: Resolve Coverity UNINIT
	commit id '1e13eff4' didn't init found when changed from a bool to
	an int in virStoragePoolFCRefreshThread and Coverity...

2015-04-27  Michal Privoznik  <mprivozn@redhat.com>

	openvz: Drop useless domain lookup
	The lookup is just for check whether a domain we are about to add does
	not already exists. Well, the virDomainObjListAdd() function does that
	for us already so there's no need to duplicate the check.

2015-04-27  Martin Kletzander  <mkletzan@redhat.com>

	Fix check for return value of qemuDomainAgentAvailable()
	Commit dcbb243bbc3470431d15cec4c5bb96d2de89a88b used the return value of
	the function as int even though it returns bool.

2015-04-27  Zhang Bo  <oscar.zhangbo@huawei.com>

	conf: fix memleak in virDomainHostdevDefClear
	use virNetworkRouteDefFree() instead of VIR_FREE to free routes, otherwise
	the element 'family' would not be freed.

	conf: fix memleak in virDomainNetIpParseXML
	use cleanup instead of error, so that the allocated strings could also get freed
	when there's no error.

	qemu: fix memleak in virCapabilitiesDomainDataLookup
	virBufferContentAndReset() doesn't free buf contents, we should use
	virBufferFreeAndReset() to get buf freed.

	qemu: fix memleaks in qemuBuildCommandLine
	free boot_opts_str and boot_order_str both in normal and error paths.

	util: fix memleak in virFindSCSIHostByPCI
	free buf in cleanup.

	tests: fix some memleaks in tests

2015-04-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix comment for timeDelta

2015-04-27  zhang bo  <oscar.zhangbo@huawei.com>

	Fix typo in comment about memory binding
	rather then -> rather than

2015-04-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: Connect to guest agent after channel hotplug
	If a user hot-attaches the guest agent channel libvirt would ignore it
	until the restart of libvirtd or shutdown/destroy and start of the VM
	itself.
	This patch adds code that opens or closes the guest agent connection
	according to the state of the guest agent channel according to
	connect/disconnect events.
	To allow opening the channel from the event handler qemuConnectAgent
	needed to be exported.

	qemu: agent: Differentiate errors when the agent channel was hotplugged
	When the guest agent channel gets hotplugged to a VM, libvirt would
	still report that "QEMU guest agent is not configured" rather than
	stating that the connection was not established yet.
	Currently the code won't be able to connect to the agent after hotplug
	but that will change in a later patch.
	As the qemuFindAgentConfig() helper is quite helpful in this case move
	it to a more usable place and export it.

	qemu: Reuse qemuDomainAgentAvailable in qemuDomainInterfaceAddresses

	qemu: Fix domain object leak in qemuDomainInterfaceAddresses
	The API didn't use virDomainObjEndAPI to release the domain object thus
	it leaked a reference to it.

	qemu: agent: Reuse virJSONValueObjectCreateVArgs in qemuAgentMakeCommand
	Since the code is now separated into the common helper, we can reuse it
	instead of maintaining two copies.

2015-04-25  Olaf Hering  <olaf@aepfle.de>

	libxl: remove duplicate check for pci subsystem type
	Both attach and detach functions get called only if the type matches.
	Cc: Jim Fehlig <jfehlig@suse.com>

	libxl: use pci init and dispose functions
	Rearrange code so that the local variable is always initialized and
	disposed.
	Cc: Jim Fehlig <jfehlig@suse.com>

2015-04-25  Jim Fehlig  <jfehlig@suse.com>

	libxl: initialize sdl.opengl defbool in libxlMakeVfb
	Commit bf32462b missed initializing sdl.opengl.  Without the
	initialization, libvirtd will be terminated by an assert from libxl:
	Assertion `!libxl_defbool_is_default(db)' failed.
	Reported-by: Olaf Hering <olaf@aepfle.de>

2015-04-25  Olaf Hering  <olaf@aepfle.de>

	libxl: initialize vfb defbools in libxlMakeVfb
	If the domU configu has sdl enabled libvirtd crashes:
	libvirtd[5158]: libvirtd: libxl.c:343: libxl_defbool_val:
	Assertion `!libxl_defbool_is_default(db)' failed.
	Initialize the relevant defbool variables in libxl_device_vfb.
	Cc: Jim Fehlig <jfehlig@suse.com>

2015-04-25  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: fix crash in prlsdkAddNet in case of CT definition
	Since net->model is not defined for containers we shouldn't touch it.
	In case network adapter model is defined, a warning about ignoring
	it is shown.

2015-04-25  John Ferlan  <jferlan@redhat.com>

	virhostdev: Fix comments for virHostdevReAttachPCIDevices
	Pushed previous patch (commit id 'd45dadae6') too quickly...
	The patch just updates the patch from Laine's suggestions.

2015-04-25  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix build in tests
	Commit ca32929 caused build errors in bhyvexml2argvtest.c because of
	some undefined variables.
	Pushing under the build breaker rule.

2015-04-25  Huanle Han  <hanxueluo@gmail.com>

	hostdev: fix net config restore error
	Fix for such a case:
	1. Domain A and B xml contain the same SRIOV net hostdev(<interface
	type='hostdev' /> with same pci address).
	2. virsh start A (Successfully, and configure the SRIOV net with
	custom mac)
	3. virsh start B (Fail because of the hostdev used by domain A or other
	reason.)
	In step 3, 'virHostdevNetConfigRestore' is called for the hostdev
	which is still used by domain A. It makes the mac/vlan of the SRIOV net
	change.
	Code Change in this fix:
	1. As the pci used by other domain have been removed from
	'pcidevs' in previous loop, we only restore the nic config for
	the hostdev still in 'pcidevs'(used by this domain)
	2. update the comments to make it more clear

	hostdev: Create virHostdevIsPCINetDevice
	Refactor some code to create a static function virHostdevIsPCINetDevice
	which will detect whether the hostdev is a pci net device or not.

2015-04-24  Cole Robinson  <crobinso@redhat.com>

	qemu: Build nvram directory at driver startup
	Similar to what was done for the channel socket in the previous commit.

	qemu: Build channel autosocket directory at driver startup
	Rather than depend on the RPM to put it in place, since this doesn't
	cover the qemu:///session case. Currently auto allocated socket path is
	completely busted with qemu:///session
	https://bugzilla.redhat.com/show_bug.cgi?id=1105274
	And because we chown the directory at driver startup now, this also fixes
	autosocket startup failures when using user/group=root
	https://bugzilla.redhat.com/show_bug.cgi?id=1044561
	https://bugzilla.redhat.com/show_bug.cgi?id=1146886

	qemu: chown autoDumpPath on driver startup
	Not sure if this is required, but it makes things consistent with the
	rest of the directories.

	qemu: conf: Clarify paths that are relative to libDir
	Rather than duplicate libDir for each new path

	tests: qemu: Couple aarch64 CPU tests
	- Make sure aarch64 host-passthrough works correctly
	- Make sure libvirt doesn't choke on cpu model=host, which is what
	  virt-install/virt-manager were incorrectly specifying up until recently.

2015-04-24  Jiri Denemark  <jdenemar@redhat.com>

	migration: Usable time statistics without requiring NTP
	virDomainGetJobStats is able to report statistics of a completed
	migration, however to get usable downtime and total time statistics both
	hosts have to keep synchronized time. To provide at least some
	estimation of the times even when NTP daemons are not running on both
	hosts we can just ignore the time needed to transfer a migration cookie
	to the destination host. The result will be also inaccurate but a bit
	more predictable. The total/down time will just be at least what we
	report.
	https://bugzilla.redhat.com/show_bug.cgi?id=1213434

	Fix memory leak in virNetSocketNewConnectUNIX
	==26726==    by 0x673CD67: __vasprintf_chk (vasprintf_chk.c:80)
	==26726==    by 0x5673605: UnknownInlinedFun (stdio2.h:210)
	==26726==    by 0x5673605: virVasprintfInternal (virstring.c:476)
	==26726==    by 0x56736EE: virAsprintfInternal (virstring.c:497)
	==26726==    by 0x5680C37: virGetUserRuntimeDirectory (virutil.c:866)
	==26726==    by 0x5783A89: virNetSocketNewConnectUNIX (virnetsocket.c:572)
	==26726==    by 0x57751AF: virNetClientNewUNIX (virnetclient.c:344)
	==26726==    by 0x57689B3: doRemoteOpen (remote_driver.c:895)
	==26726==    by 0x5769F8E: remoteConnectOpen (remote_driver.c:1195)
	==26726==    by 0x57092DF: do_open (libvirt.c:1189)
	==26726==    by 0x570A7BF: virConnectOpenAuth (libvirt.c:1341)
	https://bugzilla.redhat.com/show_bug.cgi?id=1215042

2015-04-24  Pavel Hrdina  <phrdina@redhat.com>

	build: add pragma directive to fix build on some gcc
	Commit 1268820a removed obsolete index() function and replaced it by
	strchr.  Few versions of gcc has a bug and reports a warning about
	strchr:
	../../src/util/virstring.c:1006: error: logical '&&' with non-zero
	constant will always evaluate as true [-Wlogical-op]

2015-04-24  Michal Privoznik  <mprivozn@redhat.com>

	uml: s/virDomainObjListFindByID/virDomainObjListFindByUUID/
	ListFindByID() still requires to step through items in the hash table
	(in the worst case scenario through all of them), lock each one and
	compare whether we've found what we're looking for. This is suboptimal
	as locking a domain object means we need to wait for the current API
	running over the object to finish.
	Unfortunately, we can't drop the function completely because we have
	this public API virDomainLookupByID which we can't drop.

	virDomainObjList: Introduce yet another hash table
	This hash table will contain the same data as already existing one.
	The only difference is that while the first table uses domain uuid as
	key, the new table uses domain name. This will allow much faster (and
	lockless) lookups by domain name.

	virDomainObjListFindByName: Return referenced object
	Every domain that grabs a domain object to work over should
	reference it to make sure it won't disappear meanwhile.

	Introduce virDomainObjEndAPI
	This is basically turning qemuDomObjEndAPI into a more general
	function. Other drivers which gets a reference to domain objects may
	benefit from this function too.

	virDomainObjListNew: Use virObjectFreeHashData
	There's no point in duplicating virObjectFreeHashData() in a separate
	function.

	virDomainObjListAddLocked: s/false/NULL/ for @oldDef
	It's a pointer after all. We should initialize it to NULL instead of
	false.

2015-04-24  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: implement .domainGetMaxMemory
	Since we haven't implemented balloon parameters tuning
	we can just return amount of memory in this function.

2015-04-24  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Apparmor: allow reading block-rbd.so

	Allow access to vendor and device file for PCI device passthrough
	For some devices, the $PCIDIR/vendor and $PCIDIR/device need to be
	read. Iterate over them to get them as well in the the generated
	apparmor profile.

2015-04-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: cgroup: Fix priorities when setting emulatorpin
	Use the custom emulator pin setting with the highest priority same as
	with vcpupin.

2015-04-24  Cole Robinson  <crobinso@redhat.com>

	tests: Add VIR_TEST_REGENERATE_OUTPUT
	If this enviroment variable is set, the virTestCompareToFile helper
	will overwrite the file content we are comparing against, if the
	file doesn't exist or it doesn't match the expected input.
	This is useful when adding new test cases, or making changes that
	generate a lot of output churn.

	tests: Add virtTestCompareToFile
	Replaces a common pattern used in many test files

	tests: Use *DefParseFile more

	tests: Add VIR_TEST_DEBUG and VIR_TEST_VERBOSE
	To remove a bunch of TestGetDebug()/TestGetVerbose() checks

2015-04-23  Eric Blake  <eblake@redhat.com>

	build: avoid obsolete index()
	Commit 2a530a3e5 is not portable to mingw, which intentionally
	avoids declaring the obsolete index().  See also:
	https://bugzilla.redhat.com/show_bug.cgi?id=1214605
	* src/util/virstring.c (virStringStripControlChars): Use strchr.

2015-04-23  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: fix IS_CT macro
	CT stands for containers, i.e. def->os.type should be compared with VIR_DOMAIN_OSTYPE_EXE
	rather than VIR_DOMAIN_OSTYPE_HVM

2015-04-23  Michal Privoznik  <mprivozn@redhat.com>

	parallels_sdk: Utilize parallelsDomObjFromDomain()
	Instead of each API copying the same lines of code, lets use the
	generic function designed just for that purpose.

	parallels_driver: Utilize parallelsDomObjFromDomain()
	Instead of each API copying the same lines of code, lets use the
	generic function designed just for that purpose. At the same time,
	drop useless connection object locking in some functions.

	parallels: Introduce parallelsDomObjFromDomain()
	This function is practically copied over from qemu driver. Its
	only purpose in life is to lookup a domain object and print an
	error if no object is found.

	struct _parallelsConn: Mark @domains as immutable pointer
	The pointer does not change throughout the while life of a
	parallels connection. Mark it as such.

2015-04-23  Daniel P. Berrange  <berrange@redhat.com>

	rng: fix port number range validation
	The PortNumber data type is declared to derive from 'short'.
	Unfortunately this is an signed type, so validates the range
	[-32,768, 32,767] which excludes valid port numbers between
	32767 and 65535.
	We can't use 'unsignedShort', since we need -1 to be a valid
	port number too.
	This change is to use 'int' and set an explicit max boundary
	instead of relying on the data types' built-in max.
	One of the existing tests is changed to use a high port number
	to validate the schema.
	https://bugzilla.redhat.com/show_bug.cgi?id=1214664

2015-04-23  zhang bo  <oscar.zhangbo@huawei.com>

	qemu: Don't fail to reboot domains with unresponsive agent
	just as what b8e25c35d7f80a2fadc0e51e95318e39db3d1687 did, we
	fall back to the ACPI method when the guest agent is unresponsive
	in qemuDomainReboot().

2015-04-23  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix build in tests
	Commit 835cf84 dropped expectedVirtTypes argument for
	virDomainDefParse*() functions, however bhyve tests still try to pass
	that to virDomainDefParseFile(), therefore build fails.
	Fix build by fixing virDomainDefParseFile() usage.

2015-04-23  Cole Robinson  <crobinso@redhat.com>

	spec: Point fedora --with-loader-nvram at nightly firmware repo
	Fedora doesn't ship OVMF/AAVMF builds in its repos due to licensing
	issues, so the recommended way to consume these bits is via Gerd's
	nightly repo: https://www.kraxel.org/repos
	Let's teach fedora builds about the loader/nvram pairs these packages
	installed, so users don't need to edit qemu.conf to get virt-manager
	UEFI support.

	configure: Report --with-loader-nvram value in summary

2015-04-23  Jim Fehlig  <jfehlig@suse.com>

	locking: relax PID requirement
	Some hypervisors like Xen do not have PIDs associated with domains.
	Relax the requirement for PID != 0 in the locking code so it can
	be used by hypervisors that do not represent domains as a process
	running on the host.

2015-04-23  Cole Robinson  <crobinso@redhat.com>

	spec: Fix libxl build with driver modules

	configure: Fix --loader-nvram typo

2015-04-22  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: don't forget to unlock domain after successful virDomainObjListFindByUUID call
	Also a typo is fixed (s/detached/attached/)
	Signed-off-by: Maxim Nestratov mnestratov@parallels.com

2015-04-22  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	vircommand: fix polling in virCommandProcessIO
	When running on FreeBSD, there's a bug in virCommandProcessIO
	polling that is triggered by the commandtest.
	A test that triggers EPIPE in commandtest (named "test20") hungs
	forever on FreeBSD.
	Apparently, this happens because FreeBSD sets POLLHUP flag on revents
	when stdin in closed. And as the current implementation only checks for
	POLLOUT and POLLERR, it ends up looping forever inside
	virCommandProcessIO and not trying to do one more write() that would
	trigger EPIPE.
	To fix that check for the POLLHUP flag along with POLLOUT and POLLERR.

2015-04-22  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Improve error message when requesting image above 'start'
	When a user would specify a backing chain index that is above the start
	point libvirt would report a rather unhelpful error:
	invalid argument: could not find backing store 1 in chain for 'sub/link2'
	This patch adds an explicit check that the index is below start point in
	the backing store and reports the following error if not:
	invalid argument: requested backing store index 1 is above 'sub/../qcow2' in chain for 'sub/link2'
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1177062

	util: storage: Add hint to error message that indexed access was used

	util: storage: Fix possible crash when source path is NULL
	Some storage protocols allow to have the @path field in struct
	virStorageSource set to NULL. Add NULLSTR() wrappers to handle this
	possibility until I finish the storage source error formatter.

	util: command: Deduplicate code in virCommandNewArgList
	virCommandNewArgList can use virCommandNewVAList.

	qemu: migration: Refactor hostdev validation in migration check
	The hostdev check can error out right away.

2015-04-22  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	util: fix build on non-Linux
	Build fails on non-Linux systems with this error:
	  CC       util/libvirt_util_la-virnetdev.lo
	util/virnetdev.c:364:1: error: unused function 'virNetDevReplaceMacAddress' [-Werror,-Wunused-function]
	virNetDevReplaceMacAddress(const char *linkdev,
	^
	util/virnetdev.c:406:1: error: unused function 'virNetDevRestoreMacAddress' [-Werror,-Wunused-function]
	virNetDevRestoreMacAddress(const char *linkdev,
	^
	2 errors generated.
	The virNetDev{Restore,Replace}MacAddress() functions are only used
	by VF-related routines that are available on Linux only. So move these
	functions under the same #ifdef.

2015-04-22  Michal Privoznik  <mprivozn@redhat.com>

	processNicRxFilterChangedEvent: Take appropriate actions for NET_TYPE_NETWORK too
	Because packets going through the egress from a bridge (where our
	bandwidth limiting takes place) have no information about which
	interface they came from, the QoS rules that we create instead
	use the source MAC address of the packets to make their decisions
	about which QDisc the packet should be in.
	One flaw in this is that when a guest changed the MAC address it
	used, packets from the guest would no longer be put into the
	correct QDisc, but would instead be put in an "unprivileged"
	class, resulting in the bandwidth "floor" (minimum guaranteed)
	being no longer honored.
	Now that libvirt has infrastructure to capture and respond to
	RX_FILTER_CHANGE events from qemu (sent whenever a guest
	interface modifies its MAC address, among other things), we can
	notice when a guest MAC address changes, and update the QoS rules
	accordingly, so that bandwidth floor is honored even after a
	guest MAC address change.

	virDomainActualNetDefContentsFormat: Format class_id only for status XML
	In one of my previous patches (b68a56bcfe) I made class_id to
	format more frequently. Well, now it's formatting way too
	frequent - even for regular active XML. Users don't need to see
	it, so lets format it only for the status XML where it's really
	needed.

2015-04-22  Luyao Huang  <lhuang@redhat.com>

	qemu: Fix issues with maxMemory in qemuDomainSetMemoryFlags()
	qemuDomainSetMemoryFlags() would allow to set the initial memory greater
	than the <maxMemory> field. While the configuration would not work as
	memory hotplug requires NUMA to be enabled and the
	qemuDomainSetMemoryFlags() API does not work on NUMA guests this just
	fixes a corner case.
	The fix is still worth though as it allows to induce an invalid
	configuration and make the VM vanish on libvirt restart.
	Additionally this tweaks error message to be more accurate.

2015-04-22  Jim Fehlig  <jfehlig@suse.com>

	libxl: Introduce configuration file for libxl driver
	Introduce libxl.conf configuration file, adding the 'autoballoon'
	setting as the first knob for controlling the libxl driver.

2015-04-22  Laine Stump  <laine@laine.org>

	qemu: set macvtap physdevs online when macvtap is set online
	A further fix for:
	  https://bugzilla.redhat.com/show_bug.cgi?id=1113474
	Since there is no possibility that any type of macvtap will work if
	the parent physdev it's attached to is offline, we should bring the
	physdev online at the same time as the macvtap. When taking the
	macvtap offline, it's also necessary to take the physdev offline for
	macvtap passthrough mode (because the physdev has the same MAC address
	as the macvtap device, so could potentially cause problems with
	misdirected packets during migration, as outlined in commits 829770
	and 879c13). We can't set the physdev offline for other macvtap modes
	1) because there may be other macvtap devices attached to the same
	physdev (and/or the host itself may be using the device) in the other
	modes whereas passthrough mode is exclusive to one macvtap at a time,
	and 2) there's no practical reason to do so anyway.

	util: set MAC address for VF via netlink message to PF+VF# when possible
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1113474
	When we set the MAC address of a network device as a part of setting
	up macvtap "passthrough" mode (where the domain has an emulated netdev
	connected to a host macvtap device that has exclusive use of the
	physical device, and sets the device MAC address to match its own,
	i.e. "<interface type='direct'> <source mode='passthrough' .../>"), we
	use ioctl(SIOCSIFHWADDR) giving it the name of that device. This is
	true even if it is an SRIOV Virtual Function (VF).
	But, when we are setting the MAC address / vlan ID of a VF in
	preparation for "hostdev network" passthrough (this is where we set
	the MAC address and vlan id of the VF after detaching the host net
	driver and before assigning the device to the domain with PCI
	passthrough, i.e. "<interface type='hostdev'>", we do the setting via
	a netlink RTM_SETLINK message for that VF's Physical Function (PF),
	telling it the VF# we want to change. This sets an "administratively
	changed MAC" flag for that VF in the PF's driver, and from that point
	on (until the PF driver is reloaded, *not* merely the VF driver) that
	VF's MAC address can't be changed using ioctl(SIOCSIFHWADDR) - the
	only way to change it is via the PF with RTM_SETLINK.
	This means that if a VF is used for hostdev passthrough, it will have
	the admin flag set, and future attempts to use that VF for macvtap
	passthrough will fail.
	The solution to this problem is to check if the device being used for
	macvtap passthrough is actually a VF; if so, we use the netlink
	RTM_SETLINK message to the PF to set the VF's mac address instead of
	ioctl(SIOCSIFHWADDR) directly to the VF; if not, behavior does not
	change from previously.
	There are three pieces to making this work:
	1) virNetDevMacVLan(Create|Delete)WithVPortProfile() now call
	   virNetDev(Replace|Restore)NetConfig() rather than
	   virNetDev(Replace|Restore)MacAddress() (simply passing -1 for VF#
	   and vlanid).
	2) virNetDev(Replace|Restore)NetConfig() check to see if the device is
	   a VF. If so, they find the PF's name and VF#, allowing them to call
	   virNetDev(Replace|Restore)VfConfig().
	3) To prevent mixups when detaching a macvtap passthrough device that
	   had been attached while running an older version of libvirt,
	   virNetDevRestoreVfConfig() is potentially given the preserved name
	   of the VF, and if the proper statefile for a VF can't be found in
	   the stateDir (${stateDir}/${pfname}_vf${vfid}),
	   virNetDevRestoreMacAddress() is called instead (which will look in
	   the file named ${stateDir}/${vfname}).
	This problem has existed in every version of libvirt that has both
	macvtap passthrough and interface type='hostdev'. Fortunately people
	seem to use one or the other though, so it hasn't caused any real
	world problem reports.

2015-04-21  Cole Robinson  <crobinso@redhat.com>

	qemu: Always refresh capabilities if no <guests> found
	- Remove all qemu emulators
	- Restart libvirtd
	- Install qemu emulators
	- Call 'virsh version' -> errors
	The only thing that will force the qemu driver to refresh it's cached
	capablities info is an explict API call to GetCapabilities.
	However in the case when the initial caps lookup at driver connect didn't
	find a single qemu emulator to poll, the driver is effectively useless
	and really can't do anything until it's populated some qemu capabilities
	info.
	With the above steps, the user would have to either know about the
	magic refresh capabilities call, or restart libvirtd to pick up the
	changes.
	Instead, this patch changes things so that every time a part of th
	driver requests access to capabilities info, check to see if
	we've previously seen any emulators. If not, force a refresh.
	In the case of 'still no emulators found', this is still very quick, so
	I can't think of a downside.
	https://bugzilla.redhat.com/show_bug.cgi?id=1000116

2015-04-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	vircapstest: fix build without LXC, QEMU or XEN
	When building without lxc support enabled, build fails with:
	CLD     vircapstest
	vircapstest.o: In function `test_virCapsDomainDataLookupLXC':
	vircapstest.c:(.text+0x9ef): undefined reference to `testLXCCapsInit'
	Fix that by hiding LXC tests under appropriate #ifdef. Same applies
	for QEMU and XEN.

2015-04-21  John Ferlan  <jferlan@redhat.com>

	scsi: Adjust return values from processLU
	https://bugzilla.redhat.com/show_bug.cgi?id=1171933
	Adjust the processLU error returns to be a bit more logical. Currently,
	the calling code cannot determine the difference between a non disk/lun
	volume and a processed/found disk/lun. It can also not differentiate
	between perhaps real/fatal error and one that won't necessarily stop
	the code from finding other volumes.
	After this patch virStorageBackendSCSIFindLUsInternal will stop processing
	as soon as a "fatal" message occurs rather than continuting processing
	for no apparent reason. It will also only set the *found value when
	at least one of the processLU's was successful.
	With the failed return, if the reason for the stop was that the pool
	target path did not exist, was /dev, was /dev/, or did not start with
	/dev, then iSCSI pool startup and refresh will fail.

	scsi: Change return values for virStorageBackendSCSIFindLUs
	Rather than passing/returning a pointer to a boolean to indicate that
	perhaps we should try again - adjust the return of the call to return
	the count of LU's found during processing, then let the caller decide
	what to do with that value.

	scsi: Adjust return value for virStorageBackendSCSINewLun
	Use virStorageBackendPoolUseDevPath API to determine whether creation of
	stable target path is possible for the volume.
	This will differentiate a failed virStorageBackendStablePath which won't
	need to be fatal. Thus, we'll add a -2 return value to differentiate that
	the failure was a result of either the inability to find the symlink for
	the device or failure to open the target path directory

	storage: Fix check for stable path check
	Fix the if (!STRPREFIX(path, "/dev")) to be if (!STRPREFIX(path, "/dev/"))
	to ensure a path such as "/device" isn't declared stable.

	storage: Split out the stable path check
	For virStorageBackendStablePath, in order to make decisions in other code
	split out the checks regarding whether the pool's target is empty, using /dev,
	using /dev/, or doesn't start with /dev

2015-04-21  Richard W.M. Jones  <rjones@redhat.com>

	xend: Remove a couple of unused function prototypes.
	Commit 70f446631f142ae92b4d4eb349fcf11408171556 (from 2008) introduced
	some functions for testing whether xend was returning correct sound
	models.  Those functions have long gone, but the function prototypes
	remain.  This commit removes the unused prototypes.

2015-04-21  Michal Privoznik  <mprivozn@redhat.com>

	domtop: Properly free cpu status
	So, in the example the cpu stats are collected within a function
	called do_top. At the beginning of the function we ask the daemon for
	how much vCPUs can we get stats, and how many stats for a vCPU can we
	get. This is because it's how our API works - users are required to
	preallocate a chunk of memory for the results. Now, at the end, we try
	to free the allocated array, but we are not doing it correctly.
	There's this virTypedParamsFree() function which gets a pointer to the
	array and the length of the array. However, if there was an error in
	getting vCPU stats we pass a negative number instead of the originally
	computed value. This flaw results in SIGSEGV:
	libvirt: QEMU Driver error : Requested operation is not valid: domain is not running
	ERROR do_top:333 : Unable to get cpu stats
	==29201== Invalid read of size 4
	==29201==    at 0x4F1DF8B: virTypedParamsClear (virtypedparam.c:1145)
	==29201==    by 0x4F1DFEB: virTypedParamsFree (virtypedparam.c:1165)
	==29201==    by 0x4023C3: do_top (domtop.c:349)
	==29201==    by 0x40260B: main (domtop.c:386)
	==29201==  Address 0x131cd7c0 is 16 bytes after a block of size 768 alloc'd
	==29201==    at 0x4C2C070: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==29201==    by 0x401FF1: do_top (domtop.c:295)
	==29201==    by 0x40260B: main (domtop.c:386)

2015-04-21  Cole Robinson  <crobinso@redhat.com>

	domain: conf: Drop expectedVirtTypes
	This needs to specified in way too many places for a simple validation
	check. The ostype/arch/virttype validation checks later in
	DomainDefParseXML should catch most of the cases that this was covering.

	caps: Use DomainDataLookup to replace GuestDefault*
	This revealed that GuestDefaultEmulator was a bit buggy, capable
	of returning an emulator that didn't match the passed domain type. Fix
	up the test suite input to continue to pass.

	domain: conf: Use CapabilitiesDomainDataLookup for caps validation
	The strange logic here is just to duplicate the previous behavior,
	which parts of the test suite are currently relying on.

	domain: conf: Do ostype/arch/machine parsing earlier
	Just move this code to where we parse virtType. Lots of things depend
	on os.type values so it should be handled early like virtType.

	caps: Add virCapabilitiesDomainDataLookup
	This is a helper function to look up all capabilities data for all
	the OS bits that are relevant to <domain>. This is
	- os type
	- arch
	- domain type
	- emulator
	- machine type
	This will be used to replace several functions in later commits.

	caps: Convert to use VIR_DOMAIN_VIRT internally

	domain: Convert os.type to VIR_DOMAIN_OSTYPE enum

	caps: Switch AddGuest to take VIR_DOMAIN_OSTYPE value
	Rather than an opencoded string. This should be a no-op

	caps: Use an enum internally for ostype value
	But the internal API stays the same, and we just convert the value as
	needed. Not useful yet, but this is the beginning step of using an enum
	for ostype throughout the code.

	domain: conf: Don't validate VM ostype/arch at daemon startup
	When parsing XML, we validate the passed ostype + arch combo against
	the detected hypervisor capabilities. This has led to the following
	problem:
	- Define x86 qemu guest
	- qemu is inadvertently removed from the host
	- libvirtd is restarted. fails to parse VM config since arch is removed
	- 'virsh list --all' is now empty, user is wondering where their VMs went
	Add a new internal flag VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS. Use
	it when loading VM and snapshot configs from disk.
	https://bugzilla.redhat.com/show_bug.cgi?id=1043572

	domain: conf: Better errors on bad os <type> values
	If no <os><type> was specified:
	  before: unknown OS type no OS type
	  after : xml error: an os <type> must be specified
	If an <os><type> is specified that's not in our capabiliities data:
	  before: unknown OS type: $type
	  after : unsupported configuration: no support found for os <type> '$type'
	VIR_ERR_OS_TYPE is now unused (as it should be frankly) so drop its strings
	as well to save our translators some effort.

2015-04-21  Nikolay Shirokovskiy  <nshirokovskiy@parallels.com>

	parallels: make device addressing consistent
	In Parallels we do not support device name hints
	aka <target dev=../> option and full-fledged device
	disk device addressing through
	<address type=.. controller=.. bus=.. target=.. unit=../>
	and have only one index instead.
	In this situation to be consistent we can only take
	one-to-one mapping from some reasonable subset
	of full address. Values outside this subset are
	invalid to create Parallels VMs.
	Reasonable mapping is default one defined in virDomainDiskDefAssignAddress.

	parallels: fix return status for parallelsConnectOpen
	We should return VIR_DRV_OPEN_ERROR in case
	if we handle scheme in query but some
	error occur. Previously we sometimes
	return VIR_DRV_OPEN_DECLINE.

2015-04-20  Luyao Huang  <lhuang@redhat.com>

	lxc: fix starting a domain with non-strict numa memory mode
	 # virsh -c lxc:/// start helloworld
	 error: Failed to start domain helloworld
	 error: internal error: guest failed to start: Unknown
	 failure in libvirt_lxc startup
	Return success when there are no cpuset.mems to be set,
	instead of failing without setting an error.

	lxc: fix starting a domain with a cpuset but no numatune
	 # virsh -c lxc:/// start helloworld
	 error: Failed to start domain helloworld
	 error: internal error: guest failed to start: Invalid value '1-3'
	 for 'cpuset.mems': Invalid argument
	Free the cpu mask to avoid reusing it as a mem mask
	in virCgroupSetCpusetMems
	if virDomainNumatuneMaybeFormatNodeset does not set a mask.

2015-04-20  Erik Skultety  <eskultet@redhat.com>

	rng: Move sgio attr definition to a separate block
	it might be worth having sgio attribute defined in a separate block the same way
	as rawio attribute.

	rng: Forbid to validate mismatched <disk> 'device' and 'type' attributes
	According to docs, using 'lun' as a value for device attribute is only valid
	with disk types 'block' and 'network'. However current RNG schema also allows
	a combination type='file' device='lun' which results in a successfull
	xml validation, but fails at qemuBuildCommandLine.
	Besides fixing the RNG schema, this patch also adds a qemuxml2argvtest
	for this case.
	https://bugzilla.redhat.com/show_bug.cgi?id=1210669

2015-04-20  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Apparmor: removed duplicate nscd rules

2015-04-17  Michal Privoznik  <mprivozn@redhat.com>

	domcaps: Check for architecture more wisely
	https://bugzilla.redhat.com/show_bug.cgi?id=1209948
	So we have this bug. The virConnectGetDomainCapabilities() API
	performs a couple of checks before it produces any result. One of
	the checks is if the architecture requested by user can be run by
	the binary (again user provided). However, the check is pretty
	dumb. It merely compares if the default binary architecture
	matches the one provided by user. However, a qemu binary can run
	multiple architectures. For instance: qemu-system-ppc64 can run:
	ppc, ppcle, ppc64, ppc64le and ppcemb. The default is ppc64, so
	if user requested something else, like ppc64le, the check would
	have failed without obvious reason.

2015-04-17  Martin Kletzander  <mkletzan@redhat.com>

	schema: Allow multiple machines for VMs and unite architectures
	Use the same pattern for all machine types on all archs and same archs
	for hvm and exe types.

2015-04-17  zhang bo  <oscar.zhangbo@huawei.com>

	qemuDomainShutdownFlags: Set fakeReboot more frequently
	When a qemu domain is to be rebooted, from outside, at libvirt
	level it looks like regular shutdown. To really restart the
	domain, libvirt needs to issue reset command on the monitor once
	SHUTDOWN event appeared. So, in order to differentiate bare
	shutdown and reboot libvirt uses a variable within domain private
	data. It's called fakeReboot. When the reboot API is called, the
	variable is set, but when the shutdown API is called it must be
	cleared out. But it was not for every possible case. So if user
	called virDomainReboot(), and there was no ACPI daemon running
	inside the guest (so guest didn't initiated shutdown sequence)
	and then virDomainShutdown(mode=agent) was called bad thing
	happened. We remembered the fakeReboot and instead of shutting
	the domain down, we just rebooted it.

2015-04-17  Michal Privoznik  <mprivozn@redhat.com>

	Introduce virNetDevBandwidthUpdateFilter
	This is a simple wrapper around virNetDevBandwidthManipulateFilter() that
	will update the desired filter on an interface (usually a network bridge)
	with a new MAC address. Although, the MAC address in question usually
	refers to some other interface - the one that the filter is constructed
	for. Yeah, hard to parse. Thing is, our NATed network has a bridge where
	some part of QoS takes place. And vNICs from guests are plugged into
	the bridge. However, if a guest decides to change the MAC of its vNIC,
	the corresponding qemu process emits an event which we can use to
	update the QoS configuration based on the new MAC address.. However,
	our QoS hierarchy is currently not notified, therefore it falls apart.
	This function (when called in response to the aforementioned event)
	will update our QoS hierarchy and duct tape it together again.

	virnetdevbandwidth.c: Separate tc filter creation to a function
	Not only this simplifies the code a bit, it prepares the
	environment for upcoming patches. The new
	virNetDevBandwidthManipulateFilter() function is capable of both
	removing a filter and adding a new one. At the same time! Yeah,
	this is not currently used anywhere but look at the next commit
	where you'll see it.

	virNetDevBandwidthSet: Add priority to filter
	Currently, when constructing traffic shaping rules, the ingress
	filter is created without any priority specified on the command
	line. This makes kernel to make up one. While this works, it
	simplifies things a bit if we provide the filter priority. In
	this case, since it's the root filter lets give it the highest
	priority of number 1.

	virDomainActualNetDefContentsFormat: Format class_id more frequently
	After a360912179 the formatting of virDomainActualNetDefPtr was
	changed a bit. However, during the function rewrite, iface's class_id
	is not formatted as frequently as it could be. In fact, after rewrite
	it's formatted only for iface of type VIR_DOMAIN_NET_TYPE_DIRECT where
	it makes no sense and is unused. While where needed (_TYPE_NETWORK) is
	not formatted at all. This makes the daemon forget it upon daemon
	restart resulting in bad behaviour.

	nwfilter: Partly initialize driver even for non-privileged users
	https://bugzilla.redhat.com/show_bug.cgi?id=1211436
	This reverts commit b7829f959b33c6e32422222a9ed745c0da7dc696.
	The previous fix was not correct. Like everywhere else, a driver is a
	global variable allocated in stateInitialize function (or something
	similar for stateless drivers). Later, when a driver API is called,
	it's possible that the global variable is accessed and dereferenced.
	Now, some drivers require root privileges because they undertake some
	actions reserved only for the system admin (e.g. manipulating host
	firewall). And here's the trouble, the NWFilter state initializer
	exited too early when finding out it's running unprivileged, leaving
	the global NWFilter driver variable uninitialized. Any subsequent
	API call that tried to lock the driver resulted in dereferencing the
	driver and thus crash.
	On the other hand, in order to not resurrect the bug the original
	commit was fixing, Let's forbid the nwfilter define in session mode.
	Conflicts:
		src/nwfilter/nwfilter_driver.c: Context. Code changed a bit
	        since 2013.

	virNetSocketNewConnectUNIX: Don't unlink(NULL)
	There is a possibility that we jump onto error label with @lockpath
	still initialized to NULL. Here, the @lockpath should be unlink()-ed,
	but passing there a NULL is not a good idea. Don't do that. In fact,
	we should call unlink() only if we created the lock file successfully.
	Reported-by: John Ferlan <jferlan@redhat.com>

2015-04-17  Lubomir Rintel  <lkundrak@v3.sk>

	lxc: move wireless PHYs to a network namespace
	The 802.11 interfaces can not be moved by themselves, their Phy has to move too.
	If there are other interfaces, they have to move too -- hopefully it's not too
	confusing. This is a less-invasive alternative to defining a new hostdev type
	for PHYs.

2015-04-17  Jim Fehlig  <jfehlig@suse.com>

	libxl: drop virDomainObj lock when destroying a domain
	A destroy operation can take considerable time on large memory
	domains due to scrubbing the domain's memory.  Unlock the
	virDomainObj while libxl_domain_destroy is executing.
	Implement libxlDomainDestroyInternal wrapper to handle unlocking,
	calling destroy, and locking.  Change all callers of
	libxl_domain_destroy to use the wrapper.

	libxl: acquire a job when destroying a domain
	A job should be acquired at the beginning of a domain destroy operation,
	not at the end when cleaning up the domain.  Fix two occurrences of this
	late job acquisition in the libxl driver.  Doing so renders
	libxlDomainCleanupJob unused, so it is removed.

	libxl: Move job acquisition in libxlDomainStart to callers
	Let callers of libxlDomainStart decide when it is appropriate to
	acquire a job on the associated virDomainObj.

	libxl: support HVM direct kernel boot
	Add support for HVM direct kernel boot in libxl.  Also add a
	test to verify domXML <-> native conversions.

	xenconfig: don't use "kernel" for hvmloader
	In xl config, hvmloader is implied for hvm guests.  It is not
	specified with the "kernel" option like xm config.  The "kernel"
	option, along with "ramdisk" and "extra", is used for HVM direct
	kernel boot.  Instead of using "kernel" option to populate
	virDomainDef object's os.loader->path, use hvmloader discovered
	when gathering capabilities.
	This change required fixing initialization of capabilities in
	the test utils and removing 'kernel = "/usr/lib/xen/boot/hvmloader"'
	from the test config files.

	xenconfig: move <os> parsing/formating to config-specific files
	xl and xm differ a bit in how <os> configuration is represented.
	E.g. xl config supports <os><nvram .../></os> via its "bios"
	setting.
	Move the xenParseOS and xenFormatOS functions from xen_common.c
	and copy to xen_xl.c and xen_xm.c so they can be customized for
	xm vs xl config.  An unfortunate fallout is reordering of entries
	in the test config files.

	xenconfig: remove redunant parsing of device_model
	device_model is parsed in xenParseOS(), then later in
	xenParseConfigCommon().  <emulator> is not part of <os>,
	so makes sense to remove the parsing in xenParseOS().

	xenconfig: export xenConfigCopyString
	Export xenConfigCopyString for use outside of xen_common.c

2015-04-17  Pavel Hrdina  <phrdina@redhat.com>

	virbuffer: fix build on rhel-6
	On rhel-6 is broken gcc that reports this warning:
	util/virbuffer.c:500: error: logical '&&' with non-zero constant will
	    always evaluate as true [-Wlogical-op]
	Move the pragma directive before function virBufferEscapeString because
	since commit aeb5262e this function uses 'strchr' too.

2015-04-17  John Ferlan  <jferlan@redhat.com>

	storage: Refactor virStorageBackendSCSINewLun
	Invert the logical of retval and clean up code paths, especially goto's

2015-04-16  Michael Chapman  <mike@very.puzzling.org>

	virCondWaitUntil: calculate timespec correctly
	ts.tv_nsec was off by a factor of 1000, making timeouts less than a
	second in the future often expiring immediately.

2015-04-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Refactor and fix monitor checking
	Among all the monitor APIs some where checking if mon is NULL and some
	were not. Since it's possible to have mon equal to NULL in case a second
	call is attempted once entered the monitor. This requires that every
	single API checks for the monitor.
	This patch adds a macro that helps checking the state of the monitor and
	either refactors existing checking code to use the macro or adds it in
	case it was missing.

2015-04-16  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Prefix sysctl configuration filename with a number
	Apparently, files in /usr/lib/sysctl.d are usually prefixed with numbers
	for easier ordering. Let's be consistent with this. I chose 60 for
	libvirtd so that it goes after 50-default.conf.
	https://bugzilla.redhat.com/show_bug.cgi?id=1084876

2015-04-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: bulk stats: Ignore errors from missing/inaccessible disks
	Rather than erroring out make the best attempt to retrieve other data if
	disks are inaccessible or missing. The failure will still be logged
	though.
	Since the bulk stats API is called on multiple domains an error like
	this makes the API unusable. This regression was introduced by commit
	596a13713420e01b20ce3dc3fdbe06d073682675
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1209394

2015-04-16  Michal Privoznik  <mprivozn@redhat.com>

	RNG schema: allow plain @floor to <bandwidth/>
	The <inbound/> element to <bandwidth/> has several attributes from
	which two are mandatory. Well, from two at least one has to be
	present: @average or @floor or both. Instead of inventing crazy RNG
	schema, let's make all the attributes optional there and rely on our
	parsing code to correctly handle the situation.

	virNetDevBandwidthPlug: Update function description
	The comment is describing arguments passed to the function.
	However, there's no @ifmac argument. In 955af4d4 it was replaced
	with @ifmac_ptr.  Unfortunately, the comment wasn't updated.

2015-04-16  Eric Blake  <eblake@redhat.com>

	tests: fix build on old 32-bit platforms
	gcc 4.1.2 (hello RHEL 5) on 32-bit platforms complains:
	vircgrouptest.c: In function 'testCgroupGetPercpuStats':
	vircgrouptest.c:627: warning: integer constant is too large for 'long' type
	vircgrouptest.c:628: warning: this decimal constant is unsigned only in ISO C90
	vircgrouptest.c:634: warning: integer constant is too large for 'long' type
	vircgrouptest.c:635: warning: this decimal constant is unsigned only in ISO C90
	vircgrouptest.c:636: warning: this decimal constant is unsigned only in ISO C90
	vircgrouptest.c:644: warning: integer constant is too large for 'long' type
	* tests/vircgrouptest.c (testCgroupGetPercpuStats): Use ULL suffix.

2015-04-16  Ján Tomko  <jtomko@redhat.com>

	Strip control codes in virBufferEscapeString
	These cannot be represented in XML.
	We have been stripping them, but only if the string had
	characters that needed escaping: <>"'&
	Extend the strcspn check to include control codes, and strip
	them even if we don't do any escaping.
	https://bugzilla.redhat.com/show_bug.cgi?id=1184131
	https://bugzilla.redhat.com/show_bug.cgi?id=1066564

	Ignore storage volumes with control codes in their names
	To prevent generating invalid XML.
	https://bugzilla.redhat.com/show_bug.cgi?id=1066564

	Strip control characters from sysfs attributes
	Including them in the XML makes them unparsable.
	https://bugzilla.redhat.com/show_bug.cgi?id=1184131

	Add functions dealing with control characters in strings
	Add virStringHasControlChars that checks if the string has
	any control characters other than \t\r\n,
	and virStringStripControlChars that removes them in-place.

	tests: rename testStripIPv6BracketsData to testStripData
	For reuse with other Strip* functions.

2015-04-15  Ján Tomko  <jtomko@redhat.com>

	Add an example for EVENT_ID_DEVICE_ADDED

	Emit VIR_DOMAIN_EVENT_ID_DEVICE_ADDED in the QEMU driver
	Only for devices that have an alias.

	Add VIR_DOMAIN_EVENT_ID_DEVICE_ADDED event
	The counterpart to VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED.
	https://bugzilla.redhat.com/show_bug.cgi?id=1206114

2015-04-15  Michal Privoznik  <mprivozn@redhat.com>

	Cleanup "/sys/class/net" usage
	Throughout the code, we have several places need to construct a path
	somewhere in /sys/class/net/... They are not consistent and nearly
	each code piece invents its own way how to do it. So unify this by:
	1) use virNetDevSysfsFile() wherever possible
	2) At least use common macro SYSFS_NET_DIR declared in virnetdev.h at
	   the rest of places which can't go with 1)

	tests: Add virnetdevtestdata to EXTRA_DIST
	In one of my previous commits (49ed6cff9) I've introduced a test
	among with some files stored under virnetdevtestdata folder.
	While this works perfectly within a git tree, the folder was not
	getting into .tar.gz and therefore the dist-check would fail.

2015-04-15  John Ferlan  <jferlan@redhat.com>

	tests: Resolve Coverity RESOURCE_LEAK
	Commit id 'b77ce18a2' added a new bitmap, but neglected to virBitmapFree it

2015-04-15  Eric Blake  <eblake@redhat.com>

	virsh: fix regression in 'virsh event' by domain
	Commit a0670ae caused a regression in 'virsh event' and
	'virsh qemu-monitor-event' - if a user tries to filter the
	command to a specific domain, an error message is printed:
	$ virsh event dom --loop
	error: internal error: virsh qemu-monitor-event: no domain VSH_OT_DATA option
	and then the command continues as though no domain had been
	supplied (giving events for ALL domains, instead of the
	requested one).  This is because the code was incorrectly
	assuming that all "domain" options would be supplied via a
	mandatory VSH_OT_DATA, even though "domain" is optional for
	these two commands, so we had changed them to VSH_OT_STRING
	to quit failing for other reasons (ever since it was decided
	that VSH_OT_DATA and VSH_OT_STRING should no longer be
	synonyms).
	In looking at the situation, though, the code for looking up
	a domain was making a pointless check for whether the option
	exists prior to finding the option's string value, as
	vshCommandOptStringReq does just fine at reporting any errors
	when looking up a string whether or not the option was present.
	So this is a case of regression fixing by pure code deletion :)
	* tools/virsh-domain.c (vshCommandOptDomainBy): Drop useless filter.
	* tools/virsh-interface.c (vshCommandOptInterfaceBy): Likewise.
	* tools/virsh-network.c (vshCommandOptNetworkBy): Likewise.
	* tools/virsh-nwfilter.c (vshCommandOptNWFilterBy): Likewise.
	* tools/virsh-secret.c (vshCommandOptSecret): Likewise.
	* tools/virsh.h (vshCmdHasOption): Drop unused function.
	* tools/virsh.c (vshCmdHasOption): Likewise.

2015-04-15  Peter Krempa  <pkrempa@redhat.com>

	node: udev: Remove some redundant error reports
	All the called functions already report an error.

2015-04-15  Michal Privoznik  <mprivozn@redhat.com>

	virPidFileConstructPath: Drop useless VIR_FREE()
	If a virAsprintf() within the function fails, we call VIR_FREE()
	over @rundir variable and jump onto cleanup label, where it is
	freed again.  It doesn't hurt, but not make much sense too.

2015-04-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Fix qemuMonitorGetAllBlockStatsInfo with HMP
	Commit f6563bc3 introduced HMP impl of the function (so that a different
	uglier function could be removed). Before the HMP code is called there's
	a leftover check that the monitor is JSON which inhibits the code from
	working.

	qemu: monitor: @running in qemuMonitorGetStatus is always non-NULL
	Add the attribute and remove the check.

	qemu: monitor: Don't use 'ret' variable where not necessary
	Quite a lot places set the 'ret' variable just once right before
	returning it's value. Remove such usage.

	qemu: monitor: Ensure that qemuMonitorSetLink is called with non-null name

	qemu: monitor: Sanitize control flow in qemuMonitorSetCapabilities

	qemu: monitor: Clean up coding style
	Fix line spacing between functions, ensure that function return type is
	on a separate line and reflow arguments for VIR_DEBUG statements.

2015-04-15  Michal Privoznik  <mprivozn@redhat.com>

	virNetSocketNewConnectUNIX: Use flocks when spawning a daemon
	https://bugzilla.redhat.com/show_bug.cgi?id=1200149
	Even though we have a mutex mechanism so that two clients don't spawn
	two daemons, it's not strong enough. It can happen that while one
	client is spawning the daemon, the other one fails to connect.
	Basically two possible errors can happen:
	  error: Failed to connect socket to '/home/mprivozn/.cache/libvirt/libvirt-sock': Connection refused
	or:
	  error: Failed to connect socket to '/home/mprivozn/.cache/libvirt/libvirt-sock': No such file or directory
	The problem in both cases is, the daemon is only starting up, while we
	are trying to connect (and fail). We should postpone the connecting
	phase until the daemon is started (by the other thread that is
	spawning it). In order to do that, create a file lock 'libvirt-lock'
	in the directory where session daemon would create its socket. So even
	when called from multiple processes, spawning a daemon will serialize
	on the file lock. So only the first to come will spawn the daemon.
	Tested-by: Richard W. M. Jones <rjones@redhat.com>

2015-04-15  Martin Kletzander  <mkletzan@redhat.com>

	json: export non-static functions
	Two non-static functions in virjson.c were missing their export info in
	libvirt_private.syms, so they couldn't be used anywhere it the code (and
	that's about to get changed).

	Change virConnectPtr into virObjectLocklable
	It already had a virMutex inside, so this is just a cleanup.

	closeCallback is already lockable, initialize it as such
	Luckily we are allocating structs as clean memory and
	PTHREAD_MUTEX_INITIALIZER is "{ 0 }", so nothing happened, but it should
	still be created as lockable object.

	configure: Align messages
	The first two were a bit off.

2015-04-15  John Ferlan  <jferlan@redhat.com>

	storage: Add duplicate devices check for zfs pool def
	Check proposed pool definitions to ensure they aren't trying to use the
	same devices as currently defined definitions - disallow the duplicate

	storage: Add duplicate source pool for Gluster pool def
	Check the proposed pool source host XML definition against existing gluster
	pools to ensure the incoming definition doesn't use the same source dir and
	soure host XML definition as an existing pool.

	storage: Add duplicate host check for Sheepdog pool def
	Check the proposed pool source host XML definition against existing sheepdog
	pools to ensure the incoming definition doesn't use the same source host XML
	definition as an existing pool.

	storage: Remove default from switch in virStoragePoolSourceFindDuplicate
	So that we can cover all the cases.

	storage: Use virStoragePoolSourceMatchSingleHost for NETFS
	Rather than have duplicate code doing the same check, have the netfs
	matching processing code use the new virStoragePoolSourceMatchSingleHost.

	storage: Add check for different ports for host duplicate matching
	In virStoragePoolSourceMatchSingleHost, add a comparison for port number
	being different prior to checking the 'name' field.

	storage: Create virStoragePoolSourceMatchSingleHost
	Split out the nhost == 1 and hosts[0].name logic into a separate routine

	storage: Refactor iSCSI Source matching
	Create a separate iSCSI Source matching subroutine. Makes the calling
	code a bit cleaner as well as sets up for future patches which need to
	do better source hosts[0].name processing/checking.
	As part of the effort the logic will be inverted from a multi-level
	if statement to a series of single level checks for better readability
	and further separation

2015-04-15  Jiri Denemark  <jdenemar@redhat.com>

	sanlock: Use VIR_ERR_RESOURCE_BUSY if sanlock_acquire fails
	When acquiring resource via sanlock fails, we would report it as
	VIR_ERR_INTERNAL_ERROR, which is not very friendly to applications using
	libvirt. Moreover, the lockd driver would report the same failure as
	VIR_ERR_RESOURCE_BUSY, which looks better.
	Unfortunately, in sanlock driver we don't really know if acquiring the
	resource failed because it was already locked or there was another
	reason behind. But the end result is the same and I think using
	VIR_ERR_RESOURCE_BUSY reason for all acquire failures is still better
	than what we have now.
	https://bugzilla.redhat.com/show_bug.cgi?id=1165119

2015-04-15  Eric Blake  <eblake@redhat.com>

	build: provide virNetDevSysfsFile on non-Linux
	Commit 49ed6cff is broken on mingw and other non-linux platforms:
	  CCLD     libvirt.la
	  Cannot export virNetDevSysfsFile: symbol not defined
	  collect2: error: ld returned 1 exit status
	* src/util/virnetdev.c: Provide virNetDevSysfsFile fallback.

	build: include correct header for time()
	Found by ./autobuild.sh during a mingw cross-compile:
	Commit 8a96e87 was not innocuous - glibc happens to leak the
	definition of time() through other headers, so that even without
	<sys/select.h>, virrandom.c compiled just fine.  But on mingw,
	we were not so lucky; <sys/select.h> was important for its side
	effect of dragging in <time.h>, and we now have nothing providing
	the declaration of time():
	../../src/util/virrandom.c: In function 'virRandomOnceInit':
	../../src/util/virrandom.c:65:5: error: implicit declaration of function 'time' [-Werror=implicit-function-declaration]
	     unsigned int seed = time(NULL) ^ getpid();
	          ^
		  ../../src/util/virrandom.c:65:5: error: nested extern declaration of 'time' [-Werror=nested-externs]

2015-04-15  Michal Privoznik  <mprivozn@redhat.com>

	Introduce virnetdevtest
	This is yet another test for check of basic functionality of our
	NIC state handling code.

2015-04-14  John Ferlan  <jferlan@redhat.com>

	cfg: Disallow usage of 'index' as variable name
	Since we've run afoul of the Xen-devel build for shadowing a global
	declaration of 'index', just disallow using index for a variable name

	nwfilter: Change 'index' to 'idx'
	Forthcoming syntax check rule will disallow usage of 'int index', so
	change it for nwfilter

	snapshot: Change 'index' to 'idx'
	Forthcoming syntax check rule will disallow usage of 'int index', so
	change it for snapshot

	util: Use 'idx' instead of 'index'
	Impending syntax checker will disallow 'int index', so change it here.

	qemu: Adjust the prototype to match the function
	Changing the prototype to not have "int *index" since we'll soon be
	disallowing index as a name. Curiously the original commit (a4504ac)
	for the function used 'int idx' in the function - so they didn't match.
	Now they do.

2015-04-14  Ján Tomko  <jtomko@redhat.com>

	Add articles to virDomainDeviceDetachFlags docs
	Reported by John Ferlan.

2015-04-14  Pavel Hrdina  <phrdina@redhat.com>

	xen: fix build error on rhel-5
	../../src/xen/block_stats.c:82: warning: dereferencing type-punned
	    pointer will break strict-aliasing rules [-Wstrict-aliasing]

2015-04-14  Martin Kletzander  <mkletzan@redhat.com>

	sparc: Add default PCI root controller
	It is there even with -nodefaults and -no-user-config, so count with
	that so we can start sparc domains.

2015-04-14  Huanle Han  <hanxueluo@gmail.com>

	hostdev: fix loop index error when resetvfnetconfig
	The variable 'last_processed_hostdev_vf' indicates index of the last
	successfully configed vf. When resetvfnetconfig because of failure,
	hostdevs[last_processed_hostdev_vf] should also be reset.

	qemu: fix index error when clean up vport profile
	1. 'last_good_net' indicates the index of last successfully configured
	net. so def->nets[last_good_net] should also be clean up if error occurs.
	2. if error occurs in 'virNetDevMacVLanVPortProfileRegisterCallback'
	(second 'goto err_exit' in loop), we should also do
	'virNetDevVPortProfileDisassociate' cleanup for the
	'virNetDevVPortProfileAssociate'(first code block in loop). So we should
	consider the net is successfully configured after first code block in
	loop finishes.

2015-04-14  Serge Hallyn  <serge.hallyn@ubuntu.com>

	virt-aa-helper: add unix channels (esp for qemu-guest-agent)
	The original bug report was at
	https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1393842
	Also skip abstract unix sockets.

2015-04-14  Shanzhi Yu  <shyu@redhat.com>

	qemu: save domain status after set memory parameters
	After set memory parameters for running domain, save the change to live
	xml is needed otherwise it will disappear after restart libvirtd.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1211548

	virsh: improve the error for wrong memtune parameters
	When set guest memory with a invalid parameter of --soft-limit,
	it posts weird error:
	$ virsh memtune r7 --hard-limit 20417224 --soft-limit 9007199254740992 \
	  --swap-hard-limit 35417224
	error: Unable to parse integer parameter 'NAME
	Change it to
	error: Unable to parse integer parameter soft-limit
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1211550

2015-04-14  John Ferlan  <jferlan@redhat.com>

	qemu: Use 'idx' instead of 'index' for variable name
	Apparently for Xen-devel 'index' is a global and causes a build failure,
	so just use the shortened 'idx' instead to avoid the conflict.

2015-04-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor qemuDomainBlockJobAbort()
	Change few variable names and refactor the code flow. As an additional
	bonus the function now fails if the event state is not as expected.

	qemu: drivePivot: Fix assumption when 'block-job-complete' fails
	QEMU does not abandon the mirror. The job carries on in the synchronised
	phase and it might be either pivoted again or cancelled. The commit
	hints that the described behavior was happening in a downstream version.
	If the command returns false there are two possible options:
	1) qemu did not reach the point where it would ask the block job to
	pivot
	2) pivotting failed in the actual qemu coroutine
	If either of those would happen we return failure and reset the
	condition that waits for the block job to complete. This makes the API
	fail but in case where qemu would actually abandon the mirror the fact
	is notified via the event and handled asynchronously.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1202704

	qemu: blockPull: Refactor the rest of qemuDomainBlockJobImpl
	Since it now handles only block pull code paths we can refactor it and
	remove tons of cruft.

	qemu: blockjob: Separate qemuDomainBlockJobAbort from qemuDomainBlockJobImpl
	Sacrifice a few lines of code in favor of the code being more readable.

	qemu: blockjob: Split qemuDomainBlockJobSetSpeed from qemuDomainBlockJobImpl
	qemuDomainBlockJobImpl become an unmaintainable mess over the years of
	adding new stuff to it. This patch starts splitting up individual
	functions from it until it can be killed entirely.
	In bulk this will add lines of code rather than delete them but it will
	be traded for maintainability.

	qemu: monitor: Extract handling of JSON block job error codes
	My intention is to split qemuMonitorJSONBlockJob() into simpler separate
	functions for every block job type. Since the error handling code is the
	same for all block jobs, this patch extracts the code into a separate
	function that will later be reused in more places.
	With the new helper qemuMonitorJSONErrorIsClass we can save a few
	function calls as we can extract the error object once.

	qemu: monitor: json: Refactor error code class checker
	Split out the function that checks the actual error class string into a
	separate helper as it will be useful later and refactor
	qemuMonitorJSONHasError to return bool type and remove few useless
	checks.
	Basically virJSONValueObjectHasKey are useless here since the next call
	to virJSONValueObjectGet is checking the return value again (which can't
	fail at that point). By removing the first check we save a function
	call.

	qemu: Fix condition for checking vcpu when pinning vcpus
	Previously we checked that the vcpu we are trying to set is in range of
	the number of threads presented by qemu. The problem is that if the VM
	is offline the count is 0. Since the condition subtracted 1 from the
	count the number would overflow and the check would never trigger.
	Change the condition for more sensible ones with specific error
	messages.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1208434

	conf: Refactor virDomainVcpuPinDefParseXML
	Refactor the code to parse the vcpupin in a similar way the iothreadpin
	code is now structured. This allows to get rid of some very strange
	conditions and error messages.
	Additionally since a existing bug
	( https://bugzilla.redhat.com/show_bug.cgi?id=1208434 ) allows to add
	vcpupin definitions for vcpus that don't exist, this patch makes the
	parser to ignore all vcpupins that don't have a matching vCPU in the
	definition rather than just offlined ones.

	conf: Error out if iothread id is missing in iothreadpin
	Defining a domain with the following config:
	<domain ...>
	  ...
	  <iothreads>1</iothreads>
	  <cputune>
	    <iothreadpin cpuset='1'/>
	will result in the following config formatted back:
	<domain type='kvm'>
	  ...
	  <iothreads>1</iothreads>
	  <cputune>
	    <iothreadpin iothread='0' cpuset='1'/>
	After restart the VM would vanish. Since our schema requires the
	@iothread field to be present in <iothreadpin> make it required by the
	code too.

	conf: Split up virDomainVcpuPinDefParseXML
	Extract part that parses iothreads into virDomainIothreadPinDefParseXML

	conf: Split out parsing of emulatorpin
	Split up parts of virDomainVcpuPinDefParseXML into
	virDomainEmulatorPinDefParseXML.

	lib: snapshot: Explain that only one layer of images is inserted
	When creating a snapshot with _REUSE_EXTERNAL when the pre-created image
	does not directly link to the current active layer libvirt would
	re-detect the backing chain incorrectly and it would not match with
	qemu's view. Since the configuration is an operator mistake, document
	that only the top layer image gets inserted.

	qemu: Enforce WWN to be unique among VM's disks
	Operating systems use the identifier to name the disks. As the name
	suggests the ID should be unique.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1208009

	conf: ABI: Check WWN in disk abi stability check
	Since the WWN influences guest behavior in naming disks we should treat
	this as vm ABI.

2015-04-14  John Ferlan  <jferlan@redhat.com>

	Convert virDomainPinIsDuplicate into bool return

	Rename qemuCheckIothreads to qemuCheckIOThreads

2015-04-13  Ján Tomko  <jtomko@redhat.com>

	Rewrite vshParseCPUList
	Use virBitmap helpers that were added after this function.
	Change cpumaplen to int and fill it out by this function.

	Rewrite vshPrintPinInfo
	Use virBitmapDataToString instead of constructing the ranges bit
	by bit, remove the checking of parameters (that is already done
	by the callers).
	Let the callers choose the right bitmap, since there's only
	one that uses this helper on a matrix-in-an-array.

2015-04-13  Alexander Burluka  <aburluka@parallels.com>

	Parallels: implemented domainAttachDevice
	That function uses domainAttachDeviceFlags

	Parallels: implement domainAttachDeviceFlags
	Parallels Cloud Server supports block devices and virtual NIC
	live attachment. I implemented that function for block devices so
	OpenStack volume attachment is now works.

	Parallels: remove disk serial number check
	OpenStack needs disk serial number setup because
	nova boot --block-device-mapping command generates that param in
	libvirt xml. I took QEMU libvirt driver behavior as a base.
	QEMU driver skips inability to set serial and continues work.
	So Parallels driver will ignore this param too and let domain
	boot.

2015-04-13  Ján Tomko  <jtomko@redhat.com>

	Remove overengineered loop
	Do not loop over enum with one value.

	Introduce struct _virStorageBackendQemuImgInfo
	This will contain the data required for creating the qemu-img
	command line without having access to the volume definition.

	Rename virStorageBackendCreateQemuImgCmd
	Add FromVol at the end. This function will create the qemu-img
	command line from volume definitions and check them.

	Use XPath when parsing snapshot disk definition
	Instead of going through XML nodes in a loop and
	having to check if they are duplicate.

	Split out storage format 'compat' attribute sanity check
	For future reuse in the snapshot XML.

2015-04-13  Erik Skultety  <eskultet@redhat.com>

	virBitmap: Place virBitmapIsAllClear check after virBitmapParse calls
	This patch adds checks for empty bitmaps right after the calls of
	virBitmapParse. These only include spots where set API's are called and
	where domain's XML is parsed.
	Also, it partially reverts commit 983f5a which added a check for
	invalid nodeset "0,^0" into virBitmapParse function. This change broke
	the logic, as an empty bitmap should not cause an error.
	https://bugzilla.redhat.com/show_bug.cgi?id=1210545

2015-04-13  Ján Tomko  <jtomko@redhat.com>

	Remove feature formating funcs from pool-specific options
	We only have one formatting function for the features.

	Visually separate snapshot disk subelements
	Create four smaller blocks of texts instead of one large one.

	Rewrite usb device version parsing
	Simplify the function by leaving out the local copy and checking
	return values of virStrToLong.

	Fix usb device version parsing issues
	Request that the number be parsed as decimal, to allow 08
	and 09.
	Format it with the leading zero, 1.01 and 1.10 are two
	different versions.
	https://bugzilla.redhat.com/show_bug.cgi?id=1210650

	Do xml->xml test for usb-redir-filter
	We don't format the default '-1' fields back.

	Do not require virtio-pci devices when using virtio-mmio
	On arm, we probe for virtio-*-pci devices, but use their
	virtio-*-device variants.
	Set the capabilities based on the -device variants as well,
	to make them work with qemus with the PCI devices compiled out.

2015-04-13  Michal Privoznik  <mprivozn@redhat.com>

	qemuMigrationPrecreateStorage: Fix debug message
	When pre-creating storage for domains, we need to find corresponding
	disk in the XML on the destination (domain XML may differ there, e.g.
	disk is accessible under different path). For better debugging, I'm
	printing all info I received on a disk. But there was a typo when
	printing the disk capacity: "%lluu" instead of "%llu".

2015-04-13  Xing Lin  <xinglin@cs.utah.edu>

	qemu_migration.c: sleep first before checking for migration status.
	The problem with the previous implementation is,
	even when qemuMigrationUpdateJobStatus() detects a migration job
	has completed, it will do a sleep for 50 ms (which is unnecessary
	and only adds up to the VM pause time).

2015-04-13  Andrea Bolognani  <abologna@redhat.com>

	conf: Don't output <cpu> tag if it contains no information.
	The tag is already marked as optional in the schema, so no changes
	are needed there.
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1202606

2015-04-11  John Ferlan  <jferlan@redhat.com>

	qemu: qemuDomainHotplugVcpus - separate out pin adjustment code
	Future IOThread setting patches would copy the code anyway, so create
	and generalize the adding of pindef for the vcpu and the pinning of the
	thread into their own APIs.

2015-04-10  Dmitry Guryanov  <dguryanov@parallels.com>

	AUTHORS: Add my email address to AUTHORS.in

2015-04-10  Ján Tomko  <jtomko@redhat.com>

	Support IPv6 in networkGetNetworkAddress
	We've been explicitly requesting IPv4 for some reason,
	even if there were only IPv6 addresses in the network
	definition.
	https://bugzilla.redhat.com/show_bug.cgi?id=1192318

2015-04-10  Luyao Huang  <lhuang@redhat.com>

	util: Update virNetDevGetIPAddress to get IPv6 addresses
	Add static virNetDevGetifaddrsAddress to attempt to get the interface
	IP address. If getifaddrs is not supported, fall back to
	virNetDevGetIPv4AddressIoctl to get the IP address.
	This allows IPv6 addresses to be used for <listen type='network>
	with device-backed networks.
	https://bugzilla.redhat.com/show_bug.cgi?id=1192318

2015-04-10  John Ferlan  <jferlan@redhat.com>

	util: Replace virNetDevGetIPv4Address with virNetDevGetIPAddress
	Rename it to virNetDevGetIPv4AddressIoctl and make
	virNetDevGetIPAddress a wrapper around it, allowing
	other ways of getting the address to be implemented,
	and still falling back to the old method.

2015-04-10  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: fix virDomainDefineXML for domain in saved state
	PCS doesn't store domain config in managed save state file.
	It's forbidden to change config for VMs in this state.
	It's possible to change config for containers, but after
	restoring domain will have that new config, not a config,
	which domain had at the moment of virDomainManagedSave.
	So we need to handle this case differently from other states.
	Let's forbid this operation, if config is changed and if it's
	not changed - just do nothing.
	Openstack/nova calls virDomainDefineXML on resume with
	current domain config, so we can't forbid this operation
	in managed save state.

	conf: fix virDomainDefFormatInternal for parallels
	We should add input devices with proper bus,
	not VIR_DOMAIN_INPUT_BUS_XEN.

	conf: fix virDomainDefParseXML for parallels
	Handle input devices in virDomainDefParseXML properly
	in case of parallels containers and VMs.
	Parallels containers support only
	VIR_DOMAIN_INPUT_BUS_PARALLELS. And if VNC is enabled
	we should add implicit mouse and keyboard.
	For VMs we should add implicit PS/2 mouse and
	keyboard.
	BTW, is it worth to refactor code and move
	all this code to drivers, to *DomainDefPostParse
	functions?

	parallels: add implicit input devices
	Add implicit input devices in parallelsLoadDomains,
	when VNC is enabled.

	conf: add input device type for parallels containers
	Add VIR_DOMAIN_INPUT_BUS_PARALLELS device type
	to handle domain configuration properly for
	parallels containers, when VNC is enabled.
	When domain configuration has at least one
	'graphics', there should be mouse and keyboard.

	conf: return proper default video type for parallels
	Fix function virDomainVideoDefaultType for
	parallels VMs and containers. It should return
	VGA for VMs and VIR_DOMAIN_VIDEO_TYPE_PARALLELS
	for containers.

	conf: add VIR_DOMAIN_VIDEO_TYPE_PARALLELS video type
	We support VNC for containers to have the same
	interface with VMs. At this moment it just renders
	linux text console.
	Of course we don't pass any physical devices and
	don't emulate virtual devices. Our VNC server
	renders text from terminal master and sends
	input events from VNC client to terminal.
	So add special video type VIR_DOMAIN_VIDEO_TYPE_PARALLELS
	for these pseudo-devices.

	parallels: don't fill net adapter model for containers
	Network adapter model has no sense for container,
	so we shouldn't set it to e1000 in
	parallelsDomainDeviceDefPostParse.

	parallels: fill adapter model in virDomainNetDef
	We handle this parameter for VMs while defining
	domains, so let's get this property from PCS and
	set corresponding field of virDomainNetDef in
	prlsdkLoadDomains function.

	parallels: add controllers in prlsdkLoadDomain
	Call virDomainDefAddImplicitControllers to add disk
	controllers, so virDomainDef, filled by this function
	will look exactly like the one returned by virDomainDefParseString.

	parallels: report, that cdroms are readonly
	Set readonly flag for cdrom devices when we
	retrieve a list of domains from PCS.

	parallels: implement virDomainManagedSave
	Implement virDomainManagedSave api function. In PCS
	this feature called "suspend". You can suspend VM or
	CT while it is in running or paused state. And after
	resuming (or starting) it will have the same state, as
	before suspend.

	parallels: split prlsdkDomainChangeState function
	Split function prlsdkDomainChangeState into
	prlsdkDomainChangeStateLocked and prlsdkDomainChangeState.
	So it can be used from places, where virDomainObj already
	found and locked.

	parallels: fix headers in parallels_sdk.h
	Return value of functions prlsdkStart/Kill/Stop e.t.c.
	is PRL_RESULT in parallels_sdk.c and int in parallels_sdk.h.
	PRL_RESULT is int, so compiler didn't report errors.
	Let's fix the difference.

2015-04-10  John Ferlan  <jferlan@redhat.com>

	qemu: qemuDomainHotplugVcpus - separate out the del cgroup and pin
	Future IOThread setting patches would copy the code anyway, so create
	and generalize a delete cgroup and pindef for the vcpu into its own API.

	qemu: qemuDomainHotplugVcpus - separate out the add cgroup
	Future IOThread setting patches would copy the code anyway, so create
	and generalize the add the vcpu to a cgroup into its own API.

	cgroup: Use virCgroupNewThread
	Replace the virCgroupNew{Vcpu|Emulator|IOThread} calls with the common
	virCgroupNewThread API

	cgroup: Introduce virCgroupNewThread
	Create a new common API to replace the virCgroupNew{Vcpu|Emulator|IOThread}
	API's using an emum to generate the cgroup name

	storage: Don't duplicate efforts of backend driver
	https://bugzilla.redhat.com/show_bug.cgi?id=1206521
	If the backend driver updates the pool available and/or allocation values,
	then the storage_driver VolCreateXML, VolCreateXMLFrom, and VolDelete APIs
	should not change the value; otherwise, it will appear as if the values
	were "doubled" for each change.  Additionally since unsigned arithmetic will
	be used depending on the size and operation, either or both values could be
	appear to be much larger than they should be (in the EiB range).
	Currently only the disk pool updates the values, but other pools could.
	Assume a "fresh" disk pool of 500 MiB using /dev/sde:
	$ virsh pool-info disk-pool
	...
	Capacity:       509.88 MiB
	Allocation:     0.00 B
	Available:      509.84 MiB
	$ virsh vol-create-as disk-pool sde1 --capacity 300M
	$ virsh pool-info disk-pool
	...
	Capacity:       509.88 MiB
	Allocation:     600.47 MiB
	Available:      16.00 EiB
	Following assumes disk backend updated to refresh the disk pool at deletion
	of primary partition as well as extended partition:
	$ virsh vol-delete --pool disk-pool sde1
	Vol sde1 deleted
	$ virsh pool-info disk-pool
	...
	Capacity:       509.88 MiB
	Allocation:     9.73 EiB
	Available:      6.27 EiB
	This patch will check if the backend updated the pool values and honor that
	update.

	storage: Need to update freeExtent at delete primary partition
	Commit id '471e1c4e' only considered updating the pool if the extended
	partition was removed. As it turns out removing a primary partition
	would also need to update the freeExtent list otherwise the following
	sequence would fail (assuming a "fresh" disk pool for /dev/sde of 500M):
	$  virsh pool-info disk-pool
	...
	Capacity:       509.88 MiB
	Allocation:     0.00 B
	Available:      509.84 MiB
	$ virsh vol-create-as disk-pool sde1 --capacity 300M
	$ virsh vol-delete --pool disk-pool sde1
	$ virsh vol-create-as disk-pool sde1 --capacity 300M
	error: Failed to create vol sde1
	error: internal error: no large enough free extent
	$
	This patch will refresh the pool, rereading the partitions, and
	return

	storage: Fix issues in storageVolResize
	https://bugzilla.redhat.com/show_bug.cgi?id=1073305
	When creating a volume in a pool, the creation allows the 'capacity'
	value to be larger than the available space in the pool. As long as
	the 'allocation' value will fit in the space, the volume will be created.
	However, resizing the volume checks were made with the new absolute
	capacity value against existing capacity + the available space without
	regard for whether the new absolute capacity was actually allocating
	space or not.  For example, a pool with 75G of available space creates
	a volume of 10G using a capacity of 100G and allocation of 10G will succeed;
	however, if the allocation used a capacity of 10G instead and then tried
	to resize the allocation to 100G the code would fail to allow the backend
	to try the resize.
	Furthermore, when updating the pool "available" and "allocation" values,
	the resize code would just "blindly" adjust them regardless of whether
	space was "allocated" or just "capacity" was being adjusted.  This left
	a scenario whereby a resize to 100G would fail; however, a resize to 50G
	followed by one to 100G would both succeed.  Again, neither was adjusting
	the allocation value, just the "capacity" value.
	This patch adds more logic to the resize code to understand whether the
	new capacity value is actually "allocating" space as well and whether it
	shrinking or expanding. Since unsigned arithmatic is involved, the possibility
	that we adjust the pool size values incorrectly is probable.
	This patch also ensures that updates to the pool values only occur if we
	actually performed the allocation.
	NB: The storageVolDelete, storageVolCreateXML, and storageVolCreateXMLFrom
	each only updates the pool allocation/availability values by the target
	volume allocation value.

2015-04-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Avoid shadow of 'sync' symbol
	Old compilers whine that 'sync' is being shadowed in the function
	introduced in 1eccac1d2da7bbe97e1df25fd0ddac6e71b0794a.

	qemu: blockPivot: Don't pause the VM any more since we don't use drive-reopen
	Support for drive-reopen was never present in the upstream code so we
	don't need to pause the VM when doing the block pivot. Kill all the
	code related to this semi-upstream artifact.

	qemu: Clean up old leftovers in qemuMonitorDrivePivot
	There are two leftover unused variables. Remove them and clean up the
	fallout of the change.

	qemu: blockjob: Use the new helpers in qemuDomainGetBlockJobInfo
	Refactor the function to use the new helpers.

	qemu: domain: Add helper to check block job support
	We need to check that qemu supports block jobs in multiple places. Add a
	helper to do the check.

	qemu: domain: Introduce helper to retrieve domain monitor object
	In some cases where the function does not need to access the private
	data this helper may be used to retrieve the monitor object.

2015-04-09  Erik Skultety  <eskultet@redhat.com>

	doc: Add info (where necessary) that paths should be specified as absolute
	We documented this almost everywhere, but missed it on several places.
	https://bugzilla.redhat.com/show_bug.cgi?id=1208763

2015-04-09  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Open /proc/PID/ns/* read-only to avoid getting permission denied
	lxc-enter-namespace stopped working on recent kernels (at least 3.19+)
	due to /proc/PID/ns/* file descriptors being opened RW. From outside
	the namespace these can only be opened RO.

	Apparmor qemu abstraction fixes for SLES
	SLES 11 has legacy qemu-kvm package, /usr/bin/qemu-kvm and
	/usr/share/qemu-kvm need to be accessed to domains.

2015-04-09  Lubomir Rintel  <lkundrak@v3.sk>

	lxc: create the required directories upon driver start
	/var/run may reside on a tmpfs and we fail to create the PID file if
	/var/run/lxc does not exist.
	Since commit 0a8addc1, the lxc driver's state directory isn't
	automatically created before starting a domain. Now, the lxc driver
	makes sure the state directory exists when it initializes.

2015-04-09  Peter Krempa  <pkrempa@redhat.com>

	util: file: Don't carelessly sanitize URIs
	rfc3986 states that the separator in URI path is a single slash.
	Multiple slashes may potentially lead to different resources and thus we
	should not remove them.

	test: Add tests for virFileSanitizePath
	Add test infrastructure for virFileSanitizePath so that it can be
	sensibly refactored later.

2015-04-08  Michal Privoznik  <mprivozn@redhat.com>

	virLXCControllerSetupResourceLimits: Call virNuma*() iff needed
	Like we are doing in qemu driver (ea576ee543d6fb95583), lets call
	virNumaSetupMemoryPolicy() only if really needed. Problem is, if
	we numa_set_membind() child, there's no way to change it from the
	daemon afterwards. So any later attempts to change the pinning
	will fail. But in very weird way - CGroups will be set, but due
	to membind child will not allocate memory from any other node.

2015-04-08  Luyao Huang  <lhuang@redhat.com>

	fix memleak in qemuRestoreCgroupState
	 131,088 bytes in 16 blocks are definitely lost in loss record 2,174 of 2,176
	    at 0x4C29BFD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	    by 0x4C2BACB: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	    by 0x52A026F: virReallocN (viralloc.c:245)
	    by 0x52BFCB5: saferead_lim (virfile.c:1268)
	    by 0x52C00EF: virFileReadLimFD (virfile.c:1328)
	    by 0x52C019A: virFileReadAll (virfile.c:1351)
	    by 0x52A5D4F: virCgroupGetValueStr (vircgroup.c:763)
	    by 0x1DDA0DA3: qemuRestoreCgroupState (qemu_cgroup.c:805)
	    by 0x1DDA0DA3: qemuConnectCgroup (qemu_cgroup.c:857)
	    by 0x1DDB7BA1: qemuProcessReconnect (qemu_process.c:3694)
	    by 0x52FD171: virThreadHelper (virthread.c:206)
	    by 0x82B8DF4: start_thread (pthread_create.c:308)
	    by 0x85C31AC: clone (clone.S:113)

2015-04-08  Dawid Zamirski  <dzamirski@datto.com>

	vbox: Implement virDomainSendKey
	Since the holdtime is not supported by VBOX SDK, it's being simulated
	by sleeping before sending the key-up codes. The key-up codes are
	auto-generated based on XT codeset rules (adding of 0x80 to key-down)
	which results in the same behavior as for QEMU implementation.

	vbox: Register IKeyboard with the unified API.
	The IKeyboard COM object is needed to implement virDomainSendKey and is
	available in all supported VBOX versions.

2015-04-08  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessHook: Call virNuma*() only when needed
	https://bugzilla.redhat.com/show_bug.cgi?id=1198645
	Once upon a time, there was a little domain. And the domain was pinned
	onto a NUMA node and hasn't fully allocated its memory:
	  <memory unit='KiB'>2355200</memory>
	  <currentMemory unit='KiB'>1048576</currentMemory>
	  <numatune>
	    <memory mode='strict' nodeset='0'/>
	  </numatune>
	Oh little me, said the domain, what will I do with so little memory.
	If I only had a few megabytes more. But the old admin noticed the
	whimpering, barely audible to untrained human ear. And good admin he
	was, he gave the domain yet more memory. But the old NUMA topology
	witch forbade to allocate more memory on the node zero. So he
	decided to allocate it on a different node:
	virsh # numatune little_domain --nodeset 0-1
	virsh # setmem little_domain 2355200
	The little domain was happy. For a while. Until bad, sharp teeth
	shaped creature came. Every process in the system was afraid of him.
	The OOM Killer they called him. Oh no, he's after the little domain.
	There's no escape.
	Do you kids know why? Because when the little domain was born, her
	father, Libvirt, called numa_set_membind(). So even if the admin
	allowed her to allocate memory from other nodes in the cgroups, the
	membind() forbid it.
	So what's the lesson? Libvirt should rely on cgroups, whenever
	possible and use numa_set_membind() as the last ditch effort.

	vircgroup: Introduce virCgroupControllerAvailable
	This new internal API checks if given CGroup controller is
	available.  It is going to be needed later when we need to make a
	decision whether pin domain memory onto NUMA nodes using cpuset
	CGroup controller or using numa_set_membind().

2015-04-08  Michael Chapman  <mike@very.puzzling.org>

	qemu_driver: check caps after starting block job
	Currently we check qemuCaps before starting the block job. But qemuCaps
	isn't available on a stopped domain, which means we get a misleading
	error message in this case:
	  # virsh domstate example
	  shut off
	  # virsh blockjob example vda
	  error: unsupported configuration: block jobs not supported with this QEMU binary
	Move the qemuCaps check into the block job so that we are guaranteed the
	domain is running.

	qemu_migrate: use nested job when adding NBD to cookie
	qemuMigrationCookieAddNBD is usually called from within an async
	MIGRATION_OUT or MIGRATION_IN job, so it needs to start a nested job.
	(The one exception is during the Begin phase when change protection
	isn't enabled, but qemuDomainObjEnterMonitorAsync will behave the same
	as qemuDomainObjEnterMonitor in this case.)
	This bug was encountered with a libvirt client that repeatedly queries
	the disk mirroring block job info during a migration. If one of these
	queries occurs just as the Perform migration cookie is baked, libvirt
	crashes.
	Relevant logs are as follows:
	    6701: warning : qemuDomainObjEnterMonitorInternal:1544 : This thread seems to be the async job owner; entering monitor without asking for a nested job is dangerous
	[1] 6701: info : qemuMonitorSend:972 : QEMU_MONITOR_SEND_MSG: mon=0x7fefdc004700 msg={"execute":"query-block","id":"libvirt-629"}
	[2] 6699: info : qemuMonitorIOWrite:503 : QEMU_MONITOR_IO_WRITE: mon=0x7fefdc004700 buf={"execute":"query-block","id":"libvirt-629"}
	[3] 6704: info : qemuMonitorSend:972 : QEMU_MONITOR_SEND_MSG: mon=0x7fefdc004700 msg={"execute":"query-block-jobs","id":"libvirt-630"}
	[4] 6699: info : qemuMonitorJSONIOProcessLine:203 : QEMU_MONITOR_RECV_REPLY: mon=0x7fefdc004700 reply={"return": [...], "id": "libvirt-629"}
	    6699: error : qemuMonitorJSONIOProcessLine:211 : internal error: Unexpected JSON reply '{"return": [...], "id": "libvirt-629"}'
	At [1] qemuMonitorBlockStatsUpdateCapacity sends its request, then waits
	on mon->notify. At [2] the request is written out to the monitor socket.
	At [3] qemuMonitorBlockJobInfo sends its request, and also waits on
	mon->notify. The reply from the first request is received at [4].
	However, qemuMonitorJSONIOProcessLine is not expecting this reply since
	the second request hadn't completed sending. The reply is dropped and an
	error is returned.
	qemuMonitorIO signals mon->notify twice during its error handling,
	waking up both of the threads waiting on it. One of them clears mon->msg
	as it exits qemuMonitorSend; the other crashes:
	  qemuMonitorSend (mon=0x7fefdc004700, msg=<value optimized out>) at qemu/qemu_monitor.c:975
	  975         while (!mon->msg->finished) {
	  (gdb) print mon->msg
	  $1 = (qemuMonitorMessagePtr) 0x0

2015-04-08  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: delete old networks in prlsdkDoApplyConfig before adding new ones
	In order to change an existing domain we delete all existing devices and add
	new from scratch. In case of network devices we should also delete corresponding
	virtual networks (if any) before removing actual devices from xml. In the patch,
	we do it by extending prlsdkDoApplyConfig with a new parameter, which stands for
	old xml, and calling prlsdkDelNet every time old xml is specified.

2015-04-08  Michael Chapman  <mike@very.puzzling.org>

	util: fix removal of callbacks in virCloseCallbacksRun
	The close callbacks hash are keyed by a UUID-string, but
	virCloseCallbacksRun was attempting to remove them by raw UUID. This
	patch ensures the callback entries are removed by UUID-string as well.
	This bug caused problems when guest migrations were abnormally aborted:
	  # timeout --signal KILL 1 \
	      virsh migrate example qemu+tls://remote/system \
	        --verbose --compressed --live --auto-converge \
	        --abort-on-error --unsafe --persistent \
	        --undefinesource --copy-storage-all --xml example.xml
	  Killed
	  # virsh migrate example qemu+tls://remote/system \
	      --verbose --compressed --live --auto-converge \
	      --abort-on-error --unsafe --persistent \
	      --undefinesource --copy-storage-all --xml example.xml
	  error: Requested operation is not valid: domain 'example' is not being migrated

	qemu: fix race between disk mirror fail and cancel
	If a VM migration is aborted, a disk mirror may be failed by QEMU before
	libvirt has a chance to cancel it. The disk->mirrorState remains at
	_ABORT in this case, and this breaks subsequent mirrorings of that disk.
	We should instead check the mirrorState directly and transition to _NONE
	if it is already aborted. Do the check *after* aborting the block job in
	QEMU to avoid a race.

	qemu: fix error propagation in qemuMigrationBegin
	If virCloseCallbacksSet fails, qemuMigrationBegin must return NULL to
	indicate an error occurred.

	qemu: fix crash in qemuProcessAutoDestroy
	The destination libvirt daemon in a migration may segfault if the client
	disconnects immediately after the migration has begun:
	  # virsh -c qemu+tls://remote/system list --all
	   Id    Name                           State
	  ----------------------------------------------------
	  ...
	  # timeout --signal KILL 1 \
	      virsh migrate example qemu+tls://remote/system \
	        --verbose --compressed --live --auto-converge \
	        --abort-on-error --unsafe --persistent \
	        --undefinesource --copy-storage-all --xml example.xml
	  Killed
	  # virsh -c qemu+tls://remote/system list --all
	  error: failed to connect to the hypervisor
	  error: unable to connect to server at 'remote:16514': Connection refused
	The crash is in:
	   1531 void
	   1532 qemuDomainObjEndJob(virQEMUDriverPtr driver, virDomainObjPtr obj)
	   1533 {
	   1534     qemuDomainObjPrivatePtr priv = obj->privateData;
	   1535     qemuDomainJob job = priv->job.active;
	   1536
	   1537     priv->jobs_queued--;
	Backtrace:
	  #0  at qemuDomainObjEndJob at qemu/qemu_domain.c:1537
	  #1  in qemuDomainRemoveInactive at qemu/qemu_domain.c:2497
	  #2  in qemuProcessAutoDestroy at qemu/qemu_process.c:5646
	  #3  in virCloseCallbacksRun at util/virclosecallbacks.c:350
	  #4  in qemuConnectClose at qemu/qemu_driver.c:1154
	  ...
	qemuDomainRemoveInactive calls virDomainObjListRemove, which in this
	case is holding the last remaining reference to the domain.
	qemuDomainRemoveInactive then calls qemuDomainObjEndJob, but the domain
	object has been freed and poisoned by then.
	This patch bumps the domain's refcount until qemuDomainRemoveInactive
	has completed. We also ensure qemuProcessAutoDestroy does not return the
	domain to virCloseCallbacksRun to be unlocked in this case. There is
	similar logic in bhyveProcessAutoDestroy and lxcProcessAutoDestroy
	(which call virDomainObjListRemove directly).

2015-04-08  Michal Privoznik  <mprivozn@redhat.com>

	virQEMUDriverGetConfig: Fix memleak
	==19015== 968 (416 direct, 552 indirect) bytes in 1 blocks are definitely lost in loss record 999 of 1,049
	==19015==    at 0x4C2C070: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==19015==    by 0x52ADF14: virAllocVar (viralloc.c:560)
	==19015==    by 0x5302FD1: virObjectNew (virobject.c:193)
	==19015==    by 0x1DD9401E: virQEMUDriverConfigNew (qemu_conf.c:164)
	==19015==    by 0x1DDDF65D: qemuStateInitialize (qemu_driver.c:666)
	==19015==    by 0x53E0823: virStateInitialize (libvirt.c:777)
	==19015==    by 0x11E067: daemonRunStateInit (libvirtd.c:905)
	==19015==    by 0x53201AD: virThreadHelper (virthread.c:206)
	==19015==    by 0xA1EE1F2: start_thread (in /lib64/libpthread-2.19.so)
	==19015==    by 0xA4EFC8C: clone (in /lib64/libc-2.19.so)

	virDomainVirtioSerialAddrSetFree: Fix memleak
	==19015== 8 bytes in 1 blocks are definitely lost in loss record 34 of 1,049
	==19015==    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==19015==    by 0x4C2C32F: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==19015==    by 0x52AD888: virReallocN (viralloc.c:245)
	==19015==    by 0x52AD97E: virExpandN (viralloc.c:294)
	==19015==    by 0x52ADC51: virInsertElementsN (viralloc.c:436)
	==19015==    by 0x5335864: virDomainVirtioSerialAddrSetAddController (domain_addr.c:816)
	==19015==    by 0x53358E0: virDomainVirtioSerialAddrSetAddControllers (domain_addr.c:839)
	==19015==    by 0x1DD5513B: qemuDomainAssignVirtioSerialAddresses (qemu_command.c:1422)
	==19015==    by 0x1DD55A6E: qemuDomainAssignAddresses (qemu_command.c:1711)
	==19015==    by 0x1DDA5818: qemuProcessStart (qemu_process.c:4616)
	==19015==    by 0x1DDF1807: qemuDomainObjStart (qemu_driver.c:7265)
	==19015==    by 0x1DDF1A66: qemuDomainCreateWithFlags (qemu_driver.c:7320)

	qemuSetupCgroupForVcpu: Fix memleak
	==19015== 1,064 (656 direct, 408 indirect) bytes in 2 blocks are definitely lost in loss record 1,002 of 1,049
	==19015==    at 0x4C2C070: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==19015==    by 0x52AD74B: virAlloc (viralloc.c:144)
	==19015==    by 0x52B47CA: virCgroupNew (vircgroup.c:1057)
	==19015==    by 0x52B53E5: virCgroupNewVcpu (vircgroup.c:1451)
	==19015==    by 0x1DD85A40: qemuSetupCgroupForVcpu (qemu_cgroup.c:1013)
	==19015==    by 0x1DDA66EA: qemuProcessStart (qemu_process.c:4844)
	==19015==    by 0x1DDF1807: qemuDomainObjStart (qemu_driver.c:7265)
	==19015==    by 0x1DDF1A66: qemuDomainCreateWithFlags (qemu_driver.c:7320)
	==19015==    by 0x1DDF1ACD: qemuDomainCreate (qemu_driver.c:7337)
	==19015==    by 0x53F87EA: virDomainCreate (libvirt-domain.c:6820)
	==19015==    by 0x12690A: remoteDispatchDomainCreate (remote_dispatch.h:3481)
	==19015==    by 0x126827: remoteDispatchDomainCreateHelper (remote_dispatch.h:3457)

2015-04-07  Erik Skultety  <eskultet@redhat.com>

	storage: Introduce storagePoolUpdateAllState function
	The 'checkPool' callback was originally part of the storageDriverAutostart function,
	but the pools need to be checked earlier during initialization phase,
	otherwise we can't start a domain which mounts a volume after the
	libvirtd daemon restarted. This is because qemuProcessReconnect is called
	earlier than storageDriverAutostart. Therefore the 'checkPool' logic has been
	moved to storagePoolUpdateAllState which is called inside storageDriverInitialize.
	We also need a valid 'conn' reference to be able to execute 'refreshPool'
	during initialization phase. Though it isn't available until storageDriverAutostart
	all of our storage backends do ignore 'conn' pointer, except for RBD,
	but RBD doesn't support 'checkPool' callback, so it's safe to pass
	conn = NULL in this case.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1177733

	conf: Introduce virStoragePoolLoadAllState && virStoragePoolLoadState
	These functions operate exactly the same as their network equivalents
	virNetworkLoadAllState, virNetworkLoadState.

	storage: Add support for storage pool state XML
	This patch introduces new virStorageDriverState element stateDir.
	Also adds necessary changes to storageStateInitialize, so that
	directories initialization becomes more generic.

2015-04-07  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	hostdev: Report the domain name for used hostdevs during nodedev-detach
	The nodedev-detach can report the name of the domain using the device
	just the way nodedev-reattach does it.

2015-04-07  Cole Robinson  <crobinso@redhat.com>

	virsh: Improve change-media success message
	$ sudo virsh change-media f19 hdc /mnt/data/devel/media/Fedora-16-x86_64-Live-KDE.iso
	succeeded to complete action update on media
	Change the message to:
	  Successfully {inserted,ejected,changed} media.
	https://bugzilla.redhat.com/show_bug.cgi?id=967946

2015-04-07  Laine Stump  <laine@laine.org>

	interface: allow multiple IPv4 addresses in interface XML
	An upcoming netcf release will support multiple ipv4 addresses, so
	let's loosen up libvirt's interface.rng to allow it.

2015-04-03  Jiri Denemark  <jdenemar@redhat.com>

	virsh.pod: Remove redundant --config from attach-interface

2015-04-03  Noella Ashu  <ashu.noella207@gmail.com>

	libvirt: virsh: Kill all uses of __FUNCTION__ in error messages
	The error output of snapshot-revert should be more friendly.
	There is no need to show virDomainRevertToSnapshot to user.
	virReportError already includes __FUNCTION__ information in a
	separate member of the struct, so repeating it in the message is
	redundant and leads to situations where higher level code ends up
	reporting the lower level name. We correctly converted the error
	output making it more succinct and user-friendly.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1086726

2015-04-03  Luyao Huang  <lhuang@redhat.com>

	virsh: Fix domifaddr output in quiet mode
	In virsh we have two printing functions: vshPrint() which prints a
	string onto stdout and vshPrintExtra() which does not print anything
	if virsh is run in quiet mode. Usually, the former is used to print
	actual results, while the latter to print strings like table headers
	and other formatting stuff. However, in cmdDomIfAddr we have
	mistakenly used vshPrintExtra even for actual data. After this patch,
	the output should look like the following:
	  # virsh -q domifaddr test3 --source agent
	  lo         00:00:00:00:00:00    ipv4         127.0.0.1/8
	  -          -                    ipv6         ::1/128
	  ens8       52:54:00:1a:cb:3f    ipv6         fe80::5054:ff:fe1a:cb3f/64
	  virbr0     52:54:00:db:51:e7    ipv4         192.168.122.1/24
	  virbr0-nic 52:54:00:db:51:e7    N/A          N/A

2015-04-03  Dawid Zamirski  <dzamirski@datto.com>

	esx: esxNodeGetFreeMemory return info from host.
	Before this patch, when connected via vCenter, the free memory returned
	was from the resorcePool (usually a cluster). This is in conflict with
	e.g esxNodeGetInfo which always pulls info from the ESX host.
	Since libvirt ESX driver works primarily with ESX hosts, this patch
	changes esxNodeGetFreeMemory to pull that information from ESX host so
	it's consistent with behavior of esxNodeGetInfo.

	esx: add esxVI_GetInt
	Modeled after the already existing esxVI_GetLong.

2015-04-03  Erik Skultety  <eskultet@redhat.com>

	conf: Change virStoragePoolSaveConfig prototype s/configDir/configFile
	Just a minor change which might be a little confusing for someone
	looking only at the API.

	conf: Introduce virStoragePoolSaveState
	Introduce virStoragePoolSaveState to properly format the state XML in
	the same manner as virStoragePoolDefFormat, except for adding a
	<poolstate> ... </poolstate> around the definition. This is similar to
	virNetworkObjFormat used to save the live/active network information.

	conf: Introduce virStoragePoolDefFormatBuf
	When modifying config/status XML, it might be handy to include some
	additional XML elements (e.g. <poolstate>). In order to do so,
	introduce new formatting function virStoragePoolDefFormatBuf and make
	virStoragePoolDefFormat call it.

2015-04-02  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix dom0 balloon logic
	Recent testing on large memory systems revealed a bug in the Xen xl
	tool's freemem() function.  When autoballooning is enabled, freemem()
	is used to ensure enough memory is available to start a domain,
	ballooning dom0 if necessary.  When ballooning large amounts of memory
	from dom0, freemem() would exceed its self-imposed wait time and
	return an error.  Meanwhile, dom0 continued to balloon.  Starting the
	domain later, after sufficient memory was ballooned from dom0, would
	succeed.  The libvirt implementation in libxlDomainFreeMem() suffers
	the same bug since it is modeled after freemem().
	In the end, the best place to fix the bug on the Xen side was to
	slightly change the behavior of libxl_wait_for_memory_target().
	Instead of failing after caller-provided wait_sec, the function now
	blocks as long as dom0 memory ballooning is progressing.  It will return
	failure only when more memory is needed to reach the target and wait_sec
	have expired with no progress being made.  See xen.git commit fd3aa246.
	There was a dicussion on how this would affect other libxl apps like
	libvirt
	http://lists.xen.org/archives/html/xen-devel/2015-03/msg00739.html
	If libvirt containing this patch was build against a Xen containing
	the old libxl_wait_for_memory_target() behavior, libxlDomainFreeMem()
	will fail after 30 sec and domain creation will be terminated.
	Without this patch and with old libxl_wait_for_memory_target() behavior,
	libxlDomainFreeMem() does not succeed after 30 sec, but returns success
	anyway.  Domain creation continues resulting in all sorts of fun stuff
	like cpu soft lockups in the guest OS.  It was decided to properly fix
	libxl_wait_for_memory_target(), and if anything improve the default
	behavior of apps using the freemem reference impl in xl.
	xl was patched to accommodate the change in libxl_wait_for_memory_target()
	with xen.git commit 883b30a0.  This patch does the same in the libxl
	driver.  While at it, I changed the logic to essentially match
	freemem() in $xensrc/tools/libxl/xl_cmdimpl.c.  It was a bit cleaner
	IMO and will make it easier to spot future, potentially interesting
	divergences.

2015-04-02  Martin Kletzander  <mkletzan@redhat.com>

	Typos: Get rid of dependan(t|cies)
	Dependant is flagged as wrong in US dictionary (only valid in UK
	dictionary, and even then, it has only the financial sense and not the
	inter-relatedness sense that we are more prone to be wanting throughout
	code).

	docs: Add Host sFlow into monitoring apps
	Reported-by: Peter Phaal <peter.phaal@gmail.com>

2015-04-02  Huanle Han  <hanxueluo@gmail.com>

	hostdev: Fix index error in loop after remove an element
	'virPCIDeviceList' is actually an array. Removing one element makes the
	rest of the element move.
	Use while loop, increase index only when not virPCIDeviceListDel(pcidevs, dev)

2015-04-02  Ján Tomko  <jtomko@redhat.com>

	Fix xlconfigtest with older libxl
	Commit cd5dc30 added this test, but it fails if
	LIBXL_HAVE_BUILDINFO_USBDEVICE_LIST is not defined:
	6) Xen XM-2-XML Format fullvirt-multiusb
	... libvirt:  error : unsupported configuration: multiple USB
	devices not supported
	FAILED

	Auto add virtio-serial controllers
	In virDomainVirtioSerialAddrNext, add another controller
	if we've exhausted all ports of the existing controllers.
	https://bugzilla.redhat.com/show_bug.cgi?id=1076708

	Assign an address when hotplugging a virtio-serial device

	Expand the address set when attaching a virtio-serial controller

	Allocate virtio-serial addresses when starting a domain
	Instead of always using controller 0 and incrementing port number,
	respect the maximum port numbers of controllers and use all of them.
	Ports for virtio consoles are quietly reserved, but not formatted
	(neither in XML nor on QEMU command line).
	Also rejects duplicate virtio-serial addresses.
	https://bugzilla.redhat.com/show_bug.cgi?id=890606
	https://bugzilla.redhat.com/show_bug.cgi?id=1076708
	Test changes:
	* virtio-auto.args
	  Filling out the port when just the controller is specified.
	  switched from using
	    maxport + 1
	  to:
	    first free port on the controller
	* virtio-autoassign.args
	  Filling out the address when no <address> is specified.
	  Started using all the controllers instead of 0, also discards
	  the bus value.
	* xml -> xml output of virtio-auto
	  The port assignment is no longer done as a part of XML parsing,
	  so the unspecified values stay 0.

	Add functions to track virtio-serial addresses
	Create a sorted array of virtio-serial controllers.
	Each of the elements contains the controller index
	and a bitmap of available ports.
	Buses are not tracked, because they aren't supported by QEMU.

	Add test for virtio serial port assignment
	Add a test to demonstrate the effect of automatic virtio-serial
	address assignment.

2015-04-02  John Ferlan  <jferlan@redhat.com>

	scsi: Remove unused 'type_path' in processLU
	Seems to be a remnant that was never cleaned up from original submit...

	iscsi: Fix exit path for virStorageBackendISCSIFindLUs failure
	If the call to virStorageBackendISCSIGetHostNumber failed, we set
	retval = -1, but yet still called virStorageBackendSCSIFindLUs.
	Need to add a goto cleanup - while at it, adjust the logic to
	initialize retval to -1 and only changed to 0 (zero) on success.

	iscsi: Use error message from virStorageBackendSCSIFindLUs
	Don't supercede the error message virStorageBackendSCSIFindLUs as the
	message such as "error: Failed to find LUs on host 60: ..." is not overly
	clear as to what the real problem might be.

2015-04-02  Erik Skultety  <eskultet@redhat.com>

	conf: Introduce virStoragePoolSaveXML
	Make XML definition saving more generic by moving the common code into
	virStoragePoolSaveXML and leave case specific code to
	PoolSave{Status,Config,...} functions.

	storage: Remove unused attribute conn from 'checkPool' callback
	In order to be able to use 'checkPool' inside functions which do not
	have any connection reference, 'conn' attribute needs to be discarded
	from the checkPool's signature, since it's not used by any storage backend
	anyway.

2015-04-02  Luyao Huang  <lhuang@redhat.com>

	qemuDomainBlockCopy: Check @granularity to be a power of two
	https://bugzilla.redhat.com/show_bug.cgi?id=1206479
	As described in virDomainBlockCopy() parameters description, the
	VIR_DOMAIN_BLOCK_COPY_GRANULARITY parameter may require the value to
	have some specific attributes (e.g. be a power of two or fall within a
	certain range). And in qemu, a power of two is required. However, our
	code does not check that and let qemu operation fail. Moreover, the
	virsh man page is not as exact as it could be in this respect.

2015-04-02  Michal Privoznik  <mprivozn@redhat.com>

	nodeinfodata: Remove broken symlinks and uneeded files
	The 7c3c7f217ebae5 and f5c2d6 commits introduced a nodeinfo test.
	In order to do that, some parts of sysfs had to be copied.
	However, sysfs is full of symlinks, so during copying some
	symlinks broke. Remove them, as on different systems they can
	point to different files or be broken. At the same time, we don't
	need all files added in those commits. For instance we don't care
	about 'uevent' files, 'power' folders, and others.

2015-04-02  zhang bo  <oscar.zhangbo@huawei.com>

	qemu: lifecycle: make agent-mode shutdown and reboot timeout
	When we shutdown/reboot a guest using agent-mode, if the guest itself blocks infinitely,
	libvirt would block in qemuAgentShutdown() forever.
	Thus, we set a timeout for shutdown/reboot, from our experience, 60 seconds would be fine.

2015-04-02  Ján Tomko  <jtomko@redhat.com>

	Fix indentation in cmdVcpuPin

	virsh: remove stale comment
	Copied from the vcpupin command, which has two modes of operation.

2015-04-02  Shanzhi Yu  <shyu@redhat.com>

	conf: Rename virDomainHasDiskMirror and detect block jobs properly
	virDomainHasDiskMirror() currently detects only jobs that add the mirror
	elements. Since some operations like migration are interlocked by
	existing block jobs on the given domain the check needs to be
	instrumented to check regular jobs too.
	This patch renames virDomainHasDiskMirror to virDomainHasDiskBlockjob
	and adds an argument that allows to select that it returns true only for
	block copy jobs as those interlock making the domain persistent.
	Other two uses trigger on any block job type.

2015-04-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Check for block jobs individually
	If any disk of a VM was involved in a (copy) block job we refused to do
	a snapshot. As not only copy jobs interlock snapshots and the
	interlocking is applicable to individual disks only we can make the
	check in a more individual fashion and interlock all block job types
	supported by libvirt.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1203628

2015-04-02  Ján Tomko  <jtomko@redhat.com>

	Remove unnecessary includes from virsh.h
	Include them in the files that need them instead.

	Remove unused includes from virsh
	After splitting out most of virsh command, some includes
	are no longer needed.
	Some files have the libXML includes despite not needing them.

	Clean up headers in src/util/virutil.h
	* "verify.h" from gnulib is included in internal.h
	* <sys/select.h> is no longer needed
	  added by commit da196338 to use fd_set in virExec prototype

	Do not include cpu_map.h in libvirtd.c
	No longer needed after commit dd47723

	Use the DEFAULT_DRIVER_DIR macro
	Unused since commit bc2f42a0.
	Move it under the WITHOUT_DRIVER_MODULES #ifdef
	and start using it again.

	Remove unused macros
	In the order of appearance:
	* MAX_LISTEN - never used
	  added by 23ad665c (qemud) and addec57 (lock daemon)
	* NEXT_FREE_CLASS_ID - never used, added by 07d1b6b
	* virLockError - never used, added by eb8268a4
	* OPENVZ_MAX_ARG, CMDBUF_LEN, CMDOP_LEN
	  unused since the removal of ADD_ARG_LIT in d8b31306
	* QEMU_NB_PER_CPU_STAT_PARAM - unused since 897808e
	* QEMU_CMD_PROMPT, QEMU_PASSWD_PROMPT - unused since 1dc10a7
	* TEST_MODEL_WORDSIZE - unused since c25c18f7
	* TEMPDIR - never used, added by 714bef5
	* NSIG - workaround around old headers
	  added by commit 60ed1d2
	  unused since virExec was moved by commit 02e8691
	* DO_TEST_PARSE - never used, added by 9afa006
	* DIFF_MSEC, GETTIMEOFDAY - unused since eee6eb6

2015-04-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: Copy bitmap in a sane way
	Use virBitmapNewCopy instead of a combination of virBitmapNew and
	virBitmapCopy.

	qemu: cgroup: Kill qemuSetupCgroupVcpuPin()
	The function doesn't make sense. There's a simpler way to achieve the
	same.

	qemu: cgroup: Kill qemuSetupCgroupIOThreadsPin()
	The function doesn't make sense. There's a simpler way to achieve the
	same.

	qemu: cgroup: Rename qemuSetupCgroupEmulatorPin to qemuSetupCgroupCpusetCpus
	The function is used to set cpuset.cpus in various other helpers.

	qemu: cgroup: Use priv->autoCpuset instead of using qemuPrepareCpumap()
	Two places would call to qemuPrepareCpumap() with priv->autoNodeset to
	convert it to a cpuset. Remove the function and use the prepared cpuset
	automatically.

	qemu: cgroup: Properly set up vcpu pinning
	When the default cpuset or automatic numa placement is used libvirt
	would place the whole parent cgroup in the specified cpuset. This then
	disallowed to re-pin the vcpus to a different cpu.
	This patch pins only the vcpu threads to the default cpuset and thus
	allows to re-pin them later.
	The following config would fail to start:
	<domain type='kvm'>
	  ...
	  <vcpu placement='static' cpuset='0-1' current='2'>4</vcpu>
	  <cputune>
	    <vcpupin vcpu='0' cpuset='2-3'/>
	    ...
	This is a regression since a39f69d2b.

	qemu: cgroup: Refactor setup for IOThread cgroups
	Use the default or auto cpuset if they are provided for IOThreads.

	qemu: cgroup: Store auto cpuset instead of re-creating it on demand
	The automatic cpuset can be stored along with automatic nodeset and it
	does not have to be recreated when used.

	Bump version to 1.2.15 for new dev cycle

2015-04-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.14
	- docs/news.html.in libvirt.spec.in: update for the release
	- po/*.po*: regenerated localization

2015-04-01  Cole Robinson  <crobinso@redhat.com>

	tests: nodeinfo: Add test for RHELSA on APM mustang
	This would have caught the bug fixed by Wei's commit c13de016

	tests: nodeinfo: Test F21 aarch64 on APM mustang

2015-03-31  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockjob: Synchronously update backing chain in XML on ABORT/PIVOT
	When the synchronous pivot option is selected, libvirt would not update
	the backing chain until the job was exitted. Some applications then
	received invalid data as their job serialized first.
	This patch removes polling to wait for the ABORT/PIVOT job completion
	and replaces it with a condition. If a synchronous operation is
	requested the update of the XML is executed in the job of the caller of
	the synchronous request. Otherwise the monitor event callback uses a
	separate worker to update the backing chain with a new job.
	This is a regression since 1a92c719101e5bfa6fe2b78006ad04c7f075ea28
	When the ABORT job is finished synchronously you get the following call
	stack:
	 #0  qemuBlockJobEventProcess
	 #1  qemuDomainBlockJobImpl
	 #2  qemuDomainBlockJobAbort
	 #3  virDomainBlockJobAbort
	While previously or while using the _ASYNC flag you'd get:
	 #0  qemuBlockJobEventProcess
	 #1  processBlockJobEvent
	 #2  qemuProcessEventHandler
	 #3  virThreadPoolWorker

	qemu: Extract internals of processBlockJobEvent into a helper
	Later on I'll be adding a condition that will allow to synchronise a
	SYNC block job abort. The approach will require this code to be called
	from two different places so it has to be extracted into a helper.

	qemu: processBlockJob: Don't unlock @vm twice
	Commit 1a92c719 moved code to handle block job events to a different
	function that is executed in a separate thread. The caller of
	processBlockJob handles locking and unlocking of @vm, so the we should
	not do it in the function itself.

2015-03-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockCopy: Pass adjusted bandwidth when called via blockRebase
	The block copy API takes the speed in bytes/s rather than MiB/s that was
	the prior approach in virDomainBlockRebase. We correctly converted the
	speed to bytes/s in the old API but we still called the common helper
	virDomainBlockCopyCommon with the unadjusted variable.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1207122

2015-03-30  Luyao Huang  <lhuang@redhat.com>

	virsh: blockCopy: Add missing jump on error path
	The overflow check for the bandwidth parameter did not jump to the
	cleanup label.
	Additionally virsh should use vshError instead of virReportError.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1206987

2015-03-30  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainGetNumaParameters: Check for the correct CGroup controller
	When getting info on NUMA parameters for domain,
	virCgroupGetCpusetMems() may be called. However, as of 43b67f2e
	the call is guarded by check if memory controller is present.
	Even though it may be not obvious instantly, NUMA parameters are
	stored under cpuset controller. Therefore the check needs to look
	like this:
	  if (!virCgroupHasController(priv->cgroup,
	                              VIR_CGROUP_CONTROLLER_CPUSET) ||
	      virCgroupGetCpusetMems(priv->cgroup, &nodeset) < 0) {

	virCgroupController: Check the enum fits into 'int'
	Throughout our code, the virCgroupController enum is used in two ways.
	First as an index to an array of cgroup controllers:
	struct virCgroup {
	    char *path;
	    struct virCgroupController controllers[VIR_CGROUP_CONTROLLER_LAST];
	};
	Second way is that when calling virCgroupNew() a bitmask of the enum
	items can be passed to selectively detect only some controllers. For
	instance:
	int
	virCgroupNewVcpu(virCgroupPtr domain,
	                 int vcpuid,
	                 bool create,
	                 virCgroupPtr *group)
	{
	    ...
	    controllers = ((1 << VIR_CGROUP_CONTROLLER_CPU) |
	                   (1 << VIR_CGROUP_CONTROLLER_CPUACCT) |
	                   (1 << VIR_CGROUP_CONTROLLER_CPUSET));
	    if (virCgroupNew(-1, name, domain, controllers, group) < 0)
	        goto cleanup;
	}
	Even though it's highly unlikely that so many new controllers will be
	invented so that we would overflow when constructing the bitmask, it
	doesn't hurt to check at compile time either.

	virCgroupNew: Enhance debug message
	When creating new internal representation of cgroups, all passed
	arguments are logged. Well, except for two: pid and pointer for
	return value. Lets log them too.

	virCgroupNewPartition: Fix comment
	The function has no argument named @name rather than @path
	instead.  The comment is, however, referring to @name while it
	should have been referring to @path really.

2015-03-29  Eric Blake  <eblake@redhat.com>

	build: avoid variable named 'interface', for mingw
	Commit 2f36e6944 (re-)introduced a use of an identifier 'interface',
	which causes this build failure on mingw:
	../../tools/virsh-domain-monitor.c: In function 'cmdDomIfAddr':
	../../tools/virsh-domain-monitor.c:2233:17: error: expected identifier or '(' before 'struct'
	     const char *interface = NULL;
	                      ^
	See also commit 6512c8b.  Sadly, I'm not quite sure how to write a
	syntax check that can poison the use of this identifier.
	* tools/virsh-domain-monitor.c (cmdDomIfAddr): Use ifacestr instead.

2015-03-28  John Ferlan  <jferlan@redhat.com>

	vircgroup: Fix build issue mingw cross compile
	Commit id '2dbfa716' exposed virCgroupDetectMountsFromFile, but did not
	add the corresponding entry in the "#else /* !VIR_CGROUP_SUPPORTED */"
	section of the module.

	vircgroup: Fix build issue on mingw cross compile
	Commit id 'ba1dfc5' added virCgroupSetCpusetMemoryMigrate and
	virCgroupGetCpusetMemoryMigrate, but did not add the corresponding
	entry points into the "#else /* !VIR_CGROUP_SUPPORTED */" section

2015-03-27  Pavel Hrdina  <phrdina@redhat.com>

	tests: introduce qemucaps2xmlmock
	We need to mock virFileExists to return true for "/dev/kvm" because the
	test should not depend on host system.

	Revert "qemucaps2xmltest: fix test to successfully run without kvm support"
	This reverts commit 49bf09d16cb7050795f6963a2746d686a2fbaece.  That
	commit is wrong and doesn't fix the issue.

	virnetlink: fix build error
	Commint 0473b45cc introduced new function virNetlinkDelLink, but in
	it's counterpart for non-linux platform there should be ATTRIBUTE_UNUSED
	instead of ATTRIBUTE_UNSUPPORTED.

2015-03-27  Shanzhi Yu  <shyu@redhat.com>

	qemu: end the job when try to blockcopy to non-file destination
	Blockcopy to non-file destination is not supported according the code,
	but a 'goto endjob' is missed after checking the destination.
	This leads to calling drive-mirror with wrong parameters.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1206406

2015-03-27  Wei Huang  <wei@redhat.com>

	nodeinfo: Increase the num of CPU thread siblings to a larger value
	Current libvirt can only handle up to 1023 bytes when it
	reads Linux sysfs topology/thread_siblings. This isn't enough for
	Linux distributions that support a large value. This patch fixes
	the problem by using VIR_ALLOC()/VIR_FREE(), instead of using a
	fixed-size (1024) local char array. In the meanwhile
	SYSFS_THREAD_SIBLINGS_LIST_LENGTH_MAX is increased to 8192 which
	should be large enough for a foreseeable future.

2015-03-27  Eric Blake  <eblake@redhat.com>

	relaxng: allow : in /dev/disk/by-path names
	On IRC, Hydrar pointed a problem where 'virsh edit' failed on
	his domain created through an ISCSI pool managed by virt-manager,
	all because the XML included a block device with colons in the
	name.
	* docs/schemas/basictypes.rng (absFilePath): Add colon as safe.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-iscsi.xml: New file.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-iscsi.args: Likewise.
	* tests/qemuxml2argvtest.c (mymain): Test it.

2015-03-27  Konrad Rzeszutek Wilk  <konrad@kernel.org>

	libxl: Fix memory leak if pthread_create fails.
	If we fail to create the thread we leak the shutdown_info
	structure.

2015-03-27  Laine Stump  <laine@laine.org>

	util: use netlink to create bridge devices
	Just as it is possible to delete a bridge device with the netlink
	RTM_DELLINK message, one can be created with the RTM_NEWLINK
	message. Because of differences in the format of the message, it's not
	as straightforward as with virNetlinkDelLink() to create a single
	utility function that can be used to create any type of interface, so
	the new netlink version of virNetDevBridgeCreate() does its own
	construction of the netlink message and calls virNetlinkCommand()
	itself.
	This doesn't provide any extra functionality, just provides symmetry
	with the previous commit.
	NB: We *could* alter the API of virNetDevBridgeCreate() to take a MAC
	address, and directly program that mac address into the bridge (by
	adding an IFLA_ADDRESS attribute, as is done in
	virNetDevMacVLanCreate()) rather than separately creating the "dummy
	tap" (e.g. virbr0-nic) to maintain a fixed mac address on the bridge,
	but the commit history of virnetdevbridge.c shows that the presence of
	this dummy tap is essential in some older versions of the kernel
	(between 2.6.39 and 3.1 or 3.2, possibly?) to proper operation of IPv6
	DAD, and I don't want to take the chance of breaking something that I
	don't have the time/setup to test (my RHEL6 box is at kernel
	2.6.32-544, and the next lowest kernel I have is 3.17)

	util: use netlink to delete bridge devices
	https://bugzilla.redhat.com/show_bug.cgi?id=1125755
	reported that a stray bridge device was left on the system when a
	libvirt network failed to start due to an illegal iptables rule caused
	by bad config. Apparently the reason this was happening was that
	NetworkManager was noticing immediately when the bridge device was
	created and automatically setting it IFF_UP. libvirt would then try to
	setup the iptables rules, get an error back, and since libvirt had
	never IFF_UPed the bridge, it didn't expect that it needed to set it
	~IFF_UP before deleting it during the cleanup process. But the
	ioctl(SIOCBRDELBR) ioctl will fail to delete a bridge if it is IFF_UP.
	Since that bug was reported, NetworkManager has gotten a bit more
	polite in this respect, but just in case something similar happens in
	the future, this patch switches to using the netlink RTM_DELLINK
	message to delete the bridge - unlike SIOCBRDELBR, it will delete the
	requested bridge no matter what the setting of IFF_UP.

	util: replace body of virNetDevMacVLanDelete() with virNetlinkDelLink()
	These two functions are identical, so no sense in having the
	duplication. I resisted the temptation to replace calls to
	virNetDevMacVLanDelete() with calls to virNetlinkDelLink() just in
	case some mythical future platform has macvtap devices that aren't
	managed with netlink (or in case we some day need to do more than just
	tell the kernel to delete the device).

	util: netlink function to delete any network device
	libvirt has always used the netlink RTM_DELLINK message to delete
	macvtap/macvlan devices, but it can actually be used to delete other
	types of network devices, such as bonds and bridges. This patch makes
	virNetDevMacVLanDelete() available as a generic function so it can
	intelligibly be called to delete these other types of interfaces.

2015-03-26  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Usual update to latest gnulib status.  In particular this update
	fixes at least one issue that can be seen in libvirt, by silencing
	a valgrind detection of uninitialized memory:
	https://bugzilla.redhat.com/show_bug.cgi?id=1174147
	* .gnulib: Update to latest.
	* bootstrap: Resync to gnulib.

2015-03-26  Ján Tomko  <jtomko@redhat.com>

	Rename DomainGetIOThreadsInfo to DomainGetIOThreadInfo
	While it returns info about multiple threads, the version
	without the plural is easier to read.

	Rename qemuMonitorIOThreadsInfo* to qemuMonitorIOThreadInfo*
	It only deals with a single thread.

	Rename virDomainIOThreadsInfoFree to virDomainIOThreadInfoFree
	This function only frees the info for one thread.

	virsh: rename iothreadsinfo to iothreadinfo
	The plural seems unnecessary.

2015-03-26  Luyao Huang  <lhuang@redhat.com>

	qemu: command: Fix property name for start address of a pc-dimm module
	Starting a qemu VM with a memory module that has the base address
	specified results in the following error:
	 error: internal error: early end of file from monitor: possible problem:
	 2015-03-26T03:45:52.338891Z qemu-kvm: -device pc-dimm,node=0,memdev=memdimm0,
	 id=dimm0,slot=0,base=4294967296: Property '.base' not found
	The correct property name for the base address is 'addr'.

2015-03-26  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Give hint about -noTSX CPU model
	Because of the microcode update to Haswell/Broadwell CPUs, existing
	domains using these CPUs may fail to start even though they used to run
	just fine. To help users solve this issue we try to suggest switching to
	-noTSX variant of the CPU model:
	    virsh # start cd
	    error: Failed to start domain cd
	    error: unsupported configuration: guest and host CPU are not
	    compatible: Host CPU does not provide required features: rtm, hle;
	    try using 'Haswell-noTSX' CPU model

	cpu: Add {Haswell,Broadwell}-noTSX CPU models
	QEMU 2.3 adds these new models to cover Haswell and Broadwell CPUs with
	updated microcode. Luckily, they also reverted former the machine type
	specific changes to existing models. And since these changes were never
	released, we don't need to hack around them in libvirt.

2015-03-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Check for empty network source when formatting drive cmd
	Use the virStorageSourceIsEmpty helper to determine whether the drive
	source is empty rather than checking for src->path. This will fix start
	of VM with empty network cdrom that would not report any error.

	qemu: command: Report error when formatting network source with protocol _NONE
	The function that formats the string for network drives would return
	error code but did not set the error message when called on storage
	source with VIR_STORAGE_NET_PROTOCOL_LAST or _NONE.
	Report an error in this case if it would ever be called in that way.

2015-03-26  Amy Fong  <amy.fong@windriver.com>

	build: fix race when creating the cpu_map.xml symlink
	In some circumstances where the build tree differs from the source,
	libvirt's compile will try to create the symlink for cpu_map.xml before
	creating the directory $(abs_builddir)/cpu:
	'src/cpu/cpu_map.xml': No such file or directory'
	Do not create the symlink, it is no longer needed after
	commit e562e82f
	    Load CPU map from builddir when run uninstalled

2015-03-25  Peter Krempa  <pkrempa@redhat.com>

	tests: qemuxml2xml: Test status XML formatting and parsing
	Recently we've fixed a bug where the status XML could not be parsed as
	the parser used absolute path XPath queries. This test enhancement tests
	all XML files used in the qemu-xml-2-xml test as a part of a status XML
	snippet to see whether they are parsed correctly. The status XML-2-XML is
	currently tested in 223 cases with this patch.

	util: buffer: Add support for adding text blocks with indentation
	The current auto-indentation buffer code applies indentation only on
	complete strings. To allow adding a string containing newlines and
	having it properly indented this patch adds virBufferAddStr.

2015-03-25  Guido Günther  <agx@sigxcpu.org>

	Don't validata filesystem target type
	When using QEMU's 9pfs the target "dir" element is not necessarily an
	absolute path but merely an arbitrary identifier. So validation in that
	case currently fails with the misleading
	   $ virt-xml-validate /tmp/test.xml
	   Relax-NG validity error : Extra element devices in interleave
	   /tmp/test.xml:24: element devices: Relax-NG validity error : Element domain failed to validate content
	   /tmp/test.xml fails to validate

2015-03-25  Peter Krempa  <pkrempa@redhat.com>

	rpc: Don't unref identity object while callbacks still can be executed
	While this thread is cleaning up the client and connection objects:
	 #2  virFileReadAll (path=0x7f28780012b0 "/proc/1319/stat", maxlen=maxlen@entry=1024, buf=buf@entry=0x7f289c60fc40) at util/virfile.c:1287
	 #3  0x00007f28adbb1539 in virProcessGetStartTime (pid=<optimized out>, timestamp=timestamp@entry=0x7f289c60fc98) at util/virprocess.c:838
	 #4  0x00007f28adb91981 in virIdentityGetSystem () at util/viridentity.c:151
	 #5  0x00007f28ae73f17c in remoteClientFreeFunc (data=<optimized out>) at remote.c:1131
	 #6  0x00007f28adcb7f33 in virNetServerClientDispose (obj=0x7f28aecad180) at rpc/virnetserverclient.c:858
	 #7  0x00007f28adba8eeb in virObjectUnref (anyobj=<optimized out>) at util/virobject.c:265
	 #8  0x00007f28ae74ad05 in virNetServerHandleJob (jobOpaque=<optimized out>, opaque=0x7f28aec93ff0) at rpc/virnetserver.c:205
	 #9  0x00007f28adbbef4e in virThreadPoolWorker (opaque=opaque@entry=0x7f28aec88030) at util/virthreadpool.c:145
	In stack frame #6 the client->identity object got unref'd, but the code
	that removes the event callbacks in frame #5 did not run yet as we are
	trying to obtain the system identity (frames #4, #3, #2).
	In other thead:
	 #0  virObjectUnref (anyobj=anyobj@entry=0x7f288c162c60) at util/virobject.c:264
	        klass = 0xdeadbeef
	        obj = 0x7f288c162c60
	 #1  0x00007f28ae71c709 in remoteRelayDomainEventCheckACL (client=<optimized out>, conn=<optimized out>, dom=dom@entry=0x7f28aecaafc0) at remote.c:164
	 #2  0x00007f28ae71fc83 in remoteRelayDomainEventTrayChange (conn=<optimized out>, dom=0x7f28aecaafc0, ... ) at remote.c:717
	 #3  0x00007f28adc04e53 in virDomainEventDispatchDefaultFunc (conn=0x7f287c0009a0, event=0x7f28aecab1a0, ...) at conf/domain_event.c:1455
	 #4  0x00007f28adc03831 in virObjectEventStateDispatchCallbacks (callbacks=<optimized out>, ....) at conf/object_event.c:724
	 #5  virObjectEventStateQueueDispatch (callbacks=0x7f288c083730, queue=0x7fff51f90030, state=0x7f288c18da20) at conf/object_event.c:738
	 #6  virObjectEventStateFlush (state=0x7f288c18da20) at conf/object_event.c:816
	 #7  virObjectEventTimer (timer=<optimized out>, opaque=0x7f288c18da20) at conf/object_event.c:562
	 #8  0x00007f28adb859cd in virEventPollDispatchTimeouts () at util/vireventpoll.c:459
	Frame #0 is unrefing an invalid identity object while frame #2 hints
	that the client is still dispatching the event.
	For untrimmed backtrace see the bugzilla attachment.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1203030

	daemon: Clear fake domain def object that is used to check ACL prior to use
	The fake object is used to pass the domain name and UUID to the ACL code
	for events where we don't have the full domain def when dispatching
	events. The rest of the entries would be left uninitialized. While this
	is not a problem code-wise as the used fields are initialized it looks
	ugly in the debugger.

	util: identity: Harden virIdentitySetCurrent()
	Don't unref the old identity unless we set the new one correctly and
	unref the new one on failure to set it so that we don't leak any
	references or use invalid pointers.

	tests: qemuxml2xml: Refactor the qemuxml2xml test
	To allow adding more tests, refactor the XML-2-XML test so that the
	files are not reloaded always and clarify the control flow.
	Result of this changes is that the active and inactive portions of the
	XML are tested in separate steps rather than one test step.

	qemu: domain: Don't leak device alias list
	While adding tests for status XML parsing and formatting I've noticed
	that the device alias list is leaked.
	==763001== 81 (48 direct, 33 indirect) bytes in 1 blocks are definitely lost in loss record 414 of 514
	==763001==    at 0x4C2B8F0: calloc (vg_replace_malloc.c:623)
	==763001==    by 0x6ACF70F: virAllocN (viralloc.c:191)
	==763001==    by 0x447B64: qemuDomainObjPrivateXMLParse (qemu_domain.c:727)
	==763001==    by 0x6B848F9: virDomainObjParseXML (domain_conf.c:15491)
	==763001==    by 0x6B84CAC: virDomainObjParseNode (domain_conf.c:15608)

2015-03-25  Pavel Hrdina  <phrdina@redhat.com>

	qemucaps2xmltest: fix test to successfully run without kvm support
	Function virQEMUCapsInitGuestFromBinary detect kvm support by testing
	whether /dev/kvm exists or whether we pass path to kvmbin.  Provide the
	path we are testing via kvmbin for testing purpose instead of detecting
	presence of /dev/kvm to successfully run the tests on all hosts.

2015-03-25  Luyao Huang  <lhuang@redhat.com>

	qemu: Report better error when memory device source has wrong NUMA node
	When starting a VM with hotpluggable memory devices the user may specify
	an invalid source NUMA node. Libvirt would pass through the error from
	qemu:
	 # virsh start test3
	 error: Failed to start domain test3
	 error: internal error: process exited while connecting to monitor:
	 2015-03-25T01:12:17.205913Z qemu-kvm: -object memory-backend-ram,id=memdimm0
	 ,size=536870912,host-nodes=1-3,policy=bind: cannot bind memory to host NUMA nodes:
	 Invalid argument
	This patch adds a check that allows to report better error:
	 # virsh start test3
	 error: Failed to start domain test3
	 error: configuration unsupported: NUMA node 1 is unavailable

2015-03-25  Peter Krempa  <pkrempa@redhat.com>

	util: NUMA: Change error code in virNumaNodesetIsAvailable()
	An invalid nodeset is a configuration problem rather than an internal
	error.

2015-03-25  Luyao Huang  <lhuang@redhat.com>

	conf: Add missing apostrophe to error message

2015-03-25  Pavel Hrdina  <phrdina@redhat.com>

	Makefile: fix typo
	Commit 95695388 introduced new util/virthreadjob.c/h files but the
	makefile has type that breaks rpm build.

2015-03-25  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	docs: route element must specify network address
	because network address is required by route, so
	here we should add one avoid user misunderstand.

	docs: no 'via' attribute in route element
	via -> gateway

2015-03-25  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add timing to domain jobs
	Whenever we fail to acquire a job, we can report how long ago it was
	locked by another API.
	https://bugzilla.redhat.com/show_bug.cgi?id=853839

	qemu: Track the API which started the current job
	This is very helpful when we want to log and report why we could not
	acquire a state change lock. Reporting what job keeps it locked helps
	with understanding the issue. Moreover, after calling
	virDomainGetControlInfo, it's possible to tell whether libvirt is just
	stuck somewhere within the API (or it just forgot to cleanup the job) or
	whether libvirt is waiting for QEMU to reply.
	The error message will look like the following:
	    # virsh resume cd
	    error: Failed to resume domain cd
	    error: Timed out during operation: cannot acquire state change lock
	    (held by remoteDispatchDomainSuspend)
	https://bugzilla.redhat.com/show_bug.cgi?id=853839

	Set thread job for every RPC call
	Since all APIs are also RPC calls, we automatically get all APIs covered
	with thread jobs.

	virThreadPool: Set thread worker name
	Every thread created as a worker thread within a pool gets a name
	according to virThreadPoolJobFunc name.

	virThread: Set thread job
	Automatically assign a job to every thread created by virThreadCreate.
	The name of the virThreadFunc function passed to virThreadCreate is used
	as the job or worker name in case no name is explicitly passed.

	Force usage of virThreadCreate
	We want all threads to be set as workers or to have a job assigned to
	them, which can easily be achieved in virThreadCreate wrapper to
	pthread_create. Let's make sure we always use the wrapper.

	Add support for tracking thread jobs
	Each thread can use a thread local variable to keep the name of a job
	which is currently running in the job.
	The virThreadJobSetWorker API is supposed to be called once by any
	thread which is used as a worker, i.e., it is waiting in a pool, woken
	up to do a job, and returned back to the pool.
	The virThreadJobSet/virThreadJobClear APIs are to be called at the
	beginning/end of each job.

	POTFILES.in: Sort

2015-03-25  Ján Tomko  <jtomko@redhat.com>

	Document that USB hostdevs do not need nodeDettach
	The virNodeDeviceDettach API only works on PCI devices.
	Originally added by commit 10d3272e, but the API never
	supported USB devices.
	Reported by: Martin Polednik <mpolednik@redhat.com>

2015-03-25  Peter Krempa  <pkrempa@redhat.com>

	rpc: serverclient: Clear pointer with NULL instead of 0

2015-03-25  Jim Fehlig  <jfehlig@suse.com>

	libxl: remove per-domain libxl_ctx
	Although needed in the Xen 4.1 libxl days, there is no longer any
	benefit to having per-domain libxl_ctx.  On the contrary, their use
	makes the code unecessarily complicated and prone to deadlocks under
	load.  As suggested by the libxl maintainers, use a single libxl_ctx
	as a handle to libxl instead of per-domain ctx's.
	One downside to using a single libxl_ctx is there are no longer
	per-domain log files for log messages emitted by libxl.  Messages
	for all domains will be sent to /var/log/libvirt/libxl/libxl-driver.log.

	libxl: make libxlDomainFreeMem static
	libxlDomainFreeMem() is only used in libxl_domain.c and thus should
	be declared static.  While at it, change the signature to take a
	libxl_ctx instead of libxlDomainObjPrivatePtr, since only the
	libxl_ctx is needed.

	libxl: remove unnecessary libxlDomainEventsRegister
	This function now only enables domain death events.  Simply call
	libxl_evenable_domain_death() instead of an unnecessary wrapper.

	libxl: use global libxl_ctx in event handler
	Change the domain event handler code to use the driver-wide
	libxl_ctx instead of the domain-specific one.

	libxl: move event registration to driver initialization
	Register a domain event handler with the driver-wide libxl_ctx
	during driver initialization.

	libxl: Move setup of child processing code to driver initialization
	Informing libxl how to handle its child proceses should be done once
	during driver initialization, not once for each domain-specific
	libxl_ctx object.  The related libxl documentation in
	$xen-src/tools/libxl/libxl_event.h even mentions that "it is best to
	call this at initialisation".

	libxl: use driver-wide ctx in fd and timer event handling
	Long ago I incorrectly associated libxl fd and timer registrations
	with per-domain libxl_ctx objects.  When creating a libxlDomainObjPrivate,
	a libxl_ctx is allocated, and libxl_osevent_register_hooks is called
	passing a pointer to the libxlDomainObjPrivate.  When an fd or timer
	registration occurred, the registration callback received the
	libxlDomainObjPrivate, containing the per-domain libxl_ctx.  This
	libxl_ctx was then used when informing libxl about fd events or
	timer expirations.
	The problem with this approach is that fd and timer registrations do not
	share the same lifespan as libxlDomainObjPrivate, and hence the per-domain
	libxl_ctx ojects.  The result is races between per-domain libxl_ctx's being
	destoryed and events firing on associated fds/timers, typically manifesting
	as an assert in libxl
	libxl_internal.h:2788: libxl__ctx_unlock: Assertion `!r' failed
	There is no need to associate libxlDomainObjPrivate objects with libxl's
	desire to use libvirt's event loop.  Instead, the driver-wide libxl_ctx can
	be used for the fd and timer registrations.
	This patch moves the fd and timer handling code away from the
	domain-specific code in libxl_domain.c into libxl_driver.c.  While at it,
	function names were changed a bit to better describe their purpose.
	The unnecessary locking was also removed since the code simply provides a
	wrapper over the event loop interface.  Indeed the locks may have been
	causing some deadlocks when repeatedly creating/destroying muliple domains.
	There have also been rumors about such deadlocks during parallel OpenStack
	Tempest runs.

2015-03-25  Pavel Hrdina  <phrdina@redhat.com>

	qemu: fix set vcpus on host without NUMA
	We don't have to modify cpuset.mems on hosts without NUMA.  It also
	fixes an error message that you get instead of success if you trying
	update vcpus of a guest on a host without NUMA.
	error: internal error: NUMA isn't available on this host
	Signer-off-by: Pavel Hrdina <phrdina@redhat.com>

	qemu: cleanup setvcpus
	Remove unnecessary maximum variable.

	qemu: move virDomainLiveConfigHelperMethod right after BeginJob
	We should call virDomainLiveConfigHelperMethod ASAP because this
	function transfers VIR_DOMAIN_AFFECT_CURRENT to VIR_DOMAIN_AFFECT_LIVE
	or VIR_DOMAIN_AFFECT_CONFIG.  All other additional checks for those two
	flags should consider that the user give us VIR_DOMAIN_AFFECT_CURRENT.
	Remove the unnecessary check whether the domain is live in case of
	VIR_DOMAIN_VCPU_GUEST because this check is done by
	virDomainLiveConfigHelperMethod.

2015-03-25  Ján Tomko  <jtomko@redhat.com>

	Document behavior of compat when creating qcow2 volumes
	Commit bab2eda changed the behavior for missing compat attribute,
	but failed to update the documentation.
	Before, the option was omitted from qemu-img command line and the
	qemu-img default was used. Now we always specify the compat value
	and the default is 0.10.
	Reported by Christophe Fergeau
	https://bugzilla.gnome.org/show_bug.cgi?id=746660#c4

	Fix typo in error message
	by rewriting it completely from:
	error: unsupported configuration: virtio only support device address
	type 'PCI'
	to:
	error: unsupported configuration: virtio disk cannot have an address of type
	drive
	Since we now support CCW addresses as well.

2015-03-24  Laine Stump  <laine@laine.org>

	qemu: change accidental VIR_WARNING back to VIR_DEBUG
	While debugging the support for responding to qemu RX_FILTER_CHANGED
	events, I had changed the "ignoring this event" log message from
	VIR_DEBUG to VIR_WARN, but forgot to change it back before
	pushing. Since many guest OSes make enough changes to multicast lists
	and/or promiscuous mode settings to trigger this message, it's
	starting to show up as a red herring in bug reports.

2015-03-24  Pavel Hrdina  <phrdina@redhat.com>

	qemucaps2xmltest: fix the test to correspond to new domain formatting
	Commit 2360fe5d updated formating of <domain> element but forgot to
	update qemucaps2xmldata xml files.  In addition the test code was broken
	too.  Update the xml files and return -1 if testCompareXMLToXML fails
	together with indentation fix.

2015-03-24  Luyao Huang  <lhuang@redhat.com>

	conf: fix parsing of NUMA settings in VM status XML
	Commit 5bba61f changed the XPath strings to be absolute when parsing
	the VM NUMA configuration. Unfortunately the <domain> element is not a
	top level element when parsing the domain status XML thus the absolute
	XPath string doesn't match.
	Use the relative string so that the <numa> settings are not lost.

2015-03-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Implement memory device hotunplug
	Add code to hot-remove memory devices from qemu. Unfortunately QEMU
	doesn't support this right now, so this is just for completenes.

	qemu: Implement memory device hotplug
	Add code to hot-add memory devices to running qemu instances.

	qemu: conf: Add support for memory device cold(un)plug
	Add a few helpers that allow to operate with memory device definitions
	on the domain config and use them to implement memory device coldplug in
	the qemu driver.

	qemu: add support for memory devices
	Add support to start qemu instance with 'pc-dimm' device. Thanks to the
	refactors we are able to reuse the existing function to determine the
	parameters.

	qemu: migration: Forbid migration with memory modules lacking info
	Make sure that libvirt has all vital information needed to reliably
	represent configuration of guest's memory devices in case of a
	migration.
	This patch forbids migration in case the required slot number and module
	base address are not present (failed to be loaded from qemu via
	monitor).

	qemu: memdev: Add infrastructure to load memory device information
	When using 'dimm' memory devices with qemu, some of the information
	like the slot number and base address need to be reloaded from qemu
	after process start so that it reflects the actual state. The state then
	allows to use memory devices across migrations.

	conf: Add interface to parse and format memory device information
	This patch adds code that parses and formats configuration for memory
	devices.
	A simple configuration would be:
	<memory model='dimm'>
	  <target>
	    <size unit='KiB'>524287</size>
	    <node>0</node>
	  </target>
	</memory>
	A complete configuration of a memory device:
	<memory model='dimm'>
	  <source>
	    <pagesize unit='KiB'>4096</pagesize>
	    <nodemask>1-3</nodemask>
	  </source>
	  <target>
	    <size unit='KiB'>524287</size>
	    <node>1</node>
	  </target>
	</memory>
	This patch preemptively forbids use of the <memory> device in individual
	drivers so the users are warned right away that the device is not
	supported.

	conf: Add device address type for dimm devices
	Dimm devices are described by the slot and base address. Add a new
	address type to be able to describe such address.

	qemu: Implement setup of memory hotplug parameters
	To enable memory hotplug the maximum memory size and slot count need to
	be specified. As qemu supports now other units than mebibytes when
	specifying memory, use the new interface in this case.

	conf: Add support for parsing and formatting max memory and slot count
	Add a XML element that will allow to specify maximum supportable memory
	and the count of memory slots to use with memory hotplug.
	To avoid possible confusion and misuse of the new element this patch
	also explicitly forbids the use of the maxMemory setting in individual
	drivers's post parse callbacks. This limitation will be lifted when the
	support is implemented.

	libxl: Refactor logic in domain post parse callback
	With the current control flow the post parse callback returned success
	right away for fully virtualized VMs. To allow adding additional checks
	into the post parse callback tweak the conditions so that the function
	doesn't return early except for error cases.
	To clarify the original piece of code borrow the wording from the commit
	message for the patch that introduced the code.

	qemu: monitor: Don't leak @props with non-JSON in qemuMonitorAddObject
	The function comment states that @props is always consumed, even on
	failure. This was not true with the failure if the monitor is not using
	QMP.

	qemu: Don't return memory device config on error in qemuBuildMemoryBackendStr
	In the last section if the function determines that the config is
	invalid when QEMU doesn't support the memory device the JSON config
	object would be returned even if it doesn't make sense.
	Assign the object to be returned only on success.

2015-03-23  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: Set default SCSI controller model for S390 arch
	When no model is specified in the domain definition for
	a scsi controller and the architectur is s390 than virtio-scsi
	is set as default model.
	Reviewed-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
	Reviewed-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

2015-03-23  Natanael Copa  <ncopa@alpinelinux.org>

	Fix underlinking of libvirt_driver_interface.so
	Always add udev linker flags when WITH_UDEV is enabled to avoid
	underlinking.
	See commit 43dbcb15 (interface: always build all available backends)

2015-03-23  Michael Chapman  <mike@very.puzzling.org>

	qemu: skip precreation of network disks
	Commit cf54c60699833b3791a5d0eb3eb5a1948c267f6b introduced the ability
	to create missing storage volumes during migration. For network disks,
	however, we may not necessarily be able to detect whether they already
	exist -- there is no straight-forward way to map the disk to a storage
	volume, and even if there were it's possible no configured storage pool
	actually contains the disk.
	It is better to assume the network disk exists in this case, rather than
	aborting the migration completely. If the volume really is missing, QEMU
	will generate an appropriate error later in the migration.

2015-03-23  Michal Privoznik  <mprivozn@redhat.com>

	network_conf: Drop virNetworkObjIsDuplicate
	This function does not make any sense now, that network driver is
	(almost) dropped. I mean, previously, when threads were
	serialized, this function was there to check, if no other network
	with the same name or UUID exists. However, nowadays that threads
	can run more in parallel, this function is useless, in fact it
	gives misleading return values. Consider the following scenario.
	Two threads, both trying to define networks with same name but
	different UUID (e.g. because it was generated during XML parsing
	phase, whatever). Lets assume that both threads are about to call
	networkValidate() which immediately calls
	virNetworkObjIsDuplicate().
	T1: calls virNetworkObjIsDuplicate() and since no network with
	given name or UUID exist, success is returned.
	T2: calls virNetworkObjIsDuplicate() and since no network with
	given name or UUID exist, success is returned.
	T1: calls virNetworkAssignDef() and successfully places its
	network into the virNetworkObjList.
	T2: calls virNetworkAssignDef() and since network with the same
	name exists, the network definition is replaced.
	Okay, this is mainly because virNetworkAssignDef() does not check
	whether name and UUID matches. Well, lets make it so! And drop
	useless function too.

	objecteventtest: Check for virNetwork* return values
	Lets not give a bad example and check for return values of
	virNetwork* APIs called within the test. Even though it's
	unlikely that any API will fail, it can happen. We're connected
	to the test driver after all, and our API sequence is correct. So
	test driver should fail only in case of bug or OOM.

	networkStateInitialize: Don't lock network driver
	There's no need to lock the network driver, as network driver
	initialization is done prior accepting any client. There's nobody
	to hop in and do something over partially initialized driver. Nor
	qemu driver is doing that.
	==30532== Observed (incorrect) order is: acquisition of lock at 0x1439EF50
	==30532==    at 0x4C31A26: pthread_mutex_lock (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
	==30532==    by 0x5324895: virMutexLock (virthread.c:88)
	==30532==    by 0x5307E86: virObjectLock (virobject.c:323)
	==30532==    by 0x5396440: virNetworkObjListForEach (network_conf.c:4511)
	==30532==    by 0x19B29308: networkStateInitialize (bridge_driver.c:686)
	==30532==    by 0x53E1CCC: virStateInitialize (libvirt.c:777)
	==30532==    by 0x11DEB7: daemonRunStateInit (libvirtd.c:906)
	==30532==    by 0x5324B6A: virThreadHelper (virthread.c:197)
	==30532==    by 0x4C30456: ??? (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
	==30532==    by 0xA1EC1F2: start_thread (in /lib64/libpthread-2.19.so)
	==30532==    by 0xA4EDC8C: clone (in /lib64/libc-2.19.so)
	==30532==
	==30532==  followed by a later acquisition of lock at 0x1439CD60
	==30532==    at 0x4C31A26: pthread_mutex_lock (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
	==30532==    by 0x5324895: virMutexLock (virthread.c:88)
	==30532==    by 0x19B27B2C: networkDriverLock (bridge_driver.c:102)
	==30532==    by 0x19B27B60: networkGetDnsmasqCaps (bridge_driver.c:113)
	==30532==    by 0x19B2856A: networkUpdateState (bridge_driver.c:389)
	==30532==    by 0x53963E9: virNetworkObjListForEachHelper (network_conf.c:4488)
	==30532==    by 0x52E2224: virHashForEach (virhash.c:521)
	==30532==    by 0x539645B: virNetworkObjListForEach (network_conf.c:4512)
	==30532==    by 0x19B29308: networkStateInitialize (bridge_driver.c:686)
	==30532==    by 0x53E1CCC: virStateInitialize (libvirt.c:777)
	==30532==    by 0x11DEB7: daemonRunStateInit (libvirtd.c:906)
	==30532==    by 0x5324B6A: virThreadHelper (virthread.c:197)
	==30532==
	==30532== Required order was established by acquisition of lock at 0x1439CD60
	==30532==    at 0x4C31A26: pthread_mutex_lock (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
	==30532==    by 0x5324895: virMutexLock (virthread.c:88)
	==30532==    by 0x19B27B2C: networkDriverLock (bridge_driver.c:102)
	==30532==    by 0x19B28DF9: networkStateInitialize (bridge_driver.c:609)
	==30532==    by 0x53E1CCC: virStateInitialize (libvirt.c:777)
	==30532==    by 0x11DEB7: daemonRunStateInit (libvirtd.c:906)
	==30532==    by 0x5324B6A: virThreadHelper (virthread.c:197)
	==30532==    by 0x4C30456: ??? (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
	==30532==    by 0xA1EC1F2: start_thread (in /lib64/libpthread-2.19.so)
	==30532==    by 0xA4EDC8C: clone (in /lib64/libc-2.19.so)
	==30532==
	==30532==  followed by a later acquisition of lock at 0x1439EF50
	==30532==    at 0x4C31A26: pthread_mutex_lock (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
	==30532==    by 0x5324895: virMutexLock (virthread.c:88)
	==30532==    by 0x5307E86: virObjectLock (virobject.c:323)
	==30532==    by 0x538A09C: virNetworkAssignDef (network_conf.c:527)
	==30532==    by 0x5391EB2: virNetworkLoadState (network_conf.c:3008)
	==30532==    by 0x53922D4: virNetworkLoadAllState (network_conf.c:3128)
	==30532==    by 0x19B2929A: networkStateInitialize (bridge_driver.c:671)
	==30532==    by 0x53E1CCC: virStateInitialize (libvirt.c:777)
	==30532==    by 0x11DEB7: daemonRunStateInit (libvirtd.c:906)
	==30532==    by 0x5324B6A: virThreadHelper (virthread.c:197)
	==30532==    by 0x4C30456: ??? (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
	==30532==    by 0xA1EC1F2: start_thread (in /lib64/libpthread-2.19.so)

2015-03-23  Martin Kletzander  <mkletzan@redhat.com>

	Fix common misspellings
	Wikipedia's list of common misspellings [1] has a machine-readable
	version.  This patch fixes those misspellings mentioned in the list
	which don't have multiple right variants (as e.g. "accension", which can
	be both "accession" and "ascension"), such misspellings are left
	untouched.  The list of changes was manually re-checked for false
	positives.
	[1] https://en.wikipedia.org/wiki/Wikipedia:Lists_of_common_misspellings/For_machines

2015-03-20  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Migrate memory on numatune change
	We've never set the cpuset.memory_migrate value to anything, keeping it
	on default.  However, we allow changing cpuset.mems on live domain.
	That setting, however, don't have any consequence on a domain unless
	it's going to allocate new memory.
	I managed to make 'virsh numatune' move all the memory to any node I
	wanted even without disabling libnuma's numa_set_membind(), so this
	should be safe to use with it as well.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1198497

	cgroup: Add accessors for cpuset.memory_migrate

2015-03-20  Eric Blake  <eblake@redhat.com>

	maint: update .mailmap for recent contributions
	Deepak Shetty has changed preferred email address since prior
	contributions.

2015-03-20  Jim Fehlig  <jfehlig@suse.com>

	libxl: use xenlight pkgconfig file if present
	xen.git commit babeca32 added a pkgconfig file for libxenlight,
	allowing libxl apps to determine the location of Xen binaries
	such as firmware blobs, device emulator, etc.
	This patch adds support for xenlight.pc in the libxl driver, falling
	back to the previous configure logic if not found.  It introduces
	LIBXL_FIRMWARE_DIR and LIBXL_EXECBIN_DIR to define the firmware and
	libexec_bin locations.  If xenlight.pc does not exist, the defines
	are set to the current hardcoded paths.  The capabilities'
	<emulator> and <loader> elements are updated to use the paths.

2015-03-19  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: fix libvirt crash if parallelsNetworkOpen fails
	If, by any reason, parallelsNetworkOpen fails it dereferences
	newly allocated privconn->networks via virObjectUnref, which in
	turn deallocates its memory.
	Subsequent call of parallelsNetworkClose calls virObjectUnref
	that leads to double memory free. To prevent this we should zero
	privconn->networks to make all subsequent virObjectUnref be safe.

2015-03-19  Luyao Huang  <lhuang@redhat.com>

	qemu: do not overwrite the error in qemuDomainObjExitMonitor
	https://bugzilla.redhat.com/show_bug.cgi?id=1196934
	When qemu exits during startup, libvirt includes the error from
	/var/log/libvirt/qemu/vm.log in the error message:
	$ virsh start test3
	error: Failed to start domain test3
	error: internal error: early end of file from monitor: possible problem:
	2015-02-27T03:03:16.985494Z qemu-kvm: -numa memdev is not supported by
	machine rhel6.5.0
	The check for domain liveness added to qemuDomainObjExitMonitor
	in commit dc2fd51f sometimes overwrites this error:
	$ virsh start test3
	error: Failed to start domain test3
	error: operation failed: domain is no longer running
	Fix the check to only report an error if there is none set.

2015-03-19  Jim Fehlig  <jfehlig@suse.com>

	libxl: Don't overwrite errors from xenconfig
	When converting domXML from native, the libxl driver was overwriting
	useful errors from the xenconfig parsing code with a useless, generic
	error.  E.g. "internal error: parsing xm config failed" vs
	"internal error: config value usbdevice was malformed".  Remove the
	redundant (and useless) error reporting in the libxl driver.

2015-03-19  John Ferlan  <jferlan@redhat.com>

	qemu: Fix two issues in qemuDomainSetVcpus error handling
	Issue #1 - A call to virBitmapNew did not check if the allocation
	failed which could lead to a NULL dereference
	Issue #2 - When deleting the pin entries from the config file, the
	code loops from the number of elements down to the "new" vcpu count;
	however, the pin id values are numbered 0..n-1 not 1..n, so the "first"
	pin attempt would never work. Luckily the check was for whether the
	incoming 'n' (vcpu id) matched the entry in the array from 0..arraysize
	rather than a dereference of the 'n' entry

2015-03-19  Deepak Shetty  <dpkshetty@gmail.com>

	doc: Fix doc for backingStore
	I spent quite some time figuring that backingStore info
	isn't included in the dom xml, unless guest is up and
	running. Hopefully putting that in the doc should help.
	Also, several people have complained that libvirt reports
	a backing file as raw, even though they expected it to be
	qcow2; where the culprit is usually the user forgetting to
	create the file with qemu-img create -o backing_fmt=qcow2.
	This patch adds that info to the doc.

2015-03-19  Eric Blake  <eblake@redhat.com>

	qemu: track 'cancelling' migration state
	In qemu 2.3, the migration status will include 'cancelling' in the
	window between when an asynchronous cancel has been requested and
	when the migration is actually halted.  Previously, qemu hid this
	state and reported 'active'.  Libvirt manages the sequence okay
	even when the string is unrecognized (that is, it will report an
	unknown state:
	Migration: [ 69 %]^Cerror: internal error: unexpected migration status in cancelling.
	but the migration is still cancelled), but recognizing the string
	makes for a smoother user experience.
	* src/qemu/qemu_monitor.h
	(QEMU_MONITOR_MIGRATION_STATUS_CANCELLING): Add enum.
	* src/qemu/qemu_monitor.c (qemuMonitorMigrationStatus): Map it.
	* src/qemu/qemu_migration.c (qemuMigrationUpdateJobStatus): Adjust
	clients.
	* src/qemu/qemu_monitor_json.c
	(qemuMonitorJSONGetMigrationStatusReply): Likewise.

2015-03-19  Laine Stump  <laine@laine.org>

	util: more verbose error when failing to create macvtap device
	Investigation of a problem with creating passthrough macvtap devices
	(https://bugzilla.redhat.com/show_bug.cgi?id=1185501) has shown that
	this slightly more verbose failure message is useful. In particular,
	the mac address can be used to determine the domain. You could also
	figure this out by looking at preceding messages in a debug log, but
	this gets it in a single place.

	util: clean up #includes of virnetdevopenvswitch.h
	virnetdevopenvswitch.h declares a few functions that can be called to
	add ports to and remove them from OVS bridges, and retrieve the
	migration data for a port. It does not contain any data definitions
	that are used by domain_conf.h. But for some reason, domain_conf.h
	virnetdevopenvswitch.h should be directly #including it. This adds a
	few lines to the project, but saves all the files that don't need it
	from the extra computing, and makes the dependencies more clear cut.

2015-03-19  zhang bo  <oscar.zhangbo@huawei.com>

	util: vhost user: support for bootindex
	Problem Description:
	When we set boot order for a vhost-user network interface, we found the boot index
	doesn't work.
	Cause of the Problem:
	In the function qemuBuildVhostuserCommandLine(), it forcely set the arg bootindex of
	function qemuBuildNicDevStr() to 0. Thus, the bootindex parameter got missing.
	Solution:
	Trans the arg bootindex down.

2015-03-19  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: don't prevent domain define if VIR_DOMAIN_NET_TYPE_BRIDGE
	network adapter is used

	parallels: switch off offline management feature
	which is on by default when a new VM/CT is created.
	We should do this because this feature can't be controlled
	by libvirt now and it sets up some iptables rules. So it's
	better to do this to avoid potential conflict of different
	set of rules or to avoid unexpected behavior.

	parallels: make E1000 network adapter model default
	and set adapter model specified in xml

	parallels: set correct network adapter link state
	when a new network adapter device is added

	parallels: better bridge network interface support
	In order to support 'bridge' network adapters in parallels
	driver we need to plug our veth devices into corresponding
	linux bridges.
	We are going to do this by reusing our abstraction of
	Virtual Networks in terms of PCS. On a domain creation, we
	create a new Virtual Network naming it with the same name
	as a source bridge for each network  interface.
	Having done this, we plug PCS veth interfaces created with names of
	target dev into specified bridges using our standard PCS procedures

	parallels: fix parallelsLoadNetworks
	Don't fail initialization of parallels driver if
	parallelsLoadNetwork fails for optional networks.
	This can happen when some of them are added manually
	and configured incompletely. PCS requires only two networks
	created automatically (named Host-Only and Bridged), others
	are optional and their incompleteness can be ignored.

	parallels: introduce and use string constants for network types and names

2015-03-18  Jiri Denemark  <jdenemar@redhat.com>

	maint: Distribute tests/vircgroupdata
	My commit 2dbfa71 added test data for vircgrouptest but forgot to
	distribute the new directory.

2015-03-18  John Ferlan  <jferlan@redhat.com>

	network: Resolve Coverity FORWARD_NULL
	The following is a long winded way to say this patch is avoiding a
	false positive.
	Coverity complains that calling networkPlugBandwidth() could eventually
	end up with a NULL dereference on iface->bandwidth because in the
	networkAllocateActualDevice there's a check of 'iface->bandwidth'
	before deciding to try to use the 'portgroup' if it exists or to not
	perferm the virNetDevBandwidthCopy if 'bandwidth' is not NULL.
	Later in networkPlugBandwidth the 'iface->bandwidth' is sourced from
	virDomainNetGetActualBandwidth - which would be either iface->bandwidth
	or (preferably) iface->data.network.actual->bandwidth which would have
	been filled in from either 'iface->bandwidth' or 'portgroup->bandwidth'
	back in networkAllocateActualDevice
	There *is* a check in networkCheckBandwidth for the result of the
	virDomainNetGetActualBandwidth being NULL and a return 1 based on
	that which would cause networkPlugBandwidth to exit properly and thus
	never hit the condition that Coverity complains about.
	However, since Coverity checks all paths - it somehow believes that
	a return of 0 by networkCheckBandwidth in this condition would end
	up causing the possible NULL dereference. The "fix" to silence Coverity
	is to not have networkCheckBandwidth also call virDomainNetGetActualBandwidth
	in order to get the ifaceBand, but rather have it accept it as an argument
	which causes Coverity to "see" that it's the exit condition of 1 that won't
	have the possible NULL dereference.  Since we're passing that, I added the
	passing of iface->mac rather than passing iface as well. This just hopefully
	makes sure someone doesn't undo this in the future...

2015-03-18  Jiri Denemark  <jdenemar@redhat.com>

	Use PAUSED state for domains that are starting up
	When libvirt is starting a domain, it reports the state as SHUTOFF until
	it's RUNNING. This is not ideal because domain startup may take a long
	time (usually because of some configuration issues, firewalls blocking
	access to network disks, etc.) and domain lists provided by libvirt look
	awkward. One can see weird shutoff domains with IDs in a list of active
	domains or even shutoff transient domains. In any case, it looks more
	like a bug in libvirt than a normal state a domain goes through.

	tests: Add tests for virCgroupDetectMounts

2015-03-18  Michal Privoznik  <mprivozn@redhat.com>

	qemuGetDHCPInterfaces: Don't leak @network
	The function needs a pointer to the network to get list of DHCP
	leases. The pointer is obtained via virNetworkLookupByName() which
	requires callers to free the returned network once no longer needed.
	Otherwise it's leaked.

	cmdDomIfAddr: Free @ip_addr_str
	The variable holds formatted suffix to each line printed out
	(address type, address and prefix). However, the variable is
	never freed. At the same time, honour fact, that data held in
	the variable is not constant.

	qemuAgentGetInterfaces: Don't error out on missing HW address
	Now that we allow HW address to be not present on our RPC layer,
	don't error out if qemu-ga hasn't provided any.

	virsh: Adapt to new HW address scenario
	Make sure we don't print (null) (which in fact is printf()'s
	cleverness anyway, not ours). If no HW address is present, print
	"N/A" string just like we do for other fields.

	RPC: Allow HW address in remote_domain_interface struct to be NULL
	Not all NICs (esp. the virtual ones like TUN) must have a hardware
	address. Teach our RPC that it's possible.

2015-03-18  Eric Blake  <eblake@redhat.com>

	qemu: read backing chain names from qemu
	https://bugzilla.redhat.com/show_bug.cgi?id=1199182 documents that
	after a series of disk snapshots into existing destination images,
	followed by active commits of the top image, it is possible for
	qemu 2.2 and earlier to end up tracking a different name for the
	image than what it would have had when opening the chain afresh.
	That is, when starting with the chain 'a <- b <- c', the name
	associated with 'b' is how it was spelled in the metadata of 'c',
	but when starting with 'a', taking two snapshots into 'a <- b <- c',
	then committing 'c' back into 'b', the name associated with 'b' is
	now the name used when taking the first snapshot.
	Sadly, older qemu doesn't know how to treat different spellings of
	the same filename as identical files (it uses strcmp() instead of
	checking for the same inode), which means libvirt's attempt to
	commit an image using solely the names learned from qcow2 metadata
	fails with a cryptic:
	error: internal error: unable to execute QEMU command 'block-commit': Top image file /tmp/images/c/../b/b not found
	even though the file exists.  Trying to teach libvirt the rules on
	which name qemu will expect is not worth the effort (besides, we'd
	have to remember it across libvirtd restarts, and track whether a
	file was opened via metadata or via snapshot creation for a given
	qemu process); it is easier to just always directly ask qemu what
	string it expects to see in the first place.
	As a safety valve, we validate that any name returned by qemu
	still maps to the same local file as we have tracked it, so that
	a compromised qemu cannot accidentally cause us to act on an
	incorrect file.
	* src/qemu/qemu_monitor.h (qemuMonitorDiskNameLookup): New
	prototype.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDiskNameLookup):
	Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorDiskNameLookup): New function.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskNameLookup)
	(qemuMonitorJSONDiskNameLookupOne): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit)
	(qemuDomainBlockJobImpl): Use it.

2015-03-18  Antoni Segura Puimedon  <toni@midokura.com>

	network: Add midonet virtual port type support to qemu
	Use the utilities introduced in the previous patches so the qemu
	driver is able to create tap devices that are bound (and unbound
	on domain destroyal) to Midonet virtual ports.

	docs: schema and docs for the midonet virtualport type
	Midonet is an opensource virtual networking that over lays the IP
	network between hypervisors. Currently, such networks can be made
	with the openvswitch virtualport type.
	This patch, defines the schema and documentation that will serve
	as basis for the follow up patches that will add support to libvirt
	for using Midonet virtual ports for its interfaces. The schema
	definition requires that the port profile expresses its interfaceid
	as part of the port profile. For that reason, this is part of the
	patch too.

	util: functions to support binding/unbinding midonet virtualports
	Adds the port type definitions and methods that will be used to bind
	interfaces to the Midonet virtual ports.
	virtnetdevmidonet.c adds the way to bind and unbind the ports by
	calling into the Midonet Host Agent control command line (installed
	with the midolman package).

2015-03-18  Peter Krempa  <pkrempa@redhat.com>

	conf: disk: Simplify checking if source definition was parsed
	Previously we had to check for 3 fields to see if the source was filled.
	Repurpose one of the variables as a boolean flag and use it instead of
	combining multiple sources.
	For the condition that checks that only CDROM/FLOPPY drives can be empty
	we can use the virStorageSourceIsEmpty() helper.

	util: storage: Fix check for empty storage device
	If the storage device type is parsed as network our parser still allows
	it to omit the <source> element. The empty drive check would not trigger
	on such device as it expects that every network storage source is valid.
	Use VIR_STORAGE_NET_PROTOCOL_NONE as a marker that the storage source is
	empty.

	qemu: driver: Fix cold-update of removable storage devices
	Only selected fields from the disk source were copied when cold updating
	source in a CDROM drive. When such drive was backed by a network file
	this resulted into corruption of the definition:
	    <disk type='network' device='cdrom'>
	      <driver name='qemu' type='raw' cache='none'/>
	      <source protocol='gluster' name='gluster-vol1(null)'>
	        <host name='localhost'/>
	      </source>
	      <target dev='vdc' bus='virtio'/>
	      <readonly/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
	    </disk>
	Update the whole source instead of cherry-picking elements.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1166024

	qemu: hotplug: Use checker function to check if disk is empty

	virsh: domain: Fix the change-media command
	The command did not modify the disk type and thus didn't allow to change
	media from a file image to a block backed image or vice versa. In
	addition when operating on a network backed removable devices the
	command would replace the while <source> subelement with an invalid one.
	This patch adds the --block option that allows to specify that the new
	image is block backed and assumes that without that option all images
	are file backed. Since network backends were always mangled it should
	not cause problems.

	virsh: domain: Add --print-xml flag for command change-media
	Allow printing the XML that would be used mostly for debugging purposes.

	virsh: domain: Don't use vshPrepareDiskXML for creating XML to detach disk
	Since cmdDetachDisk() calls into vshPrepareDiskXML() with
	type == VSH_PREPARE_DISK_XML_NONE && source == NULL this would result
	into skipping all the checks and effectively turn the function into a
	XML formatter.
	This patch changes the code to use the formatter directly so that the
	function can be refactored in a easier way.

2015-03-17  Maxim Nestratov  <mnestratov@parallels.com>

	parallels_sdk.c: minor cleanup
	Fix indentation in prlsdkGetNetInf()o, remove unnecessary error
	message in prlsdkDomainChangeState(), remove unnecessary job
	freeing in prlsdkLoadDomains().

2015-03-17  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	domifaddr: Add virsh support
	tools/virsh-domain-monitor.c
	   * Introduce new command : domifaddr
	     Usage: domifaddr <domain> [interface] [--full] [--source lease|agent]
	     Example outputs:
	     virsh # domifaddr f20
	     Name       MAC address          Protocol     Address
	     -------------------------------------------------------------------------------
	     lo         00:00:00:00:00:00    ipv4         127.0.0.1/8
	     -          -                    ipv6         ::1/128
	     vnet0      52:54:00:2e:45:ce    ipv4         10.1.33.188/24
	     -          -                    ipv6         2001:db8:0:f101::2/64
	     -          -                    ipv6         fe80::5054:ff:fe2e:45ce/64
	     vnet1      52:54:00:b1:70:19    ipv4         192.168.105.201/16
	     -          -                    ipv4         192.168.201.195/16
	     -          -                    ipv6         fe80::5054:ff:feb1:7019/64
	     vnet2      52:54:00:36:2a:e5    N/A          N/A
	     vnet3      52:54:00:20:70:3d    ipv4         192.168.105.240/16
	     -          -                    ipv6         fe80::5054:ff:fe20:703d/64
	     virsh # domifaddr f20 eth1 --source lease
	     Name       MAC address          Protocol     Address
	     -------------------------------------------------------------------------------
	     vnet1      52:54:00:b1:70:19    ipv4         192.168.105.201/16
	     -          -                    ipv4         192.168.201.195/16
	     -          -                    ipv6         fe80::5054:ff:feb1:7019/64
	     virsh # domifaddr f20 eth0 --source agent --full
	     Name       MAC address          Protocol     Address
	     -------------------------------------------------------------------------------
	     eth0       52:54:00:2e:45:ce    ipv4         10.1.33.188/24
	     eth0       52:54:00:2e:45:ce    ipv6         2001:db8:0:f101::2/64
	     eth0       52:54:00:2e:45:ce    ipv6         fe80::5054:ff:fe2e:45ce/64
	tools/virsh.pod
	   * Document new command

	domifaddr: Implement the API for qemu
	By querying the qemu guest agent with the QMP command
	"guest-network-get-interfaces" and converting the received JSON
	output to structured objects.
	Although "ifconfig" is deprecated, IP aliases created by "ifconfig"
	are supported by this API. The legacy syntax of an IP alias is:
	"<ifname>:<alias-name>". Since we want all aliases to be clubbed
	under parent interface, simply stripping ":<alias-name>" suffices.
	Note that IP aliases formed by "ip" aren't visible to "ifconfig",
	and aliases created by "ip" do not have any specific name. But
	we are lucky, as qemu guest agent detects aliases created by both.
	src/qemu/qemu_agent.h:
	  * Define qemuAgentGetInterfaces
	src/qemu/qemu_agent.c:
	  * Implement qemuAgentGetInterface
	src/qemu/qemu_driver.c:
	  * New function qemuGetDHCPInterfaces
	  * New function qemuDomainInterfaceAddresses
	src/remote_protocol-sructs:
	  * Define new structs
	tests/qemuagenttest.c:
	  * Add new test: testQemuAgentGetInterfaces
	    Test cases for IP aliases, 0 or multiple ipv4/ipv6 address(es)

	domifaddr: Implement the remote protocol
	daemon/remote.c
	   * Define remoteSerializeDomainInterface, remoteDispatchDomainInterfaceAddresses
	src/remote/remote_driver.c
	   * Define remoteDomainInterfaceAddresses
	src/remote/remote_protocol.x
	   * New RPC procedure: REMOTE_PROC_DOMAIN_INTERFACE_ADDRESSES
	   * Define structs remote_domain_ip_addr, remote_domain_interface,
	     remote_domain_interfaces_addresse_args, remote_domain_interface_addresses_ret
	   * Introduce upper bounds (to handle DoS attacks):
	     REMOTE_DOMAIN_INTERFACE_MAX = 2048
	     REMOTE_DOMAIN_IP_ADDR_MAX = 2048
	     Restrictions on the maximum number of aliases per interface were
	     removed after kernel v2.0, and theoretically, at present, there
	     are no upper limits on number of interfaces per virtual machine
	     and on the number of IP addresses per interface.
	src/remote_protocol-structs
	   * New structs added

	domifaddr: Implement the public APIs
	Define helper function virDomainInterfaceFree, which allows
	the upper layer application to free the domain interface object
	conveniently.
	The API is going to provide multiple methods by flags, e.g.
	  * Query guest agent
	  * Parse DHCP lease file
	include/libvirt/libvirt-domain.h
	  * Define virDomainInterfaceAddresses, virDomainInterfaceFree
	  * Define structs virDomainInterface, virDomainIPAddress
	src/driver-hypervisor.h:
	  * Define domainInterfaceAddresses
	src/libvirt-domain.c:
	  * Implement virDomainInterfaceAddresses
	  * Implement virDomainInterfaceFree
	src/libvirt_public.syms:
	  * Export the new symbols

2015-03-17  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: fix home directory for VMs
	Failures of parallelsStorageOpen occured because we incorrectly treated
	path to VM' configuration file as a directory. Now initialization of
	parallels VM domains home directory is fixed.

	parallels: don't forget to unlock domain if unregister fails

2015-03-17  Mikhail Feoktistov  <mfeoktistov@parallels.com>

	parallels: set cpu mode when applying xml configuration
	Otherwise exporting existing domain config and defining a new one like this:
	virsh -c parallels:///system dumpxml instance01 > my.xml
	virsh -c parallels:///system define my.xml
	leads to an error because PCS default x64 mode turns to x32.
	Thus, we need to set correct cpuMode in prlsdkDoApplyConfig() explicitly.

2015-03-17  Martin Kletzander  <mkletzan@redhat.com>

	conf: Use correct type for balloon stats period
	We're parsing memballoon status period as unsigned int, but when we're
	trying to set it, both we and qemu use signed int.  That means large
	values will get wrapped around to negative one resulting in error.
	Basically the same problem as commit e3a7b874 was dealing with when
	updating live domain.
	QEMU changed the accepted value to int64 in commit 1f9296b5, but even
	values as INT_MAX don't make sense since the value passed means seconds.
	Hence adding capability flag for this change isn't worth it.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140958

	qemu: Don't duplicate errors when settings stats period
	In order not to leave old error messages set, this patch refactors the
	code so the error is reported only when acted upon.  The only such place
	already rewrites any error, so cleaning up all the error reporting in
	qemuMonitorSetMemoryStatsPeriod() is enough.

	conf: Reorder elements inside memballoon
	All the devices we have format their address as its last sub-element, so
	let's change memballoon to follow suit.  Also adjust RNG to allow any
	order of them so 'virsh edit' doesn't shout at us.

	util: Make sure the comment about virBufferAddBuffer is true
	Change it so it really *always* eats the @toadd buffer.

2015-03-17  Pavel Hrdina  <phrdina@redhat.com>

	wireshark: fix VPATH build
	Add $(top_builddir) paths to INCLUDES to fix VPATH build.

2015-03-17  Luyao Huang  <lhuang@redhat.com>

	qemu_command: Fix some indentation and a typo

2015-03-17  Pavel Hrdina  <phrdina@redhat.com>

	rpm-build: use pkg-config to detect wireshark presence
	Wireshark supports pkg-config since 1.11.3.  Right now we build
	wireshark-dissectior tool as default trough rpm build only on
	fedora >= 21 and there is new wireshark that supports pkg-config.
	If someone wants to build libvirt with wireshark-dissector against old
	wireshark, they should specify the location by hand.
	This patch is mainly to fix wrong dependency on wireshark binary as it
	doesn't make sense to require that binary file to just get version info
	of that package in makefile.

2015-03-17  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix regression introduced by commit 4ab8cd77
	Commit 4ab8cd77 added a check requiring input devices to have
	a bus type of VIR_DOMAIN_INPUT_BUS_USB, failing to start the
	domain otherwise.  But virDomainDefParseXML adds implicit mouse
	and keyboard if a graphics device is configured.  See calls to
	virDomainDefMaybeAddInput.
	The regression is fixed by removing the check requiring USB input
	devices, and skipping non-USB input devices when populating USB
	'usbdevice' in libxl_domain_build_info struct.

2015-03-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: block-commit: Mark disk in block jobs only on successful command
	Patch 51f9f03a4ca50b070c0fbfb29748d49f583e15e1 introduces a regression
	where if a blockCommit operation fails the disk is still marked as being
	part of a block job but can't be unmarked later.

2015-03-17  Eric Blake  <eblake@redhat.com>

	daemon: avoid memleak when ListAll returns nothing
	Commit 4f25146 (v1.2.8) managed to silence Coverity, but at the
	cost of a memory leak detected by valgrind:
	==24129== 40 bytes in 5 blocks are definitely lost in loss record 355 of 637
	==24129==    at 0x4A08B1C: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==24129==    by 0x5084B8E: virReallocN (viralloc.c:245)
	==24129==    by 0x514D5AA: virDomainObjListExport (domain_conf.c:22200)
	==24129==    by 0x201227DB: qemuConnectListAllDomains (qemu_driver.c:18042)
	==24129==    by 0x51CC1B6: virConnectListAllDomains (libvirt-domain.c:6797)
	==24129==    by 0x14173D: remoteDispatchConnectListAllDomains (remote.c:1580)
	==24129==    by 0x121BE1: remoteDispatchConnectListAllDomainsHelper (remote_dispatch.h:1072)
	In short, every time a client calls a ListAll variant and asks
	for the resulting list, but there are 0 elements to return, we
	end up leaking the 1-entry array that holds the NULL terminator.
	What's worse, a read-only client can access these functions in a
	tight loop to cause libvirtd to eventually run out of memory; and
	this can be considered a denial of service attack against more
	privileged clients.  Thankfully, the leak is so small (8 bytes per
	call) that you would already have some other denial of service with
	any guest calling the API that frequently, so an out-of-memory
	crash is unlikely enough that this did not warrant a CVE.
	* daemon/remote.c (remoteDispatchConnectListAllDomains)
	(remoteDispatchDomainListAllSnapshots)
	(remoteDispatchDomainSnapshotListAllChildren)
	(remoteDispatchConnectListAllStoragePools)
	(remoteDispatchStoragePoolListAllVolumes)
	(remoteDispatchConnectListAllNetworks)
	(remoteDispatchConnectListAllInterfaces)
	(remoteDispatchConnectListAllNodeDevices)
	(remoteDispatchConnectListAllNWFilters)
	(remoteDispatchConnectListAllSecrets)
	(remoteDispatchNetworkGetDHCPLeases): Plug leak.

2015-03-16  John Ferlan  <jferlan@redhat.com>

	Remove virDomainIOThreadsPinDel
	This one is no longer necessary since the Vcpu and IOThreads API's share

	Replace virDomainVcpuPinDel with virDomainPinDel
	Since both Vcpu and IOThreads code use the same API's, alter the naming
	of the API's to remove the "Vcpu" specific reference

	Replace virDomainIOThreadsPinAdd with virDomainPinAdd
	This one is no longer necessary since the Vcpu and IOThreads API's share

	Replace virDomainVcpuPinAdd with virDomainPinAdd
	Since both Vcpu and IOThreads code use the same API's, alter the naming
	of the API's to remove the "Vcpu" specific reference

	Convert virDomainVcpuPinFindByVcpu into virDomainPinFindByVcpu
	Since both Vcpu and IOThreads code use the same API's, alter the naming
	of the API's to remove the "Vcpu" specific reference

	Convert virDomainVcpuPinIsDuplicate into virDomainPinIsDuplicate
	Since both Vcpu and IOThreads code use the same API's, alter the naming
	of the API's to remove the "Vcpu" specific reference

	Convert virDomainVcpuPinDefCopy into virDomainPinDefCopy
	Since both Vcpu and IOThreads code use the same API's, alter the naming
	of the API's to remove the "Vcpu" specific reference

	Convert virDomainVcpuPinDefArrayFree to virDomainPinDefArrayFree
	Since both Vcpu and IOThreads code use the same API's, alter the naming
	of the API's to remove the "Vcpu" specific reference

	Convert virDomainVcpuPinDefFree to virDomainPinDefFree
	Since both Vcpu and IOThreads code use the same API's, alter the naming
	of the API's to remove the "Vcpu" specific reference

	Convert virDomainPinDefPtr->vcpuid to virDomainPinDefPtr->id
	Since we're not specifically a vcpu related structure anymore...

	Convert virDomainVcpuPinDefPtr to virDomainPinDefPtr
	As pointed out by jtomko in his review of the IOThreads pinning code:
	http://www.redhat.com/archives/libvir-list/2015-March/msg00495.html
	there are some comments sprinkled in indicating IOThreads were using
	the same structure as the VcpuPin code...
	This is the first patch of a few that will change the virDomainVcpuPin*
	structures and code to just virDomainPin* - starting with the data
	structure naming...

	qemu: Fix possible memory leak in qemuDomainPinVcpuFlags
	During his review of the iothreads pin setting code, Pavel noted that
	there was a potential memory leak with respect to how the newVcpuPin
	is handled and the goto endjob's in failure paths which would not free
	the memory.  For reference, See:
	http://www.redhat.com/archives/libvir-list/2015-March/msg00415.html

2015-03-16  Peter Krempa  <pkrempa@redhat.com>

	conf: Make specifying <memory> optional
	Now that the size of guest's memory can be inferred from the NUMA
	configuration (if present) make it optional to specify <memory>
	explicitly.
	To make sure that memory is specified add a check that some form of
	memory size was specified. One side effect of this change is that it is
	no longer possible to specify 0KiB as memory size for the VM, but I
	don't think it would be any useful to do so. (I can imagine embedded
	systems without memory, just registers, but that's far from what libvirt
	is usually doing).
	Forbidding 0 memory for guests also fixes a few corner cases where 0 was
	not interpreted correctly and caused failures. (Arguments for numad when
	using automatic placement, size of the balloon). This fixes problems
	described in https://bugzilla.redhat.com/show_bug.cgi?id=1161461
	Test case changes are added to verify that the schema change and code
	behave correctly.

	conf: Automatically use NUMA memory size in case NUMA is enabled
	Use the NUMA total instead of the configured size both in XML and for
	uses in the code once NUMA is enabled for a domain.
	One test case change is necessary as the rounding of the individual cell
	sizes was not matching the rounding of the total size.

	qemu: command: Add helper to align memory sizes
	The memory sizes in qemu are aligned up to 1 MiB boundaries. There are
	two places where this was done once for the total size and then for
	individual NUMA cell sizes.
	Add a function that will align the sizes in one place so that it's clear
	where the sizes are aligned.

	conf: Replace access to def->mem.max_balloon with accessor functions
	As there are two possible approaches to define a domain's memory size -
	one used with legacy, non-NUMA VMs configured in the <memory> element
	and per-node based approach on NUMA machines - the user needs to make
	sure that both are specified correctly in the NUMA case.
	To avoid this burden on the user I'd like to replace the NUMA case with
	automatic totaling of the memory size. To achieve this I need to replace
	direct access to the virDomainMemtune's 'max_balloon' field with
	two separate getters depending on the desired size.
	The two sizes are needed as:
	1) Startup memory size doesn't include memory modules in some
	hypervisors.
	2) After startup these count as the usable memory size.
	Note that the comments for the functions are future aware and document
	state that will be present after a few later patches.

	qemu: Disallow concurrent block jobs on a single disk
	While qemu may be prepared to do this libvirt is not. Forbid the block
	ops until we fix our code.

	qemu: event: Don't fiddle with disk backing trees without a job
	Surprisingly we did not grab a VM job when a block job finished and we'd
	happily rewrite the backing chain data. This made it possible to crash
	libvirt when queueing two backing chains tightly and other badness.
	To fix it, add yet another handler to the helper thread that handles
	monitor events that require a job.

	qemu: process: Export qemuProcessFindDomainDiskByAlias

2015-03-16  Erik Skultety  <eskultet@redhat.com>

	qemu: Check for negative port values in network drive configuration
	We interpret port values as signed int (convert them from char *),
	so if a negative value is provided in network disk's configuration,
	we accept it as valid, however there's an 'unknown cause' error raised later.
	This error is only accidental because we return the port value in the return code.
	This patch adds just a minor tweak to the already existing check so we
	reject negative values the same way as we reject non-numerical strings.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1163553

	AUTHORS: add myself to commiters list

2015-03-15  Eric Blake  <eblake@redhat.com>

	network: avoid memory leak of dnsmasq capabilities
	Valgrind detected a leak:
	==17820== 102 (56 direct, 46 indirect) bytes in 1 blocks are definitely lost in loss record 479 of 646
	==17820==    at 0x4A08946: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==17820==    by 0x508521A: virAllocVar (viralloc.c:560)
	==17820==    by 0x50D9FCA: virObjectNew (virobject.c:193)
	==17820==    by 0x50A4FD9: dnsmasqCapsNewEmpty (virdnsmasq.c:784)
	==17820==    by 0x50A514E: dnsmasqCapsNewFromBinary (virdnsmasq.c:830)
	==17820==    by 0x1B508287: networkStateInitialize (bridge_driver.c:666)
	It looks like commit 172acef introduced the problem, because
	networkGetDnsmasqCaps() increments the reference count but an
	early exit never does a matching decrement.
	* src/network/bridge_driver.c (networkStateCleanup): Plug leak.

	netdev: silence valgrind warning about ioctl use
	Valgrind complained:
	==3770== Syscall param ioctl(SIOCETHTOOL) points to uninitialised byte(s)
	==3770==    at 0x919D407: ioctl (syscall-template.S:81)
	==3770==    by 0x530FE7E: rpl_ioctl (ioctl.c:42)
	==3770==    by 0x50CB433: virNetDevFeatureAvailable (virnetdev.c:2764)
	==3770==    by 0x50CB6A7: virNetDevGetFeatures (virnetdev.c:2830)
	==3770==    by 0x1F0E5347: udevProcessNetworkInterface (node_device_udev.c:722)
	==3770==    by 0x1F0E689F: udevGetDeviceDetails (node_device_udev.c:1300)
	==3770==    by 0x1F0E6E06: udevAddOneDevice (node_device_udev.c:1422)
	==3770==    by 0x1F0E6FB8: udevProcessDeviceListEntry (node_device_udev.c:1464)
	==3770==    by 0x1F0E70CF: udevEnumerateDevices (node_device_udev.c:1494)
	==3770==    by 0x1F0E7BB4: nodeStateInitialize (node_device_udev.c:1806)
	==3770==    by 0x51B4303: virStateInitialize (libvirt.c:777)
	==3770==    by 0x11DEE7: daemonRunStateInit (libvirtd.c:906)
	==3770==  Address 0x228e38d4 is on thread 12's stack
	==3770==  in frame #2, created by virNetDevFeatureAvailable (virnetdev.c:2750)
	* src/util/virnetdev.c (virNetDevFeatureAvailable): Initialize all
	bytes of ifr.

	virsh: fix report of non-active commit completion
	Commit f182da20 (v1.2.6) caused a slight regression in virsh
	reporting of a non-active block job; where it used to state
	"Commit complete", it now states "Now in synchronized phase".
	But the synchronized phase is only possible for an active commit.
	For a reproducer, I created a chain 'a <- b <- c <- d <- e' and
	ran virsh blockcommit $dom vda --top c --base a --verbose --wait
	* tools/virsh-domain.c (cmdBlockCommit): Synchronized phase is
	only possible on active commits.

2015-03-14  zhang bo  <oscar.zhangbo@huawei.com>

	util: don't fail if no PortData is found while getting migrateData
	Introduced by f6a2f97e
	Problem Description:
	After multiple times of migrating a domain, which has an ovs interface with no portData set,
	with non-shared disk, nbd ports got overflowed.
	The steps to reproduce the problem:
	1 define and start a domain with its network configured as:
	    <interface type='bridge'>
	          <source bridge='br0'/>
	          <virtualport type='openvswitch'>
	          </virtualport>
	          <model type='virtio'/>
	          <driver name='vhost' queues='4'/>
	    </interface>
	2 do not set the network's portData.
	3 migrate(ToURI2) it with flag 91(1011011), which means:
	  VIR_MIGRATE_LIVE
	  VIR_MIGRATE_PEER2PEER
	  VIR_MIGRATE_PERSIST_DEST
	  VIR_MIGRATE_UNDEFINE_SOURCE
	  VIR_MIGRATE_NON_SHARED_DISK
	4 migrate success, but we got an error log in libvirtd.log:
	  error : virCommandWait:2423 : internal error: Child process (ovs-vsctl --timeout=5 get Interface
	  vnet1 external_ids:PortData) unexpected exit status 1: ovs-vsctl: no key "PortData" in Interface
	  record "vnet1" column external_ids
	5 migrate it back, migrate it , migrate it back, .......
	6 nbd port got overflowed.
	The reasons for the problem is :
	1 virNetDevOpenvswitchGetMigrateData() takes it as wrong if no portData is available for  the ovs
	 interface of a domain. (We think it's not appropriate, as portData is just OPTIONAL)
	2 in func qemuMigrationBakeCookie(), it fails in qemuMigrationCookieAddNetwork(), and returns with -1.
	 qemuMigrationCookieAddNBD() is not called thereafter, and mig->nbd is still NULL.
	3 However, qemuMigrationRun() just *WARN* if qemuMigrationBakeCookie() fails, migration still successes.
	 cookie is NULL, it's not baked on the src side.
	4 On the destination side, it would alloc a port first and then free the nbd port in COOKIE.
	 But the cookie is NULL due to qemuMigrationCookieAddNetwork() failure at src side. thus the nbd port
	 is not freed.
	In this patch, we add "--if-exists" option to make ovs-vsctl not raise error if there's no portData available.
	Further more, because portData may be NULL in the cookie at the dest side, check it before setting portData.

2015-03-14  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	libxl: prevent attaching multiple netdevs with the same MAC
	It will not be possible to detach such device later. Also improve
	logging in such cases.

	conf: add virDomainHasNet
	virDomainNetFindIdx no longer returns info whether device was not found,
	or there was multiple matches. Additionally it already handle error
	reporting. Introduce virDomainHasNet which does a simple task, without
	implicit error reporting.

	tests: xenconfig: test for multiple USB devices and other HVM options

	xenconfig: add support for multiple USB devices syntax
	In Xen>=4.3, libxl supports new syntax for USB devices:
	usbdevice=[ "DEVICE", "DEVICE", ... ]
	Add support for that in xenconfig driver. When only one device is
	defined, keep using old syntax for backward compatibility.
	Adjust tests for changed options order.

2015-03-14  Marek Marczykowski  <marmarek@invisiblethingslab.com>

	libxl: add tablet/mouse input device support

2015-03-13  Michal Privoznik  <mprivozn@redhat.com>

	bridge_driver: Use more of networkObjFromNetwork
	Now that the network driver lock is ash heap of history,
	we can use more of networkObjFromNetwork().

	parallels_network: Drop parallelsDriverLock() from everywhere.
	While in previous commits there were some places that relied on
	the big lock, in this file there's no such place and the big
	driver lock can be dropped completely. Yay!

	test_driver: Drop testDriverLock() from almost everywhere
	Well, if 'everywhere' is defined as that part of the driver code
	that serves virNetwork* APIs. Again, we lower layers already have
	their locks, so there's no point doing big lock.

	bridge_driver: Drop networkDriverLock() from almost everywhere
	Now that we have fine grained locks, there's no need to
	lock the whole driver. We can rely on self-locking APIs.

	struct _virNetworkDriverState: Annotate items
	In order to drop network driver lock, lets annotate which
	structure items are immutable, which have self-locking
	APIs and so on.

	network_driver: Use accessor for dnsmasqCaps
	This is not an immutable pointer and can change during lifetime.
	Therefore, in order to drop network driver lock, we must use an
	internal accessor which does not lock the network driver yet, but
	it will soon. Now it merely returns an referenced object.

	bridge_driver: Don't access global driver randomly
	Well, network driver code has the driver accessible as a global
	variable. This makes any rework hard, as it's unclear where the
	variable is accessed and/or modified. Lets just pass the driver
	as a parameter to all functions where needed.

2015-03-13  Ján Tomko  <jtomko@redhat.com>

	Introduce virBitmapIsBitSet
	A helper that never returns an error and treats bits out of bitmap range
	as false.
	Use it everywhere we use ignore_value on virBitmapGetBit, or loop over
	the bitmap size.

	Clarify the meaning of version in redirdev filters
	The version attribute in redirdev filters refers to the revision
	of the device, not the version of the USB protocol.
	Explicitly state that this is not the USB protocol and remove references
	to those round version numbers that resemble USB protocol versions.
	https://bugzilla.redhat.com/show_bug.cgi?id=1177237

2015-03-13  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: fix prlsdkCheckUnsupportedParams checks
	for memory limits since unset ones are no longer zero

2015-03-13  Dawid Zamirski  <dzamirski@dattobackup.com>

	vmx: add e1000e to supported NIC models.
	This NIC model is supported on hardware version 8 and newer and libvirt
	ESX driver does support those.

2015-03-13  Dawid Zamirski  <dzamirski@datto.com>

	vbox: use user cache dir when screenshotting.
	For VBOX it's most likely that the connection is vbox:///session and it
	runs with local non-root account. This caused permission denied when
	LOCALSTATEDIR was used to create temp file. This patch makes use of the
	virGetUserCacheDirectory to address this problem for non-root users.

2015-03-13  Pavel Hrdina  <phrdina@redhat.com>

	virnetdev: fix build with old kernel
	Commit c9027d8f added a detection of NIC HW features, but some of them
	are not available in old kernel.  Very old kernels lack enum
	ethtool_flags and even if this enum is present, not all values are
	available for all kernels.  To be sure that we have everything in kernel
	that we need, we must check for existence of most of that flags, because
	only few of them were defined at first.
	Also to successfully build libvirt with older kernel we need to include
	<linux/types.h> before <linux/ethtool.h> to have __u32 and friends
	defined.

2015-03-12  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: add VIR_ARCH_I686 capability to parallels driver
	as soon as x32 architecture is also supported

2015-03-12  Ján Tomko  <jtomko@redhat.com>

	Error out on an address for isa-serial in QEMU driver.
	We've never formatted them on the qemu command line.
	https://bugzilla.redhat.com/show_bug.cgi?id=1164053

2015-03-12  John Ferlan  <jferlan@redhat.com>

	xenapi: Resolve Coverity REVERSE_INULL
	Coverity notes in xenapiDomainGetXMLDesc that 'vms' is dereferenced
	a few times before a "if (vms) xen_vm_set_free(vms);" call is made.
	Since we'd exit out much sooner if the fetch of the vms failed, just
	remove the unnecessary "if (vms)" check.

	xenapi: Resolve Coverity REVERSE_INULL
	Coverity complains that "net_set" is compared to NULL before calling
	xen_network_set_free, but used rather liberally before that.  While
	I was looking at the code I also noted that if the virAsprintfQuiet
	fails, then we leak our structures - so I added those too.

	xenapi: Resolve Coverity NULL_RETURNS
	Coverity points out that the return from virDomainDefParseString is
	not checked in xenapiDomainCreateXML like it should be which could
	end up in a NULL pointer dereference

	xenapi: Resolve Coverity NO_EFFECT
	Coverity points out that check (def->uuid) has no effect since it's not
	a pointer, rather an array of characters.   Just remove the extranous check.

	xenapi: Resolve Coverity FORWARD_NULL
	Since inception.  Coverity complains that the code checks "(record ==
	NULL && !session->ok)", but doesn't check (record != NULL) before
	dereferencing at "record->is_a_template"

	conf: Resolve Coverity RESOURCE_LEAK
	Commit id 'c9027d8f' added parsing of the CapNet for offload SRIOV NIC
	discovery, but forgot to free the nodes

	virsh: Add iothreadpin command
	https://bugzilla.redhat.com/show_bug.cgi?id=1135491
	$ virsh iothread --help
	  NAME
	    iothreadpin - control domain IOThread affinity
	  SYNOPSIS
	    iothreadpin <domain> <iothread> <cpulist> [--config] [--live] [--current]
	  DESCRIPTION
	    Pin domain IOThreads to host physical CPUs.
	  OPTIONS
	    [--domain] <string>  domain name, id or uuid
	    [--iothread] <number>  IOThread ID number
	    [--cpulist] <string>  host cpu number(s) to set
	    --config         affect next boot
	    --live           affect running domain
	    --current        affect current domain
	Using the output from iothreadsinfo, allow changing the pinned CPUs for
	a single IOThread.
	$ virsh iothreadsinfo $dom
	 IOThread ID    CPU Affinity
	---------------------------------------------------
	 1               2
	 2               3
	 3               0-1
	$ virsh iothreadpin $dom 3 0-2
	Then view the change
	$ virsh iothreadsinfo $dom
	 IOThread ID    CPU Affinity
	---------------------------------------------------
	 1               2
	 2               3
	 3               0-2
	If an invalid value is supplied or require option missing,
	then an error will be displayed:
	$ virsh iothreadpin $dom 4 3
	error: invalid argument: iothread value out of range 4 > 3
	$ virsh iothreadpin $dom 3
	error: command 'iothreadpin' requires <cpulist> option

	qemu: Add support to pin IOThreads to specific CPU
	Add qemuDomainPinIOThread to handle setting the CPU affinity
	for a specific IOThread

	domain: Introduce virDomainIOThreadsPin{Add|Del}
	https://bugzilla.redhat.com/show_bug.cgi?id=1135491
	More or less a virtual copy of the existing virDomainVcpuPin{Add|Del} API's.
	NB: The IOThreads implementation "reused" the virDomainVcpuPinDefPtr
	since it provided everything necessary - an "id" and a "map" for each
	thread id configured.

	remote: Implement the plumbing for virDomainPinIOThread
	Implement the remote plumbing.

	Implement public API for virDomainPinIOThread
	Add virDomainPinIOThread to allow setting the CPU affinity for a specific
	IOThread based on the output generated from virDomainGetIOThreadsInfo
	The API supports updating both the --live domain and the --config data

2015-03-11  Michal Privoznik  <mprivozn@redhat.com>

	virNetworkObjFindBy*: Return an reference to found object
	This patch turns both virNetworkObjFindByUUID() and
	virNetworkObjFindByName() to return an referenced object so that
	even if caller unlocks it, it's for sure that object won't
	disappear meanwhile. Especially if the object (in general) is
	locked and unlocked during the caller run.
	Moreover, this commit is nicely small, since the object unrefing
	can be done in virNetworkObjEndAPI().

	virNetworkObjListPtr: Make APIs self-locking
	Every API that touches internal structure of the object must lock
	the object first. Not every API that has the object as an
	argument needs to do that though. Some APIs just pass the object
	to lower layers which, however, must lock the object then. Look
	at the code, you'll get my meaning soon.

	network_conf: Introduce locked versions of lookup functions
	This is going to be needed later, when some functions already
	have the virNetworkObjList object already locked and need to
	lookup a object to work on. As an example of such function is
	virNetworkAssignDef(). The other use case might be in
	virNetworkObjListForEach() callback.

	virNetworkObjList: Derive from virObjectLockableClass
	Later we can turn APIs to lock the object if needed instead of
	relying on caller to mutually exclude itself (probably done by
	locking a big lock anyway).

	parallels_network: Use virNetworkObjEndAPI
	So far, this is pure code replacement. But once we introduce
	reference counting to virNetworkObj this will be more handy as
	there'll be only one function to change: virNetworkObjEndAPI().

	test_driver: Use virNetworkObjEndAPI
	So far, this is pure code replacement. But once we introduce
	reference counting to virNetworkObj this will be more handy as
	there'll be only one function to change: virNetworkObjEndAPI().

	bridge_driver: Use virNetworkObjEndAPI
	So far, this is pure code replacement. But once we introduce
	reference counting to virNetworkObj this will be more handy as
	there'll be only one function to change: virNetworkObjEndAPI().

	network_conf: Introduce virNetworkObjEndAPI
	This is practically copy of qemuDomObjEndAPI. The reason why is
	it so widely available is to avoid code duplication, since the
	function is going to be called from our bridge driver, test
	driver and parallels driver too.

	network_conf: Make virNetworkObj actually virObject
	So far it's just a structure which happens to have 'Obj' in its
	name, but otherwise it not related to virObject at all. No
	reference counting, not virObjectLock(), nothing.

	virNetworkObjListPtr: Turn list into a hash table

2015-03-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Kill qemuMonitorGetBlockStats(Info,ParamsNumber)
	The functions and their QMP and HMP implementations are no longer needed
	since everything is now done via the *AllStats functions.

	test: qemu: json: Avoid using the now obsolete functions
	Use the new single function instead of calling
	qemuMonitorJSONGetBlockStatsInfo and
	qemuMonitorJSONGetBlockStatsParamsNumber. This will allow to delete the
	functions later while still maintaining coverage.

	qemu: blockstats: Refactor qemuDomainBlockStatsFlags
	Now that qemuDomainBlocksStatsGather provides functions of both
	qemuMonitorGetBlockStatsParamsNumber and qemuMonitorGetBlockStatsInfo we
	can reuse it and kill a lot of code.
	Additionally as a bonus qemuDomainBlockStatsFlags will now support
	summary statistics so add a statement to the virsh man page about that.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1142636

	qemu: blockstats: Add support for totalled block statistics
	In the LXC driver, if the disk path is not provided the API returns
	total statistics for all disks of the domain. With the new text monitor
	implementation this can be now done in the qemu driver too.
	Add code that wil total the stats for all disks if the path is not
	provided.

	qemu: Split out working code qemuDomainBlockStats
	Extract the code to look up the disk alias and return the block stats
	struct so that it can be reused later in qemuDomainBlockStatsFlags.
	The function uses qemuMonitorGetAllBlockStatsInfo instead of
	qemuMonitorGetBlockStatsInfo.

	qemu: monitor: Count block stats fields in qemuMonitorGetAllBlockStatsInfo
	Our virDomainBlockStatsFlags API uses the old approach where, when it's
	called without the typed parameter array, returns the count of parameters
	supported by qemu.
	The supported parameter count is obtained via separate monitor calls
	which is a waste since we can calculate it when gathering the data.
	This patch adds code to the qemuMonitorGetAllBlockStatsInfo workers that
	allows to track the count of supported fields reported by qemu and will
	allow to remove the old duplicate code.

	qemu: monitor: Convert common code to a macro
	The function that is extracting block stats data from the QMP monitor
	reply contains a lot of repeated code. Since I'd be changing each of the
	copies in the next patch, lets convert it to a macro right away.

	qemu: monitor: Implement HMP version for listing all block device stats
	Add a different version of parser for "info blockstats" that basically
	parses the same information as the existing copy of the function.
	This will allow us to remove the single device version
	qemuMonitorGetBlockStatsInfo in the future.
	The new implementation uses few new helpers so it should be more
	understandable and provides a test case to verify that it works.

	test: qemu: Fix qemu monitor test utils to allow testing HMP
	qemu HMP commands sent by libvirt are terminated just by a '\r'. The
	fake monitor used in tests wasn't prepared to handle this and the
	communication would hang on an attempt to do a HMP conversation.
	Add a special case for handling commands separated by \r in case HMP is
	used.

	qemu: blockstats: Switch to caller allocated hash table
	Allocate the hash table in the monitor wrapper function instead of the
	worker itself so that the text monitor impl that will be added in the
	next patch doesn't have to duplicate it.

	qemu: monitor: Drop parsing of 'errs' from block info
	The error count statistic is not supported by qemu, so there's no need
	to pass the variables around if the result is ignored anyways.

	qemu: Use macro to set block stats typed parameters
	All the setters are the same code except for parameter name and
	variable, so they can be converted to a macro to save a ton of
	duplicated code.

2015-03-11  Michal Privoznik  <mprivozn@redhat.com>

	RNG: Allow multiple parameters to be passed to an interface filter
	Our code supports that for ages. When using a <filterref/> to an
	<interface/> several parameters can be passed to the filter. Later,
	when building firewall rules, parameters are substituted for their
	values. However, our RNG schema allowed only one parameter to be
	passed.
	Reported-by: Brian Rak <brak@gameservers.com>

2015-03-11  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: prevent domain define only if vcpupin is specified
	and their settings differ from common cpumask

	parallels: prevent domain define only if NUMA is really specified

	parallels: don't forget to unlock domain in parallelsDomainHasManagedSaveImage

	parallels: cpumask support

2015-03-11  Michael Chapman  <mike@very.puzzling.org>

	domain_conf: fix crash in virDomainObjListFindByUUIDInternal
	If a domain object is being removed and looked up concurrently we must
	ensure we unlock the object before unreferencing it, since the latter
	might free the object.
	The flaw was introduced in commit feb1a4d792e1c35b1009e69c00bf351b39.

	{domain, network}_conf: disable autostart when deleting config
	Undefining a running, autostarted domain removes the autostart link, but
	dom->autostart is not cleared. If the domain is subsequently redefined,
	libvirt thinks it is already autostarted and will not create the link
	even if requested:
	  # virsh dominfo example | grep Autostart
	  Autostart:      enable
	  # ls /etc/libvirt/qemu/autostart/example.xml
	  /etc/libvirt/qemu/autostart/example.xml
	  # virsh undefine example
	  Domain example has been undefined
	  # virsh define example.xml
	  Domain example defined from example.xml
	  # virsh dominfo example | grep Autostart
	  Autostart:      enable
	  # virsh autostart example
	  Domain example marked as autostarted
	  # ls /etc/libvirt/qemu/autostart/example.xml
	  ls: cannot access /etc/libvirt/qemu/autostart/example.xml: No such file or directory
	This commit ensures dom->autostart is cleared whenever the config and
	autostart link (if present) are removed.
	The bridge network driver cleared this flag itself in networkUndefine.
	This commit moves this into virNetworkDeleteConfig for symmetry with
	virDomainDeleteConfig, and to ensure it is not missed in future network
	drivers.

2015-03-11  Luyao Huang  <lhuang@redhat.com>

	qemu: Remove unnecessary virReportError on networkGetNetworkAddress return
	Error messages are already set in all code paths returning -1 from
	networkGetNetworkAddress, so we don't want to overwrite them.

2015-03-11  Michal Privoznik  <mprivozn@redhat.com>

	virQEMUCapsInitQMP: Don't dispose locked @vm
	When creating qemu capabilities, a dummy virDomainObj is created just
	because our monitor code expects that. However, the object is created
	locked already. Then, under cleanup label, we simply unref the object
	which results in whole domain object to be disposed. The object lock
	is destroyed subsequently, but hey - it's still locked:
	==24845== Thread #14's call to pthread_mutex_destroy failed
	==24845==    with error code 16 (EBUSY: Device or resource busy)
	==24845==    at 0x4C3024E: pthread_mutex_destroy (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
	==24845==    by 0x531F72E: virMutexDestroy (virthread.c:83)
	==24845==    by 0x5302977: virObjectLockableDispose (virobject.c:237)
	==24845==    by 0x5302A89: virObjectUnref (virobject.c:265)
	==24845==    by 0x1DD37866: virQEMUCapsInitQMP (qemu_capabilities.c:3397)
	==24845==    by 0x1DD37CC6: virQEMUCapsNewForBinary (qemu_capabilities.c:3481)
	==24845==    by 0x1DD381E2: virQEMUCapsCacheLookup (qemu_capabilities.c:3609)
	==24845==    by 0x1DD30F8A: virQEMUCapsInitGuest (qemu_capabilities.c:744)
	==24845==    by 0x1DD31889: virQEMUCapsInit (qemu_capabilities.c:1020)
	==24845==    by 0x1DD7DD36: virQEMUDriverCreateCapabilities (qemu_conf.c:888)
	==24845==    by 0x1DDC57C0: qemuStateInitialize (qemu_driver.c:803)
	==24845==    by 0x53DC743: virStateInitialize (libvirt.c:777)
	==24845==

2015-03-10  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	qemu: fix memory leak in qemuAgentGetFSInfo
	in virDomainFSInfoFree(), don't free the virDomainFSInfo data.
	==10670== 80 bytes in 2 blocks are definitely lost in loss record 576 of 793
	==10670==    at 0x4A06BC3: calloc (vg_replace_malloc.c:618)
	==10670==    by 0x509DEBD: virAlloc (viralloc.c:144)
	==10670==    by 0x19FBD558: qemuAgentGetFSInfo (qemu_agent.c:1837)
	==10670==    by 0x1A03CF91: qemuDomainGetFSInfo (qemu_driver.c:19238)

2015-03-10  Ján Tomko  <jtomko@redhat.com>

	Reverse the logic in virbitmaptest
	Test the whole range in testBit, not just the first bit.

	Use virBitmapNextClearBit in networkNextClassID
	Instead of finding the next clear bit by calling virBitmapGetBit
	in a loop, use the virBitmapNextClearBit helper.

2015-03-10  Laine Stump  <laine@laine.org>

	qemu: don't fill in nicindexes for session mode libvirtd
	Commit 4bbe1029f fixed a problem in commit f7afeddc by moving the call
	to virNetDevGetIndex() to a location common to all interface types (so
	that the nicindex array would be filled in for macvtap as well as tap
	interfaces), but the location was *too* common, as the original call
	to virNetDevGetIndex() had been in a section qualified by "if
	(cfg->privileged)". The result was that the "fixed" libvirtd would try
	to call virNetDevGetIndex() even for session mode libvirtd, and end up
	failing with the log message:
	  Unable to open control socket: Operation not permitted
	To remedy that, this patch qualifies the call to virNetDevGetIndex()
	in its new location with cfg->privileged.
	This resolves https://bugzilla.redhat.com/show_bug.cgi?id=1198244

2015-03-10  Michal Privoznik  <mprivozn@redhat.com>

	virnet*: Don't unlock object in dispose
	As of bba93d40 all of our RPC objects are derived from
	virObjectLockable. However, during rewrite some errors sneaked
	in. For instance, the dispose functions to virNetClient and
	virNetServerClient objects were not only freeing allocated
	memory, but unlocking themselves. This is wrong. Object should
	never disappear while locked.

2015-03-10  Pavel Hrdina  <phrdina@redhat.com>

	docs: add a note that spice channel is usable only with spice graphics
	To prevent a confusion about missing chardev argument in qemu
	command line add a note about that behavior into documentation.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1129198

2015-03-09  Pavel Hrdina  <phrdina@redhat.com>

	net-define: update or unify documentation
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1127045

	pool-define: update and unify documentation
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1127045

	iface-define: update and unify documentation
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1127045

2015-03-09  Michal Privoznik  <mprivozn@redhat.com>

	network_conf: Turn struct _virNetworkObjList private
	Now that all the code uses accessors, don't expose the structure
	anyway.

	network_conf: Turn virNetworkObjList into virObject
	Well, one day this will be self-locking object, but not today.
	But lets prepare the code for that! Moreover,
	virNetworkObjListFree() is no longer needed, so turn it into
	virNetworkObjListDispose().

	parallels_network: Adapt to new virNetworkObjList accessors

	test_driver: Adapt to new virNetworkObjList accessors

	bridge_driver: Adapt to new virNetworkObjList accessors

	network_conf: Introduce virNetworkObjListPrune
	The API will iterate over the list of network object and remove
	desired ones from it.

	network_conf: Introduce virNetworkObjListNumOfNetworks
	An accessor following pattern laid out by virDomainObjList* APIs.

	network_conf: Introduce virNetworkObjListGetNames
	An accessor following pattern laid out by virDomainObjList* APIs.

	network_conf: Introduce virNetworkObjListForEach
	This API will be used in the future to call passed callback over
	each network object in the list. It's slightly different to its
	virDomainObjListForEach counterpart, because virDomainObjList
	uses a hash table to store domain object, while virNetworkObjList
	uses an array.

2015-03-09  Jiri Denemark  <jdenemar@redhat.com>

	sanlock: Don't spam logs with "target pid not found"
	Commit v1.2.4-52-gda879e5 fixed issues with domains started before
	sanlock driver was enabled by checking whether a running domain is
	registered with sanlock and if it's not, sanlock driver is basically
	ignored for the domain.
	However, it was checking this even for domain which has just been
	started and no sanlock_* API was called for them yet. This results in
	    cmd 9 target pid 2135544 not found
	error messages to appear in sanlock.log whenever we start a new domain.
	This patch avoids this useless check for freshly started domains.

	locking: Fix flags in virLockManagerLockDaemonNew
	virLockManager*New APIs are never called with
	VIR_LOCK_MANAGER_USES_STATE. Moreover, lockd driver does not maintain
	any state that would need to be transferred during migration and thus it
	should not mention VIR_LOCK_MANAGER_USES_STATE at all.

2015-03-09  Pavel Hrdina  <phrdina@redhat.com>

	tests: fix qemuxml2argvtest to be arch independent
	Commit 5aee81a0 introduced a new test for disk-serial.  The test fails
	on i686 arch because there is no need to add "-cpu qemu32" to command
	line.  To fix the test update emulator in XML to "/usr/bin/qemu" so we
	don't add the "-cpu qemu32" to command while running the test on i686 or
	x86_64 host.

2015-03-09  John Ferlan  <jferlan@redhat.com>

	qemu: Change qemuDomainGetEmulatorPinInfo bitmap manipulation
	Follow-up to the IOThread review on CPU affinity map manipulation:
	http://www.redhat.com/archives/libvir-list/2015-March/msg00294.html
	indicates that the GetEmulatorPinInfo could use similar algorithm adjustments
	which is what this patch does.

	qemu: Change qemuDomainGetVcpuPinInfo bitmap manipulation
	Follow-up to the IOThread review on CPU affinity map manipulation:
	http://www.redhat.com/archives/libvir-list/2015-March/msg00294.html
	indicates that the GetVcpuPinInfo could use similar algorithm adjustments
	which is what this patch does.

	qemu: Resolve Coverity CHECKED_RETURN issue
	By adding a call and check of return of virBitmapToData to the
	IOThreads code, my Coverity checker lets me know qemuDomainHelperGetVcpus
	also needs to check the status...

	qemu: Change/Fix IOThread CPU affinity bitmap manipulation
	Based on review:
	http://www.redhat.com/archives/libvir-list/2015-March/msg00294.html
	Adjust how the cpumap and cpumaplen to be returned are generated

	Remove ReadOnly check for GetIOThreadsInfo

	Fix syntax for vcpupin description

2015-03-09  Martin Kletzander  <mkletzan@redhat.com>

	tests: Add test for os interleaving
	We don't usually do tests purely for one change, but one change was
	special because when users will migrate to OVMF/AAVMF, commit 18f9f69b
	makes their lives easier by allowing them to interleave <type/> inside
	<os/>.  It would be nice of us to keep the possibility of them pasting
	the loader and nvram elements wherever it is valid, hence this test.

	tests: Add test for virtio-mmio address type
	Commit 3e4b783e fixed an issue with RNG schema where this address type
	was missing, this commit adds a test for it.

2015-03-06  Michal Privoznik  <mprivozn@redhat.com>

	domain_conf: Format <pvpanic/> without address correctly
	We have something like pvpanic device. However, in some cases it does
	not have any address assigned, in which case we produce this ugly XML
	(still valid though):
	  <devices>
	    <emulator>/usr/bin/qemu</emulator>
	    ...
	    <panic>
	    </panic>
	  </devices>
	Lets format "<panic/>" instead.

2015-03-06  Daniel P. Berrange  <berrange@redhat.com>

	Refresh translations from Zanata
	Delete .po files which contain zero translated strings. Refresh
	the .pot file and pull down latest translations from Zanata.
	When refreshing the libvirt.pot, it can be pushed to zanata
	and .po files resynchonized using
	 # cd po
	 # rm libvirt.pot
	 # make libvirt.pot
	 # zanata-cli push
	 # zanata-cli pull
	Note there is no need for 'make update-po', as long as you do
	a zanata push, immediately followed by zanata pull, as the
	Zanata server will ensure the .po files downloaded match the
	just pushed .pot file.
	Note at time of writing, it is strongly recommended to only
	use the zanata Java client binary (zanata-cli), and not the
	python client binary (zanata). This is because the moderately
	large size of the libvirt pot file is causing errors when the
	python client tries to push, which have been known to result
	in the loss of all translations on the server, as well as also
	preventing uploading of .po files themselves :-(

2015-03-06  John Ferlan  <jferlan@redhat.com>

	virsh: Add 'iothreadsinfo' command
	Add the 'iothreadsinfo' command to display IOThread Info data. Allow for
	[--live] or [--config] options in order to display live or config data
	for an active domain.
	$ virsh iothreadsinfo --help
	  NAME
	    iothreadsinfo - view domain IOThreads
	  SYNOPSIS
	    iothreadsinfo <domain> [--config] [--live] [--current]
	  DESCRIPTION
	    Returns basic information about the domain IOThreads.
	  OPTIONS
	    [--domain] <string>  domain name, id or uuid
	    --config         affect next boot
	    --live           affect running domain
	    --current        affect current domain
	An active domain may return:
	$ virsh iothreads $dom
	 IOThread ID     CPU Affinity
	---------------------------------------------------
	  1               2
	  2               3
	  3               0
	$ echo $?
	0
	For domains which don't have IOThreads the following is returned:
	$ virsh iothreads $dom
	No IOThreads found for the domain
	$ echo $?
	0
	For domains which are not running the following is returned:
	$ virsh iothreads $dom --live
	error: Unable to get domain IOThreads information
	error: Requested operation is not valid: domain is not running
	$ echo $?
	1
	Editing a domains configuration and modifying the iothreadpin data for
	thread 3 from nothing provided to setting a cpuset of '0-1' and then
	displaying using --config would display:
	$ virsh iothreads f18iothr --config
	 IOThread ID     CPU Affinity
	 ----------------------------
	  1               2
	  2               3
	  3               0-1
	$

	qemu: Implement the qemu driver fetch for IOThreads
	Depending on the flags passed, either attempt to return the active/live
	IOThread data for the domain or the config data.
	The active/live path will call into the Monitor in order to get the
	IOThread data and then correlate the thread_id's returned from the
	monitor to the currently running system/threads in order to ascertain
	the affinity for each iothread_id.
	The config path will map each of the configured IOThreads and return
	any configured iothreadspin data

	remote: Implement the remote plumbing for virDomainGetIOThreadsInfo
	Implement the remote plumbing for virDomainGetIOThreadsInfo

	Implement public API for virDomainGetIOThreadsInfo
	Add virDomainGetIOThreadInfo in order to return a list of
	virDomainIOThreadInfoPtr structures which list the IOThread ID
	and the CPU Affinity map for each IOThread for the domain.
	For an active domain, the live data will be returned, while for
	an inactive domain, the config data will be returned.
	The API supports either the --live or --config flag, but not both.
	Also added virDomainIOThreadsInfoFree in order to free the cpumap
	and the IOThreadInfo structure.

2015-03-06  Pavel Hrdina  <phrdina@redhat.com>

	memtune: change the way how we store unlimited value
	There was a mess in the way how we store unlimited value for memory
	limits and how we handled values provided by user.  Internally there
	were two possible ways how to store unlimited value: as 0 value or as
	VIR_DOMAIN_MEMORY_PARAM_UNLIMITED.  Because we chose to store memory
	limits as unsigned long long, we cannot use -1 to represent unlimited.
	It's much easier for us to say that everything greater than
	VIR_DOMAIN_MEMORY_PARAM_UNLIMITED means unlimited and leave 0 as valid
	value despite that it makes no sense to set limit to 0.
	Remove unnecessary function virCompareLimitUlong.  The update of test
	is to prevent the 0 to be miss-used as unlimited in future.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146539

	virutil: introduce helper functions for memory limits
	The first one is to truncate the memory limit to
	VIR_DOMAIN_MEMORY_PARAM_UNLIMITED if the value is greater and the second
	one is to decide whether the memory limit is set or not, unlimited means
	that it's not set.

	virsh: fix memtune to also accept 0 as valid value
	Fix vshMemtuneGetSize to return correct value.  We can then decide
	according that return code whether a parameter is present and valid or
	not.  This will allow as to accept 0 as a valid value.

2015-03-06  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	qemu: Pass file descriptor when using TPM passthrough
	Pass the TPM file descriptor to QEMU via command line.
	Instead of passing /dev/tpm0 we now pass /dev/fdset/10 and the additional
	parameters -add-fd set=10,fd=20.
	This addresses the use case when QEMU is started with non-root privileges
	and QEMU cannot open /dev/tpm0 for example.

	qemu: Move TPM command line build code into own function
	Move the TPM command line build code into its own function.

	utils: Implement virCommandPassFDGetFDIndex
	Implement virCommandPassFDGetFDIndex to determine the index a given
	file descriptor will have when passed to the child process.

2015-03-06  Jim Fehlig  <jfehlig@suse.com>

	libxl: remove unneeded cleanup_unlock label
	In the old days of a global driver lock, it was necessary to unlock
	the driver after a domain restore operation.  When the global lock
	was removed from the driver, some remnants were left behind in
	libxlDomainRestoreFlags.  Remove this unneeded (and incorrect) code.

	libxl: use libxl_ctx passed to libxlConsoleCallback
	Instead of using the libxl_ctx in the libxlDomainObjPrivatePtr,
	use the ctx passed to the callback.

	libxl: remove redundant calls to libxl_evdisable_domain_death
	Domain death watch is already disabled in libxlDomainCleanup.  No
	need to disable it a second and third time.

2015-03-05  Peter Krempa  <pkrempa@redhat.com>

	spec: Enable RBD storage driver in RHEL-7
	Use correct package names too as they differ.

	conf: Remove duplicate entries in <metadata> by namespace
	Since the APIs support just one element per namespace and while
	modifying an element all duplicates would be removed, let's do this
	right away in the post parse callback.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1190590

2015-03-05  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Allow spaces in disk serial
	https://bugzilla.redhat.com/show_bug.cgi?id=1195660
	There's been a bug report appearing on the qemu-devel list, that
	libvirt is unable to pass spaces in disk serial number [1]. Not only
	our RNG schema forbids that, the code is not prepared either. However,
	with a bit of escaping (if needed) we can allow spaces there.
	1: https://lists.gnu.org/archive/html/qemu-devel/2015-02/msg04041.html

2015-03-05  Ján Tomko  <jtomko@redhat.com>

	Fix build on mingw
	Last commit unconditionally included a linux-specific header.
	Do not do that.

2015-03-05  James Chapman  <james.p.chapman@intel.com>

	SRIOV NIC offload feature discovery
	Adding functionality to libvirt that will allow it
	query the ethtool interface for the availability
	of certain NIC HW offload features
	Here is an example of the feature XML definition:
	<device>
	<name>net_eth4_90_e2_ba_5e_a5_45</name>
	  <path>/sys/devices/pci0000:00/0000:00:03.0/0000:08:00.1/net/eth4</path>
	  <parent>pci_0000_08_00_1</parent>
	  <capability type='net'>
	    <interface>eth4</interface>
	    <address>90:e2:ba:5e:a5:45</address>
	    <link speed='10000' state='up'/>
	    <feature name='rx'/>
	    <feature name='tx'/>
	    <feature name='sg'/>
	    <feature name='tso'/>
	    <feature name='gso'/>
	    <feature name='gro'/>
	    <feature name='rxvlan'/>
	    <feature name='txvlan'/>
	    <feature name='rxhash'/>
	    <capability type='80203'/>
	  </capability>
	</device>

2015-03-05  Michal Privoznik  <mprivozn@redhat.com>

	parallels: Cleanup partly opened drivers on connect open failure
	Well, the parallelsConnectOpen() joins several sub-driver openings
	into one big if condition. If any of sub-driver fails to open, the
	whole API finishes immediately. The problem is, sub-drivers may have
	left some memory allocated. Fortunately, we have a free function for
	that: parallelsConnectClose(). This is, however, not prepared for
	partially allocated driver structure. So, prepare the free function
	for it and call it at the right place, in the if body.

2015-03-04  Erik Skultety  <eskultet@redhat.com>

	storage: tweak condition to properly test lseek
	According to the POSIX standard, off_t (returned by lseek) is defined as
	signed integral type no shorter than int. Because our offset variable is defined
	as unsigned long long, the original check was passed successfully if UINT64_MAX had
	been used as offset value, due to implicit conversion.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1177219

	virsh: tweak domif-getlink link state reporting message
	According to docs, we only support 2 link states for an interface
	up/down, 'up' being the default state if link state is unspecified in
	domain's XML, so the message when no link state is provided should be
	changed a little.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1141119

2015-03-04  Shanzhi Yu  <shyu@redhat.com>

	qemu: snapshot: Don't skip check for qcow2 format with network disks
	When the domain's source disk type is network, if source protocol is rbd
	or sheepdog, the 'if().. break' will end the current case, which lead to
	miss check the driver type is raw or qcow2. Libvirt will allow to create
	internal snapshot for a running domain with raw format disk which based
	on rbd storage.
	While both protocols support internal snapshots of the disk qemu is not
	able to use it as it requires some place to store the memory image. The
	check if the disk is backed by a qcow2 image needs to be executed
	always.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1179533

2015-03-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: Allow inactive domains in qemuDomainGetControlInfo()
	Inactive domains can still be stuck in a job or other problems. Add a
	way to detect it.

	qemu: Properly report error state in qemuDomainGetControlInfo()
	Previously when a domain would get stuck in a domain job due to a
	programming mistake we'd report the following control state:
	$ virsh domcontrol domain
	occupied (1424343406.150s)
	The timestamp is invalid as the monitor was not entered for that domain.
	We can use that to detect that the domain has an active job and report a
	better error instead:
	$ virsh domcontrol domain
	error: internal (locking) error

2015-03-04  Michal Privoznik  <mprivozn@redhat.com>

	conf: s/virNetworkFindByName/virNetworkObjFindByName/
	It's returning virNetworkObjPtr after all. And it matches the
	pattern laid out by domain_conf.h.

	conf: s/virNetworkFindByUUID/virNetworkObjFindByUUID/
	It's returning virNetworkObjPtr after all. And it matches the
	pattern laid out by domain_conf.h.

	bridge_driver: s/virNetworkObjList/virNetworkObjListPtr/
	In order to hide the object internals (and use just accessors
	everywhere), lets store a pointer to the object, instead of object
	itself.

	parallels: s/virNetworkObjList/virNetworkObjListPtr/
	In order to hide the object internals (and use just accessors
	everywhere), lets store a pointer to the object, instead of object
	itself.

	test_driver: s/virNetworkObjList/virNetworkObjListPtr/
	In order to hide the object internals (and use just accessors
	everywhere), lets store a pointer to the object, instead of object
	itself.

	virNetworkObjListExport: Pass virNetworkObjListPtr
	Instead of copying the whole object onto stack when calling the
	function, just pass the pointer to the object and save up some
	space on the stack. Moreover, this prepares the code to hide the
	virNetworkObjList structure into network_conf.c and use accessors
	only.

	virNetworkObjListFree: Accept NULL
	All of our vir*Free() functions should accept NULL, even though
	that there's no way of actually passing NULL with current code.

	virNetworkObjIsDuplicate: s/@doms/@nets/
	This is probably a copy-paste error from virDomainObj*
	counterpart.  But when speaking of virNetworkObj we should use
	variable @nets for an array of networks, rather than @doms. It's
	just confusing.

	networkGetNetworkAddress: Drop empty 'error' label
	Moreover, there are two points within the function, where we're
	missing 'goto cleanup'. Fix this too.

	testNetworkUpdate: Unlock network at the end
	Silly this bug went unnoticed so long. At the beginning we try to
	find the passed network in the list of network objects. If found,
	it's locked and real work takes place. Then, in the end, the
	network object is never unlocked.

	bridge_driver: Don't check network active unlocked
	Okay, this is mainly for educational purposes since is called
	from single point only with all the possible locks held. So
	there's no way for other thread to hop in and do something wrong.
	Nevertheless, we should not give bad example.

	networkLookupByUUID: Improve error message
	We have this function networkObjFromNetwork() which for given
	virNetworkPtr tries to find corresponding virNetworkObjPtr. If no
	object is found, a nice error message is printed out:
	  no network with matching uuid '$uuid' ($name)
	Let's improve the error message produced by networkLookupByUUID to
	follow that logic.

2015-03-03  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessReconnect: Fill in pid file path
	https://bugzilla.redhat.com/show_bug.cgi?id=1197600
	So, libvirt uses pid file to track pid of started qemus. Whenever
	a domain is started, its pid is put into corresponding pid file.
	The pid file path is generated based on domain name and stored
	into domain object internals. However, it's not stored in the
	status XML and therefore lost on daemon restarts. Hence, later,
	when domain is being shut down, the daemon does not know which
	pid file to unlink, and the correct pid file is left behind. To
	avoid this, lets generate the pid file path again in
	qemuProcessReconnect().
	Reported-by: Luyao Huang <lhuang@redhat.com>

2015-03-03  Pavel Hrdina  <phrdina@redhat.com>

	qemu: check defaultMode for spice graphics independently
	Instead of checking defaultMode for every channel that has no mode
	configured, test it only once outside of channel loop.  This fixes a bug
	that in case all possible channels are fore example set to insecure, but
	defaultMode is set to secure, we wouldn't auto-generate TLS port.  This
	results in failure while starting a guest.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1143832

	qemu: remove duplicated code for allocating spice ports
	We have two different places that needs to be updated while touching
	code for allocation spice ports.  Add a bool option to
	'qemuProcessSPICEAllocatePorts' function to switch between true and fake
	allocation so we can use this function also in qemu_driver to generate
	native domain definition.

2015-03-03  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	tests : Add test for 'ppc64le' architecture.

	RNG: Add 'ppc64le' arch and newer pseries-2.* machine types
	Acked-by: Ján Tomko <jtomko@redhat.com>

2015-03-03  Peter Krempa  <pkrempa@redhat.com>

	schema: Fix interface link state schema
	In commit edd1295e1da6bfe8e4e257e5fbfad71ac0bf7c87 I've introduced an
	XML element that allows to configure state of the network interface
	link. Somehow the RNG schema hunk ended up in a weird place in the
	network schema definition. Move it to the right place and add a test
	case.
	Note that the link state is set up via the monitor at VM startup so I
	originally didn't think of adding a test case.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1173468

2015-03-03  Martin Kletzander  <mkletzan@redhat.com>

	conf: De-duplicate scheduling policy enums
	Since adding the support for scheduler policy settings in commit
	8680ea97, there are two enums with the same information.  That was
	caused by rewriting the patch since first draft.
	Find out thanks to clang, but there was no impact whatsoever.

	qemu: Don't crash in qemuDomainOpenChannel()
	The problem here was that when opening a channel, we were checking
	whether the channel given is alias (can't be NULL for running domain) or
	it's name, which can be NULL (for example with spicevmc).  In case of
	such domain qemuDomainOpenChannel() made the daemon crash.
	STREQ_NULLABLE() is safe to use since the code in question is wrapped in
	"if (name)" and is more readable, so use that instead of checking for
	non-NULL "vm->def->channels[i]->target.name".

2015-03-03  John Ferlan  <jferlan@redhat.com>

	virsh.pod: Update find-storage-pool-sources[-as] man page
	https://bugzilla.redhat.com/show_bug.cgi?id=921426
	Add to the man page a more complete description of what exactly the
	command expects on input and will return on output based on what is
	currently supported.
	Perhaps missing findPoolSources implementations are backends for
	sheepdog and rbd.  Also missing any backend is zfs.

	iscsi: Adjust error message for findStorageSources backend
	The virStorageBackendISCSIFindPoolSources API only needs the 'host' name
	in order to discover iSCSI pools, it returns the various device paths.
	On input, it's also possible to further restrict a search by providing the
	port attribute for the host element and the (undocumented) initiator element.
	For example:
	$  virsh find-storage-pool-sources-as iscsi
	error: Failed to find any iscsi pool sources
	error: invalid argument: hostname and device path must be specified for iscsi sources
	$ virsh find-storage-pool-sources-as iscsi 192.168.122.1
	<sources>
	  <source>
	    <host name='192.168.122.1' port='3260'/>
	    <device path='iqn.2013-12.com.example:iscsi-chap-lclpool'/>
	  </source>
	</sources>

	virsh.pod: Add information regarding LXC for setmem, memtune, and dominfo
	https://bugzilla.redhat.com/show_bug.cgi?id=1070695
	Modify the virsh man page to more accurately describe which values are
	set by the virsh setmem and displayed by the virsh memtune or dominfo
	based on the setmem command results.

	disk: Provide a default storage source format type.
	https://bugzilla.redhat.com/show_bug.cgi?id=1181062
	According to the formatstorage.html description for <source> element
	and "format" attribute: "All drivers are required to have a default
	value for this, so it is optional."
	As it turns out the disk backend did not choose a default value, so I
	added a default of "msdos" if the source type is "unknown" as well as
	updating the storage.html backend disk volume driver documentation to
	indicate the default format is dos.

	disk: Disallow duplicated target 'dev' values
	https://bugzilla.redhat.com/show_bug.cgi?id=1142631
	This patch resolves a situation where the same "<target dev='$name'...>"
	can be used for multiple disks in the domain.
	While the $name is "mostly" advisory regarding the expected order that
	the disk is added to the domain and not guaranteed to map to the device
	name in the guest OS, it still should be unique enough such that other
	domblk* type operations can be performed.
	Without the patch, the domblklist will list the same Target twice:
	$ virsh domblklist $dom
	Target     Source
	------------------------------------------------
	sda        /var/lib/libvirt/images/file.qcow2
	sda        /var/lib/libvirt/images/file.img
	Additionally, getting domblkstat, domblkerror, domblkinfo, and other block*
	type calls will not be able to reference the second target.
	Fortunately, hotplug disallows adding a "third" sda value:
	$ qemu-img create -f raw /var/lib/libvirt/images/file2.img 10M
	$ virsh attach-disk $dom /var/lib/libvirt/images/file2.img sda
	error: Failed to attach disk
	error: operation failed: target sda already exists
	$
	BUT, it since 'sdb' doesn't exist one would get the following on the same
	hotplug attempt, but changing to use 'sdb' instead of 'sda'
	$ virsh attach-disk $dom /var/lib/libvirt/images/file2.img sdb
	error: Failed to attach disk
	error: internal error: unable to execute QEMU command 'device_add': Duplicate ID 'scsi0-0-1' for device
	$
	Since we cannot fix this issue at parsing time, the best that can be done so
	as to not "lose" a domain is to make the check prior to starting the guest
	with the results as follows:
	$ virsh start $dom
	error: Failed to start domain $dom
	error: XML error: target 'sda' duplicated for disk sources '/var/lib/libvirt/images/file.qcow2' and '/var/lib/libvirt/images/file.img'
	$
	Running 'make check' found a few more instances in the tests where this
	duplicated target dev value was being used. These also exhibited some
	duplicated 'id=' values (negating the uniqueness argument of aliases) in
	the corresponding .args file and of course the *xmlout version of a few
	input XML files.

	virsh: Adjust domblklist to understand disk volume syntax
	A disk using a source pool is listed as having a source '-' in domblklist
	because it doesn't check the right XML syntax to find the source.
	Add a check for "./source/volume" which is where the "path" (of sorts)
	to the volume name is described.

2015-03-02  Peter Krempa  <pkrempa@redhat.com>

	conf: numa: Add helper to count total memory size configured in NUMA
	The total NUMA memory consists of the sum of individual NUMA node memory
	amounts.

	qemu: Forbid setting maximum memory size with the API with NUMA enabled
	NUMA enabled guest configuration explicitly specifies memory sizes for
	individual nodes. Allowing the virDomainSetMemoryFlags API (and friends)
	to change the total doesn't make sense as the individual node configs
	are not updated in that case.
	Forbid use of the API in case NUMA is specified.

	phyp: Fix error messages mentioning memory
	The messages for currentMemory and memory were swapped.

2015-03-02  Erik Skultety  <eskultet@redhat.com>

	docs: add a note that attr 'managed' is only used by PCI devices
	Our documentation isn't 100% clear about hostdev 'managed' attribute usage,
	because it only makes sense to use it with PCI devices, yet we format
	this attribute to all hostdev devices. By adding a note into the docs,
	we can possibly avoid confusion from customer's side and also avoid a solution
	using ternary logic.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1155887

2015-03-02  Peter Krempa  <pkrempa@redhat.com>

	storage: sheepdog: Avoid skipping variable initialization
	Commit 155ca616eb231181f6978efc9e3a1eb0eb60af8a added a error message
	that skips initialization of the 'cmd' variable. Fortunately it was not
	released.

2015-03-02  Ján Tomko  <jtomko@redhat.com>

	Check if domain is running in qemuDomainAgentIsAvailable
	If the domain is not running, the agent will not respond.
	Do not even try.
	https://bugzilla.redhat.com/show_bug.cgi?id=872424

	Pass virDomainObjPtr to qemuDomainAgentAvailable
	Not just the DomainObj's private data.

	Check for qemu guest agent availability after getting the job
	This way checks requiring the job can be done in qemuDomainAgentAvailable.

	Allow creating volumes with a backing store but no capacity
	The tool creating the image can get the capacity from the backing
	storage. Just refresh the volume afterwards.
	https://bugzilla.redhat.com/show_bug.cgi?id=958510

	Allow omitting volume capacity when backing store is specified
	Add VIR_VOL_XML_PARSE_OPT_CAPACITY flag to virStorageVolDefParseXML.
	With this flag, no error is reported when the capacity is missing
	if there is a backing store.

	Revert "Restore skipping of setting capacity"
	This reverts commit f1856eb622fde2e6c3a6a932d1dded7f1691d205.
	Now that we can update capacity from image metadata,
	we don't need to skip the update.

	Probe for capacity in virStorageBackendUpdateVolTargetInfo
	Instead of just looking at the output of fstat, call
	virStorageFileGetMetadata to get the full capacity from
	image headers.
	Note that the capacity is probed unconditionally. The updateCapacity
	bool parameter is ignored and will be removed in the following commit.

	Allow cloning volumes with no capacity specified
	In virStorageVolCreateXML, add VIR_VOL_XML_PARSE_NO_CAPACITY
	to the call parsing the XML of the new volume to make the capacity
	optional.
	If the capacity is omitted, use the capacity of the old volume.
	We already do that for values that are less than the original
	volume capacity.

	Allow parsing volumes without specifying the capacity
	Add VIR_VOL_XML_PARSE_NO_CAPACITY flag to the volume XML
	parser. When set, it allows the capacity element to be omitted.

	Parse backingStore before capacity in volume XML
	So we can allow omitting the capacity element if backing store is
	present.

	Add flags argument to virStorageVolDefParse*
	Allow the callers to pass down libvirt-internal flags.

	Add --migratable support to virsh cpu-baseline
	Wire up VIR_CONNECT_BASELINE_CPU_MIGRATABLE to this
	command line option.

	Trivially implement VIR_CONNECT_BASELINE_CPU_MIGRATABLE for non-x86 cpus
	Assume no features block migration.

	Implement VIR_CONNECT_BASELINE_CPU_MIGRATABLE in the x86 cpu driver
	Filter out non-migratable features if
	VIR_CONNECT_BASELINE_CPU_MIGRATABLE was specified.

	Add VIR_CONNECT_BASELINE_CPU_MIGRATABLE flag
	This flag for virConnectBaselineCPU will allow filtering out
	CPU features that block migration from the result.
	https://bugzilla.redhat.com/show_bug.cgi?id=1171484

	Use virBufferTrim when generating boot options
	Instead of tracking the number of added parameters,
	add a comma at the end of each one unconditionally
	and trim the trailing one at the end.

	Make -boot arg generation more readable
	If we combine the boot order on the command line with other
	boot options, we prepend order= in front of it.
	Instead of checking if the number of added arguments is between
	0 and 2, separate the strings for boot order and options
	and prepend boot order only if both strings are not empty.

	Remove code handling the QEMU_CAPS_DOMID capability
	This option is xenner-only (since commit b81a7ece),
	and we dropped support for xenner in commit de9be0a.

	Remove bootloader option from QEMU
	It was only supported by xenner (since commit 763a59d8),
	for which we removed support in commit de9be0a.
	Remove the code generating this command line option,
	refuse to parse it and delete the outdated tests.
	https://bugzilla.redhat.com/show_bug.cgi?id=1176050

	Post-release version bump for new dev cycle

2015-03-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.13

2015-02-27  Michal Privoznik  <mprivozn@redhat.com>

	docs: Add mist.io as libvirt-based application
	As reported on the libvirt-users list [1], there's new web
	application called mist.io which uses libvirt as one of its
	backends. Lets add it into our list of libivrt based
	applications.
	1: https://www.redhat.com/archives/libvirt-users/2015-February/msg00096.html

2015-02-27  Ján Tomko  <jtomko@redhat.com>

	Really fix XML formatting flags in SaveImageUpdateDef
	Commit cf2d4c6 used a logical or instead of bitwise or,
	effectively passing 1, that is VIR_DOMAIN_XML_INACTIVE.
	This was caught by a warning when building with clang.
	https://bugzilla.redhat.com/show_bug.cgi?id=1183869

	Ignore listen attribute of <graphics> for type network listens
	Commit 6992994 started filling the listen attribute
	of the parent <graphics> elements from type='network' listens.
	When this XML is passed to UpdateDevice, parsing fails:
	XML error: graphics listen attribute 10.20.30.40 must match
	address attribute of first listen element (found none)
	Ignore the address in the parent <graphics> attribute
	when no type='address' listens are found,
	the same we ignore the address for the <listen> subelements
	when parsing inactive XML.

2015-02-26  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Fix error type in virStorageSourceParseBackingURI
	The gluster volume name extraction code was copied from the XML parser
	without changing the VIR_ERR_XML_ERROR error code. Use
	VIR_ERR_CONFIG_UNSUPPORTED instead.

	util: storagefile: Don't crash on gluster URIs without path
	Similar to commit fdb80ed4f6563928b9942a0d1450e0c725aa6c06 libvirtd
	would crash if a gluster URI without path would be used in the backing
	chain of a volume. The crash happens in the gluster specific part of the
	parser that extracts the gluster volume name from the path.
	Fix the crash by checking that the PATH is NULL.
	This patch does not contain a test case as it's not possible to test it
	with the current infrastructure as the test suite would attempt to
	contact the gluster server in the URI. I'm working on the test suite
	addition but that will be post-release material.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1196528

2015-02-26  Ján Tomko  <jtomko@redhat.com>

	conf: error out on missing dhcp host attributes
	In virNetworkDHCPHostDefParseXML an error is reported
	when partialOkay == true, and none of ip, mac, name
	were supplied.
	Add the missing goto and error out in this case.

2015-02-26  Luyao Huang  <lhuang@redhat.com>

	conf: error out on invalid host id
	https://bugzilla.redhat.com/show_bug.cgi?id=1196503
	We already check whether the host id is valid or not, add a jump
	to forbid invalid host id.

2015-02-26  Laine Stump  <laine@laine.org>

	qemu: fix ifindex array reported to systemd
	Commit f7afeddc added code to report to systemd an array of interface
	indexes for all tap devices used by a guest. Unfortunately it not only
	didn't add code to report the ifindexes for macvtap interfaces
	(interface type='direct') or the tap devices used by type='ethernet',
	it ended up sending "-1" as the ifindex for each macvtap or hostdev
	interface. This resulted in a failure to start any domain that had a
	macvtap or hostdev interface (or actually any type other than
	"network" or "bridge").
	This patch does the following with the nicindexes array:
	1) Modify qemuBuildInterfaceCommandLine() to only fill in the
	nicindexes array if given a non-NULL pointer to an array (and modifies
	the test jig calls to the function to send NULL). This is because
	there are tests in the test suite that have type='ethernet' and still
	have an ifname specified, but that device of course doesn't actually
	exist on the test system, so attempts to call virNetDevGetIndex() will
	fail.
	2) Even then, only add an entry to the nicindexes array for
	appropriate types, and to do so for all appropriate types ("network",
	"bridge", and "direct"), but only if the ifname is known (since that
	is required to call virNetDevGetIndex().

	util: check for null ifname inside virNetDevBandwidthSet()
	Previously this function relied on having ATTRIBUTE_NONNULL(1) in its
	prototype rather than explicitly checking for a null
	ifname. Unfortunately, ATTRIBUTE_NONNULL is just a hint to the
	optimizer and code analyzers like Coverity, it doesn't actually check
	anything at execution time, so the result was possible warnings from
	Coverity, along with the possibility of null dereferences when ifname
	wasn't available.
	This patch removes the ATTRIBUTE_NONNULL from the prototype, and
	checks ifname inside the function, logging an error if it's NULL (once
	we've determined that the user really is trying to set a bandwidth).

	network: only clear bandwidth if it has been set
	libvirt was unconditionally calling virNetDevBandwidthClear() for
	every interface (and network bridge) of a type that supported
	bandwidth, whether it actually had anything set or not. This doesn't
	hurt anything (unless ifname == NULL!), but is wasteful.
	This patch makes sure that all calls to virNetDevBandwidthClear() are
	qualified by checking that the interface really had some bandwidth
	setup done, and checks for a null ifname inside
	virNetDevBandwidthClear(), silently returning success if it is null
	(as well as removing the ATTRIBUTE_NONNULL from that function's
	prototype, since we can't guarantee that it is never null,
	e.g. sometimes a type='ethernet' interface has no ifname as it is
	provided on the fly by qemu).

2015-02-26  Peter Krempa  <pkrempa@redhat.com>

	schema: Allow interleaving the /domain/os/type element
	The element wasn't declared under the interleave thus it was required
	always to be first. This made it inconvenient when pasting new stuff to
	the XML manually in the "wrong" place.

2015-02-25  Yuri Chornoivan  <yurchor@ukr.net>

	Fix typos in messages

2015-02-25  Ján Tomko  <jtomko@redhat.com>

	Fix error messages in virStorageFileGetMetadataFromFD
	Do not use relPath, it has not been filled by virStorageFileMetadataNew.

2015-02-25  Martin Kletzander  <mkletzan@redhat.com>

	schema: Add virtio-mmio address type into RNG
	The "virtio-mmio" is perfectly valid address type which we parse and
	format correctly, but it's missing in our RNG schemas, hence editing a
	domain with device having such address fails the validation.

2015-02-25  Ján Tomko  <jtomko@redhat.com>

	Clarify behavior or virDomainDetachDevice
	Document that a complete device definition should be used
	and a partial match can lead to the device being detached.
	https://bugzilla.redhat.com/show_bug.cgi?id=872028

	Assign default SCSI controller model before checking attribute validity
	If the qemu binary on x86 does not support lsi SCSI controller,
	but it supports virtio-scsi, we reject the virtio-specific attributes
	for no reason.
	Move the default controller assignment before the check.
	https://bugzilla.redhat.com/show_bug.cgi?id=1168849

2015-02-25  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Add missing parenthesis into man page

2015-02-25  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Use correct flags for ABI stability check in SaveImageUpdateDef
	https://bugzilla.redhat.com/show_bug.cgi?id=1183869
	Soo. you've successfully started yourself a domain. And since you want
	to use it on your host exclusively you are confident enough to
	passthrough the host CPU model, like this:
	  <cpu mode='host-passthrough'/>
	Then, after a while, you want to save the domain into a file (e.g.
	virsh save dom dom.save). And here comes the trouble. The file consist
	of two parts: Libvirt header (containing domain XML among other
	things), and qemu migration data. Now, the domain XML in the header is
	formatted using special flags (VIR_DOMAIN_XML_SECURE |
	VIR_DOMAIN_XML_UPDATE_CPU | VIR_DOMAIN_XML_INACTIVE |
	VIR_DOMAIN_XML_MIGRATABLE).
	Then, on your way back from the bar, you think of changing something
	in the XML in the saved file (we have a command for it after all), say
	listen address for graphics console. So you successfully type in the
	command:
	  virsh save-image-edit dom.save
	Change all the bits, and exit the editor. But instead of success
	you're left with sad error message:
	  error: unsupported configuration: Target CPU model <null> does not
	  match source Pentium Pro
	Sigh. Digging into the code you see lines, where we check for ABI
	stability. The new XML you've produced is compared with the old one
	from the saved file to see if qemu ABI will break or not. Wait, what?
	We are using different flags to parse the XML you've provided so we
	were just lucky it worked in some cases? Yep, that's right.

	cpu: Format <cpu/> properly
	Well, not that we are not formatting invalid XML, rather than not as
	beautiful as we can:
	  <cpu mode='host-passthrough'>
	  </cpu>
	If there are no children, let's use the singleton element.

	virCPUDefFormatBufFull: Use our general error handling pattern
	Well, so far there are no variables to free, no cleanup work needed on
	an error, so bare 'return -1;' after each error is just okay. But this
	will change in a while.

	util: Introduce virBufferAddBuffer
	This API joins the following two lines:
	char *s = virBufferContentAndReset(buf1);
	virBufferAdd(buf2, s, -1);
	into one:
	virBufferAddBuffer(buf2, buf1);
	With one exception: there's no re-indentation applied to @buf1.
	The idea is, that in general both can have different indentation
	(like the test I'm adding proves)

2015-02-24  Pavel Hrdina  <phrdina@redhat.com>

	qemu: fix memory leak while starting a guest
	In commit cc41c648 I've re-factored qemuMonitorFindBalloonObjectPath, but
	missed that there is a memory leak. The "nextpath" variable is
	overwritten while looping in for cycle and we have to free it before next
	cycle.

2015-02-24  Michal Privoznik  <mprivozn@redhat.com>

	network_conf: Forbid commas in DNS TXT
	https://bugzilla.redhat.com/show_bug.cgi?id=1151942
	While the restriction doesn't have origin in any RFC, it matters
	to us while constructing the dnsmasq config file (or command line
	previously). For better picture, this is how the corresponding
	part of network XML look like:
	  <dns>
	    <forwarder addr='8.8.4.4'/>
	    <txt name='example' value='example value'/>
	  </dns>
	And this is how the config file looks like then:
	  server=8.8.4.4
	  txt-record=example,example value
	Now we can see why there can't be any commas in the TXT name.
	They are used by dnsmasq to separate @name and @value.
	Funny, we have it in the documentation, but the code (which was
	pushed back in 2011) didn't reflect that.

2015-02-24  Stefan Zimmermann  <stzi@linux.vnet.ibm.com>

	Rework s390 architecture checking
	Making use of the ARCH_IS_S390 macro introduced with
	e808357528d8be1ebc3970424b4a7b7c04eda2b6
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

	Prevent default creation of usb controller on s390 and s390x
	Since s390 does not support usb the default creation of a usb controller
	for a domain should not occur.
	Also adjust s390 test cases by removing usb device instances since
	usb devices are no longer created by default for s390 the s390
	test cases need to be adjusted.
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2015-02-24  Daniel Hansel  <daniel.hansel@linux.vnet.ibm.com>

	man: moved virsh command cpu-models
	The description of the virsh command 'cpu-models' was written in the
	wrong context (i.e. beside the domain states).
	This patch moves the command description just to the cpu related
	commands like 'cpu-baseline' and 'cpu-compare'.

2015-02-23  Daniel P. Berrange  <berrange@redhat.com>

	po: Add config file for zanata
	Add configuration file for use with https://fedora.zanata.org
	translation system

2015-02-23  Michal Privoznik  <mprivozn@redhat.com>

	libvirt-guests: Allow time sync on guests resume
	Well, imagine domains were running, and as the host went down, they
	were managesaved. Later, after some time, the host went up again and
	domains got restored. But without correct time. And depending on how
	long was the host shut off, it may take some time for ntp to sync the
	time too. But hey, wait a minute. We have an API just for that! So:
	1) Introduce SYNC_TIME variable in libvirt-guests.sysconf to allow
	users control over the new functionality
	2) Call 'virsh domtime --sync $dom' in the libvirt-guests script.
	Unfortunately, this is all-or-nothing approach (just like anything
	else with the script). Domains are required to have configured and
	running qemu-ga inside.

2015-02-22  Cole Robinson  <crobinso@redhat.com>

	qemu: Fix AAVMF/OVMF #define names
	The AAVMF and OVMF names were swapped. Reorder the one usage where it
	matters so behavior doesn't change.

2015-02-21  Marek Marczykowski  <marmarek@invisiblethingslab.com>

	libxl: support backend domain setting for disk and net devices
	This implement handling of <backenddomain name=''/>  parameter introduced
	in previous patch.
	Works on Xen >= 4.3, because only there libxl supports setting backend
	domain by name.  Specifying backend domain by ID or UUID is currently not
	supported.

	conf: support backend domain name in disk and network devices
	At least Xen supports backend drivers in another domain (aka "driver
	domain"). This patch introduces an XML config option for specifying the
	backend domain name for <disk> and <interface> devices.  E.g.
	  <disk>
	    <backenddomain name='diskvm'/>
	    ...
	  </disk>
	  <interface type='bridge'>
	    <backenddomain name='netvm'/>
	    ...
	  </interface>
	In the future, same option will be needed for USB devices (hostdev
	objects), but for now libxl doesn't have support for PVUSB.

2015-02-21  Laine Stump  <laine@laine.org>

	network: allow <pf> together with <interface>/<address> in network status
	The function that parses the <forward> subelement of a network used to
	fail/log an error if the network definition contained both a <pf>
	element as well as at least one <interface> or <address> element. That
	check was present because the configuration of a network should have
	either one <pf>, one or more <interface>, or one or more <address>,
	but never combinations of multiple kinds.
	This caused a problem when libvirtd was restarted with a network
	already active - when a network with a <pf> element is started, the
	referenced PF (Physical Function of an SRIOV-capable network card) is
	checked for VFs (Virtual Functions), and the <forward> is filled in
	with a list of all VFs for that PF either in the form of their PCI
	addresses (a list of <address>) or their netdev names (a list of
	<interface>); the <pf> element is not removed though. When libvirtd is
	restarted, it parses the network status and finds both the original
	<pf> from the config, as well as the list of either <address> or
	<interface>, fails the parse, and the network is not added to the
	active list. This failure is often obscured because the network is
	marked as autostart so libvirt immediately restarts it.
	It seems odd to me that <interface> and <address> are stored in the
	same array rather than keeping two separate arrays, and having
	separate arrays would have made the check much simpler. However,
	changing to use two separate arrays would have required changes in
	more places, potentially creating more conflicts and (more
	importantly) more possible regressions in the event of a backport, so
	I chose to keep the existing data structure in order to localize the
	change.
	It appears that this problem has been in the code ever since support
	for <pf> was added (0.9.10), but until commit
	34cc3b2f106e296df5e64309620c79d16fd76c85 (first in libvirt 1.2.4)
	networks with interface pools were not properly marked as active on
	restart anyway, so there is no point in backporting this patch any
	further than that.

2015-02-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: caps: Add capability bit for the "pc-dimm" device
	The pc-dimm device represents a RAM memory module.

	conf: Hoist validation of memory size into the post parse callback
	Later patches will need to access the full definition to do check the
	memory size and thus the checking needs to be done after the whole
	definition including devices is known.

	conf: numa: Check ABI stability of NUMA configuration
	Add helper to compare initial sizes of indivitual NUMA nodes and the map
	of belonging vCPUs. Other configuration is not ABI.

	conf: ABI: Hugepage backing definition is not guest ABI
	The backing of the vm's memory isn't influencing the guest ABI thus
	shouldn't be checked.

	conf: Move all NUMA configuration to virDomainNuma
	For historical reasons data regarding NUMA configuration were split
	between the CPU definition and numatune. We cannot do anything about the
	XML still being split, but we certainly can at least store the relevant
	data in one place.
	This patch moves the NUMA stuff to the right place.

	conf: numa: Add setter/getter for NUMA node memory size
	Add the helpers and refactor places where the value is accessed without
	them.

	conf: numa: Add accessor to NUMA node's memory access mode

	conf: numa: Add accessor for the NUMA node cpu mask
	Add virDomainNumaGetNodeCpumask() and refactor a few places that would
	get the cpu mask without the helper.

	conf: numa: Add helper to get guest NUMA node count and refactor users
	Add an accessor so that a later refactor is simpler.

	qemu: command: Unify retrieval of NUMA cell count in qemuBuildNumaArgStr
	The function uses the cell count in 6 places. Add a temp variable to
	hold the count as it will greatly simplify the refactor.

	conf: numa: Don't pass double pointer to virDomainNumatuneParseXML
	virDomainNumatuneParseXML now doesn't allocate the def->numa object any
	longer so we don't need to pass a double pointer.

	numa: conf: Tweak parameters of virDomainNumatuneSet
	As virDomainNumatuneSet now doesn't allocate the virDomainNuma object
	any longer it's not necessary to pass the pointer to a pointer to store
	the object as it will not change any longer.
	While touching the parameter definitions I've also changed the name of
	the parameter to "numa".

	conf: numa: Always allocate the NUMA config
	Since our formatter now handles well if the config is allocated and not
	filled we can safely always-allocate the NUMA config and remove the
	ad-hoc allocation code.
	This will help in later patches as the parser will be refactored to just
	fill the data.

	conf: Allocate domain definition with the new helper
	Use the virDomainDefNew() helper to allocate the definition instead of
	doing it via VIR_ALLOC.

	conf: Separate helper for creating domain objects
	Move the existing virDomainDefNew to virDomainDefNewFull as it's setting
	a few things in the conf and re-introduce virDomainDefNew as a function
	without parameters for common use.

	conf: numa: Format <numatune> XML only if necessary
	Do a content-aware check if formatting of the <numatune> element is
	necessary. Later on the def->numa structure will be always present so we
	cannot decide only on the basis whether it's allocated.

	conf: numa: Refactor logic in virDomainNumatuneParseXML
	Shuffling around the logic will allow to simplify the code quite a bit.
	As an additional bonus the change in the logic now reports an error if
	automatic placement is selected and individual placement is configured.

	conf: numa: Reformat virDomainNumatuneParseXML
	Collapse few of the conditions so that the program flow is more clear.

	conf: numa: Improve error message in case a numa node doesn't have cpus
	Currently the code would exit without reporting an error as
	virBitmapParse reports one only if it fails to parse the bitmap, whereas
	the code was jumping to the error label even in case 0 cpus were
	correctly parsed in the map.

	conf: numa: Recalculate rather than remember total NUMA cpu count
	It's easier to recalculate the number in the one place it's used as
	having a separate variable to track it. It will also help with moving
	the NUMA code to the separate module.

	conf: Move enum virMemAccess to the NUMA code and rename it
	Name it virNumaMemAccess and add it to conf/numa_conf.[ch]
	Note that to avoid a circular dependency the type of the NUMA cell
	memAccess variable was changed to int. It will be turned back later
	after the circular dependency will not exist.

	conf: numa: Rename virDomainNumatune to virDomainNuma
	The structure will gradually become the only place for NUMA related
	config, thus rename it appropriately.

	conf: Move NUMA cell formatter to numa_conf
	Move the code that formats the /domain/cpu/numa element to numa_conf as
	it belongs there.

	conf: numa: Don't duplicate NUMA cell cpumask
	The mask was stored both as a bitmap and as a string. The string is used
	for XML output only. Remove the string, as it can be reconstructed from
	the bitmap.
	The test change is necessary as the bitmap formatter doesn't "optimize"
	using the '^' operator.

	conf: Refactor virDomainNumaDefCPUParseXML
	Rewrite the function to save a few local variables and reorder the code
	to make more sense.
	Additionally the ncells_max member of the virCPUDef structure is used
	only for tracking allocation when parsing the numa definition, which can
	be avoided by switching to VIR_ALLOC_N as the array is not resized
	after initial allocation.

	conf: Move NUMA cell parsing code from cpu conf to numa conf
	For weird historical reasons NUMA cells are added as a subelement of
	<cpu> while the actual configuration is done in <numatune>.
	This patch splits out the cell parser code from cpu config to NUMA
	config. Note that the changes to the code are minimal just to make it
	work and the function will be refactored in the next patch.

	conf: Move numatune_conf to numa_conf
	For a while now there are two places that gather information about NUMA
	related guest configuration. While the XML can't be changed we can at
	least store the data in one place in the definition.
	Rename the numatune_conf.[ch] files to numa_conf as later patches will
	move the rest of the definitions from the cpu definition to this one.

2015-02-20  Pavel Hrdina  <phrdina@redhat.com>

	virsh: fix vcpupin info
	The "virDomainGetInfo" will get for running domain only live info and for
	offline domain only config info. There was no way how to get config info
	for running domain. We will use "vshCPUCountCollect" instead to get the
	correct cpu count that we need to pass to "virDomainGetVcpuPinInfo".
	Also cleanup some unnecessary variables and checks that are done by
	drivers.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1160559

2015-02-20  Michal Privoznik  <mprivozn@redhat.com>

	virQEMUCapsCacheLookupCopy: Filter qemuCaps based on machineType
	Not all machine types support all devices, device properties, backends,
	etc. So until we create a matrix of [machineType, qemuCaps], lets just
	filter out some capabilities before we return them to the consumer
	(which is going to make decisions based on them straight away).
	Currently, as qemu is unable to tell which capabilities are (not)
	enabled for given machine types, it's us who has to hardcode the matrix.
	One day maybe the hardcoding will go away and we can create the matrix
	dynamically on the fly based on a few monitor calls.

	virQEMUCapsCacheLookupCopy: Pass machine type
	It will come handy in the near future when we will filter some
	capabilities based on it.

2015-02-20  Martin Kletzander  <mkletzan@redhat.com>

	virsh-edit: Make force editing usable
	When editing a domain with 'virsh edit' and failing validation, the
	usual message pops up:
	  Failed. Try again? [y,n,f,?]:
	Turning off validation can be useful, mainly for testing (but other
	purposes too), so this patch adds support for relaxing definition in
	virsh-edit and makes 'virsh edit <domain>' more usable.

2015-02-19  Mikhail Feoktistov  <mfeoktistov@parallels.com>

	parallels: Set the first HDD from XML as bootable
	1. Delete all boot devices for VM instance
	2. Find the first HDD from XML and set it as bootable
	Now we support only one boot device and it should be HDD.

	parallels: Use IS_CT() macro instead of STREQ("exe")

	parallels: code aligment

2015-02-19  Jiri Denemark  <jdenemar@redhat.com>

	Search for schemas and cpu_map.xml in source tree
	Not all files we want to find using virFileFindResource{,Full} are
	generated when libvirt is built, some of them (such as RNG schemas) are
	distributed with sources. The current API was not able to find source
	files if libvirt was built in VPATH.
	Both RNG schemas and cpu_map.xml are distributed in source tarball.

2015-02-19  Michal Privoznik  <mprivozn@redhat.com>

	qemuMigrationDriveMirror: Listen to events
	https://bugzilla.redhat.com/show_bug.cgi?id=1179678
	When migrating with storage, libvirt iterates over domain disks and
	instruct qemu to migrate the ones we are interested in (shared, RO and
	source-less disks are skipped). The disks are migrated in series. No
	new disk is transferred until the previous one hasn't been quiesced.
	This is checked on the qemu monitor via 'query-jobs' command. If the
	disk has been quiesced, it practically went from copying its content
	to mirroring state, where all disk writes are mirrored to the other
	side of migration too. Having said that, there's one inherent error in
	the design. The monitor command we use reports only active jobs. So if
	the job fails for whatever reason, we will not see it anymore in the
	command output. And this can happen fairly simply: just try to migrate
	a domain with storage. If the storage migration fails (e.g. due to
	ENOSPC on the destination) we resume the host on the destination and
	let it run on partly copied disk.
	The proper fix is what even the comment in the code says: listen for
	qemu events instead of polling. If storage migration changes state an
	event is emitted and we can act accordingly: either consider disk
	copied and continue the process, or consider disk mangled and abort
	the migration.

	qemuProcessHandleBlockJob: Take status into account
	Upon BLOCK_JOB_COMPLETED event delivery, we check if the job has
	completed (in qemuMonitorJSONHandleBlockJobImpl()). For better image,
	the event looks something like this:
	"timestamp": {"seconds": 1423582694, "microseconds": 372666}, "event":
	"BLOCK_JOB_COMPLETED", "data": {"device": "drive-virtio-disk0", "len":
	8412790784, "offset": 409993216, "speed": 8796093022207, "type":
	"mirror", "error": "No space left on device"}}
	If "len" does not equal "offset" it's considered an error, and we can
	clearly see "error" field filled in. However, later in the event
	processing this case was handled no differently to case of job being
	aborted via separate API. It's time that we start differentiate these
	two because of the future work.

	qemuProcessHandleBlockJob: Set disk->mirrorState more often
	Currently, upon BLOCK_JOB_* event, disk->mirrorState is not updated
	each time. The callback code handling the events checks if a blockjob
	was started via our public APIs prior to setting the mirrorState.
	However, some block jobs may be started internally (e.g. during
	storage migration), in which case we don't bother with setting
	disk->mirror (there's nothing we can set it to anyway), or other
	fields. But it will come handy if we update the mirrorState in these
	cases too. The event wasn't delivered just for fun - we've started the
	job after all.
	So, in this commit, the mirrorState is set to whatever job status
	we've obtained. Of course, there are some actions on some statuses
	that we want to perform. But instead of if {} else if {} else {} ...
	enumeration, let's move to switch().

2015-02-19  Peter Krempa  <pkrempa@redhat.com>

	qemu: Exit job on error path of qemuDomainSetVcpusFlags()
	Commit e105dc981438bc33fa771bd67cece6234dbf6c8d moved some code but
	didn't adjust the jump labels so that the job would be terminated.

2015-02-19  Pavel Hrdina  <phrdina@redhat.com>

	daemon: Fix segfault by reloading daemon right after start
	Libvirt could crash with segfault if user issue "service reload" right
	after "service start". One possible way to crash libvirt is to run reload
	during initialization of QEMU driver.
	It could happen when qemu driver will initialize qemu_driver_lock but
	don't have a time to set it's "config" and the SIGHUP arrives. The
	reload handler tries to get qemu_drv->config during "virStorageAutostart"
	and dereference it which ends with segfault.
	Let's ignore all reload requests until all drivers are initialized. In
	addition set driversInitialized before we enter virStateCleanup to
	ignore reload request while we are shutting down.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1179981

2015-02-18  Ján Tomko  <jtomko@redhat.com>

	docs: clarify nat range behavior
	All the addresses from the range are used, not just those
	that are in use on the host.
	https://bugzilla.redhat.com/show_bug.cgi?id=1079917

2015-02-17  Daniel P. Berrange  <berrange@redhat.com>

	docs: add page about virtlockd setup
	Introduce some basic docs describing the virtlockd setup.

	docs: split out sanlock setup docs
	In preparation for adding docs about virtlockd, split out
	the sanlock setup docs into a separate page.

2015-02-17  Pavel Hrdina  <phrdina@redhat.com>

	qemu_cgroup: initialize mem_mask to NULL
	If 'virNumaGetHostNodeset()' fails then the error path will try to free
	uninitialized pointer mem_mask. Introduced by commit af2a1f058.

2015-02-17  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	PowerPC : Forbid NULL CPU model with 'host-model' mode.
	PowerPC : Forbid NULL CPU model with 'host-model' mode in qemu command line.
	This ensures that an XML such as following:
	...
	  <cpu mode='host-model'>
	    <model fallback='allow'/>
	  </cpu>
	...
	will not generate a '-cpu host,compat=(null)' command line with qemu-system-ppc64.

	PowerPC : Make 'qemu-system-ppc64' the default emulator on ppc64[le].
	PowerPC : Explicitly associate 'qemu-system-ppc64' as the
	 default emulator for all 64-bit PowerPC guests ( both Big & Little Endian )

2015-02-17  Luyao Huang  <lhuang@redhat.com>

	qemu: fix vm deadlock when try to use numatune in session mode
	https://bugzilla.redhat.com/show_bug.cgi?id=1126762
	Commit 43b67f introduced a deadlock issue when we use numatune
	to change numa settings to a vm in session mode.
	Jump to endjob instead of jump to cleanup.

2015-02-17  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildMemoryBackendStr: Report backend requirement more appropriately
	So, when building the '-numa' command line, the
	qemuBuildMemoryBackendStr() function does quite a lot of checks to
	chose the best backend, or to check if one is in fact needed. However,
	it returned that backend is needed even for this little fella:
	  <numatune>
	    <memory mode="strict" nodeset="0,2"/>
	  </numatune>
	This can be guaranteed via CGroups entirely, there's no need to use
	memory-backend-ram to let qemu know where to get memory from. Well, as
	long as there's no <memnode/> element, which explicitly requires the
	backend. Long story short, we wouldn't have to care, as qemu works
	either way. However, the problem is migration (as always). Previously,
	libvirt would have started qemu with:
	  -numa node,memory=X
	in this case and restricted memory placement in CGroups. Today, libvirt
	creates more complicated command line:
	  -object memory-backend-ram,id=ram-node0,size=X
	  -numa node,memdev=ram-node0
	Again, one wouldn't find anything wrong with these two approaches.
	Both work just fine. Unless you try to migrated from the older libvirt
	into the newer one. These two approaches are, unfortunately, not
	compatible. My suggestion is, in order to allow users to migrate, lets
	use the older approach for as long as the newer one is not needed.

	qemuxml2argvtest: Fake response from numad
	Well, we can pretend that we've asked numad for its suggestion and let
	qemu command line be built with that respect. Again, this alone has no
	big value, but see later commits which build on the top of this.

	numatune_conf: Expose virDomainNumatuneNodeSpecified
	This function is going to be needed in the near future.

2015-02-16  Luyao Huang  <lhuang@redhat.com>

	virsh: fix IP address in vncdisplay for listen type='network'
	Just like the fix for domdisplay in commit 1ba815.

2015-02-14  John Ferlan  <jferlan@redhat.com>

	libxl: Resolve Coverity CHECKED_RETURN
	Periodically my Coverity scan will return a checked_return failure
	for libxlDomainShutdownThread call to libxlDomainStart. Followed the
	libxlAutostartDomain example in order to check the status, emit a
	message, and continue on.

	security: Resolve Coverity RESOURCE_LEAK
	Introduced by commit id 'c3d9d3bb' - return from virSecurityManagerCheckModel
	wasn't VIR_FREE()'ing the virSecurityManagerGetNested allocated memory.

2015-02-14  Luyao Huang  <lhuang@redhat.com>

	lxc: Fix container cleanup for LXCProcessStart
	Jumping to the cleanup label prior to starting the container failed to
	properly clean everything up that is handled by the virLXCProcessCleanup
	which is called if virLXCProcessStop is called on failure after the
	container properly starts. Most importantly is prior to this patch none
	of the stop/release hooks, host device reattachment, and network cleanup
	(that is reverse of virLXCProcessSetupInterfaces).

2015-02-14  John Ferlan  <jferlan@redhat.com>

	lxc: Modify/add some debug messages
	Modify the VIR_DEBUG message in virLXCProcessCleanup to make it clearer
	about the path.  Also add some more VIR_DEBUG messages in virLXCProcessStart
	in order to help debug error flow.

2015-02-14  Luyao Huang  <lhuang@redhat.com>

	lxc: Move console checks in LXCProcessStart
	https://bugzilla.redhat.com/show_bug.cgi?id=1176503
	Move the two console checks - one for zero nconsoles present and the
	other for an invalid console type to earlier in the processing rather than
	getting after performing some setup that has to be undone for what amounts
	to an invalid configuration.
	This resolves the above bug since it's not not possible to have changed
	the security labels when we cause the configuration check failure.

2015-02-13  Erik Skultety  <eskultet@redhat.com>

	security: Refactor virSecurityManagerGenLabel
	if (mgr == NULL || mgr->drv == NULL)
	    return ret;
	This check isn't really necessary, security manager cannot be a NULL
	pointer as it is either selinux (by default) or 'none', if no other driver is
	set in the config. Even with no config file driver name yields 'none'.
	The other hunk checks for domain's security model validity, but we should
	also check devices' security model as well, therefore this hunk is moved into
	a separate function which is called by virSecurityManagerCheckAllLabel that
	checks both the domain's security model and devices' security model.
	https://bugzilla.redhat.com/show_bug.cgi?id=1165485

	security: introduce virSecurityManagerCheckAllLabel function
	We do have a check for valid per-domain security model, however we still
	do permit an invalid security model for a domain's device (those which
	are specified with <source> element).
	This patch introduces a new function virSecurityManagerCheckAllLabel
	which compares user specified security model against currently
	registered security drivers. That being said, it also permits 'none'
	being specified as a device security model.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165485

2015-02-13  Ján Tomko  <jtomko@redhat.com>

	Wire up mrg_rxbuf option for qemu
	<interface ...>
	  ...
	  <model type='virtio'/>
	  <driver ...>
	    <host mrg_rxbuf='off'/>
	  </driver>
	</interface>
	will result in:
	-device virtio-net-pci,mrg_rxbuf=off,...
	https://bugzilla.redhat.com/show_bug.cgi?id=1186886

	Add mrg_rxbuf option to virtio interfaces
	Add an XML attribute to allow disabling merge of rx buffers
	on the host:
	<interface ...>
	  ...
	  <model type='virtio'/>
	  <driver ...>
	    <host mrg_rxbuf='off'/>
	  </driver>
	</interface>
	https://bugzilla.redhat.com/show_bug.cgi?id=1186886

2015-02-13  Michal Privoznik  <mprivozn@redhat.com>

	virsh attach-interface: Allow macvtap hotplug
	Our hotplug code supports macvtap insertion to guests. However, we
	somehow forgot about 'attach-interface' (which tries to build XML from
	passed arguments and use virDomainAttachDeviceFlags()).
	New type is accessible under 'direct' type, to keep the same type as
	used in domain XML.

	virsh attach-interface: Use virDomainNetType{From,To}String()
	Instead of verbose string to enum conversion (if STREQ() else if
	STREQ() else if STREQ() ...) lets use virDomainNetType{From,To}String.

	virsh attach-interface: Use enum instead of arbitrary integers
	The type of interface to attach is held in the variable 'typ'.
	Depending on interface type selected by user, the variable is set
	either to 1 (network), or 2 (bridge). Lets use already existing
	enum from domain_conf.h instead: virDomainNetType.

	libvirt_private.syms: Expose virDomainNetTypeFromString
	The enum converters are defined in the domain_conf.h (so
	accessible widely across the code), but on the symbol layer, only
	virDomainNetTypeToString was exposed. However, FromString variant
	is going to be needed shortly.

2015-02-13  Pavel Hrdina  <phrdina@redhat.com>

	virprocess: fix MinGW build and RHEL-5 build
	Commit b6a2828e introduced new functions to set process scheduler. There
	is a small typo in ELSE path for systems where scheduler is not
	available.
	Also some of the definitions were introduced later in kernel. For
	example RHEL-5 is running on kernel 2.6.18, but SCHED_IDLE was introduces
	in 2.6.23 [1] and SCHED_BATCH in 2.6.16 [1]. We should not count only on
	existence of function sched_setscheduler(), we must also check for
	existence of used macros as they might not be defined.
	[1] see 'man 7 sched'

2015-02-13  Zhang Bo  <oscar.zhangbo@huawei.com>

	Fix a syntax error in the description text of libvirtd.conf
	not yet not -> not yet.

2015-02-12  Martin Kletzander  <mkletzan@redhat.com>

	docs: Fix version reference in vcpu/iothread scheduling

2015-02-12  Daniel P. Berrange  <berrange@redhat.com>

	Allow shrinking of file based volumes
	While the main storage driver code allows the flag
	VIR_STORAGE_VOL_RESIZE_SHRINK to be set, none of the backend
	drivers are supporting it. At the very least this can work
	for plain file based volumes since we just ftruncate() them
	to the new size. It does not work with qcow2 volumes, but we
	can arguably delegate to qemu-img for error reporting for that
	instead of second guessing this for ourselves:
	$ virsh vol-resize --shrink /home/berrange/VirtualMachines/demo.qcow2 2G
	error: Failed to change size of volume 'demo.qcow2' to 2G
	error: internal error: Child process (/usr/bin/qemu-img resize /home/berrange/VirtualMachines/demo.qcow2 2147483648) unexpected exit status 1: qemu-img: qcow2 doesn't support shrinking images yet
	qemu-img: This image does not support resize
	See also https://bugzilla.redhat.com/show_bug.cgi?id=1021802

	qemu: do upfront check for vcpupids being null when querying pinning
	The qemuDomainHelperGetVcpus attempted to report an error when the
	vcpupids info was NULL. Unfortunately earlier code would clamp the
	value of 'maxinfo' to 0 when nvcpupids was 0, so the error reporting
	would end up being skipped.
	This lead to 'virsh vcpuinfo <dom>' just returning an empty list
	instead of giving the user a clear error.

	qemu: fix setting of VM CPU affinity with TCG
	If a previous commit I fixed the incorrect handling of vcpu pids
	for TCG mode QEMU:
	  commit b07f3d821dfb11a118ee75ea275fd6ab737d9500
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Thu Dec 18 16:34:39 2014 +0000
	    Don't setup fake CPU pids for old QEMU
	    The code assumes that def->vcpus == nvcpupids, so when we setup
	    fake CPU pids for old QEMU with nvcpupids == 1, we cause the
	    later code to read off the end of the array. This has fun results
	    like sche_setaffinity(0, ...) which changes libvirtd's own CPU
	    affinity, or even better sched_setaffinity($RANDOM, ...) which
	    changes the affinity of a random OS process.
	The intent was that this would merely disable the ability to set
	per-vCPU affinity. It should still have been possible to set VM
	level host CPU affinity.
	Unfortunately, when you set  <vcpu cpuset='0-1'>4</vcpu>, the XML
	parser will internally take this & initialize an entry in the
	def->cputune.vcpupin array for every VCPU. IOW this is implicitly
	being treated as
	  <cputune>
	    <vcpupin cpuset='0-1' vcpu='0'/>
	    <vcpupin cpuset='0-1' vcpu='1'/>
	    <vcpupin cpuset='0-1' vcpu='2'/>
	    <vcpupin cpuset='0-1' vcpu='3'/>
	  </cputune>
	Even more fun, the faked cputune elements are hidden from view when
	querying the live XML, because their cpuset mask is the same as the
	VM default cpumask.
	The upshot was that it was impossible to set VM level CPU affinity.
	To fix this we must update qemuProcessSetVcpuAffinities so that it
	only reports a fatal error if the per-VCPU cpu mask is different
	from the VM level cpu mask.

2015-02-12  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	libxl: disable VNC and SDL until explicitly enabled
	When initializing a libxl_domain_build_info struct with
	libxl_domain_build_info_init(), VNC is enabled by default.  As a
	result, VMs configured with no graphics still have VNC enabled.
	This behavior is a regression wrt to the legacy Xen driver.

	libxl: pass ipaddr to libxl toolstack
	Do not silently ignore its value. LibXL support only one address, so
	refuse multiple IPs.

2015-02-12  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Add support for setting vCPU and I/O thread scheduler setting
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178986

	docs, schema, conf: Add support for setting scheduler parameters of guest threads
	In order for QEMU vCPU (and other) threads to run with RT scheduler,
	libvirt needs to take care of that so QEMU doesn't have to run privileged.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178986

	util: Add virProcessSetScheduler() function for scheduler settings
	This function uses sched_setscheduler() function so it works with
	processes and threads as well (even threads not created by us, which is
	what we'll need in the future).

2015-02-12  Laine Stump  <laine@laine.org>

	domain: include portgroup in interface status xml
	Prior to commit 7d5bf484747 (first appearing in libvirt 1.2.2), the
	status XML of a domain's interface was missing a lot of important
	information; mainly it just output the config of the interface, plus
	the name of the tap device and qemu device alias. Commit 7d5bf484747
	changed the status XML to include many important bits of information
	that were required to make network "hook" scripts useful - bandwidth
	information, vlan tag, the name of the bridge (or physical device in
	the case of macvtap) that the tap/macvtap device was attached to - the
	commit log for 7d5bf484747 has a very detailed explanation of the
	change. For quick reference - in the example given there, prior to the
	change, status XML looked like figure [C]:
	      <interface type='network'>
	        <source network='testnet' portgroup='admin'/>
	        <target dev='macvtap0'/>
	        <alias name='net0'/>
	        <address type='pci' domain='0x0000' bus='0x00'
	                 slot='0x03' function='0x0'/>
	      </interface>
	and after the change, it looked like figure [E]:
	      <interface type='direct'>
	        <source dev='p4p1_0' mode='bridge'/>
	        <bandwidth>
	            <inbound average='1000' peak='5000' burst='1024'/>
	            <outbound average='128' peak='256' burst='256'/>
	        </bandwidth>
	        <target dev='macvtap0'/>
	        <alias name='net0'/>
	        <address type='pci' domain='0x0000' bus='0x00'
	                 slot='0x03' function='0x0'/>
	      </interface>
	You'll notice that bandwidth info, physdev, and macvtap mode have been
	added, but the network and portgroup names are now missing - I didn't
	think that this information was of any use once the needed
	bandwidth/vlan/etc config had been pulled from the network/portgroup.
	I was wrong.
	A few months after that change a user on IRC asked what happened to
	portgroup in the status XML and described how he used it (more or less
	as a tag to decide what external information to use in a hook script
	that was run at startup/migration time - see
	http://wiki.libvirt.org/page/OVS_and_PVLANS ). At that time I planned
	to make a patch to re-add portgroup, but life intervened as that was
	just prior to a transatlantic move involving several weeks of
	"vacation". During this time I somehow forgot to make the patch, and
	also mistakenly remembered that I *had* made it.
	Subsequent to this, as a part of mprivozn's work to add support for
	network-specific hooks, I did re-add the output of the network name in
	status XML, but once again completely forgot about portgroup. This was
	in commit a3609121 (first appearing in libvirt 1.2.11). This made the
	status XML from the above example look like this:
	      <interface type='direct'>
	        <source network='testnet' dev='p4p1_0' mode='bridge'/>
	        <bandwidth>
	            <inbound average='1000' peak='5000' burst='1024'/>
	            <outbound average='128' peak='256' burst='256'/>
	        </bandwidth>
	        <target dev='macvtap0'/>
	        <alias name='net0'/>
	        <address type='pci' domain='0x0000' bus='0x00'
	                 slot='0x03' function='0x0'/>
	      </interface>
	*This* patch just adds the portgroup back to the status XML, so the
	 same example interface will look like this:
	      <interface type='direct'>
	        <source network='testnet' portgroup='admin'
	                dev='p4p1_0' mode='bridge'/>
	        <bandwidth>
	            <inbound average='1000' peak='5000' burst='1024'/>
	            <outbound average='128' peak='256' burst='256'/>
	        </bandwidth>
	        <target dev='macvtap0'/>
	        <alias name='net0'/>
	        <address type='pci' domain='0x0000' bus='0x00'
	                 slot='0x03' function='0x0'/>
	      </interface>
	The result is that the status XML now contains all information about
	how the interface is setup (bandwidth, physical device, tap device,
	etc), in addition to pointers to its origin (the network and
	portgroup).

	domain: avoid potential memory leak in virDomainGraphicsListenSet*()
	virDomainGraphicsListenSetAddress() and
	virDomainGraphicsListenSetNetwork() both set their respective char* to
	NULL directly when asked to set it to NULL, which is okay as long as
	it's already set to NULL. If these functions are ever called to clear
	a listen object that has a valid string in address or network, it will
	end up leaking the old value. Currently that doesn't happen, so this
	is just a preemptive strike.

	domain: backfill listen address to parent <graphics> listen attribute
	Prior to 0.9.4, libvirt only supported a single listen, and it had to
	be an IP address:
	   <graphics listen='1.2.3.4' ..../>
	Starting with 0.9.4, a graphics element could have a <listen>
	subelement (actually the grammar supports multiples, but all of the
	drivers only support a single <listen> per <graphics>), and that
	listen element can be of type='address' or type='network'. For
	type='address', <listen> also has an attribute called 'address' which
	contains the IP address for listening:
	    <graphics ....>
	      <listen type='address' address='1.2.3.4' .../>
	    </graphics>
	type can also be "network", and in that case listen will have a
	"network" attribute which will contain the name of a libvirt
	network:
	    <graphics ....>
	      <listen type='network' network='testnet' .../>
	    </graphics>
	At domain start (or migrate) time, libvirt will attempt to
	find an IP address associated with that network (e.g. the IP address
	of the bridge device used by the network, or the physical device
	listed in <forward dev='physdev'/>) and fill in that address in the
	status XML:
	    <graphics ....>
	      <listen type='network' network='testnet' address='1.2.3.4' .../>
	    </graphics>
	In the case that a <graphics> element has a <listen> subelement of
	type='address', that listen subelement's "address" attribute is
	backfilled into the parent graphics element's "listen" *attribute* for
	backward compatibility (so that a management application unaware of
	the separate <listen> element can still learn the listen
	address). This backfill should be done with the IP learned from
	type='network' as well, and that's what this patch does:
	    <graphics listen='1.2.3.4' ....>
	      <listen type='network' network='testnet' address='1.2.3.4' .../>
	    </graphics>
	This is a continuation of the fix for:
	   https://bugzilla.redhat.com/show_bug.cgi?id=1191016

2015-02-11  Luyao Huang  <lhuang@redhat.com>

	virsh: fix IP address in domdisplay for listen type='network'
	https://bugzilla.redhat.com/show_bug.cgi?id=1191016
	virsh's domdisplay command looks in /domain/devices/graphics/@listen
	of the domain's XML for the listen address, however for listen
	type='network' (added in libvirt 0.9.4), the <graphics> element
	doesn't have a listen attribute, but has a <listen> subelement,
	*still* with no address (this is the inactive XML):
	 <graphics type='spice' autoport='yes' keymap='en-us'>
	  <listen type='network' network='default'/>
	 </graphics>
	However, at domain start time the <listen> subelement gets its address
	attribute filled in once libvirt figures out the IP address associated
	with the named network (this is the status XML):
	 <graphics type='spice' port='5901' autoport='yes' keymap='en-us'>
	  <listen type='network' address='192.168.122.1' network='default'/>
	 </graphics>
	So in these cases, we need to look at
	/domain/devices/graphics/listen/@address instead.
	Even though another patch is being pushed that will backfill
	listen/@address into @listen, this patch is still useful, as it fixes
	domdisplay for cases of a new virsh (with this patch) connecting to a
	libvirtd that is newer than 0.9.4 but doesn't have the followup patch.

2015-02-11  Pavel Hrdina  <phrdina@redhat.com>

	bhyvexml2argvmock: change int to size_t for tapfdSize
	Commit c5b6a4a5 forget to update also this mock function.

2015-02-11  John Ferlan  <jferlan@redhat.com>

	qemu: qemuOpenFileAs - set flag VIR_FILE_OPEN_FORCE_MODE
	In the event we're falling into the code that tries to create the file
	in a forked environment (VIR_FILE_OPEN_FORK) we pass different mode bits,
	but those are never set because the virFileOpenForceOwnerMode has a check
	if the OPEN_FORCE_MODE bit is set before attempting to change the mode.
	Since this is a special case it seems reasonable to set u+rw,g+rw,o

	virfile: Adjust error path for virFileOpenForked
	Rather than have a dummy waitpid loop and return of the failure status
	from recvfd, adjust the logic to save the recvfd error & fd and then
	in priority order:
	- if waitpid failed, use that errno value
	- waitpid succeeded, but if the child exited abnormally, report failure
	(use EACCES to report as return failure, since either EACCES or EPERM is
	what caused us to fall into the fork+setuid path)
	- waitpid succeeded, but if the child reported non-zero status, report
	failure (use the errno value that the child encoded into exit status)
	- waitpid succeeded, but if recvfd failed, report recvfd_errno
	- waitpid and recvfd succeeded, use the fd
	NOTE: Original logic to retry the open and force owner mode was
	"documented" as only being attempted if we had already tried opening
	with the fork+setuid, but checked flags vs. VIR_FILE_OPEN_NOFORK which
	is counter to how we would get to that point. So that code was removed.

2015-02-11  Luyao Huang  <lhuang@redhat.com>

	qemu: fix crash when migrateuri has no scheme
	https://bugzilla.redhat.com/show_bug.cgi?id=1191355
	When we attempt to migrate a vm with a migrateuri that has no scheme:
	 # virsh migrate test4 --live qemu+ssh://lhuang/system --migrateuri 127.0.0.1
	target libvirtd will crash because uri->scheme is NULL in
	qemuMigrationPrepareDirect on this line:
	     if (STRNEQ(uri->scheme, "tcp") &&
	Add a value check before this line. Also fix a bug like this in
	doNativeMigrate, that could only happen when destination libvirtd
	returned an incorrect URI.

2015-02-11  Zhang Bo  <oscar.zhangbo@huawei.com>

	conf: Fix libvirtd crash and memory leak caused by virDomainVcpuPinDel()
	The function virDomainVcpuPinDel() used vcpupin_list to stand for
	def->cputune.vcpupin, which made the codes more readable.
	However, in this function, it will realloc vcpupin_list later.
	As the definition of realloc(), it may free vcpupin_list and then
	points it to a new-realloced address, but def->cputune.vcpupin doesn't
	point to the new address(it's freed however).
	Thus,
	1) When we refer to the def->cputune.vcpupin afterwards, which was freed
	by realloc(), an INVALID READ occurs, and libvirtd may crash.
	2) As no one will use vcpupin_list any more, and no one frees it(it's just
	alloced by realloc()), memory leak occurs.
	Part of the valgrind logs are shown as below:
	==1837== Thread 15:
	==1837== Invalid read of size 8
	==1837==    at 0x5367337: virDomainDefFormatInternal (domain_conf.c:18392)
	        which is : virBufferAsprintf(buf, "<vcpupin vcpu='%u' ",
	                          def->cputune.vcpupin[i]->vcpuid);
	==1837==    by 0x536966C: virDomainObjFormat (domain_conf.c:18970)
	==1837==    by 0x5369743: virDomainSaveStatus (domain_conf.c:19166)
	==1837==    by 0x117B26DC: qemuDomainPinVcpuFlags (qemu_driver.c:4586)
	==1837==    by 0x53EA313: virDomainPinVcpuFlags (libvirt.c:9803)
	==1837==    by 0x14CB7D: remoteDispatchDomainPinVcpuFlags (remote_dispatch.h:6762)
	==1837==    by 0x14CC81: remoteDispatchDomainPinVcpuFlagsHelper (remote_dispatch.h:6740)
	==1837==    by 0x5464C30: virNetServerProgramDispatchCall (virnetserverprogram.c:437)
	==1837==    by 0x546507A: virNetServerProgramDispatch (virnetserverprogram.c:307)
	==1837==    by 0x171B83: virNetServerProcessMsg (virnetserver.c:172)
	==1837==    by 0x171E6E: virNetServerHandleJob (virnetserver.c:193)
	==1837==    by 0x5318E78: virThreadPoolWorker (virthreadpool.c:145)
	==1837==  Address 0x12ea2870 is 0 bytes inside a block of size 16 free'd
	==1837==    at 0x4C291AC: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==1837==    by 0x52A3D14: virReallocN (viralloc.c:245)
	==1837==    by 0x52A3DFB: virShrinkN (viralloc.c:372)
	==1837==    by 0x52A3F57: virDeleteElementsN (viralloc.c:503)
	==1837==    by 0x533939E: virDomainVcpuPinDel (domain_conf.c:15405)  //doReset为true时才会进到。
	==1837==    by 0x117B2642: qemuDomainPinVcpuFlags (qemu_driver.c:4573)
	==1837==    by 0x53EA313: virDomainPinVcpuFlags (libvirt.c:9803)
	==1837==    by 0x14CB7D: remoteDispatchDomainPinVcpuFlags (remote_dispatch.h:6762)
	==1837==    by 0x14CC81: remoteDispatchDomainPinVcpuFlagsHelper (remote_dispatch.h:6740)
	==1837==    by 0x5464C30: virNetServerProgramDispatchCall (virnetserverprogram.c:437)
	==1837==    by 0x546507A: virNetServerProgramDispatch (virnetserverprogram.c:307)
	==1837==    by 0x171B83: virNetServerProcessMsg (virnetserver.c:172)
	Steps to reproduce the problem:
	1) use virDomainPinVcpuFlags() to pin a guest's vcpu to all the pcpus
	of the host.
	This patch uses def->cputune.vcpupin instead of vcpupin_list to do the
	realloc() job, to avoid invalid read or memory leaking.

2015-02-11  Erik Skultety  <eskultet@redhat.com>

	conf: forbid seclabel duplicates for domain devices
	Parser checks for per-domain seclabel duplicates, so it would be nice if
	it checked for per-device seclabel duplicates the same way
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165485

	schema: allow multiple seclabel for devices in domaincommon.rng
	In our RNG schema we do allow multiple (different) seclabels per-domain,
	but don't allow this for devices, yet we neither have a check in our XML parser,
	nor in a post-parse callback. In that case we should allow multiple
	(different) seclabels for devices as well.

2015-02-10  Ján Tomko  <jtomko@redhat.com>

	Fix qemu job handling in SetSchedulerParameters
	Commit c5ee5cf added a job to SetSchedulerParameters, but
	forgot to change one label in the SCHED_RANGE_CHECK macro.

2015-02-10  Luyao Huang  <lhuang@redhat.com>

	qemu: Implement random number generator hotunplug

	qemu: Implement random number generator hotplug
	Export the required helpers and add backend code to hotplug RNG devices.

2015-02-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: Implement random number generator cold (un)plug
	Add support for using the attach/detach device APIs on the inactive
	configuration to add RNG devices.

2015-02-10  Luyao Huang  <lhuang@redhat.com>

	conf: Add helpers to insert/remove/find RNG devices in domain def
	The helpers will be useful when implementing hotplug and coldplug of
	random number generator devices.

	audit: export virDomainAuditRNG

2015-02-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Refactor creation of RNG device commandline
	As the RNG device is using an -object as backend refactor the code to
	use the JSON to commandline generator so that we can reuse the code
	later in hotplug.

	qemu: command: Break some very long lines in qemuBuildRNGDevStr()

	qemu: command: Shuffle around formatting of alias for RNG device backend
	Move the alias name right after the object type for rng-egd backend so
	that we can later use the JSON to commandline generator to create the
	command line.

2015-02-10  Luyao Huang  <lhuang@redhat.com>

	qemu: command: Make RNG backend device IDs unique
	Libvirt didn't prefix the random number generator backend object alias
	with any string thus the device alias and object alias were identical.
	To avoid possible problems, rename the alias for the backend object and
	tweak tests to comply with the change.

	qemu: refactor qemuBuildRNGDeviceArgs to allow reuse in RNG hotplug
	Rename qemuBuildRNGDeviceArgs to qemuBuildRNGDevStr and change the
	return type so that it can be reused in the device hotplug code later.

	qemu: Add helper to assign RNG device aliases
	This function is used to assign an alias for a RNG device. It will be
	later reused when hotplugging RNGs.

2015-02-10  Peter Krempa  <pkrempa@redhat.com>

	conf: Introduce helper to find duplicate device address
	When adding devices to the definition it's useful to check whether the
	devices don't reside on a conflicting address. This patch adds a helper
	that iterates all device info and compares the addresses with the given
	info.

2015-02-10  Martin Kletzander  <mkletzan@redhat.com>

	conf: disallow invalid values for video attributes
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1190956

2015-02-09  Stefan Zimmermann  <stzi@linux.vnet.ibm.com>

	S390: Documentation for ccw address type
	Change the wording in the device-address-part of the docmunentation since
	the ccw bus address support added to the optional address parameter of
	virsh attach-disk for S390.
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>

	S390: ccw support for virsh attach-disk address parameter
	Adding ccw bus address support to the optional address parameter of virsh
	attach-disk. The format used is ccw:cssid. ssid.devno, e.g.
	ccw:0xfe.0x0.0x0201
	Virtio-ccw devices must have their cssid set to 0xfe.
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>

2015-02-09  Erik Skultety  <eskultet@redhat.com>

	conf: fix a minor typo

2015-02-09  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Clear dynamic seclabels on LXCProcessStart failure
	commit a58e1cb4 didn't fix the bug if the security_default_confined is
	not set to 1. We now clean up even if there is no seclabel defined or
	the default one.

2015-02-07  Stefan Zimmermann  <stzi@linux.vnet.ibm.com>

	maint: improve usage of autogen's --no-git
	If you build libvirt with the --no-git option, then gnulib requires
	either $GNULIB_SRCDIR in the environment or --gnulib-srcdir on the
	command line.  But we had not been supporting its use from the
	command line.  This patch is a bit picky: --gnulib-srcdir must be
	passed immediately after --no-git; but since we don't reorder
	arguments, and since we already required --no-git to be first to
	have any effect, it's not too horrible.  It also does the wrong
	thing if you include spaces in your arguments, but developers
	doing that deserve what they get, right?

2015-02-06  Laine Stump  <laine@laine.org>

	network: don't allow multiple portgroups with the same name in a network
	When defining and creating networks, we have been checking to make
	sure there is only a single "default" portgroup, but haven't verified
	that no two portgroups have the same name. We *do* check for multiple
	definitions when updating the portgroups in an existing network
	though.
	This patch adds a check to networkValidate(), which is called when a
	network is defined or created, to disallow duplicate names. It would
	actually make sense to do this in the network XML parser (since it's
	not really "something that might make sense but isn't supported by
	this driver", but is instead "something that should never be
	allowed"), but doing that carries the danger of causing errors when
	rereading the config of existing networks when libvirtd is restarted
	after an upgrade, and that would result in networks disappearing from
	libvirt's list. (I'm thinking I should change the error to "XML_ERROR"
	instead of "UNSUPPORTED", even though that's not the type of error
	that networkValidate is intended for)
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1115858

2015-02-06  Ján Tomko  <jtomko@redhat.com>

	Error out when custom tap device path makes no sense
	It is only usable for NETWORK and BRIDGE type interfaces.
	Error out when trying to start a domain where the custom
	tap device path is specified for interfaces of other types,
	or when the daemon is not privileged.
	Note that this cannot be checked at definition time, because
	the comparison is against actual type.
	https://bugzilla.redhat.com/show_bug.cgi?id=1147195

	Only parse custom vhost path for virtio interfaces
	It is only supported for virtio adapters.
	Silently drop it if it was specified for other models,
	as is done for other virtio attributes.
	Also mention this in the documentation.
	https://bugzilla.redhat.com/show_bug.cgi?id=1147195

	Trivially support DomainHasManagedSaveImage
	Return 0 instead of ERR_NO_SUPPORT in each driver
	where we don't support managed save or -1 if
	the domain does not exist.
	This avoids spamming daemon logs when 'virsh dominfo' is run.
	https://bugzilla.redhat.com/show_bug.cgi?id=1095637

2015-02-06  Daniel P. Berrange  <berrange@redhat.com>

	qemu: include libvirt & QEMU versions in QEMU log files
	It is often helpful to know which version of libvirt and QEMU
	was present when a guest was first launched. Ensure this info
	is written into the QEMU log file for each guest.

2015-02-06  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	libxl: update dom->id in libxlDomainCreateWithFlags
	Otherwise domainCreateWithFlags via remote returns -1 as domid.

2015-02-05  John Ferlan  <jferlan@redhat.com>

	nodedev: check/add for scsi_host caps for NumOfCaps and ListCaps
	Commit id '652a2ec6' introduced two new node device capability flags
	and the ability to use those flags as a way to search for a specific
	subset of a 'scsi_host' device - namely a 'fc_host' and/or 'vports'.
	The code modified the virNodeDeviceCapMatch whichs allows for searching
	using the 'virsh nodedev-list [cap]' via virConnectListAllNodeDevices.
	However, the original patches did not account for other searches for
	the same capability key from virNodeDeviceNumOfCaps and virNodeDeviceListCaps
	using nodeDeviceNumOfCaps and nodeDeviceListCaps. Since 'fc_host' and
	'vports' are self defined bits of a 'scsi_host' device mere string
	comparison against the basic/root type is not sufficient.
	This patch adds the check for the 'fc_host' and 'vports' bits within
	a 'scsi_host' device and allows the following python code to find the
	capabilities for the device:
	import libvirt
	conn = libvirt.openReadOnly('qemu:///system')
	devs = conn.listAllDevices()
	for dev in devs:
	    if 'fc_host' in dev.listCaps() or 'vports' in dev.listCaps():
	        print dev.name(),dev.numOfCaps(),dev.listCaps()

2015-02-05  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	nodedev: check/add for scsi_host caps for ListDevices
	Commit id '652a2ec6' introduced two new node device capability flags
	and the ability to use those flags as a way to search for a specific
	subset of a 'scsi_host' device - namely a 'fc_host' and/or 'vports'.
	The code modified the virNodeDeviceCapMatch whichs allows for searching
	using the 'virsh nodedev-list [cap]' via virConnectListAllNodeDevices.
	However, the original patches did not account for other searches for
	the same capability key from virNodeListDevices using virNodeDeviceHasCap.
	Since 'fc_host' and 'vports' are self defined bits of a 'scsi_host'
	device mere string comparison against the basic/root type is not
	sufficient.
	This patch adds the check for the 'fc_host' and 'vports' bits within
	a 'scsi_host' device and allows the following python code to find the
	capabilities for the device:
	import libvirt
	conn = libvirt.openReadOnly('qemu:///system')
	fc = conn.listDevices('fc_host', 0)
	print(fc)
	fc = conn.listDevices('vports', 0)
	print(fc)

2015-02-05  Luyao Huang  <lhuang@redhat.com>

	qemu: Properly report error on uuid mismatch in the migration cookie
	Add the missing jump to the error label when the uuid in the
	migration cookie XML does not match the uuid of the migrated
	domain.

2015-02-04  Luyao Huang  <lhuang@redhat.com>

	lxc: fix double close handshakefds[1]

2015-02-04  Olivia Yin  <hong-hua.yin@freescale.com>

	cpu: add Freescale ppc64 CPU models
	With this patch, Freescale ppc64 CPU modesl could be recognized.
	virsh # cpu-models ppc64
	POWERPC_e6500
	POWERPC_e5500
	power8
	power8e
	power7+
	power7
	power6
	POWER8_v1.0
	POWER7+_v2.1
	POWER7_v2.3
	POWER7_v2.1
	POWER7
	virsh # capabilities
	<capabilities>
	  <host>
	    <uuid>5a54efa6-20dc-4da7-b271-0b7fb7062cb8</uuid>
	    <cpu>
	      <arch>ppc64</arch>
	      <model>POWERPC_e6500</model>
	      <vendor>Freescale</vendor>

2015-02-04  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Fix parsing of nbd:// URI without path
	If a storage file would be backed with a NBD device without path
	(nbd://localhost) libvirt would crash when parsing the backing path for
	the disk as the URI structure's path element is NULL in such case but
	the NBD parser would access it shamelessly.

	tests: virstoragetest: Switch backing chain test to use automatic numbering
	I'm going to add a few test cases so it's the best time to convert the
	test to automatic numbering.

2015-02-04  Luyao Huang  <lhuang@redhat.com>

	conf: Properly report error of unsupported input bus type
	https://bugzilla.redhat.com/show_bug.cgi?id=1188914
	Add a missing jump to the error label in case the input device bus is
	invalid.

	conf: Properly report error when an unsupported chr device name is passed
	Add the missing jump to thje error label. The error message shouldn't
	ever be triggered though as it's called only on pre-selected nodes.

2015-02-04  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	virsh-volume: add support for --reflink
	Add support for --reflink to the virsh 'vol-create-from' and 'vol-clone'
	commands to signify usage of the VIR_STORAGE_VOL_CREATE_REFLINK flag in the
	ensuing virStorageVolCreateXMLFrom API call.
	Updated the man page to describe the new flag.

2015-02-03  Pavel Hrdina  <phrdina@redhat.com>

	virutil: fix MinGW build
	Commit b38da584 introduced two new functions to get a page size but it
	won't work on Windows. We should take care of this.

	virnetdev: fix some issues found by coverity and mingw builds
	Commit e562a61a introduced new function to get/set interface state but
	there was misuse of ATTRIBUTE_NONNULL on non-pointer attributes and also
	we need to wrap that functions by #ifdef to not break mingw build.

2015-02-03  Daniel P. Berrange  <berrange@redhat.com>

	Make tests independant of system page size
	Some code paths have special logic depending on the page size
	reported by sysconf, which in turn affects the test results.
	We must mock this so tests always have a consistent page size.

2015-02-03  Laine Stump  <laine@laine.org>

	util: make virNetDev(Get|Set)IFFlags() static
	e562a61a0739 added these two new helper functions and only used them
	within virnetdev.c, but declared them in the .h file. If some
	currently unsupported interface flags need to be accessed in the
	future, it will make more sense to write the appropriate higher level
	function rather than require us to artificially define IFF_* on some
	mythical platform that doesn't have SIOC[SG]IFFLAGS (and therefore
	doesn't have IFF_*) just so we can call virNetDevSetIFFFlags() to
	return an error.
	To help someone in not going down the wrong road, this patch makes the
	two helper functions static, hopefully making it less likely that
	someone will want to use them outside of virnetdev.c.

2015-01-31  John Ferlan  <jferlan@redhat.com>

	storage: Need to clear pool prior to refreshPool during Autostart
	https://bugzilla.redhat.com/show_bug.cgi?id=1176510
	When storageDriverAutostart is called path virStateReload via a 'service
	libvirtd reload', then because the volume list in the pool wasn't cleared
	prior to the call, each volume would be listed multiple times (as many
	times as we reload). I believe the issue would be introduced by commit
	id '9e093f0b' at least for the libvirtd reload path, although I suppose
	the introduction of virStateReload (commit id '70da0494') could be a
	different cause.
	Thus like other places prior to calling refreshPool, we need to call
	virStoragePoolObjClearVols

2015-01-31  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Don't combine old and modern NUMA node creation
	Change done by commit f309db1f4d51009bad0d32e12efc75530b66836b wrongly
	assumes that qemu can start with a combination of NUMA nodes specified
	with the "memdev" option and the appropriate backends, and the legacy
	way by specifying only "mem" as a size argument. QEMU rejects such
	commandline though:
	$ /usr/bin/qemu-system-x86_64 -S -M pc -m 1024 -smp 2 \
	-numa node,nodeid=0,cpus=0,mem=256 \
	-object memory-backend-ram,id=ram-node1,size=12345 \
	-numa node,nodeid=1,cpus=1,memdev=ram-node1
	qemu-system-x86_64: -numa node,nodeid=1,cpus=1,memdev=ram-node1: qemu: memdev option must be specified for either all or no nodes
	To fix this issue we need to check if any of the nodes requires the new
	definition with the backend and if so, then all other nodes have to use
	it too.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1182467

	qemu: command: Refactor NUMA backend object formatting to use JSON objs
	With the new JSON to argv formatter we are now able to represent the
	memory backend definitions in the JSON object format that is reusable
	for monitor use (hotplug) and then convert it into the shell string.
	This will avoid having two separate instances of the same code that
	would create the different formats.
	Previous refactors now allow to make this step without changes to the
	test suite.

	qemu: command: Switch to bytes when formatting size for memory backends
	QEMU's command line visitor as well as the JSON interface take bytes by
	default for memory object sizes. Convert mebibytes to bytes so that we
	can later refactor the existing code for hotplug purposes.

	qemu: command: Unify values for boolean values when formating memory backends
	QEMU's qapi visitor code allows yes/on/y for true and no/off/n for false
	value of boolean properities. Unify the used style so that we can
	generate it later and fix test cases.

	qemu: command: Shuffle around formating of alias for memory backend objs
	Move the alias as the second formated argument and tweak the tests so
	that a future refactor that will change the order doesn't break tests.

	qemu: Extract code to setup memory backing objects
	Extract the memory backend device code into a separate function so that
	it can be later easily refactored and reused.
	Few small changes for future reusability, namely:
	- new (currently unused) parameter for user specified page size
	- size of the memory is specified in kibibytes, divided up in the
	function
	- new (currently unused) parameter for user specifed source nodeset
	- option to enforce capability check

	qemu: command: Add helper to format -object strings from JSON representation
	Unlike -device, qemu uses a JSON object to add backend "objects" via the
	monitor rather than the string that would be passed on the commandline.
	To be able to reuse code parts that configure backends for various
	devices, this patch adds a helper that will allow generating the command
	line representations from the JSON property object.

	util: json: add helper to iterate JSON object key=value pairs
	This helper eases iterating all key=value pairs stored in a JSON
	object. Usually we pick only certain known keys from a JSON object, but
	this will allow to walk complete objects and have the callback act on
	those.

	util: json: Add functions to convert JSON arrays from/to virBitmaps
	To be able to easily represent nodesets and other data stored in
	virBitmaps in libvirt, this patch introduces a set of helpers that allow
	to convert the bitmap to and from JSON value objects.

	util: bitmap: Add option to allocate bitmap without reporting error
	The virBitmapNew() function reports only OOM errors. Split out the
	internals into a "quiet" function and add a wrapper that reports the
	error.

	util: json: make value object creator universal by supporting adding
	To allow constructing of value objects stepwise explode the helper into
	separate steps and allow appending into existing value objects.

	test: utils: Add helpers for automatic numbering of test cases
	Adding or reordering test cases is usually a pain due to static test
	case names that are then passed to virtTestRun(). To ease the numbering
	of test cases, this patch adds two simple helpers that generate the test
	names according to the order they are run. The test name can be
	configured via the reset function.
	This will allow us to freely add test cases in middle of test groups
	without the need to re-number the rest of test cases.

	conf: numatune: Extract code for requesting memory nodeset from formatting
	Extract the logic to determine which nodeset has to be used for a domain
	from the formatting step so that it can be reused separately when the
	nodeset is used in a different way.

2015-01-30  Michal Privoznik  <mprivozn@redhat.com>

	xend: Don't crash in virDomainXMLDevID
	The function is called from all {Attach,Update,Detach}Device APIs to
	create config strings that are later passed to the xend to perform the
	desired action. The function is intended to handle all supported
	devices. However, as of 5b05358abacb1029fa0d61f72decacf0d4fd8ffb we
	are trying to get disk driver of the device without checking if the
	device really is a disk. This leads to an segmentation fault:
	  #0 0x00007ffff7571815 in virDomainDiskGetDriver () from /usr/lib/libvirt.so.0
	  #1 0x00007fffeb9ad471 in ?? () from /usr/lib/libvirt/connection-driver/libvirt_driver_xen.so
	  #2 0x00007fffeb9b1062 in xenDaemonAttachDeviceFlags () from /usr/lib/libvirt/connection-driver/libvirt_driver_xen.so
	  #3 0x00007fffeb9a8a86 in ?? () from /usr/lib/libvirt/connection-driver/libvirt_driver_xen.so
	  #4 0x00007ffff7609266 in virDomainAttachDevice () from /usr/lib/libvirt.so.0
	  #5 0x0000555555593c9d in ?? ()
	  #6 0x00007ffff76743c9 in virNetServerProgramDispatch () from /usr/lib/libvirt.so.0
	  #7 0x00005555555a678d in ?? ()
	  #8 0x00007ffff755460e in ?? () from /usr/lib/libvirt.so.0
	  #9 0x00007ffff7553b06 in ?? () from /usr/lib/libvirt.so.0
	  #10 0x00007ffff4998b50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
	  #11 0x00007ffff46e30ed in clone () from /lib/x86_64-linux-gnu/libc.so.6
	  #12 0x0000000000000000 in ?? ()
	Reported-by: Xiaolin Su <linxxnil@126.com>

	conf: Don't mangle vcpu placement randomly
	https://bugzilla.redhat.com/show_bug.cgi?id=1170492
	In one of our previous commits (dc8b7ce7) we've done a functional
	change even though it was intended as pure refactor. The problem is,
	that the following XML:
	 <vcpu placement='static' current='2'>6</vcpu>
	 <cputune>
	   <emulatorpin cpuset='1-3'/>
	 </cputune>
	 <numatune>
	   <memory mode='strict' placement='auto'/>
	 </numatune>
	gets translated into this one:
	 <vcpu placement='auto' current='2'>6</vcpu>
	 <cputune>
	   <emulatorpin cpuset='1-3'/>
	 </cputune>
	 <numatune>
	   <memory mode='strict' placement='auto'/>
	 </numatune>
	We should not change the vcpu placement mode. Moreover, we're doing
	something similar in case of emulatorpin and iothreadpin. If they were
	set, but vcpu placement was auto, we've mistakenly removed them from
	the domain XML even though we are able to set them independently on
	vcpus.

2015-01-30  Tony Krowiak  <akrowiak@linux.vnet.ibm.com>

	qemu: change macvtap device options in response to NIC_RX_FILTER_CHANGED
	This patch enables synchronization of the host macvtap
	device options with the guest device's in response to the
	NIC_RX_FILTER_CHANGED event.
	The following device options will be synchronized:
	* PROMISC
	* MULTICAST
	* ALLMULTI

	util: Functions for getting/setting device options
	This patch provides the utility functions needed to synchronize
	the rxfilter changes made to a guest domain with the corresponding
	macvtap devices on the host:
	* Get/set PROMISC flag
	* Get/set ALLMULTI, MULTICAST

2015-01-30  John Ferlan  <jferlan@redhat.com>

	qemu: Don't unconditionally delete file in qemuOpenFileAs
	https://bugzilla.redhat.com/show_bug.cgi?id=1158034
	If we're expecting to create a file somewhere and that fails for some
	reason during qemuOpenFileAs, then we unlink the path we're attempting
	to create leaving no way to determine what the "existing" privileges,
	protections, or labels are that caused the failure (open, change owner
	and group, change mode, etc.).
	Furthermore, if we fall into the path where we'll be opening / creating
	the file using VIR_FILE_OPEN_FORK, we need to first unlink/delete the file
	we created in the first path; otherwise, the attempt by the child process
	to open as some specific user:group may fail because the file was already
	created using nfsnobody:nfsnobody. Again, if we didn't create the file we
	don't want to blindly delete what already exists. Thus, a second reason for
	the original check to set need_unlink to false when we find the file with
	CREAT set, but already existing.

	virfile: Need to check for ENOTCONN from recvfd failure
	A gnulib change (commit id 'beae0bdc') causes ENOTCONN to be returned
	from recvfd which causes us to fall into the throwaway waitpid() call
	and return ENOTCONN to the caller, this then gets displayed during
	a 'virsh save' when using a root squashed NFS environment that's trying
	to save the file as something other than root:root.
	This patch will add the additional check for ENOTCONN to force the code
	into the waitpid loop looking for the actual status from the _exit()'d
	child fork.

	qemu: Adjust EndAsyncJob for qemuDomainSaveInternal error path
	Commit id '540c339a' to fix issues with reference counting and transient
	domains moved the qemuDomainObjEndAsyncJob call prior to the attempt to
	restart the guest CPU's resulting in an error:
	    error: Failed to save domain rhel70 to /tmp/pl/rhel70.save
	    error: internal error: unexpected async job 3
	when (ret != 0) - eg, the error path from qemuDomainSaveMemory.
	This patch will adjust the logic to call the EndAsyncJob only after
	we've tried to restart the guest CPUs. It also needs to adjust the
	test for qemuDomainRemoveInactive to add the ret == 0 condition.
	Additionally, if we get to endjob: because of some error earlier, then
	we need to save that error in the event the CPU restart logic fails.
	We don't want to return the error from CPU restart failure, rather we
	want to return the error from the failed save that caused us to fall
	into the retry to start the CPU logic.

2015-01-29  Michal Privoznik  <mprivozn@redhat.com>

	schemas: Allow all generic elements and attributes for all interfaces
	There are some interface types (notably 'server' and 'client')
	which instead of allowing the default set of elements and
	attributes (like the rest do), try to enumerate only the elements
	they know of. This way it's, however, easy to miss something. For
	instance, the <address/> element was not mentioned at all. This
	resulted in a strange behavior: when such interface was added
	into XML, the address was automatically generated by parsing
	code. Later, the formatted XML hasn't passed the RNG schema. This
	became more visible once we've turned on the XML validation on
	domain XML changes: appending an empty line at the end of
	formatted XML (to trick virsh think the XML had changed) made
	libvirt to refuse the very same XML it formatted.
	Instead of trying to find each element and attribute we are
	missing in the schema, lets just allow all the elements and
	attributes like we're doing that for the rest of types. It's no
	harm if the schema is wider than our parser allows.

	qemu: Add AAVMF to the list of known UEFIs
	Well, even though users can pass the list of UEFI:NVRAM pairs at the
	configure time, we may maintain the list of widely available UEFI
	ourselves too. And as arm64 begin to rises, OVMF was ported there too.
	With a slight name change - it's called AAVMF, with AAVMF_CODE.fd
	being the UEFI firmware and AAVMF_VARS.fd being the NVRAM store file.

	qemu: Allow UEFI paths to be specified at compile time
	Up until now there are just two ways how to specify UEFI paths to
	libvirt. The first one is editing qemu.conf, the other is editing
	qemu_conf.c and recompile which is not that fancy. So, new
	configure option is introduced: --with-loader-nvram which takes a
	list of pairs of UEFI firmware and NVRAM store. This way, the
	compiled in defaults can be passed during compile time without
	need to change the code itself.

2015-01-29  Ján Tomko  <jtomko@redhat.com>

	Fix syntax-check
	My commit 08d1ae1 broke syntax-check by adding ATTRIBUTE_UNUSED
	to the flags parameter.
	Rename the parameter to unused_flags to bypass the check.

	Remove flag checking in MacVLanCreate helper stub
	When compiling without WITH_MACVTAP, we can get:
	'unsupported flags (0x1) in function
	virNetDevMacVLanCreateWithVPortProfile'
	on an attempt to start a domain.
	Remove the flag check to reach the more helpful error:
	Cannot create macvlan devices on this platform
	https://bugzilla.redhat.com/show_bug.cgi?id=1186928

2015-01-29  Peter Krempa  <pkrempa@redhat.com>

	virsh: man: Document behavior of some blkdeviotune's flags when querying
	--live and --config can't be specified together when querying the
	configuration, but are valid when setting. The man page was hinting that
	they are valid always.

	util: bitmap: Tolerate NULL bitmaps in virBitmapEqual
	After virBitmapEqual is able to compare NULL bitmaps few bits of code
	can be cleaned up.

2015-01-29  John Ferlan  <jferlan@redhat.com>

	storage: Check the partition name against provided name
	https://bugzilla.redhat.com/show_bug.cgi?id=1138516
	If the provided volume name doesn't match what parted generated as the
	partition name, then return a failure.
	Update virsh.pod and formatstorage.html.in to describe the 'name' restriction
	for disk pools as well as the usage of the <target>'s <format type='value'>.

	storage: When delete extended partition, need to refresh pool
	When removing a volume that is the extended partition, all the logical
	volume partitions that exist within the extended partition will also be
	removed, so we need to refresh the pool to have the updated list

	storage: Adjust how to refresh extended partition disk data
	During virStorageBackendDiskMakeDataVol processing, if we find an extended
	partition, then handle it specially when updating the capacity/allocation
	rather than calling virStorageBackendUpdateVolInfo.
	As it turns out, once a logical partition exists, any attempt to refresh
	the pool or after libvirtd restart/reload will result in a failure to open
	the extended partition device resulting in the inability to start the pool.
	The downside to this is we will lose the <permissions> and <timestamps> for
	the extended partition upon subsequent restart, refresh, reload since the
	stat() in virStorageBackendUpdateVolTargetInfoFD will not be called. However,
	since it's really only a container and shouldn't directly be used for
	storage that seems reasonable.
	Therefore, only use the existing code that already had a comment about
	getting the allocation wrong for extended partitions for just the setting
	of the extended partition data.

	storage: Fix check for partition type for disk backing volumes
	While checking the existing partitions in virStorageBackendDiskPartFormat,
	the code would erroneously compare the volume target format type (eg, the
	virStoragePartedFsType) rather than the source partition type (eg, the
	virStorageVolTypeDisk) which is set during virStorageBackendDiskReadPartitions.

	storage: Attempt error recovery in virStorageBackendDiskCreateVol
	During virStorageBackendDiskCreateVol if virStorageBackendDiskReadPartitions
	fails, then we were leaving with an error and a partition on the disk for
	which there was no corresponding volume and used space on the disk which
	could be reclaimable through direct parted activity. On a subsequent restart,
	reload, or refresh the volume may magically appear too.

	storage: Move virStorageBackendDiskDeleteVol
	Move the API to before virStorageBackendDiskCreateVol in order to be
	able to call the DeleteVol API when virStorageBackendDiskReadPartitions
	fails so that we don't by chance leave a partition on the disk.

2015-01-29  Pavel Hrdina  <phrdina@redhat.com>

	libvirt.spec: remove vbox storage and network .so files
	Commit 55ea7be7 removed separated modules for vbox_network and
	vbox_storage drivers but forget to update libvirt.spec.in file. This
	patch will fix rpm build.

2015-01-28  Luyao Huang  <lhuang@redhat.com>

	qemu: fix cannot set graphic passwd via qemuDomainSaveImageDefineXML
	https://bugzilla.redhat.com/show_bug.cgi?id=1183890
	When we try to update a xml to a image file, we will clear the
	graphics passwd settings, because we do not pass VIR_DOMAIN_XML_SECURE
	to qemuDomainDefCopy, qemuDomainDefFormatBuf won't format the passwd.
	Add VIR_DOMAIN_XML_SECURE flag when we call qemuDomainDefCopy
	in qemuDomainSaveImageUpdateDef.

2015-01-28  Ján Tomko  <jtomko@redhat.com>

	hotplug: only add a chardev to vmdef after monitor call
	https://bugzilla.redhat.com/show_bug.cgi?id=1161024
	This way the device is in vmdef only if ret = 0 and the caller
	(qemuDomainAttachDeviceFlags) does not free it.
	Otherwise it might get double freed by qemuProcessStop
	and qemuDomainAttachDeviceFlags if the domain crashed
	in monitor after we've added it to vm->def.

	Split qemuDomainChrInsert into two parts
	Do the allocation first, then add the actual device.
	The second part should never fail. This is good
	for live hotplug where we don't want to remove the device
	on OOM after the monitor command succeeded.
	The only change in behavior is that on failure, the
	vmdef->consoles array is freed, not just the first console.

2015-01-27  Daniel P. Berrange  <berrange@redhat.com>

	lxc: report veth device indexes to systemd
	Record the index of each host-side veth device created and report
	them to systemd, so they show up in machinectl status for the VM.
	lxc-shell(95449419f969d649d9962566ec42af7d)
	     Since: Fri 2015-01-16 16:53:37 GMT; 3s ago
	    Leader: 28085 (sh)
	   Service: libvirt-lxc; class container
	     Iface: vnet0
	   Address: fe80::216:3eff:fe00:c317%124
	        OS: Fedora 21 (Twenty One)
	      Unit: machine-lxc\x2dshell.scope
	            └─28085 /bin/sh

	lxc: more logging during startup paths
	Add more logging to the lxc controller and container files to
	facilitate debugging startup problems. Also make it clear when
	the container is going to close stdout and thus no longer do
	any logging.

	lxc: delay setup of cgroup until we have the init pid
	Don't create the cgroups ahead of launching the container since
	there is no need for the limits to apply during initial bootstrap.
	Create the cgroup after the container PID is known and tell
	systemd the initpid is the leader, instead of the controller
	pid.

	lxc: only write XML once for lxc controller
	Currently when launching the LXC controller we first write out
	the plain, inactive XML configuration, then launch the controller,
	then replace the file with the live status XML configuration.
	By good fortune this hasn't caused any problems other than some
	misleading error messages during failure scenarios.
	This simplifies the code so it only writes out the XML once and
	always writes the live status XML. To do this we need to handshake
	with the child process, to make execution pause just before exec()
	so we can write the XML status with the child PID present.

	lxc: re-arrange startup synchronization sequence with controller
	Currently the lxc controller process itself is responsible for
	daemonizing itself into the background and writing out its pid
	file. The lxc driver would fork the controller and then attempt
	to connect to the lxc monitor. This connection would only
	succeed after the controller has backgrounded itself, setup
	cgroups and written its pid file, so startup was race free.
	The problem is that we need to delay create of the cgroups to
	much later, such that we can tell systemd the container init
	pid when we create the cgroups. If we delay cgroup creation
	though the current synchronization won't work.
	A second problem is that the controller needs the XML config
	of the guest. Currently we write out the plain virDomainDefPtr
	XML before starting the controller, and then later replace it
	with the full virDomainObjPtr status XML. This is kind of gross
	and also means that the controller doesn't get a record of the
	live XML config right away. This means it doesn't have a record
	of the veth device names either and so can't give that info
	to systemd when creating the cgroups.
	To address this we change the startup sequencing. The goal
	is that we want to get the PID as soon as possible, before
	the LXC controller even starts. So we stop letting the LXC
	controller daemonize itself, and instead use virCommand's
	built-in capabilities. This daemonizes and writes the PID
	before LXC controller is exec'd. So the driver can read
	the PID as soon as virCommandRun returns. It is no longer
	safe to connect to the monitor or detect the cgroups though.
	Fortunately the LXC controller already has a second point
	of synchronization. Immediately before its  event loop
	starts running, it performs a handshake with the driver.
	So we move the opening of the monitor connection and cgroup
	detection after this synchronization point.

	lxc: don't build pidfile string multiple times
	Build the pidfile string once when starting a guest and then
	use the same string thereafter. This will benefit following
	patches which need the pidfile string in more situations.

	systemd: don't report an error if the guest is already terminated
	In many cases where we invoke virSystemdTerminateMachine the
	process(es) will have already gone away on their own accord.
	In these cases we log an error message that the machine does
	not exist. We should catch this particular error and simply
	ignore it, so we don't pollute the logs.

	qemu: report TAP device indexes to systemd
	Record the index of each TAP device created and report them to
	systemd, so they show up in machinectl status for the VM.

2015-01-27  Ján Tomko  <jtomko@redhat.com>

	Fix shadowed variable warning
	libvirtd.c: In function 'daemonSetupAccessManager':
	libvirtd.c:730:18: error: declaration of 'driver' shadows
	  a global declaration [-Werror=shadow]
	     const char **driver = (const char **)config->access_drivers;
	                  ^
	In file included from libvirtd.c:95:0:
	../src/node_device/node_device_driver.h:43:36: error: shadowed
	  declaration is here [-Werror=shadow]
	 extern virNodeDeviceDriverStatePtr driver;
	                                    ^

2015-01-27  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	storage: add a flag to clone files on btrfs
	When creating a RAW file, we don't take advantage
	of clone of btrfs.
	Add a VIR_STORAGE_VOL_CREATE_REFLINK flag to request
	a reflink copy.

	storage: introduce btrfsCloneFile() for COW copy
	Add a wrapper for BTRFS_IOC_CLONE ioctl.

2015-01-27  Daniel P. Berrange  <berrange@redhat.com>

	Removing probing of secondary drivers
	For stateless, client side drivers, it is never correct to
	probe for secondary drivers. It is only ever appropriate to
	use the secondary driver that is associated with the
	hypervisor in question. As a result the ESX & HyperV drivers
	have both been forced to do hacks where they register no-op
	drivers for the ones they don't implement.
	For stateful, server side drivers, we always just want to
	use the same built-in shared driver. The exception is
	virtualbox which is really a stateless driver and so wants
	to use its own server side secondary drivers. To deal with
	this virtualbox has to be built as 3 separate loadable
	modules to allow registration to work in the right order.
	This can all be simplified by introducing a new struct
	recording the precise set of secondary drivers each
	hypervisor driver wants
	struct _virConnectDriver {
	    virHypervisorDriverPtr hypervisorDriver;
	    virInterfaceDriverPtr interfaceDriver;
	    virNetworkDriverPtr networkDriver;
	    virNodeDeviceDriverPtr nodeDeviceDriver;
	    virNWFilterDriverPtr nwfilterDriver;
	    virSecretDriverPtr secretDriver;
	    virStorageDriverPtr storageDriver;
	};
	Instead of registering the hypervisor driver, we now
	just register a virConnectDriver instead. This allows
	us to remove all probing of secondary drivers. Once we
	have chosen the primary driver, we immediately know the
	correct secondary drivers to use.

	don't disable state driver when libvirtd is not built
	A bunch of code is wrapped in #if WITH_LIBVIRTD in order to
	enable the virStateDriver to be disabled when libvirtd is not
	built. Disabling this code doesn't have any real functional
	benefit beyond removing 1 pointer from the virConnectPtr struct,
	while having a cost of many more conditionals.

	Remove all secondary driver private data fields
	Now all drivers are converted to use their global state
	directly, there is no need for private data fields for
	the secondary drivers in virConnectPtr

	Remove use of interfacePrivateData from udev driver
	The udev driver can be implemented using global state instead
	of the connect private data.

	Remove use of nodeDevicePrivateData from nodeDev driver
	The node device driver can rely on its global state instead
	of the connect private data.

	Remove use of storagePrivateData/networkPrivateData from vbox
	The vbox driver can use the main hypervisor private data and
	so does not need to use the storage/network private data fields.

	Remove use of nwfilterPrivateData from nwfilter driver
	The nwfilter driver can rely on its global state instead
	of the connect private data.

	Remove use of secretPrivateData from secret driver
	The secret driver can rely on its global state instead
	of the connect private data.

2015-01-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix job handling in qemuDomainSetMetadata
	The code modifies the domain configuration but doesn't take a MODIFY
	type job to do so.

	qemu: Fix job type in qemuDomainGetBlockIoTune
	The function just queries status so there's no need for a MODIFY type
	job.

	qemu: Fix job handling in qemuDomainSetSchedulerParametersFlags
	The code modifies the domain configuration but doesn't take a MODIFY
	type job to do so.

	qemu: Fix job handling in qemuDomainSetMemoryParameters
	The code modifies the domain configuration but doesn't take a MODIFY
	type job to do so.

	qemu: Fix job handling in qemuDomainSetAutostart
	The code modifies the domain configuration but doesn't take a MODIFY
	type job to do so.
	This patch also fixes a few very long lines of code around the touched
	parts.

	qemu: Fix job handling in qemuDomainPinEmulator
	The code modifies the domain configuration but doesn't take a MODIFY
	type job to do so.

	qemu: Fix job handling in qemuDomainPinVcpuFlags
	The domain modifies the domain configuration but doesn't take a MODIFY
	type job to do it.

	Post-release version bump for new dev cycle

2015-01-27  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.12
	* docs/news.html.in libvirt.spec.in: updated for the release
	* po/*.po*: regenerated the po

2015-01-27  Michal Privoznik  <mprivozn@redhat.com>

	tests: Check for virQEMUDriverConfigNew return value
	The function may return NULL if something went wrong. In some places
	in the tests we are not checking the return value rather than
	accessing the pointer directly resulting in SIGSEGV.

2015-01-26  Ján Tomko  <jtomko@redhat.com>

	Fix a memory leak in virCgroupGetPercpuStats
	Coverity reports that my commit af1c98e introduced
	two memory leaks:
	the cpumap if ncpus == 0 in virCgroupGetPercpuStats
	and the params array in the test of the function.

	Use correct location for qcow1 encryption header
	After the 8-byte size header, there are two one-byte headers
	and two bytes of padding before the crypt_header field.
	Our QCOW1_HDR_CRYPT constant did not skip the padding.
	http://git.qemu.org/?p=qemu.git;a=blob;f=block/qcow.c;h=ece22697#l41
	https://bugzilla.redhat.com/show_bug.cgi?id=1185165

2015-01-26  Daniel P. Berrange  <berrange@redhat.com>

	systemd: avoid string comparisons on dbus error messages
	Add a virDBusErrorIsUnknownMethod helper so that callers
	don't need todo string comparisons themselves to detect
	standard error names.

	systemd: fix build without dbus
	The virDBusMethodCall method has a DBusError as one of its
	parameters. If the caller wants to pass a non-NULL value
	for this, it immediately makes the calling code require
	DBus at build time. This has led to breakage of non-DBus
	builds several times. It is desirable that only the virdbus.c
	file should need WITH_DBUS conditionals, so we must ideally
	remove the DBusError parameter from the method.
	We can't simply raise a libvirt error, since the whole point
	of this parameter is to give the callers a way to check if
	the error is one they want to ignore, without having the logs
	polluted with an error message. So, we add a virErrorPtr
	parameter which the caller can then either ignore or raise
	using the new virReportErrorObject method.
	This new method is distinct from virSetError in that it
	ensures the logging hooks are run.

2015-01-23  Richard W.M. Jones  <rjones@redhat.com>

	aarch64: Support versioned machine types.
	For distros that want to add versioned machine types, they will add
	(downstream) machine types like "virt-foo-1.2.3".  Detect these as
	MMIO too.

2015-01-23  Erik Skultety  <eskultet@redhat.com>

	qemu: Add check for PCI bridge placement if there are too many PCI devices
	Previous patch of this series fixed the issue with adding a new PCI bridge
	when all the slots were reserved by devices with user specified addresses.
	In case there are still some PCI devices waiting to get a slot reserved
	by qemuAssignDevicePCISlots, this means a new bus needs to be
	created along with a corresponding bridge controller. By adding an
	additional check, this scenario now results in a reasonable error
	instead of generating wrong qemu command line.

	qemu: Fix auto-adding PCI bridge when all slots are reserved
	Commit 93c8ca tried to fix the issue with auto-adding of a PCI bridge
	controller, but didn't work properly in all scenarios.
	This patch provides a better fix of the issue when all slots on a PCI bus
	are reserved by devices with user specified addresses and no additional
	bridges need to be created.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1132900

	qemu: move PCI slot assignment for PIIX3, Q35 into a separate function
	In order to be able to test for fully reserved PCI buses, assignment of
	PCI slots for integrated devices needs to be moved to a separate function.
	This also might be a good preparation if we decide to add support for
	other chipsets as well.

	qemu: reorder PCI slot assignment functions
	Move qemuDomainAssignPCIAddresses after the definition
	of the static function qemuDomainValidateDevicePCISlotsQ35.
	This lets us define a new static function using
	qemuDomainValidateDevicePCISlots* and use it in
	qemuDomainAssignPCIAddresses without a forward declaration.

2015-01-23  Peter Krempa  <pkrempa@redhat.com>

	schemas: Move definition of 'hexuint' to basictypes
	Allow reuse of the type.

	util: json: Make argument of virJSONValueArraySize const
	The function doesn't allow to modify the array in any way, thus the
	argument can be const.

	qemu: command: Honor const-correctnes in qemuBuildNumaArgStr
	@def is modified in the function indirectly although it's marked as
	const.

	conf: Fix comment mentioning actual type of @multi member of virDevicePCIAddress
	After refactor to use the virTristateSwitch enum the comment in the
	struct was not adjusted.

2015-01-23  Mike Latimer  <mlatimer@suse.com>

	Grant access to helpers
	Apparmor must not prevent access to required helper programs. The following
	helpers should be allowed to run in unconfined execution mode:
	 - libvirt_parthelper
	 - libvirt_iohelper

	Fix apparmor issues for tck
	The network and nwfilter tests contained in the libvirt-TCK testkit can fail
	unless access to raw network packets is granted. Without this access, the
	following apparmor error can be seen while running the tests:
	  apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/libvirtd"
	  pid=94731 comm="libvirtd" family="packet" sock_type="raw" protocol=768

	Fix apparmor issues for Xen
	In order for apparmor to work properly in Xen environments, the following
	access rights need to be allowed:
	 - Allow CAP_SYS_PACCT, which is required when resetting some multi-port
	   Broadcom cards by writting to the PCI config space
	 - Allow CAP_IPC_LOCK, which is required to lock/unlock memory. Without
	   this setting, an error 'Resource temporarily unavailable' can be seen
	   while attempting to mmap memory. At the same time, the following
	   apparmor message is seen:
	   apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/libvirtd"
	   pid=2097 comm="libvirtd" pid=2097 comm="libvirtd" capability=14
	   capname="ipc_lock"
	 - Allow access to distribution specific directories:
	     /usr/{lib,lib64}/xen/bin

2015-01-23  Erik Skultety  <eskultet@redhat.com>

	conf: virDomainDefMaybeAddController tweak return code
	Previously the function returned either -1 in case of an error or 0 on
	success. However, we should also distinguish between a case we
	successfully added a controller and a case there wasn't a need to add any
	controller

	qemu: Remove dead code in qemuDomainAssignPCIAddresses revert patch
	As it turned out, fix of dead code 419a22 changed the affected condition
	from "never true" to "always true", so better fix would be to change the
	return code of virDomainMaybeAddController from 0 to 1 if
	a new bridge has been added, thus distinguishing case when we didn't need to
	add any controller and case we successfully added one.
	The return code is changed in the next commit

2015-01-23  Ján Tomko  <jtomko@redhat.com>

	Fix build with older gcc
	My commit af1c98e4 broke the build on RHEL-6:
	vircgrouptest.c: In function 'testCgroupGetPercpuStats':
	vircgrouptest.c:566: error: nested extern declaration of
	'_gl_verify_function2' [-Wnested-externs]
	The only thing that needs checking is that the array size
	is at least EXPECTED_NCPUS, to prevent access beyond the array.
	We can ensure the minimum size also by specifying the array
	size upfront.

2015-01-23  Pavel Hrdina  <phrdina@redhat.com>

	esx_vi: fix possible segfault
	Clang found possible dereference of NULL pointer which is right.
	Function 'esxVI_LookupTaskInfoByTask' should find a task info. The issue
	is that we could return 0 and leave 'taksInfo' pointer NULL because if
	there is no match we simply end the search loop end set 'result' to 0.
	Every caller count on the fact that if the return value is 0 than it's
	safe to dereference 'taskInfo'. We should return 0 only in case we found
	something and the '*taskInfo' is not NULL.

	xenapi_driver: fix copy-paste typo
	Clang found that we are passing variable with wrong enum type to
	'xenapiCrashExitEnum2virDomainLifecycle' function. This is probably
	copy-paste typo as the correct variable exists in the code, but it isn't
	used.

2015-01-23  Ján Tomko  <jtomko@redhat.com>

	Fix virCgroupGetPercpuStats with non-continuous present CPUs
	Per-cpu stats are only shown for present CPUs in the cgroups,
	but we were only parsing the largest CPU number from
	/sys/devices/system/cpu/present and looking for stats even for
	non-present CPUs.
	This resulted in:
	internal error: cpuacct parse error

2015-01-22  Peter Krempa  <pkrempa@redhat.com>

	CVE-2015-0236: qemu: Check ACLs when dumping security info from snapshots
	The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
	appropriate permission for it. Found via code inspection while fixing
	permissions for save images.

	CVE-2015-0236: qemu: Check ACLs when dumping security info from save image
	The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
	appropriate permission for it.

2015-01-22  Luyao Huang  <lhuang@redhat.com>

	qemu: output error when try to hotplug unsupported console type
	https://bugzilla.redhat.com/show_bug.cgi?id=1164627
	When using 'virsh attach-device' to hotplug an unsupported console type
	into a qemu guest the attachment would succeed as the command line
	formatter didn't report error in such case.

2015-01-21  Ján Tomko  <jtomko@redhat.com>

	qemu: format server interface without a listen address
	https://bugzilla.redhat.com/show_bug.cgi?id=1130390
	The listen address is not mandatory for <interface type='server'>
	but when it's not specified, we've been formatting it as:
	-netdev socket,listen=(null):5558,id=hostnet0
	which failed with:
	Device 'socket' could not be initialized
	Omit the address completely and only format the port in the listen
	attribute.
	Also fix the schema to allow specifying a model.

2015-01-21  Jim Fehlig  <jfehlig@suse.com>

	tests: fix xlconfigtest build failure
	When libvirt is configured --without-xen, building the xlconfigtest
	fails with
	  CCLD   xlconfigtest
	  /usr/lib/gcc/x86_64-linux-gnu/4.7/../../../x86_64-linux-gnu/crt1.o
	  In function `_start': (.text+0x20): undefined reference to `main'
	  collect2: error: ld returned 1 exit status
	Introduced in commit 4ed5fb91 by too much copy and paste from
	xmconfigtest.

2015-01-20  Ján Tomko  <jtomko@redhat.com>

	Fix virCgroupNewMachine prototype on non-Linux
	Commit 318df5a changed the prototype of virCgroupNewMachine
	without adjusting the stub function for platforms without
	cgroups.

2015-01-20  Josh Stone  <jistone@redhat.com>

	network: Let domains be restricted to local DNS
	This adds a new "localOnly" attribute on the domain element of the
	network xml.  With this set to "yes", DNS requests under that domain
	will only be resolved by libvirt's dnsmasq, never forwarded upstream.
	This was how it worked before commit f69a6b987d616, and I found that
	functionality useful.  For example, I have my host's NetworkManager
	dnsmasq configured to forward that domain to libvirt's dnsmasq, so I can
	easily resolve guest names from outside.  But if libvirt's dnsmasq
	doesn't know a name and forwards it to the host, I'd get an endless
	forwarding loop.  Now I can set localOnly="yes" to prevent the loop.

2015-01-19  Gary R Hook  <grhookatwork@gmail.com>

	Make ZFS storage pool XML tests optional
	Do not run ZFS tests when ZFS is unsupported in the environment.
	The recent patch b4af40226d09adeaf9e33a1d6594c4e8ce7f771d adds tests
	to storagepoolxml2xmltest for the optional ZFS feature. When ZFS is
	not included in the configuration these tests should not / cannot be
	run. Modify the test source file to check for use of the feature and
	compile in the tests accordingly.

2015-01-19  Martin Kletzander  <mkletzan@redhat.com>

	docs: Fix docs about python bindings package
	Since the day we removed python bindings from the core repository, the
	documentation was missing that information.
	Reported-by: Lingyu Zhu <lynuszhu@gmail.com>

2015-01-19  Ján Tomko  <jtomko@redhat.com>

	qemu_conf: check for duplicate security drivers
	Using the same driver multiple times is pointless and
	it can result in confusing errors:
	$ virsh start test
	error: Failed to start domain test
	error: internal error: security label already defined for VM
	https://bugzilla.redhat.com/show_bug.cgi?id=1153891

	Always check return value of qemuDomainObjExitMonitor
	Depending on the context, either error out if the domain
	has disappeared in the meantime, or just ignore the value
	to allow marking the function as ATTRIBUTE_RETURN_CHECK.

	Fix vmdef usage after domain crash in monitor on device attach
	https://bugzilla.redhat.com/show_bug.cgi?id=1161024
	If the domain crashed while we were in monitor,
	we cannot rely on the REALLOC done on live definition,
	since vm->def now points to the persistent definition.
	Skip adding the attached devices to domain definition
	if the domain crashed.
	In AttachChrDevice, the chardev was already added to the
	live definition and freed by qemuProcessStop in the case
	of a crash. Skip the device removal in that case.
	Also skip audit if the domain crashed in the meantime.

	Fix vmdef usage after domain crash in monitor on device detach
	https://bugzilla.redhat.com/show_bug.cgi?id=1161024
	In the device type-specific functions, exit early
	if the domain has disappeared, because the cleanup
	should have been done by qemuProcessStop.
	Check the return value in processDeviceDeletedEvent
	and qemuProcessUpdateDevices.
	Skip audit and removing the device from live def because
	it has already been cleaned up.

	Simplify condition for formatting CPU features
	Commit adff345 added support for features to MODE_HOSTPASSTHROUGH
	as well. Since we support all modes now, the condition can be
	eliminated.

	Add an XML test for host-model CPU with features
	This was broken in a dowstream build due to a missing backport:
	https://bugzilla.redhat.com/show_bug.cgi?id=1182448

2015-01-17  Anthony PERARD  <anthony.perard@citrix.com>

	libxl: Set path to console on domain startup.
	The path to the pty of a Xen PV console is set only in
	virDomainOpenConsole. But this is done too late. A call to
	virDomainGetXMLDesc done before OpenConsole will not have the path to
	the pty, but a call after OpenConsole will.
	e.g. of the current issue.
	Starting a domain with '<console type="pty"/>'
	Then:
	virDomainGetXMLDesc():
	  <devices>
	    <console type='pty'>
	      <target type='xen' port='0'/>
	    </console>
	  </devices>
	virDomainOpenConsole()
	virDomainGetXMLDesc():
	  <devices>
	    <console type='pty' tty='/dev/pts/30'>
	      <source path='/dev/pts/30'/>
	      <target type='xen' port='0'/>
	    </console>
	  </devices>
	The patch intend to have the TTY path on the first call of GetXMLDesc.
	This is done by setting up the path at domain start up instead of in
	OpenConsole.
	https://bugzilla.redhat.com/show_bug.cgi?id=1170743

2015-01-17  Daniel P. Berrange  <berrange@redhat.com>

	Conditionalize use of -Wno-suggest-attribute=format pragma
	Many GCC versions don't understand -Wno-suggest-attribute=format
	so the pragma must only be used when supported

2015-01-17  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Coverity fix: properly check for 0 ipv6 address.

2015-01-16  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: create container from existing image
	It's possible to create a container with existing
	disk image as root filesystem. You need to remove
	existing disks from PCS VM config and then add a new
	one, pointing to your image. And then call PrlVm_RegEx
	with PRNVM_PRESERVE_DISK flag.
	With this patch you can create such container with
	something like this for new domain XML config:
	    <filesystem type='file' accessmode='passthrough'>
	      <driver type='ploop' format='ploop'/>
	      <source file='/path-to-image'/>
	      <target dir='/'/>
	    </filesystem>

	parallels: allow to add filesystems to container
	Handle information about filesystems in domain config
	and add corresponding devices to container via
	parallels sdk.

	parallels: commit with PVCF_DETACH_HDD_BUNDLE flag
	PCS removes disk image from filesystem, if you remove it
	from config. There is a special flag PVCF_DETACH_HDD_BUNDLE
	which allow to remove disk only from VM/CT config.
	If you call virDomainDefine and remove some disk from
	config it should be preserved, so call PrlVm_CommitEx
	always with flag PVCF_DETACH_HDD_BUNDLE.

	parallels: dump info about container filesystems
	Obtain information about container's filesystems and
	store it in virDomainDef structure.

	add ploop fs driver type
	Ploop is a pseudo device which makeit possible to access
	to an image in a file as a block device. Like loop devices,
	but with additional features, like snapshots, write tracker
	and without double-caching.
	It used in PCS for containers and in OpenVZ. You can manage
	ploop devices and images with ploop utility
	(http://git.openvz.org/?p=ploop).

2015-01-16  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Add support for enabling/disabling PMU
	This is used as a boolean parameter for the '-cpu' option.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178853

	docs, schema, conf: Add support for PMU feature
	Just a new feature that can be turned on/off.
	https://bugzilla.redhat.com/show_bug.cgi?id=1178853

2015-01-16  John Ferlan  <jferlan@redhat.com>

	network: Resolve Coverity FORWARD_NULL
	Commit id 'ca481a6f' added virNetworkRouteDefFree which may be called
	in an error path from lxcAddNetworkRouteDefinition with 'route = NULL'.
	So just add the (!def) at the top to resolve.

2015-01-16  Daniel P. Berrange  <berrange@redhat.com>

	virsh: add support for domain XML validation
	The 'virsh edit' command gets XML validation enabled by default,
	with a --skip-validate option to disable it. The 'virsh define'
	and 'virsh create' commands get a --validate option to enable
	it, to avoid regressions for existing scripts.
	The quality of error reporting from libxml2 varies depending
	on the type of XML error made. Sometimes it is quite clear
	and useful, other times it is obscure & inaccurate. At least
	the user will see an error now, rather than having their
	XML modification silently disappear.

2015-01-16  Erik Skultety  <eskultet@redhat.com>

	Add XML test for too many PCI devices on default PCI bus

	Remove dead code in qemuDomainAssignPCIAddresses
	We tested for positive return value from virDomainMaybeAddController,
	but it returns 0 or -1 only resulting in a dead code.

	qemu: Tweak auto adding PCI bridge controller when extending default PCI bus
	In case we find out, there are more PCI devices to be connected
	than there are available slots on the default PCI bus, we automatically add a
	new bus and a related PCI bridge controller as well. As there are no free slots
	left on the default PCI bus, PCI bridge controller gets a free slot on a
	newly created PCI bus which causes qemu to refuse to start the guest.
	This fix introduces a new function qemuDomainPCIBusFullyReserved which
	is checked right before we possibly try to reserve a slot for PCI bridge
	controller.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1132900

2015-01-16  John Ferlan  <jferlan@redhat.com>

	domain_conf: Check errors from virSocketAddrFormat
	Commit id 'aa2cc721' added calls to virSocketAddrFormat but did not
	check for a NULL (error) return which could lead to bad output
	in the XML file.  Need to check for NULL return and cause failure.

	domain_conf: Resolve Coverity RESOURCE_LEAK
	Commit id 'aa2cc721' added call to virSocketAddrFormat
	and did not VIR_FREE() the returned memory.

2015-01-16  Cédric Bosdonnat  <cbosdonnat@suse.com>

	virSocketAddrGetIpPrefix 0.0.0.0 and :: special cases
	If 0.0.0.0  or :: address is provided, then the returned prefix should
	be 0, for the default address.

	Use the network route definitions for domains

	Move code related to network routes to networkcommon_conf.[ch]
	Moving code for parsing and formatting network routes to
	networkcommon_conf helps reusing those routes for domains. The route
	definition has been hidden to help reducing the number of unnecessary
	checks in the format function.

	Move network route definition to networkcommon.rng
	Moving network route to the network common schema will allow reusing it.

	Fix ipv6 regex in RNG schemas to match '::'

2015-01-16  Michal Privoznik  <mprivozn@redhat.com>

	virNetworkDefUpdateIPDHCPHost: Don't crash when updating network
	https://bugzilla.redhat.com/show_bug.cgi?id=1182486
	When updating a network and adding new ip-dhcp-host entry, the deamon
	may crash. The problem is, we iterate over existing <host/> entries
	trying to compare MAC addresses to see if there's already an existing
	rule. However, not all entries are required to have MAC address. For
	instance, the following is perfectly valid entry:
	<host id='00:04:58:fd:e4:15:1b:09:4c:0e:09:af:e4:d3:8c:b8:ca:1e'
	name='redhatipv6.redhat.com' ip='2001:db8:ca2:2::119'/>
	When the checking loop iterates over this, the entry's MAC address is
	accessed directly. Well, the fix is obvious - check if the address is
	defined before trying to compare it.

2015-01-16  Daniel P. Berrange  <berrange@redhat.com>

	Add support for schema validation when passing in XML
	The virDomainDefineXMLFlags and virDomainCreateXML APIs both
	gain new flags allowing them to be told to validate XML.
	This updates all the drivers to turn on validation in the
	XML parser when the flags are set

2015-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Add virXMLValidateAgainstSchema helper method
	Add a helper method that can validate an XML document against
	an RNG schema

	Change int to size_t in size var for tap/vhost FDs
	A number of methods take an int for a parameter that indicates
	the size of an array. The correct type for array sizes is
	size_t

	Log dtrace/systemd probes at INFO level instead of DEBUG
	Every dtrace/systemd probe also include a libvirt log message.
	These are logged at level DEBUG currently, which means if you
	want to see all probes they are drowned by the rest of the
	DEBUG messages. Since we don't really use the INFO log level
	for much, it seems reasonable to suggest we log all probes at
	level INFO.

	Add systemd/dtrace probes for DBus APIs
	When debugging libvirt it is helpful to set probes around RPC
	calls. We already have probes for libvirt's native RPC layer,
	so it makes sense to add them for the DBus RPC layer too.

	Add support for systemd-machined CreateMachineWithNetwork
	systemd-machined introduced a new method CreateMachineWithNetwork
	that obsoletes CreateMachine. It expects to be given a list of
	VETH/TAP device indexes for the host side device(s) associated
	with a container/machine.
	This falls back to the old CreateMachine method when the new
	one is not supported.

2015-01-15  Luyao Huang  <lhuang@redhat.com>

	qemu: free priv->origname when qemuMigrationPrepareAny fails
	https://bugzilla.redhat.com/show_bug.cgi?id=1181182
	When we meet error in qemuMigrationPrepareAny and goto
	cleanup with rc < 0, we forget clear the priv->origname and this
	will make this vm migrate fail next time because leave a wrong
	origname in  priv, and will Generate a wrong cookie when do
	migrate next time.
	This patch will make priv->origname is NULL when migrate fail
	in target host.

2015-01-15  Ján Tomko  <jtomko@redhat.com>

	Fix vmdef usage while in monitor in qemu process
	Make local copy of the disk alias in qemuProcessInitPasswords,
	instead of referencing the one in domain definition, which
	might get freed if the domain crashes while we're in monitor.
	Also copy the memballoon period value.

	Fix vmdef usage while in monitor in BlockStat* APIs
	Make a local copy of the disk alias instead of pointing
	to the domain definition, which might get freed if
	the domain dies while we're in monitor.
	Also exit early if that happens.

	Fix vmdef usage while in monitor in qemuDomainHotplugVcpus
	Exit the monitor right after we've done with it to get
	the virDomainObjPtr lock back, otherwise we might be accessing
	vm->def while it's being cleaned up by qemuProcessStop.
	If the domain crashed while we were in the monitor, exit
	early instead of changing vm->def which is now the persistent
	definition.

	Mark the domain as active in qemuhotplugtest
	This will allow us to call qemuDomainObjIsActive() in
	the tested functions to check if the domain has crashed.

	Check for domain liveness in qemuDomainObjExitMonitor
	The domain might disappear during the time in monitor when
	the virDomainObjPtr is unlocked, so the caller needs to check
	if it's still alive.
	Since most of the callers are going to need it, put the
	check inside qemuDomainObjExitMonitor and return -1 if
	the domain died in the meantime.

2015-01-15  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	check IOMMU group devices usage when preparing device for vfio passthrough
	The virsh start <domain> fails with qemu error when the hostdevices of the
	same iommu group are used actively by other vms. It is not clear which
	hostdev from the same iommu group is used by any of the running guests.
	User has to go through every guest xml to figure out who is using the
	hostdev of same iommu group.
	Solution:
	Iterate the iommu group of the hostdev and error our neatly in case a
	device in the same iommu group is busy. Reattach code also does the same
	kind of check, remove duplicate code as well.

	virpci: Implement virPCIDeviceGetAddress function
	Basically a getter function which is implemented for accessing the
	address fields in virPCIDevice.

2015-01-14  Kiarie Kahurani  <davidkiarie4@gmail.com>

	libxl: Add support for parsing/formating Xen XL config
	Now that xenconfig supports parsing and formatting Xen's
	XL config format, integrate it into the libxl driver's
	connectDomainXML{From,To}Native functions.

	tests: Tests for the xen-xl parser
	Add disk and spice config tests for the xen_xl config parser

2015-01-14  Jim Fehlig  <jfehlig@suse.com>

	Introduce support for parsing/formatting Xen xl config format
	Introduce a parser/formatter for the xl config format.  Since the
	deprecation of xm/xend, the VM config file format has diverged as
	new features are added to libxl.  This patch adds support for parsing
	and formating the xl config format.  It supports the existing xm config
	format, plus adds support for spice graphics and xl disk config syntax.
	Disk config is specified a bit differently in xl as compared to xm.  In
	xl, disk config consists of comma-separated positional parameters and
	keyword/value pairs separated by commas. Positional parameters are
	specified as follows
	   target, format, vdev, access
	Supported keys for key=value options are
	  devtype, backendtype
	The positional paramters can also be specified in key/value form.  For
	example the following xl disk config are equivalent
	    /dev/vg/guest-volume,,hda
	    /dev/vg/guest-volume,raw,hda,rw
	    format=raw, vdev=hda, access=rw, target=/dev/vg/guest-volume
	See $xen_sources/docs/misc/xl-disk-configuration.txt for more details.
	xl disk config is parsed with the help of xlu_disk_parse() from
	libxlutil, libxl's utility library.  Although the library exists
	in all Xen versions supported by the libxl virt driver, only
	recently has the corresponding header file been included.  A check
	for the header is done in configure.ac.  If not found, xlu_disk_parse()
	is declared externally.

2015-01-14  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: detect updated video ram size values from QEMU
	QEMU internally updates the size of video memory if the domain XML had
	provided too low memory size or there are some dependencies for a QXL
	devices 'vgamem' and 'ram' size. We need to know about the changes and
	store them into the status XML to not break migration or managedsave
	through different libvirt versions.
	The values would be loaded only if the "vgamem_mb" property exists for
	the device.  The presence of the "vgamem_mb" also tells that the
	"ram_size" and "vram_size" exists for QXL devices.

	qemu_monitor: introduce new function to get QOM path
	The search is done recursively only through QOM object that has a type
	prefixed with "child<" as this indicate that the QOM is a parent for
	other QOM objects.
	The usage is that you give known device name with starting path where to
	search.

	qemu_driver: fix setting vcpus for offline domain
	Commit e3435caf fixed hot-plugging of vcpus with strict memory pinning
	on NUMA hosts, but unfortunately it also broke updating number of vcpus
	for offline guests using our API.
	The issue is that we try to create a cpu cgroup for non-running guest
	which fails as there are no cgroups for that domain. We should create
	cgroups and update cpuset.mems only if we are hot-plugging.

2015-01-14  Michal Privoznik  <mprivozn@redhat.com>

	qemu, lxc: Warn if setting QoS on unsupported vNIC types
	https://bugzilla.redhat.com/show_bug.cgi?id=1165993
	So, there are still plenty of vNIC types that we don't know how to set
	bandwidth on. Let's warn explicitly in case user has requested it
	instead of pretending everything was set.

2015-01-14  Shanzhi Yu  <shyu@redhat.com>

	qemu: snapshot: inactive external snapshot can't work after libvirtd restart
	When create inactive external snapshot, after update disk definitions,
	virDomainSaveConfig is needed, if not after restart libvirtd the new snapshot
	file definitions in xml will be lost.
	Reproduce steps:
	1. prepare a shut off guest
	$ virsh domstate rhel7 && virsh domblklist rhel7
	shut off
	Target     Source
	------------------------------------------------
	vda        /var/lib/libvirt/images/rhel7.img
	2. create external disk snapshot
	$ virsh snapshot-create rhel7 --disk-only && virsh domblklist rhel7
	Domain snapshot 1417882967 created
	Target     Source
	------------------------------------------------
	vda        /var/lib/libvirt/images/rhel7.1417882967
	3. restart libvirtd then check guest source file
	$ service  libvirtd restart && virsh domblklist rhel7
	Redirecting to /bin/systemctl restart  libvirtd.service
	Target     Source
	------------------------------------------------
	vda        /var/lib/libvirt/images/rhel7.img
	This was first reported by Eric Blake
	http://www.redhat.com/archives/libvir-list/2014-December/msg00369.html

2015-01-14  Michal Privoznik  <mprivozn@redhat.com>

	conf: Increase virNetDevBandwidthParse intelligence
	There's this function virNetDevBandwidthParse which parses the
	bandwidth XML snippet. But it's not clever much. For the
	following XML it allocates the virNetDevBandwidth structure even
	though it's completely empty:
	    <bandwidth>
	    </bandwidth>
	Later in the code there are some places where we check if
	bandwidth was set or not. And since we obtained pointer from the
	parsing function we think that it is when in fact it isn't.

2015-01-14  Daniel P. Berrange  <berrange@redhat.com>

	Give virDomainDef parser & formatter their own flags
	The virDomainDefParse* and virDomainDefFormat* methods both
	accept the VIR_DOMAIN_XML_* flags defined in the public API,
	along with a set of other VIR_DOMAIN_XML_INTERNAL_* flags
	defined in domain_conf.c.
	This is seriously confusing & error prone for a number of
	reasons:
	 - VIR_DOMAIN_XML_SECURE, VIR_DOMAIN_XML_MIGRATABLE and
	   VIR_DOMAIN_XML_UPDATE_CPU are only relevant for the
	   formatting operation
	 - Some of the VIR_DOMAIN_XML_INTERNAL_* flags only apply
	   to parse or to format, but not both.
	This patch cleanly separates out the flags. There are two
	distint VIR_DOMAIN_DEF_PARSE_* and VIR_DOMAIN_DEF_FORMAT_*
	flags that are used by the corresponding methods. The
	VIR_DOMAIN_XML_* flags received via public API calls must
	be converted to the VIR_DOMAIN_DEF_FORMAT_* flags where
	needed.
	The various calls to virDomainDefParse which hardcoded the
	use of the VIR_DOMAIN_XML_INACTIVE flag change to use the
	VIR_DOMAIN_DEF_PARSE_INACTIVE flag.

	Decouple CPU XML formatting from domain XML public API flags
	The virCPUDefFormat* methods were relying on the VIR_DOMAIN_XML_*
	flag definitions. It is not desirable for low level internal
	functions to be coupled to flags for the public API, since they
	may need to be called from several different contexts where the
	flags would not be appropriate.

2015-01-13  Michal Privoznik  <mprivozn@redhat.com>

	formatdomaincaps: Correctly format API reference
	Well, since the link to the virConnectGetDomainCapabilities API is in
	<pre/> section we must take special care about the spaces around the
	link.
	Acked-by: Laszlo Ersek <lersek@redhat.com>

2015-01-13  Eric Blake  <eblake@redhat.com>

	qemu: forbid second blockcommit during active commit
	https://bugzilla.redhat.com/show_bug.cgi?id=1135339 documents some
	confusing behavior when a user tries to start an inactive block
	commit in a second connection while there is already an on-going
	active commit from a first connection.  Eventually, qemu will
	support multiple simultaneous block jobs, but as of now, it does
	not; furthermore, libvirt also needs an overhaul before we can
	support simultaneous jobs.  So, the best way to avoid confusing
	ourselves is to quit relying on qemu to tell us about the situation
	(where we risk getting in weird states) and instead forbid a
	duplicate block commit ourselves.
	Note that we are still relying on qemu to diagnose attempts to
	interrupt an inactive commit (since we only track XML of an active
	commit), but as inactive commit is less confusing for libvirt to
	manage, there is less that can go wrong by leaving that detection
	up to qemu.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Hoist check for
	active commit to occur earlier outside of conditions.

2015-01-13  Daniel P. Berrange  <berrange@redhat.com>

	parallels: don't override error message when XML parsing fails
	The virDomainDefParseString method will report a suitable error
	on parsing fail, so don't replace that.

	Fix flags passed to virDomainDefParseString by XenAPI driver
	The XenAPI driver was passing the flags for
	virDomainCreateXML straight into the virDomainDefParseString
	method, even though they expect totally different sets of
	flags. It should have been using VIR_DOMAIN_XML_INACTIVE

	Don't use VIR_DOMAIN_XML_SECURE when parsing XML
	The VIR_DOMAIN_XML_SECURE flag only has effect on the formatting
	of XML so should not be passed to virDomainDefParseNode

	Add stub virDomainDefineXMLFlags impls
	Make sure every virt driver implements virDomainDefineXMLFlags
	by adding a trivial passthrough from the existing impl with
	no flags set.

	Add new virDomainDefineXMLFlags public API
	The virDomainDefineXML method is one of the few that still lacks
	an 'unsigned int flags' parameter. This will be needed for adding
	XML validation to this API. virDomainCreateXML fortunately already
	has flags.

2015-01-13  Luyao Huang  <lhuang@redhat.com>

	conf: fix crash when hotplug a channel chr device with no target
	https://bugzilla.redhat.com/show_bug.cgi?id=1181408
	When we try to hotplug a channel chr device with no target, we
	will get success (which should fail) in virDomainChrDefParseXML,
	because we use goto cleanup this place and return an incomplete
	definition (with no target). In qemuDomainAttachChrDevice,
	we add it to the domain definition, but fail to remove it from
	there when chardev-add fails, because virDomainChrRemove
	matches chardevices according to the target name.
	The device definition is then freed in qemuDomainAttachDeviceFlags,
	leaving a stale pointer in the domain definition.

2015-01-13  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Allow enabling/disabling features with host-passthrough
	QEMU supports feature specification with -cpu host and we just skip
	using that.  Since QEMU developers themselves would like to use this
	feature, this patch modifies the code to work.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178850

2015-01-13  Jim Fehlig  <jfehlig@suse.com>

	Revert "src/xenconfig: Xen-xl parser"
	This reverts commit 2c78051a14acfb7aba078d569b1632dfe0ca0853.
	Conflicts:
		src/Makefile.am

	Revert "tests: Tests for the xen-xl parser"
	This reverts commit 6b818d3b09f4e74ac2ea1d4020896be1e6871867.

	Revert "libxl: Add support for parsing/formating Xen XL config"
	This reverts commit 4f524212ce614e1ca84b34dd8330a48957c8f823.

	Revert "src/Makefile.am: fix build breaker for xenconfig"
	This reverts commit 703ef9667abf016ef1040eac296a81792b366932.

	Revert "build: fix xenconfig VPATH builds"
	This reverts commit 1b21d300691a78f73d94446616a6d1f9fd88991e.
	Conflicts:
		src/Makefile.am

	Revert "Revert "src/Makefile.am: fix build breaker for xenconfig""
	This reverts commit e662968fd980158e8f8d8990bb43378dbc3d036a.

	Revert "src/Makefile: move the new xen_xl_disk parser code at the correct place"
	This reverts commit edacdb3d12256af4f6e31ec65c9dd4797fb3aa0d.

	Revert "src/Makefile: Fix parallel build after xen_xl_disk parser introduction"
	This reverts commit 533349ff43ddf091026fbcb0d9a714d9cc570dc7.

	Revert "bootstrap.conf: add check for flex"
	This reverts commit cab767831f74ec72809dacd07cb782a88a097f21.

2015-01-13  Guido Günther  <agx@sigxcpu.org>

	lxc: Move setting ifname_guest_actual to virLXCSetupInterfaces
	so it applies to interfaces of type 'direct' too.
	Reported and patch provided by Bastian Blank at
	    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769600

2015-01-12  Michal Privoznik  <mprivozn@redhat.com>

	qemuxml2argvtest: Fix test after change of qxl vgamem_mb default
	Well, apparently it's possible for a patch to sneak in through
	review process and break 'make check'. It happened just lately
	with 0e502466acb84a which changed the default of vgamem_mb for
	qxl device. However, there were left some domain XMLs within our
	test suite relying on the old default. These should be updated to
	match the change.

2015-01-12  Daniel Hansel  <daniel.hansel@linux.vnet.ibm.com>

	cpu: Bugfix for s390 CPU driver to return a host CPU model
	The curent libvirt CPU driver for s390 does not return a host CPU model.
	This patch returns 'host' according to the other platforms that would
	not decode any CPU model.
	This is an intermediate bugfix due to a discussion on OpenStack mailing
	list. The final patch introducing the CPU model support for s390x will
	exchange the hard-coded decode method.

2015-01-12  John Ferlan  <jferlan@redhat.com>

	virconf: Resolve a possible memory leak in virConfSetValue
	Found this one by inspection... The API claims to "own" the input
	value even in the case of error.  However, in the initial entry
	to the API if the value exists, was STRING, but without a str value
	it just returned without freeing the 'value' which it claims to now
	own.  So I added the virConfFreeValue() call in order to resolve.

	openvz: Check errors from virSocketAddrFormat
	Commit id 'a4e86390' modified the command line to allow --ipadd multiple
	times; however, it did not account for the condition where a NULL is
	returned which will could lead to some interesting errors with multiple
	--ipadd's without parameters.

	openvz: Resolve Coverity RESOURCE_LEAK
	Commit id 'a4e86390' modified the command line to allow --ipadd multiple
	times, which caused Coverity to notice a latent memory leak with the
	'ipAddr' string not being VIR_FREE()'d

2015-01-12  Pavel Hrdina  <phrdina@redhat.com>

	qxl: change the default value for vgamem_mb to 16 MiB
	The default value should be 16 MiB instead of 8 MiB. Only really old
	version of upstream QEMU used the 8 MiB as default for vga framebuffer.
	Without this change if you update your libvirt where we introduced the
	"vgamem" attribute for QXL video device the value will be set to 8 MiB,
	but previously your guest had 16 MiB because we didn't pass any value to
	QEMU command line which means QEMU used its own 16 MiB as default.
	This will affect all users with guest's display resolution higher than
	1920x1080.

2015-01-12  Michal Privoznik  <mprivozn@redhat.com>

	docs: Document some -boot option limitations on UEFI
	It was brought to my attention that some -boot options may not
	work with UEFI. For instance, rebootTimeout is very SeaBIOS
	specific,splash logo is not implemented yet on OVMF, and so on.
	We should document this limitation at least.

2015-01-12  Hao Liu  <hliu@redhat.com>

	virsh: Emit error for VSH_OT_DATA without VSH_OFLAG_REQ
	Commit 6b9964 enforces checking invalid use of VSH_OT_STRING with
	VSH_OFLAG_REQ. This commit tries to do the same thing to stop using
	VSH_OT_DATA without VSH_OFLAG_REQ and also fix existing misuse.

2015-01-12  Guido Günther  <agx@sigxcpu.org>

	lxc: Don't crash on NULL ifname_guest_actual
	Reported and patch provided by Bastian Blank at
	    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769600

2015-01-09  Luyao Huang  <lhuang@redhat.com>

	conf: Correctly format controller's driver
	https://bugzilla.redhat.com/show_bug.cgi?id=1179684
	The way that we currently generate the <driver/> for <controller/> is
	just madness:
	    <controller type='scsi' index='0' model='virtio-scsi'>
	      <driver queues='12'/>
	      <driver cmd_per_lun='123'/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
	    </controller>
	It's obvious that we should be aiming at the following:
	    <controller type='scsi' index='0' model='virtio-scsi'>
	      <driver queues='12' cmd_per_lun='123'/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
	    </controller>

2015-01-09  Ján Tomko  <jtomko@redhat.com>

	safezero: fall back to writing zeroes even when resizing
	Remove the resize flag and use the same code path for all callers.
	This flag was added by commit 18f0316 to allow virStorageFileResize
	use 'safezero' while preserving the behavior.
	Explicitly return -2 when a fallback to a different method should
	be done, to make the code path more obvious.
	Fail immediately when ftruncate fails in the mmap method,
	as we did before commit 18f0316.

2015-01-09  John Ferlan  <jferlan@redhat.com>

	virsh.pod: Update description
	The 'pool-build' command description for --overwrite and --no-overwrite
	indicated usage for only 'filesystem' pools; however, the 'disk' pool
	also supports the flags as of commit id 'afa1029a'. So add a description
	for that usage.

2015-01-09  Eric Blake  <eblake@redhat.com>

	maint: in src/Makefile.am, $(top_srcdir)/src is verbose
	I noticed this while working on a previous commit.  Why should
	we be calling out '../src/' when it is sufficient to refer to just
	'./'?  Blind copy-and-paste runs rampant in this file :)
	* src/Makefile.am (INCLUDES, *_CFLAGS): Shorten to $(srcdir).

2015-01-09  Pavel Hrdina  <phrdina@redhat.com>

	bootstrap.conf: add check for flex
	We need the flex to generate new xen_xl_disk parser.

2015-01-08  Pavel Hrdina  <phrdina@redhat.com>

	src/Makefile: Fix parallel build after xen_xl_disk parser introduction
	Well, the parallel build doesn't work as there are not dependencies
	set correctly. When running 'make -j' I see this error:
	make[2]: Entering directory '/home/zippy/work/libvirt/libvirt.git/src'
	  GEN      util/virkeymaps.h
	  GEN      locking/lock_protocol.h
	make[2]: *** No rule to make target 'xenconfig/xen_xl_disk.h', needed by 'all'.  Stop.
	make[2]: *** Waiting for unfinished jobs....
	  GEN      lxc/lxc_controller_dispatch.h
	The fix is to correctly set dependencies by letting make know that .c
	and .h are to be generated from .l. Moreover, the section is moved
	closer to the other section which uses it.

	src/Makefile: move the new xen_xl_disk parser code at the correct place

	Revert "src/Makefile.am: fix build breaker for xenconfig"
	This reverts commit 703ef9667abf016ef1040eac296a81792b366932.

2015-01-08  Geoff Hickey  <ghickey@datagravity.com>

	vmx: Fix a VMX parsing problem
	VMware ESX does not always set the "serialX.fileType" tag in VMX files. The
	default value for this tag is "device", and when adding a new serial port
	of this type VMware will omit the fileType tag. This caused libvirt to
	fail to parse the VMX file. Fixed by making this tag optional and using
	"device" as a default value. Also updated vmx2xmltest to test for this
	case.

2015-01-08  Eric Blake  <eblake@redhat.com>

	build: fix xenconfig VPATH builds
	Ever since commit 2c78051 split out a helper library for the sake of
	changing CFLAGS, a VPATH build with xenconfig enabled has failed:
	  CC       xenconfig/libvirt_xenxldiskparser_la-xen_xl_disk.lo
	  ../../src/xenconfig/xen_xl_disk.l:37:21: fatal error: xen_xl.h: No such file or directory
	   # include "xen_xl.h"
	             ^
	  compilation terminated.
	  Makefile:9462: recipe for target 'xenconfig/libvirt_xenxldiskparser_la-xen_xl_disk.lo' failed
	The solution is to tell the build to look for xen_xl.h relative
	to $(srcdir), since we keep that file under version control.
	[Not fixed here - the raw use of -Wno-unused-parameter in CFLAGS
	is NOT portable; ideally, we should be doing a configure test
	and only supplying that argument when we know the compiler supports
	-Wunused-parameter; but that's a patch for another day]
	[Not fixed here - there are still issues with parallel builds hitting
	a race between generating the files and trying to compile/distribute
	them]
	* src/Makefile.am (libvirt_xenxldiskparser_la_CFLAGS): Add another
	include directory.

2015-01-08  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Fix system pages handling in <memoryBacking/>
	In one of my previous commits (311b4a67) I've tried to allow to
	pass regular system pages to <hugepages>. However, there was a
	little bug that wasn't caught. If domain has guest NUMA topology
	defined, qemuBuildNumaArgStr() function takes care of generating
	corresponding command line. The hugepages backing for guest NUMA
	nodes is handled there too. And here comes the bug: the hugepages
	setting from XML is stored in KiB internally, however, the system
	pages size was queried and stored in Bytes. So the check whether
	these two are equal was failing even if it shouldn't.

2015-01-08  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Add support for icmpv6 filtering
	Make use of the ebtables functionality to be able to filter certain
	parameters of icmpv6 packets. Extend the XML parser for icmpv6 types,
	type ranges, codes, and code ranges. Extend the nwfilter documentation,
	schema, and test cases.
	Being able to filter icmpv6 types and codes helps extending the DHCP
	snooper for IPv6 and filtering at least some parameters of IPv6's NDP
	(Neighbor Discovery Protocol) packets. However, the filtering will not
	be as good as the filtering of ARP packets since we cannot
	check on IP addresses in the payload of the NDP packets.

2015-01-07  Ján Tomko  <jtomko@redhat.com>

	Indentation

2015-01-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't unref domain after exit from nested async job
	In commit 540c339a2535ec30d79e5ef84d8f50a17bc60723 the whole domain
	reference counting was refactored in the qemu driver. Domain jobs now
	don't need to reference the domain object as they now expect the
	reference from the calling function.
	However, the patch forgot to remove the unref call in case we exit the
	monitor when we were acquiring a nested job. This caused the daemon to
	crash on a subsequent access to the domain object once we've done an
	operation requiring a nested job for a monitor access.
	An easy reproducer case:
	1) Start a vm with qcow disks
	2) virsh snapshot-create-as DOMNAME
	3) virsh dumpxml DOMNAME
	4) daemon crashes in a semi-random spot while accessing a now-removed VM
	object.
	Fortunately, the commit wasn't released yet, so there are no security
	implications.
	Reported-by: Shanzi Yu <shyu@redhat.com>

2015-01-07  Luyao Huang  <lhuang@redhat.com>

	conf: Don't format actual network definition in migratable XML
	https://bugzilla.redhat.com/show_bug.cgi?id=1177194
	When migrate a vm, we will generate a xml via qemuDomainDefFormatLive and
	pass this xml to target libvirtd. Libvirt will use the current network
	state in def->data.network.actual to generate the xml, this will make
	migrate failed when we set a network type guest interface use a macvtap
	network as a source in a vm then migrate vm to another host(which has the
	different macvtap network settings: different interface name, bridge name...)
	Add a flag check in virDomainNetDefFormat, if we set a VIR_DOMAIN_XML_MIGRATABLE
	flag when call virDomainNetDefFormat, we won't get the current vm interface
	state.

2015-01-07  Alexander Burluka  <aburluka@parallels.com>

	Parallels: Add VNC hostname setup
	Add missing VNC setup via Parallels SDK.
	Parallels Cloud Server starts one VNC server per domain,
	so we could process only one VNC server definition.
	Network-based listening currently is unimplemented.

2015-01-06  Luyao Huang  <lhuang@redhat.com>

	qemu: Restore old bandwidth rules when setting new fails
	https://bugzilla.redhat.com/show_bug.cgi?id=1177723
	When setting new bandwidth limits via
	virDomainSetInterfaceParameters, the old ones are cleared first.
	However, if setting the new ones fails, the old are already gone
	and interface is left in inconsistent state.  Therefore, right
	before failing we ought to try to restore the old bandwidth.

	qemu: fix miss goto cleanup in qemuDomainAttachNetDevice
	This place have a wrong logic, maybe forget goto cleanup.
	Also fix some small things.

2015-01-06  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	networkGetDHCPLeases: Remove unnecessary error reporting
	Lack of a lease (whether mac is given or not) is a normal expected
	scenario, since we are already filling in rv with nleases (which is
	okay as 0 if there is no lease).  There is no need to raise an error.
	This fixes:
	> virsh # net-dhcp-leases --mac 00:50:56:c0:00:01  default
	> error: Failed to get leases info for default
	> error: internal error: no lease with matching MAC address: 00:50:56:c0:00:01

2015-01-06  Luyao Huang  <lhuang@redhat.com>

	qemu: use a wrong name for guest panic status
	https://bugzilla.redhat.com/show_bug.cgi?id=1178652
	We will get a warning when we have a guest in paused
	status (caused by kernel panic) and restart libvirtd,
	warning message like this:
	Qemu reported unknown VM status: 'guest-panicked'
	and this seems because we set a wrong status name in
	qemu_monitor.c, and from qemu qapi-schema.json file
	we know this status should named 'guest-panicked'.

2015-01-06  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Another update is required to pick up today's gnulib fix for mingw
	builds (now that gnulib turns on mingw's replacement printf that
	understands %lld, it must also tell the compiler to respect the
	improved definition of PRIdMAX and friends).
	* .gnulib: Update to latest.

	virnetlink: fix build on non-Linux
	Commit 4dc04d3a added virNetlinkGetErrorCode, but forgot to provide
	a fallback, which kills the build on mingw (among others):
	  CCLD     libvirt.la
	  Cannot export virNetlinkGetErrorCode: symbol not defined
	  collect2: error: ld returned 1 exit status
	* src/util/virnetlink.c (virNetlinkGetErrorCode): Provide fallback.

2015-01-06  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Report error if a driver can't handle multiple IP addresses
	Drivers supporting one and only one IP address raise an error if more IP
	addresses are configured.

	Openvz --ipadd can be provided multiple times
	Vzctl man page says that --ipadd can be provided multiple times to add
	several IP addresses. Looping over the configured ip addresses to add
	one --ipadd for each. This would even handle the multiple IPs handled
	by openvz_conf.c

	LXC: honour network devices link state
	Don't activate LXC network device if <link state='down'/> has been set
	in its configuration.

	LXC: use the new net devices routes definition
	Actually set routes in lxc containers if there are defined ones.

	lxc conf2xml: convert lxc.network.ipv[46].gateway

	Domain network devices can now have a <route> element
	Network interfaces devices and host devices with net capabilities can
	now have IPv4 and/or an IPv6 routes configured.

	lxc conf2xml: convert ip addresses for hostdev NICs

	Allow network capabilities hostdev to configure IP addresses

	lxc conf2xml: convert IP addresses

	LXC: set IP addresses to veth devices in the container
	Uses the new virDomainNetDef ips to set the IP addresses on the network
	interfaces in the container.

	Domain conf: allow more than one IP address for net devices
	Add the possibility to have more than one IP address configured for a
	domain network interface. IP addresses can also have a prefix to define
	the corresponding netmask.

	Renamed virNetDevClearIPv4Address to virNetDevClearIPAddress
	Make clear that virNetDevClearIPv4Address can also handle IPv6
	addresses by changing the name

	virNetDevClearIPv4Address: netlink implementation

	virNetDevAddRoute: implementation using netlink

	Renamed virNetDevSetIPv4Address to virNetDevSetIPAddress
	Renamed virNetDevSetIPv4Address as it also handles IPv6 addresses.

	virNetDevSetIPv4Address: libnl implementation
	Add a default implementation of virNetDevSetIPv4Address using netlink
	and libnl. This avoids requiring /usr/sbin/ip or /usr/sbin/ifconfig
	external binaries.

	Forgot to cleanup ifname_guest* in domain network def parsing

	Fix error when starting a container after an error
	The typical case for the problem is starting a domain needing a network
	that isn't started. Even after starting the network, we get an unknown error
	when starting the container.
	This is due to dynamic security label not being removed.

2015-01-06  Daniel P. Berrange  <berrange@redhat.com>

	maint: fix date in local gnulib patch
	The local gnulib ssize_t.m4.diff patch no longer applied due to
	changed context from the date change.

	maint: update to latest gnulib
	Sync to latest gnulib to get files updated with 2015 copyright
	date to fix syntax-check
	* .gnulib: update to latest
	* bootstrap: Regenerate from upstream

2015-01-05  Cedric Bosdonnat  <cbosdonnat@suse.com>

	Teach AppArmor, that /usr/lib64 may exist.
	The apparmor profiles forgot about /usr/lib64 folders, just add lib64
	as a possible alternative to lib in the paths

2015-01-05  Pavel Hrdina  <phrdina@redhat.com>

	src/Makefile.am: fix build breaker for xenconfig
	Commit 2c78051a introduced build breaker with type in Makefile.am by
	specifying wrong header file.

2015-01-05  Chunyan Liu  <cyliu@suse.com>

	Add tests to xmconfigtest
	Add tests to testing HVM default features (pae, acpi, apic)
	conversion from xm config to libvirt xml. If no pae|acpi|apic
	specified in xm config, after conversion, libvirt xml should
	by default include:
	 <features>
	   <pae/>
	   <apic/>
	   <acpi/>
	 </features>

	xenconfig: set HVM pae/apic/acpi/ default to 1
	According to xm.config manual, HVM pae|apic|acpi feature default
	is 1 (enabled). But in conversion from xm config to libvirt xml,
	if xm config doesn't contain pae|apic|acpi, it sets default value
	to 0, this causes some problems in HVM guest.
	Update parser codes to set HVM pae|apic|acpi default value to 1
	to match xm config convension.

2015-01-04  Kiarie Kahurani  <davidkiarie4@gmail.com>

	libxl: Add support for parsing/formating Xen XL config
	Now that xenconfig supports parsing and formatting Xen's
	XL config format, integrate it into the libxl driver's
	connectDomainXML{From,To}Native functions.

	tests: Tests for the xen-xl parser
	add tests for the xen_xl config parser

	src/xenconfig: Xen-xl parser
	Introduce a Xen xl parser
	This parser allows for users to convert the new xl disk format and
	spice graphics config to libvirt xml format and vice versa. Regarding
	the spice graphics config, the code is pretty much straight forward.
	For the disk {formating, parsing}, this parser takes care of the new
	xl format which include positional parameters and key/value parameters.
	In xl format disk config a <diskspec> consists of parameters separated by
	commas. If the parameters do not contain an '=' they are automatically
	assigned to certain options following the order below
	   target, format, vdev, access
	The above are the only mandatory parameters in the <diskspec> but there
	are many more disk config options. These options can be specified as
	key=value pairs. This takes care of the rest of the options such as
	  devtype, backend, backendtype, script, direct-io-safe,
	The positional paramters can also be specified in key/value form
	for example
	    /dev/vg/guest-volume,,hda
	    /dev/vg/guest-volume,raw,hda,rw
	    format=raw, vdev=hda, access=rw, target=/dev/vg/guest-volume
	are interpleted to one config.
	In xm format, the above diskspec would be written as
	phy:/dev/vg/guest-volume,hda,w
	The disk parser is based on the same parser used successfully by
	the Xen project for several years now.  Ian Jackson authored the
	scanner, which is used by this commit with mimimal changes.  Only
	the PREFIX option is changed, to produce function and file names
	more consistent with libvirt's convention.

	src/xenconfig: Export helper functions
	Export helper functions for reuse in getting values
	from a virConfPtr object

2014-12-25  Michal Privoznik  <mprivozn@redhat.com>

	capabilities: Format <domain/> properly
	The <domain/> element under /capabilities/guest/arch/ can have no
	child elements. If that's the case we format:
	        <domain type='xen'>
	        </domain>
	instead of simpler:
	        <domain type='xen'/>
	This commit fixes that.

2014-12-23  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: report, that cdrom image is raw
	VIR_STORAGE_FILE_AUTO should be used only in xml provided to
	libvirt by user, if I understood correctly. Driver should
	set storage source format to specific disk format in
	*DomainGetXMLDesc.
	CDROMs in PCS use raw image format.

2014-12-23  Martin Kletzander  <mkletzan@redhat.com>

	tests: Set up two more overrides for root builders
	There are two more places after commit 3865941b that need to be adapted
	in order to get rid of some test failures when building as root.

	qemu: Fix coverity issues after refcount refactoring

2014-12-23  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	test: fix nwfilter tests following changes in virfirewall.c
	Some of the nwfilter tests are now failing since --concurrent shows
	up in the ebtables command. To avoid this, implement a function
	preventing the probing for lock support in the eb/iptables tools
	and use it in the tests.

2014-12-21  Martin Kletzander  <mkletzan@redhat.com>

	qemu: completely rework reference counting
	There is one problem that causes various errors in the daemon.  When
	domain is waiting for a job, it is unlocked while waiting on the
	condition.  However, if that domain is for example transient and being
	removed in another API (e.g. cancelling incoming migration), it get's
	unref'd.  If the first call, that was waiting, fails to get the job, it
	unref's the domain object, and because it was the last reference, it
	causes clearing of the whole domain object.  However, when finishing the
	call, the domain must be unlocked, but there is no way for the API to
	know whether it was cleaned or not (unless there is some ugly temporary
	variable, but let's scratch that).
	The root cause is that our APIs don't ref the objects they are using and
	all use the implicit reference that the object has when it is in the
	domain list.  That reference can be removed when the API is waiting for
	a job.  And because each domain doesn't do its ref'ing, it results in
	the ugly checking of the return value of virObjectUnref() that we have
	everywhere.
	This patch changes qemuDomObjFromDomain() to ref the domain (using
	virDomainObjListFindByUUIDRef()) and adds qemuDomObjEndAPI() which
	should be the only function in which the return value of
	virObjectUnref() is checked.  This makes all reference counting
	deterministic and makes the code a bit clearer.

	util: Fix possible NULL dereference
	Commit 1a80b97d, which added the virCgroupHasEmptyTasks() function
	forgot that the parameter @cgroup may be NULL and did not check that.

2014-12-21  Claudio Bley  <claudio.bley@gmail.com>

	maint: update .mailmap
	Add an email alias after updating my email address in commit 738a2ae.

	Fix typo s/interpetation/interpretation/
	Fix the typo in struct virSecurityModel's comment for its doi field.

2014-12-20  Claudio Bley  <claudio.bley@gmail.com>

	Update my email address in AUTHORS.in

	docs: split typedef and struct definition for apibuild.py
	The members of struct virSecurityLabel and struct virSecurityModel
	were not shown in the libvirt API docs because the corresponding
	<field> elements were missing from the libvirt-api.xml.
	The reason is that apibuild.py does not cope well with typedef's
	using inline struct definitions. It fails to associate the comment
	with the typedef and because of this refuses to write out the
	field of the struct.

2014-12-19  Daniel P. Berrange  <berrange@redhat.com>

	disable vCPU pinning with TCG mode
	Although QMP returns info about vCPU threads in TCG mode, the
	data it returns is mostly lies. Only the first vCPU has a valid
	thread_id returned. The thread_id given for the other vCPUs is
	in fact the main emulator thread. All vCPUs actually run under
	the same thread in TCG mode.
	Our vCPU pinning code is not at all able to cope with this
	so if you try to set CPU affinity per-vCPU you end up with
	wierd errors
	error: Failed to start domain instance-00000007
	error: cannot set CPU affinity on process 24365: Invalid argument
	Since few people will care about the performance of TCG with
	strict CPU pinning, lets just disable that for now, so we get
	a clear error message
	error: Failed to start domain instance-00000007
	error: Requested operation is not valid: cpu affinity is not supported

	Don't setup fake CPU pids for old QEMU
	The code assumes that def->vcpus == nvcpupids, so when we setup
	fake CPU pids for old QEMU with nvcpupids == 1, we cause the
	later code to read off the end of the array. This has fun results
	like sche_setaffinity(0, ...) which changes libvirtd's own CPU
	affinity, or even better sched_setaffinity($RANDOM, ...) which
	changes the affinity of a random OS process.

2014-12-19  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Create memory-backend-{ram,file} iff needed
	Libvirt BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1175397
	QEMU BZ:    https://bugzilla.redhat.com/show_bug.cgi?id=1170093
	In qemu there are two interesting arguments:
	1) -numa to create a guest NUMA node
	2) -object memory-backend-{ram,file} to tell qemu which memory
	region on which host's NUMA node it should allocate the guest
	memory from.
	Combining these two together we can instruct qemu to create a
	guest NUMA node that is tied to a host NUMA node. And it works
	just fine. However, depending on machine type used, there might
	be some issued during migration when OVMF is enabled (see QEMU
	BZ). While this truly is a QEMU bug, we can help avoiding it. The
	problem lies within the memory backend objects somewhere. Having
	said that, fix on our side consists on putting those objects on
	the command line if and only if needed. For instance, while
	previously we would construct this (in all ways correct) command
	line:
	    -object memory-backend-ram,size=256M,id=ram-node0 \
	    -numa node,nodeid=0,cpus=0,memdev=ram-node0
	now we create just:
	    -numa node,nodeid=0,cpus=0,mem=256
	because the backend object is obviously not tied to any specific
	host NUMA node.

2014-12-18  Ján Tomko  <jtomko@redhat.com>

	Remove redundant cleanup in qemuDomainAttachVirtioDiskDevice
	Commit ca91ba7 moved these into the qemuDomainPrepareDisk helper,
	but forgot to remove them from here as well.

	Fix hotplugging of block device-backed usb disks
	Commit ca91ba7 moved qemuSetupDiskCgroup into the qemuDomainPrepareDisk
	helper, but failed to call it for usb disks.
	https://bugzilla.redhat.com/show_bug.cgi?id=1175668`

2014-12-18  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	Buffer size too small when reading sysinfo
	On a system with 160 CPUs the /proc/cpuinfo size grows beyond
	the currently set limit of 10KB causing an internal error.
	This patch increases the buffer size to 1MB.

2014-12-18  Eric Blake  <eblake@redhat.com>

	qemu: fix memory leak in blockinfo
	Coverity flagged commit 0282ca45 as introducing a memory leak;
	in all my refactoring to make capacity probing conditional on
	whether the image is non-raw, I missed deleting the unconditional
	probe.
	* src/qemu/qemu_driver.c (qemuStorageLimitsRefresh): Drop
	redundant assignment.

2014-12-17  Ján Tomko  <jtomko@redhat.com>

	Fix error message on redirdev caps detection

2014-12-17  John Ferlan  <jferlan@redhat.com>

	logical: Add "--type snapshot" to lvcreate command
	A recent lvm change has resulted in a change for the "default" type of
	logical volume created when the "--virtualsize" or "--V" is supplied on
	the command line (e.g. when the allocation and capacity values of a to
	be created volume differ). It seems that at the very least the following
	change adjusts the default type:
	https://git.fedorahosted.org/cgit/lvm2.git/commit/?id=e0164f21
	and the following may also have some impact.
	https://git.fedorahosted.org/cgit/lvm2.git/commit/?id=87fc3b71
	When using the virsh vol-create-as or vol-create xmlfile commands, the
	result is that libvirt will now create a "thin logical volume" and a
	"thin logical volume pool" rather than just a "thin snapshot logical
	volume". For example the following sequence:
	  # lvcreate --name test -L 2M -V 5M lvm_test
	    Rounding up size to full physical extent 4.00 MiB
	    Rounding up size to full physical extent 8.00 MiB
	    Logical volume "test" created.
	  # lvs lvm_test
	    LV    VG       Attr       LSize Pool  Origin Data%  Meta%  Move Log Cpy%Sync Convert
	    lvol1 lvm_test twi-a-tz-- 4.00m              0.00   0.98
	    test  lvm_test Vwi-a-tz-- 8.00m lvol1        0.00
	compared to the former code which had the following:
	    LV   VG       Attr       LSize  Pool Origin         Data%  Move Log Cpy%Sync Convert
	    test LVM_Test swi-a-s---  4.00m      [test_vorigin]   0.00
	Since libvirt doesn't know how to parse the thin logical volume
	and pool, it will fail to find the newly created volume and pool
	even though it exists in the volume group.
	It cannot find since the command used to find/parse returns a thin volume
	'test' with no associated device, for example the output is:
	  lvol1##UgUwkp-fTFP-C0rc-ufue-xrYh-dkPr-FGPFPx#lvol1_tdata(0)#thin-pool#1#4194304#4194304#4194304#twi-a-tz--
	  test##NcaIoH-4YWJ-QKu3-sJc3-EOcS-goff-cThLIL##thin#0#8388608#4194304#8388608#Vwi-a-tz--
	as compared to the former which had the following:
	      test#[test_vorigin]#Dt5Of3-4WE6-buvw-CWJ4-XOiz-ywOU-YULYw6#/dev/sda3(1300)#linear#1#4194304#4194304#4194304#swi-a-s---
	While it's possible to generate code to handle the new thin lv and pool, this
	patch will add a "--type snapshot" onto the lvcreate command libvirt uses
	in order to "for now" be able to continue to utilize the thin snapshots

2014-12-17  Luyao Huang  <lhuang@redhat.com>

	conf: fix cannot start a guest have a shareable network iscsi hostdev
	https://bugzilla.redhat.com/show_bug.cgi?id=1174569
	There's nothing we need to do for shared iSCSI devices in
	qemuAddSharedHostdev and qemuRemoveSharedHostdev. The iSCSI layer
	takes care about that for us.

2014-12-17  Eric Blake  <eblake@redhat.com>

	getstats: crawl backing chain for qemu
	Wire up backing chain recursion.  For the first time, it is now
	possible to get libvirt to expose that qemu tracks read statistics
	on backing files, as well as report maximum extent written on a
	backing file during a block-commit operation.
	For a running domain, where one of the two images has a backing
	file, I see the traditional output:
	$ virsh domstats --block testvm2
	Domain: 'testvm2'
	  block.count=2
	  block.0.name=vda
	  block.0.path=/tmp/wrapper.qcow2
	  block.0.rd.reqs=1
	  block.0.rd.bytes=512
	  block.0.rd.times=28858
	  block.0.wr.reqs=0
	  block.0.wr.bytes=0
	  block.0.wr.times=0
	  block.0.fl.reqs=0
	  block.0.fl.times=0
	  block.0.allocation=0
	  block.0.capacity=1310720000
	  block.0.physical=200704
	  block.1.name=vdb
	  block.1.path=/dev/sda7
	  block.1.rd.reqs=0
	  block.1.rd.bytes=0
	  block.1.rd.times=0
	  block.1.wr.reqs=0
	  block.1.wr.bytes=0
	  block.1.wr.times=0
	  block.1.fl.reqs=0
	  block.1.fl.times=0
	  block.1.allocation=0
	  block.1.capacity=1310720000
	vs. the new output:
	$ virsh domstats --block --backing testvm2
	Domain: 'testvm2'
	  block.count=3
	  block.0.name=vda
	  block.0.path=/tmp/wrapper.qcow2
	  block.0.rd.reqs=1
	  block.0.rd.bytes=512
	  block.0.rd.times=28858
	  block.0.wr.reqs=0
	  block.0.wr.bytes=0
	  block.0.wr.times=0
	  block.0.fl.reqs=0
	  block.0.fl.times=0
	  block.0.allocation=0
	  block.0.capacity=1310720000
	  block.0.physical=200704
	  block.1.name=vda
	  block.1.path=/dev/sda6
	  block.1.backingIndex=1
	  block.1.rd.reqs=0
	  block.1.rd.bytes=0
	  block.1.rd.times=0
	  block.1.wr.reqs=0
	  block.1.wr.bytes=0
	  block.1.wr.times=0
	  block.1.fl.reqs=0
	  block.1.fl.times=0
	  block.1.allocation=327680
	  block.1.capacity=786432000
	  block.2.name=vdb
	  block.2.path=/dev/sda7
	  block.2.rd.reqs=0
	  block.2.rd.bytes=0
	  block.2.rd.times=0
	  block.2.wr.reqs=0
	  block.2.wr.bytes=0
	  block.2.wr.times=0
	  block.2.fl.reqs=0
	  block.2.fl.times=0
	  block.2.allocation=0
	  block.2.capacity=1310720000
	I may later do a patch that trims the output to avoid 0 stats,
	particularly for backing files (which are more likely to have
	0 stats, at least for write statistics when no block-commit
	is performed).  Also, I still plan to expose physical size
	information (qemu doesn't expose it yet, so it requires a stat,
	and for block devices, a further open/seek operation).  But
	this patch is good enough without worrying about that yet.
	* src/qemu/qemu_driver.c (QEMU_DOMAIN_STATS_BACKING): New internal
	enum bit.
	(qemuConnectGetAllDomainStats): Recognize new user flag, and pass
	details to...
	(qemuDomainGetStatsBlock): ...here, where we can do longer recursion.
	(qemuDomainGetStatsOneBlock): Output new field.

	getstats: split block stats reporting for easier recursion
	In order to report stats on backing chains, we need to separate
	the output of stats for one block from how we traverse blocks.
	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Split...
	(qemuDomainGetStatsOneBlock): ...into new helper.

	getstats: add new flag for block backing chain
	This patch introduces access to allocation information about
	a backing chain of a live domain.  While querying storage
	volumes for read-only disks could provide some of the details,
	we do NOT want to read() a file while qemu is writing it.
	Also, there is one case where we have to rely on qemu: when
	doing a block commit into a backing file, where that file is
	stored in qcow2 format on a host block device, we want to know
	the current highest write offset into that image, in order to
	know if the disk must be resized larger.  qemu-img does not
	(currently) show this information, and none of the earlier
	block APIs were extensible enough to expose it.  But
	virDomainListGetStats is perfect for the job!
	We don't need a new group of statistics, as the existing block
	group is sufficient.  On the other hand, as existing libvirt
	releases already report 1:1 mapping of block.count to <disk>
	devices, changing the array size could confuse older clients;
	and even with newer clients, the time and memory taken to
	report additional statistics is not always necessary (backing
	files are generally read-only except for block-commit, so while
	read statistics may change, sizing statistics will not).  So
	the choice here is to add a new flag that only newer callers
	will pass, when they are prepared for the additional information.
	This patch introduces the new API, but it will take more
	patches to get it implemented for qemu.
	* include/libvirt/libvirt-domain.h
	(VIR_CONNECT_GET_ALL_DOMAINS_STATS_BACKING): New flag.
	* src/libvirt-domain.c (virConnectGetAllDomainStats): Document it,
	and add a new field when it is in use.
	* tools/virsh-domain-monitor.c (cmdDomstats): Use new flag.
	* tools/virsh.pod (domstats): Document it.

	getstats: prepare for dynamic block.count stat
	A coming patch will make it optionally possible to list backing
	chain block stats; in this mode of operation, block.counts is no
	longer the number of <disks> in the domain, but the number of
	blocks in the array being reported.  We still want block.count
	listed first, but rather than iterate the tree twice (once to
	count, and once to list stats), it's easier to just touch things
	up after the fact.
	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Compute count
	after the fact.

	getstats: report block sizes for offline domains
	The prior refactoring can now be put to use. With the same domain
	as the earlier commit 7b49926 (one qcow2 disk and an empty
	cdrom drive):
	$ virsh domstats --block foo
	Domain: 'foo'
	  block.count=2
	  block.0.name=hda
	  block.0.path=/var/lib/libvirt/images/foo.qcow2
	  block.0.allocation=1309614080
	  block.0.capacity=42949672960
	  block.0.physical=1309671424
	  block.1.name=hdc
	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Use
	qemuStorageLimitsRefresh to report offline statistics.

	qemu: refactor blockinfo data gathering
	Create a helper function that can be reused for gathering block
	info from virDomainListGetStats.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Split guts...
	(qemuStorageLimitsRefresh): ...into new helper function.

	qemu: fix bugs in blockstats
	The documentation for virDomainBlockInfo was confusing: it stated
	that 'physical' was the size of the container, then gave an example
	of it being the amount of storage used by a sparse file (that is,
	for a sparse raw image on a regular file, the wording implied
	capacity==physical, while allocation was smaller; but the example
	instead claimed physical==allocation).  Since we use 'physical' for
	the last offset of a block device, we should do likewise for
	regular files.
	Furthermore, the example claimed that for a qcow2 regular file,
	allocation==physical.  At the time the code was first written,
	this was true (qcow2 files were allocated sequentially, and were
	never sparse, so the last sector written happened to also match
	the disk space occupied); but modern qemu does much better and
	can punch holes for a qcow2 with allocation < physical.
	Basically, after this patch, the three fields are now reliably
	mapped as:
	 'capacity' - how much storage the guest can see (equal to
	physical for raw images, determined by image metadata otherwise)
	 'allocation' - how much storage the image occupies (similar to
	what 'du' would report)
	 'physical' - the last offset of the image (similar to what 'ls'
	would report)
	'capacity' can be larger than 'physical' (such as for a qcow2
	image that does not vary much from a backing file) or smaller
	(such as for a qcow2 file with lots of internal snapshots).
	Likewise, 'allocation' can be (slightly) larger than 'physical'
	(such as counting the tail of cluster allocations required to
	round a file size up to filesystem granularity) or smaller
	(for a sparse file).  A block-resize operation changes capacity
	(which, for raw images, also changes physical); many non-raw
	images automatically grow physical and allocation as necessary
	when starting with an allocation smaller than capacity; and even
	when capacity and physical stay unchanged, allocation can change
	when converting sectors from holes to data or back.
	Note that this does not change semantics for qcow2 images stored
	on block devices; there, we still rely on qemu to report the
	highest written extent for allocation.  So using this API to
	track when to extend a block device because a qcow2 image is
	about to exceed a threshold will not see any changes.
	Also, note that virStorageVolInfo is unfortunately limited to
	just 'capacity' and 'allocation' (we can't expand it to add
	'physical', although we can expand the XML to add it there);
	historically, that struct's 'allocation' value has reported
	file size for qcow2 files (what this patch terms 'physical'
	for a domain block device), but disk usage for raw files (what
	this patch terms 'allocation').  So follow-up patches will be
	needed to make storage volumes report the same allocation
	values and get at physical values, where those differ.
	* include/libvirt/libvirt-domain.h (_virDomainBlockInfo): Tweak
	documentation to match saner definition.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): For regular
	files, physical size is capacity, not allocation.

	getstats: rearrange blockinfo gathering
	Ultimately, we want to avoid read()ing a file while qemu is running.
	We still have to open() block devices to determine their physical
	size, but that is safer.  This patch rearranges code to group
	together all code that reads the image, to make it easier for later
	patches to skip the metadata collection when possible.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Check for empty
	disk up front.  Place metadata reading next to use.

	getstats: perform recursion in monitor collection
	When requested in a later patch, the QMP command results are now
	examined recursively.  As qemu_driver will eventually have to
	read items out of the hash table as stored by this patch, the
	computation of backing alias string is done in a shared location.
	* src/qemu/qemu_domain.h (qemuDomainStorageAlias): New prototype.
	* src/qemu/qemu_domain.c (qemuDomainStorageAlias): Implement it.
	* src/qemu/qemu_monitor_json.c
	(qemuMonitorJSONGetOneBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacityOne): Perform recursion.
	(qemuMonitorJSONGetAllBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacity): Update callers.

	getstats: prepare monitor collection for recursion
	A future patch will allow recursion into backing chains when
	collecting block stats.  This patch should not change behavior,
	but merely moves out the common code that will be reused once
	recursion is enabled, and adds the parameter that will turn on
	recursion.
	* src/qemu/qemu_monitor.h (qemuMonitorGetAllBlockStatsInfo)
	(qemuMonitorBlockStatsUpdateCapacity): Add recursion parameter,
	although it is ignored for now.
	* src/qemu/qemu_monitor.h (qemuMonitorGetAllBlockStatsInfo)
	(qemuMonitorBlockStatsUpdateCapacity): Likewise.
	* src/qemu/qemu_monitor_json.h
	(qemuMonitorJSONGetAllBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacity): Likewise.
	* src/qemu/qemu_monitor_json.c
	(qemuMonitorJSONGetAllBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacity): Add parameter, and
	split...
	(qemuMonitorJSONGetOneBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacityOne): ...into helpers.
	(qemuMonitorJSONGetBlockStatsInfo): Update caller.
	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Update caller.
	* src/qemu/qemu_migration.c (qemuMigrationCookieAddNBD): Likewise.

	qemu: let blockinfo reuse virStorageSource
	Right now, grabbing blockinfo always calls stat on the disk, then
	opens the image to determine the capacity, using a throw-away
	virStorageSourcePtr.  This has a couple of drawbacks:
	1. We are calling stat and opening a file on every invocation of
	the API.  However, there are cases where the stats should NOT be
	changing between successive calls (if a domain is running, no
	one should be changing the physical size of a block device or raw
	image behind our backs; capacity of read-only files should not
	be changing; and we are the gateway to the block-resize command
	to know when the capacity of read-write files should be changing).
	True, we still have to use stat in some cases (a sparse raw file
	changes allocation if it is read-write and the amount of holes is
	changing, and a read-write qcow2 image stored in a file changes
	physical size if it was not fully pre-allocated).  But for
	read-only images, even this should be something we can remember
	from the previous time, rather than repeating every call.
	2. We want to enhance the power of virDomainListGetStats, by
	sharing code.  But we already have a virStorageSourcePtr for
	each disk, and it would be easier to reuse the common structure
	than to have to worry about the one-off virDomainBlockInfoPtr.
	While this patch does not optimize reuse of information in point
	1, it does get us closer to being able to do so; by updating a
	structure that survives between consecutive calls.
	* src/util/virstoragefile.h (_virStorageSource): Add physical, to
	mirror virDomainBlockInfo; rearrange fields to match public struct.
	(virStorageSourceCopy): Copy the new field.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Store into
	storage source, then copy to block info.

	qemu: refactor blockinfo job handling
	In order for a future patch to virDomainListGetStats to reuse
	some code for determining disk usage of offline domains, we
	need to make it easier to pull out part of the guts of grabbing
	blockinfo.  The current implementation grabs a job fairly late
	in the game, while getstats will already own a job; reordering
	things so that the job is always grabbed up front in both
	functions will make it easier to pull out the common code.
	This patch results in grabbing a job in cases where one was not
	previously needed, but as it is a query job, it should not be
	noticeably slower.
	This patch touches the same code as the fix for CVE-2014-6458
	(commit b799259); in that patch, we avoided hotplug changing
	a disk reference during the time of obtaining a monitor lock
	by copying all data we needed and no longer referencing disk;
	this patch goes the other way and ensures that by holding the
	job, the disk cannot be changed so we no longer need to worry
	about the disk being invalidated across the monitor lock.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Rearrange job
	control to be outside of disk information.

	build: fix typo in previous patch
	* src/util/virfile.c (safezero_mmap): Fix missing semicolon.

2014-12-17  Martin Kletzander  <mkletzan@redhat.com>

	util: Fix fallocate stubs for mingw build
	When any of the functions modified in commit 214c687b took false branch,
	the function itself used none of its parameters resulting in "unused
	parameter" error.  Rewriting these functions to the stubs we use
	elsewhere should fix the problem.

	qemu: Free saved error in qemuDomainSetVcpusFlags
	Commit e3435caf added cleanup code to qemuDomainSetVcpusFlags() that was
	not supposed to reset the error.  Usual procedure was done, saving the
	error to temporary variable, but it was never free'd, but rather leaked.

	qemu: Add missing goto error in qemuRestoreCgroupState
	Commit af2a1f05 tried clearly separating each condition in
	qemuRestoreCgroupState() for the sake of readability, however somehow
	one condition body was missing.  That means that the body of the next
	condition got executed only if both of there were true, which is
	impossible, thus resulting in a dead code and a logic error.

	conf: Fix invalid condition when parsing storage owner
	In commit d2632d60 we agreed taht we want the parsed uid to properly
	overflow but only to -1, however the value was read into long and then
	wrapped into uid_t.  That meaned it failed on 32-bit systems.

2014-12-17  John Ferlan  <jferlan@redhat.com>

	virstoragefile: Have virStorageFileResize use safezero
	Currently virStorageFileResize() function uses build conditionals to
	choose either the posix_fallocate() or syscall(SYS_fallocate) with no
	fallback in order to preallocate the space in the newly resized file.
	Since the safezero code has a similar set of conditionals modify the
	resize and safezero code in order to allow the resize logic to make use
	of safezero to unify the look/feel of the code paths.
	Add a new boolean (resize) to safezero() to make the optional decision
	whether to try syscall(SYS_fallocate) if the posix_fallocate fails because
	HAVE_POSIX_FALLOCATE is not defined (eg, return -1 and errno == 0).
	Create a local safezero_sys_fallocate in order to handle the resize
	code paths that support that.  If not present, the set errno = ENOSYS
	in order to allow the caller to handle the failure scenarios.

	virfile: Refactor safezero
	Currently build conditionals decide which of two safezero() functions
	should be built - either the posix_fallocate() or mmap() with a fallback
	to a slower safewrite() algorithm in order to preallocate space in a raw file.
	This patch will refactor safezero to utilize static functions for either
	posix_fallocate or mmap/safewrite. The build conditional still exist, but
	are only for shorter sections of code.
	The posix_fallocate path will make use of the ret/errno setting to contain
	the logic for safezero to decide whether it needs to fallback to other
	algorithms. A return of -1 with errno not changed will indicate the conditional
	is not present; otherwise, a return of -1 with errno change indicates the
	call was made and it failed (no functional difference to current algorithm).
	The mmap/safewrite option changes only slightly to handle the ftruncate
	failure for mmap. That is, previously if the ftruncate failed, there was
	no fallback to the slow safewrite option.

2014-12-16  Martin Kletzander  <mkletzan@redhat.com>

	conf: Rework virDomainObjListFindByUUID to allow more concurrent APIs
	Currently, when there is an API that's blocking with locked domain and
	second API that's waiting in virDomainObjListFindByUUID() for the domain
	lock (with the domain list locked) no other API can be executed on any
	domain on the whole hypervisor because all would wait for the domain
	list to be locked.  This patch adds new optional approach to this in
	which the domain is only ref'd (reference counter is incremented)
	instead of being locked and is locked *after* the list itself is
	unlocked.  We might consider only ref'ing the domain in the future and
	leaving locking on particular APIs, but that's no tonight's fairy tale.

	storage: unify permission formatting
	Volume and pool formatting functions took different approaches to
	unspecified uids/gids.  When unknown, it is always parsed as -1, but one
	of the functions formatted it as unsigned int (wrong) and one as
	int (better).  Due to that, our two of our XML files from tests cannot
	be parsed on 32-bit machines.
	RNG schema needs to be modified as well, but because both
	storagepool.rng and storagevol.rng need same schema for permission
	element, save some space by moving it to storagecommon.rng.

	qemu: Fix hotplugging cpus with strict memory pinning
	When hot-plugging a VCPU into the guest, kvm needs to allocate some data
	from the DMA zone, which might be in a memory node that's not allowed in
	cpuset.mems.  Basically the same problem as there was with starting the
	domain and due to which commit 7e72ac787848b7434c9359a57c1e2789d92350f8
	exists.  This patch just extends it to hotplugging as well.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1161540

	qemu: Leave cpuset.mems in parent cgroup alone
	Instead of setting the value of cpuset.mems once when the domain starts
	and then re-calculating the value every time we need to change the child
	cgroup values, leave the cgroup alone and rather set the child data
	every time there is new cgroup created.  We don't leave any task in the
	parent group anyway.  This will ease both current and future code.

	qemu: Save numad advice into qemuDomainObjPrivate
	Thanks to that we don't need to drag the pointer everywhere and future
	code will get cleaner.

	qemu: Remove unnecessary qemuSetupCgroupPostInit function

	util: Add virNumaGetHostNodeset
	That function tries its best to create a bitmap of host NUMA nodes.

	util: Add function virCgroupHasEmptyTasks
	That function helps checking whether there's a task in that cgroup.

2014-12-16  Jiri Denemark  <jdenemar@redhat.com>

	spec: Fix syntax

2014-12-16  Daniel P. Berrange  <berrange@redhat.com>

	avoid using deprecated udev logging functions
	In systemd >= 218, the udev_set_log_fn method has been marked
	deprecated and turned into a no-op. Nothing in the udev client
	library will print to stderr by default anymore, so we can
	just stop installing a logging hook for new enough udev.

	spec: Disable -Werror in Fedora RPM builds
	Since we switched to using GIT to apply patches in the RPM spec,
	we automagically also turned on -Werror, since the .git directory
	now exists. We don't want this on in Fedora, since changing
	header files often lead to new warnings being issued. Explicitly
	turn off -Werror for non-RHEL platforms, instead of relying on
	the defaults

2014-12-16  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: fix usage of disk->info.addr.drive structure
	For SCSI and SATA devices controller and unit are used
	to specify drive address. For IDE devices - bus specifies
	IDE bus, becase usually there are 2 IDE buses on IDE
	controller.
	Parallels SDK allows to set drive position by calling
	PrlVmDev_SetStackIndex. Since PCS VMs have only one
	controller of each type, for SATA and SCSI devices it
	simple means position on bus, for IDE devices -
	2 * bus_number + position_on_bus.
	This patch fixes mapping from libvirt's disk->info.addr.drive
	to parallels's 'StackIndex'.

	parallels: set format for real disk devices
	It seems file format is usually specified event for
	real block devices. So report that file format is
	raw in virDomainGetXMLDesc and add checks for proper
	file format to prlsdkAddDisk.

	parallels: support NULL virDomainVideoAccelDefPtr
	NULL value of virDomainVideoAccelDefPtr means default
	values for video acceleration, so don't report error in
	this case.

2014-12-15  Luyao Huang  <lhuang@redhat.com>

	qemu: Auto generate a controller when attach hostdev and chr device
	https://bugzilla.redhat.com/show_bug.cgi?id=1174154
	When we use attach-device add a hostdev or chr device which have a
	iscsi address or others (just like guest agent, subsys iscsi disk...),
	we will find there is no basic controller for our new attached device.
	Somtimes this will make guest cannot start after we add them (although
	they can start at the second time).

2014-12-15  Laine Stump  <laine@laine.org>

	qemu: add/remove bridge fdb entries as guest CPUs are started/stopped
	When libvirt is managing a bridge's forwarding database (FDB)
	(macTableManager='libvirt'), if we add FDB entries for a new guest
	interface even before the qemu process is created, then in the case of
	a migration any other guest attached to the "destination" bridge will
	have its traffic immediately sent to the destination of the migration
	even while the source domain is still running (and the destination, of
	course, isn't). To make sure that traffic from other guests on the new
	host continues flowing to the old guest until the new one is ready, we
	have to wait until the new guest CPUs are started to add the FDB
	entries.
	Conversely, we need to remove the FDB entries from the bridge any time
	the guest CPUs are stopped; among other things, this will assure
	proper operation during a post-copy migration (which is just the
	opposite of the problem described in the previous paragraph).

2014-12-15  Wang Rui  <moon.wangrui@huawei.com>

	qemu: make persistent update of graphics device supported
	We can change vnc password by using virDomainUpdateDeviceFlags API with
	live flag. But it can't be changed with config flag. Error is reported as
	below.
	error: Operation not supported: persistent update of device 'graphics' is not supported
	This patch supports the graphics arguments changed with config flag.

	qemu: fix alignment of qemuDomainFindGraphics

	qemu: report properer error number when change graphics failed
	It's not supported to change some graphics arguments with '--live'.
	Replace some error code VIR_ERR_INTERNAL_ERROR and VIR_ERR_INVALID_ARG
	with VIR_ERR_OPERATION_UNSUPPORTED.

2014-12-15  Wei Liu  <wei.liu2@citrix.com>

	xenconfig: fix boot device parsing
	The original code always checked *boot which was in effect boot[0]. It
	should use boot[i].

2014-12-15  Luyao Huang  <lhuang@redhat.com>

	conf: fix virDomainLeaseIndex logic
	https://bugzilla.redhat.com/show_bug.cgi?id=1174096
	When both parameter have lockspaces present, virDomainLeaseIndex
	always returns -1 even there is a lease the same with the one we
	check. This is due to broken logic in 'if-else' statement.

2014-12-15  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Allow system pages to <memoryBacking/>
	https://bugzilla.redhat.com/show_bug.cgi?id=1173507
	It occurred to me that OpenStack uses the following XML when not using
	regular huge pages:
	  <memoryBacking>
	    <hugepages>
	      <page size='4' unit='KiB'/>
	    </hugepages>
	  </memoryBacking>
	However, since we are expecting to see huge pages only, we fail to
	startup the domain with following error:
	  libvirtError: internal error: Unable to find any usable hugetlbfs
	  mount for 4 KiB
	While regular system pages are not huge pages technically, our code is
	prepared for that and if it helps OpenStack (or other management
	applications) we should cope with that.

2014-12-15  Luyao Huang  <lhuang@redhat.com>

	conf: Fix libvirtd crash matching hostdev XML
	https://bugzilla.redhat.com/show_bug.cgi?id=1174053
	Introduced by commit id '17bddc46f' - fix a libvirtd crash when
	matching a network iscsi hostdev with a host iscsi hostdev.
	When we use attach-device to coldplug a network iscsi hostdev,
	libvirt will check if there is already a device in XML. But if
	the 'b' is a host iscsi hostdev and 'a' is a network iscsi hostdev,
	then libvirtd will crash in virDomainHostdevMatchSubsysSCSIiSCSI
	because 'b' doesn't have a hostname.
	Add a check in virDomainHostdevMatchSubsys, if the a's protocol
	and b's protocol is not the same.
	Following is the backtrace:
	0  0x00007f850d6bc307 in virDomainHostdevMatchSubsysSCSIiSCSI at conf/domain_conf.c:10889
	1  virDomainHostdevMatchSubsys at conf/domain_conf.c:10911
	2  virDomainHostdevMatch at conf/domain_conf.c:10973
	3  virDomainHostdevFind at conf/domain_conf.c:10998
	4  0x00007f84f6a10560 in qemuDomainAttachDeviceConfig at qemu/qemu_driver.c:7223
	5  qemuDomainAttachDeviceFlags at qemu/qemu_driver.c:7554

2014-12-15  Daniel P. Berrange  <berrange@redhat.com>

	fix typo in sanlock driver s/VIR_CONF_UONG/VIR_CONF_ULONG/
	fix typo introduced in previous commit

2014-12-15  Michal Privoznik  <mprivozn@redhat.com>

	virconf: Introduce VIR_CONF_ULONG
	https://bugzilla.redhat.com/show_bug.cgi?id=1160995
	In our config files users are expected to pass several integer values
	for different configuration knobs. However, majority of them expect a
	nonnegative number and only a few of them accept a negative number too
	(notably keepalive_interval in libvirtd.conf).
	Therefore, a new type to config value is introduced: VIR_CONF_ULONG
	that is set whenever an integer is positive or zero. With this
	approach knobs accepting VIR_CONF_LONG should accept VIR_CONF_ULONG
	too.

	virConfType: switch to VIR_ENUM_{DECL,IMPL}
	There's no need to implement ToString() function like we do if we
	can use our shiny macros.

	virConfSetValue: Simplify condition
	There's no need for condition of the following form:
	  if (str && STREQ(str, dst))
	since we have STREQ_NULLABLE macro that handles NULL cases.

2014-12-15  Erik Skultety  <eskultet@redhat.com>

	conf: move the check for secondary consoles of targetType serial
	For historical reasons, only the first <console> element might be of targetType
	serial, but we checked for other consoles of targetType serial in our post-parse
	callback if and only if we knew the first console was serial, otherwise
	the check was skipped.
	This patch moves the check one level up, so first
	the check for secondary console of type serial is performed and then the
	rest of operations continue unchanged.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1170092

2014-12-14  Laine Stump  <laine@laine.org>

	qemu: add a qemuInterfaceStopDevices(), called when guest CPUs stop
	We now have a qemuInterfaceStartDevices() which does the final
	activation needed for the host-side tap/macvtap devices that are used
	for qemu network connections. It will soon make sense to have the
	converse qemuInterfaceStopDevices() which will undo whatever was done
	during qemuInterfaceStartDevices().
	A function to "stop" a single device has also been added, and is
	called from the appropriate place in qemuDomainDetachNetDevice(),
	although this is currently unnecessary - the device is going to
	immediately be deleted anyway, so any extra "deactivation" will be for
	naught. The call is included for completeness, though, in anticipation
	that in the future there may be some required action that *isn't*
	nullified by deleting the device.
	This patch is a part of a more complete fix for:
	  https://bugzilla.redhat.com/show_bug.cgi?id=1081461

	qemu: always call qemuInterfaceStartDevices() when starting CPUs
	The patch that added qemuInterfaceStartDevices() (upstream commit
	82977058f5b1d143a355079900029e9cbfee2fe4) had an extra conditional to
	prevent calling it if the reason for starting the CPUs was
	VIR_DOMAIN_RUNNING_UNPAUSED or VIR_DOMAIN_RUNNING_SAVE_CANCELED.  This
	was put in by the author as the result of a reviewer asking if it was
	necessary to ifup the interfaces in *all* occasions (because these
	were the two cases where the CPU would have already been started (and
	stopped) once, so the interface would already be ifup'ed).
	It turns out that, as long as there is no corresponding
	qemuInterfaceStopDevices() to ifdown the interfaces anytime the CPUs
	are stopped, neglecting to ifup when reason is RUNNING_UNPAUSED or
	RUNNING_SAVE_CANCELED doesn't cause any problems (because it just
	happens that the interface will have already been ifup'ed by a prior
	call when the CPU was previously started for some other reason).
	However, it also doesn't *help*, and there will soon be a
	qemuInterfaceStopDevices() function which *will* ifdown these
	interfaces when the guest CPUs are stopped, and once that is done, the
	interfaces will be left down in some cases when they should be up (for
	example, if a domain is paused and then unpaused).
	So, this patch is removing the condition in favor of always calling
	qemuInterfaeStartDevices() when the guest CPUs are started.
	This patch (and the aforementioned patch) resolve:
	  https://bugzilla.redhat.com/show_bug.cgi?id=1081461

2014-12-13  Martin Kletzander  <mkletzan@redhat.com>

	qemu: avoid rare race when undefining domain
	When one domain is being undefined and at the same time started, for
	example, there is a possibility of a rare problem occuring.
	 - Thread 1 does virDomainUndefine(), has the lock, checks that the
	   domain is active and because it's not, calls
	   virDomainObjListRemove().
	 - Thread 2 does virDomainCreate() and tries to lock the domain.
	 - Thread 1 needs to lock domain list in order to remove the domain from
	   it, but must unlock domain first (proper order is to lock domain list
	   first and the domain itself second).
	 - Thread 2 grabs the lock, starts the domain and releases the lock.
	 - Thread 1 grabs the lock and removes the domain from list.
	With this patch:
	 - The undefining domain gets marked as "to undefine" before it is
	    unlocked.
	 - If domain is found in any of the search APIs, it's returned only if
	   it is not marked as "to undefine".  The check is done while the
	   domain is locked.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1150505

2014-12-13  Luyao Huang  <lhuang@redhat.com>

	conf: Ignore device address for model=none usb controller and memballon
	It make no sense at all to have it there.

2014-12-13  Martin Kletzander  <mkletzan@redhat.com>

	Post-release version bump for new dev cycle

2014-12-13  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.11
	- docs/news.html.in libvirt.spec.in: update for release
	- po/*.po*: updated localization and regenerated

2014-12-13  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Avoid getting '-1:-1' in devices cgroup list
	When calling virCgroupAllowAllDevices we get these invalid entries
	in the device cgroup config.
	    b -1:-1 rw
	    c -1:-1 rw
	Check for positive values before outputting the major and minor to
	avoid that.

2014-12-12  Luyao Huang  <lhuang@redhat.com>

	conf: goto error when value of max_sectors is too large
	Output error when we try to set a too large max_sectors.
	Just like queues and cmd_per_lun here.

2014-12-11  Ján Tomko  <jtomko@redhat.com>

	Ignore CPU features without a model for host-passthrough
	This fixes reverting to snapshots created by older libvirt
	and allows libvirt not to lose track of a domain that
	has this in its live status XML (such as a domain
	restored from managedsave)
	https://bugzilla.redhat.com/show_bug.cgi?id=1030793
	https://bugzilla.redhat.com/show_bug.cgi?id=1151885

	Do not format CPU features without a model
	For host-passthrough CPU we don't honor the CPU
	features specified in the XML, but we allow
	outputting them via the UPDATE_CPU flag for dumpxml,
	this gives user a rough idea of what features the CPU
	might have.
	After restoring a managedsave'd domain, the features
	might end up in the live status XML (in /var/run) without
	the model. This XML cannot be parsed by the daemon after
	restart and the domain might disappear.
	This fix skips formatting the features for HOST_PASSTHROUGH
	when UPDATE_CPU is not specified, so the newly restored domains
	and newly created snapshots won't be affected.
	Note: this doesn't fix existing snapshots or already restored
	running domains.
	https://bugzilla.redhat.com/show_bug.cgi?id=1030793
	https://bugzilla.redhat.com/show_bug.cgi?id=1151885

	Fix build on mingw
	Add missing ATTRIBUTE_UNUSED markers.

2014-12-11  Francesco Romani  <fromani@redhat.com>

	qemu: bulk stats: Fix logic in monitor handling
	A logic bug in qemuConnectGetAllDomainStats makes the code mark the
	monitor as available when qemuDomainObjBeginJob fails, instead of when
	it succeeds, as the correct flow requires.
	This patch fixes the check and updates the code documentation
	accordingly.
	Broken by commit 57023c0a3af4af1c547189c1f6712ed5edeb0c0b.

2014-12-11  Luyao Huang  <lhuang@redhat.com>

	dac: Add a new func to get DAC label of a running process
	When using qemuProcessAttach to attach a qemu process,
	the DAC label is not filled correctly.
	Introduce a new function to get the uid:gid from the system
	and fill the label.
	This fixes the daemon crash when 'virsh screenshot' is called:
	https://bugzilla.redhat.com/show_bug.cgi?id=1161831
	It also fixes qemu-attach after the prerequisite of this patch
	(commit f8c1fb3) was pushed out of order.

2014-12-11  Matthew Rosato  <mjrosato@linux.vnet.ibm.com>

	network: Bring netdevs online later
	Currently, MAC registration occurs during device creation, which is
	early enough that, during live migration, you end up with duplicate
	MAC addresses on still-running source and target devices, even though
	the target device isn't actually being used yet.
	This patch proposes to defer MAC registration until right before
	the guest can actually use the device -- In other words, right
	before starting guest CPUs.

2014-12-10  John Ferlan  <jferlan@redhat.com>

	virsh.pod: Fix typo
	Commit id 'c9ffd3ea9e' updated the descriptions, but pointed at the
	wrong place for the pool-define-as (it should have been pool-create-as)

2014-12-10  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc: give RW access to /proc/sys/net/ipv[46] to containers
	Some programs want to change some values for the network interfaces
	configuration in /proc/sys/net/ipv[46] folders. Giving RW access on them
	allows wicked to work on openSUSE 13.2+.
	Reusing the lxcNeedNetworkNamespace function to tell
	lxcContainerMountBasicFS if the netns is disabled. When no netns is
	set up, then we don't mount the /proc/sys/net/ipv[46] folder RW as
	these would provide full access to the host NICs config.

2014-12-10  John Ferlan  <jferlan@redhat.com>

	viriscsi: Need to sendtargets on Initiator IQN
	https://bugzilla.redhat.com/show_bug.cgi?id=1172015
	The refactoring done as part of commit id '59446096' caused a regression
	for the multi initiator IQN commit '6aabcb5b' because the sendtargets was
	not done on/for the initiator IQN prior to login (or trying to disable
	autologin)
	Prior to that commit, the paths were essentially
	virStorageBackendISCSIStartPool
	    virStorageBackendISCSILogin
	        virStorageBackendISCSIConnection
	            if initiatoriqn
	                virStorageBackendCreateIfaceIQN
	                Issue sendtargets
	                Perform --login
	            else
	                Issue sendtargets
	                Perform --login
	After that commit:
	virStorageBackendISCSIStartPool
	    Issue sendtargets
	    Call virStorageBackendISCSIConnection
	        If initiatoriqn
	            virStorageBackendCreateIfaceIQN
	            Perform --login
	        else
	            Perform --login
	So for non initiator IQN paths, nothing changed. For the initiator path,
	the --login fails as does any attempts to change autologin via "--op update
	--name node.startup --value manual".

	docs: Fix typo in path for storage pool

2014-12-10  Martin Kletzander  <mkletzan@redhat.com>

	conf: Ignore device address for guestfwd channel
	It make no sense at all to have it there.

2014-12-10  Wang Rui  <moon.wangrui@huawei.com>

	maint: clean up the unused variable 'caps' in src/qemu/qemu_*.c

2014-12-10  Hao Liu  <hliu@redhat.com>

	docs: Fix missing curly braces

	storage: Check stderr when matching parted output
	In old version of parted like parted-2.1-25, error message is shown in
	stdout when printing a disk info without disk label.
	    Error: /dev/sda: unrecognised disk label
	This line has been moved to stderr in newer version of parted. So we
	should check both stdout and stderr when locating this message.
	This should fix bug:
	    https://bugzilla.redhat.com/show_bug.cgi?id=1172468

2014-12-10  Martin Kletzander  <mkletzan@redhat.com>

	CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats()
	When user doesn't have read access on one of the domains he requested,
	the for loop could exit abruptly or continue and override pointer which
	pointed to locked object.
	This patch fixed two issues at once.  One is that domflags might have
	had QEMU_DOMAIN_STATS_HAVE_JOB even when there was no job started (this
	is fixed by doing domflags |= QEMU_DOMAIN_STATS_HAVE_JOB only when the
	job was acquired and cleaning domflags on every start of the loop.
	Second one is that the domain is kept locked when
	virConnectGetAllDomainStatsCheckACL() fails and continues the loop when
	it didn't end.  Adding a simple virObjectUnlock() and clearing the
	pointer ought to do.

2014-12-10  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: report proper error in Create/Destroy/Suspend e.t.c.
	If we want to perform some operation and domain state is not suitable
	for that operation, we should report error VIR_ERR_OPERATION_INVALID.

	parallels: fix getJobResultHelper
	When PrlJob_GetRetCode sets second argument to
	error value it means sdk function failed and we
	must return error from getJobResultHelper.

	parallels: return PRL_RESULT from waitJob and getJobResult
	Return error code, returned by parallels SDK from
	waitJob and getJobResult, so that caller can handle
	different errors.

	parallels: implement domainUndefine and domainUndefineFlags

	parallels: add cdroms support
	Get cdrom devices list from parallels server in
	prlsdkLoadDomains and add ability to define a domain
	with cdroms.

2014-12-10  Alexander Burluka  <aburluka@parallels.com>

	parallels: Add domainCreateWithFlags() function.
	domainCreateWithFlags function is used by OpenStack/Nova to boot
	an instance.

	parallels: added function virDomainIsActive()
	That function is necessary for proper domain removal
	in openstack/nova.

2014-12-10  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: refactor parallelsDomainDefineXML
	First, we don't need to call prlsdkApplyConfig after
	creating new VM or containers, because it's done in
	functions prlsdkCreateVm and prlsdkCreateCt.
	No need to check, if domain exists in the list after
	prlsdkAddDomain.
	Also organize code, so that we can call virObjectUnlock
	in one place.

	parallels: create VMs and containers with sdk
	This patch replaces code, which creates domains by
	running prlctl command.
	prlsdkCreateVm/Ct will do prlsdkApplyConfig, because
	we send request to the server only once in this case.
	But prlsdkApplyConfig will be called also from
	parallelsDomainDefineXML function. There is no problem with
	it, parallelsDomainDefineXML will be refactored later.

	parallels: rewrite parallelsApplyConfig with SDK
	Rewrite code, which applies domain configuration given
	to virDomainDefineXML function to the VM of container
	registered in PCS.
	This code first check if there are unsupported parameters
	in domain XML and if yes - reports error. Some of such
	parameters are not supported by PCS, for some - it's not
	obvious, how to convert them into PCS's corresponding params,
	so let's put off it, and implement only basic params in
	this patch.

	parallels: reimplement functions, which change domain state
	Change domain state using parallels SDK functions instead of
	prlctl command.
	We don't need to send events from these functions now, becase
	events handler will send them. But we still need to update
	virDomainObj in privconn->domains.

2014-12-10  Alexander Burluka  <aburluka@parallels.com>

	parallels: handle events from parallels server
	Subscribe to events from parallels server. It's
	needed for 2 things: to update cached domains list
	and to send corresponding libvirt events.
	Parallels server sends a lot of different events, in
	this patch we handle only some of them. In the future
	we can handle for example, changes in a host network
	configuration or devices states.

2014-12-10  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: move parallelsDomNotFoundError to parallels_utils.h
	Move macro parallelsDomNotFoundError to file parallels_utils.h, because
	it will be used in parallels_sdk.c.

2014-12-10  Alexander Burluka  <aburluka@parallels.com>

	parallels: get domain info with SDK
	Obtain information about domains using parallels sdk instead of prlctl.
	prlsdkLoadDomains functions behaves as former parallelsLoadDomains with
	NULL as second parameter (name) - it fills parallelsConn.domains list.
	prlsdkLoadDomain is now able to update specified domain by given
	virDomainObjPtr.

2014-12-10  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: move IS_CT macro to parallels_utils.h
	This macro will be used in paralles_sdk.c so move it to common header.

2014-12-10  Guido Günther  <agx@sigxcpu.org>

	define NTF_{SELF,MASTER} if undefined
	Older kernel headers lack this definition (e.g. Debian Wheezy's 3.2)

2014-12-09  John Ferlan  <jferlan@redhat.com>

	security: Manage SELinux labels on shared/readonly hostdev's
	https://bugzilla.redhat.com/show_bug.cgi?id=1082521
	Support for shared hostdev's was added in a number of commits, initially
	starting with 'f2c1d9a80' and most recently commit id 'fd243fc4' to fix
	issues with the initial implementation.  Missed in all those changes was
	the need to mimic the virSELinux{Set|Restore}SecurityDiskLabel code to
	handle the "shared" (or shareable) and readonly options when Setting
	or Restoring the SELinux labels.
	This patch will adjust the virSecuritySELinuxSetSecuritySCSILabel to not
	use the virSecuritySELinuxSetSecurityHostdevLabelHelper in order to set
	the label. Rather follow what the Disk code does by setting the label
	differently based on whether shareable/readonly is set.  This patch will
	also modify the virSecuritySELinuxRestoreSecuritySCSILabel to follow
	the same logic as virSecuritySELinuxRestoreSecurityImageLabelInt and not
	restore the label if shared/readonly

	tests: Fix sharable typo

2014-12-09  Luyao Huang  <lhuang@redhat.com>

	conf: forbid negative number in address(like controller, bus, slot...)
	https://bugzilla.redhat.com/show_bug.cgi?id=1171582
	When we edit a negative controller address number to a device,
	some of them will auto generate a controller with invalid index
	number. This will make guest disappear after restart libvirtd.
	Instead of allowing negative number for controller index, we
	should forbid negative number in these place (we did this before,
	but after f18c02ec, virStrToLong_ui changed to allow negative
	number). Therefore switch to virStrToLong_uip in these places.

2014-12-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Unlock vm on failed ACL check in protocol v2 APIs
	Avoid leaving the domain locked on a failed ACL check in
	qemuDomainMigratePerform() and qemuDomainMigrateFinish2().
	Introduced in commit abf75aea247e (Add ACL checks into the QEMU driver).

2014-12-09  Martin Kletzander  <mkletzan@redhat.com>

	docs: Fix simple typo s/ a API/ an API/

	build: Move check for XML::XPath into bootstrap
	The module XML::XPath is needed when building from git only (no need to
	have it when building from tarball), so this patch moves the check from
	specfile into bootstrap.conf.

2014-12-09  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Several portability changes, but the one we are most interested in
	is the improvement to bootstrap to detect perl modules.
	This patch doesn't actually change our bootstrap requirements
	(that will be a separate patch), but sets the stage for it.
	* .gnulib: Update to latest.
	* bootstrap: Regenerate from upstream.

	build: fix mingw printing of pid
	Commit c75425734 introduced a compilation failure:
	../../src/access/viraccessdriverpolkit.c: In function 'virAccessDriverPolkitCheck':
	../../src/access/viraccessdriverpolkit.c:137:5: error: format '%d' expects argument of type 'int', but argument 9 has type 'pid_t' [-Werror=format=]
	     VIR_DEBUG("Check action '%s' for process '%d' time %lld uid %d",
	     ^
	Since mingw pid_t is 64 bits, it's easier to just follow what we've
	done elsewhere and cast to a large enough type when printing pids.
	* src/access/viraccessdriverpolkit.c (virAccessDriverPolkitCheck):
	Add cast.

	build: fix unused variable in mingw
	Bug introduced in commit 100b7a72a:
	util/virnetdevbridge.c: In function 'virNetDevBridgePortSetLearning':
	util/virnetdevbridge.c:359:38: error: unused parameter 'enable' [-Werror=unused-parameter]
	                                bool enable)
	                                      ^
	* src/util/virnetdevbridge.c (virNetDevBridgePortSetLearning): Mark
	unused variable.

2014-12-09  Kyle DeFrancia  <kdef@linux.vnet.ibm.com>

	network: don't allow multiple dhcp sections
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=907779
	A <dhcp> element can exist in only one IPv4 address and one IPv6
	address per network.  This patch enforces that in virNetworkUpdate.

2014-12-09  Laine Stump  <laine@laine.org>

	lxc: always use virDomainNetGetActualBridgeName to get interface's bridge
	lxcProcessSetupInterfaces() used to have a special case for
	actualType='network' (a network with forward mode of route, nat, or
	isolated) to call the libvirt public API to retrieve the bridge being
	used by a network. That is no longer necessary - since all network
	types that use a bridge and tap device now get the bridge name stored
	in the ActualNetDef, we can just always use
	virDomainNetGetActualBridgeName() instead.

	qemu: always use virDomainNetGetActualBridgeName to get interface's bridge
	qemuNetworkIfaceConnect() used to have a special case for
	actualType='network' (a network with forward mode of route, nat, or
	isolated) to call the libvirt public API to retrieve the bridge being
	used by a network. That is no longer necessary - since all network
	types that use a bridge and tap device now get the bridge name stored
	in the ActualNetDef, we can just always use
	virDomainNetGetActualBridgeName() instead.
	(an audit of the two callers to qemuNetworkIfaceConnect() confirms
	that it is never called for any other type of network, so the dead
	code in the else statement (logging an internal error if it is called
	for any other type of network) is eliminated in the process.)

	qemu: setup tap devices for macTableManager='libvirt'
	When libvirt is managing the MAC table of a Linux host bridge, it must
	turn off learning and unicast_flood for each tap device attached to
	that bridge, then add a Forwarding Database (fdb) entry for the tap
	device using the MAC address from the domain interface config.
	Once we have disabled learning and flooding, any packet that has a
	destination MAC address not present in the fdb will be dropped by the
	bridge. This, along with the opportunistic disabling of promiscuous
	mode[*], can result in enhanced network performance. and a potential
	slight security improvement.
	[*] If there is only one device on the bridge with learning/unicast_flood
	enabled, then that device will automatically have promiscuous mode
	disabled. If there are *no* devices with learning/unicast_flood
	enabled (e.g. for a libvirt "route", "nat", or isolated network that
	has no physical device attached), then all non-tap devices will have
	promiscuous mode disabled (tap devices always have promiscuous mode
	enabled, which may be a bug in the kernel, but in practice has 0
	effect).
	None of this has any effect for kernels prior to 3.15 (upstream kernel
	commit 2796d0c648c940b4796f84384fbcfb0a2399db84 "bridge: Automatically
	manage port promiscuous mode"). Even after that, until kernel 3.17
	(upstream commit 5be5a2df40f005ea7fb7e280e87bbbcfcf1c2fc0 "bridge: Add
	filtering support for default_pvid") traffic will not be properly
	forwarded without manually adding vlan table entries. Unfortunately,
	although the presence of the first patch is signalled by existence of
	the "learning" and "unicast_flood" options in sysfs, there is no
	reliable way to query whether or not the system's kernel has the
	second of those patches installed, the only thing that can be done is
	to try the setting and see if traffic continues to pass.

	network: setup bridge devices for macTableManager='libvirt'
	When the bridge device for a network has macTableManager='libvirt' the
	intent is that all kernel management of the bridge's MAC table
	(Forwarding Database, or fdb, in the case of a Linux Host Bridge) be
	disabled, with libvirt handling updates to the table instead. The
	setup required for the bridge itself is:
	1) set the "vlan_filtering" property of the bridge device to 1.
	2) If the bridge has a "Dummy" tap device used to set a fixed MAC
	address on the bridge (which is always the case for a bridge created
	by libvirt, and never the case for a bridge created by the host system
	network config), turn off learning and unicast_flood on this tap (this
	is needed even though this tap is never IFF_UP, because the kernel
	ignores the IFF_UP flag of devices when using their settings to
	automatically decide whether or not to turn off promiscuous mode for
	any attached device).
	(1) is done both for libvirt-created/managed bridges, and for bridges
	that are created by the host system config, while (2) is done only for
	bridges created by libvirt (i.e. for forward modes of nat, routed, and
	isolated bridges)
	There is no attempt to turn vlan_filtering off when destroying the
	network because in the case of a libvirt-created bridge, the bridge is
	about to be destroyed anyway, and in the case of a system bridge, if
	the other devices attached to the bridge could operate properly before
	destroying libvirt's network object, they will continue to operate
	properly (this is similar to the way that libvirt will enable
	ip_forwarding whenever a routed/natted network is started, but will
	never attempt to disable it if they are stopped).

	network: store network macTableManager setting in NetDef actual object
	At the time that the network driver allocates a connection to a
	network, the tap device that will be used hasn't yet been created -
	that will be done later by qemu (or lxc or whoever) - but if the
	network has macTableManager='libvirt', then when we do get around to
	creating the tap device, we will need to add an entry for it to the
	network bridge's fdb (forwarding database) *and* turn off learning and
	unicast_flood for that tap device in the bridge's sysfs settings. This
	means that qemu needs to know both the bridge name as well as the
	setting of macTableManager, so we either need to create a new API to
	retrieve that info, or just pass it back in the ActualNetDef that is
	created during networkAllocateActualDevice. We choose the latter
	method, since it's already done for the bridge device, and it has the
	side effect of making the information available in domain status.
	(NB: in the future, I think that the tap device should actually be
	created by networkAllocateActualDevice(), as that will solve several
	other problems, but that is a battle for another day, and this
	information will still be useful outside the network driver)

	network: save bridge name in ActualNetDef when actualType==network too
	When the actualType of a virDomainNetDef is "network", it means that
	we are connecting to a libvirt-managed network (routed, natted, or
	isolated) which does use a bridge device (created by libvirt). In the
	past we have required drivers such as qemu to call the public API to
	retrieve the bridge name in this case (even though it is available in
	the NetDef's ActualNetDef if the actualType is "bridge" (i.e., an
	externally-created bridge that isn't managed by libvirt). There is no
	real reason for this difference, and as a matter of fact it
	complicates things for qemu. Also, there is another bridge-related
	attribute (macTableManager) that will need to be available in both
	cases, so this makes things consistent.
	In order to avoid problems when restarting libvirtd after an update
	from an older version that *doesn't* store the network's bridgename in
	the ActualNetDef, we also need to put it in place during
	networkNotifyActualDevice() (this function is run for each interface
	of each domain whenever libvirtd is restarted).
	Along with making the bridge name available in the internal object, it
	is also now reported in the <source> element of the <interface> state
	XML (or the <actual> subelement in the internally-stored format).
	The one oddity about this change is that usually there is a separate
	union for every different "type" in a higher level object (e.g. in the
	case of a virDomainNetDef there are separate "network" and "bridge"
	members of the union that pivots on the type), but in this case
	network and bridge types both have exactly the same attributes, so the
	"bridge" member is used for both type==network and type==bridge.

	conf: new network bridge device attribute macTableManager
	The macTableManager attribute of a network's bridge subelement tells
	libvirt how the bridge's MAC address table (used to determine the
	egress port for packets) is managed. In the default mode, "kernel",
	management is left to the kernel, which usually determines entries in
	part by turning on promiscuous mode on all ports of the bridge,
	flooding packets to all ports when the correct destination is unknown,
	and adding/removing entries to the fdb as it sees incoming traffic
	from particular MAC addresses.  In "libvirt" mode, libvirt turns off
	learning and flooding on all the bridge ports connected to guest
	domain interfaces, and adds/removes entries according to the MAC
	addresses in the domain interface configurations. A side effect of
	turning off learning and unicast_flood on the ports of a bridge is
	that (with Linux kernel 3.17 and newer), the kernel can automatically
	turn off promiscuous mode on one or more of the bridge's ports
	(usually only the one interface that is used to connect the bridge to
	the physical network). The result is better performance (because
	packets aren't being flooded to all ports, and can be dropped earlier
	when they are of no interest) and slightly better security (a guest
	can still send out packets with a spoofed source MAC address, but will
	only receive traffic intended for the guest interface's configured MAC
	address).
	The attribute looks like this in the configuration:
	  <network>
	    <name>test</name>
	    <bridge name='br0' macTableManager='libvirt'/>
	    ...
	This patch only adds the config knob, documentation, and test
	cases. The functionality behind this knob is added in later patches.

	util: functions to manage bridge fdb (forwarding database)
	These two functions use netlink RTM_NEWNEIGH and RTM_DELNEIGH messages
	to add and delete entries from a bridge's fdb. The bridge itself is
	not referenced in the arguments to the functions, only the name of the
	device that is attached to the bridge (since a device can only be
	attached to one bridge at a time, and must be attached for this
	function to make sense, the kernel easily infers which bridge's fdb is
	being modified by looking at the device name/index).

	util: new functions for setting bridge and bridge port attributes
	These functions all set/get items in the sysfs for a bridge device.

2014-12-09  Eric Blake  <eblake@redhat.com>

	getstats: add block.n.path stat
	I'm about to make block stats optionally more complex to cover
	backing chains, where block.count will no longer equal the number
	of <disks> for a domain.  For these reasons, it is nicer if the
	statistics output includes the source path (for local files).
	This patch doesn't add anything for network disks, although we
	may decide to add that later.
	With this patch, I now see the following for the same domain as
	in the previous patch (one qcow2 file, and an empty cdrom drive):
	$ virsh domstats --block foo
	Domain: 'foo'
	  block.count=2
	  block.0.name=hda
	  block.0.path=/var/lib/libvirt/images/foo.qcow2
	  block.1.name=hdc
	* src/libvirt-domain.c (virConnectGetAllDomainStats): Document
	new field.
	* tools/virsh.pod (domstats): Document new field.
	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Return the new
	stat for local files/block devices.
	(QEMU_ADD_NAME_PARAM): Add parameter.
	(qemuDomainGetStatsInterface): Update caller.

	getstats: start giving offline block stats
	I noticed that for an offline domain, 'virsh domstats --block $dom'
	was producing just the domain name, with no stats.  But the older
	'virsh domblkinfo' works just fine on offline domains.  This patch
	starts to get us closer, by at least reporting the disk names for
	an offline domain.
	With this patch, I now see the following for an offline domain
	with one qcow2 disk and an empty cdrom drive:
	$ virsh domstats --block foo
	Domain: 'foo'
	  block.count=2
	  block.0.name=hda
	  block.1.name=hdc
	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Don't short-circuit
	output of block name.

	getstats: improve documentation
	At least with 'virsh domstats --block' on an offline domain, we
	currently output no stats even though we recognize the stat
	category.  Although a later patch will improve this situation,
	it is better to document that this is expected behavior.
	Also, while the current implementation rejects filtering flags
	for virDomainListGetStats, this limitation may be lifted in the
	future and we do not enforce it at the API level.
	* src/libvirt-domain.c (virConnectGetAllDomainStats): Document
	that recognized stats might not be reported.
	(virDomainListGetStats): Likewise, and tweak filtering documentation.

	getstats: avoid memory leak on OOM
	qemuDomainGetStatsBlock() could leak a stats hash table if it
	encountered OOM while populating the virTypedParameters.
	Oddly, the fix doesn't even touch qemuDomainGetStatsBlock :)
	* src/qemu/qemu_driver.c (QEMU_ADD_COUNT_PARAM)
	(QEMU_ADD_NAME_PARAM): Don't return early.
	(qemuDomainGetStatsInterface): Adjust caller.

2014-12-08  Christophe Fergeau  <cfergeau@redhat.com>

	docs: Use gender-neutral pronoun in hacking.html.in
	Use 'they' instead of 'he'.

2014-12-08  Martin Kletzander  <mkletzan@redhat.com>

	rpc: Report proper close reason
	Whenever client socket was marked as closed for some reason, it could've
	been changed when really closing the connection.  With this patch the
	proper reason is kept since the first time it's marked as closed.

	virsh: Don't reconnect after the command when disconnected
	Each command that needs a connection causes a new connection to be
	made.  Reconnecting after a command failed is pointless, mainly when
	there is no other command to run.  Removeing three lines of code takes
	care of that and keeps virsh working as it should.

2014-12-08  Peter Krempa  <pkrempa@redhat.com>

	storage: Fix printing/casting of uid_t/gid_t
	Other parts of libvirt use "%u" for formatting uid/gid and typecast to
	unsigned int. Storage driver used the signed variant.

2014-12-06  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	docs: network: fix some trivial typos in docs/formatnetwork.html
	this patch fix some weird typos:
	   1. < hostdev>     => <hostdev>
	   2. < type>        => <type>
	   3. <virtualport > => <virtualport>
	   4. redundant comma
	   5. missing right-half bracket

2014-12-06  John Ferlan  <jferlan@redhat.com>

	virsh: Add adapter options for pool-{create|define}-as
	Add the optional adapter options for pool create/define.  Results in
	either:
	<adapter type='scsi_host' name='scsi_host2'/>
	or (on one line)
	<adapter type='fc_host' parent='scsi_host5'
	         wwnn='20000000c9831b4b' wwpn='10000000c9831b4b'/>
	being generated.

	virsh: Add auth options for pool-{create|define}-as
	Add 3 new optional options for the pool-create-as and pool-define-as
	command in order to define the 3 elements required in order to add
	an auth element, such as:
	<auth type='chap' username='myuser'>
	  <secret usage='libvirtiscsi'/>
	</auth>

	virsh.pod: Fix the pool-define-as and pool-create-as description
	Properly format the options and provide meaningful descriptions for
	the various options.

	docs: Fix a couple of typos on the storage pool html
	Fix format of the secret XML in the example. The XML had an extraneous
	"type='iscsi'" (which is used by the <disk> definitions)
	The world wide node name had a typo in the acronym (wwwn).

2014-12-05  Erik Skultety  <eskultet@redhat.com>

	util: check for an illegal character in a XML namespace prefix
	When user tries to insert element metadata providing a namespace
	declaration as well, currently we insert the element without any validation
	check for XML prefix (if provided). The next VM start would then
	fail with parse error. This patch fixes this issue by adding a call to
	xmlValidateNCName function to check for illegal characters in the
	prefix.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1143921

2014-12-05  Daniel P. Berrange  <berrange@redhat.com>

	Report original error when QMP probing fails with new QEMU
	If probing capabilities via QMP fails, we now have a check
	that prevents us falling back to -help parsing. Unfortunately
	the error message
	  "Failed to probe capabilities for /usr/bin/qemu-kvm:
	   unsupported configuration: QEMU 2.1.2 is too new for help parsing"
	is proving rather unhelpful to the user. We need to be telling
	them why QMP failed (the root cause), rather than they can't
	use -help (the side effect).
	To do this we should capture stderr during QMP probing, and
	if -help parsing then sees a new QEMU version, we know that
	QMP should have worked, and so we can show the messages from
	stderr. The message thus becomes
	  "Failed to probe capabilities for /usr/bin/qemu-kvm:
	   internal error: QEMU / QMP failed: Could not access
	   KVM kernel module: No such file or directory
	   failed to initialize KVM: No such file or directory"

2014-12-05  Shanzhi Yu  <shyu@redhat.com>

	qemu: snapshot: Forbid internal snapshot with passthrough devices
	When attempting to create internal system checkpoint with a passthrough
	device qemu will report the following error:
	error: operation failed: Error -22 while writing VM
	This patch calls the function to check if migration is possible with
	given VM and thus improves the error to:
	error: Requested operation is not valid: domain has assigned non-USB host devices
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=874418#c19

2014-12-05  Peter Krempa  <pkrempa@redhat.com>

	storage: backend: Log uid/gid when initializing storage file backend
	To ease debugging permission problems add uid/gid values to the debug
	message when initializing a storage file backend.

2014-12-05  Michal Privoznik  <mprivozn@redhat.com>

	networkValidate: Disallow bandwidth in portgroups too
	https://bugzilla.redhat.com/show_bug.cgi?id=1115292
	In one of the previous commits (eafb53fe) we disallowed
	network-wide bandwidth to some network types. However, we
	forgot about <portgroups/> which can have <bandwidth/> too.

2014-12-04  Cole Robinson  <crobinso@redhat.com>

	docs: storage: fix rbd pool indentation

2014-12-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Avoid uninitialized use two vars when reconnecting to vm
	3ecebf07110ca8d3413072557f29137943e848e3 breaks the build as it adds a
	way to jump to cleanup before the 'cfg' object is retrieved and 'priv'
	is initialized.

2014-12-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of whitespae in preprocessor macros for API generator
	The apibuild.py script did not handle whitespace in preprocessor
	macros, so it failed to detect constants declared with '# define'
	instead of '#define'. Since we now correctly indent our public
	header files, we have silently lost all constants from
	libvirt-api.xml. This also caused us to not detect formatting
	errors in constant docs

2014-12-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Refactor reconnecting to qemu processes
	Move entering the job into the thread to simplify the program flow. Also
	as the code holds a separate reference to the domain object some
	conditions can be simplified.
	After this patch qemuDomainObjTransferJob is no longer needed so this
	patch removes it.

2014-12-04  Ian Campbell  <ian.campbell@citrix.com>

	docs: Create html documentation even if XHTML1 DTD is not available to validate
	On a Debian system lacking the w3c-dtd-xhtml package the build fails
	with:
	        $ make -C docs/ formatcaps.html
	        make: Entering directory '/local/scratch/ianc/devel/libvirt.git/docs'
	        Generating formatcaps.html.tmp
	        I/O error : Attempt to load network entity http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd
	        formatcaps.html.in:2: warning: failed to load external entity "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
	        C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
	                                                                                       ^
	        I/O error : Attempt to load network entity http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd
	        ../docs/sitemap.html.in:2: warning: failed to load external entity "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
	        C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
	                                                                                       ^
	        missing XHTML1 DTD
	        rm formatcaps.html.tmp
	        make: Leaving directory '/local/scratch/ianc/devel/libvirt.git/docs'
	        $ ls docs/formatcaps*
	        docs/formatcaps.html.in
	https://www.redhat.com/archives/libvir-list/2009-November/msg00413.html
	suggests that the XHTML1 DTD should not be a hard requirement and the
	docs should be generated but not validated if it is not available.
	Therefore when the DTD is not available arrange for the .html.tmp file
	to be propagated to the .html output.
	Cc: Daniel Veillard <veillard@redhat.com>

2014-12-04  Martin Kletzander  <mkletzan@redhat.com>

	tests: Fix misplaced parenthesis in qemumonitorjsontest
	When trying clang, it found out that we were comparing sizeof with 0
	even though we wanted to check the return value of memcmp.  That showed
	us that the test was wrong and it needs a fix as well.

2014-12-04  Conrad Meyer  <cse.cem@gmail.com>

	drvbhyve: Automatically tear down guest domains on shutdown
	Reboot requires more sophistication and is left as a future work item --
	but at least part of the plumbing is in place.

2014-12-04  Erik Skultety  <eskultet@redhat.com>

	qemu: Fix virsh freeze when blockcopy storage file is removed
	If someone removes blockcopy storage file when still in mirroring phase
	and then requesting blockjob abort using pivot, virsh cmd freezes. This
	is not an issue with older qemu versions which did not support
	asynchronous jobs (which we prefer by default).
	As we have reached the mirroring phase successfully, polling monitor for
	blockjob info always returns 1 and the loop never ends.
	This fix introduces a check for qemuDomainBlockPivot return code, possibly
	skipping the asynchronous waiting completely, if an error occurred and
	asynchronous waiting was the preferred method.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1139567

2014-12-04  John Ferlan  <jferlan@redhat.com>

	docs: More html/docs changes from libvirt.h.in split
	This changes the display from:
	libvirt-storage: APIs for management of storages
	to
	libvirt-storage: APIs for management of storage pools and volumes
	In making that change I expected my build tree html output to be
	regenerated; however, it wasn't because the dependency for the separated
	libvirt-storage.h wasn't there.  It was only present for libvirt.h.in
	So I added each in the order displayed on the docs/html/index.html page

2014-12-04  Pavel Hrdina  <phrdina@redhat.com>

	cpu: fix possible crash in getModels
	Commit 86a15a25 introduced a new cpu driver API 'getModels'. Public API
	allow you to pass NULL for models to get only number of existing models.
	However the new code will crash with segfault so we have to count with
	the possibility that the user wants only the number.
	There is also difference in order of the models gathered by this new API
	as the old approach was inserting the elements to the end of the array
	so we should use 'VIR_APPEND_ELEMENT'.

2014-12-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Reload snapshots and managedsaves prior to reconnecting
	Reconnect to the VM is a possibly long-running job spawned in a separate
	thread. We should reload the snapshot defs and managedsave state prior
	to spawning the thread to avoid blocking of the daemon startup which
	would serialize on the VM lock.
	Also the reloading code would violate the domain job held while
	reconnecting as the loader functions don't create jobs.

	leaseshelper: Fix incorrect alignment of a switch case
	Introduced in ca6dbdd047d1ed691ccbae72556d85722a5f7a36

	leaseshelper: Skip entries missing expiry time on INIT action
	Coverity pointed out that in other places we always check the return
	value from virJSONValueObjectGetNumberLong() but not in the new addition
	in leaseshelper. To solve the issue and also be more robust in case
	somebody would corrupt the file, skip outputting of the lease entry in
	case the expiry time is missing.

2014-12-04  Luyao Huang  <lhuang@redhat.com>

	storage: fix crash caused by no check return before set close
	https://bugzilla.redhat.com/show_bug.cgi?id=1087104#c5
	When trying to use an invalid offset to virStorageVolUpload(), libvirt
	fails in virFDStreamOpenFileInternal(), although it seems libvirt does
	not check the return in storageVolUpload(), and calls
	virFDStreamSetInternalCloseCb() right after.  But stream doesn't have a
	privateData (is NULL) yet, and the daemon crashes then.
	0  0x00007f09429a9c10 in pthread_mutex_lock () from /lib64/libpthread.so.0
	1  0x00007f094514dbf5 in virMutexLock (m=<optimized out>) at util/virthread.c:88
	2  0x00007f09451cb211 in virFDStreamSetInternalCloseCb at fdstream.c:795
	3  0x00007f092ff2c9eb in storageVolUpload at storage/storage_driver.c:2098
	4  0x00007f09451f46e0 in virStorageVolUpload at libvirt.c:14000
	5  0x00007f0945c78fa1 in remoteDispatchStorageVolUpload at remote_dispatch.h:14339
	6  remoteDispatchStorageVolUploadHelper at remote_dispatch.h:14309
	7  0x00007f094524a192 in virNetServerProgramDispatchCall at rpc/virnetserverprogram.c:437

2014-12-03  Shanzhi Yu  <shyu@redhat.com>

	virsh: vol-upload disallow negative offset
	Commit 570d0f63 describes disabling negative offset usage for
	vol-upload/download (e.g. cmdVolDownload and cmdVolUpload; however,
	the change was only made to cmdVolDownload. There was no change to
	cmdVolUpload.  This patch adds the same checks for vol-upload.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1087104

2014-12-03  Peter Krempa  <pkrempa@redhat.com>

	network: dnsmasq: Don't format lease file path
	Now that we don't use the leases file at all for leases just don't
	format it into the config and use the leaseshelper to do all the
	lifting.

	leaseshelper: Refactor control flow
	Untangle a few conditions into a case statement and improve reporting of
	invaid commands.

2014-12-03  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	leaseshelper: improvements to support all events
	This patch enables the helper program to detect event(s) triggered when
	there is a change in lease length or expiry and client-id. This
	transfers complete control of leases database to libvirt and obsoletes
	use of the lease database file (<network-name>.leases). That file will
	not be created, read, or written.  This is achieved by adding the option
	--leasefile-ro to dnsmasq and passing a custom env var to leaseshelper,
	which helps us map events related to leases with their corresponding
	network bridges, no matter what the event be.
	Also, this requires the addition of a new non-lease entry in our custom
	lease database: "server-duid". It is required to identify a DHCPv6
	server.
	Now that dnsmasq doesn't maintain its own leases database, it relies on
	our helper program to tell it about previous leases and server duid.
	Thus, this patch makes our leases program honor an extra action: "init",
	in which it sends the known info in a particular format to dnsmasq
	by printing it to stdout.
	The drawback of this change is that upgrade to this new approach does
	not transfer the existing leases for the network if the leaseshelper
	wasn't already used.

2014-12-03  Daniel Hansel  <daniel.hansel@linux.vnet.ibm.com>

	cpu-driver: Fix the cross driver function call
	For Intel and PowerPC the implementation is calling a cpu driver
	function across driver layers (i.e. from qemu driver directly to cpu
	driver).
	The correct behavior is to use libvirt API functionality to perform such
	a inter-driver call.
	This patch introduces a new cpu driver API function getModels() to
	retrieve the cpu models. The currect implementation to process the
	cpu_map XML content is transferred to the INTEL and PowerPC cpu driver
	specific API functions.
	Additionally processing the cpu_map XML file is not safe due to the fact
	that the cpu map does not exist for all architectures. Therefore it is
	better to encapsulate the processing in the architecture specific cpu
	drivers.
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

2014-12-03  Michal Privoznik  <mprivozn@redhat.com>

	qemu_migration: Precreate missing storage
	Based on previous commit, we can now precreate missing volumes. While
	digging out the functionality from storage driver would be nicer, if
	you've seen the code it's nearly impossible. So I'm going from the
	other end:
	1) For given disk target, disk path is looked up.
	2) For the disk path, storage pool is looked up, a volume XML is
	constructed and then passed to virStorageVolCreateXML() which has all
	the knowledge how to create raw images, (encrypted) qcow(2) images,
	etc.
	One of the advantages of this approach is, we don't have to care about
	image conversion - qemu does that for us. So for instance, users can
	transform qcow2 into raw on migration (if the correct XML is passed to
	the migration API).

	qemu_migration: Send disk sizes to the other side
	Up 'til now, users need to precreate non-shared storage on migration
	themselves. This is not very friendly requirement and we should do
	something about it. In this patch, the migration cookie is extended,
	so that <nbd/> section does not only contain NBD port, but info on
	disks being migrated. This patch sends a list of pairs of:
	    <disk target; disk size>
	to the destination. The actual storage allocation is left for next
	commit.

	qemuMonitorJSONBlockStatsUpdateCapacity: Don't skip disks
	The function queries the block devices visible to qemu
	('query-block') and parses the qemu's output. The info is
	returned in a hash table which is expected to be pre-filled by
	qemuMonitorJSONGetAllBlockStatsInfo(). However, in the next patch
	we are not going to call the latter function at all, so we should
	make the former function add devices into the hash table if not
	found there.

	storage: Introduce storagePoolLookupByTargetPath
	While this could be exposed as a public API, it's not done yet as
	there's no demand for that yet. Anyway, this is just preparing
	the environment for easier volume creation on the destination.

2014-12-03  John Ferlan  <jferlan@redhat.com>

	Replace virDomainSnapshotFree with virObjectUnref
	Since virDomainSnapshotFree will call virObjectUnref anyway, let's just use
	that directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virInterfaceFree with virObjectUnref
	Since virInterfaceFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virNWFilterFree with virObjectUnref
	Since virNWFilterFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virSecretFree with virObjectUnref
	Since virSecretFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virStreamFree with virObjectUnref
	Since virStreamFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virStoragePoolFree with virObjectUnref
	Since virStoragePoolFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virStorageVolFree with virObjectUnref
	Since virStorageVolFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virNodeDeviceFree with virObjectUnref
	Since virNodeDeviceFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virNetworkFree with virObjectUnref
	Since virNetworkFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virDomainFree with virObjectUnref
	Since virDomainFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	rpc: Replace virXXXFree with virObjectUnref
	Modify the various virXXXFree calls to only call virObjectUnref. Calling
	the public API will reset the last error thus clearing out a pending error.

2014-12-02  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: fix compilation of parallels_storage.c
	virConnect.privateData is void *, so we can't access
	fields of parallelsConn, pointer to which is stored in
	virConnect.privateData. So replace all occurences of
	conn->privateData->storageState with privconn->storageState.

2014-12-02  Ján Tomko  <jtomko@redhat.com>

	Generate a MAC when loading a config instead of package update
	Partially reverts commit 5754dbd.
	The code in the specfile adds a MAC address to every <bridge>,
	even for <forward mode='bridge'> for which we don't support
	changing MAC addresses.
	Remove it completely. For new networks, we have been adding
	MAC addresses on definition/creation since the commit mentioned above.
	For existing networks (pre-0.9.0), the MAC is added by this commit.
	https://bugzilla.redhat.com/show_bug.cgi?id=1156367

	Silently ignore MAC in NetworkLoadConfig
	Libvirt's RPMs have been adding it to networks which don't support it.
	https://bugzilla.redhat.com/show_bug.cgi?id=1156367

2014-12-02  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.c: Move virDomainGetFSInfo to libvirt-domain.c
	Since our big split of libvirt.c there are only a few functions
	living there. The majority was moved to corresponding subfile,
	e.g. domain functions were moved to libvirt-domain.c. However,
	the patches for virDomainGetFSInfo() and virDomainFSInfoFree()
	introduction were posted prior the big split and merged after.
	This resulted in two domain functions landing in wrong file.
	Move them to the correct one.

2014-12-02  Pavel Hrdina  <phrdina@redhat.com>

	nwfilter: fix crash when adding non-existing nwfilter
	Adding non-existing nwfilter to a network interface device without any
	nwfilter specified will crash libvirt daemon with segfault. The reason is
	that the nwfilter is not found an libvirt will try to restore old
	nwfilter configuration but there is no nwfilter specified.

2014-12-02  Wang Rui  <moon.wangrui@huawei.com>

	conf: fix a comment typo in virDomainVideoDefaultRAM

2014-12-02  Laine Stump  <laine@laine.org>

	conf: replace call to virNetworkFree() with virObjectUnref()
	The function virNetworkObjListExport() in network_conf.c had a call to
	the public API virNetworkFree() which was causing a link error:
	CCLD     libvirt_driver_vbox_network_impl.la
	 ./.libs/libvirt_conf.a(libvirt_conf_la-network_conf.o): In function `virNetworkObjListExport':
	/home/laine/devel/libvirt/src/conf/network_conf.c:4496: undefined reference to `virNetworkFree'
	This would happen when I added
	  #include "network_conf.h"
	into domain_conf.h, then attempted to call a new function from that
	file (and enum converter, similar to virNetworkForwardTypeToString())
	In the end, virNetworkFree() ends up just calling virObjectUnref(obj)
	anyway (after clearing all pending errors, which we probably *don't*
	want to do in the cleanup of a utility function), so this is likely
	more correct than the original code as well.

2014-12-02  Martin Kletzander  <mkletzan@redhat.com>

	build, docs: Let make see the dependencies for html/*.html
	Make was not able to realize the dependencies for html/*.html files when
	running 'make -j9 dist'.  All the files are generated together with
	html/index.html, so simply separating them into another variable and
	adding one block into the dependency chain solves the issue.

	docs: Correct invalid hyperlinks
	Since libvirt.h was split into multiple files and similarly
	docs/libvirt-libvirt.html, docs/hvsupport.html have bad hyperlinks.  The
	same happens for all the html.in files that used <code class='docref'>
	tag, because page.xsl has no idea where to point the link that's found.

2014-12-02  Eduardo Costa  <eduardobmc@gmail.com>

	Fix race condition in qemuGetProcessInfo
	There is a race condition between the fopen and fscanf calls
	in qemuGetProcessInfo. If fopen succeeds, there is a small
	possibility that the file no longer exists before reading from it.
	Now, if either fopen or fscanf calls fail, the function will behave
	just as only fopen had failed.
	Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1169055

2014-12-02  John Ferlan  <jferlan@redhat.com>

	libxl: Resolve Coverity CHECKED_RETURN
	Commit id 'cb88d433' refactored the calling sequence to use a thread;
	however, in doing so "lost" the check for if virNetSocketAccept returns
	failure.  Since other code makes that check, Coverity complains. Although
	a false positive, adding back the failure check pacifies Coverity

	domain_conf: Resolve Coverity CHECKED_RETURN
	Commit id '0d36a5d05' modified the code slightly, but removed the
	return value check thus causing Coverity to complain that this call
	was the only one where the return value wasn't checked. Since nothing
	was done previously if there was a failure, just use ignore_value here
	to pacify Coverity

	virhook: Resolve Coverity NULL_RETURNS
	Coverity complains that many other callers to return err from
	virGetLastError() will check if err is not NULL before dereferencing
	it.  Just do the same here for safety.

	hotplug: Resolve Coverity FORWARD_NULL
	Coverity complained that because the cfg->macFilter call checked
	net->ifname != NULL before calling ebtablesRemoveForwardAllowIn, then
	the virNetDevOpenvswitchRemovePort call should have the same check.
	However, if I move the ebtables call prior to the check for TYPE_DIRECT
	(where there is a VIR_FREE(net->ifname)), then it seems Coverity is
	happy.  Since firewall info is tacked on last during setup, removing
	it in the opposite order of initialization seems to be natural anyway

2014-12-01  John Ferlan  <jferlan@redhat.com>

	storage: Add mixed fc_host/scsi_host duplicate adapter source checks
	https://bugzilla.redhat.com/show_bug.cgi?id=1159180
	The virStoragePoolSourceFindDuplicate only checks the incoming definition
	against the same type of pool as the def; however, for "scsi_host" and
	"fc_host" adapter pools, it's possible that either some pool "scsi_host"
	adapter definition is already using the scsi_hostN that the "fc_host"
	adapter definition wants to use or some "fc_host" pool adapter definition
	is using a vHBA scsi_hostN or parent scsi_hostN that an incoming "scsi_host"
	definition is trying to use.
	This patch adds the mismatched type checks and adds extraneous comments
	to describe what each check is determining.
	This patch also modifies the documentation to be describe what scsi_hostN
	devices a "scsi_host" source adapter should use and which to avoid. It also
	updates the parent definition to specifically call out that for mixed
	environments it's better to define which parent to use so that the duplicate
	pool checks can be done properly.

	storage: Move and rename getVhbaSCSIHostParent
	https://bugzilla.redhat.com/show_bug.cgi?id=1159180
	Move the API from the backend to storage_conf and rename it to
	virStoragePoolGetVhbaSCSIHostParent.  A future patch will need to
	use this functionality from storage_conf

2014-12-01  Martin Kletzander  <mkletzan@redhat.com>

	conf: Don't redefine virDomainTPMDefPtr

2014-12-01  Luyao Huang  <lhuang@redhat.com>

	qemu: Make pid available for security managers in qemuProcessAttach
	There are some small issue in qemuProcessAttach:
	1.Fix virSecurityManagerGetProcessLabel always get pid = 0,
	move 'vm->pid = pid' before call virSecurityManagerGetProcessLabel.
	2.Use virSecurityManagerGenLabel to get image label.
	3.Fix always set selinux label for other security driver label.

2014-12-01  Martin Kletzander  <mkletzan@redhat.com>

	conf: Add device-related code for panic devices
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1169183

	conf: Add device-related code for TPM devices
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1169183

2014-12-01  Erik Skultety  <eskultet@redhat.com>

	qemu: fix block{commit,copy} abort handling
	When a block{commit,copy} job was aborted on a domain, block job handler
	did not process it correctly, leaving a phantom job in the background.
	Any further calls to any blockjob causes "block <jobtype> still active"
	error. This patch fixes the blockjob handler so that it checks not only
	for VIR_DOMAIN_BLOCK_JOB_FAILED status, but VIR_DOMAIN_BLOCK_JOB_CANCELED
	status as well, followed by our existing cleanup routine.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1135169

2014-12-01  Wang Rui  <moon.wangrui@huawei.com>

	qemu: set jobinfo type to FAILED if job is failed in qemuMigrationRun
	If job is failed in qemuMigrationRun, we expect the jobinfo type as
	FAILED. But jobinfo type won't be updated until entering
	qemuMigrationWaitForCompletion. We should make it updated in all
	conditions. Moreover, we can't use qemuMigrationUpdateJobStatus
	here because job may fail in libvirt, so we can't query job status
	from QEMU.

	qemu: set jobinfo type to CANCELLED if migration is cancelled in all conditions
	The migration job status is traced in qemuMigrationUpdateJobStatus
	which is called in qemuMigrationRun. But if migration is cancelled
	before the trace such as in qemuMigrationDriveMirror, the jobinfo
	type won't be updated to CANCELLED. After this patch, we can get
	jobinfo type CANCELLED if migration is cancelled during drive
	mirror.  Moreover, we can't use qemuMigrationUpdateJobStatus
	because from qemu's point of view it's just the drive mirror being
	cancelled and the migration hasn't even started yet.

2014-12-01  Luyao Huang  <lhuang@redhat.com>

	docs: Fix missing slashes in XML examples
	When I pasted some XML from libvirt.org, I've found a small mistake.

2014-11-28  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't track quiesced state of FSs
	https://bugzilla.redhat.com/show_bug.cgi?id=1160084
	As of b6d4dad11b (1.2.5) we are trying to keep the status of FSFreeze
	in the guest. Even though I've tried to fixed couple of corner cases
	(6ea54769ba18), it occurred to me just recently, that the approach is
	broken by design. Firstly, there are many other ways to talk to
	qemu-ga (even through libvirt) that filesystems can be thawed (e.g.
	qemu-agent-command) without libvirt noticing. Moreover, there are
	plenty of ways to thaw filesystems without even qemu-ga noticing (yes,
	qemu-ga keeps internal track of FSFreeze status). So, instead of
	keeping the track ourselves, or asking qemu-ga for stale state, it's
	the best to let qemu-ga deal with that (and possibly let guest kernel
	propagate an error).
	Moreover, there's one bug with the following approach, if fsfreeze
	command failed, we've executed fsthaw subsequently. So issuing
	domfsfreeze in virsh gave the following result:
	virsh # domfsfreeze gentoo
	Froze 1 filesystem(s)
	virsh # domfsfreeze gentoo
	error: Unable to freeze filesystems
	error: internal error: unable to execute QEMU agent command 'guest-fsfreeze-freeze': The command guest-fsfreeze-freeze has been disabled for this instance
	virsh # domfsfreeze gentoo
	Froze 1 filesystem(s)
	virsh # domfsfreeze gentoo
	error: Unable to freeze filesystems
	error: internal error: unable to execute QEMU agent command 'guest-fsfreeze-freeze': The command guest-fsfreeze-freeze has been disabled for this instance

2014-11-28  Jiri Denemark  <jdenemar@redhat.com>

	Fix usage of virReportSystemError
	virReportSystemError is reserved for reporting system errors, calling it
	with VIR_ERR_* error codes produces error messages that do not make any
	sense, such as
	    internal error: guest failed to start: Kernel doesn't support user
	    namespace: Link has been severed
	We should prohibit wrong usage with a syntax-check rule.

2014-11-28  Martin Kletzander  <mkletzan@redhat.com>

	docs: fix simple typo in TPM paragraph

2014-11-27  Martin Kletzander  <mkletzan@redhat.com>

	tests: fix documentation for mocking methods
	It looks like it was copy-pasted, so in case anyone wonders what some of
	those methods do without looking at them, and for the sake of
	completeness, fix them.

	Revert "ip link needs 'name' in 3.16 to create the veth pair"
	This reverts commit 433b427ff853ab72d32573d415e6ec569b77c7cb.
	The patch was added in order to overcome a bug in iproute2 and since it
	was properly identified as a bug, particularly in openSUSE 13.2, and it
	is being worked on [1], the best solution for libvirt seems to be to
	keep the old behaviour.
	[1] https://bugzilla.novell.com/show_bug.cgi?id=907093

2014-11-27  Jiri Denemark  <jdenemar@redhat.com>

	network: Fix upgrade from libvirt older than 1.2.4
	Starting from libvirt-1.2.4, network state XML files moved to another
	directory (see commit b9e95491) and libvirt automatically migrates the
	network state files to a new location. However, the code used
	dirent.d_type which is not supported by all filesystems. Thus, when
	libvirt was upgraded on a host which used such filesystem, network state
	XMLs were not properly moved and running networks disappeared from
	libvirt.
	This patch falls back to lstat() whenever dirent.d_type is DT_UNKNOWN to
	fix this issue.
	https://bugzilla.redhat.com/show_bug.cgi?id=1167145

2014-11-26  Jiri Denemark  <jdenemar@redhat.com>

	util: Avoid calling closedir(NULL)

2014-11-25  Eric Blake  <eblake@redhat.com>

	virsh: document block.n.allocation stat
	Commit 7557ddf added some additional block.* stats to
	virDomainListGetStats, but failed to document them in 'man
	virsh'.  Also, I noticed some inconsistent use of commas.
	* tools/virsh.pod (domstats): Tweak commas, add missing stats.

	dbus: fix arrays of bools
	Commit 2aa167ca tried to fix the DBus interaction code to allow
	callers to use native types instead of 4-byte bools.  But in
	fixing the issue, I missed the case of an arrayref; Conrad Meyer
	shows the following valid complaint issued by clang:
	  CC       util/libvirt_util_la-virdbus.lo
	util/virdbus.c:956:13: error: cast from 'bool *' to 'dbus_bool_t *' (aka 'unsigned int *') increases required alignment from 1 to 4 [-Werror,-Wcast-align]
	            GET_NEXT_VAL(dbus_bool_t, bool_val, bool, "%d");
	            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	util/virdbus.c:858:17: note: expanded from macro 'GET_NEXT_VAL'
	            x = (dbustype *)(*xptrptr + (*narrayptr - 1));              \
	                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 error generated.
	But fixing that points out that we have NEVER supported arrayrefs
	of sub-int types (byte, i16, u16, and now bool).  Again, while raw
	types promote, arrays do not; so the macros HAVE to deal with both
	size possibilities rather than assuming that an arrayref uses the
	same sizing as the promoted raw type.
	Obviously, our testsuite wasn't covering as much as it should have.
	* src/util/virdbus.c (GET_NEXT_VAL): Also fix array cases.
	(SET_NEXT_VAL): Fix uses of sub-int arrays.
	* tests/virdbustest.c (testMessageArray, testMessageArrayRef):
	Test it.

2014-11-25  Wang Rui  <moon.wangrui@huawei.com>

	qemu: add the missing jobinfo type in qemuDomainGetJobInfo
	Commit 6fcddfcd refactored job statistics but missed the jobinfo type updated
	in qemuDomainGetJobInfo. After this patch, we can use virDomainGetJobInfo to
	get jobinfo type again.

2014-11-25  John Ferlan  <jferlan@redhat.com>

	Resolve build breaker
	Commit 'c264eeaa' didn't do the prerequisite 'make syntax-check' before
	pushing. There was a <tab> in the whitespace for the comment.  Replaced
	with spaces and aligned.
	pushed as build breaker since Jenkins complained loudly

2014-11-25  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc: don't unmount subtree if it contains the source of the mount
	The typical case where we had a problem is with such a filesystem
	definition as created by virt-sandbox-service:
	    <filesystem type='bind' accessmode='passthrough'>
	      <source dir='/var/lib/libvirt/filesystems/mysshd/var'/>
	      <target dir='/var'/>
	    </filesystem>
	In this case, we don't want to unmount the /var subtree or we may
	loose the access to the source folder.

	lxc: be more patient while resolving symlinks
	Resolving symlinks can fail before mounting any file system if one file
	system depends on another being mounted. Symlinks are now resolved in
	two passes:
	  * Before any file system is mounted, but then we are more gentle if
	    the source path can't be accessed
	  * Right before mounting a file system, so that we are sure that we
	    have the resolved path... but then if it can't be accessed we raise
	    an error.

	ip link needs 'name' in 3.16 to create the veth pair
	Due to a change (or bug?) in ip link implementation, the command
	    'ip link add vnet0...'
	is forced into
	    'ip link add name vnet0...'
	The changed command also works on older versions of iproute2, just the
	'name' parameter has been made mandatory.

	virt-aa-helper: /etc/libvirt-sandbox/services isn't restricted
	To get virt-sandbox-service working with AppArmor, virt-aa-helper
	needs not to choke on path in /etc/libvirt-sandbox/services.

	virt-aa-helper wasn't running virErrorInitialize
	This turns out to be working by magic but needs to be fixed.

2014-11-25  Pavel Hrdina  <phrdina@redhat.com>

	qemu-command: introduce new vgamem attribute for QXL video device
	Add attribute to set vgamem_mb parameter of QXL device for QEMU. This
	value sets the size of VGA framebuffer for QXL device. Default value in
	QEMU is 8MB so reuse it also in libvirt to not break things.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1076098

	qemu-command: use vram attribute for all video devices
	So far we didn't have any option to set video memory size for qemu video
	devices. There was only the vram (ram for QXL) attribute but it was valid
	only for the QXL video device.
	To provide this feature to users QEMU has a dedicated device attribute
	called 'vgamem_mb' to set the video memory size. We will use the 'vram'
	attribute for setting video memory size for other QEMU video devices.
	For the cirrus device we will ignore the vram value because it has
	hardcoded video size in QEMU.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1076098

	caps: introduce new QEMU capability for vgamem_mb device property
	Allow setting vgamem size for video devices.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1076098

	QXL: fix setting ram and vram values for QEMU QXL device
	QEMU has two different type of QXL display device. The first "qxl-vga"
	is for primary video device and second "qxl" is for secondary video
	device.
	There are also two different ways how to specify those devices on qemu
	command line, the first one and obsolete is using "-vga" option and the
	current new one is using "-device" option. The "-vga" could be used only
	to setup primary video device, so the "-vga qxl" equal to
	"-device qxl-vga". Unfortunately the "-vga qxl" doesn't support setting
	additional parameters for the device and "-global" option must be used
	for this purpose. It's mandatory to use "-global qxl-vga...." to set the
	parameters of primary video device previously defined with "-vga qxl".
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1076098

	video: cleanup usage of vram attribute and update documentation
	The vram attribute was introduced to set the video memory but it is
	usable only for few hypervisors excluding QEMU/KVM and the old XEN
	driver. Only in case of QEMU the vram was used for QXL.
	This patch updates the documentation to reflect current code in libvirt
	and also changes the cases when we will set the default vram attribute.
	It also fixes existing strange default value for VGA devices 9MB to 16MB
	because the video ram should be rounded to power of two.
	The change of default value could affect migrations but I found out that
	QEMU always round the video ram to power of two internally so it's safe
	to change the default value to the next closest power of two and also
	silently correct every domain XML definition. And it's also safe because
	we don't pass the value to QEMU.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1076098

	internal: add macro to round value to the next closest power of 2
	There are two special cases, if the input number is 0 or the number is
	larger then 2^31 (for 32bit unsigned int). For the special cases the
	return value is 0 because they cannot be rounded.

2014-11-25  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	storage_driver: fix a comment typo
	s/rereshed/refreshed

2014-11-24  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	virsh: expose virDomainGetFSInfo
	Add a "domfsinfo" command that shows a list of filesystems info mounted in
	the guest. For example:
	virsh # domfsinfo vm1
	Mountpoint                           Name     Type     Target
	-------------------------------------------------------------------
	/                                    sda1     ext4     hdc
	/opt                                 dm-2     vfat     vda,vdb
	/mnt/test                            sdb1     xfs      sda

	qemu: add test for qemuAgentGetFSInfo
	Add test cases for qemuAgentGetFSInfo, with a sample agent response for
	the qemu-get-fsinfo command and a configuration xml.

	qemu: Implement the qemu driver for virDomainGetFSInfo
	Get mounted filesystems list, which contains hardware info of disks and its
	controllers, from QEMU guest agent 2.2+. Then, convert the hardware info
	to corresponding device aliases for the disks.

	remote: Implement the remote protocol for virDomainGetFSInfo
	Add daemon and driver code to (de-)serialize virDomainFSInfo.

	Implement public API for virDomainGetFSInfo
	virDomainGetFSInfo returns a list of filesystems information mounted in the
	guest, which contains mountpoints, device names, filesystem types, and
	device aliases named by libvirt. This will be useful, for example, to
	specify mountpoints to fsfreeze when taking snapshot of a part of disks.

2014-11-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: Emit the guest agent lifecycle event
	Add code to emit the event on change of the channel state and reconnect
	to the qemu process.

	examples: Add support for the guest agent lifecycle event
	Add code to support the event in the object-event example.

	event: Add guest agent lifecycle event
	As qemu is now able to notify us about change of the channel state used
	for communication with the guest agent we now can more precisely track
	the state of the guest agent.
	To allow notifying management apps this patch implements a new event
	that will be triggered on changes of the guest agent state.

2014-11-24  Jiri Denemark  <jdenemar@redhat.com>

	spec: Automatically apply all patches with git
	With this change, any patch declared in libvirt.spec with Patch[0-9]* is
	automatically applied in %prep. Unlike with the standard %patch[0-9]*,
	patches are applied with "git am" to avoid some unexpected results.
	However, as a result of this, all patches must be in the right format
	for "git am" to be able to apply them; they should ideally be generated
	from git using "git format-patch".

2014-11-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Refresh virtio channel guest state when connecting to mon
	Use data provided by "query-chardev" to refresh the guest frontend state
	of virtio channels.

	qemu: chardev: Extract more information about character devices
	Improve the monitor function to also retrieve the guest state of
	character device (if provided) so that we can refresh the state of
	virtio-serial channels and perhaps react to changes in the state in
	future patches.
	This patch changes the returned data from qemuMonitorGetChardevInfo to
	return a structure containing the pty path and the state for all the
	character devices.
	The change to the testsuite makes sure that the data is parsed
	correctly.

2014-11-22  Jim Fehlig  <jfehlig@suse.com>

	libxl: destroy domain in migration finish phase on failure
	This patch contains three domain cleanup improvements in the migration
	finish phase, ensuring a domain is properly disposed when a failure is
	detected or the migration is cancelled.
	The check for virDomainObjIsActive is moved to libxlDomainMigrationFinish,
	where cleanup can occur if migration failed and the domain is inactive.
	The 'cleanup' label was missplaced in libxlDomainMigrationFinish, causing
	a migrated domain to remain in the event of an error or cancelled migration.
	In cleanup, the domain was not removed from the driver's list of domains.

	libxl: start domain paused on migration dst
	During the perform phase of migration, the domain is started on
	the dst host in a running state if VIR_MIGRATE_PAUSED flag is not
	specified.  In the finish phase, the domain is also unpaused if
	VIR_MIGRATE_PAUSED flag is unset.  I've noticed this second unpause
	fails if the domain was already unpaused following the perform phase.
	This patch changes the perform phase to always start the domain
	paused, and defers unpausing, if requested, to the finish phase.
	Unpausing should occur in the finish phase anyhow, where the domain
	can be properly destroyed if the perform phase fails and migration
	is cancelled.

	libxl: acquire job in migration finish phase
	Moving data reception of the perform phase of migration to a
	thread introduces a race with the finish phase, where checking
	if the domain is active races with the thread finishing the
	perform phase.  The race is easily solved by acquiring a job in
	the finish phase, which must wait for the perform phase job to
	complete.
	While wrapping the finish phase in a job, noticed the virDomainObj
	was being unlocked in a callee - libxlDomainMigrationFinish.  Move
	the unlocking to libxlDomainMigrateFinish3Params, where the lock
	is acquired.

	libxl: Receive migration data in a thread
	The libxl driver receives migration data within an IO callback invoked
	by the event loop, effectively disabling the event loop while migration
	occurs.
	This patch moves receving of the migration data to a thread.  The
	incoming connection is still accepted in the IO callback, but control
	is immediately returned to the event loop after spawning the thread.

2014-11-22  Ian Campbell  <Ian.Campbell@citrix.com>

	libxl: Allow libxl to find pygrub binary.
	Specifying an explicit path to pygrub (e.g. BINDIR "/pygrub") only works if
	Xen and libvirt happen to be installed to the same prefix. A more flexible
	approach is to simply specify "pygrub" which will cause libxl to use the
	correct path which it knows (since it is built with the same prefix as pygrub).
	This is particular problematic in the Debian packaging, since the Debian Xen
	package relocates pygrub into a libexec dir, however I think this change makes
	sense upstream.

2014-11-21  Peter Krempa  <pkrempa@redhat.com>

	storage: rbd: Implement support for passing config file option
	To be able to express some use cases of the RBD backing with libvirt, we
	need to be able to specify a config file for the RBD client to qemu as
	that is one of the commonly used options.

	storage: rbd: qemu: Add support for specifying internal RBD snapshots
	Some storage systems have internal support for snapshots. Libvirt should
	be able to select a correct snapshot when starting a VM.
	This patch adds a XML element to select a storage source snapshot for
	the RBD protocol which supports this feature.

	storage: Allow parsing of RBD backing strings when building backing chain
	As we now have a common function to parse backing store string for RBD
	backing store we can reuse it in the backing store walker so that we
	don't fail on files backed by RBD storage.
	This patch also adds a few tests to verify that the parsing works as
	expected.

	util: storagefile: Split out parsing of NBD string into a separate func
	Split out the code so that the function looks homogenous after adding
	more protocol specific parsers.

	util: split out qemuParseRBDString into a common helper
	To allow reuse this non-trivial parser code in the backing store parser
	this part of the command line parser needs to be split out into a
	separate funciton.

	tests: Reflow the expected output from RBD disk test
	Addition of tested cases to the test will be more obvious.

	qemu: Refactor qemuBuildNetworkDriveURI to take a virStorageSourcePtr
	Instead of splitting out various fields, pass the complete structure and
	let the function pick various things of it.
	As one of the callers isn't using virStorageSourcePtr to store the data,
	this patch adds glue code that fills the data into a dummy
	virStorageSourcePtr before calling the func.
	This change will help when adding new fields that need output processing
	in the future.

	util: storage: Copy hosts of a storage file only if they exist
	If there are no hosts for a storage source virStorageSourceCopy and
	virStorageSourceNewFromBackingRelative would try to copy them anyways.
	As the success of virStorageNetHostDefCopy is determined by returning
	a pointer and malloc of 0 elements might return NULL according to the
	implementation, the result of the copy function may vary.
	Fix this by copying the hosts array only if there are hosts defined.

	util: storage: Add notice for extension of struct virStorageSource
	As we now have a deep copy function for struct virStorageSource add a
	notice that extensions of the structure require also appropriate changes
	to the virStorageSourceCopy func.

	util: buffer: Clarify scope of the escape operation in virBufferEscape
	The escaping is applied only to the string, not the format argument.
	State this fact in the docs.

	test: virstoragetest: Add testing of network disk details
	To be able to fully test parsing of networked storage strings we need to
	add a few fields for: hostname, protocol and auth string.

	docs: domain: Move docs for storage hosts under the <source> element
	The docs describing the <host> element that are under the <source>
	element in the XML document were incorrectly placed under the <disk>
	element. Move them to the correct place.

2014-11-21  Martin Kletzander  <mkletzan@redhat.com>

	virsh: sync domdisplay help and manual

2014-11-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add handling for VSERPORT_CHANGE event
	New qemu added a new event that is emitted when a virtio serial channel
	is opened in the guest OS. This allows us to update the state of the
	port in the output-only XML element.
	This patch implements the monitor callbacks and necessary handlers to
	update the state in the definition.

	conf: Add channel state for virtio channels to the XML
	To track state of virtio channels this patch adds a new output-only
	attribute called 'state' to the <target> element of virtio channels.
	This will be later populated with the guest state of the channel.

	qemu: monitor: Rename and improve qemuMonitorGetPtyPaths
	To unify future additions that require information from "query-chardev"
	rename qemuMonitorGetPtyPaths and friends to qemuMonitorGetChardevInfo
	and move the allocation of the returned hash into the top level
	function.

	test: xml2xml: Print full filenames if xml2xml test fails
	To simplify looking for a problem instrument the XML comparator function
	with possibility to print the filename of the failed/expected XML
	output.
	This is necessary as the VIR_TEST_DIFFERENT macro possibly tests two XML
	files for the inactive/active state and the resulting error may not be
	obvious.

	conf: Annotate source enums for character device struct members
	Add a comment to track which values may be present in certain members of
	a struct _virDomainChrDef.

	qemu: process: report useful error if alias formatting fails
	When retrieving the paths for PTY devices the alias gets formatted into
	a static string. If it doesn't fit we wouldn't report an error.

2014-11-21  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	docs: fix a typo in formatdomain.html

2014-11-21  Peter Krempa  <pkrempa@redhat.com>

	storage: qemu: Fix security labelling of new image chain elements
	When creating a disk image snapshot the libvirt code would blindly copy
	the parents label to the newly created image. This runs into problems
	when you start a VM from an image hosted on NFS (or other storage system
	that doesn't support selinux labels) and the snapshot destination is on
	a storage system that does support selinux labels. Libvirt's code in
	that case generates a different security label for the image hosted on
	NFS. This label is valid only for NFS images and doesn't allow access in
	case of a locally stored image.
	To fix this issue libvirt needs to refrain from copying security
	information in cases where the default domain seclabel is a better
	choice.
	This patch repurposes the now unused @force argument of
	virStorageSourceInitChainElement to denote whether a copy of the
	security labelling stuff should be attempted or not. This allows to
	fine-control the copy operation for cases where we need to keep the
	label of the old disk vs. the cases where we need to keep the label
	unset to use the default domain imagelabel.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1151718

2014-11-20  Eric Blake  <eblake@redhat.com>

	build: fix build when not using dbus
	Commit c0e7022 breaks on a machine that lacks dbus headers:
	In file included from util/virdbus.c:24:0:
	util/virdbuspriv.h:31:3: error: unknown type name 'dbus_int16_t'
	* src/util/virdbuspriv.h (DBusBasicValue): Only provide fallback
	when dbus is compiled.

	build: avoid 32-bit failure on older gcc
	On 32-bit platforms with old gcc (hello RHEL 5 gcc 4.1.2), the
	build fails with:
	virsh-domain.c: In function 'cmdBlockCopy':
	virsh-domain.c:2172: warning: comparison is always false due to limited range of data type
	Adjust the code to silence the warning.
	* tools/virsh-domain.c (cmdBlockCopy): Pacify RHEL 5 gcc.

2014-11-20  John Ferlan  <jferlan@redhat.com>

	storage: Add thread to refresh for createVport
	https://bugzilla.redhat.com/show_bug.cgi?id=1152382
	When libvirt create's the vport (VPORT_CREATE) for the vHBA, there isn't
	enough "time" between the creation and the running of the following
	backend->refreshPool after a backend->startPool in order to find the LU's.
	Population of LU's happens asynchronously when udevEventHandleCallback
	discovers the "new" vHBA port.  Creation of the infrastructure by udev
	is an iterative process creating and discovering actual storage devices and
	adjusting the environment.
	Because of the time it takes to discover and set things up, the backend
	refreshPool call done after the startPool call will generally fail to
	find any devices. This leaves the newly started pool appear empty when
	querying via 'vol-list' after startup. The "workaround" has always been
	to run pool-refresh after startup (or any time thereafter) in order to
	find the LU's. Depending on how quickly run after startup, this too may
	not find any LUs in the pool. Eventually though given enough time and
	retries it will find something if LU's exist for the vHBA.
	This patch adds a thread to be executed after the VPORT_CREATE which will
	attempt to find the LU's without requiring the external run of refresh-pool.
	It does this by waiting for 5 seconds and searching for the LU's. If any
	are found, then the thread completes; otherwise, it will retry once more
	in another 5 seconds.  If none are found in that second pass, the thread
	gives up.
	Things learned while investigating this... No need to try and fill the
	pool too quickly or too many times. Over the course of creation, the udev
	code may 'add', 'change', and 'delete' the same device. So if the refresh
	code runs and finds something, it may display it only to have a subsequent
	refresh appear to "lose" the device. The udev processing doesn't seem to
	have a way to indicate that it's all done with the creation processing of a
	newly found vHBA. Only the Lone Ranger has silver bullets to fix everything.

	storage: Fix issue finding LU's when block doesn't exist
	Fix a problem in the getBlockDevice and processLU where retval initialized
	to zero causing some failures to erroneously continue through to the
	virStorageBackendSCSINewLun with an attempt to find a path for "/dev/(null)".
	This would fail approximately 10 seconds later with debug message:
	virStorageBackendSCSINewLun:203 :
	     No stable path found for '/dev/(null)' in '/dev/disk/by-path'
	The root cause of the issue is for many /sys/bus/scsi/devices/<lun path>
	there is no "block*" device found for the vHBA's, where "<lun path>" are
	the various paths created for the vHBA, such as "17:0:0:0", "17:0:1:0",
	"17:0:2:0", "17:0:3:0", etc.  If the block device isn't found, then the
	directory should just be ignored rather than attempting to process it.
	The bug was that in getBlockDevice the assumption was "block" would exist
	and either getNewStyleBlockDevice or getOldStyleBlockDevice would fill in
	@block_device. However, if 'block*' doesn't exist, then the code returned
	NULL for block_device *and* a good (zero) retval value.  This caused the
	processLU code to attempt the virStorageBackendSCSINewLun which failed
	"at some point in time" in the future.
	After this change - on test system the refresh-pool didn't have a noticable
	pause of about 20 seconds - it completed within a second since no longer
	was there an attempt/need to find "/dev/(null)".
	Additionally, the virStorageBackendSCSIFindLU's shouldn't be declaring
	found unless the processLU actually returns success. This will be
	important in the followup patch which relies on whether a LU was found.

2014-11-20  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	docs: Remove references to unused libvirt-libvirt.html
	The libvirt-libvirt.html file is no longer generated so
	should not be referenced by the Makefile.am

2014-11-20  Eric Blake  <eblake@redhat.com>

	build: fix build with older dbus headers
	Compilation on a RHEL 5 host failed, due to the older dbus headers
	present on that machine, and triggered by commit 2aa167ca:
	util/virdbus.c: In function 'virDBusMessageIterDecode':
	util/virdbus.c:952: error: 'DBusBasicValue' undeclared (first use in this function)
	* m4/virt-dbus.m4 (LIBVIRT_CHECK_DBUS): Check for DBusBasicValue.
	* src/util/virdbuspriv.h (DBusBasicValue): Provide fallback.

2014-11-20  Giuseppe Scrivano  <gscrivan@redhat.com>

	rpc: do not fail if the pid of the connecting process is not set
	getsockopt(sock->fd, SOL_SOCKET, SO_PEERCRED, ...) sets the pid to 0
	when the process that opens the connection is in another container.

2014-11-20  Eric Blake  <eblake@redhat.com>

	util: don't log failure when older iptables lacks -w
	Commit dc33e6e4 caused older platforms like Fedora 20 to emit
	scary log messages at startup:
	2014-11-19 23:12:58.800+0000: 28906: error : virCommandWait:2532 : internal error: Child process (/usr/sbin/iptables -w -L -n) unexpected exit status 2: iptables v1.4.19.1: unknown option "-w"
	Try `iptables -h' or 'iptables --help' for more information.
	Since we are probing and expect to handle the case where -w is not
	supported, we should not let virCommand log it as an error.
	* src/util/virfirewall.c (virFirewallCheckUpdateLock): Handle
	non-zero status ourselves.

2014-11-20  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Really fix crash in tunnelled migration
	Oops, I forgot to squash one more instance of the same check in the
	previous commit (v1.2.10-144-g52691f9).
	https://bugzilla.redhat.com/show_bug.cgi?id=1147331

2014-11-20  Erik Skultety  <eskultet@redhat.com>

	virsh: Fix msg: blockjob is aborted from another client
	When a block{pull, copy, commit} is aborted via keyboard interrupt,
	the job is properly canceled followed by proper error message.
	However, when the job receives an abort from another client connected
	to the same domain, the error message incorrectly indicates that
	a blockjob has been finished successfully, though the abort request
	took effect. This patch introduces a new blockjob abort handler, which
	is registered when the client calls block{copy,commit,pull} routine,
	providing its caller the status of the finished blockjob.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1135442

2014-11-20  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix crash in tunnelled migration
	Any attempt to start a tunnelled migration with libvirtd that supports
	RDMA migration (specifically commit v1.2.8-226-ged22a47) crashes
	libvirtd on the destination host.
	The crash is inevitable because qemuMigrationPrepareAny is always called
	with NULL protocol in case of tunnelled migration.
	https://bugzilla.redhat.com/show_bug.cgi?id=1147331

2014-11-20  Eric Blake  <eblake@redhat.com>

	maint: use portable shell
	Reported in https://bugzilla.redhat.com/show_bug.cgi?id=1165827;
	dash complains:
	checking for pkcheck... /usr/bin/pkcheck
	checking whether pkcheck supports uid value... yes
	./configure: 63906: test: xno: unexpected operator
	checking for dtrace... no
	* configure.ac: Use '=' not '==' in test.

2014-11-20  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Drop OVMF whitelist
	As discussed on the upstream list, it's better not to make this
	kind of predictions in libvirt. It may happen that qemu learns
	how to enable OVMF on other architectures too and we shouldn't
	try to chase that.

	qemu: Support OVMF on armv7l aarch64 guests
	Currently, we are whitelisting architectures, that we know how to run
	OVMF on. So far, only x86_64 was enabled. However, looking at qemu
	code, the same commandline can be used to enable OVMF for armv7l and
	aarch64.

2014-11-19  Eric Blake  <eblake@redhat.com>

	maint: forbid 'int foo = true'
	I noticed this while working on qemuDomainGetBlockInfo.  Assigning
	a bool value to an int variable compiles fine, but raises red flags
	on the maintenance front as it becomes too easy to assign -1 or 2
	or any other non-bool value to the same variable.
	* cfg.mk (sc_prohibit_int_assign_bool): New rule.
	* src/conf/snapshot_conf.c (virDomainSnapshotRedefinePrep): Fix
	offenders.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo)
	(qemuDomainSnapshotCreateXML): Likewise.
	* src/test/test_driver.c (testDomainSnapshotAlignDisks):
	Likewise.
	* src/util/vircgroup.c (virCgroupSupportsCpuBW): Likewise.
	* src/util/virpci.c (virPCIDeviceBindToStub): Likewise.
	* src/util/virutil.c (virIsCapableVport): Likewise.
	* tools/virsh-domain-monitor.c (cmdDomMemStat): Likewise.
	* tools/virsh-domain.c (cmdBlockResize, cmdScreenshot)
	(cmdInjectNMI, cmdSendKey, cmdSendProcessSignal)
	(cmdDetachInterface): Likewise.

	virdbus: don't force users to pass int for bool values
	Use of an 'int' to represent a 'bool' value is confusing.  Just
	because dbus made the mistake of cementing their 4-byte wire
	format of dbus_bool_t into their API doesn't mean we have to
	repeat the mistake.  With a little bit of finesse, we can
	guarantee that we provide a large-enough value to the DBus
	code, while still copying only the relevant one-byte bool
	to the client code, and isolate the rest of our code base from
	the DBus stupidity.
	* src/util/virdbus.c (GET_NEXT_VAL): Add parameter.
	(virDBusMessageIterDecode): Adjust all clients.
	* src/util/virpolkit.c (virPolkitCheckAuth): Use nicer type.
	* tests/virdbustest.c (testMessageSimple, testMessageStruct):
	Test new behavior.

2014-11-19  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	storage: wrap storage_driver.c to 80 columns

2014-11-19  Yohan BELLEGUIC  <yohan.belleguic@diateam.net>

	vbox: fix a bug in _machineStateInactive
	This function returned non-inactive domains instead of active
	domains.  This broke virConnectNumOfDefinedDomains() and
	virConnectListDefinedDomains() functions.

2014-11-19  Anirban Chakraborty  <abchak@juniper.net>

	network: Add network bandwidth support to ethernet interfaces
	Ethernet interfaces in libvirt currently do not support bandwidth setting.
	For example, following xml file for an interface will not apply these
	settings to corresponding qdiscs.
	    <interface type="ethernet">
	      <mac address="02:36:1d:18:2a:e4"/>
	      <model type="virtio"/>
	      <script path=""/>
	      <target dev="tap361d182a-e4"/>
	      <bandwidth>
	        <inbound average="984" peak="1024" burst="64"/>
	        <outbound average="2000" peak="2048" burst="128"/>
	      </bandwidth>
	    </interface>

2014-11-19  Michal Privoznik  <mprivozn@redhat.com>

	docs: Document NVRAM behavior on transient domains
	Since 1.2.8 it's possible to use OVMF on domains. Moreover, it's
	possible to have libvirt create NVRAM file per domain. Later,
	when domain is undefined, the file is removed too. However,
	things are a bit complicated when domain's transient. There's no
	undefine to transient domains. There are two options: 1) leave
	the file behind and let mgmt app remove it. 2) remove it
	automatically as domain dies.
	But, in some scenarios mgmt app may want to preserve the file,
	copy it somewhere safe, and then copy it back when the domain is
	starting again. And this wouldn't be possible with case 2). So,
	even though case 1) leaves some files behind (possibly undeleted
	for a long time), the files themselves are small (128K each). And
	data loss is worse than full disk, isn't it?

2014-11-19  Daniel P. Berrange  <berrange@redhat.com>

	Remove left over debug in hvsupport.pl script

2014-11-15  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity UNINIT
	For some reason, commit id '72b4151f' triggered a Coverity uninitialized
	'reply' variable check when referenced within the for loop.
	It seems Coverity doesn't know that flags will have to be either AFFECT_LIVE
	or AFFECT_CONFIG after the virDomainLiveConfigHelperMethod call.
	By adding a "sa_assert()" to confirm that fact, Coverity is happy again.

2014-11-15  Luyao Huang  <lhuang@redhat.com>

	qemu: Fix get blkiodevtune for a disk that has been hot unplugged
	https://bugzilla.redhat.com/show_bug.cgi?id=1164080
	After a disk is hotunplugged a subsequent call to qemuDomainGetBlockIoTune
	to get the --config settings of that disk will fail because the disk is no
	longer found by qemuDiskPathToAlias causing an unexpected failure.
	Since only the --live flag needs to have the disk device pointer, move the
	fetch inside the (flags & VIR_DOMAIN_AFFECT_LIVE) condition. This will also
	affect the results if no flags are provided or the --current flag is provided.

2014-11-15  John Ferlan  <jferlan@redhat.com>

	qemu: Add tests for new blkdeviotune arguments
	The recent commit to add support for block_set_io_throttle parameters
	from version 1.7 of qemu did not add any tests - this adds the tests

	qemu: Add checks for blkdeviotune 'size_iops_sec' and adjust error
	Seems the 'size_iops_sec' was a late add and the checks for whether
	the field was defined, but unsupported and the maximum size of the
	field were not being made.
	Also, adjust blkdeviotune support error message for grammar, spelling
	(paramater), and remove the "(need QEMU 1.7 or superior)".  None of
	our other similar error messages list which QEMU version is required.

2014-11-15  Martin Kletzander  <mkletzan@redhat.com>

	bracket-spacing: Add syntax-check for unnecessary curly brackets
	We're looking for three consecutive lines, first one is a if/for/while
	with a condition and start of body, second one is a body with one and
	only semicolon and third is end of the body by itself.

	bracket-spacing-check: Print out more specific error message

	bracket-spacing: Remove pointless cycles
	Change while () { smth; last; } to if () { smth; } as 'last' in perl is
	analogous to 'break' in C.  These are probably copy-paste leftovers from
	creating new syntax-check rules.

	bracket-spacing: Don't modify current line
	In bracket-spacing.pl, the current $line is being modified in $data.
	That, however, spoils that $data for another check.  Introduce new
	$tmpdata variable that can be used for temporary modifications.  The
	difference between $data and $line is that $data are as much cleaned as
	possible from non-code blocks and these changes must be kept.

	docs: Adjust contributor guidelines about curly brackets
	After recent discussion it looks like curly brackets around one-line
	bodies are preferred if the preceding condition is, itself, multiline.

	Remove unnecessary curly brackets in tests/

	Remove unnecessary curly brackets in tools/

	Remove unnecessary curly brackets in rest of src/

	Remove unnecessary curly brackets in rest of src/[o-u]*/

	Remove unnecessary curly brackets in rest of src/[a-n]*/

	Remove unnecessary curly brackets in src/vbox/

	Remove unnecessary curly brackets in src/util/

	Remove unnecessary curly brackets in src/test/test_driver.c

	Remove unnecessary curly brackets in src/storage/

	Remove unnecessary curly brackets in src/qemu/

	Remove unnecessary curly brackets in src/node_device/

	Remove unnecessary curly brackets in src/hyperv/

	Remove unnecessary curly brackets in src/conf/

	Remove unnecessary curly brackets in src/vmx/vmx.c

	Remove unnecessary curly brackets in rest of src/esx/

	Remove unnecessary curly brackets in src/esx/esx_driver.c

	Remove unnecessary curly brackets in daemon/ and examples/

	virsh: Convert EDIT_NOT_CHANGED macro to do-while block.
	This macro is being used as an inline body after an if and might get
	pretty confusing.

	virt-aa-helper: Trick invalid syntax-check
	Rule sc_prohibit_newline_at_end_of_diagnostic for syntax-check does
	check for passing strings ending with '\n' two lines after known
	functions.  This is, of course subject to false positives, so for the
	sake of future changes, trick that syntax-check by adding one more line
	with a comment.

2014-11-14  Daniel P. Berrange  <berrange@redhat.com>

	Re-add use of locking with iptables/ip6tables/ebtables
	A previous commit introduced use of locking with invocation
	of iptables in the viriptables.c module
	  commit ba95426d6f39aec1da6e069dd7222f7a8c6a5862
	  Author: Serge Hallyn <serge.hallyn@ubuntu.com>
	  Date:   Fri Nov 1 12:36:59 2013 -0500
	    util: use -w flag when calling iptables
	This only ever had effect with the virtual network driver,
	as it was not wired up into the nwfilter driver. Unfortunately
	in the firewall refactoring the use of the -w flag was
	accidentally lost.
	This patch introduces it to the virfirewall.c module so that
	both the virtual network and nwfilter drivers will be using
	it. It also ensures that the equivalent --concurrent flag
	to ebtables is used.

2014-11-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't try to parse -help for new QEMU
	Since QEMU 1.2.0, we switched to QMP probing instead of parsing -help
	(and other commands, such as -cpu ?) output. However, if QMP probing
	failed, we still tried starting QEMU with various options and parsing
	the output, which was guaranteed to fail because the output changed.
	Let's just refuse parsing -help for QEMU >= 1.2.0.
	https://bugzilla.redhat.com/show_bug.cgi?id=1160318

	qemu: Always set migration capabilities
	We used to set migration capabilities only when a user asked for them in
	flags. This is fine when migration succeeds since the QEMU process is
	killed in the end but in case migration fails or if it's cancelled, some
	capabilities may remain turned on with no way to turn them off. To fix
	that, migration capabilities have to be turned on if requested but
	explicitly turned off in case they were not requested but QEMU supports
	them.
	https://bugzilla.redhat.com/show_bug.cgi?id=1163953

2014-11-13  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Error out if VSH_OT_STRING option has VSH_OFLAG_REQ flag
	Recent commit 12bd207e217f3c5dc2272a5ea943b81067bd8034 fixed few
	VSH_OT_STRING options that should've been VSH_OT_DATA.  That lead me to
	this commit that enforces people to check that newly added options have
	proper type.  Thanks to virsh erroring out with error message, this will
	immediately show up in 'make check' thanks to our virsh-synopsis test.

	virsh: Enforce proper ordering of options
	Even though vshCmddefOptParse() tried returning -1 if there was an
	optional option specification that preceded a required one, it failed to
	check that for boolean type options and options with VSH_OFLAG_REQ_OPT
	flag set.  On the other hand, it makes sense that VSH_OT_ARGV is
	specified at the end of the option list.
	Returning -1 enforces the proper ordering thanks to virsh-synopsis test
	in 'make check'.

	virsh: Reorder some options
	According to comments in parsing functions, optional options should be
	specified *after* required ones.  It makes sense and help output looks
	cleaner.  The only exceptions are options with type == VSH_OT_ARGV.

2014-11-13  Conrad Meyer  <cse.cem@gmail.com>

	drvbhyve: Use boot-order for grub-bhyve boot device
	Rather than just picking the first CD (or failing that, HDD) we come
	across, if the user has picked a boot device ordering with <boot
	order=''>, respect that (and just try to boot the lowest-index device).
	Adds two sets of tests to bhyve2xmlargv; 'grub-bootorder' shows that we
	pick a user-specified device over the first device in the domain;
	'grub-bootorder2' shows that we pick the first (lowest index) device.

2014-11-13  Erik Skultety  <eskultet@redhat.com>

	lxc: fix setmem effect on a running LXC machine
	When user calls setmem on a running LXC machine, we do update its cgroup
	entry, however we neither update domain's runtime XML nor
	we update our internal structures and this patch fixes it.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1131919

2014-11-13  Conrad Meyer  <cse.cem@gmail.com>

	drvbhyve: Clean-up some used ATTRIBUTE_UNUSEDs.

2014-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix API docs for header file re-organization
	The API docs generators were broken by the header file
	re-organization. Specifically
	 * html/libvirt-libvirt.html was empty (and should be deleted)
	 * Makefile.am didn't install html/libvirt-libvirt-*.html
	 * hvsupport.html was mostly empty
	 * sitemap.html.in didn't list the new html/*.html files

2014-11-13  Pavel Hrdina  <phrdina@redhat.com>

	nwfilter: fix deadlock caused updating network device and nwfilter
	Commit 6e5c79a1 tried to fix deadlock between nwfilter{Define,Undefine}
	and starting of guest, but this same deadlock exists for
	updating/attaching network device to domain.
	The deadlock was introduced by removing global QEMU driver lock because
	nwfilter was counting on this lock and ensure that all driver locks are
	locked inside of nwfilter{Define,Undefine}.
	This patch extends usage of virNWFilterReadLockFilterUpdates to prevent
	the deadlock for all possible paths in QEMU driver. LXC and UML drivers
	still have global lock.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1143780

2014-11-13  Michal Privoznik  <mprivozn@redhat.com>

	qemuPrepareNVRAM: Save domain conf only if domain's persistent
	In one of my previous patches (3a3c3780b) I've tried to fix the
	problem of nvram path disappearing on a domain that's been
	started and shut down again. I fixed this by explicitly saving
	domain's config file.  However, I did a bit of clumsy without
	realizing we have a transient domains for which we don't save the
	config file. Hence, any domain using UEFI became persistent.

2014-11-12  Michal Privoznik  <mprivozn@redhat.com>

	qemuxml2argvtest: Run some test only on Linux
	As I was reviewing bhyve commits, I've noticed qemuxml2argvtest
	failing for some test cases. This is not bug in qemu driver code
	rather than being unable to load qemuxml2argvmock on non-Linux
	platforms. For instance:
	318) QEMU XML-2-ARGV numatune-memnode
	... libvirt:  error : internal error: NUMA node 0 is unavailable
	FAILED
	Rather than disabling qemuxml2argvtest on BSD (we do compile qemu
	driver there) disable only those test cases which require mocking.
	To achieve that goal new DO_TEST_LINUX() macro is introduced which
	invokes the test case on Linux only and consume arguments on other
	systems.

2014-11-12  John Ferlan  <jferlan@redhat.com>

	storage: Introduce 'managed' for the fchost parent
	https://bugzilla.redhat.com/show_bug.cgi?id=1160926
	Introduce a 'managed' attribute to allow libvirt to decide whether to
	delete a vHBA vport created via external means such as nodedev-create.
	The code currently decides whether to delete the vHBA based solely on
	whether the parent was provided at creation time. However, that may not
	be the desired action, so rather than delete and force someone to create
	another vHBA via an additional nodedev-create allow the configuration of
	the storage pool to decide the desired action.
	During createVport when libvirt does the VPORT_CREATE, set the managed
	value to YES if not already set to indicate to the deleteVport code that
	it should delete the vHBA when the pool is destroyed.
	If libvirtd is restarted all the memory only state was lost, so for a
	persistent storage pool, use the virStoragePoolSaveConfig in order to
	write out the managed value.
	Because we're now saving the current configuration, we need to be sure
	to not save the parent in the output XML if it was undefined at start.
	Saving the name would cause future starts to always use the same parent
	which is not the expected result when not providing a parent. By not
	providing a parent, libvirt is expected to find the best available
	vHBA port for each subsequent (re)start.
	At deleteVport, use the new managed value to decide whether to execute
	the VPORT_DELETE.  Since we no longer save the parent in memory or in
	XML when provided, if it was not provided, then we have to look it up.

	storage: Introduce virStoragePoolSaveConfig
	https://bugzilla.redhat.com/show_bug.cgi?id=1160926
	Introduce the ability to save a configuration of a persistent configuration
	that may be changed by storage pool backend activity, such as start or stop

	storage: Don't use a stack copy of the adapter
	https://bugzilla.redhat.com/show_bug.cgi?id=1160926
	Passing a copy of the storage pool adapter to a function just changes the
	copy of the fields in the particular function and then when returning to
	the caller those changes are discarded.  While not yet biting us in the
	storage clean-up case, it did cause an issue for the fchost storage pool
	startup case, createVport.  The issue was at startup, if no parent is found
	in the XML, the code will search for the 'best available' parent and then
	store that in the in memory copy of the adapter.  Of course, in this case
	it was a copy, so when returning to the virStorageBackendSCSIStartPool that
	change was discarded (or lost) from the pool->def->source.adapter which
	meant at shutdown (deleteVport), the code assumed no adapter was passed
	and skipped the deletion, leaving the vHBA created by libvirt still defined
	requiring an additional stop of a nodedev-destroy to remove.
	Adjusted the createVport to take virStoragePoolDefPtr instead of the
	adapter copy. Then use the virStoragePoolSourceAdapterPtr when processing.
	A future patch will need the 'def' anyway, so this just sets up for that.

	storage: Ensure fc_host parent matches wwnn/wwpn
	https://bugzilla.redhat.com/show_bug.cgi?id=1160565
	The existing code assumed that the configuration of a 'parent' attribute
	was correct for the createVport path. As it turns out, that may not be
	the case which leads errors during the deleteVport path because the
	wwnn/wwpn isn't associated with the parent.
	With this change the following is reported:
	error: Failed to start pool fc_pool_host3
	error: XML error: Parent attribute 'scsi_host4' does not match parent 'scsi_host3' determined for the 'scsi_host16' wwnn/wwpn lookup.
	for XML as follows:
	  <pool type='scsi'>
	    <name>fc_pool</name>
	    <source>
	      <adapter type='fc_host' parent='scsi_host4' wwnn='5001a4aaf3ca174b' wwpn='5001a4a77192b864'/>
	    </source>
	Where 'nodedev-dumpxml scsi_host16' provides:
	  <device>
	    <name>scsi_host16</name>
	    <path>/sys/devices/pci0000:00/0000:00:04.0/0000:10:00.0/host3/vport-3:0-11/host16</path>
	    <parent>scsi_host3</parent>
	    <capability type='scsi_host'>
	      <host>16</host>
	      <unique_id>13</unique_id>
	      <capability type='fc_host'>
	        <wwnn>5001a4aaf3ca174b</wwnn>
	        <wwpn>5001a4a77192b864</wwpn>
	...
	The patch also adjusts the description of the storage pool to describe the
	restrictions.

	storage: Check for valid fc_host parent at startup
	https://bugzilla.redhat.com/show_bug.cgi?id=1160565
	If a 'parent' attribute is provided for the fchost, then at startup
	time check to ensure it is a vport capable scsi_host. If the parent
	is not vport capable, then disallow the startup. The following is the
	expected results:
	error: Failed to start pool fc_pool
	error: XML error: parent 'scsi_host2' specified for vHBA is not vport capable
	where the XML for the fc_pool is:
	    <pool type='scsi'>
	      <name>fc_pool</name>
	      <source>
	        <adapter type='fc_host' parent='scsi_host2' wwnn='5001a4aaf3ca174b' wwpn='5001a4a77192b864'/>
	      </source>
	...
	and 'scsi_host2' is not vport capable.
	Providing an incorrect parent and a correct wwnn/wwpn could lead to
	failures at shutdown (deleteVport) where the assumption is the parent
	is for the fchost.
	NOTE: If the provided wwnn/wwpn doesn't resolve to an existing scsi_host,
	      then we will be creating one with code (virManageVport) which
	      assumes the parent is vport capable.

2014-11-12  Matthias Gatto  <matthias.gatto@outscale.com>

	qemu: Resolve Coverity DEADCODE.
	reported here: http://www.redhat.com/archives/libvir-list/2014-November/msg00327.html
	I could have just remove bool supportMaxOptions variable, but
	if I had do this, we could not check anymore if the nparams variable is
	superior to QEMU_NB_BLOCK_IO_TUNE_PARAM_MAX.
	v2: change following this proposal:
	http://www.redhat.com/archives/libvir-list/2014-November/msg00379.html

	qemu: Fix copy_paste_error in qemuBuildDriveStr.
	Fix for this: http://www.redhat.com/archives/libvir-list/2014-November/msg00324.html

2014-11-12  Conrad Meyer  <cse.cem@gmail.com>

	bhyvexml2argv: Add test for grub console support

	bhyve: Add console support for grub-bhyve bootloader
	This enables booting interactive GRUB menus (e.g. install CDs) with
	libvirt-bhyve.
	Caveat: A terminal other than the '--console' option to 'virsh start'
	(e.g. 'cu -l /dev/nmdm0B -s 115200') must be used to connect to
	grub-bhyve because the bhyve loader path is synchronous and must occur
	before the VM actually starts.
	Changing the bhyveProcessStart logic around to accommodate '--console'
	for interactive loader use seems like a significant project and probably
	not worth it, if UEFI/BIOS support for bhyve is "coming soon."

	bhyve: Probe grub-bhyve for --cons-dev capability

	bhyvexml2argv: Add tests for domain-configured bootloader, args

	domaincommon.rng: Add 'bootloader' to os=hvm schema for Bhyve
	Additionally, make the <bootloader> tag optional (for bhyveload with
	custom arguments) (also, matches the actual parser).

	bhyvexml2argv: Add loader argv tests.

	bhyve: Support /domain/bootloader configuration for non-FreeBSD guests.
	We still default to bhyveloader(1) if no explicit bootloader
	configuration is supplied in the domain.
	If the /domain/bootloader looks like grub-bhyve and the user doesn't
	supply /domain/bootloader_args, we make an intelligent guess and try
	chainloading the first partition on the disk (or a CD if one exists,
	under the assumption that for a VM a CD is likely an install source).
	Caveat: Assumes the HDD boots from the msdos1 partition. I think this is
	a pretty reasonable assumption for a VM. (DrvBhyve with Bhyveload
	already assumes that the first disk should be booted.)
	I've tested both HDD and CD boot and they seem to work.

2014-11-12  Ján Tomko  <jtomko@redhat.com>

	Do not crash on gluster snapshots with no host name
	virStorageFileBackendGlusterInit did not check nhosts.
	https://bugzilla.redhat.com/show_bug.cgi?id=1162974

2014-11-11  Ján Tomko  <jtomko@redhat.com>

	Display nicer error message for unsupported chardev hotplug
	Use the device type name if we know it instead of its number,
	even if we can't hotplug it:
	qemuMonitorJSONAttachCharDevCommand:6094 : operation failed: Unsupported
	char device type '10'

	Fix virDomainChrEquals for spicevmc
	virDomainChrSourceDefIsEqual should return 'true' for
	identical SPICEVMC chardevs, and those that have no source
	specification.
	After this change, a failed hotplug no longer leaves a stale
	pointer in the domain definition.
	https://bugzilla.redhat.com/show_bug.cgi?id=1162097

2014-11-11  Wang Rui  <moon.wangrui@huawei.com>

	qemu: fix domain startup failing with 'strict' mode in numatune
	If the memory mode is specified as 'strict' and with one node, we
	get the following error when starting domain.
	error: Unable to write to '$cgroup_path/cpuset.mems': Device or resource busy
	XML is configured with numatune as follows:
	  <numatune>
	    <memory mode='strict' nodeset='0'/>
	  </numatune>
	It's broken by Commit 411cea638f6ec8503b7142a31e58b1cd85dbeaba
	which moved qemuSetupCgroupForEmulator() before setting cpuset.mems
	in qemuSetupCgroupPostInit.
	Directory '$cgroup_path/emulator/' is created in qemuSetupCgroupForEmulator.
	But '$cgroup_path/emulator/cpuset.mems' it not set and has a default value
	(all nodes, such as 0-1). Then we setup '$cgroup_path/cpuset.mems' to the
	nodemask (in this case it's '0') in qemuSetupCgroupPostInit. It must fail.
	This patch makes '$cgroup_path/emulator/cpuset.mems' is set before
	'$cgroup_path/cpuset.mems'. The action is similar with that in
	qemuDomainSetNumaParamsLive.

	lxc: don't setup cpuset.mems if memory mode in numatune is not 'strict'
	If the memory mode in numatune is not 'strict', we should not setup
	cpuset.mems. Before commit 1a7be8c600905aa07ac2d78293336ba8523ad48e
	we have checked the memory mode in virDomainNumatuneGetNodeset. This
	patch adds the check as before.

	qemu: don't setup cpuset.mems if memory mode in numatune is not 'strict'
	If the memory mode in numatune is specified as 'preferred' with one node
	(such as nodeset='0'), domain's memory is not all in node 0 absolutely.
	Assumption that node 0 doesn't have enough memory, memory can be allocated
	on node 1 when qemu process startup. Then if we set cpuset.mems to '0',
	it may invoke OOM.
	Commit 1a7be8c600905aa07ac2d78293336ba8523ad48e changed the former logic of
	checking memory mode in virDomainNumatuneGetNodeset. This patch adds the
	check as before.

2014-11-11  Hao Liu  <hliu@redhat.com>

	Fix invalid log, misused option types and a typo
	This patch fixes the following issues.
	1)  When an invalid wwn is introduced, libvirt reports
	    "Malformed wwn: %s". The template won't be replaced.
	2)  "target" option for dompmsuspend and "xml" option for
	    save-image-define are required options and should use
	    VSH_OT_DATA instead of VSH_OT_STRING as an option type.
	3)  A typo.

2014-11-11  Martin Kletzander  <mkletzan@redhat.com>

	phyp: Fix NULL dereference in phypConnectOpen
	Coverity found out that commit cd490086 caused a possible NULL pointer
	dereference.  This is due to the fact, that phyp_driver is NULL at the
	time of closing the socket, instead of connection_data, which kept the
	socket before the mentioned commit, could not be NULL.
	However, internal_socket is still the local socket that can be
	closed, even unconditionally, if we initialize it to -1.

2014-11-11  Matthias Gatto  <matthias.gatto@outscale.com>

	virsh: Add bps_max and friends to virsh
	Add the new throttle options to virsh, and send them to libvirt.

	qemu: Add bps_max and friends to qemu command generation
	Check the arability of the options with the current qemu binary,
	add them in the varable opt if yes, print a message if not.

	qemu: Add bps_max and friends QMP suport
	Detect if the the qemu binary currently in use support the bps_max option,
	If yes add it to the command, if not, just ignore the option.
	We don't print error here, because the check for invalide arguments
	has alerady been made in qemu_driver.c

	qemu: Add bps_max and friends qemu driver
	Add support for bps_max and friends in the driver part.
	In the part checking if a qemu is running, check if the running binary
	support bps_max, if not print an error message, if yes add it to
	"info" variable

2014-11-10  Matthias Gatto  <matthias.gatto@outscale.com>

	qemu: Add Qemu capability for bps_max and friends
	Add the capability to detect if the qemu binary have the capability
	to use bps_max and friends
	Add a value in the enum virQEMUCapsFlags for the qemu capability.
	Set it with virQEMUCapsSet if the binary suport bps_max and they friends.

	qemu: Modify the structure _virDomainBlockIoTuneInfo.
	Modify the structure _virDomainBlockIoTuneInfo to support these the new
	options.
	Change the initialization of the variable expectedInfo in qemumonitorjsontest.c
	to avoid compiling problem.
	Add documentation about the new xml options

	qemu: Add define for the new throttle options
	Add defines for the new options total_bytes_sec_max, write_bytes_sec_max,
	read_bytes_sec_max, total_iops_sec_max, write_iops_sec_max, read_iops_sec_max,
	size_iops_sec.

2014-11-10  Jincheng Miao  <jmiao@redhat.com>

	nodeinfo: report error when failure in nodeSetMemoryParameters
	nodeSetMemoryParameters() will call nodeSetMemoryParameterValue()
	to set parameters. But it just filter the return code '-2' as
	failure. Indeed we should report error when rc is negative.
	https://bugzilla.redhat.com/show_bug.cgi?id=1161541

2014-11-10  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	cpu_conf: Allow specification of 'units' for @memory on numa nodes.
	CPU numa topology implicitly allows memory specification in 'KiB'.
	Enabling this to accept the 'unit' in which memory needs to be specified.
	This now allows users to specify memory in units of choice, and
	lists the same in 'KiB' -- just like other 'memory' elements in XML.
	    <numa>
	      <cell cpus='0-3' memory='1024' unit='MiB' />
	      <cell cpus='4-7' memory='1024' unit='MiB' />
	    </numa>
	Also augment test cases to correctly model NUMA memory specification.
	This adds the tag 'unit="KiB"' for memory attribute in NUMA cells.

	conf: Expose virDomainParseMemory for use outside domain_conf
	Commit 01b4de2b9f5ca82 abstracts virDomainParseMemory()
	for use by other functions in domain_conf.c
	Extend the same for use, for functions outside of this file.

2014-11-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Simplify VI (vSphere) API and VMware product version handling
	Store version numbers in this format
	version = 1000000 * major + 1000 * minor + micro
	produced by virParseVersionString instead of dedicated enums.
	Split the complex esxVI_ProductVersion enum into a simpler
	esxVI_ProductLine enum and a product version number.
	Relax API and product version number checks to accept everything that
	is equal or greater than the supported minimum version. VMware ESX
	went through 3 major versions and the vSphere API always stayed
	backward compatible. This commit assumes that this will also be true
	for future VMware ESX versions.
	Also reword error messages in esxConnectTo* to say what was expected
	and what was found instead (suggested by Richard W.M. Jones).

2014-11-08  Michal Privoznik  <mprivozn@redhat.com>

	domain_conf: Use virDomainParseMemory more widely
	As reviewing patches upstream it occurred to me, that we have two
	functions doing nearly the same: virDomainParseMemory which
	expects XML in the following format:
	  <memory unit='MiB'>1337</memory>
	The other function being virDomainHugepagesParseXML expecting the
	following format:
	  <someElement size='1337' unit='MiB'/>
	It wouldn't matter to have two functions handle two different
	scenarios like this if we could only not copy code that handles
	32bit arches around. So this code merges the common parts into
	one by inventing new @units_xpath argument to
	virDomainParseMemory which allows overriding the default location
	of @unit attribute in XML. With this change both scenarios above
	can be parsed with virDomainParseMemory.

2014-11-07  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Transform VIR_ERROR into VIR_WARN in detect_scsi_host_caps
	If detect_scsi_host_caps reports errors but keeps libvirtd going on
	startup, the user is misled by the error messages. Transforming them
	into warning still shows the problems, but indicates this is not fatal.

2014-11-07  Martin Kletzander  <mkletzan@redhat.com>

	vbox: Remove useless condition branches
	These were probably left there after some code movement.

2014-11-07  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	virnuma: add nodeset NULL check in virNumaSetupMemoryPolicy
	Introduced by commit c63ef0452b, when nodeset is NULL, validation will
	pass in virNumaSetupMemoryPolicy, but virBitmapNextSetBit must ensure
	bitmap is not NULL, otherwise that might cause a segmentation fault.
	This patch fixes it.

2014-11-07  Daniel P. Berrange  <berrange@redhat.com>

	Remove use of networkPrivateData from netcf driver
	The shared netcf driver is stateful and inside the daemon so
	there is no need to use the networkPrivateData field to get the
	driver handle. Just access the global driver handle directly.

	Remove use of networkPrivateData from network driver
	The shared network driver is stateful and inside the daemon so
	there is no need to use the networkPrivateData field to get the
	driver handle. Just access the global driver handle directly.
	Many places already directly accessed the global driver handle
	in any case, so the code could never work without relying on
	this.

	Remove use of storagePrivateData from storage driver
	The shared storage driver is stateful and inside the daemon so
	there is no need to use the storagePrivateData field to get the
	driver handle. Just access the global driver handle directly.

	Update Test driver to always use privateData
	Since the secondary drivers are only active when the primary
	driver is also the Test driver, there is no need to use the
	different type specific privateData fields.

	Update Parallels driver to always use privateData
	Since the secondary drivers are only active when the primary
	driver is also the Parallels driver, there is no need to use the
	different type specific privateData fields. The object that was
	being stored in the storagePrivateData can easily be kept in the
	parallelsConn struct instead.

	Remove abuse of networkPrivateData in phyp driver
	For inexplicable reasons the phyp driver defined two separate
	structs for holding its private data. One it keeps in privateData
	and the other it keeps in networkPrivateData. It uses them both
	from all API driver methods. Merge the two separate structs
	into one to remove this horrible abuse.

	Move phyp internal info out of the header file
	The phyp_driver.h file has various declarations that are only
	ever used from phyp_driver.c, so they should be in the .c file
	only.

	Update Hyper-V driver to always use privateData
	Since the secondary drivers are only active when the primary
	driver is also the Hyper-V driver, there is no need to use the
	different type specific privateData fields.

	Update ESX driver to always use privateData
	Since the secondary drivers are only active when the primary
	driver is also the ESX driver, there is no need to use the
	different type specific privateData fields.

	Update remote driver to always use privateData
	Since the secondary drivers are only active when the primary
	driver is also the remote driver, there is no need to use the
	different type specific privateData fields.

	Clean up remote driver connection open code
	The remote driver has had a long term hack to deal with the fact
	that the old Xen driver worked outside libvirtd, but the rest
	of the drivers worked inside. So you could have a local hypervisor
	driver but everything else go via the remote driver. The Xen driver
	long ago moved inside libvirtd, so this hack is no longer needed.
	Thus we should open use the remote driver for secondary drivers
	if the primary driver is already the remote driver.

2014-11-07  Luyao Huang  <lhuang@redhat.com>

	doc: fix mismatched ACL attribute name
	As documented in https://bugzilla.redhat.com/show_bug.cgi?id=1161358,
	the ACL attribute should be named: interface_macaddr

2014-11-07  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Test: Add a testcase for PowerPC compat mode cpu specification.
	This introduces a testcase for PowerPC compat mode cpu specification.
	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

	docs: Add documentation for compat mode.
	Add documentation to explain how compat-mode can be invoked with libvirt
	running on PowerPC architecture.
	It also mentions that this change is available libvirt 1.2.11 onwards.
	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

	PowerPC:Improve PVR handling to fall back to cpu generation.
	IBM Power processors differ uniquely across generations (such as power6,
	power7, power8). Each generation signifies a new PowerISA version
	that exhibits features unique to that generation.
	The higher 16 bits of PVR for IBM Power processors encode the CPU
	generation, while the CPU chip (sub)version is encoded in lower 16 bits.
	For all practical purposes of launching a VM, we care about the
	generation which the vCPU will belong to, and not specifically the chip
	version. This patch updates the libvirt PVR check to reflect this
	relationship. It allows libvirt to select the right CPU generation
	in case the exact match for a a specific CPU is not found.
	Hence, there will no longer be a need to add each PowerPC CPU model to
	cpu_map.xml; just adding entry for the matching ISA generation will
	suffice.
	It also contains changes to cpu_map.xml since processor generations
	as understood by QEMU compat mode go as "power6", "power7" or "power8"
	[Reference : QEMU commit 8dfa3a5e85 ]
	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

	PowerPC : Add support for launching VM in 'compat' mode.
	PowerISA allows processors to run VMs in binary compatibility ("compat")
	mode supporting an older version of ISA. QEMU has recently added support to
	explicitly denote a VM running in compatibility mode through commit 6d9412ea
	& 8dfa3a5e85. Now, a "compat" mode VM can be run by invoking this qemu
	commandline on a POWER8 host:  -cpu host,compat=power7.
	This patch allows libvirt to exploit cpu mode 'host-model' to describe this
	new mode for PowerKVM guests. For example, when a user wants to request a
	power7 vm to run in compatibility mode on a Power8 host, this can be
	described in XML as follows :
	  <cpu mode='host-model'>
	    <model>power7</model>
	  </cpu>
	Acked-by: Michal Privoznik <mprivozn@redhat.com>

	Cpu: Add support for Power LE Architecture.
	This adds support for PowerPC Little Endian architecture.,
	and allows libvirt to spawn VMs based on 'ppc64le' architecture.
	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

2014-11-06  Martin Kletzander  <mkletzan@redhat.com>

	gitignore: use wildcard for configure's temporary files
	Pushed as trivial and pre-ACK'd here:
	https://www.redhat.com/archives/libvir-list/2014-November/msg00180.html

2014-11-06  Jiri Denemark  <jdenemar@redhat.com>

	Fix build-time pkg-config files in VPATH
	Since libvirt.h was split into several files, it is impossible to
	compile anything against a VPATH-built libvirt. In VPATH, only libvirt.h
	is in build/include/libvirt while all other libvirt-*.h files are in
	source/include/libvirt.

2014-11-06  Michal Privoznik  <mprivozn@redhat.com>

	virnetdevbandwidth: Include virutil.h
	One of the latest patches (9a8fc3efc2470) introduced call of
	geteuid(). However, not all systems have the function
	implemented, e.g. mingw. Therefore, we fail to build on those
	system. The fix consist of including virutil.h which defines
	geteuid in needed. Sigh.

	qemu: Update fsfreeze status on domain state transitions
	https://bugzilla.redhat.com/show_bug.cgi?id=1160084
	As of b6d4dad1 (1.2.5) libvirt keeps track if domain disks have been
	frozen. However, this falls into that set of information which don't
	survive domain restart. Therefore, we need to clear the flag upon some
	state transitions. Moreover, once we clear the flag we must update the
	status file too.

2014-11-06  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: Allow use of iothreads for virtio ccw disk definitions
	Extending the iothread disk support from pci to pci and ccw.
	Reviewed-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
	Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>

	qemu: Correct disk type checking logic for iothreads
	Finding the right type of disk should check for virtio as bus and
	pci as device address type.
	Reviewed-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

2014-11-06  Luyao Huang  <lhuang@redhat.com>

	virsh: fix net-dhcp-leases no output in quiet mode
	When run net-dhcp-leases in quiet mode, cannot get
	any output.
	 # virsh -q net-dhcp-leases default

	network: fix call virNetworkEventLifecycleNew when networkStartNetwork fail
	When start a network fail, libvirt still call virNetworkEventLifecycleNew
	to send a event.

2014-11-06  Martin Kletzander  <mkletzan@redhat.com>

	numa: fix assumption in virNumaNodeIsAvailable()
	When compiled without full numa support, the stub function for
	virNumaNodeIsAvailable() just checks whether specified node is in range
	<0, max); where max is maximum NUMA node available on the host.  But
	because the maximum node number is the highest usabe number (and not the
	count of nodes), the check is incorrect as it should check whether the
	specified node is in range <0, max> instead.

	numa: split util/ and conf/ and support non-contiguous nodesets
	This is a reaction to Michal's fix [1] for non-NUMA systems that also
	splits out conf/ out of util/ because libvirt_util shouldn't require
	libvirt_conf if it is the other way around.  This particular use case
	worked, but we're trying to avoid it as mentioned [2], many times.
	The only functions from virnuma.c that needed numatune_conf were
	virDomainNumatuneNodesetIsAvailable() and virNumaSetupMemoryPolicy().
	The first one should be in numatune_conf as it works with
	virDomainNumatune, the second one just needs nodeset and mode, both of
	which can be passed without the need of numatune_conf.
	Apart from fixing that, this patch also fixes recently added
	code (between commits d2460f85^..5c8515620) that doesn't support
	non-contiguous nodesets.  It uses new function
	virNumaNodesetIsAvailable(), which doesn't need a stub as it doesn't use
	any libnuma functions, to check if every specified nodeset is available.
	[1] https://www.redhat.com/archives/libvir-list/2014-November/msg00118.html
	[2] http://www.redhat.com/archives/libvir-list/2011-June/msg01040.html

	add temporary compilation files into .gitignore
	When using git-status during configure phase, three additional files are
	shown as untracked.

2014-11-06  Erik Skultety  <eskultet@redhat.com>

	Iface: disallow network tuning in session mode globally
	Patch 43b67f2e disallowed network tuning only with qemu driver, however
	this patch moved the check for root privileges into
	virNetDevBandwidthSet function, so the call should now
	fail in all possible cases. A mock function was created so that the test
	suite doesn't fail because of unsufficient privileges.

	qemu: revert patch - bandwidth tuning in session mode
	Since there was a valid note to patch 43b67f2e about the best spot to
	check for bandwidth set call while having libvirt daemon run in session
	mode, this patch reverts previous changes dealing with bandwith
	(also reverts adding variable @cfg in qemuDomainGetNumaParameters which
	 does not have any use at the moment, but getting and unreferencing
	 driver's config) in qemu_driver.c and qemu_command.c. There will be
	another patch in the series which introduces the fix itself.

2014-11-06  Ján Tomko  <jtomko@redhat.com>

	Free job statistics from the migration cookie
	==404== 232 bytes in 1 blocks are definitely lost in loss record 669 of 758
	==404==    at 0x4C2B934: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==404==    by 0x52A2BF3: virAlloc (viralloc.c:144)
	==404==    by 0x1D49AD70: qemuMigrationCookieAddStatistics (qemu_migration.c:554)
	==404==    by 0x1D49AD70: qemuMigrationBakeCookie (qemu_migration.c:1228)
	==404==    by 0x1D4A43B8: qemuMigrationFinish (qemu_migration.c:5002)
	==404==    by 0x1D4C9339: qemuDomainMigrateFinish3Params (qemu_driver.c:11526)
	Introduced by commit 5d6fb96

2014-11-06  Hao Liu  <hliu@redhat.com>

	virsh: Fix types for option bandwidth in block*
	Bandwidth options in blockcommit, blockcopy, blockjob and blockpull
	are parsed by vshCommandOptULWrap() and should be shown as a number
	type option.
	And a typo is fixed.

2014-11-06  Michal Privoznik  <mprivozn@redhat.com>

	private.syms: Export virDomainNumatuneSpecifiedMaxNode
	As of 90286418 the function is introduced. However, it's missing
	an entry in the libvirt_private.syms so it can't be mocked.

	virnuma: Add some more comments
	Well, in fact only add comments to mark ifdef,
	else and endif sections.

2014-11-06  Eric Blake  <eblake@redhat.com>

	CVE-2014-7823: dumpxml: security hole with migratable flag
	Commit 28f8dfd (v1.0.0) introduced a security hole: in at least
	the qemu implementation of virDomainGetXMLDesc, the use of the
	flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only
	connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE
	prior to calling qemuDomainFormatXML.  However, the use of
	VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write
	clients only.  This patch treats the migratable flag as requiring
	the same permissions, rather than analyzing what might break if
	migratable xml no longer includes secret information.
	Fortunately, the information leak is low-risk: all that is gated
	by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password;
	but VNC passwords are already weak (FIPS forbids their use, and
	on a non-FIPS machine, anyone stupid enough to trust a max-8-byte
	password sent in plaintext over the network deserves what they
	get).  SPICE offers better security than VNC, and all other
	secrets are properly protected by use of virSecret associations
	rather than direct output in domain XML.
	* src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC):
	Tighten rules on use of migratable flag.
	* src/libvirt-domain.c (virDomainGetXMLDesc): Likewise.

2014-11-06  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainUpdateDeviceConfig: Allow startupPolicy update
	https://bugzilla.redhat.com/show_bug.cgi?id=1159219
	Users might want to update startupPolicy via the
	virDomainUpdateDeviceFlags API too. This patch
	implements the feature on config layer.

2014-11-05  Peter Krempa  <pkrempa@redhat.com>

	remote: Fix memory leak in remoteConnectGetAllDomainStats
	The remote call actually doesn't free the arguments array so we leak
	memory in case a domain list is specified. As the remote domain list
	array consists only of stolen pointers from the actual domain objects
	it's sufficient just to free the array.
	Valgrind message:
	==1081452== 64 bytes in 1 blocks are definitely lost in loss record 632 of 726
	==1081452==    at 0x4C296D0: calloc (vg_replace_malloc.c:618)
	==1081452==    by 0x4EA5CB4: virAllocN (viralloc.c:191)
	==1081452==    by 0x505D21E: remoteConnectGetAllDomainStats (remote_driver.c:7785)
	==1081452==    by 0x50081AA: virDomainListGetStats (libvirt-domain.c:11080)
	==1081452==    by 0x155249: cmdDomstats (virsh-domain-monitor.c:2147)
	==1081452==    by 0x12FB73: vshCommandRun (virsh.c:1935)
	==1081452==    by 0x133FEB: main (virsh.c:3719)

2014-11-05  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Memory: Use consistent type for all memory elements.
	Domain memory elements such as max_balloon and cur_balloon are
	implemented as 'unsigned long long', whereas the 'memory' element
	in NUMA cells is implemented as 'unsigned int'.
	Use the same data type (unsigned long long) for 'memory' element
	in NUMA cells.

2014-11-04  Ján Tomko  <jtomko@redhat.com>

	Require at least one console for LXC domain
	A domain without a console quietly dies soon after start,
	because we try to set /dev/null as a controlling TTY
	2014-10-30 15:10:59.705+0000: 1: error : lxcContainerSetupFDs:283 :
	ioctl(TIOCSCTTY) failed: Inappropriate ioctl for device
	Report an error early instead of trying to start it.
	https://bugzilla.redhat.com/show_bug.cgi?id=1155410

	Do not probe for power mgmt capabilities in lxc emulator
	It fails after 30 seconds with this error:
	error : virDBusCall:1429 : error from service: CanSuspend:
	Did not receive a reply. Possible causes include: the remote
	application did not send a reply, the message bus security
	policy blocked the reply, the reply timeout expired, or the
	network connection was broken.
	Only probe for the power mgmt capabilities when driver is non-NULL.
	This speeds up domain startup by 30 seconds.
	https://bugzilla.redhat.com/show_bug.cgi?id=1159227

2014-11-04  Martin Kletzander  <mkletzan@redhat.com>

	util: fix releasing pidfile in cleanup
	Coverity found out the very obvious problem in the code.  That is that
	virPidFileReleasePath() was called only if
	virPidFileAcquirePath() returned 0.  But virPidFileAcquirePath() doesn't
	return only 0 on success, but the FD that needs to be closed.

2014-11-04  Weiwei Li  <nuonuoli@tencent.com>

	qemu: stop NBD server after successful migration
	In qemuMigrationFinish mig->nbd can not be initialized by
	qemuMigrationEatCookie without the QEMU_MIGRATION_COOKIE_NBD flag.
	That causes qemuMigrationStopNBDServer to return early without
	stopping the NBD server properly.

2014-11-04  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	virnuma: use virNumaNodesetIsAvailable checking nodeset in virNumaSetupMemoryPolicy

	numatune: add check for numatune nodeset range
	There was no check for 'nodeset' attribute in numatune-related
	elements.  This patch adds validation that any nodeset specified does
	not exceed maximum host node.

	bitmap: add virBitmapLastSetBit for finding the last bit position of bitmap

2014-11-03  Martin Kletzander  <mkletzan@redhat.com>

	examples: add systemtap script to ease lock debugging
	As discussed before, this simple script should help with debugging
	deadlocks, although there are still some caveats.  RWLocks are not
	handled by this and if your deadlock if very racy, it may not lock
	up when running with this script due to the slowdown.

	qemu: avoid rare race when undefining domain
	When one domain is being undefined and at the same time started, for
	example, there is a possibility of a rare problem occuring.
	 - Thread 1 does virDomainUndefine(), has the lock, checks that the
	   domain is active and because it's not, calls
	   virDomainObjListRemove().
	 - Thread 2 does virDomainCreate() and tries to lock the domain.
	 - Thread 1 needs to lock domain list in order to remove the domain from
	   it, but must unlock domain first (proper order is to lock domain list
	   first and the domain itself second).
	 - Thread 2 grabs the lock, starts the domain and releases the lock.
	 - Thread 1 grabs the lock and removes the domain from list.
	With this patch:
	 - qemuDomainRemoveInactive() creates a QEMU_JOB_MODIFY if that's
	   possible, but since it must remove the domain from list either way,
	   it continues even when starting the job failed.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1150505

	virsh: don't list unknown domains
	When the list of domains is fetched and being printed, but in the
	meantime one domain was undefined before its status was fetched, the
	output then includes domain with "no state".  With this patch, such
	domain is skipped over as consecutive 'virsh list --all' (or the same
	one ran a second later) wouldn't list it anyway.

	lxc: improve error message for invalid blkiotune settings
	Before:
	  $ virsh blkiotune dummy --device-read-bytes-sec /dev/sda,-1
	  error: Unable to change blkio parameters
	  error: invalid argument: unable to parse blkio device
	  'device_read_bytes_sec' '/dev/sda,-1'
	After:
	  $ virsh blkiotune dummy --device-read-bytes-sec /dev/sda,-1
	  error: Unable to change blkio parameters
	  error: invalid argument: invalid value '-1' for parameter
	  'device_read_bytes_sec' of device '/dev/sda'
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1131306

	qemu: improve error message for invalid blkiotune settings
	Before:
	  $ virsh blkiotune dummy --device-read-bytes-sec /dev/sda,-1
	  error: Unable to change blkio parameters
	  error: invalid argument: unable to parse blkio device
	  'device_read_bytes_sec' '/dev/sda,-1'
	After:
	  $ virsh blkiotune dummy --device-read-bytes-sec /dev/sda,-1
	  error: Unable to change blkio parameters
	  error: invalid argument: invalid value '-1' for parameter
	  'device_read_bytes_sec' of device '/dev/sda'
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1131306

	qemu: make sure capability probing process can start
	When daemon is killed right in the middle of probing a qemu binary for
	its capabilities, the qemu process is left running.  Next time the
	daemon is starting, it cannot start the probing qemu process because the
	one that's already running does have the pidfile flock()'d.
	Reported-by: Wang Yufei <james.wangyufei@huawei.com>

	util: Introduce virPidFileForceCleanupPath
	This function is used to cleanup a pidfile doing whatever it takes, even
	killing the owning process.

	vbox: don't register NULL driver
	We were missing check for the fact that the storage driver was found and
	in case there is no vbox storage driver available, daemon raised the
	following error each start:
	  error : virRegisterStorageDriver:592 : driver in
	  virRegisterStorageDriver must not be NULL
	Fixing this makes the condition unified with networkDriver registration
	in vbox as well.

	qemu: make advice from numad available when building commandline
	Particularly in qemuBuildNumaArgStr(), there was a need for the advice
	due to memory backing, which needs to know the nodeset it will be pinned
	to.  With newer qemu this caused the following error when starting
	domain:
	  error: internal error: Advice from numad is needed in case of
	  automatic numa placement
	even when starting perfectly valid domain, e.g.:
	  ...
	  <vcpu placement='auto'>4</vcpu>
	  <numatune>
	    <memory mode='strict' placement='auto'/>
	  </numatune>
	  <cpu>
	    <numa>
	      <cell id='0' cpus='0' memory='524288'/>
	      <cell id='1' cpus='1' memory='524288'/>
	    </numa>
	  </cpu>
	  ...
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1138545

2014-11-03  John Ferlan  <jferlan@redhat.com>

	Post-release version bump for new dev cycle

2014-11-03  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.10
	- docs/news.html.in libvirt.spec.in: update for release
	- po/*.po*: fetched loclalization and regenerated

2014-11-01  Pavel Hrdina  <phrdina@redhat.com>

	hotplug: fix char device detach
	Hotplugging and hotunplugging char devices is only supported through
	'-device' and the check for device capability should be independently.
	Coverity also complains about 'tmpChr->info.alias' could be NULL and we
	are dereferencing it but it somehow only in this case don't recognize
	that the value is set by 'qemuAssignDeviceChrAlias' so it's clearly
	false positive. Add sa_assert to make coverity happy.

	vbox_storage: fix coverity issue with overwriting value
	Coverity is complaining about overwriting value in 'rc' variable
	without using the old value because it somehow doesn't recognize that
	the value is used by MACRO. The 'rc' variable is there only for checking
	return code so it's save to remove it and make coverity happy.

2014-11-01  Ján Tomko  <jtomko@redhat.com>

	Relax duplicate SCSI host pool checking
	Since commit 3f99d64 no new scsi_host pools can be defined
	if one of the already defined scsi_host pools does not refer
	to an accessible scsi_host adapter.
	Relax the check by skipping over these inaccessible pools
	when checking for duplicates.

	Match scsi_host pools by parent address first
	If both source adapters are specified by a parent address,
	just comparing the address is faster and catches even addresses
	that do not refer to valid adapters.

2014-11-01  Pavel Hrdina  <phrdina@redhat.com>

	mingw: fix build failure
	This macro seems to be defined only on linux/unix and it fails during
	mingw build. Its value is '16' (taken from net/if.h) so define it if
	it's not defined.

2014-11-01  Eric Blake  <eblake@redhat.com>

	domain: fix parsing of memory tunables on 32-bit machines
	Commit 6c9a8a4 (Oct 2014) exposed a long-standing issue on 32-bit
	machines: code related to virDomainSetMemoryParameters has always
	been documented as using a 64-bit limit, but it was implemented by
	calling virDomainParseMemory which enforced an 'unsigned long'
	limit.  Since VIR_DOMAIN_MEMORY_PARAM_UNLIMITED capped to a
	long is -1, but virDomainParseScaledValue no longer accepts
	negative values, an attempt to use 2^53-1 as a hard memory limit
	started failing the testsuite.  However, the problem with capping
	things artificially low has existed for much longer - ever since
	commits 4888f0fb and 2e22f23 (Mar 2012) switched internal tracking
	from 'unsigned long' to 'unsigned long long' (prior to that time,
	the cap was a side-effect of the choice of types).  We _have_ to
	cap the balloon memory values, (no thanks to baked in 'unsigned long'
	of API such as virDomainSetMaxMemory or virDomainGetInfo with no
	counterpart API that guarantees 64-bit access to those numbers)
	but memory parameters have never needed the artificial limit.
	At any rate, the solution is to make the parser function gain a
	parameter, and only do the reduced 32-bit cap for the values that
	are constrained due to API.
	* src/conf/domain_conf.h (_virDomainMemtune): Add comments.
	* src/conf/domain_conf.c (virDomainParseMemory): Add parameter.
	(virDomainDefParseXML): Adjust callers.

2014-10-31  weiwei li  <weiweili821@gmail.com>

	qemu: Release nbd port from migrationPorts instead of remotePorts
	commit 3e1e16aa8d4238241a1806cb9bdb3b9ad60db777 (Use a port from the
	migration range for NBD as well) changed ndb port allocation from
	remotePorts to migrationPorts, but did not change the port releasing
	process, which makes an error when migrating several times (above 64):
	error: internal error: Unable to find an unused port in range
	'migration' (49152-49215)
	https://bugzilla.redhat.com/show_bug.cgi?id=1159245

2014-10-31  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix double-free of libxl_domain_build_info
	On error, libxlMakeDomBuildInfo() frees the caller-provided
	libxl_domain_build_info struct embedded in libxl_domain_config,
	causing a segfault
	Program received signal SIGSEGV, Segmentation fault.
	[Switching to Thread 0x7f9c13020700 (LWP 40988)]
	(gdb) bt
	0  0x00007f9c162f95b4 in free () from /lib64/libc.so.6
	1  0x00007f9c0d0965ad in libxl_bitmap_dispose () from
	   /usr/lib64/libxenlight.so.4.4
	2  0x00007f9c0d0a73bf in libxl_domain_build_info_dispose ()
	   from /usr/lib64/libxenlight.so.4.4
	3  0x00007f9c0d0a7974 in libxl_domain_config_dispose () from
	   /usr/lib64/libxenlight.so.4.4
	4  0x00007f9c0d2e00c5 in libxlDomainStart (driver=0x7f9c0400e4e0,
	   vm=0x7f9c0412b0d0, start_paused=false, restore_fd=-1) at
	   libxl/libxl_domain.c:1323
	5  0x00007f9c0d2e1d4b in libxlDomainCreateXML (conn=0x7f9c000009a0,...)
	   at libxl/libxl_driver.c:660
	Remove the call to libxl_domain_build_info_dispose() from
	libxlMakeDomBuildInfo().  On error, callers will dispose the
	libxl_domain_config object, which in turn disposes the build info.

	libxl: Support user-specified <emulator>
	With the introduction of the libxlDomainGetEmulatorType function,
	it is trivial to support a user-specfied <emulator> in the libxl
	driver.  This patch is based loosely on David Scott's old patch
	to do the same
	https://www.redhat.com/archives/libvir-list/2013-April/msg02119.html

2014-10-31  Ján Tomko  <jtomko@redhat.com>

	Spell TIOCSCTTY right in the error message

2014-10-30  Ján Tomko  <jtomko@redhat.com>

	Reject live update of offloading options
	https://bugzilla.redhat.com/show_bug.cgi?id=1155441

2014-10-30  Martin Kletzander  <mkletzan@redhat.com>

	conf: forbid negative values in virDomainParseScaledValue
	It makes sense for none of the callers to have negative value as an
	output and, fortunately, if anyone tried defining domain with negative
	memory or any other value parsed by virDomainParseScaledValue(), the
	resulting value was 0.  That means we can error out during parsing as
	it won't break anything.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1155843

2014-10-30  Luyao Huang  <lhuang@redhat.com>

	virsh: Fix memory leak in cmdNetworkDHCPLeases
	After cidr_format is allocated by virAsprintf and used by vshPrintExtra
	it needs to be freed.
	Fix the following memory leak from valgrind:
	 18 bytes in 1 blocks are definitely lost in loss record 41 of 192
	    at 0x4C29BBD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	    by 0x85CE36F: __vasprintf_chk (vasprintf_chk.c:80)
	    by 0x4EE52D5: UnknownInlinedFun (stdio2.h:210)
	    by 0x4EE52D5: virVasprintfInternal (virstring.c:459)
	    by 0x4EE53CA: virAsprintfInternal (virstring.c:480)
	    by 0x14FE96: cmdNetworkDHCPLeases (virsh-network.c:1378)
	    by 0x13006B: vshCommandRun (virsh.c:1915)
	    by 0x12A9E1: main (virsh.c:3699)

2014-10-30  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	virutil: fix virGetSCSIHostNumber stub return type
	The virGetSCSIHostNumber function return type is int, however
	its stubbed version returns NULL. That results in a build fail
	on systems that use the stubbed version. Fix by using a proper
	return type.

	virnetdev: stub virNetDev{Add,Del}Multi on FreeBSD
	Currently, build fails on FreeBSD because its struct ifreq does not
	have ifr_hwaddr member. In order to fix that, check if this member
	is present, otherwise fall back to the stub version of the
	virNetDev{Add,Del}Multi functions.

2014-10-30  John Ferlan  <jferlan@redhat.com>

	virnetdev: Resolve Coverity RESOURCE_LEAK
	virFileReadAll returns a chunk of memory that needs to be free'd when
	done

	virnetdev: Resolve Coverity FORWARD_NULL
	The complaint is that if cleanup is called when virFileReadAll fails,
	then mcast->entries is NULL and could be dereferenced in the clear
	function. After following the code some - I saw that the caller to
	the function (virNetDevGetMulticastTable) will also call
	virNetDevMcastListClear if this function returns -1, so this
	isn't necessary, so I removed the call.

	virnetdev: Resolve Coverity DEADCODE
	Coverity complains that because the for loop is from 0 to 5 (max tokens)
	and the impending switch/case statements used each of the #define values
	that the 'default' wouldn't reachable. This patch will convert the #define's
	into enum's and add the obligatory dead_error_begin marker for these type
	situations.

2014-10-30  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Teach virt-aa-helper to use TEMPLATE.qemu if the domain is kvm or kqemu

2014-10-30  Eric Blake  <eblake@redhat.com>

	qemu: better error message when block job can't succeed
	https://bugzilla.redhat.com/show_bug.cgi?id=1140981 reports that
	the qemu-kvm shipped as part of RHEL 7.0 intentionally[1] cripples
	block jobs by removing the 'block-stream' QMP command, while still
	leaving 'block-job-cancel' as an unusable no-op.  Meanwhile, we
	already had existing code that checked whether block jobs were
	completely missing (such as qemu 0.15), old style (cancel is
	synchronous, and all commands spelled with '_'), or new style
	(cancel is asynchronous, and all commands spelled with '-'), and
	used that three-way probe to give decent error messages.  At the
	time that code was added, all existing qemu versions fell in one
	of three buckets, and the code was using the presence of
	'block-job-cancel' as the witness of which of the three buckets.
	But now that RHEL qemu has shipped with intentionally crippled
	'block-stream', we have a fourth bucket, which results in ugly
	error messages when trying 'virsh blockpull':
	 error: Requested operation is not valid: Command 'block-stream' is not found
	In reality, the fourth bucket should be treated the same as the
	first bucket (no block job support); we can do that by realizing
	that no existing build of qemu has working block-stream while
	lacking block-job-cancel, so it is easiest to change our witness
	to the command that starts a job rather than ends one.  We still
	act correctly regarding command spelling and whether cancel is
	asynchronous.  And on crippled RHEL builds, we now get the desired:
	 error: unsupported configuration: block jobs not supported with this qemu binary
	[1] The intentional cripple is limited to qemu-kvm of RHEL; when using
	qemu-kvm-rhev of RHEV, block job functionality is supported.  Don't ask
	me to explain the "why" behind it all - I'm just dealing with fallout
	from someone else's decision.
	* src/qemu/qemu_capabilities.h (QEMU_CAPS_BLOCKJOB_SYNC): Tweak comment.
	* src/qemu/qemu_capabilities.c (virQEMUCapsCommands): Look for stream
	rather than cancel when determining the flavor of block jobs supported.

2014-10-30  Peter Krempa  <pkrempa@redhat.com>

	test: Add test to verify helpers used for backing file name parsing
	Add two test cases to verify that the helpers split and parse the
	backing store components properly.

	storage: Fix crash when parsing backing store URI with schema
	The code that parses the schema from the URI touches the "hosts[0]"
	member of the storage file source structure in case the URI contains a
	schema. The hosts array was not yet allocated at the point in the code
	where the transport protocol was parsed and set. This lead to a crash of
	libvirtd.
	Fix the code by allocating the "hosts" array upfront and add a test case
	to verify this scenario. (Unfortunately this requires shuffling the test
	case numbers too).
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1156288

2014-10-29  Eric Blake  <eblake@redhat.com>

	maint: add syntax check to prohibit static zero init
	Now that all offenders have been cleaned, turn on a syntax-check
	rule to prevent future offenders.
	* cfg.mk (sc_prohibit_static_zero_init): New rule.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Avoid false
	positive.

	maint: avoid static zero init in drivers
	C guarantees that static variables are zero-initialized.  Some older
	compilers (and also gcc -fno-zero-initialized-in-bss) create larger
	binaries if you explicitly zero-initialize a static variable.
	* src/libxl/libxl_driver.c: Fix initialization.
	* src/lxc/lxc_controller.c: Likewise.
	* src/openvz/openvz_util.c (openvzKBPerPages): Likewise.
	* src/phyp/phyp_driver.c: Likewise.
	* src/remote/remote_driver.c: Likewise.
	* src/test/test_driver.c: Likewise.
	* src/uml/uml_driver.c: Likewise.
	* src/vbox/vbox_XPCOMCGlue.c: Likewise.
	* src/vbox/vbox_tmpl.c: Likewise.
	* src/xen/xen_driver.c: Likewise.
	* src/xen/xen_hypervisor.c: Likewise.

	maint: avoid static zero init in helpers
	C guarantees that static variables are zero-initialized.  Some older
	compilers (and also gcc -fno-zero-initialized-in-bss) create larger
	binaries if you explicitly zero-initialize a static variable.
	* src/conf/nwfilter_conf.c: Fix initialization.
	* src/cpu/cpu_x86.c: Likewise.
	* src/interface/interface_backend_netcf.c: Likewise.
	* src/locking/lock_daemon.c: Likewise.
	* src/locking/lock_driver_lockd.c: Likewise.
	* src/locking/lock_driver_sanlock.c: Likewise.
	* src/network/bridge_driver.c: Likewise.
	* src/node_device/node_device_udev.c: Likewise.
	* src/nwfilter/nwfilter_learnipaddr.c: Likewise.
	* src/rpc/virnetserver.c: Likewise.
	* src/security/security_selinux.c
	(virSecuritySELinuxGenSecurityLabel): Likewise.

	maint: avoid static zero init in tests
	C guarantees that static variables are zero-initialized.  Some older
	compilers (and also gcc -fno-zero-initialized-in-bss) create larger
	binaries if you explicitly zero-initialize a static variable.
	* tests/eventtest.c: Fix initialization.
	* tests/testutils.c: Likewise.
	* tests/virhostdevtest.c: Likewise.
	* tests/virportallocatortest.c: Likewise.
	* tests/virscsitest.c: Likewise.

	maint: avoid static zero init in tools
	C guarantees that static variables are zero-initialized.  Some older
	compilers (and also gcc -fno-zero-initialized-in-bss) create larger
	binaries if you explicitly zero-initialize a static variable.
	* tools/virsh-console.c (got_signal): Drop unused variable.
	* tools/virsh-domain.c: Fix initialization.
	* tools/virsh.c: Likewise.
	* tools/virt-host-validate-common.c (virHostMsgWantEscape):
	Likewise.

	maint: avoid static zero init in core files
	C guarantees that static variables are zero-initialized.  Some older
	compilers (and also gcc -fno-zero-initialized-in-bss) create larger
	binaries if you explicitly zero-initialize a static variable.
	* src/libvirt.c: Fix initialization.
	* src/util/viralloc.c: Likewise.
	* src/util/virdbus.c: Likewise.
	* src/util/virevent.c: Likewise.
	* src/util/virfile.c (safezero): Likewise.
	* src/util/virlog.c: Likewise.
	* src/util/virnetlink.c: Likewise.
	* src/util/virthread.h (VIR_ONCE_GLOBAL_INIT): Likewise.
	* src/util/virprocess.c (virProcessGetStartTime): Likewise.

	audit: use bool for audit log choice
	We weren't ever using the value for anything other than being non-zero.
	* src/util/viraudit.h (virAuditLog): Change signature.
	* src/util/viraudit.c (virAuditLog): Update user.
	* daemon/libvirtd.c (main): Likewise.

2014-10-29  Michal Privoznik  <mprivozn@redhat.com>

	src/Makefile.am: Add forgotten backslash
	As I've pushed 5892944f I haven't noticed one small nitpick.
	There was this backslash missing on the line 1231 in the
	enumeration of libraries to be added to vbox storage driver. This
	resulted in nondeterministic build which sometimes succeeded and
	sometimes failed.

2014-10-29  John Ferlan  <jferlan@redhat.com>

	storage_conf: Resolve libvirtd crash matching scsi_host
	https://bugzilla.redhat.com/show_bug.cgi?id=1146837
	Resolve a crash in libvirtd resulting from commit id 'a4bd62ad' (1.0.6)
	which added parentaddr and unique_id to allow unique identification of
	a scsi_host, but assumed that all the pool entries and the incoming
	definition would be similarly defined. If the existing pool uses the
	'name' attribute and an incoming pool is using the parentaddr/unique_id,
	then the code will attempt to compare the existing name string against
	the incoming name string which doesn't exist (is NULL) and results in
	a core (STREQ).
	Conversely, if the existing pool used the parentaddr/unique_id and the
	to be defined pool used the name, then the comparison would be against
	the parentaddr, but since the incoming pool doesn't have one - that would
	leave the comparison against a parentaddr of all 0's and a unique_id of 0,
	which will always comparison to fail. This means someone could define the
	same source adapter for two pools
	In order to resolve this, adjust the code to get the 'host#' to be used
	by the storage scsi backend in order to check/start the pool and make sure
	the incoming definition doesn't match any of the existing pool defs.

	virutil: Introduce virGetSCSIHostNameByParentaddr
	Create the function from the code in getAdapterName() in order to return
	the "host#" name for the provided parentaddr values.

	virutil: Introduce virGetSCSIHostNumber
	Create/use virGetSCSIHostNumber to replace the static getHostNumber
	Removed the "if (result &&" since result is now required to be non NULL
	on input.

	qemu-attach: Assign device aliases
	https://bugzilla.redhat.com/show_bug.cgi?id=1141621
	As part of attach processing, assign the device aliases by calling
	qemuAssignDeviceAliases during qemuDomainQemuAttach once all the devices
	are found after the qemuParseCommandLinePid processing.
	This will alleviate a symptom that caused a libvirtd crash during an
	attempted device detach.

	hotplug: Check for alias in net detach
	https://bugzilla.redhat.com/show_bug.cgi?id=1141621
	If the QEMU_CAPS_DEVICE is set, then ensure the host device alias has
	been properly set before making the calls to detach the device

	hotplug: Check for alias in chrdev detach
	If the QEMU_CAPS_DEVICE is set, then ensure the chr device alias has
	been properly set before making the calls to detach the device

	hotplug: Check for alias in hostdev detach
	If the QEMU_CAPS_DEVICE is set, then ensure the host device alias has
	been properly set before making the calls to detach the device

	hotplug: Check for alias in disk detach
	If the QEMU_CAPS_DEVICE is set, then ensure the disk device alias has
	been properly set in prior to making the calls to detach the device.

	hotplug: Check for alias in controller detach
	In qemuDomainDetachControllerDevice if the info.alias already exists
	a call to qemuAssignDeviceControllerAlias would overwrite the existing
	so avoid this possibility.

	virsh: Adjust the text in man page regarding qemu-attach
	Slight adjustment to the qemu-attach man page to note device hotplug
	and hot unplug may not work and that the environment should be considered
	read-only

2014-10-29  Jincheng Miao  <jmiao@redhat.com>

	remote: fix jump depends on uninitialised value
	Currently remote driver only initializes partial fields of
	remote_connect_get_all_domain_stats_args. But xdr_array()
	will check the uninitialised field 'doms_val'.
	For safty reason, memset all fields of args is better.
	Fix the following error from valgrind, like:
	==30515== 1 errors in context 1 of 3:
	==30515== Conditional jump or move depends on uninitialised value(s)
	==30515==    at 0x85E9402: xdr_array (xdr_array.c:88)
	==30515==    by 0x4FD8FC9: xdr_remote_connect_get_all_domain_stats_args (remote_protocol.c:6473)
	==30515==    by 0x4FE72F2: virNetMessageEncodePayload (virnetmessage.c:350)
	==30515==    by 0x4FDD21C: virNetClientProgramCall (virnetclientprogram.c:326)
	==30515==    by 0x4FB4D01: callFull.isra.2 (remote_driver.c:6667)
	==30515==    by 0x4FCBD45: call (remote_driver.c:6689)
	==30515==    by 0x4FCBD45: remoteConnectGetAllDomainStats (remote_driver.c:7793)
	==30515==    by 0x4FA0E75: virConnectGetAllDomainStats (libvirt.c:21678)
	==30515==    by 0x147FD1: cmdDomstats (virsh-domain-monitor.c:2148)
	==30515==    by 0x13006B: vshCommandRun (virsh.c:1915)
	==30515==    by 0x12A9E1: main (virsh.c:3699)

2014-10-29  Taowei Luo  <uaedante@gmail.com>

	vbox: Remove unused things in vbox_tmpl.c
	After rewriting the whole driver, Only version specified code is
	remained in vbox_tmpl.c. So, this patch removes those unused macros
	header files in vbox_tmpl.c.

	vbox: New storage driver
	This patch provides the new stroage driver for vbox. The work
	is similar with patch 87dea4fc and the next b4022de33.

	vbox: Rewrite vboxStorageVolGetPath

	vbox: Rewrite vboxStorageVolGetXMLDesc

	vbox: Rewrite vboxStorageVolGetInfo

	vbox: Rewrite vboxStorageVolDelete
	The API on IHardDiskAttachment is merged into IMediumAttachment.
	So, we don't need it anymore.

	vbox: Make IMediumAttachment work with vbox2.2 and 3.0
	The GetMedium will always return a IHardDisk object them.
	In 2.2 and 3.0, it is what GetHardDisk exactly do. In 3.1 and later,
	The IMedium is same as IHardDisk.

	vbox: Rewrite vboxStorageVolCreateXML
	If the <path> in target element is not given, libvirt will put the
	new volume in ~/.VirtualBox by default.

	vbox: Make CreateHardDisk support all vbox versions
	The CreateHardDiskMedium only support create HardDisk for medium
	type, and it only works when vbox version >= 3.1. This patch make
	the function workable with all vbox versions and rename it as
	CreateHardDisk.
	In vbox 2.2 and 3.0 this function will create a IHardDisk object.
	In vbox later than 3.0, this function will create a IMedium object.

	vbox: Rewrite vboxStorageVolLookupByPath

	vbox: Make FindMedium support old vbox versions
	In old version, function FindMedium in UIVirtualBox doesn't work
	for vbox2.2 and 3.0. We assume it will not be used when vbox in
	these versions.
	But when rewriting vboxStorageVolLookupByPath, we found it was
	compatibe to use FindMedium to get a IHardDisk object, even in
	vbox old versions. To achieve this, first make FindMedium call
	FindHardDisk when VBOX_API_VERSION < 4000000.
	Then change the argument type **IMedium to **IHardDisk. (As the
	rules in heriachy, we can't transfer a IHardDisk to match
	IMedium in output)
	In vbox 2.2 and 3.0, the caller must be aware that they will get
	a IHardDisk object in return.

	vbox: Rewrite vboxStorageVolLookupByKey

	vbox: Rewrite vboxStorageVolLookupByName

	vbox: Rewrite vboxStoragePoolListVolumes

	vbox: Rewrite vboxStoragePoolNumOfVolumes
	We use typedef IMedium IHardDisk to make IHardDisk hierachy from
	IMedium (Actually it did on vbox 2.2 and 3.0's C++ API).
	So when calling
	    VBOX_MEDIUM_FUNC_ARG*(IHardDisk, func, args)
	we can directly replace it to
	    gVBoxAPI.UIMedium.func(IHardDisk, args)
	When dealing with this two types, we get some rules from it's
	hierachy relationship.
	When using IHardDisk and IMedium as input, we can't transfer a
	IMedium to IHardDisk. Like:
	    gVBoxAPI.UIHardDisk.func(IHardDisk *hardDisk, args)
	    Here, we can't put a *IMedium as a argument.
	When using IHardDisk and IMedium as output, we can't transfer a
	IHardDisk to IMedium. Like:
	    gVBoxAPI.UIMachine.GetMedium(IMedium **out)
	    Here, we can't put a **IHardDisk as a argument. If this case
	    do happen, we either change the API to GetHardDisk or write a
	    new one.

	vbox: Rewrite vbox-independent functions
	This patch rewrites the following functions
	    *vboxStorageOpen
	    *vboxStorageClose
	    *vboxConnectNumOfStoragePools
	    *vboxConnectListStoragePools
	    *vboxStoragePoolLookupByName
	These functions do not call any vbox API, so I directly move it
	from vbox_tmpl.c to vbox_storage.c
	A small improvement is made on vboxConnectListStoragePools.
	The if condition nnames == 1 is modified to nnames > 0. So if the
	caller put more than one slot to get active storage pools, the new
	function will return exactly one, while the old one would only
	return 0.

	vbox: move common codes to vbox_common.h
	There are lots of macro declarations in vbox_common.c,
	vbox_network.c, and the coming vbox_storage.c which simply the API
	calling. Since they are totally the same. We shouldn't keep three
	copies of that, so they are moved to vbox_common.h.
	Note: The macros are quite different from those in vbox_tmpl.c,
	      because they are using different API.

	vbox: Remove VBOX_OBJECT_CHECK macro
	We should follow the rules that CHECK macro only do checking works.
	But this VBOX_OBJECT_CHECK and VBOX_OBJECT_HOST_CHECK declared some
	varibles at the same time, which broke the rule. So the patch
	removed this macros and dispatched it in source code.
	The storage driver is still not rewriten at this point. So, I
	remains the VBOX_OBJECT_CHECK macro in vbox_tmpl.c. But this will
	finally be removed in patch 'vbox: Remove unused things in vbox_tmpl.c'

	vbox: Fix copyright mistake
	I made a mistake on copyright in patch 7f0f415b87.
	If I copied codes from one file to another, I should copy the
	copyright announcement as well. So this patch makes up the
	copyright which I should have added in the previous patch.

2014-10-29  Shanzhi Yu  <shyu@redhat.com>

	virsh: Improve the job type reported of virsh cmd blockcommit
	When starting an active block commit job in virsh, it will report
	"Block Commit started", but for more precise message it could
	report "Active Block Commit started".

2014-10-29  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Renamed internal __mon_yday into mon_yday to avoid conflicts
	libc has another constant with the same name, which leads to
	redefinition error when building against static libvirt

2014-10-29  Michal Privoznik  <mprivozn@redhat.com>

	qemu_agent: Produce more readable error messages
	Not every error message from qemu-ga has to have the 'class' field
	filled out. For instance, I've seen this error message lately:
	  qemuAgentCheckError:1047 : unable to execute QEMU agent command \
	  {"execute":"guest-set-time"}: \
	  {"error":{"desc":"Invalid parameter type, expected: integer"}}
	However, this got translated into rather generic error message:
	  internal error: unable to execute QEMU agent command
	  'guest-set-time': unknown QEMU command error
	So we've dropped better error message in favor of a generic one.
	This is due to our code which expects 'class' which is not
	present here.

2014-10-29  Tony Krowiak  <akrowiak@linux.vnet.ibm.com>

	qemu: change macvtap multicast list in response to NIC_RX_FILTER_CHANGED
	This patch adds functionality to processNicRxFilterChangedEvent().
	The old and new multicast lists are compared and the filters in
	the macvtap are programmed to match the guest's filters.

	util: Functions to update host network device's multicast filter
	This patch provides the utility functions to needed to synchronize the
	changes made to a guest domain network device's multicast filter
	with the corresponding macvtap device's filter on the host:
	* Get/add/remove multicast MAC addresses
	* Get the macvtap device's RX filter list

2014-10-28  Eric Blake  <eblake@redhat.com>

	qemu: forbid snapshot-delete --children-only on external snapshot
	https://bugzilla.redhat.com/show_bug.cgi?id=956506 documents that
	given a domain where an internal snapshot parent has an external
	snapshot child, we lacked a safety check when trying to use the
	--children-only option to snapshot-delete:
	$ virsh start dom
	$ virsh snapshot-create-as dom internal
	$ virsh snapshot-create-as dom external --disk-only
	$ virsh snapshot-delete dom external
	error: Failed to delete snapshot external
	error: unsupported configuration: deletion of 1 external disk snapshots not supported yet
	$ virsh snapshot-delete dom internal --children
	error: Failed to delete snapshot internal
	error: unsupported configuration: deletion of 1 external disk snapshots not supported yet
	$ virsh snapshot-delete dom internal --children-only
	Domain snapshot internal children deleted
	While I'd still like to see patches that actually do proper external
	snapshot deletion, we should at least fix the inconsistency in the
	meantime.  With this patch:
	$ virsh snapshot-delete dom internal --children-only
	error: Failed to delete snapshot internal
	error: unsupported configuration: deletion of 1 external disk snapshots not supported yet
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDelete): Fix condition.

2014-10-27  Laine Stump  <laine@laine.org>

	util: eliminate "use after free" in callers of virNetDevLinkDump
	virNetDevLinkDump() gets a message from netlink into "resp", then
	calls nlmsg_parse() to fill the table "tb" with pointers into resp. It
	then returns tb to its caller, but not before freeing the buffer at
	resp. That means that all the callers of virNetDevLinkDump() are
	examining memory that has already been freed. This can be verified by
	filling the buffer at resp with garbage prior to freeing it (or, I
	suppose, just running libvirtd under valgrind) then performing some
	operation that calls virNetDevLinkDump().
	The code has been like this ever since virNetDevLinkDump() was written
	- the original author didn't notice it, and neither did later
	additional users of the function. It has only been pure luck (or maybe
	a lack of heavy load, and/or maybe an allocation algorithm in malloc()
	that delays re-use of just-freed memory) that has kept this from
	causing errors, for example when configuring a PCI passthrough or
	macvtap passthrough network interface.
	The solution taken in this patch is the simplest - just return resp to
	the caller along with tb, then have the caller free it after they are
	finished using the data (pointers) in tb. I alternately could have
	made a cleaner interface by creating a new struct that put tb and resp
	together along with a vir*Free() function for it, but this function is
	only used in a couple places, and I'm not sure there will be
	additional new uses of virNetDevLinkDump(), so the value of adding a
	new type, extra APIs, etc. is dubious.

2014-10-25  Julio Faracco  <jcfaracco@gmail.com>

	tests: Add SELINUX_LIBS to fix viridentitytest linker bug
	In a clean build system (Ubuntu 14.04), the viridentitytest failed to compile.
	Even if all the SELINUX libraries and depedencies are installed. See the error
	message below:
	[...]
	  CC       viridentitytest.o
	  CCLD     viridentitytest
	/usr/bin/ld: viridentitytest.o: undefined reference to symbol
	                                                       'security_disable'
	//lib/x86_64-linux-gnu/libselinux.so.1: error adding symbols: DSO missing
	                                                           from command line
	collect2: error: ld returned 1 exit status
	make: *** [viridentitytest] Error 1
	Simply adding the variable SELINUX_LIBS in viridentitytest rules of
	Makefile.am to include SELINUX libraries into viridentitytest solved that
	compilation issue.

2014-10-25  Shanzhi Yu  <shyu@redhat.com>

	vbox: network: make sure driver is not NULL in virRegisterNetworkDriver
	libvirtd will report below error if it does not make sure driver was not NULL
	in virRegisterNetworkDriver
	$ libvirtd
	2014-10-24 09:24:36.443+0000: 28876: info : libvirt version: 1.2.10
	2014-10-24 09:24:36.443+0000: 28876: error : virRegisterNetworkDriver:549 : driver in virRegisterNetworkDriver must not be NULL
	2014-10-24 09:24:36.443+0000: 28876: error : virDriverLoadModule:99 : Failed module registration vboxNetworkRegister

2014-10-25  Daniel P. Berrange  <berrange@redhat.com>

	Add new driver-*.h files to DRIVER_SOURCES
	The recently added driver-*.h files were not listed in the
	Makefile.am causing them to be missed when creating dists.

	Fix indentation of sysinfo data
	The <sysinfo> data block was indented by 2 spaces too many.
	This was missed because we never had any test validating
	the XML formatting.

	Fix preprocessor indentation in libvirt.h.in
	The cfg.mk rule for checking preprocessor indentation was
	mistakenly missing the libvirt.h.in file due to bad file
	extension matching rule. Fix that and the resolve the
	incorrect indentation that is identified.

	Move virConnect related APIs out of libvirt.h.in
	Create a new libvirt-host.h file to hold the public
	API definitions for the virConnect type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virDomain related APIs out of libvirt.h.in
	Create a new libvirt-domain.h file to hold the public
	API definitions for the virDomain type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virEvent related APIs out of libvirt.h.in
	Create a new libvirt-event.h file to hold the public
	API definitions for the virEvent type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virStoragePool/Vol related APIs out of libvirt.h.in
	Create a new libvirt-storage.h file to hold the public
	API definitions for the virStorage/Vol type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virStream related APIs out of libvirt.h.in
	Create a new libvirt-stream.h file to hold the public
	API definitions for the virStream type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>
	Note the definition of virStreamPtr is not moved, since that
	must be declared early for all other libvirt APIs to be able
	to reference it.

	Move virSecret related APIs out of libvirt.h.in
	Create a new libvirt-secret.h file to hold the public
	API definitions for the virSecret type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virNodeDevice related APIs out of libvirt.h.in
	Create a new libvirt-nodedev.h file to hold the public
	API definitions for the virNodeDevice type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virNWFilter related APIs out of libvirt.h.in
	Create a new libvirt-nwfilter.h file to hold the public
	API definitions for the virNWFilter type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virInterface related APIs out of libvirt.h.in
	Create a new libvirt-interface.h file to hold the public
	API definitions for the virInterface type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virNetwork related APIs out of libvirt.h.in
	Create a new libvirt-network.h file to hold the public
	API definitions for the virNetwork type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virDomainSnapshot related APIs out of libvirt.h.in
	Create a new libvirt-domain-snapshot.h file to hold the public
	API definitions for the virDomainSnapshot type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

2014-10-24  Daniel P. Berrange  <berrange@redhat.com>

	Move virConnect/virNode related APIs out of libvirt.c
	Introduce a src/libvirt-host.c file to hold all the
	methods related to the virConnect type.

	Move virDomain related APIs out of libvirt.c
	Introduce a src/libvirt-domain.c file to hold all the
	methods related to the virDomain type.

	Make virTypedParameterValidateSet non-static
	The virTypedParameterValidateSet method will need to be used
	from several libvirt-*.c files so must be non-static

	Move virStorage{Pool,Vol} related APIs out of libvirt.c
	Introduce a src/libvirt-storage.c file to hold all the
	methods related to the virStorage{Pool,Vol} types.

	Move virStream related APIs out of libvirt.c
	Introduce a src/libvirt-stream.c file to hold all the
	methods related to the virStream type.

	Move virSecret related APIs out of libvirt.c
	Introduce a src/libvirt-secret.c file to hold all the
	methods related to the virSecret type.

	Move virNodeDevice related APIs out of libvirt.c
	Introduce a src/libvirt-nodedev.c file to hold all the
	methods related to the virNodeDevice type.

	Move virNWFilter related APIs out of libvirt.c
	Introduce a src/libvirt-nwfilter.c file to hold all the
	methods related to the virNWFilter type.

	Move virInterface related APIs out of libvirt.c
	Introduce a src/libvirt-interface.c file to hold all the
	methods related to the virInterface type.

	Move virNetwork related APIs out of libvirt.c
	Introduce a src/libvirt-network.c file to hold all the
	methods related to the virNetwork type.

	Move virDomainSnapshot related APIs out of libvirt.c
	Introduce a src/libvirt-domain-snapshot.c file to hold all the
	methods related to the virDomainSnapshot type.

2014-10-24  Eric Blake  <eblake@redhat.com>

	hyperv: avoid query memleaks on failure
	The function hypervEnumAndPull consumes query on success, but leaked
	it on failure.  Rather than having to change all callers (many of
	them indirect callers through the generated
	hypervGetMsvmComputerSystemList), it was easier to just guarantee
	that the buffer is cleaned on return from the function.
	* src/hyperv/hyperv_wmi.c (hypervEnumAndPull): Don't leak query on
	failure.

2014-10-23  Daniel P. Berrange  <berrange@redhat.com>

	Split driver.h into multiple parts
	With the large number of APIs in libvirt the driver.h file,
	it is easy to get lost looking for things. Split each driver
	into a separate header file based on the functional driver
	groups.

	Rename virDriver to virHypervisorDriver
	To prepare for introducing a single global driver, rename the
	virDriver struct to virHypervisorDriver and the registration
	API to virRegisterHypervisorDriver()

2014-10-23  Erik Skultety  <eskultet@redhat.com>

	qemu: Disallow NUMA/network tuning for session mode
	Tuning NUMA or network interface parameters requires root
	privileges to manage cgroups. Thus an attempt to set some of these
	parameters in session mode on a running domain should be invalid
	followed by an error. An example might be memory tuning which raises
	an error in such case.
	The following behavior in session mode will be present after applying
	this patch:
	  Tuning  |      SET      |   GET  |
	----------|---------------|--------|
	NUMA      | shut off only | always |
	Memory    |     never     | never  |
	Interface |     never     | always |
	Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1126762

2014-10-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Make check for empty hook XML robust
	Also consider whitespace only strings returned from the hook as empty
	result.

	qemu: restore: Fix restoring of VM when the restore hook returns empty XML
	The documentation for the restore hook states that returning an empty
	XML is equivalent with copying the input. There was a bug in the code
	checking the returned string by checking the string instead of the
	contents. Use the new helper to check if the string is empty.

	util: string: Add helper to check whether string is empty
	The helper checks whether a string contains only whitespace or is NULL.
	This will be helpful to skip cases where a user string is optional, but
	may be provided empty with the same meaning.

	doc: HACKING: Regenerate after recent change

2014-10-22  Rick Harris  <rconradharris@gmail.com>

	Add support for /run/initctl
	Newer versions of Debian use '/run/initctl' instead of '/dev/initctl'.
	This patch updates the code to search for the FIFO from a list of
	well-known locations.

2014-10-22  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix an improper git browsable address

2014-10-22  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix cast errors with clang
	Build with clang fails with:
	  CC       util/libvirt_util_la-virsocketaddr.lo
	util/virsocketaddr.c:904:17: error: cast from 'struct sockaddr *' to
	'struct sockaddr_in *' increases required alignment from 1 to 4
	[-Werror,-Wcast-align]
	        inet4 = (struct sockaddr_in*) res->ai_addr;
	                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	util/virsocketaddr.c:909:17: error: cast from 'struct sockaddr *' to
	'struct sockaddr_in6 *' increases required alignment from 1 to 4
	[-Werror,-Wcast-align]
	        inet6 = (struct sockaddr_in6*) res->ai_addr;
	                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	2 errors generated.
	Fix that by replacing virSocketAddrParseInternal() call with
	virSocketAddrParse() in the virSocketAddrIsNumericLocalhost() function.
	virSocketAddrParse stores an address in virSocketAddr.
	virSocketAddr uses a union to store an address, so it doesn't
	need casting.

2014-10-21  Martin Kletzander  <mkletzan@redhat.com>

	docs: Mention repository locations in contributor guidelines

	qemu: unref cfg after TerminateMachine has been called
	Commit 4882618ed13b469d92fa8b2b4a158fdb17dbe9f1 added the code that
	requests driver cfg, but forgot to unref it.

2014-10-21  Lubomir Rintel  <lkundrak@v3.sk>

	qemu: x86_64 is good enough for i686
	virt-manager on Fedora sets up i686 hosts with "/usr/bin/qemu-kvm" emulator,
	which in turn unconditionally execs qemu-system-x86_64 querying capabilities
	then fails:
	Error launching details: invalid argument: architecture from emulator 'x86_64' doesn't match given architecture 'i686'
	Traceback (most recent call last):
	  File "/usr/share/virt-manager/virtManager/engine.py", line 748, in _show_vm_helper
	    details = self._get_details_dialog(uri, vm.get_connkey())
	  File "/usr/share/virt-manager/virtManager/engine.py", line 726, in _get_details_dialog
	    obj = vmmDetails(conn.get_vm(connkey))
	  File "/usr/share/virt-manager/virtManager/details.py", line 399, in __init__
	    self.init_details()
	  File "/usr/share/virt-manager/virtManager/details.py", line 784, in init_details
	    domcaps = self.vm.get_domain_capabilities()
	  File "/usr/share/virt-manager/virtManager/domain.py", line 518, in get_domain_capabilities
	    self.get_xmlobj().os.machine, self.get_xmlobj().type)
	  File "/usr/lib/python2.7/site-packages/libvirt.py", line 3492, in getDomainCapabilities
	    if ret is None: raise libvirtError ('virConnectGetDomainCapabilities() failed', conn=self)
	libvirtError: invalid argument: architecture from emulator 'x86_64' doesn't match given architecture 'i686'
	Journal:
	Oct 16 21:08:26 goatlord.localdomain libvirtd[1530]: invalid argument: architecture from emulator 'x86_64' doesn't match given architecture 'i686'

2014-10-21  Zhou yimin  <zhouyimin@huawei.com>

	qemu: move setting emulatorpin ahead of monitor showing up
	If VM is configured with many devices(including passthrough devices)
	and large memory, libvirtd will take seconds(in the worst case) to
	wait for monitor. In this period the qemu process may run on any
	PCPU though I intend to pin emulator to the specified PCPU in xml
	configuration.
	Actually qemu process takes high cpu usage during vm startup.
	So this is not the strict CPU isolation in this case.

2014-10-20  Richard W.M. Jones  <rjones@redhat.com>

	docs: apps: Update references to virt-p2v and virt-v2v.
	These tools have been rewritten upstream, so you don't need to link to
	the old tools, link to the new ones and mention they are part of
	libguestfs.
	Also remove the link to "Poor man's P2V".  There's no real reason to
	use that technique any longer since the rewritten tools are simple,
	fast and highly capable.

2014-10-20  Maxime Leroy  <maxime.leroy@6wind.com>

	tests: fix incorrect caps for shmem-invalid-size, shmem-small-size
	VIR_TEST_DEBUG=2 ./qemuxml2argvtest generates the following output:
	409) QEMU XML-2-ARGV shmem-invalid-size
	... Got expected error: unsupported configuration: ivshmem device is not \
		 supported with this QEMU binary
	OK
	410) QEMU XML-2-ARGV shmem-small-size
	... Got expected error: unsupported configuration: ivshmem device is not \
	supported with this QEMU binary
	OK
	We should have:
	409) QEMU XML-2-ARGV shmem-invalid-size
	... Got expected error: XML error: shmem size must be a power of two
	OK
	410) QEMU XML-2-ARGV shmem-small-size
	... Got expected error: XML error: shmem size must be at least 1 MiB
	OK
	This commit fixes the issue by providing QEMU_CAPS_DEVICE_IVSHMEM caps
	for shmem-invalid-size, shmem-small-size test.

	conf: tests: fix virDomainNetDefFormat for vhost-user in client mode
	The mode attribute is required for the source element of vhost-user.
	Thus virDomainNetDefFormat should always generate a xml with it and not
	only when the mode is server.
	The commit fixes the issue. And it adds a vhostuser interface in
	'client' mode to qemuxml2argv-net-vhostuser.(args|xml) to test this
	usecase.

2014-10-17  Jim Fehlig  <jfehlig@suse.com>

	libxl: add missing 'break' from commit 1298daca
	Add missing 'break's from commit 1298daca, as noted by John Ferlan
	https://www.redhat.com/archives/libvir-list/2014-October/msg00430.html

2014-10-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: Convert qemuDomainUpdateDeviceConfig to typecasted enum

	qemu: Convert qemuDomainDetachDeviceConfig to typecasted enum

	qemu: Convert qemuDomainAttachDeviceConfig to typecasted enum

	qemu: Convert qemuDomainUpdateDeviceLive to typecasted enum

	qemu: Convert qemuDomainDetachDeviceLive to typecasted enum

2014-10-15  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	conf: fix an memory leak in virSocketAddrIsNumericLocalhost()

2014-10-15  Peter Krempa  <pkrempa@redhat.com>

	conf: Move definition of virDomainParseMemory
	Shove it to the top of the file so that it can be reused earlier.

	Implement empty post parse callbacks for all drivers
	To allow easy implementation of a callback check this patch adds empty
	post parse callbacks to drivers that were missing them.

	qemu: monitor: Add functions for object hot-add/remove
	To allow live modification of device backends in qemu libvirt needs to
	be able to hot-add/remove "objects". Add monitor backend functions to
	allow this.
	This function will be used for hot-add/remove of RNG backends,
	IOThreads, memory backing objects, etc.

	util: json: Add option to skip adding a JSON object if it is NULL
	Add a new option specifier that will optionally add a JSON key=value pair
	containing a nested object if the added object isn't NULL.

	util: json: Improve handling and docs for adding JSON objects
	The JSON structure constructor has an option to add JSON arrays to the
	constructed object. The description is inaccurate as it can add any json
	object even a dict. Change the docs to cover this option and reject
	adding NULL objects.

	util: json: Split out code to create json value objects
	Our qemu monitor code has a converter from key-value pairs to a json
	value object. I want to re-use the code later and having it part of the
	monitor command generator is inflexible. Split it out into a separate
	helper.

	qemu: hotplug: Use typecasted switch statement when plugging new devices

	conf: Add compile time check that devices were checked for ABI stability
	As in the device info iterator add a switch that will force the compiler
	to check that new device types are added to the ABI stability checker.

	conf: shmem: Add ABI stability check
	Although the device will probably inhibit migration add checks to make
	sure that the configuration change gets caught.

	conf: Improve adding of new address types
	Use typecasted switch statement and note the type used to select the
	address type in a comment.

2014-10-15  Jiri Denemark  <jdenemar@redhat.com>

	Cleanup maintainers list

2014-10-15  Cole Robinson  <crobinso@redhat.com>

	libvirt: Document UNDEFINE_NVRAM in UndefineFlags doc

2014-10-15  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	conf: fix a wrong comment in virSocketAddrNumericFamily()

	conf: Check whether migration_address is localhost
	When enabling the migration_address option, by default it is
	set to "127.0.0.1", but it's not a valid address for migration.
	so we should add verification and set the default migration_address
	to "0.0.0.0".

	conf: add check if migration_host is a localhost address
	 Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>

	migration: add migration_host support for IPv6 address without brackets
	if specifying migration_host to an Ipv6 address without brackets,
	it was resolved to an incorrect address, such as:
	    tcp:2001:0DB8::1428:4444,
	but the correct address should be:
	    tcp:[2001:0DB8::1428]:4444
	so we should add brackets when parsing it.

2014-10-15  Ján Tomko  <jtomko@redhat.com>

	Introduce virStringStripIPv6Brackets
	Helper function to strip the brackets from an IPv6 address.
	Tested by viruritest.

2014-10-14  Peter Krempa  <pkrempa@redhat.com>

	virsh: domain: Use global constant for XML file size limit
	Few places still used hardcoded limit for maximum XML size for commands
	that accept XML files. The hardcoded limits ranged from 8k to 1M. Use
	VSH_MAX_XML_FILE to express this limit in a unified way. This will bump
	the limit for the commands that used hardcoded string lengths to 10M.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1152427

	virsh: man: Fix description of --live/--config usage
	dommemstat and blkdeviotune's man page incorrectly stated the usage of
	--live and --config.

2014-10-13  Wang Rui  <moon.wangrui@huawei.com>

	conf: improve the comments for "xmlopt"

2014-10-12  Martin Kletzander  <mkletzan@redhat.com>

	Fix leftover typo '&' -> '&&'
	The actual origin of this so called typo are two commits.  The first one
	was commit 72f8a7f that came up with the following condition:
	if ((i == 8) & (flags & VIR_QEMU_PROCESS_KILL_FORCE))
	Fortunately this succeeded thanks to bool being (int)1 and
	VIR_QEMU_PROCESS_KILL_FORCE having the value of 1 << 0.  The check was
	then moved and altered in 8fd38231179c394f07d8a26bcbf3a0faa5eeaf24 to
	current state:
	if ((i == 50) & force)
	that will work again (both sides of '&' being booleans), but since this
	was missed so many times, it may pose a problem in the future in case it
	gets copy-pasted again.

2014-10-11  Stefan Bader  <stefan.bader@canonical.com>

	libxl: Implement basic video device selection
	This started as an investigation into an issue where libvirt (using the
	libxl driver) and the Xen host, like an old couple, could not agree on
	who is responsible for selecting the VNC port to use.
	Things usually (and a bit surprisingly) did work because, just like that
	old couple, they had the same idea on what to do by default. However it
	was possible that this ended up in a big argument.
	The problem is that display information exists in two different places:
	in the vfbs list and in the build info. And for launching the device model,
	only the latter is used. But that never gets initialized from libvirt. So
	Xen allows the device model to select a default port while libvirt thinks
	it has told Xen that this is done by libvirt (though the vfbs config).
	While fixing that, I made a stab at actually evaluating the configuration
	of the video device. So that it is now possible to at least decide between
	a Cirrus or standard VGA emulation and to modify the VRAM within certain
	limits using libvirt.

2014-10-11  Jim Fehlig  <jfehlig@suse.com>

	libxl: Add function to determine device model type
	This patch introduces a function to detect whether the specified
	emulator is QEMU_XEN or QEMU_XEN_TRADITIONAL.  Detection is based on the
	string "Options specific to the Xen version:" in '$qemu -help' output.
	AFAIK, the only qemu containing that string in help output is the
	old Xen fork (aka qemu-dm).
	Note:
	QEMU_XEN means a qemu that contains support for Xen.
	QEMU_XEN_TRADITIONAL means Xen's old forked qemu 0.10.2

	Xen: Defer setting default vram value to Xen drivers
	Allow the Xen drivers to determine default vram values.  Sane
	default vaules depend on the device model being used, so the
	drivers are in the best position to determine the defaults.
	For the legacy xen driver, it is best to maintain the existing
	logic for setting default vram values to ensure there are no
	regressions.  The libxl driver currently does not support
	configuring a video device.  Support will be added in a
	subsequent patch, where the benefit of this change will be
	reaped.

	libxl: Copy user-specified keymap to libxl build info struct
	Commit 4dfc34c3 missed copying the user-specified keymap to
	libxl_domain_build_info struct when creating a VFB device.

2014-10-09  Shanzhi Yu  <shyu@redhat.com>

	qemu: save domain status after set domain's numa parameters
	After set domain's numa parameters for running domain, save the change,
	save the change into live xml is needed to survive restarting the libvirtd,
	same story with bug 1146511; meanwihle add call
	qemuDomainObjBeginJob/qemuDomainObjEndJob in qemuDomainSetNumaParameters

	qemu: call qemuDomainObjBeginJob/qemuDomainObjEndJob in qemuDomainSetInterfaceParameters
	add call qemuDomainObjBeginJob/qemuDomainObjEndJob in
	qemuDomainSetInterfaceParameters

	qemu: save domain status after set the blkio parameters
	After set the blkio parameters for running domain, save the change into
	live xml is needed to survive restarting the libvirtd, same story with
	bug 1146511, meanwhile add call qemuDomainObjBeginJob/qemuDomainObjEndJob
	in qemuDomainSetBlkioParameters

2014-10-09  Jiri Denemark  <jdenemar@redhat.com>

	Fix build-time pkg-config files in VPATH
	The pkg-config files in src/ make it pretty easy to build language
	bindings against an uninstalled libvirt, however, they don't work with
	VPATH builds. The reason is that all *-api.xml files are generated in
	source rather than build directory.

2014-10-08  Michal Privoznik  <mprivozn@redhat.com>

	security_selinux: Don't relabel /dev/net/tun
	https://bugzilla.redhat.com/show_bug.cgi?id=1147057
	The code for relabelling the TAP FD is there due to a race. When
	libvirt creates a /dev/tapN device it's labeled as
	'system_u:object_r:device_t:s0' by default. Later, when
	udev/systemd reacts to this device, it's relabelled to the
	expected label 'system_u:object_r:tun_tap_device_t:s0'. Hence, we
	have a code that relabels the device, to cut the race down. For
	more info see ae368ebfcc4.
	But the problem is, the relabel function is called on all TUN/TAP
	devices. Yes, on /dev/net/tun too. This is however a special kind
	of device - other processes uses it too. We shouldn't touch it's
	label then.
	Ideally, there would an API in SELinux that would label just the
	passed FD and not the underlying path. That way, we wouldn't need
	to care as we would be not labeling /dev/net/tun but the FD
	passed to the domain. Unfortunately, there's no such API so we
	have to workaround until then.
	Tested-by: Richard W.M. Jones <rjones@redhat.com>

2014-10-08  Ján Tomko  <jtomko@redhat.com>

	Fix build with older libcurl
	Add ATTRIBUTE_UNUSED marker to the unused timeout_ms option
	in esxVI_MultiCURL_TimerCallback.
	Introduced by commit 125007d.

2014-10-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Implement virDomainScreenshot using libcurl stream driver
	This implementation uses the https://esx-server/screen?id=<id> way to get
	a screenshot of a running domain. Compared to the CreateScreenshot_Task
	way this works since ESX 2.5 while CreateScreenshot_Task was added in
	version 4.0.
	The newly added libcurl stream driver is used to directly provide the
	downloaded data without saving it to a temporary file first.

	esx: Add libcurl based stream driver
	This allows to implement libvirt functions that use streams, such as
	virDoaminScreenshot, without the need to store the downloaded data in
	a temporary file first. The stream driver directly interacts with
	libcurl to send and receive data.
	The driver uses the libcurl multi interface that allows to do a transfer
	in multiple curl_multi_perform() calls. The easy interface would do the
	whole transfer in a single curl_easy_perform() call. This doesn't work
	with the libvirt stream API that is driven by multiple calls to the
	virStreamSend() and virStreamRecv() functions.
	The curl_multi_wait() function is used to do blocking operations. But it
	was added in libcurl 7.28.0. For older versions it is emulated using the
	socket callback of the multi interface.
	The current driver only supports blocking operations. There is already
	some code in place for non-blocking mode but it is not complete.

2014-10-07  Laine Stump  <laine@laine.org>

	qemu: change macvtap device MAC address in response to NIC_RX_FILTER_CHANGED
	This patch fills in the functionality of
	processNicRxFilterChangedEvent().  It now checks if it is appropriate
	to respond to the NIC_RX_FILTER_CHANGED event (based on device type
	and configuration) and takes appropriate action. Currently it checks
	if the guest interface has been configured with
	trustGuestRxFilters='yes', and if the host side device is macvtap. If
	so, and the MAC address on the guest has changed, the MAC address of
	the macvtap device is changed to match.
	The result of this is that networking from the guest will continue to
	work if the mac address of a macvtap-connected network device is
	changed from within the guest, as long as trustGuestRxFilters='yes'
	(previously changing the MAC address in the guest would break
	networking).

	qemu: setup infrastructure to handle NIC_RX_FILTER_CHANGED event
	NIC_RX_FILTER_CHANGED is sent by qemu any time a NIC driver in the
	guest modified the NIC's RX Filter (for example, if the MAC address of
	the NIC is changed by the guest).
	This patch doesn't do anything useful with that event; it just sets up
	all the plumbing to get news of the event into a worker thread with
	all proper locking/reference counting, and provide an easy place to
	add in desired functionality.
	See src/qemu/EVENTHANDLERS.txt for information/instructions on adding
	a libvirt-internal handler for a qemu event (using
	NIC_RX_FILTER_CHANGED as an example).

	qemu: add short document on qemu event handlers
	This text was in the commit log for the patch that added the event
	handler for NIC_RX_FILTER_CHANGED, and John Ferlan expressed a desire
	that the information not be "lost", so I've put it into a file in the
	qemu directory, hoping that it might catch the attention of future
	writers of handlers for qemu events.

	qemu: qemuMonitorQueryRxFilter - retrieve guest netdev rx-filter
	This function can be called at any time to get the current status of a
	guest's network device rx-filter. In particular it is useful to call
	after libvirt recieves a NIC_RX_FILTER_CHANGED event - this event only
	tells you that something has changed in the rx-filter, the details are
	retrieved with the query-rx-filter monitor command (only available in
	the json monitor). The command sent to the qemu monitor looks like this:
	  {"execute":"query-rx-filter", "arguments": {"name":"net2"} }'
	and the results will look something like this:
	{
	    "return": [
	        {
	            "promiscuous": false,
	            "name": "net2",
	            "main-mac": "52:54:00:98:2d:e3",
	            "unicast": "normal",
	            "vlan": "normal",
	            "vlan-table": [
	                42,
	                0
	            ],
	            "unicast-table": [
	            ],
	            "multicast": "normal",
	            "multicast-overflow": false,
	            "unicast-overflow": false,
	            "multicast-table": [
	                "33:33:ff:98:2d:e3",
	                "01:80:c2:00:00:21",
	                "01:00:5e:00:00:fb",
	                "33:33:ff:98:2d:e2",
	                "01:00:5e:00:00:01",
	                "33:33:00:00:00:01"
	            ],
	            "broadcast-allowed": false
	        }
	    ],
	    "id": "libvirt-14"
	}
	This is all parsed from JSON into a virNetDevRxFilter object for
	easier consumption. (unicast-table is usually empty, but is also an
	array of mac addresses similar to multicast-table).
	(NB: LIBNL_CFLAGS was added to tests/Makefile.am because virnetdev.h
	now includes util/virnetlink.h, which includes netlink/msg.h when
	appropriate. Without LIBNL_CFLAGS, gcc can't find that file (if
	libnl/netlink isn't available, LIBNL_CFLAGS will be empty and
	virnetlink.h won't try to include netlink/msg.h anyway).)

	util: define virNetDevRxFilter and basic utility functions
	This same structure will be used to retrieve RX filter info for
	interfaces on the host via netlink messages, and RX filter info for
	interfaces on the guest via the qemu "query-rx-filter" command.

2014-10-06  Laine Stump  <laine@laine.org>

	network: set interface actual trustGuestRxFilters from network/portgroup
	As is done with other items such as vlan, virtualport, and bandwidth,
	set the actual trustGuestRxFilters value to be used by a domain
	interface according to a merge of the same attribute in the interface,
	portgroup, and network in use. the interface setting always takes
	precedence (if specified), followed by portgroup, and finally the
	setting in the network is used if it's not specified in the interface
	or portgroup.

	conf: add trustGuestRxFilters attribute to network and domain interface
	This new attribute will control whether or not libvirt will pay
	attention to guest notifications about changes to network device mac
	addresses and receive filters. The default for this is 'no' (for
	security reasons). If it is set to 'yes' *and* the specified device
	model and connection support it (currently only macvtap+virtio) then
	libvirt will watch for NIC_RX_FILTER_CHANGED events, and when it
	receives one, it will issue a query-rx-filter command, retrieve the
	result, and modify the host-side macvtap interface's mac address and
	unicast/multicast filters accordingly.
	The functionality behind this attribute will be in a later patch. This
	patch merely adds the attribute to the top-level of a domain's
	<interface> as well as to <network> and <portgroup>, and adds
	documentation and schema/xml2xml tests. Rather than adding even more
	test files, I've just added the net attribute in various applicable
	places of existing test files.

2014-10-06  John Ferlan  <jferlan@redhat.com>

	qemu: Remove possible NULL deref in debug output
	Check for !dev->info.alias was done after a VIR_DEBUG() statement
	that already tried to print - just flip sequence

	qemu: Remove need for virConnectPtr in hotunplug detach host, net
	Prior patch removed the need for the virConnectPtr in the unplug
	detach host path which caused ripple effect to remove in multiple
	callers.  The previous patch just left things as ATTRIBUTE_UNUSED -
	this patch will remove the variable.

	qemu: Fix hot unplug of SCSI_HOST device
	https://bugzilla.redhat.com/show_bug.cgi?id=1141732
	Introduced by commit id '8f76ad99' the logic to detach a scsi_host
	device (SCSI or iSCSI) fails when attempting to remove the 'drive'
	because as I found in my investigation - the DelDevice takes care of
	that for us.
	The investigation turned up commits to adjust the logic for the
	qemuMonitorDelDevice and qemuMonitorDriveDel processing for interfaces
	(commit id '81f76598'), disk bus=VIRTIO,SCSI,USB (commit id '0635785b'),
	and chr devices (commit id '55b21f9b'), but nothing with the host devices.
	This commit uses the model for the previous set of changes and applies
	it to the hostdev path. The call to qemuDomainDetachHostSCSIDevice will
	return to qemuDomainDetachThisHostDevice handling either the audit of
	the failure or the wait for the removal and then call into
	qemuDomainRemoveHostDevice for the event, removal from the domain hostdev
	list, and audit of the removal similar to other paths.
	NOTE: For now the 'conn' param to +qemuDomainDetachHostSCSIDevice is left
	as ATTRIBUTE_UNUSED.  Removing requires a cascade of other changes to be
	left for a future patch.

2014-10-06  Eric Blake  <eblake@redhat.com>

	maint: update .mailmap
	Consolidate several commits made by James:
	https://www.redhat.com/archives/libvir-list/2014-September/msg01156.html

2014-10-06  Ján Tomko  <jtomko@redhat.com>

	Include .libs in libdir in source tree pkg-config files
	This lets me build against an uninstalled source tree without
	libtool.

2014-10-06  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix a typo in drvlxc
	s/the/The

2014-10-04  Martin Kletzander  <mkletzan@redhat.com>

	minor shmem clean-ups

	util: Prepare URI formatting for libxml2 >= 2.9.2
	Since commit 8eb55d782a2b9afacc7938694891cc6fad7b42a5 libxml2 removes
	two slashes from the URI when there is no server part.  This is fixed
	with beb7281055dbf0ed4d041022a67c6c5cfd126f25, but only if the calling
	application calls xmlSaveUri() on URI that xmlURIParse() parsed.  And
	that is not the case in virURIFormat().  virURIFormat() accepts
	virURIPtr that can be created without parsing it and we do that when we
	format network storage paths for gluster for example.  Even though
	virStorageSourceParseBackingURI() uses virURIParse(), it throws that data
	structure right away.
	Since we want to format URIs as URIs and not absolute URIs or opaque
	URIs (see RFC 3986), we can specify that with a special hack thanks to
	commit beb7281055dbf0ed4d041022a67c6c5cfd126f25, by setting port to -1.
	This fixes qemuxml2argvtest test where the disk-drive-network-gluster
	case was failing.

	vbox: remove unused code that causes build failures
	Since 87dea4fcffb2d1b120e7841adc0e3d8ea97ed777 vboxGetDrivers() is not
	used for getting the vbox network driver.  The only call the code does
	is using NULL as the @networkDriver_ret param , but the code still used
	vbox[0-9][0-9]NetworkDriver that didn't exist anymore.

	qemu: Build command line for ivshmem device
	This patch implements support for the ivshmem device in QEMU.

2014-10-04  Maxime Leroy  <maxime.leroy@6wind.com>

	qemu: add capability probing for ivshmem device
	Ivshmem is supported by QEMU since 0.13 release.

2014-10-04  Martin Kletzander  <mkletzan@redhat.com>

	docs, conf, schema: add support for shmem device
	This patch adds parsing/formatting code as well as documentation for
	shared memory devices.  This will currently be only accessible in QEMU
	using it's ivshmem device, but is designed as generic as possible to
	allow future expansion for other hypervisors.
	In the devices section in the domain XML users may specify:
	- For shmem device using a server:
	 <shmem name='shmem0'>
	   <server path='/tmp/socket-ivshmem0'/>
	   <size unit='M'>32</size>
	   <msi vectors='32' ioeventfd='on'/>
	 </shmem>
	- For ivshmem device not using an ivshmem server:
	 <shmem name='shmem1'>
	   <size unit='M'>32</size>
	 </shmem>
	Most of the configuration is made optional so it also allows
	specifications like:
	 <shmem name='shmem1/>
	 <shmem name='shmem2'>
	   <server/>
	 </shmem>

2014-10-04  Eric Blake  <eblake@redhat.com>

	qemu: support nospace reason in io error event
	Aeons ago (commit 34dcbbb4, v0.8.2), we added a new libvirt event
	(VIR_DOMAIN_EVENT_ID_IO_ERROR_REASON) in order to tell the user WHY
	the guest halted.  This is because at least VDSM wants to react
	differently to ENOSPC events (resize the lvm partition to be larger,
	and resume the guest as if nothing had happened) from all other events
	(I/O is hosed, throw up our hands and flag things as broken).  At the
	time this was done, downstream RHEL qemu added a vendor extension
	'__com.redhat_reason', which would be exactly one of these strings:
	"enospc", "eperm", "eio", and "eother".  In our stupidity, we exposed
	those exact strings to clients, rather than an enum, and we also
	return "" if we did not have access to a reason (which was the case
	for upstream qemu).
	Fast forward to now: upstream qemu commit c7c2ff0c (will be qemu 2.2)
	FINALLY adds a 'nospace' boolean, after discussion with multiple
	projects determined that VDSM really doesn't care about distinction
	between any other error types.  So this patch converts 'nospace' into
	the string "enospc" for compatibility with RHEL clients that were
	already used to the downstream extension, while leaving the reason
	blank for all other cases (no change from the status quo).
	See also https://bugzilla.redhat.com/show_bug.cgi?id=1119784
	* src/qemu/qemu_monitor_json.c (qewmuMonitorJSONHandleIOError):
	Parse reason field from modern qemu.
	* include/libvirt/libvirt.h.in
	(virConnectDomainEventIOErrorReasonCallback): Document it.

2014-10-03  Cole Robinson  <crobinso@redhat.com>

	qemu: Don't compare CPU against host for TCG
	Right now when building the qemu command line, we try to do various
	unconditional validations of the guest CPU against the host CPU. However
	this checks are overly applied. The only time we should use the checks
	are:
	- The user requests host-model/host-passthrough, or
	- When KVM is requsted. CPU features requested in TCG mode are always
	  emulated by qemu and are independent of the host CPU, so no host CPU
	  checks should be performed.
	Right now if trying to specify a CPU for arm on an x86 host, it attempts
	to do non-sensical validation and falls over.
	Switch all the test cases that were intending to test CPU validation to
	use KVM, so they continue to test the intended code.
	Amend some aarch64 XML tests with a CPU model, to ensure things work
	correctly.

	qemu_command: Split qemuBuildCpuArgStr
	Move the CPU mode/model handling to its own function. This is just
	code movement and re-indentation.

2014-10-03  Shanzhi Yu  <shyu@redhat.com>

	configure: improve misleading libnl3-devel missing error message
	When building libvirt from source with netcf-devel installed, the
	configure script reports error "libnl-devel >=3.0 is required for
	macvtap support", while actually libnl3-devel is required.

	qemu: Improve domainSetTime error info report
	check domain's status before call virQEMUCapsGet to report a accurate
	error when domain is shut off
	Resolve: https://bugzilla.redhat.com/show_bug.cgi?id=1147847

2014-10-03  Michal Privoznik  <mprivozn@redhat.com>

	Makefile: Fix build without driver modules
	After 87dea4fcf one can observe a build failure:
	./autogen.sh --system --without-driver-modules && make
	  CCLD     libvirtd
	../src/.libs/libvirt_driver_vbox.a(libvirt_driver_vbox_impl_la-vbox_driver.o):
	In function `vboxNetworkRegister':
	/home/jtomko/work/libvirt/libvirt.git/src/vbox/vbox_driver.c:168: undefined
	reference to `vboxGetNetworkDriver'
	collect2: error: ld returned 1 exit status
	make[3]: *** [libvirtd] Error 1
	The problem is that when building without driver modules the VBOX
	network driver is not linked into the the VBOX driver.

2014-10-03  Taowei  <uaedante@gmail.com>

	vbox: New network driver
	This patch seperate the domain driver and the network driver.
	libvirt_driver_vbox_impl.la has been linked in the network driver.
	So that the version specified codes in vbox_V*.c would only be
	compiled once.
	The vboxGetNetworkDriver provides a simple interface to get vbox
	network driver.

	vbox: Rewrite vboxNetworkGetXMLDesc

	vbox: Rewrite vboxNetworkCreate

	vbox: Rewrite vboxNetworkUndefineDestroy
	This patch rewrites two public APIs. They are vboxNetworkUndefine
	and vboxNetworkDestroy. They use the same core function
	vboxNetworkUndefineDestroy. I merged it in one patch.

	vbox: Rewrite vboxNetworkDefineCreateXML
	This patch actually contains two public API, virNetworkDefineXML
	and virNetworkCreateXML. They use the same core function
	vboxNetworkDefineCreateXML. So I merged it together.

	vbox: Rewrite vboxNetworkLookupByName

	vbox: Rewrite vboxNetworkLookupByUUID

	vbox: Rewrite vboxConnectListDefinedNetworks

	vbox: Rewrite vboxConnectNumOfDefinedNetworks

	vbox: Rewrite vboxConnectListNetworks

	vbox: Rewrite vboxConnectNumOfNetworks

	vbox: Rewrite vboxNetworkClose

	vbox: Rewrite vboxNetworkOpen

	vbox: Interfaces for register per parties
	The patch dbb4cbf532fa by Michal has splited the vbox driver into
	three parties. This modification brings a more suitable interface
	to the previous patch.
	The new function vboxGetDriver is introduced to get the
	corresponding vbox domain driver directly thought the vbox version.
	Functions like vboxGetNetworkDriver and vboxGetStorageDriver
	will be introduced after rewriting it's drivers.
	This patch, by the way, fixed the align problem for vbox in
	Makefile.am

2014-10-03  Erik Skultety  <eskultet@redhat.com>

	qemu: Fix updating balloon period in live XML
	Up until now, we set memballoon period in monitor successfully, however
	we did not update domain definition structure, thus dumpxml was omitting
	period attribute in memballoon element
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140960

	qemu: Fix updating bandwidth limits in live XML
	When trying to update bandwidth limits on a running domain, limits get
	updated in our internal structures, however XML parser reads
	bandwidth limits from network 'actual' definition. Committing this patch
	it is now available to update bandwidth 'actual' definition as well,
	thus updating domain runtime XML.

2014-10-02  Ján Tomko  <jtomko@redhat.com>

	Add virCgroupTerminateMachine stub
	Fix the build on FreeBSD, broken by commit 4882618.

2014-10-02  Eric Blake  <eblake@redhat.com>

	build: fix build on non-Linux
	A cygwin build of 1.2.9 fails with:
	util/virprocess.c:87:27: fatal error: sys/syscall.h: No such file or directory
	 #  include <sys/syscall.h>
	But in reality, the ONLY user of setns() is lxc, which is Linux-only.
	It's easiest to just limit the setns workarounds to Linux.
	* src/util/virprocess.c (setns): Limit definition to Linux.

2014-10-02  Guido Günther  <agx@sigxcpu.org>

	Make editor used for 'virsh edit' configurable
	Debian wants to use 'sensible-editor' instead of vi other distros might
	want to use other defaults. This avoids distro specific patches.

	qemu: use systemd's TerminateMachine to kill all processes
	If we don't properly clean up all processes in the
	machine-<vmname>.scope systemd won't remove the cgroup and subsequent vm
	starts fail with
	  'CreateMachine: File exists'
	Additional processes can e.g. be added via
	  echo $PID > /sys/fs/cgroup/systemd/machine.slice/machine-${VMNAME}.scope/tasks
	but there are other cases like
	  http://bugs.debian.org/761521
	Invoke TerminateMachine to be on the safe side since systemd tracks the
	cgroup anyway. This is a noop if all processes have terminated already.

2014-10-01  Peter Krempa  <pkrempa@redhat.com>

	maint: Prohibit "devname" by a syntax check rules
	and tweak the code to avoid using it.

	qemu: monitor: Avoid shadowing variable "devname" on FreeBSD. Again.
	FreeBSD's compiler complains that we shadow the symbol. Sigh.
	s/devname/dev_name/

	qemu: json: Fix missing break in error reporting function
	Otherwise we'd report a different error.
	Reported by John Ferlan's coverity run.

2014-10-01  Francesco Romani  <fromani@redhat.com>

	qemu: bulk stats: add block allocation information
	Management software wants to be able to allocate disk space on demand.
	To support this they need keep track of the space occupation of the
	block device.  This information is reported by qemu as part of block
	stats.
	This patch extend the block information in the bulk stats with the
	allocation information.
	To keep the same behaviour a helper is extracted from
	qemuMonitorJSONGetBlockExtent in order to get per-device allocation
	information.

2014-10-01  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Add helper function to fill physical/virtual image size
	While our code gathers block stats via "query-blockstats" some
	information need to be gathered via "query-block". Add a helper function
	that will update the blockstats structure if requested.

	Bump version to 1.2.10 for new dev cycle

2014-10-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.9
	* docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: updated localizations and regenerated

2014-10-01  Pavel Hrdina  <phrdina@redhat.com>

	domain_conf: fix domain deadlock
	If you use public api virConnectListAllDomains() with second parameter
	set to NULL to get only the number of domains you will lock out all
	other operations with domains.
	Introduced by commit 2c680804.

2014-09-30  Chris St. Pierre  <chris.a.st.pierre@gmail.com>

	Allow setting migration max downtime any time
	This removes the artificial and unnecessary restriction that
	virDomainSetMaxDowntime() only be called while a migration is in
	progress.
	https://bugzilla.redhat.com/show_bug.cgi?id=1146618

2014-09-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Avoid shadowing variable "devname" on FreeBSD
	FreeBSD's compiler complains that we shadow the symbol. Sigh.
	s/devname/dev_name/

	qemu: monitor: return block stats data as a hash to avoid disk mixup
	The current block stats code matched up the disk name with the actual
	stats by the order in the data returned from qemu. This unfortunately
	isn't right as qemu may return the disks in any order. Fix this by
	returning a hash of stats and index them by the disk alias.

2014-09-30  Ján Tomko  <jtomko@redhat.com>

	Also filter out non-migratable features out of host-passthrough
	Commit de0aeaf filtered them out from the host-model features,
	to allow host-model to be migratable by default.
	Even though they are not passed to QEMU for host-passthrough,
	(and not enabled by default) filter them out too
	so the user does not think the domain has them.
	https://bugzilla.redhat.com/show_bug.cgi?id=1147584

	Don't verify CPU features with host-passthrough
	Commit fba6bc4 introduced the non-migratable invtsc feature,
	breaking save/migration with host-model and host-passthrough.
	On hosts with this feature present it was automatically included
	in the CPU definition, regardless of QEMU support.
	Commit de0aeaf stopped including it by default for host-model,
	but failed to fix host-passthrough.
	This commit ignores checking of CPU features with host-passthrough,
	since we don't pass them to QEMU (only -cpu host is passed),
	allowing domains using host-passthrough that were saved with
	the broken version of libvirtd to be restored.
	https://bugzilla.redhat.com/show_bug.cgi?id=1147584

2014-09-29  Ján Tomko  <jtomko@redhat.com>

	Fix crash cpu_shares change event crash on domain startup
	Introduced by commit 0dce260.
	qemuDomainEventQueue was called with qemuDomainObjPrivatePtr instead
	of virQEMUDriverPtr.
	https://bugzilla.redhat.com/show_bug.cgi?id=1147494

2014-09-29  Erik Skultety  <eskultet@redhat.com>

	storage: Fix logical pool fmt type
	According to our documentation logical pool supports formats 'auto' and
	'lvm2'. However, in storage_conf.c we previously defined storage pool
	formats: unknown, lvm2. Due to backward compatibility reasons
	we must continue refer to pool format type 'unknown' instead of 'auto'.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1123767

2014-09-29  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	virsh: Fix help message of allocpages
	Fix info in the command definition of allocpages, which is currently
	pointing info for 'capabilities'.

2014-09-27  Guido Günther  <agx@sigxcpu.org>

	qemu: remove capabilities.monitor.sock when done
	Prompted by
	   http://bugs.debian.org/761131

2014-09-26  Jincheng Miao  <jmiao@redhat.com>

	conf: report error in virCPUDefParseXML
	When detected invalid 'memAccess', virCPUDefParseXML should report error.
	Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1146334

2014-09-26  Ján Tomko  <jtomko@redhat.com>

	Check for NULL in qemu monitor event filter
	When virConnectDomainQemuMonitorEventRegister is called with the
	VIR_CONNECT_DOMAIN_QEMU_MONITOR_EVENT_REGISTER_REGEX flag,
	ignore the flag instead of crashing.
	https://bugzilla.redhat.com/show_bug.cgi?id=1144920

2014-09-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo s/EMULATORIN/EMULATORPIN/
	Fix the typo in VIR_DOMAIN_TUNABLE_CPU_EMULATORIN

	Rename tunable event constants
	For the new VIR_DOMAIN_EVENT_ID_TUNABLE event we have a bunch of
	constants added
	   VIR_DOMAIN_EVENT_CPUTUNE_<blah>
	   VIR_DOMAIN_EVENT_BLKDEVIOTUNE_<blah>
	This naming convention is bad for two reasons
	  - There is no common prefix unique for the events to both
	    relate them, and distinguish them from other event
	    constants
	  - The values associated with the constants were chosen
	    to match the names used with virConnectGetAllDomainStats
	    so having EVENT in the constant name is not applicable in
	    that respect
	This patch proposes renaming the constants to
	    VIR_DOMAIN_TUNABLE_CPU_<blah>
	    VIR_DOMAIN_TUNABLE_BLKDEV_<blah>
	ie, given them a common VIR_DOMAIN_TUNABLE prefix.

2014-09-26  Michal Privoznik  <mprivozn@redhat.com>

	lxc_monitor_protocol: Redefine xdr_uint64_t if needed
	https://bugzilla.redhat.com/show_bug.cgi?id=993411
	On some systems (using libtirpc instead of glibc's
	implementation), xdr_uint64_t exists rather under different name:
	xdr_u_int64_t. This makes compilation fail then:
	libvirt_lxc-lxc_monitor_protocol.o: In function `xdr_virLXCMonitorInitEventMsg':
	/usr/local/src/libvirt/libvirt-1.1.1/src/./lxc/lxc_monitor_protocol.c:31: undefined reference to `xdr_uint64_t'
	Therefore we rather mirror the d707c866 commit and redefine
	xdr_uint64_t if needed.

	qemuPrepareNVRAM: Save domain after NVRAM path generation
	On a domain startup, the variable store path is generated if needed.
	The path is intended to be generated only once. However, the updated
	domain definition is not saved into config dir rather than state XML
	only. So later, whenever the domain is destroyed and the daemon is
	restarted, the generated path is forgotten and the file may be left
	behind on virDomainUndefine() call.

	remoteNodeGetFreePages: Don't alloc args.pages.pages_val
	There's no one to free() it anyway. Instead, we can just pass the
	provided array pointer directly.
	==20039== 48 bytes in 4 blocks are definitely lost in loss record 658 of 787
	==20039==    at 0x4C2A700: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==20039==    by 0x4EA661F: virAllocN (viralloc.c:191)
	==20039==    by 0x50386EF: remoteNodeGetFreePages (remote_driver.c:7625)
	==20039==    by 0x5003504: virNodeGetFreePages (libvirt.c:21379)
	==20039==    by 0x154625: cmdFreepages (virsh-host.c:374)
	==20039==    by 0x12F718: vshCommandRun (virsh.c:1935)
	==20039==    by 0x1339FB: main (virsh.c:3747)

2014-09-26  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	nodeinfo: fix version of nodeAllocPages
	Fix comments about the version in which '.nodeAllocPages' are added.

2014-09-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: Always re-detect backing chain
	Since 363e9a68 we track backing chain metadata when creating snapshots
	the right way even for the inactive configuration. As we did not yet
	update other code paths that modify the backing chain (blockpull) the
	newDef backing chain gets out of sync.
	After stopping of a VM the new definition gets copied to the next start
	one. The new VM then has incorrect backing chain info. This patch
	switches the backing chain detector to always purge the existing backing
	chain and forces re-detection to avoid this issue until we'll have full
	backing chain tracking support.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1144922

2014-09-26  Pavel Hrdina  <phrdina@redhat.com>

	event_example: cleanup example code for tunable event

2014-09-25  Michal Privoznik  <mprivozn@redhat.com>

	virNodeAllocPages: Disallow RO connection
	Due to a missing check the API can be successfully called even if
	the connection is ReadOnly. Fortunately, the API hasn't been
	released yet, so there's no need for a CVE.

2014-09-25  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: login to parallels SDK
	Add files parallels_sdk.c and parallels_sdk.h for code
	which works with SDK, so libvirt's code will not mix with
	dealing with parallels SDK.
	To use Parallels SDK you must first call PrlApi_InitEx function,
	and then you will be able to connect to a server with
	PrlSrv_LoginLocalEx function. When you've done you must call
	PrlApi_Deinit. So let's call PrlApi_InitEx on first .connectOpen,
	count number of connections and deinitialize, when this counter
	becomes zero.

	parallels: build with parallels SDK
	Executing prlctl command is not an optimal way to interact with
	Parallels Cloud Server (PCS), it's better to use parallels SDK,
	which is a remote API to paralles dispatcher service.
	We prepared opensource version of this SDK and published it on
	github, it's distributed under LGPL license. Here is a git repo:
	https://github.com/Parallels/parallels-sdk.
	To build with parallels SDK user should get compiler and linker
	options from pkg-config 'parallels-sdk' file. So fix checks in
	configure script and build with parallels SDK, if that pkg-config
	file exists and add gcc options to makefile.

2014-09-25  Michal Privoznik  <mprivozn@redhat.com>

	virnetserver: Raise log level of max_clients related messages
	We have these configuration knobs, like max_clients and
	max_anonymous_clients. They limit the number of clients
	connected.  Whenever the limit is reached, the daemon stops
	accepting new ones and resumes if one of the connected clients
	disconnects. If that's the case, a debug message is printed into
	the logs. And when the daemon starts over to accept new clients
	too. However, the problem is the messages have debug priority.
	This may be unfortunate, because if the daemon stops accepting
	new clients all of a sudden, and users don't have debug logs
	enabled they have no idea what's going on. Raise the messages
	level to INFO at least.

2014-09-25  Pavel Hrdina  <phrdina@redhat.com>

	polkit_driver: fix possible segfault
	The changes in commit c7542573 introduced possible segfault. Looking
	deeper into the code and the original code before the patch series were
	applied I think that we should report error for each function failure
	and also we shouldn't call some of the function twice.
	Found by coverity.

	blkdeviotune: trigger tunable event for blkdeviotune updates
	Use the universal tunable event to report changes to user. All
	blkdeviotune values are prefixed with "blkdeviotune".

	blkdeviotune: fix bug with saving values into live XML
	When you updated some blkdeviotune values for running domain the values
	were stored only internally, but not saved into the live XML so they
	won't survive restarting the libvirtd.

	Fix build without polkit
	The commit 1b854c76 introduced a new function 'virPolkitCheckAuth' and
	in the #else section when you don't have polkit all attributes should be
	follwed by ATTRIBUTE_UNUSED.

	tunable_event: extend debug message and tweak limit for remote message
	It would be nice to also print a params pointer and number of params in
	the debug message and the previous limit for number of params in the rpc
	message was too large. The 2048 params will be enough for future events.

2014-09-25  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Expose virNodeAllocPages
	The new virsh command is named 'allocpages'.

	nodeinfo: Implement nodeAllocPages
	And add stubs to other drivers like: lxc, qemu, uml and vbox.

	virnuma: Introduce virNumaSetPagePoolSize
	This internal API can be used to allocate or free some pages in
	the huge pages pool.

	Introduce virNodeAllocPages
	A long time ago in a galaxy far, far away it has been decided
	that libvirt will manage not only domains but host as well. And
	with my latest work on qemu driver supporting huge pages, we miss
	the cherry on top: an API to allocate huge pages on the run.
	Currently users are forced to log into the host and adjust the
	huge pages pool themselves.  However, with this API the problem
	is gone - they can both size up and size down the pool.

	nodeGetFreePages: Push forgotten change
	In the previous patch I've changed the for loop bounds but forgot
	to 'git add' changes that adapt the rest of the code.

2014-09-25  Cole Robinson  <crobinso@redhat.com>

	security: Fix labelling host devices (bz 1145968)
	The check for ISCSI devices was missing a check of subsys type, which
	meant we could skip labelling of other host devices as well. This fixes
	USB hotplug on F21
	https://bugzilla.redhat.com/show_bug.cgi?id=1145968

2014-09-24  Pavel Hrdina  <phrdina@redhat.com>

	Fix MinGW build
	When building on mingw the format string for long long/unsigned long
	long have to be I64d/I64u instead of lld/llu.

2014-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Convert polkit code to use DBus API instead of CLI helper
	Spawning the pkcheck program every time a permission check is
	required is hugely expensive on CPU. The pkcheck program is just
	a dumb wrapper for the DBus API, so rewrite the code to use the
	DBus API directly. This also simplifies error handling a bit.

	Support passing dict by reference for dbus messages
	Currently DBus dict values must be passed inline
	   virDBusMessageEncode("a{ss}",
	                        3,
	                        "key1", "val1",
	                        "key2", "val2",
	                        "key3", "val3");
	   virDBusMessageDecode("a{ss}",
	                        3,
	                        &key1, &val1,
	                        &key2, &val2,
	                        &key3, &val3);
	This allows them to be passed by reference
	   const char **dictin = {
	      "key1", "val1",
	      "key2", "val2",
	      "key3", "val3"
	   };
	   char **dictout;
	   size_t ndictout;
	   virDBusMessageEncode("a&{ss}",
	                        ARRAY_CARDINALITY(dict) / 2,
	                        dictin);
	   virDBusMessageDecode("a&{ss}",
	                        &ndictout,
	                        &dictout);

	Convert remote daemon & acl code to use polkit API
	Convert the remote daemon auth check and the access control
	code to use the common polkit API for checking auth.

	Convert callers to use typesafe APIs for getting identity attrs
	Convert virAccessDriverPolkitFormatProcess to use typesafe API
	for getting process ID attribute.

	Convert callers to use typesafe APIs for setting identity attrs
	Update virNetServerClientCreateIdentity and virIdentityGetSystem
	to use the new typesafe APIs for setting identity attributes

	Add typesafe APIs for virIdentity attributes
	Instead of requiring the caller to format to/from strings,
	add typesafe APIs todo this work.

	Add common API for doing polkit authentication
	There are now two places in libvirt which use polkit. Currently
	they use pkexec, which is set to be replaced by direct DBus API
	calls. Add a common API which they will both be able to use for
	this purpose.
	No tests are added at this time, since the impl will be gutted
	in favour of a DBus API call shortly.

2014-09-24  Ján Tomko  <jtomko@redhat.com>

	qemu: wire up virtio-net segment offloading options
	Format the segment offloading options specified by
	<driver>
	  <host .../>
	  <guest .../>
	</driver>
	on virtio-net command line.

	conf: add options for disabling segment offloading
	Add options for tuning segment offloading:
	<driver>
	  <host csum='off' gso='off' tso4='off' tso6='off'
	        ecn='off' ufo='off'/>
	  <guest csum='off' tso4='off' tso6='off' ecn='off' ufo='off'/>
	</driver>
	which control the respective host_ and guest_ properties
	of the virtio-net device.

2014-09-24  Jincheng Miao  <jmiao@redhat.com>

	nodeinfo: fix nodeGetFreePages when max node is zero
	In nodeGetFreePages, if startCell is given by '0',
	and the max node number is '0' too. The for-loop
	wouldn't be executed.
	So convert it to while-loop.
	Before:
	> virsh freepages --cellno 0 --pagesize 4
	error: internal error: no suitable info found
	After:
	> virsh freepages --cellno 0 --pagesize 4
	4KiB: 472637

2014-09-24  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: emphasis uid start of idmap only accept '0' in docs
	We don't accept any other values except '0'.

2014-09-24  Pavel Hrdina  <phrdina@redhat.com>

	Fix bug with loading bridge name for active domain during libvirtd start
	If you have a bridge network in running domain and libvirtd is restarted
	the information about host bridge interface is lost from live xml.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140085

2014-09-24  Peter Krempa  <pkrempa@redhat.com>

	storage: Improve error message when traversing backing chains
	Report also the name of the parent file and uid/gid used to access it to
	help debugging broken storage configurations.

	qemu: Report better errors from broken backing chains
	Request erroring out from the backing chain traveller and drop qemu's
	internal backing chain integrity tester.
	The backing chain traveller reports errors by itself with possibly more
	detail than qemuDiskChainCheckBroken ever could.
	We also need to make sure that we reconnect to existing qemu instances
	even at the cost of losing the backing chain info (this really should be
	stored in the XML rather than reloaded from disk, but that needs some
	work).

	qemu: Sanitize argument names and empty disk check in qemuDomainDetermineDiskChain
	Reuse virStorageSourceIsEmpty and rename "force" argument to
	"force_probe".

	util: storage: Allow metadata crawler to report useful errors
	Add a new parameter to virStorageFileGetMetadata that will break the
	backing chain detection process and report useful error message rather
	than having to use virStorageFileChainGetBroken.
	This patch just introduces the option, usage will be provided
	separately.

2014-09-24  Jim Fehlig  <jfehlig@suse.com>

	libvirt-guests: run after time-sync.target
	When libvirt-guests is configured to start guests on host
	boot, it is possible for guests start and read the host
	clock before it is synchronized.  Services such as
	libvirt-guests that require correct time should use the
	Special Passive System Unit time-sync.target
	http://www.freedesktop.org/software/systemd/man/systemd.special.html#time-sync.target

2014-09-24  Pavel Hrdina  <phrdina@redhat.com>

	cputune_event: queue the event for cputune updates
	Now we have universal tunable event so we can use it for reporting
	changes to user. The cputune values will be prefixed with "cputune" to
	distinguish it from other tunable events.

	add an example how to use tunable event

	event: introduce new event for tunable values
	This new event will use typedParameters to expose what has been actually
	updated and the reason is that we can in the future extend any tunable
	values or add new tunable values. With typedParameters we don't have to
	worry about creating some other events, we will just use this universal
	event to inform user about updates.

2014-09-23  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix memory leak in RDMA migration code

2014-09-23  Martin Kletzander  <mkletzan@redhat.com>

	conf: sanitize tap and vhost paths

2014-09-23  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildNumaArgStr: Discard def->cpu check
	In the function at one place we check if def->cpu is NULL prior
	to accessing def->cpu->ncells. Then, later in the code,
	def->cpu->ncells is accessed directly, without the check. This
	makes coverity unhappy, because the first check makes it think
	def->cpu can be NULL. However, the function is not called if
	def->cpu is NULL. Therefore, remove the first check and hopefully
	make coverity cheer again.

	nodeinfo: Prefer MIN in nodeGetFreePages
	It's better to use a macro instead of if-else construct.

2014-09-23  Pavel Hrdina  <phrdina@redhat.com>

	domain_conf: separate structures from virDomainDef
	Cleanup virDomanDef structure from other nested structure and create
	separate type definition for them.
	Fix a typo in virDomainHugePage.

2014-09-23  Jincheng Miao  <jmiao@redhat.com>

	Fix typo of virNodeGetFreePages comment

	nodeinfo: report error when given node is out of range
	https://bugzilla.redhat.com/show_bug.cgi?id=1145050

	virsh-host: fix pagesize unit of freepages
	The unit of '--pagesize' of freepages is kibibytes.
	https://bugzilla.redhat.com/show_bug.cgi?id=1145048

2014-09-23  Michael R. Hines  <mrhines@us.ibm.com>

	qemu: Memory pre-pinning support for RDMA migration
	RDMA Live migration requires registering memory with the hardware, and
	thus QEMU offers a new 'capability' to pre-register / mlock() the guest
	memory in advance for higher RDMA performance before the migration
	begins. This capability is disabled by default, which means QEMU will
	register the memory with the hardware in an on-demand basis.
	This patch exposes this capability with the following example usage:
	virsh migrate --live --rdma-pin-all --migrateuri rdma://hostname domain qemu+ssh://hostname/system

	qemu: RDMA migration support
	This patch adds support for RDMA protocol in migration URIs.
	USAGE: $ virsh migrate --live --migrateuri rdma://hostname domain qemu+ssh://hostname/system
	Since libvirt runs QEMU in a pretty restricted environment, several
	files needs to be added to cgroup_device_acl (in qemu.conf) for QEMU to
	be able to access the host's infiniband hardware. Full documenation of
	the feature can be found on QEMU wiki:
	http://wiki.qemu.org/Features/RDMALiveMigration

2014-09-23  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add RDMA migration capabilities

	qemu: Prepare support for arbitrary migration protocol
	Currently we only support TCP protocol for native QEMU migration but
	this is going to be changed. Let's make the code more general and remove
	hardcoded TCP protocol from several places.

	qemu: Fix old tcp:host URIs more cleanly
	For compatibility with old libvirt we need to support both tcp:host and
	tcp://host migration URIs. Let's make the code that parses them a bit
	cleaner.

2014-09-23  Michael R. Hines  <mrhines@us.ibm.com>

	qemu: Expose additional migration statistics
	RDMA migration uses the 'setup' state in QEMU to optionally lock
	all memory before the migration starts. The total time spent in
	this state is exposed as VIR_DOMAIN_JOB_SETUP_TIME.
	Additionally, QEMU also exports migration throughput (mbps) for both
	memory and disk, so let's add them too: VIR_DOMAIN_JOB_MEMORY_BPS,
	VIR_DOMAIN_JOB_DISK_BPS.

2014-09-23  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	cpu: fix wrong single quote mark

2014-09-22  Daniel P. Berrange  <berrange@redhat.com>

	cpu: remove repeated word in error message

2014-09-22  Giuseppe Scrivano  <gscrivan@redhat.com>

	qemu: raise an error when trying to use readonly sata disks
	commit 72f919f558902968bd0cf9f99f25ac62cbfe3ac6 introduced an user
	friendly error message when trying to use IDE disks as readonly.
	Do the same thing for the SATA bus.
	Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1112939

2014-09-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: hook: Provide hook when restoring a domain save image

2014-09-22  Jianwei Hu  <jiahu@redhat.com>

	docs: specify vhost-net instead of net-vhost
	For the tap backend the default is specified and the same should be
	done for the vhost attribute.

	schema: properly set tap and vhost backend attributes optional
	Each attribute is optional, commit af8b4a2 forgot to mention that.

2014-09-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: save image: Split out checks done only when editing the save img
	Move them to the single corresponding function rather than having them
	in the common chunk of code.

	qemu: save image: Split out new definition check/update
	Split out the call to the update method only to places where it is
	actually used rather than having a mega-method that does all the stuff.

	qemu: save image: Add possibility to return XML stored in the image
	Add a new parameter that will allow to return the XML stored in the save
	image for further manipulation and adjust the callers. This option will
	be used in later patches.

	qemu: save image: Split out user provided XML checker
	Extract code used to check save image XMLs provided by users to separate
	use.

2014-09-19  Jim Fehlig  <jfehlig@suse.com>

	libxl: Drop driver lock in libxlDomainDefineXML
	There is no need to acquire the driver-wide lock in
	libxlDomainDefineXML.  When switching to jobs in the libxl
	driver, most driver-wide locks were removed.  The locking here
	was preserved since I mistakenly thought virDomainObjListAdd
	needed protection.  This is not the case, so remove the
	unnecessary locking.

2014-09-19  John Ferlan  <jferlan@redhat.com>

	qemu: Process the hostdev "rawio" setting
	Mimic the "Disk" processing for 'rawio', but for a scsi_host hostdev
	lun device.

	hostdev: Add "rawio" attribute to _virDomainHostdevSubsysSCSI
	Add the 'rawio' attribute to match _virDomainDiskDef and process the
	hostdev XML similarly to the disk XML for a lun which supports/requires rawio

	domain_conf: Change virDomainDiskDef 'rawio' to use virTristateBool
	Adjust disk definition for 'rawio' to use the TristateBool logic

	qemu: Add missing goto on rawio
	Commit id '9a2f36ec' added a build conditional of CAP_SYS_RAWIO
	in order to determine whether or not a disk definition using rawio
	should be allowed on platforms without CAP_SYS_RAWIO. If one was
	found, virReportError was used but the code didn't goto cleanup.
	This patch adds the goto.

2014-09-19  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: add HOME environment variable docs
	commit
	3020594ac57c5e06e79f3db8c765f6bb18c40802
	add HOME environment variable.
	Add a doc for this.

2014-09-19  Pavel Hrdina  <phrdina@redhat.com>

	Move the FIPS detection from capabilities
	We are not detecting the presence of FIPS from QEMU, but from procfs and
	that means it's not QEMU capability. It was decided that we will pass
	this flag to QEMU even if it's not supported by old QEMU binaries.
	This patch also reverts changes done by commit a21cfb0f to
	qemucapabilitestest and implements a new test case in qemuxml2argvtest.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1135431

2014-09-19  Michal Privoznik  <mprivozn@redhat.com>

	virSecuritySELinuxSetTapFDLabel: Temporarily revert to old behavior
	https://bugzilla.redhat.com/show_bug.cgi?id=1141879
	A long time ago I've implemented support for so called multiqueue
	net.  The idea was to let guest network traffic be processed by
	multiple host CPUs and thus increasing performance. However, this
	behavior is enabled by QEMU via special ioctl() iterated over the
	all tap FDs passed in by libvirt. Unfortunately, SELinux comes in
	and disallows the ioctl() call because the /dev/net/tun has label
	system_u:object_r:tun_tap_device_t:s0 and 'attach_queue' ioctl()
	is not allowed on tun_tap_device_t type. So after discussion with
	a SELinux developer we've decided that the FDs passed to the QEMU
	should be labelled with svirt_t type and SELinux policy will
	allow the ioctl(). Therefore I've made a patch
	(cf976d9dcf4e592261b14f03572) that does exactly this. The patch
	was fixed then by a4431931393aeb1ac5893f121151fa3df4fde612 and
	b635b7a1af0e64754016d758376f382470bc11e7. However, things are not
	that easy - even though the API to label FD is called
	(fsetfilecon_raw) the underlying file is labelled too! So
	effectively we are mangling /dev/net/tun label. Yes, that broke
	dozen of other application from openvpn, or boxes, to qemu
	running other domains.
	The best solution would be if SELinux provides a way to label an
	FD only, which could be then labeled when passed to the qemu.
	However that's a long path to go and we should fix this
	regression AQAP. So I went to talk to the SELinux developer again
	and we agreed on temporary solution that:
	1) All the three patches are reverted
	2) SELinux temporarily allows 'attach_queue' on the
	tun_tap_device_t

2014-09-18  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: update zfs documentation
	 - docs/formatstorage.html.in: document 'zfs' pool type, add it
	   to a list of pool types that could use source physical devices
	 - docs/storage.html.in: update a ZFS pool example XML with
	   source physical devices, mention that starting from 1.2.9 a
	   pool could be created from this devices by libvirt and in earlier
	   versions user still has to create a pool manually
	 - docs/drvbhyve.html.in: add an example with ZFS pools

	storage: zfs: implement pool build and delete
	 - Provide an implementation for buildPool and deletePool operations
	   for the ZFS storage backend.
	 - Add VIR_STORAGE_POOL_SOURCE_DEVICE flag to ZFS pool poolOptions
	   as now we can specify devices to build pool from
	 - storagepool.rng: add an optional 'sourceinfodev' to 'sourcezfs' and
	   add an optional 'target' to 'poolzfs' entity
	 - Add a couple of tests to storagepoolxml2xmltest

2014-09-18  Ján Tomko  <jtomko@redhat.com>

	audit: fix memory leak without WITH_AUDIT
	Free str unconditionally since we allocate it without WITH_AUDIT
	too.

	audit: remove redundant NULL assignment
	virVasprintf sets the output to NULL on failure.

	Fixes for domains with no iothreads
	Plug a memory leak and silence a warning.

	Fix leak in x86UpdateHostModel
	Commit de0aeaf introduced a memory leak.

2014-09-18  Erik Skultety  <eskultet@redhat.com>

	Fix libvirtd crash when removing metadata
	When trying to remove nonexistent metadata from XML, libvirt daemon
	crashes due to dereferencing NULL pointer.
	Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1143955

2014-09-18  John Ferlan  <jferlan@redhat.com>

	qemu: Don't fail startup/attach for IOThreads if no JSON
	If the qemu being used doesn't support JSON, then querying for IOThread
	data would fail. In that case, ensure the *iothreads is NULL and return 0
	as the count of iothreads available.

2014-09-18  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix build in qemu_command
	Currently, build with clang fails with:
	  CC       qemu/libvirt_driver_qemu_impl_la-qemu_command.lo
	qemu/qemu_command.c:6580:58: error: implicit conversion from enumeration type
	'virMemAccess' to different enumeration type 'virTristateSwitch'
	[-Werror,-Wenum-conversion]
	        virTristateSwitch memAccess = def->cpu->cells[i].memAccess;
	                          ~~~~~~~~~   ~~~~~~~~~~~~~~~~~~~^~~~~~~~~
	1 error generated.
	Fix that by using virMemAccess instead of virTristateSwitch.

	Fix build in qemu_capabilities
	Commit f05b6a91 added virQEMUDriverConfigPtr argument to the
	virQEMUCapsFillDomainCaps function and it uses forward declaration
	of virQEMUDriverConfig and virQEMUDriverConfigPtr that casues clang
	build to fail:
	gmake[3]: Entering directory `/usr/home/novel/code/libvirt/src'
	  CC       qemu/libvirt_driver_qemu_impl_la-qemu_capabilities.lo
	In file included from qemu/qemu_capabilities.c:43:
	In file included from qemu/qemu_hostdev.h:27:
	qemu/qemu_conf.h:63:37: error: redefinition of typedef 'virQEMUDriverConfig'
	is a C11 feature [-Werror,-Wtypedef-redefinition]
	typedef struct _virQEMUDriverConfig virQEMUDriverConfig;
	                                    ^
	qemu/qemu_capabilities.h:328:37: note: previous definition is here
	typedef struct _virQEMUDriverConfig virQEMUDriverConfig;
	                                    ^
	Fix that by passing loader and nloader config attributes directly
	instead of passing complete config.

	bhyve: tests: fix build
	Commit b20d39a introduced a new argument for the
	virNetDevTapCreateInBridgePort function, however, its mock
	in bhyve tests wasn't updated, so the build failed.
	Fix build by adding this new argument to the mock version.

2014-09-18  Ján Tomko  <jtomko@redhat.com>

	qemu: fix crash with shared disks
	Commit f36a94f introduced a double free on all success paths
	in qemuSharedDeviceEntryInsert.
	Only call qemuSharedDeviceEntryFree on the error path and
	set entry to NULL before jumping there if the entry already
	is in the hash table.
	https://bugzilla.redhat.com/show_bug.cgi?id=1142722

2014-09-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: Improve check for local storage
	Now that we have a simple function to check locality of storage, reuse
	it in qemuDomainCheckDiskPresence().
	Also reuse check for empty storage source.

	qemu: Drop unused formatting of uuid
	The formatted UUID isn't used anywhere else in
	qemuDomainCheckDiskStartupPolicy. Drop it.

2014-09-18  Wang Yufei  <james.wangyufei@huawei.com>

	maint: clean up _virDomainMemoryStat
	Clean up all _virDomainMemoryStat.

	maint: clean up _virDomainBlockStats
	Clean up all _virDomainBlockStats.

	maint: clean up _virDomainInterfaceStats
	Clean up all _virDomainInterfaceStats.

2014-09-18  Peter Krempa  <pkrempa@redhat.com>

	CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk
	Live definition was used to look up the disk index while persistent one
	was indexed leading to a crash in qemuDomainGetBlockIoTune. Use the
	correct def and report a nice error.
	Unfortunately it's accessible via read-only connection, though it can
	only crash libvirtd in the cases where the guest is hot-plugging disks
	without reflecting those changes to the persistent definition.  So
	avoiding hotplug, or doing hotplug where persistent is always modified
	alongside live definition, will avoid the out-of-bounds access.
	Introduced in: eca96694a7f992be633d48d5ca03cedc9bbc3c9aa (v0.9.8)
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140724
	Reported-by: Luyao Huang <lhuang@redhat.com>

2014-09-18  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Honor hugepages for UMA domains
	https://bugzilla.redhat.com/show_bug.cgi?id=1135396
	There are two ways how to tell qemu to use huge pages. The first one
	is suitable for domains with NUMA nodes: the path to hugetlbfs mount
	is appended to NUMA node definition on the command line. The second
	one is suitable for UMA domains: here there's this global '-mem-path'
	argument that accepts path to the hugetlbfs mount point. However, the
	latter case was not used for all the cases that it should be. For
	instance:
	  <memoryBacking>
	    <hugepages>
	      <page size='2048' unit='KiB' nodeset='0'/>
	    </hugepages>
	  </memoryBacking>
	didn't trigger the '-mem-path' so the huge pages - despite being
	configured - were not used at all.

	conf: Disallow nonexistent NUMA nodes for hugepages
	As of 136ad4974 it is possible to specify different huge pages per
	guest NUMA node. However, there's no check if nodeset specified in
	./hugepages/page contains only those guest NUMA nodes that exist.
	In other words with current code it is possible to define meaningless
	combination:
	  <memoryBacking>
	    <hugepages>
	      <page size='1048576' unit='KiB' nodeset='0,2-3'/>
	      <page size='2048' unit='KiB' nodeset='1,4'/>
	    </hugepages>
	  </memoryBacking>
	  <vcpu placement='static'>4</vcpu>
	  <cpu>
	    <numa>
	      <cell id='0' cpus='0' memory='1048576'/>
	      <cell id='1' cpus='1' memory='1048576'/>
	      <cell id='2' cpus='2' memory='1048576'/>
	      <cell id='3' cpus='3' memory='1048576'/>
	    </numa>
	  </cpu>
	Notice the node 4 in <hugepages/>?

2014-09-18  Peter Krempa  <pkrempa@redhat.com>

	man: virsh: Add docs for supported stats groups
	Document the fields returned.

	lib: Document that virConnectGetAllDomainStats may omit some stats fields
	Add a note to make the users aware that some stats groups or fields may
	be missing in certain cases.

	lib: De-duplicate stats group documentation for all stats functions
	State that full stats for the stats groups are available in the
	virConnectGetAllDomainStats documentation section rather than
	duplicating the docs.

2014-09-18  Francesco Romani  <fromani@redhat.com>

	virsh: add options to query bulk stats group
	Add new bulk stats groups to the domstats command.

	qemu: bulk stats: implement block group
	This patch implements the VIR_DOMAIN_STATS_BLOCK group of statistics.
	To do so, a helper function to get the block stats of all the disks of
	a domain is added.

	qemu: bulk stats: implement interface group
	This patch implements the VIR_DOMAIN_STATS_INTERFACE group of
	statistics.

	qemu: bulk stats: implement VCPU group
	This patch implements the VIR_DOMAIN_STATS_VCPU group of statistics. To
	do so, this patch also extracts a helper to gather the vCPU information.

	qemu: bulk stats: implement balloon group
	This patch implements the VIR_DOMAIN_STATS_BALLOON group of statistics.

	qemu: bulk stats: implement CPU stats group
	This patch implements the VIR_DOMAIN_STATS_CPU_TOTAL group of
	statistics.

	qemu: bulk stats: extend internal collection API
	Future patches which will implement more bulk stats groups for QEMU will
	need to access the connection object.
	To accommodate that, a few changes are needed:
	* enrich internal prototype to pass qemu driver object
	* add per-group flag to mark if one collector needs monitor access or not
	* If at least one collector of the requested stats needs monitor access
	  we must start a query job for each domain.  The specific collectors
	  will run nested monitor jobs inside that.
	* If the job can't be acquired we pass flags to the collector so
	  specific collectors that need monitor access can be skipped in order
	  to gather as much data as is possible.

2014-09-17  Michal Privoznik  <mprivozn@redhat.com>

	domaincapstest: Run cleanly on systems missing OVMF firmware
	As of f05b6a918e28 the test produces the list of paths that can
	be passed to <loader/> and libvirt knows about them. However,
	during the process of generating the list the paths are checked
	for their presence. This may produce different results on
	different systems.  Therefore, the path - if missing - is
	added to pretend it's there.

2014-09-17  Martin Kletzander  <mkletzan@redhat.com>

	rpc: make daemon spawning a bit more intelligent
	This way it behaves more like the daemon itself does (acquiring a
	pidfile, deleting the socket before binding, etc.).
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=927369
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1138604

2014-09-17  Michal Privoznik  <mprivozn@redhat.com>

	domaincaps: Expose UEFI binary path, if it exists
	Check to see if the UEFI binary mentioned in qemu.conf actually
	exists, and if so expose it in domcapabilities like
	<loader ...>
	  <value>/path/to/ovmf</value>
	</loader>
	We introduce some generic domcaps infrastructure for handling
	a dynamic list of string values, it may be of use for future bits.

	qemu_capabilities: Change virQEMUCapsFillDomainCaps signature
	Up till now the virQEMUCapsFillDomainCaps() was type of void as
	there was no way for it to fail. This is, however, going to
	change in the next commit.

2014-09-17  Martin Kletzander  <mkletzan@redhat.com>

	qemu: add support for shared memory mapping

	docs, conf, schema: add support for shared memory mapping

	schemas: finish virTristate{Bool,Switch} transition

2014-09-17  Pradipta Kr. Banerjee  <pradipta.banerjee@gmail.com>

	qemu: Add support for multiple versions of 'pseries' machine type
	qemu for IBM Power processor architecture is adding functionality for
	supporting multiple 'pseries' machine type versions, each with different
	capabilities. This patch is for supporting the same

2014-09-17  Michal Privoznik  <mprivozn@redhat.com>

	domaincaps: Expose UEFI capability
	As of 542899168c38 we learned libvirt to use UEFI for domains.
	However, management applications may firstly query if libvirt
	supports it. And this is where virConnectGetDomainCapabilities()
	API comes handy.

2014-09-17  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Copy driver type when initializing chain element
	virStorageSourceInitChainElement initializes a new storage chain element
	for use as a new disk source. If the new element doesn't contain the
	driver name, copy it from the old source.
	This fixes issue where a disk would forget the driver after a snapshot.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140984

2014-09-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: time: Report errors if agent command fails
	Commit b606bbb4 broke reporting of errors when setting of guest time
	fails via the guest agent as the return value is not checked and later
	overwritten by the return value qemuMonitorRTCResetReinjection();
	Fix this by checking the return value before resetting the RTC
	reinjection.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1142294

2014-09-16  Ján Tomko  <jtomko@redhat.com>

	Wire up the interface backend options
	Pass the user-specified tun path down when creating tap device
	when called from the qemu driver.
	Also honor the vhost device path specified by user.

	conf: add backend element to interfaces
	For tuning the network, alternative devices
	for creating tap and vhost devices can be specified via:
	<backend tap='/dev/net/tun' vhost='/dev/net-vhost'/>

	conf: remove redundant local variable
	Use just one int variable for all the FromString calls.

	conf: split out virtio net driver formatting
	Instead of checking upfront if the <driver> element will be needed
	in a big condition, just format all the attributes into a string
	and output the <driver> element if the string is not empty.

2014-09-16  John Ferlan  <jferlan@redhat.com>

	qemu: Need to check for capability before query
	Prior to trying the query-iothreads call - check if the qemu has
	the capability

2014-09-16  Erik Skultety  <eskultet@redhat.com>

	network: check negative values in bridge queues
	We already are checking for negative value, reporting an error, but
	using wrong function and the check only succeeds when a value that
	cannot be converted to number successfully is encountered. This patch
	provides just a minor change in call of the right version
	of function virStrToLong.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1138539

2014-09-16  Hongbin Lu  <hongbin034@gmail.com>

	openvz: fixed two memory leaks on migration code
	The first one occurs in openvzDomainMigratePrepare3Params() where in
	case no remote uri is given, the distant hostname is used. The name is
	obtained via virGetHostname() which require callers to free the
	returned value.
	The second leak lies in openvzDomainMigratePerform3Params(). There's a
	virCommand used later. However, at the beginning of the function
	virCheckFlags() is called which returns. So the command created was
	leaked.

2014-09-16  Michal Privoznik  <mprivozn@redhat.com>

	virprocess: Extend list of platforms for setns wrapper
	Currently, the setns() wrapper is supported only for x86_64 and i686
	which leaves us failing to build on other platforms like arm, aarch64
	and so on. This means, that the wrapper needs to be extended to those
	platforms and make to fail on runtime not compile time.
	The syscall numbers for other platforms was fetched using this
	command:
	kernel.git $ git grep "define.*__NR_setns" | grep -e arm -e powerpc -e s390
	arch/arm/include/uapi/asm/unistd.h:#define __NR_setns                   (__NR_SYSCALL_BASE+375)
	arch/arm64/include/asm/unistd32.h:#define __NR_setns 375
	arch/powerpc/include/uapi/asm/unistd.h:#define __NR_setns               350
	arch/s390/include/uapi/asm/unistd.h:#define __NR_setns          339

2014-09-16  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Fix qcow(2) header parser according to docs
	The backing store string location offset 0 determines that the file
	isn't present. The string size shouldn't be then checked:
	from qemu.git/docs/specs/qcow2.txt
	== Header ==
	The first cluster of a qcow2 image contains the file header:
	Byte  0 -  3:   magic
	                QCOW magic string ("QFI\xfb")
	      4 -  7:   version
	                Version number (valid values are 2 and 3)
	      8 - 15:   backing_file_offset
	                Offset into the image file at which the backing file name
	                is stored (NB: The string is not null terminated). 0 if the
	                image doesn't have a backing file.
	     16 - 19:   backing_file_size
	                Length of the backing file name in bytes. Must not be
	                longer than 1023 bytes. Undefined if the image doesn't have
	                a backing file.         ^^^^^^^^^
	This patch intentionally leaves the backing file string size check in
	place in case a malformatted file would be presented to libvirt. Also
	according to the docs the string size is maximum 1023 bytes, thus this
	patch adds a check to verify that.
	I was also able to verify that the check was done the same way in the
	legacy qcow fromat (in qemu's code).

2014-09-16  John Ferlan  <jferlan@redhat.com>

	qemu: Fix call in qemuDomainSetNumaParamsLive for virCgroupNewIOThread
	Found by inspection of the "i+1" change.  IOThreads are numbered 1..n
	thus the virCgroupNewIOThread needs to create a 1..n value not 0 based.

	qemu_cgroup: Adjust spacing around incrementor
	Change "i+1" to "i + 1"

	qemu: Fix iothreads issue
	If there are no iothreads, then return from qemuProcessDetectIOThreadPIDs
	without error; otherwise, the following occurs:
	error: Failed to start domain $dom
	error: An error occurred, but the cause is unknown

2014-09-16  Eric Blake  <eblake@redhat.com>

	cputune: allow interleaved xml
	I noticed this with the recent iothread pinning code, but the
	problem existed longer than that. The XML validation required
	users to supply <cputune> children in a strict order, even though
	there was no conceptual reason why they can't occur in any order.
	docs/ changes best viewed with -w
	* docs/schemas/domaincommon.rng (cputune): Add interleave.
	* tests/qemuxml2argvdata/qemuxml2argv-cputune-iothreads.xml: Swap
	up order, copying canonical form...
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-cputune-iothreads.xml:
	...here.
	* tests/qemuxml2xmltest.c (mymain): Mark the difference.

2014-09-16  John Ferlan  <jferlan@redhat.com>

	vircgroup: Fix broken builds without cgroups
	I missed adding virCgroupNewIOThread to the !VIR_CGROUP_SUPPORTED
	Pushing as build breaker

2014-09-16  Laine Stump  <laine@laine.org>

	network: detect conflicting route even if it is the final entry
	This is a folloup to commit 5f719596, which checks for a route
	conflicting with the standard libvirt default network subnet
	(192.168.122.0/24). It turns out that $() strips the trailing newline
	from the output of "ip route show", so there would be no match if the
	route we were looking for was the final line of output. This can be
	solved by adding ${nl} to the end of the output (just as we were
	already adding it at the beginning of the output).

2014-09-16  John Ferlan  <jferlan@redhat.com>

	domain_conf: Add iothreadpin to cputune
	https://bugzilla.redhat.com/show_bug.cgi?id=1101574
	Add an option 'iothreadpin' to the <cpuset> to allow for setting the
	CPU affinity for each IOThread.
	The iothreadspin will mimic the vcpupin with respect to being able to
	assign each iothread to a specific CPU, although iothreads ids start
	at 1 while vcpu ids start at 0. This matches the iothread naming scheme.

	qemu: Allow pinning specific IOThreads to a CPU
	Modify qemuProcessStart() in order to allowing setting affinity to
	specific CPU's for IOThreads. The process followed is similar to
	that for the vCPU's.
	This involves adding a function to fetch the IOThread id's via
	qemuMonitorGetIOThreads() and adding them to iothreadpids[] list.
	Then making sure all the cgroup data has been properly set up and
	finally assigning affinity.

	qemu_cgroup: Introduce cgroup functions for IOThreads
	In order to support cpuset setting, introduce qemuSetupCgroupIOThreadsPin
	and qemuSetupCgroupForIOThreads to mimic the existing Vcpu API's.
	These will support having an 'iotrhreadpin' element in the 'cpuset' in
	order to pin named IOThreads to specific CPU's. The IOThread pin names
	will follow the IOThread naming scheme starting at 1 (eg "iothread1")
	up through an including the def->iothreads value.

	qemu_domain: Add niothreadpids and iothreadpids
	Add new 'niothreadpids' and 'iothreadpids' to mimic the 'ncpupids' and
	'vcpupids' that already exist.

	vircgroup: Introduce virCgroupNewIOThread
	Add virCgroupNewIOThread() to mimic virCgroupNewVcpu() except the naming
	scheme with use "iothread" rather than "vcpu".

	qemu: Issue query-iothreads and to get list of active IOThreads
	Generate infrastructure and test to handle fetching the QMP
	IOThreads data.

	virsh: Add iothread to 'attach-disk'
	Add an iothread parameter to allow attaching to an IOThread, such as:
	virsh attach-disk $dom $source $target --live --config --iothread 2 \
	     --targetbus virtio --driver qemu --subdriver raw  --type disk

2014-09-15  Martin Kletzander  <mkletzan@redhat.com>

	util: Fix copy-paste error in virXPathLongLong description

2014-09-15  Erik Skultety  <eskultet@redhat.com>

	network: check for invalid forward delay time
	When spanning tree protocol is allowed in bridge settings, forward delay
	value is set as well (default is 0 if omitted). Until now, there was no
	check for delay value validity. Delay makes sense only as a positive
	numerical value.
	Note: However, even if you provide positive  numerical value, brctl
	utility only uses values from range <2,30>, so the number provided can
	be modified (kernel most likely) to fall within this range.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1125764

2014-09-15  John Ferlan  <jferlan@redhat.com>

	qemu: Fix build breaker on printf directive
	%zu for size_t not %lu

	daemon: Resolve Coverity FORWARD_NULL
	Coverity complains that the comparison:
	  if (nfds && nfds > ((int)!!sock_path + (int)!!sock_path_ro))
	could mean 'sock_path' is NULL. Later in virNetSocketNewListenUNIX
	there's a direct dereference of path in the error path:
	  if (path[0] != '@')
	A bit of sleuthing proves that upon entry to daemonSetupNetworking
	there is no way for 'sock_path' to be NULL since daemonUnixSocketPaths
	will set up 'sock_file' (although it may not set up 'sock_file_ro')
	in all 3 paths.
	Adjusted code to add ATTRIBUTE_NONNULL(3) on incoming path parameter and
	then fixup the comparison of nfds to be a comparison against 2 or 1
	depending on whether sock_path_ro is NULL or not.

	qemu: Resolve Coverity BAD_SIZEOF
	Coverity complains about the calculation of the buf & len within
	the PROBE macro.  So to quiet things down, do the calculation prior
	to usage in either write() or qemuMonitorIOWriteWithFD() calls and
	then have the PROBE use the calculated values - which works.

	Resolve Coverity CHECKED_RETURN
	Coverity complained that checking the return of virDomainCreate()
	was not consistent amongst the callers - so added the return check
	to the objecteventtest.c and adjust the virt-login-shell to compare
	< 0 rather than just non zero for the failure condition.

	virsh: Resolve Coverity DEADCODE
	Coverity complains that on the first pass through the for loop that
	'params' cannot be true, thus the ternary setting to "&" cannot be
	done. Since we can only ever get to this point once, drop the ternary

	domain_conf: Resolve Coverity COPY_PASTE_ERROR
	Seems when commit id 'ea130e3b' added the checks to ensure each of
	the hard_limit, soft_limit, and swap_hard_limit wasn't set at
	VIR_DOMAIN_MEMORY_PARAM_UNLIMITED - a copy/paste error of using
	the 'hard_limit' for each comparison was done. Adjust the code.

	virtime: Resolve Coverity DEADCODE
	Coverity complains that because of how 'offset' is initialized to
	0 (zero), the resulting math and comparison on rem is pointless.
	According to the origin commit id '3ec128989', the code is a
	replacement for gmtime(), but without the localtime() or GMT
	calculations - so just remove this code and add a comment
	indicating the removal

	remote_driver: Resolve Coverity RESOURCE_LEAK
	Since 98b9acf5aa02551dd37d0209339aba2e22e4004a
	This was a false positive where Coverity was complaining that the
	remoteDeserializeTypedParameters() could allocate 'params', but
	none of the callers could return the allocated memory back to their
	caller since on input the param was passed by value. Additionally,
	the flow of the code was that if params was NULL on entry, then each
	function would return 'nparams' as the number of params entries the
	caller would need to allocate in order to call the function again
	with 'nparams' and 'params' being set.  By the time the deserialize
	routine was called params would have something.  For other callers
	where the 'params' was passed by reference as NULL since it's expected
	that the deserialize allocates the memory and then have that passed
	back to the original caller to dispose there was no Coverity issue.
	As it turns out Coverity didn't quite seem to understand the
	relationship between 'nparams' and 'params'; however, if the
	!userAllocated path of the deserialize code compared against
	limit in any manner, then the Coverity error went away which
	was quite strange, but useful.
	As it turns out one code path remoteDomainGetJobStats had a
	comparison against 'limit' while another remoteConnectGetAllDomainStats
	did not assuming that limit would be checked.  So I refactored the
	code a bit to cause the limit check to occur in deserialize for
	both conditions and then only made the check of current returned
	size against the incoming *nparams fail the non allocation case.
	This means the job code doesn't need to check the limit any more,
	while the stats code now does check the limit.
	Additionally, to help perhaps decipher which of the various
	callers to the deserialize code caused the failure - I used
	a #define to pass the __FUNCNAME__ of the caller along so that
	error messages could have something like:
	error: remoteConnectGetAllDomainStats: too many parameters '2' for nparams '0'
	error: Reconnected to the hypervisor
	(it's a contrived error just to show the funcname in the error)

2014-09-15  Lubomir Rintel  <lkundrak@v3.sk>

	node_device_udev: Try harder to get human readable vendor:product
	The manufacurer and product from USB device itself are usually not particularly
	useful -- they tend to be missing, or ugly (all-uppercase, padded with spaces,
	etc.). Prefer what's in the usb id database and fall back to descriptors only
	if the device is too new to be in database.
	https://bugzilla.redhat.com/show_bug.cgi?id=1138887

2014-09-15  Hongbin Lu  <hongbin034@gmail.com>

	add migration support for OpenVZ driver
	This patch adds initial migration support to the OpenVZ driver,
	using the VIR_DRV_FEATURE_MIGRATION_PARAMS family of migration
	functions.

2014-09-15  Martin Kletzander  <mkletzan@redhat.com>

	util: get rid of unnecessary umask() call

	util: fix potential leak in error codepath

	remove redundant pidfile path constructions

	rpc: reformat the flow to make a bit more sense
	Just remove useless "else".  Best viewed with '-w'.

2014-09-15  Laine Stump  <laine@laine.org>

	network: try to eliminate default network conflict during package install
	Sometimes libvirt is installed on a host that is already using the
	network 192.168.122.0/24. If the libvirt-daemon-config-network package
	is installed, this creates a conflict, since that package has been
	hard-coded to create a virtual network that also uses
	192.168.122.0/24. In the past libvirt has attempted to warn of /
	remediate this situation by checking for conflicting routes when the
	network is started, but it turns out that isn't always useful (for
	example in the case that the *other* interface/network creating the
	conflict hasn't yet been started at the time libvirtd start its own
	networks).
	This patch attempts to catch the problem earlier - at install
	time. During the %post install script for
	libvirt-daemon-config-network, we use a case statement to look through
	the output of "ip route show" for a route that exactly matches
	192.168.122.0/24, and if found we search for a similar route that
	*doesn't* match (e.g. 192.168.124.0/24) (note that the search starts
	with "124" instead of 123 because of reports of people already
	modifying their L1 host's network to 192.168.123.0/24 in an attempt to
	solve exactly the problem we are also trying to solve).  When we find
	an available route, we just replace all occurrences of "122" in the
	default.xml that is being created with the newly found 192.168
	subnet. This could obviously be made more complicated - examine the
	template defaul.xml to automatically determine the existing network
	address and mask rather than hard coding it in the specfile, etc, but
	this scripting is simpler and gets the job done as long as we continue
	to use 192.168.122.0/24 in the template. (If anyone with mad bash
	skillz wants to suggest something to do that, by all means please do).
	This is intended to at least "further reduce" occurrence of the
	problems detailed in:
	  https://bugzilla.redhat.com/show_bug.cgi?id=811967

2014-09-12  Eric Blake  <eblake@redhat.com>

	blockjob: allow finer bandwidth tuning for set speed
	We stupidly modeled block job bandwidth after migration
	bandwidth, which in turn was an 'unsigned long' and therefore
	subject to 32-bit vs. 64-bit interpretations.  To work around
	the fact that 10-gigabit interfaces are possible but don't fit
	within 32 bits, the original interface took the number scaled
	as MiB/sec.  But this scaling is rather coarse, and it might
	be nice to tune bandwidth finer than in megabyte chunks.
	Several of the block job calls that can set speed are fed
	through a common interface, so it was easier to adjust them all
	at once.  Note that there is intentionally no flag for the new
	virDomainBlockCopy; there, since the API already uses a 64-bit
	type always, instead of a possible 32-bit type, and is brand
	new, it was easier to just avoid scaling issues.  As with the
	previous patch that adjusted the query side (commit db33cc24),
	omitting the new flag preserves old behavior, and the
	documentation now mentions limits of what happens when a 32-bit
	machine is on either client or server side.
	* include/libvirt/libvirt.h.in (virDomainBlockJobSetSpeedFlags)
	(virDomainBlockPullFlags)
	(VIR_DOMAIN_BLOCK_REBASE_BANDWIDTH_BYTES)
	(VIR_DOMAIN_BLOCK_COMMIT_BANDWIDTH_BYTES): New enums.
	* src/libvirt.c (virDomainBlockJobSetSpeed, virDomainBlockPull)
	(virDomainBlockRebase, virDomainBlockCommit): Document them.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobSetSpeed)
	(qemuDomainBlockPull, qemuDomainBlockRebase)
	(qemuDomainBlockCommit, qemuDomainBlockJobImpl): Support new flag.

	blockcopy: add qemu implementation of new tunables
	Upstream qemu 1.4 added some drive-mirror tunables not present
	when it was first introduced in 1.3.  Management apps may want
	to set these in some cases (for example, without tuning
	granularity down to sector size, a copy may end up occupying
	more bytes than the original because an entire cluster is
	copied even when only a sector within the cluster is dirty,
	although tuning it down results in more CPU time to do the
	copy).  I haven't personally needed to use the parameters, but
	since they exist, and since the new API supports virTypedParams,
	we might as well expose them.
	Since the tuning parameters aren't often used, and omitted from
	the QMP command when unspecified, I think it is safe to rely on
	qemu 1.3 to issue an error about them being unsupported, rather
	than trying to create a new capability bit in libvirt.
	Meanwhile, all versions of qemu from 1.4 to 2.1 have a bug where
	a bad granularity (such as non-power-of-2) gives a poor message:
	error: internal error: unable to execute QEMU command 'drive-mirror': Invalid parameter 'drive-virtio-disk0'
	because of abuse of QERR_INVALID_PARAMETER (which is supposed to
	name the parameter that was given a bad value, rather than the
	value passed to some other parameter).  I don't see that a
	capability check will help, so we'll just live with it (and it
	has since been improved in upstream qemu).
	* src/qemu/qemu_monitor.h (qemuMonitorDriveMirror): Add
	parameters.
	* src/qemu/qemu_monitor.c (qemuMonitorDriveMirror): Likewise.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDriveMirror):
	Likewise.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDriveMirror):
	Likewise.
	* src/qemu/qemu_driver.c (qemuDomainBlockCopyCommon): Likewise.
	(qemuDomainBlockRebase, qemuDomainBlockCopy): Adjust callers.
	* src/qemu/qemu_migration.c (qemuMigrationDriveMirror): Likewise.
	* tests/qemumonitorjsontest.c (qemuMonitorJSONDriveMirror): Likewise.

	blockcopy: add qemu implementation of new API
	The hard part of managing the disk copy is already coded; all
	this had to do was convert the XML and virTypedParameters into
	the internal representation.
	With this patch, all blockcopy operations that used the old
	API should also work via the new API.  Additional extensions,
	such as supporting the granularity tunable or a network rather
	than file destination, will be added as later patches.
	* src/qemu/qemu_driver.c (qemuDomainBlockCopy): New function.

	blockcopy: tweak how rebase calls into copy
	In order to implement the new virDomainBlockCopy, the existing
	block copy internal implementation needs to be adjusted.  The
	new function will parse XML into a storage source, and parse
	typed parameters into integers, then call into the same common
	backend.  For now, it's easier to keep the same implementation
	limits that only local file destinations are suported, but now
	the check needs to be explicit.  Similar to qemuDomainBlockJobImpl
	consuming 'vm', this code also consumes the caller's 'mirror'
	description of the destination.
	* src/qemu/qemu_driver.c (qemuDomainBlockCopy): Rename...
	(qemuDomainBlockCopyCommon): ...and adjust parameters.
	(qemuDomainBlockRebase): Adjust caller.

2014-09-12  Michal Privoznik  <mprivozn@redhat.com>

	formatdomain: Update <loader/> example to match the rest
	At the beginning when I was inventing <loader/> attributes and
	<nvram/> I've introduced this @readonly attribute to the loader
	element. It accepted values 'on' and 'off'. However, later, during the
	review process, that has changed to 'yes' and 'no', but the example
	XML snippet wasn't updated, so while the description is correct, the
	example isn't.
	Reported-by: Laszlo Ersek <lersek@redhat.com>

	virDomainUndefineFlags: Allow NVRAM unlinking
	When a domain is undefined, there are options to remove it's
	managed save state or snapshots. However, there's another file
	that libvirt creates per domain: the NVRAM variable store file.
	Make sure that the file is not left behind if the domain is
	undefined.

2014-09-12  John Ferlan  <jferlan@redhat.com>

	libxl: Resolve Coverity CHECKED_RETURN
	Add a check of the return for virDomainHostdevInsert() like every
	other call.

	qemu: Resolve Coverity FORWARD_NULL
	If we end up at the cleanup lable before we've VIR_EXPAND_N the list,
	then calling virQEMUCapsFreeStringList() with a NULL proplist could
	theoretically deref proplist if nproplist was set. Coverity doesn't
	seem to acknowledge the relationship between proplist and nproplist
	assuming in virQEMUCapsFreeStringList that nproplist could be at
	least 1 and thus have a null deref.  It only seems to follow the
	NULL proplist.

	virfile: Resolve Coverity RESOURCE_LEAK
	With the virGetGroupList() change in place - Coverity further complains
	that if we fail to virFork(), the groups will be leaked - which aha seems
	to be the case. Adjust the logic to save off the -errno, free the groups,
	and then return the value we saved

	virutil: Resolve Coverity RESOURCE_LEAK
	This ends up being a very bizarre false positive. With an assist from
	eblake, the claim is that mgetgroups() could return a -1 value, but yet
	still have a groups buffer allocated, yet the example shown doesn't
	seem to prove that.
	Rather than fret about it, by adding a well placed sa_assert() on the
	returned *list value we can "assure" ourselves that the mgetgroups()
	failure path won't signal this condition.

	daemon: Resolve Coverity RESOURCE_LEAK
	With eblake's help - adjust the checks for stdinfd/stdoutfd to ensure the
	values are within the range we expect; otherwise the dup2()'s and subsequent
	VIR_CLOSE() calls cause Coverity to believe there's a resource leak.

	virsh: Resolve Coverity NEGATIVE_RETURNS
	Coverity notes that after we VIR_ALLOC_N(params, nparams) a failed call to
	virDomainGetCPUStats could result in nparams being set to -1. In that case,
	the subsequent virTypedParamsFree in cleanup will pass -1 which isn't good.
	Use the returned value as the number of stats to display in the loop as
	it will be the value reported from the hypervisor and may be less than
	nparams which is OK

2014-09-12  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Move --completed from resume to domjobinfo
	Because of similar contexts, git rebase I did just before pushing the
	series which added --completed option patched the wrong command.

2014-09-12  Peter Krempa  <pkrempa@redhat.com>

	conf: snapshot: Don't default-snapshot empty drives
	If a (floppy) drive isn't selected for snapshot explicitly and is empty
	don't try to snapshot it. For external snapshots this would fail as we
	can't generate a name for the snapshot from an empty drive.
	Reported-by: Pavel Hrdina <phrdina@redhat.com>

	util:  Add function to check if a virStorageSource is "empty"
	To express empty drive we historically use storage source with empty
	path. Unfortunately NBD disks may be declared without a path.
	Add a helper to wrap this logic.

2014-09-12  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.spec: Fix permission even for libvirt-driver-qemu
	In my previous patch (37d8c75fad) I've tried to fix permissions
	for nvram store path. The aim was to give the nvram directory
	execute permission so that domain running under other users
	than qemu:qemu can access their nvram file. However, my fix
	was incomplete as the path belongs to libvirt-driver-qemu
	package too and I've fixed it only for the libvirt-daemon
	package.
	Reported-by: Laszlo Ersek <lersek@redhat.com>

2014-09-12  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix mapping of libvirt and libxl lifecycle actions
	The libxl driver was blindly assigning libvirt's
	virDomainLifecycleAction to libxl's libxl_action_on_shutdown, when
	in fact the various actions take on different values in these enums.
	Introduce helpers to properly map the enum values.

2014-09-12  Daniel P. Berrange  <berrange@redhat.com>

	tests: Add more test suite mock helpers
	Rename the VIR_MOCK_IMPL* macros to VIR_MOCK_WRAP*
	and add new VIR_MOCK_IMPL macros which let you directly
	implement overrides in the preloaded source.

	util: Allow port allocator to skip bind() check
	Test suites using the port allocator don't want to have different
	behaviour depending on whether a port is in use on the host. Add
	a VIR_PORT_ALLOCATOR_SKIP_BIND_CHECK which test suites can use
	to skip the bind() test. The port allocator will thus only track
	ports in use by the test suite process itself. This is fine when
	using the port allocator to generate guest configs which won't
	actually be launched

2014-09-11  Michal Privoznik  <mprivozn@redhat.com>

	nvram: Fix permissions
	I've noticed two problem with the automatically created NVRAM varstore
	file. The first, even though I run qemu as root:root for some reason I
	get Permission denied when trying to open the _VARS.fd file. The
	problem is, the upper directory misses execute permissions, which in
	combination with us dropping some capabilities result in EPERM.
	The next thing is, that if I switch SELinux to enforcing mode, I get
	another EPERM because the vars file is not labeled correctly. It is
	passed to qemu as disk and hence should be labelled as disk. QEMU may
	write to it eventually, so this is different to kernel or initrd.

2014-09-11  Pavel Hrdina  <phrdina@redhat.com>

	util/virprocess.c: fix MinGW build
	The build failed because of missing "sys/syscall.h".

2014-09-11  John Ferlan  <jferlan@redhat.com>

	libxl: Resolve Coverity NULL_RETURNS
	With all the changes in my previous foray into this code, I forgot to
	remove the libxlDomainEventQueue(driver, event); call inside the
	dom == NULL condition.

	qemu: Resolve Coverity NEGATIVE_RETURNS
	Coverity notes that if the virConnectListAllDomains returns a negative
	value then the loop at the cleanup label that ends on numDomains will
	have issues.

	qemu: Resolve Coverity NEGATIVE_RETURNS
	Coverity notes that if qemuMonitorGetMachines() returns a negative
	nmachines value, then the code at the cleanup label will have issues.

	xen: Resolve Coverity NEGATIVE_RETURNS
	Coverity notes that if the call to virBitmapParse() returns a negative
	value, then when we jump to the error label, the call to
	virCapabilitiesClearHostNUMACellCPUTopology() will have issues
	with the negative nb_cpus

	nodeinfo: Resolve Coverity NEGATIVE_RETURNS
	If the virNumaGetNodeCPUs() call fails with -1, then jumping to cleanup
	with 'cpus == NULL' and calling virCapabilitiesClearHostNUMACellCPUTopology
	will cause issues.

	qemu: Resolve Coverity NEGATIVE_RETURNS
	In qemuProcessInitPCIAddresses() if qemuMonitorGetAllPCIAddresses()
	returns a negative (or zero) value, then no need to call the
	qemuProcessDetectPCIAddresses().

	network_conf: Resolve Coverity FORWARD_NULL
	The code compares def->forwarders when deciding to return 0 at a
	couple of points, then uses "def->nfwds" as a way to index into
	the def->forwarders array.  That reference results in Coverity
	complaining that def->forwarders being NULL was checked as part
	of an arithmetic OR operation where failure could be any one 5
	conditions, but that is not checked when entering the loop to
	dereference the array.  Changing the comparisons to use nfwds
	will clear the warnings

	qemu: Resolve Coverity FORWARD_NULL
	If the qemuMigrationEatCookie() fails to set mig, we jump to cleanup:
	which will call qemuMigrationCancelDriveMirror() without first checking
	if mig == NULL

	virstring: Resolve Coverity FORWARD_NULL
	Perhaps a false positive, but since Coverity doesn't understand the
	relationship between the 'count' and the 'strings', rather than leave
	the chance the on input 'strings' is NULL and causes a deref - just
	check for it and return

	network: Resolve Coverity FORWARD_NULL
	If the VIR_STRDUP(exptime,...) fails, then we will jump to cleanup,
	no need to check if exptime is set which causes Coverity to issue
	a complaint in the virStrToLong_ll call because there wasn't a check
	for a NULL value while there was one for the reference right after
	the VIR_STRDUP().

	qemu: Resolve Coverity FORWARD_NULL
	If we jump to cleanup before allocating the 'result', then the call
	to virBlkioDeviceArrayClear will deref result causing a problem.

	lxc: Resolve Coverity FORWARD_NULL
	If we jump to cleanup before allocating 'result', then the call to
	virBlkioDeviceArrayClear() could dereference result

	qemu: Resolve Coverity FORWARD_NULL
	If the virJSONValueNewObject() fails, then rather than going to error
	and getting a Coverity false positive since it doesn't seem to understand
	the relationship between nkeywords, keywords, and values and seems to
	believe calling qemuFreeKeywords will cause a NULL deref - just return NULL

	virsh: Resolve Coverity DEADCODE
	Coverity points out that if 'dom' isn't returned from virDomainQemuAttach,
	then the code already jumps to cleanup, so there was no need for the
	subsequent if (dom != NULL) check.
	I moved the error message about failure into the goto cleanup on failure
	and then removed the if (dom != NULL)

	tests: Resolve Coverity DEADCODE
	Coverity complains that the various checks for autoincrement and changed
	variables are DEADCODE - seems to me to be a false positive - so mark it.

	qemu: Resolve Coverity DEADCODE
	Add another 'dead_code_begin' - victims of our own coding practices

	virsh: Resolve Coverity DEADCODE
	Coverity points out that by using EMPTYSTR(type) we are guarding against
	the possibility that it could be NULL; however, based on how 'type' was
	initialized to NULL, then using nested ternary if-then-else's (?:?:)
	setting either "ipv4", "ipv6", or "" - there is no way it could be NULL.
	Since "-" is supposed to mean something empty in a field - modify the
	nested ternary to an easier to read/process if-then-else leaving the
	initialization to NULL to mean "-" in the formatted output.
	Also changed the name from 'type' to 'typestr'.

	virfile: Resolve Coverity DEADCODE
	Adjust the parentheses in/for the waitpid loops; otherwise, Coverity
	points out:
	(1) Event assignment:   Assigning: "waitret" = "waitpid(pid, &status, 0) == -1"
	(2) Event between:      At condition "waitret == -1", the value of "waitret"
	                        must be between 0 and 1.
	(3) Event dead_error_condition:     The condition "waitret == -1" cannot
	                        be true.
	(4) Event dead_error_begin:     Execution cannot reach this statement:
	                        "ret = -*__errno_location();".

	virsh: Resolve Coverity DEADCODE
	Since 0766783abbe8bbc9ea686c2c3149f4c0ac139e19
	Coverity complains that the EDIT_FREE definition results in DEADCODE.
	As it turns out with the change to use the EDIT_FREE macro the call to
	vir*Free() wouldn't be necessary nor would it happen...
	Prior code to above commitid would :
	  vir*Ptr foo = NULL;
	  ...
	  foo = vir*GetXMLDesc()
	  ...
	  vir*Free(foo);
	  foo = vir*DefineXML()
	  ...
	And thus the free was needed.  With the change to use EDIT_FREE the
	same code changed to:
	  vir*Ptr foo = NULL;
	  vir*Ptr foo_edited = NULL;
	  ...
	  foo = vir*GetXMLDesc()
	  ...
	  if (foo_edited)
	      vir*Free(foo_edited);
	  foo_edited = vir*DefineXML()
	  ...
	However, foo_edited could never be set in the code path - even with
	all the goto's since the only way for it to be set is if vir*DefineXML()
	succeeds in which case the code to allow a retry (and thus all the goto's)
	never leaves foo_edited set
	All error paths lead to "cleanup:" which causes both foo and foo_edited
	to call the respective vir*Free() routines if set.

	storage: Resolve Coverity OVERFLOW_BEFORE_WIDEN
	Coverity complains that when multiplying to 32 bit values that eventually
	will be stored in a 64 bit value that it's possible the math could
	overflow unless one of the values being multiplied is type cast to
	the proper size.

	qemu: Resolve Coverity REVERSE_INULL
	Coverity complains that checking for !domlist after setting doms = domlist
	and making a deref of doms just above
	It seems the call in question was intended to me made in the case that
	'doms' was passed in and not when the virDomainObjListExport() call
	allocated domlist and already called virConnectGetAllDomainStatsCheckACL().
	Thus rather than check for !domlist - check that "doms != domlist" in
	order to avoid the Coverity message.

	vbox: Resolve Coverity UNUSED_VALUE
	Handle a few places where Coverity complains about the value being
	unused. For two of them (Close cases) - the comments above the close
	indicate there is no harm to ignore the error - so added an ignore_value.
	For the other condition, added an rc check like other callers.

	storage: Resolve Coverity UNUSED_VALUE
	Since cd4d547576a4f0371d1d4d4e0ca6db124c5ba257
	Coverity notes that setting 'ret = -3' prior to the unconditional
	setting of 'ret = 0' will cause the value to be UNUSED.
	Since the comment indicates that it is expect to allow the code
	to continue, just remove the ret = -3 setting.

	qemu_driver: Resolve Coverity COPY_PASTE_ERROR
	In qemuDomainSetBlkioParameters(), Coverity points out that the calls
	to qemuDomainParseBlkioDeviceStr() are slightly different and points
	out there may be a cut-n-paste error.
	In the first call (AFFECT_LIVE), the second parameter is "param->field";
	however, for the second call (AFFECT_CONFIG), the second parameter is
	"params->field".  It seems the "param->field" is correct especially since
	each path as a setting of "param" to "&params[i]".  Furthermore, there
	were a few more instances of using "params[i]" instead of "param->"
	which I cleaned up.

2014-09-11  Michal Privoznik  <mprivozn@redhat.com>

	selinux: Properly check TAP FD label
	After a4431931 the TAP FDs ale labeled with image label instead
	of the process label. On the other hand, the commit was
	incomplete as a few lines above, there's still old check for the
	process label presence while it should be check for the image
	label instead.

2014-09-11  Ján Tomko  <jtomko@redhat.com>

	qemu: remove leftover virResetLastError
	As of commit 5d29ca0:
	qemu: switch PCI address set from hash table to an array
	There is no error to be reset.

2014-09-10  Peter Krempa  <pkrempa@redhat.com>

	virsh: desc command in --title mode mentions description instead of title
	Tweak the messages so that they mention "title" rather than
	"description" when operating in title mode. Also fixes one missing "%s"
	before non-formatted gettext message.
	Before:
	 $ virsh desc --title dom
	 No description for domain: dom
	After:
	 $ virsh desc --title dom
	 No title for domain: dom
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140034

	util: storage: Convert disk locality check to switch statement
	To allow the compiler to track future additions of disk types, convert
	the function to use a switch statement with the correct type.

2014-09-10  Michal Privoznik  <mprivozn@redhat.com>

	virprocess: Introduce our own setns() wrapper
	From time to time weird bugreports occur on the list, e.g [1].
	Even though the kernel supports setns syscall, there's an older
	glibc in the system that misses a wrapper over the syscall.
	Hence, after the configure phase we think there's no setns
	support in the system, which is obviously wrong. On the other
	hand, we can't rely on linux distributions to provide newer glibc
	soon. Therefore we need to introduce the wrapper on or own.
	1: https://www.redhat.com/archives/libvir-list/2014-September/msg00492.html

2014-09-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: dump: Resume CPUs only when the VM is still alive
	Check if the VM is alive after we possibly called into monitor to reset
	the guest.

	qemu: dump: Fix formatting of function headers and code inline
	Also drop a comment with obvious content.

	virsh: domain: Clean up handling of "dom" in "save" command

	util: process: Don't report OOM errors in helper
	virProcessTranslateStatus is used on error paths that should not spoil
	the returned error. As the errors are ignored, use the quiet versions of
	virAsprintf to create the message.

2014-09-10  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Automatically create NVRAM store
	When using split UEFI image, it may come handy if libvirt manages per
	domain _VARS file automatically. While the _CODE file is RO and can be
	shared among multiple domains, you certainly don't want to do that on
	the _VARS file. This latter one needs to be per domain. So at the
	domain startup process, if it's determined that domain needs _VARS
	file it's copied from this master _VARS file. The location of the
	master file is configurable in qemu.conf.
	Temporary, on per domain basis the location of master NVRAM file can
	be overridden by this @template attribute I'm inventing to the
	<nvram/> element. All it does is holding path to the master NVRAM file
	from which local copy is created. If that's the case, the map in
	qemu.conf is not consulted.
	Acked-by: Laszlo Ersek <lersek@redhat.com>

	qemu: Implement extended loader and nvram
	QEMU now supports UEFI with the following command line:
	  -drive file=/usr/share/OVMF/OVMF_CODE.fd,if=pflash,format=raw,unit=0,readonly=on \
	  -drive file=/usr/share/OVMF/OVMF_VARS.fd,if=pflash,format=raw,unit=1 \
	where the first line reflects <loader> and the second one <nvram>.
	Moreover, these two lines obsolete the -bios argument.
	Note that UEFI is unusable without ACPI. This is handled properly now.
	Among with this extension, the variable file is expected to be
	writable and hence we need security drivers to label it.
	Acked-by: Laszlo Ersek <lersek@redhat.com>

	conf: Extend <loader/> and introduce <nvram/>
	Up to now, users can configure BIOS via the <loader/> element. With
	the upcoming implementation of UEFI this is not enough as BIOS and
	UEFI are conceptually different. For instance, while BIOS is ROM, UEFI
	is programmable flash (although all writes to code section are
	denied). Therefore we need new attribute @type which will
	differentiate the two. Then, new attribute @readonly is introduced to
	reflect the fact that some images are RO.
	Moreover, the OVMF (which is going to be used mostly), works in two
	modes:
	1) Code and UEFI variable store is mixed in one file.
	2) Code and UEFI variable store is separated in two files
	The latter has advantage of updating the UEFI code without losing the
	configuration. However, in order to represent the latter case we need
	yet another XML element: <nvram/>. Currently, it has no additional
	attributes, it's just a bare element containing path to the variable
	store file.
	Acked-by: Laszlo Ersek <lersek@redhat.com>

2014-09-10  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Transfer recomputed stats back to source
	After the previous commit, migration statistics on the source and
	destination hosts are not equal because the destination updated time
	statistics. Let's send the result back so that the same data can be
	queried on both sides of the migration.

	qemu: Recompute downtime and total time when migration completes
	Total time of a migration and total downtime transfered from a source to
	a destination host do not count with the transfer time to the
	destination host and with the time elapsed before guest CPUs are
	resumed. Thus, source libvirtd remembers when migration started and when
	guest CPUs were paused. Both timestamps are transferred to destination
	libvirtd which uses them to compute total migration time and total
	downtime. Obviously, this requires the time to be synchronized between
	the two hosts. The reported times are useless otherwise but they would
	be equally useless if we didn't do this recomputation so don't lose
	anything by doing it.

	qemu: Transfer migration statistics to destination
	When migrating a transient domain or with VIR_MIGRATE_UNDEFINE_SOURCE
	flag, the domain may disappear from source host. And so will migration
	statistics associated with the domain. We need to transfer the
	statistics at the end of a migration so that they can be queried at the
	destination host.

	virsh: Add support for completed job stats
	New --completed flag for virsh domjobinfo command.

	qemu: Silence coverity on optional migration stats

	Add support for fetching statistics of completed jobs
	virDomainGetJobStats gains new VIR_DOMAIN_JOB_STATS_COMPLETED flag that
	can be used to fetch statistics of a completed job rather than a
	currently running job.

	qemu: Avoid incrementing jobs_queued if virTimeMillisNow fails

	Refactor job statistics
	Job statistics data were tracked in several structures and variables.
	Let's make a new qemuDomainJobInfo structure which can be used as a
	single source of statistics data as a preparation for storing data about
	completed a job.

2014-09-10  Ján Tomko  <jtomko@redhat.com>

	docs: fix encryption format attribute in example
	The correct attribute name is 'format', not 'type'.
	https://bugzilla.redhat.com/show_bug.cgi?id=1139910

2014-09-09  Eric Blake  <eblake@redhat.com>

	virsh: additional scaled output units
	The parser accepts P and E, so the formatter should too.
	* tools/virsh.c (vshPrettyCapacity): Handle larger units.

2014-09-09  Martin Kletzander  <mkletzan@redhat.com>

	util: let virSetSockReuseAddr report unified error message

2014-09-09  Eric Blake  <eblake@redhat.com>

	blockcopy: add a way to parse disk source
	The new blockcopy API wants to reuse only a subset of the disk
	hotplug parser - namely, we only care about the embedded
	virStorageSourcePtr inside a <disk> XML.  Strange as it may
	seem, it was easier to just parse an entire disk definition,
	then throw away everything but the embedded source, than it
	was to disentangle the source parsing code from the rest of
	the overall disk parsing function.  All that I needed was a
	couple of tweaks and a new internal flag that determines
	whether the normally-mandatory target element can be
	gracefully skipped, since everything else was already optional.
	* src/conf/domain_conf.h (virDomainDiskSourceParse): New
	prototype.
	* src/conf/domain_conf.c (VIR_DOMAIN_XML_INTERNAL_DISK_SOURCE):
	New flag.
	(virDomainDiskDefParseXML): Honor flag to make target optional.
	(virDomainDiskSourceParse): New function.

2014-09-08  Eric Blake  <eblake@redhat.com>

	blockjob: avoid 32-bit compilation warning
	Commit c1d75de caused this warning on 32-bit platforms (fatal when
	-Werror is enabled):
	virsh-domain.c: In function 'cmdBlockCopy':
	virsh-domain.c:2003:17: error: comparison is always false due to limited range of data type [-Werror=type-limits]
	Forcing the left side of the < to be ull instead of ul shuts up
	the 32-bit compiler while still protecting 64-bit code from overflow.
	* tools/virsh-domain.c (cmdBlockCopy): Add type coercion.

2014-09-08  Erik Skultety  <eskultet@redhat.com>

	qemu: panic device: check for invalid address type
	qemu now checks for invalid address type for a panic device, which is
	currently implemented only to use ISA address type, thus rejecting
	any other options, except for leaving XML attributes blank, in that case,
	defaults are used (this behaviour remains the same from earlier verions).
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1138125

2014-09-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Propagate QEMU errors during incoming migrations
	When QEMU fails during incoming migration after we successfully started
	it (i.e., during Perform or Finish phase), we report a rather unhelpful
	message
	    Unable to read from monitor: Connection reset by peer
	We already have a code that takes error messages from QEMU's error
	output but we disable it once QEMU successfully starts. This patch
	postpones this until the end of Finish phase during incoming migration
	so that we can report a much better error message:
	    internal error: early end of file from monitor: possible problem:
	    Unknown savevm section or instance '0000:00:05.0/virtio-balloon' 0
	    load of migration failed
	https://bugzilla.redhat.com/show_bug.cgi?id=1090093

2014-09-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Simplify error paths
	Return failure right away when the domain object can't be looked up
	instead of jumping to cleanup. This allows to remove the condition
	before unlocking the domain object.

	qemu: snapshot: Fix snapshot function header formatting and spacing

2014-09-08  Jincheng Miao  <jmiao@redhat.com>

	qemu: snapshot: Acquire job earlier on snapshot revert/delete
	The code would lookup the snapshot object before acquiring the job. This
	could lead to a crash as one thread could delete the snapshot object,
	while a second thread already had the reference.

2014-09-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Fix job handling when creating snapshots
	Creating snapshots modifies the domain state. Currently we wouldn't
	enter the job for certain operations although they would modify the
	state. Refactor job handling so that everything is covered by an async
	job.

	qemu: Rename DEFAULT_JOB_MASK to QEMU_DEFAULT_JOB_MASK
	Be consistent with naming of private defines. Also line up code
	correctly in few places where the macro is used.

2014-09-07  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	selinux: Avoid label reservations for type = none
	For security type='none' libvirt according to the docs should not
	generate seclabel be it for selinux or any model. So, skip the
	reservation of labels when type is none.

2014-09-07  Eric Blake  <eblake@redhat.com>

	blockcopy: remote implementation for new API
	Fairly straightforward - I got lucky that the generated functions
	worked out of the box :)
	* src/remote/remote_protocol.x (remote_domain_block_copy_args):
	New struct.
	(REMOTE_PROC_DOMAIN_BLOCK_COPY): New RPC.
	* src/remote/remote_driver.c (remote_driver): Wire it up.
	* src/remote_protocol-structs: Regenerate.

	blockcopy: expose new API in virsh
	Expose the new power of virDomainBlockCopy through virsh (well,
	all but the finer-grained bandwidth, as that is its own can of
	worms for a later patch).  Continue to use the older API where
	possible, for maximum compatibility.
	The command now requires either --dest (with optional --format
	and --blockdev), to directly describe the file destination, or
	--xml, to name a file that contains an XML description such as:
	<disk type='network'>
	  <driver type='raw'/>
	  <source protocol='gluster' name='vol1/img'>
	    <host name='red'/>
	  </source>
	</disk>
	[well, it may be a while before the qemu driver is actually patched
	to act on that particular xml beyond just parsing it, but the virsh
	interface won't need changing at that time]
	Non-zero option parameters are converted into virTypedParameters,
	and if anything requires the new API, the command can synthesize
	appropriate XML even if the --dest option was used instead of --xml.
	The existing --raw flag remains for back-compat, but the preferred
	spelling is now --format=raw, since the new API now allows us
	to specify all formats rather than just a boolean raw to suppress
	probing.
	I hope I did justice in describing the effects of granularity and
	buf-size on how they get passed through to qemu.
	* tools/virsh-domain.c (cmdBlockCopy): Add new options --xml,
	--granularity, --buf-size, --format. Make --raw an alias for
	--format=raw. Call new API if new parameters are in use.
	* tools/virsh.pod (blockcopy): Document new options.

	maint: update to latest gnulib
	The usual portability fixes; and this includes a fix that adds
	a new syntax check for double semicolons (commit 28de556 fixed
	some, but gnulib found a better check).
	* .gnulib: Update to latest.
	* src/xenconfig/xen_common.c (xenFormatConfigCommon): Fix offender.

2014-09-06  Eric Blake  <eblake@redhat.com>

	blockcopy: split out virsh implementation
	I'm about to extend the capabilities of blockcopy.  Hiding a few
	common lines of implementation gets in the way of the new required
	logic, and putting the new logic in the common implementation won't
	benefit any of the other blockjob operations.  Therefore, it is
	simpler to just do the work inline.  There should be no semantic
	change in this patch.
	* tools/virsh-domain.c (blockJobImpl): Move block copy guts...
	(cmdBlockCopy): ...into their lone caller.

2014-09-06  Pradipta Kr. Banerjee  <pradipta.banerjee@gmail.com>

	storage_conf: Fix libvirtd crash when defining scsi storage pool
	Since 9f781da69de02745acb719e78982df9aeccfcd7b
	Resolve a libvirtd crash in virStoragePoolSourceFindDuplicate()
	when there is an existing SCSI pool defined with adapter type as
	'scsi_host' and defining a new SCSI pool with adapter type as
	'fc_host' and parent attribute missing or vice versa.
	For example, if there is an existing SCSI pool with adapter type
	as 'scsi_host' defined using the following XML
	<pool type='scsi'>
	  <name>TEST_SCSI_POOL</name>
	    <source>
	       <adapter type='scsi_host' name='scsi_host1'/>
	    </source>
	    <target>
	        <path>/dev/disk/by-path</path>
	    </target>
	</pool>
	When defining another SCSI pool with adapter type as 'fc_host' using the
	following XML will crash libvirtd
	<pool type='scsi'>
	  <name>TEST_SCSI_FC_POOL</name>
	  <source>
	     <adapter type='fc_host' wwnn='1234567890abcdef' wwpn='abcdef1234567890'/>
	  </source>
	  <target>
	     <path>/dev/disk/by-path</path>
	  </target>
	</pool>
	Same is true for the reverse case as well where there exists a SCSI pool
	with adapter type as 'fc_host' and another SCSI pool is defined with
	adapter type as 'scsi_host'.
	This happens because for fc_host 'name' is optional attribute whereas for
	scsi_host its mandatory. However the check in libvirt for finding duplicate
	storage pools didn't take that into account while comparing

2014-09-06  Eric Blake  <eblake@redhat.com>

	blockcopy: allow block device destination
	To date, anyone performing a block copy and pivot ends up with
	the destination being treated as <disk type='file'>.  While this
	works for data access for a block device, it has at least one
	noticeable shortcoming: virDomainGetBlockInfo() reports allocation
	differently for block devices visited as files (the size of the
	device) than for block devices visited as <disk type='block'>
	(the maximum sector used, as reported by qemu); and this difference
	is significant when trying to manage qcow2 format on block devices
	that can be grown as needed.
	Of course, the more powerful virDomainBlockCopy() API can already
	express the ability to set the <disk> type.  But a new API can't
	be backported, while a new flag to an existing API can; and it is
	also rather inconvenient to have to resort to the full power of
	generating XML when just adding a flag to the older call will do
	the trick.  So this patch enhances blockcopy to let the user flag
	when the resulting XML after the copy must list the device as
	type='block'.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_BLOCK_REBASE_COPY_DEV):
	New flag.
	* src/libvirt.c (virDomainBlockRebase): Document it.
	* tools/virsh-domain.c (opts_block_copy, blockJobImpl): Add
	--blockdev option.
	* tools/virsh.pod (blockcopy): Document it.
	* src/qemu/qemu_driver.c (qemuDomainBlockRebase): Allow new flag.
	(qemuDomainBlockCopy): Remember the flag, and make sure it is only
	used on actual block devices.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml: Test it.

	blockjob: add new --bytes flag to virsh blockjob
	Expose the new flag just added to virDomainGetBlockJobInfo.
	With --raw, the presence or absence of --bytes determines which
	flag to use in the single API call.  Without --raw, the use of
	--bytes forces an error if the server doesn't support it,
	otherwise, the code tries to silently fall back to scaling the
	MiB/s value.
	My goal is to eventually also support --bytes in bandwidth mode;
	but that's a bit further down the road (and needs a new API flag
	added in libvirt.h first).
	This changes the human output, but the previous patch added
	raw output precisely so that we can have flexibility with the
	human output.  For this commit, I used qemu-monitor-command to
	force an unusual bandwidth, but the same will be possible once
	qemu implements virDomainBlockCopy:
	Before:
	Block Copy: [100 %]    Bandwidth limit: 2 MiB/s
	After:
	Block Copy: [100 %]    Bandwidth limit: 1048577 bytes/s (1.000 MiB/s)
	The cache avoids having to repeatedly checking whether the flag
	works when talking to an older server, when multiple blockjob
	commands are issued during a batch session and the user is
	manually polling for job completion.
	* tools/virsh.h (_vshControl): Add a cache.
	* tools/virsh.c (cmdConnect, vshReconnect): Initialize the cache.
	* tools/virsh-domain.c (opts_block_job): Add --bytes.
	* tools/virsh.pod (blockjob): Document this.

	blockjob: add new --raw flag to virsh blockjob
	The current output of 'blockjob [--info]' is a single line
	designed for human consumption; it's not very nice for machine
	parsing.  Furthermore, I have plans to modify the line in
	response to the new flag for controlling bandwidth units.
	Solve that by adding a --raw parameter, which outputs
	information closer to the C struct.
	$ virsh blockjob testvm1 vda --raw
	 type=Block Copy
	 bandwidth=1
	 cur=197120
	 end=197120
	The information is indented, because I'd like for a later patch
	to add a mode that iterates over all the vm's disks with status
	for each; in that mode, each block name would be listed unindented
	before information (if any) about that block.
	Now that we have a raw mode, we can guarantee that it won't change
	format over time.  Any app that cares about parsing the output can
	try --raw, and if it fails, know that it was talking to an older
	virsh and fall back to parsing the human-readable format which had
	not changed until now; meanwhile, when not using --raw, we have
	freed future virsh to change the output to whatever makes sense.
	My first change to human mode: this command now guarantees a line
	is printed on successful use of the API, even when the API did
	not find a current block job (consistent with the rest of virsh).
	Bonus: https://bugzilla.redhat.com/show_bug.cgi?id=1135441
	complained that this message was confusing:
	$ virsh blockjob test1 hda  --async --bandwidth 10
	error: conflict between --abort, --info, and --bandwidth modes
	even though the man page already documents that --async implies
	abort mode, all because '--abort' wasn't present in the command
	line.  Since I'm adding another case where options are tied
	to or imply a mode, I changed that error to:
	error: conflict between abort, info, and bandwidth modes
	* tools/virsh-domain.c (cmdBlockJob): Add --raw parameter; tweak
	error wording.
	* tools/virsh.pod (blockjob): Document it.

	blockjob: split up virsh blockjob info
	I have plans to make future enhancements to the job list mode,
	which will be easier to do if the common blockJobImpl function
	is not mixing a query command with multiple modify commands.
	Besides, it just feels weird that all callers to blockJobImpl
	had to supply both a bandwidth input argument (unused for info
	mode) and an info output argument (unused for all other modes);
	not to mention I just made similar cleanups on the libvirtd
	side.
	The only reason blockJobImpl returned int was because of info
	mode returning -1/0/1 (all other job API are -1/0), so that
	can also be cleaned up.  No user-visible changes in this commit.
	* tools/virsh-domain.c (blockJobImpl): Change signature and return
	value.  Drop info handling.
	(cmdBlockJob): Handle info here.
	(cmdBlockCommit, cmdBlockCopy, cmdBlockPull): Adjust callers.

	blockjob: allow finer bandwidth tuning for query
	While reviewing the new virDomainBlockCopy API, Peter Krempa
	pointed out that our existing design of using MiB/s for block
	job bandwidth is rather coarse, especially since qemu tracks
	it in bytes/s; so virDomainBlockCopy only accepts bytes/s.
	But once the new API is implemented for qemu, we will be in
	the situation where it is possible to set a value that cannot
	be accurately reflected back to the user, because the existing
	virDomainGetBlockJobInfo defaults to the coarser units.
	Fortunately, we have an escape hatch; and one that has already
	served us well in the past: we can use the flags argument to
	specify which scale to use (see virDomainBlockResize for prior
	art).  This patch fixes the query side of the API; made easier
	by previous patches that split the query side out from the
	modification code.  Later patches will address the virsh
	interface, as well retrofitting all other blockjob APIs to
	also accept a flag for toggling bandwidth units.
	* include/libvirt/libvirt.h.in (_virDomainBlockJobInfo)
	(VIR_DOMAIN_BLOCK_COPY_BANDWIDTH): Document sizing issues.
	(virDomainBlockJobInfoFlags): New enum.
	* src/libvirt.c (virDomainGetBlockJobInfo): Document new flag.
	* src/qemu/qemu_monitor.h (qemuMonitorBlockJobInfo): Add parameter.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockJobInfo): Likewise.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockJobInfo):
	Likewise.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockJobInfo)
	(qemuMonitorJSONGetBlockJobInfoOne): Likewise. Don't scale here.
	* src/qemu/qemu_migration.c (qemuMigrationDriveMirror): Update
	callers.
	* src/qemu/qemu_driver.c (qemuDomainBlockPivot)
	(qemuDomainBlockJobImpl): Likewise.
	(qemuDomainGetBlockJobInfo): Likewise, and support new flag.

	blockjob: add new monitor json conversions
	The previous patch hoisted some bounds checks to the callers;
	but someone that is not aware of the hoisted check could now
	try passing an integer between LLONG_MAX and ULLONG_MAX.  As a
	safety measure, add new json conversion modes that let libvirt
	error out early instead of pass bad numbers to qemu, if the
	caller ever makes a mistake due to later refactoring.
	Convert the various blockjob QMP calls to use the new modes,
	and switch some of them to be optional (QMP has always supported
	an omitted "speed" the same as "speed":0, for everything except
	block-job-set-speed).
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMakeCommandRaw):
	Add 'j'/'y' and 'J'/'Y' to error out on negative input.
	(qemuMonitorJSONDriveMirror, qemuMonitorJSONBlockCommit)
	(qemuMonitorJSONBlockJob): Use it.

	blockjob: hoist bandwidth scaling out of monitor code
	qemu treats blockjob bandwidth as a 64-bit number, in the units
	of bytes/second.  But we stupidly modeled block job bandwidth
	after migration bandwidth, which in turn was an 'unsigned long'
	and therefore subject to 32-bit vs. 64-bit interpretations, and
	with a scale of MiB/s.  Our code already has to convert between
	the two scales, and report overflow as appropriate; although
	this conversion currently lives in the monitor code.  In fact,
	our conversion code limited things to 63 bits, because we
	checked against LLONG_MAX and reject what would be negative
	bandwidth if treated as signed.
	On the bright side, our use of MiB/s means that even with a
	32-bit unsigned long, we still have no problem representing a
	bandwidth of 2GiB/s, which is starting to be more feasible as
	10-gigabit or even faster interfaces are used.  And once you
	get past the physical speeds of existing interfaces, any larger
	bandwidth number behaves the same - effectively unlimited.
	But on the low side, the granularity of 1MiB/s tuning is rather
	coarse.  So the new virDomainBlockJob API decided to go with
	a direct 64-bit bytes/sec number instead of the scaled number
	that prior blockjob APIs had used.  But there is no point in
	rounding this number to MiB/s just to scale it back to bytes/s
	for handing to qemu.
	In order to make future code sharing possible between the old
	virDomainBlockRebase and the new virDomainBlockCopy, this patch
	moves the scaling and overflow detection into the driver code.
	Several of the block job calls that can set speed are fed
	through a common interface, so it was easier to adjust all block
	jobs at once, for consistency.  This patch is just code motion;
	there should be no user-visible change in behavior.
	* src/qemu/qemu_monitor.h (qemuMonitorBlockJob)
	(qemuMonitorBlockCommit, qemuMonitorDriveMirror): Change
	parameter type and scale.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockJob)
	(qemuMonitorBlockCommit, qemuMonitorDriveMirror): Move scaling
	and overflow detection...
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl)
	(qemuDomainBlockRebase, qemuDomainBlockCommit): ...here.
	(qemuDomainBlockCopy): Use bytes/sec.

	blockjob: split out block info monitor handling
	Another layer of overly-multiplexed code that deserves to be
	split into obviously separate paths for query vs. modify.
	This continues the cleanup started in commit cefe0ba.
	In the process, make some tweaks to simplify the logic when
	parsing the JSON reply.  There should be no user-visible
	semantic changes.
	* src/qemu/qemu_monitor.h (qemuMonitorBlockJob): Drop parameter.
	(qemuMonitorBlockJobInfo): New prototype.
	(BLOCK_JOB_INFO): Drop enum.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockJob)
	(qemuMonitorJSONBlockJobInfo): Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockJob): Split...
	(qemuMonitorBlockJobInfo): ...into second function.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockJob): Move
	block info portions...
	(qemuMonitorJSONGetBlockJobInfo): ...here, and rename...
	(qemuMonitorJSONBlockJobInfo): ...and export.
	(qemuMonitorJSONGetBlockJobInfoOne): Alter return semantics.
	* src/qemu/qemu_driver.c (qemuDomainBlockPivot)
	(qemuDomainBlockJobImpl, qemuDomainGetBlockJobInfo): Adjust
	callers.
	* src/qemu/qemu_migration.c (qemuMigrationDriveMirror)
	(qemuMigrationCancelDriveMirror): Likewise.

2014-09-05  Ján Tomko  <jtomko@redhat.com>

	Don't include non-migratable features in host-model
	Commit fba6bc4 introduced support for the 'invtsc' feature,
	which blocks migration. We should not include it in the
	host-model CPU by default, because it's intended to be used
	with migration.
	https://bugzilla.redhat.com/show_bug.cgi?id=1138221

2014-09-05  Michal Privoznik  <mprivozn@redhat.com>

	tests: Add test cases for previous commit
	This commit is rather big. Firstly, the in memory config
	representation is adjusted like if security_driver was set to "none".
	The rest is then just adaptation to the new code that will generate
	different seclabels.

	conf: Fix even implicit labels
	https://bugzilla.redhat.com/show_bug.cgi?id=1027096#c8
	There are two ways in which security model can make it way into
	<seclabel/>. One is as the @model attribute, the second one is
	via security_driver knob in qemu.conf. Then, while parsing
	<seclabel/> several checks and fix ups of old, stale combinations
	are performed. However, iff @model is specified. They are not
	done in the latter case. So it's still possible to feed libvirt
	with senseless combinations (if qemu.conf is adjusted correctly).
	One example of a seclabel that needs some adjustment (in case
	security_driver=none in qemu.conf) is:
	    <seclabel type='dynamic' relabel='yes'/>
	The fixup code is copied from virSecurityLabelDefParseXML
	(covering the former case) into virSecurityLabelDefsParseXML
	(which handles the latter case).

2014-09-05  Eric Blake  <eblake@redhat.com>

	blockjob: split out block info driver handling
	The qemu implementation for virDomainGetBlockJobInfo() has a
	minor bug: it grabs the qemu job with intent to QEMU_JOB_MODIFY,
	which means it cannot be run in parallel with any other
	domain-modifying command.  Among others, virDomainBlockJobAbort()
	is such a modifying command, and it defaults to being
	synchronous, and can wait as long as several seconds to ensure
	that the job has actually finished.  Due to the job rules, this
	means a user cannot obtain status about the job during that
	timeframe, even though we know that some client management code
	exists which is using a polling loop on status to see when a job
	finishes.
	This bug has been present ever since blockpull support was first
	introduced (commit b976165, v0.9.4 in Jul 2011), all because we
	stupidly tried to cram too much multiplexing through a single
	helper routine, but was made worse in 97c59b9 (v1.2.7) when
	BlockJobAbort was fixed to wait longer.  It's time to disentangle
	some of the mess in qemuDomainBlockJobImpl, and in the process
	relax block job query to use QEMU_JOB_QUERY, since it can safely
	be used in parallel with any long running modify command.
	Technically, there is one case where getting block job info can
	modify domain XML - we do snooping to see if a 2-phase job has
	transitioned into the second phase, for an optimization in the
	case of old qemu that lacked an event for the transition.  I
	claim this optimization is safe (the jobs are all about modifying
	qemu state, not necessarily xml state); but if it proves to be
	a problem, we could use the difference between the capabilities
	QEMU_CAPS_BLOCKJOB_{ASYNC,SYNC} to determine whether we even
	need snooping, and only request a modifying job in the case of
	older qemu.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Move info
	handling...
	(qemuDomainGetBlockJobInfo): ...here, and relax job type.
	(qemuDomainBlockJobAbort, qemuDomainBlockJobSetSpeed)
	(qemuDomainBlockRebase, qemuDomainBlockPull): Adjust callers.

	blockjob: shuffle block rebase code
	The existing virDomainBlockRebase code rejected the combination of
	_RELATIVE and _COPY flags, but only by accident.  It makes sense
	to add support for the combination someday, at least for the case
	of _SHALLOW and not _REUSE_EXT; but to implement it, libvirt would
	have to pre-create the file with a relative backing name, and I'm
	not ready to code that in yet.
	Meanwhile, the code to forward on to the block copy code is getting
	longer, and reorganizing the function to have the block pull done
	early makes it easier to add even more block copy prep code.
	This patch should have no semantic difference other than the quality
	of the error message on the unsupported flag combination.  Pre-patch:
	error: unsupported flags (0x10) in function qemuDomainBlockCopy
	Post-patch:
	error: argument unsupported: Relative backing during copy not supported yet
	* src/qemu/qemu_driver.c (qemuDomainBlockRebase): Reorder code,
	and improve error message of relative copy.

	maint: tighten curly brace syntax checking
	Now that hanging brace offenders have been fixed, we can automate
	the check, and document our style.  Done as a separate commit from
	code changes, to make it easier to just backport code changes, if
	that is ever needed.
	* cfg.mk (sc_curly_braces_style): Catch hanging braces.
	* docs/hacking.html.in: Document it.
	* HACKING: Regenerate.

	maint: use hanging curly braces
	Our style overwhelmingly uses hanging braces (the open brace
	hangs at the end of the compound condition, rather than on
	its own line), with the primary exception of the top level function
	body.  Fix the few remaining outliers, before adding a syntax
	check in a later patch.
	* src/interface/interface_backend_netcf.c (netcfStateReload)
	(netcfInterfaceClose, netcf_to_vir_err): Correct use of { in
	compound statement.
	* src/conf/domain_conf.c (virDomainHostdevDefFormatSubsys)
	(virDomainHostdevDefFormatCaps): Likewise.
	* src/network/bridge_driver.c (networkAllocateActualDevice):
	Likewise.
	* src/util/virfile.c (virBuildPathInternal): Likewise.
	* src/util/virnetdev.c (virNetDevGetVirtualFunctions): Likewise.
	* src/util/virnetdevmacvlan.c
	(virNetDevMacVLanVPortProfileCallback): Likewise.
	* src/util/virtypedparam.c (virTypedParameterAssign): Likewise.
	* src/util/virutil.c (virGetWin32DirectoryRoot)
	(virFileWaitForDevices): Likewise.
	* src/vbox/vbox_common.c (vboxDumpNetwork): Likewise.
	* tests/seclabeltest.c (main): Likewise.

	maint: enforce previous if-else {} cleanups
	Done as a separate commit in case earlier cleanups are backported
	independently.
	* cfg.mk (sc_require_space_before_label): New rule.

	maint: use consistent if-else braces in remaining spots
	I'm about to add a syntax check that enforces our documented
	HACKING style of always using matching {} on if-else statements.
	This patch focuses on all remaining problems, where there weren't
	enough issues to warrant splitting it further.
	* src/remote/remote_driver.c (doRemoteOpen): Correct use of {}.
	* src/security/virt-aa-helper.c (vah_add_path, valid_path, main):
	Likewise.
	* src/rpc/virnetsocket.c (virNetSocketNewConnectLibSSH2):
	Likewise.
	* src/esx/esx_vi_types.c (esxVI_Type_FromString): Likewise.
	* src/uml/uml_driver.c (umlDomainDetachDevice): Likewise.
	* src/util/viralloc.c (virShrinkN): Likewise.
	* src/util/virbuffer.c (virBufferURIEncodeString): Likewise.
	* src/util/virdbus.c (virDBusCall): Likewise.
	* src/util/virnetdev.c (virNetDevValidateConfig): Likewise.
	* src/util/virnetdevvportprofile.c
	(virNetDevVPortProfileGetNthParent): Likewise.
	* src/util/virpci.c (virPCIDeviceIterDevices)
	(virPCIDeviceWaitForCleanup)
	(virPCIDeviceIsBehindSwitchLackingACS): Likewise.
	* src/util/virsocketaddr.c (virSocketAddrGetNumNetmaskBits):
	Likewise.
	* src/util/viruri.c (virURIParseParams): Likewise.
	* daemon/stream.c (daemonStreamHandleAbort): Likewise.
	* tests/testutils.c (virtTestResult): Likewise.
	* tests/cputest.c (cpuTestBaseline): Likewise.
	* tools/virsh-domain.c (cmdDomPMSuspend): Likewise.
	* tools/virsh-host.c (cmdNodeSuspend): Likewise.
	* src/esx/esx_vi_generator.py (Type.generate_typefromstring):
	Tweak generated code.

2014-09-04  Eric Blake  <eblake@redhat.com>

	maint: use consistent if-else braces in lxc, vbox, phyp
	I'm about to add a syntax check that enforces our documented
	HACKING style of always using matching {} on if-else statements.
	This patch focuses on drivers that had several issues.
	* src/lxc/lxc_fuse.c (lxcProcGetattr, lxcProcReadMeminfo): Correct
	use of {}.
	* src/lxc/lxc_driver.c (lxcDomainMergeBlkioDevice): Likewise.
	* src/phyp/phyp_driver.c (phypConnectNumOfDomainsGeneric)
	(phypUUIDTable_Init, openSSHSession, phypStoragePoolListVolumes)
	(phypConnectListStoragePools, phypDomainSetVcpusFlags)
	(phypStorageVolGetXMLDesc, phypStoragePoolGetXMLDesc)
	(phypConnectListDefinedDomains): Likewise.
	* src/vbox/vbox_common.c (vboxAttachSound, vboxDumpDisplay)
	(vboxDomainRevertToSnapshot, vboxDomainSnapshotDelete): Likewise.
	* src/vbox/vbox_tmpl.c (vboxStorageVolGetXMLDesc): Likewise.

	maint: use consistent if-else braces in xen and friends
	I'm about to add a syntax check that enforces our documented
	HACKING style of always using matching {} on if-else statements.
	This patch focuses on code related to xen.
	* src/libxl/libxl_conf.c (libxlCapsInitGuests)
	(libxlMakeDomBuildInfo): Correct use of {}.
	* src/xen/xen_hypervisor.c (virXen_getvcpusinfo)
	(xenHypervisorMakeCapabilitiesInternal): Likewise.
	* src/xen/xend_internal.c (xenDaemonOpen)
	(xenDaemonDomainMigratePerform, xend_detect_config_version)
	(xenDaemonDetachDeviceFlags, xenDaemonDomainMigratePerform)
	(xenDaemonDomainBlockPeek): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiConnectListDomains)
	(xenapiDomainLookupByUUID, xenapiDomainGetOSType): Likewise.
	* src/xenconfig/xen_common.c (xenParseCPUFeatures, xenFormatNet):
	Likewise.
	* src/xenconfig/xen_sxpr.c (xenParseSxpr, xenFormatSxprNet)
	(xenFormatSxpr): Likewise.

	maint: use consistent if-else braces in qemu
	I'm about to add a syntax check that enforces our documented
	HACKING style of always using matching {} on if-else statements.
	This commit focuses on the qemu driver.
	* src/qemu/qemu_command.c (qemuParseISCSIString)
	(qemuParseCommandLineDisk, qemuParseCommandLine)
	(qemuBuildSmpArgStr, qemuBuildCommandLine)
	(qemuParseCommandLineDisk, qemuParseCommandLineSmp): Correct use
	of {}.
	* src/qemu/qemu_capabilities.c (virQEMUCapsProbeCPUModels):
	Likewise.
	* src/qemu/qemu_driver.c (qemuDomainCoreDumpWithFormat)
	(qemuDomainRestoreFlags, qemuDomainGetInfo)
	(qemuDomainMergeBlkioDevice): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextCreateSnapshot)
	(qemuMonitorTextLoadSnapshot, qemuMonitorTextDeleteSnapshot):
	Likewise.
	* src/qemu/qemu_process.c (qemuProcessStop): Likewise.

	maint: use consistent if-else braces in conf and friends
	I'm about to add a syntax check that enforces our documented
	HACKING style of always using matching {} on if-else statements.
	This patch focuses on code shared between multiple drivers.
	* src/conf/domain_conf.c (virDomainFSDefParseXML)
	(virSysinfoParseXML, virDomainNetDefParseXML)
	(virDomainWatchdogDefParseXML)
	(virDomainRedirFilterUSBDevDefParseXML): Correct use of {}.
	* src/conf/interface_conf.c (virInterfaceDefParseDhcp)
	(virInterfaceDefParseIp, virInterfaceVlanDefFormat)
	(virInterfaceDefParseStartMode, virInterfaceDefParseBondMode)
	(virInterfaceDefParseBondMiiCarrier)
	(virInterfaceDefParseBondArpValid): Likewise.
	* src/conf/node_device_conf.c (virNodeDevCapStorageParseXML):
	Likewise.
	* src/conf/nwfilter_conf.c (virNWFilterRuleDetailsParse)
	(virNWFilterRuleParse, virNWFilterDefParseXML): Likewise.
	* src/conf/secret_conf.c (secretXMLParseNode): Likewise.
	* src/cpu/cpu_x86.c (x86Baseline, x86FeatureLoad, x86ModelLoad):
	Likewise.
	* src/network/bridge_driver.c (networkKillDaemon)
	(networkDnsmasqConfContents): Likewise.
	* src/node_device/node_device_hal.c (dev_refresh): Likewise.
	* src/nwfilter/nwfilter_gentech_driver.c (virNWFilterInstantiate):
	Likewise.
	* src/nwfilter/nwfilter_ebiptables_driver.c
	(_iptablesCreateRuleInstance): Likewise.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskBuildPool): Likewise.

2014-09-04  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: add HOME environment variable
	We lacked of HOME environment variable,
	set 'HOME=/' as default.
	The kernel sets up $HOME for the init process.
	Therefore any init can assume that $HOME is set.
	libvirt currently violates that implicit rule.

2014-09-04  Felix Geyer  <debfx@fobos.de>

	apparmor: allow reading cap_last_cap
	libcap-ng >= 0.7.4 fails when it can't read /sys/kernel/cap_last_cap
	and thus running a qemu guest fails.
	Allow reading cap_last_cap in the libvirt-qemu apparmor abstraction.

2014-09-04  Giuseppe Scrivano  <gscrivan@redhat.com>

	tests: force FIPS testing mode with new enough GNU TLS versions

	security: fix DH key generation when FIPS mode is on
	When FIPS mode is on, gnutls_dh_params_generate2 will fail if 1024 is
	specified as the prime's number of bits, a bigger value works in both
	cases.

2014-09-04  Wang Rui  <moon.wangrui@huawei.com>

	lxc_container: Resolve Coverity RESOURCE_LEAK
	Memory is allocated for 'mnt_src' by VIR_STRDUP in the loop. Next
	loop it will be allocated again. So we need to free 'mnt_src'
	before continue the loop.

	vircgroup: Resolve Coverity RESOURCE_LEAK
	Need to free 'root' and 'opts' before 'return -1' if symlink fails.

	qemu_process: Resolve Coverity RESOURCE_LEAK
	If virSecurityManagerClearSocketLabel() fails, 'agent' won't
	be freed before jumping to cleanup.

	remote: Resolve Coverity RESOURCE_LEAK
	Need to free 'uri_out' on error path.

	test_conf: Resolve Coverity RESOURCE_LEAK
	If the condition 'ret < 0' is true, the code will jump to
	'cleanup' and 'conf' won't be freed.

	tests: Resolve Coverity RESOURCE_LEAK in commandhelper
	Coverity determined that 'log' and 'newenv' were not freed in
	some cases. Free them in 'error' branch and normal branch.

2014-09-03  Eric Blake  <eblake@redhat.com>

	command: test umask support
	Add testsuite coverage for the recent commit 0e1a1a8.
	* tests/commandhelper.c (main): Output umask.
	* tests/commandtest.c (test15): Also test umask.
	(mymain): Add test.
	* tests/commanddata/*.log: Update expected output.

2014-09-03  Martin Kletzander  <mkletzan@redhat.com>

	util: don't shadow global umask declaration
	Commit 0e1a1a8c introduced umask for virCommand, but the variables
	used emit a warning on older compilers about shadowed global
	declaration.

2014-09-03  Jiri Denemark  <jdenemar@redhat.com>

	sanlock: Avoid freeing uninitialized value
	https://bugzilla.redhat.com/show_bug.cgi?id=1136788

2014-09-03  Chunyan Liu  <cyliu@suse.com>

	qemu: ensure sane umask for qemu process
	Add umask to _virCommand, allow user to set umask to command.
	Set umask(002) to qemu process to overwrite the default umask
	of 022 set by many distros, so that unix sockets created for
	virtio-serial has expected permissions.
	Fix problem reported here:
	https://sourceware.org/bugzilla/show_bug.cgi?id=13078#c11
	https://bugzilla.novell.com/show_bug.cgi?id=888166
	To use virtio-serial device, unix socket created for chardev with
	default umask(022) has insufficient permissions.
	e.g.:
	-device virtio-serial \
	-chardev socket,path=/tmp/foo,server,nowait,id=foo \
	-device virtserialport,chardev=foo,name=org.fedoraproject.port.0
	srwxr-xr-x 1 qemu qemu 0 21. Jul 14:19 /tmp/somefile.sock
	Other users in the same group (like real user, test engines, etc)
	cannot write to this socket.

2014-09-03  Jiri Denemark  <jdenemar@redhat.com>

	spec: Fix preun script for daemon
	%systemd_preun macro cannot be split into several lines.
	https://bugzilla.redhat.com/show_bug.cgi?id=1136736

2014-09-02  Peter Krempa  <pkrempa@redhat.com>

	remote: Fix memory leak on error path when deserializing bulk stats
	The 'elem' variable along with the domain object would be leaked when
	taking the error path.
	Found by coverity.

2014-09-02  Matthew Rosato  <mjrosato@linux.vnet.ibm.com>

	util: Introduce flags field for macvtap creation
	Currently, there is one flag passed in during macvtap creation
	(withTap) -- Let's convert this field to an unsigned int flag
	field for future expansion.

2014-09-02  Ján Tomko  <jtomko@redhat.com>

	Free ifname in testDomainGenerateIfnames
	https://bugzilla.redhat.com/show_bug.cgi?id=1135388

2014-09-02  Michal Privoznik  <mprivozn@redhat.com>

	Post-release version bump for new dev cycle

2014-09-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.8
	* docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: new localizations and regenerate pos

2014-09-01  Eric Blake  <eblake@redhat.com>

	blockcopy: allow larger buf-size
	While qemu definitely caps granularity to 64 MiB, it places no
	limits on buf-size.  On a machine beefy enough for lots of
	memory, a buf-size larger than 2 GiB is feasible, so we should
	pass a 64-bit parameter.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_BLOCK_COPY_BUF_SIZE):
	Allow 64 bits.

2014-09-01  Martin Kletzander  <mkletzan@redhat.com>

	selinux: properly label tap FDs with imagelabel
	The cleanup in commit cf976d9d used secdef->label to label the tap
	FDs, but that is not possible since it's process-only label (svirt_t)
	and not a object label (e.g. svirt_image_t).  Starting a domain failed
	with EPERM, but simply using secdef->imagelabel instead of
	secdef->label fixes it.

2014-09-01  Christophe Fergeau  <cfergeau@redhat.com>

	Fix connection to already running session libvirtd
	Since 1b807f92, connecting with virsh to an already running session
	libvirtd fails with:
	$ virsh list --all
	error: failed to connect to the hypervisor
	error: no valid connection
	error: Failed to connect socket to
	'/run/user/1000/libvirt/libvirt-sock': Transport endpoint is already
	connected
	This is caused by a logic error in virNetSocketNewConnectUnix: even if
	the connection to the daemon socket succeeded, we still try to spawn the
	daemon and then connect to it.
	This commit changes the logic to not try to spawn libvirtd if we
	successfully connected to its socket.
	Most of this commit is whitespace changes, use of -w is recommended to
	look at it.

2014-08-30  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	storage: zfs: fix double listing of new volumes
	Currently, after calling commands to create a new volumes,
	virStorageBackendZFSCreateVol calls virStorageBackendZFSFindVols that
	calls virStorageBackendZFSParseVol.
	virStorageBackendZFSParseVol checks if a volume already exists by
	trying to get it using virStorageVolDefFindByName.
	For a just created volume it returns NULL, so volume is reported as
	new and appended to pool->volumes. This causes a volume to be listed
	twice as storageVolCreateXML appends this new volume to the list as
	well.
	Fix that by passing a new volume definition to
	virStorageBackendZFSParseVol so it could determine if it needs to add
	this volume to the list.

2014-08-29  John Ferlan  <jferlan@redhat.com>

	qemu_driver: Resolve Coverity FORWARD_NULL
	In qemuDomainSnapshotCreateDiskActive() if we jumped to cleanup from a
	failed actions = virJSONValueNewArray(), then 'cfg' would be NULL.
	So just return -1, which in turn removes the need for cleanup:

	virnetserverservice: Resolve Coverity ARRAY_VS_SINGLETON
	Coverity complained about the following:
	(3) Event ptr_arith:
	   Performing pointer arithmetic on "cur_fd" in expression "cur_fd++".
	130             return virNetServerServiceNewFD(*cur_fd++,
	The complaint is that pointer arithmetic taking place instead of the
	expected auto increment of the variable...  Adding some well placed
	parentheses ensures our order of operation.

	qemu: Allow use of iothreads for disk definitions
	For virtio-blk-pci disks with the disk iothread attribute that are
	running the correct emulator, add the "iothread=iothread#" to the
	-device command line in order to enable iothreads for the disk as
	long as the command is available, the disk iothread value provided is
	valid, and is supported for the disk device being added

	domain_conf: Add support for iothreads in disk definition
	Add a new disk "driver" attribute "iothread" to be parsed as the thread
	number for the disk to use. In order to more easily facilitate the usage
	and configuration of the iothread, a "zero" for the attribute indicates
	iothreads are not supported for the device and a positive value indicates
	the specific thread to try and use.

	qemu: Add support for iothreads
	Add a new capability to ensure the iothreads feature exists for the qemu
	emulator being run - requires the "query-iothreads" QMP command. Using the
	domain XML add correspoding command argument in order to generate the
	threads. The iothreads will use a name space "iothread#" where, the
	future patch to add support for using an iothread to a disk definition to
	merely define which of the available threads to use.
	Add tests to ensure the xml/argv processing is correct.  Note that no
	change was made to qemuargv2xmltest.c as processing the -object element
	would require knowing more than just iothreads.

	domain_conf: Introduce iothreads XML
	Introduce XML to allowing adding iothreads to the domain. These can be
	used by virtio-blk-pci devices in order to assign a specific thread to
	handle the workload for the device.  The iothreads are the official
	implementation of the virtio-blk Data Plane that's been in tech preview
	for QEMU.

	libxl_migration: Resolve Coverity NULL_RETURNS
	Coverity noted that all callers to libxlDomainEventQueue() could ensure
	the second parameter (event) was true before calling except this case.
	As I look at the code and how events are used - it seems that prior to
	generating an event for the dom == NULL condition, the resume/suspend
	event should be queue'd after the virDomainSaveStatus() call which will
	goto cleanup and queue the saved event anyway.

2014-08-28  Peter Krempa  <pkrempa@redhat.com>

	qemu: Implement bulk stats API and one of the stats groups to return
	Implement the API function for virDomainListGetStats and
	virConnectGetAllDomainStats in a modular way and implement the
	VIR_DOMAIN_STATS_STATE group of statistics.
	Although it may look like the function looks universal I'd rather not
	expose it to other drivers as the coming stats groups are likely to do
	qemu specific stuff to obtain the stats.

2014-08-28  John Ferlan  <jferlan@redhat.com>

	qemu_command: Resolve Coverity DEADCODE
	One useless warning, but the other one rather pertinent. On entry
	the 'trans' variable is initialized to VIR_DOMAIN_DISK_TRANS_DEFAULT.
	When the "trans" was found in the parsing loop it def->geometry.trans
	was assigned to the return from virDomainDiskGeometryTransTypeFromString
	and then 'trans' was used to do the comparison to see if it was valid.
	So remove 'trans' and use def->geometry.trans properly

	qemu_driver: Resolve Coverity DEADCODE
	A bunch of false positives brought on by our own doings

	domain_conf: Resolve Coverity DEADCODE
	A bunch of a useless warnings brought on by our own doing.

	qemu_monitor: Resolve Coverity NESTING_INDENT_MISMATCH
	The PROBE macro can expand to more than one line/statement - put curly
	braces around the if statement to be safe

	storage_conf: Resolve Coverity RESOURCE_LEAK
	If there was a failure processing 'authdef' and the code went to cleanup
	before the setting to source->auth, then it'd be leaked.

	qemu_driver: Resolve Coverity RESOURCE_LEAK
	Coverity found that the 'buf' wasn't VIR_FREE'd at exit.

	phyp_driver: Resolve Coverity RESOURCE_LEAK
	Coverity determines that when jumping to the connected: label, the
	addressinfo (ai) is not free'd.

	libxl_migration: Resolve Coverity RESOURCE_LEAK
	In libxlDomainMigrationPrepare() if the uri_in is false, then
	'hostname' is allocated and used "generically" in the routine,
	but not freed.  Conversely, if uri_in is true, then a uri is
	allocated and hostname is set to the uri->hostname value and
	likewise generically used.
	At function exit, hostname wasn't free'd in the !uri_in path,
	so that was added.  To just make it clearer on usage the else
	path became the call to virURIFree() although I suppose technically
	it didn't have to since it would be a call using (NULL)

	bridge_driver: Resolve Coverity RESOURCE_LEAK
	In the error path the 'ipaddr' wasn't VIR_FREE'd before jumping to cleanup

	virsh-network: Resolve Coverity RESOURCE_LEAK
	Need to free 'xmlFromFile' on/for the error path when current was
	returning false only

	network_conf: Resolve Coverity RESOURCE_LEAK
	Need to VIR_FREE the startip/endip we allocated for the error message

	qemu_capabilities: Resolve Coverity RESOURCE_LEAK
	Coverity determined that on error path that 'mach' wouldn't be free'd
	Since virCapabilitiesFreeGuestMachine() isn't globally available, we'll
	insert first and then if the VIR_STRDUP's fail they it will eventually
	cause the 'mach' to be freed in the error path

	libxl_domain: Resolve Coverity RESOURCE_LEAK
	On the error path need to free the chrdef

	qemu_agent: Resolve Coverity RESOURCE_LEAK
	Coverity found that on error paths, the 'arg' value wasn't be cleaned
	up. Followed the example in qemuAgentSetVCPUs() where upon successful call
	to qemuAgentCommand() the 'cpus' is set to NULL; otherwise, when cleanup
	occurs the free the memory for 'arg'

	qemu_command: Resolve Coverity RESOURCE_LEAK
	In qemuParseISCSIString() if an error was returned, then the call
	to qemuParseDriveURIString() where the uri is free'd wouldn't be run

	cpu_x86: Resolve Coverity RESOURCE_LEAK
	Coverity determined that the copied 'oldguest' would be leaked for
	both error and success paths.

	domain_conf: Resolve Coverity RESOURCE_LEAK
	Resolve a few RESOURCE_LEAK's identified by Coverity

	daemon: Resolve Coverity NEGATIVE_RETURNS
	In each of these cases, Coverity complains that the result count returned
	on error paths would be -1 disregarding that the count and the corresponding
	are "linked" together (it doesn't know that).  Simple enough to check and
	remove the warning

2014-08-28  Peter Krempa  <pkrempa@redhat.com>

	virsh: Implement command to excercise the bulk stats APIs
	Add "domstats" command that excercises both of the new APIs depending if
	you specify a domain list or not. The output is printed as a key=value
	list of the returned parameters.

2014-08-28  Wang Rui  <moon.wangrui@huawei.com>

	qemu_capabilities: Resolve Coverity RESOURCE_LEAK
	In function virQEMUCapsParseMachineTypesStr, VIR_STRNDUP allocates
	memory for 'name' in {do,while} loop. If 'name' isn't freed before
	'continue', its memory will be allocated again in the next loop.
	In this case the memory allocated for 'name' in privious loop is
	useless and not freed. Free it before continue this loop to fix that.

	tests: Resolve Coverity RESOURCE_LEAK
	The 'lib' handle will be leaked if 'dlsym' condition fails.
	So close the handle before return.

	util: Resolve Coverity RESOURCE_LEAK
	Coverity determined that 'conflict' would be leaked.

2014-08-28  Peter Krempa  <pkrempa@redhat.com>

	remote: Implement bulk domain stats APIs in the remote driver
	Implement the remote driver support for shuffling the domain stats
	around.

	lib: Add few flags for the bulk stats APIs
	Add domain list filtering functions and a flag to enforce checking
	whether the remote daemon supports the requested stats groups.

	conf: Add helper to free domain list
	Add helper to free a list of virDomainPtrs without raising or clearing
	errors. Use it in one place and prepare it for reuse.

2014-08-28  Erik Skultety  <eskultet@redhat.com>

	virsh: fix keepalive error msg
	resolves https://bugzilla.redhat.com/show_bug.cgi?id=1132305:
	The error message for an out-of-range argument was confusing:
	virsh -k 9999999999
	error: option --k requires a positive numeric argument
	After this patch, it is:
	error: Invalid value for option -k

2014-08-28  John Ferlan  <jferlan@redhat.com>

	qemu_capabilities: Resolve Coverity NULL_RETURNS
	Adjust the initialization of qemuCaps() to check for a NULL before
	attempting to dereference like other callers/users do.

	qemu_driver: Resolve Coverity CONSTANT_EXPRESSION_RESULT
	The call to virDomainSnapshotRedefinePrep() had a spurrious ! in front of
	it which caused Coverity to complan that the expression is always false.

	domain_conf: Resolve Coverity REVERSE_INULL
	Coverity complains that checking for domain->def being non NULL in the
	if (live) path of virDomainObjAssignDef() would be unnecessary or a
	NULL deref since the call to virDomainObjIsActive() would already
	dereference domain->def when checking if the def->id field was != -1.
	Checked all callers to virDomainObjAssignDef() and each at some point
	dereferences (vm)->def->{field} prior to calling when live is true.

	qemu_command: Resolve Coverity REVERSE_INULL
	In qemuNetworkIfaceConnect() a call to virNetDevBandwidthSet() is
	made where the function prototype requires the first parameter
	(net->ifname) to be non NULL.  Coverity complains that the subsequent
	non NULL check for net->ifname prior to the next call gets flagged as
	an unnecessary check.  Resolve by removing the extra check

	domain_conf: Resolve Coverity REVERSE_INULL
	In virDomainActualNetDefFormat() a call to virDomainNetGetActualType(def)
	was made before a check for (!def) a few lines later. This triggered
	Coverity to note the possible NULL deref.  Just moving the initialization
	to after the !def checks resolves the issue

	storage_driver: Resolve Coverity REVERSE_INULL
	There were two occurrances of attempting to initialize actualType by
	calling virStorageSourceGetActualType(src) prior to a check if (!src)
	resulting in Coverity complaining about the possible NULL dereference
	in virStorageSourceGetActualType() of src.
	Resolve by moving the actualType setting until after checking !src

	xen_xm: Resolve Coverity USE_AFTER_FREE
	If virDomainDiskDefFree(disk) is called in 'skipdisk:', then it's possible
	to either return to skipdisk without reallocating a new disk (via the if
	condition just prior) or to end the loop having deleted the disk. Since
	virDomainDiskDefFree() does not pass by reference, disk isn't changed in
	this context, thus the possible issue.

	xen_common: Resolve Coverity USE_AFTER_FREE
	There were two warnings in this module
	  If the VIR_ALLOC_N(def->serials, 1) fails, then a virDomainChrDefFree(chr)
	  is called and we jump to cleanup which makes the same call. Just remove
	  the one after VIR_ALLOC_N()
	  In the label "skipnic:" a virDomainNetDefFree(net) is made; however, if
	  in going back to the top of the loop we jump back down to skipnic for any
	  reason, the call will attempt to free an already freed structure since
	  "net" was not passed by reference to virDomainNetDefFree().  Just set
	  net = NULL in skipnic: to resolve the issue.

	parallels: Resolve Coverity USE_AFTER_FREE
	Coverity complains that calling virNetworkDefFree(def), then jumping
	to the cleanup: label which calls virNetworkDefFree(def) could result
	in a double_free.  Just remove the call from the if statement.

2014-08-27  Martin Kletzander  <mkletzan@redhat.com>

	conf: fix leak with def->mem.hugepages

2014-08-27  Michal Privoznik  <mprivozn@redhat.com>

	vbox: Register per partes
	Since times when vbox moved to the daemon (due to some licensing
	issue) the subdrivers that vbox implements were registered, but not
	opened since our generic subdrivers took priority. I've tried to fix
	this in 65b7d553f39ff9 but it was not correct. Apparently moving
	vbox driver registration upfront changes the default connection URI
	which makes some users sad. So, this commit breaks vbox into pieces
	and register vbox's network and storage drivers first, and vbox driver
	then at the end. This way, the vbox driver is registered in the order
	it always was, but its subdrivers are registered prior the generic
	ones.

	virDriverLoadModule: Honor libvirt func name tranlsation
	There's this unwritten rule in libvirt that vir_function is translated
	into virFunction when needed (e.g. in remote protocol definition,
	python, ...). Up till now we ignored such translation in driver module
	loading and did fine. Well, we didn't have any module with an
	underscore in its name. But this will change in next commit. The
	problem is, once an a module is dlopen()-ed, we derive register
	function name from its name. So instead of "driver_subdriverRegister"
	do some magic to turn that into "driverSubdriverRegister".

	virdrivermoduletest: Test all the modules
	Even though we kept adding new and new modules (e.g. vbox or bhyve)
	the test wasn't updated. Do that now. Moreover, while it's not
	crucial, it's nice to reorder test cases to match the order in which
	the daemon loads the modules.

2014-08-27  Eric Blake  <eblake@redhat.com>

	domain_conf: fix internal flag verification
	While working on virDomainBlockCopy, I noticed we had a verify()
	concerning internal XML flags that was incomplete after several
	recent flag additions; move that up higher in the code to make it
	harder to forget to modify on the next flag addition.  Adjust
	some formatting while at it.
	* src/conf/domain_conf.c (verify): Move closer to internal flag
	definitions.  Cover missing flags ALLOW_ROM and ALLOW_BOOT.

	virsh: drop unused variable
	While prepping for virDomainBlockJob patches, I found some dead code.
	* tools/virsh-domain.c (blockJobImpl): Kill unused 'name'.

2014-08-27  Jincheng Miao  <jmiao@redhat.com>

	qemu: call endjob in RevertToSnapshot
	In qemuDomainRevertToSnapshot(), it will check snap->def->state.
	But when the state is PMSUSPENDED/NOSTATE/BLOCKED, it forgets to
	call qemuDomainObjEndJob.
	https://bugzilla.redhat.com/show_bug.cgi?id=1134154
	Bug introduced in commit 1e833899.

2014-08-27  Eric Blake  <eblake@redhat.com>

	API: Tweak virDomainOpenGraphics to return fd directly
	Let's fix this before we bake in a painful API.  Since we know
	that we have exactly one non-negative fd on success, we might
	as well return the fd directly instead of forcing the user to
	pass in a pointer.  Furthermore, I found some memory and fd
	leaks while reviewing the code - the idea is that on success,
	libvirtd will have handed two fds in two different directions:
	one to qemu, and one to the RPC client.
	* include/libvirt/libvirt.h.in (virDomainOpenGraphicsFD): Drop
	unneeded parameter.
	* src/driver.h (virDrvDomainOpenGraphicsFD): Likewise.
	* src/libvirt.c (virDomainOpenGraphicsFD): Adjust interface to
	return fd directly.
	* daemon/remote.c (remoteDispatchDomainOpenGraphicsFd): Adjust
	semantics.
	* src/qemu/qemu_driver.c (qemuDomainOpenGraphicsFD): Likewise,
	and plug fd leak.
	* src/remote/remote_driver.c (remoteDomainOpenGraphicsFD):
	Likewise, and plug memory and fd leak.

	blockcopy: virDomainBlockCopy with XML destination, typed params
	This commit (finally) adds the virDomainBlockCopy API, with the
	intent that it will provide more power to the existing 'virsh
	blockcopy' command.
	'virsh blockcopy' was first added in Apr 2012 (v0.9.12), which
	corresponds to the upstream qemu 1.2 timeframe.  It was done as
	a hack on top of the existing virDomainBlockRebase() API call,
	for two reasons: 1) it was targetting a feature that landed first
	in downstream RHEL qemu, but had not stabilized in upstream qemu
	at the time (and indeed, 'drive-mirror' only landed upstream in
	qemu 1.3 with slight differences to the first RHEL attempt,
	and later gained further parameters like granularity and buf-size
	that are also worth exposing), and 2) extending an existing API
	allowed it to be backported without worrying about bumping .so
	versions.  A virDomainBlockCopy() API was proposed at that time
	[1], but we decided not to accept it into libvirt until after
	upstream qemu stabilized, and it ended up getting scrapped.
	Whether or not RHEL should have attempted adding a new feature
	without getting it upstream first is a debate that can be held
	another day; but enough time has now elapsed that we are ready to
	do the interface cleanly.
	[1] https://www.redhat.com/archives/libvir-list/2012-April/msg00768.html
	Delaying the creation of a clean API until now has also had a
	benefit: we've only recently learned of a few shortcomings in the
	original design: 1) it is unable to target a network destination
	(such as a gluster volume) because it hard-coded the assumption
	that the destination is a local file name.  Because of all the
	refactoring we've done to add virStorageSourcePtr, we are in a
	better position to declare an API that parses XML describing a
	host storage source as the copy destination, which was not
	possible had we implemented virDomainBlockCopy as it had been
	originally envisioned (although a network target will have to wait
	until a later libvirt release compared to the API addition to
	actually be implemented).  2) the design of using MiB/sec as the
	bandwidth throttle is rather coarse; qemu is actually tuned to
	bytes/second, and libvirt is preventing access to that level of
	detail.  A later patch will add flags to existing block job API
	that can request bytes/second instead of back-compat MiB/s, but as
	this is a new API, we can get it right to begin with.
	At least I had the foresight to create 'virsh blockcopy' as a
	separate command at the UI level (commit 1f06c00) rather than
	leaking the underlying API overload of virDomainBlockRebase onto
	shell users.
	A further note on the bandwidth option: virTypedParameters
	intentionally lacks unsigned long (since variable-width
	interaction between mixed 32- vs. 64-bit client/server setups is
	nasty), but we have to deal with the fact that we are interacting
	with existing older code that mistakenly chose unsigned long
	bandwidth at a point before we decided to prohibit it in all new
	API.  The typed parameter is therefore unsigned long long, but
	the implementation (in a later patch) will have to do overflow
	detection on 32-bit platforms, as well as capping the value to
	match the LLONG_MAX>>20 cap of the existing MiB/s interfaces.
	* include/libvirt/libvirt.h.in (virDomainBlockCopy): New API.
	(virDomainBlockJobType, virConnectDomainEventBlockJobStatus):
	Update related documentation.
	* src/libvirt.c (virDomainBlockCopy): Implement it.
	* src/libvirt_public.syms (LIBVIRT_1.2.8): Export it.
	* src/driver.h (_virDriver): New driver callback.

2014-08-27  Peter Krempa  <pkrempa@redhat.com>

	virsh: domain: Split out code to lookup domain from string
	Split out guts of the function to reuse it to get domain objects from
	string.

	lib: Introduce API for retrieving bulk domain stats
	The motivation for this API is that management layers that use libvirt
	usually poll for statistics using various split up APIs we currently
	provide. To get all the necessary stuff, the app needs to issue a lot of
	calls and aggregate the results.
	The APIs I'm introducing here:
	1) Returns data in a format that we can expand in the future and is
	(pseudo) hierarchical. The data is returned as typed parameters where
	the fields are constructed as dot-separated strings containing names and
	other stuff in a list of typed params.
	2) Stats for multiple (all) domains can be queried at once and are
	returned in one call. This will decrease the overhead necessary to issue
	multiple calls per domain multiplied by the count of domains.
	3) Selectable (bit mask) fields in the returned format. This will allow
	to retrieve only specific stats according to the app's need.
	The stats groups will be enabled using a bit field @stats passed as the
	function argument. A few sample stats groups that this API will support:
	VIR_DOMAIN_STATS_STATE
	VIR_DOMAIN_STATS_CPU
	VIR_DOMAIN_STATS_BLOCK
	VIR_DOMAIN_STATS_INTERFACE
	(Note that this is only an example, the initial implementation supports
	 only VIR_DOMAIN_STATS_STATE while others will be added later.)
	the returned typed params will use the following scheme
	state.state = VIR_DOMAIN_RUNNING
	state.reason = VIR_DOMAIN_RUNNING_BOOTED (the actual values according to
	                                          the enum)
	cpu.count = 8
	cpu.0.state = running
	cpu.0.time = 1234

2014-08-27  Ján Tomko  <jtomko@redhat.com>

	Wire up virDomainOpenGraphicsFD in QEMU driver
	Should fix https://bugzilla.redhat.com/show_bug.cgi?id=999926

	Add RPC implementation for virDomainOpenGraphicsFd

	Introduce virDomainOpenGraphicsFD API
	Define the public API implementation and declare internal
	driver prototype.

2014-08-26  Erik Skultety  <eskultet@redhat.com>

	blkdeviotune: check for overflow when parsing XML
	According to docs/schemas/domaincommon.rng and _virDomainBlockIoTuneInfo
	all the iotune values are interpreted as unsigned long long, however
	according to qemu_monitor_json.c, qemu silently truncates numbers
	larger than LLONG_MAX. There's really not much of a usage for such
	large numbers anyway yet. This patch provides the same overflow
	check during a domain start as it does during setting
	a blkdeviotune element in qemu_driver.c and thus reports an error when
	a larger number than LLONG_MAX is detected.
	https://bugzilla.redhat.com/show_bug.cgi?id=1131876

2014-08-26  Ján Tomko  <jtomko@redhat.com>

	virsh: Initialize vshData in cmdMigrate
	If the virConnect did not succeeed, we called
	virConnectClose on uninitialized data.
	Introduced by commit 7eabd55.

2014-08-26  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	storage: remove unused 'canonPath' in virStorageFileGetMetadata
	Introduced by commit 395171f.

2014-08-26  Alex Williamson  <alex.williamson@redhat.com>

	Add new 'kvm' domain feature and ability to hide KVM signature
	QEMU 2.1 added support for the kvm=off option to the -cpu command,
	allowing the KVM hypervisor signature to be hidden from the guest.
	This enables disabling of some paravirualization features in the
	guest as well as allowing certain drivers which test for the
	hypervisor to load.  Domain XML syntax is as follows:
	<domain type='kvm>
	  ...
	  <features>
	    ...
	    <kvm>
	      <hidden state='on'/>
	    </kvm>
	  </features>
	  ...

2014-08-26  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix memory corruption introduced by commit b55cc5f4e
	Commit b55cc5f4e did a shallow copy of libxl_{sdl,vnc}_info from the
	domain config to the build info, which resulted in double-freeing
	strings contained in the structures during cleanup, which later
	resulted in a libvirtd crash.  Fix by performing a deep copy of the
	structure, VIR_STRDUP'ing embedded strings instead of simply copying
	their pointers.
	Fixes the following issue reported on the libvirt dev list
	https://www.redhat.com/archives/libvir-list/2014-August/msg01112.html

2014-08-26  Eric Blake  <eblake@redhat.com>

	maint: drop spurious semicolons
	I noticed a line 'int nparams = 0;;' in remote_dispatch.h, and
	tracked down where it was generated.  While at it, I found a
	couple of other double semicolons.  Additionally, I noticed that
	commit df0b57a95 left a stale reference to the file name
	remote_dispatch_bodies.h.
	* src/conf/numatune_conf.c (virDomainNumatuneNodeParseXML): Drop
	empty statement.
	* tests/virdbustest.c (testMessageStruct, testMessageSimple):
	Likewise.
	* src/rpc/gendispatch.pl (remote_dispatch_bodies.h): Likewise, and
	update stale comments.

	spec: drop anything older than Fedora 13
	RHEL 5 is based on libvirt 0.8.2, as was Fedora 13.  RHEL 5 also
	happens to be the oldest box that we actively support with a
	buildbot, so it is time to clean up some crufty conditionals in
	the spec file that no longer are necessary for modern Fedora.
	Although it is probably okay to make further simplifications to
	a newer minimum Fedora version, that can be done as a later patch.
	This patch just focuses on cleaning any comparison of %{?fedora}
	that will always be true or false once we assume a minimum of F13.
	* libvirt.spec.in: Make with_audit default to on. Move other
	conditionals to a single RHEL-5 block. Simplify any fedora
	comparison older than 13.  Document our assumptions.

2014-08-26  Martin Kletzander  <mkletzan@redhat.com>

	docs: fix bootmenu timeout description

2014-08-25  Zhou Yimin  <zhouyimin@huawei.com>

	daemon: Fix option -v missing info priority log
	Introduce by 63fbcc692.
	When start libvirtd with commandline "/usr/sbin/libvirtd -d -l -v",
	we expect verbose(info level) log if neither environment variable
	nor config file about logging controls is set. But in fact we can't
	get any info priority log in the default output file.
	The log priority of default output is VIR_LOG_DEFAULT(VIR_LOG_WARN),
	so the info log is filtered out.
	To record info priority log we must parse option -v before setting the
	default output.
	After this patch, we get all verbose log in the default output file.

2014-08-25  Erik Skultety  <eskultet@redhat.com>

	iotune: setting an invalid value now reports error
	When trying to set an invalid value into iotune element, standard
	behavior was to not report any error, rather to reset all affected
	subelements of the iotune element back to 0 which results in ignoring
	those particular subelements by XML generator. Patch further
	examines the return code of the virXPathULongLong function
	and in case of an invalid non-integer value raises an error.
	Fixed to preserve consistency with invalid value checking
	of other elements.
	Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1131811

2014-08-25  Martin Kletzander  <mkletzan@redhat.com>

	qemu: add support for splash-timeout
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1021703

	qemu: add capability probing for splash-timeout

	docs, conf: add support for bootmenu timeout

2014-08-25  Pavel Hrdina  <phrdina@redhat.com>

	fix mingw build
	The commit "f5b4c141" introduced new "force" parameter
	for "virFDStreamOpenFileInternal" but forget to update
	one call of that function.

2014-08-25  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	storage: zfs: implement download and upload
	Add an implementation of uploadVol and downloadVol using
	virStorageBackendVolUploadLocal and virStorageBackendVolDownloadLocal
	respectively.

	fdstream: introduce virFDStreamOpenBlockDevice
	virStorageBackendVolDownloadLocal and virStorageBackendVolUploadLocal
	use virFDStreamOpenFile function to work with the volume fd.
	virFDStreamOpenFile calls virFDStreamOpenFileInternal that implements
	handling of the non-blocking I/O. If a file is not a character device and
	not a fifo, it uses libvirt_iohelper.
	On FreeBSD, it doesn't work as expected because disk devices (including
	ZFS volumes) are exposed as character devices, and ZFS volumes do not
	support open(2) with O_NONBLOCK.
	To overcome this, introduce a forceIOHelper flag to
	virFDStreamOpenFileInternal that forces using libvirt_iohelper. And
	introduce virFDStreamOpenBlockDevice that calls
	virFDStreamOpenFileInternal with the forceIOHelper set to true.

	fdstream: report error if virSetNonBlock fails
	virFDStreamOpenInternal terminates if virSetNonBlock fails. As
	virSetNonBlock uses gnulib's set_nonblocking_flag that sets errno,
	call virReportSystemError() to let user know the reason of fail.

2014-08-24  Eric Blake  <eblake@redhat.com>

	maint: fix comment typo
	* src/util/virbuffer.h: s/occured/occurred/

2014-08-23  Eric Blake  <eblake@redhat.com>

	qemu: check for active domain after agent interaction
	Commit b606bbb41 reminded me that any time we drop locks to run
	back-to-back guest interaction commands, we have to check that
	the guest didn't disappear in between the two commands.  A quick
	audit found a couple of spots that were missing this check.
	* src/qemu/qemu_driver.c (qemuDomainShutdownFlags)
	(qemuDomainSetVcpusFlags): Check that domain is still up.

2014-08-23  John Ferlan  <jferlan@redhat.com>

	xenconfig: Resolve Coverity RESOURCE_LEAK
	Since '337a13628' - Coverity complains that 'net' is VIR_ALLOC()'d, but
	on various 'cleanup' exit paths from the code there is no corresponding
	cleanup.

	virnetsocket: Resolve Coverity RESOURCE_LEAK
	Since '1b807f92d' - Coverity complains that in the error paths of
	both virFork() and virProcessWait() that the 'passfd' will not be closed.
	Added the VIR_FORCE_CLOSE(passfd) and initialized it to -1.
	Also noted that variable 'buf' was never really used - so I removed it

	commandtest: Resolve Coverity RESOURCE_LEAK
	Since '62f263a73' - Coverity complains if the !pidfile path is taken,
	then newfd1 would be leaked.

2014-08-22  Erik Skultety  <eskultet@redhat.com>

	numatune: setting --mode does not work well
	When trying to set numatune mode directly using virsh numatune command,
	correct error is raised, however numatune structure was not deallocated,
	thus resulting in creating an empty numatune element in the guest XML,
	if none was present before. Running the same command aftewards results
	in a successful change with broken XML structure. Patch fixes the
	deallocation problem as well as checking for invalid attribute
	combination VIR_DOMAIN_NUMATUNE_PLACEMENT_AUTO + a nonempty nodeset.
	Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1129998

	qemu: min_guarantee: Parameter 'min_guarantee' not supported
	The 'min_guarantee' is used by VMware ESX and OpenVZ drivers,
	with qemu however, libvirt should report error when starting a domain,
	because this element is not used.
	Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1122455

2014-08-22  John Ferlan  <jferlan@redhat.com>

	formatdomain: Reformat vCPU description
	Reformat the vCPU description to use list elements rather than one long
	run-on paragraph

2014-08-22  Michal Privoznik  <mprivozn@redhat.com>

	Fix spacing around commas
	On some places in the libvirt code we have:
	  f(a,z)
	instead of
	  f(a, z)
	This trivial patch fixes couple of such occurrences.

2014-08-22  Alexander Burluka  <aburluka@parallels.com>

	Parallels: Change config report errors code.
	Wrong error code in config errors reporting was used. Fixed it.

	Parallels: fix error with video card RAM dimension
	Libvirt measures vram in Kbytes, not in bytes, so calculation
	of Mbytes was incorrect. PCS server can take vram argument
	with units, so I added K postfix to make params a little bit clearer.

	Parallels: add virNodeGetCPUMap().
	That function caused errors in libvirtd logs when OpenStack Nova
	starts VM instance.

2014-08-22  Martin Kletzander  <mkletzan@redhat.com>

	util: compare floor attribute in virNetDevBandwidthEqual
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1064770

2014-08-22  Li Yang  <liyang.fnst@cn.fujitsu.com>

	virsh: Fix help info for freepages

2014-08-22  Martin Kletzander  <mkletzan@redhat.com>

	build: fix mingw build with virCommandReorderFDs

	daemon: use socket activation with systemd

	rpc: pass listen FD to the daemon being started
	This eliminates the need for active waiting.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=927369

	util: add virCommandPassListenFDs() function
	That sets a new flag, but that flag does mean the child will get
	LISTEN_FDS and LISTEN_PID environment variables properly set and
	passed FDs reordered so that it corresponds with LISTEN_FDS (they must
	start right after STDERR_FILENO).

	tests: support dynamic prefixes in commandtest

	cfg.mk: allow integers to be assigned a value computed with i|j|k
	Even line like this:
	int asdf = i - somevar;
	was matched by the regex, so this patch adds '=' to the list of
	characters that break the regexp.

	daemon: support passing FDs from the calling process
	First FD is the RW unix socket to listen on, second one (if
	applicable) is the RO unix socket.

	rpc: set listen backlog on FDs as well as on other sockets

	remote: create virNetServerServiceNewFDOrUNIX() wrapper
	It's just a wrapper around NewFD and NewUNIX that selects the right
	option and increments the number of used FDs.

	util: abstract parsing of passed FDs into virGetListenFDs()
	Since not only systemd can do this (we'll be doing it as well few
	patches later), change 'systemd' to 'caller' and fix LISTEN_FDS to
	LISTEN_PID where applicable.

2014-08-21  Peter Krempa  <pkrempa@redhat.com>

	conf: net: Correctly switch how to format address fields
	When formatting the forward mode addresses or interfaces the switch was
	done based on the type of the network rather than of the type of the
	individual <interface>/<address> element. In case a user would specify
	an incorrect network type ("passhtrough") with <address> elements,
	libvirtd would crash as it would attempt to format an <interface>.
	Use the type of the individual element to format the XML.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1132347

2014-08-21  Li Yang  <liyang.fnst@cn.fujitsu.com>

	virsh: man: Add LXC format info for domxml-from/to-native

2014-08-21  John Ferlan  <jferlan@redhat.com>

	Perform disk config validity checking for attach-device config
	https://bugzilla.redhat.com/show_bug.cgi?id=1078126
	Using 'virsh attach-device --config' (or --persistent) to attach a
	file backed lun device will succeed; however, subsequent domain restarts
	will result in failure because the configuration of a file backed lun
	is not supported.
	Although allowing 'illegal configurations' is something that can be
	allowed, it may not be practical in this case. Generally, when attaching
	a device to a domain means the domain must be running. A way around
	this is using the --config (or --persistent) option. When an attach
	is done to a running domain, a temporary configuration is modified
	first followed by the live update. The live update will make a number
	of disk validity checks when building the qemu command to attach the
	disk. If any fail, then change is rejected.
	Rather than allow a potentially illegal combination, adjust the code
	in the configuration path to make the same checks as the running path
	will make with respect to disk validity checks. This way we avoid
	having the potential for some subsequent start/reboot to fail because
	an illegal combination was allowed.
	NB: The live path still checks the configuration since it is possible
	to just do --live guest modification...

2014-08-21  Peter Krempa  <pkrempa@redhat.com>

	virsh: Don't print extra '-'s in error message for -k and -K options
	The error message contains one extra dash.

2014-08-21  Michal Privoznik  <mprivozn@redhat.com>

	hvsupport: Adapt to vbox driver rewrite
	Since vbox driver rewrite the virDriver structure init moved from
	vbox_tmpl.c into vbox_common.c. However, our hvsupport.pl script
	doesn't count with that. It still parses vbox_tmp.c and looks for
	virDriver structure which is not found there anymore. As a result,
	at hvsupport page is seems like vbox driver doesn't support
	anything.

2014-08-20  Michal Privoznik  <mprivozn@redhat.com>

	nodeCapsInitNUMA: Avoid @cpumap leak
	In case the host has 2 or more NUMA nodes, we fetch CPU map for each
	node. However, we need to free the CPU map in between loops:
	==29513== 96 (72 direct, 24 indirect) bytes in 3 blocks are definitely lost in loss record 951 of 1,264
	==29513==    at 0x4C2A700: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==29513==    by 0x52AD24B: virAlloc (viralloc.c:144)
	==29513==    by 0x52AF0E6: virBitmapNew (virbitmap.c:78)
	==29513==    by 0x52FB720: virNumaGetNodeCPUs (virnuma.c:294)
	==29513==    by 0x53C700B: nodeCapsInitNUMA (nodeinfo.c:1886)
	==29513==    by 0x11759708: vboxCapsInit (vbox_common.c:398)
	==29513==    by 0x11759CC4: vboxConnectOpen (vbox_common.c:514)
	==29513==    by 0x53C965F: do_open (libvirt.c:1147)
	==29513==    by 0x53C9EBC: virConnectOpen (libvirt.c:1317)
	==29513==    by 0x142905: remoteDispatchConnectOpen (remote.c:1215)
	==29513==    by 0x126ADF: remoteDispatchConnectOpenHelper (remote_dispatch.h:2346)
	==29513==    by 0x5453D21: virNetServerProgramDispatchCall (virnetserverprogram.c:437)

2014-08-20  Peter Krempa  <pkrempa@redhat.com>

	examples: test: Kill unsupported maxMemory element
	The "maxMemory" element was never supported by libvirt. Remove it from
	the test XMLs. (Found while actually trying to add support for a
	identically named element).

2014-08-20  Martin Kletzander  <mkletzan@redhat.com>

	cleanup spaces between parentheses and braces
	And add a syntax-check for '){$'.  It's not perfect, but better than
	nothing.

2014-08-20  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Issue rtc-reset-reinjection command after guest-set-time
	https://bugzilla.redhat.com/show_bug.cgi?id=1103245
	An advice appeared there on the qemu-devel list [1]. When a domain is
	suspended and then resumed guest kernel is not aware of this. So we've
	introduced virDomainSetTime API that resets the time within guest
	using qemu-ga. On the other hand, qemu itself is trying to make RTC
	beat faster to catch the difference. But if we don't tell qemu that
	guest's time was reset via the other method, both mechanisms are
	applied resulting in again wrong guest time. In order to avoid summing
	both corrections we need to tell qemu that it should not use the RTC
	injection if the guest time is set via guest agent.
	1: http://www.mail-archive.com/qemu-devel@nongnu.org/msg236435.html

2014-08-20  Martin Kletzander  <mkletzan@redhat.com>

	qemu: forbid negative blkio values
	Partially resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1131306

	lxc: forbid negative blkio values
	Partially resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1131306

2014-08-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix build error introduced in 653137eb957a278b556c6226424aad5395a
	The build failure is caused by a false positive of some static analysys
	steps done by gcc (that don't happen on -O0).

	qemu: blkiotune: Avoid accessing non-existing disk configuration
	When a user would try changing the persistent IO tuning settings for a
	disk that was hotplugged to a vm in a transient way, the
	qemuDomainSetBlockIoTune API would use the same index for both the
	live and config disk array. The disk was missing from the config array
	though causing a crash of libvirtd.
	To fix the issue, determine the indexes separately.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1131819

2014-08-20  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Label all TAP FDs
	https://bugzilla.redhat.com/show_bug.cgi?id=1095636
	When starting up the domain the domain's NICs are allocated. As of
	1f24f682 (v1.0.6) we are able to use multiqueue feature on virtio
	NICs. It breaks network processing into multiple queues which can be
	processed in parallel by different host CPUs. The queues are, however,
	created by opening /dev/net/tun several times. Unfortunately, only the
	first FD in the row is labelled so when turning the multiqueue feature
	on in the guest, qemu will get AVC denial. Make sure we label all the
	FDs needed.
	Moreover, the default label of /dev/net/tun doesn't allow
	attaching a queue:
	    type=AVC msg=audit(1399622478.790:893): avc:  denied  { attach_queue }
	    for  pid=7585 comm="qemu-kvm"
	    scontext=system_u:system_r:svirt_t:s0:c638,c877
	    tcontext=system_u:system_r:virtd_t:s0-s0:c0.c1023
	    tclass=tun_socket
	And as suggested by SELinux maintainers, the tun FD should be labeled
	as svirt_t. Therefore, we don't need to adjust any range (as done
	previously by Guannan in ae368ebf) rather set the seclabel of the
	domain directly.

2014-08-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Sanitize shared device removal on media change
	Instead of tediously copying of the disk source to remove it later
	ensure that the media change function removes the old device after it
	succeeds.

	qemu: conf: Split out code to retrieve hostdev key and reuse it
	Both addition and removal of a shared hostdev share the code to generate
	the hostdev key. Split it out into a separate function and refactor
	them.

	qemu: conf: Split up qemuRemoveSharedDevice into per-device-type functions
	Removing a shared device needs special steps for disks and hostdevs.
	Instead of having one function dealing this split the code into two
	separate functions that can be used with better granularity.

	qemu: conf: Split up qemuAddSharedDevice into per-device-type functions
	Adding a shared device needs special steps for disks and hostdevs.
	Instead of having one function dealing this split the code into two
	separate functions that can be used with better granularity.

	qemu: conf: rename qemuCheckSharedDevice to qemuCheckSharedDisk
	The qemuCheckSharedDevice function is operating only on disk devices.
	Rename it and change the arguments to reflect that and refactor some
	logic for more readability.

	qemu: shared: Split out shared device list remove code
	Split it out into a separate function and simplify the code. There's no
	need to copy the entry to update it as the hash returns pointer to the
	existing item.
	Also remove the now unused qemuSharedDeviceEntryCopy function.

	qemu: shared: Split out insertion code to the shared device list
	To allow reuse split the code into a separate function and refactor it.
	To update an existing entry there's no need to copy it first, just
	update it inplace.

	qemu: hotplug: Format proper source string for cdrom media change
	Use the qemu source string formatter to format the source string
	correctly for remote and other storage instead of passing source->path
	blindly.

	qemu: hotplug: Change arguments for qemuDomainChangeEjectableMedia
	Pass the source of the changed media instead of a complete disk
	definition.
	Note that the @disk argument now contains what @olddisk would contain.
	The new source is passed as a virStorageSource struct.

	qemu: hotplug: Add helper to initialize/teardown new disks for VMs
	When we are changing media (or doing other hotplug operations) we need
	to setup cgroups, locking and seclabels on the new disk. This is a
	multi-step process where every piece can fail. To simplify dealing with
	this introduce qemuDomainPrepareDisk that similarly to
	qemuDomainPrepareDiskChainElement initializes/tears down  a whole new
	disk to be used with the domain.
	Additionally the function supports passing a different source struct for
	media changes of cdroms that will be refactored later.

	qemu: hotplug: Untangle cleanup paths in qemuDomainChangeEjectableMedia
	Avoid the "audit" label to simplify control flow.

	conf: Pass virStorageSource into virDomainDiskSourceIsBlockType
	All checks are based on the storage source, thus there's no need to pass
	the complete disk def.

	qemu: Explicitly state that hotplugging cdroms and floppies doesn't work

2014-08-20  Giuseppe Scrivano  <gscrivan@redhat.com>

	conf: fix comment

	qemu_command: fix block indentation

	conf, virDomainFSDefPtr: rename "path" argument to "target"

2014-08-20  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add volumes support
	Update bhyveBuildDiskArgStr to support volumes:
	 - Make virBhyveProcessBuildBhyveCmd and
	   virBhyveProcessBuildLoadCmd take virConnectPtr as the
	   first argument instead of bhyveConnPtr as virConnectPtr is
	   needed for virStorageTranslateDiskSourcePool,
	 - Add virStorageTranslateDiskSourcePool call to
	   virBhyveProcessBuildBhyveCmd and
	   virBhyveProcessBuildLoadCmd,
	 - Allow disks of type VIR_STORAGE_TYPE_VOLUME

	storage: make disk source pool translation generic
	Currently, qemu driver uses qemuTranslateDiskSourcePool()
	to translate disk volume information. This function is
	general enough and could be used for other drivers as well,
	so move it to conf/domain_conf.c along with its helpers.
	 - qemuTranslateDiskSourcePool: move to storage/storage_driver.c
	   and rename to virStorageTranslateDiskSourcePool,
	 - qemuAddISCSIPoolSourceHost: move to storage/storage_driver.c
	   and rename to virStorageAddISCSIPoolSourceHost,
	 - qemuTranslateDiskSourcePoolAuth: move to storage/storage_driver.c
	   and rename to virStorageTranslateDiskSourcePoolAuth,
	 - Update users of qemuTranslateDiskSourcePool to use a
	   new name.

2014-08-19  Li Yang  <liyang.fnst@cn.fujitsu.com>

	virsh: Fix comment for net-undefine
	net-undefine doesn't only undefine an inactive network,
	but also an active network(persistent), it just cannot
	undefine a transient network.

2014-08-19  Peter Krempa  <pkrempa@redhat.com>

	driver: Move virDrvNetworkGetDHCPLeases to the appropriate section
	The prototype was along with domain API prototypes instead of network
	API ones.

2014-08-19  Pradipta Kr. Banerjee  <pradipta.banerjee@gmail.com>

	man: virsh: add missing auto-converge option for 'migrate'
	  * tools/virsh.pod (migrate): Add --auto-converge flag

2014-08-19  Martin Kletzander  <mkletzan@redhat.com>

	qemu: allow device block I/O tuning in session mode
	In commit 45ad1adb I added a nicer message for tunings that need
	cgroups when unavailable (unprivileged), but I added this check for
	I/O tuning of block devices, which doesn't need cgroups, because it is
	done by QEMU, so let's fix that.

2014-08-19  Jianwei Hu  <jiahu@redhat.com>

	docs: nwfilter: add missing dscp attribute
	Added attribute dscp to below supported protocols table in nwfilter docs.
	IPV4 (ip)
	TCP/UDP/SCTP (tcp/udp/sctp)
	ICMP (icmp)
	IGMP,ESP,AH,UDPLITE,'ALL' (igmp,esp,ah,udplite,all)
	TCP/UDP/SCTP over IPV6 (tcp-ipv6,udp-ipv6,sctp-ipv6)
	ICMPV6 (icmpv6)
	IGMP,ESP,AH,UDPLITE,'ALL' over IPv6 (igmp-ipv6,esp-ipv6,ah-ipv6,udplite-ipv6,all-ipv6)
	Here is a simple example:
	[root@localhost ~]# virsh nwfilter-dumpxml myself
	<filter name='myself' chain='root'>
	  <uuid>7192ef51-cd50-4f14-ad7b-fa5c69ea19e3</uuid>
	  <rule action='accept' direction='in' priority='500'>
	    <ip dscp='1'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <tcp dscp='1'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <tcp-ipv6 dscp='2'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <icmp dscp='55'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <icmpv6 dscp='55'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <udp dscp='3'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <udp-ipv6 dscp='4'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <udplite dscp='5'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <udplite-ipv6 dscp='6'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <esp dscp='7'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <esp-ipv6 dscp='8'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <ah dscp='9'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <ah-ipv6 dscp='10'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <sctp dscp='11'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <sctp-ipv6 dscp='55'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <igmp dscp='55'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <all-ipv6 dscp='55'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <all dscp='55'/>
	  </rule>
	</filter>

2014-08-19  Chunyan Liu  <cyliu@suse.com>

	cmdMigrate: move vshConnect before vshWatchJob
	A possible fix to issue:
	http://www.redhat.com/archives/libvir-list/2014-August/thread.html#00227
	While doing migration on KVM host, found problem sometimes:
	VM is already running on the target host and disappears from source
	host, but 'virsh migrate' command line hangs, cannot exit normally.
	If pressing "ENTER" key, it will exit.
	The code hangs at tools/virsh-domain.c: cmdMigrate
	->vshWatchJob->poll():
	poll() is trying to select pipe_fd, which is used to receive message
	from doMigrate thread. In debugging, found that doMigrate finishes
	and at the end it does call safewrite() to write the retval ('0' or
	'1') to pipe_fd, and the write is completed. But cmdMigrate poll()
	cannot get the event. If pressing "ENTER" key, poll() can get the
	event and select pipe_fd, then command line can exit.
	In current code, authentication thread which is called by vshConnect
	will use stdin, and at the same time, in cmdMigrate main process,
	poll() is listening to stdin, that probably affect poll() to get
	pipe_fd event. Better to move authentication before vshWatchJob. With
	this change, above problem does not exist.

2014-08-19  Jim Fehlig  <jfehlig@suse.com>

	src/xenconfig: move common parsing/formatting to xen_common
	XM and XL config are very similar.  Disks are specified differently
	in XL, but the old XM disk config is still supported by XL.  XL also
	supports new config like spice that was never supported by XM.
	This patch moves all the common parsing and formatting functions to
	the new file xen_common.c and adapts the XM parser/formatter accordingly.
	This restructuring paves way for introducing an XL parser/formatter in
	the future.
	While moving the code, fixup whitespace, comments, and style issues.

2014-08-19  Kiarie Kahurani  <davidkiarie4@gmail.com>

	src/xenconfig: wrap common formatting code
	Wrap formatting code common to xm and xl in xenFormatConfigCommon
	and export it.

	src/xenconfig: wrap common parsing code
	Wrap parsing code common to xm and xl in xenParseConfigCommon
	and export it.

2014-08-19  Jim Fehlig  <jfehlig@suse.com>

	xen: rename xenxs to xenconfig
	src/xenxs contains parsing/formating functions for the various xen
	config formats, and is better named src/xenconfig.

2014-08-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Pin on per-vcpu basis instead of per-vcpupin element
	Pin existing vcpus rather than existing vcpu pinning infos. This
	increases the complexity of the lookup, but avoids pinning cpus that are
	not enabled actually.

	qemu: cpu: unplug: Remove vcpu pinning on cold cpu unplug
	Remove the pinning info when removing to CPU, otherwise when the VM will
	be started our code will try to pin non-existing vcpus as the definition
	wasn't updated.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1129372

	conf: Refactor virDomainVcpuPinDefParseXML
	Tidy up control flow, change boolean argument to use 'bool', improve
	error message in case the function is used to parse emulator pinning
	info and avoid a few temp variables that made no sense.
	Also when the function is called to parse emulator pinning info, there's
	no need to check the processor ID in that case.

	conf: cpupin: Remove useless checking of vcpupin element count
	The check doesn't make much sense as right below it the entries are
	either checked for duplicity or ignored in some cases. Having this check
	doesn't actually forbid passing invalid values.

	qemu: process: Remove unnecessary argument and rename function
	We set just one affinity of the emulator and the virConnectPtr isn't
	needed for that function.

	virsh: man: Crosslink "desc" and "metadata" sections
	Those two commands work with a single API so cross-link them.

2014-08-18  Li Yang  <liyang.fnst@cn.fujitsu.com>

	man: virsh: Add 'vcpu_period' and 'vcpu_quota' support info for LXC

2014-08-18  Erik Skultety  <eskultet@redhat.com>

	qemu: Redundant listen address entry in quest xml
	When editing guest's XML (on QEMU), it was possible to add multiple
	listen elements into graphics parent element. However QEMU does not
	support listening on multiple addresses. Configuration is tested for
	multiple 'listen address' and if positive, an error is raised.
	https://bugzilla.redhat.com/show_bug.cgi?id=1119212

2014-08-18  Michal Privoznik  <mprivozn@redhat.com>

	daemon: Fix driver registration ordering
	There are some stateless drivers which implement subdrivers
	(typically vbox and its own network and storage subdrivers). However,
	as of ba5f3c7c8ecc10 the vbox driver lives in the daemon, not the
	client library. This means, in order for vbox (or any stateless domain
	driver) to use its subdrivers, it must register before the general
	drivers. Later, when the virConnectOpen function goes through the
	subdrivers, stateless drivers are searched first. If the connection
	request is aiming at stateless driver, it will be opened. Otherwise
	the generic subdriver is opened.
	The other change done in this commit is moving interface module load a
	bit earlier to match the ordering in case libvirt is built without
	driver modules.
	Reported-by: Taowei Luo <uaedante@gmail.com>

2014-08-15  Peter Krempa  <pkrempa@redhat.com>

	man: virsh: Add man page for "virsh metadata"
	Patch adding the command forgot to add the man page entry.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1130379

2014-08-15  Taowei  <uaedante@gmail.com>

	vbox: Introducing vboxCommonDriver
	After this patch, we will have only one common domain driver.
	So, the rewritten on domain driver is finished in this patch.

	vbox: Add registerDomainEvent

	vbox: Rewrite vboxNode functions
	Four functions are rewrite in this patch, that is:
	vboxNodeGetInfo
	vboxNodeGetCellsFreeMemory
	vboxNodeGetFreeMemory
	vboxNodeGetFreePages
	Since these functions has nothing to do with vbox,
	it can be directly moved to vbox_common.c. So, I
	merged these things into one patch.

	vbox: Rewrite vboxConnectListAllDomains

	vbox: Rewrite vboxDomainScreenshot

	vbox: Rewrite vboxDomainSnapshotDelete

	vbox: Rewrite vboxDomainRevertToSnapshot

	vbox: Rewrite vboxDomainSnapshotHasMetadata

	vbox: Rewrite vboxDomainSnapshotIsCurrent

	vbox: Rewrite vboxDomainSnapshotCurrent

	vbox: Rewrite vboxDomainSnapshotGetParent

	vbox: Rewrite vboxDomainHasCurrentSnapshot

	vbox: Rewrite vboxSnapshotLookupByName

	vbox: Rewrite vboxDomainSnapshotListNames

	vbox: Rewrite vboxDomainSnapshotNum

	vbox: Rewrite vboxDomainSnapshotGetXMLDesc

	vbox: Rewrite vboxDomainSnapshotCreateXML
	The vboxDomainSnapshotCreateXML integrated the snapshot redefine
	with this patch:
	http://www.redhat.com/archives/libvir-list/2014-May/msg00589.html
	This patch introduced vboxSnapshotRedefine in vboxUniformedAPI to
	enable the features.
	This patch replace all version specified APIs to the uniformed api,
	then, moving the whole implementation to vbox_common.c. As there
	is only API level changes, the behavior of the function doesn't
	change.
	Some old version's defects has brought to the new one. The already
	known things are:
	    *goto cleanup in a loop without releasing the pointers in the
	    loop.
	    *When function failed after machine unregister, no roll back
	    to recovery it and the virtual machine would disappear.

	vbox: Add API for vboxDomainSnapshotCreateXML

	vbox: Rewrite vboxDomainDetachDeviceFlags

	vbox: Rewrite vboxDomainDetachDevice

	vbox: Rewrite vboxDomainUpdateDeviceFlags
	Since vboxDomainAttachDeviceImple not used in vbox_tmpl.c, it has
	been deleted.

	vbox: Rewrite vboxDomainAttachDeviceFlags

	vbox: Rewrite vboxDomainAttachDevice

	vbox: Rewrite vboxDomainUndefine

	vbox: Rewrite vboxConnectNumOfDefinedDomains

	vbox: Rewrite vboxConnectListDefinedDomains

	vbox: Rewrite vboxDomainGetXMLDesc

	vbox: Add API for vboxDomainGetXMLDesc

	vbox: Rewrite vboxDomainGetMaxVcpus

	vbox: Rewrite vboxDomainGetVcpusFlags

	vbox: Rewrite vboxDomainSetVcpus

	vbox: Rewrite vboxDomainSetVcpusFlags

	vbox: Rewrite vboxDomainGetState

	vbox: Rewrite vboxDomainGetInfo

	vbox: Rewrite vboxDomainSetMemory

	vbox: Rewrite vboxDomainGetOSType

	vbox: Rewrite vboxDomainDestroy

	vbox: Rewrite vboxDomainDestroyFlags

	vbox: Rewrite vboxDomainReboot

	vbox: Rewrite vboxDomainShutdown

	vbox: Rewrite vboxDomainShutdownFlags

	vbox: Rewrite vboxDomainResume

	vbox: Rewrite vboxDomainSuspend

	vbox: Rewrite vboxDomainIsUpdated

	vbox: Rewrite vboxDomainIsPersistent

	vbox: Rewrite vboxDomainIsActive

	vbox: Rewrite vboxDomainLookupByName

	vbox: Rewrite vboxDomainCreateXML

	vbox: Rewrite vboxDomainCreate

	vbox: Rewrite vboxDomainCreateWithFlags

	vbox: Rewrite vboxDomainDefineXML

	vbox: Rewrite vboxDomainUndefineFlags

	vbox: Rewrite vboxDomainLookupByUUID

	vbox: Rewrite vboxDomainLookupById

	vbox: Rewrite vboxConnectNumOfDomains

	vbox: Rewrite vboxConnectListDomains

	vbox: Rewrite vboxConnectGetCapabilities

	vbox: Rewrite vboxConnectGetMaxVcpus

	vbox: Rewrite vboxConnectIsAlive

	vbox: Rewrite vboxConnectIsEncrypted

	vbox: Rewrite vboxConnectIsSecure

	vbox: Rewrite vboxConnectGetHostname

	vbox: Rewrite vboxConnectGetVersion

	vbox: Rewrite vboxDomainSave
	All vbox objects are child objects from the nsISupports in vbox's
	C++ API version. Since the CAPI is generated from the C++ API, I
	kept their relationship here, by the definitations below:
	typedef struct nsISupports nsISupports;
	typedef nsISupports IVirtualBox;
	typedef nsISupports ISession;
	and so on...
	So, when calling the API from nsISupports, we don't need to do
	typecasting, and things work still work well.

	vbox: Rewrite vboxConnectClose

	vbox: Begin to rewrite, vboxConnectOpen
	Introduce vbox_uniformed_api to deal with version conflicts. Use
	vbox_install_api to register the currect vboxUniformedAPI with
	vbox version.
	vboxConnectOpen has been rewritten.

2014-08-15  Laine Stump  <laine@laine.org>

	network: fix crash when starting a network with no <pf> element
	Martin Kletzander pointed out in email that my commit 2a193f64
	introduced a crash in networkCreateInterfacePool() during startup of
	any network that doesn't have a <pf> subelement of its <forward>
	element. He also supplied a patch.
	 http://www.redhat.com/archives/libvir-list/2014-August/msg00655.html
	I expanded on that patch by cleaning up now-extraneous checks in the
	callers of networkCreateInterfacePool().
	Fortunately the offending patch hasn't been in any release, and hasn't
	been (to my knowledge) backported to any other branch.

2014-08-15  Jim Fehlig  <jfehlig@suse.com>

	src/xenxs: Refactor code formating vif device config
	Handle formating of VIF config in a new function xenFormatXMVif().

2014-08-15  Kiarie Kahurani  <davidkiarie4@gmail.com>

	src/xenxs: Refactor code formating peripheral device config
	introduce functions
	  xenFormatXMSound
	  xenFormatXMInputDevs(virConfPtr conf,....);
	which formats peripheral device config instead

	src/xenxs: Refactor code formating Vfb config
	introduce function
	   xenFormatXMVfb(virConfPtr conf,.........);
	which formats Vfb config instead

	src/xenxs: Refactor code formating OS config
	introduce functions
	   xenFormatXMEmulator(virConfPtr conf,........);
	   xenFormatXMCDROM(virConfPtr conf, .......);
	   xenFormatXMOS(virConfPtr conf,........);
	which formats OS and associated config instead

	src/xenxs: Refactor code formating CPU config
	introduce functions
	  xenFormatXMCPUAllocation(virConfPtr conf, ......);
	  xenFormatXMCPUFeatures(virConfPtr conf, ......);
	which formats CPU allocation and features config

	src/xenxs: Refactor code formating xm disk config
	introduce function
	  xenFormatXMDisks(virConfPtr conf,.........);
	which formats domain disks config instead

	src/xenxs: Refactor code formating Char devices config
	introduce function
	   xenFormatXMCharDev(virConfPtr conf,........);
	which formats Char devices config instead

	src/xenxs: Refactor code formating event actions config
	introduce function
	   xenFormatXMEventActions(virConfPtr conf,.........);
	which formats event actions instead

	src/xenxs: Refactor code formating virtual time config
	introduce function
	  xenFormatXMTimeOffset(virConfPtr conf,........);
	which formats time config instead

	src/xenxs: Refactor code formating memory config
	introduce function
	   xenFormatXMMem(virConfPtr conf,...........);
	which parses memory config instead

	src/xenxs: Refactor code formating general VM config
	introduce function
	  xenFormatXMGeneralMeta(virConfPtr conf,......);
	which parses uuid and name instead

2014-08-15  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: fix memleak found by coverity

2014-08-14  Jianwei Hu  <jiahu@redhat.com>

	Maximum vlanid should be 4095 in interface.rng
	The correct vlanid range is 0~4095.
	After merging this patch, we can not validate a interface xml with vlanid >= 4096.
	[root@localhost ~]# cat vlan.xml
	<interface type='vlan' name='eno1.4096'>
	   <start mode='onboot'/>
	   <protocol family='ipv4'>
	    <dhcp/>
	   </protocol>
	   <vlan tag='4096'>
	     <interface name='eno1'/>
	   </vlan>
	</interface>
	[root@localhost ~]# virt-xml-validate vlan.xml
	vlan.xml:1: element interface: Relax-NG validity error : Invalid sequence in interleave
	vlan.xml:6: element vlan: Relax-NG validity error : Element interface failed to validate content
	vlan.xml:6: element vlan: Relax-NG validity error : Element vlan failed to validate attributes
	vlan.xml fails to validate
	[root@localhost ~]#
	Here is a ip command help on this.
	[root@localhost /]# ip link add link eno1 name eno1.90 type vlan help
	Usage: ... vlan [ protocol VLANPROTO ] id VLANID                [ FLAG-LIST ]
	                [ ingress-qos-map QOS-MAP ] [ egress-qos-map QOS-MAP ]
	VLANPROTO: [ 802.1Q / 802.1ad ]
	VLANID := 0-4095
	FLAG-LIST := [ FLAG-LIST ] FLAG
	FLAG := [ reorder_hdr { on | off } ] [ gvrp { on | off } ] [ mvrp { on | off } ]
	        [ loose_binding { on | off } ]
	QOS-MAP := [ QOS-MAP ] QOS-MAPPING
	QOS-MAPPING := FROM:TO

2014-08-14  Richard Weinberger  <richard@nod.at>

	LXC: Fix virLXCControllerSetupDevPTS() wrt user namespaces
	The gid value passed to devpts has to be translated by hand as
	virLXCControllerSetupDevPTS() is called before setting up the user
	and group mappings.
	Otherwise devpts will use an unmapped gid and openpty()
	will fail within containers.
	Linux kernel commit 23adbe12
	("fs,userns: Change inode_capable to capable_wrt_inode_uidgid")
	uncovered that issue.

2014-08-14  Jianwei Hu  <jiahu@redhat.com>

	docs: fix missing forward slash
	   Should like below:
	    <interface type='server'>
	      <mac address='52:54:00:22:c9:42'/>
	      <source address='192.168.0.1' port='5558'/>
	    </interface>
	    ...
	    <interface type='client'>
	      <mac address='52:54:00:8b:c9:51'/>
	      <source address='192.168.0.1' port='5558'/>
	    </interface>

2014-08-14  Sam Bobroff  <sam.bobroff@au1.ibm.com>

	qemu: Tidy up job handling during live migration
	During a QEMU live migration several warning messages about job
	handling could be written to syslog on the destination host:
	"entering monitor without asking for a nested job is dangerous"
	The messages are written because the job handling during migration
	uses hard coded asyncJob values in several places that are incorrect.
	This patch passes the required asyncJob value around and prevents
	the warnings as well as any issues that the warnings may be referring
	to.
	https://bugzilla.redhat.com/show_bug.cgi?id=1130089

2014-08-14  Jincheng Miao  <jmiao@redhat.com>

	build: force configure failed when perl is missing
	Perl is necessary to our build processing, it will invoke a lot of
	generating script, like: gendispatch.pl. If perl is missing, it's
	ok for build from git checkout, because autogen.sh will tell you.
	But for compiling from a release tarball, configure will just record
	a missing message, and continue, then build failed, like:
	https://www.redhat.com/archives/libvirt-users/2014-August/msg00050.html
	So need to enhance configure script to handle this negative case.
	Reported-by: Hongbin Lu <hongbin@savinetwork.ca>

2014-08-14  Mo yuxiang  <moyuxiang@huawei.com>

	conf: fix parsing 'cmd_per_lun' and 'max_sectors'
	commit d9504941 introduces two new attributes "cmd_per_lun" and
	"max_sectors" same with the names QEMU uses for virtio-scsi.
	But the case of parsing them is not exact. Change to parse
	them if controller has "driver" element.

2014-08-14  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: resolve issues in lxcDomainSetMaxMemory
	This patch changes the setmaxmem function to support the '--live',
	'--config', and '--current' flags by revectoring the code through
	the setmem function using the VIR_DOMAIN_MEM_MAXIMUM flag. The
	setmem code is refactored to handle both cases depending on the flag.
	The changed maxmem code for the MEM_MAXIMUM path will not allow
	modification to the memory values of an active guest unless the --config
	switch is used.

2014-08-13  Peter Krempa  <pkrempa@redhat.com>

	daemon: Limit default log level to journald to VIR_LOG_INFO
	Libvirt is really chatty when the DEBUG log level is enabled. When a
	host uses journald we'd enable debug logging to journald when only
	specifying the debug log level. As journald may employ rate throttling
	this would lock up the daemon until it's able to flush all debug
	messages.
	This patch changes the default log level to VIR_LOG_INFO when using the
	default (unconfigured) log output to journald.
	To still allow debug logging to journald the user now has to explicitly
	specify journald as a log output with priority 1 in the "log_outputs"
	configuration option. This patch also changes the config file template
	to be explicit about this change and notify the user about the possible
	consequence of debug logging into journald.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1121955

	libvirtd: conf: Mention support for logging into journald
	Our docs didn't mention the explicit option to log into journald.

2014-08-13  Eric Blake  <eblake@redhat.com>

	maint: improve syntax check for space around =
	Laine Stump noted on IRC that syntax check wasn't flagging his
	typo of 'i= 0'.  This fixes it.
	* build-aux/bracket-spacing.pl: Tighten 'space around =' rule.
	* src/storage/storage_backend.c
	(virStorageBackendCreateExecCommand): Fix offenders.
	* src/util/virnuma.c (virNumaGetDistances): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotDeleteMetadataOnly)
	(vboxNetworkGetXMLDesc): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainLookupByName):
	Likewise.

2014-08-13  Dmitry Guryanov  <dguryanov@parallels.com>

	bhyve: fix error message in bhyveStateInitialize
	If we failed to create BHYVE_STATE_DIR, we should show this
	path, not BHYVE_LOG_DIR.

2014-08-12  Michal Privoznik  <mprivozn@redhat.com>

	qemu_conf: Undefine the correct symbol
	At the beginning of the qemu config file parsing function there
	are 3 helper macros defined: GET_VALUE_BOOL, GET_VALUE_LONG and
	GET_VALUE_STR. Later, when they are no longer needed they are
	undefined in order to keep the namespace clean. However, the
	GET_VALUE_STRING is undefined instead of GET_VALUE_STR.

2014-08-12  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	storage: ZFS support
	Implement ZFS storage backend driver. Currently supported
	only on FreeBSD because of ZFS limitations on Linux.
	Features supported:
	 - pool-start, pool-stop
	 - pool-info
	 - vol-list
	 - vol-create / vol-delete
	Pool definition looks like that:
	 <pool type='zfs'>
	  <name>myzfspool</name>
	  <source>
	    <name>actualpoolname</name>
	  </source>
	 </pool>
	The 'actualpoolname' value is a name of the pool on the system,
	such as shown by 'zpool list' command. Target makes no sense
	here because volumes path is always /dev/zvol/$poolname/$volname.
	User has to create a pool on his own, this driver doesn't
	support pool creation currently.
	A volume could be used with Qemu by adding an entry like this:
	    <disk type='volume' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source pool='myzfspool' volume='vol5'/>
	      <target dev='hdc' bus='ide'/>
	    </disk>

2014-08-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Check domain live state after exitting the monitor
	In qemuMigrationToFile we enter the monitor multiple times and don't
	check if the VM is still alive after returning form the monitor. Add the
	checks to skip pieces of code in case the VM crashes while saving it's
	state.

	qemu: managedsave: Check that VM is alive after entering async job
	Saving a shutoff VM doesn't make sense and libvirtd crashes while
	attempting to do that. Check that the domain is alive after entering
	the save async job.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1129207

	qemu: process: Fix header format of qemuProcessSetVcpuAffinities
	Fix header alignment and remove the unused conn parameter.

2014-08-12  Erik Skultety  <eskultet@redhat.com>

	numatune: Fix parsing of empty nodeset (0,^0)
	Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1121837

2014-08-12  Michal Privoznik  <mprivozn@redhat.com>

	conf: Format interface's driver more frequently
	https://bugzilla.redhat.com/show_bug.cgi?id=1128751
	There's this <driver/> element under <interface/> which can have
	several attributes. However, the driver element is currently formated
	only if the driver's name or txmode has been specified. This makes
	only a little sense as we parse even partial <driver/>, for instance:
	    <interface type='user'>
	      <mac address='52:54:00:e5:48:58'/>
	      <model type='virtio'/>
	      <driver ioeventfd='on' event_idx='on' queues='5'/>
	    </interface>
	But such XML would never get formatted back.

2014-08-12  Eric Blake  <eblake@redhat.com>

	docs: use correct hints per bus type in <disk> examples
	Commit 4cf53158 tried to set up unique labels per disk in the
	example, but ended up choosing strings that don't correspond
	to the usual choice of bus types.  Tweak the strings once again.
	* docs/formatdomain.html.in: Use preferred names.

2014-08-12  Laine Stump  <laine@laine.org>

	network: populate interface pool immediately when network is started
	When a network is defined with "<pf dev='xyz'/>", libvirt will query
	sysfs to learn the list of all virtual functions (VF) associated with
	that Physical Function (PF) then populate the network's interface pool
	accordingly. This action was previously done only when the first guest
	actually requested an interface from the network. This patch changes
	it to populate the pool immediately when the network is started. This
	way any problems with the PF or its VFs will become apparent sooner.
	Note that we can't remove the old calls to networkCreateInterfacePool
	that happen whenever a guest requests an interface - doing so would be
	asking for failures on hosts that had libvirt upgraded with a network
	that had been started but not yet used.
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1047818

	network: make networkCreateInterfacePool more robust
	networkCreateInterfacePool was a bit loose in its error cleanup, which
	could result in a network definition with interfaces in the pool that
	were NULL. This would in turn lead to a libvirtd crash when a guest
	tried to attach an interface using the network with that pool.
	In particular this would happen when creating a pool to be used for
	macvtap connections. macvtap needs the netdev name of the virtual
	function in order to use it, and each VF only has a netdev name if it
	is currently bound to a network driver. If one of the VFs of a PF
	happened to be bound to the pci-stub or vfio-pci driver (indicating
	it's already in use for PCI passthrough), or no driver at all, it
	would have no name. In this case networkCreateInterfacePool would
	return an error, but would leave the netdef->forward.nifs set to the
	total number of VFs in the PF. The interface attach that triggered
	calling of networkCreateInterfacePool (it uses a "lazy fill" strategy)
	would simply fail, but the very next attempt to attach an interface
	using the same network pool would result in a crash.
	This patch refactors networkCreateInterfacePool to bring it more in
	line with current coding practices (label name, use of a switch with
	no default case) as well as providing the following two changes to
	behavior:
	1) If a VF with no netdev name is encountered, just log a warning and
	continue; only fail if exactly 0 devices are found to put in the pool.
	2) If the function fails, clean up any partial interface pool and set
	netdef->forward.nifs to 0.
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1111455

2014-08-12  Guido Günther  <agx@sigxcpu.org>

	Make 'uri' command a bit more prominent.
	This tries to address
	    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688778
	were libvirt autodetected vbox:///session and it wasn't listed in the
	manpage.

	Don't fail qemu driver intialization if we can't determine hugepage size
	Otherwise we fail like
	  libvirt version: 1.2.7, package: 6 (root 2014-08-08-16:09:22 bogon)
	  virAuditOpen:62 : Unable to initialize audit layer: Protocol not supported
	  virFileGetDefaultHugepageSize:2958 : internal error: Unable to parse /proc/meminfo
	  virStateInitialize:749 : Initialization of QEMU state driver failed: internal error: Unable to parse /proc/meminfo
	  daemonRunStateInit:922 : Driver state initialization failed
	if the data can't be determined.
	Reference: http://bugs.debian.org/757609

	Include param.h in case of HAVE_BSD_CPU_AFFINITY
	This fixes compilation on kFreeBSD which otherwise fails like
	  CC       util/libvirt_util_la-virprocess.lo
	In file included from /usr/include/sys/cpuset.h:35:0,
	                 from util/virprocess.c:43:
	/usr/include/sys/_cpuset.h:49:43: error: 'NBBY' undeclared here (not in
	a function)
	  long __bits[howmany(CPU_SETSIZE, _NCPUBITS)];
	                                           ^
	In file included from util/virprocess.c:43:0:
	/usr/include/sys/cpuset.h:215:12: error: unknown type name 'cpusetid_t'
	 int cpuset(cpusetid_t *);
	            ^
	/usr/include/sys/cpuset.h:216:30: error: expected ')' before 'id_t'
	 int cpuset_setid(cpuwhich_t, id_t, cpusetid_t);
	                              ^
	/usr/include/sys/cpuset.h:217:42: error: expected ')' before 'id_t'
	 int cpuset_getid(cpulevel_t, cpuwhich_t, id_t, cpusetid_t *);
	                                          ^
	/usr/include/sys/cpuset.h:218:48: error: expected ')' before 'id_t'
	 int cpuset_getaffinity(cpulevel_t, cpuwhich_t, id_t, size_t, cpuset_t
	*);
	                                                ^
	/usr/include/sys/cpuset.h:219:48: error: expected ')' before 'id_t'
	 int cpuset_setaffinity(cpulevel_t, cpuwhich_t, id_t, size_t, const
	cpuset_t *);
	And it's the correct usage as documented in
	  http://www.freebsd.org/cgi/man.cgi?query=cpuset_setid
	Also change the #ifdef HAVE_BSH_CPU_AFFINITY to #if for consistency.

2014-08-11  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	qemu: use guest-fsfreeze-freeze-list command if mountpoints to freeze specified
	A command to freeze a part of mounted file systems is implemented in
	upstream QEMU-guest-agent with a name of 'guest-fsfreeze-freeze-list'.
	This fixes the name of the command used to partial fsfreeze in qemu driver
	when 'mountpoints' option is specified to virDomainFSFreeze API.

2014-08-11  Jianwei Hu  <jiahu@redhat.com>

	qemu: Actually clear bandwidth settings
	The virDomainSetInterfaceParameters implementation in qemu over
	VIR_DOMAIN_AFFECT_CONFIG doesn't work as expected. When trying to
	clear out the bandwidth settings for an interface, it has no
	actual effect:
	    virsh # domiftune --config $domain $interface
	    inbound.average: 100
	    inbound.peak   : 0
	    inbound.burst  : 0
	    outbound.average: 10
	    outbound.peak  : 0
	    outbound.burst : 0
	    virsh domiftune --config $domain $interface 0 0
	    virsh # domiftune --config $domain $interface
	    inbound.average: 100
	    inbound.peak   : 0
	    inbound.burst  : 0
	    outbound.average: 10
	    outbound.peak  : 0
	    outbound.burst : 0
	But according to virsh man page:
	    To clear inbound or outbound settings, use --inbound or
	    --outbound respectfully with average value of zero.

2014-08-09  Kiarie Kahurani  <davidkiarie4@gmail.com>

	src/xenxs: Refactor code parsing OS config
	introduce function
	  xenParseXMOS(virConfPtr conf,...........);
	which parses the OS config instead

	src/xenxs: Refactor code parsing general config
	introduce function
	   xenParseXMGeneralMeta(virConfPtr conf, .......);
	which parses general metadata instead

	src/xenxs: Refactor code parsing emulated hardware config
	introduce function
	   xenParseXMEmulatedHardware(virConfPtr conf,.........);
	which parses emulated devices config instead

	src/xenxs: Refactor code parsing Vif config
	introduce function
	  xenParseXMVif(virConfPtr conf,........);
	which parses Vfb config instead

	src/xenxs: Refactor code parsing Char devices config
	introduce function
	  xenParseXMCharDev(virConfPtr conf,.........);
	which parses Char devices config instead

	src/xenxs: Refactor code parsing Vfb config
	introduce function
	 xenParseXMVfb(virConfPtr conf,..........);
	which parses Vfb config instead

	src/xenxs: Refactor code parsing xm disk config
	introduce function
	  xenParseXMDisk(virConfPtr conf, ........);
	which parses xm disk config instead

	src/xenxs: Refactor code parsing CPU features
	introduce function
	  xenParseXMCPUFeatures(virConfPtr conf,.........);
	which parses CPU features instead

	src/xenxs: Refactor code parsing PCI config
	introduce function
	   xenParseXMPCI(virConfPtr conf, ........);
	which parses PCI config instead

	src/xenxs: Refactor code parsing event actions
	introduce function
	  xenParseXMEventActions(virConfPtr conf,........)
	which parses events leading to certain actions

	src/xenxs: Refactor code parsing virtual time config
	introduce function
	    xenParseXMTimeOffset(virConfPtr conf,.......);
	which parses time offset config instead

	src/xenxs: Refactor code parsing memory config
	introduce function
	  xenParseXMMem(virConfPtr conf,.........);
	which parses memory config instead

2014-08-08  Peter Krempa  <pkrempa@redhat.com>

	conf: Add USB sound card support and implement it for qemu

2014-08-08  John Ferlan  <jferlan@redhat.com>

	qemu: Remove extraneous space in function prototypes
	During review of the iSCSI hostdev series, eblake noted that the
	prototypes shouldn't have the extranenous space between the "*" and
	the function name:
	http://www.redhat.com/archives/libvir-list/2014-July/msg01227.html
	Since it was more invasive than 1 or 2 lines - I said I'd send a
	patch covering this once committed.

	hostdev: Add iSCSI hostdev XML
	Introduce a new structure to handle an iSCSI host device based on the
	existing virDomainHostdevSubsysSCSI by adding a "protocol='iscsi'" to
	the <source/> element. The existing scsi_host subsystem RNG was modified
	to read an optional "protocol='adapter'", although it won't be written
	out nor is it documented as an option (by choice).
	The new hostdev structure mimics the existing <disk/> element for an
	iSCSI device (network) device. New XML is:
	  <hostdev mode='subsystem' type='scsi' managed='yes'>
	    <source protocol='iscsi' name='iqn.1992-01.com.example'>
	      <host name='example.org' port='3260'/>
	      <auth username='myname'>
	        <secret type='iscsi' usage='mycluster_myname'/>
	      </auth>
	    </source>
	    <address type='drive' controller='0' bus='0' target='2' unit='5'/>
	  </hostdev>
	The controller element will mimic the existing scsi_host code insomuch
	as when 'lsi' and 'virtio-scsi' are used.

	domain_conf: Common routine to handle network storage host xml def
	In preparation for hostdev support for iSCSI and a virStorageNetHostDefPtr,
	split out the network disk storage parsing of the 'host' element into a
	separate routine.

2014-08-08  Eric Blake  <eblake@redhat.com>

	blockjob: fix use-after-free in blockcopy
	Commit febf84c2 tried to delay in-memory modification of the actual
	domain disk structure until after the qemu event was received.
	However, I missed that the code for block pivot had been temporarily
	setting disk->src = disk->mirror prior to the qemu command, in order
	to label the backing chain of a reused external blockcopy disk;
	and calls into qemu while still in that state before finally undoing
	things at the cleanup label.  Since the qemu event handler then does:
	 virStorageSourceFree(disk->src);
	 disk->src = disk->mirror;
	we have the sad race that a fast enough qemu event can cause a leak of
	the original disk->src, as well as a use-after-free of the disk->mirror
	contents, bad enough to crash libvirtd in some of my test runs, even
	though the common case of the qemu event being much later won't trip
	the race.
	I'll go wear the brown paper bag of shame, for introducing a crasher
	in between rc1 and rc2 of the freeze for 1.2.7 :(  My only
	consolation is that virDomainBlockJobAbort requires the domain:write
	ACL, so it is not a CVE.
	The valgrind report when the race occurs looks like:
	==25612== Invalid read of size 4
	==25612==    at 0x50E7C90: virStorageSourceGetActualType (virstoragefile.c:1948)
	==25612==    by 0x209C0B18: qemuDomainDetermineDiskChain (qemu_domain.c:2473)
	==25612==    by 0x209D7F6A: qemuProcessHandleBlockJob (qemu_process.c:1087)
	==25612==    by 0x209F40C9: qemuMonitorEmitBlockJob (qemu_monitor.c:1357)
	...
	==25612==  Address 0xe4b5610 is 0 bytes inside a block of size 200 free'd
	==25612==    at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==25612==    by 0x50839E9: virFree (viralloc.c:582)
	==25612==    by 0x50E7E51: virStorageSourceFree (virstoragefile.c:2015)
	==25612==    by 0x209D7EFF: qemuProcessHandleBlockJob (qemu_process.c:1073)
	==25612==    by 0x209F40C9: qemuMonitorEmitBlockJob (qemu_monitor.c:1357)
	* src/qemu/qemu_driver.c (qemuDomainBlockPivot): Don't corrupt
	disk->src, and only label chain for blockcopy.

	blockjob: avoid memory leak during block pivot
	Valgrind caught a memory leak:
	==2018== 9 bytes in 1 blocks are definitely lost in loss record 143 of 927
	==2018==    at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==2018==    by 0x8C42369: strdup (strdup.c:42)
	==2018==    by 0x50EACC9: virStrdup (virstring.c:676)
	==2018==    by 0x50E79E5: virStorageSourceCopy (virstoragefile.c:1845)
	==2018==    by 0x20A3FAA7: qemuDomainBlockCommit (qemu_driver.c:15620)
	==2018==    by 0x51DC6B2: virDomainBlockCommit (libvirt.c:20092)
	I traced it to the fact that blockcopy and blockcommit end up
	reparsing a backing chain on pivot, but the chain parsing code
	doesn't gracefully handle the case where the backing file is
	already known.
	I'm not exactly sure when this was introduced, but suspect that the
	refactoring in commit 9944b71 and friends that moved towards probing
	in-place rather than into a temporary structure are part of the cause.
	* src/util/virstoragefile.c (virStorageFileGetMetadataInternal):
	Don't leak any prior value.

	docs: use unique dev names in <disk> examples
	Jiri Moskovcak reported on IRC that the documentation on valid
	<disk> was confusing because it didn't have unique dev='...'
	entries.
	* docs/formatdomain.html.in: Use unique names.

2014-08-08  Laine Stump  <laine@laine.org>

	virsh: clean up attach-interface paragraph in man page
	This makes the paragaph about attach-interface more descriptive and
	correct, adding in a few bits of information that were previously
	missing, e.g. --script is only allowed for bridge interfaces of Xen
	domains, target name is regenerated if it starts with vnet, mac
	address will be autogenerated if not specified.
	(I did this in response to an email asking why a script couldn't be
	specified for a bridge interface of a qemu domain, and why an
	interface of type='ethernet' couldn't be created with
	attach-interface)

2014-08-07  Wang Rui  <moon.wangrui@huawei.com>

	daemon: Fix indentation in libvirtd.c

	audit: Fix some comments
	Fix a comment in virDomainAuditNetDevice.
	Fix a typo in comment of qemuPhysIfaceConnect which is
	the caller of virDomainAuditNetDevice.

2014-08-06  Peter Krempa  <pkrempa@redhat.com>

	snapshot: conf: Enforce absolute paths on disk and memory images
	RNG schema as well as the qemu driver requires absolute paths for memory
	and disk snapshot image files but the XML parser was not enforcing it.
	Add checks to avoid problems in qemu where the configuration it creates
	is invalid.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1126329

2014-08-06  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Make virFileFindHugeTLBFS fault tolerant
	Since commit be0782e1 we are parsing /proc/meminfo to find out the
	default huge page size. However, if the host we are running at does
	not support any huge pages (e.g. CONFIG_HUGETLB_PAGE is turned off),
	we will not successfully parse the meminfo file and hence the whole
	qemu driver init process fails. Moreover, the default huge page size
	is needed if and only if there's at least one hugetlbfs mount point.
	So the fix consists of moving the virFileGetDefaultHugepageSize
	function call after the first hugetlbfs mount point is found.
	With this fix, we fail to start with one or more hugetlbfs mounts and
	malformed meminfo file, but that's expected (how can one mount
	hugetlbfs without kernel supporting huge pages?). Workaround in that
	case is to umount all the hugetlbfs mounts.
	Reported-by: Jim Fehlig <jfehlig@suse.com>

2014-08-06  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Node Devices: Fix nodedev-list for fc_host & vports.
	In a system with Fiber Channel Host Adapters, a query to list all Fibre Channel
	HBAs OR Vports currently returns empty list:
	  $ virsh nodedev-list --cap fc_host
	  $
	Libvirt correctly discovers properties for all HBAs. However, the reporting
	fails because of incorrect flag comparison while filtering these types.
	This is fixed by removing references to 'VIR_CONNECT_LIST_NODE_DEVICES_CAP_*'
	for comparison and replacing those with 'VIR_NODE_DEV_CAP_*'
	Introduced by original commit id '652a2ec6'

2014-08-06  Martin Kletzander  <mkletzan@redhat.com>

	qemu: reword caps-related error

2014-08-06  Eric Blake  <eblake@redhat.com>

	blockjob: correctly report active commit for job info
	Commit 232a31b munged job info to report 'active commit' instead of
	'commit' when generating events, but forgot to also munge the polling
	variant of the command.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Adjust type as
	needed.

2014-08-05  Jianwei Hu  <jiahu@redhat.com>

	Fix vlanid attribute name in nwfilter docs
	'vlanid' is the attribute name in our XML,
	'vlan-id' is the ebtables attribute:
	[root@localhost ~]# virsh nwfilter-dumpxml myself
	<filter name='myself' chain='root'>
	  <uuid>7192ef51-cd50-4f14-ad7b-fa5c69ea19e3</uuid>
	  <rule action='accept' direction='in' priority='500'>
	    <vlan dstmacaddr='00:11:22:33:44:55' vlanid='44'/>
	  </rule>
	</filter>
	[root@localhost ~]# ebtables -t nat -L
	Bridge table: nat
	...
	-p 802_1Q -d 0:11:22:33:44:55 --vlan-id 44 -j ACCEPT
	https://bugzilla.redhat.com/show_bug.cgi?id=1126721

2014-08-04  Ján Tomko  <jtomko@redhat.com>

	Don't overwrite errors from virNetDevBandwidthSet
	Otherwise this beautiful error would be overwritten when
	the function is called with a really high rate number:
	2014-07-28 12:51:47.920+0000: 2304: error : virCommandWait:2399 :
	internal error: Child process (/sbin/tc class add dev vnet0 parent 1:
	classid 1:1 htb rate 4294968kbps) unexpected exit status 1: Illegal "rate"
	Usage: ... qdisc add ... htb [default N] [r2q N]
	 default  minor id of class to which unclassified packets are sent {0}
	 r2q      DRR quantums are computed as rate in Bps/r2q {10}
	 debug    string of 16 numbers each 0-3 {0}
	... class add ... htb rate R1 [burst B1] [mpu B] [overhead O]
	                      [prio P] [slot S] [pslot PS]
	                      [ceil R2] [cburst B2] [mtu MTU] [quantum Q]
	 rate     rate allocated to this class (class can still borrow)
	 burst    max bytes burst which can be accumulated during idle period {computed}
	 mpu      minimum packet size used in rate computations
	 overhead per-packet size overhead used in rate computations
	 linklay  adapting to a linklayer e.g. atm
	 ceil     definite upper class rate (no borrows) {rate}
	 cburst   burst but for ceil {computed}
	 mtu      max packet size we create rate map for {1600}
	 prio     priority of leaf; lowe
	https://bugzilla.redhat.com/show_bug.cgi?id=1043735

	virsh: check if domiftune parameters fit into UINT
	We parse the bandwidth rates as unsinged long long,
	then try to fit them in VIR_TYPED_PARAM_UINT.
	Report an error if they exceed UINT_MAX instead of
	quietly using wrong values.
	https://bugzilla.redhat.com/show_bug.cgi?id=1043735

2014-08-04  John Ferlan  <jferlan@redhat.com>

	storage: Refresh storage pool after upload
	https://bugzilla.redhat.com/show_bug.cgi?id=1072653
	Upon successful upload of a volume, the target volume and storage pool
	were not updated to reflect any changes as a result of the upload. Make
	use of the existing stream close callback mechanism to force a backend
	pool refresh to occur in a separate thread once the stream closes. The
	separate thread should avoid potential deadlocks if the refresh needed
	to wait on some event from the event loop which is used to perform
	the stream callback.

2014-08-04  Eric Blake  <eblake@redhat.com>

	Post-release version bump for new dev cycle

2014-08-04  Michal Privoznik  <mprivozn@redhat.com>

	domtop: Remove unused variable
	The variable 'k' in the print_cpu_usage function is not used anywhere
	and can fire a warning on some compilers.

	domtop: Turn parse_argv into void
	Currently, the function follows the usual pattern used in our code:
	  int ret = -1;
	  ...
	  ret = 0;
	 cleanup:
	  return ret;
	However, the function always call exit() on error, so the cleanup
	label is never jumped onto. Therefore, it doesn't make any sense to
	have the parse_argv function return an integer value, if it
	effectively can return only value of zero.

2014-08-04  Martin Kletzander  <mkletzan@redhat.com>

	qemu: fix comment in qemu.conf
	There are multiple mount points after commit 725a211f, but one comment
	wasn't changed to use plurals.

2014-08-03  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.7
	* docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: update localizations and regenerate

2014-08-03  Eric Blake  <eblake@redhat.com>

	build: fix build on cygwin
	Cygwin has getifaddrs(), but not AF_LINK, leading to:
	util/virstats.c: In function 'virNetInterfaceStats':
	util/virstats.c:138:41: error: 'AF_LINK' undeclared (first use in this function)
	         if (ifa->ifa_addr->sa_family != AF_LINK)
	...
	* src/util/virstats.c (virNetInterfaceStats): Only use getifaddrs
	if AF_LINK is present.

2014-08-03  Laine Stump  <laine@laine.org>

	network: always set disable_ipv6, even when it should be 0
	libvirt previously only touched an interface's disable_ipv6 setting in
	sysfs if it needed to be set to 1, assuming that 0 is the
	default. Apparently that isn't always the case though (kernel 3.15.7-1
	in Arch Linux reportedly defaults a new interface's disable_ipv6
	setting to 1) so this patch explicitly sets it to 0 or 1 as
	appropriate.

2014-08-01  Ján Tomko  <jtomko@redhat.com>

	Fix a crash when cloning a volume with no backing store
	Introduced by commit 15213d1, not yet released.

2014-07-30  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: bhyve: document recent changes
	 - mention that one disk and one network limitation
	   is no longer current for 1.2.6 and newer
	 - add 'cdrom' device to the sample domain XML

2014-07-30  Eric Blake  <eblake@redhat.com>

	blockcommit: turn on active commit
	With this in place, I can (finally!) now do:
	virsh blockcommit $dom vda --shallow --verbose --pivot
	and watch qemu shorten the backing chain by one, followed by
	libvirt automatically updating the dumpxml output, effectively
	undoing the work of virsh snapshot-commit --no-metadata --disk-only.
	Commit is SOOOO much faster than blockpull, when I'm still fairly
	close in time to when the temporary qcow2 wrapper file was created
	via a snapshot operation!
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Implement live
	commit.

	blockcommit: track job type in xml
	A future patch is going to wire up qemu active block commit jobs;
	but as they have similar events and are canceled/pivoted in the
	same way as block copy jobs, it is easiest to track all bookkeeping
	for the commit job by reusing the <mirror> element.  This patch
	adds domain XML to track which job was responsible for creating a
	mirroring situation, and adds a job='copy' attribute to all
	existing uses of <mirror>.  Along the way, it also massages the
	qemu monitor backend to read the new field in order to generate
	the correct type of libvirt job (even though it requires a
	future patch to actually cause a qemu event that can be reported
	as an active commit).  It also prepares to update persistent XML
	to match changes made to live XML when a copy completes.
	* docs/schemas/domaincommon.rng: Enhance schema.
	* docs/formatdomain.html.in: Document it.
	* src/conf/domain_conf.h (_virDomainDiskDef): Add a field.
	* src/conf/domain_conf.c (virDomainBlockJobType): String conversion.
	(virDomainDiskDefParseXML): Parse job type.
	(virDomainDiskDefFormat): Output job type.
	* src/qemu/qemu_process.c (qemuProcessHandleBlockJob): Distinguish
	active from regular commit.
	* src/qemu/qemu_driver.c (qemuDomainBlockCopy): Set job type.
	(qemuDomainBlockPivot, qemuDomainBlockJobImpl): Clean up job type
	on completion.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-mirror-old.xml:
	Update tests.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml: Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-active-commit.xml: New
	file.
	* tests/qemuxml2xmltest.c (mymain): Drive new test.

2014-07-30  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Domain config: write <features/> if some capabilities are set.
	If all features are set to default (including the capabilities policy),
	but some capabilities are toggled, we need to output the <features>
	element when formatting the config.

2014-07-30  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix an incorrect example for memoryBacking
	commit 136ad49740f017aabcac48d02d2df6ab7b0195e9
	forgot to add an end-tags for hugepages.

2014-07-30  Eric Blake  <eblake@redhat.com>

	blockjob: properly track blockcopy xml changes on disk
	We were not directly saving the domain XML to file after starting
	or finishing a blockcopy.  Without the startup write, a libvirtd
	restart in the middle of a copy job would forget that the job was
	underway.  Then at pivot, we were indirectly writing new XML in
	reaction to events that occur as we stop and restart the guest CPUs.
	But there was a race: since pivot is an async action, it is possible
	that libvirtd is restarted before the pivot completes, so if XML
	changes during the event, that change was not written.  The original
	blockcopy code cleared out the <mirror> element prior to restarting
	the CPUs, but this is also a race, observed if a user does an async
	pivot and a dumpxml before the event occurs.  Furthermore, this race
	will interfere with active commit in a future patch, because that
	code will rely on the <mirror> element at the time of the qemu event
	to determine whether to inform the user of a normal commit or an
	active commit.
	Fix things by saving state any time we modify live XML, while
	delaying XML disk modifications until after the event completes.  We
	still need a to teach libvirtd restarts to examine all existing
	<mirror> elements to see if the job completed in the meantime (that
	is, if libvirtd misses the event, the updated state still needs to be
	updated in live XML), but that will be a later patch, in part because
	we also need to to start taking advantage of newer qemu's ability to
	keep the job around after completion rather than the current usage
	where the job disappears both on error and on success.
	* src/qemu/qemu_driver.c (qemuDomainBlockCopy): Track XML change
	on disk.
	(qemuDomainBlockJobImpl, qemuDomainBlockPivot): Move job-end XML
	rewrites...
	* src/qemu/qemu_process.c (qemuProcessHandleBlockJob): ...here.

	blockcopy: add more XML for state tracking
	Doing a blockcopy operation across a libvirtd restart is not very
	robust at the moment.  In particular, we are clearing the <mirror>
	element prior to telling qemu to finish the job.  Also, thanks to the
	ability to request async completion, the user can easily regain
	control prior to qemu actually finishing the effort, and they should
	be able to poll the domain XML to see if the job is still going.
	A future patch will fix things to actually wait until qemu is done
	before modifying the XML to reflect the job completion.  But since
	qemu issues identical BLOCK_JOB_COMPLETE events regardless of whether
	the job was cancelled (kept the original disk) or completed (pivoted
	to the new disk), we have to track which of the two operations were
	used to end the job.  Furthermore, we'd like to avoid attempts to
	end a job where we are already waiting on an earlier request to qemu
	to end the job.  Likewise, if we miss the qemu event (perhaps because
	it arrived during a libvirtd restart), we still need enough state
	recorded to be able to determine how to modify the domain XML once
	we reconnect to qemu and manually learn whether the job still exists.
	Although this patch doesn't actually fix the problem, it is a
	preliminary step that makes it possible to track whether a job
	has already begun steps towards completion.
	* src/conf/domain_conf.h (virDomainDiskMirrorState): New enum.
	(_virDomainDiskDef): Convert bool mirroring to new enum.
	* src/conf/domain_conf.c (virDomainDiskDefParseXML)
	(virDomainDiskDefFormat): Handle new values.
	* src/qemu/qemu_process.c (qemuProcessHandleBlockJob): Adjust
	client.
	* src/qemu/qemu_driver.c (qemuDomainBlockPivot)
	(qemuDomainBlockJobImpl): Likewise.
	* docs/schemas/domaincommon.rng (diskMirror): Expose new values.
	* docs/formatdomain.html.in (elementsDisks): Document it.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml: Test it.

2014-07-29  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: error out if PCI passthrough type is not supported
	If PCI passthrough type is not supported, we should error out rather than
	continue building the command line.
	When starting a domain, the type has been already checked by
	qemuPrepareHostdevPCICheckSupport() before building qemu command line,
	so the problem doesn't emerge.
	But when coverting a domain xml without specifying passthrough type explictly
	to qemu arg, we will get a malformed command line.
	the xml:
	    <hostdev mode='subsystem' type='pci' managed='yes'>
	      <source>
	        <address domain='0x0001' bus='0x03' slot='0x00' function='0x0'/>
	      </source>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
	    </hostdev>
	the converted command line:
	  -device ,host=0001:03:00.0,id=hostdev0,bus=pci.0,addr=0x5
	After this patch, virsh gives an error message:
	  virsh domxml-to-native qemu-argv /tmp/tmp.xml
	  error: internal error: invalid PCI passthrough type 'default'

2014-07-29  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement ./hugepages/page/[@size, @unit, @nodeset]

	domain: Introduce ./hugepages/page/[@size, @unit, @nodeset]
	  <memoryBacking>
	    <hugepages>
	      <page size="1" unit="G" nodeset="0-3,5"/>
	      <page size="2" unit="M" nodeset="4"/>
	    </hugepages>
	  </memoryBacking>

	virbitmap: Introduce virBitmapOverlaps
	This internal API just checks if two bitmaps intersect or not.

	qemu: Utilize virFileFindHugeTLBFS
	Use better detection of hugetlbfs mount points. Yes, there can be
	multiple mount points each serving different huge page size.
	Since we already have ability to override the mount point in the
	qemu.conf file, this crazy backward compatibility code is brought in.
	Now we allow multiple mount points, so the "hugetlbfs_mount" option
	must take an list of strings (mount points). But previously, it was
	just a string, so we must accept both types now.

	Introduce virFileFindHugeTLBFS
	This should iterate over mount tab and search for hugetlbfs among with
	looking for the default value of huge pages.

2014-07-29  Peter Krempa  <pkrempa@redhat.com>

	storage: create: Create files with correct mode
	Use correct mode when pre-creating files (for snapshots). The refactor
	changing to storage driver usage caused a regression as some systems
	created the file with 000 permissions forbidding qemu to write the file.
	Pass mode to the creating functions to avoid the problem.
	Regression since 185e07a5f82bc0692324f3ee13b4816d71b653c1.

2014-07-29  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	schema: bhyve and nmdm updates
	* docs/schemas/domaincommon.rng: Add bhyve domain type, nmdm
	  serial type and master and slave optional attributes for
	  serial that are used by nmdm
	* tests/domainschematest: Add bhyvexml2argvdata directory
	  to validate bhyve XMLs

2014-07-29  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	nodedev: fix a uninitialized variable build failure
	Fix a -Werror=maybe-uninitialized warning

2014-07-29  Eric Blake  <eblake@redhat.com>

	nodedev: fix pci express memory leak
	Leak introduced in commit 16ebf10f (v1.2.6), detected by valgrind:
	==9816== 216 (96 direct, 120 indirect) bytes in 6 blocks are definitely lost in loss record 665 of 821
	==9816==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==9816==    by 0x50836FB: virAlloc (viralloc.c:144)
	==9816==    by 0x1DBDBE27: udevProcessPCI (node_device_udev.c:546)
	==9816==    by 0x1DBDD79D: udevGetDeviceDetails (node_device_udev.c:1293)
	* src/util/virpci.h (virPCIEDeviceInfoFree): New prototype.
	* src/util/virpci.c (virPCIEDeviceInfoFree): New function.
	* src/conf/node_device_conf.c (virNodeDevCapsDefFree): Clear
	pci_express under pci case.
	(virNodeDevCapPCIDevParseXML): Avoid leak.
	* src/node_device/node_device_udev.c (udevProcessPCI): Likewise.
	* src/libvirt_private.syms (virpci.h): Export it.

	nodedev: move pci express types to virpci.h
	Finding virPCIE* code is more intuitive if located in virpci.h
	instead of node_device_conf.h.
	* src/conf/node_device_conf.h (virPCIELinkSpeed, virPCIELink)
	(virPCIEDeviceInfo): Move...
	* src/util/virpci.h: ...here.
	* src/conf/node_device_conf.c (virPCIELinkSpeed): Likewise.

	nodedev: let compiler help us on switches
	The compiler can alert us to places where we need to expand switch
	statements because we add a new enum value, but only if we don't
	have a default case.
	* src/conf/node_device_conf.c (virNodeDeviceDefFormat)
	(virNodeDevCapsDefParseXML, virNodeDevCapsDefFree): Drop default
	case.

2014-07-28  Peter Krempa  <pkrempa@redhat.com>

	qemu: sound: Fix uninitialized model string
	Commit e5f36698e3efc3d258b2996c7423c47e05ec52b2 introduces a
	false-positive build failure in the sound card model handling switch.
	Initialize the model to NULL although the value should never be used.

	qemu: sound: Handle all possible sound cards in switch statement
	Use correct type in the switch and handle all sound card models in it so
	that the compiler tracks additions.

	conf: RNG: Always fill in default random source path for default backend
	Libvirt documents that the default entropy source for the 'random'
	backend of a RNG device is /dev/random. Instead of storing and
	propagating NULL across our code and checking it in multiple places fill
	the default in the post parse callback and use that in the other places.

2014-07-26  Cole Robinson  <crobinso@redhat.com>

	spec: arm and aarch64 have kvm support with F20+

	spec: Use power64 macro
	Covers the whole ppc64 family. Example bug for binutils:
	https://bugzilla.redhat.com/show_bug.cgi?id=834651

2014-07-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix starting of VMs with empty CDROM drives
	Since 24e5cafba6dbc2722e05f92dc0ae31b0f938f9f0 (thankfully unreleased)
	when a VM with an empty disk drive would be started the code would call
	stat() on NULL path as a check was missing from the callback rendering
	machines unstartable.
	Report success when the path is empty (denoting an empty drive).

2014-07-25  Martin Kletzander  <mkletzan@redhat.com>

	libvirt-guests: fix some typos in a comment

2014-07-25  James  <james.wangyufei@huawei.com>

	util: virTimeFieldsThenRaw never returns negative
	virTimeFieldsThenRaw will never return negative result, so I clean up
	the related meaningless judgements to make it better.

2014-07-25  Li Yang  <liyang.fnst@cn.fujitsu.com>

	libvirt: Fix 'quest' typo in comment

2014-07-25  Peter Krempa  <pkrempa@redhat.com>

	test: qemu: Add tests for multiple virtio-rng devices

	virtio-rng: allow multiple RNG devices
	qemu supports adding multiple RNG devices. This patch allows libvirt to
	support this.

	qemu: cgroup: Don't use NULL path on default backed RNGs
	The "random" backend for virtio-rng can be started with no path
	specified which equals to /dev/random. The cgroup code didn't consider
	this and called few of the functions with NULL resulting into:
	 $ virsh start rng-vm
	 error: Failed to start domain rng-vm
	 error: Path '(null)' is not accessible: Bad address
	Problem introduced by commit c6320d34637a9883e31c4081d418fc33a4277cf2

2014-07-25  Michal Privoznik  <mprivozn@redhat.com>

	qemuConnectGetDomainCapabilities: Report error on unknown arch
	If user hasn't provided any @emulatorbin, the qemuCaps are
	searched by @arch provided (which in fact can be guessed from the
	host). However, there's no guarantee that the qemu binary for
	@arch will exist.  Therefore qemu capabilities may be nonexistent
	too. If that's the case, we should throw an error message prior
	jumping onto 'cleanup' label as the helper lookup function
	remains silent on no search result.

2014-07-24  Martin Kletzander  <mkletzan@redhat.com>

	remove range checking for blkiotune weight
	This was changed before:
	https://www.redhat.com/archives/libvir-list/2013-October/msg00525.html
	but not everywhere in the code.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1100769

2014-07-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: cdrom support
	Add support for CDROM devices for bhyve driver using
	bhyve(8)'s 'ahci-cd' device type.
	As bhyve currently does not support media insertion at runtime,
	disallow to start a domain with an empty source path for cdrom
	devices.

2014-07-24  Martin Kletzander  <mkletzan@redhat.com>

	virsh: add option for selecting domdisplay type
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=997802

	virsh: add error message when no graphical display is found

2014-07-24  John Ferlan  <jferlan@redhat.com>

	hostdev: Introduce virDomainHostdevSubsysSCSIiSCSI
	Create the structures and API's to hold and manage the iSCSI host device.
	This extends the 'scsi_host' definitions added in commit id '5c811dce'.
	A future patch will add the XML parsing, but that code requires some
	infrastructure to be in place first in order to handle the differences
	between a 'scsi_host' and an 'iSCSI host' device.

	Add virConnectPtr for qemuBuildSCSIHostdevDrvStr
	Add a conn for future patches to be able to grab the secret when
	authenticating an iSCSI host device

	hostdev: Introduce virDomainHostdevSubsysSCSIHost
	Split virDomainHostdevSubsysSCSI further. In preparation for having
	either SCSI or iSCSI data, create a union in virDomainHostdevSubsysSCSI
	to contain just a virDomainHostdevSubsysSCSIHost to describe the
	'scsi_host' host device

	hostdev: Introduce virDomainHostdevSubsysSCSI
	Create a separate typedef for the hostdev union data describing SCSI
	Then adjust the code to use the new pointer

	hostdev: Introduce virDomainHostdevSubsysPCI
	Create a separate typedef for the hostdev union data describing PCI.
	Then adjust the code to use the new pointer

	hostdev: Introduce virDomainHostdevSubsysUSB
	Create a separate typedef for the hostdev union data describing USB.
	Then adjust the code to use the new pointer

2014-07-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Use storage driver to pre-create snapshot file
	Move the last operation done on local files to the storage driver API.

	storage: Implement virStorageFileCreate for local and gluster files
	Add backends for this frontend function so that we can use it in the
	snapshot creation code.

	qemu: Implement DAC driver chown callback to co-operate with storage drv
	Use the storage driver to chown remote images.

	security: DAC: Plumb usage of chown callback
	Use the callback to set disk and storage image labels by modifying the
	existing functions and adding wrappers to avoid refactoring a lot of the
	code.

	security: DAC: Introduce callback to perform image chown
	To integrate the security driver with the storage driver we need to
	pass a callback for a function that will chown storage volumes.
	Introduce and document the callback prototype.

	security: DAC: Remove superfluous link resolution
	When restoring security labels in the dac driver the code would resolve
	the file path and use the resolved one to be chown-ed. The setting code
	doesn't do that. Remove the unnecessary code.

	storage: Add witness for checking storage volume use in security driver
	With my intended use of storage driver assist to chown files on remote
	storage we will need a witness that will tell us whether the given
	storage volume supports operations needed by the storage driver.

	storage: Implement storage driver helper to chown disk images
	Gluster storage works on a similar principle to NFS where it takes the
	uid and gid of the actual process and uses it to access the storage
	volume on the remote server. This introduces a need to chown storage
	files on gluster via native API.

2014-07-24  Michal Privoznik  <mprivozn@redhat.com>

	qemuConnectGetDomainCapabilities: Use wiser defaults
	Up to now, users have to pass two arguments at least: domain virt type
	('qemu' vs 'kvm') and one of emulatorbin or architecture. This is not
	much user friendly. Nowadays users mostly use KVM and share the host
	architecture with the guest. So now, the API (and subsequently virsh
	command) can be called with all NULLs  (without any arguments).
	Before this patch:
	 # virsh domcapabilities
	 error: failed to get emulator capabilities
	 error: virttype_str in qemuConnectGetDomainCapabilities must not be NULL
	 # virsh domcapabilities kvm
	 error: failed to get emulator capabilities
	 error: invalid argument: at least one of emulatorbin or architecture fields must be present
	After:
	 # virsh domcapabilities
	 <domainCapabilities>
	   <path>/usr/bin/qemu-system-x86_64</path>
	   <domain>kvm</domain>
	   <machine>pc-i440fx-2.1</machine>
	   <arch>x86_64</arch>
	   <vcpu max='255'/>
	 </domainCapabilities>

2014-07-24  Martin Kletzander  <mkletzan@redhat.com>

	numatune: finish the split from domain_conf and remove all dependencies
	This patch adds back the virDomainDef typedef into domain_conf and
	makes all the numatune_conf functions independent of any virDomainDef
	definitions.

2014-07-24  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	leaseshelper: avoid mem leak after storing lease entries
	Contents of existing lease file were being stored in a variable
	which was never freed.

2014-07-24  Eric Blake  <eblake@redhat.com>

	maint: simplify some syntax check exemptions
	Commit 5028160 accidentally weakened the strtol prohibitions to
	skip ALL files under src/util instead of the former situation of
	just protecting util/virsexpr.c; even though NONE of the files
	in that directory need any protection.
	Shorten some long lines while at it.
	* cfg.mk (exclude_file_name_regexp--sc_prohibit_strtol): No need
	to exclude all of util.
	(exclude_file_name_regexp--sc_prohibit_sprintf): Reduce long line.
	(exclude_file_name_regexp--sc_prohibit_raw_allocation): Likewise.

	conf: avoid memory leaks while parsing seclabel
	Our seclabel parsing was repeatedly assigning malloc'd data into a
	temporary variable, without first freeing the previous use.  Among
	other leaks flagged by valgrind:
	==9312== 8 bytes in 1 blocks are definitely lost in loss record 88 of 821
	==9312==    at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==9312==    by 0x8C40369: strdup (strdup.c:42)
	==9312==    by 0x50EA799: virStrdup (virstring.c:676)
	==9312==    by 0x50FAEB9: virXPathString (virxml.c:90)
	==9312==    by 0x50FAF1E: virXPathStringLimit (virxml.c:112)
	==9312==    by 0x510F516: virSecurityLabelDefParseXML (domain_conf.c:4571)
	==9312==    by 0x510FB20: virSecurityLabelDefsParseXML (domain_conf.c:4720)
	While it was multiple problems, it looks like commit da78351 (thankfully
	unreleased) was to blame for all of them.
	* src/conf/domain_conf.c (virSecurityLabelDefParseXML): Plug leaks
	detected by valgrind.

	nwfilter: plug memory leak with firewall
	Introduced in commit 70571ccc (v1.2.4). Caught by valgrind:
	==9816== 170 (32 direct, 138 indirect) bytes in 1 blocks are definitely lost in loss record 646 of 821
	==9816==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==9816==    by 0x50836FB: virAlloc (viralloc.c:144)
	==9816==    by 0x50AEC2B: virFirewallNew (virfirewall.c:204)
	==9816==    by 0x1E2308ED: ebiptablesDriverProbeStateMatch (nwfilter_ebiptables_driver.c:3715)
	==9816==    by 0x1E2309AD: ebiptablesDriverInit (nwfilter_ebiptables_driver.c:3742)
	* src/nwfilter/nwfilter_ebiptables_driver.c
	(ebiptablesDriverProbeStateMatch): Properly clean up.

	metadata: track title edits across libvirtd restart
	https://bugzilla.redhat.com/show_bug.cgi?id=1122205
	Although the edits were changing in-memory XML, it was not flushed
	to disk; so unless some other action changes XML, a libvirtd restart
	would lose the changed information.
	* src/conf/domain_conf.c (virDomainObjSetMetadata): Add parameter,
	to save live status across restarts.
	(virDomainSaveXML): Allow for test driver.
	* src/conf/domain_conf.h (virDomainObjSetMetadata): Adjust
	signature.
	* src/bhyve/bhyve_driver.c (bhyveDomainSetMetadata): Adjust caller.
	* src/lxc/lxc_driver.c (lxcDomainSetMetadata): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSetMetadata): Likewise.
	* src/test/test_driver.c (testDomainSetMetadata): Likewise.

2014-07-23  John Ferlan  <jferlan@redhat.com>

	docs: Point to list of valid pool target volume formats
	https://bugzilla.redhat.com/show_bug.cgi?id=1092886
	Rather than point off to some nefarious "pool-specific docs" page when
	describing the "format" field for the target pool provide a link to the
	storage driver page which describes the various valid formats for each
	pool type.  Also make it a bit more clear that if a valid format isn't
	specified, then the type field is ignored.

2014-07-23  Jiri Denemark  <jdenemar@redhat.com>

	spec: Enable sanlock on qemu_kvm_arches for RHEL

2014-07-23  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Added myself in AUTHORS.in

	Documented VIR_DOMAIN_FEATURE_CAPABILITIES use of virDomainCapabilitesPolicy

2014-07-23  Ján Tomko  <jtomko@redhat.com>

	Introduce virTristateSwitch enum
	For the values "default", "on", "off"
	Replaces
	virDeviceAddressPCIMulti
	virDomainFeatureState
	virDomainIoEventFd
	virDomainVirtioEventIdx
	virDomainDiskCopyOnRead
	virDomainMemDump
	virDomainPCIRombarMode
	virDomainGraphicsSpicePlaybackCompression

	Introduce virTristateBool enum type
	Replace all three-state (default/yes/no) enums with it:
	virDomainBIOSUseserial
	virDomainBootMenu
	virDomainPMState
	virDomainGraphicsSpiceClipboardCopypaste
	virDomainGraphicsSpiceAgentFileTransfer
	virNetworkDNSForwardPlainNames

2014-07-23  Peter Krempa  <pkrempa@redhat.com>

	Fix build after 47e5b5ae3262f140955abd57bbb13337c65a3497
	The patch described above introduced two problems caught by the compiler
	and thus breaking the build.
	One of the problems was comparison of unsigned with < 0 and the second
	one jumped a variable init.

2014-07-23  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: show used memory as 0 when domain is not active
	Before:
	virsh # dominfo chx3
	State:          shut off
	Max memory:     92160 KiB
	Used memory:    92160 KiB
	After:
	virsh # dominfo container1
	State:          shut off
	Max memory:     92160 KiB
	Used memory:    0 KiB
	Similar to qemu cases.

2014-07-23  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc domain from xml: convert lxc.cap.drop

	lxc: allow to keep or drop capabilities
	Added <capabilities> in the <features> section of LXC domains
	configuration. This section can contain elements named after the
	capabilities like:
	  <mknod state="on"/>, keep CAP_MKNOD capability
	  <sys_chroot state="off"/> drop CAP_SYS_CHROOT capability
	Users can restrict or give more capabilities than the default using
	this mechanism.

2014-07-23  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: create a bind mount for sysfs when enable userns but disable netns
	kernel commit 7dc5dbc879bd0779924b5132a48b731a0bc04a1e
	forbid us doing a fresh mount for sysfs
	when enable userns but disable netns.
	This patch will create a bind mount in this senario.

2014-07-22  Michal Privoznik  <mprivozn@redhat.com>

	tests: Remove stale scsihostdata dir
	In the fbd91d49 commit, new scsihostdata dir is added to EXTRA_DIST in
	the tests/Makefile.am. However, the directory itself is not created
	anywhere, nor in the commit.

2014-07-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Forbid taking/reverting snapshots in PMSUSPENDED state
	Qemu doesn't currently support them and behaves strangely. Just forbid
	them.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1079162

	qemu: snapshot: Forbid taking snapshot in invalid state
	Similarly to 49a3a649a85f9d3d478be355aa8694bce889586a forbid creating
	snapshots in domain states impossible to reach in qemu.

2014-07-22  Michal Privoznik  <mprivozn@redhat.com>

	domtop: Fix build on mingw
	Firstly, there's no sigaction() nor struct sigaction on mingw. We have
	to use the one implemented by gnulib (and hence link with gnulib).
	Then, for some reason one header file from windows defines ERROR
	symbol. Yes it does. Sigh.

2014-07-22  Eric Blake  <eblake@redhat.com>

	build: fix build without numactl
	Under ./configure --without-numactl but with numactl-devel installed,
	the build fails with:
	../../src/util/virnuma.c: In function 'virNumaNodeIsAvailable':
	../../src/util/virnuma.c:407:5: error: implicit declaration of function 'numa_bitmask_isbitset' [-Werror=implicit-function-declaration]
	     return numa_bitmask_isbitset(numa_nodes_ptr, node);
	     ^
	and other failures, all because the configure results for particular
	functions were used without regard to whether libnuma was even being
	linked in.
	* src/util/virnuma.c (virNumaGetPages): Fix message typo.
	(virNumaNodeIsAvailable): Correct build when not using numactl.

2014-07-22  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	storage: logical: drop useless if
	virStorageBackendLogicalCreateVol contains a piece like:
	    if (vol->target.path != NULL) {
	        /* A target path passed to CreateVol has no meaning */
	        VIR_FREE(vol->target.path);
	    }
	The 'if' is useless here, but 'syntax-check' doesn't catch that
	because of the comment, so drop the 'if'.

	Fix build on non-Linux platforms
	Commit ef48a1b introduced virFindSCSIHostByPCI for Linux and
	a stub for other platforms that returns -1 while the function
	should return 'char *', so use 'return NULL' instead.
	Commit fbd91d4 introduced virReadSCSIUniqueId with the third
	argument 'int *result', however the stub for non-Linux patform
	uses 'unsigned int *result', so change it to 'int *result'.
	Pushed under the build breaker rule.

2014-07-22  John Ferlan  <jferlan@redhat.com>

	getAdapterName: Lookup stable scsi_host
	If a parentaddr was provided in the XML, have getAdapterName lookup
	the stable address.  This allows virStorageBackendSCSICheckPool() and
	virStorageBackendSCSIRefreshPool() to automagically find the scsi_host
	by its PCI address and unique_id

	scsi_host: Introduce virFindSCSIHostByPCI
	Introduce a new function to parse the provided scsi_host parent address
	and unique_id value in order to find the /sys/class/scsi_host directory
	which will allow a stable SCSI host address
	Add a test to scsihosttest to lookup the host# name by using the PCI address
	and unique_id value

	Add unique_id to nodedev output
	Add an optional unique_id parameter to nodedev.  Allows for easier lookup
	and display of the unique_id value in order to document for use with
	scsi_host code.

	virutil: Introduce virReadSCSIUniqueId
	Introduce a new function to read the current scsi_host entry and return
	the value found in the 'unique_id' file.
	Add a 'scsihosttest' test (similar to the fchosttest, but incorporating some
	of the concepts of the mocked pci test library) in order to read the
	unique_id file like would be found in the /sys/class/scsi_host tree.

	scsi_backend: Use existing LINUX_SYSFS_SCSI_HOST_PREFIX definition
	Rather than supplying the path again in the formatting of the sysfs
	scsi_host directory.

2014-07-22  Osier Yang  <jyang@redhat.com>

	storage: Introduce parentaddr into virStoragePoolSourceAdapter
	Between reboots and kernel reloads, the SCSI host number used for SCSI
	storage pools may change requiring modification to the storage pool XML
	in order to use a specific SCSI host adapter.
	This patch introduces the "parentaddr" element and "unique_id" attribute
	for the SCSI host adapter in order to uniquely identify the adapter
	between reboots and kernel reloads. For now the goal is to only parse
	and format the XML. Both will be required to be provided in order to
	uniquely identify the desired SCSI host.
	The new XML is expected to be as follows:
	  <adapter type='scsi_host'>
	    <parentaddr unique_id='3'>
	      <address domain='0x0000' bus='0x00' slot='0x1f' func='0x2'/>
	    </parentaddr>
	  </adapter>
	where "parentaddr" is the parent device of the SCSI host using the PCI
	address on which the device resides and the value from the unique_id file
	for the device. Both the PCI address and unique_id values will be used
	to traverse the /sys/class/scsi_host/ directories looking at each link
	to match the PCI address reformatted to the directory link format where
	"domain:bus:slot:function" is found.  Then for each matching directory
	the unique_id file for the scsi_host will be used to match the unique_id
	value in the xml.
	For a PCI address listed above, this will be formatted to "0000:00:1f.2"
	and the links in /sys/class/scsi_host will be used to find the host#
	to be used for the 'scsi_host' device. Each entry is a link to the
	/sys/bus/pci/devices directories, e.g.:
	%  ls -al /sys/class/scsi_host/host2
	lrwxrwxrwx. 1 root root 0 Jun  1 00:22 /sys/class/scsi_host/host2 -> ../../devices/pci0000:00/0000:00:1f.2/ata3/host2/scsi_host/host2
	% cat /sys/class/scsi_host/host2/unique_id
	3
	The "parentaddr" and "name" attributes are mutually exclusive to identify
	the SCSI host number. Use of the "parentaddr" element will be the preferred
	mechanism.
	This patch only supports to parse and format the XMLs. Later patches will
	add code to find out the scsi host number.

	virStoragePoolSourceAdapter: Refine the SCSI_HOST adapter name
	Preparation for future patches by creating a scsi_host union. For now,
	just the 'name' will be present.

2014-07-22  John Ferlan  <jferlan@redhat.com>

	getAdapterName: check for SCSI_HOST
	Rather than assume that NOT FC_HOST is SCSI_HOST, let's call them out
	specifically. Makes it easier to find SCSI_HOST code/structs and ensures
	something isn't missed in the future

2014-07-22  Peter Krempa  <pkrempa@redhat.com>

	schema: pool: netfs: Don't enforce slash in glusterfs pool source
	Gluster volumes don't start with a leading slash. Our schema for netfs
	gluster pools enforces it though. Luckily mount.glusterfs skips it.
	Allow a slashless volume name for glusterfs netfs mounts in the schema.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1101999

2014-07-21  Peter Krempa  <pkrempa@redhat.com>

	doc: Explicitly specify how to override spice channel mode
	Be more clear that the "<channel mode=" attribute overrides the default
	set by "defaultMode".
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1033704

	node_device: HAL: Ignore return value of virStrToLong_ui
	Commit 5df813177c3b609a8cf5db26ae94b26d4a40063d forgot to adjust a few
	callers of virStrToLong_ui to ignore the returned value in some ancient
	parts of the code.

	util: Check return value from virStrToLong* functions
	We do so in the vast majority of places, so there's no problem of adding
	the attribute to enforce it by the complier and fix a few leftover
	places.
	This was originally pointed out by Coverity as a recent change triggered
	it's warning that our code checked the vast majority of returns from
	virStrToLong_ui.

	examples: domtop: Avoid leaking memory
	Use the virTypedParamsFree unconditionally as it handles NULL well and
	has the benefit of freeing a typed parameter array even if it wasn't yet
	assigned, but only allocated.

	examples: domtop: Fix uninitialized variable use
	max_id could be used uninitialized in the cleanup section after the
	domain wasn't found.
	Discovered by Coverity.

	qemu: snapshot: Reject revertion from clearly bad states
	Report errors on some states snapshots done by qemu should never reach

	qemu: snapshot: Convert if-else switch to switch statement
	Convert the target snapshot state selector to a switch statement
	enumerating all possible values. This points out a few mistakes in the
	original selector.
	The logic of the code is preserved until later patches.

2014-07-19  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: reconnect to domains after libvirtd restart
	Try to reconnect to the running domains after libvirtd restart. To
	achieve that, do:
	 * Save domain state
	  - Modify virBhyveProcessStart() to save domain state to the state
	    dir
	  - Modify virBhyveProcessStop() to cleanup the pidfile and the state
	 * Detect if the state information loaded from the driver's state
	   dir matches the actual state. Consider domain active if:
	    - PID it points to exist
	    - Process title of this PID matches the expected one with the
	      domain name
	   Otherwise, mark the domain as shut off.
	Note: earlier development bhyve versions before FreeBSD 10.0-RELEASE
	didn't set proctitle we expect, so the current code will not detect
	it. I don't plan adding support for this unless somebody requests
	this.

2014-07-19  Hu Tao  <hutao@cn.fujitsu.com>

	doc: add domain to address of hostdev pci
	libvirt supports pci domain already, so update the documentation.
	Otherwise users who lookup the documentation for how to use hostdev may
	miss the domain and encounter error when pass-through a pci device in a
	domain other than 0.

2014-07-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Forbid snapshots of iSCSI passthrough devices
	As with the local SCSI passthrough devicesm qemu can't support snapshots
	on those as the block ops are handled by the device. This is also true
	for iSCSI backing of the disk. Remove the check for the local block
	device and just forbid snapshot when the disk is of type 'lun'.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1073368

	doc: domain: Clarify that disk type 'lun' works with iSCSI too
	Disk type 'lun' enables SCSI command passthrough for a disk. We stated
	that it works only with "block" disks. Qemu supports it also when using
	the iSCSI protocol.

2014-07-18  Michal Privoznik  <mprivozn@redhat.com>

	examples: Introduce domtop
	There's this question on the list that is asked over and over again.
	How do I get {cpu, memory, ...} usage in percentage? Or its modified
	version: How do I plot nice graphs like virt-manager does?
	It would be nice if we have an example to inspire people. And that's
	what domtop should do. Yes, it could be written in different ways, but
	I've chosen this one as I think it show explicitly what users need to
	implement in order to imitate virt-manager's graphing.
	Note: The usage is displayed from host perspective. That is, how much
	host CPUs the domain is using. But it should be fairly simple to
	switch do just guest CPU usage if needed.

	Kill last strto{l,ll,d} scouts
	There's no need to use it since we have this shiny functions
	that even checks for conversion and overflow errors.

2014-07-18  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc conf2xml: convert lxc.network.name for veth networks

	lxc network configuration allows setting target container NIC name
	LXC network devices can now be assigned a custom NIC device name on the
	container side. For example, this is configured with:
	    <interface type='network'>
	      <source network='default'/>
	      <guest dev="eth1"/>
	    </interface>
	In this example the network card will appear as eth1 in the guest.

2014-07-18  Jiri Denemark  <jdenemar@redhat.com>

	spec: Consolidate with_qemu* definitions
	Decisions whether qemu driver and libvirt-daemon-{qemu,kvm} packages
	should be built on various OS/arch combinations were scattered around
	the spec file. Let's make it easier to see where qemu driver is going to
	be built.

2014-07-18  John Ferlan  <jferlan@redhat.com>

	storage: Disallow vol_wipe for sparse logical volumes
	https://bugzilla.redhat.com/show_bug.cgi?id=1091866
	Add a new boolean 'sparse'.  This will be used by the logical backend
	storage driver to determine whether the target volume is sparse or not
	(also known by a snapshot or thin logical volume). Although setting sparse
	to true at creation could be seen as duplicitous to setting during
	virStorageBackendLogicalMakeVol() in case there are ever other code paths
	between Create and FindLVs that need to know about the volume be sparse.
	Use the 'sparse' in a new virStorageBackendLogicalVolWipe() to decide whether
	to attempt to wipe the logical volume or not. For now, I have found no
	means to wipe the volume without writing to it. Writing to the sparse
	volume causes it to be filled. A sparse logical volume is not completely
	writeable as there exists metadata which if overwritten will cause the
	sparse lv to go INACTIVE which means pool-refresh will not find it.
	Access to whatever lvm uses to manage data blocks is not provided by
	any API I could find.

	storage: Convert 'building' into a bool
	Rather than a unsigned int, use a 'bool' since that's how it was used.

2014-07-18  Geoff Hickey  <ghickey@datagravity.com>

	esx: Fix a comment about VSphere versions
	Update the VSphere version comment in esx_vi.c for ESX 5.1 and 5.5.

2014-07-18  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix build by dropping redefined typedefs
	Commit 93e82727 introduced numatune_conf.h file that contains
	typedefs already defined in domain_conf.h, such as:
	 - virDomainNumatune
	 - virDomainNumatunePtr
	 - virDomainDef
	 - virDomainDefPtr
	As numatune_conf.h is included by domain_conf.h, clang
	complains about redefinition of typedef and the build fails.
	In order to fix it, drop typedefs already defined by numatume_conf.h
	from domain_conf.h.

2014-07-18  John Ferlan  <jferlan@redhat.com>

	virsh: Document bandwidth maximum more clearly
	Commit id '0e2d7305' modified the code to allow a negative value to be
	supplied for the bandwidth argument of the various block virsh commands
	and the migrate-setspeed; however, it failed to update the man page to
	describe the "feature" whereby a very large value could be interpreted
	by the hypervisor to mean maximum value allowed. Although initially
	designed to handle a -1 value, the reality is just about any negative
	value could be provided and essentially perform the same feature.

	virsh vol-upload/download disallow negative offset
	https://bugzilla.redhat.com/show_bug.cgi?id=1087104
	Commit id 'c6212539' explicitly allowed a negative value to be used for
	offset and length as a shorthand for the largest value after commit id
	'f18c02ec' modified virStrToLong_ui() to essentially disallow a negative
	value.
	However, allowing a negative value for offset ONLY worked if the negative
	value was -1 since the eventual lseek() does allow a -1 to mean the end
	of the file.  Providing other negative values resulted in errors such as:
	$ virsh vol-download --pool default qcow3-vol2 /home/vm-images/raw \
	  --offset -2 --length -1000
	error: cannot download from volume qcow3-vol2
	error: Unable to seek /home/vm-images/qcow3-vol2 to 18446744073709551614: Invalid argument
	$
	Thus, it seems unreasonable to expect or allow a negative value for offset
	since the only benefit is to lseek() to the end of the file and then only
	take advantage of how the OS would handle such a seek. For the purposes of
	upload or download of volume data, that seems to be a no-op.  Therefore,
	disallow a negative value for offset.
	Additionally, modify the man page for vol-upload and vol-download to provide
	more details regarding the valid values for both offset and length.

2014-07-17  Peter Krempa  <pkrempa@redhat.com>

	test: metadata: Improve test coverage
	Test also the TITLE and DESCRIPTION metadata types.

2014-07-17  Ján Tomko  <jtomko@redhat.com>

	Log an error when we fail to set the COW attribute
	Coverity complains about the return value of ioctl not being checked.
	Even though we carry on when this fails (just like qemu-img does),
	we can log an error.

2014-07-17  Peter Krempa  <pkrempa@redhat.com>

	storage: Split out volume wiping as separate backend function
	For non-local storage drivers we can't expect to use the "scrub" tool to
	wipe the volume. Split the code into a separate backend function so that
	we can add protocol specific code later.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1118710

	storage: wipe: Move helper code into storage backend
	The next patch will move the storage volume wiping code into the
	individual backends. This patch splits out the common code to wipe a
	local volume into a separate backend helper so that the next patch is
	simpler.

2014-07-17  Eric Blake  <eblake@redhat.com>

	schema: put interleave at correct level
	The previous commit 09d4d26 put the interleave at the wrong point;
	it didn't allow interleaving with <memory>.
	* docs/schema/domaincommon.rng (numatune): Fix interleave location.
	* tests/qemuxml2argvdata/qemuxml2argv-numatune-memnode.xml: Adjust test.

2014-07-17  Geoff Hickey  <ghickey@datagravity.com>

	esx: Fix a bug in the XML code for storage pools
	For ESX, the code that builds XML descriptions for attached storage pools was
	not setting the host count to anything when it returned a host name.

2014-07-17  Martin Kletzander  <mkletzan@redhat.com>

	schema: add interleave inside numatune

	qemu: leave restricting cpuset.mems after initialization
	When domain is started with numatune memory mode strict and the
	nodeset does not include host NUMA node with DMA and DMA32 zones, KVM
	initialization fails.  This is because cgroup restrict even kernel
	allocations.  We are already doing numa_set_membind() which does the
	same thing, only it does not restrict kernel allocations.
	This patch leaves the userspace numa_set_membind() in place and moves
	the cpuset.mems setting after the point where monitor comes up, but
	before vcpu and emulator sub-groups are created.

	qemu: split out cpuset.mems setting

	qemu: pass numa node binding preferences to qemu
	Currently, we only bind the whole QEMU domain to memory nodes
	specified in nodemask altogether.  That, however, doesn't make much
	sense when one wants to control from where the memory for particular
	guest nodes should be allocated.  QEMU allows us to do that by
	specifying 'host-nodes' parameter for the 'memory-backend-ram' object,
	so let's use that.

	qemu: enable disjoint numa cpu ranges

	qemu: newer -numa parameter capability probing
	When qemu switched to using OptsVisitor for -numa parameter, it did
	two things in the same patch.  One of them is that the numa parameter
	is now visible in "query-command-line-options", the second one is that
	it enabled using disjoint cpu ranges for -numa specification.  This
	will be used in later patch.

	qemu: memory-backend-ram capability probing
	The numa patch series in qemu adds "memory-backend-ram" object type by
	which we can tell whether we can use such objects.

	qemu: allow qmp probing for cmdline options without params
	That can be lately achieved with by having .param == NULL in the
	virQEMUCapsCommandLineProps struct.

	numatune: add support for per-node memory bindings in private APIs

	conf, schema: add support for memnode elements

	numatune: Encapsulate numatune configuration in order to unify results
	There were numerous places where numatune configuration (and thus
	domain config as well) was changed in different ways.  On some
	places this even resulted in persistent domain definition not to be
	stable (it would change with daemon's restart).
	In order to uniformly change how numatune config is dealt with, all
	the internals are now accessible directly only in numatune_conf.c and
	outside this file accessors must be used.

	numatune: unify numatune struct and enum names
	Since there was already public virDomainNumatune*, I changed the
	private virNumaTune to match the same, so all the uses are unified and
	public API is kept:
	s/vir\(Domain\)\?Numa[tT]une/virDomainNumatune/g
	then shrunk long lines, and mainly functions, that were created after
	that:
	sed -i 's/virDomainNumatuneMemPlacementMode/virDomainNumatunePlacement/g'
	And to cope with the enum name, I haad to change the constants as
	well:
	s/VIR_NUMA_TUNE_MEM_PLACEMENT_MODE/VIR_DOMAIN_NUMATUNE_PLACEMENT/g
	Last thing I did was at least a little shortening of already long
	name:
	s/virDomainNumatuneDef/virDomainNumatune/g

	numatune: create new module for numatune
	There are many places with numatune-related code that should be put
	into special numatune_conf and this patch creates a basis for that.

	conf, schema: add 'id' field for cells
	In XML format, by definition, order of fields should not matter, so
	order of parsing the elements doesn't affect the end result.  When
	specifying guest NUMA cells, we depend only on the order of the 'cell'
	elements.  With this patch all older domain XMLs are parsed as before,
	but with the 'id' attribute they are parsed and formatted according to
	that field.  This will be useful when we have tuning settings for
	particular guest NUMA node.

	conf: purely a code movement
	to ease the review of commits to follow.

	qemu: remove useless error check
	Excerpt from the virCommandAddArgBuffer() description: "Correctly
	transfers memory errors or contents from buf to cmd."

	qemu: purely a code movement
	to ease the review of commits to follow.

2014-07-17  Michele Paolino  <m.paolino@virtualopensystems.com>

	support for QEMU vhost-user
	This patch adds support for the QEMU vhost-user feature to libvirt.
	vhost-user enables the communication between a QEMU virtual machine
	and other userspace process using the Virtio transport protocol.
	It uses a char dev (e.g. Unix socket) for the control plane,
	while the data plane based on shared memory.
	The XML looks like:
	<interface type='vhostuser'>
	    <mac address='52:54:00:3b:83:1a'/>
	    <source type='unix' path='/tmp/vhost.sock' mode='server'/>
	    <model type='virtio'/>
	</interface>

2014-07-16  Eric Blake  <eblake@redhat.com>

	blockjob: wait for pivot to complete
	https://bugzilla.redhat.com/show_bug.cgi?id=1119173 documents that
	commit eaba79d was flawed in the implementation of the
	VIR_DOMAIN_BLOCK_JOB_ABORT_ASYNC flag when it comes to completing
	a blockcopy.  Basically, the qemu pivot action is async (the QMP
	command returns immediately, but the user must wait for the
	BLOCK_JOB_COMPLETE event to know that all I/O related to the job
	has finally been flushed), but the libvirt command was documented
	as synchronous by default.  As active block commit will also be
	using this code, it is worth fixing now.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Don't skip wait
	loop after pivot.

	util: forbid freeing const pointers
	Now that we've finally fixed all the violators, it's time to
	enforce that any pointer to a const object is never freed (it
	is aliasing some other memory, where the non-const original
	should be freed instead).  Alas, the code still needs a normal
	vs. Coverity version, but at least we are still guaranteeing
	that the macro call evaluates its argument exactly once.
	I verified that we still get the following compiler warnings,
	which in turn halts the build thanks to -Werror on gcc (hmm,
	gcc 4.8.3's placement of the ^ for ?: type mismatch is a bit
	off, but that's not our problem):
	    int oops1 = 0;
	    VIR_FREE(oops1);
	    const char *oops2 = NULL;
	    VIR_FREE(oops2);
	    struct blah { int dummy; } oops3;
	    VIR_FREE(oops3);
	util/virauthconfig.c:159:35: error: pointer/integer type mismatch in conditional expression [-Werror]
	     VIR_FREE(oops1);
	                                   ^
	util/virauthconfig.c:161:5: error: passing argument 1 of 'virFree' discards 'const' qualifier from pointer target type [-Werror]
	     VIR_FREE(oops2);
	     ^
	In file included from util/virauthconfig.c:28:0:
	util/viralloc.h:79:6: note: expected 'void *' but argument is of type 'const void *'
	 void virFree(void *ptrptr) ATTRIBUTE_NONNULL(1);
	      ^
	util/virauthconfig.c:163:35: error: type mismatch in conditional expression
	     VIR_FREE(oops3);
	                                   ^
	* src/util/viralloc.h (VIR_FREE): No longer cast away const.
	* src/xenapi/xenapi_utils.c (xenSessionFree): Work around bogus
	header.

2014-07-16  Chunyan Liu  <cyliu@suse.com>

	add nocow test case
	Add file in storagevolxml2xmlin and storagevolxml2xmlout, let
	storagevolxml2xmltest and storagevolschematest cover 'nocow'.
	Add test case to storagevolxml2argvtest to cover 'nocow'.

	storagevol: add nocow to vol xml
	Add 'nocow' to storage volume xml so that user can have an option
	to set NOCOW flag to the newly created volume. It's useful on btrfs
	file system to enhance performance.
	Btrfs has low performance when hosting VM images, even more when the guest
	in those VM are also using btrfs as file system. One way to mitigate this
	bad performance is to turn off COW attributes on VM files. Generally, there
	are two ways to turn off COW on btrfs: a) by mounting fs with nodatacow,
	then all newly created files will be NOCOW. b) per file. Add the NOCOW file
	attribute. It could only be done to empty or new files.
	This patch tries the second way, according to 'nocow' option, it could set
	NOCOW flag per file:
	for raw file images, handle 'nocow' in libvirt code; for non-raw file images,
	pass 'nocow=on' option to qemu-img, and let qemu-img to handle that (requires
	qemu-img version >= 2.1).

2014-07-16  Michal Privoznik  <mprivozn@redhat.com>

	Fix const correctness
	In many places we define a variable as a 'const char *' when in fact
	we modify it just a few lines below. Or even free it. We should not do
	that.
	There's one exception though, in xenSessionFree() xenapi_utils.c. We
	are freeing the xen_session structure which is defined in
	xen/api/xen_common.h public header. The structure contains session_id
	which is type of 'const char *' when in fact it should have been just
	'char *'. So I'm leaving this unmodified, just noticing the fact in
	comment.

2014-07-16  Peter Krempa  <pkrempa@redhat.com>

	storage: fs: Don't fail volume update if backing store isn't accessible
	When the backing store of a volume wasn't accessible while updating the
	volume definition the call would fail altogether. In cases where we
	currently (incorrectly) treat remote backing stores as local one this
	might lead to strange errors.
	Ignore the opening errors until we figure out how to track proper volume
	metadata.

	storage: fs: Properly parse backing store info
	Use the backing store parser to properly create the information about a
	volume's backing store. Unfortunately as the storage driver isn't
	prepared to allow volumes backed by networked filesystems add a
	workaround that will avoid changing the XML output.

	storage: fs: Process backing store data in virStorageBackendProbeTarget
	Move the processing of the backend metadata directly to the helper
	instead of passing it through arguments to the function.

	storage: backend: fs: Touch up coding style
	virStorageBackendFileSystemRefresh() used "cleanup" label just for error
	exits and didn't meet libvirt's standard for braces in one case.

	storage: Track backing store of a volume in the target struct
	As we have a nested pointer for storing the backing store of a volume
	there's no need to store it in a separate struct.

	storage: backend: Fix formatting of function arguments

2014-07-16  Ján Tomko  <jtomko@redhat.com>

	Fix assignment of comparison against zero
	Assign the value we're comparing:
	(val = func()) < 0
	instead of assigning the comparison value:
	(val = func() < 0)
	Both were introduced along with the code,
	the TLS tests by commit bd789df in 0.9.4
	net events by commit de87691 in 1.2.2.
	Note that the event id type fix is a no-op:
	vshNetworkEventIdTypeFromString can only return
	-1 (failure) and the event is never used or
	0 (the only possible event) and the value of 0 < 0 is still 0.

	Fix error on fs pool build failure
	https://bugzilla.redhat.com/show_bug.cgi?id=1119592
	Introduced by commit 62927dd v0.7.6.

2014-07-16  Eric Blake  <eblake@redhat.com>

	spec: fix invalid syntax
	Commit 20e01504 broke 'make rpm':
	error: line 540: Unknown tag:     %elif 020 >= 12 || 0 >= 6
	Apparently, even though shell has elif so that you can do a chain
	of conditionals, the rpm spec file does not, and you have to nest
	things instead.
	* libvirt.spec.in: Convert %elif to proper nested %if.

2014-07-16  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Rework lxc apparmor profile
	Rework the apparmor lxc profile abstraction to mimic ubuntu's container-default.
	This profile allows quite a lot, but strives to restrict access to
	dangerous resources.
	Removing the explicit authorizations to bash, systemd and cron files,
	forces them to keep the lxc profile for all applications inside the
	container. PUx permissions where leading to running systemd (and others
	tasks) unconfined.
	Put the generic files, network and capabilities restrictions directly
	in the TEMPLATE.lxc: this way, users can restrict them on a per
	container basis.

2014-07-16  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Implement interface stats for BSD

	util: virstatslinux: make more generic
	Rename linuxDomainInterfaceStats to virNetInterfaceStats in order
	to allow adding platform specific implementations without
	making consumer worrying about specific implementation to be used.
	Also, rename util/virstatslinux.c to util/virstats.c so placing
	other platform specific implementations into this file don't
	look unexpected from the file name.

2014-07-16  Chunyan Liu  <cyliu@suse.com>

	libxl: fix return value error Attach|DetachDeviceFlags
	Code logic in libxlDomainAttachDeviceFlags and libxlDomainDetachDeviceFlags
	is wrong with return value in error cases.
	'ret' was being set to 0 if 'flags & VIR_DOMAIN_DEVICE_MODIFY_CONFIG' was
	false. Then if something like virDomainDeviceDefParse() failed in the
	VIR_DOMAIN_DEVICE_MODIFY_LIVE logic, the error would be reported but the
	function would return success.

	libxl: support hotplug of <interface>
	Add code to support attach/detaching a network device.

2014-07-15  Chunyan Liu  <cyliu@suse.com>

	libxl: add HOSTDEV type in libxlDomainDetachDeviceConfig
	Missing HOSTDEV type in libxlDomainDetachDeviceConfig. Add it.

2014-07-15  Jiri Denemark  <jdenemar@redhat.com>

	spec: Update polkit dependencies for CVE-2013-4311
	Use secured polkit on distros which provide it. However, RHEL-6 will
	still allow for older polkit-0.93 rather than forcing polkit-0.96-5
	which is not available in all RHEL-6 releases.

2014-07-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockcopy: Initialize correct source structure
	4cc1f1a01fb338de939ba88eb933931687b22336 introduced a crash when doing a
	block copy as virStorageSourceInitChainElement was called on
	"disk->mirror" that is still NULL at that point instead of "mirror"
	which temporarily holds the mirror source struct until it's fully
	initialized. This resulted into a crash as a NULL was dereferenced.
	Reported by: Shanzi Yu <shyu@redhat.com>

2014-07-15  John Ferlan  <jferlan@redhat.com>

	GetBlockInfo: Use the correct path to qemuOpenFile
	Commit id '3ea661de' refactored the code to use the 'disk->src->path'
	instead of getting the path from virDomainDiskGetSource().  The one
	call to qemuOpenFile() didn't use the disk source path, rather it used
	the path as passed from the caller (in this case 'vda') - this caused
	a failure with the virt-test/tp-libvirt as follows:
	$ virsh domblkinfo virt-tests-vm1 vda
	error: cannot stat file '/home/virt-test/shared/data/images/jeos-20-64.qcow2': Bad file descriptor
	$

2014-07-14  Eric Blake  <eblake@redhat.com>

	capabilities: use bool instead of int
	While preparing to add a capability for active commit, I noticed
	that the existing code was abusing int for boolean values.
	* src/conf/capabilities.h (_virCapsGuestFeature, _virCapsHost)
	(virCapabilitiesNew, virCapabilitiesAddGuestFeature): Improve
	types.
	* src/conf/capabilities.c (virCapabilitiesNew)
	(virCapabilitiesAddGuestFeature): Adjust signature.
	* src/bhyve/bhyve_capabilities.c (virBhyveCapsBuild): Update
	clients.
	* src/esx/esx_driver.c (esxCapsInit): Likewise.
	* src/libxl/libxl_conf.c (libxlMakeCapabilities): Likewise.
	* src/lxc/lxc_conf.c (virLXCDriverCapsInit): Likewise.
	* src/openvz/openvz_conf.c (openvzCapsInit): Likewise.
	* src/parallels/parallels_driver.c (parallelsBuildCapabilities):
	Likewise.
	* src/phyp/phyp_driver.c (phypCapsInit): Likewise.
	* src/qemu/qemu_capabilities.c (virQEMUCapsInit)
	(virQEMUCapsInitGuestFromBinary): Likewise.
	* src/security/virt-aa-helper.c (get_definition): Likewise.
	* src/test/test_driver.c (testBuildCapabilities): Likewise.
	* src/uml/uml_conf.c (umlCapsInit): Likewise.
	* src/vbox/vbox_tmpl.c (vboxCapsInit): Likewise.
	* src/vmware/vmware_conf.c (vmwareCapsInit): Likewise.
	* src/xen/xen_hypervisor.c (xenHypervisorBuildCapabilities):
	Likewise.
	* src/xenapi/xenapi_driver.c (getCapsObject): Likewise.
	* tests/qemucaps2xmltest.c (testGetCaps): Likewise.
	* tests/testutils.c (virTestGenericCapsInit): Likewise.
	* tests/testutilslxc.c (testLXCCapsInit): Likewise.
	* tests/testutilsqemu.c (testQemuCapsInit): Likewise.
	* tests/testutilsxen.c (testXenCapsInit): Likewise.
	* tests/vircaps2xmltest.c (buildVirCapabilities): Likewise.
	* tests/vircapstest.c (buildNUMATopology): Likewise.
	* tests/vmx2xmltest.c (testCapsInit): Likewise.
	* tests/xml2vmxtest.c (testCapsInit): Likewise.

	docs: mention more about older capability feature bits
	Our documentation for features was rather sparse; this fleshes out
	more of the details for other existing capabilities (and cost me
	some time trawling git history).
	* docs/formatcaps.html.in: Document it feature bits.

2014-07-14  Chunhe Li  <lichunhe@huawei.com>

	openvswitch: Delete port if it exists while adding a new one
	If the openvswitch service is stopped, and is followed by destroying a
	VM, the openvswitch bridge translates into a state where it doesn't
	recover the port configuration. While it successfully fetches data
	from the internal DB, since the corresponding virtual interface does
	not exists anymore the whole recovery process fails leaving restarted
	VM with inability to connect to the bridge. The following set of
	commands will trigger the problem:
	virsh start vm
	service openvswitch-switch stop
	virsh destroy vm
	service openvswitch-switch start
	virsh start vm

2014-07-14  John Ferlan  <jferlan@redhat.com>

	virseclabel: Resolve Coverity FORWARD_NULL issue
	Resolve issue introduced by commit id '13adf1b'

2014-07-14  Michal Privoznik  <mprivozn@redhat.com>

	virSecurityLabelDefParseXML: Rework
	Instead of allocating the virSecurityLabelDef structure ourselves, we
	can utilize virSecurityLabelDefNew which even sets the default values
	for us.

	conf: Always format seclabel's model
	https://bugzilla.redhat.com/show_bug.cgi?id=1113860
	We've always done that. Well, until 990e46c45. Point is, if we don't
	format model, we may lose a domain on libvirtd restart. If the
	seclabel is implicit however, we should skip it's formatting.

2014-07-14  Peter Krempa  <pkrempa@redhat.com>

	doc: Be more specific about semantics of _REUSE_EXT flag
	Snapshots and block-copy have a flag that forces qemu to re-use existing
	file. Our docs weren't exactly clear on what the existing file should
	contain for this to actually work.
	Re-word the docs a bit to state that the file needs to be pre-created in
	the desired format and the backing chain metadata needs to be set prior
	to handing it over to qemu.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1084360

	doc: Document that snapshot name of block-backed disk isn't autogenerated
	Libvirt generates external snapshot target file names for file backed
	storage but not for block backed storage. Document the limitation.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1032363

2014-07-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	conf: Fix possible NULL dereference in virStorageVolTargetDefFormat
	Commit dae1568c6c6455091e8cd9bc2e90a22af3d3880c converted the perms
	member of the virStorageVolTarget struct into a pointer to make it
	optional. But virStorageVolTargetDefFormat did not check perms for
	NULL before dereferencing it.

2014-07-12  Cédric Bosdonnat  <cbosdonnat@suse.com>

	aa-helper: adjust previous patch
	Don't fail when there is nothing to do, as a tweak to the previous
	patch regarding output of libvirt-UUID.files for LXC apparmor profiles

	Don't output libvirt-UUID.files for LXC apparmor profiles

2014-07-11  Ian Campbell  <Ian.Campbell@citrix.com>

	libxl: Correct cast to virDomainDiskDiscard enum.
	This was converted to a typedef in 5a2bd4c9171d "conf: more enum
	cleanups in "src/conf/domain_conf.h"" causing:
	    libxl/libxl_conf.c: In function 'libxlDiskSetDiscard':
	    libxl/libxl_conf.c:724:19: error: conversion to incomplete type

2014-07-11  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: add support for --config in setmem command
	In lxc, we could not use setmem command
	with --config options.
	This patch will add support for this.

2014-07-11  Michal Privoznik  <mprivozn@redhat.com>

	conf: Don't allow multiple seclabels for same model
	https://bugzilla.redhat.com/show_bug.cgi?id=1066894
	With current code it's possible to have for instance:
	virsh dumpxml mydomain | grep seclabel
	  <seclabel type='dynamic' model='selinux' relabel='yes'/>
	  <seclabel type='dynamic' model='selinux' relabel='yes'/>
	  <seclabel type='dynamic' model='selinux' relabel='yes'/>
	  <seclabel type='dynamic' model='selinux' relabel='yes'/>
	  <seclabel type='dynamic' model='selinux' relabel='yes'/>
	what doesn't make any sense. We should reject the XML in the config
	parsing phase.

	virSecurityDeviceLabelDef: substitute 'norelabel' with 'relabel'
	Similarly to the previous commit, boolean variables should not start
	with 'no-' prefix.

	virSecurityLabelDef: substitute 'norelabel' with 'relabel'
	This negation in names of boolean variables is driving me insane. The
	code is much more readable if we drop the 'no-' prefix. Well, at least
	for me.

2014-07-11  Peter Krempa  <pkrempa@redhat.com>

	storage: Split out volume upload/download as separate backend function
	For non-local storage drivers we can't expect to use the FDStream
	backend for up/downloading volumes. Split the code into a separate
	backend function so that we can add protocol specific code later.

2014-07-10  Ján Tomko  <jtomko@redhat.com>

	check for cfg->spiceTLS earlier in qemuProcessSPICEAllocatePorts
	This saves a few lines of code and catches the error when:
	<spice autoport ='yes' defaultMode='any' ..>
	  <channel name='main' mode='secure'/>
	</spice>
	is specified with spice_tls = 0 in qemu.conf.
	Instead of this error in qemuBuildGraphicsSPICECommandLine:
	error: unsupported configuration: spice secure channels set in XML
	configuration, but TLS port is not provided
	an error is reported in qemuProcessSPICEAllocatePorts:
	error: unsupported configuration: Auto allocation of spice TLS port
	requested but spice TLS is disabled in qemu.conf
	Inspired by:
	https://www.redhat.com/archives/libvir-list/2014-June/msg01408.html

2014-07-10  Eric Blake  <eblake@redhat.com>

	build: package .pc files for mingw64
	Commit 65d8c92a fixed the mingw spec file for 32-bit builds,
	but forgot to make the adjustment for 64-bit builds:
	Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/eblake/rpmbuild/BUILDROOT/mingw-libvirt-1.2.7-1.fc20.eblake1404944503.x86_64
	error: Installed (but unpackaged) file(s) found:
	   /usr/x86_64-w64-mingw32/sys-root/mingw/lib/pkgconfig/libvirt-lxc.pc
	   /usr/x86_64-w64-mingw32/sys-root/mingw/lib/pkgconfig/libvirt-qemu.pc
	* mingw-libvirt.spec.in (%files): List missing .pc files.

	build: fix gnulib build for mingw
	Pavel flagged a build regression under mingw, and traced it to a
	recent flaw in gnulib for working around nl_langinfo. This picks
	up the fix.
	* gnulib: Update to latest, for mingw build fixes.

2014-07-10  Olaf Hering  <olaf@aepfle.de>

	libxl: add discard support to libxl_device_disk
	Translate libvirt discard settings into libxl-4.5 discard settings.

2014-07-09  Martin Kletzander  <mkletzan@redhat.com>

	qemu: don't error out when cgroups don't exist
	When creating cgroups for vcpu and emulator threads whilst starting a
	domain, we explicitly skip creating those cgroups in case priv->cgroup
	is NULL (cgroups not supported) because SetAffinity() serves the same
	purpose.  If the host supports only some cgroups (the ones we need are
	either unmounted or disabled in qemu.conf), we error out with weird
	message even though we could continue starting the domain.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1097028

	virsh: document the possibility of accepting integers for numatune mode
	According to the code, 'virsh numatune' supports integers for
	specifying --mode as well as the string definitions "strict",
	"interleave", and "preferred".  However, this possibility was not
	documented anywhere, so this patch adds it to both the man page and
	command help.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1085706

2014-07-09  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Fix build after 25924dec0f9329d429aadae14e273602307e2214
	The commit referenced above changed function arguments of
	virStorageFileGetMetadataFromBuf() but didn't tweak the
	ATTRIBUTE_NONNULL tied to them. This was caught by coverity as it
	actually obeys them. We disabled them for GCC and thus it didn't show
	up.
	Additionally in commit 3ea661deeabadc3c114dfb6f662b9fd17d714a01 I passed
	NULL to the backingFormat argument which was also marked as nonnull. Use
	a dummy int's address when the argument isn't supplied so that the code
	doesn't need to change much.

	conf: Improve metadata type verification
	Split out checking of invalid metadata type from the switch statement so
	that we can use the typecasted enum value to allow tracking addition of
	new items by the compliler.
	Also avoids two dead-code break statements.

2014-07-09  Jincheng Miao  <jmiao@redhat.com>

	qemu: fix domxml-to-native failing when spice_tls is not enabled
	The default graphics channel mode is 'any', so as to defaultMode attribute.
	If defaultMode and channel mode are all the default value 'any',
	qemuConnectDomainXMLToNative will set TLSPort.
	But in qemuBuildGraphicsSPICECommandLine, if spice_tls is not enabled, libvirtd
	will report an error to tell the user that spice TLS is disabled in qemu.conf.
	So qemuConnectDomainXMLToNative should check spice_tls is enabled,
	then decide to allocate an tlsPort number to this graphics.
	If user specified defaultMode is 'secure', qemuConnectDomainXMLToNative
	could allocate tlsPort, and then let qemuBuildGraphicsSPICECommandLine reports
	the spice_tls disabled error.
	The related bug is:
	https://bugzilla.redhat.com/show_bug.cgi?id=1113868

2014-07-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Refactor image labelling of new snapshot files
	Now that cgroups/security driver/locking driver support labelling of
	individual images and tolerate network storage we don't have to refrain
	from passing all image files to it. This allows removing the checking
	code as we already make sure that the snapshot function won't be called
	with unsupported options.

	qemu: Refactor qemuDomainPrepareDiskChainElement
	Now that security, cgroup and locking APIs support working on individual
	images and we track the backing chain security info on a per-image basis
	we can finally kill swapping the disk source in virDomainDiskDef and use
	the virStorageSource directly.

	qemu: snapshot: Improve approach to deal with snapshot metadata
	Until now we were changing information about the disk source via
	multiple steps of copying data. Now that we changed to a pointer to
	store the disk source we might use it to change the approach to track
	the data.
	Additionally this will allow proper tracking of the backing chain.

	qemu: block: Properly track disk source while pivoting to new image
	When pivoting to a new disk source after a block commit (and possibly
	after a soon-to-be-added active block commit) we changed just a few
	fields to the new target. In case we'd copy a network disk to a local
	file we'd not change the type properly.
	To avoid such problems, switch to tracking of the source via changing of
	the complete source struct to the one tracking the mirroring info.

	qemu: blockcopy: Use the mirror disk source to label the files
	Use the source struct and the corresponding function so that we can
	avoid using the path separately. Now that
	qemuDomainPrepareDiskChainElementPath isn't use anywhere, we can safely
	remove it.
	Additionally, the removal fixes a misaligned comment as the removed
	function was added under a comment for a different function.

	util: storage: Return complete parent info from virStorageFileChainLookup
	Instead of just returning the parent path, return the complete parent
	source structure.

	util: storage: Make virStorageFileChainLookup more network storage aware
	Add a few checks and avoid resolving relative links on networked
	storage.

	security: AppArmor: Implement per-image seclabel set
	Refactor the code and reuse it to implement the functionality.

	security: AppArmor: Implement per-image seclabel restore
	Refactor the existing code to allow re-using it for the per-image label
	restore too.

	security: DAC: Implement per-image seclabel set
	Refactor the code and reuse it to implement the functionality.

	security: DAC: Implement per-image seclabel restore
	Refactor the existing code to allow re-using it for the per-image label
	restore too.

	security: selinux: Implement per-image seclabel set
	Refactor the code and reuse it to implement the functionality.

	security: selinux: Implement per-image seclabel restore
	Refactor the existing code to allow re-using it for the per-image label
	restore too.

	security: Introduce APIs to label single images
	Add security driver functions to label separate storage images using the
	virStorageSource definition. This will help to avoid the need to do ugly
	changes to the disk struct and use the source directly.

	locking: Add APIs to lock individual image files
	Add helper APIs to manage individual image files rather than disks. To
	simplify the addition some parts of the code were refactored in this
	patch.

	qemu: cgroup: Setup only the top level disk image for read-write access
	Only the top level gets writes, so the rest of the backing chain
	requires only read-only access.

	qemu: cgroup: Add functions to set cgroup image stuff on individual imgs
	Add functions that will allow to set all the required cgroup stuff on
	individual images taking a virStorageSourcePtr. Also convert functions
	designed to setup whole backing chain to take advantage of the change.

2014-07-09  Michal Privoznik  <mprivozn@redhat.com>

	virEventPollDispatchHandles: Honour array boundaries
	When dispatching events from the event loop, the array of registered
	handles is searched to see what handles happened an event on. However,
	the array is searched in weird way: the check for the array boundaries
	is at the end, so we may touch the elements after the end of the
	array:
	==10434== Invalid read of size 4
	==10434==    at 0x52D06B6: virEventPollDispatchHandles (vireventpoll.c:486)
	==10434==    by 0x52D10E4: virEventPollRunOnce (vireventpoll.c:660)
	==10434==    by 0x52CF207: virEventRunDefaultImpl (virevent.c:308)
	==10434==    by 0x1639D1: virNetServerRun (virnetserver.c:1139)
	==10434==    by 0x1220DC: main (libvirtd.c:1507)
	==10434==  Address 0xc11ff04 is 4 bytes after a block of size 960 alloc'd
	==10434==    at 0x4C2CA5E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==10434==    by 0x52AD378: virReallocN (viralloc.c:245)
	==10434==    by 0x52AD46E: virExpandN (viralloc.c:294)
	==10434==    by 0x52AD5B1: virResizeN (viralloc.c:352)
	==10434==    by 0x52CF2EC: virEventPollAddHandle (vireventpoll.c:116)
	==10434==    by 0x52CEF5B: virEventAddHandle (virevent.c:78)
	==10434==    by 0x11F69A90: nodeStateInitialize (node_device_udev.c:1797)
	==10434==    by 0x53C3C89: virStateInitialize (libvirt.c:743)
	==10434==    by 0x120563: daemonRunStateInit (libvirtd.c:919)
	==10434==    by 0x5317719: virThreadHelper (virthread.c:197)
	==10434==    by 0x8376F39: start_thread (in /lib64/libpthread-2.17.so)
	==10434==    by 0x8A7F9FC: clone (in /lib64/libc-2.17.so)

2014-07-09  Peter Krempa  <pkrempa@redhat.com>

	util: XML: Avoid forward function declaration
	Recursive functions apparently don't need them, but I originally thought
	they do.

	util: cgroup: Fix build on non-cgroup platforms
	Commit a48f44510098cead629ede9a49ea4e840a28ccca introduced a helper
	function to convert cgroup device mode to string. The function was only
	conditionally compiled on platforms that support cgroup. This broke the
	build when attempting to export the symbol:
	  CCLD     libvirt.la
	  Cannot export virCgroupGetDevicePermsString: symbol not defined
	Move the function out of the ifdef, as it doesn't really depend on the
	cgroup code being present.

2014-07-09  Ján Tomko  <jtomko@redhat.com>

	Allow updating names in DHCP hosts by matching IPs.
	Also fix the error message if an IPv6 host with no MAC
	is not found.
	https://bugzilla.redhat.com/show_bug.cgi?id=991290

	Document the need to free vir*Ptr objects per-function
	Another patch for
	https://bugzilla.redhat.com/show_bug.cgi?id=994731

	Document the need to free vir*Ptr objects
	https://bugzilla.redhat.com/show_bug.cgi?id=994731

	Actually fix the spec file
	There was a '%' missing before the last {rhel}.
	Tested on RHEL-7 this time.

2014-07-09  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix crash in migrate confirm for transient domains
	In libxlDomainMigrationConfirm(), a transient domain is removed
	from the domain list after successful migration.  Later in cleanup,
	the domain object is unlocked, resulting in a crash
	Program received signal SIGSEGV, Segmentation fault.
	[Switching to Thread 0x7fb4208ed700 (LWP 12044)]
	0x00007fb4267251e6 in virClassIsDerivedFrom (klass=0xdeadbeef,
	  parent=0x7fb42830d0c0) at util/virobject.c:169
	169	        if (klass->magic == parent->magic)
	(gdb) bt
	0  0x00007fb4267251e6 in virClassIsDerivedFrom (klass=0xdeadbeef,
	  parent=0x7fb42830d0c0) at util/virobject.c:169
	1  0x00007fb42672591b in virObjectIsClass (anyobj=0x7fb4100082b0,
	  klass=0x7fb42830d0c0) at util/virobject.c:365
	2  0x00007fb42672583c in virObjectUnlock (anyobj=0x7fb4100082b0)
	  at util/virobject.c:338
	3  0x00007fb41a8c7d7a in libxlDomainMigrationConfirm (driver=0x7fb4100404c0,
	  vm=0x7fb4100082b0, flags=1, cancelled=0) at libxl/libxl_migration.c:583
	Fix by setting the virDomainObjPtr to NULL after removing it from
	the domain list.

	libxl: acquire job though begin phase only
	During migration, the libxl driver starts a modify job in the
	begin phase, ending the job in the confirm phase.  This is
	essentially VIR_MIGRATE_CHANGE_PROTECTION semantics, but the
	driver does not support that flag.  Without CHANGE_PROTECTION
	support, the job would never be terminated in error conditions
	where migrate confirm phase is not executed.  Further attempts
	to modify the domain would result in failure to acquire a job
	after LIBXL_JOB_WAIT_TIME.
	Similar to the qemu driver, end the job in the begin phase.
	Protecting the domain object across all phases of migration can
	be done in a future patch adding CHANGE_PROTECTION support.

	libxl: remove domain when migration prepare fails
	In libxlDomainMigrationPrepare(), a new virDomainObj is created
	from the incoming domain def and added to the driver's domain
	list, but never removed if there are subsequent failures during
	the prepare phase.
	targethost# virsh list --all
	sourcehost# virsh migrate --live dom xen+ssh://targethost/system
	   error: operation failed: Fail to create socket for incoming migration.
	targethost# virsh list --all
	error: Failed to list domains
	error: name in virGetDomain must not be NULL
	After adding code to remove the domain on prepare failure, noticed
	that libvirtd crashed due to double free of the virDomainDef.  Similar
	to the qemu driver, pass a pointer to virDomainDefPtr so it can be set
	to NULL once a virDomainObj is created from it.

	libxl: rename goto label
	In libxlDomainMigrationPrepare(), the cleanup label handles error
	conditions and should be renamed as such for clarity.

2014-07-09  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: fix an improper comments for lxcDomainDestroyFlags
	Currently @flag is not used yet.

2014-07-09  Giuseppe Scrivano  <gscrivan@redhat.com>

	qemu: raise an eror when using aio=native without cache=none
	Qemu will fallback to aio=threads when the cache mode doesn't use
	O_DIRECT, even if aio=native was explictly set.
	Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1086704

2014-07-09  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	When run under an environment that inherits an ignored SIGPIPE
	(hello, annoying buildbots), a syntax-check was producing quite
	a bit of noise, such as:
	> prohibit_argmatch_without_use
	> grep: write error
	> grep: write error
	> /bin/sed: couldn't write 25 items to stdout: Broken pipe
	> sed: couldn't write 1 item to stdout: Broken pipe
	> 0.46 prohibit_argmatch_without_use
	This has been fixed upstream in gnulib.  There are several other
	portability improvements in our regular submodule update.
	* .gnulib: Update to latest, in part for quieter syntax-check.

2014-07-08  Martin Kletzander  <mkletzan@redhat.com>

	properly indent virSecurityLabelDefsParseXML() parameters

2014-07-08  Ján Tomko  <jtomko@redhat.com>

	Fix the indentation in libvirt.spec.in
	Over 66% of my last commit 66e7061 was not indented properly.

	Don't require iptables-ipv6 on >= F17 and RHEL >= 7
	We only need ip6tables, which is now a part of the iptables package:
	http://pkgs.fedoraproject.org/cgit/iptables.git/commit/?h=1392835
	This needlessly pulls in iptables-services:
	https://bugzilla.redhat.com/show_bug.cgi?id=1101510
	which can conflict with firewalld:
	https://bugzilla.redhat.com/show_bug.cgi?id=1101484

2014-07-08  Peter Krempa  <pkrempa@redhat.com>

	util: cgroup: Add helper to convert device mode to string
	Cgroups code uses VIR_CGROUP_DEVICE_* flags to specify the mode but in
	the end it needs to be converted to a string. Add a helper to do it and
	use it in the cgroup code before introducing it into the rest of the
	code.

	util: storage: Copy parent's disk metadata to backing chain elements
	When discovering a disk backing chain the parent disk's metadata need to
	be populated into the guest images so that each piece of the backing
	chain contains a copy of those. This will allow us to refactor the
	security driver so that it will not need to carry around the original
	disk definition.

	util: storage: Add function to transfer config parts to new chain element
	We are going to modify storage source chains in place. Add a helper that
	will copy relevant information such as security labels to the new
	element if that doesn't contain it.

	util: storagefile: Add deep copy for struct virStorageSource
	Now that we have pointers to store disk source information and thus can
	easily exchange the structs behind we need a function to copy all the
	data.

	storage: Move readonly and shared flags to disk source from disk def
	In the future we might need to track state of individual images. Move
	the readonly and shared flags to the virStorageSource struct so that we
	can keep them in a per-image basis.

	conf: Don't output seclabels for backingStore elements
	Some of the further changes will propagate seclabels from a disk source
	element into the backing store elements. This would change the XML
	output of the backing store as the seclabels would be formatted for each
	backing store element. Skip the seclabels formatting until we decide
	that it's necessary.

	storage: file: Tolerate NULL src when uninitializing the backend
	Allow de-init of null storage sources.

	qemu: Add helper to initialize storage file backend with correct uid/gid
	Add a wrapper that determines the correct uid and gid for a certain
	storage file and domain.

	qemu: Don't propagate whole disk definition into qemuDomainGetImageIds
	It will help re-using the function.

	qemu: Add support for networked disks for block pull/block rebase
	Now that we are able to select images from the backing chain via indexed
	access we should also convert possible network sources to
	qemu-compatible strings before passing them to qemu.

	qemu: Add support for networked disks for block commit
	Now that we are able to select images from the backing chain via indexed
	access we should also convert possible network sources to
	qemu-compatible strings before passing them to qemu.

	lib: Introduce flag VIR_DOMAIN_BLOCK_REBASE_RELATIVE
	Introduce flag for the block rebase API to allow the rebase operation to
	leave the chain relatively addressed. Also adds a virsh switch to enable
	this behavior.

	lib: Introduce flag VIR_DOMAIN_BLOCK_COMMIT_RELATIVE
	Introduce flag for the block commit API to allow the commit operation to
	leave the chain relatively addressed. Also adds a virsh switch to enable
	this behavior.

	qemu: refactor qemuDomainGetBlockInfo to work with remote storage
	The qemu block info function relied on working with local storage. Break
	this assumption by adding support for remote volumes. Unfortunately we
	still need to take a hybrid approach as some of the operations require a
	filedescriptor.
	Previously you'd get:
	 $ virsh domblkinfo gl vda
	 error: cannot stat file '/img10': Bad file descriptor
	Now you get some stats:
	 $ virsh domblkinfo gl vda
	 Capacity:       10485760
	 Allocation:     197120
	 Physical:       197120
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1110198

	storage: gluster: Optimize header reader functions
	The gluster code had two functions for reading volume headers, remove
	one and reuse the second one.

	util: storage: Allow specifying format for virStorageFileGetMetadataFromBuf
	To allow reusing this function in the qemu driver we need to allow
	specifying the storage format. Also separate return of the backing store
	path now isn't necessary.

	util: storage: Inline use of virStorageFileGetMetadataFromFDInternal
	There was just one callsite left. Integrate the body to the only calling
	function.

2014-07-08  Pavel Hrdina  <phrdina@redhat.com>

	tools/wireshark: fix rpm build
	There is a missing include of $(top_srcdir)/include to handle
	"libvirt/libvirt.h" header file.

2014-07-07  Hu Jianwei  <jiahu@redhat.com>

	Do not allow changing the UUID of a nwfilter
	https://bugzilla.redhat.com/show_bug.cgi?id=1077009

2014-07-07  Ján Tomko  <jtomko@redhat.com>

	LXC: Allow setting max mem lower than current mem
	For inactive domains, set both current and maximum memory
	to the specified 'maximum memory' value.
	This matches the behavior of QEMU driver's SetMaxMemory.
	https://bugzilla.redhat.com/show_bug.cgi?id=1091132

2014-07-07  Peter Krempa  <pkrempa@redhat.com>

	virsh: domain: Use inactive XML when unplugging interface with --config
	Similary to cmdDetachDisk fetch the inactive definition when --config
	is specified as the active may not contain the network interface
	if it was plugged with --config.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1056902

	audit: Audit smartcard devices

	audit: Add auditing for serial/parallel/channel/console character devs
	Add startup auditing and also hotplug auditing for said devices.

2014-07-07  Cédric Bosdonnat  <cbosdonnat@suse.com>

	virt-lxc-convert: make free return values in bytes
	Tiny fix for virt-lxc-convert: we are setting memory values in bytes, while
	free may give us values in a different unit by default: force free to output
	bytes with -b flag.

2014-07-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: dump: Report better error when dumping VM with passthrough devices
	For the regular dump operation we migrate the VM to a file. This won't
	work when the VM has passthrough devices assigned. Rather than reporting
	a cryptic error from qemu run our check whether it can be migrated.
	This does not influence the memory-only dump that is allowed with
	passthrough devices.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=874418

2014-07-07  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: remove duplicate controller check code
	We invoked virCgroupHasController twice for checking
	VIR_CGROUP_CONTROLLER_DEVICES
	in lxcDomainAttachDeviceDiskLive.

2014-07-07  Ján Tomko  <jtomko@redhat.com>

	Free the return value of virFileFindResource
	Commits e18a80a and 57e5c3c switched from a getenv wrapper which
	does not allocate a string to virFileFindResource which does not,
	without freeing it.
	https://bugzilla.redhat.com/show_bug.cgi?id=1116427

2014-07-05  Michele Paolino  <m.paolino@virtualopensystems.com>

	docs: formatdomain.html fixes
	Fixed some XML tags in the formatdomain page.

	docs: Fix broken link in the HACKING page
	The link to the page "how to get your code into an open source
	project" has been fixed.

2014-07-04  Michal Privoznik  <mprivozn@redhat.com>

	wireshark: Honor API change coming with 1.12 release
	https://bugs.gentoo.org/show_bug.cgi?id=508336
	At wireshark, they have this promise to change public dissector APIs
	only with minor version number change. Which they did when releasing
	the version of 1.12.
	Firstly, they've changed tvb_memdup() in
	a0c53ffaa1bb46d8c9db2ec739401aa411c9790e so now it takes four arguments
	instead of three. The new argument is placed at the very beginning of
	the list of arguments and basically says the scope where we'd like to
	allocate the memory. According to the documentation NULL should be the
	default value.
	Then, the tcp_dissect_pdus() signature changed too. Well, the function
	that actually dissects reassembled packets as tcp_dissect_pdus()
	reorder TCP packets into one big chunk and then calls a user function
	to dissect the PDU at once. The change is dated back to
	8081cf1d90397cbbb4404f9720595e1537ed5e14.
	Then, WS_DLL_PUBLIC_NOEXTERN was replaced with WS_DLL_PUBLIC_DEF in
	5d87a8c46171f572568db5a47c093423482e342f.

	wireshark: Include more of libvirt internals
	The rationale is to not duplicate code which is done in
	packet-libvirt.h for instance. Moreover, this way we can drop
	__attribute_((unused)) used int packet-libvirt.c in favor of
	ATTRIBUTE_UNUSED.

2014-07-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Add support for backing name specification for block-stream
	To allow changing the name that is recorded in the top of the current
	image chain used in a block pull/rebase operation, we need to specify
	the backing name to qemu. This is done via the "backing-file" attribute
	to the block-stream commad.

	qemu: monitor: Add argument for specifying backing name for block commit
	To allow changing the name that is recorded in the overlay of the TOP
	image used in a block commit operation, we need to specify the backing
	name to qemu. This is done via the "backing-file" attribute to the
	block-commit command.

	qemu: caps: Add capability for change-backing-file command
	This command allows to change the backing file name recorded in the
	metadata of a qcow (or other) image. The capability also notifies that
	the "block-stream" and "block-commit" commands understand the
	"backing-file" attribute.

	audit: disk: Refactor disk auditing to avoid auditing remote storage
	Pass the virStorageSource struct to the auditing function and check if
	storage is local before auditing.

	conf: audit: Split out common steps to audit domain devices
	Extract common operations done when creating an audit message to a
	separate generic function that can be reused and convert RNG, disk, FS
	and net audit to use it.

	conf: audit: rng: Reorder new and old RNG device definitions
	The audit functions usually take the old definition before the new one
	in the argument list. Unify RNG device to use the same order.

	util: storage: Add helper to determine whether storage is local
	There's a lot of places where we skip doing actions based on the
	locality of given storage type. The usual pattern is to skip it if:
	virStorageSourceGetActualType(src) == VIR_STORAGE_TYPE_NETWORK
	Add a simple helper to simplify the pattern to
	virStorageSourceIsLocalStorage(src)

2014-07-04  John Ferlan  <jferlan@redhat.com>

	Utilize virDomainDiskAuth for storage pools
	Replace the authType, chap, and cephx unions in virStoragePoolSource
	with a single pointer to a virStorageAuthDefPtr.  Adjust all users of
	the previous chap/cephx and secret unions with the source->auth data.

	formatdomain: Fix issues found describing auth
	Fix a couple of typos ('chap' should have been 'iscsi' and there was
	a stray 'iqn.2013-07.com.example:iscsi-pool' entry.  Clean up the
	description of the <auth> element for the disk

	Utilize virDomainDiskAuth for domain disk
	Replace the inline "auth" struct in virStorageSource with a pointer
	to a virStorageAuthDefPtr and utilize between the domain_conf, qemu_conf,
	and qemu_command sources for finding the auth data for a domain disk

	qemuargv2xmltest: Resurrect RBD and iSCSI auth
	Ressurect the disk-drive-network-iscsi-auth and disk-drive-network-rbd-auth
	tests.  Make adjustments to the args and xml file to be compatible with
	other changes made to the non "-auth" so that the only difference is the
	authentication information.
	Adjust the qemuargv2xmltest.c to filter out "<secret" and "</auth>" since
	the args -> xml has no concept of usage it doesn't get printed. This results
	in the </auth> being printed on the same line as "<secret" and the secret
	XML is not closed - a bit of an issue, but soon to be fixed.

	virstorage: Introduce virStorageAuthDef
	Introduce virStorageAuthDef and friends.  Future patches will merge/utilize
	their view of storage source/pool auth/secret definitions.
	New API's include:
	    virStorageAuthDefParse:  Parse the "<auth/>" XML data for either the
	                             domain disk or storage pool returning a
	                             virStorageAuthDefPtr
	    virStorageAuthDefCopy:   Copy a virStorageAuthDefPtr - to be used by
	                             the qemuTranslateDiskSourcePoolAuth when it
	                             copies storage pool auth data into domain
	                             disk auth data
	    virStorageAuthDefFormat: Common output of the "<auth" in the domain
	                             disk or storage pool XML
	    virStorageAuthDefFree:   Free memory associated with virStorageAuthDef
	Subsequent patches will utilize the new functions for the domain disk and
	storage pools.
	Future work in the hostdev pass through can then make use of common data
	structures and code.

2014-07-04  Eric Blake  <eblake@redhat.com>

	blockjob: turn on qemu capability bit for active commit
	Use the probing functionality added in the last patch to turn on
	a capability bit when active commit is present, and gate active
	commit on that capability.
	For my own reference: the difference between BLOCKJOB_SYNC and
	BLOCKJOB_ASYNC is whether qemu generated an event at the
	conclusion of blockpull; basically, RHEL 6.2 was the only release
	of qemu that has the sync semantics and lacks the event.  RHEL
	6.3 added blockcopy, but also picked up on the upstream style
	of qemu generating events.  As no one is likely to backport
	active commit to RHEL 6.2, it's safe for blockcommit to always
	require async blockjob support.
	Modifying qemucapabilitiestest is painful; the .replies files would
	be so much easier if they had comments correlating which command
	generated the given reply.  Maybe I'll fix that up later...
	* src/qemu/qemu_capabilities.h (QEMU_CAPS_ACTIVE_COMMIT): New
	capability.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Use the new bit
	* src/qemu/qemu_capabilities.c (virQEMUCaps): Name the new bit.
	(virQEMUCapsProbeQMPCommands): Set it.
	* tests/qemucapabilitiesdata/caps_1.3.1-1.replies: Update.
	* tests/qemucapabilitiesdata/caps_1.4.2-1.replies: Likewise.
	* tests/qemucapabilitiesdata/caps_1.5.3-1.replies: Likewise.
	* tests/qemucapabilitiesdata/caps_1.6.0-1.replies: Likewise.
	* tests/qemucapabilitiesdata/caps_1.6.50-1.replies: Likewise.

	blockjob: allow omitted arguments to QMP block-commit
	We are about to turn on support for active block commit.  Although
	qemu 2.0 was the first version to mostly support it, that version
	mis-handles 0-length files, and doesn't have anything available for
	easy probing.  But qemu 2.1 fixed bugs, and made life simpler by
	letting the 'top' argument be optional.  Unless someone begs for
	active commit with qemu 2.0, for now we are just going to enable
	it only by probing for qemu 2.1 behavior (anyone backporting active
	commit can also backport the optional argument behavior).  This
	requires qemu.git commit 7676e2c597000eff3a7233b40cca768b358f9bc9.
	Although all our actual uses of block-commit supply arguments for
	both base and top, we can omit both arguments and use a bogus
	device string to trigger an interesting behavior in qemu.  All QMP
	commands first do argument validation, failing with GenericError
	if a mandatory argument is missing.  Once that passes, the code
	in the specific command gets to do further checking, and the qemu
	developers made sure that if device is the only supplied argument,
	then the block-commit code will look up the device first, with a
	failure of DeviceNotFound, before attempting any further argument
	validation (most other validations fail with GenericError).  Thus,
	the category of error class can reliably be used to decipher
	whether the top argument was optional, which in turn implies a
	working active commit.  Since we expect our bogus device string to
	trigger an error either way, the code is written to return a
	distinct return value without spamming the logs.
	* src/qemu/qemu_monitor.h (qemuMonitorSupportsActiveCommit): New
	prototype.
	* src/qemu/qemu_monitor.c (qemuMonitorSupportsActiveCommit):
	Implement it.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockCommit):
	Allow NULL for top and base, for probing purposes.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockCommit):
	Likewise, implementing the probe.
	* tests/qemumonitorjsontest.c (mymain): Enable...
	(testQemuMonitorJSONqemuMonitorSupportsActiveCommit): ...a new test.

2014-07-03  Michal Privoznik  <mprivozn@redhat.com>

	tests: Avoid double linking some libraries
	The problem is, since 614581f32b domaincapstest is linked with
	$(LDADDS) by default. Then, since 94e3f23e8a7 the test may be
	conditionally linked with $(qemu_LDADDS) which already contains
	$(LDADDS). And some linkers doesn't cope with this nicely:
	  CCLD     domaincapstest
	../src/libvirt_probes.o:(.probes+0x0): multiple definition of `libvirt_event_poll_add_handle_semaphore'
	../src/libvirt_probes.o:(.probes+0x0): first defined here
	../src/libvirt_probes.o:(.probes+0x2): multiple definition of `libvirt_event_poll_update_handle_semaphore'
	../src/libvirt_probes.o:(.probes+0x2): first defined here
	../src/libvirt_probes.o:(.probes+0x4): multiple definition of `libvirt_event_poll_remove_handle_semaphore'
	../src/libvirt_probes.o:(.probes+0x4): first defined here
	../src/libvirt_probes.o:(.probes+0x6): multiple definition of `libvirt_event_poll_dispatch_handle_semaphore'
	../src/libvirt_probes.o:(.probes+0x6): first defined here
	And so on.

	qemu: Implement virConnectGetDomainCapabilities
	So far only information on disks and host devices are exposed in the
	capabilities XML. Well, at least something. Even a new test is
	introduced. The qemu capabilities are stolen from already existing
	qemucapabilities test. There's one tricky point though. Functions that
	checks host's KVM and VFIO capabilities, are impossible to mock
	currently. So in the test, we are setting the capabilities by hand.

	qemu_capabilities: Introduce virQEMUCapsGetDefaultMachine
	Sometimes it may be useful to get a default machine for given qemu
	binary. Fortunately, the default machine is stored always on the first
	position in the supported machines array.

	qemu_capabilities: Introduce virQEMUCapsIsMachineSupported
	This internal API is meant to answer the question 'Is this machine
	type supported by given qemu?'.

	qemu_capabilities: Introduce virQEMUCapsCacheLookupByArch
	The API may come handy if somebody has an architecture and wants to
	look through available qemus if the architecture is supported or not.

	tests: Move qemu caps XML parsing into shared unit
	Later on, we the qemu capabilities XML parsing code may come handy so
	instead of duplicating the code make the already existing one shared.
	By the same time, make the function accept file name instead of XML
	document stored already in memory.

	virsh: expose virConnectGetDomainCapabilities
	The API is exposed under 'domcapabilities' command. Currently, with
	the variety of drivers that libvirt supports, none of the command
	arguments is obligatory, but all are optional instead.

	Introduce virConnectGetDomainCapabilities
	The API should expose the information contained in virDomainCapsPtr.

	Introduce domain_capabilities
	This new module holds and formats capabilities for emulator. If you
	are about to create a new domain, you may want to know what is the
	host or hypervisor capable of. To make sure we don't regress on the
	XML, the formatting is not something left for each driver to
	implement, rather there's general format function.
	The domain capabilities is a lockable object (even though the locking
	is not necessary yet) which uses reference counter.

	xenapiConnectGetCapabilities: Remove unused 'cleanup' label
	In the lastest rework (9e7ecabf) a cleanup label was left over which
	results in compilation error.

2014-07-03  Ján Tomko  <jtomko@redhat.com>

	Remove double OOM error reporting

	Remove double OOM error reporting from JSON monitor
	The functions called here report an OOM error when the allocation
	fails, or quietly return -1 on wrong usage (which is not the case
	here)

	Add OOM error reporting to a few fucntions
	They report errors in all other cases.

	Set errno on OOM in lxcProcReadMeminfo
	It sets the errno on all other errors, do it here too.
	Also report an error.

	Use virBufferCheckError everywhere we report OOM error
	Replace:
	if (virBufferError(&buf)) {
	    virBufferFreeAndReset(&buf);
	    virReportOOMError();
	    ...
	}
	with:
	if (virBufferCheckError(&buf) < 0)
	    ...
	This should not be a functional change (unless some callers
	misused the virBuffer APIs - a different error would be reported
	then)

	Report errors in virCapabilitiesFormatXML
	So far, we only report an error if formatting the siblings bitmap
	in NUMA topology fails.
	Be consistent and always report error in virCapabilitiesFormatXML.

	Introduce virBufferCheckError
	Check if the buffer is in error state and report an error if it is.
	This replaces the pattern:
	if (virBufferError(buf)) {
	    virReportOOMError();
	    goto cleanup;
	}
	with:
	if (virBufferCheckError(buf) < 0)
	    goto cleanup;
	Document typical buffer usage to favor this.
	Also remove the redundant FreeAndReset - if an error has
	been set via virBufferSetError, the content is already freed.

	Use virStringReplace instead of openvz_replace
	This function didn't report an error on OOM. Better delete it
	and use virStringReplace instead. :)

	Remove useless condition in networkRadvdConfContents
	If v6present is false, this code is not reachable.
	Also, there is no need to check for errors twice.

	usb: Remove redundant comment

	More indentation fixes
	Reindent nwfilter gentech driver and one block in rbd storage backend.

	Fix indentation in bridge driver

2014-07-02  Pavel Hrdina  <phrdina@redhat.com>

	qemu_domain: fix startup policy for disks
	https://bugzilla.redhat.com/show_bug.cgi?id=1086121
	We now support startupPolicy='optional' for disks, but this
	should work only for cold boot, not for restore or migrate.

2014-07-02  Yue wenyuan  <yuewenyuan@huawei.com>

	LXC: update comments of lxcDomainCreateXMLWithFiles() and lxcDomainCreateXML()
	The comments for lxcDomainCreateXMLWithFiles are out of date. So update them.
	And add comments for lxcDomainCreateXML

2014-07-02  Yanbing Du  <ydu@ydu-0.nay.redhat.com>

	virsh: Allow attach-disk to specify disk target bus
	By default, the bus type is inferred from the style of the device
	name('target' in this command), e.g. a device named 'sda' will
	typically be exported using a SCSI bus. Actually, not only SCSI bus,
	but USB/SATA bus also use this kind of device name. So add '--bus'
	option for attach-disk command to allow user specify the target bus.

2014-07-02  Ján Tomko  <jtomko@redhat.com>

	Fix segfault when starting a domain with no cpu definition
	My commit fba6bc4 iterated over the features in cpu definition
	without checking if there is one.

2014-07-02  Mike Perez  <thingee@gmail.com>

	qemu: Add cmd_per_lun, max_sectors to virtio-scsi
	This introduces two new attributes "cmd_per_lun" and "max_sectors" same
	with the names QEMU uses for virtio-scsi. An example of the XML:
	<controller type='scsi' index='0' model='virtio-scsi' cmd_per_lun='50'
	max_sectors='512'/>
	The corresponding QEMU command line:
	-device virtio-scsi-pci,id=scsi0,cmd_per_lun=50,max_sectors=512,
	bus=pci.0,addr=0x3

2014-07-02  Ján Tomko  <jtomko@redhat.com>

	Add invariant TSC cpu flag
	Add suport for invariant TSC flag (CPUID 0x80000007, bit 8 of EDX).
	If this flag is enabled, the TSC ticks at a constant rate across
	all ACPI P-, C- and T-states.
	This can be enabled by adding:
	<feature name='invtsc'/>
	to the <cpu> element.
	Migration and saving the domain does not work with this flag.
	QEMU support: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=303752a
	The feature name "invtsc" differs from the name "" used by the linux kernel:
	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/cpu/powerflags.c?id=30321c7b#n18

2014-07-02  Giuseppe Scrivano  <gscrivan@redhat.com>

	qemu: raise an error when trying to use readonly ide disks
	The IDE bus doesn't support readonly disks, so inform the user with an
	error message instead of let qemu fail with a more obscure "Device
	'ide-hd' could not be initialized" error message.
	Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1112939

2014-07-02  Martin Kletzander  <mkletzan@redhat.com>

	util: unify extra asterisk in viralloc.h

	Post-release version bump for new dev cycle

2014-07-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.6

2014-07-01  Peter Krempa  <pkrempa@redhat.com>

	qemu: copy: Accept 'format' parameter when copying to a non-existing img
	We have the following matrix of possible arguments handled by the logic
	statement touched by this patch:
	       | flags & _REUSE_EXT | !(flags & _REUSE_EXT)
	-------+--------------------+----------------------
	 format| (1)                | (2)
	-------+--------------------+----------------------
	!format| (3)                | (4)
	-------+--------------------+----------------------
	In cases 1 and 2 the user provided a format, in cases 3 and 4 not. The
	user requests to use a pre-existing image in 1 and 3 and libvirt will
	create a new image in 2 and 4.
	The difference between cases 3 and 4 is that for 3 the format is probed
	from the user-provided image, whereas in 4 we just use the existing disk
	format.
	The current code would treat cases 1,3 and 4 correctly but in case 2 the
	format provided by the user would be ignored.
	The particular piece of code was broken in commit 35c7701c64508f975dfeb8
	but since it was introduced a few commits before that it was never
	released as working.

	storage: gluster: Fix header reader function
	Advance the right pointer to actually append to the buffer. We were
	lucky that all reads were completed in one try.

	conf: storage: Add volume feature formatter for gluster pools
	Libvirt didn't output feature flags for images stored on native gluster.
	Fix this trivially by adding a feature formatter callback.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1095035

2014-07-01  Martin Kletzander  <mkletzan@redhat.com>

	build: link libvirt_conf with libxml
	Since there is code using functions from the libxml library,
	libvirt_conf should have that in LIBADD so it can be linked against
	even without libvirt_util (which usually deals with the error itself,
	since libvirt_util has libxml in LIBADD).  The same applies to
	storage_backend.c.

2014-07-01  Michal Privoznik  <mprivozn@redhat.com>

	vboxsnapshotxmltest: Don't write to a file in abs_srcdir
	In the test, the snapshot XML is written into a file that's located
	under:
	  abs_srcdir/vboxsnapshotxmldata/testResult.vbox
	However, the abs_srcdir doesn't have to be necessarily writable. It
	should have been abs_builddir instead. Moreover, the label in the func
	creating the file is called 'fail' while it fulfils the duty of
	'cleanup' label.

	securityselinuxlabeltest: Don't create dummy file in the srcdir
	At the very beginning of the test we check if the underlying
	filesystem supports extended attributes as they are used to store fake
	SELinux labels. In order to check that, a dummy file is created and
	semi-random attribute is set. However, the file is created under:
	  abs_srcdir "/securityselinuxlabeldata/testxattr"
	which has two problems: abs_srcdir is not required to be writable, so
	it should have been abs_builddir. The second one is - there's no
	"securityselinuxlabeldata" folder under abs_builddir. The problem was
	introduced in caf164f1.

2014-07-01  Ján Tomko  <jtomko@redhat.com>

	Report one error less when getting net dev speed
	virFileReadAll already logs an error. If reading the 'speed' file
	fails with EINVAL, we log an error even though we ignore it. If it
	fails with other errors, we log two errors.
	Use virFileReadAllQuiet - ignore EINVAL and report just one error
	in other cases.
	Fixes this error on libvirtd startup:
	2014-06-30 12:47:14.583+0000: 20971: error : virFileReadAll:1297 :
	Failed to read file '/sys/class/net/wlan0/speed': Invalid argument

	Introduce virFileReadAllQuiet
	Just like virFileReadAll, but returns -errno instead
	of reporting errors. Useful for ignoring some errors.

	Only detect PCI Express devices as root in udev nodedev driver
	This stops the error message spam when running unprivileged
	libvirtd:
	2014-06-30 12:38:47.990+0000: 631: error : virPCIDeviceConfigOpen:300 :
	Failed to open config space file
	'/sys/bus/pci/devices/0000:00:00.0/config': Permission denied
	Reported by Daniel Berrange:
	https://www.redhat.com/archives/libvir-list/2014-June/msg01082.html

	Track privileged state in udev nodedev driver
	Remember if libvirtd is running as root or not.

2014-07-01  Jim Fehlig  <jfehlig@suse.com>

	libxl: add PV console if not explicitly specified
	Xen PV domains always have a PV console, so add one to the domain
	config via post-parse callback if not explicitly specified in
	the XML.  The legacy Xen driver behaves similarly, causing a
	regression when switching to the new Xen toolstack.  I.e.
	  virsh console pv-domain
	will no longer work after upgrading a xm/xend stack to xl/libxl.

	build: fix 'make syntax-check' after commit c6cf5df3
	The commit caused prohibit_long_lines to fail in src/Makefile.am.

	vbox: fix linker error
	Noticed the following error when building the vbox driver
	in the openSUSE build service
	CCLD     vboxsnapshotxmltest
	/usr/lib64/gcc/x86_64-suse-linux/4.8/../../../../x86_64-suse-linux/bin/ld:
	../src/.libs/libvirt_driver_vbox_impl.a
	(libvirt_driver_vbox_impl_la-vbox_snapshot_conf.o):
	undefined reference to symbol 'xmlXPathRegisterNs@@LIBXML2_2.4.30'
	/usr/lib64/libxml2.so: error adding symbols: DSO missing from command line
	collect2: error: ld returned 1 exit status
	Fixed by adding LIBXML_LIBS to libvirt_driver_vbox_impl_la_LIBADD

2014-07-01  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: don't break the build on Xen>=4.5 because of libxl_vcpu_setaffinity()
	libxl interface for vcpu pinning is changing in Xen 4.5. Basically,
	libxl_set_vcpuaffinity() now wants one more parameter. That is
	representative of 'VCPU soft affinity', which libvirt does not use.
	To mark such change, the macro LIBXL_HAVE_VCPUINFO_SOFT_AFFINITY is
	defined. Use it as a gate and, if present, re-#define the calls from
	the old to the new interface, to avoid breaking the build.
	Cc: Jim Fehlig <jfehlig@suse.com>
	Cc: Ian Campbell <Ian.Campbell@citrix.com>
	Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>

2014-06-30  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: throw an error if we failed to get Idmap elements
	Throwing an error is much friendly than just
	"error: An error occurred, but the cause is unknown"

2014-06-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Save persistent domain config when taking external snapshot
	Commit 55bbb011b965c7962933604c70f61cef45e8ec04 introduced a regression
	where we forgot to save the persistent domain configuration after an
	external snapshot. This would make libvirt forget the snapshots and
	effectively revert to the previous state in the following scenario:
	1) Start VM
	2) Take snapshot
	3) Destroy VM
	4) Restart libvirtd
	Also fix spurious blank line added by patch mentioned above.

2014-06-27  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix build by fixing typo in variable name
	Commit 80d0918b introduced a typo in variable name:
	s/failIncomaptible/failIncompatible/
	Pushed under the build breaker rule.

2014-06-27  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Add new Broadwell CPU model

2014-06-27  Peter Krempa  <pkrempa@redhat.com>

	net: merge virNetworkGetDHCPLeases and virNetworkGetDHCPLeasesForMAC
	Instead of maintaining two very similar APIs, add the "@mac" parameter
	to virNetworkGetDHCPLeases and kill virNetworkGetDHCPLeasesForMAC. Both
	of those functions would return data the same way, so making @mac an
	optional filter simplifies a lot of stuff.

2014-06-27  Ján Tomko  <jtomko@redhat.com>

	Add test for type none model dac seclabel

2014-06-27  Jincheng Miao  <jmiao@redhat.com>

	test: add user_xattr check for securityselinuxlabeltest
	libvirt unit test used setxattr with "user.libvirt.selinux" name to
	emulate setfilecon of selinux. But for some old kernel filesystem
	(like 2.6.32-431.el6.x86_64), if the filesystem is not mounted with
	user_xattr flag, the setxattr with "user.libvirt.selinux" will fail.
	So adding testUserXattrEnabled() in securityselinuxlabeltest.c,
	if user_xattr is not enabled, skip this case.
	The user_xattr is departed in newer kernel, therefore this commit is
	only for the compatablity for old kernel.
	Tested-by: Scott Sullivan <ssullivan@liquidweb.com>

2014-06-27  Eric Blake  <eblake@redhat.com>

	docs: publish correct enum values
	We publish libvirt-api.xml for others to use, and in fact, the
	libvirt-python bindings use it to generate python constants that
	correspond to our enum values.  However, we had an off-by-one bug
	that any enum that relied on C's rules for implicit initialization
	of the first enum member to 0 got listed in the xml as having a
	value of 1 (and all later members of the enum were equally
	botched).
	The fix is simple - since we add one to the previous value when
	encountering an enum without an initializer, the previous value
	must start at -1 so that the first enum member is assigned 0.
	The python generator code has had the off-by-one ever since DV
	first wrote it years ago, but most of our public enums were immune
	because they had an explicit = 0 initializer.  The only affected
	enums are:
	- virDomainEventGraphicsAddressType (such as
	VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV4), since commit 987e31e
	(libvirt v0.8.0)
	- virDomainCoreDumpFormat (such as VIR_DOMAIN_CORE_DUMP_FORMAT_RAW),
	since commit 9fbaff0 (libvirt v1.2.3)
	- virIPAddrType (such as VIR_IP_ADDR_TYPE_IPV4), since commit
	03e0e79 (not yet released)
	Thanks to Nehal J Wani for reporting the problem on IRC, and
	for helping me zero in on the culprit function.
	* docs/apibuild.py (CParser.parseEnumBlock): Fix implicit enum
	values.

2014-06-27  Jim Fehlig  <jfehlig@suse.com>

	libxl: detect support for save and restore
	libxl does not support save, restore, or migrate on all architectures,
	notably ARM.  Detect whether libxl supports these operations using
	LIBXL_HAVE_NO_SUSPEND_RESUME.  If not supported, drop advertisement of
	<migration_features>.
	Found by Ian Campbell while improving Xen's OSSTEST infrastructure
	http://lists.xen.org/archives/html/xen-devel/2014-06/msg02171.html

2014-06-26  Martin Kletzander  <mkletzan@redhat.com>

	qemu: fix guestfwd chardev option back how it was
	Since commit d86c876a66e320b55220d00113027c9ad6199cff we are using
	guestfwd=tcp:IP:PORT,chardev=ID for guestfwd specification, however,
	that has not changed in qemu, so guestfwd does not work since.
	Apart from that, guestfwd is not working with older qemu that doesn't
	have QEMU_CAPS_DEVICE.
	Both regressions exist since late 2009 and nobody found that (until
	now), so I'm only fixing the first one.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1112066

2014-06-26  Daniel P. Berrange  <berrange@redhat.com>

	Add PKG_CONFIG_PATH to run.in script.
	Allow people to build external bindings using the 'run' script
	by defining the PKG_CONFIG_PATH var in it. eg to build Python
	you could do
	   ../libvirt/run python setup.py build

	Fix typo s/SASL_CONF_DIR/SASL_CONF_PATH/ in QEMU VNC code
	The QEMU VNC client arg code has a long standing typo
	of SASL_CONF_DIR when it should be SASL_CONF_PATH for
	the env variable name.

2014-06-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockcopy: Don't remove existing disk mirror info
	When creating a new disk mirror the new struct is stored in a separate
	variable until everything went well. The removed hunk would actually
	remove existing mirror information for example when the api would be run
	if a mirror still exists.

	security: nop: Avoid very long lines
	The function headers contain type on the same line as the name. When
	combined with usage of ATTRIBUTE_UNUSED, the function headers were very
	long. Shorten them by breaking the line after the type.

	security: Fix header formatting of a few functions
	Some of the functions in the storage driver had their headers formatted
	incorrectly.

	security: manager: Document behavior of disk label manipulation funcs
	virSecurityManagerSetDiskLabel and virSecurityManagerRestoreDiskLabel
	don't have complementary semantics. Document the semantics to avoid
	possible problems.

	security: manager: Unify function header format

	security: manager: Avoid forward decl of virSecurityManagerDispose

	security: Rename virSecurityManagerRestoreImageLabel to *Disk*
	I'm going to add functions that will deal with individual image files
	rather than whole disks. Rename the security function to make room for
	the new one.

	util: s/virStorageSourceClearBackingStore/virStorageSourceBackingStoreClear
	Rename them to comply with the naming policy.

2014-06-26  Daniel Veillard  <veillard@redhat.com>

	Fix a typo in a localized string
	As pointed by Yuri Chornoivan in transifex:
	https://fedora.transifex.com/projects/p/libvirt/translate/#uk/strings/27026506

2014-06-26  Jiri Denemark  <jdenemar@redhat.com>

	virConnectCompareCPU: Introduce FAIL_INCOMPATIBLE flag
	The new VIR_CONNECT_COMPARE_CPU_FAIL_INCOMPATIBLE flag for
	virConnectCompareCPU can be used to get an error
	(VIR_ERR_CPU_INCOMPATIBLE) describing the incompatibility instead of the
	usual VIR_CPU_COMPARE_INCOMPATIBLE return code.

	cpuCompare*: Add support for reporting failure on incompatible CPUs
	When CPU comparison APIs return VIR_CPU_COMPARE_INCOMPATIBLE, the caller
	has no clue why the CPU is considered incompatible with host CPU. And in
	some cases, it would be nice to be able to get such info in a client
	rather than having to look in logs.
	To achieve this, the APIs can be told to return VIR_ERR_CPU_INCOMPATIBLE
	error for incompatible CPUs and the reason will be described in the
	associated error message.

	cpu: Cleanup coding style in generic CPU driver

	Remove redundant docs from libvirt.h
	Only types and macros are documented in libvirt.h, APIs are documented
	in the *.c file they are implemented in.

	virsh: Remove bogus stat on log file
	Let's just open the file right away and deal with errors. Moreover,
	there's no reason to forbid logging to, e.g., a pipe.

2014-06-26  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	conf: whitespace tweak
	Fix missing whitespace when parsing 'managed' attribute.

2014-06-26  Jincheng Miao  <jmiao@redhat.com>

	enhance hostdev mode 'capabilities' process
	Currently, only LXC has hostdev mode 'capabilities' support,
	so the other drivers should forbid to define it in XML.
	The hostdev mode check is added to devicesPostParseCallback()
	for each hypervisor driver.
	But there are some drivers lack function devicesPostParseCallback(),
	so only add check for qemu, libxl, openvz, uml, xen, xenapi.

2014-06-25  Peter Krempa  <pkrempa@redhat.com>

	storage: Don't store parent directory of an image explicitly
	The parent directory doesn't necessarily need to be stored after we
	don't mangle the path stored in the image. Remove it and tweak the code
	to avoid using it.

	storage: Don't canonicalize paths unnecessarily
	Store backing chain paths as non-canonical. The canonicalization step
	will be already taken. This will allow to avoid storing unnecessary
	amounts of data.

	tests: virstoragetest: Remove unneeded relative test plumbing
	After we don't test relative paths, remove even more unnecessary cruft
	from the test code.

	tests: virstoragetest: Don't test relative start of backing chains
	libvirt always uses an absolute path to address the top image of an
	image chain. Our storage test tests also the relative path which won't
	ever be used. Additionally it makes the test more complicated.

	util: storage: Remove now redundant backingRelative from virStorageSource
	Now that we store only relative names in virStorageSource's member
	relPath the backingRelative member is obsolete. Remove it and adapt the
	code to the removal.

	tests: virstoragetest: Remove now unused pathAbs
	Separately remove the now unused variable.

	storage: Store relative path only for relatively backed storage
	Due to various refactors and compatibility with the virstoragetest the
	relPath field of the virStorageSource structure was always filled either
	with the relative name or the full path in case of absolutely backed
	storage. Return its original purpose to store only the relative name of
	the disk if it is backed relatively and tweak the tests.

	tests: virstoragetest: Remove "expBackingStore" field
	Now that we changed ordering of the stored metadata so that the backing
	store is described by the child element the test should reflect this
	change too.
	Remove the expected backing store field as it's actually described by
	the next element in the backing chain, so there's no need for
	duplication.

	util: storage: Add helper to resolve relative path difference
	This patch introduces a function that will allow us to resolve a
	relative difference between two elements of a disk backing chain. This
	function will be used to allow relative block commit and block pull
	where we need to specify the new relative name of the image to qemu.
	This patch also adds unit tests for the function to verify that it works
	correctly.

2014-06-25  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: check whether we get MemSwap[Total|Usage]

2014-06-25  Julio Faracco  <jcfaracco@gmail.com>

	qemu: enum cleanups in "src/qemu/*"
	As we are doing with the enum structures, a cleanup in "src/qemu/"
	directory was done now. All the enums that were defined in the
	header files were converted to typedefs in this directory. This
	patch includes all the adjustments to remove conflicts when you do
	this kind of change. "Enum-to-typedef"'s conversions were made in
	"src/qemu/qemu_{capabilities, domain, migration, hotplug}.h".

2014-06-25  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix version annotation of migration functions
	Commit 9b8d6e1e missed updating the libvirt version which
	introduced support for domainMigrate*3Params functions.

2014-06-24  Peter Krempa  <pkrempa@redhat.com>

	bridge: leases: Fix potential crash caused by use after free
	Don't free individual JSON array members as the array will be freed at
	the end. This may potentially lead to a crash although it didn't crash
	on my setup.

2014-06-24  Ján Tomko  <jtomko@redhat.com>

	Free DHCP leases file in networkGetDHCPLeasesHelper
	Introduced by commit ba51398

	Rework remoteSerializeDHCPLease
	Don't leak the temporary variables on success if NULL is returned
	for that field.
	Don't dereference NULL on failure to allocate some of the temporaries.
	Introduced by commit 990c3b6

	Free file header in virStorageFileGetMetadataRecurse
	Introduced by commit 2bdb8b9

2014-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Change 'interface' to 'iface' in virNetworkDHCPLease
	Variables/fields named 'interface' clash with system
	header symbols on some platforms.

2014-06-24  Giuseppe Scrivano  <gscrivan@redhat.com>

	graphics: remember graphics not auto allocated ports
	When looking for a port to allocate, the port allocator didn't take in
	consideration ports that are statically set by the user.  Defining
	these two graphics elements in the XML would cause an error, as the
	port allocator would try to use the same port for the spice graphics
	element:
	    <graphics type='spice' autoport='yes'/>
	    <graphics type='vnc' port='5900' autoport='no'/>
	The new *[pP]ortReserved variables keep track of the ports that were
	successfully tracked as used by the port allocator but that weren't
	bound.
	Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1081881

	virtportallocator: new function "virPortAllocatorSetUsed"
	virPortAllocatorSetUsed permits to set a port as already used and
	prevent the port allocator to use it without any attempt to bind it.

2014-06-24  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	net-dhcp-leases: Add virsh support
	Use virNetworkGetDHCPLeases and virNetworkGetDHCPLeasesForMAC in virsh.
	The new feature supports the follwing methods:
	1. Retrieve leases info for a given virtual network
	2. Retrieve leases info for given network interface
	tools/virsh-domain-monitor.c
	   * Introduce new command : net-dhcp-leases
	     Example Usage: net-dhcp-leases <network> [mac]
	   virsh # net-dhcp-leases --network default6
	   Expiry Time          MAC address        Protocol  IP address                Hostname        Client ID or DUID
	   -------------------------------------------------------------------------------------------------------------------
	   2014-06-16 03:40:14  52:54:00:85:90:e2  ipv4      192.168.150.231/24        fedora20-test   01:52:54:00:85:90:e2
	   2014-06-16 03:40:17  52:54:00:85:90:e2  ipv6      2001:db8:ca2:2:1::c0/64   fedora20-test   00:04:b1:d8:86:42:e1:6a:aa:cf:d5:86:94:23:6f:94:04:cd
	   2014-06-16 03:34:42  52:54:00:e8:73:eb  ipv4      192.168.150.181/24        ubuntu14-vm     -
	   2014-06-16 03:34:46  52:54:00:e8:73:eb  ipv6      2001:db8:ca2:2:1::5b/64   -               00:01:00:01:1b:30:c6:aa:52:54:00:e8:73:eb
	tools/virsh.pod
	   * Document new command
	src/internal.h
	   * Introduce new macro: EMPTYSTR

	net-dhcp-leases: Private implementation inside network
	Query the network driver for the path of the custom leases file for the given
	virtual network and parse it to retrieve info.
	src/network/bridge_driver.c:
	* Implement networkGetDHCPLeases
	* Implement networkGetDHCPLeasesForMAC
	* Implement networkGetDHCPLeasesHelper

	net-dhcp-leases: Implement the remote protocol
	Implement RPC calls for virNetworkGetDHCPLeases, virNetworkGetDHCPLeasesForMAC
	daemon/remote.c
	   * Define remoteSerializeNetworkDHCPLeases,
	            remoteDispatchNetworkGetDHCPLeases
	   * Define remoteDispatchNetworkGetDHCPLeasesForMAC
	   * Define helper function remoteSerializeDHCPLease
	src/remote/remote_driver.c
	   * Define remoteNetworkGetDHCPLeases
	   * Define remoteNetworkGetDHCPLeasesForMAC
	   * Define helper function remoteSerializeDHCPLease
	src/remote/remote_protocol.x
	   * New RPC procedure: REMOTE_PROC_NETWORK_GET_DHCP_LEASES
	   * Define structs remote_network_dhcp_leases, remote_network_get_dhcp_leases_args,
	                    remote_network_get_dhcp_leases_ret
	   * New RPC procedure: REMOTE_PROC_NETWORK_GET_DHCP_LEASES_FOR_MAC
	   * Define structs remote_network_dhcp_leases_for_mac, remote_network_get_dhcp_leases_for_mac_args,
	                    remote_network_get_dhcp_leases_for_mac_ret
	src/remote_protocol-structs
	   * New structs added
	src/rpc/gendispatch.pl
	   * Add exception (s/Dhcp/DHCP) for auto-generating names of the remote functions
	     in daemon/remote_dispatch.h

	net-dhcp-leases: Implement the public APIs
	Introduce 3 new APIs, virNetworkGetDHCPLeases, virNetworkGetDHCPLeasesForMAC
	and virNetworkDHCPLeaseFree.
	* virNetworkGetDHCPLeases: returns the dhcp leases information for a given
	     virtual network.
	  For DHCPv4, the information returned:
	  - Network Interface Name
	  - Expiry Time
	  - MAC address
	  - IAID (NULL)
	  - IPv4 address (with type and prefix)
	  - Hostname (can be NULL)
	  - Client ID (can be NULL)
	  For DHCPv6, the information returned:
	  - Network Interface Name
	  - Expiry Time
	  - MAC address
	  - IAID (can be NULL, only in rare cases)
	  - IPv6 address (with type and prefix)
	  - Hostname (can be NULL)
	  - Client DUID
	  Note: @mac, @iaid, @ipaddr, @clientid are in ASCII form, not raw bytes.
	  Note: @expirytime can 0, in case the lease is for infinite time.
	* virNetworkGetDHCPLeasesForMAC: returns the dhcp leases information for a
	     given virtual network and specified MAC Address.
	* virNetworkDHCPLeaseFree: allows the upper layer application to free the
	     network interface object conveniently.
	There is no support for flags, so user is expected to pass 0 for
	both the APIs.
	include/libvirt/libvirt.h.in:
	  * Define virNetworkGetDHCPLeases
	  * Define virNetworkGetDHCPLeasesForMAC
	  * Define virNetworkDHCPLeaseFree
	src/driver.h:
	  * Define networkGetDHCPLeases
	  * Define networkGetDHCPLeasesForMAC
	src/libvirt.c:
	  * Implement virNetworkGetDHCPLeases
	  * Implement virNetworkGetDHCPLeasesForMAC
	  * Implement virNetworkDHCPLeaseFree
	src/libvirt_public.syms:
	  * Export the new symbols

2014-06-24  Ján Tomko  <jtomko@redhat.com>

	Fix shadowed variable with older gcc
	Commit 2cff94c fixed the shadowed 'link' added by commit 975f0e2,
	but forgot the 'link' added by commit 08aa22e.

2014-06-24  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: trivially support flag VIR_DRV_FEATURE_TYPED_PARAM_STRING
	Fix lxcDomainGetMemoryParameters and lxcDomainGetSchedulerParametersFlags:
	virsh -c lxc:/// memtune DOMAIN
	error: Unable to get number of memory parameters
	error: unsupported flags (0x4) in function lxcDomainGetMemoryParameters
	Introduced by commit 399394.

2014-06-24  Michal Privoznik  <mprivozn@redhat.com>

	virNumaGetPages: Don't fail on huge page-less systems
	If we are running on a system that is not capable of huge pages (e.g.
	because the kernel is not configured that way) we still try to open
	"/sys/kernel/mm/hugepages/" which however does not exist. We should
	be tolerant to this specific use case.

	virNumaGetPageInfo: Take huge pages into account
	On the Linux kernel, if huge pages are allocated the size they cut off
	from memory is accounted under the 'MemUsed' in the meminfo file.
	However, we want the sum to be subtracted from 'MemTotal'. This patch
	implements this feature. After this change, we can enable reporting
	of the ordinary system pages in the capability XML:
	<capabilities>
	  <host>
	    <uuid>01281cda-f352-cb11-a9db-e905fe22010c</uuid>
	    <cpu>
	      <arch>x86_64</arch>
	      <model>Haswell</model>
	      <vendor>Intel</vendor>
	      <topology sockets='1' cores='1' threads='1'/>
	      <feature/>
	      <pages unit='KiB' size='4'/>
	      <pages unit='KiB' size='2048'/>
	      <pages unit='KiB' size='1048576'/>
	    </cpu>
	    <power_management/>
	    <migration_features/>
	    <topology>
	      <cells num='4'>
	        <cell id='0'>
	          <memory unit='KiB'>4048248</memory>
	          <pages unit='KiB' size='4'>748382</pages>
	          <pages unit='KiB' size='2048'>3</pages>
	          <pages unit='KiB' size='1048576'>1</pages>
	          <distances/>
	          <cpus num='1'>
	            <cpu id='0' socket_id='0' core_id='0' siblings='0'/>
	          </cpus>
	        </cell>
	        ...
	      </cells>
	    </topology>
	  </host>
	</capabilities>
	You can see the beautiful thing about this: if you sum up all the
	<pages/> you'll get <memory/>.

2014-06-24  Peter Krempa  <pkrempa@redhat.com>

	storage: gluster: Avoid name shadow on older compilers
	s/link/linkpath/g in virStorageFileBackendGlusterReadlinkCallback as
	older gcc complains.

	storage: gluster: Add backend to return unique storage file path
	Use virStorageFileSimplifyPathInternal to canonicalize gluster paths
	via a callback and use it for the unique volume path retrieval API.

	util: storagefile: Introduce universal function to canonicalize paths
	Introduce a common function that will take a callback to resolve links
	that will be used to canonicalize paths on various storage systems and
	add extensive tests.

	util: string: Add helper to free non-NULL terminated string arrays
	To free string lists with some strings stolen from the middle we need to
	walk the complete array. Introduce a new helper that takes the string
	list size to free such string lists.

2014-06-24  Jim Fehlig  <jfehlig@suse.com>

	libxl: prefer qdisk for <driver name='file'>
	The libxl driver currently sets the disk backend to
	LIBXL_DISK_BACKEND_TAP when <driver name='file'> is specified
	in the <disk> config.  qdisk should be prefered with this
	configuration, otherwise existing configuration such as the
	following, which worked with the old Xen driver, will not work
	with the libxl driver
	  <disk type='file' device='cdrom'>
	    <driver name='file'/>
	    <source file='/path/to/some/iso'/>
	    <target dev='hdc' bus='ide'/>
	    <readonly/>
	  </disk>
	In addition, tap performs poorly compared to qdisk.

2014-06-24  Michal Privoznik  <mprivozn@redhat.com>

	cmdFreepages: initialize @tmp
	In the 404bac14 the @tmp variable was introduced. It's purpose is to
	avoid typecasting when parsing --pagesize argument. However, if the
	argument is not presented, tmp may be used uninitialized resulting in
	bogus virNodeGetFreePages() API call:
	virsh freepages --cellno 2
	error: Failed to open file '/sys/devices/system/node/node2/hugepages/hugepages-4294967295kB/free_hugepages': No such file or directory

2014-06-23  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix closedir usage in virNumaGetPages
	virNumaGetPages calls closedir(dir) in cleanup and dir could
	be NULL if we jump there from the failed opendir() call.
	While it's not harmful on Linux, FreeBSD libc crashes [1], so
	make sure that dir is not NULL before calling closedir.
	1: http://lists.freebsd.org/pipermail/freebsd-standards/2014-January/002704.html

2014-06-23  Daniel P. Berrange  <berrange@redhat.com>

	Add pkg-config files to allow deps to build against source tree
	When testing language bindings it is useful to be able to build
	them against an uninstalled libvirt source tree. Add a dummy
	set of pkg-config files to allow for this. This can be used by
	setting
	  export PKG_CONFIG_PATH=/path/to/libvirt/git/src

	Add pkg-config files for libvirt-qemu & libvirt-lxc
	For some reason there have never been pkg-config files created
	for the libvirt-qemu.so and libvirt-lxc.so libraries.

	Don't include @LIBS@ in libvirt.pc.in file
	The libvirt.pc file we install is ending up polluted with a
	load of compiler flags that should be private to the libvirt
	build. eg
	Libs: -L${libdir} -lvirt -ldl -O2 -g -pipe -Wall \
	      -Wp,-D_FORTIFY_SOURCE=2 -fexceptions \
	      -fstack-protector-strong --param=ssp-buffer-size=4 \
	      -grecord-gcc-switches  -m64 -mtune=generic
	this is caused by including @LIBS@ in the Libs: line of the
	pkgconfig.pc.in file.

2014-06-23  Michal Privoznik  <mprivozn@redhat.com>

	virnuma: Actually build huge page code
	One of previous commits (e6258a33) tried to build the huge page code
	only on Linux since it's Linux centric indeed. But it failed miserably
	as it used 'WITH_LINUX' which is an automake conditional not a gcc
	one. In the sources we need to use __linux__.

2014-06-23  Laine Stump  <laine@laine.org>

	qemu: parse -device virtio-balloon
	There are no options to parse here other than the name of the device,
	and all three possible device names have the same prefix
	("virtio-balloon" with "-ccw", "-pci", or "-device" appended), so the
	code is fairly simple. It has been implemented such that it will be
	easier to add handling for other -device entries that aren't otherwise
	recognized - just add another "else if (STRPREFIX(opts, ....)" clause.
	qemuParseCommandLineString() previously would always add a <memballoon
	model='virtio'/> to every result (the comments erroneously say that it
	is adding a <memballoon model='none'/>) This has been changed to add
	model='none', and 84 test case xml's updated accordingly (so that
	qemuxml2argvtest won't fail).
	Now that the memballoon device is properly parsed, we can safely add a
	test for properly ignoring -nodefconfig and -nodefaults. Rather than
	adding an entire new test case for this (and memballoon), we just
	randomly pick the clock-utc test and modify it slightly to fulfill the
	purpose.

2014-06-23  Ján Tomko  <jtomko@redhat.com>

	Report correct error in virNetDevTapCreate
	ioctl returns -1, not the errno value

	Do not call closedir with NULL argument
	Only three other callers possibly call closedir on a NULL argument.
	Even though these probably won't be used on FreeBSD where this crashes,
	let's be nice and only call closedir on an actual directory stream.

	Fix invalid write in virNumaGetDistances
	==== Invalid write of size 4
	====    at 0x52E678C: virNumaGetDistances (virnuma.c:479)
	====    by 0x5396890: nodeCapsInitNUMA (nodeinfo.c:1796)
	====    by 0x203C2B: virQEMUCapsInit (qemu_capabilities.c:960)
	====  Address 0xe10a1e0 is 0 bytes after a block of size 0 alloc'd
	====    at 0x4C2A6D0: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	====    by 0x52A10D6: virAllocN (viralloc.c:191)
	====    by 0x52E674D: virNumaGetDistances (virnuma.c:470)
	====    by 0x5396890: nodeCapsInitNUMA (nodeinfo.c:1796)
	====    by 0x203C2B: virQEMUCapsInit (qemu_capabilities.c:960)

2014-06-23  Peter Krempa  <pkrempa@redhat.com>

	util: numa: Stub out hugepage code on non-Linux platforms
	The hugepage sizing and counting code gathers the information from sysfs
	and thus isn't portable. Stub it out for non-Linux so that we can report
	a better error. This patch also avoids calling sysinfo() on Mingw where
	it isn't supported.

	util: numa: Catch readdir errors in virNumaGetPages
	Don't return possibly incomplete result if virDirRead fails.

	tests: Fix syntax-check after cdd11151791bc9e61538988438980f41c0185681
	makefile_conditionals
	tests/Makefile.am:293:endif
	maint.mk: match "if FOO" with "endif FOO" in Makefiles
	make: *** [sc_makefile_conditionals] Error 1

	test: Disable storage test when FS backend isn't compiled in
	'virstoragetest' accesses backing chains of files on local storage with
	the help of the storage driver. Disable the test on builds without the
	storage driver as the test is crashing otherwise.
	Reported by: Roman Bogorodskiy

2014-06-23  Ján Tomko  <jtomko@redhat.com>

	Properly check the return value of CCWAddressAsString
	It returns NULL on failure. Checking if the negation of it
	is less than zero makes no sense. (Found by coverity after moving
	the code)
	In another case, the return value wasn't checked at all.

2014-06-21  Ján Tomko  <jtomko@redhat.com>

	Split out CCW address allocation
	Just code movement and rename.

2014-06-21  Jason Andryuk  <andryuk@aero.org>

	libxl: Use cooperative resume for migration
	Migration code specifies the problematic non-cooperative resume mode
	which is a known issue with Xen's libxl [1].  Instead, use the better
	supported cooperative mode.
	Without this, guests BUG() in xen_irq_resume after failing to bind
	still-bound event channels.
	[1] http://bugs.xenproject.org/xen/bug/30

2014-06-20  Michal Privoznik  <mprivozn@redhat.com>

	cpu_arm: Support all ARM processors we know about
	So far three ARM processor families are known to libvirt,
	however the cpu driver knows only about one of them. This
	make host initialization on the other two fail:
	2014-06-17 13:35:41.419+0000: 6840: info : libvirt version: 1.2.6
	2014-06-17 13:35:41.419+0000: 6840: error : cpuNodeData:342 : this function is not supported by the connection driver: cannot get node CPU data for armv6l architecture
	2014-06-17 13:35:41.433+0000: 6840: warning : virQEMUCapsInit:943 : Failed to get host CPU

2014-06-20  Michal Privoznik  <miso.privoznik@gmail.com>

	virNodeParseSocket: Take ARM into account
	The virNodeParseSocket() function tries to get socked ID from
	'topology/physical_package_id' file. However, on some architectures
	the file contains the -1 constant which makes in turn libvirt think
	the info extraction was unsuccessful. If that's the case, we need to
	overwrite the obtained integer with zero like we are doing for other
	architectures.

2014-06-20  Michal Privoznik  <mprivozn@redhat.com>

	nodeinfotest: Print error if cpuinfo file can't be opened
	Currently, we are opening the cpuinfo file via fopen() which if fails
	doesn't print any error message. We should do that instead.

	virNodeParseNode: Propagate host architecture
	As in previous commit, there are again some places where we can do
	runtime decision instead of compile time. This time it's whether the
	'topology/physical_package_id' is allowed to have '-1' within or not.
	Then, core ID is pared differently on s390(x) than on the rest of
	architectures.

	nodeinfo: Introduce @arch to linuxNodeInfoCPUPopulate
	So far, we are doing compile time decisions on which architecture is
	used. However, for testing purposes it's much easier if we pass host
	architecture as parameter and then let the function decide which code
	snippet for extracting host CPU info will be used.

2014-06-20  Laine Stump  <laine@laine.org>

	interface: clean up virInterfaceDefDevFormat
	This modifies the formatting function of virInterface to be a proper
	mirror of the parse function, including the addition of a
	"parentIfType" arg so that we can decide whether or not it is
	appropriate to emit the elements that are only in toplevel interfaces,
	as well as the <link> element (which isn't allowed for bridge
	interfaces).
	Since the restructuring of the code necessarily changes the order of
	some of the elements, some test case data had to be updated.

	interface: clean up virInterfaceDefParseXML
	the switch cases for the 4 different interface types had repetitive
	code which has now been pulled out as common. While touching those
	lines, some extra usage of "!= NULL" etc has been eliminated to make
	things more compact and inline with current coding practices.
	NB: parentIfType == VIR_INTERFACE_TYPE_LAST means that this is a
	toplevel interface (not a subordinate of a bridge or bond). Only
	toplevel interfaces can have a start mode, mtu, or IP address element.

	interface: move parsing of bridge attributes into appropriate function
	For some reason the bridge stp mode and delay were put directly into
	the "bridge" case of the switch in virInterfaceDefParseXML(), although
	they are inside the <bridge> element, and so should be parsed in the
	function created for that purpose - virInterfaceBridgeDefFormat().

	interface: report link state for bonds and vlans too
	The interface state for bonds and vlans does seem to reflect the state
	of the underlying physical devices, at least in some cases, so it
	makes sense to allow reporting it (netcf now does).
	The link state/speed for bridge devices is meaningless though, so we
	don't even look for it.

2014-06-20  Peter Krempa  <pkrempa@redhat.com>

	security: Rename virSecurityManagerSetImageLabel to *Disk*
	I'm going to add functions that will deal with individual image files
	rather than whole disks. Rename the security function to make room for
	the new one.

	security: Sanitize type of @migrated in virSecurityManagerRestoreAllLabel
	Also remove one spurious ATTRIBUTE_UNUSED guarding the @migrated
	argument.

	util: Don't require full disk definition when getting imagelabels
	The image labels are stored in the virStorageSource struct. Convert the
	virDomainDiskDefGetSecurityLabelDef helper not to use the full disk def
	and move it appropriately.

	util: storagefile: Introduce helper to free storage source perms
	It will also be reused later.

	util: seclabel: Add deep copy function for device labels

	storage: encryption: Add deep copy function for storage encryption

2014-06-20  Jim Fehlig  <jfehlig@suse.com>

	libxl: limit support for specifying an interface script
	Generally, <interface> ... <script> is only supported for
	type='ethernet'.  Due to the long and pervasive use of
	  <interface type='bridge'>
	    ...
	    <script path='foo'/>
	  </interface>
	in Xen domain configuration, it was agreed to allow the use
	of <script> with type='bridge' for backwards compatibility.  See
	the following discussion thread
	http://www.redhat.com/archives/libvir-list/2013-April/msg00755.html
	This patch limits the use of <script> to interface types ethernet
	and bridge, raising an unsupported config error if <script> is
	specified for all other interface types.
	While at it, use VIR_ERR_CONFIG_UNSUPPORTED instead of
	VIR_ERR_INTERNAL_ERROR when reporting unsupported interface types.

	libxl: support interface type=network
	Add support for <interface type='network'> in the libxl driver.

2014-06-19  Eric Blake  <eblake@redhat.com>

	virsh: fix broken code in freepages
	Commit 9e3efe53 broke the build under valgrind or clang, by writing
	8 bytes through an allocation of 4 bytes.  It also risks multiplication
	overflow when mallocing (that's a pervasive problem that needs an
	audit in the rest of the code, but we might as well fix this one while
	we are here), and had a typo.
	* tools/virsh-host.c (cmdFreepages): Avoid integer overflow and
	undefined behavior.

2014-06-19  Laine Stump  <laine@laine.org>

	interface: allow reordering of elements in xml
	The interface xml schema was written with strict rules about the
	ordering of the elements. This was never intentional, but just due to
	omission of <interleave> in the appropriate places. This patch just
	adds in <interleave> wherever there is more than one element, and
	re-indents everything else appropriately.

2014-06-19  Jincheng Miao  <jmiao@redhat.com>

	docs: fix some typos in formatdomain.html
	In section "Block / character devices" of "Host device assignment",
	the description of hostdev element has some error:
	For a block device, the type should be "storage", not "block";
	For a character device, the type should be "misc", not "char".

2014-06-19  Michal Privoznik  <mprivozn@redhat.com>

	nodeinfo: Implement nodeGetFreePages
	And add stubs to other drivers like: lxc, qemu, uml and vbox.

	virsh: Expose virNodeGetFreePages
	The new API is exposed under 'freepages' command.

	Introduce virNodeGetFreePages
	The aim of the API is to get information on number of free pages
	on the system. The API behaves similar to the
	virNodeGetCellsFreeMemory(). User passes starting NUMA cell, the
	count of nodes that he's interested in, pages sizes (yes,
	multiple sizes can be queried at once) and the counts are
	returned in an array.

	virCaps: expose pages info
	There are two places where you'll find info on page sizes. The first
	one is under <cpu/> element, where all supported pages sizes are
	listed. Then the second one is under each <cell/> element which refers
	to concrete NUMA node. At this place, the size of page's pool is
	reported. So the capabilities XML looks something like this:
	<capabilities>
	  <host>
	    <uuid>01281cda-f352-cb11-a9db-e905fe22010c</uuid>
	    <cpu>
	      <arch>x86_64</arch>
	      <model>Westmere</model>
	      <vendor>Intel</vendor>
	      <topology sockets='1' cores='1' threads='1'/>
	      ...
	      <pages unit='KiB' size='4'/>
	      <pages unit='KiB' size='2048'/>
	      <pages unit='KiB' size='1048576'/>
	    </cpu>
	    ...
	    <topology>
	      <cells num='4'>
	        <cell id='0'>
	          <memory unit='KiB'>4054408</memory>
	          <pages unit='KiB' size='4'>1013602</pages>
	          <pages unit='KiB' size='2048'>3</pages>
	          <pages unit='KiB' size='1048576'>1</pages>
	          <distances/>
	          <cpus num='1'>
	            <cpu id='0' socket_id='0' core_id='0' siblings='0'/>
	          </cpus>
	        </cell>
	        <cell id='1'>
	          <memory unit='KiB'>4071072</memory>
	          <pages unit='KiB' size='4'>1017768</pages>
	          <pages unit='KiB' size='2048'>3</pages>
	          <pages unit='KiB' size='1048576'>1</pages>
	          <distances/>
	          <cpus num='1'>
	            <cpu id='1' socket_id='0' core_id='0' siblings='1'/>
	          </cpus>
	        </cell>
	        ...
	      </cells>
	    </topology>
	    ...
	  </host>
	  <guest/>
	</capabilities>

	virnuma: Introduce pages helpers
	For future work we need two functions that fetches total number of
	pages and number of free pages for given NUMA node and page size
	(virNumaGetPageInfo()).
	Then we need to learn pages of what sizes are supported on given node
	(virNumaGetPages()).
	Note that system page size is disabled at the moment as there's one
	issue connected. If you have a NUMA node with huge pages allocated the
	kernel would return the normal size of memory for that node. It
	basically ignores the fact that huge pages steal size from the system
	memory. Until we resolve this, it's safer to not confuse users and
	hence not report any system pages yet.

	nodeinfo: Rename nodeGetFreeMemory to nodeGetMemory
	For future work we want to get info for not only the free memory
	but overall memory size too. That's why the function must have
	new signature too.

	virnuma: Introduce virNumaNodeIsAvailable
	Not on all hosts the set of NUMA nodes IDs is continuous. This is
	critical, because our code currently assumes the set doesn't contain
	holes. For instance in nodeGetFreeMemory() we can see the following
	pattern:
	    if ((max_node = virNumaGetMaxNode()) < 0)
	        return 0;
	    for (n = 0; n <= max_node; n++) {
	        ...
	    }
	while it should be something like this:
	    if ((max_node = virNumaGetMaxNode()) < 0)
	        return 0;
	    for (n = 0; n <= max_node; n++) {
	        if (!virNumaNodeIsAvailable(n))
	            continue;
	        ...
	    }

2014-06-19  Eric Blake  <eblake@redhat.com>

	virsh: expose new active commit controls
	Add knobs to virsh to manage a 2-phase active commit of the top
	layer, similar to knobs already present on blockcopy.  While this
	code will fail until later patches actually implement the new
	knobs in the qemu driver, doing it now proves that the API is
	usable and also makes it easier for testing the qemu changes as
	they are made.
	* tools/virsh-domain.c (cmdBlockCommit): Add --active, --pivot,
	and --keep-overlay options, modeled after blockcopy.
	(blockJobImpl): Support --active flag.
	* tools/virsh.pod (blockcommit): Document new flags.
	(blockjob): Mention 2-phase commit interaction.

	blockjob: use stable disk string in job event
	When the block job event was first added, it was for block pull,
	where the active layer of the disk remains the same name.  It was
	also in a day where we only cared about local files, and so we
	always had a canonical absolute file name.  But two things have
	changed since then: we now have network disks, where determining
	a single absolute string does not really make sense; and we have
	two-phase jobs (copy and active commit) where the name of the
	active layer changes between the first event (ready, on the old
	name) and second (complete, on the pivoted name).
	Adam Litke reported that having an unstable string between events
	makes life harder for clients.  Furthermore, all of our API that
	operate on a particular disk of a domain accept multiple strings:
	not only the absolute name of the active layer, but also the
	destination device name (such as 'vda').  As this latter name is
	stable, even for network sources, it serves as a better string
	to supply in block job events.
	But backwards-compatibility demands that we should not change the
	name handed to users unless they explicitly request it.  Therefore,
	this patch adds a new event, BLOCK_JOB_2 (alas, I couldn't think of
	any nicer name - but at least Migrate2 and Migrate3 are precedent
	for a number suffix).  We must double up on emitting both old-style
	and new-style events according to what clients have registered for
	(see also how IOError and IOErrorReason emits double events, but
	there the difference was a larger struct rather than changed
	meaning of one of the struct members).
	Unfortunately, adding a new event isn't something that can easily
	be broken into pieces, so the commit is rather large.
	* include/libvirt/libvirt.h.in (virDomainEventID): Add a new id
	for VIR_DOMAIN_EVENT_ID_BLOCK_JOB_2.
	(virConnectDomainEventBlockJobCallback): Document new semantics.
	* src/conf/domain_event.c (_virDomainEventBlockJob): Rename field,
	to ensure we catch all clients.
	(virDomainEventBlockJobNew): Add parameter.
	(virDomainEventBlockJobDispose)
	(virDomainEventBlockJobNewFromObj)
	(virDomainEventBlockJobNewFromDom)
	(virDomainEventDispatchDefaultFunc): Adjust clients.
	(virDomainEventBlockJob2NewFromObj)
	(virDomainEventBlockJob2NewFromDom): New functions.
	* src/conf/domain_event.h: Add new prototypes.
	* src/libvirt_private.syms (domain_event.h): Export new functions.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Generate two
	different events.
	* src/qemu/qemu_process.c (qemuProcessHandleBlockJob): Likewise.
	* src/remote/remote_protocol.x
	(remote_domain_event_block_job_2_msg): New struct.
	(REMOTE_PROC_DOMAIN_EVENT_BLOCK_JOB_2): New RPC.
	* src/remote/remote_driver.c
	(remoteDomainBuildEventBlockJob2): New handler.
	(remoteEvents): Register new event.
	* daemon/remote.c (remoteRelayDomainEventBlockJob2): New handler.
	(domainEventCallbacks): Register new event.
	* tools/virsh-domain.c (vshEventCallbacks): Likewise.
	(vshEventBlockJobPrint): Adjust client.
	* src/remote_protocol-structs: Regenerate.

2014-06-19  Jim Fehlig  <jfehlig@suse.com>

	Fix xmconfigtest
	Commit ac63014c introduced a regression in the conversion of Xen
	xm config to XML by emitting an empty <cmdline>.  Prior to this
	commit, <cmdline> was omitted if the xm config was missing (or
	contained an empty) 'extra='.

2014-06-19  Ian Campbell  <Ian.Campbell@citrix.com>

	xen: handle root= in xen-xm configuration files.
	In addition to extra= xm supported a root= option which was supposed
	to be incorporated into the final command line. Handle that for "virsh
	domxml-from-native xen-xm". Tested with the libxl backend.

2014-06-18  Pavel Hrdina  <phrdina@redhat.com>

	vbox_snapshot_conf: fix wrong use of 'xmlSaveFormatFileEnc'
	The function 'xmlSaveFormatFileEnc' has a last option to set
	if you want to format dumped xml with whitespaces or not.
	Older libxml2, the one used in RHEL6, take this option as it is
	but newer libxml2 check this option if it's true or not. This
	small difference somehow makes things messy on RHEL6 and generated
	xml had extra new line and extra whitespaces.
	We should pass 1 instead if -1 because the -1 confuses the libxml2.

	tests: fix vbox snapshot xmls
	On RHEL6 the vboxsnapshotxmltest fails because of wrong xml that
	is generated by libvirt. However the core issue is in the xml data
	itself with the wrong indentation.

2014-06-18  Peter Krempa  <pkrempa@redhat.com>

	virsh: man: Correctly spell QEMU
	s/QEemu/QEMU/g

	virsh: man: Fix examples and docs for virsh version
	The version command now takes the --daemon parameter for a while and the
	output example was pretty outdated.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1110673

2014-06-18  Serge Hallyn  <serge.hallyn@ubuntu.com>

	virt-aa-helper: allow access to /dev/vhost-net if needed
	Only allow the access if it is a KVM domain which has a NIC which wants
	non-userspace networking.
	This addresses https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1322568

2014-06-18  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Added example script on how to convert LXC container config

2014-06-18  Yohan BELLEGUIC  <yohan.belleguic@diateam.net>

	vbox: fix a segfault when taking a snapshot
	there is a segfault in the vbox driver when taking a snapshot in the
	following functions:
	- vboxDomainGetXMLDesc
	- vboxSnapshotGetReadWriteDisks
	- vboxSnapshotGetReadOnlyDisks
	The virStorageSourcePtr in virDomainDiskDef was not correctly allocated.
	(The problem stems from the fact that commit 4dc5d8f and commit bc3f5f1
	were written in one order but applied in another; so each tested in
	isolation passed, but the combination introduces the problem due to
	changed semantics).

2014-06-17  Peter Krempa  <pkrempa@redhat.com>

	vbox: snapshot: Avoid memleaks in functions dealing with disk arrays
	In virVBoxSnapshotConfRemoveFakeDisks and
	virVBoxSnapshotConfDiskIsInMediaRegistry the disk array constructed from
	all the disks would be leaked at the end of the function and on
	allocation errors. Also the temporary disk list would be leaked.
	Add a cleanup section and free the memory properly.
	Found by coverity.

	vbox: snapshot: Avoid memleak in virVBoxSnapshotConfAllChildren
	On re-allocation failure the function would leak already allocated
	memory.

	uuid: Fix coverity warning of unchecked return value
	Coverity checks for patterns of handling return values of functions.
	Some recent addition must have tripped a threshold where coverity now
	complains that we usually check the return value of virUUIDGenerate but
	don't do it in one place. Add a check to make coverity happy.

	network: bridge: Avoid freeing uninitialized pointer on cleanup path
	The cleanup path in networkBuildDhcpDaemonCommandLine could cause a
	crash by freeing uninitialized pointer.

	net: leaseshelper: Refactor copying of old entries to avoid double free
	When copying entries from the old lease file into the new array the old
	code would copy the pointer of the json object into the second array
	without removing it from the first. Afterwards when both arrays were
	freed this might lead to a crash due to access of already freed memory.
	Refactor the code to use the new array item stealing helper added to the
	json code so that the entry resides just in one array.

	net: leaseshelper: Ignore corrupted lease file and rewrite it
	Instead of reporting an error and terminating, rewrite the file with
	the newly learned info.

	net: leaseshelper: Don't crash if DNSMASQ doesn't provide lease expiry
	The value is provided via environment and causes a crash if not defined.

	util: json: Add helpers for manipulating json arrays
	Add a checker to determine whether a JSON object is an array and a
	helper to steal objects from a JSON array.

	util: json: Unify function header formatting
	Use consistent formatting of function headers:
	- two newlines separating functions
	- function return type on separate line
	- one argument per line

2014-06-17  Eric Blake  <eblake@redhat.com>

	blockjob: don't remove older-style mirror XML
	Commit 7c6fc39 introduced a regression in the XML produced for older
	clients.  The argument at the time was that clients shouldn't be
	depending on output-only data for something that is only going to
	be triggered for a transient guest; but John Ferlan reported that
	the automated testsuite was such a client.  It's better to be safe
	than sorry by guaranteeing back-compat cruft.  Note that later
	patches will be using <mirror> for active block commit, but there
	we don't have to worry about back-compat.
	* src/conf/domain_conf.c (virDomainDiskDefFormat): Restore old
	style output when necessary.
	* docs/schemas/domaincommon.rng: Validate back-compat style.
	* docs/formatdomain.html.in: Update the documentation.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-mirror-old.xml:
	Update tests.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml: Likewise.

	blockjob: avoid compiler uncertainty in info sizing
	We have a policy of avoiding enum types in structs in our public
	API, because it is possible for a client to choose compiler options
	that can change the in-memory ABI of that struct based on whether
	the enum value occupies an int or a minimal size.  But we missed
	this for virDomainBlockJobInfo.  We got lucky on little-endian
	machines - if the enum fits minimal size (a char), we still end
	up padding to the next long before the next field; but on
	big-endian, a client interpreting the enum as a char would always
	see 0 when the server supplies contents as an int.
	* include/libvirt/libvirt.h.in (virDomainBlockJobInfo): Enforce
	particular sizing.

	blockjob: document recent job addition
	I noticed that the web page lacked documentation on block jobs:
	http://libvirt.org/html/libvirt-libvirt.html#virDomainBlockJobType
	not only for the recently added active commit, but also for all
	the other job types.
	* include/libvirt/libvirt.h.in (virDomainBlockJobType): Document
	recent addition.

2014-06-17  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	Increase the size of REMOTE_MIGRATE_COOKIE_MAX to REMOTE_STRING_MAX
	During guest migration, if the domain xml is bigger than 16384 which is
	easily possible for a guest with good number of disks, message encode fails
	for xdr_remote_domain_migrate_perform3_ret().
	So, Increase the COOKIE_MAX to STRING_MAX value.

2014-06-16  Michal Privoznik  <mprivozn@redhat.com>

	nodedev: Introduce <pci-express/> to PCI devices
	This new element is there to represent PCI-Express capabilities
	of a PCI devices, like link speed, number of lanes, etc.

	virpci: Introduce virPCIDeviceIsPCIExpress and friends
	These functions will handle PCIe devices and their link capabilities
	to query some info about it.

2014-06-16  Eric Blake  <eblake@redhat.com>

	blockcommit: require base below top
	The block commit code looks for an explicit base file relative
	to the discovered top file; so for a chain of:
	  base <- snap1 <- snap2 <- snap3
	and a command of:
	  virsh blockcommit $dom vda --base snap2 --top snap1
	we got a sane message (here from libvirt 1.0.5):
	error: invalid argument: could not find base 'snap2' below 'snap1' in chain for 'vda'
	Meanwhile, recent refactoring has slightly reduced the quality of the
	libvirt error messages, by losing the phrase 'below xyz':
	error: invalid argument: could not find image 'snap2' in chain for 'snap3'
	But we had a one-off, where we were not excluding the top file
	itself in searching for the base; thankfully qemu still reports
	the error, but the quality is worse:
	  virsh blockcommit $dom vda --base snap2 --top snap2
	error: internal error unable to execute QEMU command 'block-commit': Base '/snap2' not found
	Fix the one-off in blockcommit by changing the semantics of name
	lookup - if a starting point is specified, then the result must
	be below that point, rather than including that point.  The only
	other call to chain lookup was blockpull code, which was already
	forcing the lookup to omit the active layer and only needs a
	tweak to use the new semantics.
	This also fixes the bug exposed in the testsuite, where when doing
	a lookup pinned to an intermediate point in the chain, we were
	unable to return the name of the parent also in the chain.
	* src/util/virstoragefile.c (virStorageFileChainLookup): Change
	semantics for non-NULL startFrom.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Adjust caller,
	to keep existing semantics.
	* tests/virstoragetest.c (mymain): Adjust to expose new semantics.

	storage: better tests of lookup
	Add some more tests of what happens when we restrict a lookup
	to begin at a point in the middle of a chain.  In particular,
	we want to ensure that a parent is not found when starting at
	the child.  This commit also demonstrates that we have a slight
	difference in behavior on what parent we report when filtering
	is in effect; as the determination of the parent affects the
	code in block commit, exposing this in the testsuite will help
	justify changes in future patches that tweak the semantics of
	what lookups are allowed.
	* tests/virstoragetest.c (testStorageLookup): Test user input.
	(TEST_LOOKUP_TARGET): Add parameter.
	(mymain): Add lookup tests.

	storage: renumber lookup tests
	The next patch will be adding tests, including adding a parameter
	for testing more conditions.  For ease of review of that patch, I
	want to create common context lines that don't change when the new
	tests are added (it's easier to visually review additions than it
	is to review an entire chunk of tests rewritten into another
	larger chunk of tests).
	* tests/virstoragetest.c (mymain): Add a parameter and renumber
	the lookup tests.

	storage: add alias for less typing
	Typing chain->backingStore->backingStore gets old after a while;
	introduce some alias variables to make the test more compact.
	* tests/virstoragetest.c (mymain): Introduce some shorthand.

2014-06-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Don't mark all block disks for metadata reuse
	For block devices used as snapshot source the new snapshot code would
	set the reuse flag. This inhibits to take snapshot without specially
	preparing the block image before taking the snapshot.
	Fortunately this is not a regression as only the new way of specifying
	snapshot source is affected.
	For the followin snapshot XML:
	 <domainsnapshot>
	   <disks>
	     <disk name='vda' type='block'>
	       <driver type='qcow2'/>
	       <source dev="/dev/andariel/testsnap" />
	     </disk>
	   </disks>
	 </domainsnapshot>
	You'd get:
	error: internal error: unable to execute QEMU command 'transaction': Image is not in qcow2 format
	After this patch the snapshot is created successfully.

2014-06-16  Pavel Hrdina  <phrdina@redhat.com>

	leaseshelper: fix another crash
	We create a 'lease_new' when we are adding new lease entry, then later
	in the code we add the 'lease_new' into a 'leases_array_new' which
	leads into the crash because we double free the 'lease_new'.
	To prevent the double free we set the 'lease_new' to NULL after
	successful append into the 'leases_array_new'.

2014-06-14  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: silent destroy command errors on cleanup
	When virBhyveProcessStart() fails, it tries to unload
	a guest that could have been already loaded using
	bhyveload(8) to make sure not to leave it hanging in memory.
	However, we could fail before loading a VM into memory,
	so 'bhyvectl --destroy' command will fail and print
	an error message that looks confusing to users.
	So ignore errors when running this in cleanup.

	bhyve: do not cleanup unallocated networks on fail
	virBhyveProcessStart() calls bhyveNetCleanup() if it fails. However,
	it might fail earlier than networks are allocated, so modify
	bhyveNetCleanup() to check if net->ifname is not NULL before
	going further with the cleanup.

	bhyve: fix crash in bhyveBuildNetArgStr
	bhyveBuildNetArgStr() calls virNetDevTapCreateInBridgePort() and
	passes tapfd = NULL, but tapfdSize = 1. That is wrong, because
	if virNetDevTapCreateInBridgePort() crashes after successfully
	creating a TAP device, it'll jump to 'error' label, that
	loops over tapfd and calls VIR_FORCE_CLOSE:
	   for (i = 0; i < tapfdSize && tapfd[i] >= 0; i++)
	In that case we get a segfault.
	As the bhyve code doesn't use tapfd, pass NULL and set tapfdSize to 0.

2014-06-14  Giuseppe Scrivano  <gscrivan@redhat.com>

	storage: report VIR_ERR_NO_STORAGE_VOL when the file doesn't exist
	Report VIR_ERR_NO_STORAGE_VOL instead of a system error when lstat
	fails because the file doesn't exist.
	Fixes this problem in virt-install:
	  https://bugzilla.redhat.com/show_bug.cgi?id=1108922

2014-06-13  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: implement PCI address allocation
	Automatically allocate PCI addresses for devices instead
	of hardcoding them in the driver code. The current
	allocation schema is to dedicate an entire slot for each devices.
	Also, allow having arbitrary number of devices.

2014-06-13  Michal Privoznik  <mprivozn@redhat.com>

	virNetDevGetLinkInfo: Don't report link speed if NIC's not up
	The kernel's more broken than one would think. Various drivers report
	various (usually spurious) values if the interface is in other state
	than 'up' . While on some we experience -EINVAL when read()-ing the
	speed sysfs file, with other drivers we might get anything from 0 to
	UINT_MAX. If that's the case it's better to not report link speed.
	Well, the interface is not up anyway.

2014-06-13  Peter Krempa  <pkrempa@redhat.com>

	tests: virstoragetest: Fix output when hitting errors
	When the test is failing but the debug output isn't enabled the
	resulting line would look ugly like and would not contain the actual
	difference.
	TEST: virstoragetest
	      .................chain member 1!chain member 1!chain member 1!
	Store the member index in the actual checked string to hide this problem

2014-06-13  Eric Blake  <eblake@redhat.com>

	blockcommit: update error messages related to block jobs
	A future patch will add two-phase block commit jobs; as the
	mechanism for managing them is similar to managing a block copy
	job, existing errors should be made generic enough to occur
	for either job type.
	* src/conf/domain_conf.c (virDomainHasDiskMirror): Update
	comment.
	* src/qemu/qemu_driver.c (qemuDomainDefineXML)
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
	(qemuDomainBlockJobImpl, qemuDomainBlockCopy): Update error
	message.
	* src/qemu/qemu_hotplug.c (qemuDomainDetachDiskDevice): Likewise.

	virsh: improve blockcopy UI
	Peter's review of an early version of my addition of active block
	commit pointed out some issues that I was copying from the block
	copy code; fix them up now before perpetuating them.
	For virsh commands that manage a single API call, it's nice to have
	a 1:1 mapping of options to flags, so that we can test that
	lower-layer software handles flag combinations correctly.  But where
	virsh is introducing syntactic sugar to combine multiple API calls
	into a single user interface, we might as well make that interface
	compact.  That is, we should allow the shorter command-line of
	'blockcopy $dom $disk --pivot' without having to explicitly specify
	--wait, because this isn't directly a flag passed to a single
	underlying API call.
	Also, my use of embedded ?: ternaries bordered on unreadable.
	* tools/virsh-domain.c (cmdBlockCopy): Make --pivot, --finish,
	and --timeout imply --wait. Drop excess ?: operators.
	* tools/virsh.pod (blockcopy): Update documentation.

2014-06-12  Michal Privoznik  <mprivozn@redhat.com>

	virNodeDevCapPCIDevParseXML: Initialize numa_node variable
	With one of my recent patches (1c70277) libvirt's capable of
	reporting NUMA node locality for PCI devices. The node ID is
	stored in pci_dev.numa_node variable. However, since zero is
	valid NUMA node ID, the default is -1 as it is in kernel too.
	So, if the PCI device is not tied to any specific NUMA node, the
	default is then NOT printed into XML. Therefore, when parsing
	node device XML, the <node/> element is optional. But currently,
	if it's not there, we must set sane default, otherwise after
	parsing in the memory representation doesn't match the XML. We
	are already doing this in other place: udevProcessPCI().

2014-06-12  Eric Blake  <eblake@redhat.com>

	blockcommit: fix regression with explicit top argument
	Commit f586965 accidentally changed the semantics of the
	virDomainBlockCommit command; where it previously looked for
	an explicit top argument from the top of the chain, it now
	starts from the backing file of the top.  Of course, until
	we allow active commits, the only difference it makes is in
	the quality of the error message, but with code for active
	commit coming soon, we need to support an explicit mention
	of the active layer.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Start looking
	from top of chain.

2014-06-12  Jincheng Miao  <jmiao@redhat.com>

	virsh: forbid negative vcpu argument to vcpupin
	The vcpupin command allowed specifying a negative number for the --vcpu
	argument. This would the overflow when the underlying virDomainPinVcpu
	API was called.
	 $ virsh vcpupin r7 -1 0
	 error: numerical overflow: input too large: 4294967295
	Switch the vCPU variable to a unsigned int and parse it using the
	corresponding function.
	Also improve the vcpupin test to cover all the defects.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1101059

2014-06-12  Peter Krempa  <pkrempa@redhat.com>

	virsh: Reject negative numbers in vshCommandOptULongLong
	To follow the new semantics of the vshCommandOptToU* functions convert
	this one to reject negative numbers too. To allow using -1 for "maximum"
	semantics for the vol-*load two bandwidth functions that use this helper
	introduce vshCommandOptULongLongWrap.

	virsh: Reject negative numbers in vshCommandOptUL
	To follow the new semantics of the vshCommandOptToU* functions convert
	this one to reject negative numbers too. To allow using -1 for "maximum"
	semantics for the two bandwidth functions that use this helper introduce
	vshCommandOptULWrap. Although currently the migrate-setspeed function
	for the qemu driver will reject -1 as maximum.

	virsh: Reject negative numbers in vshCommandOptUInt
	Use virStrToLong_uip instead of virStrToLong_ui to reject negative
	numbers in the helper. None of the callers expects the wraparound
	"feature" for negative numbers.
	Also add a function that allows wrapping of negative numbers as it might
	be used in the future and be explicit about the new semantics in the
	function docs.

2014-06-12  Ján Tomko  <jtomko@redhat.com>

	Fix crash when saving a domain with type none dac label
	qemuDomainGetImageIds did not check if there was a label
	in the seclabel, thus crashing on
	<seclabel type='none' model='dac'/>
	https://bugzilla.redhat.com/show_bug.cgi?id=1108590

2014-06-12  John Ferlan  <jferlan@redhat.com>

	vbox_snapshot_conf: Resolve Coverity warnings
	Clean up some Coverity warnings from commit id '4dc5d8f1'

	vbox_temp: Resolve Coverity warnings
	Clean up code to resolve Coverity RESOURCE_LEAK's from commit id's
	'632b9600' and 'b739f807'.

2014-06-12  Peter Krempa  <pkrempa@redhat.com>

	security: Don't skip labelling for network disks
	A network disk might actually be backed by local storage. Also the path
	iterator actually handles networked disks well now so remove the code
	that skips the labelling in dac and selinux security driver.

	storage: volume: Rework lookup of volume objects
	Add a helper to do all the lookup steps and remove a ton of duplicated
	code.

	storage: Clean up unlocking of storage pool objects
	Most of the APIs now don't reach the cleanup section when the pool
	object wasn't found and thus don't need to check before unlocking it.

	storage: pool: Fix handling of errors on pool lookup failure
	Rework internal pool lookup code to avoid printing the raw UUID buffer
	in the case a storage pool can't be found:
	 $ virsh pool-name e012ace0-0460-5810-39ef-1bce5fa5a4dd
	 error: failed to get pool 'e012ace0-0460-5810-39ef-1bce5fa5a4dd'
	 error: Storage pool not found: no storage pool with matching uuid à¬à`X9ï_¥¤Ý
	The rework is mostly done by switching the lookup code to the newly
	introduced helper virStoragePoolObjFromStoragePool
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1104993

2014-06-12  Ján Tomko  <jtomko@redhat.com>

	build: prefer -fstack-protector-strong to -all
	Try -fstack-protector-strong first on Linux. If that fails,
	fall back to -fstack-protector-all.

	build: remove ssp-buffer-size
	This option only makes sense for -fstack-protector.
	With -fstack-protector-all or -fstack-protector-strong,
	functions are protected regardless of buffer size.
	https://bugzilla.redhat.com/show_bug.cgi?id=1105456

	build: remove duplicit warning suppression
	These warnings have already been added to $dontwarn.

2014-06-12  John Ferlan  <jferlan@redhat.com>

	libxl: Resolve Coverity warnings
	Resolve two Coverity issues introduced by commit id '9b8d6e1e'

2014-06-12  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	virsh: include bhyve in virsh -V output
	Add 'Bhyve' in hypervisor list reported by 'virsh -V'
	if it's compiled it.

2014-06-11  Pavel Hrdina  <phrdina@redhat.com>

	leaseshelper: fix crash
	Commit baafe668 introduced new leaseshelper with a crash of freeing
	env string. Calling 'getenv()' inside 'virGetEnvAllowSUID()' may
	return a static string and we definitely should not free it.
	The author probably want to free the copy of that string.

2014-06-11  Eric Blake  <eblake@redhat.com>

	maint: exempt graphic binaries from syntax check
	Roman Bogorodskiy reported a syntax-check failure when using
	FreeBSD; complaining that:
	prohibit_empty_first_line
	tools/libvirt_win_icon_16x16.ico:1:
	tools/libvirt_win_icon_32x32.ico:1:
	tools/libvirt_win_icon_48x48.ico:1:
	tools/libvirt_win_icon_64x64.ico:1:
	maint.mk: Prohibited empty first line
	In reality, the first 'line' of that file is NOT empty; but since
	it is a binary file, awk is not required to handle it gracefully.
	The simplest solution is to exempt all image files from syntax
	checks in the first place - after all, we only store them in git
	because they are inconvenient to regenerate, but they are not our
	preferred format for making modifications, and syntax check should
	only cover files that we are likely to modify.
	* cfg.mk (VC_LIST_ALWAYS_EXCLUDE_REGEX): Exempt images.
	(exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF): Simplify.
	(exclude_file_name_regexp--sc_trailing_blank): Likewise.

2014-06-11  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	qemu: Properly label FDs when restoring domain with static label
	When saving domain with relabel=no, the file that gets created must have the
	context set anyway.  That way restore can be successful without the need of
	relabelling the file.

2014-06-11  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vmware: make version parsing more robust
	Since commit d69415d4, vmware version is parsed from both stdout and
	stderr. This patch makes version parsing work even if there is garbage
	(libvirt debug messages for example) in the command output.
	Add test data for this case.

2014-06-11  Michal Privoznik  <mprivozn@redhat.com>

	virnetdev: Use ifname in virNetDevGetLinkInfo
	If we're compiling on non-Linux platform, the virNetDevGetLinkInfo()
	is a dummy function which barely logs debug message that getting link
	info is not supported. However, while the debug message was prepared
	for printing the interface name too, I actually forgot to pass the
	variable which resulted in build error on platforms like mingw or
	FreeBSD.

	node_device: Expose link state & speed
	While exposing the info under <interface/> in previous patch works, it
	may work only in cases where interface is configured on the host.
	However, orchestrating application may want to know the link state and
	speed even in that case. That's why we ought to expose this in nodedev
	XML too:
	virsh # nodedev-dumpxml net_eth0_f0_de_f1_2b_1b_f3
	<device>
	  <name>net_eth0_f0_de_f1_2b_1b_f3</name>
	  <path>/sys/devices/pci0000:00/0000:00:19.0/net/eth0</path>
	  <parent>pci_0000_00_19_0</parent>
	  <capability type='net'>
	    <interface>eth0</interface>
	    <address>f0:de:f1:2b:1b:f3</address>
	    <link speed='1000' state='up'/>
	    <capability type='80203'/>
	  </capability>
	</device>

	interface_backend_udev: Implement link speed & state
	In the previous commit the helper function was prepared, so now
	we can wire it up and benefit from it. The Makefile change is
	required because we're including virnedev,h which includes
	virnetlink.h which tries to include netlink/msg.h. However this
	file is not under /usr/include directly but is dependent on libnl
	used.

	virnetdev: Introduce virNetDevGetLinkInfo
	The purpose of this function is to fetch link state
	and link speed for given NIC name from the SYSFS.

	virInterface: Expose link state & speed
	Currently it is not possible to determine the speed of an interface
	and whether a link is actually detected from the API. Orchestrating
	platforms want to be able to determine when the link has failed and
	where multiple speeds may be available which one the interface is
	actually connected at. This commit introduces an extension to our
	interface XML (without implementation to interface driver backends):
	  <interface type='ethernet' name='eth0'>
	    <start mode='none'/>
	    <mac address='aa:bb:cc:dd:ee:ff'/>
	    <link speed='1000' state='up'/>
	    <mtu size='1492'/>
	    ...
	  </interface>
	Where @speed is negotiated link speed in Mbits per second, and state
	is the current NIC state (can be one of the following:  "unknown",
	"notpresent", "down", "lowerlayerdown","testing", "dormant", "up").

2014-06-11  Eric Blake  <eblake@redhat.com>

	nodeinfo: avoid uninitialized variable on error
	Commit 8ba0a58 introduced a compiler warning that I hit during
	a run of ./autobuild.sh:
	../../src/nodeinfo.c: In function 'nodeCapsInitNUMA':
	../../src/nodeinfo.c:1853:43: error: 'nsiblings' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	         if (virCapabilitiesAddHostNUMACell(caps, n, memory,
	                                           ^
	Sure enough, nsiblings starts uninitialized, and is set by a call
	to virNodeCapsGetSiblingInfo, but that function fails to assign
	through the pointer if virNumaGetDistances fails.
	* src/nodeinfo.c (nodeCapsInitNUMA): Initialize nsiblings.

	storage: fix memory leak with encrypted images
	Jim Fehlig reported a regression found by libvirt-TCK tests:
	> ~ # perl /usr/share/libvirt-tck/tests/qemu/100-disk-encryption.t
	...
	> ok 4 - defined persistent domain config
	> # Starting inactive domain config
	> libvirt error code: 1, message: internal error: unable to execute QEMU command
	> 'cont': 'drive-ide0-0-1'
	> (/var/cache/libvirt-tck/300-disk-encryption/demo.qcow2) is encrypted
	Commit 2279d560 converted a boolean into a pointer with the intent of
	transferring that pointer out of a temporary object into the caller's
	data structure.  The temporary structure meant that meta->encryption
	was always NULL on entry, so we could get away with blindly allocating
	the pointer when the header said so.  But later, commit 8823272d
	tweaked things to do backing chain detection in-place, rather than via
	a temporary object; this has the net result that meta->encryption can
	be non-NULL on entry.  Not only did this turn the latent behavior into
	a memory leak, it is also a behavior regression: blindly allocating a
	new pointer wipes out what secrets we already knew about the chain,
	making it impossible to restart the domain.
	Of course, no one in their right mind should be relying on qcow2
	encryption - it is fundamentally flawed.  And sadly, the TCK tests
	don't get run often enough, and this shows that our virstoragetest
	does not exercise encrypted images at all.  Otherwise, we could
	have avoided a release containing this regression.
	* src/util/virstoragefile.c (virStorageFileGetMetadataInternal):
	Don't nuke an already-existing encryption.

2014-06-11  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	vbox: fix compilation error
	clang complains about possibly uninitialized variable:
	vbox/vbox_snapshot_conf.c:1355:9: error: variable 'ret' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
	    if (!(xPathContext = xmlXPathNewContext(xml))) {
	        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	So init 'ret' with NULL.

2014-06-11  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	virsh: Add details about specified migration host
	the 'migration_host' description may be a bit difficult to
	understand for some users, so enhance the manual

2014-06-11  Eric Blake  <eblake@redhat.com>

	blockcommit: document semantics of committing active layer
	Now that qemu 2.0 allows commit of the active layer, people are
	attempting to use virsh blockcommit and getting into a stuck
	state, because libvirt is unprepared to handle the two-phase
	commit required by qemu.
	Stepping back a bit, there are two valid semantics for a
	commit operation:
	1. Maintain a 'golden' base, and a transient overlay. Make
	changes in the overlay, and if everything appears to work,
	commit those changes into the base, but still keep the overlay
	for the next round of changes; repeat the cycle as desired.
	2. Create an external snapshot, then back up the stable state
	in the backing file. Once the backup is complete, commit the
	overlay back into the base, and delete the temporary snapshot.
	Since qemu doesn't know up front which of the two styles is
	preferred, a block commit of the active layer merely gets
	the job into a synchronized state, and sends an event; then
	the user must either cancel (case 1) or complete (case 2),
	where qemu then sends a second event that actually ends the
	job.  However, until commit e6bcbcd, libvirt was blindly
	assuming the semantics that apply to a commit of an
	intermediate image, where there is only one sane conclusion
	(the job automatically ends with fewer elements in the chain);
	and getting stuck because it wasn't prepared for qemu to enter
	a second phase of the job.
	This patch adds a flag to the libvirt API that a user MUST
	supply in order to acknowledge that they will be using two-phase
	semantics.  It might be possible to have a mode where if the
	flag is omitted, we automatically do the case 2 semantics on
	the user's behalf; but before that happens, I must do additional
	patches to track the fact that we are doing an active commit
	in the domain XML.  Later patches will add support of the flag,
	and once 2-phase semantics are working, we can then decide
	whether to relax things to allow an omitted flag to cause an
	automatic pivot.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_BLOCK_COMMIT_ACTIVE)
	(VIR_DOMAIN_BLOCK_JOB_TYPE_ACTIVE_COMMIT): New enums.
	* src/libvirt.c (virDomainBlockCommit): Document two-phase job
	when committing active layer, through new flag.
	(virDomainBlockJobAbort): Document that pivot also occurs after
	active commit.
	* tools/virsh-domain.c (vshDomainBlockJob): Cover new job.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Explicitly
	reject active copy; later patches will add it in.

2014-06-10  Wangrui (K)  <moon.wangrui@huawei.com>

	docs: fix a typo in hacking.html.in

2014-06-10  Yohan BELLEGUIC  <yohan.belleguic@diateam.net>

	vbox_tmpl.c: Add function for undefining snapshot
	All snapshots information will be deleted from the vbox XML, but
	differencing disks will be kept so the user will be able to redefine the
	snapshot.

	vbox_tmpl.c: Patch for redefining snapshots
	The machine is unregistered and its vbox XML file is changed in order to
	add snapshot information. The machine is then registered with the
	snapshot to redefine.

	Add vbox_snapshot_conf struct
	This structure contains the data to be saved in the VirtualBox XML file
	and can be manipulated with severals exposed functions.
	The structure is created by vboxSnapshotLoadVboxFile taking the
	machine XML file.
	It also can rewrite the XML by using vboxSnapshotSaveVboxFile.

2014-06-10  Manuel VIVES  <manuel.vives@diateam.net>

	vbox_tmpl.c: Better XML description for snapshots
	It will be needed for the future patches because we will
	redefine snapshots

2014-06-10  Ján Tomko  <jtomko@redhat.com>

	SELinux: don't fail silently when no label is present
	This fixes startup of a domain with:
	<seclabel type='none' model='dac'/>
	on a host with selinux and dac drivers and
	security_default_confined = 0
	https://bugzilla.redhat.com/show_bug.cgi?id=1105939
	https://bugzilla.redhat.com/show_bug.cgi?id=1102611

2014-06-09  Laine Stump  <laine@laine.org>

	qemu: ignore -nodefconfig and -nodefaults when parsing commandline
	The qemu driver always adds these options to the qemu commandlines,
	but the commandline parser didn't recognize them, so sending a
	libvirt-generated qemu commandline to its own argvtoxml would always
	result in a warning message and a qemu namespace added to the
	xml. Since the options don't add any functionality to the domain, they
	should just be ignored (similar to -S).
	Note that we can't yet add a test for this to qemuargv2xmltest,
	because we would have to add QEMU_CAPS_NODEFCONFIG and
	QEMU_CAPS_DEVICE to the capabilities for any corresponding
	xml2argvtest, and QEMU_CAPS_DEVICE would necessitate having support
	for parsing a memballoon device in order for qemuargv2xmltest to
	pass. So we wait to add a test for -nodefconfig and -nodefaults until
	after adding support for parsing -device virtio-balloon-*.

	test: display qemuParseCommandline warnings when VIR_TEST_DEBUG > 0
	qmeuargv2xmltest.c would fail any test that logged anything during
	qemuParseCommandline(), but then discard the log message, even with
	VIR_TEST_DEBUG=2. This patch outputs the log messages with
	fprintf(stderr,...) when debug logging is on.
	In the process of modifying that logic, the testInfo data was made
	more similar to that of qemuxml2argvtest.c - rather than turning
	info->extraFlags into a bool, an enum of flags is defined, the info
	struct is given an "unsigned int flags", and FLAG_EXPECT_WARNING is
	saved into info->flags, to be checked during the test; this will make
	it easier to add other FLAG_EXPECT_* items in the future.

2014-06-09  Peter Krempa  <pkrempa@redhat.com>

	parallels: Avoid possible leak of "cpu" from parallelsBuildCapabilities
	4d06af97d38c3648937eb8f732704379b3cd9e59 introduced a possible memory
	leak of the memory allocated into the "cpu" pointer in
	parallelsBuildCapabilities in the case "nodeGetInfo()" would fail right
	after the allocation. Rearrange the code to avoid the possibility of the
	leak.
	Found by Coverity.

	m4: bhyve: Fix check for the required bhyve programs
	bhyveload and bhyvectl wouldn't be checked otherwise as the configure
	script wouldn't execute one of the tests:
	checking for bhyve... /usr/local/sbin/bhyve
	checking for bhyvectl... /usr/local/sbin/bhyvectl
	checking for bhyveload... /usr/local/sbin/bhyveload
	./configure: line 62602: test: too many arguments
	Fix the shell statement testing the 3 binaries.

2014-06-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	vmx: Relax virtualHW.version check
	The original implementation of the VMX config parser assumed that the
	virtualHW.version would have more influence on the content of the VMX
	file than it actually seems to have. It started with accepting only
	version 4. Additonal versions were added later without any additional
	changes in the parser itself. This suggests that the influence of the
	virtualHW.version on the content and format of the VMX file is small
	or non-existent.
	The parser worked without any changes across several virtualHW and
	vSphere versions. So instead of adding new virtualHW.version values to
	the parser as they come along, or adding an extra flag to allow unknown
	virtualHW.version values just relax the check to require version 4 or
	later.

2014-06-07  Eric Blake  <eblake@redhat.com>

	conf: alter disk mirror xml output
	Now that we track a disk mirror as a virStorageSource, we might
	as well update the XML to theoretically allow any type of
	mirroring destination (not just a local file).  A later patch
	will also be reusing <mirror> to track the block commit of the
	top layer of a chain, which is another case where libvirt needs
	to update the backing chain after the job is finally pivoted,
	and since backing chains can have network backing files as the
	destination to commit into, it makes more sense to display that
	in the XML.
	This patch changes output-only XML; it was already documented
	that <mirror> does not affect a domain definition at this point
	(because qemu doesn't provide persistent bitmaps yet).  Any
	application that was starting a block copy job with older libvirt
	and then relying on the domain XML to determine if it was
	complete will no longer be able to access the file= and format=
	attributes of mirror that were previously used.  However, this is
	not going to be a problem in practice: the only time a block copy
	job works is on a transient domain, and any app that is managing
	a transient domain probably already does enough of its own
	bookkeeping to know which file it is mirroring into without
	having to re-read it from the libvirt XML.  The one thing that
	was likely to be used in a mirroring job was the ready=
	attribute, which is unchanged.  Meanwhile, I made sure the schema
	and parser still accept the old format, even if we no longer
	output it, so that upgrading from an older version of libvirt is
	seamless.
	* docs/schemas/domaincommon.rng (diskMirror): Alter definition.
	* src/conf/domain_conf.c (virDomainDiskDefParseXML): Parse two
	styles of mirror elements.
	(virDomainDiskDefFormat): Output new style.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror-old.xml: New
	file, copied from...
	* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml: ...here
	before modernizing.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-mirror-old*: New
	files.
	* tests/qemuxml2xmltest.c (mymain): Test both styles.

2014-06-06  Eric Blake  <eblake@redhat.com>

	conf: store mirroring information in virStorageSource
	The current implementation of 'virsh blockcopy' (virDomainBlockRebase)
	is limited to copying to a local file name.  But future patches want
	to extend it to also copy to network disks.  This patch converts over
	to a virStorageSourcePtr, although it should have no semantic change
	visible to the user, in anticipation of those future patches being
	able to use more fields for non-file destinations.
	* src/conf/domain_conf.h (_virDomainDiskDef): Change type of
	mirror information.
	* src/conf/domain_conf.c (virDomainDiskDefParseXML): Localize
	mirror parsing into new object.
	(virDomainDiskDefFormat): Adjust clients.
	* src/qemu/qemu_domain.c (qemuDomainDeviceDefPostParse):
	Likewise.
	* src/qemu/qemu_driver.c (qemuDomainBlockPivot)
	(qemuDomainBlockJobImpl, qemuDomainBlockCopy): Likewise.

	conf: store disk source as pointer, for easier manipulation
	As part of the work on backing chains, I'm finding that it would
	be easier to directly manipulate chains of pointers (adding a
	snapshot merely adjusts pointers to form the correct list) rather
	than copy data from one struct to another.  This patch converts
	domain disk source to be a pointer.
	In this patch, the pointer is ALWAYS allocated (thanks in part to
	the previous patch forwarding all disk def allocation through a
	common point), and all other changse are just mechanical fallout of
	the new type; there should be no functional change.  It is possible
	that we may want to leave the pointer NULL for a cdrom with no
	medium in a later patch, but as that requires a closer audit of the
	source to ensure we don't fault on a null dereference, I didn't do
	it here.
	* src/conf/domain_conf.h (_virDomainDiskDef): Change type of src.
	* src/conf/domain_conf.c: Adjust all clients.
	* src/security/security_selinux.c: Likewise.
	* src/qemu/qemu_domain.c: Likewise.
	* src/qemu/qemu_command.c: Likewise.
	* src/qemu/qemu_conf.c: Likewise.
	* src/qemu/qemu_process.c: Likewise.
	* src/qemu/qemu_migration.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/lxc/lxc_driver.c: Likewise.
	* src/lxc/lxc_controller.c: Likewise.
	* tests/securityselinuxlabeltest.c: Likewise.

	conf: consolidate disk def allocation
	A future patch wants to create disk definitions with non-zero
	default contents; to avoid crashes, all callers that allocate
	a disk definition should go through a common point.
	I found allocation points by looking for any code that increments
	ndisks, as well as any matches for ALLOC.*disk.  Most places that
	modified ndisks were covered by the parse from XML to domain/device
	definition by initial domain creation or device hotplug; I also
	hand-checked all drivers that generate a device struct on the
	fly during getXMLDesc.
	* src/conf/domain_conf.h (virDomainDiskDefNew): New prototype.
	* src/conf/domain_conf.c (virDomainDiskDefNew): New function.
	(virDomainDiskDefParseXML): Use it.
	* src/parallels/parallels_driver.c (parallelsAddHddInfo):
	Likewise.
	* src/qemu/qemu_command.c (qemuParseCommandLine): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc): Likewise.
	* src/vmx/vmx.c (virVMXParseDisk): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxprDisks, xenParseSxpr):
	Likewise.
	* src/xenxs/xen_xm.c (xenParseXM): Likewise.
	* src/libvirt_private.syms (domain_conf.h): Export it.

	conf: store snapshot source as pointer, for easier manipulation
	As part of the work on backing chains, I'm finding that it would
	be easier to directly manipulate chains of pointers (adding a
	snapshot merely adjusts pointers to form the correct list) rather
	than copy data from one struct to another. This patch converts
	snapshot source to be a pointer.
	In this patch, the pointer is ALWAYS allocated (any code that
	increases ndisks now also allocates a source pointer for each
	new disk), and all other changes are just mechanical fallout of
	the new type; there should be no functional change.  It is
	possible that we may want to leave the pointer NULL for internal
	snapshots in a later patch, but as that requires a closer audit
	of the source to ensure we don't fault on a null dereference, I
	didn't do it here.
	* src/conf/snapshot_conf.h (_virDomainSnapshotDiskDef): Change
	type of src.
	* src/conf/snapshot_conf.c: Adjust all clients.
	* src/qemu/qemu_conf.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.

2014-06-06  Ján Tomko  <jtomko@redhat.com>

	Fix virbitmaptest on 32-bit
	My commit 7d8afc4 was passing the incorrect size to
	virBitmapDataToString in the newly added test.

2014-06-06  Michal Privoznik  <mprivozn@redhat.com>

	nodedev: Export NUMA node locality for PCI devices
	A PCI device can be associated with a specific NUMA node. Later, when
	a guest is pinned to one NUMA node the PCI device can be assigned on
	different NUMA node. This makes DMA transfers travel across nodes and
	thus results in suboptimal performance. We should expose the NUMA node
	locality for PCI devices so management applications can make better
	decisions.

2014-06-06  Ján Tomko  <jtomko@redhat.com>

	Implement pretty flag for vcpuinfo and nodecpumap
	Report CPU affinities / online CPUs in human-readable form when
	this flag is present:
	Before:
	CPU Affinity:   y-yy
	After:
	CPU Affinity:   0,2-3 (out of 4)
	https://bugzilla.redhat.com/show_bug.cgi?id=985980

	Introduce virBitmapDataToString
	For converting bitmap data to human-readable strings.

	Always report an error if virBitmapFormat fails
	It already reports an error if STRDUP fails.

	Format NULL bitmap as an empty string
	This simplifies the usage in {libxl,qemu}DomainGetNumaParameters
	and it's needed for consistent error reporting in virBitmapFormat.
	Also remove the forgotten ATTRIBUTE_NONNULL marker.

	virsh: Separate API calls and result printing in cmdVcpuinfo
	This allows reuse of the result printing code.

	virsh: Invert logic in cmdVcpuinfo
	Initialize 'ret' to false and introduce a cleanup label.

2014-06-06  Alexander Burluka  <aburluka@parallels.com>

	Parallels: Include CPU info in the capabilities XML
	Openstack uses (or will start to using) CPU info from the
	capabilities XML. So this section is expanded, added CPU info
	about arch, type and info about number of cores, sockets and threads.

	Parallels: add connectBaselineCPU()
	Openstack Nova (starting at Icehouse release) requires this function
	to start VM.

	Parallels: add domainGetVcpus()
	OpenStack Nova requires this function
	to start VM instance. Cpumask info is obtained via prlctl utility.
	Unlike KVM, Parallels Cloud Server is unable to set cpu affinity
	mask for every VCpu. Mask is unique for all VCpu. You can set it
	using 'prlctl set <vm_id|vm_name> --cpumask <{n[,n,n1-n2]|all}>'
	command. For example, 'prlctl set SomeDomain --cpumask 0,1,5-7'
	would set this mask to yy---yyy.

2014-06-06  Martin Kletzander  <mkletzan@redhat.com>

	maint: prohibit empty first lines
	Based on discussion with Eric:
	https://www.redhat.com/archives/libvir-list/2014-March/msg01001.html

	Remove unnecessary empty first lines

	translations: Don't leave default template fields in .po files
	New gettext-0.19 doesn't like it and we can't build without it.

2014-06-06  Ján Tomko  <jtomko@redhat.com>

	Fix storage format probing
	Commit fff74b2 moved the probing into virStorageFileGetMetadataFromBuf
	but didn't update the format in volume definition.
	https://bugzilla.redhat.com/show_bug.cgi?id=1104908

	Simplify conditions in virStorageBackendProbeTarget
	Jump out early if no metadata was detected (for directories).
	Join the error and cleanup labels.

	Don't reuse 'ret' variable in virStorageBackendProbeTarget
	To match the convention:
	ret - current function's return value
	rc - other function's return values

2014-06-05  Michal Privoznik  <mprivozn@redhat.com>

	formatcaps: Rework and add stubs to document
	At the moment we are missing even basic documentation on our
	capabilities XML. Without demand on completeness, I'm
	reorganizing the document structure and adding very basic
	documentation to two major components of the capabilities XML.
	These stubs are intended to be enhanced in the future.

	vircaps2xmltest: Introduce basic testing
	For now only one test is introduced. It's purpose in life
	is to check we don't break NUMA host distances XML format.

2014-06-05  Jim Fehlig  <jfehlig@suse.com>

	libxl: add migration support
	This patch adds initial migration support to the libxl driver,
	using the VIR_DRV_FEATURE_MIGRATION_PARAMS family of migration
	functions.

	libxl: introduce libxlDomainDefCheckABIStability
	Introduce a simple libxlDomainDefCheckABIStability() function that
	can be used check ABI stability between two virDomainDef objects.

2014-06-05  Eric Blake  <eblake@redhat.com>

	maint: detect VPATH builds when checking for gnulib update
	I accidentally typed 'make' in the srcdir of a VPATH build, and
	was surprised to see this:
	$ make
	/bin/sh: s/^[ +-]//;s/ .*//: No such file or directory
	INFO: gnulib update required; running ./autogen.sh first
	make: -n: Command not found
	./autogen.sh
	I am going to run ./configure with no arguments - if you wish
	to pass any to it, please specify them on the ./autogen.sh command line.
	running bootstrap...
	./bootstrap: Bootstrapping from checked-out libvirt sources...
	./bootstrap: getting gnulib files...
	Oops - we're trying to execute some fairly bogus command names,
	and then trying to configure in-tree (which breaks all existing
	VPATH builds, since automake refuses to do a VPATH build if it
	detects an in-tree configure).  The third line (executing "-n")
	is fixed by updating to the latest gnulib; the rest of the problem
	is fixed by copying the same filtering in our cfg.mk as what
	gnulib just added, so that we avoid any $(shell) invocations which
	in turn depend on variables that are only populated by a working
	Makefile.  With that in place, we are back to the much nicer:
	$ make
	There seems to be no Makefile in this directory.
	You must run ./configure before running 'make'.
	make: *** [abort-due-to-no-makefile] Error 1
	Additionally, although harder to see - there was a trailing space in
	the message warning us that autogen would run an in-tree configure.
	* .gnulib: Update to latest, in part for maint.mk improvements.
	* cfg.mk (_update_required): Don't check for update in
	unconfigured directory.
	* autogen.sh (no_git): Drop trailing space.

	maint: optimize locale.h syntax check
	Reusing the maint.mk code allows for a more efficient syntax check
	(fewer grep processes), and a more compact representation of what
	we are really checking for in commit 1919e35.
	* cfg.mk (sc_require_locale_h): Use maint.mk loop instead of
	rolling our own.

2014-06-04  Michal Privoznik  <mprivozn@redhat.com>

	virnuma: Check for numa_bitmask_isbitset presence
	On some systems, libnuma can be present but it's so ancient that
	it misses some symbols that virNumaGetDistances() needs. To be
	more precise: numa_bitmask_isbitset() and numa_nodes_ptr are the
	symbols in question. Fortunately, they were both introduced in
	the same release so it's sufficient for us to check for only one
	of them. And the winner is numa_bitmask_isbitset().

	cfg.mk: Introduce rule for setlocale()
	In the past we had some issues where setlocale() was called without
	corresponding include of locale.h. While on some systems this may
	work, on others the compilation failed. We should have a syntax-check
	rule for that to prevent this from happening again.

	virnuma: Implement virNumaGetDistances stub for non-NUMA
	In case the libvirt is built without numactl support, we're
	missing the virNumaGetDistances() stub so the linking fails:
	  CCLD     libvirt_lxc
	libvirt_lxc-nodeinfo.o: In function `virNodeCapsGetSiblingInfo':
	/home/zippy/tmp/libvirt.git/src/nodeinfo.c:1763: undefined reference to `virNumaGetDistances'
	collect2: error: ld returned 1 exit status
	make[3]: *** [libvirt_lxc] Error 1
	The issue was introduced in 77c830d8c4.

	virCaps: Expose distance between host NUMA nodes
	If user or management application wants to create a guest,
	it may be useful to know the cost of internode latencies
	before the guest resources are pinned. For example:
	<capabilities>
	  <host>
	    ...
	    <topology>
	      <cells num='2'>
	        <cell id='0'>
	          <memory unit='KiB'>4004132</memory>
	          <distances>
	            <sibling id='0' value='10'/>
	            <sibling id='1' value='20'/>
	          </distances>
	          <cpus num='2'>
	            <cpu id='0' socket_id='0' core_id='0' siblings='0'/>
	            <cpu id='2' socket_id='0' core_id='2' siblings='2'/>
	          </cpus>
	        </cell>
	        <cell id='1'>
	          <memory unit='KiB'>4030064</memory>
	          <distances>
	            <sibling id='0' value='20'/>
	            <sibling id='1' value='10'/>
	          </distances>
	          <cpus num='2'>
	            <cpu id='1' socket_id='0' core_id='0' siblings='1'/>
	            <cpu id='3' socket_id='0' core_id='2' siblings='3'/>
	          </cpus>
	        </cell>
	      </cells>
	    </topology>
	    ...
	  </host>
	  ...
	</capabilities>
	We can see the distance from node1 to node0 is 20 and within nodes 10.

	virnuma: Introduce virNumaGetDistances
	The API gets a NUMA node and find distances to other nodes.  The
	distances are returned in an array. If an item X within the array
	equals to value of zero, then there's no such node as X.

2014-06-03  Peter Krempa  <pkrempa@redhat.com>

	tests: monitor: json: Fix error message when returning json in json
	The qemu JSON monitor test allows to test also expected command
	arguments. As the error from the monitor simulator is returned as a
	simulated qemu error (in JSON) all other JSON contained in the error
	message needs to be escaped. This will happen if the monitor command
	under test receives a JSON array as an argument.
	This will improve the error message from:
	libvirt:  error : internal error: cannot parse json { "error":  { "desc":
	"Invalid value of argument 'keys' of command 'send-key': expected 'ble'
	got '[{"type":"number","data":43},{"type":"number","data":26},
	{"type":"number","data":46},{"type":"number","data":32}]'",
	"class": "UnexpectedCommand" } }: lexical error: invalid string in json text.
	To:
	libvirt: QEMU Driver error : internal error: unable to execute QEMU
	command 'send-key': Invalid value of argument 'keys' of command
	'send-key': expected 'ble' got '[{"type":"number","data":43},
	{"type":"number","data":26},{"type":"number","data":46},
	{"type":"number","data":32}]'
	This improvement will not have any effect on tests executing as
	expected, but it will help test development.

	network: bridge: Avoid memory leak from networkBuildDhcpDaemonCommandLine
	If the leasehelper_path couldn't be found the code would leak the
	freshly constructed command structure. Re-arrange code to avoid the
	problem.
	Found by coverity, broken by baafe668fa56767c031468ccd5df3e62eaa11370.

	tests: Build virstoragetest only when storage driver is compiled too
	virstoragetest now requires parts of the storage driver to be built.
	Without this change the test can't be compiled on platforms that don't
	build the storage driver (mingw).
	make[2]: *** No rule to make target `../src/libvirt_driver_storage_impl.la', needed by `virstoragetest.exe'.  Stop.
	Broken by commit 713cc3b0a7ff8ad42b4c13429b624d1b2b5a99f2

	qemu: monitor: Fix type of holdtime argument in qemuMonitorJSONSendKey
	qemuMonitorJSONSendKey declares the "holdtime" argument as unsigned int
	while the command was constructed in qemuMonitorJSONMakeCommand using
	the "P" modifier which took a unsigned long from the variable
	arguments which then made it possible to access uninitialized memory.
	This broke the qemumonitorjsontest on 32bit fedora 20:
	64) qemuMonitorJSONSendKey
	... libvirt: QEMU Driver error : internal error: unsupported data type 'W' for arg 'WVSì D$0èwÿÿÃAå' FAILED
	Uncovered by upstream commit f744b831c66d9e82453f7a96cab5eddf7570c253.
	Additionally add test for the hold-time option.

2014-06-03  Daniel P. Berrange  <berrange@redhat.com>

	libxl: Avoid possible use of uninitialized mem in libxlDomainStart
	The 'libxl_domain_config' object is stack allocated which means its
	memory contents are undefined. The libxl_domain_config_dispose() call
	is only safe if the memory is initialized to a defined state. Not all
	code paths which reach libxl_domain_config_dispose() will ensure that
	libxl_domain_config_init() is called. Move the libxl_domain_config_init()
	call earlier in the function to ensure all codepaths have defined
	memory state.

	libxl: Move virDomainXMLOptionNew into libxlCreateXMLConf
	To allow the test suite to creat the XML option object,
	move the virDomainXMLOptionNew call into a libxlCreateXMLConf
	method.

	libxl: Don't pass libxlDriverPrivatePtr into libxlBuildDomainConfig
	To make it easier to test, change libxlBuildDomainConfig so
	that it takes a virPortAllocatorPtr instead of the larger
	libxlDriverPrivatePtr object.

	libxl: Don't pass virDomainObjPtr to libxlBuildDomainConfig
	To make it easier to unit test, change libxlBuildDomainConfig
	so that it takes 'virDomainDefPtr' and 'libxl_ctx *' objects
	as separate parameters.

2014-06-03  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Return in from qemuDomainRemove*Device
	Some of the APIs already return int since they can produce errors that
	need to be propagated. For consistency reasons, this patch changes the
	rest of the APIs to also return int even though they do not fail or
	report any errors.

	qemu: Remove character device backend only after frontend is gone
	In general, we should only remove a backend after seeing DEVICE_DELETED
	event for a corresponding frontend.

	qemu: Remove disk backend only after frontend is gone
	In general, we should only remove a backend after seeing DEVICE_DELETED
	event for a corresponding frontend. This doesn't make any difference for
	disks attached using -drive or drive_add since QEMU automatically
	removes their backends but it's still better to make our code
	consistent. And it may start making difference in case we switch to
	attaching disks using -blockdev.

	qemu: Remove interface backend only after frontend is gone
	[1] reported that we are removing network's backend too early. I didn't
	really get the reproducer but libvirt behaves strangely when a guest
	does not confirm the removal, e.g., it does not support PCI hotplug. In
	such case, detaching a network device leaves its frontend in place but
	removes the backend, which makes the device unusable for the guest.
	Moreover attaching the same device again succeeds and both the guest and
	libvirt will see two network interfaces attached but only one of them is
	actually working.
	I checked with Paolo Bonzini and he confirmed we should only remove a
	backend after seeing DEVICE_DELETED event for a corresponding frontend.
	[1] https://www.redhat.com/archives/libvir-list/2014-March/msg01740.html

2014-06-03  Peter Krempa  <pkrempa@redhat.com>

	tests: storagetest: Unify and reformat storage chain format string
	All the fields crammed into two lines weren't easy to parse by human
	eyes. Split up the format string into lines and put it into a central
	variable so that changes in two places aren't necessary.

	qemu: json: Add format strings for optional command arguments
	This patch adds option to specify that a json qemu command argument is
	optional without the need to use if's or ternary operators to pass the
	list. Additionally all the modifier characters are documented to avoid
	user confusion.

	util: string: Return element count from virStringSplit
	To allow using the array manipulation macros on the arrays returned by
	virStringSplit we need to know the count of the elements in the array.
	Modify virStringSplit to return this value, rename it and add a helper
	with the old name so that we don't need to update all the code.

	storage: Traverse backing chains of network disks
	Now we don't need to skip backing chain detection for remote disks.

	storage: Change to new backing store parser
	Use the new backing store parser in the backing chain crawler. This
	change needs one test change where information about the NBD image are
	now parsed differently.

	storage: Add infrastructure to parse remote network backing names
	Add parsers for relative and absolute backing names for local and remote
	storage files.
	This parser parses relative paths as relative to their parents and
	absolute paths according to the protocol or local access.
	For remote storage volumes, all URI based backing file names are
	supported and for the qemu colon syntax the NBD protocol is supported.

	storage: Switch metadata crawler to use storage driver file access check
	Use virStorageFileAccess() to to check whether the file is accessible in
	the main part of the metadata crawler.

	storage: Switch metadata crawler to use storage driver to read headers
	Use virStorageFileReadHeader() to read headers of storage files possibly
	on remote storage to retrieve the image metadata.
	The backend information is now parsed by
	virStorageFileGetMetadataInternal which is now exported from the util
	source and virStorageFileGetMetadataFromFDInternal now doesn't need to
	be exported.

	storage: Switch metadata crawler to use storage driver to get unique path
	Use the virStorageFileGetUniqueIdentifier() function to get a unique
	identifier regardless of the target storage type instead of relying on
	canonicalize_path().
	A new function that checks whether we support a given image is
	introduced to avoid errors for unimplemented backends.

	storage: backend: Add possibility to suppress errors from backend lookup
	Add a new function wrapper and tweak the storage file backend lookup
	function so that it can be used without reporting error. This will be
	useful in the metadata crawler code where we need silently break if
	metadata retrieval is not supported for the current storage type.

	test: storage: Initialize storage source to correct type
	Stat the path of the storage file being tested to set the correct type
	into the virStorageSource. This will avoid breaking the test suite when
	inquiring metadata of directory paths in the next patches.

	storage: Determine the local storage type right away
	When walking the backing chain we previously set the storage type to
	_FILE and let the virStorageFileGetMetadataFromFDInternal update it to
	the correct type later on.
	This patch moves the actual storage type determination to the place
	where we parse the backing store name so that the code can later be
	switched to use virStorageFileReadHeader() directly.

	storage: Move virStorageFileGetMetadata to the storage driver
	My future work will modify the metadata crawler function to use the
	storage driver file APIs to access the files instead of accessing them
	directly so that we will be able to request the metadata for remote
	files too. To avoid linking the storage driver to every helper file
	using the utils code, the backing chain traversal function needs to be
	moved to the storage driver source.
	Additionally the virt-aa-helper and virstoragetest programs need to be
	linked with the storage driver as a result of this change.

	storage: Add API to check accessibility of storage volumes
	Add a storage driver API equivalent of the access() function.
	Implementations for the filesystem and gluster backends are provided.

	storage: backend: Add unique id retrieval API
	Different protocols have different means to uniquely identify a storage
	file. This patch implements a storage driver API to retrieve a unique
	string describing a volume. The current implementation works for local
	storage only and returns the canonical path of the volume.
	To add caching support the local filesystem driver now has a private
	structure holding the cached string, which is created only when it's
	initially accessed.
	This patch provides the implementation for local files only for start.

2014-06-03  Michal Privoznik  <mprivozn@redhat.com>

	xenapi_utils: Adapt to enum cleanups
	It was just very recently that we transfered from:
	  enum virSomeEnumName{
	      ...
	  };
	to:
	  typedef enum {
	      ...
	  } virSomeEnumName;
	This change requires some code adaptation, which wasn't done for
	xenapi driver. With this fix we are able to build again.

	virnuma.c: Fix some comments
	In 9dd02965 the virNumaGetNodeMemory was introduced, however the
	comment describing the function mentions virNumaGetNodeMemorySize.
	And there's one typo in virNumaIsAvailable() description.

2014-06-03  Julio Faracco  <jcfaracco@gmail.com>

	conf: more enum cleanups in "src/conf/domain_conf.h"
	In "src/conf/domain_conf.h" there are many enum declarations. The
	cleanup in this header filer was started, but it wasn't enough and
	there are many other files that has enum variables declared. So, the
	commit was starting to be big. This commit finish the cleanup in this
	header file and in other files that has enum variables, parameters,
	or functions declared.

	conf: enum cleanups in "src/conf/domain_conf.h"
	In "src/conf/domain_conf.h" there are many enumerations (enum)
	declarations to be converted as a typedef too. As mentioned before,
	it's better to use a typedef for variable types, function types and
	other usages. I think this file has most of those enum declarations
	at "src/conf/". So, me and Eric Blake plan to keep the cleanups all
	over the source code. This time, most of the files changed in this
	commit are related to part of one file: "src/conf/domain_conf.h".

	cpu: use typedefs for enums in "src/cpu/cpu_map.h"
	In "src/cpu/" there are some enumerations (enum) declarations.
	Similar to the recent cleanup to "src/util", "src/conf" and other
	directories, it's better to use a typedef for variable types,
	function types and other usages. Other enumeration and folders will
	be changed to typedef's in the future. Specially, in files that are
	in different places of "src/util" and "src/conf". Most of the files
	changed in this commit are related to CPU (cpu_map.h) enums.

2014-06-03  Michal Privoznik  <mprivozn@redhat.com>

	virsh-nodedev: Avoid spurious errors
	Our public free functions explicitly don't accept NULL pointers
	(sigh). Therefore, callers must do something like this:
	    if (dev)
	        virNodeDeviceFree(dev);
	And we are not doing that on two places I've found. This leads to
	dummy error message thrown by virsh:
	    virsh # nodedev-dumpxml nonexistent-device
	    error: Could not find matching device 'nonexistent-device'
	    error: invalid node device pointer in virNodeDeviceFree

2014-06-02  Ján Tomko  <jtomko@redhat.com>

	Don't use AI_ADDRCONFIG when binding to wildcard addresses
	https://bugzilla.redhat.com/show_bug.cgi?id=1098659
	With parallel boot, network addresses might not yet be assigned [1],
	but binding to wildcard addresses should work.
	For non-wildcard addresses, ADDRCONFIG is still used. Document this
	in libvirtd.conf.
	[1] http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/

2014-06-02  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Unref cfg when detaching hostdev interface

	qemu: Process DEVICE_DELETED event in a separate thread
	Currently, we don not acquire any job when removing a device after
	DEVICE_DELETED event was received from QEMU. This means that if there is
	another API running at the time DEVICE_DELETED is delivered and the API
	acquired a job, we may happily change the definition of the domain the
	API is working with whenever it unlocks the domain object (e.g., to talk
	with its monitor). That said, we have to acquire a job before finishing
	device removal to make things safe. However, doing so in the main event
	loop would cause a deadlock so we need to move most of the event handler
	into a separate thread.
	Another good reason for both acquiring a job and handling the event in a
	separate thread is that we currently remove a device backend immediately
	after removing its frontend while we should only remove the backend once
	we already received DEVICE_DELETED event. That is, we will have to talk
	to QEMU monitor from the event handler.

	qemu: Finish device removal in the original thread
	If QEMU supports DEVICE_DELETED event, we always call
	qemuDomainRemoveDevice from the event handler. However, we will need to
	push this call away from the main event loop and begin a job for it (see
	the following commit), we need to make sure the device is fully removed
	by the original thread (and within its existing job) in case the
	DEVICE_DELETED event arrives before qemuDomainWaitForDeviceRemoval times
	out.
	Without this patch, device removals would be guaranteed to never finish
	before the timeout because the could would be blocked by the original
	job being still active.

2014-06-02  Pavel Hrdina  <phrdina@redhat.com>

	Fix build on freebsd
	On freebsd there isn't known "setlocale" so we have to include locale.h

2014-06-02  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Add helper program to create custom leases
	Introduce helper program to catch events from dnsmasq and maintain a custom
	lease file per network. It supports dhcpv4 and dhcpv6. The file is saved as
	"<interface-name>.status".
	Each lease contains the following info:
	<expiry-time (epoch time)> <mac> <iaid> <ip-address> <hostname> <clientid>
	Example of custom leases file content:
	[
	    {
	        "iaid": "1221229",
	        "ip-address": "2001:db8:ca2:2:1::95",
	        "mac-address": "52:54:00:12:a2:6d",
	        "hostname": "Fedora20",
	        "client-id": "00:04:1a:c1:d9:6b:5a:0a:e2:bc:f8:4b:1e:37:2e:38:22:55",
	        "expiry-time": 1393244216
	    },
	    {
	        "ip-address": "192.168.150.208",
	        "mac-address": "52:54:00:11:56:b3",
	        "hostname": "Wani-PC",
	        "client-id": "01:52:54:00:11:56:b3",
	        "expiry-time": 1393244248
	    }
	]
	src/Makefile.am:
	   * Add options to compile the helper program
	src/network/bridge_driver.c:
	   * Introduce networkDnsmasqLeaseFileNameCustom()
	   * Invoke helper program along with dnsmasq
	   * Delete the .status file when corresponding n/w is destroyed.
	src/network/leaseshelper.c
	   * Helper program to create the custom lease file

2014-06-02  Peter Krempa  <pkrempa@redhat.com>

	virsh: Check whether found volume is member of the specified storage pool
	When looking up storage volumes virsh uses multiple lookup steps. Some
	of the steps don't require a pool name specified. This resulted into a
	possibility that a volume would be part of a different pool than the
	user specified:
	Let's have a /var/lib/libvirt/images/test.qcow image in the 'default'
	pool and a second pool 'emptypool':
	Currently we'd return:
	  $ virsh vol-info --pool emptypool /var/lib/libvirt/images/test.qcow
	  Name:           test.qcow
	  Type:           file
	  Capacity:       100.00 MiB
	  Allocation:     212.00 KiB
	After the fix:
	 $ tools/virsh vol-info --pool emptypool /var/lib/libvirt/images/test.qcow
	 error: Requested volume '/var/lib/libvirt/images/test.qcow' is not in pool 'emptypool'
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1088667

2014-06-02  Daniel Veillard  <veillard@redhat.com>

	Bump version to 1.2.6 for new dev cycle

	Forgot spec changelog in 1.2.5 commit

	Release of libvirt-1.2.5
	* docs/news.html.in: update for release
	* po/*.po*: updated ukrainian localization and regenerated

2014-06-02  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: bhyve driver documentation improvements
	- Document 'domxml-to-native' command
	- Mention that the nmdm console support needs an appropriate
	  kernel module loaded

2014-06-01  Laine Stump  <laine@laine.org>

	util: fix DST end date in virtimetest timezones
	Reported by: Roman Bogorodskiy <bogorodskiy@gmail.com>
	Some of the tests for virTimeLocalOffsetFromUTC set an imaginary
	timezone that attempts to force dyalight savings time active all the
	time by setting a start date of 0/00:00:00 and end date of
	366/23:59:59. Since the day is 0-based, 366 really means "day 367"
	which will never occur - this was an attempt to eliminate problems
	with DST not being active in some cases right around midnight on
	January 1. Even though it didn't completely solve the problem, it
	didn't seem to cause harm so it was left in the test timezones.
	Although Linux glibc doesn't mind having a DST end date of 366,
	FreeBSD refuses to use such timezones, so the tests fail. This patch
	changes the 366 to 365.
	This may or may not cause failure of the remaining DST tests around
	midnight Jan 1. If so, we will need to disable those tests at year's
	end too.

2014-05-31  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning on 32-bit platform
	On a 32-bit platform:
	virstringtest.c: In function 'mymain':
	virstringtest.c:673: warning: this decimal constant is unsigned only in ISO C90
	I already had a comment in the file about the 64-bit counterpart;
	the easiest fix was to make both sites use the standardized macro
	that is guaranteed to work.
	* tests/virstringtest.c (mymain): Minimum signed integers are a pain.

2014-05-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Improve detection of mixed snapshots
	Currently we don't support mixed (external + internal) snapshots. The
	code detecting the snapshot type didn't make sure that the memory image
	was consistent with the snapshot type leading into strange error
	message:
	 $ virsh snapshot-create-as --domain VM --diskspec vda,snapshot=internal --memspec snapshot=external,file=/tmp/blah
	 error: internal error: unexpected code path
	Fix the mixed detection code to detect this kind of mistake:
	 $ virsh snapshot-create-as --domain VM --diskspec vda,snapshot=internal --memspec snapshot=external,file=/tmp/blah
	 error: unsupported configuration: mixing internal and external targets for a snapshot is not yet supported

	qemu: snapshot: Reject internal active snapshot without memory state
	A internal snapshot of a active VM with the memory snapshot disabled
	explicitly would actually still take the memory snapshot. Reject it
	explicitly.
	Before:
	 $ virsh snapshot-create-as --domain VM --diskspec vda,snapshot=internal --memspec snapshot=no
	 Domain snapshot 1401353155 created
	After:
	 $ virsh snapshot-create-as --domain VM --diskspec vda,snapshot=internal --memspec snapshot=no
	 error: Operation not supported: internal snapshot of a running VM must include the memory state
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1083345

	util: storage: Fix crash of libvirtd on network backed guest block-pull
	For guests backed by gluster volumes (or other network storage) we don't
	fill the backing chain (see qemuDomainDetermineDiskChain). This leaves
	the "relPath" field of the top image NULL. This causes a crash in
	virStorageFileChainLookup() when looking up a backing element for such a
	disk.
	Since I'm working on adding support for network storage and one of the
	steps will make the "relPath" field optional let's use STREQ_NULLABLE
	instead of STREQ in virStorageFileChainLookup() to avoid the problem.

2014-05-29  Laine Stump  <laine@laine.org>

	util: fix virTimeLocalOffsetFromUTC DST processing
	The original version of virTimeLocalOffsetFromUTC() would fail for
	certain times of the day if daylight savings time was active. This
	could most easily be seen by uncommenting the TEST_LOCALOFFSET() cases
	that include a DST setting.
	After a lot of experimenting, I found that the way to solve it in
	almost all test cases is to set tm_isdst = -1 in the struct tm prior
	to calling mktime(). Once this is done, the correct offset is returned
	for all test cases at all times except the two hours just after
	00:00:00 Jan 1 UTC - during that time, any timezone that is *behind*
	UTC, and that is supposed to always be in DST will not have DST
	accounted for in its offset.
	I believe that the code of virTimeLocalOffsetFromUTC() actually is
	correct for all cases, but the problem still encountered is due to our
	inability to come up with a TZ string that properly forces DST to
	*always* be active. Since a modfication of the (currently fixed)
	expected result data to account for this would necessarily use the
	same functions that we're trying to test, I've instead just made the
	test program conditionally bypass the problematic cases if the current
	date is either December 31 or January 1. This way we get maximum
	testing during 363 days of the year, but don't get false failures on
	Dec 31 and Jan 1.

2014-05-29  Eric Blake  <eblake@redhat.com>

	virsh: fix typos in virsh man page
	* tools/virsh.pod (attach-disk): Drop duplicate --config, fix typo
	in --sourcetype.

	maint: fix typo in previous patch
	Use correct variable name.
	* m4/virt-selinux.m4: Fix one last variable name.

2014-05-29  Jim Fehlig  <jfehlig@suse.com>

	maint: cleanup detection of const'ness of selinux ctx
	Commit 292d3f2d fixed the build with libselinux 2.3, but missed
	some suggestions by eblake
	https://www.redhat.com/archives/libvir-list/2014-May/msg00977.html
	This patch changes the macro introduced in 292d3f2d to either be
	empty in the case of newer libselinux, or contain 'const' in the
	case of older libselinux.  The macro is then used directly in
	tests/securityselinuxhelper.c.

2014-05-29  Cédric Bosdonnat  <cbosdonnat@suse.com>

	build: fix build with libselinux 2.3
	Several function signatures changed in libselinux 2.3, now taking
	a 'const char *' instead of 'security_context_t'.  The latter is
	defined in selinux/selinux.h as
	  typedef char *security_context_t;

2014-05-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: managedsave: Don't spam logs with warnings about corrupted image
	Even successful start of a VM from a managed save image would spam the
	logs with the following message:
	Unable to restore from managed state [path]. Maybe the file is
	corrupted?
	Re-arrange the logic to output the warning only when the image is
	corrupted.
	The flaw was introduced in commit cfc28c66.

	utils: storage: Canonicalize paths only for local filesystems
	Now that virStorageFileGetMetadataFromBuf is used only for remote
	filesystems, don't canonicalize the path in it.

	storage: fs: Drop-in replace use of virStorageFileGetMetadataFromBuf
	Use virStorageFileGetMetadataFromFD instead in
	virStorageBackendProbeTarget as it now returns all required data and the
	storage file is already open in a filedescriptor.
	Also fix improper error code being returned when virFileReadHeaderFD
	would fail as virStorageBackendUpdateVolTargetInfoFD would set the
	return code to 0.

	storage: Return backing format from virStorageFileGetMetadataFromFD
	Add argument to return backing file format of a file probed by
	virStorageFileGetMetadataFromFD so that it can be used in place of
	virStorageFileGetMetadataFromBuf.

2014-05-29  Eric Blake  <eblake@redhat.com>

	qemu: reject rather than hang on blockcommit of active layer
	qemu 2.0 added the ability to commit the active layer, but slightly
	differently than what libvirt had been anticipating in its
	implementation of the virDomainBlockCommit call.  As a result, if
	you attempt to do a 'virsh blockcommit $dom vda', qemu gets into a
	state where it is waiting on libvirt to end the job, while libvirt
	is waiting on qemu to end the job, and the guest is effectively
	hung with regards to further commands for that block device.
	I have patches coming down the pipeline that will add full support
	for blockcommit of the active layer when coupled with qemu 2.0 or
	later; but they depend on Peter's improvements to block job handling
	and form enough of a new feature that they are not ready for
	inclusion in the 1.2.5 release.  So for now, just reject the
	attempt, rather than letting the user get stuck.  This is no worse
	than the behavior of qemu 1.7 rejecting the job.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Reject active
	commit.

2014-05-28  Dan Kenigsberg  <danken@redhat.com>

	doc: fix documentation of virDomainSet(Get)Metadata
	The documentation of the functions should match the argument name in the actual
	function signature.

2014-05-27  Olivia Yin  <Hong-Hua.Yin@freescale.com>

	qemu: Fix specifying char devs for PPC
	QEMU ppce500 board uses the legacy -serial option.
	Other PPC boards don't give any way to explicitly wire in a -chardev
	except pseries which uses -device spapr-vty with -chardev.
	Add test case for -serial option for ppce500

	change machine name ppce500v2 to ppce500
	ppce500v2 is not machine supported by official release of QEMU.
	It should be replaced by ppce500.

2014-05-26  Daniel Veillard  <veillard@redhat.com>

	Fix an extra ' in a translated string
	Raised by ukrainian translator Yuri Chornoivan
	https://fedora.transifex.com/projects/p/libvirt/translate/#uk/strings/25483059

2014-05-26  Ján Tomko  <jtomko@redhat.com>

	Clean up chardev sockets on QEMU shutdown
	https://bugzilla.redhat.com/show_bug.cgi?id=1088787
	Clean up unix socket files for chardevs using mode='bind',
	like we clean up the monitor socket.
	They are created by QEMU on startup and not really useful
	after shutting it down.

2014-05-26  Laine Stump  <laine@laine.org>

	qemu: fix <clock offset='variable' basis='localtime'/>
	For a clock element as above, libvirt simply converts current system
	time with localtime_r(), then starts qemu with a time string that
	doesn't contain any timezone information. So, from qemu's point of
	view, the -rtc string it gets for:
	   <clock offset='variable' basis='utc' adjustment='10800'/>
	is identical to the -rtc string it gets for:
	   <clock offset='variable' basis='localtime' adjustment='0'/>
	(assuming the host is in a timezone that is 10800 seconds ahead of
	UTC, as is the case on the machine where this message is being
	written).
	Since the commandlines are identical, qemu will behave identically
	after this point in either case.
	There are two problems in the case of basis='localtime' though:
	Problem 1) If the guest modifies its RTC, for example to add 20
	seconds, the RTC_CHANGE event from qemu will then contain offset:20 in
	both cases. But libvirt will have saved the original adjustment into
	adjustment0, and will add that value onto the offset in the
	event. This means that in the case of basis=;utc', it will properly
	emit an event with offset:10820, but in the case of basis='localtime'
	the event will contain offset:20, which is *not* the new offset of the
	RTC from UTC (as the event it documented to provide).
	Problem 2) If the guest is migrated to another host that is in a
	different timezone, or if it is migrated or saved/restored after the
	DST status has changed from what it was when the guest was originally
	started, the newly restarted guest will have a different RTC (since it
	will be based on the new localtime, which could have shifted by
	several hours).
	The solution to both of these problems is simple - rather than
	maintaining the original adjustment value along with
	"basis='localtime'" in the domain status, when the domain is started
	we convert the adjustment offset to one relative to UTC, and set the
	status to "basis='utc'". Thus, whatever the RTC offset was from UTC
	when it was initially started, that offset will be maintained when
	migrating across timezones and DST settings, and the RTC_CHANGE events
	will automatically contain the proper offset (which should by
	definition always be relative to UTC).
	This fixes a problem that was implied but not openly stated in:
	  https://bugzilla.redhat.com/show_bug.cgi?id=964177

	qemu: fix RTC_CHANGE event for <clock offset='variable' basis='utc'/>
	commit e31b5cf393857 attempted to fix libvirt's
	VIR_DOMAIN_EVENT_ID_RTC_CHANGE, which is documentated to always
	provide the new offset of the domain's real time clock from UTC. The
	problem was that, in the case that qemu is provided with an "-rtc
	base=x" where x is an absolute time (rather than "utc" or
	"localtime"), the offset sent by qemu's RTC_CHANGE event is *not* the
	new offset from UTC, but rather is the sum of all changes to the
	domain's RTC since it was started with base=x.
	So, despite what was said in commit e31b5cf393857, if we assume that
	the original value stored in "adjustment" was the offset from UTC at
	the time the domain was started, we can always determine the current
	offset from UTC by simply adding the most recent (i.e. current) offset
	from qemu to that original adjustment.
	This patch accomplishes that by storing the initial adjustment in the
	domain's status as "adjustment0". Each time a new RTC_CHANGE event is
	received from qemu, we simply add adjustment0 to the value sent by
	qemu, store that as the new adjustment, and forward that value on to
	any event handler.
	This patch (*not* e31b5cf393857, which should be reverted prior to
	applying this patch) fixes:
	https://bugzilla.redhat.com/show_bug.cgi?id=964177
	(for the case where basis='utc'. It does not fix basis='localtime')

	Revert "qemu: Report the offset from host UTC for RTC_CHANGE event"
	This reverts commit e31b5cf393857a6ca78d148c19393e28dfb39de1.
	This commit attempted to work around a bug in the offset value
	reported by qemu's RTC_CHANGE event in the case that a variable base
	date was given on the qemu commandline. The patch mixed up the math
	involved in arriving at the corrected offset to report, and in the
	process added an unnecessary private attribute to the clock
	element. Since that element is private/internal and not used by anyone
	else, it makes sense to simplify things by removing it.

	util: new function virTimeLocalOffsetFromUTC
	Since there isn't a single libc API to get this value, this patch
	supplies one which gets the value by grabbing current time, then
	converting that into a struct tm with gmtime_r(), then back to a
	time_t using mktime.
	The returned value is the difference between UTC and localtime in
	seconds. If localtime is ahead of UTC (east) the offset will be a
	positive number, and if localtime is behind UTC (west) the offset will
	be negative.
	This function should be POSIX-compliant, and is threadsafe, but not
	async signal safe. If it was ever necessary to know this value in a
	child process, we could cache it with a one-time init function when
	libvirtd starts, then just supply the cached value, but that
	complexity isn't needed for current usage; that would also have the
	problem that it might not be accurate after a local daylight savings
	boundary.
	(If it weren't for DST, we could simply replace this entire function
	with "-timezone"; timezone contains the offset of the current timezone
	(negated from what we want) but doesn't account for DST. And in spite
	of being guaranteed by POSIX, it isn't available on older versions of
	mingw.)

2014-05-23  Peter Krempa  <pkrempa@redhat.com>

	storage: Add storage file API to read file headers
	Add storage driver based functions to access headers of storage files
	for metadata extraction. Along with this patch a local filesystem and
	gluster via libgfapi implementation is provided. The gluster
	implementation is based on code of the saferead_lim function.

	storage: Add support for access to files using provided uid/gid
	To allow using the storage driver APIs to access files on various
	storage sources in a universal fashion possibly on storage such as nfs
	with root squash we'll need to store the desired uid/gid in the
	metadata.
	Add new initialisation API that will store the desired uid/gid and a
	wrapper for the current use. Additionally add docs for the two APIs.

	storage: Add NONE protocol type for network disks
	Currently the protocol type with index 0 was NBD which made it hard to
	distinguish whether the protocol type was actually assigned. Add a new
	protocol type with index 0 to distinguish it explicitly.

	conf: Fix domain disk path iterator to work with networked storage
	Skip networked storage but continue iteration through backing chain to
	iterate through all the local paths in the backing chain.

	storage: Rework debugging of storage file access through storage driver
	Print the debug statements of individual file access functions from the
	main API functions instead of the individual backend functions.
	Also enhance initialization debug messages on a per-backend basis.

	storage: Store gluster volume name separately
	The gluster volume name was previously stored as part of the source path
	string. This is unfortunate when we want to do operations on the path as
	the volume is used separately.
	Parse and store the volume name separately for gluster storage volumes
	and use the newly stored variable appropriately.

	qemu: Make qemuDomainPrepareDiskChainElement aware of remote storage
	Refactor the function to accept a virStorageSourcePtr instead of just
	the path, add a check to run it only on local storage and fix callers
	(possibly by using a newly introduced wrapper that wraps a path in the
	 virStorageSource struct for legacy code)

	qemu: process: Refresh backing chain info when reconnecting to qemu
	Refresh the disk backing chains when reconnecting to a qemu process
	after daemon restart. There are a few internal fields that don't get
	refreshed from the XML. Until we are able to do that, let's reload all
	the metadata by the backing chain crawler.

2014-05-23  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Properly abort migration to a file
	This is similar to the previous commit in that we need to explicitly
	send migrate_cancel when libvirt detects an error other than those
	reported by query-migrate. However, the possibility to hit such error is
	pretty small.

	qemu: Send migrate_cancel when aborting migration
	When QEMU reports failed or cancelled migration, we don't need to send
	it migrate_cancel QMP command. But in all other error paths, such as if
	we detect broken connection to a destination daemon or something else
	happens inside libvirt, we need to explicitly send migrate_cancel
	command instead of relying on the migration to be implicitly cancelled
	when destination QEMU is killed.
	Because we were not doing so, one could end up with a paused domain
	after failed migration.
	https://bugzilla.redhat.com/show_bug.cgi?id=1098833

	Fix error message when TUNNELLED flag is used in non-p2p migration
	The current error message is
	    error: use virDomainMigrateToURI3 for peer-to-peer migration
	which is correct but a bit misleading because the client did not specify
	VIR_MIGRATE_PEER2PEER flag. This patch changes the error message to
	    error: cannot perform tunnelled migration without using peer2peer
	    flag
	which is consistent with the error reported by older migration APIs.
	Reported by Rich Jones in
	https://bugzilla.redhat.com/show_bug.cgi?id=1095924

2014-05-23  Eric Blake  <eblake@redhat.com>

	conf: fix backing store parse off-by-one
	Commit 546154e parses the type attribute from a <backingStore>
	element, but forgot that the earlier commit 9673418 added a
	placeholder element in the same 1.2.3 release; as a result,
	the C code was mistakenly allowing "none" as a type.
	Similarly, the same commit allows "none" as the <format>
	sub-element type, even though that has been a placeholder
	since the 0.10.2 release with commit f772b3d.
	* src/conf/domain_conf.c (virDomainDiskBackingStoreParse): Require
	non-zero types.

2014-05-22  Ján Tomko  <jtomko@redhat.com>

	Don't log an internal error when the guest hasn't updated balloon stats
	If virDomainMemoryStats is called too soon after domain startup,
	QEMU returns:
	"error":{"class":"GenericError","desc":"guest hasn't updated any stats yet"}
	when we try to query balloon stats.
	Check for this reply and log it as OPERATION_INVALID instead of
	INTERNAL_ERROR. This means the daemon only logs it at the debug level,
	without polluting system logs.
	Reported by Laszlo Pal:
	https://www.redhat.com/archives/libvirt-users/2014-May/msg00023.html

2014-05-22  Michal Privoznik  <mprivozn@redhat.com>

	qemuSetupCgroupForVcpu: s/virProcessInfoSetAffinity/virProcessSetAffinity/
	In the f56c773bf we've made the substitution but forgot to fix one
	comment which is still referring to the old name. This may be
	potentially misleading.

2014-05-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix virObjectUnlock() usage
	In a number of places in the bhyve driver, virObjectUnlock()
	is called with an arg without check if the arg is non-NULL, which
	could result in passing NULL value and a warning like:
	virObjectUnlock:340 : Object 0x0 ((unknown)) is not a virObjectLockable instance
	* src/bhyve/bhyve_driver.c (bhyveDomainGetInfo)
	(bhyveDomainGetState, bhyveDomainGetAutostart)
	(bhyveDomainSetAutostart, bhyveDomainIsActive)
	(bhyveDomainIsPersistent, bhyveDomainGetXMLDesc)
	(bhyveDomainUndefine, bhyveDomainLookupByUUID)
	(bhyveDomainLookupByName, bhyveDomainLookupByID)
	(bhyveDomainCreateWithFlags, bhyveDomainOpenConsole):
	Check if arg is not NULL before calling virObjectUnlock on it.

2014-05-21  Cole Robinson  <crobinso@redhat.com>

	virdbus: Show method name in error message
	If you trigger bug 1033369, we get the error message:
	  error from service: Invalid argument
	Which is a bit too generic to pinpoint what is actually failing. This
	changes it to:
	  error from service: CreateMachine: Invalid argument
	Acked-by: Eric Blake <eblake@redhat.com>

	virdbus: Remove redundant error macro
	This is the only callsite.
	We drop use of localerror.name here, because it's not actually useful
	to us: rather than the parameter name which received an invalid value
	(which was assumed), it's actually the the dbus errno equivalent.
	Just use the error string.
	Acked-by: Eric Blake <eblake@redhat.com>

2014-05-21  Eric Blake  <eblake@redhat.com>

	tests: avoid dlsym mocking on mingw
	I got a build failure when cross-compiling to mingw with the
	mingw64-dbus package installed:
	  CC       virmockdbus_la-virmockdbus.lo
	../../tests/virmockdbus.c:29:6: error: 'dbus_connection_set_change_sigpipe' redeclared without dllimport attribute: previous dllimport ignored [-Werror=attributes]
	 VIR_MOCK_STUB_VOID_ARGS(dbus_connection_set_change_sigpipe,
	      ^
	../../tests/virmockdbus.c:33:18: error: 'dbus_bus_get' redeclared without dllimport attribute: previous dllimport ignored [-Werror=attributes]
	 VIR_MOCK_STUB_RET_ARGS(dbus_bus_get,
	...
	Well duh - mingw lacks dlopen and friends, even if it can support
	dbus.  A similar failure occured in virsystemdtest.c; but in that
	file, we know that systemd is a Linux-only concept.
	* tests/virmockdbus.c: Cripple on mingw.
	* tests/virsystemdtest.c: Cripple on non-Linux.

2014-05-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Fix return value of external checkpoint with no disks
	When doing an external checkpoint of a VM with no disk selected we'd
	return failure but not set error code. This was a result of ret not
	being set to 0 during walking of the disk array.
	Rework early failure checking and set the error code to success before
	iterating the array of disks so that we return success if no disks are
	snapshotted.
	Fixes the following symptom (or without --diskspec for diskless VMs)
	 $ virsh snapshot-create-as snapshot-test  --memspec /tmp/asdf --diskspec hda,snapshot=no
	 error: An error occurred, but the cause is unknown

	qemu: snapshot: Forbid empty snapshots
	If neither disks nor memory are selected for snapshot we'd record
	metadata in case of external snapshot and do a disk snapshot in case of
	external disk snapshot. Forbid this as it doesn't make much sense.

	qemu: snapshot: Forbid partial internal snapshots
	qemu's savevm command does a snapshot of all non readonly disks of a VM.
	Libvirt though allowed disabling snapshot for certain disk of a VM.

	qemu: snapshot: Use typecasted switch in qemuDomainSnapshotPrepare()
	Convert the switch to a typecasted value so that the compiler tracks
	additions for us.

2014-05-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: domain events support
	Support events for these functions:
	 - domainDefineXML
	 - domainUndefine
	 - domainCreate{WithFlags,XML}
	 - domainDestroy

2014-05-20  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	migration: add support for migrateURI configuration
	For now, we set the migration URI via command line '--migrate_uri' or
	construct the URI by looking up the dest host's hostname which could be
	solved by DNS automatically.
	But in cases the dest host have two or more NICs to reach, we may need to
	send the migration data over a specific NIC which is different from the
	automatically resolved one for some reason like performance, security, etc.
	Thus we must explicitly specify the migrateuri in command line everytime,
	but it is too troublesome if there are many such hosts (and don't forget
	virt-manager).
	This patch adds a configuration file option on dest host to save the
	default value set which can be specified to a migration hostname or
	one of this host's addresses used for transferring data, thus user doesn't
	have to specify it in command line everytime.

2014-05-20  Laine Stump  <laine@laine.org>

	util: refactor virNetlinkCommand to fix several bugs / style problems
	Inspired by a simpler patch from "Wangrui (K) <moon.wangrui@huawei.com>".
	A submitted patch pointed out that virNetlinkCommand() was doing an
	improper typecast of the return value from nl_recv() (int to
	unsigned), causing it to miss error returns, and that even after
	remedying that problem, virNetlinkCommand() was calling VIR_FREE() on
	the pointer returned from nl_recv() (*resp) even if nl_recv() had
	returned an error, and that in this case the pointer was verifiably
	invalid, as it was pointing to memory that had been allocated by
	libnl, but then freed prior to returning the error.
	While reviewing this patch, I noticed several other problems with this
	seemingly simple function (at least one of them as serious as the
	problem being reported/fixed by the aforementioned patch), and decided
	they all deserved to be fixed. Here is the list:
	1) The return value from nl_recv() must be assigned to an int (rather
	   than unsigned int) in order to detect failure.
	2) When nl_recv() returns an error or 0, the contents of *resp is
	   invalid, and should be simply set to 0, *not* VIR_FREE()'d.
	3) When nl_recv() returns 0, errno is not set, so the logged error
	   message should not reference errno (it *is* an error though).
	4) The first error return from virNetlinkCommand returns -EINVAL,
	   incorrectly implying that the caller can expect the return value to
	   be of the "-errno" variety, which is not true in any other case.
	5) The 2nd error return returns directly with garbage in *resp. While
	   the caller should never use *resp in this case, it's still good
	   practice to set it to NULL.
	6) For the next 5 (!!) error conditions, *resp will contain garbage,
	   and virNetlinkCommand() will goto it's cleanup code which will
	   VIR_FREE(*resp), almost surely leading to a segfault.
	In addition to fixing these 6 problems, this patch also makes the
	following two changes to make the function conform more closely to the
	style of other libvirt code:
	1) Change the handling of return code from "named rc and defaulted to
	0, but changed to -1 on error" to the more common "named ret and
	defaulted to -1, but changed to 0 on success".
	2) Rename the "error" label to "cleanup", since the code that follows
	is executed in success cases as well as failure.

2014-05-20  Eric Blake  <eblake@redhat.com>

	build: nuke more uses of 'sync'
	Commit d5c86278 was incomplete; other functions also triggered
	compiler warnings about collisions in the use of 'sync'.
	* src/qemu/qemu_driver.c (qemuDomainSetTime): Fix another client.
	* tools/virsh-domain-monitor.c (cmdDomTime): Likewise.

2014-05-20  Pavel Hrdina  <phrdina@redhat.com>

	avoid 'sync' as variable name
	Old gcc complains about shadowing 'sync' variable:
	../../src/qemu/qemu_agent.c: In function 'qemuAgentSetTime':
	../../src/qemu/qemu_agent.c:1737: warning: declaration of 'sync'
	  shadows a global declaration [-Wshadow]
	/usr/include/unistd.h:464: warning: shadowed declaration is here
	  [-Wshadow]

	Return error when updating cdrom device
	The commit 84c59ffa improved the way we change ejectable media.
	If for any reason the first "eject" didn't open the tray we
	should return with error.

2014-05-19  Eric Blake  <eblake@redhat.com>

	Revert "maint: prefer enum over int for virstoragefile structs"
	This partially reverts commits b279e52f7 and ea18f8b2.
	It turns out our code base is full of:
	if ((struct.member = virBlahFromString(str)) < 0)
	    goto error;
	Meanwhile, the C standard says it is up to the compiler whether
	an enum is signed or unsigned when all of its declared values
	happen to be positive.  In my testing (Fedora 20, gcc 4.8.2),
	the compiler picked signed, and nothing changed.  But others
	testing with gcc 4.7 got compiler warnings, because it picked
	the enum to be unsigned, but no unsigned value is less than 0.
	Even worse:
	if ((struct.member = virBlahFromString(str)) <= 0)
	    goto error;
	is silently compiled without warning, but incorrectly treats -1
	from a bad parse as a large positive number with no warning; and
	without the compiler's help to find these instances, it is a
	nightmare to maintain correctly.  We could force signed enums
	with a dummy negative declaration in each enum, or cast the
	result of virBlahFromString back to int after assigning to an
	enum value, or use a temporary int for collecting results from
	virBlahFromString, but those actions are all uglier than what we
	were trying to cure by directly using enum types for struct
	values in the first place.  It's better off to just live with int
	members, and use 'switch ((virFoo) struct.member)' where we want
	the compiler to help, than to track down all the conversions from
	string to enum and ensure they don't suffer from type problems.
	* src/util/virstorageencryption.h: Revert back to int declarations
	with comment about enum usage.
	* src/util/virstoragefile.h: Likewise.
	* src/conf/domain_conf.c: Restore back to casts in switches.
	* src/qemu/qemu_driver.c: Likewise.
	* src/qemu/qemu_command.c: Add cast rather than revert.

2014-05-19  Ján Tomko  <jtomko@redhat.com>

	Fix crash in DAC driver with no seclabels
	With dynamic_ownership = 1 but no seclabels, RestoreChardevLabel
	dereferences the NULL seclabel when checking if norelabel is set.
	Remove this check, since it is already done in RestoreSecurityAllLabel
	and if norelabel is set, RestoreChardevLabel is never called.

2014-05-19  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: create VMs in the default place
	Each VM consists of a set of files in PCS: config, hard
	disk images, log file, memory dump. All these files are stored
	in a per-vm directory. When we create a new VM, we can ether specify
	path to the VM or create the VM in a default path
	(<default path>/<vm name>.pvm). This default path can be configured
	with command
	prlsrvctl user set --def-vm-home <path> command.
	Currenty parallels driver creates VM in the same place, where first
	hard disk is located. Let's change this logic and create VMs in
	the default path. It will be much clearer and allow us to create
	VMs without hard disks.

	parallels: add disks correctly
	Disks support in this driver was implemented with an assumption,
	that disk images can't be created by hand, without VM. So
	complex storage driver was implemented with workaround.
	This is not true, we can create new disks using ploop tool.
	So the first step to reimplement disks support in parallels
	driver is to do not use information from the storage driver,
	until we will implement VIR_STORAGE_TYPE_VOLUME disks.
	So after this patch disks can be added in the same way as
	in any other driver: you create a disk image and then add
	an entry to the XML definition of the domain with path to that
	image file, for example:
	<disk type='file' device='disk'>
	  <driver type='ploop'/>
	  <source file='/storage/harddisk1.hdd'/>
	  <target dev='sda' bus='sata'/>
	  <address type='drive' controller='0' bus='0' target='0' unit='0'/>
	</disk>
	This patch makes parallels storage driver useless, but I'll fix it
	later. Now you can create an image by hand, using ploop tool,
	and then add it to some domain.

	parallels: set file format in virDomainDef
	Set file format in virDomainDef structure to produce correct
	XML in virDomainGetXMLDesc function.

	parallels: add VIR_STORAGE_FILE_PLOOP format
	Add VIR_STORAGE_FILE_PLOOP format. This format is used
	to store disk images for virtual machines in PCS and containers
	in PCS, OpenVZ and also in Parallels Desktop for Mac.
	This format is described on OpenVZ site -
	https://openvz.org/Ploop (together with ploop devices). It
	consists of XML descriptor and one or more image files: base
	image and deltas. Format of the image files described here:
	https://openvz.org/Ploop/format.
	This patch only adds VIR_STORAGE_FILE_PLOOP constant, consequent
	patches will use it in parallels driver.

2014-05-19  Michal Privoznik  <mprivozn@redhat.com>

	virSecurityDACRestoreSecurityHostdevLabel: Unmark @def as unused
	The domain definition is clearly used a few lines
	below so there's no need to mark @def as unused.

2014-05-19  Ján Tomko  <jtomko@redhat.com>

	docs: add a serial device with a seclabel example

	conf: fix seclabels for chardevs
	We allow a seclabel to be specified in the <source> element
	of a chardev:
	<serial type='file'>
	  <source path='/tmp/serial.file'>
	    <seclabel model='dac' relabel='no'/>
	  </source>
	</serial>
	But we format it outside the source:
	<serial type='file'>
	  <source path='/tmp/serial.file'/>
	  <target port='0'/>
	    <seclabel model='dac' relabel='no'/>
	</serial>
	Move the formatting inside the source to fix this to make the
	seclabel persistent across XML format->parse.
	Introduced by commit f8b08d0 'Add <seclabel> to character devices.'

	Rename virDomainDiskSourceDefFormatSeclabel
	Drop the 'Disk' from the name, as there is nothing disk-specific
	about the function.

2014-05-17  Jim Fehlig  <jfehlig@suse.com>

	security_dac: honor relabel='no' in chardev config
	The DAC driver ignores the relabel='no' attribute in chardev config
	  <serial type='file'>
	    <source path='/tmp/jim/test.file'>
	      <seclabel model='dac' relabel='no'/>
	    </source>
	    <target port='0'/>
	  </serial>
	This patch avoids labeling chardevs when relabel='no' is specified.

	security_dac: avoid relabeling hostdevs when relabel='no'
	When relabel='no' at the domain level, there is no need to call
	the hostdev relabeling functions.

	security_dac: honor relabel='no' in disk config
	https://bugzilla.redhat.com/show_bug.cgi?id=999301
	The DAC driver ignores the relabel='no' attribute in disk config
	  <disk type='file' device='floppy'>
	    <driver name='qemu' type='raw'/>
	    <source file='/some/path/floppy.img'>
	      <seclabel model='dac' relabel='no'/>
	    </source>
	    <target dev='fda' bus='fdc'/>
	    <readonly/>
	  </disk>
	This patch avoid labeling disks when relabel='no' is specified.

	security_dac: avoid relabeling when relabel='no'
	If relabel='no' at the domain level, no need to attempt relabeling
	in virSecurityDAC{Set,Restore}SecurityAllLabel().

	security_dac: rework callback parameter passing
	Currently, the DAC security driver passes callback data as
	    void params[2];
	    params[0] = mgr;
	    params[1] = def;
	Clean this up by defining a structure for passing the callback
	data.  Moreover, there's no need to pass the whole virDomainDef
	in the callback as the only thing needed in the callbacks is
	virSecurityLabelDefPtr.

	security_dac: cleanup use of enum types
	In switch statements, use enum types since it is safer when
	adding new items to the enum.

	security_dac: annotate some functions with ATTRIBUTE_NONNULL
	Annotate some static function parameters with ATTRIBUTE_NONNULL
	and remove checks for NULL inputs.

2014-05-17  Eric Blake  <eblake@redhat.com>

	maint: fix typos related to disk name resolution
	In a number of APIs, the text implied that a user might have
	<target dev='xvda'/> - but common convention is to use "vda",
	not "xvda".  For example, virDomainGetDiskErrors was correct,
	while virDomainBlockStats was confusing.
	* src/libvirt.c: Make examples consistent.

2014-05-16  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	util: fix memory leak in failure path of virCgroupKillRecursiveInternal
	Don't leak keypath when we fail to kill a process

2014-05-16  Eric Blake  <eblake@redhat.com>

	maint: prefer enum over int for virstoragefile structs
	For internal structs, we might as well be type-safe and let the
	compiler help us with less typing required on our part (getting
	rid of casts is always nice).  In trying to use enums directly,
	I noticed two problems in virstoragefile.h that can't be fixed
	without more invasive refactoring: virStorageSource.format is
	used as more of a union of multiple enums in storage volume
	code (so it has to remain an int), and virStorageSourcePoolDef
	refers to pooltype whose enum is declared in src/conf, but where
	src/util can't pull in headers from src/conf.
	* src/util/virstoragefile.h (virStorageNetHostDef)
	(virStorageSourcePoolDef, virStorageSource): Use enums instead of
	int for fields of internal types.
	* src/qemu/qemu_command.c (qemuParseCommandLine): Cover all values.
	* src/conf/domain_conf.c (virDomainDiskSourceParse)
	(virDomainDiskSourceFormat): Simplify clients.
	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive)
	(qemuDomainSnapshotPrepareDiskExternalBackingInactive)
	(qemuDomainSnapshotPrepareDiskExternalOverlayActive)
	(qemuDomainSnapshotPrepareDiskInternal): Likewise.

	maint: shorten 'TypeType' function names
	The VIR_ENUM_DECL/VIR_ENUM_IMPL helper macros already append 'Type'
	to the enum name being converted; it looks silly to have functions
	with 'TypeType' in their name.  Even though some of our enums have
	to have a 'Type' suffix, the corresponding string conversion
	functions do not.
	* src/conf/secret_conf.h (VIR_ENUM_DECL): Rename virSecretUsageType.
	* src/conf/storage_conf.h (VIR_ENUM_DECL): Rename
	virStoragePoolAuthType, virStoragePoolSourceAdapterType,
	virStoragePartedFsType.
	* src/conf/domain_conf.c (virDomainDiskDefParseXML)
	(virDomainFSDefParseXML, virDomainFSDefFormat): Update callers.
	* src/conf/secret_conf.c (virSecretDefParseUsage)
	(virSecretDefFormatUsage): Likewise.
	* src/conf/storage_conf.c (virStoragePoolDefParseAuth)
	(virStoragePoolDefParseSource, virStoragePoolSourceFormat):
	Likewise.
	* src/lxc/lxc_controller.c (virLXCControllerSetupLoopDevices):
	Likewise.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskPartFormat): Likewise.
	* src/util/virstorageencryption.c (virStorageEncryptionSecretParse)
	(virStorageEncryptionSecretFormat): Likewise.
	* tools/virsh-secret.c (cmdSecretList): Likewise.
	* src/libvirt_private.syms (secret_conf.h, storage_conf.h): Export
	corrected names.

	maint: use enum typedef for virstorageencryption.h
	Continuing the work of consistent enum cleanups; this time in
	virstorageencryption.h.
	* src/util/virstorageencryption.h (virStorageEncryptionFormat):
	Convert to typedef, renaming to avoid collision with function.
	(virStorageEncryptionSecret, virStorageEncryption): Directly use
	enums.

	vbox: fix stale comment about vdi storage type
	The code had some todo's about adding 'vdi' to the list of
	virStorageType, but we've already done that.
	* src/vbox/vbox_tmpl.c (vboxStorageVolCreateXML)
	(vboxStorageVolGetXMLDesc): Use enum value for vdi type.

2014-05-15  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement virDomain{Get,Set}Time
	One caveat though, qemu-ga is expecting time and returning time
	in nanoseconds. With all the buffering and propagation delay, the
	time is already wrong once it gets to the qemu-ga, but there's
	nothing we can do about it.

	virsh: Expose virDomain{Get,Set}Time
	These APIs are exposed under new virsh command 'domtime' which both gets
	and sets (not at the same time of course :)).

	Introduce virDomain{Get,Set}Time APIs
	These APIs allow users to get or set time in a domain, which may come
	handy if the domain has been resumed just recently and NTP is not
	configured or hasn't kicked in yet and the guest is running
	something time critical. In addition, NTP may refuse to re-set the clock
	if the skew is too big.
	In addition, new ACL attribute is introduced 'set_time'.

2014-05-15  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid leak in qemuDomainCheckRemoveOptionalDisk
	Coverity complains about event being leaked in
	qemuDomainCheckRemoveOptionalDisk. The best fix for it is to remove the
	disk directly since we already know its index.

2014-05-15  Jim Fehlig  <jfehlig@suse.com>

	security_dac: Fix indentation

	security_dac: Remove unnecessary curly braces

	security_dac: Remove unnecessary ATTRIBUTE_UNUSED
	Remove ATTRIBUTE_UNUSED on several function parameters that are
	actually used.

2014-05-15  Li Yang  <liyang.fnst@cn.fujitsu.com>

	virsh: reject undefine --wipe-storage without also naming storage
	For now, if only '--wipe-storage' is assigned, user can undefine a
	domain normally. But actually '--wipe-storage' doesn't do anything,
	and this may confuse user. Better is to require that '--wipe-storage'
	only works if the user specifies volumes to be removed.
	Before:
	$ virsh undefine virt-tests-vm1 --wipe-storage
	Domain virt-tests-vm1 has been undefined
	After:
	$ virsh undefine virt-tests-vm1 --wipe-storage
	error: '--wipe-storage' requires '--storage <string>' or '--remove-all-storage'

2014-05-15  Julio Faracco  <jcfaracco@gmail.com>

	conf: use typedefs for enums in "src/conf/snapshot_conf.h"
	In "src/conf/" there are many enumeration (enum) declarations.
	Similar to the recent cleanup to "src/util" directory, it's
	better to use a typedef for variable types, function types and
	other usages. Other enumeration and folders will be changed to
	typedef's in the future. Most of the files changed in this
	commit are related to snapshot (snapshot_conf) enums.

	conf: use typedefs for enums in "src/conf/storage_conf.h"
	In "src/conf/" there are many enumeration (enum) declarations.
	Similar to the recent cleanup to "src/util" directory, it's
	better to use a typedef for variable types, function types and
	other usages. Other enumeration and folders will be changed to
	typedef's in the future. Most of the files changed in this
	commit are related to storage (storage_conf) enums.

2014-05-14  Julio Faracco  <jcfaracco@gmail.com>

	conf: use typedefs for enums in "src/conf/nwfilter_conf.h"
	In "src/conf/" there are many enumeration (enum) declarations.
	Similar to the recent cleanup to "src/util" directory, it's better
	to use a typedef for variable types, function types and other
	usages. Other enumeration and folders will be changed to typedef's
	in the future. Most of the files changed in this commit are related
	to network filter (nwfilter_conf) enums.

2014-05-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Ignore temporary job errors when checking migration status
	When qemu driver is polling for migration to finish (in
	qemuMigrationWaitForCompletion), it may happen that another job allowed
	during migration is running and if it does not finish within 30 seconds,
	migration would be cancelled because of that. However, we can just
	ignore the timeout and let the waiting loop try again later.
	If an event fired at the end of migration is ever implemented in QEMU,
	we can just wait for the event instead of polling for migration status
	and libvirt will behave consistently, i.e., migration won't be cancelled
	in case another job started during migration takes long time to finish.
	For bug https://bugzilla.redhat.com/show_bug.cgi?id=1083238

	qemu: Make qemuProcess{Start,Stop}CPUs easier to follow
	As a side effect, the return value of qemuDomainObjEnterMonitorAsync is
	not directly used as the return value of qemuProcess{Start,Stop}CPUs.

	qemuDomainObjBeginNestedJob: Return -2 for temporary failures
	If job queue is full or waiting for a job times out, the function
	returns -2 so that it can be handled in a different way by callers.
	The change is safe since all existing callers of
	qemuDomainObjBeginNestedJob check the return value to be less than zero.

	qemu: Make qemuDomainObjBeginNestedJob static
	It's only used within qemu_domain.c.

2014-05-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Terminate job when memory compression program isn't found
	If the compression program for external snapshot memory image isn't
	found we exitted the function without terminating the domain job. This
	caused the domain to be unusable.
	The problem was introduced in commit 7df5093f.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1097503

2014-05-14  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	qemu: extract common PCI handling functions
	Move sharable PCI handling functions to domain_addr.[ch], and
	change theirs prefix from 'qemu' to 'vir':
	 - virDomainPCIAddressAsString;
	 - virDomainPCIAddressBusSetModel;
	 - virDomainPCIAddressEnsureAddr;
	 - virDomainPCIAddressFlagsCompatible;
	 - virDomainPCIAddressGetNextSlot;
	 - virDomainPCIAddressReleaseSlot;
	 - virDomainPCIAddressReserveAddr;
	 - virDomainPCIAddressReserveNextSlot;
	 - virDomainPCIAddressReserveSlot;
	 - virDomainPCIAddressSetFree;
	 - virDomainPCIAddressSetGrow;
	 - virDomainPCIAddressSlotInUse;
	 - virDomainPCIAddressValidate;
	The only change here is function names, the implementation itself
	stays untouched.
	Extract common allocation code from DomainPCIAddressSetCreate
	into virDomainPCIAddressSetAlloc.

	qemu: extract PCI handling structs
	Introduce new files (domain_addr.[ch]) to provide
	an API for domain device handling that could be
	shared across the drivers.
	A list of data types were extracted and moved there:
	 qemuDomainPCIAddressBus -> virDomainPCIAddressBus
	 qemuDomainPCIAddressBusPtr -> virDomainPCIAddressBusPtr
	 _qemuDomainPCIAddressSet -> virDomainPCIAddressSet
	 qemuDomainPCIAddressSetPtr -> virDomainPCIAddressSetPtr
	 qemuDomainPCIConnectFlags -> virDomainPCIConnectFlags
	Also, move the related definitions and macros.

2014-05-13  Martin Kletzander  <mkletzan@redhat.com>

	sanlock: avoid leak in acquire()

2014-05-13  John Ferlan  <jferlan@redhat.com>

	qemu: Adjust size for qcow2/qed if not on sector boundary
	https://bugzilla.redhat.com/show_bug.cgi?id=1002813
	If qemuDomainBlockResize() is passed a size not on a KiB boundary - that
	is passed a size based in bytes (VIR_DOMAIN_BLOCK_RESIZE_BYTES), then
	depending on the source format (qcow2 or qed), the value passed must
	be on a sector (or 512 byte) boundary. Since other libvirt code quietly
	adjusts the capacity values, then do so here as well.

	Revert "qemu: Adjust size for qcow2/qed if not on sector boundary"
	This reverts commit e3d66229a1026cd33319714c0ededf650cd261c2.

2014-05-13  Peter Krempa  <pkrempa@redhat.com>

	virsh: domain: Fix output of the VNC display number for domdisplay
	Commit 9976c4b9a665f10ab0d2071954efb7f432d194eb broke the output for VNC
	displays as the port number is converted to VNC display number by
	subtracting 5900. This yields port 0 for the first display and thus the
	output would be skipped.
	Before:
	 $ virsh domdisplay VM
	 vnc://localhost
	After:
	 $ tools/virsh domdisplay VM
	 vnc://localhost:0

2014-05-13  Martin Kletzander  <mkletzan@redhat.com>

	sanlock: don't fail with unregistered domains
	When a domain was started without registration in sanlock, but libvirt
	was restarted after that, most of the operations failed due to
	contacting sanlock about that process.  E.g. migration could not be
	performed because the locks couldn't be released (or inquired before a
	release).
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1088034

	sanlock: code movement in virLockManagerSanlockAcquire
	Just move some code around for future patches to ease the review.
	With this patch there is no need for drastic cleanup path later.

2014-05-13  Michal Privoznik  <mprivozn@redhat.com>

	apibuild: Disallow 'returns' return description
	Our documentation generator is a bit messy, to say the least. For
	instance, the description to return values of a function is
	searched within C comment. Currently, all lines that start with
	'returns' or 'Returns' are viewed as return value description.
	However, there are some valid uses where the 'returns' word is in
	the middle of a sentence describing function behavior not the
	return value. And there are no places where 'returns' is used to
	describe return values.  For instance:
	virDomainDetachDeviceFlags, virConnectNetworkEventRegisterAny and
	virDomainGetDiskErrors. This leads to HTML documemtation being
	generated incorrectly.

2014-05-13  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	qemu: Support mountpoints option of guest-fsfreeze-freeze
	With this patch, virDomainFSFreeze will pass the mountpoints argument
	to qemu guest agent. For example,
	  virDomainFSFreeze(dom, {"/mnt/vol1", "/mnt/vol2"}, 2, 0)
	will issue qemu guest agent command:
	  {"execute":"guest-fsfreeze-freeze",
	   "arguments":{"mountpoints":["/mnt/vol1","/mnt/vol2"]}}
	Acked-by: Daniel P. Berrange <berrange@redhat.com>

	virsh: Expose new virDomainFSFreeze and virDomainFSThaw API
	These are exposed under domfsfreeze command and domfsthaw command.

	qemu: Implement virDomainFSFreeze and virDomainFSThaw
	Use qemuDomainSnapshotFSFreeze() and qemuDomainSnapshotFSFThaw() which are
	already implemented for snapshot quiescing.

2014-05-13  Eric Blake  <eblake@redhat.com>

	maint: fix typos related to 'frozen'
	"Freezed" is not an English word.
	* src/lxc/lxc_driver.c (lxcFreezeContainer): Fix typo.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotFSFreeze): Likewise.

2014-05-13  Julio Faracco  <jcfaracco@gmail.com>

	conf: use typedefs for enums in node_device_conf, nwfilter_params
	In "src/conf/" there are many enumeration (enum) declarations. Similar
	to the recent cleanup to "src/util" directory, it's better to use a
	typedef for variable types, function types and other usages. Other
	enumeration and folders will be changed to typedef's in the future.
	Most of the files changed in this commit are reltaed to Node and
	Network (node_device_conf.h and nwfilter_params.*) enums.

2014-05-13  James Shubin  <james@shubin.ca>

	docs: mention vagrant-libvirt in apps.html
	Doc patch for apps.html as per: http://libvirt.org/apps.html#add
	Disclaimer: I've contributed patches to the project that this commit
	adds.
	Vagrant-Libvirt is an excellent way to use vagrant with libvirt. This
	way you can benefit from the vagrant features, while not loosing access
	to the familiar (and useful) tools such as virsh and virt-manager.
	Development currently at:
	https://github.com/pradels/vagrant-libvirt/
	although recent contributors include:
	https://github.com/sciurus/vagrant-libvirt/
	and:
	https://github.com/purpleidea/vagrant-libvirt/
	see git log for more details.

2014-05-13  Chunyan Liu  <cyliu@suse.com>

	update documentation of <interface type='hostdev'>
	<interface type='hostdev' managed='yes'> is supported, but
	nowhere mentions 'managed' in <interface type='hostdev'> syntax.
	Update documentation to cover it.

	libxl: fix support for <interface type="hostdev"> syntax
	A VIR_DOMAIN_NET_TYPE_HOSTDEV interface device is really a hostdev
	device, which is created by the libxl driver in libxlMakePCIList().
	There is no need to create a libxl_device_nic for such hostdev
	devices, so skip interfaces of type VIR_DOMAIN_NET_TYPE_HOSTDEV in
	libxlMakeNicList().

2014-05-13  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	maint: use $(SED) instead of sed for syntax-check
	Some syntax-check rules use GNU sed specific regexps, so make
	sure we're using $(SED) instead of sed, which might not be a
	GNU sed.

2014-05-12  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: implement connectGetSysinfo

2014-05-12  Oleg Strikov  <oleg.strikov@canonical.com>

	qemu: Implement a stub cpuArchDriver.compare() handler for arm and aarch64
	Libvirt calls cpuArchDriver.compare() while doing guest migration.
	We don't have any logic to distinguish between different arm and
	aarch64 models that's why this patch allows migration to any host.

2014-05-10  Dawid Zamirski  <dzamirski@dattobackup.com>

	ESX: add virStorageVolGetInfo in iSCSI backend.
	Since the ESX storage implements VMFS and iSCSI storage backends and
	chooses relevant backend dynamically at runtime, there was a segfault
	when issuing vol-info on iSCSI volume due to unimplemented
	virStorageGetInfo function. This patch implements that function that was
	missing in iSCSI backend and returns expected result without a segfault.

2014-05-07  John Ferlan  <jferlan@redhat.com>

	storage: Resolve issues in failure path
	https://bugzilla.redhat.com/show_bug.cgi?id=1092882
	Refactoring in commit id '0c2305b3' resulted in the wrong storage
	volume object being passed to the new storageVolDeleteInternal().
	It should have passed 'voldef' which is the address found in the
	pool->volumes.objs[i] array.  By passing 'voldef', the DeleteInternal
	code will find and remove the voldef from the volumes.objs[] list.

2014-05-07  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add a set of trivial functions
	Add functions parallelsIsAlive, parallelsIsEncrypted,
	parallelsIsSecure which are very simple to implement, but
	may be required by some libvirt users. Almost all other
	drivers have these functions.

	parallels: don't add domain to the list twice
	There is a problem with function parallelsDomainDefineXML. If we
	are defining a new domain, then we need to do 2 things: aclually
	create a VM in PCS and add new domain to the cached list of domains
	_parallelsConn.domains.
	This is done in the function parallelsLoadDomains. So call to
	virDomainObjListAdd will return a error, because a domain
	with the same name and id will already be in the list.

	parallels: don't enable VNC when we define a new domain
	I added this code year ago, instead of implementing ability
	to change VNC configuration, which was not trivial, I added
	extra call to prlctl, which sets up VNC with auto port, despite
	VNC configuration given by a user.
	Let's remove this hack, because, first, it doesn't work on the
	latest Parallels Cloud Server release (you have to either specify
	--vnc-nopasswd option or password). And also has problem with
	error handling. If second call to prlctl fails, VM, created by
	first call to prlctl, will not be removed.

	parallels: fix virDomainDef.features comparison
	virDomainDef.features became an array, so now we can't simply
	compare one features variable to another. We need to compare
	each each element from the array.

2014-05-07  John Ferlan  <jferlan@redhat.com>

	qemu: Adjust size for qcow2/qed if not on sector boundary
	https://bugzilla.redhat.com/show_bug.cgi?id=1002813
	If qemuDomainBlockResize() is passed a size not on a KiB boundary - that
	is passed a size based in bytes (VIR_DOMAIN_BLOCK_RESIZE_BYTES), then
	depending on the source format (qcow2 or qed), the value passed must
	be on a sector (or 512 byte) boundary. Since other libvirt code quietly
	adjusts the capacity values, then do so here as well - of course ensuring
	that adjustment still fits.

2014-05-07  Ján Tomko  <jtomko@redhat.com>

	Add support for timestamping QEMU logs
	QEMU commit 5e2ac51 added a boolean '-msg timestamp=[on|off]'
	option, which can enable timestamps on errors:
	$ qemu-system-x86_64 -msg timestamp=on zghhdorf
	2014-04-09T13:25:46.779484Z qemu-system-x86_64: -msg timestamp=on: could
	not open disk image zghhdorf: Could not open 'zghhdorf': No such file or
	directory
	Enable this timestamp if the QEMU binary supports it.
	Add a 'log_timestamp' option to qemu.conf for disabling this behavior.

2014-05-07  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	qemu: track quiesced status in qemuDomainSnapshotFSFreeze
	Adds 'quiesced' status into qemuDomainObjPrivate that tracks whether
	FSFreeze is requested in the domain.
	It modifies error code from qemuDomainSnapshotFSFreeze and
	qemuDomainSnapshotFSThaw, so that a caller can know whether the command is
	actually sent to the guest agent. If the error is caused before sending a
	freeze command, a counterpart thaw command shouldn't be sent either, not to
	confuse fsfreeze status tracking.

	remote: Implement virDomainFSFreeze and virDomainFSThaw
	New rules are added in fixup_name in gendispatch.pl to keep the name
	FSFreeze and FSThaw. This adds a new ACL permission 'fs_freeze',
	which is also applied to VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE flag.
	Acked-by: Daniel P. Berrange <berrange@redhat.com>

	Introduce virDomainFSFreeze() and virDomainFSThaw() public API
	These will freeze and thaw filesystems within guest specified by
	@mountpoints parameters. The parameters can be NULL and 0, then all
	mounted filesystems are frozen or thawed. @flags parameter, which are
	currently not used, is for future extensions.

2014-05-07  Giuseppe Scrivano  <gscrivan@redhat.com>

	udev: consider the device a CDROM when ID_CDROM=1
	Some CDROM devices are reported by udev to have an ID_TYPE="generic"
	thus it is necessary to check if ID_CDROM is present.
	As a side effect, treating ID_TYPE="generic" as a missing ID_TYPE will
	enable checks for ID_DRIVE_FLASH_SD and ID_DRIVE_FLOPPY and the
	udevKludgeStorageType heuristic.

2014-05-07  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: update README-hacking
	We don't have a "README-valgrind" file.
	So remove related description.

2014-05-06  Cole Robinson  <crobinso@redhat.com>

	virdbus: Make virDBusCall static

	virerror: Fix an error message typo

2014-05-06  Daniel P. Berrange  <berrange@redhat.com>

	LSN-2014-0003: Don't expand entities when parsing XML
	If the XML_PARSE_NOENT flag is passed to libxml2, then any
	entities in the input document will be fully expanded. This
	allows the user to read arbitrary files on the host machine
	by creating an entity pointing to a local file. Removing
	the XML_PARSE_NOENT flag means that any entities are left
	unchanged by the parser, or expanded to "" by the XPath
	APIs.

2014-05-06  Jiri Denemark  <jdenemar@redhat.com>

	spec: Don't install nonexistent test_libvirt_lockd.aug
	test_libvirt_lockd.aug is only generated when qemu driver is enabled.

	spec: sanlock is x86_64 only on RHEL

2014-05-06  Laine Stump  <laine@laine.org>

	qemu: specify domain in host-side PCI addresses when needed/supported
	This uses the new QEMU_CAPS_HOST_PCI_MULTIDOMAIN capability when
	present, for -devivce pci-assign, -device vfio-pci, and -pcidevice.
	While creating tests for this new functionality, I noticed that the
	xmls for two existing tests had erroneously specified an
	until-now-ignored domain="0x0002", so I corrected those two tests, and
	also added two failure tests to be sure that we alert users who
	attempt to use a non-zero domain with a qemu that doesn't support it.

	qemu: add host-pci-multidomain capability
	Quite a long time ago, (apparently between qemu 0.12 and 0.13) qemu
	quietly began supporting the optional specification of a domain in the
	host-side address of all pci passthrough commands (by simply
	prepending it to the bus:slot.function format, as
	"dddd:bb:ss.f"). Since machines with multiple PCI domains are very
	rare, this never came up in practice, so libvirt was never updated to
	support it.
	This patch takes the first step to supporting specification of a non-0
	domain in the host-side address of PCI devices being assigned to a
	domain, by adding a capability bit to indicate support
	"QEMU_CAPS_HOST_PCI_MULTIDOMAIN", and detect it. Since this support
	was added in a version prior to the minimum version required for
	QMP-style capabilities detection, the capability is always enabled for
	any qemu that uses QMP for capabilities detection. For older qemus,
	the only clue that a domain can be specified in the host pci address
	is the presence of the string "[seg:]" in the help string for
	-pcidevice. (Ironically, libvirt will not be modified to support
	specification of domain for -pcidevice, since any qemu new enough for
	us to care about also supports "-device pci-assign" or "-device
	vfio-pci", which are greatly preferred).

2014-05-06  Michal Privoznik  <mprivozn@redhat.com>

	storageVolCreateXMLFrom: Allow multiple accesses to origvol
	When creating a new volume, it is possible to copy data into it from
	another already existing volume (referred to as @origvol). Obviously,
	the read-only access to @origvol is required, which is thread safe
	(probably not performance-wise though). However, with current code
	both @newvol and @origvol are marked as building for the time of
	copying data from the @origvol to @newvol. The rationale behind
	is to disallow some operations on both @origvol and @newvol, e.g.
	vol-wipe, vol-delete, vol-download. While it makes sense to not allow
	such operations on partly copied mirror, but it doesn't make sense to
	disallow vol-create or vol-download on the source (@origvol).

2014-05-06  Ján Tomko  <jtomko@redhat.com>

	Fix build wihout macvtap or virtualport
	Commit 1b14c44 broke the build on FreeBSD by changing
	the signature of a few functions without updating the
	corresponding stubs that are used when WITH_MACVTAP
	or WITH_VIRTUALPORT is not defined.

2014-05-06  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix a typo in formatdomain
	s/virual/virtual

2014-05-06  Julio Faracco  <jcfaracco@gmail.com>

	conf: use typedefs for enums in "src/conf/{network,interface}_conf.h"
	In "src/conf/" there are many enumeration (enum) declarations.
	Similar to the recent cleanup to "src/util" directory, it's
	better to use a typedef for variable types, function types and
	other usages. Other enumeration and folders will be changed to
	typedef's in the future. Most of the files changed in this commit
	are reltaed to Network (network_conf.* and interface_conf.*) enums.

	conf: use typedefs for enums in "src/conf/cpu_conf.h"
	In "src/conf/" there are many enumeration (enum) declarations.
	Similar to the recent cleanup to "src/util" directory, it's
	better to use a typedef for variable types, function types and
	other usages. Other enumeration and folders will be changed to
	typedef's in the future. Most of the files changed in this commit
	are related to CPU (cpu_conf) enums.

	util: use typedefs for enums in "src/util/" directory
	In "src/util/" there are many enumeration (enum) declarations.
	Sometimes, it's better using a typedef for variable types,
	function types and other usages. Other enumeration will be
	changed to typedef's in the future.

2014-05-06  Li Yang  <liyang.fnst@cn.fujitsu.com>

	virsh: Replace list element to defined variable

2014-05-06  Jim Fehlig  <jfehlig@suse.com>

	libxl: support PARAVIRT reboot flag
	Add support for the VIR_DOMAIN_REBOOT_PARAVIRT flag in
	libxlDomainReboot().

	libxl: support PARAVIRT and ACPI shutdown flags
	Add support for VIR_DOMAIN_SHUTDOWN_PARAVIRT and
	VIR_DOMAIN_SHUTDOWN_ACPI_POWER_BTN flags in
	libxlDomainShutdownFlags().

	Introduce a new flag for controlling shutdown/reboot
	Add a new flag to virDomain{Reboot,Shutdown}FlagValues to allow
	shutting down and rebooting a domain via the Xen paravirt control
	interface.

2014-05-06  Eric Blake  <eblake@redhat.com>

	conf: drop extra storage probe
	All callers of virStorageFileGetMetadataFromBuf were first calling
	virStorageFileProbeFormatFromBuf, to learn what format to pass in.
	But this function is already wired to do the exact same probe if
	the incoming format is VIR_STORAGE_FILE_AUTO, so it's simpler to
	just refactor the probing into the central function.
	* src/util/virstoragefile.h (virStorageFileGetMetadataFromBuf):
	Drop parameter.
	(virStorageFileProbeFormatFromBuf): Drop declaration.
	* src/util/virstoragefile.c (virStorageFileGetMetadataFromBuf):
	Do probe here instead of in callers.
	(virStorageFileProbeFormatFromBuf): Make static.
	* src/libvirt_private.syms (virstoragefile.h): Drop function.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Update caller.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Likewise.

2014-05-05  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: report cpuTime in bhyveDomainGetInfo
	Add a helper function virBhyveGetDomainTotalCpuStats() to
	obtain process CPU time using kvm (kernel memory interface)
	and use it to set cpuTime field of the virDomainInfo struct in
	bhyveDomainGetInfo().

2014-05-05  Martin Kletzander  <mkletzan@redhat.com>

	typos: fix s/it/is/ where applicable

2014-05-05  Li Yang  <liyang.fnst@cn.fujitsu.com>

	datatypes: Fix comment of secret uuid

2014-05-04  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: implement connectDomainXMLToNative
	The only accepted format for now is 'bhyve-argv' which
	prints out a bhyve command corresponding to the given
	domain definition.

	bhyve: improve bhyve_command.c testability
	* bhyve_command.c (bhyveBuildNetArgStr, virBhyveProcessBuildBhyveCmd):
	  add dryRun mode which doesn't create any devices when enabled
	* bhyve_command.c (virBhyveProcessBuildBhyveCmd,
	  virBhyveProcessBuildDestroyCmd, virBhyveProcessBuildLoadCmd): accept
	  virDomainDefPtr instead of virDomainObjPtr.

2014-05-04  Ján Tomko  <jtomko@redhat.com>

	Fix vlan ID detection in udev interface driver
	Instead of guessing it from the interface name, look into
	/proc/net/vlan/<interface>.
	This works for devices not named <real_device>.<vlan ID>,
	avoiding an error flood when virt-manager keeps asking about
	them every second:
	https://bugzilla.redhat.com/show_bug.cgi?id=966329

2014-05-04  John Ferlan  <jferlan@redhat.com>

	Bump version to 1.2.5 for new dev cycle

2014-05-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.4
	* docs/news.html.in libvirt.spec.in: updates for release
	* po/*.po*: fetched new localization and regenerated

2014-05-03  Guido Günther  <agx@sigxcpu.org>

	Explicitly link virfirewalltest and virsystemdtest against dbus
	This fixes link failures like:
	  CCLD     virfirewalltest
	  /usr/bin/ld: virfirewalltest-virfirewalltest.o: undefined reference to
	  symbol 'dbus_message_iter_init_append'

	qemuxml2argvtest: Don't use privileged mode upfront
	When building packages in a clean chroot the QEMU_USER and QEMU_GROUP
	don't exist making VirQemuDriverConfigNew fail with privileged=true.
	Avoid that by not requiring privileged mode upfront but setting it later
	so we skip the user/group existence check.
	This solution was suggested by Daniel P. Berrange and tested by Martin
	Kletzander.

2014-05-02  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	tests: skip virfirewalltest on non-Linux systems
	Currently firewalling is supported on Linux only, so skip the
	virfirewalltest on other platforms.

2014-05-02  John Ferlan  <jferlan@redhat.com>

	Restore skipping of setting capacity
	Commit id 'ac9a0963' refactored out the 'withCapacity' for the
	virStorageBackendUpdateVolInfo() API.  See:
	http://www.redhat.com/archives/libvir-list/2014-April/msg00043.html
	This resulted in a difference in how 'virsh vol-info --pool <poolName>
	<volume>' or 'virsh vol-list vol-list --pool <poolName> --details' outputs
	the capacity information for a directory pool with a qcow2 sparse file.
	For example, using the following XML
	mkdir /home/TestPool
	cat testpool.xml
	<pool type='dir'>
	  <name>TestPool</name>
	  <uuid>6bf80895-10b6-75a6-6059-89fdea2aefb7</uuid>
	  <source>
	  </source>
	  <target>
	    <path>/home/TestPool</path>
	    <permissions>
	      <mode>0755</mode>
	      <owner>0</owner>
	      <group>0</group>
	    </permissions>
	  </target>
	</pool>
	virsh pool-create testpool.xml
	virsh vol-create-as --pool TestPool temp_vol_1 \
	      --capacity 1048576 --allocation 1048576 --format qcow2
	virsh vol-info --pool TestPool temp_vol_1
	Results in listing a Capacity value.  Prior to the commit, the value would
	be '1.0 MiB' (1048576 bytes). However, after the commit the output would be
	(for example) '192.50 KiB', which for my system was the size of the volume
	in my file system (eg 'ls -l TestPool/temp_vol_1' results in '197120' bytes
	or 192.50 KiB). While perhaps technically correct, it's not necessarily
	what the user expected (certainly virt-test didn't expect it).
	This patch restores the code to not update the target capacity for this path

2014-05-02  Martin Kletzander  <mkletzan@redhat.com>

	tests: don't fail with newer gnutls
	gnutls-3.3.0 and newer leaves 2 FDs open in order to be backwards
	compatible when it comes to chrooted binaries [1].  Linking
	commandhelper with gnutls then leaves these two FDs open and
	commandtest fails thanks to that.  This patch does not link
	commandhelper with libvirt.la, but rather only the utilities making
	the test pass.
	Based on suggestion from Daniel [2].
	[1] http://lists.gnutls.org/pipermail/gnutls-help/2014-April/003429.html
	[2] https://www.redhat.com/archives/libvir-list/2014-April/msg01119.html

2014-05-02  Ján Tomko  <jtomko@redhat.com>

	fix build with older gcc
	Older gcc (4.1.2-55.el5, 4.2.1 on FreeBSD) reports bogus warnings:
	../../src/conf/nwfilter_conf.c:2111: warning: 'protocol' may be used
	uninitialized in this function
	../../src/conf/nwfilter_conf.c:2110: warning: 'dataProtocolID' may be
	used uninitialized in this function
	Initialize them to NULL to make the compiler happy.

2014-05-02  Eric Blake  <eblake@redhat.com>

	storage: reject negative indices
	Commit f22b7899 stumbled across a difference between 32-bit and
	64-bit platforms when parsing "-1" as an int.  Now that we've
	fixed that difference, it's time to fix the testsuite.
	* src/util/virstoragefile.c (virStorageFileParseChainIndex):
	Require a positive index.

	util: new stricter unsigned int parsing
	strtoul() is required to parse negative numbers as their
	twos-complement positive counterpart.  But sometimes we want
	to reject negative numbers.  Add new functions to do this.
	The 'p' suffix is a mnemonic for 'positive' (technically it
	also parses 0, but 'non-negative' doesn't lend itself to a
	nice one-letter suffix).
	* src/util/virstring.h (virStrToLong_uip, virStrToLong_ulp)
	(virStrToLong_ullp): New prototypes.
	* src/util/virstring.c (virStrToLong_uip, virStrToLong_ulp)
	(virStrToLong_ullp): New functions.
	* src/libvirt_private.syms (virstring.h): Export them.
	* tests/virstringtest.c (testStringToLong): Test them.

	util: fix uint parsing on 64-bit platforms
	Commit f22b7899 called to light a long-standing latent bug: the
	behavior of virStrToLong_ui was different on 32-bit platforms
	than on 64-bit platforms.  Curse you, C type promotion and
	narrowing rules, and strtoul specification.  POSIX says that for
	a 32-bit long, strtol handles only 2^32 values [LONG_MIN to
	LONG_MAX] while strtoul handles 2^33 - 1 values [-ULONG_MAX to
	ULONG_MAX] with twos-complement wraparound for negatives.  Thus,
	parsing -1 as unsigned long produces ULONG_MAX, rather than a
	range error.  We WANT[1] this same shortcut for turning -1 into
	UINT_MAX when parsing to int; and get it for free with 32-bit
	long.  But with 64-bit long, ULONG_MAX is outside the range
	of int and we were rejecting it as invalid; meanwhile, we were
	silently treating -18446744073709551615 as 1 even though it
	textually exceeds INT_MIN.  Too bad there's not a strtoui() in
	libc that does guaranteed parsing to int, regardless of the size
	of long.
	The bug has been latent since 2007, introduced by Jim Meyering
	in commit 5d25419 in the attempt to eradicate unsafe use of
	strto[u]l when parsing ints and longs.  How embarrassing that we
	are only discovering it now - so I'm adding a testsuite to ensure
	that it covers all the corner cases we care about.
	[1] Ideally, we really want the caller to be able to choose whether
	to allow negative numbers to wrap around to their 2s-complement
	counterpart, as in strtoul, or to force a stricter input range
	of [0 to UINT_MAX] by rejecting negative signs; this will be added
	in a later patch for all three int types.
	This patch is tested on both 32- and 64-bit; the enhanced
	virstringtest passes on both platforms, while virstoragetest now
	reliably fails on both platforms instead of just 32-bit platforms.
	That test will be fixed later.
	* src/util/virstring.c (virStrToLong_ui): Ensure same behavior
	regardless of platform long size.
	* tests/virstringtest.c (testStringToLong): New function.
	(mymain): Comprehensively test string to long parsing.

2014-05-02  Daniel P. Berrange  <berrange@redhat.com>

	Misc error reporting bugs in QEMU cli builder
	A couple of places in the QEMU XML -> ARGV conversion code
	raised an error but then forgot to return an error status
	due to missing gotos. While fixing this also tweak style
	of a couple of other error reports

2014-05-01  Laine Stump  <laine@laine.org>

	qemu: fix crash when removing <filterref> from interface with update-device
	If a domain network interface that contains a <filterref> is modified
	"live" using "virsh update-device --live", libvirtd would crash. This
	was because the code supporting live update of an interface's
	filterref was assuming that a filterref might be added or modified,
	but didn't account for removing the filterref, resulting in a null
	dereference of the filter name.
	Introduced with commit 258fb278, which was first in libvirt v1.0.1.
	This addresses https://bugzilla.redhat.com/show_bug.cgi?id=1093301

2014-05-01  Peter Krempa  <pkrempa@redhat.com>

	storage: Clear all data allocated about backing store before reparsing
	To avoid memory leak of the "backingStoreRaw" field when reparsing
	backing chains a new function is being introduced by this patch that
	shall be used to clear backing store information.
	The memory leak was introduced in commit 8823272d41a259c1246c05d.

2014-05-01  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Tear down temp. filters when tearing all filters
	Refactor the ebiptablesTearNewRules function so that the teardown of temporary
	filters can also be called by the ebiptablesAllTeardown function.
	This fixes a problem that leaves temporary filters behind when a VM shuts down
	while its filters are modified.
	v1->v2:
	  - test cases adjusted to expect more commands

2014-05-01  Michal Privoznik  <mprivozn@redhat.com>

	Device{Attach,Detach}: Document S4 limitations
	https://bugzilla.redhat.com/show_bug.cgi?id=808463
	Well, libvirt doesn't distinguish between domain poweroff and
	hibernation (S4). It's hard to differentiate these two on a real
	machine anyway. As a result, any device that is hot(un-)plugged is
	lost (appears again) when domain is started again as from our POV
	it is a fresh cold boot. Instead of doing anything wise here, we
	should just document this as known limitation.

2014-04-30  Daniel P. Berrange  <berrange@redhat.com>

	Set mknod permission in device ACL for LXC USB devices
	The LXC controller itself needs to mknod the USB device
	node in /dev/bus/usb, so we can't block mknod permission
	from the cgroup.

2014-04-30  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Validate rule after parsing
	An IP or IPv6 rule with port specification but without protocol
	specification cannot be instantiated by ebtables. The documentation
	points to 'protocol' being required but implementation does not
	enforce it to be given.
	Implement a rule validation function that checks whether the rule is
	valid when it is defined. This for example prevents the definition
	of rules like:
	<ip dstportstart='53'>
	where a protocol attribute would be required for it to be valid and for
	ebtables to be able to instantiate it. A valid rule then is:
	<ip protocol='udp' dstportstart='53'>

2014-04-30  Sahid Orentino Ferdjaoui  <sahid.ferdjaoui@cloudwatt.com>

	Add a new example to illustrate domain migration
	This commit adds a new example to illustrate peer to
	peer domain migration with virDomainMigrateToURI.

	Add support for QEMU migration to use SASL authentication
	This commit provides the ability to virDomainMigrateToURI to
	check for SASL credentials when attempts to migrate a domain
	with the driver QEMU.

2014-04-30  Pavel Hrdina  <phrdina@redhat.com>

	networkxml2firewalltest: fix build failure on freebsd
	We need to include the testutils.h also for freebsd.

	virfirewall: fix build on freebsd
	Freebsd doesn't know ENODATA so we have to use different EINVAL
	error code.

2014-04-29  Eric Blake  <eblake@redhat.com>

	conf: avoid null deref during storage probe
	Commit 5c43e2e introduced a NULL deref if there is a failure
	in virStorageFileGetMetadataInternal.
	* src/util/virstoragefile.c (virStorageFileGetMetadataFromBuf):
	Fix error handling.

2014-04-29  Daniel P. Berrange  <berrange@redhat.com>

	Disable libvirtd by default when building on Win32
	We don't support building libvirtd on Win32 since we lack the
	fork/exec feature needed for the stateful drivers. Disable this
	by default, so users can just do 'mingw32-configure' with no
	special args required.

	Don't use SO_REUSEADDR on Win32 platforms
	SO_REUSEADDR on Windows is actually akin to SO_REUSEPORT
	on Linux/BSD. ie it allows 2 apps to listen to the same
	port at once. Thus we must not set it on Win32 platforms
	See http://msdn.microsoft.com/en-us/library/windows/desktop/ms740621.aspx

2014-04-29  Martin Kletzander  <mkletzan@redhat.com>

	qemu: properly quit migration with abort_on_error
	When EIO comes to qemu while it's replying to
	qemuMigrationUpdateJobStatus(), qemu blocks, the migration of RAM can
	complete in the meantime, and when qemu unblocks, it sends us
	BLOCK_IO_ERROR plus migrations "status": "complete".  Even though we
	act upon the BLOCK_IO_ERROR by setting the proper state of the domain,
	the call still waits for the proper reply on monitor for query_migrate
	and after it gets it, it checks that migration is completed and the
	migration is finished.  This is what abort_on_error flag was meant for
	(we can migrate with these errors, but this flag must inhibit such
	behaviour).  Changing the order of the steps guarantees the flag works
	properly.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1045833

	qemu: don't call virFileExists() for network type disks
	Based on suggestion from Eric [1], because it might not get cleaned up
	before the release, so to avoid potential errors.
	[1] https://www.redhat.com/archives/libvir-list/2014-April/msg00929.html

2014-04-29  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: update docs for setting the QEMU BIOS path
	commit ddf2dfa1f79af0405df5ca10583764a497c7a0db
	provided a way to determine which bios files to use.
	But we need to update related docs.
	disccussed at:
	http://www.redhat.com/archives/libvir-list/2012-June/msg01286.html

2014-04-29  Steven McDonald  <steven.mcdonald@anchor.net.au>

	storage_backend_rbd: Correct argument order to rbd_create3
	The stripe_unit and stripe_count arguments are passed to rbd_create3 in
	the wrong order, resulting in a stripe size of 1 byte with 4194304
	stripes on newly created RBD volumes.
	https://bugzilla.redhat.com/show_bug.cgi?id=1092208

2014-04-29  Eric Blake  <eblake@redhat.com>

	enforce sane readdir usage
	Now that all clients have been adjusted, ensure that no future
	misuse of readdir is introduced into the code base.
	* cfg.mk (sc_prohibit_readdir): New rule.
	* src/util/virfile.c (virDirRead): Exempt the wrapper.

2014-04-29  Laine Stump  <laine@laine.org>

	network: use virDirRead in networkMigrateStateFiles
	This attempts to follow the same variable name and usage patterns as
	the other conversions to virDirRead().

2014-04-29  Eric Blake  <eblake@redhat.com>

	storage: use virDirRead API
	More instances of failure to report (unlikely) readdir errors.
	In one case, I chose to ignore them, given that a readdir error
	would be no different than timing out on the loop, where the
	fallback path behaves correctly either way.
	* src/storage/storage_backend.c (virStorageBackendStablePath):
	Ignore readdir errors.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemRefresh): Report readdir errors.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIGetHostNumber): Likewise.
	* src/storage/storage_backend_scsi.c (getNewStyleBlockDevice)
	(getBlockDevice, virStorageBackendSCSIFindLUs): Likewise.

	drivers: use virDirRead API
	Convert all remaining clients of readdir to use the new
	interface, so that we can ensure (unlikely) errors while
	reading a directory are reported.
	* src/openvz/openvz_conf.c (openvzAssignUUIDs): Use new
	interface.
	* src/parallels/parallels_storage.c (parallelsFindVolumes)
	(parallelsFindVmVolumes): Report readdir failures.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Ignore readdir
	failures.
	* src/secret/secret_driver.c (loadSecrets): Likewise.
	* src/qemu/qemu_hostdev.c
	(qemuHostdevHostSupportsPassthroughVFIO): Report readdir failures.
	* src/xen/xen_inotify.c (xenInotifyOpen): Likewise.
	* src/xen/xm_internal.c (xenXMConfigCacheRefresh): Likewise.

	util: use virDirRead API
	In making the conversion to the new API, I fixed a couple bugs:
	virSCSIDeviceGetSgName would leak memory if a directory
	unexpectedly contained multiple entries;
	virNetDevTapGetRealDeviceName could report a spurious error
	from a stale errno inherited before starting the readdir search.
	The decision on whether to store the result of virDirRead into
	a variable is based on whether the end of the loop falls through
	to cleanup code automatically.  In some cases, we have loops that
	are documented to return NULL on failure, and which raise an
	error on most failure paths but not in the case where the directory
	was unexpectedly empty; it may be worth a followup patch to
	explicitly report an error if readdir was successful but the
	directory was empty, so that a NULL return always has an error set.
	* src/util/vircgroup.c (virCgroupRemoveRecursively): Use new
	interface.
	(virCgroupKillRecursiveInternal, virCgroupSetOwner): Report
	readdir failures.
	* src/util/virfile.c (virFileLoopDeviceOpenSearch)
	(virFileNBDDeviceFindUnused, virFileDeleteTree): Use new
	interface.
	* src/util/virnetdevtap.c (virNetDevTapGetRealDeviceName):
	Properly check readdir errors.
	* src/util/virpci.c (virPCIDeviceIterDevices)
	(virPCIDeviceFileIterate, virPCIGetNetName): Report readdir
	failures.
	(virPCIDeviceAddressIOMMUGroupIterate): Use new interface.
	* src/util/virscsi.c (virSCSIDeviceGetSgName): Report readdir
	failures, and avoid memory leak.
	(virSCSIDeviceGetDevName): Report readdir failures.
	* src/util/virusb.c (virUSBDeviceSearch): Report readdir
	failures.
	* src/util/virutil.c (virGetFCHostNameByWWN)
	(virFindFCHostCapableVport): Report readdir failures.

	conf: use virDirRead API
	When reading configuration files, we were silently ignoring
	directory read failures.  While unlikely, we might as well
	report them.
	* src/conf/domain_conf.c (virDomainObjListLoadAllConfigs): Report
	readdir errors.
	* src/conf/network_conf.c (virNetworkLoadAllState)
	(virNetworkLoadAllConfigs): Likewise.
	* src/conf/nwfilter_conf.c (virNWFilterLoadAllConfigs): Likewise.
	* src/conf/storage_conf.c (virStoragePoolLoadAllConfigs):
	Likewise.

2014-04-29  Natanael Copa  <ncopa@alpinelinux.org>

	nodeinfo: use virDirRead API
	This makes sure that errno is reset before readdir is called, even if
	the loop does a 'continue'.
	This fixes issue with musl libc which sets errno on sscanf. The
	following 'continue' makes the errno be set before calling readdir.

	util: introduce virDirRead wrapper for readdir
	Introduce a wrapper for readdir. This helps us make sure that we always
	set errno before calling readdir and it will make sure errors are
	properly logged.

2014-04-29  Martin Kletzander  <mkletzan@redhat.com>

	tests: remove hostdevmgr directory on cleanup

2014-04-29  Jim Fehlig  <jfehlig@suse.com>

	xen: ensure /usr/sbin/xend exists before checking status
	With xend on the way out, installations may not even have
	/usr/sbin/xend, which results in the following error when the
	drivers are probed
	2014-04-28 18:21:19.271+0000: 22129: error : virCommandWait:2426 :
	internal error: Child process (/usr/sbin/xend status) unexpected exit
	status 127: libvirt:  error : cannot execute binary /usr/sbin/xend:
	No such file or directory
	Check for existence of /usr/sbin/xend before trying to run it with
	the 'status' option.

2014-04-28  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus ATTRIBUTE_NONNULL from virFirewallAddRuleFull
	The virFirewallAddRuleFull method originally had a single
	compulsory virFirewallQueryCallback parameter. During dev
	work though the ignoreErrors parameter was added and the
	callback parameter made optional. The ATTRIBUTE_NONNULL
	annotation was never removed though.

	Make autostart of virtlockd actually work
	The virnetsocket.c API is hardcoded to pass --timeout=30 to
	any daemon it auto-starts. For inexplicable reasons the virtlockd
	daemon did not implement the --timeout option, so it would
	immediately exit on autostart with an error.

	Use virFileFindResource to locate virtlockd daemon
	Make the lock plugin use virFileFindResource to find the
	virtlockd daemon path, so that it executes the in-builddir
	daemon if run from source tree.

	Use virFileFindResource to locate libvirtd daemon
	Make the remote driver use virFileFindResource to find the
	libvirt daemon path, so that it executes the in-builddir
	daemon if run from source tree.

2014-04-28  Jiri Denemark  <jdenemar@redhat.com>

	Recheck disk backing chains after snapshot
	When a snapshot operation finishes we have to recheck the backing chain
	of all disks involved in the snapshot. And we need to do that even if
	the operation failed because some of the disks might have changed if
	QEMU did not support transactions.

2014-04-27  Laine Stump  <laine@laine.org>

	network: centralize check for active network during interface attach
	The check for a network being active during interface attach was being
	done individually in several places (by both the lxc driver and the
	qemu driver), but those places were too specific, leading to it *not*
	being checked when allocating a connection/device from a macvtap or
	hostdev network.
	This patch puts a single check in networkAllocateActualDevice(), which
	is always called before the any network interface is attached to any
	type of domain. It also removes all the other now-redundant checks
	from the lxc and qemu drivers.
	NB: the following patches are prerequisites for this patch, in the
	case that it is backported to any branch:
	  440beeb network: fix virNetworkObjAssignDef and persistence
	  8aaa5b6 network: create statedir during driver initialization
	  b9e9549 network: change location of network state xml files
	  411c548 network: set macvtap/hostdev networks active if their state
	          file exists
	This fixes:
	  https://bugzilla.redhat.com/show_bug.cgi?id=880483

	network: set macvtap/hostdev networks active if their state file exists
	libvirt attempts to determine at startup time which networks are
	already active, and set their active flags. Previously it has done
	this by assuming that all networks are inactive, then setting the
	active flag if the network has a bridge device associated with it and
	that bridge device exists. This is not useful for macvtap and hostdev
	based networks, since they do not use a bridge device.
	Of course the reason that such a check had to be done was that the
	presence of a status file in the network "stateDir" couldn't be
	trusted as an indicator of whether or not a network was active. This
	was due to the network driver mistakenly using
	/var/lib/libvirt/network to store the status files, rather than
	/var/run/libvirt/network (similar to what is done by every other
	libvirt driver that stores status xml for its objects). The difference
	is that /var/run is cleared out when the host reboots, so you can be
	assured that the state file you are seeing isn't just left over from a
	previous boot of the host.
	Now that the network driver has been switched to using
	/var/run/libvirt/network for status, we can also modify it to assume
	that any network with an existing status file is by definition active
	- we do this when reading the status file. To fine tune the results,
	networkFindActiveConfigs() is changed to networkUpdateAllState(),
	and only sets active = 0 if the conditions for particular network
	types are *not* met.
	The result is that during the first run of libvirtd after the host
	boots, there are no status files, so no networks are active. Any time
	libvirtd is restarted, any network with a status file will be marked
	as active (unless the network uses a bridge device and that device for
	some reason doesn't exist).

	network: change location of network state xml files
	For some reason these have been stored in /var/lib, although other
	drivers (e.g. qemu and lxc) store their state files in /var/run.
	It's much nicer to store state files in /var/run because it is
	automatically cleared out when the system reboots. We can then use
	existence of the state file as a convenient indicator of whether or
	not a particular network is active.
	Since changing the location of the state files by itself will cause
	problems in the case of a *live* upgrade from an older libvirt that
	uses /var/lib (because current status of active networks will be
	lost), the network driver initialization has been modified to migrate
	any network state files from /var/lib to /var/run.
	This will not help those trying to *downgrade*, but in practice this
	will only be problematic in two cases
	1) If there are networks with network-wide bandwidth limits configured
	   *and in use* by a guest during a downgrade to "old" libvirt. In this
	   case, the class ID's used for that network's tc rules, as well as
	   the currently in-use bandwidth "floor" will be forgotten.
	2) If someone does this: 1) upgrade libvirt, 2) downgrade libvirt, 3)
	   modify running state of network (e.g. add a static dhcp host, etc),
	   4) upgrade. In this case, the modifications to the running network
	   will be lost (but not any persistent changes to the network's
	   config).

	network: create statedir during driver initialization
	This directory should be created when the network driver is first
	started up, not just when a dhcp daemon is run. This hasn't posed a
	problem in the past, because the directory has always been
	pre-existing.

	network: fix virNetworkObjAssignDef and persistence
	Experimentation showed that if virNetworkCreateXML() was called for a
	network that was already defined, and then the network was
	subsequently shutdown, the network would continue to be persistent
	after the shutdown (expected/desired), but the original config would
	be lost in favor of the transient config sent in with
	virNetworkCreateXML() (which would then be the new persistent config)
	(obviously unexpected/not desired).
	To fix this, virNetworkObjAssignDef() has been changed to
	1) properly save/free network->def and network->newDef for all the
	various combinations of live/active/persistent, including some
	combinations that were previously considered to be an error but didn't
	need to be (e.g. setting a "live" config for a network that isn't yet
	active but soon will be - that was previously considered an error,
	even though in practice it can be very useful).
	2) automatically set the persistent flag whenever a new non-live
	config is assigned to the network (and clear it when the non-live
	config is set to NULL). the libvirt network driver no longer directly
	manipulates network->persistent, but instead relies entirely on
	virNetworkObjAssignDef() to do the right thing automatically.
	After this patch, the following sequence will behave as expected:
	virNetworkDefineXML(X)
	virNetworkCreateXML(X') (same name but some config different)
	virNetworkDestroy(X)
	At the end of these calls, the network config will remain as it was
	after the initial virNetworkDefine(), whereas previously it would take
	on the changes given during virNetworkCreateXML().
	Another effect of this tighter coupling between a) setting a !live def
	and b) setting/clearing the "persistent" flag, is that future patches
	which change the details of network lifecycle management
	(e.g. upcoming patches to fix detection of "active" networks when
	libvirtd is restarted) will find it much more difficult to break
	persistence functionality.

2014-04-27  Dwight Engen  <dwight.engen@oracle.com>

	build: -avoid-version on libvirt_driver_nwfilter
	This fixes the following make rpm warning:
	warning: Installed (but unpackaged) file(s) found:
	   /usr/lib64/libvirt/connection-driver/libvirt_driver_nwfilter.so.0
	   /usr/lib64/libvirt/connection-driver/libvirt_driver_nwfilter.so.0.0.0
	introduced in comit 8d559864

2014-04-26  Ian Campbell  <ian.campbell@citrix.com>

	libxl: Support PV consoles
	Currently the driver only exposes the ability to connect to the serial console
	of a Xen guest, which doesn't work for a PV guest. Since for an HVM guest the
	serial devices are duplicated as consoles it is sufficient to just use the
	console devices unconditionally.
	Tested with the following bit of config XML:
	<domain type='xen'>
	  ...
	  <devices>
	    <console type='pty'>
	      <target type='xen'/>
	    </console>
	  </devices>
	</domain>
	I have observed and tested this on ARM but I believe it also applies to x86 PV
	guests.
	Cc: Jim Fehlig <jfehlig@suse.com>
	Cc: Dario Faggioli <dario.faggioli@citrix.com>
	Cc: Clark Laughlin <clark.laughlin@linaro.org>

2014-04-26  Dwight Engen  <dwight.engen@oracle.com>

	build: add nwfilterxml2firewalldata to dist

2014-04-25  Daniel P. Berrange  <berrange@redhat.com>

	Conditionalize include of dlfcn.h in virmock.h
	dlfcn.h does not exist on Win32 so must only be used
	conditionally

	Add a test suite for nwfilter ebiptables tech driver
	Create a nwfilterxml2firewalltest to exercise the
	ebiptables_driver.applyNewRules method with a variety of
	different XML input files. The XML input files are taken
	from the libvirt-tck nwfilter tests. While the nwfilter
	tests verify the final state of the iptables chains, this
	test verifies the set of commands invoked to create the
	chains.

	Remove last trace of direct firewall command exection
	Remove all the left over code related to the direct invocation
	of firewall-cmd/iptables/ip6tables/ebtables. This is all handled
	by the virFirewallPtr APIs now.

	Convert ebiptablesDriverProbeStateMatch to virFirewall
	Conver the ebiptablesDriverProbeStateMatch initialization
	check to use the virFirewall APIs for querying iptables
	version.

	Convert nwfilter ebiptablesApplyNewRules to virFirewall
	Convert the nwfilter ebtablesApplyNewRules method to use the
	virFirewall object APIs instead of creating shell scripts
	using virBuffer APIs. This provides a performance improvement
	through allowing direct use of firewalld dbus APIs and will
	facilitate automated testing.

	Convert nwfilter ebtablesApplyDropAllRules to virFirewall
	Convert the nwfilter ebtablesApplyDropAllRules method to use the
	virFirewall object APIs instead of creating shell scripts
	using virBuffer APIs. This provides a performance improvement
	through allowing direct use of firewalld dbus APIs and will
	facilitate automated testing.

	Convert nwfilter ebtablesApplyDHCPOnlyRules to virFirewall
	Convert the nwfilter ebtablesApplyDHCPOnlyRules method to use the
	virFirewall object APIs instead of creating shell scripts
	using virBuffer APIs. This provides a performance improvement
	through allowing direct use of firewalld dbus APIs and will
	facilitate automated testing.

	Convert nwfilter ebtablesApplyBasicRules to virFirewall
	Convert the nwfilter ebtablesApplyBasicRules method to use the
	virFirewall object APIs instead of creating shell scripts
	using virBuffer APIs. This provides a performance improvement
	through allowing direct use of firewalld dbus APIs and will
	facilitate automated testing.

	Convert nwfilter ebiptablesTearNewRules to virFirewall
	Convert the nwfilter ebiptablesTearNewRules method to use the
	virFirewall object APIs instead of creating shell scripts
	using virBuffer APIs. This provides a performance improvement
	through allowing direct use of firewalld dbus APIs and will
	facilitate automated testing.

	Convert nwfilter ebtablesRemoveBasicRules to virFirewall
	Convert the nwfilter ebtablesRemoveBasicRules method to use the
	virFirewall object APIs instead of creating shell scripts
	using virBuffer APIs. This provides a performance improvement
	through allowing direct use of firewalld dbus APIs and will
	facilitate automated testing.

	Convert nwfilter ebiptablesTearOldRules to virFirewall
	Convert the nwfilter ebiptablesTearOldRules method to use the
	virFirewall object APIs instead of creating shell scripts
	using virBuffer APIs. This provides a performance improvement
	through allowing direct use of firewalld dbus APIs and will
	facilitate automated testing.

	Convert nwfilter ebiptablesAllTeardown to virFirewall
	Convert the nwfilter ebiptablesAllTeardown method to use the
	virFirewall object APIs instead of creating shell scripts
	using virBuffer APIs. This provides a performance improvement
	through allowing direct use of firewalld dbus APIs and will
	facilitate automated testing.

	Convert ebtables code over to use firewall APIs
	Convert the virebtables.{c,h} files to use the new virFirewall
	APIs for changing ebtables rules.

	Add test for converting network XML to iptables rules
	Using the virCommand dry run capability, capture iptables rules
	created by various network XML documents.

	Replace virNetworkObjPtr with virNetworkDefPtr in network platform APIs
	The networkCheckRouteCollision, networkAddFirewallRules and
	networkRemoveFirewallRules APIs all take a virNetworkObjPtr
	instance, but only ever access the 'def' member. It thus
	simplifies testing if the APIs are changed to just take a
	virNetworkDefPtr instead

	Convert bridge driver over to use new firewall APIs
	Update the iptablesXXXX methods so that instead of directly
	executing iptables commands, they populate rules in an
	instance of virFirewallPtr. The bridge driver can thus
	construct the ruleset and then invoke it in one operation
	having rollback handled automatically.

	Introduce an object for managing firewall rulesets
	The network and nwfilter drivers both have a need to update
	firewall rules. The currently share no code for interacting
	with iptables / firewalld. The nwfilter driver is fairly
	tied to the concept of creating shell scripts to execute
	which makes it very hard to port to talk to firewalld via
	DBus APIs.
	This patch introduces a virFirewallPtr object which is able
	to represent a complete sequence of rule changes, with the
	ability to have multiple transactional checkpoints with
	rollbacks. By formally separating the definition of the rules
	to be applied from the mechanism used to apply them, it is
	also possible to write a firewall engine that uses firewalld
	DBus APIs natively instead of via the slow firewalld-cmd.

	Preserve error when tearing down nwfilter rules
	When a VM fails to launch due to error creating nwfilter
	rules, we must avoid overwriting the original error when
	tearing down the partially created rules.

	Remove two-stage construction of commands in nwfilter
	The nwfilter ebiptables driver will build up commands to run in
	two phases. The first phase contains all of the command, except
	for the '-A' part. Instead it has a '%c' placeholder, along with
	a '%s' placeholder for a position arg. The second phase than
	substitutes these placeholders. The only values ever used for
	these substitutions though is '-A' and '', so it is entirely
	pointless. Remove the second phase entirely, since it will make
	it harder to convert to the new firewall APIs

	Merge nwfilter createRuleInstance driver into applyNewRules
	The current nwfilter tech driver API has a 'createRuleInstance' method
	which populates virNWFilterRuleInstPtr with a command line string
	containing variable placeholders. The 'applyNewRules' method then
	expands the variables and executes the commands. This split of
	responsibility won't work when switching to the virFirewallPtr
	APIs, since we can't just build up command line strings. This patch
	this merges the functionality of 'createRuleInstance' into the
	applyNewRules method.
	The virNWFilterRuleInstPtr struct is changed from holding an array
	of opaque pointers, into holding generic metadata about the rules
	to be processed. In essence this is the result of taking a linked
	set of virNWFilterDefPtr's and flattening the tree to get a list
	of virNWFilterRuleDefPtr's. At the same time we must keep track of
	any nested virNWFilterObjPtr instances, so that the locks are held
	for the duration of the 'applyNewRules' method.

	Push virNWFilterRuleInstPtr out of (eb|ip)tablesCreateRuleInstance
	Later refactoring will change use of the virNWFilterRuleInstPtr struct.
	Prepare for this by pushing use of the virNWFilterRuleInstPtr parameter
	out of the ebtablesCreateRuleInstance and iptablesCreateRuleInstance
	methods. Instead they simply string(s) with the constructed rule data.
	The ebiptablesCreateRuleInstance method will make use of the
	virNWFilterRuleInstPtr struct instead.

	Add helper methods for determining what protocol layer is used
	Add virNWFilterRuleIsProtocol{Ethernet,IPv4,IPv6} helper methods
	to avoid having to write a giant switch statements with many cases.

	Remove nwfilter tech driver 'displayRuleInstance' callback
	The 'displayRuleInstance' callback in the nwfilter tech driver
	is never invoked, so can be deleted.

	Remove nwfilter tech driver 'removeRules' callback
	The 'removeRules' callback in the nwfilter tech driver is never
	invoked, so can be deleted.

	Remove pointless storage of var names in virNWFilterHashTable
	The virNWFilterHashTable struct contains a virHashTable and
	then a 'char **names' field which keeps a copy of all the
	hash keys. Presumably this was intended to record the ordering
	of the hash keys. No code ever uses this and the ordering is
	mangled whenever a variable is removed from the hash, because
	the last element in the list is copied into the middle of the
	list when shrinking the array.

	Remove virDomainNetType parameter from nwfilter drivers
	The 'virDomainNetType' is unused in every impl of the
	virNWFilterRuleCreateInstance driver method. Remove it
	from the code to avoid the dependancy on the external
	enum.

	Move virNWFilterTechDriver struct out of nwfilter_conf.h
	The virNWFilterTechDriver struct is nothing to do with the nwfilter
	XML configuration. It stores data specific to the driver implementation
	so should be in a header in the driver directory instead.

	Fix leak on OOM in virNWFilterVarValueCreateSimpleCopyValue
	If virNWFilterVarValueCreateSimple fails with OOM, then
	'val' will be leaked by virNWFilterVarValueCreateSimpleCopyValue

2014-04-25  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid overflow when setting migration speed on inactive domains
	Commit c4206d7 fixed the overflow for running domains. However, we need
	a similar check when setting migration speed on inactive domains.
	At first look, it may seem the check in c4206d7 is now redundant but
	qemuDomainMigrateSetMaxSpeed is not the only caller of
	qemuMonitorSetMigrationSpeed so we need to check the bandwidth in both
	places.
	https://bugzilla.redhat.com/show_bug.cgi?id=1083483

2014-04-25  Daniel P. Berrange  <berrange@redhat.com>

	Use virFileFindResource to locate CPU map XML
	Replace use of cpuMapOverride with virFileFindResource
	to locate CPU map from build dir.

	Use virFileFindResource to locate driver plugins
	Replace virDriverModuleInitialize with virFileFindResource
	usage.

	Use virFileFindResource to locate lock manager plugins
	Replace virLockManagerSetPluginDir with virFileFindResource
	usage.

2014-04-25  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Use virFileFindResource to locate iohelper for fdstream
	Instead of hardcoding LIBEXECDIR as the location of the libvirt_iohelper
	binary, use virFileFindResource to optionally find it in the current
	build directory.

	Use virFileFindResource to locate parthelper for storage backend
	Instead of hardcoding LIBEXECDIR as the location of the libvirt_parthelper
	binary, use virFileFindResource to optionally find it in the current
	build directory.

	Use virFileFindResource to locate libvirt_lxc for capabilities
	Instead of hardcoding LIBEXECDIR as the location of the libvirt_lxc
	binary set in the LXC driver capabilities, use virFileFindResource
	to optionally find it in the current build directory.

	Use virFileFindResource to locate iohelper for virFileWrapperFdNew
	Instead of hardcoding LIBEXECDIR as the location of the libvirt_iohelper
	binary, use virFileFindResource to optionally find it in the current
	build directory.

2014-04-25  Daniel P. Berrange  <berrange@redhat.com>

	Activate build dir overrides in libvirtd, virtlockd, virsh & tests
	Add calls to virFileActivateDirOverride so that the build dir
	overrides are activated.

	Add helpers for resolving path to resources in build tree
	Add virFileFindResource which will try to locate files
	in the local build tree if the calling binary (eg libvirtd or
	test suite) is being run from the build tree. The corresponding
	virFileActivateDirOverride should be called at startup passing
	in argv[0]. This will be examined for evidence of libtool magic
	binary prefix / sub-directory in order to activate the override.

	Add test suite for viralloc APIs
	In debugging a crash on OOM, I thought that the virInsert APIs
	might be at fault, but couldn't isolate them as a cause. While
	the viralloc APIs are used in many test suites, this is as a
	side-effect, they are not directly tested :-)

2014-04-25  Jiri Denemark  <jdenemar@redhat.com>

	Add support for addressing backing stores by index
	Each backing store of a given disk is associated with a unique index
	(which is also formatted in domain XML) for easier addressing of any
	particular backing store. With this patch, any backing store can be
	addressed by its disk target and the index. For example, "vdc[4]"
	addresses the backing store with index equal to 4 of the disk identified
	by "vdc" target. Such shorthand can be used in any API in place for a
	backing file path:
	    virsh blockcommit domain vda --base vda[3] --top vda[2]

	virStorageFileChainLookup: Return virStorageSourcePtr
	Returning both virStorageSourcePtr and its path member does not make a
	lot of sense.

	qemuDomainBlockCommit: Track virStorageSourcePtr for base
	virStorageFileChainLookup is able to give use virStorageSourcePtr which
	contains the pointer to its canonical path. Let's use a more general
	virStorageSourcePtr instead of just canonical path.
	Former base_canon maps to baseSource->path.

	qemuDomainBlockCommit: Don't track top_canon path separately
	virStorageFileChainLookup is able to give use virStorageSourcePtr which
	contains the pointer to its canonical path. There's no need for the
	caller to store both of them.
	Former top_meta maps to topSource and top_canon maps to topSource->path.

2014-04-25  Eric Blake  <eblake@redhat.com>

	build: avoid 'index' as variable name
	Once again, gcc 4.4.7 (hello RHEL) rears its ugly head:
	conf/domain_conf.c: In function 'virDomainDiskBackingStoreFormat':
	conf/domain_conf.c:14940: error: declaration of 'index' shadows a global declaration [-Wshadow]
	/usr/include/string.h:489: error: shadowed declaration is here [-Wshadow]
	* src/conf/domain_conf.c (virDomainDiskBackingStoreFormat): Pacify
	older gcc.

2014-04-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: document nmdm type console
	* Add nmdm type device to domain format documnetation
	* Add a section about nmdm console usage to the bhyve driver
	  documentation

2014-04-24  Martin Kletzander  <mkletzan@redhat.com>

	qemu: don't check for backing chains for formats w/o snapshot support
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1019926
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=868673

2014-04-24  Jiri Denemark  <jdenemar@redhat.com>

	tests: Test backing store XML formatting and parsing

	tests: More output options for xml2xml tests
	So far, qemuxml2xml test was only able to check if the result matches
	the original or the appropriate XML in qemuxml2xmloutdata regardless on
	flags used to format the XML. Since the result can be different
	depending on VIR_DOMAIN_XML_INACTIVE flag being used or not, this patch
	adds support for qemuxml2xmlout-%s-active.xml and
	qemuxml2xmlout-%s-inactive.xml output files. If the file specific to the
	flag used exists, it is used in preference to the generic
	qemuxml2xmlout-%s.xml file when reading the expected output.

	conf: Format and parse backing chains in domain XML
	This patch implements formating and parsing code for the backing store
	schema defined and documented by the previous patch.
	This patch does not aim at providing full persistent storage of disk
	backing chains yet. The formatter is supposed to provide the backing
	chain detected when starting a domain and thus it is not formatted into
	an inactive domain XML. The parser is implemented mainly for the purpose
	of testing the XML generated by the formatter and thus it does not
	distinguish between no backingStore element and an empty backingStore
	element. This will have to change once we fully implement support for
	user-supplied backing chains.

	conf: Output disk backing store details in domain XML
	The XML for quite a longish backing chain is shown below:
	  <disk type='network' device='disk'>
	    <driver name='qemu' type='qcow2'/>
	    <source protocol='nbd' name='bar'>
	      <host transport='unix' socket='/var/run/nbdsock'/>
	    </source>
	    <backingStore type='block' index='1'>
	      <format type='qcow2'/>
	      <source dev='/dev/HostVG/QEMUGuest1'/>
	      <backingStore type='file' index='2'>
	        <format type='qcow2'/>
	        <source file='/tmp/image2.qcow'/>
	        <backingStore type='file' index='3'>
	          <format type='qcow2'/>
	          <source file='/tmp/image3.qcow'/>
	          <backingStore type='file' index='4'>
	            <format type='qcow2'/>
	            <source file='/tmp/image4.qcow'/>
	            <backingStore type='file' index='5'>
	              <format type='qcow2'/>
	              <source file='/tmp/image5.qcow'/>
	              <backingStore type='file' index='6'>
	                <format type='raw'/>
	                <source file='/tmp/Fedora-17-x86_64-Live-KDE.iso'/>
	                <backingStore/>
	              </backingStore>
	            </backingStore>
	          </backingStore>
	        </backingStore>
	      </backingStore>
	    </backingStore>
	    <target dev='vdb' bus='virtio'/>
	  </disk>
	Various disk types and formats can be mixed in one chain. The
	<backingStore/> empty element marks the end of the backing chain and it
	is there mostly for future support of parsing the chain provided by a
	user. If it's missing, we are supposed to probe for the rest of the
	chain ourselves, otherwise complete chain was provided by the user. The
	index attributes of backingStore elements can be used to unambiguously
	identify a specific part of the image chain.

2014-04-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix pci bus naming for PPC
	Recent discussions around naming of 'pci' vs 'pci.0' for PPC
	made me go back and look at the PPC emulator in every historical
	version of QEMU since 1.0. The results were worse than I imagined.
	This patch adds the logic required to make libvirt work with PPC
	correctly with naming variations across all versions & machine
	types.

2014-04-24  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Invert the way recursive metadata retrieval works
	To avoid having the root of a backing chain present twice in the list we
	need to invert the working of virStorageFileGetMetadataRecurse.
	Until now the recursive worker created a new backing chain element from
	the name and other information passed as arguments. This required us to
	pass the data of the parent in a deconstructed way and the worker
	created a new entry for the parent.
	This patch converts this function so that it just fills in metadata
	about the parent and creates a backing chain element from those. This
	removes the duplication of the first element.
	To avoid breaking the test suite, virstoragetest now calls a wrapper
	that creates the parent structure explicitly and pre-fills it with the
	test data with same function signature as previously used.

	util: virstoragefile: Don't mangle data stored about directories
	Don't remove detected metadata about directory based storage volumes.

	storage: Move disk->backingChain to the recursive disk->src.backingStore
	Switch over to storing of the backing chain as a recursive
	virStorageSource structure.
	This is a string based move. Currently the first element will be present
	twice in the backing chain as currently the retrieval function stores
	the parent in the newly detected chain. This will be fixed later.

	util: virstoragefile: Rename backingMeta to backingStore
	To conform with the naming of the planned XML output rename the metadata
	variable name.
	s/backingMeta/backingStore/g

	util: virstorage: Kill struct virStorageFileMetadata
	Remove the now unused pieces of the structure.

	maint: Switch over from struct virStorageFileMetadata to virStorageSource
	Replace the old structure with the new one. This change is a trivial
	name change operation (along with change of the freeing function).

	util: storagefile: Add fields from virStorageMetadata to virStorageSource
	Add the required fields that are missing from the new structure that
	will allow us to switch the storage file metadata code entirely to the
	new structure.
	Add "relPath" and "relDir" and the raw backing store name. Also allow
	creating linked lists of virStorageSourcePtrs to express backing chains.

	util: storagefile: Add function to free a virStorageSourcePtr
	Add a free function as some parts of the code will allocate the
	structure.

	virstoragefile: Kill "backingStore" field from virStorageFileMetadata
	Remove the obsolete field replaced by data in "path".
	The testsuite requires tweaking as the name of the backing file is now
	stored one layer deeper in the backing chain linked list.

	util: virstoragefile: Don't use "backingStore" directly
	As a temporary step to allow killing of the "backingStore" field of
	struct virStorageFileMetadata the recursive metadata retrieval function
	will be converted not to use the field in the lookup process.

	util: storagefile: Rename "canonPath" to "path" in virStorageFileMetadata
	As for the previous patch, this change is needed to achieve
	compatibility with all the existing code, where we expect a fully
	qualified path of local files to be present.

	util: storage: Rename "path" to "relPath" in virStorageFileMetadata
	To allow future change of virStorageFileMetadata to virStorageSource we
	need to store a full path in the "path" variable as rest of the code
	expects it to be a full path. Rename the "path" field to "relPath" to
	keep tracking the info but allowing a real "path" field.

	storage: util: Clean up arguments of virStorageFileGetMetadataInternal
	Avoid passing lot of arguments into guts of metadata retrieval to fill
	the actual structure. Temporarily fill the structure before passing it
	down to the actual metadata extractor.
	This will later help the inversion of the steps taken to extract the
	metadata so that this function can be fully converted to
	virStorageSource as the data struct.
	This patch also fixes regression when starting a gluster storage pool
	where the volumes don't have local representation so that the
	canonicalization of the volume's file name failed. Broken by commit
	79f11b35

	util: storage: Move checking of the actual backing image to the worker
	Move the code checking the presence of the backing file to the recursive
	worker function instead of the metadata parser. The recursive worker
	will later be changed to parse more than just local files and this
	change will help the separation.

	util: storage: Remove obsolete argument virStorageFileGetMetadataInternal
	As we already pass the whole structure down the call path there's no
	need to return some stuff in a separate argument. Remove the argument
	and tweak callers to avoid breaking semantics.
	virStorageFileGetMetadataFromBuf will be refactored later along with the
	storage driver.

	util: storagefile: Always store raw backing name in the metadata
	Don't use the backingStoreRaw as a indication of broken chains. Fill it
	always and tweak the broken image chain detector to avoid changing the
	semantics.
	The new semantics to detect a broken chain is the presence of string in
	backingStoreRaw but the lack of the backing chain metadata structure in
	the chain.
	Now that the raw backing store name is always filled there's no need to
	pass the raw name variable separately to fill in case the backing is not
	a file. Tweak the function so that it can handle a NULL in that case.

	qemu: unexport qemuDiskChainCheckBroken
	The function isn't used in any other source file. Move it so that it
	doesn't need a declaration.

2014-04-23  Ján Tomko  <jtomko@redhat.com>

	Document behavior of setvcpus during guest boot
	Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1088748
	The hotplugged vcpus could fail to show up in the guest if
	they were added during boot, see:
	https://bugzilla.redhat.com/show_bug.cgi?id=807508
	Also change arbitrary to arbitrarily.

	Save domain status after cpu hotplug
	The live change of vcpus was not reflected in the domain status
	xml and it got lost during libvirtd restart.
	https://bugzilla.redhat.com/show_bug.cgi?id=1088703

2014-04-23  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: bhyveDomainDefineXML fixes
	- do not lose new definition for an active domain
	- do not leak oldDef
	- do not set dom->id if virDomainSaveConfig() fails
	- do not call virObjectUnlock(vm) if vm is NULL

2014-04-23  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	PPC64 prefers to set pci-ohci controller as default USB controller. Currently, libvirt is using legacy USB controller as default. There are problems with VGA which can't work correctly with USB Keyboard and USB Mouse.
	While providing -nodefaults, ppc64 should be specifying the usb
	controller explicitly in place of using the legacy
	controller(-usb). Qemu spapr initialization code when sees "-usb" adds a
	USB Keyboard and USB Mouse by default. And libvirt has added a USB
	keyboard and USB mouse.
	A recent fix in the in qemu VGA code uncoverd this problem, which
	resulted in addition of extra keyboard and mouse to the qemu machine.
	This patch is to set pci-ohci as USB default controller.

2014-04-22  Ján Tomko  <jtomko@redhat.com>

	Fix error for out of range vcpu in qemuDomainPinVcpuFlags
	Changes:
	error: invalid argument: vcpu number out of range 2 > 2
	to slightly less confusing:
	error: invalid argument: vcpu number out of range 2 > 1

	Make virDomainVcpuPinDel return void
	Before, it only returned -1 on failure to shrink the array.
	Since the switch to VIR_DELETE_ELEMENT in commit 2133441,
	it returns either 0 or 0.

	Properly free vcpupin info for unplugged CPUs
	Remove the pointer from def->cputune.vcpupin after unplugging
	the CPU and also free the bitmap contained in the structure
	by calling virDomainVcpuPinDel instead of VIR_FREE.
	Introduced by commit 0df1a79.
	This makes virDomainLookupVcpuPin redundant.
	https://bugzilla.redhat.com/show_bug.cgi?id=1088165

2014-04-22  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix typos in src/*
	Fix minor typos in source comments

2014-04-22  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Among other patches, Natanael Copa contributed a fix for
	pyshmem_available when using musl libc that directly affects
	libvirt.
	* .gnulib: Update to latest, in part for musl libc compat.

2014-04-20  Wojciech Macek  <wma@semihalf.com>

	bhyve: domainCreateXML
	Implement bhyveDomainCreateXML function.

2014-04-18  Laine Stump  <laine@laine.org>

	docs: document that vfio is default for hostdev networks too
	When the default was changed from kvm to vfio, the documentation for
	hostdev and interface was changed, but the documentation in <network>
	was forgotten.
	Also document when the default was changed from "always kvm" to "vfio
	if available, else kvm" (1.0.5).

2014-04-18  Ján Tomko  <jtomko@redhat.com>

	Remove QEMU_CAPS_MACHINE_USB_OPT from ComputeCmdFlags
	The version check is for >=1.3.0, but ComputeCmdFlags
	is only called for QEMU <1.2.0.

	Only set QEMU_CAPS_NO_HPET on x86
	QEMU only supports it on x86, but we've been assuming it for
	all QEMUs when doing QMP capability detection.
	https://bugzilla.redhat.com/show_bug.cgi?id=1066145

2014-04-18  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix Memory Leak in virStorageFileGetMetadataRecurse()
	While running virstoragetest, valgrind pointed out the following
	memory leak:
	==8142== 2 bytes in 1 blocks are definitely lost in loss record 1 of 92
	==8142==    at 0x4A069EE: malloc (vg_replace_malloc.c:270)
	==8142==    by 0x4E7B53E: mdir_name (dirname-lgpl.c:78)
	==8142==    by 0x4CBE2B0: virStorageFileGetMetadataInternal (virstoragefile.c:595)
	==8142==    by 0x4CBE651: virStorageFileGetMetadataFromFDInternal (virstoragefile.c:1086)
	==8142==    by 0x4CBEEB4: virStorageFileGetMetadataRecurse (virstoragefile.c:1175)
	==8142==    by 0x4CBF1DE: virStorageFileGetMetadata (virstoragefile.c:1270)
	==8142==    by 0x4028AD: testStorageChain (virstoragetest.c:275)
	==8142==    by 0x407B91: virtTestRun (testutils.c:201)
	==8142==    by 0x4039D7: mymain (virstoragetest.c:534)
	==8142==    by 0x40830D: virtTestMain (testutils.c:789)
	==8142==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	...62 times

2014-04-17  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	qemu: Unlock the NWFilter update lock by leaving via the cleanup label
	Fix a locking problem by leaving the function via the cleanup label.

2014-04-16  John Ferlan  <jferlan@redhat.com>

	storage: netfs: Handle backend errors
	Commit id '18642d10' caused a virt-test regression for NFS backend
	storage error path checks when running the command:
	    'virsh find-storage-pool-sources-as netfs Unknown  '
	when the host did not have Gluster installed. Prior to the commit,
	the test would fail with the error:
	    error: internal error: Child process (/usr/sbin/showmount --no-headers
	    --exports Unknown) unexpected exit status 1: clnt_create: RPC: Unknown host
	After the commit, the error would be ignored, the call would succeed,
	and an empty list of pool sources returned. This was tucked into the
	commit message as an expected outcome.
	When the target host does not have a GLUSTER_CLI this is a regression
	over the previous release. Furthermore, even if Gluster CLI was present,
	but had a failure to get devices, the API would return a failure even if
	the NFS backend had found devices.
	Modify the logic to return failure when the NFS backend check fails and
	there's no GLUSTER_CLI or when both backend checks fail.
	If either returns success and GLUSTER_CLI is defined, then fetch and return
	a list of source devices even if it's empty

2014-04-16  Eric Blake  <eblake@redhat.com>

	conf: fix omission of <driver> in domain dumpxml
	I noticed that depending on the <driver> attributes the user passed
	in, the output may omit the <driver> element altogether.  For example,
	the rerror_policy has had this problem since commit 4bb4109 in Oct
	2011.  But in adding testsuite coverage to expose it, I found another
	problem: the C code is just fine without a driver name, but the
	XML validator required either a name or a cache mode.
	* src/conf/domain_conf.c (virDomainDiskDefFormat): Update
	conditional.
	* docs/schemas/domaincommon.rng (diskDriver): Simplify.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-copy-on-read.xml:
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-copy-on-read.args:
	New files.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-discard.xml:
	Enhance test.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-discard.xml:
	Likewise.
	* tests/qemuxml2argvtest.c (mymain): New test.
	* tests/qemuxml2xmltest.c (mymain): Likewise.

	conf: split <disk> schema into more pieces
	To make <disk> schema more maintainable and to allow for moving the
	pieces to a common file in the future. It relies on the ability to
	override definitions as part of an include, set up in the previous
	patch.
	The diff is a bit hard to read, because it mixes reindentation
	with refactoring; 'git diff -b --patience' may help.
	* docs/schemas/domaincommon.rng (disk): Refactor into pieces.
	(diskSource, diskSourceFile, diskSourceBlock, diskSourceDir)
	(diskSourceVolume: New defines.
	(diskSourceNetwork): Revise scope.
	* docs/schemas/domainsnapshot.rng (disksnapshot): Adjust.
	* tests/domainsnapshotxml2xmlin/disk-seclabel-invalid.xml,
	tests/domainsnapshotxml2xmlin/disk-network-seclabel-invalid.xml: New
	tests to check seclabel is forbidden in domain snapshot by schema.

	conf: set up for per-grammar overrides in schemas
	This patch is my first experience playing with nested grammars,
	as documented in http://relaxng.org/tutorial-20011203.html#IDA3PZR.
	I plan on doing more overrides in order to make the RelaxNG
	grammar mirror the C code refactoring into a common
	virStorageSource, but where different clients of that source do
	not support the same subset of functionality.  By starting with
	something fairly easy to validate, I can make sure my later
	patches will be possible.
	This patch adds a use of the no-op <ref
	name='sourceStartupPolicy'/> to the disksnapshot definition, so
	that the snapshot version of a type='file' <source> more closely
	resembles the version in domaincommon.  A future patch will merge
	the two files into using a common define, but this patch is
	sufficient for testing that adding <source
	startupPolicy='optional'/> in any of the
	tests/domainsnapshotxml2xmlin/*.xml files still gets rejected
	unless it occurs within the <domain> subelement, because the
	definition of startupPolicy is empty outside of domain.rng.
	* docs/schemas/storagecommon.rng (storageStartupPolicy)
	(storageSourceExtra): Create no-op defaults.
	* docs/schemas/domainsnapshot.rng (domain): Use nested grammar
	to avoid restricting <domain>.
	(storageSourceExtra): Create new override.
	(disksnapshot): Access overrides through common names.
	* docs/schemas/domaincommon.rng (disk): Access overrides through
	common names.
	* docs/schemas/domain.rng (storageStartupPolicy)
	(storageSourceExtra): Create new overrides.

2014-04-15  Eric Blake  <eblake@redhat.com>

	conf: restrict external snapshots to backing store formats
	Domain snapshots should only permit an external snapshot into
	a storage format that permits a backing chain, since the new
	snapshot file necessarily must be backed by the existing file.
	The C code for the qemu driver is a little bit stricter in
	currently enforcing only qcow2 or qed, but at the XML parser
	level, including virt-xml-validate, it is fairly easy to
	enforce that a user can't request a 'raw' external snapshot.
	* docs/schemas/storagecommon.rng (storageFormat): Split out...
	(storageFormatBacking): ...new sublist.
	* docs/schemas/domainsnapshot.rng (disksnapshotdriver): Use new
	type.
	* src/util/virstoragefile.h (virStorageFileFormat): Rearrange for
	easier code management.
	* src/util/virstoragefile.c (virStorageFileFormat, fileTypeInfo):
	Likewise.
	* src/conf/snapshot_conf.c (virDomainSnapshotDiskDefParseXML): Use
	new marker to limit selection of formats.

	conf: move storage formats to common RNG file
	We had incomplete RelaxNG support for storage formats listed
	in virstoragefile.h: commit 027bf2e added 'vdi' but forgot
	to update the <volume> and <domain> xml lists; the <volume>
	list was also missing 'fat' and 'vhd'.  Maintaining two lists
	is a recipe for them getting out of sync, so make the list
	common so that both contexts benefit the next time we add a
	format in a single location.
	* docs/schemas/domaincommon.rng (storageFormat): Move...
	* docs/schemas/storagecommon.rng: ...here, and add vdi.
	* docs/schemas/storagevol.rng (formatfile): Use common list.

	conf: better <disk> interleaving in schema
	In general, we try to make virt-xml-validate tolerant of input
	elements in any order when possible.  However, as written, the
	RNG grammar did not permit <source> unless there was an explicit
	type= attribute (even though the C code manages just fine by
	defaulting to type='file').  After making the attribute optional
	on the 'file' branch, I noticed that the use of diskspec was now
	redundant with the branch when no <source> was supplied.
	View this patch with 'git diff -b' for a better picture of the
	schema change.
	* docs/schemas/domaincommon.rng (disk): Hoist 'diskspec' out of
	choice, make type='file' default, and still preserve interleave.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-source-pool.xml:
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-discard.xml:
	New files.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml:
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-discard.xml:
	Reorder XML.
	* tests/qemuxml2xmltest.c (mymain): Cover new files.

2014-04-15  Ján Tomko  <jtomko@redhat.com>

	Fix virsystemdtest without SYSTEMD_DAEMON
	Commit 4897698 fixed the build without dbus by only building
	the virSystemdPMSupportTarget with SYSTEMD_DAEMON.
	Introduce a virDBusMessageUnref wrapper for dbus_message_unref
	to let virsystemd.c build without dbus, while still allowing
	virsystemdtest to run without SYSTEM_DAEMON.

2014-04-15  Martin Kletzander  <mkletzan@redhat.com>

	build: Don't use code with dbus_message_unref when built without dbus
	In order to do that, virNodeSuspendSupportsTargetPMUtils() and
	virSystemdPMSupportTarget() are created even when pm-utils and dbus
	are compiled out, respectively, but in that case returning -2 meaning
	"unavailable" (this return code was already used for unavailability
	before).  Error is reported in virNodeSuspendSupportsTarget() only if
	both functions returned -2, otherwise the error (or success) is properly
	propagated up the stack.

2014-04-14  Eric Blake  <eblake@redhat.com>

	conf: create common storage RNG grammar file
	Having two tiny files with a couple definitions didn't make
	as much sense as one common file, especially since I plan to
	add more definitions and use it in more places.
	* docs/schemas/storageencryption.rng: Merge this...
	* docs/schemas/storagefilefeatures.rng: ...and this, into...
	* docs/schemas/storagecommon.rng: ...this new file.
	* docs/schemas/Makefile.am (schema_DATA): Reflect renames.
	* docs/schemas/storagevol.rng: Likewise.
	* docs/schemas/domaincommon.rng: Likewise.
	* libvirt.spec.in: Likewise.
	* mingw-libvirt.spec.in: Likewise.

2014-04-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid overflow when setting migration speed
	When passing migration bandwidth to QEMU, we multiply it by 1024 * 1024
	to convert the speed to B/s and the result still needs to fit in
	int64_t.
	https://bugzilla.redhat.com/show_bug.cgi?id=1083483

2014-04-12  Eric Blake  <eblake@redhat.com>

	conf: delete internal directory field
	Another field no longer needed, getting us one step closer to
	merging virStorageFileMetadata and virStorageSource.
	* src/util/virstoragefile.h (_virStorageFileMetadata): Drop
	field.
	* src/util/virstoragefile.c (virStorageFileGetMetadataInternal)
	(virStorageFileGetMetadataFromFDInternal): Alter signature.
	(virStorageFileFreeMetadata, virStorageFileGetMetadataFromBuf)
	(virStorageFileGetMetadataFromFD): Adjust clients.
	* tests/virstoragetest.c (_testFileData, testStorageChain)
	(mymain): Simplify test.

	conf: tweak chain lookup internals
	Thanks to the testsuite, I feel quite confident that this rewrite
	is correct; it gives the same results for all cases except for one.
	I can make the argument that _that_ case was a pre-existing bug:
	when looking up relative names, the lookup is supposed to be
	pegged to the directory that contains the parent qcow2 file.  Thus,
	this resolves the fixme first mentioned in commit 367cd69 (even
	though I accidentally removed the fixme comment early in 74430fe).
	* src/util/virstoragefile.c (virStorageFileChainLookup): Depend on
	new rather than old fields.
	* tests/virstoragetest.c (mymain): Adjust test to match fix.

	conf: drop redundant parameter to chain lookup
	The original chain lookup code had to pass in the starting name,
	because it was not available in the chain.  But now that we have
	added fields to the struct, this parameter is redundant.
	* src/util/virstoragefile.h (virStorageFileChainLookup): Alter
	signature.
	* src/util/virstoragefile.c (virStorageFileChainLookup): Adjust
	handling of top of chain.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Adjust caller.
	* tests/virstoragetest.c (testStorageLookup, mymain): Likewise.

	conf: report error on chain lookup failure
	The chain lookup function was inconsistent on whether it left
	a message in the log when looking up a name that is not found
	on the chain (leaving a message for OOM or if name was
	relative but not part of the chain), and could litter the log
	even when successful (when name was relative but deep in the
	chain, use of virFindBackingFile early in the chain would complain
	about a file not found).  It's easier to make the function
	consistently emit a message exactly once on failure, and to let
	all callers rely on the clean semantics.
	* src/util/virstoragefile.c (virStorageFileChainLookup): Always
	report error on failure.  Simplify relative lookups.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Avoid
	overwriting error.

	util: new virFileRelLinkPointsTo function
	When checking if two filenames point to the same inode (whether
	by hardlink or symlink), sometimes one of the names might be
	relative.  This convenience function makes it easier to check.
	* src/util/virfile.h (virFileRelLinkPointsTo): New prototype.
	* src/util/virfile.c (virFileRelLinkPointsTo): New function.
	* src/libvirt_private.syms (virfile.h): Export it.
	* src/xen/xm_internal.c (xenXMDomainGetAutostart): Use it.

	conf: test backing chain lookup
	I realized that we had no good test coverage of looking up a
	name from within a backing chain, even though code like
	block-commit is relying on it.
	* tests/virstoragetest.c (testStorageLookup): New function.
	(mymain): New tests.

2014-04-12  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Introduce --without-pm-utils to get rid of pm-is-supported dependency
	This uses the dbus api of systemd to check the power management
	capabilities of the node.

2014-04-12  Eric Blake  <eblake@redhat.com>

	tests: drop dead code from argv2xml and xml2xml
	Noticed while tweaking the RelaxNG grammar for <disk> elements.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-numad-static-vcpu-no-numatune.xml:
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-cdrom-empty.xml:
	Drop unused files.
	* tests/qemuargv2xmltest.c (testInfo, DO_TEST_FULL): Drop unused
	field.

2014-04-12  Wojciech Macek  <wma@semihalf.com>

	bhyve: fix domain management
	When domain is not persistent, it should be forgotten upon destroying.

2014-04-11  Eric Blake  <eblake@redhat.com>

	conf: delete useless backingStoreFormat field
	Drop another redundant field from virStorageFileMetadata.
	* src/util/virstoragefile.h (_virStorageFileMetadata): Drop
	field.
	* src/util/virstoragefile.c
	(virStorageFileGetMetadataFromFDInternal)
	(virStorageFileGetMetadataFromFD)
	(virStorageFileGetMetadataRecurse): Adjust callers.
	* tests/virstoragetest.c (_testFileData, testStorageChain)
	(mymain): Simplify test.

	conf: return backing information separately from metadata
	A couple pieces of virStorageFileMetadata are used only while
	collecting information about the chain, and don't need to
	live permanently in the struct.  This patch refactors external
	callers to collect the information separately, so that the
	next patch can remove the fields.
	* src/util/virstoragefile.h (virStorageFileGetMetadataFromBuf):
	Alter signature.
	* src/util/virstoragefile.c (virStorageFileGetMetadataInternal):
	Likewise.
	(virStorageFileGetMetadataFromFDInternal): Adjust callers.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Likewise.

	conf: delete useless backingStoreIsFile field
	Finally starting to prune away some of the old fields that have
	been made redundant by the new fields, on my way towards directly
	reusing virStorageSource.
	* src/util/virstoragefile.h (_virStorageFileMetadata): Drop
	field.
	* src/util/virstoragefile.c (virStorageFileGetMetadataInternal)
	(virStorageFileChainLookup): Adjust callers.
	* tests/virstoragetest.c (_testFileData, testStorageChain)
	(mymain): Simplify test.

	conf: expose probe for non-local storage
	Deciding if a user string represents a local file instead of a
	network path is an operation worth exposing directly, particularly
	since the next patch will be removing a redundant variable that
	was caching the information.
	* src/util/virstoragefile.h (virStorageIsFile): New declaration.
	* src/util/virstoragefile.c (virBackingStoreIsFile): Rename...
	(virStorageIsFile): ...export, and allow NULL input.
	(virStorageFileGetMetadataInternal)
	(virStorageFileGetMetadataRecurse, virStorageFileGetMetadata):
	Update callers.
	* src/conf/domain_conf.c (virDomainDiskDefForeachPath): Use it.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.
	* src/libvirt_private.syms (virstoragefile.h): Export function.

	conf: provide details on network backing store
	So far, my work has been merely preserving the status quo of
	backing file analysis.  But this patch starts to tread in the
	territory of making the backing chain code more powerful - we
	will eventually support network storage containing non-raw
	formats.  Here, we expose metadata information about a network
	backing store, even if that information is still hardcoded to
	a raw format for now.
	* src/util/virstoragefile.c (virStorageFileGetMetadataRecurse):
	Also populate struct for non-file backing.
	(virStorageFileGetMetadata, virStorageFileGetMetadatainternal):
	Recognize non-file top image.
	(virFindBackingFile): Add comment.
	(virStorageFileChainGetBroken): Adjust comment, ensure output
	is set.
	* tests/virstoragetest.c (mymain): Update test to reflect it.

	conf: make virstoragetest debug easier
	I'm tired of alternating between test failures due to bugs in
	my refactoring work, vs. test failures due to leftovers in
	the file system from the previous test.  This patch has no
	impact when the testsuite is successful, but doeesn't hurt either.
	* tests/virstoragetest.c (testPrepImages): Clean up from prior
	failed test.

2014-04-11  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Properly check input parameters
	Most of the APIs in CPU driver do not expect to get NULL for input
	parameters. Let's mark them with ATTRIBUTE_NONNULL and also check for
	some members of virCPUDef when the APIs expect them have some specific
	values.

	cpu: Add documentation for CPU driver APIs

	tests: Fix systemd test with --without-driver-modules
	Every test that makes use of virmock.h (only virsystemdtest as of now)
	needs to be linked with -export-dynamic to make sure the LD_PRELOADed
	mock library can access its wrap_* symbols. Normally,
	DRIVER_MODULE_LDFLAGS variable contains -export-dynamic but when
	--without-driver-modules configure option is used, DRIVER_MODULE_LDFLAGS
	is empty.
	This patch turns on -export-dynamic for all tests unconditionally
	regardless on --without-driver-modules. This fixes virsystemdtest and
	all future users of virmock.h.

2014-04-09  Ján Tomko  <jtomko@redhat.com>

	Fix build on mingw32
	My commit 897808e added a parameter to virCgroupGetPercpuStats,
	but didn't change the stub for systems where cgroups are not supported.

2014-04-09  Li Yang  <liyang.fnst@cn.fujitsu.com>

	virsh: Fix comment of vshCmdInfo
	The original comment of vshCmdInfo:
	"name" - command name
	Actually it's 'help' and the short description
	of command, not the command name.

2014-04-09  Ján Tomko  <jtomko@redhat.com>

	Clean up virCgroupGetPercpuStats
	The iterator is checked for being less than or equal to need_cpus.
	The 'n' variable is incremented need_cpus + 1 times.
	Simplify the computation of need_cpus and make its value one larger,
	to let it be used instead of 'n' and compared without the equal sign
	in loop conditions.
	Just index the sum_cpu_time array instead of using a helper variable.
	Start the loop at start_cpu instead of continuing for all lower values.

	Check maximum startcpu value correctly
	The cpus are indexed from 0, so a startcpu value equal
	to the number of CPUs is invalid.
	https://bugzilla.redhat.com/show_bug.cgi?id=1070680

	Rename id, max_id to need_cpus, total_cpus
	total_cpus is the total number of CPUs on the host
	need_cpus is the number of CPUs we need to look at
	(need_cpus can be larger than ncpus, because we need to look
	 at CPUs before the startcpu too, even if we aren't reporting
	 their stats)

	Extend virCgroupGetPercpuStats to fill in vcputime too
	Currently, virCgroupGetPercpuStats is only used by the LXC driver,
	filling out the CPUTIME stats. qemuDomainGetPercpuStats does this
	and also filles out VCPUTIME stats.
	Extend virCgroupGetPercpuStats to also report VCPUTIME stats if
	nvcpupids is non-zero. In the LXC driver, we don't have cpupids.
	In the QEMU driver, there is at least one cpupid for a running domain,
	so the behavior shouldn't change for QEMU either.
	Also rename getSumVcpuPercpuStats to virCgroupGetPercpuVcpuSum.

	Fix return value of virCgroupGetPercpuStats
	We need to return the number of successfully populated stats,
	not the nparams supplied by the user.

	Don't require domain obj in qemuDomainGetPercpuStats
	All we need is the virCgroupPtr and number of vcpupids.
	This will allow the function to be moved to util/vircgroup.c.

2014-04-09  Eric Blake  <eblake@redhat.com>

	conf: test for more fields
	Validate that all the new fields are getting set to desired values.
	* tests/virstoragetest.c (_testFileData, testStorageChain): Check
	for more fields.
	(mymain): Populate additional fields.

	conf: start testing contents of the new backing chain fields
	The testsuite is absolutely essential to feeling comfortable
	about swapping the backing chain structure over to a new format.
	This patch tests the path settings, and demonstrates that the
	correct short name is being passed to the child.
	* tests/virstoragetest.c (testStorageChain): Test path.
	(mymain): Update expected data.

	conf: track more fields in backing chain metadata
	The current use of virStorageFileMetadata is awkward; to learn
	some of the information about a child node, you have to read
	fields in the parent node.  This does not lend itself well to
	modifying backing chains (whether inserting a new node in the
	chain, or consolidating existing nodes); better would be to
	learn about a child node directly in that node.  This patch
	sets up some new fields which contain redundant information,
	although not necessarily in the final desired state for the
	new fields (see the next patch for actual tests of what is there
	now).  Then later patches will do any refactoring necessary to
	get the fields to their desired states, and update clients to
	get the information from the new fields, so we can finally
	delete the fields that are tracking information about the wrong
	node.
	More concretely, compare these three example backing chains:
	good <- one
	missing <- two
	gluster://server/vol/img <- three
	Pre-patch, querying the chains gives:
	{ .backingStore = "/path/to/good",
	  .backingStoreRaw = "good",
	  .backingStoreIsFile = true,
	  .backingStoreFormat = VIR_STORAGE_FILE_RAW,
	  .backingMeta = {
	    .backingStore = NULL,
	    .backingStoreRaw = NULL,
	    .backingStoreIsFile = false,
	    .backingMeta = NULL,
	  }
	}
	{ .backingStore = NULL,
	  .backingStoreRaw = "missing",
	  .backingStoreIsFile = false,
	  .backingStoreFormat = VIR_STORAGE_FILE_NONE,
	  .backingMeta = NULL,
	}
	{ .backingStore = "gluster://server/vol/img",
	  .backingStoreRaw = NULL,
	  .backingStoreIsFile = false,
	  .backingStoreFormat = VIR_STORAGE_FILE_RAW,
	  .backingMeta = NULL,
	}
	Deciding whether to ignore a missing backing file (as in virsh
	vol-dumpxml) or report an error (as in security manager sVirt
	labeling) requires reading multiple fields.  Plus, the format
	is hard-coded to treat all network protocols as end-of-the-chain,
	as if they were raw.  By the end of this patch series, the goal
	is to instead represent these three situations as:
	{ .path = "one",
	  .canonPath = "/path/to/one",
	  .type = VIR_STORAGE_TYPE_FILE,
	  .format = VIR_STORAGE_FILE_QCOW2,
	  .backingStoreRaw = "good",
	  .backingMeta = {
	    .path = "good",
	    .canonPath = "/path/to/good",
	    .type = VIR_STORAGE_TYPE_FILE,
	    .format = VIR_STORAGE_FILE_RAW,
	    .backingStoreRaw = NULL,
	    .backingMeta = NULL,
	  }
	}
	{ .path = "two",
	  .canonPath = "/path/to/two",
	  .type = VIR_STORAGE_TYPE_FILE,
	  .format = VIR_STORAGE_FILE_QCOW2,
	  .backingStoreRaw = "missing",
	  .backingMeta = NULL,
	}
	{ .path = "three",
	  .canonPath = "/path/to/three",
	  .type = VIR_STORAGE_TYPE_FILE,
	  .format = VIR_STORAGE_FILE_QCOW2,
	  .backingStoreRaw = "gluster://server/vol/img",
	  .backingMeta = {
	    .path = "gluster://server/vol/img",
	    .canonPath = "gluster://server/vol/img",
	    .type = VIR_STORAGE_TYPE_NETWORK,
	    .format = VIR_STORAGE_FILE_RAW,
	    .backingStoreRaw = NULL,
	    .backingMeta = NULL,
	  }
	}
	or, for the second file, maybe also allowing:
	{ .path = "two",
	  .canonPath = "/path/to/two",
	  .type = VIR_STORAGE_TYPE_FILE,
	  .format = VIR_STORAGE_FILE_QCOW2,
	  .backingStoreRaw = "missing",
	  .backingMeta = {
	    .path = "missing",
	    .canonPath = NULL,
	    .type = VIR_STORAGE_TYPE_NONE,
	    .format = VIR_STORAGE_FILE_NONE,
	    .backingStoreRaw = NULL,
	    .backingMeta = NULL,
	  }
	}
	* src/util/virstoragefile.h (_virStorageFileMetadata): Add
	path, canonPath, relDir, type, and format fields.  Reorder
	existing fields, and add lots of comments.
	* src/util/virstoragefile.c (virStorageFileFreeMetadata): Clean
	new fields.
	(virStorageFileGetMetadataInternal)
	(virStorageFileGetMetadataFromFDInternal): Start populating new
	fields.

	conf: rename some test fields
	A later patch will be adding some new fields to
	virStorageFileMetadata; to minimize confusion, renaming the
	test fields now will make it more obvious which fields are
	being tested later.
	* tests/virstoragetest.c (_testFileData): Alter names.
	(testStorageChain, mymain): Adjust clients.

	conf: earlier allocation during backing chain crawl
	Right now, we are allocating virStorageFileMetadata near the bottom
	of the callchain, only after we have identified that we are visiting
	a file (and not a network resource).  I'm hoping to eventually
	support parsing the backing chain from XML, where the backing chain
	crawl then validates what was parsed rather than allocating a fresh
	structure.  Likewise, I'm working towards a setup where we have a
	backing element even for networks.  Both of these use cases are
	easier to code if the allocation is hoisted earlier.
	* src/util/virstoragefile.c (virStorageFileGetMetadataInternal)
	(virStorageFileGetMetadataFromFDInternal): Change signature.
	(virStorageFileGetMetadataFromBuf)
	(virStorageFileGetMetadataRecurse, virStorageFileGetMetadata):
	Update callers.

	conf: track user vs. canonical name through full chain lookup
	The previous patch started a separation of error messages
	reported against the user-specified name, vs. tracking the
	canonical path that was actually opened.  This patch extends
	that notion, by hoisting directory detection up front, passing
	the canonical path through the entire call chain, and
	simplifying lower-level functions that can now assume that
	a canonical path and directory have been supplied.
	* src/util/virstoragefile.c
	(virStorageFileGetMetadataFromFDInternal)
	(virStorageFileGetMetadataInternal): Add parameter, require
	directory.
	(virFindBackingFile): Require directory.
	(virStorageFileGetMetadataFromFD): Pass canonical path.
	(virStorageFileGetMetadataFromBuf): Likewise.
	(virStorageFileGetMetadata): Determine initial directory.

2014-04-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Unexport qemuBuildNetworkDriveURI()
	The function isn't used in any other file. Convert it to static.

	qemu: Refactor qemuGetDriveSourceString to take virStorageSourcePtr
	Refactor the function to avoid multiple wrappers splitting identical
	fields from the now common metadata struct.
	The refactor is done by folding in the wrapper used for disk sources
	which allows us to lookup secrets via the secret driver. This may allow
	using stored secrets for snapshot disk images too in the future.

	storage: Refactor location of metadata for storage drive access to files
	Now that we store all metadata about a storage image in a
	virStorageSource struct let's use it also to store information needed by
	the storage driver to access and do operations on the files.

	storage: Refactor storage file initialization to use virStorageSourcePtr
	Now that storage source metadata is stored in a single struct we don't
	need two initialization functions for different structs.

	conf: Refactor helpers to retrieve actual storage type
	Now that the storage source definition is uniform convert the helpers to
	retrieve the actual storage type to a single one.

2014-04-09  John Ferlan  <jferlan@redhat.com>

	storage: Don't update pool available/allocation if buildVol fails
	https://bugzilla.redhat.com/show_bug.cgi?id=1024159
	If adding a volume to a storage pool fails during the CreateXML or
	CreateXMLFrom API's, we don't want to adjust the available and
	allocation values for the storage pool during storageVolDelete
	since we haven't adjusted the values for the create.
	Refactor storageVolDelete() a bit to create a storageVolDeleteInternal()
	which will handle the primary deletion activities.  Add a parameter
	updateMeta which will signify whether to update the values or not.
	Adjust the calls from CreateXML and CreateXMLFrom to directly call the
	DeleteInternal with the pool lock held.  This does bypass the call
	to virStorageVolDeleteEnsureACL().

2014-04-09  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	build: avoid compiler warning on shadowed name
	Introduced in commit d1e55de3.
	virstoragetest.c: In function ‘testStorageChain’:
	virstoragetest.c:249:10: warning: declaration of ‘abs’ shadows a global
	declaration [-Wshadow]

2014-04-09  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	tests: use virBhyveCapsBuild in bhyvexml2argv test
	As we can use virBhyveCapsBuild() now, replace
	testBhyveBuildCapabilities() with it.

2014-04-09  Eric Blake  <eblake@redhat.com>

	conf: another refactor of virstoragetest
	Another reduction in the number of structs I have to modify
	when I start tracking new fields in virStorageFileMetadata.
	* tests/virstoragetest.c (_testFileData): Add fields.
	(testStorageChain): Select between fields based on flag.
	(mymain): Record both absolute and relative expectations in one
	struct.

	conf: interleave virstoragetest structs
	As I add more tests, it's getting harder to follow the split between
	a struct in one place and a test using the struct in another.
	Interleaving the tests makes changes more localized, and also makes
	debugging easier when a test goes wrong during my refactoring work.
	* tests/virstoragetest.c (mymain): Modify structs as we go, rather
	than up-front.
	(testStorageChain): Make failure debugging easier.

	conf: test for more scenarios
	Part of the upcoming refactoring will change how broken chains
	are detected; it makes sense to test that this works.  In
	particular, test the just-fixed infinite loop detection bug.
	Also, make sure that detection of directories is sane.
	* tests/virstoragetest.c (testStorageChain): Enhance test.
	(mymain): Add more tests.
	(testCleanupImages, testPrepImages): Populate a directory.

	conf: fix detection of infinite backing loop
	While trying to refactor the backing file chain, I noticed that
	if you have a self-referential qcow2 file via a relative name:
	qemu-img create -f qcow2 loop 10M
	qemu-img rebase -u -f qcow2 -F qcow2 -b loop loop
	then libvirt was creating a chain 2 deep before realizing it
	had hit a loop; furthermore, virStorageFileChainCheckBroken
	was not identifying the chain as broken.  With this patch,
	the loop is detected when the chain is only 1 deep; still
	enough for storage volume XML to display the file, but now
	with a proper error report about where the loop was found.
	This patch adds a parameter to virStorageFileGetMetadataRecurse,
	so that errors at the top of the chain remain unchanged; messages
	issued for backing files now use the name provided by the user
	instead of the canonical name (for VDSM, which uses relative
	symlinks to device mapper block devices, this is actually more
	useful).
	* src/util/virstoragefile.c (virStorageFileGetMetadataRecurse):
	Add parameter, require canonical path up front.  Mark chain
	broken on OOM or loop detection.
	(virStorageFileGetMetadata): Pass in canonical name.

2014-04-09  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vmware: set the driver version
	Since commit 7457cbe8 the vmware driver version isn't set anymore.

2014-04-09  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	tests: add bhyve xml2xml test
	The only implemented test for now is domain metadata test.

	bhyve: add domain metadata support
	Implement domainSetMetadata and domainGetMetadata driver calls.

	bhyve: fix ATTRIBUTE_NONNULL usage
	Fix incorrect ATTRIBUTE_NONNULL usage introduced in 17b17565
	which caused build failure:
	bhyve/bhyve_driver.c:127:48: error: expected ')'
	bhyveDriverGetCapabilities(bhyveConnPtr driver ATTRIBUTE_NONNULL)
	                                               ^
	bhyve/bhyve_driver.c:127:27: note: to match this '('
	bhyveDriverGetCapabilities(bhyveConnPtr driver ATTRIBUTE_NONNULL)
	Pushed under the build breaker rule.

2014-04-08  Richard Weinberger  <richard@nod.at>

	LXC: Fix return code evaulation in lxcCheckNetNsSupport()
	Commit b9dd878f (util: make it easier to grab only regular command exit)
	changed the call semantics of virCommandRun() and therefore of virRun()
	too. But lxcCheckNetNsSupport() was not updated.
	As consequence of this lxcCheckNetNsSupport always failed and broke LXC.

2014-04-08  Ján Tomko  <jtomko@redhat.com>

	Fix incorrect values in redirdev ABI check error
	My commit c9123fb introduced this copy-and-paste error.

2014-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Use a static initializer for static mutexes
	Now that we ditched our custom pthread impl for Win32, we can
	use PTHREAD_MUTEX_INITIALIZER for static mutexes. This avoids
	the need to use a virOnce one-time global initializer in a
	number of places.

	Add syntax check to validate capitalization of abbreviations
	Use a syntax-check rule to force PCI, USB and SCSI instead
	of Pci, Usb and Scsi.

	Replace Pci with PCI throughout
	Since it is an abbreviation, PCI should always be fully
	capitalized or full lower case, never Pci.

	Replace Usb with USB throughout
	Since it is an abbreviation, USB should always be fully
	capitalized or full lower case, never Usb.

	Replace Scsi with SCSI throughout
	Since it is an abbreviation, SCSI should always be fully
	capitalized or full lower case, never Scsi.

	Switch systemd test to use generic dbus mock
	Remove the virsystemdmock.la library and instead make use
	of the shared virmockdbus.la library

	Create a re-usable DBus LD_PRELOAD mock library
	A number of test suites want to mock the DBus APIs. To avoid
	re-inventing the wheel create a re-usable virmockdbus.la
	library for LD_PRELOAD usage.

	Introduce a new set of helper macros for mocking symbols
	Introduce virmock.h which provides some macros to assist in
	creation of LD_PRELOAD overrides. When these are used, the
	LD_PRELOAD code simply has some stubs which forward to a
	wrapper function inside the main test case. This means that
	logic for the test no longer has to be split between the
	virXXXtest.c and virXXXmock.c files. It will also make it
	possible to provide some common reusable modules for mocking
	code like DBus.

2014-04-08  Wangrui (K)  <moon.wangrui@huawei.com>

	virNetDev{Replace,Restore}MacAddress: Fix memory leak
	Functions virNetDevRestoreMacAddress() and virNetDevRestoreMacAddress()
	allocate memory for variable @path using virAsprintf(), but they
	haven't freed that memory before returning out.

2014-04-08  Michal Privoznik  <mprivozn@redhat.com>

	bhyveConnectGetCapabilities: Fix double caps unref
	At the beginning of the function we gain a reference to the driver
	capabilities. Then, we call format function (*) which if failed, unref
	over caps is called. Then, at the end another unref occurs.
	* - Moreover, the format was not called over gained caps, but over
	privconn->caps directly which is not allowed anymore.

	Simplify bhyveDriverGetCapabilities()
	The driver passed as the only argument to the function should never be
	NULL so there's no need to check it. After removing it, the whole
	function collapses to a single line doing ref over driver
	capabilities.

	bhyve_capabilities: Add Semihalf to Copyright
	Since b15a2bbd we have the new bhyve_capabilities.[ch] files.
	However, the copyright is held by both Roman and Semihalf.

2014-04-08  Guido Günther  <agx@sigxcpu.org>

	tests: Don't crash when creating the config object fails
	As observed when building in a chroot and QEMU_USER doesn't exist

	tests: link against libxml2
	to avoid
	CCLD     storagevolxml2argvtest
	/usr/bin/ld: ../src/.libs/libvirt_driver_storage_impl.a(libvirt_driver_storage_impl_la-storage_backend.o): undefined reference to symbol 'xmlFreeDoc@@LIBXML2_2.4.30'
	//usr/lib/x86_64-linux-gnu/libxml2.so.2: error adding symbols: DSO missing from command line

2014-04-08  Eric Blake  <eblake@redhat.com>

	conf: avoid memleak on NULL path
	I noticed that the apparmor code could request metadata even
	for a cdrom with no media, which would cause a memory leak of
	the hash table used to look for loops in the backing chain.
	But even before that, we blindly dereferenced the path for
	printing a debug statement, so it is just better to enforce
	that this is only used on non-NULL names.
	* src/util/virstoragefile.c (virStorageFileGetMetadata): Assume
	non-NULL path.
	* src/util/virstoragefile.h: Annotate this.
	* src/security/virt-aa-helper.c (get_files): Fix caller.

2014-04-08  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc conf2xml: don't let current vcpus at 0: define won't like it

2014-04-07  Wojciech Macek  <wma@semihalf.com>

	bhyve: connectCompareCPU support
	Implement support for connectCompareCPU.

	bhyve: create capabilities submodule
	- Move all capabilities functions to separate file
	- Add initCPU

	bhyve: support for connectBaselineCPU
	Implement bhyveConnectBaselineCPU to support OpenStack/Nova

2014-04-07  Laine Stump  <laine@laine.org>

	interface: dump inactive xml when interface isn't active
	Other drivers in libvirt (e.g. network, qemu) will automatically
	return the "inactive" (persistent configuration) XML of an object when
	that object is inactive. The netcf backend of the interface driver
	would always try to return the live status XML of the interface, even
	when it was down. Although netcf does return valid XML in that case,
	for bond interfaces it is missing almost all of its content, including
	the <bond> subelement itself, leading to this error message from
	"virsh iface-dumpxml" of a bond interface that is inactive:
	  error: XML error: bond interface misses the bond element
	(this is because libvirt's validation of the XML returned by netcf
	always requires a <bond> element be present).
	This patch modifies the interface driver netcf backend to check if the
	interface is inactive, and in that case always return the inactive XML
	(which will always have a <bond> element, thus eliminating the error
	message, as well as making operation more in line with other drivers.
	This fixes the following bug:
	  https://bugzilla.redhat.com/show_bug.cgi?id=878394

2014-04-07  Eric Blake  <eblake@redhat.com>

	hash: add common utility functions
	I almost wrote a hash value free function that just called
	VIR_FREE, then realized I couldn't be the first person to
	do that.  Sure enough, it was worth factoring into a common
	helper routine.
	* src/util/virhash.h (virHashValueFree): New function.
	* src/util/virhash.c (virHashValueFree): Implement it.
	* src/util/virobject.h (virObjectFreeHashData): New function.
	* src/libvirt_private.syms (virhash.h, virobject.h): Export them.
	* src/nwfilter/nwfilter_learnipaddr.c (virNWFilterLearnInit): Use
	common function.
	* src/qemu/qemu_capabilities.c (virQEMUCapsCacheNew): Likewise.
	* src/qemu/qemu_command.c (qemuDomainCCWAddressSetCreate):
	Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorGetBlockInfo): Likewise.
	* src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Likewise.
	* src/util/virclosecallbacks.c (virCloseCallbacksNew): Likewise.
	* src/util/virkeyfile.c (virKeyFileParseGroup): Likewise.
	* tests/qemumonitorjsontest.c
	(testQemuMonitorJSONqemuMonitorJSONGetBlockInfo): Likewise.

2014-04-07  Jincheng Miao  <jmiao@redhat.com>

	tests: build viridentitytest only WITH_ATTR.
	Commit d7c4e0036 assumed all SELinux tests depended upon
	securityselinuxhelper need xattr support, but forgot to
	move viridentitytest under WITH_ATTR.
	Reported-by: Nehal J Wani <nehaljw.kkd1@gmail.com>

2014-04-07  Peter Krempa  <pkrempa@redhat.com>

	maint: Correctly detect wether "gluster" cli tool is accessible
	The configure definition previously always defined the GLUSTER_CLI macro
	and thus the code needing it wasn't compiled out if the tool wasn't
	accessible.

2014-04-07  Guido Günther  <agx@sigxcpu.org>

	libvirt-guests: avoid bashism
	At least Debian uses dash to run the init scripts

2014-04-07  Antoni S. Puimedon  <asegurap@redhat.com>

	QoS: make tc filters match all traffic
	Up until now the traffic control filters for the vNIC QoS were
	matching only ip traffic. For egress traffic that was unnoticed
	because the unmatched traffic would just go to the default htb class
	and be shaped anyway. For ingress, though, since the policing of the
	rate is done by the filter itself.
	The problem is solved by changing protocol to all and making anything
	match the filter.
	Bug-Url: https://bugzilla.redhat.com/1084444

2014-04-05  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add xml2argv tests for console

	bhyve: add console support through nmdm device
	nmdm is a FreeBSD driver which allows to create a pair of tty
	devices one of which is passed to the guest and second is used
	by the client.
	This patch adds new 'nmdm' character device type. Its definition
	looks this way:
	<serial type='nmdm'>
	  <source master='/dev/nmdm0A' slave='/dev/nmdm0B'/>
	</serial>
	Master is passed to the hypervisior and slave is used for client
	connection.
	Also implement domainOpenConsole() for bhyve driver based on that.

2014-04-05  David Shane Holden  <dpejesh@yahoo.com>

	bhyve: domain autostart support

2014-04-05  Eric Blake  <eblake@redhat.com>

	conf: track when storage type is still undetermined
	Right now, virStorageFileMetadata tracks bool backingStoreIsFile
	for whether the backing string specified in metadata can be
	resolved as a file (covering both block and regular file
	resources) or is treated as a network protocol.  But when
	merging this struct with virStorageSource, it will be easier
	to just actually track which type of resource it is, as well
	as have a reserved value for the case where the resource type
	is unknown (or had an error during probing).
	* src/util/virstoragefile.h (virStorageType): Add a placeholder
	value, swap order to match similar public enum.
	* src/util/virstoragefile.c (virStorage): Update string mapping.
	* src/conf/domain_conf.c (virDomainDiskSourceParse)
	(virDomainDiskDefParseXML, virDomainDiskDefFormat)
	(virDomainDiskSourceFormat): Adjust clients.
	* src/conf/snapshot_conf.c (virDomainSnapshotDiskDefParseXML):
	Likewise.
	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotPrepareDiskExternalBackingInactive)
	(qemuDomainSnapshotPrepareDiskExternalOverlayActive)
	(qemuDomainSnapshotPrepareDiskExternalOverlayInactive)
	(qemuDomainSnapshotPrepareDiskInternal)
	(qemuDomainSnapshotCreateSingleDiskActive): Likewise.
	* src/qemu/qemu_command.c (qemuGetDriveSourceString): Likewise.

	tests: refactor virstoragetest for less stack space
	I'm about to add fields to virStorageFileMetadata, which means
	also adding fields to the testFileData struct in virstoragetest.
	Alas, adding even one pointer on an x86_64 machine gave me a
	dreaded compiler error:
	virstoragetest.c:712:1: error: the frame size of 4208 bytes is larger than 4096 bytes [-Werror=frame-larger-than=]
	After some experimentation, I realized that each test was creating
	yet another testChainData (which contains testFileData) on the stack;
	forcing the reuse of one of these structures instead of creating a
	fresh one each time drastically reduces the size requirements.  While
	at it, I also got rid of a lot of intermediate structs, with some
	macro magic that lets me directly build up the destination chains
	inline.
	For a bit more insight into what this patch does:
	The old code uses an intermediate variable as a fixed-size array
	of structs:
	testFileData chain[] = { a, b };
	data.files = chain;
	In the new code, the use of VIR_FLATTEN_* allows the TEST_CHAIN()
	macro to still take a single argument for each chain, but now of
	the form '(a, b)', where it is turned into the var-args 'a, b'
	multiple arguments understood by TEST_ONE_CHAIN().  Thus, the
	new code avoids an intermediate variable, and directly provides
	the list of pointers to be assigned into array elements:
	data.files = { &a, &b };
	* tests/virstoragetest.c (mymain): Rewrite TEST_ONE_CHAIN to
	reuse the same struct for each test, and to take the data
	inline rather than via intermediate variables.
	(testChainData): Use bounded array of pointers instead of
	unlimited array of struct.
	(testStorageChain): Reflect struct change.

	tests: use C99 initialization for storage test
	Writing this test with C99 initializers will make it easier to test
	additions and deletions to struct members as I refactor the code.
	* tests/virstoragetest.c (mymain): Rewrite initializers.

2014-04-04  John Ferlan  <jferlan@redhat.com>

	NFS storage pool: Fix libvirtd crash due to refactor edit
	Commit id '18642d10' refactored the call to virCommandRunRegex()
	inside a new function virStorageBackendFileSystemNetFindNFSPoolSources(),
	but the cut-n-paste didn't remove the "&state".  Now that state is passed
	by reference, it results in a libvirtd core with a messages entry:
	"...internal error: unknown storage pool type Unknow"

2014-04-04  Olivia Yin  <Hong-Hua.Yin@freescale.com>

	Define CPUINFO_FILE_LEN and fix maxlen of cpuinfo file for all uses
	For example, the file /proc/cpuinfo for 24 cores PowerPC platform is larger than
	the previous maximum size 2KB.
	It will fail to start libvirtd with the error message as below:
	virFileReadAll: Failed to read file '/proc/cpuinfo': Value too large for defined
	data type
	virSysinfoRead: internal error Failed to open /proc/cpuinfo
	This patch defines CPUINFO_FILE_LEN as 10KB which is enough for most architectures.

2014-04-04  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix Memory Leak in daemon/libvirtd.c
	Fixes leak introduced by e562e82f
	==4937== 64 bytes in 1 blocks are definitely lost in loss record 270 of 405
	==4937==    at 0x4A06BE0: realloc (vg_replace_malloc.c:662)
	==4937==    by 0x6FA41C4: __vasprintf_chk (vasprintf_chk.c:90)
	==4937==    by 0x50C8D29: virVasprintfInternal (stdio2.h:199)
	==4937==    by 0x50C8E3A: virAsprintfInternal (virstring.c:362)
	==4937==    by 0x11D01A: main (libvirtd.c:1170)

2014-04-03  Stefan Bader  <stefan.bader@canonical.com>

	libxl: Set disk format for empty cdrom device
	The XML config for a CDROM device can be without a source path,
	indicating that there is no media present. Without this change
	the libxl driver fails to start a guest in that case because
	the libxl library checks for the LIBXL_DISK_FORMAT_EMPTY format
	type and tries to stat the NULL pointer that gets passed on.
	> libxl: error: libxl_device.c:265:libxl__device_disk_set_backend:
	> Disk vdev=hdc failed to stat: (null): Bad address

	libxl: Use id from virDomainObj inside the driver
	There is a domain id in the virDomain structure as well as in the
	virDomainObj structure. While the former can become stale the latter
	is kept up to date. So it is safer to always (virDomainObjPtr)->def->id
	internally.
	This will fix issues seen when managing Xen guests through libvirt from
	virt-manager (not being able to get domain info after define or reboot).
	This was caused both though libxlDomainGetInfo() only but there were
	a lot of places that might potentially cause issues, too.

2014-04-03  Ján Tomko  <jtomko@redhat.com>

	Add redirdevs to ABI stability check
	Check the bus, type of the source device (tcp vs. spicevmc)
	and the device address visible in the guest.
	https://bugzilla.redhat.com/show_bug.cgi?id=1035128

	Use the force flag for mkfs -t xfs
	Without this, building an XFS pool on a formatted partition
	fails with --overwrite.
	https://bugzilla.redhat.com/show_bug.cgi?id=927172

2014-04-03  Li Yang  <liyang.fnst@cn.fujitsu.com>

	virsh: Make 'exit' action same as 'quit'
	For now 'virsh quit' action like this:
	--------------------------------
	[root@localhost /]# virsh quit
	[root@localhost /]#
	--------------------------------
	And 'virsh exit' action:
	--------------------------------
	[root@localhost /]# virsh exit
	[root@localhost /]#
	--------------------------------
	There is a small difference('/n') between them.
	According to manual said:
	       quit, exit
	           quit this interactive terminal
	And in the code they all called cmdQuit func,
	They should get same actions.

2014-04-03  Martin Kletzander  <mkletzan@redhat.com>

	qemu: make sure agent returns error when required data are missing
	Commit 5b3492fa aimed to fix this and caught one error but exposed
	another one.  When agent command is being executed and the thread
	waiting for the reply is woken up by an event (e.g. EOF in case of
	shutdown), the command finishes with no data (rxObject == NULL), but
	no error is reported, since this might be desired by the caller
	(e.g. suspend through agent).  However, in other situations, when the
	data are required (e.g. getting vCPUs), we proceed to getting desired
	data out of the reply, but none of the virJSON*() functions works well
	with NULLs.  I chose the way of a new parameter for qemuAgentCommand()
	function that specifies whether reply is required and behaves
	according to that.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1058149

2014-04-03  Ján Tomko  <jtomko@redhat.com>

	Include PCI address in the error in virDomainNetFindIdx
	When looking up a net device by a MAC and PCI address, it is possible
	that we've got a match on the MAC address but failed to match the
	PCI address.
	In that case, outputting just the MAC address can be confusing.
	Partially resolves:
	https://bugzilla.redhat.com/show_bug.cgi?id=872028

	Move error reporting into virDomainNetFindIdx
	Every caller checked the return value and logged an error
	- one if no device with the specified MAC was found,
	other if there were multiple devices matching the MAC address
	(except for qemuDomainUpdateDeviceConfig which logged the same
	 message in both cases).
	Move the error reporting into virDomainNetFindIdx, since in both cases,
	we couldn't find one single match - it's just the error messages that
	differ.

2014-04-03  Eric Blake  <eblake@redhat.com>

	tests: simplify storage test cleanup
	No need to spawn a child 'rm' process when we can do it ourselves.
	* tests/virstoragetest.c (testCleanupImages): Use dedicated
	helper.

2014-04-03  Cole Robinson  <crobinso@redhat.com>

	storage: Report error from VolOpen by default
	Currently VolOpen notifies the user of a potentially non-fatal failure by
	returning -2 and logging a VIR_WARN or VIR_INFO. Unfortunately most
	callers treat -2 as fatal but don't actually report any message with
	the error APIs.
	Rename the VOL_OPEN_ERROR flag to VOL_OPEN_NOERROR. If NOERROR is specified,
	we preserve the current behavior of returning -2 (there's only one caller
	that wants this).
	However in the default case, only return -1, and actually use the error
	APIs. Fix up a couple callers as a result.

2014-04-02  Ján Tomko  <jtomko@redhat.com>

	Fix coverity-reported leak in virSecurityManagerGenLabel
	Coverity complains about a possible leak of seclabel if
	!sec_managers[i]->drv->domainGenSecurityLabel is true
	and the seclabel might be overwritten by the next iteration
	of the loop.
	This leak should never happen, because every security driver
	has domainGenSecurityLabel defined.

2014-04-02  Eric Blake  <eblake@redhat.com>

	conf: modify tracking of encrypted images
	A future patch will merge virStorageFileMetadata and virStorageSource,
	but I found it easier to do if both structs use the same information
	for tracking whether a source file needs encryption keys.
	* src/util/virstoragefile.h (_virStorageFileMetadata): Prepare
	full encryption struct instead of just a bool.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Use transfer semantics.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Likewise.
	* src/util/virstoragefile.c (virStorageFileGetMetadataInternal):
	Populate struct.
	(virStorageFileFreeMetadata): Adjust clients.
	* tests/virstoragetest.c (testStorageChain): Likewise.

	conf: drop redundant parameters during probe
	Now that each virStorageSource can track allocation information,
	and given that we already have the information without extra
	syscalls, it's easier to just always populate the information
	directly into the struct than it is to sometimes pass the address
	of the struct members down the call chain.
	* src/storage/storage_backend.h (virStorageBackendUpdateVolInfo)
	(virStorageBackendUpdateVolTargetInfo)
	(virStorageBackendUpdateVolTargetInfoFD): Update signature.
	* src/storage/storage_backend.c (virStorageBackendUpdateVolInfo)
	(virStorageBackendUpdateVolTargetInfo)
	(virStorageBackendUpdateVolTargetInfoFD): Always populate struct
	members instead.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskMakeDataVol): Update client.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget)
	(virStorageBackendFileSystemRefresh)
	(virStorageBackendFileSystemVolRefresh): Likewise.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalMakeVol): Likewise.
	* src/storage/storage_backend_mpath.c
	(virStorageBackendMpathNewVol): Likewise.
	* src/storage/storage_backend_scsi.c
	(virStorageBackendSCSINewLun): Likewise.

	conf: track sizes directly in source struct
	One of the features of qcow2 is that a wrapper file can have
	more capacity than its backing file from the guest's perspective;
	what's more, sparse files make tracking allocation of both
	the active and backing file worthwhile.  As such, it makes
	more sense to show allocation numbers for each file in a chain,
	and not just the top-level file.  This sets up the fields for
	the tracking, although it does not modify XML to display any
	new information.
	* src/util/virstoragefile.h (_virStorageSource): Add fields.
	* src/conf/storage_conf.h (_virStorageVolDef): Drop redundant
	fields.
	* src/storage/storage_backend.c (virStorageBackendCreateBlockFrom)
	(createRawFile, virStorageBackendCreateQemuImgCmd)
	(virStorageBackendCreateQcowCreate): Update clients.
	* src/storage/storage_driver.c (storageVolDelete)
	(storageVolCreateXML, storageVolCreateXMLFrom, storageVolResize)
	(storageVolWipeInternal, storageVolGetInfo): Likewise.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget)
	(virStorageBackendFileSystemRefresh)
	(virStorageBackendFileSystemVolResize)
	(virStorageBackendFileSystemVolRefresh): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalMakeVol)
	(virStorageBackendLogicalCreateVol): Likewise.
	* src/storage/storage_backend_scsi.c
	(virStorageBackendSCSINewLun): Likewise.
	* src/storage/storage_backend_mpath.c
	(virStorageBackendMpathNewVol): Likewise.
	* src/storage/storage_backend_rbd.c
	(volStorageBackendRBDRefreshVolInfo)
	(virStorageBackendRBDCreateImage): Likewise.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskMakeDataVol)
	(virStorageBackendDiskCreateVol): Likewise.
	* src/storage/storage_backend_sheepdog.c
	(virStorageBackendSheepdogBuildVol)
	(virStorageBackendSheepdogParseVdiList): Likewise.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Likewise.
	* src/conf/storage_conf.c (virStorageVolDefFormat)
	(virStorageVolDefParseXML): Likewise.
	* src/test/test_driver.c (testOpenVolumesForPool)
	(testStorageVolCreateXML, testStorageVolCreateXMLFrom)
	(testStorageVolDelete, testStorageVolGetInfo): Likewise.
	* src/esx/esx_storage_backend_iscsi.c (esxStorageVolGetXMLDesc):
	Likewise.
	* src/esx/esx_storage_backend_vmfs.c (esxStorageVolGetXMLDesc)
	(esxStorageVolCreateXML): Likewise.
	* src/parallels/parallels_driver.c (parallelsAddHddByVolume):
	Likewise.
	* src/parallels/parallels_storage.c (parallelsDiskDescParseNode)
	(parallelsStorageVolDefineXML, parallelsStorageVolCreateXMLFrom)
	(parallelsStorageVolDefRemove, parallelsStorageVolGetInfo):
	Likewise.
	* src/vbox/vbox_tmpl.c (vboxStorageVolCreateXML)
	(vboxStorageVolGetXMLDesc): Likewise.
	* tests/storagebackendsheepdogtest.c (test_vdi_list_parser):
	Likewise.
	* src/phyp/phyp_driver.c (phypStorageVolCreateXML): Likewise.

	conf: use common struct in storage volumes
	A fairly smooth transition.  And now that domain disks and
	storage volumes share a common struct, it opens the doors for
	a future patch to expose more details in the XML for both
	objects.
	* src/conf/storage_conf.h (_virStorageVolTarget): Delete.
	(_virStorageVolDef): Use common type.
	* src/conf/storage_conf.c (virStorageVolDefFree)
	(virStorageVolTargetDefFormat): Update clients.
	* src/storage/storage_backend.h: Likewise.
	* src/storage/storage_backend.c
	(virStorageBackendDetectBlockVolFormatFD)
	(virStorageBackendUpdateVolTargetInfo)
	(virStorageBackendUpdateVolTargetInfoFD): Likewise.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.

	conf: move volume structs to util/
	Another step towards unification of structures.  While we might
	not expose everything in XML via domain disk as we do for
	storage volume pointer, both places want to deal with (at least
	part of) the backing chain; therefore, moving towards a single
	struct usable from both contexts will make the backing chain
	code more reusable.
	* src/conf/storage_conf.h (_virStoragePerms)
	(virStorageTimestamps): Move...
	* src/util/virstoragefile.h: ...here.
	(_virStorageSource): Add more fields.
	* src/util/virstoragefile.c (virStorageSourceClear): Clean
	additional fields.

	conf: tweak volume target struct details
	Some preparatory work before consolidating storage volume
	structs with the rest of virstoragefile.  Making these
	changes allows a volume target to be much closer to (a
	subset of) the virStorageSource struct.
	Making perms be a pointer allows it to be optional if we
	have a storage pool that doesn't expose permissions in a
	way we can access.  It also allows future patches to
	optionally expose permissions details learned about a disk
	image via domain <disk> listings, rather than just
	limiting it to storage volume listings.
	Disk partition types was only used by internal code to
	control what type of partition to create when carving up
	an MS-DOS partition table storage pool (and is not used
	for GPT partition tables or other storage pools).  It was
	not exposed in volume XML, and as it is more closely
	related to extent information of the overall block device
	than it is to the <target> information describing the host
	file.  Besides, if we ever decide to expose it in XML down
	the road, we can move it back as needed.
	* src/conf/storage_conf.h (_virStorageVolTarget): Change perms to
	pointer, enhance comments.  Move partition type...
	(_virStorageVolSource): ...here.
	* src/conf/storage_conf.c (virStorageVolDefFree)
	(virStorageVolDefParseXML, virStorageVolTargetDefFormat): Update
	clients.
	* src/storage/storage_backend_fs.c (createFileDir): Likewise.
	* src/storage/storage_backend.c (virStorageBackendCreateBlockFrom)
	(virStorageBackendCreateRaw, virStorageBackendCreateExecCommand)
	(virStorageBackendUpdateVolTargetInfoFD): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalCreateVol): Likewise.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskMakeDataVol)
	(virStorageBackendDiskPartTypeToCreate): Likewise.

	conf: manage disk source by struct instead of pieces
	Now that we have a dedicated type for representing a disk source,
	we might as well parse and format directly into that type instead
	of piecemeal into pointers to members of the type.
	* src/conf/domain_conf.h (virDomainDiskSourceDefFormatInternal)
	(virDomainDiskSourceDefParse): Rename...
	(virDomainDiskSourceFormat, virDomainDiskSourceParse): ...and
	compress signatures.
	* src/conf/domain_conf.c (virDomainDiskSourceParse)
	(virDomainDiskSourceFormat): Rewrite to use common struct.
	(virDomainDiskSourceDefFormat): Delete.
	(virDomainDiskDefParseXML, virDomainDiskDefFormat): Update
	callers.
	* src/conf/snapshot_conf.c (virDomainSnapshotDiskDefParseXML)
	(virDomainSnapshotDiskDefFormat): Likewise.

	phyp: fix logic error on volume creation
	The phyp code claims that it wants a non-zero value, but actually
	enforces a capacity of zero.  It has been this way since commit
	ebc46fe in June 2010.  Bummer that it has my name as the committer
	- I guess I should have been much more stubborn about not blindly
	taking someone else's 1600-line patch.
	* src/phyp/phyp_driver.c (phypStorageVolCreateXML): Use correct
	logic.

2014-04-02  Martin Kletzander  <mkletzan@redhat.com>

	qemu: remove unneeded forward declaration
	by moving qemuAgentCommand() after qemuAgentCheckError().

2014-04-02  Shanzhi Yu  <shyu@redhat.com>

	virsh: man: delete the unexpected character in snapshot-list

2014-04-02  Martin Kletzander  <mkletzan@redhat.com>

	qemu: cleanup error checking on agent replies
	On all the places where qemuAgentComand() was called, we did a check
	for errors in the reply.  Unfortunately, some of the places called
	qemuAgentCheckError() without checking for non-null reply which might
	have resulted in a crash.
	So this patch makes the error-checking part of qemuAgentCommand()
	itself, which:
	 a) makes it look better,
	 b) makes the check mandatory and, most importantly,
	 c) checks for the errors if and only if it is appropriate.
	This actually fixes a potential crashers when qemuAgentComand()
	returned 0, but reply was NULL.  Having said that, it *should* fix the
	following bug:
	https://bugzilla.redhat.com/show_bug.cgi?id=1058149

2014-04-02  Eric Blake  <eblake@redhat.com>

	maint: fix spelling errors in disk pools
	Noticed during my work on storage struct cleanups.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskPartBoundaries): Fix spelling errors.

	conf: let snapshots share disk source struct
	Now that we have a common struct, it's time to start using it!
	Since external snapshots make a longer backing chain, it is
	only natural to use the same struct for the file created by
	the snapshot as what we use for <domain> disks.
	* src/conf/snapshot_conf.h (_virDomainSnapshotDiskDef): Use common
	struct instead of open-coded duplicate fields.
	* src/conf/snapshot_conf.c (virDomainSnapshotDiskDefClear)
	(virDomainSnapshotDiskDefParseXML, virDomainSnapshotAlignDisks)
	(virDomainSnapshotDiskDefFormat)
	(virDomainSnapshotDiskGetActualType): Adjust clients.
	* src/qemu/qemu_conf.c (qemuTranslateSnapshotDiskSourcePool):
	Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiskGetSourceString)
	(qemuDomainSnapshotCreateInactiveExternal)
	(qemuDomainSnapshotPrepareDiskExternalOverlayActive)
	(qemuDomainSnapshotPrepareDiskExternal)
	(qemuDomainSnapshotPrepare)
	(qemuDomainSnapshotCreateSingleDiskActive): Likewise.
	* src/storage/storage_driver.c
	(virStorageFileInitFromSnapshotDef): Likewise.

	conf: move common disk source functions
	Move some functions out of domain_conf for use in the next
	patch where snapshot starts to directly use structs in
	virstoragefile.
	* src/conf/domain_conf.c (virDomainDiskDefFree)
	(virDomainDiskSourcePoolDefParse): Adjust callers.
	(virDomainDiskSourceDefClear, virDomainDiskSourcePoolDefFree)
	(virDomainDiskAuthClear): Move...
	* src/util/virstoragefile.c (virStorageSourceClear)
	(virStorageSourcePoolDefFree, virStorageSourceAuthClear): ...and
	rename.
	* src/conf/domain_conf.h (virDomainDiskAuthClear): Drop
	declaration.
	* src/qemu/qemu_conf.c (qemuTranslateDiskSourcePool): Adjust
	caller.
	* src/util/virstoragefile.h: Declare them.
	* src/libvirt_private.syms (virstoragefile.h): Export them.

	util: don't support loopback and nbd when setuid
	The only remaining reason that virt-login-shell was trying to
	link against virstoragefile was because of a call to
	virStorageFileFormatTypeToString when spawning a qemu-nbd
	process - but setuid processes shouldn't be spawning qemu-nbd.
	* src/util/virfile.c (virFileLoopDeviceAssociate)
	(virFileNBDDeviceAssociate): Cripple in setuid builds.
	* src/Makefile.am (libvirt_setuid_rpc_client_la_SOURCES):
	Drop virstoragefile from the list.

	util: move detection of shared filesystems
	The code in virstoragefile.c is getting more complex as I
	consolidate backing chain handling code.  But for the setuid
	virt-login-shell, we don't need to crawl backing chains.  It's
	easier to audit things for setuid security if there are fewer
	files involved, so this patch moves the one function that
	virFileOpen() was actually relying on to also live in virfile.c.
	* src/util/virstoragefile.c (virStorageFileIsSharedFS)
	(virStorageFileIsSharedFSType): Move...
	* src/util/virfile.c (virFileIsSharedFS, virFileIsSharedFSType):
	...to here, and rename.
	(virFileOpenAs): Update caller.
	* src/security/security_selinux.c
	(virSecuritySELinuxSetFileconHelper)
	(virSecuritySELinuxSetSecurityAllLabel)
	(virSecuritySELinuxRestoreSecurityImageLabelInt): Likewise.
	* src/security/security_dac.c
	(virSecurityDACRestoreSecurityImageLabelInt): Likewise.
	* src/qemu/qemu_driver.c (qemuOpenFileAs): Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationIsSafe): Likewise.
	* src/util/virstoragefile.h: Adjust declarations.
	* src/util/virfile.h: Likewise.
	* src/libvirt_private.syms (virfile.h, virstoragefile.h): Move
	symbols as appropriate.

	conf: move storage source type to util/
	With this patch, all information related to a host resource in
	a storage file backing chain now lives in util/virstoragefile.h.
	The next step will be to consolidate various places that have
	been tracking backing chain details to all use a common struct.
	The changes to tools/Makefile.am were made necessary by the
	fact that virstorageencryption includes uses of libxml, and is
	now pulled in by inclusion from virstoragefile.h.  No
	additional libraries are linked into the final image, and in
	comparison, the build of the setuid library in src/Makefile.am
	already was using LIBXML_CFLAGS via AM_CFLAGS.
	* src/conf/domain_conf.h (virDomainDiskSourceDef): Move...
	* src/util/virstoragefile.h (virStorageSource): ...and rename.
	* src/conf/domain_conf.c (virDomainDiskSourceDefClear)
	(virDomainDiskAuthClear): Adjust clients.
	* tools/Makefile.am (virt_login_shell_CFLAGS)
	(virt_host_validate_CFLAGS): Add libxml headers.

	conf: move storage secret type to util/
	This one is a relatively easy move.  We don't ever convert the
	enum to or from strings (it is inferred from other elements in
	the xml, rather than directly represented).
	* src/conf/domain_conf.h (virDomainDiskSecretType): Move...
	* src/util/virstoragefile.h (virStorageSecreteType): ...and
	rename.
	* src/conf/domain_conf.c (virDomainDiskSecretType): Drop unused
	enum conversion.
	(virDomainDiskAuthClear, virDomainDiskDefParseXML)
	(virDomainDiskDefFormat): Adjust clients.
	* src/qemu/qemu_command.c (qemuGetSecretString): Likewise.
	* src/qemu/qemu_conf.c (qemuTranslateDiskSourcePoolAuth):
	Likewise.

	conf: move source pool type to util/
	Another struct being moved to util.  This one doesn't have as
	much use yet, thankfully.
	* src/conf/domain_conf.h (virDomainDiskSourcePoolMode)
	(virDomainDiskSourcePoolDef): Move...
	* src/util/virstoragefile.h (virStorageSourcePoolMode)
	(virStorageSourcePoolDef): ...and rename.
	* src/conf/domain_conf.c (virDomainDiskSourcePoolDefFree)
	(virDomainDiskSourceDefClear, virDomainDiskSourcePoolDefParse)
	(virDomainDiskDefParseXML, virDomainDiskSourceDefParse)
	(virDomainDiskSourceDefFormatInternal)
	(virDomainDiskDefForeachPath, virDomainDiskSourceIsBlockType):
	Adjust clients.
	* src/qemu/qemu_conf.c (qemuTranslateDiskSourcePool): Likewise.
	* src/libvirt_private.syms (domain_conf.h): Move symbols...
	(virstoragefile.h): ...as appropriate.

	conf: move storage encryption type to util/
	Encryption keys can be associated with each source file in a
	backing chain; as such, this file belongs more in util/ where
	it can be used by virstoragefile.h.
	* src/conf/storage_encryption_conf.h: Rename...
	* src/util/virstorageencryption.h: ...to this.
	* src/conf/storage_encryption_conf.c: Rename...
	* src/util/virstorageencryption.c: ...to this.
	* src/Makefile.am (ENCRYPTION_CONF_SOURCES, CONF_SOURCES)
	(UTIL_SOURCES): Update to new file names.
	* src/libvirt_private.syms: Likewise.
	* src/conf/domain_conf.h: Update client.
	* src/conf/storage_conf.h: Likewise.

	conf: move network disk protocol type to util/
	Another enum moved to util/, this time the fallout from renaming
	is not quite as large.
	* src/conf/domain_conf.h (virDomainDiskProtocol): Move...
	* src/util/virstoragefile.h (virStorageNetProtocol): ...and
	rename.
	* src/conf/domain_conf.c: Update clients.
	* src/qemu/qemu_command.c: Likewise.
	* src/qemu/qemu_conf.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/qemu/qemu_migration.c: Likewise.
	* src/storage/storage_backend.c: Likewise.
	* src/storage/storage_backend_gluster.c: Likewise.
	* src/libvirt_private.syms (domain_conf.h): Move symbols...
	(virstoragefile.h): ...as appropriate.

	conf: move host disk type to util/
	A continuation of the migration of disk details to virstoragefile.
	This patch moves a single enum, but converting the name has quite
	a bit of fallout.
	* src/conf/domain_conf.h (virDomainDiskType): Move...
	* src/util/virstoragefile.h (virStorageType): ...and rename.
	* src/bhyve/bhyve_command.c (bhyveBuildDiskArgStr)
	(virBhyveProcessBuildLoadCmd): Update clients.
	* src/conf/domain_conf.c (virDomainDiskSourceDefParse)
	(virDomainDiskDefParseXML, virDomainDiskSourceDefFormatInternal)
	(virDomainDiskDefFormat, virDomainDiskGetActualType)
	(virDomainDiskDefForeachPath, virDomainDiskSourceIsBlockType):
	Likewise.
	* src/conf/snapshot_conf.h (_virDomainSnapshotDiskDef): Likewise.
	* src/conf/snapshot_conf.c (virDomainSnapshotDiskDefParseXML)
	(virDomainSnapshotAlignDisks, virDomainSnapshotDiskDefFormat):
	Likewise.
	* src/esx/esx_driver.c (esxAutodetectSCSIControllerModel)
	(esxDomainDefineXML): Likewise.
	* src/locking/domain_lock.c (virDomainLockManagerAddDisk):
	Likewise.
	* src/lxc/lxc_controller.c
	(virLXCControllerSetupLoopDeviceDisk)
	(virLXCControllerSetupNBDDeviceDisk)
	(virLXCControllerSetupLoopDevices, virLXCControllerSetupDisk):
	Likewise.
	* src/parallels/parallels_driver.c (parallelsGetHddInfo):
	Likewise.
	* src/phyp/phyp_driver.c (phypDiskType): Likewise.
	* src/qemu/qemu_command.c (qemuGetDriveSourceString)
	(qemuDomainDiskGetSourceString, qemuBuildDriveStr)
	(qemuBuildCommandLine, qemuParseCommandLineDisk)
	(qemuParseCommandLine): Likewise.
	* src/qemu/qemu_conf.c (qemuCheckSharedDevice)
	(qemuTranslateDiskSourcePool)
	(qemuTranslateSnapshotDiskSourcePool): Likewise.
	* src/qemu/qemu_domain.c (qemuDomainDeviceDefPostParse)
	(qemuDomainDetermineDiskChain): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo)
	(qemuDomainSnapshotPrepareDiskExternalBackingInactive)
	(qemuDomainSnapshotPrepareDiskExternalBackingActive)
	(qemuDomainSnapshotPrepareDiskExternalOverlayActive)
	(qemuDomainSnapshotPrepareDiskExternalOverlayInactive)
	(qemuDomainSnapshotPrepareDiskInternal)
	(qemuDomainSnapshotPrepare)
	(qemuDomainSnapshotCreateSingleDiskActive): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia):
	Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationIsSafe): Likewise.
	* src/security/security_apparmor.c
	(AppArmorRestoreSecurityImageLabel)
	(AppArmorSetSecurityImageLabel): Likewise.
	* src/security/security_dac.c (virSecurityDACSetSecurityImageLabel)
	(virSecurityDACRestoreSecurityImageLabelInt)
	(virSecurityDACSetSecurityAllLabel): Likewise.
	* src/security/security_selinux.c
	(virSecuritySELinuxRestoreSecurityImageLabelInt)
	(virSecuritySELinuxSetSecurityImageLabel)
	(virSecuritySELinuxSetSecurityAllLabel): Likewise.
	* src/storage/storage_backend.c (virStorageFileBackendForType):
	Likewise.
	* src/storage/storage_backend_fs.c (virStorageFileBackendFile)
	(virStorageFileBackendBlock): Likewise.
	* src/storage/storage_backend_gluster.c
	(virStorageFileBackendGluster): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc, vboxAttachDrives)
	(vboxDomainAttachDeviceImpl, vboxDomainDetachDevice): Likewise.
	* src/vmware/vmware_conf.c (vmwareVmxPath): Likewise.
	* src/vmx/vmx.c (virVMXParseDisk, virVMXFormatDisk)
	(virVMXFormatFloppy): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxprDisks, xenParseSxpr)
	(xenFormatSxprDisk): Likewise.
	* src/xenxs/xen_xm.c (xenParseXM, xenFormatXMDisk): Likewise.
	* tests/securityselinuxlabeltest.c (testSELinuxLoadDef):
	Likewise.
	* src/libvirt_private.syms (domain_conf.h): Move symbols...
	(virstoragefile.h): ...as appropriate.

	conf: split network host structs to util/
	Continuing the refactoring of host-side storage descriptions out
	of conf/domain_conf and into util/virstoragefile, this patch
	focuses on details about a host name/port/transport as used by
	a network storage volume.
	* src/conf/domain_conf.h (virDomainDiskProtocolTransport)
	(virDomainDiskHostDef, virDomainDiskHostDefClear)
	(virDomainDiskHostDefFree, virDomainDiskHostDefCopy): Move...
	* src/util/virstoragefile.h (virStorageNetHostTransport)
	(virStorageNetHostDef, virStorageNetHostDefClear)
	(virStorageNetHostDefFree, virStorageNetHostDefCopy): ...here,
	with better names.
	* src/util/virstoragefile.c (virStorageNetHostDefClear)
	(virStorageNetHostDefFree, virStorageNetHostDefCopy): Moved from...
	* src/conf/domain_conf.c (virDomainDiskHostDefClear)
	(virDomainDiskHostDefFree, virDomainDiskHostDefCopy): ...here.
	(virDomainDiskSourceDefClear, virDomainDiskSourceDefParse)
	(virDomainDiskSourceDefFormatInternal): Adjust callers.
	* src/conf/snapshot_conf.h (_virDomainSnapshotDiskDef): Likewise.
	* src/conf/snapshot_conf.c (virDomainSnapshotDiskDefClear):
	Likewise.
	* src/qemu/qemu_command.c (qemuAddRBDHost)
	(qemuParseDriveURIString, qemuParseNBDString)
	(qemuBuildNetworkDriveURI, qemuParseCommandLineDisk)
	(qemuParseCommandLine, qemuGetDriveSourceString): Likewise.
	* src/qemu/qemu_command.h: Likewise.
	* src/qemu/qemu_conf.c (qemuAddISCSIPoolSourceHost)
	(qemuTranslateDiskSourcePool): Likewise.
	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive)
	(qemuDomainSnapshotUndoSingleDiskActive): Likewise.
	* src/storage/storage_backend_gluster.c
	(virStorageFileBackendGlusterInit): Likewise.
	* src/storage/storage_driver.c (virStorageFileFree)
	(virStorageFileInitInternal): Likewise.
	* src/storage/storage_driver.h (_virStorageFile): Likewise.
	* src/libvirt_private.syms (domain_conf.h): Move symbols...
	(virstoragefile.h): ...as appropriate.

	conf: split security label structs to util/
	In order to reuse the newly-created host-side disk struct in
	the virstoragefile backing chain code, I first have to move
	it to util/.  This starts the process, by first moving the
	security label structures.
	* src/conf/domain_conf.h (virDomainDefGenSecurityLabelDef)
	(virDomainDiskDefGenSecurityLabelDef, virSecurityLabelDefFree)
	(virSecurityDeviceLabelDefFree, virSecurityLabelDef)
	(virSecurityDeviceLabelDef): Move...
	* src/util/virseclabel.h: ...to new file.
	(virSecurityLabelDefNew, virSecurityDeviceLabelDefNew): Rename the
	GenSecurity functions.
	* src/qemu/qemu_process.c (qemuProcessAttach): Adjust callers.
	* src/security/security_manager.c (virSecurityManagerGenLabel):
	Likewise.
	* src/security/security_selinux.c
	(virSecuritySELinuxSetSecurityFileLabel): Likewise.
	* src/util/virseclabel.c: New file.
	* src/conf/domain_conf.c: Move security code, and fix fallout.
	* src/Makefile.am (UTIL_SOURCES): Build new file.
	* src/libvirt_private.syms (domain_conf.h): Move symbols...
	(virseclabel.h): ...to new section.

	maint: ensure src/ directory includes are clean
	In 'make syntax-check', we have a rule that prevents layering
	violations between the various files in src.  However, we
	forgot to treat conf/ and the more recently-added access/ as
	lower-level directories, and were not detecting cases where
	they might have used a driver file.  Also, it's not nice that
	qemu can use storage/ but none of the other drivers could do so.
	* cfg.mk (sc_prohibit_cross_inclusion): Tighten rules for conf/
	and access/, let all other drivers use storage/.

2014-04-01  Peter Krempa  <pkrempa@redhat.com>

	storage: gluster: Implement storage pool lookup
	Use the previously implemented function to lookup glusterfs source pools
	for the netfs pool to lookup native gluster pools too.

	storage: netfs: Support lookup of glusterfs pool sources
	https://bugzilla.redhat.com/show_bug.cgi?id=1072714
	Use the "gluster" command line tool to retrieve information about remote
	volumes on a gluster server to allow storage pool source lookup.
	Unfortunately gluster doesn't provide a management library so that we
	could use that directly, instead the RPC calls are hardcoded in the
	command line tool.

	storage: netfs: Split up and tidy up NFS storage pool source function
	Extract the NFS related stuff into a separate function and tidy up the
	rest of the code so we can reuse it to add gluster backend detection.
	Additionally avoid reporting of errors from "showmount" and return an
	empty source list instead. This will help when adding other detection
	backends.

2014-04-01  Michal Privoznik  <mprivozn@redhat.com>

	Bump version to 1.2.4 for new dev cycle

2014-04-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.3
	* docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: pull updated translations and regenerate

2014-04-01  Martin Kletzander  <mkletzan@redhat.com>

	build: fix syntax-check for storage_backend

2014-04-01  Peter Krempa  <pkrempa@redhat.com>

	gluster: Fix "key" attribute for gluster volumes
	According to our documentation the "key" value has the following
	meaning: "Providing an identifier for the volume which identifies a
	single volume." The currently used keys for gluster volumes consist of
	the gluster volume name and file path. This can't be considered unique
	as a different storage server can serve a volume with the same name.
	Unfortunately I wasn't able to figure out a way to retrieve the gluster
	volume UUID which would avoid the possibility of having two distinct
	keys identifying a single volume.
	Use the full URI as the key for the volume to avoid the more critical
	ambiguity problem and document the possible change to UUID.

2014-04-01  Cole Robinson  <crobinso@redhat.com>

	storage: Rename VolOpenCheckMode to VolOpen
	Remove the original VolOpen implementation, which is now only used in
	one spot.

	storage: move block format lookup to shared UpdateVolInfo

	storage: Rename UpdateVolInfoFlags to UpdateVolInfo
	And drop the original UpdateVolInfo. Makes it a bit easier to follow
	the function usage.
	And change the int parameter to an explicit bool.

2014-04-01  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix Memory Leak in testMessageArrayRef()
	While running virdbustest, it was found that valgrind pointed out
	the following memory leaks:
	==9996== 17 (8 direct, 9 indirect) bytes in 1 blocks are definitely lost in loss record 9 of 36
	==9996==    at 0x4A069EE: malloc (vg_replace_malloc.c:270)
	==9996==    by 0x4A06B62: realloc (vg_replace_malloc.c:662)
	==9996==    by 0x4C6B587: virReallocN (viralloc.c:245)
	==9996==    by 0x4C6B6AE: virExpandN (viralloc.c:294)
	==9996==    by 0x4C82B54: virDBusMessageDecodeArgs (virdbus.c:907)
	==9996==    by 0x4C83463: virDBusMessageDecode (virdbus.c:1141)
	==9996==    by 0x402C45: testMessageArrayRef (virdbustest.c:273)
	==9996==    by 0x404E71: virtTestRun (testutils.c:201)
	==9996==    by 0x401C2D: mymain (virdbustest.c:479)
	==9996==    by 0x4055ED: virtTestMain (testutils.c:789)
	==9996==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	==9996==
	==9996== 28 (16 direct, 12 indirect) bytes in 1 blocks are definitely lost in loss record 12 of 36
	==9996==    at 0x4A06BE0: realloc (vg_replace_malloc.c:662)
	==9996==    by 0x4C6B587: virReallocN (viralloc.c:245)
	==9996==    by 0x4C6B6AE: virExpandN (viralloc.c:294)
	==9996==    by 0x4C82B54: virDBusMessageDecodeArgs (virdbus.c:907)
	==9996==    by 0x4C83463: virDBusMessageDecode (virdbus.c:1141)
	==9996==    by 0x402C45: testMessageArrayRef (virdbustest.c:273)
	==9996==    by 0x404E71: virtTestRun (testutils.c:201)
	==9996==    by 0x401C2D: mymain (virdbustest.c:479)
	==9996==    by 0x4055ED: virtTestMain (testutils.c:789)
	==9996==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	==9996==

2014-03-31  Eric Blake  <eblake@redhat.com>

	virsh: fix 'help event'
	'virsh help event' included a summary line "event - (null)"
	due to a misnamed info field.
	* tools/virsh-domain.c (info_event): Use correct name.
	* tools/virsh-network.c (info_network_event): Likewise.

2014-03-31  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: don't leak tap devices on failures
	On failures, virBhyveProcessStart() does not cleanup network
	interfaces that could be created by virBhyveProcessBuildBhyveCmd(),
	which results in a leaked tap device.
	To fix that, extract network cleanup code to bhyveNetCleanup()
	and use it in cleanup stage of virBhyveProcessStart().

2014-03-31  Hongwei Bi  <hwbi2008@gmail.com>

	util: remove useless comment for virCgroupMoveTask in vircgroup.c

2014-03-31  Shanzhi Yu  <shyu@redhat.com>

	virsh: man: Fix spelling of parameters for --memspec in snapshot-create-as
	https://bugzilla.redhat.com/show_bug.cgi?id=1080859
	Snapshot type should be no, internal, or external.

2014-03-31  Peter Krempa  <pkrempa@redhat.com>

	util: storagefile: Don't pursue backing chain of NULL image
	When virStorageFileGetMetadata is called with NULL path argument, the
	invalid pointer boils down through the recursive worker and is caught by
	virHashAddEntry which is thankfully resistant to NULL arguments. As it
	doesn't make sense to pursue backing chains of NULL volumes, exit
	earlier.
	This was noticed in the virt-aahelper-test with a slightly modified
	codebase.

	storage: gluster: Fix crash when initialization of storage backend fails
	The libgfapi function glfs_fini doesn't tolerate NULL pointers. Add a
	check on the error paths as it's possible to crash libvirtd if the
	gluster volume can't be initialized.

	storage: pool: Fix XML indentation in pool source lookup
	The <source> elements need to be indented from <sources> elements.

2014-03-30  Dawid Zamirski  <dzamirski@dattobackup.com>

	ESX: Add support for virtualHW version 10
	This follows the same pattern when v8 and v9 were added. I've tested
	this with my ESX 5.5 and seems to work fine.

2014-03-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	Prohibit Windows special chars in filenames
	Using any of these chars [:*?"<>|] in a filename is forbidden on
	Windows and breaks git operations on Windows as git is not able
	to create those files/directories on clone or pull.
	Because some of them can be used in UNIX filenames they tend to
	creep into filenames; especially : in PCI/SCSI device names that
	are used as filenames in test cases.

	tests: Fix SCSI test data filenames for Windows
	Windows doesn't allow : in filenames.
	Commit 6fdece9a332fc668a89bde96af94e7b7cbf6750d added files with a : in
	their names. This broke git operations on Windows as git is not able to
	create those files on clone or pull.
	Replace : with - in the offending filenames and adapt the test case.
	As the tested Linux specific code expects the files to exist with : in
	their path use symlinks to provide the name that way.

2014-03-29  Jincheng Miao  <jmiao@redhat.com>

	Fix virNodeDeviceListCaps always returns empty
	virNodeDeviceListCaps will always return empty for a pci nodedevice,
	actually it should return 'pci'.
	It is because the loop variable ncaps isn't increased.
	Introduced by commit be2636f.
	https://bugzilla.redhat.com/show_bug.cgi?id=1081932

2014-03-28  Ján Tomko  <jtomko@redhat.com>

	Create hostdevmgr in UserRuntimeDirectory for session libvirt
	Without this, session libvirt won't start if it fails to create
	the directory.

	Remove double free in virHostdevManagerDispose
	The object itself is freed by virObjectUnref.

2014-03-27  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Fix apparmor profile to make vfio pci passthrough work
	See lp#1276719 for the bug description. As virt-aa-helper doesn't know
	the VFIO groups to use for the guest, allow access to all
	/dev/vfio/[0-9]* and /dev/vfio/vfio files if there is a potential need
	for vfio

	Fixed regression in apparmor profiles for qemu brought by 43c030f

2014-03-27  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix Memory Leak in virQEMUCapsInitGuestFromBinary()
	While running qemucaps2xmltest, it was found that valgrind pointed out
	the following memory leaks:
	==29896== 0 bytes in 1 blocks are definitely lost in loss record 1 of 65
	==29896==    at 0x4A0577B: calloc (vg_replace_malloc.c:593)
	==29896==    by 0x4C6B45E: virAllocN (viralloc.c:191)
	==29896==    by 0x4232A9: virQEMUCapsGetMachineTypesCaps (qemu_capabilities.c:1999)
	==29896==    by 0x4234E7: virQEMUCapsInitGuestFromBinary (qemu_capabilities.c:789)
	==29896==    by 0x41F10B: testQemuCapsXML (qemucaps2xmltest.c:118)
	==29896==    by 0x41FFD1: virtTestRun (testutils.c:201)
	==29896==    by 0x41EE7A: mymain (qemucaps2xmltest.c:203)
	==29896==    by 0x42074D: virtTestMain (testutils.c:789)
	==29896==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	==29896==
	==29896== 0 bytes in 1 blocks are definitely lost in loss record 2 of 65
	==29896==    at 0x4A0577B: calloc (vg_replace_malloc.c:593)
	==29896==    by 0x4C6B45E: virAllocN (viralloc.c:191)
	==29896==    by 0x4232A9: virQEMUCapsGetMachineTypesCaps (qemu_capabilities.c:1999)
	==29896==    by 0x4234E7: virQEMUCapsInitGuestFromBinary (qemu_capabilities.c:789)
	==29896==    by 0x41F10B: testQemuCapsXML (qemucaps2xmltest.c:118)
	==29896==    by 0x41FFD1: virtTestRun (testutils.c:201)
	==29896==    by 0x41EEA3: mymain (qemucaps2xmltest.c:204)
	==29896==    by 0x42074D: virtTestMain (testutils.c:789)
	==29896==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)

2014-03-27  Hongwei Bi  <hwbi2008@gmail.com>

	util: fix a typo in virprocess.c and docs
	s/forcably/forcibly

2014-03-27  Li Yang  <liyang.fnst@cn.fujitsu.com>

	Modify help information of virsh list command
	Use 'virsh list domain --title' option can get domain's title,
	not description, the original help information 'show short
	domain description' will confuse users, so modify it to
	'show domain title'

2014-03-27  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	docs: cgroups: fix typo about LXC cgroups

2014-03-27  Wojciech Macek  <wma@semihalf.com>

	bhyve: add domainLookupByID
	Implement domain lookup by its ID.

2014-03-27  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in testGetCaps()
	While running qemucaps2xmltest, it was found that valgrind pointed out
	the following memory leaks:
	==27045== 160 (112 direct, 48 indirect) bytes in 1 blocks are definitely lost in loss record 51 of 65
	==27045==    at 0x4A0577B: calloc (vg_replace_malloc.c:593)
	==27045==    by 0x4C6BACD: virAllocVar (viralloc.c:560)
	==27045==    by 0x4CAF095: virObjectNew (virobject.c:193)
	==27045==    by 0x421453: virQEMUCapsNew (qemu_capabilities.c:1805)
	==27045==    by 0x41F04F: testQemuCapsXML (qemucaps2xmltest.c:72)
	==27045==    by 0x41FFD1: virtTestRun (testutils.c:201)
	==27045==    by 0x41EE7A: mymain (qemucaps2xmltest.c:203)
	==27045==    by 0x42074D: virtTestMain (testutils.c:789)
	==27045==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	==27045==
	==27045== 160 (112 direct, 48 indirect) bytes in 1 blocks are definitely lost in loss record 52 of 65
	==27045==    at 0x4A0577B: calloc (vg_replace_malloc.c:593)
	==27045==    by 0x4C6BACD: virAllocVar (viralloc.c:560)
	==27045==    by 0x4CAF095: virObjectNew (virobject.c:193)
	==27045==    by 0x421453: virQEMUCapsNew (qemu_capabilities.c:1805)
	==27045==    by 0x41F04F: testQemuCapsXML (qemucaps2xmltest.c:72)
	==27045==    by 0x41FFD1: virtTestRun (testutils.c:201)
	==27045==    by 0x41EEA3: mymain (qemucaps2xmltest.c:204)
	==27045==    by 0x42074D: virtTestMain (testutils.c:789)
	==27045==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)

2014-03-27  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add xml2args unittest
	At this point unittest covers 4 basic cases:
	 - minimal working XML for bhyve
	 - same as above, but with virtio disk
	 - ACPI and APIC args test
	 - MAC address test

	Move virBhyveTapGetRealDeviceName to virnetdevtap
	To ease mocking for bhyve unit tests move virBhyveTapGetRealDeviceName()
	out of bhyve_command.c to virnetdevtap and rename it to
	virNetDevTapGetRealDeviceName().

2014-03-26  Laine Stump  <laine@laine.org>

	network: fix problems with SRV records
	A patch submitted by Steven Malin last week pointed out a problem with
	libvirt's DNS SRV record configuration:
	  https://www.redhat.com/archives/libvir-list/2014-March/msg00536.html
	When searching for that message later, I found another series that had
	been posted by Guannan Ren back in 2012 that somehow slipped between
	the cracks:
	  https://www.redhat.com/archives/libvir-list/2012-July/msg00236.html
	That patch was very much out of date, but also pointed out some real
	problems.
	This patch fixes all the noted problems by refactoring
	virNetworkDNSSrvDefParseXML() and networkDnsmasqConfContents(), then
	verifies those fixes by added several new records to the test case.
	Problems fixed:
	* both service and protocol now have an underscore ("_") prepended on
	  the commandline, as required by RFC2782.
	  <srv service='sip' protocol='udp' domain='example.com'
	       target='tests.example.com' port='5060' priority='10'
	       weight='150'/>
	  before: srv-host=sip.udp.example.com,tests.example.com,5060,10,150
	  after:  srv-host=_sip._udp.example.com,tests.example.com,5060,10,150
	* if "domain" wasn't specified in the <srv> element, the extra
	  trailing "." will no longer be added to the dnsmasq commandline.
	  <srv service='sip' protocol='udp' target='tests.example.com'
	       port='5060' priority='10' weight='150'/>
	  before: srv-host=sip.udp.,tests.example.com,5060,10,150
	  after:  srv-host=_sip._udp,tests.example.com,5060,10,150
	* when optional attributes aren't specified, the separating comma is
	  also now not placed on the dnsmasq commandline. If optional
	  attributes in the middle of the line are not specified, they are
	  replaced with a default value in the commandline (1 for port, 0 for
	  priority and weight).
	  <srv service='sip' protocol='udp' target='tests.example.com'
	       port='5060'/>
	  before: srv-host=sip.udp.,tests.example.com,5060,,
	  after:  srv-host=_sip._udp,tests.example.com,5060
	  (actually the would have generated an error, because "optional"
	  attributes weren't really optional.)
	* The allowed characters for both service and protocol are now limited
	  to alphanumerics, plus a few special characters that are found in
	  existing names in /etc/services and /etc/protocols. (One exception
	  is that both of these files contain names with an embedded ".", but
	  "."  can't be used in these fields of an SRV record because it is
	  used as a field separator and there is no method to escape a "."
	  into a field.) (Previously only the strings "tcp" and "udp" were
	  allowed for protocol, but this restriction has been removed, since
	  RFC2782 specifically says that it isn't limited to those, and that
	  anyway it is case insensitive.)
	* the "domain" attribute is no longer required in order to recognize
	  the port, priority, and weight attributes during parsing. Only
	  "target" is required for this.
	* if "target" isn't specified, port, priority, and weight are not
	  allowed (since they are meaningless - an empty target means "this
	  service is *not available* for this domain").
	* port, priority, and weight are now truly optional, as the comments
	  originally suggested, but which was not actually true.

2014-03-26  Ján Tomko  <jtomko@redhat.com>

	Shift the for loop over matched vars by one
	Instead of adding one to the iterator on every use.

	Use VIR_STRNDUP instead of modifying the matched string

	Free groups in case of a partial match
	If there are more than two regexes, but only one of them matches,
	the matched groups would be leaked.

	Simplify the loop in virCommandRunRegex
	Do not check for border iterator values inside the loop,
	move the code before/after the loop instead.

	Remove useless 'maxReg' variable
	It is used to break out of the loop early if one regex does not match.
	Use the 'break' statement instead.

2014-03-26  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainAttachDeviceFlags: Parse device xml as inactive
	In all other drivers we are doing so. Moreover, we don't want to parse
	runtime information in attach (even if the attach is meant as live)
	because we are generating the runtime info ourselves. We can't trust
	users they supply sane values anyway.
	==1140== 9 bytes in 1 blocks are definitely lost in loss record 72 of 1,151
	==1140==    at 0x4A06C2B: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==1140==    by 0x623C758: xmlStrndup (in /usr/lib64/libxml2.so.2.9.1)
	==1140==    by 0x50FD763: virXMLPropString (virxml.c:483)
	==1140==    by 0x510F8B7: virDomainDeviceInfoParseXML (domain_conf.c:3685)
	==1140==    by 0x511ACFD: virDomainChrDefParseXML (domain_conf.c:7535)
	==1140==    by 0x5121D13: virDomainDeviceDefParse (domain_conf.c:9918)
	==1140==    by 0x13AE6313: qemuDomainAttachDeviceFlags (qemu_driver.c:6926)
	==1140==    by 0x13AE65FA: qemuDomainAttachDevice (qemu_driver.c:7005)
	==1140==    by 0x51C77DA: virDomainAttachDevice (libvirt.c:10231)
	==1140==    by 0x127FDD: remoteDispatchDomainAttachDevice (remote_dispatch.h:2404)
	==1140==    by 0x127EC5: remoteDispatchDomainAttachDeviceHelper (remote_dispatch.h:2382)
	==1140==    by 0x5241F81: virNetServerProgramDispatchCall (virnetserverprogram.c:437)
	When doing live attach, we are passing the inactive definition anyway
	since we are passing the result of virDomainDeviceDefCopy() which does
	inactive copy by default.
	Moreover, we are doing the same mistake in qemuhotplugtest.
	Just a side note - it makes perfect sense to parse the runtime info
	like alias in qemuDomainDetachDevice and qemuDomainUpdateDeviceFlags()
	as in some cases the only difference to distinguish two devices can be
	just their alias.

2014-03-26  Francesco Romani  <fromani@redhat.com>

	qemu: add unit tests for the capabilities xml
	The test is loosely inspired from qemucapabilitiestest
	and qemuxml2xmltest.
	Added a new test instead of extending an existing one because
	the feature being tested don't really fits nicely in any
	existing place.

	qemu: extract guest capabilities initialization
	This patch decouples the binary and the capabilities detection
	from the guest initialization.
	The purpose is to make testing easier.

	qemu: export disk snapshot support in capabilities
	This patch adds an element to QEMU's capability XML, to
	show if the underlying QEMU binary supports the live disk
	snapshotting or not.
	This allows any client to know ahead of time if the feature
	is available.
	Without this information available, the only way to check
	for the snapshot support is to request one and check for
	errors.

2014-03-26  Ján Tomko  <jtomko@redhat.com>

	Show the real cpu shares value in live XML
	Currently, the Linux kernel treats values of '0' and '1' as
	the minimum of 2. Values larger than the maximum are changed
	to the maximum.
	Re-reading the shares value after setting it reflects this in
	the live domain XML.

	Treat zero cpu shares as a valid value
	Currently, <cputune><shares>0</shares></cputune> is treated
	as if it were not specified.
	Treat is as a valid value if it was explicitly specified
	and write it to the cgroups.

2014-03-26  John Ferlan  <jferlan@redhat.com>

	Coverity: Resolve a RESOURCE_LEAK
	On error the lofd would have been leaked.

	Coverity: Resolve a FORWARD_NULL
	Recent changes in the module seemed to have caused Coverity to reanalyze
	certain parts of the code. Previously the code was modified via commit
	id '11a11812' to resolve a different error (perhaps DEADCODE).  Up through
	commit id '7b3f1f8c' there were no issues.
	The new error indicats the 'outbuf' was checked for NULL and then complains
	because of the dereference. Adding checks for non-NULL prior to the deref
	resulted in a DEADCODE message.
	So, resolve using an sa_assert() to keep Coverity quiet especially since
	it doesn't understand that outbuf will change as a result of a successful
	virCommandRun() call.

	Coverity: Resolve a CHECKED_RETURN message
	Recent changes to the module seemed to have caused Coverity to find a new
	issue regarding the failure to check the return from a sendmsg. The code
	doesn't seem to care about the return status, so just added an ignore_value
	to keep Coverity quiet.

2014-03-26  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	qemu: remove redundant virQEMUDriverGetConfig
	qemuDomainSetSchedulerParametersFlags() calls virQEMUDriverGetConfig() twice
	and makes the reference counter leak. This removes redundant call.
	Problem introduced in commit 45ad1ad

2014-03-26  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: don't fail on busy tap devices
	We use virBhyveTapGetRealDeviceName() to map network interface name
	to a real device path, trying to open possible devices and getting
	names by ioctl.
	Make it skip devices that fail to open with EBUSY because they're
	most likely already used by other VMs.

2014-03-26  Stefan Bader  <stefan.bader@canonical.com>

	libxl: Create log directory earlier
	Commit d9f19c30d054c86b15a304f4118baa4fa75af9d2 moved a lot of the
	configuration setup into libxlDriverConfigNew().
	However that tries to create the libxl/libxl-driver.log before the
	libxl directory gets created in libxlStateInitialize().
	This causes the daemon to fail on systems that have not had the directory
	created before.
	Move the code to create the libxl directory into libxlDriverConfigNew().

2014-03-25  Ján Tomko  <jtomko@redhat.com>

	Add a rule for indenting labels
	Indent top-level labels by one space.
	Add the rule to HACKING and enforce it by syntax-check.

	Indent top-level labels by one space in tools/

	Indent top-level labels by one space in tests/

	Indent top-level labels by one space in the rest of src/

	Indent top-level labels by one space in src/xen/

	Indent top-level labels by one space in src/vbox/

	Indent top-level labels by one space in src/util/

	Indent top-level labels by one space in src/test/

	Indent top-level labels by one space in src/storage/

	Indent top-level labels by one space in src/rpc/

	Indent top-level labels by one space in src/remote/

	Indent top-level labels by one space in src/qemu/

	Indent top-level labels by one space in src/parallels/

	Indent top-level labels by one space in src/nwfilter/

	Indent top-level labels by one space in src/network/

	Indent top-level labels by one space in src/lxc/

	Indent top-level labels by one space in src/locking/

	Indent top-level labels by one space in libvirt.c

	Indent top-level labels by one space in src/libxl/

	Indent top-level labels by one space in src/esx/

	Indent top-level labels by one space in src/cpu/

	Indent top-level labels by one space in src/conf/

	Indent top-level labels by one space in examples/

	Indent top-level labels by one space in daemon/

2014-03-25  Jiri Denemark  <jdenemar@redhat.com>

	sanlock: Forbid VIR_DOMAIN_LOCK_FAILURE_RESTART
	https://bugzilla.redhat.com/show_bug.cgi?id=905282
	https://bugzilla.redhat.com/show_bug.cgi?id=967494
	When lock failure is detected by sanlock, our sanlock_helper kill script
	will try to restart (shutdown followed by start) the affected domain
	when RESTART action is configured for it. While shutting down kills QEMU
	and removes all its leases (which is what sanlock wants to happen),
	trying to start it again just hangs because libvirt tries reacquire the
	locks in the failed lock space. Hence, this action cannot be supported
	by sanlock driver.

	sanlock: Forbid VIR_DOMAIN_LOCK_FAILURE_IGNORE
	https://bugzilla.redhat.com/show_bug.cgi?id=905280
	https://bugzilla.redhat.com/show_bug.cgi?id=967493
	Sanlock expects that the configured kill script either kills the PID on
	lock failure or removes all locks the PID owns. If none of the two
	options happen, sanlock will reboot the host. Although IGNORE action is
	supposed to ignore the request to kill the PID or remove all leases,
	it's certainly not designed to cause the host to be rebooted. That said,
	IGNORE action is incompatible with sanlock and should be forbidden by
	libvirt.

2014-03-25  Peter Krempa  <pkrempa@redhat.com>

	util: Sanitize ATTRIBUTE_NONNULL use in viriscsi.h
	Some of the function attributes marked as nonnull actually explicitly
	handle the arguments for NULL. All changed functions handle missing
	"initiatoriqn" argument well and virISCSIScanTargets also handles well
	if the return pointers are missing. Remove some of the liberaly used
	ATTRIBUTE_NONNULLs as coverity and possibly other compilers that honor
	the attribute fail to compile the code.
	Flaw introduced in commit 5e1d5dde

2014-03-25  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	While we aren't impacted by most of upstream's changes this
	month, at least the regex improvement looks useful.
	* gnulib: Synchronize to upstream.

2014-03-25  Qiao Nuohan  <qiaonuohan@cn.fujitsu.com>

	allow "virsh dump --memory-only" specify dump format
	This patch adds "[--format] <string>" to "virsh dump --memory-only", which is
	changed to use the new virDomainCoreDumpWithFormat API.

	qemu: add support for virDomainCoreDumpWithFormat API
	This patch makes qemu driver support virDomainCoreDumpWithFormat API.

	qemu: add qemuMonitorGetDumpGuestMemoryCapability
	This patch adds qemuMonitorGetDumpGuestMemoryCapability, which is used to check
	whether the specified dump-guest-memory format is supported by qemu.

	add new virDomainCoreDumpWithFormat API
	--memory-only option is introduced without compression supported. Now qemu
	has support for dumping domain's memory in kdump-compressed format. This
	patch adds a new virDomainCoreDumpWithFormat API, so that the format in
	which qemu dumps domain's memory can be specified.

2014-03-25  Peter Krempa  <pkrempa@redhat.com>

	apparmor: Fix build after split of disk source metadata
	Commit 4f20226664b2d4d9e9496ec1e05c9280581a1ca0 breaks build with
	AppArmor enabled as it missed the refactor to the new accessors.

2014-03-25  Eric Blake  <eblake@redhat.com>

	conf: prepare to track multiple host source files per <disk>
	It's finally time to start tracking disk backing chains in
	<domain> XML.  The first step is to start refactoring code
	so that we have an object more convenient for representing
	each host source resource in the context of a single guest
	<disk>.  Ultimately, I plan to move the new type into src/util
	where it can be reused by virStorageFile, but to make the
	transition easier to review, this patch just creates the
	new type then fixes everything until it compiles again.
	* src/conf/domain_conf.h (_virDomainDiskDef): Split...
	(_virDomainDiskSourceDef): ...to new struct.
	(virDomainDiskAuthClear): Use new type.
	* src/conf/domain_conf.c (virDomainDiskDefFree): Split...
	(virDomainDiskSourceDefClear): ...to new function.
	(virDomainDiskGetType, virDomainDiskSetType)
	(virDomainDiskGetSource, virDomainDiskSetSource)
	(virDomainDiskGetDriver, virDomainDiskSetDriver)
	(virDomainDiskGetFormat, virDomainDiskSetFormat)
	(virDomainDiskAuthClear, virDomainDiskGetActualType)
	(virDomainDiskDefParseXML, virDomainDiskSourceDefFormat)
	(virDomainDiskDefFormat, virDomainDiskDefForeachPath)
	(virDomainDiskDefGetSecurityLabelDef)
	(virDomainDiskSourceIsBlockType): Adjust all users.
	* src/lxc/lxc_controller.c (virLXCControllerSetupDisk):
	Likewise.
	* src/lxc/lxc_driver.c (lxcDomainAttachDeviceMknodHelper):
	Likewise.
	* src/qemu/qemu_command.c (qemuAddRBDHost, qemuParseRBDString)
	(qemuParseDriveURIString, qemuParseGlusterString)
	(qemuParseISCSIString, qemuParseNBDString)
	(qemuDomainDiskGetSourceString, qemuBuildDriveStr)
	(qemuBuildCommandLine, qemuParseCommandLineDisk)
	(qemuParseCommandLine): Likewise.
	* src/qemu/qemu_conf.c (qemuCheckSharedDevice)
	(qemuAddISCSIPoolSourceHost, qemuTranslateDiskSourcePool):
	Likewise.
	* src/qemu/qemu_driver.c (qemuDomainUpdateDeviceConfig)
	(qemuDomainPrepareDiskChainElement)
	(qemuDomainSnapshotCreateInactiveExternal)
	(qemuDomainSnapshotPrepareDiskExternalBackingInactive)
	(qemuDomainSnapshotPrepareDiskInternal)
	(qemuDomainSnapshotPrepare)
	(qemuDomainSnapshotCreateSingleDiskActive)
	(qemuDomainSnapshotUndoSingleDiskActive)
	(qemuDomainBlockPivot, qemuDomainBlockJobImpl)
	(qemuDomainBlockCopy, qemuDomainBlockCommit): Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationIsSafe): Likewise.
	* src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase)
	(qemuProcessInitPasswords): Likewise.
	* src/security/security_selinux.c
	(virSecuritySELinuxSetSecurityFileLabel): Likewise.
	* src/storage/storage_driver.c (virStorageFileInitFromDiskDef):
	Likewise.
	* tests/securityselinuxlabeltest.c (testSELinuxLoadDef):
	Likewise.

	conf: use disk source accessors in xenxs/
	Part of a series of cleanups to use new accessor methods.
	* src/xenxs/xen_sxpr.c (xenParseSxprDisks, xenParseSxpr)
	(xenFormatSxprDisk, xenFormatSxpr): Use accessors.
	* src/xenxs/xen_xm.c (xenParseXM, xenFormatXMDisk, xenFormatXM):
	Likewise.

	conf: use disk source accessors in xen/
	Part of a series of cleanups to use new accessor methods.
	* src/xen/xend_internal.c (virDomainXMLDevID): Use accessors.

	conf: use disk source accessors in vmx/
	Part of a series of cleanups to use new accessor methods.
	* src/vmx/vmx.c (virVMXHandleLegacySCSIDiskDriverName)
	(virVMXParseDisk, virVMXFormatDisk, virVMXFormatFloppy): Use
	accessors.

	conf: use disk source accessors in vmware/
	Part of a series of cleanups to use new accessor methods.
	* src/vmware/vmware_conf.c (vmwareVmxPath): Use accessors.

	conf: use disk source accessors in vbox/
	Part of a series of cleanups to use new accessor methods.
	* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc, vboxAttachDrives)
	(vboxDomainAttachDeviceImpl, vboxDomainDetachDevice): Use
	accessors.

	conf: use disk source accessors in uml/
	Part of a series of cleanups to use new accessor methods.
	* src/uml/uml_conf.c (umlBuildCommandLine): Use accessors.
	* src/uml/uml_driver.c (umlDomainAttachUmlDisk): Likewise.

	conf: use disk source accessors in security/
	Part of a series of cleanups to use new accessor methods.
	* src/security/security_dac.c (virSecurityDACSetSecurityImageLabel)
	(virSecurityDACRestoreSecurityImageLabelInt)
	(virSecurityDACSetSecurityAllLabel): Use accessors.
	* src/security/security_selinux.c
	(virSecuritySELinuxRestoreSecurityImageLabelInt)
	(virSecuritySELinuxSetSecurityImageLabel)
	(virSecuritySELinuxSetSecurityAllLabel): Likewise.

	conf: use disk source accessors in qemu/
	Part of a series of cleanups to use new accessor methods.
	* src/qemu/qemu_conf.c (qemuCheckSharedDevice)
	(qemuAddSharedDevice, qemuRemoveSharedDevice, qemuSetUnprivSGIO):
	Use accessors.
	* src/qemu/qemu_domain.c (qemuDomainDeviceDefPostParse)
	(qemuDomainObjCheckDiskTaint, qemuDomainSnapshotForEachQcow2Raw)
	(qemuDomainCheckRemoveOptionalDisk, qemuDomainCheckDiskPresence)
	(qemuDiskChainCheckBroken, qemuDomainDetermineDiskChain):
	Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia)
	(qemuDomainCheckEjectableMedia)
	(qemuDomainAttachVirtioDiskDevice, qemuDomainAttachSCSIDisk)
	(qemuDomainAttachUSBMassstorageDevice)
	(qemuDomainAttachDeviceDiskLive, qemuDomainRemoveDiskDevice)
	(qemuDomainDetachVirtioDiskDevice, qemuDomainDetachDiskDevice):
	Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationStartNBDServer)
	(qemuMigrationDriveMirror, qemuMigrationCancelDriveMirror)
	(qemuMigrationIsSafe): Likewise.
	* src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase)
	(qemuProcessHandleIOError, qemuProcessHandleBlockJob)
	(qemuProcessInitPasswords): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainChangeDiskMediaLive)
	(qemuDomainGetBlockInfo, qemuDiskPathToAlias): Likewise.

	conf: use disk source accessors in phyp/
	Part of a series of cleanups to use new accessor methods.
	* src/phyp/phyp_driver.c (phypDomainAttachDevice, phypBuildLpar):
	Use accessors.

	conf: use disk source accessors in parallels/
	Part of a series of cleanups to use new accessor methods.
	* src/parallels/parallels_driver.c (parallelsGetHddInfo)
	(parallelsAddHdd, parallelsApplyDisksParams, parallelsCreateVm):
	Likewise.

	conf: use disk source accessors in lxc/
	Part of a series of cleanups to use new accessor methods.
	* src/lxc/lxc_cgroup.c (virLXCCgroupSetupDeviceACL): Use
	accessors.
	* src/lxc/lxc_controller.c (virLXCControllerSetupLoopDeviceDisk)
	(virLXCControllerSetupNBDDeviceDisk)
	(virLXCControllerSetupLoopDevices, virLXCControllerSetupDisk):
	Likewise.
	* src/lxc/lxc_driver.c (lxcDomainAttachDeviceDiskLive)
	(lxcDomainDetachDeviceDiskLive): Likewise.

	conf: use disk source accessors in locking/
	Part of a series of cleanups to use new accessor methods.
	* src/locking/domain_lock.c (virDomainLockManagerAddDisk): Use
	accessors.

	conf: use disk source accessors in libxl/
	Part of a series of cleanups to use new accessor methods.
	* src/libxl/libxl_conf.c (libxlMakeDisk): Use accessors.
	* src/libxl/libxl_driver.c (libxlDomainChangeEjectableMedia)
	(libxlDomainAttachDeviceDiskLive): Likewise.

	conf: use disk source accessors in esx/
	Part of a series of cleanups to use new accessor methods.
	* src/esx/esx_driver.c (esxAutodetectSCSIControllerModel)
	(esxDomainDefineXML): Use accessors.

	conf: use disk source accessors in bhyve/
	Part of a series of cleanups to use new accessor methods.
	* src/bhyve/bhyve_command.c (bhyveBuildDiskArgStr)
	(virBhyveProcessBuildLoadCmd): Use accessors.

	conf: use disk source accessors in conf/
	Part of a series of cleanups to use new accessor methods.
	Several places in domain_conf.c still open-code raw field access,
	but that code will be touched later with the diskDef struct split
	so I'm avoiding churn here.
	* src/conf/domain_audit.c (virDomainAuditStart): Use accessors.
	* src/conf/domain_conf.c (virDomainDiskIndexByName)
	(virDomainDiskPathByName, virDomainDiskDefForeachPath)
	(virDomainDiskSourceIsBlockType): Likewise.
	* src/conf/snapshot_conf.c (virDomainSnapshotAlignDisks):
	Likewise.

	conf: accessors for common source information
	A future patch will split virDomainDiskDef, in order to track
	multiple host resources per guest <disk>.  To reduce the size
	of that patch, I've factored out the four most common accesses
	into functions, so that I can incrementally upgrade the code
	base to use the accessors, and so that code that doesn't care
	about the distinction of per-file details won't have to be
	changed when the struct changes.
	* src/conf/domain_conf.h (virDomainDiskGetType)
	(virDomainDiskSetType, virDomainDiskGetSource)
	(virDomainDiskSetSource, virDomainDiskGetDriver)
	(virDomainDiskSetDriver, virDomainDiskGetFormat)
	(virDomainDiskSetFormat): New prototypes.
	* src/conf/domain_conf.c (virDomainDiskGetType)
	(virDomainDiskSetType, virDomainDiskGetSource)
	(virDomainDiskSetSource, virDomainDiskGetDriver)
	(virDomainDiskSetDriver, virDomainDiskGetFormat)
	(virDomainDiskSetFormat): Implement them.
	* src/libvirt_private.syms (domain_conf.h): Export them.

	vmware: fix parse of disk source
	While writing disk source refactoring, I discovered that conversion
	from XML to vmware modified the disk source in place; if the same
	code is reached twice, the second call behaves differently because
	the first call didn't clean up its mess.
	* src/vmware/vmware_conf.c (vmwareParsePath): Avoid munging input
	string.
	* src/vmware/vmware_conf.h (vmwareParsePath): Make static.

2014-03-24  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainGetImageIds: Skip <seclabel/> without label
	It's easy to shed the daemon these days. With this XML snippet:
	    <disk type='file' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source file='/some/dummy/path/test.bin'>
	        <seclabel model='dac' relabel='no'/>
	      </source>
	      <target dev='vdb' bus='virtio'/>
	      <readonly/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
	    </disk>
	I get the SIGSEGV when starting the domain. The thing is, when
	starting a domain, we check for its disk presence. For some reason,
	when determining the disk chain, we parse the <seclabel/> (don't ask
	me why). However, there's no label attribute in the XML, so we end up
	calling virParseOwnershipIds() over NULL string:
	 [Switching to Thread 0x7ffff10c4700 (LWP 30956)]
	 __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:136
	 136     ../sysdeps/x86_64/multiarch/strchr.S: No such file or directory.
	 (gdb) bt
	 #0  __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:136
	 #1  0x00007ffff749f800 in virParseOwnershipIds (label=0x0, uidPtr=uidPtr@entry=0x7ffff10c2df0, gidPtr=gidPtr@entry=0x7ffff10c2df4) at util/virutil.c:2115
	 #2  0x00007fffe929f006 in qemuDomainGetImageIds (gid=0x7ffff10c2df4, uid=0x7ffff10c2df0, disk=0x7fffe40cb000, vm=0x7fffe40a6410, cfg=0x7fffe409ae00) at qemu/qemu_domain.c:2385
	 #3  qemuDomainDetermineDiskChain (driver=driver@entry=0x7fffe40120e0, vm=vm@entry=0x7fffe40a6410, disk=disk@entry=0x7fffe40cb000, force=force@entry=false) at qemu/qemu_domain.c:2414
	 #4  0x00007fffe929f128 in qemuDomainCheckDiskPresence (driver=driver@entry=0x7fffe40120e0, vm=vm@entry=0x7fffe40a6410, cold_boot=cold_boot@entry=true) at qemu/qemu_domain.c:2250
	 #5  0x00007fffe92b6fc8 in qemuProcessStart (conn=conn@entry=0x7fffd4000b60, driver=driver@entry=0x7fffe40120e0, vm=vm@entry=0x7fffe40a6410, migrateFrom=migrateFrom@entry=0x0, stdin_fd=stdin_fd@entry=-1, stdin_path=stdin_path@entry=0x0, snapshot=snapshot@entry=0x0,
	     vmop=vmop@entry=VIR_NETDEV_VPORT_PROFILE_OP_CREATE, flags=flags@entry=1) at qemu/qemu_process.c:3813
	 #6  0x00007fffe93087e8 in qemuDomainObjStart (conn=0x7fffd4000b60, driver=driver@entry=0x7fffe40120e0, vm=vm@entry=0x7fffe40a6410, flags=flags@entry=0) at qemu/qemu_driver.c:6051
	 #7  0x00007fffe9308e32 in qemuDomainCreateWithFlags (dom=0x7fffcc000d50, flags=0) at qemu/qemu_driver.c:6105
	 #8  0x00007ffff753c5cc in virDomainCreate (domain=domain@entry=0x7fffcc000d50) at libvirt.c:8861

2014-03-23  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add domainCreateWithFlags support
	The only supported flag for now is 'autodestroy'. In order to
	support 'autodestroy', add support for close callbacks.

2014-03-23  Wojciech Macek  <wma@semihalf.com>

	bhyve: MAC address configuration
	Add support for MAC address configuration on network bridge
	interface.

2014-03-22  Chunyan Liu  <cyliu@suse.com>

	libxl_driver.c: cleanup code
	Following Jim's comments about "add pci passthrough to libxl" patch:
	https://www.redhat.com/archives/libvir-list/2014-March/msg00170.html

2014-03-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Introduce virFDStreamOpenPTY
	Add virFDStreamOpenPTY() function which is a wrapper around
	virFDStreamOpenFileInternal() with putting the device it opens into a
	raw mode.
	Make virChrdevOpen() use virFDStreamOpenPTY() for
	VIR_DOMAIN_CHR_TYPE_PTY devices.
	This fixes mangled console output when libvirt runs on FreeBSD as it
	requires device it opens to be placed into a raw mode explicitly.

2014-03-21  Ján Tomko  <jtomko@redhat.com>

	Add stubs for virDBusCreateReply{,V}
	Fix the build without dbus.

	Fix build on mingw32
	tests/viriscsitest.c:27:12: error: 'EXIT_AM_SKIP' undeclared
	(first use in this function)

2014-03-21  Chegu Vinod  <chegu_vinod@hp.com>

	libvirt support to force convergence of live guest migration
	Busy enterprise workloads hosted on large sized VM's tend to dirty
	memory faster than the transfer rate achieved via live guest migration.
	Despite some good recent improvements (& using dedicated 10Gig NICs
	between hosts) the live migration may NOT converge.
	Recently support was added in qemu (version 1.6) to allow a user to
	choose if they wish to force convergence of their migration via a
	new migration capability : "auto-converge". This feature allows for qemu
	to auto-detect lack of convergence and trigger a throttle-down of the
	VCPUs.
	This patch includes the libvirt support needed to trigger this
	feature. (Testing is in progress)

2014-03-21  Wang Yufei  <james.wangyufei@huawei.com>

	cgroup: Fix start VMs coincidently failed
	When I start multi VMs coincidently and any of the cgroup directories
	named machine doesn't exist. There's a chance that VM start failed because
	of creating directory failed:
	Unable to initialize /machine cgroup: File exists
	When the errno returned by mkdir in virCgroupMakeGroup is EEXIST,
	we should pass it through and continue to start the VM.

2014-03-21  Daniel P. Berrange  <berrange@redhat.com>

	Allow caller to handle DBus error messages
	The caller may not want all DBus error conditions to be turned
	into libvirt errors, so provide a way for the caller to get
	back the full DBusError object. They can then check the errors
	and only report those that they consider to be fatal.

	Introduce alternate way to encode/decode arrays in DBus messages
	Currently the DBus helper APIs require the values for an array
	to be passed inline in the variadic argument list. This change
	introduces support for passing arrays using a pointer to a plain
	C array of the basic type. This is of particular benefit for
	decoding messages when you don't know how many array elements
	are being received.

	Remove bogus call to dbus_set_error_from_message
	The dbus_connection_send_with_reply_and_block method will
	automatically call dbus_set_error_from_message for us. We
	mistakenly thought we had todo it because of a flaw in the
	systemd unit test mock impl. The latter should have directly
	set the error object, instead of creating an error message
	object.

	Remove bogus unref in virDBusMessageRead
	The virDBusMessageRead method should not have side-effects on
	the message parameter passed in, so unref'ing it is wrong.
	The caller should unref only when they decided they are done
	with it.

	Add DBus helper methods for creating reply messages
	The test suites often have to create DBus method reply messages
	with payloads. Create two helpers for simplifying the process
	of creating replies with payloads.

	Refactor dbus helper methods for method calls
	Split the virDBusMethodCall method into a couple of new methods
	virDBusCall, virDBusCreateMethod and virDBusCreateMethodV.

2014-03-21  Zhou Yimin  <zhouyimin@huawei.com>

	virlog: Modify virLogParseDefaultPriority's comment of return value
	virLogParseDefaultPriority's successful return value is the same as
	virLogSetDefaultPriority's successful return value. So it should be 0
	rather than the parsed log level.

2014-03-21  Ján Tomko  <jtomko@redhat.com>

	Fix typo in configure.ac
	s/profram/program/

	Define ISCSIADM unconditionally
	Commit 5e1d5dd moved the functions using isciadm to util/viriscsi.c,
	but ISCSIADM was only defined when the iscsi backend was compiled in.
	Define it unconditionally to fix the build (and allow testing
	of viriscsi.c) even if iscsi backend is disabled.

2014-03-21  Jiri Denemark  <jdenemar@redhat.com>

	Check boot order on device attach
	https://bugzilla.redhat.com/show_bug.cgi?id=1007754
	When attaching a new device, we need to check if its boot order
	configuration is compatible with current domain definition.

	conf: Introduce virDomainDeviceGetInfo API
	The offset of virDomainDeviceInfo structure within a device definition
	varies with device type and some types do not contain the info structure
	at all. This new API makes it easier to access the info structure from a
	generic virDomainDeviceDef structure.

	Pass action to virDomainDefCompatibleDevice
	When checking compatibility of a device with a domain definition, we
	should know what we're going to do with the device. Because we may need
	to check for different things when we're attaching a new device versus
	detaching an existing device.

	Fix usage of virDomainDefCompatibleDevice
	A device needs to be checked for compatibility with the domain
	definition it corresponds to. Specifically, for VIR_DOMAIN_AFFECT_CONFIG
	case we should check against persistent def rather than active def.

	qemu: Return meaningful error when qemu dies early
	https://bugzilla.redhat.com/show_bug.cgi?id=844378
	When qemu dies early after connecting to its monitor but before we
	actually try to read something from the monitor, we would just fail
	domain start with useless message:
	    "An error occurred, but the cause is unknown"
	This is because the real error gets reported in a monitor EOF handler
	executing within libvirt's event loop.
	The fix is to take any error set in qemuMonitor structure and propagate
	it into the thread-local error when qemuMonitorClose is called and no
	thread-local error is set.

	tests: Set abs_*dir in a consistent way
	Use $(shell cd $(...) && pwd) to set abs_*dir variables similarly to
	what src/Makefile.am does.

2014-03-21  Eric Blake  <eblake@redhat.com>

	qemu: allow filtering events by regex
	When listening for a subset of monitor events, it can be tedious
	to register for each event name in series; nicer is to register
	for multiple events in one go.  Implement a flag to use regex
	interpretation of the event filter.
	While at it, prove how much I hate the shift key, by adding a
	way to filter for 'shutdown' instead of 'SHUTDOWN'. :)
	* include/libvirt/libvirt-qemu.h
	(virConnectDomainQemuMonitorEventRegisterFlags): New enum.
	* src/libvirt-qemu.c (virConnectDomainQemuMonitorEventRegister):
	Document flags.
	* tools/virsh-domain.c (cmdQemuMonitorEvent): Expose them.
	* tools/virsh.pod (qemu-monitor-event): Document this.
	* src/conf/domain_event.c
	(virDomainQemuMonitorEventStateRegisterID): Add flags.
	(virDomainQemuMonitorEventFilter): Handle regex, and optimize
	client side.
	(virDomainQemuMonitorEventCleanup): Clean up regex.

	qemu: enable monitor event filtering by name
	Filtering monitor events by name requires tracking the name for
	the duration of the filtering.  In order to free the name, I
	found it easiest to just piggyback on the user's freecb function,
	which gets called when the event is deregistered.
	For events without a name filter, we have the design of multiple
	client registrations sharing a common server registration, because
	the server side uses the same callback function and we reject
	duplicate use of the same function.  But with events in the mix,
	we want to be able to allow the same function pointer to be used
	with more than one event name.  The solution is to tweak the
	duplicate detection code to only act when there is no additional
	filtering; if name filtering is in use, there is exactly one
	client registration per server registration.  Yes, this means
	that there is no longer a bound on the number of server
	registrations possible, so a malicious client could repeatedly
	register for the same name event to exhaust server memory.  On
	the other hand, we already restricted monitor events to require
	write access (compared to normal events only needing read access),
	and separated it into the intentionally unsupported
	libvirt-qemu.so, with documentation that using this function is
	for debug purposes only; so it is not a security risk worth
	worrying about a client trying to abuse multiple registrations.
	* src/conf/domain_event.c (virDomainQemuMonitorEventData): New
	struct.
	(virDomainQemuMonitorEventFilter)
	(virDomainQemuMonitorEventCleanup): New functions.
	(virDomainQemuMonitorEventDispatchFunc)
	(virDomainQemuMonitorEventStateRegisterID): Use new struct.
	* src/conf/object_event.c (virObjectEventCallbackListCount)
	(virObjectEventCallbackListAddID)
	(virObjectEventCallbackListRemoveID)
	(virObjectEventCallbackListMarkDeleteID): Drop duplicate detection
	when filtering is in effect.

	qemu: enable monitor event reporting
	Wire up all the pieces to send arbitrary qemu events to a
	client using libvirt-qemu.so.  If the extra bookkeeping of
	generating event objects even when no one is listening turns
	out to be noticeable, we can try to further optimize things
	by adding a counter for how many connections are using events,
	and only dump events when the counter is non-zero; but for
	now, I didn't think it was worth the code complexity.
	* src/qemu/qemu_driver.c
	(qemuConnectDomainQemuMonitorEventRegister)
	(qemuConnectDomainQemuMonitorEventDeregister): New functions.
	* src/qemu/qemu_monitor.h (qemuMonitorEmitEvent): New prototype.
	(qemuMonitorDomainEventCallback): New typedef.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONIOProcessEvent):
	Report events.
	* src/qemu/qemu_monitor.c (qemuMonitorEmitEvent): New function, to
	pass events through.
	* src/qemu/qemu_process.c (qemuProcessHandleEvent): Likewise.

	qemu: wire up RPC for qemu monitor events
	These are the first async events in the qemu protocol, so this
	patch looks rather big compared to most RPC additions.  However,
	a large majority of this patch is just mechanical copy-and-paste
	from recently-added network events.  It didn't help that this
	is also the first virConnect rather than virDomain prefix
	associated with a qemu-specific API.
	* src/remote/qemu_protocol.x (qemu_*_domain_monitor_event_*): New
	structs and RPC messages.
	* src/rpc/gendispatch.pl: Adjust naming conventions.
	* daemon/libvirtd.h (daemonClientPrivate): Track qemu events.
	* daemon/remote.c (remoteClientFreeFunc): Likewise.
	(remoteRelayDomainQemuMonitorEvent)
	(qemuDispatchConnectDomainMonitorEventRegister)
	(qemuDispatchConnectDomainMonitorEventDeregister): New functions.
	* src/remote/remote_driver.c (qemuEvents): Handle qemu events.
	(doRemoteOpen): Register for events.
	(remoteNetworkBuildEventLifecycle)
	(remoteConnectDomainQemuMonitorEventRegister)
	(remoteConnectDomainQemuMonitorEventDeregister): New functions.
	* src/qemu_protocol-structs: Regenerate.

	qemu: create object for qemu monitor events
	Create qemu monitor events as a distinct class to normal domain
	events, because they will be filtered differently.  For ease of
	review, the logic for filtering by event name is saved for a later
	patch.
	* src/conf/domain_event.c (virDomainQemuMonitorEventClass): New
	class.
	(virDomainEventsOnceInit): Register it.
	(virDomainQemuMonitorEventDispose, virDomainQemuMonitorEventNew)
	(virDomainQemuMonitorEventDispatchFunc)
	(virDomainQemuMonitorEventStateRegisterID): New functions.
	* src/conf/domain_event.h (virDomainQemuMonitorEventNew)
	(virDomainQemuMonitorEventStateRegisterID): New prototypes.
	* src/libvirt_private.syms (conf/domain_conf.h): Export them.

	qemu: virsh wrapper for qemu events
	Any new API deserves a good virsh wrapper :)
	    qemu-monitor-event [<domain>] [<event>] [--pretty] [--loop] [--timeout <number>]
	Very similar to the previous work on 'virsh event'.  For an
	example session:
	$ virsh -c qemu:///system qemu-monitor-event --event SHUTDOWN&
	$ virsh -c qemu:///system start f18-live
	Domain f18-live started
	$ virsh -c qemu:///system destroy f18-live
	Domain f18-live destroyed
	event SHUTDOWN at 1391212552.026544 for domain f18-live: (null)
	events received: 1
	[1]+  Done                    virsh -c qemu:///system qemu-monitor-event --event SHUTDOWN
	$
	* tools/virsh-domain.c (cmdQemuMonitorEvent): New command.
	* tools/virsh.pod (qemu-monitor-event): Document it.

	qemu: new API for tracking arbitrary monitor events
	Several times in the past, qemu has implemented a new event,
	but libvirt has not yet caught up to reporting that event to
	the user applications.  While it is possible to track libvirt
	logs to see that an unknown event was received and ignored,
	it would be nicer to copy what 'virsh qemu-monitor-command'
	does, and expose this information to the end developer as
	one of our unsupported qemu-specific commands.
	If you find yourself needing to use this API for more than
	just development purposes, please ask on the libvirt list
	for a supported counterpart event to be added in libvirt.so.
	While the supported virConnectDomainEventRegisterAny() API
	takes an id which determines the signature of the callback,
	this version takes a string filter and always uses the same
	signature.  Furthermore, I chose to expose this as a new API
	instead of trying to add a new eventID at the top level, in
	part because the generic option lacks event name filtering,
	and in part because the normal domain event namespace should
	not be polluted by a qemu-only event.  I also added a flags
	argument; unused for now, but we might decide to use it to
	allow a user to request event names by glob or regex instead
	of literal match.
	This API intentionally requires full write access (while
	normal event registration is allowed on read-only clients);
	this is in part due to the fact that it should only be used
	by debugging situations, and in part because the design of
	per-event filtering in later patches ended up allowing for
	duplicate registrations that could potentially be abused to
	exhaust server memory - requiring write privileges means
	that such abuse will not serve as a denial of service attack
	against users with higher privileges.
	* include/libvirt/libvirt-qemu.h
	(virConnectDomainQemuMonitorEventCallback)
	(virConnectDomainQemuMonitorEventRegister)
	(virConnectDomainQemuMonitorEventDeregister): New prototypes.
	* src/libvirt-qemu.c (virConnectDomainQemuMonitorEventRegister)
	(virConnectDomainQemuMonitorEventDeregister): New functions.
	* src/libvirt_qemu.syms (LIBVIRT_QEMU_1.2.1): Export them.
	* src/driver.h (virDrvConnectDomainQemuMonitorEventRegister)
	(virDrvConnectDomainQemuMonitorEventDeregister): New callbacks.

2014-03-21  Ján Tomko  <jtomko@redhat.com>

	Fix indentation in iscsi storage backend

	Ignore missing files on pool refresh
	If we cannot stat/open a file on pool refresh, returning -1 aborts
	the refresh and the pool is undefined.
	Only treat missing files as fatal unless VolOpenCheckMode is called
	with the VIR_STORAGE_VOL_OPEN_ERROR flag. If this flag is missing
	(when it's called from virStorageBackendProbeTarget in
	virStorageBackendFileSystemRefresh), only emit a warning and return
	-2 to let the caller skip over the file.
	https://bugzilla.redhat.com/show_bug.cgi?id=977706

	Ignore char devices in storage pools by default
	Without this, using /dev/mapper as a directory pool
	fails in virStorageBackendUpdateVolTargetInfoFD:
	cannot seek to end of file '/dev/mapper/control': Illegal seek
	Skip over character devices by default.
	https://bugzilla.redhat.com/show_bug.cgi?id=710866

	Add test for virISCSIScanTargets

	Add test for virISCSIGetSession
	Parse iscsiadm output with and without the recently introduced
	flashnode info. [1]
	This should check that commits like 57e17a7 (fixing [2]) do
	not break iscsiadm output parsing.
	[1] https://github.com/mikechristie/open-iscsi/commit/181af9a
	[2] https://bugzilla.redhat.com/show_bug.cgi?id=1067173

	Move functions using iscsiadm to viriscsi.c
	Remove the 'StorageBackend' from names of the functions and fix
	indentation.

	Remove storage pool from the arguments of a few functions
	virStorageBackendISCSISession only needs the path of the source
	device and virStorageBackendISCSIRescanLUNs doesn't need the pool
	at all.
	This will allow the functions to be moved to src/util.

	Don't create iscsiadm command line in ISCSIPool{Start,Stop}
	Create ISCSIConnection{Login,Logout} wrappers for that.

	Switch virCommandRunRegex to use virStringSplit
	Instead of running the command asynchronously and reading the output
	via fgets, let virCommand collect the output and split it with
	virStringSplit.

	Move virStorageBackendRun to vircommand
	The only storage-specific parameter is the pool object, which
	is only used for passing to the callback function.

	Sort includes in storage_backend_iscsi.c

2014-03-21  Martin Kletzander  <mkletzan@redhat.com>

	Require K&R styled curly braces around function bodies
	Although not explicitly requested, we are using K&R (or Kernel)
	indentation for curly braces around functions in HACKING file and most
	of the code.  Using grep -P, this patch add the syntax-check rule for
	it (while skipping all the false positives with foreach constructs).

	Use K&R style for curly braces in remaining files

	Use K&R style for curly braces in src/vbox/

	Use K&R style for curly braces in src/network/bridge_driver.c

	Use K&R style for curly braces in src/lxc/lxc_driver.c

	Use K&R style for curly braces in src/uml/

	Use K&R style for curly braces in src/test/test_driver.c

	Use K&R style for curly braces in src/nwfilter/

	Use K&R style for curly braces in src/openvz/

	Use K&R style for curly braces in src/storage/

	Use K&R style for curly braces in src/qemu/

	Use K&R style for curly braces in src/conf/

	Use K&R style for curly braces in src/rpc/

	Use K&R style for curly braces in src/util/

	Use K&R style for curly braces in src/xen*/

	Use K&R style for curly braces in tests/

2014-03-20  Scott Sullivan  <ssullivan@liquidweb.com>

	is_selinux_enabled() returns -1 on error, account for this.
	Per the documentation, is_selinux_enabled() returns -1 on error.
	Account for this. Previously when -1 was being returned the condition
	would still be true. I was noticing this because on my system that has
	selinux disabled I was getting this in the libvirt.log every 5
	seconds:
	error : virIdentityGetSystem:173 : Unable to lookup SELinux process context: Invalid argument
	With this patch applied, I no longer get these messages every 5
	seconds. I am submitting this in case its deemed useful for inclusion.
	Anyone have any comments on this change? This is a patch off current
	master.

2014-03-20  Wojciech Macek  <wma@semihalf.com>

	bhyve: host API support
	New functionalities:
	- connectGetMaxVcpus - on bhyve hardcode this value to 16
	- nodeGetFreeMemory - do not use physmem_get on FreeBSD, since
	                      it might get wrong value on systems with
	                      more than 100GB of RAM
	- nodeGetCPUMap - wrapper only for mapping function, currently not
	                  supported by FreeBSD
	- nodeSet/GetMemoryParameters - wrapper only for future improvements,
	                                currently not supported by FreeBSD

2014-03-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix unitialized data in virSocketAddrMask
	The virSocketAddrMask method did not initialize all fields
	in the sockaddr_in6 struct. In paticular the 'sin6_scope_id'
	field could contain random garbage, which would in turn
	affect the result of any later virSocketAddrFormat calls.
	This led to ip6tables rules in the FORWARD chain which
	matched on random garbage sin6_scope_id. Fortunately these
	were ACCEPT rules, so the impact was merely that desired
	traffic was blocked, rather than undesired traffic allowed.

2014-03-20  Ján Tomko  <jtomko@redhat.com>

	Fix virQEMUCapsLoadCache leaks
	Valgrind reported leaking of maxCpus and arch strings from
	virXPathString, as well as the leak of the machineMaxCpus array.
	Don't use 'str' for the strings we don't want to free, to allow
	freeing of 'str' in the cleanup label and free machineMaxCpus
	in virCapsReset too.

2014-03-20  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Enhance documentation for changing NOFILE limit

2014-03-20  Jim Fehlig  <jfehlig@suse.com>

	libxl: move domain event handler to libxl_domain
	Move the domain event handler and shutdown thread out of the main
	driver module and into libxl_domain module

	libxl: include a pointer to the driver in libxlDomainObjPrivate
	Include a pointer to the libxl driver in libxlDomainObjPrivate
	object so it can be used in the domain event handler and
	shutdown thread.

	libxl: move libxlVmStart to libxl_domain
	Move libxlVmStart from libxl_driver to libxl_domain for
	use by other libxl modules.  For consistency, rename to
	libxlDomainStart.

	libxl: move libxlFreeMem to libxl_domain
	Move libxlFreeMem from libxl_driver to libxl_domain for
	use by other libxl modules.  For consistency, rename to
	libxlDomainFreeMem.

	libxl: move libxlDomainSetVcpuAffinities to libxl_domain
	Move libxlDomainSetVcpuAffinities from libxl_driver to libxl_domain
	for use by other libxl modules.

	libxl: move libxlDoNodeGetInfo to libxl_conf
	Move libxlDoNodeGetInfo from libxl_driver to libxl_conf
	for use by other libxl modules.  For consistency, rename to
	libxlDriverNodeGetInfo.

	libxl: move libxlDomainAutoCoreDump to libxl_domain
	Move libxlDomainAutoCoreDump from libxl_driver to libxl_domain
	for use by other libxl modules.

	libxl: move libxlDomEventsRegister to libxl_domain
	Move libxlDomEventsRegister from libxl_driver to libxl_domain for
	use by other libxl modules.  For consistency, rename to
	libxlDomainEventsRegister.

	libxl: move libxlVmCleanup{,Job} to libxl_domain
	Move libxlVmCleanup and libxlVmCleanupJob from libxl_driver to
	libxl_domain for use by other libxl modules.  For consistency,
	rename to libxlDomainCleanup and libxlDomainCleanupJob.

	libxl: move libxlSaveImageOpen to libxl_domain
	Move libxlSaveImageOpen from libxl_driver to libxl_domain for
	use by other libxl modules.  For consistency, rename to
	libxlDomainSaveImageOpen.

	libxl: move libxlDomainManagedSavePath to libxl_domain
	Move libxlDomainManagedSavePath from libxl_driver to libxl_domain
	for use by other libxl modules.

	libxl: move libxlDomainEventQueue to libxl_domain
	Move libxlDomainEventQueue from libxl_driver to libxl_domain for
	use by other libxl modules.

2014-03-20  Michal Privoznik  <mprivozn@redhat.com>

	virNetClientSetTLSSession: Restore original signal mask
	Currently, we use pthread_sigmask(SIG_BLOCK, ...) prior to calling
	poll(). This is okay, as we don't want poll() to be interrupted.
	However, then - immediately as we fall out from the poll() - we try to
	restore the original sigmask - again using SIG_BLOCK. But as the man
	page says, SIG_BLOCK adds signals to the signal mask:
	SIG_BLOCK
	      The set of blocked signals is the union of the current set and the set argument.
	Therefore, when restoring the original mask, we need to completely
	overwrite the one we set earlier and hence we should be using:
	SIG_SETMASK
	      The set of blocked signals is set to the argument set.

2014-03-20  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Fix double free of pointer
	https://bugzilla.redhat.com/show_bug.cgi?id=1071181
	Commit 49b59a15 fixed one problem but masks another one related to pointer
	freeing.
	Avoid putting of the virNWFilterSnoopReq once the thread has been started.
	It belongs to the thread and the thread will call virNWFilterSnoopReqPut() on it.

2014-03-19  Michal Privoznik  <mprivozn@redhat.com>

	domiftune: Reword bandwidth clearing paragraph
	s/of value/value of/

2014-03-19  Eric Blake  <eblake@redhat.com>

	conf: consistent comments about disk enum usage
	Before refactoring this struct, I found it helpful to track which
	'int' fields really contain an enum value.
	* src/conf/domain_conf.h (_virDomainDiskDef): Add comments.

2014-03-19  Jiri Denemark  <jdenemar@redhat.com>

	build: Make sure src/util/virprobe.h is distributed

2014-03-19  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	qemuhotplugtest: Fix mem-leaking testcases
	While running qemuhotplugtest, it was found that valgrind pointed out
	the following memory leak:
	==7906== 5 bytes in 1 blocks are definitely lost in loss record 7 of 121
	==7906==    at 0x4A069EE: malloc (vg_replace_malloc.c:270)
	==7906==    by 0x3E782A754D: xmlStrndup (in /usr/lib64/libxml2.so.2.7.6)
	==7906==    by 0x4CDAE03: virDomainDeviceInfoParseXML.isra.32 (domain_conf.c:3685)
	==7906==    by 0x4CE3BB9: virDomainNetDefParseXML (domain_conf.c:6707)
	==7906==    by 0x4CFBA08: virDomainDefParseXML (domain_conf.c:12235)
	==7906==    by 0x4CFBC1E: virDomainDefParseNode (domain_conf.c:13039)
	==7906==    by 0x4CFBD95: virDomainDefParse (domain_conf.c:12981)
	==7906==    by 0x41FEB4: testQemuHotplug (qemuhotplugtest.c:66)
	==7906==    by 0x420F41: virtTestRun (testutils.c:201)
	==7906==    by 0x41F287: mymain (qemuhotplugtest.c:422)
	==7906==    by 0x4216BD: virtTestMain (testutils.c:784)
	==7906==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	...and 10 more.
	Problem is, since 20745748 we do both, parse <alias/> elements from
	XML files and call qemuAssignDeviceAliases(). While generating runtime
	info for domain at runtime is just fine in the test, we can parse just
	inactive XML and remove all <alias/>-es from the XML files.

2014-03-19  Martin Kletzander  <mkletzan@redhat.com>

	build: Fix make distcheck
	I forgot to delete the underscore in object_locking_SOURCES when
	changing the name in one of previous cleanups.

2014-03-19  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix build with old automake
	Ancient automake (such as from RHEL5) does not provide abs_srcdir and
	abs_builddir variables which are used by a recent commit of mine
	(e562e82).

2014-03-19  Daniel P. Berrange  <berrange@redhat.com>

	Add ability to register callback for virCommand dry run
	To allow for fault injection of the virCommand dry run,
	add the ability to register a callback. The callback will
	be passed the argv, env and stdin buffer and is expected
	to return the exit status and optionally fill stdout and
	stderr buffers.

	Change CMD_STOPONERR(1) to use true
	The CMD_STOPONERR macro uses its parameter as a boolean, so should
	be passed true rather than 1.

	Change 'int isTempChain' to bool in nwfilter
	The 'int isTempChain' parameter to various nwfilter methods
	only takes two values so should be a bool type.

	Remove pointless return values in nwfilter methods
	Many nwfilter methods have an int return value but only ever
	return 0 and their callers never check the return value either.
	These methods can all be void.

	Remove 'int stopOnError' parameters in nwfilter methods
	Many nwfilter methods have an 'int stopOnError' parameter but
	with 1 exception, the callers always pass '1'. The parameter
	can therefore be removed from all except one method. That method
	will be changed to 'bool stopOnError'

	Remove pointless brackets around boolean
	A lot of methods have a 'bool incoming' parameter but then
	do  (incoming) ? ... : .... The round brackets here add nothing
	to the code so can be removed.

	Change 'int incoming' to 'bool incoming' in nwfilter code
	Many methods in the nwfilter code have an 'int incoming' parameter
	that only takes 0 or 1, so should use a bool instead.

2014-03-19  Chunyan Liu  <cyliu@suse.com>

	virhostdev.h: remove ATTRIBUTE_NONNULL from oldStateDir
	In libxl driver oldStateDir is NULL when calling
	virHostdevReAttachDomainHostdevs. This is allowed.
	Remove ATTRIBUTE_NONNULL setting from oldStateDir.
	Introduced by commit 6225cb3.

2014-03-19  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix framebuffer port setting for HVM domains
	libxl uses the libxl_vnc_info and libxl_sdl_info fields from the
	hvm union in libxl_domain_build_info struct when generating QEMU
	args for VNC or SDL.  These fields were left unset by the libxl
	driver, causing libxl to ignore any user settings.  E.g. with
	  <graphics type='vnc' port='5950'/>
	port would be ignored and QEMU would instead be invoked with
	  -vnc 127.0.0.1:0,to=99
	Unlike the libxl_domain_config struct, the libxl_domain_build_info
	contains only a single libxl_vnc_info and libxl_sdl_info, so
	populate these fields from the first vfb in
	libxl_domain_config->vfbs.

2014-03-19  Eric Blake  <eblake@redhat.com>

	maint: avoid unbalanced {} across vbox #ifdef
	Emacs is fairly good about navigating across function and scope
	boundaries, provided that the code has balanced {}.  The vbox
	code, however, violated that premise, by splitting 'if () {'
	across several #ifdef branches, but sharing the '} else {...}'
	outside of the branches.  The extra lines of code is worth my
	sanity, in a function that is already a horrendous 1100+ lines
	long.
	* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc) Duplicate code
	rather than trying to share else branch across #ifdef.

2014-03-18  Daniel P. Berrange  <berrange@redhat.com>

	Remove global log buffer feature entirely
	A earlier commit changed the global log buffer so that it only
	records messages that are explicitly requested via the log
	filters setting. This removes the performance burden, and
	improves the signal/noise ratio for messages in the global
	buffer. At the same time though, it is somewhat pointless, since
	all the recorded log messages are already going to be sent to an
	explicit log output like syslog, stderr or the journal. The
	global log buffer is thus just duplicating this data on stderr
	upon crash.
	The log_buffer_size config parameter is left in the augeas
	lens to prevent breakage for users on upgrade. It is however
	completely ignored hereafter.

	Switch to filtering based on log source name instead of filename
	Currently the log filter strings are used in a string comparison
	against the source filename each time log message is emitted.
	If no log filters at all are set, there's obviously no string
	comparison to be done. If any single log filter is set though,
	this imposes a compute burden on every logging call even if logs
	from the file in question are disabled. This string comparison
	must also be done while the logging mutex is held, which has
	implications for concurrency when multiple threads are emitting
	log messages.
	This changes the log filtering to be done based on the virLogSource
	object name. The virLogSource struct is extended to contain
	'serial' and 'priority' fields. Any time the global log filter
	rules are changed a global serial number is incremented. When a
	log message is emitted, the serial in the virLogSource instance
	is compared with the global serial number. If out of date, then
	the 'priority' field in the virLogSource instance is updated based
	on the new filter rules. The 'priority' field is checked to see
	whether the log message should be sent to the log outputs.
	The comparisons of the 'serial' and 'priority' fields are done
	with no locks held. So in the common case each logging call has
	an overhead of 2 integer comparisons, with no locks held. Only
	if the decision is made to forward the message to the log output,
	or if the 'serial' value is out of date do locks need to be
	acquired.
	Technically the comparisons of the 'serial' and 'priority' fields
	should be done with locks held, or using atomic operations. Both
	of these options have a notable performance impact, however, and
	since all writes a protected by a global mutex, it is believed
	that worst case behaviour where the fields are read concurrently
	with being written would merely result in an mistaken emission
	or dropping of the log message in question. This is an acceptable
	tradeoff for the performance benefit of avoiding locking.
	As a quick benchmark, a demo program that registers 500 file
	descriptors with the event loop (eg equiv of 500 QEMU monitor
	commands), creates pending read I/O on every FD, and then runs
	virEventRunDefaultImpl() took 4.6 seconds to do 51200 iterations.
	After this optimization it only takes 3.3 seconds, with the log
	APIs no longer being a relevant factor in the running time.

	Add virLogSource variables to all source files
	Any source file which calls the logging APIs now needs
	to have a VIR_LOG_INIT("source.name") declaration at
	the start of the file. This provides a static variable
	of the virLogSource type.

	Turn virLogSource into a struct instead of an enum
	As part of the goal to get away from doing string matching on
	filenames when deciding whether to emit a log message, turn
	the virLogSource enum into a struct which contains a log
	"name". There will eventually be one virLogSource instance
	statically declared per source file. To minimise churn in this
	commit though, a single global instance is used.

	Move dtrace probe macros into separate header file
	The dtrace probe macros rely on the logging API. We can't make
	the internal.h header include the virlog.h header though since
	that'd be a circular include. Instead simply split the dtrace
	probes into their own header file, since there's no compelling
	reason for them to be in the main internal.h header.

	Refactor code that skips logging of error messages
	The error reporting code will invoke a callback when any error
	is raised and the default callback will print to stderr. The
	virRaiseErrorFull method also sends all error messages on to the
	logging code, which also prints to stderr by default. To avoid
	duplicated data on stderr, the logging code has some logic to
	skip emission when no log outputs are configured, which checks
	whether the virLogSource == VIR_LOG_FROM_ERROR.
	Meanwhile the libvirtd daemon can register another callback which
	is used to reduce log message priority from error to a lower level.
	When this is used we do want messages to end up on stderr, so the
	error code will conditionally use either VIR_LOG_FROM_FILE or
	VIR_LOG_FROM_ERROR depending on whether such a callback is provided.
	This will all complicate later refactoring. By pushing the checks
	for whether a log output is present up a level into the error code,
	the special cases can be isolated in one place.

	Reduce performance overhead of the global log buffer
	With the vast number of log debug statements in the code, the
	logging framework has a measurable performance impact on libvirt
	code, particularly in the daemon event loop.
	The global log buffer records every single log message triggered
	whether anyone cares to see them or not. This makes it impossible
	to eliminate the overhead of printf format expansions in any of
	the logging code. It is possible to disable the global log buffer
	in libvirtd itself, but this doesn't help client side library
	code. Also even if disabled by the config file, the existence of
	the feature makes other performance improvements in the logging
	layer impossible.
	Instead of logging every single message to the global buffer, only
	log messages that pass the log filters. This if libvirtd is set
	to have log_filters="1:libvirt 1:qemu" the global log buffer will
	only get filled with those messages instead of everything. This
	reduces the performance burden, as well as improving the signal
	to noise ratio of the log buffer.
	As a quick benchmark, a demo program that registers 500 file
	descriptors with the event loop (eg equiv of 500 QEMU monitor
	commands), creates pending read I/O on every FD, and then runs
	virEventRunDefaultImpl() took 1 minute 40 seconds to do 51200
	iterations with nearly all the time shown against the logging
	code. After this optimization it only takes 4.6 seconds.

2014-03-18  Michal Privoznik  <mprivozn@redhat.com>

	virNetServerNewPostExecRestart: Initialize @max_anonymous_clients
	Coverity spotted a use of possibly undefined variable. If a server is
	restarting as an result of update, the JSON file that keeps current
	value of some variables will not contain the new variables. This is
	the case of @max_anonymous_clients too. We are correctly querying if
	there's "max_anonymous_clients" in the JSON, however, we are not
	setting a sane default if there's none.

	qemuDomainSetInterfaceParameters: Allow bandwidth clear out
	We allow translation from no_bandwidth to has_bandwidth for a vnic.
	However, going in the opposite direction is not implemented. It's not
	limitation of the API rather than internal implementation. The problem
	is, we correctly detect that user hasn't specified any outbound (say
	he wants to clear out outbound). However, this gets overwritten by
	current vnic outbound settings. Then, virNetDevBandwidthSet doesn't
	change anything. We need to stop overwriting the outbound if users
	don't want us to. Same applies for inbound.

2014-03-18  Martin Kletzander  <mkletzan@redhat.com>

	cfg.mk: Fix whitespaces
	Just to align the backslashes with most of the file.

2014-03-18  Ján Tomko  <jtomko@redhat.com>

	Remove double space in file name comment check
	Reported by Martin Kletzander

2014-03-18  Martin Kletzander  <mkletzan@redhat.com>

	Don't leave empty first line in C source files
	If there should be some sort of separator it is better to use comment
	with the filename, copyright, description, license information and
	authors.
	Found by:
	git grep -nH '^$' | grep '\.[ch]:1:'

	Explicitly cast some switch parameters to enum
	This patch is not trying to fix every switch, just the ones I worked
	with last time, because some of these were especially unreadable.
	Covers enums virDomainGraphicsType and virDomainChrType (where
	applicable).
	Also sort its cases by their value.

	Require spaces around equality comparisons
	Commit a1cbe4b5 added a check for spaces around assignments and this
	patch extends it to checks for spaces around '=='.  One exception is
	virAssertCmpInt where comma after '==' is acceptable (since it is a
	macro and '==' is its argument).

	Remove duplicate network model characters

	tests: cleanup object-locking test
	When ran, cil is throwing out some errors and warnings for obsolete
	'or' unused variables and wrong module name (it should not contain a
	hyphen; hence the rename).

	qemu: agent availability cleanup
	Eliminate all the code re-use which checks for priv->agentError or
	priv->agent.

2014-03-18  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in virDomainChrSourceDefClear()
	While running qemuxml2xmltest, it was found that valgrind pointed out
	the following memory leak:
	==21905== 26 bytes in 1 blocks are definitely lost in loss record 23 of 69
	==21905==    at 0x4A069EE: malloc (vg_replace_malloc.c:270)
	==21905==    by 0x3E782A754D: xmlStrndup (in /usr/lib64/libxml2.so.2.7.6)
	==21905==    by 0x4CD986D: virDomainChrSourceDefParseXML (domain_conf.c:7233)
	==21905==    by 0x4CE4199: virDomainChrDefParseXML (domain_conf.c:7512)
	==21905==    by 0x4CFAF3F: virDomainDefParseXML (domain_conf.c:12303)
	==21905==    by 0x4CFB46E: virDomainDefParseNode (domain_conf.c:13031)
	==21905==    by 0x4CFB5E9: virDomainDefParse (domain_conf.c:12973)
	==21905==    by 0x41E9D8: testCompareXMLToXMLFiles (qemuxml2xmltest.c:40)
	==21905==    by 0x41EBAA: testCompareXMLToXMLHelper (qemuxml2xmltest.c:93)
	==21905==    by 0x421D21: virtTestRun (testutils.c:199)
	==21905==    by 0x41FCE9: mymain.part.0 (qemuxml2xmltest.c:244)
	==21905==    by 0x42249D: virtTestMain (testutils.c:782)
	==21905==
	... and 7 more

2014-03-18  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Prohibit virConnectOpen* functions in virsh
	Addition of vshConnect() makes virConnectOpen() functions obsolete in
	virsh.  Thus all virsh-*.[ch] files should be left only with
	vshConnect() in the case of need.

	virsh: Add keepalive in new vshConnect function
	Introducing keepalive similarly to Guannan around 2 years ago.  Since
	we want to introduce keepalive for every connection, it makes sense to
	wrap the connecting function into new virsh one that can deal
	keepalive as well.
	Function vshConnect() is now used for connecting and keepalive added
	in that function (if possible) helps preventing long waits e.g. while
	nework goes down during migration.
	This patch also adds the options for keepalive tuning into virsh and
	fails connecting only when keepalives are explicitly requested and
	cannot be set (whether it is due to missing support in connected
	driver or remote server).  If not explicitely requested, a debug
	message is printed (hence the addition to virsh-optparse test).
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1073506
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=822839

2014-03-18  Felix Geyer  <debfx@fobos.de>

	virt-aa-helper: handle 9pfs
	Make virt-aa-helper create rules to allow VMs access to filesystem
	mounts from the host.

2014-03-18  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in virDomainSnapshotDiskDefClear()
	While running domainsnapshotxml2xmltest, it was found that valgrind pointed out
	the following memory leak:
	==32176== 42 (32 direct, 10 indirect) bytes in 1 blocks are definitely lost in loss record 42 of 66
	==32176==    at 0x4A069EE: malloc (vg_replace_malloc.c:270)
	==32176==    by 0x4A06B62: realloc (vg_replace_malloc.c:662)
	==32176==    by 0x4C65A07: virReallocN (viralloc.c:243)
	==32176==    by 0x4C65B2E: virExpandN (viralloc.c:292)
	==32176==    by 0x4C65E30: virInsertElementsN (viralloc.c:434)
	==32176==    by 0x4CD71F3: virDomainDiskSourceDefParse (domain_conf.c:5078)
	==32176==    by 0x4CF6EF4: virDomainSnapshotDefParseNode (snapshot_conf.c:151)
	==32176==    by 0x4CF7314: virDomainSnapshotDefParseString (snapshot_conf.c:410)
	==32176==    by 0x41FB8D: testCompareXMLToXMLHelper (domainsnapshotxml2xmltest.c:100)
	==32176==    by 0x420FD1: virtTestRun (testutils.c:199)
	==32176==    by 0x41F859: mymain (domainsnapshotxml2xmltest.c:222)
	==32176==    by 0x42174D: virtTestMain (testutils.c:782)
	==32176==
	... and one more.

2014-03-18  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: allow to destroy only active domains
	Add a check that domain is active before attempting to destroy it.

2014-03-18  Daniel P. Berrange  <berrange@redhat.com>

	Give virNWFilterVarCombIterNext saner semantics
	The virNWFilterVarCombIterNext method will free its
	parameter when it gets to the end of the iterator.
	This is somewhat misleading design, making it appear
	as if the caller has a memory leak. Remove the free'ing
	of the parameter and ensure that the calling method
	ebiptablesCreateRuleInstanceIterate free's it instead.

	Fix leak on OOM when creating nwfilter rule instances
	The ebiptablesAddRuleInst method would leak an instance
	of ebiptablesRuleInstPtr if it hit OOM when adding it
	to the list of instances. Remove the pointless helper
	method virNWFilterRuleInstAddData and just inline the
	call to VIR_APPEND_ELEMENT and free the instance on
	failure.

	Avoid warning message from libxl driver on non-Xen kernels
	The libxl driver reads /proc/xen/capabilities to see if it
	is on a Dom0 kernel. If that file does not even exist though,
	an error is logged. Check for the file existance before trying
	to read its contents to avoid the log message.

2014-03-18  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix hostbridge device command generation
	Addition of the hostbridge device was mistakenly placed to
	bhyveBuildNetArgStr(). This could result in hostbridge device not being
	added to the commandline if there are no network devices specified, but
	hostbridge device should be added unconditionally.
	Fix by placing it to virBhyveProcessBuildBhyveCmd().

	bhyve: add support for virtio block devices

2014-03-18  Pavel Hrdina  <phrdina@redhat.com>

	Enforce attribute check of the virRegister functions

2014-03-18  Michal Privoznik  <mprivozn@redhat.com>

	daemon: Introduce max_anonymous_clients
	https://bugzilla.redhat.com/show_bug.cgi?id=992980
	This config tunable allows users to determine the maximum number of
	accepted but yet not authenticated users.

	virNetServer: Introduce unauth clients counter
	The counter gets incremented on each unauthenticated client added to the
	server and decremented whenever the client authenticates.

2014-03-18  Michael Chapman  <mike@very.puzzling.org>

	datatypes: Fix comments
	- As of commit 2ff4c137, all virGet*() functions in datatypes.c always
	  return pointers to new objects. Objects are not cached in a
	  per-connection hashtable.
	- Fix variable names in comments for all vir*Dispose() functions in
	  datatypes.c.
	- Add comments for virGetStream(), virStreamDispose(),
	  virGetDomainSnapshot(), virDomainSnapshotDispose().

2014-03-18  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: implement nodeGetInfo()
	Add bhyveNodeGetInfo() which is a simple wrapper around nodeGetInfo()
	from src/nodeinfo.c.

2014-03-18  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Add parameter to wait for lock in file locking APIs
	Our current pidfile acquire APis (virPidFileAcquire) simply return -1 upon
	failure to acquire a lock. This patch adds a parameter 'bool waitForLock'
	which instructs the APIs if we want to make it block and wait for the lock
	or not.

2014-03-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix mistakes in checking return values
	Thre was a syntax error in checking virRegisterStateDriver in
	the remote driver, and bogus checking of a void return type
	of virDomainConfNWFilterRegister in nwfilter.

2014-03-17  Michael Chapman  <mike@very.puzzling.org>

	spec: move some dirs into appropriate subpackages
	This commit moves a few directories into more appropriate subpackages.
	In a few cases a directory is owned by two subpackages, however this is
	OK as long as the permissions and ownership for the directory are
	consistent between them.
	- %{_sysconfdir}/libvirt/qemu/
	  Used by the qemu and network drivers.
	  When building with separate driver modules, this directory is only
	  owned by l-d-d-network. l-d-d-qemu has a hard dependency on
	  l-d-d-network, which means this directory is created with the
	  correct permissions and ownership, however it's clearer if both
	  subpackages own the directory independently.
	- %{_sysconfdir}/libvirt/nwfilter/
	  Used by the nwfilter driver only.
	  This directory is currently always owned by libvirt-daemon. This
	  commit moves it into l-d-d-nwfilter when building with separate
	  driver modules.
	- %{_localstatedir}/run/libvirt/network/
	  Used by the network and nwfilter drivers.
	  When building without separate driver modules, this directory is
	  should be owned by libvirt-daemon only if either of these drivers
	  are enabled. When building with separate driver modules, this
	  directory should be owned by l-d-d-nwfilter in addition to
	  l-d-d-network.
	- %{_datadir}/libvirt/networks/ and
	  %{_datadir}/libvirt/networks/default.xml
	  Used only by the %post scriptlet in libvirt-daemon-config-network.

2014-03-17  Pavel Hrdina  <phrdina@redhat.com>

	Fix issue found by coverity and cleanup
	Coverity found an issue in lxc_driver and uml_driver that we don't
	check the return value of register functions.
	I've also updated all other places and unify the way we check the
	return value.

2014-03-15  Cole Robinson  <crobinso@redhat.com>

	XMLToNative: Parse XML as INACTIVE
	Right now we are parsing the XML as though it's live, which for example
	will choke on hardcoded XML like:
	  <seclabel type='dynamic' model='selinux' relabel='yes'/>
	Erroring with:
	  $ sudo virsh domxml-to-native qemu-argv f
	  error: XML error: security label is missing
	All drivers are fixed, but only qemu was tested.

	qemu: XMLToNative: Don't open vhostfd
	Just skip the vhost command line generation, since this won't work if
	attempting to run manually.

	qemu: XMLToNative: Don't show -S
	-S causes qemu to start in the paused state. Since XML2Native is intended
	to generate something that users can run directly, this will trip them up.

2014-03-14  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	qemu: cleanup tap devices on FreeBSD
	We have to explicitly destroy TAP devices on FreeBSD because
	they're not freed after being closed, otherwise we end up with
	orphaned TAP devices after destroying a domain.

	Fix build with qemu driver disabled
	Do not include test_libvirt_lockd.aug when configured without qemu
	driver.
	https://bugzilla.redhat.com/show_bug.cgi?id=1071777

2014-03-14  John Ferlan  <jferlan@redhat.com>

	openvzRegister: Check for error return
	A recent change to openvz_driver.c caused Coverity to make additional
	comparisons and find that the openvzRegister() was not checking the
	status of virRegisterDriver() call like other callers and thus generated
	a CHECKED_RETURN condition

2014-03-14  Laine Stump  <laine@laine.org>

	build: detect/prohibit hardcoded XML indent in syntax-check
	This rule wouldn't be able to find any case of a hardcoded indent that
	was in the middle of a string, but then virBuffer doesn't add
	indentation in the middle of a string either.

	conf: eliminate hardcoded indentation in all remaining xml
	These last files had such a small change count I just put them into a
	single patch.

	qemu: elminate hardcoded indent in capabilities cache XML

	util: eliminate hardcoded indent in virConnectSysInfo formatting
	This same set of functions is used by the qemu, xen, and lxc drivers'
	connectSysInfo function.

	qemu: eliminate hardcoded indent from migration cookie xml
	This is also never seen by a human.

	virsh: eliminate hardcoded indentation in xml generated for commands
	These are never seen externally, only passed into libvirt APIs, so in
	practice this makes no real difference, but it's good to be
	consistent.

	conf: eliminate hardcoded indent in volume/pool xml
	Again completely mechanical, but a lot of lines.

	conf: eliminate hardcoded indentation in node device xml
	Completely mechanical changes, but there were a lot of lines so I made
	it a separate patch.

	conf: eliminate hardcoded indentation in capabilities xml
	There were a lot of changes here, but all very mechanical. For some
	reason, the virBufferPtr had been named "xml" instead of "buf" in this
	file, so since the indentation changing touched almost every line
	using the buffer, I took this chance to change its name for "buf" for
	consistency with every other file.

	conf: eliminate hardcoded indentation in nwfilter xml
	This file was using multiple virBuffers, inserting the contents of
	buf3 into buf2, then inserting the contents of buf2 into buf1, rather
	than the more conventional method of just passing around a single
	virBufferPtr and streaming everything into that single buffer. This
	was unnecessary, and also made it more difficult to make indentation
	relative, because when you insert a string into a buffer, the
	indentation of the buffer is only applied once at the beginning of the
	string, *not* each time a newline is encountered in the string.

	conf: eliminate outmoded/odd indent method from interface xml
	These format functions needed the ability to be indented by an
	arbitrary amount, but were written before the introduction of
	virBufferAdjustIndent(). They instead used the much more clunky method
	of adding a "level" arg to every format function, and padding with
	spaces using the "%*s" printf format specifier (giving it the level,
	and "", which has the effect of adding level spaces to the output).
	While eliminating the hardcoded indentation in other xml, I decided it
	was finally time to also modernize the interface formatter code to
	make it more consistent.

	conf: eliminate hardcoded indent from network xml
	This was very simple, since the only place that had hardcoded
	indentation was a few items in the network status xml.

	conf: eliminate hardcoded indent from domain snapshot xml
	All leading spaces in domain snapshot xml format functions have been
	replaced with appropriate calls to virBufferAdjustIndent(). This will
	make it easier to call other similarly fixed format functions
	(e.g. domain device format functions).

	conf: eliminate hardcoded indent from domain xml
	Many of the domain xml format functions (including all of the device
	format functions) had hard-coded spaces, which made for incorrect
	indentation when those functions were called in a different context
	(for example, commit 2122cf39 added <interface> XML into the document
	provided to a network hook script, and in this case it should have
	been indented by 2 spaces, but was instead indented by 6 spaces).
	To make it possible to insert a properly indented device anywhere into
	an XML document, this patch removes hardcoded spaces from the
	formatting functions, and calls virBufferAdjustIndent() at appropriate
	places instead. (a regex search of domain_conf.c was done to assure
	that all occurrences of hardcoded spaces were removed).
	virDomainDiskSourceDefFormatInternal() is also called from
	snapshot_conf.c, so two virBufferAdjustIndent() calls were temporarily
	added around that call - those functions will have hardcoded spaces
	removed in a separate patch.
	This could cause some conflicts when backporting future changes to the
	formatting functions to older branches, but fortunately the changes
	are almost all trivial, so conflict resolution will be obvious.

2014-03-14  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Add ARP src/dst IP mask for ebtables ARP
	Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=862887
	Add a netmask for the source and destination IP address for the
	ebtables --arp-ip-src and --arp-ip-dst options. Extend the XML
	parser with support for XML attributes for these netmasks similar
	to already supported netmasks. Extend the documentation.

	nwfilter: Fix rule priority problem
	Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1072292
	Fix a problem related to rule priorities that did not allow to
	have rules applied that had a higher priority than the chain they
	were in. In this case the chain did not exist yet when the rule
	was instantiated. The solution is to adjust the priority of rules
	if the priority of the chain is of higher value. That way the chain
	will be created before the rule.

2014-03-13  Jim Fehlig  <jfehlig@suse.com>

	hostdev: add virObject field to virHostdevManager struct
	Commit 6b306d66 converted virHostdevManager to a virObject, but
	missed adding a virObject field to the virHostdevManager struct.
	Result is memory corruption when taking a reference on an instance
	of the object, where atomic inc is done on the stateDir field.
	Later use of stateDir crashes libvirtd.

2014-03-13  Michal Privoznik  <mprivozn@redhat.com>

	qemu.conf: Mention virtlockd in @lock_manager description
	When I played with virtlockd I was stunned by lacking
	documentation. My frustration got bigger when I had to
	read the patches to get the correct value to set in
	qemu.conf.
	Moreover, from pure libvirt-pride  I'm changing commented
	value from sanlock to lockd. We want to favor our own
	implementation after all.

2014-03-13  Wang Rui  <moon.wangrui@huawei.com>

	hotplug:Fix log mistake in qemuMonitorAddNetdev
	VIR_DEBUG  in qemuMonitorAddNetdev should print vhostfdSize

2014-03-13  Jiri Denemark  <jdenemar@redhat.com>

	Make ABI stability issue easier to debug
	When ABI stability check fails, we only log the error message describing
	the incompatibility. Let's log both XMLs in case of an error to make it
	easier to analyze where and why the stability check failed.

2014-03-13  Osier Yang  <jyang@redhat.com>

	qemu: Forbid "sgio" support for SCSI generic host device
	The kernel didn't support the unprivileged SGIO for SCSI generic
	device finally, and since it's unknow whether the way to support
	unprivileged SGIO for SCSI generic device will be similar as for
	SCSI block device or not, even it's simliar (I.e. via sysfs, for
	SCSI block device, it's /sys/dev/block/8\:0/queue/unpriv_sgio,
	for example), the file name might be different, So it's better not
	guess what it should be like currently.
	This patch removes the related code (mainly about the "shareable"
	checking on the "sgio" setting, it's not supported at all, why
	we leave checking code there? :-), and error out if "sgio" is
	specified in the domain config.

2014-03-13  Martin Kletzander  <mkletzan@redhat.com>

	docs: add VMmanager to web apps
	This is a request for adding a VMmanager application as requested and
	described by Ksenya Phil.

2014-03-13  Stefan Bader  <stefan.bader@canonical.com>

	libxl: Check for control_d string to decide about dom0
	As soon as any guest mounts xenfs to /proc/xen, there is a capabilities
	file in that directory. However it returns nothing when reading from it.
	Change the test to actually check the contents of the file.
	BugLink: http://bugs.launchpad.net/bugs/1248025

2014-03-13  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	vircrypto: fix Invalid write in virCryptoHashString()
	While running vircryptotest, it was found that valgrind pointed out the
	following error:
	==27453== Invalid write of size 1
	==27453==    at 0x4C7D7C9: virCryptoHashString (vircrypto.c:76)
	==27453==    by 0x401C4E: testCryptoHash (vircryptotest.c:41)
	==27453==    by 0x402A11: virtTestRun (testutils.c:199)
	==27453==    by 0x401AD5: mymain (vircryptotest.c:76)
	==27453==    by 0x40318D: virtTestMain (testutils.c:782)
	==27453==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	==27453==  Address 0x51f0541 is 0 bytes after a block of size 65 alloc'd
	==27453==    at 0x4A0577B: calloc (vg_replace_malloc.c:593)
	==27453==    by 0x4C69F2E: virAllocN (viralloc.c:189)
	==27453==    by 0x4C7D76B: virCryptoHashString (vircrypto.c:69)
	==27453==    by 0x401C4E: testCryptoHash (vircryptotest.c:41)
	==27453==    by 0x402A11: virtTestRun (testutils.c:199)
	==27453==    by 0x401AD5: mymain (vircryptotest.c:76)
	==27453==    by 0x40318D: virtTestMain (testutils.c:782)
	==27453==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	==27453==
	...and many more.  Two observations: hashstrlen was already set
	to include the trailing NUL byte (so writing to hashstrlen as
	the array offset was indeed writing one byte beyond bounds), and
	VIR_ALLOC_N already guarantees zero-initialization (so we already
	have a trailing NUL without needing to explicitly write one).

2014-03-13  Ján Tomko  <jtomko@redhat.com>

	Fix type mismatch of virNetDev*NetConfig on non-Linux
	Commit b4bbaee changed char* to const char*, but omitted
	the non-Linux version.

2014-03-13  Chunyan Liu  <cyliu@suse.com>

	add pci passthrough to libxl driver
	Add pci passthrough to libxl driver, support attach-device, detach-device and
	start a vm with pci hostdev specified.

	add hostdev pci backend type for xen
	Add VIR_DOMAIN_HOSTDEV_PCI_BACKEND_XEN. For legacy xen, it will use "pciback" as
	stub driver.

	change lxc_hostdev.c to use virhostdev common library APIs

	add unit test for new virhostdev common library
	Add unit test for hostdev common library. Current tests are based on virpcimock.

	Add parameter checks/annotations to hostdev APIs
	Mark many parameters as NONNULL and check for empty list of
	hostdevs.

	add 3 wrapper functions for prepare/reattach/update domain hostdevs

	improve virHostdevUpdate* parameters to make it more widely used
	Changes parameter from vm def to specific hostdevs info and name info, so that
	it could be used more widely, e.g, could be used without full vm def info.

2014-03-13  Daniel P. Berrange  <berrange@redhat.com>

	Capitalize USB, PCI and SCSI in hostdev variables
	Change any variable names with Usb, Pci or Scsi to use
	USB, PCI and SCSI since they are abbreviations.

	Remove redundant duplicated 'Hostdev' string method names
	Some virHostdevXXXX methods included the string Hostdev again
	as a suffix. Change the latter to Device instead.

2014-03-13  Chunyan Liu  <cyliu@suse.com>

	Capitalize USB, PCI and SCSI in hostdev methods
	Change any method names with Usb, Pci or Scsi to use
	USB, PCI and SCSI since they are abbreviations.

2014-03-13  Daniel P. Berrange  <berrange@redhat.com>

	Fixed const-ness of parameters in netdev/hostdev code
	Various methods in virnetdev.c and virhostdev.c were missing
	const-ness for several char * parameters.

2014-03-13  Chunyan Liu  <cyliu@suse.com>

	improve parameter name to let it more meaningful

	move virHostdevNodeDevice* to virhostdev.c

	extract general code of NodeDeviceReset

	extract general code of NodeDeviceReAttach

	extract general code of NodeDeviceDetach

	move virHostdevReAttachHostScsiDevices to virhostdev.c

	pass driver name as parameter to virHostdevReAttachScciHostdevs

	extract general code from qemuDomainReAttachHostScsiDevices
	Extract general code from qemuDomainReAttachHostScsiDevices to
	virHostdevDomainReAttachHostScsiDevices.

	move virHostdevReAttachUsbHostdevs to virhostdev.c

	pass driver name as paramter to virHostdevReAttachUsbHostdevs

	extract general code from qemuDomainReAttachHostUsbDevices
	Extract general code from qemuDomainReAttachHostUsbDevices to
	virHostdevDomainReAttachHostUsbDevices.

	move virHostdevPrepareHostSCSIDevices to virhostdev.c

	pass driver name as parameter to virHostdevPrepareSCSIDevices

	extract general code from qemuPrepareHostSCSIDevices
	Extract general code from qemuPrepareHostSCSIDevices to
	virHostdevPrepareHostSCSIDevices.

	move virHostdevPrepareHostUSBDevices to virhostdev.c

	pass driver name to virHostdevPrepareUSBDevices

	rename qemu*USBDevices to virHostdev*USBDevices

	extract general code from qemuPrepareHostUSBDevices
	Extract general code from qemuPrepareHostUSBDevices to
	virHostdevPrepareHostUSBDevices.

	move virHostdevUpdate* functions to virhostdev.c

	pass driver_name as parameter of virHostdevUpdate*Hostdevs functions

	extract general code from qemuUpdateActiveScsiHostdevs
	Extract general code from qemuUpdateActiveScsiHostdevs to
	virHostdevUpdateActiveScsiHostdevs

	extract general code from qemuUpdateActiveUsbHostdevs
	Extract general code from qemuUpdateActiveUsbHostdevs to
	virHostdevUpdateActiveUsbHostdevs.

	extract general code from qemuUpdateActivePciHostdevs
	Extract general code from qemuUpdateActivePciHostdevs to
	virHostdevUpdateActivePciHostdevs.

	move virHostdevPrepare(ReAttach)PCIDevices to virhostdev.c

2014-03-13  Daniel P. Berrange  <berrange@redhat.com>

	rename qemuReAttachPciDevice to virHostdevReAttachPciDevice

2014-03-13  Chunyan Liu  <cyliu@suse.com>

	Conditionally wait for kvm_assigned_device cleanup
	Only wait for kvm device cleanup if the driver is pci-stub

	pass driver name as a parameter to virHostdevReAttachPCIDevices

	extract general code from qemuDomainReAttachHostdevDevices

	pass driver name as a parameter to virHostdevPrepareHostdevPCIDevices

	rename qemuGet*PciHostDeviceList to virHostdevGet*PciHostDeviceList

	rename qemu*NetConfigRestore/Replace to virHostdevNetConfigRestore/Replace

	extract general code from qemuPrepareHostdevPCIDevices
	Extract general code from qemuPrepareHostdevPCIDevices to
	virHostdevPrepareHostdevPCIDevices.

	qemu_hostdev: move netconfig file location to virhostdev stateDir

	qemu_hostdev: move ColdBoot as a flag
	For extracting hostdev codes from qemu_hostdev.c to common library, change qemu
	specific COLD_BOOT handling to be a flag, and pass it to hostdev functions.

	qemu_hostdev: move cfg->relaxedACS as a flag
	For extracting hostdev codes from qemu_hostdev.c to common library, change qemu
	specific cfg->relaxedACS handling to be a flag, and pass it to hostdev
	functions.

	lxc: use general virhostdev lists instead of its own

	qemu: use general virhostdev lists instead of its own

	qemu: remove functions used internally only from qemu_hostdev.h

	qemu: reuse hostdev interfaces to avoid duplicate
	Same logic of preparing/reattaching hostdevs could be used in attach/detach
	hotplug places, so reuse hostdev interfaces to avoid duplicate, also for later
	extracting general code to common library.

	update qemuPrepareHostUSBDevices parameters to keep consistency
	Update parameters from vm->def to specific name, hostdevs, nhostdevs to keep
	consistentcy with PreparePCIDevices and PrepareSCSIDevices. And, at the same
	time, make it reusable in later patch.

	virhostdev: use virObject to virHostdevManager to keep reference
	Use virObject to virHostdevManager, so that each driver using virHostdevManager
	can keep a reference to it, and through counting refs to make virHostdevManager
	get freed.

2014-03-12  Jiri Denemark  <jdenemar@redhat.com>

	Load CPU map from builddir when run uninstalled
	When libvirtd is run from a build directory without being installed, it
	should not depend on files from a libvirt package installed in the
	system. Not only because there may not be any libvirt installed at all.
	We already do a good job for plugins but cpu_map.xml was still loaded
	from the system.
	The Makefile.am change is necessary to make this all work from VPATH
	builds since libvirtd has no idea where to find libvirt sources. It only
	knows the path from which it was started, i.e, a builddir.
	https://bugzilla.redhat.com/show_bug.cgi?id=1074327

2014-03-12  Ján Tomko  <jtomko@redhat.com>

	Introduce vircommandpriv.h for functions used by tests
	So far it's just virCommandSetDryRun.

	Use size_t for ndevice in pool source definition
	This allows it to be used by the VIR_*_ELEMENT macros.
	Also use them for parsing the definiton and remove the redundant
	freeing of 'nodeset' before jumping to the cleanup label.

	Introduce virStoragePoolSourceDeviceClear
	Open-coding one VIR_FREE in the test suite just doesn't seem right.

	Change virStorageBackendISCSISession 'probe' arg to bool
	It quacks like a bool.

2014-03-12  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Add missing goto err_exit in error path
	https://bugzilla.redhat.com/show_bug.cgi?id=1071095
	Add a missing goto err_exit in the error path where an unsupported
	value is assigned to the CTRL_IP_LEARNING key.

2014-03-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix sec label setup when attaching to QEMU processes
	When attaching to a QEMU process, the def->seclabels array is
	going to be empty. The qemuProcessAttach method must thus
	populate it with data for the security drivers.

2014-03-12  Eric Blake  <eblake@redhat.com>

	qemu: don't munge user input during block commit
	While investigating https://bugzilla.redhat.com/show_bug.cgi?id=1061827
	I noticed that we pass user input unscathed for block-pull, but
	always pass a canonical absolute name through for block-commit.
	[Note that we probably _ought_ to validate that the user's request
	for block-pull actually matches the backing chain, the way we already
	do for block-commit - but that's a separate issue.  Further note that
	the ability to pass user input through unscathed allows backdoors
	such as specifying a backing image that is a network URI such as
	a gluster disk, instead of forcing things to the local file system;
	which is an area still under active investigation on whether libvirt
	needs to behave differently for network disks.]
	Since qemu may write the name that the user passed in as the backing
	file, a user may have a reason to want a relative file name passed
	through to qemu, and always munging things to absolute prevents that.
	Put another way, if you have the backing chain:
	[A] <- [B(back=./A)] <- [C(back=./B)]
	and commit B into A (virsh blockcommit $dom vda --base A --top B),
	the metadata of C will have to be re-written. But should it be
	rewritten as [C(back=./A)] or as [C(back=/path/to/A)]?  Still up in
	the air is whether qemu's decision should be based on whether B
	and/or C had relative paths, or on whether the --base and/or
	--top arguments to the command were relative paths; but if we always
	pass a canonical name, we've prevented the spelling of the command
	arguments from being part of the hueristics that qemu uses.
	I also audited the code, and verified that we never call
	qemuMonitorBlockCommit() with a NULL base, either before or after
	the change to qemu_driver.c.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Preserve user's
	spelling, since absolute vs. relative matters to qemu.
	* src/qemu/qemu_monitor.h (qemuMonitorBlockCommit): Base is never
	null.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockCommit): Likewise.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockCommit):
	Likewise.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockCommit):
	Likewise.

	iptables: don't log command probe failures
	Commit b9dd878f caused a regression in iptables interaction by
	logging non-zero status at a higher level than VIR_INFO.  Revert
	that portion of the commit, as well as adding a comment explaining
	why we check the status ourselves.
	Reported by Nehal J Wani.
	* src/util/viriptables.c (virIpTablesOnceInit): Undo log regression.

2014-03-12  Jim Fehlig  <jfehlig@suse.com>

	libxl: support sexpr in native to XML conversion
	Supporting sexpr in connectDomainXMLFromNative in the libxl driver
	adds flexibility for users importing legacy Xen configuration into
	libvirt.  E.g. this patch allows importing previous xend-managed
	domains from /var/lib/xend/domains/<dom-uuid>/config.sxp into the
	libvirt libxl driver.

2014-03-12  John Ferlan  <jferlan@redhat.com>

	storage: Fix bugs in VIR_APPEND_ELEMENT series
	From commit id 'd53bbfd1'
	Found one core and one possible memory leak. Core seen during local
	virt-test/tp_libvirt run for the vol_create_from test. The memory leak
	was seen by inspection during a review of all VIR_APPEND_ELEMENT changes
	In storage_backend_disk/virStorageBackendDiskMakeDataVol(), the 'vol'
	needs to be kept around since it's used later, so use the _COPY macro.
	This caused a segv in libvirtd:
	Program received signal SIGSEGV, Segmentation fault.
	[Switching to Thread 0x7fffe87c3700 (LWP 6919)]
	virStorageBackendDiskMakeDataVol (vol=0x0, groups=0x7fffc8000d70, pool=0x7fffc8002460) at storage/storage_backend_disk.c:66
	66          if (vol->target.path == NULL) {
	In storage_backend_rbd/virStorageBackendRBDRefreshPool() there's a failure
	path where the 'vol' needs to go through virStorageVolDefFree() since it
	wouldn't be appended.

2014-03-11  Daniel P. Berrange  <berrange@redhat.com>

	Remove broken error reporting in QEMU mac filtering
	The qemu_bridge_filter.c file had some helpers for calling
	the ebtablesXXX functions todo bridge filtering. The only
	thing these helpers did was to overwrite the original error
	message from the ebtables code. For added fun, the callers
	of these helpers overwrote the errors yet again. For even
	more fun, one of the helpers called another helper and
	overwrite its errors too.

	Remove unused ebtablesRemoveForwardPolicyReject method
	The ebtablesRemoveForwardPolicyReject method was unused and
	would not do anything useful even if called.

	Remove worthless ebtRules data structure
	The ebtRules data structure serves no useful purpose as
	the table name is never used and only 1 single chain name
	needs to be stored. Just store the chain name directly
	in the ebtablesContext instead.

	Remove data structure holding list of ebtables rules
	When adding/removing ebtables rules, the code would keep
	an array of all rules in memory. This list of rules was
	never used for any purpose and would be lost if libvirtd
	restarted. Delete all the unused code.

	Remove unused variables from ebtablesContext
	The input_filter and nat_postrouting variables were never
	used to create any firewall rules.

	Make ebtablesForwardPolicyReject static
	The ebtablesForwardPolicyReject method is only used internally
	to the ebtables code and thus should have been static.

	Remove decl of method which doesn't exist in virebtables.h
	There is no impl of the ebtablesSaveRules method and nothing
	attempts to use it.

	Remove many decls from bridge driver platform header
	The bridge_driver_platform.h defines many functions that
	a platform driver must implement. Only two of these
	functions are actually called from the main bridge driver
	code. The remainder can be made internal to the linux
	driver only.

	Cache result of QEMU capabilities extraction
	Extracting capabilities from QEMU takes a notable amount of time
	when all QEMU binaries are installed. Each system emulator
	needs about 200-300ms multiplied by 26 binaries == ~5-8 seconds.
	This change causes the QEMU driver to save an XML file containing
	the content of the virQEMUCaps object instance in the cache
	dir eg /var/cache/libvirt/qemu/capabilities/$SHA256(binarypath).xml
	or $HOME/.cache/libvirt/qemu/cache/capabilities/$SHA256(binarypath).xml
	We attempt to load this and only if it fails, do we fallback to
	probing the QEMU binary. The ctime of the QEMU binary and libvirtd
	are stored in the cached file and its data discarded if either
	of them change.

	Change QEMU capabilities cache to check ctime instead of mtime
	Debian's package manager will preserve mtime timestamp on binaries
	from the time they are built, rather than installed. So if a
	user downgrades their QEMU dpkg, the libvirt capabilities
	cache will not refresh. The fix is to use ctime instead of mtime
	since it cannot be faked.

	Add helper APIs to track if libvirtd or loadable modules have changed
	The future QEMU capabilities cache needs to be able to invalidate
	itself if the libvirtd binary or any loadable modules are changed
	on disk. Record the 'ctime' value for these binaries and provide
	helper APIs to query it. This approach assumes that if libvirt.so
	is changed, then libvirtd will also change, which should usually
	be the case with libtool's wrapper scripts that cause libvirtd to
	get re-linked

2014-03-11  Michal Privoznik  <mprivozn@redhat.com>

	virSecurityDACSetSecurityImageLabel: Unmark @def as unused
	The @def is clearly used just a few lines below. There's no need to use
	ATTRIBUTE_UNUSED for it.

2014-03-11  Jiri Denemark  <jdenemar@redhat.com>

	tests: Distribute securityselinuxhelperdata

2014-03-11  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	BZ1072677: Avoid freeing of 0 file descriptor
	Avoid the freeing of an array of zero file descriptors in case
	of error. Initialize the array to -1 using memset.

2014-03-11  Daniel P. Berrange  <berrange@redhat.com>

	Convert lock driver plugins to use new crypto APIs
	Convert the sanlock and lockd lock driver plugins over to use
	the new virCryptoHashString APIs instead of having their own
	duplicated code.

	Add helper APIs for generating cryptographic hashes
	GNULIB provides APIs for calculating md5 and sha256 hashes,
	but these APIs only return you raw byte arrays. Most users
	in libvirt want the hash in printable string format. Add
	some helper APIs in util/vircrypto.{c,h} for doing this.

2014-03-10  Ján Tomko  <jtomko@redhat.com>

	Change file names in comments to match the files they are in
	Some of these are leftovers from renaming the files, others
	are just typos.
	Also introduce an ugly awk script to enforce this.

2014-03-10  Daniel P. Berrange  <berrange@redhat.com>

	Wildcard ignore tests/*test instead of listing every one
	There is a forever growing list of test cases. It is just
	not worth listing each one individually when a wildcard
	can do the job.

2014-03-10  Michal Privoznik  <mprivozn@redhat.com>

	src/xenxs: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/xen: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/util: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/test: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/storage: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/rpc: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/qemu: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/phyp: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/parallels: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/openvz: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/nwfilter: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/lxc/: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	conf: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
	This fixes a possible double free. In virNetworkAssignDef() if
	virBitmapNew() fails, then virNetworkObjFree(network) is called.
	However, with network->def pointing to actual @def. So if caller
	frees @def again, ...
	Moreover, this fixes one possible memory leak too. In
	virInterfaceAssignDef() if appending to the list of interfaces
	fails, we ought to call virInterfaceObjFree() instead of bare
	VIR_FREE().
	Although, in order to do that some array size variables needs
	to be turned into size_t rather than int.

2014-03-10  Daniel P. Berrange  <berrange@redhat.com>

	Add a mutex to serialize updates to firewall
	The nwfilter conf update mutex previously serialized
	updates to the internal data structures for firewall
	rules, and updates to the firewall itself. The latter
	was recently turned into a read/write lock, and filter
	instantiation allowed to proceed in parallel. It was
	believed that this was ok, since each filter is created
	on a separate iptables/ebtables chain.
	It turns out that there is a subtle lock ordering problem
	on virNWFilterObjPtr instances. __virNWFilterInstantiateFilter
	will hold a lock on the virNWFilterObjPtr it is instantiating.
	This in turn invokes virNWFilterInstantiate which then invokes
	virNWFilterDetermineMissingVarsRec which then invokes
	virNWFilterObjFindByName. This iterates over every single
	virNWFilterObjPtr in the list, locking them and checking their
	name. So if 2 or more threads try to instantiate a filter in
	parallel, they'll all hold 1 lock at the top level in the
	__virNWFilterInstantiateFilter method which will cause the
	other thread to deadlock in virNWFilterObjFindByName.
	The fix is to add an exclusive mutex to serialize the
	execution of __virNWFilterInstantiateFilter.

2014-03-10  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix locking in virsh console
	vshRunConsole() uses virCondWait() which is a wrapper around
	pthread_cond_wait(). On FreeBSD, pthread_cond_wait needs mutex to be
	locked, otherwise it immediately fails with EPERM. On Linux, the
	behaviour in this case is undefined.
	So lock the mutex before calling virCondWait().

2014-03-10  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Sort options alphabetically
	Man page, help output and also parsing is sorted in order to find
	options smoothly.

2014-03-10  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix SELinux tests in VPATH build

2014-03-08  John Ferlan  <jferlan@redhat.com>

	virscsi: Introduce virSCSIDeviceUsedByInfoFree
	This resolves a Coverity RESOURCE_LEAK issue introduced by commit
	id 'de6fa535' where the virSCSIDeviceSetUsedBy() didn't VIR_FREE
	the 'copy' or possibly VIR_STRDUP()'d values.  It also ensures that
	the VIR_APPEND_ELEMENT is successful...

2014-03-07  Michael Chapman  <mike@very.puzzling.org>

	tests: Test virIdentityGetSystem
	Test it once with SELinux enabled and once with it disabled.

	virIdentityGetSystem: don't fail if SELinux is disabled
	If SELinux is compiled into libvirt but it is disabled on the host,
	libvirtd logs:
	  error : virIdentityGetSystem:173 : Unable to lookup SELinux process
	  context: Invalid argument
	on each and every client connection.
	Use is_selinux_enabled() to skip retrieval of the process's SELinux
	context if SELinux is disabled.

	tests: SELinux tests do not need to be skipped
	With the previous commit's securityselinuxhelper enhancements, the
	SELinux security manager can be tested even without SELinux enabled on
	the test system.

	tests: Flesh out securityselinuxhelper
	Add fake implementations of:
	- is_selinux_enabled
	- security_disable
	- selinux_virtual_domain_context_path
	- selinux_virtual_image_context_path
	- selinux_lxc_contexts_path
	- selabel_open
	- selabel_close
	- selabel_lookup_raw
	The selabel_* functions back onto the real implementations if SELinux is
	enabled on the test system, otherwise we just implement a fake selabel
	handle which errors out on all labelling lookups.
	With these changes in place, securityselinuxtest and
	securityselinuxlabeltest don't need to skip all tests if SELinux isn't
	available; they can exercise much of the security manager code.

2014-03-07  Jiri Denemark  <jdenemar@redhat.com>

	spec: Let translations be properly updated
	Libvirt tarball contains po/stamp-po file which prevents any po/*.gmo
	file to be regenerated even if a corresponding po/*.po file is newer. By
	removing the stamp-po file, all *.gmo files are properly updated if
	required. This allows downstreams to provide patches that update
	translations.

2014-03-06  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Reject unsupported tuning in session mode
	When domain is started with setting that cannot be done, i.e. those
	that require cgroups, there is no error reported and it succeeds
	without any message whatsoever.
	When setting with API, virsh, an error is reported, but only due to
	the fact that no cgroups are mounted (priv->cgroup == NULL).
	Given the above it seems reasonable to reject such unsupported
	settings.
	This patch effectively changes the error message from:
	$ virsh -c qemu:///session schedinfo dummy
	Scheduler      : Unknown
	error: Requested operation is not valid: cgroup CPU controller is not mounted
	to:
	$ virsh -c qemu:///session schedinfo dummy
	Scheduler      : Unknown
	error: Operation not supported: CPU tuning is not available in session mode
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1023366

2014-03-06  Michael Chapman  <mike@very.puzzling.org>

	datatypes: update comments of Dispose functions
	As of commit 46ec5f85, the conn.lock mutex does not need to be held
	when calling any vir*Dispose() function in datatypes.c (via virObjectUnref()).

2014-03-06  Eric Blake  <eblake@redhat.com>

	virt-login-shell: silence coverity warning
	Coverity spotted that 'nfdlist' (ssize_t) could be -1, but that we
	were using 'i' (size_t) to iterate over the list at cleanup, with
	crashing results because it promotes to a really big unsigned number.
	* tools/virt-login-shell.c (main): Avoid treating -1 as unsigned.

2014-03-06  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix missing char dev lock path case in configure
	configure check for character devices lock path calls
	AC_DEFINE_UNQUOTED for VIR_CHRDEV_LOCK_FILE_PATH even if
	$with_chrdev_lock_files = "no".
	So the locking code in conf/virchrdev.c:
	 #ifdef VIR_CHRDEV_LOCK_FILE_PATH
	is compiled in even if it shouldn't, because VIR_CHRDEV_LOCK_FILE_PATH
	is defined as "no", so it tries to create lock files with strange
	lock path like 'no/LCK..'.
	Fix that by calling AC_DEFINE_UNQUOTED only if $with_chrdev_lock_files
	is not 'no'.

2014-03-05  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Provide more information in generic block job error
	The qemuMonitorJSONBlockJob handles a few errors internally. If qemu
	returns a different error we would report a rather unhelpful message:
	 $ virsh blockpull gluster-job vda --base /dev/null
	 error: internal error: Unexpected error
	As the actual message from qemu contains a bit more info, let's use it
	to report something a little more useful:
	 $ virsh blockpull gluster-job vda --base /dev/null
	 error: internal error: Unexpected error: (GenericError) 'Base '/dev/null' not found'

	doc: storage: Explicitly state that it's possible to have non-unique key
	With most of our storage backends it's possible to have two separate
	volume keys to point to a single volume. (By creating sym/hard-links to
	local files or by mounting remote filesystems to two different locations
	and creating pools on top of them) Document this possibility.

	storage: Don't lie about path used to look up in error message
	In storageVolLookupByPath the provided path is "sanitized" at first.
	This removes some extra slashes and stuff. When the lookup of the volume
	fails the original path is used which makes it hard to trace errors in
	some cases.
	Improve the error message to print the sanitized path along with the
	user provided path if they are not equal.

	storage: Avoid mangling paths of non-local filesystems when looking up
	When looking up a volume by path on a non-local filesystem don't use the
	"cleaned" path that might be mangled in such a way that it will differ
	from a path provided by a storage backend.
	Skip the cleanup step for gluster, sheepdog and RBD.

	storage: Error out when attempting to vol-upload into a remote pool
	Pools that are not backed by files in the filesystem cause problems with
	some APIs. Error out when attempting to upload a volume in such a pool
	as currently we expect a local file representation for it.

	storage: Use cleanup label instead of out

	virsh: volume: Fix lookup of volumes to provide better error messages
	If a user specifies the pool explicitly, we should make sure to point
	out that it's inactive instead of falling back to lookup by key/path and
	failing at the end. Also if the pool isn't found there's no use in
	continuing the lookup.
	This changes the error in case the user-selected pool is inactive from:
	 $ virsh vol-upload --pool inactivepool --vol somevolname volcontents
	 error: failed to get vol 'somevolname'
	 error: Storage volume not found: no storage vol with matching path
	 somevolname
	To a more descriptive:
	 $ virsh vol-upload --pool inactivepool --vol somevolname volcontents
	 error: pool 'inactivepool' is not active
	And in case a user specifies an invalid pool from:
	 $ virsh vol-upload --pool invalidpool --vol somevolname volcontents
	 error: failed to get pool 'invalidpool'
	 error: failed to get vol 'somevolname', specifying --pool might help
	 error: Storage volume not found: no storage vol with matching path somevolname
	To something less confusing:
	 $ virsh vol-upload --pool invalidpool --vol somevolname volcontents
	 error: failed to get pool 'invalidpool'
	 error: Storage pool not found: no storage pool with matching name 'invalidpool'

2014-03-04  Chunyan Liu  <cyliu@suse.com>

	add virhostdev files to maintain global state of host devices

	add 'driver' info to used_by
	Specify which driver and which domain in used_by area to avoid conflict among
	different drivers.

2014-03-04  Cédric Bosdonnat  <cbosdonnat@suse.com>

	apparmor: handle "none" type

	add support for apparmor in lxc-enter-namespace

	apparmor: add debug traces when changing profile.
	The reason for these is that aa-status doesn't show the process using
	the profile as they are in another namespace.

	Make sure apparmor is started before libvirtd
	If apparmor security driver is enabled in either qemu or lxc
	driver configuration and libvirtd starts before AppArmor, it will fail.

2014-03-04  Cédric Bosdonnat  <cedric.bosdonnat@free.fr>

	LXC driver: generate apparmor profiles for guests
	use_apparmor() was first designed to be called from withing libvirtd,
	but libvirt_lxc also uses it. in libvirt_lxc, there is no need to check
	whether to use apparmor or not: just use it if possible.

2014-03-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Fix error message and comment when getting cpu info
	In qemuMonitorJSONExtractCPUInfo an error message hinted on missing
	character device data which is wrong.
	Also a comment states that only qemu-kvm tree includes the thread_id
	field. This is no longer true.

	qemu: snapshot: Use better check when reverting external snapshots
	https://bugzilla.redhat.com/show_bug.cgi?id=1071264
	Reverting of external snapshots is not supported currently. The check
	that is present doesn't properly check for all aspects that make a
	snapshot external. Use virDomainSnapshotIsExternal() to do the check.

2014-03-04  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildNicDevStr: Adapt to new advisory on multiqueue
	As I did previously in 4f588a1b46, libvirt needs to set virtio vectors.
	Previously, we were advised to use vectors=N, where
	N = 2 * (number of queues) + 1
	However, just recently this advisory has changed on the Multiquue wiki
	page [1] to:
	N = 2 * (number of queues) + 2
	1: http://www.linux-kvm.org/page/Multiqueue#Enable_MQ_feature

2014-03-04  Ján Tomko  <jtomko@redhat.com>

	Check if systemd is running before creating machines
	If systemd is installed, but is not the init system,
	systemd-machined fails with an unhelpful error message:
	Launch helper exited with unknown return code 1
	Currently we only check if the "machine1" service is
	available (in ListActivatableNames).
	Also check if "systemd1" service is registered with DBus
	(ListNames).
	This fixes https://bugs.gentoo.org/show_bug.cgi?id=493246#c22

	Split out most of virDBusIsServiceEnabled
	Introduce virDBusIsServiceInList which can be used to call other
	methods for listing services (ListNames), not just ListActivatableNames.
	No functional change, fixed the 'Retruns' typo.

	Don't always skip virportallocatortest
	Include dlfcn.h before checking if RTLD_NEXT is defined

2014-03-04  Martin Kletzander  <mkletzan@redhat.com>

	tests: Create privileged driver config in qemuxml2argvtest
	This is actually a proper setting since we're not checking
	session-mode related XMLs.

2014-03-04  Ján Tomko  <jtomko@redhat.com>

	build: Include sys/wait.h in commandtest.c
	Commit 631923e used a few macros from sys/wait.h without including
	it. On Linux, they were also defined in stdlib.h, but on FreeBSD
	the build failed:
	../../tests/commandtest.c: In function 'test1':
	warning: implicit declaration of function 'WIFEXITED'
	warning: nested extern declaration of 'WIFEXITED' [-Wnested-externs]

2014-03-04  Eric Blake  <eblake@redhat.com>

	build: fix cppi warning
	Jenkins pointed out that the previous commit violates syntax
	check when cppi is installed.
	* src/nwfilter/nwfilter_dhcpsnoop.c (SNOOP_POLL_MAX_TIMEOUT_MS):
	Update indentation.

2014-03-04  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Increase buffer size for libpcap
	Libpcap 1.5 requires a larger buffer than previous pcap versions.
	Adjust the size of the buffer to 128kb.
	This patch should address symptoms in BZ 1071181 and BZ 731059

	nwfilter: Display the pcap errror message
	Display the pcap error message in the log.

	nwfilter: Cap the poll timeout in the DHCP Snooping code
	Cap the poll timeout in the DHCP Snooping code to a max. of 10 seconds
	to not hold up the libvirt shutdown longer than this.

2014-03-04  Eric Blake  <eblake@redhat.com>

	virsh: report exit status of failed lxc-enter-namespace
	'virsh lxc-enter-namespace' does not have a way to reflect exit
	status to the caller in single-command mode, but we might as well
	at least report the exit status.  Prior to this patch,
	$ virsh -c lxc:/// lxc-enter-namespace shell /bin/sh 'exit 3'; echo $?
	1
	now it gives some details:
	$ virsh -c lxc:/// lxc-enter-namespace shell /bin/sh -c 'exit 3'; echo $?
	error: internal error: Child process (31557) unexpected exit status 3
	1
	Also useful:
	$ virsh -c lxc:/// lxc-enter-namespace shell /bin/sh -c 'kill $$'; echo $?
	error: internal error: Child process (31585) unexpected fatal signal 15
	1
	* tools/virsh-domain.c (cmdLxcEnterNamespace): Avoid magic numbers.
	Dispatch any error.
	* tools/virsh.pod: Document that non-zero exit status is collapsed.

	virt-login-shell: saner exit value
	virt-login-shell was exiting with status 0, regardless of what the
	wrapped shell returned.  This is unkind to users; we should behave
	more like env(1), nice(1), su(1), and other wrapper programs, by
	preserving the invoked application's status (which includes the
	distinction between death due to signal vs. normal death).
	* tools/virt-login-shell.c (main): Pass through child exit status.
	* tools/virt-login-shell.pod: Document exit status.

	virt-login-shell: use single instead of double fork
	Note that 'virsh lxc-enter-namespace' must double-fork, for two
	reasons: some namespaces can only be done from a single thread,
	while virsh is multithreaded; and because virsh can be run in
	batch mode where we must not corrupt the namespace of that
	execution upon return from the subsidiary command.
	When virt-login-shell was first written, it blindly copied from
	'virsh lxc-enter-namespace', including the double-fork.  But
	neither of the reasons for double forking apply to
	virt-login-shell (we are single-threaded, and we have nothing to
	do after the child completes that would require us to preserve a
	namespace), so we can simplify life by using a single fork.
	In turn, this will make it easier for a future patch to pass the
	child's exit status on to the invoking shell.
	In flattening to a single fork, note that closing the fds must
	be done after fork, because the parent process still needs to
	use fds to control the virConnectPtr; meanwhile, chdir can be
	done prior to forking (in fact, it's easier to report errors
	on anything attempted before forking).
	* tools/virt-login-shell.c (main): Single rather than double fork.
	(virLoginShellFini): Delete, by inlining actions instead.

	virFork: simplify semantics
	The old semantics of virFork() violates the priciple of good
	usability: it requires the caller to check the pid argument
	after use, *even when virFork returned -1*, in order to properly
	abort a child process that failed setup done immediately after
	fork() - that is, the caller must call _exit() in the child.
	While uses in virfile.c did this correctly, uses in 'virsh
	lxc-enter-namespace' and 'virt-login-shell' would happily return
	from the calling function in both the child and the parent,
	leading to very confusing results. [Thankfully, I found the
	problem by inspection, and can't actually trigger the double
	return on error without an LD_PRELOAD library.]
	It is much better if the semantics of virFork are impossible
	to abuse.  Looking at virFork(), the parent could only ever
	return -1 with a non-negative pid if it misused pthread_sigmask,
	but this never happens.  Up until this patch series, the child
	could return -1 with non-negative pid if it fails to set up
	signals correctly, but we recently fixed that to make the child
	call _exit() at that point instead of forcing the caller to do
	it.  Thus, the return value and contents of the pid argument are
	now redundant (a -1 return now happens only for failure to fork,
	a child 0 return only happens for a successful 0 pid, and a
	parent 0 return only happens for a successful non-zero pid),
	so we might as well return the pid directly rather than an
	integer of whether it succeeded or failed; this is also good
	from the interface design perspective as users are already
	familiar with fork() semantics.
	One last change in this patch: before returning the pid directly,
	I found cases where using virProcessWait unconditionally on a
	cleanup path of a virFork's -1 pid return would be nicer if there
	were a way to avoid it overwriting an earlier message.  While
	such paths are a bit harder to come by with my change to a direct
	pid return, I decided to keep the virProcessWait change in this
	patch.
	* src/util/vircommand.h (virFork): Change signature.
	* src/util/vircommand.c (virFork): Guarantee that child will only
	return on success, to simplify callers.  Return pid rather than
	status, now that the situations are always the same.
	(virExec): Adjust caller, also avoid open-coding process death.
	* src/util/virprocess.c (virProcessWait): Tweak semantics when pid
	is -1.
	(virProcessRunInMountNamespace): Adjust caller.
	* src/util/virfile.c (virFileAccessibleAs, virFileOpenForked)
	(virDirCreate): Likewise.
	* tools/virt-login-shell.c (main): Likewise.
	* tools/virsh-domain.c (cmdLxcEnterNamespace): Likewise.
	* tests/commandtest.c (test23): Likewise.

	util: make it easier to grab only regular command exit
	Auditing all callers of virCommandRun and virCommandWait that
	passed a non-NULL pointer for exit status turned up some
	interesting observations.  Many callers were merely passing
	a pointer to avoid the overall command dying, but without
	caring what the exit status was - but these callers would
	be better off treating a child death by signal as an abnormal
	exit.  Other callers were actually acting on the status, but
	not all of them remembered to filter by WIFEXITED and convert
	with WEXITSTATUS; depending on the platform, this can result
	in a status being reported as 256 times too big.  And among
	those that correctly parse the output, it gets rather verbose.
	Finally, there were the callers that explicitly checked that
	the status was 0, and gave their own message, but with fewer
	details than what virCommand gives for free.
	So the best idea is to move the complexity out of callers and
	into virCommand - by default, we return the actual exit status
	already cleaned through WEXITSTATUS and treat signals as a
	failed command; but the few callers that care can ask for raw
	status and act on it themselves.
	* src/util/vircommand.h (virCommandRawStatus): New prototype.
	* src/libvirt_private.syms (util/command.h): Export it.
	* docs/internals/command.html.in: Document it.
	* src/util/vircommand.c (virCommandRawStatus): New function.
	(virCommandWait): Adjust semantics.
	* tests/commandtest.c (test1): Test it.
	* daemon/remote.c (remoteDispatchAuthPolkit): Adjust callers.
	* src/access/viraccessdriverpolkit.c (virAccessDriverPolkitCheck):
	Likewise.
	* src/fdstream.c (virFDStreamCloseInt): Likewise.
	* src/lxc/lxc_process.c (virLXCProcessStart): Likewise.
	* src/qemu/qemu_command.c (qemuCreateInBridgePortWithHelper):
	Likewise.
	* src/xen/xen_driver.c (xenUnifiedXendProbe): Simplify.
	* tests/reconnect.c (mymain): Likewise.
	* tests/statstest.c (mymain): Likewise.
	* src/bhyve/bhyve_process.c (virBhyveProcessStart)
	(virBhyveProcessStop): Don't overwrite virCommand error.
	* src/libvirt.c (virConnectAuthGainPolkit): Likewise.
	* src/openvz/openvz_driver.c (openvzDomainGetBarrierLimit)
	(openvzDomainSetBarrierLimit): Likewise.
	* src/util/virebtables.c (virEbTablesOnceInit): Likewise.
	* src/util/viriptables.c (virIpTablesOnceInit): Likewise.
	* src/util/virnetdevveth.c (virNetDevVethCreate): Fix debug
	message.
	* src/qemu/qemu_capabilities.c (virQEMUCapsInitQMP): Add comment.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSINodeUpdate): Likewise.

	util: make it easier to grab only regular process exit
	Right now, a caller waiting for a child process either requires
	the child to have status 0, or must use WIFEXITED() and friends
	itself.  But in many cases, we want the middle ground of treating
	fatal signals as an error, and directly accessing the normal exit
	value without having to use WEXITSTATUS(), in order to easily
	detect an expected non-zero exit status.  This adds the middle
	ground to the low-level virProcessWait; the next patch will add
	it to virCommand.
	* src/util/virprocess.h (virProcessWait): Alter signature.
	* src/util/virprocess.c (virProcessWait): Add parameter.
	(virProcessRunInMountNamespace): Adjust caller.
	* src/util/vircommand.c (virCommandWait): Likewise.
	* src/util/virfile.c (virFileAccessibleAs): Likewise.
	* src/lxc/lxc_container.c (lxcContainerHasReboot)
	(lxcContainerAvailable): Likewise.
	* daemon/libvirtd.c (daemonForkIntoBackground): Likewise.
	* tools/virt-login-shell.c (main): Likewise.
	* tools/virsh-domain.c (cmdLxcEnterNamespace): Likewise.
	* tests/testutils.c (virtTestCaptureProgramOutput): Likewise.
	* tests/commandtest.c (test23): Likewise.

	util: preserve exit status from mount namespace callback
	The documentation of namespace callbacks was inconsistent on whether
	it preserved positive return values.  Now that we have a dedicated
	EXIT_CANCELED to flag all errors before getting to the callback,
	it is possible to use positive return values (not that any of the
	current callers do, but it is better to match the docs).
	Also, while vircommand.c is careful to close fds that a child should
	not have, it's still better to be in the practice of setting
	FD_CLOEXEC up front.
	* src/util/virprocess.c (virProcessRunInMountNamespace): Tweak
	return value to pass back non-zero status.  Avoid leaking pipe fds
	to other threads.
	* src/util/virprocess.h: Fix comment.

	util: make it easier to reflect child exit status
	Thanks to namespaces, we have a couple of places in the code
	base that want to reflect a child exit status, including the
	ability to detect death by a signal, back to a grandparent.
	Best to make it a reusable function.
	* src/util/virprocess.h (virProcessExitWithStatus): New prototype.
	* src/libvirt_private.syms (util/virprocess.h): Export it.
	* src/util/virprocess.c (virProcessExitWithStatus): New function.
	* tests/commandtest.c (test23): Test it.

	virFork: give specific status on failure prior to exec
	When a child fails without exec'ing, we want a well-known status;
	best is to match what env(1), nice(1), su(1), and other wrapper
	programs do.  This patch adds enum values that later patches will
	use, and sets up virFork as the first client of EXIT_CANCELED
	for errors detected prior to even attempting exec, as well as
	virExec to distinguish between a missing executable vs. a binary
	that cannot be executed.
	This is a slight semantic change in the unlikely case of a child
	process failing to restore its signal mask - we now kill the
	child with a known status instead of relying on the caller to
	notice and do an appropriate _exit().  A subsequent patch will
	make further cleanups based on an audit of all callers.
	* src/internal.h (EXIT_CANCELED, EXIT_CANNOT_INVOKE)
	(EXIT_ENOENT): New enum.
	* src/util/vircommand.c (virFork): Document specific exit value if
	child aborts early.
	(virExec): Distinguish between various exec failures.
	* tests/commandtest.c (test1): Enhance test.
	(test22): New test.

	nwfilter: make ignoring non-zero status easier to follow
	While auditing all callers of virCommandRun, I noticed that nwfilter
	code never paid attention to commands with a non-zero status; they
	were merely passing a pointer to avoid spamming the logs with a
	message about commands that might indeed fail.  But proving this
	required chasing through a lot of code; refactoring things to
	localize the decision of whether to ignore non-zero status makes
	it easier to prove that later changes to virFork don't negatively
	affect this code.
	While at it, I also noticed that ebiptablesRemoveRules would
	actually report success if the child process failed for a
	reason other than non-zero status, such as OOM.
	* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesExecCLI):
	Change parameter from pointer to bool.
	(ebtablesApplyBasicRules, ebtablesApplyDHCPOnlyRules)
	(ebtablesApplyDropAllRules, ebtablesCleanAll)
	(ebiptablesApplyNewRules, ebiptablesTearNewRules)
	(ebiptablesTearOldRules, ebiptablesAllTeardown)
	(ebiptablesDriverInitWithFirewallD)
	(ebiptablesDriverTestCLITools, ebiptablesDriverProbeStateMatch):
	Adjust all clients.
	(ebiptablesRemoveRules): Likewise, and fix return value on failure.

2014-03-04  Oleg Strikov  <oleg.strikov@canonical.com>

	qemu: Implement a stub cpuArchDriver.baseline() handler for arm
	Openstack Nova calls virConnectBaselineCPU() during initialization
	of the instance to get a full list of CPU features.
	This patch adds a stub to arm-specific code to handle
	this request (no actual work is done).

2014-03-03  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: typo fix
	 * drvuml.html.in: (connected) s/toa PTY/to a PTY/

2014-03-03  Ján Tomko  <jtomko@redhat.com>

	Fix indentation in virsystemdmock

	Replace space with a tab in the Makefile
	All the other test_programs in the section use tabs
	and virportallocatortest sticks out with tab width
	other than 8.

	Add a test for virUSBDeviceList functions
	Most of them are already tested in a limited way
	by testing virUSBDeviceFind.

	Add tests for virUSBDeviceFind functions
	Mock the /sys/bus/usb directory and test the finding
	(and not finding) of some USB devices.

2014-03-03  Daniel P. Berrange  <berrange@redhat.com>

	Generate a unique journald log for QEMU capabilities failure
	When probing QEMU capabilities fails for a binary generate a
	log message with MESSAGE_ID==8ae2f3fb-2dbe-498e-8fbd-012d40afa361.
	This can be directly queried from journald based on the UUID
	instead of needing string grep. This lets tools like libguestfs'
	bug reporting tool trivially do automated sanity tests on the
	host they're running on.
	 $ journalctl MESSAGE_ID=8ae2f3fb-2dbe-498e-8fbd-012d40afa361
	 Feb 21 17:11:01 localhost.localdomain lt-libvirtd[9196]:
	 Failed to probe capabilities for /bin/qemu-system-alpha:
	 internal error: Child process (LC_ALL=C LD_LIBRARY_PATH=
	 /home/berrange/src/virt/libvirt/src/.libs PATH=/usr/lib64/
	 ccache:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:
	 /usr/bin:/root/bin HOME=/root USER=root LOGNAME=root
	 /bin/qemu-system-alpha -help) unexpected exit status 127:
	 /bin/qemu-system-alpha: error while loading shared libraries:
	 libglapi.so.0: cannot open shared object file: No such file
	 or directory
	 $ journalctl MESSAGE_ID=8ae2f3fb-2dbe-498e-8fbd-012d40afa361 --output=json
	 { ...snip...
	  "LIBVIRT_SOURCE" : "file",
	  "PRIORITY" : "3",
	  "CODE_FILE" : "qemu/qemu_capabilities.c",
	  "CODE_LINE" : "2770",
	  "CODE_FUNC" : "virQEMUCapsLogProbeFailure",
	  "MESSAGE_ID" : "8ae2f3fb-2dbe-498e-8fbd-012d40afa361",
	  "LIBVIRT_QEMU_BINARY" : "/bin/qemu-system-xtensa",
	  "MESSAGE" : "Failed to probe capabilities for /bin/qemu-system-xtensa:
	   internal error: Child process (LC_ALL=C LD_LIBRARY_PATH=/home/berrange
	   /src/virt/libvirt/src/.libs PATH=/usr/lib64/ccache:/usr/local/sbin:
	   /usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin HOME=/root
	   USER=root LOGNAME=root /bin/qemu-system-xtensa -help) unexpected
	   exit status 127: /bin/qemu-system-xtensa: error while loading shared
	   libraries: libglapi.so.0: cannot open shared object file: No such
	    file or directory\n" }

2014-03-03  Michal Privoznik  <mprivozn@redhat.com>

	Bump version to 1.2.3 for new dev cycle

2014-03-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.2
	- docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: update localization and merge

2014-03-02  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add basic documentation

2014-03-01  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: defined domains should be persistent

2014-03-01  Eric Blake  <eblake@redhat.com>

	virsh: add --all flag to 'event' command
	Similar to our event-test demo program, it's nice to be able to
	have a mode where we can sniff all events at once, rather than
	having to spawn multiple virsh in parallel with one for each
	event type.
	(Can I just say our RegisterAny design is lousy?  The fact that
	the majority of our callback pointers have a function signature
	with the opaque data in a different position, and that we have
	to cast the function signature before registering it, makes it
	hard to write a generic callback function; we have to write one
	for every type of event id.  Life would have been easier if we
	had designed the callback as a fixed signature with a void*
	and size parameter, and then allowed the caller to downcast
	the void* to a particular struct for data specific to their
	callback id, where we could have then had a single function
	with a switch statement for each event id, and register that
	one function for all types of events.  It would also be nicer
	if the callback functions knew which callbackID was being used
	when invoking that callback, so that I could use a common data
	structure among all registrations instead of having to create
	an array of one data per callback.  But I really don't want to
	go add yet another event API design.)
	* tools/virsh-domain.c (cmdEvent): Add --all parameter; convert
	all callbacks to support shared counter.
	* tools/virsh.pod (event): Document it.

	virsh: support remaining domain events
	Earlier, I added 'virsh event' for lifecycle events, to get the
	concept approved; this patch finishes the support for all other
	events, although the user still has to register for one event
	type at a time.  A future patch may add an --all parameter to
	make it possible to register for all events through a single
	call.
	* tools/virsh-domain.c (vshDomainEventWatchdogToString)
	(vshDomainEventIOErrorToString, vshGraphicsPhaseToString)
	(vshGraphicsAddressToString, vshDomainBlockJobStatusToString)
	(vshDomainEventDiskChangeToString)
	(vshDomainEventTrayChangeToString, vshEventGenericPrint)
	(vshEventRTCChangePrint, vshEventWatchdogPrint)
	(vshEventIOErrorPrint, vshEventGraphicsPrint)
	(vshEventIOErrorReasonPrint, vshEventBlockJobPrint)
	(vshEventDiskChangePrint, vshEventTrayChangePrint)
	(vshEventPMChangePrint, vshEventBalloonChangePrint)
	(vshEventDeviceRemovedPrint): New helper routines.
	(cmdEvent): Support full array of event callbacks.

2014-03-01  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: support domain undefine
	Implement domainUndefine and required helper functions:
	 - domainIsActive
	 - domainIsPersistent

2014-03-01  Daniel P. Berrange  <berrange@redhat.com>

	Add comments describing the different log sources

	Include error domain and code in log messages from errors
	When a virError is raised, pass the error domain and code
	onto the systemd journald using metadata fields.
	This allows error messages to be queried by code eg
	  $ journalctl LIBVIRT_CODE=43

	Add docs about use of systemd journal for logging
	Document the various fields that libvirt will emit for
	journal log records.

	Auto-generate the table of contents in logging doc
	The logging doc had a hand-written table of contents
	instead of using the automatic XSL generated one.

	Fix heading level in logging docs
	The logging docs went straight from <h1> to <h3> header level,
	skipping out <h2>.

	Fix journald PRIORITY values
	The systemd journal expects log record PRIORITY values to
	be encoded using the syslog compatible numbering scheme,
	not libvirt's own native numbering scheme. We must therefore
	apply a conversion.

	Send virLogMetadata fields onto the journal
	The systemd journal accepts arbitrary user specified log
	fields. These can be passed into virLogMessage via the
	virLogMetadata structure. Allow up to 5 custom fields to
	be reported by libvirt callers.

2014-03-01  Oleg Strikov  <oleg.strikov@canonical.com>

	qemu: Enable 'host-passthrough' cpu mode for arm
	This patch allows libvirt user to specify 'host-passthrough'
	cpu mode while using qemu/kvm backend on arm (arm32).
	It uses 'host' as a CPU model name instead of some other stub
	(correct CPU detection is not implemented yet) to allow libvirt
	user to specify 'host-model' cpu mode as well.

2014-02-28  Michal Privoznik  <mprivozn@redhat.com>

	domblkstat: Produce error message that at least sounds like English
	Compare:
	  # virsh domblkstat freebsd hdd
	  error: Failed to get block stats freebsd hdd
	  error: invalid argument: invalid path: hdd
	with:
	  # virsh domblkstat freebsd hdd
	  error: Failed to get block stats for domain 'freebsd' device 'hdd'
	  error: invalid argument: invalid path: hdd

	virDomainBlockStats(Flags): Produce saner error message on empty disk path
	As of 0bd2ccdec an empty disk path for virDomainBlockStats (or the one
	with Flags) is allowed meaning "get me overall summarized statistics".
	However, running 'virsh domblkstat $dom' throws a misleading error:
	  # ./tools/virsh domblkstat dom
	  error: Failed to get block stats dom
	  error: invalid argument: invalid path:
	while after this commit
	  # virsh domblkstat dom
	  error: Operation not supported: summary statistics are not supported yet

2014-02-28  Eric Blake  <eblake@redhat.com>

	tests: avoid littering /tmp
	Running 'make -C tests check TESTS=qemuagenttest' left a directory
	/tmp/libvirt_XXXXXX/ behind.  The culprit was failure to cleanup
	when short-circuiting an expensive test.
	* tests/qemuagenttest.c (testQemuAgentTimeout): Free resources
	when skipping expensive test.

2014-02-27  Jiri Denemark  <jdenemar@redhat.com>

	sanlock: Truncate domain names longer than SANLK_NAME_LEN
	Libvirt uses a domain name to fill in owner_name in sanlock_options in
	virLockManagerSanlockAcquire. Unfortunately, owner_name is limited to
	SANLK_NAME_LEN characters (including trailing '\0'), which means domains
	with longer names fail to start when sanlock is enabled. However, we can
	truncate the name when setting owner_name as explained by sanlock's
	author:
	Setting sanlk_options or the owner_name is unnecessary, and has very
	little to no benefit.  If you do provide something in owner_name, it can
	be anything, sanlock doesn't care or use it.
	If you run the command "sanlock status", the output will display a list
	of clients connected to the sanlock daemon.  This client list is
	displayed as "pid owner_name" if the client has provided an owner_name
	via sanlk_options. This debugging output is the only usage of
	owner_name, so its only benefit is to potentially provide a more human
	friendly output for debugging purposes.

2014-02-27  Eric Blake  <eblake@redhat.com>

	build: skip virportallocatortest on cygwin
	Cygwin supports <dlfcn.h> and even has limited LD_PRELOAD
	capabilities; but because it does not use ELF binaries it
	cannot support RTLD_NEXT lookups.
	  CC       libvirportallocatormock_la-virportallocatortest.lo
	virportallocatortest.c: In function 'init_syms':
	virportallocatortest.c:47:24: error: 'RTLD_NEXT' undeclared (first use in this function)
	     realsocket = dlsym(RTLD_NEXT, "socket");
	* tests/virportallocatortest.c: Also require RTLD_NEXT.

	build: ignore cygwin toolchain droppings
	The cygwin compiler automatically creates a '*.exe.manifest'
	companion file for any .exe file that contains a substring
	that would otherwise cause newer Windows to pester users about
	needing admin rights (such as "update", "instal", "setup"...).
	This means that compilation on cygwin left behind
	tests/networkxml2xmlupdatetest.exe.manifest.
	* .gitignore: Ignore manifest files.

2014-02-27  Yuri Chornoivan  <yurchor@ukr.net>

	maint: Fix minor typo (unkown)

2014-02-26  Ian Campbell  <ian.campbell@citrix.com>

	libxl: Recognise ARM architectures
	Only tested on v7 but the v8 equivalent seems pretty obvious.
	XEN_CAP_REGEX already accepts more than it should (e.g. x86_64p or x86_32be)
	but I have stuck with the existing pattern.
	With this I can create a guest from:
	  <domain type='xen'>
	    <name>libvirt-test</name>
	    <uuid>6343998e-9eda-11e3-98f6-77252a7d02f3</uuid>
	    <memory>393216</memory>
	    <currentMemory>393216</currentMemory>
	    <vcpu>1</vcpu>
	    <os>
	      <type arch='armv7l' machine='xenpv'>linux</type>
	      <kernel>/boot/vmlinuz-arm-native</kernel>
	      <cmdline>console=hvc0 earlyprintk debug root=/dev/xvda1</cmdline>
	    </os>
	    <clock offset='utc'/>
	    <on_poweroff>destroy</on_poweroff>
	    <on_reboot>restart</on_reboot>
	    <on_crash>destroy</on_crash>
	    <devices>
	      <disk type='block' device='disk'>
	        <source dev='/dev/marilith-n0/debian-disk'/>
	        <target dev='xvda1'/>
	      </disk>
	      <interface type='bridge'>
	        <mac address='8e:a7:8e:3c:f4:f6'/>
	        <source bridge='xenbr0'/>
	      </interface>
	    </devices>
	  </domain>
	Using virsh create and I can destroy it too.
	Currently virsh console fails with:
	  Connected to domain libvirt-test
	  Escape character is ^]
	  error: internal error: cannot find character device <null>
	I haven't investigated yet.

2014-02-26  Peter Krempa  <pkrempa@redhat.com>

	spec: Fix braces around macros
	In commit 72f7658ba24491672e6b81118f892400916e9404 I've added a few
	macros with bad bracing. Although they work as expected fix them so that
	we use uniform syntax.

2014-02-26  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Honour -q in domblklist, vcpupin and emulatorpin
	If user wants to grep some info from domain, e.g. disk paths:
	    # virsh -q domblklist win7 | awk '{print $2}'
	    Source
	    /var/lib/libvirt/images/windows.qcow2
	    /home/zippy/work/tmp/en_windows_7_professional_x64_dvd_X15-65805.iso
	while with my change:
	    # virsh -q domblklist win7 | awk '{print $2}'
	    /var/lib/libvirt/images/windows.qcow2
	    /home/zippy/work/tmp/en_windows_7_professional_x64_dvd_X15-65805.iso
	We don't print table header in other commands, like list.

2014-02-26  Eric Blake  <eblake@redhat.com>

	spec: make systemd_daemon usage configurable
	On Fedora 20, I added this to my '~/.rpmmacros':
	%_without_udev 1
	%_without_storage_mpath 1
	%_without_storage_disk 1
	and uninstalled systemd-devel (which also removed device-mapper-devel).
	Then I ran 'make rpm', and inspected the results:
	$ ldd ~/rpmbuild/BUILD/libvirt-1.2.2/daemon/.libs/libvirtd | grep syst
	$
	Then I reinstalled systemd-devel, where I now see:
	$ ldd ~/rpmbuild/BUILD/libvirt-1.2.2/daemon/.libs/libvirtd | grep syst
	  libsystemd-daemon.so.0 => /lib64/libsystemd-daemon.so.0 (0x00007ffb858ba000)
	$
	Oops - the build is non-deterministic, where the final binary
	depends on my build environment.  The fix is to require
	systemd-devel in all situations where the code base uses it.
	Now ~/.rpmmacros can contain "%define _without_systemd_daemon 1"
	to explicitly disable use of the library, but the library is now
	a strict build requirement for normal builds; if systemd-devel
	is not installed, the user now gets an up-front warning:
	$ rpmbuild -ta libvirt-1.2.2.tar.gz
	error: Failed build dependencies:
	       systemd-devel is needed by libvirt-1.2.2-1.fc20.x86_64
	* libvirt.spec.in (with_systemd_daemon): New variable.
	(BuildRequires): Require systemd-devel for more than just udev.
	(%configure): Make choice of systemd_daemon explicit.

	spec: require device-mapper-devel for storage-disk
	On Fedora 20, with the following in my ~/.rpmmacros:
	%_without_udev 1
	%_without_storage_mpath 1
	and with device-mapper-devel uninstalled, 'make rpm' fails with:
	checking for libdevmapper.h... no
	configure: error: You must install device-mapper-devel/libdevmapper >= 1.0.0 to compile libvirt
	error: Bad exit status from /var/tmp/rpm-tmp.Wo9pOG (%build)
	This is a rather late point to be issuing an error; better is
	to flag missing packages up front.  The fix is to match the logic
	in configure.ac on when devmapper is required (for both mpath and
	storage).  While at it, rbd storage is not dependent on mpath.
	With this patch applied, I now get:
	$ rpmbuild -ta libvirt-1.2.2.tar.gz
	error: Failed build dependencies:
	       device-mapper-devel is needed by libvirt-1.2.2-1.fc20.x86_64
	until either installing the package or further modifying
	~/.rpmmacros to add "%_without_storage_disk 1".
	* libvirt.spec.in (BuildRequires): Fix build when mpath is
	disabled.

	spec: explicitly avoid bhyve on Linux
	Generally, we try to make the spec file tweakable via user
	variables, so that they can select a different subset of sub-rpms
	to build.  We also try to explicitly list all driver config
	options, rather than leaving the chance that the rpm build may be
	non-deterministic based on what the user had installed locally.
	But in the case of the recent bhyve hypervisor driver, there is
	no port of bhyve to Linux, so it is easier to just blindly
	disable it for now.  If someone ever does try to port bhyve to
	Fedora, we can make the spec file conditional at that point.
	* libvirt.spec.in (%configure): Don't try to build bhyve.

	build: use --with-systemd-daemon as configure option
	Commit 68954fb added a configure option --with-systemd_daemon,
	which violates the conventions of configure files preferring
	dash in all option names.  This fixes it, before we hit a
	release where the tarball is baked with an awkward name.
	* m4/virt-lib.m4 (LIBVIRT_CHECK_LIB, LIBVIRT_CHECK_LIB_ALT)
	(LIBVIRT_CHECK_PKG): Favor - over _ in configure option names.

2014-02-26  Peter Krempa  <pkrempa@redhat.com>

	spec: Use correct versions of libgfapi in RHEL builds
	RHEL still uses the 3.4.0 package of libgfapi and the package is built
	only for x86_64.

2014-02-26  Laine Stump  <laine@laine.org>

	network: unplug bandwidth and call networkRunHook only when appropriate
	According to commit b4e0299d if networkAllocateActualDevice() was
	successful, it will *always* allocate an iface->data.network.actual,
	so we can use this during networkReleaseActualDevice() to know if
	there is really anything to undo. We were properly using this
	information to only decrement the network connections counter if it
	had previously been incremented, but we were unconditionally
	unplugging bandwidth and calling the "unplugged" network hook for
	*all* interfaces (during qemuProcessStop()) whether they had been
	previously plugged or not. This caused problems if a domain failed to
	start at some time prior to all interfaces being allocated. (I
	encountered this when an interface had a bandwidth floor set but no
	inbound QoS).
	This patch changes both the call to networkUnplugBandwidth() and the
	call to networkRunHook() to only be called if there was a previous
	call to "plug" for the same interface.

	network: don't even call networkRunHook if there is no network
	networkAllocateActualDevice() is called for *all* interfaces, not just
	those with type='network'. In that case, it will jump down to its
	validate: label immediately, without allocating anything. After
	validation is done, two counters are potentially updated (one for the
	network, and one for any particular physical device that is chosen),
	and then networkRunHook() is called.
	This patch refactors that code a slight bit so that networkRunHook()
	doesn't get called if netdef is NULL (i.e. type != network) and to
	place the conditional increment of dev->connections inside the "if
	(netdef)" as well - dev can never be non-null if netdef is null
	(because "dev" is the pointer to a device in a network's pool of
	devices), so this doesn't have any functional effect, it just makes
	the code clearer.

2014-02-26  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in virSCSIDeviceListDel()
	While running virscsitest, it was found that valgrind pointed out the following
	memory leak:
	==320== 5 bytes in 1 blocks are definitely lost in loss record 4 of 37
	==320==    at 0x4A069EE: malloc (vg_replace_malloc.c:270)
	==320==    by 0x3E6CE81171: strdup (strdup.c:43)
	==320==    by 0x4CB28DF: virStrdup (virstring.c:554)
	==320==    by 0x4CAC987: virSCSIDeviceSetUsedBy (virscsi.c:289)
	==320==    by 0x402321: test2 (virscsitest.c:100)
	==320==    by 0x403231: virtTestRun (testutils.c:199)
	==320==    by 0x402121: mymain (virscsitest.c:180)
	==320==    by 0x4039AD: virtTestMain (testutils.c:782)
	==320==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	==320==
	Introduced by commit fd243fc.

2014-02-26  Michal Privoznik  <mprivozn@redhat.com>

	virNetDevVethCreate: Serialize callers
	Consider dozen of LXC domains, each of them having this type of interface:
	    <interface type='network'>
	      <mac address='52:54:00:a7:05:4b'/>
	      <source network='default'/>
	    </interface>
	When starting these domain in parallel, all workers may meet in
	virNetDevVethCreate() where a race starts. Race over allocating veth
	pairs because allocation requires two steps:
	  1) find first nonexistent '/sys/class/net/vnet%d/'
	  2) run 'ip link add ...' command
	Now consider two threads. Both of them find N as the first unused veth
	index but only one of them succeeds allocating it. The other one fails.
	For such cases, we are running the allocation in a loop with 10 rounds.
	However this is very flaky synchronization. It should be rather used
	when libvirt is competing with other process than when libvirt threads
	fight each other. Therefore, internally we should use mutex to serialize
	callers, and do the allocation in loop (just in case we are competing
	with a different process). By the way we have something similar already
	since 1cf97c87.

2014-02-26  Eric Blake  <eblake@redhat.com>

	build: avoid ld_preload tests on mingw
	Running ./autobuild.sh complained during the mingw cross-compile:
	  CC       libvirportallocatormock_la-virportallocatortest.lo
	../../tests/virportallocatortest.c:32:20: fatal error: dlfcn.h: No such file or directory
	 # include <dlfcn.h>
	                    ^
	compilation terminated.  With that fixed, the next failure was:
	  CCLD     qemuxml2argvmock.la
	libtool: link: libtool library `qemuxml2argvmock.la' must begin with `lib'
	libtool: link: Try `libtool --help --mode=link' for more information.
	While we don't need to limit all LD_PRELOAD tests to just Linux, we
	do need to limit them to platforms that actually support loading;
	we also need to avoid building qemu tests when qemu is not enabled.
	* tests/virportallocatortest.c: Make conditional on <dlfcn.h>.
	* tests/Makefile.am (test_libraries): Only build qemu mock library
	when building qemu tests.

	build: fix cgroups on non-Linux
	Running ./autobuild.sh detected a mingw failure:
	  CCLD     libvirt.la
	Cannot export virCgroupGetPercpuStats: symbol not defined
	Cannot export virCgroupSetOwner: symbol not defined
	* src/util/vircgroup.c (virCgroupGetPercpuStats)
	(virCgroupSetOwner): Implement stubs.

2014-02-26  Jim Fehlig  <jfehlig@suse.com>

	libxl: queue domain event earlier in shutdown handler
	The shutdown handler may restart a domain when handling a reboot
	event or when <on_*> is set to 'restart'.  Restarting consists of
	calling libxlVmCleanup followed by libxlVmStart.  libxlVmStart will
	emit a VIR_DOMAIN_EVENT_STARTED event, but the SHUTDOWN event is
	not emitted until exiting the shutdown handler, after the STARTED
	event.
	This patch changes the logic a bit to queue the event at the start
	of the shutdown action, ensuring it is queued before any subsequent
	events that may be generated while executing the shutdown action.

2014-02-25  Laine Stump  <laine@laine.org>

	network: include plugged interface XML in "plugged" network hook
	The network hook script gets called whenever an interface is plugged
	into or unplugged from a network, but even though the full XML of both
	the network and the domain is included, there is no reasonable way to
	determine what exact resources the plugged interface is using:
	1) Prior to a recent patch which modified the status XML of interfaces
	to include the information about actual hardware resources used, it
	would be possible to scan through the domain XML output sent to the
	hook, and from there find the correct interface, but that interface
	definition would not include any runtime info (e.g. bandwidth or vlan
	taken from a portgroup, or which physdev was used in case of a macvtap
	network).
	2) After the patch modifying the status XML of interfaces, the network
	name would no longer be included in the domain XML, so it would be
	completely impossible to determine which interface was the one being
	plugged.
	To solve that problem, this patch includes a single <interface>
	element at the beginning of the XML sent to the network hook for
	"plugged" and "unplugged" (just inside <hookData>) that is the status
	XML of the interface being plugged. This XML will include all info
	gathered from the chosen network and portgroup.
	NB: due to hardcoded spaces in all of the device *Format() functions,
	the <interface> element inside the <hookData> will be indented by 6
	spaces rather than 2. I had intended to fix this, but it turns out
	that to make virDomainNetDefFormat() indentation relative, I would
	have to do the same to virDomainDeviceInfoFormat(), and that function
	is called from 19 places - making that a prerequisite of this patch
	would cause too many merge difficulties if we needed to backport
	network hooks, so I chose to ignore the problem here and fix the
	problem for *all* devices in a followup later.

	conf: output actual netdev status in <interface> XML
	Until now, the "live" XML status of an <interface type='network'>
	device would always show the network information, rather than the
	exact hardware device that was used. It would also show the name of
	any portgroup the interface belonged to, rather than providing the
	configuration that was derived from that portgroup. As an example,
	given the following network definition:
	[A]
	  <network>
	    <name>testnet</name>
	    <forward type='bridge' dev='p4p1_0'>
	      <interface dev='p4p1_0'/>
	      <interface dev='p4p1_1'/>
	      <interface dev='p4p1_2'/>
	      <interface dev='p4p1_3'/>
	    </forward>
	    <portgroup name='admin'>
	      <bandwidth>
	          <inbound average='1000' peak='5000' burst='1024'/>
	          <outbound average='128' peak='256' burst='256'/>
	      </bandwidth>
	    </portgroup>
	  </network>
	and the following domain <interface>:
	[B]
	  <interface type='network'>
	    <source network='testnet' portgroup='admin'/>
	  </interface>
	the output of "virsh dumpxml $domain" while the domain was running
	would yield something like this:
	[C]
	  <interface type='network'>
	    <source network='testnet' portgroup='admin'/>
	    <target dev='macvtap0'/>
	    <alias name='net0'/>
	    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
	  </interface>
	In order to learn the exact bandwidth information of the interface, a
	management application would need to retrieve the XML for testnet,
	then search for the portgroup named "admin". Even worse, there was no
	simple and standard way to learn which host physdev the macvtap0
	device is attached to.
	Internally, libvirt has always kept this information in the
	virDomainDef that is held in memory, as well as storing it in the
	(libvirt-internal-only) domain status XML (in
	/var/run/libvirt/qemu/$domain.xml). In order to not confuse the runtime
	"actual state" with the config of the device, it's internally stored
	like this:
	[D]
	  <interface type='network'>
	    <source network='testnet' portgroup='admin'/>
	    <actual type='direct'>
	      <source dev='p4p1_0' mode='bridge'/>
	      <bandwidth>
	          <inbound average='1000' peak='5000' burst='1024'/>
	          <outbound average='128' peak='256' burst='256'/>
	      </bandwidth>
	    </actual>
	    <target dev='macvtap0'/>
	    <alias name='net0'/>
	    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
	  </interface>
	This was never exposed outside of libvirt though, because I thought it
	would be too awkward for a management application to need to look in
	two places for the same information, but I also wasn't sure that it
	would be okay to overwrite the config info (in this case "<source
	network='testnet' portgroup='admin'/>") with the actual runtime info
	(everything inside <actual> above).
	Now we have a need for this information to be made available to
	management applications (in particular, so that a network "plugged"
	hook will have full information about the device that is being plugged
	in), so it's time to take the leap and decide that it is acceptable
	for the config info to be replaced with actual runtime state (but
	*only* when reporting domain live status, *not* when saving state in
	/var/run/libvirt/qemu/$domain.xml - that remains the same so that
	there is no loss of information). That is what this patch does - once
	applied, the output of "virsh dumpxml $domain" when the domain is
	running will contain something like this:
	[E]
	  <interface type='direct'>
	    <source dev='p4p1_0' mode='bridge'/>
	    <bandwidth>
	        <inbound average='1000' peak='5000' burst='1024'/>
	        <outbound average='128' peak='256' burst='256'/>
	    </bandwidth>
	    <target dev='macvtap0'/>
	    <alias name='net0'/>
	    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
	  </interface>
	In effect, everything that is internally stored within <actual> is
	moved up a level to where a management application will expect
	it. This means that the management application will only look in a
	single place to learn - the type of interface in use, the name of the
	physdev (if relevant), the <bandwidth>, <vlan>, and <virtualport>
	settings in use.
	The potential downside is that a management app looking at this output
	will not see that the physdev 'p4p1_0' was actually allocated from the
	network named 'testnet', or that the bandwidth numbers were taken from
	the portgroup 'admin'. However, if they are interested in that info,
	they can always get the "inactive" XML for the domain.
	An example of where this could cause problems is in virt-manager's
	network device display, which shows the status of the device, but
	allows you to edit that status info and save it as the new
	config. Previously virt-manager would always display the information
	in example [C] above, and allow editing that. With this patch, it will
	instead display what is in [E] and allow editing it directly, which
	could lead to some confusion. I would suggest that virt-manager have
	an "edit" button which would change the display from the "live" xml to
	the "inactive" xml, so that editing would be done on that; such a
	change would both handle the new situation, and also be compatible
	with older releases.

	conf: new function virDomainActualNetDefContentsFormat
	This function is currently only called from one place, but in a
	subsequent patch will be called from a 2nd place.
	The new function exactly replicates the original behavior of the part
	of virDomainActualNetDefFormat() that it replaces, but takes a
	virDomainNetDefPtr instead of virDomainActualNetDefPtr, and uses the
	virDomainNetGetActual*() functions whenever possible, rather than
	reaching into def->data.network.actual - this is to be sure that we
	are reporting exactly what is being used internally, just in case
	there are any discrepancies (there shouldn't be).

	conf: re-situate <bandwidth> element in <interface>
	This moves the call to virNetDevBandwidthFormat() in
	virDomainNetDefFormat() to be called right after the call to
	virNetDevVPortProfileFormat(), so that a single chunk of that function
	can be placed inside an if that conditionally calls
	virDomainActualNetDefContentsFormat() instead (next patch). The
	re-ordering necessitates modifying a couple of test data files.

	conf: make virDomainNetDefFormat a public function
	We will need to call virDomainNetDefFormat() from the network hook (in
	the network driver).

	conf: handle null pointer in virNetDevVlanFormat
	Other *Format() functions (e.g. virNetDevBandwidthFormat()) return
	with no action when called with a NULL *Def pointer. This makes
	virNetDevVlanFormat() consistent with that behavior.

	conf: clarify what is returned for actual bandwidth and vlan
	In practice, if a virDomainNetDef has a virDomainActualNetDef
	allocated, the ActualNetDef will *always* contain the bandwidth and
	vlan data from the NetDef (unless there was also a portgroup involved
	- see networkAllocateActualDevice()).
	However, virDomainNetGetActual(Bandwidth|Vlan)() were coded to make it
	appear as if it might be possible to have a valid bandwidth/vlan in
	the NetDef, but a NULL in the ActualNetDef. Believing this un-truth
	could lead to writing unnecessarily defensive code when dealing with
	the virDomainGetActual*() functions, so this patch makes it more
	obvious:
	   If there is an ActualNetDef, it will always have a copy of the
	   various appropriate bits from its parent NetDef, and the
	   virDomainGetActual* function will *always* return the data from the
	   ActualNetDef, not from the NetDef.
	The reason for this effective-NOP patch is that a subsequent patch to
	change virDomainNetDefFormat will rely on the above rule.

2014-02-25  Wido den Hollander  <wido@widodh.nl>

	rbd: Set timeout options for librados
	These timeout values make librados/librbd return -ETIMEDOUT when a
	operation is blocking due to a failing/unreachable Ceph cluster.
	By having the operations time out libvirt will not block.

	rbd: Include return statuses from librados/librbd in logging
	With this information it's easier for the user to debug what is
	going wrong.

2014-02-25  Ján Tomko  <jtomko@redhat.com>

	virsh: mark CPU usage field names as translatable
	My commit ac75801 removed the translation markers when
	moving the field names into an array.

2014-02-25  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	virsh: initialize str to NULL to solve a build issue
	Fix a -Werror=maybe-uninitialized issue.

2014-02-25  Eric Blake  <eblake@redhat.com>

	virsh: kill over-engineered asprintf failure recovery
	I noticed this while shortening switch statements via VIR_ENUM.
	Basically, the only ways virAsprintf can fail are if we pass a
	bogus format string (but we're not THAT bad) or if we run out
	of memory (but it already warns on our behalf in that case).
	Throw away the cruft that tries too hard to diagnose a printf
	failure.
	* tools/virsh-volume.c (cmdVolList): Simplify.
	* tools/virsh-pool.c (cmdPoolList): Likewise.

	virsh: use more compact VIR_ENUM_IMPL
	Dan Berrange suggested that using VIR_ENUM_IMPL is more compact
	than open-coding switch statements, and still just as forceful
	at making us remember to update lists if we add enum values
	in the future.  Make this change throughout virsh.
	Sure enough, doing this change caught that we missed at least
	VIR_STORAGE_VOL_NETDIR.
	* tools/virsh-domain-monitor.c (vshDomainIOErrorToString)
	(vshDomainControlStateToString, vshDomainStateToString)
	(vshDomainStateReasonToString): Change switch to enum lookup.
	(cmdDomControl, cmdDominfo): Update caller.
	* tools/virsh-domain.c (vshDomainVcpuStateToString)
	(vshDomainEventToString, vshDomainEventDetailToString): Change
	switch to enum lookup.
	(vshDomainBlockJobToString, vshDomainJobToString): New functions.
	(cmdVcpuinfo, cmdBlockJob, cmdDomjobinfo, cmdEvent): Update
	callers.
	* tools/virsh-network.c (vshNetworkEventToString): Change switch
	to enum lookup.
	* tools/virsh-pool.c (vshStoragePoolStateToString): New function.
	(cmdPoolList, cmdPoolInfo): Update callers.
	* tools/virsh-volume.c (vshVolumeTypeToString): Change switch to
	enum lookup.
	(cmdVolInfo, cmdVolList): Update callers.

2014-02-25  Ján Tomko  <jtomko@redhat.com>

	Document the keyboard as a valid input type
	Commit bc18373 added a new input type, but didn't change the
	documentation.

	virsh: Don't leak buffer if GetFDs fails in cmdCreate
	Change the logic of the function to return false by default
	and move the freeing of the buffer to the cleanup section.
	https://bugzilla.redhat.com/show_bug.cgi?id=1067338

2014-02-25  Jim Fehlig  <jfehlig@suse.com>

	libxl: handle on_crash coredump actions
	Add support for coredump-{destroy,restart} actions of <on_crash> event.

	libxl: add dump dir to libxlDriverConfig object

	libxl: honor domain lifecycle event configuration
	The libxl driver was ignoring the <on_*> domain event configuration,
	causing e.g. a domain to be rebooted even when on_reboot is set to
	destroy.
	This patch honors the <on_*> configuration in the shutdown event
	handler.

2014-02-24  Richard Weinberger  <richard@nod.at>

	Ensure systemd cgroup ownership is delegated to container with userns
	This function is needed for user namespaces, where we need to chmod()
	the cgroup to the initial uid/gid such that systemd is allowed to
	use the cgroup.

2014-02-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: implement node information reporting
	- Implement nodeGetCPUStats using nodeGetCPUStats()
	- Implement nodeGetMemoryStats using nodeGetMemoryStats()

2014-02-24  Daniel P. Berrange  <berrange@redhat.com>

	Add virStringReplace method for substring replacement
	Add a virStringReplace method to virstring.{h,c} to perform
	substring matching and replacement

2014-02-24  Manuel VIVES  <manuel.vives@diateam.net>

	Add virStringSearch method for regex matching
	Add a virStringSearch method to virstring.{c,h} which performs
	a regex match against a string and returns the matching substrings.

2014-02-24  Michal Privoznik  <mprivozn@redhat.com>

	virNetServerRun: Notify systemd that we're accepting clients
	Systemd does not forget about the cases, where client service needs to
	wait for daemon service to initialize and start accepting new clients.
	Setting a dependency in client is not enough as systemd doesn't know
	when the daemon has initialized itself and started accepting new
	clients. However, it offers a mechanism to solve this. The daemon needs
	to call a special systemd function by which the daemon tells "I'm ready
	to accept new clients". This is exactly what we need with
	libvirtd-guests (client) and libvirtd (daemon). So now, with this
	change, libvirt-guests.service is invoked not any sooner than
	libvirtd.service calls the systemd notify function.

	libvirt-guests: Wait for libvirtd to initialize
	I've noticed that in some cases systemd was quick enough and even
	if libvirt-guests.service is marked to be started after the
	libvirtd.service my guests were not resumed as
	libvirt-guests.sh failed to connect. This is because of a
	simple fact: systemd correctly starts libvirt-guests after it
	execs libvirtd. However, the daemon is not able to accept
	connections right from the start. It's doing some
	initialization which may take ages. This problem is not limited
	to systemd only, indeed. Any init system that is able to startup
	services in parallel (e.g. OpenRC) may run into this situation.
	The fix is to try connecting not only once, but continuously a few
	times with a small sleep in between tries.

	virSystemdCreateMachine: Set dependencies for slices
	https://bugzilla.redhat.com/show_bug.cgi?id=1031696
	When creating a new domain, we let systemd know about it by calling
	CreateMachine() function via dbus. Systemd then creates a scope and
	places domain into it. However, later when the host is shutting
	down, systemd computes the shutdown order to see what processes can
	be shut down in parallel. And since we were not setting
	dependencies at all, the slices (and thus domains) were most likely
	killed before libvirt-guests.service. So user domains that had to
	be saved, shut off, whatever were in fact killed.  This problem can
	be solved by letting systemd know that scopes we're creating must
	not be killed before libvirt-guests.service.

2014-02-22  Eric Blake  <eblake@redhat.com>

	build: fix build on 32-bit hosts
	vircgrouptest.c: In function 'testCgroupGetPercpuStats':
	vircgrouptest.c:543: warning: integer constatnt is too large for 'long' type

	maint: update to latest gnulib, for older autoconf
	Based on a report from Pavel Hrdina, gnulib was fixed to support
	AC_PROG_SED even when using ancient autoconf 2.59 of RHEL 5.
	* .gnulib: Update to latest, to fix build on RHEL 5.

2014-02-21  Ján Tomko  <jtomko@redhat.com>

	Ignore additional fields in iscsiadm output
	There has been a new field introduced in iscsiadm --mode session
	output [1], but our regex only expects four fields. This breaks
	startup of iscsi pools:
	error: Failed to start pool iscsi
	error: internal error: cannot find session
	Fix this by ignoring anything after the fourth field.
	https://bugzilla.redhat.com/show_bug.cgi?id=1067173
	[1] https://github.com/mikechristie/open-iscsi/commit/181af9a

	Add a stub for virCgroupGetDomainTotalCpuStats
	Commit 6515889 broke the build on FreeBSD:
	In function `qemuDomainGetCPUStats':
	/../../src/qemu/qemu_driver.c:16102:
	undefined reference to `virCgroupGetDomainTotalCpuStats'

2014-02-21  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Among other things, gnulib now allows overriding of sed during
	'make syntax-check'.
	* .gnulib: Update to latest, for maint.mk improvements.

	virsh: add net-event command
	Add 'virsh net-event --list' and 'virsh net-event [net] --event=name
	[--loop] [--timeout]'.  Very similar to 'virsh event'.
	* tools/virsh.pod (net-event): Document new command.
	* tools/virsh-network.c (vshNetworkEventToString, vshNetEventData)
	(vshEventLifecyclePrint, cmdNetworkEvent): New struct and
	functions.

	virsh: add event command, for lifecycle events
	Add 'virsh event --list' and 'virsh event [dom] --event=name
	[--loop] [--timeout]'.  Borrows somewhat from event-test.c,
	but defaults to a one-shot notification, and takes advantage
	of the event loop integration to allow Ctrl-C to interrupt the
	wait for an event.  For now, this just does lifecycle events.
	* tools/virsh.pod (event): Document new command.
	* tools/virsh-domain.c (vshDomainEventToString)
	(vshDomainEventDetailToString, vshDomEventData)
	(vshEventLifecyclePrint, cmdEvent): New struct and functions.

	virsh: common code for waiting for an event
	I plan to add 'virsh event' to virsh-domain.c and 'virsh
	net-event' to virsh-network.c; but as they will share quite
	a bit of common boilerplate, it's better to set that up now
	in virsh.c.
	* tools/virsh.h (_vshControl): Add fields.
	(vshEventStart, vshEventWait, vshEventDone, vshEventCleanup): New
	prototypes.
	* tools/virsh.c (vshEventFd, vshEventOldAction, vshEventInt)
	(vshEventTimeout): New helper variables and functions.
	(vshEventStart, vshEventWait, vshEventDone, vshEventCleanup):
	Implement new functions.
	(vshInit, vshDeinit, main): Manage event timeout.

	virsh: common code for parsing --seconds
	Several virsh commands ask for a --timeout parameter in
	seconds, then use it to control interfaces that operate on
	millisecond limits; I also plan on adding a 'virsh event'
	command that also does this.  Factor this into a common
	function.
	* tools/virsh.h (vshCommandOptTimeoutToMs): New prototype.
	* tools/virsh.c (vshCommandOptTimeoutToMs): New function.
	* tools/virsh-domain.c (cmdBlockCommit, cmdBlockCopy)
	(cmdBlockPull, cmdMigrate): Use it.
	(vshWatchJob): Adjust timeout scale.

2014-02-21  Jim Fehlig  <jfehlig@suse.com>

	libxl: queue shutdown event on domain shutdown
	Emit libvirt shutdown event when receiving LIBXL_SHUTDOWN_REASON_POWEROFF
	event from libxl.

2014-02-21  John Ferlan  <jferlan@redhat.com>

	bandwidth: Adjust documentation
	Recent autotest/virt-test testing on f20 discovered an anomaly in how
	the bandwidth options are documented and used. This was discovered due
	to a bug fix in the /sbin/tc utility found in iproute-3.11.0.1 (on f20)
	in which overflow was actually caught and returned as an error. The fix
	was first introduced in iproute-3.10 (search on iproute2 commit 'a303853e').
	The autotest/virt-test test for virsh domiftune was attempting to send
	the largest unsigned integer value (4294967295) for maximum value
	testing. The libvirt xml implementation was designed to manage values
	in kilobytes thus when this value was passed to /sbin/tc, it (now)
	properly rejected the 4294967295kbps value.
	Investigation of the problem discovered that formatdomain.html.in and
	formatnetwork.html.in described the elements and property types slightly
	differently, although they use the same code - virNetDevBandwidthParseRate()
	(shared by portgroups, domains, and networks xml parsers). Rather than
	have the descriptions in two places, this patch will combine and reword
	the description under formatnetwork.html.in and have formatdomain.html.in
	link to that description.
	This documentation faux pas was continued into the virsh man page where
	the bandwidth description for both 'attach-interface' and 'domiftune'
	did not indicate the format of each value, thus leading to the test using
	largest unsigned integer value assuming "bps" rather than "kbps", which
	ultimately was wrong.

2014-02-21  Jim Fehlig  <jfehlig@suse.com>

	libxl: always use libxlVmCleanupJob in shutdown thread
	Commit e4a0e900 missed calling libxlVmCleanupJob in the shutdown
	handler when processing a reboot event.

2014-02-21  Eric Blake  <eblake@redhat.com>

	qemu: adjust maxmem/maxvcpu computation
	https://bugzilla.redhat.com/show_bug.cgi?id=1038363
	If a domain has a different maximum for persistent and live maxmem
	or max vcpus, then it is possible to hit cases where libvirt
	refuses to adjust the current values or gets halfway through
	the adjustment before failing.  Better is to determine up front
	if the change is possible for all requested flags.
	Based on an idea by Geoff Franks.
	* src/qemu/qemu_driver.c (qemuDomainSetMemoryFlags): Compute
	correct maximum if both live and config are being set.
	(qemuDomainSetVcpusFlags): Likewise.

2014-02-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Add Roman Bogorodskiy to the committers list

2014-02-20  Daniel P. Berrange  <berrange@redhat.com>

	Rename virDomainGetRootFilesystem to virDomainGetFilesystemForTarget
	The virDomainGetRootFilesystem method can be generalized to allow
	any filesystem path to be obtained.
	While doing this, start a new test case for purpose of testing various
	helper methods in the domain_conf.{c,h} files, such as this one.

	Introduce new OOM testing support
	The previous OOM testing support would re-run the entire "main"
	method each iteration, failing a different malloc each time.
	When a test suite has 'n' allocations, the number of repeats
	requires is  (n * (n + 1) ) / 2.  This gets very large, very
	quickly.
	This new OOM testing support instead integrates at the
	virtTestRun level, so each individual test case gets repeated,
	instead of the entire test suite. This means the values of
	'n' are orders of magnitude smaller.
	The simple usage is
	   $ VIR_TEST_OOM=1 ./qemuxml2argvtest
	   ...
	   29) QEMU XML-2-ARGV clock-utc                                         ... OK
	       Test OOM for nalloc=36 .................................... OK
	   30) QEMU XML-2-ARGV clock-localtime                                   ... OK
	       Test OOM for nalloc=36 .................................... OK
	   31) QEMU XML-2-ARGV clock-france                                      ... OK
	       Test OOM for nalloc=38 ...................................... OK
	   ...
	the second lines reports how many mallocs have to be failed, and thus
	how many repeats of the test will be run.
	If it crashes, then running under valgrind will often show the problem
	  $ VIR_TEST_OOM=1 ../run valgrind ./qemuxml2argvtest
	When debugging problems it is also helpful to select an individual
	test case
	  $ VIR_TEST_RANGE=30 VIR_TEST_OOM=1 ../run valgrind ./qemuxml2argvtest
	When things get really tricky, it is possible to request that just
	specific allocs are failed. eg to fail allocs 5 -> 12, use
	  $ VIR_TEST_RANGE=30 VIR_TEST_OOM=1:5-12 ../run valgrind ./qemuxml2argvtest
	In the worse case, you might want to know the stack trace of the
	alloc which was failed then VIR_TEST_OOM_TRACE can be set. If it
	is set to 1 then it will only print if it thinks a mistake happened.
	This is often not reliable, so setting it to 2 will make it print
	the stack trace for every alloc that is failed.
	  $ VIR_TEST_OOM_TRACE=2 VIR_TEST_RANGE=30 VIR_TEST_OOM=1:5-5 ../run valgrind ./qemuxml2argvtest
	  30) QEMU XML-2-ARGV clock-localtime                                   ... OK
	      Test OOM for nalloc=36 !virAllocN
	  /home/berrange/src/virt/libvirt/src/util/viralloc.c:180
	  virHashCreateFull
	  /home/berrange/src/virt/libvirt/src/util/virhash.c:144
	  virDomainDefParseXML
	  /home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11745
	  virDomainDefParseNode
	  /home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12646
	  virDomainDefParse
	  /home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12590
	  testCompareXMLToArgvFiles
	  /home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:106
	  virtTestRun
	  /home/berrange/src/virt/libvirt/tests/testutils.c:250
	  mymain
	  /home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:418 (discriminator 2)
	  virtTestMain
	  /home/berrange/src/virt/libvirt/tests/testutils.c:750
	  ??
	  ??:0
	  _start
	  ??:?
	   FAILED

	Fix multiple bugs in LXC domainMemoryStats driver
	The virCgroupXXX APIs' return value must be checked for
	being less than 0, not equal to 0.
	An VIR_ERR_OPERATION_INVALID error must also be raised
	when the VM is not running to prevent a crash on NULL
	priv->cgroup field.

2014-02-20  Thorsten Behrens  <tbehrens@suse.com>

	Add unit test for virCgroupGetPercpuStats.

	Fix misspelled cpuacct.usage_percpu in cgroup mock.

	Add unit test for virCgroupGetMemoryUsage.

	Add unit test for virCgroupGetBlkioIo*Serviced

	Widening API change - accept empty path for virDomainBlockStats
	And provide domain summary stat in that case, for lxc backend.
	Use case is a container inheriting all devices from the host,
	e.g. when doing application containerization.

	Implement lxcDomainBlockStats* for lxc driver
	Adds lxcDomainBlockStatsFlags and lxcDomainBlockStats functions.

	Implement domainGetCPUStats for lxc driver.

	Make qemuGetDomainTotalCPUStats a virCgroup function.
	To reuse this from other drivers, like lxc.

	Implement domainMemoryStats API slot for LXC driver.

	Add util virCgroupGetBlkioIo*Serviced methods.
	This reads blkio stats from blkio.throttle.io_service_bytes and
	blkio.throttle.io_serviced.

2014-02-20  Jincheng Miao  <jmiao@redhat.com>

	virsh: fix memleak when starting a guest with invalid fd
	When start a guest with --pass-fd, if the argument of --pass-fd is invalid,
	virsh will exit, but doesn't free the variable 'dom'.
	The valgrind said:
	...
	==24569== 63 (56 direct, 7 indirect) bytes in 1 blocks are definitely lost in loss record 130 of 234
	==24569==    at 0x4C2A1D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==24569==    by 0x4E879A4: virAllocVar (viralloc.c:544)
	==24569==    by 0x4EBD625: virObjectNew (virobject.c:190)
	==24569==    by 0x4F3A18A: virGetDomain (datatypes.c:226)
	==24569==    by 0x4F9311F: remoteDomainLookupByName (remote_driver.c:6636)
	==24569==    by 0x4F44F20: virDomainLookupByName (libvirt.c:2277)
	==24569==    by 0x12F616: vshCommandOptDomainBy (virsh-domain.c:105)
	==24569==    by 0x131C79: cmdStart (virsh-domain.c:3330)
	==24569==    by 0x12C4AB: vshCommandRun (virsh.c:1752)
	==24569==    by 0x127001: main (virsh.c:3218)
	https://bugzilla.redhat.com/show_bug.cgi?id=1067338

2014-02-20  Richard Weinberger  <richard@nod.at>

	lxc: Add destroy support for suspended domains
	Destroying a suspended domain needs special action.
	We cannot simply terminate all process because they are frozen.
	Do deal with that we send them SIGKILL and thaw them.
	Upon wakeup the process sees the pending signal and dies immediately.

2014-02-20  Ján Tomko  <jtomko@redhat.com>

	Fix build of portallocator on mingw
	IN6ADDR_ANY_INIT does not seem to be working as expected on MinGW:
	error: missing braces around initializer [-Werror=missing-braces]
	         .sin6_addr = IN6ADDR_ANY_INIT,
	Use the in6addr_any variable instead.
	Reported by Daniel P. Berrange.

2014-02-20  Michal Privoznik  <mprivozn@redhat.com>

	networkRunHook: Run hook only if possible
	Currently, networkRunHook() is called in networkAllocateActualDevice and
	friends. These functions, however, doesn't necessarily work on networks,
	For example, if domain's interface is defined in this fashion:
	    <interface type='bridge'>
	      <mac address='52:54:00:0b:3b:16'/>
	      <source bridge='virbr1'/>
	      <model type='rtl8139'/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
	    </interface>
	The networkAllocateActualDevice jumps directly onto 'validate' label as
	the interface is not type of 'network'. Hence, @network is left
	initialized to NULL and networkRunHook(network, ...) is called. One of
	the things that the hook function does is dereference @network. Soupir.

2014-02-20  Jim Fehlig  <jfehlig@suse.com>

	libxl: use job functions in libxlDomainSetSchedulerParametersFlags
	Modify operation that needs to wait in the queue of modify jobs.

	libxl: use job functions in libxlDomainSetAutostart
	Setting autostart is a modify operation that needs to wait in the
	queue of modify jobs.

	libxl: use job functions in device attach and detach functions
	These operations aren't necessarily time consuming, but need to
	wait in the queue of modify jobs.

	libxl: use job functions in vcpu set and pin functions
	These operations aren't necessarily time consuming, but need to
	wait in the queue of modify jobs.

	libxl: use job functions in libxlDomainCoreDump
	Dumping a domain's core can take considerable time.  Use the
	recently added job functions and unlock the virDomainObj while
	dumping core.

	libxl: use job functions in domain save operations
	Saving domain memory and cpu state can take considerable time.
	Use the recently added job functions and unlock the virDomainObj
	while saving the domain.

	libxl: use job functions when cleaning up a domain
	When explicitly destroying a domain (libxlDomainDestroyFlags), or
	handling an out-of-band domain shutdown event, cleanup the domain
	in the context of a job.  Introduce libxlVmCleanupJob to wrap
	libxlVmCleanup in a job block.

	libxl: use job functions in libxlDomain{Suspend,Resume}
	These operations aren't necessarily time consuming, but need to
	wait in the queue of modify jobs.

	libxl: use job functions in libxlDomainSetMemoryFlags
	Large balloon operation can be time consuming.  Use the recently
	added job functions and unlock the virDomainObj while ballooning.

	libxl: use job functions in libxlVmStart
	Creating a large domain could potentially be time consuming.  Use the
	recently added job functions and unlock the virDomainObj while
	the create operation is in progress.

	libxl: Add job support to libxl driver
	Follows the pattern used in the QEMU driver for managing multiple,
	simultaneous jobs within the driver.

	libxl: remove libxlVmReap function
	This function, which only has five call sites, simply calls
	libxl_domain_destroy and libxlVmCleanup.  Call those functions
	directly at the call sites, allowing more control over how a
	domain is destroyed and cleaned up.  This patch maintains the
	existing semantic, leaving changes to a subsequent patch.

	libxl: always set vm id to -1 on shutdown
	Once a domain has reached the shutdown state, set its ID to -1.

2014-02-19  Oleg Strikov  <oleg.strikov@canonical.com>

	qemu: Use virtio network device for aarch64/virt
	This patch changes network device type used by default from rtl8139
	to virtio when architecture type is aarch64 and machine type is virt.
	Qemu doesn't support any other machine types for aarch64 right now and
	we can't make any other aarch64-specific tuning in this function yet.

2014-02-19  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add a basic driver
	At this point it has a limited functionality and is highly
	experimental. Supported domain operations are:
	  * define
	  * start
	  * destroy
	  * dumpxml
	  * dominfo
	It's only possible to have only one disk device and only one
	network, which should be of type bridge.

2014-02-19  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Add a default USB keyboard and USB mouse for PPC64
	There is no keyboard working on PPC64 and PS2 mouse is only for X86
	when graphics are enabled.
	Add a USB keyboard and USB mouse for PPC64 when graphics are enabled.

	xen: format xen config for USB keyboard

	qemu: format qemu command line for USB keyboard
	Format qemu command line for USB keyboard
	and add test cases for it.

	qemu: Add USB keyboard capability
	Add USB keyboard capability probing and test cases.

	conf: Remove the implicit PS2 devices for non-X86 platforms
	PS2 devices only work on X86 platform, other platforms may need
	USB devices instead. Athough it doesn't influence the QEMU command line,
	it's not right to add PS2 mouse/keyboard for non-X86 platform.

	conf: Add keyboard input device type
	There is no keyboard support currently in libvirt.
	For some platforms (PPC64 QEMU) this makes graphics unusable,
	since the keyboard is not implicit and it can't be added via libvirt.

	conf: Add one interface to add default input devices
	Use it for the default mouse.

2014-02-19  Michal Privoznik  <mprivozn@redhat.com>

	bridge_driver.h: Fix build --without-network
	The networkNotifyActualDevice function is accepting two arguments, not
	one:
	qemu/qemu_process.c: In function 'qemuProcessNotifyNets':
	qemu/qemu_process.c:2776:47: error: macro "networkNotifyActualDevice" passed 2 arguments, but takes just 1
	         if (networkNotifyActualDevice(def, net) < 0)
	                                               ^

2014-02-18  Ján Tomko  <jtomko@redhat.com>

	Fix conflicting types of virInitctlSetRunLevel
	aebbcdd didn't change the non-linux definition of the function,
	breaking the build on FreeBSD:
	../../src/util/virinitctl.c:164: error: conflicting types for
	'virInitctlSetRunLevel'
	../../src/util/virinitctl.h:40: error: previous declaration of
	'virInitctlSetRunLevel' was here

2014-02-18  Michal Privoznik  <mprivozn@redhat.com>

	network: Taint networks that are using hook script
	Basically, the idea is copied from domain code, where tainting
	exists for a while. Currently, only one taint reason exists -
	VIR_NETWORK_TAINT_HOOK to mark those networks which caused invoking
	of hook script.

	network: Introduce network hooks
	There might be some use cases, where user wants to prepare the host or
	its environment prior to starting a network and do some cleanup after
	the network has been shut down. Consider all the functionality that
	libvirt doesn't currently have as an example what a hook script can
	possibly do.

	network_conf: Expose virNetworkDefFormatInternal
	In the next patch I'm going to need the network format function that
	takes virBuffer as argument. However, slightly change of name is more
	appropriate then: virNetworkDefFormatBuf to match the rest of functions
	that format an object to buffer.

2014-02-18  Daniel P. Berrange  <berrange@redhat.com>

	CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC hotunplug code
	Rewrite multiple hotunplug functions to to use the
	virProcessRunInMountNamespace helper. This avoids
	risk of a malicious guest replacing /dev with an absolute
	symlink, tricking the driver into changing the host OS
	filesystem.

	CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC chardev hostdev hotplug
	Rewrite lxcDomainAttachDeviceHostdevMiscLive function
	to use the virProcessRunInMountNamespace helper. This avoids
	risk of a malicious guest replacing /dev with a absolute
	symlink, tricking the driver into changing the host OS
	filesystem.

	CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC block hostdev hotplug
	Rewrite lxcDomainAttachDeviceHostdevStorageLive function
	to use the virProcessRunInMountNamespace helper. This avoids
	risk of a malicious guest replacing /dev with a absolute
	symlink, tricking the driver into changing the host OS
	filesystem.

	CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC USB hotplug
	Rewrite lxcDomainAttachDeviceHostdevSubsysUSBLive function
	to use the virProcessRunInMountNamespace helper. This avoids
	risk of a malicious guest replacing /dev with a absolute
	symlink, tricking the driver into changing the host OS
	filesystem.

	CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC disk hotplug
	Rewrite lxcDomainAttachDeviceDiskLive function to use the
	virProcessRunInMountNamespace helper. This avoids risk of
	a malicious guest replacing /dev with a absolute symlink,
	tricking the driver into changing the host OS filesystem.

2014-02-18  Eric Blake  <eblake@redhat.com>

	CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC shutdown/reboot code
	Use helper virProcessRunInMountNamespace in lxcDomainShutdownFlags and
	lxcDomainReboot.  Otherwise, a malicious guest could use symlinks
	to force the host to manipulate the wrong file in the host's namespace.
	Idea by Dan Berrange, based on an initial report by Reco
	<recoverym4n@gmail.com> at
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394

2014-02-18  Daniel P. Berrange  <berrange@redhat.com>

	Add helper for running code in separate namespaces
	Implement virProcessRunInMountNamespace, which runs callback of type
	virProcessNamespaceCallback in a container namespace. This uses a
	child process to run the callback, since you can't change the mount
	namespace of a thread. This implies that callbacks have to be careful
	about what code they run due to async safety rules.
	Idea by Dan Berrange, based on an initial report by Reco
	<recoverym4n@gmail.com> at
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394

	Add virFileMakeParentPath helper function
	Add a helper function which takes a file path and ensures
	that all directory components leading up to the file exist.
	IOW, it strips the filename part of the path and passes
	the result to virFileMakePath.

2014-02-17  Daniel P. Berrange  <berrange@redhat.com>

	Move check for cgroup devices ACL upfront in LXC hotplug
	The check for whether the cgroup devices ACL is available is
	done quite late during LXC hotplug - in fact after the device
	node is already created in the container in some cases. Better
	to do it upfront so we fail immediately.

	Disks are always block devices, never character devices
	The LXC disk hotplug code was allowing block or character devices
	to be given as disk. A disk is always a block device.

	Fix reset of cgroup when detaching USB device from LXC guests
	When detaching a USB device from an LXC guest we must remove
	the device from the cgroup ACL. Unfortunately we were telling
	the cgroup code to use the guest /dev path, not the host /dev
	path, and the guest device node had already been unlinked.
	This was, however, fortunate since the code passed &priv->cgroup
	instead of priv->cgroup, so would have crash if the device node
	were accessible.

	Record hotplugged USB device in LXC live guest config
	After hotplugging a USB device, the LXC driver forgot
	to add the device def to the virDomainDefPtr.

	Fix path used for USB device attach with LXC
	The LXC code missed the 'usb' component out of the path
	/dev/bus/usb/$BUSNUM/$DEVNUM, so it failed to actually
	setup cgroups for the device. This was in fact lucky
	because the call to virLXCSetupHostUsbDeviceCgroup
	was also mistakenly passing '&priv->cgroup' instead of
	just 'priv->cgroup'. So once the path is fixed, libvirtd
	would then crash trying to access the bogus virCgroupPtr
	pointer. This would have been a security issue, were it
	not for the bogus path preventing the pointer reference
	being reached.

	Don't block use of USB with containers
	virDomainDefCompatibleDevice blocks use of USB if no USB
	controller is present. This is not correct for containers
	since devices can be assigned directly regardless of any
	controllers.

2014-02-17  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement VIR_DOMAIN_TAINT_HOOK
	Currently, there's just one place where we care if hook script is
	changing the domain XML: migration hook for incoming migration. In
	all other places where a hook script is executed, we don't read the
	XML back from the script.
	Anyway, the hook script can alter domain XML and hence we should taint
	it if the script did.

	virDomainTaintFlags: Introduce VIR_DOMAIN_TAINT_HOOK
	This new flag is to be used for tainting domains which
	XML definition was altered at runtime by a hook script.

2014-02-15  Peter Krempa  <pkrempa@redhat.com>

	Revert "storage: Introduce internal pool support"
	The internal pools were an idea in one of the first iterations of the
	gluster series, which we decided not to use. Somehow the patch still
	got pushed. Remove it as the internal flag isn't needed.
	This reverts commit 362da8209d760fc1acd3a1c8df5b04aa676492eb.

2014-02-14  Ján Tomko  <jtomko@redhat.com>

	Add tests for secret XML parsing
	also validate it against the RNG schema.

	docs: remove <auth> from secret XML format
	This belongs to the pool definition.

2014-02-14  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Forgot to add lxcconf2xmldata to dist.

2014-02-14  Peter Krempa  <pkrempa@redhat.com>

	lxc: Don't shadow global symbol "link"
	Yet another variable name frowned upon by older compilers. Introduced in
	commit b73c029d.

2014-02-14  Ján Tomko  <jtomko@redhat.com>

	Support IPv6 in port allocator
	Also try to bind on IPv6 to check if the port is occupied.
	Change the mocked bind in the test to return EADDRINUSE
	for some ports only for the IPv4/IPv6 socket if we're testing
	on a host with IPv6 compiled in.
	Also mock socket() to make it fail with EAFNOTSUPPORTED
	if LIBVIRT_TEST_IPV4ONLY is set in the environment, to
	simulate a host without IPv6 support in the kernel. The
	tests are repeated again with this variable set.
	https://bugzilla.redhat.com/show_bug.cgi?id=1025407

	Split out bind() from virPortAllocatorAcquire

2014-02-14  Peter Krempa  <pkrempa@redhat.com>

	storage: gluster: Don't leak private data when storage file init fails
	In a44b7b87bcc6681e2939f65a3552fc96f68bc7b6 I've introduced a function
	that initializes a storage file wrapper object on gluster based volumes.
	The initialization function leaks the private data pointer in case of
	failure. This patch fixes it.
	Reported by John Ferlan.

	storage: Fix build with older compilers afeter gluster snapshot series
	In commit e32268184b4fd1611ed5ffd3c758b8f6a34152e6 I accidentally added
	twice a typedef for virStorageFileBackend when I moved it between files
	across patch iterations. The double declaration breaks build on older
	compilers in RHEL5 and FreeBSD.
	Remove the spurious definition.

	qemu: snapshot: Add support for external active snapshots on gluster
	Add support for gluster backed images as sources for snapshots in the
	qemu driver. This will also simplify adding further network backed
	volumes as sources for snapshot in case qemu will support them.

	qemu: snapshot: Use new APIs to detect presence of existing storage files
	Use the new storage driver based "stat" api to detect exiting files just
	as we did with local files.

	qemu: Switch snapshot deletion to the new API functions
	Use the new storage driver APIs to delete snapshot backing files in case
	of failure instead of directly relying on "unlink". This will help us in
	the future when we will be adding network based storage without local
	representation in the host.

	storage: Add storage file backends for gluster
	Implement storage backend functions to deal with gluster volumes and
	implement the "stat" and "unlink" backend APIs.

	storage: add file functions for local and block files
	Implement the "stat" and "unlink" function for "file" volumes and "stat"
	for "block" volumes using the regular system calls.

	storage: Add file storage APIs in the default storage driver
	Add APIs that will allow to use the storage driver to assist in
	operations on files even for remote filesystems without native
	representation as files in the host.

	conf: Move qemuSnapshotDiskGetActualType to virDomainSnapshotDiskGetActualType
	All the data for getting the actual type is present in the snapshot
	config. There is no need to have this function private to the qemu
	driver and it will be re-used later in other parts of libvirt

	conf: Move qemuDiskGetActualType to virDomainDiskGetActualType
	All the data for getting the actual type is present in the domain
	config. There is no need to have this function private to the qemu
	driver and it will be re-used later in other parts of libvirt

2014-02-13  Eric Blake  <eblake@redhat.com>

	spec: add missing dep of libvirt-daemon-config-nwfilter
	Similar to cf76c4b, if modules are used, then nwfilter configuration
	requires the nwfilter driver module.

	Revert "spec: require libvirt-wireshark from libvirt metapackage"
	This reverts commit 8d6c3659b8c9b861b00a19b26079d11d56dce680.
	After further list discussion, it was decided that pulling in
	wireshark as a dependency is a bit too much for the base 'libvirt'
	package.  Remember also that 'libvirt-devel' is also not pulled in
	by the base 'libvirt' - the metapackage exists for full
	functionality of libvirtd, rather than to pull in all subpackages.

2014-02-13  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc from native: removed now remaining useless line

2014-02-13  Philipp Hahn  <hahn@univention.de>

	Fix stream related spelling mistakes
	Remove double "is".
	Consistent spelling of all-uppercase I/O.

2014-02-13  Eric Blake  <eblake@redhat.com>

	spec: require libvirt-wireshark from libvirt metapackage
	In general, the 'libvirt' metapackage should pull in all subpackages.
	Fix this for the wireshark subpackage created in commit f9ada9f.
	* libvirt.spec.in (Requires): Add dependency.

2014-02-13  Thierry Parmentelat  <thierry.parmentelat@inria.fr>

	spec: add missing dep of libvirt-daemon-config-network
	When building modules, libvirt-daemon-config-network requires
	libvirt-daemon-driver-network to ensure the 'default' network
	is setup properly

	spec: require libvirt-daemon-driver-interface only when built

2014-02-13  Cédric Bosdonnat  <cbosdonnat@suse.com>

	LXC from native: convert blkio throttle config

	LXC: added some doc on domxml-from-native with mention of limitations

	LXC from native: map vlan network type
	The problem with VLAN is that the user still has to manually create the
	vlan interface on the host. Then the generated configuration will use
	it as a nerwork hostdev device. So the generated configurations of the
	following two fragments are equivalent (see rhbz#1059637).
	lxc.network.type = phys
	lxc.network.link = eth0.5
	lxc.network.type = vlan
	lxc.network.link = eth0
	lxc.network.vlan.id = 5

	LXC from native: map block filesystems

	LXC from native: map lxc.arch to /domain/os/type@arch

	LXC from native: add lxc.cgroup.blkio.* mapping

	LXC from native: map lxc.cgroup.cpuset.*

	LXC from native: map lxc.cgroup.cpu.*

	LXC from native: migrate memory tuning

	LXC from native: convert lxc.id_map into <idmap>

	LXC from native: convert macvlan network configuration

	LXC from native: convert lxc.tty to console devices

	LXC from native: convert phys network types to net hostdev devices

	LXC from native: migrate veth network configuration
	Some of the LXC configuration properties aren't migrated since they
	would only cause problems in libvirt-lxc:
	  * lxc.network.ipv[46]: LXC driver doesn't setup IP address of guests,
	    see rhbz#1059624
	  * lxc.network.name, see rhbz#1059630

	LXC from native: implement no network conversion
	If no network configuration is provided, LXC only provides the loopback
	interface. To match this, we need to use the privnet feature. LXC will
	also define a 'none' network type in its 1.0.0 version that fits
	libvirt LXC driver's default.

	LXC from native: migrate fstab and lxc.mount.entry
	Tmpfs relative size and default 50% size values aren't supported as
	we have no idea of the available memory at the conversion time.

	LXC from native: import rootfs
	LXC rootfs can be either a directory or a block device or an image
	file. The first two types have been implemented, but the image file is
	still to be done since LXC auto-guesses the file format at mount time
	and the LXC driver doesn't support the 'auto' format.

	LXC driver: started implementing connectDomainXMLFromNative
	This function aims at converting LXC configuration into a libvirt
	domain XML description to help users migrate from LXC to libvirt.
	Here is an example of how the lxc configuration works:
	virsh -c lxc:/// domxml-from-native lxc-tools /var/lib/lxc/migrate_test/config
	It is possible that some parts couldn't be properly mapped into a
	domain XML fragment, so users should carefully review the result
	before creating the domain.
	fstab files in lxc.mount lines will need to be merged into the
	configuration file as lxc.mount.entry.
	As we can't know the amount of memory of the host, we have to set a
	default value for max_balloon that users will probably want to adjust.

	Improve virConf parse to handle LXC config format
	virConf now honours a VIR_CONF_FLAG_LXC_FORMAT flag to handle LXC
	configuration files. The differences are that property names can
	contain '.' character and values are all strings without any bounding
	quotes.
	Provide a new virConfWalk function calling a handler on all non-comment
	values. This function will be used by the LXC conversion code to loop
	over LXC configuration lines.

2014-02-13  Eric Blake  <eblake@redhat.com>

	event: pass reason for PM events
	Commit 57ddcc23 (v0.9.11) introduced the pmwakeup event, with
	an optional 'reason' field reserved for possible future expansion.
	But it failed to wire the field through RPC, so even if we do
	add a reason in the future, we will be unable to get it back
	to the user.
	Worse, commit 7ba5defb (v1.0.0) repeated the same mistake with
	the pmsuspend_disk event.
	As long as we are adding new RPC calls, we might as well fix
	the events to actually match the signature so that we don't have
	to add yet another RPC in the future if we do decide to start
	using the reason field.
	* src/remote/remote_protocol.x
	(remote_domain_event_callback_pmwakeup_msg)
	(remote_domain_event_callback_pmsuspend_msg)
	(remote_domain_event_callback_pmsuspend_disk_msg): Add reason
	field.
	* daemon/remote.c (remoteRelayDomainEventPMWakeup)
	(remoteRelayDomainEventPMSuspend)
	(remoteRelayDomainEventPMSuspendDisk): Pass reason to client.
	* src/conf/domain_event.h (virDomainEventPMWakeupNewFromDom)
	(virDomainEventPMSuspendNewFromDom)
	(virDomainEventPMSuspendDiskNewFromDom): Require additional
	parameter.
	* src/conf/domain_event.c (virDomainEventPMClass): New class.
	(virDomainEventPMDispose): New function.
	(virDomainEventPMWakeupNew*, virDomainEventPMSuspendNew*)
	(virDomainEventPMSuspendDiskNew*)
	(virDomainEventDispatchDefaultFunc): Use new class.
	* src/remote/remote_driver.c (remoteDomainBuildEvent*PM*): Pass
	reason through.
	* src/remote_protocol-structs: Regenerate.

	event: convert remaining domain events to new style
	Following the patterns established by lifecycle events, this
	creates all the new RPC calls needed to pass callback IDs
	for every domain event, and changes the limits in client and
	server codes to use modern style when possible.
	I've tested all combinations: both 'old client and new server'
	and 'new client and old server' continue to work with the old
	RPCs, and 'new client and new server' benefit from server-side
	filtering with the new RPCs.
	* src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_EVENT_*): Add
	REMOTE_PROC_DOMAIN_EVENT_CALLBACK_* counterparts.
	* daemon/remote.c (remoteRelayDomainEvent*): Send callbackID via
	newer RPC when used with new-style registration.
	(remoteDispatchConnectDomainEventCallbackRegisterAny): Extend to
	cover all domain events.
	* src/remote/remote_driver.c (remoteDomainBuildEvent*): Add new
	Callback and Helper functions.
	(remoteEvents): Match order of RPC numbers, register new handlers.
	(remoteConnectDomainEventRegisterAny)
	(remoteConnectDomainEventDeregisterAny): Extend to cover all
	domain events.
	* src/remote_protocol-structs: Regenerate.

	event: client RPC protocol tweaks for domain lifecycle events
	The counterpart to the server RPC additions; here, a single
	function can serve both old and new calls, while incoming
	events must be serviced by two different functions.  Again,
	some wise choices in our XDR made it easier to share code
	managing similar events.
	While this only supports lifecycle events, it covers the
	harder part of how Register and RegisterAny interact; the
	remaining 15 events will be a mechanical change in a later
	patch.  For Register, we now have a callbackID locally for
	more efficient cleanup if the RPC fails; we also prefer to
	use the newer RPC where we know it is supported (the older
	RPC must be used if we don't know if RegisterAny is
	supported).
	* src/remote/remote_driver.c (remoteEvents): Register new RPC
	event handler.
	(remoteDomainBuildEventLifecycle): Move guts...
	(remoteDomainBuildEventLifecycleHelper): ...here.
	(remoteDomainBuildEventCallbackLifecycle): New function.
	(remoteConnectDomainEventRegister)
	(remoteConnectDomainEventDeregister)
	(remoteConnectDomainEventRegisterAny)
	(remoteConnectDomainEventDeregisterAny): Use new RPC when supported.

	event: prepare client to track domain callbackID
	We want to convert over to server-side events, even for older
	APIs.  To do that, the client side of the remote driver wants
	to distinguish between legacy virConnectDomainEventRegister and
	normal virConnectDomainEventRegisterAny, while knowing the
	client callbackID and the server's serverID for both types of
	registration.  The client also needs to probe whether the
	server supports server-side filtering.  However, for ease of
	review, we don't actually use the new RPCs until a later patch.
	* src/conf/object_event_private.h (virObjectEventStateCallbackID):
	Add parameter.
	* src/conf/object_event.c (virObjectEventCallbackListAddID)
	(virObjectEventStateRegisterID): Separate legacy from callbackID.
	(virObjectEventStateCallbackID): Pass through parameter.
	(virObjectEventCallbackLookup): Let legacy and global domain
	lifecycle events share a common remoteID.
	* src/conf/network_event.c (virNetworkEventStateRegisterID):
	Update caller.
	* src/conf/domain_event.c (virDomainEventStateRegister)
	(virDomainEventStateRegisterID, virDomainEventStateDeregister):
	Likewise.
	(virDomainEventStateRegisterClient)
	(virDomainEventStateCallbackID): Implement new functions.
	* src/conf/domain_event.h (virDomainEventStateRegisterClient)
	(virDomainEventStateCallbackID): New prototypes.
	* src/remote/remote_driver.c (private_data): Add field.
	(doRemoteOpen): Probe server feature.
	(remoteConnectDomainEventRegister)
	(remoteConnectDomainEventRegisterAny): Use new function.

	event: server RPC protocol tweaks for domain lifecycle events
	This patch adds some new RPC call numbers, but for ease of review,
	they sit idle until a later patch adds the client counterpart to
	drive the new RPCs.  Also for ease of review, I limited this patch
	to just the lifecycle event; although converting the remaining
	15 domain events will be quite mechanical.  On the server side,
	we have to have a function per RPC call, largely with duplicated
	bodies (the key difference being that we store in our callback
	opaque pointer whether events should be fired with old or new
	style); meanwhile, a single function can drive multiple RPC
	messages.  With a strategic choice of XDR struct layout, we can
	make the event generation code for both styles fairly compact.
	I debated about adding a tri-state witness variable per
	connection (values 'unknown', 'legacy', 'modern').  It would start
	as 'unknown', move to 'legacy' if any RPC call is made to a legacy
	event call, and move to 'modern' if the feature probe is made;
	then the event code could issue an error if the witness state is
	incorrect (a legacy RPC call while in 'modern', a modern RPC call
	while in 'unknown' or 'legacy', and a feature probe while in
	'legacy' or 'modern').  But while it might prevent odd behavior
	caused by protocol fuzzing, I don't see that it would prevent
	any security holes, so I considered it bloat.
	Note that sticking @acl markers on the new RPCs generates unused
	functions in access/viraccessapicheck.c, because there is no new
	API call that needs to use the new checks; however, having a
	consistent .x file is worth the dead code.
	* src/libvirt_internal.h (VIR_DRV_FEATURE_REMOTE_EVENT_CALLBACK):
	New feature.
	* src/remote/remote_protocol.x
	(REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_REGISTER_ANY)
	(REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_DEREGISTER_ANY)
	(REMOTE_PROC_DOMAIN_EVENT_CALLBACK_LIFECYCLE): New RPCs.
	* daemon/remote.c (daemonClientCallback): Add field.
	(remoteDispatchConnectDomainEventCallbackRegisterAny)
	(remoteDispatchConnectDomainEventCallbackDeregisterAny): New
	functions.
	(remoteDispatchConnectDomainEventRegisterAny)
	(remoteDispatchConnectDomainEventDeregisterAny): Mark legacy use.
	(remoteRelayDomainEventLifecycle): Change message based on legacy
	or new use.
	(remoteDispatchConnectSupportsFeature): Advertise new feature.
	* src/remote_protocol-structs: Regenerate.

	event: dynamically manage server-side RPC domain events
	This patch continues the earlier conversion made for network
	events, with a goal of introducing server-side event filtering
	in a later patch.  Actual behavior is unchanged without
	further RPC changes.
	* daemon/libvirtd.h (daemonClientPrivate): Alter the tracking of
	domain events.
	* daemon/remote.c (remoteClientInitHook, remoteClientFreeFunc)
	(remoteRelayDomainEvent*)
	(remoteDispatchConnectDomainEventRegister)
	(remoteDispatchConnectDomainEventRegisterAny): Track domain
	callbacks dynamically.

2014-02-12  Michael Chapman  <mike@very.puzzling.org>

	storage: handle NULL return from virGetStorageVol
	virGetStorageVol can return NULL on out-of-memory. If it does, cleanly
	abort the volume clone operation.

2014-02-12  Ján Tomko  <jtomko@redhat.com>

	Revert "storage: disk: Separate creating of the volume from building"
	This reverts commit 67ccf91bf29488783bd1fda46b362450f71a2078.
	We only generate the volume key after we've built it, but the storage
	driver expects it to be filled after createVol finishes.
	Squash the volume building back with creating to fulfill this
	expectation.

	Revert "storage: lvm: Separate creating of the volume from building"
	This reverts commit af1fb38f55d4fb87e0fcaee1e973fa9c6713b1e6.
	With it, creating new logical volumes fails:
	https://www.redhat.com/archives/libvir-list/2014-February/msg00658.html
	In the storage driver, we expect CreateVol to fill out the volume key,
	but the LVM backend fills the key with the uuid reported by lvs after the
	logical volume is created.

	Fix leaks in vircapstest
	Coverity complains about cell_cpus being leaked on error
	and valgrind shows 'caps' is leaked on success.
	Introduced in eb64e87.

2014-02-12  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Fixed build with clang.
	Two unused global variables, and DBUS_TYPE_INVALID used as a const
	char*.

	AppArmor: Fix the place where the template should be installed
	The security driver expects /etc/apparmor.d/libvirt/TEMPLATE but we
	installed it to /etc/apparmor.d/libvirtd/TEMPLATE. Move the template to
	the expected place since that code was here long before.

2014-02-12  Oleg Strikov  <oleg.strikov@canonical.com>

	qemu: Implement a stub cpuArchDriver.baseline() handler for aarch64
	Openstack Nova calls virConnectBaselineCPU() during initialization
	of the instance to get a full list of CPU features.
	This patch adds a stub to aarch64-specific code to handle
	this request (no actual work is done). That's enough to have
	this stub with limited functionality because qemu/kvm backend
	supports only 'host-passthrough' cpu mode on aarch64.

2014-02-12  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix libxlDoDomainSave documentation
	Update the function's comment, which was missed when removing use of
	the driver lock everywhere.

	libxl: register for domain events immediately after creation
	A small fix for the possiblitiy of jumping to an error path before
	registering for domain events, preventing receiving important ones
	like shutdown and death.

	libxl: rename libxlCreateDomEvents to libxlDomEventsRegister
	libxlDomEventsRegister better reflects its purpose: register for
	domain events from libxl.

2014-02-11  Ján Tomko  <jtomko@redhat.com>

	Rename 'index' in virCapabilitiesGetCpusForNode
	This shadows the index function on some systems (RHEL-6.4, FreeBSD 9):
	../../src/conf/capabilities.c: In function 'virCapabilitiesGetCpusForNode':
	../../src/conf/capabilities.c:1005: warning: declaration of'index'
	      shadows a global declaration [-Wshadow]
	/usr/include/strings.h:57: warning: shadowed declaration is here [-Wshadow]

2014-02-11  Pradipta Kr. Banerjee  <pradipta.banerjee@gmail.com>

	vircapstest: Introduce virCapabilitiesGetCpusForNodemask test
	This test creates a Fake NUMA topology with non-sequential cell ids
	to check if libvirt properly handles the same

	Handle non-sequential NUMA node numbers
	On some platforms like IBM PowerNV the NUMA node numbers can be
	non-sequential. For eg. numactl --hardware o/p from such a machine looks
	as given below
	node distances:
	   node   0   1  16  17
	     0:  10  40  40  40
	     1:  40  10  40  40
	    16:  40  40  10  40
	    17:  40  40  40  10
	The NUMA nodes are 0,1,16,17
	Libvirt uses sequential index as NUMA node numbers and this can
	result in crash or incorrect results.

2014-02-11  Peter Krempa  <pkrempa@redhat.com>

	storage: gluster: Set volume metadata in a separate function
	Extract the metadata setting code into a separate function for future
	use.

2014-02-11  Martin Kletzander  <mkletzan@redhat.com>

	qemu: introduce spiceport chardev backend
	Add a new backend for any character device.  This backend uses channel
	in spice connection.  This channel is similar to spicevmc, but
	all-purpose in contrast to spicevmc.
	Apart from spicevmc, spiceport-backed chardev will not be formatted
	into the command-line if there is no spice to use (with test for that
	as well).  For this I moved the def->graphics counting to the start
	of the function so its results can be used in rest of the code even in
	the future.

	qemu: remove pointless condition
	This patch is here just to ease the code review and make related
	changes look more sensible.  Apart from removing the condition this is
	merely a whitespace (indentation) change.

	qemu: rework '-serial none'
	Limiting ourselves to qemu without QEMU_CAPS_DEVICE capability, we
	used '-serial none' only if there was no serial device defined in the
	domain XML.  This means that if we want to have a possibility of the
	device being defined in XML, but not used in the command-line
	(e.g. when it's pointless), we'll fail to attach '-serial none' to the
	command-line (when skipping the device's command-line building and the
	device being the only one).
	Since there is no such device, this patch doesn't actually do
	anything, but enables easier future additions in this manner.

	conf: introduce spiceport chardev backend
	Add a new character device backend called 'spiceport' that uses
	spice's channel for communications and apart from spicevmc can be used
	as a backend for any character device from libvirt's point of view.

2014-02-11  Wido den Hollander  <wido@widodh.nl>

	rbd: Use rbd_create3 to create RBD format 2 images by default
	This new RBD format supports snapshotting and cloning. By having
	libvirt create images in format 2 end-users of the created images
	can benefit from the new RBD format.
	Older versions of libvirt can work with this new RBD format as long
	as librbd supports format 2. RBD format is supported by librbd since
	version 0.56 (Ceph Bobtail).

2014-02-11  Joel SIMOES  <joel.simoes@laposte.net>

	Libvirt lose sheepdogs volumes on pool refresh or restart. When restarting sheepdog pool, all volumes are missing. This patch add automatically all volume from the added pool.
	Adding last Daniel P. Berrange's syntaxes correction.
	Adding vol on separeted function 'inspired' from parallels_storage :
	parallelsAddDiskVolume

2014-02-11  Laine Stump  <laine@laine.org>

	build: correctly check for SOICGIFVLAN GET_VLAN_VID_CMD command
	In order to make a client-only build successful on RHEL4 (yes, you
	read that correctly!), commit 3ed2e54 modified src/util/virnetdev.c so
	that the functional version of virNetDevGetVLanID() was only compiled
	if GET_VLAN_VID_CMD was defined. However, it is *never* defined, but
	is only an enum value, so the proper version was no longer compiled
	even on platforms that support it. This resulted in the vlan tag not
	being properly set for guest traffic on VEPA mode guest macvtap
	interfaces that were bound to a vlan interface (that's the only place
	that libvirt currently uses virNetDevGetVLanID)
	Since there is no way to compile conditionally based on the presence
	of an enum value, this patch modifies configure.ac to check for said
	enum value with AC_CHECK_DECLS(), which #defines
	HAVE_DECL_GET_VLAN_VID_CMD to 1 if it's successful compiling a test
	program that uses GET_VLAN_VID_CMD (and still #defines it, but to 0,
	if it's not successful).  We can then make the compilation of
	virNetDevGetVLanID() conditional on the value of
	HAVE_DECL_GET_VLAN_VID_CMD.

2014-02-11  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: grammar fixes in formatdomain
	Some grammar fixes.
	s/namespace,set/namespace, set
	s/container being allowed/container are allowed
	s/the <code>uid/The <code>uid

2014-02-11  Yuri Myasoedov  <ymyasoedov@yandex.ru>

	maint: fix line numbers in check-aclrules reports
	Reset line numbering on each input file in check-aclrules.pl. Otherwise
	it reports wrong line numbers in its error messages.

2014-02-11  Michal Privoznik  <mprivozn@redhat.com>

	virNetworkLoadState: Disallow mangled 'floor' element
	In the network status XML we may have the <floor/> element with the
	'sum' attribute. The attribute represents sum of all 'floor'-s of
	computed over each interface connected to the network (this is needed to
	guarantee certain bandwidth for certain domain). The sum is therefore a
	number. However, if the number was mangled (e.g. by an user's
	interference to network status file), we've just ignored it without
	refusing to parse such file. This was all due to 'goto error' missing.

2014-02-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: Use correct permissions when determining the image chain
	The code took into account only the global permissions. The domains now
	support per-vm DAC labels and per-image DAC labels. Use the most
	specific label available.

2014-02-10  Michal Privoznik  <mprivozn@redhat.com>

	networkStartNetwork: Be more verbose
	The lack of debug printings might be frustrating in the future.
	Moreover, this function doesn't follow the usual pattern we have in the
	rest of the code:
	  int ret = -1;
	  /* do some work */
	  ret = 0;
	cleanup:
	  /* some cleanup work */
	  return ret;

2014-02-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: hyperv: Add support for timer enlightenments
	Add a new <timer> for the HyperV reference time counter enlightenment
	and the iTSC reference page for Windows guests.
	This feature provides a paravirtual approach to track timer events for
	the guest (similar to kvmclock) with the option to use real hardware
	clock on systems with a iTSC with compensation across various hosts.

	conf: Enforce supported options for certain timers
	According to the documentation various timer options are only supported
	by certain timer types. Add a post parse check to verify that the user
	didn't specify invalid options.
	Also fix the qemu command line parsing function to set correct default
	values for the kvmclock timer so that it passes the new check.

	schema: Fix guest timer specification schema according to the docs
	According to the documentation describing various tunables for domain
	timers not all the fields are supported by all the driver types. Express
	these in the RNG:
	- rtc, platform: Only these support the "track" attribute.
	- tsc: only one to support "frequency" and "mode" attributes
	- hpet, pit: tickpolicy/catchup attribute/element
	- kvmclock: no extra attributes are supported
	Additionally the attributes of the <catchup> element for
	tickpolicy='catchup' are optional according to the parsing code. Express
	this in the XML and fix a spurious space added while formatting the
	<catchup> element and add tests for it.

2014-02-08  Felix Geyer  <debfx@fobos.de>

	apparmor: Improve profiles
	Tested on Debian unstable.
	The profile updates are partly taken from the Ubuntu trusty libvirt package.

2014-02-07  John Ferlan  <jferlan@redhat.com>

	virpci: Resolve coverity issues
	Coverity complains about "USE_AFTER_FREE" due to how virPCIDeviceSetStubDriver
	"could" return either -1, 0, or 1 from the VIR_STRDUP() and then possibly makes
	a call to virPCIDeviceDetach().
	The only way this could happen is if NULL were passed as the "driver" name
	and virStrdup() returned 0.  Since the calling functions check < 0 on the
	initial function call, the 0 possibility causes Coverity to complain.
	To fix this - enforce that the second parameter is not NULL using
	ATTRIBUTE_NONNULL(2) for the function prototype, then in virPCIDeviceDetach
	add an sa_assert(dev->stubDriver). This will result in Coverity not complaining
	any more.

2014-02-07  Christophe Fergeau  <cfergeau@redhat.com>

	Add glusterfs to VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_POOL_TYPE
	If it's not present in this list, we won't be able to get only
	glusterfs pools when using virConnectListAllStoragePools.

	build-sys: Removed unused variable from configure.ac
	LIBGLUSTER_LIBS is emptied before gluster is enabled/disabled, but nothing
	else sets/uses this variable, so it can be removed.

2014-02-07  Martin Kletzander  <mkletzan@redhat.com>

	qemu: keep pre-migration domain state after failed migration
	Couple of codepaths shared the same code which can be moved out to a
	function and on one of such places, qemuMigrationConfirmPhase(), the
	domain was resumed even if it wasn't running before the migration
	started.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1057407

2014-02-07  Jim Fehlig  <jfehlig@suse.com>

	libxl: remove unneeded locking of driver when restoring
	libxlDomainRestoreFlags acquires the driver lock while reading the
	domain config from the save file and adding it to
	libxlDriverPrivatePtr->domains.  But virDomainObjList provides
	self-locking APIs, so remove the needless driver locking.

	libxl: improve subprocess handling
	If available, let libxl handle reaping any children it creates by
	specifying libxl_sigchld_owner_libxl_always_selective_reap.  This
	feature was added to improve subprocess handling in libxl when used
	in an application that does not install a SIGCHLD handler like
	libvirt
	http://lists.xen.org/archives/html/xen-devel/2014-01/msg01555.html
	Prior to this patch, it is possible to hit asserts in libxl when
	reaping subprocesses, particularly during simultaneous operations
	on multiple domains.  With this patch, and the corresponding changes
	to libxl, I no longer see the asserts.  Note that the libxl changes
	will be included in Xen 4.4.0.  Previous Xen versions will be
	susceptible to hitting the asserts even with this patch applied to
	the libvirt libxl driver.

	libxl: handle domain shutdown events in a thread
	Handling the domain shutdown event within the event handler seems
	a bit unfair to libxl's event machinery.  Domain "shutdown" could
	take considerable time.  E.g. if the shutdown reason is reboot,
	the domain must be reaped and then started again.
	Spawn a shutdown handler thread to do this work, allowing libxl's
	event machinery to go about its business.

	libxl: remove list of timer registrations from libxlDomainObjPrivate
	Due to some misunderstanding of requirements libxl places on timer
	handling, I introduced the half-brained idea of maintaining a list
	of timeouts that the driver could force to expire before freeing a
	libxlDomainObjPrivate (and hence libxl_ctx).  But testing all
	the latest versions of Xen supported by the libxl driver (4.2.3,
	4.3.1, 4.4.0 RC3), I see that libxl will handle this just fine and
	there is no need to force expiration behind libxl's back.  Indeed it
	may be harmful to do so.
	This patch removes the timer list, allowing libxl to handle cleanup
	of its timer registrations.

	libxl: fix leaking libxlDomainObjPrivate
	When libxl registers an FD with the libxl driver, the refcnt of the
	associated libxlDomainObjPrivate object is incremented. The refcnt
	is decremented when libxl deregisters the FD.  But some FDs are only
	deregistered when their libxl ctx is freed, which unfortunately is
	done in the libxlDomainObjPrivate dispose function.  With references
	held by the FDs, libxlDomainObjPrivate is never disposed.
	I added the ref/unref in FD registration/deregistration when adding
	the same in timer registration/deregistration.  For timers, this
	is a simple approach to ensuring the libxlDomainObjPrivate is not
	disposed prior to their expirtation, which libxl guarantees will
	occur.  It is not needed for FDs, and only causes
	libxlDomainObjPrivate to leak.
	This patch removes the reference on libxlDomainObjPrivate for FD
	registrations, but retains them for timer registrations.  Tested on
	the latest releases of Xen supported by the libxl driver:  4.2.3,
	4.3.1, and 4.4.0 RC3.

2014-02-07  Matthieu Coudron  <mattator@gmail.com>

	qemu_driver: Introduce <filesystem/> support in device attach/detach
	This commit allows to attach/detach a <filesystem> device in qemu. For
	this purpose I'm introducing two new functions: virDomainFSInsert() and
	virDomainFSRemove() and adding necessary code in the qemu driver.  It
	compares filesystems based on their "destination" folder. So if two
	filesystems share the same destination, they are considered equal and
	the qemu driver would reject the insertion.

	virDomainHostdev{Insert,Delete}: Replace VIR_REALLOC_N by VIR_{APPEND,DELETE}_ELEMENT
	With this change the code gets shorter and more readable.

2014-02-06  Michal Privoznik  <mprivozn@redhat.com>

	qemuxml2argvtest: Set timezone
	With my recent work on the test, both time() and localtime() are used.
	While mocking the former one, we get predictable result for UTC. But
	since the latter function uses timezone to get local time, the result of
	localtime() is not so predictive. Therefore, we must set the TZ variable
	at the beginning of the test. To be able to catch some things that work
	just by a blind chance, I'm choosing a virtual timezone that (hopefully)
	no libvirt developer resides in.

	qemuxml2argvmock: Mock time() on non-linux platforms too
	The qemuxml2argvtest is run on more platforms than linux. For instance
	FreeBSD. On these platforms we are, however, not mocking time() which
	results in current time being fetched from system and hence tests number
	32 and 33 failing.

2014-02-06  Ján Tomko  <jtomko@redhat.com>

	virsh: only report filled values in nodecpustats
	Rewrite the function to use an array instead of a struct,
	translating the field names to int via an enum.

2014-02-06  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	BSD: implement nodeGetCPUStats
	Implementation obtains CPU usage information using
	kern.cp_time and kern.cp_times sysctl(8)s and reports
	CPU utilization.

2014-02-06  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix crash in virDomainMemoryStats with old qemu
	If virDomainMemoryStats was run on a domain with virtio balloon driver
	running on an old qemu which supports QMP but does not support qom-list
	QMP command, libvirtd would crash. The reason is we did not check if
	qemuMonitorJSONGetObjectListPaths failed and moreover we even stored its
	result in an unsigned integer type.

2014-02-06  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockjob: Print correct file name in error message
	When attempting a blockcommit from the top layer, the base argument
	passed is NULL. This will be dereferenced when attempting a commit with
	an empty image chain. Output the real volume path instead:
	virsh blockcommit --verbose --path vda --domain DOMNAME --wait
	error: invalid argument: top '/path/somefile' in chain for 'vda' has no backing file
	instead of:
	error: invalid argument: top '(null)' in chain for 'vda' has no backing file

	maint: Change the text of the NULLSTR() macro to "<null>"
	Eric Blake suggested to change this message to be different from the
	glibc's NULL deref protection message in printf to be able to
	differentiate errors.

2014-02-06  Michal Privoznik  <mprivozn@redhat.com>

	qemuxml2argvtest: Test localtime clock basis
	When trying to introduce a test for previous patch, I've
	noticed that the command line is constructed using current
	time. This won't work in our test suite (unless you guys
	wants to set a specific time prior to each test run :) ).
	Therefore we need to mock calls to time(2) to return the
	same value every time it's called.

	qemuBuildClockArgStr: Allow localtime clock basis
	https://bugzilla.redhat.com/show_bug.cgi?id=1046192
	Commit b8bf79a, which adds clock='variable', forgets to check
	localtime basis in qemuBuildClockArgStr(). So that localtime
	basis could not be used.
	Reported-by: Jincheng Miao <jmiao@redhat.com>

2014-02-06  Ján Tomko  <jtomko@redhat.com>

	Generate a valid imagelabel even for type 'none'
	Commit 2ce63c1 added imagelabel generation when relabeling is turned
	off. But we weren't filling out the sensitivity for type 'none' labels,
	resulting in an invalid label:
	$ virsh managedsave domain
	error: unable to set security context 'system_u:object_r:svirt_image_t'
	on fd 28: Invalid argument

2014-02-06  Eric Blake  <eblake@redhat.com>

	maint: fix grammar in conf file
	Noticed a misuse of 'to' while testing my event regression under
	polkit ACLs, and decided to review the entire conf files for
	other legibility bugs.
	* daemon/libvirtd.conf: Use correct grammar.
	* src/qemu/qemu.conf: Likewise.

2014-02-05  Eric Blake  <eblake@redhat.com>

	event: move event filtering to daemon (regression fix)
	https://bugzilla.redhat.com/show_bug.cgi?id=1058839
	Commit f9f56340 for CVE-2014-0028 almost had the right idea - we
	need to check the ACL rules to filter which events to send.  But
	it overlooked one thing: the event dispatch queue is running in
	the main loop thread, and therefore does not normally have a
	current virIdentityPtr.  But filter checks can be based on current
	identity, so when libvirtd.conf contains access_drivers=["polkit"],
	we ended up rejecting access for EVERY event due to failure to
	look up the current identity, even if it should have been allowed.
	Furthermore, even for events that are triggered by API calls, it
	is important to remember that the point of events is that they can
	be copied across multiple connections, which may have separate
	identities and permissions.  So even if events were dispatched
	from a context where we have an identity, we must change to the
	correct identity of the connection that will be receiving the
	event, rather than basing a decision on the context that triggered
	the event, when deciding whether to filter an event to a
	particular connection.
	If there were an easy way to get from virConnectPtr to the
	appropriate virIdentityPtr, then object_event.c could adjust the
	identity prior to checking whether to dispatch an event.  But
	setting up that back-reference is a bit invasive.  Instead, it
	is easier to delay the filtering check until lower down the
	stack, at the point where we have direct access to the RPC
	client object that owns an identity.  As such, this patch ends
	up reverting a large portion of the framework of commit f9f56340.
	We also have to teach 'make check' to special-case the fact that
	the event registration filtering is done at the point of dispatch,
	rather than the point of registration.  Note that even though we
	don't actually use virConnectDomainEventRegisterCheckACL (because
	the RegisterAny variant is sufficient), we still generate the
	function for the purposes of documenting that the filtering
	takes place.
	Also note that I did not entirely delete the notion of a filter
	from object_event.c; I still plan on using that for my upcoming
	patch series for qemu monitor events in libvirt-qemu.so.  In
	other words, while this patch changes ACL filtering to live in
	remote.c and therefore we have no current client of the filtering
	in object_event.c, the notion of filtering in object_event.c is
	still useful down the road.
	* src/check-aclrules.pl: Exempt event registration from having to
	pass checkACL filter down call stack.
	* daemon/remote.c (remoteRelayDomainEventCheckACL)
	(remoteRelayNetworkEventCheckACL): New functions.
	(remoteRelay*Event*): Use new functions.
	* src/conf/domain_event.h (virDomainEventStateRegister)
	(virDomainEventStateRegisterID): Drop unused parameter.
	* src/conf/network_event.h (virNetworkEventStateRegisterID):
	Likewise.
	* src/conf/domain_event.c (virDomainEventFilter): Delete unused
	function.
	* src/conf/network_event.c (virNetworkEventFilter): Likewise.
	* src/libxl/libxl_driver.c: Adjust caller.
	* src/lxc/lxc_driver.c: Likewise.
	* src/network/bridge_driver.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/remote/remote_driver.c: Likewise.
	* src/test/test_driver.c: Likewise.
	* src/uml/uml_driver.c: Likewise.
	* src/vbox/vbox_tmpl.c: Likewise.
	* src/xen/xen_driver.c: Likewise.

	rpm: create libvirt-wireshark sub-package
	On Fedora 20, with wireshark-devel installed, 'make rpm' failed
	due to installed but unpackaged files related to wireshark.  As
	F20 is already released without wireshark, I chose to add a new
	sub-package that is enabled only for F21 and later.  Furthermore,
	all existing wireshark plugins belong to the wireshark package,
	so I got to invent behavior of how the first third-party wireshark
	module will behave.
	* libvirt.spec.in (with_wireshark): Add new conditional.
	* configure.ac (ws-plugindir): Improve wording.

2014-02-05  Laine Stump  <laine@laine.org>

	network: disallow <bandwidth>/<mac> for bridged/macvtap/hostdev networks
	https://bugzilla.redhat.com/show_bug.cgi?id=1057321
	pointed out that we weren't honoring the <bandwidth> element in
	libvirt networks using <forward mode='bridge'/>. In fact, these
	networks are just a method of giving a libvirt network name to an
	existing Linux host bridge on the system, and libvirt doesn't have
	enough information to know where to set such limits. We are working on
	a method of supporting network bandwidths for some specific cases of
	<forward mode='bridge'/>, but currently libvirt doesn't support it. So
	the proper thing to do now is just log an error when someone tries to
	put a <bandwidth> element in that type of network. (It's unclear if we
	will be able to do proper bandwidth limiting for macvtap networks, and
	most definitely we will not be able to support it for hostdev
	networks).
	While looking through the network XML documentation and comparing it
	to the networkValidate function, I noticed that we also ignore the
	presence of a mac address in the config in the same cases, rather than
	failing so that the user will understand that their desired action has
	not been taken.
	This patch updates networkValidate() (which is called any time a
	persistent network is defined, or a transient network created) to log
	an error and fail if it finds either a <bandwidth> or <mac> element
	and the network forward mode is anything except 'route'. 'nat', or
	nothing. (Yes, neither of those elements is acceptable for any macvtap
	mode, nor for a hostdev network).
	NB: This does *not* cause failure to start any existing network that
	contains one of those elements, so someone might have erroneously
	defined such a network in the past, and that network will continue to
	function unmodified. I considered it too disruptive to suddenly break
	working configs on the next reboot after a libvirt upgrade.

2014-02-05  Justin Clift  <jclift@redhat.com>

	Fix minor typo in governance doc
	While at it, also relinquish active commit rights:
	[x years between commits] is probably a poster child example of inactivity :)

2014-02-04  John Ferlan  <jferlan@redhat.com>

	Honor blacklist for modprobe command
	https://bugzilla.redhat.com/show_bug.cgi?id=1045124
	When loading modules, libvirt does not honor the modprobe blacklist.
	Use the new virKModLoad() API in order to attempt load with blacklist check.
	Use the new virKModIsBlacklisted() API to check if the failure to load
	was due to the blacklist

	tests: Add test for new virkmod functions
	Adding tests for new virKMod{Config|Load|Unload}() API's.
	A test for virKModIsBlacklisted() would require some setup which cannot
	be assumed.

	utils: Introduce functions for kernel module manipulation
	virKModConfig()        - Return a buffer containing kernel module configuration
	virKModLoad()          - Load a specific module into the kernel configuration
	virKModUnload()        - Unload a specific module from the kernel configuration
	virKModIsBlacklisted() - Determine whether a module is blacklisted within
	                         the kernel configuration

2014-02-04  Laine Stump  <laine@laine.org>

	qemu: be sure we're using the updated value of backend during hotplug
	commit f094aaac changed qemuPrepareHostdevPCIDevices() such that it
	may modify the "backend" (vfio vs. legacy kvm) setting in the
	virHostdevDef. However, qemuDomainAttachHostPciDevice() (used by
	hotplug) copies the backend setting into a local *before* calling
	qemuPrepareHostdevPCIDevices(), and then later makes a decision based
	on that pre-change value.
	The result is that, if the backend had been set to "default" (i.e. not
	specified in the config) and was later updated to "VFIO" by
	qemuPrepareHostdevPCIDevices(), the qemu process' MacMemLock is not
	increased (as is required for VFIO device assignment).
	This patch delays making the local copy of backend until after its
	potential modification.

2014-02-04  Daniel P. Berrange  <berrange@redhat.com>

	Write up the project governance process
	The project has historically operated as a meritocratic
	consensus based community. Formally document what has
	always been an unwritten assumption amongst the community
	participants. Also include an explicit code of conduct
	to preempt any potential, but unlikely, future problems.

2014-02-04  Laine Stump  <laine@laine.org>

	network: change default of forwardPlainNames to 'yes'
	The previous patch fixed "forwardPlainNames" so that it really is
	doing only what is intended, but left the default to be
	"forwardPlainNames='no'". Discussion around the initial version of
	that patch led to the decision that the default should instead be
	"forwardPlainNames='yes'" (i.e. the original behavior before commit
	f3886825). This patch makes that change to the default.

	network: only prevent forwarding of DNS requests for unqualified names
	In commit f386825 we began adding the options
	  --domain-needed
	  --local=/$mydomain/
	to all dnsmasq commandlines with the stated reason of preventing
	forwarding of DNS queries for names that weren't fully qualified
	domain names ("FQDN", i.e. a name that included some "."s and a domain
	name). This was later changed to
	  domain-needed
	  local=/$mydomain/
	when we moved the options from the dnsmasq commandline to a conf file.
	The original patch on the list, and discussion about it, is here:
	  https://www.redhat.com/archives/libvir-list/2012-August/msg01594.html
	When a domain name isn't specified (mydomain == ""), the addition of
	"domain-needed local=//" will prevent forwarding of domain-less
	requests to the virtualization host's DNS resolver, but if a domain
	*is* specified, the addition of "local=/domain/" will prevent
	forwarding of any requests for *qualified* names within that domain
	that aren't resolvable by libvirt's dnsmasq itself.
	An example of the problems this causes - let's say a network is
	defined with:
	   <domain name='example.com'/>
	   <dhcp>
	      ..
	      <host mac='52:54:00:11:22:33' ip='1.2.3.4' name='myguest'/>
	   </dhcp>
	This results in "local=/example.com/" being added to the dnsmasq options.
	If a guest requests "myguest" or "myguest.example.com", that will be
	resolved by dnsmasq. If the guest asks for "www.example.com", dnsmasq
	will not know the answer, but instead of forwarding it to the host, it
	will return NOT FOUND to the guest. In most cases that isn't the
	behavior an admin is looking for.
	A later patch (commit 4f595ba) attempted to remedy this by adding a
	"forwardPlainNames" attribute to the <dns> element. The idea was that
	if forwardPlainNames='yes' (default is 'no'), we would allow
	unresolved names to be forwarded. However, that patch was botched, in
	that it only removed the "domain-needed" option when
	forwardPlainNames='yes', and left the "local=/mydomain/".
	Really we should have been just including the option "--domain-needed
	--local=//" (note the lack of domain name) regardless of the
	configured domain of the network, so that requests for names without a
	domain would be treated as "local to dnsmasq" and not forwarded, but
	all others (including those in the network's configured domain) would
	be forwarded. We also shouldn't include *either* of those options if
	forwardPlainNames='yes'. This patch makes those corrections.
	This patch doesn't remedy the fact that default behavior was changed
	by the addition of this feature. That will be handled in a subsequent
	patch.

2014-02-04  Martin Kletzander  <mkletzan@redhat.com>

	build: Fix 'make rpm' in VPATH with wireshark

2014-02-04  Ján Tomko  <jtomko@redhat.com>

	man: shm-merge-across-nodes is optional
	Mark the shm-merge-across-nodes parameter of node-memory-tune command
	as optional in the virsh man page.

2014-02-04  Michal Privoznik  <mprivozn@redhat.com>

	virnetdevbandwidthtest: Link with libxml2
	I've received a notice over IRC that on some systems, the
	virnetdevbandwidthtest is not linked with libxml:
	  /usr/bin/ld: virnetdevbandwidthtest.o: undefined reference to symbol 'xmlStrEqual@@LIBXML2_2.4.30'
	  /usr/lib/x86_64-linux-gnu/libxml2.so.2: error adding symbols: DSO missing from command line
	Trivial way avoiding this is to add LIBXML_LIBS to
	virnetdevbandwidthtest_LDADD.

2014-02-03  Martin Kletzander  <mkletzan@redhat.com>

	spice: don't force user to specify spicevmc channel
	We support only one spicevmc channel name anyway and the code is
	prepared to use the default one, there's only one check missing.  It
	is also mentioned in the documentation already and helps defining
	domains with spice vdagent for people using virsh.

2014-02-01  John Ferlan  <jferlan@redhat.com>

	Resolve Coverity dead_error_begin
	Coverity complains about default: label in libxl_driver.c not be able
	to be reached. It's by design for the code and since it's not necessary
	in the code nor does it elicit any compiler/make check warnings - just
	remove it rather than adding a coverity[dead_error_begin] tag.
	While I'm at it, lxc_driver.c and nodeinfo.c have the same design, so I
	removed the default labels and the existing coverity tags.

2014-01-31  Michal Privoznik  <mprivozn@redhat.com>

	virnetdevbandwidthtest: Introduce some more tests
	And while doing this, fix one error raised by coverity. With
	current code, @actual_cmd is allowed to be NULL for the whole
	run of testVirNetDevBandwidthSet. However, if something else
	was expected, the @actal_cmd is passed to virtTestDifference
	which dereference it immediately.

2014-01-31  Cédric Bosdonnat  <cbosdonnat@suse.com>

	virnetdevbandwidthtest: fix hard coded /sbin/tc
	On openSuse, (and possibly other distros), tc isn't located in
	/sbin/tc. To get rid of that problem, use TC constant instead of hard
	coded /sbin/tc in the expected string

2014-01-31  Daniel P. Berrange  <berrange@redhat.com>

	Push nwfilter update locking up to top level
	The NWFilter code has as a deadlock race condition between
	the virNWFilter{Define,Undefine} APIs and starting of guest
	VMs due to mis-matched lock ordering.
	In the virNWFilter{Define,Undefine} codepaths the lock ordering
	is
	  1. nwfilter driver lock
	  2. virt driver lock
	  3. nwfilter update lock
	  4. domain object lock
	In the VM guest startup paths the lock ordering is
	  1. virt driver lock
	  2. domain object lock
	  3. nwfilter update lock
	As can be seen the domain object and nwfilter update locks are
	not acquired in a consistent order.
	The fix used is to push the nwfilter update lock upto the top
	level resulting in a lock ordering for virNWFilter{Define,Undefine}
	of
	  1. nwfilter driver lock
	  2. nwfilter update lock
	  3. virt driver lock
	  4. domain object lock
	and VM start using
	  1. nwfilter update lock
	  2. virt driver lock
	  3. domain object lock
	This has the effect of serializing VM startup once again, even if
	no nwfilters are applied to the guest. There is also the possibility
	of deadlock due to a call graph loop via virNWFilterInstantiate
	and virNWFilterInstantiateFilterLate.
	These two problems mean the lock must be turned into a read/write
	lock instead of a plain mutex at the same time. The lock is used to
	serialize changes to the "driver->nwfilters" hash, so the write lock
	only needs to be held by the define/undefine methods. All other
	methods can rely on a read lock which allows good concurrency.

	Remove windows thread implementation in favour of pthreads
	There are a number of pthreads impls available on Win32
	these days, in particular the mingw64 project has a good
	impl. Delete the native windows thread implementation and
	rely on using pthreads everywhere.

	Fix pthread_sigmask check for mingw32 without winpthreads
	On Fedora 19 and older the pthreads impl provided with
	mingw does not have any pthread_sigmask impl at all. The
	configure.ac check was not distinguishing this scenario
	from that of a broken pthread_sigmask impl, so was
	mistakenly enabling the libvirt workaround even when it
	was not needed. This in turn conflicted with the gnulib
	provided pthread_sigmask impl.

	Add a read/write lock implementation
	Add virRWLock backed up by a POSIX rwlock primitive

	Skip check-augeas-lockd when QEMU is disabled
	The check-augeas-lockd test depends on the file
	locking/qemu-lockd.conf, so must be skipped when QEMU
	is disabled.

2014-01-30  Osier Yang  <jyang@redhat.com>

	tests: Modify the scsi util tests
	Add tests/virscsidata/sg0 and tests/virscsidata/sg8 as the test
	input for constructing scsi->sg_path. And change the scsi generic
	number of "1:0:0:0", because it's easy to hide the problem (assuming
	most machines have a CDROM drive).

	util: Accept test data path for scsi device's sg_path
	Commit 10c9ceff6d intended to introduce new argument for the
	testing purpose, but it missed the similar changing of the
	device's sg_path. The problem was hidden since my laptop has
	the /dev/sg0 and /dev/sg1.  A later patch will modify the tests
	accordingly.
	Reported-by: Pavel Hrdina <phrdina@redhat.com>

2014-01-30  Pavel Hrdina  <phrdina@redhat.com>

	docs/page.xls: remove unnecessary namespace attribute
	It breaks the build on RHEL-5.10 and because it's only optional we
	could remove it from the code. The default namespace will be used.
	This hunk was introduced by commit 237a088ba44633b08e0528fe5103d99b1e213b71.

2014-01-30  Osier Yang  <jyang@redhat.com>

	qemu: Fix the error message for scsi host device's shareable checking
	This fixes the wrong argument order.

	tests: Add tests for scsi utils
	This creates the basic unit tests for the scsi utils.

	util: Add one argument for several scsi utils
	To support passing the path of the test data to the utils, one
	more argument is added to virSCSIDeviceGetSgName,
	virSCSIDeviceGetDevName, and virSCSIDeviceNew, and the related
	code is changed accordingly.
	Later tests for the scsi utils will be based on this patch.

	qemu: Don't fail if the SCSI host device is shareable between domains
	It doesn't make sense to fail if the SCSI host device is specified
	as "shareable" explicitly between domains (NB, it works if and only
	if the device is specified as "shareable" for *all* domains,
	otherwise it fails).
	To fix the problem, this patch introduces an array for virSCSIDevice
	struct, which records all the names of domain which are using the
	device (note that the recorded domains must specify the device as
	shareable).  And the change on the data struct brings on many
	subsequent changes in the code.
	Prior to this patch, the "shareable" tag didn't work as expected,
	it actually work like "non-shareable".  So this patch also added notes
	in formatdomain.html to declare the fact.
	* src/util/virscsi.h:
	  - Remove virSCSIDeviceGetUsedBy
	  - Change definition of virSCSIDeviceGetUsedBy and virSCSIDeviceListDel
	  - Add virSCSIDeviceIsAvailable
	* src/util/virscsi.c:
	  - struct virSCSIDevice: Change "used_by" to be an array; Add
	    "n_used_by" as the array count
	  - virSCSIDeviceGetUsedBy: Removed
	  - virSCSIDeviceFree: frees the "used_by" array
	  - virSCSIDeviceSetUsedBy: Copy the domain name to avoid potential
	    memory corruption
	  - virSCSIDeviceIsAvailable: New
	  - virSCSIDeviceListDel: Change the logic, for device which is already
	    in the list, just remove the corresponding entry in "used_by". And
	    since it's only used in one place, we can safely removing the code
	    to find out the dev in the list first.
	  - Copyright updating
	* src/libvirt_private.sys:
	  - virSCSIDeviceGetUsedBy: Remove
	  - virSCSIDeviceIsAvailable: New
	* src/qemu/qemu_hostdev.c:
	  - qemuUpdateActiveScsiHostdevs: Check if the device existing before
	    adding it to the list;
	  - qemuPrepareHostdevSCSIDevices: Error out if the not all domains
	    use the device as "shareable"; Also don't try to add the device
	    to the activeScsiHostdevs list if it already there; And make
	    more sensible error w.r.t the current "shareable" value in
	    driver->activeScsiHostdevs.
	  - qemuDomainReAttachHostScsiDevices: Change the logic according
	    to the changes on helpers.

2014-01-30  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	maint: add configure checks for BSD CPU affinity
	Check for presence of sys/cpuset.h header and cpuset_getaffinity()
	in configure instead of just using #ifdef __FreeBSD__ for that code.

2014-01-30  Michal Privoznik  <mprivozn@redhat.com>

	Revert "networkAllocateActualDevice: Set QoS for bridgeless networks too"
	This reverts commit 2996e6be19a13199ded7c2aa21039cca97318e01
	and some parts of 2636dc8c4de83cd37bc0680a6fbc3f6d25023bd7.
	The former one tried to implement QoS setting on bridgeless networks.
	However, as discussed upstream [1], the patch is far away from being
	useful in even a single case. The whole idea of network QoS is to have
	aggregated limits over several interfaces. This patch is doing
	completely the opposite when merging two QoS settings (from the network
	and the domain interface) into one which is then set at the domain
	interface itself, not the network.
	The latter one is the test for the previous one. Now none of them makes
	sense.
	1: https://www.redhat.com/archives/libvir-list/2014-January/msg01441.html
	Conflicts:
		tests/virnetdevbandwidthtest.c: New test has been introduced since
	    then.

	virnetdevbandwidthtest: Introduce testVirNetDevBandwidthSet
	The test tries to set some QoS limits and check if the commands
	that are actually executed are the expected ones.

	virCommand: Introduce virCommandSetDryRun
	There are some units within libvirt that utilize virCommand API to run
	some commands and deserve own unit testing. These units are, however,
	not desired to be rewritten to dig virCommand API usage out. As a great
	example virNetDevBandwidth could be used. The problem with the bandwidth
	unit is: it uses virCommand API heavily. Therefore we need a mechanism
	to not really run a command, but rather see its string representation
	after which we can decide if the unit construct the correct sequence of
	commands or not.

2014-01-29  Peter Krempa  <pkrempa@redhat.com>

	snapshot: Add support for specifying snapshot disk backing type
	Add support for specifying various types when doing snapshots. This will
	later allow to do snapshots on network backed volumes. Disks of type
	'volume' are not supported by snapshots (yet).
	Also amend the test suite to check parsing of the various new disk
	types that can now be specified.

2014-01-29  Jim Fehlig  <jfehlig@suse.com>

	xen: fix parsing xend http response
	Commit df36af58 broke parsing of http response from xend.  The prior
	use of atoi() would happily parse e.g. a string containing "200 OK\r\n",
	whereas virStrToLong_i() will fail when called with a NULL end_ptr.
	Change the calls to virStrToLong_i() to provide a non-NULL end_ptr.

2014-01-29  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add more tests for virConnectBaselineCPU
	https://bugzilla.redhat.com/show_bug.cgi?id=1049391
	The new tests would fail in various ways without the two previous
	commits.

	cpu: Try to use source CPU model in virConnectBaselineCPU
	https://bugzilla.redhat.com/show_bug.cgi?id=1049391
	When all source CPU XMLs contain just a single CPU model (with a
	possibly varying set of additional feature elements),
	virConnectBaselineCPU will try to use this CPU model in the computed
	guest CPU. Thus, when used on just a single CPU (useful with
	VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES), the result will not use a
	different CPU model.
	If the computed CPU uses the source model, set fallback mode to 'forbid'
	to make sure the guest CPU will always be as close as possible to the
	source CPUs.

	cpu: Fix VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES
	https://bugzilla.redhat.com/show_bug.cgi?id=1049391
	VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES flag for virConnectBaselineCPU
	did not work if the resulting guest CPU would disable some features
	present in its base model. This patch makes sure we won't try to add
	such features twice.

	tests: Better support for VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES
	https://bugzilla.redhat.com/show_bug.cgi?id=1049391
	virConnectBaselineCPU test results are now stored in different files
	depending on VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES.

2014-01-28  Ján Tomko  <jtomko@redhat.com>

	Reword error message for oversized cpu time fields

	Simplify linuxNodeGetCPUStats
	Split out the repetitive code.

2014-01-28  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	BSD: implement virProcess{Get,Set}Affinity
	Implement virProcess{Get,Set}Affinity() using cpuset_getaffinity()
	and cpuset_setaffinity() calls. Quick search showed that they are
	only available on FreeBSD, so placed it inside existing #ifdef
	blocks for FreeBSD instead of adding configure checks.

2014-01-28  Pradipta Kr. Banerjee  <bpradip@in.ibm.com>

	Add hw random number generator (/dev/hwrng) to cgroup ACL
	Creating a qemu VM with /dev/hwrng as backend RNG device throws the
	following error - "Could not open '/dev/hwrng': Permission denied"
	This patch fixes the issue

2014-01-27  Michal Privoznik  <mprivozn@redhat.com>

	tests: Introduce virnetdevbandwidthtest
	The only API tested so far would be virNetDevBandwidthMinimal.
	But there's more to come!

	networkAllocateActualDevice: Set QoS for bridgeless networks too
	https://bugzilla.redhat.com/show_bug.cgi?id=1055484
	Currently, libvirt's XML schema of network allows QoS to be defined for
	every network even though it has no bridge. For instance:
	<network>
	    <name>vdsm-no-bridge</name>
	    <forward mode='passthrough'>
	      <interface dev='em1.10'/>
	    </forward>
	    <bandwidth>
	        <inbound average='1000' peak='5000' burst='1024'/>
	        <outbound average='1000' burst='1024'/>
	    </bandwidth>
	</network>
	The bandwidth limitations can be, however, applied even on such
	networks. In fact, they are going to be applied on the interface that
	will be connected to the network on a domain startup. This approach,
	however, has one limitation. With bridged networks, there are two points
	where QoS can be set: bridge and domain interface. The lower limit of
	the two is enforced then. For instance, if the interface has 10Mbps
	average, but the network only 1Mbps, there's no way for interface to
	transmit packets faster than the 1Mbps limit. With two points this is
	enforced by kernel.  With only one point, we must combine both QoS
	settings into one which is set afterwards. Look at
	virNetDevBandwidthMinimal() and you'll understand immediately what I
	mean.

2014-01-27  Ján Tomko  <jtomko@redhat.com>

	Add test for linuxNodeGetCPUStats
	Check if cpu stats are read correctly from a sample
	/proc/stat collected from a 24 CPU machine.

	Move test-local declarations to nodeinfopriv.h
	linuxNodeInfoCPUPopulate is only used in the nodeinfo.c file
	and in the test suite.

2014-01-27  Dan Kenigsberg  <danken@redhat.com>

	docs: add a permalink to html headers
	Quite often, I need to cite URLs like
	    http://libvirt.org/formatnetwork.html#elementQoS
	but it is annoying to copy them from the table of contents or the html
	source.
	This patch borrows from the Python documentation in order to make it
	easier to cite headers on libvirt's oneline documentation.

2014-01-26  Oleg Strikov  <oleg.strikov@canonical.com>

	qemu: Enable 'host-passthrough' cpu mode for aarch64
	This patch allows libvirt user to specify 'host-passthrough'
	cpu mode while using qemu/kvm backend on aarch64.
	It uses 'host' as a CPU model name instead of some other stub
	(correct CPU detection is not implemented yet) to allow libvirt
	user to specify 'host-model' cpu mode as well.
	(crobinso: fix some indentation)

2014-01-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Fix PCI test data filenames for Windows
	Windows doesn't allow : in filenames.
	Commit 21685c955e546676a5b2a01f7b788d222e0ee0f5 added files with a : in
	their names. This broke git operations on Windows as git is not able to
	create those files on clone or pull.
	Replace : with - in the offending filenames and adapt the test case.

2014-01-25  John Ferlan  <jferlan@redhat.com>

	Block info query: Add check for transient domain
	Currently the qemuDomainGetBlockInfo will return allocation == physical
	for most backing stores. For a qcow2 block backed device it's possible
	to return the highest lv extent allocated from qemu for an active guest.
	That is a value where allocation != physical and one would hope be less.
	However, if the guest is not running, then the code falls back to returning
	allocation == physical. This turns out to be problematic for rhev which
	monitors the size of the backing store. During a migration, before the
	VM has been started on the target and while it is deemed inactive on the
	source, there's a small window of time where the allocation is returned
	as physical triggering the code to extend the file unnecessarily.
	Since rhev uses transient domains and this is edge condition for a transient
	domain, rather than returning good status and allocation == physical when
	this "window of opportunity" exists, this patch will check for a transient
	(or non persistent) domain and return a failure to the caller rather than
	returning the defaults. For a persistent domain, the defaults will be
	returned. The description for the virDomainGetBlockInfo has been updated
	to describe the phenomena.

2014-01-24  Jiri Denemark  <jdenemar@redhat.com>

	wireshark: Fix VPATH build
	config-post.h included indirectly from packet-libvirt.c stays in
	$(top_srcdir) rather than $(top_builddir) which is added automatically.

2014-01-24  Gao feng  <gaofeng@cn.fujitsu.com>

	qemu: remove memset params array to zero in qemuDomainGetPercpuStats
	the array params is allocated by VIR_ALLOC_N in
	remoteDispatchDomainGetCPUStats. it had been set
	to zero. No need to reset it to zero again, and
	this reset here is incorrect too, nparams * ncpus
	is the array length not the size of params array.

2014-01-24  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib, for mingw improvements
	On Fedora 20, mingw-headers has switched over to winpthreads as
	the provider for its <pthread.h>.  winpthreads is notorious for
	providing a less-than-stellar header, and needs several workarounds
	before it can be used in a project assuming POSIX semantics.  While
	we still use Windows primitives rather than pthread when compiling
	for mingw, this update will make it possible to switch to mingw
	pthreads.
	* .gnulib: Update to latest, for mingw fixes.

2014-01-23  Osier Yang  <jyang@redhat.com>

	storage: Fix the memory leak
	The return value of virGetFCHostNameByWWN is a strdup'ed string.
	Also add comments to declare that the caller should take care of
	freeing it.

	util: Fix the indention
	Left in the git cache without commit before pushing. Pushed under
	build breaker and trivial rule.

	util: Add "shareable" field for virSCSIDevice struct
	Unlike the host devices of other types, SCSI host device XML supports
	"shareable" tag. This patch introduces it for the virSCSIDevice struct
	for a later patch use (to detect if the SCSI device is shareable when
	preparing the SCSI host device in QEMU driver).

	storage: Fix autostart of pool with "fc_host" type adapter
	The "checkPool" is a bit different for pool with "fc_host"
	type source adapter, since the vHBA it's based on might be
	not created yet (it's created by "startPool", which is
	involked after "checkPool" in storageDriverAutostart). So it
	should not fail, otherwise the "autostart" of the pool will
	fail either.
	The problem is easy to reproduce:
	    * Enable "autostart" for the pool
	    * Restart libvirtd service
	    * Check the pool's state

2014-01-23  Bing Bu Cao  <mars@linux.vnet.ibm.com>

	Fix buffer size in linuxNodeGetCPUstats
	94f8205 added a space to the string but didn't change the buffer size.

2014-01-23  Osier Yang  <jyang@redhat.com>

	storage: Add document for possible problem on volume detection
	For pool which relies on remote resources, such as a "iscsi" type
	pool, since how long it takes to export the corresponding devices
	to host's sysfs is really depended, it could depend on the network
	connection, it also could depend on the host's udev procedures. So
	it's likely that the volumes are not able to be detected during pool
	starting process, polling the sysfs doesn't work, since we don't
	know how much time is best for the polling, and even worse, the
	volumes could still be not detected or partly not detected even after
	the polling.  So we end up with a documentation to prompt the fact,
	in virsh manual.
	And as a small improvement, let's explicitly say no LUNs found in
	the debug log in that case.

	util: Correct the NUMA node range checking
	There are 2 issues here: First we shouldn't add "1" to the return
	value of numa_max_node(), since the semanteme of the error message
	was changed, it's not saying about the number of total NUMA nodes
	anymore.  Second, the value of "bit" is the position of the first
	bit which exceeds either numa_max_node() or NUMA_NUM_NODES, it can
	be any number in the range, so saying "bigger than $bit" is quite
	confused now. For example, assuming there is a NUMA machine which
	has 10 NUMA nodes, and one specifies the "nodeset" as "0,5,88",
	the error message will be like:
	Nodeset is out of range, host cannot support NUMA node bigger than 88
	It sounds like all NUMA node number less than 88 is fine, but
	actually the maximum NUMA node number the machine supports is 9.
	This patch fixes the issues by removing the addition with "1" and
	simplifies the error message as "NUMA node $bit is out of range".
	Also simplifies the comparision in the while loop by getting the
	smaller one of numa_max_node() and NUMA_NUM_NODES up front.

2014-01-23  Eric Blake  <eblake@redhat.com>

	api: require write permission for guest agent interaction
	I noticed that we allow virDomainGetVcpusFlags even for read-only
	connections, but that with a flag, it can require guest agent
	interaction.  It is feasible that a malicious guest could
	intentionally abuse the replies it sends over the guest agent
	connection to possibly trigger a bug in libvirt's JSON parser,
	or withhold an answer so as to prevent the use of the agent
	in a later command such as a shutdown request.  Although we
	don't know of any such exploits now (and therefore don't mind
	posting this patch publicly without trying to get a CVE assigned),
	it is better to err on the side of caution and explicitly require
	full access to any domain where the API requires guest interaction
	to operate correctly.
	I audited all commands that are marked as conditionally using a
	guest agent.  Note that at least virDomainFSTrim is documented
	as needing a guest agent, but that such use is unconditional
	depending on the hypervisor (so the existing domain:fs_trim ACL
	should be sufficient there, rather than also requirng domain:write).
	But when designing future APIs, such as the plans for obtaining
	a domain's IP addresses, we should copy the approach of this patch
	in making interaction with the guest be specified via a flag, and
	use that flag to also require stricter access checks.
	* src/libvirt.c (virDomainGetVcpusFlags): Forbid guest interaction
	on read-only connection.
	(virDomainShutdownFlags, virDomainReboot): Improve docs on agent
	interaction.
	* src/remote/remote_protocol.x
	(REMOTE_PROC_DOMAIN_SNAPSHOT_CREATE_XML)
	(REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS)
	(REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS, REMOTE_PROC_DOMAIN_REBOOT)
	(REMOTE_PROC_DOMAIN_SHUTDOWN_FLAGS): Require domain:write for any
	conditional use of a guest agent.
	* src/xen/xen_driver.c: Fix clients.
	* src/libxl/libxl_driver.c: Likewise.
	* src/uml/uml_driver.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/lxc/lxc_driver.c: Likewise.

2014-01-23  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vbox: add support for v4.2.20+ and v4.3.4+
	Bugs have been found in the VirtualBox API C bindings. These bugs have
	been fixed in versions 4.2.20 and 4.3.4. However, the changes in the
	C bindings are incompatible with the vbox_CAPI_v4_2.h and vbox_CAPI_v4_3.h
	files which are bundled in libvirt source code.
	This is why the following patch adds vbox_CAPI_v4_2_20.h and
	vbox_CAPI_v4_3_4.h.
	The actual underlying problem here is that until now,
	libvirt assumed that VirtualBox API can only change between minor
	versions (4.2 -> 4.3), but we have a case here where it changed
	(or got fixed) between patch versions (4.2.18 -> 4.2.20).
	This patch makes the VBOX_API_VERSION represent the full API
	version number (i.e 4002 => 4002000) so there are specific version
	numbers for Vbox 4.2.20 (4002020) and 4.3.4 (4003004)

2014-01-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: Avoid crash in qemuDiskGetActualType
	Libvirtd would crash if a domain contained an empty cdrom drive of
	type='volume' as the disk def->srcpool member would be dereferenced. Fix
	it by checking if the source pool is present before dereferencing it.
	Also alter tests to catch this issue in the future.
	Reported by: Kevin Shanahan
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1056328

2014-01-22  Osier Yang  <jyang@redhat.com>

	Doc: Add "note" for node-memory-tune
	To let the user know the command onlys work for KSM under Linux.

	Doc: Improve the document for nodesuspend
	Explicitly lists the possible values for "--target" option;
	Gets rid of the confused strings like "Suspend-to-RAM";
	Emphasises the node *has to* be suspended in the time duration
	specified by "--duration". And rewords the entire document a
	bit according to the API's implementation and document.

2014-01-22  Michael Chapman  <mike@very.puzzling.org>

	virtlockd: make re-exec more robust
	- Use $XDG_RUNTIME_DIR for re-exec state file when running unprivileged.
	- argv[0] may not contain a full path to the binary, however it should
	  contain something that can be looked up in the PATH. Use execvp() to
	  do path lookup on re-exec.
	- As per list discussion [1], ignore --daemon on re-exec.
	[1] https://www.redhat.com/archives/libvir-list/2013-December/msg00514.html

2014-01-22  Claudio Bley  <cbley@av-test.de>

	docs: refer to the correct event ID for DomainEventIOErrorReasonCallback
	s/_ID_IO_ERROR/_ID_IO_ERROR_REASON/

2014-01-22  Osier Yang  <jyang@redhat.com>

	virsh: Fix the string breaking style

2014-01-22  Bing Bu Cao  <mars@linux.vnet.ibm.com>

	linuxNodeGetCPUStats: Correctly handle cpu prefix
	To retrieve node cpu statistics on Linux system, the
	linuxNodeGetCPUstats function simply uses STRPREFIX() to match the cpuid
	with the one read from /proc/stat. However, as the file is read line by
	line it may happen, that some CPUs share the same prefix. So if user
	requested stats for the first CPU, which is offline, then there's no
	cpu1 in the stats file so the one that we match is cpu10. Which is
	obviously wrong. Fortunately, the IDs are terminated by a space, so we
	can utilize that.

2014-01-22  Daniel P. Berrange  <berrange@redhat.com>

	Honour prefix in wireshark install dir
	Trying to run
	  $ ./configure --prefix=$HOME/usr/libvirt-git
	  $ make install
	results in libvirt trying to install in /usr/lib/wireshark/plugins/....
	with predictable amounts of fail. The configure script should not be
	hardcoding /usr/lib by default but rather honour $libdir

2014-01-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Forbid snapshots when backing is a scsi passthrough disk
	https://bugzilla.redhat.com/show_bug.cgi?id=1034993
	SCSI passthrough disks (<disk .. device="lun">) can't be used as backing
	for snapshots. Currently with upstream qemu the vm crashes on such
	attempt.
	This patch adds a early check to catch an attempt to do such a snapshot
	and rejects it right away. qemu will fix the issue but this will let us
	control the error message.

2014-01-21  Laine Stump  <laine@laine.org>

	build: add $(prefix) to SYSTEMD_UNIT_DIR
	I noticed this problem when adding systemd support to netcf, because I
	setup the configure.ac to automatically prefer using systemd over
	initscripts when possible - although I had copied the
	install-data-local target from the example of libvirt's
	"libvirt-guests" service more or less verbatim, "make distcheck" would
	fail because it was trying to install the service file directly into
	/lib/systemd/system rather than into
	/home/user/some/unimportant/name/lib/systemd/system.
	This is caused by the install/uninstall rules for the systemd unit
	files relying on $(DESTDIR) pointing the installed files to the right
	place, but in reality $(DESTDIR) is empty during this part of make
	distcheck - it instead sets $(prefix) with the toplevel directory used
	for its test build/install/uninstall cycle.
	(This problem hasn't been seen when running "make distcheck" in
	libvirt because libvirt will never build/install systemd support
	unless explicitly told to do so on the configure commandline, and
	"make distcheck" doesn't put the "--with-initscript=..." option on the
	configure commandline.)
	I verified that the same problem does exist in libvirt by modifying
	libvirt's configure.ac to set:
	  init_systemd=yes
	  with_init_script=systemd+redhat
	This forces a build/install of the systemd unit files during
	distcheck, which yields an error like this:
	/usr/bin/install -c -m 644 virtlockd.service \
	  /lib/systemd/system/
	libtool: install: warning: relinking `libvirt-qemu.la'
	/usr/bin/install: cannot remove '/lib/systemd/system/virtlockd.service': Permission denied
	make[4]: *** [install-systemd] Error 1
	After adding $(prefix) to all the definitions of SYSTEMD_UNIT_DIR,
	make distcheck now completes successfully with the modified
	configure.ac, and the above lines change to something like this:
	/usr/bin/install -c -m 644 virtlockd.service \
	  /home/laine/devel/libvirt/libvirt-1.2.1/_inst/lib/systemd/system/

2014-01-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Avoid libvirtd crash when qemu crashes while snapshotting
	We shouldn't access the domain definition while we are in the monitor
	section as the domain is unlocked. Additionally after we exit from the
	monitor we need to check if the VM is still alive. Not doing so resulted
	in a crash if qemu exits while attempting to do an external VM snapshot.

2014-01-21  Francesco Romani  <fromani@redhat.com>

	spice: expose the QEMU disable file transfer option
	spice-server offers an API to disable file transfer messages
	on the agent channel between the client and the guest.
	This is supported in qemu through the disable-agent-file-xfer option.
	This patch exposes this option to libvirt.
	Adds a new element 'filetransfer', with one property,
	'enable', which accepts a boolean.
	Default is enabled, for backward compatibility.
	Depends on the capability exported in the first patch of the series.

	spice: detect if qemu can disable file transfer
	spice-server offers an API to disable file transfer messages
	on the agent channel between the client and the guest.
	This is supported in qemu through the disable-agent-file-xfer option.
	This patch detects if QEMU supports this option, and add
	a capability if does.

2014-01-21  Martin Kletzander  <mkletzan@redhat.com>

	lxc: Fix coverity
	Commit 399394ab74ebf3f6e60771044fda0ee69a2acf67 removed some coverity
	comments which skipped the dead code, so add them back.

2014-01-21  Gao feng  <gaofeng@cn.fujitsu.com>

	lxc: allow to setup throttle blkio cgroup through virsh
	With this patch,user can set throttle blkio cgroup for
	lxc domain through virsh tool.

2014-01-21  Wout Mertens  <wout.mertens@gmail.com>

	Add test for transient disk support in VMX files
	--001a11c3e84c4130bc04f03cda95
	Content-Type: text/plain; charset=ISO-8859-1
	From: Wout Mertens <Wout.Mertens@gmail.com>
	Adds test for transient disk translation in vmx files

2014-01-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Use AC_PATH_PROG to search for dmidecode
	This is useful in certain circumstances, for example when
	libvirtd is being executed by FreeBSD rc script, it cannot find
	dmidecode installed from FreeBSD ports because it doesn't have
	/usr/local (default prefix for ports) in PATH.

2014-01-21  Yuto KAWAMURA(kawamuray)  <kawamuray.dadada@gmail.com>

	Add sample output of Wireshark dissector
	Add directory tools/wireshark/samples/ and
	libvirt-sample.pdml which is sample output of dissector.

	Introduce Libvirt Wireshark dissector
	Introduce Wireshark dissector plugin which adds support to Wireshark
	for dissecting libvirt RPC protocol.
	Added following files to build Wireshark dissector from libvirt source
	tree.
	* tools/wireshark/*: Source tree of Wireshark dissector plugin.
	Added followings to configure.ac or Makefile.am.
	configure.ac
	* --with-wireshark-dissector: Enable support for building Wireshark
	  dissector.
	* --with-ws-plugindir: Specify wireshark plugin directory that dissector
	  will installed.
	* Added tools/wireshark/{Makefile,src/Makefile} to  AC_CONFIG_FILES.
	Makefile.am
	* Added tools/wireshark/ to SUBDIR.

2014-01-20  Thorsten Behrens  <tbehrens@suse.com>

	Make syntax check notice assignments w/o surrounding spaces.

	maint: align whitespaces with project conventions.

2014-01-20  Jiri Denemark  <jdenemar@redhat.com>

	virpcitest: Test virPCIDeviceDetach failure

	virpcimock: Add PCI driver which always fails
	Such driver can be used to make sure PCI APIs fail properly.

	virpcitest: More tests for device detach and reattach
	Especially for devices that are not bound to any driver.

	virpcimock: Mock /sys/bus/pci/drivers_probe
	This file is used by PCI detach and reattach APIs to probe for a driver
	that handles a specific device.

	pci: Publish some internal code for virpcitest

	virpcitest: Show PCI device tested by each test
	For example:
	 ...
	 5) testVirPCIDeviceIsAssignable(0005:90:01.0)      ... OK
	 6) testVirPCIDeviceIsAssignable(0001:01:00.0)      ... OK

2014-01-20  Jincheng Miao  <jmiao@redhat.com>

	qemu: Don't detach devices if passthrough doesn't work
	https://bugzilla.redhat.com/show_bug.cgi?id=1046919
	If none (KVM, VFIO) of the supported PCI passthrough methods is known to
	work on a host, it's better to fail right away with a nice error message
	rather than letting attachment fail with a more cryptic message such as
	    Failed to bind PCI device '0000:07:05.0' to vfio-pci: No such device

2014-01-20  Jiri Denemark  <jdenemar@redhat.com>

	pci: Fix failure paths in detach
	https://bugzilla.redhat.com/show_bug.cgi?id=1046919
	Since commit v0.9.0-47-g4e8969e (released in 0.9.1) some failures during
	device detach were reported to callers of virPCIDeviceBindToStub as
	success. For example, even though a device seemed to be detached
	    virsh # nodedev-detach pci_0000_07_05_0 --driver vfio
	    Device pci_0000_07_05_0 detached
	one could find similar message in libvirt logs:
	    Failed to bind PCI device '0000:07:05.0' to vfio-pci: No such device
	This patch fixes these paths and also avoids overwriting real errors
	with errors encountered during a cleanup phase.

	pci: Make reattach work for unbound devices
	https://bugzilla.redhat.com/show_bug.cgi?id=1046919
	When a PCI device is not bound to any driver, reattach should just
	trigger driver probe rather than failing with
	    Invalid device 0000:00:19.0 driver file
	    /sys/bus/pci/devices/0000:00:19.0/driver is not a symlink
	While virPCIDeviceGetDriverPathAndName was documented to return success
	and NULL driver and path when a device is not attached to any driver but
	didn't do so. Thus callers could not distinguish unbound devices from
	failures.

2014-01-20  Gao feng  <gaofeng@cn.fujitsu.com>

	qemu: allow to setup throttle blkio cgroup through virsh
	With this patch, user can setup throttle blkio cgroup
	through virsh for qemu domain.

	virsh: add setting throttle blkio cgroup option to blkiotune
	With this patch, user can setup the throttle blkio cgorup
	for domain through the virsh cmd, such as:
	virsh blkiotune domain1 --device-read-bytes-sec /dev/sda1,1000000,/dev/sda2,2000000
	--device-write-bytes-sec /dev/sda1,1000000 --device-read-iops-sec /dev/sda1,10000
	--device-write-iops-sec /dev/sda1,10000,/dev/sda2,0
	This patch also add manpage for these new options.

	blkio: Setting throttle blkio cgroup for domain
	This patch introduces virCgroupSetBlkioDeviceReadIops,
	virCgroupSetBlkioDeviceWriteIops,
	virCgroupSetBlkioDeviceReadBps and
	virCgroupSetBlkioDeviceWriteBps,
	we can use these interfaces to set up throttle
	blkio cgroup for domain.
	This patch also adds the new throttle blkio cgroup
	elements to the test xml.

	domain: introduce xml elements for throttle blkio cgroup
	This patch introduces new xml elements under <blkiotune>,
	we use these new elements to setup the throttle blkio
	cgroup for domain. The new blkiotune node looks like this:
	<blkiotune>
	  <device>
	    <path>/path/to/block</path>
	    <weight>1000</weight>
	    <read_iops_sec>10000</read_iops_sec>
	    <write_iops_sec>10000</write_iops_sec>
	    <read_bytes_sec>1000000</read_bytes_sec>
	    <write_bytes_sec>1000000</write_bytes_sec>
	  </device>
	</blkiotune>

2014-01-18  Christophe Fergeau  <cfergeau@redhat.com>

	doc: Add missing space in <clock> documentation

2014-01-17  Michal Privoznik  <mprivozn@redhat.com>

	virSecuritySELinuxSetFileconHelper: Don't fail on read-only NFS
	https://bugzilla.redhat.com/show_bug.cgi?id=996543
	When starting up a domain, the SELinux labeling is done depending on
	current configuration. If the labeling fails we check for possible
	causes, as not all labeling failures are fatal. For example, if the
	labeled file is on NFS which lacks SELinux support, the file can still
	be readable to qemu process. These cases are distinguished by the errno
	code: NFS without SELinux support returns EOPNOTSUPP. However, we were
	missing one scenario. In case there's a read-only disk on a read-only
	NFS (and possibly any FS) and the labeling is just optional (not
	explicitly requested in the XML) there's no need to make the labeling
	error fatal. In other words, read-only file on read-only NFS can fail to
	be labeled, but be readable at the same time.

2014-01-17  Eric Blake  <eblake@redhat.com>

	maint: replace remaining virLib*Error with better names
	Finish the cleanup of libvirt.c; all uses of virLib*Error have
	now been converted to more canonical conventions.
	* src/libvirt.c: Use virReportError in remaining errors.
	(virLibConnError, virLibDomainError): Delete unused macros.
	* cfg.mk (msg_gen_function): Drop unused names.

	maint: simplify driver registration at startup
	We had a lot of repetition of errors that would occur if we
	ever register too many drivers; this is unlikely to occur
	unless we start adding a lot of new hypervisor modules, but
	if it does occur, it's better to have uniform handling of the
	situation, so that a one-line change is all that would be
	needed if we decide that an internal error is not the best.
	* src/libvirt.c (virDriverCheckTabMaxReturn): New define.
	(virRegister*Driver): Use it for less code duplication.

	maint: clean up error reporting in migration
	The choice of error message and category was not consistent
	in the migration code; furthermore, the use of virLibConnError
	is no longer necessary now that we have a generic virReportError.
	* src/qemu/qemu_migration.c (virDomainMigrate*): Prefer
	virReportError over virLibConnError.

	maint: don't lose error on canceled migration
	While auditing the error reporting, I noticed that migration
	had some issues.  Some of the static helper functions tried
	to call virDispatchError(), even though their caller will also
	report the error.  Also, if a migration is cancelled early
	because a uri was not set, we did not guarantee that the finish
	stage would not overwrite the first error message.
	* src/qemu/qemu_migration.c (doPeer2PeerMigrate2)
	(doPeer2PeerMigrate3): Preserve first error when cancelling.
	* src/libvirt.c (virDomainMigrateVersion3Full): Likewise.
	(virDomainMigrateVersion1, virDomainMigrateVersion2)
	(virDomainMigrateDirect): Avoid redundant error dispatch.
	(virDomainMigrateFinish2, virDomainMigrateFinish3)
	(virDomainMigrateFinish3Params): Don't report error on cleanup
	path.

	maint: avoid nested use of virConnect{Ref,Close}
	The public virConnectRef and virConnectClose API are just thin
	wrappers around virObjectRef/virObjectRef, with added object
	validation and an error reset.  Within our backend drivers, use
	of the object validation is just an inefficiency since we always
	pass valid objects.  More important to think about is what
	happens with the error reset; our uses of virConnectRef happened
	to be safe (since we hadn't encountered any earlier errors), but
	in several cases the use of virConnectClose could lose a real
	error.
	Ideally, we should also avoid calling virConnectOpen() from
	within backend drivers - but that is a known situation that
	needs much more design work.
	* src/qemu/qemu_process.c (qemuProcessReconnectHelper)
	(qemuProcessReconnect): Avoid nested public API call.
	* src/qemu/qemu_driver.c (qemuAutostartDomains)
	(qemuStateInitialize, qemuStateStop): Likewise.
	* src/qemu/qemu_migration.c (doPeer2PeerMigrate): Likewise.
	* src/storage/storage_driver.c (storageDriverAutostart):
	Likewise.
	* src/uml/uml_driver.c (umlAutostartConfigs): Likewise.
	* src/lxc/lxc_process.c (virLXCProcessAutostartAll): Likewise.
	(virLXCProcessReboot): Likewise, and avoid leaking conn on error.

	maint: don't leave garbage on early API exit
	Several APIs clear out a user input buffer before attempting to
	populate it; but in a few cases we missed this memset if we
	detect a reason for an early exit.  Note that these APIs
	check for non-NULL arguments, and exit early with an error
	message when NULL is passed in; which means that we must be
	careful to avoid a NULL deref in order to get to that error
	message.  Also, we were inconsistent on the use of
	sizeof(virType) vs. sizeof(expression); the latter is more
	robust if we ever change the type of the expression (although
	such action is unlikely since these types are part of our
	public API).
	* src/libvirt.c (virDomainGetInfo, virDomainGetBlockInfo)
	(virStoragePoolGetInfo, virStorageVolGetInfo)
	(virDomainGetJobInfo, virDomainGetBlockJobInfo): Move memset
	before any returns.

2014-01-17  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Change the default unix monitor timeout
	There is a number of reported issues when we fail starting a domain.
	Turns out that, in some scenarios like high load, 3 second timeout is
	not enough for qemu to start up to the phase where the socket is
	created.  Since there is no downside of waiting longer, raise the
	timeout right to 30 seconds.

2014-01-16  Pavel Hrdina  <phrdina@redhat.com>

	Add Pavel Hrdina to the committers list

	Fix possible memory leak in virsh-domain-monitor.c in cmdDomblklist
	In a "for" loop there are created two new strings and they may not
	be freed if a "target" string cannot be obtained. We have to free
	the two created strings to prevent the memory leak.
	This has been found by coverity.
	John also pointed out that we should somehow care about the "type"
	and "device" and Osier agreed to exit with error message if one of
	them is set to NULL.

2014-01-16  Peter Krempa  <pkrempa@redhat.com>

	storage: Introduce internal pool support
	To allow using the storage driver APIs to do operation on generic domain
	disks we will need to introduce internal storage pools that will give is
	a base to support this stuff even on files that weren't originally
	defined as a part of the pool.
	This patch introduces the 'internal' flag for a storage pool that will
	prevent it from being listed along with the user defined storage pools.

	storage: Sheepdog: Separate creating of the volume from building
	Separate the steps to create libvirt's volume metadata from the actual
	volume building process.

	storage: RBD: Separate creating of the volume from building
	Separate the steps to create libvirt's volume metadata from the actual
	volume building process.

	storage: disk: Separate creating of the volume from building
	Separate the steps to create libvirt's volume metadata from the actual
	volume building process.

	storage: lvm: Separate creating of the volume from building
	Separate the steps to create libvirt's volume metadata from the actual
	volume building process. This is already done for regular file based
	pools to allow job support for storage APIs.

	storage: Support deletion of volumes on gluster pools
	Implement the "deleteVol" storage backend function for gluster volumes.

2014-01-16  Christophe Fergeau  <cfergeau@redhat.com>

	conf: Always use VIR_ERR_CONFIG_UNSUPPORTED on enumFromString() failures
	Currently, during XML parsing, when a call to a FromString() function to
	get an enum value fails, the error which is reported is either
	VIR_ERR_CONFIG_UNSUPPORTED, VIR_ERR_INTERNAL_ERROR or VIR_ERR_XML_ERROR.
	This commit makes such conversion failures consistently return
	VIR_ERR_CONFIG_UNSUPPORTED.

	Bump version to 1.2.2 for new dev cycle

2014-01-16  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.1
	* docs/news.html.in libvirt.spec.in: updated for the release
	* po/*.po*: updated localization from transifex and regenerated

2014-01-16  Eric Blake  <eblake@redhat.com>

	event: filter global events by domain:getattr ACL [CVE-2014-0028]
	Ever since ACL filtering was added in commit 7639736 (v1.1.1), a
	user could still use event registration to obtain access to a
	domain that they could not normally access via virDomainLookup*
	or virConnectListAllDomains and friends.  We already have the
	framework in the RPC generator for creating the filter, and
	previous cleanup patches got us to the point that we can now
	wire the filter through the entire object event stack.
	Furthermore, whether or not domain:getattr is honored, use of
	global events is a form of obtaining a list of networks, which
	is covered by connect:search_domains added in a93cd08 (v1.1.0).
	Ideally, we'd have a way to enforce connect:search_domains when
	doing global registrations while omitting that check on a
	per-domain registration.  But this patch just unconditionally
	requires connect:search_domains, even when no list could be
	obtained, based on the following observations:
	1. Administrators are unlikely to grant domain:getattr for one
	or all domains while still denying connect:search_domains - a
	user that is able to manage domains will want to be able to
	manage them efficiently, but efficient management includes being
	able to list the domains they can access.  The idea of denying
	connect:search_domains while still granting access to individual
	domains is therefore not adding any real security, but just
	serves as a layer of obscurity to annoy the end user.
	2. In the current implementation, domain events are filtered
	on the client; the server has no idea if a domain filter was
	requested, and must therefore assume that all domain event
	requests are global.  Even if we fix the RPC protocol to
	allow for server-side filtering for newer client/server combos,
	making the connect:serach_domains ACL check conditional on
	whether the domain argument was NULL won't benefit older clients.
	Therefore, we choose to document that connect:search_domains
	is a pre-requisite to any domain event management.
	Network events need the same treatment, with the obvious
	change of using connect:search_networks and network:getattr.
	* src/access/viraccessperm.h
	(VIR_ACCESS_PERM_CONNECT_SEARCH_DOMAINS)
	(VIR_ACCESS_PERM_CONNECT_SEARCH_NETWORKS): Document additional
	effect of the permission.
	* src/conf/domain_event.h (virDomainEventStateRegister)
	(virDomainEventStateRegisterID): Add new parameter.
	* src/conf/network_event.h (virNetworkEventStateRegisterID):
	Likewise.
	* src/conf/object_event_private.h (virObjectEventStateRegisterID):
	Likewise.
	* src/conf/object_event.c (_virObjectEventCallback): Track a filter.
	(virObjectEventDispatchMatchCallback): Use filter.
	(virObjectEventCallbackListAddID): Register filter.
	* src/conf/domain_event.c (virDomainEventFilter): New function.
	(virDomainEventStateRegister, virDomainEventStateRegisterID):
	Adjust callers.
	* src/conf/network_event.c (virNetworkEventFilter): New function.
	(virNetworkEventStateRegisterID): Adjust caller.
	* src/remote/remote_protocol.x
	(REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER)
	(REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY)
	(REMOTE_PROC_CONNECT_NETWORK_EVENT_REGISTER_ANY): Generate a
	filter, and require connect:search_domains instead of weaker
	connect:read.
	* src/test/test_driver.c (testConnectDomainEventRegister)
	(testConnectDomainEventRegisterAny)
	(testConnectNetworkEventRegisterAny): Update callers.
	* src/remote/remote_driver.c (remoteConnectDomainEventRegister)
	(remoteConnectDomainEventRegisterAny): Likewise.
	* src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister)
	(xenUnifiedConnectDomainEventRegisterAny): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc): Likewise.
	* src/libxl/libxl_driver.c (libxlConnectDomainEventRegister)
	(libxlConnectDomainEventRegisterAny): Likewise.
	* src/qemu/qemu_driver.c (qemuConnectDomainEventRegister)
	(qemuConnectDomainEventRegisterAny): Likewise.
	* src/uml/uml_driver.c (umlConnectDomainEventRegister)
	(umlConnectDomainEventRegisterAny): Likewise.
	* src/network/bridge_driver.c
	(networkConnectNetworkEventRegisterAny): Likewise.
	* src/lxc/lxc_driver.c (lxcConnectDomainEventRegister)
	(lxcConnectDomainEventRegisterAny): Likewise.

	event: wire up RPC for server-side network event filtering
	We haven't had a release with network events yet, so we are free
	to fix the RPC so that it actually does what we want.  Doing
	client-side filtering of per-network events is inefficient if a
	connection is only interested in events on a single network out
	of hundreds available on the server.  But to do server-side
	per-network filtering, the server needs to know which network
	to filter on - so we need to pass an optional network over on
	registration.  Furthermore, it is possible to have a client with
	both a global and per-network filter; in the existing code, the
	server sends only one event and the client replicates to both
	callbacks.  But with server-side filtering, the server will send
	the event twice, so we need a way for the client to know which
	callbackID is sending an event, to ensure that the client can
	filter out events from a registration that does not match the
	callbackID from the server.  Likewise, the existing style of
	deregistering by eventID alone is fine; but in the new style,
	we have to remember which callbackID to delete.
	This patch fixes the RPC wire definition to contain all the
	needed pieces of information, and hooks into the server and
	client side improvements of the previous patches, in order to
	switch over to full server-side filtering of network events.
	Also, since we fixed this in time, all released versions of
	libvirtd that support network events also support per-network
	filtering, so we can hard-code that assumption into
	network_event.c.
	Converting domain events to server-side filtering will require
	the introduction of new RPC numbers, as well as a server
	feature bit that the client can use to tell whether to use
	old-style (server only supports global events) or new-style
	(server supports filtered events), so that is deferred to a
	later set of patches.
	* src/conf/network_event.c (virNetworkEventStateRegisterClient):
	Assume server-side filtering.
	* src/remote/remote_protocol.x
	(remote_connect_network_event_register_any_args): Add network
	argument.
	(remote_connect_network_event_register_any_ret): Return callbackID
	instead of count.
	(remote_connect_network_event_deregister_any_args): Pass
	callbackID instead of eventID.
	(remote_connect_network_event_deregister_any_ret): Drop unused
	type.
	(remote_network_event_lifecycle_msg): Add callbackID.
	* daemon/remote.c
	(remoteDispatchConnectNetworkEventDeregisterAny): Drop unused arg,
	and deal with callbackID from client.
	(remoteRelayNetworkEventLifecycle): Pass callbackID.
	(remoteDispatchConnectNetworkEventRegisterAny): Likewise, and
	recognize non-NULL network.
	* src/remote/remote_driver.c
	(remoteConnectNetworkEventRegisterAny): Pass network, and track
	server side id.
	(remoteConnectNetworkEventDeregisterAny): Deregister by callback id.
	(remoteNetworkBuildEventLifecycle): Pass remote id to event queue.
	* src/remote_protocol-structs: Regenerate.

	event: add notion of remoteID for filtering client network events
	In order to mirror a server with per-object filtering, the client
	needs to track which server callbackID is servicing the client
	callback.  This patch introduces the notion of a serverID, as
	well as the plumbing to use it for network events, although the
	actual complexity of using per-object filtering in the remote
	driver is deferred to a later patch.
	* src/conf/object_event.h (virObjectEventStateEventID): Add parameter.
	(virObjectEventStateQueueRemote, virObjectEventStateSetRemote):
	New prototypes.
	(virObjectEventStateRegisterID): Move...
	* src/conf/object_event_private.h: ...here, and add parameter.
	(_virObjectEvent): Add field.
	* src/conf/network_event.h (virNetworkEventStateRegisterClient): New
	prototype.
	* src/conf/object_event.c (_virObjectEventCallback): Add field.
	(virObjectEventStateSetRemote): New function.
	(virObjectEventStateQueue): Make wrapper around...
	(virObjectEventStateQueueRemote): New function.
	(virObjectEventCallbackListCount): Tweak return count when remote
	id matching is used.
	(virObjectEventCallbackLookup, virObjectEventStateRegisterID):
	Tweak registration when remote id matching will be used.
	(virObjectEventNew): Default to no remote id.
	(virObjectEventCallbackListAddID): Likewise, but set remote id
	when one is available.
	(virObjectEventCallbackListRemoveID)
	(virObjectEventCallbackListMarkDeleteID): Adjust return value when
	remote id was set.
	(virObjectEventStateEventID): Query existing id.
	(virObjectEventDispatchMatchCallback): Require matching event id.
	(virObjectEventStateCallbackID): Adjust caller.
	* src/conf/network_event.c (virNetworkEventStateRegisterClient): New
	function.
	(virNetworkEventStateRegisterID): Update caller.
	* src/conf/domain_event.c (virDomainEventStateRegister)
	(virDomainEventStateRegisterID): Update callers.
	* src/remote/remote_driver.c
	(remoteConnectNetworkEventRegisterAny)
	(remoteConnectNetworkEventDeregisterAny)
	(remoteConnectDomainEventDeregisterAny): Likewise.
	(remoteEventQueue): Hoist earlier to avoid forward declaration,
	and add parameter.  Adjust all callers.
	* src/libvirt_private.syms (conf/object_event.h): Drop function.

	event: track callbackID on daemon side of RPC
	Right now, the daemon side of RPC events is hard-coded to at most
	one callback per eventID.  But when there are hundreds of domains
	or networks coupled and multiple conections, then sending every
	event to every connection that wants an event, even for the
	connections that only care about events for a particular object,
	is inefficient.  In order to track more than one callback in the
	server, we need to store callbacks by more than just their
	eventID.  This patch rearranges the daemon side to store network
	callbacks in a dynamic array, which can eventually be used for
	multiple callbacks of the same eventID, although actual behavior
	is unchanged without further patches to the RPC protocol.  For
	ease of review, domain events are saved for a later patch, as
	they touch more code.
	While at it, fix a bug where a malicious client could send a
	negative eventID to cause network event registration to access
	outside of array bounds (thankfully not a CVE, since domain
	events were already doing the bounds check, and since network
	events have not been released).
	* daemon/libvirtd.h (daemonClientPrivate): Alter the tracking of
	network events.
	* daemon/remote.c (daemonClientEventCallback): New struct.
	(remoteEventCallbackFree): New function.
	(remoteClientInitHook, remoteRelayNetworkEventLifecycle)
	(remoteClientFreeFunc)
	(remoteDispatchConnectNetworkEventRegisterAny): Track network
	callbacks differently.
	(remoteDispatchConnectNetworkEventDeregisterAny): Enforce bounds.

2014-01-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: Avoid operations on NULL monitor if VM fails early
	https://bugzilla.redhat.com/show_bug.cgi?id=1047659
	If a VM dies very early during an attempted connect to the guest agent
	while the locks are down the domain monitor object will be freed. The
	object is then accessed later as any failure during guest agent startup
	isn't considered fatal.
	In the current upstream version this doesn't lead to a crash as
	virObjectLock called when entering the monitor in
	qemuProcessDetectVcpuPIDs checks the pointer before attempting to
	dereference (lock) it. The NULL pointer is then caught in the monitor
	helper code.
	Before the introduction of virObjectLockable - observed on 0.10.2 - the
	pointer is locked directly via virMutexLock leading to a crash.
	To avoid this problem we need to differentiate between the guest agent
	not being present and the VM quitting when the locks were down. The fix
	reorganizes the code in qemuConnectAgent to add the check and then adds
	special handling to the callers.

2014-01-16  Eric Blake  <eblake@redhat.com>

	tests: be more explicit on qcow2 versions in virstoragetest
	While working on v1.0.5-maint (the branch in use on Fedora 19)
	with the host at Fedora 20, I got a failure in virstoragetest.
	I traced it to the fact that we were using qemu-img to create a
	qcow2 file, but qemu-img changed from creating v2 files by
	default in F19 to creating v3 files in F20.  Rather than leaving
	it up to qemu-img, it is better to write the test to force
	testing of BOTH file formats (better code coverage and all).
	This patch alone does not fix all the failures in v1.0.5-maint;
	for that, we must decide to either teach the older branch to
	understand v3 files, or to reject them outright as unsupported.
	But for upstream, making the test less dependent on changing
	qemu-img defaults is always a good thing.
	* tests/virstoragetest.c (testPrepImages): Simplify creation of
	raw file; check if qemu supports compat and if so use it.

	docs: mention maintenance branches
	Mitre tried to assign us two separate CVEs for the fix for
	https://bugzilla.redhat.com/show_bug.cgi?id=1047577, on the
	grounds that the fixes were separated by more than an hour
	and thus triggered different hourly snapshots.  But we
	explicitly do NOT want to treat transient security bugs as
	CVEs if they can only be triggered by patches in libvirt.git
	but where the problem is cleaned up before a formal release.
	Meanwhile, I noticed that while our wiki mentioned maintenance
	branches and releases, our formal documentation did not.
	* docs/downloads.html.in: Contrast hourly snapshots with
	maintenance branches.

2014-01-16  Claudio Bley  <cbley@av-test.de>

	Fix docs for PMWakeup/PMSuspend callback types
	s/is waken up/is woken up/
	A registered PMSuspendCallback is called when the domain is suspended, not
	when it is woken up.

2014-01-15  Pavel Hrdina  <phrdina@redhat.com>

	Fix coverity complain in commandtest.c
	For a "newfd1" the coverity tools thinks that the fd is closed in
	a "virCommandPassFD", but with "flags == 0" it cannot be closed.
	The code itself is ok, but coverity tool thinks that there is
	"double_close" of the "newfd1" and to prevent showing this error
	we simply add a comment before the proper close.
	This has been found by coverity.

	Fix memory leak in securityselinuxlabeltest.c
	Strings "file" and "context" may not be freed if "VIR_EXPAND_N" fails
	and it leads into memory leak.
	This has been found by coverity.

	Fix possible memory leak in util/virxml.c
	A "xmlstr" string may not be assigned into a "doc" pointer and it
	could cause memory leak. To fix it if the "doc" pointer is NULL and
	the "xmlstr" string is not assigned we should free it.
	This has been found by coverity.

	Fix possible memory leak in phyp_driver.c
	There could be a memory leak caused by "managed_system" string, if any
	error occurs before "managed_system" is assigned into
	"phyp_driver->managed_system". The "managed_system" string wouldn't be
	freed at all. The better way is to free the "managed_system" instead
	of the one assigned in the "phyp_driver".
	This has been found by coverity.
	Pointed out by John, that the "phyp_driver->xmlopt" needs to be
	unreferenced as well.

	Fix memory leak in openvz_conf.c
	If there is no error while executing a function "openvzParseBarrierLimit"
	a "str" string where is duplicate of a "value" string isn't freed and it
	leads into memory leak.
	This has been found by coverity.

2014-01-15  Gao feng  <gaofeng@cn.fujitsu.com>

	Add Gao feng to the committers list

2014-01-15  Eric Blake  <eblake@redhat.com>

	maint: ignore transient files during tests
	I ran 'git add .' for a patch in progress, while in the middle
	of running 'make check' to test my work, and was surprised when
	it picked up some files I wasn't expecting.
	* .gitignore: Ignore *.pem.

2014-01-14  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in testDomainCreateXMLMixed()
	While running objecteventtest, it was found that valgrind pointed out the
	following memory leak:
	==125== 538 (56 direct, 482 indirect) bytes in 1 blocks are definitely lost in loss record 216 of 226
	==125==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
	==125==    by 0x4C65D8D: virAllocVar (viralloc.c:558)
	==125==    by 0x4C9F055: virObjectNew (virobject.c:190)
	==125==    by 0x4D2B2E8: virGetDomain (datatypes.c:220)
	==125==    by 0x4D79180: testDomainDefineXML (test_driver.c:2962)
	==125==    by 0x4D4977D: virDomainDefineXML (libvirt.c:8512)
	==125==    by 0x4029C2: testDomainCreateXMLMixed (objecteventtest.c:226)
	==125==    by 0x403A21: virtTestRun (testutils.c:138)
	==125==    by 0x4021C2: mymain (objecteventtest.c:549)
	==125==    by 0x4040C2: virtTestMain (testutils.c:593)
	==125==    by 0x341F421A04: (below main) (libc-start.c:225)

2014-01-14  Jiri Denemark  <jdenemar@redhat.com>

	Really don't crash if a connection closes early
	https://bugzilla.redhat.com/show_bug.cgi?id=1047577
	When writing commit 173c291, I missed the fact virNetServerClientClose
	unlocks the client object before actually clearing client->sock and thus
	it is possible to hit a window when client->keepalive is NULL while
	client->sock is not NULL. I was thinking client->sock == NULL was a
	better check for a closed connection but apparently we have to go with
	client->keepalive == NULL to actually fix the crash.

2014-01-14  Peter Krempa  <pkrempa@redhat.com>

	storage: FS: Tweak some comments and fix typos

2014-01-14  Eric Blake  <eblake@redhat.com>

	build: fix build on mingw with winpthreads
	On my Fedora 20 box with mingw cross-compiler, the build failed with:
	../../src/rpc/virnetclient.c: In function 'virNetClientSetTLSSession':
	../../src/rpc/virnetclient.c:745:14: error: unused variable 'oldmask' [-Werror=unused-variable]
	     sigset_t oldmask, blockedsigs;
	              ^
	I traced it to the fact that mingw64-winpthreads installs a header
	that does #define pthread_sigmask(...) 0, which means any argument
	only ever passed to pthread_sigmask is reported as unused.  This
	patch works around the compilation failure, with behavior no worse
	than what mingw already gives us regarding the function being a
	no-op.
	* configure.ac (pthread_sigmask): Probe for broken mingw macro.
	* src/util/virutil.h (pthread_sigmask): Rewrite to something that
	avoids unused variables.

2014-01-13  Peter Krempa  <pkrempa@redhat.com>

	storage: Break long lines and clean up spaces in storage backend header

2014-01-13  Jiri Denemark  <jdenemar@redhat.com>

	Don't crash if a connection closes early
	https://bugzilla.redhat.com/show_bug.cgi?id=1047577
	When a client closes its connection to libvirtd early during
	virConnectOpen, more specifically just after making
	REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if
	VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for
	the result, libvirtd may crash due to a race in keep-alive
	initialization. Once receiving the REMOTE_PROC_CONNECT_SUPPORTS_FEATURE
	call, the daemon's event loop delegates it to a worker thread. In case
	the event loop detects EOF on the connection and calls
	virNetServerClientClose before the worker thread starts to handle
	REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, client->keepalive will be
	disposed by the time virNetServerClientStartKeepAlive gets called from
	remoteDispatchConnectSupportsFeature. Because the flow is common for
	both authenticated and read-only connections, even unprivileged clients
	may cause the daemon to crash.
	To avoid the crash, virNetServerClientStartKeepAlive needs to check if
	the connection is still open before starting keep-alive protocol.
	Every libvirt release since 0.9.8 is affected by this bug.

2014-01-11  Daniel P. Berrange  <berrange@redhat.com>

	Exercise the ABI stability check code in test suite
	Any test suite which involves a virDomainDefPtr should
	call virDomainDefCheckABIStability with itself just as
	a basic sanity check that the identity-comparison always
	succeeds. This would have caught the recent NULL pointer
	access crash.
	Make sure we cope with def->name being NULL since the
	VMWare config parser produces NULL names.

2014-01-11  Eric Blake  <eblake@redhat.com>

	schema: fix idmap validation
	When idmap was added to LXC, we forgot to cover it in the testsuite.
	The schema was missing an <element> layer, and as a result,
	virt-xml-validate was failing on valid dumpxml output.
	Reported by Eduard - Gabriel Munteanu on IRC.
	* docs/schemas/domaincommon.rng (idmap): Include <idmap> element,
	and support interleaves.
	* tests/lxcxml2xmldata/lxc-idmap.xml: New file.
	* tests/lxcxml2xmltest.c (mymain): Test it.

2014-01-10  Peter Krempa  <pkrempa@redhat.com>

	storage: Improve error message when a storage backend is missing
	Include the name of the storage backend in the error message instead of
	just the number.

	storage: lvm: Avoid forward decl of virStorageBackendLogicalDeleteVol
	Change code ordering to avoid the need for a forward declaration.

	storage: fs: Fix comment for virStorageBackendFileSystemDelete
	The comment was talking about creating the pool while the function is
	deleting it. Fix the mismatch.

2014-01-10  Claudio Bley  <cbley@av-test.de>

	Clarify documentation on possible return values in case of errors

2014-01-10  Eric Blake  <eblake@redhat.com>

	event: don't queue NULL event on OOM
	Ever since commit 61ac8ce, Coverity complained about
	remoteNetworkBuildEventLifecycle not checking for NULL failure
	to build an event, compared to other calls in the code base.
	But the problem is latent from copy and paste; all 17 of our
	remote*BuildEvent* functions in remote_driver.c have the same
	issue - if an OOM causes an event to not be built, we happily
	pass NULL to remoteEventQueue(), but that function has marked
	event as a nonnull parameter.  We were getting lucky (the
	event queue's first use of the event happened to be a call to
	virIsObjectClass(), which acts gracefully on NULL, so there
	was no way to crash); but this is a latent bug waiting to bite
	us due to the disregard for the nonnull attribute, as well as
	a waste of resources in the event queue.  Better is to just
	refuse to queue NULL.  The discard is silent, since the problem
	only happens on OOM, and since events are already best effort -
	if we fail to get an event, it's not like we have any memory
	left to report the issue, nor any idea of who would benefit
	from knowing we couldn't create or queue the event.
	* src/remote/remote_driver.c (remoteEventQueue): Ignore NULL event.

	virt-login-shell: fix regressions in behavior
	Our fixes for CVE-2013-4400 were so effective at "fixing" bugs
	in virt-login-shell that we ended up fixing it into a useless
	do-nothing program.
	Commit 3e2f27e1 picked the name LIBVIRT_SETUID_RPC_CLIENT for
	the witness macro when we are doing secure compilation.  But
	commit 9cd6a57d checked whether the name IN_VIRT_LOGIN_SHELL,
	from an earlier version of the patch series, was defined; with
	the net result that virt-login-shell invariably detected that
	it was setuid and failed virInitialize.
	Commit b7fcc799 closed all fds larger than stderr, but in the
	wrong place.  Looking at the larger context, we mistakenly did
	the close in between obtaining the set of namespace fds, then
	actually using those fds to switch namespace, which means that
	virt-login-shell will ALWAYS fail.
	This is the minimal patch to fix the regressions, although
	further patches are also worth having to clean up poor
	semantics of the resulting program (for example, it is rude to
	not pass on the exit status of the wrapped program back to the
	invoking shell).
	* tools/virt-login-shell.c (main): Don't close fds until after
	namespace swap.
	* src/libvirt.c (virGlobalInit): Use correct macro.

	maint: improve VIR_ERR_INVALID_DOMAIN_SNAPSHOT usage
	The existing check of domain snapshots validated that they
	point to a domain, but did not validate that the domain
	points to a connection, even though any errors blindly assume
	the connection is valid.  On the other hand, as mentioned in
	commit 6e130ddc, any valid domain is already tied to a valid
	connection, and VIR_IS_SNAPSHOT vs. VIR_IS_DOMAIN_SNAPSHOT
	makes no real difference; it's best to just validate the chain
	of all three.  For consistency with previous patches, continue
	the trend of using a common macro.  For now, we don't need
	virCheckDomainSnapshotGoto().
	* src/datatypes.h (virCheckDomainSnapshotReturn): New macro.
	(VIR_IS_SNAPSHOT, VIR_IS_DOMAIN_SNAPSHOT):
	Drop unused macros.
	* src/libvirt.c: Use macro throughout.
	(virLibDomainSnapshotError): Drop unused macro.

	maint: improve VIR_ERR_INVALID_NWFILTER usage
	While all errors related to invalid nwfilters appeared to be
	consistent, we might as well continue the trend of using a
	common macro.  As in commit 6e130ddc, the difference between
	VIR_IS_NWFILTER and VIR_IS_CONNECTED_NWFILTER is moot, since
	reference counting means any valid nwfilter is also tied to
	a valid connection.  For now, we don't need virCheckNWFilterGoto().
	* src/datatypes.h (virCheckNWFilterReturn): New macro.
	(VIR_IS_NWFILTER, VIR_IS_CONNECTED_NWFILTER): Drop unused macros.
	* src/libvirt.c: Use macro throughout.
	(virLibNWFilterError): Drop unused macro.

	maint: improve VIR_ERR_INVALID_STREAM usage
	For streams validation, we weren't consistent on whether to
	use VIR_FROM_NONE or VIR_FROM_STREAMS.  Furthermore, in many
	API, we want to ensure that a stream is tied to the same
	connection as the other object we are operating on; while
	other API failed to validate the stream at all.  And the
	difference between VIR_IS_STREAM and VIR_IS_CONNECTED_STREAM
	is moot; as in commit 6e130ddc, we know that reference
	counting means a valid stream will always be tied to a valid
	connection.  Similar to previous patches, use a common macro
	to make it nicer.
	* src/datatypes.h (virCheckStreamReturn, virCheckStreamGoto):
	New macros.
	(VIR_IS_STREAM, VIR_IS_CONNECTED_STREAM): Drop unused macros.
	* src/libvirt.c: Use macro throughout.
	(virLibStreamError): Drop unused macro.

	maint: improve VIR_ERR_INVALID_SECRET usage
	While all errors related to invalid secrets appeared to be
	consistent, we might as well continue the trend of using a
	common macro.  Just as in commit 6e130ddc, the difference
	between VIR_IS_SECRET and VIR_IS_CONNECTED_SECRET is moot
	(due to reference counting, any valid secret must be tied to
	a valid domain).  For now, we don't need virCheckSecretGoto().
	* src/datatypes.h (virCheckSecretReturn): New macro.
	(VIR_IS_SECRET, VIR_IS_CONNECTED_SECRET): Drop unused macros.
	* src/libvirt.c: Use macro throughout.
	(virLibSecretError): Drop unused macro.

	maint: improve VIR_ERR_INVALID_NODE_DEVICE usage
	While all errors related to invalid node device appeared to be
	consistent, we might as well continue the trend of using a
	common macro.  For now, we don't need virCheckNodeDeviceGoto().
	* src/datatypes.h (virCheckNodeDeviceReturn): New macro.
	(VIR_IS_NODE_DEVICE, VIR_IS_CONNECTED_NODE_DEVICE): Drop
	unused macros.
	* src/libvirt.c: Use macro throughout.
	(virLibNodeDeviceError): Drop unused macro.

2014-01-09  Martin Kletzander  <mkletzan@redhat.com>

	storage: fix crash when listing volumes or undefining a pool
	The commit cad3cf9a951d26da9d2ee0f5b52fb1a2dbb74af1 introduced a crash
	due to wrong order of parameters being passed to the function.  When
	deleting an element, the function decreased the iterator instead of
	count and if listing volumes after that (or undefining the pool, NULL
	was being dereferenced.

2014-01-09  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildNicDevStr: Set vectors= on Multiqueue
	Yet another advice appeared on the Multiqueue wiki page:
	http://www.linux-kvm.org/page/Multiqueue#Enable_MQ_feature
	We should add vectors=N onto the qemu command line, where
	N = 2 * (number of queues) + 1.

2014-01-09  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_STORAGE_VOL usage
	For storage volume validation, we weren't consistent on
	whether to use VIR_FROM_NONE or VIR_FROM_STORAGE.  Similar
	to previous patches, use a common macro to make it nicer.
	Furthermore, just as in commit 6e130ddc, the difference
	between VIR_IS_STORAGE_VOL and VIR_IS_CONNECTED_STORAGE_VOL
	is moot (due to reference counting, any valid volume must
	be tied to a valid connection).
	virStorageVolCreateXMLFrom allows cross-connection cloning,
	where the error is reported against the connection of the
	destination pool.
	* src/datatypes.h (virCheckStorageVolReturn)
	(virCheckStorageVolGoto): New macros.
	(VIR_IS_STORAGE_VOL, VIR_IS_CONNECTED_STORAGE_VOL): Drop
	unused macros.
	* src/libvirt.c: Use macro throughout.
	(virLibStorageVolError): Drop unused macro.

2014-01-09  Guido Günther  <agx@sigxcpu.org>

	Add Documentation fields to systemd service files
	We point to the manpages where available and redirect to libvirt's
	homepage as a last resort.

2014-01-09  Stefan Bader  <stefan.bader@canonical.com>

	libxl: Fix devid init in libxlMakeNicList
	This basically reverts commit ba64b97134a6129a48684f22f31be92c3b6eef96
	"libxl: Allow libxl to set NIC devid". However assigning devid's
	before calling libxlMakeNic does not work as that is calling
	libxl_device_nic_init which sets it back to -1.
	Right now auto-assignment only works in the hotplug case. But even if
	that would be fixed at some point (if that is possible at all), this
	would add a weird dependency between Xen and libvirt versions.
	The change here should accept any auto-assignment that makes it into
	libxl_device_nic_init. My understanding is that a caller always is
	allowed to make the devid choice itself. And assuming libxlMakeNicList
	is only used on domain creation, a sequential numbering should be ok.

2014-01-09  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_STORAGE_POOL usage
	virStoragePoolBuild reported an invalid pool as if it were an
	invalid network.  Likewise, we weren't consistent on whether to
	use VIR_FROM_NONE or VIR_FROM_STORAGE.  Similar to previous
	patches, use a common macro to make it nicer.  Furthermore, just
	as in commit 6e130ddc, the difference between VIR_IS_STORAGE_POOL
	and VIR_IS_CONNECTED_STORAGE_POOL is moot (due to reference
	counting, any valid pool must be tied to a valid connection).
	For now, we don't need virCheckStoragePoolGoto().
	* src/datatypes.h (virCheckStoragePoolReturn): New macro.
	(VIR_IS_STORAGE_POOL, VIR_IS_CONNECTED_STORAGE_POOL): Drop
	unused macros.
	* src/libvirt.c: Use macro throughout.
	(virLibStoragePoolError): Drop unused macro.

2014-01-09  Richard W.M. Jones  <rjones@redhat.com>

	test driver: Add authentication to test driver.
	There is no easy way to test authentication against libvirt.  This
	commit modifies the test driver to allow simple username/password
	authentication.
	You modify the test XML by adding:
	 <node>
	   ...
	   <auth>
	     <user password="123456">rich</user>
	     <user>jane</user>
	   </auth>
	 </node>
	If there are any /node/auth/user elements, then authentication is
	required by the test driver (if none are present, then the test driver
	will work as before and not require authentication).
	In the example above, two phony users are added:
	 rich  password: 123456
	 jane  no password required
	The test driver will demand a username.  If the password attribute is
	present (or if the username entered is wrong), then the password is
	also asked for and checked:
	 $ virsh -c test://$(pwd)/testnode.xml list
	 Enter username for localhost: rich
	 Enter rich's password for localhost: ***
	  Id    Name                           State
	 ----------------------------------------------------
	  1     fv0                            running
	  2     fc4                            running

2014-01-09  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_INTERFACE usage
	When checking for a valid interface, we weren't consistent on
	whether we reported as VIR_FROM_NONE or VIR_FROM_INTERFACE.
	Similar to previous patches, use a common macro to make it nicer.
	Furthermore, just as in commit 6e130ddc, the difference between
	VIR_IS_INTERFACE and VIR_IS_CONNECTED_INTERFACE is moot (due to
	reference counting, any valid interface must be tied to a valid
	connection).  For now, we don't need virCheckInterfaceGoto().
	* src/datatypes.h (virCheckInterfaceReturn): New macro.
	(VIR_IS_INTERFACE, VIR_IS_CONNECTED_INTERFACE): Drop unused
	macros.
	* src/libvirt.c: Use macro throughout.
	(virLibInterfaceError): Drop unused macro.

	event: clean up client side RPC code
	Commit cfd62c1 was incomplete; I found more cases where error
	messages were being overwritten, and where the code between
	the three registration/deregistration APIs was not consistent.
	Since it is fairly easy to trigger an attempt to deregister an
	unregistered object through public API, I also changed the error
	message from VIR_ERR_INTERNAL_ERROR to VIR_ERR_INVALID_ARG.
	* src/conf/object_event.c (virObjectEventCallbackListEventID):
	Inline...
	(virObjectEventStateEventID): ...into lone caller, and report
	error on failure.
	(virObjectEventCallbackListAddID, virObjectEventStateCallbackID)
	(virObjectEventCallbackListRemoveID)
	(virObjectEventCallbackListMarkDeleteID): Tweak error category.
	* src/remote/remote_driver.c (remoteConnectDomainEventRegister):
	Don't leak registration on failure.
	(remoteConnectDomainEventDeregisterAny)
	(remoteConnectNetworkEventDeregisterAny): Don't overwrite error.

2014-01-09  Guido Günther  <agx@sigxcpu.org>

	Make sure AC_ARG_WITH is always executed

2014-01-09  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_NETWORK usage
	When checking for a valid network, we weren't consistent on
	whether we reported an invalid network or a connection.  Similar
	to previous patches such as commit 6e130ddc, the difference
	between VIR_IS_NETWORK and VIR_IS_CONNECTED_NETWORK is moot (due
	to reference counting, any valid network must be tied to a valid
	connection).  Use a common macro to make the error reporting
	for invalid networks nicer.
	* src/datatypes.h (virCheckNetworkReturn, virCheckNetworkGoto): New
	macros.
	(VIR_IS_NETWORK, VIR_IS_CONNECTED_NETWORK): Drop unused macros.
	* src/libvirt.c: Use macro throughout.
	(virLibNetworkError): Drop unused macro.

2014-01-08  Osier Yang  <jyang@redhat.com>

	util: Use new array management macros
	Like commit 94a26c7e from Eric Blake, the old fuzzy code should
	be replaced by the new array management macros now.
	And the type of scsi->count should be changed into "size_t", and
	thus virSCSIDeviceListCount should return size_t instead, similar
	for vir{PCI,USB}DeviceListCount.

2014-01-08  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: add LXC multi console command docs and a example

2014-01-08  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: create monitor socket under selinux context of domain
	the unix socket /var/run/libvirt/lxc/domain.sock is not created
	under the selinux context which configured by <seclabel>.
	If we try to connect the domain.sock under the selinux context
	of domain in virtLXCProcessConnectMonitor,selinux will deny
	this connect operation.
	type=AVC msg=audit(1387953696.067:662): avc:  denied  { connectto } for  pid=21206 comm="libvirtd" path="/usr/local/var/run/libvirt/lxc/systemd.sock" scontext=unconfined_u:system_r:svirt_lxc_net_t:s0:c770,c848 tcontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
	fix this problem by creating socket under selinux context of domain.

2014-01-08  Martin Kletzander  <mkletzan@redhat.com>

	conf: trivial typo fix

2014-01-08  Peter Krempa  <pkrempa@redhat.com>

	virsh: Use inactive definition when removing disk from config
	https://bugzilla.redhat.com/show_bug.cgi?id=1049529
	The 'detach-disk' command in virsh used the active XML definition of a
	domain even when attempting to remove a disk from the config only. If
	the disk was only in the inactive definition the operation failed. Fix
	this by using the inactive XML in case that only the config is affected.

	virsh: Don't use legacy API if --current is used on device hot(un)plug
	https://bugzilla.redhat.com/show_bug.cgi?id=1049529
	The legacy virDomainAttachDevice and virDomainDetachDevice operate only
	on active domains. When a user specified --current flag with an inactive
	domain the old API was used and reported an error. Fix it by calling the
	new API if --current is specified explicitly.

2014-01-08  Michal Privoznik  <mprivozn@redhat.com>

	virConnect(Un)registerCloseCallback: Unlock @conn prior to error dispatch
	The function checks for @conn to be valid and locks its mutex. Then, it
	checks if callee is unregistering the same callback that he registered
	previously. If this fails an error is reported and  the control jumps to
	'error' label. Here, if @conn has some errors (and it certainly does -
	the one that's been just reported) the conn->mutex is locked again -
	without any previous unlock:
	  Thread 1 (Thread 0x7fb500ef1800 (LWP 18982)):
	  #0  __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
	  #1  0x00007fb4fd99ce56 in _L_lock_918 () from /lib64/libpthread.so.0
	  #2  0x00007fb4fd99ccaa in __GI___pthread_mutex_lock (mutex=0x7fb50153b670) at pthread_mutex_lock.c:64
	  #3  0x00007fb5007e574d in virMutexLock (m=m@entry=0x7fb50153b670) at util/virthreadpthread.c:85
	  #4  0x00007fb5007b198e in virDispatchError (conn=conn@entry=0x7fb50153b5e0) at util/virerror.c:594
	  #5  0x00007fb5008a3735 in virConnectUnregisterCloseCallback (conn=0x7fb50153b5e0, cb=cb@entry=0x7fb500f588e0 <vshCatchDisconnect>) at libvirt.c:21025
	  #6  0x00007fb500f5d690 in vshReconnect (ctl=ctl@entry=0x7fffff60e710) at virsh.c:328
	  #7  0x00007fb500f5dc50 in vshCommandRun (ctl=ctl@entry=0x7fffff60e710, cmd=0x7fb50152ca80) at virsh.c:1755
	  #8  0x00007fb500f5861b in main (argc=<optimized out>, argv=<optimized out>) at virsh.c:3393
	And since the conn's mutex is not recursive, the virDispatchError will
	never ever lock it successfully.

2014-01-08  Eric Blake  <eblake@redhat.com>

	maint: inline VIR_IS*_DOMAIN macro
	Cleanup after a previous patch, commit 6e130dd.  In particular,
	note that xenDomainUsedCpus can only be reached from
	xenUnifiedDomainGetXMLDesc, which in turn is only reached from
	public API that already validated the domain.
	* src/xen/xen_driver.c (xenDomainUsedCpus): Drop redundant check.
	* src/datatypes.h (VIR_IS_DOMAIN, VIR_IS_CONNECTED_DOMAIN):
	Delete, and inline into all callers, since no other file uses it
	any more.

2014-01-08  Guido Günther  <agx@sigxcpu.org>

	Allow to install apparmor profiles
	Make it easy to install the shipped examples. The aim is to have
	reasonably working templates so that distros only need to minimally
	patch these and can feed things upstream more easily.
	This was prompted by http://bugs.debian.org/725144

2014-01-08  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_DOMAIN usage
	In datatype.c, virGetDomainSnapshot could result in the message:
	error: invalid domain pointer in bad domain
	Furthermore, while there are a few functions in libvirt.c that
	only care about a virDomainPtr without regards to the connection
	(such as virDomainGetName), most functions also require a valid
	connection.  Yet several functions were blindly dereferencing
	the conn member without checking it for validity first (such as
	virDomainOpenConsole).  Rather than try and correct all usage
	of VIR_IS_DOMAIN vs. VIR_IS_CONNECTED_DOMAIN, it is easier to
	just blindly require that a valid domain object always has a
	valid connection object (which should be true anyways, since
	every domain object holds a reference to its connection, so the
	connection will not be closed until all domain objects have
	also been closed to release their reference).
	After this patch, all places that validate a domain consistently
	report:
	error: invalid domain pointer in someFunc
	* src/datatypes.h (virCheckDomainReturn, virCheckDomainGoto): New
	macros.
	* src/datatypes.c (virGetDomainSnapshot): Use new macro.
	(virLibConnError): Delete unused macro.

	event: make network events easier to use without casts
	While comparing network and domain events, I noticed that the
	test driver had to do a cast in one place and not the other.
	For consistency, we should hide the necessary casting as low
	as possible in the stack, with everything else using saner
	types.
	* src/conf/network_event.h (virNetworkEventStateRegisterID): Alter
	type.
	* src/conf/network_event.c (virNetworkEventStateRegisterID): Hoist
	cast here.
	* src/test/test_driver.c (testConnectNetworkEventRegisterAny):
	Simplify callers.
	* src/remote/remote_driver.c
	(remoteConnectNetworkEventRegisterAny): Likewise.
	* src/network/bridge_driver.c
	(networkConnectNetworkEventRegisterAny): Likewise.

	event: don't turn offline domain into global event
	If a user registers for a domain event filtered to a particular
	domain, but the persistent domain is offline at the time, then
	the code silently failed to set up the filter.  As a result,
	the event fires for all domains, rather than being filtered.
	Network events were immune, since they always passed an id
	0 argument.
	The key to this patch is realizing that
	virObjectEventDispatchMatchCallback() only cared about uuid;
	so refusing to create a meta for a negative id is pointless,
	and in fact, malloc'ing meta at all was overkill; instead,
	just directly store a uuid and a flag of whether to filter.
	Note that virObjectEventPtr still needs all fields of meta,
	because this is how we reconstruct a virDomainPtr inside the
	dispatch handler before calling the end user's callback
	pointer with the correct object, even though only the uuid
	portion of meta is used in deciding whether a callback
	matches the given event.  So while uuid is optional for
	callbacks, it is mandatory for events.
	The change to testDomainCreateXMLMixed is merely on the setup
	scenario (as you can't register for a domain unless it is either
	running or persistent).  I actually first wrote that test for
	this patch, then rebased it to also cover a prior patch (commit
	4221d64), but had to adjust it for that patch to use Create
	instead of Define for setting up the domain long enough to
	register the event in order to work around this bug.  But while
	the setup is changed, the main body of the test is still about
	whether creation events fire as expected.
	* src/conf/object_event_private.h (_virObjectEventCallback):
	Replace meta with uuid and flag.
	(virObjectEventCallbackListAddID): Update signature.
	* src/conf/object_event.h (virObjectEventStateRegisterID):
	Likewise.
	* src/conf/object_event_private.h (virObjectEventNew): Document
	use of name and uuid in events.
	* src/conf/object_event.c (virObjectEventCallbackListAddID): Drop
	arguments that don't affect filtering.
	(virObjectEventCallbackListRemoveID)
	(virObjectEventDispatchMatchCallback)
	(virObjectEventStateRegisterID): Update clients.
	* src/conf/domain_event.c (virDomainEventCallbackListAdd)
	(virDomainEventStateRegisterID): Likewise.
	* src/conf/network_event.c (virNetworkEventStateRegisterID):
	Likewise.
	* tests/objecteventtest.c (testDomainCreateXMLMixed): Enhance test.

	event: don't allow mix of old- and new-style registration
	Consider these two calls, in either order:
	id1 = virConnectDomainEventRegisterAny(conn, NULL,
	   VIR_DOMAIN_EVENT_ID_LIFECYCLE,
	   VIR_DOMAIN_EVENT_CALLBACK(callback), NULL, NULL);
	virConnectDomainEventRegister(conn, callback, NULL, NULL);
	Right now, the second call fails, because under the hood, the
	old-style function registration is tightly coupled to the
	new style lifecycle eventID, and the two calls both try
	to register the same global eventID callback representation.
	We've alreay documented that users should avoid old-style
	registration and deregistration, so anyone heeding the advice
	won't run into this situation.  But it would be even nicer if
	we pretend the two interfaces are completely separate, and
	disallow any cross-linking.  That is, a call to old-style
	deregister should never remove a new-style callback even if it
	is the same function pointer, and a call to new-style callback
	using only callbackIDs obtained legitimately should never
	remove an old-style callback (of course, since our callback
	IDs are sequential, and there is still coupling under the
	hood, you can easily guess the callbackID of an old style
	registration and use new-style deregistration to nuke it - but
	that starts to be blatantly bad coding on your part rather
	than a surprising result on what looks like reasonable
	stand-alone API).
	With this patch, you can now register a global lifecycle event
	handler twice, by using both old and new APIs; if such an event
	occurs, your callback will be entered twice.  But that is not a
	problem in practice, since it is already possible to use the
	new API to register both a global and per-domain event handler
	using the same function, which will likewise fire your callback
	twice for that domain.  Duplicates are still prevented when
	using the same API with same parameters twice (old-style twice,
	new-style global twice, or new-style per-domain with same domain
	twice), and things are still bounded (it is not possible to
	register a single function pointer more than N+2 times per event
	id, where N is the number of domains available on the connection).
	Besides, it has always been possible to register as many
	separate function pointers on the same event id as desired,
	through either old or new style API, where the bound there is
	the physical limitation of writing a program with enough
	distinct function pointers.
	Adding another event registration in the testsuite is sufficient
	to cover this, where the test fails without the rest of the patch.
	* src/conf/object_event.c (_virObjectEventCallback): Add field.
	(virObjectEventCallbackLookup): Add argument.
	(virObjectEventCallbackListAddID, virObjectEventStateCallbackID):
	Adjust callers.
	* tests/objecteventtest.c (testDomainCreateXMLMixed): Enhance test.

	event: properly filter count of remaining events
	On the surface, this sequence of API calls should succeed:
	id1 = virConnectDomainEventRegisterAny(..., VIR_DOMAIN_EVENT_ID_LIFECYCLE,...);
	id2 = virConnectDomainEventRegisterAny(..., VIR_DOMAIN_EVENT_ID_RTC_CHANGE,...);
	virConnectDomainEventDeregisterAny(id1);
	id1 = virConnectDomainEventRegisterAny(..., VIR_DOMAIN_EVENT_ID_LIFECYCLE,...);
	And for test:///default, it does.  But for qemu:///system, it fails:
	libvirt: XML-RPC error : internal error: domain event 0 already registered
	Looking closer, the bug is caused by miscommunication between
	the object event engine and the client side of the remote driver.
	In our implementation, we set up a single server-side event per
	eventID, then the client side replicates that one event to all
	callbacks that have been registered client side.  To know when
	to turn the server side eventID on or off, the client side must
	track how many events for the same eventID have been registered.
	But while our code was filtering by eventID on event registration,
	it did not filter on event deregistration.  So the above API calls
	resulted in the deregister returning 1 instead of 0, so no RPC
	deregister was issued, and the final register detects on the
	server side that the server is already handling eventID 0.
	Unfortunately, since the problem is only observable on remote
	connections, it's not possible to enhance objecteventtest to
	expose the semantics using only public API entry points.
	* src/conf/object_event.c (virObjectEventCallbackListCount): New
	function.
	(virObjectEventCallbackListAddID)
	(virObjectEventCallbackListRemoveID)
	(virObjectEventCallbackListMarkDeleteID): Use it.

2014-01-08  Lénaïc Huard  <lenaic@lhuard.fr.eu.org>

	Fix bridge configuration when OUTPUT policy is DROP on the host
	When the host is configured with very restrictive firewall (default policy
	is DROP for all chains, including OUTPUT), the bridge driver for Linux
	adds netfilter entries to allow DHCP and DNS requests to go from the VM
	to the dnsmasq of the host.
	The issue that this commit fixes is the fact that a DROP policy on the OUTPUT
	chain blocks the DHCP replies from the host’s dnsmasq to the VM.
	As DHCP replies are sent in UDP, they are not caught by any --ctstate ESTABLISHED
	rule and so, need to be explicitly allowed.

2014-01-08  Thadeu Lima de Souza Cascardo  <cascardo@linux.vnet.ibm.com>

	Read PCI class from sysfs class file instead of config space.
	When determining if a device is behind a PCI bridge, the PCI device
	class is checked by reading the config space. However, there are some
	devices which have the wrong class on the config space, but the class is
	initialized by Linux correctly as a PCI BRIDGE. This class can be read
	by the sysfs file '/sys/bus/pci/devices/xxxx:xx:xx.x/class'.
	One example of such bridge is IBM PCI Bridge 1014:03b9, which is
	identified as a Host Bridge when reading the config space.

2014-01-08  Eric Blake  <eblake@redhat.com>

	event: fix typo in previous patch
	Bah, serves me right for merging patches without one last
	compile test.

	event: tighten scope of object_event
	Tighten up scope after the previous patch avoided using
	internals.  This will also make it easier to change
	internal implementation without having to chase down quite
	as many impacted callers or worrying about two files getting
	implementations out of sync.
	* src/conf/object_event_private.h
	(virObjectEventCallbackListAddID, virObjectEventQueueClear)
	(virObjectEventStateLock, virObjectEventStateUnlock)
	(virObjectEventTimer): Drop prototype.
	(_virObjectEventCallbackList, _virObjectEventState)
	(_virObjectEventCallback): Move...
	* src/conf/object_event.c: ...here.
	(virObjectEventCallbackListAddID, virObjectEventQueueClear)
	(virObjectEventStateLock, virObjectEventStateUnlock)
	(virObjectEventTimer): Mark private.

	event: don't let old-style events clobber per-domain events
	Right now, the older virConnectDomainEventRegister (takes a
	function pointer, returns 0 on success) and the newer
	virConnectDomainEventRegisterID (takes an eventID, returns a
	callbackID) share the underlying implementation (the older
	API ends up consuming a callbackID for eventID 0 under the
	hood).  We implemented that by a lot of copy and pasted
	code between object_event.c and domain_event.c, according to
	whether we are dealing with a function pointer or an eventID.
	However, our copy and paste is not symmetric.  Consider this
	sequence:
	id1 = virConnectDomainEventRegisterAny(conn, dom,
	   VIR_DOMAIN_EVENT_ID_LIFECYCLE,
	   VIR_DOMAIN_EVENT_CALLBACK(callback), NULL, NULL);
	virConnectDomainEventRegister(conn, callback, NULL, NULL);
	virConnectDomainEventDeregister(conn, callback);
	virConnectDomainEventDeregsiterAny(conn, id1);
	the first three calls would succeed, but the third call ended
	up nuking the id1 callbackID (the per-domain new-style handler),
	then the fourth call failed with an error about an unknown
	callbackID, leaving us with the global handler (old-style) still
	live and receiving events.  It required another old-style
	deregister to clean up the mess.  Root cause was that
	virDomainEventCallbackList{Remove,MarkDelete} were only
	checking for function pointer match, rather than also checking
	for whether the registration was global.
	Rather than playing with the guts of object_event ourselves
	in domain_event, it is nicer to add a mapping function for the
	internal callback id, then share common code for event removal.
	For now, the function-to-id mapping is used only internally;
	I thought about whether a new public API to let a user learn
	the callback would be useful, but decided exposing this to the
	user is probably a disservice, since we already publicly
	document that they should avoid the old style, and since this
	patch already demonstrates that older libvirt versions have
	weird behavior when mixing old and new styles.
	And like all good bug fix patches, I enhanced the testsuite,
	validating that the changes in tests/ expose the failure
	without the rest of the patch.
	* src/conf/object_event.c (virObjectEventCallbackLookup)
	(virObjectEventStateCallbackID): New functions.
	(virObjectEventCallbackLookup): Use helper function.
	* src/conf/object_event_private.h (virObjectEventStateCallbackID):
	Declare new function.
	* src/conf/domain_event.c (virDomainEventStateRegister)
	(virDomainEventStateDeregister): Let common code handle the
	complexity.
	(virDomainEventCallbackListRemove)
	(virDomainEventCallbackListMarkDelete)
	(virDomainEventCallbackListAdd): Drop unused functions.
	* tests/objecteventtest.c (testDomainCreateXMLMixed): New test.

2014-01-07  Eric Blake  <eblake@redhat.com>

	event: rename confusing variable in test, remote drivers
	Since the introduction of network events, any driver that uses
	a single event state object to track both domain and network
	events should not include 'domain' in the name of that object.
	* src/test/test_driver.c (_testConn):
	s/domainEventState/eventState/, and fix all callers.
	* src/remote/remote_driver.c (private_data): Likewise.
	(remoteDomainEventQueue): Rename to remoteEventQueue.
	(remoteDomainEvents): Rename to remoteEvents.

	event: share state driver between test:///default connections
	Prior to this patch, every test:/// URI has its own event manager,
	which means that registering for an event can only ever receive
	events from the connection where it issued the API that triggered
	the event.  But the whole idea of events is to be able to learn
	about something where an API call did NOT trigger the action.
	In order to actually test asynchronous events, I wanted to be able
	to tie multiple test connections to the same state.  Use of a file
	in a test URI is still per-connection state, but now parallel
	connections to test:///default (from the same binary, of course)
	now share common state and can affect one another.
	The updated testsuite fails without the rest of this patch.
	Valgrind didn't report any leaks.
	* src/test/test_driver.c (testConnectOpen): Move per-connection
	state initialization...
	(testOpenFromFile): ...here.
	(defaultConn, defaultConnections, defaultLock, testOnceInit): New
	shared state.
	(testOpenDefault): Only initialize on first connection.
	(testConnectClose): Don't clobber state if still shared.
	* tests/objecteventtest.c (testDomainStartStopEvent): Enhance to
	cover this.
	(timeout, mymain): Ensure test fails rather than blocks.

2014-01-07  Michal Privoznik  <mprivozn@redhat.com>

	lxc_controller: Fix error message on missing --handshakefd
	The argument is --handshakefd not --handshake.

	lxc_controller: Don't leak @name
	The @name variable is VIR_STRDUP()-ed into, but never freed. In fact,
	there's no need to duplicate a command line argument since all places
	where @name is used expect const char.

2014-01-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix job usage in virDomainGetBlockIoTune
	CVE-2013-6458
	Every API that is going to begin a job should do that before fetching
	data from vm->def.

	qemu: Fix job usage in qemuDomainBlockCopy
	Every API that is going to begin a job should do that before fetching
	data from vm->def.

	qemu: Fix job usage in qemuDomainBlockJobImpl
	CVE-2013-6458
	Every API that is going to begin a job should do that before fetching
	data from vm->def.

	qemu: Avoid using stale data in virDomainGetBlockInfo
	CVE-2013-6458
	Generally, every API that is going to begin a job should do that before
	fetching data from vm->def. However, qemuDomainGetBlockInfo does not
	know whether it will have to start a job or not before checking vm->def.
	To avoid using disk alias that might have been freed while we were
	waiting for a job, we use its copy. In case the disk was removed in the
	meantime, we will fail with "cannot find statistics for device '...'"
	error message.

	qemu: Do not access stale data in virDomainBlockStats
	CVE-2013-6458
	https://bugzilla.redhat.com/show_bug.cgi?id=1043069
	When virDomainDetachDeviceFlags is called concurrently to
	virDomainBlockStats: libvirtd may crash because qemuDomainBlockStats
	finds a disk in vm->def before getting a job on a domain and uses the
	disk pointer after getting the job. However, the domain in unlocked
	while waiting on a job condition and thus data behind the disk pointer
	may disappear. This happens when thread 1 runs
	virDomainDetachDeviceFlags and enters monitor to actually remove the
	disk. Then another thread starts running virDomainBlockStats, finds the
	disk in vm->def, and while it's waiting on the job condition (owned by
	the first thread), the first thread finishes the disk removal. When the
	second thread gets the job, the memory pointed to be the disk pointer is
	already gone.
	That said, every API that is going to begin a job should do that before
	fetching data from vm->def.

2014-01-07  Yudai Yamagish  <yummy@sfc.wide.ad.jp>

	Fix segmentation fault when accessing default qemu machine type
	This patch fixes a segmentation fault when creating new virtual machines using QEMU.
	The segmentation fault is caused by commit f41830680e40d3ec845cefd25419bd87414b9ccf
	and commit cbb6ec42e2447d7920b30d66923b2a2b2670133b.
	In virQEMUCapsProbeQMPMachineTypes, when copying machines to qemuCaps, "none" is skipped.
	Therefore, the value of i and "qemuCaps->nmachineTypes - 1" do not always match.
	However, defIdx value (used to call virQEMUCapsSetDefaultMachine) is set using the value in i
	when the array elements are in qemuCaps->nmachineTypes - 1.
	So, when libvirt tries to create virtual machines using the default machine type,
	qemuCaps->machineTypes[defIdx] is accessed and since the defIdx is NULL, it results in segmentation fault.

2014-01-07  Eric Blake  <eblake@redhat.com>

	maint: inline VIR_IS_CONNECT macro
	Cleanup after commit db3dd08 removed all clients outside of
	the .h file.
	* src/datatypes.h (VIR_IS_CONNECT): Delete, and inline into all
	callers, since no other file uses it any more.

	event: make deregister return value match docs
	Ever since their introduction (commit 1509b80 in v0.5.0 for
	virConnectDomainEventRegister, commit 4445723 in v0.8.0 for
	virConnectDomainEventDeregisterAny), the event deregistration
	functions have been documented as returning 0 on success;
	likewise for older registration (only the newer RegisterAny
	must return a non-zero callbackID).  And now that we are
	adding virConnectNetworkEventDeregisterAny for v1.2.1, it
	should have the same semantics.
	Fortunately, all of the stateful drivers have been obeying
	the docs and returning 0, thanks to the way the remote_driver
	tracks things (in fact, the RPC wire protocol is unable to
	send a return value for DomainEventRegisterAny, at least not
	without adding a new RPC number).  Well, except for vbox,
	which was always failing deregistration, due to failure to
	set the return value to anything besides its initial -1.
	But for local drivers, such as test:///default, we've been
	returning non-zero numbers; worse, the non-zero numbers have
	differed over time.  For example, in Fedora 12 (libvirt 0.8.2),
	calling Register twice would return 0 and 1 [the callbackID
	generated under the hood]; while in Fedora 20 (libvirt 1.1.3),
	it returns 1 and 2 [the number of callbacks registered for
	that event type].  Since we have changed the behavior over
	time, and since it differs by local vs. remote, we can safely
	argue that no one could have been reasonably relying on any
	particular behavior, so we might as well obey the docs, as well
	as prepare callers that might deal with older clients to not be
	surprised if the docs are not strictly followed.
	For consistency, this patch fixes the code for all drivers,
	even though it only makes an impact for vbox and for local
	drivers.  By fixing all drivers, future copy and paste from
	a remote driver to a local driver is less likely to
	reintroduce the bug.
	Finally, update the testsuite to gain some coverage of the
	issue for local drivers, including the first test of old-style
	domain event registration via function pointer instead of
	event id.
	* src/libvirt.c (virConnectDomainEventRegister)
	(virConnectDomainEventDeregister)
	(virConnectDomainEventDeregisterAny): Clarify docs.
	* src/libxl/libxl_driver.c (libxlConnectDomainEventRegister)
	(libxlConnectDomainEventDeregister)
	(libxlConnectDomainEventDeregisterAny): Match documentation.
	* src/lxc/lxc_driver.c (lxcConnectDomainEventRegister)
	(lxcConnectDomainEventDeregister)
	(lxcConnectDomainEventDeregisterAny): Likewise.
	* src/test/test_driver.c (testConnectDomainEventRegister)
	(testConnectDomainEventDeregister)
	(testConnectDomainEventDeregisterAny)
	(testConnectNetworkEventDeregisterAny): Likewise.
	* src/uml/uml_driver.c (umlConnectDomainEventRegister)
	(umlConnectDomainEventDeregister)
	(umlConnectDomainEventDeregisterAny): Likewise.
	* src/vbox/vbox_tmpl.c (vboxConnectDomainEventRegister)
	(vboxConnectDomainEventDeregister)
	(vboxConnectDomainEventDeregisterAny): Likewise.
	* src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister)
	(xenUnifiedConnectDomainEventDeregister)
	(xenUnifiedConnectDomainEventDeregisterAny): Likewise.
	* src/network/bridge_driver.c
	(networkConnectNetworkEventDeregisterAny): Likewise.
	* tests/objecteventtest.c (testDomainCreateXMLOld): New test.
	(mymain): Run it.
	(testDomainCreateXML): Check return values.

2014-01-07  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessStop: Don't overwrite any errors
	Currently, the qemuProcessStop tries to open the domain log file
	and saves the original error afterwards. Then all the cleanup is
	done after which the error is restored back. This has however one
	flaw: if opening of the log file fails an error is reported,
	which results in previous error being overwritten (the useful
	one, e.g. "PCI device XXXX:XXXX could not be found"). Hence, user
	sees something like:
	  error: failed to create logfile /var/log/libvirt/qemu/ovirt_usb.log: No such file or directory
	instead of:
	  error: internal error: Did not find USB device 8644:8003
	Reported-by: Zhou Yimin <zhouyimin@huawei.com>

2014-01-07  Eric Blake  <eblake@redhat.com>

	maint: fix comment typos in qemu numa code
	Introduced in commit 81fae6b9.
	* src/qemu/qemu_driver.c (qemuDomainSetNumaParamsLive): Fix typos.

2014-01-07  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	BSD: implement nodeGetMemoryStats
	Add a BSD implementation of nodeGetMemoryStats based
	on sysctl(3).

2014-01-07  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	Fix argument order of qemuMigrationPerformJob().
	@listenAddress and @cookiein arguments, should be exchanged,
	because the order of the caller and the callee does not match.
	This results in the listen address being ignored for peer-to-peer
	migration and the cookie being ignored for v2 migration.
	Introduced by c4ac7ef (v1.1.4-rc1~141).
	https://bugzilla.redhat.com/show_bug.cgi?id=1049338

2014-01-07  Peter Krempa  <pkrempa@redhat.com>

	maint: Fix messy include of libvirt_internal.h
	The libvirt_internal.h header was included by the internal.h header.
	This made it painful to add new stuff to the header file that would
	require some more specific types. Remove inclusion by internal.h and add
	it to appropriate places manually.

2014-01-07  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_CONN usage
	The datatype.c object checks could result in a message like:
	error: invalid connection pointer in no connection
	This consolidates all clients of this message to have uniform contents:
	error: invalid connection pointer in someFunc
	Note that virCheckConnectReturn raises an error immediately; in
	datatypes.c, where we don't need to raise the error (but instead
	just leave it in the thread-local setting), we use
	virCheckConnectGoto and the cleanup label instead.  Then, for
	consistency in that file, all subsequent error messages are
	touched to also use the cleanup error label.
	* src/datatypes.h (virCheckConnectReturn)
	(virCheckConnectGoto): New macros.
	* src/datatypes.c: Use new macro.
	* src/libvirt-qemu.c (virDomainQemuAttach): Likewise.
	(virLibConnError): Delete unused macro.
	* src/libvirt-lxc.c (virLibConnError): Likewise.
	* src/libvirt.c: Use new macro throughout.
	* docs/api_extension.html.in: Modernize documentation.

2014-01-07  Jim Fehlig  <jfehlig@suse.com>

	libxl: Fix initialization of nictype in libxl_device_nic
	As pointed out by the Xen folks [1], HVM nics should always be set
	to type LIBXL_NIC_TYPE_VIF_IOEMU unless the user explicity requests
	LIBXL_NIC_TYPE_VIF via model='netfront'.  The current logic in
	libxlMakeNic() only sets the nictype to LIBXL_NIC_TYPE_VIF_IOEMU if
	a model is specified that is not 'netfront', which breaks PXE booting
	configurations where no model is specified (i.e. use the hypervisor
	default).
	  Reported-by: Stefan Bader <stefan.bader@canonical.com>
	[1] https://www.redhat.com/archives/libvir-list/2013-December/msg01156.html

2014-01-07  Eric Blake  <eblake@redhat.com>

	Revert "lxcDomainShutdownFlags: Cleanup @flags usage"
	This reverts commit aa4619337ccc0b171a3a4d17540da89429243c36.
	This patch was accidentally pushed prematurely, and has incorrect
	logic for which shutdown methods to attempt.

	build: fix bootstrap with older autoconf
	Pavel Hrdina reported to me off-list that my gnulib update on
	Jan 1 broke the build on RHEL 6.4 (autoconf 2.63) and older:
	    executing aclocal -I glm4
	    glm4/gl-openssl.m4:11: error: m4_defn: undefined macro: _m4_divert_diversion
	    glm4/gl-openssl.m4:11: the top level
	    autom4te: /usr/bin/m4 failed with exit status: 1
	    aclocal: autom4te failed with exit status: 1
	It took me a while, but I fixed the regression in gnulib.
	* gnulib: Update to latest, for build fixes.

2014-01-07  Pranavkumar Sawargaonkar  <pranavkumar@linaro.org>

	AArch64: Porting of armv7l conditons to run qemu for aarch64.
	AArch64 qemu has similar behavior as armv7l, like use of mmio etc.
	This patch adds similar bypass checks what we have for armv7l to aarch64.
	E.g. we are enabling mmio transport for Nicdev.
	Making addDefaultUSB and addDefaultMemballoon to false etc.
	V3:
	- Adding missing domain rng schema for aarcg64 and test case in
	  testutilsqemu.c which was causing test suite failure
	  while running make check.
	V2:
	- Added testcase to qemuxml2argvtest as suggested
	  during review comments of V1.
	V1:
	- Initial patch.

2014-01-06  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_OPERATION_DENIED usage
	Some of our operation denied messages are outright stupid; for
	example, if virIdentitySetAttr fails:
	error: operation Identity attribute is already set forbidden for read only access
	This patch fixes things to a saner:
	error: operation forbidden: Identity attribute is already set
	It also consolidates the most common usage pattern for operation
	denied errors: read-only connections preventing a public API.  In
	this case, 'virsh -r -c test:///default destroy test' changes from:
	error: operation virDomainDestroy forbidden for read only access
	to:
	error: operation forbidden: read only access prevents virDomainDestroy
	Note that we were previously inconsistent on which APIs used
	VIR_FROM_DOM (such as virDomainDestroy) vs. VIR_FROM_NONE (such as
	virDomainPMSuspendForDuration).  After this patch, all uses
	consistently use VIR_FROM_NONE, on the grounds that it is unlikely
	that a caller learning that a call is denied can do anything in
	particular with extra knowledge which error domain the call belongs
	to (similar to what we did in commit baa7244).
	* src/util/virerror.c (virErrorMsg): Rework OPERATION_DENIED error
	message.
	* src/internal.h (virCheckReadOnlyGoto): New macro.
	* src/util/virerror.h (virReportRestrictedError): New macro.
	* src/libvirt-lxc.c: Use new macros.
	* src/libvirt-qemu.c: Likewise.
	* src/libvirt.c: Likewise.
	* src/locking/lock_daemon.c (virLockDaemonClientNew): Likewise.

2014-01-06  Peter Krempa  <pkrempa@redhat.com>

	qemu: range check numa memory placement mode
	https://bugzilla.redhat.com/show_bug.cgi?id=1047234
	Add a range check for supported numa memory placement modes provided by
	the user before setting them in the domain definition. Without the check
	the user is able to provide a (yet) unknown mode which is then stored in
	the domain definition. This potentially causes a NULL dereference when
	the defintion is formatted into the XML.
	To reproduce run:
	 virsh numatune DOMNAME --mode 6 --nodeset 0
	The XML will then contain:
	  <numatune>
	      <memory mode='(null)' nodeset='0'/>
	  </numatune>
	With this fix, the command fails:
	 error: Unable to change numa parameters
	 error: invalid argument: unsupported numa_mode: '6'

	qemu: Clean up qemuDomainSetNumaParameters
	Add whitespace to separate logical code blocks, reformat error messages
	and clean up code flow.
	This patch changes error handling in some cases where the the loop would
	be continued to jump to cleanup instead and error out rather than modify
	the domain any further.

	storage: Use VIR_DELETE_ELEMENT instead of open coding
	Replace the open coded array element deletion by our new helper.

2014-01-06  Eric Blake  <eblake@redhat.com>

	event: use newer array management macros
	We might as well take advantage of viralloc.h instead of open-coding
	array management ourselves.  While at it, I simplified several
	places that were doing repetitive pointer chasing to use an
	intermediate variable for legibility (some other places remain,
	but they will disapper in later refactoring patches).
	* src/conf/object_event_private.h (_virObjectEventCallbackList):
	Use size_t for count.
	* src/conf/object_event.c (_virObjectEventQueue): Likewise.
	(virObjectEventCallbackListRemoveID): Use VIR_DELETE_ELEMENT.
	(virObjectEventQueuePush, virObjectEventCallbackListAddID): Use
	VIR_APPEND_ELEMENT.
	(virObjectEventCallbackListEventID)
	(virObjectEventStateDispatchCallbacks): Simplify code.

	event: use bool in more places
	No need to use an int that only ever stores 0 and 1.
	* src/conf/object_event_private.h (_virObjectEventCallback):
	Change deleted to bool.
	* src/conf/object_event.c (virObjectEventDispatchMatchCallback):
	Switch return type to bool.
	(virObjectEventCallbackListMarkDeleteID): Update client.
	* src/conf/domain_event.c (virDomainEventCallbackListMarkDelete):
	Likewise.

2014-01-06  Ján Tomko  <jtomko@redhat.com>

	Fix explicit usage of default video PCI slots
	Do not leave the PCI address of the primary video card set
	to the legacy default (0000:00:02.0) if we're doing two-pass
	allocation.
	Since QEMU 1.6 (QEMU_CAPS_VIDEO_PRIMARY) we allow the primary
	video card to be on other slots than 0000:00:02.0 (as we use
	-device instead of -vga).
	However we fail to assign it an address if:
	* another device explicitly uses 0000:00:02.0 and
	* the primary video device has no address specified
	On the first pass, we have set the address to default, then checked
	if it's available, leaving it set even if it wasn't. This address
	got picked up by the second pass, resulting in a conflict:
	XML error: Attempted double use of PCI slot 0000:00:02.0
	(may need "multifunction='on'" for device on function 0)
	Also fix the test that was supposed to catch this.

2014-01-05  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_NO_SUPPORT usage
	We weren't very consistent in our use of VIR_ERR_NO_SUPPORT; many
	users just passed __FUNCTION__ on, while others passed "%s" to
	silence over-eager compilers that warn about __FUNCTION__ not
	containing any %.  It's nicer to route all these uses through
	a single macro, so that if we ever need to change the reporting,
	we can do it in one place.
	I verified that 'virsh -c test:///default qemu-monitor-command test foo'
	gives the same error message before and after this patch:
	error: this function is not supported by the connection driver: virDomainQemuMonitorCommand
	Note that in libvirt.c, we were inconsistent on whether virDomain*
	API used virLibConnError() (with VIR_FROM_NONE) or virLibDomainError()
	(with VIR_FROM_DOMAIN); this patch unifies these errors to all use
	VIR_FROM_NONE, on the grounds that it is unlikely that a caller
	learning that a call is unimplemented can do anything in particular
	with extra knowledge of which error domain it belongs to.
	One particular change to note is virDomainOpenGraphics which was
	trying to fail with VIR_ERR_NO_SUPPORT after a failed
	VIR_DRV_SUPPORTS_FEATURE check; all other places that fail a
	feature check report VIR_ERR_ARGUMENT_UNSUPPORTED.
	* src/util/virerror.h (virReportUnsupportedError): New macro.
	* src/libvirt-qemu.c: Use new macro.
	* src/libvirt-lxc.c: Likewise.
	* src/lxc/lxc_driver.c: Likewise.
	* src/security/security_manager.c: Likewise.
	* src/util/virinitctl.c: Likewise.
	* src/libvirt.c: Likewise.
	(virDomainOpenGraphics): Use correct error for unsupported feature.

2014-01-04  Eric Blake  <eblake@redhat.com>

	maint: avoid nested public calls
	Having one API call into another is generally not good; among
	other issues, it gives confusing logs, and is not quite as
	efficient.
	This fixes several instances, but not all: we still have instances
	in both libvirt.c and in backend hypervisors (lxc and qemu) calling
	the public virTypedParamsGetString and friends, which dispatch
	errors immediately.  I'm not sure if it is worth trying to clean
	that up in a separate patch (such a cleanup may be easiest by
	separating the public function into a wrapper around the internal,
	then tweaking internal.h so that internal users directly use the
	internal function).
	* src/libvirt.c (virDomainGetUUIDString, virNetworkGetUUIDString)
	(virStoragePoolGetUUIDString, virSecretGetUUIDString)
	(virNWFilterGetUUIDString): Avoid nested public API call.
	* src/util/virtypedparam.c (virTypedParamsReplaceString): Don't
	dispatch errors here.
	(virTypedParamsGet): No need to reset errors.
	(virTypedParamsGetBoolean): Use consistent ordering.

2014-01-04  Denis Kondratenko  <denis.kondratenko@gmail.com>

	vmware: os x support is broken
	https://bugzilla.redhat.com/show_bug.cgi?id=1036248
	Incorrect usage of virAsprintf.  vmware-vmx reports version
	information to stderr, at least for OS X 10.9.1.

2014-01-04  Eric Blake  <eblake@redhat.com>

	event: remove unneeded virObjectEventGetEventID
	Any file with access to object_event_private.h also has access to
	the internals of virObjectEvent, without needing an accessor
	function.  Not to mention the accessor function was doing type
	checks that would always succeed.
	* src/conf/object_event_private.h (virObjectEventGetEventID): Drop.
	* src/conf/object_event.c (virObjectEventGetEventID): Drop.
	(virObjectEventDispatchMatchCallback): Simplify caller.
	* src/conf/domain_event.c (virDomainEventDispatchDefaultFunc):
	Likewise.

	event: fix doc typos, and doc more public methods
	While working on events, I found a number of minor issues; I'm
	hoisting these to the front rather than doing it piecemeal in
	the patches where I first noticed bad or missing documentation.
	* src/conf/object_event.c: Fix grammar, document all parameters
	of public functions, wrap some long lines.
	* src/conf/object_event.h: Likewise.
	* src/conf/network_event.c: Likewise.
	* src/conf/domain_event.c: Likewise (except for the large number
	of event creation functions).
	* src/libvirt_private.cyms (conf/object_event.h): Split...
	(conf/network_event.h): ...to account for new file.

	maint: reset error on entrance to public API
	We document that calling any public API wipes out all prior
	libvirt errors in the same thread; but weren't obeying this
	style in a few functions.
	There are a couple of nested uses of virConnectRef (in lxc
	and qemu reboot paths), but they should not be affected by
	this change in semantics since there should not be any
	previous error getting nuked (a later patch will clean up
	the nested calls, along with abuse of virConnectClose on
	cleanup paths which DOES nuke errors).
	* src/libvirt.c (virGetVersion, virConnectRef, virDomainRef)
	(virDomainGetSecurityLabel, virDomainGetSecurityLabelList)
	(virDomainSetMetadata, virDomainGetMetadata)
	(virNodeGetSecurityModel, virNetworkRef, virInterfaceRef)
	(virStoragePoolRef, virStorageVolRef, virNodeDeviceGetName)
	(virNodeDeviceRef, virSecretRef, virStreamRef, virNWFilterRef)
	(virDomainSnapshotRef): Reset error on entrance.
	(do_open): Drop redundant error reset.
	* src/libvirt-qemu.c (virDomainQemuAgentCommand): Likewise.
	* src/libvirt-lxc.c (virDomainLxcEnterNamespace)
	(virDomainLxcEnterSecurityLabel): Likewise.

2014-01-03  Eric Blake  <eblake@redhat.com>

	maint: improve error condition style in public API
	While auditing error messages in libvirt.c, I found a couple
	instances that had not been converted to modern error styles,
	and a few places that failed to dispatch the error through
	the known-good connection.
	* src/libvirt.c (virDomainPinEmulator, virDomainGetDiskErrors)
	(virDomainSendKey, virDomainGetSecurityLabelList)
	(virDomainGetEmulatorPinInfo): Use typical error reporting.
	(virConnectGetCPUModelNames, virConnectRegisterCloseCallback)
	(virConnectUnregisterCloseCallback, virDomainGetUUID): Report
	error through connection.

	maint: split long lines in invalidArg errors
	Style only.  In particular, the message on "flags 'affect live'
	and 'affect config'" being mutually exclusive was already split
	in some instances.
	* src/libvirt.c: Wrap some long error messages to fit in 80 columns.

	maint: move debug statements first in public API
	Most of our public APIs emit a debug log on entry, prior to anything
	else.  There were a few exceptions where obvious failures were not
	logged, so fix those.  When moving a debug earlier, this patch also
	makes sure to avoid any NULL dereference during the log (the APIs
	are supposed to gracefully fail if the user passes NULL for the object).
	However, do NOT use VIR_DEBUG prior to virInitialize, since setting
	up the error reporting can change where VIR_DEBUG output would be
	routed.  Instead add documentation to virGlobalInit, virInitialize,
	and virGetVersion that better explains initialization.
	* src/libvirt.c (virGetVersion, virConnectRef, virDomainRef)
	(virNetworkRef, virInterfaceRef, virStoragePoolRef)
	(virStorageVolRef, virNodeDeviceRef, virSecretRef, virStreamRef)
	(virNWFilterRef, virDomainSnapshotRef): Debug on function entry.
	* src/libvirt-lxc.c (virDomainLxcEnterNamespace)
	(virDomainLxcEnterSecurityLabel): Likewise.

	maint: improve debug of libvirt-{qemu,lxc} apis
	I noticed that the virDomainQemuMonitorCommand debug output wasn't
	telling me the name of the domain it was working on.  While it was
	easy enough to determine which pointer matches the domain based on
	other log messages, it is nicer to be consistent.
	* src/util/viruuid.h (VIR_UUID_DEBUG): Moved here from...
	* src/libvirt.c (VIR_UUID_DEBUG): ...here.
	(VIR_ARG15, VIR_HAS_COMMA, VIR_DOMAIN_DEBUG_EXPAND)
	(VIR_DOMAIN_DEBUG_PASTE, VIR_DOMAIN_DEBUG_0, VIR_DOMAIN_DEBUG_1)
	(VIR_DOMAIN_DEBUG_2, VIR_DOMAIN_DEBUG): Move...
	* src/datatypes.h: ...here.
	* src/libvirt-qemu.c (virDomainQemuMonitorCommand)
	(virDomainQemuAgentCommand): Better debug messages.
	* src/libvirt-lxc.c (virDomainLxcOpenNamespace): Likewise.

	maint: consistent formatting in libvirt.c
	Preliminary cleanups to make search-and-replace easier in later
	patches.  Many of these were done by grepping for (multiline)
	pattern violations, then bundled all into one patch.
	* src/libvirt.c: Uniform two spaces between functions, return
	type and open brace on separate line, avoid blank lines around
	open brace, label in column 1, drop redundant (), consistent
	indentation for function headers split across lines.

2014-01-02  Eric Blake  <eblake@redhat.com>

	event: improve public API docs
	Since libvirt 0.9.3, the entire virevent.c file has been a public
	API, so improve the documentation in this file.  Also, fix a
	potential core dump - it could only be triggered by bogus use of
	the API and would only affect the caller (not libvirtd), but we
	might as well be nice.
	* src/libvirt.c (virConnectSetKeepAlive)
	(virConnectDomainEventRegister, virConnectDomainEventRegisterAny)
	(virConnectNetworkEventRegisterAny): Document event loop requirement.
	* src/util/virevent.c (virEventAddHandle, virEventRemoveHandle)
	(virEventAddTimeout, virEventRemoveTimeout): Likewise.
	(virEventUpdateHandle, virEventUpdateTimeout): Likewise, and avoid
	core dump if caller didn't register handler.
	(virEventRunDefaultImpl): Expand example, and set up code block in
	html docs.
	(virEventRegisterImpl, virEventRegisterDefaultImpl): Document more
	on the use of the event loop.

	event: don't overwrite registration error message
	Prior to this patch, an attempt to register an event without an
	event loop started results in the vague:
	libvirt: Remote Driver error : adding cb to list
	Now it gives the much nicer:
	libvirt:  error : internal error: could not initialize domain event timer
	This also avoids hiding other reasonable error messages, such as
	attempts to register a duplicate callback or OOM errors.
	* src/remote/remote_driver.c (remoteConnectNetworkEventRegisterAny)
	(remoteConnectDomainEventRegister)
	(remoteConnectDomainEventRegisterAny): Preserve more detailed error.

	tests: fix syntax in previous patch
	'make syntax-check' wasn't happy with commit fb00420.
	* tests/virnetsockettest.c (checkProtocols): Typo fix.

2014-01-02  Richard W.M. Jones  <rjones@redhat.com>

	aarch64: Fix sysinfo test.
	On AArch64 the kernel prints one "processor" (lower case 'p') line per
	core.  As this was missing from the test data, virSysinfo was not
	parsing any processors at all.
	Fix the test data so the test now passes.

	tests: sysinfotest: Actual/expected were swapped in error message.

	tests: virnetsockettest: Print the error if getifaddrs fails.

2014-01-01  Richard W.M. Jones  <rjones@redhat.com>

	aarch64: Disable -fstack-protector.
	I'm using gcc-4.8.2-7.fc21.aarch64 which does not appear to support
	this option.

2014-01-01  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	'make syntax-check' wants a newer gnulib for 2014 copyright.
	Also, a couple of fixes for bootstrap issues reported on IRC:
	- on some older glibc systems, ./configure could deadlock due to
	a glibc malloc bug
	- on FreeBSD systems, a broken autom4te coupled with gettext
	0.18.3 prevents bootstrap; we can't work around it, but can at
	least inform the user why they have a problem
	And as always, portability fixes in other modules, some of which
	are used by libvirt.
	* .gnulib: Update to latest, in part for bootstrap improvements,
	and for the new year.
	* bootstrap: Resync to gnulib.
	* gnulib/local/m4/ssize_t.m4.diff: Regenerate.

	docs: return paragraph must be last
	Commit eb70ceb tried to create a code block for
	libvirt-libvirt.html#virConnectGetType, but failed to note
	that our doc generator treats everything after "Returns" as
	part of the return description rather than looking for
	paragraph and code layout.  Fix some other API that also had
	generic details crammed into the return type paragraph.
	* src/libvirt.c (virConnectOpen, virConnectOpenReadOnly)
	(virConnectOpenAuth, virConnectListAllDomains): Fit doc pattern.

2013-12-31  Laine Stump  <laine@laine.org>

	domain: don't try to interpret <driver> as virtio config for hostdev interfaces
	This resolves:
	  https://bugzilla.redhat.com/show_bug.cgi?id=1046337
	The <driver> name attribute of an interface is interpreted in two
	different ways depending on the <interface> type - if the interface is
	type='hostdev', then the driver name describes which backend to use
	for the hostdev device assignment (vfio or kvm), but if the interface
	is any emulated type *and* the model type is "virtio", then the driver
	name can be "vhost" or "qemu", telling which backend qemu should use
	to communicate with the emulated device.
	The problem comes when someone has defined a an interface like this
	(which is accepted by the parser as long as no <driver name='xxx'/> is
	specified):
	    <interface type='hostdev'>
	       ...
	       <model type='virtio'/>
	       ...
	    </interface>
	As libvirt storing this definition in the domain's status, the driver
	name is automatically filled in with the backend that was
	automatically decided by libvirt, so it stores this in the status:
	    <interface type='hostdev'>
	       ...
	       <driver name='vfio'/>
	       ...
	       <model type='virtio'/>
	       ...
	    </interface>
	This isn't noticed until the next time libvirtd is restarted - as it
	is reading the status of all domains, it encounters the above
	interface definition, logs an error:
	  internal error: Unknown interface <driver name='vfio'> has been specified
	and fails to reload the domain status, so the domain is marked as
	inactive.
	The solution is to stop the parser from interpreting <driver>
	attributes as if the device was an emulated virtio device, when it is
	actually a hostdev.
	(Although the bug has existed since vfio support was added, it has
	just recently become more apparent because libvirt previously didn't
	automatically set the driver name for hostdev interfaces in the domain
	status to vfio/kvm as it does since commit f094aa, first appearing in
	v1.1.4.)

2013-12-29  Eric Blake  <eblake@redhat.com>

	docs: fix layout of code snippets
	Similar to commit 52dbeac, we should indent code snippets in
	other places to ensure they appear correctly in html.  See
	http://libvirt.org/html/libvirt-libvirt.html#virNodeGetCPUStats
	for an example improved by this patch.  Also fix some missing
	semicolons in the examples.
	* src/libvirt.c: Indent code samples in comments.

2013-12-28  Eric Blake  <eblake@redhat.com>

	maint: fix typo in error message
	* src/util/virerror.h (virReportInvalidZeroArg): Fix double space.

2013-12-25  Michal Privoznik  <mprivozn@redhat.com>

	virkeycode: Allow ANSI_A
	https://bugzilla.redhat.com/show_bug.cgi?id=1044806
	Currently, sending the ANSI_A keycode from os_x codepage doesn't work as
	it has a special value of 0x0. Our internal code handles that no
	different to other not defined keycodes. Hence, in order to allow it we
	must change all the undefined keycodes from 0 to -1 and adapt some code
	too.
	  # virsh send-key guestname --codeset os_x ANSI_A
	  error: invalid keycode: 'ANSI_A'
	  # virsh send-key guestname --codeset os_x ANSI_B
	  # virsh send-key guestname --codeset os_x ANSI_C

	lxcDomainShutdownFlags: Cleanup @flags usage
	Currently, the @flags usage is a bit unclear at first sight to say the
	least. There's no need for such unclear code especially when we can
	borrow the working code from qemuDomainShutdownFlags().
	In addition, this fixes one bug too. If user requested both
	VIR_DOMAIN_SHUTDOWN_INITCTL and VIR_DOMAIN_SHUTDOWN_SIGNAL at the same
	time, he is basically saying: 'Use the force Luke! If initctl fails try
	sending a signal.' But with the current code we don't do that. If
	initctl fails for some reason (e.g. inability to write to /dev/initctl)
	we don't try sending any signal but fail immediately. To make things
	worse, making a domain shutdown with bare _SIGNAL was working by blind
	chance of a @rc variable being placed at correct place on the stack so
	its initial value was zero.

	interface: Take interface status into account when starting and destroying
	https://bugzilla.redhat.com/show_bug.cgi?id=956994
	Currently, it is possible to start an interface that is already running:
	 # virsh iface-start eth2
	 Interface eth2 started
	 # echo $?
	 0
	 # virsh iface-start eth2
	 Interface eth2 started
	 # echo $?
	 0
	 # virsh iface-start eth2
	 Interface eth2 started
	 # echo $?
	 0
	Same applies for destroying a dead interface. We should not allow such
	state transitions.

	interface: Introduce netcfInterfaceObjIsActive
	This function barely wraps ncf_if_status() and error handling code.

	event-test: Unregister close callback
	When registering a close callback, the connection refcount is increased
	as the connection object is passed to the callback and hence we must
	prevent deleting it too soon. However, when closing the connection, the
	connection object is just unrefed. So whenever a connection with a close
	callback is closed, we end up with the connection object which has
	exactly one reference. Leaving the code as-is doesn't mean the end of
	the world as we know it, but why give a bad example?
	==14531== 288 bytes in 1 blocks are still reachable in loss record 695 of 762
	==14531==    at 0x4C2BDE4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==14531==    by 0x4E9FE09: virAllocVar (viralloc.c:558)
	==14531==    by 0x4EDBE45: virObjectNew (virobject.c:190)
	==14531==    by 0x4F71AAC: virGetConnect (datatypes.c:116)
	==14531==    by 0x4F78511: do_open (libvirt.c:1136)
	==14531==    by 0x4F7B3AC: virConnectOpenAuth (libvirt.c:1481)
	==14531==    by 0x4011D2: main (event-test.c:499)
	(and other leaks tied to virGetConnect())

	examples: Resurrect domsuspend example
	This partially reverts 5eb4b04211 and 62774afb6ba8.
	Rewrite the domsuspend example from scratch. This time do it right.

2013-12-24  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: correctly handle affinity reset in virDomainPinVcpu[Flags]
	By actually removing the <vcpupin> element (from within the
	<cputune> section) from the XML, rather than jus update it with
	a fully set vcpu affinity mask.
	Cc: Jim Fehlig <jfehlig@suse.com>
	Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>

	libxl: implement virDomainPinVcpuFlags
	And use it to implement libxlDomainPinVcpu(), similarly to what
	happens in the QEMU driver. This way, it is possible to both
	query and change the vcpu affinity of a persistent but not
	running domain.
	In face, before this patch, we have:
	 # virsh list --all
	  Id    Name                           State
	 ----------------------------------------------------
	  5     debian_32                      running
	  -     fedora20_64                    shut off
	 # virsh vcpupin fedora20_64 0 2-4 --current
	 error: this function is not supported by the connection driver: virDomainPinVcpuFlags
	After (same situation as above):
	 # virsh vcpupin  fedora20_64 0 2-4 --current
	 # virsh vcpupin  fedora20_64 0
	 VCPU: CPU Affinity
	 ----------------------------------
	    0: 2-4
	Cc: Jim Fehlig <jfehlig@suse.com>
	Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>

	libxl: implement virDomainGetVcpuPinInfo
	So that it is possible to query vcpu related information of
	a persistent but not running domain, like it is for the QEMU
	driver.
	In fact, before this patch, we have:
	 # virsh list --all
	  Id    Name                           State
	 ----------------------------------------------------
	  5     debian_32                      running
	  -     fedora20_64                    shut off
	 # virsh vcpuinfo fedora20_64
	 error: this function is not supported by the connection driver: virDomainGetVcpuPinInfo
	After (same situation as above, i.e., fedora20_64 not running):
	 # virsh vcpuinfo fedora20_64
	 VCPU:           0
	 CPU:            N/A
	 State:          N/A
	 CPU time        N/A
	 CPU Affinity:   yyyyyyyy
	 VCPU:           1
	 CPU:            N/A
	 State:          N/A
	 CPU time        N/A
	 CPU Affinity:   yyyyyyyy
	Cc: Jim Fehlig <jfehlig@suse.com>
	Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>

2013-12-24  Eric Blake  <eblake@redhat.com>

	virt-login-shell: clean up usage
	I noticed a few odd things in 'virt-login-shell --help' output.
	* tools/virt-login-shell.c (usage): At most one option accepted,
	drop trailing colon.

2013-12-24  Cédric Bosdonnat  <cbosdonnat@suse.com>

	virnettlscontexttest fails with GNUTLS 3.0.28
	On openSUSE 12.x with GNUTLS 3.0.28, virnettlscontexttest fails. It has
	been reported to work from GNUTLS 3.1.11 on Fedora 19. Changed the
	constraints on gnutls to 3.1+ for unit test cacert4req.

2013-12-23  Laine Stump  <laine@laine.org>

	qemu: re-add hostdev interfaces to hostdev array on libvirtd restart
	This resolves:
	   https://bugzilla.redhat.com/show_bug.cgi?id=1045002
	If a domain has an <interface type='hostdev'> or an <interface
	type='network'> where the network itself is a pool of hostdev devices,
	then libvirt will internally keep that device on both the interface
	list *and* the hostdev list for the domain. One of the places this
	comes in handy is when a new device is being added and libvirt wants
	to find a unique "alias" name for it - it just scans through the
	hostdev array and makes sure it picks a name that doesn't match the
	alias of any device in that array.
	However, when libvirtd was restarted, if there was an <interface
	type='network'> with the network being a hostdev pool, the device
	would not be added to the reconstructed internal hostdev array, so its
	alias would not be found during a scan of the hostdev array, thus
	attempts to add a new hostdev (or <interface type='hostdev'> or
	<interface type='network'>) would result in a message like this:
	internal error: unable to execute QEMU command 'device_add':
	                Duplicate ID 'hostdev0' for device
	This patch simply fixes the existing code in the domain XML parser
	that fixes up the hostdev array in the case of <interface
	type='hostdev'> to do the same thing in the case of <interface
	type='network'> with a hostdev network.
	This bug has existed since the very first addition of hostdev networks
	to libvirt (0.10.0).

	qemu: avoid duplicate security label restore on hostdev attach failure
	This eliminates the misleading error message that was being logged
	when a vfio hostdev hotplug failed:
	  error: unable to set user and group to '107:107' on '/dev/vfio/22':
	         No such file or directory
	as documented in:
	  https://bugzilla.redhat.com/show_bug.cgi?id=1035490
	Commit ee414b5d (pushed as a fix for Bug 1016511 and part of Bug
	1025108) replaced the single call to
	virSecurityManagerSetHostdevLabel() in qemuDomainAttachHostDevice()
	with individual calls to that same function in each
	device-type-specific attach function (for PCI, USB, and SCSI). It also
	added a corresponding call to virSecurityManagerRestoreHostdevLabel()
	in the error handling of the device-type-specific functions, but
	forgot to remove the common call to that from
	qemuDomainAttachHostDevice() - this resulted in a duplicate call to
	virSecurityManagerRestoreHostdevLabel(), with the second occurrence
	being after (e.g.) a PCI device has already been re-attached to the
	host driver, thus destroying some of the device nodes / links that we
	then attempted to re-label (e.f. /dev/vfio/22) and generating an error
	log that obscured the original error.

	qemu: properly set MaxMemLock when hotplugging with VFIO
	This resolves:
	  https://bugzilla.redhat.com/show_bug.cgi?id=1035490
	virProcessSetMaxMemLock() (which is a wrapper over prlimit(3)) expects
	the memory size in bytes, but libvirt's domain definition (which was
	being used by qemuDomainAttachHostPciDevice()) stores all memory
	tuning parameters in KiB. This was being accounted for when setting
	MaxMemLock at domain startup time (so cold-plugged devices would
	work), but not for hotplug.
	This patch simplifies the few lines that call
	virProcessSetMemMaxLock(), and multiply the amount * 1024 so that
	we're locking the correct amount of memory.
	What remains a mystery to me is why hot-plug of a managed='no' device
	would succeed (at least on my system) while managed='yes' would
	fail. I guess in one case the memory was coincidentally already
	resident and in the other it wasn't.

2013-12-21  John Ferlan  <jferlan@redhat.com>

	PanicCheckABIStability: Need to check for existence
	Commit id '4313fead' added a call to virDomainPanicCheckABIStability()
	which did not check whether the panic device existed before making a call
	to virDomainDeviceInfoCheckABIStability() which ended up segfaulting:
	Thread 1 (Thread 0x7f5332837700 (LWP 10964)):
	    (src=<optimized out>, dst=<optimized out>)
	    at conf/domain_conf.c:13007
	    (dst=<optimized out>, src=<optimized out>)
	    at conf/domain_conf.c:13712
	    (src=<optimized out>, dst=<optimized out>)
	    at conf/domain_conf.c:14056
	    (domain=domain@entry=0x7f53000057c0, vm=vm@entry=0x7f53000036d0,
	     defptr=defptr@entry=0x7f5332836978, snap=snap@entry=0x7f5332836970,
	     update_current=update_current@entry=0x7f5332836962, flags=flags@entry=1)
	    at conf/snapshot_conf.c:1230
	    (domain=0x7f53000057c0, xmlDesc=<optimized out>, flags=1)
	    at qemu/qemu_driver.c:12719
	    (domain=domain@entry=0x7f53000057c0, xmlDesc=0x7f53000081d0
	     "<domainsnapshot>\n  <name>snap2</name>\n
	     <description>new-desc</description>\n  <state>running</state>\n
	     <parent>\n    <name>snap1</name>\n  </parent>\n
	     <creationTime>1387487268</creationTime>\n  <memory s"..., flags=1)
	    at libvirt.c:19695
	...
	(gdb) up 3
	(gdb) print *other->def->dom
	$2 = {virtType = 2, id = -1, ..
	...
	  rng = 0x0, panic = 0x0, namespaceData = 0x0,...
	...
	(gdb) print *def->dom
	$3 = {virtType = 2, id = -1, ...
	...
	  rng = 0x0, panic = 0x0, namespaceData = 0x0,...
	...
	(gdb)
	Also seen using following sequence:
	virsh save $dom $file
	virsh save-image-edit $file
	  add (or remove) a <panic/> line
	  <devices>
	  ...
	    <panic>
	      <address type='isa' iobase='0x505'/>
	    </panic>
	  ...
	  </devices>

2013-12-21  Bamvor Jian Zhang  <bjzhang@suse.com>

	libxl: fix segfault when domain create fail
	there is a segfault in libxl logging in libxl_ctx_free when domain
	create fail. because the log output handler vmessage is freed by
	xtl_logger_destroy before libxl_ctx_free in virDomainObjListRemove.
	move xtl_logger_destroy after libxl_ctx_free could fix this bug.

2013-12-21  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: avoid crashing if calling `virsh numatune' on inactive domain
	by, in libxlDomainGetNumaParameters(), calling libxl_bitmap_init() as soon as
	possible, which avoids getting to 'cleanup:', where libxl_bitmap_dispose()
	happens, without having initialized the nodemap, and hence crashing after some
	invalid free()-s:
	 # ./daemon/libvirtd -v
	 *** Error in `/home/xen/libvirt.git/daemon/.libs/lt-libvirtd': munmap_chunk(): invalid pointer: 0x00007fdd42592666 ***
	 ======= Backtrace: =========
	 /lib64/libc.so.6(+0x7bbe7)[0x7fdd3f767be7]
	 /lib64/libxenlight.so.4.3(libxl_bitmap_dispose+0xd)[0x7fdd2c88c045]
	 /home/xen/libvirt.git/daemon/.libs/../../src/.libs/libvirt_driver_libxl.so(+0x12d26)[0x7fdd2caccd26]
	 /home/xen/libvirt.git/src/.libs/libvirt.so.0(virDomainGetNumaParameters+0x15c)[0x7fdd4247898c]
	 /home/xen/libvirt.git/daemon/.libs/lt-libvirtd(+0x1d9a2)[0x7fdd42ecc9a2]
	 /home/xen/libvirt.git/src/.libs/libvirt.so.0(virNetServerProgramDispatch+0x3da)[0x7fdd424e9eaa]
	 /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0x1a6f38)[0x7fdd424e3f38]
	 /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa81e5)[0x7fdd423e51e5]
	 /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa783e)[0x7fdd423e483e]
	 /lib64/libpthread.so.0(+0x7c53)[0x7fdd3febbc53]
	 /lib64/libc.so.6(clone+0x6d)[0x7fdd3f7e1dbd]
	Cc: Jim Fehlig <jfehlig@suse.com>
	Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>

2013-12-20  Martin Kletzander  <mkletzan@redhat.com>

	Fix crash in lxcDomainSetMemoryParameters
	The function doesn't check whether the request is made for active or
	inactive domain.  Thus when the domain is not running it still tries
	accessing non-existing cgroups (priv->cgroup, which is NULL).
	I re-made the function in order for it to work the same way it's qemu
	counterpart does.
	Reproducer:
	 1) Define an LXC domain
	 2) Do 'virsh memtune <domain> --hard-limit 133T'
	Backtrace:
	 Thread 6 (Thread 0x7fffec8c0700 (LWP 26826)):
	 #0  0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3,
	     key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf718) at util/vircgroup.c:1764
	 #1  0x00007ffff70e9206 in virCgroupSetValueStr (group=0x0, controller=3,
	     key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffe409f360 "1073741824")
	     at util/vircgroup.c:669
	 #2  0x00007ffff70e98b4 in virCgroupSetValueU64 (group=0x0, controller=3,
	     key=0x7ffff75734bd "memory.limit_in_bytes", value=1073741824) at util/vircgroup.c:740
	 #3  0x00007ffff70ee518 in virCgroupSetMemory (group=0x0, kb=1048576) at util/vircgroup.c:1904
	 #4  0x00007ffff70ee675 in virCgroupSetMemoryHardLimit (group=0x0, kb=1048576)
	     at util/vircgroup.c:1944
	 #5  0x00005555557d54c8 in lxcDomainSetMemoryParameters (dom=0x7fffe40cc420,
	     params=0x7fffe409f100, nparams=1, flags=0) at lxc/lxc_driver.c:774
	 #6  0x00007ffff72c20f9 in virDomainSetMemoryParameters (domain=0x7fffe40cc420,
	     params=0x7fffe409f100, nparams=1, flags=0) at libvirt.c:4051
	 #7  0x000055555561365f in remoteDispatchDomainSetMemoryParameters (server=0x555555eb7e00,
	     client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510)
	     at remote_dispatch.h:7621
	 #8  0x00005555556133fd in remoteDispatchDomainSetMemoryParametersHelper (server=0x555555eb7e00,
	     client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510,
	     ret=0x7fffe40b84f0) at remote_dispatch.h:7591
	 #9  0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0,
	     server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0)
	     at rpc/virnetserverprogram.c:435
	 #10 0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0,
	     server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0)
	     at rpc/virnetserverprogram.c:305
	 #11 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ec4b10,
	     prog=0x555555ec3ae0, msg=0x555555eb94e0) at rpc/virnetserver.c:165
	 #12 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ec3e30, opaque=0x555555eb7e00)
	     at rpc/virnetserver.c:186
	 #13 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144
	 #14 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161
	 #15 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308
	 #16 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

	CVE-2013-6436: fix crash in lxcDomainGetMemoryParameters
	The function doesn't check whether the request is made for active or
	inactive domain.  Thus when the domain is not running it still tries
	accessing non-existing cgroups (priv->cgroup, which is NULL).
	I re-made the function in order for it to work the same way it's qemu
	counterpart does.
	Reproducer:
	 1) Define an LXC domain
	 2) Do 'virsh memtune <domain>'
	Backtrace:
	 Thread 6 (Thread 0x7fffec8c0700 (LWP 13387)):
	 #0  0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3,
	     key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf750) at util/vircgroup.c:1764
	 #1  0x00007ffff70e958c in virCgroupGetValueStr (group=0x0, controller=3,
	     key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf7c0) at util/vircgroup.c:705
	 #2  0x00007ffff70e9d29 in virCgroupGetValueU64 (group=0x0, controller=3,
	     key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf810) at util/vircgroup.c:804
	 #3  0x00007ffff70ee706 in virCgroupGetMemoryHardLimit (group=0x0, kb=0x7fffec8bf8a8)
	     at util/vircgroup.c:1962
	 #4  0x00005555557d590f in lxcDomainGetMemoryParameters (dom=0x7fffd40024a0,
	     params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at lxc/lxc_driver.c:826
	 #5  0x00007ffff72c28d3 in virDomainGetMemoryParameters (domain=0x7fffd40024a0,
	     params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at libvirt.c:4137
	 #6  0x000055555563714d in remoteDispatchDomainGetMemoryParameters (server=0x555555eb7e00,
	     client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0,
	     ret=0x7fffd4002420) at remote.c:1895
	 #7  0x00005555556052c4 in remoteDispatchDomainGetMemoryParametersHelper (server=0x555555eb7e00,
	     client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0,
	     ret=0x7fffd4002420) at remote_dispatch.h:4050
	 #8  0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0,
	     server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0)
	     at rpc/virnetserverprogram.c:435
	 #9  0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0,
	     server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0)
	     at rpc/virnetserverprogram.c:305
	 #10 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ebaef0,
	     prog=0x555555ec3ae0, msg=0x555555ebb3e0) at rpc/virnetserver.c:165
	 #11 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ebc7e0, opaque=0x555555eb7e00)
	     at rpc/virnetserver.c:186
	 #12 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144
	 #13 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161
	 #14 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308
	 #15 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

2013-12-20  Eric Blake  <eblake@redhat.com>

	docs: improve event-related documentation
	While looking at event code, I noticed that the documentation was
	trying to refer me to functions that don't exist.  Also fix some
	typos and poor formatting.
	* src/libvirt.c (virConnectDomainEventDeregister)
	(virConnectDomainEventRegisterAny)
	(virConnectDomainEventDeregisterAny)
	(virConnectNetworkEventRegisterAny)
	(virConnectNetworkEventDeregisterAny): Link to correct function.
	* include/libvirt.h.in (VIR_DOMAIN_EVENT_CALLBACK)
	(VIR_NETWORK_EVENT_CALLBACK): Likewise.
	(virDomainEventID, virConnectDomainEventGenericCallback)
	(virNetworkEventID, virConnectNetworkEventGenericCallback):
	Improve docs.

	storage: fix bogus target in gluster volume xml
	Commit 6cd60b6 was flat out broken - it tried to print into the
	wrong variable.  My testing was obviously too cursory (did the
	name get a slash added?); valgrind would have caught the error.
	Thankfully it didn't hit any release.
	Reported by Peter Krempa.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Fix bogus code.

2013-12-20  Daniel P. Berrange  <berrange@redhat.com>

	Remove stray semicolon after pragma macros
	The VIR_WARNINGS_NO_CAST_ALIGN / VIR_WARNINGS_RESET should
	not have any trailing ';' since they are pragmas. The use
	of a ';' results in an empty statement which confuses CIL.

2013-12-19  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Fix crash in virsystemdtest with dbus 1.7.6
	D-bus introduced some changes in its locking code. Overriding the init
	function skips the new locking init and thus crashes later in libvirt
	test. Removing the function makes the test pass again.

2013-12-19  Peter Krempa  <pkrempa@redhat.com>

	storage: Avoid forward declaration of virStorageVolDelete
	Move the code around so that the forward declaration isn't needed. Also
	fix code style of the opening brace of the function by moving it to a
	separate line.

	storage: Add gluster pool filter and fix virsh pool listing
	Recent addition of the gluster pool type omitted fixing the virsh and
	virConnectListAllStoragePool filters. A typecast of the converting
	function in virsh showed that also the sheepdog pool was omitted in the
	command parser.
	This patch adds gluster pool filtering support and fixes virsh to
	properly convert all supported storage pool types. The added typecast
	should avoid doing such mistakes in the future.

	snapshot: schema: Split out snapshot disk driver definition
	Extract the definition to a new type to allow avoiding of duplication.

2013-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Remove redefinition of bool type when --enable-test-locking
	Old versions of CIL did not understand the 'bool' data type,
	but at least 1.7.3 does now cope. We can remove the old hack
	which redefined bool and no longer compiles successfully.

	Fix race leading to crash when setting up dbus watches
	Currently the virDBusAddWatch does
	  virEventAddHandle(fd, flags,
	                    virDBusWatchCallback,
	                    watch, NULL);
	  dbus_watch_set_data(watch, info, virDBusWatchFree);
	Unfortunately this is racy - since the event loop is in a
	different thread, the virDBusWatchCallback method may be
	run before we get to calling dbus_watch_set_data. We must
	reverse the order of these calls
	See https://bugzilla.redhat.com/show_bug.cgi?id=885445

2013-12-19  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: libxl_get_max_cpus returning a libxl error from 4.4 onward
	Starting from commit 2e82c18c in Xen (will be included in Xen 4.4)
	both libxl_get_max_cpus() and libxl_get_max_nodes() start returning
	a proper libxl error code, in case of failure. This patch fixes
	this in the libxl driver.
	Note that, although it is now basically impossible for them to return
	0, that would, theoretically, still be wrong. Also, checking that the
	returned value is '<= 0' makes the code correct for both Xen 4.4 and
	Xen 4.3 (and 4.2), and that is why we go for it (rather than
	just '< 0').
	Cc: Jim Fehlig <jfehlig@suse.com>
	Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
	Cc: Martin Kletzander <mkletzan@redhat.com>

2013-12-18  Peter Krempa  <pkrempa@redhat.com>

	virsh: domain: Fix undefine with storage of 'volume' disks
	The undefine code that removes the storage along with the VM didn't take
	into account the existence of 'volume' type disks. Add the functionality.

	virsh: man: Mention that volumes need to be in storage pool for undefine
	https://bugzilla.redhat.com/show_bug.cgi?id=1044445
	When undefining a VM with storage the man page doesn't explicitly
	mention that the volumes need to be a part of the storage pool otherwise
	it won't work.

2013-12-18  Eric Blake  <eblake@redhat.com>

	qemu: ask for -enable-fips when FIPS is required
	On a system that is enforcing FIPS, most libraries honor the
	current mode by default.  Qemu, on the other hand, refused to
	honor FIPS mode unless you add the '-enable-fips' command
	line option; worse, this option is not discoverable via QMP,
	and is only present on binaries built for Linux.  So, if we
	detect FIPS mode, then we unconditionally ask for FIPS; either
	qemu is new enough to have the option and then correctly
	cripple insecure VNC passwords, or it is so old that we are
	correctly avoiding a FIPS violation by preventing qemu from
	starting.  Meanwhile, if we don't detect FIPS mode, then
	omitting the argument is safe whether the qemu has the option
	(but it would do nothing because FIPS is disabled) or whether
	qemu lacks the option (including in the case where we are not
	running on Linux).
	The testsuite was a bit interesting: we don't want our test
	to depend on whether it is being run in FIPS mode, so I had
	to tweak things to set the capability bit outside of our
	normal interaction with capability parsing.
	This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1035474
	* src/qemu/qemu_capabilities.h (QEMU_CAPS_ENABLE_FIPS): New bit.
	* src/qemu/qemu_capabilities.c (virQEMUCapsInitQMP): Conditionally
	set capability according to detection of FIPS mode.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Use it.
	* tests/qemucapabilitiestest.c (testQemuCaps): Conditionally set
	capability to test expected output.
	* tests/qemucapabilitiesdata/caps_1.2.2-1.caps: Update list.
	* tests/qemucapabilitiesdata/caps_1.6.0-1.caps: Likewise.

2013-12-18  Martin Kletzander  <mkletzan@redhat.com>

	configure: make --with-test-suite work
	Our option '--with-test-suite' could have never worked since it was
	defined as AC_ARG_ENABLE([with-test-suite], ...), thus working only as
	'--enable-with-test-suite', but documented in configure.ac as
	AC_HELP_STRING([--with-test-suite], ...).
	In my opinion, the help string is as it should be, but the option is
	wrong.
	The option has been broken since the introduction in commit 3a2fc27.

2013-12-18  Daniel P. Berrange  <berrange@redhat.com>

	Set the 'container_ttys' env variable for LXC consoles
	Systemd specified that any /dev/pts/NNN device on which it
	is expected to spawn a agetty login, should be listed in
	the 'container_ttys' env variable. It should just contain
	the relative paths, eg 'pts/0' not '/dev/pts/0' and should
	be space separated.
	http://cgit.freedesktop.org/systemd/systemd/commit/?id=1d97ff7dd71902a5604c2fed8964925d54e09de9

2013-12-18  Michal Privoznik  <mprivozn@redhat.com>

	storage: resize vol against real allocated size
	Currently, 'vol-resize --allocate' allocates new space at the
	vol->capacity offset. But the vol->capacity is not necessarily the same
	as vol->allocation. For instance:.
		[root@localhost ~]# virsh vol-list --pool tmp-pool --details
		 Name      Path                   Type  Capacity  Allocation
		-------------------------------------------------------------
		 tmp-vol  /root/tmp-pool/tmp-vol  file  1.00 GiB  1.00 GiB
		[root@localhost ~]# virsh vol-resize tmp-vol --pool tmp-pool 2G
		[root@localhost ~]# virsh vol-list --pool tmp-pool --details
		 Name      Path                   Type  Capacity  Allocation
		-------------------------------------------------------------
		 tmp-vol  /root/tmp-pool/tmp-vol  file  2.00 GiB  1.00 GiB
	So, if we want to allocate more bytes, so the file is say 3G big, the
	real allocated size is 2G actually:
		[root@localhost ~]# virsh vol-resize tmp-vol --pool tmp-pool 3G --allocate
		[root@localhost ~]# virsh vol-list --pool tmp-pool --details
		 Name      Path                   Type  Capacity  Allocation
		-------------------------------------------------------------
		 tmp-vol  /root/tmp-pool/tmp-vol  file  3.00 GiB  2.00 GiB
	This commit uses the correct vol->allocation instead of incorrect
	vol->capacity, so the output of the commands above looks like this:
		[root@localhost ~]# virsh vol-resize tmp-vol --pool tmp-pool 3G --allocate
		[root@localhost ~]# virsh vol-list --pool tmp-pool --details
		 Name      Path                   Type  Capacity  Allocation
		-------------------------------------------------------------
		 tmp-vol  /root/tmp-pool/tmp-vol  file  3.00 GiB  3.00 GiB
	Moreover, if the '--alocate' flag was used, we must update the
	vol->allocation member in storageVolResize API too, not just
	vol->capacity.
	Reported-by: Wang Sen <wangsen@linux.vnet.ibm.com>

2013-12-18  Wout Mertens  <Wout.Mertens@gmail.com>

	Support transient attribute on vmware disks
	vmx/vmx.c ignores the transient attribute on the disk xml format. This patch
	adds a 1-1 relationship between it and [disk].mode = "independent-nonpersistent".
	The other modes are ignored as before. It works in my testing.
	https://bugzilla.redhat.com/show_bug.cgi?id=1044023

2013-12-18  Lénaïc Huard  <lenaic@lhuard.fr.eu.org>

	Fix build when default python is python3
	As the python generator scripts are written in python2,
	the ./configure script must check for python2 before checking for python
	otherwise, on platforms where both python2 and python3 are available and
	on which the default python points to python3, ./configure will try to use
	the wrong one.

2013-12-17  Laine Stump  <laine@laine.org>

	specfile: fix make rpm when with_driver_modules is 1
	Commit ff76566 moved around things in the specfiles to put
	driver-specific files into their appropriate sub-packages (when
	with_driver_modules == 1), but accidentally changed things so that the
	deamon-driver-network and daemon-config-network files were only
	included in a package when with_driver_modules == 0. This broke "make
	rpm" on fedora (where with_driver_modules == 1).
	This patch follows the pattern (already used for the files in other
	sub-modules) of duplicating the files for the main package
	(!with_driver_modules) and the sub-package (with_driver_modules).

2013-12-17  Martin Kletzander  <mkletzan@redhat.com>

	docs: fix address type for disks
	Disks have type='drive', not type='disk'.

	qemu: fix typo PCi => PCI

2013-12-16  Jiri Denemark  <jdenemar@redhat.com>

	tools: Fix virsh connect man page
	The URI parameter is optional and xen:/// is not the default connection
	URI.

2013-12-16  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: Change incorrect error report in lxcContainerPivotRoot
	The newroot is not mounted as tmpfs, we bind root->src to it.

2013-12-14  Daniel P. Berrange  <berrange@redhat.com>

	Add debug output when registering event handlers

	Remove the event namespace concept
	The event namespace concept is mostly redundant information.
	With the re-written dispatcher, the namespace is only used
	for equality comparisons between event IDs. This can be solved
	by just comparing virClassPtr instances instead.

	Associate a dispatch function with the event objects
	Instead of having the object event code have to know about each
	type of event and their dispatch functions, associate a dispatch
	function with the object instance. The dispatch code can thus be
	significantly simplified.

	Introduce abstract virNetworkEvent class
	Inject a virNetworkEvent class between virObjectEvent
	and virNetworkEventLifecycle to mirror virDomainEvent.

	Add 'detail' arg to network lifecycle event internals
	While the public API & wire protocol included the 'detail'
	arg for network lifecycle events, the internal event handling
	code did not process it. This meant that if a future libvirtd
	server starts sending non-0 'detail' args, the current libvirt
	client will not process them.

	Update event demo program to support network events too

	Move examples/domain-events/event-c to examples/object-events
	The domain events demo program isn't really tied to domain
	events anymore, so rename it to object events.

2013-12-13  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in virObjectEventCallbackListRemoveID()
	While running objecteventtest, it was found that valgrind pointed out the
	following memory leak:
	==13464== 5 bytes in 1 blocks are definitely lost in loss record 7 of 134
	==13464==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==13464==    by 0x341F485E21: strdup (strdup.c:42)
	==13464==    by 0x4CAE28F: virStrdup (virstring.c:554)
	==13464==    by 0x4CF3CBE: virObjectEventCallbackListAddID (object_event.c:286)
	==13464==    by 0x4CF49CA: virObjectEventStateRegisterID (object_event.c:729)
	==13464==    by 0x4CF73FE: virDomainEventStateRegisterID (domain_event.c:1424)
	==13464==    by 0x4D7358F: testConnectDomainEventRegisterAny (test_driver.c:6032)
	==13464==    by 0x4D600C8: virConnectDomainEventRegisterAny (libvirt.c:19128)
	==13464==    by 0x402409: testDomainStartStopEvent (objecteventtest.c:232)
	==13464==    by 0x403451: virtTestRun (testutils.c:138)
	==13464==    by 0x402012: mymain (objecteventtest.c:395)
	==13464==    by 0x403AF2: virtTestMain (testutils.c:593)
	==13464==

2013-12-13  Martin Kletzander  <mkletzan@redhat.com>

	qemu: check for reboot-timeout on monitor
	The support for <boot rebootTimeout="12345"/> was added before we were
	checking for qemu command line options in QMP, so we haven't properly
	adapted virQEMUCaps when using it and thus we report unsupported
	option with new enough qemu.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1042690

2013-12-13  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	lxc: return -1 if failed to kill lxc process
	We missed a return when virProcessKillPainfully
	failed to kill lxc process

2013-12-13  Eric Blake  <eblake@redhat.com>

	object: require maximal alignment in base class
	Recent changes to events (commit 8a29ffcf) resulted in new compile
	failures on some targets (such as ARM OMAP5):
	conf/domain_event.c: In function 'virDomainEventDispatchDefaultFunc':
	conf/domain_event.c:1198:30: error: cast increases required alignment of
	target type [-Werror=cast-align]
	conf/domain_event.c:1314:34: error: cast increases required alignment of
	target type [-Werror=cast-align]
	cc1: all warnings being treated as errors
	The error is due to alignment; the base class is merely aligned
	to the worst of 'int' and 'void*', while the child class must
	be aligned to a 'long long'.  The solution is to include a
	'long long' (and for good measure, a function pointer) in the
	base class to ensure correct alignment regardless of what a
	child class may add, but to wrap the inclusion in a union so
	as to not incur any wasted space.  On a typical x86_64 platform,
	the base class remains 16 bytes; on i686, the base class remains
	12 bytes; and on the impacted ARM platform, the base class grows
	from 12 bytes to 16 bytes due to the increase of alignment from
	4 to 8 bytes.
	Reported by Michele Paolino and others.
	* src/util/virobject.h (_virObject): Use a union to ensure that
	subclasses never have stricter alignment than the parent.
	* src/util/virobject.c (virObjectNew, virObjectUnref)
	(virObjectRef): Adjust clients.
	* src/libvirt.c (virConnectRef, virDomainRef, virNetworkRef)
	(virInterfaceRef, virStoragePoolRef, virStorageVolRef)
	(virNodeDeviceRef, virSecretRef, virStreamRef, virNWFilterRef)
	(virDomainSnapshotRef): Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorOpenInternal)
	(qemuMonitorClose): Likewise.

2013-12-13  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: add support for -device pvpanic
	Map the new <panic> device in XML to the '-device pvpanic' command
	line of qemu.  Clients can then couple the <panic> device and the
	<on_crash> directive to control behavior when the guest reports
	a panic to qemu.

	conf: add support for panic device
	panic device is a device that enables libvirt to receive notification
	of guest panic event.

	conf: introduce generic ISA address
	For example:
	<address type='isa' iobase='0x505' irq='0x1'/>

2013-12-12  Daniel P. Berrange  <berrange@redhat.com>

	Bump version to 1.2.1 for new dev cycle

2013-12-12  Laine Stump  <laine@laine.org>

	Add another missing % on %{_libdir} macro

2013-12-12  Daniel P. Berrange  <berrange@redhat.com>

	Add missing % on %{_libdir} macro in RPM

2013-12-12  Gao feng  <gaofeng@cn.fujitsu.com>

	rename virBlkioDeviceWeightPtr to virBlkioDevicePtr
	The throttle blkio cgroup will reuse this struct.

	rename virBlkioDeviceWeightArrayClear to virBlkioDeviceArrayClear

	rename virDomainBlkioDeviceWeightParseXML to virDomainBlkioDeviceParseXML
	virDomainBlkioDeviceWeightParseXML will be used to parse
	the xml element read_bps, write_bps, read_iops, write_iops.

2013-12-12  Eric Blake  <eblake@redhat.com>

	storage: show gluster option in virsh --version=long
	Adding output to 'virsh --version=long' makes it easier to
	tell if a distro built with particular libraries (it doesn't
	tell you what a remote libvirtd is built with, but is still
	better than nothing).  But we forgot to mention gluster.
	* tools/virsh.c (vshShowVersion): Add gluster witness.

2013-12-11  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Added default case with error for object event dispatching
	Hitting this should be pretty rare, but at least developers will know
	that they are providing a weird event ID. Otherwise for namespace that
	are added in the normal way, gcc will raise a warning about unhandled
	case in the switch.

	Fixed indentation in src/conf/*_event*

	Added network events to the bridged network driver

	Add network events to the remote driver

	Add network events unit tests

	test driver: implemented network events

	Added Network events API and virNetworkEventLifecycle.
	Define the public API for (de-)registering network events
	and the callbacks for receiving lifecycle events. The lifecycle
	event includes a 'detail' parameter to match the domain lifecycle
	event data, but this is currently unused.
	The network events related code goes into its own set of internal
	files src/conf/network_event.[ch]

2013-12-11  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix a typo in libvirt.h
	s/pausde/paused

2013-12-11  Michael Chapman  <mike@very.puzzling.org>

	storage_backend_rbd: rename "stat" variable
	This variable shadows the stat(2) function, which only became visible in
	this scope as of commit 9cac8639. Rename the variable so it doesn't
	conflict.

2013-12-11  Eric Blake  <eblake@redhat.com>

	storage: fix omitted slash in gluster volume URI
	When doing 'virsh vol-dumpxml' on a gluster pool's volume, the
	resulting URI incorrectly omitted a slash between hostname and
	path:  gluster://192.168.122.206rhsvol1/fedora-19.img
	This is fallout from me rebasing earlier versions of my patch
	that ended up as commit efee1af; I had originally played with
	always requiring the gluster volume to have a leading slash,
	but it was easier to use the gluster API if the gluster volume
	name was guaranteed to have no slash.  While I got the URI of
	the pool correct, I forgot to fix the URI of a libvirt volume.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Use correct starting point
	since uri construction requires leading slash.

2013-12-11  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	If we do not specify a readonly mount, we don't need to re-mount it again.

2013-12-10  Michal Privoznik  <mprivozn@redhat.com>

	Revert "virtlockd: treat SIGHUP like SIGUSR1"
	This reverts commit 8355d42dd3df514c8584e0e5082b945b79671fc5.
	After some discussion upstream [1] this patch turns out to be spurious.
	It better gets reverted prior to a release.
	1: https://www.redhat.com/archives/libvir-list/2013-December/msg00563.html

	qemu_process: Read errors from child
	https://bugzilla.redhat.com/show_bug.cgi?id=1035955
	There's a window when starting a qemu process between fork() and exec()
	during which we are doing things that may fail but not tunnelling the
	error to the daemon. This is basically all within qemuProcessHook().
	So whenever we fail in something, e.g. placing a process onto numa node,
	users are left with:
	    error: Child quit during startup handshake: Input/output error
	while the original error is thrown into the domain log:
	    libvirt:  error : internal error: NUMA memory tuning in 'preferred'
	    mode only supports single node
	Hence, we should read the log file and search for the error message and
	report it to users.

2013-12-10  Eric Blake  <eblake@redhat.com>

	docs: fix recent typo
	Introduced in commit 24fbbb82.
	* docs/formatdomain.html.in: s/tunning/tuning/

2013-12-10  Cédric Bosdonnat  <cbosdonnat@suse.com>

	daemon/remote.c: renamed remoteDispatchDomainEventSend
	into remoteDispatchObjectEventSend as it will later be used for both
	the domain and network events.

	test driver: renamed testDomainEventQueue into testObjectEventQueue

	Extracted common parts of domain_event.[ch] to object_event.[ch]

	Split the virObjectEvent and virDomainEvent* to separate them after

	Renamed virDomainEventTimer to virObjectEventTimer

	Add object event namespaces for the event IDs
	Each unique event ID will thus be composed by 1 byte for the namespace
	and 1 byte for a namespace-specific ID. The namespace for domain event
	needs to be 0 for compatibility reasons.

	Use virObjectEventPtr instead of virDomainEventPtr
	The virDomainEvent class is kept as it indicates what meta informations
	are valid for the children classes. This may be useful in the future.

	Create virDomainEventDeviceRemoved and remove the huge union
	RIP virDomainEvent union. All data are now stored in each
	virObjectEvent subclass.

	Create virDomainEventBalloonChange to get rid of the huge union

	Create virDomainEventTrayChange to get rid of the huge union

	Create virDomainEventDiskChange to get rid of the huge union

	Create virDomainEventBlockJob to get rid of the huge union

	Create virDomainEventGraphics to get rid of the huge union

	Create virDomainEventIOError to get rid of the huge union

	Create virDomainEventWatchdog to get rid of the huge union

	Create virDomainEventRTCChange to get rid of the huge union

	Renamed virDomainEventNewInternal to virDomainEventNew
	This change may be confusing at first, but provides a much more
	consistent naming scheme for the virObjectEvent children construction
	functions.

	Renamed virDomainEventNew* to virDomainEventLifecycleNew*
	This aims at providing some consistency with other domain events

	Create virDomainEventLifecycle to start removing the huge union

	virObject-ified virDomainEvent
	Added a parent class virObjectEvent for future event types

	Created virObjectEventStateRegisterID
	Keep virDomainEventStateRegisterID as a convenience wrapper around
	this new function.

	Renamed virDomainEventCallbackList* to virObjectEventCallbackList*
	Keep the legacy Domain lifecycle event functions as is.

	Renamed virDomainEventState to virObjectEventState
	Leave virDomainEventRegister and its Deregister brother as these are
	legacy functions only for domain lifecycle events.

	Renamed virDomainEventQueue to virObjectEventQueue
	The event queue will be generalized to hold events related
	to any object type.

	Renamed virDomainMeta to virObjectMeta
	The metadata struct will hold the unique identifiers for
	any type of object, though not all fields will be used
	for all types.

	Rename virDomainEventCallback to virObjectEventCallback
	The event callbacks will be generalized to handle events
	for any object type.

	Added domain start/stop/define/undefine event unit tests
	These unit tests are aiming at providing some help during the domain
	events refactoring.

2013-12-10  Michael Chapman  <mike@very.puzzling.org>

	spec: clean up libvirtd and virtlockd service mgmt
	- systemctl and the %systemd_* RPM macros can take multiple unit names
	  in the one invocation. Make use of this to avoid repeated systemd
	  daemon reloads.
	- virtlockd was only properly enabled and disabled when using systemd,
	  but when systemd RPM macros were not available (e.g. on Fedora < 18).
	  Make sure it's enabled when systemd RPM macros are present, or when
	  using initscripts.
	- Always use "reload" on virtlockd, not "condrestart". This allows it to
	  cleanly re-execute itself without losing running state. Ignore any
	  error should the reload fail.
	- Move the reloading of virtlockd and libvirtd via their initscripts
	  into the daemon package's %postun scriptlet. These services must be
	  restarted after all of the libvirt-daemon-driver-* packages have
	  been upgraded during the same RPM transaction.
	- Add a %triggerpostun executed only when upgrading an older
	  libvirt-daemon. As an older package would only reload libvirtd during
	  %post, and the newer package would only reload libvirtd during
	  %postun, such an upgrade would not reload libvirtd at all without the
	  trigger.

	virtlockd: use common exit path when out-of-memory
	Also use a distinct, valid exit status for daemon re-execution failure.

	virtlockd: treat SIGHUP like SIGUSR1
	SIGHUP is commonly used to instruct a daemon to reload its config. For
	now we should handle it in virtlockd just like SIGUSR1, rather than
	having it kill the process.

	virtlockd: improve initscripts
	- Use SIGUSR1, not SIGHUP, on reload. At present, virtlockd only
	  responds to the former.
	- Fix PID file for virtlockd.
	- Do not start virtlockd in any runlevels by default. It needs to be
	  explicitly selected in libvirt's qemu.conf anyway, so there is no
	  need to have it running on all systems regardless.
	- Fix chkconfig priorities to ensure virtlockd is started before
	  libvirtd is started, and stopped after libvirtd is stopped.
	- Add "Should-Start: virtlockd" to the libvirtd initscript's LSB header,
	  for the same reason.
	- Add "Default-Stop" to both libvirtd and virtlockd initscripts. LSB
	  does not guarantee that this defaults to the inverse of
	  "Default-Start".

	virtlockd: improve systemd units
	- Pass VIRTLOCKD_ARGS through to virtlockd.
	- Use SIGUSR1, not SIGHUP, in ExecReload. At present, virtlockd only
	  responds to the former.
	- Have "systemctl enable virtlockd.service" enable virtlockd.socket,
	  rather than throw an error.
	- Make virtlockd.socket wanted by sockets.target, rather than
	  multi-user.target. This is consistent with other socket units in
	  Fedora, and it ensures that the socket is available before libvirtd is
	  started.

2013-12-10  Martin Kletzander  <mkletzan@redhat.com>

	conf: don't format memtune with unlimited values
	When changing memtune limits to unlimited with AFFECT_CONFIG, the
	values in virDomainDef are set to PARAM_UNLIMITED, which causes the
	whole <memtune> to be formatted.  This can be changed in all drivers,
	but it also makes sense to use the default (0) as another value for
	"unlimited", since zero memory limit makes no sense.

	qemu: Fix minor inconsistency in error message

	qemu: Report VIR_DOMAIN_MEMORY_PARAM_UNLIMITED properly
	For dead domains that have no memtune limits, we return 0 instead of
	"unlimited", this patch fixes it to return PARAM_UNLIMITED.

	cgroups: Redefine what "unlimited" means wrt memory limits
	Since kernel 3.12 (commit 34ff8dc08956098563989d8599840b130be81252 in
	linux-stable.git in particular) the value for 'unlimited' in cgroup
	memory limits changed from LLONG_MAX to ULLONG_MAX.  Due to rather
	unfortunate choice of our VIR_DOMAIN_MEMORY_PARAM_UNLIMITED constant
	(which we transfer as an unsigned long long in Kibibytes), we ended up
	with the situation described below (applies to x86_64):
	 - 2^64-1 (ULLONG_MAX) -- "unlimited" in kernel = 3.12
	 - 2^63-1 (LLONG_MAX) -- "unlimited" in kernel < 3.12
	 - 2^63-1024 -- our PARAM_UNLIMITED scaled to Bytes
	 - 2^53-1 -- our PARAM_UNLIMITED unscaled (in Kibibytes)
	This means that when any number within (2^63-1, 2^64-1] is read from
	memory cgroup, we are transferring that number instead of "unlimited".
	Unfortunately, changing VIR_DOMAIN_MEMORY_PARAM_UNLIMITED would break
	ABI compatibility and thus we have to resort to a different solution.
	With this patch every value greater than PARAM_UNLIMITED means
	"unlimited".  Even though this may seem misleading, we are already in
	such unclear situation when running 3.12 kernel with memory limits set
	to 2^63.
	One example showing most of the problems at once (with kernel 3.12.2):
	 # virsh memtune asdf --hard-limit 9007199254740991 --swap-hard-limit -1
	 # echo 12345678901234567890 >\
	/sys/fs/cgroup/memory/machine/asdf.libvirt-qemu/memory.soft_limit_in_bytes
	 # virsh memtune asdf
	 hard_limit     : 18014398509481983
	 soft_limit     : 12056327051986884
	 swap_hard_limit: 18014398509481983

2013-12-10  Cole Robinson  <crobinso@redhat.com>

	qemu: hotplug: Fix adding USB devices to the driver list
	We were unconditionally removing the device from the host list, when it
	should only be done on error.
	This fixes USB collision detection when hotplugging the same device to
	two guests.

	qemu: hotplug: Fix double free on USB collision
	If we hit a collision, we free the USB device while it is still part
	of our temporary USBDeviceList. When the list is unref'd, the device
	is free'd again.
	Make the initial device freeing dependent on whether it is present
	in the temporary list or not.

	qemu: hotplug: Only label hostdev after checking device conflicts
	Similar to what Jiri did for cgroup setup/teardown in 05e149f94, push
	it all into the device handler functions so we can do the necessary prep
	work before claiming the device.
	This also fixes hotplugging USB devices by product/vendor (virt-manager's
	default behavior):
	https://bugzilla.redhat.com/show_bug.cgi?id=1016511

2013-12-09  Jiri Denemark  <jdenemar@redhat.com>

	docs: Enhance memoryBacking/locked documentation
	Mention the need to set memtune/hard_limit.
	https://bugzilla.redhat.com/show_bug.cgi?id=1035954

2013-12-07  Jim Fehlig  <jfehlig@suse.com>

	spec: move driver-specific files to driver subpackages
	The libvirt-daemon package contains several driver-specific files,
	directories, and script, which can be problematic when building the
	package with multiple hypervisor support, e.g. both QEMU and Xen.
	E.g. installing a QEMU+Xen enabled libvirt-daemon on a Xen-only system
	will result in the creation of qemu and kvm groups and a qemu user.
	Move the driver-specific files, directories, and script to the
	respective driver subpackages.

	spec: Define hypervisor-specific files together
	Collapse the various {with_<hypervisor>} conditionals in the
	libvirt-daemon package files section into a single {with_<hypervisor>}
	conditional

	spec: Conditionally specify some hypervisor-specific files
	Move some hypervisor-specific files in the libvirt-daemon subpackage
	within conditionals for those hypervisors.

	spec: Fix files list when building without driver modules
	The daemon-config-{network,nwfilter} subpackages are built regardless
	of whether or not with_driver_modules is defined, therefore don't
	conditionally define their files list.

	spec: Only add libvirt-daemon pre install script if building with qemu
	The %pre script in libvirt-daemon is specific to qemu, so only include
	it if building with qemu support.

	spec: Fix unconditional references of nwfilter
	Ensure nwfilter files lists and dependencies are conditional upon
	with_nwfilter being defined.

2013-12-06  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	lxcContainerMountFSDevPTS: Unify @ret usage pattern
	Currently, if virFileMakePath() fails, the @ret is left initialized from
	virAsprintf() just a few lines above leading to a wrong return value of
	zero whereas -1 should be returned.

2013-12-06  Zhou Yimin  <zhouyimin@huawei.com>

	Cgroup: Replace 'newpath' with 'newPath'
	Unifying codding style, replace 'newpath' with 'newPath'.
	From: Zhou Yimin <zhouyimin@huawei.com>

2013-12-06  Ján Tomko  <jtomko@redhat.com>

	Add qxl ram size to ABI stability check
	55bfd02 added a 'ram' attribute for qxl video devices
	but didn't update the ABI check.
	https://bugzilla.redhat.com/show_bug.cgi?id=1035123

2013-12-06  Peter Krempa  <pkrempa@redhat.com>

	qemu: Improve error when setting invalid count of vcpus via agent
	https://bugzilla.redhat.com/show_bug.cgi?id=1035108
	When attempting to enable more vCPUs in the guest than is currently
	enabled in the guest but less than the maximum count for the VM we
	currently reported an unhelpful message:
	 error: internal error: guest agent reports less cpu than requested
	This patch changes it to:
	 error: invalid argument: requested vcpu count is greater than the count
	 of enabled vcpus in the domain: 3 > 2

	conf: Fix XML formatting of RNG device info
	https://bugzilla.redhat.com/show_bug.cgi?id=1035118
	When outputting the XML for the RNG device, the code didn't format the
	PCI address info. Additionally the schema wasn't expecting the info
	although it was being parsed and used internally. Fix those mistakes and
	add test for the PCI info section.

	qemu: snapshot: Fix incorrect disk type for auto-generated disks
	When changing the parsing and formatting functions in commit
	43f2ccdc73090bd03f64de4d58d46ffa0134d705 I forgot to update the qemu
	disk alignment function for snapshots that automatically adds snapshot
	configs for disks that were not mentioned in the XML. The function
	allocated a new disk snapshot definition but did not correctly
	initialize the snapshot disk source type variable. This resulted into
	the disks considered as block devices and invalid XML was generated.
	Reported by John Ferlan.

2013-12-06  Cole Robinson  <crobinso@redhat.com>

	qemu: hotplug: Mark 2 private functions as static
	They aren't used outside of qemu_hotplug.c

2013-12-06  Wang Yufei  <james.wangyufei@huawei.com>

	docs: fix double articles bug
	Delete the extra article 'the'.

2013-12-05  Michal Privoznik  <mprivozn@redhat.com>

	virThreadPoolFree: Set n(Prio)Workers after the pool is locked
	In 78839da I am trying to join the worker threads. However, I can't
	sipmly reuse pool->nWorkers (same applies for pool->nPrioWorkers),
	because of the following flow that is currently implemented:
	1) the main thread executing virThreadPoolFree sets pool->quit = true,
	wakes up all the workers and wait on pool->quit_cond.
	2) A worker is woken up and see quit request. It immediately jumps of
	the while() loop and decrements pool->nWorkers (or pool->nPrioWorkers in
	case of priority worker). The last thread signalizes pool->quit_cond.
	3) Main thread is woken up, with both pool->nWorkers and
	pool->nPrioWorkers being zero.
	So there's a need to copy the original value of worker thread counts
	into local variables. However, these need to set *after* the check for
	pool being NULL (dereferencing a NULL is no no). And for safety they can
	be set right after the pool is locked.
	Reported-by: John Ferlan <jferlan@redhat.com>

2013-12-05  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix indentation in qemuTranslateDiskSourcePool
	Commit e1a4d08baf9a8cc86c8b5ca27da9aeedb34b5908 was pushed with bad
	indentation the iSCSI pool translation code.

	domainsnapshotxml2xmltest: Add test case for empty driver element
	Commit 5a66c667ff5cae61c2ad2e646c8eb3eedc67f925 fixed a NULL dereference
	if the disk driver element was empty. Add a test for this case.

	domainsnapshotxml2xmltest: Add existing files as new tests
	There were plenty snapshot XMLs in the tests/domainsnapshotxml2xmlin
	directory that actually weren't used in XML testing. The upgraded
	domainsnapshotxml2xml test now allows us to use them.

	domainsnapshotxml2xml: Move files with conflicting names
	The new tests that will be added later would collide with files of
	existing tests. Move and rename those files.

	domainsnapshotxml2xmltest: Allow for better testing of snapshots
	Until now the test was only testing redefinition of snapshot XMLs stored
	in tests/domainsnapshotxml2xmlout. This patch adds new infrastructure to
	allow testing of files that may differ and will allow to utilize files
	in tests/domainsnapshotxml2xmlin as new tests too.

	domainsnapshotxml2xmltest: Clean up labels and use bool instead of int
	The 'internal' variable holds only two states; convert it to a boolean
	and the 'fail' label should be called 'cleanup'. This patch also fixes a
	minor memory leak of driver capabilities in case the XML config object
	can't be allocated.

2013-12-05  Adam Walters  <adam@pandorasboxen.com>

	configure: Resolve compile issue in configure.ac
	This patch resolves a compile issue caused by the
	removal of examples/domsuspend code in commit
	5eb4b04211ea379c58f735dee6c2852c8b80da89. This issue
	is only seen in a fresh checkout, but causes the build
	and configure to fail.

2013-12-05  Wangyufei (James)  <james.wangyufei@huawei.com>

	qemuAgentDispose: Reset lastError
	When an error occurred in qemuAgentIO, it will be saved in mon->lastError,
	but it will not be freed at the end.  Present since commit c160ce33;
	and compare to commit 9cc8a5af fixing the same problem in qemu_monitor.c.
	==22219== 54 bytes in 1 blocks are definitely lost in loss record 982 of 1,379
	==22219==    at 0x4C26B9B: malloc (vg_replace_malloc.c:263)
	==22219==    by 0x8520521: strdup (in /lib64/libc-2.11.3.so)
	==22219==    by 0x52E99CB: virStrdup (virstring.c:554)
	==22219==    by 0x52B44C4: virCopyError (virerror.c:195)
	==22219==    by 0x52B5123: virCopyLastError (virerror.c:312)
	==22219==    by 0x10905877: qemuAgentIO (qemu_agent.c:660)
	==22219==    by 0x52B6122: virEventPollDispatchHandles (vireventpoll.c:501)
	==22219==    by 0x52B7AEA: virEventPollRunOnce (vireventpoll.c:647)
	==22219==    by 0x52B5C1B: virEventRunDefaultImpl (virevent.c:274)
	==22219==    by 0x54181FD: virNetServerRun (virnetserver.c:1112)
	==22219==    by 0x11EF4D: main (libvirtd.c:1513)

2013-12-05  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in qemuBuildDriveStr()
	This patch fixes memory leaks reported by valgrind on running
	qemuxml2argvtest; introduced in commit 0df53f04.
	Most of them are of the form:
	==24777== 15 bytes in 1 blocks are definitely lost in loss record 39 of 129
	==24777==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==24777==    by 0x341F485E21: strdup (strdup.c:42)
	==24777==    by 0x4CADE5F: virStrdup (virstring.c:554)
	==24777==    by 0x4362B6: qemuBuildDriveStr (qemu_command.c:3848)
	==24777==    by 0x43EF73: qemuBuildCommandLine (qemu_command.c:8500)
	==24777==    by 0x426670: testCompareXMLToArgvHelper (qemuxml2argvtest.c:350)
	==24777==    by 0x427C01: virtTestRun (testutils.c:138)
	==24777==    by 0x41DDB5: mymain (qemuxml2argvtest.c:658)
	==24777==    by 0x4282A2: virtTestMain (testutils.c:593)
	==24777==    by 0x341F421A04: (below main) (libc-start.c:225)
	==24777==

2013-12-05  Peter Krempa  <pkrempa@redhat.com>

	maint: Kill usage of atoi()
	Kill the use of atoi() and introduce syntax check to forbid it and it's
	friends (atol, atoll, atof, atoq).
	Also fix a typo in variable name holding the cylinders count of a disk
	pool (apparently unused).
	examples/domsuspend/suspend.c will need a larger scale refactor as the
	whole example file is broken thus it will be exempted from the syntax
	check for now.

	examples: Remove broken bad example
	The domsuspend example code is a really old and bad exmample of (how not
	to use) the libvirt API. Remove it as it's apparent that nobody tried to
	use it. It was broken and nobody complained.

2013-12-04  Daniel P. Berrange  <berrange@redhat.com>

	Don't overwrite errors from virConfReadFile
	The SELinux security driver would overwrite errors from the
	virConfReadFile function.

2013-12-04  Michal Privoznik  <mprivozn@redhat.com>

	virThreadPoolFree: Join worker threads
	Even though currently we are freeing the pool of worker threads at the
	daemon very end, nothing holds us back in joining the worker threads.
	Moreover, we avoid leaks like this:
	==26697== 1,680 bytes in 5 blocks are possibly lost in loss record 913 of 942
	==26697==    at 0x4C2BDE4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==26697==    by 0x4011131: allocate_dtv (in /lib64/ld-2.16.so)
	==26697==    by 0x401176D: _dl_allocate_tls (in /lib64/ld-2.16.so)
	==26697==    by 0x8499602: pthread_create@@GLIBC_2.2.5 (in /lib64/libpthread-2.16.so)
	==26697==    by 0x52F53E9: virThreadCreate (virthreadpthread.c:188)
	==26697==    by 0x52F5D4F: virThreadPoolNew (virthreadpool.c:221)
	==26697==    by 0x53F30DB: virNetServerNew (virnetserver.c:377)
	==26697==    by 0x11C6ED: main (libvirtd.c:1366)

2013-12-04  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	qemu: fix live pinning to memory node on NUMA system
	Ever since the subcpusets(vcpu,emulator) were introduced, the parent
	cpuset cannot be modified to remove the nodes that are in use by the
	subcpusets.
	The fix is to break the memory node modification into three steps:
	 1. assign new nodes into the parent,
	 2. change the nodes in the child nodes,
	 3. remove the old nodes on the parent node.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1009880

2013-12-04  John Ferlan  <jferlan@redhat.com>

	storage_driver: Resolve Coverity CHECKED_RETURN warning
	The storageRegister() didn't check the return from the
	virRegisterStorageDriver() like other callers did, so Coverity
	flagged it.  Just check the return and handle.

	bridge_driver: Resolve Coverity CHECKED_RETURN warning
	The networkRegister() didn't check the return status of the
	virRegisterNetworkDriver() call like other callers, so just
	check and handle here as well.

	virnetserverclient: Fix conditional change HAVE_SASL to WITH_SASL

	virnetserverclient: Remove Coverity DEADCODE warning
	The x509dname is only set inside a WITH_GNUTLS conditional, so
	when used/check later on for NULL, Coverity detects this is not
	possible.  Added WITH_GNUTLS around uses to remove message

	nwfilter: Remove Coverity DEADCODE warning
	The nwfilterStateInitialize() would only assign sysbus inside
	a WITH_DBUS conditional, thus leaving a subsequent check for sysbus
	and nwfilterDriverInstallDBusMatches() as a no-op
	Rather than try to add WITH_DBUS conditions which ended up conflicting
	with the usage of HAVE_FIREWALLD conditionals, just remove the WITH_DBUS
	since virdbus.c has entry points for with and without conditions.

2013-12-04  Michal Privoznik  <mprivozn@redhat.com>

	src: Align make output
	The make inserts six spaces instead of four:
	  GEN      access/viraccessapichecklxc.h
	  GEN    hyperv/hyperv_wmi.generated.h
	  GEN      access/viraccessapichecklxc.c
	  GEN    hyperv/hyperv_wmi.generated.c
	  GEN    hyperv/hyperv_wmi_classes.generated.typedef
	  GEN    hyperv/hyperv_wmi_classes.generated.h
	  GEN    hyperv/hyperv_wmi_classes.generated.c
	  GEN      libvirt_access_qemu.xml
	  GEN      libvirt_access.syms
	  GEN      libvirt_access_lxc.xml
	  GEN      libvirt_access_qemu.syms
	  GEN      libvirt_access_lxc.syms
	  GEN      libvirt_qemu.def
	  GEN    esx/esx_vi_types.generated.typedef
	  GEN    esx/esx_vi_types.generated.typeenum
	  GEN    esx/esx_vi_types.generated.typetostring
	  GEN    esx/esx_vi_types.generated.typefromstring
	  GEN    esx/esx_vi_types.generated.h
	  GEN    esx/esx_vi_types.generated.c
	  GEN    esx/esx_vi_methods.generated.h
	  GEN    esx/esx_vi_methods.generated.c
	  GEN    esx/esx_vi_methods.generated.macro
	  GEN    esx/esx_vi.generated.h
	  GEN    esx/esx_vi.generated.c
	  GEN      libvirt_lxc.def

2013-12-03  Laine Stump  <laine@laine.org>

	qemu: report error on attempt to live change virtio-net queues
	This resolves:
	  https://bugzilla.redhat.com/show_bug.cgi?id=1029732
	The BZ asked for the capability to change the number of queues used by
	a virtio-net device while the device is in use. Because the number of
	queues can only be set at the time the device is created, that isn't
	possible. However, libvirt also shouldn't be silently reporting
	success when someone tries to change the number of queues. So this
	patch flags that as an error (just as attempts to change any of the
	other virtio-specific parameters already do).

2013-12-03  Michal Privoznik  <mprivozn@redhat.com>

	daemon: Run virStateCleanup conditionally
	https://bugzilla.redhat.com/show_bug.cgi?id=1033061
	Currently, initialization of drivers is done in a separate thread. This
	is done for several reasons: a driver that is initialized may require
	running event loop, it may take ages to initialize driver (e.g. due to
	autostarting domains). While the thread is spawn and run, the main()
	continues its execution. However, if something goes bad, or the event
	loop is just exited (e.g. due to a --timeout or SIGINT) we try to
	cleanup all the drivers. So we have two threads running Initialize() and
	Cleanup() concurrently. This may result in accessing stale pointers -
	e.g. netcf driver will free() itself in stateCleanup callback, while the
	init thread may come, open a dummy connection in order to autostart some
	domains and voilà: do_open() iterates over interface drivers and
	accesses stale netcf driver.
	The fix consists in not running stateCleanup if the init thread is still
	running.

2013-12-03  Laine Stump  <laine@laine.org>

	tests: add forgotten boot-strict test files
	These *should* have been pushed in commit
	96fddee322c7d39a57cfdc5e7be71326d597d30a.

	qemu: add "-boot strict" to commandline whenever possible
	This resolves:
	  https://bugzilla.redhat.com/show_bug.cgi?id=888635
	(which was already closed as CANTFIX because the qemu "-boot strict"
	commandline option wasn't available at the time).
	Problem: you couldn't have a domain that used PXE to boot, but also
	had an un-bootable disk device *even if that disk wasn't listed in the
	boot order*, because if PXE timed out (e.g. due to the bridge
	forwarding delay), the BIOS would move on to the next target, which
	would be the unbootable disk device (again - even though it wasn't
	given a boot order), and get stuck at a "BOOT DISK FAILURE, PRESS ANY
	KEY" message until a user intervened.
	The solution available since sometime around QEMU 1.5, is to add
	"-boot strict=on" to *every* qemu command. When this is done, if any
	devices have a boot order specified, then QEMU will *only* attempt to
	boot from those devices that have an explicit boot order, ignoring the
	rest.

	qemu: default to vfio for nodedev-detach
	This patch resolves:
	  https://bugzilla.redhat.com/show_bug.cgi?id=1035188
	Commit f094aaac48a6 changed the PCI device assignment in qemu domains
	to default to using VFIO rather than legacy KVM device assignment
	(when VFIO is available). It didn't change which driver was used by
	default for virNodeDeviceDetachFlags(), though, so that API (and the
	virsh nodedev-detach command) was still binding to the pci-stub
	driver, used by legacy KVM assignment, by default.
	This patch publicizes (only within the qemu module, though, so no
	additions to the symbol exports are needed) the functions that check
	for presence of KVM and VFIO device assignment, then uses those
	functions to decide what to do when no driver is specified for
	virNodeDeviceDetachFlags(); if the vfio driver is loaded, the device
	will be bound to vfio-pci, or if legacy KVM assignment is supported on
	this system, the device will be bound to pci-stub; if neither method
	is available, the detach will fail.

2013-12-03  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshots: Declare supported and unsupported snapshot configs
	Currently the snapshot code did not check if it actually supports
	snapshots on various disk backends for domains. To avoid future problems
	add checkers that whitelist the supported configurations.

	qemu: Clear old translated pool source
	Clear the old data to avoid leaking it when attempting to re-translate a
	pool on the same domain object.

	qemu: Refactor disk source string formatting
	This patch adds function qemuGetDriveSourceString to produce
	qemu-compatible disk source strings that will enable to reuse the code
	and refactors building of the qemu commandline of disks to use this new
	helper.

	qemu: Unify formatting of RBD sources

	qemu: Split out NBD command generation

	qemu: Migrate sheepdog source generation into common function

	qemu: Use qemuBuildNetworkDriveURI to handle http/ftp and friends
	Prepare the function to integrate other protocols and start folding
	other network protocols into a common place.

	qemu: Simplify call pattern of qemuBuildDriveURIString
	Automatically assign secret type from the disk source definition and
	pull in adding of the comma. Then update callers to keep generated
	output the same.

	qemu: Split out formatting of network disk source URI
	The snapshot code will need to use qemu-style formatted URIs of network
	disks. Split out the code to avoid duplication.

	qemu: Refactor qemuTranslateDiskSourcePool
	Before this patch, the translation function still needs a second ugly
	helper function to actually format the command line for qemu. But if we
	do the right stuff in the translation function, we don't have to bother
	with the second function any more.
	This patch removes the messy qemuBuildVolumeString function and changes
	qemuTranslateDiskSourcePool to set stuff up correctly so that the
	regular code paths meant for volumes can be used to format the command
	line correctly.
	For this purpose a new helper "qemuDiskGetActualType()" is introduced to
	return the type of the volume in a pool.
	As a part of the refactor the qemuTranslateDiskSourcePool function is
	fixed to do decisions based on the pool type instead of the volume type.
	This allows to separate pool-type-specific stuff more clearly and will
	ease addition of other pool types that will require certain other
	operations to get the correct pool source.
	The previously fixed tests should make sure that we don't break stuff
	that was working before.

2013-12-03  Osier Yang  <jyang@redhat.com>

	Doc: Explicitly declaring that nodedev-destroy only works for vHBA
	Though trying to destroy a physical HBA doesn't make sense at all,
	it's still a bit misleading with saying "only works for HBA".

2013-12-03  Eric Blake  <eblake@redhat.com>

	virsh: improve grammar in error message
	Based on a suggestion from Mauricio Tavares.
	* tools/virsh-domain.c (cmdDetachInterface, vshFindDisk): Improve
	wording.

	docs: fix some typos
	* docs/auditlog.html.in: Spelling fixes.

	docs: fix typo in previous patch
	Avoid a nested comment compilation error, caused by me editing
	Chen's patch.
	* include/libvirt/libvirt.h.in: Fix typo.

2013-12-03  Daniel P. Berrange  <berrange@redhat.com>

	Ensure to zero out the virDomainBlockJobInfo arg
	The virDomainGetBlockJobInfo method did not zero out the
	virDomainBlockJobInfo pointer arg, so when block jobs were
	not active it would return garbage for the bandwidth/cur/end
	fields.

2013-12-03  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix typos in libvirt.h.in
	s/causes/cause/
	Each event callback has a single detail parameter, and can
	thus only report a single cause.  Also, make all the sub-event
	documentation use similar wording.

2013-12-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Add functions similar to disk source pool translation
	To avoid future pain, add placeholder functions to get the actual
	snapshot disk type.

	qemu: snapshot: Touch up error message

	conf: Add helper do clear disk source authentication struct
	Add virDomainDiskAuthClear to help cleaning out the struct in other
	places too.

	qemu: snapshot: Detect internal snapshots also for sheepdog and RBD
	When doing an internal snapshot on a VM with sheepdog or RBD disks we
	would not set a flag to mark the domain is using internal snapshots and
	might end up creating a mixed snapshot. Move the setting of the variable
	to avoid this problem.

	conf: Add functions to copy and free network disk source definitions
	To simplify operations on virDomainDiskHostDef arrays we will need deep
	copy and freeing functions. Add and properly export them.

	snapshot: conf: Fix NULL dereference when <driver> element is empty
	Consider the following valid snapshot XML as the <driver> element is
	allowed to be empty in the domainsnapshot.rng schema:
	$ cat snap.xml
	<domainsnapshot>
	  <disks>
	    <disk name='vda' snapshot='external'>
	      <source file='/tmp/foo'/>
	      <driver/>
	    </disk>
	  </disks>
	</domainsnapshot>
	produces the following error:
	$ virsh snapshot-create domain snap.xml
	error: internal error: unknown disk snapshot driver '(null)'
	The driver type is parsed as NULL from the XML as the attribute is not
	present and then directly used to produce the error message.
	With this patch the attempt to parse the driver type is skipped if not
	present to avoid changing the schema to forbid the empty driver element.

	snapshot: conf: Use common parsing and formatting functions for source
	Disk source elements for snapshots were using separate code from our
	config parser. As snapshots can be stored on more than just regular
	files, we will need the universal parser to allow us to expose a variety
	of snapshot disk targets. This patch reuses the config parsers and
	formatters to do the job.
	This initial support only changes the code without any visible XML
	change.

	conf: Export disk source formatter and parser
	This code will be reused in the snapshot disk definition parser.

	conf: Split out seclabel formating code for disk source
	The code is common for all the various disk types. Split it out to a
	common function.

	conf: Clean up virDomainDiskSourceDefFormatInternal
	Avoid if statements when used with virBufferEscapeString which
	automaticaly omits the whole string. Also add some line breaks to
	visualy separate the code.

	conf: Support disk source formatting without needing a virDomainDiskDefPtr
	The <source> element formatting function was expecting a
	virDomainDiskDefPtr to store the data. As snapshots are not using this
	data structure to hold the data, we need to add an internal function
	which splits out individual fields separately.

	tests: Fix comment for fake storage pool driver
	Commit bae124e40ff2b9d4de75d44510619db2c08d548a was accidentaly pushed
	without review feedback worked in. Fix it up.

	qemuxml2argv: Add test for disk type='volume' with iSCSI pools
	Tweak the existing file so that it can be tested for command line
	corectness.

	qemuxml2argv: Add test to verify correct usage of disk type="volume"
	Tweak the existing file to test command line generator too.

	test: Implement fake storage pool driver in qemuxml2argv test
	To support testing of "volume" disk backing, we need to implement a few
	disk driver backend functions.
	The fake storage driver uses files in storagepoolxml2xmlout/POOLNAME.xml
	as XML files for pool definitions and volume names are in format
	"VOL_TYPE+VOL_PATH". By default type "block" is assumed (for iSCSI test
	compatibility).
	The choice of this approach along with implemented functions was made so
	that <disk type='volume'> can be tested in the xml2argv test.

2013-12-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.0
	* configure.ac docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: update and merge localizations from transifex

2013-12-02  Ryota Ozaki  <ozaki.ryota@gmail.com>

	vbox: handle errors of virDomainHostdevDefAlloc correctly
	The original code ignored errors of virDomainHostdevDefAlloc,
	however, we should properly do error return from the function
	if it occurs.
	The fix pulls out virDomainHostdevDefAlloc from the loop and
	executes it all together before the loop. So we can easily
	return on errors without the notion of other memory allocations
	in the loop.
	The deallocation code is separated from the allocation code
	because it will be used by a further patch for fixing other error
	handlings.
	Reported-by: Laine Stump <laine@laine.org>

	vbox: fix incorrect loop condition in vboxHostDeviceGetXMLDesc
	The fixed loop used logical OR to combine two conditions, however,
	it is apparently incorrect and logical AND is correct.
	We can fix it by replacing OR with AND, but this patch instead
	fixes the problem by getting rid of the first conditional
	statement: USBFilterCount < def->nhostdevs. It isn't needed
	because USBFilterCount will never be greater than or equal to
	def->nhostdevs.
	def->nhostdevs is calculated in the following code
	above the loop in question like this:
	    for (i = 0; i < deviceFilters.count; i++) {
	        PRBool active = PR_FALSE;
	        IUSBDeviceFilter *deviceFilter = deviceFilters.items[i];
	        deviceFilter->vtbl->GetActive(deviceFilter, &active);
	        if (active) {
	            def->nhostdevs++;
	        }
	    }
	And the loop is constructed as like this:
	    for (i = 0; (USBFilterCount < def->nhostdevs) || (i < deviceFilters.count); i++) {
	        PRBool active                  = PR_FALSE;
	(snip)
	        deviceFilter->vtbl->GetActive(deviceFilter, &active);
	        if (!active)
	            continue;
	(snip)
	        USBFilterCount++;
	    }
	So def->nhostdevs is the number of active device filters and
	USBFilterCount is counted up only when a device filter is active.
	Thus, we can remove USBFilterCount < def->nhostdevs safely.
	Reported-by: Laine Stump <laine@laine.org>

2013-12-02  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix typos in libvirt.h.in
	s/caused/causes

2013-12-02  Daniel P. Berrange  <berrange@redhat.com>

	Link libvirt-sandbox from apps page
	Add a link to the http://sandbox.libvirt.org sub-site from the
	list of libraries related to libvirt. Also fix formatting for
	the ruby libvirt binding.

	Add docs about audit subsystem logging
	Adds a new page to the website "Deployment" section describing
	what data is sent to the audit logs and how to configure libvirtd
	audit settings.

2013-12-02  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in virNWFilterDefParseXML()
	While running nwfilterxml2xmltest, it was found that valgrind pointed out the
	following error...
	==7466== 16 bytes in 1 blocks are definitely lost in loss record 26 of 90
	==7466==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
	    ==7466==    by 0x4C651AD: virAlloc (viralloc.c:142)
	    ==7466==    by 0x4D0450D: virNWFilterDefParseNode (nwfilter_conf.c:2575)
	    ==7466==    by 0x4D05D84: virNWFilterDefParse (nwfilter_conf.c:2647)
	    ==7466==    by 0x401FDE: testCompareXMLToXMLHelper (nwfilterxml2xmltest.c:39)
	    ==7466==    by 0x402DE1: virtTestRun (testutils.c:138)
	    ==7466==    by 0x4018E9: mymain (nwfilterxml2xmltest.c:111)
	    ==7466==    by 0x403482: virtTestMain (testutils.c:593)
	    ==7466==    by 0x341F421A04: (below main) (libc-start.c:225)
	...21 times, which are related to 21 tests in nwfilterxml2xmltest.c which sent
	EXPECT_WARN = false. There were two scenarios in virNWFilterDefParseXML(),
	when the variable 'entry' was malloc'ed, but not freed.

	Fix memory leak in virDomainDefParseXML()
	This patch fixes the memory leaks found while running qemuxml2argvtest
	==8260== 3 bytes in 1 blocks are definitely lost in loss record 1 of
	129
	==8260==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==8260==    by 0x341F485E21: strdup (strdup.c:42)
	==8260==    by 0x4CADCFF: virStrdup (virstring.c:554)
	==8260==    by 0x4CBB839: virXPathString (virxml.c:90)
	==8260==    by 0x4CE753A: virDomainDefParseXML (domain_conf.c:11478)
	==8260==    by 0x4CEB4FE: virDomainDefParseNode (domain_conf.c:12742)
	==8260==    by 0x4CEB675: virDomainDefParse (domain_conf.c:12684)
	==8260==    by 0x425958: testCompareXMLToArgvHelper (qemuxml2argvtest.c:107)
	==8260==    by 0x427111: virtTestRun (testutils.c:138)
	==8260==    by 0x41D3FE: mymain (qemuxml2argvtest.c:452)
	==8260==    by 0x4277B2: virtTestMain (testutils.c:593)
	==8260==    by 0x341F421A04: (below main) (libc-start.c:225)
	==8260==
	==8260== 4 bytes in 1 blocks are definitely lost in loss record 5 of
	129
	==8260==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==8260==    by 0x341F485E21: strdup (strdup.c:42)
	==8260==    by 0x4CADCFF: virStrdup (virstring.c:554)
	==8260==    by 0x4CBB839: virXPathString (virxml.c:90)
	==8260==    by 0x4CE753A: virDomainDefParseXML (domain_conf.c:11478)
	==8260==    by 0x4CEB4FE: virDomainDefParseNode (domain_conf.c:12742)
	==8260==    by 0x4CEB675: virDomainDefParse (domain_conf.c:12684)
	==8260==    by 0x425958: testCompareXMLToArgvHelper (qemuxml2argvtest.c:107)
	==8260==    by 0x427111: virtTestRun (testutils.c:138)
	==8260==    by 0x41D39A: mymain (qemuxml2argvtest.c:451)
	==8260==    by 0x4277B2: virtTestMain (testutils.c:593)
	==8260==    by 0x341F421A04: (below main) (libc-start.c:225)
	==8260==

	virsh: fix doc typos
	Fix 6 minor spelling errors in virsh doc

	Fix typos in various docs
	Fix 8 minor spelling errors in docs/*.html.in

2013-11-29  Daniel P. Berrange  <berrange@redhat.com>

	LXC: Ensure security context is set when mounting images
	When setting up filesystems backed by block devices or file
	images, the SELinux mount options must be used to ensure the
	correct context is set

2013-11-28  Laine Stump  <laine@laine.org>

	network: properly update iptables rules during net-update
	This patch resolves:
	  https://bugzilla.redhat.com/show_bug.cgi?id=1035336
	The basic problem is that during a network update, the required
	iptables rules sometimes change, and this was being handled by simply
	removing and re-adding the rules. However, the removal of the old
	rules was done based on the *new* state of the network, which would
	mean that some of the rules would not match those currently in the
	system, so the old rules wouldn't be removed.
	This patch removes the old rules prior to updating the network
	definition then adds the new rules as soon as the definition is
	updated. Note that this could lead to a stray packet or two during the
	interim, but that was already a problem before (the period of limbo is
	now just slightly longer).
	While moving the location for the rules, I added a few more sections
	that should result in the iptables rules being redone:
	DHCP_RANGE and DHCP_HOST - these are needed because adding/removing a dhcp
	host entry could lead to the dhcp service being started/stopped, which
	would require that the mangle rule that fixes up dhcp response
	checksums sould need to be added/removed, and this wasn't being done.

2013-11-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix bug in identifying sub-mounts
	The code for extracting sub-mounts would just do a STRPREFIX
	check on the mount. This was flawed because if there were
	the following mounts
	 /etc/aliases
	 /etc/aliases.db
	and '/etc/aliases' was asked for, it would return both even
	though the latter isn't a sub-mount.

	Pull lxcContainerGetSubtree out into shared virfile module
	Move the code for lxcContainerGetSubtree into the virfile
	module creating 2 new functions
	  int virFileGetMountSubtree(const char *mtabpath,
	                             const char *prefix,
	                             char ***mountsret,
	                             size_t *nmountsret);
	  int virFileGetMountReverseSubtree(const char *mtabpath,
	                                    const char *prefix,
	                                    char ***mountsret,
	                                    size_t *nmountsret);
	Add a new virfiletest.c test case to validate the new code.

	Introduce standard methods for sorting strings with qsort
	Add virStringSortCompare and virStringSortRevCompare as
	standard functions to use with qsort.

2013-11-28  Eric Blake  <eblake@redhat.com>

	tests: fix virpcitest with read-only srcdir
	'make distcheck' has been broken since commit 21685c9; basically,
	it emulates the case of a read-only $(srcdir) (such as building
	from a tarball exploded onto a CD-ROM), but we were creating our
	fake pci device as a symlink into $(srcdir) and failing when that
	requires opening the config file for writing:
	 3) testVirPCIDeviceReset                                             ... libvirt:  error : Failed to open config space file '/sys/bus/pci/devices/0000:00:01.0/config': Permission denied
	Fix it by copying rather than symlinking.
	* tests/virpcimock.c (make_file): Add parameter to allow binary
	creation; adjust all callers.
	(pci_device_new_from_stub): Copy rather than symlink.

	tests: guarantee abs_srcdir in all C tests
	While trying to debug a failure of virpcitest during 'make distcheck',
	I noticed that with a VPATH build, 'cd tests; ./virpcitest' fails for
	an entirely different reason.  To reproduce the distcheck failure, I
	had to run 'cd tests; abs_srcdir=/path/to/src ./virpcitest'.  But we
	document in HACKING that all of our tests are supposed to be runnable
	without requiring extra environment variables.
	The solution: hardcode the location of srcdir into the just-built
	binaries, rather than requiring make to prepopulate environment
	variables.  With this, './virpcitest' passes even in a VPATH build
	(provided that $(srcdir) is writable; a followup patch will fix the
	conditions required by 'make distcheck').  [Note: the makefile must
	still pass on directory variables to the test environment of shell
	scripts, since those aren't compiled.  So while this solves the case
	of a compiled test, it still requires environment variables to pass
	a VPATH build of any shell script test case that relies on srcdir.]
	* tests/Makefile.am (AM_CFLAGS): Define abs_srcdir in all compiled
	tests.
	* tests/testutils.h (abs_srcdir): Quit declaring.
	* tests/testutils.c (virtTestMain): Rely on define rather than
	environment variable.
	* tests/virpcimock.c (pci_device_new_from_stub): Rely on define.
	* tests/cputest.c (mymain): Adjust abs_top_srcdir default.
	* tests/qemuxml2argvtest.c (mymain): Likewise.
	* tests/qemuxmlnstest.c (mymain): Likewise.

2013-11-27  Peter Krempa  <pkrempa@redhat.com>

	conf: Export virStorageVolType enum helper functions
	Export string conversion from and to the virStorageVolType enum.

2013-11-27  Eric Blake  <eblake@redhat.com>

	storage: skip selinux cleanup when fd not available
	When attempting to backport gluster pools to an older versoin
	where there is no VIR_STRDUP, I got a crash from calling
	strdup(,NULL). Rather than relying on the current else branch
	safely doing nothing when there is no fd, it is easier to just
	skip it. While at it, there's no need to explicitly set
	perms.label to NULL after a VIR_FREE().
	* src/storage/storage_backend.c
	(virStorageBackendUpdateVolTargetInfoFD): Minor optimization.

2013-11-27  Bing Bu Cao  <mars@linux.vnet.ibm.com>

	qemu: preserve netdev MAC address during 'domxml-to-native'
	The virsh command 'domxml-to-native' (virConnectDomainXMLToNative())
	converts all network devices to "type='ethernet'" in order to make it
	more likely that the generated command could be run directly from a
	shell (other libvirt network device types end up referencing file
	descriptors for tap devices assumed to have been created by libvirt,
	which can't be done in this case).
	During this conversion, all of the netdev parameters are cleared out,
	then specific items are filled in after changing the type. The MAC
	address was not one of these preserved items, and the result was that
	mac addresses in the generated commandlines were always
	00:00:00:00:00:00.
	This patch saves the mac address before the conversion, then
	repopulates it afterwards, so the proper mac addresses show up in the
	commandline.

2013-11-27  Jim Fehlig  <jfehlig@suse.com>

	look for numad in /usr/sbin
	When looking for numad with AC_PATH_PROG, include /usr/sbin in
	the search path.

2013-11-27  Eric Blake  <eblake@redhat.com>

	storage: don't read storage volumes in nonblock mode
	Commit 348b4e2 introduced a potential problem (thankfully not
	in any release): we are attempting to use virFileReadHeaderFD()
	on a file that was opened with O_NONBLOCK.  While this
	shouldn't be a problem in practice (because O_NONBLOCK
	typically doesn't affect regular or block files, and fifos and
	sockets cannot be storage volumes), it's better to play it safe
	to avoid races from opening an unexpected file type while also
	avoiding problems with having to handle EAGAIN while read()ing.
	Based on a report by Dan Berrange.
	* src/storage/storage_backend.c
	(virStorageBackendVolOpenCheckMode): Fix up fd after avoiding race.

2013-11-27  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: add securetty related note in Device nodes
	Tell user how to resolve the problem that fail to log in
	the container.

2013-11-26  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: don't unmount mounts for shared root
	Also after commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
	vfs: Lock in place mounts from more privileged users,
	unprivileged user has no rights to umount the mounts that
	inherited from parent mountns.
	right now, I have no good idea to fix this problem, we need
	to do more research. this patch just skip unmounting these
	mounts for shared root.
	BTW, I think when libvirt lxc enables user namespace, the
	configuation that shares root with host is very rara.

	LXC: fix the problem that libvirt lxc fail to start on latest kernel
	After kernel commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
	vfs: Lock in place mounts from more privileged users,
	unprivileged user has no rights to move the mounts that
	inherited from parent mountns. we use this feature to move
	the /stateDir/domain-name.{dev, devpts} to the /dev/ and
	/dev/pts directroy of container. this commit breaks libvirt lxc.
	this patch changes the behavior to bind these mounts when
	user namespace is enabled and move these mounts when user
	namespace is disabled.

2013-11-26  Christophe Fergeau  <cfergeau@redhat.com>

	sasl: Replace 'restep' label with 'continue'
	Since the label is at the beginning of the loop, this has the same effect.

	sasl: Fix authentication when using PLAIN mechanism
	With some authentication mechanism (PLAIN for example), sasl_client_start()
	can return SASL_OK, which translates to virNetSASLSessionClientStart()
	returning VIR_NET_SASL_COMPLETE.
	cyrus-sasl documentation is a bit vague as to what to do in such situation,
	but upstream clarified this a bit in
	http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=10104
	When we got VIR_NET_SASL_COMPLETE after virNetSASLSessionClientStart() and
	if the remote also tells us that authentication is complete, then we should
	end the authentication procedure rather than forcing a call to
	virNetSASLSessionClientStep(). Without this patch, when trying to use SASL
	PLAIN, I get:
	error :authentication failed : Failed to step SASL negotiation: -1
	(SASL(-1): generic failure: Unable to find a callback: 32775)
	This patch is based on a spice-gtk patch by Dietmar Maurer.

	Fix invalid read in virNetSASLSessionClientStep debug log
	virNetSASLSessionClientStep logs the data that is going to be passed to
	sasl_client_step as input data. However, it tries to log it as a string,
	while there is no guarantee that this data is going to be nul-terminated.
	This leads to this valgrind log:
	==20938== Invalid read of size 1
	==20938==    at 0x8BDB08F: vfprintf (vfprintf.c:1635)
	==20938==    by 0x8C06DF2: vasprintf (vasprintf.c:62)
	==20938==    by 0x4CCEDF9: virVasprintfInternal (virstring.c:337)
	==20938==    by 0x4CA9516: virLogVMessage (virlog.c:842)
	==20938==    by 0x4CA939A: virLogMessage (virlog.c:778)
	==20938==    by 0x4E21E0D: virNetSASLSessionClientStep (virnetsaslcontext.c:458)
	==20938==    by 0x4DE47B8: remoteAuthSASL (remote_driver.c:4136)
	==20938==    by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
	==20938==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
	==20938==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
	==20938==    by 0x4D8595F: do_open (libvirt.c:1239)
	==20938==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
	==20938==    by 0x12762B: vshReconnect (virsh.c:337)
	==20938==    by 0x12C9B0: vshInit (virsh.c:2470)
	==20938==    by 0x12E9A5: main (virsh.c:3338)
	==20938==  Address 0xe329ccd is 0 bytes after a block of size 141 alloc'd
	==20938==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==20938==    by 0x8CB91B4: xdr_array (xdr_array.c:94)
	==20938==    by 0x4E039C2: xdr_remote_auth_sasl_start_ret (remote_protocol.c:3134)
	==20938==    by 0x4E1F8AA: virNetMessageDecodePayload (virnetmessage.c:405)
	==20938==    by 0x4E119F5: virNetClientProgramCall (virnetclientprogram.c:377)
	==20938==    by 0x4DF8141: callFull (remote_driver.c:5794)
	==20938==    by 0x4DF821A: call (remote_driver.c:5816)
	==20938==    by 0x4DE46CF: remoteAuthSASL (remote_driver.c:4112)
	==20938==    by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
	==20938==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
	==20938==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
	==20938==    by 0x4D8595F: do_open (libvirt.c:1239)
	==20938==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
	==20938==    by 0x12762B: vshReconnect (virsh.c:337)
	==20938==    by 0x12C9B0: vshInit (virsh.c:2470)
	==20938==    by 0x12E9A5: main (virsh.c:3338)

	Tie SASL callbacks lifecycle to virNetSessionSASLContext
	The array of sasl_callback_t callbacks which is passed to sasl_client_new()
	must be kept alive as long as the created sasl_conn_t object is alive as
	cyrus-sasl uses this structure internally for things like logging, so
	the memory used for callbacks must only be freed after sasl_dispose() has
	been called.
	During testing of successful SASL logins with
	virsh -c qemu+tls:///system list --all
	I've been getting invalid read reports from valgrind
	==9237== Invalid read of size 8
	==9237==    at 0x6E93B6F: _sasl_getcallback (common.c:1745)
	==9237==    by 0x6E95430: _sasl_log (common.c:1850)
	==9237==    by 0x16593D87: digestmd5_client_mech_dispose (digestmd5.c:4580)
	==9237==    by 0x6E91653: client_dispose (client.c:332)
	==9237==    by 0x6E9476A: sasl_dispose (common.c:851)
	==9237==    by 0x4E225A1: virNetSASLSessionDispose (virnetsaslcontext.c:678)
	==9237==    by 0x4CBC551: virObjectUnref (virobject.c:262)
	==9237==    by 0x4E254D1: virNetSocketDispose (virnetsocket.c:1042)
	==9237==    by 0x4CBC551: virObjectUnref (virobject.c:262)
	==9237==    by 0x4E2701C: virNetSocketEventFree (virnetsocket.c:1794)
	==9237==    by 0x4C965D3: virEventPollCleanupHandles (vireventpoll.c:583)
	==9237==    by 0x4C96987: virEventPollRunOnce (vireventpoll.c:652)
	==9237==    by 0x4C94730: virEventRunDefaultImpl (virevent.c:274)
	==9237==    by 0x12C7BA: vshEventLoop (virsh.c:2407)
	==9237==    by 0x4CD3D04: virThreadHelper (virthreadpthread.c:161)
	==9237==    by 0x7DAEF32: start_thread (pthread_create.c:309)
	==9237==    by 0x8C86EAC: clone (clone.S:111)
	==9237==  Address 0xe2d61b0 is 0 bytes inside a block of size 168 free'd
	==9237==    at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==9237==    by 0x4C73827: virFree (viralloc.c:580)
	==9237==    by 0x4DE4BC7: remoteAuthSASL (remote_driver.c:4219)
	==9237==    by 0x4DE33D0: remoteAuthenticate (remote_driver.c:3639)
	==9237==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
	==9237==    by 0x4DDC8DC: remoteConnectOpen (remote_driver.c:1031)
	==9237==    by 0x4D8595F: do_open (libvirt.c:1239)
	==9237==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
	==9237==    by 0x12762B: vshReconnect (virsh.c:337)
	==9237==    by 0x12C9B0: vshInit (virsh.c:2470)
	==9237==    by 0x12E9A5: main (virsh.c:3338)
	This commit changes virNetSASLSessionNewClient() to take ownership of the SASL
	callbacks. Then we can free them in virNetSASLSessionDispose() after the corresponding
	sasl_conn_t has been freed.

	remote: Don't leak priv->tls object on connection failure
	When testing SASL authentication over TLS with
	virsh -c qemu+tls:///system list --all
	I got this valgrind trace after entering wrong credentials:
	==30540== 26,903 (88 direct, 26,815 indirect) bytes in 1 blocks are definitely lost in loss record 289 of 293
	==30540==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==30540==    by 0x4C7379A: virAllocVar (viralloc.c:558)
	==30540==    by 0x4CBC178: virObjectNew (virobject.c:190)
	==30540==    by 0x4CBC329: virObjectLockableNew (virobject.c:216)
	==30540==    by 0x4E2D003: virNetTLSContextNew (virnettlscontext.c:719)
	==30540==    by 0x4E2DC3F: virNetTLSContextNewPath (virnettlscontext.c:930)
	==30540==    by 0x4E2DD5B: virNetTLSContextNewClientPath (virnettlscontext.c:957)
	==30540==    by 0x4DDB618: doRemoteOpen (remote_driver.c:627)
	==30540==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1031)
	==30540==    by 0x4D8595F: do_open (libvirt.c:1239)
	==30540==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
	==30540==    by 0x12762B: vshReconnect (virsh.c:337)
	==30540==    by 0x12C9B0: vshInit (virsh.c:2470)
	==30540==    by 0x12E9A5: main (virsh.c:3338)

2013-11-26  Yuri Chornoivan  <yurchor@ukr.net>

	Fix three minor typos

2013-11-26  Eric Blake  <eblake@redhat.com>

	storage: fix typo in previous patch
	You'd think I'd learn to actually COMMIT my working tree
	between testing that a last-minute fix compiles and pushing.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Typo fix.

	storage: probe qcow2 volumes in gluster pool
	Putting together pieces from previous patches, it is now possible
	for 'virsh vol-dumpxml --pool gluster volname' to report metadata
	about a qcow2 file stored on gluster.  The backing file is still
	treated as raw; to fix that, more patches are needed to make the
	storage backing chain analysis recursive rather than halting at
	a network protocol name, but that work will not need any further
	calls into libgfapi so much as just reusing this code, and that
	should be the only code outside of the storage driver that needs
	any help from libgfapi.  Any additional use of libgfapi within
	libvirt should only be needed for implementing storage pool APIs
	such as volume creation or resizing, where backing chain analysis
	should be unaffected.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterReadHeader): New helper function.
	(virStorageBackendGlusterRefreshVol): Probe non-raw files.

	storage: improve handling of symlinks in gluster
	With this patch, dangling and looping symlinks are silently
	ignored, while links to files and directories are treated the
	same as the underlying file or directory.  This is the same
	behavior as both 'directory' and 'netfs' pools.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Treat symlinks similar to
	directory and netfs pools.

	storage: improve allocation stats reported on gluster files
	We already had code for handling allocation different than
	capacity for sparse files; we just had to wire it up to be
	used when inspecting gluster images.
	* src/storage/storage_backend.c
	(virStorageBackendUpdateVolTargetInfoFD): Handle no fd.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Handle sparse files.

	storage: improve directory support in gluster pool
	Take advantage of the previous patch's addition of 'netdir' as
	a distinct volume type, to expose rather than silently skip
	directories embedded in a gluster pool.  Also serves as an XML
	validation for the previous patch.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Don't skip directories.
	* tests/storagevolxml2xmltest.c (mymain): Add test.
	* tests/storagevolxml2xmlin/vol-gluster-dir.xml: New file.
	* tests/storagevolxml2xmlout/vol-gluster-dir.xml: Likewise.

	storage: add network-dir as new storage volume type
	In the 'directory' and 'netfs' storage pools, a user can see
	both 'file' and 'dir' storage volume types, to know when they
	can descend into a subdirectory.  But in a network-based storage
	pool, such as the upcoming 'gluster' pool, we use 'network'
	instead of 'file', and did not have any counterpart for a
	directory until this patch.  Adding a new volume type
	'network-dir' is better than reusing 'dir', because it makes
	it clear that the only way to access 'network' volumes within
	that container is through the network mounting (leaving 'dir'
	for something accessible in the local file system).
	* include/libvirt/libvirt.h.in (virStorageVolType): Expand enum.
	* docs/formatstorage.html.in: Document it.
	* docs/schemasa/storagevol.rng (vol): Allow new value.
	* src/conf/storage_conf.c (virStorageVol): Use new value.
	* src/qemu/qemu_command.c (qemuBuildVolumeString): Fix client.
	* src/qemu/qemu_conf.c (qemuTranslateDiskSourcePool): Likewise.
	* tools/virsh-volume.c (vshVolumeTypeToString): Likewise.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemVolDelete): Likewise.

	storage: implement rudimentary glusterfs pool refresh
	Actually put gfapi to use, by allowing the creation of a gluster
	pool.  Right now, all volumes are treated as raw and directories
	are skipped; further patches will allow peering into files to
	allow for qcow2 files and backing chains, and reporting proper
	volume allocation.  This implementation was tested against Fedora
	19's glusterfs 3.4.1; it might be made simpler by requiring a
	higher minimum, and/or require more hacks to work with a lower
	minimum.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshPool): Initial implementation.
	(virStorageBackendGlusterOpen, virStorageBackendGlusterClose)
	(virStorageBackendGlusterRefreshVol): New helper functions.

	storage: document gluster pool
	Add support for a new <pool type='gluster'>, similar to
	RBD and Sheepdog.  Terminology wise, a gluster volume
	forms a libvirt storage pool, within the gluster volume,
	individual files are treated as libvirt storage volumes.
	* docs/schemas/storagepool.rng (poolgluster): New pool type.
	* docs/formatstorage.html.in: Document gluster.
	* docs/storage.html.in: Likewise, and contrast it with netfs.
	* tests/storagepoolxml2xmlin/pool-gluster.xml: New test.
	* tests/storagepoolxml2xmlout/pool-gluster.xml: Likewise.
	* tests/storagepoolxml2xmltest.c (mymain): Likewise.

	storage: initial support for linking with libgfapi
	We support gluster volumes in domain XML, so we also ought to
	support them as a storage pool.  Besides, a future patch will
	want to take advantage of libgfapi to handle the case of a
	gluster device holding qcow2 rather than raw storage, and for
	that to work, we need a storage backend that can read gluster
	storage volume contents.  This sets up the framework.
	Note that the new pool is named 'gluster' to match a
	<disk type='network'><source protocol='gluster'> image source
	already supported in a <domain>; it does NOT match the
	<pool type='netfs'><source><target type='glusterfs'>,
	since that uses a FUSE mount to a local file name rather than
	a network name.
	This and subsequent patches have been tested against glusterfs
	3.4.1 (available on Fedora 19); there are likely bugs in older
	versions that may prevent decent use of gfapi, so this patch
	enforces the minimum version tested.  A future patch may lower
	the minimum.  On the other hand, I hit at least two bugs in
	3.4.1 that will be fixed in 3.5/3.4.2, where it might be worth
	raising the minimum: glfs_readdir is nicer to use than
	glfs_readdir_r [1], and glfs_fini should only return failure on
	an actual failure [2].
	[1] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00085.html
	[2] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00086.html
	* configure.ac (WITH_STORAGE_GLUSTER): New conditional.
	* m4/virt-gluster.m4: new file.
	* libvirt.spec.in (BuildRequires): Support gluster in spec file.
	* src/conf/storage_conf.h (VIR_STORAGE_POOL_GLUSTER): New pool
	type.
	* src/conf/storage_conf.c (poolTypeInfo): Treat similar to
	sheepdog and rbd.
	(virStoragePoolDefFormat): Don't output target for gluster.
	* src/storage/storage_backend_gluster.h: New file.
	* src/storage/storage_backend_gluster.c: Likewise.
	* po/POTFILES.in: Add new file.
	* src/storage/storage_backend.c (backends): Register new type.
	* src/Makefile.am (STORAGE_DRIVER_GLUSTER_SOURCES): Build new files.
	* src/storage/storage_backend.h (_virStorageBackend): Documet
	assumption.

	storage: expose volume meta-type in XML
	I got annoyed at having to use both 'virsh vol-list $pool --details'
	AND 'virsh vol-dumpxml $vol $pool' to learn if I had populated
	the volume correctly.  Since two-thirds of the data present in
	virStorageVolGetInfo() already appears in virStorageVolGetXMLDesc(),
	this just adds the remaining piece of information, as:
	<volume type='...'>
	  ...
	</volume>
	* docs/formatstorage.html.in: Document new <volume type=...>.
	* docs/schemas/storagevol.rng (vol): Add it to RelaxNG.
	* src/conf/storage_conf.h (virStorageVolTypeToString): Declare.
	* src/conf/storage_conf.c (virStorageVolTargetDefFormat): Output
	the metatype.
	(virStorageVolDefParseXML): Parse it, for unit tests.
	* tests/storagevolxml2xmlout/vol-*.xml: Update tests to match.

2013-11-26  Daniel P. Berrange  <berrange@redhat.com>

	Remove obsolete 'tests' makefile target
	The 'docs/examples' code was long ago removed and now the
	python code was gone too, the custom 'tests' makefile target
	serves no purpose

	Remove python binding
	The python binding now lives in
	  http://libvirt.org/git/?p=libvirt-python.git
	that repo also provides an RPM which is upgrade compatible
	with the old libvirt-python sub-RPM.

2013-11-25  Jiri Denemark  <jdenemar@redhat.com>

	spec: Don't save/restore running VMs on libvirt-client update
	The previous attempt (commit d65e0e1) removed just one of two
	libvirt-guests restarts that happened on libvirt-client update. Let's
	remove the last one too :-)
	https://bugzilla.redhat.com/show_bug.cgi?id=962225

2013-11-25  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	virsh domxml-from-native to treat SCSI as the bus type for pseries by default
	The bus type IDE being enum Zero, the bus type on pseries system appears as IDE for all the -hda/-cdrom and for disk drives with if="none" type. Pseries platform needs this to appear as SCSI instead of IDE. The ide being not supported, the explicit requests for ide devices will return an error.

2013-11-25  Eric Blake  <eblake@redhat.com>

	storage: allow interleave in volume XML
	The RNG grammar did not allow arbitrary interleaving, which makes
	it harder than necessary to create a new volume from handwritten XML.
	(Compare also to commit caf516db for pools).
	* docs/schemas/storagevol.rng: Support interleaving.
	* tests/storagevolxml2xmlin/vol-file-backing.xml: Test it.

	maint: next release is 1.2.0
	I didn't find any other instances with:
	git grep '1\.1\.5'
	* src/test/test_driver.c (testDriver): Tweak version info.

2013-11-25  Ryota Ozaki  <ozaki.ryota@gmail.com>

	vbox: add support for 4.3 APIs
	Makefile.am, vbox_V4_3.c and vbox_driver.c do regular
	modifitions to support a new version of APIs.
	vbox_tmpl.c basically fixes incompatibilities since 4.2.
	The affected incompatibilities of 4.3 are:
	* IMachine::Delete() has been renamed to IMachine::deleteConfig()
	* IMedium::CreateBaseStorage() now accepts multiple variant values
	* IDisplay::GetScreenResolution() now returns the display position
	  in the guest
	* IMachine now has multiple IUSBControllers and IUSBDeviceFilters
	  handles USB device filters instead of (obsolete) IUSBController
	This patch is tested on Mac OS X 10.8.5 and Fedora 19.

	vbox: import vbox_CAPI_v4_3.h from SDK
	vbox_CAPI_v4_3.h is almost same as
	sdk/bindings/xpcom/include/VBoxCAPI_v4_3.h of
	http://download.virtualbox.org/virtualbox/4.3.2/VirtualBoxSDK-4.3.2-90405.zip,
	but modified to fix preprocessor indentations by using cppi.

	vbox: pull vboxHostDeviceGetXMLDesc out from vboxDomainGetXMLDesc
	The USB-related code in vboxDomainGetXMLDesc is deeply nested and
	difficult to add new code. So flatten it. To do so, the code is
	pulled out from vboxDomainGetXMLDesc to make the function short
	and to leaverage early return and goto for error handling.

	vbox: cleanup vboxAttachUSB
	This cleanup flattens deeply nested code.

2013-11-25  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	lxc: don't do duplicate work when getting pagesize
	Don't do duplicate work when getting pagesize.

2013-11-24  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Among others, this fixes getgroups for MacOS and fpending for
	DragonFly BSD.
	* .gnulib: Update to latest.

2013-11-22  Daniel P. Berrange  <berrange@redhat.com>

	Mostly revert "python: remove virConnectGetCPUModelNames from globals"
	This reverts commit 6b90d7428d72e92db292a9228c44701bfd5003c9.
	The original problem was that libvirt_virConnectGetCPUModelNames
	was listed twice in the exports table, once automatically from
	the generator and once from the manual override. We merely needed
	to list it in the skip_impl list, and not delete the manually
	written code entirely.

2013-11-22  Ján Tomko  <jtomko@redhat.com>

	Don't start a nested job in qemuMigrationPrepareAny
	This nested job is canceled by the first ExitMonitor call (even though
	it was not created by the corresponding EnterMonitor call), and
	again in qemuMigrationPrepareAny if qemuProcessStart failed.
	This can lead to a crash if the vm object was disposed of before calling
	qemuDomainRemoveInactive:
	0  ..62bc in virClassIsDerivedFrom (klass=0xdeadbeef,
	   parent=0x7ffce4cdd270) at util/virobject.c:166
	1 ..6666 in virObjectIsClass at util/virobject.c:362
	2 ..66b4 in virObjectLock at util/virobject.c:314
	3 ..477e in virDomainObjListRemove at conf/domain_conf.c:2359
	4 ..7a64 in qemuDomainRemoveInactive at qemu/qemu_domain.c:2087
	5 ..956c in qemuMigrationPrepareAny at qemu/qemu_migration.c:2469
	This was added by commit e4e2822, exposed by 5a4c237 and c7ac251.
	https://bugzilla.redhat.com/show_bug.cgi?id=1018267

2013-11-22  Cole Robinson  <crobinso@redhat.com>

	spec: Don't save/restore running VMs on libvirt-client update
	Restarting an active libvirt-guests.service is the equivalent of
	doing:
	/usr/libexec/libvirt-guests.sh stop
	/usr/libexec/libvirt-guests.sh start
	Which in a default configuration will managedsave every running VM,
	and then restore them. Certainly not something we should do every
	time the libvirt-client RPM is updated.
	Just drop the try-restart attempt, I don't know what purpose it
	serves anyways.
	https://bugzilla.redhat.com/show_bug.cgi?id=962225

2013-11-22  Jiri Denemark  <jdenemar@redhat.com>

	spec: Restrict virt-login-shell usage
	https://bugzilla.redhat.com/show_bug.cgi?id=1033614
	As virt-login-shell is an SUID binary, we should restrict its usage to
	just the users chosen by an administrator to use virt-login-shell as
	their login shell. This can easily be done by making the binary
	executable only by users from a new virtlogin group.

2013-11-22  Michal Privoznik  <mprivozn@redhat.com>

	virDomainReboot: Document that migration might be unsafe
	https://bugzilla.redhat.com/show_bug.cgi?id=744967
	If a domain is rebooting and a migrate API is called meanwhile we would
	have to transfer the fakeReboot attribute to the destination in order to
	prevent domain doing plain shutdown over there. We shouldn't try to do
	anything clever about it other than documenting this as a known
	limitation.

2013-11-22  Martin Kletzander  <mkletzan@redhat.com>

	build: Don't fail on '&lt;' or '&gt;' with old xmllint
	Older xmllint version don't allow such characters in datatype anyURI.
	In order not to change too much, I'm suggesting making a choice of
	anyURI or 'absPathName' which should be fine (checked with upstream
	and that old xmllint, both work fine).

2013-11-22  Eric Blake  <eblake@redhat.com>

	storage: use valid XML for awkward volume names
	$ touch /var/lib/libvirt/images/'a<b>c'
	$ virsh pool-refresh default
	$ virsh vol-dumpxml 'a<b>c' default | head -n2
	<volume>
	  <name>a<b>c</name>
	Oops.  That's not valid XML.  And when we fix the XML
	generation, it fails RelaxNG validation.
	I'm also tired of seeing <key>(null)</key> in the example
	output for volume xml; while we used NULLSTR() to avoid
	a NULL deref rather than relying on glibc's printf
	extension behavior, it's even better if we avoid the issue
	in the first place.  But this requires being careful that
	we don't invalidate any storage backends that were relying
	on key being unassigned during virStoragVolCreateXML[From].
	I would have split this into two patches (one for escaping,
	one for avoiding <key>(null)</key>), but since they both
	end up touching a lot of the same test files, I ended up
	merging it into one.
	Note that this patch allows pretty much any volume name
	that can appear in a directory (excluding . and .. because
	those are special), but does nothing to change the current
	(unenforced) RelaxNG claim that pool names will consist
	only of letters, numbers, _, -, and +.  Tightening the C
	code to match RelaxNG patterns and/or relaxing the grammar
	to match the C code for pool names is a task for another
	day (but remember, we DID recently tighten C code for
	domain names to exclude a leading '.').
	* src/conf/storage_conf.c (virStoragePoolSourceFormat)
	(virStoragePoolDefFormat, virStorageVolTargetDefFormat)
	(virStorageVolDefFormat): Escape user-controlled strings.
	(virStorageVolDefParseXML): Parse key, for use in unit tests.
	* src/storage/storage_driver.c (storageVolCreateXML)
	(storageVolCreateXMLFrom): Ensure parsed key doesn't confuse
	volume creation.
	* docs/schemas/basictypes.rng (volName): Relax definition.
	* tests/storagepoolxml2xmltest.c (mymain): Test it.
	* tests/storagevolxml2xmltest.c (mymain): Likewise.
	* tests/storagepoolxml2xmlin/pool-dir-naming.xml: New file.
	* tests/storagepoolxml2xmlout/pool-dir-naming.xml: Likewise.
	* tests/storagevolxml2xmlin/vol-file-naming.xml: Likewise.
	* tests/storagevolxml2xmlout/vol-file-naming.xml: Likewise.
	* tests/storagevolxml2xmlout/vol-*.xml: Fix fallout.

2013-11-22  Doug Goldstein  <cardoe@cardoe.com>

	python: remove virConnectGetCPUModelNames from globals
	Commit de51dc9c9aed0e615c8b301cccb89f4859324eb0 primarily added
	virConnectGetCPUModelNames as libvirt.getCPUModelNames(conn, arch)
	instead of libvirt.virConnect.getCPUModelNames(arch) so revert the code
	that does the former while leaving the code that does the later.
	This is the rest of the patch that was ACK'd by Dan but I committed only
	the partial patch in 6a8b8ae.

2013-11-21  Doug Goldstein  <cardoe@cardoe.com>

	python: remove virConnectGetCPUModelNames from globals
	Commit de51dc9c9aed0e615c8b301cccb89f4859324eb0 primarily added
	virConnectGetCPUModelNames as libvirt.getCPUModelNames(conn, arch)
	instead of libvirt.virConnect.getCPUModelNames(arch) so revert the code
	that does the former while leaving the code that does the later.

2013-11-21  Wangyufei (A)  <james.wangyufei@huawei.com>

	docs: delete extra character
	delete extra character 'p' from the comment of virInterfaceCreate

2013-11-21  Eric Farman  <farman@linux.vnet.ibm.com>

	qemu: Auto-generate controller for hotplugged hostdev
	If a SCSI hostdev is included in an initial domain XML, without a
	corresponding controller statement, one is created silently when the
	guest is booted.
	When hotplugging a SCSI hostdev, a presumption is that the controller
	is already present in the domain either from the original XML, or via
	an earlier hotplug.
	  [root@xxxxxxxx ~]# cat disk.xml
	  <hostdev mode='subsystem' type='scsi'>
	    <source>
	      <adapter name='scsi_host0'/>
	      <address bus='0' target='3' unit='1088438288'/>
	    </source>
	  </hostdev>
	  [root@xxxxxxxx ~]# virsh attach-device guest01 disk.xml
	  error: Failed to attach device from disk.xml
	  error: internal error: unable to execute QEMU command 'device_add': Bus 'scsi0.0' not found
	Since the infrastructure is in place, we can also create a controller
	silently for use by the hotplugged hostdev device.

	qemu: Separate calls based on controller bus type
	For systems without a PCI bus, attaching a SCSI controller fails:
	  [root@xxxxxxxx ~]# cat controller.xml
	  <controller type='scsi' model='virtio-scsi' index='0' />
	  [root@xxxxxxxx ~]# virsh attach-device guest01 controller.xml
	  error: Failed to attach device from controller.xml
	  error: XML error: No PCI buses available
	A similar problem occurs with the detach of a controller:
	  [root@xxxxxxxx ~]# virsh detach-device guest01 controller.xml
	  error: Failed to detach device from controller.xml
	  error: operation failed: controller scsi:0 not found
	The qemuDomainXXtachPciControllerDevice routines made assumptions
	that any caller had a PCI bus.  These routines now selectively calls
	PCI functions where necessary, and assigns the device information
	type to one appropriate for the bus in use.

	qemu: Rename controller hotplug functions to not be PCI-specific
	For attach/detach of controller devices, we rename the functions to
	remove 'PCI' from their title.  The actual separation of PCI-specific
	operations will be handled in the next patch.

2013-11-21  Osier Yang  <jyang@redhat.com>

	storage: Returns earlier if source adapter of the scsi pool is a HBA
	It makes no sense to go forward to get the parent host number of a
	HBA, and treat the HBA as a vHBA with trying to delete it.

2013-11-21  Clark Laughlin  <clark.laughlin@linaro.org>

	qemu: Add support for virt machine type with virtio-mmio devices on armv7
	These changes allow the correct virtio-blk-device and virtio-net-device
	devices to be used for the 'virt' machine type for armv7 rather than the
	PCI virtio devices.
	A test case was added to qemuxml2argvtest for this change.

2013-11-21  Eric Blake  <eblake@redhat.com>

	maint: enforce comma style usage
	Enforce and document the style set up by the previous patches.
	* build-aux/bracket-spacing.pl: Add comma checks.
	* docs/hacking.html.in: Document the rules.
	* HACKING: Regenerate.

	maint: fix comma style issues: remaining code
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.
	* src/network/bridge_driver.c: Consistently use commas.
	* src/node_device/node_device_hal.c: Likewise.
	* src/node_device/node_device_udev.c: Likewise.
	* src/storage/storage_backend_rbd.c: Likewise.

	maint: fix comma style issues: remaining drivers
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.
	* src/lxc/lxc_container.c: Consistently use commas.
	* src/openvz/openvz_driver.c: Likewise.
	* src/openvz/openvz_util.c: Likewise.
	* src/remote/remote_driver.c: Likewise.
	* src/test/test_driver.c: Likewise.

	maint: fix comma style issues: vbox
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.
	* src/vbox/vbox_tmpl.c: Consistently use commas.

	maint: fix comma style issues: python
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.
	* python/libvirt-override.c: Consistently use commas.

	maint: fix comma style issues: util
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.
	* src/util/vircommand.c: Consistently use commas.
	* src/util/virlog.c: Likewise.
	* src/util/virnetdevbandwidth.c: Likewise.
	* src/util/virnetdevmacvlan.c: Likewise.
	* src/util/virnetdevvportprofile.c: Likewise.
	* src/util/virnetlink.c: Likewise.
	* src/util/virpci.c: Likewise.
	* src/util/virsysinfo.c: Likewise.
	* src/util/virusb.c: Likewise.

	maint: fix comma style issues: tests, tools
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.
	* tests/sysinfotest.c: Consistently use commas.
	* tests/viratomictest.c: Likewise.
	* tests/vircgroupmock.c: Likewise.
	* tools/virsh-domain.c: Likewise.
	* tools/virsh-volume.c: Likewise.

	maint: fix comma style issues: qemu
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.
	* src/qemu/qemu_cgroup.c: Consistently use commas.
	* src/qemu/qemu_command.c: Likewise.
	* src/qemu/qemu_conf.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/qemu/qemu_monitor.c: Likewise.

	maint: fix comma style issues: xen
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.
	* src/libxl/libxl_driver.c: Consistently use commas.
	* src/xen/xend_internal.c: Likewise.
	* src/xen/xs_internal.c: Likewise.
	* src/xenapi/xenapi_driver.c: Likewise.
	* src/xenapi/xenapi_utils.c: Likewise.
	* src/xenxs/xen_sxpr.c: Likewise.
	* src/xenxs/xen_xm.c: Likewise.

	maint: fix comma style issues: conf
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.
	* src/conf/capabilities.c: Consistently use commas.
	* src/conf/domain_conf.c: Likewise.
	* src/conf/network_conf.c: Likewise.
	* src/conf/storage_conf.c: Likewise.

	maint: fix comma style issues: nwfilter
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.
	* src/nwfilter/nwfilter_ebiptables_driver.c: Consistently use
	commas.
	* src/nwfilter/nwfilter_gentech_driver.c: Likewise.
	* src/nwfilter/nwfilter_learnipaddr.c: Likewise.
	* src/conf/nwfilter_conf.c: Likewise.

2013-11-20  Cole Robinson  <crobinso@redhat.com>

	libvirt-guests: Run only after libvirtd
	Possible fix for occasional libvirt-guests failure at boot time:
	https://bugzilla.redhat.com/show_bug.cgi?id=906009

2013-11-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix off-by-1 in default SELinux MCS range
	For a while we're have random failures of 'securityselinuxtest'
	which were not at all reproducible. Fortunately we finally
	caught a failure with VIR_TEST_DEBUG=1 enabled. This revealed
	TEST: securityselinuxtest
	 1) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
	 2) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
	 3) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
	 4) GenLabel "dynamic virtd, s0, c0.c1023"                            ... OK
	 5) GenLabel "dynamic virtd, s0, c0.c10"                              ... OK
	 6) GenLabel "dynamic virtd, s2-s3, c0.c1023"                         ... OK
	 7) GenLabel "dynamic virtd, missing range"                           ... Category two 1024 is out of range 0-1023
	FAILED
	FAIL: securityselinuxtest
	And sure enough we had an off-by-1 in the MCS range code when
	the current process has no range set. The test suite randomly
	allocates 2 categories from 0->1024 so the chances of hitting
	this in the test suite were slim indeed :-)

2013-11-20  Michael Chapman  <mike@very.puzzling.org>

	spec: fix libvirt-docs subpackage on RHEL-6
	RHEL-6's rpmbuild wipes the docdir for a (sub-)package if any %doc
	directives are present, prior to copying in the marked documentation.
	This means we can't prepopulate this directory with the HTML
	documentation during the %install phase.
	Instead, move the HTML documentation to a temporary directory during
	%install and mark the contents of this temporary directory with %doc.
	This fixes a build regression introduced in
	  commit e23216da9a9318df920abb11b02582b81515c862
	  Author: Cole Robinson <crobinso@redhat.com>
	  Date:   Wed Sep 25 13:20:40 2013 -0400
	    spec: Clean up distribution of ChangeLog (and others)
	where the libvirt-docs sub-RPM gained a %doc directive, thus
	triggering the RPM bug.

2013-11-20  Ján Tomko  <jtomko@redhat.com>

	Remove redundant braces

	Error out on unterminated arrays and objects in JSON parser

	Test if JSON parser fails on invalid input

2013-11-20  Eric Blake  <eblake@redhat.com>

	maint: ship .pl scripts as executables
	All our .pl scripts had the executable bit set, except for one.
	Make it consistent (even if we invoke the scripts as an argument
	to $(PERL) rather than directly).
	* src/check-aclrules.pl: Make executable.

2013-11-20  Guido Günther  <agx@sigxcpu.org>

	Don't depend on syslog.service
	Syslog is socket activated since at least systemd v35 so we can drop
	this dependency. Debian's linitian otherwise complains about it.
	References:
	    http://www.freedesktop.org/wiki/Software/systemd/syslog/
	    http://lintian.debian.org/tags/systemd-service-file-refers-to-obsolete-target.html

2013-11-20  Hao Liu  <hliu@redhat.com>

	Fix virsh net-info output for consistency
	All *-info virsh commands output a list of colon-seperated key-val pairs.
	But virsh net-info command misses this colon for key "Name" and "UUID".

2013-11-20  Doug Goldstein  <cardoe@cardoe.com>

	Add missing break to switch-case block
	The case label for VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED did not have its
	own break statement but relied on falling through which we probably
	don't want.

2013-11-19  Michal Privoznik  <mprivozn@redhat.com>

	qemumonitorjsontest: Introduce GetNonExistingCPUData test
	In the 730af8f2cd commit we are fixing broken qemu startup on systems
	with ancient qemu. This commit introduces the regression test for that
	specific case to make sure we don't break it again.

	qemuMonitorJSONGetCPUx86Data: Don't fail on ancient qemus
	On the domain startup, this function is called to dump some info about
	the CPUs. At the beginning of the function we check if we aren't running
	older qemu which is not exposing the CPUs via 'qom-list'. However, we
	are not checking for even older qemus, which throw 'CommandNotFound'
	error.

2013-11-19  Ryota Ozaki  <ozaki.ryota@gmail.com>

	vbox: fix segfault on virsh dumpxml with the existence of USB filters
	A USB filter is stored in a hostdev. The original code doesn't
	allocate hostdev->info that is expected to be allocated with hostdev.
	So use virDomainHostdevDefAlloc() to allocate both as we expect.

2013-11-19  Eric Blake  <eblake@redhat.com>

	maint: fix comment typos.
	* src/qemu/qemu_command.c (qemuBuildVolumeString): Fix typo.
	* src/qemu/qemu_monitor.c (qemuMonitorSend): Likewise.

2013-11-19  Ryota Ozaki  <ozaki.ryota@gmail.com>

	build: work around super-old readline.h
	This patch shuts up the following warning of clang
	on Mac OS X:
	  virsh.c:2761:22: error: assigning to 'char *' from 'const char [6]' discards qualifiers
	      [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
	      rl_readline_name = "virsh";
	                       ^ ~~~~~~~
	The warning happens because rl_readline_name on Mac OS X comes
	from an old readline header that still uses 'char *', while it
	is 'const char *' in readline 4.2 (April 2001) and newer.
	Tested on Mac OS X 10.8.5 (clang-500.2.75) and Fedora 19 (gcc 4.8.1).

2013-11-19  Doug Goldstein  <cardoe@cardoe.com>

	Macro for testing the version you are compiling with
	Added a macro similar to the GLib's GLIB_CHECK_VERSION so that one can
	simply do something like:
	 #if LIBVIR_CHECK_VERSION(1,1,3)
	   /* Call function here that appeared in 1.1.3 and newer */
	   virSomeNewFunction();
	 #endif

2013-11-19  Daniel P. Berrange  <berrange@redhat.com>

	Add missing 'return 0;' in stub lxcStartFuse() method impl.
	Without a 'return 0' in the stub lxcStartFuse() method, the
	compiler warns:
	lxc/lxc_fuse.c:374: error: control reaches end of non-void function
	[-Wreturn-type]

2013-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Avoid async signal safety problem in glibc's setxid
	The glibc setxid is supposed to be async signal safe, but
	libc developers confirm that it is not. This causes a problem
	when libvirt_lxc starts the FUSE thread and then runs clone()
	to start the container. If the clone() was done before the
	FUSE thread has completely started up, then the container
	will hang in setxid after clone().
	The fix is to avoid creating any threads until after the
	container has been clone()'d. By avoiding any threads in
	the parent, the child is no longer required to run in an
	async signal safe context, and we thus avoid the glibc
	bug.

2013-11-18  Ján Tomko  <jtomko@redhat.com>

	Return -1 in virPortAllocatorAcquire if all ports are used
	Report the error in virPortAllocatorAcquire instead
	of doing it in every caller.
	The error contains the port range name instead of the intended
	use for the port, e.g.:
	Unable to find an unused port in range 'display' (65534-65535)
	instead of:
	Unable to find an unused port for SPICE
	This also adds error reporting when the QEMU driver could not
	find an unused port for VNC, VNC WebSockets or NBD migration.

	Add a name to virPortAllocator
	This allows its error messages to be more specific.

	Don't release spice port twice when no TLS port is available
	Introduced by 7b4a630.

	Properly unref a connection with a close callback
	The connection pointer in the closeCallback data was never
	initialized, making the unref in remoteClientCloseFunc a no-op.
	This fixes the following leak in virsh when the daemon closes
	the connection unexpectedly:
	1,179 (288 direct, 891 indirect) bytes in 1 blocks are
	   definitely lost in loss record 745 of 792
	  at 0x4C2A6D0: calloc (in vgpreload_memcheck-amd64-linux.so)
	  by 0x4E9643D: virAllocVar (viralloc.c:558)
	  by 0x4ED2425: virObjectNew (virobject.c:190)
	  by 0x4F675AC: virGetConnect (datatypes.c:116)
	  by 0x4F6EA06: do_open (libvirt.c:1136)
	  by 0x4F71017: virConnectOpenAuth (libvirt.c:1481)
	  by 0x129FFA: vshReconnect (virsh.c:337)
	  by 0x128310: main (virsh.c:2470)

2013-11-15  Eric Blake  <eblake@redhat.com>

	docs: improve job info details
	Noticed while revieweing the patches for qemu's new migration state.
	* include/libvirt/libvirt.h.in (_virDomainJobInfo): Fix typo,
	grammar.
	* src/libvirt.c (virDomainGetJobInfo): Add cross reference.

2013-11-15  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix a typo in formatnwfilter.html.in
	s/insallations/installations/

2013-11-15  Michael Avdienko  <whitearchey@gmail.com>

	Fix migration with QEMU 1.6
	QEMU 1.6.0 introduced new migration status: setup
	Libvirt does not expect such string in QMP and refuses to migrate with error
	"unexpected migration status in setup"
	This patch fixes it.

2013-11-15  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Call qemuSetupHostdevCGroup later during hotplug
	https://bugzilla.redhat.com/show_bug.cgi?id=1025108
	So far qemuSetupHostdevCGroup was called very early during hotplug, even
	before we knew the device we were about to hotplug was actually
	available. By calling the function later, we make sure QEMU won't be
	allowed to access devices used by other domains.
	Another important effect of this change is that hopluging USB devices
	specified by vendor and product (but not by their USB address) works
	again. This was broken since v1.0.5-171-g7d763ac, when the call to
	qemuFindHostdevUSBDevice was moved after the call to
	qemuSetupHostdevCGroup, which then used an uninitialized USB address.

2013-11-15  Michal Privoznik  <mprivozn@redhat.com>

	qemuMonitorIO: Don't use @mon after it's unrefed
	https://bugzilla.redhat.com/show_bug.cgi?id=1018267
	The aim of virObject refing and urefing is to tell where the object is
	to be used and when is no longer needed. Hence any object shouldn't be
	used after it has been unrefed, as we might be the last to hold the
	reference. The better way is to call virObjectUnref() *after* the last
	object usage. In this specific case, the monitor EOF handler was called
	after the qemuMonitorIO called virObjectUnref. Not only that @mon was
	disposed (which is not used in the handler anyway) but the @mon->vm
	which is causing a SIGSEGV:
	2013-11-15 10:17:54.425+0000: 20110: error : qemuMonitorIO:688 : internal error: early end of file from monitor: possible problem:
	qemu-kvm: -incoming tcp:01.01.01.0:49152: Failed to bind socket: Cannot assign requested address
	Program received signal SIGSEGV, Segmentation fault.
	qemuProcessHandleMonitorEOF (mon=<optimized out>, vm=0x7fb728004170) at qemu/qemu_process.c:299
	299         if (priv->beingDestroyed) {
	(gdb) p *priv
	Cannot access memory at address 0x0
	(gdb) p vm
	$1 = (virDomainObj *) 0x7fb728004170
	(gdb) p *vm
	$2 = {parent = {parent = {magic = 3735928559, refs = 0, klass = 0xdeadbeef}, lock = {lock = {__data = {__lock = 2, __count = 0, __owner = 20110, __nusers = 1, __kind = 0, __spins = 0, __list = {__prev = 0x0,
	            __next = 0x0}}, __size = "\002\000\000\000\000\000\000\000\216N\000\000\001", '\000' <repeats 26 times>, __align = 2}}}, pid = 0, state = {state = 0, reason = 0}, autostart = 0, persistent = 0,
	  updated = 0, def = 0x0, newDef = 0x0, snapshots = 0x0, current_snapshot = 0x0, hasManagedSave = false, privateData = 0x0, privateDataFreeFunc = 0x0, taint = 304}

	qemuProcessReconnectHelper: Don't create joinable thread
	In the qemuProcessReconnectHelper() a new thread that does all the
	interesting work is spawned. The rationale is to not block the daemon
	startup process in case of unresponsive qemu. However, the thread
	handler is a local variable which gets lost once the control goes out of
	scope. Hence the thread gets leaked. We can avoid this if the thread
	isn't made joinable.

	virDomainEventCallbackListFree: Don't leak @list->callbacks
	The @list->callbacks is an array that is inflated whenever a new event
	is added, e.g. via virDomainEventCallbackListAddID(). However, when we
	are freeing the array, we free the items within it but forgot to
	actually free it.

	virPCIDeviceBindToStub: Remove unused @oldDriverPath and @oldDriverName
	These two chunks had to be part of df4283a55bf. But for some unclear
	reason, the weren't. Anyway, these two variables are not used anywhere
	within function. They're initialized to NULL and then VIR_FREE()-d. And
	there's no reason do do two NOPs, right?

	networkBuildDhcpDaemonCommandLine: Don't leak @configstr and @configfile

2013-11-14  Eric Blake  <eblake@redhat.com>

	storage: fix RNG validation of gluster via netfs
	While trying to compare netfs against my new gluster pool, I
	discovered two things:
	virt-xml-validate chokes on valid xml produced by 'virsh pool-dumpxml'
	[yet another reason that ALL patches that add new xml should be adding
	corresponding tests]
	When using glusterfs FUSE mounts, you cannot access a subdirectory
	of a gluster volume.  The recommended workaround in the gluster
	community is to mount the volume to an intermediate location, then
	bind-mount the desired subdirectory to the final location.  Maybe
	we should teach libvirt to do bind-mounting, but for now I chose to
	just document the limitation.
	* docs/storage.html.in: Improve documentation.
	* docs/schemas/storagepool.rng (sourcefmtnetfs): Allow all
	formats, and drop redundant info-vendor.
	* tests/storagepoolxml2xmltest.c (mymain): New test.
	* tests/storagepoolxml2xmlin/pool-netfs-gluster.xml: New file.
	* tests/storagepoolxml2xmlout/pool-netfs-gluster.xml: Likewise.

2013-11-13  Peter Krempa  <pkrempa@redhat.com>

	virsh-secret: Unify list column alignment
	Before:
	$ virsh secret-list
	UUID                                 Usage
	-----------------------------------------------------------
	0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f volume /var/lib/libvirt/images/puppyname.img
	0a81f5b2-8403-7b23-c8d6-2deadbeefd6f Unused
	After:
	$ virsh secret-list
	 UUID                                  Usage
	--------------------------------------------------------------------------------
	 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f  volume /var/lib/libvirt/images/puppyname.img
	 0a81f5b2-8403-7b23-c8d6-2deadbeefd6f  Unused

	virsh-interface: Unify list column alignment
	Before:
	$ virsh iface-list
	Name                 State      MAC Address
	--------------------------------------------
	br0                  active     f0:de:f1:dc:b8:b0
	virbr2               active     52:54:00:61:78:0c
	After:
	$ virsh iface-list
	 Name                 State      MAC Address
	---------------------------------------------------
	 br0                  active     f0:de:f1:dc:b8:b0
	 virbr2               active     52:54:00:61:78:0c

	virsh-nwfilter: Unify list command column alignment
	Before:
	$ virsh nwfilter-list
	UUID                                  Name
	----------------------------------------------------------------
	651d902c-165c-4bcc-8d73-41319af1e6bc  allow-arp
	9ae11362-df6b-407f-8864-3bdf5125bf77  allow-dhcp
	53b5a9ed-7d46-480f-a201-6d8a503d6533  allow-dhcp-server
	After:
	$ virsh nwfilter-list
	 UUID                                  Name
	------------------------------------------------------------------
	 651d902c-165c-4bcc-8d73-41319af1e6bc  allow-arp
	 9ae11362-df6b-407f-8864-3bdf5125bf77  allow-dhcp
	 53b5a9ed-7d46-480f-a201-6d8a503d6533  allow-dhcp-server

	virsh-pool: Unify spacing of listing function
	Change the alignment to match the domain listing function.
	Before:
	$ virsh pool-list
	Name                 State      Autostart
	-----------------------------------------
	boot-scratch         active     no
	default              active     no
	glusterpool          active     no
	$ virsh pool-list --details
	Name          State    Autostart  Persistent    Capacity  Allocation  Available
	-------------------------------------------------------------------------------
	boot-scratch  running  no         yes         117.99 GiB  101.40 GiB  16.60 GiB
	default       running  no         yes         117.99 GiB  101.40 GiB  16.60 GiB
	glusterpool   running  no         yes          29.40 GiB   44.23 MiB  29.36 GiB
	After:
	$ virsh pool-list
	 Name                 State      Autostart
	-------------------------------------------
	 boot-scratch         active     no
	 default              active     no
	 glusterpool          active     no
	$ virsh pool-list --details
	 Name          State    Autostart  Persistent    Capacity  Allocation  Available
	---------------------------------------------------------------------------------
	 boot-scratch  running  no         yes         117.99 GiB  101.40 GiB  16.60 GiB
	 default       running  no         yes         117.99 GiB  101.40 GiB  16.60 GiB
	 glusterpool   running  no         yes          29.40 GiB   44.23 MiB  29.36 GiB

2013-11-13  Ján Tomko  <jtomko@redhat.com>

	Disable nwfilter driver when running unprivileged
	When opening a new connection to the driver, nwfilterOpen
	only succeeds if the driverState has been allocated.
	Move the privilege check in driver initialization before
	the state allocation to disable the driver.
	This changes the nwfilter-define error from:
	error: cannot create config directory (null): Bad address
	To:
	this function is not supported by the connection driver:
	virNWFilterDefineXML
	https://bugzilla.redhat.com/show_bug.cgi?id=1029266

2013-11-13  Jason Andryuk  <andryuk@aero.org>

	libxl: Fix Xen 4.4 libxlVmStart logic
	ifdef LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS hides a multi-line body
	for a brace-less else.  Add braces to ensure proper logic is applied.
	Without this fix, new domains cannot be started.  Both
	libxl_domain_create_new and libxl_domain_create_restore are called when
	starting a new domain leading to this error:
	libxl: error: libxl.c:324:libxl__domain_rename: domain with name "guest" already exists.
	libxl: error: libxl_create.c:800:initiate_domain_create: cannot make domain: -6

2013-11-13  Peter Krempa  <pkrempa@redhat.com>

	qemu: Check for presence of device and properities when getting CPUID
	The QOM path in qemu that contains the CPUID registers of a running VM
	may not be present (introduced in QEMU 1.5).
	Since commit d94b7817719 we have a regression with QEMU that don't
	support reporting of the CPUID register state via the monitor as the
	process startup code expects the path to exist.
	This patch adds code that checks with the monitor if the requested path
	already exists and uses it only in this case.

	qemu: Change return type of qemuMonitorGetGuestCPU()
	To allow returning more granular errors, change the error type to an
	integer.

	virsh-volume: Unify strigification of volume type
	There were two separate places with that were stringifying type of a
	volume. One of the places was out of sync with types implemented
	upstream.
	To avoid such problems in the future, this patch adds a common function
	to convert the type to string and reuses it across the two said places.

	virsh-volume: Unify alignment of vol-list output columns
	Add an extra space before the first column as we have when listing
	domains.
	Previous output:
	$ virsh vol-list glusterpool
	Name                 Path
	-----------------------------------------
	asdf                 gluster://gluster-node-1/gv0/asdf
	c                    gluster://gluster-node-1/gv0/c
	cd                   gluster://gluster-node-1/gv0/cd
	$ virsh vol-list glusterpool --details
	Name  Path                               Type     Capacity  Allocation
	----------------------------------------------------------------------
	asdf  gluster://gluster-node-1/gv0/asdf  unknown    0.00 B      0.00 B
	c     gluster://gluster-node-1/gv0/c     unknown   16.00 B     16.00 B
	cd    gluster://gluster-node-1/gv0/cd    unknown    0.00 B      0.00 B
	New output:
	$ virsh vol-list glusterpool
	 Name                 Path
	------------------------------------------------------------------------------
	 asdf                 gluster://gluster-node-1/gv0/asdf
	 c                    gluster://gluster-node-1/gv0/c
	 cd                   gluster://gluster-node-1/gv0/cd
	$ virsh vol-list glusterpool --details
	 Name  Path                               Type     Capacity  Allocation
	------------------------------------------------------------------------
	 asdf  gluster://gluster-node-1/gv0/asdf  unknown    0.00 B      0.00 B
	 c     gluster://gluster-node-1/gv0/c     unknown   16.00 B     16.00 B
	 cd    gluster://gluster-node-1/gv0/cd    unknown    0.00 B      0.00 B

2013-11-12  Daniel P. Berrange  <berrange@redhat.com>

	Improve cgroups docs to cover systemd integration
	As of libvirt 1.1.1 and systemd 205, the cgroups layout used by
	libvirt has some changes. Update the 'cgroups.html' file from
	the website to describe how it works in a systemd world.

	Fix busy wait loop in LXC container I/O handling
	If the host side of an LXC container console disconnected
	and the guest side continued to write data, until the PTY
	buffer filled up, the LXC controller would busy wait. It
	would repeatedly see POLLHUP from poll() and not disable
	the watch.
	This was due to some bogus logic detecting blocking
	conditions. Upon seeing a POLLHUP we must disable all
	reading & writing from the PTY, and setup the epoll to
	wake us up again when the connection comes back.

	Don't expose 'none' machine type to capabilities
	The 'none' machine type is something only intended for use
	by libvirt probing capabilities. It isn't something that
	is useful for running real VM instances. As such it should
	not be exposed to users in the capabilities.

	Fix mem leak in virQEMUCapsProbeQMPMachineTypes on OOM
	The virQEMUCapsProbeQMPMachineTypes method iterates over machine
	types copying them into the qemuCapsPtr object. It only updates
	the qemuCaps->nmachinetypes value at the end though. So if OOM
	occurs in the middle, the destructor of qemuCapsPtr will not
	free the partially initialized machine types.

2013-11-12  Peter Krempa  <pkrempa@redhat.com>

	conf: Refactor virDomainDiskSourceDefParse
	Now that the function is separate clean out a few ugly places and fix up
	error messages.

	conf: Rename virDomainDiskHostDefFree to virDomainDiskHostDefClear
	The function destroys only the contents not the object itself thus it
	should be called Clear.

	conf: Split out code to parse the source of a disk definition
	To avoid code duplication between snapshot configuration code that
	parses the disk source too we need to split out this code that will be
	reused later on.
	This patch tries to be code movement, some aspects of this function will
	be refactored later.

2013-11-12  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainObjStart: Warn on corrupted image
	If the managedsave image is corrupted, e.g. the XML part is, we fail to
	parse it and throw an error, e.g.:
	error: Failed to start domain jms8
	error: XML error: missing security model when using multiple labels
	This is okay, as we can't really start the machine and avoid undefined
	qemu behaviour. On the other hand, the error message doesn't give a
	clue to users what should they do. The consensus here would be to thrown
	a warning to logs saying "Hey, you've got a corrupted file".

2013-11-11  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix typos in libvirt.h.in
	s/repersents/represents

2013-11-11  Michal Privoznik  <mprivozn@redhat.com>

	virSecurityLabelDefParseXML: Don't parse label on model='none'
	https://bugzilla.redhat.com/show_bug.cgi?id=1027096
	If there's the following snippet in the domain XML, the domain will be
	lost upon the daemon restart (if the domain is started prior restart):
	    <seclabel type='dynamic' relabel='yes'/>
	The problem is, the 'label', 'imagelabel' and 'baselabel' are parsed
	whenever the VIR_DOMAIN_XML_INACTIVE is *not* present or the label is
	static. The latter is not our case, obviously. So, when libvirtd starts
	up, it finds domain state xml and parse it. During parsing, many XML
	flags are enabled but VIR_DOMAIN_XML_INACTIVE. Hence, our parser tries
	to extract 'label', 'imagelabel' and 'baselabel' from the XML which
	fails for model='none'. Err, this model - even though not specified in
	XML - can be taken from qemu wide config file: /etc/libvirtd/qemu.conf.
	However, in order to know we are dealing with model='none' the code in
	question must be moved forward a bit. Then a new check must be
	introduced. This is what the first two chunks are doing.
	But this alone is not sufficient. The domain state XML won't contain the
	model attribute without slight modification. The model should be
	inserted into the XML even if equal to 'none' and the state XML is being
	generated - what if the origin (the @security_driver variable in
	qemu.conf) changes during libvirtd restarts?
	At the end, a test to catch this scenario is introduced.

2013-11-11  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Mark --live and --config mutually exclusive in vcpucount
	The 'vcpucount' command is a getter command for the vCPUu count. When
	one or more of the filtering flags are specified the command returns the
	value only for the selected combination. In this case the --live and
	--config combination isn't valid. This however didn't cause errors as
	the combination of flags was rejected by the libvirt API but then the
	fallback code kicked in and requested the count in a way where the clash
	of the flags didn't matter.
	Mark the flag combination mutually exclusive so that users aren't
	confused.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1024245

2013-11-09  Wang Yufei  <james.wangyufei@huawei.com>

	docs: fix virDomainRestoreFlags description bug
	In virDomainRestoreFlags with VIR_DOMAIN_SAVE_BYPASS_CACHE, it risks
	slowing restores from NFS, but not saves to NFS.

2013-11-09  Eric Blake  <eblake@redhat.com>

	docs: grammar fixes
	Fix some user-visible wording from commits 72aafe9 and 1606d89.
	* src/qemu/qemu.conf (migration_address): Better wording.
	* include/libvirt/libvirt.h.in (VIR_MIGRATE_PARAM_LISTEN_ADDRESS):
	Likewise.

2013-11-08  Vitor de Lima  <vitor.lima@eldorado.org.br>

	qemu: Fix SCSI hotplug on pseries guests
	This patch moves some code in the qemuDomainAttachSCSIDisk
	function. The check for the existence of a PCI address assigned
	to the SCSI controller was moved in order to be executed only
	when needed. The PCI address of a controller is not necessary
	if QEMU_CAPS_DEVICE is supported.
	This fixes issues with the hotplug of SCSI disks on pseries guests.

2013-11-08  Laine Stump  <laine@laine.org>

	pci: properly handle out-of-order SRIOV virtual functions
	This resolves:
	  https://bugzilla.redhat.com/show_bug.cgi?id=1025397
	When virPCIGetVirtualFunctions created the list of an SRIOV Physical
	Function's (PF) Virtual Functions (VF), it had assumed that the order
	of "virtfn*" links returned by readdir() from the PF's sysfs directory
	was already in the correct order. Experience has shown that this is
	not always the case - it can be in alphabetical order (which would
	e.g. place virtfn11 before virtfn2) or even some seemingly random
	order (see the example in the bugzilla report)
	This results in 1) incorrect assumptions made by consumers of the
	output of the virt_functions list of virsh nodedev-dumpxml, and 2)
	setting MAC address and vlan tag on the wrong VF (since libvirt uses
	netlink to set mac address and vlan tag, netlink requires the VF#, and
	the function virPCIGetVirtualFunctionIndex() returns the wrong index
	due to the improperly ordered VF list).
	The solution provided by this patch is for virPCIGetVirtualFunctions
	to no longer scan the entire device directory in its natural order,
	but instead to check for links individually by name "virtfn%d" where
	%d starts at 0 and increases with each success. Since VFs are created
	contiguously by the kernel, this will guarantee that all VFs are
	found, and placed in the arry in the correct order.
	One note of use to the uninitiated is that VIR_APPEND_ELEMENT always
	either increments *num_virtual_functions or fails, so no this isn't an
	endless loop.
	(NB: the SRIOV_* defines at the top of virpci.c were removed
	because they are unnecessary and/or not used.)

	util: use size_t instead of unsigned int for num_virtual_functions
	This is a prerequisite to the fix for the fix to:
	  https://bugzilla.redhat.com/show_bug.cgi?id=1025397
	num_virtual_functions needs to be size_t in order to use the
	VIR_APPEND_ELEMENT macro.

2013-11-08  Vitor de Lima  <vitor.lima@eldorado.org.br>

	qemu: assign PCI address to primary video card
	When adding support for Q35 guests, the code to assign a PCI address
	to the primary video card was moved into Q35 and i440fx(PIIX3)
	specific functions, but no fallback was kept for other machine types
	that might have a video card.
	This patch remedies that by assigning a PCI address to the primary
	video card if it does not have any kind of address.  In particular,
	this fixes issues with pseries guests.

2013-11-08  Serge Hallyn  <serge.hallyn@ubuntu.com>

	util: use -w flag when calling iptables
	When supported, ask iptables to wait rather than fail if it is in use
	by another caller (like ufw).
	(See https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1245322)

2013-11-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Validate specific CPUID flags of a guest
	When starting a VM the qemu process may filter out some requested
	features of a domain as it's not supported either by the host or by
	qemu. Libvirt didn't check if this happened which might end up in
	changing of the guest ABI when migrating.
	The proof of concept implementation adds the check for the recently
	introduced kvm_pv_unhalt cpuid feature bit. This feature depends on both
	qemu and host kernel support and thus increase the possibility of guest
	ABI breakage.

	qemu: Add support for paravirtual spinlocks in the guest
	The linux kernel recently added support for paravirtual spinlock
	handling to avoid performance regressions on overcomitted hosts. This
	feature needs to be turned in the hypervisor so that the guest OS is
	notified about the possible support.
	This patch adds a new feature "paravirt-spinlock" to the XML and
	supporting code to enable the "kvm_pv_unhalt" pseudo CPU feature in
	qemu.
	https://bugzilla.redhat.com/show_bug.cgi?id=1008989

	conf: Refactor storing and usage of feature flags
	Currently we were storing domain feature flags in a bit field as the
	they were either enabled or disabled. New features such as paravirtual
	spinlocks however can be tri-state as the default option may depend on
	hypervisor version.
	To allow storing tri-state feature state in the same place instead of
	having to declare dedicated variables for each feature this patch
	refactors the bit field to an array.

	cpu: x86: Add internal CPUID features support and KVM feature bits
	Some of the emulator features are presented in the <features> element in
	the domain XML although they are virtual CPUID feature bits when
	presented to the guest. To avoid confusing the users with these
	features, as they are not configurable via the <cpu> element, this patch
	adds an internal array where those can be stored privately instead of
	exposing them in the XML.
	Additionaly KVM feature bits are added as example usage of this code.

2013-11-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add monitor APIs to fetch CPUID data from QEMU
	The qemu monitor supports retrieval of actual CPUID bits presented to
	the guest using QMP monitor. Add APIs to extract these information and
	tests for them.

2013-11-08  Peter Krempa  <pkrempa@redhat.com>

	cpu_x86: Refactor storage of CPUID data to add support for KVM features
	The CPUID functions were stored in multiple arrays according to a
	specified prefix of those. This made it very hard to add another prefix
	to store KVM CPUID features (0x40000000). Instead of hardcoding a third
	array this patch changes the approach used:
	The code is refactored to use a single array where the CPUID functions
	are stored ordered by the cpuid function so that they don't depend on
	the specific prefix and don't waste memory. The code is also less
	complex using this approach. A trateoff to this is the change from O(N)
	complexity to O(N^2) in x86DataAdd and x86DataSubtract. The rest of the
	functions were already using O(N^2) algorithms.

2013-11-08  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	storage: Fix a vol-clone bug on ppc64
	vol-clone reports out of memory error with disk type on ppc64.
	Currently, wbytes is defined as size_t type (8 bytes), but
	args's value in ioctl(fd, args..) in kernel is int (4 bytes).
	This makes wbytes 2^32 times larger, causing an out of memory error.
	This patch changes size_t to int to synchronize with kernel.
	[1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/block/ioctl.c?id=5e01dc7b#n363
	[2] https://lkml.org/lkml/2013/11/1/620

2013-11-08  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't access vm->priv on unlocked domain
	Since 86d90b3a (yes, my patch; again) we are supporting NBD storage
	migration. However, on error recovery path we got the steps reversed.
	The correct order is: return NBD port to the virPortAllocator and then
	either unlock the vm or remove it from the driver. Not vice versa.
	==11192== Invalid write of size 4
	==11192==    at 0x11488559: qemuMigrationPrepareAny (qemu_migration.c:2459)
	==11192==    by 0x11488EA6: qemuMigrationPrepareDirect (qemu_migration.c:2652)
	==11192==    by 0x114D1509: qemuDomainMigratePrepare3Params (qemu_driver.c:10332)
	==11192==    by 0x519075D: virDomainMigratePrepare3Params (libvirt.c:7290)
	==11192==    by 0x1502DA: remoteDispatchDomainMigratePrepare3Params (remote.c:4798)
	==11192==    by 0x12DECA: remoteDispatchDomainMigratePrepare3ParamsHelper (remote_dispatch.h:5741)
	==11192==    by 0x5212127: virNetServerProgramDispatchCall (virnetserverprogram.c:435)
	==11192==    by 0x5211C86: virNetServerProgramDispatch (virnetserverprogram.c:305)
	==11192==    by 0x520A8FD: virNetServerProcessMsg (virnetserver.c:165)
	==11192==    by 0x520A9E1: virNetServerHandleJob (virnetserver.c:186)
	==11192==    by 0x50DA78F: virThreadPoolWorker (virthreadpool.c:144)
	==11192==    by 0x50DA11C: virThreadHelper (virthreadpthread.c:161)
	==11192==  Address 0x1368baa0 is 576 bytes inside a block of size 688 free'd
	==11192==    at 0x4A07F5C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==11192==    by 0x5079A2F: virFree (viralloc.c:580)
	==11192==    by 0x11456C34: qemuDomainObjPrivateFree (qemu_domain.c:267)
	==11192==    by 0x50F41B4: virDomainObjDispose (domain_conf.c:2034)
	==11192==    by 0x50C2991: virObjectUnref (virobject.c:262)
	==11192==    by 0x50F4CFC: virDomainObjListRemove (domain_conf.c:2361)
	==11192==    by 0x1145C125: qemuDomainRemoveInactive (qemu_domain.c:2087)
	==11192==    by 0x11488520: qemuMigrationPrepareAny (qemu_migration.c:2456)
	==11192==    by 0x11488EA6: qemuMigrationPrepareDirect (qemu_migration.c:2652)
	==11192==    by 0x114D1509: qemuDomainMigratePrepare3Params (qemu_driver.c:10332)
	==11192==    by 0x519075D: virDomainMigratePrepare3Params (libvirt.c:7290)
	==11192==    by 0x1502DA: remoteDispatchDomainMigratePrepare3Params (remote.c:4798)

	qemu: Avoid double free of VM
	One of my previous patches (c7ac2519b7f) did try to fix the issue when
	domain dies too soon during migration. However, this clumsy approach was
	missing removal of qemuProcessHandleMonitorDestroy resulting in double
	unrefing of mon->vm and hence producing the daemon crash:
	==11843== Invalid read of size 4
	==11843==    at 0x50C28C5: virObjectUnref (virobject.c:255)
	==11843==    by 0x1148F7DB: qemuMonitorDispose (qemu_monitor.c:258)
	==11843==    by 0x50C2991: virObjectUnref (virobject.c:262)
	==11843==    by 0x50C2D13: virObjectFreeCallback (virobject.c:388)
	==11843==    by 0x509C37B: virEventPollCleanupHandles (vireventpoll.c:583)
	==11843==    by 0x509C711: virEventPollRunOnce (vireventpoll.c:652)
	==11843==    by 0x509A620: virEventRunDefaultImpl (virevent.c:274)
	==11843==    by 0x520D21C: virNetServerRun (virnetserver.c:1112)
	==11843==    by 0x11F368: main (libvirtd.c:1513)
	==11843==  Address 0x13b88864 is 4 bytes inside a block of size 136 free'd
	==11843==    at 0x4A07F5C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==11843==    by 0x5079A2F: virFree (viralloc.c:580)
	==11843==    by 0x50C29E3: virObjectUnref (virobject.c:270)
	==11843==    by 0x114770E4: qemuProcessHandleMonitorDestroy (qemu_process.c:1103)
	==11843==    by 0x1148F7CB: qemuMonitorDispose (qemu_monitor.c:257)
	==11843==    by 0x50C2991: virObjectUnref (virobject.c:262)
	==11843==    by 0x50C2D13: virObjectFreeCallback (virobject.c:388)
	==11843==    by 0x509C37B: virEventPollCleanupHandles (vireventpoll.c:583)
	==11843==    by 0x509C711: virEventPollRunOnce (vireventpoll.c:652)
	==11843==    by 0x509A620: virEventRunDefaultImpl (virevent.c:274)
	==11843==    by 0x520D21C: virNetServerRun (virnetserver.c:1112)
	==11843==    by 0x11F368: main (libvirtd.c:1513)

2013-11-08  Ján Tomko  <jtomko@redhat.com>

	Allow root directory in filesystem source dir schema
	Use absDirPath instead of absFilePath.
	https://bugzilla.redhat.com/show_bug.cgi?id=1028107

2013-11-07  Michal Privoznik  <mprivozn@redhat.com>

	qemuMigrationBeginPhase: Check for 'drive-mirror' for NBD
	So far we are checking if qemu supports 'nbd-server-start'. This,
	however, makes no sense on the source as nbd-server-* is used on the
	destination. On the source the 'drive-mirror' is used instead.

2013-11-07  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	conf: fix incorrect error log in virCPUDefIsEqual
	A copy-paste error.
	s/model/vendor id

2013-11-07  Michal Privoznik  <mprivozn@redhat.com>

	tests: Distribute virpcitestdata
	Since 21685c955e5466 we have tests/virpcitestdata dir containing the PCI
	config files for some dummy PCI devices that are used int virpcitest.
	However, the directory containing the config files is not distributed
	making 'make rpm' fail.

2013-11-07  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix virtpcitest in VPATH

2013-11-07  Peter Krempa  <pkrempa@redhat.com>

	conf: Refactor virDomainDiskSourcePoolDefParse
	For some strange reason virDomainDiskSourcePoolDefParse accessed def of
	the disk and allocated the pool object in it. To avoid the need to carry
	over the disk definition object, refactor this function to return the
	allocated object instead.

2013-11-07  Eric Blake  <eblake@redhat.com>

	nodeinfo: fix build on non-Linux
	Commit b0f8546 broke the build on mingw, by exposing code that
	had Linux-specific dependencies but which was previously protected
	by libnuma ifdef guards:
	make[3]: Entering directory `/home/eblake/libvirt-tmp/build/src'
	  CC       libvirt_driver_la-nodeinfo.lo
	../../src/nodeinfo.c: In function 'virNodeGetSiblingsList':
	../../src/nodeinfo.c:1543:30: error: 'SYSFS_THREAD_SIBLINGS_LIST_LENGTH_MAX' undeclared (first use in this function)
	     if (virFileReadAll(path, SYSFS_THREAD_SIBLINGS_LIST_LENGTH_MAX, &buf) < 0)
	                              ^
	../../src/nodeinfo.c:1543:30: note: each undeclared identifier is reported only once for each function it appears in
	../../src/nodeinfo.c: In function 'virNodeCapsFillCPUInfo':
	../../src/nodeinfo.c:1562:5: error: implicit declaration of function 'virNodeGetCpuValue' [-Werror=implicit-function-declaration]
	     if ((tmp = virNodeGetCpuValue(SYSFS_CPU_PATH, cpu_id,
	     ^
	../../src/nodeinfo.c:1562:5: error: nested extern declaration of 'virNodeGetCpuValue' [-Werror=nested-externs]
	../../src/nodeinfo.c:1562:35: error: 'SYSFS_CPU_PATH' undeclared (first use in this function)
	     if ((tmp = virNodeGetCpuValue(SYSFS_CPU_PATH, cpu_id,
	                                   ^
	cc1: all warnings being treated as errors
	* src/nodeinfo.c (virNodeCapsFillCPUInfo): Make conditional.
	(virNodeGetSiblingsList): Move into #ifdef linux block.

	storage: always probe type with buffer
	This gets rid of another stat() per volume, as well as cutting
	bytes read in half, when populating the volumes of a directory
	pool during a pool refresh.  Not to mention that it provides an
	interface that can let gluster pools also probe file types.
	* src/util/virstoragefile.h (virStorageFileProbeFormatFromFD):
	Delete.
	(virStorageFileProbeFormatFromBuf): New prototype.
	(VIR_STORAGE_MAX_HEADER): New constant, based on...
	* src/util/virstoragefile.c (STORAGE_MAX_HEAD): ...old name.
	(vmdk4GetBackingStore, virStorageFileGetMetadataInternal)
	(virStorageFileProbeFormat): Adjust clients.
	(virStorageFileProbeFormatFromFD): Delete.
	(virStorageFileProbeFormatFromBuf): Export.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Adjust client.
	* src/libvirt_private.syms (virstoragefile.h): Adjust exports.

	storage: refactor backing chain division of labor
	Future patches will want to learn metadata about a file using
	a buffer that was already parsed in order to probe the file's
	format.  Rather than reopening and re-reading the file, it makes
	sense to separate getting file contents from actually parsing
	those contents.
	* src/util/virstoragefile.c (virStorageFileGetMetadataFromBuf)
	(virStorageFileGetMetadataFromFDInternal): New functions.
	(virStorageFileGetMetadataInternal): Hoist fstat() and read() into
	callers.
	(virStorageFileGetMetadataFromFD)
	(virStorageFileGetMetadataRecurse): Rework clients.
	* src/util/virstoragefile.h (virStorageFileGetMetadataFromBuf):
	New prototype.
	* src/libvirt_private.syms (virstoragefile.h): Export it.

	storage: reduce number of stat calls
	We are calling fstat() at least twice per storage volume in
	a directory storage pool; this is rather wasteful.  Refactoring
	this is also a step towards making code reusable for gluster,
	where gluster can provide struct stat but cannot use fstat().
	* src/storage/storage_backend.h
	(virStorageBackendVolOpenCheckMode)
	(virStorageBackendUpdateVolTargetInfoFD): Update signature.
	* src/storage/storage_backend.c
	(virStorageBackendVolOpenCheckMode): Pass stat results back.
	(virStorageBackendUpdateVolTargetInfoFD): Use existing stats.
	(virStorageBackendVolOpen, virStorageBackendUpdateVolTargetInfo):
	Update callers.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.
	* src/storage/storage_backend_scsi.c
	(virStorageBackendSCSIUpdateVolTargetInfo): Likewise.
	* src/storage/storage_backend_mpath.c
	(virStorageBackendMpathUpdateVolTargetInfo): Likewise.

	storage: avoid short reads while chasing backing chain
	Our backing file chain code was not very robust to an ill-timed
	EINTR, which could lead to a short read causing us to randomly
	treat metadata differently than usual.  But the existing
	virFileReadLimFD forces an error if we don't read the entire
	file, even though we only care about the header of the file.
	So add a new virFile function that does what we want.
	* src/util/virfile.h (virFileReadHeaderFD): New prototype.
	* src/util/virfile.c (virFileReadHeaderFD): New function.
	* src/libvirt_private.syms (virfile.h): Export it.
	* src/util/virstoragefile.c (virStorageFileGetMetadataInternal)
	(virStorageFileProbeFormatFromFD): Use it.

	storage: use simpler 'char *'
	'unsigned char *' makes sense if you are doing math on bytes and
	don't want to worry about wraparound from a signed 'char'; but
	since all we are doing is memcmp() or virReadBufInt*[LB]E(), which
	are both safe on either type of char, and since read() prefers to
	operate on 'char *', it's simpler to avoid casts by just typing
	things as 'char *' from the get-go.  [Technically, read can
	operate on an 'unsigned char *' thanks to the C rule that any
	pointer can be implicitly converted to 'char *' for legacy K&R
	compatibility; but where this patch saves us is if we try to use
	virfile.h functions that take 'char **' in order to allocate the
	buffer, where the compiler would barf on type mismatch.]
	* src/util/virstoragefile.c (FileTypeInfo): Avoid unsigned char.
	(cowGetBackingStore, qcow2GetBackingStoreFormat)
	(qcowXGetBackingStore, qcow1GetBackingStore)
	(qcow2GetBackingStore, vmdk4GetBackingStore, qedGetBackingStore)
	(virStorageFileMatchesMagic, virStorageFileMatchesVersion)
	(virStorageFileProbeFormatFromBuf, qcow2GetFeatures)
	(virStorageFileGetMetadataInternal)
	(virStorageFileProbeFormatFromFD): Simplify clients.

2013-11-07  Jonathan Lebon  <jlebon@redhat.com>

	add SystemTap to apps using libvirt
	Starting from v2.4 (released today!), SystemTap can use libvirt to
	execute scripts inside virtual machines.

2013-11-07  Giuseppe Scrivano  <gscrivan@redhat.com>

	test driver: add support for .connectBaselineCPU
	It uses the same functionalities of the qemu driver.

2013-11-07  Michal Privoznik  <mprivozn@redhat.com>

	qemuMonitorDispose: Reset lastError
	Since the 90139a62 commit the error is copied into mon->lastError but
	it's never freed from there.
	==31989== 395 bytes in 1 blocks are definitely lost in loss record 877 of 978
	==31989==    at 0x4A06C2B: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==31989==    by 0x7EAF129: strdup (in /lib64/libc-2.15.so)
	==31989==    by 0x50D586C: virStrdup (virstring.c:554)
	==31989==    by 0x50976C1: virCopyError (virerror.c:191)
	==31989==    by 0x5097A35: virCopyLastError (virerror.c:312)
	==31989==    by 0x114909A9: qemuMonitorIO (qemu_monitor.c:690)
	==31989==    by 0x509BEDE: virEventPollDispatchHandles (vireventpoll.c:501)
	==31989==    by 0x509C701: virEventPollRunOnce (vireventpoll.c:648)
	==31989==    by 0x509A620: virEventRunDefaultImpl (virevent.c:274)
	==31989==    by 0x520D21C: virNetServerRun (virnetserver.c:1112)
	==31989==    by 0x11F368: main (libvirtd.c:1513)

2013-11-06  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix a typo in formatnwfilter
	s/fragement/fragment

2013-11-06  Zeng Junliang  <zengjunliang@huawei.com>

	qemu: clean up migration ports when migration cancelled
	If there's a migration cancelled, the bitmap of migration port should be
	cleaned up too.

2013-11-06  Laine Stump  <laine@laine.org>

	network: fix connections count in case of allocate failure
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1020135
	If networkAllocateActualDevice() had failed due to a pool of hostdev
	or direct devices being depleted, the calling function could still
	call networkReleaseActualDevice() as part of its cleanup, and that
	function would then unconditionally decrement the connections count
	for the network, even though it hadn't been incremented (due to
	failure of allocate). This *was* necessary because the .actual member
	of the netdef was allocated with a "lazy" algorithm, only being
	created if there was a need to store data there (e.g. if a device was
	allocated from a pool, or bandwidth was allocated for the device), so
	there was no simple way for networkReleaseActualDevice() to tell if
	something really had been allocated (i.e. if "connections++" had been
	executed).
	This patch changes networkAllocateDevice() to *always* allocate an
	actual device for any netdef of type='network', even if it isn't
	needed for any other reason. This has no ill effects anywhere else in
	the code (except for using a small amount of memory), and
	networkReleaseActualDevice() can then determine if there was a
	previous successful allocate by checking for .actual != NULL (if not,
	it skips the "connections--").

2013-11-06  Michal Privoznik  <mprivozn@redhat.com>

	virpcitest: Introduce testVirPCIDeviceReset
	This addition, however, requires some refactoring to be done.  First of
	all, to match the best practice we should detach the device prior
	resetting it. That's why testVirPCIDeviceDetach is detaching all devices
	within 0000:00:01.0 and 0000:00:03.0 range. Then, the brand new test
	will reset the 0000:00:02.0 device, so the last testVirPCIDeviceReattach
	can reattach all the devices back.
	In order to perform a PCI device reset, the dummy config file is not
	sufficient anymore and must be replaced with real PCI config (binary
	mess). Such config files are to be stored under tests/virpcitestdata/
	and ought to have '.config' suffix.

2013-11-06  Guido Günther  <agx@sigxcpu.org>

	virt-login-shell: also build virAtomic.h
	Needed for architectures that don't use gcc atomic ops but pthread. This
	fixes the armel build that otherwise breaks like:
	 CCLD     virt-login-shell
	 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virClassNew':
	 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:150: undefined reference to `virAtomicLock'
	 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virObjectNew':
	 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:202: undefined reference to `virAtomicLock'
	 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virObjectUnref':
	 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:274: undefined reference to `virAtomicLock'
	 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virObjectRef':
	 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:295: undefined reference to `virAtomicLock'
	 collect2: error: ld returned 1 exit status
	See https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=armel&ver=1.1.4-1&stamp=1383588268

2013-11-06  Michal Privoznik  <mprivozn@redhat.com>

	virpcitest: Fix variable arguments using in pci_driver_new
	In the pci_driver_new function it is possible to set a list of
	<vendor:device> IDs that the driver knows. These IDs are passed as
	variable arguments and are processed  the usual way using va_start() and
	va_arg(). However, after all arguments has been processed, we should
	call va_end() what we aren't currently doing.

2013-11-05  Eric Blake  <eblake@redhat.com>

	storage: recognize gluster as networked file
	A qcow2 file with a backing file of 'gluster://host/vol/file' should
	not try to look for a directory named './gluster:/' in the file system.
	* src/util/virstoragefile.c (virBackingStoreIsFile): Broaden check
	to include all protocols.

2013-11-05  Ján Tomko  <jtomko@redhat.com>

	qemu: don't use deprecated -no-kvm-pit-reinjection
	Since qemu-kvm 1.1 [1] (since 1.3. in upstream QEMU [2])
	'-no-kvm-pit-reinjection' has been deprecated.
	Use -global kvm-pit.lost_tick_policy=discard instead.
	https://bugzilla.redhat.com/show_bug.cgi?id=978719
	[1] http://git.kernel.org/cgit/virt/kvm/qemu-kvm.git/commit/?id=4e4fa39
	[2] http://git.qemu.org/?p=qemu.git;a=commitdiff;h=c21fb4f

2013-11-05  John Ferlan  <jferlan@redhat.com>

	Resolve Coverity issue regarding not checking return value
	Coverity complains that the call to virPCIDeviceDetach() in
	qemuPrepareHostdevPCIDevices() doesn't check status return like
	other calls.  Seems this just was lurking until a recent change
	to this module resulted in Coverity looking harder and finding
	the issue.  Introduced by 'a4efb2e33' when function was called
	'pciReAttachDevice()'
	Just added a ignore_value() since it doesn't appear to matter
	if the call fails since we're on a failure path already.

2013-11-05  Daniel P. Berrange  <berrange@redhat.com>

	Skip any files which are not mounted on the host
	Currently the LXC container tries to skip selinux/securityfs
	mounts if the directory does not exist in the filesystem,
	or if SELinux is disabled.
	The former check is flawed because the /sys/fs/selinux
	or /sys/kernel/securityfs directories may exist in sysfs
	even if the mount type is disabled. Instead of just doing
	an access() check, use an virFileIsMounted() to see if
	the FS is actually present in the host OS. This also
	avoids the need to check is_selinux_enabled().

	Add flag to lxcBasicMounts to control use in user namespaces
	Some mounts must be skipped if running inside a user namespace,
	since the kernel forbids their use. Instead of strcmp'ing the
	filesystem type in the body of the loop, set an explicit flag
	in the lxcBasicMounts table.

	Remove duplicate entries in lxcBasicMounts array
	Currently the lxcBasicMounts array has separate entries for
	most mounts, to reflect that we must do a separate mount
	operation to make mounts read-only. Remove the duplicate
	entries and instead set the MS_RDONLY flag against the main
	entry. Then change lxcContainerMountBasicFS to look for the
	MS_RDONLY flag, mask it out & do a separate bind mount.

	Remove pointless 'srcpath' variable in lxcContainerMountBasicFS
	The 'srcpath' variable is initialized from 'mnt->src' and never
	changed thereafter. Some places continue to use 'mnt->src' and
	others use 'srcpath'. Remove the pointless 'srcpath' variable
	and use 'mnt->src' everywhere.

	Remove unused 'opts' field from LXC basic mounts struct
	The virLXCBasicMountInfo struct contains a 'char *opts'
	field passed onto the mount() syscall. Every entry in the
	list sets this to NULL though, so it can be removed to
	simplify life.

	Add virFileIsMountPoint function
	Add a function for efficiently checking if a path is a filesystem
	mount point.
	NB will not work for bind mounts, only true filesystem mounts.

2013-11-05  Michal Privoznik  <mprivozn@redhat.com>

	virpcitest: Introduce check for unbinded devices
	This just introduces the test for bug fixed in df4283a55bf.

	virpci: Don't error on unbinded devices
	https://bugzilla.redhat.com/show_bug.cgi?id=1018897
	If a PCI deivce is not binded to any driver (e.g. there's yet no PCI
	driver in the linux kernel) but still users want to passthru the device
	we fail the whole operation as we fail to resolve the 'driver' link
	under the PCI device sysfs tree. Obviously, this is not a fatal error
	and it shouldn't be error at all.

	virpcitest: Introduce testVirPCIDeviceReattach
	This test will reattach the PCI device detached in the previous test.

	virpcitest: Test virPCIDeviceDetach
	This commit introduces yet another test under virpcitest:
	virPCIDeviceDetach. However, in order to be able to do this, the
	virpcimock needs to be extended to model the kernel behavior on PCI
	device binding and unbinding (create 'driver' symlinks under the device
	tree, check for device ID in driver's ID table, etc.)

2013-11-04  Michal Privoznik  <mprivozn@redhat.com>

	tests: Introduce virpcitest
	Among with this test introduce virpcimock as we need to mock some
	syscalls, e.g. redirect open() of a file under /sys/bus/pci to a
	stub sysfs tree.

2013-11-04  Peter Krempa  <pkrempa@redhat.com>

	cpu: x86: Parse the CPU feature map only once
	Until now the map was loaded from the XML definition file every time a
	operation on the flags was requested. With the introduciton of one shot
	initializers we can store the definition forever (as it will never
	change) instead of parsing it over and over again.

2013-11-04  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Export few x86-specific APIs
	This makes virCPUx86DataAddCPUID, virCPUx86DataFree, and
	virCPUx86MakeData available for direct usage outside of cpu driver in
	tests and the new qemu monitor that will request the actual CPU
	definition from a running qemu instance.

2013-11-04  Peter Krempa  <pkrempa@redhat.com>

	nodeinfo: Remove libnuma include
	Now that all libnuma functions used by libvirt are wrapped in virNuma we
	can remove the dependancy from nodeinfo.

	numa: Add wrapper of numa_node_to_cpus and use it

	caps: Fix function docs for virCapabilitiesAddHostNUMACell

	numa: Replace NUMA_MAX_N_CPUS macro with virNumaGetMaxCPUs()

	nodeinfo: Get rid of nodeGetCellMemory
	The function was called in a single place only and was reporting errors
	that were later ignored. Use the virNumaGetNodeMemory helper to get the
	size of the memory in the NUMA node and remove the helper

	numa: Introduce virNumaGetNodeMemory and use it instead of numa_node_size64

	numa: Introduce virNumaGetMaxNode and use it instead of numa_max_node
	Avoid necessary checks for the numa library with this helper.

	nodeinfo: Avoid forward declarations of static functions
	linuxNodeGetCPUStats() and linuxNodeGetMemoryStats() are static and
	don't need a forward declaration.

	numa: Introduce virNumaIsAvailable and use it instead of numa_available
	All functions from libnuma must be protected with ifdefs. Avoid this by
	using our own wrapper.

2013-11-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.1.4
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: update localizations from transifex and regenerate

2013-11-04  Ryota Ozaki  <ozaki.ryota@gmail.com>

	virnetsocket: fix getsockopt on FreeBSD
	aa0f099 introduced a strict error checking for getsockopt and it
	revealed that getting a peer credential of a socket on FreeBSD
	didn't work. Libvirtd hits the error:
	  error : virNetSocketGetUNIXIdentity:1198 : Failed to get valid
	  client socket identity groups
	SOL_SOCKET (0xffff) was used as a level of getsockopt for
	LOCAL_PEERCRED, however, it was wrong. 0 is correct as well as
	Mac OS X.
	So for LOCAL_PEERCRED our options are SOL_LOCAL (if defined) or
	0 on Mac OS X and FreeBSD. According to the fact, the patch
	simplifies the code by removing ifdef __APPLE__.
	I tested the patch on FreeBSD 8.4, 9.2 and 10.0-BETA1.

2013-11-03  Doug Goldstein  <cardoe@cardoe.com>

	MacOS: Handle changes to xdrproc_t definition
	With Mac OS X 10.9, xdrproc_t is no longer defined as:
	typedef bool_t (*xdrproc_t)(XDR *, ...);
	but instead as:
	typdef bool_t (*xdrproc_t)(XDR *, void *, unsigned int);
	For reference, Linux systems typically define it as:
	typedef bool_t (*xdrproc_t)(XDR *, void *, ...);
	The rationale explained in the header is that using a vararg is
	incorrect and has a potential to change the ABI slightly do to compiler
	optimizations taken and the undefined behavior. They decided
	to specify the exact number of parameters and for compatibility with old
	code decided to make the signature require 3 arguments. The third
	argument is ignored for cases that its not used and its recommended to
	supply a 0.

2013-11-01  Jeremy Fitzhardinge  <jeremy@goop.org>

	libxl: fix dubious cpumask handling in libxlDomainSetVcpuAffinities
	Rather than casting the virBitmap pointer to uint8_t* and then using
	the structure contents as a byte array, use the virBitmap API to determine
	the bitmap size and test each bit.

2013-11-01  Jim Fehlig  <jfehlig@suse.com>

	Revert "libxl: Fix possible invalid read"
	This reverts commit 394d6e0a95ac91facba06ab43d67ae8600b14b0e.
	The real problem is accessing the virtBitmap structure as a byte
	array, which was correctly identified and fixed by Jeremy Fitzhardinge
	https://www.redhat.com/archives/libvir-list/2013-October/msg01257.html

2013-11-01  Bamvor Jian Zhang  <bjzhang@suse.com>

	fix api changes in xen restore
	in recently xen commit: 7051d5c8, there is a api changes in
	libxl_domain_create_restore.
	Author: Andrew Cooper <andrew.cooper3@citrix.com>
	Date:   Thu Oct 10 12:23:10 2013 +0100
	    tools/migrate: Fix regression when migrating from older version of Xen
	use the macro LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS in libxl.h
	in order to make libvirt could compile with old and new xen.
	the params checkpointed_stream is useful if libvirt libxl driver
	support migration. for new, set it as zero.

2013-11-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix race in starting transient VMs
	When starting a transient VM the first thing done is to check
	for duplicates. The check looks if there are any running VMs
	with the matching name/uuid. It explicitly allows there to
	be inactive VMs, so that a persistent VM can be temporarily
	booted with a different config.
	There is a race condition, however, where 2 or more clients
	try to create the same transient VM. The first client will
	cause a virDomainObjPtr to be added to the domain list, and
	it is inactive at this stage. The second client may then
	come along and see this inactive VM, and mistake it for a
	persistent VM.
	If the first VM fails to start its transient guest for any
	reason, then it'll remove the virDomainObjPtr from the list.
	The second client now has a virDomainObjPtr that it can try
	to boot, which libvirt no longer has a record of. The result
	can be a running QEMU process that is orphaned.
	It was also, however, possible for the virDomainObjPtr to be
	completely free'd which will cause libvirtd to crash in some
	scenarios.
	The fix is to only allow an existing inactive VM if it is
	marked as persistent.

2013-11-01  Ján Tomko  <jtomko@redhat.com>

	Use a port from the migration range for NBD as well
	Instead of using a port from the remote display range.
	https://bugzilla.redhat.com/show_bug.cgi?id=1025699

2013-11-01  Ryota Ozaki  <ozaki.ryota@gmail.com>

	nodedev_hal: fix segfault when virDBusGetSystemBus fails
	Thie patch fixes the segfault:
	    error : nodeStateInitialize:658 : DBus not available,
	      disabling HAL driver: internal error: Unable to get DBus
	      system bus connection: Failed to connect to socket
	      /var/run/dbus/system_bus_socket: No such file or directory
	    error : nodeStateInitialize:719 :  ?:
	    Caught Segmentation violation dumping internal log buffer:
	This segfault occurs at the below VIR_ERROR:
	  failure:
	      if (dbus_error_is_set(&err)) {
	          VIR_ERROR(_("%s: %s"), err.name, err.message);
	When virDBusGetSystemBus fails, the code jumps to the above failure
	path. However, the err variable is not correctly initialized
	before calling virDBusGetSystemBus. As a result, dbus_error_is_set
	may pass over the uninitialized err variable whose name or
	message may point to somewhere unknown memory region, which
	causes a segfault on VIR_ERROR.
	The new code initializes the err variable before calling
	virDBusGetSystemBus.

2013-11-01  Daniel P. Berrange  <berrange@redhat.com>

	Improve debugging of QEMU start/stop
	Include reference of the VM object pointer and name in debug
	logs for QEMU start/stop functions. Also make sure we log the
	PID that we started, since it isn't available elsewhere in the
	logs.

	Improve debugging of job enter/exit code
	In debugging a recent oVirt/libvirt race condition, I was very
	frustrated by lack of logging in the job enter/exit code. This
	patch adds some key data which would have been useful in by
	debugging attempts.

2013-10-31  Hongwei Bi  <hwbi2008@gmail.com>

	xenapi: fix coding style in xenapi_driver.c
	Fix the if statement coding style.

2013-10-31  Eric Blake  <eblake@redhat.com>

	storage: use correct type for array count
	Using size_t counts will let us use VIR_APPEND_ELEMENT and friends.
	* src/conf/storage_conf.h (_virStoragePoolObjList)
	(_virStorageVolDefList): Track list sizes with size_t.
	* src/storage/storage_backend_rbd.c
	(virStorageBackendRBDRefreshPool): Fix type fallout.

	maint: avoid further typedef accidents
	To make it easier to forbid future attempts at a confusing typedef
	name ending in Ptr that isn't actually a pointer, insist that we
	follow our preferred style of 'typedef foo *fooPtr'.
	* cfg.mk (sc_forbid_const_pointer_typedef): Enforce consistent
	style, to prevent issue fixed in previous storage patch.
	* src/conf/capabilities.h (virCapsPtr): Fix offender.
	* src/security/security_stack.c (virSecurityStackItemPtr):
	Likewise.
	* tests/qemucapabilitiestest.c (testQemuDataPtr): Likewise.

2013-10-31  Claudio Bley  <cbley@av-test.de>

	docs: generate links from plain text documentation
	There are two forms used throughout libvirt code comments, which
	are both supported by this patch.
	* plain links like e.g. http://www.libvirt.org/
	* links enclosed in <> characters, e.g. <http://www.libvirt.org/>

	libvirt.c: indent code of virDomainGetMemoryParameters's documentation
	By indenting code inside of comments, it gets recognized as a
	code block when generating the HTML documentation.

	libvirt.c: add 2 spaces of indentation to example code of virStreamSend
	See libvirt-libvirt.html#virStreamSend for the effect.

	docs: define style of code blocks inside descriptions

	docs: add class "description" to div's containing descriptions

	docs: process code blocks similar to Markdown
	Wrap pre-formatted example code in <code> elements. This works
	similar to Markdown[1] code blocks[2]:
	Every line indented with at least 2 spaces is considered a code
	block and gets wrapped in <pre> and <code> tags.
	Look at the documentation for e.g. virStreamSend for before-and-after
	effects.
	[1] http://daringfireball.net/projects/markdown/
	[2] http://daringfireball.net/projects/markdown/syntax#precode

2013-10-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix race condition reconnecting to vms & loading configs
	The following sequence
	 1. Define a persistent QMEU guest
	 2. Start the QEMU guest
	 3. Stop libvirtd
	 4. Kill the QEMU process
	 5. Start libvirtd
	 6. List persistent guests
	At the last step, the previously running persistent guest
	will be missing. This is because of a race condition in the
	QEMU driver startup code. It does
	 1. Load all VM state files
	 2. Spawn thread to reconnect to each VM
	 3. Load all VM config files
	Only at the end of step 3, does the 'virDomainObjPtr' get
	marked as "persistent". There is therefore a window where
	the thread reconnecting to the VM will remove the persistent
	VM from the list.
	The easy fix is to simply switch the order of steps 2 & 3.
	In addition to this though, we must only attempt to reconnect
	to a VM which had a non-zero PID loaded from its state file.

	Fix leak of objects when reconnecting to QEMU instances
	The 'error' cleanup block in qemuProcessReconnect() had a
	'return' statement in the middle of it. This caused a leak
	of virConnectPtr & virQEMUDriverConfigPtr instances. This
	was identified because netcf recently started checking its
	refcount in libvirtd shutdown:
	netcfStateCleanup:109 : internal error: Attempt to close netcf state driver with open connections

	Don't update dom->persistent without lock held
	virDomainObjListLoadAllConfigs sets dom->persistent after
	having released its lock on the domain object. This exposes
	a possible race condition.

2013-10-30  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix typos in formatnwfilter
	s/initated/initiated

2013-10-30  Doug Goldstein  <cardoe@cardoe.com>

	MacOS: Re-add support for QEMU backend
	The QEMU backend was disabled on Mac OS X without a reason in the code
	and due to refactors its difficult to understand when/why it was
	disabled. With QEMU being supported on Mac OS X there is no reason to
	disable QEMU on this platform.

2013-10-30  John Ferlan  <jferlan@redhat.com>

	Add '+' to uid/gid printing for label processing
	To ensure proper processing by virGetUserID() and virGetGroupID()
	of a uid/gid add a "+" prior to the uid/gid to denote it's really
	a uid/gid for the label.

2013-10-30  Eric Blake  <eblake@redhat.com>

	storage: fix incorrect typedef
	The rbd code had a confusing typedef ending in Ptr that was not
	actually a pointer, which made the rest of the code harder to
	read.  This fixes things to actually pass by pointer rather than
	by copy.
	* src/storage/storage_backend_rbd.c (virStorageBackendStatePtr):
	Fix typedef.
	(virStorageBackendRBDOpenRADOSConn)
	(virStorageBackendRBDCloseRADOSConn)
	(volStorageBackendRBDRefreshVolInfo)
	(virStorageBackendRBDRefreshPool, virStorageBackendRBDDeleteVol)
	(virStorageBackendRBDCreateVol, virStorageBackendRBDRefreshVol)
	(virStorageBackendRBDResizeVol): Fix fallout.

2013-10-30  Peter Krempa  <pkrempa@redhat.com>

	apparmor: Fix typo in function name in driver struct initialization
	Commit 64a68a4a introduced a typo in the initialization of the apparmor
	driver structure breaking the build with apparmor enabled.

2013-10-29  Michael Chapman  <mike@very.puzzling.org>

	qemu: fix well-formed migration URI formatting
	When adding an automatically allocated port to a well-formed migration
	URI, keep it well-formed:
	  tcp://1.2.3.4/  ->  tcp://1.2.3.4/:12345   # wrong
	  tcp://1.2.3.4/  ->  tcp://1.2.3.4:12345/   # fixed
	  tcp://1.2.3.4   ->  tcp://1.2.3.4:12345    # still works
	  tcp:1.2.3.4     ->  tcp:1.2.3.4:12345      # still works (old syntax)

2013-10-29  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: don't free tty before using it in lxcContainerSetupDevices
	Introduced by commit 0f31f7b.

2013-10-29  Daniel P. Berrange  <berrange@redhat.com>

	Push RPM deps down into libvirt-daemon-driver-XXXX sub-RPMs
	For inexplicable reasons, many of the 3rd party package deps
	were left against the 'libvirt-daemon' RPM when the drivers
	were split out. This makes a minimal install heavier that
	it should be. Push them all down into libvirt-daemon-driver-XXX
	so they're only pulled in when truly needed
	With this change applied, a minimal install of just the
	libvirt-daemon-driver-lxc RPM is reduced by 41 MB on a
	Fedora 19 host.

2013-10-29  Giuseppe Scrivano  <gscrivan@redhat.com>

	capabilities: add baselabel per sec driver/virt type to secmodel
	Expand the "secmodel" XML fragment of "host" with a sequence of
	baselabel's which describe the default security context used by
	libvirt with a specific security model and virtualization type:
	<secmodel>
	  <model>selinux</model>
	  <doi>0</doi>
	  <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel>
	  <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel>
	</secmodel>
	<secmodel>
	  <model>dac</model>
	  <doi>0</doi>
	  <baselabel type='kvm'>107:107</baselabel>
	  <baselabel type='qemu'>107:107</baselabel>
	</secmodel>
	"baselabel" is driver-specific information, e.g. in the DAC security
	model, it indicates USER_ID:GROUP_ID.

	security: add new internal function "virSecurityManagerGetBaseLabel"
	virSecurityManagerGetBaseLabel queries the default settings used by
	a security model.

	security: use a single function to set DAC user and group
	Merge the functions 'virSecurityDACSetUser' and
	'virSecurityDACSetGroup' into 'virSecurityDACSetUserAndGroup'.

2013-10-29  Pavel Raiskup  <praiskup@redhat.com>

	virsh: new environment variable VIRSH_HISTSIZE
	Allow adjust the number of commands to remember in the command
	history.
	* tools/virsh.c (vshReadlineInit): Read and sanity the
	VIRSH_HISTSIZE variable.
	(VIRSH_HISTSIZE_MAX): New constant.
	* tools/virsh.pod: Document VIRSH_HISTSIZE variable.

2013-10-29  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Since we haven't quite frozen yet, it's time to pick up some
	gnulib fixes.  I know at least cygwin benefits from this update.
	* .gnulib: Update to latest, in part for cygwin compilation.

2013-10-28  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	Skip debug message in lxcContainerSetID if no map is set.
	The lxcContainerSetID() method prints a misleading log
	message about setting the uid/gid when no ID map is
	present in the XML config. Skip the debug message in
	this case.

2013-10-25  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	doc: fix a typo in formatdomain
	s/no/not

2013-10-24  John Ferlan  <jferlan@redhat.com>

	Avoid Coverity DEADCODE warning
	Commit '922b7fda' resulted in two DEADCODE warnings from Coverity in
	remoteDispatchAuthPolkit and virAccessDriverPolkitFormatProcess.
	Commit '604ae657' modified the daemon.c code to remove the deadcode
	issue, but did not do so for viracessdriverpolkit.c. This just mimics
	the same changes

2013-10-24  Eric Blake  <eblake@redhat.com>

	virsh: undocument --shareable (--mode already covers it)
	Commit e962a57 added 'attach-disk --shareable', even though we
	already had 'attach-disk --mode=shareable'.  Worse, if the user
	types 'attach-disk --mode=readonly --shareable', we create
	non-sensical XML.  The best solution is just to undocument the
	duplicate spelling, by having it fall back to the preferred
	spelling.
	* tools/virsh-domain.c (cmdAttachDisk): Let alias handling fix our
	mistake in exposing a second spelling for an existing option.
	* tools/virsh.pod: Fix documentation.

	virsh: allow alias to expand to opt=value pair
	We want to treat 'attach-disk --shareable' as an undocumented
	alias for 'attach-disk --mode=shareable'.  By improving our
	alias handling, we can allow all such --bool -> --opt=value
	replacements, and guarantee up front that the alias is not
	mixed with its replacement.
	* tools/virsh.c (vshCmddefOptParse, vshCmddefGetOption): Add
	support for expanding bool alias to --opt=value.
	(opts_echo): Add another alias to test it.
	* tests/virshtest.c (mymain): Test it.

2013-10-24  Martin Kletzander  <mkletzan@redhat.com>

	libxl: Fix possible invalid read
	According to the following valgrind output, there seems to be a
	invalid limit for the iterator (captured on Fedora 19):
	==3945== Invalid read of size 1
	==3945==    at 0x1E1FA410: libxlVmStart (libxl_driver.c:475)
	==3945==    by 0x1E1FAD9A: libxlDomainCreateWithFlags (libxl_driver.c:2633)
	==3945==    by 0x5187D46: virDomainCreate (libvirt.c:9439)
	==3945==    by 0x13BAA6: remoteDispatchDomainCreateHelper (remote_dispatch.h:2910)
	==3945==    by 0x51DE5B9: virNetServerProgramDispatch (virnetserverprogram.c:435)
	==3945==    by 0x51D93E7: virNetServerHandleJob (virnetserver.c:165)
	==3945==    by 0x50F5BF4: virThreadPoolWorker (virthreadpool.c:144)
	==3945==    by 0x50F5670: virThreadHelper (virthreadpthread.c:161)
	==3945==    by 0x8046C52: start_thread (pthread_create.c:308)
	==3945==    by 0x8758E1C: clone (clone.S:113)
	==3945==  Address 0x23424d81 is 0 bytes after a block of size 1 alloc'd
	==3945==    at 0x4A08121: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==3945==    by 0x50B1F8C: virAllocN (viralloc.c:189)
	==3945==    by 0x1E1FA3CA: libxlVmStart (libxl_driver.c:468)
	==3945==    by 0x1E1FAD9A: libxlDomainCreateWithFlags (libxl_driver.c:2633)
	==3945==    by 0x5187D46: virDomainCreate (libvirt.c:9439)
	==3945==    by 0x13BAA6: remoteDispatchDomainCreateHelper (remote_dispatch.h:2910)
	==3945==    by 0x51DE5B9: virNetServerProgramDispatch (virnetserverprogram.c:435)
	==3945==    by 0x51D93E7: virNetServerHandleJob (virnetserver.c:165)
	==3945==    by 0x50F5BF4: virThreadPoolWorker (virthreadpool.c:144)
	==3945==    by 0x50F5670: virThreadHelper (virthreadpthread.c:161)
	==3945==    by 0x8046C52: start_thread (pthread_create.c:308)
	==3945==    by 0x8758E1C: clone (clone.S:113)
	==3945==
	Related: https://bugzilla.redhat.com/show_bug.cgi?id=1013045

2013-10-24  Eric Blake  <eblake@redhat.com>

	virsh: fix doc typos
	Reported in https://bugzilla.redhat.com/show_bug.cgi?id=1022872
	* tools/virsh.pod: s/COMMMANDS/COMMANDS/

2013-10-23  Martin Kletzander  <mkletzan@redhat.com>

	Ignore GNU Global tag files
	... the same way we ignore other TAGS

	build: Fix prohibit_int_ijk (and iijjkk) on RHEL 5
	On RHEL 5, make syntax-check was failing because even strings like
	'int isTempChain' matched the 'int i' rule.  To be honest, I haven't
	found the root cause, but the change added makes it work as expected
	and keeps the proper behavior on newer systems as well.

2013-10-23  Marian Neagul  <marian@info.uvt.ro>

	python: Fix Create*WithFiles filefd passing
	Commit d76227be added functions virDomainCreateWithFiles and
	virDomainCreateXMLWithFiles, but there was a little piece missing in
	python bindings.  This patch fixes proper passing of file descriptors
	in the overwrites of these functions.

2013-10-23  Hongwei Bi  <hwbi2008@gmail.com>

	networkStartDhcpDaemon: Check for dnsmasqCapsRefresh failure
	Currently, we ignore whether dnsmasqCapsRefresh succeeds or fails. We
	shouldn't do that as we may generate wrong dnsmasq command line (what
	is done just a few lines below).

2013-10-22  Doug Goldstein  <cardoe@cardoe.com>

	rpc: Retrieve peer PID via new getsockopt() for Mac
	While LOCAL_PEERCRED on the BSDs does not return the pid information of
	the peer, Mac OS X 10.8 added LOCAL_PEERPID to retrieve the pid so we
	should use that when its available to get that information.

2013-10-22  Eric Blake  <eblake@redhat.com>

	maint: typo fixes
	* ChangeLog-old: s/guarentee/guarantee/

2013-10-22  Jim Fehlig  <jfehlig@suse.com>

	build: fix build of virt-login-shell on systems with older gnutls
	On systems where gnutls uses libgcrypt, I'm seeing the following
	build failure
	libvirt.c:314: error: variable 'virTLSThreadImpl' has initializer but incomplete type
	libvirt.c:319: error: 'GCRY_THREAD_OPTION_PTHREAD' undeclared here (not in a function)
	...
	Fix by undefining WITH_GNUTLS_GCRYPT in config-post.h

2013-10-22  Michal Privoznik  <mprivozn@redhat.com>

	Get rid of shadowed booleans
	There are still two places where we are using 1bit width unsigned
	integer to store a boolean. There's no real need for this and these
	occurrences can be replaced with 'bool'.

2013-10-22  Jim Fehlig  <jfehlig@suse.com>

	build: fix linking virt-login-shell
	After commit 3e2f27e1, I've noticed build failures of virt-login-shell
	when libapparmor-devel is installed on the build host
	CCLD     virt-login-shell
	../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o):
	In function `virExec':
	/home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined
	reference to `aa_change_profile'
	collect2: error: ld returned 1 exit status
	I was about to commit an easy fix under the build-breaker rule
	(build-fix-1.patch), but thought to extend the notion of SECDRIVER_LIBS
	to SECDRIVER_CFLAGS, and use both throughout src/Makefile.am where it
	makes sense (build-fix-2.patch).
	Should I just stick with the simple fix, or is something along the lines
	of patch 2 preferred?
	Regards,
	Jim
	>From a0f35945f3127ab70d051101037e821b1759b4bb Mon Sep 17 00:00:00 2001
	From: Jim Fehlig <jfehlig@suse.com>
	Date: Mon, 21 Oct 2013 15:30:02 -0600
	Subject: [PATCH] build: fix virt-login-shell build with apparmor
	With libapparmor-devel installed, virt-login-shell fails to link
	CCLD     virt-login-shell
	../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec':
	/home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile'
	collect2: error: ld returned 1 exit status
	Fix by linking libvirt_setuid_rpc_client with previously determined
	SECDRIVER_LIBS in src/Makefile.am.  While at it, introduce SECDRIVER_CFLAGS
	and use both throughout src/Makefile.am where it makes sense.

2013-10-22  Michal Privoznik  <mprivozn@redhat.com>

	vircgroupmock: Mock access() to some more files
	Currently, if access(path, mode) is invoked, we check if @path has this
	special prefix SYSFS_PREFIX. If it does, we modify the path a bit and
	call realaccess. If it doesn't we act just like a wrapper and call
	realaccess directly. However, we are mocking fopen() as well. And as one
	can clearly see there, fopen("/proc/cgroups") will succeed. Hence, we
	have an error in our mocked access(): We need to check whether @path is
	not equal to /proc/cgroups as it may not exists on real system we're
	running however we definitely know how to fopen() it.

	tests: Use lv_abs_top_builddir instead of bare abs_top_builddir
	As stated in the comment above introduction of the lv_abs_top_builddir
	variable, older automake doesn't provide abs_top_builddir variable.
	Hence, we are creating our own one with lv_ prefix. However, when
	exporting env variables to the tests, the variables are not evaluated
	but only substituted. Hence:
	  LIBVIRT_DRIVER_DIR="$(abs_top_builddir)/src/.libs"
	is set to "/src/.libs" with old automake (even though we *think* we've
	set the $abs_top_builddir variable just a few line above).

2013-10-22  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix job watching when STDIN is not a tty
	In commit b46c4787dde79b015dad67dedda4ccf6ff1a3082 I changed the code to
	watch long running jobs in virsh. Unfortunately I didn't take into
	account that poll may get a hangup if the terminal is not a TTY and will
	be closed.
	This patch avoids polling the STDIN fd when there's no TTY.

2013-10-22  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix some typos about 'informations'
	s/informations/information

2013-10-22  Ryota Ozaki  <ozaki.ryota@gmail.com>

	nodeinfo: fix physical memory size on Mac OS X
	HW_PHYSMEM is available on Mac OS X as well as FreeBSD, however,
	its resulting value for Mac OS X is 32 bits. Mac OS X provides
	HW_MEMSIZE that is 64 bits version of HW_PHYSMEM. We have to use it.
	I tested the patch on Mac OS X 10.6.8, 10.7.4, 10.8.5 and FreeBSD 9.2.

2013-10-21  Laine Stump  <laine@laine.org>

	qemu: fix removal of <interface type='hostdev'>
	This patch (and the two patches that precede it) resolve:
	  https://bugzilla.redhat.com/show_bug.cgi?id=1005682
	When libvirt was changed to delay the final cleanup of device removal
	until the qemu process had signaled it with a DEVICE_DELETED event for
	that device, the hostdev removal function
	(qemuDomainRemoveHostDevice()) was written to properly handle the
	removal of a hostdev that was actually an SRIOV virtual function
	(defined with <interface type='hostdev'>). However, the function used
	to search for a device matching the alias name provided in the
	DEVICE_DELETED message (virDomainDefFindDevice()) would search through
	the list of netdevs before hostdevs, so qemuDomainRemoveHostDevice()
	was never called; instead the netdev function,
	qemuDomainRemoveNetDevice() (which *doesn't* properly cleanup after
	removal of <interface type='hostdev'>), was called.
	(As a reminder - each <interface type='hostdev'> results in a
	virDomainNetDef which contains a virDomainHostdevDef having a parent
	type of VIR_DOMAIN_DEVICE_NET, and parent.data.net pointing back to
	the virDomainNetDef; both Defs point to the same device info object
	(and the info contains the device's "alias", which is used by qemu to
	identify the device). The virDomainHostdevDef is added to the domain's
	hostdevs list *and* the virDomainNetDef is added to the domain's nets
	list, so searching either list for a particular alias will yield a
	positive result.)
	This function modifies the qemuDomainRemoveNetDevice() to short
	circuit itself and call qemu DomainRemoveHostDevice() instead when the
	actual device is a VIR_DOMAIN_NET_TYPE_HOSTDEV (similar logic to what
	is done in the higher level qemuDomainDetachNetDevice())
	Note that even if virDomainDefFindDevice() changes in the future so
	that it finds the hostdev entry first, the current code will continue
	to work properly.

	qemu: move qemuDomainRemoveNetDevice to avoid forward reference
	pure code movement to setup for next patch.

	qemu: simplify calling qemuDomainHostdevNetConfigRestore
	This function was called in three places, and in each the call was
	qualified by a slightly different conditional. In reality, this
	function should only be called for a hostdev if all of the following
	are true:
	  1) mode='subsystem'
	  2) type='pci'
	  3) there is a parent device definition which is an <interface>
	     (VIR_DOMAIN_DEVICE_NET)
	We can simplify the callers and make them more consistent by checking
	these conditions at the top ov qemuDomainHostdevNetConfigRestore and
	returning 0 if one of them isn't satisfied.
	The location of the call to qemuDomainHostdevNetConfigRestore() has
	also been changed in the hot-plug case - it is moved into the caller
	of its previous location (i.e. from qemuDomainRemovePCIHostDevice() to
	qemuDomainRemoveHostDevice()). This was done to be more consistent
	about which functions pay attention to whether or not this is one of
	the special <interface> hostdevs or just a normal hostdev -
	qemuDomainRemoveHostDevice() already contained a call to
	networkReleaseActualDevice() and virDomainNetDefFree(), so it makes
	sense for it to also handle the resetting of the device's MAC address
	and vlan tag (which is what's done by
	qemuDomainHostdevNetConfigRestore()).

2013-10-21  Daniel P. Berrange  <berrange@redhat.com>

	Move virt-login-shell into libvirt-login-shell sub-RPM
	Many people will not want the setuid virt-login-shell binary
	installed by default, so move it into a separate sub-RPM
	named libvirt-login-shell. This RPM is only generated if
	LXC is enabled

	Block all use of libvirt.so in setuid programs
	Avoid people introducing security flaws in their apps by
	forbidding the use of libvirt.so in setuid programs, with
	a check in virInitialize.

	Remove (nearly) all use of getuid()/getgid()
	Most of the usage of getuid()/getgid() is in cases where we are
	considering what privileges we have. As such the code should be
	using the effective IDs, not real IDs.

	Add stub getegid impl for platforms lacking it
	We already have stubs for getuid, geteuid, getgid but
	not for getegid. Something in gnulib already does a
	check for it during configure, so we already have the
	HAVE_GETEGID macro defined.

	Don't allow remote driver daemon autostart when running setuid
	We don't want setuid programs automatically spawning libvirtd,
	so disable any use of autostart when setuid.

	Only allow the UNIX transport in remote driver when setuid
	We don't know enough about quality of external libraries used
	for non-UNIX transports, nor do we want to spawn external
	commands when setuid. Restrict to the bare minimum which is
	UNIX transport for local usage. Users shouldn't need to be
	running setuid if connecting to remote hypervisors in any
	case.

	Block all use of getenv with syntax-check
	The use of getenv is typically insecure, and we want people
	to use our wrappers, to force them to think about setuid
	needs.

	Remove all direct use of getenv
	Unconditional use of getenv is not secure in setuid env.
	While not all libvirt code runs in a setuid env (since
	much of it only exists inside libvirtd) this is not always
	clear to developers. So make all the code paranoid, even
	if it only ever runs inside libvirtd.

	Make virCommand env handling robust in setuid env
	When running setuid, we must be careful about what env vars
	we allow commands to inherit from us. Replace the
	virCommandAddEnvPass function with two new ones which do
	filtering
	  virCommandAddEnvPassAllowSUID
	  virCommandAddEnvPassBlockSUID
	And make virCommandAddEnvPassCommon use the appropriate
	ones

	Set a sane $PATH for virt-login-shell
	The virt-login-shell binary shouldn't need to execute programs
	relying on $PATH, but just in case set a fixed $PATH value
	of /bin:/usr/bin

	Don't link virt-login-shell against libvirt.so (CVE-2013-4400)
	The libvirt.so library has far too many library deps to allow
	linking against it from setuid programs. Those libraries can
	do stuff in __attribute__((constructor) functions which is
	not setuid safe.
	The virt-login-shell needs to link directly against individual
	files that it uses, with all library deps turned off except
	for libxml2 and libselinux.
	Create a libvirt-setuid-rpc-client.la library which is linked
	to by virt-login-shell. A config-post.h file allows this library
	to disable all external deps except libselinux and libxml2.

	Close all non-stdio FDs in virt-login-shell (CVE-2013-4400)
	We don't want to inherit any FDs in the new namespace
	except for the stdio FDs. Explicitly close them all,
	just in case some do not have the close-on-exec flag
	set.

	Only allow 'stderr' log output when running setuid (CVE-2013-4400)
	We must not allow file/syslog/journald log outputs when running
	setuid since they can be abused to do bad things. In particular
	the 'file' output can be used to overwrite files.

	Add helpers for getting env vars in a setuid environment
	Care must be taken accessing env variables when running
	setuid. Introduce a virGetEnvAllowSUID for env vars which
	are safe to use in a setuid environment, and another
	virGetEnvBlockSUID for vars which are not safe. Also add
	a virIsSUID helper method for any other non-env var code
	to use.

	Fix perms for virConnectDomainXML{To,From}Native (CVE-2013-4401)
	The virConnectDomainXMLToNative API should require 'connect:write'
	not 'connect:read', since it will trigger execution of the QEMU
	binaries listed in the XML.
	Also make virConnectDomainXMLFromNative API require a full
	read-write connection and 'connect:write' permission. Although the
	current impl doesn't trigger execution of QEMU, we should not
	rely on that impl detail from an API permissioning POV.

2013-10-21  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix a typo in formatdomain
	s/effect/affect

2013-10-19  Geoff Hickey  <ghickey@datagravity.com>

	Fix a problem introduced by commit 99889012
	The meaning of one line of code was accidentally inverted.

2013-10-19  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Fix augeas support for migration ports
	Commit e3ef20d7 allows user to configure migration ports range via
	qemu.conf. However, it forgot to update augeas definition file and
	even the test data was malicious.

2013-10-18  Jiri Denemark  <jdenemar@redhat.com>

	docs: Expand description of host-model CPU mode
	host-model is a nice idea but it's current implementation make it
	useless on some hosts so it should be used with care.

	qemu: Make migration port range configurable
	https://bugzilla.redhat.com/show_bug.cgi?id=1019053

2013-10-18  Wang Yufei  <james.wangyufei@huawei.com>

	qemu: Avoid assigning unavailable migration ports
	https://bugzilla.redhat.com/show_bug.cgi?id=1019053
	When we migrate vms concurrently, there's a chance that libvirtd on
	destination assigns the same port for different migrations, which will
	lead to migration failure during prepare phase on destination. So we use
	virPortAllocator here to solve the problem.

2013-10-18  Michal Privoznik  <mprivozn@redhat.com>

	viralloc.h: Fix typo in VIR_APPEND_ELEMENT_COPY_QUIT
	In fact, the suffix should be _QUIET not _QUIT to stress the
	fact, that no OOM error is reported on error.

2013-10-18  Christophe Fergeau  <cfergeau@redhat.com>

	netcf: Don't complain when cleanup is called before init
	netcfStateInitialize() initializes the driverState variable,
	and when netcfStateCleanup is called, it will call virReportError()
	if driverState is NULL.
	This is not consistent with what other state objects are doing,
	they return -1 without reporting an error in such cases.
	See also
	https://www.redhat.com/archives/libvir-list/2013-October/msg00809.html:
	On Thu, Oct 17, 2013 at 01:40:19PM +0100, Daniel P. Berrange wrote:
	> We don't want virStateCleanup to skip execution if virStateInitialize
	> has failed though - every callback in virStateCleanup should be written
	> to be safe if its corresponding init function hasn't run.

2013-10-18  Zhou Yimin  <zhouyimin@huawei.com>

	remote: fix regression in event deregistration
	Introduced by 7b87a3
	When I quit the process which only register VIR_DOMAIN_EVENT_ID_REBOOT,
	I got error like:
	"libvirt: XML-RPC error : internal error: domain event 0 not registered".
	Then I add the following code, it fixed.

2013-10-18  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	daemon: don't free domain if it's null
	If we fail to get domain, we had to judge whether
	it's null or not when doing 'cleanup'.

2013-10-18  John Ferlan  <jferlan@redhat.com>

	Remove ATTRIBUTE_NONNULL(3) from qemuMonitorJSONDrivePivot
	The header definition didn't match the function declaration, so adjusted
	header to reflect the definition.
	Found during a Coverity build where STATIC_ANALYSIS is enabled resulting
	in the internal.h adding __nonnull__ handling to arguments.
	Commit '6d264c91' added support for the qemuMonitorJSONDrivePivot() and
	commit 'fbc3adc9' added a corresponding test which ended up triggering
	the build failure which I didn't notice until today!

2013-10-18  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	virsh: improve usability of '--print-xml' flag for attach-disk command
	'--print-xml' option is very useful for doing some test.
	But we had to specify a real domain for it.
	This patch could enable us to specify a fake domain
	when using --print-xml option.

2013-10-18  Geoff Hickey  <ghickey@datagravity.com>

	esx: Remove unnecessary NULL comparisons (3/3)
	Code cleanup: remove explicit NULL comparisons like ptr == NULL and
	ptr != NULL from the ESX code, replacing them with the simpler ptr
	and !ptr.
	Part three of three.

	esx: Remove unnecessary NULL comparisons (2/3)
	Code cleanup: remove explicit NULL comparisons like ptr == NULL and
	ptr != NULL from the ESX code, replacing them with the simpler ptr
	and !ptr.
	Part two of three.

	esx: Remove unnecessary NULL comparisons (1/3)
	Code cleanup: remove explicit NULL comparisons like ptr == NULL and
	ptr != NULL from the ESX code, replacing them with the simpler ptr
	and !ptr.
	Part one of three.

2013-10-17  Daniel P. Berrange  <berrange@redhat.com>

	Add support for enabling SASL for SPICE guests
	QEMU has support for SASL auth for SPICE guests, but libvirt
	has no way to enable it. Following the example from VNC where
	it is globally enabled via qemu.conf

2013-10-17  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainCleanupRemove: s/memmove/VIR_DELETE_ELEMENT_INPLACE/
	The last argument of memmove is the amount of bytes to be moved. The
	amount is in Bytes. We are moving some void pointers around. However,
	since sizeof(void *) is not Byte on any architecture, we've got the
	arithmetic wrong.

2013-10-17  Brian Candler  <b.candler@pobox.com>

	better error checking for LOCAL_PEERCRED
	This patch improves the error checking in the LOCAL_PEERCRED version
	of virNetSocketGetUNIXIdentity, used by FreeBSD and Mac OSX.
	1. The error return paths now correctly unlock the socket. This is
	implemented in exactly the same way as the SO_PEERCRED version,
	using "goto cleanup"
	2. cr.cr_ngroups is initialised to -1, and cr.cr_ngroups is checked
	for negative and overlarge values.
	This means that if the getsockopt() call returns success but doesn't
	actually update the xucred structure, this is now caught. This
	happened previously when getsockopt was called with SOL_SOCKET
	instead of SOL_LOCAL, prior to commit 5a468b3, and resulted in
	random uids being accepted.

2013-10-17  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	virsh: fix a typo in virsh-domain
	s/it's/its

2013-10-17  Giuseppe Scrivano  <gscrivan@redhat.com>

	build: use the gnulib version of the .m4 files when present
	prevent aclocal from preferring .m4 files under m4/ over the version
	provided by gnulib, by using only one directory.
	I have noticed this after './configure --help' gave me two different
	versions of "--enable-threads".  This was caused by aclocal that
	preferred the version of lock.m4 provided by autopoint instead of
	using the newer version distributed with gnulib.
	Having two different directories made sense back when we checked
	gnulib files into libvirt.git, but that was ages ago.

2013-10-17  Eric Blake  <eblake@redhat.com>

	storage: allow interleave in pool XML
	The RNG grammar did not allow arbitrary interleaving, which makes
	it harder than necessary to create a new pool from handwritten XML.
	* docs/schemas/storagepool.rng: Allow interleaving.
	* tests/storagepoolxml2xmlin/pool-sheepdog.xml: Test interleave.
	* tests/storagepoolxml2xmlin/pool-iscsi-auth.xml: Likewise.

2013-10-16  Eric Blake  <eblake@redhat.com>

	storage: document existing pools
	We forgot to document several pool types.
	* docs/formatstorage.html.in: Add docs for scsi, mpath, rbd, and
	sheepdog.

2013-10-16  Christophe Fergeau  <cfergeau@redhat.com>

	remote-driver: Fix 'leav' typo in comment

2013-10-16  Osier Yang  <jyang@redhat.com>

	rpc: Correct the wrong payload size checking
	<...>
	/* Size of message length field. Not counted in VIR_NET_MESSAGE_MAX
	 * and VIR_NET_MESSAGE_INITIAL.
	 */
	const VIR_NET_MESSAGE_LEN_MAX = 4;
	</...>
	However, msg->bufferLength includes the length word. The wrong checking
	was introduced by commit e914dcfd.
	* src/rpc/virnetmessage.c:
	  - Correct the checking in virNetMessageEncodePayloadRaw
	  - Use a new variable to track the new payload length in
	    virNetMessageEncodePayloadRaw

2013-10-16  Daniel P. Berrange  <berrange@redhat.com>

	Add support for detecting PPC little endian arches
	The recent patch series proposing the addition of PPC little endian
	arch support to Linux defines new arch names 'ppcle' and 'ppc64le':
	https://lists.ozlabs.org/pipermail/linuxppc-dev/2013-August/109908.html
	This just makes libvirt know about these arch names, so it doesn't
	immediately trip up if it seems these new names from uname.

	Fix typo breaking cgroups for NBD backed filesystems
	A typo in the setup of NBD backed filesystems meant the
	/dev/nbdN device would not be added to the cgroups device
	ACL.

	Add some logging to LXC disk/fs nbd/loop setup

	Add logging to LXC cgroup devices setup
	To facilitate debugging, add some more logging to LXC cgroup
	devices ACL setup.

	Add log statement when NBD device is setup

2013-10-16  Pranavkumar Sawargaonkar  <pranavkumar@linaro.org>

	AArch64: Add qemu capabilities schemeta for test.
	Add qemu AArch64 capabilities schemeta in caps-qemu-kvm.xml.
	(crobinso: add aarch64 to schema arch list)

	Implement minimal sysinfo for AArch64 platforms.
	Implement the bare minimal sysinfo for AArch64 platforms by
	reading the CPU models from /proc/cpuinfo.

	AArch64: Parse cputopology from /proc/cpuinfo.
	CPU "parser" for AArch64.
	Showing cputopology in arm64 linux is work-in-progress so for now
	all AArch64 cpus belong to same socket (like PPC).
	Also we parse BogoMIPS same like arm 32bit.

	AArch64: CPU Support for AArch64 (ARMv8 64bit).
	Adding CPU encoder/decoder for AArch64.
	(crobinso: fix for recent libvirt Ptr refactoring)

	AArch64: Add AArch64 architecture to list of valid arches.
	Adding AArch64(ARMv8 64bit) to the current list of valid architectures.
	For now, AArch64 name would imply AArch64 LE mode only. In future,
	we might have separate names for AArch64 LE and BE.

2013-10-16  Dusty Mabe  <dustymabe@gmail.com>

	Ignore thin pool LVM devices.
	This should resolve:
	  https://bugzilla.redhat.com/show_bug.cgi?id=924672
	For BZ 924672 the problem stems from the fact that thin pool logical
	volume devices show up in /sbin/lvs output just like normal logical
	volumes do. Libvirt incorrectly assumes they are just normal logical
	volumes and that they will have a corresponding /dev/vgname/lvname
	device that has been created by udev and tries to use this device.
	To illustrate here is an example of the /dev/vgname/ directory and
	the lvs output for a normal lv, thin lv, and thin pool:
	    LV     VG       Attr      LSize  Pool Origin Data%  Move Log Copy%  Convert
	    lv     vgguests -wi-a----  1.00g
	    pool   vgguests twi-a-tz- 11.00g               0.00
	    thinlv vgguests Vwi-a-tz-  1.00g pool          0.00
	total 0
	lrwxrwxrwx. 1 root root 7 Oct  8 19:35 lv -> ../dm-7
	lrwxrwxrwx. 1 root root 7 Oct  8 19:37 thinlv -> ../dm-6
	This patch modifies virStorageBackendLogicalMakeVol() to ignore thin pool
	devices.

2013-10-16  Michal Privoznik  <mprivozn@redhat.com>

	domain_conf.c: Initialize arrVar and cntVar
	Some ancient gcc fails to see the variables are initialized in a
	separate function and a false positive is produced:
	cc1: warnings being treated as errors
	conf/domain_conf.c: In function 'virDomainChrGetDomainPtrs':
	conf/domain_conf.c:10342: error: 'arrVar' may be used uninitialized in this function [-Wuninitialized]
	conf/domain_conf.c:10343: error: 'cntVar' may be used uninitialized in this function [-Wuninitialized]
	conf/domain_conf.c: In function 'virDomainChrInsert':
	conf/domain_conf.c:10362: error: 'arrPtr' may be used uninitialized in this function [-Wuninitialized]
	conf/domain_conf.c:10363: error: 'cntPtr' may be used uninitialized in this function [-Wuninitialized]
	conf/domain_conf.c: In function 'virDomainChrRemove':
	conf/domain_conf.c:10374: error: 'arrPtr' may be used uninitialized in this function [-Wuninitialized]
	conf/domain_conf.c:10375: error: 'cntPtr' may be used uninitialized in this function [-Wuninitialized]

2013-10-15  Peter Krempa  <pkrempa@redhat.com>

	cpu: x86: Clean up error messages in x86VendorLoad()
	Avoid a line exceeding 80 characters and change argument alignment in
	two error messages.

	cpu: x86: Use whitespace to clarify context and use consistent labels

	cpu: x86: Fix function header formatting and whitespace

	cpu: x86: Fix return types of x86cpuidMatch and x86cpuidMatchMasked
	These return boolean results.

	cpu: x86: Rename data_iterator and DATA_ITERATOR_INIT
	Use virCPUx86DataIterator and virCPUx86DataIteratorInit.

2013-10-15  Jiri Denemark  <jdenemar@redhat.com>

	cpu: x86: Rename x86DataAddCpuid as virCPUx86DataAddCPUID

	cpu: x86: Rename x86MakeCPUData as virCPUx86MakeData

	cpu: x86: Rename x86DataFree() as virCPUx86DataFree()

	cpu: x86: Rename struct cpuX86Data as virCPUx86Data

	cpu: x86: Rename struct cpuX86cpuid as virCPUx86CPUID

	cpu: Add support for loading and storing CPU data
	This patch adds cpuDataFormat and cpuDataParse APIs to be used in unit
	tests for testing APIs that deal with virCPUData. In the x86 world, this
	means we can now store/load arbitrary CPUID data in the test suite to
	check correctness of CPU related APIs that could not be tested before.

2013-10-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Fix macro indentation

	conf: Mark user provided strings in error messages when parsing XML
	Use apostrophes to denote user provided option names when parsing the
	domain XML.

	schema: Rename option 'hypervtristate' to 'featurestate'
	Change the RelaxNG schema option name so that it can be reused for
	non-hyperv feature flags.

2013-10-15  Hongwei Bi  <hwbi2008@gmail.com>

	fix typo in lxc_driver.c and virsh-nodedev.c

2013-10-15  Daniel Hansel  <daniel.hansel@linux.vnet.ibm.com>

	build: Add lxc testcase to dist list
	Introduced by commit 3f029fb5319b9dc9cc2fbf8d1ba4505ee9e4b1e3 the RPM build
	was broken due to a missing LXC textcase.

2013-10-15  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	cgroup: leave blkio cgroup value checking to kernel
	The range of valid values for cgroup tunables has
	changed in the past and may change again in future
	kernels. Avoid hardcoding range checks in libvirt
	code, delegating range checking to the kernel itself.

	cgroup: show error when EINVAL is returned
	When EINVAL is returned while changing a cgroups value, tell
	user that what values are invalid for the field.

	docs: change the minimum weight description for blkio
	Since 2.6.39, kernel changed the minimum weight of device blkio.
	Update related docs.

2013-10-15  Ryota Ozaki  <ozaki.ryota@gmail.com>

	vbox: handle 'saved' state of VMs
	VirtualBox has 'saved' state for VMs saved by the hypervisor.
	However, the state is treated as VIR_DOMAIN_NOSTATE by the vbox
	driver, resulting that virsh shows 'no state' for saved VMs.
	The fix treats the state as VIR_DOMAIN_SHUTOFF as same as
	other domains such as qemu.

	vbox: merge duplicate state conversions
	The code for converting between virtualbox API states
	and libvirt states was duplicated in two places. Pull
	the code out into a shared helper method.

2013-10-15  Geoff Hickey  <ghickey@datagravity.com>

	esx: Fix floppy.fileName handling in the vmx file parser
	The vmx file parsing code was reporting errors when parsing floppy.fileName
	entries if the filename didn't end in .flp. There is no such restriction in
	ESX; even using the GUI to configure floppy filenames you can specify any
	arbitrary file with any extension.
	Fix by changing the vmx parsing code so that it uses the floppy.fileType
	value to determine whether floppy.fileName refers to a block device or a
	regular file.
	Also remove code that would have generated an error if no floppy.fileName
	was specified. This is not an error either.
	Updated the floppy tests in vmx2xmltest.c and xml2vmxtest.c.

2013-10-15  Daniel P. Berrange  <berrange@redhat.com>

	Add some notes about secure usage of libvirt
	Start a page describing some of the things that applications
	using libvirt need to bear in mind to ensure security of their
	systems.

2013-10-15  Ján Tomko  <jtomko@redhat.com>

	Convert uuid to a string before printing it
	Introduced by 1fa7946.
	https://bugzilla.redhat.com/show_bug.cgi?id=1019023

2013-10-15  Peter Krempa  <pkrempa@redhat.com>

	xenapi: Fix build after const correctnes changes
	In commit d24677090f1c0596ac1585cc233d6e130b9bb75f the header of one of
	the post parse callbacks was changed, but the function used as the
	callback in the xenapi driver wasn't adapted. This resulted into:
	  CC       xenapi/libvirt_driver_xenapi_la-xenapi_utils.lo
	 xenapi/xenapi_driver.c:63:5: error: initialization from incompatible pointer type [-Werror]
	 xenapi/xenapi_driver.c:63:5: error: (near initialization for 'xenapiDomainDefParserConfig.devicesPostParseCallback') [-Werror]

2013-10-15  Eric Blake  <eblake@redhat.com>

	build: syntax check to avoid 'const fooPtr'
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).
	Now that the code base has been cleaned, enforce it with a syntax
	checker.
	* cfg.mk (sc_forbid_const_pointer_typedef): New rule.

	maint: avoid 'const fooPtr' in all remaining places
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).
	Fix up all remaining offenders.
	* src/lxc/lxc_process.c (virLXCProcessSetupInterfaceBridged): Drop
	needless const.
	* src/uml/uml_driver.c (umlMonitorCommand): Use intended type.
	(umlMonitorAddress): Fix fallout.
	* src/xen/xm_internal.c (xenXMDomainSearchForUUID): Use intended type.

	maint: avoid 'const fooPtr' in qemu
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).
	Fix up offenders in src/qemu.
	* src/qemu/qemu_bridge_filter.h (networkAllowMacOnPort)
	(networkDisallowMacOnPort): Use intended type.
	* src/qemu/qemu_bridge_filter.c (networkAllowMacOnPort)
	(networkDisallowMacOnPort): Likewise.
	* src/qemu/qemu_command.c (qemuBuildTPMBackendStr)
	(qemuBuildTPMDevStr, qemuBuildCpuArgStr)
	(qemuBuildObsoleteAccelArg, qemuBuildMachineArgStr)
	(qemuBuildSmpArgStr, qemuBuildNumaArgStr): Likewise.
	* src/qemu/qemu_conf.c (qemuSharedDeviceEntryCopy): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSaveImageStartVM): Likewise.
	* src/qemu/qemu_hostdev.c
	(qemuDomainHostdevNetConfigVirtPortProfile): Likewise.
	* src/qemu/qemu_monitor_json.c
	(qemuMonitorJSONAttachCharDevCommand): Likewise.

	maint: avoid 'const fooPtr' in security
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).
	Fix up offenders in src/security.
	* src/security/security_apparmor.c (reload_profile)
	(AppArmorSetSecurityHostdevLabelHelper)
	(AppArmorReleaseSecurityLabel, AppArmorRestoreSecurityAllLabel)
	(AppArmorSetSecurityProcessLabel)
	(AppArmorSetSecurityChildProcessLabel)
	(AppArmorSetSecurityImageLabel, AppArmorSecurityVerify)
	(AppArmorSetSecurityHostdevLabel)
	(AppArmorRestoreSecurityHostdevLabel, AppArmorSetFDLabel): Drop
	needless const.
	* src/security/security_selinux.c
	(virSecuritySELinuxSetSecurityFileLabel): Likewise.

	maint: avoid 'const fooPtr' in conf
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).
	Fix up remaining offenders in src/conf, and their fallout.
	* src/conf/snapshot_conf.h (virDomainSnapshotAssignDef)
	(virDomainSnapshotFindByName): Drop attempt at const.
	* src/conf/interface_conf.h (virInterfaceObjIsActive)
	(virInterfaceDefFormat): Use intended type.
	(virInterfaceFindByMACString, virInterfaceFindByName)
	(virInterfaceAssignDef, virInterfaceRemove): Drop attempt at
	const.
	* src/conf/network_conf.h (virNetworkObjIsActive)
	(virNetworkDefFormat, virNetworkDefForwardIf)
	(virNetworkDefGetIpByIndex, virNetworkIpDefPrefix)
	(virNetworkIpDefNetmask): Use intended type.
	(virNetworkFindByUUID, virNetworkFindByName, virNetworkAssignDef)
	(virNetworkObjAssignDef, virNetworkRemoveInactive)
	(virNetworkBridgeInUse, virNetworkSetBridgeName)
	(virNetworkAllocateBridge): Drop attempt at const.
	* src/conf/netdev_vlan_conf.h (virNetDevVlanFormat): Make
	const-correct.
	* src/conf/node_device_conf.h (virNodeDeviceHasCap)
	(virNodeDeviceDefFormat): Use intended type.
	(virNodeDeviceFindByName, virNodeDeviceFindBySysfsPath)
	(virNodeDeviceAssignDef, virNodeDeviceObjRemove)
	(virNodeDeviceGetParentHost): Drop attempt at const.
	* src/conf/secret_conf.h (virSecretDefFormat): Use intended type.
	* src/conf/snapshot_conf.c (virDomainSnapshotAssignDef)
	(virDomainSnapshotFindByName): Fix fallout.
	* src/conf/interface_conf.c (virInterfaceBridgeDefFormat)
	(virInterfaceBondDefFormat, virInterfaceVlanDefFormat)
	(virInterfaceProtocolDefFormat, virInterfaceDefDevFormat)
	(virInterfaceDefFormat, virInterfaceFindByMACString)
	(virInterfaceFindByName, virInterfaceAssignDef)
	(virInterfaceRemove): Likewise.
	* src/conf/network_conf.c
	(VIR_ENUM_IMPL, virNetworkFindByName, virNetworkObjAssignDef)
	(virNetworkAssignDef, virNetworkRemoveInactive)
	(virNetworkDefGetIpByIndex, virNetworkIpDefPrefix)
	(virNetworkIpDefNetmask, virNetworkDHCPHostDefParseXML)
	(virNetworkIpDefFormat, virNetworkRouteDefFormat)
	(virPortGroupDefFormat, virNetworkForwardNatDefFormat)
	(virNetworkDefFormatInternal, virNetworkBridgeInUse)
	(virNetworkAllocateBridge, virNetworkSetBridgeName)
	(virNetworkDNSDefFormat, virNetworkDefFormat): Likewise.
	* src/conf/netdev_vlan_conf.c (virNetDevVlanFormat): Likewise.
	* src/conf/node_device_conf.c (virNodeDeviceHasCap)
	(virNodeDeviceFindBySysfsPath, virNodeDeviceFindByName)
	(virNodeDeviceAssignDef, virNodeDeviceObjRemove)
	(virNodeDeviceDefFormat, virNodeDeviceGetParentHost): Likewise.
	* src/conf/secret_conf.c (virSecretDefFormatUsage)
	(virSecretDefFormat): Likewise.

	maint: avoid 'const fooPtr' in domain_conf
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).
	Fix up offenders in src/conf/domain_conf, and their fallout.
	Several things to note: virObjectLock() requires a non-const
	argument; if this were C++, we could treat the locking field
	as 'mutable' and allow locking an otherwise 'const' object, but
	that is a more invasive change, so I instead dropped attempts
	to be const-correct on domain lookup.  virXMLPropString and
	friends require a non-const xmlNodePtr - this is because libxml2
	is not a const-correct library.  We could make the src/util/virxml
	wrappers cast away const, but I figured it was easier to not
	try to mark xmlNodePtr as const.  Finally, virDomainDeviceDefCopy
	was a rather hard conversion - it calls virDomainDeviceDefPostParse,
	which in turn in the xen driver was actually modifying the domain
	outside of the current device being visited.  We should not be
	adding a device on the first per-device callback, but waiting until
	after all per-device callbacks are complete.
	* src/conf/domain_conf.h (virDomainObjListFindByID)
	(virDomainObjListFindByUUID, virDomainObjListFindByName)
	(virDomainObjAssignDef, virDomainObjListAdd): Drop attempt at
	const.
	(virDomainDeviceDefCopy): Use intended type.
	(virDomainDeviceDefParse, virDomainDeviceDefPostParseCallback)
	(virDomainVideoDefaultType, virDomainVideoDefaultRAM)
	(virDomainChrGetDomainPtrs): Make const-correct.
	* src/conf/domain_conf.c (virDomainObjListFindByID)
	(virDomainObjListFindByUUID, virDomainObjListFindByName)
	(virDomainDeviceDefCopy, virDomainObjListAdd)
	(virDomainObjAssignDef, virDomainHostdevSubsysUsbDefParseXML)
	(virDomainHostdevSubsysPciOrigStatesDefParseXML)
	(virDomainHostdevSubsysPciDefParseXML)
	(virDomainHostdevSubsysScsiDefParseXML)
	(virDomainControllerModelTypeFromString)
	(virDomainTPMDefParseXML, virDomainTimerDefParseXML)
	(virDomainSoundCodecDefParseXML, virDomainSoundDefParseXML)
	(virDomainWatchdogDefParseXML, virDomainRNGDefParseXML)
	(virDomainMemballoonDefParseXML, virDomainNVRAMDefParseXML)
	(virSysinfoParseXML, virDomainVideoAccelDefParseXML)
	(virDomainVideoDefParseXML, virDomainHostdevDefParseXML)
	(virDomainRedirdevDefParseXML)
	(virDomainRedirFilterUsbDevDefParseXML)
	(virDomainRedirFilterDefParseXML, virDomainIdMapEntrySort)
	(virDomainIdmapDefParseXML, virDomainVcpuPinDefParseXML)
	(virDiskNameToBusDeviceIndex, virDomainDeviceDefCopy)
	(virDomainVideoDefaultType, virDomainHostdevAssignAddress)
	(virDomainDeviceDefPostParseInternal, virDomainDeviceDefPostParse)
	(virDomainChrGetDomainPtrs, virDomainControllerSCSINextUnit)
	(virDomainSCSIDriveAddressIsUsed)
	(virDomainDriveAddressIsUsedByDisk)
	(virDomainDriveAddressIsUsedByHostdev): Fix fallout.
	* src/openvz/openvz_driver.c (openvzDomainDeviceDefPostParse):
	Likewise.
	* src/libxl/libxl_domain.c (libxlDomainDeviceDefPostParse):
	Likewise.
	* src/qemu/qemu_domain.c (qemuDomainDeviceDefPostParse)
	(qemuDomainDefaultNetModel): Likewise.
	* src/lxc/lxc_domain.c (virLXCDomainDeviceDefPostParse):
	Likewise.
	* src/uml/uml_driver.c (umlDomainDeviceDefPostParse): Likewise.
	* src/xen/xen_driver.c (xenDomainDeviceDefPostParse): Split...
	(xenDomainDefPostParse): ...since per-device callback is not the
	time to be adding a device.

	maint: fix awkward typing of virDomainChrGetDomainPtrs
	virDomainChrGetDomainPtrs() required 4 levels of pointers (taking
	a parameter that will be used as an output variable to return the
	address of another variable that contains an array of pointers).
	This is rather complex to reason about, especially when outside
	of the domain_conf file, no other caller should be modifying
	the resulting array of pointers directly.  Changing the public
	signature gives something is easier to reason with, and actually
	make const-correct; which is important as it was the only function
	that was blocking virDomainDeviceDefCopy from treating its source
	as const.
	* src/conf/domain_conf.h (virDomainChrGetDomainPtrs): Use simpler
	types, and make const-correct for external users.
	* src/conf/domain_conf.c (virDomainChrGetDomainPtrs): Split...
	(virDomainChrGetDomainPtrsInternal): ...into an internal version
	that lets us modify terms, vs. external form that is read-only.
	(virDomainDeviceDefPostParseInternal, virDomainChrFind)
	(virDomainChrInsert): Adjust callers.
	* src/qemu/qemu_command.c (qemuGetNextChrDevIndex): Adjust caller.
	(qemuDomainDeviceAliasIndex): Make const-correct.

	maint: avoid 'const fooPtr' in python bindings
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).
	Fix up offenders in the python bindings.
	* python/generator.py (py_types): Drop useless conversions.
	* python/libvirt-override.c (getPyVirTypedParameter)
	(setPyVirTypedParameter): Use intended type.

	maint: avoid 'const fooPtr' in tests
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).
	Fix up offenders in the testsuite.
	* tests/cputest.c (cpuTestCompareXML): Use intended type.
	* tests/qemucapabilitiestest.c (testQemuCaps): Likewise.
	* tests/qemumonitorjsontest.c: Drop const.

	maint: avoid 'const fooPtr' in nwfilter files
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).
	Fix up offenders in nwfilter code.
	This patch does nothing about the stupidity evident in having
	__virNWFilterInstantiateFilter, _virNWFilterInstantiateFilter,
	and virNWFilterInstantiateFilter, which differ only by leading
	underscores, and which infringes on the namespace reserved to
	the implementation - that would need to be a separate cleanup.
	* src/nwfilter/nwfilter_dhcpsnoop.h (virNWFilterDHCPSnoopReq): Use
	intended type.
	* src/nwfilter/nwfilter_gentech_driver.h
	(virNWFilterInstantiateFilter)
	(virNWFilterUpdateInstantiateFilter)
	(virNWFilterInstantiataeFilterLate, virNWFilterTeardownFilter)
	(virNWFilterCreateVarHashmap): Likewise.
	* src/nwfilter/nwfilter_learnipaddr.h (virNWFilterLearnIPAddress):
	Likewise.
	* src/conf/nwfilter_conf.h (virNWFilterApplyBasicRules)
	(virNWFilterApplyDHCPOnlyRules): Likewise.
	(virNWFilterDefFormat): Make const-correct.
	* src/conf/nwfilter_params.h (virNWFilterVarValueCopy)
	(virNWFilterVarValueGetSimple, virNWFilterVarValueGetCardinality)
	(virNWFilterVarValueEqual, virNWFilterVarAccessEqual)
	(virNWFilterVarAccessGetVarName, virNWFilterVarAccessGetType)
	(virNWFilterVarAccessGetIterId, virNWFilterVarAccessGetIndex)
	(virNWFilterVarAccessIsAvailable)
	(virNWFilterVarCombIterGetVarValue): Use intended type.
	(virNWFilterVarValueGetNthValue): Make const-correct.
	* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel)
	(virNWFilterSnoopIFKeyFMT, virNWFilterDHCPSnoopReq)
	(virNWFilterSnoopPruneIter, virNWFilterSnoopRemAllReqIter)
	(virNWFilterDHCPSnoopReq): Fix fallout.
	* src/nwfilter/nwfilter_gentech_driver.c
	(virNWFilterVarHashmapAddStdValues, virNWFilterCreateVarHashmap)
	(virNWFilterInstantiate, __virNWFilterInstantiateFilter)
	(_virNWFilterInstantiateFilter, virNWFilterInstantiateFilterLate)
	(virNWFilterInstantiateFilter)
	(virNWFilterUpdateInstantiateFilter)
	(virNWFilterRollbackUpdateFilter, virNWFilterTeardownFilter):
	Likewise.
	* src/nwfilter/nwfilter_learnipaddr.c (virNWFilterLearnIPAddress):
	Likewise.
	* src/conf/nwfilter_params.c (virNWFilterVarValueCopy)
	(virNWFilterVarValueGetSimple)
	(virNWFilterVarValueGetCardinality, virNWFilterVarValueEqual)
	(virNWFilterVarCombIterAddVariable)
	(virNWFilterVarCombIterGetVarValue, virNWFilterVarValueCompare)
	(virNWFilterFormatParamAttributes, virNWFilterVarAccessEqual)
	(virNWFilterVarAccessGetVarName, virNWFilterVarAccessGetType)
	(virNWFilterVarAccessGetIterId, virNWFilterVarAccessGetIndex)
	(virNWFilterVarAccessGetIntIterId)
	(virNWFilterVarAccessIsAvailable)
	(virNWFilterVarValueGetNthValue): Likewise.
	* src/nwfilter/nwfilter_ebiptables_driver.c (ebtablesApplyBasicRules)
	(ebtablesApplyDHCPOnlyRules, ebiptablesRuleOrderSort)
	(ebiptablesRuleOrderSortPtr): Likewise.
	* src/conf/nwfilter_conf.c (virNWFilterDefEqual)
	(virNWFilterDefFormat): Likewise.

	maint: avoid 'const fooPtr' in cpu files
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).
	Fix up offenders in src/cpu.
	* src/cpu/cpu.h (cpuArchDecode, cpuArchEncode, cpuArchUpdate)
	(cpuArchHasFeature, cpuDecode, cpuEncode, cpuUpdate)
	(cpuHasFeature): Use intended type.
	* src/conf/cpu_conf.h (virCPUDefCopyModel, virCPUDefCopy):
	Likewise.
	(virCPUDefParseXML): Drop const.
	* src/cpu/cpu.c (cpuDecode, cpuEncode, cpuUpdate, cpuHasFeature):
	Fix fallout.
	* src/cpu/cpu_x86.c (x86ModelFromCPU, x86ModelSubtractCPU)
	(x86DecodeCPUData, x86EncodePolicy, x86Encode, x86UpdateCustom)
	(x86UpdateHostModel, x86Update, x86HasFeature): Likewise.
	* src/cpu/cpu_s390.c (s390Decode): Likewise.
	* src/cpu/cpu_arm.c (ArmDecode): Likewise.
	* src/cpu/cpu_powerpc.c (ppcModelFromCPU, ppcCompute, ppcDecode)
	(ppcUpdate): Likewise.
	* src/conf/cpu_conf.c (virCPUDefCopyModel, virCPUDefCopy)
	(virCPUDefParseXML): Likewise.

	maint: avoid 'const fooPtr' in virnet files
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).
	Fix up remaining offenders in src/util.
	* src/util/virnetdev.h (virNetDevSetMAC)
	(virNetDevReplaceMacAddress, virNetDevValidateConfig)
	(virNetDevReplaceNetConfig): Use intended type.
	* src/util/virnetdevbandwidth.h (virNetDevBandwidthCopy)
	(virNetDevBandwidthPlug): Likewise.
	* src/util/virnetdevmacvlan.h (virNetDevMacVLanCreate)
	(virNetDevMacVLanCreateWithVPortProfile)
	(virNetDevMacVLanDeleteWithVPortProfile)
	(virNetDevMacVLanRestartWithVPortProfile)
	(virNetDevMacVLanVPortProfileRegisterCallback): Likewise.
	* src/util/virnetdevopenvswitch.h (virNetDevOpenvswitchAddPort):
	Likewise.
	* src/util/virnetdevtap.h (virNetDevTapCreateInBridgePort):
	Likewise.
	* src/util/virnetdevvlan.h (virNetDevVlanEqual)
	(virNetDevVlanCopy): Likewise.
	* src/util/virnetdevvportprofile.h
	(virNetDevVPortProfileAssociate)
	(virNetDevVPortProfileDisassociate): Likewise.
	* src/util/virnetlink.h (virNetlinkEventRemoveCallback)
	(virNetlinkEventAddClient, virNetlinkEventRemoveClient):
	Likewise.
	* src/util/virnetdev.c (virNetDevSetMAC)
	(virNetDevReplaceMacAddress, virNetDevValidateConfig)
	(virNetDevReplaceNetConfig): Fix fallout.
	* src/util/virnetdevbandwidth.c (virNetDevBandwidthCopy)
	(virNetDevBandwidthPlug): Likewise.
	* src/util/virnetdevmacvlan.c (virNetDevMacVLanCreate)
	(virNetDevMacVLanCreateWithVPortProfile)
	(virNetDevMacVLanDeleteWithVPortProfile)
	(virNetDevMacVLanRestartWithVPortProfile)
	(virNetDevMacVLanVPortProfileRegisterCallback): Likewise.
	* src/util/virnetdevopenvswitch.c (virNetDevOpenvswitchAddPort):
	Likewise.
	* src/util/virnetdevtap.c (virNetDevTapCreateInBridgePort):
	Likewise.
	* src/util/virnetdevvlan.c (virNetDevVlanEqual)
	(virNetDevVlanCopy): Likewise.
	* src/util/virnetdevvportprofile.c
	(virNetDevVPortProfileAssociate)
	(virNetDevVPortProfileDisassociate)
	(virNetDevVPortProfileOpSetLink, virNetDevVPortProfileOpCommon)
	(virNetDevVPortProfileOp8021Qbg, virNetDevVPortProfileOp8021Qbh):
	Likewise.
	* src/util/virnetlink.c (virNetlinkEventRemoveCallback)
	(virNetlinkEventAddClient, virNetlinkEventRemoveClient):
	Likewise.

	maint: avoid 'const fooPtr' in several util files
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).
	Fix up offenders in src/util outside of the virnet namespace.
	Also, make a few virSocketAddr functions const-correct, for easier
	conversions in future patches.
	* src/util/virbuffer.h (virBufferError, virBufferUse)
	(virBufferGetIndent): Use intended type.
	* src/util/virmacaddr.h (virMacAddrCmp, virMacAddrCmpRaw)
	(virMacAddrSet, virMcAddrFormat, virMacAddrIsUnicast)
	(virMacAddrIsMulticast): Likewise.
	* src/util/virebtables.h (ebtablesAddForwardAllowIn)
	(ebtablesRemoveForwardAllowIn): Likewise.
	* src/util/virsocketaddr.h (virSocketAddrSetIPv4Addr): Drop
	incorrect const.
	(virMacAddrGetRaw, virSocketAddrFormat, virSocketAddrFormatFull):
	Make const-correct.
	(virSocketAddrMask, virSocketAddrMaskByPrefix)
	(virSocketAddrBroadcast, virSocketAddrBroadcastByPrefix)
	(virSocketAddrGetNumNetmaskBits, virSocketAddrGetIpPrefix)
	(virSocketAddrEqual, virSocketAddrIsPrivate)
	(virSocketAddrIsWildcard): Use intended type.
	* src/util/virbuffer.c (virBufferError, virBufferUse)
	(virBufferGetIndent): Fix fallout.
	* src/util/virmacaddr.c (virMacAddrCmp, virMacAddrCmpRaw)
	(virMacAddrSet, virMcAddrFormat, virMacAddrIsUnicast)
	(virMacAddrIsMulticast): Likewise.
	* src/util/virebtables.c (ebtablesAddForwardAllowIn)
	(ebtablesRemoveForwardAllowIn): Likewise.
	* src/util/virsocketaddr.c (virSocketAddrMask, virMacAddrGetRaw)
	(virSocketAddrMaskByPrefix, virSocketAddrBroadcast)
	(virSocketAddrBroadcastByPrefix, virSocketAddrGetNumNetmaskBits)
	(virSocketAddrGetIpPrefix, virSocketAddrEqual)
	(virSocketAddrIsPrivate, virSocketAddrIsWildcard)
	(virSocketAddrGetIPv4Addr, virSocketAddrGetIPv6Addr)
	(virSocketAddrFormat, virSocketAddrFormatFull): Likewise.

	maint: avoid 'const fooPtr' in hashes
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).
	Fix up virhash to provide a const-correct interface: all actions
	that don't modify the table take a const table.  Note that in
	one case (virHashSearch), we actually strip const away - we aren't
	modifying the contents of the table, so much as associated data
	for ensuring that the code uses the table correctly (if this were
	C++, it would be a case for the 'mutable' keyword).
	* src/util/virhash.h (virHashKeyComparator, virHashEqual): Use
	intended type.
	(virHashSize, virHashTableSize, virHashLookup, virHashSearch):
	Make const-correct.
	* src/util/virhash.c (virHashEqualData, virHashEqual)
	(virHashLookup, virHashSize, virHashTableSize, virHashSearch)
	(virHashComputeKey): Fix fallout.
	* src/conf/nwfilter_params.c
	(virNWFilterFormatParameterNameSorter): Likewise.
	* src/nwfilter/nwfilter_ebiptables_driver.c
	(ebiptablesFilterOrderSort): Likewise.
	* tests/virhashtest.c (testHashGetItemsCompKey)
	(testHashGetItemsCompValue): Likewise.

	maint: avoid 'const fooPtr' in public API
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).
	Fix up offenders in the public API.  Note that this is an API change;
	but see commit 6ac6f59, where we first argued that this change is
	harmless (but with that commit not actually making the change that it
	claimed to be making):
	    Although this is an API change (not ABI though), real callers won't be
	    impacted. Why?
	     1. these callback members are read-only, so it is less likely that
	    someone is trying to assign into the struct members.
	     2. The only way to register a virConnectDomainEventGraphicsCallback is
	    to cast it through a call to virConnectDomainEventRegisterAny.  That is,
	    even if the user's callback function leaves out the const, we never use
	    the typedef as the direct type of any API parameter.  Since they are
	    already casting their function pointer into a munged type before
	    registering it, their code will continue to compile.
	* include/libvirt/libvirt.h.in
	(virConnectDomainEventGraphicsCallback): Use intended type.

2013-10-14  Daniel P. Berrange  <berrange@redhat.com>

	Improve log filtering in virLXCProcessReadLogOutputData
	Make the virLXCProcessReadLogOutputData method ignore the log
	lines about the container startup argv, ignore the generic
	error message from libvirt_lxc when lxcContainerMain fails
	and skip over blank lines.

	Ensure lxcContainerResolveSymlinks reports errors
	The lxcContainerResolveSymlinks method merely logged some errors
	as debug messages, rather than reporting them as proper errors.
	This meant startup failures were not diagnosed at all.

	Ensure lxcContainerMain reports errors on stderr
	Ensure the lxcContainerMain method reports any errors that
	occur during setup to stderr, where libvirtd will pick them
	up.

2013-10-14  Doug Goldstein  <cardoe@cardoe.com>

	VMX: Serial devices don't have to be attached
	Serial devices don't necessarily have to be attached to an output to be
	shown to the guest.

	Revert "VMX: Some serial ports are not actually connected"
	This reverts commit dba04e7fa070a79415ea16141ad2e2ebd4f23033.
	This change was unfortunately not correct. We should have been
	changing the boolean argument supplied.

2013-10-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Add support for compressing external snapshot memory
	The regular save image code has the support to compress images using a
	specified algorithm. This was not implemented for external checkpoints
	although it shares most of the backend code.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1017227

	qemu: managedsave: Add support for compressing managed save images
	The regular save image code has the support to compress images using a
	specified algorithm. This was not implemented for managed save although
	it shares most of the backend code.

2013-10-14  Daniel P. Berrange  <berrange@redhat.com>

	Initialize threading & error layer in LXC controller
	In Fedora 20, libvirt_lxc crashes immediately at startup with a
	trace
	 #0  0x00007f0cddb653ec in free () from /lib64/libc.so.6
	 #1  0x00007f0ce0e16f4a in virFree (ptrptr=ptrptr@entry=0x7f0ce1830058) at util/viralloc.c:580
	 #2  0x00007f0ce0e2764b in virResetError (err=0x7f0ce1830030) at util/virerror.c:354
	 #3  0x00007f0ce0e27a5a in virResetLastError () at util/virerror.c:387
	 #4  0x00007f0ce0e28858 in virEventRegisterDefaultImpl () at util/virevent.c:233
	 #5  0x00007f0ce0db47c6 in main (argc=11, argv=0x7fff4596c328) at lxc/lxc_controller.c:2352
	Normally virInitialize calls virErrorInitialize and
	virThreadInitialize, but we don't link to libvirt.so
	in libvirt_lxc, and nor did we ever call the error
	or thread initializers.
	I have absolutely no idea how this has ever worked, let alone
	what caused it to stop working in Fedora 20.
	In addition not all code paths from virLogSetFromEnv will
	ensure virLogInitialize is called correctly, which is another
	possible crash scenario.

	Don't ignore all dbus connection errors
	Previous commit
	  commit 7ada155cdf2bbfac16ce08f64abb455a940e2cf7
	  Author: Gao feng <gaofeng@cn.fujitsu.com>
	  Date:   Wed Sep 11 11:15:02 2013 +0800
	    DBus: introduce virDBusIsServiceEnabled
	Made the cgroups code fallback to non-systemd based setup
	when dbus is not running. It was too big a hammer though,
	as it did not check what error code was received when the
	dbus connection failed. Thus it silently ignored serious
	errors from dbus such as "too many client connections",
	which should always be treated as fatal.
	We only want to ignore errors if the dbus unix socket does
	not exist, or if nothing is listening on it.

	Improve error reporting with LXC controller
	The LXC code would read the log file if an LXC guest failed to
	startup. There were a number of failure cases where the guest
	will not start and libvirtd never gets as far as looking at the
	log file.
	Fix this by replacing some earlier generic errors with messages
	from the log.

	Fix exit status of lxc controller
	The LXC controller main() method initialized 'rc' to 1
	rather than '-1'. In the cleanup path it will print any
	error to stderr, if-and-only-if rc < 0. Hence the incorrect
	initialization caused errors to be lost.

	Fix flaw in detecting log format
	The log message regex has been
	[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}\+[0-9]{4}: [0-9]+: debug|info|warning|error :
	The precedence of '|' is high though, so this is equivalent to matching
	   [0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}\+[0-9]{4}: [0-9]+: debug
	Or
	   info
	Or
	   warning
	Or
	   error :
	Which is clearly not what it should have done. This caused the code to
	skip over things which are not log messages. The solution is to simply
	add brackets.
	A test case is also added to validate correctness.

	Make LXC controller use a private dbus connection & close it
	The LXC controller uses dbus to talk to systemd to create
	cgroups. This means that each LXC controller instance has
	a dbus connection. The DBus daemon is limited to 256
	connections by default and we want to be able to run many
	1000 of containers.
	While the dbus limit could be raised in the config files,
	it is simpler to make libvirt LXC controller close its
	dbus connection once everything is configured.

	Add a method for closing the dbus system bus connection
	If the dbus system bus connection is marked as private, then
	allow it to be closed.

	Allow use of a private dbus bus connection
	The dbus_bus_get() function returns a shared bus connection that
	all libraries in a process can use. You are forbidden from calling
	close on this connection though, since you can never know if any
	other code might be using it.
	Add an option to use private dbus bus connections, if the app
	wants to be able to close the connection.

2013-10-14  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	lxc: Fix an improper comment in lxc_process.c
	Fix the improper comment for the "release" hook.

2013-10-11  Hongwei Bi  <hwbi2008@gmail.com>

	nwfilter: fix a typo in nwfilter_gentech_driver.c
	s/occcurred/occurred

2013-10-11  Doug Goldstein  <cardoe@cardoe.com>

	rpc: Fix getsockopt on Snow Leopard and lower
	Since 5a468b38b6 we use SOL_LOCAL for the 2nd argument of getsockopt()
	however Lion added the define SOL_LOCAL set to 0, which is the value to
	the 2nd argument of getsockopt() for Unix sockets on Mac OS X. So
	instead of using the define just pass 0 so we restore compatibility
	with Snow Leopard and Leopard.
	Reported at https://github.com/mxcl/homebrew/pull/23141

	VMware: Do version detection earlier
	Do VMware version detection earlier as future patches will need the
	version information to populate capabilities correctly.

	VMware: Simplify array walk for driver type
	Rather than walking the possible driver backends by handle, use a helper
	function. Additionally I've done a bit of refactoring in the code over
	the past few commits so add myself to the copyright line.

2013-10-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Include listenAddress in debug prints
	After my patches, some functions gained one more argument
	(@listenAddress) which wasn't included in debug printing of
	arguments they were called with. Functions in question are:
	qemuMigrationPrepareDirect and qemuMigrationPerform.

	qemu_migration: Avoid crashing if domain dies too quickly
	I've noticed a SIGSEGV-ing libvirtd on the destination when the qemu
	died too quickly = in Prepare phase. What is happening here is:
	1) [Thread 3493] We are in qemuMigrationPrepareAny() and calling
	qemuProcessStart() which subsequently calls qemuProcessWaitForMonitor()
	and qemuConnectMonitor(). So far so good. The qemuMonitorOpen()
	succeeds, however switching monitor to QMP mode fails as qemu died
	meanwhile. That is qemuMonitorSetCapabilities() returns -1.
	2013-10-08 15:54:10.629+0000: 3493: debug : qemuMonitorSetCapabilities:1356 : mon=0x14a53da0
	2013-10-08 15:54:10.630+0000: 3493: debug : qemuMonitorJSONCommandWithFd:262 : Send command '{"execute":"qmp_capabilities","id":"libvirt-1"}' for write with FD -1
	2013-10-08 15:54:10.630+0000: 3493: debug : virEventPollUpdateHandle:147 : EVENT_POLL_UPDATE_HANDLE: watch=17 events=13
	...
	2013-10-08 15:54:10.631+0000: 3493: debug : qemuMonitorSend:956 : QEMU_MONITOR_SEND_MSG: mon=0x14a53da0 msg={"execute":"qmp_capabilities","id":"libvirt-1"}
	 fd=-1
	2013-10-08 15:54:10.631+0000: 3262: debug : virEventPollRunOnce:641 : Poll got 1 event(s)
	2) [Thread 3262] The event loop is trying to do the talking to monitor.
	However, qemu is dead already, remember?
	2013-10-08 15:54:13.436+0000: 3262: error : qemuMonitorIORead:551 : Unable to read from monitor: Connection reset by peer
	2013-10-08 15:54:13.516+0000: 3262: debug : virFileClose:90 : Closed fd 25
	...
	2013-10-08 15:54:13.533+0000: 3493: debug : qemuMonitorSend:968 : Send command resulted in error internal error: early end of file from monitor: possible problem:
	3) [Thread 3493] qemuProcessStart() failed. No big deal. Go to the
	'endjob' label and subsequently to the 'cleanup'. Since the domain is
	not persistent and ret is -1, the qemuDomainRemoveInactive() is called.
	This has an (unpleasant) effect of virObjectUnref()-in the @vm object.
	Unpleasant because the event loop which is about to trigger EOF callback
	still holds a pointer to the @vm (not the reference). See the valgrind
	output below.
	4) [Thread 3262] So the event loop starts triggering EOF:
	2013-10-08 15:54:13.542+0000: 3262: debug : qemuMonitorIO:729 : Triggering EOF callback
	2013-10-08 15:54:13.543+0000: 3262: debug : qemuProcessHandleMonitorEOF:294 : Received EOF on 0x14549110 'migt10'
	And the monitor is cleaned up. This results in calling
	qemuProcessHandleMonitorEOF with the @vm pointer passed. The pointer is
	kept in qemuMonitor struct.
	==3262== Thread 1:
	==3262== Invalid read of size 4
	==3262==    at 0x77ECCAA: pthread_mutex_lock (in /lib64/libpthread-2.15.so)
	==3262==    by 0x52FAA06: virMutexLock (virthreadpthread.c:85)
	==3262==    by 0x52E3891: virObjectLock (virobject.c:320)
	==3262==    by 0x11626743: qemuProcessHandleMonitorEOF (qemu_process.c:296)
	==3262==    by 0x11642593: qemuMonitorIO (qemu_monitor.c:730)
	==3262==    by 0x52BD526: virEventPollDispatchHandles (vireventpoll.c:501)
	==3262==    by 0x52BDD49: virEventPollRunOnce (vireventpoll.c:648)
	==3262==    by 0x52BBC68: virEventRunDefaultImpl (virevent.c:274)
	==3262==    by 0x542D3D9: virNetServerRun (virnetserver.c:1112)
	==3262==    by 0x11F368: main (libvirtd.c:1513)
	==3262==  Address 0x14549128 is 24 bytes inside a block of size 136 free'd
	==3262==    at 0x4C2AF5C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==3262==    by 0x529B1FF: virFree (viralloc.c:580)
	==3262==    by 0x52E3703: virObjectUnref (virobject.c:270)
	==3262==    by 0x531557E: virDomainObjListRemove (domain_conf.c:2355)
	==3262==    by 0x1160E899: qemuDomainRemoveInactive (qemu_domain.c:2061)
	==3262==    by 0x1163A0C6: qemuMigrationPrepareAny (qemu_migration.c:2450)
	==3262==    by 0x1163A923: qemuMigrationPrepareDirect (qemu_migration.c:2626)
	==3262==    by 0x11682D71: qemuDomainMigratePrepare3Params (qemu_driver.c:10309)
	==3262==    by 0x53B0976: virDomainMigratePrepare3Params (libvirt.c:7266)
	==3262==    by 0x1502D3: remoteDispatchDomainMigratePrepare3Params (remote.c:4797)
	==3262==    by 0x12DECA: remoteDispatchDomainMigratePrepare3ParamsHelper (remote_dispatch.h:5741)
	==3262==    by 0x54322EB: virNetServerProgramDispatchCall (virnetserverprogram.c:435)
	The mon->vm is set in qemuMonitorOpenInternal() which is the correct
	place to increase @vm ref counter. The correct place to decrease the ref
	counter is then qemuMonitorDispose().

2013-10-11  Bing Bu Cao  <mars@linux.vnet.ibm.com>

	util: fix two virCompareLimitUlong bugs
	The helper function virCompareLimitUlong compares limit values,
	where value of 0 is equal to unlimited. If the latter parameter is 0,
	it should return -1 instead of 1, hence the user can only set hard_limit when
	swap_hard_limit currently is unlimited.
	Worse, all callers pass 2 64-bit values, but on 32-bit platforms,
	the second argument was silently truncated to 32 bits, which
	could lead to incorrect computations.

2013-10-11  Daniel P. Berrange  <berrange@redhat.com>

	Move virNetDevVPort enum impl into virnetdevvportprofile.c
	The enum for virNetDevVPort is declared in the header file
	virnetdevvportprofile.h, but for some reason the impl is
	in netdev_vport_profile_conf.c.
	This causes a dep from src/util onto src/conf which is not
	allowed. Move the enum impl into virnetdevvportprofile.c
	to break the circle.

2013-10-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu_conf: Introduce "migration_address"
	This configuration knob is there to override default listen address for
	-incoming for all qemu domains.

	qemu: Implement support for VIR_MIGRATE_PARAM_LISTEN_ADDRESS

	virsocket: Introduce virSocketAddrIsWildcard
	This function takes exactly one argument: an address to check.
	It returns true, if the address is an IPv4 or IPv6 address in numeric
	format, false otherwise (e.g. for "examplehost").

	Migration: Introduce VIR_MIGRATE_PARAM_LISTEN_ADDRESS
	The parameter allows overriding default listen address for '-incoming'
	cmd line argument on destination.

	qemu: Introduce qemuDomainDefCheckABIStability
	https://bugzilla.redhat.com/show_bug.cgi?id=994364
	Whenever we check for ABI stability, we have new xml (e.g. provided by
	user, or obtained from snapshot, whatever) which we compare to old xml
	and see if ABI won't break. However, if the new xml was produced via
	virDomainGetXMLDesc(..., VIR_DOMAIN_XML_MIGRATABLE) it lacks some
	devices, e.g. 'pci-root' controller. Hence, the ABI stability check
	fails even though it is stable. Moreover, we can't simply fix
	virDomainDefCheckABIStability because removing the correct devices is
	task for the driver. For instance, qemu driver wants to remove the usb
	controller too, while LXC driver doesn't. That's why we need special
	qemu wrapper over virDomainDefCheckABIStability which removes the
	correct devices from domain XML, produces MIGRATABLE xml and calls the
	check ABI stability function.

	qemumonitorjsontest: Test qemuMonitorJSONSendKey

	qemumonitorjsontest: Test qemuMonitorJSONGetVirtType

	qemumonitorjsontest: Test qemuMonitorJSONGetCPUInfo

	qemumonitorjsontest: Extend the test for yet another monitor commands
	So far, we're unit testing some basic functions and some (so called)
	simple functions (e.g. "qmp_capabilities", "system_powerdown"). However,
	there are more functions which expect simple "{'return': {}}" reply, but
	takes more args to construct the command (for instance "set_link"). This
	patch aims on such functions.

2013-10-10  John Ferlan  <jferlan@redhat.com>

	storage_backend: Fix issue with allocation of 0 length volume
	Commit id '532fef36' added a call to fallocate() and some error
	handling based on whether or not the function existed. This new
	call resulted in libvirt-cim/cimtest failures when attempting to
	create a volume with "0" (zero) allocation value. The failure is
	logged as:
	Oct  9 07:51:33 localhost libvirtd[8030]: cannot allocate 0 bytes in
	file '/var/lib/libvirt/images/cimtest-vol.img': Invalid argument
	This can also be seen with virsh vol-create-as:
	error: Failed to create vol test
	error: cannot allocate 0 bytes in file '/home/vm-images/test': Invalid
	argument
	error: Failed to create vol test
	error: cannot allocate 0 bytes in file '/home/vm-images/test': Invalid
	argument
	It turns out fallocate() will return EINVAL when the incoming 'len'
	(or allocation) value is 0 (or less).

2013-10-10  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Init @pcidevs in qemuPrepareHostdevPCIDevices
	At the beginning of the function qemuPrepareHostdevPCICheckSupport() is
	called. After that @pcidevs is initialized. However, if the very first
	command fails, we go to 'cleanup' label where virObjectUnref(pcidevs) is
	called. Obviously, it is called before @pcidevs was able to get
	initialized. Compiler warns about it:
	  CC       qemu/libvirt_driver_qemu_impl_la-qemu_hostdev.lo
	qemu/qemu_hostdev.c: In function 'qemuPrepareHostdevPCIDevices':
	qemu/qemu_hostdev.c:824:19: error: 'pcidevs' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	     virObjectUnref(pcidevs);
	                   ^
	cc1: all warnings being treated as errors

2013-10-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: Prefer VFIO for PCI device passthrough
	Prefer using VFIO (if available) to the legacy KVM device passthrough.
	With this patch a PCI passthrough device without the driver configured
	will be started with VFIO if it's available on the host. If not legacy
	KVM passthrough is checked and error is reported if it's not available.

	qemu: hostdev: Add checks if PCI passthrough is available in the host
	Add code to check availability of PCI passhthrough using VFIO and the
	legacy KVM passthrough and use it when starting VMs and hotplugging
	devices to live machine.

	qemu: hostdev: Fix function spacing and header formatting

	qemu: refactor qemuCompressProgramAvailable()

	qemu: Fix coding style in qemuDomainSaveFlags()
	Avoid mixed brace style in an if statement and fix formatting of error
	messages.

2013-10-09  Ján Tomko  <jtomko@redhat.com>

	LXC: Fix handling of RAM filesystem size units
	Since 76b644c when the support for RAM filesystems was introduced,
	libvirt accepted the following XML:
	<source usage='1024' unit='KiB'/>
	This was parsed correctly and internally stored in bytes, but it
	was formatted as (with an extra 's'):
	<source usage='1024' units='KiB'/>
	When read again, this was treated as if the units were missing,
	meaning libvirt was unable to parse its own XML correctly.
	The usage attribute was documented as being in KiB, but it was not
	scaled if the unit was missing. Transient domains still worked,
	because this was balanced by an extra 'k' in the mount options.
	This patch:
	Changes the parser to use 'units' instead of 'unit', as the latter
	was never documented (fixing persistent domains) and some programs
	(libvirt-glib, libvirt-sandbox) already parse the 'units' attribute.
	Removes the extra 'k' from the tmpfs mount options, which is needed
	because now we parse our own XML correctly.
	Changes the default input unit to KiB to match documentation, fixing:
	https://bugzilla.redhat.com/show_bug.cgi?id=1015689

2013-10-09  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	cgroup: fix a comment typo in vircgroup.c
	s/shoule/should

2013-10-09  Ján Tomko  <jtomko@redhat.com>

	storage: Use bool instead of int
	Commit 532fef3 added two-state 'need_alloc' and exposed
	'want_sparse' which also only has two states.
	Change their type from int to bool.

2013-10-09  Cole Robinson  <crobinso@redhat.com>

	tests: Add qemu test for multiple timers
	The following XML is the recommended default clock configuration for
	qemu:
	  <clock offset='utc'>
	    <timer name='rtc' tickpolicy='catchup'/>
	    <timer name='pit' tickpolicy='delay'/>
	    <timer name='hpet' present='no'/>
	  </clock>
	However we weren't testing any of those timer elements.

2013-10-09  Giuseppe Scrivano  <gscrivan@redhat.com>

	build: fix linker error on FreeBSD
	Commit 2d74822a9eb4856c7f5216bb92bcb76630660f72 renamed
	"freebsdNodeGetCPUCount" to "appleFreebsdNodeGetCPUCount", leaving one
	call to "freebsdNodeGetCPUCount".  Fix this other case.

2013-10-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: hostdev: Refactor PCI passhrough handling
	To simplify future patches dealing with this code, simplify and refactor
	some conditions to switch statements.

2013-10-08  Daniel P. Berrange  <berrange@redhat.com>

	Remove test case average timing
	The test case average timing code has not been used by any test
	case ever. Delete it to remove complexity.

	Remove existing OOM test impl
	The current OOM test impl is too inefficient to be used on the
	large test suites. It loops running 'main' multiple times, once
	for each alloc in the 'main' method. This has complexity
	'n * (n + 1) / 2' in terms of total alloc count. It will be
	replaced by a more efficient impl whicih runs individual test
	cases instead. This will have same complexity but the values
	of 'n' will be much smaller, so a net win.

	Don't clobber 'ret' variable in testCompareXMLToXMLHelper
	The qemuxml2xmltest.c function testCompareXMLToXMLHelper would
	clobber the 'ret' variable causing it to mis-diagnose OOM
	errors.

2013-10-08  Michal Privoznik  <mprivozn@redhat.com>

	virerror: s/VIR_ERR_STORAGE_VOL_EXISTS/VIR_ERR_STORAGE_VOL_EXISTS/
	We currently have other error codes in singular form, e.g.
	VIR_ERR_NETWORK_EXIST. Cleanup the previous patch to match the form.

2013-10-08  Hongwei Bi  <hwbi2008@gmail.com>

	fix a ambiguous output of the command:'virsh vol-create-as'
	I created a storage volume(eg: test) from a storage pool(eg:vg10) using
	the following command:"virsh vol-create-as --pool vg10 --name test --capacity 300M."
	When I re-executed the above command, the output was as the following:
	"error: Failed to create vol test
	 error: Storage volume not found: storage vol 'test' already exists"
	I think the output "Storage volume not found" is not appropriate. Because in fact storage
	vol test has been found at this time. And then I think virErrorNumber should includes
	VIR_ERR_STORAGE_EXIST which can also be used elsewhere. So I make this patch. The result
	is as following:
	"error: Failed to create vol test
	 error: storage volume 'test' exists already"

2013-10-07  Giuseppe Scrivano  <gscrivan@redhat.com>

	tests: avoid compile failure on linux kernels older than 2.6.19

2013-10-07  Eric Blake  <eblake@redhat.com>

	build: add configure --without-readline
	Make it much easier to test a configuration built without readline
	support, by reusing our existing library probe machinery.  It gets
	a bit tricky with readline, which does not provide a pkg-config
	snippet, and which on some platforms requires one of several
	terminal libraries as a prerequiste, but the end result should be
	the same default behavior but now with the option to disable things.
	* m4/virt-readline.m4 (LIBVIRT_CHECK_READLINE): Simplify by using
	LIBVIRT_CHECK_LIB.
	* tools/virsh.c: Convert USE_READLINE to WITH_READLINE.

	build: move readline check into its own macro
	A future patch will allow disabling readline; doing this in an
	isolated file instead of configure.ac will make the task easier.
	* configure.ac: Move readline code...
	* m4/virt-readline.m4: ...here.

	build: kill maintainer mode, always rebuild by default
	The automake manual recommends against the use of disabling
	maintainer mode by default:
	https://www.gnu.org/software/automake/manual/automake.html#maintainer_002dmode
	because when it is disabled, the user gets no indication if they
	touch a file that would normally require a rebuild.  Automake
	1.11 changed things so that AM_MAINTAINER_MODE([enable]) will set
	the mode to enabled by default; but RHEL 5 still uses automake 1.9,
	where AM_MAINTAINER_MODE did not recognize an argument, and
	therefore disables maintainer mode by default.  Having the default
	be different according to which version of automake built the
	project is annoying, and I _have_ been bitten on RHEL 5 rebuilds
	where the default disabled mode led to silently incorrect builds.
	The automake manual admits that being able to disable maintainer
	mode still makes sense for projects that still store generated
	files from the autotools in version control; but we have dropped
	that for several years now.  As such, it's finally time to just
	ditch the whole idea of maintainer mode, and unconditionally
	rebuild autotools files if a dependency changes, without offering
	a configure option to disable that mode.
	* configure.ac (AM_MAINTAINER_MODE): Drop.

2013-10-07  Daniel P. Berrange  <berrange@redhat.com>

	Remove use of virConnectPtr from all remaining nwfilter code
	The virConnectPtr is passed around loads of nwfilter code in
	order to provide it as a parameter to the callback registered
	by the virt drivers. None of the virt drivers use this param
	though, so it serves no purpose.
	Avoiding the need to pass a virConnectPtr means that the
	nwfilterStateReload method no longer needs to open a bogus
	QEMU driver connection. This addresses a race condition that
	can lead to a crash on startup.
	The nwfilter driver starts before the QEMU driver and registers
	some callbacks with DBus to detect firewalld reload. If the
	firewalld reload happens while the QEMU driver is still starting
	up though, the nwfilterStateReload method will open a connection
	to the partially initialized QEMU driver and cause a crash.

	Don't pass virConnectPtr in nwfilter 'struct domUpdateCBStruct'
	The nwfilter driver only needs a reference to its private
	state object, not a full virConnectPtr. Update the domUpdateCBStruct
	struct to have a 'void *opaque' field instead of a virConnectPtr.

	Remove virConnectPtr arg from virNWFilterDefParse*
	None of the virNWFilterDefParse* methods require a virConnectPtr
	arg, so just drop it

2013-10-07  Claudio Bley  <cbley@av-test.de>

	Adjust legacy max payload size to account for header information
	Commit 27e81517a87 set the payload size to 256 KB, which is
	actually the max packet size, including the size of the header.
	Reduce this by VIR_NET_MESSAGE_HEADER_MAX (24) and set
	VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX to 262120, which was the original
	value before increasing the limit in commit eb635de1fed.

2013-10-07  Ryota Ozaki  <ozaki.ryota@gmail.com>

	nodeinfo: make freebsdNodeGetCPUCount work on Mac OS X
	This fixes the following error:
	  error : nodeGetInfo:933 : this function is not supported
	  by the connection driver: node info not implemented on this platform
	The freebsdNodeGetCPUCount was renamed to appleFreebsdNodeGetCPUCount
	in order to make more visible the fact, that it works on Mac OS X too.
	Mac OS X can use sysctlbyname as same as FreeBSD to get the CPU
	frequency. However, the MIB style name is different from FreeBSD's.
	And the unit of the return frequency is also different.

	rpc: fix getsockopt for LOCAL_PEERCRED on Mac OS X
	This fixes the following error:
	  error : virGetUserEnt:703 : Failed to find user record for uid '32654'
	'32654' (it's random and varies) comes from getsockopt with
	LOCAL_PEERCRED option. getsockopt returns w/o error but seems
	to not set any value to the buffer for uid.
	For Mac OS X, LOCAL_PEERCRED has to be used with SOL_LOCAL level.
	With SOL_LOCAL, getsockopt returns a correct uid.
	Note that SOL_LOCAL can be found in
	/System/Library/Frameworks/Kernel.framework/Versions/A/Headers/sys/un.h.

2013-10-07  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	doc: fix typo in HACKING
	s/installion/installation

2013-10-05  Eric Blake  <eblake@redhat.com>

	build: fix build on 32-bit platforms
	qemumonitorjsontest.c: In function 'testQemuMonitorJSONqemuMonitorJSONGetBalloonInfo':
	qemumonitorjsontest.c:1134: warning: integer constant is too large for 'long' type
	* tests/qemumonitorjsontest.c
	(testQemuMonitorJSONqemuMonitorJSONGetBalloonInfo)
	(testQemuMonitorJSONqemuMonitorJSONGetBlockStatsInfo): Use correct
	type.

	build: fix build on RHEL 5
	On RHEL 5, compilation fails with:
	storage/storage_backend.c: In function 'createRawFile':
	storage/storage_backend.c:339: warning: implicit declaration of function 'fallocate'
	storage/storage_backend.c:339: warning: nested extern declaration of 'fallocate' [-Wnested-externs]
	But:
	$ grep HAVE_FALLOCATE config.h
	/* #undef HAVE_FALLOCATE */
	Huh? It turns out that in kernels that old, fallocate() is not
	implemented (config.h is correct), but <linux/fs.h> defines
	HAVE_FALLOCATE as an empty witness macro for a completely
	different purpose.  Since storage_backend.c is including
	<linux/fs.h> on RHEL 5, we are hosed by the kernel definition.
	Newer kernels no longer pollute the namespace, and it's fairly
	easy to convert to an expression that works with both the old
	kernel witness and the new-style config.h (undefined or 1).
	Problem introduced in commit 532fef3.
	* src/storage/storage_backend.c (createRawFile): Avoid namespace
	pollution from kernel, by checking HAVE_FALLOCATE for a value.

	build: fix build --without-remote
	I tried to test ./configure --without-lxc --without-remote.
	First, the build failed with some odd errors, such as an
	inability to build xen, or link failures for virNetTLSInit.
	But when you think about it, once there is no remote code,
	all of libvirtd is useless, any stateful driver that depends
	on libvirtd is also not worth compiling, and any libraries
	used only by RPC code are not needed.  So I patched
	configure.ac to make for some saner defaults when an
	explicit disable is attempted.  Similarly, since we have
	migrated virnetdevbridge into generic code, the workaround
	for Linux kernel stupidity must not depend on stateful
	drivers being in use.
	Then there's 'make check' that needs segregation.
	Wow - quite a bit of cleanup to make --without-remote useful :)
	* configure.ac: Let --without-remote toggle defaults on stateful
	drivers and other libraries.  Pick up Linux kernel workarounds
	even when qemu and lxc are not being compiled.
	* tests/Makefile.am (test_programs): Factor out programs that
	require remote.
	* src/libvirt_private.syms (rpc/virnet*.h): Move...
	* src/libvirt_remote.syms: ...into new file.
	* src/Makefile.am (SYM_FILES): Ship new syms file.

2013-10-05  Cole Robinson  <crobinso@redhat.com>

	docs: aclpolkit: Fix a heading typo

2013-10-04  Oskari Saarenmaa  <os@ohmu.fi>

	storage: fix file allocation behavior in file cloning
	Fixed the safezero call for allocating the rest of the file after cloning
	an existing volume; it used to always use a zero offset, causing it to
	only allocate the beginning of the file.
	Also modified file creation to try to use fallocate(2) to pre-allocate
	disk space before copying any data to make sure it fails early on if disk
	is full and makes sure we can skip zero blocks when copying file contents.
	If fallocate isn't available we will zero out the rest of the file after
	cloning and only use sparse cloning if client requested a lower allocation
	than the input volume's capacity.

	virfile: safezero: fix buffer allocation max size
	My previous commit 7dc1d4ab was supposed to change safezero to allocate
	1 megabyte at maximum, but had the logic reversed and will allocate 1
	megabyte at minimum (and a lot more at maximum.)

2013-10-04  Cole Robinson  <crobinso@redhat.com>

	test: Fix coverity warnings

2013-10-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: Use maximum guest memory size when getting NUMA placement advice
	When starting the VM the guest balloon driver is not loaded at that
	time. We need to ask numad for placement of the complete VM.

2013-10-04  John Ferlan  <jferlan@redhat.com>

	nodedev: Resolve Relax-NG validity error
	Commit id 'c4a4603de' added an output <path> to the nodedev xml, but
	did not update the schema.
	This resulted in the failure of the 'virt-xml-validate' on a file
	generated by 'virsh nodedev-dumpxml pci_0000_00_00_0' (for example).
	This was found/seen by running autotest on my host.

2013-10-04  Gao feng  <gaofeng@cn.fujitsu.com>

	Free cmd in virNetDevVethCreate

	Free cmd in virNetDevVethDelete

2013-10-04  Oskari Saarenmaa  <os@ohmu.fi>

	virfile: safezero: fall back to writing block by block if mmap fails
	mmap can fail on 32-bit systems if we're trying to zero out a lot of data.
	Fall back to using block-by-block writing in that case.  While we could map
	smaller blocks it's unlikely that this code is used a lot and its easier to
	just fall back to one of the existing methods.
	Also modified the block-by-block zeroing to not allocate a megabyte of
	zeroes if we're writing less than that.

2013-10-04  Cole Robinson  <crobinso@redhat.com>

	test: snapshot: Add REDEFINE support

	qemu: snapshot: Break out redefine preparation to shared function

	test: Implement snapshot create/delete/revert APIs
	Again stolen from qemu_driver.c, but dropping all the unneeded bits.
	This aims to copy all the current qemu validation checks since that's
	the most commonly used real driver, but some of the checks are
	completely artificial in the test driver.
	This only supports creation of internal snapshots for initial
	simplicity.

	test: Allow specifying domainsnapshot XML
	The user can pass it as a <test:domainsnapshot> subelement of a <domain>.

	qemu: snapshots: Simplify REDEFINE flag check
	Makes things more readable IMO

2013-10-03  Laine Stump  <laine@laine.org>

	qemu: check actual netdev type rather than config netdev type during init
	This resolves:
	   https://bugzilla.redhat.com/show_bug.cgi?id=1012824
	   https://bugzilla.redhat.com/show_bug.cgi?id=1012834
	Note that a similar problem was reported in:
	   https://bugzilla.redhat.com/show_bug.cgi?id=827519
	but the fix only worked for <interface type='hostdev'>, *not* for
	<interface type='network'> where the network itself was a pool of
	hostdevs.
	The symptom in both cases was this error message:
	   internal error: Unable to determine device index for network device
	In both cases the cause was lack of proper handling for netdevs
	(<interface>) of type='hostdev' when scanning the netdev list looking
	for alias names in qemuAssignDeviceNetAlias() - those that aren't
	type='hostdev' have an alias of the form "net%d", while those that are
	hostdev use "hostdev%d". This special handling was completely lacking
	prior to the fix for Bug 827519 which was:
	When searching for the highest alias index, libvirt looks at the alias
	for each netdev and if it is type='hostdev' it ignores the entry. If
	the type is not hostdev, then it expects the "net%d" form; if it
	doesn't find that, it fails and logs the above error message.
	That fix works except in the case of <interface type='network'> where
	the network uses hostdev (i.e. the network is a pool of VFs to be
	assigned to the guests via PCI passthrough). In this case, the check
	for type='hostdev' would fail because it was done as:
	     def->net[i]->type == VIR_DOMAIN_NET_TYPE_HOSTDEV
	(which compares what was written in the config) when it actually
	should have been:
	    virDomainNetGetActualType(def->net[i]) == VIR_DOMAIN_NET_TYPE_HOSTDEV
	(which compares the type of netdev that was actually allocated from
	the network at runtime).
	Of course the latter wouldn't be of any use if the netdevs of
	type='network' hadn't already acquired their actual network connection
	yet, but manual examination of the code showed that this is never the
	case.
	While looking through qemu_command.c, two other places were found to
	directly compare the net[i]->type field rather than getting actualType:
	* qemuAssignDeviceAliases() - in this case, the incorrect comparison
	  would cause us to create a "net%d" alias for a netdev with
	  type='network' but actualType='hostdev'. This alias would be
	  subsequently overwritten by the proper "hostdev%d" form, so
	  everything would operate properly, but a string would be
	  leaked. This patch also fixes this problem.
	* qemuAssignDevicePCISlots() - would defer assigning a PCI address to
	  a netdev if it was type='hostdev', but not for type='network +
	  actualType='hostdev'. In this case, the actual device usually hasn't
	  been acquired yet anyway, and even in the case that it has, there is
	  no practical difference between assigning a PCI address while
	  traversing the netdev list or while traversing the hostdev
	  list. Because changing it would be an effective NOP (but potentially
	  cause some unexpected regression), this usage was left unchanged.

2013-10-03  Michal Privoznik  <mprivozn@redhat.com>

	qemucapabilitiesdata: Add qemu-1.6.50 data

	qemucapabilitiesdata: Add qemu-1.6.0 data

	qemucapabilitiesdata: Add qemu-1.4.2 data

	qemucapabilitiesdata: Add qemu-1.3.1 data

	qemucapabilitiesdata: Add qemu-1.2.2 data

	qemuMonitorTestFree: Join worker thread
	Join the worker thread no matter if it is running or zombie already.
	With current implementation the thread is joined iff @running is true.
	However, when worker executes the last line, @running is set to false.
	Hence qemuMonitorTestFree() won't join it (and free resources) even
	though we can clearly see worker has run (nobody else sets @running =
	false).

	qemumonitorjsontest: Test qemuMonitorJSONSystemPowerdown
	Right now, we are testing qemuMonitorSystemPowerdown instead of
	qemuMonitorJSONSystemPowerdown. It makes no harm, as both functions have
	the same header and the former is just a wrapper over the latter. But we
	should be consistent as we're testing the JSON functions only in here.

2013-10-03  Daniel P. Berrange  <berrange@redhat.com>

	Use 'vnet' as prefix for veth devices
	The XML parser reserves 'vnet' as a prefix for automatically
	generated NIC device names. Switch the veth device creation
	to use this prefix, so it does not have to worry about clashes
	with user specified names in the XML.

	Retry veth device creation on failure
	The veth device creation code run in two steps, first it looks
	for two free veth device names, then it runs ip link to create
	the veth pair. There is an obvious race between finding free
	names and creating them, when guests are started in parallel.
	Rewrite the code to loop and re-try creation if it fails, to
	deal with the race condition.

	Avoid deleting NULL veth device name
	If veth device allocation has a fatal error, the veths
	array may contain NULL device names. Avoid calling the
	virNetDevVethDelete function on such names.

	Avoid reporting an error if veth device is already deleted
	The kernel automatically destroys veth devices when cleaning
	up the container network namespace. During normal shutdown, it
	is thus likely that the attempt to run 'ip link del vethN'
	will fail. If it fails, check if the device exists, and avoid
	reporting an error if it has gone. This switches to use the
	virCommand APIs instead of virRun too.

	Don't set netdev offline in container cleanup
	During container cleanup there is a race where the kernel may
	have destroyed the veth device before we try to set it offline.
	This causes log error messages. Given that we're about to
	delete the device entirely, setting it offline is pointless.

2013-10-03  Michal Privoznik  <mprivozn@redhat.com>

	qemumonitorjsontest: Test qemuMonitorJSONGetMigrationCapability
	And so do qemuMonitorJSONSetMigrationCapability.

	qemumonitorjsontest: Test qemuMonitorJSONGetTargetArch

	qemumonitorjsontest: Test qemuMonitorJSONSetBlockIoThrottle
	Also do qemuMonitorJSONGetBlockIoThrottle.

	qemumonitorjsontest: Test qemuMonitorJSONGetPtyPaths

	qemumonitorjsontest: Test qemuMonitorJSONGetSpiceMigrationStatus

	qemumonitorjsontest: Test qemuMonitorJSONGetMigrationStatus

	qemumonitorjsontest: Test qemuMonitorJSONGetMigrationCacheSize

	qemumonitorjsontest: Test qemuMonitorJSONGetBlockStatsInfo
	While the reply can be reused test qemuMonitorJSONGetBlockExtent and
	qemuMonitorJSONGetBlockExtent too.

	qemumonitorjsontest: Test qemuMonitorJSONGetBlockInfo

	qemumonitorjsontest: Test qemuMonitorJSONGetBalloonInfo

	qemuMonitorJSONSendKey: Avoid double free
	After successful @cmd construction the memory where @keys points to is
	part of @cmd. Avoid double freeing it.

	qemuMonitorJSONGetVirtType: Fix error message
	When querying for kvm, we try to find 'enabled' field. Hence the error
	message should report we haven't found 'enabled' and not 'running'
	(which is not even in the reply). Probably a typo or copy-paste error.

2013-10-02  Michal Privoznik  <mprivozn@redhat.com>

	qemu_hotplug: Allow QoS update in qemuDomainChangeNet
	The qemuDomainChangeNet() is called when 'virsh update-device' is
	invoked on a NIC. Currently, we fail to update the QoS even though
	we have routines for that.

	virNetDevBandwidthEqual: Make it more robust
	So far the virNetDevBandwidthEqual() expected both ->in and ->out items
	to be allocated for both @a and @b compared. This is not necessary true
	for all our code. For instance, running 'update-device' twice over a NIC
	with the very same XML results in SIGSEGV-ing in this function.

2013-10-01  Cole Robinson  <crobinso@redhat.com>

	test: Implement readonly snapshot APIs
	This is just stolen from qemu_driver.c with tweaks to fit the
	test driver.

	test: Wire up managed save APIs
	Also add a <test:hasmanagedsave> element to set this data when starting
	the connection.

	test: Allow specifying object transient state in driver XML
	Similar to the runstate commit, allow a boolean <test:transient/>
	element for setting domain persistence at driver startup.

	qemu: cgroup: Fix crash if starting nographics guest
	We can dereference graphics[0] even if guest has no graphics device
	configured. I screwed this up in a216e6487255d3b65d97c7ec1fa5da63dbced902
	https://bugzilla.redhat.com/show_bug.cgi?id=1014088

2013-10-01  Ján Tomko  <jtomko@redhat.com>

	selinux: Only close the selabel_handle once
	On selinux driver initialization failure (missing/incorrectly
	formatted contexts file), selabel_handle was closed twice.
	Introduced by 6159710.

	Fix handling of IPv6 listen addresses in cmdDomDisplay
	Use virSocketAddrIsWildcard instead of STREQ to check for the ANY
	address and put brackets around the address if it contains ':'.

2013-10-01  Laine Stump  <laine@laine.org>

	util: recognize SMB/CIFS filesystems as shared
	This should resolve:
	  https://bugzilla.redhat.com/show_bug.cgi?id=1012085
	libvirt previously recognized NFS, GFS2, OCFS2, and AFS filesystems as
	"shared", and thus eligible for exceptions to certain rules/actions
	about chowning image files before handing them off to a guest. This
	patch widens the definition of "shared filesystem" to include SMB and
	CIFS filesystems (aka "Windows file sharing"); both of these use the
	same protocol, but different drivers so there are different magic
	numbers for each.

2013-10-01  Michal Privoznik  <mprivozn@redhat.com>

	tests: Introduce qemucapabilitiestest
	This test is there to ensure that our capabilities detection code isn't
	broken somehow.
	How to gather test data:
	Firstly, the data is split into two separate files. The former (with
	suffix .replies) contains all the qemu replies. This is very fragile as
	introducing a new device can mean yet another monitor command and hence
	edit of this file in the future. But there's no better way of doing
	this. To get this data simply turn on debug logs and copy all the
	QEMU_MONITOR_IO_PROCESS lines. But be careful to not copy incomplete
	ones (yeah, we report some incomplete lines too). Long story short, at
	the libvirtd startup, a dummy qemu is spawn to get all the capabilities.
	The latter (with suffix .caps) contains capabilities XML. Just start a
	domain and copy the corresponding part from its state XML file.
	Including <qemuCaps> tag.

	qemuMonitorTest: Make check for monitor command match optional
	In a few cases we might want to not care if monitor command executed on
	the mocked monitor matches the one we have reply for. Sounds crazy, but
	if we just want monitor to return certain values (e.g. read from a file)
	there is no need to care about command match.

	tests: Learn qemuMonitorTestNew optional greeting
	Currently, when creating a new mocked monitor, the greeting can't be
	chosen. This is crucial for next patches, because some info as qemu
	version is obtained in the greeting message.

	qemu_capabilities: Introduce virQEMUCapsInitQMPMonitor
	This basically covers the talking-to-monitor part of
	virQEMUCapsInitQMP.  The patch itself has no real value,
	but it creates an entity to be tested in the next patches.

2013-10-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.1.3
	- configure.ac docs/news.html.in libvirt.spec.in: update for release
	- po/*.po*: updated localization and regenerated

2013-10-01  Doug Goldstein  <cardoe@cardoe.com>

	VMware: Add Fusion version test
	This adds a test for the version string of VMware Fusion.

2013-10-01  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	lxc: do cleanup when failed to bind fs as read-only
	We forgot to do cleanup when lxcContainerMountFSTmpfs
	failed to bind fs as read-only.

2013-10-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix max stream packet size for old clients
	The libvirtd server pushes data out to clients. It does not
	know what protocol version the client might have, so must be
	conservative and use the old payload limits. ie send no more
	than 256kb of data per packet.

2013-09-30  Cédric Bosdonnat  <cbosdonnat@suse.com>

	LXC: workaround machined uncleaned data with containers running systemd.
	The problem is described by [0] but its effect on libvirt is that
	starting a container with a full distro running systemd after having
	stopped it simply fails.
	The container cleanup now calls the machined Terminate function to make
	sure that everything is in order for the next run.
	 [0]: https://bugs.freedesktop.org/show_bug.cgi?id=68370

2013-09-30  Oskari Saarenmaa  <os@ohmu.fi>

	virfile: safezero: align mmap offset to page size
	mmap's offset must be aligned to page size or mapping will fail.
	mmap-based safezero is only used if posix_fallocate isn't available.

2013-09-30  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	virscsi: hostdev SCSI AdapterId retrieval fix
	Fixed the retrieval of the AdapterId from the AdapterName of the
	hostdev source so it does return an error instead of leaving the
	adapter_id uninitialized.
	Reviewed-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

2013-09-30  Hongwei Bi  <hwbi2008@gmail.com>

	virsh-volume: Add missing check when calling virStreamNew
	Check return value of virStreamNew when called by cmdVolUpload and
	cmdVolDownload.

	virsh-domain: Free dom before return false in cmdDump

2013-09-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Silence coverity warning when rewinding log file
	The change in ef29de14c37d14abc546e90555a0093797facfdd that introduced
	better error logging from qemu introduced a warning from coverity about
	unused return value from lseek. Silence this warning and fix typo in the
	corresponding error message.
	Reported by: John Ferlan

2013-09-30  Michal Privoznik  <mprivozn@redhat.com>

	python: Document virNodeGetInfo bug
	The memory size in virNodeGetInfo python API binding is reported in MiB
	instead of KiB (like we have in C struct). However, there already might
	be applications out there relying on this inconsistence so we can't
	simply fix it. Document this sad fact as known bug.

2013-09-30  Daniel Veillard  <veillard@redhat.com>

	Remove tab from previous commit

2013-09-29  Doug Goldstein  <cardoe@cardoe.com>

	VMware: Initial VMware Fusion support
	Add support for VMware Fusion in the existing VMware driver.  Connect
	via the URI vmwarefusion:///session

	VMware: Support more than 2 driver backends
	Currently the VMware version check code only supports two types of
	VMware backends, Workstation and Player. But in the near future we will
	have an additional one so we need to support more. Additionally, we
	discover and cache the path to the vmrun binary so we should use that
	path when using the corresponding binary from the VMware VIX SDK.

2013-09-28  Eric Blake  <eblake@redhat.com>

	build: fix build --without-lxc
	'make distcheck' fails from a directory configured --without-lxc:
	  GEN      virt-login-shell.1
	Can't write-open ../../tools/virt-login-shell.1: Permission denied at /usr/bin/pod2man line 69.
	* tools/Makefile.am (EXTRA_DIST): Ship pre-built man page.

	build: tweak vpath builds of net_rpc
	Another case missed by commits 716c7bb and 6973e02.
	* src/Makefile.am (VIR_NET_RPC_GENERATED): Drop $(srcdir).
	(libvirt_net_rpc_la_SOURCES): List generated files more compactly.

2013-09-28  Michal Privoznik  <mprivozn@redhat.com>

	Makefile.am: Always include rule to make org.libvirt.api.policy
	When running 'make dist' on a system without policykit, we currently
	fail. This is because $(srcdir)/access/org.libvirt.api.policy is in
	EXTRA_DIST, however, the rule to generate the file is conditional
	whether we build with polkit or not.

	fchosttest: Run the test only under linux
	Currently, we have functions to handle fc_host implemented just
	for linux. On all other platforms an error is thrown. It makes no
	sense to run the test on those platforms then.

	genprotocol.pl: Fix code on FreeBSD too
	On some systems (linux, cygwin and gnukfreebsd) rpcgen generates files
	which when compiling produces this warning:
	remote/remote_protocol.c: In function 'xdr_remote_node_get_cpu_stats_ret':
	remote/remote_protocol.c:530: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
	Hence, on those systems we need to post-process the files by the
	rpc/genprotocol.pl perl script. At the beginning of the script the OS is
	detected via $^O perl variable. From my latest build on FreeBSD I see we
	need to fix the code there too. On FreeBSD the variable contains
	'freebsd' string:
	http://perldoc.perl.org/perlport.html#PLATFORMS

2013-09-28  Doug Goldstein  <cardoe@cardoe.com>

	event: Make debug message match function comments
	The debug message said there was a timeout of 0 pending for -1 ms which
	made me think this is where a hang was coming from but according to the
	function comments this case means that there is no timeout pending so
	make the debug message say that instead of saying there's a -1 ms
	timeout.

	BSD: Ensure process creation timestamp is init'd
	While BSDs don't support process creation timestamp information via
	PEERCRED for Unix sockets, we need to actually initialize the value
	because it is used by the libvirt code.

	BSD: Ensure UNIX socket credentials are valid
	Ensure that the socket credentials we got back on BSD are valid before
	using them.

2013-09-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash in libvirtd when events are registered & ACLs active
	When a client disconnects from libvirtd, all event callbacks
	must be removed. This involves running the public API
	  virConnectDomainEventDeregisterAny
	This code does not run in normal API dispatch context, so no
	identity was set. The result was that the access control drivers
	denied the attempt to deregister callbacks. The callbacks thus
	continued to trigger after the client was free'd causing fairly
	predictable use of free memory & a crash.
	This can be triggered by any client with readonly access when
	the ACL drivers are active.

2013-09-27  Christophe Fergeau  <cfergeau@redhat.com>

	virsh: Fix domdisplay when domain only uses TLS
	It's possible to create a domain which will only use a TLS port
	and will not have a non-TLS port set by using:
	<graphics type='spice' autoport='yes' defaultMode='secure'/>
	In such a setup, the 'graphics' node for the running domain will be:
	<graphics type='spice' tlsPort='5900'
	          autoport='yes' listen='127.0.0.1'
	          defaultMode='secure'>
	However, cmdDomDisplay loops over all the 'graphics' node, and it
	ignores nodes which don't have a 'port' attribute. This means
	'virsh domdisplay' will only return an empty string for domains
	as the one above.
	This commit looks for both 'port' and 'tlsPort' before deciding
	to ignore a graphics node. It also makes sure 'port' is not printed
	when it's not set.
	This makes 'virsh domdisplay' return
	'spice://127.0.0.1?tls-port=5900' for domains using only a TLS
	port.

2013-09-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Free all driver data in qemuStateCleanup
	https://bugzilla.redhat.com/show_bug.cgi?id=1011330 (case A)
	While activeScsiHostdevs and webSocketPorts were allocated in
	qemuStateInitialize, they were not freed in qemuStateCleanup.

	qemu: Don't leak reference to virQEMUDriverConfigPtr
	https://bugzilla.redhat.com/show_bug.cgi?id=1011330 (case D)
	qemuProcessStart created two references to virQEMUDriverConfigPtr before
	calling fork():
	    cfg = virQEMUDriverGetConfig(driver);
	    ...
	    hookData.cfg = virObjectRef(cfg);
	However, the child only unreferenced hookData.cfg and the parent only
	removed the cfg reference. That said, we don't need to increment the
	reference counter when assigning cfg to hookData. Both the child and the
	parent will correctly remove the reference on cfg (the child will do
	that through hookData).

2013-09-27  Eric Blake  <eblake@redhat.com>

	build: fix testsuite building under cygwin
	Similar to commit 8f34f19.
	* tests/Makefile.am (virnetserverclienttest_CFLAGS): Add XDR_CFLAGS.

2013-09-27  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	build: Fix VPATH build error for locking daemon
	Removed superfluous/wrong srcdir prefix.

2013-09-27  Jiri Denemark  <jdenemar@redhat.com>

	rpc: Increase bound limit for virDomainGetJobStats
	https://bugzilla.redhat.com/show_bug.cgi?id=1012818
	Commit 6d7d0b1869ed293e3208d11f375cecea0129dfc5 (in 1.1.2) added bounds
	checking to virDomainGetJobStats. But even at that time the API was able
	to return 20 parameters while the limit was set to 16.

2013-09-27  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	lxc: fix a warning typo in virLXCControllerEventSend
	s/becuase/because/

2013-09-27  Eric Blake  <eblake@redhat.com>

	maint: fix comment typos
	* src/lxc/lxc_controller.c (virLXCControllerSetupDisk): Fix typo.
	* src/lxc/lxc_driver.c (lxcDomainAttachDeviceDiskLive): Likewise.

	build: fix use of rpc.h on cygwin
	Caused by commit 012c25e8 splitting out a convenience library.
	  CC       libvirtd_conf_la-libvirtd-config.lo
	In file included from ../src/rpc/virnetmessage.h:24:0,
	                 from ../src/rpc/virnetserverprogram.h:27,
	                 from ../src/rpc/virnetserver.h:32,
	                 from libvirtd-config.c:31:
	../src/rpc/virnetprotocol.h:9:21: fatal error: rpc/rpc.h: No such file
	or directory
	* daemon/Makefile.am (libvirtd_conf_la_CFLAGS): Add XDR_CFLAGS.

2013-09-26  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: free dst before lxcDomainAttachDeviceDiskLive returns
	Free dst before lxcDomainAttachDeviceDiskLive returns

	qemu: virDomainControllerFind may return 0 if controller found
	The return value of virDomainControllerFind >=0 means that
	the specific controller was found.
	But some functions invoke it and treat 0 as not found.
	This patch fix these incorrect invocation.

2013-09-26  Guido Günther  <agx@sigxcpu.org>

	Distribute check-aclperms.pl
	so "make check" can work for the distributed tarballs too.

2013-09-26  Peter Krempa  <pkrempa@redhat.com>

	conf: clean up virDomainChrSourceDefParseXML
	Tweak some conditions and use correct typecasts in enums.

	conf: Don't crash on invalid chardev source definition of RNGs and other
	Since commit 297c99a5 an invalid source definition XML of a character
	device that is used as backend for RNG devices, smartcards and redirdevs
	causes crash of the daemon when parsing such a definition.
	The device types mentioned above are not a part of a regular character
	device but are backends for other types. Thus when parsing such device
	NULL is passed as the argument @chr_def. Later when checking the
	validity of the definition @chr_def was dereferenced when parsing a UNIX
	socket backend with missing path of the socket and crashed the daemon.
	Sample offending configuration:
	  <devices>
	  ...
	    <rng model='virtio'>
	      <backend model='egd' type='unix'>
	        <source mode='bind' service='1024'/>
	      </backend>
	    </rng>
	  </devices>
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1012196

2013-09-26  Cole Robinson  <crobinso@redhat.com>

	spec: Clean up distribution of ChangeLog (and others)
	- Move COPYING* to libvirt-client, so every package pulls them in
	- Move AUTHORS ChangeLog.gz NEWS README TODO from -daemon to -docs
	- Drop duplicate distribution of docs in -python
	https://bugzilla.redhat.com/show_bug.cgi?id=977099

	test: Allow specifying object runstate in driver XML
	When passing in custom driver XML, allow a block like
	<domain xmlns:test='http://libvirt.org/schemas/domain/test/1.0'>
	  ...
	  <test:runstate>5</test:runstate>
	</domain>
	This is only read at initial driver start time, and sets the initial
	run state of the object. This is handy for UI testing.
	It's only wired up for domains, since that's the only conf/
	infrastructure that supports namespaces at the moment.

2013-09-26  Daniel P. Berrange  <berrange@redhat.com>

	Avoid use of uninitialized data in virnetmessagetest
	If an error occurs in virnetmessagetest it was possible it
	would free uninitialized data.

	Avoid crash on OOM in virnetmessagetest
	The virnetmessagetest code did not check for failure to
	allocate the message object. This lead to a crash on OOM
	in the test suite.

	Avoid crash on OOM in virportallocatortest
	The virportallocatortest did not check if the object
	allocation failed in all cases. This lead to a crash
	on OOM in the testsuite

	Avoid crash on OOM in virlockspacetest
	The virlockspacetest.c did not check for failure to create
	a lockspace, causing a crash on OOM

	Avoid crash on OOM in virbuftest
	The virbuftest code did not check virBufferError before
	accessing the buffer contents, resulting in a crash on
	OOM conditions.

	Avoid uninitialized data in qemuMonitorTestNew
	The virDomainChrSourceDef variable should be memset to
	0, so that the cleanup block does not free uninitialized
	data on OOM.

	Avoid double free in qemuMonitorCommonTestInit on OOM
	The qemuMonitorCommonTestInit method did not allocate the
	test object, so it should not free it upon failure. Doing
	so causes a double free with the caller.

	Fix leak on OOM in qemuMonitorCommonTestNew
	Don't leak the path string in qemuMonitorCommonTestNew if
	an OOM occurs.

	Don't ignore errors parsing nwfilter rules
	For inexplicable reasons, the nwfilter XML parser is intentionally
	ignoring errors that arise during parsing. As well as meaning that
	users don't get any feedback on their XML mistakes, this will lead
	it to silently drop data in OOM conditions.

	Fix leak in virLockSpaceResourceFree
	Normally a lockspace resource is not freed while there are
	active owners. During initial resource creation though, an
	OOM error will trigger this scenario. virLockSpaceResourceFree
	was not freeing the 'owners' field in this case.

	Fix leak of parser state in virJSONValueFromString
	If OOM or another error occurs in virJSONValueFromString the
	parser state object will be leaked.

	Fix double-free in virJSONParserHandleStartMap on OOM
	If OOM occurs in virJSONParserHandleStartMap it will free
	a variable that is owned by another object. This leads to
	a later double-free.

	Fix leak of iterators in virDBusMessageIterEncode
	If virDBusMessageIterEncode hits an OOM condition it often
	leaks the memory associated with the dbus iterator object

	Don't print all test suite errors to stderr in vmx2xmltest
	The vmx2xmltest test would print all errors to stderr, which
	is not helpful when running OOM tests, and differs from the
	behaviour of other tests.

	Fix leak of comment string if virConfAddEntry fails on OOM
	The code parsing comments in config files called virConfAddEntry
	but did not check for failure. This caused the comment string to
	leak on OOM.

	Add missing check for OOM with virVMXEscapeHexPipe
	The virVMXFormatConfig called virVMXEscapeHexPipe but
	forgot to check for OOM. This caused data to silently
	be lost.

	Fix crash on OOM parsing storage pool XML
	The virStoragePoolDefParseSource method would set def->nhosts
	before allocating def->hosts. If the allocation failed due to
	OOM, the cleanup code would crash accessing out of bounds.

	Fix double free of hostdev on OOM in xenParseSxprPCI
	If xenParseSxprPCI failed to expand the def->hostdevs array
	due to OOM, it would free the hostdev instance twice.

	Don't clobber 'ret' in LXC XML test case
	The testCompareXMLToXMLHelper method clobbered the 'ret' variable
	in several places leading to a failure to report OOM errors from
	the test suite.

	Fix crash on OOM in virDomainSnapshotDefParse
	The virDomainSnapshotDefParse method assigned to def->ndisks
	before allocating def->disks. Thus if an OOM occurred, the
	cleanup code would access out of bounds.

	Don't clobber return value in virInterfaceDefParseProtoIPv6
	Several places in virInterfaceDefParseProtoIPv6 clobber the
	default 'ret' return value. So when jumping to cleanup on
	error, 'ret' may mistakenly be set to 0 instead of -1. This
	caused failure to report OOM errors, meaning data was silently
	lost during parsing.

	Fix handling of OOM when getting Xen dom ID
	The methods for obtaining the Xen dom ID cannot distinguish
	between returning -1 due to an error and returning -1 due to
	the domain being shutoff. Change them to return the dom ID
	via an output parameter.

	Fix crash on OOM in xenParseSxpr
	The xenParseSxpr method sets def->nconsoles to 1 before allocating
	the def->consoles array. If the allocation fails due to OOM the
	cleanup code will thus crash accessing out of bounds.

2013-09-25  Hongwei Bi  <hwbi2008@gmail.com>

	virsh-domain: Add a missing check and fix leak in cmdScreenshot

2013-09-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of serial value in xenFormatXM on OOM
	If an OOM occurs in xenFormatXM when formatting to the
	serial device value, the value is leaked.

	Fix broken formatting on OOM in xenFormatXM
	If an OOM occurs when xenFormatXM is setting the 'hpet'
	variable it is silently ignored. Fix it to propagate
	to the callers.

	Fix crash on OOM in xenParseXM handling consoles
	The xenParseXM sets def->nconsoles to 1 before claling
	VIR_REALLOC_N on def->consoles. So if the alloc fails
	due to OOM, the cleanup code will crash accessing a
	console that does not exist.

	Fix leak of char device in xenParseXM
	If an OOM occurs in xenParseXM, a virDomainChrDef may be
	leaked.

	Fix leak of command line args in qemuParseCommandLine
	If qemuParseCommandLine finds an arg it does not understand
	it adds it to the QEMU passthrough custom arg list. If the
	qemuParseCommandLine method hits an error for any reason
	though, it just does 'VIR_FREE(cmd)' on the custom arg list.
	This means all actual args / env vars are leaked. Introduce
	a qemuDomainCmdlineDefFree method to be used for cleanup.

	Fix leak in qemuParseCommandLine on OOM
	If the call to virDomainControllerInsert fails in
	qemuParseCommandLine, the controller struct is leaked.

	Fix leak in qemuStringToArgvEnv upon OOM
	The 'qemuStringToArgvEnv' method splits up a string of command
	line env/args to an 'arglist' array. It then copies env vars
	to a 'progenv' array and args to a 'progargv' array. When
	copyin the env vars, it NULL-ifies the element in 'arglist'
	that is copied.
	Upon OOM the 'virStringListFree' is called on progenv and
	arglist. Unfortunately, because the elements in 'arglist'
	related to env vars have been set to NULL, the call to
	virStringListFree(arglist) doesn't free anything, even
	though some non-NULL args vars still exist later in the
	array.
	To fix this leak, stop NULL-ifying the 'arglist' elements,
	and change the cleanup code to only free elements in the
	'arglist' array, not 'progenv'.

	Fix missing jump to error cleanup in qemuParseCommandLineDisk
	In a number of places in qemuParseCommandLineDisk, an error
	is reported, but no 'goto error' jump is used. This causes
	failure to report OOM conditions to the caller.

	Fix leak in qemuParseCommandLineDisk on OOM
	If OOM occurs in qemuParseCommandLineDisk some intermediate
	variables will be leaked when parsing Sheepdog or RBD disks.

	Fix leak on OOM in qemuBuildCommandLine dealing with sound card
	The qemuBuildCommandLine code for parsing sound cards will leak
	an intermediate variable if an OOM occurs. Move the free'ing of
	the variable earlier to avoid the leak.

	Fix failure to honour OOM status in qemuParseNBDString
	In qemuParseNBDString, if the virURIParse fails, the
	error is not reported to the caller. Instead execution
	falls through to the non-URI codepath causing memory
	leaks later on.

	Avoid leak in qemuParseRBDString on failure of qemuAddRBDHost
	If qemuAddRBDHost fails due to parsing problems or OOM, then
	qemuParseRBDString cleanup is skipped causing a memory leak.

	Fix leak of address string in qemuDomainPCIAddressGetNextSlot
	qemuDomainPCIAddressGetNextSlot has a loop for finding
	compatible PCI buses. In the loop body it creates a
	PCI address string, but never frees this. This causes
	a leak if the loop executes more than one iteration,
	or if a call in the loop body fails.

	Fix leak in virDomainDefParseXML parsing vcpupin
	If virBitmapNew fails due to OOM, the 'vcpupin' variable
	is leaked.

	Fix leak in virDomainVcpuPinDefParseXML parsing cpumask
	If the virBitmapParse method fails due to OOM, we leak
	the 'tmp' variable string.

	Avoid leak if virDomainSoundCodecDefParseXML return error
	If virDomainSoundCodecDefParseXML returns an error (eg due
	to OOM), then the xml nodeset codecNodes is leaked.

	Fix leak in virDomainVcpuPinDefArrayFree
	If virDomainVcpuPinDefArrayFree is called with def != NULL,
	but nvcpupin == 0, then it leaks memory for 'def'. This is
	an unusual scenario, but it hits when cleaning up after an
	OOM during parsing of XML.

2013-09-25  Laine Stump  <laine@laine.org>

	qemu: prefer to put a Q35 machine's dmi-to-pci-bridge at 00:1E.0
	This resolves one of the issues listed in:
	   https://bugzilla.redhat.com/show_bug.cgi?id=1003983
	00:1E.0 is the location of this controller on at least some actual Q35
	hardware, so we try to replicate the placement. The bridge should work
	just as well in any other location though, so if 00:1E.0 isn't
	available, just allow it to be auto-assigned anywhere appropriate.

	qemu: turn if into switch in qemuDomainValidateDevicePCISlotsQ35
	This will make it simpler to add checks for other types of
	controllers.
	This is a prerequisite for patches to resolve:
	   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

	qemu: support ich9-intel-hda audio device
	This resolves one of the issues in:
	   https://bugzilla.redhat.com/show_bug.cgi?id=1003983
	This device is identical to qemu's "intel-hda" device (known as "ich6"
	in libvirt), but has a different PCI device ID (which matches the ID
	of the hda audio built into the ich9 chipset, of course). It's not
	supported in earlier versions of qemu, so it requires a capability
	bit.

	qemu: replace multiple strcmps with a switch on an enum
	I'm not sure why this code was written to compare the strings that it
	had just retrieved from an enum->string conversion, rather than just
	look at the original enum values, but this yields the same results,
	and is much more efficient (especially as you add more devices).
	This is a prerequisite for patches to resolve:
	   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

	qemu: allow some PCI devices to be attached to PCIe slots
	Part of the resolution to:
	   https://bugzilla.redhat.com/show_bug.cgi?id=1003983
	Although most devices available in qemu area defined as PCI devices,
	and strictly speaking should only be attached via a PCI slot, in
	practice qemu allows them to be attached to a PCIe slot and sometimes
	this makes sense.
	For example, The UHCI and EHCI USB controllers are usually attached
	directly to the PCIe "root complex" (i.e. PCIe slots) on real
	hardware, so that should be possible for a Q35-based qemu virtual
	machine as well.
	We still want to prefer a standard PCI slot when auto-assigning
	addresses, though, and in general to disallow attaching PCI devices
	via PCIe slots.
	This patch makes that possible by adding a new
	QEMU_PCI_CONNECT_TYPE_EITHER_IF_CONFIG flag. Three things are done
	with this flag:
	1) It is set for the "pcie-root" controller
	2) qemuCollectPCIAddress() now has a set of nested switches that set
	this "EITHER" flag for devices that we want to allow connecting to
	pcie-root when specifically requested in the config.
	3) qemuDomainPCIAddressFlagsCompatible() adds this new flag to the
	"flagsMatchMask" if the address being checked came from config rather
	than being newly auto-allocated by libvirt (this knowledge is
	conveniently already available in the "fromConfig" arg).
	Now any device having the EITHER flag set can be connected to
	pcie-root if explicitly requested, but auto-allocated addresses for
	those devices will still be standard PCI slots instead.
	This patch only loosens the restrictions on devices that have been
	specifically requested, but the setup is such that it should be fairly
	easy to add new devices.

	qemu: eliminate redundant if clauses in qemuCollectPCIAddress
	Replace them with switch cases. This will make it more efficient when
	we add exceptions for more controller types, and other device types.
	This is a prerequisite for patches to resolve:
	   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

2013-09-25  Laszlo Ersek  <lersek@redhat.com>

	bridge driver: don't masquerade local subnet broadcast/multicast packets
	Packets sent by guests on virbrN, *or* by dnsmasq on the same, to
	- 255.255.255.255/32 (netmask-independent local network broadcast
	  address), or to
	- 224.0.0.0/24 (local subnetwork multicast range)
	are never forwarded, hence it is not necessary to masquerade them.
	In fact we must not masquerade them: translating their source addresses or
	source ports (where applicable) may confuse receivers on virbrN.
	One example is the DHCP client in OVMF (= UEFI firmware for virtual
	machines):
	  http://thread.gmane.org/gmane.comp.bios.tianocore.devel/1506/focus=2640
	It expects DHCP replies to arrive from remote source port 67. Even though
	dnsmasq conforms to that, the destination address (255.255.255.255) and
	the source address (eg. 192.168.122.1) in the reply allow the UDP
	masquerading rule to match, which rewrites the source port to or above
	1024. This prevents the DHCP client in OVMF from accepting the packet.
	Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=709418

	util/viriptables: add/remove rules that short-circuit masquerading
	The functions
	- iptablesAddForwardDontMasquerade(),
	- iptablesRemoveForwardDontMasquerade
	handle exceptions in the masquerading implemented in the POSTROUTING chain
	of the "nat" table. Such exceptions should be added as chronologically
	latest, logically top-most rules.
	The bridge driver will call these functions beginning with the next patch:
	some special destination IP addresses always refer to the local
	subnetwork, even though they don't match any practical subnetwork's
	netmask. Packets from virbrN targeting such IP addresses are never routed
	outwards, but the current rules treat them as non-virbrN-destined packets
	and masquerade them. This causes problems for some receivers on virbrN.

2013-09-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: Wire up better early error reporting
	The previous patches added infrastructure to report better errors from
	monitor in some cases. This patch finalizes this "feature" by enabling
	this enhanced error reporting on early phases of VM startup. In these
	phases the possibility of qemu producing a useful error message is
	really high compared to running it during the whole life cycle. After
	the start up is complete, the feature is disabled to provide the usual
	error messages so that users are not confused by possibly irrelevant
	messages that may be in the domain log.
	The original motivation to do this enhancement is to capture errors when
	using VFIO device passthrough, where qemu reports errors after the
	monitor is initialized and the existing error catching code couldn't
	catch this producing a unhelpful message:
	 # virsh start test
	 error: Failed to start domain test
	 error: Unable to read from monitor: Connection reset by peer
	With this change, the message is changed to:
	 # virsh start test
	 error: Failed to start domain test
	 error: internal error: early end of file from monitor: possible problem:
	 qemu-system-x86_64: -device vfio-pci,host=00:1a.0,id=hostdev0,bus=pci.0,addr=0x5: vfio: error, group 8 is not viable, please ensure all devices within the iommu_group are bound to their vfio bus driver.
	 qemu-system-x86_64: -device vfio-pci,host=00:1a.0,id=hostdev0,bus=pci.0,addr=0x5: vfio: failed to get group 8
	 qemu-system-x86_64: -device vfio-pci,host=00:1a.0,id=hostdev0,bus=pci.0,addr=0x5: Device 'vfio-pci' could not be initialized

	qemu: monitor: Produce better errors on monitor hangup
	Change the monitor error code to add the ability to access the qemu log
	file using a file descriptor so that we can dig in it for a more useful
	error message. The error is now logged on monitor hangups and overwrites
	a possible lesser error. A hangup on the monitor usualy means that qemu
	has crashed and there's a significant chance it produced a useful error
	message.
	The functionality will be latent until the next patch.

	qemu: monitor: Add infrastructure to access VM logs for better err msgs
	Early VM startup errors usually produce a better error message in the
	machine log file. Currently we were accessing it only when the process
	exited during certain phases of startup. This will help adding a more
	comprehensive error extraction for early qemu startup phases.
	This patch adds infrastructure to keep a file descriptor for the machine
	log file that will be used in case an error happens.

	qemu_process: Make qemuProcessReadLog() more versatile and reusable
	Teach the function to skip character device definitions printed by qemu
	at startup in addition to libvirt log messages and make it usable from
	outside of qemu_process.c. Also add documentation about the func.

2013-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Check return value of virDomainControllerInsert when parsing QEMU args
	The parsing of '-usb' did not check for failure of the
	virDomainControllerInsert method. As a result on OOM, the
	parser mistakenly attached USB disks to the IDE controller.

	Honour error returned by virBitmapFormat
	The code formatting NUMA args was ignoring the return value
	of virBitmapFormat, so on OOM, it would silently drop the
	NUMA cpumask arg.

	Add missing check for OOM when building boot menu args
	When building boot menu args, if OOM occurred the CLI args
	would end up containing  'order=(null)' due to a missing
	call to 'virBufferError'.

	Fix format specifier for OOM test fprintfs
	The testutils.c file had some fprintfs which had not been
	converted from %d to %zu, when 'testCounter' change to be
	a size_t. This was a build breaker if --enable-test-oom
	was enabled

2013-09-24  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Since we're about to freeze, it's time to pick up the latest
	upstream gnulib.  Among other changes, gnulib now guarantees the
	use of some -f flags that we were previously manually adding.
	* .gnulib: Update to latest, in part for warning improvements.
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Drop
	flags that are now guaranteed by gnulib.
	* bootstrap: Resync to gnulib.

2013-09-24  Claudio Bley  <cbley@av-test.de>

	Always open files in binary mode in virFDStreamOpenFileInternal
	On win32, using text mode for binary files might result in short
	reads since ASCII character 0x1A is interpreted as EOF. Also, it
	could lead to problems using the seek functions because of the \r
	handling.

	test: fix call to virFDStreamOpenFile in testDomainScreenshot
	N.B.  This had no ill effects as long as O_RDONLY is defined to
	      to be 0, such that the expression (O_RDONLY < 0) yielded 0
	      again.

2013-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Don't ignore allocation failure in virCommandAddEnvPassCommon
	The virCommandAddEnvPassCommon method ignored the failure to
	pre-allocate the env variable array with VIR_RESIZE_N. While
	this is harmless, it confuses the test harness which is trying
	to validate OOM handling of every individual allocation call.

	Fix reporting of errors in OOM injection code
	When the various viralloc.c functions were changed to use the
	normal error reporting code, the OOM injection code paths
	were not updated to report errors.

	Fix missing OOM check in qemuParseCommandLine when splitting strings
	The qemuParseCommandLine method did not check the return value of
	virStringSplit to see if OOM had occurred. This lead to dereference
	of a NULL pointer on OOM.

	Fix error checking of qemuParseKeywords return status
	Most callers of qemuParseKeywords were assigning its return
	value to a 'size_t' variable. Then then also checked '< 0'
	for error condition, but this will never be true with the
	unsigned size_t variable. Rather than using 'ssize_t', change
	qemuParseKeywords so that the element count is returned via
	an output parameter, leaving the return value solely as an
	error indicator.
	This avoids a crash accessing beyond the end of an error
	upon OOM.

	Fix allocation of arglist in qemuStringToArgvEnv
	In
	  commit 41b550567918790cb304378f39c3ba369bcca28e
	  Author: Eric Blake <eblake@redhat.com>
	  Date:   Wed Aug 28 15:01:23 2013 -0600
	    qemu: simplify list cleanup
	The qemuStringToArgvEnv method was changed to use virStringFreeList
	to free the 'arglist' array. This method assumes the string list
	array is NULL terminated, however, qemuStringToArgvEnv was not
	ensuring this when populating 'arglist'. This caused an out of
	bounds access by virStringFreeList when OOM occured in the initial
	loop of qemuStringToArgvEnv

	Fix crash on OOM in qemuAddRBDHost
	When parsing the RBD hosts, it increments the 'nhosts' counter
	before increasing the 'hosts' array allocation. If an OOM then
	occurs when increasing the array allocation, the cleanup block
	will attempt to access beyond the end of the array. Switch
	to using VIR_EXPAND_N instead of VIR_REALLOC_N to protect against
	this mistake

	Fix crash on OOM in qemuDomainCCWAddressSetCreate()
	If OOM occurs in qemuDomainCCWAddressSetCreate, it jumps to
	a cleanup block and frees the partially initialized object.
	It then mistakenly returns the address of the just free'd
	pointer instead of NULL.

	Fix crash if OOM occurs when creating virConnectPtr
	If a OOM error occurs in virGetConnect, this may cause the
	virConnectDispose method to de-reference a NULL pointer,
	since the close callback will not have been initialized.

	Fix crash on OOM in parsing CPU mask in domain XML
	The virDomainDefParseXML method did not check the return value
	of the virBitmapNew API call for NULL. This lead to a crash on
	OOM

	Fix crash on OOM when parsing disk security label
	If an OOM error occurs in virSecurityDeviceLabelDefParseXML the
	cleanup code may free an uninitialized pointer, causing a crash

2013-09-24  lawrancejing  <lawrancejing@gmail.com>

	conf: Fix virNetworkAssignDef's comment.

2013-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Add test case for virNetServerClient object identity code
	Start a test case for the virNetServerClient object, which
	initially checks the creation of a virIdentityPtr object.

	Add a virNetSocketNewConnectSockFD method
	To allow creation of a virNetSocketPtr instance from a pre-opened
	socketpair FD, add a virNetSocketNewConnectSockFD method.

2013-09-24  Giuseppe Scrivano  <gscrivan@redhat.com>

	python: add bindings for virConnectGetCPUModelNames

	virsh: add function to get the CPU models for an arch

	virConnectGetCPUModelNames: add the support for the test protocol

	virConnectGetCPUModelNames: add the support for qemu

	virConnectGetCPUModelNames: implement the remote protocol

	cpu: add function to get the models for an arch

	libvirt: add new public API virConnectGetCPUModelNames
	The new function virConnectGetCPUModelNames allows to retrieve the list
	of CPU models known by the hypervisor for a specific architecture.

2013-09-24  Eric Blake  <eblake@redhat.com>

	build: ensure 'make check' sees up-to-date config.h
	Nehal J. Wani reported on IRC a rather interesting build failure:
	In file included from util/virnetdevbridge.c:53:0:
	/usr/include/linux/in6.h:30:8: error: redefinition of 'struct in6_addr'
	 struct in6_addr {
	        ^
	I traced it to the fact that he ran 'git pull; make check' across
	commit e62e0094.  What happened is that the configure changes
	result in a new variable that was set to be defined on his system,
	but config.h was not regenerated to contain the value of that
	variable.  Running 'make' instead of 'make check' cleaned up the
	problem.  A bit more investigation, and I see that in Makefile.am,
	automake sticks rules that rebuild config.h as part of 'make all',
	and that we also had a dependency 'check-local: all'; BUT the
	rule for check-local is run only at the point when the top-level
	directory is visited.  Automake documents that SUBDIRS should
	contain an explicit '.' at the point the top-level should be
	visited (defaulting to last, if it doesn't appear).  Sure enough,
	with this patch, 'make check' now does the top-level 'all' rules,
	which regenerates 'config.h' BEFORE compiling any code that might
	depend on changed content of that file.
	* Makefile.am (SUBDIRS): Put '.' first, not last.

2013-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in identity code which is pre-requisite for CVE-2013-4311
	The fix for CVE-2013-4311 had a pre-requisite enhancement
	to the identity code
	  commit db7a5688c05f3fd60d9d2b74c72427eb9ee9c176
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Thu Aug 22 16:00:01 2013 +0100
	    Also store user & group ID values in virIdentity
	This had a typo which caused the group ID to overwrite the
	user ID string. This meant any checks using this would have
	the wrong ID value. This only affected the ACL code, not the
	initial polkit auth. It also leaked memory.

2013-09-23  Jiri Denemark  <jdenemar@redhat.com>

	docs: Load libvirt_access*.xml from build dir
	The xml files are generated in build directory and thus docs/newapi.xsl
	was not able to find them in a VPATH build.

2013-09-23  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: Check the existence of dir before resolving symlinks
	If a dir does not exist, raise an immediate error in logs
	rather than letting virFileResolveAllLinks fail, since this
	gives better error reporting to the user.

	LXC: follow the unit style of /proc/meminfo
	When FUSE is enabled, the LXC container is setup with
	a custom /proc/meminfo file. This file uses "KB" as a
	suffix, rather than "kB" which is the kernel's style.
	Fix this inconsistency to avoid confusing apps.

2013-09-23  Peter Krempa  <pkrempa@redhat.com>

	conf: Do better job when comparing features ABI compatibility
	The ABI compatibility check for domain features didn't check the
	expanded HyperV and APIC EOI values, thus possibly allowing change in
	guest ABI.
	Add the check and use typecasted switch statement to warn developers
	when adding a new HyperV feature.

2013-09-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix potential use of uninitialized value in virDomainGetVcpuPinInfo
	The virDomainGetVcpuPinInfo python wrapper had a potential use of
	uninitialized values

2013-09-20  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Fix seamless SPICE migration
	Since the wait is done during migration (still inside
	QEMU_ASYNC_JOB_MIGRATION_OUT), the code should enter the monitor as such
	in order to prohibit all other jobs from interfering in the meantime.
	This patch fixes bug #1009886 in which qemuDomainGetBlockInfo was
	waiting on the monitor condition and after GetSpiceMigrationStatus
	mangled its internal data, the daemon crashed.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1009886

2013-09-20  Doug Goldstein  <cardoe@cardoe.com>

	VMware: Make version parsing testable and add tests
	This splits up the version parsing code into a callable API like QEMU
	help/version string parsing so that we can test it as we need to add
	additional patterns for newer versions/products.

	VMware: Store vmrun binary's path in the driver
	Rather than looking up the path to vmrun each time we call it, look it
	up once and save it. This sets up the ability for us to detect where the
	path is on Mac OS X and not have to look it up each time we execute it.

	VMware: Convert driver type defines to enum
	The VMware driver supports multiple backends for the VMware Player and
	VMware Workstation, convert this logic into enum and use VIR_ENUM_IMPL()
	to provide conversions to and from strings.

2013-09-20  Ján Tomko  <jtomko@redhat.com>

	Don't dereference NULL in qemumonitorjsontest
	In case of an error, qemuMonitorTestNewSimple returns NULL.
	Error out instead of dereferencing it.
	Found by Coverity, reported by John Ferlan.

2013-09-20  Daniel P. Berrange  <berrange@redhat.com>

	Add checking of dbus_message_iter_append_basic return value
	Coverity complains that the test suite did not check the
	return value of dbus_message_iter_append_basic() as we did
	in most other places.

2013-09-20  Laine Stump  <laine@laine.org>

	qemu: use "ide" as device name for implicit SATA controller on Q35
	This resolves https://bugzilla.redhat.com/show_bug.cgi?id=1008903
	The Q35 machinetype has an implicit SATA controller at 00:1F.2 which
	isn't given the "expected" id of ahci0 by qemu when it's created. The
	original suggested solution to this problem was to not specify any
	controller for the disks that use the default controller and just
	specify "unit=n" instead; qemu should then use the first IDE or SATA
	controller for the disk.
	Unfortunately, this "solution" is ignorant of the fact that in the
	case of SATA disks, the "unit" attribute in the disk XML is actually
	*not* being used for the unit, but is instead used to specify the
	"bus" number; each SATA controller has 6 buses, and each bus only
	allows a single unit. This makes it nonsensical to specify unit='n'
	where n is anything other than 0. It also means that the only way to
	connect more than a single device to the implicit SATA controller is
	to explicitly give the bus names, which happen to be "ide.$n", where
	$n can be replaced by the disk's "unit" number.

2013-09-20  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Avoid dead code in polkit auth

2013-09-20  Simone Gotti  <simone.gotti@gmail.com>

	virsh: add missing "async" option in opts_block_commit
	After commit 8aecd351266a66efa59b7f7be77bf66693d99ce0 it'll detect
	that a required option is not defined and it will assert and exit with:
	virsh.c:1364: vshCommandOpt: Assertion `valid->name' failed.
	Problem has been latent since commit ed23b106.

2013-09-19  Michal Privoznik  <mprivozn@redhat.com>

	qemumonitorjsontest: Introduce DO_TEST_SIMPLE
	This macro is there to test the simplest monitor functions we have,
	those in the form of: int ( *func) (qemuMonitorPtr). So far, we have
	seven such functions.

	qemumonitorjsontest: Test CPU state handling code

2013-09-19  Christophe Fergeau  <cfergeau@redhat.com>

	daemon: Remove more hardcoded paths from help output
	A previous patch used existing #define for the various files in /etc/pki
	instead of hardcoding them in the help output. However I missed that
	remote_driver.h contains #define for more paths that are present
	in the daemon help output.
	This commit uses the existing constants for the path to the
	configuration file and to the libvirt sockets.

	Fix LIBVIRTD_CONFIGURATION_FILE constant
	It's not used anywhere, but should be pointing to
	$sysconfdir/libvirt/libvirtd.conf, not $sysconfdir/libvirtd.conf

2013-09-19  Jonathan Lebon  <jlebon@redhat.com>

	docs: fix virEventAddHandle return details
	In commit 6d41cb8, the interface for virEventAddHandleFunc was changed.
	This patch updates the documentation for virEventAddHandle to reflect
	the new significance of the return value. Also, both functions now
	mention -1 for failure.

2013-09-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296)
	The 'stats' variable was not initialized to NULL, so if some
	early validation of the RPC call fails, it is possible to jump
	to the 'cleanup' label and VIR_FREE an uninitialized pointer.
	This is a security flaw, since the API can be called from a
	readonly connection which can trigger the validation checks.
	This was introduced in release v0.9.1 onwards by
	  commit 158ba8730e44b7dd07a21ab90499996c5dec080a
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Wed Apr 13 16:21:35 2011 +0100
	    Merge all returns paths from dispatcher into single path

2013-09-18  Giuseppe Scrivano  <gscrivan@redhat.com>

	doc: fix XML for the RNG device example
	Add a missing '/' to close the "source" element.

2013-09-18  Daniel P. Berrange  <berrange@redhat.com>

	Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311)
	With the existing pkcheck (pid, start time) tuple for identifying
	the process, there is a race condition, where a process can make
	a libvirt RPC call and in another thread exec a setuid application,
	causing it to change to effective UID 0. This in turn causes polkit
	to do its permission check based on the wrong UID.
	To address this, libvirt must get the UID the caller had at time
	of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
	triple to the pkcheck program.
	This fix requires that libvirt is re-built against a version of
	polkit that has the fix for its CVE-2013-4288, so that libvirt
	can see 'pkg-config --variable pkcheck_supports_uid polkit-gobject-1'

	Ensure system identity includes process start time
	The polkit access driver will want to use the process start
	time field. This was already set for network identities, but
	not for the system identity.

	Also store user & group ID values in virIdentity
	Future improvements to the polkit code will require access to
	the numeric user ID, not merely user name.

2013-09-18  Christophe Fergeau  <cfergeau@redhat.com>

	daemon: Don't hardcode pki paths in help output
	There are constants for these paths in remote_driver.h so we can
	use these rather than duplicating them in the help output.

	daemon: Fix 'caert.pem' typo in privileged help output
	The help message indicates that the CA certificate is
	$sysconfdir/pki/CA/caert.pem while the actual path is
	$sysconfdir/pki/CA/cacert.pem

2013-09-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid dangling job in qemuDomainSetBlockIoTune
	virDomainSetBlockIoTuneEnsureACL was incorrectly called after we already
	started a job. As a result of this, the job was not cleaned up when an
	access driver had forbidden the action.

2013-09-18  Tomas Meszaros  <exo@tty.sk>

	virsh: Add vshCompleter to each option
	completer and completer_flags added to the _vshCmdOptDef
	structure so it will be possible for completion generators to
	conveniently call option completer functions with desired flags.

2013-09-18  Diego Woitasen  <diego.woitasen@vhgroup.net>

	Add forwarder attribute to <dns/> element
	Useful to set custom forwarders instead of using the contents of
	/etc/resolv.conf. It helps me to setup dnsmasq as local nameserver to
	resolve VM domain names from domain 0, when domain option is used.

2013-09-18  Doug Goldstein  <cardoe@cardoe.com>

	VMX: Add a VMWare Fusion 5 configuration for tests
	A user was having an issue with this specific VMWare Fusion config and
	he gave me permission to add it as part of our test suite to further
	expand our VMX test coverage. Unfortunately our VMX parser and
	generator does not support many features contained within and just
	silently ignores fields it does not understand so they had to
	be removed out in the xml2vmx test. The original unmodified version
	exists in the vmx2xml test.

	VMX: Add support for 'auto detect' fileNames
	VMWare Fusion 5 can set the CD-ROM's device name to be 'auto detect' when
	using the physical drive via 'cdrom-raw' device type. VMWare will then
	connect to first available host CD-ROM to the virtual machine upon start
	up according to VMWare documentation. If no device is available, it
	appears that the device will remain disconnected.
	To better model this a CD-ROM that is marked as "auto detect" when in
	the off state would be modeled as the following with this patch:
	  <disk type='block' device='lun'>
	    <source startupPolicy='optional'/>
	    <target dev='hda' bus='ide'/>
	    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
	  </disk>
	Once the domain transitions to the powered on state, libvirt can
	populate the remaining source data with what is connected, if anything.
	However future power cycles, the domain may not always start with that
	device attached.

	Allow <source> for type=block to have no dev
	Currently the XML parser already allows the following syntax:
	  <disk type='block' device='cdrom'>
	    <source startupPolicy='optional'/>
	    <target dev='hda' bus='ide'/>
	    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
	  </disk>
	But it if the dev value is NULL then it would not have the leading
	"<source ", resulting in invalid XML.

2013-09-18  Eric Blake  <eblake@redhat.com>

	build: skip ld_preload tests on non-Linux systems
	A cross build to mingw fails with:
	  CC       virsystemdtest-virsystemdtest.o
	../../tests/virsystemdtest.c: In function 'testCreateNoSystemd':
	../../tests/virsystemdtest.c:97:9: error: implicit declaration of function 'unsetenv' [-Werror=implicit-function-declaration]
	         unsetenv("FAIL_NO_SERVICE");
	         ^
	../../tests/virsystemdtest.c:97:9: error: nested extern declaration of 'unsetenv' [-Werror=nested-externs]
	We could cop out and pull in the gnulib unsetenv module.  But when
	you stop and think about it, this test requires LD_PRELOAD to work,
	and systemd is a Linux-only concept anyways, both of which mean
	the test could never work on mingw in the first place.  Simpler is
	to just fix the test to behave like our other LD_PRELOAD tests.
	* tests/virsystemdtest.c: Provide non-Linux implementation.

	build: hoist system-specific checks before library checks
	Commit f92c7e3 fixed a regression for native builds, but introduced
	a regression for cross-compilation builds; in particular,
	./autobuild.sh on a Fedora system with mingw cross-compiler fails
	with:
	checking for qemu-kvm... /usr/bin/qemu-kvm
	checking for yajl_parse_complete in -lyajl... no
	checking for yajl_tree_parse in -lyajl... no
	configure: error: You must install the libyajl library & headers to compile libvirt
	Since we default $with_qemu to 'yes' rather than 'check', and then
	flip that default based on platform-specific checks, those platform
	specifics need to come prior to any library checks that depend on
	the value of $with_qemu.
	* configure.ac: Ensure system defaults are sane before checking
	for things that make decisions based on system default.

	maint: ignore recently-added test
	* .gitignore: Ignore metadatatest.

2013-09-17  Peter Krempa  <pkrempa@redhat.com>

	tests: metadatatest: Quiesce errors on expected paths
	Use the helper added in previous patch to quiesce errors from this test
	that was spamming logs on normal test runs.

	test: Refactor setting of dummy error handlers
	Multiple tests need to register a function to quiesce errors from
	libvirt when using a connection and doing negative tests. Each of those
	tests had a static function to do so. This can be replaced by a utility
	function that enables the errors when debug is enabled.
	This patch adds virtTestQuiesceLibvirtErrors() and refactors test that
	use private handlers.

2013-09-17  Aline Manera  <alinefm@br.ibm.com>

	Add tftp protocol support for cdrom disk
	qemu/KVM also supports a tftp URL while specifying the cdrom ISO image.
	The xml should be as following:
	    <disk type='network' device='cdrom'>
	      <source protocol='tftp' name='/url/path'>
	        <host name='host.name' port='69'/>
	      </source>
	    </disk>

	Add ftps protocol support for cdrom disk
	The ftps protocol is another protocol supported by qemu/KVM while specifying
	the cdrom ISO image.
	The xml should be as following:
	    <disk type='network' device='cdrom'>
	      <source protocol='ftps' name='/url/path'>
	        <host name='host.name' port='990'/>
	      </source>
	    </disk>

	Add https protocol support for cdrom disk
	The https protocol is also accepted by qemu/KVM when specifying the cdrom ISO
	image.
	The xml should be as following:
	    <disk type='network' device='cdrom'>
	      <source protocol='https' name='/url/path'>
	        <host name='host.name' port='443'/>
	      </source>
	    </disk>

2013-09-17  Peter Krempa  <pkrempa@redhat.com>

	virsh: Don't shadow global variable "remove" in cmdMetadata
	Some systems apparently have a global variable/function called remove
	and thus break compilation of virsh-domain.c. Rename the variable to
	avoid this.
	Reported by GuanQiang.

	conf: Avoid false positive of uninitialized variable use
	GCC 4.8.0+ whines about variable "new" being uninitialized since
	commit 73bfac0e7182a3abd. This is a false positive as the
	xmlFreeNode(new) statement can be only reached if new was actually
	allocated successfully.
	  CC       conf/libvirt_conf_la-domain_conf.lo
	  conf/domain_conf.c: In function 'virDomainDefSetMetadata':
	  conf/domain_conf.c:18650:24: error: 'new' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	               xmlFreeNode(new);
	Reported independently by John Ferlan and Michal Privoznik.

2013-09-17  Eric Blake  <eblake@redhat.com>

	build: fix VPATH build of remote driver
	Commit 073e1575 tried to set things up so that 1) generated files
	to be shipped in the tarball always live in srcdir, and 2) we have
	no files in SOURCES that depend on any other files with a literal
	$(srcdir) in the name, because that situation can cause confusing
	results for the make expansion of $@ depending on whether the file
	is found locally or via VPATH.  But all my testing for that patch
	was done incrementally, where all the protocol.[ch] files had
	already been generated prior to the patch and were up-to-date in
	the srcdir, and thus I missed one case where $@ causes grief in a
	VPATH build from a fresh checkout:
	We have a pattern rule for generating remote_protocol.[ch], and
	what's more, the rule for protocol.c depends on protocol.h AND
	on the protocol.x file.  The pattern for protocol.c is only
	satisfied via the VPATH lookup for protocol.x, and if protocol.h
	doesn't yet exist, the VPATH rule kicks in and we end up with a
	dependency on a file with $(srcdir) in the name.  Based on make's
	rules for $@, this resulted in make building remote_protocol.h
	into srcdir (where we want it), then remote_protocol.c into
	builddir (oops, not so good for the tarball), and also causes
	the build to fail (the compiler can't find the .h if it lives
	in a different directory than the .c):
	  CC       remote/libvirt_driver_remote_la-remote_protocol.lo
	remote/remote_protocol.c:7:29: fatal error: remote_protocol.h: No such file or directory
	 #include "remote_protocol.h"
	                             ^
	compilation terminated.
	As before, the fix is to hard-code the output file to go into
	srcdir in spite of $@; but since this is in a pattern rule, we
	are forced to use $@ in the recipe, so the patch is a bit
	trickier than what was done in commit 073e1575.
	* src/Makefile.am (%protocol.c, %protocol.h): Force output to srcdir.

2013-09-17  Peter Krempa  <pkrempa@redhat.com>

	conf: Don't corrupt metadata on OOM
	Eric Blake suggested that we could do a little better in case copying of
	the metadata to be set fails. With this patch, the old metadata is
	discarded after the new string is copied successfuly.

	qemu: Fix memleak after commit 59898a88ce8431bd3ea249b8789edc2ef9985827
	If the ABI compatibility check with the "migratable" user XML is
	successful, we would leak the originally parsed XML from the user that
	would not be used in this case.
	Reported by Ján Tomko.

	tests: Add metadata tests
	This test exercises the virDomain[Get|Set]Metadata API and tests it for
	regressions

	test: Add <metadata> support into the test driver

	lxc: Add metadata modification APIs

	lib: Don't force the key argument when deleting metadata
	virDomainSetMetadata when operating on the metadata element was
	requesting the @key argument to be passed even if @metadata was NULL
	used to delete the corresponding metadata element. This is not needed as
	the key is only used when adding the element and matching is done via
	the XML namespace.

	conf: allow to add XML metadata using the virDomainSetMetadata api
	The functionality wasn't originally implemented. This patch adds the
	ability to modify domain's XML metadata using the API.

	conf: Add support for requesting of XML metadata via the API
	The virDomainGetMetadata function was designed to support also retrieval
	of app specific metadata from the <metadata> element. This functionality
	was never implemented originally.

	virsh-domain: Add command to allow modifications of XML metadata
	The metadata modification functions will support modification of the XML
	metadata. Add a virsh command to allow using this approach.

	virsh-domain: use virXMLNodeToString instead of xmlNodeDump

	util: Add helper to convert libxml2 nodes to a string

	conf: Factor out setting of metadata to simplify code
	The code to set the metadata in a domain definition is common to live
	and inactive domains. Factor it out into a common func.

	qemu: Factor out body of qemuDomainSetMetadata for universal use
	The function implemented common behavior that can be reused for other
	hypervisor drivers that use the virDomainObj data structures. Factor out
	the core into a separate helper func.

	qemu: Factor out body of qemuDomainGetMetadata for universal use
	The function implemented common behavior that can be reused for other
	hypervisor drivers that use the virDomainObj data structures. Factor out
	the core into a separate helper func.

	virsh-domain: Line up signal names array
	Line up the array so that the grid is visible.

	virsh-domain: Remove spurious ATTRIBUTE_UNUSED from cmdDesc
	The "cmd" variable is actually used so remove the attribute.

	qemu: Use "migratable" XML definition when doing external checkpoints
	In the original implementation of external checkpoints I've mistakenly
	used the live definition to be stored in the save image. The normal
	approach is to use the "migratable" definition. This was discovered when
	commit 07966f6a8b5ccb5bb4c716b25deb8ba2e572cc67 changed the behavior to
	use a converted XML from the user to do the compatibility check to fix
	problem when using the regular machine saving.
	As the previous patch added a compatibility layer, we can now change the
	type of the XML in the image.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1008340

	qemu: Fix checking of ABI stability when restoring external checkpoints
	External checkpoints have a bug in the implementation where they use the
	normal definition instead of the "migratable" one. This causes errors
	when the snapshot is being reverted using the workaround method via
	qemuDomainRestoreFlags() with a custom XML. This issue was introduced
	when commit 07966f6a8b5ccb5bb4c716b25deb8ba2e572cc67 changed the code to
	compare "migratable" XMLs from the user as we should have used
	migratable in the image too.
	This patch adds a compatibility layer, so that fixing the snapshot code
	won't make existing snapshots fail to load.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1008340

2013-09-17  Hongwei Bi  <hwbi2008@gmail.com>

	virsh: Fix a wrong check in cmdEcho()
	What should be checked here is xmlbuf rather than buf.

2013-09-17  Doug Goldstein  <cardoe@cardoe.com>

	Allow LUN type disks to have no source
	CD-ROMs and Floppies are allowed to have no source to imply they are
	empty or disconnected. Since the LUN type is used for raw CD-ROM access
	with QEMU (and VMWare in the future), it also needs to allow an empty
	source when the raw CD-ROM device is disconnected from the domain.

2013-09-17  Ján Tomko  <jtomko@redhat.com>

	Always free network and graphics cookies
	qemuMigrationEatCookie has flags to control if these should
	be parsed, but it does not fill mig->flags. These cookies might
	get leaked if these flags are not set by qemuMigrationBakeCookie.
	42 (32 direct, 10 indirect) bytes in 1 blocks are definitely lost in
	loss record 361 of 662
	==123== by 0x1BA33FCA: qemuMigrationEatCookie (qemu_migration.c:678)
	==123== by 0x1BA34A1E: qemuMigrationRun (qemu_migration.c:3108)
	==123== by 0x1BA3622B: doNativeMigrate (qemu_migration.c:3343)
	==123== by 0x1BA3B408: qemuMigrationPerform (qemu_migration.c:4138)

	Free slicename in virSystemdCreateMachine
	https://bugzilla.redhat.com/show_bug.cgi?id=1008619
	1,003 bytes in 1 blocks are definitely lost in loss record 599 of 635
	==404== by 0x50728A7: virBufferAddChar (virbuffer.c:185)
	==404== by 0x50BC466: virSystemdEscapeName (virsystemd.c:67)
	==404== by 0x50BC6B2: virSystemdMakeSliceName (virsystemd.c:108)
	==404== by 0x50BC870: virSystemdCreateMachine (virsystemd.c:169)
	==404== by 0x5078267: virCgroupNewMachine (vircgroup.c:1498)

2013-09-16  Eric Blake  <eblake@redhat.com>

	build: make autobuild require rpm build deps
	I spent far too long on a new machine trying to figure out why
	./autobuild.sh failed due to an rpm build failure (complaining
	that libvirt_parthelper was supposed to be packaged but was not
	built), and finally traced it to a missing parted-devel
	installation.  I learned that --nodeps is in place for
	autobuilder setups, but for developers, removing it would make
	rpmbuild error out much sooner for a less cryptic failure.
	* autobuild.sh: Conditionally drop --nodeps from rpmbuild lines.

	build: fix build with latest rawhide kernel headers
	Bother those kernel developers.  In the latest rawhide, kernel
	and glibc have now been unified so that <netinet/in.h> and
	<linux/in6.h> no longer clash; but <linux/if_bridge.h> is still
	not self-contained.  Because of the latest header change, the
	build is failing with:
	checking for linux/param.h... no
	configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support
	with details:
	In file included from conftest.c:561:0:
	/usr/include/linux/in6.h:71:18: error: field 'flr_dst' has incomplete type
	  struct in6_addr flr_dst;
	We need a workaround to avoid our workaround :)
	* configure.ac (NETINET_LINUX_WORKAROUND): New test.
	* src/util/virnetdevbridge.c (includes): Use it.

2013-09-16  Peter Krempa  <pkrempa@redhat.com>

	cgroup: Move [qemu|lxc]GetCpuBWStatus to vicgroup.c and refactor it
	The function existed in two identical instances in lxc and qemu. Move it
	to vircgroup.c and simplify it. Refactor the callers too.

	cleanup: Kill usage of access(PATH, F_OK) in favor of virFileExists()
	Semantics of the libvirt helper are more clear. This change also allows
	to clean up some pieces of code.

	util: Declare that virFileExists shall honor errno
	Explicitly state that some parts of the code may require virFileExists
	to set or preserve a correct errno so that future modifications don't
	break.

2013-09-16  yangdongsheng  <yangds.fnst@cn.fujitsu.com>

	virsh: move command maxvcpus from domain group to host group.
	Since the maxvcpus command query the maximum number of virtual
	CPUs supported for a guest VM on this connection, it should be
	in virsh-host.c but not virsh-domain.c.

2013-09-14  Guido Günther  <agx@sigxcpu.org>

	Explicitly link libvirt_net_rpc against SELINUX_LIBS
	Since virnetsocket conditionally uses selinux we need to link against it
	otherwise the build fails with:
	CCLD     libvirtd
	/usr/bin/ld: ../src/.libs/libvirt-lxc.so: undefined reference to symbol 'freecon'
	/lib/i386-linux-gnu/libselinux.so.1: error adding symbols: DSO missing from command line
	collect2: error: ld returned 1 exit status
	make[3]: *** [libvirtd] Error 1

2013-09-13  Eric Blake  <eblake@redhat.com>

	docs: mention hostname subtlety
	An off-list bug report mentioned some confusion where the public
	documentation of libvirt.c:virConnectGetHostname did not match
	the private documentation of util/virutil.c:virGetHostname.
	* src/libvirt.c (virConnectGetHostname): Tweak docs.

2013-09-13  Alex Jia  <ajia@redhat.com>

	tools: add missing 'interface' type and update man page

2013-09-13  Martin Kletzander  <mkletzan@redhat.com>

	tests: Don't test user config file if ran as root

	test-lib: Make case skipping possible

2013-09-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix naming of permission for detecting storage pools
	The VIR_ACCESS_PERM_CONNECT_DETECT_STORAGE_POOLS enum
	constant had its string format be 'detect_storage_pool',
	note the missing trailing 's'. This prevent the ACL
	check from ever succeeding. Fix this and add a simple
	test script to validate this problem of matching names.

2013-09-12  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: don't try to mount selinux filesystem when user namespace enabled
	Right now we mount selinuxfs even user namespace is enabled and
	ignore the error. But we shouldn't ignore these errors when user
	namespace is not enabled.
	This patch skips mounting selinuxfs when user namespace enabled.

2013-09-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix checking of guest ABI compatibility when reverting snapshots
	When reverting a live internal snapshot with a live guest the ABI
	compatiblity check was comparing a "migratable" definition with a normal
	one. This resulted in the check failing with:
	revert requires force: Target device address type none does not match source pci
	This patch generates a "migratable" definition from the actual one to
	check against the definition from the snapshot to avoid this problem.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1006886

2013-09-12  Laine Stump  <laine@laine.org>

	netcf driver: use a single netcf handle for all connections
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=983026
	The netcf interface driver previously had no state driver associated
	with it - as a connection was opened, it would create a new netcf
	instance just for that connection, and close it when it was
	finished. the problem with this is that each connection to libvirt
	used up a netlink socket, and there is a per process maximum of ~1000
	netlink sockets.
	The solution is to create a state driver to go along with the netcf
	driver. The state driver will opens a netcf instance, then all
	connections share that same netcf instance, thus only a single
	netlink socket will be used no matter how many connections are mde to
	libvirtd.
	This was rather simple to do - a new virObjectLockable class is
	created for the single driverState object, which is created in
	netcfStateInitialize and contains the single netcf handle; instead of
	creating a new object for each client connection, netcfInterfaceOpen
	now just increments the driverState object's reference count and puts
	a pointer to it into the connection's privateData. Similarly,
	netcfInterfaceClose() just un-refs the driverState object (as does
	netcfStateCleanup()), and virNetcfInterfaceDriverStateDispose()
	handles closing the netcf instance. Since all the functions already
	have locking around them, the static lock functions used by all
	functions just needed to be changed to call virObjectLock() and
	virObjectUnlock() instead of directly calling the virMutex* functions.

	rename "struct interface_driver" to virNetcfDriverState
	This better fits the modern naming scheme in libvirt, and anticipates
	an upcoming change where a single instance of this state will be
	maintained by a separate state driver, and every instance of the netcf
	driver will share the same state.

2013-09-12  Daniel P. Berrange  <berrange@redhat.com>

	Ensure root filesystem is recursively mounted readonly
	If the guest is configured with
	    <filesystem type='mount'>
	      <source dir='/'/>
	      <target dir='/'/>
	      <readonly/>
	    </filesystem>
	Then any submounts under / should also end up readonly, except
	for those setup as basic mounts. eg if the user has /home on a
	separate volume, they'd expect /home to be readonly, but we
	should not touch the /sys, /proc, etc dirs we setup ourselves.
	Users can selectively make sub-mounts read-write again by
	simply listing them as new mounts without the <readonly>
	flag set
	    <filesystem type='mount'>
	      <source dir='/home'/>
	      <target dir='/home'/>
	    </filesystem>

	Move array of mounts out of lxcContainerMountBasicFS
	Move the array of basic mounts out of the lxcContainerMountBasicFS
	function, to a global variable. This is to allow it to be referenced
	by other methods wanting to know what the basic mount paths are.

	Add some notes about security considerations when using LXC
	Describe some of the issues to be aware of when configuring LXC
	guests with security isolation as a goal.

	Fix launching of VMs on when only logind part of systemd is present
	Debian systems may run the 'systemd-logind' daemon, which causes the
	/sys/fs/cgroup/systemd  mount to be setup, but no other cgroup
	controllers are created. While the LXC driver considers cgroups to
	be mandatory, the QEMU driver is supposed to accept them as optional.
	We detect whether they are present by looking in /proc/mounts for
	any mounts of type 'cgroups', but this is not sufficient. We need to
	skip any named mounts (as seen by a name=XXX string in the mount
	options), so that we only detect actual resource controllers.
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721979

	Fix polkit permission names for storage pools, vols & node devices
	The polkit access driver used the wrong permission names for checks
	on storage pools, volumes and node devices. This led to them always
	being denied access.
	The 'dettach' permission was also mis-spelt and should have been
	'detach'. While permission names are ABI sensitive, the fact that
	the code used the wrong object name for checking node device
	permissions, means that no one could have used the mis-spelt
	'dettach' permission.

2013-09-12  Jiri Denemark  <jdenemar@redhat.com>

	virsh domjobinfo: Do not return 1 if job is NONE
	https://bugzilla.redhat.com/show_bug.cgi?id=1006864
	Commit 38ab1225 changed the default value of ret from true to false but
	forgot to set ret = true when job is NONE. Thus, virsh domjobinfo
	returned 1 when there was no job running for a domain but it used to
	(and should) return 0 in this case.

2013-09-12  Daniel Veillard  <veillard@redhat.com>

	Repair the search on libvirt.org
	First make sure that the input is xhtml as the stylesheets expect
	namespaced element, then use a span element instead of a as a
	is treated specially, finally adjust the makefile to check for
	the new span element and replace it with the PHP code

2013-09-12  Michal Novotny  <minovotn@redhat.com>

	api-docs: Fix description of virConnectGetType() API function
	This fixes the description of virConnectGetType() API function in
	API documentation to match the real functionality that it can be
	used to get driver name, and provide a hint on how to learn about
	full capabilities.

2013-09-12  Eric Blake  <eblake@redhat.com>

	build: require libnl-3 if netcf uses it
	Commits 9298bfb and f6c2951 both tried to make it possible to
	select the correct libnl (1 vs. 3) according to what netcf
	used, when both libraries are installed.  This works to avoid
	libnl-3 when netcf used libnl-1.  But on the converse side, if
	only libnl-1 development code is installed, while netcf uses
	libnl-3, then configure happily uses libnl-1 anyways, leading
	to a test failure:
	$ VIR_TEST_DEBUG=1 ./virdrivermoduletest
	TEST: virdrivermoduletest
	 1) Test driver "network"                                             ... OK
	 2) Test driver "storage"                                             ... OK
	 3) Test driver "nodedev"                                             ... OK
	 4) Test driver "secret"                                              ... OK
	 5) Test driver "nwfilter"                                            ... OK
	 6) Test driver "interface"
	... lt-virdrivermoduletest: route/tc.c:973: rtnl_tc_register: Assertion
	`0' failed.
	Aborted
	It's much nicer to prevent this at configure time, by requiring that
	if we know what netcf used, then we want the same libnl version.  As
	before, this can be bypassed by someone who knows what they are doing
	by setting LIBNL_CFLAGS (perhaps useful to the rare person where the
	build box has a different version of netcf than the installation box).
	* configure.ac (LIBNL): If we can prove netcf used libnl-3, then
	don't let configure succeed with libnl-1.

2013-09-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix virsystemdtest for previous commit
	The change to query org.freedesktop.DBus.ListActivatableNames
	to detect systemd broke the test suite, since we did not have
	stubs to respond to this dbus call.

2013-09-11  Gao feng  <gaofeng@cn.fujitsu.com>

	DBus: introduce virDBusIsServiceEnabled
	This patch introduces virDBusIsServiceEnabled, we can use
	this method to get if the service is supported.
	In one case, if org.freedesktop.machine1 is unavailable on
	host, we should skip creating machine through systemd.

	LXC: introduce lxcContainerUnmountForSharedRoot
	Move the unmounting private or useless filesystems for
	container to this function.

	LXC: umount the temporary filesystem created by libvirt
	The devpts, dev and fuse filesystems are mounted temporarily.
	there is no need to export them to container if container shares
	the root directory with host.

2013-09-11  Ján Tomko  <jtomko@redhat.com>

	Add test for the nodemask double free crash
	Commit ef5d51d fixed a crash for numatune with auto placement and
	nodeset specified:
	<numatune>
	    <memory mode='preferred' placement='auto' nodeset='0'/>
	</numatune>

2013-09-11  Daniel P. Berrange  <berrange@redhat.com>

	Update docs about user namespace for LXC
	Mention that user namespace can be enabled using the UID/GID
	mapping schema.
	Fix typo in link anchor for container args in domain XML docs.

	Fix cgroups when all are mounted on /sys/fs/cgroup
	Some users in Ubuntu/Debian seem to have a setup where all the
	cgroup controllers are mounted on /sys/fs/cgroup rather than
	any /sys/fs/cgroup/<controller> name. In the loop which detects
	which controllers are present for a mount point we were modifying
	'mnt_dir' field in the 'struct mntent' var, but not always restoring
	the original value. This caused detection to break in the all-in-one
	mount setup.
	Fix that logic bug and add test case coverage for this mount
	setup.

2013-09-11  Liuji (Jeremy)  <jeremy.liu@huawei.com>

	virDomainDefParseXML: set the argument of virBitmapFree to NULL after calling virBitmapFree
	After freeing the bitmap pointer, it must set the pointer to NULL.
	This will avoid any other use of the freed memory of the bitmap pointer.
	https://bugzilla.redhat.com/show_bug.cgi?id=1006710

2013-09-11  Oskari Saarenmaa  <os@ohmu.fi>

	docs, comments: minor typo fixes

2013-09-11  Eric Blake  <eblake@redhat.com>

	build: fix regression in requiring yajl for new enough qemu
	Jonathan Lebon reported an issue to me off-list about his build
	failing to use qemu because he failed to install yajl-devel.  But
	I recalled specifically tweaking configure.ac to die in that
	situation (commits 350583c, ba9c38b).  After a bit more
	head-scratching, we found the cause of the regression: commit
	654c709 rearranged things so that the qemu version check now
	occurs before AC_ARG_WITH has had a chance to set either
	$with_qemu or $with_yajl.
	Coincidentally, this fix aligns with a documentation patch that
	was just posted to the autoconf mailing list :)
	http://thread.gmane.org/gmane.comp.sysutils.autoconf.patches/8324
	* m4/virt-lib.m4 (LIBVIRT_CHECK_LIB, LIBVIRT_CHECK_LIB_ALT)
	(LIBVIRT_CHECK_PKG): Populate defaults earlier.
	* configure.ac (AC_ARG_WITH): Likewise for drivers.

2013-09-10  Eric Blake  <eblake@redhat.com>

	build: avoid obsolete AC_HELP_STRING
	Autoconf states that AC_HELP_STRING is obsolete, and that new
	programs should use AS_HELP_STRING.  We also had instances of
	not properly quoting the macro usage, and not relying on autoconf's
	word-wrapping abilities to avoid long lines.  I validated that this
	commit has no impact to the generated configure file.
	* configure.ac (AC_ARG_WITH, AC_ARG_ENABLE): Autoconf recommends
	the use of AS_HELP_STRING.  Also, use proper quoting and wrap long
	lines.
	* m4/virt-apparmor.m4 (LIBVIRT_CHECK_APPARMOR): Likewise.
	* m4/virt-selinux.m4 (LIBVIRT_CHECK_SELINUX): Likewise.

	qemu: endjob returns a bool
	Osier Yang pointed out that ever since commit 31cb030, the
	signature of qemuDomainObjEndJob was changed to return a bool.
	While comparison against 0 or > 0 still gives the right results,
	it looks fishy; we also had one place that was comparing < 0
	which is effectively dead code.
	* src/qemu/qemu_migration.c (qemuMigrationPrepareAny): Fix dead
	code bug.
	(qemuMigrationBegin): Use more canonical form of bool check.
	* src/qemu/qemu_driver.c (qemuAutostartDomain)
	(qemuDomainCreateXML, qemuDomainSuspend, qemuDomainResume)
	(qemuDomainShutdownFlags, qemuDomainReboot, qemuDomainReset)
	(qemuDomainDestroyFlags, qemuDomainSetMemoryFlags)
	(qemuDomainSetMemoryStatsPeriod, qemuDomainInjectNMI)
	(qemuDomainSendKey, qemuDomainGetInfo, qemuDomainScreenshot)
	(qemuDomainSetVcpusFlags, qemuDomainGetVcpusFlags)
	(qemuDomainRestoreFlags, qemuDomainGetXMLDesc)
	(qemuDomainCreateWithFlags, qemuDomainAttachDeviceFlags)
	(qemuDomainUpdateDeviceFlags, qemuDomainDetachDeviceFlags)
	(qemuDomainBlockResize, qemuDomainBlockStats)
	(qemuDomainBlockStatsFlags, qemuDomainMemoryStats)
	(qemuDomainMemoryPeek, qemuDomainGetBlockInfo)
	(qemuDomainAbortJob, qemuDomainMigrateSetMaxDowntime)
	(qemuDomainMigrateGetCompressionCache)
	(qemuDomainMigrateSetCompressionCache)
	(qemuDomainMigrateSetMaxSpeed)
	(qemuDomainSnapshotCreateActiveInternal)
	(qemuDomainRevertToSnapshot, qemuDomainSnapshotDelete)
	(qemuDomainQemuMonitorCommand, qemuDomainQemuAttach)
	(qemuDomainBlockJobImpl, qemuDomainBlockCopy)
	(qemuDomainBlockCommit, qemuDomainOpenGraphics)
	(qemuDomainGetBlockIoTune, qemuDomainGetDiskErrors)
	(qemuDomainPMSuspendForDuration, qemuDomainPMWakeup)
	(qemuDomainQemuAgentCommand, qemuDomainFSTrim): Likewise.

	build: use automake subdir-objects
	Automake 2.0 will enable subdir-objects by default; in preparation
	for that change, automake 1.14 outputs LOADS of warnings:
	daemon/Makefile.am:38: warning: source file '../src/remote/remote_protocol.c' is in a subdirectory,
	daemon/Makefile.am:38: but option 'subdir-objects' is disabled
	automake-1.14: warning: possible forward-incompatibility.
	automake-1.14: At least a source file is in a subdirectory, but the 'subdir-objects'
	automake-1.14: automake option hasn't been enabled.  For now, the corresponding output
	automake-1.14: object file(s) will be placed in the top-level directory.  However,
	automake-1.14: this behaviour will change in future Automake versions: they will
	automake-1.14: unconditionally cause object files to be placed in the same subdirectory
	automake-1.14: of the corresponding sources.
	automake-1.14: You are advised to start using 'subdir-objects' option throughout your
	automake-1.14: project, to avoid future incompatibilities.
	daemon/Makefile.am:38: warning: source file '../src/remote/lxc_protocol.c' is in a subdirectory,
	daemon/Makefile.am:38: but option 'subdir-objects' is disabled
	...
	As automake 1.9 also supported this option, and the previous patches
	fixed up the code base to work with it, it is safe to now turn it on
	unconditionally.
	* configure.ac (AM_INIT_AUTOMAKE): Enable subdir-objects.
	* .gitignore: Ignore .dirstamp directories.
	* src/Makefile.am (PDWTAGS, *-protocol-struct): Adjust to
	new subdir-object location of .lo files.

	tests: check remaining .x files
	We have been adding new .x files without keeping the list of
	*-structs files up-to-date.  This adds the support for the
	recent additions.
	In the process of testing this, I also noticed that Fedora 19's
	use of dwarves-1.10 (providing pdwtags version 1.9) was producing
	a single line on stderr but still giving enough useful info on
	stdout that we could check structs; the real goal of checking
	stderr separately from stdout was to avoid the bug in dwarves-1.9
	where stdout was empty (see bug http://bugzilla.redhat.com/772358).
	* src/Makefile.am (struct_prefix, PROTOCOL_STRUCTS): Add missing
	struct tests.
	(PDWTAGS): Work with Fedora 19 pdwtags.
	(lxc_monitor_protocol-struct, lock_protocol-struct): New rules.
	* src/lxc_monitor_protocol-structs: New file.
	* src/lock_protocol-structs): Likewise.
	* cfg.mk (generated_files): Enlarge list.

	build: use library rather than cross-directory compilation
	If we use subdir-objects with automake, any reference to a
	cross-directory .c file will result in automake creating
	rules that track dependency in the cross directory.  But this
	presents a problem during 'make distclean' - if the cross
	directory is cleaned up first, then the daemon directory will
	be left with dangling references to .Po dependency files that
	no longer exist.
	Meanwhile, referring to the cross-directory .c file means
	that we are compiling the file twice - once in src, and once
	in daemon.  Better is to compile just once in src into a
	convenience library, and then use that library from daemon.
	The tests directory had a similar situation of a cross-directory
	.c file; to solve that, we actually need a convenience library.
	* daemon/Makefile.am (DAEMON_SOURCES): Drop .c files...
	(libvirtd_LDADD): ...and instead use library.
	(libvirtd_conf_la_SOURCES): Declare a new convenience library.
	(libvirtd_LDFLAGS): Drop duplicate flag.
	* tests/Makefile.am (libvirtdconftest_SOURCES): Drop .c file...
	(libvirtdconftest_LDADD): ..and instead use library.

	build: avoid $(srcdir) in *_SOURCES
	Trying to enable automake's subdir-objects option resulted in
	the creation of literal directories such as src/$(srcdir)/remote/.
	I traced this to the fact that we had used a literal $(srcdir)
	in a location that later fed an automake *_SOURCES variable.
	This has also been reported as an automake bug:
	http://debbugs.gnu.org/cgi/bugreport.cgi?bug=13928
	but it's better to fix our code than to wait for an automake fix.
	Some things to remember that affect VPATH builds, and where an
	in-tree build is blissfully unaware of the issues: if a VPATH
	build fails to find a file that was used as a prereq of any
	other target, then the rule for that file will expand $@ to
	prefer the current build dir (bad because a VPATH build on a
	fresh checkout will then stick $@ in the current directory
	instead of the desired srcdir); conversely, if a VPATH build
	finds the file in srcdir but decides it needs to be rebuilt,
	then the rule for that file will expand $@ to include the
	directory where it was found out-of-date (bad for an explicit
	listing of $(srcdir)/$@ because an incremental VPATH build will
	then expand srcdir twice).  As we want these files to go into
	srcdir unconditionally, we have to massage or avoid $@ for any
	recipe that involves one of these files.
	Therefore, this patch removes all uses of $(srcdir) from any
	generated file name that later feeds a *_SOURCES variable, and
	then rewrites all the recipes to generate those files to
	hard-code their creation into srcdir without the use of $@.
	* src/Makefile.am (REMOTE_DRIVER_GENERATED): Drop $(srcdir); VPATH
	builds know how to find the files, and automake subdir-objects
	fails with it in place.
	(LXC_MONITOR_PROTOCOL_GENERATED, (LXC_MONITOR_GENERATED)
	(ACCESS_DRIVER_GENERATED, LOCK_PROTOCOL_GENERATED): Likewise.
	(*_client_bodies.h): Hard-code rules to write into srcdir, as
	VPATH tries to build $@ locally if missing.
	(util/virkeymaps.h): Likewise.
	(lxc/lxc_monitor_dispatch.h): Likewise.
	(access/viraccessapi*): Likewise.
	(locking/lock_daemon_dispatch_stubs.h): Likewise.
	* daemon/Makeflie.am (DAEMON_GENERATED, remote_dispatch.h):
	Likewise.
	fixup DAEMON_GENERATED

2013-09-10  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	cpu: Cleanup ppcCompute to avoid memory leak
	This patch is to Cleanup ppcCompute to avoid memory leak to make
	the code better.

2013-09-09  Eric Blake  <eblake@redhat.com>

	qemu: don't leak vm on failure
	Failure to attach to a domain during 'virsh qemu-attach' left
	the list of domains in an odd state:
	$ virsh qemu-attach 4176
	error: An error occurred, but the cause is unknown
	$ virsh list --all
	 Id    Name                           State
	----------------------------------------------------
	 2     foo                            shut off
	$ virsh qemu-attach 4176
	error: Requested operation is not valid: domain is already active as 'foo'
	$ virsh undefine foo
	error: Failed to undefine domain foo
	error: Requested operation is not valid: cannot undefine transient domain
	$ virsh shutdown foo
	error: Failed to shutdown domain foo
	error: invalid argument: monitor must not be NULL
	It all stems from leaving the list of domains unmodified on
	the initial failure; we should follow the lead of createXML
	which removes vm on failure (the actual initial failure still
	needs to be fixed in a later patch, but at least this patch
	gets us to the point where we aren't getting stuck with an
	unremovable "shut off" transient domain).
	While investigating, I also found a leak in qemuDomainCreateXML;
	the two functions should behave similarly.  Note that there are
	still two unusual paths: if dom is not allocated, the user will
	see an OOM error even though the vm remains registered (but oom
	errors already indicate tricky cleanup); and if the vm starts
	and then quits again all before the job ends, it is possible
	to return a non-NULL dom even though the dom will no longer be
	useful for anything (but this at least lets the user know their
	short-lived vm ran).
	* src/qemu/qemu_driver.c (qemuDomainCreateXML): Don't leak vm on
	failure to obtain job.
	(qemuDomainQemuAttach): Match cleanup of qemuDomainCreateXML.

2013-09-09  Yogesh Tillu  <tillu.yogesh@gmail.com>

	Add ARM v7 big-endian architecture (armv7b)
	ARM v7 can operate in either little or big endian modes. Add
	support for the big-endian version known as armv7b from uname.

2013-09-09  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	qemu: avoid users specifying CPU features for non-x86 plaftorm.
	Currently, only X86 provides users CPU features with CPUID instruction.
	If users specify the features for non-x86, it should tell users to
	remove them.
	This patch is to report one error if features are specified by
	users for non-x86 platform.

2013-09-09  Hongwei Bi  <hwbi2008@gmail.com>

	LXC: Free variable vroot in lxcDomainDetachDeviceHostdevUSBLive()
	The variable vroot should be freed in label cleanup.

2013-09-07  Eric Blake  <eblake@redhat.com>

	qemu: don't leave shutdown inhibited on attach failure
	While debugging a failure of 'virsh qemu-attach', I noticed that
	we were leaking the count of active domains on failure.  This
	means that a libvirtd session that is supposed to quit after
	active domains disappear will hang around forever.
	* src/qemu/qemu_process.c (qemuProcessAttach): Undo count of
	active domains on failure.

2013-09-06  Eric Blake  <eblake@redhat.com>

	qemu: recognize -machine accel=kvm when parsing native
	In Fedora 19, 'qemu-kvm' is a simple wrapper that calls
	'qemu-system-x86_64 -machine accel=kvm'.  Attempting
	to use 'virsh qemu-attach $pid' to a machine started as:
	qemu-kvm -cdrom /var/lib/libvirt/images/foo.img \
	 -monitor unix:/tmp/demo,server,nowait -name foo \
	 --uuid cece4f9f-dff0-575d-0e8e-01fe380f12ea
	was failing with:
	error: XML error: No PCI buses available
	because we did not see 'kvm' in the executable name read from
	/proc/$pid/cmdline, and tried to assign os.machine as
	"accel=kvm" instead of "pc"; this in turn led to refusal to
	recognize the pci bus.
	Noticed while investigating https://bugzilla.redhat.com/995312
	although there are still other issues to fix before that bug
	will be completely solved.
	I've concluded that the existing parser code for native-to-xml
	is a horrendous hodge-podge of ad-hoc approaches; I basically
	rewrote the -machine section to be a bit saner.
	* src/qemu/qemu_command.c (qemuParseCommandLine): Don't assume
	-machine argument is always appropriate for os.machine; set
	virtType if accel is present.

	qemu: only parse basename when determining emulator properties
	'virsh domxml-from-native' and 'virsh qemu-attach' could misbehave
	for an emulator installed in (a somewhat unlikely) location
	such as /usr/local/qemu-1.6/qemu-system-x86_64 or (an even less
	likely) /opt/notxen/qemu-system-x86_64.  Limit the strstr seach
	to just the basename of the file where we are assuming details
	about the binary based on its name.
	While testing, I accidentally triggered a core dump during strcmp
	when I forgot to set os.type on one of my code paths; this patch
	changes such a coding error to raise a nicer internal error instead.
	* src/qemu/qemu_command.c (qemuParseCommandLine): Compute basename
	earlier.
	* src/conf/domain_conf.c (virDomainDefPostParseInternal): Avoid
	NULL deref.

2013-09-06  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: fix typos in lxc_container.c
	Fix docs and error message typos in lxc_container.c

2013-09-06  Alex Jia  <ajia@redhat.com>

	Docs: fix a typo in virt-login-shell.pod

2013-09-06  Jim Fehlig  <jfehlig@suse.com>

	libxl: Compile regular expression where it is used
	The regular expression used to determine guest capabilities
	was compiled in libxlCapsInitHost() but used in libxlCapsInitGuests().
	Move compilation to libxlCapsInitGuests() where it is used, and free
	the compiled regex after use.  Ensure not to free the regex if
	compilation fails.

	Don't call regfree() if regcomp() fails
	POSIX states that the preg parameter to regcomp() is undefined on
	failure, so no need to call regfree() in these cases.
	http://pubs.opengroup.org/onlinepubs/009695399/functions/regcomp.html
	See also a discussion on the libvirt dev list
	https://www.redhat.com/archives/libvir-list/2013-September/msg00262.html

2013-09-05  Eric Blake  <eblake@redhat.com>

	spec: make client-only testing easier
	Several recent patches cleaned up 'make rpm' for the situation
	when client_only is true; these were done by manual spec file
	editing (since it's relatively hard to come by a RHEL 5 s390
	box).  Make it easier to do in the future via a simpler command
	line override.
	* libvirt.spec.in (client_only): Allow for override.

	build: shut up automake warnings
	I'm tired of seeing screenfuls of messages like these when using
	automake 1.13 (Fedora 19):
	configure.ac:2121: warning: The 'AM_PROG_MKDIR_P' macro is deprecated, and its use is discouraged.
	configure.ac:2121: You should use the Autoconf-provided 'AC_PROG_MKDIR_P' macro instead,
	configure.ac:2121: and use '$(MKDIR_P)' instead of '$(mkdir_p)'in your Makefile.am files.
	daemon/Makefile.am:19: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
	seeing as how we MUST use those constructs for the benefit of
	automake 1.9 (RHEL 5).  Conversely, RHEL 5 automake complained:
	aclocal:configure.ac:36: warning: macro `AM_SILENT_RULES' not found in library
	Obviously, I tested this patch on both Fedora 19 and RHEL 5.
	* configure.ac (AM_INIT_AUTOMAKE): Avoid obsoletion warnings.
	(AM_SILENT_RULES): Avoid unknown macro warning.

2013-09-05  Ján Tomko  <jtomko@redhat.com>

	Fix a typo in network XML docs

	Change 'shortforward' to bool.

	Add '<nat>' element to '<forward>' network schemas
	Commits 905629f4 and 1716e7a6 have added support for specifying
	an IPv4 range and a port range to be used by NAT:
	<forward mode='nat'>
	  <nat>
	    <address start='10.20.30.40' end='10.20.30.44'/>
	    <port start='60000' end='65432'/>
	  </nat>
	</forward>
	https://bugzilla.redhat.com/show_bug.cgi?id=1004364

2013-09-05  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	cpu: Add cpu test cases for PPC CPU driver.
	This patch is to add cpu test casses for PPC CPU driver.

	cpu: Implement guestData and update for PPC
	On Power platform, Power7+ can support Power7 guest.
	It needs to define XML configuration to specify guest's CPU model.
	For exmaple:
	  <cpu match='exact'>
	    <model>POWER7_v2.1</model>
	    <vendor>IBM</vendor>
	  </cpu>

	qemu: Remove CPU features functions calling for non-x86 platform.
	CPU features are not supported on non-x86 and hasFeatures will be NULL.
	This patch is to remove CPU features functions calling to avoid errors.

2013-09-05  Ian Main  <imain@redhat.com>

	Use loop-control to allocate loop device.
	This patch changes virFileLoopDeviceOpen() to use the new loop-control
	device to allocate a new loop device.  If this behavior is unsupported
	we fall back to the previous method of searching /dev for a free device.
	With this patch you can start as many image based LXC domains as you
	like (well almost).
	Fixes bug https://bugzilla.redhat.com/show_bug.cgi?id=995543

2013-09-05  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: Don't mount securityfs when user namespace enabled
	Right now, securityfs is disallowed to be mounted in non-initial
	user namespace, so we must avoid trying to mount securityfs in
	a container which has user namespace enabled.

2013-09-05  Daniel P. Berrange  <berrange@redhat.com>

	Stop calling virAllocN directly from ESX code
	The ESX code has a method esxVI_Alloc which would call
	virAllocN directly, instead of using the VIR_ALLOC_N
	macro. Remove this method and make the callers just
	use VIR_ALLOC as is normal practice.

2013-09-05  Liuji (Jeremy)  <jeremy.liu@huawei.com>

	virDomainDeviceIsUSB: Drop check for USB controller
	Delete the USB controller check from the USB Device checklist in
	virDomainDeviceIsUSB as USB controller is a PCI device rather than
	a USB one.

2013-09-05  Daniel P. Berrange  <berrange@redhat.com>

	Ensure 'arch' is always set in cpuArchNodeData
	The s390, ppc and arm CPU drivers never set the 'arch' field
	in their impl of cpuArchNodeData. This leads to error messages
	being reported from cpuDataFree later, due to trying to use
	VIR_ARCH_NONE.
	 #0  virRaiseErrorFull (filename=filename@entry=0x76f94434 "cpu/cpu.c", funcname=funcname@entry=0x76f942dc <__FUNCTION__.18096> "cpuGetSubDriver", linenr=linenr@entry=58,
	     domain=domain@entry=31, code=code@entry=1, level=level@entry=VIR_ERR_ERROR, str1=0x76f70e18 "internal error: %s",
	     str2=str2@entry=0x7155f2ec "undefined hardware architecture", str3=str3@entry=0x0, int1=int1@entry=-1, int2=int2@entry=-1, fmt=0x76f70e18 "internal error: %s")
	     at util/virerror.c:646
	 #1  0x76e682ea in virReportErrorHelper (domcode=domcode@entry=31, errorcode=errorcode@entry=1, filename=0x76f94434 "cpu/cpu.c",
	     funcname=0x76f942dc <__FUNCTION__.18096> "cpuGetSubDriver", linenr=linenr@entry=58, fmt=0x76f7e7e4 "%s") at util/virerror.c:1292
	 #2  0x76ed82d4 in cpuGetSubDriver (arch=<optimized out>) at cpu/cpu.c:57
	 #3  cpuGetSubDriver (arch=VIR_ARCH_NONE) at cpu/cpu.c:51
	 #4  0x76ed8818 in cpuDataFree (data=data@entry=0x70c22d78) at cpu/cpu.c:216
	 #5  0x716aaec0 in virQEMUCapsInitCPU (arch=VIR_ARCH_ARMV7L, caps=0x70c29a08) at qemu/qemu_capabilities.c:867

	Stop free'ing 'const char *' strings
	The VIR_FREE() macro will cast away any const-ness. This masked a
	number of places where we passed a 'const char *' string to
	VIR_FREE. Fortunately in all of these cases, the variable was not
	in fact const data, but a heap allocated string. Fix all the
	variable declarations to reflect this.

2013-09-05  Eric Blake  <eblake@redhat.com>

	qemu: simplify list cleanup
	No need to open code now that we have a nice function.
	Interestingly, our virStringFreeList function is typed correctly
	(a malloc'd list of malloc'd strings is NOT const, whether at the
	point where it is created, or at the point where it is cleand up),
	so using it with a 'const char **' argument would require a cast
	to keep the compiler.  I chose instead to remove const from code
	even where we don't modify the argument, just to avoid the need
	to cast.
	* src/qemu/qemu_command.h (qemuParseCommandLine): Drop declaration.
	* src/qemu/qemu_command.c (qemuParseProcFileStrings)
	(qemuStringToArgvEnv): Don't force malloc'd result to be const.
	(qemuParseCommandLinePid, qemuParseCommandLineString): Simplify
	cleanup.
	(qemuParseCommandLine, qemuFindEnv): Drop const-correctness to
	avoid the need to cast in callers.

2013-09-05  Peter Krempa  <pkrempa@redhat.com>

	conf: Don't deref NULL actual network in virDomainNetGetActualHostdev()
	In commit 991270db99690 I've used virDomainNetGetActualHostdev() to get
	the actual hostdev from a network when removing the network from the
	list to avoid leaving the hostdev in the list. I didn't notice that this
	function doesn't check if the actual network is allocated and
	dereferences it. This crashes the daemon when cleaning up a domain
	object in early startup phases when the actual network definition isn't
	allocated. When the actual definition isn't present, the hostdev that
	might correspond to it won't be present anyways so it's safe to return
	NULL.
	Thanks to Cole Robinson for noticing this problem.

2013-09-05  Jim Fehlig  <jfehlig@suse.com>

	libxl: Unconditionally call virSysinfoRead() on driver init
	No need to check if privileged when reading hostsysinfo, since
	that check was already done in libxlDriverShouldLoad().  The
	libxl driver fails to load if not privileged.

	libxl: Check for regcomp failure
	Change libxlGetAutoballoonConf() function to return an int
	for success/failure, and fail if regcomp fails.

2013-09-05  Eric Blake  <eblake@redhat.com>

	virsh: fix build on mingw, which lacks termios stuff
	Recent patches to fix handling of Ctrl-C when interacting with
	ssh are not portable to mingw, which lacks termios handling.
	The simplest solution is to just compile that code out, and
	if someone ever appears that has a serious interest in getting
	virsh fully functional even with ssh connections, they can
	provide patches at that time.
	* tools/virsh.h (_vshControl): Make termattr conditional.
	* tools/virsh.c (vshTTYIsInterruptCharacter)
	(vshTTYDisableInterrupt, vshTTYRestore, cfmakeraw, vshTTYMakeRaw)
	(main): Likewise.

2013-09-05  Jim Fehlig  <jfehlig@suse.com>

	libxl: Fix Coverity warning
	John Ferlan reported the following Coverity warning:
	In libxlDomainCoreDump() Coverity has noted a FORWARD_NULL reference:
	2004 	    if ((flags & VIR_DUMP_CRASH) && !vm->persistent) {
	2005 	        virDomainObjListRemove(driver->domains, vm);
	(20) Event assign_zero: 	Assigning: "vm" = "NULL".
	Also see events: 	[var_deref_model]
	2006 	        vm = NULL;
	2007 	    }
	2008
	2009 	    ret = 0;
	2010
	2011 	cleanup_unpause:
	(21) Event var_deref_model: 	Passing null pointer "vm" to function
	     "virDomainObjIsActive(virDomainObjPtr)", which dereferences it. [details]
	Also see events: 	[assign_zero]
	2012 	    if (virDomainObjIsActive(vm) && paused) {
	2013 	        if (libxl_domain_unpause(priv->ctx, dom->id) != 0) {
	2014 	            virReportError(VIR_ERR_INTERNAL_ERROR,
	Removing the vm from domain obj list and setting it to NULL can be
	done in the previous 'if (flags & VIR_DUMP_CRASH)' conditional.  Fix
	the Coverity warning by ensuring vm is not NULL before testing if it
	is still active.

2013-09-05  Eric Blake  <eblake@redhat.com>

	spec: default vbox according to libvirtd build
	Commit ba5f3c7 moved virtualBox support into libvirtd, but the spec
	file was still unconditionally requesting it even when not building
	the server side.  Thankfully there were no ill effects for a
	client_only build, as most uses of %{with_vbox} were guarded by
	%{with_libvirtd}; but we might as well avoid confusion by more
	closely matching the makefile.
	* libvirt.spec.in (with_vbox): Hoist to server conditionals.

	build: avoid stranded polkit file in client-only build
	daemon/Makefile.am installs a .policy file if WITH_LIBVIRTD and
	WITH_POLKIT are both set.  src/Makefile.am, on the other hand,
	installs a .policy file if WITH_POLKIT1 is set, but without checking
	WITH_LIBVIRTD.  When running 'make rpm' with client_only manually
	set, on a Fedora 19 box, that leads to a failure:
	RPM build errors:
	    Installed (but unpackaged) file(s) found:
	   /usr/share/polkit-1/actions/org.libvirt.api.policy
	Fix it by adding another conditional.
	* src/Makefile.am (polkitaction_DATA): Make conditional.

	build: only install nwfilter examples when building nwfilter
	'make rpm' with client_local set to 1 (by manual modification,
	or with RHEL 5 on s390) warns:
	RPM build errors:
	    Installed (but unpackaged) file(s) found:
	   /etc/libvirt/nwfilter/allow-arp.xml
	   /etc/libvirt/nwfilter/allow-dhcp-server.xml
	   /etc/libvirt/nwfilter/allow-dhcp.xml
	   /etc/libvirt/nwfilter/allow-incoming-ipv4.xml
	   /etc/libvirt/nwfilter/allow-ipv4.xml
	   /etc/libvirt/nwfilter/clean-traffic.xml
	   /etc/libvirt/nwfilter/no-arp-ip-spoofing.xml
	   /etc/libvirt/nwfilter/no-arp-mac-spoofing.xml
	   /etc/libvirt/nwfilter/no-arp-spoofing.xml
	   /etc/libvirt/nwfilter/no-ip-multicast.xml
	   /etc/libvirt/nwfilter/no-ip-spoofing.xml
	   /etc/libvirt/nwfilter/no-mac-broadcast.xml
	   /etc/libvirt/nwfilter/no-mac-spoofing.xml
	   /etc/libvirt/nwfilter/no-other-l2-traffic.xml
	   /etc/libvirt/nwfilter/no-other-rarp-traffic.xml
	   /etc/libvirt/nwfilter/qemu-announce-self-rarp.xml
	   /etc/libvirt/nwfilter/qemu-announce-self.xml
	   /usr/share/polkit-1/actions/org.libvirt.api.policy
	The bulk of these are fixed with this patch.
	* examples/xml/nwfilter/Makefile.am (install-data-local)
	(uninstall-local): Make conditional.

	build: only run fdstreamtest when libvirtd is built
	An rpm build with client_only set to 1 (for example, RHEL 5 on
	s390, or by modifying libvirt.spec.in) failed with
	TEST: fdstreamtest
	 1) Stream read blocking                                              ... OK
	 2) Stream read non-blocking                                          ... Unexpected EOF block 0 want 128
	FAILED
	 3) Stream write blocking                                             ... OK
	 4) Stream write non-blocking                                         ... Failed to finish stream: internal error: libvirt:  error : cannot execute binary /home/eblake/rpmbuild/BUILD/libvirt-1.1.1/tests/../src/libvirt_iohelper: No such file or directory
	Since the test depends on something that was only built for
	WITH_LIBVIRTD (see src/Makefile.am), we must do the same for
	the test.
	* tests/Makefile.am (test_programs): Make fdstreamtest conditional.

	spec: fix rpm build when lxc disabled
	'make rpm' failed if ~/.rpmmacros contains '%_without_lxc 1',
	which simulates the case of not having lxc available.
	RPM build errors:
	    File not found: /home/eblake/rpmbuild/BUILDROOT/libvirt-1.1.1-1.fc19.x86_64/etc/libvirt/virt-login-shell.conf
	    File not found by glob: /home/eblake/rpmbuild/BUILDROOT/libvirt-1.1.1-1.fc19.x86_64/usr/share/man/man1/virt-login-shell.1*
	    File not found: /home/eblake/rpmbuild/BUILDROOT/libvirt-1.1.1-1.fc19.x86_64/usr/bin/virt-login-shell
	make: *** [rpm] Error 1
	Reported by Dan Berrange.
	* libvirt.spec.in: Mark virt-login-shell as conditional on lxc.

2013-09-05  Doug Goldstein  <cardoe@cardoe.com>

	virGet{User,Group}Ent() don't say success on fail
	When virGetUserEnt() and virGetGroupEnt() fail due to the uid or gid not
	existing on the machine they'll print a message like:
	$ virsh -c vbox:///session list
	error: failed to connect to the hypervisor
	error: Failed to find user record for uid '32655': Success
	The success at the end is a bit confusing. This changes it to:
	$ virsh -c vbox:///session list
	error: failed to connect to the hypervisor
	error: Failed to find user record for uid '32655'

2013-09-04  Eric Blake  <eblake@redhat.com>

	build: enforce makefile conditional style
	Automake has builtin support to prevent botched conditional nesting,
	but only if you use:
	if FOO
	else !FOO
	endif !FOO
	An example error message when using the wrong name:
	daemon/Makefile.am:378: error: else reminder (LIBVIRT_INIT_SCRIPT_SYSTEMD_TRUE) incompatible with current conditional: LIBVIRT_INIT_SCRIPT_SYSTEMD_FALSE
	daemon/Makefile.am:381: error: endif reminder (LIBVIRT_INIT_SCRIPT_SYSTEMD_TRUE) incompatible with current conditional: LIBVIRT_INIT_SCRIPT_SYSTEMD_FALSE
	As our makefiles tend to have quite a bit of nested conditionals,
	it's better to take advantage of the benefits of the build system
	double-checking that our conditionals are well-nested, but that
	requires a syntax check to enforce our usage style.
	Alas, unlike C preprocessor and spec files, we can't use indentation
	to make it easier to see how deeply nesting goes.
	* cfg.mk (sc_makefile_conditionals): New rule.
	* daemon/Makefile.am: Enforce the style.
	* gnulib/tests/Makefile.am: Likewise.
	* python/Makefile.am: Likewise.
	* src/Makefile.am: Likewise.
	* tests/Makefile.am: Likewise.
	* tools/Makefile.am: Likewise.

2013-09-04  Martin Kletzander  <mkletzan@redhat.com>

	docs: Add OpenStack into references

2013-09-04  Daniel P. Berrange  <berrange@redhat.com>

	Don't call VIR_ALLOC on def->uuid in parallels storage driver
	The 'uuid' field in virDomainDefPtr is not a pointer, it is a
	fixed length array. Calling VIR_ALLOC on it is thus wrong and
	leaks memory.

	Add missing 'libvirt_lxc_api' variable in pkg-config file
	The 'libvirt_lxc_api' variable is intended to allow apps to
	query the location of the API XML file for libvirt_lxc.so

2013-09-04  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix coding style issues in daemon/remote.c
	Fixes for argument layouts of various functions in daemon/remote.c

2013-09-04  Peter Krempa  <pkrempa@redhat.com>

	conf: Remove the actual hostdev when removing a network
	Commit 50348e6edfa reused the code to remove the hostdev portion of a
	network definition on multiple places but forgot to take into account
	that sometimes the "actual" network is passed and in some cases the
	parent of that.
	This patch uses the virDomainNetGetActualHostdev() helper to acquire the
	correct pointer all the time while removing the hostdev portion from the
	list.

2013-09-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Make domain renaming work during migration
	https://bugzilla.redhat.com/show_bug.cgi?id=999352
	Since commit v1.0.5-56-g449e6b1 (Pull parsing of migration xml up into
	QEMU driver APIs) any attempt to rename a domain during migration fails
	with the following error message:
	    internal error Incoming cookie data had unexpected name DOM vs DOM2
	This is because migration cookies always use the original domain name
	and the mentioned commit failed to propagate the name back to
	qemuMigrationPrepareAny.

2013-09-04  Michal Privoznik  <mprivozn@redhat.com>

	virFileNBDDeviceAssociate: Avoid use of uninitialized variable
	The @qemunbd variable can be used uninitialized.

	AppArmorSetSecurityImageLabel: Avoid use of uninitialized variable
	The @profile_name variable can be used uninitialized.

2013-09-04  Jim Fehlig  <jfehlig@suse.com>

	libxl: Use standard format for source file copyright notice
	Change source file copyright notice to prevailing libvirt style.

	libxl: Add libxlDomObjFromDomain
	Similar to the QEMU and LXC drivers, add a helper function to
	lookup a domain, and use it instead of much copy and paste.

	libxl: Remove unnecessary driver locking
	Now that most fields of libxlDriverPrivate struct are immutable
	or self-locking, there is no need to acquire the driver lock in
	much of the libxl driver.

	libxl: Move driver lock/unlock to libxl_conf
	Move the libxl driver lock/unlock functions from libxl_driver.c
	to libxl_conf.h so they can be used by other source files.

	libxl: Add comments to libxlDriverPrivate fields
	Similar to the QEMU and LXC drivers, annotate the fields of
	libxlDriverPrivate struct to indicate the locking rules for
	their use.

	libxl: Use atomic ops for driver->nactive

	libxl: Introduce libxlDriverConfig object
	The libxlDriverPrivate struct contains an variety of data with
	varying access needs. Similar to the QEMU and LXC drivers,
	move all the static config data into a dedicated libxlDriverConfig
	object. The only locking requirement is to hold the driver lock
	while obtaining an instance of libxlDriverConfig. Once a reference
	is held on the config object, it can be used completely lockless
	since it is immutable.

	libxl: User per-domain ctx in libxlDomainGetInfo
	libxlDomainGetInfo() uses the driver-wide libxl ctx when
	it would be more appropriate to use the per-domain ctx
	associated with the domain.  Switch to using the per-domain
	libxl ctx.

	libxl: libxl: Use per-domain ctx in libxlMakeDomCreateInfo
	libxlMakeDomCreateInfo() uses the driver-wide libxl ctx when
	it would be more appropriate to use the per-domain ctx
	associated with the domain.  Switch to using the per-domain
	libxl ctx.

	libxl: Add libxl_version_info to libxlDriverPrivate
	libxl version info is static data as far as the libxl driver
	is concerned, so retrieve this info when the driver is initialized
	and stash it in the libxlDriverPrivate object.  Subsequently use
	the stashed info instead of repeatedly calling libxl_get_version_info().

	libxl: Earlier detection of not running on Xen
	Detect early on in libxl driver initialization if the driver
	should be loaded at all, avoiding needless initialization steps
	that only have to be undone later.  While at it, move the
	detection to a helper function to improve readability.
	After detecting that the driver should be loaded, subsequent
	failures such as initializing the log stream, allocating libxl
	ctx, etc. should be treated as failure to initialize the driver.

	libxl: Introduce libxl_domain.[ch]
	Create libxl_domain.[ch] and move all functions operating on
	libxlDomainObjPrivate to these files.  This will be useful for
	future patches that e.g. add job support for libxlDomainObjPrivate.

	libxl: Move detection of autoballoon to libxl_conf
	Detecting whether or not to autoballoon is configuration related,
	so move the code to libxl_conf.

2013-09-04  Eric Blake  <eblake@redhat.com>

	build: fix typo that broke 'make dist'
	Bug introduced in commit 5c6ff42; 'make dist' fails:
	make[3]: Entering directory `/home/eblake/libvirt-tmp/build3/examples/python'
	make[3]: *** No rule to make target `topoology.py', needed by `distdir'.  Stop.
	make[3]: Leaving directory `/home/eblake/libvirt-tmp/build3/examples/python'
	* examples/python/Makefile.am (EXTRA_DIST): Spell topology right.

2013-09-04  John Ferlan  <jferlan@redhat.com>

	esx_driver: Resolve Coverity RESOURCE_LEAK on error paths
	New Coverity release found a couple of error paths where memory would be
	leaked in an error/goto path before being properly handled.

	esx_vi: Resolve Coverity RESOURCE_LEAK in error path
	New coverity installation determined that the muliple if condition for
	"*Alloc" and "*AppendToList" could fail during AppendToList thus leaking
	memory.

2013-09-03  Michal Privoznik  <mprivozn@redhat.com>

	test_virtlockd.aug.in: Use the correct file
	The test should refer to Virtlockd.lns, which is the name of
	the module + lens in virtlockd.aug.

2013-09-03  Peter Krempa  <pkrempa@redhat.com>

	examples: Add script to parse topology from capabilities output
	Add a demo script originally written by Amador Pahim to parse topology
	of the host from data provided in the capabilities XML.

	virsh-console: Avoid using signal() in multithreaded application
	Man page for signal states:
	 "The effects of signal() in a multithreaded process are unspecified."
	Switch signal() to sigaction in virsh console code.

	virsh: Rename vshMakeStdinRaw to vshTTYMakeRaw and move it to virsh.c
	Move the function to virsh.c to the rest of the TTY managing functions
	and change the code so that it mirrors the rest.

	tools: rename console.[ch] to virsh-console.[ch] and fix coding style

2013-09-03  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Handle huge number of queues correctly
	Currently, kernel supports up to 8 queues for a multiqueue tap device.
	However, if user tries to enter a huge number (e.g. one million) the tap
	allocation fails, as expected. But what is not expected is the log full
	of warnings:
	    warning : virFileClose:83 : Tried to close invalid fd 0
	The problem is, upon error we iterate over an array of FDs (handlers to
	queues) and VIR_FORCE_CLOSE() over each item. However, the array is
	pre-filled with zeros. Hence, we repeatedly close stdin. Ouch.
	But there's more. The queues allocation is done in virNetDevTapCreate()
	which cleans up the FDs in case of error. Then, its caller, the
	virNetDevTapCreateInBridgePort() iterates over the FD array and tries to
	close them too. And so does qemuNetworkIfaceConnect() and
	qemuBuildInterfaceCommandLine().

2013-09-03  Ján Tomko  <jtomko@redhat.com>

	Fix leaks in python bindings
	https://bugzilla.redhat.com/show_bug.cgi?id=1003828

2013-09-03  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Avoid killing ssh transport tunnels when cancelling job
	The vshWatchJob function registers a SIGINT handler that is used to
	abort the active job and does not terminate virsh. Unfortunately, this
	breaks when using the ssh transport as SIGINT is sent to the foreground
	process group including the ssh transport processes which terminate.
	This breaks the connection and migration is left in a insane state.
	With this patch the terminal is modified to ignore key binding that
	sends SIGINT and does the handling manually.
	Resoves: https://bugzilla.redhat.com/show_bug.cgi?id=983348

	virsh: Remember terminal state when starting and add helpers
	This patch adds instrumentation to allow modification of config of the
	terminal in virsh and successful reset of the state afterwards.
	The added helpers allow to disable receiving of SIGINT when pressing the
	key sequence (Ctrl+C usualy). This normally sends SIGINT to the
	foreground process group which kills ssh processes used for transport of
	the data.

2013-09-03  Doug Goldstein  <cardoe@cardoe.com>

	VMX: Add cdrom-raw dev type from VMWare Fusion
	According to VMWare's documentation 'cdrom-raw' is an acceptable value
	for deviceType for a CD-ROM drive. The documentation states that the VMX
	configuration for a CD-ROM deviceType is as follows:
	ide|scsi(n):(n).deviceType = "cdrom-raw|atapi-cdrom|cdrom-image"
	From the documentation it appears the following is true:
	- cdrom-image = Provides the ISO to the VM
	- atapi-cdrom = Provides a NEC emulated ATAPI CD-ROM on top of the host
	  CD-ROM
	- cdrom-raw = Passthru for a host CD-ROM drive. Allows CD-R burning from
	  within the guest.
	A CD-ROM prior to this patch would always provide an 'atapi-cdrom' is
	modeled as:
	  <disk type='block' device='cdrom'>
	    <source dev='/dev/scd0'/>
	    <target dev='hda' bus='ide'/>
	    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
	  </disk>
	This patch allows the 'device' attribute to be set to 'lun' for a raw
	acccess CD-ROM such as:
	  <disk type='block' device='lun'>
	    <source dev='/dev/scd0'/>
	    <target dev='hda' bus='ide'/>
	    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
	  </disk>

	VMX: Some serial ports are not actually connected
	Sometimes a serial port might not be actually wired to a device when the
	user does not have the VM powered on and we should not consider this a
	fatal error.

2013-09-03  Cole Robinson  <crobinso@redhat.com>

	qemu: Support virtio-mmio transport for virtio on ARM
	Starting with qemu 1.6, the qemu-system-arm vexpress-a9 model has a
	hardcoded virtio-mmio transport which enables attaching all virtio
	devices.
	On the command line, we have to use virtio-XXX-device rather than
	virtio-XXX-pci, thankfully s390 already set the precedent here so
	it's fairly straight forward.
	At the XML level, this adds a new device address type virtio-mmio.
	The controller and addressing don't have any subelements at the
	moment because we they aren't needed for this usecase, but could
	be added later if needed.
	Add a test case for an ARM guest with one of every virtio device
	enabled.

	qemu: Fix networking for ARM guests
	Similar to the chardev bit, ARM boards depend on the old style '-net nic'
	for actually instantiating net devices. But we can't block out
	-netdev altogether since it's needed for upcoming virtio support.
	And add tests for working ARM XML with console, disk, and networking.

	domain_conf: Add disk bus=sd, wire it up for qemu
	This corresponds to '-sd' and '-drive if=sd' on the qemu command line.
	Needed for many ARM boards which don't provide any other way to
	pass in storage.

	qemu: Don't try to allocate PCI addresses for ARM

	qemu: Fix specifying char devs for ARM
	QEMU ARM boards don't give us any way to explicitly wire in
	a -chardev, so use the old style -serial options.
	Unfortunately this isn't as simple as just turning off the CHARDEV flag
	for qemu-system-arm, as upcoming virtio support _will_ use device/chardev.

	qemu: Don't add default memballoon device on ARM
	And add test cases for a basic working ARM guest.

	domain_conf: Add default memballoon in PostParse callbacks
	This should be a no-op change for now.

	qemu: Set QEMU_AUDIO_DRV=none with -nographic
	On my machine, a guest fails to boot if it has a sound card, but not
	graphical device/display is configured, because pulseaudio fails to
	initialize since it can't access $HOME.
	A workaround is removing the audio device, however on ARM boards there
	isn't any option to do that, so -nographic always fails.
	Set QEMU_AUDIO_DRV=none if no <graphics> are configured. Unfortunately
	this has massive test suite fallout.
	Add a qemu.conf parameter nographics_allow_host_audio, that if enabled
	will pass through QEMU_AUDIO_DRV from sysconfig (similar to
	vnc_allow_host_audio)

2013-09-03  Guido Günther  <agx@sigxcpu.org>

	Pass AM_LDFLAGS to driver modules too
	This gives us a RO got, otherwise Debian's lintian complains:
	W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_qemu.so
	W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_storage.so
	W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_uml.so
	W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_vbox.so
	W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_xen.so
	W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_nwfilter.so
	W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_storage.so
	W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_uml.so
	W: libvirt-sanlock: hardening-no-relro usr/lib/libvirt/lock-driver/sanlock.so

	Fix AM_LDFLAGS typo

2013-09-02  Fred A. Kemp  <anonym@riseup.net>

	qemu: Support setting the 'removable' flag for USB disks
	Add an attribute named 'removable' to the 'target' element of disks,
	which controls the removable flag. For instance, on a Linux guest it
	controls the value of /sys/block/$dev/removable. This option is only
	valid for USB disks (i.e. bus='usb'), and its default value is 'off',
	which is the same behaviour as before.
	To achieve this, 'removable=on' (or 'off') is appended to the '-device
	usb-storage' parameter sent to qemu when adding a USB disk via
	'-disk'. A capability flag QEMU_CAPS_USB_STORAGE_REMOVABLE was added
	to keep track if this option is supported by the qemu version used.
	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=922495

	qemu: Add capability flag for usb-storage
	Allow use of the usb-storage device only if the new capability flag
	QEMU_CAPS_DEVICE_USB_STORAGE is set, which it is for qemu(-kvm)
	versions >= 0.12.1.2-rhel62-beta.

2013-09-02  Doug Goldstein  <cardoe@cardoe.com>

	VMX: Create virVMXFormatDisk() from HD and CD-ROM
	virVMXFormatHardDisk() and virVMXFormatCDROM() duplicated a lot of code
	from each other and made a lot of nested if checks to build each part of
	the VMX file. This hopefully simplifies the code path while combining
	the two functions with no net difference.

2013-09-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.1.2
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: merged new localizations and regenerated

2013-09-02  John Ferlan  <jferlan@redhat.com>

	qemu_hotplug: Resolve DEADCODE coverity error
	Remove unused 'cgroup' variable in qemuDomainAttachDeviceDiskLive() to
	resolve coverity DEADCODE complaint

2013-09-01  Hongwei Bi  <hwbi2008@gmail.com>

	Fix memory leak in cmdAttachDisk
	When virBufferError is ok in cmdAttachDisk, the latter
	should 'goto cleanup', instead of returning a false to
	prevent memory leaking.

2013-08-31  Eric Blake  <eblake@redhat.com>

	build: fix virtlockd file distribution
	Since virtlockd is only built when libvirtd is built, we should
	not install its auxiliary files unconditionally.  This solves
	two failures.  1. 'make distcheck' complains:
	rm -f Makefile
	ERROR: files left in build directory after distclean:
	./src/virtlockd.8
	2. './autobuild.sh' complains:
	Checking for unpackaged file(s): /usr/lib/rpm/check-files
	/home/eblake/rpmbuild/BUILDROOT/mingw-libvirt-1.1.1-1.fc19.eblake1377879911.x86_64
	error: Installed (but unpackaged) file(s) found:
	   /usr/i686-w64-mingw32/sys-root/mingw/etc/libvirt/virtlockd.conf
	/usr/i686-w64-mingw32/sys-root/mingw/share/augeas/lenses/tests/test_virtlockd.aug
	   /usr/i686-w64-mingw32/sys-root/mingw/share/augeas/lenses/virtlockd.aug
	   /usr/i686-w64-mingw32/sys-root/mingw/share/man/man8/virtlockd.8
	   /usr/x86_64-w64-mingw32/sys-root/mingw/etc/libvirt/virtlockd.conf
	/usr/x86_64-w64-mingw32/sys-root/mingw/share/augeas/lenses/tests/test_virtlockd.aug
	   /usr/x86_64-w64-mingw32/sys-root/mingw/share/augeas/lenses/virtlockd.aug
	   /usr/x86_64-w64-mingw32/sys-root/mingw/share/man/man8/virtlockd.8
	* src/Makefile.am (CLEANFILES): Add virtlockd.8.
	(man8_MANS, conf_DATA, augeas_DATA, augeastest_DATA): Only install
	virtlockd files when daemon is built.

	build: shipped files must not depend on BUILT_SOURCES
	'make distcheck' was failing with:
	make[3]: Entering directory `/home/eblake/libvirt-tmp2/libvirt-1.1.1/_build/docs'
	perl ../../docs/genaclperms.pl ../../src/access/viraccessperm.h > ../../docs/aclperms.htmlinc
	/bin/sh: ../../docs/aclperms.htmlinc: Permission denied
	when simulating the case of a user doing a VPATH build from a
	read-only source tree.  The culprit?  BUILT_SOURCES are _always_
	built, and so must NOT be built into srcdir and need not be part
	of the tarball.  On the other hand, shipped files must never
	depend on files in the builddir.  While it would be possible to
	fix the problem by generating aclperms.htmlinc into builddir,
	we then have the problem that we ship acl.html - we'd have to
	rejigger a lot of things to not ship pre-built html.  So this
	patch goes the other direction - we don't need BUILT_SOURCES,
	but instead ensure that we have proper dependencies so that
	all files in srcdir are up-to-date at the time the tarball is
	created.  And because we ship html files in the tarball, that
	implies we don't expect users to be able to rebuild them, so
	we must not clean any files that would trigger a rebuild except
	under the maintainer rules.
	* docs/Makefile.am (BUILT_SOURCES): Delete.
	(CLEANFILES): Downgrade aclperms.htmlinc cleanup...
	(maintainer-clean-local): ...and move hvsupport.html.in...
	(MAINTAINERCLEANFILES): ...to a maintainer action.
	(hvsupport.html.in): Write into srcdir.
	(hvsupport.html): Ensure files are built in order.
	(aclperms.htmlinc): Honor silent make.
	(EXTRA_DIST): Ship aclperms.htmlinc.

	build: fix 'make distcheck' out of the box
	With the 1.1.1 tarball, if a user does 'make && make distcheck',
	things pass, but if they do 'make distcheck' after 'make clean',
	there is an odd failure:
	  GEN      ../../docs/devhelp/index.html
	I/O error : Permission denied
	I/O error : Permission denied
	runtime error: file ../../docs/devhelp/devhelp.xsl line 43 element document
	xsltDocumentElem: unable to save to ../../docs/devhelp/libvirt-virterror.html
	I/O error : Permission denied
	I/O error : Permission denied
	This implies that the rules for 'make dist' are missing a
	dependency - the generated documentation needs to be up-to-date
	before creating the tarball, or else the tarball will be missing
	files, where the end user will end up trying to rebuild files in
	srcdir, and that fails when srcdir is read-only.
	1.1.1 plus this patch now works without issues (other issues have
	crept in to 1.1.2-rc1 that prevent 'make distcheck' from working,
	but those will be cleaned up in later patches).
	* docs/Makefile.am (dist-local): New dependency.

	build: only create virt-login-shell for lxc builds
	I noticed from an ./autobuild.sh run that we were installing a
	virt-login-shell.exe binary when cross-building for mingw,
	even though such a binary is necessarily worthless since the
	code depends on lxc which is a Linux-only concept.
	* tools/Makefile.am (conf_DATA, bin_PROGRAMS, dist_man1_MANS):
	Make virt-login-shell installation conditional.

2013-08-31  Cole Robinson  <crobinso@redhat.com>

	qemu: Only setup vhost if virtType == "kvm"
	vhost only works in KVM mode at the moment, and is infact compiled
	out if the emulator is built for non-native architecture. While it
	may work at some point in the future for plain qemu, for now it's
	just noise on the command line (and which contributes to arm cli
	breakage).

2013-08-30  Guido Günther  <agx@sigxcpu.org>

	Process virtlockd.conf instead of libvirtd.conf

2013-08-30  Daniel P. Berrange  <berrange@redhat.com>

	Change way we fake dbus method calls
	Ubuntu libdbus.so links with -Bsymbolic-functions, which means
	that we can only LD_PRELOAD functions that we directly call.
	Functions which libdbus.so calls internally can not be replaced.
	Thus we cannot use dbus_message_new_error or dbus_message_new_method_return

2013-08-30  Eric Blake  <eblake@redhat.com>

	random: don't mix RAND_MAX with random_r
	FreeBSD 10 recently changed their definition of RAND_MAX, to try
	and cover the fact that their evenly distributed results of rand()
	really are a smaller range than a full power of 2.  As a result,
	I did some investigation, and learned:
	1. POSIX requires random() to be evenly distributed across exactly
	31 bits.  glibc also guarantees this for rand(), but the two are
	unrelated, and POSIX only associates RAND_MAX with rand().
	Avoiding RAND_MAX altogether thus avoids a build failure on
	FreeBSD 10.
	2. Concatenating random bits from a PRNG will NOT provide uniform
	coverage over the larger value UNLESS the period of the original
	PRNG is at least as large as the number of bits being concatenated.
	Simple example: suppose that RAND_MAX were 1 with a period of 2**1
	(which means that the PRNG merely alternates between 0 and 1).
	Concatenating two successive rand() calls would then invariably
	result in 01 or 10, which is a rather non-uniform distribution
	(00 and 11 are impossible) and an even worse period (2**0, since
	our second attempt will get the same number as our first attempt).
	But a RAND_MAX of 1 with a period of 2**2 (alternating between
	0, 1, 1, 0) provides sane coverage of all four values, if properly
	tempered.  (Back-to-back calls would still only see half the values
	if we don't do some tempering).  We therefore want to guarantee a
	period of at least 2**64, preferably larger (as a tempering factor);
	POSIX only makes this guarantee for random() with 256 bytes of info.
	* src/util/virrandom.c (virRandomBits): Use constants that are
	accurate for the PRNG we are using, not an unrelated PRNG.
	(randomState): Ensure the period of our PRNG exceeds our usage.

2013-08-30  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: rename print_job_progress to vshPrintJobProgress

2013-08-29  Eric Blake  <eblake@redhat.com>

	security: provide supplemental groups even when parsing label (CVE-2013-4291)
	Commit 29fe5d7 (released in 1.1.1) introduced a latent problem
	for any caller of virSecurityManagerSetProcessLabel and where
	the domain already had a uid:gid label to be parsed.  Such a
	setup would collect the list of supplementary groups during
	virSecurityManagerPreFork, but then ignores that information,
	and thus fails to call setgroups() to adjust the supplementary
	groups of the process.
	Upstream does not use virSecurityManagerSetProcessLabel for
	qemu (it uses virSecurityManagerSetChildProcessLabel instead),
	so this problem remained latent until backporting the initial
	commit into v0.10.2-maint (commit c061ff5, released in 0.10.2.7),
	where virSecurityManagerSetChildProcessLabel has not been
	backported.  As a result of using a different code path in the
	backport, attempts to start a qemu domain that runs as qemu:qemu
	will end up with supplementary groups unchanged from the libvirtd
	parent process, rather than the desired supplementary groups of
	the qemu user.  This can lead to failure to start a domain
	(typical Fedora setup assigns user 107 'qemu' to both group 107
	'qemu' and group 36 'kvm', so a disk image that is only readable
	under kvm group rights is locked out).  Worse, it is a security
	hole (the qemu process will inherit supplemental group rights
	from the parent libvirtd process, which means it has access
	rights to files owned by group 0 even when such files should
	not normally be visible to user qemu).
	LXC does not use the DAC security driver, so it is not vulnerable
	at this time.  Still, it is better to plug the latent hole on
	the master branch first, before cherry-picking it to the only
	vulnerable branch v0.10.2-maint.
	* src/security/security_dac.c (virSecurityDACGetIds): Always populate
	groups and ngroups, rather than only when no label is parsed.

2013-08-29  Daniel P. Berrange  <berrange@redhat.com>

	Prohibit unbounded arrays in XDR protocols
	The use of <> is a security issue for RPC parameters, since a
	malicious client can set a huge array length causing arbitrary
	memory allocation in the daemon.
	It is also a robustness issue for RPC return values, because if
	the stream is corrupted, it can cause the client to also allocate
	arbitrary memory.
	Use a syntax-check rule to prohibit any use of <>

	Add bounds checking on virConnectListAllSecrets RPC call
	The return values for the virConnectListAllSecrets call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virConnectListAllNWFilters RPC call
	The return values for the virConnectListAllNWFilters call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virConnectListAllNodeDevices RPC call
	The return values for the virConnectListAllNodeDevices call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virConnectListAllInterfaces RPC call
	The return values for the virConnectListAllInterfaces call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virConnectListAllNetworks RPC call
	The return values for the virConnectListAllNetworks call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virStoragePoolListAllVolumes RPC call
	The return values for the virStoragePoolListAllVolumes call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virConnectListAllStoragePools RPC call
	The return values for the virConnectListAllStoragePools call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virConnectListAllDomains RPC call
	The return values for the virConnectListAllDomains call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virDomain{SnapshotListAllChildren,ListAllSnapshots} RPC calls
	The return values for the virDomain{SnapshotListAllChildren,ListAllSnapshots}
	calls were not bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virDomainGetJobStats RPC call
	The return values for the virDomainGetJobStats call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virDomainMigrate*Params RPC calls (CVE-2013-4292)
	The parameters for the virDomainMigrate*Params RPC calls were
	not bounds checks, meaning a malicious client can cause libvirtd
	to consume arbitrary memory
	This issue was introduced in the 1.1.0 release of libvirt

2013-08-29  Guan Qiang  <hzguanqiang@corp.netease.com>

	python: Fix a PyList usage mistake
	Fix PyList usage mistake in Function libvirt_lxc_virDomainLxcOpenNamespace.
	https://bugzilla.redhat.com/show_bug.cgi?id=1002383

2013-08-29  Michal Privoznik  <mprivozn@redhat.com>

	autogen.sh: Correctly detect .git as a file
	One of my previous patches 5cfe0d37cd0be tried to handle the case when
	libvirt is a submodule of another project. In that case, the .git is
	just a link to the parent .git directory (which the autogen.sh script
	didn't count on). The fix was missing 'test' though.

	bridge_driver: Introduce networkObjFromNetwork
	Similarly to qemu_driver.c, we can join often repeating code of looking
	up network into one function: networkObjFromNetwork.

2013-08-29  Peter Krempa  <pkrempa@redhat.com>

	qemu_hotplug: Fix whitespace around addition in argument

	qemu: Remove hostdev entry when freeing the depending network entry
	When using a <interface type="network"> that points to a network with
	hostdev forwarding mode a hostdev alias is created for the network. This
	allias is inserted into the hostdev list, but is backed with a part of
	the network object that it is connected to.
	When a VM is being stopped qemuProcessStop() calls
	networkReleaseActualDevice() which eventually frees the memory for the
	hostdev object. Afterwards when the domain definition is being freed by
	virDomainDefFree() an invalid pointer is accessed by
	virDomainHostdevDefFree() and may cause a crash of the daemon.
	This patch removes the entry in the hostdev list before freeing the
	depending memory to avoid this issue.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1000973

2013-08-29  Eric Blake  <eblake@redhat.com>

	virsh: detect programming errors with option parsing
	Noticed while reviewing another patch that had an accidental
	mismatch due to refactoring.  An audit of the code showed that
	very few callers of vshCommandOpt were expecting a return of
	-2, indicating programmer error, and of those that DID check,
	they just propagated that status to yet another caller that
	did not check.  Fix this by making the code blatantly warn
	the programmer, rather than silently ignoring it and possibly
	doing the wrong thing downstream.
	I know that we frown on assert()/abort() inside libvirtd
	(libraries should NEVER kill the program that linked them),
	but as virsh is an app rather than the library, and as this
	is not the first use of assert() in virsh, I think this
	approach is okay.
	* tools/virsh.h (vshCommandOpt): Drop declaration.
	* tools/virsh.c (vshCommandOpt): Make static, and add a
	parameter.  Abort on programmer errors rather than making callers
	repeat that logic.
	(vshCommandOptInt, vshCommandOptUInt, vshCommandOptUL)
	(vshCommandOptString, vshCommandOptStringReq)
	(vshCommandOptLongLong, vshCommandOptULongLong)
	(vshCommandOptBool): Adjust callers.

2013-08-28  Jiri Denemark  <jdenemar@redhat.com>

	virt-sanlock-cleanup; Fix augtool usage
	Surprisingly, augtool get (or print) returns "path = value" while we are
	only interested in the value. We need to remove the "path = " part from
	the augtool's output. The following is an example of the augtool command
	as used in virt-sanlock-cleanup script:
	$ augtool get /files/etc/libvirt/qemu-sanlock.conf/disk_lease_dir
	/files/etc/libvirt/qemu-sanlock.conf/disk_lease_dir = /var/lib/libvirt/sanlock

2013-08-28  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Fix debugging
	Commit a0b6a36f "fixed" what abfff210 broke (URI precedence), but
	there was still one more thing missing to fix.  When using virsh
	parameters to setup debugging, those weren't honored, because at the
	time debugging was initializing, arguments weren't parsed yet.  To
	make ewerything work as expected, we need to initialize the debugging
	twice, once before debugging (so we can debug option parsing properly)
	and then again after these options are parsed.
	As a side effect, this patch also fixes a leak when virsh is ran with
	multiple '-l' parameters.

2013-08-28  Michal Privoznik  <mprivozn@redhat.com>

	virsh-pool.c: Don't jump over variable declaration
	Since 785ff34bf8 we are using the outputStr variable in cleanup label.
	However, there is a possibility to jump to the label before the variable
	has been declared:
	virsh-pool.c: In function 'cmdPoolList':
	virsh-pool.c:1121:25: error: jump skips variable initialization [-Werror=jump-misses-init]
	                         goto asprintf_failure;
	                         ^
	virsh-pool.c:1308:1: note: label 'asprintf_failure' defined here
	 asprintf_failure:
	 ^
	virsh-pool.c:1267:11: note: 'outputStr' declared here
	     char *outputStr = NULL;

2013-08-28  Ján Tomko  <jtomko@redhat.com>

	virsh: free the caps list properly if one of them is invalid
	VIR_FREE(caps) is not enough to free an array allocated
	by vshStringToArray.
	==17== 4 bytes in 1 blocks are definitely lost in loss record 4 of 728
	==17==    by 0x4EFFC44: virStrdup (virstring.c:554)
	==17==    by 0x128B10: _vshStrdup (virsh.c:125)
	==17==    by 0x129164: vshStringToArray (virsh.c:218)
	==17==    by 0x157BB3: cmdNodeListDevices (virsh-nodedev.c:409)
	https://bugzilla.redhat.com/show_bug.cgi?id=1001536

	virsh: free the formatting string when listing pool details
	==23== 41 bytes in 1 blocks are definitely lost in loss record 626 of 727
	==23==    by 0x4F0099F: virAsprintfInternal (virstring.c:358)
	==23==    by 0x15D2C9: cmdPoolList (virsh-pool.c:1268)
	https://bugzilla.redhat.com/show_bug.cgi?id=1001536

	virsh: free the list from ListAll APIs even for 0 items
	virsh secret-list leak when no secrets are defined:
	==27== 8 bytes in 1 blocks are definitely lost in loss record 6 of 726
	==27==    by 0x4E941DD: virAllocN (viralloc.c:183)
	==27==    by 0x5037F1A: remoteConnectListAllSecrets (remote_driver.c:3076)
	==27==    by 0x5004EC6: virConnectListAllSecrets (libvirt.c:16298)
	==27==    by 0x15F813: vshSecretListCollect (virsh-secret.c:397)
	==27==    by 0x15F0E1: cmdSecretList (virsh-secret.c:532)
	And so do some other *-list commands.
	https://bugzilla.redhat.com/show_bug.cgi?id=1001536

	virsh: free messages after logging them to a file
	The messages were only freed on error.
	==12== 1,100 bytes in 1 blocks are definitely lost in loss record 698 of 729
	==12==    by 0x4E98C22: virBufferAsprintf (virbuffer.c:294)
	==12==    by 0x12C950: vshOutputLogFile (virsh.c:2440)
	==12==    by 0x12880B: vshError (virsh.c:2254)
	==12==    by 0x131957: vshCommandOptDomainBy (virsh-domain.c:109)
	==12==    by 0x14253E: cmdStart (virsh-domain.c:3333)
	https://bugzilla.redhat.com/show_bug.cgi?id=1001536

	Test network update XML parsing
	Add checks for updating sections of network definition via
	virNetworkDefUpdateSection.
	https://bugzilla.redhat.com/show_bug.cgi?id=989569

	Remove the space before the slash in network XML
	This matches the style we use elsewhere and allows
	nat-network-dns-srv-record{,-minimal}.xml to be tested in
	network XML -> XML test.

2013-08-27  Ján Tomko  <jtomko@redhat.com>

	Build QEMU command line for pcihole64
	QEMU commit 3984890 introduced the "pci-hole64-size" property,
	to i440FX-pcihost and q35-pcihost with a default setting of 2 GB.
	Translate <pcihole64>x<pcihole64/> to:
	-global q35-pcihost.pci-hole64-size=x for q35 machines and
	-global i440FX-pcihost.pci-hole64-size=x for i440FX-based machines.
	Error out on other machine types or if the size was specified
	but the pcihost device lacks 'pci-hole64-size' property.
	https://bugzilla.redhat.com/show_bug.cgi?id=990418

	Add pcihole64 element to root PCI controllers
	<controller type='pci' index='0' model='pci-root'>
	  <pcihole64 unit='KiB'>1048576</pcihole64>
	</controller>
	It can be used to adjust (or disable) the size of the 64-bit
	PCI hole. The size attribute is in kilobytes (different unit
	can be specified on input), but it gets rounded up to
	the nearest GB by QEMU.
	Disabling it will be needed for guests that crash with the
	64-bit PCI hole (like Windows XP), see:
	https://bugzilla.redhat.com/show_bug.cgi?id=990418

	Allow controller XML parsing to use XPath context
	virDomainParseScaledValue requires it.

	Move virDomainParseScaledValue earlier
	Let virDomainControllerDefParseXML use it without
	a forward declaration.

2013-08-27  Aline Manera  <alinefm@br.ibm.com>

	Add ftp protocol support for cdrom disk
	The ftp protocol is already recognized by qemu/KVM so add this support to
	libvirt as well.
	The xml should be as following:
	     <disk type='network' device='cdrom'>
	       <source protocol='ftp' name='/url/path'>
	         <host name='host.name' port='21'/>
	       </source>
	     </disk>

	Add http protocol support for cdrom disk
	QEMU/KVM already allows a HTTP URL for the cdrom ISO image so add this support
	to libvirt as well.
	The xml should be as following:
	    <disk type='network' device='cdrom'>
	      <source protocol='http' name='/url/path'>
	        <host name='host.name' port='80'/>
	      </source>
	    </disk>

2013-08-27  Ján Tomko  <jtomko@redhat.com>

	Always specify qcow2 compat level on qemu-img command line
	qemu-img is going to switch the default for QCOW2
	to QCOW2v3 (compat=1.1)
	Extend the probing for qemu-img command line options to check
	if -o compat is supported. If the volume definition specifies
	the qcow2 format but no compat level and -o compat is supported,
	specify -o compat=0.10 to create a QCOW2v2 image.
	https://bugzilla.redhat.com/show_bug.cgi?id=997977

2013-08-27  Guannan Ren  <gren@redhat.com>

	virsh: fix return value error of cpu-stats
	virsh cpu-stats guest --start 0 --count 3
	It outputs right but the return value is 1 rather than 0
	echo $?
	1
	Found by running libvirt-autotest
	./run -t libvirt --tests virsh_cpu_stats

2013-08-27  Tomas Meszaros  <exo@tty.sk>

	virsh: C99 style for info_domfstrim and opts_lxc_enter_namespace
	Change info_domfstrim and opts_lxc_enter_namespace initialization style
	to C99.

2013-08-26  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainAttachHostPciDevice: Fall back to mem balloon if there's no hard_limit
	If there's no hard_limit set and domain uses VFIO we still must lock
	the guest memory (prerequisite from qemu). Hence, we should compute
	the amount to be locked from max_balloon.

2013-08-26  Jiri Denemark  <jdenemar@redhat.com>

	qemuhotplugtest: Add tests for virtio SCSI disk hotplug

	qemuhotplugtest: Add tests for USB disk hotplug

	qemuhotplugtest: Add tests for async virtio disk detach

	qemuhotplugtest: Add support for DEVICE_DELETED event

	qemu: Let tests override waiting time for device unplug
	We don't want tests to wait 5 seconds for an event which we know will
	never come.

	qemu: Export qemuProcessHandleDeviceDeleted for tests

	tests: Add support for passing driver to qemu monitor
	The driver is then passed to monitor event handlers.

	tests: Add support for passing vm to qemu monitor
	Some tests need the monitor to operate on an already existing VM object
	rather than on a new mock-up the monitor test normally creates.

	qemuhotplugtest: Add tests for virtio disk hotplug

	qemuxml2argvtest: Add XML for testing device hotplug
	This is a generic XML usable for hotplugging various types of devices.

	qemuhotplugtest: Define QMP_OK for the most common reply

	qemuhotplugtest: Compare domain XML after device hotplug
	We need to make sure a device is properly added/removed (or not) to a
	domain definition to check that a hotplug API did not lie to us.

	qemuhotplugtest: Generate better output
	Each test case label now contains more data useful to identify the test.

	qemu: Move qemuDomainDetachDeviceDiskLive to qemu_hotplug.c

	qemu: Move qemuDomainAttachDeviceDiskLive to qemu_hotplug.c

	qemu: Avoid using global qemu_driver in event handlers
	We will have to pass a mock-up of the driver when testing monitor
	events.

	qemu: Typedef monitor callbacks
	Otherwise defining variables that hold callbacks pointers is ugly and
	several places have to be changed when new parameters are added.

2013-08-26  Ján Tomko  <jtomko@redhat.com>

	Don't free NULL network in cmdNetworkUpdate
	If the network has not been found, virNetworkFree(NULL)
	was called, resulting in an extra error:
	error: invalid network pointer in virNetworkFree
	https://bugzilla.redhat.com/show_bug.cgi?id=1001094

2013-08-26  Jiri Denemark  <jdenemar@redhat.com>

	schema: Allow dots in device aliases
	Commit 01b88127 changed aliases for PCI controller devices to "pcie.0" or
	"pci.%u". Thus device aliases may now contain dots.

2013-08-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't update count of vCPUs if hot-plug fails silently
	When cpu hotplug fails without reporting an error, we would fail the
	command but update the count of vCPUs anyways.
	Commit 761fc481365703b861429d73a341bde352ba8d41 fixed the case when CPU
	hot-unplug failed silently, but forgot to fix up the value in this case.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1000357

2013-08-24  Eric Blake  <eblake@redhat.com>

	tests: skip schema validation tests if xmllint is missing
	On IRC, someone complained that a system without xmllint installed
	failed a number of tests.
	* tests/schematestutils.sh: Probe for xmllint.

2013-08-23  Claudio Bley  <cbley@av-test.de>

	python: simplify complicated conditional assignment

	Test for object identity when checking for None in Python
	Consistently use "is" or "is not" to compare variables to None,
	because doing so is preferrable, as per PEP 8
	(http://www.python.org/dev/peps/pep-0008/#programming-recommendations):
	> Comparisons to singletons like None should always be done with is or
	> is not, never the equality operators.

2013-08-23  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	qemuagenttest.c: Missing documentation (Timeout)
	In tests/qemuagenttest.c, the Timeout test should always be
	called last. Any additional tests should come before this.

2013-08-22  Guido Günther  <agx@sigxcpu.org>

	python: Use RELRO_LDFLAGS and NO_INDIRECT_LDFLAGS
	A readonly GOT and detecting indirect linkage is useful here too.

	Check for --no-copy-dt-needed linker flag
	and use it when available

	Simplify RELRO_LDFLAGS
	by adding it to AM_LDFLAGS instead of every linking rule and
	by avoiding a forked grep.

2013-08-22  Martin Kletzander  <mkletzan@redhat.com>

	tests: Add URI precedence checking
	Commit a0b6a36f is fixing what commit abfff210 broke, so to avoid having
	to deal with this issue again, herec comes "virsh-uriprecedence".

2013-08-22  Daniel P. Berrange  <berrange@redhat.com>

	Set security label on FD for virDomainOpenGraphics
	The virDomainOpenGraphics method accepts a UNIX socket FD from
	the client app. It must set the label on this FD otherwise QEMU
	will be prevented from receiving it with recvmsg.

2013-08-22  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildNicDevStr: Add mq=on for multiqueue networking
	If user requested multiqueue networking, beside multiple /dev/tap and
	/dev/vhost-net openings, we forgot to pass mq=on onto the -device
	virtio-net-pci command line. This is advised at:
	  http://www.linux-kvm.org/page/Multiqueue#Enable_MQ_feature

2013-08-22  John Ferlan  <jferlan@redhat.com>

	docs: Reformat <disk> attribute description in formatdomain
	Reformat the description to more cleanly delineate the attributes
	for a <disk> element.

2013-08-22  Peter Krempa  <pkrempa@redhat.com>

	virBitmapParse: Fix behavior in case of error and fix up callers
	Re-arrange the code so that the returned bitmap is always initialized to
	NULL even on early failures and return an error message as some callers
	are already expecting it. Fix up the rest not to shadow the error.

2013-08-22  Martin Kletzander  <mkletzan@redhat.com>

	Fix URI connect precedence
	Commit abfff210 changed the order of vshParseArgv() and vshInit() in
	order to make fix debugging of parameter parsing.  However, vshInit()
	did a vshReconnect() even though ctl->name wasn't set according to the
	'-c' parameter yet.  In order to keep both issues fixed, I've split
	the vshInit() into vshInitDebug() and vshInit().
	One simple memleak of ctl->name is fixed as a part of this patch,
	since it is related to the issue it's fixing.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=999323

2013-08-22  Doug Goldstein  <cardoe@cardoe.com>

	VMX: Improve disk parse error for unknown values
	Previously the error message showed the following:
	error: internal error: Invalid or not yet handled value 'auto detect'
	for VMX entry 'ide0:0.fileName'
	This left the user unsure if it was a CD-ROM or a disk device that they
	needed to fix. Now the error shows:
	error: internal error: Invalid or not yet handled value 'auto detect'
	for VMX entry 'ide0:0.fileName' for device type 'cdrom-raw'
	Which should hopefully make it easier to see the issue with the VMX
	configuration.

2013-08-22  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bridge driver: implement networkEnableIpForwarding for BSD
	Implement networkEnableIpForwarding() using BSD style sysctl.

	BSD: implement virNetDev(Set|Clear)IPv4Address
	Provide an implementation of virNetDev(Set|Clear)IPv4Address based on
	BSD ifconfig tool in addition to 'ip' from Linux iproute2 package.

2013-08-22  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix libvirtd crash when reconnecting domains
	More fallout from commit d72ef888.  When reconnecting to running
	domains, the libxl_ctx in libxlDomainObjPrivate was used before
	initializing it, causing a segfault in libxl and consequently
	crashing libvirtd.
	Initialize the libxlDomainObjPrivate libxl_ctx in libxlReconnectDomain,
	and while at it use this ctx in libxlReconnectDomain instead of the
	driver-wide ctx.

2013-08-21  Eric Blake  <eblake@redhat.com>

	migration: do not restore labels on failed migration
	https://bugzilla.redhat.com/show_bug.cgi?id=822052
	When doing a live migration, if the destination fails for any
	reason after the point in which files should be labeled, then
	the cleanup of the destination would restore the labels to their
	defaults, even though the source is still trying to continue
	running with the image open.  Bug 822052 mentioned one source
	of live migration failure - a mismatch in SELinux virt_use_nfs
	settings (on for source, off for destination); but I found other
	situations that would also trigger it (for example, having a
	graphics device tied to port 5999 on the source, and a different
	domain on the destination already using that port, so that the
	destination cannot reuse the port).
	In short, just as cleanup of the source on a successful migration
	must not relabel files (because the destination would be crippled
	by the relabel), cleanup of the destination on a failed migration
	must not relabel files (because the source would be crippled).
	* src/qemu/qemu_process.c (qemuProcessStart): Set flag to avoid
	label restoration when cleaning up on failed migration.

2013-08-21  Claudio Bley  <cbley@av-test.de>

	tests: fix building without xattr support
	Only compile securityselinuxhelper.c if xattr support was detected to
	avoid this error:
	securityselinuxhelper.c:34:24: fatal error: attr/xattr.h: No such file
	or directory compilation terminated.
	Since all SELinux tests depend upon the securityselinuxhelper library,
	these test programs are now only build when xattr support is
	available.

2013-08-21  Daniel P. Berrange  <berrange@redhat.com>

	Test handling of non-existent x509 certs
	In commit f905cc998449c89339d0e2894a71d9a9e45293e5 a use of
	uninitialized data was fixed based on a coverity report. It
	turns out it was possible to trigger this issue by pointing
	libvirt at non-existent certificate files, typically causing
	a crash.
	This adds a test case for that scenario. With the above
	commit reverted, this new test case will crash with a SEGV.
	With the fix applied, it passes, reporting a normal libvirt
	error to the caller.

2013-08-21  Osier Yang  <jyang@redhat.com>

	storage: Fix the use-after-free memory bug
	Introduced by commit e0139e30444. virStorageVolDefFree free'ed the
	pointers that are still used by the added volume object, this changes
	it back to VIR_FREE.

	storage: Fix coverity warning
	Introduced by commit e0139e30444:
	1777 	    /* Updating pool metadata */
	(40) Event var_deref_op: Dereferencing null pointer "newvol".
	     Also see events: [assign_zero]
	1778 	    pool->def->allocation += newvol->allocation;
	1779 	    pool->def->available -= newvol->allocation;

2013-08-21  John Ferlan  <jferlan@redhat.com>

	docs: Update iSCSI storage pool example
	Update the iSCSI storage pool example to include the secret

	docs: Update formatsecrets to include more examples of each type
	Update formatsecret docs to describe the various options and provide examples
	in order to set up secrets for each type of secret.

	docs: Update the formatdomain disk examples
	Add more iSCSI examples including having a secret attached. There are 4 new
	examples; one for each way to have an iSCSI - a network disk using virtio,
	a passthrough network lun using scsi, a volume disk using "mode='host'",
	and a volume disk using "mode='direct'"

	Report secret usage error message similarly
	Each of the modules handled reporting error messages from the secret fetching
	slightly differently with respect to the error. Provide a similar message
	for each error case and provide as much data as possible.

2013-08-21  Osier Yang  <jyang@redhat.com>

	qemu_conf: Fix broken logic for adding passthrough iscsi lun
	Following XML would fail :
	    <disk type='network' device='lun'>
	      <driver name='qemu' type='raw'/>
	      <source protocol='iscsi' name='iqn.2013-07.com.example:iscsi/1'>
	        <host name='example.com' port='3260'/>
	      </source>
	      <target dev='sda' bus='scsi'/>
	    </disk>
	With the message:
	error: Failed to start domain iscsilun
	error: Unable to get device ID 'iqn.2013-07.com.example:iscsi/1': No such fi
	Cause was commit id '1f49b05a' which added 'virDomainDiskSourceIsBlockType'

2013-08-21  John Ferlan  <jferlan@redhat.com>

	virsh: Print cephx and iscsi usage
	When using virsh secret-list - if the secret types are cephx or iscsi,
	then allow fetch/print of the usage information. Prior to the change
	the following would print:
	UUID                                 Usage
	-----------------------------------------------------------
	1b40a534-8301-45d5-b1aa-11894ebb1735 Unused
	a5ba3efe-6adf-4a6a-b243-f010a043e314 Unused
	Afterwards:
	UUID                                 Usage
	-----------------------------------------------------------
	1b40a534-8301-45d5-b1aa-11894ebb1735 ceph ceph_example
	a5ba3efe-6adf-4a6a-b243-f010a043e314 iscsi libvirtiscsi

	libxl: Resolve possible NULL dereference
	If we reached cleanup: prior to allocating cpus, it was possible that
	'nr_nodes' had a value, but cpus was NULL leading to a possible NULL
	deref. Add a 'cpus' as an end condition to for loop

2013-08-21  Eric Blake  <eblake@redhat.com>

	selinux: enhance test to cover nfs label failure
	Daniel Berrange (correctly) pointed out that we should do a better
	job of testing selinux labeling fallbacks on NFS disks that lack
	labeling support.
	* tests/securityselinuxhelper.c (includes): Makefile already
	guaranteed xattr support.  Add additional headers.
	(init_syms): New function, borrowing from vircgroupmock.c.
	(setfilecon_raw, getfilecon_raw): Fake NFS failure.
	(statfs): Fake an NFS mount point.
	(security_getenforce, security_get_boolean_active): Don't let host
	environment affect test.
	* tests/securityselinuxlabeldata/nfs.data: New file.
	* tests/securityselinuxlabeldata/nfs.xml: New file.
	* tests/securityselinuxlabeltest.c (testSELinuxCreateDisks)
	(testSELinuxDeleteDisks): Setup and cleanup for fake NFS mount.
	(testSELinuxCheckLabels): Test handling of SELinux NFS denial.
	Fix memory leak.
	(testSELinuxLabeling): Avoid infinite loop on dirty tree.
	(mymain): Add new test.

	selinux: distinguish failure to label from request to avoid label
	https://bugzilla.redhat.com/show_bug.cgi?id=924153
	Commit 904e05a2 (v0.9.9) added a per-<disk> seclabel element with
	an attribute relabel='no' in order to try and minimize the
	impact of shutdown delays when an NFS server disappears.  The idea
	was that if a disk is on NFS and can't be labeled in the first
	place, there is no need to attempt the (no-op) relabel on domain
	shutdown.  Unfortunately, the way this was implemented was by
	modifying the domain XML so that the optimization would survive
	libvirtd restart, but in a way that is indistinguishable from an
	explicit user setting.  Furthermore, once the setting is turned
	on, libvirt avoids attempts at labeling, even for operations like
	snapshot or blockcopy where the chain is being extended or pivoted
	onto non-NFS, where SELinux labeling is once again possible.  As
	a result, it was impossible to do a blockcopy to pivot from an
	NFS image file onto a local file.
	The solution is to separate the semantics of a chain that must
	not be labeled (which the user can set even on persistent domains)
	vs. the optimization of not attempting a relabel on cleanup (a
	live-only annotation), and using only the user's explicit notation
	rather than the optimization as the decision on whether to skip
	a label attempt in the first place.  When upgrading an older
	libvirtd to a newer, an NFS volume will still attempt the relabel;
	but as the avoidance of a relabel was only an optimization, this
	shouldn't cause any problems.
	In the ideal future, libvirt will eventually have XML describing
	EVERY file in the backing chain, with each file having a separate
	<seclabel> element.  At that point, libvirt will be able to track
	more closely which files need a relabel attempt at shutdown.  But
	until we reach that point, the single <seclabel> for the entire
	<disk> chain is treated as a hint - when a chain has only one
	file, then we know it is accurate; but if the chain has more than
	one file, we have to attempt relabel in spite of the attribute,
	in case part of the chain is local and SELinux mattered for that
	portion of the chain.
	* src/conf/domain_conf.h (_virSecurityDeviceLabelDef): Add new
	member.
	* src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML):
	Parse it, for live images only.
	(virSecurityDeviceLabelDefFormat): Output it.
	(virDomainDiskDefParseXML, virDomainChrSourceDefParseXML)
	(virDomainDiskSourceDefFormat, virDomainChrDefFormat)
	(virDomainDiskDefFormat): Pass flags on through.
	* src/security/security_selinux.c
	(virSecuritySELinuxRestoreSecurityImageLabelInt): Honor labelskip
	when possible.
	(virSecuritySELinuxSetSecurityFileLabel): Set labelskip, not
	norelabel, if labeling fails.
	(virSecuritySELinuxSetFileconHelper): Fix indentation.
	* docs/formatdomain.html.in (seclabel): Document new xml.
	* docs/schemas/domaincommon.rng (devSeclabel): Allow it in RNG.
	* tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.xml:
	* tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.args:
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-seclabel-*-labelskip.xml:
	New test files.
	* tests/qemuxml2argvtest.c (mymain): Run the new tests.
	* tests/qemuxml2xmltest.c (mymain): Likewise.

2013-08-20  Peter Krempa  <pkrempa@redhat.com>

	virsh: Don't leak list of volumes when undefining domain with storage
	Use the new semantics of vshStringToArray to avoid leaking the array of
	volumes to be deleted. The array would be leaked in case the first
	volume was found in the domain definition. Also refactor the code a bit
	to sanitize naming of variables hoding arrays and dimensions of the
	arrays.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=996050

	virsh-pool: Improve error message in cmdPoolList
	Explicitly let the user know about the unknown pool type.

	virsh: modify vshStringToArray to duplicate the elements too
	At a slightly larger memory expense allow stealing of items from the
	string array returned from vshStringToArray and turn the result into a
	string list compatible with virStringSplit. This will allow to use the
	common dealloc function.
	This patch also fixes a few forgotten checks of return from
	vshStringToArray and one memory leak.

2013-08-20  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildCommandLine: Fall back to mem balloon if there's no hard_limit
	If there's no hard_limit set and domain uses VFIO we still must lock the
	guest memory (prerequisite from qemu). Hence, we should compute the
	amount to be locked from max_balloon.

	qemuSetupMemoryCgroup: Handle hard_limit properly
	Since 16bcb3 we have a regression. The hard_limit is set
	unconditionally. By default the limit is zero. Hence, if user hasn't
	configured any, we set the zero in cgroup subsystem making the kernel
	kill the corresponding qemu process immediately. The proper fix is to
	set hard_limit iff user has configured any.

	docs: Clean 09adfdc62de2b up

2013-08-20  Eric Blake  <eblake@redhat.com>

	virt-pki-validate: add --help/--version option
	Another program gains --help/--version :)
	* tools/virt-pki-validate.in: Add option parsing.  Update
	documentation to match.
	* tools/Makefile.am (virt-pki-validate): Substitute version.

	virt-xml-validate: add missing schemas
	We were failing to autoprobe which schema to use for several
	top-level XML elements.
	* tools/virt-xml-validate.in (TYPE): Recognize <domainsnapshot>,
	<filter>, and <secret>.

	virt-xml-validate: add --help/--version option
	All good tools should have --help and --version output :)
	Furthermore, we want to ensure a failed exit if xmllint fails,
	or even for 'virt-xml-validate > /dev/full'.
	* tools/virt-xml-validate.in: Add option parsing.  Output errors
	to stderr.  Update documentation to match.
	* tools/Makefile.am (virt-xml-validate): Substitute version.

2013-08-20  Jim Fehlig  <jfehlig@suse.com>

	libxl: implement NUMA capabilities reporting
	From: Dario Faggioli <dario.faggioli@citrix.com>
	Starting from Xen 4.2, libxl has all the bits and pieces in place
	for retrieving an adequate amount of information about the host
	NUMA topology. It is therefore possible, after a bit of shuffling,
	to arrange those information in the way libvirt wants to present
	them to the outside world.
	Therefore, with this patch, the <topology> section of the host
	capabilities is properly populated, when running on Xen, so that
	we can figure out whether or not we're running on a NUMA host,
	and what its characteristics are.
	[raistlin@Zhaman ~]$ sudo virsh --connect xen:/// capabilities
	<capabilities>
	  <host>
	    <cpu>
	    ....
	    <topology>
	      <cells num='2'>
	        <cell id='0'>
	          <memory unit='KiB'>6291456</memory>
	          <cpus num='8'>
	            <cpu id='0' socket_id='1' core_id='0' siblings='0-1'/>
	            <cpu id='1' socket_id='1' core_id='0' siblings='0-1'/>
	            <cpu id='2' socket_id='1' core_id='1' siblings='2-3'/>
	            <cpu id='3' socket_id='1' core_id='1' siblings='2-3'/>
	            <cpu id='4' socket_id='1' core_id='9' siblings='4-5'/>
	            <cpu id='5' socket_id='1' core_id='9' siblings='4-5'/>
	            <cpu id='6' socket_id='1' core_id='10' siblings='6-7'/>
	            <cpu id='7' socket_id='1' core_id='10' siblings='6-7'/>
	          </cpus>
	        </cell>
	        <cell id='1'>
	          <memory unit='KiB'>6881280</memory>
	          <cpus num='8'>
	            <cpu id='8' socket_id='0' core_id='0' siblings='8-9'/>
	            <cpu id='9' socket_id='0' core_id='0' siblings='8-9'/>
	            <cpu id='10' socket_id='0' core_id='1' siblings='10-11'/>
	            <cpu id='11' socket_id='0' core_id='1' siblings='10-11'/>
	            <cpu id='12' socket_id='0' core_id='9' siblings='12-13'/>
	            <cpu id='13' socket_id='0' core_id='9' siblings='12-13'/>
	            <cpu id='14' socket_id='0' core_id='10' siblings='14-15'/>
	            <cpu id='15' socket_id='0' core_id='10' siblings='14-15'/>
	          </cpus>
	        </cell>
	      </cells>
	    </topology>
	  </host>
	  ....

2013-08-19  Peter Krempa  <pkrempa@redhat.com>

	nwfilter: Don't fail to start if DBus isn't available
	When the daemon is compiled with firewalld support but the DBus message
	bus isn't started in the system, the initialization of the nwfilter
	driver fails even if there are fallback options.

	virsystemd: Don't fail to start VM if DBus isn't available or compiled in
	On hosts that don't have the DBus service running or installed the new
	systemd cgroups code failed with hard error instead of falling back to
	"manual" cgroup creation.
	Use the new helper to check for the system bus and use the fallback code
	in case it isn't available.

	virdbus: Add virDBusHasSystemBus()
	Some systems may not use DBus in their system. Add a method to check if
	the system bus is available that doesn't print error messages so that
	code can later check for this condition and use an alternative approach.

	virbitmaptest: Shut coverity up in case of broken test
	Coverity reported a memleak in the test added in 7efd5fd1b02. In case
	the code will be broken and the code will actually parse a faulty bitmap
	the resulting pointer would be leaked. Free it although that shouldn't
	ever happen.

2013-08-19  David Weber  <wb@munzinger.de>

	Make max_clients in virtlockd configurable
	Each new VM requires a new connection from libvirtd to virtlockd.
	The default max clients limit in virtlockd of 20 is thus woefully
	insufficient. virtlockd sockets are only accessible to matching
	users, so there is no security need for such a tight limit. Make
	it configurable and default to 1024.

2013-08-19  Michal Privoznik  <mprivozn@redhat.com>

	docs: Discourage users to set hard_limit
	In one of my previous patches I am removing the hard_limit heuristic to
	guess the correct value if none set. However, it turned out, this limit
	is hard to guess even for users. We should advise them to not set the
	limit as their domains may be OOM killed. Sigh.

	qemu: Drop qemuDomainMemoryLimit
	This function is to guess the correct limit for maximal memory
	usage by qemu for given domain. This can never be guessed
	correctly, not to mention all the pains and sleepless nights this
	code has caused. Once somebody discovers algorithm to solve the
	Halting Problem, we can compute the limit algorithmically. But
	till then, this code should never see the light of the release
	again.

2013-08-19  Osier Yang  <jyang@redhat.com>

	storage: Update pool metadata after adding/removing/resizing volume
	One has to refresh the pool to get the correct pool info after
	adding/removing/resizing a volume, this updates the pool metadata
	(allocation, available) after those operation are done.

2013-08-18  Cole Robinson  <crobinso@redhat.com>

	tools: Make sure to distribute conf_DATA, fix RPM build

2013-08-17  Cole Robinson  <crobinso@redhat.com>

	snapshot_conf: Allow parsing an XML node
	Similar to how other objects arrange their parse APIs. This will be
	used by the test driver.

	test: Unify object XML parsing
	Right now things are split a bit between parsing from a relative file
	path or parsing from inline XML. Unify it. This will simplify upcoming
	bits.

	test: Simplify args passed to testDomainStartState
	Passing virConnectPtr is redundant, just pass testConnPtr and simplify
	certain callers.

	test: Split object parsing into their own functions
	The function that parses custom driver XML was getting pretty unruly,
	split the object parsing into their own functions. Rename some variables
	to be consistent across each function. This should be functionally
	identical.

2013-08-17  Don Dugger  <n0ano@n0ano.com>

	Add flag to BaselineCPU API to return detailed CPU features
	Currently the virConnectBaselineCPU API does not expose the CPU features
	that are part of the CPU's model.  This patch adds a new flag,
	VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES, that causes the API to explicitly
	list all features that are part of that model.

2013-08-17  Eric Blake  <eblake@redhat.com>

	maint: slightly reduce configure size
	Rather than inlining gl_WARN_ADD loads of time, we can shave about
	17k size off of the configure script by delaying it to a cleanup
	shell loop.
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Track a
	list of things to check, rather than inlining multiple checks.

2013-08-17  Jim Fehlig  <jfehlig@suse.com>

	libxl: refactor capabilities code
	Cleanup the libxl capabilities code to be a bit more extensible,
	splitting out the creation of host and guest capabilities.  This
	should make it easier to implement additional capabilities in the
	future, such as NUMA topology reporting.

2013-08-16  Daniel P. Berrange  <berrange@redhat.com>

	Update polkit examples to use 'lookup' method
	Feedback from the polkit developers indicates that the
	"_detail_XXXX" attributes are a private implementation
	detail. Our examples should be recommending use of the
	"action.lookup('XXX')" method instead.

2013-08-16  Peter Krempa  <pkrempa@redhat.com>

	virbitmaptest: Add test for out of bounds condition
	Previous patch fixed an issue where, when parsing a bitmap from the
	string, the bounds of the bitmap weren't checked. That flaw resulted into
	crashes. This test tests that case to avoid it in the future.

	virbitmaptest: Fix function header formatting

	virbitmap: Refactor virBitmapParse to avoid access beyond bounds of array
	The virBitmapParse function was calling virBitmapIsSet() function that
	requires the caller to check the bounds of the bitmap without checking
	them. This resulted into crashes when parsing a bitmap string that was
	exceeding the bounds used as argument.
	This patch refactors the function to use virBitmapSetBit without
	checking if the bit is set (this function does the checks internally)
	and then counts the bits in the bitmap afterwards (instead of keeping
	track while parsing the string).
	This patch also changes the "parse_error" label to a more common
	"error".
	The refactor should also get rid of the need to call sa_assert on the
	returned variable as the callpath should allow coverity to infer the
	possible return values.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=997367
	Thanks to Alex Jia for tracking down the issue. This issue is introduced
	by commit 0fc8909.

	virsh-domain: Fix memleak in cmdCPUBaseline
	https://bugzilla.redhat.com/show_bug.cgi?id=997765
	==1349431== 8 bytes in 1 blocks are definitely lost in loss record 11 of 760
	==1349431==    at 0x4C2A554: calloc (vg_replace_malloc.c:593)
	==1349431==    by 0x4E9AA3E: virAllocN (in /usr/lib64/libvirt.so.0.1001.1)
	==1349431==    by 0x4EF28C4: virXPathNodeSet (in /usr/lib64/libvirt.so.0.1001.1)
	==1349431==    by 0x130B83: cmdCPUBaseline (in /usr/bin/virsh)
	==1349431==    by 0x12C608: vshCommandRun (in /usr/bin/virsh)
	==1349431==    by 0x12889A: main (in /usr/bin/virsh)

2013-08-16  Eric Blake  <eblake@redhat.com>

	maint: update gnulib submodule
	Gnulib recently patched gcc warning detection so that it does
	not treat things like -Wno-unused-command-line-argument as
	supported in gcc (treating it as supported merely resulted in
	extra verbosity when an actual compile error occurred).  It
	has also improved bootstrap to work with less hassle on OpenBSD.
	* .gnulib: Update to latest, in part for bootstrap and warnings
	improvements.
	* bootstrap: Resync from gnulib.

	maint: avoid bootstrap warning
	I noticed that in a fresh checkout, autogen.sh generated the
	following output, but continued on with execution:
	autoreconf: running: automake --add-missing --copy --force-missing
	gnulib/tests/Makefile.am:28: TESTS was already defined in condition TRUE, which includes condition WITH_EXPENSIVE_TESTS ...
	gnulib/tests/gnulib.mk:28: ... `TESTS' previously defined here
	gnulib/tests/Makefile.am:19:   `gnulib/tests/gnulib.mk' included from here
	and after the run, line 28 of gnulib.mk lists GNULIB_TESTS, not TESTS.
	After more investigation, I found that it is because gnulib bootstrap
	provides two hooks, one before automake, and the other after; we used
	the one that ran after, and were then rerunning automake ourselves;
	and the warning was from the first run.  But a manual second run is
	pointless if we use the right hook in the first place.
	The wrong function name has been latent since commit 38c9440, and we
	tried to work around it in commit 6cbab7c, but it took commit 70363ea
	to finally change output enough for me to realize the root cause.
	* bootstrap.conf (bootstrap_epilogue): Rename...
	(bootstrap_post_import_hook): ...so that it gets run before automake.

	maint: fix typo for 'switch'
	* src/util/virnetdevvportprofile.c: Fix typo.
	* src/conf/domain_conf.c: Likewise.

2013-08-16  Jim Fehlig  <jfehlig@suse.com>

	libxl: unref DomainObjPrivate on error path
	There is a potential leak of a newly created libxlDomainObjPrivate
	when subsequent allocation of the object's chrdev field fails.
	Unref the object on such an error so that it is properly disposed.

2013-08-15  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Fix memleak in cmdUndefine with storage
	When undefining a domain with storage when the volume isn't managed by
	libvirt the name and path strings weren't freed properly.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=996050

2013-08-15  Ján Tomko  <jtomko@redhat.com>

	Fix qemuProcessReadLog with non-zero offset
	This restores the error message when QMP probing is not used.
	https://bugzilla.redhat.com/show_bug.cgi?id=991334

2013-08-15  Xuesong Zhang  <xuzhang@redhat.com>

	docs: fix usb node device sub-element names

2013-08-15  Jim Fehlig  <jfehlig@suse.com>

	libxl: remove unnecessary curly braces
	As per HACKING, remove some unneeded curly braces in the
	libxl driver.

2013-08-15  Giuseppe Scrivano  <gscrivan@redhat.com>

	examples: support crash events in event-test.py
	commit 14e7e0ae8db9843aea80245a3d9e6cf5f2ef720d adds the support for
	crash events.
	Solves: https://bugzilla.redhat.com/show_bug.cgi?id=994317

2013-08-14  Peter Krempa  <pkrempa@redhat.com>

	virtio-rng: Remove double space in error message

2013-08-14  Laine Stump  <laine@laine.org>

	network: permit upstream forwarding of unqualified DNS names
	This resolves the issue that prompted the filing of
	  https://bugzilla.redhat.com/show_bug.cgi?id=928638
	(although the request there is for something much larger and more
	general than this patch).
	commit f3868259ca0517212e439a65c9060868f673b6c9 disabled the
	forwarding to upstream DNS servers of unresolved DNS requests for
	names that had no domain, but were just simple host names (no "."
	character anywhere in the name). While this behavior is frowned upon
	by DNS root servers (that's why it was changed in libvirt), it is
	convenient in some cases, and since dnsmasq can be configured to allow
	it, it must not be strictly forbidden.
	This patch restores the old behavior, but since it is usually
	undesirable, restoring it requires specification of a new option in
	the network config. Adding the attribute "forwardPlainNames='yes'" to
	the <dns> elemnt does the trick - when that attribute is added to a
	network config, any simple hostnames that can't be resolved by the
	network's dnsmasq instance will be forwarded to the DNS servers listed
	in the host's /etc/resolv.conf for an attempt at resolution (just as
	any FQDN would be forwarded).
	When that attribute *isn't* specified, unresolved simple names will
	*not* be forwarded to the upstream DNS server - this is the default
	behavior.

2013-08-14  Ruben Kerkhof  <ruben@rubenkerkhof.com>

	virt-login-shell: improve error message grammar
	and wrap some long lines

2013-08-14  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	cpu: Add Power7+ and Power8 CPU definition in map.xml
	Power7+ and Power8 are supported in QEMU, so it needs to define CPUs
	in libvirt to support them.

2013-08-14  Philipp Hahn  <hahn@univention.de>

	doc: storage pool permission copy-paste fix
	The description for <permissions> was copied from the storage volume
	section to the storage pool section, but the semantics are different:
	1. Currently only the "dir", "fs" and "netfs" storage pools use it.
	2. They use it only to build the final directory.
	3. A default for the storage volumes can't be set.

2013-08-13  Guido Günther  <agx@sigxcpu.org>

	Directly link against needed libraries
	The Linux build revealed another missing direct link target, this time
	against selinux libs:
	    http://honk.sigxcpu.org:8001/view/libvirt/job/libvirt-build-debian-sid-amd64/9/console

2013-08-13  Daniel P. Berrange  <berrange@redhat.com>

	Ensure that /dev exists in the container root filesystem
	If booting a container with a root FS that isn't the host's
	root, we must ensure that the /dev mount point exists.

	Properly handle -h / -V for --help/--version aliases in virtlockd/libvirtd
	The virtlockd/libvirtd daemons had listed '?' as the short option
	for --help. getopt_long uses '?' for any unknown option. We want
	to be able to distinguish unknown options (which use EXIT_FAILURE)
	from correct usage of help (which should use EXIT_SUCCESS). Thus
	we should use 'h' as a short option for --help. Also add this to
	the man page docs
	The virtlockd/libvirtd daemons did not list any short option
	for the --version arg. Add -V as a valid short option, since
	-v is already used for --verbose.

	Address missed feedback from review of virt-login-shell
	Address a number of code, style and docs issues identified
	in review of virt-login-shell after it was merged.

	Honour root prefix in lxcContainerMountFSBlockAuto
	The lxcContainerMountFSBlockAuto method can be used to mount the
	initial root filesystem, so it cannot assume a prefix of /.oldroot.

2013-08-13  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Flip logic in cmdSetvcpus
	To avoid having to assign a failure code to the returned variable switch
	this function to negative logic. This will fix issue with invalid number
	of cpus returning success return code.
	https://bugzilla.redhat.com/show_bug.cgi?id=996466

2013-08-13  Eric Blake  <eblake@redhat.com>

	docs: mention VIR_TEST_RANGE
	Commit ab92ae333 added a cool feature, but didn't document it.
	* docs/hacking.html.in: Document debugging a subset of tests.
	* HACKING: Regenerate.

2013-08-13  Martin Kletzander  <mkletzan@redhat.com>

	tests: Fix parallel runs of TLS test suites
	I noticed this yesterday and fixed it in a different way, but ended up
	with one more problem.  It was probably the way I fixed it combined
	with one more filename changed.
	Anyway, why I'm saying this is that one more filename should be renamed
	in order to avoid a race (which I was unable to reproduce, though).
	I checked this is the last file those two tests have in common by going
	through the code and the re-checked by this "script":
	strace -o session.trace -e open ./virnettlssessiontest
	strace -o context.trace -e open ./virnettlscontexttest
	sort \
	 <(sed -n '/^open/s/open("\([^"]*\)",.*$/\1/p' context.trace | sort -u)\
	 <(sed -n '/^open/s/open("\([^"]*\)",.*$/\1/p' session.trace | sort -u)\
	 | uniq -d| grep '.pem$'
	So it should be enough to make these tests independent of each other.

2013-08-13  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	cgroup macros refactoring, part 5
	Complete the refactoring by adding missing stubs so it compiles on
	platform without cgroup support.

	cgroup macros refactoring, part 4
	Complete moving to VIR_CGROUP_SUPPORTED

	cgroup macros refactoring, part 3
	Continue converting to VIR_CGROUP_SUPPORTED

	cgroup macros refactoring, part 2
	- Convert virCgroupGet* to VIR_CGROUP_SUPPORTED
	- Convert virCgroup(Get|Set)FreezerState to VIR_CGROUP_SUPPORTED

	cgroup macros refactoring, part 1
	- Introduce VIR_CGROUP_SUPPORTED conditional
	- Convert virCgroupKill* to use it
	- Convert virCgroupIsolateMount() to use it
	- Convert virCgroupRemoveRecursively to VIR_CGROUP_SUPPORTED

2013-08-13  Eric Blake  <eblake@redhat.com>

	cgroup: functional sort
	Make future patches smaller by matching a sane header listing in
	the first place.  No semantic change.
	* src/util/vircgroup.h: Move free next to new, and controller
	functions next to each other.
	* src/util/vircgroup.c (virCgroupFree, virCgroupHasController)
	(virCgroupPathOfController, virCgroupRemoveRecursively)
	(virCgroupRemove): Sort implementation to be closer to header.

	cgroup: topological sort
	Avoid a forward declaration of a static function.
	* src/util/vircgroup.c (virCgroupPartitionNeedsEscaping)
	(virCgroupParticionEscape): Move up.

	cgroup: use consistent formatting
	Format all functions with two blank lines between, and return type
	on separate line from function name.  Also break some lines longer
	than 80 columns.  This makes the subsequent macro refactoring
	less noisy.
	* src/util/vircgroup.c: Match prevailing style.

2013-08-13  Guido Günther  <agx@sigxcpu.org>

	Directly link against needed libraries
	otherwise having a strict --no-copy-dt-needed-entries fails in several
	places like:
	    CCLD     virdbustest
	    /usr/bin/ld: virdbustest-virdbustest.o: undefined reference to symbol 'dbus_message_unref'
	    /lib/x86_64-linux-gnu/libdbus-1.so.3: error adding symbols: DSO missing from command line
	    collect2: error: ld returned 1 exit status

	Add missing ATTRIBUTE_UNUSED
	to fix the kFreeBSD build.
	The network parameter is unused in networkCheckRouteCollision:
	    http://honk.sigxcpu.org:8001/job/libvirt-build-debian-jessie-kfreebsd64/

	Don't crash in qemuBuildDeviceAddressStr
	qemuDomainAttachVirtioDiskDevice passes NULL as domainDef which is later
	referenced in qemuDomainAttachVirtioDiskDevice:
	 Program terminated with signal 11, Segmentation fault.
	 #0  qemuBuildDeviceAddressStr (buf=buf@entry=0xb646de78, info=info@entry=0xb0a02360, qemuCaps=qemuCaps@entry=0xb8fdfdc8,
	     domainDef=<error reading variable: Unhandled dwarf expression opcode 0xfa>,
	     domainDef=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at qemu/qemu_command.c:2869
	 2869            for (i = 0; i < domainDef->ncontrollers; i++) {
	 (gdb) bt
	 #0  qemuBuildDeviceAddressStr (buf=buf@entry=0xb646de78, info=info@entry=0xb0a02360, qemuCaps=qemuCaps@entry=0xb8fdfdc8,
	     domainDef=<error reading variable: Unhandled dwarf expression opcode 0xfa>,
	     domainDef=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at qemu/qemu_command.c:2869
	 #1  0xb18ad6f8 in qemuBuildDriveDevStr (def=def@entry=0x0, disk=disk@entry=0xb0a02288, bootindex=bootindex@entry=0, qemuCaps=0xb8fdfdc8)
	     at qemu/qemu_command.c:4316
	 #2  0xb18d097f in qemuDomainAttachVirtioDiskDevice (conn=conn@entry=0xb90129a8, driver=driver@entry=0xb8fe29b8, vm=vm@entry=0xb8fe0c40,
	     disk=disk@entry=0xb0a02288) at qemu/qemu_hotplug.c:278
	 #3  0xb193f7ba in qemuDomainAttachDeviceDiskLive (dev=0xb0a35308, vm=0xb8fe0c40, driver=0xb8fe29b8, conn=0xb90129a8) at qemu/qemu_driver.c:6356
	 #4  qemuDomainAttachDeviceLive (dev=0xb0a35308, vm=0xb8fe0c40, dom=<optimized out>) at qemu/qemu_driver.c:6418
	 #5  qemuDomainAttachDeviceFlags (dom=dom@entry=0xb0a020b8,
	     xml=xml@entry=0xb90953f0 "<disk type='file' device='disk'>\n  <source file='/var/lib/jenkins/jobs/libvirt-tck-build/workspace/scratchdir/200-disk-hotplug/extra.img'/>\n  <target dev='vdb' bus='virtio'/>\n</disk>\n", flags=3103664568, flags@entry=1) at qemu/qemu_driver.c:7079
	 #6  0xb193f9cb in qemuDomainAttachDevice (dom=0xb0a020b8,
	     xml=0xb90953f0 "<disk type='file' device='disk'>\n  <source file='/var/lib/jenkins/jobs/libvirt-tck-build/workspace/scratchdir/200-disk-hotplug/extra.img'/>\n  <target dev='vdb' bus='virtio'/>\n</disk>\n") at qemu/qemu_driver.c:7120
	 #7  0xb7244827 in virDomainAttachDevice (domain=domain@entry=0xb0a020b8,
	     xml=0xb90953f0 "<disk type='file' device='disk'>\n  <source file='/var/lib/jenkins/jobs/libvirt-tck-build/workspace/scratchdir/200-disk-hotplug/extra.img'/>\n  <target dev='vdb' bus='virtio'/>\n</disk>\n") at libvirt.c:10912
	 #8  0xb7765ddb in remoteDispatchDomainAttachDevice (args=0xb9094ef0, rerr=0xb646e1f0, client=<optimized out>, server=<optimized out>,
	     msg=<optimized out>) at remote_dispatch.h:2296
	 #9  remoteDispatchDomainAttachDeviceHelper (server=0xb8fba0e8, client=0xb0a00730, msg=0xb0a350b8, rerr=0xb646e1f0, args=0xb9094ef0, ret=0xb9094dc8)
	     at remote_dispatch.h:2274
	 #10 0xb72b1013 in virNetServerProgramDispatchCall (msg=0xb0a350b8, client=0xb0a00730, server=0xb8fba0e8, prog=0xb8fc21c8)
	     at rpc/virnetserverprogram.c:435
	 #11 virNetServerProgramDispatch (prog=0xb8fc21c8, server=server@entry=0xb8fba0e8, client=0xb0a00730, msg=0xb0a350b8) at rpc/virnetserverprogram.c:305
	 #12 0xb72aa167 in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0xb8fba0e8)
	     at rpc/virnetserver.c:165
	 #13 virNetServerHandleJob (jobOpaque=0xb0a0a850, opaque=0xb8fba0e8) at rpc/virnetserver.c:186
	 #14 0xb7189108 in virThreadPoolWorker (opaque=opaque@entry=0xb8fa3250) at util/virthreadpool.c:144
	 #15 0xb71885e5 in virThreadHelper (data=0xb8fa32a8) at util/virthreadpthread.c:161
	 #16 0xb70d6954 in start_thread (arg=0xb646eb70) at pthread_create.c:304
	 #17 0xb704e95e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
	This was found by libvirtt-tck:
	     http://honk.sigxcpu.org:8001/job/libvirt-tck-debian-wheezy-qemu-session/1311/console

2013-08-13  Eric Blake  <eblake@redhat.com>

	virsh: nicer abort of blockcopy
	I attempted 'virsh blockcopy $dom vda $path --wait --verbose', then
	hit Ctrl-C; I was a bit surprised to see this error message:
	Block Copy: [  3 %]error: failed to query job for disk vda
	when I had been expecting:
	Block Copy: [  3 %]
	Copy aborted
	* tools/virsh-domain.c (cmdBlockCopy): Print graceful exit message
	rather than error when ctrl-c interrupts job.

2013-08-13  Peter Krempa  <pkrempa@redhat.com>

	tests: Skip virsh-all test as expensive
	Don't run the blind test of all virsh commands always. It usualy just
	wastes time.

	qemuagenttest: Test timeout of agent commands
	If VIR_TEST_EXPENSIVE is enabled, test timeout of agent commands. This
	test takes 6 seconds to finish.

2013-08-13  Daniel P. Berrange  <berrange@redhat.com>

	Document use of systemd socket activation
	Add to the docs/drvlxc.html.in documentation to describe how to
	configure systemd to auto-activate a container when a client
	connects to a socket

2013-08-13  Eric Blake  <eblake@redhat.com>

	tests: add helper to determine when to skip expensive tests
	The logic set up in previous patch for exposing VIR_TEST_EXPENSIVE
	to individual tests is as follows:
	make check VIR_TEST_EXPENSIVE=0   => getenv("VIR_TEST_EXPENSIVE") sees "0"
	make check VIR_TEST_EXPENSIVE=1   => getenv("VIR_TEST_EXPENSIVE") sees "1"
	make check                        => getenv("VIR_TEST_EXPENSIVE") sees
	either "0" or "1", based on configure options
	cd tests; ./FOOtest               => getenv("VIR_TEST_EXPENSIVE") sees
	whatever is in your environment (usually NULL, but possibly garbage)
	Merely checking if VIR_TEST_EXPENSIVE is set in the environment
	does the wrong thing; likewise, it is unsafe to assume the
	variable will always contain a valid number.
	As such, it helps to have helper functions, instead of making each
	expensive test repeat the probe of the environment.
	* tests/testutils.h (virTestGetExpensive): New prototype.
	* tests/testutils.c (virTestGetExpensive): Implement it.
	* tests/test-lib.sh (very_expensive_): Rename...
	(test_expensive): ...and tweak to use VIR_TEST_EXPENSIVE.

	build: add configure option to disable gnulib tests
	The gnulib testsuite is relatively stable - the only times it is
	likely to have a test change from pass to fail is on a gnulib
	submodule update or a major system change (such as moving from
	Fedora 18 to 19, or other large change to libc).  While it is an
	important test for end users on arbitrary machines (to make sure
	that the portability glue works for their machine), it mostly
	wastes time for development testing (as most developers aren't
	making any of the major changes that would cause gnulib tests
	to alter behavior).  Thus, it pays to make the tests optional
	at configure time, defaulting to off for development, on for
	tarballs, with autobuilders requesting it to be on.  It also
	helps to allow a make-time override, via VIR_TEST_EXPENSIVE=[01]
	(much the way automake sets up V=[01] for overriding the configure
	time default of how verbose to be).
	Automake has some pretty hard-coded magic with regards to the
	TESTS variable; I had quite a job figuring out how to keep
	'make distcheck' passing regardless of the configure option
	setting in use, while still disabling the tests at runtime
	when I did not configure them on and did not use the override
	variable.  Thankfully, we require GNU make, which lets me
	hide some information from Automake's magic handling of TESTS.
	* bootstrap.conf (bootstrap_epilogue): Munge gnulib test variable.
	* configure.ac (--enable-expensive-tests): Add new enable switch.
	(VIR_TEST_EXPENSIVE_DEFAULT, WITH_EXPENSIVE_TESTS): Set new
	witnesses.
	* gnulib/tests/Makefile.am (TESTS): Make tests conditional on
	configure settings and the VIR_TEST_EXPENSIVE variable.
	* tests/Makefile.am (TESTS_ENVIRONMENT): Expose VIR_TEST_EXPENSIVE
	to all tests.
	* autobuild.sh: Enable all tests during autobuilds.
	* libvirt.spec.in (%configure): Likewise.
	* mingw-libvirt.spec.in (%mingw_configure): Likewise.
	* docs/hacking.html.in: Document the option.
	* HACKING: Regenerate.

2013-08-12  Eric Blake  <eblake@redhat.com>

	build: avoid -lgcrypt with newer gnutls
	https://bugzilla.redhat.com/show_bug.cgi?id=951637
	Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
	regarding initialization.  Yet we were unconditionally initializing
	gcrypt even when gnutls wouldn't be using it, and having two crypto
	libraries linked into libvirt.so is pointless, but mostly harmless
	(it doesn't crash, but does interfere with certification efforts).
	There are three distinct version ranges to worry about when
	determining which crypto lib gnutls uses, per these gnutls mails:
	2.12: http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00034.html
	3.0: http://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00035.html
	If pkg-config can prove version numbers and/or list the crypto
	library used for static linking, we have our proof; if not, it
	is safer (even if pointless) to continue to use gcrypt ourselves.
	* configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
	define a witness WITH_GNUTLS_GCRYPT.
	* src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
	(virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
	(virGlobalInit): Honor the witness.
	* libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
	no longer needed in Fedora 19.

2013-08-12  Peter Krempa  <pkrempa@redhat.com>

	qemuagenttest: Test arbitrary command passthrough
	Exercise the arbitrary command passthrough API.

2013-08-12  Ján Tomko  <jtomko@redhat.com>

	Remove leftovers from hyperv spinlocks documentation
	Somehow I managed to leave this monstrosity in.
	Introduced by 800b51d.

2013-08-10  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix libvirtd segfault
	Commit d72ef888 introduced a bug in the libxl driver that will
	segfault libvirtd if libxl reports an error message, e.g. when
	attempting to initialize the driver on a non-Xen system.  I
	assumed it was valid to pass a NULL logger to libxl_ctx_alloc(),
	but that is not the case since any errors associated with the ctx
	that are emitted by libxl will dereference the logger and crash
	libvirtd.
	Errors associated with the libxl driver-wide ctx could be useful
	for debugging anyway, so create a 'libxl-driver.log' to capture
	these errors.

2013-08-10  Daniel P. Berrange  <dan@berrange.com>

	Fix typo in domain name in polkit acl example

2013-08-10  Daniel P. Berrange  <berrange@redhat.com>

	Make check for /dev/loop device names stricter to avoid /dev/loop-control
	Recentish (2011) kernels introduced a new device called /dev/loop-control,
	which causes libvirt's detection of loop devices to get confused
	since it only checks for a prefix of 'loop'. Also check that the
	next character is a digit

	Add documentation for access control system
	This adds two new pages to the website, acl.html describing
	the general access control framework and permissions models,
	and aclpolkit.html describing the use of polkit as an
	access control driver.
	page.xsl is modified to support a new syntax
	  <div id="include" filename="somefile.htmlinc"/>
	which will cause the XSL transform to replace that <div>
	with the contents of 'somefile.htmlinc'. We use this in
	the acl.html.in file, to pull the table of permissions
	for each libvirt object. This table is autogenerated
	from the enums in src/access/viraccessperms.h by the
	genaclperms.pl script.
	newapi.xsl is modified so that the list of permissions
	checks shown against each API will link to the description
	of the permissions in acl.html

	Record the where the auto-generated data comes from
	The gendispatch.pl script puts comments at the top of files
	it creates, saying that it auto-generated them. Also include
	the name of the source data file which it reads when doing
	the auto-generation.

2013-08-10  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: fix node ranges in libxlNodeGetCellsFreeMemory()
	introduced by cs 4b9eec50fe2c23343 ("libxl: implement per
	NUMA node free memory reporting"). What was wrong was that
	libxl_get_numainfo() put in nr_nodes the actual number of
	host NUMA nodes, not the highest node ID (like libnuma's
	numa_max_node() does instead).
	While at it, turn the failure of libxl_get_numainfo() from
	a simple warning to a proper error, as requested during the
	review of another patch of the original series.
	Cc: Daniel P. Berrange <berrange@redhat.com>

2013-08-09  Eric Blake  <eblake@redhat.com>

	build: more workarounds for if_bridge.h
	This is a second attempt at fixing the problem first attempted
	in commit 2df8d99; basically undoing the fact that it was
	reverted in commit 43cee32f, plus fixing two more issues: the
	code in configure.ac has to EXACTLY match virnetdevbridge.c
	with regards to declaring in6 types before using if_bridge.h,
	and the fact that RHEL 5 has even more conflicts:
	In file included from util/virnetdevbridge.c:49:
	/usr/include/linux/in6.h:47: error: conflicting types for 'in6addr_any'
	/usr/include/netinet/in.h:206: error: previous declaration of 'in6addr_any' was here
	/usr/include/linux/in6.h:49: error: conflicting types for 'in6addr_loopback'
	/usr/include/netinet/in.h:207: error: previous declaration of 'in6addr_loopback' was here
	The rest of this commit message borrows from the original try
	of 2df8d99:
	A fresh checkout on a RHEL 6 machine with these packages:
	kernel-headers-2.6.32-405.el6.x86_64
	glibc-2.12-1.128.el6.x86_64
	failed to configure with this message:
	checking for linux/if_bridge.h... no
	configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support
	Digging in config.log, we see that the problem is identical to
	what we fixed earlier in commit d12c2811:
	configure:98831: checking for linux/if_bridge.h
	configure:98853: gcc -std=gnu99 -c -g -O2  conftest.c >&5
	In file included from /usr/include/linux/if_bridge.h:17,
	                 from conftest.c:559:
	/usr/include/linux/in6.h:31: error: redefinition of 'struct in6_addr'
	/usr/include/linux/in6.h:48: error: redefinition of 'struct sockaddr_in6'
	/usr/include/linux/in6.h:56: error: redefinition of 'struct ipv6_mreq'
	configure:98860: $? = 1
	I had not hit it earlier because I was using incremental builds,
	where config.cache had shielded me from the kernel-headers breakage.
	* configure.ac (if_bridge.h): Avoid conflicting type definitions.
	* src/util/virnetdevbridge.c (includes): Also sanitize for RHEL 5.

	tests: test negative number through dbus
	Commit f1088c8 weakened a test, by not passing a value larger
	than INT_MAX through an int slot.  Make the fix in a different
	way, using an explicit negative value.  Suggested by Dan Berrange.
	* tests/virdbustest.c (testMessageArray): Adjust previous fix.
	(testMessageStruct): Use a negative number.

2013-08-09  Jim Fehlig  <jfehlig@suse.com>

	libxl: Create per-domain log file
	Currently, only one log file is created by the libxl driver, with
	all output from libxl for all domains going to this one file.
	Create a per-domain log file based on domain name, making sifting
	through the logs a bit easier.  This required deferring libxl_ctx
	allocation until starting the domain, which is fine since the
	ctx is not used when the domain is inactive.
	    Tested-by: Dario Faggioli <dario.faggioli@citrix.com>

2013-08-09  Daniel P. Berrange  <berrange@redhat.com>

	Add an example config file for virtlockd
	The virtlockd daemon supports an /etc/libvirt/virtlockd.conf
	config file, but we never installed a default config, nor
	created any augeas scripts. This change addresses that omission.

2013-08-09  Eric Blake  <eblake@redhat.com>

	tests: avoid too-large constants
	Compiling with gcc 4.1.2 (RHEL 5) on a 32-bit platform complains:
	virdbustest.c: In function 'testMessageSimple':
	virdbustest.c:61: warning: integer constant is too large for 'long' type
	virdbustest.c:62: warning: integer constant is too large for 'long' type
	virdbustest.c: In function 'testMessageArray':
	virdbustest.c:183: warning: this decimal constant is unsigned only in ISO C90
	virdbustest.c: In function 'testMessageStruct':
	virdbustest.c:239: warning: integer constant is too large for 'long' type
	virdbustest.c:240: warning: integer constant is too large for 'long' type
	* tests/virdbustest.c (testMessageSiple, testMessageArray)
	(testMessageStruct): Don't violate C89 constant constraints.

2013-08-09  Daniel P. Berrange  <berrange@redhat.com>

	Fix double-free and broken logic in virt-login-shell
	The virLoginShellAllowedUser method must not free the 'groups'
	parameter it is given, as that is owned by the caller.
	The virLoginShellAllowedUser method should be checking
	'!*ptr' (ie empty string) rather than '!ptr' (NULL string)
	since the latter cannot be true.

2013-08-09  John Ferlan  <jferlan@redhat.com>

	virnettlscontext: Resolve Coverity warnings (UNINIT)
	Coverity complained about the usage of the uninitialized cacerts in the
	event(s) that "access(certFile, R_OK)" and/or "access(cacertFile, R_OK)"
	fail the for loop used to fill in the certs will have indeterminate data
	as well as the possibility that both failures would result in the
	gnutls_x509_crt_deinit() call having a similar fate.
	Initializing cacerts only would resolve the issue; however, it still
	would leave the indeterminate action, so rather add a parameter to
	the virNetTLSContextLoadCACertListFromFile() to pass the max size rather
	then overloading the returned count parameter. If the the call is never
	made, then we won't go through the for loops referencing the empty
	cacerts

2013-08-09  Daniel P. Berrange  <berrange@redhat.com>

	Add a man page for virtlockd daemon
	Create a virtlockd.pod.in file containing the man page
	content for virtlockd.

	Fix parallel runs of TLS test suites
	Use a separate keyfile name for the two TLS test suites so that
	they don't clash when running tests in parallel

2013-08-09  Alex Jia  <ajia@redhat.com>

	remote: Fix a segfault in remoteDomainCreateWithFlags
	Valgrind defects memory error:
	==16759== 1 errors in context 1 of 8:
	==16759== Invalid free() / delete / delete[] / realloc()
	==16759==    at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==16759==    by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so)
	==16759==    by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31)
	==16759==    by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58)
	==16759==    by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762)
	==16759==    by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so)
	==16759==    by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441)
	==16759==    by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499)
	==16759==    by 0x13127A: cmdStart (virsh-domain.c:3376)
	==16759==    by 0x12BF83: vshCommandRun (virsh.c:1751)
	==16759==    by 0x126FFB: main (virsh.c:3205)
	==16759==  Address 0xe1394a0 is not stack'd, malloc'd or (recently) free'd
	==16759== 1 errors in context 2 of 8:
	==16759== Conditional jump or move depends on uninitialised value(s)
	==16759==    at 0x4A07477: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==16759==    by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so)
	==16759==    by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31)
	==16759==    by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58)
	==16759==    by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762)
	==16759==    by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so)
	==16759==    by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441)
	==16759==    by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499)
	==16759==    by 0x13127A: cmdStart (virsh-domain.c:3376)
	==16759==    by 0x12BF83: vshCommandRun (virsh.c:1751)
	==16759==    by 0x126FFB: main (virsh.c:3205)
	==16759==  Uninitialised value was created by a stack allocation
	==16759==    at 0x4D7F120: remoteDomainCreateWithFlags (remote_driver.c:2423)
	How to reproduce?
	# virsh start <domain> --paused
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=994855

2013-08-09  Eric Blake  <eblake@redhat.com>

	tests: work with older dbus
	On RHEL 5, with dbus 1.1.2, compilation failed with:
	virsystemdmock.c: In function 'dbus_connection_send_with_reply_and_block':
	virsystemdmock.c:68: warning: implicit declaration of function 'dbus_message_set_serial'
	Fix this by instead bypassing all attempts to use a dbus serial.
	* tests/virsystemdmock.c (dbus_message_set_reply_serial): Add new
	override.
	(dbus_connection_send_with_reply_and_block): No longer bother with
	the serial.

2013-08-09  Jim Fehlig  <jfehlig@suse.com>

	build: fix compilation of virt-login-shell.c
	virt-login-shell.c was failing to compile with
	CC       virt_login_shell-virt-login-shell.o
	virt-login-shell.c: In function 'main':
	virt-login-shell.c:205:5: error: implicit declaration of function 'setlocale' [-Werror=implicit-function-declaration]
	virt-login-shell.c:205:5: error: nested extern declaration of 'setlocale' [-Werror=nested-externs]
	virt-login-shell.c:205:20: error: 'LC_ALL' undeclared (first use in this function)

2013-08-09  Giuseppe Scrivano  <gscrivan@redhat.com>

	configure: fix formatting of missing pkg-config modules error
	It adds an empty space after the package version.  Previously the error
	message looked like:
	"You must install the dbus-1 >= 1.0.0pkg-config module to compile libvirt"

2013-08-08  Dan Walsh  <dwalsh@redhat.com>

	Introduce a virt-login-shell binary
	Add a virt-login-shell binary that can be set as a user's
	shell, such that when they login, it causes them to enter
	the LXC container with a name matching their user name.

	Ensure securityfs is mounted readonly in container
	If securityfs is available on the host, we should ensure to
	mount it read-only in the container. This will avoid systemd
	trying to mount it during startup causing SELinux AVCs.

2013-08-08  Eric Farman  <farman@linux.vnet.ibm.com>

	qemu: Allow hotplug of multiple SCSI devices
	Hotplugging a single SCSI device works, but adding additional ones
	result in an error from QEMU:
	[root@gpok197 ~]# virsh attach-device guest01 blah.xml
	Device attached successfully
	[root@gpok197 ~]# virsh attach-device guest01 blah2.xml
	error: Failed to attach device from blah2.xml
	error: internal error unable to execute QEMU command 'device_add': Duplicate ID 'hostdev0' for device
	The hostdev ID that is created is always set to zero, regardless
	of the contents of the XML.  Changing the index in the hotplug case
	to a negative one so the next available index is used.
	Reviewed-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

2013-08-08  Daniel P. Berrange  <berrange@redhat.com>

	Add info about access control checks into API reference
	So that app developers / admins know what access control checks
	are performed for each API, this patch extends the API docs
	generator to include details of the ACLs for each.
	The gendispatch.pl script is extended so that it generates
	a simple XML describing ACL rules, eg.
	  <aclinfo>
	    ...
	    <api name='virConnectNumOfDomains'>
	      <check object='connect' perm='search_domains'/>
	      <filter object='domain' perm='getattr'/>
	    </api>
	    <api name='virDomainAttachDeviceFlags'>
	      <check object='domain' perm='write'/>
	      <check object='domain' perm='save' flags='!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE'/>
	      <check object='domain' perm='save' flags='VIR_DOMAIN_AFFECT_CONFIG'/>
	    </api>
	    ...
	  </aclinfo>
	The newapi.xsl template loads the XML files containing the ACL
	rules and generates a short block of HTML for each API describing
	the parameter checks and return value filters (if any).

	Fix validation of CA certificate chains
	The code added to validate CA certificates did not take into
	account the possibility that the cacert.pem file can contain
	multiple (concatenated) cert data blocks. Extend the code for
	loading CA certs to use the gnutls APIs for loading cert lists.
	Add test cases to check that multi-level trees of certs will
	validate correctly.

	Change data passed into TLS test cases
	Currently a 'struct testTLSCertReq' instance is passed into
	the TLS test cases. This is not flexible enough to cope with
	certificate chains, where one file now corresponds to multiple
	certificates. Change the test cases so that we pass in filenames
	instead.

	Avoid re-generating certs every time
	Currently every test case in the TLS test suite generates the
	certs fresh. This is a waste of time, since its parameters
	don't change across test cases. Create certs once in main
	method.

	Split TLS test into two separate tests
	The virnettlscontexttest.c tests both virNetTLSContext
	and virNetTLSSession functionality. Split into two
	separate tests, to make the code size more manageable

2013-08-08  Eric Blake  <eblake@redhat.com>

	maint: avoid C99 loop declaration
	Commit 3d0e3c1 reintroduced a problem previously squelched in
	commit 7e5aa78.  Add a syntax check this time around.
	util/virutil.c: In function 'virGetGroupList':
	util/virutil.c:1015: error: 'for' loop initial declaration used outside C99 mode
	* cfg.mk (sc_prohibit_loop_var_decl): New rule.
	* src/util/virutil.c (virGetGroupList): Fix offender.

2013-08-07  Eric Blake  <eblake@redhat.com>

	maint: the compiler is not always named gcc
	https://bugzilla.redhat.com/show_bug.cgi?id=994589 complained that
	even when using a cross-compiler not named 'gcc', the configure
	output confusingly referred to gcc.
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Use a
	more generic statement in configure output.

2013-08-07  Ján Tomko  <jtomko@redhat.com>

	Reverse logic allowing partial DHCP host XML
	Before, missing attributes were only OK when adding entries;
	modification and deletion required all of them.
	Now, only deletion works with missing attributes, as long as
	the host is uniquely identified.

2013-08-07  Daniel P. Berrange  <berrange@redhat.com>

	Revert "build: fix configure detection of if_bridge.h on RHEL 6"
	This reverts commit 2df8d99138dc8396c7d46c3cceca8ce2e93b605a.
	The change breaks configure on any recent Fedora platform

2013-08-07  Guannan Ren  <gren@redhat.com>

	qemu: support to drop disk with 'optional' startupPolicy
	Go through disks of guest, if one disk doesn't exist or its backing
	chain is broken, with 'optional' startupPolicy, for CDROM and Floppy
	we only discard its source path definition in xml, for disks we drop
	it from disk list and free it.

	conf: add startupPolicy attribute for harddisk
	Add startupPolicy attribute for harddisk with type "file",
	"block" and "dir". 'requisite' is not supported currently for
	harddisk.

2013-08-07  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Use -m conntrack rather than -m state
	Since iptables version 1.4.16 '-m state --state NEW' is converted to
	'-m conntrack --ctstate NEW'. Therefore, when encountering this or later
	versions of iptables use '-m conntrack --ctstate'.

2013-08-07  Guido Günther  <agx@sigxcpu.org>

	virGetGroupList: always include the primary group
	The change from initgroups to virGetGroupList/setgroups in
	cab36cfe71ba83b71e536ba5c98e596f02b697b0 dropped the primary group from
	processes group list iff the passed in group to virGetGroupList differs
	from the user's primary group.
	So always include the primary group to bring back the old behaviour.
	Debian has the kvm group as primary group but uses
	libvirt-qemu:libvirt-qemu as user:group to run the kvm process so
	without this change the /dev/kvm is inaccessible.

2013-08-07  Eric Blake  <eblake@redhat.com>

	build: fix configure detection of if_bridge.h on RHEL 6
	A fresh checkout on a RHEL 6 machine with these packages:
	kernel-headers-2.6.32-405.el6.x86_64
	glibc-2.12-1.128.el6.x86_64
	failed to configure with this message:
	checking for linux/if_bridge.h... no
	configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support
	Digging in config.log, we see that the problem is identical to
	what we fixed earlier in commit d12c2811:
	configure:98831: checking for linux/if_bridge.h
	configure:98853: gcc -std=gnu99 -c -g -O2  conftest.c >&5
	In file included from /usr/include/linux/if_bridge.h:17,
	                 from conftest.c:559:
	/usr/include/linux/in6.h:31: error: redefinition of 'struct in6_addr'
	/usr/include/linux/in6.h:48: error: redefinition of 'struct sockaddr_in6'
	/usr/include/linux/in6.h:56: error: redefinition of 'struct ipv6_mreq'
	configure:98860: $? = 1
	I had not hit it earlier because I was using incremental builds,
	where config.cache had shielded me from the kernel-headers breakage.
	* configure.ac (if_bridge.h): Avoid conflicting type definitions.

2013-08-07  Stefan Bader  <stefan.bader@canonical.com>

	xen: Use internal interfaces in xenDomainUsedCpus
	Since commit 95e18efd most public interfaces (xenUnified...) obtain
	a virDomainDefPtr via xenGetDomainDefFor...() which take the unified
	lock.
	This is already taken before calling xenDomainUsedCpus(), so we get
	a deadlock for active guests. Avoid this by splitting up
	xenUnifiedDomainGetVcpusFlags() and xenUnifiedDomainGetVcpus() into
	public and private function calls (which get the virDomainDefPtr passed)
	and use those in xenDomainUsedCpus().
	    xenDomainUsedCpus
	      ...
	      nb_vcpu = xenUnifiedDomainGetMaxVcpus(dom);
	        return xenUnifiedDomainGetVcpusFlags(...)
	          ...
	          if (!(def = xenGetDomainDefForDom(dom)))
	            return xenGetDomainDefForUUID(dom->conn, dom->uuid);
	              ...
	              ret = xenHypervisorLookupDomainByUUID(conn, uuid);
	                ...
	                xenUnifiedLock(priv);
	                name = xenStoreDomainGetName(conn, id);
	                xenUnifiedUnlock(priv);
	      ...
	      if ((ncpus = xenUnifiedDomainGetVcpus(dom, cpuinfo, nb_vcpu,
	        ...
	        if (!(def = xenGetDomainDefForDom(dom)))
	          [again like above]

2013-08-07  Laine Stump  <laine@laine.org>

	qemu: improve error reporting during PCI address validation
	This patch addresses two concerns with the error reporting when an
	incompatible PCI address is specified for a device:
	1) It wasn't always apparent which device had the problem. With this
	patch applied, any error about an incompatible address will always
	contain the full address as given in the config, so it will be easier
	to determine which device's config aused the problem.
	2) In some cases when the problem came from bad config, the error
	message was erroneously classified as VIR_ERR_INTERNAL_ERROR. With
	this patch applied, the same error message will be changed to indicate
	either "internal" or "xml" error depending on whether the address came
	from the config, or was automatically generated by libvirt.
	Note that in the case of "internal" (due to bad auto-generation)
	errors, the PCI address won't be of much use in finding the location
	in config to change (because it was automatically generated). Of
	course that makes perfect sense, but still the address could provide a
	clue about a bug in libvirt attempting to use a type of pci bus that
	doesn't have its flags set correctly (or something similar). In other
	words, it's not perfect, but it is definitely better.

	qemu: enable using implicit sata controller in q35 machines
	q35 machines have an implicit ahci (sata) controller at 00:1F.2 which
	has no "id" associated with it. For this reason, we can't refer to it
	as "ahci0". Instead, we don't give an id on the commandline, which
	qemu interprets as "use the first ahci controller". We then need to
	specify the unit with "unit=%d" rather than adding it onto the bus
	arg.

2013-08-06  Michal Privoznik  <mprivozn@redhat.com>

	qemu_migration: Don't error on tunelled migration with --copy-storage
	https://bugzilla.redhat.com/show_bug.cgi?id=979477
	Since 1.0.3 we are using the new way to copy non shared storage during
	migration (the NBD way). However, whether the new or old way is used is
	not controllable by user but unconditionally turned on if both sides of
	migration support it. Moreover, the implementation is not complete: the
	combination for VIR_MIGRATE_TUNNELLED flag is missing (as we need to
	open new port on the destination) in which case we just error out. This
	is a deadly combination: not letting users choose their destiny and
	erroring out. We should not do that but VIR_WARN and turn the NBD off
	instead.

2013-08-06  Laine Stump  <laine@laine.org>

	qemu: properly set/use device alias for pci controllers
	We had been setting the device alias in the devinceinfo for pci
	controllers to "pci%u", but then hardcoding "pci.%u" when creating the
	device address for other devices using that pci bus. This all worked
	just fine until we encountered the built-in "pcie.0" bus (the PCIe
	root complex) in Q35 machines.
	In order to create the correct commandline for this one case, this
	patch:
	1) sets the alias for PCI controllers correctly, to "pci.%u" (or
	"pcie.%u" for the pcie-root controller)
	2) eliminates the hardcoded "pci.%u" for pci controllers when
	generatuing device address strings, and instead uses the controller's
	alias.
	3) plumbs a pointer to the virDomainDef all the way down to
	qemuBuildDeviceAddressStr. This was necessary in order to make the
	aliase of the controller *used by a device* available (previously
	qemuBuildDeviceAddressStr only had the deviceinfo of the device
	itself, *not* of the controller it was connecting to). This made for a
	larger than desired diff, but at least in the future we won't have to
	do it again, since all the information we could possibly ever need for
	future enhancements is in the virDomainDef. (right?)
	This should be done for *all* controllers, but for now we just do it
	in the case of PCI controllers, to reduce the likelyhood of
	regression.

	qemu: fix handling of default/implicit devices for q35
	This patch adds in special handling for a few devices that need to be
	treated differently for q35 domains:
	usb - there is no implicit/default usb controller for the q35
	machinetype. This is done because normally the default usb controller
	is added to a domain by just adding "-usb" to the qemu commandline,
	and it's assumed that this will add a single piix3 usb1 controller at
	slot 1 function 2. That's not what happens when the machinetype is
	q35, though. Instead, adding -usb to the commandline adds 3 usb
	(version 2) controllers to the domain at slot 0x1D.{1,2,7}. Rather
	than having
	  <controller type='usb' index='0'/>
	translate into 3 separate devices on the PCI bus, it's cleaner to not
	automatically add a default usb device; one can always be added
	explicitly if desired. Or we may decide that on q35 machines, 3 usb
	controllers will be automatically added when none is given. But for
	this initial commit, at least we aren't locking ourselves into
	something we later won't want.
	video - qemu always initializes the primary video device immediately
	after any integrated devices for the machinetype. Unless instructed
	otherwise (by using "-device vga..." instead of "-vga" which libvirt
	uses in many cases to work around deficiencies and bugs in various
	qemu versions) qemu will always pick the first unused slot. In the
	case of the "pc" machinetype and its derivatives, this is always slot
	2, but on q35 machinetypes, the first free slot is slot 1 (since the
	q35's integrated peripheral devices are placed in other slots,
	e.g. slot 0x1f). In order to make the PCI address of the video device
	predictable, that slot (1 or 2, depending on machinetype) is reserved
	even when no video device has been specified.
	sata - a q35 machine always has a sata controller implicitly added at
	slot 0x1F, function 2. There is no way to avoid this controller, so we
	always add it. Note that the xml2xml tests for the pcie-root and q35
	cases were changed to use DO_TEST_DIFFERENT() so that we can check for
	the sata controller being automatically added. This is especially
	important because we can't check for it in the xml2argv output (it has
	no effect on that output since it's an implicit device).
	ide - q35 has no ide controllers.
	isa and smbus controllers - these two are always present in a q35 (at
	slot 0x1F functions 0 and 3) but we have no way of modelling them in
	our config. We do need to reserve those functions so that the user
	doesn't attempt to put anything else there though. (note that the "pc"
	machine type also has an ISA controller, which we also ignore).

	qemu: add dmi-to-pci-bridge controller
	This PCI controller, named "dmi-to-pci-bridge" in the libvirt config,
	and implemented with qemu's "i82801b11-bridge" device, connects to a
	PCI Express slot (e.g. one of the slots provided by the pcie-root
	controller, aka "pcie.0" on the qemu commandline), and provides 31
	*non-hot-pluggable* PCI (*not* PCIe) slots, numbered 1-31.
	Any time a machine is defined which has a pcie-root controller
	(i.e. any q35-based machinetype), libvirt will automatically add a
	dmi-to-pci-bridge controller if one doesn't exist, and also add a
	pci-bridge controller. The reasoning here is that any useful domain
	will have either an immediate (startup time) or eventual (subsequent
	hot-plug) need for a standard PCI slot; since the pcie-root controller
	only provides PCIe slots, we need to connect a dmi-to-pci-bridge
	controller to it in order to get a non-hot-plug PCI slot that we can
	then use to connect a pci-bridge - the slots provided by the
	pci-bridge will be both standard PCI and hot-pluggable.
	Since pci-bridge devices themselves can not be hot-plugged into a
	running system (although you can hot-plug other devices into a
	pci-bridge's slots), any new pci-bridge controller that is added can
	(and will) be plugged into the dmi-to-pci-bridge as long as it has
	empty slots available.
	This patch is also changing the qemuxml2xml-pcie test from a "DO_TEST"
	to a "DO_DIFFERENT_TEST". This is so that the "before" xml can omit
	the automatically added dmi-to-pci-bridge and pci-bridge devices, and
	the "after" xml can include it - this way we are testing if libvirt is
	properly adding these devices.

	qemu: add pcie-root controller
	This controller is implicit on q35 machinetypes. It provides 31 PCIe
	(*not* PCI) slots as controller 0.
	Currently there are no devices that can connect to pcie-root, and no
	implicit pci controller on a q35 machine, so q35 is still
	unusable. For a usable q35 system, we need to add a
	"dmi-to-pci-bridge" pci controller, which can connect to pcie-root,
	and provides standard pci slots that can be used to connect other
	devices.

	qemu: enable auto-allocate of all PCI addresses
	Previous refactoring of the guest PCI address reservation/allocation
	code allowed for slot types other than basic PCI (e.g. PCI express,
	non-hotpluggable slots, etc) but would not auto-allocate a slot for a
	device that required any type other than a basic hot-pluggable
	PCI slot.
	This patch refactors the code to be aware of different slot types
	during auto-allocation of addresses as well - as long as there is an
	empty slot of the required type, it will be found and used.
	The piece that *wasn't* added is that we don't auto-create a new PCI
	bus when needed for anything except basic PCI devices. This is because
	there are multiple different types of controllers that can provide,
	for example, a PCI express slot (in addition to the pcie-root
	controller, these can also be found on a "root-port" or on a
	"downstream-switch-port"). Since we currently don't support any PCIe
	devices (except pending support for dmi-to-pci-bridge), we can defer
	any decision on what to do about this.

	build: fix missing max_queued_clients in augeas test file for libvirtd.conf
	Broken in commit 1199edb1d4e3ebbc691bd32d3519a3b662225420

2013-08-06  Jim Fehlig  <jfehlig@suse.com>

	xen: fix memory corruption in legacy driver
	Commit 632180d1 introduced memory corruption in xenDaemonListDefinedDomains
	by starting to populate the names array at index -1, causing all sorts
	of havoc in libvirtd such as aborts like the following
	*** Error in `/usr/sbin/libvirtd': double free or corruption (out): 0x00007fffe00ccf20 ***
	======= Backtrace: =========
	/lib64/libc.so.6(+0x7abf6)[0x7ffff3fa0bf6]
	/lib64/libc.so.6(+0x7b973)[0x7ffff3fa1973]
	/lib64/libc.so.6(xdr_array+0xde)[0x7ffff403cbae]
	/usr/sbin/libvirtd(+0x50251)[0x5555555a4251]
	/lib64/libc.so.6(xdr_free+0x15)[0x7ffff403ccd5]
	/usr/lib64/libvirt.so.0(+0x1fad34)[0x7ffff76b1d34]
	/usr/lib64/libvirt.so.0(virNetServerProgramDispatch+0x1fc)[0x7ffff76b16f1]
	/usr/lib64/libvirt.so.0(+0x1f214a)[0x7ffff76a914a]
	/usr/lib64/libvirt.so.0(+0x1f222d)[0x7ffff76a922d]
	/usr/lib64/libvirt.so.0(+0xbcc4f)[0x7ffff7573c4f]
	/usr/lib64/libvirt.so.0(+0xbc5e5)[0x7ffff75735e5]
	/lib64/libpthread.so.0(+0x7e0f)[0x7ffff48f7e0f]
	/lib64/libc.so.6(clone+0x6d)[0x7ffff400e7dd]
	Fix by initializing ret to 0 and only setting to error on failure path.

2013-08-05  Michal Privoznik  <mprivozn@redhat.com>

	Introduce max_queued_clients
	This configuration knob lets user to set the length of queue of
	connection requests waiting to be accept()-ed by the daemon. IOW, it
	just controls the @backlog passed to listen:
	  int listen(int sockfd, int backlog);

	RPC: Don't accept client if it would overcommit max_clients
	Currently, even if max_client limit is hit, we accept() incoming
	connection request, but close it immediately. This has disadvantage of
	not using listen() queue. We should accept() only those clients we
	know we can serve and let all other wait in the (limited) queue.

2013-08-04  Laine Stump  <laine@laine.org>

	qemu: eliminate almost-duplicate code in qemu_command.c
	* The functions qemuDomainPCIAddressReserveAddr and
	qemuDomainPCIAddressReserveSlot were very similar (and should have
	been more similar) and were about to get more code added to them which
	would create even more duplicated code, so this patch gives
	qemuDomainPCIAddressReserveAddr a "reserveEntireSlot" arg, then
	replaces the body of qemuDomainPCIAddressReserveSlot with a call to
	qemuDomainPCIAddressReserveAddr.
	You will notice that addrs->lastaddr was previously set in
	qemuDomainPCIAddressReserveAddr (but *not* set in
	qemuDomainPCIAddressReserveSlot). For consistency and cleanliness of
	code, that bit was removed and put into the one caller of
	qemuDomainPCIAddressReserveAddr (there is a similar place where the
	caller of qemuDomainPCIAddressReserveSlot sets lastaddr). This does
	guarantee identical functionality to pre-patch code, but in practice
	isn't really critical, because lastaddr is just keeping track of where
	to start when looking for a free slot - if it isn't updated, we will
	just start looking on a slot that's already occupied, then skip up to
	one that isn't.
	* qemuCollectPCIAddress was essentially doing the same thing as
	qemuDomainPCIAddressReserveAddr, but with some extra special case
	checking at the beginning. The duplicate code has been replaced with
	a call to qemuDomainPCIAddressReserveAddr. This required adding a
	"fromConfig" boolean, which is only used to change the log error
	code from VIR_ERR_INTERNAL_ERROR (when the address was
	auto-generated by libvirt) to VIR_ERR_XML_ERROR (when the address is
	coming from the config); without this differentiation, it would be
	difficult to tell if an error was caused by something wrong in
	libvirt's auto-allocate code or just bad config.
	* the bit of code in qemuDomainPCIAddressValidate that checks the
	connect type flags is going to be used in a couple more places where
	we don't need to also check the slot limits (because we're generating
	the slot number ourselves), so that has been pulled out into a
	separate qemuDomainPCIAddressFlagsCompatible function.

	qemu: rename some functions in qemu_command.c
	* qemuDomainPCIAddressSetNextAddr
	The name of this function was confusing because 1) other functions in
	the file that end in "Addr" are only operating on a single function of
	one PCI slot, not the entire slot, while functions that do something
	with the entire slot end in "Slot", and 2) it didn't contain a verb
	describing what it is doing (the "Set" refers to the set that contains
	all PCI buses in the system, used to keep track of which slots in
	which buses are already reserved for use).
	It is now renamed to qemuDomainPCIAddressReserveNextSlot, which more
	clearly describes what it is doing. Arguably, it could have been
	changed to qemuDomainPCIAddressSetReserveNextSlot, but 1) the word
	"set" is confusing in this context because it could be intended as a
	verb or as a noun, and 2) most other functions that operate on a
	single slot or address within this set are also named
	qemuDomainPCIAddress... rather than qemuDomainPCIAddressSet... Only
	the Create, Free, and Grow functions for an address set (which modify the
	entire set, not just one element) use "Set" in their name.
	* qemuPCIAddressAsString, qemuPCIAddressValidate
	All the other functions in this set are named
	qemuDomainPCIAddressxxxxx, so I renamed these to be consistent.

	conf: add default USB controller in qemu post-parse callback
	The parser shouldn't be doing arch-specific things like adding in
	implicit controllers to the config. This should instead be done in the
	hypervisor's post-parse callback.
	This patch removes the auto-add of a usb controller from the domain
	parser, and puts it into the qemu driver's post-parse callback (just
	as is already done with the auto-add of the pci-root controller). In
	the future, any machine/arch that shouldn't have a default usb
	controller added should just set addDefaultUSB = false in this
	function.
	We've recently seen that q35 and ARMV7L domains shouldn't get a default USB
	controller, so I've set addDefaultUSB to false for both of those.

2013-08-02  Jiri Denemark  <jdenemar@redhat.com>

	spec: Explicitly claim ownership of channel subdir
	As both /var/lib/libvirt/qemu and /var/lib/libvirt/qemu/channel/target
	are owned by us, the intermediate /var/lib/libvirt/qemu/channel should
	be owned by us too.

2013-08-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix crashing upgrading from older libvirts with running guests
	If upgrading from a libvirt that is older than 1.0.5, we can
	not assume that vm->def->resource is non-NULL. This bogus
	assumption caused libvirtd to crash

	Avoid crash if NULL is passed for filename/funcname in logging
	The journald code would crash if a NULL was passed for the
	filename / funcname in the logging code. This shouldn't
	happen in general, but it is better to be safe, since there
	have been bugs triggering this.

	Ensure LXC/QEMU APIs set the filename for errors
	The virLibConnError macros in libvirt-lxc.c and
	libvirt-qemu.c were passing NULL for the filename.
	This causes a crash if the logging code is configured
	to use journald.

	Remove reference to python/tests from RPM %doc
	The python/tests files were recently deleted, but a reference was
	left in the RPM %doc entry

2013-08-02  Peter Krempa  <pkrempa@redhat.com>

	qemumonitortestutils: Don't skip va_end() on error path
	When allocation of memory failed the error path didn't call va_end()
	causing a coverity failure.
	Reported by John Ferlan.

	qemuagenttest: Check invalid response in shutdown test
	The shutdown test utilizes waiting for condition to exit the test. This
	addition will return an error for the shutdown command to see if the
	condition waiting code will not hang.

	qemuagenttest: Fix checking of shutdown mode
	Coverity complained about unused variable that contains the shutdown
	mode. The original intention was to check it against the requested mode.
	Also the fixed check revealed a mistake in the expected shutdown mode.
	Reported by John Ferlan.

2013-08-02  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bridge driver: extract platform specifics
	* Move platform specific things (e.g. firewalling and route
	  collision checks) into bridge_driver_platform
	* Create two platform specific implementations:
	    - bridge_driver_linux: Linux implementation using iptables,
	      it's actually the code moved from bridge_driver.c
	    - bridge_driver_nop: dumb implementation that does nothing

2013-08-02  John Ferlan  <jferlan@redhat.com>

	valgrind: Adjust filter for _dl_allocate_tls
	More tests are now using the path - adjust the filter to include any
	path from a test through pthread_create to _dl_allocate_tls

	tests: Coverity found new NULL_RETURNS
	Coverity reported the existing missing check of the return value and
	subsequent use from a call to virJSONValueFromString() in testJSONAddRemove().

2013-08-02  Jincheng Miao  <jmiao@redhat.com>

	build: fix qemuagenttest build with -O0 in fedora 19.
	When building libvirt with -O0 flag in fedora 19, it will fail to
	generate qemuagenttest, a link error occurs like:
	./.libs/libqemumonitortestutils.a(qemumonitortestutils.o): In function `qemuMonitorTestFree':
	libvirt/tests/qemumonitortestutils.c:346: undefined reference to `qemuMonitorClose'
	./.libs/libqemumonitortestutils.a(qemumonitortestutils.o): In function `qemuMonitorTestNew':
	libvirt/tests/qemumonitortestutils.c:870: undefined reference to `qemuMonitorOpen'
	collect2: error: ld returned 1 exit status
	Fix it by listing libraries in the correct order to avoid lazy linkage.

2013-08-01  Eric Blake  <eblake@redhat.com>

	maint: use modern autoconf idioms
	Autoconf 2.59 says that AC_OUTPUT with arguments is obsolete,
	and we are already using the replacement for some, but not all,
	of our output files.
	* configure.ac (AC_OUTPUT): Rewrite to use AC_CONFIG_FILES.

2013-08-01  Guannan Ren  <gren@redhat.com>

	qemu: check presence of each disk and its backing file as well
	For disk with startupPolicy support, such as cdrom and floppy
	when its chain is broken, the startup policy will apply,
	otherwise, report an error.

	qemu: add helper functions for diskchain checking
	*src/util/virstoragefile.c: Add a helper function to get
	the first name of missing backing files, if the name is NULL,
	it means the diskchain is not broken.
	*src/qemu/qemu_domain.c: qemuDiskChainCheckBroken(disk) to
	check if its chain is broken

	qemu: refactor qemuDomainCheckDiskPresence for only disk presence check
	Refactor this function to make it focus on disk presence checking,
	including diskchain checking, and not only for CDROM and Floppy.
	This change is good for the following patches.

2013-08-01  Mooli Tayer  <mtayer@redhat.com>

	Configuring systemd to restart libvirt on failure
	This will create a respawn behaviour in case libvirt
	process exits due to nonzero exit code, is terminated
	by a signal, an operation times out or the configured
	watchdog timeout is triggered.
	see http://www.freedesktop.org/software/systemd/man/systemd.service.html
	and https://bugzilla.redhat.com/show_bug.cgi?id=981974

2013-08-01  Stefan Bader  <stefan.bader@canonical.com>

	xen: Avoid double free of virDomainDef in xenDaemonCreateXML
	The virDomainDef is allocated by the caller and also used after
	calling to xenDaemonCreateXML. So it must not get freed by the
	callee.

2013-08-01  Daniel P. Berrange  <berrange@redhat.com>

	Enable support for systemd-machined in cgroups creation
	Make the virCgroupNewMachine method try to use systemd-machined
	first. If that fails, then fallback to using the traditional
	cgroup setup code path.

	Cope with races while killing processes
	When systemd is involved in managing processes, it may start
	killing off & tearing down croups associated with the process
	while we're still doing virCgroupKillPainfully. We must
	explicitly check for ENOENT and treat it as if we had finished
	killing processes

	Add support for systemd cgroup mount
	Systemd uses a named cgroup mount for tracking processes. Add
	it as another type of controller, albeit one which we have to
	special case in a number of places. In particular we must
	never create/delete directories there, nor add tasks. Essentially
	the systemd mount is to be considered read-only for libvirt.
	With this change both the virCgroupDetectPlacement and
	virCgroupCopyPlacement methods must be invoked. The copy
	placement method will copy setup for resource controllers
	only. The detect placement method will probe for any
	named controllers, or resource controllers not already
	setup.

	Add APIs for formatting systemd slice/scope names
	There are some interesting escaping rules to consider when dealing
	with systemd slice/scope names. Thus it is helpful to have APIs
	for formatting names

2013-07-31  Peter Krempa  <pkrempa@redhat.com>

	qemuagenttest: Add tests for CPU plug functions and helpers

	qemuagenttest: Introduce testing of shutdown commands
	This patch exports a few utility functions and adds testing of shutdown
	commands of the guest agent.

	qemuagenttest: Add testing of agent suspend modes

	qemuagenttest: Test the filesystem trimming

	tests: Add qemuagenttest
	Add a basic test framework with two simple tests to test guest agent
	interaction.

	qemumonitortestutils: Add the ability to check arguments of commands
	This patch adds helpers that allow to check for argument values in
	commands sent to the monitor.

	qemumonitortestutils: Improve error reporting from mock qemu monitor
	Use the JSON error messages to report errors back to the caller in
	addition to erroring out. The error reported from the event loop from
	the mock function of the monitor was later overwritten by the call to
	the monitor/agent interaction API. This will also allow testing of error
	reporting.

	qemumonitortestutils: Add instrumentation for guest agent testing
	Add helper functions to open guest agent connections and a handler for
	replying to the "guest-sync" command.

	qemumonitortestutils: Split lines on \n instead of \r\n
	The normal monitor uses windows line endings, where the agent monitor
	uses only newlines. Change this to tolerate both approaches and allow to
	use the utilities for guest agent tests.

	qemumonitortestutils: Refactor the test helpers to allow reuse
	Refactor the test helpers to allow adding callbacks to verify the
	monitor responses instead of simple command name checking and clean up
	various parts to prepare for adding guest agent tests.

	qemumonitortestutils: Split up creation of the test to allow reuse
	The instrumentation for the monitor test can be hacked for qemu agent
	testing. Split out the monitor specific stuff to allow using the code in
	guest agent tests in the future.

	qemumonitortestutils: Don't crash on non fully initialized test
	The qemumonitorjsontest crashed when one of the initialization steps
	done before starting the worker thread failed. This patch fixes this by
	trying to pthread_join() the thread only after it was created.

	qemumonitortestutils: remove multiline function calls

	qemumonitortestutils: Use VIR_DELETE_ELEMENT and VIR_APPEND_ELEMENT
	Simplify the code using the existing helpers instead of open coding the
	same functionality.

	qemumonitortestutils: Use consistent header style and line spacing

	qemu_agent: Remove obvious comments
	Most APIs in libvirt report errors, thus no need to state that
	explicitly.

	qemu_agent: Move updater function for VCPU hotplug into qemu_agent.c
	To allow testing of the cpu updater function, this function needs to be
	available separately. Export it from qemu_agent.c where it should
	belong.

	qemu_agent: Output newline at the end of the sync JSON message
	Although this isn't apparently needed for the guest agent itself, the
	test I will be adding later depends on the newline as a separator of
	messages to process.

	conf: Export virDomainChrSourceDefClear()

2013-07-31  Ján Tomko  <jtomko@redhat.com>

	Don't mark parentIndex with ATTRIBUTE_UNUSED
	parentIndex is used in virNetworkDefUpdateIPDHCPRange

2013-07-31  Bamvor Jian Zhang  <bjzhang@suse.com>

	add console support in libxl
	this patch introduce the console api in libxl driver for both pv and
	hvm guest.  and import and update the libxlMakeChrdevStr function
	which was deleted in commit dfa1e1dd.

2013-07-31  Dan Walsh  <dwalsh@redhat.com>

	util: add virGetUserDirectoryByUID
	This function is needed for virt-login-shell.  Also modify virGirUserDirectory
	to use the new function, to simplify the code.

2013-07-31  Eric Blake  <eblake@redhat.com>

	maint: fix typo for SENTINEL
	* src/openvz/openvz_driver.c: Use correct spelling.
	* src/vmware/vmware_conf.c: Likewise.
	* src/vmware/vmware_conf.h: Likewise.
	* src/vmware/vmware_driver.c: Likewise.

2013-07-30  Jiri Denemark  <jdenemar@redhat.com>

	spec: Don't mix commands with macro definitions
	%build section should first define all required macros and then run
	commands. Interleaving them makes it harder to spot what commands are
	run.

	spec: Use --enable-werror on RHEL
	As RHEL provides a stable tool chain, we don't have to worry about
	frequent changes in reported compiler warnings (which prevents us from
	enabling -Werror unconditionally).

	spec: RHEL-7 does not have sanlock on i686

2013-07-30  Peter Krempa  <pkrempa@redhat.com>

	spec: Disable libssh2 support for RHEL
	https://bugzilla.redhat.com/show_bug.cgi?id=905513
	Libssh2 isn't reliable enough to support the libvirt transport using it.
	The problems include mishandling of "known_hosts" files that may confuse
	users.

2013-07-30  Jiri Denemark  <jdenemar@redhat.com>

	tests: Put a mock library at the start of LD_PRELOAD
	This fixes vircgrouptest when run in a sandbox which already overrides
	open() and others.

2013-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Support apparmor in RPM spec
	If libapparmor-devel happens to be installed when building the
	RPM, it will failed due to unlisted virt-aa-helper in %files.
	Add support for apparmor in the spec, so that we can explicitly
	turn it on/off, defaulting to off in all distros. This causes
	--without-apparmor to be given to configure, preventing the
	build failures if the user happens to have libapparmor-devel
	present.

	Delete obsolete / unused python test files
	The python/tests directory contains a number of so called
	"tests" for the python API. These are all hardcoded to
	look for Xen and cannot be run in any automated fashion,
	and no one is ever manually running them. Given that they
	don't meaningully contribute to the test coverage, delete
	them.
	For some reason these tests were also copied into the
	filesystem as part of 'make install'. The change to the
	RPM in commit 3347a4203278ec93d7b0ceb88b5ed10e4f14765c
	caused a build failure, since it removed the code which
	deleted these installed tests.

2013-07-30  Yuri Chornoivan  <yurchor@ukr.net>

	Fix minor typos in messages and docs

2013-07-30  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.1.1
	* configure.ac docs/news.html.in: update for the release
	* po/*.po*: update localizations and regenerate

2013-07-30  Eric Blake  <eblake@redhat.com>

	build: fix shunloadtest breakage
	Commit 93ec384 was tested on mingw, but broke the build on Linux:
	  CCLD     shunloadtest
	shunloadtest.o: In function `main':
	/home/eblake/libvirt/tests/shunloadtest.c:106: undefined reference to `virFilePrintf'
	...
	ssh.o: In function `main':
	/home/eblake/libvirt/tests/ssh.c:43: undefined reference to `virFilePrintf'
	/home/eblake/libvirt/tests/ssh.c:49: undefined reference to `virFilePrintf'
	* tests/testutils.h (fprintf): Provide escape hatch.
	* tests/shunloadtest.c: Use it.
	* tests/ssh.c: Likewise.

	examples: fix mingw build vs. printf
	Mingw *printf is a moving target; newer mingw now provides a version
	of asprintf() that fails to understand %lld:
	  CC       event_test-event-test.o
	../../../../examples/domain-events/events-c/event-test.c: In function 'myDomainEventRTCChangeCallback':
	../../../../examples/domain-events/events-c/event-test.c:270:18: error: unknown conversion type character 'l' in format [-Werror=format=]
	                  virDomainGetID(dom), offset) < 0)
	                  ^
	But since our examples already admitted that they were hacking around
	a mingw deficiency, it is easier to just use printf() directly, coupled
	with <inttypes.h> macros, for a more portable work-around.
	* examples/domain-events/events-c/event-test.c
	(myDomainEventRTCChangeCallback): Use PRIdMAX instead of asprintf.

	tests: consistently use virFilePrintf
	Commit a2619962 introduced virFilePrintf to work around the fact
	that gnulib doesn't (yet) provide guarantees about fprintf() vs.
	%z, which in turn causes all sorts of mingw compilation errors:
	../../tests/testutils.c: In function 'virtTestResult':
	../../tests/testutils.c:101:9: error: unknown conversion type character 'z' in format [-Werror=format=]
	         fprintf(stderr, "%3zu) %-60s ", testCounter, name);
	         ^
	Rather than s/fprintf/virFilePrintf/ (and reformatting loads of
	lines) across multiple files, it's easier to just hack the entire
	testsuite to take advantage of our helper function.
	* tests/testutils.c: s/fprintf/virFilePrintf/ for mingw.

	build: skip systemd mock on non-Linux
	A cross-compile to mingw failed:
	  CC       virsystemdmock_la-virsystemdmock.lo
	../../tests/virsystemdmock.c:29:6: error: 'dbus_connection_set_change_sigpipe' redeclared without dllimport attribute: previous dllimport ignored [-Werror=attributes]
	 void dbus_connection_set_change_sigpipe(dbus_bool_t will_modify_sigpipe ATTRIBUTE_UNUSED)
	      ^
	But when you think about it, systemd is Linux-only, and even our
	use of LD_PRELOAD to provide mock syscalls is Linux-only.
	* tests/virsystemdmock.c: Avoid compilation outside Linux.

2013-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Rename VIR_DOMAIN_PAUSED_GUEST_PANICKED to VIR_DOMAIN_PAUSED_CRASHED
	The VIR_DOMAIN_PAUSED_GUEST_PANICKED constant is badly named,
	leaking the QEMU event name. Elsewhere in the API we use
	'CRASHED' rather than 'PANICKED', and the addition of 'GUEST'
	is redundant since all events are guest related.
	Thus rename it to VIR_DOMAIN_PAUSED_CRASHED, which matches
	with VIR_DOMAIN_RUNNING_CRASHED and VIR_DOMAIN_EVENT_CRASHED.
	It was added in commit 14e7e0ae8db9843aea80245a3d9e6cf5f2ef720d
	which post-dates v1.1.0, so is safe to rename before 1.1.1

	Remove VIR_DOMAIN_SHUTDOWN_CRASHED from public API
	The VIR_DOMAIN_SHUTDOWN_CRASHED state constant does not appear
	to be used in the QEMU code anyway. It also doesn't make much
	(any) sense, since the 'shutdown' state is a transient state
	between 'running' and 'shutoff' and when a guest crashes, it
	does not end up in a 'shutdown' state, only 'shutoff'.
	It was added in commit 14e7e0ae8db9843aea80245a3d9e6cf5f2ef720d
	which post-dates v1.1.0, so is safe to remove before 1.1.1

	Fix dbus message reading code on big endian hosts
	The way we were casting small (<32bit) integers was broken
	on big endian hosts, causing stack smashing. This was detected
	in the test suite either by test failures due to incorrect
	results, or by libc/gcc abort'ing with its stack canary
	triggered.

2013-07-30  Jiri Denemark  <jdenemar@redhat.com>

	spec: Cat test-suite.log if make check fails
	Current automake enables parallel test by default, which means test
	details are only logged in test-suite.log and not printed to stderr.
	This patch makes test failures directly visible in RPM build logs even
	when parallel tests are turned on.

2013-07-29  Eric Blake  <eblake@redhat.com>

	build: fix another virdbus issue on mingw
	Depending on the set of mingw packages installed, it is possible
	that other .c files hit the mingw header pollution from the
	virdbus.h file.
	In file included from ../../src/rpc/virnetserver.c:39:0:
	../../src/util/virdbus.h:41:35: error: expected ';', ',' or ')' before 'struct'
	                       const char *interface,
	                                   ^
	* src/util/virdbus.h (virDBusCallMethod): Match .c file change.

	build: fix virutil build on mingw
	On platforms without decent group support, the build failed:
	Cannot export virGetGroupList: symbol not defined
	./.libs/libvirt_security_manager.a(libvirt_security_manager_la-security_dac.o): In function `virSecurityDACPreFork':
	/home/eblake/libvirt-tmp/build/src/../../src/security/security_dac.c:248: undefined reference to `virGetGroupList'
	collect2: error: ld returned 1 exit status
	* src/util/virutil.c (virGetGroupList): Provide dummy implementation.

	build: fix virthread build on mingw
	Our recent conversion to make VIR_ALLOC report oom wasn't
	tested on mingw:
	In file included from ../../src/util/virthread.c:29:0:
	../../src/util/virthreadwin32.c: In function 'virCondWait':
	../../src/util/virthreadwin32.c:166:81: error: 'VIR_FROM_THIS' undeclared (first use in this function)
	     if (VIR_REALLOC_N(c->waiters, c->nwaiters + 1) < 0) {
	                                                                                 ^
	* src/util/virthreadwin32.c (VIR_FROM_THIS): Define.

	build: fix virdbus build on mingw
	Mingw headers pollute the namespace.
	  CC       libvirt_util_la-virdbus.lo
	../../src/util/virdbus.c:1102:35: error: expected ';', ',' or ')' before 'struct'
	                       const char *interface,
	                                   ^
	* src/util/virdbus.c (virDBusCallMethod): Avoid 'interface'.

	build: fix vircgroup build on mingw
	The previous patch was incomplete.
	  CC       libvirt_util_la-vircgroup.lo
	../../src/util/vircgroup.c:70:12: error: 'virCgroupPartitionEscape' declared 'static' but never defined [-Werror=unused-function]
	 static int virCgroupPartitionEscape(char **path);
	            ^
	* src/util/vircgroup.c (virCgroupPartitionEscape): Move forward
	declaration inside conditional.

2013-07-29  Daniel P. Berrange  <berrange@redhat.com>

	Conditionalize build of virCgroupValidateMachineGroup
	The virCgroupValidateMachineGroup method calls some functions
	which are only conditionally compiled, thus it too must be
	made conditional. This fixes the build on non-Linux hosts.

2013-07-29  Eric Blake  <eblake@redhat.com>

	build: fix VPATH 'make check'
	A VPATH build 'make check' was failing with:
	  GEN      check-driverimpls
	Can't open ../../src/../../src/lxc/lxc_monitor_protocol.h: No such file or directory at ../../src/check-driverimpls.pl line 29, <> line 27153.
	Can't open ../../src/../../src/lxc/lxc_monitor_protocol.c: No such file or directory at ../../src/check-driverimpls.pl line 29, <> line 27153.
	...
	  GEN      check-aclrules
	cannot read ../../src/../../src/remote/remote_protocol.x at ../../src/check-aclrules.pl line 128.
	because $(srcdir) was being prepended to file names that already
	included it.
	* src/Makefile.am (check-driverimpls): Don't add srcdir twice.

2013-07-29  Cole Robinson  <crobinso@redhat.com>

	python: Drop TODO
	File hasn't been really touched for 7 years. And with recent rawhide
	changes it contributed to an RPM build failure. Let's drop it.
	This also removes installation of a libvirt-python doc dir, so drop
	handling of it from the RPM spec.

2013-07-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix probing of legacy Xen driver to not leave URI set
	When the legacy Xen driver probes with a NULL URI, and
	finds itself running on Xen, it will set conn->uri. A
	little bit later though it checks to see if libxl support
	exists, and if so declines the driver. This leaves the
	conn->uri set to 'xen:///', so if libxl also declines
	it, it prevents probing of the QEMU driver.
	Once a driver has set the conn->uri, it must *never*
	decline an open request. So we must move the libxl
	check earlier

2013-07-29  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	cpu: Fix one compile error for PPC.
	CPU data structure is refined, which causes one compile error for PPC.

2013-07-29  Guannan Ren  <gren@redhat.com>

	caps: use -device for primary video when qemu >=1.6
	https://bugzilla.redhat.com/show_bug.cgi?id=981094
	The commit 0ad9025ef introduce qemu flag QEMU_CAPS_DEVICE_VIDEO_PRIMARY
	for using -device VGA, -device cirrus-vga, -device vmware-svga and
	-device qxl-vga. In use, for -device qxl-vga, mouse doesn't display
	in guest window like the desciption in above bug.
	This patch try to use -device for primary video when qemu >=1.6 which
	contains the bug fix patch

2013-07-27  Eric Blake  <eblake@redhat.com>

	build: avoid uninitialized use warning
	Otherwise, with new enough gcc compiling at -O2, the build fails with:
	../../src/conf/domain_conf.c: In function ‘virDomainDeviceDefPostParse’:
	../../src/conf/domain_conf.c:2821:29: error: ‘cnt’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
	             for (i = 0; i < *cnt; i++) {
	                             ^
	../../src/conf/domain_conf.c:2795:20: note: ‘cnt’ was declared here
	         size_t i, *cnt;
	                    ^
	../../src/conf/domain_conf.c:2794:30: error: ‘arrPtr’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
	         virDomainChrDefPtr **arrPtr;
	                              ^
	* src/conf/domain_conf.c (virDomainChrGetDomainPtrs): Always
	assign into output parameters.

2013-07-27  Daniel P. Berrange  <berrange@redhat.com>

	Set default partition in libvirtd instead of libvirt_lxc
	By setting the default partition in libvirt_lxc it is not
	visible when querying the live XML. Move setting of the
	default partition into libvirtd virLXCProcessStart

2013-07-26  John Ferlan  <jferlan@redhat.com>

	virStateDriver - Separate AutoStart from Initialize
	Adjust these drivers to handle their Autostart functionality after each
	of the drivers has gone through their Initialization functions

	Separate out StateAutoStart from StateInitialize
	Separation allows for dependent drivers to be make a connection during
	the AutoStart phase of state initialization.

2013-07-26  Ján Tomko  <jtomko@redhat.com>

	Resolve Coverity complaint in storagevolxml2argvtest
	Ignore NULL pool in testSetVolumeType to silence Coverity,
	even though we only call it with NULL pool when vol is also NULL.
	(13) Event var_deref_model:	Passing null pointer "inputpool" to
	function "testSetVolumeType(virStorageVolDefPtr, virStoragePoolDefPtr)",
	which dereferences it. [details]
	Also see events: [assign_zero]
	95    testSetVolumeType(inputvol, inputpool);

	Remove redundant free in virNetworkDNSHostDefParseXML
	ip has to be NULL at this point.

	Remove double space in error messages

	Don't check validity of missing attributes in DNS SRV XML
	This fixes a crash if one of them is missing.
	https://bugzilla.redhat.com/show_bug.cgi?id=988718

	Set the number of elements 0 in virNetwork*Clear
	Decrementing it when it was already 0 causes an invalid free
	in virNetworkDefUpdateDNSHost if virNetworkDNSHostDefParseXML
	fails and virNetworkDNSHostDefClear gets called twice.
	virNetworkForwardDefClear left the number untouched even if it
	freed all the elements.

2013-07-26  Michal Privoznik  <mprivozn@redhat.com>

	formatdomain.html.in: Document implementation limitation of QoS
	The outbound/@peak is ignored (since QoS was introduced). This is due to
	kernel limitation of know allowing ingress filters to have peak just
	average rate. However, we should document this limitation to not confuse
	users.

	formatdomain.html.in: Correctly use <code/> in #elementQoS
	Interestingly, we had <code>floor<code> ... </code>outbound</code> which
	results in much larger block of text to be written in code style that
	intended.

2013-07-26  Alex Jia  <ajia@redhat.com>

	conf:Fix a copy paste error

2013-07-26  Jim Fehlig  <jfehlig@suse.com>

	Fix virsh snapshot-list error reporting
	Noticed that the expected "not supported" error is dropped when
	invoking 'virsh snapshot-list dom' on a Xen installation running
	the libxl driver
	 virsh snapshot-list test
	 error: Invalid snapshot: virDomainSnapshotFree
	The error is overwritten by a call to virDomainSnapshotFree
	in cleanup code within cmdSnapshotList.  Prevent overwritting
	the real error by not calling virDomainSnapshotFree with a NULL
	virDomainSnapshotPtr.

2013-07-26  Daniel P. Berrange  <berrange@redhat.com>

	Skip detecting placement if controller is disabled
	If the app has provided a whitelist of controllers to be used,
	we skip detecting its mount point. We still, however, fill in
	the placement info which later confuses the machine name
	validation code. Skip detecting placement if the controller
	mount point is not set

	Add 'controllers' arg to virCgroupNewDetect
	When detecting cgroups we must honour any controllers
	whitelist the driver may have.

	Fix detection of 'emulator' cgroup
	When a VM has an 'emulator' child cgroup present, we must
	strip off that suffix when detecting the cgroup for a
	machine
	Rename the virCgroupIsValidMachineGroup method to
	virCgroupValidateMachineGroup to make a bit clearer
	that this isn't simply a boolean check, it will make
	changes to the object.

	Make virCgroupIsValidMachine static
	The virCgroupIsValidMachine does not need to be called from
	outside the cgroups file now, so make it static.

	Introduce a more convenient virCgroupNewDetectMachine
	Instead of requiring drivers to use a combination of calls
	to virCgroupNewDetect and virCgroupIsValidMachine, combine
	the two into virCgroupNewDetectMachine

2013-07-25  Guido Günther  <agx@sigxcpu.org>

	virdbustest: Don't pass number of arguments as long long
	since sizeof(int) != sizeof(long long) on 32bit archs.
	This unbreaks virdbustest which otherwise fails like:
	 (gdb) bt
	 #0  __strlen_sse2_bsf () at ../sysdeps/i386/i686/multiarch/strlen-sse2-bsf.S:50
	 #1  0x405907d2 in ?? () from /lib/i386-linux-gnu/libdbus-1.so.3
	 #2  0x4057c140 in ?? () from /lib/i386-linux-gnu/libdbus-1.so.3
	 #3  0x4057e7ec in dbus_message_iter_append_basic () from /lib/i386-linux-gnu/libdbus-1.so.3
	 #4  0x400742ec in virDBusMessageIterEncode (args=0xbfd4b8f0 "k\321\004\b.", types=0x804d260 "",
	     rootiter=0xbfd4b844) at util/virdbus.c:560
	 #5  virDBusMessageEncodeArgs (msg=msg@entry=0x893c278, types=types@entry=0x804d25c "sais",
	     args=args@entry=0xbfd4b8d8 "r\320\004\b\003") at util/virdbus.c:921
	 #6  0x40075917 in virDBusMessageEncode (msg=0x893c278, types=0x804d25c "sais") at util/virdbus.c:959
	 #7  0x0804a4a1 in testMessageArray (args=0x0) at virdbustest.c:195
	 #8  0x0804c404 in virtTestRun (title=title@entry=0x804cfcb "Test message array ",
	     nloops=nloops@entry=1, body=body@entry=0x804a3f0 <testMessageArray>, data=data@entry=0x0)
	     at testutils.c:168
	 #9  0x08049346 in mymain () at virdbustest.c:384
	 #10 0x0804cb2e in virtTestMain (argc=argc@entry=1, argv=argv@entry=0xbfd4bb24,
	     func=func@entry=0x80492c0 <mymain>) at testutils.c:764
	 #11 0x080491af in main (argc=1, argv=0xbfd4bb24) at virdbustest.c:393

2013-07-25  Ján Tomko  <jtomko@redhat.com>

	Add inputpool to storagevolxml2argvtest
	This allows testing the command line for cloning file-based
	volumes into logical volumes and vice versa.

	Move volume XMLs out of storagevolxml2argvdata
	Reuse the XML files in storagevolxml2xmlin.
	(This requires changing a few backing files to /dev/null,
	since virStorageBackendCreateQemuImgCmd checks for its
	presence)

	Move pool XML out of storagevolxml2argvdata
	Reuse the pool definition from storagepoolxml2xmlin.

	Use separate macros for failure/success in vol-to-argv test
	Reindent them to put the input volume on a separate line.

	tests: PCI controller checks
	Check if PCI bridges with duplicate indexes are rejected.
	PCI root controllers with non-zero indexes or addresses should
	also be rejected.

	Don't overwrite errors in qemuTranslateDiskSourcePool
	Both virStoragePoolFree and virStorageVolFree reset the last error,
	which might lead to the cryptic message:
	An error occurred, but the cause is unknown
	When the volume wasn't found, virStorageVolFree was called with NULL,
	leading to an error:
	invalid storage volume pointer in virStorageVolFree
	This patch changes it to:
	Storage volume not found: no storage vol with matching name 'tomato'

2013-07-25  Daniel P. Berrange  <berrange@redhat.com>

	Protection against doing bad stuff to the root group
	Add protection such that the virCgroupRemove and
	virCgroupKill* do not do anything to the root cgroup.
	Killing all PIDs in the root cgroup does not end well.

	Convert LXC driver to use virCgroupNewMachine
	Convert the LXC driver code to use the new atomic API
	for setup of cgroups

	Convert QEMU driver to use virCgroupNewMachine
	Convert the QEMU driver code to use the new atomic API
	for setup of cgroups

	New cgroups API for atomically creating machine cgroups
	Instead of requiring one API call to create a cgroup and
	another to add a task to it, introduce a new API
	virCgroupNewMachine which does both jobs at once. This
	will facilitate the later code to talk to systemd to
	achieve this job which is also atomic.

2013-07-24  Michal Privoznik  <mprivozn@redhat.com>

	virLXCMonitorClose: Unlock domain while closing monitor
	There's a race in lxc driver causing a deadlock. If a domain is
	destroyed immediately after started, the deadlock can occur. When domain
	is started, the even loop tries to connect to the monitor. If the
	connecting succeeds, virLXCProcessMonitorInitNotify() is called with
	@mon->client locked. The first thing that callee does, is
	virObjectLock(vm). So the order of locking is: 1) @mon->client, 2) @vm.
	However, if there's another thread executing virDomainDestroy on the
	very same domain, the first thing done here is locking the @vm. Then,
	the corresponding libvirt_lxc process is killed and monitor is closed
	via calling virLXCMonitorClose(). This callee tries to lock @mon->client
	too. So the order is reversed to the first case. This situation results
	in deadlock and unresponsive libvirtd (since the eventloop is involved).
	The proper solution is to unlock the @vm in virLXCMonitorClose prior
	entering virNetClientClose(). See the backtrace as follows:
	Thread 25 (Thread 0x7f1b7c9b8700 (LWP 16312)):
	0  0x00007f1b80539714 in __lll_lock_wait () from /lib64/libpthread.so.0
	1  0x00007f1b8053516c in _L_lock_516 () from /lib64/libpthread.so.0
	2  0x00007f1b80534fbb in pthread_mutex_lock () from /lib64/libpthread.so.0
	3  0x00007f1b82a637cf in virMutexLock (m=0x7f1b3c0038d0) at util/virthreadpthread.c:85
	4  0x00007f1b82a4ccf2 in virObjectLock (anyobj=0x7f1b3c0038c0) at util/virobject.c:320
	5  0x00007f1b82b861f6 in virNetClientCloseInternal (client=0x7f1b3c0038c0, reason=3) at rpc/virnetclient.c:696
	6  0x00007f1b82b862f5 in virNetClientClose (client=0x7f1b3c0038c0) at rpc/virnetclient.c:721
	7  0x00007f1b6ee12500 in virLXCMonitorClose (mon=0x7f1b3c007210) at lxc/lxc_monitor.c:216
	8  0x00007f1b6ee129f0 in virLXCProcessCleanup (driver=0x7f1b68100240, vm=0x7f1b680ceb70, reason=VIR_DOMAIN_SHUTOFF_DESTROYED) at lxc/lxc_process.c:174
	9  0x00007f1b6ee14106 in virLXCProcessStop (driver=0x7f1b68100240, vm=0x7f1b680ceb70, reason=VIR_DOMAIN_SHUTOFF_DESTROYED) at lxc/lxc_process.c:710
	10 0x00007f1b6ee1aa36 in lxcDomainDestroyFlags (dom=0x7f1b5c002560, flags=0) at lxc/lxc_driver.c:1291
	11 0x00007f1b6ee1ab1a in lxcDomainDestroy (dom=0x7f1b5c002560) at lxc/lxc_driver.c:1321
	12 0x00007f1b82b05be5 in virDomainDestroy (domain=0x7f1b5c002560) at libvirt.c:2303
	13 0x00007f1b835a7e85 in remoteDispatchDomainDestroy (server=0x7f1b857419d0, client=0x7f1b8574ae40, msg=0x7f1b8574acf0, rerr=0x7f1b7c9b7c30, args=0x7f1b5c004a50) at remote_dispatch.h:3143
	14 0x00007f1b835a7d78 in remoteDispatchDomainDestroyHelper (server=0x7f1b857419d0, client=0x7f1b8574ae40, msg=0x7f1b8574acf0, rerr=0x7f1b7c9b7c30, args=0x7f1b5c004a50, ret=0x7f1b5c0029e0) at remote_dispatch.h:3121
	15 0x00007f1b82b93704 in virNetServerProgramDispatchCall (prog=0x7f1b8573af90, server=0x7f1b857419d0, client=0x7f1b8574ae40, msg=0x7f1b8574acf0) at rpc/virnetserverprogram.c:435
	16 0x00007f1b82b93263 in virNetServerProgramDispatch (prog=0x7f1b8573af90, server=0x7f1b857419d0, client=0x7f1b8574ae40, msg=0x7f1b8574acf0) at rpc/virnetserverprogram.c:305
	17 0x00007f1b82b8c0f6 in virNetServerProcessMsg (srv=0x7f1b857419d0, client=0x7f1b8574ae40, prog=0x7f1b8573af90, msg=0x7f1b8574acf0) at rpc/virnetserver.c:163
	18 0x00007f1b82b8c1da in virNetServerHandleJob (jobOpaque=0x7f1b8574dca0, opaque=0x7f1b857419d0) at rpc/virnetserver.c:184
	19 0x00007f1b82a64158 in virThreadPoolWorker (opaque=0x7f1b8573cb10) at util/virthreadpool.c:144
	20 0x00007f1b82a63ae5 in virThreadHelper (data=0x7f1b8574b9f0) at util/virthreadpthread.c:161
	21 0x00007f1b80532f4a in start_thread () from /lib64/libpthread.so.0
	22 0x00007f1b7fc4f20d in clone () from /lib64/libc.so.6
	Thread 1 (Thread 0x7f1b83546740 (LWP 16297)):
	0  0x00007f1b80539714 in __lll_lock_wait () from /lib64/libpthread.so.0
	1  0x00007f1b8053516c in _L_lock_516 () from /lib64/libpthread.so.0
	2  0x00007f1b80534fbb in pthread_mutex_lock () from /lib64/libpthread.so.0
	3  0x00007f1b82a637cf in virMutexLock (m=0x7f1b680ceb80) at util/virthreadpthread.c:85
	4  0x00007f1b82a4ccf2 in virObjectLock (anyobj=0x7f1b680ceb70) at util/virobject.c:320
	5  0x00007f1b6ee13bd7 in virLXCProcessMonitorInitNotify (mon=0x7f1b3c007210, initpid=4832, vm=0x7f1b680ceb70) at lxc/lxc_process.c:601
	6  0x00007f1b6ee11fd3 in virLXCMonitorHandleEventInit (prog=0x7f1b3c001f10, client=0x7f1b3c0038c0, evdata=0x7f1b8574a7d0, opaque=0x7f1b3c007210) at lxc/lxc_monitor.c:109
	7  0x00007f1b82b8a196 in virNetClientProgramDispatch (prog=0x7f1b3c001f10, client=0x7f1b3c0038c0, msg=0x7f1b3c003928) at rpc/virnetclientprogram.c:259
	8  0x00007f1b82b87030 in virNetClientCallDispatchMessage (client=0x7f1b3c0038c0) at rpc/virnetclient.c:1019
	9  0x00007f1b82b876bb in virNetClientCallDispatch (client=0x7f1b3c0038c0) at rpc/virnetclient.c:1140
	10 0x00007f1b82b87d41 in virNetClientIOHandleInput (client=0x7f1b3c0038c0) at rpc/virnetclient.c:1312
	11 0x00007f1b82b88f51 in virNetClientIncomingEvent (sock=0x7f1b3c0044e0, events=1, opaque=0x7f1b3c0038c0) at rpc/virnetclient.c:1832
	12 0x00007f1b82b9e1c8 in virNetSocketEventHandle (watch=3321, fd=54, events=1, opaque=0x7f1b3c0044e0) at rpc/virnetsocket.c:1695
	13 0x00007f1b82a272cf in virEventPollDispatchHandles (nfds=21, fds=0x7f1b8574ded0) at util/vireventpoll.c:498
	14 0x00007f1b82a27af2 in virEventPollRunOnce () at util/vireventpoll.c:645
	15 0x00007f1b82a25a61 in virEventRunDefaultImpl () at util/virevent.c:273
	16 0x00007f1b82b8e97e in virNetServerRun (srv=0x7f1b857419d0) at rpc/virnetserver.c:1097
	17 0x00007f1b8359db6b in main (argc=2, argv=0x7ffff98dbaa8) at libvirtd.c:1512

2013-07-24  Stefan Bader  <stefan.bader@canonical.com>

	libxl: Correctly initialize vcpu bitmap
	The avail_vcpu bitmap has to be allocated before it can be used (using
	the maximum allowed value for that). Then for each available VCPU the
	bit in the mask has to be set (libxl_bitmap_set takes a bit position
	as an argument, not the number of bits to set).
	Without this, I would always only get one VCPU for guests created
	through libvirt/libxl.

2013-07-24  Ján Tomko  <jtomko@redhat.com>

	Add a colon after 'internal error'
	As we do for other errors with an extra string.

	Add new virAuth symbols to private.syms
	Otherwise libvirtd fails to load the lockd plugin.

2013-07-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix virCgroupAvailable() w/o HAVE_GETMNTENT_R defined
	virCgroupAvailable() implementation calls getmntent_r
	without checking if HAVE_GETMNTENT_R is defined, so it fails
	to build on platforms without getmntent_r support.
	Make virCgroupAvailable() just return false without
	HAVE_GETMNTENT_R.

	Fix link_addr detection
	link_addr detection in configure always reports that
	link_addr is missing because it uses link_addr(NULL, NULL) in
	AC_LINK_IFELSE check with limited set of headers that doesn't
	define NULL.
	Fix by replacing 'NULL' with just '0'.

2013-07-24  Martin Kletzander  <mkletzan@redhat.com>

	Use qemuOpenFile in qemu_driver.c
	On two places, the usage of open() is replaced with qemuOpenFile as
	that is the preferred method in those cases.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=963881

	Make qemuOpenFile aware of per-VM DAC seclabel.
	Function qemuOpenFile() haven't had any idea about seclabels applied
	to VMs only, so in case the seclabel differed from the "user:group"
	from configuration, there might have been issues with opening files.
	Make qemuOpenFile() VM-aware, but only optionally, passing NULL
	argument means skipping VM seclabel info completely.
	However, all current qemuOpenFile() calls look like they should use VM
	seclabel info in case there is any, so convert these calls as well.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=869053

	Expose ownership ID parsing
	Parsing 'user:group' is useful even outside the DAC security driver,
	so expose the most abstract function which has no DAC security driver
	bits in itself.

2013-07-24  Laine Stump  <laine@laine.org>

	qemu: set/validate slot/connection type when assigning slots for PCI devices
	Since PCI bridges, PCIe bridges, PCIe switches, and PCIe root ports
	all share the same namespace, they are all defined as controllers of
	type='pci' in libvirt (but with a differing model attribute). Each of
	these controllers has a certain connection type upstream, allows
	certain connection types downstream, and each can either allow a
	single downstream connection at slot 0, or connections from slot 1 -
	31.
	Right now, we only support the pci-root and pci-bridge devices, both
	of which only allow PCI devices to connect, and both which have usable
	slots 1 - 31. In preparation for adding other types of controllers
	that have different capabilities, this patch 1) adds info to the
	qemuDomainPCIAddressBus object to indicate the capabilities, 2) sets
	those capabilities appropriately for pci-root and pci-bridge devices,
	and 3) validates that the controller being connected to is the proper
	type when allocating slots or validating that a user-selected slot is
	appropriate for a device..
	Having this infrastructure in place will make it much easier to add
	support for the other PCI controller types.
	While it would be possible to do all the necessary checking by just
	storing the controller model in the qemyuDomainPCIAddressBus, it
	greatly simplifies all the validation code to also keep a "flags",
	"minSlot" and "maxSlot" for each - that way we can just check those
	attributes rather than requiring a nearly identical switch statement
	everywhere we need to validate compatibility.
	You may notice many places where the flags are seemingly hard-coded to
	  QEMU_PCI_CONNECT_HOTPLUGGABLE | QEMU_PCI_CONNECT_TYPE_PCI
	This is currently the correct value for all PCI devices, and in the
	future will be the default, with small bits of code added to change to
	the flags for the few devices which are the exceptions to this rule.
	Finally, there are a few places with "FIXME" comments. Note that these
	aren't indicating places that are broken according to the currently
	supported devices, they are places that will need fixing when support
	for new PCI controller models is added.
	To assure that there was no regression in the auto-allocation of PCI
	addresses or auto-creation of integrated pci-root, ide, and usb
	controllers, a new test case (pci-bridge-many-disks) has been added to
	both the qemuxml2argv and qemuxml2xml tests. This new test defines a
	domain with several dozen virtio disks but no pci-root or
	pci-bridges. The .args file of the new test case was created using
	libvirt sources from before this patch, and the test still passes
	after this patch has been applied.

	qemu: make QEMU_PCI_ADDRESS_(SLOT|FUNCTION)_LAST less misleading
	Although these two enums are named ..._LAST, they really had the value
	of ..._SIZE. This patch changes their values so that, e.g.,
	QEMU_PCI_ADDRESS_SLOT_LAST really is the slot number of the last slot
	on a PCI bus.

	qemu: only check for PIIX3-specific device addrs on pc-* machinetypes
	The implicit IDE, USB, and video controllers provided by the PIIX3
	chipset in the pc-* machinetypes are not present on other
	machinetypes, so we shouldn't be doing the special checking for
	them. This patch places those validation checks into a separate
	function that is only called for machine types that have a PIIX3 chip
	(which happens to be the i440fx-based pc-* machine types).
	One qemuxml2argv test data file had to be changed - the
	pseries-usb-multi test had included a piix3-usb-uhci device, which was
	being placed at a specific address, and also had slot 2 auto reserved
	for a video device, but the pseries virtual machine doesn't actually
	have a PIIX3 chip, so even if there was a piix3-usb-uhci driver for
	it, the device wouldn't need to reside at slot 1 function 2. I just
	changed the .argv file to have the generic slot info for the two
	devices that results when the special PIIX3 code isn't executed.

	qemu: turn qemuDomainPCIAddressBus into a struct
	qemuDomainPCIAddressBus was an array of QEMU_PCI_ADDRESS_SLOT_LAST
	uint8_t's, which worked fine as long as every PCI bus was
	identical. In the future, some PCI busses will allow connecting PCI
	devices, and some will allow PCIe devices; also some will only allow
	connection of a single device, while others will allow connecting 31
	devices.
	In order to keep track of that information for each bus, we need to
	turn qemuDomainPCIAddressBus into a struct, for now with just one
	member:
	   uint8_t slots[QEMU_PCI_ADDRESS_SLOT_LAST];
	Additional members will come in later patches.
	The item in qemuDomainPCIAddresSet that contains the array of
	qemuDomainPCIAddressBus is now called "buses" to be more consistent
	with the already existing "nbuses" (and with the new "slots" array).

2013-07-24  Eric Blake  <eblake@redhat.com>

	build: work around broken kernel headers
	Thanks to a lack of coordination between kernel and glibc folks,
	it has been impossible to mix code using <linux/in.h> and
	<net/in.h> for some time now (see for example commit c308a9a).
	On at least RHEL 6, <linux/if_bridge.h> tries to use the kernel
	side, and fails due to our desire to use the glibc side elsewhere:
	In file included from /usr/include/linux/if_bridge.h:17,
	                 from util/virnetdevbridge.c:42:
	/usr/include/linux/in6.h:31: error: redefinition of ‘struct in6_addr’
	/usr/include/linux/in6.h:48: error: redefinition of ‘struct sockaddr_in6’
	/usr/include/linux/in6.h:56: error: redefinition of ‘struct ipv6_mreq’
	Thankfully, the kernel layout of these structs is ABI-compatible,
	they only differ in the type system presented to the C compiler.
	While there are other versions of kernel headers that avoid the
	problem, it is easier to just work around the issue than to expect
	all developers to upgrade to working kernel headers.
	* src/util/virnetdevbridge.c (includes): Coerce the kernel version
	of in.h to not collide with the normal version.

	dbus: work with older dbus
	dbus 1.2.24 (on RHEL 6) lacks DBUS_TYPE_UNIX_FD; but as we aren't
	trying to pass one of those anyways, we can just drop support for
	it in our wrapper.  Solves this build error introduced in commit
	834c9c94:
	  CC     libvirt_util_la-virdbus.lo
	util/virdbus.c:242: error: 'DBUS_TYPE_UNIX_FD' undeclared here (not in a function)
	* src/util/virdbus.c (virDBusBasicTypes): Drop support for unix fds.

2013-07-24  John Ferlan  <jferlan@redhat.com>

	valgrind.supp: Add more valgrind suppression paths
	Update based on recent run/failures seen

	domain_event: Resolve memory leak found by Valgrind
	Commit id '4421e257' strdup'd devAlias, but didn't free
	Running qemuhotplugtest under valgrind resulted in the following:
	==7375== 9 bytes in 1 blocks are definitely lost in loss record 11 of 70
	==7375==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==7375==    by 0x37C1085D71: strdup (strdup.c:42)
	==7375==    by 0x4CBBD5F: virStrdup (virstring.c:554)
	==7375==    by 0x4CFF9CB: virDomainEventDeviceRemovedNew (domain_event.c:1174)
	==7375==    by 0x427791: qemuDomainRemoveChrDevice (qemu_hotplug.c:2508)
	==7375==    by 0x42C65D: qemuDomainDetachChrDevice (qemu_hotplug.c:3357)
	==7375==    by 0x41C94F: testQemuHotplug (qemuhotplugtest.c:115)
	==7375==    by 0x41D817: virtTestRun (testutils.c:168)
	==7375==    by 0x41C400: mymain (qemuhotplugtest.c:322)
	==7375==    by 0x41DF3A: virtTestMain (testutils.c:764)
	==7375==    by 0x37C1021A04: (below main) (libc-start.c:225)

	lxc: Resolve Coverity warning
	Commit 'c8695053' resulted in the following:
	Coverity error seen in the output:
	    ERROR: REVERSE_INULL
	    FUNCTION: lxcProcessAutoDestroy
	Due to the 'dom' being checked before 'dom->persistent' since 'dom'
	is already dereferenced prior to that.

2013-07-24  Daniel P. Berrange  <berrange@redhat.com>

	Create + setup cgroups atomically for LXC process
	Currently the LXC driver creates the VM's cgroup prior to
	forking, and then libvirt_lxc moves the child process
	into the cgroup. This won't work with systemd whose APIs
	do the creation of cgroups + attachment of processes atomically.
	Fortunately we simply move the entire cgroups setup into
	the libvirt_lxc child process. We make it take place before
	fork'ing into the background, so by the time virCommandRun
	returns in the LXC driver, the cgroup is guaranteed to be
	present.

	Create + setup cgroups atomically for QEMU process
	Currently the QEMU driver creates the VM's cgroup prior to
	forking, and then uses a virCommand hook to move the child
	into the cgroup. This won't work with systemd whose APIs
	do the creation of cgroups + attachment of processes atomically.
	Fortunately we have a handshake taking place between the
	QEMU driver and the child process prior to QEMU being exec()d,
	which was introduced to allow setup of disk locking. By good
	fortune this synchronization point can be used to enable the
	QEMU driver to do atomic setup of cgroups removing the use
	of the hook script.

	Remove obsolete cgroups creation apis
	The virCgroupNewDomainDriver and virCgroupNewDriver methods
	are obsolete now that we can auto-detect existing cgroup
	placement. Delete them to reduce code bloat.

	Auto-detect existing cgroup placement
	Use the new virCgroupNewDetect function to determine cgroup
	placement of existing running VMs. This will allow the legacy
	cgroups creation APIs to be removed entirely

	Add API for checking if a cgroup is valid for a domain
	Add virCgroupIsValidMachine API to check whether an auto
	detected cgroup is valid for a machine. This lets us
	check if a VM has just been placed into some generic
	shared cgroup, or worse, the root cgroup

	Add a virCgroupNewDetect API for finding cgroup placement
	Add a virCgroupNewDetect API which is used to initialize a
	cgroup object with the placement of an arbitrary process.

	Add logic for handling systemd-machined non-existance
	If systemd machine does not exist, return -2 instead of -1,
	so that applications don't need to repeat the tedious error
	checking code

	Fix handling of DBus errors emitted by the bus itself
	Current code for handling dbus errors only works for errors
	received from the remote application itself. We must also
	handle errors emitted by the bus itself, for example, when
	it fails to spawn the target service.

2013-07-24  John Ferlan  <jferlan@redhat.com>

	storage: Add connection for autostart storage pool
	Add a privileged field to storageDriverState
	Use the privileged value in order to generate a connection which could
	be passed to the various storage backend drivers.
	In particular, the iSCSI driver will need a connect in order to perform
	pool authentication using the 'chap' secrets and the RBD driver utilizes
	the connection during pool refresh for pools using 'ceph' secrets.
	For now that connection will be to be to qemu driver until a mechanism
	is devised to get a connection to just the secret driver without qemu.

2013-07-23  John Ferlan  <jferlan@redhat.com>

	Adjust 'ceph' authentication secret usage for rbd pool.
	Update virStorageBackendRBDOpenRADOSConn() to use the internal API to the
	secret driver in order to get the secret value instead of the external
	virSecretGetValue() path. Without the flag VIR_SECRET_GET_VALUE_INTERNAL_CALL
	there is no way to get the value of private secret.
	This also requires ensuring there is a connection which wasn't true for
	for the refreshPool() path calls from storageDriverAutostart() prior to
	adding support for the connection to a qemu driver. It seems calls to
	virSecretLookupByUUIDString() and virSecretLookupByUsage() from the
	refreshPool() path would have failed with no way to find the secret - that is
	theoretically speaking since the 'conn' was NULL the failure would have been
	"failed to find the secret".

	storage: Support "chap" authentication for iscsi pool
	Although the XML for CHAP authentication with plain "password"
	was introduced long ago, the function was never implemented. This
	patch replaces the login/password mechanism by following the
	'ceph' (or RBD) model of using a 'username' with a 'secret' which
	has the authentication information.
	This patch performs the authentication during startPool() processing
	of pools with an authType of VIR_STORAGE_POOL_AUTH_CHAP specified
	for iSCSI pools.
	There are two types of CHAP configurations supported for iSCSI
	authentication:
	  * Initiator Authentication
	      Forward, one-way; The initiator is authenticated by the target.
	  * Target Authentication
	      Reverse, Bi-directional, mutual, two-way; The target is authenticated
	      by the initiator; This method also requires Initiator Authentication
	This only supports the "Initiator Authentication". (I don't have any
	enterprise iSCSI env for testing, only have a iSCSI target setup with
	tgtd, which doesn't support "Target Authentication").
	"Discovery authentication" is not supported by tgt yet too. So this only
	setup the session authentication by executing 3 iscsiadm commands, E.g:
	% iscsiadm -m node --target "iqn.2013-05.test:iscsi.foo" --name \
	  "node.session.auth.authmethod" -v "CHAP" --op update
	% iscsiadm -m node --target "iqn.2013-05.test:iscsi.foo" --name \
	  "node.session.auth.username" -v "Jim" --op update
	% iscsiadm -m node --target "iqn.2013-05.test:iscsi.foo" --name \
	  "node.session.auth.password" -v "Jimsecret" --op update

	qemu_common: Create qemuBuildVolumeString() to process storage pool
	Split out into its own separate routine

	qemu: Create a common qemuGetSecretString
	Make the secret fetching code common for qemuBuildRBDString() and
	qemuBuildDriveURIString() using the virDomainDiskDef.

	qemu: Add source pool auth info to virDomainDiskDef for iSCSI
	During qemuTranslateDiskSourcePool() execution, if the srcpool has been
	defined with authentication information, then for iSCSI pools copy the
	authentication and host information to virDomainDiskDef.

2013-07-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Take error path if acquiring of job fails in qemuDomainSaveInternal
	Due to a goto statement missed when refactoring in 2771f8b74c1bf50d1fa
	when acquiring of a domain job failed the error path was not taken. This
	resulted into a crash afterwards as an extra reference was removed from a
	domain object leading to it being freed. An attempt to list the domains
	leaded to a crash of the daemon afterwards.
	https://bugzilla.redhat.com/show_bug.cgi?id=928672

2013-07-23  Laine Stump  <laine@laine.org>

	build: fix make rpm failure
	util/virdbuspriv.h needed to be added to UTIL_SOURCES in the makefile.

2013-07-23  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bridge driver: use more general function names
	Continue preparation for extracting platform-specific
	parts from bridge_driver: s/Iptables/Firewall/ for
	firewall related function names.

	Add virDBusMessage(Encode,Decode) stubs
	Commit 834c9c94 introduced virDBusMessageEncode and
	virDBusMessageDecode functions, however corresponding stubs
	were not added to !WITH_DBUS section, therefore 'make check'
	started to fail when compiled w/out dbus support like that:
	Expected symbol virDBusMessageDecode is not in ELF library

2013-07-23  Guannan Ren  <gren@redhat.com>

	virsh: fix change-media bug on disk block type
	Resolves:https://bugzilla.redhat.com/show_bug.cgi?id=923053
	When cdrom is block type, the virsh change-media failed to insert
	source info because virsh uses "<source block='/dev/sdb'/>" while
	the correct name of the attribute for block disks is "dev".

2013-07-23  Osier Yang  <jyang@redhat.com>

	qemu: Translate the volume type disk source before cgroup setting
	The translation must be done before both of cgroup and security
	setting, otherwise since the disk source is not translated yet,
	it might be skipped on cgroup and security setting.

	conf: Ignore the volume type disk if its mode is "direct"
	virDomainDiskDefForeachPath is not only used by the security
	setting helpers, also used by cgroup setting helpers, so this
	is to ignore the volume type disk with mode="direct" for cgroup
	setting.

2013-07-23  John Ferlan  <jferlan@redhat.com>

	qemu: Translate the iscsi pool/volume disk source
	The difference with already supported pool types (dir, fs, block)
	is: there are two modes for iscsi pool (or network pools in future),
	one can specify it either to use the volume target path (the path
	showed up on host) with mode='host', or to use the remote URI qemu
	supports (e.g. file=iscsi://example.org:6000/iqn.1992-01.com.example/1)
	with mode='direct'.
	For 'host' mode, it copies the volume target path into disk->src. For
	'direct' mode, the corresponding info in the *one* pool source host def
	is copied to disk->hosts[0].

	conf: Introduce virDomainDiskSourceIsBlockType
	Introduce a new helper to check if the disk source is of block type

	conf: Introduce new XML tag "mode" for disk source
	There are two ways to use a iSCSI LUN as disk source for qemu.
	 * The LUN's path as it shows up on host, e.g.
	   /dev/disk/by-path/ip-$ip:3260-iscsi-$iqn-fc18:iscsi.iscsi0-lun-1
	 * The libiscsi URI from the storage pool source element host attribute, e.g.
	   iscsi://demo.org:6000/iqn.1992-01.com.example/1
	For a "volume" type disk, if the specified "pool" is of iscsi
	type, we should support to use the LUN in either of above 2 ways.
	That's why to introduce a new XML tag "mode" for the disk source
	(libvirt should support iscsi pool with libiscsi, but it's another
	new feature, which should be done later).
	The "mode" can be either of "host" or "direct". Use "host" to indicate
	use of the LUN with the path as it shows up on host. Use "direct" to
	indicate to use it with the source pool host URI (future patches may support
	to use network type libvirt storage too, e.g. Ceph)

	storage_iscsi: Reflect the default target port
	Make sure default iSCSI target is 3260.

2013-07-22  Jiri Denemark  <jdenemar@redhat.com>

	tests: Free test at the end of GetDeviceAliases JSON test
	Commit 58b147ad07c9432b53e66ca20aff74d812647c57 added a test for
	qemuMonitorGetDeviceAliases but forgot to free the test object at the
	end which causes all sort of weird errors and failures when new tests
	are added after the GetDeviceAliases.

2013-07-22  Philipp Hahn  <hahn@univention.de>

	doc: Fix copy-paste-error in virNodeGetMemoryStats
	The description seems to be copied from virNodeGetCpuState.
	Change wrong 'cpu' to 'memory'.

2013-07-22  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bridge driver: s/network_driver/virNetworkDriverState/
	This is another cleanup before extracting platform-specific
	parts from bridge_driver.
	Rename struct network_driver to _virNetworkDriverState and
	add appropriate typedefs: virNetworkDriverState and
	virNetworkDriverStatePtr.
	This will help us to avoid potential problems when moving
	this struct to the .h file.

2013-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Convert remainder of cgroups code to report errors
	Convert the remaining methods in vircgroup.c to report errors
	instead of returning errno values.

	Convert the virCgroupKill* APIs to report errors
	Instead of returning errno values, change the virCgroupKill*
	APIs to fully report errors.

	Report full errors from virCgroupNew*
	Instead of returning raw errno values, report full libvirt
	errors in virCgroupNew* functions.

	Add helpers for dealing with system errors
	Add virErrorSetErrnoFromLastError and virLastErrorIsSystemErrno
	to simplify code which wants to handle system errors in a more
	graceful fashion.

	Add API for calling systemd-machined's DBus API
	To register virtual machines and containers with systemd-machined,
	and thus have cgroups auto-created, we need to talk over DBus.
	This is somewhat tedious code, so introduce a dedicated function
	to isolate the DBus call in one place.

	Introduce virDBusCallMethod & virDBusMessageRead methods
	Doing DBus method calls using libdbus.so is tedious in the
	extreme. systemd developers came up with a nice high level
	API for DBus method calls (sd_bus_call_method). While
	systemd doesn't use libdbus.so, their API design can easily
	be ported to libdbus.so.
	This patch thus introduces methods virDBusCallMethod &
	virDBusMessageRead, which are based on the code used for
	sd_bus_call_method and sd_bus_message_read. This code in
	systemd is under the LGPLv2+, so we're license compatible.
	This code is probably pretty unintelligible unless you are
	familiar with the DBus type system. So I added some API
	docs trying to explain how to use them, as well as test
	cases to validate that I didn't screw up the adaptation
	from the original systemd code.

2013-07-22  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Let explicit features override model features
	Until now CPU features inherited from a specified CPU model could only
	be overridden with 'disable' policy. With this patch, any explicitly
	specified feature always overrides the same feature inherited from a CPU
	model regardless on the specified policy.
	The CPU in x86-exact-force-Haswell.xml would previously be incompatible
	with x86-host-SandyBridge.xml CPU even though x86-host-SandyBridge.xml
	provides all features required by x86-exact-force-Haswell.xml.

	vmware: Fix bogus CPU arch copy

	cpu: Store arch in virCPUData

	Replace union cpuData with virCPUData

	cpu_x86: Use x86-specific CPU data structure

2013-07-22  Daniel P. Berrange  <berrange@redhat.com>

	LXC: Set default driver for image backed filesystems
	If no explicit driver is set for an image backed filesystem,
	set it to use the loop driver (if raw) or nbd driver (if
	non-raw)

	LXC: Fix some error reporting in filesystem setup
	A couple of places in LXC setup for filesystems did not do
	a "goto cleanup" after reporting errors. While fixing this,
	also add in many more debug statements to aid troubleshooting

2013-07-22  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Shorten SCSI hostdev alias to avoid QEMU failure
	The alias for hostdevs of type SCSI can be too long for QEMU if
	larger LUNs are encountered. Here's a real life example:
	    <hostdev mode='subsystem' type='scsi' managed='no'>
	      <source>
	        <adapter name='scsi_host0'/>
	        <address bus='0' target='19' unit='1088634913'/>
	      </source>
	      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
	    </hostdev>
	this results in a too long drive id, resulting in QEMU yelling
	Property 'scsi-generic.drive' can't find value 'drive-hostdev-scsi_host0-0-19-1088634913'
	This commit changes the alias back to the default hostdev$(index)
	scheme.

2013-07-20  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Unplug devices that disappeared when libvirtd was down
	In case libvirtd is asked to unplug a device but the device is actually
	unplugged later when libvirtd is not running, we need to detect that and
	remove such device when libvirtd starts again and reconnects to running
	domains.

	qemu: Introduce qemuMonitorGetDeviceAliases
	This API provides a NULL-terminated list of devices which are currently
	attached to a QEMU domain.

2013-07-19  Jiri Denemark  <jdenemar@redhat.com>

	conf: Make error reporting in virDomainDefFindDevice optional

	util: Non-existent string array does not contain any string
	Make virStringArrayHasString return false when called on a non-existent
	string array.

2013-07-19  Eric Blake  <eblake@redhat.com>

	security: fix deadlock with prefork
	Attempts to start a domain with both SELinux and DAC security
	modules loaded will deadlock; latent problem introduced in commit
	fdb3bde and exposed in commit 29fe5d7.  Basically, when recursing
	into the security manager for other driver's prefork, we have to
	undo the asymmetric lock taken at the manager level.
	Reported by Jiri Denemark, with diagnosis help from Dan Berrange.
	* src/security/security_stack.c (virSecurityStackPreFork): Undo
	extra lock grabbed during recursion.

2013-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Change s/i/iv/ in test code to avoid syntax-check
	The code parsing VIR_TEST_RANGE mistakenly used 'unsigned int i'
	which violated syntax-check rules

	Allow test cases to be run selectively
	When debugging a failing test with many test cases, it is useful
	to be able to skip most tests. Introducing a new environment
	variable VIR_TEST_RANGE=N-M enables execution of only the test
	cases numbered N-M inclusive, starting from 1.
	For example, to skip all the cgroup tests except 2
	$ VIR_TEST_RANGE=2-3 VIR_TEST_DEBUG=1 ./vircgrouptest
	TEST: vircgrouptest
	 2) New cgroup for driver                                             ... Unexpected found LXC cgroup: 1
	libvirt: Cgroup error : Failed to create controller cpu for group: No such file or directory
	FAILED
	 3) New cgroup for domain driver                                      ... Cannot find LXC cgroup: 1
	libvirt: Cgroup error : Failed to create controller cpu for group: No such file or directory
	FAILED

2013-07-19  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Upstream gnulib recently patched a bug in bootstrap, for projects
	that use a different name than build-aux for a subdirectory.  We
	don't, but it doesn't hurt to update.
	* .gnulib: Update, for bootstrap fix.
	* bootstrap: Sync to upstream.
	* bootstrap.conf: Match upstream bug fix.

2013-07-19  Michal Privoznik  <mprivozn@redhat.com>

	autogen: Handle case when libvirt's submodule
	Currently, in the autogen.sh script we check whether .git is an existing
	directory in which case bootstrap is run. However, if libvirt is a
	submodule, then the .git is just a file (with reference to the topmost
	.git directory). However, our submodule routines work well. So there's
	no real reason why we should prohibit users to build libvirt from
	submodule.

2013-07-19  Eric Blake  <eblake@redhat.com>

	maint: split long lines in Makefiles
	Makefiles are another easy file to enforce line limits.
	Mostly straightforward; interesting tricks worth noting:
	src/Makefile.am: $(confdir) was already defined, use it in more places
	tests/Makefile.am: path_add and VG required some interesting compression
	* cfg.mk (sc_prohibit_long_lines): Add another test.
	* Makefile.am: Fix offenders.
	* daemon/Makefile.am: Likewise.
	* docs/Makefile.am: Likewise.
	* python/Makefile.am: Likewise.
	* src/Makefile.am: Likewise.
	* tests/Makefile.am: Likewise.

	security_dac: compute supplemental groups before fork
	Commit 75c1256 states that virGetGroupList must not be called
	between fork and exec, then commit ee777e99 promptly violated
	that for lxc's use of virSecurityManagerSetProcessLabel.  Hoist
	the supplemental group detection to the time that the security
	manager needs to fork.  Qemu is safe, as it uses
	virSecurityManagerSetChildProcessLabel which in turn uses
	virCommand to determine supplemental groups.
	This does not fix the fact that virSecurityManagerSetProcessLabel
	calls virSecurityDACParseIds calls parseIds which eventually
	calls getpwnam_r, which also violates fork/exec async-signal-safe
	safety rules, but so far no one has complained of hitting
	deadlock in that case.
	* src/security/security_dac.c (_virSecurityDACData): Track groups
	in private data.
	(virSecurityDACPreFork): New function, to set them.
	(virSecurityDACClose): Clean up new fields.
	(virSecurityDACGetIds): Alter signature.
	(virSecurityDACSetSecurityHostdevLabelHelper)
	(virSecurityDACSetChardevLabel, virSecurityDACSetProcessLabel)
	(virSecurityDACSetChildProcessLabel): Update callers.

	security: framework for driver PreFork handler
	A future patch wants the DAC security manager to be able to safely
	get the supplemental group list for a given uid, but at the time
	of a fork rather than during initialization so as to pick up on
	live changes to the system's group database.  This patch adds the
	framework, including the possibility of a pre-fork callback
	failing.
	For now, any driver that implements a prefork callback must be
	robust against the possibility of being part of a security stack
	where a later element in the chain fails prefork.  This means
	that drivers cannot do any action that requires a call to postfork
	for proper cleanup (no grabbing a mutex, for example).  If this
	is too prohibitive in the future, we would have to switch to a
	transactioning sequence, where each driver has (up to) 3 callbacks:
	PreForkPrepare, PreForkCommit, and PreForkAbort, to either clean
	up or commit changes made during prepare.
	* src/security/security_driver.h (virSecurityDriverPreFork): New
	callback.
	* src/security/security_manager.h (virSecurityManagerPreFork):
	Change signature.
	* src/security/security_manager.c (virSecurityManagerPreFork):
	Optionally call into driver, and allow returning failure.
	* src/security/security_stack.c (virSecurityDriverStack):
	Wrap the handler for the stack driver.
	* src/qemu/qemu_process.c (qemuProcessStart): Adjust caller.

2013-07-19  Guido Günther  <agx@sigxcpu.org>

	Use AC_LINK_IFELSE
	instead of the deprecated AC_TRY_LINK

2013-07-19  Eric Blake  <eblake@redhat.com>

	tests: split long lines
	Long lines are harder to read and harder to diff; in fact, if lines get
	too long (> 1000 bytes), it starts causing issues where git send-email
	refuses to send patches for the file.  I've cleaned up the tests
	directory in the past (see commits bd6c46f, 3b750d1), but new long
	lines have been introduced in the meantime.
	Why 90 instead of 80? Because there were too many tests on the fringe
	edge, and I didn't want to edit that many files.
	Add a syntax check to prevent future long lines.
	* cfg.mk (sc_prohibit_long_lines): New rule.
	* tests/qemuxml2argvdata/qemuxml2argv-*.args: Split lines of any
	file with content longer than 90 columns.
	* tests/storagevolxml2argvdata/*.argv: Likewise.

2013-07-18  Guido Günther  <agx@sigxcpu.org>

	Check for link_addr more thoroughly
	Some versions of kFreeBSD (like 9.0) declare link_addr in a header
	but lack an implementation. This makes ./configure pass but breaks
	compilation later with a
	     undefined reference to `link_addr'
	Althought that's a bug in the OS header we can detect it easily by also
	trying to link.
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715320

2013-07-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Emit VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED events

	qemu: Remove devices only after DEVICE_DELETED event

	qemu: Add support for DEVICE_DELETED event

	Add virDomainDefFindDevice for looking up a device by its alias

	Clarify virDomainDetachDeviceFlags documentation

	examples: Handle VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED event

	Add VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED event

	qemu: Separate char device removal into a standalone function

2013-07-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: Cleanup coding style nits in qemu_cgroup.c

2013-07-18  Osier Yang  <jyang@redhat.com>

	qemu: Set cpuset.cpus for domain process
	When either "cpuset" of <vcpu> is specified, or the "placement" of
	<vcpu> is "auto", only setting the cpuset.mems might cause the guest
	starting to fail. E.g. ("placement" of both <vcpu> and <numatune> is
	"auto"):
	1) Related XMLs
	  <vcpu placement='auto'>4</vcpu>
	  <numatune>
	    <memory mode='strict' placement='auto'/>
	  </numatune>
	2) Host NUMA topology
	  % numactl --hardware
	  available: 8 nodes (0-7)
	  node 0 cpus: 0 4 8 12 16 20 24 28
	  node 0 size: 16374 MB
	  node 0 free: 11899 MB
	  node 1 cpus: 32 36 40 44 48 52 56 60
	  node 1 size: 16384 MB
	  node 1 free: 15318 MB
	  node 2 cpus: 2 6 10 14 18 22 26 30
	  node 2 size: 16384 MB
	  node 2 free: 15766 MB
	  node 3 cpus: 34 38 42 46 50 54 58 62
	  node 3 size: 16384 MB
	  node 3 free: 15347 MB
	  node 4 cpus: 3 7 11 15 19 23 27 31
	  node 4 size: 16384 MB
	  node 4 free: 15041 MB
	  node 5 cpus: 35 39 43 47 51 55 59 63
	  node 5 size: 16384 MB
	  node 5 free: 15202 MB
	  node 6 cpus: 1 5 9 13 17 21 25 29
	  node 6 size: 16384 MB
	  node 6 free: 15197 MB
	  node 7 cpus: 33 37 41 45 49 53 57 61
	  node 7 size: 16368 MB
	  node 7 free: 15669 MB
	4) cpuset.cpus will be set as: (from debug log)
	2013-05-09 16:50:17.296+0000: 417: debug : virCgroupSetValueStr:331 :
	Set value '/sys/fs/cgroup/cpuset/libvirt/qemu/toy/cpuset.cpus'
	to '0-63'
	5) The advisory nodeset got from querying numad (from debug log)
	2013-05-09 16:50:17.295+0000: 417: debug : qemuProcessStart:3614 :
	Nodeset returned from numad: 1
	6) cpuset.mems will be set as: (from debug log)
	2013-05-09 16:50:17.296+0000: 417: debug : virCgroupSetValueStr:331 :
	Set value '/sys/fs/cgroup/cpuset/libvirt/qemu/toy/cpuset.mems'
	to '0-7'
	I.E, the domain process's memory is restricted on the first NUMA node,
	however, it can use all of the CPUs, which will likely cause the domain
	process to fail to start because of the kernel fails to allocate
	memory with the the memory policy as "strict".
	% tail -n 20 /var/log/libvirt/qemu/toy.log
	...
	2013-05-09 05:53:32.972+0000: 7318: debug : virCommandHandshakeChild:377 :
	Handshake with parent is done
	char device redirected to /dev/pts/2 (label charserial0)
	kvm_init_vcpu failed: Cannot allocate memory
	...

2013-07-18  Peter Krempa  <pkrempa@redhat.com>

	caps: Add helpers to convert NUMA nodes to corresponding CPUs
	These helpers use the remembered host capabilities to retrieve the cpu
	map rather than query the host again. The intended usage for this
	helpers is to fix automatic NUMA placement with strict memory alloc. The
	code doing the prepare needs to pin the emulator process only to cpus
	belonging to a subset of NUMA nodes of the host.

2013-07-18  Martin Kletzander  <mkletzan@redhat.com>

	Add virtio-scsi to fallback models of scsi controller
	When user does not specify any model for scsi controller, or worse, no
	controller at all, but libvirt automatically adds scsi controller with
	no model, we are not searching for virtio-scsi and thus this can fail
	for example on qemu which doesn't support lsi logic adapter.
	This means that when qemu on x86 doesn't support lsi53c895a and the
	user adds the following to an XML without any scsi controller:
	<disk ...>
	  ...
	  <target dev='sda'>
	</disk>
	libvirt fails like this:
	 # virsh define asdf.xml
	 error: Failed to define domain from asdf.xml
	 error: internal error Unable to determine model for scsi controller
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=974943

2013-07-18  Michal Privoznik  <mprivozn@redhat.com>

	Introduce lxcDomObjFromDomain
	Similarly to qemu driver, we can use a helper function to
	lookup a domain instead of copying multiple lines around.

	Remove lxcDriverLock from almost everywhere
	With the majority of fields in the virLXCDriverPtr struct
	now immutable or self-locking, there is no need for practically
	any methods to be using the LXC driver lock. Only a handful
	of helper APIs now need it.

	lxc: Make activeUsbHostdevs use locks
	The activeUsbHostdevs item in LXCDriver are lockable, but the lock has
	to be called explicitly. Call the virObject(Un)Lock() in order to
	achieve mutual exclusion once lxcDriverLock is removed.

	Stop accessing driver->caps directly in LXC driver
	The 'driver->caps' pointer can be changed on the fly. Accessing
	it currently requires the global driver lock. Isolate this
	access in a single helper, so a future patch can relax the
	locking constraints.

	lxc: switch to virCloseCallbacks API

	Introduce annotations for virLXCDriverPtr fields
	Annotate the fields in virLXCDriverPtr to indicate the locking
	rules for their use.

	lxc: Use atomic ops for driver->nactive

	Introduce a virLXCDriverConfigPtr object
	Currently the virLXCDriverPtr struct contains an wide variety
	of data with varying access needs. Move all the static config
	data into a dedicated virLXCDriverConfigPtr object. The only
	locking requirement is to hold the driver lock, while obtaining
	an instance of virLXCDriverConfigPtr. Once a reference is held
	on the config object, it can be used completely lockless since
	it is immutable.
	NB, not all APIs correctly hold the driver lock while getting
	a reference to the config object in this patch. This is safe
	for now since the config is never updated on the fly. Later
	patches will address this fully.

	virLXCDriver: Drop unused @cgroup
	It is not used anywhere, so it makes no sense to have it there.

	qemu: Move close callbacks handling into util/virclosecallbacks.c

	qemuhotplugtest: Resolve some memleaks
	If testQemuHotplugAttach succeeds, the vm->def steals the dev pointer.
	However, not the envelope, which needs to be freed. In addition,
	driver.config is allocated, but never freed.

	qemuDomainDetachChrDevice: Don't leak @charAlias
	Moreover, since virAsprintf now does report OOM error, there's no need
	to call virReportOOMError in error path.

2013-07-18  Ján Tomko  <jtomko@redhat.com>

	virAsprintf: correctly check return value
	When virAsprintf was changed from a function to a macro
	reporting OOM error in dc6f2da, it was documented as returning
	0 on success. This is incorrect, it returns the number of bytes
	written as asprintf does.
	Some of the functions were converted to use virAsprintf's return
	value directly, changing the return value on success from 0 to >= 0.
	For most of these, this is not a problem, but the change in
	virPCIDriverDir breaks PCI passthrough.
	The return value check in virhashtest pre-dates virAsprintf OOM
	conversion.
	vmwareMakePath seems to be unused.

2013-07-18  Daniel P. Berrange  <berrange@redhat.com>

	Merge virCommandPreserveFD / virCommandTransferFD
	Merge the virCommandPreserveFD / virCommandTransferFD methods
	into a single virCommandPasFD method, and use a new
	VIR_COMMAND_PASS_FD_CLOSE_PARENT to indicate their difference
	in behaviour

	Enable FD passing when starting guests with virsh
	Add a "--pass-fds N,M,..." arg to the virsh start/create
	methods. This allows pre-opened file descriptors from the
	shell to be passed on into the guest

	LXC: Wire up the virDomainCreate{XML}WithFiles methods
	Wire up the new virDomainCreate{XML}WithFiles methods in the
	LXC driver, so that FDs get passed down to the init process.
	The lxc_container code needs to do a little dance in order
	to renumber the file descriptors it receives into linear
	order, starting from STDERR_FILENO + 1.

	Fix impl of virDomainCreateWithFlags remote client helper
	In the following commit:
	  commit 03d813bbcd7b4a18360105500672b84d985dd889
	  Author: Marek Marczykowski <marmarek@invisiblethingslab.com>
	  Date:   Thu May 23 02:01:30 2013 +0200
	    remote: fix dom->id after virDomainCreateWithFlags
	The virDomainCreateWithFlags remote client helper was made to
	invoke REMOTE_PROC_DOMAIN_LOOKUP_BY_UUID to refresh the 'id'
	of the domain, following the pattern used in the previous
	virDomainCreate method impl.
	The remote protocol for virDomainCreateWithFlags though did
	actually fix the design flaw in virDomainCreate, by directly
	returning the new domain info. For some reason, this data was
	never used. So we can just use that data now instead.

	Introduce remote protocol support for virDomainCreate{XML}WithFiles
	Since they make use of file descriptor passing, the remote protocol
	methods for virDomainCreate{XML}WithFiles must be written by hand.

	Introduce new domain create APIs to pass pre-opened FDs to LXC
	With container based virt, it is useful to be able to pass
	pre-opened file descriptors to the container init process.
	This allows for containers to be auto-activated from incoming
	socket connections, passing the active socket into the container.
	To do this, introduce a pair of new APIs, virDomainCreateXMLWithFiles
	and virDomainCreateWithFiles, which accept an array of file
	descriptors. For the LXC driver, UNIX file descriptor passing
	will be used to send them to libvirtd, which will them pass
	them down to libvirt_lxc, which will then pass them to the container
	init process.
	This will only be implemented for LXC right now, but the design
	is generic enough it could work with other hypervisors, hence
	I suggest adding this to libvirt.so, rather than libvirt-lxc.so

2013-07-18  Jiri Denemark  <jdenemar@redhat.com>

	maint: Make ctags work out of the box
	The .ctags file specifies default options for ctags so that it does not
	ignore libvirt.h.in and ignores uninteresting files. As a result, you
	can just run "ctags" and navigating to a public API won't get you to a
	useless entry in api.html.

2013-07-18  Geoff Hickey  <ghickey@datagravity.com>

	esx: Support for disk-only and quiescing snapshots.
	Add support for creating disk-only (no memory) snapshots in esx, and
	for quiescing the VM before taking the snapshot. The VMware API
	supports these operations directly, so adding support to libvirt is
	just a matter of setting the flags correctly when calling
	VMware. VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY and
	VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE are now valid flags for esx.

2013-07-18  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: implement virDomainGetNumaParameters
	Although, having it depending on Xen >= 4.3 (by using the proper
	libxl feature flag).
	Xen currently implements a NUMA placement policy which is basically
	the same as the 'interleaved' policy of `numactl', although it can
	be applied on a subset of the available nodes. We therefore hardcode
	"interleave" as 'numa_mode', and we use the newly introduced libxl
	interface to figure out what nodes a domain spans ('numa_nodeset').
	With this change, it is now possible to query the NUMA node
	affinity of a running domain:
	[raistlin@Zhaman ~]$ sudo virsh --connect xen:/// list
	 Id    Name                           State
	----------------------------------------------------
	 23    F18_x64                        running
	[raistlin@Zhaman ~]$ sudo virsh --connect xen:/// numatune 23
	numa_mode      : interleave
	numa_nodeset   : 1

	libxl: advertise the support for VIR_TYPED_PARAM_STRING
	domainGetNumaParameters has a string typed parameter, hence it
	is necessary for the libxl driver to support this.
	This change implements the connectSupportsFeature hook for the
	libxl driver, advertising that VIR_DRV_FEATURE_TYPED_PARAM_STRING
	is supported.
	Cc: Eric Blake <eblake@redhat.com>

2013-07-18  Stefan Bader  <stefan.bader@canonical.com>

	xen: Add interface versions for Xen 4.3
	Xen 4.3 changes sysctl version to 10 and domctl version to 9. Update
	the hypervisor driver to work with those.

2013-07-17  Michal Privoznik  <mprivozn@redhat.com>

	lxc_container: Don't call virGetGroupList during exec
	Commit 75c1256 states that virGetGroupList must not be called
	between fork and exec, then commit ee777e99 promptly violated
	that for lxc.
	Patch originally posted by Eric Blake <eblake@redhat.com>.

2013-07-17  Ján Tomko  <jtomko@redhat.com>

	cgroup: reuse buffer for getline
	Reuse the buffer for getline and track buffer allocation
	separately from the string length to prevent unlikely
	out-of-bounds memory access.
	This fixes the following leak that happened when zero bytes were read:
	==404== 120 bytes in 1 blocks are definitely lost in loss record 1,344 of 1,671
	==404==    at 0x4C2C71B: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==404==    by 0x906F862: getdelim (iogetdelim.c:68)
	==404==    by 0x52A48FB: virCgroupPartitionNeedsEscaping (vircgroup.c:1136)
	==404==    by 0x52A0FB4: virCgroupPartitionEscape (vircgroup.c:1171)
	==404==    by 0x52A0EA4: virCgroupNewDomainPartition (vircgroup.c:1450)

2013-07-17  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainGetSchedulerType: Prefer qemuDomObjFromDomain
	In all qemu APIs we tend to prefer qemuDomObjFromDomain over
	virDomainObjListFindByUUID. But somehow the
	qemuDomainGetSchedulerType left unattended.

	virSecurityManagerGenLabel: Skip seclabels without model
	While generating seclabels, we check the seclabel stack if required
	driver is in the stack. If not, an error is returned. However, it is
	possible for a seclabel to not have any model set (happens with LXC
	domains that have just <seclabel type='none'>). If that's the case,
	we should just skip the iteration instead of calling STREQ(NULL, ...)
	and SIGSEGV-ing subsequently.

	lxcCapsInit: Allocate primary security driver unconditionally
	Currently, if the primary security driver is 'none', we skip
	initializing caps->host.secModels. This means, later, when LXC domain
	XML is parsed and <seclabel type='none'/> is found (see
	virSecurityLabelDefsParseXML), the model name is not copied to the
	seclabel. This leads to subsequent crash in virSecurityManagerGenLabel
	where we call STREQ() over the model (note, that we are expecting model
	to be !NULL).

2013-07-17  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Separate host device removal into a standalone function

	qemu: Separate net device removal into a standalone function

	qemu: Separate controller removal into a standalone function

	qemu: Separate disk device removal into a standalone function

	qemu: Add qemuDomainReleaseDeviceAddress to remove any address

2013-07-17  Guido Günther  <agx@sigxcpu.org>

	Create directory for lease files if it's missing
	If we don't autostart a network it's not being created.
	Debian Bug http://bugs.debian.org/715200

2013-07-17  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning on shadowed name
	Introduced in commit 24b08219; compilation on RHEL 6.4 complained:
	qemu/qemu_hotplug.c: In function 'qemuDomainAttachChrDevice':
	qemu/qemu_hotplug.c:1257: error: declaration of 'remove' shadows a global declaration [-Wshadow]
	/usr/include/stdio.h:177: error: shadowed declaration is here [-Wshadow]
	* src/qemu/qemu_hotplug.c (qemuDomainAttachChrDevice): Avoid the
	name 'remove'.

2013-07-16  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: Change the owner of live attached host devices
	The owner of this host devices should be the root user of container.

	LXC: Change the owner of host devices to the root of container
	These host devices are created for container,
	the owner should be the root user of container.

	LXC: Create host devices for container on host side
	Otherwise the container will fail to start if we
	enable user namespace, since there is no rights to
	do mknod in uninit user namespace.

	LXC: Change the owner of live attached disk device
	The owner of this disk device should be the root user of container.

	LXC: Move virLXCControllerChown to lxc_container.c
	lxc driver will use this function to change the owner
	of hot added devices.
	Move virLXCControllerChown to lxc_container.c and Rename
	it to lxcContainerChown.

	LXC: controller: change the owner of disk to the root of container
	These disk devices are created for container,
	the owner should be the root user of container.

	LXC: Setup disks for container on host side
	Since mknod in container is forbidden, we should setup disks
	on host side.

2013-07-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix double free of returned JSON array in qemuAgentGetVCPUs()
	A part of the returned monitor response was freed twice and caused
	crashes of the daemon when using guest agent cpu count retrieval.
	 # virsh vcpucount dom --guest
	Introduced in v1.0.6-48-gc6afcb0

2013-07-16  Wido den Hollander  <wido@widodh.nl>

	rbd: Do not free the secret if it is not set
	Not all RBD (Ceph) storage pools have cephx authentication turned on,
	so "secret" might not be initialized.
	It could also be that the secret couldn't be located.
	Only call virSecretFree() if "secret" is initialized earlier.

2013-07-16  John Ferlan  <jferlan@redhat.com>

	Allow balloon driver collection to be adjusted dynamically
	Use the virDomainSetMemoryStatsPeriodFlags() to pass a period defined by
	usage of a new --period option in order to set the collection period for the
	balloon driver. This may enable or disable the collection based on the value.
	Add the --current, --live, & --config options to dommemstat.

	Implement the virDomainSetMemoryStatsPeriod for QEMU driver
	Implement the new API that will handle setting the balloon driver statistics
	collection period in order to enable or disable the collection dynamically.

	Specify remote protocol for virDomainSetMemoryStatsPeriod
	Wire up the remote protocol

	Add new public API virDomainSetMemoryStatsPeriod
	Add new API in order to set the balloon memory driver statistics collection
	period in order to allow dynamic period adjustment for the virsh dommemstats to
	display balloon stats data

	Add capability to fetch balloon stats
	This patch will add the qemuMonitorJSONGetMemoryStats() to execute a
	"guest-stats" on the balloonpath using "get-qom" replacing the former
	mechanism which looked through the "query-ballon" returned data for
	the fields.  The "query-balloon" code only returns 'actual' memory.
	Rather than duplicating the existing code, have the JSON API use the
	GetBalloonInfo API.
	A check in the qemuMonitorGetMemoryStats() will be made to ensure the
	balloon driver path has been set.  Since the underlying JSON code can
	return data not associated with the balloon driver, we don't fail on
	a failure to get the balloonpath.  Of course since we've made the check,
	we can then set the ballooninit flag.  Getting the path here is primarily
	due to the process reconnect path which doesn't attempt to set the
	collection period.

	Determine whether to start balloon memory stats gathering.
	At vm startup and attach attempt to set the balloon driver statistics
	collection period based on the value found in the domain xml file. This
	is not done at reconnect since it's possible that a collection period
	was set on the live guest and making the set period call would reset to
	whatever value is stored in the config file.
	Setting the stats collection period has a side effect of searching through
	the qom-list output for the virtio balloon driver and making sure that it
	has the right properties in order to allow setting of a collection period
	and eventually fetching of statistics.
	The walk through the qom-list is expensive and thus the balloonpath will
	be saved in the monitor private structure as well as a flag indicating
	that the initialization has already been attempted (in the event that a
	path is not found, no sense to keep checking).
	This processing model conforms to the qom object model model which
	requires setting object properties after device startup. That is, it's
	not possible to pass the period along via the startup code as it won't
	be recognized.

	Add 'period' for Memballoon statistics gathering capability
	Add a period in seconds to allow/enable statistics gathering from the
	Balloon driver for 'virsh dommemstat <domain>'.

2013-07-16  Alex Jia  <ajia@redhat.com>

	qemu: Prevent crash of libvirtd without guest agent configuration
	If users haven't configured guest agent then qemuAgentCommand() will
	dereference a NULL 'mon' pointer, which causes crash of libvirtd when
	using agent based cpu (un)plug.
	With the patch, when the qemu-ga service isn't running in the guest,
	a expected error "error: Guest agent is not responding: Guest agent
	not available for now" will be raised, and the error "error: argument
	unsupported: QEMU guest agent is not configured" is raised when the
	guest hasn't configured guest agent.
	GDB backtrace:
	 (gdb) bt
	 #0  virNetServerFatalSignal (sig=11, siginfo=<value optimized out>, context=<value optimized out>) at rpc/virnetserver.c:326
	 #1  <signal handler called>
	 #2  qemuAgentCommand (mon=0x0, cmd=0x7f39300017b0, reply=0x7f394b090910, seconds=-2) at qemu/qemu_agent.c:975
	 #3  0x00007f39429507f6 in qemuAgentGetVCPUs (mon=0x0, info=0x7f394b0909b8) at qemu/qemu_agent.c:1475
	 #4  0x00007f39429d9857 in qemuDomainGetVcpusFlags (dom=<value optimized out>, flags=9) at qemu/qemu_driver.c:4849
	 #5  0x00007f3957dffd8d in virDomainGetVcpusFlags (domain=0x7f39300009c0, flags=8) at libvirt.c:9843
	How to reproduce?
	 # To start a guest without guest agent configuration
	 # then run the following cmdline
	 # virsh vcpucount foobar --guest
	 error: End of file while reading data: Input/output error
	 error: One or more references were leaked after disconnect from the hypervisor
	 error: Failed to reconnect to the hypervisor
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=984821

2013-07-16  Martin Kletzander  <mkletzan@redhat.com>

	Make logical pools independent on target path
	When using logical pools, we had to trust the target->path provided.
	This parameter, however, can be completely ommited and we can use
	'/dev/<source.name>' safely and populate it to target.path.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=952973

2013-07-16  Michal Privoznik  <mprivozn@redhat.com>

	qemuhotplugtest: Introduce test for chardev hotplug
	The test is currently testing just device update function. However,
	chardev hotplug is implemented just for device attach and detach. This
	fact means, the test needs to be rewritten (the majority of the code is
	still shared). Moreover, we are now able to pass VM among multiple test
	runs. So for instance, while we add a device in the first run, we can
	remove it in the second run.

	qemu: Implement chardev hotplug on live level
	Since previous patches has prepared everything for us, we may now
	implement live hotplug of a character device.

	qemu: Implement chardev hotplug on config level
	There are two levels on which a device may be hotplugged: config
	and live. The config level requires just an insert or remove from
	internal domain definition structure, which is exactly what this
	patch does. There is currently no implementation for a chardev
	update action, as there's not much to be updated. But more
	importantly, the only thing that can be updated is path or socket
	address by which chardevs are distinguished. So the update action
	is currently not supported.

	domain_conf: Auto fill chardev port
	Now that we have callbacks, we should auto fill in omitted pieces of
	information. It's important for chardev hotplug to fill in the correct
	/{serial,parallel,console,channel}/target/@port if no value has been
	provided by user.

2013-07-16  Peter Krempa  <pkrempa@redhat.com>

	cpu: Allow fine tuning of "host-model" cpu
	https://bugzilla.redhat.com/show_bug.cgi?id=799354
	Until now, the "host-model" cpu mode couldn't be influenced. This patch
	allows to use the <feature> elements to either enable or disable
	specific CPU flags. This can be used to force flags that can be emulated
	even if the host CPU doesn't support them.

	cpu: Clean up code style

	cpu: Add virCPUDefUpdateFeature()
	This new function updates or adds a feature to a existing cpu model
	definition. This function will be helpful to allow tuning of
	"host-model" features in later patches.

	conf: Clean up error reporting in cpu definition parsing
	Use VIR_ERR_XML_ERROR instead of VIR_ERR_INTERNAL_ERROR in XML parsing
	code and move "%s" formating strings right after the error code.

2013-07-16  John Ferlan  <jferlan@redhat.com>

	storage_conf: Merge AuthChap and AuthCephx into AuthSecret
	Merge virStoragePoolDefParseAuthChap and virStoragePoolDefParseAuthCephx
	into a common virStoragePoolDefParseAuthSecret.  Change the output to be
	common for both by putting 'type' first followed by 'username'.

	storage_conf: Move username processing into common function
	Move the auth->username processing into virStoragePoolDefParseAuth
	save the resulting username into chap/cephx specific data

	storage_pool: Rework chap XML to mimic ceph
	The existing 'chap' XML logic was never used - just defined.  Rather than
	try to insert a square peg into a round hole, blow it up and rewrite the
	logic to follow the 'ceph' format.
	Remove the former "chap.login" and "chap.passwd" fields and replace
	with "chap.username" and "chap.secret" in _virStoragePoolAuthChap.
	Adjust the virStoragePoolDefParseAuthChap() to process.
	Change the rng file to describe the new layout
	Update the formatstorage.html to describe the usage of the secret element
	to mention that the secret type "iscsi" and "ceph" can be used
	to storage pool too.
	Update the formatsecret.html to include a reference to the storage pool
	Update tests to handle the changes from 'login' and 'passwd' to 'username'
	and '<secret>' format

	storage_conf: Move auth processing into virStoragePoolDefParseAuth
	Split processing of "<auth" into its own function

	storage_conf: Introduce virStoragePoolAuthSecretPtr
	Split out the _virStoragePoolAuthSecret data from _virStoragePoolAuthCephx
	into its own structure

	storage_conf: Adjust virStoragePoolAuthType enum
	Generate and use the virStoragePoolAuthTypeType{To|From}String helpers

	Add qemuMonitorJSONSetObjectProperty() method for QMP qom-set command
	Add a new qemuMonitorJSONSetObjectProperty() method to support invocation
	of the 'qom-set' JSON monitor command with a provided path, property, and
	expected data type to set.
	NOTE: The set API was added only for the purpose of the qemumonitorjsontest
	The test code uses the same "/machine/i440fx" property as the get test and
	attempts to set the "realized" property to "true" (which it should be set
	at anyway).

	Add qemuMonitorJSONGetObjectProperty() method for QMP qom-get command
	Add a new qemuMonitorJSONGetObjectProperty() method to support invocation
	of the 'qom-get' JSON monitor command with a provided path, property, and
	expected data type return. The qemuMonitorJSONObjectProperty is similar to
	virTypedParameter; however, a future patch will extend it a bit to include
	a void pointer to balloon driver statistic data.
	NOTE: The ObjectProperty structures and API are added only for the
	      purpose of the qemumonitorjsontest
	The provided test will execute a qom-get on "/machine/i440fx" which will
	return a property "realized".

	Add qemuMonitorJSONGetObjectListPaths() method for QMP qom-list command
	Add a new qemuMonitorJSONGetObjectListPaths() method to support invocation
	of the 'qom-list' JSON monitor command with a provided path.
	NOTE: The ListPath structures and API's are added only for the
	      purpose of the qemumonitorjsontest
	The returned list of paired data fields of "name" and "type" that can
	be used to peruse QOM configuration data and eventually utilize for the
	balloon statistics.
	The test does a "{"execute":"qom-list", "arguments": { "path": "/"}}" which
	returns "{"return": [{"name": "machine", "type": "child<container>"},
	{"name": "type", "type": "string"}]}" resulting in a return of an array
	of 2 elements with [0].name="machine", [0].type="child<container>".  The [1]
	entry appears to be a header that could be used some day via a command such
	as "virsh qemuobject --list" to format output.

2013-07-15  Matthew Rosato  <mjrosato@linux.vnet.ibm.com>

	qemu: add macvlan delete to qemuDomainAttachNetDevice cleanup
	If an error occurs during qemuDomainAttachNetDevice after the macvtap
	was created in qemuPhysIfaceConnect, the macvtap device gets left behind.
	This patch adds code to the cleanup routine to delete the macvtap.
	Reviewed-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

2013-07-15  Laine Stump  <laine@laine.org>

	pci: make virPCIDeviceReset more autonomous
	I recently patches the callers to virPCIDeviceReset() to not call it
	if the current driver for a device was vfio-pci (since that driver
	will always reset the device itself when appropriate. At the time, Dan
	Berrange suggested that I could instead modify virPCIDeviceReset
	to check the currently bound driver for the device, and decide
	for itself whether or not to go ahead with the reset.
	This patch removes the previously added checks, and replaces them with
	a check down in virPCIDeviceReset(), as suggested.
	The functional difference here is that previously we were deciding
	based on either the hostdev configuration or the value of
	stubDriverName in the virPCIDevice object, but now we are actually
	comparing to the "driver" link in the device's sysfs entry
	directly. In practice, both should be the same.

	pci: reorder static functions
	virPCIDeviceGetDriverPathAndName is a static function that will need
	to be called by another function that occurs above it in the
	file. This patch reorders the static functions so that a forward
	declaration isn't needed.

2013-07-15  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildChrDeviceCommandLine: Don't leak devstr
	It's caller's responsibility to free return value of
	qemuBuildChrDeviceStr().

2013-07-15  Guannan Ren  <gren@redhat.com>

	python: return dictionary without value in case of no blockjob
	Currently, when there is no blockjob, dom.blockJobInfo('vda')
	still reports error because it doesn't distinguish return value 0 from -1.
	libvirt.libvirtError: virDomainGetBlockJobInfo() failed
	virDomainGetBlockJobInfo() API return value:
	 -1 in case of failure, 0 when nothing found, 1 found.
	And use PyDict_SetItemString instead of PyDict_SetItem when key is
	of string type. PyDict_SetItemString increments key/value reference
	count, so call Py_DECREF() for value. For key, we don't need to
	do this, because PyDict_SetItemString will handle it internally.

2013-07-12  Ján Tomko  <jtomko@redhat.com>

	conf: reject pci-root controllers with non-zero indexes
	https://bugzilla.redhat.com/show_bug.cgi?id=981261

2013-07-12  Jincheng Miao  <jmiao@redhat.com>

	Change domain controller index type to unsigned
	Error out on negative index values.
	https://bugzilla.redhat.com/show_bug.cgi?id=981261

2013-07-12  Peter Krempa  <pkrempa@redhat.com>

	virsh: Mention --driver in man page for nodedev-detach
	https://bugzilla.redhat.com/show_bug.cgi?id=982987
	Commit d923f6c8 introduced the --driver option but didn't document it in
	the man page. The docs are borrowed from the public API documentation.

2013-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Add a couple of debug statements to LXC driver
	When failing to start a container due to inaccessible root
	filesystem path, we did not log any meaningful error. Add a
	few debug statements to assist diagnosis

2013-07-12  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Introduce qemuBuildChrDeviceStr
	The function being introduced is responsible for creating command
	line argument for '-device' for given character device. Based on
	the chardev type, it calls appropriate qemuBuild.*ChrDeviceStr(),
	e.g.  qemuBuildSerialChrDeviceStr() for serial chardev and so on.

	qemu_command: Honour chardev alias assignment with a function
	The chardev alias assignment is going to be needed in a separate
	places, so it should be moved into a separate function rather
	than copying code randomly around.

	qemu_monitor: Introduce qemuMonitorDetachCharDev
	This function wraps 'chardev-remove' qemu monitor command around.
	It takes chardev alias as its single argument besides qemu monitor
	pointer.

	qemu_monitor: Introduce qemuMonitorAttachCharDev
	The function being introduced is responsible for preparing and
	executing 'chardev-add' qemu monitor command. Moreover, in case
	of PTY chardev, the corresponding pty path is updated.

	qemu_monitor_json: Move InetSocketAddress build to a separate function
	Currently, we are building InetSocketAddress qemu json type
	within the qemuMonitorJSONNBDServerStart function. However, other
	future functions may profit from the code as well. So it should
	be moved into a static function.

	domain_conf: Introduce chardev hotplug helpers
	For now, only these three helpers are needed:
	virDomainChrFind - to find a duplicate chardev within VM def
	virDomainChrInsert - wrapper for inserting a new chardev into VM def
	virDomainChrRemove - wrapper for removing chardev from VM def
	There is, however, one internal helper as well:
	virDomainChrGetDomainPtrs which sets given pointers to one of
	vmdef->{parallels,serials,consoles,channels} based on passed
	chardev type.

2013-07-12  Peter Krempa  <pkrempa@redhat.com>

	remote: Improve libssh2 password authentication
	This patch enables the password authentication in the libssh2 connection
	driver. There are a few benefits to this step:
	1) Hosts with challenge response authentication will now be supported
	with the libssh2 connection driver.
	2) Credential for hosts can now be stored in the authentication
	credential config file

	libssh2: Improve password based authentication
	The password authentication method wasn't used as there wasn't a
	pleasant way to pass the password. This patch adds the option to use
	virAuth util functions to request the password either from a config file
	or uses the conf callback to request it from the user.

	virAuth: Don't require virConnectPtr to retrieve authentication creds
	Previously a connection object was required to retrieve the auth
	credentials. This patch adds the option to call the retrieval functions
	only using the connection URI or path to the configuration file. This
	will allow to use this toolkit to request passwords for ssh
	authentication in the libssh2 connection driver.
	Changes:
	*virAuthGetConfigFilePathURI(): use URI to retrieve the config file path
	*virAuthGetCredential(): Remove the need to propagate conn object
	virAuthGetPasswordPath():
	*virAuthGetUsernamePath(): New functions, that use config file path
	                           instead of conn object

2013-07-12  hejia hejia  <jiakernel@gmail.com>

	nodeinfo: Don't fail on non-contiguous NUMA topologies
	nodeGetFreeMemory and nodeGetCellsFreeMemory assumed that the NUMA nodes
	are contiguous and starting from 0. Unfortunately there are machines
	that don't match this assumption:
	available: 1 nodes (1)
	node 1 cpus: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
	node 1 size: 16340 MB
	node 1 free: 11065 MB
	Before this patch:
	error: internal error Failed to query NUMA free memory
	error: internal error Failed to query NUMA free memory for node: 0
	After this patch:
	Total: 15772580 KiB
	0: 0 KiB

2013-07-12  Eric Blake  <eblake@redhat.com>

	util: make virSetUIDGID async-signal-safe
	https://bugzilla.redhat.com/show_bug.cgi?id=964358
	POSIX states that multi-threaded apps should not use functions
	that are not async-signal-safe between fork and exec, yet we
	were using getpwuid_r and initgroups.  Although rare, it is
	possible to hit deadlock in the child, when it tries to grab
	a mutex that was already held by another thread in the parent.
	I actually hit this deadlock when testing multiple domains
	being started in parallel with a command hook, with the following
	backtrace in the child:
	 Thread 1 (Thread 0x7fd56bbf2700 (LWP 3212)):
	 #0  __lll_lock_wait ()
	     at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136
	 #1  0x00007fd5761e7388 in _L_lock_854 () from /lib64/libpthread.so.0
	 #2  0x00007fd5761e7257 in __pthread_mutex_lock (mutex=0x7fd56be00360)
	     at pthread_mutex_lock.c:61
	 #3  0x00007fd56bbf9fc5 in _nss_files_getpwuid_r (uid=0, result=0x7fd56bbf0c70,
	     buffer=0x7fd55c2a65f0 "", buflen=1024, errnop=0x7fd56bbf25b8)
	     at nss_files/files-pwd.c:40
	 #4  0x00007fd575aeff1d in __getpwuid_r (uid=0, resbuf=0x7fd56bbf0c70,
	     buffer=0x7fd55c2a65f0 "", buflen=1024, result=0x7fd56bbf0cb0)
	     at ../nss/getXXbyYY_r.c:253
	 #5  0x00007fd578aebafc in virSetUIDGID (uid=0, gid=0) at util/virutil.c:1031
	 #6  0x00007fd578aebf43 in virSetUIDGIDWithCaps (uid=0, gid=0, capBits=0,
	     clearExistingCaps=true) at util/virutil.c:1388
	 #7  0x00007fd578a9a20b in virExec (cmd=0x7fd55c231f10) at util/vircommand.c:654
	 #8  0x00007fd578a9dfa2 in virCommandRunAsync (cmd=0x7fd55c231f10, pid=0x0)
	     at util/vircommand.c:2247
	 #9  0x00007fd578a9d74e in virCommandRun (cmd=0x7fd55c231f10, exitstatus=0x0)
	     at util/vircommand.c:2100
	 #10 0x00007fd56326fde5 in qemuProcessStart (conn=0x7fd53c000df0,
	     driver=0x7fd55c0dc4f0, vm=0x7fd54800b100, migrateFrom=0x0, stdin_fd=-1,
	     stdin_path=0x0, snapshot=0x0, vmop=VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
	     flags=1) at qemu/qemu_process.c:3694
	 ...
	The solution is to split the work of getpwuid_r/initgroups into the
	unsafe portions (getgrouplist, called pre-fork) and safe portions
	(setgroups, called post-fork).
	* src/util/virutil.h (virSetUIDGID, virSetUIDGIDWithCaps): Adjust
	signature.
	* src/util/virutil.c (virSetUIDGID): Add parameters.
	(virSetUIDGIDWithCaps): Adjust clients.
	* src/util/vircommand.c (virExec): Likewise.
	* src/util/virfile.c (virFileAccessibleAs, virFileOpenForked)
	(virDirCreate): Likewise.
	* src/security/security_dac.c (virSecurityDACSetProcessLabel):
	Likewise.
	* src/lxc/lxc_container.c (lxcContainerSetID): Likewise.
	* configure.ac (AC_CHECK_FUNCS_ONCE): Check for setgroups, not
	initgroups.

	util: add virGetGroupList
	Since neither getpwuid_r() nor initgroups() are safe to call in
	between fork and exec (they obtain a mutex, but if some other
	thread in the parent also held the mutex at the time of the fork,
	the child will deadlock), we have to split out the functionality
	that is unsafe.  At least glibc's initgroups() uses getgrouplist
	under the hood, so the ideal split is to expose getgrouplist for
	use before a fork.  Gnulib already gives us a nice wrapper via
	mgetgroups; we wrap it once more to look up by uid instead of name.
	* bootstrap.conf (gnulib_modules): Add mgetgroups.
	* src/util/virutil.h (virGetGroupList): New declaration.
	* src/util/virutil.c (virGetGroupList): New function.
	* src/libvirt_private.syms (virutil.h): Export it.

	util: improve user lookup helper
	A future patch needs to look up pw_gid; but it is wasteful
	to crawl through getpwuid_r twice for two separate pieces
	of information, and annoying to copy that much boilerplate
	code for doing the crawl.  The current internal-only
	virGetUserEnt is also a rather awkward interface; it's easier
	to just design it to let callers request multiple pieces of
	data as needed from one traversal.
	And while at it, I noticed that virGetXDGDirectory could deref
	NULL if the getpwuid_r lookup fails.
	* src/util/virutil.c (virGetUserEnt): Alter signature.
	(virGetUserDirectory, virGetXDGDirectory, virGetUserName): Adjust
	callers.

2013-07-12  John Ferlan  <jferlan@redhat.com>

	qemu_hostdev: Resolve Coverity issue
	Recent changes uncovered a possibility that 'last_processed_hostdev_vf'
	was set to -1 in 'qemuPrepareHostdevPCIDevices' and would cause problems
	in for loop end condition in the 'resetvfnetconfig' label if the
	variable was never set to 'i' due to 'qemuDomainHostdevNetConfigReplace'
	failure.

	storage_backend: Resolve Coverity issue
	The switch statement in 'virStorageBackendCreateQemuImgOpts' used the
	for loop end condition 'VIR_STORAGE_FILE_FEATURE_LAST' as a possible value,
	but since that cannot happen Coverity spits out a DEADCODE message. Adding
	the Coverity tag just removes the Coverity message

	virsh-nodedev: Resolve Coverity issues
	Recent changes uncovered FORWARD_NULL and NEGATIVE_RETURNS problems with
	the processing of the 'ndevices' and its associated allocated arrays in
	'vshNodeDeviceListCollect' due to the possibility of returning -1 in a
	call and using the returned value as a for loop index end condition.

	virsh-interface: Resolve Coverity issues
	Recent changes uncovered FORWARD_NULL and NEGATIVE_RETURNS problems with
	the processing of the 'nActiveIfaces' and 'nInactiveIfaces' and their
	associated allocated arrays in 'vshInterfaceListCollect' due to the
	possibility of returning -1 in a call and using the return value as a
	for loop index end condition.

	virsh-domain-monitor: Resolve Coverity issues
	Recent changes uncovered a pair of NEGATIVE_RETURNS when processing the
	'nnames' in 'vshDomainListCollect' in the for loop due to possible -1 value.

	testutils: Resolve Coverity issues
	Recent changes uncovered a NEGATIVE_RETURNS in the return from sysconf()
	when processing a for loop in virtTestCaptureProgramExecChild() in
	testutils.c
	Code review uncovered 3 other code paths with the same condition that
	weren't found by Covirity, so fixed those as well.

	hellolibvirt: Resolve Coverity issues
	Recent changes uncovered a NEGATIVE_RETURNS when processing 'numNames'
	in 'showDomains' in the for loop after a possible -1 return.

2013-07-12  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Future patches need LGPLv2+ versions of some modules that had
	recent license changes; but separating the gnulib update from
	the actual use of the modules makes it easier to backport to
	an older version while avoiding a submodule update (assuming,
	of course, that the backport is to a system where glibc provides
	adequate functionaliy without needing the gnulib module).
	* .gnulib: Update to latest, for modules needed in later patches.

2013-07-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Fix hot (un-)plug error codes and messages
	With current code, error reporting for unsupported devices for hot plug,
	unplug and update is total mess. The VIR_ERR_CONFIG_UNSUPPORTED error
	code is reported instead of VIR_ERR_OPERATION_UNSUPPORTED. Moreover, the
	error messages are not helping to find the root cause (lack of
	implementation).

	conf: Rework virDomainDeviceDefParse
	When adding a new domain device, it is fairly easy to forget to add
	corresponding piece into virDomainDeviceDefParse. However, if the
	internal structure is changed to one bit switch() the compiler will warn
	about not handled enum item.

	conf: Extend device types handled by virDomainDeviceDefParse
	Not all device types are currently parsed in virDomainDeviceDefParse,
	Since all needed functions do exist, nothing holds us back to make the
	implementation complete. Similarly, the virDomainDeviceDefFree needs to
	be updated as well.

2013-07-11  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: remove some incorrect setting ATTRIBUTE_UNUSED
	these parameters shouldn't be marked as ATTRIBUTE_UNUSED.

2013-07-11  Ján Tomko  <jtomko@redhat.com>

	storage: return -1 when fs pool can't be mounted
	Don't reuse the return value of virStorageBackendFileSystemIsMounted.
	If it's 0, we'd return it even if the mount command failed.
	Also, don't report another error if it's -1, since one has already
	been reported.
	Introduced by 258e06c.
	https://bugzilla.redhat.com/show_bug.cgi?id=981251

2013-07-11  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Slightly increase memory limit
	For low-memory domains (roughly under 400MB) our automatic memory limit
	computation comes up with a limit that's too low. This is because the
	0.5 multiplication does not add enough for such small values. Let's
	increase the constant part of the computation to fix this.

2013-07-11  Laine Stump  <laine@laine.org>

	util: add rebase fix that was accidentally omitted from previous patch
	I had made the change locally, so make check and make syntax-check
	were successful, but forgot to add/commit. Unfortunately, git allows a
	push when the local directory is dirty, so it didn't catch my mistake.

	util: use VIR_(APPEND|DELETE)_ELEMENT for pci/usb device lists
	Eliminate memmove() by using VIR_*_ELEMENT API instead.
	In both pci and usb cases, the count that held the size of the list
	was unsigned int so it had to be changed to size_t.

2013-07-11  Daniel P. Berrange  <berrange@redhat.com>

	Prevent use of 'int' data type & 'ii', 'jj', 'kk' var names for loops
	Add two syntax-check rules
	 - sc_prohibit_int_ijk - block use of 'int' as a data type
	   for any variables named 'i', 'j', 'k'
	 - sc_prohibit_int_iijjkk - block use of 'ii', 'jj', 'kk'
	   for any variable names

	Convert 'int i' to 'size_t i' in examples/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in python/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/cpu/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/hyperv/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/interface/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/network/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/libxl/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/locking/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/lxc/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/node_device/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/nwfilter/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/openvz/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/parallels/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/phyp/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/qemu files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/remote/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/rpc/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/secret/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/security files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/test/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/uml/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/vbox/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/storage/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/{esx,vmx,vmware} files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/{xen,xenapi,xenxs} files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in tools/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in tests/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/util/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/conf/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

2013-07-10  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix bridge routines detection on kFreeBSD
	In order to properly detect bridge related definitions such as
	BRDGSFD, BRDGADD and BRDGDEL on kFreeBSD we need to include
	<stdint.h>.
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715321
	Reported by Laurent Bigonville.

2013-07-10  Ján Tomko  <jtomko@redhat.com>

	Fix crash when multiple event callbacks were registered
	CVE-2013-2230
	Don't overwrite the callback ID returned by
	virDomainEventStateRegisterID in ret by 0.
	Introduced by abf75aea.

	qemu: fix double free in qemuMigrationPrepareDirect
	Remove assignment of the string freed by virURIFree
	to hostname, since it's not used anywhere.
	Double free introduced by ddf8ad8, useless code
	introduced by f03dcc5.
	https://bugzilla.redhat.com/show_bug.cgi?id=977961

2013-07-10  Daniel P. Berrange  <berrange@redhat.com>

	Convert 'int i' to 'size_t i' in daemon/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

2013-07-10  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to VIR_ALLOC and virAsprintf in tools/*

	Adapt to VIR_ALLOC and virAsprintf in tests/*

	Adapt to VIR_ALLOC and virAsprintf in src/*

	Adapt to VIR_ALLOC and virAsprintf in src/xenxs/*

	Adapt to VIR_ALLOC and virAsprintf in src/xenapi/*

	Adapt to VIR_ALLOC and virAsprintf in src/xen/*

	Adapt to VIR_ALLOC and virAsprintf in src/vmx/*

	Adapt to VIR_ALLOC and virAsprintf in src/vmware/*

	Adapt to VIR_ALLOC and virAsprintf in src/vbox/*

	Adapt to VIR_ALLOC and virAsprintf in src/util/*

	Adapt to VIR_ALLOC and virAsprintf in src/uml/*

	Adapt to VIR_ALLOC and virAsprintf in src/test/*

	Adapt to VIR_ALLOC and virAsprintf in src/storage/*

	Adapt to VIR_ALLOC and virAsprintf in src/security/*

	Adapt to VIR_ALLOC and virAsprintf in src/secret/*

	Adapt to VIR_ALLOC and virAsprintf in src/rpc/*

	Adapt to VIR_ALLOC and virAsprintf in src/remote/*

	Adapt to VIR_ALLOC and virAsprintf in src/qemu/*

	Adapt to VIR_ALLOC and virAsprintf in src/phyp/*

	Adapt to VIR_ALLOC and virAsprintf in src/parallels/*

	Adapt to VIR_ALLOC and virAsprintf in src/openvz/*

	Adapt to VIR_ALLOC and virAsprintf in src/nwfilter/*

	Adapt to VIR_ALLOC and virAsprintf in src/network/*

	Adapt to VIR_ALLOC and virAsprintf in src/node_device/*

	Adapt to VIR_ALLOC and virAsprintf in src/lxc/*

	Adapt to VIR_ALLOC and virAsprintf in src/locking/*

	Adapt to VIR_ALLOC and virAsprintf in src/libxl/*

	Adapt to VIR_ALLOC and virAsprintf in src/interface/*

	Adapt to VIR_ALLOC and virAsprintf in src/hyperv/*

	Adapt to VIR_ALLOC and virAsprintf in src/esx/*

	Adapt to VIR_ALLOC and virAsprintf in src/cpu/*

	Adapt to VIR_ALLOC and virAsprintf in src/conf/*

	Adapt to VIR_ALLOC and virAsprintf in src/access/*

	Adapt to VIR_ALLOC and virAsprintf in daemon/*

	Adapt to VIR_ALLOC and virAsprintf in docs/

	Introduce OOM reporting to virAsprintf
	Actually, I'm turning this function into a macro as filename,
	function name and line number needs to be passed. The new
	function virAsprintfInternal is introduced with the extended set
	of arguments.

	viralloc: Report OOM error on failure
	Similarly to VIR_STRDUP, we want the OOM error to be reported in
	VIR_ALLOC and friends.

2013-07-10  Martin Kletzander  <mkletzan@redhat.com>

	Properly detect VMDK with internal version 2
	Initially proposed as [1], but then changed to comment fix only.  VMDK
	can have internal version set to 2 when there are few features added
	which do not affect us.  Thanks to Jan's commit a1ee8e18 this can be
	easily fixed by adding it to list of supported versions.
	[1] http://www.redhat.com/archives/libvir-list/2013-June/msg00419.html
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=836676

2013-07-10  Eric Blake  <eblake@redhat.com>

	build: honor autogen.sh --no-git
	Based on a report by Chandrashekar Shastri, at
	https://bugzilla.redhat.com/show_bug.cgi?id=979360
	On systems where git cannot access the outside world, a developer
	can instead arrange to get a copy of gnulib at the right commit
	via side channels (such as NFS share drives), set GNULIB_SRCDIR,
	then use ./autogen.sh --no-git.  In this setup, we will now
	avoid direct use of git.  Of course, this means no automatic
	gnulib updates when libvirt.git updates its submodule, but it
	is expected that any developer in such a situation is already
	prepared to deal with the fallout.
	* .gnulib: Update to latest, for bootstrap.
	* bootstrap: Synchronize from gnulib.
	* autogen.sh (no_git): Avoid git when requested.
	* cfg.mk (_update_required): Skip automatic rerun of bootstrap if
	we can't use git.
	* docs/compiling.html.in: Document this setup.
	* docs/hacking.html.in: Mention this.
	* HACKING: Regenerate.

	maint: tweak use of <a> in HACKING
	The previous handling of <a> tags led to some less-than-ideal
	layout in HACKING (most noticeable on a mid-sentence reference
	to the valgrind home page).
	* docs/hacking.html.in: Slight tweaks to <a> tags.
	* docs/hacking1.xsl: Move <a> handling...
	* docs/hacking2.xsl: ...here.
	* HACKING: Regenerate.

	maint: fix typo in qemu error message
	Introduced in commit d47eff88.
	* src/qemu/qemu_driver.c (qemuDomainSetVcpusFlags): Fix spelling.

2013-07-09  Cole Robinson  <crobinso@redhat.com>

	daemon: Fix command example in libvirtd.sasl
	sasldblistusers2 doesn't have a '-a' option

2013-07-09  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: hostdev: create parent directory for hostdev
	Create parent directroy for hostdev automatically when we
	start a lxc domain or attach a hostdev to a lxc domain.

	LXC: hostdev: introduce lxcContainerSetupHostdevCapsMakePath
	This helper function is used to create parent directory for
	the hostdev which will be added to the container. If the
	parent directory of this hostdev doesn't exist, the mknod of
	the hostdev will fail. eg with /dev/net/tun

2013-07-09  Richard Weinberger  <richard@nod.at>

	LXC: Create /dev/tty within a container
	Many applications use /dev/tty to read from stdin.
	e.g. zypper on openSUSE.
	Let's create this device node to unbreak those applications.
	As /dev/tty is a synonym for the current controlling terminal
	it cannot harm the host or any other containers.

2013-07-09  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	scsi: Fix construction of sysfs device path
	The device bus value was used instead of the device target when
	building the sysfs device path. Trivial.

2013-07-08  Peter Krempa  <pkrempa@redhat.com>

	selinux: Always generate imagelabel
	The imagelabel SELinux label was only generated when relabeling was
	enabled. This prohibited labeling of files created by libvirt that need
	to be labeled even if relabeling is turned off.
	The only codepath this change has direct impact on is labeling of FDs
	passed to qemu which is always safe in current state.

	selinux: Cleanup coding style

2013-07-08  John Ferlan  <jferlan@redhat.com>

	Resolve Coverity complaints in tests/securityselinuxlabeltest.c
	Two complaints of RESOURCE_FREE due to going to cleanup prior to a
	VIR_FREE(line).  Two complaints of FORWARD_NULL due to 'tmp' being
	accessed after a strchr() without first checking if the return was NULL.
	While looking at the code it seems that 'line' need only be allocated
	once as the while loop will keep reading into line until eof causing
	an unreported leak since line was never VIR_FREE()'d at the bottom of
	the loop.

2013-07-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Set RLIMIT_MEMLOCK when memoryBacking/locked is used
	If a domain is configured to have all its memory locked, we need to set
	RLIMIT_MEMLOCK so that QEMU is actually allowed to lock the memory.

	qemu: Use qemuDomainMemoryLimit when computing memory for VFIO

	qemu: Move memory limit computation to a reusable function

	Don't spam logs with "port 0 must be in range" errors
	Whenever virPortAllocatorRelease is called with port == 0, it complains
	that the port is not in an allowed range, which is expectable as the
	port was never allocated. Let's make virPortAllocatorRelease ignore 0
	ports in a similar way free() ignores NULL pointers.

	qemu: Release correct websocket port

	Paused domain should remain paused after migration
	https://bugzilla.redhat.com/show_bug.cgi?id=981139
	If a domain is paused before migration starts, we need to tell that to
	the destination libvirtd to prevent it from resuming the domain at the
	end of migration. This regression was introduced by commit 5379bb0.

2013-07-05  Ján Tomko  <jtomko@redhat.com>

	conf: don't check hyperv spinlock retries if disabled
	<hyperv>
	  <spinlocks state='off'/>
	</hyperv>
	results in:
	error: XML error: missing HyperV spinlock retry count
	Don't require retries when state is off and use virXPathUInt
	instead of virXPathString to simplify parsing.
	https://bugzilla.redhat.com/show_bug.cgi?id=784836#c19

2013-07-04  Jiri Denemark  <jdenemar@redhat.com>

	Fix NULL dereference caused by ACL filtering of domains
	Caused by 763973607ddace04562da1a1e545ab6692d5175f.

2013-07-04  Ján Tomko  <jtomko@redhat.com>

	Unlock the storage volume object after looking it up
	Introduced by c930410.
	https://bugzilla.redhat.com/show_bug.cgi?id=980676

	Fix build with clang
	Partially revert cdd703f's revert of c163410, as linking with clang
	with --param=ssp-buffer-size=4 still fails with:
	"argument unused during compilation".

2013-07-04  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	libxl: fix deadlock in libxlReconnectDomain
	Use virDomainObjListRemoveLocked instead of virDomainObjListRemove, as
	driver->domains is already taken by virDomainObjListForEach.
	Above deadlock can be triggered when libvirtd is started after some
	domain have been started by hand (in which case driver will not find
	libvirt-xml domain config).

	conf: virDomainObjListRemoveLocked function
	While iterating with virDomainObjListForEach it is safe to remove
	current element. But while iterating, 'doms' lock is already taken, so
	can't use standard virDomainObjListRemove. So introduce
	virDomainObjListRemoveLocked for this purpose.

2013-07-04  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	The latest mingw headers on Fedora 19 fail to build with gnulib
	without an update.
	Meanwhile, now that upstream gnulib has better handling of -W
	probing for clang, we can drop some of our own solutions in
	favor of upstream; thus this reverts commit c1634100, "Correctly
	detect warning flags with clang".
	* .gnulib: Update to latest, for mingw and clang.

2013-07-03  Daniel P. Berrange  <berrange@redhat.com>

	Extend the ACL test case to validate filter rule checks
	The 'check-aclrules' test case validates that there are ACL
	checks in each method. This extends it so that it can also
	validate that methods which return info about lists of objects,
	will filter their returned info throw an ACL check.

	Add access control filtering of interface objects
	Ensure that all APIs which list interface objects filter
	them against the access control system.
	This makes the APIs for listing names and counting devices
	slightly less efficient, since we can't use the direct
	netcf APIs for these tasks. Instead we have to ask netcf
	for the full list of objects & iterate over the list
	filtering them out.

	Add access control filtering of nwfilter objects
	Ensure that all APIs which list nwfilter objects filter
	them against the access control system.

	Add access control filtering of secret objects
	Ensure that all APIs which list secret objects filter
	them against the access control system.

	Add access control filtering of storage objects
	Ensure that all APIs which list storage objects filter
	them against the access control system.

	Add access control filtering of node device objects
	Ensure that all APIs which list node device objects filter
	them against the access control system.

	Add access control filtering of network objects
	Ensure that all APIs which list network objects filter
	them against the access control system.

	Change signature of ACL filter functions
	Change the ACL filter functions to use a 'bool' return
	type instead of a tri-state 'int' return type. The callers
	of these functions don't want to distinguish 'auth failed'
	from other errors.

	Add access control filtering of domain objects
	Ensure that all APIs which list domain objects filter
	them against the access control system.

2013-07-03  Guido Günther  <agx@sigxcpu.org>

	Put virt-sanlock-cleanup into section 8
	as indicated by the filename.

2013-07-03  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Allow seamless migration for domains with multiple graphics
	Since commit 23e8b5d8, the code is refactored in a way that supports
	domains with multiple graphics elements and commit 37b415200 allows
	starting such domains.  However none of those commits take migration
	into account.  Even though qemu doesn't support relocation for
	anything else than SPICE and for no more than one graphics, there is no
	reason to hardcode one graphics into this part of the code as well.

	qemu: Don't miss errors when changing graphics passwords
	Commit 23e8b5d8e7a92bac85b7fd2aca8992501bf680ee forgot to check the
	return value for all calls to qemuDomainChangeGraphicsPasswords().

2013-07-03  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: blkio: allow to setup weight_device
	libivrt lxc can only set generic weight for container,
	This patch allows user to setup per device blkio
	weigh for container.

	LXC: fix memory leak when userns configuration is incorrect
	We forgot to free the stack when Kernel doesn't
	support user namespace.

2013-07-03  Michal Privoznik  <mprivozn@redhat.com>

	virNetDevBandwidthUnplug: Don't leak @cmd
	When removing a TAP device, the associated bandwidth settings are
	removed. Currently, the /sbin/tc is used for that. It is spawned
	several times. Moreover, we use the same @cmd variable to
	construct the command and its arguments. That means we need to
	virCommandFree(cmd); prior to each virCommandNew(TC); which
	wasn't done.

	virCgroupNewPartition: Don't leak @newpath
	The @newpath variable is allocated in virCgroupSetPartitionSuffix(). But
	it's newer freed.

2013-07-03  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	qemu: Implement 'oncrash' coredump events when guest panicked
	Add doDumpCoreToAutoPath to implement
	'coredump-destroy' and 'coredump-restart' events of the 'on_crash'
	in the XML when domain crashed.

	qemu: Implement 'oncrash' events when guest panicked
	Add monitor callback API domainGuestPanic, that implements
	'destroy', 'restart' and 'preserve' events of the 'on_crash'
	in the XML when domain crashed.

	qemu: expose qemuProcessShutdownOrReboot()
	Later code will need this outside of qemu_process.c

	qemu: refactor processWatchdogEvent
	Split the code to make the driver workpool more generalized

	libvirt: Define domain crash event types
	This patch introduces domain crashed types and crashed reasons which
	will be used while guest panicked.

2013-07-03  Eric Blake  <eblake@redhat.com>

	build: don't ship access syms files in tarball
	On a mingw VPATH build (such as done by ./autobuild.sh), the tarball
	created by 'make dist' was including generated files.  The VPATH
	rules were then seeing that the tarball files were up-to-date, and
	not regenerating files locally, leading to this failure:
	  GEN      libvirt.syms
	cat: libvirt_access.syms: No such file or directory
	cat: libvirt_access_qemu.syms: No such file or directory
	cat: libvirt_access_lxc.syms: No such file or directory
	make: *** [libvirt.syms] Error 1
	We already have a category for generated sym files, which are
	intentionally not part of the tarball; stick the access sym
	files in that category.  The rearrange the declarations a bit
	to make it harder to repeat the problem, dropping things that
	are now redundant (for example, BUILT_FILES already includes
	GENERATED_SYM_FILES, so it does not also need to call out
	ACCESS_DRIVER_SYM_FILES).
	* src/Makefile.am (USED_SYM_FILES): Don't include generated files.
	(GENERATED_SYM_FILES): Access syms files are generated.
	(libvirt.syms): Include access syms files here.
	(ACCESS_DRIVER_SYMFILES): Rename...
	(ACCESS_DRIVER_SYM_FILES): ...for consistency.

2013-07-02  Daniel P. Berrange  <berrange@redhat.com>

	Add some misc debugging to LXC startup
	Add some debug logging of LXC wait/continue messages
	and uid/gid map update code.

	Ignore failure to mount SELinux filesystem in container
	User namespaces will deny the ability to mount the SELinux
	filesystem. This is harmless for libvirt's LXC needs, so the
	error can be ignored.

2013-07-02  Eric Blake  <eblake@redhat.com>

	build: work around mingw header pollution
	On Fedora 18, when cross-compiling to mingw with the mingw*-dbus
	packages installed, compilation fails with:
	  CC       libvirt_net_rpc_server_la-virnetserver.lo
	In file included from /usr/i686-w64-mingw32/sys-root/mingw/include/dbus-1.0/dbus/dbus-connection.h:32:0,
	                 from /usr/i686-w64-mingw32/sys-root/mingw/include/dbus-1.0/dbus/dbus-bus.h:30,
	                 from /usr/i686-w64-mingw32/sys-root/mingw/include/dbus-1.0/dbus/dbus.h:31,
	                 from ../../src/util/virdbus.h:26,
	                 from ../../src/rpc/virnetserver.c:39:
	/usr/i686-w64-mingw32/sys-root/mingw/include/dbus-1.0/dbus/dbus-message.h:74:58: error: expected ';', ',' or ')' before 'struct'
	I have reported this as a bug against two packages:
	- mingw-headers, for polluting the namespace
	https://bugzilla.redhat.com/show_bug.cgi?id=980270
	- dbus, for not dealing with the pollution
	https://bugzilla.redhat.com/show_bug.cgi?id=980278
	At least dbus has agreed that a future version of dbus headers will
	do s/interface/iface/, regardless of what happens in mingw. But it
	is also easy to workaround in libvirt in the meantime, without having
	to wait for either mingw or dbus to upgrade.
	* src/util/virdbus.h (includes): Undo mingw's pollution so that
	dbus doesn't fail.

2013-07-02  Michal Privoznik  <mprivozn@redhat.com>

	qemuNodeDeviceDetachFlags: Avoid use of uninitialized variables
	After abf75aea24 the compiler screams:
	qemu/qemu_driver.c: In function 'qemuNodeDeviceDetachFlags':
	qemu/qemu_driver.c:10693:9: error: 'domain' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	     pci = virPCIDeviceNew(domain, bus, slot, function);
	         ^
	qemu/qemu_driver.c:10693:9: error: 'bus' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	qemu/qemu_driver.c:10693:9: error: 'slot' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	qemu/qemu_driver.c:10693:9: error: 'function' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	Since the other functions qemuNodeDeviceReAttach and qemuNodeDeviceReset
	looks exactly the same, I've initialized the variables there as well.
	However, I am still wondering why those functions don't matter to gcc
	while the first one does.

2013-07-02  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: fuse: Change files owner to the root user of container
	The owner of the /proc/meminfo in container should
	be the root user of container.

	LXC: controller: change the owner of /dev/pts and ptmx to the root of container
	These files are created for container,
	the owner should be the root user of container.

	LXC: controller: change the owner of devices created on host
	Since these devices are created for the container.
	the owner should be the root user of the container.

	LXC: controller: change the owner of /dev to the root user of container
	container will create /dev/pts directory in /dev.
	the owner of /dev should be the root user of container.

	LXC: controller: change the owner of tty devices to the root user of container
	Since these tty devices will be used by container,
	the owner of them should be the root user of container.
	This patch also adds a new function virLXCControllerChown,
	we can use this general function to change the owner of
	files.

	LXC: Creating devices for container on host side
	user namespace doesn't allow to create devices in
	uninit userns. We should create devices on host side.
	We first mount tmpfs on dev directroy under state dir
	of container. then create devices under this dev dir.
	Finally in container, mount the dev directroy created
	on host to the /dev/ directroy of container.

	LXC: introduce virLXCControllerSetupUserns and lxcContainerSetID
	This patch introduces new helper function
	virLXCControllerSetupUserns, in this function,
	we set the files uid_map and gid_map of the init
	task of container.
	lxcContainerSetID is used for creating cred for
	tasks running in container. Since after setuid/setgid,
	we may be a new user. This patch calls lxcContainerSetUserns
	at first to make sure the new created files belong to
	right user.

	LXC: sort the uidmap/gidmap of domain
	Make sure the mapping line contains the root user of container
	is the first element of idmap array. So we can get the real
	user id on host for the container easily.
	This patch also check the map information, User must map
	the root user of container to any user of host.

	LXC: enable user namespace only when user set the uidmap
	User namespace will be enabled only when the idmap exist
	in configuration.
	If you want disable user namespace,just remove these
	elements from XML.
	If kernel doesn't support user namespace and idmap exist
	in configuration file, libvirt lxc will start failed and
	return "Kernel doesn't support user namespace" message.

	LXC: Introduce New XML element for user namespace
	This patch introduces new element <idmap> for
	user namespace. for example
	<idmap>
	    <uid start='0' target='1000' count='10'/>
	    <gid start='0' target='1000' count='10'/>
	</idmap>
	this new element is used for setting proc files
	/proc/<pid>/{uid_map,gid_map}.
	This patch also supports multiple uid/gid elements
	setting in XML configuration.
	We don't support the semi configuation, user has to
	configure uid and gid both.

2013-07-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: Improve info message and remove a variable in qemuDomainManagedSave
	Mention the domain name that is being saved and remove the unneeded
	variable that only stores a constant.

	docs: Document hypervisor drivers that support certain timer models
	Not every timer model is supported with each hypervisor. Explicitly
	mention the driver supporting each timer model.

2013-07-02  Ján Tomko  <jtomko@redhat.com>

	qemu: fix return value of qemuDomainBlockPivot on errors
	If qemuMonitorBlockJob returned 0, qemuDomainBlockPivot
	might return 0 even if an error occured.
	https://bugzilla.redhat.com/show_bug.cgi?id=977678

2013-07-02  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: implement per NUMA node free memory reporting
	By providing the implementation of nodeGetCellsFreeMemory for
	the driver. This is all just a matter of properly formatting, in
	a way that libvirt like, what Xen provides via libxl_get_numainfo().
	[raistlin@Zhaman ~]$ sudo virsh --connect xen:/// freecell --all
	    0:      25004 KiB
	    1:     105848 KiB
	--------------------
	Total:     130852 KiB

2013-07-02  Eric Blake  <eblake@redhat.com>

	build: configure must not affect tarball contents
	On mingw, configure sets the name of the lxc symfile to
	libvirt_lxc.defs rather than libvirt_lxc.syms.  But tarballs
	must be arch-independent, regardless of the configure options
	used for the tree where we ran 'make dist'.  This led to the
	following failure in autobuild.sh:
	  CCLD     libvirt-lxc.la
	  CCLD     libvirt-qemu.la
	/usr/lib64/gcc/i686-w64-mingw32/4.7.2/../../../../i686-w64-mingw32/bin/ld: cannot find libvirt_lxc.def: No such file or directory
	collect2: error: ld returned 1 exit status
	make[3]: *** [libvirt-lxc.la] Error 1
	make[3]: *** Waiting for unfinished jobs....
	We were already doing the right thing with libvirt_qemu.syms.
	* src/Makefile.am (EXTRA_DIST): Don't ship a built file which
	depends on configure for its final name.

	build: avoid build failure without gnutls
	Found while trying to cross-compile to mingw:
	  CC       libvirt_driver_remote_la-remote_driver.lo
	../../src/remote/remote_driver.c: In function 'doRemoteOpen':
	../../src/remote/remote_driver.c:487:23: error: variable 'verify' set but not used [-Werror=unused-but-set-variable]
	* src/remote/remote_driver.c (doRemoteOpen): Also ignore 'verify'.

2013-07-02  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Drop iptablesContext
	iptablesContext holds only 4 pairs of iptables
	(table, chain) and there's no need to pass
	it around.
	This is a first step towards separating bridge_driver.c
	in platform-specific parts.

2013-07-01  Ján Tomko  <jtomko@redhat.com>

	qemu: indentation fix

2013-07-01  Michal Novotny  <minovotn@redhat.com>

	qemu: Implement CPUs check against machine type's cpu-max
	Implement check whether (maximum) vCPUs doesn't exceed machine
	type's cpu-max settings.
	On older versions of QEMU the check is disabled.

2013-07-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.1.0
	* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
	* po/*.po*: updated localizations and regenerated

2013-07-01  Daniel P. Berrange  <berrange@redhat.com>

	Crash of libvirtd by unprivileged user in virConnectListAllInterfaces
	On Thu, Jun 27, 2013 at 03:56:42PM +0100, Daniel P. Berrange wrote:
	> Hi Security Team,
	>
	> I've discovered a way for an unprivileged user with a readonly connection
	> to libvirtd, to crash the daemon.
	Ok, the final patch for this is issue will be the simpler variant that
	Eric suggested
	The embargo can be considered to be lifted on Monday July 1st, at
	0900 UTC
	The following is the GIT change that DV or myself will apply to libvirt
	GIT master immediately before the 1.1.0 release:
	>From 177b4165c531a4b3ba7f6ab6aa41dca9ceb0b8cf Mon Sep 17 00:00:00 2001
	From: "Daniel P. Berrange" <berrange@redhat.com>
	Date: Fri, 28 Jun 2013 10:48:37 +0100
	Subject: [PATCH] CVE-2013-2218: Fix crash listing network interfaces with
	 filters
	The virConnectListAllInterfaces method has a double-free of the
	'struct netcf_if' object when any of the filtering flags cause
	an interface to be skipped over. For example when running the
	command 'virsh iface-list --inactive'
	This is a regression introduced in release 1.0.6 by
	  commit 7ac2c4fe624f30f2c8270116513fa2ddab07631f
	  Author: Guannan Ren <gren@redhat.com>
	  Date:   Tue May 21 21:29:38 2013 +0800
	    interface: list all interfaces with flags == 0

2013-07-01  Laine Stump  <laine@laine.org>

	pci: initialize virtual_functions array pointer to avoid segfault
	This fixes https://bugzilla.redhat.com/show_bug.cgi?id=971325
	The problem was that if virPCIGetVirtualFunctions was given the name
	of a non-existent interface, it would return to its caller without
	initializing the pointer to the array of virtual functions to NULL,
	and the caller (virNetDevGetVirtualFunctions) would try to VIR_FREE()
	the invalid pointer.
	The final error message before the crash would be:
	 virPCIGetVirtualFunctions:2088 :
	  Failed to open dir '/sys/class/net/eth2/device':
	  No such file or directory
	In this patch I move the initialization in virPCIGetVirtualFunctions()
	to the begining of the function, and also do an explicit
	initialization in virNetDevGetVirtualFunctions, just in case someone
	in the future adds code into that function prior to the call to
	virPCIGetVirtualFunctions.

	node device driver: update driver name during dumpxml
	This fixes:
	  https://bugzilla.redhat.com/show_bug.cgi?id=979290
	  https://bugzilla.redhat.com/show_bug.cgi?id=979330
	The node device driver was written with the assumption that udev would
	use a "change" event to notify libvirt of any change to device status
	(including the name of the driver it was bound to). It turns out this
	is not the case (see Comment 4 of BZ 979290). That means that a
	dumpxml for a device would always show whatever driver happened to be
	bound at the time libvirt was started (when the node device cache was
	built).
	There was already code in the driver (for the benefit of the HAL
	backend) that updated the driver name from sysfs each time a device's
	info was retrieved from the cache. This patch just enables that manual
	update for the udev backend as well.

2013-07-01  Daniel P. Berrange  <berrange@redhat.com>

	Document security reporting & handling process
	Historically security issues in libvirt have been primarily
	triaged & fixed by the Red Hat libvirt members & Red Hat
	security team, who then usually notify other vendors via
	appropriate channels. There have been a number of times
	when vendors have not been properly notified ahead of
	announcement. It has also disadvantaged community members
	who have to backport fixes to releases for which there are
	no current libvirt stable branches.
	To address this, we want to make the libvirt security process
	entirely community focused / driven. To this end I have setup
	a new email address "libvirt-security@redhat.com" for end
	users to report bugs which have (possible) security implications.
	This email addr is backed by an invitation only, private
	archive, mailing list. The intent is for the list membership
	to comprise a subset of the libvirt core team, along with any
	vendor security team engineers who wish to participate in a
	responsible disclosure process for libvirt. Members of the
	list will be responsible for analysing the problem to determine
	if a security issue exists and then issue fixes for all current
	official stable branches & git master.
	I am proposing the following libvirt core team people as
	members of the security team / list (all cc'd):
	   Daniel Berrange (Red Hat)
	   Eric Blake (Red Hat)
	   Jiri Denemar (Red Hat)
	   Daniel Veillard (Red Hat)
	   Jim Fehlig (SUSE)
	   Doug Goldstein (Gentoo)
	   Guido Günther (Debian)
	We don't have anyone from Ubuntu on the libvirt core team.
	Serge Hallyn is the most frequent submitter of patches from
	Ubuntu in recent history, so I'd like to invite him to join.
	Alternatively, Serge, feel free to suggest someone else to
	represent Ubuntu's interests.
	If any other vendors/distros have security people who are
	responsible for dealing with libvirt security issues, and
	want to join to get early disclosure of issues, they can
	suggest people. Existing security team members will vet /
	approve such requests to ensure they are genuine.
	Anyone on the team / list will be **required** to honour any
	embargo period agreed between members for non-public issues
	that are reported. The aim will be to have a maximum 2 week
	embargo period in the common case, extendable to 1 month if
	there is sufficient justification made. If anyone feels they
	are unable to follow such an embargo process for whatever
	reason, please decline membership of the security list/team.
	The patch which follows puts up some docs on the website
	about all of this....
	Document how to report security bugs and the process that
	will be used for addressing them.

2013-06-30  Eric Blake  <eblake@redhat.com>

	spec: require xen-devel for libxl driver
	When using 'rpmbuild --define "_without_xen 1"', but on a new enough
	Fedora where %{with_libxl} still gets set to 1 by default, the
	build dependencies were incomplete, which could result in 'make rpm'
	failing because ./configure failed to build the libxl driver.
	* libvirt.spec.in (BuildRequires): Fix xen-devel condition.

2013-06-29  John Ferlan  <jferlan@redhat.com>

	Resolve valgrind errors for nodedev cap parsing
	There were two errors, one as a direct result of commit id '8807b285'
	and the other from cut-n-paste
	TEST: nodedevxml2xmltest
	      ..............                           14  OK
	==25735== 3 bytes in 1 blocks are definitely lost in loss record 1 of 24
	==25735==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==25735==    by 0x344D2AF275: xmlStrndup (in /usr/lib64/libxml2.so.2.9.1)
	==25735==    by 0x4D0C767: virNodeDeviceDefParseNode (node_device_conf.c:997)
	==25735==    by 0x4D0D3D2: virNodeDeviceDefParse (node_device_conf.c:1337)
	==25735==    by 0x401CA4: testCompareXMLToXMLHelper (nodedevxml2xmltest.c:28)
	==25735==    by 0x402B2F: virtTestRun (testutils.c:158)
	==25735==    by 0x401B27: mymain (nodedevxml2xmltest.c:81)
	==25735==    by 0x40316A: virtTestMain (testutils.c:722)
	==25735==    by 0x37C1021A04: (below main) (libc-start.c:225)
	==25735==
	==25735== 16 bytes in 1 blocks are definitely lost in loss record 10 of 24
	==25735==    at 0x4A08A6E: realloc (vg_replace_malloc.c:662)
	==25735==    by 0x4C7385E: virReallocN (viralloc.c:184)
	==25735==    by 0x4C73906: virExpandN (viralloc.c:214)
	==25735==    by 0x4C73B4A: virInsertElementsN (viralloc.c:324)
	==25735==    by 0x4D0C84C: virNodeDeviceDefParseNode (node_device_conf.c:1026)
	==25735==    by 0x4D0D3D2: virNodeDeviceDefParse (node_device_conf.c:1337)
	==25735==    by 0x401CA4: testCompareXMLToXMLHelper (nodedevxml2xmltest.c:28)
	==25735==    by 0x402B2F: virtTestRun (testutils.c:158)
	==25735==    by 0x401B27: mymain (nodedevxml2xmltest.c:81)
	==25735==    by 0x40316A: virtTestMain (testutils.c:722)
	==25735==    by 0x37C1021A04: (below main) (libc-start.c:225)
	==25735==
	PASS: nodedevxml2xmltest
	The first error was resolved by adding a missing VIR_FREE(numberStr); in
	the new function virNodeDevCapPciDevIommuGroupParseXML().
	The second error was a bit more opaque as the error was a result of copying
	the free methodolgy of the existing code in virNodeDevCapsDefFree(). The code
	would free each of the entries in the array, but not the memory for the
	array itself.  Added the necessary VIR_FREE(data->pci_dev.iommuGroupDevices)
	and while at it added the missing VIR_FREE(data->pci_dev.virtual_functions)
	although there wasn't a test that tripped across it (thus it's been lurking
	since commit id 'a010165d').

	Resolve valgrind error in remoteConfigGetStringList()
	Commit id 'ed3bac71' introduced the following:
	TEST: libvirtdconftest
	      ........................................ 40  OK
	==25875== 690 (480 direct, 210 indirect) bytes in 30 blocks are definitely lost in loss record 18 of 24
	==25875==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
	==25875==    by 0x4C737DF: virAllocN (viralloc.c:152)
	==25875==    by 0x403BC8: remoteConfigGetStringList (libvirtd-config.c:74)
	==25875==    by 0x4042CF: daemonConfigLoadOptions (libvirtd-config.c:382)
	==25875==    by 0x4052F5: daemonConfigLoadData (libvirtd-config.c:479)
	==25875==    by 0x40222C: testCorrupt (libvirtdconftest.c:112)
	==25875==    by 0x40321F: virtTestRun (testutils.c:158)
	==25875==    by 0x401FEE: mymain (libvirtdconftest.c:228)
	==25875==    by 0x40385A: virtTestMain (testutils.c:722)
	==25875==    by 0x37C1021A04: (below main) (libc-start.c:225)
	==25875==
	PASS: libvirtdconftest

	Resolve valgrind error in virStorageBackendCreateQemuImgCmd()
	Commit id '53d5967c' introduced the following:
	TEST: storagevolxml2argvtest
	      ..............                           14  OK
	==25636== 358 (264 direct, 94 indirect) bytes in 1 blocks are definitely lost in loss record 67 of 75
	==25636==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
	==25636==    by 0x4C95791: virAlloc (viralloc.c:124)
	==25636==    by 0x4CA0BB4: virCommandNewArgs (vircommand.c:805)
	==25636==    by 0x4CA0C88: virCommandNew (vircommand.c:789)
	==25636==    by 0x408602: virStorageBackendCreateQemuImgCmd (storage_backend.c:849)
	==25636==    by 0x405427: testCompareXMLToArgvHelper (storagevolxml2argvtest.c:61)
	==25636==    by 0x4064DF: virtTestRun (testutils.c:158)
	==25636==    by 0x40516F: mymain (storagevolxml2argvtest.c:195)
	==25636==    by 0x406B1A: virtTestMain (testutils.c:722)
	==25636==    by 0x37C1021A04: (below main) (libc-start.c:225)
	==25636==
	PASS: storagevolxml2argvtest

	Resolve valgrind error in virNetDevVlanParse()
	Commit '861d4056' introduced the following:
	TEST: networkxml2xmltest
	      ..................                       18  OK
	==25504== 7 bytes in 1 blocks are definitely lost in loss record 5 of 23
	==25504==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==25504==    by 0x37C1085D71: strdup (strdup.c:42)
	==25504==    by 0x4CB835F: virStrdup (virstring.c:546)
	==25504==    by 0x4CC5179: virXPathString (virxml.c:90)
	==25504==    by 0x4CC75C2: virNetDevVlanParse (netdev_vlan_conf.c:78)
	==25504==    by 0x4CF928A: virNetworkPortGroupParseXML (network_conf.c:1555)
	==25504==    by 0x4CFE385: virNetworkDefParseXML (network_conf.c:2049)
	==25504==    by 0x4D0113B: virNetworkDefParseNode (network_conf.c:2273)
	==25504==    by 0x4D01254: virNetworkDefParse (network_conf.c:2234)
	==25504==    by 0x401E80: testCompareXMLToXMLHelper (networkxml2xmltest.c:32)
	==25504==    by 0x402D4F: virtTestRun (testutils.c:158)
	==25504==    by 0x401CE9: mymain (networkxml2xmltest.c:110)
	==25504==
	PASS: networkxml2xmltest
	Also changed the label from error to cleanup and adjusted code since it's
	all one exit path

2013-06-29  Philipp Hahn  <hahn@univention.de>

	doc: Fix reference to #elementsUSB
	aae0fc2a922b3e31dae7648c547fca2ac2587625 removed the #elementsUSB anchor
	but did not update the links to point to the new section #elementsHostDev.

2013-06-28  Daniel P. Berrange  <berrange@redhat.com>

	Conditionalize use of IF_MAXUNIT in virnetdevtap.c
	The IF_MAXUNIT macro is not present on all BSDs, so
	make its use conditional, to avoid breaking OS-X.

	Replace use of 'in_addr_t' with 'struct in_addr'
	The 'in_addr_t' typedef is not present in Mingw64 headers.
	Instead we can use the more portable 'struct in_addr' and
	then access its 's_addr' field.

2013-06-28  Doug Goldstein  <cardoe@cardoe.com>

	Allow RO connections to interface udev backend
	The udev based interface backend did not allow querying data over a
	read-only connection which is different than how the netcf backend
	operates. This brings the behavior inline with the default, netcf
	backend.

2013-06-28  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	build: Fix VPATH build for access/*
	VPATH build failed for the generated access driver files.

2013-06-28  Dennis Chen  <xschen@tnsoft.com.cn>

	Fix vPort management: FC vHBA creation
	When creating a virtual FC HBA with virsh/libvirt API, an error message
	will be returned: "error: Node device not found",
	also the 'nodedev-dumpxml' shows wrong information of wwpn & wwnn
	for the new created device.
	Signed-off-by: xschen@tnsoft.com.cn
	This reverts f90af69 which switched wwpn & wwwn in the wrong place.
	https://www.kernel.org/doc/Documentation/scsi/scsi_fc_transport.txt

2013-06-28  Laine Stump  <laine@laine.org>

	util: fix build error on non-Linux systems
	Building on FreeBSD had this linker error:
	/work/a/ports/devel/libvirt/work/libvirt-1.1.0/src/.libs/libvirt.so:
	   undefined reference to `virPCIDeviceAddressParse'
	This was caused by the new use of virPCIDeviceAddressParse in a
	portion of virpci.c that wasn't linux-only (in commit 72c029d8). The
	problem was that virPCIDeviceAddressParse had originally been defined
	inside #ifdef _linux (because it was only used by another function
	that was inside the same ifdef).
	The solution is to move it out to the part of virpci.c that is
	compiled on all platforms.
	(Because the portion that was "moved" was 40-50 lines, but only moved
	up by 15 lines, the diff for the patch is less than non-informative -
	rather than showing that part that I moved, it shows the bit that was
	previously before the moved part, and now sits *after* it.)

2013-06-28  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	conf: Swap order of AddImplicitControllers and DomainDefPostParse
	Implicit controllers may be dependent on device definitions altered
	in a post-parse callback. Specifically, if a console device is
	defined without the target type, the type will be set in QEMU's
	callback. In the case of s390, this is virtio, which requires
	an implicit virtio-serial controller.

	S390: Testcase for console default target type (virtio)
	For s390 the default console target type is virtio. This also requires
	that an implicit virtio-serial controller is instantiated.
	This testcase verifies that the target type of virtio is correctly set
	in the generated XML if no target element was given and that the
	corresponding virtio-serial element is generated too.

2013-06-27  xuzhang  <xuzhang@redhat.com>

	virsh: Add parenthesis into virsh nodedev-detach help

2013-06-27  Ján Tomko  <jtomko@redhat.com>

	bridge: don't crash on bandwidth unplug with no bandwidth
	If networkUnplugBandwidth is called on a network which has
	no bandwidth defined, print a warning instead of crashing.
	This can happen when destroying a domain with bandwidth if
	bandwidth was removed from the network after the domain was
	started.
	https://bugzilla.redhat.com/show_bug.cgi?id=975359

2013-06-27  Laine Stump  <laine@laine.org>

	nodedev: add iommuGroup to node device object
	This includes adding it to the nodedev parser and formatter, docs, and
	test.
	An example of the new iommuGroup element that is a part of the output
	from "virsh nodedev-dumpxml" (virNodeDeviceGetXMLDesc()):
	  <device>
	    <name>pci_0000_02_00_1</name>
	    <capability type='pci'>
	    ...
	      <iommuGroup number='12'>
	        <address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
	        <address domain='0x0000' bus='0x02' slot='0x00' function='0x1'/>
	      </iommuGroup>
	    </capability>
	  </device>

	pci: new iommu_group functions
	Any device which belongs to an "IOMMU group" (used by vfio) will
	have links to all devices of its group listed in
	/sys/bus/pci/$device/iommu_group/devices;
	/sys/bus/pci/$device/iommu_group is actually a link to
	/sys/kernel/iommu_groups/$n, where $n is the group number (there
	will be a corresponding device node at /dev/vfio/$n once the
	devices are bound to the vfio-pci driver)
	The following functions are added:
	virPCIDeviceGetIOMMUGroupList
	  Gets a virPCIDeviceList with one virPCIDeviceList for each device
	  in the same IOMMU group as the provided virPCIDevice (a copy of the
	  original device object is included in the list.
	virPCIDeviceAddressIOMMUGroupIterate
	  Calls the function @actor once for each device in the group that
	  contains the given virPCIDeviceAddress.
	virPCIDeviceAddressGetIOMMUGroupAddresses
	  Fills in a virPCIDeviceAddressPtr * with an array of
	  virPCIDeviceAddress, one for each device in the iommu group of the
	  provided virPCIDeviceAddress (including a copy of the original).
	virPCIDeviceAddressGetIOMMUGroupNum
	  Returns the group number as an int (a valid group number will always
	  be 0 or greater).  If there is no iommu_group link in the device's
	  directory (usually indicating that vfio isn't loaded), -2 will be
	  returned. On any real error, -1 will be returned.

2013-06-26  Ján Tomko  <jtomko@redhat.com>

	Plug leak in virCgroupMoveTask
	We only break out of the while loop if *content is an empty string.
	However the buffer has been allocated to BUFSIZ + 1 (8193 in my case),
	but it gets overwritten in the next for iteration.
	Move VIR_FREE right before we overwrite it to avoid the leak.
	==5777== 16,386 bytes in 2 blocks are definitely lost in loss record 1,022 of 1,027
	==5777==    by 0x5296E28: virReallocN (viralloc.c:184)
	==5777==    by 0x52B0C66: virFileReadLimFD (virfile.c:1137)
	==5777==    by 0x52B0E1A: virFileReadAll (virfile.c:1199)
	==5777==    by 0x529B092: virCgroupGetValueStr (vircgroup.c:534)
	==5777==    by 0x529AF64: virCgroupMoveTask (vircgroup.c:1079)
	Introduced by 83e4c77.
	https://bugzilla.redhat.com/show_bug.cgi?id=978352

	Fix invalid read in virCgroupGetValueStr
	Don't check for '\n' at the end of file if zero bytes were read.
	Found by valgrind:
	==404== Invalid read of size 1
	==404==    at 0x529B09F: virCgroupGetValueStr (vircgroup.c:540)
	==404==    by 0x529AF64: virCgroupMoveTask (vircgroup.c:1079)
	==404==    by 0x1EB475: qemuSetupCgroupForEmulator (qemu_cgroup.c:1061)
	==404==    by 0x1D9489: qemuProcessStart (qemu_process.c:3801)
	==404==    by 0x18557E: qemuDomainObjStart (qemu_driver.c:5787)
	==404==    by 0x190FA4: qemuDomainCreateWithFlags (qemu_driver.c:5839)
	Introduced by 0d0b409.
	https://bugzilla.redhat.com/show_bug.cgi?id=978356

2013-06-26  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Fix sample TPM XML
	Fix an error in the sample TPM XML.

2013-06-26  Laine Stump  <laine@laine.org>

	network: allow <vlan> in type='hostdev' networks
	Although SRIOV network cards support setting a vlan tag on their
	virtual functions, and although setting this vlan tag via a <vlan>
	element in a domain's <interface> works, setting a vlan tag for these
	devices in a <network> definition, or in a network <portgroup>
	definition is also supposed to work (and the comment that validates
	<vlan> usage even says that!). However, the check to allow it only
	checked for an openvswitch network, so attempts to add <vlan> to a
	network of type='hostdev' would fail.

	docs: correct and update network vlan example
	Somehow I put an example of a domain interface with a <vlan> element
	into the network documentation.
	This patch replaces that with an example of a network definition that
	has a vlan element with trunk='yes', multiple tags, and even the new
	nativeMode attribute. It also includes a <portgroup> that has a vlan
	defined.

	test: include qemuhotplugtest data files in source rpm
	commit 0fc12bca added a new test called qemuhotplugtest which has
	several data files in tests/qemuhotplugtestdata, but didn't add that
	directory to EXTRA_DIST in the tests Makefile.am, so the make check
	done during a make rpm was failing due to missing data files.

	qemu: fix infinite loop in OOM error path
	A loop in qemuPrepareHostdevPCIDevices() intended to cycle through all
	the objects on the list pcidevs was doing "while (listcount > 0)", but
	nothing in the body of the loop was reducing the size of the list - it
	was instead removing items from a *different* list. It has now been
	safely changed to a for() loop.

	pci: fix dangling pointer in qemuDomainReAttachHostdevDevices
	(This isn't as bad as it sounds - it's only a problem in case of an
	OOM error.)
	qemuGetActivePciHostDeviceList() had been creating a list that
	contained pointers to objects that were also on the activePciHostdevs
	list. In case of an OOM error, this newly created list would be
	virObjectUnref'ed, which would cause everything on the list to be
	freed. But all of those objects would still be on the
	activePciHostdevs list, which could have very bad consequences if that
	list was ever again accessed.
	The solution used here is to populate the new list with *copies* of
	the objects from the original list. It turns out that on return from
	qemuGetActivePciHostDeviceList(), the caller would almost immediately
	go through all the device objects and "steal" them (i.e. remove the
	pointer from the list but not delete it) all from either one list or
	the other; we now instead just *delete* (remove from the list and
	free) each device from one list or the other, so in the end we have
	the same state.

	pci: eliminate leak in OOM condition
	The "fix" I pushed a few commits ago would still leak a virPCIDevice
	in case of an OOM error. Although it's inconsequential in practice,
	this patch satisfies my OCD.

	pci: virPCIDeviceListAddCopy API
	Make a copy of the device and add the copy to the
	list. (virPCIDeviceListAdd() adds the original object to the list
	instead).

	pci: update stubDriver name in virPCIDeviceBindToStub
	If the device is bound to a stub driver different from what is saved
	in the virPCIDevice's stubDriver attribute, update it.

	pci: eliminate repetitive path constructions in virPCIDeviceBindToStub
	The same strings were being re-created multiple times just to save
	declaring a new variable. In the meantime, the use of the generic
	variable names led to confusion when trying to follow the code. This
	patch creates strings for:
	 stubDriverName  (was called "driver" in original args)
	 stubDriverPath  ("/sys/bus/pci/drivers/${stubDriverName}")
	 driverLink      ("${device}/driver")
	 oldDriverName   (the final component of path linked to by
	                  "${device}/driver")
	 oldDriverPath   ("/sys/bus/pci/drivers/${oldDriverName}")
	then re-uses them as necessary.

	pci: rename virPCIParseDeviceAddress and make it public
	This function has utility outside of virpci.c, so make it public.
	Also the name didn't fit convention, so change it to
	virPCIDeviceAddressParse.

	pci: rename virPCIDeviceGetVFIOGroupDev to virPCIDeviceGetIOMMUGroupDev
	I realized after the fact that it's probably better in the long run to
	give this function a name that matches the name of the link used in
	sysfs to hold the group (iommu_group).
	I'm changing it now because I'm about to add several more functions
	that deal with iommu groups.

	pci: eliminate unused driver arg from virPCIDeviceDetach
	The driver arg to virPCIDeviceDetach is no longer used (the name of the stub driver is now set in the virPCIDevice object, and virPCIDeviceDetach retrieves it from there). Remove it.

	util: fix bug found by Coverity
	Commit 861d40565 added code (my personal change to "clean up" the
	submitter's code, *not* the fault of the submitter) that dereferenced
	virtVlan without first checking for NULL. This patch fixes that and,
	as part of the fix, cleans up some unnecessary obtuseness.

2013-06-25  Michal Privoznik  <mprivozn@redhat.com>

	tests: Introduce qemuhotplugtest
	As my punishment for the break in 7f15ebc7 (fixed in 752596b5dd) I'm
	introducing this test to make sure it won't happen again. Currently,
	only test for <graphics/> is supported.

2013-06-25  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Implement support for VIR_MIGRATE_PARAM_GRAPHICS_URI

	Implement extensible migration APIs in qemu driver

	qemu: Move internals of Confirm phase to qemu_migration.c

	qemu: Move common parts of Prepare phase to qemu_migration.c

	qemu: Move internals of Begin phase to qemu_migration.c

	Fix possible NULL dereference during migration

2013-06-25  Ján Tomko  <jtomko@redhat.com>

	Use 1.1.0 everywhere in the documentation
	Since we already have the v1.1.0-rc1 tag in git.

	virsh: edit: don't leak XML string on reedit or redefine
	Free the old XML strings before overwriting them if the user
	has chosen to reedit the file or force the redefinition.
	Found by Alex Jia trying to reproduce another bug:
	https://bugzilla.redhat.com/show_bug.cgi?id=977430#c3

2013-06-25  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix units in virNetDevBridgeSetSTPDelay on BSD
	virNetDevBridgeSetSTPDelay accepts delay in milliseconds,
	but BSD implementation was expecting seconds. Therefore,
	it was working correctly only with delay == 0.

2013-06-25  Daniel Veillard  <veillard@redhat.com>

	Add polkit policy for API checks to rpm spec

2013-06-25  james robson  <jrobson@websense.com>

	Configure native vlan modes on Open vSwitch ports
	This patch adds functionality to allow libvirt to configure the
	'native-tagged' and 'native-untagged' modes on openvswitch networks.

2013-06-25  Laine Stump  <laine@laine.org>

	qemu: don't reset PCI devices being assigned with VFIO
	I just learned that VFIO resets PCI devices when they are assigned to
	guests / returned to the host, so it is redundant for libvirt to reset
	the devices. This patch inhibits calling virPCIDeviceReset to devices
	that will be/were assigned using VFIO.

2013-06-25  Jiri Denemark  <jdenemar@redhat.com>

	Introduce VIR_MIGRATE_PARAM_GRAPHICS_URI parameter
	The parameter specifies connection parameters to use for migrating
	client's connection to domain's graphical console.

	virsh: Use extensible migration APIs

	python: Add bindings for extensible migration APIs
	The patch implements wrappers for virDomainMigrate3 and
	virDomainMigrateToURI3.

	Extensible migration APIs
	This patch introduces two new APIs virDomainMigrate3 and
	virDomainMigrateToURI3 that may be used in place of their older
	variants. These new APIs take optional migration parameters (such as
	bandwidth, domain XML, ...) in an array of virTypedParameters, which
	makes adding new parameters easier as there's no need to introduce new
	APIs whenever a new migration parameter needs to be added. Both APIs are
	backward compatible and will automatically use older migration calls in
	case the new calls are not supported as long as the typed parameters
	array does not contain any parameter which was not supported by the
	older calls.

	Adapt virDomainMigratePeer2Peer for extensible migration APIs

	Adapt virDomainMigrateVersion3 for extensible migration APIs

	Implement extensible migration APIs in remote driver

	New internal migration APIs with extensible parameters
	This patch implements extensible variants of all internal migration APIs
	used for v3 migration.

	Introduce migration parameters
	To be used by new migration APIs with extensible set of parameters.

	Introduce virTypedParamsCopy internal API

	Log input type parameters in API entry points

	Introduce VIR_TYPED_PARAMS_DEBUG macro for dumping typed params
	All APIs that take typed parameters are only using params address in
	their entry point debug messages. With the new VIR_TYPED_PARAMS_DEBUG
	macro, all functions can easily log all individual typed parameters
	passed to them.

	Introduce virTypedParamsReplaceString internal API

	Introduce virTypedParamsCheck internal API
	This API is useful for checking whether only a specific subset of
	supported typed parameters were passed.

	util: Emit proper error code in virTypedParamsValidate
	When unsupported parameter is passed to virTypedParamsValidate,
	VIR_ERR_ARGUMENT_UNSUPPORTED should be returned rather than
	VIR_ERR_INVALID_ARG, which is more appropriate for supported parameters
	used incorrectly.

	Rename virTypedParameterArrayValidate as virTypedParamsValidate

	build: Fix check-aclrules in VPATH build

2013-06-25  Laine Stump  <laine@laine.org>

	pci: make virPCIDeviceDetach consistent in behavior
	virPCIDeviceDetach would previously sometimes consume the input device
	object (to put it on the inactive list) and sometimes not. Avoiding
	memory leaks required checking beforehand to see if the device was
	already on the list, and freeing the device object in the caller only
	if there wasn't already an identical object on the inactive list.
	This patch makes it consistent - virPCIDeviceDetach will *never*
	consume the input virPCIDevice object; if it needs to put one on the
	inactive list, it will create a copy and put *that* on the list. This
	way the caller knows that it is always their responsibility to free
	the device object they created.

	pci: eliminate memory leak in virPCIDeviceReattach
	virPCIDeviceReattach was making the assumption that the dev object
	given to it was one and the same with the dev object on the
	inactiveDevs list. If that had been the case, it would not need to
	free the dev object it removed from the inactive list, because the
	caller of virPCIDeviceReattach always frees the dev object that it
	passes in. Since the dev object passed in is *never* the same object
	that's on the list (it is a different object with the same name and
	attributes, created just for the purpose of searching for the actual
	object), simply doing a "ListSteal" to remove the object from the list
	results in one leaked object; we need to actually free the object
	after removing it from the list.

	pci: new utility functions
	* virPCIDeviceFindByIDs - find a device on a list w/o creating an object
	    This makes searching for an existing device on a list lighter weight.
	* virPCIDeviceCopy - make a copy of an existing virPCIDevice object.
	* virPCIDeviceGetDriverPathAndName - construct new strings containing
	    1) the name of the driver bound to this device.
	    2) the full path to the sysfs config for that driver.
	    (This code was lifted from virPCIDeviceUnbindFromStub, and replaced
	    there with a call to this new function).

	pci: change stubDriver from const char* to char*
	Previously stubDriver was always set from a string literal, so it was
	okay to use a const char * that wasn't freed when the virPCIDevice was
	freed. This will not be the case in the near future, so it is now a
	char* that is allocated in virPCIDeviceSetStubDriver() and freed
	during virPCIDeviceFree().

	syntax: virPCIDeviceFree is also a NOP for NULL args
	add it to the syntax-check list and fix the one offending caller.

2013-06-24  Jim Fehlig  <jfehlig@suse.com>

	libxl: support qdisk backend
	libxl supports the LIBXL_DISK_BACKEND_QDISK disk backend, where qemu
	is used to provide the disk backend.  This patch simply maps the
	existing <driver name='qemu'/> to LIBXL_DISK_BACKEND_QDISK.

	libxl: Fix disk format error message
	Specifying an unsupported disk format with the tap driver resulted in
	a less than helpful error message
	error: Failed to start domain test-hvm
	error: internal error libxenlight does not support disk driver qed
	Change the message to state that the qed format is not supported by
	the tap driver, e.g.
	error: Failed to start domain test-hvm
	error: internal error libxenlight does not support disk format qed
	with disk driver tap
	While at it, check for unsupported formats in the other driver
	backends.

2013-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Add validation that all APIs contain ACL checks
	Add a script which parses the driver API code and validates
	that every API registered in a virNNNDriverPtr table contains
	an ACL check matching the API name.
	NB this currently whitelists a few xen driver functions
	which are temporarily lacking in access control checks.
	The xen driver is considered insecure until these are
	fixed.

	Set process ID in system identity
	When creating a virIdentityPtr for the system identity, include
	the current process ID as an attribute.

	Add ACL checks into the secrets driver
	Insert calls to the ACL checking APIs in all secrets driver
	entrypoints.

	Add ACL checks into the nwfilter driver
	Insert calls to the ACL checking APIs in all nwfilter driver
	entrypoints.

	Add ACL checks into the node device driver
	Insert calls to the ACL checking APIs in all node device
	driver entrypoints.

	Add ACL checks into the interface driver
	Insert calls to the ACL checking APIs in all interface
	driver entrypoints.

	Add ACL checks into the network driver
	Insert calls to the ACL checking APIs in all network driver
	entrypoints.

	Add ACL checks into the storage driver
	Insert calls to the ACL checking APIs in all storage driver
	entrypoints.

	Add ACL checks into the libxl driver
	Insert calls to the ACL checking APIs in all libxl driver
	entrypoints.

	Add ACL checks into the Xen driver
	Insert calls to the ACL checking APIs in all Xen driver
	entrypoints.

	Add ACL checks into the UML driver
	Insert calls to the ACL checking APIs in all UML driver
	entrypoints.

	Add ACL checks into the LXC driver
	Insert calls to the ACL checking APIs in all LXC driver
	entrypoints.

	Add ACL checks into the QEMU driver
	Insert calls to the ACL checking APIs in all QEMU driver
	entrypoints.

	Auto-generate helpers for checking access control rules
	Extend the 'gendispatch.pl' script to be able to generate
	three new types of file.
	- 'aclheader' - defines signatures of helper APIs for
	  doing authorization checks. There is one helper API
	  for each API requiring an auth check. Any @acl
	  annotations result in a method being generated with
	  a suffix of 'EnsureACL'. If the ACL check requires
	  examination of flags, an extra 'flags' param will be
	  present. Some examples
	  extern int virConnectBaselineCPUEnsureACL(void);
	  extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain);
	  extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, unsigned int flags);
	  Any @aclfilter annotations resuilt in a method being
	  generated with a suffix of 'CheckACL'.
	  extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain);
	  These are used for filtering individual objects from APIs
	  which return a list of objects
	- 'aclbody' - defines the actual implementation of the
	  methods described above. This calls into the access
	  manager APIs. A complex example:
	    /* Returns: -1 on error (denied==error), 0 on allowed */
	    int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn,
	                                            virDomainDefPtr domain,
	                                            unsigned int flags)
	    {
	        virAccessManagerPtr mgr;
	        int rv;
	        if (!(mgr = virAccessManagerGetDefault()))
	            return -1;
	        if ((rv = virAccessManagerCheckDomain(mgr,
	                                              conn->driver->name,
	                                              domain,
	                                              VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 0) {
	            virObjectUnref(mgr);
	            if (rv == 0)
	                virReportError(VIR_ERR_ACCESS_DENIED, NULL);
	            return -1;
	        }
	        if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) &&
	            (rv = virAccessManagerCheckDomain(mgr,
	                                              conn->driver->name,
	                                              domain,
	                                              VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
	            virObjectUnref(mgr);
	            if (rv == 0)
	                virReportError(VIR_ERR_ACCESS_DENIED, NULL);
	            return -1;
	        }
	        if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == (VIR_DOMAIN_AFFECT_CONFIG)) &&
	            (rv = virAccessManagerCheckDomain(mgr,
	                                              conn->driver->name,
	                                              domain,
	                                              VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
	            virObjectUnref(mgr);
	            if (rv == 0)
	                virReportError(VIR_ERR_ACCESS_DENIED, NULL);
	            return -1;
	        }
	        virObjectUnref(mgr);
	        return 0;
	    }
	- 'aclsyms' - generates a linker script to export the
	   APIs to drivers. Some examples
	  virConnectBaselineCPUEnsureACL;
	  virConnectCompareCPUEnsureACL;

	Add ACL annotations to all RPC messages
	Introduce annotations to all RPC messages to declare what
	access control checks are required. There are two new
	annotations defined:
	 @acl: <object>:<permission>
	 @acl: <object>:<permission>:<flagname>
	  Declare the access control requirements for the API. May be repeated
	  multiple times, if multiple rules are required.
	    <object> is one of 'connect', 'domain', 'network', 'storagepool',
	             'interface', 'nodedev', 'secret'.
	    <permission> is one of the permissions in access/viraccessperm.h
	    <flagname> indicates the rule only applies if the named flag
	    is set in the API call
	 @aclfilter: <object>:<permission>
	  Declare an access control filter that will be applied to a list
	  of objects being returned by an API. This allows the returned
	  list to be filtered to only show those the user has permissions
	  against

	Add a policy kit access control driver
	Add an access control driver that uses the pkcheck command
	to check authorization requests. This is fairly inefficient,
	particularly for cases where an API returns a list of objects
	and needs to check permission for each object.
	It would be desirable to use the polkit API but this links
	to glib with abort-on-OOM behaviour, so can't be used. The
	other alternative is to speak to dbus directly

	Setup default access control manager in libvirtd
	Add a new 'access_drivers' config parameter to the libvirtd.conf
	configuration file. This allows admins to setup the default
	access control drivers to use for API authorization. The same
	driver is to be used by all internal drivers & APIs

	Set conn->driver before running driver connectOpen method
	The access control checks in the 'connectOpen' driver method
	will require 'conn->driver' to be non-NULL. Set this before
	running the 'connectOpen' method and NULL-ify it again on
	failure.

	Define basic internal API for access control
	This patch introduces the virAccessManagerPtr class as the
	interface between virtualization drivers and the access
	control drivers. The viraccessperm.h file defines the
	various permissions that will be used for each type of object
	libvirt manages

2013-06-24  Ján Tomko  <jtomko@redhat.com>

	qemu: check if block I/O limits fit into long long
	We can only pass values up to LLONG_MAX through JSON
	and QEMU checks if the int64_t number is not negative
	at startup since 1.5.0.
	https://bugzilla.redhat.com/show_bug.cgi?id=974010

	Get rid of useless VIR_STORAGE_FILE_FEATURE_NONE
	It's not used anywhere except for the switch in
	virStorageBackendCreateQemuImgOpts, where leaving it in causes
	a dead code coverity warning and omitting it breaks compilation
	because of unhandled enum value.
	Introduced by 6298f74.

2013-06-22  Ján Tomko  <jtomko@redhat.com>

	netdev: accept NULL in virNetDevSetupControl
	Commit b9c6b073 dropped the version of virNetDevSetupControl
	that didn't check for NULL arguments, but we call it like that
	in virNetDevBridgeDelete.

2013-06-22  Jim Fehlig  <jfehlig@suse.com>

	xen: Implement virConnectGetSysinfo
	virConnectGetSysinfo was never implemented in the legacy xen driver.
	This patch provides an implementation based on the qemu driver.

	libxl: Implement virConnectGetSysinfo
	virConnectGetSysinfo was never implemented in the libxl driver.
	This patch provides an implementation based on the qemu driver.

	libxl: Allow libxl to set NIC devid
	libxl contains logic to determine an appropriate devid for new devices
	that do not specify one in their configuration.  For all device types
	except NICs, the libxl driver allows libxl to determine devid.  Do the
	same for NICs.

2013-06-21  Ján Tomko  <jtomko@redhat.com>

	storage: add support for creating qcow2 images with extensions
	Add -o compat= and -o lazy_refcounts options for qemu-img.

	conf: add features to volume target XML
	Add <features> and <compat> elements to volume target XML.
	<compat> is a string which for qcow2 represents the QEMU version
	it should be compatible with. Valid values are 0.10 and 1.1.
	1.1 is implicit if the <features> element is present, otherwise
	qemu-img default is used. 0.10 can be specified to explicitly
	create older images after the qemu-img default changes.
	<features> contains optional features, so far
	<lazy_refcounts/> is available, which enables caching of reference
	counters, improving performance for snapshots.

	util: add support for qcow2v3 image detection
	Detect qcow2 images with version 3 in the image header as
	VIR_STORAGE_FILE_QCOW2.
	These images have a feature bitfield, with just one feature supported
	so far: lazy_refcounts.
	The header length changed too, moving the location of the backing
	format name.

	qemu: add hv_vapic and hv_spinlocks support
	XML:
	<features>
	  <hyperv>
	    <vapic state='on'/>
	    <spinlocks state='on' retries='4096'/>
	  </hyperv>
	</features>
	results in the following QEMU command line:
	qemu -cpu <cpu_model>,hv_vapic,hv_spinlocks=0x1000
	https://bugzilla.redhat.com/show_bug.cgi?id=784836

	conf: add vapic and spinlocks to hyperv features
	Add new CPU features for HyperV:
	vapic for virtual APIC support
	spinlocks for setting spinlock support
	<features>
	  <hyperv>
	    <vapic state='on'/>
	    <spinlocks state='on' retries='4096'/>
	  </hyperv>
	</features>
	https://bugzilla.redhat.com/show_bug.cgi?id=784836

2013-06-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	BSD: implement bridge add/remove port and set STP

	BSD: implement virNetDevBridgeCreate() and virNetDevBridgeDelete()
	Implementation uses SIOCIFCREATE2 and SIOCIFDESTROY ioctls.
	Also, drop static virNetDevSetupControl() as we have
	public one avialable now.

2013-06-21  Osier Yang  <jyang@redhat.com>

	conf: Requires either uuid or usage of secret
	As the RNG schema for disk auth secret implies, it requires either
	"uuid" or "usage":
	  <define name='diskAuthSecret'>
	    <element name='secret'>
	      <attribute name='type'>
	        <choice>
	          <value>ceph</value>
	          <value>iscsi</value>
	        </choice>
	      </attribute>
	      <choice>
	        <attribute name='uuid'>
	          <ref name="UUID"/>
	        </attribute>
	        <attribute name='usage'>
	          <ref name='genericName'/>
	        </attribute>
	      </choice>
	    </element>
	  </define>

2013-06-21  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Make probing for commands declarative

	qemu: Make probing for events declarative

2013-06-21  Jim Fehlig  <jfehlig@suse.com>

	build: Fix build with -Werror
	Commit 752596b5 broke the build with -Werror
	qemu/qemu_hotplug.c: In function 'qemuDomainChangeGraphics':
	qemu/qemu_hotplug.c:1980:39: error: declaration of 'listen' shadows a
	  global declaration [-Werror=shadow]
	Fix with s/listen/newlisten/

2013-06-21  Laine Stump  <laine@laine.org>

	network: increase max number of routes
	This fixes the problem reported in:
	   https://bugzilla.redhat.com/show_bug.cgi?id=972690
	When checking for a collision of a new libvirt network's subnet with
	any existing routes, we read all of /proc/net/route into memory, then
	parse all the entries. The function that we use to read this file
	requires a "maximum length" parameter, which had previously been set
	to 64*1024. As each line in /proc/net/route is 128 bytes, this would
	allow for a maximum of 512 entries in the routing table.
	This patch increases that number to 128 * 100000, which allows for
	100,000 routing table entries. This means that it's possible that 12MB
	would be allocated, but that would only happen if there really were
	100,000 route table entries on the system, it's only held for a very
	short time.
	Since there is no method of specifying and unlimited max (and that
	would create a potential denial of service anyway) hopefully this
	limit is large enough to accomodate everyone.

2013-06-21  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	libxl: support paused domain restore in virDomainRestoreFlags

2013-06-21  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainChangeGraphics: Check listen address change by listen type
	Currently, we have a bug when updating a graphics device. A graphics device can
	have a listen address set. This address is either defined by user (in which case
	it's type is VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_ADDRESS) or it can be inherited
	from a network (in which case it's type is
	VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_NETWORK). However, in both cases we have a
	listen address to process (e.g. during migration, as I've tried to fix in
	7f15ebc7).
	Later, when a user tries to update the graphics device (e.g. set a password),
	we check if listen addresses match the original as qemu doesn't know how to
	change listen address yet. Hence, users are required to not change the listen
	address. The implementation then just dumps listen addresses and compare them.
	Previously, while dumping the listen addresses, NULL was returned for NETWORK.
	After my patch, this is no longer true, and we get a listen address for olddev
	even if it is a type of NETWORK. So we have a real string on one side, the NULL
	from user's XML on the other side and hence we think user wants to change the
	listen address and we refuse it.
	Therefore, we must take the type of listen address into account as well.

2013-06-21  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	libxl: initialize device structures
	Do not leave uninitialized variables, not all parameters are set in
	libxlMake*.

2013-06-20  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	libxl: populate xenstore memory entries at startup, handle dom0_mem
	libxl uses some xenstore entries for hints in memory management
	(especially when starting new domain). This includes dom0 memory limit
	and Xen free memory margin, based on current system state. Entries are
	created at first function usage, so force such call at daemon startup,
	which most likely will be before any domain startup.
	Also prevent automatic memory management if dom0_mem= option passed to
	xen hypervisor - it is known to be incompatible with autoballoon.

2013-06-20  John Ferlan  <jferlan@redhat.com>

	lxc: Resolve issue with GetScheduler APIs for non running domain
	As a consequence of the cgroup layout changes from commit 'cfed9ad4', the
	lxcDomainGetSchedulerParameters[Flags]()' and lxcGetSchedulerType() APIs
	failed to return data for a non running domain.  This can be seen through
	a 'virsh schedinfo <domain>' command which returns:
	Scheduler      : Unknown
	error: Requested operation is not valid: cgroup CPU controller is not mounted
	Prior to that change a non running domain would return:
	Scheduler      : posix
	cpu_shares     : 0
	vcpu_period    : 0
	vcpu_quota     : 0
	emulator_period: 0
	emulator_quota : 0
	This patch will restore the capability to return configuration only data
	for a non running domain regardless of whether cgroups are available.

	qemu: Resolve issue with GetScheduler APIs for non running domain
	As a consequence of the cgroup layout changes from commit '632f78ca', the
	qemuDomainGetSchedulerParameters[Flags]()' and qemuGetSchedulerType() APIs
	failed to return data for a non running domain.  This can be seen through
	a 'virsh schedinfo <domain>' command which returns:
	Scheduler      : Unknown
	error: Requested operation is not valid: cgroup CPU controller is not mounted
	Prior to that change a non running domain would return:
	Scheduler      : posix
	cpu_shares     : 0
	vcpu_period    : 0
	vcpu_quota     : 0
	emulator_period: 0
	emulator_quota : 0
	This patch will restore the capability to return configuration only data
	for a non running domain regardless of whether cgroups are available.

2013-06-19  Ján Tomko  <jtomko@redhat.com>

	conf: split out snapshot disk XML formatting
	Just to reduce the indentation levels. Remove the unneeded
	NULL check for disk->file, as virBufferEscapeString doesn't
	print anything with NULL arguments.

	storage: rework qemu-img command line generation
	Split out option string generation to make adding new options easier
	and simplify the code.

	util: switch virBufferTrim to void
	We don't care whether the trim was succesful or not anywhere
	except the tests.
	Switch it to void and set the buffer error on wrong usage.

2013-06-18  Peter Krempa  <pkrempa@redhat.com>

	migration: Don't propagate VIR_MIGRATE_ABORT_ON_ERROR
	This flag is meant for errors happening on the source of the migration
	and isn't used on the destination. To allow better migration
	compatibility, don't propagate it to the destination.

	migration: Make erroring out on I/O error controllable by flag
	Paolo Bonzini pointed out that it's actually possible to migrate a qemu
	instance that was paused due to I/O error and it will be able to work on
	the destination if the storage is accessible.
	This patch introduces flag VIR_MIGRATE_ABORT_ON_ERROR that cancels the
	migration in case an I/O error happens while it's being performed and
	allows migration without this flag. This flag can be possibly used for
	other error reasons that may be introduced in the future.

2013-06-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid leaking uri in qemuMigrationPrepareDirect

2013-06-18  Michal Privoznik  <mprivozn@redhat.com>

	qemu_migration: Move waiting for SPICE migration
	Currently, we wait for SPICE to migrate in the very same loop where we
	wait for qemu to migrate. This has a disadvantage of slowing seamless
	migration down. One one hand, we should not kill the domain until all
	SPICE data has been migrated.  On the other hand, there is no need to
	wait in the very same loop and hence slowing down 'cont' on the
	destination. For instance, if users are watching a movie, they can
	experience the movie to be stopped for a couple of seconds, as
	processors are not running nor on src nor on dst as libvirt waits for
	SPICE to migrate. We should move the waiting phase to migration CONFIRM
	phase.

2013-06-18  Cole Robinson  <crobinso@redhat.com>

	spec: Enable KVM support on ARM
	F20/rawhide has support for this.
	From: Peter Robinson <pbrobinson@gmail.com>

2013-06-18  Osier Yang  <jyang@redhat.com>

	virsh: Support SCSI_GENERIC cap flag for nodedev-list
	Document for nodedev-list is also updated.

	nodedev: Support SCSI_GENERIC cap flag for listAllNodeDevices

	nodedev_hal: Enumerate scsi generic device
	The xml outputed by HAL backend for scsi generic device:
	<device>
	  <name>pci_8086_2922_scsi_host_scsi_device_lun0_scsi_generic</name>
	  <path>/sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/scsi_generic/sg0</path>
	  <parent>pci_8086_2922_scsi_host_scsi_device_lun0</parent>
	  <capability type='scsi_generic'>
	    <char>/dev/sg0</char>
	  </capability>
	</device>

	nodedev_udev: Enumerate scsi generic device
	Since scsi generic device doesn't have DEVTYPE property set, the
	only way to know if it's a  scsi generic device or not is to read
	the "SUBSYSTEM" property.
	The XML of the scsi generic device will be like:
	<device>
	  <name>scsi_generic_sg0</name>
	  <path>/sys/devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/scsi_generic/sg0</path>
	  <parent>scsi_0_0_0_0</parent>
	  <capability type='scsi_generic'>
	    <char>/dev/sg0</char>
	  </capability>
	</device>

2013-06-18  Guannan Ren  <gren@redhat.com>

	qemu: set QEMU_CAPS_DEVICE_VIDEO_PRIMARY cap flag in QMP detection
	When qemu >= 1.20, it is safe to use -device for primary video
	device as described in 4c993d8ab.
	So, we are missing the cap flag in QMP capabilities detection, this
	flag can be initialized safely in virQEMUCapsInitQMPBasic.

2013-06-18  Osier Yang  <jyang@redhat.com>

	nodedev_udev: changes missed by commit 1aa0ba3cef

	nodedev_udev: Refactor udevGetDeviceType
	Checking if the "devtype" is NULL along with each "if" statements
	is bad. It wastes the performance, and also not good for reading.
	And also when the "devtype" is NULL, the logic is also not clear.
	This reorgnizes the logic of with "if...else" and a bunch of "else if".
	Other changes:
	   * Change the function style.
	   * Remove the useless debug statement.
	   * Get rid of the goto
	   * New helper udevDeviceHasProperty to simplify the logic for checking
	     if a property is existing for the device.
	   * Add comment to clarify "PCI devices don't set the DEVTYPE property"
	   * s/sysfs path/sysfs name/, as udev_device_get_sysname returns the
	     name instead of the full path. E.g. "sg0"
	   * Refactor the comment for setting VIR_NODE_DEV_CAP_NET cap type
	     a bit.

	nodedev: Expose sysfs path of device
	The name format is constructed by libvirt, it's not that clear to
	get what the device's sysfs path should be. This exposes the device's
	sysfs path by a new tag <path>.
	Since the sysfspath is filled during enumerating the devices by
	either udev or HAL. It's an output-only tag.

2013-06-17  Doug Goldstein  <cardoe@cardoe.com>

	Move virGetUserEnt() to where its needed
	In the first if case, virGetUserEnt() isn't necessary so don't bother
	calling it before determining we need it.

2013-06-14  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	BSD: implement virNetDevTapCreate() and virNetDevTapDelete()
	Implementation uses SIOCIFCREATE2 and SIOCIFDESTROY ioctls.

	Make virNetDevSetupControl() public.
	This method is useful not only in virnetdev.c.

	portability: use net/if.h instead of linux/if.h

2013-06-14  Ján Tomko  <jtomko@redhat.com>

	udev: fix crash in libudev logging
	Call virLogVMessage instead of virLogMessage, since libudev
	called us with a va_list object, not a list of arguments.
	Honor message priority and strip the trailing newline.
	https://bugzilla.redhat.com/show_bug.cgi?id=969152

2013-06-14  Richard Weinberger  <richard@nod.at>

	LXC: s/chroot/chdir in lxcContainerPivotRoot()
	...fixes a trivial copy&paste error.

2013-06-14  Peter Krempa  <pkrempa@redhat.com>

	remote: Fix client crash when URI path is empty when using ssh
	The parsed path in the URI may be NULL resulting into:
	  $ virsh -c qemu+ssh:// list
	  Segmentation fault (core dumped)
	Introduced by 22d81ceb46ea4b83ad817c29b2b04df27a09c671

	remote: Forbid default "/session" connections when using ssh transport
	Without the socket path explicitly specified, the remote driver tried to
	connect to the "/system" instance socket even if "/session" was
	specified in the uri. With this patch this configuration now produces an
	error.
	It is still possible to initiate a session connection with specifying
	the path to the socket manually and also manually starting the session
	daemon. This was also possible prior to this patch,
	This is a minimal fix. We may decide to support remote session
	connections using ssh but this will require changes to the remote driver
	code so this fix shouldn't cause regressions in the case we decide to do
	that.

2013-06-14  Frediano Ziglio  <frediano.ziglio@citrix.com>

	Implement dispose method for libxlDomainObjPrivate
	When creating a timer/event handler reference counting is used. So it could
	be possible (in theory) that libxlDomainObjPrivateFree is called with
	reference counting >1. The problem is that libxlDomainObjPrivateFree leave
	the object in an invalid state with ctx freed (but still having dandling
	pointer). This can lead timer/event handler to core.
	This patch implements a dispose method for libxlDomainObjPrivate, and moves
	freeing the libxl ctx to the dispose method, ensuring the ctx is valid while
	the object's reference count is > 0.

2013-06-14  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	libxl: allow only 'ethernet' and 'bridge' interfaces, allow script there
	Actually only those interface types are handled correctly so reject
	others instead of ignoring settings (i.e. treating as bridge/ethernet
	anyway).
	Also allow <script/> in 'ethernet' (which should be the only
	script-allowing type). Keep <script/> allowed in bridge to be compatible
	with legacy 'xen' driver.

2013-06-13  Ján Tomko  <jtomko@redhat.com>

	qemu: allow restore with non-migratable XML input
	Convert input XML to migratable before using it in
	qemuDomainSaveImageOpen.
	XML in the save image is migratable, i.e. doesn't contain implicit
	controllers. If these controllers were in a non-default order in the
	input XML, the ABI check would fail. Removing and re-adding these
	controllers fixes it.
	https://bugzilla.redhat.com/show_bug.cgi?id=834196

2013-06-12  Cole Robinson  <crobinso@redhat.com>

	configure: Remove unused brctl check
	brctl isn't used anywhere AFAICT

2013-06-12  Jim Fehlig  <jfehlig@suse.com>

	libxl: set bootloader for PV domains if not specified
	The legacy xen toolstack will set pygrub as the bootloader if not
	specified.  For compatibility, do the same in the libxl driver
	iff not using direct kernel boot.

	libxl: Report connect type as Xen
	Currently, the libxl driver reports a connection type of "xenlight".
	To be compatible with the legacy Xen driver, it should return "Xen".
	Note: I noticed this while testing the libxl driver on OpenStack.
	After switching my Xen compute nodes to use the libxl stack, I
	could no longer launch instances on those nodes since
	hypervisor_type was reported as "xenlight" instead of "xen".

2013-06-12  Claudio Bley  <cbley@av-test.de>

	schema: simplify RNG pattern, remove superfluous <optional>

2013-06-12  Ján Tomko  <jtomko@redhat.com>

	nodedev: fix vport detection for FC HBA
	Use the host number as the host number when constructing the sysfs path
	instead of the variable we are trying to fill.
	https://bugzilla.redhat.com/show_bug.cgi?id=973543

	libvirt_private.syms: add virProcessGetStartTime
	https://bugzilla.redhat.com/show_bug.cgi?id=973543

2013-06-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Forbid migration of machines with I/O errors
	Such machine can't be successuflly migrated unles the I/O error has
	recovered and might lead to data corruption. Forbid this kind of
	migration.

	qemu: Cancel migration if guest encoutners I/O error while migrating
	During a live migration the guest may receive a disk access I/O error.
	In this state the guest is unable to continue running on a remote host
	after migration as some state may be present in the kernel and not
	migrated.
	With this patch, the migration is canceled in such case so it can either
	continue on the source if the I/O issues are recovered or has to be
	destroyed anyways.

2013-06-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu_migrate: Dispose listen address if set from config
	https://bugzilla.redhat.com/show_bug.cgi?id=971485
	As of d7f9d827531bc843b7c5aa9d3e8c08738a1de248 we copy the listen
	address from the qemu.conf config file in case none has been provided
	via XML. But later, when migrating, we should not include such listen
	address in the migratable XML as it is something autogenerated, not
	requested by user. Moreover, the binding to the listen address will
	likely fail, unless the address is '0.0.0.0' or its IPv6 equivalent.
	This patch introduces a new boolean attribute to virDomainGraphicsListenDef
	to distinguish autofilled listen addresses. However, we must keep the
	attribute over libvirtd restarts, so it must be kept within status XML.

2013-06-11  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix memory leak in Prepare phase
	Avoid leaking virDomainDef if Prepare phase fails before it gets to
	qemuMigrationPrepareAny.

2013-06-11  Ján Tomko  <jtomko@redhat.com>

	selinux: assume 's0' if the range is empty
	This fixes a crash:
	https://bugzilla.redhat.com/show_bug.cgi?id=969878

2013-06-10  Cole Robinson  <crobinso@redhat.com>

	storage_backend: Drop unused code
	This has been disabled for years

2013-06-10  Michal Privoznik  <mprivozn@redhat.com>

	virSocketAddrIsWildcard: Use IN6_IS_ADDR_UNSPECIFIED correctly
	The IN6_IS_ADDR_UNSPECIFIED macro expects pointer to sin6_addr element
	instead of s6_addr element.

2013-06-10  Martin Kletzander  <mkletzan@redhat.com>

	storage: fix description of versionOffset

2013-06-10  Peter Krempa  <pkrempa@redhat.com>

	Fix commit 29c1e913e459058c12d02b3f4b767b3dd428a498
	This patch fixes changes done in commit 29c1e913e459058c12d02b3f4b767b3
	that was pushed without implementing review feedback.
	The flag introduced by the patch is changed to VIR_DOMAIN_VCPU_GUEST and
	documentation makes the difference between regular hotplug and this new
	functionality more explicit.
	The virsh options that enable the use of the new flag are changed to
	"--guest" and the documentation is fixed too.

2013-06-09  Cole Robinson  <crobinso@redhat.com>

	spec: Drop Requires: vbox
	Since this package isn't provided by any stock RH based distro. The
	upstream RPMs are called VirtualBox anyways.

2013-06-08  Richard Weinberger  <richard@nod.at>

	Fix ordering of file open in virProcessGetNamespaces
	virProcessGetNamespaces() opens files in /proc/XXX/ns/ which will
	later be passed to setns(). We have to make sure that the file
	descriptors in the array are in the correct order. In particular
	the 'user' namespace must be first otherwise setns() may fail
	for other namespaces.
	The order has been taken from util-linux's sys-utils/nsenter.c
	Also we must ignore EINVAL in setns() which occurs if the
	namespace associated with the fd, matches the calling process'
	current namespace.

2013-06-07  Michal Privoznik  <mprivozn@redhat.com>

	Prefer VIR_STRDUP over virAsprintf(&dst, "%s", str)
	There's no sense in using virAsprintf() just to duplicate a string.
	We should use VIR_STRDUP which is designed just for that.

	qemuDomainGetVcpusFlags: Initialize ncpuinfo
	Currently, there's a path to use the ncpuinfo variable uninitialized,
	which leads to a compiler warning:
	    qemu/qemu_driver.c: In function 'qemuDomainGetVcpusFlags':
	    qemu/qemu_driver.c:4573:9: error: 'ncpuinfo' may be used
	    uninitialized in this function [-Werror=maybe-uninitialized]
	             for (i = 0; i < ncpuinfo; i++) {
	             ^

2013-06-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: Implement new QMP command for cpu hotplug
	This patch implements support for the "cpu-add" QMP command that plugs
	CPUs into a live guest. The "cpu-add" command was introduced in QEMU
	1.5. For the hotplug to work machine type "pc-i440fx-1.5" is required.

	qemu: Implement support for VIR_DOMAIN_VCPU_AGENT in qemuDomainSetVcpusFlags
	This patch adds support for agent-based cpu disabling and enabling to
	qemuDomainSetVcpusFlags() API.

	qemu: Implement request of vCPU state using the guest agent
	This patch implements the VIR_DOMAIN_VCPU_AGENT flag for the
	qemuDomainGetVcpusFlags() libvirt API implementation.

	API: Introduce VIR_DOMAIN_VCPU_AGENT, for agent based CPU hot(un)plug
	This flag will allow to use qemu guest agent commands to disable
	(offline) and enable (online) processors in a live guest that has the
	guest agent running.

	qemu_agent: Introduce helpers for agent based CPU hot(un)plug
	The qemu guest agent allows to online and offline CPUs from the
	perspective of the guest. This patch adds helpers that call
	'guest-get-vcpus' and 'guest-set-vcpus' guest agent functions and
	convert the data for internal libvirt usage.

	qemu: Use bool instead of int in qemuMonitorSetCPU APIs
	The 'online' parameter has only two possible values. Use a bool for it.

	virsh-domain-monitor: Remove ATTRIBUTE_UNUSED from a argument
	The "cmd" argument in cmdList is now used. Unmark it as unused.

2013-06-07  ryan woodsmall  <rwoodsmall@gmail.com>

	Add support for VirtualBox 4.2 APIs
	A few things have changed in the VirtualBox API - some small
	(capitalizations of things in function names like Ip to IP
	and Dhcp to DHCP) and some much larger (FindMedium is superceded
	by OpenMedium). The biggest change for the sake of this patch
	is the signature of CreateMachine is quite a bit different. Using
	the Oracle source as a guide, to spin up a VM with a given UUID,
	it looks like a text flag has to be passed in a new argument to
	CreateMachine. This flag is built in the VirtualBox 4.2 specific
	ifdefs and is kind of ugly but works. Additionally, there is now
	(unused) VM groups support in CreateMachine and the previous
	'osTypeId' arg is currently set to nsnull as in the Oracle code.
	The FindMedium to OpenMedium changes were more straightforward
	and are pretty clear. The rest of the vbox template changes are
	basically spelling/capitalization changes from the looks of things.

2013-06-07  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainMigrateGraphicsRelocate: Use then new virSocketAddrIsWildcard
	Since we have the new internal API to check for wildcard address,
	we can use it instead of parsing and formatting.

	virsocket: Introduce virSocketAddrIsWildcard
	This internal API checks, if passed address is a wildcard address.

2013-06-07  Ján Tomko  <jtomko@redhat.com>

	iscsi: pass hostnames to iscsiadm instead of resolving them
	iscsiadm now supports specifying hostnames in the portal argument [1]
	Instead of resolving the hostname to a single IPv4 address, pass the
	hostname to isciadm, allowing IPv6 targets to work.
	[1] https://bugzilla.redhat.com/show_bug.cgi?id=624437

2013-06-07  Osier Yang  <jyang@redhat.com>

	qemu: Report the offset from host UTC for RTC_CHANGE event
	https://bugzilla.redhat.com/show_bug.cgi?id=964177
	Though both libvirt and QEMU's document say RTC_CHANGE returns
	the offset from the host UTC, qemu actually returns the offset
	from the specified date instead when specific date is provided
	(-rtc base=$date).
	It's not safe for qemu to fix it in code, it worked like that
	for 3 years, changing it now may break other QEMU use cases.
	What qemu tries to do is to fix the document:
	http://lists.gnu.org/archive/html/qemu-devel/2013-05/msg04782.html
	And in libvirt side, instead of replying on the value from qemu,
	this converts the offset returned from qemu to the offset from
	host UTC, by:
	  /*
	   * a: the offset from qemu RTC_CHANGE event
	   * b: The specified date (-rtc base=$date)
	   * c: the host date when libvirt gets the RTC_CHANGE event
	   * offset: What libvirt will report
	   */
	  offset = a + (b - c);
	The specified date (-rtc base=$date) is recorded in clock's def as
	an internal only member (may be useful to exposed outside?).
	Internal only XML tag "basetime" is introduced to not lose the
	guest's basetime after libvirt restarting/reloading:
	<clock offset='variable' adjustment='304' basis='utc' basetime='1370423588'/>

2013-06-06  Ján Tomko  <jtomko@redhat.com>

	qemu: simplify CPU command line parsing
	Use virStringSplit. Change the 'error' label to 'cleanup' to prevent
	memory leaks on error.

	qemu: change two-state int parameters to bool

	nwfilter: change two-state int parameters to bool

	Remove redundant two-state integers

	Replace two-state local integers with bool
	Found with 'git grep "= 1"'.

2013-06-06  Peter Krempa  <pkrempa@redhat.com>

	storage: Avoid unnecessary ternary operators and refactor the code
	Setting of local variables in virStorageBackendCreateQemuImgCmd was
	unnecessarily cluttered with ternary operators and repeated testing of
	of conditions.
	This patch refactors the function to use if statements and improves
	error reporting in case inputvol is specified but does not contain
	target path. Previously we would complain about "unknown storage vol
	type 0" instead of the actual problem.

2013-06-06  Alvaro Polo  <apoloval@gmail.com>

	openvz: Fix code coverage issue in OpenVZ driver
	After fixing an invalid usage of virDomainNetDef in OpenVZ driver,
	a coverage issue appeared. This was caused by a still invalid usage
	of net->data.ethernet.dev for non ethernet networking.

2013-06-06  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Reformat listen address prior to checking
	Currently, a listen address for a SPICE server can be specified. Later,
	when the domain is migrated, we need to relocate the graphics which
	involves telling new destination to the SPICE server. However, we can't
	just assume the listen address is the new location, because the listen
	address can be ANYCAST (0.0.0.0 for IPv4, :: for IPv6). In which case,
	we want to pass the remote hostname. But there are some troubles with
	ANYCAST. In both IPv4 and IPv6 it has many ways for specifying such
	address. For instance, in IPv4: 0, 0.0, 0.0.0, 0.0.0.0.  The number of
	variations gets bigger in IPv6 world. Hence, in order to check for
	ANYCAST address sanely, we should take the provided listen address,
	parse it and format back in it's full form. Which is exactly what this
	patch does.

2013-06-06  Eric Blake  <eblake@redhat.com>

	build: fix build without posix_fallocate
	Such as on FreeBSD.  Broken in commit aa2a4cff7.
	* src/util/virstoragefile.c (virStorageFileResize): Add missing ';',
	mark conditionally unused variables.

2013-06-05  Daniel P. Berrange  <berrange@redhat.com>

	Ensure non-root can read /proc/meminfo file in LXC containers
	By default files in a FUSE mount can only be accessed by the
	user which created them, even if the file permissions would
	otherwise allow it. To allow other users to access the FUSE
	mount the 'allow_other' mount option must be used. This bug
	prevented non-root users in an LXC container from reading
	the /proc/meminfo file.
	https://bugzilla.redhat.com/show_bug.cgi?id=967977

	Remove legacy code for single-instance devpts filesystem
	Earlier commit f7e8653f dropped support for using LXC with
	kernels having single-instance devpts filesystem from the
	LXC controller. It forgot to remove the same code from the
	LXC container setup.

2013-06-05  Peter Krempa  <pkrempa@redhat.com>

	storage: Provide better error message if metadata pre-alloc is unsupported
	Instead of a unknown flag error report that metadata pre-allocation is
	not supported with the requested volume creation method.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=969982

	storage: Clean up function header and reflow error message
	Comply with the coding standard and save a few lines.

	storagevolxml2argvtest: Report better error messages on test failure
	If the creation of the commandline failed, libvirt always reported "out
	of memory" from the virCommandToString function rather than the proper
	error that happened in virStorageBackendCreateQemuImgCmd. Error out
	earlier.

2013-06-05  Eric Blake  <eblake@redhat.com>

	maint: don't use config.h in .h files
	Enforce the rule that .h files don't need to (redundantly)
	include <config.h>.
	* cfg.mk (sc_prohibit_config_h_in_headers): New rule.
	(_virsh_includes): Delete; instead, inline a smaller number of
	exclusions...
	(exclude_file_name_regexp--sc_require_config_h)
	(exclude_file_name_regexp--sc_require_config_h_first): ...here.
	* daemon/libvirtd.h (includes): Fix offenders.
	* src/driver.h (includes): Likewise.
	* src/gnutls_1_0_compat.h (includes): Likewise.
	* src/libxl/libxl_conf.h (includes): Likewise.
	* src/libxl/libxl_driver.h (includes): Likewise.
	* src/lxc/lxc_conf.h (includes): Likewise.
	* src/lxc/lxc_driver.h (includes): Likewise.
	* src/lxc/lxc_fuse.h (includes): Likewise.
	* src/network/bridge_driver.h (includes): Likewise.
	* src/phyp/phyp_driver.h (includes): Likewise.
	* src/qemu/qemu_conf.h (includes): Likewise.
	* src/util/virnetlink.h (includes): Likewise.

2013-06-05  Osier Yang  <jyang@redhat.com>

	qemu: Abstract code for the cpu controller setting into a helper

	storage: Forbid to shrink the vol's capacity if no --shrink is specified
	As the document for "virsh-resize" says:
	<...>
	Attempts to shrink the volume will fail unless I<--shrink> is present;
	</...>
	This makes sense as it at least prevent the user shrinking the important
	data of volume without a notice.

	storage: Support preallocate the new capacity for vol-resize
	The document for "vol-resize" says the new capacity will be sparse
	unless "--allocate" is specified, however, the "--allocate" flag
	is never implemented. This implements the "--allocate" flag for
	fs backend's raw type volume, based on posix_fallocate and the
	syscall SYS_fallocate.

2013-06-05  Ján Tomko  <jtomko@redhat.com>

	virtlockd: fix socket path
	Change the socket path to match the one used by lockd driver.
	https://bugzilla.redhat.com/show_bug.cgi?id=968128

2013-06-05  Guannan Ren  <gren@redhat.com>

	snapshot: remove mutually exclusive memory and disk-only duplicate check
	The work was done at the time of snapshot xmlstring parsing
	 if (offline && def->memory &&
	     def->memory != VIR_DOMAIN_SNAPSHOT_LOCATION_NONE) {
	     virReportError(...);
	 }

2013-06-05  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: grab driver lock earlier during init (bz96649)
	This patch is in relation to Bug 966449:
	https://bugzilla.redhat.com/show_bug.cgi?id=966449
	This is a patch addressing the coredump.
	Thread 1 must be calling  nwfilterDriverRemoveDBusMatches(). It does so with
	nwfilterDriverLock held. In the patch below I am now moving the
	nwfilterDriverLock(driverState) further up so that the initialization, which
	seems to either take a long time or is entirely stuck, occurs with the lock
	held and the shutdown cannot occur at the same time.
	Remove the lock in virNWFilterDriverIsWatchingFirewallD to avoid
	double-locking.

2013-06-04  Alvaro Polo  <apoloval@gmail.com>

	Fix a invalid usage of virDomainNetDef in OpenVZ driver
	OpenVZ was accessing ethernet data to obtain the guest iface name
	regardless the domain is configured to use ethernet or bridged
	networking. This prevented the guest network interface to be rightly
	named for bridged networking.

2013-06-04  Ján Tomko  <jtomko@redhat.com>

	docs: add spaces to formatstorage.html
	Let the pool types breathe.

2013-06-04  Osier Yang  <jyang@redhat.com>

	virsh: Allow attach-disk to specify disk wwn
	Commit 6e73850b01ee support to set wwn for disks, but it was not
	exposed to attach-disk.

2013-06-04  Ján Tomko  <jtomko@redhat.com>

	tests: fix typo in securityselinuxtest

2013-06-04  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Obey pool-or-uuid spec when creating volumes
	Our documentation says a pool may be referenced by its name or UUID
	anywhere if it makes sense (pool-name and pool-uuid are the only
	exceptions). However, vol-create and vol-create-as commands did not obey
	this.

2013-06-03  Peter Krempa  <pkrempa@redhat.com>

	libvirt-qemu: Dispatch errors from virDomainQemuAgentCommand()
	The original implementation didn't follow the established pattern and
	did not dispatch errors in case of failure.

	qemu: Properly report guest agent errors on command passthrough
	The code for arbitrary guest agent passthrough was horribly broken since
	introduction. Fix it to correctly report errors.

	virsh-domain: Report errors and don't deref NULL in qemu-agent-command
	Check the returned value for NULL and take the cleanup path
	appropriately if the API fails.

	RPC: Support up to 16384 cpus on the host and 4096 in the guest
	The RPC limits for cpu maps didn't allow to use libvirt on ultra big
	boxes. This patch increases size of the limits to support a maximum of
	16384 cpus on the host with a maximum of 4096 cpus per guest.
	The full cpu map of such a system takes 8 megabytes and the map for
	vcpu pinning is 2 kilobytes long.

2013-06-03  Jiri Denemark  <jdenemar@redhat.com>

	spec: Explicitly require libgcrypt-devel
	Our configure.ac says:
	    Not all versions of gnutls include -lgcrypt, and so we add
	    it explicitly for the calls to gcry_control/check_version
	Thus we cannot rely on gnutls-devel to bring grcypt-devel as a
	dependency.

	virsh iface-bridge: Ignore delay if stp is turned off
	Delay only makes sense with STP enabled.

	Fix warning about using an uninitialized next_unit value
	Using an uninitialized value and a bool saying if the value is valid may
	confuse compilators.

2013-06-03  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Add --live, --config, --current logic to cmdAttachInterface
	Use the approach established in commit
	69ce3ffa8d431e9810607c6e00b7cfcc481b491d to improve this function too.

	virsh-domain: Add --live, --config, --current logic to cmdAttachDisk
	Use the approach established in commit
	69ce3ffa8d431e9810607c6e00b7cfcc481b491d to improve this function too.

	virsh-domain: Add --live, --config, --current logic to cmdAttachDevice
	Use the approach established in commit
	69ce3ffa8d431e9810607c6e00b7cfcc481b491d to improve this function too.

2013-06-03  Ján Tomko  <jtomko@redhat.com>

	use virBitmapFree instead of VIR_FREE for cpumask
	Found by 'git grep FREE.*cpumask' after looking at 31f1f6b.

2013-06-03  Martin Kletzander  <mkletzan@redhat.com>

	usb: don't spoil decimal addresses
	For USB devices, dev->name gets formated as %.3o:%.3o even though the
	numbers are decimal.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=967712

2013-06-03  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt 1.0.6
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: pull localization updates and regenerate the po

2013-06-03  Osier Yang  <jyang@redhat.com>

	Storage: Fix the indention of rbd test file

	nodedev_hal: Modernize the function's style
	Use style like:
	void
	foo (const char *name)
	{
	    printf("Hello, %s\n", name);
	}
	Later patches will clean up node_device_hal.c more.

2013-06-01  Osier Yang  <jyang@redhat.com>

	conf: Generate address for scsi host device automatically
	With unknown good reasons, the attribute "bus" of scsi device
	address is always set to 0, same for attribute "target". (See
	virDomainDiskDefAssignAddress).
	Though we might need to change the algorithm to honor "bus"
	and "target" too, that's a different issue. The address generator
	for scsi host device in this patch just follows the unknown
	good reasons, only considering the "controller" and "unit".
	It walks through all scsi controllers and their units, to see
	if the address $controller:0:0:$unit can be used (if not used
	by any disk or scsi host device yet), if found one, it sits on
	it, otherwise, it creates a new controller (actually the controller
	is implicitly created by someone else), and sits on
	$new_controller:0:0:0 instead.

2013-06-01  Laine Stump  <laine@laine.org>

	qemu: prevent termination of guests w/hostdev on driver reconnect
	This should resolve:
	  https://bugzilla.redhat.com/show_bug.cgi?id=959191
	The problem was that qemuUpdateActivePciHostdevs was returning 0
	(success) when no hostdevs were present, but would otherwise return -1
	(failure) even when it completed successfully. It is only called from
	qemuProcessReconnect(), and when qemuProcessReconnect got back an
	error, it would not only stop reconnecting, but would terminate the
	guest qemu process "to remove danger of it ending up running twice if
	user tries to start it again later".
	(This bug was introduced in commit 011cf7ad, which was pushed between
	v1.0.2 and v1.0.3, so all maintenance branches from v1.0.3 up to 1.0.5
	will need this one line patch applied.)

2013-06-01  Guido Günther  <agx@sigxcpu.org>

	vbox: define DYNLIB_NAME for kFreeBSD
	Similar to what Eric did for Cygwin it helps at least to compile
	without --without-vbox

2013-06-01  Eric Blake  <eblake@redhat.com>

	build: skip qemu in tests when !WITH_QEMU
	A mingw build (where the qemu driver is not built, so WITH_QEMU
	is undefined) failed with:
	In file included from ../../src/qemu/qemu_command.h:30:0,
	                 from ../../tests/testutilsqemu.h:4,
	                 from ../../tests/networkxml2xmltest.c:14:
	../../src/qemu/qemu_conf.h:53:4: error: #error "Port me"
	But since testutilsqemu.c is already conditional, the header
	should be likewise.
	* tests/testutilsqemu.h: Make content conditional.

2013-06-01  Daniel P. Berrange  <berrange@redhat.com>

	Introduce virFilePrintf() as a portable fprintf()
	We can't use GNULIB's fprintf-posix due to licensing
	incompatibilities. We do already have a portable
	formatting via virAsprintf() which we got from GNULIB
	though. We can use to create a virFilePrintf() function.
	But really gnulib could just provide a 'fprintf'
	module, that depended on just its 'asprintf' module.

2013-06-01  Jiri Denemark  <jdenemar@redhat.com>

	Document that runtime changes may be lost after S4 suspend

2013-05-31  Ján Tomko  <jtomko@redhat.com>

	qemu: escape literal IPv6 address in NBD migration
	A literal IPv6 must be escaped, otherwise migration fails with:
	unable to execute QEMU command 'drive-mirror': address resolution failed
	for f0::0d:5901: Servname not supported for ai_socktype
	since QEMU treats everything after the first ':' as the port.

2013-05-31  John Ferlan  <jferlan@redhat.com>

	Check for existence of interface prior to setting terminate flag
	https://bugzilla.redhat.com/show_bug.cgi?id=903480
	During domain destruction it's possible that the learnIPAddressThread has
	already removed the interface prior to the teardown filter path being run.
	The teardown code would only be telling the thread to terminate.

	Resolve memory leak found by valgrind
	Commit '6afdfc8e' adjusted the exit and error paths to go through the error
	and cleanup labels, but neglected to remove the return ret prior to cleanup.
	Also noted the 'type' xml string fetch was never checked for NULL which
	could lead to some interesting results.

2013-05-31  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Don't kill access to disk if snapshot creation fails
	If snapshot creation failed for example due to invalid use of the
	"REUSE_EXTERNAL" flag, libvirt killed access to the original image file
	instead of the new image file. On machines with selinux this kills the
	whole VM as the selinux context is enforced immediately.
	* qemu_driver.c:qemuDomainSnapshotUndoSingleDiskActive():
	    - Kill access to the new image file instead of the old one.
	Partially resolves: https://bugzilla.redhat.com/show_bug.cgi?id=906639

	qemu: Fix damaged whitespace
	After deleting "WithDriver" from the async job function the code was
	unaligned.

2013-05-31  Martin Kletzander  <mkletzan@redhat.com>

	Properly indent function's opening bracket

2013-05-31  Eric Blake  <eblake@redhat.com>

	build: use correct rpc.h for virtlockd
	Commit d671121d was incomplete; I hit another compile fail on
	cygwin not finding the correct rpc/rpc.h.
	* src/Makefile.am (virtlockd_CFLAGS): Add XDR_CFLAGS.

	build: work around cygwin header bug
	A bug in Cygwin [1] and poor error messages from gcc [2] lead
	to this confusing compilation error:
	qemu/qemu_monitor.c:418:9: error: passing argument 2 of 'sendmsg' from incmpatible pointer type
	/usr/include/sys/socket.h:42:11: note: expected 'const struct msghdr *' but argument is of type 'struct msghdr *'
	[1] http://cygwin.com/ml/cygwin/2013-05/msg00451.html
	[2] http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57475
	* src/qemu/qemu_monitor.c (includes): Include <sys/socket.h>
	before <sys/un.h>.

	build: cast [ug]id_t when printing
	This is a recurring problem for cygwin :)
	For example, see commit 23a4df88.
	qemu/qemu_driver.c: In function 'qemuStateInitialize':
	qemu/qemu_driver.c:691:13: error: format '%d' expects type 'int', but argument 8 has type 'uid_t' [-Wformat]
	* src/qemu/qemu_driver.c (qemuStateInitialize): Add casts.
	* daemon/remote.c (remoteDispatchAuthList): Likewise.

2013-05-30  Eric Blake  <eblake@redhat.com>

	build: port qemu to cygwin
	A cygwin build of the qemu driver fails with:
	qemu/qemu_process.c: In function 'qemuPrepareCpumap':
	qemu/qemu_process.c:1803:31: error: 'CPU_SETSIZE' undeclared (first use in this function)
	CPU_SETSIZE is a Linux extension in <sched.h>; a bit more portable
	is using sysconf if _SC_NPROCESSORS_CONF is defined (several platforms
	have it, including Cygwin).  Ultimately, I would have preferred to
	use gnulib's 'nproc' module, but it is currently under an incompatible
	license.
	* src/qemu/qemu_conf.h (QEMUD_CPUMASK_LEN): Provide definition on
	cygwin.

	build: use correct rpc.h for lockd
	On cygwin, the build failed with:
	In file included from ./rpc/virnetmessage.h:24:0,
	                 from ./rpc/virnetclient.h:29,
	                 from locking/lock_driver_lockd.c:31:
	./rpc/virnetprotocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory
	* src/Makefile.am (lockd_la_CFLAGS): Add XDR_CFLAGS.

	build: work around broken sasl header
	Compilation on cygwin failed due to a bug in the sasl headers
	present on that platform (libsasl2-devel 2.1.26):
	In file included from rpc/virnetserverclient.c:27:0:
	/usr/include/sasl/sasl.h:230:38: error: expected declaration specifiers or '...' before 'size_t'
	Upstream is aware of their bug:
	https://bugzilla.cyrusimap.org/show_bug.cgi?id=3759
	* src/rpc/virnetserverclient.c (includes): Ensure size_t is
	defined before using sasl.h.

	build: fix typo in earlier commit
	Bummer, I committed, then fixed a typo, then tested, and forgot to
	amend the commit before pushing 7d21d6b6.
	* src/rpc/virnettlscontext.c (includes): Use correct spelling.

2013-05-30  Cole Robinson  <crobinso@redhat.com>

	virsh: migrate: Don't disallow --p2p and --migrateuri
	Because it's a valid combination. p2p still uses a separate channel
	for qemu migration, so there's value in letting the user specify a manual
	migrate URI for overriding auto-port, or libvirt's FQDN lookup.
	What _isn't_ allowed is --migrateuri and TUNNELLED, since there is
	no separate migration channel. Disallow that instead

	qemu: migration: error if tunnelled + storage specified
	Since as the code indicates it doesn't work yet, so let's be
	explicit about it.

	qemu: migration: Improve p2p error if we can't open conn
	By actually showing the Open() error to the user

2013-05-29  Eric Blake  <eblake@redhat.com>

	build: fix build without libvirtd
	Building when configured --with-libvirtd=no fails with:
	In file included from ../src/qemu/qemu_command.h:30:0,
	                 from testutilsqemu.h:4,
	                 from networkxml2xmltest.c:14:
	../src/qemu/qemu_conf.h:175:5: error: expected specifier-qualifier-list before 'virStateInhibitCallback'
	* src/libvirt_internal.h (virStateInhibitCallback): Move outside
	of conditional.

	build: fix build with newer gnutls
	Building with gnutls 3.2.0 (such as shipped with current cygwin) fails
	with:
	rpc/virnettlscontext.c: In function 'virNetTLSSessionGetKeySize':
	rpc/virnettlscontext.c:1358:5: error: implicit declaration of function 'gnutls_cipher_get_key_size' [-Wimplicit-function-declaration]
	Yeah, it's stupid that gnutls broke API by moving their declaration
	into a new header without including that header from the old one,
	but it's easy enough to work around, all without breaking on gnutls
	1.4.1 (hello RHEL 5) that lacked the new header.
	* configure.ac (gnutls): Check for <gnutls/crypto.h>.
	* src/rpc/virnettlscontext.c (includes): Include additional header.

2013-05-29  Osier Yang  <jyang@redhat.com>

	storage_conf: Use uid_t/gid_t instead of int to cast the value
	And error out if the casted value is not same with the original
	one, which prevents the bug on platform(s) where uid_t/gid_t
	has different size with long.

	storage_conf: Improve error messages
	virStoragePoolDefParseSource:
	  * Better error message
	virStoragePoolObjLoad:
	  * Break the line line

	storage_conf: Use NULLSTR instead

	storage_conf: Improve the memory deallocation of virStorageVolDefParseXML
	Changes:
	  * Add a new goto label "error"
	  * Free the strings at "cleanup"
	  * Remove the unnecessary frees

	storage_conf: Improve the memory deallocation of pool def parsing
	Changes:
	    * Free all the strings at "cleanup", instead of freeing them
	      in the middle
	    * Remove xmlFree
	    * s/tmppath/target_path/, to make it more sensible
	    * Add new goto label "error"

2013-05-29  Michal Privoznik  <mprivozn@redhat.com>

	qemuOpenVhostNet: Decrease vhostfdSize on open failure
	Currently, if there's an error opening /dev/vhost-net (e.g. because
	it doesn't exist) but it's not required we proceed with vhostfd array
	filled with -1 and vhostfdSize unchanged. Later, when constructing
	the qemu command line only non-negative items within vhostfd array
	are taken into account. This means, vhostfdSize may be greater than
	the actual count of non-negative items in vhostfd array. This results
	in improper command line arguments being generated, e.g.:
	-netdev tap,fd=21,id=hostnet0,vhost=on,vhostfd=(null)

2013-05-29  Eric Blake  <eblake@redhat.com>

	build: fix build with older gcc
	gcc 4.1.2 (hello, RHEL 5!) fails to build on 32-bit platforms with:
	conf/domain_conf.c: In function 'virDomainDefParseXML':
	conf/domain_conf.c:10581: warning: integer constant is too large for 'long' type
	Problem introduced in commit f8e3221f9.
	* src/conf/domain_conf.c (virDomainDefParseXML): Mark large constants.

	build: drop unused variable
	Compilation for mingw failed:
	../../src/util/virutil.c: In function 'virGetWin32DirectoryRoot':
	../../src/util/virutil.c:1094:9: error: unused variable 'ret' [-Werror=unused-variable]
	* src/util/virutil.c (virGetWin32DirectoryRoot): Silence compiler
	warning.

2013-05-28  Eric Blake  <eblake@redhat.com>

	syntax: fix broken error message in previous patch
	Osier Yang pointed out that I introduced a syntax error in my
	syntax check (I really shouldn't make last-minute changes without
	testing them....).
	/bin/sh: -c: line 2: syntax error near unexpected token `;'
	/bin/sh: -c: line 2: `  { echo 'maint.mk: incorrect whitespace, see HACKING for rules' 2>&; \'
	make: *** [bracket-spacing-check] Error 1
	* cfg.mk (bracket-spacing-check): Fix copy-and-paste error.

2013-05-28  Cole Robinson  <crobinso@redhat.com>

	qemu: Don't report error on successful media eject
	If we are just ejecting media, ret == -1 even after the retry loop
	determines that the tray is open, as requested. This means media
	disconnect always report's error.
	Fix it, and fix some other mini issues:
	- Don't overwrite the 'eject' error message if the retry loop fails
	- Move the retries decrement inside the loop, otherwise the final loop
	  might succeed, yet retries == 0 and we will raise error
	- Setting ret = -1 in the disk->src check is unneeded
	- Fix comment typos
	cc: mprivozn@redhat.com

2013-05-28  Eric Blake  <eblake@redhat.com>

	syntax-check: mandate space after mid-line semicolon
	Enforce the style cleanup in the previous patch.
	* build-aux/bracket-spacing.pl: Enforce trailing spacing.
	* cfg.mk (bracket-spacing-check): Tweak error wording.
	* docs/hacking.html.in: Document the rule.
	* HACKING: Regenerate.

	syntax: prefer space after semicolon in for loop
	I noticed several unusual spacings in for loops, and decided to
	fix them up.  See the next commit for the syntax check that found
	all of these.
	* examples/domsuspend/suspend.c (main): Fix spacing.
	* python/libvirt-override.c: Likewise.
	* src/conf/interface_conf.c: Likewise.
	* src/security/virt-aa-helper.c: Likewise.
	* src/util/virconf.c: Likewise.
	* src/util/virhook.c: Likewise.
	* src/util/virlog.c: Likewise.
	* src/util/virsocketaddr.c: Likewise.
	* src/util/virsysinfo.c: Likewise.
	* src/util/viruuid.c: Likewise.
	* src/vbox/vbox_tmpl.c: Likewise.
	* src/xen/xen_hypervisor.c: Likewise.
	* tools/virsh-domain-monitor.c (vshDomainStateToString): Drop
	default case, to let compiler check us.
	* tools/virsh-domain.c (vshDomainVcpuStateToString): Likewise.

2013-05-28  yangdongsheng  <yangds.fnst@cn.fujitsu.com>

	util: fix the VIR_STRDUP when src is NULL
	When src is NULL, VIR_STRDUP will return 0 directly.
	This patch will set dest to NULL before VIR_STRDUP return.
	Example:
	[root@yds-pc libvirt]# virsh
	Welcome to virsh, the virtualization interactive terminal.
	Type: 'help' for help with commands
	'quit' to quit
	virsh # connect
	error: Failed to connect to the hypervisor
	error: internal error Unable to parse URI �N�*

2013-05-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix build without gnutls
	"error" label in qemuMigrationCookieGraphicsAlloc is now used
	unconditionally thanks to VIR_STRDUP.

2013-05-25  Sergey Fionov  <fionov@gmail.com>

	qemu: save domain state to XML after reboot
	Currently qemuDomainReboot() does reboot in two phases:
	qemuMonitorSystemPowerdown() and qemuProcessFakeReboot().
	qemuMonitorSystemPowerdown() shutdowns the domain and saves domain
	state/reason as VIR_DOMAIN_SHUTDOWN_UNKNOWN.
	qemuProcessFakeReboot() sets domain state/reason to
	VIR_DOMAIN_RESUMED_UNPAUSED but does not save domain state changes.
	Subsequent restart of libvirtd leads to restoring domain state/reason to
	saved that is VIR_DOMAIN_SHUTDOWN_UNKNOWN and to automatic shutdown of
	the domain. This commit adds virDomainSaveStatus() into
	qemuProcessFakeReboot() to avoid unexpected shutdowns.

2013-05-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix dynamic VI object type detection
	VI objects support inheritance with subtype polymorphism. For example the
	FileInfo object type is extended by FloppyImageFileInfo, FolderFileInfo
	etc. Then SearchDatastore_Task returns an array of FileInfo objects and
	depending on the represented file the FileInfo is actually a FolderFileInfo
	or FloppyImageFileInfo etc. The actual type information is stored as XML
	attribute that allows clients such as libvirt to distinguish between the
	actual types. esxVI_GetActualObjectType is used to extract the actual type.
	I assumed that this mechanism would be used for all VI object types that
	have subtypes. But this is not the case. It seems only to be used for types
	that are actually used as generic base type such as FileInfo. But it is not
	used for types that got extended later such as ElementDescription that was
	extended by ExtendedElementDescription (added in vSphere API 4.0) or that
	are not meant to be used with subtype polymorphism.
	This breaks the deserialization of types that contain ElementDescription
	properties such as PerfCounterInfo or ChoiceOption, because the code
	expects an ElementDescription object to have an XML attribute named type
	that is not present, since ExtendedElementDescription was added to the
	esx_vi_generator.input in commit 60f0f55ee4686fecbffc5fb32f90863427d02a14.
	This in turn break virtual machine question handling and auto answering.
	Fix this by using the base type if no XML type attribute is present.

2013-05-25  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	spec: Build vbox packages only for x86 architectures
	Commit 6ab6bc19f03513fd87d29ecfd405bb7f4a7de114 has introduced separate
	daemon/driver packages for vbox. These should only be built for x86
	architectures which is done hereby.

2013-05-24  Osier Yang  <jyang@redhat.com>

	security_dac: Fix the coding style
	Pushed under trivial rule.

2013-05-24  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to new VIR_STRNDUP behavior
	With previous patch, we accept negative value as length of string to
	duplicate. So there is no need to pass strlen(src) in case we want to do
	duplicate the whole string.

	virStrndup: Accept negative values as string length
	It may shorten the code a bit as the following pattern:
	  VIR_STRNDUP(dst, src, cond ? n : strlen(src))
	is used on several places among our code. However, we can
	move the strlen into virStrndup and thus write just:
	  VIR_STRNDUP(dst, src, cond ? n : -1)

2013-05-24  Osier Yang  <jyang@redhat.com>

	storage_conf: Fix the error type
	s/VIR_ERR_INTERNAL_ERROR/VIR_ERR_XML_ERROR/.

	storage_conf: Put "%s" at the same line with error type
	Trivial, but it allows the "error message" to have more spaces.

	storage_conf: Use xmlStrEqual instead of STREQ
	And improve the error message

	storage_conf: Remove the useless casting

	storage_conf: Don't leak "uuid" in virStoragePoolDefParseAuthCephx
	Any string returned from virXPathString should be freed.

	storage_conf: Fix the wrong error message
	It's for parsing "login" attribute of "auth".

2013-05-24  Ján Tomko  <jtomko@redhat.com>

	syntax-check: ignore all quoted strings in bracket-spacing
	Ignore strings with an escaped double quote too.
	This removes the need for special handling of quotes in the
	semicolon check.

2013-05-24  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Remove error report in virNWFilterDHCPSnoopEnd
	Remove error reporting when calling the virNWFilterDHCPSnoopEnd
	function with an interface for which no thread is snooping traffic.
	Document the usage of this function.

2013-05-24  Martin Kletzander  <mkletzan@redhat.com>

	Fix blkdeviotune for shutoff domain
	Function qemuDomainSetBlockIoTune() was checking QEMU capabilities
	even when !(flags & VIR_DOMAIN_AFFECT_LIVE) and the domain was
	shutoff, resulting in the following problem:
	 virsh # domstate asdf; blkdeviotune asdf vda --write-bytes-sec 100
	 shut off
	 error: Unable to change block I/O throttle
	 error: unsupported configuration: block I/O throttling not supported with this QEMU binary
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=965016

2013-05-24  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	cgroups: Do not enforce nonexistent controllers
	Currently, the controllers argument to virCgroupDetect acts both as
	a result filter and a required controller specification, which is
	a bit overloaded. If both functionalities are needed, it would be
	better to have them seperated into a filter and a requirement mask.
	The only situation where it is used today is to ensure that only
	CPU related controllers are used for the VCPU directories. But here
	we clearly do not want to enforce the existence of cpu, cpuacct and
	specifically not cpuset at the same time.
	This commit changes the semantics of controllers to "filter only".
	Should a required mask ever be needed, more work will have to be done.

2013-05-24  Osier Yang  <jyang@redhat.com>

	virsh: Fix regression of vol-resize
	Introduced by commit 1daa4ba33acf. vshCommandOptStringReq returns
	0 on *success* or the option is not required && not present, both
	are right result. Error out when returning 0 is not correct.
	the caller, it doesn't have to check wether it

2013-05-24  Michal Privoznik  <mprivozn@redhat.com>

	Introduce syntax-check rule to prefer VIR_STRDUP over strdup

	Adapt to VIR_STRDUP and VIR_STRNDUP in tools/virsh.c

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/util/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/util/vircgroup.c
	This commit is separate due to unusual paradigm compared to the
	most source files.

	virCgroupAddTaskStrController: s/-1/-ENOMEM/
	Within whole vircgroup.c we 'return -errno', e.g. 'return -ENOMEM'.
	However, in this specific function virCgroupAddTaskStrController
	we weren't returning -ENOMEM but -1 despite fact that later in
	the function we are returning one of errno values indeed.

2013-05-24  John Ferlan  <jferlan@redhat.com>

	xen: Resolve Coverity FORWARD_NULL issue
	Commit '18b14012' refactored the Xen code resulting in a Coverity
	warning about possible NULL reference if the path where the XM driver
	takes puts the def on it's list.  Moved/duplicated the virGetDomain()
	call to pacify the possible NULL deref.

2013-05-24  Cole Robinson  <crobinso@redhat.com>

	docs: domain: /dev/urandom isn't a valid rng patch
	Only /dev/random and /dev/hwrng are accepted, list them explicitly.

2013-05-24  Ján Tomko  <jtomko@redhat.com>

	conf: add missing OOM errors

2013-05-23  Ján Tomko  <jtomko@redhat.com>

	qemu: fix NBD migration to hosts with IPv6 enabled
	Since f03dcc5 we use [::] as the listening address both on qemu
	command line in -incoming and in nbd-server-start QMP command.
	However the latter requires just :: without the braces.

	conf: fix use after free in virChrdevOpen
	Don't free the stream on error if we've successfully added it
	to the hash table, since it will be freed by virChrdevHashEntryFree
	callback.
	Preserve the error message before calling virStreamFree, since it
	resets the error.
	Introduced by 4716138, crashing since 6921892.
	Reported by Sergey Fionov on libvir-list.

2013-05-23  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/xenxs/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/xenapi/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/xen/*

	virNetMessageSaveError: Fix copy and paste error
	Previously, we were freeing verr fields instead of rerr which we've
	allocated just a line above.

	virNWFilterHashTablePut: Free the correct variable
	In bf1fe848 I've introduced 'newName' variable to substitute the old
	'const char *name' as previously we had an ugly code there:
	  name = strdup(name);
	However, some parts of the function were not updated, so they were still
	calling VIR_FREE(name) instead of VIR_FREE(newName).

	umlConnectTapDevice: initialize tapfd variable
	There is possibility to jump to 'cleanup' label without tapfd variable
	being initialized. In the label, VIR_FORCE_CLOSE(tapfd) is called which
	can have fatal consequences.

2013-05-23  Marek Marczykowski  <marmarek@invisiblethingslab.com>

	remote: fix dom->id after virDomainCreateWithFlags
	The same issue as (already fixed) in virDomainCreate -
	REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS doesn't return new domain ID, only
	-1 on error or 0 on success.
	Besides this one fix it is more general problem - local domain object
	ID can desynchronize with the real one, for example in case of another
	client creates/destroys domain in the meantime. Perhaps virDomainGetID
	should be called remotely (with all performance implications...)? Or
	some event-based notification used?

2013-05-23  Osier Yang  <jyang@redhat.com>

	Fix the build failure
	Commit 16251193afdc forgot to include "virstring.h". Pushed under
	build-breaker rule.

2013-05-23  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Fix virDomainFree for NULL domain in blkdeviotune

2013-05-23  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/security/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/rpc/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/remote/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/qemu/*

2013-05-23  Zhang Xiaohe  <zhangxh@cn.fujitsu.com>

	virsh: omit OPTION section in 'virsh help' if no option exists
	Don't print 'OPTION' if there's no options. Just behaves as DESCRIPTION
	does.
	This mostly affects 'interface' command group.
	Reported-by: Li Yang <liyang.fnst@cn.fujitsu.com>

2013-05-23  Michal Privoznik  <mprivozn@redhat.com>

	Change virConnectDomainEventGraphicsCallback signature
	For future work we need _virDomainEventGraphicsAddress and
	_virDomainEventGraphicsSubjectIdentity members to be char * not const
	char *. We are strdup()-ing them anyway, so they should have been char *
	anyway (from const correctness POV). However, we don't want users to
	change passed values, so we need to make the callback's argument const.
	Although this is an API change (not ABI though), real callers won't be
	impacted. Why?
	 1. these callback members are read-only, so it is less likely that
	someone is trying to assign into the struct members.
	 2. The only way to register a virConnectDomainEventGraphicsCallback is
	to cast it through a call to virConnectDomainEventRegisterAny.  That is,
	even if the user's callback function leaves out the const, we never use
	the typedef as the direct type of any API parameter.  Since they are
	already casting their function pointer into a munged type before
	registering it, their code will continue to compile.

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/openvz/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/conf/*

	virNetDevTapCreate: Fail on systems not supporting IFF_MULTI_QUEUE
	In my previous patches I enabled the IFF_MULTI_QUEUE flag every
	time the user requested multiqueue TAP device. However, this
	works only at runtime. During build time the flag may be
	undeclared.

2013-05-22  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Enable multiqueue network

	qemu: Adapt qemuBuildInterfaceCommandLine to to multiqueue net
	In order to learn libvirt multiqueue several things must be done:
	1) The '/dev/net/tun' device needs to be opened multiple times with
	IFF_MULTI_QUEUE flag passed to ioctl(fd, TUNSETIFF, &ifr);
	2) Similarly, '/dev/vhost-net' must be opened as many times as in 1)
	in order to keep 1:1 ratio recommended by qemu and kernel folks.
	3) The command line construction code needs to switch from 'fd=X' to
	'fds=X:Y:...:Z' and from 'vhostfd=X' to 'vhostfds=X:Y:...:Z'.
	4) The monitor handling code needs to learn to pass multiple FDs.

	qemu: Move interface cmd line construction into a separate function
	Currently, we have one huge function to construct qemu command line.
	This is very ineffective esp. if there's a fault somewhere.

	Introduce /domain/devices/interface/driver/@queues attribute
	This attribute is going to represent number of queues for
	multique vhost network interface. This commit implements XML
	extension part of the feature and add one test as well. For now,
	we can only do xml2xml test as qemu command line generation code
	is not adapted yet.

2013-05-22  Guannan Ren  <gren@redhat.com>

	qemu: add ', share=<policy>' to qemu commandline
	example: qemu ${otherargs} \
	             -vnc 127.0.0.1:0,share=allow-exclusive

	conf: add 'sharePolicy' attribute to graphics element for vnc
	 -vnc :5900,share=allow-exclusive
	allows clients to ask for exclusive access which is
	implemented by dropping other connections Connecting
	multiple clients in parallel requires all clients asking
	for a shared session (vncviewer: -shared switch)
	 -vnc :5900,share=force-shared
	disables exclusive client access.  Useful for shared
	desktop sessions, where you don't want someone forgetting
	specify -shared disconnect everybody else.
	 -vnc :5900,share=ignore
	completely ignores the shared flag and allows everybody
	connect unconditionally

	qemu: new vnc display sharing policy caps flag
	QEMU_CAPS_VNC_SHARE_POLICY (qemu >= 1.1)

2013-05-22  Ján Tomko  <jtomko@redhat.com>

	vbox: fix VIR_STRDUP value check
	In my review of 31532ca I missed the fact that VIR_STRDUP
	now returns 1 on success, and 0 if the source was NULL.
	(This still doesn't add proper OOM error handling.)

2013-05-22  Osier Yang  <jyang@redhat.com>

	syntax-check: Add the rule to forbid whitespace before ";"
	Only a few cases are allowed:
	1) The expression is empty for "for" loop, E.g.
	  for (i = 0; ; i++)
	2) An empty statement
	  while (write(statuswrite, &status, 1) == -1 &&
	         errno == EINTR)
	      ; /* empty */
	3) ";" is inside double-quote, I.e, as part of const string. E.g.
	  vshPrint(ctl, "a ; b ; cd;\n");
	The "for" loop in src/rpc/virnettlscontext.c is the special case,
	1) applies for it, so change it together in this patch.

	nwfilter: Change the comment style
	The more common habit is to add the comment after the statements.

	Fix the syntax-check failure
	Introduced by commit 7ac2c4fe624, pushed under build-breaker rule.

2013-05-22  Guannan Ren  <gren@redhat.com>

	interface: list all interfaces with flags == 0
	virConnectListAllInterfaces should support to list all of
	interfaces when the value of flags is 0. The behaviour is
	consistent with other virConnectListAll* APIs

2013-05-22  Eric Blake  <eblake@redhat.com>

	cgroup: be robust against cgroup movement races
	https://bugzilla.redhat.com/show_bug.cgi?id=965169 documents a
	problem starting domains when cgroups are enabled; I was able
	to reliably reproduce the race about 5% of the time when I added
	hooks to domain startup by 3 seconds (as that seemed to be about
	the length of time that qemu created and then closed a temporary
	thread, probably related to aio handling of initially opening
	a disk image).  The problem has existed since we introduced
	virCgroupMoveTask in commit 9102829 (v0.10.0).
	There are some inherent TOCTTOU races when moving tasks between
	kernel cgroups, precisely because threads can be created or
	completed in the window between when we read a thread id from the
	source and when we write to the destination.  As the goal of
	virCgroupMoveTask is merely to move ALL tasks into the new
	cgroup, it is sufficient to iterate until no more threads are
	being created in the old group, and ignoring any threads that
	die before we can move them.
	It would be nicer to start the threads in the right cgroup to
	begin with, but by default, all child threads are created in
	the same cgroup as their parent, and we don't want vcpu child
	threads in the emulator cgroup, so I don't see any good way
	of avoiding the move.  It would also be nice if the kernel were
	to implement something like rename() as a way to atomically move
	a group of threads from one cgroup to another, instead of forcing
	a window where we have to read and parse the source, then format
	and write back into the destination.
	* src/util/vircgroup.c (virCgroupAddTaskStrController): Ignore
	ESRCH, because a thread ended between read and write attempts.
	(virCgroupMoveTask): Loop until all threads have moved.

2013-05-21  Osier Yang  <jyang@redhat.com>

	src/*.[ch]: Remove the whitespace before ";"

	src/locking: Remove the whitespace before ";"

	python: Remove the whitespace before ";"

	examples: Remove the whitespace before ';'

	src/lxc: Remove the whitespace before ";"

	src/remote: Remove the whitespace before ";"

	src/rpc: Remove the whitespace before ";"

	src/utils: Remove the whitespace before ";"

	tests/: Remove the whitespace before ";"

	daemon: Remove the whitespace before ";"

	tools: Remove the whitespace before ";"

	src/storage: Remove the whitespace before ';'

	src/security: Remove the whitespace before ';'

	src/xen: Remove the whitespace before ';'

	src/vmware: Remove the whitespace before ';'

	src/qemu: Remove the whitespace before ';'

	src/interface: Remove the whitespace before ';'

	src/parallels: Remove the whitespace before ';'

	src/uml: Remove the whitespace before ';'

	src/openvz: Remove the whitespace before ';'

	src/node_device: Remove the whitespace before ';'

	src/phyp: Remove the whitespace before ';'

	src/nwfilter: Remove the whitespace before ';'

	src/xenxs: Remove the whitespace before ';'

	src/vbox: Remove the whitespace before ';'

	src/test: Remove the whitespace before ';'

	src/conf: Remove the whitespace before ';'

	src/libxl: Remove the whitespace before ';'

	src/network: Remove the whitespace before ';'

2013-05-21  Daniel P. Berrange  <berrange@redhat.com>

	Convert Xen domain core dump driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain coredump
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain stats/peek driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain stats &
	peek APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain scheduler driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain scheduler
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain autostart driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain autostart
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain device hotplug driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain hotplug
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain VCPU driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain VCPU
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain create/define/getxml/migration APIs to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain create, migrate,
	getxml, & define APIs to simplify introduction of ACL security
	checks. The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain managed save driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain save
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain property driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain property
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain lifecycle driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain lifecycle
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain lookup driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain lookup
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

2013-05-21  Osier Yang  <jyang@redhat.com>

	qemu: Don't remove the "return 0"
	Commit f60a50c7957 intended to remove the warning only, but not with
	the "return 0" together.

2013-05-21  John Ferlan  <jferlan@redhat.com>

	shunloadtest: Resolve Coverity CHECKED_RETURN error
	The shunloadStart function didn't check the status of virInitialize which
	was flagged by Coverity.  Adjust the function and shunloadtest in order
	to handle the situation.

	xencapstest: Resolve Coverity CHECKED_RETURN error
	The return from virInitialize() needs to be checked.

2013-05-21  Guannan Ren  <gren@redhat.com>

	qemu: fix a typo in qemuAddSharedDevice

2013-05-21  Ján Tomko  <jtomko@redhat.com>

	docs: formatdomain: fix links in the table of contents

2013-05-21  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainChangeEjectableMedia: Unlock domain while waiting for event
	In 84c59ffa I've tried to fix changing ejectable media process. The
	process should go like this:
	1) we need to call 'eject' on the monitor
	2) we should wait for 'DEVICE_TRAY_MOVED' event
	3) now we can issue 'change' command
	However, while waiting in step 2) the domain monitor was locked. So
	even if qemu reported the desired event, the proper callback was not
	called immediately. The monitor handling code needs to lock the
	monitor in order to read the event. So that's the first lock we must
	not hold while waiting. The second one is the domain lock. When
	monitor handling code reads an event, the appropriate callback is
	called then. The first thing that each callback does is locking the
	corresponding domain as a domain or its device is about to change
	state. So we need to unlock both monitor and VM lock. Well, holding
	any lock while sleep()-ing is not the best thing to do anyway.

2013-05-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Replace almost all esxVI_String_DeepCopyValue vith VIR_STRDUP

	vmware: Restore OOM error reporting in vmwareCopyVMXFileName
	Got lost in commit e6ab10098066dd04794ff2ee5d10bc9b1db93327.

2013-05-21  Eric Blake  <eblake@redhat.com>

	maint: enforce correct copyright usage
	To ensure we don't regress and cause the need for further
	cleanups, add a 'make syntax-check' rule that ensures new
	files have proper copyright contents.
	* cfg.mk (sc_copyright_address): Rename...
	(sc_copyright_usage): ...and enhance.

	maint: refer to correct license file
	Now that COPYING no longer contains the text of the LGPL,
	modify the LGPLv2-only files from vbox to call out the
	correct file.
	* src/vbox/vbox_CAPI_v2_2.h: Refer to correct file.
	* src/vbox/vbox_CAPI_v3_0.h: Likewise.
	* src/vbox/vbox_CAPI_v3_1.h: Likewise.
	* src/vbox/vbox_CAPI_v3_2.h: Likewise.
	* src/vbox/vbox_CAPI_v4_0.h: Likewise.
	* src/vbox/vbox_CAPI_v4_1.h: Likewise.
	* src/vbox/vbox_V2_2.c: Likewise.
	* src/vbox/vbox_V3_0.c: Likewise.
	* src/vbox/vbox_V3_1.c: Likewise.
	* src/vbox/vbox_XPCOMCGlue.c: Likewise.
	* src/vbox/vbox_XPCOMCGlue.h: Likewise.
	* src/vbox/vbox_driver.c: Likewise.
	* src/vbox/vbox_driver.h: Likewise.
	* src/vbox/vbox_tmpl.c: Likewise.
	* src/vbox/vbox_V3_2.c: Copy license notice from vbox_V3_1.c.
	* src/vbox/vbox_V4_0.c: Likewise.
	* src/vbox/vbox_V4_1.c: Likewise.
	* src/vbox/README: Mention copyright issues; this particular
	file contains no code and therefore does not need LGPL.

	maint: follow recommended practice for using LGPL
	https://www.gnu.org/licenses/gpl-howto.html states:
	You should also include a copy of the license itself somewhere in the
	distribution of your program. All programs, whether they are released
	under the GPL or LGPL, should include the text version of the GPL. In
	GNU programs the license is usually in a file called COPYING.
	If you are releasing your program under the LGPL, you should also
	include the text version of the LGPL, usually in a file called
	COPYING.LESSER. Please note that, since the LGPL is a set of
	additional permissions on top of the GPL, it's important to include
	both licenses so users have all the materials they need to understand
	their rights.
	* configure.ac (COPYING): No more games with non-git file.
	* COPYING: New file, copied from gnulib.
	* COPYING.LIB: Rename...
	* COPYING.LESSER: ...to this.
	* .gitignore: Track licenses in git.
	* cfg.mk (exclude_file_name_regexp--sc_copyright_address): Tweak
	rule.
	* libvirt.spec.in (daemon, client, python): Reflect rename.

	maint: use LGPL correctly
	Several files called out COPYING or COPYING.LIB instead of using
	the normal boilerplate.  It's especially important that we don't
	call out COPYING from an LGPL file, since COPYING is traditionally
	used for the GPL.  A few files were lacking copyright altogether.
	* src/rpc/gendispatch.pl: Add missing copyright.
	* Makefile.nonreentrant: Likewise.
	* src/check-symfile.pl: Likewise.
	* src/check-symsorting.pl: Likewise.
	* src/driver.h: Likewise.
	* src/internal.h: Likewise.
	* tools/libvirt-guests.sh.in: Likewise.
	* tools/virt-pki-validate.in: Mention copyright in comment, not just code.
	* tools/virt-sanlock-cleanup.in: Likewise.
	* src/rpc/genprotocol.pl: Spell out license terms.
	* src/xen/xend_internal.h: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* Makefile.am: Likewise.
	* daemon/Makefile.am: Likewise.
	* docs/Makefile.am: Likewise.
	* docs/schemas/Makefile.am: Likewise.
	* examples/apparmor/Makefile.am: Likewise.
	* examples/domain-events/events-c/Makefile.am: Likewise.
	* examples/dominfo/Makefile.am: Likewise.
	* examples/domsuspend/Makefile.am: Likewise.
	* examples/hellolibvirt/Makefile.am: Likewise.
	* examples/openauth/Makefile.am: Likewise.
	* examples/python/Makefile.am: Likewise.
	* examples/systemtap/Makefile.am: Likewise.
	* examples/xml/nwfilter/Makefile.am: Likewise.
	* gnulib/lib/Makefile.am: Likewise.
	* gnulib/tests/Makefile.am: Likewise.
	* include/Makefile.am: Likewise.
	* include/libvirt/Makefile.am: Likewise.
	* python/Makefile.am: Likewise.
	* python/tests/Makefile.am: Likewise.
	* src/Makefile.am: Likewise.
	* tests/Makefile.am: Likewise.
	* tools/Makefile.am: Likewise.
	* configure.ac: Likewise.

2013-05-21  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: move the comments to the proper place
	The comments is for virLXCControllerSetupPrivateNS.

	LXC: fix memory leak in virLXCControllerSetupDevPTS
	We forgot to free the mount_options.

	LXC: remove unnecessary check on root filesystem
	After commit c131525bec5af248e3843224bc5ce8d6435760f0
	"Auto-add a root <filesystem> element to LXC containers on startup"
	for libvirt lxc, root must be existent.

2013-05-21  Michal Privoznik  <mprivozn@redhat.com>

	openvzDomainSetNetwork: use virCommand
	Currently, the openvzDomainSetNetwork function constructs an
	array of strings representing a command line for VZCTL binary.
	This is a overkill since our virCommand APIs can cover all the
	functionality. Moreover, the function is not following our
	structure where return value is set to -1 initially, and after
	all operations succeeded then it is set to zero.

2013-05-20  Osier Yang  <jyang@redhat.com>

	qemu: Add callback struct for qemuBuildCommandLine
	Since 0d70656afded, it starts to access the sysfs files to build
	the qemu command line (by virSCSIDeviceGetSgName, which is to find
	out the scsi generic device name by adpater:bus:target:unit), there
	is no way to work around, qemu wants to see the scsi generic device
	like "/dev/sg6" anyway.
	And there might be other places which need to access sysfs files
	when building qemu command line in future.
	Instead of increasing the arguments of qemuBuildCommandLine, this
	introduces a new callback for qemuBuildCommandLine, and thus tests
	can register their own callbacks for sysfs test input files accessing.
	* src/qemu/qemu_command.h: (New callback struct
	                            qemuBuildCommandLineCallbacks;
	                            extern buildCommandLineCallbacks)
	* src/qemu/qemu_command.c: (wire up the callback struct)
	* src/qemu/qemu_driver.c: (Use the new syntax of qemuBuildCommandLine)
	* src/qemu/qemu_hotplug.c: Likewise
	* src/qemu/qemu_process.c: Likewise
	* tests/testutilsqemu.[ch]: (Helper testSCSIDeviceGetSgName;
	                             callback struct testCallbacks;)
	* tests/qemuxml2argvtest.c: (Use testCallbacks)
	* src/tests/qemuxmlnstest.c: (Like above)

	storage_conf: Improve the coding style in storage_conf.h
	Changes:
	  * Remove useless comments
	  * Remove useless blank lines
	  * If the struct member is a enum type, comment it like
	    /* enum fooBar */
	  * Break the long lines
	  * Prefer the common function style for the inline function

	storage_conf: Fix indentions in storage_conf.c
	Uses the 4 spaces for indention.

	storage_conf: Fix the coding stype in storage_conf.c
	Changes:
	  * Remove the useless space in "for" statement (e.g.
	    for (i = 0 ; i < something ; i++)
	  * Change the function's style to:
	    void
	    foo(bar)
	    {
	        printf("foo is not bar\n");
	    }
	  * Don't lose "{}" for "if...else" branches if one of the branch
	    has more than one line block. Example of the old ones:
	    if (a) {
	        printf("a is not funny");
	    } else
	        printf("a is funny");
	  * Remove the 1 space before "goto" label.
	  * Remove the useless blank line(s)
	  * Add blank line if it can make the code more clear to eyes.

	qemu: Abstract code for cpuset controller setting into a helper

	qemu: Abstract code for devices controller setting into a helper

	qemu: Abstract code for memory controller setting into a helper

	qemu: Abstract the code for blkio controller setting into a helper

2013-05-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix error reporting in esxVI_LookupManagedObjectHelper
	As the name parameter can be NULL the error message can only contain it
	conditionally.

2013-05-18  Daniel P. Berrange  <berrange@redhat.com>

	Add missing c-ctype.h to virfile.c
	The virfile.c file uses c_isalpha on Win32 platforms, so must
	include c-ctype.h

	Add libvirt-daemon-vbox & libvirt-daemon-driver-vbox RPMs
	Now the VirtualBox driver is a loadable module, it needs
	to live in its own sub-RPM

	Include GNULIB mkdtemp module
	The mkdtemp function is missing on mingw platforms. It is
	used in various Linux specific places in libvirt, but
	recently became used in fdstreamtest.c which is cross
	platform. Thus the GNULIB mkdtemp module should be used
	to provide mkdtemp.

	Set PKG_CONFIG_LIBDIR in autobuild.sh
	If PKG_CONFIG_LIBDIR is not set when doing mingw32/64 builds,
	then pkg-config may silently fallback to native versions of
	libraries, with predictably bad results. Setting PKG_CONFIG_LIBDIR
	forces it to only consider the mingw32/64 libraries.

2013-05-17  Eric Blake  <eblake@redhat.com>

	docs: add another user
	Described here:
	https://www.redhat.com/archives/libvir-list/2013-May/msg01329.html
	* docs/apps.html.in: Mention Cracow Cloud One.

2013-05-17  Guannan Ren  <gren@redhat.com>

	qemu: report useful error failling to destroy domain gracefully
	Resolves:https://bugzilla.redhat.com/show_bug.cgi?id=927620
	 #kill -STOP `pidof qemu-kvm`
	 #virsh destroy $guest --graceful
	 error: Failed to destroy domain testVM
	 error: An error occurred, but the cause is unknown
	With --graceful, SIGTERM always is emitted to kill driver
	process, but it won't success till burning out waiting time
	in case of process being stopped.
	But domain destroy without --graceful can work, SIGKILL will
	be emitted to the stopped process after 10 secs which always
	kills a process even one that is currently stopped.
	So report an error after burning out waiting time in this case.

2013-05-17  Osier Yang  <jyang@redhat.com>

	qemu: Check conflicts for shared scsi host device
	Just like previous patches, this changes qemuCheckSharedDisk
	into qemuCheckSharedDevice, which takes a virDomainDeviceDefPtr
	argument instead.

2013-05-17  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	test: fix VPATH fchosttest failure
	Running make check in a VPATH configured build directory fails
	in fchosttest as the test data files are searched for relative to
	the current working directory.

2013-05-17  Daniel P. Berrange  <berrange@redhat.com>

	Re-add selinux/selinux.h to lxc_container.c
	Re-add the selinux header to lxc_container.c since other
	functions now use it, beyond the patch that was just
	reverted.

	Fix failure to detect missing cgroup partitions
	Change bbe97ae968eba60b71e0066d49f9fc909966d9d6 caused the
	QEMU driver to ignore ENOENT errors from cgroups, in order
	to cope with missing /proc/cgroups. This is not good though
	because many other things can cause ENOENT and should not
	be ignored. The callers expect to see ENXIO when cgroups
	are not present, so adjust the code to report that errno
	when /proc/cgroups is missing

	Revert "Change label of fusefs mounted at /proc/meminfo in lxc containers"
	This reverts commit 940c6f1085c3aafced51152b17a044af8c42b16e.

2013-05-17  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix leaking libxl events
	libxl expects the event handler to free the event passed to it.  From
	libxl_event.h:
	   event becomes owned by the application and must be freed, either
	   by event_occurs or later

	libxl: fix build with Xen4.3
	Xen 4.3 fixes a mistake in the libxl event handler signature where the
	event owned by the application was defined as const.  Detect this and
	define the libvirt libxl event handler signature appropriately.

2013-05-17  Ján Tomko  <jtomko@redhat.com>

	schema: make source optional in volume XML
	We don't parse it anyway.
	https://bugzilla.redhat.com/show_bug.cgi?id=893273

	schema: require target path in storage pool xml
	Make target path mandatory for pool types that require target,
	since we refuse to parse a target without a path.
	https://bugzilla.redhat.com/show_bug.cgi?id=893273

2013-05-17  Osier Yang  <jyang@redhat.com>

	qemu: Change values of disk discard
	QEMU might support more values for "-drive discard", so using Bi-state
	values (on/off) for it doesn't make sense.
	"on" maps to "unmap", "off" maps to "ignore":
	<...>
	@var{discard} is one of "ignore" (or "off") or "unmap" (or "on") and
	controls whether @dfn{discard} (also known as @dfn{trim} or @dfn{unmap})
	requests are ignored or passed to the filesystem.  Some machine types
	may not support discard requests.
	</...>

2013-05-17  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Implement support for locking domain's memory pages

	Add support for locking domain's memory pages
	The following XML configuration can be used to request all domain's
	memory pages to be kept locked in host's memory (i.e., domain's memory
	pages will not be swapped out):
	      <memoryBacking>
	        <locked/>
	      </memoryBacking>

	Fix build with VirtualBox
	Commit ba5f3c7c moved vbox driver into libvirtd but forgot to adapt
	daemon's Makefile.am.

2013-05-17  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Fix cgroup handling when setting VCPU BW
	Commit 632f78c introduced a regression which causes schedinfo being
	unable to set some parameters.  When migrating to priv->cgroup there
	was missing variable left out and due to passed NULL to underlying
	function, the setting failed.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=963592

2013-05-17  Osier Yang  <jyang@redhat.com>

	qemu: Set unpriv_sgio for scsi host device

	qemu: Refactor qemuSetUnprivSGIO to support scsi host device
	Just like what previous patches do, it refactors qemuSetUnprivSGIO
	to take the virDomainDeviceDefPtr as argument instead.

	qemu: Move qemuSetUnprivSGIO into qemu_conf.c
	unpriv_sgio setting is tight with the shared device helpers, let's
	put them together in qemu_conf.c

	conf: Introduce sgio for hostdev
	"sgio" is only valid for scsi host device.

	Rename virDomainDiskSGIO to virDomainDeviceSGIO
	SCSI host device will also support "sgio", and perhaps we could
	use "sgio" in other places too in future, renaming the enum to
	reuse.

	qemu: Manage shared device entry for scsi host device
	This adds the shared device entry when starting domain (more
	exactly, when preparing host devices), and remove the entry
	when destroying domain (when reattaching host devices).

	qemu: Refactor the helpers to track shared scsi host device
	This changes the helpers qemu{Add,Remove}SharedDisk into
	qemu{Add,Remove}SharedDevice, as most of the code in the helpers
	can be reused for scsi host device.
	To track the shared scsi host device, first it finds out the
	device path (e.g. /dev/s[dr]*) which is mapped to the sg device,
	and use device ID of the found device path (/dev/s[dr]*) as the
	hash key. This is because of the device ID is not unique between
	between /dev/s[dr]* and /dev/sg*, e.g.
	% sg_map
	/dev/sg0  /dev/sda
	/dev/sg1  /dev/sr0
	% ls -l /dev/sda
	brw-rw----. 1 root disk 8, 0 May  2 19:26 /dev/sda
	%ls -l /dev/sg0
	crw-rw----. 1 root disk 21, 0 May  2 19:26 /dev/sg0

2013-05-16  Osier Yang  <jyang@redhat.com>

	utils: Add a helper to get the device name that sg device mapped to
	E.g.
	% sg_map
	/dev/sg0  /dev/sda
	/dev/sg1  /dev/sr0
	What the helper gets for /dev/sg0 is /dev/sda, it will be used by
	later patch.

	qemu: Rename qemu_driver->sharedDisks to qemu_driver->sharedDevices
	"Shared disk" is not only the thing we should care about after "scsi
	hostdev" is introduced. A same scsi device can be used as "disk" for
	one domain, and as "scsi hostdev" for another domain at the same time.
	That's why this patch renames qemu_driver->sharedDisks. Related functions
	and structs are also renamed.

	conf: Introduce <shareable> for hostdev
	Unlike disk device, the scsi-generic always writethrough the data,
	so no need to introduce a "cache" tag, and set "cache=off".

2013-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Don't mount selinux fs in LXC if selinux is disabled
	Before trying to mount the selinux filesystem in a container
	use is_selinux_enabled() to check if the machine actually
	has selinux support (eg not booted with selinux=0)

	Move VirtualBox driver into libvirtd
	Change the build process & driver initialization so that the
	VirtualBox driver is built into libvirtd, instead of libvirt.so
	This change avoids the VirtualBox GPLv2-only license causing
	compatibility problems with libvirt.so which is under the
	GPLv2-or-later license.
	NB this change prevents use of the VirtualBox driver on the
	Windows platform, until such time as libvirtd can be made
	to work there.

	Fix LXC startup when /var/run is an absolute symlink
	During startup, the LXC driver uses paths such as
	  /.oldroot/var/run/libvirt/lxc/...
	to access directories from the previous root filesystem
	after doing a pivot_root(). Unfortunately if /var/run
	is an absolute symlink to /run, instead of a relative
	symlink to ../run, these paths break.
	At least one Linux distro is known to use an absolute
	symlink for /var/run, so workaround this, by resolving
	all symlinks before doing the pivot_root().

2013-05-16  Osier Yang  <jyang@redhat.com>

	conf: Fix the bug of disk->copy_on_read formating
	The reason for it's not exposed for such long time is that the
	enums for VirtioEventIdx and CopyOnReadType have same enum values
	and Correspondingstrings. This fixes the bug and adds test.

2013-05-16  Ján Tomko  <jtomko@redhat.com>

	datatypes: fix virGetStoragePool's comment

	daemon: fix leak after listing all volumes
	CVE-2013-1962
	remoteDispatchStoragePoolListAllVolumes wasn't freeing the pool.
	The pool also held a reference to the connection, preventing it from
	getting freed and closing the netcf interface driver, which held two
	sockets open.

2013-05-16  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Fix crash in migration of graphics-less guests.
	Commit 7f15ebc7a2b599ab10dbc15bca6f823591213e67 introduced a bug
	happening when guests without a <graphics> element are migrated.
	The initialization of listenAddress happens unconditionally
	from the cookie even if the cookie->graphics pointer was NULL.
	Moved the initialization to where it is safe.

2013-05-16  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix check-driverimpls in VPATH
	DRIVER_SOURCE_FILES mixes files with absolute path (inherited from
	REMOTE_DRIVER_GENERATED) with file paths that are relative to srcdir but
	check-driverimpls.pl needs full paths.

	util: Fix build without devmapper
	stdlib.h header file needed for getenv was only transitively included
	through libdevmapper.h.

2013-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Expand documentation for LXC driver
	Update the LXC driver documentation to describe the way
	containers are setup by default. Also describe the common
	virsh commands for managing containers and a little about
	the security. Placeholders for docs about configuring
	containers still to be filled in.

2013-05-16  Osier Yang  <jyang@redhat.com>

	conf: Improve the coding style
	Add spaces around "<<", and remove the useless blank-line.

2013-05-16  Eric Blake  <eblake@redhat.com>

	string: test VIR_STRDUP
	The surest way to avoid regressions is to test documented behavior :)
	* tests/virstringtest.c (testStrdup): New test case.

2013-05-16  Guannan Ren  <gren@redhat.com>

	virsh: lookup interface by name or mac other than one by one
	Use virMacAddrParse() to distinguish interface name from interface
	mac address.

2013-05-16  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: check for inverted ctdir
	Linux netfilter at some point (Linux 2.6.39) inverted the meaning of the
	'--ctdir reply' and newer netfilter implementations now expect
	'--ctdir original' instead and vice-versa.
	We check for the kernel version and assume that all Linux kernels with version
	2.6.39 have the newer inverted logic.
	Any distro backporting the Linux kernel patch that inverts the --ctdir logic
	(Linux commit 96120d86f) must also backport this patch for Linux and
	adapt the kernel version being tested for.

2013-05-16  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	FreeBSD: disable buggy -fstack-protector-all
	FreeBSD ships an old gcc 4.2.1 which generates
	bogus code, e.g. getsockopt() call returns
	struct xucred with bogus values, which doesn't even
	allow to connect to libvirtd:
	error: Failed to find group record for gid '1284660778': No error: 0
	So roll back to just -fstack-protector on FreeBSD.

2013-05-16  John Ferlan  <jferlan@redhat.com>

	Adjust improperly formatted <sysinfo> uuid
	If the <sysinfo> system table 'uuid' field is improperly formatted,
	then qemu will fail to start the guest with the error:
	virsh start dom
	error: Failed to start domain dom
	error: internal error process exited while connecting to monitor: Invalid SMBIOS UUID string
	This was because the parsing rules were lax with respect to allowing extraneous
	spaces and dashes in the provided UUID.  As long as there were 32 hexavalues
	that matched the UUID for the domain the string was accepted. However startup
	failed because the string format wasn't correct. This patch will adjust the
	string format so that when it's presented to the driver it's in the expected
	format.
	Added a test for uuid comparison within sysinfo.

	Validate the bios_date format for <sysinfo>
	Add incorrectly formatted bios_date validation test

	docs: Fix/update syntax in Sysinfo/SMBIOS description

2013-05-15  Dan Walsh  <dwalsh@redhat.com>

	Change label of fusefs mounted at /proc/meminfo in lxc containers
	We do not want to allow contained applications to be able to read fusefs_t.
	So we want /proc/meminfo label to match the system default proc_t.
	Fix checking of error codes

2013-05-15  Daniel P. Berrange  <berrange@redhat.com>

	Remove obsolete skipRoot flag in LXC driver
	The lxcContainerMountAllFS method had a 'bool skipRoot'
	flag to control whether it mounts the / filesystem. Since
	removal of the non-pivot root container setup codepaths,
	this flag is obsolete as the only caller always passes
	'true'.

	Stop passing around old root directory prefix
	Many methods accept a string parameter specifying the
	old root directory prefix. Since removal of the non-pivot
	root container setup codepaths, this parameter is obsolete
	in many methods where the callers always pass "/.oldroot".

	Remove obsolete pivotRoot flag in LXC driver
	The lxcContainerMountBasicFS method had a 'bool pivotRoot'
	flag to control whether it mounted a private /dev. Since
	removal of the non-pivot root container setup codepaths,
	this flag is obsolete as the only caller always passes
	'true'.

2013-05-15  Christophe Fergeau  <cfergeau@redhat.com>

	storage: Ensure 'qemu-img resize' size arg is a 512 multiple
	qemu-img resize will fail with "The new size must be a multiple of 512"
	if libvirt doesn't round it first.
	This fixes rhbz#951495

2013-05-15  Osier Yang  <jyang@redhat.com>

	qemu: Support discard for disk
	QEMU introduced "discard" option for drive since commit a9384aff53,
	<...>
	@var{discard} is one of "ignore" (or "off") or "unmap" (or "on") and
	controls whether @dfn{discard} (also known as @dfn{trim} or @dfn{unmap})
	requests are ignored or passed to the filesystem.  Some machine types
	may not support discard requests.
	</...>
	This patch exposes the support in libvirt.
	QEMU supported "discard" for "-drive" since v1.5.0-rc0:
	% git tag --contains a9384aff53
	contains
	v1.5.0-rc0
	v1.5.0-rc1
	So this only detects the capability bit using virQEMUCapsProbeQMPCommandLine.

2013-05-15  John Ferlan  <jferlan@redhat.com>

	docs: Update formatdomain for lifecycle events

	Handle the domain event 'on_reboot' and 'on_poweroff' settings

	Adjust comments to describe on_poweroff and on_reboot action

	Adjust usage of qemu -no-reboot and -no-shutdown options
	During building of the qemu command line determine whether to add/use the
	'-no-reboot' option only if each of the 'on' events want to to destroy
	the domain; otherwise, use the '-no-shutdown' option.
	Prior to this change both could be on the command line, which while allowed
	could be construed as a conflict.

2013-05-15  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Add VNC WebSocket support
	Adding a VNC WebSocket support for QEMU driver.  This functionality is
	in upstream qemu from commit described as v1.3.0-982-g7536ee4, so the
	capability is being recognized based on QEMU version for now.

	Add VNC WebSocket support
	Adding support for new attribute 'websocket' in the '<graphics>'
	element, the attribute value is the port to listen on with '-1'
	meaning auto-allocation, '0' meaning no websockets.

2013-05-15  Osier Yang  <jyang@redhat.com>

	tests: Sort the EXTRA_DIST list
	Commit 1cc8259bfe17 fixes the build failure, but forgot to keep the
	list alphanumeric sorted.

	qemu: New XML to disable memory merge at guest startup
	QEMU introduced command line "-mem-merge=on|off" (defaults to on) to
	enable/disable the memory merge (KSM) at guest startup. This exposes
	it by new XML:
	  <memoryBacking>
	    <nosharepages/>
	  </memoryBacking>
	The XML tag is same with what we used internally for old RHEL.

2013-05-15  Eric Blake  <eblake@redhat.com>

	qemu: detect -machine mem-merge capability
	* src/qemu/qemu_capabilities.h: New capability bit.
	* src/qemu/qemu_capabilities.c (virQEMUCapsProbeQMPCommandLine): New
	function, based on qemuMonitorGetCommandLineOptionParameters, which was
	introduced by commit bd56d0d813; use it to set new capability bit.
	(virQEMUCapsInitQMP): Use new function.

	spec: fix outdated comment
	https://bugzilla.redhat.com/show_bug.cgi?id=963016 points out that
	we don't use initscripts by default on Fedora any more.
	* libvirt.spec.in (Requires): Better explanation of gettext.

2013-05-15  Daniel P. Berrange  <berrange@redhat.com>

	Rename rbd-invalid.xml to rbd-no-colon.xml
	Files ending in -invalid.xml are expected to violate the
	XML schema check. The RBD file does not so must have a
	different filename.

2013-05-15  Osier Yang  <jyang@redhat.com>

	tests: Add fchostdata in EXTRA_DIST
	Pushed under build-breaker rule.

	virsh: Pretty the output of qemu-agent-command
	This adds a new option "--pretty" for qemu-agent-command, to
	pretty-format the returned JSON string.

	virsh: Use vshPrint instead of printf

2013-05-15  Martin Kletzander  <mkletzan@redhat.com>

	Fix invalid argument reference in virnetdev.h
	Commit ccff335f added ATTRIBUTE_NONNULL for an attribute which is not
	a pointer and made files including virnetdev.h not compilable, so fix
	that.

2013-05-14  Daniel P. Berrange  <berrange@redhat.com>

	Forbid use of ':' in RBD pool names
	The QEMU command line syntax for RBD disks is
	   file=rbd:pool/image:opt1=val1:opt2=val2...
	There is no way to escape the ':' if it appears in the
	pool or image name. Thus it must be explicitly forbidden
	if it occurs in the libvirt XML. People are known to
	be abusing the lack of escaping in current libvirt to
	pass arbitrary args to QEMU.

	Don't duplicate compiler warning flags when linking
	Automake already passes all CFLAGS to the linker too, so it
	is not necessary to set WARN_LDFLAGS in addition to the
	WARN_CFLAGS variable.

	Only pass -export-dynamic to linker, not compiler
	Clang does not like the -export-dynamic flag. The compiler does
	not need it in the first place, so we can avoid the problem by
	only setting it for the linker

	Correctly detect warning flags with clang
	Clang will happily claim to support any warning flags
	unless the -Werror and -Wunknown-warning-option flags
	are set. Thus we need to make sure these are set when
	testing for clags.
	We must also set the clang specific warning flags
	-Wno-unused-command-line-argument to avoid a warning
	from the ssp-buffer-size flag when linking .o files.

	Ignore cast alignment warnings in inotify code for Xen.
	The inotify Xen code causes a cast alignment warning, but this
	is harmless since the kernel inotify interface will ensure
	sufficient alignment of the inotify structs in the buffer being
	read

	Workaround issue with clang and inline functions with static vars
	Clang does not like it when you pass a static variable to an
	inline function
	 vircgroupmock.c:462:22: error: static variable 'fakesysfsdir' is
	  used in an inline function with external linkage [-Werror,-Wstatic-in-inline]
	Just make the var non-static to avoid this

	Ensure consistent enablement of gcc 'diagnostic' pragma
	The virt-compile-warnings.m4 file would do an explicit
	check for whether the compile could use the 'diagnostic'
	pragma push/pop feature. The src/internal.h file would
	then only enable it for GCC >= 4.6
	This breaks with clang which supports the pragma but
	does not claim GCC 4.6 compat. Export a variable from
	the m4 check to the header file so they are consistent.

2013-05-14  Osier Yang  <jyang@redhat.com>

	docs: Fix the wrong links in secret documentation
	docs/formatsecret.html.in: (s/domain\.html/formatdomain\.html/g)

	docs: Add the missed usage type 'iscsi'
	Pushed under trivial rule.

2013-05-14  Eric Blake  <eblake@redhat.com>

	qemu: fix bad free
	Commit bd56d0d8 could lead to freeing an uninitialized pointer:
	qemu/qemu_monitor_json.c: In function 'qemuMonitorJSONGetCommandLineOptionParameters':
	qemu/qemu_monitor_json.c:4284: warning: 'cmd' may be used uninitialized in this function
	* src/qemu/qemu_monitor_json.c
	(qemuMonitorJSONGetCommandLineOptionParameters): Initialize variable.

2013-05-14  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	build: avoid gcrypt deprecation warnings
	When combining old gcc (4.2.1) and new gcrypt (1.5.2), such as
	when using the Ports repository on FreeBSD, the build fails with:
	  CC       libvirt_driver_la-libvirt.lo
	cc1: warnings being treated as errors
	In file included from libvirt.c:58:
	/usr/local/include/gcrypt.h:1336: warning: 'gcry_ac_io_mode_t' is deprecated [-Wdeprecated-declarations]
	Relevant part of gcrypt.h:
	1333 typedef struct gcry_ac_io
	1334 {
	1335   /* This is an INTERNAL structure, do NOT use manually.  */
	1336   gcry_ac_io_mode_t mode _GCRY_ATTR_INTERNAL;
	1337   gcry_ac_io_type_t type _GCRY_ATTR_INTERNAL;
	1338   union
	The sad part is that we aren't even using the deprecated symbols - their
	mere inclusion in the installed header is provoking the problems.  It
	looks like newer gcc is a bit more tolerant (that is, this is a
	shortcoming of FreeBSD's use of an older compiler).

2013-05-14  Eric Blake  <eblake@redhat.com>

	qemu: query command line options in QMP
	Ever since the conversion to using only QMP for probing features
	of qemu 1.2 and newer, we have been unable to detect features
	that are added only by additional command line options.  For
	example, we'd like to know if '-machine mem-merge=on' (added
	in qemu 1.5) is present.  To do this, we will take advantage
	of qemu 1.5's query-command-line-parameters QMP call [1].
	This patch wires up the framework for probing the command results;
	if the QMP command is missing, or if a particular command line
	option does not output any parameters (for example, -net uses
	a polymorphic parser, which showed up as no parameters as of qemu
	1.5), we silently treat that command as having no results.
	[1] https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05180.html
	* src/qemu/qemu_monitor.h (qemuMonitorGetOptions)
	(qemuMonitorSetOptions)
	(qemuMonitorGetCommandLineOptionParameters): New functions.
	* src/qemu/qemu_monitor_json.h
	(qemuMonitorJSONGetCommandLineOptionParameters): Likewise.
	* src/qemu/qemu_monitor.c (_qemuMonitor): Add cache field.
	(qemuMonitorDispose): Clean it.
	(qemuMonitorGetCommandLineOptionParameters): Implement new function.
	* src/qemu/qemu_monitor_json.c
	(qemuMonitorJSONGetCommandLineOptionParameters): Likewise.
	(testQemuMonitorJSONGetCommandLineParameters): Test it.

	qemu: simplify string cleanup
	No need to open code a string list cleanup, if we are nice
	to the caller by guaranteeing a NULL-terminated result.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetCPUDefinitions)
	(qemuMonitorJSONGetCommands, qemuMonitorJSONGetEvents)
	(qemuMonitorJSONGetObjectTypes, qemuMonitorJSONGetObjectProps):
	Use simpler cleanup.

	qemu: use bool in monitor struct
	Follows on the heels of other bool cleanups, such as commit 93002b98.
	* src/qemu/qemu_monitor.h (qemuMonitorOpen, qemuMonitorOpenFD):
	Update json parameter type.
	* src/qemu/qemu_monitor.c (qemuMonitorOpen, qemuMonitorOpenFD):
	Likewise.
	(_qemuMonitor): Adjust field type.
	* src/qemu/qemu_domain.h (_qemuDomainObjPrivate): Likewise.
	* src/qemu/qemu_domain.c (qemuDomainObjPrivateXMLParse): Adjust
	client.
	* src/qemu/qemu_process.c (qemuProcessStart): Likewise.
	* tests/qemumonitortestutils.c (qemuMonitorTestNew): Likewise.

	json: support removing a value from an object
	In an upcoming patch, I need the way to safely transfer a nested
	virJSON object out of its parent container for independent use,
	even after the parent is freed.
	* src/util/virjson.h (virJSONValueObjectRemoveKey): New function.
	(_virJSONObject, _virJSONArray): Use correct type.
	* src/util/virjson.c (virJSONValueObjectRemoveKey): Implement it.
	* src/libvirt_private.syms (virjson.h): Export it.
	* tests/jsontest.c (mymain): Test it.

2013-05-14  Gene Czarcinski  <gene@czarc.net>

	Support for static routes on a virtual bridge
	network: static route support for <network>
	This patch adds the <route> subelement of <network> to define a static
	route.  the address and prefix (or netmask) attribute identify the
	destination network, and the gateway attribute specifies the next hop
	address (which must be directly reachable from the containing
	<network>) which is to receive the packets destined for
	"address/(prefix|netmask)".
	These attributes are translated into an "ip route add" command that is
	executed when the network is started. The command used is of the
	following form:
	  ip route add <address>/<prefix> via <gateway> \
	               dev <virbr-bridge> proto static metric <metric>
	Tests are done to validate that the input data are correct.  For
	example, for a static route ip definition, the address must be a
	network address and not a host address.  Additional checks are added
	to ensure that the specified gateway is directly reachable via this
	network (i.e. that the gateway IP address is in the same subnet as one
	of the IP's defined for the network).
	prefix='0' is supported for both family='ipv4' address='0.0.0.0'
	netmask='0.0.0.0' or prefix='0', and for family='ipv6' address='::',
	prefix=0', although care should be taken to not override a desired
	system default route.
	Anytime an attempt is made to define a static route which *exactly*
	duplicates an existing static route (for example, address=::,
	prefix=0, metric=1), the following error message will be sent to
	syslog:
	    RTNETLINK answers: File exists
	This can be overridden by decreasing the metric value for the route
	that should be preferred, or increasing the metric for the route that
	shouldn't be preferred (and is thus in place only in anticipation that
	the preferred route may be removed in the future).  Caution should be
	used when manipulating route metrics, especially for a default route.
	Note: The use of the command-line interface should be replaced by
	direct use of libnl so that error conditions can be handled better.  But,
	that is being left as an exercise for another day.

2013-05-14  Eric Blake  <eblake@redhat.com>

	build: avoid shadowed variable in fdstreamtest
	On RHEL 6.4 (gcc 4.4.7), I got:
	fdstreamtest.c: In function 'testFDStreamReadCommon':
	fdstreamtest.c:44: error: declaration of 'tmpfile' shadows a global declaration [-Wshadow]
	* tests/fdstreamtest.c (testFDStreamReadCommon)
	(testFDStreamWriteCommon): Rename 'tmpfile' variable.

2013-05-14  Daniel P. Berrange  <berrange@redhat.com>

	Don't overwrite useful message when creating macvlan fails
	Currently we report a bogus error message when macvlan
	creation fails:
	error: Failed to start domain migtest
	error: operation failed: Unable to create macvlan device
	With this removed, we see the real error:
	error: Failed to start domain migtest
	error: Unable to get index for interface p31p1: No such device

	Remove & ban use of select() for waiting for I/O
	Use of the select() system call is inherantly dangerous since
	applications will hit a buffer overrun if any FD number exceeds
	the size of the select set size (typically 1024). Replace the
	two uses of select() with poll() and use cfg.mk to ban any
	future use of select().
	NB: This changes the phyp driver so that it uses an infinite
	timeout, instead of busy-waiting for 1ms at a time.

2013-05-14  Han Cheng  <hanc.fnst@cn.fujitsu.com>

	qemu: Add hotplug support for scsi host device
	This adds both attachment and detachment support for scsi host
	device.

2013-05-13  Jim Fehlig  <jfehlig@suse.com>

	Fix starting domains when kernel has no cgroups support
	Found that I was unable to start existing domains after updating
	to a kernel with no cgroups support
	  # zgrep CGROUP /proc/config.gz
	  # CONFIG_CGROUPS is not set
	  # virsh start test
	  error: Failed to start domain test
	  error: Unable to initialize /machine cgroup: Cannot allocate memory
	virCgroupPartitionNeedsEscaping() correctly returns errno (ENOENT) when
	attempting to open /proc/cgroups on such a system, but it was being
	dropped in virCgroupSetPartitionSuffix().
	Change virCgroupSetPartitionSuffix() to propagate errors returned by
	its callees.  Also check for ENOENT in qemuInitCgroup() when determining
	if cgroups support is available.

2013-05-13  Ján Tomko  <jtomko@redhat.com>

	.gitignore: add fchosttest

2013-05-13  Osier Yang  <jyang@redhat.com>

	qemu: Refactor helpers for USB device attachment
	It's better to put the usb related codes into qemuDomainAttachHostUsbDevice
	instead of qemuDomainAttachHostDevice.
	And in the old qemuDomainAttachHostDevice, just stealing the "usb" from
	driver->activeUsbHostdevs leaks the memory.

2013-05-13  Daniel P. Berrange  <berrange@redhat.com>

	Escaping leading '.' in cgroup names
	Escaping a leading '.' with '_' in the cgroup names

2013-05-13  Han Cheng  <hanc.fnst@cn.fujitsu.com>

	qemu: Introduce activeScsiHostdevs list for scsi host devices
	Although virtio-scsi supports SCSI PR (Persistent Reservations),
	the device on host may do not support it. To avoid losing data,
	Just like PCI and USB pass through devices, only one live guest
	is allowed per SCSI host pass through device."

2013-05-13  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/vbox/*

2013-05-13  Daniel P. Berrange  <berrange@redhat.com>

	Support NBD backed disks/filesystems in LXC driver
	The LXC driver can already configure <disk> or <filesystem>
	devices to use the loop device. This extends it to also allow
	for use of the NBD device, to support non-raw formats.

	Add 'nbd' as a valid filesystem driver type
	The <filesystem> element can now accept a <driver type='nbd'/>
	as an alternative to 'loop'. The benefit of NBD is support
	for non-raw disk image formats.

	Add a helper API for setting up a NBD device with qemu-nbd
	Add a virFileNBDDeviceAssociate method, which given a filename
	will setup a NBD device, using qemu-nbd as the server.

	Fix error handling of readdir() in virFileLoopDeviceOpen
	To correctly handle errors from readdir() you must set 'errno'
	to zero before invoking it & check its value afterwards to
	distinguish error from EOF.

	Re-arrange code setting up ifs/disk loop devices for LXC
	The current code for setting up loop devices to LXC disks first
	does a switch() based on the disk format, then looks at the
	disk driver name. Reverse this so it first looks at the driver
	name, and then the disk format. This is more useful since the
	list of supported disk formats depends on what driver is used.
	The code for setting loop devices for LXC fs entries also needs
	to have the same logic added, now the XML schema supports this.

	Add support for storage format in FS <driver>
	Extend the <driver> element in filesystem devices to
	allow a storage format to be set. The new attribute
	uses 'format' to reflect the storage format. This is
	different from the <driver> element in disk devices
	which use 'type' to reflect the storage format. This
	is because the 'type' attribute on filesystem devices
	is already used for the driver backend, for which the
	disk devices use the 'name' attribute. Arggggh.
	Anyway for disks we have
	   <driver name="qemu" type="raw"/>
	And for filesystems this change means we now have
	   <driver type="loop" format="raw"/>

2013-05-13  Michal Privoznik  <mprivozn@redhat.com>

	security_apparmor.c: Include virscsi.h
	After introducing AppArmorSetSecuritySCSILabel() in 2691cd5f
	we are using virSCSIDevicePtr type without proper include.

2013-05-13  Osier Yang  <jyang@redhat.com>

	security: Manage the security label for scsi host device
	To not introduce more redundant code, helpers are added for
	both "selinux", "dac", and "apparmor" backends.
	v2.5 - v3:
	  * Splitted from 8/10 of v2.5
	  * Don't forget the other backends (DAC, and apparmor)

2013-05-13  Han Cheng  <hanc.fnst@cn.fujitsu.com>

	qemu: Allow the scsi-generic device in cgroup
	This adds the scsi-generic device into the device controller's
	whitelist, so that it's allowed to used by the qemu process.

2013-05-13  Osier Yang  <jyang@redhat.com>

	qemu: Support bootindex for scsi host device

2013-05-13  Daniel P. Berrange  <berrange@redhat.com>

	Add docs about cgroups layout and usage
	Describe the new cgroups layout, how to customize placement
	of guests and what virsh commands are used to access the
	parameters.

2013-05-13  Osier Yang  <jyang@redhat.com>

	Introduce <readonly> for hostdev
	Since it's generic enough to be used by other types in future, I
	put it in <hostdev> as sub-element, though now it's only used by
	scsi host device.

	rng: Interleave hostdev elements

2013-05-13  Han Cheng  <hanc.fnst@cn.fujitsu.com>

	qemu: Build qemu command line for scsi host device
	Except the scsi host device's controller is "lsilogic", mapping
	between the libvirt attributes and scsi-generic properties is:
	  libvirt     qemu
	-----------------------------------------
	  controller  bus ($libvirt_controller.0)
	  bus         channel
	  target      scsi-id
	  unit        lun
	For scsi host device with "lsilogic" controller, the mapping is:
	('target (libvirt)' must be 0, as it's not used; 'unit (libvirt)
	must <= 7).
	  libvirt            qemu
	----------------------------------------------------------
	  controller && bus  bus ($libvirt_controller.$libvirt_bus)
	  unit               scsi-id
	It's not good to hardcode/hard-check limits of these attributes,
	and even worse, these limits are not documented, one has to find
	out by either testing or reading the qemu code, I'm looking forward
	to qemu expose limits like these one day). For example, exposing
	"max_target", "max_lun" for megasas:
	static const struct SCSIBusInfo megasas_scsi_info = {
	    .tcq = true,
	    .max_target = MFI_MAX_LD,
	    .max_lun = 255,
	    .transfer_data = megasas_xfer_complete,
	    .get_sg_list = megasas_get_sg_list,
	    .complete = megasas_command_complete,
	    .cancel = megasas_command_cancel,
	};
	Example of the qemu command line (lsilogic controller):
	  -drive file=/dev/sg2,if=none,id=drive-hostdev-scsi_host7-0-0-0 \
	  -device scsi-generic,bus=scsi0.0,scsi-id=8,\
	  drive=drive-hostdev-scsi_host7-0-0-0,id=hostdev-scsi_host7-0-0-0
	Example of the qemu command line (virtio-scsi controller):
	  -drive file=/dev/sg2,if=none,id=drive-hostdev-scsi_host7-0-0-0 \
	  -device scsi-generic,bus=scsi0.0,channel=0,scsi-id=128,lun=128,\
	  drive=drive-hostdev-scsi_host7-0-0-0,id=hostdev-scsi_host7-0-0-0

	utils: util functions for scsi hostdev
	This patch adds util functions for scsi hostdev.

	qemu: New cap flags for scsi-generic
	Adding two cap flags for scsi-generic:
	  QEMU_CAPS_SCSI_GENERIC
	  QEMU_CAPS_SCSI_GENERIC_BOOTINDEX

2013-05-13  Osier Yang  <jyang@redhat.com>

	node_device: Clean up unused macros
	All of these macros are now unused, so remove.

2013-05-13  Han Cheng  <hanc.fnst@cn.fujitsu.com>

	conf: Generic XMLs for scsi hostdev
	An example of the scsi hostdev XML:
	    <hostdev mode='subsystem' type='scsi'>
	      <source>
	        <adapter name='scsi_host0'/>
	        <address bus='0' target='0' unit='0'/>
	      </source>
	      <address type='drive' controller='0' bus='0' target='4' unit='8'/>
	    </hostdev>
	Controller is implicitly added for scsi hostdev, though the scsi
	controller's model defaults to "lsilogic", which might be not what
	the user wants (same problem exists for virtio-scsi disk). It's
	the existing problem, will be addressed later.
	The device address must be specified manually. Later patch will let
	libvirt generate it automatically.
	This only introduces the generic XMLs for scsi hostdev, later patches
	will add other elements, e.g. <readonly>, <shareable>.

2013-05-13  Osier Yang  <jyang@redhat.com>

	tests: Add tests for fc_host
	Since the NPIV machine is not easy to get, it's very likely to
	introduce regressions when doing changes on the existing code.
	This patch dumps part of the sysfs files (the necessary ones)
	of fc_host as test input data, to test the related util functions.
	It could be extended for more fc_host related testing in future.

	util: Honor the passed sysfs_prefix
	The helper works for default sysfs_prefix, but for user specified
	prefix, it doesn't work. (Detected when writing test cases. A later
	patch will add the test cases for fc_host).

	util: Update the comment for virGetFCHostNameByWWN
	The returned result is something like "host5" acutally.

	util: Change virIsCapable* to return bool
	Function name with "aIsB" generally means its return value is
	in Bi-state (true/false).

	util: Don't miss the slash in constructed path
	In case of the caller can pass a "prefix" (or "sysfs_prefix")
	without the trailing slash, and Unix-Like system always eats
	up the redundant "slash" in the filepath, let's add it explicitly.

	util: Fix regression introduced by commit 4360a098441
	Which refactored the old code, and introduced new helper
	virIsCapableVport, but the path for checking with access() is not
	correctly constructed.

	util: Fix regression of wwn reading
	Introduced by commit 244ce462e29, which refactored the helper for wwn
	reading, however, it forgot to change the old "strndup" and "sizeof(buf)",
	"sizeof(buf)" operates on the fixed length array ("buf") in the old code,
	but now "buf" is a pointer.
	Before the fix:
	% virsh nodedev-dumpxml scsi_host5
	<device>
	  <name>scsi_host5</name>
	  <parent>pci_0000_04_00_1</parent>
	  <capability type='scsi_host'>
	    <host>5</host>
	    <capability type='fc_host'>
	      <wwnn>2001001b</wwnn>
	      <wwpn>2101001b</wwpn>
	      <fabric_wwn>2001000d</fabric_wwn>
	    </capability>
	  </capability>
	</device>
	With the fix:
	% virsh nodedev-dumpxml scsi_host5
	<device>
	  <name>scsi_host5</name>
	  <parent>pci_0000_04_00_1</parent>
	  <capability type='scsi_host'>
	    <host>5</host>
	    <capability type='fc_host'>
	      <wwnn>0x2001001b32a9da4e</wwnn>
	      <wwpn>0x2101001b32a9da4e</wwpn>
	      <fabric_wwn>0x2001000dec9877c1</fabric_wwn>
	    </capability>
	  </capability>
	</device>

2013-05-11  Eric Blake  <eblake@redhat.com>

	build: fix use of mmap
	Commit bfe7721d introduced a regression, but only on platforms
	like FreeBSD that lack posix_fallocate and where mmap serves as
	a nice fallback for safezero.
	util/virfile.c: In function 'safezero':
	util/virfile.c:837: error: 'PROT_READ' undeclared (first use in this function)
	* src/util/virutil.c (includes): Move use of <sys/mman.h>...
	* src/util/virfile.c (includes): ...to the file that uses mmap.

	build: update to latest gnulib, for syntax-check
	This picks up a fix for a syntax-check weakness mentioned here:
	https://www.redhat.com/archives/libvir-list/2013-May/msg00811.html
	* .gnulib: Update to latest, for maint.mk improvement.

2013-05-11  Daniel P. Berrange  <berrange@redhat.com>

	Update hellolibvirt to demo virGetLastErrorMessage()
	Update the hellolibvirt example program to demonstrate use of
	the virGetLastErrorMessage() API for quick error reporting

	Add a test case for the fdstream file read/write code
	Add a test case which exercises the virFDStreamOpenFile
	and virFDStreamCreateFile methods. Ensure that both the
	synchronous and non-blocking iohelper code paths work.
	This validates the regression recently fixed which
	broke reading in non-blocking mode

	Allow the iohelper path to be customized by test programs
	Currently the fdstream function hardcodes the location
	of the iohelper to LIBEXECDIR "/libvirt_iohelper". This
	is not convenient when trying to write test cases which
	use this code. Add a virFDStreamSetIOHelper method to
	allow the test cases to point to the location of the
	un-installed iohelper binary.

	Add a virGetLastErrorMessage() function
	Apps using libvirt will often have code like
	   if (virXXXX() < 0) {
	      virErrorPtr err = virGetLastError();
	      fprintf(stderr, "Something failed: %s\n",
	              err && err->message ? err->message :
	              "unknown error");
	      return -1;
	   }
	Checking for a NULL error object or message leads to very
	verbose code. A virGetLastErrorMessage() helper from libvirt
	can simplify this to
	   if (virXXXX() < 0) {
	      fprintf(stderr, "Something failed: %s\n",
	              virGetLastErrorMessage());
	      return -1;
	   }

	Fix iohelper usage with streams opened for read
	In b2878ed860ceceec3cd6481424fed0b543b687cd we added the O_NOCTTY
	flag when opening files in the stream code. Unfortunately a later
	piece of code was comparing the flags == O_RDONLY, without masking
	out the non-access mode flags. This broke the iohelper when used
	with streams for read, since it caused us to attach the stream
	output pipe to the stream input FD instead of output FD :-(

	Cope with missing swap cgroup controls
	It is possible to build a kernel without swap cgroup controls
	present. This causes a fatal error when querying memory
	parameters. Treat missing swap controls as meaning "unlimited".
	The fatal error remains if the user tries to actually change
	the limit.

2013-05-11  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	portability: fix virNetDevSetMAC and virNetDevExists on BSD
	- provide virNetDevSetMAC() implementation based on SIOCSIFLLADDR
	  ioctl.
	- adjust virNetDevExists() to check for ENXIO error because
	  FreeBSD throws it when device doesn't exist

2013-05-11  Laine Stump  <laine@laine.org>

	util: move virFile* functions from virutil.c to virfile.c
	These all existed before virfile.c was created, and for some reason
	weren't moved.
	This is mostly straightfoward, although the syntax rule prohibiting
	write() had to be changed to have an exception for virfile.c instead
	of virutil.c.
	This movement pointed out that there is a function called
	virBuildPath(), and another almost identical function called
	virFileBuildPath(). They really should be a single function, which
	I'll take care of as soon as I figure out what the arglist should look
	like.

	util: fix virFileOpenAs return value and resulting error logs
	This resolves:
	     https://bugzilla.redhat.com/show_bug.cgi?id=851411
	     https://bugzilla.redhat.com/show_bug.cgi?id=955500
	The first problem was that virFileOpenAs was returning fd (-1) in one
	of the error cases rather than ret (-errno), so the caller thought
	that the error was EPERM rather than ENOENT.
	The second problem was that some log messages in the general purpose
	qemuOpenFile() function would always say "Failed to create" even if
	the caller hadn't included O_CREAT (i.e. they were trying to open an
	existing file).
	This fixes virFileOpenAs to jump down to the error return (which
	returns ret instead of fd) in the previously mentioned incorrect
	failure case of virFileOpenAs(), removes all error logging from
	virFileOpenAs() (since the callers report it), and modifies
	qemuOpenFile to appropriately use "open" or "create" in its log
	messages.
	NB: I seriously considered removing logging from all callers of
	virFileOpenAs(), but there is at least one case where the caller
	doesn't want virFileOpenAs() to log any errors, because it's just
	going to try again (qemuOpenFile()). We can't simply make a silent
	variation of virFileOpenAs() though, because qemuOpenFile() can't make
	the decision about whether or not it wants to retry until after
	virFileOpenAs() has already returned an error code.
	Likewise, I also considered changing virFileOpenAs() to return -1 with
	errno set on return, and may still do that, but only as a separate
	patch, as it obscures the intent of this patch too much.

2013-05-10  John Ferlan  <jferlan@redhat.com>

	Build breaker - requires VIR_FROM_THIS

2013-05-10  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/test/*

	virGetStorageVol: Don't ignore NULL pool name
	The function takes pool name as argument. However,
	it is not acceptable for it to be NULL. Hence, we
	should check it and report error in case it is.

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in tests/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/storage/*

2013-05-10  Jesse J. Cook  <jesse.j.cook@member.fsf.org>

	dom event example: Add error check to impl call
	Added error checking to virEventRegisterDefaultImpl call for consistency.

	dom event example: init before register event impl
	In the domain-events example C code virEventRegisterDefaultImpl was being
	called before virConnectOpen without first calling virInitialize. While this
	code worked, it is incorrect. Adding a call to g_string_new prior to the call
	to virEventRegisterDefaultImpl would cause the code to break. This fix will
	help avoid unintentional misue of the API.
	Relates to: Ret Hat Bugzilla - Bug 961155

2013-05-10  Peter Krempa  <pkrempa@redhat.com>

	conf: Fix typo in error message in ABI stability check
	s/vpu/vCPU/

2013-05-10  Eric Blake  <eblake@redhat.com>

	tests: use portable shell code
	'make check' fails since commit 470d5c46 on any system with dash
	as /bin/sh, because '<<<' is a bash extension.  For example:
	nwfilterschematest: 23: /home/eblake/libvirt/tests/schematestutils.sh: Syntax error: redirection unexpected
	Also, there is no need to spawn a grep process when shell globbing
	can do the same.
	* tests/schematestutils.sh: Replace bashism and subprocess with a
	faster and portable construct.

2013-05-10  Daniel P. Berrange  <berrange@redhat.com>

	Replace 'goto clean' with 'goto cleanup' in apparmor code
	Some of the apparmor code files did not follow the normal
	goto label naming pratices

	Replace list of driver source files with variables
	Update the DRIVER_SOURCE_FILES variable to reference the
	other various XXX_SOURCES variables, instead of duplicating
	the filename lists. This results in a bunch of extra files
	being processed, but the test scripts can easily skip those

	Fix naming of methods in ESX storage backends to follow public APIs
	The previous update of method naming missed the ESX storage
	backend files. Update them is that the driver impl methods
	follow the naming of the public API but with s/vir/esx/

	Skip virNWFilterTechDriver when validating API naming
	The virNWFilterTechDriver struct is an internal only driver
	API with no public API equivalent. It should be skipped by
	the 'check-driverimpls' test case

	Replace 'goto cleanup' with 'goto error' in udev interface driver
	Some methods in the udev interface driver used 'cleanup' as the
	label for separate error codepaths. Change these to use 'error'
	as required by coding standards

	Replace 'goto err' with 'goto cleanup' in udev interface driver
	The udev interface driver did not follow standard naming
	convention for goto labels.

	Disable some URI tests on older libxml2
	Older versions of libxml2 could not correctly parse certain
	URIs. This causes test failures. There's nothing libvirt can
	do about this, so disable the problem tests on old libxml2
	versions

	Fix build of python bindings on Python 2.4
	The PyDict_Next method on Python <= 2.4 used 'int' instead
	of "Py_ssize_t" for the 'pos' parameter

2013-05-09  Jim Fehlig  <jfehlig@suse.com>

	build: fix build with old polkit0
	Commit 979e9c56 missed one case of providing the timestamp
	parameter to virNetServerClientGetUNIXIdentity() when WITH_POLKIT0
	is defined.

2013-05-09  Ján Tomko  <jtomko@redhat.com>

	conf: don't crash on a tpm device with no backends
	Print an error instead of crashing when a TPM device without
	a backend is specified.
	Add a test for tpm device with no backend, which should fail
	with a parse error.
	https://bugzilla.redhat.com/show_bug.cgi?id=961252

	tests: files named '.*-invalid.xml' should fail validation
	Currently, using an invalid XML in tests fails, because
	the schema test expects all of them to be valid.
	Treat files with -invalid.xml suffix as invalid and expect
	them to fail validation.

	don't mention disk controllers in generic controller errors
	The controller element supports non-disk controller types too.
	https://bugzilla.redhat.com/show_bug.cgi?id=960958

	iscsi: don't leak portal string when starting a pool

2013-05-09  Daniel P. Berrange  <berrange@redhat.com>

	Simplify the Xen domain stats/peek / node memory driver methods
	Make the Xen domain stats / peek and node memory driver
	methods unconditionally call the sub-drivers which are
	guaranteed to be open.

	Simplify the Xen domain autostart driver method
	Unconditionally call into the XenD or XM drivers for autostart
	handling, since they are guaranteed to be open

	Simplify the Xen domain scheduler parameter driver methods
	Make the Xen domain scheduler parameter methods directly
	call into XenD or Xen hypervisor drivers

	Simplify the Xen domain attach/dettach driver methods
	Make the domain attach/dettach driver methods directly call
	into either the XenD or XM drivers

	Simplify the Xen domain define/undefine driver methods
	Make the domain define/undefine driver methods directly call
	into either the XenD or XM drivers

	Simplify the Xen domain start driver method
	Directly call either the XenD or XM driver when starting
	a persistent domain

	Simplify the Xen driver define domain driver methods
	Directly call either XenD or the XM driver for handling
	domain define operations.

	Simplify the Xen domain migration driver methods
	All the migration code is done by the XenD subdriver which
	can be assumed to always be present

	Simplify the Xen domain get XML driver method
	The xenUnifiedDomainGetXMLDesc driver can assume that
	the XM and XenD drivers are always present

	Simplify the Xen domain VCPU driver methods

	Simplify the Xen domain save/restore driver methods
	Unconditionally call the XenD APIs for save/restore, since that
	driver will always be open.

	Simplify the Xen domain get info/state driver methods
	Make the xenUnifiedDomainGetInfo and xenUnifiedDomainGetState drivers
	call the correct sub-driver APIs directly.

	Simplify the Xen domain get/set (max) memory driver methods
	Simplify the Xen memory limit driver methods to directly call
	the most appropriate sub-driver

	Remove Xen get hostname driver method
	The xenGetHostname entry point in the xenUnifiedDriver table
	was unused.

	Simplify the Xen domain get OS type driver method
	Make xenUnifiedDomainGetOSType directly call either the
	xenHypervisorDomainGetOSType or xenDaemonDomainGetOSType
	method depending on whether the domain is active or not.

	Simplify the Xen domain destroy driver method
	Unconditionally call the xenDaemonDomainDestroyFlags API
	since the XenD driver is always available.

	Simplify the Xen domain shutdown/reboot driver methods
	Make the xenUnifiedDomainShutdownFlags and xenUnifiedDomainReboot
	driver methods unconditionally call the XenD APIs for shutdown
	and reboot. Delete the unreachable impls in the XenStore driver.

	Simplify the Xen domain suspend/resume driver methods
	Update xenUnifiedDomainSuspend and xenUnifiedDomainResume to
	unconditionally invoke the XenD APIs for suspend/resume. Delete
	the impls in the hypervisor driver which was unreachable.

	Simplify the Xen domain is persistent driver method
	Unconditionally call xenDaemonLookupByUUID, since the XenD
	driver must always be present.

	Simplify the Xen domain lookup driver methods
	Unconditionally invoke the xenHypervisorLookupDomainByID,
	xenHypervisorLookupDomainByUUID or xenDaemonLookupByName
	for looking up domains. Fallback to xenXMDomainLookupByUUID
	and xenXMDomainLookupByName for legacy XenD without inactive
	domain support

	Simplify the Xen domain create driver method
	Unconditionally call xenDaemonCreateXML in the
	xenUnifiedDomainCreateXML driver, since the XenD
	driver is always present.

	Simplify the Xen count/list domains driver methods
	The XenStore driver is mandatory, so it can be used unconditonally
	for the xenUnifiedConnectListDomains & xenUnifiedConnectNumOfDomains
	drivers. Delete the unused XenD and Hypervisor driver code for
	listing / counting domains

	Simplify the Xen get max vcpus / node get info driver methods
	Unconditionally call into xenHypervisorGetMaxVcpus and
	xenDaemonNodeGetInfo respectively, since those drivers
	are both mandatory

	Simplify the Xen get version driver method
	The hypervisor driver is mandatory, so the the call to
	xenHypervisorGetVersion must always succeed. Thus there
	is no need to ever run xenDaemonGetVersion

	Simplify the Xen get type driver method
	There is no point iterating over sub-drivers since the user
	would not have a virConnectPtr instance at all if opening
	the drivers failed. Just return 'Xen' immediately.

	Simplify opening of Xen drivers
	Since the Xen driver was changed to only execute inside libvirtd,
	there is no scenario in which it will be opened from a non-privileged
	context. Thus all the code dealing with opening the sub-drivers can
	be simplified to assume that they are always privileged.

	Remove pointless GET_PRIVATE macro from Xen driver
	The Xen driver uses a macro GET_PRIVATE as a supposed shorthand
	for 'xenUnifiedPrivatePtr priv = (xenUnifiedPrivatePtr) (conn)->privateData'.
	It does not in fact save any lines of code, and obscures what is
	happening. Remove it, since it adds no value.

	Remove VIR_CONNECT_RO checks from xen drivers
	Some of the Xen sub-drivers have checks against the
	VIR_CONNECT_RO flag. This is not required, since such
	checks are done at the top level before the driver
	methods are invoked

	Remove xen driver checks for priv->handle < 0
	The Xen hypervisor driver checks for 'priv->handle < 0' and
	returns -1, but without raising any error. Fortunately this
	code will never be executed, since the main Xen driver always
	checks 'priv->opened[XEN_UNIFIED_HYPERVISOR_OFFSET]' prior
	to invoking any hypervisor API. Just remove the redundant
	checks for priv->handle

2013-05-09  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/vmx/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/vmware/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/uml/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/secret/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/phyp/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/parallels/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/nwfilter/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/interface/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/node_device/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/network/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/lxc/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/locking/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/libxl/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/hyperv/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/esx/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/cpu/*

2013-05-09  Daniel P. Berrange  <berrange@redhat.com>

	Delete udevFreeIfaceDef function in udev interface driver
	The udevFreeIfaceDef function in the udev interface driver
	just duplicates code from virInterfaceDefFree. Delete it
	and call the standard API instead.
	Fix the udevGetIfaceDefVlan method so that it doesn't
	store pointers to the middle of a malloc'd memory
	area.

2013-05-09  Osier Yang  <jyang@redhat.com>

	libvirt.c: Fix the indention
	Pushed under trivial rule

	conf: Remove the unrelated comment
	Pushed under trivial rule.

2013-05-09  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Among others, this fixes a cosmetic bug where bootstrap stated:
	./bootstrap: Bootstrapping from checked-out http://libvirt.org sources...
	instead of the intended:
	./bootstrap: Bootstrapping from checked-out libvirt sources...
	* .gnulib: Update to latest, for bootstrap improvement.
	* bootstrap: Resync from gnulib.

2013-05-08  John Ferlan  <jferlan@redhat.com>

	virsh: Resolve Coverity 'MISSING_BREAK'
	Recent commit '53531e16' resulted in a new Coverity warning regarding
	a missing break in the ':' options processing. Adjust the commit to
	avoid the issue.

	lxc: Coverity false positive USE_AFTER_FREE

2013-05-08  Daniel P. Berrange  <berrange@redhat.com>

	Unmerge attach/update/modify device APIs in drivers
	The LXC, QEMU, and LibXL drivers have all merged their handling of
	the attach/update/modify device APIs into one large
	  'xxxxDomainModifyDeviceFlags'
	which then does a 'switch()' based on the actual API being invoked.
	While this saves some lines of code, it is not really all that
	significant in the context of the driver API impls as a whole.
	This merger of the handling of different APIs creates pain when
	wanting to automated analysis of the code and do things which
	are specific to individual APIs. The slight duplication of code
	from unmerged the API impls, is preferrable to allow for easier
	automated analysis.

	Pull parsing of migration xml up into QEMU driver APIs
	Currently the parsing of XML is pushed down into the various
	migration helper APIs. This makes it difficult to insert the
	correct access control checks, since one helper API services
	many public APIs. Pull the parsing of XML up to the top level
	of the QEMU driver APIs

	Don't allow renaming of domains by the backdoor
	Several APIs allow for custom XML to be passed in. This is
	checked for ABI stability, which will ensure the UUID is
	not being changed. There isn't validation that the name
	did not change though. This could allow renaming of guests
	via the backdoor, which in turn could allow for bypassing
	access control restrictions based on names.

	Fix naming of some node device APIs
	In renaming driver API implementations to match the
	public API naming scheme, a few cases in the node
	device driver were missed.

	Separate internal node suspend APIs from public API
	The individual hypervisor drivers were directly referencing
	APIs in virnodesuspend.c in their virDriverPtr struct. Separate
	these methods, so there is always a wrapper in the hypervisor
	driver. This allows the unused virConnectPtr args to be removed
	from the virnodesuspend.c file. Again this will ensure that
	ACL checks will only be performed on invocations that are
	directly associated with public API usage.

	Separate internal node device APIs from public API
	The individual hypervisor drivers were directly referencing
	APIs in src/nodeinfo.c in their virDriverPtr struct. Separate
	these methods, so there is always a wrapper in the hypervisor
	driver. This allows the unused virConnectPtr args to be
	removed from the nodeinfo.c file. Again this will ensure that
	ACL checks will only be performed on invocations that are
	directly associated with public API usage.

	Separate virGetHostname() API contract from driver APIs
	Currently the virGetHostname() API has a bogus virConnectPtr
	parameter. This is because virtualization drivers directly
	reference this API in their virDriverPtr tables, tieing its
	API design to the public virConnectGetHostname API design.
	This also causes problems for access control checks since
	these must only be done for invocations from the public
	API, not internal invocation.
	Remove the bogus virConnectPtr parameter, and make each
	hypervisor driver provide a dedicated function for the
	driver API impl. This will allow access control checks
	to be easily inserted later.

	Include process start time when doing polkit checks
	Since PIDs can be reused, polkit prefers to be given
	a (PID,start time) pair. If given a PID on its own,
	it will attempt to lookup the start time in /proc/pid/stat,
	though this is subject to races.
	It is safer if the client app resolves the PID start
	time itself, because as long as the app has the client
	socket open, the client PID won't be reused.

	Rename "security context" to "selinux context"
	There are various methods named "virXXXXSecurityContext",
	which are specific to SELinux. Rename them all to
	"virXXXXSELinuxContext". They will still raise errors at
	runtime if SELinux is not compiled in

	Fix possible undefined value in check-symsorting.pl
	It is possible for $line to be undefined at first used, if
	the symfile doesn't have a section prefix (which is the case
	for auto-generated symfiles).

2013-05-08  Osier Yang  <jyang@redhat.com>

	storage: Skip inactive lv volumes
	If the volume is of a clustered volume group, and not active, the
	related pool APIs fails on opening /dev/vg/lv. If the volume is
	suspended, it hangs on open(2) the volume.
	Though the best solution is to expose the volume status in volume
	XML, and even better to provide API to activate/deactivate the volume,
	but it's not the work I want to touch currently. Volume status in
	other status is just fine to skip.
	About the 5th field of lv_attr (from man lvs[8])
	<quote>
	 5 State: (a)ctive, (s)uspended, (I)nvalid snapshot, invalid
	   (S)uspended snapshot, snapshot (m)erge failed,suspended
	   snapshot (M)erge failed, mapped (d)evice present without
	   tables,  mapped device present with (i)nactive table
	</quote>

2013-05-08  Eric Blake  <eblake@redhat.com>

	string: make VIR_STRDUP easier to use
	While reviewing proposed VIR_STRDUP conversions, I've already noticed
	several places that do:
	if (str && VIR_STRDUP(dest, str) < 0)
	which can be simplified by allowing str to be NULL (something that
	strdup() doesn't allow).  Meanwhile, code that wants to ensure a
	non-NULL dest regardless of the source can check for <= 0.
	Also, make it part of the VIR_STRDUP contract that macro arguments
	are evaluated exactly once.
	* src/util/virstring.h (VIR_STRDUP, VIR_STRDUP_QUIET, VIR_STRNDUP)
	(VIR_STRNDUP_QUIET): Improve contract.
	* src/util/virstring.c (virStrdup, virStrndup): Change return
	conventions.
	* docs/hacking.html.in: Document this.
	* HACKING: Regenerate.

	alloc: make VIR_APPEND_ELEMENT safer
	VIR_APPEND_ELEMENT(array, size, elem) was not safe if the expression
	for 'size' had side effects.  While no one in the current code base
	was trying to pass side effects, we might as well be robust and
	explicitly document our intentions.
	* src/util/viralloc.c (virInsertElementsN): Add special case.
	* src/util/viralloc.h (VIR_APPEND_ELEMENT): Use it.
	(VIR_ALLOC, VIR_ALLOC_N, VIR_REALLOC_N, VIR_EXPAND_N)
	(VIR_RESIZE_N, VIR_SHRINK_N, VIR_INSERT_ELEMENT)
	(VIR_DELETE_ELEMENT, VIR_ALLOC_VAR, VIR_FREE): Document
	which macros are safe in the presence of side effects.
	* docs/hacking.html.in: Document this.
	* HACKING: Regenerate.

2013-05-07  Ján Tomko  <jtomko@redhat.com>

	syntax-check: forbid virBufferAsprintf with string literals

	get rid of virBufferAsprintf where possible
	Use virBufferAddLit or virBufferAddChar instead.

2013-05-07  Laine Stump  <laine@laine.org>

	qemu: allocate network connections sooner during domain startup
	VFIO device assignment requires a cgroup ACL to be setup for access to
	the /dev/vfio/nn "group" device for any devices that will be assigned
	to a guest. In the case of a host device that is allocated from a
	pool, it was being allocated during qemuBuildCommandLine(), which is
	called by qemuProcessStart() *after* the all-encompassing
	qemuSetupCgroup() was called, meaning that the standard Cgroup ACL
	setup wasn't creating ACLs for these devices allocated from pools.
	One possible solution was to manually add a single ACL down inside
	qemuBuildCommandLine() when networkAllocateActualDevice() is called,
	but that has two problems: 1) the function that adds the cgroup ACL
	requires a virDomainObjPtr, which isn't available in
	qemuBuildCommandLine(), and 2) we really shouldn't be doing network
	device setup inside qemuBuildCommandLine() anyway.
	Instead, I've created a new function called
	qemuNetworkPrepareDevices() which is called just before
	qemuPrepareHostDevices() during qemuProcessStart() (explanation of
	ordering in the comments), i.e. well before the call to
	qemuSetupCgroup(). To minimize code churn in a patch that will be
	backported to 1.0.5-maint, qemuNetworkPrepareDevices only does
	networkAllocateActualDevice() and the bare amount of setup required
	for type='hostdev network devices, but it eventually should do *all*
	device setup for guest network devices.
	Note that some of the code that was previously needed in
	qemuBuildCommandLine() is no longer required when
	networkAllocateActualDevice() is called earlier:
	 * qemuAssignDeviceHostdevAlias() is already done further down in
	   qemuProcessStart().
	 * qemuPrepareHostdevPCIDevices() is called by
	   qemuPrepareHostDevices() which is called after
	   qemuNetworkPrepareDevices() in qemuProcessStart().
	As hinted above, this new function should be moved into a separate
	qemu_network.c (or similarly named) file along with
	qemuPhysIfaceConnect(), qemuNetworkIfaceConnect(), and
	qemuOpenVhostNet(), and expanded to call those functions as well, then
	the nnets loop in qemuBuildCommandLine() should be reduced to only
	build the commandline string (which itself can be in a separate
	qemuInterfaceBuilldCommandLine() function as suggested by
	Michal). However, this will require storing away an array of tapfd and
	vhostfd that are needed for the commandline, so I would rather do that
	in a separate patch and leave this patch at the minimum to fix the
	bug.

2013-05-07  Daniel P. Berrange  <berrange@redhat.com>

	Ensure stub todo.html.in file is HTML5
	If no todo.cfg is present, make sure the stub is in HTML5
	format and clearly states that the config was not available

	Point users to Virt-Viewer MSI installers for Windows builds
	The Windows port page currently links to pre-built libvirt
	DLLs for release 0.8.8 which are 2 years old now. Until we
	can reliably produce official Windows installers, point
	people to the virt-viewer MSI installers instead which
	include the libvirt DLLs.

2013-05-07  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: Enable the capability bit for -no-kvm-pit-reinjection on x86 only
	On architectures not supporting the Intel specific programmable interval
	timer, like e.g. S390, starting a domain with a clock definition containing
	a pit timer results in the error "Option no-kvm-pit-reinjection not supported
	for this target".
	By moving the capability enablement for -no-kvm-pit-reinjection from the
	InitQMPBasic section into the x86_64 and i686 only enablement section all
	other architectures are no longer automatically enabled. In addition
	architecture related capabilities enablements have refactored into a new
	architecture bound capabilities initialization function.

2013-05-07  Daniel Hansel  <daniel.hansel@linux.vnet.ibm.com>

	rpc: message related sizes enlarged
	We have seen an issue on s390x platform where domain XMLs larger than 1MB
	were used. The define command was finished successfully. The dumpxml command
	was not successful (i.e. could not encode message payload).
	Enlarged message related sizes (e.g. maximum string size, message size, etc.)
	to handle larger system configurations used on s390x platform.
	To improve handling of the RPC message size the allocation during encode process
	is changed to a dynamic one (i.e. starting with 64kB initial size and increasing
	that size in steps up to 16MB if the payload data is larger).

2013-05-07  Daniel P. Berrange  <berrange@redhat.com>

	Fix namespace bugs in API docs, todo page & hv support page
	The XSL for generating the API docs was missing the HTML5
	namespace declarations. The todo and hvsupport scripts were
	also missing the HTML5 doctype / namespace declaration.

2013-05-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: Do fake auto-allocation of ports when generating native command
	When attempting to generate the native command line from an XML file
	that uses graphics port auto allocation, the generated commandline
	wouldn't be valid.
	This patch adds fake autoallocation of ports as done when starting the
	actual machine.

2013-05-07  Eric Blake  <eblake@redhat.com>

	spec: proper soft static allocation of qemu uid
	https://bugzilla.redhat.com/show_bug.cgi?id=924501 tracks a
	problem that occurs if uid 107 is already in use at the time
	libvirt is first installed.  In response that problem, Fedora
	packaging guidelines were recently updated.  This fixes the
	spec file to comply with the new guidelines:
	https://fedoraproject.org/wiki/Packaging:UsersAndGroups
	* libvirt.spec.in (daemon): Follow updated Fedora guidelines.

	build: clean up stray files found by 'make distcheck'
	'make distcheck' complained:
	ERROR: files left in build directory after distclean:
	./python/libvirt.pyc
	./tests/commandhelper.log
	Problems introduced in commits f015495 and 25ea8e4 (both v1.0.3).
	* tests/commandtest.c (test21): Check (and clean) log file.
	* tests/commanddata/test21.log: New file.
	* python/Makefile.am (CLEANFILES): Clean up compiled python files.

	build: always include libvirt_lxc.syms in tarball
	On a mingw build, 'make distcheck' fails with:
	  GEN      libvirt_qemu.def
	make[3]: *** No rule to make target `../../src/libvirt_lxc.syms', needed by `libvirt_lxc.def'.  Stop.
	I traced it to a missing entry in EXTRA_DIST.  But rather than keep
	the entire list in sync, it is easier to list the three syms files
	that drive .so files directly, and then reuse existing makefile
	variables for the remaining files (that is, I validated that all
	remaining files are added to SYM_FILES, possibly via USED_SYM_FILES,
	according to makefile conditionals).
	Problem introduced in commit 3d1596b (v1.0.2).
	* src/Makefile.am (EXTRA_DIST): Ensure all syms files are shipped.

2013-05-05  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to VIR_STRDUP and VIR_STRNDUP in daemon/*

	virstring: Introduce VIR_STRDUP and VIR_STRNDUP
	The code adaptation is not done right now, but in subsequent patches.
	Hence I am not implementing syntax-check rule as it would break
	compilation. Developers are strongly advised to use these new macros.
	They are similar to VIR_ALLOC() logic: VIR_STRDUP(dst, src) returns zero
	on success, -1 otherwise. In case you don't want to report OOM error,
	use the _QUIET variant of a macro.

2013-05-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix a few more docs XSL bugs related to the TOC
	Add missing 'html:' namespace prefix to a few more XSL
	rules for generating the table of contents links

2013-05-04  Laine Stump  <laine@laine.org>

	qemu: fix stupid typos in VFIO cgroup setup/teardown
	I must have looked at this a couple dozen times before I noticed it
	had "!=" instead of "==". Not doing this setup prevented qemu from
	doing anything with the vfio group device.

2013-05-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix docs generator regression in previous commit
	The previous commit failed to update the XSL to take account
	of fact that in XHTML mode the elements need namespace
	prefixes. This caused every web page to be blank!

	Fix multiple formatting problems in HTML docs
	The rule generating the HTML docs passing the --html flag
	to xsltproc. This makes it use the legacy HTML parser, which
	either ignores or tries to fix all sorts of broken XML tags.
	There's no reason why we should be writing broken XML in
	the first place, so removing --html and adding the XHTML
	doctype to all files forces us to create good XML.
	This adds the XHTML doc type and fixes many, many XML tag
	problems it exposes.

2013-05-03  Guido Günther  <agx@sigxcpu.org>

	Make detect_scsi_host_caps a function on all architectures
	In the non linux case some callers like gather_scsi_host_caps needed the
	return code of -1 while others like update_caps needed an empty
	statement (to avoid a "statement without effect" warning). This is much
	simpler solved by using a function instead of a define.

	Fixup rpcgen code on kFreeBSD too
	since it uses glibc's rpcgen.

2013-05-03  Daniel P. Berrange  <berrange@redhat.com>

	Ignore 'uri' parameter in lockd driver
	A 'uri' parameter was added for the benefit of sanlock. This
	causes a warning in the lockd driver though
	2013-05-03 13:20:35.347+0000: 28403: error : virLockManagerLockDaemonNew:482 : internal error Unexpected parameter uri for object
	Ignore this parameter, since lockd does not require it and it
	is harmless if not used.

2013-05-03  Laine Stump  <laine@laine.org>

	network: fix network driver startup for qemu:///session
	This should resolve https://bugzilla.redhat.com/show_bug.cgi?id=958907
	Recent new addition of code to read/write active network state to the
	NETWORK_STATE_DIR in the network driver broke startup for
	qemu:///session. The network driver had several state file paths
	hardcoded to /var, which could never possibly work in session mode.
	This patch modifies *all* state files to use a variable string that is
	set differently according to whether or not we're running
	privileged. (It turns out that logDir was never used, so it's been
	completely eliminated.)
	There are very definitely other problems preventing dnsmasq and radvd
	from running in non-privileged mode, but it's more consistent to have
	the directories used by them be determined in the same fashion.
	NB: I've noted before that the network driver is storing its state
	(including dnsmasq and radvd state) in /var/lib, while qemu stores its
	state in /var/run. It would probably have been better if the two
	matched, but it's been this way for a long time, and changing it would
	break running installations during an upgrade, so it's best to just
	leave it as it is.

2013-05-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix warning about unsupported cookie flags in QEMU driver
	The QEMU migration code unconditionally sets the 'persistent'
	cookie flag on the source host. The dest host, however, only
	allows it during parsing if VIR_MIGRATE_PERSIST_DEST was
	set. Make the source host only set it if this flag is
	present.

	Fix release of resources with lockd plugin
	The lockd plugin for the lock manager was not correctly
	handling the release of resource locks. This meant that
	during migration, or when pausing a VM, the locks would
	not get released. This in turn made it impossible to
	resume the domain, or finish migration

	Fix F_DUPFD_CLOEXEC operation args
	The F_DUPFD_CLOEXEC operation with fcntl() expects a single
	int argument, specifying the minimum FD number for the newly
	dup'd file descriptor. We were not specifying that causing
	random stack data to be accessed as the FD number. Sometimes
	that worked, sometimes it didn't.

2013-05-03  Eric Blake  <eblake@redhat.com>

	build: avoid non-portable cast of pthread_t
	POSIX says pthread_t is opaque.  We can't guarantee if it is scaler
	or a pointer, nor what size it is; and BSD differs from Linux.
	We've also had reports of gcc complaining on attempts to cast it,
	if we use a cast to the wrong type (for example, pointers have to be
	cast to void* or intptr_t before being narrowed; while casting a
	function return of scalar pthread_t to void* triggers a different
	warning).
	Give up on casts, and use unions to get at decent bits instead.  And
	rather than futz around with figuring which 32 bits of a potentially
	64-bit pointer are most likely to be unique, convert the rest of
	the code base to use 64-bit values when using a debug id.
	Based on a report by Guido Günther against kFreeBSD, but with a
	fix that doesn't regress commit 4d970fd29 for FreeBSD.
	* src/util/virthreadpthread.c (virThreadSelfID, virThreadID): Use
	union to get at a decent bit representation of thread_t bits.
	* src/util/virthread.h (virThreadSelfID, virThreadID): Alter
	signature.
	* src/util/virthreadwin32.c (virThreadSelfID, virThreadID):
	Likewise.
	* src/qemu/qemu_domain.h (qemuDomainJobObj): Alter type of owner.
	* src/qemu/qemu_domain.c (qemuDomainObjTransferJob)
	(qemuDomainObjSetJobPhase, qemuDomainObjReleaseAsyncJob)
	(qemuDomainObjBeginNestedJob, qemuDomainObjBeginJobInternal): Fix
	clients.
	* src/util/virlog.c (virLogFormatString): Likewise.
	* src/util/vireventpoll.c (virEventPollInterruptLocked):
	Likewise.

2013-05-03  Laine Stump  <laine@laine.org>

	build: fix make rpm failure
	Commit 297c99a accidentally put a { where a ( belonged, causing make
	rpm to fail.

2013-05-03  Daniel P. Berrange  <berrange@redhat.com>

	More paranoid initialization of 'nparams' variable in dispatch code
	Since the 'nparams' variable passed to virTypedParametersFree is
	supposed to represent the size of the 'params' array, it is bad
	practice to initialize it to a non-zero value, until the array
	has been allocated.

	Fix potential use of undefined variable in remote dispatch code
	If an early dispatch check caused a jump to the 'cleanup' branch
	then virTypeParamsFree() would be called with an uninitialized
	'nparams' variable. Fortunately 'params' is initialized to NULL,
	so the uninitialized 'nparams' variable would not be used.

	Remove redundant () in expression
	The use of () in a simple boolean comparison was not
	required

	Fix format string handling in network driver
	The call to virReportError conditionally switched between
	two format strings, with different numbers of placeholders.
	This meant the format string with no placeholders was not
	protected by a "%s".

2013-05-03  Ján Tomko  <jtomko@redhat.com>

	docs: fix 'since' for socket path generation
	Commit 297c99a says it works from 1.0.5 but it only got pushed
	after the 1.0.5 release.

2013-05-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Reduce code duplication in generator

2013-05-03  Jim Fehlig  <jfehlig@suse.com>

	build: Fix build when WITH_HAL is defined
	Commit 7c9a2d88 missed inclusion of virstring.h in a few places
	when WITH_HAL is defined, causing build failures.

2013-05-03  Eric Blake  <eblake@redhat.com>

	build: fix mingw build of vbox
	More fallout from commit 7c9a2d88 dropping too many headers.  Fixes:
	In file included from ../../src/vbox/vbox_glue.c:26:0:
	../../src/vbox/vbox_MSCOMGlue.c: In function 'vboxLookupVersionInRegistry':
	../../src/vbox/vbox_MSCOMGlue.c:435:5: error: implicit declaration of function 'virParseVersionString' [-Werror=implicit-function-declaration]
	...
	../../src/vbox/vbox_driver.c: In function 'vboxConnectOpen':
	../../src/vbox/vbox_driver.c:147:5: error: implicit declaration of function 'getuid' [-Werror=implicit-function-declaration]
	../../src/vbox/vbox_driver.c:147:5: error: nested extern declaration of 'getuid' [-Werror=nested-externs]
	* src/vbox/vbox_MSCOMGlue.c (includes): Add missing includes.
	* src/vbox/vbox_driver.c (includes): Likewise.

	build: fix mingw build of virprocess.c
	Commit 776d49f4 added a static function that is only called
	conditionally; leading to this compile error on mingw:
	  CC       libvirt_util_la-virprocess.lo
	../../src/util/virprocess.c:624:26: error: 'struct rlimit' declared inside parameter list [-Werror]
	../../src/util/virprocess.c:624:26: error: its scope is only this definition or declaration, which is probably not what you want [-Werror]
	../../src/util/virprocess.c:622:1: error: 'virProcessPrLimit' defined but not used [-Werror=unused-function]
	* src/util/virprocess.c (virProcessPrLimit): Only declare
	virProcessPrLimit when used.

	build: fix FreeBSD build
	Commit 7c9a2d88 cleaned up too many headers; FreeBSD builds
	failed due to:
	util/virutil.c:556: warning: implicit declaration of function 'canonicalize_file_name'
	(Not sure which Linux header leaked this declaration, but gnulib
	only guarantees it in stdlib.h)
	libvirt.c:956: warning: implicit declaration of function 'virGetUserConfigDirectory'
	(Here, a build on Linux was picking up virutil.h indirectly via
	one of the conditional driver headers, where that driver was not
	being built on my FreeBSD setup)
	* src/util/virutil.c (includes): Need <stdlib.h> for
	canonicalize_file_name.
	* src/libvirt.c (includes): Use "virutil.h" unconditionally,
	rather than relying on conditional indirect inclusion.

	build: avoid useless virAsprintf
	virAsprintf(&foo, "%s", bar) is wasteful compared to
	foo = strdup(bar) (or eventually, VIR_STRDUP(foo, bar),
	but one thing at a time...).
	Noticed while reviewing Laine's attempt to clean up broken
	qemu:///session.
	* cfg.mk (sc_prohibit_asprintf): Enhance rule.
	* src/esx/esx_storage_backend_vmfs.c
	(esxStorageBackendVMFSVolumeLookupByKey): Fix offender.
	* src/network/bridge_driver.c (networkStateInitialize): Likewise.
	* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopDHCPOpen):
	Likewise.
	* src/storage/storage_backend_sheepdog.c
	(virStorageBackendSheepdogRefreshVol): Likewise.
	* src/util/vircgroup.c (virCgroupAddTaskStrController): Likewise.
	* src/util/virdnsmasq.c (addnhostsAdd): Likewise.
	* src/xen/block_stats.c (xenLinuxDomainDeviceID): Likewise.
	* src/xen/xen_driver.c (xenUnifiedConnectOpen): Likewise.
	* tools/virsh.c (vshGetTypedParamValue): Likewise.

	build: always include sanitytest in tarball
	The libvirt 1.0.5 tarball is missing a file which renders 'make
	check' broken; first reported on list by Guido Günther.
	* python/Makefile.am (EXTRA_DIST): Hoist sanitytest.py out of
	HAVE_PYTHON conditional.

2013-05-03  Laine Stump  <laine@laine.org>

	util: fix compile errors caused by moving string functions
	commit 7c9a2d8 missed adding in a few #include "virstring.h"s, causing
	builds to fail.

2013-05-02  Michal Privoznik  <mprivozn@redhat.com>

	virutil: Move string related functions to virstring.c
	The source code base needs to be adapted as well. Some files
	include virutil.h just for the string related functions (here,
	the include is substituted to match the new file), some include
	virutil.h without any need (here, the include is removed), and
	some require both.

	qemu: Generate agent socket path if missing
	It's not desired to force users imagine path for a socket they
	are not even supposed to connect to. On the other hand, we
	already have a release where the qemu agent socket path is
	exposed to XML, so we cannot silently drop it from there.
	The new path is generated in form:
	$LOCALSTATEDIR/lib/libvirt/qemu/channel/target/$domain.$name
	for qemu system mode, and
	$XDG_CONFIG_HOME/qemu/lib/channel/target/$domain.$name
	for qemu session mode.

2013-05-02  Guido Günther  <agx@sigxcpu.org>

	virInitctlRequest: unbreak make syntax check
	introduced by dcf97846d54b9ae20181f0f29c684b6ae4de89ee
	To trigger this cppi needs to be installed.

	virInitctlRequest: unbreak make syntax check
	introduced by dcf97846d54b9ae20181f0f29c684b6ae4de89ee

2013-05-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.0.5
	* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
	* po/*.po*: pulled and merged a number of new localization updates

2013-05-02  Guido Günther  <agx@sigxcpu.org>

	virInitctlRequest: Don't hardcode 384 bytes size
	When MAXHOSTNAMELEN is set we have to take it's value into account.
	Otherwise the build fails on kFreeBSD (FreeBSD kernel and GNU userland)

2013-05-02  Laine Stump  <laine@laine.org>

	pci: autolearn name of stub driver, remove from arglist
	virPCIDeviceReattach and virPCIDeviceUnbindFromStub (called by
	virPCIDeviceReattach) had previously required the name of the stub
	driver as input. This is unnecessary, because the name of the driver
	the device is currently bound to can be found by looking at the link:
	  /sys/bus/pci/dddd:bb:ss.ff/driver
	Instead of requiring that the name of the expected stub driver name
	and only unbinding if that one name is matched, we no longer take a
	driver name in the arglist for either of these
	functions. virPCIDeviceUnbindFromStub just compares the name of the
	currently bound driver to a list of "well known" stubs (right now
	contains "pci-stub" and "vfio-pci" for qemu, and "pciback" for xen),
	and only performs the unbind if it's one of those devices.
	This allows virsh nodedevice-reattach to work properly across a
	libvirtd restart, and fixes a couple of cases where we were
	erroneously still hard-coding "pci-stub" as the drive name.
	For some unknown reason, virPCIDeviceReattach had been calling
	modprobe on the stub driver prior to unbinding the device. This was
	problematic because we no longer know the name of the stub driver in
	that function. However, it is pointless to probe for the stub driver
	at that time anyway - because the device is bound to the stub driver,
	we are guaranteed that it is already loaded, and so that call to
	modprobe has been removed.

2013-05-02  Eric Blake  <eblake@redhat.com>

	spec: collect all BuildRequires into one area
	Conditional BuildRequires: should be at the top level, rather
	than appearing in conditional sub-package sections.  This
	appears to be the only offender.
	* libvirt.spec.in (BuildRequires): Move libblkid-devel into
	correct area.

2013-05-02  Christophe Fergeau  <cfergeau@redhat.com>

	docs: Fix closing tag in snapshot documentation
	Commit cc6d19f3 added text containing "<code>snapshot<code>" to
	formatsnapshot.html.in. The closing tag is missing '/' which causes
	the documentation to misrender.

2013-05-01  Ata E Husain Bohra  <ata.husain@hotmail.com>

	ESX: Fix DISPATCH_FREE generation code to free all extended objects
	Python code generator "generate_source" section that handles
	code generation to "free" inherited objects needs to generate
	DISPATCH_FREE calls for all extended_by objects.

2013-05-01  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Do not generate a default USB controller
	For s390 we don't want to have a default USB device generated even
	if QEMU is silently tolerating -usb on the command line. This may change
	in the future.
	Another reason to avoid the USB controller is that it implies a PCI
	bus which might cause a regression at some later point in time.
	The following change will set the USB controller model to 'none'
	unless a model or address has been specified, which can be the case
	if a legacy definition is loaded or the XML writer knows what
	she/he's doing.
	Requiring the user to explicitly disable USB on systems not supporting
	it seems cumbersome.

	S390: Mention changed USB behavior
	Add a line saying that no USB controllers are generated by default
	on s390.

2013-05-01  Laine Stump  <laine@laine.org>

	qemu: fix failure to start with spice graphics and no tls
	Commit eca3fdf inadvertantly caused a failure to start for any domain
	with the following in its config:
	    <graphics type='spice' autoport='yes'/>
	The problem is that when tlsPort == 0 and defaultMode == "any" (which
	is the default for defaultMode), this would be flagged in the code as
	"needTLSPort", and if there was then no spice tls config, the new
	error+fail would happen.
	This patch checks for the case of defaultMode == "any", and in that
	case simply doesn't allocate a TLS port (since that's probably not
	what the user wanted, and it would have failed later anyway.). It does
	leave the error in place for cases when the user specifically asked to
	use tls in one way or another, though.

2013-05-01  Eric Blake  <eblake@redhat.com>

	build: fix cygwin build in virnetdev
	On cygwin, compilation failed because SIOCSIFHWADDR is undefined.
	* src/util/virnetdev.c (virNetDevSetMAC): Cygwin can query but not
	set mac address.

2013-05-01  John Ferlan  <jferlan@redhat.com>

	Need to call virFreeError after virSaveLastError

	Resolve valgrind error
	As a result of commit id '19c345f2', 'make -C tests valgrind' has the
	following for qemuxml2argvtest:
	==22482== 197 (80 direct, 117 indirect) bytes in 1 blocks are definitely lost in loss record 101 of 120
	==22482==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
	==22482==    by 0x4C6F301: virAlloc (viralloc.c:124)
	==22482==    by 0x4C840FC: virSaveLastError (virerror.c:308)
	==22482==    by 0x431882: qemuBuildCommandLine (qemu_command.c:8204)
	==22482==    by 0x41E8F0: testCompareXMLToArgvHelper (qemuxml2argvtest.c:155)
	==22482==    by 0x41FE9F: virtTestRun (testutils.c:157)
	==22482==    by 0x419DEB: mymain (qemuxml2argvtest.c:654)
	==22482==    by 0x4204DA: virtTestMain (testutils.c:719)
	==22482==    by 0x39D0821A04: (below main) (libc-start.c:225)
	==22482==

2013-05-01  Ján Tomko  <jtomko@redhat.com>

	libvirt-guests: status: return non-zero when stopped
	Return 3 when the service is stopped, whether there
	are saved guests or not, to conform with the LSB standards:
	http://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html

2013-04-30  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	portability: handle ifreq differences in virnetdev
	FreeBSD (and maybe other BSDs) have different member
	names in struct ifreq when compared to Linux, such as:
	 - uses ifr_data instead of ifr_newname for setting
	   interface names
	 - uses ifr_index instead of ifr_ifindex for interface
	   index
	Also, add a check for SIOCGIFHWADDR for virNetDevValidateConfig().
	Use AF_LOCAL if AF_PACKET is not available.

2013-04-30  Laine Stump  <laine@laine.org>

	security driver: eliminate memory leaks in failure paths
	If virPCIDeviceGetVFIOGroupDev() failed,
	virSecurity*(Set|Restore)HostdevLabel() would fail to free a
	virPCIDevice that had been allocated.
	These leaks were all introduced (by me) very recently, in commit
	f0bd70a.

2013-04-30  Jim Fehlig  <jfehlig@suse.com>

	libxl: Fix double-dispose of libxl domain config
	libxlBuildDomainConfig() was disposing the libxl_domain_config object
	on error, only to have it disposed again by libxlBuildDomainConfig()'s
	caller, which resulted in a segfault.  Leave disposing of the config
	object to it's owner.

2013-04-30  Martin Kletzander  <mkletzan@redhat.com>

	esx: Support virtualHW version 9
	We already support ESX 5.1, but virtualHW version used by such
	hypervisor [1] wasn't taken into account.
	[1] http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1003746

	Fix typo in augeas comment

2013-04-30  Eric Blake  <eblake@redhat.com>

	build: mark conditionally unused variables
	These fixes solve a compilation failure on FreeBSD:
	util/virnetdevtap.c: In function 'virNetDevTapGetName':
	util/virnetdevtap.c:56: warning: unused parameter 'tapfd' [-Wunused-parameter]
	util/virnetdevtap.c:56: warning: unused parameter 'ifname' [-Wunused-parameter]
	* src/util/virnetdevtap.c (virNetDevTapGetName): Add attributes
	when TUNGETIFF is not present.

2013-04-30  Ján Tomko  <jtomko@redhat.com>

	virsh: clarify vol-{down,up}load description
	Mention file/volume contents instead of just 'file'/'volume'.
	Also change Download->download in vol-download help,
	to be consistent with other volume commands.
	https://bugzilla.redhat.com/show_bug.cgi?id=955537

	qemu: report an error if memballoon has wrong address type
	qemuBuildMemballoonDevStr returns NULL if memballoon doesn't have
	the right address type, but it doesn't report an error, leading to:
	error: An error occurred, but the cause is unknown
	Report a helpful error message instead, e.g.:
	error: XML error: memballoon unsupported with address type 'usb'

	qemu: assign addresses when converting xml to native
	This adds addresses to domxml-to-native output and chooses
	the correct virtio devices for ccw and s390 machines.
	https://bugzilla.redhat.com/show_bug.cgi?id=957077

	virsh: fix incorrect argument errors for long options
	For long options, print:
	* the option as specified by the user if it's unknown
	* the canonical long option if its argument is not
	  a number (and should be)
	And for missing arguments, print both the short and
	the long option name.
	(Doing only one of those would require either parsing
	argv ourselves or let getopt print the errors, since
	we can't tell long and short options apart by optopt
	or longindex)
	https://bugzilla.redhat.com/show_bug.cgi?id=949373
	Unsupported long option:
	$ virsh --pm
	Before:
	error: unsupported option '-
	After:
	error: unsupported option '--pm'. See --help.
	Missing parameter:
	$ virsh --deb
	Before:
	error: option '-d' requires an argument
	After:
	error: option '-d'/'--debug' requires an argument
	$ virsh -rd
	Before:
	error: option '-d' requires an argument
	After:
	error: option '-d'/'--debug' requires an argument
	Non-numeric parameter:
	$ virsh --deb duck
	Before:
	error: option -d takes a numeric argument
	After:
	error: option --debug takes a numeric argument

2013-04-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: Error out if spice port autoallocation is requested, but disabled
	When a user requests auto-allocation of the spice TLS port but spice TLS
	is disabled in qemu.conf, we start the machine and let qemu fail instead
	of erroring out sooner.
	Add an error message so that this doesn't happen.

	network: Don't remove transient network if creating of config file fails
	On the off-chance that creation of persistent configuration file would
	fail when defining a network that is already started as transient, the
	code would remove the transient data structure and thus the network.
	This patch changes the code so that in such case, the network is again
	marked as transient and left behind.

2013-04-30  Laine Stump  <laine@laine.org>

	qemu: put usb cgroup setup in common function
	The USB-specific cgroup setup had been inserted inline in
	qemuDomainAttachHostUsbDevice and qemuSetupCgroup, but now there is a
	common cgroup setup function called for all hostdevs, so it makes sens
	to put the usb-specific setup there and just rely on that function
	being called.
	The one thing I'm uncertain of here (and a reason for not pushing
	until after release) is that previously hostdev->missing was checked
	only when starting a domain (and cgroup setup for the device skipped
	if missing was true), but with this consolidation, it is now checked
	in the case of hotplug as well. I don't know if this will have any
	practical effect (does it make sense to hotplug a "missing" usb
	device?)

	qemu: add vfio devices to cgroup ACL when appropriate
	PCIO device assignment using VFIO requires read/write access by the
	qemu process to /dev/vfio/vfio, and /dev/vfio/nn, where "nn" is the
	VFIO group number that the assigned device belongs to (and can be
	found with the function virPCIDeviceGetVFIOGroupDev)
	/dev/vfio/vfio can be accessible to any guest without danger
	(according to vfio developers), so it is added to the static ACL.
	The group device must be dynamically added to the cgroup ACL for each
	vfio hostdev in two places:
	1) for any devices in the persistent config when the domain is started
	   (done during qemuSetupCgroup())
	2) at device attach time for any hotplug devices (done in
	   qemuDomainAttachHostDevice)
	The group device must be removed from the ACL when a device it
	"hot-unplugged" (in qemuDomainDetachHostDevice())
	Note that USB devices are already doing their own cgroup setup and
	teardown in the hostdev-usb specific function. I chose to make the new
	functions generic and call them in a common location though. We can
	then move the USB-specific code (which is duplicated in two locations)
	to this single location. I'll be posting a followup patch to do that.

2013-04-29  Ján Tomko  <jtomko@redhat.com>

	qemu: honor allowDiskFormatProbing when parsing command line
	My commit 024e9af broke this.

2013-04-27  Ján Tomko  <jtomko@redhat.com>

	conf: add missing error on OOM
	I removed it in 5c3d5b2 by accident.

	qemu: prevent invalid reads in qemuAssignDevicePCISlots
	Don't reserve slot 2 for video if the machine has no PCI buses.
	Error out when the user specifies a video device without
	a PCI address when there are no PCI buses.
	(This wouldn't work on a machine with no PCI bus anyway since
	we do add PCI addresses for video devices to the command line)

	qemu: don't always reserve PCI addresses for implicit controllers
	In the past we automatically added a USB controller and assigned
	it a PCI address (0:0:1.2) even on machines without a PCI bus.
	This didn't break machines with no PCI bus  because the command
	line for it is just '-usb', with no mention of the PCI bus.
	The implicit IDE controller (reserved address 0:0:1.1) has
	no command line at all.
	Commit b33eb0dc removed the ability to reserve PCI addresses
	on machines without a PCI bus. This made them stop working,
	since there would always be the implicit USB controller.
	Skip the reservation of addresses for these controllers when
	there is no PCI bus, instead of failing.

2013-04-27  Laine Stump  <laine@laine.org>

	conf: remove extraneous _TYPE from driver backend enums
	This isn't strictly speaking a bugfix, but I realized I'd gotten a bit
	too verbose when I chose the names for
	VIR_DOMAIN_HOSTDEV_PCI_BACKEND_TYPE_*. This shortens them all a bit.

	network: support <driver name='vfio'/> in network definitions
	I remembered to document this bit, but somehow forgot to implement it.
	This adds <driver name='kvm|vfio'/> as a subelement to the <forward>
	element of a network (this puts it parallel to the match between
	mode='hostdev' attribute in a network and type='hostdev' in an
	<interface>).
	Since it's already documented, only the parser, formatter, backend
	driver recognition (it just translates/moves the flag into the
	<interface> at the appropriate time), and a test case were needed.
	(I used a separate enum for the values both because the original is
	defined in domain_conf.h, which is unavailable from network_conf.h,
	and because in the future it's possible that we may want to support
	other non-hostdev oriented driver names in the network parser; this
	makes sure that one can be expanded without the other).

2013-04-27  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: launch bridge helper from libvirtd
	<source type='bridge'> uses a helper application to do the necessary
	TUN/TAP setup to use an existing network bridge, thus letting
	unprivileged users use TUN/TAP interfaces.
	However, libvirt should be preventing QEMU from running any setuid
	programs at all, which would include this helper program.  From
	a security POV, any setuid helper needs to be run by libvirtd itself,
	not QEMU.
	This is what this patch does.  libvirt now invokes the setuid helper,
	gets the TAP fd and then passes it to QEMU in the normal manner.
	The path to the helper is specified in qemu.conf.
	As a small advantage, this adds a <target dev='tap0'/> element to the
	XML of an active domain using <interface type='bridge'>.

	virnetdevtap: add virNetDevTapGetName
	This will be used on a tap file descriptor returned by the bridge helper
	to populate the <target> element, because the helper does not provide
	the interface name.

2013-04-27  Ján Tomko  <jtomko@redhat.com>

	qemu: don't assign a PCI address to 'none' USB controller
	Adjust the usb-none test, since it gives the memballoon a lower PCI slot now.
	Add a test for 'none' controller on s390, which doesn't have PCI buses.

2013-04-27  Bamvor Jian Zhang  <bjzhang@suse.com>

	fix segfault during virsh save in pv guest
	this patch fix the wrong sequence for fd and timeout register. the sequence
	was right in dfa1e1dd for fd register, but it changed in e0622ca2.
	in this patch, set priv, xl_priv in info and increase info->priv ref count
	before virEventAddHandle. if do this after virEventAddHandle, the fd
	callback or fd deregister maybe got the empty priv, xl_priv or wrong ref
	count.
	after apply this patch, test more than 100 rounds passed compare to fail
	within 3 rounds without this patch. each round includes define -> start ->
	destroy -> create -> suspend -> resume -> reboot -> shutdown -> save ->
	resotre -> dump -> destroy -> create -> setmem -> setvcpus -> destroy.

2013-04-26  Laine Stump  <laine@laine.org>

	qemu: set qemu process' RLIMIT_MEMLOCK when VFIO is used
	VFIO requires all of the guest's memory and IO space to be lockable in
	RAM. The domain's max_balloon is the maximum amount of memory the
	domain can have (in KiB). We add a generous 1GiB to that for IO space
	(still much better than KVM device assignment, where the KVM module
	actually *ignores* the process limits and locks everything anyway),
	and convert from KiB to bytes.
	In the case of hotplug, we are changing the limit for the already
	existing qemu process (prlimit() is used under the hood), and for
	regular commandline additions of vfio devices, we schedule a call to
	setrlimit() that will happen after the qemu process is forked.

	qemu: use new virCommandSetMax(Processes|Files)
	These were previously being set in a custom hook function, but now
	that virCommand directly supports setting them, we can eliminate that
	part of the hook and call the APIs directly.

	util: new virCommandSetMax(MemLock|Processes|Files)
	This patch adds two sets of functions:
	1) lower level virProcessSet*() functions that will immediately set
	the RLIMIT_MEMLOCK. RLIMIT_NPROC, or RLIMIT_NOFILE of either the
	current process (using setrlimit()) or any other process (using
	prlimit()). "current process" is indicated by passing a 0 for pid.
	2) functions for virCommand* that will setup a virCommand object to
	set those limits at a later time just after it has forked a new
	process, but before it execs the new program.
	configure.ac has prlimit and setrlimit added to the list of functions
	to check for, and the low level functions log an "unsupported" error)
	on platforms that don't support those functions.

2013-04-26  Daniel P. Berrange  <berrange@redhat.com>

	Do proper escaping of cgroup resource partitions
	If a user cgroup name begins with "cgroup.", "_" or with any of
	the controllers from /proc/cgroups followed by a dot, then they
	need to be prefixed with a single underscore. eg if there is
	an object "cpu.service", then this would end up as "_cpu.service"
	in the cgroup filesystem tree, however, "waldo.service" would
	stay "waldo.service", at least as long as nobody comes up with
	a cgroup controller called "waldo".
	Since we require a '.XXXX' suffix on all partitions, there is
	no scope for clashing with the kernel 'tasks' and 'release_agent'
	files.

	Ensure all cgroup partitions have a suffix of ".partition"
	If the partition named passed in the XML does not already have
	a suffix, ensure it gets a '.partition' added to each component.
	The exceptions are /machine, /user and /system which do not need
	to have a suffix, since they are fixed partitions at the top
	level.

	Change VM cgroup suffix from '{lxc,qemu}.libvirt' to 'libvirt-{lxc,qemu}'
	Recently we changed to create VM cgroups with the naming pattern
	$VMNAME.$DRIVER.libvirt. Following discussions with the systemd
	community it was decided that only having a single '.' in the
	names is preferrable. So this changes the naming scheme to be
	$VMNAME.libvirt-$DRIVER. eg for LXC 'mycontainer.libvirt-lxc' or
	for KVM 'myvm.libvirt-qemu'.

2013-04-26  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	test: Add JSON test for query-tpm-types
	Add a test case for query-tpm-models QMP command.

2013-04-26  Eric Blake  <eblake@redhat.com>

	virsh: suppress aliases in group help
	'virsh help | grep nodedev-det' shows only nodedev-detach, but
	'virsh help nodedev | grep nodedev-det' also shows the old alias
	nodedev-dettach that we intentionally hid in commit af3f9aab.
	See also commit 787f4fe and this bug report:
	https://bugzilla.redhat.com/show_bug.cgi?id=956966
	* tools/virsh.c (vshCmdGrpHelp): Copy suppression of vshCmdHelp.

2013-04-26  Laine Stump  <laine@laine.org>

	security: update hostdev labelling functions for VFIO
	Legacy kvm style pci device assignment requires changes to the
	labelling of several sysfs files for each device, but for vfio device
	assignment, the only thing that needs to be relabelled/chowned is the
	"group" device for the group that contains the device to be assigned.

	util: new function virPCIDeviceGetVFIOGroupDev
	Given a virPCIDevice, this function returns the path for the device
	that controls the vfio group the device belongs to,
	e.g. "/dev/vfio/15".

	virsh: use new virNodeDeviceDetachFlags
	The virsh nodedev-detach command has a new --driver option. If it's
	given virsh will attempt to use the new virNodeDeviceDetachFlags API
	instead of virNodeDeviceDettach. Validation of the driver name string
	is left to the hypervisor (qemu accepts "kvm" or "vfio". The only
	other hypervisor that implements these functions is xen, and it only
	accepts NULL).

	xen: implement virNodeDeviceDetachFlags backend
	This was the only hypervisor driver other than qemu that implemented
	virNodeDeviceDettach. It doesn't currently support multiple pci device
	assignment driver backends, but it is simple to plug in this new API,
	which will make it easier for Xen people to fill it in later when they
	decide to support VFIO (or whatever other) device assignment. Also it
	means that management applications will have the same API available to
	them for both hypervisors on any given version of libvirt.
	The only acceptable value for driverName in this case is NULL, since
	there is no alternate, and I'm not willing to pick a name for the
	default driver used by Xen.

	qemu: implement virNodeDeviceDetachFlags backend
	The differences from virNodeDeviceDettach are very minor:
	1) Check that the flags are 0.
	2) Set the virPCIDevice's stubDriver according to the driverName that
	   is passed in.
	3) Call virPCIDeviceDetach with a NULL stubDriver, indicating it
	   should get the name of the stub driver from the virPCIDevice
	   object.

	hypervisor api: implement RPC calls for virNodeDeviceDetachFlags
	This requires a custom function for remoteNodeDeviceDetachFlags,
	because it is named *NodeDevice, but it goes through the hypervisor
	driver rather than nodedevice driver, and so it uses privateData
	instead of nodeDevicePrivateData. (It has to go through the hypervisor
	driver, because that is the driver that knows about the backend drivers
	that will perform the pci device assignment).

	hypervisor api: new virNodeDeviceDetachFlags
	The existing virNodeDeviceDettach() assumes that there is only a
	single PCI device assignment backend driver appropriate for any
	hypervisor. This is no longer true, as the qemu driver is getting
	support for PCI device assignment via VFIO. The new API
	virNodeDeviceDetachFlags adds a driverName arg that should be set to
	the exact same string set in a domain <hostdev>'s <driver name='x'/>
	element (i.e. "vfio", "kvm", or NULL for default). It also adds a
	flags arg for good measure (and because it's possible we may need it
	when we start dealing with VFIO's "device groups").

	qemu: bind/unbind stub driver according to config <driver name='x'/>
	If the config for a device has specified <driver name='vfio'/>,
	"backend" in the pci part of the hostdev object will be set to
	..._VFIO. In this case, when creating a virPCIDevice set the
	stubDriver to "vfio-pci", otherwise set it to "pci-stub". We will rely
	on the lower levels to report an error if the vfio driver isn't
	loaded.
	The detach/attach functions in virpci.c will pay attention to the
	stubDriver setting in the device, and bind/unbind the appropriate
	driver when preparing hostdevs for the domain.
	Note that we don't yet attempt to do anything to mark active any other
	devices in the same vfio "group" as a single device that is being
	marked active. We do need to do that, but in order to get basic VFIO
	functionality testing sooner rather than later, initially we'll just
	live with more cryptic errors when someone tries to do that.

	pci: keep a stubDriver in each virPCIDevice
	This can be set when the virPCIDevice is created and placed on a list,
	then used later when traversing the list to determine which stub
	driver to bind/unbind for managed devices.
	The existing Detach and Attach functions' signatures haven't been
	changed (they still accept a stub driver name in the arg list), but if
	the arg list has NULL for stub driver and one is available in the
	device's object, that will be used. (we may later deprecate and remove
	the arg from those functions).

	qemu: use vfio-pci on commandline when appropriate
	The device option for vfio-pci is nearly identical to that for
	pci-assign - only the configfd parameter isn't supported (or needed).
	Checking for presence of the bootindex parameter is done separately
	from constructing the commandline, similar to how it is done for
	pci-assign.
	This patch contains tests to check for proper commandline
	construction. It also includes tests for parser-formatter-parser
	roundtrips (xml2xml), because those tests use the same data files, and
	would have failed had they been included before now.
	qemu: xml/args tests for VFIO hostdev and <interface type='hostdev'/>
	These should be squashed in with the patch that adds commandline
	handling of vfio (they would fail at any earlier time).

	conf: formatter/parser/RNG/docs for hostdev <driver name='kvm|vfio'/>
	A domain's <interface> or <hostdev>, as well as a <network>'s
	<forward>, can now have an optional <driver name='kvm|vfio'/>
	element. As of this patch, there is no functionality behind this new
	knob - this patch adds support to the domain and network
	formatter/parser, and to the RNG and documentation.
	When the backend is added, legacy KVM PCI device assignment will
	continue to be used when no driver name is specified (or if <driver
	name='kvm'/> is specified), but if driver name is 'vfio', the new UEFI
	Secure Boot compatible VFIO device assignment will be used.
	Note that the parser doesn't automatically insert the current default
	value of this setting. This is done on purpose because the two
	possibilities are functionally equivalent from the guest's point of
	view, and we want to be able to automatically start using vfio as the
	default (even for existing domains) at some time in the future. This
	is similar to what was done with the "vhost" driver option in
	<interface>.

	conf: put hostdev pci address in a struct
	There will soon be other items related to pci hostdevs that need to be
	in the same part of the hostdevsubsys union as the pci address (which
	is currently a single member called "pci". This patch replaces the
	single member named pci with a struct named pci that contains a single
	member named "addr".

	qemu: detect vfio-pci device and its bootindex parameter
	QEMU_CAPS_DEVICE_VFIO_PCI is set if the device named "vfio-pci" is
	supported in the qemu binary.
	QEMU_CAPS_VFIO_PCI_BOOTINDEX is set if the vfio-pci device supports
	the "bootindex" parameter;  for some reason, the bootindex parameter
	wasn't included in early versions of vfio support (qemu 1.4) so we
	have to check for it separately from vfio itself.

2013-04-26  Eric Blake  <eblake@redhat.com>

	build: avoid unsafe functions in libgen.h
	POSIX says that both basename() and dirname() may return static
	storage (aka they need not be thread-safe); and that they may but
	not must modify their input argument.  Furthermore, <libgen.h>
	is not available on all platforms.  For these reasons, you should
	never use these functions in a multi-threaded library.
	Gnulib instead recommends a way to avoid the portability nightmare:
	gnulib's "dirname.h" provides useful thread-safe counterparts.  The
	obvious dir_name() and base_name() are GPL (because they malloc(),
	but call exit() on failure) so we can't use them; but the LGPL
	variants mdir_name() (malloc's or returns NULL) and last_component
	(always points into the incoming string without modifying it,
	differing from basename semantics only on corner cases like the
	empty string that we shouldn't be hitting in the first place) are
	already in use in libvirt.  This finishes the swap over to the safe
	functions.
	* cfg.mk (sc_prohibit_libgen): New rule.
	* src/util/vircgroup.c: Fix offenders.
	* src/parallels/parallels_storage.c (parallelsPoolAddByDomain):
	Likewise.
	* src/parallels/parallels_network.c (parallelsGetBridgedNetInfo):
	Likewise.
	* src/node_device/node_device_udev.c (udevProcessSCSIHost)
	(udevProcessSCSIDevice): Likewise.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskDeleteVol): Likewise.
	* src/util/virpci.c (virPCIGetDeviceAddressFromSysfsLink):
	Likewise.
	* src/util/virstoragefile.h (_virStorageFileMetadata): Avoid false
	positive.

2013-04-26  Christophe Fergeau  <cfergeau@redhat.com>

	Fix VIR_DOMAIN_EVENT_ID_PMSUSPEND capitalization in API doc
	It was written VIR_DOMAIN_EVENT_ID_PMSuspend

	Improve /domainsnapshot/disks/disk@snapshot doc
	The previous description was a bit confusing.

2013-04-26  Eric Blake  <eblake@redhat.com>

	qemu: fix build error with older platforms
	Jim Fehlig reported on IRC that older gcc/glibc triggers this warning:
	cc1: warnings being treated as errors
	qemu/qemu_domain.c: In function 'qemuDomainDefFormatBuf':
	qemu/qemu_domain.c:1297: error: declaration of 'remove' shadows a global declaration [-Wshadow]
	/usr/include/stdio.h:157: error: shadowed declaration is here [-Wshadow]
	make[3]: *** [libvirt_driver_qemu_impl_la-qemu_domain.lo] Error 1
	Fix it like we have done in the past (such as commit 2e6322a).
	* src/qemu/qemu_domain.c (qemuDomainDefFormatBuf): Avoid shadowing
	a function name.

2013-04-26  Ján Tomko  <jtomko@redhat.com>

	docs: fix memballoon examples
	Use a pair of 'memballoon' tags instead of single 'watchdog' one.
	Add a few missing colons.

2013-04-25  Ján Tomko  <jtomko@redhat.com>

	conf: reject controllers with duplicate indexes
	Reject multiple controllers with the same index,
	except for USB controllers.
	Multi-function USB controllers can have the same index.

	qemu: auto-add pci-root to 'pc-i440*' machines too
	Commit b33eb0d missed this machine type.

2013-04-25  Bamvor Jian Zhang  <bamv2005@gmail.com>

	fix typo introduced by 90430791

2013-04-25  Martin Kletzander  <mkletzan@redhat.com>

	Fix usb master startport parsing
	When all usb controllers connected to the same bus have <master
	startport='x'/> specified, none of them have 'id=usb' assigned and
	thus qemu fails due to invalid masterport specification (we use 'usb'
	for that purpose).  Adding a check that at least one of the
	controllers is specified without <master startport='x'/> and in case
	this happens, error out due to invalid configuration.

2013-04-25  Michal Privoznik  <mprivozn@redhat.com>

	qemu_command.c: Fix whitespacing within for()
	After 9d6e56db the syntax-check was unhappy due to wrong whitespacing:
	  src/qemu/qemu_command.c:1637: for ( ; a.slot < QEMU_PCI_ADDRESS_SLOT_LAST; a.slot++) {
	  maint.mk: incorrect whitespace around brackets, see HACKING for rules
	  make: *** [bracket-spacing-check] Error 1

	qemu_conf: Don't discard strdup OOM error
	After 78d7c3c5 we are strdup()-ing path to qemu-bridge-helper.
	However, the check for its return value is missing. So it is
	possible we've ignored the OOM error silently.

2013-04-25  Ján Tomko  <jtomko@redhat.com>

	qemu: auto-add bridges and allow using them
	Add a "dry run" address allocation to figure out how many bridges
	will be needed for all the devices without explicit addresses.
	Auto-add just enough bridges to put all the devices on, or up to the
	bridge with the largest specified index.

	qemu: auto-add pci-root controller for pc machine types
	<controller type='pci' index='0' model='pci-root'/>
	is auto-added to pc* machine types.
	Without this controller PCI bus 0 is not available and
	no PCI addresses are assigned by default.
	Since older libvirt supported PCI bus 0 even without
	this controller, it is removed from the XML when migrating.

2013-04-25  liguang  <lig.fnst@cn.fujitsu.com>

	qemu: build command line for pci-bridge device

2013-04-25  Ján Tomko  <jtomko@redhat.com>

	conf: add PCI controllers
	Add new controller type 'pci' with models 'pci-root' and 'pci-bridge'.

	qemu: call post-parse callbacks when parsing command line too
	Now we set the default disk driver name when parsing
	the qemu command line too, hence all the test changes.
	Assume format type is 'auto' when none is specified on
	qemu command line.

2013-04-25  Osier Yang  <jyang@redhat.com>

	qemu: Fix the indention
	Pushed under trivial rule.

2013-04-25  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	qemu: Add command line builder and parser for NVRAM.
	This patch is to add command line builder and parser
	for NVRAM device, and add test cases.

	Add NVRAM device
	For pSeries guest in QEMU, NVRAM is one kind of spapr-vio device.
	Users are allowed to specify spapr-vio devices'address.
	But NVRAM is not supported in libvirt. So this patch is to
	add NVRAM device to allow users to specify its address.
	In QEMU, NVRAM device's address is specified by
	 "-global spapr-nvram.reg=xxxxx".
	In libvirt, XML file is defined as the following:
	  <nvram>
	    <address type='spapr-vio' reg='0x3000'/>
	  </nvram>

2013-04-25  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildCommandLine: Don't overwrite errors with NWFilter's one
	Currently, if there has been an error in building command line
	process after virtual interfaces has been created, the flow jumps
	to 'error' label, where virDomainConfNWFilterTeardown() is
	called. This may report an error as well, but should not
	overwrite the original cause why we jumped to 'error' label.

2013-04-25  Peter Krempa  <pkrempa@redhat.com>

	doc: Clarify usage of SELinux baselabel
	State what fields are used when generating SELinux labels from a
	baselabel.

2013-04-25  Osier Yang  <jyang@redhat.com>

	Introduce a sub-element <driver> for controller
	Like what we did for "disk", "filesystem" and "interface", this
	introduces sub-element <driver> for "controller", and put the "queues"
	into it.

2013-04-25  Wido den Hollander  <wido@widodh.nl>

	qemu: Don't require a block or file when looking for an alias
	This for example prohibits you to use iotune for Ceph or Sheepdog devices.

2013-04-24  Osier Yang  <jyang@redhat.com>

	Change the tag name "num_queues" into "queues"
	Instead of making a choice between the underscore and camelCase, this
	simply changes "num_queues" into "queues", which is also consistent
	with Michal's multiple queue support for interface.

	util: Error out if the numa nodeset is out of range
	Instead of a silent warning, it's better to error out if the
	numa nodeset is out of range. Just like for numa node larger
	than NUMA_NUM_NODES.

2013-04-24  Peter Krempa  <pkrempa@redhat.com>

	selinux: Don't mask errors of virSecuritySELinuxGenNewContext
	Since cbe67ff9b0a5a94911afd4d12388bf182bcca86c
	virSecuritySELinuxGenNewContext reports good error messages. Fix callers
	that mask the errors by generic error message.

	qemu: Improve handling of channels when generating SPICE command line
	Improve error reporting and generating of SPICE command line arguments
	according to the need to enable TLS. If TLS is disabled, there's no need
	to pass the certificate dir to qemu.
	This patch resolves:
	https://bugzilla.redhat.com/show_bug.cgi?id=953126

	qemu: Do sensible auto allocation of SPICE port numbers
	With this patch, if the autoport attribute is used, the code will
	sensibly auto allocate the ports only if needed.

2013-04-24  Daniel P. Berrange  <berrange@redhat.com>

	Make driver method names consistent with public APIs
	Ensure that all drivers implementing public APIs use a
	naming convention for their implementation that matches
	the public API name.
	eg for the public API   virDomainCreate make sure QEMU
	uses qemuDomainCreate and not qemuDomainStart

	Dedicated name for sub-driver open/close methods
	It will simplify later work if the sub-drivers have dedicated
	APIs / field names. ie virNetworkDriver should have
	virDrvNetworkOpen and virDrvNetworkClose methods

	Rename 'DeviceMonitor' to 'NodeDeviceDriver'
	The driver.h struct for node devices used an inconsistent
	naming scheme 'DeviceMonitor' instead of the more usual
	'NodeDeviceDriver'. Fix this everywhere it has leaked
	out to.

	Sanitize whitespace in driver.h
	The driver.h file has no consistent indentation usage across
	all the typedefs. Attempts to vertically align struct field
	members have also been inconsistently applied. Sanitize the
	whitespace used for typedefs & remove all vertical alignment
	from structs

	Extend previous check to validate driver struct field names
	Ensure that the driver struct field names match the public
	API names. For an API virXXXX we must have a driver struct
	field xXXXX. ie strip the leading 'vir' and lowercase any
	leading uppercase letters.

	Ensure driver method names match public API names
	Ensure that the virDrvXXX method names exactly match
	the public APIs virYYY method names. ie XXX == YYY.
	Add a test case to prevent any regressions.

	Make naming of remote procedures match API names exactly
	A number of the remote procedure names did not match the
	corresponding API names. For example, many lacked the
	word 'CONNECT', others re-arranged the names. Update the
	procedures so their names exactly match the API names.
	Then remove the special case handling of these APIs in
	the generator

	Cleanup command line options in gendispatch.pl
	There are many declared options in gendispatch.pl that were
	no longer used. Those which were used were obscure '-b', '-k'
	and '-d'. Switch to use --mode={debug|client|server}.

2013-04-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: Split out SPICE port allocation into a separate function
	Later on this function will be used to do more sophisticated checks and
	determination if port allocation is needed.

	qemu: Use switch instead of ifs in qemuBuildGraphicsCommandLine
	Switch the function from a bunch of ifs to a switch statement with
	correct type and reflow some code.
	Also fix comment in enum describing possible graphics types

	qemu: Split out code to generate VNC command line
	Decrease size of qemuBuildGraphicsCommandLine() by splitting out
	spice-related code into qemuBuildGraphicsVNCCommandLine().
	This patch also fixes 2 possible memory leaks on error path in the code
	that was split-out. The buffer containing the already generated options
	and a listen address string could be leaked.
	Also break a few very long lines and reflow code that fits now.

	qemu: Split out code to generate SPICE command line
	Decrease size of qemuBuildGraphicsCommandLine() by splitting out
	spice-related code into qemuBuildGraphicsSPICECommandLine().
	This patch also fixes 2 possible memory leaks on error path in the code
	that was split-out. The buffer containing the already generated options
	and a listen address string could be leaked.
	Also break a few very long lines.

2013-04-24  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use -machine accel=tcg|kvm when available
	This is a better interface to choose accelerator than guessing whether
	we should enable or disable kvm to get the right one.

	qemu: Move -enable-kvm and friends earlier in the command line

2013-04-23  Daniel P. Berrange  <berrange@redhat.com>

	Switch to a more extensible annotation system for RPC protocols
	Currently the RPC protocol files can contain annotations after
	the protocol enum eg
	   REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_CHILDREN_NAMES = 247, /* autogen autogen priority:high */
	This is not very extensible as the number of annotations grows.
	Change it to use
	    /**
	     * @generate: both
	     * @priority: high
	     */
	   REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_CHILDREN_NAMES = 247,

2013-04-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix setting of memory tunables
	Refactoring done in 19c6ad9ac7e7eb2fd3c8262bff5f087b508ad07f didn't
	correctly take into account the order cgroup limit modification needs to
	be done in. This resulted into errors when decreasing the limits.
	The operations need to take place in this order:
	decrease hard limit
	change swap hard limit
	or
	change swap hard limit
	increase hard limit
	This patch also fixes the check if the hard_limit is less than
	swap_hard_limit to print better error messages. For this purpose I
	introduced a helper function virCompareLimitUlong to compare limit
	values where value of 0 is equal to unlimited. Additionally the check is
	now applied also when the user does not provide all of the tunables
	through the API and in that case the currently set values are used.
	This patch resolves:
	https://bugzilla.redhat.com/show_bug.cgi?id=950478

2013-04-23  Jiri Denemark  <jdenemar@redhat.com>

	logging: Make log regexp more compact (and readable)

	qemu: Ignore libvirt logs when reading QEMU error output
	When QEMU fails to start, libvirt read its error output and reports it
	back in an error message. However, when libvirtd is configured to log
	debug messages, one would get the following unhelpful garbage:
	    virsh # start cd
	    error: Failed to start domain cd
	    error: internal error process exited while connecting to monitor: \
	      2013-04-22 14:24:54.214+0000: 2194219: debug : virFileClose:72 : \
	      Closed fd 21
	    2013-04-22 14:24:54.214+0000: 2194219: debug : virFileClose:72 : \
	      Closed fd 27
	    2013-04-22 14:24:54.215+0000: 2194219: debug : virFileClose:72 : \
	      Closed fd 3
	    2013-04-22 14:24:54.215+0000: 2194220: debug : virExec:602 : Run \
	      hook 0x7feb8f600bf0 0x7feb86ef9300
	    2013-04-22 14:24:54.215+0000: 2194220: debug : qemuProcessHook:2507 \
	      : Obtaining domain lock
	    2013-04-22 14:24:54.216+0000: 2194220: debug : \
	      virDomainLockProcessStart:170 : plugin=0x7feb780261f0 \
	      dom=0x7feb7802a360 paused=1 fd=0x7feb86ef8ec4
	    2013-04-22 14:24:54.216+0000: 2194220: debug : \
	      virDomainLockManagerNew:128 : plugin=0x7feb780261f0 \
	      dom=0x7feb7802a360 withResources=1
	    2013-04-22 14:24:54.216+0000: 2194220: debug : \
	      virLockManagerPluginGetDriver:297 : plugin=0x7feb780261f0
	    2013-04-22 14:24:54.216+0000: 2194220: debug : \
	      virLockManagerNew:321 : driver=0x7feb8ef08640 type=0 nparams=5 \
	      params=0x7feb86ef8d60 flags=0
	    2013-04-22 14:24:54.216+000
	instead of (the output with this patch applied):
	    virsh # start cd
	    error: Reconnected to the hypervisor
	    error: Failed to start domain cd
	    error: internal error process exited while connecting to monitor: \
	      char device redirected to /dev/pts/33 (label charserial0)
	    qemu-system-x86_64: -drive file=/home/vm/systemrescuecd-x86-1.2.0.\
	      iso,if=none,id=drive-ide0-1-0,readonly=on,format=raw,cache=none: \
	      could not open disk image /home/vm/systemrescuecd-x86-1.2.0.iso: \
	      Permission denied

	qemu: Move QEMU log reading into a separate function

2013-04-23  Gene Czarcinski  <gene@czarc.net>

	update input ip processing
	1. Handle invalid ULong prefix specified.
	When parsing for @prefix as a ULong, a -2 can be returned
	if the specification is not a valid ULong.
	2.  Error out if address= is not specified.
	3.  Merge netmask process/tests under family tests.
	4. Max sure that prefix does not exceed maximum.
	.

	create virSocketAddrGetIpPrefix utility function
	Create the utility function virSocketAddrGetIpPrefix() to
	determine the prefix for this network.  The code in this
	function was adapted from virNetworkIpDefPrefix().
	Update virNetworkIpDefPrefix() in src/conf/network_conf.c
	to use the new utility function.

2013-04-23  Daniel P. Berrange  <berrange@redhat.com>

	Replace more cases of /system with /machine
	The change in commit aed4986322fe77bdf718e31a0587d00f04f3d97a
	was incomplete, missing a couple of cases of /system. This
	caused failure to start VMs.

2013-04-22  Harry Wei  <harryxiyou@gmail.com>

	sheepdog: Omit braces with a single-line body
	libvirt/HACKING suggests omitting braces with a
	single-line body; this patch fixes the coding style
	problem for the Sheepdog storage backend driver.

2013-04-22  Daniel P. Berrange  <berrange@redhat.com>

	Change default resource partition to /machine
	After discussions with systemd developers it was decided that
	a better default policy for resource partitions is to have
	3 default partitions at the top level
	   /system   - system services
	   /machine - virtual machines / containers
	   /user    - user login session
	This ensures that the default policy isolates guest from
	user login sessions & system services, so a mis-behaving
	guest can't consume 100% of CPU usage if other things are
	contending for it.
	Thus we change the default partition from /system to
	/machine

2013-04-22  Osier Yang  <jyang@redhat.com>

	qemu: Fix the wrong expression
	Wrong use of the parentheses causes "rc" always having a boolean value,
	either "1" or "0", and thus we can't get the detailed error message
	when it fails:
	Before (I only have 1 node):
	% virsh numatune f18 --nodeset 12
	error: Unable to change numa parameters
	error: unable to set numa tunable: Unknown error -1
	After:
	virsh numatune f18 --nodeset 12
	error: Unable to change numa parameters
	error: unable to set numa tunable: Invalid argument

2013-04-20  Eric Blake  <eblake@redhat.com>

	docs: fix usage of 'onto'
	http://www.uhv.edu/ac/newsletters/writing/grammartip2009.07.01.htm
	(and several other sites) give hints that 'onto' is best used if
	you can also add 'up' just before it and still make sense. In many
	cases in the code base, we really want the two-word form, or even
	a simplification to just 'on' or 'to'.
	* docs/hacking.html.in: Use correct 'on to'.
	* python/libvirt-override.c: Likewise.
	* src/lxc/lxc_controller.c: Likewise.
	* src/util/virpci.c: Likewise.
	* daemon/THREADS.txt: Use simpler 'on'.
	* docs/formatdomain.html.in: Better usage.
	* docs/internals/rpc.html.in: Likewise.
	* src/conf/domain_event.c: Likewise.
	* src/rpc/virnetclient.c: Likewise.
	* tests/qemumonitortestutils.c: Likewise.
	* HACKING: Regenerate.

	audit: properly encode device path in cgroup audit
	https://bugzilla.redhat.com/show_bug.cgi?id=922186
	Commit d04916fa introduced a regression in audit quality - even
	though the code was computing the proper escaped name for a
	path, it wasn't feeding that escaped name on to the audit message.
	As a result, /var/log/audit/audit.log would mention a pair of
	fields class=path path=/dev/hpet instead of the intended
	class=path path="/dev/hpet", which in turn caused ausearch to
	format the audit log with path=(null).
	* src/conf/domain_audit.c (virDomainAuditCgroupPath): Use
	constructed encoding.

2013-04-20  Ján Tomko  <jtomko@redhat.com>

	qemu: rename CheckSlot to SlotInUse
	Also change its return value from int to bool.

	qemu: switch PCI address set from hash table to an array
	Each bus is represented as an array of 32 8-bit integers
	where each bit represents a PCI function and each byte represents
	a PCI slot.
	Uses just one bus so far.

	conf: add model attribute to virDomainDefMaybeAddController

2013-04-19  Ján Tomko  <jtomko@redhat.com>

	qemu: move PCI address check out of qemuPCIAddressAsString
	Create a new function qemuPCIAddressValidate and call it everywhere
	the user might supply an incorrect address:
	* qemuCollectPCIAddress for domain definition
	* qemuDomainPCIAddressEnsureAddr and ReleaseSlot for hotplug
	Slot and function shouldn't be wrong at this point, since values
	out of range should be rejected by the XML parser.

	qemu: QEMU_PCI constant consistency
	Change QEMU_PCI_ADDRESS_LAST_SLOT to the number of slots in the bus,
	not the maximum slot value, to match QEMU_PCI_ADDRESS_LAST_FUNCTION
	and rename them both to have _LAST at the end.

	qemu: print PCI address hexadecimally in errors
	Use the same formatting as we do for XML in error and debug outputs.

	qemu: make qemuComparePCIDevice aware of multiple buses
	Bus and domain need to be checked as well, otherwise we might
	get false positives when searching for multi-function devices.

2013-04-19  Peter Krempa  <pkrempa@redhat.com>

	conf: Reword error message to be more universal
	The error message reported when attempting to change/get persistent
	configuration of a transient domain suggests that changes are being
	made. Reword it to suit getter APIs too.
	Before:
	$ virsh vcpucount transient-domain --config
	error: Requested operation is not valid: cannot change persistent config of a transient domain
	After:
	$ virsh vcpucount transient-domain --config
	error: Requested operation is not valid: transient domains do not have any persistent config

	network: bridge_driver: don't lose transient networks on daemon restart
	Until now tranisent networks weren't really useful as libvirtd wasn't
	able to remember them across restarts. This patch adds support for
	loading status files of transient networks (that already were generated)
	so that the status isn't lost.
	This patch chops up virNetworkObjUpdateParseFile and turns it into
	virNetworkLoadState and a few friends that will help us to load status
	XMLs and refactors the functions that are loading the configs to use
	them.

2013-04-19  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Rename PowerPCUpdate and PowerPCDataFree functions
	For consistency with other functions in PowerPC CPU driver, the two
	functions are renamed as ppcUpdate and ppcDataFree, respectively.

	cpu: Remove hardcoded list of PowerPC models
	The cpu_map.xml file is there to separate CPU model definitions from the
	code. Having the only interesting data for PowerPC models only in the
	source code. This patch moves this data to the XML file and removes the
	hardcoded list completely.

	cpu: Reimplement PowerPCDecode
	PowerPC CPUs are either identical or incompatible and thus we just need
	to look up the right model for given PVR without pretending we have
	several candidates which we may choose from.
	The function is also renamed as ppcDecode to match other functions in
	PowerPC CPU driver.

	cpu: Reimplement PowerPCBaseline
	Baseline API is supposed to return guest CPU definition that can be used
	on any of the provided host CPUs. Since PowerPC CPUs are either
	identical or incompatible, the API just needs to check that all provided
	CPUs are identical. Previous implementation was completely bogus.
	The function is also renamed as ppcBaseline to match other functions in
	PowerPC CPU driver.

	cpu: Fix loading PowerPC vendor from cpu_map.xml
	When ppcVendorLoad fails to parse the vendor element for whatever
	reason, it is supposed to ignore it and return 0 rather than -1. The
	patch also removes PowerPC vendor string from the XML as it is not
	actually used for anything.

	cpu: Fix PowerPCNodeData
	Make getting node CPU data for PowerPC unsupported on other
	architectures. The function is also renamed as ppcNodeData to match
	other functions in PowerPC CPU driver.

	cpu: Make comparing PowerPC CPUs easier to read
	Revert the condition to make it easier to read. The function is also
	renamed as ppcCompare to match other functions in PowerPC CPU driver.

	cpu: Introduce cpuModelIsAllowed internal API
	The API can be used to check if the model is on the supported models
	list, which needs to be done in several places.

2013-04-19  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Refactor cmdVcpucount and fix output on inactive domains
	This patch factors out the vCPU count retrieval including fallback means
	into vshCPUCountCollect() and removes the duplicated code to retrieve
	individual counts.
	The --current flag (this flag is assumed by default) now works also with
	--maximum or --active without the need to explicitly specify the state
	of the domain that is requested.
	This patch also fixes the output of "virsh vcpucount domain" on inactive
	domains:
	Before:
	$ virsh vcpucount domain
	maximum      config         4
	error: Requested operation is not valid: domain is not running
	current      config         4
	error: Requested operation is not valid: domain is not running
	After:
	$virsh vcpucount domain
	maximum      config         4
	current      config         4
	.. and for transient domains too:
	Before:
	$ virsh vcpucount transient-domain
	error: Requested operation is not valid: cannot change persistent config of a transient domain
	maximum      live           3
	error: Requested operation is not valid: cannot change persistent config of a transient domain
	current      live           1
	After:
	$ virsh vcpucount transient-domain
	maximum      live           3
	current      live           1

2013-04-19  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Set legacy USB option with default for ppc64.
	Currently, -device xxx still doesn't work well for ppc64 platform.
	It's better use legacy USB option with default for ppc64.

2013-04-19  Ján Tomko  <jtomko@redhat.com>

	qemu: fix default spice password setting
	Set spice password even if default VNC password hasn't been set.
	https://bugzilla.redhat.com/show_bug.cgi?id=953720

2013-04-19  Paolo Bonzini  <pbonzini@redhat.com>

	qemu_conf: add new configuration key bridge_helper

	util: allow using virCommandAllowCap with setuid helpers
	When running unprivileged, virSetUIDGIDWithCaps will fail because it
	tries to add the requested capabilities to the permitted and effective
	sets.
	Detect this case, and invoke the child with cleared permitted and
	effective sets.  If it is a setuid program, it will get them.
	Some care is needed also because you cannot drop capabilities from the
	bounding set without CAP_SETPCAP.  Because of that, ignore errors from
	setting the bounding set.

	util: simplify virSetUIDGIDWithCaps
	The need_prctl variable is not really needed.  If it is false,
	capng_apply will be called twice with the same set, causing
	a little extra work but no problem.  This keeps the code a bit
	simpler.
	It is also clearer to invoke capng_apply(CAPNG_SELECT_BOUNDS)
	separately, to make sure it is done while we have CAP_SETPCAP.

2013-04-18  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Report errors on invalid --holdtime value for cmdSendKey
	Using of a incorrect value for the --holdtime option was silently
	ignored and 0 was used. In case a negative number was used, it
	overflowed as the API expects a unsigned int.
	Fix the data type and getter function type and report errors on
	incorrect values.

	virsh-domain: Clean up cmdSendKey
	Rename the get_integer_keycode helper to vshKeyCodeGetInt and get rid of
	a unneeded typecast.

2013-04-18  Tal Kain  <tal.kain@ravellosystems.com>

	qemu: simplify use of virArchFromHost
	Reusing the result of virArchFromHost instead of calling it multiple times

2013-04-18  Laine Stump  <laine@laine.org>

	rng: tighten up domain <controller> schema
	The rng schema for <controller> had been non-specific about which
	types of controllers allowed which models, and also allowed the
	num_queues attribute (since that hasn't been released yet, should we
	rename it to "numQueues"?) and <master> subelement to be included for
	any controller type. In reality, half of the models are allowed only
	for type='scsi', and the other half only for type='usb', num_queues is
	allowed only for type='scsi', and <master> only for type='usb'.
	This patch makes a separate <group> for type='scsi' and type='usb',
	with each group allowing only the appropriate model values, and
	allowing num_queue and <master> only when appropriate.
	<interleave> also hadn't been specified, forcing a specific order of
	subelements, which should never be done. (Note that the <interleave>
	had to surround the main element attributes that are in the <group>
	subelements, due to one of the <group>s containing a subelement).

2013-04-18  Peter Krempa  <pkrempa@redhat.com>

	network: remove autostart flag from network when undefining it
	When turning a started persistent network into a transient one we forgot
	to remove the autostart flag that is no longer valid at that point.

2013-04-18  Osier Yang  <jyang@redhat.com>

	docs: Update HACKING
	To tell libvirt-{qemu,lxc}.h shouldn't be included either.

	syntax-check: Only allows to include public headers in external tools
	With this patch, include public headers in "" form is only allowed
	for "internal.h". And only the external tools (examples|tools|python
	|include/libvirt) can include the public headers in <> form.

	syntax-check: Don't include public headers in internal source
	Directories python/tools/examples should include them in <> form,
	though this patch allows "" form in these directories by excluding
	them, a later patch will do the cleanup.

	syntax-check: Don't include duplicate header
	gnulib is excluded.

2013-04-18  Ján Tomko  <jtomko@redhat.com>

	conf: fix comment about parsing graphics listen address

2013-04-17  Osier Yang  <jyang@redhat.com>

	remote: Revert removing "libvirt/libvirt.h" in remote_protocol.x
	Commit 2d25fd4f410f removed the including of "libvirt/libvirt.h",
	which breaks the build. Pushed under build-breaker rule.

	qemu: Allow the disk wwn to have "0x" prefix
	The recent qemu requires "0x" prefix for the disk wwn, this patch
	changes virValidateWWN to allow the prefix, and prepend "0x" if
	it's not specified. E.g.
	qemu-kvm: -device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,\
	drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,wwn=6000c60016ea71ad:
	Property 'scsi-hd.wwn' doesn't take value '6000c60016ea71ad'
	Though it's a qemu regression, but it's nice to allow the prefix,
	and doesn't hurt for us to always output "0x".

	cleanup: Don't include libvirt/virterror.h
	Which is already included in "internal.h", later patch will add
	syntax-check to avoid it.

	cleanup: Don't include libvirt/libvirt.h
	Which is already included by "internal.h", later patch will add
	syntax-check to avoid it.

	cleanup: Remove the duplicate header
	Detected by a simple Shell script:
	for i in $(git ls-files -- '*.[ch]'); do
	    awk 'BEGIN {
	        fail=0
	    }
	    /# *include.*\.h/{
	        match($0, /["<][^">]*[">]/)
	        arr[substr($0, RSTART+1, RLENGTH-2)]++
	    }
	    END {
	        for (key in arr) {
	            if (arr[key] > 1) {
	                fail=1
	                printf("%d %s\n", arr[key], key)
	            }
	        }
	        if (fail == 1)
	            exit 1
	    }' $i
	    if test $? != 0; then
	        echo "Duplicate header(s) in $i"
	    fi
	done;
	A later patch will add the syntax-check to avoid duplicate
	headers.

	cleanup: Only include testutils.h once
	No reason to include it in both "if" and "else" branches.

2013-04-16  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Fix compilation error in util/vircgroup.c
	Fix the error
	util/vircgroup.c: In function 'virCgroupNewDomainPartition':
	util/vircgroup.c:1299:11: error: declaration of 'dirname' shadows a global declaration [-Werror=shadow]

2013-04-16  John Ferlan  <jferlan@redhat.com>

	Fix build breaker with ATTRIBUTE_NONNULL defs
	Using "./autogen.sh --system lv_cv_static_analysis=yes" for my daily
	Coverity builds resulted in the following error when building:
	In file included from util/vircgrouppriv.h:32:0,
	                 from util/vircgroup.c:44:
	util/vircgroup.h:59:5: error: nonnull argument with out-of-range operand number (argument 1, operand 5)
	util/vircgroup.h:74:5: error: nonnull argument references non-pointer operand (argument 1, operand 4)
	make[3]: *** [libvirt_util_la-vircgroup.lo] Error 1
	make[3]: Leaving directory `/home/jferlan/libvirt.cov.curr/src'
	make[2]: *** [all] Error 2
	make[2]: Leaving directory `/home/jferlan/libvirt.cov.curr/src'
	make[1]: *** [all-recursive] Error 1
	make[1]: Leaving directory `/home/jferlan/libvirt.cov.curr'
	make: *** [all] Error 2

	Resolve valgrind error
	Commit id '1acfc171' resulted in the following valgrind failure:
	==25317== 136 (24 direct, 112 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 4
	==25317==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
	==25317==    by 0x4C6F851: virAlloc (viralloc.c:124)
	==25317==    by 0x4C71493: virBitmapNew (virbitmap.c:74)
	==25317==    by 0x4C71B79: virBitmapNewData (virbitmap.c:434)
	==25317==    by 0x402EF2: test8 (virbitmaptest.c:436)
	==25317==    by 0x40499F: virtTestRun (testutils.c:157)
	==25317==    by 0x402E8D: mymain (virbitmaptest.c:474)
	==25317==    by 0x404FDA: virtTestMain (testutils.c:719)
	==25317==    by 0x39D0821A04: (below main) (in /usr/lib64/libc-2.16.so)

2013-04-16  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Check for unsupported QMP command
	Check for an unsupported QMP command when using the query-tpm-models
	and query-tpm-types commands before checking for general errors
	in order to avoid error messages in the log.

	Revert checking for QMP query-tpm-models
	Revert the patch checking for the QMP query-tpm-models
	command.

2013-04-16  Peter Krempa  <pkrempa@redhat.com>

	qemu_agent: Add support for appending arrays to commands
	Add support for array elements for agent commands just like 64d5e815 did for
	monitor commands

	lib: Fix docs about return value of virDomainGetVcpusFlags()
	The return value description stated that 0 is returned in case of success
	instead of the count of vCPUs.

2013-04-16  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Check for QMP query-tpm-models
	Check for QMP query-tpm-models and set a capability flag. Do not use
	this QMP command if it is not supported.

2013-04-16  Daniel P. Berrange  <berrange@redhat.com>

	Add support for perf_event and net_cls cgroup controllers

	Replace LXC cgroup mount code with call to virCgroupIsolateMount
	The LXC driver currently has code to detect cgroups mounts
	and then re-mount them inside the new root filesystem. Replace
	this fragile code with a call to virCgroupIsolateMount.

	Add an API for re-mounting cgroups, to isolate the process location
	Add a virCgroupIsolateMount method which looks at where the
	current process is place in the cgroups (eg /system/demo.lxc.libvirt)
	and then remounts the cgroups such that this sub-directory
	becomes the root directory from the current process' POV.

	Track symlinks for co-mounted cgroup controllers
	If a cgroup controller is co-mounted with another, eg
	   /sys/fs/cgroup/cpu,cpuacct
	Then it is a requirement that there exist symlinks at
	   /sys/fs/cgroup/cpu
	   /sys/fs/cgroup/cpuacct
	pointing to the real mount point. Add support to virCgroupPtr
	to detect and track these symlinks

	Remove non-functional code for setting up non-root cgroups
	The virCgroupNewDriver method had a 'bool privileged' param.
	If a false value was ever passed in, it would simply not
	work, since non-root users don't have any privileges to create
	new cgroups. Just delete this broken code entirely and make
	the QEMU driver skip cgroup setup in non-privileged mode

	Change default cgroup layout for QEMU/LXC and honour XML config
	Historically QEMU/LXC guests have been placed in a cgroup layout
	that is
	   $LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME
	This is bad for a number of reasons
	 - The cgroup hierarchy gets very deep which seriously
	   impacts kernel performance due to cgroups scalability
	   limitations.
	 - It is hard to setup cgroup policies which apply across
	   services and virtual machines, since all VMs are underneath
	   the libvirtd service.
	To address this the default cgroup location is changed to
	be
	    /system/$VMNAME.{lxc,qemu}.libvirt
	This puts virtual machines at the same level in the hierarchy
	as system services, allowing consistent policy to be setup
	across all of them.
	This also honours the new resource partition location from the
	XML configuration, for example
	  <resource>
	    <partition>/virtualmachines/production</partitions>
	  </resource>
	will result in the VM being placed at
	    /virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt
	NB, with the exception of the default, /system, path which
	is intended to always exist, libvirt will not attempt to
	auto-create the partitions in the XML. It is the responsibility
	of the admin/app to configure the partitions. Later libvirt
	APIs will provide a way todo this.

	Add XML config for resource partitions
	Allow VMs to be placed into resource groups using the
	following syntax
	  <resource>
	    <partition>/virtualmachines/production</partition>
	  </resource>
	A resource cgroup will be backed by some hypervisor specific
	functionality, such as cgroups with KVM/LXC.

	Add a new virCgroupNewPartition for setting up resource partitions
	A resource partition is an absolute cgroup path, ignoring the
	current process placement. Expose a virCgroupNewPartition API
	for constructing such cgroups

	Cleanup if creating cgroup directories fails
	Currently if virCgroupMakeGroup fails, we can get in a situation
	where some controllers have been setup, but others not. Ensure
	we call virCgroupRemove to remove what we've done upon failure

	Add misc extra debugging into cgroups code

	Refactor cgroups internal data structures
	Currently the virCgroupPtr struct contains 3 pieces of
	information
	 - path - path of the cgroup, relative to current process'
	   cgroup placement
	 - placement - current process' placement in each controller
	 - mounts - mount point of each controller
	When reading/writing cgroup settings, the path & placement
	strings are combined to form the file path. This approach
	only works if we assume all cgroups will be relative to
	the current process' cgroup placement.
	To allow support for managing cgroups at any place in the
	heirarchy a change is needed. The 'placement' data should
	reflect the absolute path to the cgroup, and the 'path'
	value should no longer be used to form the paths to the
	cgroup attribute files.

	Add a test suite for cgroups functionality
	Some aspects of the cgroups setup / detection code are quite subtle
	and easy to break. It would greatly benefit from unit testing, but
	this is difficult because the test suite won't have privileges to
	play around with cgroups. The solution is to use monkey patching
	via LD_PRELOAD to override the fopen, open, mkdir, access functions
	to redirect access of cgroups files to some magic stubs in the
	test suite.
	Using this we provide custom content for the /proc/cgroup and
	/proc/self/mounts files which report a fixed cgroup setup. We
	then override open/mkdir/access so that access to the cgroups
	filesystem gets redirected into files in a temporary directory
	tree in the test suite build dir.

	Rename virCgroupForXXX to virCgroupNewXXX
	Rename all the virCgroupForXXX methods to use the form
	virCgroupNewXXX since they are all constructors. Also
	make sure the output parameter is the last one in the
	list, and annotate all pointers as non-null. Fix up
	all callers, and make sure they use true/false not 0/1
	for the boolean parameters

	Pull definition of structs out of vircgroup.c to vircgrouppriv.h
	The definition of structs for cgroups are kept in vircgroup.c since
	they are intended to be private from users of the API. To enable
	effective testing, however, they need to be accessible. To address
	the latter issue, without compronmising the former, this introduces
	a new vircgrouppriv.h file to hold the struct definitions.
	To prevent other files including this private header, it requires
	that __VIR_CGROUP_ALLOW_INCLUDE_PRIV_H__ be defined before inclusion

	Store a virCgroupPtr instance in virLXCDomainObjPrivatePtr
	Instead of calling virCgroupForDomain every time we need
	the virCgrouPtr instance, just do it once at Vm startup
	and cache a reference to the object in virLXCDomainObjPrivatePtr
	until shutdown of the VM. Removing the virCgroupPtr from
	the LXC driver state also means we don't have stale mount
	info, if someone mounts the cgroups filesystem after libvirtd
	has been started

	Store a virCgroupPtr instance in qemuDomainObjPrivatePtr
	Instead of calling virCgroupForDomain every time we need
	the virCgrouPtr instance, just do it once at Vm startup
	and cache a reference to the object in qemuDomainObjPrivatePtr
	until shutdown of the VM. Removing the virCgroupPtr from
	the QEMU driver state also means we don't have stale mount
	info, if someone mounts the cgroups filesystem after libvirtd
	has been started

	Add missing param to virCgroupForDriver stub
	The virCgroupForDriver method recently gained an 'int controllers'
	parameter, but the stub impl did not

	Introduce a virFileDeleteTree method
	Introduce a method virFileDeleteTree for recursively deleting
	an entire directory tree

	Conditionally compile storagevolxml2argvtest
	Only compile storagevolxml2argvtest if WITH_STORAGE is
	set, because it links to that driver

	Conditionalize use of symlink() function in test suite
	On Win32 symlink() is not available, so virstoragetest.c
	must be conditionalized to avoid compile failures.

	Fix signature of dummy virNetlinkCommand stub
	The second param of virNetlinkCommand should be
	struct nlmsghdr, not unsigned char.

	Add empty stub for virThreadCancel on Win32
	Win32 does not like undefined symbols, so define an
	empty virThreadCancel impl.

	Don't enable -fPIE on Win32 platforms
	On win32, all code is position independent and adding -fPIE
	to the compiler flags results in warnings being printed

2013-04-16  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Upstream gnulib determined that we were needlessly compiling in
	gnulib's regex instead of glibc's when targetting new-enough glibc,
	because the m4 test was being too strict in requiring a particular
	answer to undefined behavior.
	https://lists.gnu.org/archive/html/bug-gnulib/2013-04/msg00032.html
	* .gnulib: Update to latest, for regex.

2013-04-15  Osier Yang  <jyang@redhat.com>

	Use unsigned int instead of unsigned
	Though they are the same thing, mixed use of them is uncomfortable.
	"unsigned" is used a lot in old codes, this just tries to change the
	ones in utils.

2013-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Do more complete initialization of libgcrypt
	If libvirt makes any gcry_control() calls, then this
	prevents gnutls for doing any initialization. As such
	we must take care to do full initialization of libcrypt
	on a par with what gnutls would have done. In particular
	we must disable "sec mem" for cases where the user does
	not have mlock() permission. We also skip our init of
	libgcrypt if something else (ie the app using libvirt)
	has beaten us to it.
	https://bugzilla.redhat.com/show_bug.cgi?id=951630

2013-04-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: Report also domain name in error message when domain object wasn't found
	Report the errors as:
	Domain not found: no domain with matching uuid '41414141-4141-4141-4141-414141414141' (crashtest)
	instead of:
	Domain not found: no domain with matching uuid '41414141-4141-4141-4141-414141414141'

	qemu: Refactor lookup of domain object
	Use the helper to lookup the domain object in the remaining places.
	This patch also fixes error reporting when the domain was not found in several
	functions that were printing the raw UUID buffer instead of the formatted
	string. The offending functions were:
	qemuDomainGetInterfaceParameters
	qemuDomainSetInterfaceParameters
	qemuGetSchedulerParametersFlags
	qemuSetSchedulerParametersFlags
	qemuDomainGetNumaParameters
	qemuDomainSetNumaParameters
	qemuDomainGetMemoryParameters
	qemuDomainSetMemoryParameters
	qemuDomainGetBlkioParameters
	qemuDomainSetBlkioParameters
	qemuDomainGetCPUStats

2013-04-13  Osier Yang  <jyang@redhat.com>

	storage: Fix the indention
	Pushed under trivial rule

	cleanup: Change datatype of net->stp to boolean

	cleanup: Change datatype of usbdev->allow to boolean

	cleanup: Change datatype of graphic's members to boolean

	cleanup: Change datatype of accel's members to boolean

2013-04-13  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add test case for TPM passthrough
	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

	TPM support for QEMU command line
	For TPM passthrough device support create command line parameters like:
	-tpmdev passthrough,id=tpm-tpm0,path=/dev/tpm0,cancel-path=/sys/class/misc/tpm0/device/cancel -device tpm-tis,tpmdev=tpm-tpm0,id=tpm0
	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

	QEMU Cgroup support for TPM passthrough
	Some refactoring for virDomainChrSourceDef type of devices so
	we can use common code.
	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

	Audit the starting of a guest using TPM passthrough
	When a VM with a TPM passthrough device is started, the audit daemon
	logs the following type of message:
	type=VIRT_RESOURCE msg=audit(1365170222.460:3378): pid=16382 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm resrc=dev reason=start vm="TPM-PT" uuid=a4d7cd22-da89-3094-6212-079a48a309a1 device="/dev/tpm0" exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=success'
	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

	Add SELinux and DAC labeling support for TPM passthrough
	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

	Convert QMP strings into QEMU capability bits
	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

	Parse TPM passthrough XML in the domain XML
	Parse the domain XML with TPM passthrough support.
	The TPM passthrough XML may look like this:
	    <tpm model='tpm-tis'>
	      <backend type='passthrough'>
	        <device path='/dev/tpm0'/>
	      </backend>
	    </tpm>
	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

	Helper functions for host TPM support
	Implement helper function to create the TPM's sysfs cancel file.
	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

	Add documentation and schema for TPM passthrough
	Supported TPM passthrough XML may look as follows:
	    <tpm model='tpm-tis'>
	      <backend type='passthrough'>
	        <device path='/dev/tpm0'/>
	      </backend>
	    </tpm>
	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

	Add function to find a needle in a string array
	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

	Add QMP probing for TPM
	Probe for QEMU's QMP TPM support by querying the lists of
	supported TPM models (query-tpm-models) and backend types
	(query-tpm-types).
	The setting of the capability flags following the strings
	returned from the commands above is only provided in the
	patch where domain_conf.c gets TPM support due to dependencies
	on functions only introduced there.
	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

2013-04-12  Peter Krempa  <pkrempa@redhat.com>

	conf: Allow for non-contiguous device boot orders
	This patch adds the ability to configure non-contiguous boot orders on boot
	devices. This allows unplugging devices that have boot order specified without
	breaking migration.
	The new code now uses a slightly less memory efficient approach to store the
	boot order fields in a hashtable instead of a bitmap.

2013-04-12  Daniel P. Berrange  <berrange@redhat.com>

	Tweak EOF handling of streams
	Typically when you get EOF on a stream, poll will return
	POLLIN|POLLHUP at the same time. Thus when we deal with
	stream reads, if we see EOF during the read, we can then
	clear the VIR_STREAM_EVENT_HANGUP & VIR_STREAM_EVENT_ERROR
	event bits.

2013-04-12  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Add USB option capability
	To avoid the collision for creating USB controllers in machine->init()
	and -device xx command line, it needs to set usb=off to avoid one USB
	controller created in machine->init(). So that libvirt can use -device
	or -usb to create USB controller sucessfully.
	So QEMU_CAPS_MACHINE_USB_OPT capability is added, and it is for QEMU
	v1.3.0 onwards which supports USB option.

2013-04-12  John Ferlan  <jferlan@redhat.com>

	Add error handling to optional arguments in cmdCPUStats

	Remove extraneous comma in info_cpu_stats and opts_cpu_stats

2013-04-12  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Do not report unsafe migration for local files
	When migrating a domain with disk images stored locally (and using
	storage migration), we should not complain about unsafe migration no
	matter what cache policy is used for that disk.

2013-04-11  Peter Krempa  <pkrempa@redhat.com>

	virsh: Document that using incomplete XML files may have unexpected results
	Explicitly state that using incomplete XML definition snippets for hot-management
	commands may have unexpected results due to autogenerating values for some of
	the fields if they aren't specified explicitly.

	qemu: Try to use QMP for send-key if supported
	Instead of always using HMP use the QMP send-key command introduced in qemu 1.3.

2013-04-11  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Update list of shutdown/reboot modes
	As of 76d9f65644 we are supporting two new modes: initctl and signal.
	However, these are missing in help listing.

	qemu: Set correct migrate host in client_migrate_info
	https://bugzilla.redhat.com/show_bug.cgi?id=920441
	Currently, we are discarding listen attribute from qemu cookie even though
	we strive to gather it. This result in not so cool bug: if user have
	different networks, one for management/migration, and one for VNC/SPICE we
	pass incorrect host to the qemu in client_migrate_info. What we actually
	pass is remote hostname, while we should be passing remote listen address.
	It doesn't matter as long as these two are the same, but they don't need
	necessary to be like that.

2013-04-11  Ján Tomko  <jtomko@redhat.com>

	qemu: fix crash in qemuOpen
	If the path part of connection URI is not present, cfg is used
	unitialized.
	https://bugzilla.redhat.com/show_bug.cgi?id=950855

	conf: fix error for parallel port mismatch

2013-04-11  Osier Yang  <jyang@redhat.com>

	cleanup: Change datatype of secret->private to boolean

	cleanup: Change datatype of secret->ephemeral to boolean

	cleanup: Change datatype of fs->readonly to boolean

	cleanup: Change datatype of disk->readonly to boolean

	cleanup: Change datatype of disk->transient to boolean

	cleanup: Change datatype of disk->shared to boolean

	cleanup: Change datatype of auth->expires to boolean

	cleanup: Change datatype of hostdev->missing to boolean

	Cleanup: Change datatype of origstate's members to boolean
	Members of struct virPCIDevice are changed together.

	Cleanup: Change datatype of hostdev->managed to boolean

2013-04-11  Guannan Ren  <gren@redhat.com>

	conf: fix a memory leak when parsing nat port XML nodes
	 ==5306== 8 bytes in 1 blocks are definitely lost in loss record 24 of 277
	 ==5306==    at 0x4C28B2F: calloc (vg_replace_malloc.c:593)
	 ==5306==    by 0x5293CAF: virAllocN (viralloc.c:152)
	 ==5306==    by 0x52DFEAE: virXPathNodeSet (virxml.c:611)
	 ==5306==    by 0x5313DD9: virNetworkDefParseXML (network_conf.c:1408)
	 ==5306==    by 0x53170F6: virNetworkObjUpdateParseFile (network_conf.c:2031)
	 ==5306==    by 0x131DA63C: networkStartup (bridge_driver.c:279)
	 ==5306==    by 0x53481DF: virStateInitialize (libvirt.c:822)
	 ==5306==    by 0x40DF44: daemonRunStateInit (libvirtd.c:877)
	 ==5306==    by 0x52D2FF5: virThreadHelper (virthreadpthread.c:161)
	 ==5306==    by 0x5D00C52: start_thread (in /usr/lib64/libpthread-2.17.so)
	 ==5306==    by 0x6410ECC: clone (in /usr/lib64/libc-2.17.so)

2013-04-10  Peter Krempa  <pkrempa@redhat.com>

	conf: Fix race between looking up a domain object and freeing it
	This patch fixes crash of the daemon that happens due to the following race
	condition:
	Let's have two threads in the libvirtd daemon's qemu driver:
	A - thread executing undefine on the same domain
	B - thread executing a API call to get information about a domain
	Assume following serialization of operations done by the threads:
	1) A has the lock on the domain object and is executing some code prior to
	   virDomainObjListRemove()
	2) B takes the lock on the domain object list, looks up the domain object
	pointer and blocks in the attempt to lock the domain object as A is holding the
	lock
	3) A reaches virDomainObjListRemove() and unlocks the lock on the domain object
	4) A blocks on the attempt to get the domain list lock
	5) B is able to lock the domain object now and unlocks the domain list
	6) A is now able to lock the domain list, and sheds the last reference on the
	domain object, this triggers the freeing function.
	6) B starts executing the code on the pointer that is being freed
	7) The libvirtd daemon crashes while attempting to access invalid pointer in
	thread B.
	This patch fixes the race by acquiring a reference on the domain object before
	unlocking it in virDomainObjListRemove() and re-locks the object prior to
	removing and freeing it. This ensures that no thread holds a lock on the domain
	object at the time it is removed from the list, and that doing a list lookup
	will never find a domain that is about to vanish.
	This is a minimal fix of the problem, but a better solution will be to switch to
	full reference counting for domain objects.

2013-04-10  Eric Blake  <eblake@redhat.com>

	docs: fix typo when using Kerberos principals
	Kerberos uses 'primary' or 'key' files (principals), not 'abstract
	ideal' or 'rule' files (principles).  Reported by Jason Meinzer.
	Reflow a paragraph to fit in 80 columns in the process.
	* docs/auth.html.in: Fix spelling.

	maint: update to latest gnulib
	While this update doesn't address any reported problems in libvirt,
	doing a post-release update to latest gnulib makes it easier to
	stay in sync with best upstream practices.
	* .gnulib: Update to latest.
	* bootstrap: Resynchronize.

2013-04-10  Laine Stump  <laine@laine.org>

	Fix crash in virNetDevGetVirtualFunctions
	Commit 9a3ff01d7f16cc280ce3176620c0714f55511a65 (which was ACKed at
	the end of January, but for some reason didn't get pushed until during
	the 1.0.4 freeze) fixed the logic in virPCIGetVirtualFunctions().
	Unfortunately, a typo in the fix (replacing VIR_REALLOC_N with
	VIR_ALLOC_N during code movement) caused not only a memory leak, but
	also resulted in most of the elements of the result array being
	replaced with NULL. virNetDevGetVirtualFunctions() assumed (and I think
	rightly so) that virPCIGetVirtualFunctions() wouldn't return any NULL
	elements in the array, so it ended up segfaulting.
	This was found when attempting to use a virtual network with an
	auto-created pool of SRIOV VFs, e.g.:
	    <forward mode='hostdev' managed='yes'>
	      <pf dev='eth4'/>
	    </forward>
	(the pool of PCI addresses is discovered by calling
	virNetDevGetVirtualFunctions() on the PF dev).

2013-04-09  Ján Tomko  <jtomko@redhat.com>

	docs: use MiB/s instead of Mbps for migration speed
	https://bugzilla.redhat.com/show_bug.cgi?id=948821

2013-04-09  Han Cheng  <hanc.fnst@cn.fujitsu.com>

	schemas: Move PortNumber and sourceinfoadapter to basictypes.rng
	The definiton of scsi adapter in storagespool.rng (sourceinfoadapter)
	can be used by scsi hostdev in later patch. Move it to basictypes.rng.
	PortNumber is defined in both domaincommon.rng and storagespool.rng,
	simplify it by moving it to basictypes.rng.

2013-04-09  Osier Yang  <jyang@redhat.com>

	docs: Add the missed <pre> tag

2013-04-09  Han Cheng  <hanc.fnst@cn.fujitsu.com>

	conf: Change help function
	The helper function to look up disk controller model may be used by scsi
	hostdev. But it should be changed to use device info.

2013-04-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Remove now obsolete assignment of default network card model for s390 hosts
	This effectively reverts commit 539d73dbf64cb35558ffd3992f82e0b482cd0e70 as the
	changes aren't needed after introduction of the XML post parse callbacks.

	qemu: Clean up network device CLI generator
	With the default model assigned in the parse callback, this code is now obsolete.

2013-04-09  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Use correct default model on s390
	Commit a68d6726679323823ee5be47f0144e9ccffa0757 breaks networking on s390 as it
	changes the default network card model.

2013-04-09  Alex Jia  <ajia@redhat.com>

	sanlock: add missing test command in virt-sanlock-cleanup.in
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=949483

2013-04-09  Milos Vyletel  <milos.vyletel@sde.cz>

	Generate RFC4122 compliant UUIDs
	Even though http://libvirt.org/formatdomain.html#elementsMetadata
	states that it requires RFC4122 compliance UUIDs that are generated
	by virUUIDGenerate() are not. Following patch modifies generated
	UUIDs to conform to rules described in RFC.

2013-04-09  Daniel P. Berrange  <berrange@redhat.com>

	Unmount existing filesystems under user specified mounts in LXC
	If the user requests a mount for /run, this may hide any existing
	mounts that are lower down in /run. The result is that the
	container still sees the mounts in /proc/mounts, but cannot
	access them
	sh-4.2# df
	df: '/run/user/501/gvfs': No such file or directory
	df: '/run/media/berrange/LIVE': No such file or directory
	df: '/run/media/berrange/SecureDiskA1': No such file or directory
	df: '/run/libvirt/lxc/sandbox': No such file or directory
	Filesystem                      1K-blocks      Used Available Use% Mounted on
	/dev/mapper/vg_t500wlan-lv_root 151476396 135390200   8384900  95% /
	tmpfs                             1970888      3204   1967684   1% /run
	/dev/sda1                          194241    155940     28061  85% /boot
	devfs                                  64         0        64   0% /dev
	tmpfs                                  64         0        64   0% /sys/fs/cgroup
	tmpfs                             1970888      1200   1969688   1% /etc/libvirt-sandbox/scratch
	Before mounting any filesystem at a particular location, we
	must recursively unmount anything at or below the target mount
	point

	Move lxcContainerUnmountSubtree further up in file
	Ensure lxcContainerUnmountSubtree is at the top of the
	lxc_container.c file so it is easily referenced from
	any other method. No functional change

2013-04-09  Bogdan Purcareata  <bogdan.purcareata@freescale.com>

	Implement support for <hostdev caps=net>
	This allows a container-type domain to have exclusive access to one of
	the host's NICs.
	Wire <hostdev caps=net> with the lxc_controller - when moving the newly
	created veth devices into a new namespace, also look for any hostdev
	devices that should be moved. Note: once the container domain has been
	destroyed, there is no code that moves the interfaces back to the
	original namespace. This does happen, though, probably due to default
	cleanup on namespace destruction.

	Update structure & XML definitions to support <hostdev caps=net>
	This updates the definitions and supporting structures in the XML
	schema and domain configuration files.

2013-04-08  Jiri Denemark  <jdenemar@redhat.com>

	spec: Require pod2man when running autoreconf
	Since commit b8a32e0e94d75702714167539310f0df4d268e0f, all man pages
	depend on configure.ac so that they are properly regenerated whenever
	libvirt version changes. Thus libvirt.spec needs to have a build
	dependency on pod2man when %{enable_autotools} is set.

2013-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Rename virCgroupMounted to virCgroupHasController & make it more robust
	The virCgroupMounted method is badly named, since a controller can be
	mounted, but disabled in the current object. Rename the method to be
	virCgroupHasController. Also make it tolerant to a  NULL virCgroupPtr
	and out-of-range controller index, to avoid duplication of these
	checks in all callers

2013-04-08  Osier Yang  <jyang@redhat.com>

	qemu: Allow volume type disk for device 'lun'
	This allows one use block type volume as the disk source for device
	'lun'.

	qemu: Support sgio setting for volume type disk

	qemu: Support shareable volume type disk
	Since the source is already translated before. This just adds the
	checking. Move !disk->shared and !disk->src to improve the performance
	a bit.

	qemu: Translate the pool disk source earlier
	To support "shareable" for volume type disk, we have to translate
	the source before trying to add the shared disk entry. To achieve
	the goal, this moves the helper qemuTranslateDiskSourcePool into
	src/qemu/qemu_conf.c, and introduce an internal only member (voltype)
	for struct _virDomainDiskSourcePoolDef, to record the underlying
	volume type for use when building the drive string.
	Later patch will support "shareable" volume type disk.

	Support seclabels for volume type disk
	"seclabels" is only valid for 'file' or 'block' type storage volume.

	Support startupPolicy for 'volume' disk
	"startupPolicy" is only valid for file type storage volume, otherwise
	it fails on starting the domain.

	qemu: Translate the pool disk source when building drive string
	This adds a new helper qemuTranslateDiskSourcePool which uses the
	storage pool/vol APIs to translate the disk source before building
	the drive string. Network volume is not supported yet. Disk chain
	for volume type disk may be supported later, but before I'm confident
	it doesn't break anything, it's just disabled now.

	Introduce new XMLs to specify disk source using libvirt storage
	With this patch, one can specify the disk source using libvirt
	storage like:
	  <disk type='volume' device='disk'>
	    <driver name='qemu' type='raw' cache='none'/>
	    <source pool='default' volume='fc18.img'/>
	    <target dev='vdb' bus='virtio'/>
	  </disk>
	"seclabels" and "startupPolicy" are not supported for this new
	disk type ("volume"). They will be supported in later patches.
	docs/formatdomain.html.in:
	  * Add documents for new XMLs
	docs/schemas/domaincommon.rng:
	  * Add rng for new XMLs;
	src/conf/domain_conf.h:
	  * New struct for 'volume' type disk source (virDomainDiskSourcePoolDef)
	  * Add VIR_DOMAIN_DISK_TYPE_VOLUME for enum virDomainDiskType
	src/conf/domain_conf.c:
	  * New helper virDomainDiskSourcePoolDefParse to parse the 'volume'
	    type disk source.
	  * New helper virDomainDiskSourcePoolDefFree to free the source def
	    if 'volume' type disk.
	tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml:
	tests/qemuxml2xmltest.c:
	  * New test

	conf: New helper virDomainDiskSourceDefFormat to format the disk source
	The code to format disk source is long enough to have a helper.

	storage: Guess the parent if it's not specified for vHBA
	This finds the parent for vHBA by iterating over all the HBA
	which supports vport_ops capability on the host, and return
	the first one which is online, not saturated (vports in use
	is less than max_vports).

	storage: Add startPool and stopPool for scsi backend
	startPool creates the vHBA if it's not existed yet, stopPool destroys
	the vHBA. Also to support autostart, checkPool will creates the vHBA
	if it's not existed yet.

	util: Add helper to get the scsi host name by iterating over sysfs
	The helper iterates over sysfs, to find out the matched scsi host
	name by comparing the wwnn,wwpn pair. It will be used by checkPool
	and refreshPool of storage scsi backend. New helper getAdapterName
	is introduced in storage_backend_scsi.c, which uses the new util
	helper virGetFCHostNameByWWN to get the fc_host adapter name.

	phyp: Prohibit fc_host adapter for phyp driver
	It's possible to support fc_host adapter for phyp driver too, but
	at this stage I'd like to not allow it when I'm not that clear
	how it works.

	storage: Move virStorageBackendSCSIGetHostNumber into iscsi backend
	It's only used by iscsi backend.

	storage: Make the adapter name be consistent with node device driver
	node device driver names the HBA like "scsi_host5", but storage
	driver uses "host5", which could make the user confused. This
	changes them to be consistent. However, for back-compat reason,
	adapter name like "host5" is still supported.

	New XML attributes for storage pool source adapter
	This introduces 4 new attributes for storage pool source adapter.
	E.g.
	<adapter type='fc_host' parent='scsi_host5' wwnn='20000000c9831b4b' wwpn='10000000c9831b4b'/>
	Attribute 'type' can be either 'scsi_host' or 'fc_host', and defaults
	to 'scsi_host' if attribute 'name' is specified. I.e. It's optional
	for 'scsi_host' adapter, for back-compat reason. However, mandatory
	for 'fc_host' adapter and any new future adapter types. Attribute
	'parent' is to specify the parent for the fc_host adapter.
	* docs/formatstorage.html.in:
	  - Add documents for the 4 new attrs
	* docs/schemas/storagepool.rng:
	  - Add RNG schema
	* src/conf/storage_conf.c:
	  - Parse and format the new XMLs
	* src/conf/storage_conf.h:
	  - New struct virStoragePoolSourceAdapter, replace "char *adapter" with it;
	  - New enum virStoragePoolSourceAdapterType
	* src/libvirt_private.syms:
	  - Export TypeToString and TypeFromString
	* src/phyp/phyp_driver.c:
	  - Replace "adapter" with "adapter.data.name", which is member of the union
	    of the new struct virStoragePoolSourceAdapter now. Later patch will
	    add the checking, as "adapter.data.name" is only valid for "scsi_host"
	    adapter.
	* src/storage/storage_backend_scsi.c:
	  - Like above
	* tests/storagepoolxml2xmlin/pool-scsi-type-scsi-host.xml:
	* tests/storagepoolxml2xmlin/pool-scsi-type-fc-host.xml:
	  - New test for 'fc_host' and "scsi_host" adapter
	* tests/storagepoolxml2xmlout/pool-scsi.xml:
	  - Change the expected output, as the 'type' defaults to 'scsi_host' if 'name"
	    specified now
	* tests/storagepoolxml2xmlout/pool-scsi-type-scsi-host.xml:
	* tests/storagepoolxml2xmlout/pool-scsi-type-fc-host.xml:
	  - New test
	* tests/storagepoolxml2xmltest.c:
	  - Include the test

2013-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Avoid cast alignment warnings in port allocator test
	To avoid
	virportallocatortest.c: In function 'bind':
	virportallocatortest.c:34:33: warning: cast increases required alignment of target type [-Wcast-align]
	     struct sockaddr_in *saddr = (struct sockaddr_in *)addr;
	                                 ^

	Disable cast-align warnings in various places
	There are a number of places which generate cast alignment
	warnings, which are difficult or impossible to address. Use
	pragmas to disable the warnings in these few places
	conf/nwfilter_conf.c: In function 'virNWFilterRuleDetailsParse':
	conf/nwfilter_conf.c:1806:16: warning: cast increases required alignment of target type [-Wcast-align]
	         item = (nwItemDesc *)((char *)nwf + att[idx].dataIdx);
	conf/nwfilter_conf.c: In function 'virNWFilterRuleDefDetailsFormat':
	conf/nwfilter_conf.c:3238:16: warning: cast increases required alignment of target type [-Wcast-align]
	         item = (nwItemDesc *)((char *)def + att[i].dataIdx);
	storage/storage_backend_mpath.c: In function 'virStorageBackendCreateVols':
	storage/storage_backend_mpath.c:247:17: warning: cast increases required alignment of target type [-Wcast-align]
	         names = (struct dm_names *)(((char *)names) + next);
	nwfilter/nwfilter_dhcpsnoop.c: In function 'virNWFilterSnoopDHCPDecode':
	nwfilter/nwfilter_dhcpsnoop.c:994:15: warning: cast increases required alignment of target type [-Wcast-align]
	         pip = (struct iphdr *) pep->eh_data;
	nwfilter/nwfilter_dhcpsnoop.c:1004:11: warning: cast increases required alignment of target type [-Wcast-align]
	     pup = (struct udphdr *) ((char *) pip + (pip->ihl << 2));
	nwfilter/nwfilter_learnipaddr.c: In function 'procDHCPOpts':
	nwfilter/nwfilter_learnipaddr.c:327:33: warning: cast increases required alignment of target type [-Wcast-align]
	                 uint32_t *tmp = (uint32_t *)&dhcpopt->value;
	nwfilter/nwfilter_learnipaddr.c: In function 'learnIPAddressThread':
	nwfilter/nwfilter_learnipaddr.c:501:43: warning: cast increases required alignment of target type [-Wcast-align]
	                     struct iphdr *iphdr = (struct iphdr*)(packet +
	nwfilter/nwfilter_learnipaddr.c:538:43: warning: cast increases required alignment of target type [-Wcast-align]
	                     struct iphdr *iphdr = (struct iphdr*)(packet +
	nwfilter/nwfilter_learnipaddr.c:544:48: warning: cast increases required alignment of target type [-Wcast-align]
	                         struct udphdr *udphdr= (struct udphdr *)

	Copy struct inotify_event entries to avoid alignment problems
	When reading the inotify FD, we get back a sequence of
	struct inotify_event, each with variable length data following.
	It is not safe to simply cast from the char *buf to the
	struct inotify_event struct since this may violate data
	alignment rules. Thus we must copy from the char *buf
	into the struct inotify_event instance before accessing
	the data.
	uml/uml_driver.c: In function 'umlInotifyEvent':
	uml/uml_driver.c:327:13: warning: cast increases required alignment of target type [-Wcast-align]
	         e = (struct inotify_event *)tmp;

	Use VIR_ALLOC_VAR instead of VIR_ALLOC_N for creating virObject
	The current way virObject instances are allocated using
	VIR_ALLOC_N causes alignment warnings
	util/virobject.c: In function 'virObjectNew':
	util/virobject.c:195:11: error: cast increases required alignment of target type [-Werror=cast-align]
	Changing to use VIR_ALLOC_VAR will avoid the need todo
	the casts entirely.

	Avoid casts between unsigned char * and struct nlmsghdr
	The virNetlinkCommand() method takes an 'unsigned char **'
	parameter to be filled with the received netlink message.
	The callers then immediately cast this to 'struct nlmsghdr',
	triggering (bogus) warnings about increasing alignment
	requirements
	util/virnetdev.c: In function 'virNetDevLinkDump':
	util/virnetdev.c:1300:12: warning: cast increases required alignment of target type [-Wcast-align]
	     resp = (struct nlmsghdr *)*recvbuf;
	            ^
	util/virnetdev.c: In function 'virNetDevSetVfConfig':
	util/virnetdev.c:1429:12: warning: cast increases required alignment of target type [-Wcast-align]
	     resp = (struct nlmsghdr *)recvbuf;
	Since all callers cast to 'struct nlmsghdr' we can avoid
	the warning problem entirely by simply changing the
	signature of virNetlinkCommand to return a 'struct nlmsghdr **'
	instead of 'unsigned char **'. The way we do the cast inside
	virNetlinkCommand does not have any alignment issues.

	Rewrite keycode map to avoid a struct
	Playing games with field offsets in a struct causes all sorts
	of alignment warnings on ARM platforms
	util/virkeycode.c: In function '__virKeycodeValueFromString':
	util/virkeycode.c:26:7: warning: cast increases required alignment of target type [-Wcast-align]
	     (*(typeof(field_type) *)((char *)(object) + field_offset))
	       ^
	util/virkeycode.c:91:28: note: in expansion of macro 'getfield'
	         const char *name = getfield(virKeycodes + i, const char *, name_offset);
	                            ^
	util/virkeycode.c:26:7: warning: cast increases required alignment of target type [-Wcast-align]
	     (*(typeof(field_type) *)((char *)(object) + field_offset))
	       ^
	util/virkeycode.c:94:20: note: in expansion of macro 'getfield'
	             return getfield(virKeycodes + i, unsigned short, code_offset);
	                    ^
	util/virkeycode.c: In function '__virKeycodeValueTranslate':
	util/virkeycode.c:26:7: warning: cast increases required alignment of target type [-Wcast-align]
	     (*(typeof(field_type) *)((char *)(object) + field_offset))
	       ^
	util/virkeycode.c:127:13: note: in expansion of macro 'getfield'
	         if (getfield(virKeycodes + i, unsigned short, from_offset) == key_value)
	             ^
	util/virkeycode.c:26:7: warning: cast increases required alignment of target type [-Wcast-align]
	     (*(typeof(field_type) *)((char *)(object) + field_offset))
	       ^
	util/virkeycode.c:128:20: note: in expansion of macro 'getfield'
	             return getfield(virKeycodes + i, unsigned short, to_offset);
	There is no compelling reason to use a struct for the keycode
	tables. It can easily just use an array of arrays instead,
	avoiding all alignment problems

	Add a test suite for keycode mapping functions
	Validate that translations between different keycode sets
	are functioning.

2013-04-06  Osier Yang  <jyang@redhat.com>

	qemu: Error out if the bitmap for pinning is all clear
	For both "live" and "config" changes of vcpupin and emulatorpin, an
	all clear bitmap doesn't make sense, and it can just cause corruptions.
	E.g (similar for emulatorpin).
	% virsh vcpupin hame 0 8,^8 --config
	% virsh vcpupin hame
	VCPU: CPU Affinity
	----------------------------------
	   0:
	   1: 0-63
	   2: 0-63
	   3: 0-63
	% virsh dumpxml hame | grep cpuset
	    <vcpupin vcpu='0' cpuset=''/>
	% virsh start hame
	error: Failed to start domain hame
	error: An error occurred, but the cause is unknown

	util: Add a helper to check if all bits of a bitmap are clear

	qemu: Support multiple queue virtio-scsi
	This introduce a new attribute "num_queues" (same with the good name
	QEMU uses) for virtio-scsi controller. An example of the XML:
	<controller type='scsi' index='0' model='virtio-scsi' num_queues='8'/>
	The corresponding QEMU command line:
	-device virtio-scsi-pci,id=scsi0,num_queues=8,bus=pci.0,addr=0x3 \

2013-04-06  Eric Blake  <eblake@redhat.com>

	build: check correct protocol.o file
	By default, libtool builds two .o files for every .lo rule:
	src/foo.o - static builds
	src/.libs/foo.o - shared library builds
	But since commit ad42b34b disabled static builds, src/foo.o is
	no longer built by default.  On a fresh checkout, this means our
	protocol check rules using pdwtags were testing a missing file,
	and thanks to a lousy behavior of pdwtags happily giving no output
	and 0 exit status (http://bugzilla.redhat.com/949034), we were
	merely claiming that "dwarves is too old" and skipping the test.
	However, if you swap between branches and do incremental builds,
	such as building v0.10.2-maint and then switching back to master,
	you end up with src/foo.o being leftover from its 0.10.2 state,
	and then 'make check' fails because the .o file does not match
	the protocol-structs file due to API additions in the meantime.
	A simpler fix would be to always look in .libs for the .o to
	be parsed; but since it is possible to pass ./configure options
	to tell libtool to do a static-only build with no shared .o,
	I went with the approach of finding the newest of the two files,
	whenever both exist.
	* src/Makefile.am (PDWTAGS): Ensure we test just-built file.

	build: use proper pod for nested bulleted VIRSH_DEBUG list
	Newer pod (hello rawhide) complains if you attempt to mix bullets
	and non-bullets in the same list:
	virsh.pod around line 3177: Expected text after =item, not a bullet
	As our intent was to nest an inner list, we make that explicit to
	keep pod happy.
	* tools/virsh.pod (ENVIRONMENT): Use correct pod syntax.

2013-04-05  Peter Krempa  <pkrempa@redhat.com>

	qemu: Remove maximum cpu limit when setting processor count using the API
	When setting processor count for a domain using the API libvirt enforced
	a maximum processor count, while it isn't enforced when taking the XML path.
	This patch removes the check to match the XML.

2013-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Don't create dirs in cgroup controllers we don't want to use
	Currently when getting an instance of virCgroupPtr we will
	create the path in all cgroup controllers. Only at the virt
	driver layer are we attempting to filter controllers. This
	is bad because the mere act of creating the dirs in the
	controllers can have a functional impact on the kernel,
	particularly for performance.
	Update the virCgroupForDriver() method to accept a bitmask
	of controllers to use. Only create dirs in the controllers
	that are requested. When creating cgroups for domains,
	respect the active controller list from the parent cgroup

	Rename virCgroupGetAppRoot to virCgroupForSelf
	The virCgroupGetAppRoot is not clear in its meaning. Change
	to virCgroupForSelf to highlight that this returns the
	cgroup config for the caller's process

	Ensure LD_PRELOAD exists before running test case
	The linker will ignore LD_PRELOAD libraries which do not
	exist, just printing a warning message. This is not helpful
	for the test suite which will be utterly fubar without the
	preload library present. Add an explicit test for existence
	of the library to protect against this

	Refactor RNG schema for resource tuning
	Split the "resource" define out into multiple smaller
	defines, one for each type of resource tuning parameter.
	This makes the schema a bit clearer to read

2013-04-05  Peter Krempa  <pkrempa@redhat.com>

	rpc: Fix connection close callback race condition and memory corruption/crash
	The last Viktor's effort to fix the race and memory corruption unfortunately
	wasn't complete in the case the close callback was not registered in an
	connection. At that time, the trail of event's that I'll describe later could
	still happen and corrupt the memory or cause a crash of the client (including
	the daemon in case of a p2p migration).
	Consider the following prerequisities and trail of events:
	Let's have a remote connection to a hypervisor that doesn't have a close
	callback registered and the client is using the event loop. The crash happens in
	cooperation of 2 threads. Thread E is the event loop and thread W is the worker
	that does some stuff. R denotes the remote client.
	1.) W - The client finishes everything and sheds the last reference on the client
	2.) W - The virObject stuff invokes virConnectDispose that invokes doRemoteClose
	3.) W - the remote close method invokes the REMOTE_PROC_CLOSE RPC method.
	4.) W - The thread is preempted at this point.
	5.) R - The remote side receives the close and closes the socket.
	6.) E - poll() wakes up due to the closed socket and invokes the close callback
	7.) E - The event loop is preempted right before remoteClientCloseFunc is called
	8.) W - The worker now finishes, and frees the conn object.
	9.) E - The remoteClientCloseFunc accesses the now-freed conn object in the
	        attempt to retrieve pointer for the real close callback.
	10.) Kaboom, corrupted memory/segfault.
	This patch tries to fix this by introducing a new object that survives the
	freeing of the connection object. We can't increase the reference count on the
	connection object itself or the connection would never be closed, as the
	connection is closed only when the reference count reaches zero.
	The new object - virConnectCloseCallbackData - is a lockable object that keeps
	the pointers to the real user registered callback and ensures that the
	connection callback is either not called if the connection was already freed or
	that the connection isn't freed while this is being called.

	virsh: Register and unregister the close callback also in cmdConnect
	This patch improves the error message after disconnecting from the
	hypervisor and adds the close callback operations required not to leak
	the callback reference.

	virsh: Move cmdConnect from virsh-host.c to virsh.c
	The function is used to establish connection so it should be in the main
	virsh file. This movement also enables further improvements done in next
	patches.
	Note that the "connect" command has moved from the host section of virsh to the
	main section. It is now listed by 'virsh help virsh' instead of 'virsh help
	host'.

2013-04-05  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	virsh: Unregister the connection close notifier upon termination
	Before closing the connection we unregister the close callback
	to prevent a reference leak.
	Further, the messages on virConnectClose != 0 are a bit more specific
	now.

	libvirt: Increase connection reference count for callbacks
	By adjusting the reference count of the connection object we
	prevent races between callback function and virConnectClose.

2013-04-05  Peter Krempa  <pkrempa@redhat.com>

	virCaps: get rid of defaultConsoleTargetType callback
	This patch refactors various places to allow removing of the
	defaultConsoleTargetType callback from the virCaps structure.
	A new console character device target type is introduced -
	VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_NONE - to mark that no type was
	specified in the XML. This type is at the end converted to the standard
	VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL. Other types that are
	different from this default have to be processed separately in the
	device post parse callback.

	virCaps: get rid of macPrefix field
	Use the virDomainXMLConf structure to hold this data and tweak the code
	to avoid semantic change.
	Without configuration the KVM mac prefix is used by default. I chose it
	as it's in the privately administered segment so it should be usable for
	any purposes.

	virCaps: get rid of hasWideScsiBus
	Use the virDomainXMLConf structure to hold this data.

	virCaps: get rid of defaultDiskDriverType
	Use the qemu specific callback to fill this data in the qemu driver as
	it's the only place where it was used and fix tests as the qemu test
	capability object didn't configure the defaults for the tests.

	virCaps: get rid of emulatorRequired
	This patch removes the emulatorRequired field and associated
	infrastructure from the virCaps object. Instead the driver specific
	callbacks are used as this field isn't enforced by all drivers.
	This patch implements the appropriate callbacks in the qemu and lxc
	driver and moves to check to that location.

	virCaps: get rid of defaultDiskDriverName
	This patch removes the defaultDiskDriverName from the virCaps
	structure. This particular default value is used only in the qemu driver
	so this patch uses the recently added callback to fill the driver name
	if it's needed instead of propagating it through virCaps.

	virCaps: get rid of "defaultInitPath" value in the virCaps struct
	This gets rid of the parameter in favor of using the new callback
	infrastructure to do the same stuff.
	This patch implements the domain adjustment callback in the openVZ
	driver and moves the check from the parser to a new validation method in
	the callback infrastructure.

	qemu: Record the default NIC model in the domain XML
	This patch implements the devices post parse callback and uses it to fill
	the default qemu network card model into the XML if none is specified.
	Libvirt assumes that the network card model for qemu is the "rtl8139".
	Record this in the XML using the new callback to avoid user
	confusion.

	conf callback: Rearrange function parameters
	Move the xmlopt and caps arguments to the end of the argument list.

	conf: Add post XML parse callbacks and prepare for cleaning of virCaps
	This patch adds instrumentation that will allow hypervisor drivers to
	fill and validate domain and device definitions after parsed by the XML
	parser.
	With this patch, after the XML is parsed, a callback to the driver is
	issued requesting to fill and validate driver specific details of the
	configuration. This allows to use sensible defaults and checks on a per
	driver basis at the time the XML is parsed.
	Two callback pointers are stored in the new virDomainXMLConf object:
	* virDomainDeviceDefPostParseCallback (devicesPostParseCallback)
	  - called for a single device parsed and for every single device in a
	    domain config. A virDomainDeviceDefPtr is passed along with the
	    domain definition and virCaps.
	* virDomainDefPostParseCallback, (domainPostParseCallback)
	  - A callback that is meant to process the domain config after it's
	  parsed.  A virDomainDefPtr is passed along with virCaps.
	Both types of callbacks support arbitrary opaque data passed for the
	callback functions.
	Errors may be reported in those callbacks resulting in a XML parsing
	failure.

	maint: Rename xmlconf to xmlopt and virDomainXMLConfig to virDomainXMLOption
	This patch is the result of running:
	for i in $(git ls-files | grep -v html | grep -v \.po$ ); do
	  sed -i -e "s/virDomainXMLConf/virDomainXMLOption/g" -e "s/xmlconf/xmlopt/g" $i
	done
	and a few manual tweaks.

2013-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Create fake NUMA info if libnuma isn't available
	If libnuma is not compiled in, or numa_available() returns an
	error, stub out fake NUMA info consisting of one NUMA cell
	containing all CPUs and memory.

	Cope with missing /sys/devices/system/cpu/cpu0/topology files
	Not all kernel builds have any entries under the location
	/sys/devices/system/cpu/cpu0/topology. We already cope with
	that being missing in some cases, but not all. Update the
	code which looks for thread_siblings to cope with the missing
	file

	Add armv6l architecture to list of valid arches
	The Raspberry Pi runs the armv6l architecture and apparently
	people are trying to run libvirt LXC on it. So we should allow
	that as a valid arch

	Implement minimal sysinfo for ARM platforms
	Implement the bare minimal sysinfo for ARM platforms by
	reading the CPU models from /proc/cpuinfo

	Disable of unused sysinfotest functions
	Certain functions in the sysinfotest.c are not used unless
	a whitelisted architecture is being built. Disable those
	functions unless required to avoid warnings about unused
	functions.
	sysinfotest.c:93:1: warning: 'sysinfotest_run' defined but not used [-Wunused-function]
	 sysinfotest_run(const char *test,

	Wire up sysinfo for LXC driver
	The sysinfo code used by QEMU is trivially portable to the
	LXC driver

	Add support for SD cards in nodedev driver
	The nodedev driver currently only detects harddisk, cdrom
	and floppy devices. This adds support for SD cards, which
	are common storage for ARM devices, eg the Google ChromeBook
	<device>
	  <name>block_mmcblk0_0xb1c7c08b</name>
	  <parent>computer</parent>
	  <capability type='storage'>
	    <block>/dev/mmcblk0</block>
	    <drive_type>sd</drive_type>
	    <serial>0xb1c7c08b</serial>
	    <size>15758000128</size>
	    <logical_block_size>512</logical_block_size>
	    <num_blocks>30777344</num_blocks>
	  </capability>
	</device>

	Revert "lxc: Prevent shutting down the host"
	This reverts commit c9c87376f2b2197ad774533ad6a6dd2f631ca105.
	Now that we force all containers to have a root filesystem,
	there is no way the host's /dev is ever exposed

	Auto-add a root <filesystem> element to LXC containers on startup
	Currently the LXC container code has two codepaths, depending on
	whether there is a <filesystem> element with a target path of '/'.
	If we automatically add a <filesystem> device with src=/ and dst=/,
	for any container which has not specified a root filesystem, then
	we only need one codepath for setting up the filesystem.

	Remove support for old kernels lacking private devpts
	Early on kernel support for private devpts was not widespread,
	so we had compatibiltiy codepaths. Such old kernels are not
	seriously used for LXC these days, so the compat code can go
	away

2013-04-04  Atsushi Kumagai  <kumagai-atsushi@mxc.nes.nec.co.jp>

	storage: Fix volume cloning for logical volume.
	When creating a logical volume with virStorageVolCreateXMLFrom,
	"qemu-img convert" is called internally if clonevol is a file volume.
	Then, vol->target.format is used as output_fmt parameter but the
	target.format of logical volumes is always 0 because logical volumes
	haven't the volume format type element.
	Fortunately, 0 was treated as RAW file format before commit f772b3d9,
	so there was no problem. But now, 0 is treated as the type of none,
	qemu-img fails with "Unknown file format 'none'".
	This patch fixes this issue by treating output block devices as RAW
	file format like for input block devices.

2013-04-04  Guido Günther  <agx@sigxcpu.org>

	security_manager: fix comparison
	otherwise we crash later on if we don't find a match like:
	 #0  0xb72c2b4f in virSecurityManagerGenLabel (mgr=0xb8e42d20, vm=0xb8ef40c0) at security/security_manager.c:424
	 #1  0xb18811f3 in qemuProcessStart (conn=conn@entry=0xb8eed880, driver=driver@entry=0xb8e3b1e0, vm=vm@entry=0xb8ef58f0,
	     migrateFrom=migrateFrom@entry=0xb18f6088 "stdio", stdin_fd=18,
	     stdin_path=stdin_path@entry=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img", snapshot=snapshot@entry=0x0,
	     vmop=vmop@entry=VIR_NETDEV_VPORT_PROFILE_OP_RESTORE, flags=flags@entry=2) at qemu/qemu_process.c:3364
	 #2  0xb18d6cb2 in qemuDomainSaveImageStartVM (conn=conn@entry=0xb8eed880, driver=driver@entry=0xb8e3b1e0, vm=0xb8ef58f0, fd=fd@entry=0xb6bf3f98,
	     header=header@entry=0xb6bf3fa0, path=path@entry=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img",
	     start_paused=start_paused@entry=false) at qemu/qemu_driver.c:4843
	 #3  0xb18d7eeb in qemuDomainRestoreFlags (conn=conn@entry=0xb8eed880,
	     path=path@entry=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img", dxml=dxml@entry=0x0, flags=flags@entry=0)
	     at qemu/qemu_driver.c:4962
	 #4  0xb18d8123 in qemuDomainRestore (conn=0xb8eed880, path=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img")
	     at qemu/qemu_driver.c:4987
	 #5  0xb718d186 in virDomainRestore (conn=0xb8eed880, from=0xb8ea87d8 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img") at libvirt.c:2768
	 #6  0xb7736363 in remoteDispatchDomainRestore (args=<optimized out>, rerr=0xb6bf41f0, client=0xb8eedaf0, server=<optimized out>, msg=<optimized out>)
	     at remote_dispatch.h:4679
	 #7  remoteDispatchDomainRestoreHelper (server=0xb8e1a3e0, client=0xb8eedaf0, msg=0xb8ee72c8, rerr=0xb6bf41f0, args=0xb8ea8968, ret=0xb8ef5330)
	     at remote_dispatch.h:4661
	 #8  0xb720db01 in virNetServerProgramDispatchCall (msg=0xb8ee72c8, client=0xb8eedaf0, server=0xb8e1a3e0, prog=0xb8e216b0)
	     at rpc/virnetserverprogram.c:439
	 #9  virNetServerProgramDispatch (prog=0xb8e216b0, server=server@entry=0xb8e1a3e0, client=0xb8eedaf0, msg=0xb8ee72c8) at rpc/virnetserverprogram.c:305
	 #10 0xb7206e97 in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0xb8e1a3e0) at rpc/virnetserver.c:162
	 #11 virNetServerHandleJob (jobOpaque=0xb8ea7720, opaque=0xb8e1a3e0) at rpc/virnetserver.c:183
	 #12 0xb70f9f78 in virThreadPoolWorker (opaque=opaque@entry=0xb8e1a540) at util/virthreadpool.c:144
	 #13 0xb70f94a5 in virThreadHelper (data=0xb8e0e558) at util/virthreadpthread.c:161
	 #14 0xb705d954 in start_thread (arg=0xb6bf4b70) at pthread_create.c:304
	 #15 0xb6fd595e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
	This unbreaks libvirt-tck's domain/100-transient-save-restore.t with
	qemu:///session and selinux compiled in but disabled.
	Introduced by 8d68cbeaa8a64759323da1d64526e2a941eb93e1

2013-04-04  Eric Blake  <eblake@redhat.com>

	qemu: fix memory leak on -machine usage error
	Commit f84b92ea introduced a memory leak on error; John Ferlan reported
	that valgrind caught it during 'make check'.
	* src/qemu/qemu_command.c (qemuBuildMachineArgStr): Plug leak.

2013-04-03  Daniel P. Berrange  <berrange@redhat.com>

	Enable full RELRO mode
	By passing the flags -z relro -z now to the linker, we can force
	it to resolve all library symbols at startup, instead of on-demand.
	This allows it to then make the global offset table (GOT) read-only,
	which makes some security attacks harder.

	Build all binaries with PIE
	PIE (position independent executable) adds security to executables
	by composing them entirely of position-independent code (PIC. The
	.so libraries already build with -fPIC. This adds -fPIE which is
	the equivalent to -fPIC, but for executables. This for allows Exec
	Shield to use address space layout randomization to prevent attackers
	from knowing where existing executable code is during a security
	attack using exploits that rely on knowing the offset of the
	executable code in the binary, such as return-to-libc attacks.

2013-04-03  Peter Krempa  <pkrempa@redhat.com>

	qemu-blockjob: Fix limit of bandwidth for block jobs to supported value
	The JSON generator is able to represent only values less than LLONG_MAX, fix the
	bandwidth limit checks when converting to value to catch overflows before they
	reach the generator.

2013-04-03  Osier Yang  <jyang@redhat.com>

	rng: Add definition for network disk source
	It's long enough to have a independant definition.

2013-04-03  Daniel P. Berrange  <berrange@redhat.com>

	Disable static libraries by default
	Every source file is currently built twice by libtool, once for
	the shared library and once for the static library. Static libs
	are not commonly packaged by distros and slow down compilation
	time by more than 50% compared to a shared-only build time.
	Time for 'make -j 4':
	      shared only: 2 mins  9 secs
	  shared + static: 3 mins 26 secs
	Time for non-parallel make
	      shared only: 3 mins 32 secs
	  shared + static: 5 mins 41 secs
	Those few people who really want them, can pass --enable-static
	to configure
	Disabling them by default requires use of LT_INIT, but for
	compat with RHEL5 we can't rely on that. So we conditionally
	use LT_INIT, but fallback to AM_PROG_LIBTOOL if not present.

2013-04-03  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix typo in docs
	s/persitent/persistent/

2013-04-03  Michal Privoznik  <mprivozn@redhat.com>

	sec_manager: Refuse to start domain with unsupported seclabel
	https://bugzilla.redhat.com/show_bug.cgi?id=947387
	If a user configures a domain to use a seclabel of a specific type,
	but the appropriate driver is not accessible, we should refuse to
	start the domain. For instance, if user requires selinux, but it is
	either non present in the system, or is just disabled, we should not
	start the domain. Moreover, since we are touching only those labels we
	have a security driver for, the other labels may confuse libvirt when
	reconnecting to a domain on libvirtd restart. In our selinux example,
	when starting up a domain, missing security label is okay, as we
	auto-generate one. But later, when libvirt is re-connecting to a live
	qemu instance, we parse a state XML, where security label is required
	and it is an error if missing:
	  error : virSecurityLabelDefParseXML:3228 : XML error: security label
	  is missing
	This results in a qemu process left behind without any libvirt control.

2013-04-03  Martin Kletzander  <mkletzan@redhat.com>

	Allow multiple parameters for schedinfo
	virsh schedinfo was able to set only one parameter at a time (not
	counting the deprecated options), but it is useful to set more at
	once, so this patch adds the possibility to do stuff like this:
	virsh schedinfo <domain> cpu_shares=0 vcpu_period=0 vcpu_quota=0 \
	emulator_period=0 emulator_quota=0
	Invalid scheduler options are reported as well.  These were previously
	reported only if the command hadn't updated any values (when
	cmdSchedInfoUpdate returned 0).
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=810078
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919372
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919375

2013-04-03  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix crash when updating media with shared device
	Mimic the fix done in 02b9097274d1330c2e1dca7f598880e09b5c2aa0 to fix crash by
	accessing an already freed structure. Also copy the explaining comment why the
	pointer can't be accessed any more.

2013-04-02  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Call virDomainFree in cmdDomFSTrim
	https://bugzilla.redhat.com/show_bug.cgi?id=928197
	The virsh domfstrim command was not freeing allocated domain,
	leaving leaked references behind.

2013-04-02  Martin Kletzander  <mkletzan@redhat.com>

	manual: Fix copy-paste errors
	Descriptions for vol-download and vol-upload didn't make much sense.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=923613

	manual: Add info about migrateuri in virsh manual
	The virsh(1) man page wasn't saying anything about the 'migrateuri'
	parameter other than it can be usually omitted.  A patched version of
	docs/migrate.html.in is taken in this patch to fix that up in the man
	page.

2013-04-02  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Add --live, --config, --current logic to cmdDetachDisk
	Use the established approach to improve this function too.

	virsh-domain: Add --live, --config, --current logic to cmdDetachDevice
	Use the established approach to improve this function too.

	virsh-domain: Add --live, --config, --current logic to cmdDetachInterface
	Use the established approach to improve this function too.

	virsh: Fix semantics of --config for "update-device" command
	The man page states that with --config the next boot is affected. This
	can be understood as if _only_ the next boot was affected. This isn't
	true if the machine is running.
	This patch adds the full --live, --config, --current infrastructure and
	tweaks stuff to correctly support the obsolete --persistent flag.
	Note that this patch changes the the behavior of the --config flag to match the
	use of this flag in rest of libvirt. This flag was mistakenly renamed from
	--persistent that originaly had different semantics.

	virsh-domain: Fix declarations of flag variables in cmdChangeMedia
	The parameter options can be declared directly.
	Also use macros for mutual exclusion on some of the incompatible
	parameter variables.

	virsh-domain: Simplify usage of --current, --live and --config flags
	This patch uses the new helper to avoid the more complex check for
	domain state modification flags.

	virsh-domain-monitor: Refactor cmdDomIfGetLink
	The domif-getlink command did not terminate successfully when the
	interface state was found. As the code used old and too complex approach
	to do the job, this patch refactors it and fixes the bug.

	Use virMacAddrFormat instead of manual mac address formatting
	Format the address using the helper instead of having similar code in
	multiple places.
	This patch also fixes leak of the MAC address string in
	ebtablesRemoveForwardAllowIn() and ebtablesAddForwardAllowIn() in
	src/util/virebtables.c

	util: Change virMacAddrFormat to lowercase hex characters
	The domain XML generator creates the mac addres strings with lowercase
	strings with a separate piece of code. This patch changes the formating
	helper to do the same stuff to allow using it to normalize a string
	provided by the user. After this change some of the tests that are
	outputing the mac address will need to be changed.

2013-04-02  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Optimize machine option to set more options with it
	Currently, -machine option is used only when dump-guest-core is set.
	To use options defined in machine option for newer version of QEMU,
	it needs to use -machine xxx, and to be compatible with older version
	-M, this patch adds QEMU_CAPS_MACHINE_OPT capability for newer
	version which supports -machine option.

2013-04-02  Peter Krempa  <pkrempa@redhat.com>

	conf: Enforce ranges on cputune variables
	The limits are documented at
	http://libvirt.org/formatdomain.html#elementsCPUTuning . Enforce them
	when going through XML parsing in addition to being enforced by the API.

2013-04-02  Michal Privoznik  <mprivozn@redhat.com>

	test: Return Libvirt logo as domain screenshot
	This is just a bare Easter Egg. Whenever a user runs virDomainScreenshot
	over a domain in test driver, he'll get the Libvirt PNG logo in return.

2013-04-02  Eric Blake  <eblake@redhat.com>

	smartcard: spell ccid-card-emulated qemu property correctly
	Reported by Anthony Messina in
	https://bugzilla.redhat.com/show_bug.cgi?id=904692
	Present since introduction of smartcard support in commit f5fd9baa
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Match qemu spelling.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.args:
	Fix broken test.

2013-04-02  Ján Tomko  <jtomko@redhat.com>

	qemu: Allow migration over IPv6
	Allow migration over IPv6 by listening on [::] instead of 0.0.0.0
	when QEMU supports it (QEMU_CAPS_IPV6_MIGRATION) and there is
	at least one v6 address configured on the system.
	Use virURIParse in qemuMigrationPrepareDirect to allow parsing
	IPv6 addresses, which would cause an 'incorrect :port' error
	message before.
	Move setting of migrateFrom from qemuMigrationPrepare{Direct,Tunnel}
	after domain XML parsing, since we need the QEMU binary path from it
	to get its capabilities.
	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=846013

2013-04-02  Osier Yang  <jyang@redhat.com>

	virsh: Add a helper to parse cpulist
	The 'virsh vcpupin' and 'virsh emulatorpin' commands use the same
	code to parse the cpulist. This patch abstracts the same code as
	a helper. Along with various code style fixes, and error improvement
	(only error "Physical CPU %d doesn't exist" if the specified CPU
	exceed the range, no "cpulist: Invalid format", see the following
	for an example of the error prior to this patch).
	% virsh vcpupin 4 0 0-8
	error: Physical CPU 4 doesn't exist.
	error: cpulist: Invalid format.

2013-04-02  John Ferlan  <jferlan@redhat.com>

	Resolve valgrind failure
	Code added by commit id '523207fe8'
	TEST: qemuxml2argvtest
	      ........................................ 40
	      ........................................ 80
	      ........................................ 120
	      ........................................ 160
	      ........................................ 200
	      ........................................ 240
	      .................................        273 OK
	==30993== 39 bytes in 1 blocks are definitely lost in loss record 33 of 87
	==30993==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==30993==    by 0x41E501: fakeSecretGetValue (qemuxml2argvtest.c:33)
	==30993==    by 0x427591: qemuBuildDriveURIString (qemu_command.c:2571)
	==30993==    by 0x42C502: qemuBuildDriveStr (qemu_command.c:2627)
	==30993==    by 0x4335FC: qemuBuildCommandLine (qemu_command.c:6443)
	==30993==    by 0x41E8A0: testCompareXMLToArgvHelper (qemuxml2argvtest.c:154
	==30993==    by 0x41FE8F: virtTestRun (testutils.c:157)
	==30993==    by 0x418BE3: mymain (qemuxml2argvtest.c:506)
	==30993==    by 0x4204CA: virtTestMain (testutils.c:719)
	==30993==    by 0x38D6821A04: (below main) (in /usr/lib64/libc-2.16.so)
	==30993==
	==30993== 46 bytes in 1 blocks are definitely lost in loss record 64 of 87
	==30993==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==30993==    by 0x38D690A167: __vasprintf_chk (in /usr/lib64/libc-2.16.so)
	==30993==    by 0x4CB28E7: virVasprintf (stdio2.h:210)
	==30993==    by 0x4CB29A3: virAsprintf (virutil.c:2017)
	==30993==    by 0x4275B4: qemuBuildDriveURIString (qemu_command.c:2580)
	==30993==    by 0x42C502: qemuBuildDriveStr (qemu_command.c:2627)
	==30993==    by 0x4335FC: qemuBuildCommandLine (qemu_command.c:6443)
	==30993==    by 0x41E8A0: testCompareXMLToArgvHelper (qemuxml2argvtest.c:154
	==30993==    by 0x41FE8F: virtTestRun (testutils.c:157)
	==30993==    by 0x418BE3: mymain (qemuxml2argvtest.c:506)
	==30993==    by 0x4204CA: virtTestMain (testutils.c:719)
	==30993==    by 0x38D6821A04: (below main) (in /usr/lib64/libc-2.16.so)
	==30993==
	==30993== 385 (56 direct, 329 indirect) bytes in 1 blocks are definitely los
	==30993==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
	==30993==    by 0x4C6B2CF: virAllocN (viralloc.c:152)
	==30993==    by 0x4C9C7EB: virObjectNew (virobject.c:191)
	==30993==    by 0x4D21810: virGetSecret (datatypes.c:642)
	==30993==    by 0x41E5D5: fakeSecretLookupByUsage (qemuxml2argvtest.c:51)
	==30993==    by 0x4D4BEC5: virSecretLookupByUsage (libvirt.c:15295)
	==30993==    by 0x4276A9: qemuBuildDriveURIString (qemu_command.c:2565)
	==30993==    by 0x42C502: qemuBuildDriveStr (qemu_command.c:2627)
	==30993==    by 0x4335FC: qemuBuildCommandLine (qemu_command.c:6443)
	==30993==    by 0x41E8A0: testCompareXMLToArgvHelper (qemuxml2argvtest.c:154
	==30993==    by 0x41FE8F: virtTestRun (testutils.c:157)
	==30993==    by 0x418BE3: mymain (qemuxml2argvtest.c:506)
	==30993==
	PASS: qemuxml2argvtest
	Interesting side note is that running the test singularly via 'make -C tests
	check TESTS=qemuxml2argvtest' didn't trip the valgrind error; however,
	running during 'make -C tests valgrind' did cause the error to be seen.

2013-04-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.0.4
	- configure.ac docs/news.html.in libvirt.spec.in: updates for the release
	- po/*.po*: fetch translation updates from Transifex and regenerate

2013-03-29  Christophe Fergeau  <cfergeau@redhat.com>

	docs: Fix truncated sentence in RDP 'multiUser' attribute

2013-03-29  Ján Tomko  <jtomko@redhat.com>

	virsh: don't call virSecretFree on NULL
	Since the refactoring in fbe2d49 we call virSecretFree even if
	virSecretDefineXML fails, which leads to overwriting the error
	message with:
	error: Invalid secret: virSecretFree
	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=929045

2013-03-29  Martin Kletzander  <mkletzan@redhat.com>

	storage: Avoid double virCommandFree in virStorageBackendLogicalDeletePool
	When logical pool has no PVs associated with itself (user-created),
	virCommandFree(cmd) is called twice with the same pointer and that
	causes a segfault in daemon.

2013-03-29  Ján Tomko  <jtomko@redhat.com>

	nodedev: invert virIsCapableFCHost return value
	Both virIsCapableFCHost and virIsCapableVport return 0 when the
	respective sysfs path is accessible.

2013-03-28  Michal Privoznik  <mprivozn@redhat.com>

	security_manager.c: Append seclabel iff generated
	With my previous patches, we unconditionally appended a seclabel,
	even if it wasn't generated but found in array of defined seclabels.
	This resulted in double free later when doing virDomainDefFree
	and iterating over the array of defined seclabels.
	Moreover, there was another possibility of double free, if the
	seclabel was generated in the last iteration of the process of
	walking trough security managers array.

	virutil: Fix compilation on non-linux platforms
	There has been a typo in virIsCapbleVport function name.

2013-03-28  Osier Yang  <jyang@redhat.com>

	util: Fix the conflict type for virIsCapableFCHost
	---
	Pushed under build-breaker rule.

2013-03-28  Michal Privoznik  <mprivozn@redhat.com>

	libvirt_private.syms: Correctly export seclabel APIs
	One of my previous patches manipulated virSecurityLabel* APIs,
	some were added to header files, and some were renamed. However,
	these changes were not reflected in libvirt_private.syms.

	security: Don't add seclabel of type none if there's already a seclabel
	https://bugzilla.redhat.com/show_bug.cgi?id=923946
	The <seclabel type='none'/> should be added iff there is no other
	seclabel defined within a domain. This bug can be easily reproduced:
	1) configure selinux seclabel for a domain
	2) disable system's selinux and restart libvirtd
	3) observe <seclabel type='none'/> being appended to a domain on its
	   startup

	security_manager: Don't manipulate domain XML in virDomainDefGetSecurityLabelDef
	The virDomainDefGetSecurityLabelDef was modifying the domain XML.
	It tried to find a seclabel corresponding to given sec driver. If the
	label wasn't found, the function created one which is wrong. In fact
	it's security manager which should modify this part of domain XML.

2013-03-28  Guannan Ren  <gren@redhat.com>

	conf: fix memory leak of class_id bitmap
	When libvirtd loads active network configs from network state directory,
	it should release the class_id memory block which was allocated
	at the time of loading xml from network config directory.
	virBitmapParse will create a new memory block of bitmap class_id which
	causes a memory leak.
	This happens when at least one virtual network is active before.
	==12234== 8,216 (24 direct, 8,192 indirect) bytes in 1 blocks are definitely \
	              lost in loss record 702 of 709
	==12234==    at 0x4A06B2F: calloc (vg_replace_malloc.c:593)
	==12234==    by 0x37AB04D77D: virAlloc (in /usr/lib64/libvirt.so.0.1000.3)
	==12234==    by 0x37AB04EF89: virBitmapNew (in /usr/lib64/libvirt.so.0.1000.3)
	==12234==    by 0x37AB0BFB37: virNetworkAssignDef (in /usr/lib64/libvirt.so.0.1000.3)
	==12234==    by 0x37AB0BFD31: ??? (in /usr/lib64/libvirt.so.0.1000.3)
	==12234==    by 0x37AB0BFE92: virNetworkLoadAllConfigs (in /usr/lib64/libvirt.so.0.1000.3)
	==12234==    by 0x10650E5A: ??? (in /usr/lib64/libvirt/connection-driver/libvirt_driver_network.so)
	==12234==    by 0x37AB0EB72F: virStateInitialize (in /usr/lib64/libvirt.so.0.1000.3)
	==12234==    by 0x40DE04: ??? (in /usr/sbin/libvirtd)
	==12234==    by 0x37AB0832E8: ??? (in /usr/lib64/libvirt.so.0.1000.3)
	==12234==    by 0x3796807D14: start_thread (in /usr/lib64/libpthread-2.16.so)
	==12234==    by 0x37960F246C: clone (in /usr/lib64/libc-2.16.so)

	uml:release config object when uml driver shutdown

	qemu:release qemu config object when qemu driver shutdown

2013-03-28  Stefan Seyfried  <seife@b1-systems.de>

	net: use newer iptables syntax
	iptables-1.4.18 removed the long deprecated "state" match.
	Use "conntrack" instead in forwarding rules.
	Fixes openSUSE bug https://bugzilla.novell.com/811251 #811251.

2013-03-27  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	remote: Don't call NULL closeFreeCallback
	Check function pointer before calling.

2013-03-27  Jiri Denemark  <jdenemar@redhat.com>

	rpc: Fix client crash when server drops connection
	Despite the comment stating virNetClientIncomingEvent handler should
	never be called with either client->haveTheBuck or client->wantClose
	set, there is a sequence of events that may lead to both booleans being
	true when virNetClientIncomingEvent is called. However, when that
	happens, we must not immediately close the socket as there are other
	threads waiting for the buck and they would cause SIGSEGV once they are
	woken up after the socket was closed. Another thing is we should clear
	all remaining calls in the queue after closing the socket.
	The situation that can lead to the crash involves three threads, one of
	them running event loop and the other two calling libvirt APIs. The
	event loop thread detects an event on client->sock and calls
	virNetClientIncomingEvent handler. But before the handler gets a chance
	to lock client, the other two threads (T1 and T2) start calling some
	APIs. T1 gets the buck and detects EOF on client->sock while processing
	its RPC call. Since T2 is waiting for its own call, T1 passes the buck
	on to it and unlocks client. But before T2 gets the signal, the event
	loop thread wakes up, does its job and closes client->sock. The crash
	happens when T2 actually wakes up and tries to do its job using a closed
	client->sock.

	log: Separate thread ID from timestemp in ring buffer
	When we write a log message into a log, we separate thread ID from
	timestamp using ": ". However, when storing the message into the ring
	buffer, we omitted the separator, e.g.:
	    2013-02-27 11:49:11.852+00003745: ...

2013-03-27  Guannan Ren  <gren@redhat.com>

	conf: fix a failure when detaching a usb device
	 #virsh detach-device $guest usb.xml
	 error: Failed to detach device from usb2.xml
	 error: operation failed: host usb device vendor=0x0951 \
	 product=0x1625 not found
	This regresstion is due to a typo in matching function. The first
	argument is always the usb device that we are checking for. If the
	usb xml file provided by user contains bus and device info, we try
	to search it by them, otherwise, we use vendor and product info.
	The bug occurred only when detaching a usb device with no bus and
	device info provided in the usb xml file.

2013-03-27  Yanbing Du  <ydu@redhat.com>

	virsh: Correct DESCRIPTION for virsh help blockcopy

2013-03-27  Guido Günther  <agx@sigxcpu.org>

	qemu: Don't set address type too early during virtio disk hotplug
	f946462e14ac036357b7c11ce5c23f94a3ee4e49 changed behavior by settings
	VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI upfront. If we do so before invoking
	qemuDomainPCIAddressEnsureAddr we merely try to set the PCI slot via
	qemuDomainPCIAddressReserveSlot instead reserving a new address via
	qemuDomainPCIAddressSetNextAddr which fails with
	$ ~/run-tck-test domain/200-disk-hotplug.t
	./scripts/domain/200-disk-hotplug.t .. # Creating a new transient domain
	./scripts/domain/200-disk-hotplug.t .. 1/5 # Attaching the new disk /var/lib/jenkins/jobs/libvirt-tck-build/workspace/scratchdir/200-disk-hotplug/extra.img
	 #   Failed test 'disk has been attached'
	 #   at ./scripts/domain/200-disk-hotplug.t line 67.
	 # died: Sys::Virt::Error (libvirt error code: 1, message: internal error unable to reserve PCI address 0:0:0.0
	 # )

2013-03-27  Ján Tomko  <jtomko@redhat.com>

	virsh: error out on non-numeric timeout values
	Some block commands and migrate ignored incorrect values.
	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=927495

2013-03-27  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Set migration FD blocking
	Since we switched from direct host migration scheme to the one,
	where we connect to the destination and then just pass a FD to a
	qemu, we have uncovered a qemu bug. Qemu expects migration FD to
	block. However, we are passing a nonblocking one which results in
	cryptic error messages like:
	  qemu: warning: error while loading state section id 2
	  load of migration failed
	The bug is already known to Qemu folks, but we should workaround
	already released Qemus. Patch has been originally proposed by Stefan
	Hajnoczi <stefanha@gmail.com>

2013-03-26  Martin Kletzander  <mkletzan@redhat.com>

	Fix virConnectOpen.*() name requirements
	virConnectOpenAuth didn't require 'name' to be specified (VIR_DEBUG
	used NULLSTR() for the output) and by default, if name == NULL, the
	default connection uri is used.  This was not indicated in the
	documentation and wasn't checked for in other API's VIR_DEBUG outputs.

2013-03-26  Peter Krempa  <pkrempa@redhat.com>

	virsh: Let the compiler check usage of all fields in vshCmdOptType enum
	Get rid of the "default" labels to do so.

2013-03-26  Guannan Ren  <gren@redhat.com>

	python: set default value to optional arguments
	When prefixing with string (optional) or optional in the description
	of arguments to libvirt C APIs, in python, these arguments will be
	set as optional arugments, for example:
	 * virDomainSaveFlags:
	 * @domain: a domain object
	 * @to: path for the output file
	 * @dxml: (optional) XML config for adjusting guest xml used on restore
	 * @flags: bitwise-OR of virDomainSaveRestoreFlags
	 the corresponding python APIs is
	 restoreFlags(self, frm, dxml=None, flags=0)
	The following python APIs are changed to:
	 blockCommit(self, disk, base, top, bandwidth=0, flags=0)
	 blockPull(self, disk, bandwidth=0, flags=0)
	 blockRebase(self, disk, base, bandwidth=0, flags=0)
	 migrate(self, dconn, flags=0, dname=None, uri=None, bandwidth=0)
	 migrate2(self, dconn, dxml=None, flags=0, dname=None, uri=None, bandwidth=0)
	 migrateToURI(self, duri, flags=0, dname=None, bandwidth=0)
	 migrateToURI2(self, dconnuri=None, miguri=None, dxml=None, flags=0, \
	               dname=None, bandwidth=0)
	 saveFlags(self, to, dxml=None, flags=0)
	 migrate(self, domain, flags=0, dname=None, uri=None, bandwidth=0)
	 migrate2(self, domain, dxml=None, flags=0, dname=None, uri=None, bandwidth=0)
	 restoreFlags(self, frm, dxml=None, flags=0)

2013-03-26  Yanbing Du  <ydu@redhat.com>

	Remove the redundant parentheses in migrate help

2013-03-25  Eric Blake  <eblake@redhat.com>

	Revert "qemu: detect multi-head qxl via more than version check"
	This reverts commit 5ac846e42e5b7e0475f6aa9cc1e0b0c8dac84d44.
	After further discussions with Alon Levy, I learned the following:
	The use of '-vga qxl' vs. '-device qxl-vga' is completely orthogonal
	to whether ram_size can be exposed.  Downstream distros are interested
	in backporting support for multi-head qxl, but this can be done in
	one of two ways:
	1. Support one head per PCI device.  If you do this, then it makes
	sense to have full control over the PCI address of each device. For
	full control, you need '-device qxl-vga' instead of '-vga qxl'.
	2. Support multiple heads through a single PCI device.  If you do
	this, then you need to allocate more RAM to that PCI device (enough
	ram to cover the multiple screens).  Here, the device is hard-coded
	to 0:0:2.0, both in qemu and libvirt code.
	Apparently, backporting ram_size changes to allow multiple heads in
	a single device is much easier than backporting multiple device
	support.  Furthermore, the presence or absence of qxl-vga.surfaces
	is no different than the presence or absence of qxl-vga.ram_size;
	both properties can be applied regardless of whether you have one
	PCI device (-vga qxl) or multiple (-device qxl-vga), so this property
	is NOT a good witness of whether '-device qxl-vga' support has been
	backported.
	Downstream RHEL will NOT be using this patch; and worse, leaving this
	patch in risks doing the wrong thing if compiling upstream libvirt
	on RHEL, so the best course of action is to revert it.  That means
	that libvirt will go back to only using '-device qxl-vga' for qemu
	>= 1.2, but this is just fine because we know of no distros that plan
	on backporting multiple PCI address support to any older version of
	qemu.  Meanwhile, downstream can still use ram_size to pack multiple
	heads through a single PCI device.

	libvirt-guests: newline between output sentences
	Right now, libvirt-guests gives awkward output.  It's possible to
	force faster failure by setting /etc/sysconfig/libvirt-guests to use:
	ON_SHUTDOWN=shutdown
	PARALLEL_SHUTDOWN=0
	SHUTDOWN_TIMEOUT=1
	ON_BOOT=ignore
	at which point, we see:
	$ service libvirt-guests restart
	Running guests on default URI: a, b, d, c
	Shutting down guests on default URI...
	Starting shutdown on guest: a
	Shutdown of guest a failed to complete in time.Starting shutdown on guest: b
	Shutdown of guest b failed to complete in time.Starting shutdown on guest: d
	Shutdown of guest d failed to complete in time.Starting shutdown on guest: c
	Shutdown of guest c failed to complete in time.libvirt-guests is configured not to start any guests on boot
	* tools/libvirt-guests.sh.in (shutdown_guest): Add missing newline.
	Reported by Xuesong Zhang.

2013-03-25  Osier Yang  <jyang@redhat.com>

	util: Fix bug of managing vport
	The string written to "vport_create" or "vport_delete" should
	be "wwnn:wwpn", but not "wwpn:wwnn".

	nodedev: Fix the improper logic when enumerating SRIOV VF
	virPCIGetVirtualFunctions returns 0 even if there is no "virtfn"
	entry under the device sysfs path.
	And virPCIGetVirtualFunctions returns -1 when it fails to get
	the PCI config space of one VF, however, with keeping the
	the VFs already detected.
	That's why udevProcessPCI and gather_pci_cap use logic like:
	if (!virPCIGetVirtualFunctions(syspath,
	                               &data->pci_dev.virtual_functions,
	                               &data->pci_dev.num_virtual_functions) ||
	    data->pci_dev.num_virtual_functions > 0)
	    data->pci_dev.flags |= VIR_NODE_DEV_CAP_FLAG_PCI_VIRTUAL_FUNCTION;
	to tag the PCI device with "virtual_function" cap.
	However, this results in a VF will aslo get "virtual_function" cap.
	This patch fixes it by:
	  * Ignoring the VF which has failure of getting PCI config space
	    (given that the successfully detected VFs are kept , it makes
	    sense to not give up on the failure of one VF too) with a warning,
	    so virPCIGetVirtualFunctions will not return -1 except out of memory.
	  * Free the allocated *virtual_functions when out of memory
	And thus the logic can be changed to:
	    /* Out of memory */
	    int ret = virPCIGetVirtualFunctions(syspath,
	                                        &data->pci_dev.virtual_functions,
	                                        &data->pci_dev.num_virtual_functions);
	    if (ret < 0 )
	        goto out;
	    if (data->pci_dev.num_virtual_functions > 0)
	        data->pci_dev.flags |= VIR_NODE_DEV_CAP_FLAG_PCI_VIRTUAL_FUNCTION;

	nodedev: Abstract nodeDeviceVportCreateDelete as util function
	This abstracts nodeDeviceVportCreateDelete as an util function
	virManageVport, which can be further used by later storage patches
	(to support persistent vHBA, I don't want to create the vHBA
	using the public API, which is not good).

	nodedev: Dump max vports and vports in use for HBA's XML
	This enrichs HBA's xml by dumping the number of max vports and
	vports in use. Format is like:
	  <capability type='vport_ops'>
	    <max_vports>164</max_vports>
	    <vports>5</vports>
	  </capability>
	* docs/formatnode.html.in: (Document the new XML)
	* docs/schemas/nodedev.rng: (Add the schema)
	* src/conf/node_device_conf.h: (New member for data.scsi_host)
	* src/node_device/node_device_linux_sysfs.c: (Collect the value of
	  max_vports and vports)

	nodedev: Refactor the helpers
	This adds two util functions (virIsCapableFCHost and virIsCapableVport),
	and rename helper check_fc_host_linux as detect_scsi_host_caps,
	check_capable_vport_linux is removed, as it's abstracted to the util
	function virIsCapableVport. detect_scsi_host_caps nows detect both
	the fc_host and vport_ops capabilities. "stat(2)" is replaced with
	"access(2)" for saving.
	* src/util/virutil.h:
	  - Declare virIsCapableFCHost and virIsCapableVport
	* src/util/virutil.c:
	  - Implement virIsCapableFCHost and virIsCapableVport
	* src/node_device/node_device_linux_sysfs.c:
	  - Remove check_capable_vport_linux
	  - Rename check_fc_host_linux as detect_scsi_host_caps, and refactor
	    it a bit to detect both fc_host and vport_os capabilities
	* src/node_device/node_device_driver.h:
	  - Change/remove the related declarations
	* src/node_device/node_device_udev.c: (Use detect_scsi_host_caps)
	* src/node_device/node_device_hal.c: (Likewise)
	* src/node_device/node_device_driver.c (Likewise)

	nodedev: Use access instead of stat
	The use of 'stat' in nodeDeviceVportCreateDelete is only to check
	if the file exists or not, it's a bit overkill, and safe to replace
	with the wrapper of access(2) (virFileExists).

	util: Add one helper virReadFCHost to read the value of fc_host entry
	"open_wwn_file" in node_device_linux_sysfs.c is redundant, on one
	hand it duplicates work of virFileReadAll, on the other hand, it's
	waste to use a function for it, as there is no other users of it.
	So I don't see why the file opening work cannot be done in
	"read_wwn_linux".
	"read_wwn_linux" can be abstracted as an util function. As what all
	it does is to read the sysfs entry.
	So this patch removes "open_wwn_file", and abstract "read_wwn_linux"
	as an util function "virReadFCHost" (a more general name, because
	after changes, it can read each of the fc_host entry now).
	* src/util/virutil.h: (Declare virReadFCHost)
	* src/util/virutil.c: (Implement virReadFCHost)
	* src/node_device/node_device_linux_sysfs.c: (Remove open_wwn_file,
	  and read_wwn_linux)
	src/node_device/node_device_driver.h: (Remove the declaration of
	  read_wwn_linux, and the related macros)
	src/libvirt_private.syms: (Export virReadFCHost)

	nodedev: Introduce two new flags for listAll API
	VIR_CONNECT_LIST_NODE_DEVICES_CAP_FC_HOST to filter the FC HBA,
	and VIR_CONNECT_LIST_NODE_DEVICES_CAP_VPORTS to filter the FC HBA
	which supports vport.

	nodedev: Remove the unused enum
	Guess it was created for the fc_host and vports_ops capabilities
	purpose, but there is enum virNodeDevScsiHostCapFlags for them,
	and enum virNodeDevHBACapType is unused, and actually both
	VIR_ENUM_DECL and VIR_ENUM_IMPL use the wrong enum name
	"virNodeDevHBACap".

2013-03-25  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix docs for "virsh setmaxmem"
	The docs assumed the command works always for QEMU and other
	hypervisors. As this is done using the balloon mechainism live increase
	of the maximum memory limit isn't supported. Fix the docs to mention
	this limitation.

2013-03-23  Martin Kletzander  <mkletzan@redhat.com>

	lxc: Prevent shutting down the host
	When the container has the same '/dev' mount as host (no chroot),
	calling domainShutdown(WithFlags) shouldn't shutdown the host it is
	running on.

2013-03-23  Daniel P. Berrange  <berrange@redhat.com>

	Ensure root filesystem is mounted if a file/block mount.
	For a root filesystem with type=file or type=block, the LXC
	container was forgetting to actually mount it, before doing
	the pivot root step.

	Mount temporary devpts on /var/lib/libvirt/lxc/$NAME.devpts
	Currently the lxc controller sets up the devpts instance on
	$rootfsdef->src, but this only works if $rootfsdef is using
	type=mount. To support type=block or type=file for the root
	filesystem, we must use /var/lib/libvirt/lxc/$NAME.devpts
	for the temporary devpts mount in the controller

	Move FUSE mount to /var/lib/libvirt/lxc/$NAME.fuse
	Instead of using /var/lib/libvirt/lxc/$NAME for the FUSE
	filesystem, use /var/lib/libvirt/lxc/$NAME.fuse. This allows
	room for other temporary mounts in the same directory

	Fix thread safety in LXC callback handling
	Some of the LXC callbacks did not lock the virDomainObjPtr
	instance. This caused transient errors like
	error: Failed to start domain busy-mount
	error: cannot rename file '/var/run/libvirt/lxc/busy-mount.xml.new' as '/var/run/libvirt/lxc/busy-mount.xml': No such file or directory
	as 2 threads tried to update the status file concurrently

	Remove bogus filtering from virDomainGetRootFilesystem
	The virDomainGetRootFilesystem was only returning filesystems
	with type=mount. This is bogus - any type of filesystem is
	valid as the root, if dst=/.

2013-03-22  Jim Fehlig  <jfehlig@suse.com>

	Fix parsing of bond interface XML
	Noticed that parsing bond interface XML containing the miimon element
	fails
	  <interface type="bond" name="bond0">
	    ...
	    <bond mode="active-backup">
	      <miimon freq="100" carrier="netif"/>
	      ...
	    </bond>
	  </interface>
	This configuration does not contain the optional updelay and downdelay
	attributes, but parsing will fail due to returning the result of
	virXPathULong (a -1 when the attribute doesn't exist) from
	virInterfaceDefParseBond after examining the updelay attribute.
	While fixing this bug, cleanup the function to use virXPathInt instead
	of virXPathULong, and store the result directly instead of using a tmp
	variable.  Using virXPathInt actually fixes a potential silent
	truncation bug noted by Eric Blake.
	Also, there is no cleanup in the error label.  Remove the label,
	returning failure where failure occurs and success if the end of the
	function is reached.

2013-03-22  Ján Tomko  <jtomko@redhat.com>

	util: fix virAllocVar's comment

	virsh: don't print --(null) in vol-name and vol-pool
	Don't print the pool option name if it's null.
	Before:
	virsh # vol-name vol
	error: failed to get vol 'vol', specifying --(null) might help
	error: Storage volume not found: no storage vol with matching path vol
	After:
	virsh # vol-name vol
	error: failed to get vol 'vol'
	error: Storage volume not found: no storage vol with matching path vol
	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=924571

2013-03-22  Michal Privoznik  <mprivozn@redhat.com>

	viralloc: Export virAllocTest*
	If users build with --enable-test-oom configure option,
	they get this error saying, virAllocTest* functions are
	not defined within tests/testutils.c.

2013-03-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix free of uninitialized value in LXC numad setup
	The 'nodeset' variable was never initialized, causing a later
	VIR_FREE(nodeset) to free uninitialized memory.

2013-03-22  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: add support for LSI MegaRAID SAS1078 (aka megasas) SCSI controller
	This does nothing more than adding the new device and capability.
	The device is present since QEMU 1.2.0.

	qemu: pass iscsi authorization credentials
	A better way to do this would be to use a configuration file like
	   [iscsi "target-name"]
	   user = name
	   password = pwd
	and pass it via -readconfig.  This would remove the username and password
	from the "ps" output.  For now, however, keep this solution.

	domain: parse XML for iscsi authorization credentials

	secret: add iscsi to possible usage types

	domain: make port optional for network disks
	Only sheepdog actually required it in the code, and we can use 7000 as the
	default---the same value that QEMU uses for the simple "sheepdog:VOLUME"
	syntax.  With this change, the schema can be fixed to allow no port.

	qemu: support passthrough for iscsi disks
	This enables usage of commands like persistent reservations.

	qemu: add support for libiscsi
	libiscsi provides a userspace iSCSI initiator.
	The main advantage over the kernel initiator is that it is very
	easy to provide different initiator names for VMs on the same host.
	Thus libiscsi supports usage of persistent reservations in the VM,
	which otherwise would only be possible with NPIV.
	libiscsi uses "iscsi" as the scheme, not "iscsi+tcp".  We can change
	this in the tests (while remaining backwards-compatible manner, because
	QEMU uses TCP as the default transport for both Gluster and NBD).

2013-03-22  Guannan Ren  <gren@redhat.com>

	python:remove semicolon in python code
	This breaked "make syntax-check" testing
	Pushed under trivial rule

	make: regenerate bindings when <classname>.py changes

	python: treat flags as default argument with value 0
	The following four functions have not changed because default arguments
	have to come after positional arguments. Changing them will break the
	the binding APIs.
	migrate(self, dconn, flags, dname, uri, bandwidth):
	migrate2(self, dconn, dxml, flags, dname, uri, bandwidth):
	migrateToURI(self, duri, flags, dname, bandwidth):
	migrateToURI2(self, dconnuri, miguri, dxml, flags, dname, bandwidth):

2013-03-22  Martin Kletzander  <mkletzan@redhat.com>

	Correct invalid RNG schemas
	The 'trang' utility, which is able to transform '.rng' files into
	'.rnc' files, reported some errors in our schemas that weren't caught
	by the tools we use in the build.  I haven't added a test for this,
	but the validity can be checked by the following command:
	trang -I rng -O rnc domain.rng domain.rnc
	There were unescaped minuses in regular expressions and we were
	constraining int (which is by default in the range of [-2^31;2^31-1]
	to maximum of 2^32.  But what we wanted was exactly an unsignedInt.

2013-03-21  Peter Krempa  <pkrempa@redhat.com>

	virsh-snapshot: Simplify cleanup path in cmdSnapshotEdit

	virsh-snapshot: Use the mutually exclusive params macro in cmdSnapshotEdit

	virsh-snapshot: Refactor cmdSnapshotCurrent
	Use the exclusive parameter checker and touch up some parts to simplify
	code.

	virsh-domain: Fix flag name in error message to match the check
	The check is done on the "--paused" flag but the error message stated
	"--saved"

	virsh-host: Refactor cmdFreecell
	Use the new helpers to determine mutually exclusive options and touch up
	some parts to simplify the code.

	virsh-snapshot: Refactor virsh snapshot-list
	Simplify error handling and mutually exclusive option checking.

	virsh: Introduce macros to reject mutually exclusive arguments
	This patch adds three macros to the virsh source tree that help to
	easily check for mutually exclusive parameters.
	VSH_EXCLUSIVE_OPTIONS_EXPR has four arguments, two expressions to check
	and two names of the parameters to print in the message.
	VSH_EXCLUSIVE_OPTIONS is more specific and check the command structure
	for the parameters using vshCommandOptBool.
	VSH_EXCLUSIVE_OPTIONS_VAR is meant to check boolean variables with the
	same name as the parameters.

	python: Fix emulatorpin API bindings
	The addition of emulator pinning APIs didn't think of doing the right
	job with python APIs for them. The default generator produced unusable
	code for this.
	This patch switches to proper code as in the case of domain Vcpu pining.
	This change can be classified as a python API-breaker but in the state
	the code was before I doubt anyone was able to use it successfully.

	qemu: Un-mark volume as mirrored/copied if blockjob copy fails
	When the blockjob fails for some reason an event is emitted but the disk
	wasn't unmarked as being part of a active block copy operation.

2013-03-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix initialization of virIdentityPtr thread locals
	Some code mistakenly called virIdentityOnceInit directly
	instead of virIdentityInitialize(). This meant that one-time
	initializer was run many times with predictably bad results.

2013-03-21  Michal Privoznik  <mprivozn@redhat.com>

	qemu: s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_UNSUPPORTED
	The VIR_ERR_NO_SUPPORT error code is reserved for cases where an
	API is not implemented in a driver. It definitely should not be
	used when an API execution fails due to unsupported operation.

2013-03-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix linkage of virt-aa-helper with numa library
	The recent commit moved some of the use of libnuma out of the
	driver code, and into src/util/. It did not, however, update
	libvirt_util.la to link against libnuma. This caused linkage
	failure with virt-aa-helper, since nothing else caused libnuma
	to be pulled onto the linker command line.
	The fix removes all reference to NUMACTL_LIBS/CFLAGS from the
	various modules in src/Makefile.am and just adds them to the
	libvirt_util.la module, which everything else depends on.
	Technically a build-breaker fix, but wanted to wait for feedback
	on this

2013-03-21  Osier Yang  <jyang@redhat.com>

	qemu: Add the new disk src into shared disk table when updating disk
	We should record the new disk src in the shared disk table for
	updating disk (CD-ROM or Floppy) API. Fortunately, we only allow
	to update the disk source now, otherwise we might also want to
	set the unpriv_sgio setting.

2013-03-21  Guannan Ren  <gren@redhat.com>

	python: fix bindings that don't raise an exception
	For example:
	 >>> dom.memoryStats()
	 libvir: QEMU Driver error : Requested operation is not valid:\
	         domain is not running
	There are six such python API functions like so.
	The root reason is that generator.py script checks the type of return
	value of a python stub function defined in libvirt-api.xml or
	libvirt-override-api.xml to see whether to add the raise clause or not
	in python wrapper code in libvirt.py.
	The type of return value is supposed to be C types.
	For those stub functions which return python non-integer data type like
	string, list, tuple, dictionary, the existing type in functions varies
	from each other which leads problem like this.
	Currently, in generator.py, it maintains a buggy whitelist for stub functions
	returning a list type. I think it is easy to forget adding new function name
	in the whitelist.
	This patch makes the value of type consistent with C type "char *"
	in libvirt-override-api.xml. For python, any of types could be printed
	as string, so I choose "char *" in this case. And the comment in xml
	could explain it when adding new function definition.
	      <function name='virNodeGetCPUStats' file='python'>
	        ...
	 -      <return type='virNodeCPUStats' info='...'/>
	 +      <return type='char *' info='...'/>
	        ...
	      </function>

2013-03-21  Paolo Bonzini  <pbonzini@redhat.com>

	domain: add support for iscsi network disks
	This plumbs in the XML description of iSCSI shares.  The next patches
	will add support for the libiscsi userspace initiator.

2013-03-21  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Clean redundant code about VCPU string checking
	Now that VCPU number are removed from qemu_monitor_text.c
	(commit cc78d7ba), VCPU string checking also should be removed.
	Report-by: John Ferlan <jferlan@redhat.com>

2013-03-21  Gao feng  <gaofeng@cn.fujitsu.com>

	cgroup: export virCgroupRemoveRecursively
	We will use virCgroupRemoveRecursively to remove cgroup
	directories in the coming patch.

2013-03-21  Guido Günther  <agx@sigxcpu.org>

	Don't fail if SELinux is diabled
	but libvirt is built with --with-selinux. In this case getpeercon
	returns ENOPROTOOPT so don't return an error in that case but simply
	don't set seccon.

2013-03-21  Gene Czarcinski  <gene@czarc.net>

	clarify virsh net commands
	Clarify that net-create deals with a transient virtual
	network whereas net-define defines a persistent virtual
	network definition and will create the network (xml)
	definition file.
	Clarify that net-destroy works with both transient and
	persistent virtual networks.

2013-03-20  Philipp Hahn  <hahn@univention.de>

	doc/schema: disk storage volume formats
	The storage volume formats supported by the disk storage pool are
	missing from the allowed values.
	Add partition types.

	doc: storage: Fix grammar
	Remove 'are' before 'have'.

	doc/schema: Support iqn for storage pools
	iSCSI qualified names (iqn) from RFC3721 may contain colons (':'), which
	neither matches the absFilePath nor genericName:
	 $ virsh pool-dumpxml myiscsipool
	 <pool type='iscsi'>
	 ...
	   <source>
	 ...
	     <device path='iqn.2003-01.org.linux-iscsi.phahn-sid93.x8664:sn.8a3daa0d4efd'/>
	   </source>
	 ...
	 </pool>
	Add IscsiQualifiedName type and allow its use in sourceiscsi.

	doc/schema: add ocfs2 for disk vol
	Add ocfs2 for disk vol.

2013-03-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix typos s/HAVE_SELINUX/WITH_SELINUX/
	The virNetSocket & virIdentity classes accidentally got some
	conditionals using HAVE_SELINUX instead of WITH_SELINUX.

2013-03-20  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: add cpuset cgroup support for lxc
	This patch adds cpuset cgroup support for LXC.

	NUMA: cleanup for numa related codes
	Intend to reduce the redundant code,use virNumaSetupMemoryPolicy
	to replace virLXCControllerSetupNUMAPolicy and
	qemuProcessInitNumaMemoryPolicy.
	This patch also moves the numa related codes to the
	file virnuma.c and virnuma.h

2013-03-20  Olivia Yin  <hong-hua.yin@freescale.com>

	fix TLS error with virNetServerClientCreateIdentity
	Compilation error when WITH_GNUTLS is 0, introduced in commit d5e83ad.

2013-03-20  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: allow uses advisory nodeset from querying numad
	Allow lxc using the advisory nodeset from querying numad,
	this means if user doesn't specify the numa nodes that
	the lxc domain should assign to, libvirt will automatically
	bind the lxc domain to the advisory nodeset which queried from
	numad.

	rename qemuGetNumadAdvice to virNumaGetAutoPlacementAdvice
	qemuGetNumadAdvice will be used by LXC driver, rename
	it to virNumaGetAutoPlacementAdvice and move it to virnuma.c

2013-03-20  Olivia Yin  <hong-hua.yin@freescale.com>

	selinux: deal with dtb file

	qemu: add dtb option support
	The "dtb" option sets the filename for the device tree.
	If without this option support, "-dtb file" will be converted into
	<qemu:commandline> in domain XML file.
	For example, '-dtb /media/ram/test.dtb' will be converted into
	  <qemu:commandline>
	    <qemu:arg value='-dtb'/>
	    <qemu:arg value='/media/ram/test.dtb'/>
	  </qemu:commandline>
	This is not very friendly.
	This patchset add special <dtb> tag like <kernel> and <initrd>
	which is easier for user to write domain XML file.
	  <os>
	    <type arch='ppc' machine='ppce500v2'>hvm</type>
	    <kernel>/media/ram/uImage</kernel>
	    <initrd>/media/ram/ramdisk</initrd>
	    <dtb>/media/ram/test.dtb</dtb>
	    <cmdline>root=/dev/ram rw console=ttyS0,115200</cmdline>
	  </os>

	conf: support <dtb> tag in XML domain file

2013-03-20  Doug Goldstein  <cardoe@cardoe.com>

	Fix --without-libvirtd builds
	When building with --without-libvirtd and udev support is detected we
	will fail to build with the following error:
	    node_device/node_device_udev.c:1608:37: error: unknown type name
	        'virStateInhibitCallback'

2013-03-20  Gene Czarcinski  <gene@czarc.net>

	rename tests/conftest.c
	To prevent confusion with configure's popular name
	for a file, rename conftest.c to test_conf.c which
	is consistent with the invoking test_conf.sh

2013-03-20  Laine Stump  <laine@laine.org>

	storage: fix unlikely memory leak in rbd backend
	virStorageBackendRBDRefreshPool() first allocates an array big enough
	to hold 1024 names, then calls rbd_list(), which returns ERANGE if the
	array isn't big enough. When that happens, the VIR_ALLOC_N is called
	again with a larger size. Unfortunately, the original array isn't
	freed before allocating a new one.

2013-03-19  Christophe Fergeau  <cfergeau@redhat.com>

	Fix /pool/storage/name documentation
	There was a 2 word sentence 'remote server' which is a left-over
	from copy and paste.

	Fix /pool/storage/directory@path documentation
	Because of a wrong copy and paste, the documentation was saying that
	'path' is the path to a block device node while it's a path to a
	directory.

2013-03-19  Daniel P. Berrange  <berrange@redhat.com>

	Do not prematurely close loop devices in LXC controller
	The LXC controller is closing loop devices as soon as the
	container has started. This is fine if the loop device
	was setup as a mounted filesystem, but if we're just passing
	through the loop device as a disk, nothing else is keeping
	it open. Thus we must keep the loop device FDs open for as
	long the libvirt_lxc process is running.

	Setup LXC cgroups in two phases
	Currently the LXC controller creates the cgroup, configures the
	resources and adds the task all in one go. This is not sufficiently
	flexible for the forthcoming NBD integration. We need to make sure
	the NBD process gets into the right cgroup immediately, but we can
	not have limits (in particular the device ACL) applied at the point
	where we start qemu-nbd. So create a virLXCCgroupCreate method
	which creates the cgroup and adds the current task to be called
	early, and leave virLXCCgroupSetup to only do resource config.

	Set the current client identity during API call dispatch
	When dispatching an RPC API call, setup the current identity to
	hold the identity of the network client associated with the
	RPC message being dispatched. The setting is thread-local, so
	only affects the API call in this thread

	Add ability to get a virIdentity from a virNetServerClientPtr
	Add APIs which allow creation of a virIdentity from the info
	associated with a virNetServerClientPtr instance. This is done
	based on the results of client authentication processes like
	TLS, x509, SASL, SO_PEERCRED

	Add API to get the system identity
	If no user identity is available, some operations may wish to
	use the system identity. ie the identity of the current process
	itself. Add an API to get such an identity.

	Add APIs for associating a virIdentityPtr with the current thread
	To allow any internal API to get the current identity, add APIs
	to associate a virIdentityPtr with the current thread, via a
	thread local

	Define internal APIs for managing identities
	Introduce a local object virIdentity for managing security
	attributes used to form a client application's identity.
	Instances of this object are intended to be used as if they
	were immutable, once created & populated with attributes

	Add APIs to get at more client security data
	A socket object has various pieces of security data associated
	with it, such as the SELinux context, the SASL username and
	the x509 distinguished name. Add new APIs to virNetServerClient
	and related modules to access this data.

2013-03-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix startupPolicy regression
	Commit 82d5fe543720da6d83c1d6bfa1c347d7d9fda278
	    qemu: check backing chains even when cgroup is omitted
	added backing file checks just before the code that removes optional
	disks if they are not present. However, the backing chain code fails in
	case the disk file does not exist, which makes qemuProcessStart fail
	regardless on configured startupPolicy.
	Note that startupPolicy implementation is still wrong after this patch
	since it only check the first file in a possible chain. It should rather
	check the complete backing chain. But this is an existing limitation
	that can be solved later. After all, startupPolicy is most useful for
	CDROM images and they won't make use of backing files in most cases.

2013-03-16  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: support URI syntax for NBD
	QEMU 1.3 and newer support an alternative URI-based syntax to specify
	the location of an NBD server.  Libvirt can keep on using the old
	syntax in general, but only the URI syntax supports IPv6 addresses.
	The URI syntax also supports relative paths to Unix sockets.  These
	should never be used but aren't explicitly blocked either by the parser,
	so support it just in case.
	The URI syntax is intentionally compatible with Gluster's, and the
	code can be reused.

	qemu: support NBD with Unix sockets
	This reuses the XML format that was introduced for Gluster.

	qemu: support named nbd exports
	These are supported by nbd-server and by the NBD server that QEMU
	embeds for live image access.

	qemu: rewrite NBD command-line builder and parser
	Move the code to an external function, and structure it to prepare
	the addition of new features in the next few patches.

	qemu: test NBD command-line builder and parser
	Enable more testing of NBD parsing, to ensure rewrites work.

2013-03-16  Eric Blake  <eblake@redhat.com>

	util: portably check for unchanged uid
	We've already scrubbed for comparisons of 'uid_t == -1' (which fail
	on platforms where uid_t is a u16), but another one snuck in.
	* src/util/virutil.c (virSetUIDGIDWithCaps): Correct uid comparison.
	* cfg.mk (sc_prohibit_risky_id_promotion): New rule.

2013-03-15  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: do not support non-network disks without -drive
	QEMU added -drive in 2007, and NBD in 2008.  Both appeared first in
	release 0.10.0.  Thus the code to support network disks without -drive
	is dead, and in fact it incorrectly escapes commas.  Drop it.

2013-03-15  Martin Kletzander  <mkletzan@redhat.com>

	Cleanup useless flags specifications
	After we switched to C99 initialization, I noticed there were many
	places where the specification of .flags parameter differed.  After
	going through many options and deciding whether to unify the
	initialization to be '.flags = 0' or '.flags = VSH_OFLAG_NONE', I
	realized both can be removed and it makes the code easier to go
	through.

	Fix snapshot-create-as syntax in help output
	According to the man page, the memspec parameter should have the
	'--memspec' option mandatory and this is as close as we can get to
	that.  What this change does is explained below.
	man virsh:
	snapshot-create-as ... [[--live] [--memspec memspec]]
	virsh help snapshot-create-as before this patch:
	  SYNOPSIS
	    snapshot-create-as ... [<memspec>] ...
	...
	  OPTIONS
	    [--memspec] <string> ...
	virsh help snapshot-create-as after this patch:
	  SYNOPSIS
	    snapshot-create-as ... [--memspec <string>] ...
	...
	  OPTIONS
	    --memspec <string> ...

	Make vshDebug work when parsing parameters
	The vshInit initializes ctl->debug by which vshDebug (which is also
	called in vshParseArgv) decides whether to print out the message or
	not.

2013-03-15  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Remove contiguous CPU indexes assumption
	When getting CPUs' information, it assumes that CPU indexes
	are not contiguous. But for ppc64 platform, CPU indexes are not
	contiguous because SMT is needed to be disabled, so CPU information
	is not right on ppc64 and vpuinfo, vcpupin can't work corretly.
	This patch is to remove the assumption to be compatible with ppc64.
	Test:
	   4 vcpus are assigned to one VM and execute vcpuinfo command.
	   Without patch: There is only one vcpu informaion can be listed.
	   With patch: All vcpus' information can be listed correctly.

2013-03-15  Christophe Fergeau  <cfergeau@redhat.com>

	Update to COPYING.LIB to latest LGPLv2.1 copy
	The text version
	of LGPLv2.1 available at
	http://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt is slightly
	different from COPYING.LIB:
	- several paragraphs were rewrapped
	- the FSF address has changed, so the license has been changed to
	  indicate the newer address
	I've checked that there are no changes in the license text apart from
	the updated address, which is what I want to fix with this commit.

2013-03-15  Yanbing Du  <ydu@redhat.com>

	Fix a copy & paste error for virsh dump help

2013-03-15  Peter Krempa  <pkrempa@redhat.com>

	audit: Audit resources used by VirtIO RNG
	This patch adds auditing of resources used by Virtio RNG devices. Only
	resources on the local filesystems are audited.
	The audit logs look like:
	For the 'random' backend:
	type=VIRT_RESOURCE msg=audit(1363099126.643:31): pid=995252 uid=0 auid=4294967295 ses=4294967295 msg='virt=kvm resrc=rng reason=start vm="qcow-test" uuid=118733ed-b658-3e22-a2cb-4fe5cb3ddf79 old-rng="?" new-rng="/dev/random": exe="/home/pipo/libvirt/daemon/.libs/libvirtd" hostname=? addr=? terminal=pts/0 res=success'
	For local character device source:
	type=VIRT_RESOURCE msg=audit(1363100164.240:96): pid=995252 uid=0 auid=4294967295 ses=4294967295 msg='virt=kvm resrc=rng reason=start vm="qcow-test" uuid=118733ed-b658-3e22-a2cb-4fe5cb3ddf79 old-rng="?" new-rng="/tmp/unix.sock": exe="/home/pipo/libvirt/daemon/.libs/libvirtd" hostname=? addr=? terminal=pts/0 res=success'

2013-03-15  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Testcases for virtio-scsi and virtio-rng
	Adding test cases for virtio-scsi and virtio-rng. Since ccw is covering
	the superset of the s390 bus handling, these are deemed to be sufficient.

	S390: Enable virtio-scsi and virtio-rng
	Newer versions of QEMU support virtio-scsi and virtio-rng devices
	on the virtio-s390 and ccw buses. Adding capability detection,
	address assignment and command line generation for that.

	qemu: Rename virtio-scsi capability
	QEMU_CAPS_VIRTIO_SCSI_PCI implies that virtio-scsi is only supported
	for the PCI bus, which is not the case. Remove the _PCI suffix.

2013-03-15  Laine Stump  <laine@laine.org>

	util: fix clear_emulator_capabilities=0
	My commit 7a2e845a865dc7fa82d2393ea2a770cfc8cf00b4 (and its
	prerequisites) managed to effectively ignore the
	clear_emulator_capabilities setting in qemu.conf (visible in the code
	as the VIR_EXEC_CLEAR_CAPS flag when qemu is being exec'ed), with the
	result that the capabilities are always cleared regardless of the
	qemu.conf setting. This patch fixes it by passing the flag through to
	virSetUIDGIDWithCaps(), which uses it to decide whether or not to
	clear existing capabilities before adding in those that were
	requested.
	Note that the existing capabilities are *always* cleared if the new
	process is going to run as non-root, since the whole point of running
	non-root is to have the capabilities removed (it's still possible to
	maintain individual capabilities as needed using the capBits argument
	though).

2013-03-14  Eric Blake  <eblake@redhat.com>

	qemu: detect multi-head qxl via more than version check
	Multi-head QXL support is so useful that distros have started to
	backport it to qemu earlier than 1.2.  After discussion with
	Alon Levy, we determined that the existence of the qxl-vga.surfaces
	property is a reliable indicator of whether '-device qxl-vga' works,
	or whether we have to stick to the older '-vga qxl'.  I'm leaving
	in the existing check for QEMU_CAPS_DEVICE_VIDEO_PRIMARY tied to
	qemu 1.2 and newer (in case qemu is built without qxl support),
	but for those distros that backport qxl, this additional capability
	check will allow the correct command line for both RHEL 6.3 (which
	lacks the feature) and RHEL 6.4 (where qemu still claims to be
	version 0.12.2.x, but has backported multi-head qxl).
	* src/qemu/qemu_capabilities.c (virQEMUCapsObjectPropsQxlVga): New
	property test.
	(virQEMUCapsExtractDeviceStr): Probe for backport of new
	capability to qemu earlier than 1.2.
	* tests/qemuhelpdata/qemu-kvm-1.2.0-device: Update test.
	* tests/qemuhelpdata/qemu-1.2.0-device: Likewise.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel62-beta-device:
	Likewise.

2013-03-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix deps for generating RPC dispatch code
	The src/lxc/lxc_*_dispatch.h files only had deps on the
	RPC generator script & the XDR definition file. So when
	the Makefile.am args passed to the generator were change,
	the disaptch code was not re-generated. This caused a
	build failure
	  CC       libvirt_lxc-lxc_controller.o
	lxc/lxc_controller.c: In function 'virLXCControllerSetupServer':
	lxc/lxc_controller.c:718:47: error: 'virLXCMonitorProcs' undeclared (first use in this function)
	lxc/lxc_controller.c:718:47: note: each undeclared identifier is reported only once for each function it appears in
	lxc/lxc_controller.c:719:47: error: 'virLXCMonitorNProcs' undeclared (first use in this function)
	make[3]: *** [libvirt_lxc-lxc_controller.o] Error 1
	For added fun, the generated files were not listed in
	CLEANFILES, so only a 'git clean -f' would fix the build

2013-03-14  Ján Tomko  <jtomko@redhat.com>

	Fix size probing for VDI images
	Commit 027bf2ea used the wrong offset: the text field at the start
	of the header has 64 bytes, not 68. [1]
	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=921452
	[1] https://forums.virtualbox.org/viewtopic.php?p=29267#p29267

2013-03-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix generation of systemtap probes for RPC protocols
	The naming used in the RPC protocols for the LXC monitor and
	lock daemon confused the script used to generate systemtap
	helper functions. Rename the LXC monitor protocol symbols to
	reduce confusion. Adapt the gensystemtap.pl script to cope
	with the LXC monitor / lock daemon naming conversions.
	This has no functional impact on RPC wire protocol, since
	names are only used in the C layer

	Re-add DTrace probes on 'dispose' functions
	When converting to virObject, the probes on the 'Free' functions
	were removed on the basis that there is a probe on virObjectFree
	that suffices. This puts a burden on people writing probe scripts
	to identify which object is being dispose. This adds back probes
	in the 'Dispose' functions and updates the rpc monitor systemtap
	example to use them

	Fix parsing of SELinux ranges without a category
	Normally libvirtd should run with a SELinux label
	  system_u:system_r:virtd_t:s0-s0:c0.c1023
	If a user manually runs libvirtd though, it is sometimes
	possible to get into a situation where it is running
	  system_u:system_r:init_t:s0
	The SELinux security driver isn't expecting this and can't
	parse the security label since it lacks the ':c0.c1023' part
	causing it to complain
	  internal error Cannot parse sensitivity level in s0
	This updates the parser to cope with this, so if no category
	is present, libvirtd will hardcode the equivalent of c0.c1023.
	Now this won't work if SELinux is in Enforcing mode, but that's
	not an issue, because the user can only get into this problem
	if in Permissive mode. This means they can now start VMs in
	Permissive mode without hitting that parsing error

	Separate MCS range parsing from MCS range checking
	Pull the code which parses the current process MCS range
	out of virSecuritySELinuxMCSFind and into a new method
	virSecuritySELinuxMCSGetProcessRange.

	Fix memory leak on OOM in virSecuritySELinuxMCSFind
	The body of the loop in virSecuritySELinuxMCSFind would
	directly 'return NULL' on OOM, instead of jumping to the
	cleanup label. This caused a leak of several local vars.

	Avoid closing uninitialized FDs when LXC startup fails
	If an LXC domain failed to start because of a bogus SELinux
	label, virLXCProcessStart would call VIR_CLOSE(0) by mistake.
	This is because the code which initializes the member of the
	ttyFDs array to -1 got moved too far away from the place where
	the array is first allocated.

	Prevent streams from becoming libvirtd controlling TTY
	When opening a stream to a device which is a TTY, that device
	may become the controlling TTY of libvirtd, if libvirtd was
	daemonized. This in turn means when the other end of the stream
	closes, libvirtd gets SIGHUP, causing it to reload its config.
	Prevent this by forcing O_NOCTTY on all streams that are opened

2013-03-14  Peter Krempa  <pkrempa@redhat.com>

	virtio-rng: Add rate limiting options for virtio-RNG
	Qemu's implementation of virtio RNG supports rate limiting of the
	entropy used. This patch exposes the option to tune this functionality.
	This patch is based on qemu commit 904d6f588063fb5ad2b61998acdf1e73fb4
	The rate limiting is exported in the XML as:
	<devices>
	  ...
	  <rng model='virtio'>
	    <rate bytes='123' period='1234'/>
	    <backend model='random'/>
	  </rng>
	  ...

2013-03-14  Guannan Ren  <gren@redhat.com>

	util: escapes special characters in VIR_LOG_REGEX
	In debug mode, the bug failed to start vm
	error: Failed to start domain rhel5u9
	error: internal error Out of space while reading console log output:
	...

2013-03-14  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Testcases for virtio-ccw machines
	This adds and corrects testcases for virtio devices on s390
	guests.

2013-03-14  J.B. Joret  <jb@linux.vnet.ibm.com>

	S390: Add hotplug support for s390 virtio devices
	We didn't yet expose the virtio device attach and detach functionality
	for s390 domains as the device hotplug was very limited with the old
	virtio-s390 bus. With the CCW bus there's full hotplug support for
	virtio devices in QEMU, so we are adding this to libvirt too.
	Since the virtio hotplug isn't limited to PCI anymore, we change the
	function names from xxxPCIyyy to xxxVirtioyyy, where we handle all
	three virtio bus types.

2013-03-14  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: QEMU driver support for CCW addresses
	This commit adds the QEMU driver support for CCW addresses. The
	current QEMU only allows virtio devices to be attached to the
	CCW bus. We named the new capability indicating that support
	QEMU_CAPS_VIRTIO_CCW accordingly.
	The fact that CCW devices can only be assigned to domains with a
	machine type of s390-ccw-virtio requires a few extra checks for
	machine type in qemu_command.c on top of querying
	QEMU_CAPS_VIRTIO_{CCW|S390}.
	The majority of the new functions deals with CCW address generation
	and management.

	S390: domain_conf support for CCW
	Add necessary handling code for the new s390 CCW address type to
	virDomainDeviceInfo. Further, introduce  memory management, XML
	parsing, output formatting and range validation for the new
	virDomainDeviceCCWAddress type.

	S390: Documentation for CCW address type
	The native bus for s390 I/O is called CCW (channel command word).
	As QEMU has added basic support for the CCW bus, i.e. the
	ability to assign CCW devnos (bus addresses) to devices.
	Domains with the new machine type s390-ccw-virtio can use the
	CCW bus. Currently QEMU will only allow to define virtio
	devices on the CCW bus.
	Here we add the new machine type and the new device address to the
	schema definition and add a new paragraph to the domain XML
	documentation.

2013-03-13  Daniel P. Berrange  <berrange@redhat.com>

	Daemonize fuse thread in libvirt_lxc
	In some startup failure modes, the fuse thread may get itself
	wedged. This will cause the entire libvirt_lxc process to
	hang trying to the join the thread. There is no compelling
	reason to wait for the thread to exit if the whole process
	is exiting, so just daemonize the fuse thread instead.

	Use separate symbol file for GNUTLS symbols
	A number of symbols are only present when GNUTLS is enabled.
	Thus we must use a separate libvirt_gnutls.syms file for them
	instead of libvirt_private.syms

	Fix missing error dispatch in virDomainLxcEnterNamespace
	The virDomainLxcEnterNamespace method mistakenly uses
	virCheckFlags, which returns immediately instead of
	virCheckFlagsGoto which jumps to the error cleanup
	patch where there is a virDispatchError call

	Fix query of LXC security label
	The virDomainGetSecurityLabel method is currently (mistakenly)
	showing the label of the libvirt_lxc process:
	...snip...
	Security model: selinux
	Security DOI:   0
	Security label: system_u:system_r:virtd_t:s0-s0:c0.c1023 (permissive)
	when it should be showing the init process label
	...snip...
	Security model: selinux
	Security DOI:   0
	Security label: system_u:system_r:svirt_t:s0:c724,c995 (permissive)

	Apply security label when entering LXC namespaces
	Add a new virDomainLxcEnterSecurityLabel() function as a
	counterpart to virDomainLxcEnterNamespaces(), which can
	change the current calling process to have a new security
	context. This call runs client side, not in libvirtd
	so we can't use the security driver infrastructure.
	When entering a namespace, the process spawned from virsh
	will default to running with the security label of virsh.
	The actual desired behaviour is to run with the security
	label of the container most of the time. So this changes
	virsh lxc-enter-namespace command to invoke the
	virDomainLxcEnterSecurityLabel method.
	The current behaviour is:
	LABEL                             PID TTY          TIME CMD
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 29 ? 00:00:00 dhclient
	staff_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 47 ? 00:00:00 ps
	Note the ps command is running as unconfined_t,  After this patch,
	The new behaviour is this:
	virsh -c lxc:/// lxc-enter-namespace dan -- /bin/ps -eZ
	LABEL                             PID TTY          TIME CMD
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 32 ? 00:00:00 dhclient
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 38 ? 00:00:00 ps
	The '--noseclabel' flag can be used to skip security labelling.

2013-03-13  Michal Privoznik  <mprivozn@redhat.com>

	qemu_driver: Try KVM_CAP_MAX_VCPUS only if defined
	With our recent patch (1715c83b5f) we thrive to get the correct
	number of maximal VCPUs. However, we are using a constant from
	linux/kvm.h which may be not defined in every distro. Hence, we
	should guard usage of the constant with ifdef preprocessor
	directive. This was introduced in kernel:
	    commit 8c3ba334f8588e1d5099f8602cf01897720e0eca
	    Author: Sasha Levin <levinsasha928@gmail.com>
	    Date:   Mon Jul 18 17:17:15 2011 +0300
	    KVM: x86: Raise the hard VCPU count limit
	    The patch raises the hard limit of VCPU count to 254.
	    This will allow developers to easily work on scalability
	    and will allow users to test high VCPU setups easily without
	    patching the kernel.
	    To prevent possible issues with current setups, KVM_CAP_NR_VCPUS
	    now returns the recommended VCPU limit (which is still 64) - this
	    should be a safe value for everybody, while a new KVM_CAP_MAX_VCPUS
	    returns the hard limit which is now 254.
	$ git desc 8c3ba334f
	v3.1-rc7-48-g8c3ba33

2013-03-13  Peter Krempa  <pkrempa@redhat.com>

	virCaps: conf: start splitting out irrelevat data
	The virCaps structure gathered a ton of irrelevant data over time that.
	The original reason is that it was propagated to the XML parser
	functions.
	This patch aims to create a new data structure virDomainXMLConf that
	will contain immutable data that are used by the XML parser. This will
	allow two things we need:
	1) Get rid of the stuff from virCaps
	2) Allow us to add callbacks to check and add driver specific stuff
	after domain XML is parsed.
	This first attempt removes pointers to private data allocation functions
	to this new structure and update all callers and function that require
	them.

2013-03-13  Daniel P. Berrange  <berrange@redhat.com>

	Remove hack using existance of an 'identity' string to disable auth
	Currently the server determines whether authentication of clients
	is complete, by checking whether an identity is set. This patch
	removes that lame hack and replaces it with an explicit method
	for changing the client auth code
	* daemon/remote.c: Update for new APis
	* src/libvirt_private.syms, src/rpc/virnetserverclient.c,
	  src/rpc/virnetserverclient.h: Remove virNetServerClientGetIdentity
	  and virNetServerClientSetIdentity, adding a new method
	  virNetServerClientSetAuth.

	Add API for thread cancellation
	Add a virThreadCancel function. This functional is inherently
	dangerous and not something we want to use in general, but
	integration with SELinux requires that we provide this stub.
	We leave out any Win32 impl to discourage further use and
	because obviously SELinux isn't enabled on Win32

2013-03-12  Daniel P. Berrange  <berrange@redhat.com>

	Add missing break in LXC loop device setup
	When setting up disks with loop devices for LXC, one of the
	switch cases was missing a 'break' causing it to fallthrough
	to an error condition.

2013-03-12  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid NULL dereference in qemuSharedDiskEntryFree
	At least one caller may call qemuSharedDiskEntryFree with NULL as the
	first argument. Let's make the function similar to other *Free functions
	and do nothing in such case.

	docs: Clarify semantics of sparse storage volumes
	Sparse LVM volumes do not behave in the way one would naively expect.
	The allocation does not automatically increase (which is different from
	how sparse files work).

2013-03-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix retrieval of maximum number of vCPUs on KVM hosts
	The detection of the maximum number of cpus used incorrect ioctl
	argument value. This flaw caused that on kvm hosts this returns always
	"160" as the maximum. This is just a recommended maximum value. The real
	value is higher than that.
	This patch tweaks the detection function to behave as described by the
	kernel docs:
	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/virtual/kvm/api.txt?id=refs/tags/v3.9-rc2#n199

2013-03-11  Hu Tao  <hutao@cn.fujitsu.com>

	nodeinfo: don't define nodeGetCellMemory if it isn't ever used

2013-03-11  Ján Tomko  <jtomko@redhat.com>

	virsh: fix snapshot-create with no xmlfile
	Properly check the return value of vshCommandOptStringReq for xmlfile:
	* error out on incorrect input (--xmlfile '')
	* use default XML <domainsnapshot/> with no --xmlfile specified
	(Broken by commit b2e8585)
	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=919826

2013-03-11  Guido Günther  <agx@sigxcpu.org>

	Convert HAVE_SELINUX to WITH_SELINUX
	these were missed by 63f18f378693cac6b6e33f4a8c15c20cb191c7c8

	lxc: Init activeUsbHostdevs
	otherwise we crash with
	 #0  virUSBDeviceListFind (list=0x0, dev=dev@entry=0x8193d70) at util/virusb.c:526
	 #1  0xb1a4995b in virLXCPrepareHostdevUSBDevices (driver=driver@entry=0x815d9a0, name=0x815dbf8 "debian-700267", list=list@entry=0x81d8f08) at lxc/lxc_hostdev.c:88
	 #2  0xb1a49fce in virLXCPrepareHostUSBDevices (def=0x8193af8, driver=0x815d9a0) at lxc/lxc_hostdev.c:261
	 #3  virLXCPrepareHostDevices (driver=driver@entry=0x815d9a0, def=0x8193af8) at lxc/lxc_hostdev.c:328
	 #4  0xb1a4c5b1 in virLXCProcessStart (conn=0x817d3f8, driver=driver@entry=0x815d9a0, vm=vm@entry=0x8190908, autoDestroy=autoDestroy@entry=false, reason=reason@entry=VIR_DOMAIN_RUNNING_BOOTED)
	     at lxc/lxc_process.c:1068
	 #5  0xb1a57e00 in lxcDomainStartWithFlags (dom=dom@entry=0x815e460, flags=flags@entry=0) at lxc/lxc_driver.c:1014
	 #6  0xb1a57fc3 in lxcDomainStart (dom=0x815e460) at lxc/lxc_driver.c:1046
	 #7  0xb79c8375 in virDomainCreate (domain=domain@entry=0x815e460) at libvirt.c:8450
	 #8  0x08078959 in remoteDispatchDomainCreate (args=0x81920a0, rerr=0xb65c21d0, client=0xb0d00490, server=<optimized out>, msg=<optimized out>) at remote_dispatch.h:1066
	 #9  remoteDispatchDomainCreateHelper (server=0x80c4928, client=0xb0d00490, msg=0xb0d005b0, rerr=0xb65c21d0, args=0x81920a0, ret=0x815d208) at remote_dispatch.h:1044
	 #10 0xb7a36901 in virNetServerProgramDispatchCall (msg=0xb0d005b0, client=0xb0d00490, server=0x80c4928, prog=0x80c6438) at rpc/virnetserverprogram.c:432
	 #11 virNetServerProgramDispatch (prog=0x80c6438, server=server@entry=0x80c4928, client=0xb0d00490, msg=0xb0d005b0) at rpc/virnetserverprogram.c:305
	 #12 0xb7a300a7 in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0x80c4928) at rpc/virnetserver.c:162
	 #13 virNetServerHandleJob (jobOpaque=0xb0d00510, opaque=0x80c4928) at rpc/virnetserver.c:183
	 #14 0xb7924f98 in virThreadPoolWorker (opaque=opaque@entry=0x80a94b0) at util/virthreadpool.c:144
	 #15 0xb7924515 in virThreadHelper (data=0x80a9440) at util/virthreadpthread.c:161
	 #16 0xb7887c39 in start_thread (arg=0xb65c2b70) at pthread_create.c:304
	 #17 0xb77eb78e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
	when adding a domain with a usb device. This is Debian bug
	    http://bugs.debian.org/700267

2013-03-11  Michal Privoznik  <mprivozn@redhat.com>

	bandwidth: Require network QoS if interface uses 'floor'
	By current implementation, network inbound is required in order
	to use 'floor' for guaranteeing  minimal throughput. This is so,
	because we want user to tell us the maximal throughput of the
	network instead of finding out ourselves (and detect bogus values
	in case of virtual interfaces). However, we are nowadays
	requiring this only on documentation level. So if user starts a
	domain with 'floor' set on one its interfaces, we silently ignore
	the setting. We should error out instead.

2013-03-10  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Remove unused vshCompleteXMLFromDomain
	The function is marked as unused and breaks compilation on RHEL4. Remove
	it from the tree until a new use case can be found.

	Revert "Ensure xmlSaveToBuffer is always defined"
	The commit originally fixed code that isn't being used. Revert
	it and remove the unused code as a real fix.
	This reverts commit a66b32d9295ed87698ffd98d82e9e5818ff799e5.

2013-03-09  Dusty Mabe  <dustymabe@gmail.com>

	capabilities: add NUMA memory information
	'virsh capabilities' will now include a new <memory> element
	per <cell> of the topology, as in:
	    <topology>
	      <cells num='2'>
	        <cell id='0'>
	          <memory unit='KiB'>12572412</memory>
	          <cpus num='12'>
	          ...
	        </cell>

2013-03-09  Guido Günther  <agx@sigxcpu.org>

	lxc: include sys/stat.h
	This fixes the build on Debian Wheezy which otherwise fails with:
	  CC     libvirt_driver_lxc_impl_la-lxc_process.lo
	  lxc/lxc_process.c: In function 'virLXCProcessGetNsInode':
	  lxc/lxc_process.c:648:5: error: implicit declaration of function 'stat' [-Werror=implicit-function-declaration]
	  lxc/lxc_process.c:648:5: error: nested extern declaration of 'stat' [-Werror=nested-externs]
	  cc1: all warnings being treated as errors

2013-03-08  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainBlockStatsFlags: Guard disk lookup with a domain job
	When there are two concurrent threads, we may dereference a NULL
	pointer, even though it has been checked before:
	1. Thread1: starts executing qemuDomainBlockStatsFlags() with nparams != 0.
	            It finds given disk and successfully pass check for disk->info.alias
	            not being NULL.
	2. Thread2: starts executing qemuDomainDetachDeviceFlags() on the very same
	            disk as Thread1 is working on.
	3. Thread1: gets to qemuDomainObjBeginJob() where it sets a job on a
	            domain.
	4. Thread2: also tries to set a job. However, we are not guaranteed which
	            thread wins. So assume it's Thread2 who can continue.
	5. Thread2: does the actual detach and frees disk->info.alias
	6. Thread2: quits the job
	7. Thread1: now successfully acquires the job, and accesses a NULL pointer.

2013-03-08  Guannan Ren  <gren@redhat.com>

	apparmor: use AppArmorSetFDLabel for both imageFD and tapFD
	Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could
	be used as a common function for *ALL* fd relabelling in Linux.
	In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773
	Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files
	The last line is for the tapfd relabelling.
	 # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
	  "/var/log/libvirt/**/rhel6qcow2.log" w,
	  "/var/lib/libvirt/**/rhel6qcow2.monitor" rw,
	  "/var/run/libvirt/**/rhel6qcow2.pid" rwk,
	  "/run/libvirt/**/rhel6qcow2.pid" rwk,
	  "/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
	  "/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
	  "/var/lib/libvirt/images/rhel6u3qcow2.img" rw,
	  "/dev/tap45" rw,

2013-03-08  Daniel P. Berrange  <berrange@redhat.com>

	Include pid namespace inode in LXC audit messages
	To allow the efficient correlation of container audit messages
	with host hosts, include the pid namespace inode in audit
	messages.

	Add support for disks backed by plain files in LXC
	By using a loopback device, disks backed by plain files can
	be made available to LXC containers. We make no attempt to
	auto-detect format if <driver type="raw"/> is not set,
	instead we unconditionally treat that as meaning raw. This
	is to avoid the security issues inherent with format
	auto-detection

	Refactor loop device setup code in LXC
	Minor re-factoring of code for setting up loop devices in
	the LXC controller

	Convert QEMU driver to use virLogProbablyLogMessage
	The current QEMU code for skipping log messages only skips over
	'debug' message, switch to virLogProbablyLogMessage to make sure
	it skips over all of them

	Improve LXC startup error reporting
	Currently we rely on a VIR_ERROR message being logged by the
	virRaiseError function to report LXC startup errors. This gives
	the right message, but is rather ugly and can be truncated
	if lots of log messages are written. Change the LXC controller
	to explicitly print any virErrorPtr message to stderr. Then
	change the driver to skip over anything that looks like a log
	message.
	The result is that this
	error: Failed to start domain busy
	error: internal error guest failed to start: 2013-03-04 19:46:42.846+0000: 1734: info : libvirt version: 1.0.2
	2013-03-04 19:46:42.846+0000: 1734: error : virFileLoopDeviceAssociate:600 : Unable to open /root/disk.raw: No such file or directory
	changes to
	error: Failed to start domain busy
	error: internal error guest failed to start: Unable to open /root/disk.raw: No such file or directory

	Add method for checking if a string is (probably) a log message
	When reading log output from QEMU/LXC we need to skip over any
	libvirt log messages. Currently the QEMU driver checks for a
	fixed string, but this is better done with a regex. Add a method
	virLogProbablyLogMessage to do a regex check

	Use VIR_MASS_CLOSE in LXC container startup
	In the LXC container startup code when switching stdio
	streams, we call VIR_FORCE_CLOSE on all FDs. This triggers
	a huge number of warnings, but we don't see them because
	stdio is closed at this point. strace() however shows them
	which can confuse people debugging the code. Switch to
	VIR_MASS_CLOSE to avoid this

	Ensure xmlSaveToBuffer is always defined
	RHEL4 vintage libxml2 header files are missing xmlSaveToBuffer
	despite the symbol existing in the binary

	Fix conditional build of virNetDevSetupControlFull
	The virNetDevSetupControlFull function was protected by a
	conditional on SIOCBRADDBR, which is bogus since it does
	not use that symbol. Update the conditionals around all
	callers to do stricter checks to ensure we always build
	succesfully

	Ensure GET_VLAN_VID_CMD is always defined
	The RHEL4 vintage header files do not define GET_VLAN_VID_CMD.
	Conditionally define it in our source, since the kernel can
	raise a runtime error if it isn't supported

	Don't import loop.h unless HAVE_DECL_LO_FLAGS_AUTOCLEAR is defined
	The loop.h on RHEL4 is broken and cannot be imported. We already
	detect this in configure as a side-effect of looking for whether
	LO_FLAGS_AUTOCLEAR is available. We protected the impl with
	HAVE_DECL_LO_FLAGS_AUTOCLEAR, but not the header import

	Rename 'daemon' param to 'binary' in virNetClientNewUNIX
	To avoid a clash with daemon() libc API, rename the
	'daemon' param in the header file to 'binary'. The
	source file already uses the name 'binary'.

	Rename 'clone' to 'clonevol' to avoid name clash with clone() syscall
	On RHEL-4 vintage one of the header files is polluted causing a
	clash between the clone() syscall and the 'clone' parameter in
	a libvirt driver API

2013-03-07  Eric Blake  <eblake@redhat.com>

	viralloc: use consistent naming
	Commit 0df3e89 only touched the header, but the .c file had the
	same shadowing potential.
	* src/util/viralloc.c (virDeleteElementsN): s/remove/toremove/ to
	match the header.

	rng: allow default device in RNG grammar
	This matches the documentation of commit 4932ef4, and the
	C code changes of commit 75e656a.
	* docs/schemas/domaincommon.rng: Allow default entry.

	build: avoid shadowing a function name
	Make the same fix as in commit de53eff.
	* src/util/viralloc.h (virDeleteElementsN): Cater to old glibc.

2013-03-07  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash parsing RNG device specification
	Code that validates the whitelist for the RNG device filename
	didn't account for fact that filename may be NULL. This led
	to a NULL reference crash. This wasn't caught since the test
	suite was not covering this XML syntax

2013-03-07  John Ferlan  <jferlan@redhat.com>

	Resolve valgrind error
	Resolves the following valgrind error from qemuxml2argvtest:
	==20393== 5 bytes in 1 blocks are definitely lost in loss record 2 of 60
	==20393==    at 0x4A0883C: malloc (vg_replace_malloc.c:270)
	==20393==    by 0x38D690A167: __vasprintf_chk (in /usr/lib64/libc-2.16.so)
	==20393==    by 0x4CB0D97: virVasprintf (stdio2.h:210)
	==20393==    by 0x4CB0E53: virAsprintf (virutil.c:2017)
	==20393==    by 0x428DC5: qemuAssignDeviceAliases (qemu_command.c:791)
	==20393==    by 0x41DF93: testCompareXMLToArgvHelper (qemuxml2argvtest.c:151)
	==20393==    by 0x41F53F: virtTestRun (testutils.c:157)
	==20393==    by 0x41DA9B: mymain (qemuxml2argvtest.c:885)
	==20393==    by 0x41FB7A: virtTestMain (testutils.c:719)
	==20393==    by 0x38D6821A04: (below main) (in /usr/lib64/libc-2.16.so)
	==20393==
	From qemu_command.c/line 791:
	    if (def->rng) {
	        if (virAsprintf(&def->rng->info.alias, "rng%d", 0) < 0)
	            goto no_memory;
	    }

2013-03-06  Jiri Denemark  <jdenemar@redhat.com>

	storage: Cleanup logical volume creation code
	This patch plugs two memory leaks, removes some useless and confusing
	constructs and renames renames "cleanup" label as "error" since it is
	only used for error path rather then being common for both success and
	error paths.

2013-03-06  John Ferlan  <jferlan@redhat.com>

	sheepdog: Adjust logic to break while loop to avoid Coverity error
	Change the various "return -1" to "break".  Avoids Coverity error and
	perhaps other/future analyzer issues.

	libxl_driver: Resolve Coverity errors
	1. The virObjectLock() call was unconditional, but Unlock was conditional
	   on vm being valid.  Removed the check
	2. A call to virDomainEventNewFromObj() isn't guaranteed to return an
	   event - that check needs to be made prior to libxlDomainEventQueue()
	   of the event. Did not add libxlDriverLock/Unlock around the call since
	   some callers already have lock taken
	3. Need to initialize fd = -1 in libxlDoDomainSave() since we can jump
	   to cleanup before it's set.
	4. Missing break;'s in libxlDomainModifyDeviceFlags() for case
	   LIBXL_DEVICE_UPDATE.  The default: case would report an error

	libxl_conf: Resolve Coverity issue with call to regcomp()

2013-03-06  Guannan Ren  <gren@redhat.com>

	qemu: update domain live xml for virsh memtune with --live flag
	virsh subcommand memtune forgot updating domain live xml
	after setting cgroup value.

	util: fix a integer boundary error
	A value which is equal to a integer maximum such as LLONG_MAX is
	a valid integer value.
	The patch fix the following error:
	1, virsh memtune vm --swap-hard-limit -1
	2, virsh start vm
	In debug mode, it shows error like:
	virScaleInteger:1813 : numerical overflow:\
	                       value too large: 9007199254740991KiB

2013-03-05  Peter Krempa  <pkrempa@redhat.com>

	conf: Report errors on cputune parameter parsing
	This patch adds proper error reporting if parsing of cputune parameters
	fails due to incorrect values provided by the user. Previously no errors
	were reported in such a case and the failure was silently ignored.

	conf: Make virDomainDeviceInfoIterate usable without os type
	Make the iterator function usable in the next patches. Also refactor
	some parts to avoid strcmp if not necessary.
	This commit tweaks and shadows the change that was done in commit
	babe7dada0f90bfde74a716e8fc963b049d76f96 and was needed after the
	support for multiple console devices was added. Historically the first
	<console> element is alias for the <serial> device.

	conf: whitespace cleanups and refactors with no semantic impact
	This patch changes many unrelated places to simplify the code or update
	code style. This patch should not have any semantic impact on the code.

	virsh-snapshot: Add ability to print only snapshot names
	Help script creators by not having to parse the names from the table.

2013-03-05  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt 1.0.3
	- configure.ac docs/news.html.in libvirt.spec.in: update for the release
	- po/*.po*: merged in transifex updates for fr,hi,pl,ja,uk,it and
	  regenerated

2013-03-05  Eric Blake  <eblake@redhat.com>

	rng: restrict passthrough names to known-good files
	There is some controversy[1] on the qemu list on whether qemu should
	have ever allowed arbitrary file name passthrough, or whether it
	should be restricted to JUST /dev/random and /dev/hwrng.  It is
	always easier to add support for additional filenames than it is
	to remove support for something once released, so this patch
	restricts libvirt 1.0.3 (where the virtio-random backend was first
	supported) to just the two uncontroversial names, letting us defer
	to a later date any decision on whether supporting arbitrary files
	makes sense. Additionally, since qemu 1.4 does NOT support
	/dev/fdset/nnn fd passthrough for the backend, limiting to just
	two known names means that we don't get tempted to try fd
	passthrough where it won't work.
	[1]https://lists.gnu.org/archive/html/qemu-devel/2013-03/threads.html#00023
	* src/conf/domain_conf.c (virDomainRNGDefParseXML): Only allow
	/dev/random and /dev/hwrng.
	* docs/schemas/domaincommon.rng: Flag invalid files.
	* docs/formatdomain.html.in (elementsRng): Document this.
	* tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.args:
	Update test to match.
	* tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.xml:
	Likewise.

2013-03-05  John Ferlan  <jferlan@redhat.com>

	internals: Update to include RPC and Lock links and add new data
	Added a picture and explanation describing the virConnectOpen processing
	at a "higher" level, but with some source code references.

	Add references for phyp and parallels

	api: Add text and references for daemon

	api: Add text and references for drivers section

	api: Complete list of function and naming conventions

	api: Reword and clean lists for object description

	api: Reword objects exposed section

	hellolibvirt: Adjust code to use new APIs
	Change the order of some conditions and use the AllDomains API to get
	a list of all the active and defined domains, then use the Active and
	Name API's in order to print.
	This changes here adjust the output from:
	Attempting to connect to hypervisor
	Connected to hypervisor at "qemu:///system"
	Hypervisor: "QEMU" version: 0.32.656
	There are 0 active and 2 inactive domains
	Inactive domains:
	  foo
	  bar
	Disconnected from hypervisor
	to
	Attempting to connect to hypervisor
	Connected to hypervisor at "qemu:///system"
	Hypervisor: "QEMU" version: 0.32.656
	There are 0 active and 2 inactive domains
	       foo (non-active)
	       bar (non-active)
	Disconnected from hypervisor

	libvirt: Update headers for doc
	Update the function prototypes to include a message about the client needing
	to free() returned name fields.  Fix the all domains example flags values.

2013-03-05  Daniel P. Berrange  <berrange@redhat.com>

	Fix TLS tests with gnutls 3
	When given a CA cert with basic constraints to set non-critical,
	and key usage of 'key signing', this should be rejected. Version
	of GNUTLS < 3 do not rejecte it though, so we never noticed the
	test case was broken

2013-03-05  Satoru Moriya  <satoru.moriya@hds.com>

	qemu: fix wrong evaluation in qemuDomainSetMemoryParameters
	19c6ad9a (qemu: Refactor qemuDomainSetMemoryParameters) introduced
	a new macro, VIR_GET_LIMIT_PARAMETER(PARAM, VALUE). But if statement
	in the macro is not correct and so set_XXXX flags are set to false
	in the wrong. As a result, libvirt ignores all memtune parameters.
	This patch fixes the conditional expression to work correctly.

2013-03-04  Guannan Ren  <gren@redhat.com>

	util: use string libvirt to prefix error message instead of libvir
	BZ:https://bugzilla.redhat.com/show_bug.cgi?id=912021
	Without error handler set, virDefaultErrorFunc will be called, the
	error message is prefixed with "libvir:". It become a little better
	by using prefix "libvirt:" when working with upper application.
	For example:
	1, stop libvirtd daemon
	2, run virt-top.
	libvir: XML-RPC error : Failed to connect \
	        socket to '/var/run/libvirt/libvirt-sock-ro': \
	        No such file or directory
	libvirt: VIR_ERR_SYSTEM_ERROR: VIR_FROM_RPC: \
	        Failed to connect socket to '/var/run/libvirt/libvirt-sock-ro': \
	        No such file or directory

2013-03-04  Fritz Elfert  <fritz@fritz-elfert.de>

	libvirt does not logout of iscsi targets, causing system hang on shutdown
	There's a quite old bug entry here:
	https://bugzilla.redhat.com/show_bug.cgi?id=700010
	I just stumbled over that very issue on F18. Doing a little bit
	debugging of the shutdown sequence, it turns out that - at least on my
	F18 installation - libvirtd is shutdown *after* iscsid, which makes it
	impossible for libvirt to perform the logout of the iscsi session properly.
	This patch simply adds another startup dependancy on iscsid.service
	which in turn delays iscsid shutdown until after libvirtd has stopped.
	Having that applied, the system shuts down properly again.

2013-03-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: Remove managed save flag from VM when starting with --force-boot
	At the start of the guest after the image is unlinked the state wasn't
	touched up to match the state on disk.

2013-03-04  Christophe Fergeau  <cfergeau@redhat.com>

	qemu: Use -1 as unpriviledged uid/gid
	Commit f506a4c1 changed virSetUIDGID() to be a noop
	when uid/gid are -1, while it used to be a noop when
	they are <= 0.
	The changes in this commit broke creating new VMs in GNOME Boxes
	as qemuDomainCheckDiskPresence gets called during domain creation/startup,
	which in turn calls virFileAccessibleAs which fails after calling
	virSetUIDGID(0, 0) (Boxes uses session libvirtd). virSetUIDGID is called with
	(0, 0) as these are the default user/group values in virQEMUDriverConfig
	for session libvirtd.
	This commit changes virQEMUDriverConfigNew to use -1 as the unpriviledged
	uid/gid. I've also looked at the various places where cfg->user is used,
	and they all seem to handle -1 correctly.

2013-03-02  Guido Günther  <agx@sigxcpu.org>

	hook: log the exit status of the hook not 256
	Adjust the docs accordingly. See http://bugs.debian.org/701570.

2013-03-01  Michal Privoznik  <mprivozn@redhat.com>

	virnetdevmacvlan.c: Introduce mutex for macvlan creation
	Currently, after we removed the qemu driver lock, it may happen
	that two or more threads will start up a machine with macvlan and
	race over virNetDevMacVLanCreateWithVPortProfile(). However,
	there's a racy section in which we are generating a sequence of
	possible device names and detecting if they exits. If we found
	one which doesn't we try to create a device with that name.
	However, the other thread is doing just the same. Assume it will
	succeed and we must therefore fail. If this happens more than 5
	times (which in massive parallel startup surely will) we return
	-1 without any error reported. This patch is a simple hack to
	both of these problems. It introduces a mutex, so only one thread
	will enter the section, and if it runs out of possibilities,
	error is reported. Moreover, the number of retries is raised to 20.

2013-03-01  Daniel P. Berrange  <berrange@redhat.com>

	Revert hack for autodestroy in qemuProcessStop
	This reverts the hack done in
	commit 568a6cda277f04ab9baaeb97490e548b7b608aa6
	Author: Jiri Denemark <jdenemar@redhat.com>
	Date:   Fri Feb 15 15:11:47 2013 +0100
	    qemu: Avoid deadlock in autodestroy
	since we now have a fix which avoids the deadlock scenario
	entirely

	Fix deadlock in QEMU close callback APIs
	There is a lock ordering problem in the QEMU close callback
	APIs.
	When starting a guest we have a lock on the VM. We then
	set a autodestroy callback, which acquires a lock on the
	close callbacks.
	When running auto-destroy, we obtain a lock on the close
	callbacks, then run each callbacks - which obtains a lock
	on the VM.
	This causes deadlock if anyone tries to start a VM, while
	autodestroy is taking place.
	The fix is to do autodestroy in 2 phases. First obtain
	all the callbacks and remove them from the list under
	the close callback lock. Then invoke each callback
	from outside the close callback lock.

	Fix crash in QEMU auto-destroy with transient guests
	When the auto-destroy callback runs it is supposed to return
	NULL if the virDomainObjPtr is no longer valid. It was not
	doing this for transient guests, so we tried to virObjectUnlock
	a mutex which had been freed. This often led to a crash.

2013-03-01  Guannan Ren  <gren@redhat.com>

	python: fix fd leak in generator.py

	python: fix typoes and repeated global vars references

2013-03-01  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Make sure qemuProcessStart is run within a job
	qemuProcessStart expects to be run with a job already set and every
	caller except for qemuMigrationPrepareAny use it correctly. This bug can
	be observed in libvirtd logs during incoming migration as
	    warning : qemuDomainObjEnterMonitorInternal:979 : This thread seems
	    to be the async job owner; entering monitor without asking for a
	    nested job is dangerous

2013-03-01  Jim Fehlig  <jfehlig@suse.com>

	Fix starting qemu instances when apparmor driver is enabled
	With the apparmor security driver enabled, qemu instances fail
	to start
	# grep ^security_driver /etc/libvirt/qemu.conf
	security_driver = "apparmor"
	# virsh start test-kvm
	error: Failed to start domain test-kvm
	error: internal error security label already defined for VM
	The model field of virSecurityLabelDef object is always populated
	by virDomainDefGetSecurityLabelDef(), so remove the check for a
	NULL model when verifying if a label is already defined for the
	instance.
	Checking for a NULL model and populating it later in
	AppArmorGenSecurityLabel() has been left in the code to be
	consistent with virSecuritySELinuxGenSecurityLabel().

2013-03-01  Serge Hallyn  <serge.hallyn@ubuntu.com>

	Fix a message typo
	As pointed out in
	https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1034661
	The sentence
	"The function of PCI device addresses must less than 8"
	does not quite make sense.  Update that to read
	"The function of PCI device addresses must be less than 8"

2013-02-28  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't fail to shutdown domains with unresponsive agent
	Currently, qemuDomainShutdownFlags() chooses the agent method of
	shutdown whenever the agent is configured. However, this
	assumption is not enough as the guest agent may be unresponsive
	at the moment. So unless guest agent method has been explicitly
	requested, we should fall back to the ACPI method.

2013-02-28  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: virConnectGetVersion returns bogus value
	The unitialized local variable qemuVersion can cause an random value
	to be returned for the hypervisor version, observable with virsh version.
	Introduced by commit b46f7f4a0b96c2d2d01d64d960bd7bc90dc16b0c

2013-02-28  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: fix use-after-free when parsing NBD disk
	disk->src is still used for disks->hosts->name, do not free it.

2013-02-28  Eric Blake  <eblake@redhat.com>

	maint: fix typo in network docs
	* docs/formatnetwork.html.in: Spell variation correctly.

2013-02-28  Daniel P. Berrange  <berrange@redhat.com>

	Don't try to add non-existant devices to ACL
	The QEMU driver has a list of devices nodes that are whitelisted
	for all guests. The kernel has recently started returning an
	error if you try to whitelist a device which does not exist.
	This causes a warning in libvirt logs and an audit error for
	any missing devices. eg
	2013-02-27 16:08:26.515+0000: 29625: warning : virDomainAuditCgroup:451 : success=no virt=kvm resrc=cgroup reason=allow vm="vm031714" uuid=9d8f1de0-44f4-a0b1-7d50-e41ee6cd897b cgroup="/sys/fs/cgroup/devices/libvirt/qemu/vm031714/" class=path path=/dev/kqemu rdev=? acl=rw

	Fix typo in internal VIR_QEMU_PROCESS_START_AUTODESROY constant
	s/VIR_QEMU_PROCESS_START_AUTODESROY/VIR_QEMU_PROCESS_START_AUTODESTROY/

	Avoid spamming logs with cgroups warnings
	The code for putting the emulator threads in a separate cgroup
	would spam the logs with warnings
	2013-02-27 16:08:26.731+0000: 29624: warning : virCgroupMoveTask:887 : no vm cgroup in controller 3
	2013-02-27 16:08:26.731+0000: 29624: warning : virCgroupMoveTask:887 : no vm cgroup in controller 4
	2013-02-27 16:08:26.732+0000: 29624: warning : virCgroupMoveTask:887 : no vm cgroup in controller 6
	This is because it has only created child cgroups for 3 of the
	controllers, but was trying to move the processes from all the
	controllers. The fix is to only try to move threads in the
	controllers we actually created. Also remove the warning and
	make it return a hard error to avoid such lazy callers in the
	future.

	Fix autodestroy of QEMU guests
	The virQEMUCloseCallbacksRunOne method was passing a uuid string
	to virDomainObjListFindByUUID, when it actually expected to get
	a raw uuid buffer. This was not caught by the compiler because
	the method was using a 'void *uuid' instead of first casting
	it to the expected type.
	This regression was accidentally caused by refactoring in
	  commit 568a6cda277f04ab9baaeb97490e548b7b608aa6
	  Author: Jiri Denemark <jdenemar@redhat.com>
	  Date:   Fri Feb 15 15:11:47 2013 +0100
	    qemu: Avoid deadlock in autodestroy

2013-02-28  Eric Blake  <eblake@redhat.com>

	qemu: -numa doesn't (yet) support disjoint range
	https://bugzilla.redhat.com/show_bug.cgi?id=896092 mentions that
	qemu 1.4 and earlier only accept a simple start-stop range for
	the cpu=... argument of -numa.  Libvirt would attempt to use
	-numa cpu=1,3 for a disjoint range, which did not work as intended.
	Upstream qemu will be adding a new syntax for disjoint cpu ranges
	in 1.5; but the design for that syntax is still under discussion
	at the time of this patch.  So for libvirt 1.0.3, it is safest to
	just reject attempts to build an invalid qemu command line; in the
	future, we can add a capability bit and translate to the final
	accepted design for selecting a disjoint cpu range in numa.
	* src/qemu/qemu_command.c (qemuBuildNumaArgStr): Reject disjoint
	ranges.

2013-02-27  Laine Stump  <laine@laine.org>

	Revert "Add support for <option> tag in network config"
	This reverts commit 383ebc46947b0119123880c1ff9ae345fdb8d5f6.
	We decided the xml for this feature needed more thought to make sure
	we are doing it the best way, in particular wrt option values that
	have multiple items.

2013-02-27  Peter Krempa  <pkrempa@redhat.com>

	util: Add docs for virXMLProp string
	To avoid confusion about usage of this function explicitly document that
	this function returns copy of the attribute string.

	tests: Test XML entities in source path for RNG device
	Users may want to specify XML entities in paths to devices. Ensure they
	are parsed and used properly.

	docs: Fix attribute name for virtio-rng backend

2013-02-27  Ján Tomko  <jtomko@redhat.com>

	tests: fix leaks in storagevolxml2argvtest
	Reported by John Ferlan.

2013-02-27  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.c: Make VIR_MIGRATE_NON_SHARED_{INC,DISK} mutually exclusive
	These two flags in fact are mutually exclusive. Requesting them both
	doesn't make any sense regardless of hypervisor driver. Hence, we have
	to make it within libvirt.c file instead of fixing it in each driver.

2013-02-27  Philipp Hahn  <hahn@univention.de>

	doc: document new storage volume/pool types
	Add qed for dirfs pool.
	Add ocfs2 for disk pool.
	Add lvm2 for disk and logical pool.
	Add cifs and glusterfs for netfs pool.
	Note: POOL_DISK_LVM2 can not be created by "parted mklabel", but is only
	returned from auto-detection on disk pools.

2013-02-27  Eric Blake  <eblake@redhat.com>

	build: don't use gcrypt.h without gnutls support
	Eugene Marcotte reported that if gcrypt-devel (a prereq of
	gnutls-devel) is not present, then compilation fails due to
	an unconditional use of <gcrypt.h>.
	* src/libvirt.c (includes): Properly guard use of gcrypt.h.

	Revert "S390: domain_conf support for CCW"
	This reverts commit 0bbbd42c30543d8251536c2fa11166834c886ada.
	The design for this feature is not complete, and may change the
	name of the 'schid' attribute.  Revert requested by Viktor Mihajlovski.

	Revert "S390: Documentation for CCW address type"
	This reverts commit 24aa7f8d11054b7b2e643cf3cd5c80a199764af0.
	The implementation to match the documentation is not complete yet,
	and the final design might change the name of the 'schid' attribute.

2013-02-27  Philipp Hahn  <hahn@univention.de>

	schema: Restrict mode to octal
	virStrToLong(..., 8, ...) already requires the mode to be octal.
	Change the relax-ng schema to check for octal as well.

2013-02-27  Eric Blake  <eblake@redhat.com>

	tests: skip virstoragetest on RHEL 5
	virstoragetest was failing on RHEL 5, but with no good error message:
	TEST: virstoragetest
	                                        0   FAIL
	It turns out that qemu-img was so old, that it lacked support for
	-o backing_file.  It didn't help that the test was also using
	qemu-img from PATH, even after first probing for kvm-img.
	* tests/virstoragetest.c (testPrepImages): Consistently use
	discovered binary.  Skip instead of fail if qemu-img fails during
	setup.

2013-02-27  Doug Goldstein  <cardoe@cardoe.com>

	interface: udev backend coverity NULL deref
	This fixes a potential NULL deref identified by John Ferlan
	<jferlan@redhat.com> if scandir() didn't return an expected value.

2013-02-27  Daniel P. Berrange  <berrange@redhat.com>

	Remove some C99 variable decls in parallels driver
	The parallels storage driver declared some loop variables
	inside the for(;;). This is not allowed by libvirt coding
	standards

	Fix crash changing CDROM media
	This change tried to fix a crash with changing CDROM media but
	failed to actually do so
	  commit d0172d2b1b5d865aaa042070d7c2d00effb2ff8c
	  Author: Osier Yang <jyang@redhat.com>
	  Date:   Tue Feb 19 20:27:45 2013 +0800
	    qemu: Remove the shared disk entry if the operation is ejecting or updating
	It was still accessing disk->src, when the entire 'disk' object
	has been free'd already. Even if it weren't free'd, accessing
	the 'src' value of virDomainDiskDef is not allowed without
	first validating disk->type is file or block. Just remove the
	broken code entirely.

2013-02-27  Eric Blake  <eblake@redhat.com>

	tests: old automake lacks abs_builddir
	On RHEL 5, 'make check' included failures such as:
	TEST: virstoragetest
	unable to create directory /virstoragedata/sub
	unable to return to correct directory, refusing to clean up /virstoragedata
	It turns out that with automake 1.9.x, $(abs_builddir) is not
	automatically provided.  We have previously worked around this
	by using `pwd` before, but because we did not do it everywhere,
	we had a number of broken tests.
	This patch brings RHEL 5 from 8 failed tests down to 5 (the
	remaining failures may be due to bugs in the older libxml2 and
	RNG schema validation available in RHEL 5, so I'm not sure if
	they can be fixed in libvirt, but I'm still investigating).
	* tests/Makefile.am (AM_CFLAGS): Reliably set abs_builddir.
	(*_la_CFLAGS): Factor out common settings; delete when nothing
	remains to be added.

	tests: consistent skip messages
	On RHEL 5, I noticed this test failure message:
	TEST: qemumonitorjsontest
	libvirt not compiled with yajl, skippingSKIP: qemumonitorjsontest
	* tests/virstoragetest.c (testPrepImages): Use simpler fputs.
	* tests/qemumonitorjsontest.c (mymain): Ensure trailing newline.

2013-02-26  Ján Tomko  <jtomko@redhat.com>

	libvirt: fix error message when connection can't be opened
	VIR_ERR_NO_CONNECT already contains "no connection driver available".
	This patch changes:
	no connection driver available for No connection for URI hello
	to:
	no connection driver available for hello
	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=851413

2013-02-26  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: do not set unpriv_sgio if neither supported nor requested
	Currently we call virSetDeviceUnprivSGIO with val == 0 if a block device
	has an sgio attribute.  But for sgio='filtered', we know that a
	kernel with no unpriv_sgio support will always behave as the user
	wanted.  In this case, there is no need to call the function and
	report a (bogus) error.

2013-02-26  Eric Blake  <eblake@redhat.com>

	tests: uniformly report test failures
	testutils.c likes to print summaries after a test completes,
	including if it failed.  But if the test outright exit()s,
	this summary is skipped.  Enforce that we return instead of exit.
	* cfg.mk (sc_prohibit_exit_in_tests): New syntax check.
	* tests/commandhelper.c (main): Fix offenders.
	* tests/qemumonitorjsontest.c (mymain): Likewise.
	* tests/seclabeltest.c (main): Likewise.
	* tests/securityselinuxlabeltest.c (mymain): Likewise.
	* tests/securityselinuxtest.c (mymain): Likewise.
	* tests/testutils.h (VIRT_TEST_MAIN_PRELOAD): Likewise.
	* tests/testutils.c (virtTestMain): Likewise.
	(virtTestCaptureProgramOutput): Use symbolic name.

	tests: don't test json when not compiled in
	Now that the segfault is solved, we can skip instead of fail
	the test when yajl is not present.
	* tests/qemumonitorjsontest.c (mymain): Skip if no yajl.

	tests: avoid segfault if json monitor not present
	On a machine without yajl headers, I was seeing random segfaults
	from qemumonitorjsontest (about 90% of the runs on my particular
	machine).  The segfault was inside virClassIsDerivedFrom, which
	points to a case of a race leading to unreferencing a stale
	pointer to an object that had already been freed.  I also noticed
	that if I got the segfault, I was seeing messages such as:
	2013-02-22 16:12:37.504+0000: 19833: error : virNetSocketWriteWire:1361 : Cannot write data: Bad file descriptor
	which is also evidence of deferencing a stale pointer.  I traced it
	to a race where qemuMonitorTestIO could execute late, after the
	main thread had already called qemuMonitorTestFree and called
	virNetSocketClose(test->client) but not clearing it out to NULL.
	Sure enough, after test->client has been closed, fd is -1, which
	causes an attempt to write to the socket to fail, which in turn
	triggers the error code of qemuMonitorTestIO that tries to re-close
	test->client.
	* tests/qemumonitortestutils.c (qemuMonitorTestIO): Don't attempt
	to free client again if test already quit.

	qemu: minor monitor lock cleanups
	If virCondInit fails (okay, so that's unlikely), then we end up
	attempting a virObjectUnlock() on the cleanup path, even though
	we don't hold a lock.  This is not guaranteed to be safe.  While
	at it, I noticed a couple places where we were referencing mon->fd
	outside locks.
	* src/qemu/qemu_monitor.c (qemuMonitorOpenInternal): Minimize lock
	duration.  mon->watch doesn't need clean up on error.
	(qemuMonitorGetBlockExtent, qemuMonitorBlockResize): Don't
	dereference fd outside of lock.

	qemu: don't override earlier json error
	I built without yajl support, and noticed a strange failure message
	in qemumonitorjsontest:
	2013-02-22 16:12:37.503+0000: 19812: error : virJSONValueToString:1119 : internal error No JSON parser implementation is available
	2013-02-22 16:12:37.503+0000: 19812: error : qemuMonitorJSONCommandWithFd:253 : out of memory
	While a later patch will fix the test to skip when json is not present,
	this patch avoids overriding the more useful error message from
	virJSONValueToString returning NULL.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONCommandWithFd):
	Don't override message.
	(qemuMonitorJSONCheckError): Don't print NULL.
	* src/qemu/qemu_agent.c (qemuAgentCommand): Don't override message.
	(qemuAgentCheckError): Don't print NULL.
	(qemuAgentArbitraryCommand): Properly fail on OOM.

2013-02-26  Peter Krempa  <pkrempa@redhat.com>

	conf: Avoid leaking of RNG device definition

	qemu: Refactor qemuDomainSetMemoryParameters
	The new TypedParam helper APIs allow to simplify this function
	significantly.
	This patch integrates the fix in 75e5bec97b3045e4f926248d5c742f8a50d0f9
	by correctly ordering the setting functions instead of reordering the
	parameters.

2013-02-26  Doug Goldstein  <cardoe@cardoe.com>

	interface: Fix udev backend bridge device display
	The bridge device was showing the vnet devices created for the domains
	as connected to the bridge. libvirt should only show host devices when
	trying to get the interface definition rather than the domain devices as
	well.

2013-02-25  Philipp Hahn  <hahn@univention.de>

	storage: cast -1 for uid_t|gid_t
	uid_t and gid_t are opaque types, ranging from s32 to u32 to u64.
	Explicitly cast the magic -1 to the appropriate type.

	storage: Cast uid_t|gid_t to unsigned int
	uid_t and gid_t are opaque types, ranging from s32 to u32 to u64.
	Explicitly cast them to unsigned int for printing.

	util: Fix printf format for uid_t|gid_t
	The uid_t|gid_t values are explicitly casted to "unsigned long", but the
	printf() still used "%d", which is for signed values.
	Change the format to "%u".

2013-02-25  Peter Krempa  <pkrempa@redhat.com>

	tests: Add tests for virtio-rng device handling
	Adds XML parsing and qemu commandline tests for the VirtIO RNG device
	support.

	qemu: Implement support for EGD backend for virtio-rng
	This patch adds a new capability bit QEMU_CAPS_OBJECT_RNG_EGD and code
	to support the egd backend for the VirtIO RNG device.
	The device is added by 3 qemu command line options:
	-chardev socket,id=charrng0,host=1.2.3.4,port=1234 (communication
	                                                    backend)
	-object rng-egd,chardev=charrng0,id=rng0 (RNG protocol client)
	-device virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x4 (the RNG device)

	qemu: Implement support for default 'random' backend for virtio-rng
	This patch implements support for the virtio-rng-pci device and the
	rng-random backend in qemu.
	Two capabilities bits are added to track support for those:
	QEMU_CAPS_DEVICE_VIRTIO_RNG - for the device support and
	QEMU_CAPS_OBJECT_RNG_RANDOM - for the backend support.
	qemu is invoked with these additional parameters if the device is
	enabled:
	-object rng-random,id=rng0,filename=/test/phile (to add the backend)
	-device virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x4 (to add the device)

	conf: Add RNG device ABI compatibility check

	conf: Add support for RNG device configuration in XML
	This patch adds basic configuration support for the RNG device
	supporting the virtio model with the "random" and "egd" backend types as
	described in the schema in the previous patch.

	doc: schema: Add basic documentation for the virtual RNG device support
	This patch documents XML elements used for (basic) support of virtual
	RNG devices.
	In the devices section in the domain XML users may specify:
	For the default 'random' backend:
	  <devices>
	    <rng model='virtio'>
	      <backend model='random'>/dev/urandom</backend>
	    </rng>
	  </devices>
	For the slightly more advanced EGD backend:
	  <devices>
	    <rng model='virtio'>
	      <backend model='egd' type='udp'>
	        <!-- this is a definition of a character device -->
	        <source mode='bind' service='1234'/>
	        <source mode='connect' host='1.2.3.4' service='1234'/>
	        <!-- or other valid character device configuration -->
	      </backend>
	    </rng>
	  </devices>
	For the planned random daemon/pool:
	  <devices>
	    <rng model='virtio'>
	      <backend model='pool' pool='poolname'>class</backend>
	    </rng>
	  </devices>
	to enable the RNG device for guests.

	conf: Add fake switch statement to warn for new device types
	This patch adds a fake switch statement to force the compiler to warn
	after a new device type was added. This should remind the contributor to
	add the new device also to this iterator function.

2013-02-25  Gene Czarcinski  <gene@czarc.net>

	use client id for IPv6 DHCP host definition
	Originally, only a host name was used to associate a
	DHCPv6 request with a specific IPv6 address.  Further testing
	demonstrates that this is an unreliable method and, instead,
	a client-id or DUID needs to be used.  According to DHCPv6
	standards, this id can be a duid-LLT, duid-LL, or duid-UUID
	even though dnsmasq will accept almost any text string.
	Although validity checking of a specified string makes sure it is
	hexadecimal notation with bytes separated by colons, there is no
	rigorous check to make sure it meets the standard.
	Documentation and schemas have been updated.

	Trivial fix: in dhcp-host the name is optional
	Although in IPv4 one must pick either mac or name, either
	can be omitted.  Similarly, for IPv6, the name
	can be optionally omitted.

2013-02-25  Laine Stump  <laine@laine.org>

	util: fix typo in comment

2013-02-25  Ján Tomko  <jtomko@redhat.com>

	storage: qemu-img: change INFO to DEBUG
	For really old qemu-img binaries which do not support specifying
	the format of the backing file, display a DEBUG message instead of
	INFO that this can't be done.

	storage: move qemu-img options before positional arguments
	Modify the expected output of storagevolxml2argv tests as well.

	storage: add test for qemu-img command line generation

	storage: separate qemu-img command generation and execution
	This allows us to create a test for the generated command line.

	storage: move flag setting after declarations

2013-02-24  Eric Blake  <eblake@redhat.com>

	run: license as LGPL
	It makes no sense to prohibit reuse of the wrapper in other LGPL
	projects, since most of libvirt is designed to be LGPL.  Of
	course, when using the wrapper to wrap a GPL program, the combined
	result is still effectively GPL, but that shouldn't force us to
	license the wrapper as GPL in isolation.
	* run.in: Relicense to LGPLv2+.

2013-02-23  Michal Privoznik  <mprivozn@redhat.com>

	qemu_migration: Cancel running jobs on failed migration
	If a migration fails, we need to stop all block jobs running so
	qemu doesn't try to send data to destination over and over again.

	qemu_migration: Stop NBD server at Finish phase
	At the end of migration, it is important to stop NBD
	server and thus release all allocated resources.

	qemu_migration: Introduce qemuMigrationDriveMirror
	This function does the source part of NBD magic. It
	invokes drive-mirror on each non shared and RW disk with
	a source and wait till the mirroring process completes.
	When it does we can proceed with migration.
	Currently, an active waiting is done: every 500ms libvirt
	asks qemu if block-job is finished or not.  However, once
	the job finishes, qemu doesn't report its progress so we
	can only assume if the job finished successfully or not.
	The better solution would be to listen to the event which
	is sent as soon as the job finishes. The event does
	contain the result of job.

	qemu_migration: Introduce qemuMigrationStartNBDServer()
	We need to start NBD server and feed it with all non-<shared/>,
	RW and source-full disks. Moreover, with new virPortAllocator we
	must ensure the borrowed port for NBD server will be returned if
	either migration completes or qemu process is torn down.

	qemu: Introduce nbd-server-stop command
	This will be used after all migration work is done
	to stop NBD server running on destination.  It
	doesn't take any arguments, just issues a command.

	qemu: Introduce nbd-server-add command
	This will be used with new migration scheme.
	This patch creates basically just monitor stub
	functions. Wiring them into something useful
	is done in later patches.

	qemu: Introduce nbd-server-start command
	This will be used with new migration scheme.
	This patch creates basically just monitor stub
	functions. Wiring them into something useful
	is done in later patches.

	Introduce NBD migration cookie
	This migration cookie is meant for two purposes. The first is to be sent
	in begin phase from source to destination to let it know we support new
	implementation of VIR_MIGRATE_NON_SHARED_{DISK,INC} so destination can
	start NBD server. Then, the second purpose is, destination can let us
	know, on which port the NBD server is running.

	qemu: Introduce NBD_SERVER capability
	This just keeps track whether qemu knows nbd-server-* commands
	so we can use it during migration or not.

2013-02-23  Pieter Hollants  <pieter@hollants.com>

	Add support for <option> tag in network config
	This patch adds support for a new <option>-Tag in the <dhcp> block of
	network configs, based on a subset of the fifth proposal by Laine
	Stump in the mailing list discussion at
	https://www.redhat.com/archives/libvir-list/2012-November/msg01054.html.
	Any such defined option will result in a dhcp-option=<number>,"<value>"
	statement in the generated dnsmasq configuration file.
	Currently, DHCP options can be specified by number only and there is
	no whitelisting or blacklisting of option numbers, which should
	probably be added.

2013-02-23  Eric Blake  <eblake@redhat.com>

	run: use portable shell
	Nothing in run required bash, except for the shebang.  On systems
	where /bin/bash doesn't exist (I hit it on FreeBSD), using /bin/sh
	instead fixes a 'make check' failure:
	gmake[3]: Entering directory `/usr/home/dummy/libvirt/python'
	  GEN    check-local
	/usr/local/bin/bash: ../run: /bin/bash: bad interpreter: No such file or directory
	* run.in: Use /bin/sh, not bash.

2013-02-23  Sage Weil  <sage@newdream.net>

	storage: use f_frsize, not f_bsize, for calculating available space
	The bfree and blocks fields are supposed to be in units of frsize.  We were
	calculating capacity correctly using those units, but the available
	calculation was using bsize instead.  Most file systems report these as the
	same value specifically because many programs are buggy, but that is no
	reason to rely on that behavior, or to behave inconsistently.
	This bug has been present since e266ded (2008) and aa296e6c, when the code
	was originally introduced (the latter via cut and paste).

2013-02-23  Eric Blake  <eblake@redhat.com>

	maint: check all symfiles for sorting
	On FreeBSD, I got a 'make check' failure:
	  GEN    check-symsorting
	Symbol block at ./libvirt_atomic.syms:4: viratomic.h not found
	* src/Makefile.am (SYM_FILES): New define.
	(check-symsorting): Check on all symfiles, even when not used.
	* src/libvirt_atomic.syms: Fix offender.

2013-02-23  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Implement virDomainMigrate*CompressionCache

	virsh: Add migrate-compcache command
	This is a command wrapping virDomainMigrateGetCompressionCache and
	virDomainMigrateSetCompressionCache.

	remote: Implement virDomainMigrate*CompressionCache

	python: Implement virDomainMigrateGetCompressionCache wrapper

	Introduce virDomainMigrate*CompressionCache APIs
	Introduce virDomainMigrateGetCompressionCache and
	virDomainMigrateSetCompressionCache APIs.

	qemu: Implement virDomainGetJobStats

	qemu: Parse more fields from query-migrate QMP command
	As a side effect, this also fixes reporting disk migration process.
	It was added to memory migration progress, which was wrong. Disk
	progress has dedicated fields in virDomainJobInfo structure.

	virsh: Use virDomainGetJobStats in domjobinfo if available

	remote: Implement virDomainGetJobStats

	remote: Auto-allocate params in remoteDeserializeTypedParameters
	remoteDeserializeTypedParameters can now be called with either
	preallocated params array (size of which is announced by nparams) or it
	can allocate params array according to the number of parameters received
	from the server.

	python: Implement virDomainGetJobStats wrapper

	Introduce virDomainGetJobStats API
	This is an extensible version of virDomainGetJobInfo.

	qemu: Add support for compressed migration

	Introduce VIR_MIGRATE_COMPRESSED flag
	This flag may be used with migration APIs to request compression of
	migration data.

2013-02-22  Daniel P. Berrange  <berrange@redhat.com>

	s/arm/armv7l/ in caps-qemu-kvm.xml
	Fix the caps-qemu-kvm.xml test data file to refer to correct
	arm arch name.

	Update arch names in RNG schema to match virarch.c
	When the virarch.c file was introduced to formalize the arch
	list, we forgot to update the RNG schema with the new arches.

2013-02-22  Christophe Fergeau  <cfergeau@redhat.com>

	conf: Don't leak 'ram' video property on error
	It's only freed on normal returns from virDomainVideoDefParseXML,
	but not when erroring out.

	conf: Don't leak 'primary' video property on error
	It's only freed on normal returns from virDomainVideoDefParseXML,
	but not when erroring out.

2013-02-22  Doug Goldstein  <cardoe@cardoe.com>

	interface: dev type support for bond interfaces
	Patch has been accepted into net-next's 3.9 queue to correctly expose
	bond interfaces with the 'bond' devtype.

	interface: add bond support to udev backend
	The udev backend now supports bond interfaces.

	interface: Improve udev backend device type id
	Refactored the interface device type identification to make it more
	clear about the operations. Add support for udev devtype to detect
	VLANs on Linux 3.7 and newer. Move VLAN detection based on device
	name to fallback case.

	interface: Refactor interface vlan to helper func
	Mechanical move to break up udevIfaceGetIfaceDef() into different
	helpers for each of the interface types to hopefully make the code
	easier to follow. This moves the vlan code to
	udevIfaceGetIfaceDefVlan().

	interface: udev bridge code error handling updates
	Based on feedback from Laine Stump, improve a number of the error
	handling cases to report the issue to the user instead of not generating
	data or giving vague errors. Added the bridge device name to every error
	message as well to make it clear which bridge failed.

	interface: Refactor udev bridge to helper func
	Mechanical move to break up udevIfaceGetIfaceDef() into different
	helpers for each of the interface types to hopefully make the code
	easier to follow. This moves the bridge code to
	udevIfaceGetIfaceDefBridge().

2013-02-22  Eric Blake  <eblake@redhat.com>

	qemu: check backing chains even when cgroup is omitted
	https://bugzilla.redhat.com/show_bug.cgi?id=896685 points out
	a regression caused by commit 38c4a9c - libvirt only labels
	the backing chain if the backing chain cache is populated, but
	the code to populate the cache was only conditionally performed
	if cgroup labeling was necessary.
	* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Hoist cache setup...
	* src/qemu/qemu_process.c (qemuProcessStart): ...earlier into
	caller, where it is now unconditional.

2013-02-21  Christophe Fergeau  <cfergeau@redhat.com>

	docs: Add missing 'vram' in QXL video device doc

2013-02-21  Peter Krempa  <pkrempa@redhat.com>

	conf: Refactor ABI stability checking and break long lines
	Get rid of the "identical" variable in the ABI stability checks in favor
	of return statements and break or refactor very long lines where
	possible.

	conf: Refactor cpumask handling
	Declare local variables at the start of the block and fix trivial
	formatting issues.

	conf: Reformat many function headers in domain_conf.c
	Many of the headers were using the old style and even overflowing the 80
	column mark.

	conf: Fix label naming in virDomainDefFormatInternal
	The label named "cleanup" was used in error cases only. Change it to
	"error".

	conf: Ensure that new devices are added to conf copy function
	Use the correct type and get rid of "default" label in switch to make
	the compiler complain if a new device type is added.

	qemu: Refactor error paths in virQEMUDriverCreateCapabilities
	Change the error label to "error" and simplify some error paths.

	conf: Improve core dump config error message
	The message didn't seem to be much helpful

2013-02-21  Jiri Denemark  <jdenemar@redhat.com>

	docs: Fix HTML errors
	<pre> is forbidden inside <p>

	qemu: Avoid deadlock in autodestroy
	Since closeCallbacks were turned into virObjectLockable, we can no
	longer call virQEMUCloseCallbacks APIs from within a registered close
	callback.

	qemu: Turn closeCallbacks into virObjectLockable
	To avoid having to hold the qemu driver lock while iterating through
	close callbacks and calling them. This fixes a real deadlock when a
	domain which is being migrated from another host gets autodestoyed as a
	result of broken connection to the other host.

2013-02-21  Guannan Ren  <gren@redhat.com>

	qemu: fix an off-by-one error in qemuDomainGetPercpuStats
	The max value of number of cpus to compute(id) should not
	be equal or greater than max cpu number.
	The bug ocurrs when id value is equal to max cpu number which
	leads to the off-by-one error in the following for loop.
	 # virsh  cpu-stats guest --start 1
	 error: Failed to virDomainGetCPUStats()
	 error: internal error cpuacct parse error

2013-02-21  Osier Yang  <jyang@redhat.com>

	qemu: Fix the memory leak
	Found by John Ferlan (coverity script)

2013-02-21  John Ferlan  <jferlan@redhat.com>

	keepalive: Guard against integer overflow
	Don't allow interval to be > MAX_INT/1000 in virKeepAliveStart()
	Guard against possible overflow in virKeepAliveTimeout() by setting the
	timeout to be MAX_INT/1000 since the math following will multiply it by 1000.

2013-02-21  Jim Fehlig  <jfehlig@suse.com>

	libxl: Fix setting of disk backend
	The libxl driver was setting the backend field of libxl_device_disk
	structure to LIBXL_DISK_BACKEND_TAP when the driver element of disk
	configuration was not specified.  This needlessly forces the use of
	blktap driver, which may not be loaded in dom0
	https://bugzilla.redhat.com/show_bug.cgi?id=912488
	Ian Campbell suggested that LIBXL_DISK_BACKEND_UNKNOWN is a better
	default in this case
	https://www.redhat.com/archives/libvir-list/2013-February/msg01126.html

2013-02-21  John Ferlan  <jferlan@redhat.com>

	Remove a couple of misplaced VIR_FREE

2013-02-21  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Run lzop with '--ignore-warn'
	Currently, if lzop decompression binary produces a warning, it
	doesn't exit with zero status but 2 instead. Terrifying, but
	true. However, warnings may be ignored using '--ignore-warn'
	command line argument.  Moreover, in which case, the exit status
	will be zero.

2013-02-21  Sergey Fionov  <fionov@gmail.com>

	Fix memory leak in virNetClientIOWriteMessage
	Commit 18937c3ae0990b4417a43aa07a2c35aaf8cb6ec2 introduced the
	memory leak when client->msg.fds is copied to thecall->msg
	and then never freed.

2013-02-21  Osier Yang  <jyang@redhat.com>

	qemu: Remove the shared disk entry if the operation is ejecting or updating
	For both AttachDevice and UpdateDevice APIs, if the disk device
	is 'cdrom' or 'floppy', the operations could be ejecting, updating,
	and inserting. For either ejecting or updating, the shared disk
	entry of the original disk src has to be removed, because it's
	not useful anymore.
	And since the original disk def will be changed, new disk def passed
	as argument will be free'ed in qemuDomainChangeEjectableMedia, so
	we need to copy the orignal disk def before
	qemuDomainChangeEjectableMedia, to use it for qemuRemoveSharedDisk.

	qemu: Move the shared disk adding and sgio setting prior to attaching
	The disk def could be free'ed by qemuDomainChangeEjectableMedia,
	which can thus cause crash if we reference the disk pointer. On
	the other hand, we have to remove the added shared disk entry from
	the table on error codepath.

	qemu: Update shared disk table when reconnecting qemu process

	qemu: Record names of domain which uses the shared disk in hash table
	The hash entry is changed from "ref" to {ref, @domains}. With this, the
	caller can simply call qemuRemoveSharedDisk, without afraid of removing
	the entry belongs to other domains. qemuProcessStart will obviously
	benifit from it on error codepath (which calls qemuProcessStop to do
	the cleanup).

	qemu: Merge qemuCheckSharedDisk into qemuAddSharedDisk
	Based on moving various checking into qemuAddSharedDisk, this
	avoids the caller using it in wrong ways. Also this adds two
	new checking for qemuCheckSharedDisk (disk device not 'lun'
	and kernel doesn't support unpriv_sgio simply returns 0).

	qemu: Add checking in helpers for sgio setting
	This moves the various checking into the helpers, to avoid the
	callers missing the checking.

2013-02-20  Eric Blake  <eblake@redhat.com>

	maint: enforce private symbol section sorting
	Automating a sorting check is the only way to ensure we don't
	regress.  Suggested by Dan Berrange.
	* src/check-symsorting.pl (check_sorting): Add a parameter,
	validate that groups are in order, and that files exist.
	* src/Makefile.am (check-symsorting): Adjust caller.
	* src/libvirt_private.syms: Fix typo.
	* src/libvirt_linux.syms: Fix file name.
	* src/libvirt_vmx.syms: Likewise.
	* src/libvirt_xenxs.syms: Likewise.
	* src/libvirt_sasl.syms: Likewise.
	* src/libvirt_libssh2.syms: Likewise.
	* src/libvirt_esx.syms: Mention file name.
	* src/libvirt_openvz.syms: Likewise.

2013-02-20  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Do not ignore mandatory features in migration cookie
	Due to "feature"/"features" nasty typo, any features marked as mandatory
	by one side of a migration are silently considered optional by the other
	side. The following is the code that formats mandatory features in
	migration cookie:
	    for (i = 0 ; i < QEMU_MIGRATION_COOKIE_FLAG_LAST ; i++) {
	        if (mig->flagsMandatory & (1 << i))
	            virBufferAsprintf(buf, "  <feature name='%s'/>\n",
	                              qemuMigrationCookieFlagTypeToString(i));
	    }

2013-02-20  Ján Tomko  <jtomko@redhat.com>

	qemu: switch PCI address alocation to use virDevicePCIAddress
	Some functions were using virDomainDeviceInfo where virDevicePCIAddress
	would suffice. Some were only using integers for slots and functions,
	assuming the bus numbers are always 0.
	Switch from virDomainDeviceInfoPtr to virDevicePCIAddressPtr:
	qemuPCIAddressAsString
	qemuDomainPCIAddressCheckSlot
	qemuDomainPCIAddressReserveAddr
	qemuDomainPCIAddressReleaseAddr
	Switch from int slot to virDevicePCIAddressPtr:
	qemuDomainPCIAddressReserveSlot
	qemuDomainPCIAddressReleaseSlot
	qemuDomainPCIAddressGetNextSlot
	Deleted functions (they would take the same parameters
	as ReserveAddr/ReleaseAddr do now.)
	qemuDomainPCIAddressReserveFunction
	qemuDomainPCIAddressReleaseFunction

2013-02-20  Guannan Ren  <gren@redhat.com>

	virsh: distinguish errors between missing argument and wrong option
	Specifying ':' to suppress the error messages printed by getopt().
	Then, distinguish the two types of errors.
	Before:
	 # virsh -c
	   virsh: option requires an argument -- 'c'
	   error: unsupported option '-?'. See --help.
	After:
	 # virsh -c
	   error: option '-c' requires an argument
	 # virsh -x
	   error: unsupported option '-x'. See --help.

2013-02-20  Eric Blake  <eblake@redhat.com>

	maint: sort private syms to reflect recent header renames
	Purely mechanical (roughly, s/\n/~/; s/~~/\n/; sort by line;
	s/~/\n/)
	* src/libvirt_private.syms: Sort sections by header file name.

	maint: fix header file owners of private symbols
	Recent renames were not reflected into the comments of
	libvirt_private.syms; furthermore, since we mix private headers from
	several directories into this file, knowing where the file lives
	can be helpful.
	* src/libvirt_private.sym: Reflect recent names.

2013-02-20  Natanael Copa  <ncopa@alpinelinux.org>

	net: use structs for address and port ranges
	We pass over the address/port start/end values many times so we put
	them in structs.

	net: add support for specifying port range for forward mode nat
	Let users set the port range to be used for forward mode NAT:
	...
	  <forward mode='nat'>
	    <nat>
	      <port start='1024' end='65535'/>
	    </nat>
	  </forward>
	...

	net: support set public ip range for forward mode nat
	Support setting which public ip to use for NAT via attribute
	address in subelement <nat> in <forward>:
	...
	  <forward mode='nat'>
	      <address start='1.2.3.4' end='1.2.3.10'/>
	  </forward>
	...
	This will construct an iptables line using:
	  '-j SNAT --to-source <start>-<end>'
	instead of:
	  '-j MASQUERADE'

2013-02-20  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use atomic ops for driver->nactive

2013-02-19  Jiri Denemark  <jdenemar@redhat.com>

	rpc: Avoid deadlock when closing client connection
	We need to drop the server lock before calling virObjectUnlock(client)
	since in case we had the last reference to the client, its dispose
	callback would be called and that could possibly try to lock the server
	and cause a deadlock. This is exactly what happens when there is only
	one QEMU domain running and it is marked to be autodestroyed when the
	connection dies. This results in qemuProcessAutoDestroy ->
	qemuProcessStop -> virNetServerRemoveShutdownInhibition call sequence,
	where the last function locks the server.

	Avoid resetting errors in virTypedParamsFree
	The function does not report any errors so there should be no need too
	reset an existing error first. Moreover, virTypedParamsFree is mostly
	called in cleanup phase where it has the potential to reset any useful
	reported earlier.

	virsh: Always print capacity unit
	It doesn't make sense to print the unit (B) only with Ki, Mi, ...
	prefixes. Even those poor bytes under 1 KiB are still bytes :-)

2013-02-19  Eric Blake  <eblake@redhat.com>

	build: force correct gcc syntax for attribute_nonnull
	Gcc lets you do:
	int ATTRIBUTE_NONNULL(1) foo(void *param);
	int foo(void *param) ATTRIBUTE_NONNULL(1);
	int ATTRIBUTE_NONNULL(1) foo(void *param) { ... }
	but chokes on:
	int foo(void *param) ATTRIBUTE_NONNULL(1) { ... }
	However, since commit eefb881, we have intentionally been disabling
	ATTRIBUTE_NONNULL because of lame gcc handling of the attribute (that
	is, gcc doesn't do decent warning reporting, then compiles code that
	mysteriously fails if you break the contract of the attribute, which
	is surprisingly easy to do), leaving it on only for Coverity (which
	does a much better job of improved static analysis when the attribute
	is present).
	But completely eliding the macro makes it too easy to write code that
	uses the fourth syntax option, if you aren't using Coverity.  So this
	patch forces us to avoid syntax errors, even when not using the
	attribute under gcc.  It also documents WHY we disable the warning
	under gcc, rather than forcing you to find the commit log.
	* src/internal.h (ATTRIBUTE_NONNULL): Expand to empty attribute,
	rather than nothing, when on gcc.

2013-02-19  Guido Günther  <agx@sigxcpu.org>

	qemu: pass "-1" as uid/gid for unprivileged qemu
	so we don't try to change uid/git to 0 when probing capabilities.

2013-02-19  Doug Goldstein  <cardoe@cardoe.com>

	Add capabilities bit for -no-kvm-pit-reinjection
	The conversion to qemuCaps dropped the ability with qemu{,-kvm} 1.2 and
	newer to set the lost tick policy for the PIT. While the
	-no-kvm-pit-reinjection option is depreacated, it is still supported at
	least through 1.4, it is better to not lose the functionality.

2013-02-18  Doug Goldstein  <cardoe@cardoe.com>

	interface: fix udev backend use after free
	udevIfaceListAllInterface() used the udev_device after it had its ref
	count decremented which results in a use after free issue.

	Add autogenerated lxc_protocol.[ch] to gitignore
	/src/lxc/lxc_protocol.[ch] is autogenerated so add it to .gitignore

2013-02-16  John Ferlan  <jferlan@redhat.com>

	security: Remove unnecessary checks for mgr == NULL
	Coverity found the DACGenLabel was checking for mgr == NULL after a
	possible dereference; however, in order to get into the function the
	virSecurityManagerGenLabel would have already dereferenced sec_managers[i]
	so the check was unnecessary. Same check is made in SELinuxGenSecurityLabel.

	virsh: Resolve possible NULL dereference
	Coverity found that commit '41b5e845' had a possible NULL dereference on
	arg->data processing

	vircommand: Remove unnecessary sa_assert
	Changes from commit '3178df9a' removed the need for the sa_assert(infd).

	commandtest: Resolve some coverity resource leaks

	drivermodule: Ignore coverity warning about leaked_storage

2013-02-16  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Fix libvirt upgrade path when nwfilter is used
	Between revision 65fb9d49 and before this patch, an upgrade of libvirt while
	VMs are running and instantiating iptables filtering rules due to nwfilter
	rules, may leave stray iptables rules behind when shutting VMs down.
	Left-over iptables rules may look like this:
	Chain FP-vnet0 (1 references)
	target     prot opt source               destination
	DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp spt:122
	ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
	[...]
	Chain libvirt-out (1 references)
	target     prot opt source               destination
	FO-vnet0   all  --  0.0.0.0/0            0.0.0.0/0           [goto]  PHYSDEV match --physdev-out vnet0
	The reason is that the recent nwfilter code only removed filtering rules in
	the libvirt-out chain that contain the --physdev-is-bridged parameter.
	Older rules didn't match and were not removed.
	Note that the user-defined chain FO-vnet0 could not be removed due to the
	reference from the rule in libvirt-out.
	Often the work around may be done through
	service iptables restart
	kill -SIGHUP $(pidof libvirtd)
	This patch now also removes older libvirt versions' iptables rules.

2013-02-16  Eric Blake  <eblake@redhat.com>

	storage: test backing chain traversal
	Testing our backing chain handling will make it much easier to
	ensure that we avoid issues in the future.  If only I had written
	this test before I first caused several regressions...
	* tests/virstoragetest.c: New test.
	* tests/Makefile.am (test_programs): Build it.
	* .gitignore: Ignore new files.

	storage: don't follow backing chain symlinks too eagerly
	If you have a qcow2 file /path1/to/file pointed to by symlink
	/path2/symlink, and pass qemu /path2/symlink, then qemu treats
	a relative backing file in the qcow2 metadata as being relative
	to /path2, not /path1/to.  Yes, this means that it is possible
	to create a qcow2 file where the choice of WHICH directory and
	symlink you access its contents from will then determine WHICH
	backing file (if any) you actually find; the results can be
	rather screwy, but we have to match what qemu does.
	Libvirt and qemu default to creating absolute backing file
	names, so most users don't hit this.  But at least VDSM uses
	symlinks and relative backing names alongside the
	--reuse-external flags to libvirt snapshot operations, with the
	result that libvirt was failing to follow the intended chain of
	backing files, and then backing files were not granted the
	necessary sVirt permissions to be opened by qemu.
	See https://bugzilla.redhat.com/show_bug.cgi?id=903248 for
	more gory details.  This fixes a regression introduced in
	commit 8250783.
	I tested this patch by creating the following chain:
	ls /home/eblake/Downloads/Fedora.iso # raw file for base
	cd /var/lib/libvirt/images
	qemu-img create -f qcow2 \
	  -obacking_file=/home/eblake/Downloads/Fedora.iso,backing_fmt=raw one
	mkdir sub
	cd sub
	ln -s ../one onelink
	qemu-img create -f qcow2 \
	  -obacking_file=../sub/onelink,backing_fmt=qcow2 two
	mv two ..
	ln -s ../two twolink
	qemu-img create -f qcow2 \
	  -obacking_file=../sub/twolink,backing_fmt=qcow2 three
	mv three ..
	ln -s ../three threelink
	then pointing my domain at /var/lib/libvirt/images/sub/threelink.
	Prior to this patch, I got complaints about missing backing
	files; afterwards, I was able to verify that the backing chain
	(and hence DAC and SELinux relabels) of the entire chain worked.
	* src/util/virstoragefile.h (_virStorageFileMetadata): Add
	directory member.
	* src/util/virstoragefile.c (absolutePathFromBaseFile): Drop,
	replaced by...
	(virFindBackingFile): ...better function.
	(virStorageFileGetMetadataInternal): Add an argument.
	(virStorageFileGetMetadataFromFD, virStorageFileChainLookup)
	(virStorageFileGetMetadata): Update callers.

	storage: refactor metadata lookup
	Prior to this patch, we had the callchains:
	external users
	  \-> virStorageFileGetMetadataFromFD
	      \-> virStorageFileGetMetadataFromBuf
	virStorageFileGetMetadataRecurse
	  \-> virStorageFileGetMetadataFromFD
	      \-> virStorageFileGetMetadataFromBuf
	However, a future patch wants to add an additional parameter to
	the bottom of the chain, for use by virStorageFileGetMetadataRecurse,
	without affecting existing external callers.  Since there is only a
	single caller of the internal function, we can repurpose it to fit
	our needs, with this patch giving us:
	external users
	  \-> virStorageFileGetMetadataFromFD
	      \-> virStorageFileGetMetadataInternal
	virStorageFileGetMetadataRecurse /
	  \-> virStorageFileGetMetadataInternal
	* src/util/virstoragefile.c (virStorageFileGetMetadataFromFD):
	Move most of the guts...
	(virStorageFileGetMetadataFromBuf): ...here, and rename...
	(virStorageFileGetMetadataInternal): ...to this.
	(virStorageFileGetMetadataRecurse): Use internal helper.

	storage: prepare for refactoring
	virStorageFileGetMetadataFromFD is the only caller of
	virStorageFileGetMetadataFromBuf; and it doesn't care about the
	difference between a return of 0 (total success) or 1
	(metadata was inconsistent, but pointer was populated as best
	as possible); only about a return of -1 (could not read metadata
	or out of memory).  Changing the return type, and normalizing
	the variable names used, will make merging the functions easier
	in the next commit.
	* src/util/virstoragefile.c (virStorageFileGetMetadataFromBuf):
	Change return value, and rename some variables.
	(virStorageFileGetMetadataFromFD): Rename some variables.

	storage: rearrange functions
	No semantic change; done so the next patch doesn't need a forward
	declaration of a static function.
	* src/util/virstoragefile.c (virStorageFileProbeFormatFromBuf):
	Hoist earlier.

	build: more mingw fixes
	More mingw build failures:
	  CCLD     libvirt-lxc.la
	/usr/lib64/gcc/i686-w64-mingw32/4.7.2/../../../../i686-w64-mingw32/bin/ld: cannot find libvirt_lxc.def: No such file or directory
	  CC       virportallocatortest-virportallocatortest.o
	../../tests/virportallocatortest.c: In function 'main':
	../../tests/virportallocatortest.c:195:1: error: implicit declaration of function 'setenv' [-Werror=implicit-function-declaration]
	* src/Makefile.am (GENERATED_SYM_FILES): Also generate
	libvirt_lxc.def.
	* bootstrap.conf (gnulib_modules): Import setenv.

	build: fix mingw build
	Commits 2025356 and ba72cb12 introduced typos.
	* src/util/virpci.c (virPCIIsVirtualFunction) [!__linux__]: Fix
	function name.
	* src/util/virutil.c (virGetDeviceID): Fix attribute spelling.

	build: fix vircommand build on mingw
	  CC       libvirt_util_la-vircommand.lo
	../../src/util/vircommand.c:2358:1: error: 'virCommandHandshakeChild' defined but not used [-Werror=unused-function]
	The function is only implemented inside #ifndef WIN32.
	* src/util/vircommand.c (virCommandHandshakeChild): Hoist earlier,
	so that win32 build doesn't hit an unused forward declaration.

	regex: gnulib guarantees that we have regex support
	No need to use HAVE_REGEX_H - our use of gnulib guarantees that
	the header exists and works, regardless of platform.  Similarly,
	we can unconditionally assume a compiling <sys/wait.h> (although
	the mingw version of this header is not full-featured).
	* src/storage/storage_backend.c: Drop useless conditional.
	* tests/testutils.c: Likewise.

2013-02-14  Jiri Denemark  <jdenemar@redhat.com>

	vbox: Don't overwrite errors returned by virDomainDeviceDefParse

2013-02-14  Laine Stump  <laine@laine.org>

	util: maintain caps when running command with uid != 0
	virCommand was previously calling virSetUIDGID() to change the uid and
	gid of the child process, then separately calling
	virSetCapabilities(). This did not work if the desired uid was != 0,
	since a setuid to anything other than 0 normally clears all
	capabilities bits.
	The solution is to use the new virSetUIDGIDWithCaps(), sending it the
	uid, gid, and capabilities bits. This will get the new process setup
	properly.
	Since the static functions virSetCapabilities() and
	virClearCapabilities are no longer called, they have been removed.
	NOTE: When combined with "filecap $path-to-qemu sys_rawio", this patch
	will make CAP_SYS_RAWIO (which is required for passthrough of generic
	scsi commands to a guest - see commits e8daeeb, 177db08, 397e6a7, and
	74e0349) be retained by qemu when necessary. Apparently that
	capability has been broken for non-root qemu ever since it was
	originally added.

	util: virSetUIDGIDWithCaps - change uid while keeping caps
	Normally when a process' uid is changed to non-0, all the capabilities
	bits are cleared, even those explicitly set with calls to
	capng_update()/capng_apply() made immediately before setuid. And
	*after* the process' uid has been changed, it no longer has the
	necessary privileges to add capabilities back to the process.
	In order to set a non-0 uid while still maintaining any capabilities
	bits, it is necessary to either call capng_change_id() (which
	unfortunately doesn't currently call initgroups to setup auxiliary
	group membership), or to perform the small amount of calisthenics
	contained in the new utility function virSetUIDGIDWithCaps().
	Another very important difference between the capabilities
	setting/clearing in virSetUIDGIDWithCaps() and virCommand's
	virSetCapabilities() (which it will replace in the next patch) is that
	the new function properly clears the capabilities bounding set, so it
	will not be possible for a child process to set any new
	capabilities.
	A short description of what is done by virSetUIDGIDWithCaps():
	1) clear all capabilities then set all those desired by the caller (in
	capBits) plus CAP_SETGID, CAP_SETUID, and CAP_SETPCAP (which is needed
	to change the capabilities bounding set).
	2) call prctl(), telling it that we want to maintain current
	capabilities across an upcoming setuid().
	3) switch to the new uid/gid
	4) again call prctl(), telling it we will no longer want capabilities
	maintained if this process does another setuid().
	5) clear the capabilities that we added to allow us to
	setuid/setgid/change the bounding set (unless they were also requested
	by the caller via the virCommand API).
	Because the modification/maintaining of capabilities is intermingled
	with setting the uid, this is necessarily done in a single function,
	rather than having two independent functions.
	Note that, due to the way that effective capabilities are computed (at
	time of execve) for a process that has uid != 0, the *file*
	capabilities of the binary being executed must also have the desired
	capabilities bit(s) set (see "man 7 capabilities"). This can be done
	with the "filecap" command. (e.g. "filecap /usr/bin/qemu-kvm sys_rawio").

	util: drop capabilities immediately after changing uid/gid of child
	This is an interim measure to make sure everything still works in this
	order. The next step will be to perform capabilities drop and
	setuid/gid as a single operation (which is the only way to keep any
	capabilities when switching to a non-root uid).

	qemu: let virCommand set child process security labels/uid/gid
	The qemu driver had been calling virSecurityManagerSetProcessLabel()
	from a "pre-exec hook" function that is run after the child is forked,
	but before exec'ing qemu. This is problematic because the uid and gid
	of the child are set by the security driver, but capabilities are
	dropped by virCommand - such separation doesn't work; the two
	operations must be done together or the capabilities do not transfer
	properly to the child process.
	This patch switches to using virSecurityManagerSetChildProcessLabel(),
	which is called prior to virCommandRun() (rather than being called
	*during* virCommandrun() by the hook function), and doesn't set the
	UID/GID/security label directly, but instead merely informs virCommand
	what it should set them all to when the time is appropriate.
	This lets virCommand choose to do the uid/gid and caps dropping all at
	the same time if it wants (it does *want* to, but isn't doing so yet;
	that's for an upcoming patch).

	security: add new virSecurityManagerSetChildProcessLabel API
	The existing virSecurityManagerSetProcessLabel() API is designed so
	that it must be called after forking the child process, but before
	exec'ing the child. Due to the way the virCommand API works, that
	means it needs to be put in a "hook" function that virCommand is told
	to call out to at that time.
	Setting the child process label is a basic enough need when executing
	any process that virCommand should have a method of doing that. But
	virCommand must be told what label to set, and only the security
	driver knows the answer to that question.
	The new virSecurityManagerSet*Child*ProcessLabel() API is the way to
	transfer the knowledge about what label to set from the security
	driver to the virCommand object. It is given a virCommandPtr, and each
	security driver calls the appropriate virCommand* API to tell
	virCommand what to do between fork and exec.
	1) in the case of the DAC security driver, it calls
	virCommandSetUID/GID() to set a uid and gid that must be set for the
	child process.
	2) for the SELinux security driver, it calls
	virCommandSetSELinuxLabel() to save a copy of the char* that will be
	sent to setexeccon_raw() *after forking the child process*.
	3) for the AppArmor security drivers, it calls
	virCommandSetAppArmorProfile() to save a copy of the char* that will
	be sent to aa_change_profile() *after forking the child process*.
	With this new API in place, we will be able to remove
	virSecurityManagerSetProcessLabel() from any virCommand pre-exec
	hooks.
	(Unfortunately, the LXC driver uses clone() rather than virCommand, so
	it can't take advantage of this new security driver API, meaning that
	we need to keep around the older virSecurityManagerSetProcessLabel(),
	at least for now.)

	util: add security label setting to virCommand
	virCommand gets two new APIs: virCommandSetSELinuxLabel() and
	virCommandSetAppArmorProfile(), which both save a copy of a
	null-terminated string in the virCommand. During virCommandRun, if the
	string is non-NULL and we've been compiled with AppArmor and/or
	SELinux security driver support, the appropriate security library
	function is called for the child process, using the string that was
	previously set. In the case of SELinux, setexeccon_raw() is called,
	and for AppArmor, aa_change_profile() is called.
	This functionality has been added so that users of virCommand can use
	the upcoming virSecurityManagerSetChildProcessLabel() prior to running
	a child process, rather than needing to setup a hook function to be
	called (and in turn call virSecurityManagerSetProcessLabel()) *during*
	the setup of the child process.

	build: define SECDRIVER_LIBS in Makefile.am
	This makes it simpler to include the necessary system security driver
	libraries for a particular system. For this patch, several existing
	conditional sections from the Makfile were replaced; I'll later be
	adding SECDRIVER_LIBS to libvirt_util_la_LIBADD, because vircommand.c
	will be calling a function from $securitylib.

	qemu: replace exec hook with virCommandSetUID/GID in storage_backend

	qemu: replace exec hook with virCommandSetUID/GID in qemuCaps*
	Setting the uid/gid of the child process was the only thing done by
	the hook function in this case, and that can now be done more simply
	with virCommandSetUID/GID.

	util: make virSetUIDGID a NOP only when uid or gid is -1
	Rather than treating uid:gid of 0:0 as a NOP, we blindly pass that
	through to the lower layers. However, we *do* check for a requested
	value of "-1" to mean "don't change this setting". setregid() and
	setreuid() already interpret -1 as a NOP, so this is just an
	optimization, but we are also calling getpwuid_r and initgroups, and
	it's unclear what the former would do with a uid of -1.

	util: add virCommandSetUID and virCommandSetGID
	If a uid and/or gid is specified for a command, it will be set just
	after the user-supplied post-fork "hook" function is called.
	The intent is that this can replace user hook functions that set
	uid/gid. This moves the setting of uid/gid and dropping of
	capabilities closer to each other, which is important since the two
	should really be done at the same time (libcapng provides a single
	function that does both, which we will be unable to use, but want to
	mimic as closely as possible).

	util: refactor virCommandHook into virExec and virCommandHandshakeChild

	util: eliminate extra args from virExec
	All args except "cmd" in the call to virExec are now redundant, since
	they can all be found in cmd, so remove the args and reference the
	data directly in cmd. One exception to this is that "infd" was being
	modified within virExec, and modifying the original in cmd caused make
	check failures, so cmd->infd is copied to a local, and the local is
	used during virExec().

	util: eliminate generic hook from virExecWithHook
	virExecWithHook is only called from one place, so it always has the
	same "hook" function (virHookCommand), and the data sent to that
	function is always a virCommandPtr, so eliminate the function and
	generic data from the arglist, and replace it with "virCommandPtr
	cmd". The call to (hook)(data) is replaced with
	"virHookCommand(cmd)". Finally, virExecWithHook is renamed to virExec.
	Indentation has been updated only for code that will remain after the
	next patch, which will remove all other args to virExec (since they
	are now redundant, as they're all members of virCommandPtr).

2013-02-13  Daniel P. Berrange  <berrange@redhat.com>

	Remove qemuDriverLock from almost everywhere
	With the majority of fields in the virQEMUDriverPtr struct
	now immutable or self-locking, there is no need for practically
	any methods to be using the QEMU driver lock. Only a handful
	of helper APIs in qemu_conf.c now need it

2013-02-13  Michal Privoznik  <mprivozn@redhat.com>

	virCommand: Don't misuse the eventloop for async IO
	Currently, if a command wants to do asynchronous IO, a callback
	is registered in the libvirtd eventloop to handle writes and
	reads. However, there's a race in virCommandWait. The eventloop
	may already be executing the callback, while virCommandWait is
	mangling internal state of virCommand. To deal with it, we need
	to either introduce locking or spawn a separate thread where we
	poll() on stdio from child. The former, however, requires to
	unlock all mutexes held, as the event loop may execute other
	callbacks which tries to lock one of the mutexes, deadlock and
	thus never wake us up. So it's safer to spawn a separate thread.

	virsh-volume.c: Switch to c99 initialization of vshCmdInfo

	virsh-snapshot.c: Switch to c99 initialization of vshCmdInfo

	virsh-secret.c: Switch to c99 initialization of vshCmdInfo

	virsh-pool.c: Switch to c99 initialization of vshCmdInfo

	virsh-nwfilter.c: Switch to c99 initialization of vshCmdInfo

	virsh-nodedev.c: Switch to c99 initialization of vshCmdInfo

	virsh-network.c: Switch to c99 initialization of vshCmdInfo

	virsh-interface.c: Switch to c99 initialization of vshCmdInfo

	virsh-host.c: Switch to c99 initialization of vshCmdInfo

	virsh-domain.c: Switch to c99 initialization of vshCmdInfo

	virsh-domain-monitor.c: Switch to c99 initialization of vshCmdInfo

	virsh.c: Switch to c99 initialization of vshCmdInfo

	virsh: Switch to c99 initialization of vshCmdDef

2013-02-13  Eric Blake  <eblake@redhat.com>

	xen: clean up the mess with cpumap
	Commit 8b55992f added some Coverity comments to silence what was
	a real bug in the code.  Since then, we've had a miserable run
	of trying to fix the underlying problem (commits c059cde and
	ba5193c), and still have a problem on 32-bit machines.
	This fixes the problem for once and for all, by realizing that
	on older xen, cpumap_t is identical to uint64_t, and using the
	new virendian.h to do the transformation from the API (documented
	to be little-endian) to the host structure.
	* src/xen/xen_hypervisor.c (virXen_setvcpumap): Do the conversion
	correctly.  Finally.

	util: use new virendian.h macros
	This makes code easier to read, by avoiding lines longer than
	80 columns and removing the repetition from the callers.
	* src/util/virstoragefile.c (qedGetHeaderUL, qedGetHeaderULL):
	Delete in favor of more generic macros.
	(qcow2GetBackingStoreFormat, qcowXGetBackingStore)
	(qedGetBackingStore, virStorageFileMatchesVersion)
	(virStorageFileGetMetadataInternal): Use new macros.
	* src/cpu/cpu_x86.c (x86VendorLoad): Likewise.

	util: add virendian.h macros
	We have several cases where we need to read endian-dependent
	data regardless of host endianness; rather than open-coding
	these call sites, it will be nicer to funnel things through
	a macro.
	The virendian.h file can be expanded to add writer functions,
	and/or 16-bit access patterns, if needed.  Also, if we need
	to turn things into a function to avoid multiple evaluations
	of buf, that can be done later.  But for now, a macro worked.
	* src/util/virendian.h: New file.
	* src/Makefile.am (UTIL_SOURCES): Ship it.
	* tests/virendiantest.c: New test.
	* tests/Makefile.am (test_programs, virendiantest_SOURCES): Run
	the test.
	* .gitignore: Ignore built file.

2013-02-12  Daniel P. Berrange  <berrange@redhat.com>

	Release VM lock before acquiring virDomainObjListPtr lock
	When removing a VM from the virDomainObjListPtr, we must not
	be holding the VM lock while acquiring the list lock. Re-order
	code to ensure that we can release the VM lock early.

	Fix potential deadlock across fork() in QEMU driver
	The hook scripts used by virCommand must be careful wrt
	accessing any mutexes that may have been held by other
	threads in the parent process. With the recent refactoring
	there are 2 potential flaws lurking, which will become real
	deadlock bugs once the global QEMU driver lock is removed.
	Remove use of the QEMU driver lock from the hook function
	by passing in the 'virQEMUDriverConfigPtr' instance directly.
	Add functions to the virSecurityManager to be invoked before
	and after fork, to ensure the mutex is held by the current
	thread. This allows it to be safely used in the hook script
	in the child process.

2013-02-12  Eric Blake  <eblake@redhat.com>

	build: fix compilation of selinux on RHEL 5
	On RHEL 5, I got:
	security/security_selinux.c: In function 'getContext':
	security/security_selinux.c:971: warning: unused parameter 'mgr' [-Wunused-parameter]
	* src/security/security_selinux.c (getContext): Mark potentially
	unused parameter.

2013-02-12  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: domain_conf support for CCW
	Add necessary handling code for the new s390 CCW address type to
	virDomainDeviceInfo. Further, introduce  memory management, XML
	parsing, output formatting and range validation for the new
	virDomainDeviceCCWAddress type.

	S390: Documentation for CCW address type
	The native bus for s390 I/O is called CCW (channel command word).
	As QEMU has added basic support for the CCW bus, i.e. the
	ability to assign CCW devnos (bus addresses) to devices.
	Domains with the new machine type s390-ccw-virtio can use the
	CCW bus. Currently QEMU will only allow to define virtio
	devices on the CCW bus.
	Here we add the new machine type and the new device address to the
	schema definition and add a new paragraph to the domain XML
	documentation.

2013-02-12  Eric Blake  <eblake@redhat.com>

	build: fix VPATH testsuite
	'make check' has been failing on VPATH builds since commit
	907a39e7.  The tests already had magic for munging path names,
	but were munging to the wrong location, thus working only on
	an in-tree build.
	* tests/securityselinuxlabeltest.c (testSELinuxMungePath): Munge
	to correct path.

	docs: fix 1.0.2 release date
	* docs/news.html.in: Use correct release year.

2013-02-12  Laine Stump  <laine@laine.org>

	build: fix make check of remote_protocol-structs
	Broken by incorrect formatting / spelling of remote_nonnull in commit
	39758e7567b766f1df3948ea671d6ccb93daf7a9

2013-02-12  Guido Günther  <agx@sigxcpu.org>

	Check if classes are derived from object
	This makes sure we don't regress to old style classes

2013-02-12  John Ferlan  <jferlan@redhat.com>

	hypervisor: Restore pm initialization
	Adjustment for 'c059cdeaf' due to older compiler complaint about pm
	not being initialized even though the j&7 == 0 does the trick.

2013-02-12  Osier Yang  <jyang@redhat.com>

	virsh: Use virNodeDeviceLookupSCSIHostByWWN
	Only nodedev-destroy and nodedev-dumpxml can benifit from the
	new API, other commands like nodedev-detach only works for
	PCI devices, WWN makes no sense for them.

	nodedev: Implement virNodeDeviceLookupSCSIHostByWWN
	This just simply changes nodeDeviceLookupByWWN to be not static,
	and its name into nodeDeviceLookupSCSIHostByWWN. And use that for
	udev and HAL backends.

	remote: Wire up the remote protocol
	Like virNodeDeviceCreateXML, virNodeDeviceLookupSCSIHostByWWN
	has to be treated specially when generating the RPC codes. Also
	new rules are added in fixup_name to keep the name SCSIHostByWWN.

	Introduce API virNodeDeviceLookupSCSIHostByWWN
	Since the name (like scsi_host10) is not stable for vHBA, (it can
	be changed either after recreating or system rebooting), current
	API virNodeDeviceLookupByName is not nice to use for management app
	in this case. (E.g. one wants to destroy the vHBA whose name has
	been changed after system rebooting, he has to find out current
	name first).
	Later patches will support the persistent vHBA via storage pool,
	with which one can identify the vHBA stably by the wwnn && wwpn
	pair.
	So this new API comes.

2013-02-12  Daniel P. Berrange  <berrange@redhat.com>

	Remove re-entrant API call in SELinux/AppArmor security managers
	The security manager drivers are not allowed to call back
	out to top level security manager APIs, since that results
	in recursive mutex acquisition and thus deadlock. Remove
	calls to virSecurityManagerGetModel from SELinux / AppArmor
	drivers

2013-02-11  John Ferlan  <jferlan@redhat.com>

	hypervisor: Revisit Coverity issues regarding cpumap
	Turns out the issue regarding ptr_arith and sign_exension weren't false
	positives. When shifting an 'unsigned char' as a target, it gets promoted
	to an 'int'; however, that 'int' cannot be shifted 32 bits which was how
	the algorithm was written. For the ptr_arith rather than index into the
	cpumap, change the to address as necessary and assign directly.

	hypervisor: Remove redundant validity checks, clean up function headers
	Arguments for driver entry points are checked in libvirt.c, so no need to
	check again. Make function entry points consistent. Don't type caste the
	privateData.

	xend: Fix a memory leak found by Coverity
	Commit id '87b4c10c' moved the VIR_ALLOC_N, but didn't check if 'cpuset'
	had been allocated on failure.

	xend: Remove redundant validity checks, clean up function headers
	Arguments for driver entry points are checked in libvirt.c, so no need to
	check again. Make function entry points consistent. Don't type caste the
	privateData.

	xm: Remove redundant validity checks, clean up function headers
	Arguments for driver entry points are checked in libvirt.c, so no need to
	check again. Make function entry points consistent. Don't type caste the
	privateData.

	inotify: Clean up some function headers

	xs:  Remove redundant validity checks, clean up function headers
	Arguments for driver entry points are checked in libvirt.c, so no need to
	check again. Make function entry points consistent.

2013-02-11  Peter Krempa  <pkrempa@redhat.com>

	virsh-snapshot: Reject --no-metadata together with --print-xml
	Manual for "virsh snapshot-create-as" states that --no-metadata and
	--print-xml are incompatible. Honor this detail in the code.

	virsh-snapshot: Refactor some details in virsh snapshot-create-as
	This patch simplifies the creation of XML, some error paths and adds
	correct approach to check for virBuffer errors.

2013-02-11  Daniel P. Berrange  <berrange@redhat.com>

	Pass virQEMUDriverPtr into APIs managed shared disk list
	Currently the APIs for managing the shared disk list take
	a virHashTablePtr as the primary argument. This is bad
	because it requires the caller to deal with locking of
	the QEMU driver. Switch the APIs to take the full
	virQEMUDriverPtr instance

	Serialize execution of security manager APIs
	Add locking to virSecurityManagerXXX APIs, so that use of the
	security drivers is internally serialized. This avoids the need
	to rely on the global driver locks to achieve serialization

	Turn virSecurityManager into a virObjectLockable
	To enable locking to be introduced to the security manager
	objects later, turn virSecurityManager into a virObjectLockable
	class

2013-02-09  Harry Wei  <harryxiyou@gmail.com>

	sheepdog: skip refresh on creation failure
	Don't try to refresh Sheepdog volume if creating volume fails.

2013-02-09  Natanael Copa  <ncopa@alpinelinux.org>

	util: refactor iptables command construction into multiple steps
	Instead of creating an iptables command in one shot, do it in steps
	so we can add conditional options like physdev and protocol.
	This removes code duplication while keeping existing behaviour.

2013-02-09  Laine Stump  <laine@laine.org>

	qemu: support vhost-net for generic ethernet devices
	From qemu's point of view these are still just tap devices, so there's
	no reason they shouldn't work with vhost-net; as a matter of fact,
	Raja Sivaramakrishnan <srajag00@yahoo.com> verified on libvir-list
	that at least the qemu_command.c part of this patch works:
	  https://www.redhat.com/archives/libvir-list/2012-December/msg01314.html
	(the hotplug case is extrapolation on my part).

2013-02-08  Michal Privoznik  <mprivozn@redhat.com>

	network_conf.c: Free xmlDoc after use
	The virNetworkObjUpdateParseFile() function was not freeing the xml
	variable, leaving us with a memory leak.

2013-02-08  Peter Krempa  <pkrempa@redhat.com>

	virsh-snapshot: Fix XPath query to determine snapshot state
	The query didn't match the external state correctly for offline internal
	snapshots.

2013-02-08  Daniel P. Berrange  <berrange@redhat.com>

	Stop accessing driver->caps directly in QEMU driver
	The 'driver->caps' pointer can be changed on the fly. Accessing
	it currently requires the global driver lock. Isolate this
	access in a single helper, so a future patch can relax the
	locking constraints.

	Rename 'qemuCapsXXX' to 'virQEMUCapsXXX'
	To avoid confusion between 'virCapsPtr' and 'qemuCapsPtr'
	do some renaming of various fucntions/variables. All
	instances of 'qemuCapsPtr' are renamed to 'qemuCaps'. To
	avoid that clashing with the 'qemuCaps' typedef though,
	rename the latter to virQEMUCaps.

	Turn virCapabilities into a virObject
	To enable virCapabilities instances to be reference counted,
	turn it into a virObject. All cases of virCapabilitiesFree
	turn into virObjectUnref

	Fix comment about virCgroupPtr locking rules in QEMU driver
	The virCgroupPtr instance APIs are safe to use without locking
	in the QEMU driver, since all internal state they rely on is
	immutable. Update the comment to reflect this.

	Fix PKI directory used for QEMU test suite
	The data files for testing QEMU command line generation are
	hardcoded to use /etc/pki, so we should explicitly set that
	in the test case, avoiding the dynamic SYSCONFDIR value.

2013-02-08  Michal Privoznik  <mprivozn@redhat.com>

	virCondDestroy: Lose attribute RETURN_CHECK
	We are wrapping it in ignore_value() anyway.

	Drop useless virFileWrapperFdCatchError
	We are requesting for stderr catching for all cases in
	virFileWrapperFdNew(). There is no need to have a separate
	function just to report an error, esp. when we can do it in
	virFileWrapperFdClose().

2013-02-08  John Ferlan  <jferlan@redhat.com>

	HACKING: Sync with docs/hacking.html.in

	hacking: Add some details to handle Valgrind output
	hacking: Add some text around the running of Valgrind along with example
	output for "real" vs. "false positives".
	cfg.mk: Add hacking.in.html to sc_prohibit_raw_allocation

	valgrind: Adjust the suppression file

	virnetttlcontext: Resolve issues found by Valgrind
	Need to initialize 'usage' and 'critical' since the VIR_DEBUG will
	attempt to use them.

	qemumonitortestutils: Resolve resource leaks found by Valgrind
	When Valgrind runs the 'qemumonitorjsontest' it would claim that the
	thread created is leaked. That's because the virThreadJoin won't get
	called due to the 'running' flag being cleared.  In order to avoid that,
	call virThreadJoin unconditionally at cleanup time.  Also noted that the
	qemuMonitorTestWorker() didn't get the test mutex lock on the failure path.
	The incoming and outgoing buffers allocated by qemuMonitorTestIO() and
	qemuMonitorTestAddReponse() were never VIR_FREE()'d in qemuMonitorTestFree().

	qemumonitorjsontest: Resolve resource leaks found by Valgrind
	The 'package' string returned by qemuMonitorGetVersion() needs to
	be VIR_FREE()'d.
	testQemuMonitorJSONGetMachines(), testQemuMonitorJSONGetCPUDefinitions(),
	and testQemuMonitorJSONGetCommands() did not VIR_FREE() the array and
	array elements allocated by their respective qemuMonitorGet* routines.

	qemu_command: Resolve resource leaks found by Valgrind
	The qemuParseGlusterString() replaced dst->src without a VIR_FREE() of
	what was in there before.
	The qemuBuildCommandLine() did not properly free the boot_buf depending
	on various usages.
	The qemuParseCommandLineDisk() had numerous paths that didn't clean up
	the virDomainDiskDefPtr def properly. Adjust the logic to go through an
	error: label before cleanup in order to free the resource.

	domain_conf: Resolve resource leaks found by Valgrind
	Fix various resource leaks discovered while parsing through Valgrind output

	vport_profile_conf: Resolve memory leak found by Valgrind
	The 'virtPortInterfaceID' was not VIR_FREE()'d

	netdev_vlan_conf: Resolve memory leak found by Valgrind.
	The 'trunk' is filled in with virXPathString() value, but was
	never VIR_FREE()'d.

	qemuxml2argvtest: Resolve resource leaks found by Valgrind
	Valgrind deterimined that fakeSecretGetValue() was using the secret
	value without checking validity.  Returning NULL causes the caller
	to emit a message and results in failure.
	Additionally commit 'b090aa7d' changes leaked vncSASLdir and vncTLSx509certdir

	virnettlscontexttest: Resolve memory leak found by Valgrind
	testTLSDerEncode() will allocate memory for der.data, it wasn't VIR_FREE()'d.
	also don't initialized der to use static buffer.

2013-02-08  Guido Günther  <agx@sigxcpu.org>

	Add syntax-check to make sure Python files don't contain trailing semicolon
	We allow for a trailing semicolon in full line comments since
	docs/index.py has some SQL statements in it.

	Remove more trailing semicolons in Python files

2013-02-08  Peter Krempa  <pkrempa@redhat.com>

	syntax-check: Don't check non-reentrant functions in docs
	Otherwise constructions like "random (used by default)" end up breaking
	syntax check by apparently using non-reentrant functions.

2013-02-07  Guido Günther  <agx@sigxcpu.org>

	Cosmetics: Remove semicolons
	It's Python, not C

2013-02-06  Eric Blake  <eblake@redhat.com>

	build: fix build of HAL node backend
	Commit 2025356 missed uses of PCI functions in the older HAL-related
	code, probably because hal-devel is no longer available in latest Fedora.
	* src/node_device/node_device_hal.c (gather_pci_cap): Reflect
	function rename.

	bitmap: add way to find next clear bit
	We had an easy way to iterate set bits, but not for iterating
	cleared bits.
	* src/util/virbitmap.h (virBitmapNextClearBit): New prototype.
	* src/util/virbitmap.c (virBitmapNextClearBit): Implement it.
	* src/libvirt_private.syms (bitmap.h): Export it.
	* tests/virbitmaptest.c (test4): Test it.

2013-02-06  John Ferlan  <jferlan@redhat.com>

	qemu_hotplug: Need to call virUSBDeviceFree()

	rpc: Need to virCommandFree on error path

	uml: Resolve leak if need to requery in umlIdentifyOneChrPTY()
	Coverity noted that in the retry logic loop if res had been set, then
	it could be leaked so add a VIR_FREE(res) prior to retry.

	openvz: Need to error check openvzDomainSetVcpusFlagsInternal()

	parallels: Need to free memory on error path

	network: Remove conditional settings to resolve resource leak
	The conditional setting of cmdout in networkBuildDhcpDaemonCommandLine()
	caused Coverity to complain that 'cmd' could be leaked if !cmdout.  Since
	the function is local and only called with cmdout being passed those checks
	have been removed.

	storage: Resolve resource leaks with cmd processing

	keepalive: Resolve Coverity complaint
	The Coverity analysis emitted a BAD_SIZEOF error when doing the math
	within the TRACE macro. Doing the math outside the macro keeps Coverity quiet.

	tlscontext: Make sure to get proper pointer to 'dname'
	Keep Coverity happy by passing a pointer to 'dname' rather than the
	array itself.  The PROBE expansion would cause a BAD_SIZEOF.

2013-02-06  Jiri Denemark  <jdenemar@redhat.com>

	sanitytest.py: Do not rely on system libvirt
	When running sanitytest.py we should not rely on libvirt library
	installed on the system. And since we generate a nice wrapper called
	"run" that sets both PYTHON_PATH and LD_LIBRARY_PATH, we should just use
	it rather than trying to duplicate it in the Makefile.

2013-02-06  Daniel P. Berrange  <berrange@redhat.com>

	Initialize qemuImageBinary path at startup

	Introduce annotations for virQEMUDriverPtr fields
	Annotate the fields in virQEMUDriverPtr to indicate the locking
	rules for their use

	Protect USB/PCI device list access in QEMU with dedicated locks
	Currently the activePciHostdevs, inactivePciHostdevsd and
	activeUsbHostdevs lists are all implicitly protected by the
	QEMU driver lock. Now that the lists all inherit from the
	virObjectLockable, we can make the locking explicit, removing
	the dependency on the QEMU driver lock for correctness.

	Convert virPCIDeviceList and virUSBDeviceList into virObjectLockable
	To allow modifications to the lists to be synchronized, convert
	virPCIDeviceList and virUSBDeviceList into virObjectLockable
	classes. The locking, however, will not be self-contained. The
	users of these classes will have to call virObjectLock/Unlock
	in the critical regions.

	Rename all USB device functions to have a standard name prefix
	Rename all the usbDeviceXXX and usbXXXDevice APIs to have a
	fixed virUSBDevice name prefix

	Fix leak of usbDevice struct when initializing cgroups
	When iterating over USB host devices to setup cgroups, the
	usbDevice object was leaked in both LXC and QEMU driers

	Rename all PCI device functions to have a standard name prefix
	Rename all the pciDeviceXXX and pciXXXDevice APIs to have a
	fixed virPCIDevice name prefix

	Remove pointless 'qemuVersion' field from virQEMUDriverPtr
	The QEMU driver struct has a 'qemuVersion' field that was previously
	used to cache the version lookup from capabilities. With the recent
	QEMU capabilities rewrite the caching happens at a lower level so
	this field is pointless. Removing it avoids worries about locking
	when updating it.

	Use atomic ops to increment nextvmid
	Use atomic ops to increment nextvmid and encapsulate it in a
	method to prevent accidental non-atomic access

	Make virDomainObjList self-locking via virObjectLockable
	Switch virDomainObjList to inherit from virObjectLockable and
	make all the APIs acquire/release the mutex when running. This
	makes virDomainObjList completely self-locking and no longer
	reliant on the hypervisor driver locks

	Merge virDomainObjListIsDuplicate into virDomainObjListAdd
	The duplicate VM checking should be done atomically with
	virDomainObjListAdd, so shoud not be a separate function.
	Instead just use flags to indicate what kind of checks are
	required.
	This pair, used in virDomainCreateXML:
	   if (virDomainObjListIsDuplicate(privconn->domains, def, 1) < 0)
	     goto cleanup;
	   if (!(dom = virDomainObjListAdd(privconn->domains,
	                                   privconn->caps,
	                                   def, false)))
	     goto cleanup;
	Changes to
	   if (!(dom = virDomainObjListAdd(privconn->domains,
	                                   privconn->caps,
	                                   def,
	                                   VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE,
	                                   NULL)))
	     goto cleanup;
	This pair, used in virDomainRestoreFlags:
	   if (virDomainObjListIsDuplicate(privconn->domains, def, 1) < 0)
	     goto cleanup;
	   if (!(dom = virDomainObjListAdd(privconn->domains,
	                                   privconn->caps,
	                                   def, true)))
	     goto cleanup;
	Changes to
	   if (!(dom = virDomainObjListAdd(privconn->domains,
	                                   privconn->caps,
	                                   def,
	                                   VIR_DOMAIN_OBJ_LIST_ADD_LIVE |
	                                   VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE,
	                                   NULL)))
	     goto cleanup;
	This pair, used in virDomainDefineXML:
	   if (virDomainObjListIsDuplicate(privconn->domains, def, 0) < 0)
	     goto cleanup;
	   if (!(dom = virDomainObjListAdd(privconn->domains,
	                                   privconn->caps,
	                                   def, false)))
	     goto cleanup;
	Changes to
	   if (!(dom = virDomainObjListAdd(privconn->domains,
	                                   privconn->caps,
	                                   def,
	                                   0, NULL)))
	     goto cleanup;

	Fix typo in configure.ac causing $LIBS to gain a copy of $CFLAGS
	The virt-dbus.m4 check for DBus was preserving $LIBS before
	modifying it. Except it wasn't. It was preserving another
	copy of $CFLAGS. The result was that after the check completed,
	$LIBS got polluted with $CFLAGS

2013-02-06  Eric Blake  <eblake@redhat.com>

	tests: reserve more fds for commandtest
	Commit 39c77fe triggered random failures, depending on the platform
	and what other fds leak into the testsuite (for me, it passed on
	RHEL 6 but failed on Fedora 18).  The reason was that we were
	expecting an fd that fell outside of our reserved range.  By reserving
	a larger range, the test once again passes on all platforms.
	* tests/commandtest.c (mymain): Reserve enough fds.

	qemu: don't log failure during QMP add-fd probe
	Otherwise, we get a lot of scary (but harmless) noise in the logs:
	2013-02-05 15:35:48.555+0000: 8637: error : qemuMonitorJSONCheckError:353 : internal error unable to execute QEMU command 'add-fd': Parameter 'fdset-id' expects an existing fdset-id
	one for every qemu 1.2 binary that we probe.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONAddFd): During
	probe, avoid logging failures.

2013-02-05  John Ferlan  <jferlan@redhat.com>

	Add John Ferlan to the committers list

2013-02-05  Daniel P. Berrange  <berrange@redhat.com>

	Turn virDomainObjList into an opaque virObject
	As a step towards making virDomainObjList thread-safe turn it
	into an opaque virObject, preventing any direct access to its
	internals.
	As part of this a new method virDomainObjListForEach is
	introduced to replace all existing usage of virHashForEach

	Rename all domain list APIs to have virDomainObjList prefix
	The APIs names for accessing the domain list object are
	very inconsistent. Rename them all to have a standard
	virDomainObjList prefix.

	Introduce a virQEMUDriverConfigPtr object
	Currently the virQEMUDriverPtr struct contains an wide variety
	of data with varying access needs. Move all the static config
	data into a dedicated virQEMUDriverConfigPtr object. The only
	locking requirement is to hold the driver lock, while obtaining
	an instance of virQEMUDriverConfigPtr. Once a reference is held
	on the config object, it can be used completely lockless since
	it is immutable.
	NB, not all APIs correctly hold the driver lock while getting
	a reference to the config object in this patch. This is safe
	for now since the config is never updated on the fly. Later
	patches will address this fully.

	Fix missing error constants in libvirt python module
	The previous change to the generator, changed too much - only
	the functions are in 'virerror.c', the constants remained in
	'virerror.h' which could not be renamed for API compat reasons.
	Add a test case to sanity check the generated python bindings

2013-02-05  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Catch stderr of image compression binary
	If a compression binary prints something to stderr, currently
	it is discarded. However, it can contain useful data from
	debugging POV, so we should catch it.

	qemu: Catch stderr of image decompression binary
	If a decompression binary prints something to stderr, currently
	it is discarded. However, it can contain useful data from
	debugging POV, so we should catch it.

	virFileWrapperFd: Switch to new virCommandDoAsyncIO
	Commit 34e8f63a32f83 introduced support for catching errors from
	libvirt iohelper. However, at those times there wasn't such fancy
	API as virCommandDoAsyncIO(), so everything has to be implemented
	on our own. But since we do have the API now, we can use it and
	drop our implementation then.

	tests: Create test for virCommandDoAsyncIO
	This is just a basic test, so we don't break virCommand in the
	future. A "Hello world\n" string is written to commanhelper,
	which copies input to stdout and stderr where we read it from.
	Then the read strings are compared with expected values.

	Introduce event loop to commandtest
	This is just preparing environment for the next patch, which is
	going to need an event loop.

	virCommand: Introduce virCommandDoAsyncIO
	Currently, if we want to feed stdin, or catch stdout or stderr of a
	virCommand we have to use virCommandRun(). When using virCommandRunAsync()
	we have to register FD handles by hand. This may lead to code duplication.
	Hence, introduce an internal API, which does this automatically within
	virCommandRunAsync(). The intended usage looks like this:
	    virCommandPtr cmd = virCommandNew*(...);
	    char *buf = NULL;
	    ...
	    virCommandSetOutputBuffer(cmd, &buf);
	    virCommandDoAsyncIO(cmd);
	    if (virCommandRunAsync(cmd, NULL) < 0)
	        goto cleanup;
	    ...
	    if (virCommandWait(cmd, NULL) < 0)
	        goto cleanup;
	    /* @buf now contains @cmd's stdout */
	    VIR_DEBUG("STDOUT: %s", NULLSTR(buf));
	    ...
	cleanup:
	    VIR_FREE(buf);
	    virCommandFree(cmd);
	Note, that both stdout and stderr buffers may change until virCommandWait()
	returns.

2013-02-05  Peter Krempa  <pkrempa@redhat.com>

	conf: Use correct type for device type enum in virDomainDeviceDefFree
	With this change it's easy to spot a forgotten free if a new device
	class is added.

2013-02-05  Jiri Denemark  <jdenemar@redhat.com>

	build: Add libcurl dependency to libvirt_driver.la
	libvirt.c calls curl_global_init() if WITH_CURL is defined and thus it
	should be linked with libcurl. This fixes link failure in case neither
	xenapi nor esx driver is enabled (they are the only users of libcurl).

	spec: Fix minor changelog issues
	When a changelog entry references an RPM macro, % needs to be escaped so
	that it does not appear expanded in package changelog.
	Fri Mar  4 2009 is incorrect since Mar 4 was Wednesday. Since
	libvirt-0.6.1 was released on Mar 4 2009, we should change Fri to Wed.

2013-02-05  Martin Kletzander  <mkletzan@redhat.com>

	Add basic support for VDI images
	QEMU is fully capable of handling VDI images and we just refuse to
	work with them.  As qemu-img knows and supports this, there should be
	no problem with this addition.
	This is of course, just basic functionality, without searching for any
	backing files, etc.

	Support shifted magic in storage files
	Some files have the magic shifted to some offset other than 0, so we
	have to support that.  I also cleaned up some lines to be more
	readable and added missing magic for iso file format.

2013-02-04  Peter Krempa  <pkrempa@redhat.com>

	virsh-secret: Refactor error paths
	This patch switches string option retrieval to vshCommandOptStringReq
	and refactors some error paths to avoid an unlikely memory leak of a
	secret object in cmdSecretSetValue.

	virsh-nwfilter: Update nwfilter commands to use vshCommandOptStringReq

	virsh-snapshot: Update snapshot commands to use vshCommandOptStringReq
	also avoids potential NULL pointer dereference:
	$ virsh snapshot-current asdf ""
	error: invalid snapshotname argument '(null)'
	by removing the error message in favor of vshCommandOptStringReq

	virsh-snapshot: Refactor cmdSnapshotDumpXML
	This patch simplifies error paths and switches to use
	vshCommandOptStringReq for argument retrieval in cmdSnapshotDumpXML

	virsh-nodedev: Refactor error paths, error messages and whitespace
	This patch adds some empty lines to separate blocks of code, cleans up
	unnecessary error message constructs in cmdNodeDeviceDetach,
	cmdNodeDeviceReAttach, cmdNodeDeviceReset and refactors error paths in
	cmdNodeDeviceDumpXML.

	virsh-nodedev: Update node device commands to use vshCommandOptStringReq

	virsh-interface: Update interface commands to use vshCommandOptStringReq

	virsh-network: Update network commands to use vshCommandOptStringReq

	virsh-host: Update host commands to use vshCommandOptStringReq

	virsh-domain: Update domain commands to use vshCommandOptStringReq

	virsh-domain-monitor: Update domain commands to use vshCommandOptStringReq

	virsh-volume: Update volume commands to use vshCommandOptStringReq

	virsh-pool: Update pool commands to use vshCommandOptStringReq
	Rework most of option string retrievals to the new helper.

	virsh: Add helper to request string arguments with error reporting
	This patch adds a helper function with similar semantics to
	vshCommandOptString that requests a string argument, but does some error
	reporting without the need to do it in the functions themselves.
	The error reporting also provides information about the parameter whose
	retrieval failed.

	virsh-pool: Rename helper function buildPoolXML to vshBuildPoolXML

	virsh-volume: Rename helper function makeCloneXML to vshMakeCloneXML

	virsh-snapshot: Fix coding style and remove dead code
	buffer won't be NULL in any case when reaching the check and the first
	block of the if statement was lacking parentheses

2013-02-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	hyperv: Simplify hypervPrivate pointer handling in hypervOpen

	esx: Simplify esxPrivate pointer handling in esxOpen
	Commit 4445e16bfa8056980ac643fabf17186f9e685925 changed the signature
	of esxConnectToHost and esxConnectToVCenter by replacing the esxPrivate
	pointer with virConnectPtr. The esxPrivate pointer was then retrieved
	again from virConnectPtr's privateData. This resulted in a NULL pointer
	dereference, because the privateData pointer was not yet initialized at
	the point where esxConnectToHost and esxConnectToVCenter are called.
	This was fixed in commit b126715a48cd0cbe32ec6468c267cd8cf2961c55 that
	moved the initialization of privateData before the problematic calls.
	Simplify the logic by making the call to esxFreePrivate unconditional and
	changing esxConnectToHost and esxConnectToVCenter back to take a esxPrivate
	pointer directly. This allows to assign esxPrivate to the virConnectPtr's
	privateData pointer as one of the last steps in esxOpen making it more
	obvious that it is not initialized during the earlier steps of esxOpen.

2013-02-02  Eric Blake  <eblake@redhat.com>

	docs: don't ignore virEvent API
	Commit 6094ad7b (0.9.3 release) promoted several functions from
	internal to public, but forgot to fix the documentation generator
	to provide details about those functions.
	For an example of what this fixes, look at:
	file:///path/to/libvirt/docs/html/libvirt-libvirt.html#virEventAddHandle
	before and after the patch.
	* docs/apibuild.py (ignored_functions): Don't ignore functions
	that were turned into official API.
	* src/util/virevent.c: Fix comments to pass through parser.

	maint: update to latest gnulib
	CVE-2013-0242 in glibc's regex() can cause a DoS in any daemon
	that runs a regex search on user input while in a multibyte locale.
	I'm not sure how hard it would be to trigger such a setup for
	libvirtd, but rather than risk things, we can avoid the issue:
	gnulib has worked around the problem, and by updating to the latest
	gnulib, we can avoid the bug even on platforms where glibc has yet
	to be patched.
	* .gnulib: Update to latest, for various fixes, including regex.
	* bootstrap: Resync from upstream.

2013-02-01  Claudio Bley  <cbley@av-test.de>

	docs: use div, not table, for notices on opaque types
	It's simpler to render and it prevents wrapping the line too early
	because of the table spacing, border et cetera.

	docs: abort when missing return or argument documentation
	When a function has no associated information to one of its
	arguments or its return type we report it and stop with an error.

	libvirt.h.in: document virConnectDomainEventCallback's return value

	libvirt.h.in: add missing return doc for virEventRemoveHandleFunc

	libvirt.h.in: fix documentation for virConnectDomainEventBlockJobCallback
	In commit 3ac26e2645e6456389a918455213d7e3824f63f9 parameter "path" was
	renamed to "disk" but this change was not reflected in the documentation.
	Additionally, documentation of the "opaque" parameter was missing.

	libvirt.h.in: add missing documentation for virConnectCloseFunc

2013-02-01  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add support for QEMU -add-fd support detection
	Add support for QEMU -add-fd command line parameter detection.
	This intentionally rejects qemu 1.2, where 'add-fd' QMP did
	not allow full control of set ids, and where there was no command
	line counterpart, but accepts qemu 1.3.

2013-02-01  Eric Blake  <eblake@redhat.com>

	qemu: expose qemu 1.3 add-fd monitor command
	Add entry points for calling the qemu 'add-fd' and 'remove-fd'
	monitor commands.  There is no entry point for 'query-fdsets';
	the assumption is that a developer can use
	 virsh qemu-monitor-command domain '{"execute":"query-fdsets"}'
	when debugging issues, and that meanwhile, libvirt is responsible
	enough to remember what fds it associated with what fdsets.
	Likewise, on the 'add-fd' command, it is assumed that libvirt
	will always pass a set id, rather than letting qemu autogenerate
	the next available id number.
	* src/qemu/qemu_monitor.c (qemuMonitorAddFd, qemuMonitorRemoveFd):
	New functions.
	* src/qemu/qemu_monitor.h (qemuMonitorAddFd, qemuMonitorRemoveFd):
	New prototypes.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONAddFd)
	(qemuMonitorJSONRemoveFd): New functions.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONAddFd)
	(qemuMonitorJSONRemoveFd): New prototypes.

	tests: add a comment about our fake qmp
	While testing QMP, I used a simple qemu session of
	'qemu-kvm -M none -nodefaults -nographic -qmp stdio'
	for some experiments.  But it took me far too long to remember
	the magic invocation to unlock QMP into accepting normal commands.
	While I was able to grep libvirt sources and easily find where
	libvirt expects the normal "QMP" greeting, I could not find the
	proper reply to that greeting nearby.
	Reading the testsuite didn't help either, since there we don't
	emulate the mandatory handshake.  But since my grep hit the
	testsuite, adding a bit of documentation will make it much easier
	to jog my memory in the future.
	* tests/qemumonitortestutils.c (QEMU_JSON_GREETING): Mention that
	the normal counterpart reply is skipped.

2013-01-31  Jiri Denemark  <jdenemar@redhat.com>

	spec: Avoid using makeinstall relic
	The macro was made to help installing broken packages that did not use
	DESTDIR correctly by overriding individual path variables (prefix,
	sysconfdir, ...). Newer rpm provides fixed make_install macro that calls
	make install with just the correct DESTDIR, however it is not available
	everywhere (e.g., RHEL 5 does not have it). On the other hand the
	make_install macro is simple and straightforward enough for us to use
	its expansion directly.

2013-01-31  Serge Hallyn  <serge.hallyn@canonical.com>

	complete virterror->virerror name change
	Without these two string changes in generator.py, the
	virGetLastError wrapper does not get created in
	/usr/share/pyshared/libvirt.py.  Noticed when running
	tests with virt-install.

2013-01-31  Jiri Denemark  <jdenemar@redhat.com>

	tests: Don't build securityselinuxlabeltest without qemu
	Sources for securityselinuxlabeltest are only defined if qemu driver is
	enabled so we should not try to build the test if qemu driver is
	disabled.

2013-01-31  Claudio Bley  <cbley@av-test.de>

	apibuild.py: fix TypeError raised in except clause
	When an exception happened inside the try clause in serialize_function,
	a new exception was raised in the except clause subsequently:
	Traceback (most recent call last):
	  File "./apibuild.py", line 2529, in <module>
	    rebuild("libvirt")
	  File "./apibuild.py", line 2513, in rebuild
	    builder.serialize()
	  File "./apibuild.py", line 2467, in serialize
	    self.serialize_function(output, function)
	  File "./apibuild.py", line 2208, in serialize_function
	    self.warning("Failed to save function %s info: " % name, `id.info`)
	TypeError: warning() takes exactly 2 arguments (3 given)
	Use the correct number of arguments for self.warning and print the
	original exception to stderr.

2013-01-31  John Ferlan  <jferlan@redhat.com>

	Enforce return check on virAsprintf() calls
	Way back when I started making changes for Coverity messages my first set
	were to a bunch of CHECKED_RETURN errors.  In particular virAsprintf() had
	a few callers that Coverity noted didn't check their return (although some
	did check if the buffer being printed to was NULL or not).
	It was suggested at the time as a further patch an ATTRIBUTE_RETURN_CHECK
	should be added to virAsprintf(), see:
	https://www.redhat.com/archives/libvir-list/2013-January/msg00120.html
	This patch does that and fixes a few more instances not found by Coverity
	that failed the check.

2013-01-30  Jiri Denemark  <jdenemar@redhat.com>

	util: Fix mask for 172.16.0.0 private address range
	https://bugzilla.redhat.com/show_bug.cgi?id=905708
	Only the first 12 bits should be set in the mask for this range. All
	addresses between 172.16.0.0 and 172.31.255.255 are private.

2013-01-30  Peter Krempa  <pkrempa@redhat.com>

	snapshot: Mention disk-only snapshots in error message
	When a disk-only snapshot is requested the domain is treated as if it
	was offline. This forbids to mix memory checkpoints with the DISK_ONLY
	flag.
	This patch improves the error message and mentions the restriction in
	the virsh man page.

2013-01-30  Martin Kletzander  <mkletzan@redhat.com>

	Sync HACKING and hacking.html.in
	After one last-minute change, only HACKING was updated and not
	hacking.html.in, so this patch synchronizes that.

2013-01-30  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.0.2
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: updated localizations

2013-01-30  Martin Kletzander  <mkletzan@redhat.com>

	Ignore '.trs' files
	When doing checks with automake, there are '<testname>.trs' files left
	behind, that might or might not be usable, however these show up in
	'git status' even though we definitely don't want them to be tracked
	in the repository'.  Automake adds the '--trs-files' option by default
	since commit 0c81b43f711fb861f04227ced8dba889596d9c43 [1], which
	consequently (from 1.13 in my case) started leaving these files behind
	along with '<testname>.log' files as well (which we already ignore).
	[1] http://git.savannah.gnu.org/gitweb/?p=automake.git;a=commitdiff;h=0c81b43

	docs: aesthetical cleanups
	Adding dots inside "exempli gratia" where missing.  While on that, I
	took the liberty of changing it where found with simple grep.

	conf: Don't format cputune element when not needed
	Commit 60b176c3d0f0d5037acfa5e27c7753f657833a0b introduced a bug that
	when editing an XML with cputune similar to this:
	...
	  <vcpu placement='static' current='1'>2</vcpu>
	  <cputune>
	    <vcpupin vcpu="1" cpuset="0"/>
	  </cputune>
	...
	results in formatted XML that looks like this:
	...
	  <vcpu placement='static' current='1'>2</vcpu>
	  <cputune>
	  </cputune>
	...
	That is caused by a condition depending on def->cputune.vcpupin being
	set rather than checking def->cputune.nvcpupin.  Notice that nvcpupin
	can be 0 and vcpupin can still be allocated since it's a pointer to an
	array, so no harm done there.
	I also changed it on other places in the code where it depended on the
	wrong variable.

2013-01-30  Claudio Bley  <cbley@av-test.de>

	docs: fix missed documentation for virterror functions
	Commit f24404a3244b50c1d6d3a735445b02450ac40981 renamed virterror.c to
	virerror.c but forgot to change the reference in this file.

2013-01-30  Doug Goldstein  <cardoe@cardoe.com>

	virlog: remove old code comment
	Setting the log output prefix to 0 is not supported and in fact results
	in the following message:
	warning : virLogParseOutputs:1021 : Ignoring invalid log output setting.

2013-01-29  Jiri Denemark  <jdenemar@redhat.com>

	build: Regenerate man pages on version bump
	Whenever libvirt version changes in configure.ac, we need to regenerate
	man pages so that they contain correct version info.

2013-01-29  Ján Tomko  <jtomko@redhat.com>

	conf: Fix cpumask leak in virDomainDefFree
	def->cpumask is a bitmap and needs to be freed by virBitmapFree.

2013-01-29  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Destroy domain on decompression binary error
	https://bugzilla.redhat.com/show_bug.cgi?id=894723
	Currently, if qemuProcessStart() succeeds, but it's decompression
	binary that returns nonzero status, we don't kill the qemu process,
	but remove it from internal domain list, leaving the qemu process
	hanging around totally uncontrolled.

2013-01-29  Peter Krempa  <pkrempa@redhat.com>

	rpc: Fix crash on error paths of message dispatching
	This patch resolves CVE-2013-0170:
	https://bugzilla.redhat.com/show_bug.cgi?id=893450
	When reading and dispatching of a message failed the message was freed
	but wasn't removed from the message queue.
	After that when the connection was about to be closed the pointer for
	the message was still present in the queue and it was passed to
	virNetMessageFree which tried to call the callback function from an
	uninitialized pointer.
	This patch removes the message from the queue before it's freed.
	* rpc/virnetserverclient.c: virNetServerClientDispatchRead:
	    - avoid use after free of RPC messages

2013-01-28  Osier Yang  <jyang@redhat.com>

	rng: Change the datatype for volume name for common use
	The "volName" will be used by later patch.

	eng: Remove the duplicate definition
	The RE for data type "name" storagepool.rng uses is same with
	"genericName" in basictypes.rng.

2013-01-27  Michal Privoznik  <mprivozn@redhat.com>

	qemu_hotplug: Rework media changing process
	https://bugzilla.redhat.com/show_bug.cgi?id=892289
	It seems like with new udev within guest OS, the tray is locked,
	so we need to:
	- 'eject'
	- wait for tray to open
	- 'change'
	Moreover, even when doing bare 'eject', we should check for
	'tray_open' as guest may have locked the tray. However, the
	waiting phase shouldn't be unbounded, so I've chosen 10 retries
	maximum, each per 500ms. This should give enough time for guest
	to eject a media and open the tray.

2013-01-27  Eric Blake  <eblake@redhat.com>

	maint: one missed syms file
	Commit f0aa493 missed a file.
	* src/libvirt_driver_modules.syms: Add editor hint.

2013-01-26  John Ferlan  <jferlan@redhat.com>

	vbox: Adjust the UTF FREE macros
	Adjust the macros to free memory allocated during various calls to
	perform the check if parameter is NULL prior to really freeing and to
	set the pointer to NULL after done freeing.

	vbox: Address false positive for NULL dereference
	Resolve a false positive from 'vboxIIDFromUUID_v2_x()'. The code sets
	'iid->value = &iid->backing' unconditionally prior to calling 'nsIDFromChar()'.
	The 'vboxIIDUnalloc_v2_x()' checks iid->value to not be &iid->backing. The
	iid->backing is a static buffer within the initialized structure.

2013-01-26  Guido Günther  <agx@sigxcpu.org>

	Make sure we only abort without libcurl if $with_esx = yes

2013-01-26  Peter Krempa  <pkrempa@redhat.com>

	virsh: Add --print-xml flag for attach-disk command
	The flag causes the XML of the disk that would be attached to be printed
	instead.

2013-01-26  Jim Fehlig  <jfehlig@suse.com>

	libxl: Domain event handler improvements
	Since libxl provides the domain ID in the event handler callback,
	find the domain object based on the ID.  This approach prevents
	processing the callback on a domain that has already been reaped.
	Also, similar to the xl implementation, ignore the SUSPEND shutdown
	reason.  By calling libxl_domain_suspend(), we know a shutdown
	event with SUSPEND reason will be generated, but it can be safely
	ignored since any subsequent cleanup will be done by the callers.

	libxl: Fix removing non-persistent domain after save
	libxlDoDomainSave() was removing non-persistent domains, but
	required callers to have the virDomainObj locked.  Callers could
	potentially unlock an already freed virDomainObj.  Move this
	logic to the callers of libxlDoDomainSave().

	libxl: Explicitly remove timeouts
	I've noticed that libxl can invoke timeout reregister/modify hooks
	after returning from libxl_ctx_free.  Explicitly remove the
	timeouts before freeing the libxl ctx to avoid executing hooks on
	stale objects.

	libxl: Fix race between destruction of objects
	It is possible to destroy and cleanup a VM, resulting in freeing the
	libxlDomainObjPrivate object and associated libxl ctx, before all fds and
	timeouts have been deregistered and destroyed.
	Fix this race by incrementing the reference count on libxlDomainObjPrivate
	for each fd and timeout registration.  Only when all fds and timeouts are
	deregistered and destroyed will the libxlDomainObjPrivate be destroyed.

	libxl: Fix races in libxl event code
	The libxl driver is racy in it's interactions with libxl and libvirt's
	event loop.  The event loop can invoke callbacks after libxl has
	deregistered the event, and possibly access freed data associated with
	the event.
	This patch fixes the race by converting libxlDomainObjPrivate to a
	virObjectLockable, and locking it while executing libxl upcalls and
	libvirt event loop callbacks.
	Note that using the virDomainObj lock is not satisfactory since it may
	be desirable to hold the virDomainObj lock even when libxl events such
	as reading and writing to xenstore need processed.

	libxl: Fix handling of timeouts
	xen-unstable changeset 26469 makes changes wrt modifying and deregistering
	timeouts.
	First, timeout modify callbacks will only be invoked with an
	abs_t of {0,0}, i.e. make the timeout fire immediately.  Prior to this
	commit, timeout modify callbacks were never invoked.
	Second, timeout deregister hooks will no longer be called.
	This patch makes changes in the libvirt libxl driver that should be
	compatible before and after changeset 26469.
	While at it, fix a potential overflow in the timeout register callback.

2013-01-26  Eric Blake  <eblake@redhat.com>

	conf: avoid NULL deref for pmsuspended domain state
	While working with a pmsuspend vs. snapshot issue, I noticed that
	the state file in /var/run/libvirt/qemu/dom.xml contained a rather
	suspicious "(null)" string, which does not round-trip well through
	a libvirtd restart.  Had I been on a platform other than glibc
	where printf("%s",NULL) crashes instead of printing (null), we might
	have noticed the problem much sooner.
	And in fixing that problem, I also noticed that we had several
	missing states, because we were #defining several *_LAST names
	to a value _different_ than what they were already given as enums
	in libvirt.h.  Yuck.  I got rid of default: labels in the case
	statements, because they get in the way of gcc's -Wswitch helping
	us ensure we cover all enum values.
	* src/conf/domain_conf.c (virDomainStateReasonToString)
	(virDomainStateReasonFromString): Fill in missing domain states;
	rewrite case statement to let compiler enforce checking.
	(VIR_DOMAIN_NOSTATE_LAST, VIR_DOMAIN_RUNNING_LAST)
	(VIR_DOMAIN_BLOCKED_LAST, VIR_DOMAIN_PAUSED_LAST)
	(VIR_DOMAIN_SHUTDOWN_LAST, VIR_DOMAIN_SHUTOFF_LAST)
	(VIR_DOMAIN_CRASHED_LAST): Drop dead defines.
	(VIR_DOMAIN_PMSUSPENDED_LAST): Drop dead define.
	(virDomainPMSuspendedReason): Add missing enum function.
	(virDomainRunningReason, virDomainPausedReason): Add missing enum
	value.
	* src/conf/domain_conf.h (virDomainPMSuspendedReason): Declare
	missing functions.
	* src/libvirt_private.syms (domain_conf.h): Export them.

2013-01-25  Eric Blake  <eblake@redhat.com>

	maint: make it easier to sort syms files
	I got bit by 'make check' complaining that the sort order I got
	by emacs' sort-lines function differed from expectations.
	* src/libvirt_private.syms: Add emacs trailer.
	* src/libvirt_atomic.syms: Likewise.
	* src/libvirt_daemon.syms: Likewise.
	* src/libvirt_esx.syms: Likewise.
	* src/libvirt_libssh2.syms: Likewise.
	* src/libvirt_linux.syms: Likewise.
	* src/libvirt_openvz.syms: Likewise.
	* src/libvirt_sasl.syms: Likewise.
	* src/libvirt_vmx.syms: Likewise.
	* src/libvirt_xenxs.syms: Likewise.

2013-01-25  Michal Privoznik  <mprivozn@redhat.com>

	qemu_monitor: Fix tray-open attribute in query-block
	With our code, we fail to query for tray-open attribute currently.
	That's because in HMP it is 'tray-open' and in QMP it's 'tray_open'.
	It always has been. However, we got it exactly the opposite.

2013-01-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix bogus reporting of KVM support for non-native emulators
	A logic bug meant we reported KVM was possible for every
	architecture, merely based on whether the query-kvm command
	exists. We should instead have been doing it based on whether
	the query-kvm command returns 'present: 1'

	Move QEMU capabilities initialization later in QEMU startup
	Currently QEMU capabilities are initialized before the QEMU driver
	sets ownership on its various directories. The upshot is that if
	you change the user/group in the qemu.conf file, libvirtd will fail
	to probe QEMU the first time it is run after the config change.
	Moving QEMU capabilities initialization to after the chown() calls
	fixes this

	Fix performance & reliabilty of QMP probing
	This previous commit
	  commit 1a50ba2cb07d8bb2aa724062889deb9efd7ad9e9
	  Author: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
	  Date:   Mon Nov 26 15:17:13 2012 +0100
	    qemu: Fix QMP Capabability Probing Failure
	which attempted to make sure the QEMU process used for probing
	ran as the right user id, caused serious performance regression
	and unreliability in probing. The -daemonize switch in QEMU
	guarantees that the monitor socket is present before the parent
	process exits. This means libvirtd is guaranteed to be able to
	connect immediately. By switching from -daemonize to the
	virCommandDaemonize API libvirtd was no longer synchronized with
	QEMU's startup process. The result was that the QEMU monitor
	failed to open and went into its 200ms sleep loop. This happened
	for all 25 binaries resulting in 5 seconds worth of sleeping
	at libvirtd startup. In addition sometimes when libvirt connected,
	QEMU would be partially initialized and crash causing total
	failure to probe that binary.
	This commit reverts the previous change, ensuring we do use the
	-daemonize flag to QEMU. Startup delay is cut from 7 seconds
	to 2 seconds on my machine, which is on a par with what it was
	prior to the capabilities rewrite.
	To deal with the fact that QEMU needs to be able to create the
	pidfile, we switch pidfile location fron runDir to libDir, which
	QEMU is guaranteed to be able to write to.

2013-01-25  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainSendKey: Relax the qemu driver locking
	Currently, there is no reason to hold qemu driver locked
	throughout whole API execution. Moreover, we can use the
	new qemuDomObjFromDomain() internal API to lookup domain then.

2013-01-25  Satoru Moriya  <satoru.moriya@hds.com>

	node_memory: Add '\n' to help message
	Linefeed is missed in the help of node-memory-tune.
	This patch just adds '\n' to get a correct help message.

2013-01-25  Josh Durgin  <josh.durgin@inktank.com>

	qemu: escape ipv6 for rbd network disk hosts
	Hosts for rbd are ceph monitor daemons. These have fixed IP addresses,
	so they are often referenced by IP rather than hostname for
	convenience, or to avoid relying on DNS. Using IPv4 addresses as the
	host name works already, but IPv6 addresses require rbd-specific
	escaping because the colon is used as an option separator in the
	string passed to qemu.
	Escape these colons, and enclose the IPv6 address in square brackets
	so it is distinguished from the port, which is currently mandatory.
	Acked-by: Osier Yang <jyang@redhat.com>

2013-01-25  Eric Blake  <eblake@redhat.com>

	snapshot: fix state after external snapshot of S3 domain
	https://bugzilla.redhat.com/show_bug.cgi?id=876829 complains that
	if a guest is put into S3 state (such as via virsh dompmsuspend)
	and then an external snapshot is taken, qemu forcefully transitions
	the domain to paused, but libvirt doesn't reflect that change
	internally.  Thus, a user has to use 'virsh suspend' to get libvirt
	back in sync with qemu state, and if the user doesn't know this
	trick, then the guest appears hung.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateActiveExternal):
	Track fact that qemu wakes up a suspended domain on migration.

2013-01-25  John Ferlan  <jferlan@redhat.com>

	locking: use virStrcpyStatic instead of memcpy

2013-01-25  Jiri Denemark  <jdenemar@redhat.com>

	python: Fix bindings for virDomainSnapshotGet{Domain,Connect}
	https://bugzilla.redhat.com/show_bug.cgi?id=895882
	virDomainSnapshot.getDomain() and virDomainSnapshot.getConnect()
	wrappers around virDomainSnapshotGet{Domain,Connect} were not supposed
	to be ever implemented. The class should contain proper domain() and
	connect() accessors that fetch python objects stored internally within
	the class. While domain() was already provided, connect() was missing.
	This patch adds connect() method to virDomainSnapshot class and
	reimplements getDomain() and getConnect() methods as aliases to domain()
	and connect() for backward compatibility.

2013-01-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash free'ing securityDriverNames in QEMU driver
	The previous fix to avoid leaking securityDriverNames forgot to
	handle the case of securityDriverNames being NULL, leading to
	a crash

2013-01-24  Daniel P. Berrange  <berrange@redhat.com>

	Make python objects inherit from 'object' base class
	As of python >= 2.2, it is recommended that all objects inherit
	from the 'object' base class. We already require python >= 2.3
	for libvirt for thread macro support, so we should follow this
	best practice.
	See also
	  http://stackoverflow.com/questions/4015417/python-class-inherits-object

	Fix leak of securityDriverNames
	When shutting down, the QEMU driver forgot to free the
	securityDriverNames string list

	Avoid use of free'd memory in auto destroy callback
	The autodestroy callback code has the following function
	called from a hash iterator
	  qemuDriverCloseCallbackRun(void *payload,
	                             const void *name,
	                             void *opaque)
	  {
	    ...
	    char *uuidstr = name
	    ...
	    dom = closeDef->cb(data->driver, dom, data->conn);
	    if (dom)
	        virObjectUnlock(dom);
	    virHashRemoveEntry(data->driver->closeCallbacks, uuidstr);
	  }
	The closeDef->cb function may well cause the current callback
	to be removed, if it shuts down 'dom'. As such the use of
	'uuidstr' in virHashRemoveEntry is accessing free'd memory.
	We must make a copy of the uuid str before invoking the
	callback to be safe.

	Ensure nodeinfo struct is initialized to zero
	When linuxNodeInfoCPUPopulate() method triggered use of an
	uninitialize value, since it did not initialize the 'sockets'
	field in the virNodeInfoPtr struct:
	==30020== Conditional jump or move depends on uninitialised value(s)
	==30020==    at 0x5125DBD: linuxNodeInfoCPUPopulate (nodeinfo.c:513)
	==30020==    by 0x51261A0: nodeGetInfo (nodeinfo.c:884)
	==30020==    by 0x149B9B10: qemuCapsInit (qemu_capabilities.c:846)
	==30020==    by 0x14A11B25: qemuCreateCapabilities (qemu_driver.c:424)
	==30020==    by 0x14A12426: qemuStartup (qemu_driver.c:874)
	==30020==    by 0x512A7AF: virStateInitialize (libvirt.c:822)
	==30020==    by 0x40DE04: daemonRunStateInit (libvirtd.c:877)
	==30020==    by 0x50ADCE5: virThreadHelper (virthreadpthread.c:161)
	==30020==    by 0x328CA07D14: start_thread (pthread_create.c:308)
	==30020==    by 0x328C6F246C: clone (clone.S:114)
	(happened twice)
	        if (socks > nodeinfo->sockets)    <--- here
	            nodeinfo->sockets = socks;
	Rather than doing this for each field, just make the caller memset
	the entire struct to zero.

2013-01-24  Jiri Denemark  <jdenemar@redhat.com>

	selinux: Properly indent preprocessor directives

	apparmor: Avoid freeing uninitialized pointer

2013-01-24  Peter Krempa  <pkrempa@redhat.com>

	xen: Actually fix the uninitialized variable
	0eedb1d9bff672b24d6957dfaa0a8b42d9e851a7 fixed the wrong variable

	xen: Initialize variable before using
	Commit 87b4c10c6cf02251dd8c29b5b895bebc6ec297f9 added code that may call
	the virCapabilitiesClearHostNUMACellCPUTopology function with
	uninitialized second argument. Although the value wouldn't be used some
	compilers whine about that.

2013-01-24  Richard W.M. Jones  <rjones@redhat.com>

	selinux: Only create the selabel_handle once.
	According to Eric Paris this is slightly more efficient because it
	only loads the regular expressions in libselinux once.

2013-01-24  John Ferlan  <jferlan@redhat.com>

	parallels_utils: Check return status properly from virCommandRun()

	util: Need to add virCommandFree()

	storage: Need to add virCommandFree()

	security: Need to add virCommandFree()

	parallels: Resolve some resource leaks
	Be sure to VIR_FREE(accel) and moved virDomainVideoDefFree() within no_memory
	label to be consistent
	Resolve resource leak in parallelsApplyIfaceParams() when the 'oldnet' is
	allocated locally. Also virCommandFree(cmd) as necessary.

2013-01-24  Peter Krempa  <pkrempa@redhat.com>

	test: Add support for thread and core information for the test driver
	This patch adds demo processor topology information for the test driver.

	capabilities: Add additional data to the NUMA topology info
	This patch adds data gathering to the NUMA gathering files and adds
	support for outputting the data. The test driver and xend driver need to
	be adapted to fill sensible data to the structure in a future patch.

	capabilities: Switch CPU data in NUMA topology to a struct
	This will allow storing additional topology data in the NUMA topology
	definition.
	This patch changes the storage type and fixes fallout of the change
	across the drivers using it.
	This patch also changes semantics of adding new NUMA cell information.
	Until now the data were re-allocated and copied to the topology
	definition. This patch changes the addition function to steal the
	pointer to a pre-allocated structure to simplify the code.

	conf: Split out NUMA topology formatting to simplify access to data

	schemas: Add schemas for more CPU topology information in the caps XML
	This patch adds RNG schemas for adding more information in the topology
	output of the NUMA section in the capabilities XML.
	The added elements are designed to provide more information about the
	placement and topology of the processors in the system to management
	applications.
	A demonstration of supported XML added by this patch:
	<capabilities>
	  <host>
	    <topology>
	      <cells num='3'>
	        <cell id='0'>
	          <cpus num='4'> <!-- this is node with Hyperthreading -->
	            <cpu id='0' socket_id='0' core_id='0' siblings='0-1'/>
	            <cpu id='1' socket_id='0' core_id='0' siblings='0-1'/>
	            <cpu id='2' socket_id='0' core_id='1' siblings='2-3'/>
	            <cpu id='3' socket_id='0' core_id='1' siblings='2-3'/>
	          </cpus>
	        </cell>
	        <cell id='1'>
	          <cpus num='4'> <!-- this is node with modules (Bulldozer) -->
	            <cpu id='4' socket_id='0' core_id='2' siblings='4-5'/>
	            <cpu id='5' socket_id='0' core_id='3' siblings='4-5'/>
	            <cpu id='6' socket_id='0' core_id='4' siblings='6-7'/>
	            <cpu id='7' socket_id='0' core_id='5' siblings='6-7'/>
	          </cpus>
	         </cell>
	        <cell id='2'>
	          <cpus num='4'> <!-- this is a normal multi-core node -->
	            <cpu id='8' socket_id='1' core_id='0' siblings='8'/>
	            <cpu id='9' socket_id='1' core_id='1' siblings='9'/>
	            <cpu id='10' socket_id='1' core_id='2' siblings='10'/>
	            <cpu id='11' socket_id='1' core_id='3' siblings='11'/>
	          </cpus>
	         </cell>
	      </cells>
	    </topology>
	  </host>
	</capabilities>
	The socket_id field represents identification of the physical socket the
	CPU is plugged in. This ID may not be identical to the physical socket
	ID reported by the kernel.
	The core_id identifies a core within a socket. Also this field may not
	accurately represent physical ID's.
	The core_id is guaranteed to be unique within a cell and a socket. There
	may be duplicates between sockets. Only cores sharing core_id within one
	cell and one socket can be considered as threads. Cores sharing core_id
	within sparate cells are distinct cores.
	The siblings field is a list of CPU id's the cpu id's the CPU is sibling
	with - thus a thread. The list is in the cpuset format.

	schema: Make the cpuset type reusable across schema files

2013-01-24  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Enhance memballoon handling for virtio-s390
	The way in that memory balloon suppression was handled for S390
	is flawed for a number or reasons.
	1. Just preventing the default balloon to be created in the case
	   of VIR_ARCH_S390[X] is not sufficient. An explicit memballoon
	   element in the guest definition will still be honored, resulting
	   both in a -balloon option and the allocation of a PCI bus address,
	   neither being supported.
	2. Prohibiting balloon for S390 altogether at a domain_conf level
	   is no good solution either as there's work in progress on the QEMU
	   side to implement a virtio-balloon device, although in
	   conjunction with a new machine type. Suppressing the balloon
	   should therefore be done at the QEMU driver level depending
	   on the present capabilities.
	Therefore we remove the conditional suppression of the default
	balloon in domain_conf.c.
	Further, we are claiming the memballoon device for virtio-s390
	during device address assignment to prevent it from being considered
	as a PCI device.
	Finally, we suppress the generation of the balloon command line option
	if this is a virtio-s390 machine.

	qemu: Re-add driver unlock to qemuDomainSendKey
	Should have been done in commit 56fd513 already, but was missed
	due to oversight: qemuDomainSendKey didn't release the driver lock
	in its cleanup section. This fixes an issue introduced by commit
	8c5d2ba.

2013-01-23  Peter Krempa  <pkrempa@redhat.com>

	conf: Fix usage of virBitmapParse
	virNetworkObjUpdateParseFile used ',' as the termination character for
	virBitmapParse. This would break if an non-contiguous range would be
	parsed.

	util: Fix docs for virBitmapParse
	This patch changes the name of the @sep argument to @terminator and
	clarifies it's usage. This patch also explicitly documents that
	whitespace can't be used as @terminator as it is skipped multiple times
	in the implementation.

2013-01-23  Osier Yang  <jyang@redhat.com>

	rng: Have colorful *.rng with editor
	Just add the head line to let the editor know it's XML document.

2013-01-23  Michal Privoznik  <mprivozn@redhat.com>

	qemu_agent: Ignore expected EOFs
	https://bugzilla.redhat.com/show_bug.cgi?id=892079
	One of my previous patches (f2a4e5f176c408) tried to fix crashing
	libvirtd on domain detroy. However, we need to copy pattern from
	qemuProcessHandleMonitorEOF() instead of decrementing reference
	counter. The rationale for this is, if qemu process is dying due
	to domain being destroyed, we obtain EOF on both the monitor and
	agent sockets. However, if the exit is expected, qemuProcessStop
	is called, which cleans both agent and monitor sockets up. We
	want qemuAgentClose() to be called iff the EOF is not expected,
	so we don't leak an FD and memory. Moreover, there could be race
	with qemuProcessHandleMonitorEOF() which could have already
	closed the agent socket, in which case we don't want to do
	anything.

2013-01-23  John Ferlan  <jferlan@redhat.com>

	virbitmaptest: Resolve Coverity errors
	test1: Need to check for bitmap before using as well as free it properly
	test2: need to check for bitsString2 before using it.

	rpc: Revert Coverity tag message
	Turns out the fix for VIR_FREE made this particular Coverity tag
	unnecessary, so I'm removing it.

	lxc_process: Avoid passing NULL iface->iname
	A followon to commit id: 68dceb635 - if iface->iname is NULL, then
	neither virNetDevOpenvswitchRemovePort() nor virNetDevVethDelete()
	should be called.  Found by Coverity.

	lxc_driver: Need to check for vm before calling virDomainUnlock(vm)

	tests: Remove VIR_FREE() on static/stack buffer (der.data)

	nodeinfo: Use sa_assert() instead of Coverity error tag

2013-01-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix nwfilter driver reload/shutdown handling when unprivileged
	Although the nwfilter driver skips startup when running in a
	session libvirtd, it did not skip reload or shutdown. This
	caused errors to be reported when sending SIGHUP to libvirtd,
	and caused an abort() in libdbus on shutdown due to trying
	to remove a dbus filter that was never added

2013-01-23  Eric Blake  <eblake@redhat.com>

	build: allow virObject to have no parent
	When building with static analysis enabled, we turn on attribute
	nonnull checking.  However, this caused the build to fail with:
	../../src/util/virobject.c: In function 'virObjectOnceInit':
	../../src/util/virobject.c:55:40: error: null argument where non-null required (argument 1) [-Werror=nonnull]
	Creation of the virObject class is the one instance where the
	parent class is allowed to be NULL.  Making things conditional
	will let us keep static analysis checking for all other .c file
	callers, without breaking the build on this one exception.
	* src/util/virobject.c: Define witness.
	* src/util/virobject.h (virClassNew): Use it to force most callers
	to pass non-null parameter.

2013-01-23  Alon Levy  <alevy@redhat.com>

	qemu: Support ram bar size for qxl devices
	Adds a "ram" attribute globally to the video.model element, that changes
	the resulting qemu command line only if video.type == "qxl".
	<video>
	  <model type='qxl' ram='65536' vram='65536' heads='1'/>
	</video>
	That attribute gets a default value of 64*1024. The schema is unchanged
	for other video element types.
	The resulting qemu command line change is the addition of
	-global qxl-vga.ram_size=<ram>*1024
	or
	-global qxl.ram_size=<ram>*1024
	For the main and secondary qxl devices respectively.
	The default for the qxl ram bar is 64*1024 kilobytes (the same as the
	default qxl vram bar size).

2013-01-23  John Ferlan  <jferlan@redhat.com>

	viralloc: Adjust definition of VIR_FREE() for Coverity
	The Coverity static analyzer was generating many false positives for the
	unary operation inside the VIR_FREE() definition as it was trying to evaluate
	the else portion of the "?:" even though the if portion was (1).

2013-01-23  Peter Krempa  <pkrempa@redhat.com>

	conf: Improve error messages if parsing of vCPU count fails

	conf: Check if number of vCPUs fits in the storage variable
	The count of vCPUs for a domain is extracted as a usingned long variable
	but is stored in a unsigned short. If the actual number was too large,
	a faulty number was stored.

	virsh-domain: Refactor error paths for cmdCPUStats
	This patch fixes the following issues in the cpu-stats virsh command:
	1) Renames label failed_params to no_memory to match coding style
	2) Uses proper typed parameter cleanup in error paths to avoid leaks
	3) Adds a ret variable and simplifies error labels
	4) Changes error message to a slightly more descriptive one and gets rid
	   of the newline at the end:
	Before:
	$ virsh cpu-stats tr
	error: Failed to virDomainGetCPUStats()
	error: Requested operation is not valid: domain is not running
	After:
	$ tools/virsh cpu-stats tr
	error: Failed to retrieve CPU statistics for domain 'tr'
	error: Requested operation is not valid: domain is not running

2013-01-23  John Ferlan  <jferlan@redhat.com>

	tests: Need to initialize 'test' properly on error path
	In the error path, the test buffer is free'd, but due to how the free
	routine is written the 'test' buffer pointer does not return to the caller
	as NULL and then the free'd buffer address is returned to the caller.

	virkeepalive: Remove erroneous VIR_FREE(msg)
	The 'msg' free is handled via virNetMessageFree() already.

	security: Need to initialize 'sens'
	It was possible to call VIR_FREE in cleanup prior to initialization

	interface: Need to initialize 'ifaces_list'
	It was possible to call VIR_FREE in cleanup prior to initialization

	storage: Need to initialize 'zerobuf'
	It was possible to call VIR_FREE in cleanup prior to initialization.

	virsh: Need to intialize 'str'
	It was possible to call VIR_FREE in error prior to initialization.

	lxc: Need to initialize 'dst'
	It was possible to call VIR_FREE in cleanup prior to initialization

	virfile: Need to initialize 'looppath'
	It was possible to call VIR_FREE in cleanup prior to initialization.

	commandtest: Need to initialize 'errbuf'
	It was possible to call VIR_FREE in cleanup prior to initialization

	virnetdev: Need to initialize 'pciConfigAddr'
	It was possible to call VIR_FREE in cleanup prior to initialization

	virnetsockettest: Need to initialize 'path'
	It was possible to call VIR_FREE in cleanup prior to initialization

	virnetserver: Need to initialize 'sigdata'
	It was possible to call VIR_FREE in error prior to initialization

	conf: Need to initialize variables before VIR_FREE
	Resolve a couple of instances where variables were not initialized
	prior to potential VIR_FREE call in cleanup path.

	uml: Avoid resource leak of event in umlInofityEvent
	If there was more than one inotify_event found in the read/while loop,
	then only the last event found would have been queued.

2013-01-22  Claudio Bley  <cbley@av-test.de>

	fix typos in comments for VIR_DOMAIN_PROCESS_SIGNAL_{PWR,SYS}

2013-01-22  John Ferlan  <jferlan@redhat.com>

	storage: Add coverity[dead_error_condition] to avoid error
	The local redefinition of PED_PARTITION_PROTECTED results in the error
	but is not a problem especially if the built code doesn't have the latest
	definitions.

	network: Add coverity[leaked_handle] to ignore error
	On error, the 'tapfd' in networkStartNetworkVirtual() is synonymous
	with 'macTapIfName' and will be closed in the appropriate error path.

	remote: Avoid coverity[leaked_storage] message.
	Upon successful return of virNetClientStreamEventAddCallback() the
	allocated cbdata field will be freed by virNetClientStreamEventRemoveCallback()
	as cbOpaque using the free function remoteStreamCallbackFree().

	qemu: Add coverity[negative_returns] tag
	This avoids "Event negative_returns: A negative constant "-1" is passed as
	an argument to a parameter that cannot be negative.".  The called function
	uses -1 to determine whether it needs to traverse all the hostdevs.

	rpc: Add coverity[dead_error_begin] tag
	Coverity misses the nuance of VIR_FREE(privkey) setting privkey = NULL when
	if (!(virFileExists(privkey))) is true and thus declares the code dead.

	xen: Add coverity[ptr_arith] and [sign_extension] tags
	The old cpu bitmap setting algorithm causes a couple of complaints which
	have been tagged.

	nodeinfo: Add coverity[dead_error_begin] and [returned_null] tags
	The use of switch statements inside a bounded for loop resulted in some
	false positives regarding the "default:" label which cannot be reached
	since each of the other case statements use the possible for loop values.
	A [dead_error_begin] was added before the default label.
	Commit id ebdbe25a adjusted the algorithm and the caller guarantees that
	the 'params' will have a '_' in the name being searched. Add the [returned_null]
	tag to the two instances.

	lxc: Add coverity[dead_error_begin] tag in switch stmts
	The use of switch statements inside a bounded for loop resulted in some
	false positives regarding the "default:" label which cannot be reached
	since each of the other case statements use the possible for loop values.

	xend: Address some Coverity false positives
	The various _for_i loops with both u.s.car and u.s.cdr were being reported
	as COPY_PASTE errors by Coverity.  This just quiets those messages.

	selinux: Resolve resource leak using the default disk label
	Commit id a994ef2d1 changed the mechanism to store/update the default
	security label from using disk->seclabels[0] to allocating one on the
	fly. That change allocated the label, but never saved it.  This patch
	will save the label. The new virDomainDiskDefAddSecurityLabelDef() is
	a copy of the virDomainDefAddSecurityLabelDef().

	util: Need to check child JSON allocation before use

	parallels: Need to handle virJSONValueObjectGetString error

	rpc: Remove unnecessary calls
	The code is not reachable as of commit id: bb85f229. Removed
	virKeepAliveStop() and virObjectUnref() because 'ka' cannot be
	anything but NULL at the cleanup label.

	security: Use virStrcpy to move the label

2013-01-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: Forbid snapshot names starting with '.'
	Forbid the names to match the loading procedure of snapshots.

2013-01-22  Michal Privoznik  <mprivozn@redhat.com>

	safe{read,write}: Document usage with nonblocking FD
	Currently, whenever somebody calls saferead() on nonblocking FD
	(safewrite() is totally interchangeable for purpose of this message)
	he might get wrong return value. For instance, in the first iteration
	some data is read. The number of bytes read is stored into local
	variable 'nread'. However, in next iterations we can get -1 from
	read() with errno == EAGAIN, in which case the -1 is returned despite
	fact some data has already been read. So the caller gets confused.
	Bare read() should be used for nonblocking FD.

2013-01-22  Jiri Denemark  <jdenemar@redhat.com>

	docs: Generate documentation for virTypedParams* APIs

	docs: event.c source file was renamed as virevent.c

2013-01-22  Eric Blake  <eblake@redhat.com>

	spec: indent %if to make it easier to see conditions
	Nested conditionals are hard to read if they are not indented.
	We can't add arbitrary whitespace to everything in spec files,
	but we CAN add spaces before %if and %define.  Use this trick,
	plus a fancy sed script that rewrites a spec file into a C
	file, so we can use cppi to keep our spec file nice.
	For reference, the sed script converts code like:
	|# RHEL-5 builds are client-only for s390, ppc
	|%if 0%{?rhel} == 5
	|    %ifnarch %{ix86} x86_64 ia64
	|        %define client_only        1
	|    %endif
	|%endif
	into the following for cppi:
	|// # RHEL-5 builds are client-only for s390, ppc
	|#if a // 0%{?rhel} == 5
	|# if a // %{ix86} x86_64 ia64
	|#  define client_only        1
	|# endif
	|#endif
	and errors from 'make syntax-check' look like:
	spec_indentation
	cppi: mingw-libvirt.spec.in: line 130: not properly indented
	maint.mk: incorrect preprocessor indentation
	* libvirt.spec.in: Add some indentation to make it easier to follow
	various conditionals.
	* mingw-libvirt-spec.in: Likewise.
	* cfg.mk (sc_spec_indentation): New syntax check to enforce it.

2013-01-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: Reject attempts to create snapshots with names containig '/'
	The snapshot name is used to create path to the definition save file.
	When the name contains slashes the creation of the file fails. Reject
	such names.

	qemu: Don't return success if creation of snapshot save file fails
	When the snapshot definition can't be saved, the
	qemuDomainSnapshotCreate function succeeded without filling some of the
	fields in the internal definition.
	This patch removes the snapshot and returns failure if the XML file
	cannot be written.

2013-01-19  Michal Privoznik  <mprivozn@redhat.com>

	Log flags passed to qemuMigrationPrepare{Tunnel,Direct} APIs
	We are already logging other arguments passed, however, @flags
	were missing there.

2013-01-19  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	build: Fix RPM build errors related to libvirt-lxc API
	Added missing entries to makefile and spec.

2013-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix race condition when destroying guests
	When running virDomainDestroy, we need to make sure that no other
	background thread cleans up the domain while we're doing our work.
	This can happen if we release the domain object while in the
	middle of work, because the monitor might detect EOF in this window.
	For this reason we have a 'beingDestroyed' flag to stop the monitor
	from doing its normal cleanup. Unfortunately this flag was only
	being used to protect qemuDomainBeginJob, and not qemuProcessKill
	This left open a race condition where either libvirtd could crash,
	or alternatively report bogus error messages about the domain already
	having been destroyed to the caller

2013-01-18  Claudio Bley  <cbley@av-test.de>

	docs: Add some style and color to the HTML documentation

	docs: don't use <i> and <tt> HTML tags
	Use of <tt> is discouraged in HTML 4.x and has finally been obsoleted
	in HTML 5. Likewise for the <i> tag.
	Using tables for layout is (widely) considered bad style, too.
	Use defintion lists, definition term and defintion description
	elements instead.

	docs: Assign classes to documentation elements
	In CSS the following class names are available:
	* keyword     (keywords like "typedef", "struct")
	* type        (types like "int", "void*")
	* comment     (comments after members of enums or structs)
	* directive   (preprocessor directives, #define)
	* undisclosed (text saying that the API is not public)
	Additionally, kill all of the left-over "programlisting" class
	assignments. There are no CSS rules for them.

2013-01-18  Jiri Denemark  <jdenemar@redhat.com>

	Introduce virTypedParamsClear public API
	The function is just a renamed public version of former
	virTypedParameterArrayClear.

	virsh: Use virTypedParams* APIs in cpu-stats

	virsh: Use virTypedParams* APIs in node-memory-tune

	virsh: Use virTypedParams* APIs in numatune

	virsh: Use virTypedParams* APIs in memtune

	virsh: Use virTypedParams* APIs in domblkstat

	virsh: Use virTypedParams* APIs in schedinfo

	virsh: Use virTypedParams* APIs in domiftune

	virsh: Use virTypedParams* APIs in blkiotune

	virsh: Use virTypedParams* APIs in blkdeviotune

	Add virTypedParams* APIs
	Working with virTypedParameters in clients written in C is ugly and
	requires all clients to duplicate the same code. This set of APIs makes
	this code for manipulating with virTypedParameters integral part of
	libvirt so that all clients may benefit from it.

2013-01-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: Simplify condition with already extracted flag

2013-01-18  Atsushi Kumagai  <kumagai-atsushi@mxc.nes.nec.co.jp>

	storage: Fix lvcreate parameter for backingStore.
	When virStorageBackendLogicalCreateVol() creates a snapshot for a
	logical volume with backingStore element, it fails with the message
	below:
	  2013-01-17 03:10:18.869+0000: 1967: error : virCommandWait:2345 :
	  internal error Child process (/sbin/lvcreate --name lvm-snapshot -L 51200K
	  -s=/dev/lvm-pool/lvm-volume) unexpected exit status 3: /sbin/lvcreate:
	  invalid option -- '='  Error during parsing of command line.
	This is because virCommandAddArgPair() uses '=' to connect the two
	parameters, it's unsuitable for -s option of the lvcreate.

2013-01-18  Eric Blake  <eblake@redhat.com>

	build: fix build on BSD
	A build on FreeBSD failed with:
	util/virportallocator.c:108: error: storage size of 'addr' isn't known
	util/virportallocator.c:123: error: 'INADDR_ANY' undeclared (first use in this function)
	It turns out that while POSIX allows sockaddr_in to leak in through
	<arpa/inet.h> (the way Linux does it), it is not mandatory, and
	conforming applications are required to get it through <netinet/in.h>.
	* src/util/virportallocator.c: Include header for struct
	sockaddr_in.
	* tests/virportallocatortest.c: Likewise.

2013-01-18  John Ferlan  <jferlan@redhat.com>

	network: Remove dead code getting, but not using ipdef
	The fetch of 'ipdef' in networkRefreshDhcpDaemon() when the loop to fill
	in ipv4def fails to find an ipv4 address with dhcp defined. The filled in
	ipdef value was not used.  Code was made unnecessary with commit it 2d5cd1.

	virobject: Remove the bogus ! from call to virObjectInitialize()

	esx: No need to check for objectSpec
	Coverity complains that the objectSpec != NULL check was unnecessary because
	there was no way to get to the label with objectSpec = NULL.

	qemu: Check valid activeDev before calling pciDeviceSetUsedBy

2013-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Followup fix for integer wraparound in port allocator
	Change iterator variable datatype to int

2013-01-18  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Double mutex unlock in qemuDomainModifyDeviceFlags
	The driver mutex was unlocked in qemuDomainModifyDeviceFlags before
	entering qemuDomainObjBeginJobWithDriver where it will be unlocked once
	more leaving it in an undefined state. The result was that two
	threads were simultaneously looking up the domain hash table during
	multiple parallel device attach/detach operations.
	Luckily this triggered a virHashIterationError.

2013-01-18  Reinier Schoof  <reinier@transip.nl>

	fixed xt_physdev warning when defining ip(6)tables rules
	When starting a VM, /var/log/messages was spammed with the following message:
	 xt_physdev: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.
	With each extra VM I start, the messages get amplified
	exponentially. This results in longer starting times every new VM,
	relative the the previously started VM. When I ran a test with
	starting 100 equal VM's, the first VM started in about 2 seconds, the
	100th VM took 48 seconds to start. I'm running a vanilla 3.7.1 kernel,
	but I have the same issue on VM hosts with kernel 3.2.28 or 3.2.0,
	running libvirt 0.9.12 and 0.9.8 respectively.
	Looking into the warning, it seemed that iptables need an extra argument,
	--physdev-is-bridged, in commands like:
	 iptables -A libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet99 -g FP-vnet99
	With that, the warnings in /var/log/messages are gone and running the
	test again proved the 100th VM started in 3.8 seconds.

2013-01-18  Laine Stump  <laine@laine.org>

	conf: don't fail to parse <boot> when parsing a single device
	This resolves:
	  https://bugzilla.redhat.com/show_bug.cgi?id=895294
	The symptom was that attempts to modify a network device using
	virDomainUpdateDeviceFlags() would fail if the original device had a
	<boot> element (e.g. "<boot order='1'/>"), even if the updated device
	had the same <boot> element. Instead, the following error would be logged:
	  cannot modify network device boot index setting
	It's true that it's not possible to change boot order (internally
	known as bootIndex) of a live device; qemuDomainChangeNet checks for
	that, but the problem was that the information it was checking was
	incorrect.
	Explanation:
	When a complete domain is parsed, a global (to the domain) "bootMap"
	is passed down to the parse for each device; the bootMap is used to
	make sure that devices don't have conflicting settings for their boot
	orders.
	When a single device is parsed by itself (as in the case of
	virDomainUpdateDeviceFlags), there is no global bootMap that would be
	appropriate to send, so NULL is sent instead. However, although the
	lowest level function that parses just the boot order *does* simply
	skip the sanity check in that case, the next higher level
	"virDomainDeviceInfoParseXML" function refuses to call down to the
	lower "virDomainDeviceBootParseXML" if bootMap is NULL. So, the boot
	order is never set in the "new" device object, and when it is compared
	to the original (which does have a boot order), they don't match.
	The fix is to patch virDomainDeviceInfoParseXML to not care about
	bootMap, and just always call virDomainDeviceInfoBootParseXML whenever
	there is a <boot> element. When we are only parsing a single device,
	we don't care whether or not any specified boot order is consistent
	with the rest of the domain; we will always do this check later (in
	the current case, we do it by verifying that the net bootIndex exactly
	matches the old bootIndex).

	network: use bandwidth from portgroup when appropriate
	The bandwidth plug and unplug functions were assuming that an
	interface's bandwidth setting was always specified directly in the
	domain's <interface> definition, but that's not necessarily true - it
	could have been obtained from a <portgroup> definition in the network
	definition. This patch fixes those functions to use
	virDomainNetGetActualBandwidth(), which gets the bandwidth pointer
	from iface->data.network.actual if it exists, otherwise returns
	iface->bandwidth.

2013-01-18  John Ferlan  <jferlan@redhat.com>

	network: Resolve some issues around vlan copying
	Remove extraneous check for 'netdef' when dereferencing for vlan.nTags.
	Prior code would already check if netdef was NULL.
	Coverity complained about a path where the 'vlan' was potentially valid,
	but a prior checks may not have allocated 'iface->data.network.actual',
	so like other paths it needs to be allocated on the fly.
	Move the copying of vlan up earlier in networkAllocateActualDevice, so
	that actual.type gets properly set.
	Since the first assignment to vlan is redundant except in the case of
	jumping immediately to validate from the start of the function,
	eliminate its initial setting at the top of the function in favor of
	calling the helper function virDomainNetGetActualVlan() (which doesn't
	depend on the local vlan pointer being initialized) down at validate:

2013-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix inheritance of virNetClient
	When creating the virClass object for virNetClient, we specified
	virObject as the parent instead of virObjectLockable

2013-01-17  Peter Krempa  <pkrempa@redhat.com>

	lock_daemon: Simplify error handling
	No need to check the run_dir variable twice for NULL.

2013-01-17  Daniel P. Berrange  <berrange@redhat.com>

	Avoid integer wrap on remotePortMax in QEMU driver
	The QEMU driver default max port is 65535, but it then increments
	this by 1 to 65536. This maps to 0 in an unsigned short :-( This
	was apparently done so that for() loops could use "< max" instead
	of "<= max". Remove this insanity and just make the loop do the
	right thing.

2013-01-17  Michal Privoznik  <mprivozn@redhat.com>

	virsh-volume.c: Switch to C99 initialization of vshCmdOptDef

	virsh-snapshot.c: Switch to C99 initialization of vshCmdOptDef

	virsh-secret.c: Switch to C99 initialization of vshCmdOptDef

	virsh-pool.c: Switch to C99 initialization of vshCmdOptDef

	virsh-nwfilter.c: Switch to C99 initialization of vshCmdOptDef

	virsh-nodedev.c: Switch to C99 initialization of vshCmdOptDef

	virsh-network.c: Switch to C99 initialization of vshCmdOptDef

	virsh-interface.c: Switch to C99 initialization of vshCmdOptDef

	virsh-host.c: Switch to C99 initialization of vshCmdOptDef

	virsh-domain-monitor.c: Switch to C99 initialization of vshCmdOptDef

	virsh-domain.c: Switch to C99 initialization of vshCmdOptDef

	virsh.c: Switch to C99 initialization of vshCmdOptDef

2013-01-17  Claudio Bley  <cbley@av-test.de>

	libvirt.c: fix typo in comment

	Move comments after enum members
	The api builder always associates comments to the last member it read,
	not to the current member even if there was a comment for the previous
	member and a comma was already seen.
	This has the effect that the comment for the previous member gets
	overwritten and the current member has no comment at all.

2013-01-17  Jiri Denemark  <jdenemar@redhat.com>

	python: Avoid freeing uninitialized new_params pointer

2013-01-17  Hu Tao  <hutao@cn.fujitsu.com>

	include virterror_internal.h in threads.h
	required by VIR_ONCE_GLOBAL_INIT using virSetError.

	include util.h in cgroup.h
	required by VIR_ENUM_DECL.

	call virstateCleanup to do the cleanup before libvirtd exits

2013-01-17  Guido Günther  <agx@sigxcpu.org>

	Fix typo in variable name
	that broke the build like:
	  CC     libvirt_conf_la-domain_conf.lo
	  conf/domain_conf.c: In function 'virDomainVcpuPinAdd':
	  conf/domain_conf.c:11920:29: error: 'vpcupin' undeclared (first use in this function)
	  conf/domain_conf.c:11920:29: note: each undeclared identifier is reported only once for each function it appears in
	  make[3]: *** [libvirt_conf_la-domain_conf.lo] Error 1

2013-01-17  Jim Fehlig  <jfehlig@suse.com>

	libxl: Fix cleanup on domain start error
	If building the libxl domain config fails, cleanup before returning
	failure.

	libxl: Check for libxl_ctx_alloc failure

	libxl: Don't free domain death event
	Callers should not free death events provided by libxl_evdisable_FOO().

	libxl: Use consistent parameter naming scheme
	Use consistent parameter names throughout the libxl timeout and fd
	event functions.

	libxl: Use consistent style for function definitions
	Commit dfa1e1dd added functions whose definitions do not conform
	to the style used in the libxl driver.  Change these functions to
	be consistent throughout the driver.

2013-01-17  John Ferlan  <jferlan@redhat.com>

	locking: Resolve resource leaks on non error path
	Both 'dir' and 'path' were not free'd on successful return

2013-01-17  Ján Tomko  <jtomko@redhat.com>

	conf: fix leak in virDomainVcpuPinAdd
	Fix the leak of vcpupin on failure to allocate cpumask and the leak of
	cpumask if we fail to expand vcpupin_list.

	conf: fix class_id bitmap leak in virNetworkObj
	Commit '07d1b6b' added class_id bitmap to virNetworkObj but never freed
	it.

	qemu: fix QEMU_CAPS_NO_ACPI detection
	In commit c4bbaaf8, caps->arch was checked uninitialized, rendering the
	whole check useless.
	This patch moves the conditional setting of QEMU_CAPS_NO_ACPI to
	qemuCapsInitQMP, and removes the no longer needed exception for S390.
	It also clears the flag for all non-x86 archs instead of just S390 in
	qemuCapsInitHelp.

2013-01-16  Daniel P. Berrange  <berrange@redhat.com>

	Convert libxl driver over to use virPortAllocator APIs
	Replace the current libxl driver code for managing port
	reservations with the new virPortAllocator APIs.

	Convert QEMU driver over to use virPortAllocator APIs
	Replace the current QEMU driver code for managing port
	reservations with the new virPortAllocator APIs.

	Add a port allocator class
	Introduce a virPortAllocator for managing TCP port allocations.

	Convert all rpc classes over to virObjectLockable

	Convert virDomainObj, qemuAgent, qemuMonitor, lxcMonitor to virObjectLockable
	The  virDomainObj, qemuAgent, qemuMonitor, lxcMonitor classes
	all require a mutex, so can be switched to use virObjectLockable

2013-01-16  John Ferlan  <jferlan@redhat.com>

	util: Check for negative indent in virBufferAdd
	Since virBufferGetIndent() will check and fail on buf->error, I
	removed that check from virBufferAdd() and used the -1 return as the
	way to exit.

	tools: Check return status on virBufferTrim()

	rpc: Check and message setsockopt()
	Check status when attempting to set SO_REUSEADDR flag on outgoing connection
	On failure, VIR_WARN(), but continue to connect. This code path is on the
	sender side where the setting is just a hint and would only take effect if
	the sender is overflowed with TCP connections.  Inability to set doesn't mean
	failure to establish a connection.

	parallels: Remove unused JSON fetch of "OS"
	Commit id ac1c77f0 removed the "os" field in "parallelsDomObj" that
	commit id aa296e6c had added and the data is not used by the function.

	virsh: Remove unused setting of 'br_node' and 'if_node'

	util: Remove the unused setting of 'res' for virHashLookup return

	locking: Remove unnecessary setting of lockspace
	In virLockSpaceProtocolDispatchNew() the returned value of lockspace from
	virLockDaemonFindLockSpace() is overwritten by the virLockSpaceNew() return.
	Coverity complains that it's unused.
	In virLockSpaceProtocolDispatchCreateLockSpace() lockspace is also overwritten
	in a similar manner resulting in the same Coverity message.

	openvz: Need to check 'vm' first before dereferencing 'def'

	interface: Need to check ifacedef->mac not just ifacedef after strdup()

2013-01-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't update count of vCPUs if hot-unplug has failed
	After live change of cpu counts, the number of processor threads is
	verified. This patch makes use of this approach to check if qemu ignored
	the request for cpu hot-unplug and report an appropriate message.

2013-01-16  John Ferlan  <jferlan@redhat.com>

	xen: Ignore return status for TCP_NODELAY

2013-01-16  Daniel P. Berrange  <berrange@redhat.com>

	Add a virObjectLockable class holding a mutex
	A great many virObject instances require a mutex, so introduce
	a convenient class for this which provides a mutex. This avoids
	repeating the tedious init/destroy code

	Allow for multi-level inheritance of virObject classes
	Currently all classes must directly inherit from virObject.
	This allows for arbitrarily deep hierarchy. There's not much
	to this aside from chaining up the 'dispose' handlers from
	each class & providing APIs to check types.

	Add 'lxc-enter-namespace' command to virsh
	Add a 'lxc-enter-namespace' command which accepts a domain name
	and then a command + args to run, attached to the container
	eg
	  virsh -c lxc:/// lxc-enter-namespace demo -- /bin/ps -auxf

2013-01-16  Gao feng  <gaofeng@cn.fujitsu.com>

	libvirt: lxc: don't mkdir when selinux is disabled
	libvirt lxc will fail to start when selinux is disabled.
	error: Failed to start domain noroot
	error: internal error guest failed to start: PATH=/bin:/sbin TERM=linux container=lxc-libvirt container_uuid=b9873916-3516-c199-8112-1592ff694a9e LIBVIRT_LXC_UUID=b9873916-3516-c199-8112-1592ff694a9e LIBVIRT_LXC_NAME=noroot /bin/sh
	2013-01-09 11:04:05.384+0000: 1: info : libvirt version: 1.0.1
	2013-01-09 11:04:05.384+0000: 1: error : lxcContainerMountBasicFS:546 : Failed to mkdir /sys/fs/selinux: No such file or directory
	2013-01-09 11:04:05.384+0000: 7536: info : libvirt version: 1.0.1
	2013-01-09 11:04:05.384+0000: 7536: error : virLXCControllerRun:1466 : error receiving signal from container: Input/output error
	2013-01-09 11:04:05.404+0000: 7536: error : virCommandWait:2287 : internal error Child process (ip link del veth1) unexpected exit status 1: Cannot find device "veth1"
	fix this problem by checking if selinuxfs is mounted
	in host before we try to create dir /sys/fs/selinux.

2013-01-16  Eric Blake  <eblake@redhat.com>

	build: add new file, for lxc_protocol checking
	Commit 509eb51 added lxc_protocol.x; but without the initial
	checkin of src/lxc_protocol-structs, 'make check' would fail for
	anyone with pdwtags installed:
	make[3]: *** No rule to make target `lxc_protocol-structs', needed by `check-protocol'.  Stop.
	* src/lxc_protocol-structs: New file.

2013-01-16  Daniel P. Berrange  <berrange@redhat.com>

	Add implementation of virDomainLxcOpenNamespace to LXC driver
	The virDomainLxcOpenNamespace method needs to open every file
	in /proc/$INITPID/ns and return the open file descriptor to the
	client application.

	Implement the RPC protocol for the libvirt-lxc.la library
	Add the infrastructure for the libvirt-lxc.la library to
	the remote protocol client and daemon

2013-01-15  John Ferlan  <jferlan@redhat.com>

	xen: Resolve resource leak with 'cpuset'
	Make cpuset local to the while loop and free it once done with it each
	time through the loop.  Add a sa_assert() to virBitmapParse() to keep Coverity
	from believing there could be a negative return and possible resource leak.

	interface: Resolve resource leak wth 'tmp_iface_objs'

	storage: Resource resource leak using 'tmp_vols'

	test: Resource resource leak with 'tmp_vols'

	rpc: Avoid resource leak of 'socks' if any object append fails

	util: Resolve resource leak for 'res' in virSetInherit error path.

2013-01-15  Michal Privoznik  <mprivozn@redhat.com>

	.gitignore: Sort alphabetically

2013-01-15  John Ferlan  <jferlan@redhat.com>

	interface: Need to initialize 'add_to_list'

	lxc: Initialize dst due to potential cleanup usage before setting

	openvz: Need to initialize 'ret' for kb_per_pages error path

	parallels: Resolve issues with uninitialized 'ret' value
	Added some messaging to indicate possible failure from virXPathULongLong()
	as well

	storage: Need to also VIR_FREE(reg)
	Commit-id 'afc4631b' added the regfree(reg) to free resources alloc'd
	during regcomp; however, reg still needed to be VIR_FREE()'d. The call
	to regfree() also didn't account for possible NULL value.  Reformatted
	the call to be closer to usage.

2013-01-15  Eric Blake  <eblake@redhat.com>

	build: further fixes for broken if_bridge.h
	Commit c308a9ae was incomplete; it resolved the configure failure,
	but not a later build failure.
	* src/util/virnetdevbridge.c: Include pre-req header.
	* configure.ac (AC_CHECK_HEADERS): Prefer standard in.h over
	non-standard ip6.h.

	docs: remove extra "
	* tools/virsh.pod: Fix typo.

2013-01-15  John Ferlan  <jferlan@redhat.com>

	securityselinuxhelper.c: Don't try to include xattr.h if not available
	Commit 907a39e7 missed adding the WITH_ATTR around #include <attr/xattr.h>
	resulting in a build failure:
	  CC     libsecurityselinuxhelper_la-securityselinuxhelper.lo
	  securityselinuxhelper.c:27:24: fatal error: attr/xattr.h: No such file or directory
	  compilation terminated.
	  make[2]: *** [libsecurityselinuxhelper_la-securityselinuxhelper.lo] Error 1
	  make[2]: Leaving directory `/home/jferlan/libvirt.work/tests'
	  make[1]: *** [all-recursive] Error 1
	  make[1]: Leaving directory `/home/jferlan/libvirt.work'
	  make: *** [all] Error 2

2013-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Add missing stubs to securityselinuxhelper.c
	Make sure we override both the raw and non-raw stubs in
	securityselinuxhelper.c. Also add diagnostics if
	securityselinuxlabeltest fails a test item

	Fix typo LIBCURL_{CFLAGS,LIBS} to CURL_{CFLAGS,LIBS}
	Some places missed the conversion from LIBCURL_{CFLAGS,LIBS} to
	CURL_{CFLAGS,LIBS}, and a part of curl check was left in
	configure.ac instead of m4/virt-curl.m4 by mistake

2013-01-15  Eric Blake  <eblake@redhat.com>

	build: work around broken kernel header
	I got this scary warning during ./configure on rawhide:
	checking linux/if_bridge.h usability... no
	checking linux/if_bridge.h presence... yes
	configure: WARNING: linux/if_bridge.h: present but cannot be compiled
	configure: WARNING: linux/if_bridge.h:     check for missing prerequisite headers?
	configure: WARNING: linux/if_bridge.h: see the Autoconf documentation
	configure: WARNING: linux/if_bridge.h:     section "Present But Cannot Be Compiled"
	configure: WARNING: linux/if_bridge.h: proceeding with the compiler's result
	configure: WARNING:     ## ------------------------------------- ##
	configure: WARNING:     ## Report this to libvir-list@redhat.com ##
	configure: WARNING:     ## ------------------------------------- ##
	checking for linux/if_bridge.h... no
	* configure.ac (AC_CHECK_HEADERS): Provide struct in6_addr, since
	linux/if_bridge.h uses it without declaring it.

2013-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix build due to previous LXC patch
	Mark virDomainLxcEnterNamespace as skipped in python binding
	and remove reference to lxcDomainOpenNamespace which doesn't
	arrive until a later patch

2013-01-15  Eric Blake  <eblake@redhat.com>

	maint: typo fix
	I noticed this typo while configuring on a freshly-installed machine.
	* m4/virt-udev.m4: Correct pciaccess name.

2013-01-14  Daniel P. Berrange  <berrange@redhat.com>

	Introduce an LXC specific public API & library
	This patch introduces support for LXC specific public APIs. In
	common with what was done for QEMU, this creates a libvirt_lxc.so
	library and libvirt/libvirt-lxc.h header file.
	The actual APIs are
	  int virDomainLxcOpenNamespace(virDomainPtr domain,
	                                int **fdlist,
	                                unsigned int flags);
	  int virDomainLxcEnterNamespace(virDomainPtr domain,
	                                 unsigned int nfdlist,
	                                 int *fdlist,
	                                 unsigned int *noldfdlist,
	                                 int **oldfdlist,
	                                 unsigned int flags);
	which provide a way to use the setns() system call to move the
	calling process into the container's namespace. It is not
	practical to write in a generically applicable manner. The
	nearest that we could get to such an API would be an API which
	allows to pass a command + argv to be executed inside a
	container. Even if we had such a generic API, this LXC specific
	API is still useful, because it allows the caller to maintain
	the current process context, in particular any I/O streams they
	have open.
	NB the virDomainLxcEnterNamespace() API is special in that it
	runs client side, so does not involve the internal driver API.

	Add a test suite for validating SELinux labelling
	There are many aspects of the guest XML which result in the
	SELinux driver applying file labelling. With the increasing
	configuration options it is desirable to test this behaviour.
	It is not possible to assume that the test suite has the
	ability to set SELinux labels. Most filesystems though will
	support extended attributes. Thus for the purpose of testing,
	it is possible to extend the existing LD_PRELOAD hack to
	override setfilecon() and getfilecon() to simply use the
	'user.libvirt.selinux' attribute for the sake of testing.

	Rename HAVE_POLKIT to WITH_POLKIT

	Remove unused XMLRPC_REQUIRED var

	Convert openwsman check to use LIBVIRT_CHECK_PKG

	Convert ssh2 check to use LIBVIRT_CHECK_PKG
	This converts the libssh2 configure check to use LIBVIRT_CHECK_PKG.
	Previously it would check version 1.0 and 1.3, but this simplifies
	things to just require version 1.3

	Rename HAVE_LIBSSH2 to WITH_SSH2

	Convert curl check over to use LIBVIRT_CHECK_PKG

	Rename HAVE_LIBCURL to WITH_CURL

	Convert fuse check over to use LIBVIRT_CHECK_PKG

	Rename HAVE_FUSE to WITH_FUSE

	Rename HAVE_GNUTLS to WITH_GNUTLS

	Convert blkid check over to use LIBVIRT_CHECK_PKG

	Convert HAVE_LIBBLKID to WITH_BLKID

	Convert HAL check to use LIBVIRT_CHECK_PKG

	Convert HAVE_HAL to WITH_HAL

	Convert udev/pciaccess checks to use LIBVIRT_CHECK_PKG

	Convert HAVE_UDEV to WITH_UDEV

	Convert avahi check to use LIBVIRT_CHECK_PKG

	Convert HAVE_AVAHI to WITH_AVAHI

	Convert DBus check to use LIBVIRT_CHECK_PKG

	Convert HAVE_DBUS to WITH_DBUS

	Convert netcf check to use LIBVIRT_CHECK_PKG

	Convert cap-ng check to use LIBVIRT_CHECK_LIB

	Convert HAVE_CAPNG to WITH_CAPNG

	Convert numactl checks to use LIBVIRT_CHECK_LIB

	Convert HAVE_NUMACTL to WITH_NUMACTL

	Convert apparmor check to use LIBVIRT_CHECK_LIB

	Convert selinux check to use LIBVIRT_CHECK_LIB

	Convert HAVE_SELINUX to WITH_SELINUX

2013-01-14  Claudio Bley  <cbley@av-test.de>

	docs: restrict the set of characters for info keys
	When parsing the top level comment of a file, apibuild.py used
	to split on any ':' character of a line regarding the first part
	as a key for a setting, e.g. "Summary". The second part would then
	be assigned as the value for that key.
	This means you could not use a ':' character inside those comments
	without ill effects.
	Now, a key must consist solely of alphanumeric characters, '_' or '.'.

	docs: simplify code

2013-01-12  Eric Blake  <eblake@redhat.com>

	build: avoid m4_expand for RHEL 5
	Problem introduced in commit cd699ed.
	* m4/virt-lib.m4 (LIBVIRT_CHECK_LIB, LIBVIRT_CHECK_PKG): Set up
	direct expansions, since autoconf 2.59 lacked m4_expand.

	docs: mention git rename detection
	I've noticed a number of people sending patches with file
	renames not compressed, so we might as well document how to
	set this up.  (Git won't do it by default, for back-compat
	reasons)
	* docs/hacking.html.in: Add git config tip.
	* HACKING: Regenerate.

	docs: add some more hacking tips
	Based on a suggestion by John Ferlan:
	https://www.redhat.com/archives/libvir-list/2013-January/msg00158.html
	* docs/hacking.html.in: Add some commit message instructions.
	Mention the ./run script.
	* HACKING: Regenerate.

	build: fix incomplete WITH_SASL conversion
	Commit 321a7d53 missed a spot.
	* src/rpc/virnetsocket.c (virNetSocketPreExecRestart): Use right
	conditional.

2013-01-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix grouping of capabilities strings
	Commit f8d478b6dfc46a0ad2459844b96937599dec06e1 broke the grouping by
	five items.

2013-01-11  Peter Krempa  <pkrempa@redhat.com>

	network: Report real error if addition of firewall rules fails
	If addition of rules in networkAddIptablesRules() failed the real error
	was masked by error reported when trying to clean up the remaining
	rules.
	With this patch the original error message is saved and set back after
	the removal is complete.

	virsh: Reformat output of virsh net-list
	This patch changes whitespace and the length of the separation line from
	this format:
	$ virsh net-list --all
	Name                 State      Autostart     Persistent
	--------------------------------------------------
	default              inactive   yes           yes
	to
	$ virsh net-list --all
	 Name                 State      Autostart     Persistent
	----------------------------------------------------------
	 default              inactive   yes           yes
	to match the output of virsh list.

	network: bridge: Fix regression when defining persistent networks
	Commit 0211fd6e04cdc402da20818df54299c6ded3d3cb introduced regression
	where newly defined networks were not made persistent.
	This patch makes the network persistent on each successful definition.

2013-01-11  Daniel P. Berrange  <berrange@redhat.com>

	Convert audit check to use LIBVIRT_CHECK_LIB

	Convert HAVE_AUDIT to WITH_AUDIT

	Convert sasl check to use LIBVIRT_CHECK_LIB_ALT

	Convert HAVE_SASL to WITH_SASL

	Convert sanlock check to use LIBVIRT_CHECK_LIB

	Convert HAVE_SANLOCK to WITH_SANLOCK

	Convert yajl check to use LIBVIRT_CHECK_LIB_ALT

	Convert HAVE_YAJL into WITH_YAJL

	Add some autoconf helper macros for checking for libraries
	Most checks for libraries take the same format
	  * --with-libFOO=yes|no|check|/some/path  argument
	  * check for a function NNN in libFOO.so
	  * check for a header file DDD/HHH.h
	  * Define a WITH_FOO config.h symbol
	  * Define a WITH_FOO make conditional
	  * Substitute FOO_CFLAGS and FOO_LIBS make variables
	  * Print CFLAGS & LIBS summary at the end
	Doing all this correctly is rather difficult, typically
	done by copy+paste of a previous usage. Further small
	improvements people make are not applied to all previous
	usages.
	Improve this by creating some helper macros to apply
	good practice. First, to perform the actual checks:
	  LIBVIRT_CHECK_LIB([SELINUX], [selinux],
	     [getfilecon], [selinux/selinux.h])
	This checks for 'getfilecon' in -lselinux, and the
	existence of 'selinux/selinux.h' header file. If successful
	it sets SELINUX_CFLAGS and SELINUX_LIBS. The WITH_SELINUX
	config.h macro and WITH_SELINUX make conditional are also
	defined.
	In some cases we need to check two variants of the same
	library
	  LIBVIRT_CHECK_LIB_ALT([SASL], [sasl2],
	                        [sasl_client_init], [sasl/sasl.h],
	                        [SASL1], [sasl],
	                        [sasl_client_init], [sasl/sasl.h])
	This checks for sasl_client_init in libsasl2, and if that
	is not found, checks sasl_client_init in libsasl. If the
	first check succeeds WITH_SASL is set, while if the second
	check succeeds *both* WITH_SASL and WITH_SASL1 are set.
	If the library supports pkg-config, then another variant
	is available
	  LIBVIRT_CHECK_PKG([AVAHI], [avahi-client], [0.6.0])
	This checks for avahi-client >= 0.6.0 via pkg-config
	and sets WITH_AVAHI if found.
	Finally to print a summary of CFLAGS & LIBs found (if any):
	  LIBVIRT_RESULT_LIB([SELINUX])

2013-01-11  Yufang Zhang  <yufang521247@gmail.com>

	build: require avahi instead of avahi-libs on rhel5.
	On rhel5, libs of avahi are packaged into avahi instead of avahi-libs.
	Actually, there is no avahi-libs package shipped with rhel5. This patch
	fixes this by requiring avahi on rhel5.

2013-01-11  John Ferlan  <jferlan@redhat.com>

	storage: Resolve resource leak using 'vol' buffer

	phyp: Resolve some file descriptor leaks
	The phypUUIDTable_Push and phypUUIDTable_Pull leaked their file descriptors
	on normal return.  Each function had an unnecessary use of creating a buffer
	to print conn->uri->user and needed a bit better flow control. I also noted
	that the Read function had a cut-n-paste error from the write function on a
	couple of VIR_WARN's.
	The openSSHSession leaked the sock on the failure path.  Additionally that
	turns into the internal_socket in the phypOpen code.  That was neither saved
	nor closed on any path. So I used the connnection_data->sock field to save
	the socket for eventual close. Of interest here is that phypExec used the
	connection_data->sock field even though it had never been initialized.

2013-01-11  Eric Blake  <eblake@redhat.com>

	maint: don't distribute generated .def files
	I ran 'make dist' in the directory left over from ./autobuild.sh
	(which was configured for a mingw cross build); the resulting
	tarball had more files than 'make dist' on a normal Linux build.
	I traced it to the fact that we were distributing a generated
	file, but only when configure said the end user had to generate
	the file in the first place.  In the process, I noticed that
	we had some difference in symbol file names; I added a comment
	explaining why the difference exists (after first trying to
	normalize the names and hitting VPATH build failures).
	* configure.ac (LIBVIRT_QEMU_SYMBOL_FILE): Add some comments.
	* src/Makefile.am (EXTRA_DIST): No need to ship a generated file;
	particularly since which file is built depends on configure results.

	spec: remove redundant %if
	The daemon-driver-{qemu,lxc} packages are only built if
	%{with_driver_modules} is specified, so they do not need to
	further test this condition.  Likewise, the daemon package
	is only built if %{with_libvirtd} is specified, so it does
	not need to further test this condition.
	* libvirt.spec.in (daemon-driver-qemu, daemon-driver-lxc):
	Unconditionally require libvirt-daemon-driver-network.
	(daemon): Unconditionally include lock-driver files.

2013-01-11  Laine Stump  <laine@laine.org>

	docs: fix typo in isa-serial additions
	This was preventing make rpm from completing.

2013-01-11  Eric Blake  <eblake@redhat.com>

	util: reduce syscalls for virGetDeviceID
	There's no need to do lots of readlink() calls to canonicalize
	a name if we're only going to use stat() on it, since stat()
	already chases symlinks.
	* src/util/virutil.c (virGetDeviceID): Let stat() do the symlink
	chasing.

2013-01-11  Chunyan Liu  <cyliu@suse.com>

	pass stub driver name instead of pciFindStubDriver
	Pass stub driver name directly to pciDettachDevice and pciReAttachDevice to fit
	for different libvirt drivers. For example, qemu driver prefers pci-stub, but
	Xen prefers pciback.

2013-01-10  Guannan Ren  <gren@redhat.com>

	qemu: add usb-net caps flag
	QEMU_CAPS_DEVICE_USB_NET /* -device usb-net */

	network: fix typos and docs

	qemu: add usb-serial support
	Add an optional 'type' attribute to <target> element of serial port
	device. There are two choices for its value, 'isa-serial' and
	'usb-serial'. For backward compatibility, when attribute 'type' is
	missing the 'isa-serial' will be chosen as before.
	Libvirt XML sample
	    <serial type='pty'>
	      <target type='usb-serial' port='0'/>
	      <address type='usb' bus='0' port='1'/>
	    </serial>
	qemu commandline:
	qemu ${other_vm_args}              \
	    -chardev pty,id=charserial0    \
	    -device usb-serial,chardev=charserial0,id=serial0,bus=usb.0,port=1

	qemu: add usb-serial caps flag
	QEMU_CAPS_DEVICE_USB_SERIAL /* -device usb-serial */

2013-01-10  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.h.in: Fix indentation
	With the most recent patch from Claudio, I realized how many
	indentation flaws we have in the libvirt.h.in file. Even though
	they are harmless, it's still worth fixing them.

2013-01-10  Claudio Bley  <cbley@av-test.de>

	Fix wrong indentation for virDomainState

2013-01-10  Michal Privoznik  <mprivozn@redhat.com>

	qemu_agent: Remove agent reference only when disposing it
	https://bugzilla.redhat.com/show_bug.cgi?id=892079
	With current code, if user calls virDomainPMSuspendForDuration()
	followed by virDomainDestroy(), the former API checks for qemu agent
	presence, which will evaluate as true (if agent is configured). While
	talking to qemu agent, the qemu driver is unlocked, so the latter API
	starts executing.  However, if machine dies meanwhile, libvirtd gets
	EOF on the agent socket and qemuProcessHandleAgentEOF() is called. The
	handler clears reference to qemu agent while the destroy API already
	holding a reference to it. This leads to NULL dereferencing later in
	the code. Therefore, the agent pointer should be set to NULL only if
	we are the exclusive owner of it.

2013-01-10  Yufang Zhang  <yufang521247@gmail.com>

	build: move file deleting action from %files list to %install
	When building libvirt rpms on rhel5, I got the following error:
	    File must begin with "/": rm
	    File must begin with "/": -f
	    File must begin with "/": $RPM_BUILD_ROOT/etc/sysctl.d/libvirtd
	    Installed (but unpackaged) file(s) found:
	   /etc/sysctl.d/libvirtd
	It is triggerd by the %files list of libvirt daemon:
	    %if 0%{?fedora} >= 14 || 0%{?rhel} >= 6
	    %config(noreplace) %{_prefix}/lib/sysctl.d/libvirtd.conf
	    %else
	    rm -f $RPM_BUILD_ROOT%{_prefix}/lib/sysctl.d/libvirtd.conf
	    %endif
	After checking document of rpm spec file, I think it would be better
	to move the file deleting line from %files list to %install script.
	Bug introduced in commit a1fd56c.

2013-01-10  Eric Blake  <eblake@redhat.com>

	maint: fix comment typo
	While OOM can have knock-on effects that trash a system, generally
	the first symptom is one of memory thrashing.
	* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Reword slightly.

	maint: distribute libvirtd.service.in
	I did a build --without-libvirtd, then ran 'make dist'.  The
	resulting tarball was broken, with a complaint that make did not
	know how to create libvirtd.service.in.  I traced it to a use
	of EXTRA_DIST inside a conditional.
	* daemon/Makefile.am (EXTRA_DIST): Hoist libvirtd.service.in
	outside of WITH_LIBVIRTD conditional.

2013-01-09  Gao feng  <gaofeng@cn.fujitsu.com>

	libvirt: lxc: fix incorrect parameter of lxcContainerMountProcFuse
	when we has no host's src mapped to container.
	there is no .oldroot dir,so libvirt lxc will fail
	to start when mouting meminfo.
	in this case,the parameter srcprefix of function
	lxcContainerMountProcFuse should be NULL.and make
	this method handle NULL correctly.

2013-01-09  Andres Lagar-Cavilla  <andres@lagarcavilla.org>

	Add RESUME event listener to qemu monitor.
	Perform all the appropriate plumbing.
	When qemu/KVM VMs are paused manually through a monitor not-owned by libvirt,
	libvirt will think of them as "paused" event after they are resumed and
	effectively running. With this patch the discrepancy goes away.
	This is meant to address bug 892791.

2013-01-09  Claudio Bley  <cbley@av-test.de>

	docs: break longer text into paragraphs in HTML
	Libvirt's HTML documentation is not as easy to the eyes as it could
	be since long text has no visual breaks.
	Take advantage of the formatting in documentation comments and wrap
	each part separated by two consecutive \n into a HTML <p> element.

2013-01-09  John Ferlan  <jferlan@redhat.com>

	tests: Remove remnants of removing the fake emulator output
	Coverity determined that 'emulator' could no longer be set and determined the
	code was dead.  Looking through the history, I discovered commit-id ed769e18
	removed code originally added by commit-id 9237e955 and further modified by
	commit-id 6a7e7c4f.

	nwfilter: Remove unprivileged code path to set base
	Commit id f8ab364c removed ability to run this driver unprivileged. Coverity
	detected the check and flagged it.

	phyp: Remove deadcode referencing exit_status
	Remove remnants from commit id '89144534'

2013-01-09  Daniel P. Berrange  <berrange@redhat.com>

	Make TLS support conditional
	Add checks for existence of GNUTLS and automatically disable
	it if not found.

2013-01-09  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	build: libvirt-guests files misplaced in specfile
	In a non-systemd environment the post and preun scripts of libvirt-client
	fail, since the required files are in libvirt-daemon. Moved them to client.
	Doing that I noticed %{_unitdir}/libvirt-guests.service was contained in
	both libvirt-client and libvirt-daemon, which I don't think was intended.
	Removed the extra copy from daemon.

2013-01-08  John Ferlan  <jferlan@redhat.com>

	util: Check for NULL 'dev' on input to usbFreeDevice
	Added 'usbFreeDevice' to the useless_free_options list in cfg.mk

2013-01-08  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning
	gcc 4.1.2 on RHEL 5 warned:
	conf/network_conf.c:3136: warning: 'foundIdx' may be used uninitialized in this function
	The warning is spurious, but initializing the variable doesn't hurt.
	* src/conf/network_conf.c (virNetworkDefUpdateDNSHost): Silence
	unused variable warning.

	maint: avoid potential promotion issues with [ug]id_t
	POSIX does not guarantee whether uid_t and gid_t are signed or
	unsigned, nor does it guarantee whether they are smaller, same
	size, or larger than int (or even the same size as one another).
	Therefore, it is possible to have platforms where '(uid_t)-1==-1'
	is false or where 'uid = gid = -1' sets uid to the wrong value,
	thanks to integer promotion rules.  The only portable way to use
	the placeholder value of these two types is to always use a cast.
	Thankfully, the issue is mostly theoretical - sanlock only
	compiles on Linux for now, and on Linux, these types do not
	suffer from strange promotion problems.
	* src/locking/lock_driver_sanlock.c
	(virLockManagerSanlockSetupLockspace, virLockManagerSanlockInit)
	(virLockManagerSanlockCreateLease): Cast -1 to proper type before
	comparing with uid_t or gid_t.

2013-01-08  Claudio Bley  <cbley@av-test.de>

	Add Claudio Bley to the committers list

2013-01-08  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Relax hard RSS limit
	Currently, if there's no hard memory limit defined for a domain,
	libvirt tries to calculate one, based on domain definition and magic
	equation and set it upon the domain startup. The rationale behind was,
	if there's a memory leak or exploit in qemu, we should prevent the
	host system trashing. However, the equation was too tightening, as it
	didn't reflect what the kernel counts into the memory used by a
	process. Since many hosts do have a swap, nobody hasn't noticed
	anything, because if hard memory limit is reached, process can
	continue allocating memory on a swap. However, if there is no swap on
	the host, the process gets killed by OOM killer. In our case, the qemu
	process it is.
	To prevent this, we need to relax the hard RSS limit. Moreover, we
	should reflect more precisely the kernel way of accounting the memory
	for process. That is, even the kernel caches are counted within the
	memory used by a process (within cgroups at least). Hence the magic
	equation has to be changed:
	  limit = 1.5 * (domain memory + total video memory) + (32MB for cache
	          per each disk) + 200MB

2013-01-08  John Ferlan  <jferlan@redhat.com>

	Resolve COPY_PASTE error found by Coverity
	Fix copy-paste error doing handshake.
	The clientShake was not set to true, thus we'd potentially never leave
	the handshake while loop.

2013-01-08  Ján Tomko  <jtomko@redhat.com>

	storage: fix leak in virStorageBackendLogicalMakeVol
	Use regfree instead of VIR_FREE.

2013-01-08  Claudio Bley  <cbley@av-test.de>

	docs: remove duplicate check in index.add

2013-01-08  J.B. Joret  <jb@linux.vnet.ibm.com>

	S390: Enable SCLP Console in QEMU driver
	This is the QEMU backend code for the SCLP console support.
	It includes SCLP capability detection, QEMU command line generation
	and a test case.

	S390: Add SCLP console front end support
	The SCLP console is the native console type for s390 and is preferred
	over the virtio console as it doesn't require special drivers and
	is more efficient. Recent versions of QEMU come with SCLP support
	which is hereby enabled.
	The new target types 'sclp' and 'sclplm' can be used to specify a
	SCLP console. Adding documentation, domain schema and XML processing
	support.

2013-01-08  Daniel P. Berrange  <berrange@redhat.com>

	Rename lxc_protocol.x to lxc_monitor_protocol.x
	To avoid confusion between the LXC driver <-> controller
	monitor RPC protocol and the libvirt-lxc.so <-> libvirtd public
	RPC protocol, rename the former to lxc_monitor_protocol.x

	Add internal APIs for dealing with namespaces
	Add some APIs for acquiring namespace file descriptors and
	switching namespaces

	Add a way to return FDs to the RPC caller
	Currently the libvirt client can pass FDs to the server, but the
	dispatch mechanism provides no way to return FDs back from the
	server to the client. Tweak the dispatch code, such that if a
	dispatcher returns '1', this indicates that it populated the
	virNetMessagePtr with FDs to return

	Fix receiving of file descriptors from server
	A number of bugs handling file descriptors received from the
	server caused the FDs to be lost and leaked.

	Move qemu-XXX commands from virsh-host.c to virsh-domain.c
	The QEMU specific APIs all operate on domains, not the host,
	so should be in the virsh-domain.c file / group

2013-01-08  Guido Günther  <agx@sigxcpu.org>

	Add missing flags to migrate documentation

2013-01-08  John Ferlan  <jferlan@redhat.com>

	cpu: Avoid NULL dereference
	Don't dereference 'model' in PowerPCBaseline when there's no outputModel

	lxc: Avoid possible NULL dereference on *root prior to opendir().
	If running on older Linux without mounted cgroups then its possible that
	*root would be NULL.

	remote: Avoid calling virAuthConfigLookup() if 'credname' is NULL.

	vmware: Avoid NULL dereference for 'caps'
	When virCapabilitiesNew() fails, caps will be NULL resulting in possible
	core when deref'd in cpuDataFree() call.

	xen: Avoid possible NULL dereference
	Change calling sequence to only call xenUnifiedDomainSetVcpusFlags() when
	'dom' is not NULL. Use the GET_PRIVATE() macro to reference privateData.
	Just return -1 if dom is NULL.

2013-01-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix virLXCPrepareHostDevices method
	The virLXCPrepareHostDevices method was returning success even
	when it reported an error, and failed to handle several host
	device types

	Ensure we always setup a private mount namespace for LXC controller
	The code for setting up a private /dev/pts for the containers
	is also responsible for making the LXC controller have a
	private mount namespace. Unfortunately the /dev/pts code is
	not run if launching a container without a custom root. This
	causes the LXC FUSE mount to leak into the host FS.

	Speed up fallback to legacy non-QMP probing
	Since we daemonized QEMU for capabilities probing there is a long
	time if QEMU fails to launch. This is because we're not passing in
	any virDomainObjPtr instance and thus the monitor code can not
	check to see if the PID is still alive.

	Only initialize capabilities after setting dir permissions
	The current code is initializing capabilities before setting
	directory permissions. Thus the QEMU binaries being run may
	not have the ability to create the UNIX monitor socket on
	the first run of libvirtd.

2013-01-08  Jim Fehlig  <jfehlig@suse.com>

	build: Add libxenctrl to LIBXL_LIBS
	Commit dfa1e1dd removed libxenctrl from LIBXL_LIBS, but the libxl
	driver uses a symbol from this library.  Explicitly link with
	libxenctrl instead of relying on the build system to support
	implicit DSO linking.

2013-01-07  Eric Blake  <eblake@redhat.com>

	build: install libvirt sysctl file correctly
	https://bugzilla.redhat.com/show_bug.cgi?id=887017 reports that
	even though libvirt attempts to set fs.aio-max-nr via sysctl,
	the file was installed with the wrong name and gets ignored by
	sysctl.  Furthermore, 'man systcl.d' recommends that packages
	install into hard-coded /usr/lib/sysctl.d (even when libdir is
	/usr/lib64), so that sysadmins can use /etc/sysctl.d for overrides.
	* daemon/Makefile.am (install-sysctl, uninstall-sysctl): Use
	correct location.
	* libvirt.spec.in (network_files): Reflect this.

	build: .service files don't need to be executable
	See also commit 66ff2dd, where we avoided installing these files
	as executables.
	* daemon/Makefile.am (libvirtd.service): Drop chmod.
	* tools/Makefile.am (libvirt-guests.service): Likewise.
	* src/Makefile.am (virtlockd.service, virtlockd.socket):
	Likewise.

	build: properly substitute virtlockd.socket
	virtlockd.service could be installed to a configurable root,
	but virtlockd.socket was hardcoded to installation into a
	distro.
	* src/Makefile.am (virtlockd.service, virtlockd.socket): Drop
	unused substitutions.
	* src/locking/virtlockd.socket.in (ListenStream): Don't hard-code
	/var.

	build: use common .in replacement mechanism
	We had several different styles of .in conversion in our Makefiles:
	ALLCAPS, @ALLCAPS@, @lower@, ::lower::
	Canonicalize on one form, to make it easier to copy and paste
	between .in files.
	Also, we were using some non-portable sed constructs: \@ is an
	undefined escape sequence (it happens to be @ itself in GNU sed,
	but POSIX allows it to mean something else), as well as risky
	behavior (failure to consistently quote things means a space
	in $(sysconfdir) could throw things off; also, Autoconf recommends
	using | rather than , or ! in the s||| operator, because | has to
	be quoted in shell and is therefore less likely to appear in file
	names than , or !).
	Fix all of these uses to follow the same syntax.
	* daemon/libvirtd.8.in: Switch to @var@.
	* tools/virt-xml-validate.in: Likewise.
	* tools/virt-pki-validate.in: Likewise.
	* src/locking/virtlockd.init.in: Likewise.
	* daemon/Makefile.am: Prefer | over ! in sed.
	(libvirtd.8): Prefer consistent substitution.
	(libvirtd.init, libvirtd.service): Avoid non-portable sed.
	* tools/Makefile.am (libvirt-guests.sh, libvirt-guests.init)
	(libvirt-guests.service): Likewise.
	(virt-xml-validate, virt-pki-validate, virt-sanlock-cleanup):
	Prefer consistent capitalization.
	* src/Makefile.am (virtlockd.init, virtlockd.service)
	(virtlockd.socket): Prefer consistent substitution.

2013-01-07  Osier Yang  <jyang@redhat.com>

	qemu: Check if the shared disk's cdbfilter conflicts with others
	This prevents domain starting and disk attaching if the shared disk's
	setting conflicts with other active domain(s), E.g. A domain with
	"sgio" set as "filtered", however, another active domain is using
	it set as "unfiltered".

	qemu: set unpriv_sgio when starting domain and attaching disk
	This ignores the default "filtered" if unpriv_sgio is not supported
	by kernel, but for explicit request "filtered", it error out for
	domain starting.

	conf: Parse and format the new XML
	Like "rawio", "sgio" is only allowed for block disk of device
	type "lun".
	It doesn't default disk->sgio to "filtered" when parsing, as
	it won't be able to distinguish explicitly requested "filtered"
	and a default "filtered" in driver then. We have to error out for
	explicit request when the kernel doesn't support the new sysfs
	knob "unpriv_sgio", however, for defaulted "filtered", we can
	just ignore it if the kernel doesn't support "unpriv_sgio".

	docs: Add docs and rng schema for new XML tag sgio
	This introduces new XML tag "sgio" for disk, its valid values
	are "filtered" and "unfiltered", setting it as "filtered" will
	set the disk's unpriv_sgio to 0, and "unfiltered" to set it
	as 1, which allows the unprivileged SG_IO commands.

	qemu: Add a hash table for the shared disks
	This introduces a hash table for qemu driver, to store the shared
	disk's info as (@major:minor, @ref_count). @ref_count is the number
	of domains which shares the disk.
	Since we only care about if the disk support unprivileged SG_IO
	commands, and the SG_IO commands only make sense for block disk,
	this patch only manages (add/remove hash entry) the shared disk for
	block disk.
	* src/qemu/qemu_conf.h: (Add member 'sharedDisks' of type
	                         virHashTablePtr; Declare helpers
	                         qemuGetSharedDiskKey, qemuAddSharedDisk
	                         and qemuRemoveSharedDisk)
	* src/qemu/qemu_conf.c (Implement the 3 helpers)
	* src/qemu/qemu_process.c (Update 'sharedDisks' when domain
	                           starting and shutdown)
	* src/qemu/qemu_driver.c (Update 'sharedDisks' when attaching
	                          or detaching disk).

	util: Prepare helpers for unpriv_sgio setting
	"virGetDeviceID" could be used across the sources, but it doesn't
	relate with this series, and could be done later.
	* src/util/virutil.h: (Declare virGetDeviceID, and
	                       vir{Get,Set}DeviceUnprivSGIO)
	* src/util/virutil.c: (Implement virGetDeviceID and
	                       vir{Get,Set}DeviceUnprivSGIO)
	* src/libvirt_private.syms: Export private symbols of upper helpers

2013-01-05  Peter Krempa  <pkrempa@redhat.com>

	snapshot: qemu: Allow redefinition of external snapshots
	A redefinition of an external inactive snapshot/checkpoint wasn't
	possible without this change.

	snapshot: qemu: Fix segfault and vanishing snapshots when redefining
	When the disk alignment check done while redefining an existing snapshot
	failed, the qemu driver attempted to free the existing snapshot. As in
	the cleanup path the definition of the snapshot wasn't assigned, the
	cleanup code dereferenced a NULL pointer.
	This patch changes the behavior on error paths while redefining snapshot
	in two ways:
	1) On failure, modifications done on the snapshot definition object are
	rolled back.
	2) The previous definition of the data isn't freed until it's certain it
	won't be needed any more.
	This change avoids the segfault and additionally the snapshot doesn't
	vanish if redefinition fails for some reason.

	snapshot: qemu: Separate logic blocks with newlines

	snapshot: conf: Make virDomainSnapshotIsExternal more reusable
	Allow to use definition objects with this predicate function.

2013-01-05  John Eckersberg  <jeckersb@redhat.com>

	qemu: Implement virDomainOpenChannel API

	conf: Add unix socket support to virChrdevOpen
	This also changes the function signature to take a
	virDomainChrSourceDefPtr instead of just a path, since it needs to
	differentiate behavior based on source->type.

	conf: Rename console-specific identifiers to be more generic
	The functionality provided in virchrdev.c (previously virconsole.c) is
	applicable to other types of character devices besides consoles, such
	as channels.  This patch is just code motion, renaming things such as
	"console" or "pty", instead using more general terms such as
	"character device" or "device path".

	conf: Rename virconsole.* to virchrdev.*
	This is just code motion, in preparation to rename identifiers to be
	less console-specific.

	api: Add API to tunnel a guest channel via stream
	This patch adds a new API, virDomainOpenChannel, that uses streams to
	connect to a virtio channel on a guest.  This creates a secure
	communication channel between a guest and a libvirt client.
	This behaves the same as virDomainOpenConsole, except on channels
	instead of console/serial/parallel devices.

2013-01-05  Eric Blake  <eblake@redhat.com>

	build: fix mingw rpm build
	Commit d13155c changed which files get installed for the
	libvirt-guests service, but did not touch up the mingw spec
	file.  As a result, rpmbuild complained:
	RPM build errors:
	    Installed (but unpackaged) file(s) found:
	   /usr/i686-w64-mingw32/sys-root/mingw/libexec/libvirt-guests.sh
	   /usr/x86_64-w64-mingw32/sys-root/mingw/libexec/libvirt-guests.sh
	which in turn breaks ./autobuild.sh when cross-compilers are present.
	* mingw-libvirt.spec.in: Remove files not relevant to mingw.

	network: fix check for ambiguous lookup
	gcc -O2 complained:
	../../src/conf/network_conf.c: In function 'virNetworkDefUpdateDNSSrv':
	../../src/conf/network_conf.c:3232: error: 'foundIdx' may be used uninitialized in this function [-Wuninitialized]
	It turned out to be a spurious warning (we didn't use foundIdx
	unless foundCt was non-zero).  But in investigating that, I noticed
	a worse problem: we were using 'if (foundCt > 1)', but since foundCt
	was bool, it could never be > 1.
	* src/conf/network_conf.c (virNetworkDefUpdateDNSHost): Use
	correct type.
	(virNetworkDefUpdateDNSSrv): Likewise, and silence compiler
	warning.

2013-01-05  John Ferlan  <jferlan@redhat.com>

	Check and handle select() errors from waitsocket().

	tests: check and handle error for virAsprintf() calls

	Check return on mkdir for LOCKSPACE_DIR

	vmware: silence Coverity warning
	Ignore the return status check for vmwareUpdateVMStatus in convenience
	routine vmwareDomainObjListUpdateDomain

2013-01-04  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Detect VGA_QXL capability correctly
	Since 4c993d8a we failed to set this important capability, which
	allows starting a domain with QXL video card. We set DEVICE_QXL
	capability bit instead, which is not necessary wrong. Anyway, if
	qemu supports the new '-device qxl' it supports older '-vga qxl'
	as well. The latter is used for the primary (the first) qxl video
	card, the former for other video cards.

2013-01-04  Guido Günther  <agx@sigxcpu.org>

	Install virtlockd.{socket,service} non executable
	since they're not scripts but systemd service files.

2013-01-04  Ján Tomko  <jtomko@redhat.com>

	qemu: fix a segfault in qemuProcessWaitForMonitor
	Commit b3f2b4ca5cfe98b08ffdb96f0455e3e333e5ace6 left buf unallocated in
	the case of QMP capability probing being used, leading to a segfault in
	strlen in the cleanup path.
	This patch opens the log and allocates the buffer if QMP probing was
	used, so we can display the helpful error message.

2013-01-04  John Ferlan  <jferlan@redhat.com>

	parallels: check and handle error for virAsprintf() calls
	Ignore the return in parallelsMakePoolName() since subsequent check
	validates name was allocated.

	udev: check and handle error for virAsprintf() calls

2013-01-04  Eric Blake  <eblake@redhat.com>

	build: fix build with optimization enabled
	Build failure detected by Jenkins autobuilder:
	http://honk.sigxcpu.org:8001/job/libvirt-build/472/changes
	* .gnulib: Update to latest, for stdio.h rpl_fwrite fix.

2013-01-03  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't parse log output when starting up a domain
	Despite our great effort we still parsed qemu log output.
	We wouldn't notice unless upcoming qemu 1.4 changed the
	format of the logs slightly. Anyway, now we should gather
	all interesting knobs like pty paths from monitor. Moreover,
	since for historical reasons the first console can be just
	an alias to the first serial port, we need to check this and
	copy the pty path if that's the case to the first console.

2013-01-03  Eric Blake  <eblake@redhat.com>

	build: use autobuild module to make build logs nicer
	A recent build failure made me realize that we could usefully add
	a bit more information to configure output, for aid in analysis of
	failed builds.  Pulling in the autobuild module merely adds these
	four lines to configure output:
	configure: autobuild project... libvirt
	configure: autobuild revision... v1.0.1-113-g7a74eea
	configure: autobuild hostname... myhost
	configure: autobuild timestamp... 20130102T233543Z
	which can be useful even if not using the Autobuild project to parse
	build logs.
	* bootstrap.conf (gnulib_modules): Add autobuild.
	* configure.ac: Favor git version over release version, when available.

	maint: update to latest gnulib
	'make syntax-check' warned that gnulib's copyright is now out of date.
	* .gnulib: Update to latest, for copyright year bump.
	* gnulib/local/m4/ssize_t.m4.diff: Regenerate.
	* bootstrap: Synchronize from upstream.

2013-01-02  Osier Yang  <jyang@redhat.com>

	Fix the comment grammar

	Remove the inexistent function in comments
	virNodeDeviceLookupByKey is inexistent.

2013-01-02  Michal Privoznik  <mprivozn@redhat.com>

	Revert "qemu: Adapt to new log format"
	This reverts commit 28224c4d2a2d623b9a0a714bc0454d47de5d7a35
	which shouldn't be needed at all because with current qemu
	we obtain all paths from 'query-chardev' output. We ought
	not parse log output at all anymore.

2012-12-30  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Adapt to new log format
	Since 586502189edf9fd0f89a83de96717a2ea826fdb0 qemu commit, the log
	lines reporting chardev's path has changed from:
	$ ./x86_64-softmmu/qemu-system-x86_64 -serial pty -serial pty -monitor pty
	char device redirected to /dev/pts/5
	char device redirected to /dev/pts/6
	char device redirected to /dev/pts/7
	to:
	$ ./x86_64-softmmu/qemu-system-x86_64 -serial pty -serial pty -monitor pty
	char device compat_monitor0 redirected to /dev/pts/5
	char device serial0 redirected to /dev/pts/6
	char device serial1 redirected to /dev/pts/7
	However, with current code we are not prepared for such change, which
	results in us being unable to start any domain.

2012-12-28  Michal Privoznik  <mprivozn@redhat.com>

	sanlock: Chown lease files as well
	Since sanlock doesn't run under root:root, we have chown()'ed the
	__LIBVIRT__DISKS__ lease file to the user:group defined in the
	sanlock config. However, when writing the patch I've forgot about
	lease files for each disk (this is the
	/var/lib/libvirt/sanlock/<md5>) file.

	python: Adapt to virevent rename
	With our recent renames under src/util/* we forgot to adapt
	python wrapper code generator. This results in some methods being
	not exposed:
	$ python examples/domain-events/events-python/event-test.py
	Using uri:qemu:///system
	Traceback (most recent call last):
	  File "examples/domain-events/events-python/event-test.py", line 585, in <module>
	    main()
	  File "examples/domain-events/events-python/event-test.py", line 543, in main
	    virEventLoopPureStart()
	  File "examples/domain-events/events-python/event-test.py", line 416, in virEventLoopPureStart
	    virEventLoopPureRegister()
	  File "examples/domain-events/events-python/event-test.py", line 397, in virEventLoopPureRegister
	    libvirt.virEventRegisterImpl(virEventAddHandleImpl,
	AttributeError: 'module' object has no attribute 'virEventRegisterImpl'

2012-12-24  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Convert some APIs to use qemuDomObjFromDomain
	Many internal qemu APIs must find domain object from passed
	virDomainPtr. And with function Peter's introduced, we can use it
	instead of copying multiple lines among code.

	qemu: Relax locking in DomainHasManagedSaveImage and DomainMonitorCommand
	There is no need to hold qemu lock during the whole execution
	of these two APIs.

2012-12-22  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Re-enable capability probing for virtio devices.
	Since we switched to QMP probing, the object types are spelled out
	explicitly, i.e. virtio-net-pci. This has effectively disabled
	the capability detection of s390 virtio devices. The trivial fix
	is to add the s390 virtio types explicitly to qemuCapsObjectProps.

2012-12-22  Laine Stump  <laine@laine.org>

	util: fix botched check for new netlink request filters
	This is an adjustment to the fix for
	  https://bugzilla.redhat.com/show_bug.cgi?id=889319
	to account for two bonehead mistakes I made.
	commit ac2797cf2af2fd0e64c58a48409a8175d24d6f86 attempted to fix a
	problem with netlink in newer kernels requiring an extra attribute
	with a filter flag set in order to receive an IFLA_VFINFO_LIST from
	netlink. Unfortunately, the #ifdef that protected against compiling it
	in on systems without the new flag went a bit too far, assuring that
	the new code would *never* be compiled, and even if it had, the code
	was incorrect.
	The first problem was that, while some IFLA_* enum values are also
	their existence at compile time, IFLA_EXT_MASK *isn't* #defined, so
	checking to see if it's #defined is not a valid method of determining
	whether or not to add the attribute. Fortunately, the flag that is
	being set (RTEXT_FILTER_VF) *is* #defined, and it is never present if
	IFLA_EXT_MASK isn't, so it's sufficient to just check for that flag.
	And to top it off, due to the code not actually compiling when I
	thought it did, I didn't realize that I'd been given the wrong arglist
	to nla_put() - you can't just send a const value to nla_put, you have
	to send it a pointer to memory containing what you want to add to the
	message, along with the length of that memory.
	This time I've actually sent the patch over to the other machine
	that's experiencing the problem, applied it to the branch being used
	(0.10.2) and verified that it works properly, i.e. it does fix the
	problem it's supposed to fix. :-/

2012-12-22  Eric Blake  <eblake@redhat.com>

	blockjob: fix memleak that prevented block pivot
	https://bugzilla.redhat.com/show_bug.cgi?id=888426
	The code for doing a block-copy was supposed to track the destination
	file in drive->mirror, but was set up to do all mallocs prior to
	starting the copy so that OOM wouldn't leave things partially started.
	However, the wrong variable was being written; later in the code we
	silently did 'disk->mirror = mirror' which was still NULL, and thus
	leaking memory and leaving libvirt to think that the mirror job was
	never started, which prevented a pivot operation after a copy.
	Problem introduced in commit 35c7701c6.
	* src/qemu/qemu_driver.c (qemuDomainBlockCopy): Initialize correct
	variable.

2012-12-21  Daniel P. Berrange  <berrange@redhat.com>

	Sort util files in Makefile.am alphabetically

	Rename virterror.c virterror_internal.h to virerror.{c,h}

	Rename xml.{c,h} to virxml.{c,h}

	Rename uuid.{c,h} to viruuid.{c,h}

	Rename util.{c,h} to virutil.{c,h}

	Rename threads.{c,h} to virthread.{c,h}

	Rename threadpool.{c,h} to virthreadpool.{c,h}

	Rename sysinfo.{c,h} to virsysinfo.{c,h}

	Rename storage_file.{c,h} to virstoragefile.{c,h}

	Rename stats_linux.{c,h} to virstatslinux.{c,h}

	Rename sexpr.{c,h} to virsexpr.{c,h}

	Merge processinfo.{c,h} into virprocess.{c,h}

	Rename pci.{c,h} to virpci.{c,h}

	Rename memory.{c,h} to viralloc.{c,h}

	Rename logging.{c,h} to virlog.{c,h}

	Rename json.{c,h} to virjson.{c,h}

	Rename iptables.{c,h} to viriptables.{c,h}

	Rename hostusb.{c,h} to virusb.{c,h}

	Rename hooks.{c,h} to virhook.{c,h}

	Rename event_poll.{c,h} to vireventpoll.{c,h}

	Rename event.{c,h} to virevent.{c,h}
	Since the event APIs are now in the public header, no internal
	code should include virevent.h

	Rename ebtables.{c,h} to virebtables.{c,h}

	Rename dnsmasq.{c,h} to virdnsmasq.{c,h}

	Rename conf.{c,h} to virconf.{c,h}

	Rename command.{c,h} to vircommand.{c,h}

	Rename buf.{c,h} to virbuffer.{c,h}

	Rename bitmap.{c,h} to virbitmap.{c,h}

	Rename cgroup.{h,c} to vircgroup.{h,c}
	To bring in line with new naming practice, rename the=
	src/util/cgroup.{h,c} files to vircgroup.{h,c}

2012-12-21  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Support all backend serial devices for pSeries guest
	Currently, it only considers PTY backend serial devices for pseries.
	It need to support all kinds of serial devices.
	This patch is to fix the problem which is that it doesn't work
	when specifying source type as file.

	Remove QEMU_CAPS_NO_ACPI capability for non-x86 platform
	ACPI is only supported on x86 platform, PPC can't support it.
	So QEMU_CAPS_NO_ACPI shouldn't be set.
	This patch is to remove QEMU_CAPS_NO_ACPI capability for
	non-x86 platform.

	Set std VGA model as default model for ppc64.
	Cirrus VGA model is not supported on ppc64 currently.
	It needs to set std VGA model as the default model.

	Add sysinfo data and enable virSysinfoRead test case for POWER
	This patch is to enable virSysinfoRead test case for POWER,
	and provide sysinfo data on POWER.
	Reviewed-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

2012-12-21  Laine Stump  <laine@laine.org>

	util: fix functions that retrieve SRIOV VF info
	This patch resolves:
	  https://bugzilla.redhat.com/show_bug.cgi?id=889319
	When assigning an SRIOV virtual function to a guest using "intelligent
	PCI passthrough" (<interface type='hostdev'>, which sets the MAC
	address and vlan tag of the VF before passing its info to qemu),
	libvirt first learns the current MAC address and vlan tag by sending
	an NLM_F_REQUEST message for the VF's PF (physical function) to the
	kernel via a NETLINK_ROUTE socket (see virNetDevLinkDump()); the
	response message's IFLA_VFINFO_LIST section is examined to extract the
	info for the particular VF being assigned.
	This worked fine with kernels up until kernel commit
	115c9b81928360d769a76c632bae62d15206a94a (first appearing in upstream
	kernel 3.3) which changed the ABI to not return IFLA_VFINFO_LIST in
	the response until a newly introduced IFLA_EXT_MASK field was included
	in the request, with the (newly introduced, of course) RTEXT_FILTER_VF
	flag set.
	The justification for this ABI change was that new fields had been
	added to the VFINFO, causing NLM_F_REQUEST messages to fail on systems
	with large numbers of VFs if the requesting application didn't have a
	large enough buffer for all the info. The idea is that most
	applications doing an NLM_F_REQUEST don't care about VFINFO anyway, so
	eliminating it from the response would lower the requirements on
	buffer size. Apparently, the people who pushed this patch made the
	mistaken assumption that iproute2 (the "ip" command) was the only
	package that used IFLA_VFINFO_LIST, so it wouldn't break anything else
	(and they made sure that iproute2 was fixed.
	The logic of this "fix" is debatable at best (one could claim that the
	proper fix would be for the applications in question to be fixed so
	that they properly sized the buffer, which is what libvirt does
	(purely by virtue of using libnl), but it is what it is and we have to
	deal with it.
	In order for <interface type='hostdev'> to work properly on systems
	with a kernel 3.3 or later, libvirt needs to add the afore-mentioned
	IFLA_EXT_MASK field with RTEXT_FILTER_VF set.
	Of course we also need to continue working on systems with older
	kernels, so that one bit of code is compiled conditionally. The one
	time this could cause problems is if the libvirt binary was built on a
	system without IFLA_EXT_MASK which was subsequently updated to a
	kernel that *did* have it. That could be solved by manually providing
	the values of IFLA_EXT_MASK and RTEXT_FILTER_VF and adding it to the
	message anyway, but I'm uncertain what that might actually do on a
	system that didn't support the message, so for the time being we'll
	just fail in that case (which will very likely never happen anyway).

	util: add missing error log messages when failing to get netlink VFINFO
	This patch fixes the lack of error messages when libvirt fails to find
	VFINFO in a returned netlinke response message.
	https://bugzilla.redhat.com/show_bug.cgi?id=827519#c10 is an example
	of the error message that was previously logged when the
	IFLA_VFINFO_LIST object was missing from the netlink response. The
	reason for this failure is detailed in
	   https://bugzilla.redhat.com/show_bug.cgi?id=889319
	Even though that root problem has been fixed, the experience of
	finding the root cause shows us how important it is to properly log an
	error message in these cases. This patch *seems* to replace the entire
	function, but really most of the changes are due to moving code that
	was previously inside an if() statement out to the top level of the
	function (the original if() was reversed and made to log an error and
	return).

2012-12-21  Ján Tomko  <jtomko@redhat.com>

	security: fix #endif comment in security_stack.h

2012-12-20  Eric Blake  <eblake@redhat.com>

	maint: formatting cleanups in buf.c
	* src/util/buf.c: Use consistent formatting.

	build: use strchr now that we can work around broken gcc
	Revert the complex workaround of commit 39d91e9, now that we have
	a nicer framework for shutting up broken gcc.
	* src/util/buf.c (virBufferEscape): Simplify.

	build: make broken -Wlogical-op test be gcc-only
	Commit 8b8fcdea introduced a check for broken gcc -Wlogical-op,
	but did not guard the check against non-gcc compilers, which might
	lead to spurious failures when another compiler encounters an
	unknown pragma.  Additionally, all of our compiler warning logic
	should belong in a single file, and use cache variables to allow
	overriding the decision at configure time if necessary.
	* configure.ac (BROKEN_GCC_WLOGICALOP): Move...
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): ...here,
	and update to modern autoconf idioms.

2012-12-19  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	util: FreeBSD: stub out CPU affinity functions

	nodeinfo: add FreeBSD support
	Uses sysctl(3) interface to obtain CPU and memory information on FreeBSD

2012-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix arch datatype in vahControl in virt-aa-helper.c
	When changing to virArch, the virt-aa-helper.c file was not
	completely changed. The vahControl struct was left with a
	char *arch field, instead of virArch arch field.

	Change string form of VIR_ARCH_ITANIUM back to ia64
	Historically there was an inconsistency in handling of the
	itanium arch. The xen driver & CPU model code treated it
	as 'ia64' but the QEMU capabilities code used 'itanium'. On
	the grounds that no one has ever seriously used  itanium
	with QEMU, while RHEL shipped itanium with Xen, we should
	favour 'ia64' as the canonical format

	Fix parsing of arch from domain XML
	When parsing the arch from domain XML, the result was only
	saved to a local variable, not the virDomainDefPtr

	Fix CPU baseline to not hardcode arch
	Prior to the virArch changes, the CPU baseline method would
	free the arch string in the returned CPU. Fix the regression
	by setting arch to VIR_ARCH_NONE at the end

	Fix SELinux security label test
	If securityselinuxtest was run on a system with newer SELinux
	policy it would fail, due to using svirt_tcg_t instead of
	svirt_t. Fixing the domain type to be KVM avoids this issue.

2012-12-19  Martin Kletzander  <mkletzan@redhat.com>

	conf: eliminate redundant use of VIR_ALLOC
	We can use VIR_REALLOC_N with NULL pointer, which behaves the same way
	as VIR_ALLOC_N in that case, so no need for a condition that's
	checking if some data are allocated already.
	---
	I tried to find other parts of the code similar to this, so I can do a
	full cleanup for the whole repository, so I used this (excuse the long
	line, but that's how I was writing it):
	git grep -nHC 5 -e VIR_REALLOC_N -e VIR_ALLOC_N | while read line; do if [[ "$line" == "--" ]]; then if [[ ${#tmpbuf} -gt 10 && "$REALLOC_N" == "true" && "$ALLOC_N" == "true" ]]; then echo $line; while [[ ${#tmpbuf[*]} -gt 0 ]]; do echo "${tmpbuf[0]}"; tmpbuf=( "${tmpbuf[@]:1:${#tmpbuf[*]}}" ); done; fi; unset tmpbuf REALLOC_N ALLOC_N; else if [[ "$ALLOC_N" != "true" && "${line/VIR_ALLOC_N//}" != "${line}" ]]; then ALLOC_N="true"; fi; if [[ "$REALLOC_N" != "true" && "${line/VIR_REALLOC_N//}" != "${line}" ]]; then REALLOC_N="true"; fi; tmpbuf[${#tmpbuf[*]}]="$line"; fi; done | less
	And reviewed the output just to find out this was the only occurrence of
	the inconsistency.

	conf: minor indentation cleanups
	On few places there are too many levels of indentation when some of
	them can be fixed with negating the option they are in or omitting
	useless condition altogether.

	fix typo in the word affinities
	This patch fixes just the word Affinites to Affinities (it's really
	painful to search in TAGS without being able to find the right
	function).

2012-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix libxl driver for virArch changes

	Fix test cases for virArch changes

	Fix XenAPI driver for virArch changes

	Export all symbols from virarch.{c,h} to drivers/tests/etc

	Convert QEMU capabilities code to use virArch

2012-12-19  Jiri Denemark  <jdenemar@redhat.com>

	spec: Do not install *.py[co] in python examples
	Unfortunately, rpm is stupid enough to bytycompile python scripts even
	though they are located in /usr/share/doc/libvirt-python-*/examples and
	it does so after %install phase is finished. Thus there's no way we
	could remove those files from BUILDROOT. As a workaround, we may safely
	remove the examples subdirectory completely without losing anything. The
	python scripts that were installed there are also copied directly into
	/usr/share/doc/libvirt-python-*/ by
	    %doc python/tests/*.py
	rule. And yes, the files are actually tests, not examples.

2012-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Convert CPU APIs to use virArch

	Convert capabilities / domain_conf to use virArch
	Convert the host capabilities and domain config structs to
	use the virArch datatype. Update the parsers and all drivers
	to take account of datatype change

	Convert QEMU command line builder to virArch APIs
	Use virArch APIs to determine host architecture when launching
	QEMU.

	Convert nodeGetInfo to virArch APIs
	Replace use of uname in nodeGetInfo with virArch APIs to
	provide canonicalization of host architecture name

	Introduce a set of APIs for managing architectures
	Introduce a 'virArch' enum for CPU architectures. Include
	data type providing wordsize and endianness, and APIs to
	query this info and convert to/from enum and string form.

2012-12-18  Cole Robinson  <crobinso@redhat.com>

	spec: Fix script warning when uninstalling libvirt-client
	https://bugzilla.redhat.com/show_bug.cgi?id=888071

2012-12-18  Jiri Denemark  <jdenemar@redhat.com>

	docs: Fix documentation for readonly element

2012-12-18  Daniel Veillard  <veillard@redhat.com>

	Added Ján Tomko to the commiters list
	And Guannan Ren who was missing from the list

2012-12-18  Laine Stump  <laine@laine.org>

	network: don't require private addresses if dnsmasq uses SO_BINDTODEVICE
	This is yet another refinement to the fix for CVE-2012-3411:
	   https://bugzilla.redhat.com/show_bug.cgi?id=833033
	It turns out that it would be very intrusive to correctly backport the
	entire --bind-dynamic option to older dnsmasq versions
	(e.g. dnsmasq-2.48 that is used on RHEL6.x and CentOS 6.x), but very
	simple to patch those versions to just use SO_BINDTODEVICE on all
	their listening sockets (SO_BINDTODEVICE also has the desired effect
	of permitting only traffic that was received on the interface(s) where
	dnsmasq was set to listen.)
	This patch modifies the dnsmasq capabilities detection to detect the
	string:
	    --bind-interfaces with SO_BINDTODEVICE
	in the output of "dnsmasq --version", and in that case realize that
	using the old --bind-interfaces option is just as safe as
	--bind-dynamic (and therefore *not* forbid creation of networks that
	use public IP address ranges).
	If -bind-dynamic is available, it is still preferred over
	--bind-interfaces.
	Note that this patch does no harm in upstream, or in any distro's
	downstream if it happens to end up there, but builds for distros that
	have a new enough dnsmasq to support --bind-dynamic do *NOT* need to
	specifically backport this patch; it's only required for distro
	releases that have dnsmasq too old to have --bind-dynamic (and those
	distros will need to add the SO_BINDTODEVICE patch to dnsmasq,
	*including the extra string in the --version output*, as well.

2012-12-18  Jiri Denemark  <jdenemar@redhat.com>

	apparmor: Fix build

	build: Fix AUTHORS generation
	Using s/#authorslist#/$$out/ makes perl eat @domain part of all email
	addresses from $out since it tries to interpret them as array variables.
	I'm not sure if we can escape those in s/// but I know we can use print:
	    s/#authorslist#// and print '$$out'
	to tell perl not to even look inside $out.
	This patch also fixes gen-AUTHORS so that it works in VPATH.

2012-12-18  Laine Stump  <laine@laine.org>

	network: fix indentation of networkDnsmasqConfContents
	Somehow I managed to push the changes to this file with improper
	indentation. This patch just re-indents, reformats the comment lines,
	and re-groups a couple of multi-line strings so that they fit within
	80 columns. The resulting binary should be identical.

2012-12-18  Cole Robinson  <crobinso@redhat.com>

	.gitignore: add tests/sysinfotest

	hostusb: Move USB_DEVFS define to hostusb.h to fix the build

	daemon: Preface polkit error output with 'polkit:'
	There's been a few bugs about an expected error from polkit:
	https://bugzilla.redhat.com/show_bug.cgi?id=873799
	https://bugzilla.redhat.com/show_bug.cgi?id=872166
	The error is:
	Authorization requires authentication but no agent is available.
	The error means that polkit needs a password, but there is no polkit
	agent registered in your session. Polkit agents are the bit of UI that
	pop up and actually ask for your password.
	Preface the error with the string 'polkit:' so folks can hopefully
	make more sense of it.

2012-12-18  Daniel P. Berrange  <berrange@redhat.com>

	Add support for hotplug/unplug of host misc devices in LXC
	Wire up the attach/detach device drivers in LXC to support the
	hotplug/unplug of host misc devices.

	Add support for hotplug/unplug of host storage devices in LXC
	Wire up the attach/detach device drivers in LXC to support the
	hotplug/unplug of host storage devices.

	Add support for hotplug/unplug of USB host devices in LXC
	Wire up the attach/detach device drivers in LXC to support the
	hotplug/unplug of USB host devices.

	Add support for hotplug/unplug of NIC devices in LXC
	Wire up the attach/detach device drivers in LXC to support the
	hotplug/unplug of NICs.

	Add support for hotplug/unplug of disk devices in LXC
	Wire up the attach/detach device drivers in LXC to support the
	hotplug/unplug of disks.

	Add support for attach/detach/update hostdev devices in config for LXC
	Wire up the attach/detach/update device APIs to support changing
	of hostdevs in the persistent config file

	Add support for attach/detach/update disk devices in config for LXC
	Wire up the attach/detach/update device APIs to support changing
	of disks in the persistent config file

	Add support for attach/detach/update net devices in config for LXC
	Wire up the attach/detach/update device APIs to support changing
	of network interfaces in the persistent config file

	Add basic driver API framework for device attach/detach support in LXC
	This wires up the LXC driver to support the domain device attach/
	detach/update APIs, following the same code design as used in
	the QEMU driver. No actual changes are possible with this commit,
	it is only providing the framework

	Add support for misc host device passthrough with LXC
	This extends support for host device passthrough with LXC to
	cover misc devices. In this case all we need todo is a
	mknod in the container's /dev and whitelist the device in
	cgroups

	Add support for storage host device passthrough with LXC
	This extends support for host device passthrough with LXC to
	cover storage devices. In this case all we need todo is a
	mknod in the container's /dev and whitelist the device in
	cgroups

	Add support for USB host device passthrough with LXC
	This adds support for host device passthrough with the
	LXC driver. Since there is only a single kernel image,
	it doesn't make sense to pass through PCI devices, but
	USB devices are fine. For the latter we merely need to
	make the /dev/bus/usb/NNN/MMM character device exist
	in the container's /dev

	Add support for disks with LXC
	Currently LXC guests can be given arbitrary pre-mounted
	filesystems, however, for some usecases it is more appropriate
	to provide block devices which the container can mount itself.
	This first impl only allows for <disk type='block'>, in other
	words exposing a host disk device to a container. Since LXC
	does not have device namespace virtualization, we are cheating
	a little bit. If the XML specifies /dev/sdc4 to be given to
	the container as /dev/sda1, when we do the mknod /dev/sda1
	in the container's /dev, we actually use the major:minor
	number of /dev/sdc4, not /dev/sda1.

	Add support for SELinux labelling of hostdev storage/misc devices
	The SELinux security driver needs to learn to label storage/misc
	hostdev devices for LXC

	Refactor SELinux security driver hostdev labelling
	Prepare to support different types of hostdevs by refactoring
	the current SELinux security driver code

	Allow passing a vroot into security manager hostdev labelling
	When LXC labels USB devices during hotplug, it is running in
	host context, so it needs to pass in a vroot path to the
	container root.

	Skip bulk relabelling of resources in SELinux driver when used with LXC
	The virSecurityManager{Set,Restore}AllLabel methods are invoked
	at domain startup/shutdown to relabel resources associated with
	a domain. This works fine with QEMU, but with LXC they are in
	fact both currently no-ops since LXC does not support disks,
	hostdevs, or kernel/initrd files. Worse, when LXC gains support
	for disks/hostdevs, they will do the wrong thing, since they
	run in host context, not container context. Thus this patch
	turns then into a formal no-op when used with LXC. The LXC
	controller will call out to specific security manager labelling
	APIs as required during startup.

	Refactor LXC NIC creation to allow reuse by hotplug code
	The code for creating veth/macvlan devices is part of the
	LXC process startup code. Refactor this a little and export
	the methods to the rest of the LXC driver. This allows them
	to be reused for NIC hotplug code

	Add support for <hostdev mode="capabilities">
	The <hostdev> device type has long had a redundant "mode"
	attribute, which has always been "subsys". This finally
	introduces a new mode "capabilities", which will be used
	by the LXC driver for device assignment. Since container
	based virtualization uses a single kernel, the idea of
	assigning physical PCI devices doesn't make sense. It is
	still reasonable to assign USB devices, but for assigning
	arbitrary nodes in /dev, the new 'capabilities' mode is
	to be used.
	The first capability support is 'storage', which is for
	assignment of block devices. Functionally this is really
	pretty similar to the <disk> support. The only difference
	is the device node name is identical in both host and
	container namespaces.
	    <hostdev mode='capabilities' type='storage'>
	      <source>
	        <block>/dev/sdf1</block>
	      </source>
	    </hostdev>
	The second capability support is 'misc', which is for
	assignment of character devices. There is no existing
	parallel to this. Again the device node is the same
	inside & outside the container.
	    <hostdev mode='capabilities' type='misc'>
	      <source>
	        <char>/dev/input/event3</char>
	      </source>
	    </hostdev>
	The reason for keeping the char & storage devices
	separate in the domain XML, is to mirror the split
	in the node device XML. NB the node device XML does
	not yet report character devices, but that's another
	new patch to come

2012-12-18  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	tests: Add tests for sysinfo
	Test cases for virSysinfoRead. Initially, there are tests for
	x86 (DMI based) and s390 (/proc/... based).
	In lack of PPC data, I have stubbed out the test for it, but it
	can be added with a minimal effort.

	S390: Fix virSysinfoRead memory corruption
	There was a double free issue caused by virSysinfoRead on s390,
	as the same manufacturer string instance was assigned to more
	than one processor record.
	Cleaned up other potential memory issues and restructured the sysinfo
	parsing code by moving repeating patterns into a helper function.
	The restructuring made it necessary to conditionally disable
	-Wlogical-op for some older GCC versions, using pragma GCC diagnostic.
	This is a GCC specific pragma, which is acceptable, since we're
	using it to work around a GCC specific bug.
	Finally, added a function virSysinfoSetup to configure the sysinfo
	data source files/script during run time, to facilitate writing test
	programs. This function is not published in sysinfo.h and only
	there for testing.

	build: Check for broken GCC -Wlogical-op in configure
	Some older versions of GCC report a false positive on code like
	  char * haystack, needle;
	  strchr(haystack, needle);
	Added an extra check in configure.ac which will
	  #define BROKEN_GCC_WLOGICALOP 1
	in this case, allowing to special handle "offending" code.

2012-12-18  Peter Krempa  <pkrempa@redhat.com>

	conf: cpu: Break some long lines

	conf: cpu: Refactor parsing of vendor_id and fallback attributes
	This patch simplifies the code that parses the fallback and vendor_id
	attributes from the domain xml cpu definition.
	Changes done:
	- free temp variables in the cleanup section instead of local use
	- remove checking for presence of the attribute to directly getting the
	value (saving call to virXPathBoolean)
	- replace loop used to check for ',' in the vendor_id string with strchr

2012-12-17  Peter Krempa  <pkrempa@redhat.com>

	conf: cpu: Fix memory leak when specifying cpu vendor_id manually
	The field was not freed from the cpu definition.

2012-12-17  Ken ICHIKAWA  <ichikawa.ken@jp.fujitsu.com>

	conf: cpu: Fix parsing of vendor_id
	This patch fixes a problem that vendor_id attribute can not be defined
	when fallback attribute is not defined.
	If I define domain xml like below:
	<domain>
	  <cpu>
	    <model vendor_id='aaaabbbbcccc'>core2duo</model>
	  </cpu>
	</domain>
	In dumpxml, vendor_id is not reflected:
	<domain>
	  <cpu mode='custom' match='exact'>
	    <model fallback='allow'>core2duo</model>
	  </cpu>
	</domain>
	The expected output is:
	<domain>
	  <cpu mode='custom' match='exact'>
	    <model fallback='allow' vendor_id='aaaabbbbcccc'>core2duo</model>
	  </cpu>
	</domain>
	If the fallback attribute and vendor_id attribute is defined at the same
	time, it's reflected as expected.

2012-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Support custom 'svirt_tcg_t' context for TCG based guests
	The current SELinux policy only works for KVM guests, since
	TCG requires the 'execmem' privilege. There is a 'virt_use_execmem'
	boolean to turn this on globally, but that is unpleasant for users.
	This changes libvirt to automatically use a new 'svirt_tcg_t'
	context for TCG based guests. This obsoletes the previous
	boolean tunable and makes things 'just work(tm)'
	Since we can't assume we run with new enough policy, I also
	make us log a warning message (once only) if we find the policy
	lacks support. In this case we fallback to the normal label and
	expect users to set the boolean tunable

2012-12-17  Peter Krempa  <pkrempa@redhat.com>

	docs: Replace </br> with <br/> in docs/news.html.in

2012-12-17  Guannan Ren  <gren@redhat.com>

	tests: add one -device video device testcase
	The testcase is for testing non-fixed PCI address for primary
	video device and using video args to -deivce qemu option.

	qemu: use newer -device video device in qemu commandline
	'-device VGA' maps to '-vga std'
	'-device cirrus-vga' maps to '-vga cirrus'
	'-device qxl-vga' maps to '-vga qxl'
	             (there is also '-device qxl' for secondary devices)
	'-device vmware-svga' maps to '-vga vmware'
	For qemu(>=1.2), we can use -device to replace -vga for video
	device. For the primary video device, the patch tries to use 0x2
	slot for matching old qemu. If the 0x2 slot is allocated already,
	the addr property could help for using any available slot.
	For qemu(< 1.2), we keep using -vga for primary device.

	conf: add optional attribte primary to video <model> element
	If there are multiple video devices
	primary = 'yes' marks this video device as the primary one.
	The rest are secondary video devices. No more than one could be
	mark as primary. If none of them has primary attribute, the first
	one will be the primary by default like what it was.
	The reason of this changing is that for qemu, only one primary video
	device is permitted which can be of any type. For secondary video
	devices, only qxl is allowd. Primary attribute removes the restriction
	that the first have to be the primary one.
	We always put the primary video device into the first position of
	video device structure array after parsing.

	qemu: add qemu vga devices caps and one cap to mark them usable
	QEMU_CAPS_DEVICE_QXL          -device qxl
	QEMU_CAPS_DEVICE_VGA          -device VGA
	QEMU_CAPS_DEVICE_CIRRUS_VGA   -device cirrus-vga
	QEMU_CAPS_DEVICE_VMWARE_SVGA  -device vmware-svga
	QEMU_CAPS_DEVICE_VIDEO_PRIMARY  /* safe to use -device XXX
	                                 for primary video device */
	Fix a typo in qemuCapsObjectTypes, the string 'qxl' here
	should be -device qxl rather than -vga [...|qxl|..]

2012-12-17  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.0.1
	- configure.ac docs/news.html.in: update for the release
	- po/*.po: updated from transifex

2012-12-15  Eric Blake  <eblake@redhat.com>

	build: minor build fixes for BSD
	Noticed these while building on FreeBSD.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockInfoLookup): Rename
	variable to avoid 'devname' collision.
	* src/qemu/qemu_driver.c (qemuDomainInterfaceStats): Mark unused
	variable.

2012-12-15  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Socket identity support for FreeBSD.
	This adds an implementation of virNetSocketGetUNIXIdentity()
	using LOCAL_PEERCRED socket option and xucred struct, defined
	in <sys/ucred.h> on systems that have it.

2012-12-15  Laine Stump  <laine@laine.org>

	network: fix (non)update of dnsmasq config during virDomainUpdateDeviceFlags
	A forgotten "!" in recently-modified code at the top of
	networkRefreshDaemon() meant an improper early return, which led to 1)
	dnsmasq config files not being updated from the newly modified config,
	and 2) dnsmasq not being sent a SIGHUP so that it could learn about
	the changes to the config.
	virNetworkDefGetIpByIndex() returns NULL if there are no ip objects of
	the requested type, and if there are no IP elements, then dnsmasq
	shouldn't be running, so we can return early. Otherwise we should
	rewrite the config files and send a SIGHUP.

2012-12-15  Guido Günther  <agx@sigxcpu.org>

	Require SANLK_INQ_WAIT for inq_lockspace support
	since compilation breaks otherwise with older libsanlock.

2012-12-14  Eric Blake  <eblake@redhat.com>

	docs: fix some typos in examples
	As detected in https://bugzilla.redhat.com/show_bug.cgi?id=887187
	* docs/formatdomain.html.in: Fix XML typos.

2012-12-14  Michal Privoznik  <mprivozn@redhat.com>

	sanlock: Re-add lockspace unconditionally
	Currently, if sanlock is already registering a lockspace other
	libvirtd instances (from other hosts) obtain -EINPROGRESS. On
	sufficiently new sanlock, sanlock_inq_lockspace() is called,
	which suspend execution until lockspace state is changed. With
	current libvirt implementation, we fail to retry adding the
	lockspace again but continue in error path. Therefore we produce
	meaningless error message:
	virLockManagerSanlockSetupLockspace:363 : Unable to add lockspace
	/var/lib/libvirt/sanlock/__LIBVIRT__DISKS__: Success
	qemudLoadDriverConfig:558 : Failed to load lock manager sanlock
	We should try to re-add the lockspace after its state change to
	be sure it was added successfully. In fact, with sufficiently new
	sanlock we can just avoid dummy usleep() which is used if there's
	no inquire API.

2012-12-14  Eric Blake  <eblake@redhat.com>

	install: fix virtlockd installation
	The virtlockd daemon scripts were lousy, when compared to their
	counterparts in daemon/Makefile.am.  In particular, when init
	scripts were selected, this resulted in 'make distcheck' failing
	due to failure to clean up src/virtlockd.init.
	* src/Makefile.am (install-systemd): Fix dependencies.  Use MKDIR_P.
	(uninstall-systemd): Remove empty directory.  Use fewer processes.
	(install-init, install-sysconfig): Use MKDIR_P.
	(uninstall-init): Remove correct file, and also empty directory.
	(uninstall-sysconfig): Remove empty directory.
	(DISTCLEANFILES): Clean up trivially built sources.

2012-12-14  Michał Łomnicki  <michal.lomnicki@gmail.com>

	docs: Fix location of libvirt.conf and auth.conf
	For a unprivileged user libvirt.conf and auth.conf are looked up in
	$XDG_CONFIG_HOME but the docs incorrectly state that it's $XDG_CONFIG_DIR.

2012-12-14  Laine Stump  <laine@laine.org>

	qemu: don't fail update netdev on bridge detach failure
	When a network device's bridge connection is changed by
	virDomainUpdateDevice, libvirt first removes the netdev's tap from its
	old bridge, then adds it to the new bridge. Sometimes, due to a
	network being destroyed while a guest device is still attached, the
	tap may already be "removed" from the old bridge (or the old bridge
	may not even exist any more); the existing code was needlessly failing
	the update when this happened, making it impossible to recover from
	the situation without completely detaching (i.e. removing) the netdev
	from the guest and re-attaching.
	Instead of failing the entire operation when removal of the tap from
	the old bridge fails, this patch changes qemuDomainChangeNetBridge to
	just log a warning and continue, allowing a reasonable recover from
	the situation.
	(you'll appreciate this change if you ever accidentally destroy a
	network while your guests are still using it).

2012-12-14  Jiri Denemark  <jdenemar@redhat.com>

	spec: Include lockd files in libvirt-daemon package

	build: Install both qemu-lockd.conf and qemu-sanlock.conf
	With sanlock enabled, only one of those files was installed.

2012-12-14  Eric Blake  <eblake@redhat.com>

	build: use fewer cat processes
	* src/Makefile.am (libvirt.syms): Let cat loop for us.

2012-12-14  Ján Tomko  <jtomko@redhat.com>

	selinux: fix NULL dereference in GetSecurityMountOptions
	In the case of an OOM error in virDomainDefGetSecurityLabelDef, secdef
	is set to NULL, then dereferenced while printing the debug message.

2012-12-14  Jiri Denemark  <jdenemar@redhat.com>

	build: Distribute more files

	locking: Fix VPATH build and distribute generated files

2012-12-14  Laine Stump  <laine@laine.org>

	network: prevent dnsmasq from listening on localhost
	This patch resolves the problem reported in:
	   https://bugzilla.redhat.com/show_bug.cgi?id=886663
	The source of the problem was the fix for CVE 2011-3411:
	   https://bugzilla.redhat.com/show_bug.cgi?id=833033
	which was originally committed upstream in commit
	753ff83a50263d6975f88d6605d4b5ddfcc97560. That commit improperly
	removed the "--except-interface lo" from dnsmasq commandlines when
	--bind-dynamic was used (based on comments in the latter bug).
	It turns out that the problem reported in the CVE could be eliminated
	without removing "--except-interface lo", and removing it actually
	caused each instance of dnsmasq to listen on localhost on port 53,
	which created a new problem:
	If another instance of dnsmasq using "bind-interfaces" (instead of
	"bind-dynamic") had already been started (or if another instance
	started later used "bind-dynamic"), this wouldn't have any immediately
	visible ill effects, but if you tried to start another dnsmasq
	instance using "bind-interfaces" *after* starting any libvirt
	networks, the new dnsmasq would fail to start, because there was
	already another process listening on port 53.
	(Subsequent to the CVE fix, another patch changed the network driver
	to put dnsmasq options in a conf file rather than directly on the
	dnsmasq commandline, but preserved the same options.)
	This patch changes the network driver to *always* add
	"except-interface=lo" to dnsmasq conf files, regardless of whether we use
	bind-dynamic or bind-interfaces. This way no libvirt dnsmasq instances
	are listening on localhost (and the CVE is still fixed).
	The actual code change is miniscule, but must be propogated through all
	of the test files as well.

2012-12-14  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix VPATH build
	$(srcdir) is already part of $$file since commit f1f9a7ac7e.

2012-12-13  Ján Tomko  <jtomko@redhat.com>

	virsh: use vshReconnect for non-default connections too
	For non-default connections (specified by the environment variable or
	the command line option) we call virConnectOpenAuth without registering
	the vshCatchDisconnect callback.
	This calls vshReconnect instead which takes care of it.

	virsh: don't lie about reconnection in vshReconnect
	Since we (ab)use vshReconnect for the default URI connection, if it
	fails it might print 'Failed to reconnect to the hypervisor' even if we
	were never connected before.
	This changes it to only mention reconnection on the first try after
	getting disconnected.

2012-12-13  Daniel P. Berrange  <berrange@redhat.com>

	Add support for locking based on SCSI volume ID

	Add support for locking based on LVM volume uuid

	Add ability to maintain disk leases indirectly
	The default lockd driver behavour is to acquire leases
	directly on the disk files. This introduces an alternative
	mode, where leases are acquire indirectly on a file that
	is based on a SHA256 hash of the disk filename.

	Add a virtlockd client as a lock driver impl
	This adds a 'lockd' lock driver which is just a client which
	talks to the lockd daemon to perform all locking. This will
	be the default lock driver for any hypervisor which needs one.
	* src/Makefile.am: Add lockd.so plugin
	* src/locking/lock_driver_lockd.c: Lockd driver impl

	Add support for re-exec() of virtlockd upon SIGUSR1
	The virtlockd daemon maintains file locks on behalf of libvirtd
	and any VMs it is running. These file locks must be held for as
	long as any VM is running. If virtlockd itself ever quits, then
	it is expected that a node would be fenced/rebooted. Thus to
	allow for software upgrads on live systemd, virtlockd needs the
	ability to re-exec() itself.
	Upon receipt of SIGUSR1, virtlockd will save its current live
	state out to a file /var/run/virtlockd-restart-exec.json
	It then re-exec()'s itself with exactly the same argv as it
	originally had, and loads the state file, reconstructing any
	objects as appropriate.
	The state file contains information about all locks held and
	all network services and clients currently active. An example
	state document is
	 {
	    "server": {
	        "min_workers": 1,
	        "max_workers": 20,
	        "priority_workers": 0,
	        "max_clients": 20,
	        "keepaliveInterval": 4294967295,
	        "keepaliveCount": 0,
	        "keepaliveRequired": false,
	        "services": [
	            {
	                "auth": 0,
	                "readonly": false,
	                "nrequests_client_max": 1,
	                "socks": [
	                    {
	                        "fd": 6,
	                        "errfd": -1,
	                        "pid": 0,
	                        "isClient": false
	                    }
	                ]
	            }
	        ],
	        "clients": [
	            {
	                "auth": 0,
	                "readonly": false,
	                "nrequests_max": 1,
	                "sock": {
	                    "fd": 9,
	                    "errfd": -1,
	                    "pid": 0,
	                    "isClient": true
	                },
	                "privateData": {
	                    "restricted": true,
	                    "ownerPid": 1722,
	                    "ownerId": 6,
	                    "ownerName": "f18x86_64",
	                    "ownerUUID": "97586ba9-df27-9459-c806-f016c8bbd224"
	                }
	            },
	            {
	                "auth": 0,
	                "readonly": false,
	                "nrequests_max": 1,
	                "sock": {
	                    "fd": 10,
	                    "errfd": -1,
	                    "pid": 0,
	                    "isClient": true
	                },
	                "privateData": {
	                    "restricted": true,
	                    "ownerPid": 1784,
	                    "ownerId": 7,
	                    "ownerName": "f16x86_64",
	                    "ownerUUID": "7b8e5e42-b875-61e9-b981-91ad8fa46979"
	                }
	            }
	        ]
	    },
	    "defaultLockspace": {
	        "resources": [
	            {
	                "name": "/var/lib/libvirt/images/f16x86_64.raw",
	                "path": "/var/lib/libvirt/images/f16x86_64.raw",
	                "fd": 14,
	                "lockHeld": true,
	                "flags": 0,
	                "owners": [
	                    1784
	                ]
	            },
	            {
	                "name": "/var/lib/libvirt/images/shared.img",
	                "path": "/var/lib/libvirt/images/shared.img",
	                "fd": 12,
	                "lockHeld": true,
	                "flags": 1,
	                "owners": [
	                    1722,
	                    1784
	                ]
	            },
	            {
	                "name": "/var/lib/libvirt/images/f18x86_64.img",
	                "path": "/var/lib/libvirt/images/f18x86_64.img",
	                "fd": 11,
	                "lockHeld": true,
	                "flags": 0,
	                "owners": [
	                    1722
	                ]
	            }
	        ]
	    },
	    "lockspaces": [
	    ],
	    "magic": "30199"
	 }

	Enable systemd socket activation with virtlockd
	This enhancement virtlockd so that it can receive a pre-opened
	UNIX domain socket from systemd at launch time, and adds the
	systemd service/socket unit files
	* daemon/libvirtd.service.in: Require virtlockd to be running
	* libvirt.spec.in: Add virtlockd systemd files
	* src/Makefile.am: Install systemd files
	* src/locking/lock_daemon.c: Support socket activation
	* src/locking/virtlockd.service.in, src/locking/virtlockd.socket.in:
	  systemd unit files
	* src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h:
	  Add virNetServerServiceNewFD() method
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add virNetSocketNewListenFD
	  method

	Implement dispatch functions for lock protocol in virtlockd
	Introduce a lock_daemon_dispatch.c file which implements the
	server side dispatcher the RPC APIs previously defined in the
	lock protocol.

	Define a wire protocol for talking to the virtlockd daemon
	The virtlockd daemon will be responsible for managing locks
	on virtual machines. Communication will be via the standard
	RPC infrastructure. This provides the XDR protocol definition
	* src/locking/lock_protocol.x: Wire protocol for virtlockd
	* src/Makefile.am: Include lock_protocol.[ch] in virtlockd

	Introduce basic infrastructure for virtlockd daemon
	The virtlockd daemon will maintain locks on behalf of libvirtd.
	There are two reasons for it to be separate
	 - Avoid risk of other libvirtd threads accidentally
	   releasing fcntl() locks by opening + closing a file
	   that is locked
	 - Ensure locks can be preserved across libvirtd restarts.
	   virtlockd will need to be able to re-exec itself while
	   maintaining locks. This is simpler to achieve if its
	   sole job is maintaining locks

	Refactor creation of lock manager plugins
	Refactor virLockManagerPluginNew() so that the caller does
	not need to pass in the config file path itself - just the
	config directory and driver name.
	Fix QEMU to actually pass in a config file when creating the
	default lock manager plugin, rather than NULL.

	Fix error reporting when fetching SCSI/LVM keys
	The current  virStorageFileGet{LVM,SCSI}Key methods return
	the key as the return value. Unfortunately it is desirable
	for "NULL" to be a valid return value, as well as an error
	indicator. Thus the returned key must instead be provided
	as an out-parameter.
	When we invoke lvs or scsi_id to extract ID for block devices,
	we don't want virCommandWait logging errors messages. Thus we
	must explicitly check 'status != 0', rather than letting
	virCommandWait do it.

2012-12-13  Jim Fehlig  <jfehlig@suse.com>

	Support network boot for HVM guests in libxl
	The libxl driver ignored boot devices in the domain config,
	preventing PXE booting HVM domains.  This patch accounts for
	user-specified boot devices when building the libxl domain
	configuration.

2012-12-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix probing of QED file format
	The QED file format is non-versioned, so although the magic
	value matched, libvirt rejected it due to lack of a version
	number to compare against. We need to distinguish this case
	by allowing a value of '-2' to indicate a non-versioned file
	where only the magic is required to match

	Add lots of debugging to storage file probing code

	Log warning if storage magic matches, but version does not
	To help us detect when new storage file versions come into
	existance log a warning if the storage file magic matches,
	but the version does not

	Fix memory leak in QEMU QMP capabilities initialization
	The qemuCapsInitQMP method never frees the QEMU 'package'
	version string.

	Change virCgroupGetAppRoot stub on non-Linux to avoid unused param warning
	Fully stub out the virCgroupGetAppRoot method as done with other
	methods in the file, rather than just the body. This lets us
	annotate the unused parameter to avoid a warning

2012-12-13  Eric Blake  <eblake@redhat.com>

	network: match xml warning message
	I noticed that /var/lib/libvirt/dnsmasq/*.conf used the wrong word;
	it was intended to match the wording in src/util/xml.c.
	* src/network/bridge_driver.c (networkDnsmasqConfContents): Fix typo.
	* tests/networkxml2confdata/*.conf: Update accordingly.

2012-12-13  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Qemu FreeBSD: fix compilation
	* Autotools changes:
	  - Don't assume Qemu is Linux-only
	  - Check Linux headers only on Linux
	  - Disable firewalld on FreeBSD
	* Initctl:
	  Initctl seem to present only on Linux, so stub it on other platforms
	* Raw I/O: Linux-only as well
	* Headers cleanup

	Drop mntent.h include.
	It's no longer used and also causes build fail on FreeBSD.

2012-12-13  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	Fix make check with different object directory
	make check fails in check-symsorting if configure is not run in
	the source directory. Prefixing symfile names with $(srcdir)
	fixes this.

2012-12-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: Improve error reporting from qemuDomainManagedSaveRemove
	Report an error if unlink of the managedsave file fails.

	qemu: Small code cleanups in the managedsave functions
	Save a few lines moving assignments into conditions and fix braces
	position.

	qemu: Refactor managed save functions to use domain lookup helpers

	qemu: Add a new domain lookup helper and improve the docs
	This patch adds a new domain lookup helper qemuDomObjFromDomainDriver
	that lookups the domain and leaves the driver locked. The driver is
	returned as the second argument of that function. If the lookup fails
	the driver is unlocked to help avoid cleanup codepaths.
	This patch also improves docs for the helpers.

	util: Fix warning message in previous patch
	I didn't notice the extra "does" in the previous patch. Remove it.

	util: rework error reporting in virGet(User|Group)IDByName
	This patch gets rid of the undeterministic error reporting code done on
	return values of get(pw|gr)nam_r. With this patch, if the group record
	is not returned by the corresponding function this error is not
	considered fatal even if errno != 0. The error is logged in such case.

2012-12-12  Daniel P. Berrange  <berrange@redhat.com>

	Refactor virDomainHostdevFind method
	Move the code for matching hostdev instances out of virDomainHostdevFind
	and into virDomainHostdevMatch method, which in turn calls out to other
	helper methods depending on the type of hostdev.

	Slightly refactor hostdev parsing / formating
	Rename virDomainHostdevPartsParse to virDomainHostdevDefParseSubsys
	to reflect the fact that it only deals with hostdevs uing the
	traditional mode=subsystem, and not mode=capabilities
	Rename virDomainHostSourceFormat to virDomainHostdevDefFormatSubsys
	for the same reason.

	Remove bogus const return values in storage file APIs
	virStorageFileGetLVMKey and virStorageFileGetSCSIKey
	both return heap allocated strings, so the return value
	should not be marked const.

	Add missing export of virStorageFileGetLVMKey & virStorageFileGetSCSIKey

	Fix sorting of libvirt_private.syms and add syntax check rule
	Add check-symsorting.pl to perform case-insensitive alphabetical
	sorting of groups of symbols. Fix all violations it reports

2012-12-12  Cole Robinson  <crobinso@redhat.com>

	uml: Report error if inotify fails on driver startup

	tools: Only install guests init script if --with-init=script=redhat
	Most of this deals with moving the libvirt-guests.sh script which
	does all the work to /usr/libexec, so it can be shared by both
	systemd and traditional init. Previously systemd depended on
	the script being in /etc/init.d
	Required to fix https://bugzilla.redhat.com/show_bug.cgi?id=789747

2012-12-12  Serge Hallyn  <serge.hallyn@ubuntu.com>

	add vnc unix sockets to apparmor policy
	When using vnc gaphics over a unix socket, virt-aa-helper needs to provide
	access for the qemu domain to access the sockfile.

	add security hook for permitting hugetlbfs access
	When a qemu domain is backed by huge pages, apparmor needs to grant the domain
	rw access to files under the hugetlbfs mount point.  Add a hook, called in
	qemu_process.c, which ends up adding the read-write access through
	virt-aa-helper.  Qemu will be creating a randomly named file under the
	mountpoint and unlinking it as soon as it has mmap()d it, therefore we
	cannot predict the full pathname, but for the same reason it is generally
	safe to provide access to $path/**.

2012-12-12  Eric Blake  <eblake@redhat.com>

	maint: mention when HACKING is rebuilt during make
	I noticed that on Fedora 18, xlstproc decides to regenerate
	HACKING with additional whitespace.  I haven't figured out why
	that is happening (although fixing it would probably be a task
	for xlstproc), but in the process of investigating, I noticed
	that 'make HACKING' was completely silent, for no good reason.
	* Makefile.am (gen-ChangeLog, gen-AUTHORS, NEWS)
	($(top_srcdir)/HACKING): Mention which files we are generating.

2012-12-12  Jiri Denemark  <jdenemar@redhat.com>

	docs: Document offline migration

2012-12-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: reuse qemuMigrationIsAllowed when doing save and managedsave
	Save and managedsave both use migration to file. This patch reuses
	qemuMigrationIsAllowed to check if the migration could happen before
	trying.

	qemu: snapshot: Report better error message if migration isn't allowed
	Qemu doesn't support migration on guests with host devices. This patch
	adds a check to ensure migration is safe before actually doing so.

	qemu: Make qemuMigrationIsAllowed more reusable
	This patch exports qemuMigrationIsAllowed and adds a new parameter to it
	to denote if it's a remote migration or a local migration. Local
	migrations are used in snapshots and saving of the machine state and
	have fewer restrictions. This patch also adjusts callers of the function
	and tweaks some error messages to be more universal.

2012-12-12  Ján Tomko  <jtomko@redhat.com>

	qemu: assume seccomp sandbox is supported since qemu 1.2
	Currently there is no way to detect it via QMP and requesting "-sandbox
	off" works correctly even if it was compiled out, so this will work
	unless someone both requests the sandbox in qemu.conf and builds QEMU
	without the support for it.

2012-12-12  Michal Privoznik  <mprivozn@redhat.com>

	domain: Keep assigned class_id in domstatus XML
	Interfaces keeps a class_id, which is an ID from which bridge
	part of QoS settings is derived. We need to store class_id
	in domain status file, so we can later pass it to
	virNetDevBandwidthUnplug.

	network: Create real network status files
	Currently, we are only keeping a inactive XML configuration
	in status dir. This is no longer enough as we need to keep
	this class_id attribute so we don't overwrite old entries
	when the daemon restarts. However, since there has already
	been release which has just <network/> as root element,
	and we want to keep things compatible, detect that loaded
	status file is older one, and don't scream about it.

	bandwidth: Create network bandwidth (un)plug functions
	Network should be notified if we plug in or unplug an
	interface, so it can perform some action, e.g. set/unset
	network part of QoS. However, we are doing this in very
	early stage, so iface->ifname isn't filled in yet. So
	whenever we want to report an error, we must use a different
	identifier, e.g. the MAC address.

	bandwidth: Create rate update function
	This will be used whenever a NIC with guaranteed throughput is to
	be plugged into a bridge. It will adjust the average throughput of
	non guaranteed NICs (classid 1:2) to meet new requirements.

	bandwidth: Create (un)plug functions
	These set bridge part of QoS when bringing domain's interface up.
	Long story short, if there's a 'floor' set, a new QoS class is created.
	ClassID MUST be unique within the bridge and should be kept for
	unplug phase.

	bandwidth: Create hierarchical shaping classes
	These classes can borrow unused bandwidth. Basically,
	only egress qdsics can have classes, therefore we can
	do this kind of traffic shaping only on host's outgoing,
	that is domain's incoming traffic.

	bandwidth: add new 'floor' attribute
	This is however supported only on domain interfaces with
	type='network'. Moreover, target network needs to have at least
	inbound QoS set. This is required by hierarchical traffic shaping.
	From now on, the required attribute for <inbound/> is either 'average'
	(old) or 'floor' (new). This new attribute can be used just for
	interfaces type of network (<interface type='network'/>) currently.

	bandwidth: Attach sfq to leaf node
	Stochastic Fairness Queuing (SFQ) is queuing discipline
	(qdisc) which doesn't really shape any traffic but 'just'
	re-arrange packets in sending buffer so no stream starve.
	The goal is to ensure fairness. There is basically only one
	configuration parameter (perturb) which is set to advised
	value of 10.

2012-12-11  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: handle network adapters of type 'routed'
	Network adapters of type 'routed' is a special case. Other adapters
	have 'network' parameter in prlctl's output instead.
	Routed network adapters should be connected to 'routed' network
	from libvirt's view.

	parallels: add routed pseudo network
	Historically if traffic from the adapter is routed to LAN without
	NAT, it isn't connected to any virtual networks, but has a 'type'
	instead. Sinse libvirt has special virtual network type for such case,
	let's add pseudo network 'routed' to fit libvirt's API well.

	parallels: parse virtual network properties
	Fill bridge name and mac for bridged network and
	DHCP server parameter for host-only network.

	parallels: add network driver
	Parallels Cloud Server uses virtual networks model for network
	configuration. It uses own tools for virtual network management.
	So add network driver, which will be responsible for listing
	virtual networks and performing different operations on them
	(in consequent patched).
	This patch only allows listing virtual network names, without
	any parameters like DHCP server settings.

	parallels: move parallelsParseError to parallels_utils.h
	This macro will be used in another file in the next
	patch, so move it to common header file.

	parallels: add support of network interfaces to parallelsDomainDefineXML
	Allow changing network interfaces in domain configuration.
	ifname is used as iterface identifier: if there is interface
	with some ifname in old config and there are no interfaces with
	such name in the new config - issue prlctl command to delete
	the network interface. And vice versa - if interface with
	some ifname exists only in new config - issue prlctl command
	to create it.

	parallels: parse information about network interfaces
	Parse network interfaces info from prlctl output.
	Parallels Cloud Server uses virtual networks model for
	network configuration: You can add network adapter to
	VM and connect it to some predefined virtual network.
	Fill type, mac, network name and linkstate fields of
	virDomainNetDef structure.

2012-12-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Remove memory image if external checkpoint fails
	When the disk snapshot part of an external system checkpoint fails the
	memory image is retained. This patch adds code to remove the image in
	such case.

	qemu: snapshot: Don't leak XML definition if restarting of CPUs fails
	In case the snapshot code isn't able to restart CPUs after an external
	checkpoint we would leak a copy of the domains XML definition. This
	patch fixes the cleanup path.

2012-12-11  Ján Tomko  <jtomko@redhat.com>

	qemu: fix uninitialized variable warning in doPeer2PeerMigrate
	False positive, but it breaks the build with gcc-4.6.3.
	qemu/qemu_migration.c:2931:37: error: 'offline' may be used
	uninitialized in this function [-Werror=uninitialized]
	qemu/qemu_migration.c:2887:10: note: 'offline' was declared here

2012-12-11  Jiri Denemark  <jdenemar@redhat.com>

	conf: Remove duplicate declaration of virNetworkDNSDefPtr

	examples: Fix balloon event callback

2012-12-11  Gene Czarcinski  <gene@czarc.net>

	network: put dnsmasq parameters in conf-file instead of command line
	This patch changes how parameters are passed to dnsmasq.  Instead of
	being on the command line, the parameters are put into a file (one
	parameter per line) and a commandline --conf-file= specifies the
	location of the file.  The file is located in the same directory as
	the leases file.
	Putting the dnsmasq parameters into a configuration file
	allows them to be examined and more easily understood than
	examining the command lines displayed by "ps ax".  This is
	especially true when a number of networks have been started.
	When the use of dnsmasq was originally done, the required command line
	was simple, but it has gotten more complicated over time and will
	likely become even more complicated in the future.
	Note: The test conf files have all been renamed .conf instead of
	.argv, and tests/networkxml2xmlargvdata was moved to
	tests/networkxml2xmlconfdata.

	network: add support for DHCPv6
	The DHCPv6 support includes IPV6 dhcp-range and dhcp-host for one
	IPv6 subnetwork on one interface.  This support will only work
	if dnsmasq version >= 2.64; otherwise an error occurs if
	dhcp-range or dhcp-host is specified for an IPv6 address.
	Essentially, this change provides the same DHCP support for IPv6
	that has been available for IPv4.
	With dnsmasq >= 2.64, support for the RA service is also now provided
	by dnsmasq (radvd is no longer used/started). (Although at least one
	version of dnsmasq prior to 2.64 "supported" IPv6 Router
	Advertisement, there were bugs (fixed in 2.64) that rendered it
	unusable.)
	Documentation and the network schema has been updated
	to reflect the new support.

2012-12-11  Laine Stump  <laine@laine.org>

	conf: split <forward> parser/clear into separate functions
	virNetworkDefUpdateForward requires separate functions to parse and
	clear a virNetworkForwardDef by itself, but they were previously just
	inlined in the virNetworkDef parse and free functions. This patch
	makes them into separate functions.

	conf: put data for network <forward> element into its own struct
	The attributes of a <network> element's <forward> element were
	previously stored directly in the virNetworkDef object, but
	virNetworkUpdateForward() needs to operate on a <forward> in
	isolation, so this patchs pulls out all those attributes into a
	separate virNetworkForwardDef struct (and shortens their names
	appropriately). This new object is contained in the virNetworkDef, not
	pointed to by it, so there is no extra memory management.
	This patch makes no functional changes, it only changes, e.g.,
	"nForwardIfs" to "forward.nifs".

	conf: make virNetworkIpDefClear consistent with other functions
	The other clear functions in network_conf.c that clear out arrays of
	sub-objects do so by using the n[itemname]s value as a counter going
	down to 0. Make this one consistent. There's no functional value, just
	makes the style more consistent with the rest of the file.

	conf: rename some labels and functions in network_conf
	This makes some function names and arg lists for consistent with other
	parse functions in network_conf.c. While modifying
	virNetworkIPParseXML(), also change its "error" label to "cleanup",
	since the code at that label is executed on success as well as
	failure.

	network: backend functions for updating network dns host/srv/txt
	These three functions are very similar - none allow a MODIFY
	operation; you can only add or delete.
	The biggest difference between them (other than the data itself) is in
	the criteria for determining a match, and whether or not multiple
	matches are possible:
	1) for HOST records, it's considered a match if the IP address or any
	of the hostnames of an existing record matches.
	2) for SRV records, it's a match if all of
	domain+service+protocol+target *which have been specified* are
	matched.
	3) for TXT records, there is only a single field to match - name
	(value can be the same for multiple records, and isn't considered a
	search term), so by definition there can be no ambiguous matches.
	In all three cases, if any matches are found, ADD will fail; if
	multiple matches are found, it means the search term was ambiguous,
	and a DELETE will fail.
	The upper level code in bridge_driver.c is already implemented for
	these functions - appropriate conf files will be re-written, and
	dnsmasq will be SIGHUPed or restarted as appropriate.

	conf: clear and parse functions for dns host/srv/txt records
	Since there is only a single virNetworkDNSDef for any virNetworkDef,
	and it's trivial to determine whether or not it contains any real
	data, it's much simpler (and fits more uniformly with the parse
	function calling sequence of the parsers for many other objects that
	are subordinates of virNetworkDef) if virNetworkDef *contains* an
	virNetworkDNSDef rather than pointing to one.
	Since it is now just a part of another object rather than its own
	object, it no longer makes sense to have a *Free() function, so that
	is changed to a *Clear() function.
	More importantly though, ParseXML and Clear functions are needed for
	the individual items contained in a virNetworkDNSDef (srv, txt, and
	host records), but none of them have a *Clear(), and only two of the
	three had *ParseXML() functions (both of which used a non-uniform
	arglist). Those problems are cleared up by this patch - it splits the
	higher-level Clear function into separate functions for each of the
	three, creates a parse for txt records, and cleans up the srv and host
	parsers, so we now have all the utility functions necessary to
	implement virNetworkDefUpdateDNS(Host|Srv|Txt).

	conf: rename network dns host/srv/txt arrays
	This shortens the name of the structs for srv and txt, and their
	instances in virNetworkDNSDef, to be more compact and uniform with the
	naming of the dns host array. It also changes the type of ntxts, etc
	from unsigned int to size_t, so that they can be used directly as args
	to VIR_*_ELEMENT.

	conf: use VIR_(INSERT|DELETE)_ELEMENT in virNetworkUpdate backend
	The already-written backend functions for virNetworkUpdate that add
	and delete items into lists within the a network were already debugged
	to work properly, but future such functions will use
	VIR_(INSERT|DELETE)_ELEMENT instead, so these are changed for
	uniformity.

	util: add VIR_(APPEND|INSERT|DELETE)_ELEMENT
	I noticed when writing the backend functions for virNetworkUpdate that
	I was repeating the same sequence of memmove, VIR_REALLOC, nXXX-- (and
	messed up the args to memmove at least once), and had seen the same
	sequence in a lot of other places, so I decided to write a few
	utility functions/macros - see the .h file for full documentation.
	The intent is to reduce the number of lines of code, but more
	importantly to eliminate the need to check the element size and
	element count arithmetic every time we need to do this (I *always*
	make at least one mistake.)
	VIR_INSERT_ELEMENT: insert one element at an arbitrary index within an
	  array of objects. The size of each object is determined
	  automatically by the macro using sizeof(*array). The new element's
	  contents are copied into the inserted space, then the original copy
	  of contents are 0'ed out (if everything else was
	  successful). Compile-time assignment and size compatibility between
	  the array and the new element is guaranteed (see explanation below
	  [*])
	VIR_INSERT_ELEMENT_COPY: identical to VIR_INSERT_ELEMENT, except that
	  the original contents of newelem are not cleared to 0 (i.e. a copy
	  is made).
	VIR_APPEND_ELEMENT: This is just a special case of VIR_INSERT_ELEMENT
	  that "inserts" one past the current last element.
	VIR_APPEND_ELEMENT_COPY: identical to VIR_APPEND_ELEMENT, except that
	  the original contents of newelem are not cleared to 0 (i.e. a copy
	  is made).
	VIR_DELETE_ELEMENT: delete one element at an arbitrary index within an
	  array of objects. It's assumed that the element being deleted is
	  already saved elsewhere (or cleared, if that's what is appropriate).
	All five of these macros have an _INPLACE variant, which skips the
	memory re-allocation of the array, assuming that the caller has
	already done it (when inserting) or will do it later (when deleting).
	Note that VIR_DELETE_ELEMENT* can return a failure, but only if an
	invalid index is given (index + amount to delete is > current array
	size), so in most cases you can safely ignore the return (that's why
	the helper function virDeleteElementsN isn't declared with
	ATTRIBUTE_RETURN_CHECK). A warning is logged if this ever happens,
	since it is surely a coding error.
	[*] One initial problem with the INSERT and APPEND macros was that,
	due to both the array pointer and newelem pointer being cast to void*
	when passing to virInsertElementsN(), any chance of type-checking was
	lost. If we were going to move in newelem with a memmove anyway, we
	would be no worse off for this. However, most current open-coded
	insert/append operations use direct struct assignment to move the new
	element into place (or just populate the new element directly) - thus
	use of the new macros would open a possibility for new usage errors
	that didn't exist before (e.g. accidentally sending &newelemptr rather
	than newelemptr - I actually did this quite a lot in my test
	conversions of existing code).
	But thanks to Eric Blake's clever thinking, I was able to modify the
	INSERT and APPEND macros so that they *do* check for both assignment
	and size compatibility of *ptr (an element in the array) and newelem
	(the element being copied into the new position of the array). This is
	done via clever use of the C89-guaranteed fact that the sizeof()
	operator must have *no* side effects (so an assignment inside sizeof()
	is checked for validity, but not actually evaluated), and the fact
	that virInsertElementsN has a "# of new elements" argument that we
	want to always be 1.

2012-12-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Restart CPUs with valid async job type when doing external snapshots
	When restarting CPUs after an external snapshot, the restarting function
	was called without the appropriate async job type. This caused that a
	new sync job wasn't created and allowed races in the monitor.

2012-12-11  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add support of removing disks
	If some hard disk is not found in new domain configuration, it
	should be removed.

	parallels: apply config after VM creation
	New VM will have default values for all parameters, like
	cpu number, we have to change its configuration as provided
	by xml definition, given to parallelsDomainDefineXML.

	parallels: add support of disks creation
	Implement creation of new disks - if a new disk found
	in configuration, find a volume by disk path and
	actually create a disk image by issuing prlctl command.
	If it's successfully finished - remove the file with volume
	definition.

	parallels: add function parallelsGetDiskBusName
	Add function for convertion bus from libvirt's numeric constant
	to a name, used in a parallels command-line tools.

	parallels: split parallelsStorageVolumeDelete function
	Move part, which deletes existing volume, to a new function
	parallelsStorageVolumeDefRemove so that we can use it later
	in parallels_driver.c

	parallels: fill volumes capacity parameter
	Read disk images size from xml description and fill
	virStorageVolDef.capacity and allocation (let's consider
	that allocation is the same as capacity, calculating real
	allcoation will be implemented later).

	parallels: add info about volumes
	Disk images in Parallels Cloud Server stored in directories. Each
	one has files with data and xml description of an image stored in
	file DiskDescriptior.xml.
	Since we have to support 'detached' images, which are not used by
	any VM, the better way to collect info about volumes is searching for
	directories with a file DiskDescriptior.xml in each VM directory.

	parallels: fix leaks in parallelsFindVolumes
	We always have to close opened dir and free 'path'.

	parallels: create storage pools by VM list
	There are no storage pools in Parallels Cloud Server -
	All VM data stored in a single directory: config, snapshots,
	memory dump together with disk images.
	Let's look through list of VMs and create a storage pool for
	each directory, containing VMs.
	So if you have 3 vms: /var/parallels/vm-1.pvm,
	/var/parallels/vm-2.pvm and /root/test.pvm - 2 storage pools
	appear: -var-parallels and -root. xml descriptions of the pools
	will be saved in /etc/libvirt/parallels-storage, so UUIDs will
	not change netween connections to libvirt.

	parallels: remove unused code from storage driver
	We don't support unprivileged users anymore, so remove code, which
	selects configuration directory depending on user.

	parallels: split parallelsStorageOpen function
	Move code for loading inforation about pools to a separate
	function - parallelsLoadPools.

	parallels: handle disk devices in parallelsDomainDefineXML
	Allow changing some parameters of the hard disks: bus,
	image and drive address.
	Creating new disk devices and removing existing ones
	require changes in the storage driver, so it will be
	implemented later.

	parallels: add info about hard disk devices
	Parse information about hard disks and fill disks array
	in virDomainDef structure.

2012-12-11  liguang  <lig.fnst@cn.fujitsu.com>

	Add support for offline migration
	Offline migration transfers inactive definition of a domain (which may
	or may not be active). After successful completion, the domain remains
	in its current state on source host and is defined but inactive on
	destination host. It's a bit more clever than virDomainGetXMLDesc() on
	source host followed by virDomainDefineXML() on destination host, as
	offline migration will run pre-migration hook to update the domain XML
	on destination host. Currently, copying non-shared storage is not
	supported during offline migration.
	Offline migration can be requested with a new migration flag called
	VIR_MIGRATE_OFFLINE (which has to be combined with
	VIR_MIGRATE_PERSIST_DEST flag).

2012-12-11  Laine Stump  <laine@laine.org>

	qemu: eliminate bogus error log when changing netdev's bridge
	This fixes a problem that showed up during testing of:
	  https://bugzilla.redhat.com/show_bug.cgi?id=881480
	Due to a logic error in the function that gets the name of the bridge
	an interface connects to, any time a bridge was specified directly
	(type='bridge') rather than indirectly (type='network'), An error
	would be logged (although the operation would then complete
	successfully):
	   Network type 6 is not supported
	The final virReportError() in the function
	qemuDomainNetGetBridgeName() was apparently avoided in the past with a
	"goto cleanup" at the end of each case, but the case of bridge somehow
	no longer has that final goto cleanup.
	The proper solution is anyway to not rely on goto's, but put the error
	log inside an else {} clause, so that it's executed only if the type
	is neither bridge nor network (in reality, this function should only
	ever be called for those two types, that's why this is an internal
	error).
	While making this change, the error message was also tuned to be more
	correct (since it's not really the type of the network, but the type
	of the interface, and it *is* otherwise supported, it's just that the
	interface type in question doesn't *have* a bridge device associated
	with it, or at least we don't know how to get it).

2012-12-10  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Assign default model "virtio" for network interfaces
	If a network interface model is not specified, libvirt will run
	into an unchecked NULL pointer coredump. On the other hand if
	the empty model is ignored, a PCI bus address would be generated,
	which is not supported by S390.
	Since the only valid network type model for S390 is virtio,
	we use this as the default value, which is the same for QEMU.

2012-12-10  Michal Privoznik  <mprivozn@redhat.com>

	Revert "dnsmasq: Fix parsing of the version number"
	This reverts commit 5114431396fd125b6ebe4d1a20a981111f948ee7
	which was pushed accidentally.

2012-12-08  Cole Robinson  <crobinso@redhat.com>

	qemu: capabilities: fix machine name/canonical swappage
	Things are supposed to look like:
	<machine canonical='pc-0.12'>pc</machine>
	But are currently swapped. This can cause many VMs to revert to having
	machine type='pc' which will affect save/restore across qemu upgrades.

2012-12-07  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix usage of header termios.h
	The termios struct exported by the termios.h header is used as an
	argument for vshMakeStdinRaw(). The header isn't used anywhere in
	tools/virsh-domain.c.
	This patch adds the header to the header declaring vshMakeStdinRaw() and
	removes other places in virsh.

2012-12-07  Ján Tomko  <jtomko@redhat.com>

	virsh: allow metadata preallocation when creating volumes
	Add --prealloc-metadata flag to these commands:
	vol-clone
	vol-create
	vol-create-as
	vol-create-from

	storage: allow metadata preallocation when creating qcow2 images
	Add VIR_STORAGE_VOL_CREATE_PREALLOC_METADATA flag to virStorageVolCreateXML
	and virStorageVolCreateXMLFrom. This flag requests metadata
	preallocation when creating/cloning qcow2 images, resulting in creating
	a sparse file with qcow2 metadata. It has only slightly larger disk usage
	compared to new image with no allocation, but offers higher performance.

2012-12-07  Osier Yang  <jyang@redhat.com>

	qemu: Allow the user to specify vendor and product for disk
	QEMU supports setting vendor and product strings for disk since
	1.2.0 (only scsi-disk, scsi-hd, scsi-cd support it), this patch
	exposes it with new XML elements <vendor> and <product> of disk
	device.

2012-12-07  Jim Fehlig  <jfehlig@suse.com>

	Convert libxl driver to Xen 4.2
	Based on a patch originally authored by Daniel De Graaf
	  http://lists.xen.org/archives/html/xen-devel/2012-05/msg00565.html
	This patch converts the Xen libxl driver to support only Xen >= 4.2.
	Support for Xen 4.1 libxl is dropped since that version of libxl is
	designated 'technology preview' only and is incompatible with Xen 4.2
	libxl.  Additionally, the default toolstack in Xen 4.1 is still xend,
	for which libvirt has a stable, functional driver.

2012-12-07  Guido Günther  <agx@sigxcpu.org>

	Inhibit daemon shutdown during driver initialization
	As of 1a50ba2cb07d8bb2aa724062889deb9efd7ad9e9 qemu capabilities probing
	takes longer since we timeout waiting for the monitor socket. When
	probing qemu for different architectures this can add up so the daemon
	auto shutdown timeout is reached and the client doesn't have a chance
	to connect. To avoid that inhibit daemon shutdown during driver
	initialization (which includes capabilities probing).
	This fixes
		http://honk.sigxcpu.org:8001/job/libvirt-tck-debian-wheezy-qemu-session/227/

2012-12-07  Christophe Fergeau  <cfergeau@redhat.com>

	util: Don't fail virGetGroupIDByName when group not found
	virGetGroupIDByName is documented as returning 1 if the groupname
	cannot be found. getgrnam_r is documented as returning:
	« 0 or ENOENT or ESRCH or EBADF or EPERM or ...  The given name
	or gid was not found. »
	 and that:
	« The formulation given above under "RETURN VALUE" is from POSIX.1-2001.
	It  does  not  call  "not  found"  an error, hence does not specify what
	value errno might have in this situation.  But that makes it impossible to
	recognize errors.  One might argue that according to POSIX errno should be
	left unchanged if an entry is not found.  Experiments on various UNIX-like
	systems shows that lots of different values occur in this situation: 0,
	ENOENT, EBADF, ESRCH, EWOULDBLOCK, EPERM and probably others. »
	virGetGroupIDByName returns an error when the return value of getgrnam_r
	is non-0. However on my RHEL system, getgrnam_r returns ENOENT when the
	requested user cannot be found, which then causes virGetGroupID not
	to behave as documented (it returns an error instead of falling back
	to parsing the passed-in value as an gid).
	This commit makes virGetGroupIDByName only report an error when errno
	is set to one of the values in the posix description of getgrnam_r
	(which are the same as the ones described in the manpage on my system).

	util: Don't fail virGetUserIDByName when user not found
	virGetUserIDByName is documented as returning 1 if the username
	cannot be found. getpwnam_r is documented as returning:
	« 0 or ENOENT or ESRCH or EBADF or EPERM or ...  The given name
	or uid was not found. »
	 and that:
	« The formulation given above under "RETURN VALUE" is from POSIX.1-2001.
	It  does  not  call  "not  found"  an error, hence does not specify what
	value errno might have in this situation.  But that makes it impossible to
	recognize errors.  One might argue that according to POSIX errno should be
	left unchanged if an entry is not found.  Experiments on various UNIX-like
	systems shows that lots of different values occur in this situation: 0,
	ENOENT, EBADF, ESRCH, EWOULDBLOCK, EPERM and probably others. »
	virGetUserIDByName returns an error when the return value of getpwnam_r
	is non-0. However on my RHEL system, getpwnam_r returns ENOENT when the
	requested user cannot be found, which then causes virGetUserID not
	to behave as documented (it returns an error instead of falling back
	to parsing the passed-in value as an uid).
	This commit makes virGetUserIDByName only report an error when errno
	is set to one of the values in the posix description of getpwnam_r
	(which are the same as the ones described in the manpage on my system).

2012-12-06  Michal Privoznik  <mprivozn@redhat.com>

	dnsmasq: Fix parsing of the version number
	If debugging is enabled, the debug messages are sent to stderr.
	Moreover, if a command has catching of stderr set, the messages
	gets mixed with stdout output (assuming both outputs are stored
	in the same variable). The resulting string then doesn't
	necessarily have to start with desired prefix then. This bug
	exposes itself when parsing dnsmasq output:
	2012-12-06 11:18:11.445+0000: 18491: error :
	dnsmasqCapsSetFromBuffer:664 : internal error cannot parse
	/usr/sbin/dnsmasq version number in '2012-12-06
	11:11:02.232+0000: 18492: debug : virFileClose:72 : Closed fd 22'
	We can clearly see that the output of dnsmasq --version doesn't
	start with expected "Dnsmasq version " string but a libvirt debug
	output.

	dnsmasq: Fix parsing of the version number
	If the debugging is enabled, the virCommand subsystem catches debug
	messages in the command output as well. In that case, we can't assume
	the string corresponding to command's stdout will start with specific
	prefix. But the prefix can be moved deeper in the string. This bug
	shows itself when parsing dnsmasq output:
	2012-12-06 11:18:11.445+0000: 18491: error :
	dnsmasqCapsSetFromBuffer:664 : internal error cannot parse
	/usr/sbin/dnsmasq version number in '2012-12-06 11:11:02.232+0000:
	18492: debug : virFileClose:72 : Closed fd 22'
	We can clearly see that the output of dnsmasq --version
	doesn't start with expected "Dnsmasq version " string but a libvirt
	debug output.

2012-12-06  Laine Stump  <laine@laine.org>

	network: prevent a few invalid configuration combinations
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=767057
	It was possible to define a network with <forward mode='bridge'> that
	had both a bridge device and a forward device defined. These two are
	mutually exclusive by definition (if you are using a bridge device,
	then this is a host bridge, and if you have a forward dev defined,
	this is using macvtap). It was also possible to put <ip>, <dns>, and
	<domain> elements in this definition, although those aren't supported
	by the current driver (although it's conceivable that some other
	driver might support that).
	The items that are invalid by definition, are now checked in the XML
	parser (since they will definitely *always* be wrong), and the others
	are checked in networkValidate() in the network driver (since, as
	mentioned, it's possible that some other network driver, or even this
	one, could some day support setting those).

2012-12-06  Gene Czarcinski  <gene@czarc.net>

	network: allow guest to guest IPv6 without gateway definition
	This patch adds the capability for virtual guests to do IPv6
	communication via a virtual network interface with no IPv6 (gateway)
	addresses specified.  This capability has always been enabled by
	default for IPv4, but disabled for IPv6 for security concerns, and
	because it requires the ip6tables command to be operational (which
	isn't the case on a system with the ipv6 module completely disabled).
	This patch adds a new attribute "ipv6" at the toplevel of a <network>
	object.  If ipv6='yes', the extra ip6tables rules required to permite
	inter-guest communications are added when the network is started. If
	it is 'no', or not present, those rules will not be added; thus the
	default behavior doesn't change, so there should be no compatibility
	issues with any existing installations.
	Note that virtual guests cannot communication with the virtualization
	host via this interface, because the following kernel tunable has
	been set:
	   net.ipv6.conf.<bridge_interface_name>.disable_ipv6 = 1
	This assures that the bridge interface will not have an IPv6
	link-local (fe80::) address.
	To control this behavior so that it is not enabled by default, the parameter
	ipv6='yes' on the <network> statement has been added.
	Documentation related to this patch has been updated.
	The network schema has also been updated.

2012-12-06  Osier Yang  <jyang@redhat.com>

	storage: Error out earlier if the volume target path already exists
	https://bugzilla.redhat.com/show_bug.cgi?id=832302
	It's odd to fall through to buildVol, and the existed file is
	removed when buildVol fails. This checks if the volume target
	path already exists in createVol. The reason for not using
	error like "Volume already exists" is that there isn't volume
	maintained by libvirt for the path until a operation like
	pool-refresh, using error like that will just cause confusion.

2012-12-06  Daniel P. Berrange  <berrange@redhat.com>

	remote: Avoid the thread race condition
	https://bugzilla.redhat.com/show_bug.cgi?id=866524
	Since the virConnect object is not locked wholely when doing
	virConenctDispose, a thread can get the lock and thus might
	cause the race.
	Detected by valgrind:
	==23687== Invalid read of size 4
	==23687==    at 0x38BAA091EC: pthread_mutex_lock (pthread_mutex_lock.c:61)
	==23687==    by 0x3FBA919E36: remoteClientCloseFunc (remote_driver.c:337)
	==23687==    by 0x3FBA936BF2: virNetClientCloseLocked (virnetclient.c:688)
	==23687==    by 0x3FBA9390D8: virNetClientIncomingEvent (virnetclient.c:1859)
	==23687==    by 0x3FBA851AAE: virEventPollRunOnce (event_poll.c:485)
	==23687==    by 0x3FBA850846: virEventRunDefaultImpl (event.c:247)
	==23687==    by 0x40CD61: vshEventLoop (virsh.c:2128)
	==23687==    by 0x3FBA8626F8: virThreadHelper (threads-pthread.c:161)
	==23687==    by 0x38BAA077F0: start_thread (pthread_create.c:301)
	==23687==    by 0x33F68E570C: clone (clone.S:115)
	==23687==  Address 0x4ca94e0 is 144 bytes inside a block of size 312 free'd
	==23687==    at 0x4A0595D: free (vg_replace_malloc.c:366)
	==23687==    by 0x3FBA8588B8: virFree (memory.c:309)
	==23687==    by 0x3FBA86AAFC: virObjectUnref (virobject.c:145)
	==23687==    by 0x3FBA8EA767: virConnectClose (libvirt.c:1458)
	==23687==    by 0x40C8B8: vshDeinit (virsh.c:2584)
	==23687==    by 0x41071E: main (virsh.c:3022)
	The above race is caused by the eventLoop thread tries to handle
	the net client event by calling the callback set by:
	    virNetClientSetCloseCallback(priv->client,
	                                 remoteClientCloseFunc,
	                                 conn, NULL);
	I.E. remoteClientCloseFunc, which lock/unlock the virConnect object.
	This patch is to fix the bug by setting the callback to NULL when
	doRemoteClose.

2012-12-05  Peter Krempa  <pkrempa@redhat.com>

	pci: Fix building of 32bit PCI command array
	The pciWrite32 function assembled the array of data to be written to the
	fd with a bad offset on the last byte. This issue was probably caused by
	a typo (14, 24).

2012-12-05  Jiri Denemark  <jdenemar@redhat.com>

	util: Do not keep PCI device config file open
	Directly open and close PCI config file in the APIs that need it rather
	than keeping the file open for the whole life of PCI device structure.

	qemu: Fix memory (and FD) leak on PCI device detach
	Unmanaged PCI devices were only leaked if pciDeviceListAdd failed but
	managed devices were always leaked. And leaking PCI device is likely to
	leave PCI config file descriptor open. This patch fixes
	qemuReattachPciDevice to either free the PCI device or add it to the
	inactivePciHostdevs list.

	util: Slightly refactor PCI list functions
	In order to be able to steal PCI device by its index in the list.

	qemu: Don't free PCI device if adding it to activePciHostdevs fails
	The device is still referenced from pcidevs and freeing it would leave
	an invalid pointer there.

	qemu: Fix error code when attaching existing device
	An attempt to attach device that is already attached to a domain results
	in the following error:
	virsh # attach-device rhel6 pci2 --persistent
	error: Failed to attach device from pci2
	error: invalid argument: device is already in the domain configuration
	The "invalid argument" error code looks wrong, we usually use "operation
	invalid" when the action cannot be done in current state.

2012-12-05  Eric Blake  <eblake@redhat.com>

	spec: require dbus-daemon when using libvirtd in Fedora
	https://bugzilla.redhat.com/show_bug.cgi?id=830201
	In older Fedora, the spec file for libivrt depended on avahi, which
	included avahi-daemon, which in turn depended on dbus.  But now that
	avahi libs and avahi-daemon are (correctly) in separate pacakges,
	and since we REALLY don't want a mandatory dependency on avahi-daemon,
	and considering that our init scripts require the messagebus service
	from dbus, we need to explicitly require dbus ourselves.
	* libvirt.spec.in (Requires): Add dbus for libvirt-daemon.

	systemd: require dbus service
	https://bugzilla.redhat.com/show_bug.cgi?id=830201
	The initscript and upstart services depend on dbus starting
	before libvirtd.  When we first wrote the systemd script, we
	tried to do the same, but we depended on dbus.target (which
	does not exist) in comparison to network.target (which does
	exist), so we removed that in commit 4c7973e.  But we still
	need dbus up and running first, especially now that we want
	to support shutdown inhibition via dbus (whereas we originally
	needed dbus only for firewall control).
	http://www.freedesktop.org/software/systemd/man/systemd.target.html
	explains how a target (such as network.target) is just a collection
	of common services bundled together, and why we want network.target
	but dbus.service.
	* daemon/libvirtd.service.in (Unit): Depend on dbus starting
	first.

2012-12-05  Osier Yang  <jyang@redhat.com>

	qemu: Simplify the code
	"disk" is initialized to "dev->data.disk" in the beginning of the
	function.

	storage: Remove the redundant white lines
	Pushed under trivial rule.

2012-12-05  Eric Blake  <eblake@redhat.com>

	qemu: improve error for failed JSON commands
	Only one error in qemu_monitor was already using the relatively
	new OPERATION_UNSUPPORTED error, even though it is a better fit
	for all of the messages related to options that are unsupported
	due to the version of qemu in use rather than due to a user's
	XML or .conf file choice.  Suggested by Osier Yang.
	* src/qemu/qemu_monitor.c (qemuMonitorSendFileHandle)
	(qemuMonitorAddHostNetwork, qemuMonitorRemoveHostNetwork)
	(qemuMonitorAttachDrive, qemuMonitorDiskSnapshot)
	(qemuMonitorDriveMirror, qemuMonitorTransaction)
	(qemuMonitorBlockCommit, qemuMonitorDrivePivot)
	(qemuMonitorBlockJob, qemuMonitorSystemWakeup)
	(qemuMonitorGetVersion, qemuMonitorGetMachines)
	(qemuMonitorGetCPUDefinitions, qemuMonitorGetCommands)
	(qemuMonitorGetEvents, qemuMonitorGetKVMState)
	(qemuMonitorGetObjectTypes, qemuMonitorGetObjectProps)
	(qemuMonitorGetTargetArch): Use better error category.

	qemu: nicer error message if live disk snapshot unsupported
	Without this patch, attempts to create a disk snapshot when qemu
	is too old results in a cryptic message:
	virsh # snapshot-create 23 --disk-only
	error: operation failed: Failed to take snapshot: unknown command: 'snapshot_blkdev'
	Now it reports:
	virsh # snapshot-create 23 --disk-only
	error: unsupported configuration: live disk snapshot not supported with this QEMU binary
	All versions of qemu that support live disk snapshot also support
	QMP (basically upstream qemu 1.1 and later, and backports to RHEL 6.2).
	* src/qemu/qemu_capabilities.h (QEMU_CAPS_DISK_SNAPSHOT): New
	capability.
	* src/qemu/qemu_capabilities.c (qemuCaps): Track it.
	(qemuCapsProbeQMPCommands): Set it.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive): Use
	it.
	* src/qemu/qemu_monitor.c (qemuMonitorDiskSnapshot): Simplify.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskSnapshot):
	Likewise.
	* src/qemu/qemu_monitor_text.h (qemuMonitorTextDiskSnapshot):
	Delete.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextDiskSnapshot):
	Likewise.

	rpc: fix build failure with older dbus
	RHEL 6.3 uses dbus-devel-1.2.24, which lacked support for the
	DBUS_TYPE_UNIX_FD define (contrast with Fedora 18 using 1.6.8).
	But since it is an older dbus, it also lacks support for shutdown
	inhibitions as provided by newer systemd.
	Compilation failure introduced in commit 31330926.
	* src/rpc/virnetserver.c (virNetServerAddShutdownInhibition):
	Compile out if dbus is too old.

2012-12-05  Jim Fehlig  <jfehlig@suse.com>

	Fix memory leak introduced by commit 501bfad1
	501bfad1 missed freeing priv->saveDir when opening the Xen unified
	driver failed.

2012-12-05  Bamvor Jian Zhang  <bjzhang@suse.com>

	implement managedsave in libvirt xen legacy driver
	Implement the domainManagedSave, domainHasManagedSaveImage, and
	domainManagedSaveRemove functions in the libvirt legacy xen driver.
	domainHasManagedSaveImage check the managedsave image from filesystem
	everytime. This is different from qemu and libxl driver. In qemu or
	libxl driver, there is a hasManagesSave flag in virDomainObjPtr which
	is not used in xen legacy driver. This flag could not add into xen
	driver ptr either, because the driver ptr will be released at the end of
	every libvirt api call. Meanwhile, AFAIK, xen store all the flags in
	xen not in libvirt xen driver. There is no need to add this flag in xen.

2012-12-04  Osier Yang  <jyang@redhat.com>

	Fix the indention
	Introduced by commit 1465876a, pushed under build-breaker &&
	trivial rule.

	Do not export symbol virStateActive anymore
	Commit 79b8a56995 removes virStateActive, however it forgot to
	remove the symbol together. Pushed under build-breaker rule.

2012-12-04  Daniel P. Berrange  <berrange@redhat.com>

	Bind connection close callback APIs to python binding
	Add code in the python binding to cope with the new APIs
	virConnectRegisterCloseCallback and
	virConnectUnregisterCloseCallback. Also demonstrate their
	use in the python domain events demo

2012-12-04  Alexander Larsson  <alexl@redhat.com>

	Shut down session libvirtd cleanly on host shutdown/user logout
	When the session dies or when the system is going to be shut down
	we issue a virStateStop() call to instruct drivers to prepare to
	be stopped. This will remove any previously acquire inhibitions.

2012-12-04  Daniel P. Berrange  <berrange@redhat.com>

	Inhibit desktop shutdown while any virtual machines are running
	Use the freedesktop inhibition DBus service to prevent host
	shutdown or session logout while any VMs are running.

	Replace polling for active VMs with signalling by drivers
	Currently to deal with auto-shutdown libvirtd must periodically
	poll all stateful drivers. Thus sucks because it requires
	acquiring both the driver lock and locks on every single virtual
	machine. Instead pass in a "inhibit" callback to virStateInitialize
	which drivers can invoke whenever they want to inhibit shutdown
	due to existance of active VMs.

	Only let VM drivers block libvirtd timed shutdown
	The only important state that should prevent libvirtd shutdown
	is from running VMs. Networks, host devices, network filters
	and storage pools are all long lived resources that have no
	significant in-memory state. They should not block shutdown.

	Make QEMU perform managed save of all VMs on stop of libvirtd
	When the virStateStop() method is invoked, perform a managed
	save of all VMs currently running

2012-12-04  Eric Blake  <eblake@redhat.com>

	build: fix incremental autogen.sh when no AUTHORS is present
	Commit 71d1256 tried to fix a problem where rebasing an old
	branch on top of newer libvirt.git resulted in automake failing
	because of a missing AUTHORS file.  However, while the fix
	worked for an incremental 'make', it did not work for someone
	that directly reran './autogen.sh'.  Reported by Laine Stump.
	* autogen.sh (autoreconf): Check for same conditions as cfg.mk.
	* cfg.mk (_update_required): Add comments.

2012-12-04  Ata E Husain Bohra  <ata.husain@hotmail.com>

	Add iSCSI backend storage driver for ESX
	The patch adds the backend driver to support iSCSI format storage pools
	and volumes for ESX host. The mapping of ESX iSCSI specifics to Libvirt
	is as follows:
	1. ESX static iSCSI target <------> Libvirt Storage Pools
	2. ESX iSCSI LUNs          <------> Libvirt Storage Volumes.
	The above understanding is based on http://libvirt.org/storage.html.
	The operation supported on iSCSI pools includes:
	1. List storage pools & volumes.
	2. Get XML descriptor operaion on pools & volumes.
	3. Lookup operation on pools & volumes by name, UUID and path (if applicable).
	iSCSI pools does not support operations such as: Create / remove pools
	and volumes.

2012-12-04  Laine Stump  <laine@laine.org>

	qemu: support live update of an interface's filter
	Since we can't (currently) rely on the ability to provide blanket
	support for all possible network changes by calling the toplevel
	netdev hostside disconnect/connect functions (due to qemu only
	supporting a lockstep between initialization of host side and guest
	side of devices), in order to support live change of an interface's
	nwfilter we need to make a special purpose function to only call the
	nwfilter teardown and setup functions if the filter for an interface
	(or its parameters) changes. The pattern is nearly identical to that
	used to change the bridge that an interface is connected to.
	This patch was inspired by a request from Guido Winkelmann
	<guido@sagersystems.de>, who tested an earlier version.

2012-12-04  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: utility function virNWFilterVarValueEqual
	To detect if an interface's nwfilter has changed, we need to also
	compare the filterparams, which is a hashtable of virNWFilterVarValue.
	virHashEqual can do this nicely, but requires a pointer to a function
	that will compare two of the items being stored in the hashes.

2012-12-04  Laine Stump  <laine@laine.org>

	conf: fix virDomainNetGetActualDirect*() and BridgeName()
	This resolves:
	   https://bugzilla.redhat.com/show_bug.cgi?id=881480
	These three functions:
	  virDomainNetGetActualBridgeName
	  virDomainNetGetActualDirectDev
	  virDomainNetGetActualDirectMode
	return attributes that are in a union whose contents are interpreted
	differently depending on the actual->type and so they should only
	return non-0 when actual->type is 'bridge' (in the first case) or
	'direct' (in the other two cases, but I had neglected to do that, so
	...DirectDev() was returning bridge.brname (which happens to share the
	same spot in the union with direct.linkdev) if actual->type was
	'bridge', and ...BridgeName was returning direct.linkdev when
	actual->type was 'direct'.
	How does this involve Bug 881480 (which was about the inability to
	switch between two networks that both have "<forward mode='bridge'/>
	<bridge name='xxx'/>"? Whenever the return value of
	virDomainNetGetActualDirectDev() for the new and old network
	definitions doesn't match, qemuDomainChangeNet() requires a "complete
	reconnect" of the device, which qemu currently doesn't
	support. ...DirectDev() *should* have been returning NULL for old and
	new, but was instead returning the old and new bridge names, which
	differ.
	(The other two functions weren't causing any behavioral problems in
	virDomainChangeNet(), but their problem and fix was identical, so I
	included them in this same patch).

2012-12-03  Peter Krempa  <pkrempa@redhat.com>

	virsh: Report errors if arguments of the schedinfo command are incorrect
	Libvirt's helper API's when called directly don't raise the error so
	that virsh remembers it. Subsequent calls to libvirt API's might reset
	the error.
	In case of schedinfo virDomainFree() in the cleanup section resets the
	error when virTypedParameterAssignFromStr() fails.
	This patch adds function vshSaveLibvirtError() that can be called after
	calling libvirt helper APIs to ensure the error is remembered.

	maint: Misc whitespace cleanups

2012-12-03  Ján Tomko  <jtomko@redhat.com>

	conf: prevent crash with no uuid in cephx auth secret
	Fix the null pointer access when UUID is not specified.
	Introduce a bool 'uuidUsable' to virStoragePoolAuthCephx that indicates
	if uuid was specified or not and use it instead of the pointless
	comparison of the static UUID array to NULL.
	Add an error message if both uuid and usage are specified.
	Fixes:
	Error: FORWARD_NULL (CWE-476):
	libvirt-0.10.2/src/conf/storage_conf.c:461: var_deref_model: Passing
	    null pointer "uuid" to function "virUUIDParse(char const *, unsigned
	    char *)", which dereferences it. (The dereference is assumed on the
	    basis of the 'nonnull' parameter attribute.)
	Error: NO_EFFECT (CWE-398):
	    libvirt-0.10.2/src/conf/storage_conf.c:979: array_null: Comparing an
	    array to null is not useful: "src->auth.cephx.secret.uuid != NULL".

2012-12-03  Osier Yang  <jyang@redhat.com>

	Fix the coding style
	Fix the "if ... else" coding style, and indentions problem.

	Fix indentions

2012-12-01  Eric Blake  <eblake@redhat.com>

	virsh: don't crash if shutdown --mode not provided
	virStringSplit requires a non-NULL input, but commit cef78ed forgot
	to follow the rule.
	* tools/virsh-domain.c (cmdReboot, cmdShutdown): Avoid NULL deref.

	logging: more API needing to log flags
	Commit a21f5112 fixed one API, but missed two others that also
	failed to log their 'flags' argument.
	* src/libvirt.c (virNodeSuspendForDuration, virDomainGetHostname):
	Log flags parameter.

2012-12-01  Daniel P. Berrange  <berrange@redhat.com>

	s/flags=%u/flags=%x/ in earlier commit

	Allow duration=0 for virsh nodesuspend
	The virNodeSuspend API allows for a duration of 0, to mean no
	timed wakup. virsh needlessly forbids this though

	Allow comma separated list of shutdown/reboot modes with virsh
	The shutdown and reboot commands in virsh allow a comma
	separated list of mode values

	Introduce APIs for splitting/joining strings
	This introduces a few new APIs for dealing with strings.
	One to split a char * into a char **, another to join a
	char ** into a char *, and finally one to free a char **
	There is a simple test suite to validate the edge cases
	too. No more need to use the horrible strtok_r() API,
	or hand-written code for splitting strings.

	Add support for shutdown / reboot APIs in LXC driver
	Add support for doing controlled shutdown / reboot in the LXC
	driver. The default behaviour is to try talking to /dev/initctl
	inside the container's virtual root (/proc/$INITPID/root). This
	works with sysvinit or systemd. If that file does not exist
	then send SIGTERM (for shutdown) or SIGHUP (for reboot). These
	signals are not any kind of particular standard for shutdown
	or reboot, just something apps can choose to handle. The new
	virDomainSendProcessSignal allows for sending custom signals.
	We might allow the choice of SIGTERM/HUP to be configured for
	LXC containers via the XML in the future.

	Introduce two new methods for triggering controlled shutdown/reboot
	The virDomainShutdownFlags and virDomainReboot APIs allow the caller
	to request the operation is implemented via either acpi button press
	or a guest agent. For containers, a couple of other methods make
	sense, a message to /dev/initctl, and direct kill(SIGTERM|HUP) of
	the container init process.

	Move reboot/shutdown flags combination check into QEMU driver
	The fact that only the guest agent, or ACPI flag can be used
	when requesting reboot/shutdown is merely a limitation of the
	QEMU driver impl at this time. Thus it should not be in
	libvirt.c code

	Add APIs for talking to init via /dev/initctl
	To be able todo controlled shutdown/reboot of containers an
	API to talk to init via /dev/initctl is required. Fortunately
	this is quite straightforward to implement, and is supported
	by both sysvinit and systemd. Upstart support for /dev/initctl
	is unclear.

	Ensure virDomainShutdownFlags logs flags parameter

	Quote client identity in SASL whitelist log message
	When seeing a message
	 virNetSASLContextCheckIdentity:146 : SASL client admin not allowed in whitelist
	it isn't immediately obvious that 'admin' is the identity
	being checked. Quote the string to make it more obvious

2012-12-01  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Fix up the default machine type for QMP probing
	The default machine type must be stored in the first element of
	the caps->machineTypes array. This was done for help output
	parsing but not for QMP probing.
	Added a helper function qemuSetDefaultMachine to apply the same
	fix up for both probing methods.
	Further, it was necessary to set caps->nmachineTypes after QMP
	probing.

2012-12-01  Guido Günther  <agx@sigxcpu.org>

	Fix uninitialized variables
	detecet by
		http://honk.sigxcpu.org:8001/job/libvirt-build/348/console

2012-12-01  Eric Blake  <eblake@redhat.com>

	qemu: don't attempt undefined QMP commands
	https://bugzilla.redhat.com/show_bug.cgi?id=872292
	Libvirt should not attempt to call a QMP command that has not been
	documented in qemu.git - if future qemu introduces a command by the
	same name but with subtly different semantics, then libvirt will be
	broken when trying to use that command.
	We also had some code that could never be reached - some of our
	commands have an alternate for new vs. old qemu HMP commands; but
	if we are new enough to support QMP, we only need a fallback to
	the new HMP counterpart, and don't need to try for a QMP counterpart
	for the old HMP version.
	See also this attempt to convert the three snapshot commands to QMP:
	https://lists.gnu.org/archive/html/qemu-devel/2012-07/msg01597.html
	although it looks like that will still not happen before qemu 1.3.
	That thread eventually decided that qemu would use the name
	'save-vm' rather than 'savevm', which mitigates the fact that
	libvirt's attempt to use a QMP 'savevm' would be broken, but we
	might not be as lucky on the other commands.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONSetCPU)
	(qemuMonitorJSONAddDrive, qemuMonitorJSONDriveDel)
	(qemuMonitorJSONCreateSnapshot, qemuMonitorJSONLoadSnapshot)
	(qemuMonitorJSONDeleteSnapshot): Use only HMP fallback for now.
	(qemuMonitorJSONAddHostNetwork, qemuMonitorJSONRemoveHostNetwork)
	(qemuMonitorJSONAttachDrive, qemuMonitorJSONGetGuestDriveAddress):
	Delete; QMP implies QEMU_CAPS_DEVICE, which prefers AddNetdev,
	RemoveNetdev, and AddDrive anyways (qemu_hotplug.c has all callers).
	* src/qemu/qemu_monitor.c (qemuMonitorAddHostNetwork)
	(qemuMonitorRemoveHostNetwork, qemuMonitorAttachDrive): Reflect
	deleted commands.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONAddHostNetwork)
	(qemuMonitorJSONRemoveHostNetwork, qemuMonitorJSONAttachDrive):
	Likewise.

2012-11-30  Eric Blake  <eblake@redhat.com>

	storage: fix scsi detach regression with cgroup ACLs
	https://bugzilla.redhat.com/show_bug.cgi?id=876828
	Commit 38c4a9cc introduced a regression in hot unplugging of disks
	from qemu, where cgroup device ACLs were no longer being revoked
	(thankfully not a security hole: cgroup ACLs only prevent open()
	of the disk; so reverting the ACL prevents future abuse but doesn't
	stop abuse from an fd that was already opened before the ACL change).
	Commit 1b2ebf95 overlooked that there were two spots affected.
	* src/qemu/qemu_hotplug.c (qemuDomainDetachDiskDevice):
	Transfer backing chain before deletion.
	* src/qemu/qemu_driver.c (qemuDomainDetachDeviceDiskLive): Fix
	spacing (partly to ensure a different-looking patch).

2012-11-30  Ján Tomko  <jtomko@redhat.com>

	nwfilter: report an error on OOM
	Also removed some unreachable code found by coverity:
	libvirt-0.10.2/src/nwfilter/nwfilter_driver.c:259: unreachable: This
	code cannot be reached: "nwfilterDriverUnlock(driver...".

	virsh: check the return value of virStoragePoolGetAutostart
	On error, virStoragePoolGetAutostart would return -1 leaving autostart
	untouched.
	Removed the misleading debug message as well.
	Error: CHECKED_RETURN (CWE-252):
	libvirt-0.10.2/tools/virsh-pool.c:1386: unchecked_value: No check of the
	    return value of "virStoragePoolGetAutostart(pool, &autostart)".

2012-11-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor error reporting in qemu driver configuration parser
	This patch adds two labels and gets rid of a ton of duplicated code.
	This patch also fixes some error message and switches most of them to
	proper error reporting functions.

	qemu: Refactor config parameter retrieval
	This patch adds macros to help retrieve configuration values from qemu
	driver's configuration. Some configuration options are grouped
	together in the process.

2012-11-30  Laine Stump  <laine@laine.org>

	network: use dnsmasq --bind-dynamic when available
	This bug resolves CVE-2012-3411, which is described in the following
	bugzilla report:
	  https://bugzilla.redhat.com/show_bug.cgi?id=833033
	The following report is specifically for libvirt on Fedora:
	  https://bugzilla.redhat.com/show_bug.cgi?id=874702
	In short, a dnsmasq instance run with the intention of listening for
	DHCP/DNS requests only on a libvirt virtual network (which is
	constructed using a Linux host bridge) would also answer queries sent
	from outside the virtualization host.
	This patch takes advantage of a new dnsmasq option "--bind-dynamic",
	which will cause the listening socket to be setup such that it will
	only receive those requests that actually come in via the bridge
	interface. In order for this behavior to actually occur, not only must
	"--bind-interfaces" be replaced with "--bind-dynamic", but also all
	"--listen-address" options must be replaced with a single
	"--interface" option. Fully:
	   --bind-interfaces --except-interface lo --listen-address x.x.x.x ...
	(with --listen-address possibly repeated) is replaced with:
	   --bind-dynamic --interface virbrX
	Of course libvirt can't use this new option if the host's dnsmasq
	doesn't have it, but we still want libvirt to function (because the
	great majority of libvirt installations, which only have mode='nat'
	networks using RFC1918 private address ranges (e.g. 192.168.122.0/24),
	are immune to this vulnerability from anywhere beyond the local subnet
	of the host), so we use the new dnsmasqCaps API to check if dnsmasq
	supports the new option and, if not, we use the "old" option style
	instead. In order to assure that this permissiveness doesn't lead to a
	vulnerable system, we do check for non-private addresses in this case,
	and refuse to start the network if both a) we are using the old-style
	options, and b) the network has a publicly routable IP
	address. Hopefully this will provide the proper balance of not being
	disruptive to those not practically affected, and making sure that
	those who *are* affected get their dnsmasq upgraded.
	(--bind-dynamic was added to dnsmasq in upstream commit
	54dd393f3938fc0c19088fbd319b95e37d81a2b0, which was included in
	dnsmasq-2.63)

	util: new virSocketAddrIsPrivate function
	This new function returns true if the given address is in the range of
	any "private" or "local" networks as defined in RFC1918 (IPv4) or
	RFC3484/RFC4193 (IPv6), otherwise they return false.
	These ranges are:
	   192.168.0.0/16
	   172.16.0.0/16
	   10.0.0.0/24
	   FC00::/7
	   FEC0::/10

	util: capabilities detection for dnsmasq
	In order to optionally take advantage of new features in dnsmasq when
	the host's version of dnsmasq supports them, but still be able to run
	on hosts that don't support the new features, we need to be able to
	detect the version of dnsmasq running on the host, and possibly
	determine from the help output what options are in this dnsmasq.
	This patch implements a greatly simplified version of the capabilities
	code we already have for qemu. A dnsmasqCaps device can be created and
	populated either from running a program on disk, reading a file with
	the concatenated output of "dnsmasq --version; dnsmasq --help", or
	examining a buffer in memory that contains the concatenated output of
	those two commands. Simple functions to retrieve capabilities flags,
	the version number, and the path of the binary are also included.
	bridge_driver.c creates a single dnsmasqCaps object at driver startup,
	and disposes of it at driver shutdown. Any time it must be used, the
	dnsmasqCapsRefresh method is called - it checks the mtime of the
	binary, and re-runs the checks if the binary has changed.
	networkxml2argvtest.c creates 2 "artificial" dnsmasqCaps objects at
	startup - one "restricted" (doesn't support --bind-dynamic) and one
	"full" (does support --bind-dynamic). Some of the test cases use one
	and some the other, to make sure both code pathes are tested.

2012-11-30  Ján Tomko  <jtomko@redhat.com>

	conf: fix uninitialized variable in virDomainListSnapshots
	If allocation of names fails, list is uninitialized.

	rpc: don't destroy xdr before creating it in virNetMessageEncodeHeader
	On OOM, xdr_destroy got called even though it wasn't created yet.
	Found by coverity:
	Error: UNINIT (CWE-457):
	    libvirt-0.10.2/src/rpc/virnetmessage.c:214: var_decl: Declaring
	    variable "xdr" without initializer.
	    libvirt-0.10.2/src/rpc/virnetmessage.c:219: cond_true: Condition
	    "virReallocN(&msg->buffer, 1UL /* sizeof (*msg->buffer) */,
	    msg->bufferLength) < 0", taking true branch
	    libvirt-0.10.2/src/rpc/virnetmessage.c:221: goto: Jumping to label
	    "cleanup"
	    libvirt-0.10.2/src/rpc/virnetmessage.c:257: label: Reached label
	    "cleanup"
	    libvirt-0.10.2/src/rpc/virnetmessage.c:258: uninit_use: Using
	    uninitialized value "xdr.x_ops".

	virsh: do timing even for unusable connections
	Time values were uninitialized if the connection wasn't usable.

	virsh: use correct sizeof when allocating cpumap
	Found by coverity:
	Error: SIZEOF_MISMATCH (CWE-569):
	    libvirt-0.10.2/tools/virsh-domain.c:4754: suspicious_sizeof: Passing
	    argument "8UL /* sizeof (cpumap) */" to function
	    "_vshCalloc(vshControl *, size_t, size_t, char const *, int)" and
	    then casting the return value to "unsigned char *" is suspicious.
	Error: SIZEOF_MISMATCH (CWE-569):
	    libvirt-0.10.2/tools/virsh-domain.c:4942: suspicious_sizeof: Passing
	    argument "8UL /* sizeof (cpumap) */" to function
	    "_vshCalloc(vshControl *, size_t, size_t, char const *, int)" and
	    then casting the return value to "unsigned char *" is suspicious.

	util: fix virBitmap allocation in virProcessInfoGetAffinity
	Found by coverity:
	Error: REVERSE_INULL (CWE-476):
	    libvirt-0.10.2/src/util/processinfo.c:141: deref_ptr: Directly
	    dereferencing pointer "map".
	    libvirt-0.10.2/src/util/processinfo.c:142: check_after_deref:
	    Null-checking "map" suggests that it may be null, but it has already
	    been dereferenced on all paths leading to the check.

	conf: fix NULL check in virNetDevBandwidthParse
	Found by coverity:
	Error: REVERSE_INULL (CWE-476):
	    libvirt-0.10.2/src/conf/netdev_bandwidth_conf.c:99: deref_ptr:
	    Directly dereferencing pointer "node".
	    libvirt-0.10.2/src/conf/netdev_bandwidth_conf.c:107:
	    check_after_deref: Null-checking "node" suggests that it may be
	    null, but it has already been dereferenced on all paths leading to
	    the check.

2012-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Turn some dual-state int parameters into booleans
	The virStateInitialize method and several cgroups methods were
	using an 'int privileged' parameter or similar for dual-state
	values. These are better represented with the bool type.

	Introduce a 'stop' method to virDriverState
	To allow actions to be performed in libvirtd when the host
	shuts down, or user session exits, introduce a 'stop'
	method to virDriverState. This will do things like saving
	the VM state to a file.

2012-11-29  Daniel P. Berrange  <berrange@redhat.com>

	Implement virDomainSendProcessSignal for LXC driver
	Implement the new API for sending signals to processes in a guest
	for the LXC driver. Only support sending signals to the init
	process for now, because
	 - The kernel does not appear to expose the mapping between
	   container PID numbers and host PID numbers anywhere in the
	   host OS namespace
	 - There is no race-free way to validate whether a host PID
	   corresponds to a process in a container.
	* src/lxc/lxc_driver.c: Allow sending processes signals

	Add a 'send-process-signal' command to virsh
	* tools/virsh.c: Add send-process-signal
	* tools/virsh.pod: Document new command

	Specify remote protocol for virDomainSendProcessSignal
	* src/remote/remote_protocol.x: message definition
	* src/remote/remote_driver.c: Register driver function
	* src/remote_protocol-structs: Test case

	Add virDomainSendProcessSignal API
	Add an API for sending signals to arbitrary processes in the
	guest OS. This is primarily useful for container based virt,
	but can be used for machine virt too, if there is a suitable
	guest agent,
	* include/libvirt/libvirt.h.in: Add virDomainSendProcessSignal
	  and virDomainProcessSignal enum
	* src/driver.h: Driver entry point
	* src/libvirt.c, src/libvirt_public.syms: Impl for new API

2012-11-29  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Remove full stop from error messages

2012-11-29  Guido Günther  <agx@sigxcpu.org>

	Don't fail hard when we can't connect to the monitor
	As of 1a50ba2cb07d8bb2aa724062889deb9efd7ad9e9 we fail to connect to the
	monitor instead of getting an exit status != 0 from qemu itself.  This
	breaks capabilities probing for the non QMP case.

2012-11-29  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.c: Fix wording and grammar in virDomainFSTrim
	The documentation to this API has some defects from
	grammar and wording POV. These were raised after I've
	pushed the patches, so they are in a separate commit.

2012-11-29  Osier Yang  <jyang@redhat.com>

	node_memory: Fix bug of node_memory_tune
	The 3 options accept 0, and merely checking for non-zero values
	would cause wrong results.

	node_memory: Do not fail if there is parameter unsupported
	It makes no sense to fail the whole getting command if there is
	a parameter unsupported by the kernel. This patch fixes it by
	omitting the unsupported parameter for getMemoryParameters.
	And for setMemoryParameters, this checks if there is an unsupported
	parameter up front of the setting, and just returns failure if not
	all parameters are supported.

2012-11-29  Daniel P. Berrange  <berrange@redhat.com>

	Rename misc QEMU structs/enums to use normal naming style
	Replace the following names
	 * struct qemu_snap_remove  with virQEMUSnapRemovePtr
	 * struct qemu_snap_reparent with virQEMUSnapReparentPtr
	 * struct qemu_save_header with virQEMUSaveHeaderPtr
	 * enum qemu_save_formats with virQEMUSaveFormat

	Replace 'struct qemud_driver *' with virQEMUDriverPtr
	Remove the obsolete 'qemud' naming prefix and underscore
	based type name. Introduce virQEMUDriverPtr as the replacement,
	in common with LXC driver naming style

2012-11-29  Laine Stump  <laine@laine.org>

	network: fix crash when portgroup has no name
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=879473
	The name attribute is required for portgroup elements (yes, the RNG
	specifies that), and there is code in libvirt that assumes it is
	non-null.  Unfortunately, the portgroup parsing function wasn't
	checking for lack of portgroup. One adverse result of this was that
	attempts to update a network by adding a portgroup with no name would
	cause libvirtd to segfault. For example:
	   virsh net-update default add portgroup "<portgroup default='yes'/>"
	This patch causes virNetworkPortGroupParseXML to fail if no name is
	specified, thus avoiding any later problems.

2012-11-29  Michal Privoznik  <mprivozn@redhat.com>

	maint: Fix use of invalid reboot flags
	Throughout the code, we've always used VIR_DOMAIN_SHUTDOWN* flags
	even for virDomainReboot() API and its implementation. Fortunately,
	the appropriate macros has the same value. But if we want to keep
	things consistent, we should be using the correct macros. This
	patch doesn't break anything, luckily.

2012-11-29  Hu Tao  <hutao@cn.fujitsu.com>

	build: more fix to avoid C99 for loop
	see commit 7e5aa78d0f7f4cbf1c8
	* src/interface/interface_backend_udev.c: Declare variable sooner.

2012-11-29  Eric Blake  <eblake@redhat.com>

	nwfilter: drop dead code
	Commit cb022152 went overboard and introduced a dead conditional
	while trying to get rid of a potential NULL dereference.
	* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqNew):
	Remove redundant conditional.

2012-11-29  Ján Tomko  <jtomko@redhat.com>

	util: check for NULL parameter in virFileWrapperFdCatchError
	This reverts 8927c0e qemu: fix a crash when save file can't be opened
	and allows virFileWrapperFdCatchError to be called with NULL instead.

	conf: snapshot: check return value of virDomainSnapshotObjListNum
	If it's negative, this might result in a request to allocate lots of
	memory.

	conf: check the return value of virXPathNodeSet
	In a few places, the return value could get passed to VIR_ALLOC_N without
	being checked, resulting in a request to allocate a lot of memory if the
	return value was negative.

	virsh: fix error messages in iface-bridge
	The error messages did not correspond to the attributes they printed.

	libssh2_session: support DSS keys as well
	Missing break in the switch.

	cgroup: fix impossible overrun in virCgroupAddTaskController
	The size of the controllers array is VIR_CGROUP_CONTROLLER_LAST, however
	we only call it with values less than VIR_CGROUP_CONTROLLER_LAST.

	nwfilter: fix NULL pointer check in virNWFilterSnoopReqNew
	This can't lead to a crash since virNWFilterSnoopReqNew is only called
	with a static array as the argument, but if we check for NULL we should
	do it right.

2012-11-28  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix error messages when dispatching guest agent commands
	Error messages produced while dispatching guest agent commands didn't
	have an apparent reference to the fact that they are dealing with guest
	agent commands. This patch fixes up some of the messages to contain that
	reference.

	qemu: Drop word "either" from comments for agent monitor functions

2012-11-28  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Rewrite cmdDomDisplay
	Just a little rewrite of the cmdDomDisplay function to make it
	consistent and hopefully more readable.  This also fixes a problem
	with password not being displayed for vnc even with the
	"--include-password" option.

2012-11-28  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Expose new virDomainFSTrim API
	It's exposed under domfstrim command. Although the API
	doesn't support specifying mount point yet, expose it
	anyway.

	qemu: Implement virDomainFSTrim
	using qemu guest agent. As said in previous patch,
	@mountPoint must be NULL and @flags zero because
	qemu guest agent doesn't support these arguments
	yet. If qemu learns them, we can start supporting
	them as well.

	remote: Implement virDomainFSTrim
	A new rule to fixup_name() in gendispatch.pl needs to be added,
	otherwise we are left with remoteDomainFstrim which is not wanted.

	Introduce virDomainFSTrim() public API
	This will call FITRIM within guest. The API has 4 arguments,
	however, only 2 will be used for now (@dom and @minumum).
	The rest two are there if in future qemu guest agent learns them.

2012-11-28  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Add QEMU version computation to QMP probing
	With QMP capability probing, the version was not set.
	virsh version returns:
	...
	Cannot extract running QEMU hypervisor version
	This is fixed by computing caps->version from QMP major,
	minor, micro values.

	qemu: Fix QMP Capabability Probing Failure
	QMP Capability probing will fail if QEMU cannot bind to the
	QMP monitor socket in the qemu_driver->libDir directory.
	That's because the child process is stripped of all
	capabilities and this directory is chown'ed to the configured
	QEMU user/group (normally qemu:qemu) by the QEMU driver.
	To prevent this from happening, the driver startup will now pass
	the QEMU uid and gid down to the capability probing code.
	All capability probing invocations of QEMU will be run with
	the configured QEMU uid instead of libvirtd's.
	Furter, the pid file handling is moved to libvirt, as QEMU
	cannot write to the qemu_driver->runDir (root:root). This also
	means that the libvirt daemonizing must be used.

	qemu: Wait for monitor socket even without pid
	If qemuMonitorOpenUnix is called without a related pid, i.e. for
	QMP probing, a connect failure can happen as the result of a race.
	Without a pid there is no retry and thus we give up too early.
	This changes the code to retry if no pid is supplied.

2012-11-28  Gao feng  <gaofeng@cn.fujitsu.com>

	mount fuse's meminfo file to container's /proc/meminfo
	we already have virtualize meminfo for container through fuse filesystem,
	add function lxcContainerMountProcFuse to mount this meminfo file to
	the container's /proc/meminfo.
	So we can isolate container's /proc/meminfo from host now.

	make /proc/meminfo isolate with host through fuse
	with this patch,container's meminfo will be shown based on
	containers' mem cgroup.
	Right now,it's impossible to virtualize all values in meminfo,
	I collect some values such as MemTotal,MemFree,Cached,Active,
	Inactive,Active(anon),Inactive(anon),Active(file),Inactive(anon),
	Active(file),Inactive(file),Unevictable,SwapTotal,SwapFree.
	if I miss something, please let me know.

	add interface virCgroupGetAppRoot
	because libvirt_lxc's cgroup mountpoint is what it shown
	in /proc/self/cgroup.
	we can get container's cgroup through virCgroupNew("/", &group),
	add interface virCgroupGetAppRoot to help container to
	get it's cgroup.

	add interface virCgroupGetMemSwapUsage
	virCgroupGetMemSwapUsage is used to get container's swap usage,
	with this interface,we can get swap usage in fuse filesystem.

	add fuse support for libvirt lxc
	this patch addes fuse support for libvirt lxc.
	we can use fuse filesystem to generate sysinfo dynamically,
	So we can isolate /proc/meminfo,cpuinfo and so on through
	fuse filesystem.
	we mount fuse filesystem for every container.
	the mount name is libvirt,mount point is
	localstatedir/run/libvirt/lxc/containername.

	Add a configure option for fuse support in LXC driver
	Add a configure option --with-fuse to prepare introduction
	of fuse support for libvirt lxc.

2012-11-28  Guannan Ren  <gren@redhat.com>

	bitmap: fix typo to use UL type of integer constant in virBitmapIsAllSet
	This bug leads to getting incorrect vcpupin information via
	qemudDomainGetVcpuPinInfo() API when the number of maximum
	cpu on a host falls into a range such as 31 < ncpus < 64.
	gcc warning:
	left shift count >= width of type
	The following bug is such the case
	https://bugzilla.redhat.com/show_bug.cgi?id=876415

2012-11-28  Ján Tomko  <jtomko@redhat.com>

	qemu: fix a crash when save file can't be opened
	In qemuDomainSaveMemory, wrapperFd might be NULL and should be checked before
	calling virFileWrapperFdCatchError. Same in doCoreDump.
	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=880919

2012-11-28  Daniel P. Berrange  <berrange@redhat.com>

	Alphabetically sort libvirt_daemon.syms
	Sort the symbols listed in libvirt_daemon.syms

	Change bridge driver to use named initializers with virDriverState

2012-11-28  Alexander Larsson  <alexl@redhat.com>

	virdbus: Add virDBusGetSessionBus helper
	This splits out some common code from virDBusGetSystemBus and
	uses it to implement a new virDBusGetSessionBus helper.

2012-11-28  Daniel P. Berrange  <berrange@redhat.com>

	s/qemud/qemu/ in QEMU driver sources
	Change some legacy function names to use 'qemu' as their
	prefix instead of 'qemud' which was a hang over from when
	the QEMU driver ran inside a separate daemon

	Fix leak of virNetworkPtr in LXC startup failure path
	When starting an LXC guest with a virNetwork based NIC device,
	if the network was not active, the virNetworkPtr device would
	be leaked

	Fix error reporting in virNetDevVethDelete
	In virNetDevVethDelete the virRun method will properly report
	errors, but when checking the exit status for non-zero exit
	code no error is reported

	Ensure transient def is removed if LXC start fails
	When starting a container, newDef is initialized to a
	copy of 'def', but when startup fails newDef is never
	removed. This cause later attempts to use 'virDomainDefine'
	to lose the new data being defined.

	Ensure failure to create macvtap device aborts LXC start
	A mistaken initialization of 'ret' caused failure to create
	macvtap devices to be ignored. The libvirt_lxc process
	would later fail to start due to missing devices
	Also make sure code checks '< 0' and not '!= 0' since only
	-1 is considered an error condition

	Avoid crash when LXC start fails with no interface target
	If the <interface> device did not contain any <target>
	element, LXC would crash on a NULL pointer if starting
	the container failed

	Specify name of target interface with macvlan error
	When failing to create a macvlan interface, make sure the
	error message contains the name of the host interface

	Treat missing driver cgroup as fatal in LXC driver
	The LXC driver relies on use of cgroups to kill off LXC processes
	in shutdown. If cgroups aren't available, we're unable to kill
	off processes, so we must treat lack of cgroups as a fatal startup
	error.

	Ensure LXC container exits if cgroups setup fails
	The code setting up LXC cgroups used an 'rc' variable both
	for capturing the return value of methods it calls, and
	its own return status. The result was that several failures
	in setting up cgroups would actually result in success being
	returned.
	Use a separate 'ret' for tracking return value as per normal
	code design in other parts of libvirt

	Store initpid in the domain status XML for LXC
	The initpid will be required long term to enable LXC to
	implement various hotplug operations. Thus it needs to be
	persisted in the domain status XML. LXC has not used the
	domain status XML before, so this introduces use of the
	helpers.

	Remove bogus newline at end of debug log message

	Pass virSecurityManagerPtr object further down into LXC setup code
	Currently the lxcContainerSetupMounts method uses the
	virSecurityManagerPtr instance to obtain the mount options
	string and then only passes the string down into methods
	it calls. As functionality in LXC grows though, those
	methods need to have direct access to the virSecurityManagerPtr
	instance. So push the code down a level.

	Fix error handling in virSecurityManagerGetMountOptions
	The impls of virSecurityManagerGetMountOptions had no way to
	return errors, since the code was treating 'NULL' as a success
	value. This is somewhat pointless, since the calling code did
	not want NULL in the first place and has to translate it into
	the empty string "". So change the code so that the impls can
	return "" directly, allowing use of NULL for error reporting
	once again

2012-11-27  Eric Blake  <eblake@redhat.com>

	storage: fix device detach regression with cgroup ACLs
	https://bugzilla.redhat.com/show_bug.cgi?id=876828
	Commit 38c4a9cc introduced a regression in hot unplugging of disks
	from qemu, where cgroup device ACLs were no longer being revoked
	(thankfully not a security hole: cgroup ACLs only prevent open()
	of the disk; so reverting the ACL prevents future abuse but doesn't
	stop abuse from an fd that was already opened before the ACL change).
	The actual regression is due to a latent bug.  The hot unplug code
	was computing the set of files needing cgroup ACL revocation based
	on the XML passed in by the user, rather than based on the domain's
	details on which disk was being deleted.  As long as the revoke
	path was always recomputing the backing chain, this didn't really
	matter; but now that we want to compute the chain exactly once and
	remember that computation, we need to hang on to the backing chain
	until after the revoke has happened.
	* src/qemu/qemu_hotplug.c (qemuDomainDetachPciDiskDevice):
	Transfer backing chain before deletion.

2012-11-27  Harsh Prateek Bora  <harsh@linux.vnet.ibm.com>

	tests: Add tests for gluster protocol based network disks support

	qemu: Add support for gluster protocol based network storage backend.
	Qemu accepts gluster protocol as supported storage backend beside others.

	Add Gluster protocol as supported network disk backend
	This patch introduces the RNG schema and updates necessary data strucutures
	to allow various hypervisors to make use of Gluster protocol as one of the
	supported network disk backend. Next patch will add support to make use of
	this feature in Qemu since it now supports Gluster protocol as one of the
	network based storage backend.
	Two new optional attributes for <host> element are introduced - 'transport'
	and 'socket'. Valid transport values are tcp, unix or rdma. If none specified,
	tcp is assumed. If transport is unix, socket specifies path to unix socket.
	This patch allows users to specify disks on gluster backends like this:
	    <disk type='network' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source protocol='gluster' name='Volume1/image'>
	        <host name='example.org' port='6000' transport='tcp'/>
	      </source>
	      <target dev='vda' bus='virtio'/>
	    </disk>
	    <disk type='network' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source protocol='gluster' name='Volume2/image'>
	        <host transport='unix' socket='/path/to/sock'/>
	      </source>
	      <target dev='vdb' bus='virtio'/>
	    </disk>

2012-11-27  Eric Blake  <eblake@redhat.com>

	build: avoid C99 for loop
	Although we require various C99 features, we don't yet require a
	complete C99 compiler.  On RHEL 5, compilation complained:
	qemu/qemu_command.c: In function 'qemuBuildGraphicsCommandLine':
	qemu/qemu_command.c:4688: error: 'for' loop initial declaration used outside C99 mode
	* src/qemu/qemu_command.c (qemuBuildGraphicsCommandLine): Declare
	variable sooner.
	* src/qemu/qemu_process.c (qemuProcessInitPasswords): Likewise.

2012-11-27  Ata E Husain Bohra  <ata.husain@hotmail.com>

	Refactor ESX storage driver to implement facade pattern
	The patch refactors the current ESX storage driver due to following reasons:
	1. Given most of the public APIs exposed by the storage driver in Libvirt
	remains same, ESX storage driver should not implement logic specific
	for only one supported format (current implementation only supports VMFS).
	2. Decoupling interface from specific storage implementation gives us an
	extensible design to hook implementation for other supported storage
	formats.
	This patch refactors the current driver to implement it as a facade pattern i.e.
	the driver exposes all the public libvirt APIs, but uses backend drivers to get
	the required task done. The backend drivers provide implementation specific to
	the type of storage device.
	File changes:
	------------------
	esx_storage_driver.c ----> esx_storage_driver.c (base storage driver)
	                     |
	                     |---> esx_storage_backend_vmfs.c (VMFS backend)

2012-11-26  Peter Krempa  <pkrempa@redhat.com>

	lxc: Don't crash if no security driver is specified in libvirt_lxc
	When no security driver is specified libvirt_lxc segfaults as a debug
	message tries to access security labels for the container that are not
	present.
	This problem was introduced in commit 6c3cf57d6cb27cf10064baf8cca0f39.

	lxc: Avoid segfault of libvirt_lxc helper on early cleanup paths
	Early jumps to the cleanup label caused a crash of the libvirt_lxc
	container helper as the cleanup section called
	virLXCControllerDeleteInterfaces(ctrl) without checking the ctrl argument
	for NULL. The argument was de-referenced soon after.
	$ /usr/libexec/libvirt_lxc
	/usr/libexec/libvirt_lxc: missing --name argument for configuration
	Segmentation fault

2012-11-26  Ata E Husain Bohra  <ata.husain@hotmail.com>

	Add private data pointer to virStoragePool and virStorageVol
	This will simplify the refactoring of the ESX storage driver to support
	a VMFS and an iSCSI backend.
	One of the tasks the storage driver needs to do is to decide which backend
	driver needs to be invoked for a given request. This approach extends
	virStoragePool and virStorageVol to store extra parameters:
	1. privateData: stores pointer to respective backend storage driver.
	2. privateDataFreeFunc: stores cleanup function pointer.
	virGetStoragePool and virGetStorageVol are modfied to accept these extra
	parameters as user params. virStoragePoolDispose and virStorageVolDispose
	checks for cleanup operation if available.
	The private data pointer allows the ESX storage driver to store a pointer
	to the used backend with each storage pool and volume. This avoids the need
	to detect the correct backend in each storage driver function call.

2012-11-26  Peter Krempa  <pkrempa@redhat.com>

	cpu: Add Intel Haswell cpu model
	The new model supports following features in addition to those supported
	by SandyBridge:
	fma, pcid, movbe, fsgsbase, bmi1, hle, avx2, smep, bmi2, erms, invpcid,
	rtm

2012-11-26  Ján Tomko  <jtomko@redhat.com>

	storage: fix logical volume cloning
	Commit 258e06c removed setting of the volume type to
	VIR_STORAGE_VOL_BLOCK, which leads to failures in
	storageVolumeCreateXMLFrom.
	The type (and target.format) of the volume was set to zero. In
	virStorageBackendGetBuildVolFromFunction, this gets interpreted as
	VIR_STORAGE_FILE_NONE and the qemu-img tool is called with unknown
	"none" format.
	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=879780

	build: fix build --without-network
	bridge_driver.h: silence gcc warnings:
	statement with no effect [-Wunused-value]
	unused variable 'net' [-Wunused-variable]
	virdrivermoduletest.c: don't require network driver module
	if it hasn't been built.

2012-11-26  Osier Yang  <jyang@redhat.com>

	util: Use virReportSystemError for system error in pci.c

2012-11-25  Osier Yang  <jyang@redhat.com>

	util: Fix the indention

2012-11-23  Peter Krempa  <pkrempa@redhat.com>

	virsh: Report error when taking a snapshot with empty --memspec argument
	When the value of memspec was empty taking of a snapshot failed without
	reporting an error.

2012-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix exiting of libvirt_lxc program on container quit
	The virLXCControllerClientCloseHook method was mistakenly
	assuming that the private data associated with the network
	client was the virLXCControllerPtr. In fact it was just a
	dummy int, so we were derefencing a bogus struct. The
	frequent result of this was that we would never quit, because
	we tried to arm a non-existant timer.
	Fix the code by removing the dummy private data and just
	using the virLXCControllerPtr instance as private data

	Skip deleted timers when calculting next timeout
	It is possible for there to be deleted timers when we
	calculate the next timeout, and they must be skipped.

	Warn if requesting update to non-existent timer/handle watch
	The event code is a no-op if requested to update a non-existent
	timer/handle watch. This makes it hard to detect bugs in the
	caller who have passed bogus data. Add a VIR_WARN output in
	such cases, since the API does not allow for return errors.

	Fix virDiskNameToIndex to actually ignore partition numbers
	The docs for virDiskNameToIndex claim it ignores partition
	numbers. In actual fact though, a code ordering bug means
	that a partition number will cause the code to accidentally
	multiply the result by 26.

2012-11-23  Michal Privoznik  <mprivozn@redhat.com>

	qemuhelpdata: Revert my 'fix'
	I was convicted that space at EOL should no be there
	even for qemu help data. Hence, I've removed one in
	commit bb2f6216119d50. However, it turns out we want
	it exactly the way qemu produces it. So I should undo
	my premature fix. A patch against qemu has been posted
	as well.

2012-11-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: Stop recursive detection of image chains when an image is missing
	Commit e0c469e58b93f852a72265919703cb6abd3779f8 that fixes the detection
	of image chain wasn't complete. Iteration through the backing image
	chain has to stop at the last existing image if some of the images are
	missing otherwise the backing chain that is cached contains entries with
	paths being set to NULL resulting to:
	error: Unable to allow access for disk path (null): Bad address
	Fortunately stat() is kind enough not to crash when it's presented with
	a NULL argument. At least on Linux.

2012-11-22  Martin Kletzander  <mkletzan@redhat.com>

	conf: Report sensible error for invalid disk name
	The error "... but the cause is unknown" appeared for XMLs similar to
	this:
	 <disk type='file' device='cdrom'>
	   <driver name='qemu' type='raw'/>
	   <source file='/dev/zero'/>
	   <target dev='sr0'/>
	 </disk>
	Notice unsupported disk type (for the driver), but also no address
	specified. The first part is not a problem and we should not abort
	immediately because of that, but the combination with the address
	unknown was causing an unspecified error.
	While fixing this, I added an error to one place where this return
	value was not managed properly.

2012-11-22  Natanael Copa  <ncopa@alpinelinux.org>

	build: trivial fix error: implicit declaration of function 'malloc'
	Fixes this error when building with -Werror on Alpine Linux:
	util/processinfo.c: In function 'virProcessInfoSetAffinity':
	util/processinfo.c:52:5: error: implicit declaration of function 'malloc' [-Werror=implicit-function-declaration]

2012-11-22  Daniel P. Berrange  <berrange@redhat.com>

	Log an audit message with the LXC init pid
	Currently the LXC driver logs audit messages when a container
	is started or stopped. These audit messages, however, contain
	the PID of the libvirt_lxc supervisor process. To enable
	sysadmins to correlate with audit messages generated by
	processes /inside/ the container, we need to include the
	container init process PID.
	We can't do this in the main 'start' audit message, since
	the init PID is not available at that point. Instead we output
	a completely new audit record, that lists both PIDs.
	type=VIRT_CONTROL msg=audit(1353433750.071:363): pid=20180 uid=0 auid=501 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='virt=lxc op=init vm="busy" uuid=dda7b947-0846-1759-2873-0f375df7d7eb vm-pid=20371 init-pid=20372 exe="/home/berrange/src/virt/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/6 res=success'

	Use virNetServerRun instead of custom main loop
	The LXC controller code currently directly invokes the
	libvirt main loop code. The problem is that this misses
	the cleanup of virNetServerClient connections that
	virNetServerRun takes care of.
	The result is that when libvirtd is stopped, the
	libvirt_lxc controller process gets stuck in a I/O loop.
	When libvirtd is then started again, it fails to connect
	to the controller and thus kills off the entire domain.

2012-11-22  Osier Yang  <jyang@redhat.com>

	storage: Improve virStorageBackendFileSystemStop
	It's actually not used for DIR pool. So removing the checking.

	storage: Fix bug of fs pool destroying
	Regression introduced by commit 258e06c85b7, "ret" could be set to 1
	or 0 by virStorageBackendFileSystemIsMounted before goto cleanup.
	This could mislead the callers (up to the public API
	virStoragePoolDestroy) to return success even the underlying umount
	command fails.

2012-11-22  Scott Sullivan  <ssullivan@liquidweb.com>

	qemu: fix RBD attach regression
	I have been testing libvirt v1.0.0 for deployment within my
	organization, and in the process discovered what appears to be a bug
	that breaks virsh attach-device, when attaching an RBD volume to an
	instance. First, here is the error presented, with v1.0.0 (this worked
	in v0.10.2):
	[root@host ~]# virsh attach-device W5APQ8  G84VV1.xml
	error: Failed to attach device from G84VV1.xml
	error: cannot open file 'dc3-1-test/G84VV1': No such file or directory
	Using git bisect, I narrowed the problem down to this as the first
	commit to break this setup:
	4d34c92947e8cf9e9bedfa227ada1d2dba92d68a is the first bad commit

2012-11-22  Ján Tomko  <jtomko@redhat.com>

	tests: update qemuhelptest data
	Both generated with
	qemu-system-x86_64 --help > qemu-1.2.0
	qemu-system-x86_64 \
	-device ? \
	-device pci-assign,? \
	-device virtio-blk-pci,? \
	-device virtio-net-pci,? \
	-device scsi-disk,? \
	-device PIIX4_PM,? \
	-device usb-redir,? \
	-device ide-drive,? \
	-device usb-host,? 2> qemu-1.2.0-device
	It seems I missed a few -device flags when doing this last time and I
	mixed up qemu and qemu-kvm.

	tests: add boot order for host and redirected USB to qemu argv test

	docs: Fix a few spaces

	docs: boot order for host and redirected USB devices

	conf: add support for booting from redirected USB devices
	Commit a4c19459aa8634c43b51e8138fb1d7eec4c17824 only added the
	QEMU capability flag, command line option and added the boot element
	for redirdev's in the XML schema.
	This patch adds support for parsing and writing the XML with redirdevs
	with the boot flag. It also ignores unknown XML elements in redirdev
	instead of failing with:
	"error: An error occurred, but the cause is unknown"
	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=805414

2012-11-21  Hu Tao  <hutao@cn.fujitsu.com>

	run bootstrap if .gnulib is not present
	If .gnulib is deleted unexpectedly, autogen.sh will fail with message:
	fatal: ambiguous argument '.gnulib': unknown revision or path not in the working tree.
	Use '--' to separate paths from revisions, like this:
	'git <command> [<revision>...] -- [<file>...]'
	which is actually given by git diff .gnulib, which doesn't exist.
	In the case to run bootstrap to create .gnulib.

2012-11-21  Alon Levy  <alevy@redhat.com>

	qemu/qemu_command.c: fix indent of label

	qemu: graphics support for simultaneous one of each sdl, vnc, spice

	qemu: refactor graphics code to not hardcode a single display
	The check for a single display remains so no new functionality is added.

2012-11-20  Eric Blake  <eblake@redhat.com>

	snapshot: make cloning of domain definition easier
	Upcoming patches for revert-and-clone branching of snapshots need
	to be able to copy a domain definition; make this step reusable.
	* src/conf/domain_conf.h (virDomainDefCopy): New prototype.
	* src/conf/domain_conf.c (virDomainObjCopyPersistentDef): Split...
	(virDomainDefCopy): ...into new function.
	(virDomainObjSetDefTransient): Use it.
	* src/libvirt_private.syms (domain_conf.h): Export it.
	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Use it.

	snapshot: expose location through virsh snapshot-info
	Now that we can filter on this information, we should also make
	it easy to get at.
	* tools/virsh-snapshot.c (cmdSnapshotInfo): Add another output
	row, and switch to XPath queries rather than strstr.

	snapshot: implement new filter sets
	Relatively straight-forward.  And since qemu was already using
	VIR_DOMAIN_SNAPSHOT_FILTERS_ALL, with 6 different APIs all calling
	into this common code, I've instantly added all 5 flags to 6 APIs.
	* src/conf/snapshot_conf.h (VIR_DOMAIN_SNAPSHOT_FILTERS_ALL):
	Enable new filters.
	* src/conf/snapshot_conf.c (virDomainSnapshotObjListGetNames):
	Prep the new flags.
	(virDomainSnapshotObjListCopyNames): Actually do the filtering.

	snapshot: add virsh back-compat support for new filters
	Snapshot filtering based on types is useful enough to add
	back-compat support into virsh.  It is also rather easy - all
	versions of libvirt that don't understand the new filter flags
	already gave us sufficient information in a single XML field
	to reconstruct all the information we need (that is, it isn't
	until libvirt 1.0.1 that we have more interesting types of
	snapshots, such as offline external).
	* tools/virsh-snapshot.c (vshSnapshotFilter): New function.
	(vshSnapshotListCollect): Add fallback support.

2012-11-19  Eric Blake  <eblake@redhat.com>

	snapshot: add two more filter sets to API
	As we enable more modes of snapshot creation, it becomes more important
	to be able to quickly filter based on snapshot properties.  This patch
	introduces new filter flags; subsequent patches will introduce virsh
	back-compat filtering, as well as actual libvirt filtering.
	* include/libvirt/libvirt.h.in (virDomainSnapshotListFlags): Add
	five new flags in two new groups.
	* src/libvirt.c (virDomainSnapshotNum, virDomainSnapshotListNames)
	(virDomainListAllSnapshots, virDomainSnapshotNumChildren)
	(virDomainSnapshotListChildrenNames)
	(virDomainSnapshotListAllChildren): Document them.
	* src/conf/snapshot_conf.h (VIR_DOMAIN_SNAPSHOT_FILTERS_STATUS)
	(VIR_DOMAIN_SNAPSHOT_FILTERS_LOCATION): Add new convenience filter
	collection macros.
	* tools/virsh-snapshot.c (cmdSnapshotList): Add 5 new flags.
	* tools/virsh.pod (snapshot-list): Document them.

2012-11-17  Laine Stump  <laine@laine.org>

	qemu: allow larger discrepency between memory & currentMemory in domain xml
	This resolves:
	  https://bugzilla.redhat.com/show_bug.cgi?id=873134
	The reported problem is that an attempt to restore a saved domain that
	was configured with <currentMemory> and <memory> set to some (same for
	both) number that's not a multiple of 4096KiB results in an error like
	this:
	  error: Failed to start domain libvirt_test_api
	  error: XML error: current memory '4001792k' exceeds maximum '4000768k'
	(in this case, currentMemory was set to 4000000KiB).
	The reason for this failure is:
	1) a saved image contains the "live xml" of the domain at the time of
	the save.
	2) the live xml of a running domain gets its currentMemory
	(a.k.a. cur_balloon) directly from the qemu monitor rather than from
	the configuration of the domain.
	3) the value reported by qemu is (sometimes) not exactly what was
	originally given to qemu when the domain was started, but is rounded
	up to [some indeterminate granularity] - in some versions of qemu that
	granularity is apparently 1MiB, and in others it is 4MiB.
	4) When the XML is parsed to setup the state of the restored domain,
	the XML parser for <currentMemory> compares it to <memory> (which is
	the maximum allowed memory size for the domain) and if <currentMemory>
	is greater than the next 1024KiB boundary above <memory>, it spits out
	an error and fails.
	For example (from the BZ) if you start qemu on RHEL6 with both
	<currentMemory> and <memory> of 4000000 (this number is in KiB),
	libvirt's dominfo or dumpxml will report "4001792" back (rounded up to
	next 4MiB) for 10-20 seconds after the start, then revert to reporting
	"4000000". On Fedora 16 (which uses qemu-1.0), it will instead report
	"4000768" (rounded up to next 1MiB). On Fedora 17 (qemu-1.2), it seems
	to always report "4000000". ("4000000" is of course okay, and
	"4000768" is also okay since that's the next 1024KiB boundary above
	"4000000" and the parser was already allowing for that. But "4001792
	is *not* okay and produces the error message.)
	This patch solves the problem by changing the allowed "fudge factor"
	when parsing from 1024KiB to 4096KiB to match the maximum up-rounding
	that could be done in qemu.
	(I had earlier thought to fix this by up-rounding <memory> in the
	dumpxml that's put into the saved image, but that wouldn't have fixed
	the case where the save image was produced by an "unfixed"
	libvirtd.)

2012-11-17  Dan Horák  <dan@danny.cz>

	add ppc64 and s390x to arches where qemu-kvm exists
	QEMU in Fedora >= 18 is configured with ppc64 and s390x as architectures
	where KVM is enabled.
	https://bugzilla.redhat.com/show_bug.cgi?id=872545

2012-11-17  Eric Blake  <eblake@redhat.com>

	nodeinfo: port nodecpumap to RHEL5
	Prior to this patch, 'virsh nodecpumap' on older kernels reported:
	error: Unable to get cpu map
	error: out of memory
	* src/nodeinfo.c (linuxParseCPUmax): Don't overwrite error.
	(nodeGetCPUBitmap): Provide backup implementation.

	nodeinfo: support kernels that lack socket information
	On RHEL 5, I was getting a segfault trying to start libvirtd,
	because we were failing virNodeParseSocket but not checking
	for errors, and then calling CPU_SET(-1, &sock_map) as a result.
	But if you don't have a topology/physical_package_id file,
	then you can just assume that the cpu belongs to socket 0.
	* src/nodeinfo.c (virNodeGetCpuValue): Change bool into
	default_value.
	(virNodeParseSocket): Allow for default value when file is missing,
	different from fatal error on reading file.
	(virNodeParseNode): Update call sites to fail on error.

2012-11-16  Eric Blake  <eblake@redhat.com>

	Revert "virsh: add aliases 'boot', 'stop', and 'restart'"
	This reverts commits 5f63a5cb42642f945696c51bbce7fdc160325510
	and ff86b0c97b0525a2cd26048a0dbf16e600aaeb7b.  After much list
	discussion, consensus was that libvirt aliases should be reserved
	to correct typos, otherwise it risks confusion.  Rather, we
	should implement a way for users to provide their own aliases
	as part of their virsh configuration preferences.

	snapshot: require user to supply external memory file name
	For disk snapshots, the user could request an external snapshot
	but not supply a filename; later on, we would check this condition
	and generate a suitable name if possible, or gracefully error out
	when not possible (such as when the original file was a block
	device).  But unless we come up with a suitable way to generate
	external memory file names, we have no later code point that was
	checking for NULL, so we should forbid this up front.
	* src/conf/snapshot_conf.c (virDomainSnapshotDefParseString):
	Avoid NULL deref, since we don't generate names yet.

2012-11-16  liguang  <lig.fnst@cn.fujitsu.com>

	qemu: Beautify code indent in migration codes

2012-11-16  Michal Privoznik  <mprivozn@redhat.com>

	sanlock: Retry after EINPROGRESS
	It may take some time for sanlock to add a lockspace. And if user
	restart libvirtd service meanwhile, the fresh daemon can fail adding
	the same lockspace with EINPROGRESS. Recent sanlock has
	sanlock_inq_lockspace() function which should block until lockspace
	changes state. If we are building against older sanlock we should
	retry a few times before claiming an error. This issue can be easily
	reproduced:
	for i in {1..1000} ; do echo $i; service libvirtd restart; sleep 2; done
	20
	Stopping libvirtd daemon:                                  [FAILED]
	Starting libvirtd daemon:                                  [  OK  ]
	21
	Stopping libvirtd daemon:                                  [  OK  ]
	Starting libvirtd daemon:                                  [  OK  ]
	22
	Stopping libvirtd daemon:                                  [  OK  ]
	Starting libvirtd daemon:                                  [  OK  ]
	 error : virLockManagerSanlockSetupLockspace:334 : Unable to add
	 lockspace /var/lib/libvirt/sanlock/__LIBVIRT__DISKS__: Operation now in
	 progress

2012-11-16  Ján Tomko  <jtomko@redhat.com>

	virsh: save: report an error if XML file can't be read
	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=876868

2012-11-16  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	virsh: Use virNodeGetCPUMap if possible
	Modified the places where virNodeGetInfo was used for the purpose
	of obtaining the maximum node CPU number. Transparently falling
	back to virNodeGetInfo in case of failure.
	Wrote utility function vshNodeGetCPUCount to compute node CPU
	number.

	python: Use virNodeGetCPUMap where possible
	Modified the places where virNodeGetInfo was used for the purpose
	of obtaining the maximum node CPU number. Transparently falling
	back to virNodeGetInfo in case of failure.
	Wrote a utility function getPyNodeCPUCount for that purpose.

2012-11-15  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu, lxc: Change host CPU number detection logic.
	The drivers for QEMU and LXC use virNodeGetInfo only to determine
	the number of host CPUs. On Linux hosts nodeGetCPUCount has less
	overhead.

2012-11-15  Ján Tomko  <jtomko@redhat.com>

	virsh: fix uninitialized variable in cmdSnapshotEdit
	If the domain can't be looked up, name is used unitialized after the
	cleanup label.
	Found by coverity.

2012-11-15  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	nodeinfo: enable nodeGetCPUCount for older kernels
	Since /sys/devices/system/cpu/present is not available on
	older kernels like on RHEL 5.x nodeGetCPUCount will
	fail there. The fallback implemented is to scan for
	/sys/devices/system/cpu/cpuNN entries.

2012-11-15  Miloslav Trmač  <mitr@redhat.com>

	Use helper functions to format the journal iov array
	This simplifies the top-level code, at the cost of using a little more
	stack space.  The primary benefit is being able to send more fields
	without knowing in advance how many of them, and of which types, these
	fields will be, and without having to individually add buffer variables.
	The code imposes an upper limit on the total number of iovs/buffers
	used, and fields that wouldn't fit are silently dropped.  This is not
	significant in this patch, but will affect the following one.

	Add metadata to virLogOutputFunc
	... and update all users.  No change in functionality, the parameter
	will be used in the next patch.

	Add a metadata parameter to virLog{, V}Message
	... and update all users.  No change in functionality, the parameter
	will be used later.
	The metadata representation is as minimal as possible, but requires
	the caller to allocate an array on stack explicitly.
	The alternative of using varargs in the virLogMessage() callers:
	* Would not allow the caller to optionally omit some metadata elements,
	  except by having two calls to virLogMessage.
	* Would not be as type-safe (e.g. using int vs. size_t), and the compiler
	  wouldn't be able to do type checking
	* Depending on parameter order:
	  a) virLogMessage(..., message format, message params...,
	                   metadata..., NULL)
	     can not be portably implemented (parse_printf_format() is a glibc
	     function)
	  b) virLogMessage(..., metadata..., NULL,
	                   message format, message params...)
	     would prevent usage of ATTRIBUTE_FMT_PRINTF and the associated
	     compiler checking.

2012-11-15  Ján Tomko  <jtomko@redhat.com>

	qemu: add bootindex for usb-host and usb-redir devices
	Allow bootindex to be specified for redirected USB devices and host USB
	devices.
	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=805414

2012-11-15  Daniel Veillard  <veillard@redhat.com>

	Doug Goldstein gained commit capability

2012-11-15  Eric Blake  <eblake@redhat.com>

	build: rerun bootstrap if AUTHORS is missing
	Ever since commit 7b21981c started generating AUTHORS, we now have
	the situation that if you flip between two branches in the same
	git repository that cross that commit boundary, then 'make' will
	fail due to automake complaining about AUTHORS not existing.  The
	simplest solution is to realize that if AUTHORS does not exist,
	then we flipped branches so we will need to rerun bootstrap
	anyways; and rerunning bootstrap ensures AUTHORS will exist in time.
	* cfg.mk (_update_required): Also depend on AUTHORS.

2012-11-15  Laine Stump  <laine@laine.org>

	util: fix index when building lock owners array
	The "restart" function for locks allocates a new array according to
	and pre-sets its length, then reads the owner pids from a JSON
	document in a loop. Rather than adding each owner at a different
	index, though, it repeatedly overwrites the last element of the array
	with all the owners.

2012-11-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix uninitialized variable in virLXCControllerSetupDevPTS
	The lack of initialization of 'opts' caused a SEGV in the
	cleanup: path if the root->src directory did not exist

2012-11-14  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't force port=0 for SPICE
	If domain uses only TLS port we don't want to add
	'port=0' explicitly to command line.

2012-11-14  Peter Krempa  <pkrempa@redhat.com>

	snapshot: qemu: Fix detection of external snapshots when deleting
	This patch adds a helper to determine if snapshots are external and uses
	the helper to fix detection of those in snapshot deletion code.
	Snapshots are external if they have an external memory image or if the
	disk locations are external. As mixed snapshots are forbidden for now
	we need to check just one disk to know.

2012-11-13  Peter Krempa  <pkrempa@redhat.com>

	tests: Remove temporary directories in qemumonitorjsontest
	qemumonitorjsontest creates a temporary directory to hold the socket
	that is simulating the monitor socket. The directory containing the
	socket wasn't disposed properly at the end of the test leaving garbage
	in the temporary folder.

	tests: Fix qemumonitorjsontest deadlock when the machine is under load
	When doing the qemumonitorjsontest on a machine under heavy load the
	test tends to deadlock from time to time. This patch adds the hack to
	break the event loop that is used in virsh.

	nodeinfotest: Add test data from a AMD bulldozer machine.
	The AMD Bulldozer architecture uses so called "Clustered integer core
	modules" that count both as threads and cores. This patch expects the
	cpu to be detected using the new fallback condition otherwise twice the
	number of processors would be detected.

	nodeinfotest: Add test data for 2 processor host with broken NUMA
	This test data was gathered on an AMD MagnyCours machine that reports it
	has only one NUMA node although the hardware is consisting of 4. As
	duplicate core id's are ignored the reported topology was bogous. This
	should be fixed by the previous patch.
	Reported and data provided by George-Cristian Bîrzan.

	nodeinfo: Add check and workaround to guarantee valid cpu topologies
	Lately there were a few reports of the output of the virsh nodeinfo
	command being inaccurate. This patch tries to avoid that by checking if
	the topology actually makes sense. If it doesn't we then report a
	synthetic topology that indicates to the user that the host capabilities
	should be checked for the actual topology.

2012-11-12  Michal Privoznik  <mprivozn@redhat.com>

	AbortJob: Fix documentation
	This API was never synchronous and probably doesn't even need to be.

	qemu: Allow migration to be cancelled at prepare phase
	Currently, if user calls virDomainAbortJob we just issue
	'migrate_cancel' and hope for the best. However, if user calls
	the API in wrong phase when migration hasn't been started yet
	(perform phase) the cancel request is just ignored. With this
	patch, the request is remembered and as soon as perform phase
	starts, migration is cancelled.

2012-11-10  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	capabilities: defaultConsoleTargetType can depend on architecture
	For S390, the default console target type cannot be of type 'serial'.
	It is necessary to at least interpret the 'arch' attribute
	value of the os/type element to produce the correct default type.
	Therefore we need to extend the signature of defaultConsoleTargetType
	to account for architecture. As a consequence all the drivers
	supporting this capability function must be updated.
	Despite the amount of changed files, the only change in behavior is
	that for S390 the default console target type will be 'virtio'.
	N.B.: A more future-proof approach could be to to use hypervisor
	specific capabilities to determine the best possible console type.
	For instance one could add an opaque private data pointer to the
	virCaps structure (in case of QEMU to hold capsCache) which could
	then be passed to the defaultConsoleTargetType callback to determine
	the console target type.
	Seems to be however a bit overengineered for the use case...

2012-11-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix domain ID numbering race condition
	When the libvirt daemon is restarted it tries to reconnect to running
	qemu domains. Since commit d38897a5d4b1880e1998394b2a37bba979bbdff1 the
	re-connection code runs in separate threads. In the original
	implementation the maximum of domain ID's (that is used as an
	initializer for numbering guests created next) while libvirt was
	reconnecting to the guest.
	With the threaded implementation this opens a possibility for race
	conditions with the thread that is autostarting guests. When there's a
	guest running with id 1 and the daemon is restarted. The autostart code
	is reached first and spawns the first guest that should be autostarted
	as id 1. This results into the following unwanted situation:
	 # virsh list
	   Id    Name                           State
	  ----------------------------------------------------
	   1     guest1                         running
	   1     guest2                         running
	This patch extracts the detection code before the re-connection threads
	are started so that the maximum id of the guests being reconnected to is
	known.
	The only semantic change created by this is if the guest with greatest ID
	quits before we are able to reconnect it's ID is used anyway as the
	greatest one as without this patch the greatest ID of a process we could
	successfuly reconnect to would be used.

2012-11-09  Philipp Hahn  <hahn@univention.de>

	storage: fix broken backing chain
	82507838 refactored the code to keep both the raw and canonicalized form
	of the backingStore, which breaks badly when the storage pool contains a
	storage volume, which is missing its backing store file:
	 # ./daemon/libvirtd -l
	 2012-11-07 12:43:33.279+0000: 22175: info : libvirt version: 1.0.0
	 2012-11-07 12:43:33.279+0000: 22175: error : absolutePathFromBaseFile:542 : Can't canonicalize path '/var/lib/libvirt/images/base.qcow2': No such file or directory
	 2012-11-07 12:43:33.280+0000: 22175: error : storageDriverAutostart:115 : Failed to autostart storage pool 'default': Can't canonicalize path '/var/lib/libvirt/images/base.qcow2': No such file or directory
	This is because virStorageFileGetMetadataFromBuf() aborts with -1 if the
	filename of the backingStore can not be canonicalized:
	 #0  absolutePathFromBaseFile () at util/storage_file.c:541
	 #1  virStorageFileGetMetadataFromBuf () at util/storage_file.c:728
	 #2  virStorageFileGetMetadataFromFD () at util/storage_file.c:932
	 #3  virStorageBackendProbeTarget () at storage/storage_backend_fs.c:94
	 #4  virStorageBackendFileSystemRefresh () at storage/storage_backend_fs.c:849
	 #5  storagePoolStart () at storage/storage_driver.c:700
	 #6  virStoragePoolCreate () at libvirt.c:12471
	 ...
	Treat files which miss their backing file as standalone files.

2012-11-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix function header formating of 2 functions
	Headers of qemuDomainSnapshotLoad and qemuDomainNetsRestart were
	improperly formatted.

	snapshot: qemu: Add support for external inactive snapshots
	This patch adds support for external disk snapshots of inactive domains.
	The snapshot is created by calling using qemu-img by calling:
	 qemu-img create -f format_of_snapshot -o
	 backing_file=/path/to/src,backing_fmt=format_of_backing_image
	 /path/to/snapshot
	in case the backing image format is known or probing is allowed and
	otherwise:
	 qemu-img create -f format_of_snapshot -o  backing_file=/path/to/src
	 /path/to/snapshot
	on each of the disks selected for snapshotting. This patch also modifies
	the snapshot preparing function to support creating external snapshots
	and to sanitize arguments. For now the user isn't able to mix external
	and internal snapshots but this restriction might be lifted in the
	future.

2012-11-08  Guido Günther  <agx@sigxcpu.org>

	Fix "virsh create" example
	We require a file and don't accept standard input:
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692322

2012-11-08  Eric Blake  <eblake@redhat.com>

	virsh: add snapshot-create-as memspec support
	External checkpoints could be created with snapshot-create, but
	without libvirt supplying a default name for the memory file,
	it is essential to add a new argument to snapshot-create-as to
	allow the user to choose the memory file name.  This adds the
	option --memspec [file=]name[,snapshot=type], where type can
	be none, internal, or external.  For an example,
	virsh snapshot-create-as $dom --memspec /path/to/file
	is the shortest possible command line for creating an external
	checkpoint, named after the current timestamp.
	* tools/virsh-snapshot.c (vshParseSnapshotMemspec): New function.
	(cmdSnapshotCreateAs): Use it.
	* tests/virsh-optparse (test_url): Test it.
	* tools/virsh.pod (snapshot-create-as): Document it.

	virsh: make ,, escape parsing common
	So far, none of the existing callers of vshStringToArray expected
	the user to ever pass a literal comma; meanwhile, snapshot parsing
	had rolled its own array parser.  Moving the comma escaping into
	the common function won't affect any existing callers, and will make
	this function reusable for adding memory handling to snapshot parsing.
	As a bonus, the testsuite was already testing snapshot parsing, so
	the fact that the test still passes means that we are now giving
	testsuite exposure to vshStringToArray.
	* tools/virsh-snapshot.c (vshParseSnapshotDiskspec): Move ,,
	parsing...
	* tools/virsh.c (vshStringToArray): ...into common function.
	Also, vshStrdup can't fail.

2012-11-07  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Emit event if 'cont' fails
	Some operations, APIs needs domain to be paused prior operation can be
	performed, e.g. (managed-) save of a domain. The processors should be
	restored in the end. However, if 'cont' fails for some reason, we log a
	message but this is not sufficient as an event should be emitted as
	well. Mgmt application can then decide what to do.

	Introduce new VIR_DOMAIN_EVENT_SUSPENDED_API_ERROR event
	This is supposed to be thrown every time we need to pause domain
	because of API execution (e.g. qemuDomainSaveInternal) but fails
	to restore it back after. In this case, domain remains paused,
	however, none of existing reasons can fit this scenario.

2012-11-06  Eric Blake  <eblake@redhat.com>

	virsh: document which term is older
	Make it clear that the alternate terms have no difference except
	for length of time they were supported.
	* tools/virsh.pod (start, shutdown, reboot): More documentation.

	virsh: add aliases 'boot', 'stop', and 'restart'
	https://bugzilla.redhat.com/show_bug.cgi?id=873344 suggested that
	the grouping 'boot', 'shutdown', 'reboot'; as well as the grouping
	'start', 'stop', 'restart'; might be easier to remember than the
	current mix of 'start', 'shutdown', 'reboot'.
	Also, touch up the wording of 'reboot' to be more accurate.
	* tools/virsh-domain.c (domManagementCmds): Add other command names.
	* tools/virsh.pod (start, shutdown, reboot): Document the aliases.

2012-11-06  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't corrupt pointer in qemuDomainSaveMemory()
	The code that was split out into the qemuDomainSaveMemory expands the
	pointer containing the XML description of the domain that it gets from
	higher layers. If the pointer changes the old one is invalid and the
	upper layer function tries to free it causing an abort.
	This patch changes the expansion of the original string to a new
	allocation and copy of the contents.

2012-11-06  Martin Kletzander  <mkletzan@redhat.com>

	esx: Yet another connection fix for 5.1
	After the connection to ESX 5.1 being broken since g1e7cd39, the fix
	in bab7752c helped a bit, but still missed a spot, so the connection
	is now successful, but some APIs (for example defineXML) don't work.
	Two cases missing are added in this patch to avoid that.

2012-11-06  Michal Privoznik  <mprivozn@redhat.com>

	tests: Add test for controller order

	qemu: Add controllers in specified order
	qemu is sensitive to the order of arguments passed. Hence, if a
	device requires a controller, the controller cmd string must
	precede device cmd string. The same apply for controllers, when
	for instance ccid controller requires usb controller. So
	controllers create partial ordering in which they should be added
	to qemu cmd line.

	qemu: Wrap controllers code into dummy loop
	which just re-indent code and prepare it for next patch.

2012-11-06  Václav Pavlín  <vpavlin@redhat.com>

	spec: replace scriptlets with new systemd macros
	https://bugzilla.redhat.com/850186
	I added %with_systemd_macros so it should now work in F17 with old
	scriptlets and in F18+/RHEL7+ with systemd macros
	(see https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd)
	I missed libvirt-guests.service because there is no systemctl call for
	it. So I only added systemd macros calls.

2012-11-06  Eric Blake  <eblake@redhat.com>

	spec: don't enable cgconfig under systemd
	In Fedora 16, we quit enabling cgconfig because systemd set up
	default cgroups that were good enough for our use.  But in F17,
	when we switched to systemd, we reverted and started up cgconfig
	again.  See also the tail of this thread:
	https://www.redhat.com/archives/libvir-list/2012-October/msg01657.html
	* libvirt.spec.in (with_systemd): Rely on systemd for cgroups.

2012-11-05  Michal Privoznik  <mprivozn@redhat.com>

	iohelper: Don't report errors on special FDs
	Some FDs may not implement fdatasync() functionality,
	e.g.  pipes. In that case EINVAL or EROFS is returned.
	We don't want to fail then nor report any error.
	Reported-by: Christophe Fergeau <cfergeau@redhat.com>

2012-11-05  liguang  <lig.fnst@cn.fujitsu.com>

	gitignore: ignore more files
	ignore cscope.in.out, cscope.po.out

2012-11-05  Peter Krempa  <pkrempa@redhat.com>

	snapshot: qemu: Remove restrictions preventing external checkpoints
	Some of the pre-snapshot check have restrictions wired in regarding
	configuration options that influence taking of external checkpoints.
	This patch removes restrictions that would inhibit taking of such a
	snapshot.

2012-11-04  Peter Krempa  <pkrempa@redhat.com>

	snapshot: qemu: Add support for external checkpoints
	This patch adds support to take external system checkpoints.
	The functionality is layered on top of the previous disk-only snapshot
	code. When the checkpoint is requested the domain memory is saved to the
	memory image file using migration to file. (The user may specify to
	take the memory image while the guest is live with the
	VIR_DOMAIN_SNAPSHOT_CREATE_LIVE flag.)
	The memory save image shares format with the image created by
	virDomainSave() API.

2012-11-03  Peter Krempa  <pkrempa@redhat.com>

	snapshot: qemu: Rename qemuDomainSnapshotCreateActive
	Before now, libvirt supported only internal snapshots for active guests.
	This patch renames this function to qemuDomainSnapshotCreateActiveInternal
	to prepare the grounds for external active snapshots.

	snapshot: qemu: Add async job type for snapshots
	The new external system checkpoints will require an async job while the
	snapshot is taken. This patch adds QEMU_ASYNC_JOB_SNAPSHOT to track this
	job type.

	snapshot: Add flag to enable creating checkpoints in live state
	The default behavior while creating external checkpoints is to pause the
	guest while the memory state is captured. We want the users to sacrifice
	space saving for creating the memory save image while the guest is live
	to minimize downtime.
	This patch adds a flag that causes the guest not to be paused before
	taking the snapshot.
	 *include/libvirt/libvirt.h.in:
	    - add new paused reason: VIR_DOMAIN_PAUSED_SNAPSHOT
	    - add new flag for taking snapshot: VIR_DOMAIN_SNAPSHOT_CREATE_LIVE
	 *tools/virsh-domain-monitor.c:
	    - add string representation for VIR_DOMAIN_PAUSED_SNAPSHOT
	 *tools/virsh-snapshot.c:
	    - add support for VIR_DOMAIN_SNAPSHOT_CREATE_LIVE
	 *tools/virsh.pod:
	    - add docs for --live option added to use
	    VIR_DOMAIN_SNAPSHOT_CREATE_LIVE flag

	qemu: Split out domain memory saving code to allow reuse
	The code that saves domain memory by migration to file can be reused
	while doing external checkpoints of a machine. This patch extracts the
	common code and places it in a separate function.

	qemu: Clean up snapshot retrieval to use the new helper
	Two other places were left with the old code to look up snapshots.
	Change them to use the snapshot lookup helper.

	cpu: Add AMD Opteron G5 cpu model

	cpu: Add newly added cpu flags
	This patch adds a few new processor feature flags. Namely:
	 f16c rdrand lwp tbm topoext perfctr_core perfctr_nb fsgsbase bmi1 hle
	 avx2 bmi2 erms invpcid rtm rdseed adx tce

	qemu: Fix possible race when pausing guest
	When pausing the guest while migration is running (to speed up
	convergence) the virDomainSuspend API checks if the migration job is
	active before entering the job. This could cause a possible race if the
	virDomainSuspend is called while the job is active but ends before the
	Suspend API enters the job (this would require that the migration is
	aborted). This would cause a incorrect event to be emitted.

2012-11-03  Eric Blake  <eblake@redhat.com>

	snapshot: merge pre-snapshot checks
	Both system checkpoint snapshots and disk snapshots were iterating
	over all disks, doing a final sanity check before doing any work.
	But since future patches will allow offline snapshots to be either
	external or internal, it makes sense to share the pass over all
	disks, and then relax restrictions in that pass as new modes are
	implemented.  Future patches can then handle external disks when
	the domain is offline, then handle offline --disk-snapshot, and
	finally, combine with migration to file to gain a complete external
	system checkpoint snapshot of an active domain without using 'savevm'.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare)
	(qemuDomainSnapshotIsAllowed): Merge...
	(qemuDomainSnapshotPrepare): ...into one function.
	(qemuDomainSnapshotCreateXML): Update caller.

	snapshot: populate new XML info for qemu snapshots
	Now that the XML supports listing internal snapshots, it is worth
	always populating the <memory> and <disks> element to match.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Always
	parse disk info and set memory info.

	snapshot: improve disk align checking
	There were not previous callers with require_match set to true.
	I originally implemented this bool with the intent of supporting
	ESX snapshot semantics, where the choice of internal vs. external
	vs. non-checkpointable must be made at domain start, but as ESX
	has not been wired up to use it yet, we might as well fix it to
	work with our next qemu patch for now, and worry about any further
	improvements (changing the bool to a flags argument) if the ESX
	driver decides to use this function in the future.
	* src/conf/snapshot_conf.c (virDomainSnapshotAlignDisks): Alter
	logic when require_match is true to deal with new XML.

2012-11-02  Eric Blake  <eblake@redhat.com>

	snapshot: new XML for external system checkpoint
	Each <domainsnapshot> can now contain an optional <memory>
	element that describes how the VM state was handled, similar
	to disk snapshots.  The new element will always appear in
	output; for back-compat, an input that lacks the element will
	assume 'no' or 'internal' according to the domain state.
	Along with this change, it is now possible to pass <disks> in
	the XML for an offline snapshot; this also needs to be wired up
	in a future patch, to make it possible to choose internal vs.
	external on a per-disk basis for each disk in an offline domain.
	At that point, using the --disk-only flag for an offline domain
	will be able to work.
	For some examples below, remember that qemu supports the
	following snapshot actions:
	qemu-img: offline external and internal disk
	savevm: online internal VM and disk
	migrate: online external VM
	transaction: online external disk
	=====
	<domainsnapshot>
	  <memory snapshot='no'/>
	  ...
	</domainsnapshot>
	implies that there is no VM state saved (mandatory for
	offline and disk-only snapshots, not possible otherwise);
	using qemu-img for offline domains and transaction for online.
	=====
	<domainsnapshot>
	  <memory snapshot='internal'/>
	  ...
	</domainsnapshot>
	state is saved inside one of the disks (as in qemu's 'savevm'
	system checkpoint implementation).  If needed in the future,
	we can also add an attribute pointing out _which_ disk saved
	the internal state; maybe disk='vda'.
	=====
	<domainsnapshot>
	  <memory snapshot='external' file='/path/to/state'/>
	  ...
	</domainsnapshot>
	This is not wired up yet, but future patches will allow this to
	control a combination of 'virsh save /path/to/state' plus disk
	snapshots from the same point in time.
	=====
	So for 1.0.1 (and later, as needed), I plan to implement this table
	of combinations, with '*' designating new code and '+' designating
	existing code reached through new combinations of xml and/or the
	existing DISK_ONLY flag:
	domain  memory  disk   disk-only | result
	-----------------------------------------
	offline omit    omit   any       | memory=no disk=int, via qemu-img
	offline no      omit   any       |+memory=no disk=int, via qemu-img
	offline omit/no no     any       | invalid combination (nothing to snapshot)
	offline omit/no int    any       |+memory=no disk=int, via qemu-img
	offline omit/no ext    any       |*memory=no disk=ext, via qemu-img
	offline int/ext any    any       | invalid combination (no memory to save)
	online  omit    omit   off       | memory=int disk=int, via savevm
	online  omit    omit   on        | memory=no disk=default, via transaction
	online  omit    no/ext off       | unsupported for now
	online  omit    no     on        | invalid combination (nothing to snapshot)
	online  omit    ext    on        | memory=no disk=ext, via transaction
	online  omit    int    off       |+memory=int disk=int, via savevm
	online  omit    int    on        | unsupported for now
	online  no      omit   any       |+memory=no disk=default, via transaction
	online  no      no     any       | invalid combination (nothing to snapshot)
	online  no      int    any       | unsupported for now
	online  no      ext    any       |+memory=no disk=ext, via transaction
	online  int/ext any    on        | invalid combination (disk-only vs. memory)
	online  int     omit   off       |+memory=int disk=int, via savevm
	online  int     no/ext off       | unsupported for now
	online  int     int    off       |+memory=int disk=int, via savevm
	online  ext     omit   off       |*memory=ext disk=default, via migrate+trans
	online  ext     no     off       |+memory=ext disk=no, via migrate
	online  ext     int    off       | unsupported for now
	online  ext     ext    off       |*memory=ext disk=ext, via migrate+transaction
	* docs/schemas/domainsnapshot.rng (memory): New RNG element.
	* docs/formatsnapshot.html.in: Document it.
	* src/conf/snapshot_conf.h (virDomainSnapshotDef): New fields.
	* src/conf/domain_conf.c (virDomainSnapshotDefFree)
	(virDomainSnapshotDefParseString, virDomainSnapshotDefFormat):
	Manage new fields.
	* tests/domainsnapshotxml2xmltest.c: New test.
	* tests/domainsnapshotxml2xmlin/*.xml: Update existing tests.
	* tests/domainsnapshotxml2xmlout/*.xml: Likewise.

	snapshot: simplify OOM checking during parse
	* src/conf/snapshot_conf.c (virDomainSnapshotDefParseString):
	Simplify OOM reporting.

2012-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Document bracket whitespace rules & add syntax-check rule
	This documents the following whitespace rules
	      if(foo)   // Bad
	      if (foo)  // Good
	      int foo (int wizz)  // Bad
	      int foo(int wizz)   // Good
	      bar = foo (wizz);  // Bad
	      bar = foo(wizz);   // Good
	      typedef int (*foo) (int wizz);  // Bad
	      typedef int (*foo)(int wizz);   // Good
	      int foo( int wizz );  // Bad
	      int foo(int wizz);    // Good
	There is a syntax-check rule extension to validate all these rules.
	Checking for 'function (...args...)' is quite difficult since it
	needs to ignore valid usage with keywords like 'if (...test...)'
	and while/for/switch. It must also ignore source comments and
	quoted strings.
	It is not possible todo this with a simple regex in the normal
	syntax-check style. So a short Perl script is created instead
	to analyse the source. In practice this works well enough. The
	only thing it can't cope with is multi-line quoted strings of
	the form
	 "start of string\
	more lines\
	more line\
	the end"
	but this can and should be written as
	 "start of string"
	 "more lines"
	 "more line"
	 "the end"
	with this simple change, the bracket checking script does not
	have any false positives across libvirt source, provided it
	is only run against .c files. It is not practical to run it
	against .h files, since those use whitespace extensively to
	get alignment (though this is somewhat inconsistent and could
	arguably be fixed).
	The only limitation is that it cannot detect a violation where
	the first arg starts with a '*', eg
	   foo(*wizz);
	since this generates too many false positives on function
	typedefs which can't be supressed efficiently.

	Remove spurious whitespace between function name & open brackets
	The libvirt coding standard is to use 'function(...args...)'
	instead of 'function (...args...)'. A non-trivial number of
	places did not follow this rule and are fixed in this patch.

2012-11-02  Peter Krempa  <pkrempa@redhat.com>

	net: Mark network persistent when assigning persistent definition
	When assigning the new persistent definition for a transient network
	(thus making it persistent) the network needs to be marked persistent
	before actually atempting to assign the definition.

	net: Add support for changing persistent networks to transient
	Until now, the network undefine API was able to undefine only inactive
	networks. The restriction doesn't make sense any more so this patch
	implements changing networks to transient.

	net: Re-use checks when creating transient networks
	When a transient network was created some of the checks weren't run on
	the definition allowing to start invalid networks.
	This patch splits out code to the network validation function and
	re-uses that code when creating transient networks.

	net: Remove dnsmasq and radvd files also when destroying transient nets
	The network driver didn't care about config files when a network was
	destroyed, just when it was undefined leaving behind files for transient
	networks.
	This patch splits out the cleanup code to a helper function that handles
	the cleanup if the inactive network object is being removed and re-uses
	this code when getting rid of inactive networks.

	net: Move creation of dnsmasq hosts file to function starting dnsmasq
	The hosts file was created in the network definition function. This
	patch moves the place the file is being created to the point where
	dnsmasq is being started.

	net: Change argument type of virNetworkObjIsDuplicate()
	The argument check_active is used only as a boolean so this patch
	changes the type and updates callers.

	conf: net: Fix deadlock if assignment of network def fails
	When the assignment fails, the network object is not unlocked and next
	call that would use it deadlocks.

	conf: net: Fix helper for applying new network definition
	When there's no new definition the helper overwrote the old one with
	NULL.

2012-11-02  Jiri Denemark  <jdenemar@redhat.com>

	build: Do not ignore logging.c in sc_prohibit_mkstemp
	Now that the offending code was removed, we may remove this as well.

2012-11-02  Daniel Veillard  <veillard@redhat.com>

	Remove a chunk which should not have been pushed as part of 1.0.0
	I didn't noticed that that small old patch was still applied locally

2012-11-02  Michal Privoznik  <mprivozn@redhat.com>

	logging.c: Properly indent and ignore one syntax-check rule
	With our fix of mkostemp (pushed as 2b435c15) we define a macro
	to compile with uclibc. However, this definition is conditional
	and thus needs to be properly indented. Moreover, with this definition
	sc_prohibit_mkstemp syntax-check rule keeps yelling:
	  src/util/logging.c:63:# define mkostemp(x,y) mkstemp(x)
	  maint.mk: use mkostemp with O_CLOEXEC instead of mkstemp
	Therefore we should ignore this file for this rule.

2012-11-02  Guannan Ren  <gren@redhat.com>

	qemu: use default machine type if missing it in qemu command line
	BZ:https://bugzilla.redhat.com/show_bug.cgi?id=871273
	when using virsh qemu-attach to attach an existing qemu process,
	if it misses the -M option in qemu command line, libvirtd crashed
	because the NULL value of def->os.machine in later use.
	Example:
	/usr/libexec/qemu-kvm -name foo \
	                      -cdrom /var/lib/libvirt/images/boot.img \
	                      -monitor unix:/tmp/demo,server,nowait \
	error: End of file while reading data: Input/output error
	error: Failed to reconnect to the hypervisor
	This patch tries to set default machine type if the value of
	def->os.machine is still NULL after qemu command line parsing.

2012-11-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.0.0
	* configure.ac docs/news.html.in libvirt.spec.in: update for the new release
	* po/*.po*: update from transifex, a lot of added support e.g. Indian
	  languages, and regenerate

2012-11-02  Eric Blake  <eblake@redhat.com>

	cpumap: optimize for clients that don't need online count
	It turns out that calling virNodeGetCPUMap(conn, NULL, NULL, 0)
	is both useful, and with Viktor's patches, common enough to
	optimize.  Since this interface hasn't been released yet, we
	can change the RPC call.
	A bit more background on the optimization - learning the cpu count
	is a single file read (/sys/devices/system/cpu/possible), but
	learning the number of online cpus can possibly trigger a file
	read per cpu, depending on the age of the kernel, and all wasted
	if the caller passed NULL for both arguments.
	* src/nodeinfo.c (nodeGetCPUMap): Avoid bitmap when not needed.
	* src/remote/remote_protocol.x (remote_node_get_cpu_map_args):
	Supply two separate flags for needed arguments.
	* src/remote/remote_driver.c (remoteNodeGetCPUMap): Update
	caller.
	* daemon/remote.c (remoteDispatchNodeGetCPUMap): Likewise.
	* src/remote_protocol-structs: Regenerate.

2012-11-02  Doug Goldstein  <cardoe@cardoe.com>

	qemu: QMP capabilities support starts with 1.2
	Per the code comment in qemuCapsInitQMPBasic() and commit 43e23c7, we
	should only use QMP for capabilities probing starting with 1.2 and
	newer.  The old code had dead logic that probed on 1.0 and newer.

2012-11-02  Dan Walsh  <dwalsh@redhat.com>

	Linux Containers are not allowed to create device nodes.
	This needs to be done before the container starts. Turning
	off the mknod capability is noticed by systemd, which will
	no longer attempt to create device nodes.
	This eliminates SELinux AVC messages and ugly failure messages in the journal.

2012-11-02  Stefan Hajnoczi  <stefanha@redhat.com>

	qemu: Fix name comparison in qemuMonitorJSONBlockIoThrottleInfo()
	The string comparison logic was inverted and matched the first drive
	that does *not* have the name we search for.

	qemu: Keep QEMU host drive prefix in BlkIoTune
	The QEMU -drive id= begins with libvirt's QEMU host drive prefix
	("drive-"), which is stripped off in several places two convert between
	host ("-drive") and guest ("-device") device names.
	In the case of BlkIoTune it is unnecessary to strip the QEMU host drive
	prefix because we operate on "info block"/"query-block" output that uses
	host drive names.
	Stripping the prefix incorrectly caused string comparisons to fail since
	we were comparing the guest device name against the host device name.

2012-11-01  Michal Privoznik  <mprivozn@redhat.com>

	net-update docs: s/domain/network/
	A leftover from copy paste.

	iohelper: fdatasync() at the end
	Currently, when we are doing (managed) save, we insert the
	iohelper between the qemu and OS. The pipe is created, the
	writing end is passed to qemu and the reading end to the
	iohelper. It reads data and write them into given file. However,
	with write() being asynchronous data may still be in OS
	caches and hence in some (corner) cases, all migration data
	may have been read and written (not physically though). So
	qemu will report success, as well as iohelper. However, with
	some non local filesystems, where ENOSPACE is polled every X
	time units, we may get into situation where all operations
	succeeded but data hasn't reached the disk. And in fact will
	never do. Therefore we ought sync caches to make sure data
	has reached the block device on remote host.

2012-11-01  Richard W.M. Jones  <rjones@redhat.com>

	daemon: Make the default PolicyKit policy auth_admin_keep.

2012-11-01  Peter Krempa  <pkrempa@redhat.com>

	conf: Fix private symbols exported by files in conf
	Some of the functions were moved to other files but the private symbol
	file wasn't tweaked to reflect that.

2012-11-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix arch detection for qemu-system-i386 with QMP
	QEMU uses 'i386' for its 32-bit x86 architecture, but libvirt
	wants that to be 'i686', so we must fix it up

	Don't assume pid_t is the same size as an int
	virPidFileReadPathIfAlive passed in an 'int *' where a 'pid_t *'
	was expected, which breaks on Mingw64 targets. Also a few places
	were using '%d' for formatting pid_t, change them to '%lld' and
	force a cast to the longer type as done elsewhere in the same
	file.

2012-11-01  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	build: Fix RPM build for non-x86 platforms
	Make the post install script for the lock-sanlock package optional
	to prevent break on non-x86 platforms.

2012-11-01  Eric Blake  <eblake@redhat.com>

	docs: libvirtd no longer uses abstract namespace
	Commit 905be03d2 quit using the abstract namespace, but didn't
	update the --help text to match.
	* daemon/libvirtd.c (daemonUsage): Correct socket listing.

	build: prefer mkostemp for multi-thread safety
	https://bugzilla.redhat.com/show_bug.cgi?id=871756
	Commit cd1e8d1 assumed that systems new enough to have journald
	also have mkostemp; but this is not true for uclibc.
	For that matter, use of mkstemp[s] is unsafe in a multi-threaded
	program.  We should prefer mkostemp[s] in the first place.
	* bootstrap.conf (gnulib_modules): Add mkostemp, mkostemps; drop
	mkstemp and mkstemps.
	* cfg.mk (sc_prohibit_mkstemp): New syntax check.
	* tools/virsh.c (vshEditWriteToTempFile): Adjust caller.
	* src/qemu/qemu_driver.c (qemuDomainScreenshot)
	(qemudDomainMemoryPeek): Likewise.
	* src/secret/secret_driver.c (replaceFile): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Likewise.

2012-10-31  Michal Privoznik  <mprivozn@redhat.com>

	gitignore: Ignore 'tags'

2012-10-31  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Fix EmulatorPinInfo without emulatorpin
	https://bugzilla.redhat.com/show_bug.cgi?id=871312
	Recent fixes made almost all the right steps to make emulator pinned
	to the cpuset of the whole domain in case <emulatorpin> isn't
	specified, but qemudDomainGetEmulatorPinInfo still reports all the
	CPUs even when cpuset is specified.  This patch fixes that.

2012-10-31  Peter Krempa  <pkrempa@redhat.com>

	util: Improve error reporting from absolutePathFromBaseFile helper
	There are multiple reasons canonicalize_file_name() used in
	absolutePathFromBaseFile helper can fail. This patch enhances error
	reporting from that helper.

2012-10-31  Martin Kletzander  <mkletzan@redhat.com>

	Make non-KVM machines work with QMP probing
	When there is no 'qemu-kvm' binary and the emulator used for a machine
	is, for example, 'qemu-system-x86_64' that, by default, runs without
	kvm enabled, libvirt still supplies '-no-kvm' option to this process,
	even though it does not recognize such option (making the start of a
	domain fail in that case).
	This patch fixes building a command-line for QEMU machines without KVM
	acceleration and is based on following assumptions:
	 - QEMU_CAPS_KVM flag means that QEMU is running KVM accelerated
	   machines by default (without explicitly requesting that using a
	   command-line option).  It is the closest to the truth according to
	   the code with the only exception being the comment next to the
	   flag, so it's fixed in this patch as well.
	 - QEMU_CAPS_ENABLE_KVM flag means that QEMU is, by default, running
	   without KVM acceleration and in case we need KVM acceleration it
	   needs to be explicitly instructed to do so.  This is partially
	   true for the past (this option essentially means that QEMU
	   recognizes the '-enable-kvm' option, even though it's almost the
	   same).

2012-10-31  Gene Czarcinski  <gene@czarc.net>

	bugfix: ip6tables rule removal
	Three FORWARD chain rules are added and two INPUT chain rules
	are added when a network is started but only the FORWARD chain
	rules are removed when the network is destroyed.

2012-10-31  Eric Blake  <eblake@redhat.com>

	maint: log xml during volume creation
	I noticed this while answering a list question about Java bindings
	of volume creation.  All other functions that take xml logged xmlDesc.
	* src/libvirt.c (virStorageVolCreateXML)
	(virStorageVolCreateXMLFrom): Use consistent spelling of xmlDesc,
	and log the argument.

2012-10-31  Guido Günther  <agx@sigxcpu.org>

	Create temporary dir for socket
	to avoid ENAMETOOLONG:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=amd64&ver=1.0.0~rc1-1&stamp=1351453521

2012-10-31  Laine Stump  <laine@laine.org>

	util: do a better job of matching up pids with their binaries
	This patch resolves: https://bugzilla.redhat.com/show_bug.cgi?id=871201
	If libvirt is restarted after updating the dnsmasq or radvd packages,
	a subsequent "virsh net-destroy" will fail to kill the dnsmasq/radvd
	process.
	The problem is that when libvirtd restarts, it re-reads the dnsmasq
	and radvd pidfiles, then does a sanity check on each pid it finds,
	including checking that the symbolic link in /proc/$pid/exe actually
	points to the same file as the path used by libvirt to execute the
	binary in the first place. If this fails, libvirt assumes that the
	process is no longer alive.
	But if the original binary has been replaced, the link in /proc is set
	to "$binarypath (deleted)" (it literally has the string " (deleted)"
	appended to the link text stored in the filesystem), so even if a new
	binary exists in the same location, attempts to resolve the link will
	fail.
	In the end, not only is the old dnsmasq/radvd not terminated when the
	network is stopped, but a new dnsmasq can't be started when the
	network is later restarted (because the original process is still
	listening on the ports that the new process wants).
	The solution is, when the initial "use stat to check for identical
	inodes" check for identity between /proc/$pid/exe and $binpath fails,
	to check /proc/$pid/exe for a link ending with " (deleted)" and if so,
	truncate that part of the link and compare what's left with the
	original binarypath.
	A twist to this problem is that on systems with "merged" /sbin and
	/usr/sbin (i.e. /sbin is really just a symlink to /usr/sbin; Fedora
	17+ is an example of this), libvirt may have started the process using
	one path, but /proc/$pid/exe lists a different path (indeed, on F17
	this is the case - libvirtd uses /sbin/dnsmasq, but /proc/$pid/exe
	shows "/usr/sbin/dnsmasq"). The further bit of code to resolve this is
	to call virFileResolveAllLinks() on both the original binarypath and
	on the truncated link we read from /proc/$pid/exe, and compare the
	results.
	The resulting code still succeeds in all the same cases it did before,
	but also succeeds if the binary was deleted or replaced after it was
	started.

2012-10-30  Peter Krempa  <pkrempa@redhat.com>

	cpu: Fix definition of flag smap
	A mild case of dyslexia caused that commit
	012f9b19ef3812884e207dc431571502de4cebce specifies wrong mask for the
	smap cpu feature flag. This patch fixes that mistake.

	nodeinfotest: Delete NUL bytes from test data
	The test data contained extra \0 bytes after newlines probably due to a
	kernel off-by-one bug.

2012-10-30  Michal Privoznik  <mprivozn@redhat.com>

	sanlock: Introduce 'user' and 'group' conf variables
	through which user set under what permissions does sanlock
	daemon run so libvirt will set the same permissions for
	files exposed to it.

2012-10-30  Vladislav Bogdanov  <bubble@hoster-ok.com>

	qemu: pass -usb and usb hubs earlier, so USB disks with static address are handled properly

	qemu: Do not ignore address for USB disks

2012-10-30  Martin Kletzander  <mkletzan@redhat.com>

	esx: Fix connection to ESX 5.1
	After separating 5.x and 5.1 versions of ESX, we forgot to add 5.1
	into the list of allowed connections, so connections to 5.1 fail since
	v1.0.0-rc1-5-g1e7cd39

2012-10-30  Eric Blake  <eblake@redhat.com>

	build: place attributes in correct location
	Ever since commit eefb881, ATTRIBUTE_NONNULL has normally been a
	no-op under gcc (since it tends to cause more bugs than it cures
	given gcc's current lame implementation of the attribute).  However,
	the macro is still useful to Coverity and other static-analysis
	tools, but only if we use it correctly.  Coverity follows gcc's lead
	in accepting function declarations with attributes at the end, but
	function bodies must attach attributes to the return type.  That is,
	these are valid:
	void foo(void *arg) ATTRIBUTE_NONNULL(1);
	void ATTRIBUTE_NONNULL(1) foo(void *arg);
	void ATTRIBUTE_NONNULL(1) foo(void *arg) {}
	but this is not:
	void foo(void *arg) ATTRIBUTE_NONNULL(1) {}
	even though you don't get a compile failure until you do static
	analysis.  Bug introduced in commit 80533ca, with these symptoms:
	nodeinfo.c:206: error: expected ',' or ';' before '{' token
	cc1: warning: unrecognized command line option "-Wno-suggest-attribute=const"
	cc1: warning: unrecognized command line option "-Wno-suggest-attribute=pure"
	make[3]: *** [libvirt_driver_la-nodeinfo.lo] Error 1
	* src/nodeinfo.c (virNodeParseNode): Fix syntax error when
	non-null attribute is in use.

	build: fix linking with systemtap probes
	Commit 34e8f63a3 altered virfile.o to drag in additional symbols,
	which in turn led to pulling in other .o files and eventually causing
	a link failure when systemtap probes are enabled, such as:
	./.libs/libvirt_util.a(libvirt_util_la-event_poll.o): In function `virEventPollRunOnce':
	/home/dummy/libvirt/src/util/event_poll.c:614: undefined reference to `libvirt_event_poll_run_semaphore'
	./.libs/libvirt_util.a(libvirt_util_la-event_poll.o):(.note.stapsdt+0x24): undefined reference to `libvirt_event_poll_add_handle_semaphore'
	Even though libvirt_iohelper and libvirt_parthelper don't directly
	use the portion of virfile.o that drags in probing, it was easier
	to satisfy the linker and get the build back up, than to figure out
	whether it is even possible or worth trying to disentangle the mess.
	* src/Makefile.am (libvirt_iohelper_LDADD)
	(libvirt_parthelper_LDADD): Use libvirt_probes.lo when needed.

2012-10-30  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Report errors from iohelper
	Currently, we use iohelper when saving/restoring a domain.
	However, if there's some kind of error (like I/O) it is not
	propagated to libvirt. Since it is not qemu who is doing
	the actual write() it will not get error. The iohelper does.
	Therefore we should check for iohelper errors as it makes
	libvirt more user friendly.

2012-10-29  Peter Krempa  <pkrempa@redhat.com>

	util: Re-format literal strings in virXMLEmitWarning
	And drop a stray space at the end of the first line of the warning.

2012-10-29  Ján Tomko  <jtomko@redhat.com>

	xml: print uuids in the warning
	In the XML warning, we print a virsh command line that can be used to
	edit that XML. This patch prints UUIDs if the entity name contains
	special characters (like shell metacharacters, or "--" that would break
	parsing of the XML comment). If the entity doesn't have a UUID, just
	print the virsh command that can be used to edit it.

2012-10-29  Jiri Denemark  <jdenemar@redhat.com>

	Revert "qemu: Do not require hostuuid in migration cookie"
	This reverts commit 8d75e47edefdd77b86df1ee9af3cd5001d456f73.
	Libvirt was never released with support for migration cookies without
	hostuuid.

2012-10-28  Cole Robinson  <crobinso@redhat.com>

	qemu: Fix domxml-to-native network model conversion
	https://bugzilla.redhat.com/show_bug.cgi?id=636832

2012-10-27  Eric Blake  <eblake@redhat.com>

	build: typo fix for qemu cpu affinity
	Introduced in commit 0039a32f.
	* src/qemu/qemu_process.c (qemuPrepareCpumap): s/covert/convert/

	blockjob: relabel entire existing chain
	When using block copy to pivot over to a new chain, the backing files
	for the new chain might still need labeling (particularly if the user
	passes --reuse-ext with a relative backing file name).  Relabeling a
	file that is already labeled won't hurt, so this just labels the entire
	chain at the point of the pivot.  Doing the relabel of the chain uses
	the fact that we already safely probed the file type of an external
	file at the start of the block copy.
	* src/qemu/qemu_driver.c (qemuDomainBlockPivot): Relabel chain before
	asking qemu to pivot.

	blockjob: allow mirroring under SELinux and cgroup
	Use the recent addition of qemuDomainPrepareDiskChainElement to
	obtain locking manager lease, permit a block device through cgroups,
	and set the SELinux label; then audit the fact that we hand a new
	file over to qemu.  Alas, releasing the lease and label at the end
	of the mirroring is a trickier prospect (we would have to trace the
	backing chain of both source and destination, and be sure not to
	revoke rights to any part of the chain that is shared), so for now,
	virDomainBlockJobAbort still leaves things with additional access
	granted (as block-pull and block-commit have the same problem of
	not clamping access after completion, a future cleanup would cover
	all three commands).
	* src/qemu/qemu_driver.c (qemuDomainBlockCopy): Set up labeling.

	blockjob: allow for existing files in block-copy
	Support the REUSE_EXT flag, in part by copying sanity checks from
	snapshot code.  This code introduces a case of probing an external
	file for its type; such an action would be a security risk if the
	existing file is supposed to be raw but the contents resemble some
	other format; however, since the virDomainBlockRebase API has a
	flag to force treating the file as raw rather than probe, we can
	assume that probing is safe in all other instances.  Besides, if
	we don't probe or force raw, then qemu will.
	* src/qemu/qemu_driver.c (qemuDomainBlockRebase): Allow REUSE_EXT
	flag.
	(qemuDomainBlockCopy): Wire up flag, and add some sanity checks.

	blockjob: implement block copy for qemu
	Minimal patch to wire up all the pieces in the previous patches
	to actually enable a block copy job.  By minimal, I mean that
	qemu creates the file (that is, no REUSE_EXT flag support yet),
	SELinux must be disabled, a lock manager is not informed, and the
	audit logs aren't updated.  But those will be added as
	improvements in future patches.
	This patch is designed so that if we ever add a future API
	virDomainBlockCopy with more bells and whistles (such as letting
	the user specify a destination image format different than the
	source), where virDomainBlockRebase is a wrapper around the
	simpler portions of the new functionality, then the new API can
	just reuse the new qemuDomainBlockCopy function and already
	support _SHALLOW and _REUSE_EXT flags.  Also note that libvirt.c
	already filtered the new flags if _COPY is not present, so that
	we are not impacting the case of BlockRebase being a wrapper
	around BlockPull.
	* src/qemu/qemu_driver.c (qemuDomainBlockCopy): New function.
	(qemuDomainBlockRebase): Call it when appropriate.

	blockjob: make block pivot safer
	Since libvirt drops locks between issuing a monitor command and
	getting a response, it is possible for libvirtd to be restarted
	before getting a response on a block-job-complete command; worse, it
	is also possible for the guest to shut itself down during the window
	while libvirtd is down, ending the qemu process.  A management app
	needs to know if the pivot happened (and the destination file
	contains guest contents not in the source) or failed (and the source
	file contains guest contents not in the destination), but since
	the job is finished, 'query-block-jobs' no longer tracks the
	status of the job, and if the qemu process itself has disappeared,
	even 'query-block' cannot be checked to ask qemu its current state.
	At the time of this patch, the design for persistent bitmap has not
	been clarified, so a followup patch will be needed once qemu
	actually figures out how to expose it, and we figure out how to use
	it.  In the meantime, we have a solution that avoids the worst of
	the problem.  [This problem was first analyzed with the RHEL 6.3
	__com.redhat_drive-reopen command; which partly explains why
	upstream qemu 1.3 ditched the drive-reopen idea and went with
	block-job-complete plus persistent bitmap instead.]
	If we surround 'drive-reopen' with a pause/resume pair, then we can
	guarantee that the guest cannot modify either source or destination
	files in the window of libvirtd uncertainty, and the management app
	is guaranteed that either libvirt knows the outcome and reported it
	correctly; or that on libvirtd restart, the guest will still be
	paused and that the qemu process cannot have disappeared due to
	guest shutdown; and use that as a clue that the management app must
	implement recovery protocol, with both source and destination files
	still being in sync and with 'query-block' still being an option as
	part of that recovery.  My testing shows that the pause window will
	typically be only a fraction of a second.
	* src/qemu/qemu_driver.c (qemuDomainBlockPivot): Pause around
	drive-reopen.
	(qemuDomainBlockJobImpl): Update caller.

	blockjob: support pivot operation on cancel
	This is the bare minimum to end a copy job (of course, until a
	later patch adds the ability to start a copy job, this patch
	doesn't do much in isolation; I've just split the patches to
	ease the review).
	This patch intentionally avoids SELinux, lock manager, and audit
	actions.  Also, if libvirtd restarts at the exact moment that a
	'block-job-complete' is in flight, the proposed proper way to
	detect the outcome of that would be with a persistent bitmap and
	some additional query commands when libvirtd restarts.  This
	patch is enough to test the common case of success when used
	correctly, while saving the subtleties of proper cleanup for
	worst-case errors for later.
	When a mirror job is started, cancelling the job safely reverts back
	to the source disk, regardless of whether the destination is in
	phase 1 (streaming, in which case the destination is worthless) or
	phase 2 (mirroring, in which case the destination is synced up to
	the source at the time of the cancel).  Our existing code does just
	fine in either phase, other than some bookkeeping cleanup; this
	implements live block copy.
	Ideas for future enhancements via new flags:
	Depending on when persistent bitmap support is added, it may be
	worth adding a VIR_DOMAIN_REBASE_COPY_ATOMIC flag that fails up
	front if we detect an older qemu with risky pivot operation.
	Interesting side note: while snapshot-create --disk-only creates a
	copy of the disk at a point in time by moving the domain on to a
	new file (the copy is the file now in the just-extended backing
	chain), blockjob --abort of a copy job creates a copy of the disk
	while keeping the domain on the original file.  There may be
	potential improvements to the snapshot code to exploit block copy
	over multiple disks all at one point in time.  And, if
	'block-job-cancel' were made part of 'transaction', you could
	copy multiple disks at the same point in time without pausing
	the domain.  This also implies we may want to add a --quiesce flag
	to virDomainBlockJobAbort, so that when breaking a mirror (whether
	by cancel or pivot), the side of the mirror that we are abandoning
	is at least in a stable state with regards to guest I/O.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobAbort): Accept new flag.
	(qemuDomainBlockPivot): New helper function.
	(qemuDomainBlockJobImpl): Implement it.

	blockjob: return appropriate event and info
	Handle the new type of block copy event and info.  Of course,
	this patch does nothing until a later patch actually allows the
	creation/abort of a block copy job.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_BLOCK_JOB_READY): New
	block job status.
	* src/libvirt.c (virDomainBlockRebase): Document the event.
	* src/qemu/qemu_monitor_json.c (eventHandlers): New event.
	(qemuMonitorJSONHandleBlockJobReady): New function.
	(qemuMonitorJSONGetBlockJobInfoOne): Translate new job type.
	(qemuMonitorJSONHandleBlockJobImpl): Handle new event and job type.
	* src/qemu/qemu_process.c (qemuProcessHandleBlockJob): Recognize
	the event to minimize snooping.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Snoop a successful
	info query to save effort on a pivot request.

	blockjob: react to active block copy
	For now, disk migration via block copy job is not implemented in
	libvirt.  But when we do implement it, we have to deal with the
	fact that qemu does not yet provide an easy way to re-start a qemu
	process with mirroring still intact.  Paolo has proposed an idea
	for a persistent dirty bitmap that might make this possible, but
	until that design is complete, it's hard to say what changes
	libvirt would need.  Even something like 'virDomainSave' becomes
	hairy, if you realize the implications that 'virDomainRestore'
	would be stuck with recreating the same mirror layout.
	But if we step back and look at the bigger picture, we realize that
	the initial client of live storage migration via disk mirroring is
	oVirt, which always uses transient domains, and that if a transient
	domain is destroyed while a mirror exists, oVirt can easily restart
	the storage migration by creating a new domain that visits just the
	source storage, with no loss in data.
	We can make life a lot easier by being cowards for now, forbidding
	certain operations on a domain.  This patch guarantees that we
	never get in a state where we would have to restart a domain with
	a mirroring block copy, by preventing saves, snapshots, migration,
	hot unplug of a disk in use, and conversion to a persistent domain
	(thankfully, it is still relatively easy to 'virsh undefine' a
	running domain to temporarily make it transient, run tests on
	'virsh blockcopy', then 'virsh define' to restore the persistence).
	Later, if the qemu design is enhanced, we can relax our code.
	The change to qemudDomainDefine looks a bit odd for undoing an
	assignment, rather than probing up front to avoid the assignment,
	but this is because of how virDomainAssignDef combines both a
	lookup and assignment into a single function call.
	* src/conf/domain_conf.h (virDomainHasDiskMirror): New prototype.
	* src/conf/domain_conf.c (virDomainHasDiskMirror): New function.
	* src/libvirt_private.syms (domain_conf.h): Export it.
	* src/qemu/qemu_driver.c (qemuDomainSaveInternal)
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
	(qemuDomainBlockJobImpl, qemudDomainDefine): Prevent dangerous
	actions while block copy is already in action.
	* src/qemu/qemu_hotplug.c (qemuDomainDetachDiskDevice): Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Likewise.

	blockjob: add qemu capabilities related to block jobs
	Upstream qemu 1.3 is adding two new monitor commands, 'drive-mirror'
	and 'block-job-complete'[1], which can drive live block copy and
	storage migration.  [Additionally, RHEL 6.3 had backported an earlier
	version of most of the same functionality, but under the names
	'__com.redhat_drive-mirror' and '__com.redhat_drive-reopen' and with
	slightly different JSON arguments, and has been using patches similar
	to these upstream patches for several months now.]
	The libvirt API virDomainBlockRebase as already committed for 0.9.12
	is flexible enough to expose the basics of block copy, but some
	additional features in the 'drive-mirror' qemu command, such as
	setting error policy, setting granularity, or using a persistent
	bitmap, may later require a new libvirt API virDomainBlockCopy.  I
	will wait to add that API until we know more about what qemu 1.3
	will finally provide.
	This patch caters only to the upstream qemu 1.3 interface, although
	I have proven that the changes for RHEL 6.3 can be isolated to
	just qemu_monitor_json.c, and the rest of this series will
	gracefully handle either interface once the JSON differences are
	papered over in a downstream patch.
	For consistency with other block job commands, libvirt must handle
	the bandwidth argument as MiB/sec from the user, even though qemu
	exposes the speed argument as bytes/sec; then again, qemu rounds
	up to cluster size internally, so using MiB hides the worst effects
	of that rounding if you pass small numbers.
	[1]https://lists.gnu.org/archive/html/qemu-devel/2012-10/msg04123.html
	* src/qemu/qemu_capabilities.h (QEMU_CAPS_DRIVE_MIRROR)
	(QEMU_CAPS_DRIVE_REOPEN): New bits.
	* src/qemu/qemu_capabilities.c (qemuCaps): Name them.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONCheckCommands): Set
	them.
	(qemuMonitorJSONDriveMirror, qemuMonitorDrivePivot): New functions.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDriveMirror)
	(qemuMonitorDrivePivot): Declare them.
	* src/qemu/qemu_monitor.c (qemuMonitorDriveMirror)
	(qemuMonitorDrivePivot): New passthroughs.
	* src/qemu/qemu_monitor.h (qemuMonitorDriveMirror)
	(qemuMonitorDrivePivot): Declare them.

2012-10-27  Laine Stump  <laine@laine.org>

	qemu: fix attach/detach of netdevs with matching mac addrs
	This resolves:
	   https://bugzilla.redhat.com/show_bug.cgi?id=862515
	which describes inconsistencies in dealing with duplicate mac
	addresses on network devices in a domain.
	(at any rate, it resolves *almost* everything, and prints out an
	informative error message for the one problem that isn't solved, but
	has a workaround.)
	A synopsis of the problems:
	1) you can't do a persistent attach-interface of a device with a mac
	address that matches an existing device.
	2) you *can* do a live attach-interface of such a device.
	3) you *can* directly edit a domain and put in two devices with
	matching mac addresses.
	4) When running virsh detach-device (live or config), only MAC address
	is checked when matching the device to remove, so the first device
	with the desired mac address will be removed. This isn't always the
	one that's wanted.
	5) when running virsh detach-interface (live or config), the only two
	items that can be specified to match against are mac address and model
	type (virtio, etc) - if multiple netdevs match both of those
	attributes, it again just finds the first one added and assumes that
	is the only match.
	Since it is completely valid to have multiple network devices with the
	same MAC address (although it can cause problems in many cases, there
	*are* valid use cases), what is needed is:
	1) remove the restriction that prohibits doing a persistent add of a
	netdev with a duplicate mac address.
	2) enhance the backend of virDomainDetachDeviceFlags to check for
	something that *is* guaranteed unique (but still work with just mac
	address, as long as it yields only a single results.
	This patch does three things:
	1) removes the check for duplicate mac address during a persistent
	netdev attach.
	2) unifies the searching for both live and config detach of netdevices
	in the subordinate functions of qemuDomainModifyDeviceFlags() to use the
	new function virDomainNetFindIdx (which matches mac address and PCI
	address if available, checking for duplicates if only mac address was
	specified). This function returns -2 if multiple matches are found,
	allowing the callers to print out an appropriate message.
	Steps 1 & 2 are enough to fully fix the problem when using virsh
	attach-device and detach-device (which require an XML description of
	the device rather than a bunch of commandline args)
	3) modifies the virsh detach-interface command to check for multiple
	matches of mac address and show an error message suggesting use of the
	detach-device command in cases where there are multiple matching mac
	addresses.
	Later we should decide how we want to input a PCI address on the virsh
	commandline, and enhance detach-interface to take a --address option,
	eliminating the need to use detach-device
	* src/conf/domain_conf.c
	* src/conf/domain_conf.h
	* src/libvirt_private.syms
	  * added new virDomainNetFindIdx function
	  * removed now unused virDomainNetIndexByMac and
	    virDomainNetRemoveByMac
	* src/qemu/qemu_driver.c
	  * remove check for duplicate max from qemuDomainAttachDeviceConfig
	  * use virDomainNetFindIdx/virDomainNetRemove instead
	    of virDomainNetRemoveByMac in qemuDomainDetachDeviceConfig
	  * use virDomainNetFindIdx instead of virDomainIndexByMac
	    in qemuDomainUpdateDeviceConfig
	* src/qemu/qemu_hotplug.c
	  * use virDomainNetFindIdx instead of a homespun loop in
	    qemuDomainDetachNetDevice.
	* tools/virsh-domain.c: modified detach-interface command as described
	    above

2012-10-27  Eric Blake  <eblake@redhat.com>

	cpustat: fix regression when cpus are offline
	It turns out that the cpuacct results properly account for offline
	cpus, and always returns results for every possible cpu, not just
	the online ones.  So there is no need to check the map of online
	cpus in the first place, merely only a need to know the maximum
	possible cpu.  Meanwhile, virNodeGetCPUBitmap had a subtle change
	from returning the maximum id to instead returning the width of
	the bitmap (one larger than the maximum id) in commit 2f4c5338,
	which made this code encounter some off-by-one logic leading to
	bad error messages when a cpu was offline:
	$ virsh cpu-stats dom
	error: Failed to virDomainGetCPUStats()
	error: An error occurred, but the cause is unknown
	Cleaning this up unraveled a chain of other unused variables.
	* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Drop
	pointless check for cpumap changes, and use correct number of
	cpus.  Simplify signature.
	(qemuDomainGetCPUStats): Adjust caller.
	* src/nodeinfo.h (nodeGetCPUCount): New prototype.
	(nodeGetCPUBitmap): Drop unused parameter.
	* src/nodeinfo.c (nodeGetCPUBitmap): Likewise.
	(nodeGetCPUMap): Adjust caller.
	(nodeGetCPUCount): New function.
	* src/libvirt_private.syms (nodeinfo.h): Export it.

	build: fix syntax-check tab violation
	* tools/Makefile.am: Fix tab damage in previous patch.

	build: check for pod errors
	Patch 61299a1c fixed a long-standing pod error in the man page.
	But we should be preventing these up front.
	See also https://bugzilla.redhat.com/show_bug.cgi?id=870273
	* tools/Makefile.am (virt-xml-validate.1, virt-pki-validate.1)
	(virt-host-validate.1, virt-sanlock-cleanup.8, virsh.1): Reject
	pod conversion errors.
	* daemon/Makefile.am ($(srcdir)/libvirtd.8.in): Likewise.

	build: silence compiler warning about signedness
	Commit 246143b fixed a warning on older gcc, but caused a warning
	on newer gcc.
	../../src/rpc/virnetserverservice.c: In function 'virNetServerServiceNewPostExecRestart':
	../../src/rpc/virnetserverservice.c:277:41: error: pointer targets in passing argument 3 of 'virJSONValueObjectGetNumberUint' differ in signedness [-Werror=pointer-sign]
	* src/rpc/virnetserverservice.c: Use correct types.

	build: fix type-punning bug
	With older gcc and 64-bit size_t, the compiler issues a real warning:
	rpc/virnetserverservice.c:277: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
	Introduced in commit 0cc79255.  Depending on machine endianness,
	this warning represents a real bug that could mis-interpret the
	value by a factor of 2^32.  I don't know why I couldn't get newer
	gcc to report the same warning message.
	* src/rpc/virnetserverservice.c
	(virNetServerServiceNewPostExecRestart): Use temporary instead.

2012-10-27  Laine Stump  <laine@laine.org>

	parallels: fix build for some older compilers
	Found this when building on RHEL5:
	parallels/parallels_storage.c: In function 'parallelsStorageOpen':
	parallels/parallels_storage.c:180: error: 'for' loop initial declaration used outside C99 mode
	(and similar error in parallels_driver.c). This was in spite of
	configuring with "-Wno-error".

2012-10-26  Philipp Hahn  <hahn@univention.de>

	documentation: HTML tag fix
	Replace '%' by '&' for correct escaping of '>' in Domain specification.

2012-10-26  Peter Krempa  <pkrempa@redhat.com>

	maint: Sort .gitignore
	Sorting of the .gitignore file was broken after the last addition. After
	a clean build the scripts re-sort it making the working tree dirty.

2012-10-26  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Fix POD syntax
	The first two hunks fix "Unterminated I<...> sequence" error and the
	last one fixes "’=item’ outside of any ’=over’" error.

	virsh: Remove --flags from nodesuspend
	We always expose individual bits from flags as separate options rather
	than exposing a raw flags options. Since virNodeSuspendForDuration does
	not currently support any flags, the only way of using this --flags
	options that would not fail is "--flags 0", which is equivalent to
	omitting the option. Thus it is highly unlikely anyone would actually be
	using it and removing it should be safe.

2012-10-26  Eric Blake  <eblake@redhat.com>

	snapshot: improve snapshot-list error message
	https://bugzilla.redhat.com/show_bug.cgi?id=869100 mentioned some
	confusion about 'virsh snapshot-list' errors.  Clean up a
	misleading error message, and add some documentation.
	* tools/virsh-snapshot.c (cmdSnapshotList): Mention --current
	rather than --from when appropriate.
	* tools/virsh.pod (snapshot-list): Mention that the named starting
	point is NOT part of the list except under --tree.

	maint: ignore unsaved emacs files
	I did a 'git add .', then realized that it ended up trying to
	add the emacs lock file for a corresponding file that I had not
	yet saved all my edits; thankfully I noticed it in time.  Since
	we already exclude other temporary files, this makes the most
	sense for preventing such a mistake from actually hitting upstream.
	* .gitignore: Add .#* to the exclude list.

2012-10-26  Cole Robinson  <crobinso@redhat.com>

	daemon: Fix LIBVIRT_DEBUG=1 default output
	This commit changes the behavior of LIBVIRT_DEBUG=1 libvirtd:
	$ git show 7022b09111d4322d21396a70d58320a9ad773962
	commit 7022b09111d4322d21396a70d58320a9ad773962
	Author: Daniel P. Berrange <berrange@redhat.com>
	Date:   Thu Sep 27 13:13:09 2012 +0100
	    Automatically enable systemd journal logging
	    Probe to see if the systemd journal is accessible, and if
	    so enable logging to the journal by default, rather than
	    stderr (current default under systemd).
	Previously  'LIBVIRT_DEBUG=1 /usr/sbin/libvirtd' would show all debug
	output to stderr, now it send debug output to the journal.
	Only use the journal by default if running in daemon mode, or
	if stdin is _not_ a tty. This should make libvirtd launched from
	systemd use the journal, but preserve the old behavior in most
	situations.

2012-10-26  Laine Stump  <laine@laine.org>

	network: fix networkValidate check for default portgroup and vlan
	This was found during testing of the fix for:
	   https://bugzilla.redhat.com/show_bug.cgi?id=868483
	networkValidate was supposed to check for the existence of multiple
	portgroups and report an error if this was encountered. It did, but
	there were two problems:
	1) even though it logged an error, it still returned success, allowing
	the operation to continue.
	2) It could exit the portgroup checking loop early (or possibly not
	even do it once) if a vlan tag was supplied in the base network config
	or one of the portgroups.
	This patch fixes networkValidate to return failure in addition to
	logging the error, and also changes it to not exit the portgroup
	checking loop early. The logic was a bit off in the checking for vlan
	anyway, and it's intertwined with fixing the early loop exit, so I
	fixed that as well. Now it correctly checks for combinations where a
	<virtualport> is specified in the base network def and <vlan> is given
	in a portgroup, as well as the opposite (<vlan> in base network def
	and <virtualport> in portgroup), and ignores the case of a disallowed
	vlan when using *no* portgroup if there is a default portgroup (since
	in that case there is no way to not use any portgroup).

2012-10-26  Eric Blake  <eblake@redhat.com>

	maint: consistent whitespace after 'if'
	Noticed during the review of the previous patch.
	* python/libvirt-override.c: Use space between 'if ('.

2012-10-26  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	virNodeGetCPUMap: Add python binding
	Added a method getCPUMap to virConnect.
	It can be used as follows:
	import libvirt
	import sys
	import os
	conn = libvirt.openReadOnly(None)
	if conn == None:
	    print 'Failed to open connection to the hypervisor'
	    sys.exit(1)
	try:
	    (cpus, cpumap, online) = conn.getCPUMap(0)
	except:
	    print 'Failed to extract the node cpu map information'
	    sys.exit(1)
	print 'CPUs total %d, online %d' % (cpus, online)
	print 'CPU map %s' % str(cpumap)
	del conn
	print "OK"
	sys.exit(0)

	virNodeGetCPUMap: Implement driver support
	Driver support added for:
	- test: pretending 8 host CPUS, 3 being online
	- qemu, lxc, openvz, uml: using nodeGetCPUMap

	virNodeGetCPUMap: Implement support function in nodeinfo
	Added an implemention of virNodeGetCPUMap to nodeinfo.c,
	(nodeGetCPUMap) which can be used by all drivers for a Linux
	hypervisor host.

2012-10-26  Eric Blake  <eblake@redhat.com>

	nodeinfo: improve probing node cpu bitmap
	Callers should not need to know what the name of the file to
	be read in the Linux-specific version of nodeGetCPUmap;
	furthermore, qemu cares about online cpus, not present cpus,
	when determining which cpus to skip.
	While at it, I fixed the fact that we were computing the maximum
	online cpu id by doing a slow iteration, when what we really want
	to know is the max available cpu.
	* src/nodeinfo.h (nodeGetCPUmap): Rename...
	(nodeGetCPUBitmap): ...and simplify signature.
	* src/nodeinfo.c (linuxParseCPUmax): New function.
	(linuxParseCPUmap): Simplify and alter signature.
	(nodeGetCPUBitmap): Change implementation.
	* src/libvirt_private.syms (nodeinfo.h): Reflect rename.
	* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Update
	caller.

	bitmap: add virBitmapCountBits
	Sometimes it's handy to know how many bits are set.
	* src/util/bitmap.h (virBitmapCountBits): New prototype.
	(virBitmapNextSetBit): Use correct type.
	* src/util/bitmap.c (virBitmapNextSetBit): Likewise.
	(virBitmapSetAll): Maintain invariant of clear tail bits.
	(virBitmapCountBits): New function.
	* src/libvirt_private.syms (bitmap.h): Export it.
	* tests/virbitmaptest.c (test2): Test it.

2012-10-25  Jiri Denemark  <jdenemar@redhat.com>

	Fix build with apparmor
	Recent storage patches changed signature of virStorageFileGetMetadata
	and replaced chain with backingChain in virDomainDiskDef.

2012-10-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Update version checks for vSphere 5.1
	Also remove warnings for upcoming versions. There hadn't been any
	compatibility problems with new ESX version over the whole lifetime
	of the ESX driver, so I don't expect any in the future.
	Update documentation to mention vSphere 5.x support.

2012-10-24  Peter Krempa  <pkrempa@redhat.com>

	cpu: Add recently added cpu feature flags.
	Qemu has added some new feature flags. This patch adds them to libvirt.
	The new features are for the cpuid function 0x7 that takes an argument
	in the ecx register. Currently only 0x0 is used as the argument so I was
	lazy and I just clear the registers to 0 before calling cpuid. In future
	when there maybe will be some other possible arguments, we will need to
	improve the cpu detection code to take this into account.

2012-10-24  Osier Yang  <jyang@redhat.com>

	qemu: Prohibit chaning affinity of domain process if placement is 'auto'
	On one hand, numad probably will manage the affinity of domain process
	dynamically in future. On the other hand, even numad won't manage it,
	it still could confusion. Let's make things simpler enough to avoid
	the lair for now.

	qemu: Keep the affinity when creating cgroup for emulator thread
	When the cpu placement model is "auto", it sets the affinity for
	domain process with the advisory nodeset from numad, however,
	creating cgroup for the domain process (called emulator thread
	in some contexts) later overrides that with pinning it to all
	available pCPUs.
	How to reproduce:
	  * Configure the domain with "auto" placement for <vcpu>, e.g.
	    <vcpu placement='auto'>4</vcpu>
	  * % virsh start dom
	  * % cat /proc/$dompid/status
	Though the emulator cgroup cause conflicts, but we can't simply
	prohibit creating it, as other tunables are still useful, such
	as "emulator_period", which is used by API
	virDomainSetSchedulerParameter. So this patch doesn't prohibit
	creating the emulator cgroup, but inherit the nodeset from numad,
	and reset the affinity for domain process.
	* src/qemu/qemu_cgroup.h: Modify definition of qemuSetupCgroupForEmulator
	                          to accept the passed nodenet
	* src/qemu/qemu_cgroup.c: Set the affinity with the passed nodeset

	qemu: Add helper to prepare cpumap for affinity setting
	Abstract the codes to prepare cpumap into a helper a function,
	which can be used later.
	* src/qemu/qemu_process.h: Declare qemuPrepareCpumap
	* src/qemu/qemu_process.c: Implement qemuPrepareCpumap, and use it.

2012-10-24  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	virNodeGetCPUMap: Implement virsh support.
	- Added a new host command nodecpumap
	- Added documentation
	Example:
	$ virsh nodecpumap
	CPUs present:  8
	CPUs online:   3
	CPU map:       y-y-y---

	libvirt.h.in: Add new cpumap macro VIR_CPU_USED
	New macro VIR_CPU_USED added to facilitate the interpretation of
	cpu maps.
	Further, hardened the other cpumap macros against invocations
	like VIR_CPU_USE(cpumap + 1, cpu)

	virNodeGetCPUMap: Implement wire protocol.
	- Defined the wire protocol format for virNodeGetCPUMap and its
	  arguments
	- Implemented remote method invocation (remoteNodeGetCPUMap)
	- Implemented method dispatcher (remoteDispatchNodeGetCPUMap)

	virNodeGetCPUMap: Define public API.
	Adding a new API to obtain information about the
	host node's present, online and offline CPUs.
	int virNodeGetCPUMap(virConnectPtr conn,
	                     unsigned char **cpumap,
	                     unsigned int *online,
	                     unsigned int flags);
	The function will return the number of CPUs present on the host
	or -1 on failure;
	If cpumap is non-NULL virNodeGetCPUMap will allocate an array
	containing a bit map representation of the online CPUs. It's
	the callers responsibility to deallocate cpumap using free().
	If online is non-NULL, the variable pointed to will contain
	the number of online host node CPUs.
	The variable flags has been added to support future extensions
	and must be set to 0.
	Extend the driver structure by nodeGetCPUMap entry in support of the
	new API virNodeGetCPUMap.
	Added implementation of virNodeGetCPUMap to libvirt.c

2012-10-24  Eric Blake  <eblake@redhat.com>

	header: declare node memory parameter handling earlier
	Commit 12ad7435 added new functions (virNodeGetMemoryParameters,
	virNodeSetMemoryParameters) into the section of the file reserved
	for deprecated names.  Fix this by moving things earlier; split
	into two patches to make git diff easier to read.
	* include/libvirt/libvirt.h.in: Move virNodeGetMemoryParameters
	and friends earlier, add a note to prevent relapse.

	header: declare typed parameter handling earlier
	Commit 12ad7435 added new functions (virNodeGetMemoryParameters,
	virNodeSetMemoryParameters) into the section of the file reserved
	for deprecated names.  Fix this by moving things earlier; split
	into two patches to make git diff easier to read.
	* include/libvirt/libvirt.h.in: Move virTypedParameter earlier.

	build: improve FORTIFY_SOURCE usage
	Based on this coreutils bug report, since coreutils copied what
	libvirt had done:
	https://lists.gnu.org/archive/html/bug-coreutils/2012-10/msg00121.html
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Allow
	for user to pre-define _FORTIFY_SOURCE.

2012-10-24  Kyle Mestery  <kmestery@cisco.com>

	qemu_migration: Transport OVS per-port data during live migration
	Transport Open vSwitch per-port data during live
	migration by using the utility functions
	virNetDevOpenvswitchGetMigrateData() and
	virNetDevOpenvswitchSetMigrateData().

	openvswitch: Add utility functions for getting and setting Open vSwitch per-port data
	Add utility functions for Open vSwitch to both save
	per-port data before a live migration, and restore the
	per-port data after a live migration.

	qemu_migration: Add hooks to transport network data during migration
	Add the ability for the Qemu V3 migration protocol to
	include transporting network configuration. A generic
	framework is proposed with this patch to allow for the
	transfer of opaque data.

2012-10-24  Jim Fehlig  <jfehlig@suse.com>

	Fix detection of Xen sysctl version 9
	In commit 371ddc98, I mistakenly added the check for sysctl
	version 9 after setting the hypercall version to 1, which will
	fail with
	error : xenHypervisorDoV1Op:967 : Unable to issue hypervisor
	ioctl 3166208: Function not implemented
	This check should be included along with the others that use
	hypercall version 2.

2012-10-23  Cole Robinson  <crobinso@redhat.com>

	selinux: Don't fail RestoreAll if file doesn't have a default label
	When restoring selinux labels after a VM is stopped, any non-standard
	path that doesn't have a default selinux label causes the process
	to stop and exit early. This isn't really an error condition IMO.
	Of course the selinux API could be erroring for some other reason
	but hopefully that's rare enough to not need explicit handling.
	Common example here is storing disk images in a non-standard location
	like under /mnt.

2012-10-23  Eric Blake  <eblake@redhat.com>

	build: print uids as unsigned
	Reported by Michal Privoznik.
	* src/security/security_dac.c (virSecurityDACGenLabel): Use
	correct format.

2012-10-23  Ján Tomko  <jtomko@redhat.com>

	xml: omit domain name from comment if it contains double hyphen
	We put a comment containing "virsh edit <domain_name>" at the start of
	the XML. W3C recommendation forbids the use of "--" in comments [1] and
	libvirt can't parse it either. This patch omits the domain name if it
	contains a double hyphen.
	[1] http://www.w3.org/TR/REC-xml/#sec-comments

	storage: don't shadow global 'wait' declaration
	Rename the 'wait' parameter to 'loop'.
	This silences the warning:
	storage/storage_backend.c:1348:34: error: declaration of 'wait' shadows
	a global declaration [-Werror=shadow]
	and fixes the build with -Werror.
	--
	Note: loop is pool backwards.

2012-10-23  Christophe Fergeau  <cfergeau@redhat.com>

	Fix disabling of apparmor/selinux security drivers
	When using --without-$name --without-secdriver-$name with $name being
	selinux or apparmor, configure will fail saying that AppArmor/SELinux
	development package must be installed.
	This is caused by a small bug in --with-secdriver-$name handling in
	configure.ac which treats --without-secdriver-$name when $name as if the
	user had requested to enable $name when $name couldn't be detected on
	the system.
	This commit also makes sure the detection checks for disabled
	secdrivers do not needlessly get run, especially as this could
	cause an error as well in --with-$name --without-secdriver-$name
	situations.

2012-10-23  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	* .gnulib: Update to latest, prior to freeze.

	snapshot: sanity check when reusing file for snapshot
	The snapshot code when reusing an existing file had hard-to-read
	logic, as well as a missing sanity check: REUSE_EXT should require
	the destination to already be present.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare): Require
	destination on REUSE_EXT, rename variable for legibility.

	build: use correct printf types for uid/gid
	Fixes a build failure on cygwin:
	cc1: warnings being treated as errors
	security/security_dac.c: In function 'virSecurityDACSetProcessLabel':
	security/security_dac.c:862:5: error: format '%u' expects type 'unsigned int', but argument 7 has type 'uid_t' [-Wformat]
	security/security_dac.c:862:5: error: format '%u' expects type 'unsigned int', but argument 8 has type 'gid_t' [-Wformat]
	* src/security/security_dac.c (virSecurityDACSetProcessLabel)
	(virSecurityDACGenLabel): Use proper casts.

2012-10-23  Cole Robinson  <crobinso@redhat.com>

	Remove a couple duplicates from AUTHORS.in

	storage: Don't do wait loops from VolLookupByPath
	virStorageVolLookupByPath is an API call that virt-manager uses
	quite a bit when dealing with storage. This call use BackendStablePath
	which has several usleep() heuristics that can be tripped up
	and hang virt-manager for a while.
	Current example: an empty mpath pool pointing to /dev/mapper makes
	_any_ calls to virStorageVolLookupByPath take 5 seconds.
	The sleep heuristics are actually only needed in certain cases
	when we are waiting for new storage to appear, so let's skip the
	timeout steps when calling from LookupByPath.

	spec: Fix multilib issue with systemtap tapsets
	If building on a 64bit host, rename the affected tapsets to <name>-64.stp.
	This is similar to what the python package does in fedora.
	https://bugzilla.redhat.com/show_bug.cgi?id=831425

	docs: Fix installation of internals/*.html
	We were just installing them in the top level html directory, which
	broke navigation and overwrote other pages.
	https://bugzilla.redhat.com/show_bug.cgi?id=837825

	qemu: Don't use -enable-nesting with qemu 1.2.0+
	Since the option doesn't exist. Fixes booting with
	cpu mode='host-model' and qemu 1.2.0

2012-10-22  Doug Goldstein  <cardoe@cardoe.com>

	qemu: Don't blindly assume VNC is supported
	Currently it's assumed that qemu always supports VNC, however it is
	definitely possible to compile qemu without VNC support so we should at
	the very least check for it and handle that correctly.

	test: Don't assume VNC is always available
	Several tests assume that VNC is always available and include it in
	their configs and the expected command line. The tests have nothing to
	do with graphics display so they shouldn't rely on VNC.

2012-10-22  Eric Blake  <eblake@redhat.com>

	storage: let format probing work on root-squash NFS
	Yet another instance of where using plain open() mishandles files
	that live on root-squash NFS, and where improving the API can
	improve the chance of a successful probe.
	* src/util/storage_file.h (virStorageFileProbeFormat): Alter
	signature.
	* src/util/storage_file.c (virStorageFileProbeFormat): Use better
	method for opening file.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Update caller.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.

2012-10-22  Osier Yang  <jyang@redhat.com>

	virsh: Fix segfault of snapshot-list
	'snaps' is used after free()'ed.

2012-10-22  Ján Tomko  <jtomko@redhat.com>

	migrate: v2: use VIR_DOMAIN_XML_MIGRATABLE when available
	In v2 migration protocol, XML is obtained by calling domainGetXMLDesc.
	This includes the default USB controller in XML, which breaks migration
	to older libvirt (before 0.9.2).
	Commit 409b5f549530e7b3a33f4505f2cad2e26896107c
	    qemu: Emit compatible XML when migrating a domain
	only fixed this for v3 migration.
	This patch uses the new VIR_DOMAIN_XML_MIGRATABLE flag (detected by
	VIR_DRV_FEATURE_XML_MIGRATABLE) to obtain XML without the default controller,
	enabling backward v2 migration.

2012-10-22  Michal Privoznik  <mprivozn@redhat.com>

	qemu: set seamless migration capability
	As we switched to setting capabilities based on QMP communication,
	qemu seamless-migration capability was not set. In the -help output
	this knob is called seamless-migration=[on|off]. The equivalent in
	QMP world is SPICE_MIGRATE_COMPLETED event (qemu upstream commit
	2fdd16e2).

2012-10-22  Osier Yang  <jyang@redhat.com>

	qemu: Fix the unused parameter which causes the build failure

	qemu: Cleanup the unused 'nodeinfo'
	"nodeinfo" is not used in these two functions, and it's waste
	of goto in qemuProcessSetEmulatorAffinites

2012-10-22  Cole Robinson  <crobinso@redhat.com>

	docs: virsh: clarify behavior of send-key
	https://bugzilla.redhat.com/show_bug.cgi?id=860004

	Log parameters passed to virFileMakePath

	Log file name passed to virConfReadFile

	daemon: Avoid 'Could not find keytab file' in syslog
	On F17 at least, every time libvirtd starts we get this in syslog:
	libvirtd: Could not find keytab file: /etc/libvirt/krb5.tab: No such file or directory
	This comes from cyrus-sasl, and happens regardless of whether the
	gssapi plugin is requested, which is what actually uses
	/etc/libvirt/krb5.tab.
	While cyrus-sasl shouldn't complain, we can easily make it shut up by
	commenting out the keytab value by default.
	Also update the keytab comment to the more modern one from qemu's
	sasl config file.

2012-10-21  Laine Stump  <laine@laine.org>

	network: don't allow multiple default portgroups
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=868483
	virNetworkUpdate, virNetworkDefine, and virNetworkCreate all three
	allow network definitions to contain multiple <portgroup> elements
	with default='yes'. Only a single default portgroup should be allowed
	for each network.
	This patch updates networkValidate() (called by both
	virNetworkCreate() and virNetworkDefine()) and
	virNetworkDefUpdatePortGroup (called by virNetworkUpdate() to not
	allow multiple default portgroups.

	network: always create dnsmasq hosts and addnhosts files, even if empty
	This fixes the problem reported in:
	  https://bugzilla.redhat.com/show_bug.cgi?id=868389
	Previously, the dnsmasq hosts file (used for static dhcp entries, and
	addnhosts file (used for additional dns host entries) were only
	created/referenced on the dnsmasq commandline if there was something
	to put in them at the time the network was started. Once we can update
	a network definition while it's active (which is now possible with
	virNetworkUpdate), this is no longer a valid strategy - if there were
	0 dhcp static hosts (resulting in no reference to the hosts file on the
	commandline), then one was later added, the commandline wouldn't have
	linked dnsmasq up to the file, so even though we create it, dnsmasq
	doesn't pay any attention.
	The solution is to just always create these files and reference them
	on the dnsmasq commandline (almost always, anyway). That way dnsmasq
	can notice when a new entry is added at runtime (a SIGHUP is sent to
	dnsmasq by virNetworkUdpate whenever a host entry is added or removed)
	The exception to this is that the dhcp static hosts file isn't created
	if there are no lease ranges *and* no static hosts. This is because in
	this case dnsmasq won't be setup to listen for dhcp requests anyway -
	in that case, if the count of dhcp hosts goes from 0 to 1, dnsmasq
	will need to be restarted anyway (to get it listening on the dhcp
	port). Likewise, if the dhcp hosts count goes from 1 to 0 (and there
	are no dhcp ranges) we need to restart dnsmasq so that it will stop
	listening on port 67. These special situations are handled in the
	bridge driver's networkUpdate() by checking for ((bool)
	nranges||nhosts) both before and after the update, and triggering a
	dnsmasq restart if the before and after don't match.

2012-10-20  Laine Stump  <laine@laine.org>

	network: free/null newDef if network fails to start
	https://bugzilla.redhat.com/show_bug.cgi?id=866364
	pointed out a crash due to virNetworkObjAssignDef free'ing
	network->newDef without NULLing it afterward. A fix for this is in
	upstream commit b7e9202401ebaa039b8f05acdefda8c24081537a. While the
	NULLing of newDef was a legitimate fix, newDef should have already
	been empty (NULL) anyway (as indicated in the comment that was deleted
	by that commit).
	The reason that newDef had a non-NULL value (i.e. the root cause) was
	that networkStartNetwork() had failed after populating
	network->newDef, but then neglected to free/NULL newDef in the
	cleanup.
	(A bit of background here: network->newDef should contain the
	persistent config of a network when a network is active (and of course
	only when it is persisten), and NULL at all other times. There is also
	a network->def which should contain the persistent definition of the
	network when it is inactive, and the current live state at all other
	times. The idea is that you can make changes to network->newDef which
	will take effect the next time the network is restarted, but won't
	mess with the current state of the network (virDomainObj has a similar
	pair of virDomainDefs that behave in the same fashion). Personally I
	think there should be a network->live and network->config, and the
	location of the persistent config should *always* be in
	network->config, but that's for a later cleanup).
	Since I love things to be symmetric, I created a new function called
	virNetworkObjUnsetDefTransient(), which reverses the effects of
	virNetworkObjSetDefTransient(). I don't really like the name of the
	new function, but then I also didn't really like the name of the old
	one either (it's just named that way to match a similar function in
	the domain conf code).

2012-10-20  Eric Blake  <eblake@redhat.com>

	blockjob: avoid segv on early error
	Gcc with optimization warns:
	../../src/qemu/qemu_driver.c: In function 'qemuDomainBlockCommit':
	../../src/qemu/qemu_driver.c:12813:46: error: 'disk' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	../../src/qemu/qemu_driver.c:12698:25: note: 'disk' was declared here
	cc1: all warnings being treated as errors
	so obviously I had only been testing with optimization off.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Guard cleanup.

	blockjob: properly label disks for qemu block-commit
	I finally have all the pieces in place to perform a block-commit with
	SELinux enforcing.  There's still missing cleanup work when the commit
	completes, but doing that requires tracking both the backing chain and
	the base and top files within that chain in domain XML across libvirtd
	restarts.  Furthermore, from a security standpoint, once you have
	granted access, you must assume any damage that can be done will be
	done; later revoking access is nice to minimize the window of damage,
	but less important as it does not affect the fact that damage can be
	done in the first place.  Therefore, deferring the revoke efforts until
	we have better XML tracking of what chain operations are in effect,
	including across a libvirtd restart, is reasonable.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Label disks as
	needed.
	(qemuDomainPrepareDiskChainElement): Cast away const.

	blockjob: refactor qemu disk chain permission grants
	Previously, snapshot code did its own permission granting (lock
	manager, cgroup device controller, and security manager labeling)
	inline.  But now that we are adding block-commit and block-copy
	which also have to change permissions, it's better to reuse
	common code for the task.  While snapshot should fall back to
	no access if read-write access failed, block-commit will want to
	fall back to read-only access.  The common code doesn't know
	whether failure to grant read-write access should revert to no
	access (snapshot, block-copy) or read-only access (block-commit).
	This code can also be used to revoke access to unused files after
	block-pull.
	It might be nice to clean things up in a future patch by adding
	new functions to the lock manager, cgroup manager, and security
	manager that takes a single file name and applies context of a
	disk to that file, rather than the current semantics of applying
	context to the entire chain already associated to a disk.  That
	way, we could avoid the games this patch plays of temporarily
	swapping out the disk->src and related fields of the disk.  But
	that would involve more code changes, so this patch really is
	the smallest hack for doing the necessary work; besides, this
	patch is more or less code motion (the hack was already employed
	by the snapshot creation code, we are just making it reusable).
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateSingleDiskActive)
	(qemuDomainSnapshotUndoSingleDiskActive): Refactor labeling hacks...
	(qemuDomainPrepareDiskChainElement): ...into new function.

	blockjob: implement shallow commit flag in qemu
	Now that we can crawl the chain of backing files, we can do
	argument validation and implement the 'shallow' flag.  In
	testing this, I discovered that it can be handy to pass the
	shallow flag and an explicit base, as a means of validating
	that the base is indeed the file we expected.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Crawl through
	chain to implement shallow flag.
	* src/libvirt.c (virDomainBlockCommit): Relax API.

	blockjob: wire up online qemu block-commit
	This is the bare minimum to kick off a block commit.  In particular,
	flags support is missing (shallow requires us to crawl the backing
	chain to determine the file name to pass to the qemu monitor command;
	delete requires us to track what needs to be deleted at the time
	the completion event fires).  Also, we are relying on qemu to do
	error checking (such as validating 'top' and 'base' as being members
	of the backing chain), including the fact that the current qemu code
	does not support committing the active layer (although it is still
	planned to add that before qemu 1.3).  Since the active layer won't
	change, we have it easy and do not have to alter the domain XML.
	Additionally, this will fail if SELinux is enforcing, because we fail
	to grant qemu proper read/write access to the files it will modify.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): New function.
	(qemuDriver): Register it.

	blockjob: manage qemu block-commit monitor command
	qemu 1.3 will be adding a 'block-commit' monitor command, per
	qemu.git commit ed61fc1.  It matches nicely to the libvirt API
	virDomainBlockCommit.
	* src/qemu/qemu_capabilities.h (QEMU_CAPS_BLOCK_COMMIT): New bit.
	* src/qemu/qemu_capabilities.c (qemuCapsProbeQMPCommands): Set it.
	* src/qemu/qemu_monitor.h (qemuMonitorBlockCommit): New prototype.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockCommit):
	Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockCommit): Implement it.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockCommit):
	Likewise.
	(qemuMonitorJSONHandleBlockJobImpl)
	(qemuMonitorJSONGetBlockJobInfoOne): Handle new event type.

	blockjob: remove unused parameters after previous patch
	Minor cleanup made possible by previous simplifications.
	* src/qemu/qemu_cgroup.h (qemuSetupDiskCgroup)
	(qemuTeardownDiskCgroup): Alter signature.
	* src/qemu/qemu_cgroup.c (qemuSetupDiskCgroup)
	(qemuTeardownDiskCgroup, qemuSetupCgroup): Update all uses.
	* src/qemu/qemu_hotplug.c (qemuDomainDetachPciDiskDevice)
	(qemuDomainDetachDiskDevice): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainAttachDeviceDiskLive)
	(qemuDomainChangeDiskMediaLive)
	(qemuDomainSnapshotCreateSingleDiskActive)
	(qemuDomainSnapshotUndoSingleDiskActive): Likewise.

	storage: use cache to walk backing chain
	We used to walk the backing file chain at least twice per disk,
	once to set up cgroup device whitelisting, and once to set up
	security labeling.  Rather than walk the chain every iteration,
	which possibly includes calls to fork() in order to open root-squashed
	NFS files, we can exploit the cache of the previous patch.
	* src/conf/domain_conf.h (virDomainDiskDefForeachPath): Alter
	signature.
	* src/conf/domain_conf.c (virDomainDiskDefForeachPath): Require caller
	to supply backing chain via disk, if recursion is desired.
	* src/security/security_dac.c
	(virSecurityDACSetSecurityImageLabel): Adjust caller.
	* src/security/security_selinux.c
	(virSecuritySELinuxSetSecurityImageLabel): Likewise.
	* src/security/virt-aa-helper.c (get_files): Likewise.
	* src/qemu/qemu_cgroup.c (qemuSetupDiskCgroup)
	(qemuTeardownDiskCgroup): Likewise.
	(qemuSetupCgroup): Pre-populate chain.

	storage: cache backing chain while qemu domain is live
	Technically, we should not be re-probing any file that qemu might
	be currently writing to.  As such, we should cache the backing
	file chain prior to starting qemu.  This patch adds the cache,
	but does not use it until the next patch.
	Ultimately, we want to also store the chain in domain XML, so that
	it is remembered across libvirtd restarts, and so that the only
	kosher way to modify the backing chain of an offline domain will be
	through libvirt API calls, but we aren't there yet.  So for now, we
	merely invalidate the cache any time we do a live operation that
	alters the chain (block-pull, block-commit, external disk snapshot),
	as well as tear down the cache when the domain is not running.
	* src/conf/domain_conf.h (_virDomainDiskDef): New field.
	* src/conf/domain_conf.c (virDomainDiskDefFree): Clean new field.
	* src/qemu/qemu_domain.h (qemuDomainDetermineDiskChain): New
	prototype.
	* src/qemu/qemu_domain.c (qemuDomainDetermineDiskChain): New
	function.
	* src/qemu/qemu_driver.c (qemuDomainAttachDeviceDiskLive)
	(qemuDomainChangeDiskMediaLive): Pre-populate chain.
	(qemuDomainSnapshotCreateSingleDiskActive): Uncache chain before
	snapshot.
	* src/qemu/qemu_process.c (qemuProcessHandleBlockJob): Update
	chain after block pull.

	storage: make it easier to find file within chain
	In order to temporarily label files read/write during a commit
	operation, we need to crawl the backing chain and find the absolute
	file name that needs labeling in the first place, as well as the
	name of the file that owns the backing file.
	* src/util/storage_file.c (virStorageFileChainLookup): New
	function.
	* src/util/storage_file.h: Declare it.
	* src/libvirt_private.syms (storage_file.h): Export it.

	storage: remember relative names in backing chain
	In order to search for a backing file name as literally present
	in a chain, we need to remember if the chain had relative names.
	Also, searching for absolute names is easier if we only have
	to canonicalize once, rather than on every iteration.
	* src/util/storage_file.h (_virStorageFileMetadata): Add field.
	* src/util/storage_file.c (virStorageFileGetMetadataFromBuf):
	(virStorageFileFreeMetadata): Manage it
	(absolutePathFromBaseFile): Store absolute names in canonical form.

	storage: don't require caller to pre-allocate metadata struct
	Requiring pre-allocation was an unusual idiom.  It allowed iteration
	over the backing chain to use fewer mallocs, but made one-shot
	clients harder to read.  Also, this makes it easier for a future
	patch to move away from opening fds on every iteration over the chain.
	* src/util/storage_file.h (virStorageFileGetMetadataFromFD): Alter
	signature.
	* src/util/storage_file.c (virStorageFileGetMetadataFromFD): Allocate
	return value.
	 (virStorageFileGetMetadata): Update clients.
	* src/conf/domain_conf.c (virDomainDiskDefForeachPath): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Likewise.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.

	storage: get entire metadata chain in one call
	Previously, no one was using virStorageFileGetMetadata, and for good
	reason - it couldn't support root-squash NFS.  Change the signature
	and make it useful to future patches, including enhancing the metadata
	to recursively track the entire chain.
	* src/util/storage_file.h (_virStorageFileMetadata): Add field.
	(virStorageFileGetMetadata): Alter signature.
	* src/util/storage_file.c (virStorageFileGetMetadata): Rewrite.
	(virStorageFileGetMetadataRecurse): New function.
	(virStorageFileFreeMetadata): Handle recursion.

	storage: don't probe non-files
	Backing chains can end on a network protocol, such as nbd:xxx; we
	should not attempt to probe the file system in this case.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Only probe files.

	storage: use enum for snapshot driver type
	This is the last use of raw strings for disk formats throughout
	the src/conf directory.
	* src/conf/snapshot_conf.h (_virDomainSnapshotDiskDef): Store enum
	rather than string for disk type.
	* src/conf/snapshot_conf.c (virDomainSnapshotDiskDefClear)
	(virDomainSnapshotDiskDefParseXML, virDomainSnapshotDefFormat):
	Adjust users.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare)
	(qemuDomainSnapshotCreateSingleDiskActive): Likewise.

	storage: use enum for disk driver type
	Actually use the enum in the domain conf structure.
	* src/conf/domain_conf.h (_virDomainDiskDef): Store enum rather
	than string for disk type.
	* src/conf/domain_conf.c (virDomainDiskDefFree)
	(virDomainDiskDefParseXML, virDomainDiskDefFormat)
	(virDomainDiskDefForeachPath): Adjust users.
	* src/xenxs/xen_sxpr.c (xenParseSxprDisks, xenFormatSxprDisk):
	Likewise.
	* src/xenxs/xen_xm.c (xenParseXM, xenFormatXMDisk): Likewise.
	* src/vbox/vbox_tmpl.c (vboxAttachDrives): Likewise.
	* src/libxl/libxl_conf.c (libxlMakeDisk): Likewise.

	storage: use enum for default driver type
	Express the default disk type as an enum, for easier handling.
	* src/conf/capabilities.h (_virCaps): Store enum rather than
	string for disk type.
	* src/conf/domain_conf.c (virDomainDiskDefParseXML): Adjust
	clients.
	* src/qemu/qemu_driver.c (qemuCreateCapabilities): Likewise.

	storage: match RNG to supported driver types
	At one point, the code passed through arbitrary strings for file
	formats, which supposedly lets qemu handle a new file type even
	before libvirt has been taught to handle it.  However, to properly
	label files, libvirt has to learn the file type anyway, so we
	might as well make our life easier by only accepting file types
	that we are prepared to handle.  This patch lets the RNG validation
	ensure that only known strings are let through.
	* docs/schemas/domaincommon.rng (driverFormat): Limit to list of
	supported strings.
	* docs/schemas/domainsnapshot.rng (driver): Likewise.

	storage: treat 'aio' like 'raw' at parse time
	We have historically allowed 'aio' as a synonym for 'raw' for
	back-compat to xen, but since a future patch will move to using
	an enum value, we have to pick one to be our preferred output
	name.  This is a slight change in the output XML, but the sexpr
	and xm outputs should still be identical, and the input XML can
	still use either form.
	* src/conf/domain_conf.c (virDomainDiskDefForeachPath): Move aio
	back-compat...
	(virDomainDiskDefParseXML): ...to parse time.
	* src/xenxs/xen_sxpr.c (xenParseSxprDisks, xenFormatSxprDisk): ...and
	to output time.
	* src/xenxs/xen_xm.c (xenParseXM, xenFormatXMDisk): Likewise.
	* tests/sexpr2xmldata/sexpr2xml-*.xml: Update tests.

	storage: list more file types
	When an image has no backing file, using VIR_STORAGE_FILE_AUTO
	for its type is a bit confusing.  Additionally, a future patch
	would like to reserve a default value for the case of no file
	type specified in the XML, but different from the current use
	of -1 to imply probing, since probing is not always safe.
	Also, a couple of file types were missing compared to supported
	code: libxl supports 'vhd', and qemu supports 'fat' for directories
	passed through as a file system.
	* src/util/storage_file.h (virStorageFileFormat): Add
	VIR_STORAGE_FILE_NONE, VIR_STORAGE_FILE_FAT, VIR_STORAGE_FILE_VHD.
	* src/util/storage_file.c (virStorageFileMatchesVersion): Match
	documentation when version probing not supported.
	(cowGetBackingStore, qcowXGetBackingStore, qcow1GetBackingStore)
	(qcow2GetBackingStoreFormat, qedGetBackingStore)
	(virStorageFileGetMetadataFromBuf)
	(virStorageFileGetMetadataFromFD): Take NONE into account.
	* src/conf/domain_conf.c (virDomainDiskDefForeachPath): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Likewise.
	* src/conf/storage_conf.c (virStorageVolumeFormatFromString): New
	function.
	(poolTypeInfo): Use it.

2012-10-20  Cole Robinson  <crobinso@redhat.com>

	Autogenerate AUTHORS
	AUTHORS.in tracks the maintainers, as well as some folks who were
	previously in AUTHORS but don't have a git commit with proper
	attribution.
	Generated output is sorted alphabetically and lacks pretty spacing, so
	tweak AUTHORS.in to follow the same format.
	Additionally, drop the syntax-check rule that previously validated
	AUTHORS against git log.

2012-10-20  Guannan Ren  <gren@redhat.com>

	selinux: relabel tapfd in qemuPhysIfaceConnect
	Relabeling tapfd right after the tap device is created.
	qemuPhysIfaceConnect is common function called both for static
	netdevs and for hotplug netdevs.

2012-10-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Do not require hostuuid in migration cookie
	Having hostuuid in migration cookie is a nice bonus since it provides an
	easy way of detecting migration to the same host. However, requiring it
	breaks backward compatibility with older libvirt releases.

	qemu: Allow migration with host USB devices
	Recently, patches were added support for (managed)saving, restoring, and
	migrating domains with host USB devices. However, qemu driver would
	still forbid migration of such domains because qemuMigrationIsAllowed
	was not updated.

2012-10-19  Guido Günther  <agx@sigxcpu.org>

	qemu: Set arch to i686 if qemu-system-i386 is found
	If we can't probe the architecture from QMP we parse the architecture
	from the qemu binaries name. This results in the architecture being i386
	instead of i686 which then results in QEMU_CAPS_PCI_MULTIBUS being unset
	which gives a broken qemu command line.
	This probably didn't show up earlier since most of the time there's also
	a /usr/bin/qemu around which results in i686 capabilities.

	qemu: Don't fail without emulatorpin or cpumask
	This unbreaks qemu:///session that got broken by
	ba63d8f7d843461f77a8206c1ef9da38388713e5.

2012-10-18  Michal Privoznik  <mprivozn@redhat.com>

	network: Set to NULL after virNetworkDefFree()
	which frees all allocated memory but doesn't set the passed pointer to
	NULL.  Therefore, we must do it ourselves. This is causing actual
	libvirtd crash: Basically, when doing 'virsh net-edit' the newDef should
	be dropped.  And the memory is freed, indeed. However, the pointer is
	not set to NULL but kept instead. And the next duo of calls 'virsh
	net-start' and 'virsh net-destroy' starts the disaster. The latter one
	does the same as 'virsh destroy'; it sees that newDef is nonNULL so it
	replaces def with newDef (which has been freed already as said a few
	lines above). Therefore any subsequent call accessing def will hit the ground.

2012-10-18  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	dist: added cpu/cpu_ppc_data.h to Makefile.am
	Missing entry for cpu_ppc_data.h added to fix RPM build.

2012-10-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Always format CPU topology
	When libvirt cannot find a suitable CPU model for host CPU (easily
	reproducible by running libvirt in a guest), it would not provide CPU
	topology in capabilities XML either. Even though CPU topology is known
	and can be queried by virNodeGetInfo. With this patch, CPU topology will
	always be provided in capabilities XML regardless on the presence of CPU
	model.

	spec: Fix dependency for lock-sanlock subpackage
	This should not make a big difference in real world since libvirt-daemon,
	which is already required by libvirt-lock-sanlock, requires
	libvirt-client and thus libvirt-lock-sanlock gets this dependency
	transitively. However, since libvirt-lock-sanlock contains
	sanlock_helper binary linked to libvirt.so, we should start requiring
	libvirt-client directly.

2012-10-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add support for HyperV Enlightenment feature "relaxed"
	This patch adds QEMU support for the "relaxed" feature implemented by
	previous patch.

	conf: Add support for HyperV Enlightenment features
	Hypervisors are starting to support HyperV Enlightenment features that
	improve behavior of guests running Microsoft Windows operating systems.
	This patch adds support for the "relaxed" feature that improves timer
	behavior and also establishes a framework to add these features in
	future.

	conf: Make tri-state feature options more universal
	The apic-eoi feature enum and implementation can be made more universal
	to allow re-use of the enum for other features.

2012-10-18  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Correctly wait for spice to migrate
	Currently we query-spice after the main migration has completed
	before moving to next state. Qemu reports this as boolean (not
	enclosed within quotes). Therefore it is not correct to use
	virJSONValueObjectGetString but virJSONValueObjectGetBoolean instead.

2012-10-18  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Fixed default machine detection in qemuCapsParseMachineTypesStr
	The machine in the last output line of <qemu-binary> -M ?
	was always reported as default machine even if this wasn't the
	actual default. Trivial fix.

2012-10-17  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Pin the emulator when only cpuset is specified
	According to our recent changes (clarifications), we should be pinning
	qemu's emulator processes using the <vcpu> 'cpuset' attribute in case
	there is no <emulatorpin> specified.  This however doesn't work
	entirely as expected and this patch should resolve all the remaining
	issues.

2012-10-17  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Clear async job when p2p migration fails early
	When p2p migration fails early because qemuMigrationIsAllowed or
	qemuMigrationIsSafe say migration should be cancelled, we fail to clear
	the migration-out async job. As a result of that, further APIs called
	for the same domain may fail with Timed out during operation: cannot
	acquire state change lock.
	Reported by Guido Winkelmann.

2012-10-17  Doug Goldstein  <cardoe@cardoe.com>

	interface: add virInterfaceGetXMLDesc() in udev
	Added support for retrieving the XML defining a specific interface via
	the udev based backend to virInterface. Implement the following APIs
	for the udev based backend:
	* virInterfaceGetXMLDesc()
	Note: Does not support bond devices.

2012-10-17  Michal Privoznik  <mprivozn@redhat.com>

	AUTHORS: Remove double entry
	I've accidentally added Li Zhang <zhlcindy@linux.vnet.ibm.com> to
	AUTHORS, even if he already was there.

2012-10-17  Li Zhang  <zhlcindy@gmail.com>

	Doc-fix for PowerPC CPU model driver
	There are some descriptions not right in PowerPC CPU model driver.
	This patch is to fix them.
	Acked-by: Michal Privoznik <mprivozn@redhat.com>

	Implement CPU model driver for PowerPC
	Currently, the CPU model driver is not implemented for PowerPC.
	Host's CPU information is needed to exposed to guests' XML file some
	time.
	This patch is to implement the callback functions of CPU model driver.
	Acked-by: Michal Privoznik <mprivozn@redhat.com>

	Add one file cpu_ppc_data.h to define CPU data for PPC
	CPU version can be got by PVR on PowerPC. So this PVR is defined in
	the CPU data in cpuData structure.
	Acked-by: Michal Privoznik <mprivozn@redhat.com>

2012-10-17  Guannan Ren  <gren@redhat.com>

	selinux: remove unused variables in socket labelling

	selinux: fix wrong tapfd relablling
	It should relabel tapfd of virtual network of type VIR_DOMAIN_NET_TYPE_DIRECT
	rather than VIR_DOMAIN_NET_TYPE_NETWORK and VIR_DOMAIN_NET_TYPE_BRIDGE
	(commit ae368ebfcc4923d0b32e83d4ca96a6f599625785 introduced this bug)
	Caution: The context of the two hunks is identical other than indentation.
	Please be extremely cautious of where the patch gets applied.

2012-10-17  Cole Robinson  <crobinso@redhat.com>

	storage: lvm: lvcreate fails with allocation=0, don't do that
	On F17 at least, this command fails:
	$ sudo /usr/sbin/lvcreate --name sparsetest -L 0K --virtualsize 16384K vgvirt
	  Unable to create new logical volume with no extents
	Which is unfortunate since allocation=0 is what virt-manager tries to use
	by default.
	Rather than telling the user 'don't do that', let's just give them the
	smallest allocation possible if alloc=0 is requested.
	https://bugzilla.redhat.com/show_bug.cgi?id=866481

	storage: lvm: Don't overwrite lvcreate errors
	Before:
	$ sudo virsh vol-create-as --pool vgvirt sparsetest --capacity 16M --allocation 0
	error: Failed to create vol sparsetest
	error: internal error Child process (/usr/sbin/lvchange -aln vgvirt/sparsetest) unexpected exit status 5:   One or more specified logical volume(s) not found.
	After:
	$ sudo virsh vol-create-as --pool vgvirt sparsetest --capacity 16M --allocation 0
	error: Failed to create vol sparsetest
	error: internal error Child process (/usr/sbin/lvcreate --name sparsetest -L 0K --virtualsize 16384K vgvirt) unexpected exit status 5:   Unable to create new logical volume with no extents

2012-10-17  Jiri Denemark  <jdenemar@redhat.com>

	spec: Require newer sanlock on recent distros 2
	The previous commit was incomplete. We need to also add explicit
	Requires for the newer version since RPM's automatic dependencies won't
	work with sanlock.

2012-10-17  Peter Krempa  <pkrempa@redhat.com>

	spec: Add runtime requirement for libssh2
	libssh2 unfortunately doesn't support symbol versioning so RPM can't
	figure out what version is needed for the currently installed libvirt
	package. This patch adds a runtime requirement, so that the correct
	version of libssh2 can be installed along with libvirt.

2012-10-17  Jiri Denemark  <jdenemar@redhat.com>

	spec: Require newer sanlock on recent distros
	Make sure libvirt is build with sanlock >= 2.4 on distros that are new
	enough to provide it.

	locking: Fix build with sanlock < 2.4
	libvirt started using sanlock_killpath to implement on_lockfailure
	action. Since sanlock_killpath was introduced in sanlock 2.4, libvirt
	fails to build with older sanlock.

2012-10-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in previous commit s/lik/like/

	Make virInitialize thread safe
	Currently there is a restriction that multi-threaded applications
	must manually call virInitialize, before threads start using
	libvirt, because it is not thread-safe. By switching it to use
	a virOnceControl initializer we gain thread safety, and thus
	applications no longer need to manually call it. They can rely
	on virConnectOpen invoking it for them.

	Fix virProcessKillPainfully on Win32
	Win32 platforms don't have SIGKILL defined, but they do have
	SIGABRT. Since our virProcess wrapper treats anything which
	isn't SIGTERM/SIGINT as equivalent to SIGKILL, just use
	SIGABRT on Win32.

	Add JSON serialization of virNetServerPtr objects for process re-exec()
	Add two new APIs virNetServerNewPostExecRestart and
	virNetServerPreExecRestart which allow a virNetServerPtr
	object to be created from a JSON object and saved to a
	JSON object, for the purpose of re-exec'ing a process.
	This includes serialization of all registered services
	and clients

	Add JSON serialization of virNetServerClientPtr objects for process re-exec()
	Add two new APIs virNetServerClientNewPostExecRestart and
	virNetServerClientPreExecRestart which allow a virNetServerClientPtr
	object to be created from a JSON object and saved to a
	JSON object, for the purpose of re-exec'ing a process.
	This includes serialization of the connected socket associated
	with the client

	Add JSON serialization of virNetServerServicePtr objects for process re-exec()
	Add two new APIs virNetServerServiceNewPostExecRestart and
	virNetServerServicePreExecRestart which allow a virNetServerServicePtr
	object to be created from a JSON object and saved to a
	JSON object, for the purpose of re-exec'ing a process.
	This includes serialization of the listening sockets associated
	with the service

	Add JSON serialization of virNetSocketPtr objects for process re-exec()
	Add two new APIs virNetSocketNewPostExecRestart and
	virNetSocketPreExecRestart which allow a virNetSocketPtr
	object to be created from a JSON object and saved to a
	JSON object, for the purpose of re-exec'ing a process.
	As well as saving the state in JSON format, the second
	method will disable the O_CLOEXEC flag so that the open
	file descriptors are preserved across the process re-exec()
	Since it is not possible to serialize SASL or TLS encryption
	state, an error will be raised if attempting to perform
	serialization on non-raw sockets

	Add JSON serialization of virLockSpacePtr objects for process re-exec()
	Add two new APIs virLockSpaceNewPostExecRestart and
	virLockSpacePreExecRestart which allow a virLockSpacePtr
	object to be created from a JSON object and saved to a
	JSON object, for the purposes of re-exec'ing a process.
	As well as saving the state in JSON format, the second
	method will disable the O_CLOEXEC flag so that the open
	file descriptors are preserved across the process re-exec()

	Introduce an internal API for handling file based lockspaces
	The previously introduced virFile{Lock,Unlock} APIs provide a
	way to acquire/release fcntl() locks on individual files. For
	unknown reason though, the POSIX spec says that fcntl() locks
	are released when *any* file handle referring to the same path
	is closed. In the following sequence
	  threadA: fd1 = open("foo")
	  threadB: fd2 = open("foo")
	  threadA: virFileLock(fd1)
	  threadB: virFileLock(fd2)
	  threadB: close(fd2)
	you'd expect threadA to come out holding a lock on 'foo', and
	indeed it does hold a lock for a very short time. Unfortunately
	when threadB does close(fd2) this releases the lock associated
	with fd1. For the current libvirt use case for virFileLock -
	pidfiles - this doesn't matter since the lock is acquired
	at startup while single threaded an never released until
	exit.
	To provide a more generally useful API though, it is necessary
	to introduce a slightly higher level abstraction, which is to
	be referred to as a "lockspace".  This is to be provided by
	a virLockSpacePtr object in src/util/virlockspace.{c,h}. The
	core idea is that the lockspace keeps track of what files are
	already open+locked. This means that when a 2nd thread comes
	along and tries to acquire a lock, it doesn't end up opening
	and closing a new FD. The lockspace just checks the current
	list of held locks and immediately returns VIR_ERR_RESOURCE_BUSY.
	NB, the API as it stands is designed on the basis that the
	files being locked are not being otherwise opened and used
	by the application code. One approach to using this API is to
	acquire locks based on a hash of the filepath.
	eg to lock /var/lib/libvirt/images/foo.img the application
	might do
	   virLockSpacePtr lockspace = virLockSpaceNew("/var/lib/libvirt/imagelocks");
	   lockname = md5sum("/var/lib/libvirt/images/foo.img");
	   virLockSpaceAcquireLock(lockspace, lockname);
	NB, in this example, the caller should ensure that the path
	is canonicalized before calculating the checksum.
	It is also possible to do locks directly on resources by
	using a NULL lockspace directory and then using the file
	path as the lock name eg
	   virLockSpacePtr lockspace = virLockSpaceNew(NULL);
	   virLockSpaceAcquireLock(lockspace, "/var/lib/libvirt/images/foo.img");
	This is only safe to do though if no other part of the process
	will be opening the files. This will be the case when this
	code is used inside the soon-to-be-reposted virlockd daemon

2012-10-16  Martin Kletzander  <mkletzan@redhat.com>

	tests: Fix domain-events python test
	There was a missing method in python implementation of domain-events
	test and this patch adds that.

2012-10-16  Eric Blake  <eblake@redhat.com>

	maint: prepare for next release number
	Given Daniel's announcement[1], code targetting the next release will
	be in 1.0.0, not 0.10.3.  Changed mechanically with:
	for f in $(git grep -l '0\(.\)10\13\b') ; do
	   sed -i -e 's/0\(.\)10\13/1\10\10/g' $f
	done
	[1]https://www.redhat.com/archives/libvir-list/2012-October/msg00403.html
	* docs/formatdomain.html.in: Use 1.0.0 for next release.
	* src/interface/interface_backend_udev.c: Likewise.

	maint: fix license on polkit script
	As approved here:
	https://www.redhat.com/archives/libvir-list/2012-October/msg00701.html
	* daemon/libvirtd.policy.in: Use LGPLv2+ license.

2012-10-16  Martin Kletzander  <mkletzan@redhat.com>

	conf: add test for boot dev and order
	Add test for 280b8c9e7c94db1decdca08d169c88554c09fa19.

	conf: Fix crash with cleanup
	There was a crash possible when both <boot dev... and <boot
	order... were specified due to virDomainDefParseBootXML() erroring out
	before setting *tmp (which was free'd in cleanup).  As a fix, I
	created this cleanup that uses one pointer for all the temporary
	stored XPath strings and values, plus this pointer is correctly
	initialized to NULL.

	selinux: Use raw contexts 2
	In commit 9674f2c637114fa6ac0680fe5658a41a62bb34a8, I forgot to change
	selabel_lookup with the other functions, so this one-liner does exactly
	that.

2012-10-15  Eric Blake  <eblake@redhat.com>

	maint: drop spurious semicolons
	Detected with:
	git grep ';;$' -- '**/*.[ch]'
	* src/network/bridge_driver.c (networkRadvdConfContents): Fix
	harmless typo.
	* src/phyp/phyp_driver.c (phypUUIDTable_Pull): Likewise.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDriveDel):
	Likewise.

2012-10-15  Guannan Ren  <gren@redhat.com>

	selinux: add security selinux function to label tapfd
	BZ:https://bugzilla.redhat.com/show_bug.cgi?id=851981
	When using macvtap, a character device gets first created by
	kernel with name /dev/tapN, its selinux context is:
	system_u:object_r:device_t:s0
	Shortly, when udev gets notification when new file is created
	in /dev, it will then jump in and relabel this file back to the
	expected default context:
	system_u:object_r:tun_tap_device_t:s0
	There is a time gap happened.
	Sometimes, it will have migration failed, AVC error message:
	type=AVC msg=audit(1349858424.233:42507): avc:  denied  { read write } for
	pid=19926 comm="qemu-kvm" path="/dev/tap33" dev=devtmpfs ino=131524
	scontext=unconfined_u:system_r:svirt_t:s0:c598,c908
	tcontext=system_u:object_r:device_t:s0 tclass=chr_file
	This patch will label the tapfd device before qemu process starts:
	system_u:object_r:tun_tap_device_t:MCS(MCS from seclabel->label)

2012-10-15  Martin Kletzander  <mkletzan@redhat.com>

	Add support for SUSPEND_DISK event
	This patch adds support for SUSPEND_DISK event; both lifecycle and
	separated.  The support is added for QEMU, machines are changed to
	PMSUSPENDED, but as QEMU sends SHUTDOWN afterwards, the state changes
	to shut-off.  This and much more needs to be done in order for libvirt
	to work with transient devices, wake-ups etc.  This patch is not
	aiming for that functionality.

2012-10-15  Ján Tomko  <jtomko@redhat.com>

	util: switch virLogEatParams to virLogSource
	Commit e8fd8757c89abbd38571092bbb987650b7658aec changed 'const char *'
	category to virLogSource enum. This changes it in virLogEatParams as
	well, thus fixing the build with --disable-debug.
	--
	Hopefully moving the enum declarations is less ugly than using int.

2012-10-15  Osier Yang  <jyang@redhat.com>

	node_memory: Add new parameter field to tune the new sysfs knob
	Upstream kernel introduced new sysfs knob "merge_across_nodes" to
	specify if pages from different numa nodes can be merged. When set
	to 0, only pages which physically reside in the memory area of
	same NUMA node can be merged. When set to 1, pages from all nodes
	can be merged.
	This patch supports the tuning by adding new param field
	"shm_merge_across_nodes".

2012-10-15  Laine Stump  <laine@laine.org>

	qemu: reorganize qemuDomainChangeNet and qemuDomainChangeNetBridge
	This patch resolves:
	  https://bugzilla.redhat.com/show_bug.cgi?id=805071
	to the extent that it can be resolved with current qemu functionality.
	It attempts to detect as many situations as possible when the simple
	operation of disconnecting an existing tap device from one bridge and
	attaching it to another will satisfy the change requested in
	virDomainUpdateDeviceFlags() for a network device. Before this patch,
	that situation could only be detected if the pre-change interface
	*and* the post-change interface definition were both "type='bridge'".
	After this patch, it can also be detected if the before or after
	interfaces are any combination of type='bridge' and type='network'
	(the networks can be <forward mode='nat|route|bridge'>, as long as
	they use a Linux host bridge and not macvtap connections).
	This extra effort is especially useful since the recent discovery that
	a netdev_del+netdev_add combo (to reconnect the network device with
	completely different hostside configuration) doesn't work properly
	with current qemu (1.2) unless it is accompanied by the matching
	device_del+device_add - see this mailing list message for details:
	  http://lists.nongnu.org/archive/html/qemu-devel/2012-10/msg02355.html
	(A slight modification of the patch referenced there has been prepared
	to apply on top of this patch, but won't be pushed until qemu can be
	made to work with it.)
	* qemuDomainChangeNet needs access to the virDomainDeviceDef that
	holds the new netdef (so that it can clear out the virDomainDeviceDef
	if it ends up using the NetDef to replace the original), so the
	virDomainNetDefPtr arg is replaced with a virDomainDeviceDefPtr.
	* qemuDomainChangeNet previously checked for *some* changes to the
	interface config, but this check was by no means complete. It was also
	a bit disorganized.
	This refactoring of the code is (I believe) complete in its check of
	all NetDef attributes that might be changed, and either returns a
	failure (for changes that are simply impossible), or sets one of three
	flags:
	  needLinkStateChange - if the device link state needs to go up/down
	  needBridgeChange    - if everything else is the same, but it needs
	                        to be connected to a difference linux host
	                        bridge
	  needReconnect       - if the entire host side of the device needs
	                        to be torn down and reconstructed (currently
	                        non-working, as mentioned above)
	Note that this function will refuse to make any change that requires
	the *guest* side of the device to be detached (e.g. changing the PCI
	address or mac address). Those would be disruptive enough to the guest
	that it's reasonable to require an explicit detach/attach sequence
	from the management application.
	* As mentioned above, qemuDomainChangeNet also does its best to
	understand when a simple change in attached bridge for the existing
	tap device will work vs. the need to completely tear down/reconstruct
	the host side of the device (including tap device).
	This patch *does not* implement the "reconnect" code anyway - there is
	a placeholder that turns that into an error. Rather, the purpose of
	this patch is to replicate existing behavior with code that is ready
	to have that functionality plugged in in a later patch.
	* The expanded uses for qemuDomainChangeNetBridge meant that it needed
	to be enhanced as well - it no longer replaces the original brname
	string in olddev with the new brname; instead, it relies on the
	caller to replace the *entire* olddev with newdev (since we've gone
	to great lengths to assure they are functionally identical other
	than the name of the bridge, this is now not only safe, but more
	correct). Additionally, qemuDomainNetChangeBridge can now set the
	bridge for type='network' interfaces as well as plain type='bridge'
	interfaces. (Note that I had to make this change simultaneous to the
	reorganization of qemuDomainChangeNet because the two are too
	closely intertwined to separate).

2012-10-15  Guido Günther  <agx@sigxcpu.org>

	Avoid straying </cpuset>
	by using the same condition as for the <cpuset>.
	Fixes "make check" found by
	    http://honk.sigxcpu.org:8001/job/libvirt-check/160/

2012-10-15  Laine Stump  <laine@laine.org>

	conf: virDomainDeviceInfoCopy utility function
	This does a shallow copy of all the bits, then strdups the two items
	that are actually allocated separately.

	conf: fix virDevicePCIAddressEqual args
	This function really should have been taking virDevicePCIAddress*
	instead of the inefficient virDevicePCIAddress (results in copying two
	entire structs onto the stack rather than just two pointers), and
	returning a bool true/false (not matching is not necessarily a
	"failure", as a -1 return would imply, and also using "if
	(!virDevicePCIAddressEqual(x, y))" to mean "if x == y" is just a bit
	counterintuitive).

2012-10-15  Guido Günther  <agx@sigxcpu.org>

	Fix tab vs space
	that broke "make syntax-check"
	found by http://honk.sigxcpu.org:8001/job/libvirt-syntax-check/157/
	Pushed under the build breaker rule.

2012-10-15  Osier Yang  <jyang@redhat.com>

	qemu: Ignore def->cpumask if emulatorpin is specified
	If the vcpu placement is "static", it's just fine to ignore the
	def->cpumask if emulatorpin is specified.

	conf: Ignore emulatorpin if vcpu placement is auto
	When vcpu placement is "auto", the domain process will be pinned
	to advisory nodeset from querying numad, While emulatorpin will
	override the pinning. That means both of them are to set the
	pinning policy for domain process, but conflicts with each other.
	This patch ingore emulatorpin if vcpu placement is "auto", because
	<vcpu> placement can't be simply ignored for <numatune> placement
	could default to it.

	qemu: Initialize cpuset for hotplugged vcpu as def->cpuset
	The onlined vcpu pinning policy should inherit def->cpuset if
	it's not specified explicitly, and the affinity should be set
	in this case. Oppositely, the offlined vcpu pinning policy should
	be free()'ed.

	qemu: Create or remove cgroup when doing vcpu hotpluging
	Various APIs use cgroup to either set or get the statistics of
	host or guest. Hotplug or hot unplug new vcpus without creating
	or removing the cgroup for the vcpus could cause problems for
	those APIs. E.g.
	% virsh vcpucount dom
	maximum      config        10
	maximum      live          10
	current      config         1
	current      live           1
	% virsh setvcpu dom 2
	% virsh schedinfo dom --set vcpu_quota=1000
	Scheduler      : posix
	error: Unable to find vcpu cgroup for rhel6.2(vcpu: 1): No such file or
	directory
	This patch fixes the problem by creating cgroups for each of the
	onlined vcpus, and destroying cgroups for each of the offlined
	vcpus.

	conf: Initialize the pinning policy for vcpus
	Document for <vcpu>'s "cpuset" says:
	Since 0.4.4, this element can contain an optional cpuset attribute,
	which is a comma-separated list of physical CPU numbers that virtual
	CPUs can be pinned to.
	However, it's not the truth, libvirt actually pins the domain
	process to the specified pCPUs by "cpuset" of <vcpu>. And the
	vcpu thread are pinned to all available pCPUs if no <vcpupin>
	is specified for it.
	This patch is to implement the codes to inherit <vcpu>'s "cpuset" for
	vcpu that doesn't have <vcpupin> specified, and <vcpupin>
	for these vcpu will be ignored when formating. Underlying
	driver implementation will make sure the vcpu thread pinned
	to correct pCPUs.

	conf: Ignore vcpupin for not onlined vcpus when parsing
	Setting pinning policy for vcpu which exceeds current vcpus number
	just makes no sense, however, it could cause various problems, E.g.
	<vcpu current='1'>4</vcpu>
	<cputune>
	  <vcpupin vcpuid='3' cpuset='4'/>
	</cputune>
	% virsh start linux
	error: Failed to start domain linux
	error: cannot set CPU affinity on process 32534: No such process
	We must have some odd codes underlying which produces the
	"on process 32534", but the point is why we not to prevent
	earlier when parsing? Note that this is only one of the
	problem it could cause.
	This patch is to ignore the <vcpupin> for not onlined vcpus.

	doc: Sort out the relationship between <vcpu>, <vcpupin>, and <emulatorpin>
	These 3 elements conflicts with each other in either the doc
	or the underlying codes.
	Current problems:
	Problem 1:
	The doc shouldn't simply say "These settings are superseded
	by CPU tuning. " for element <vcpu>. As except the tuning, <vcpu>
	allows to specify the current, maxmum vcpu number. Apart from that,
	<vcpu> also allows to specify the placement as "auto", which binds
	the domain process to the advisory nodeset from numad.
	Problem 2:
	Doc for <vcpu> says its "cpuset" specify the physical CPUs
	that the vcpus can be pinned. But it's not the truth, as
	actually it only pin domain process to the specified physical
	CPUs. So either it's a document bug, or code bug.
	Problem 3:
	Doc for <vcpupin> says it supersed "cpuset" of <vcpu>, it's
	not quite correct, as each <vcpupin> specify the pinning policy
	only for one vcpu. How about the ones which doesn't have
	<vcpupin> specified? it says the vcpu will be pinned to all
	available physical CPUs, but what's the meaning of attribute
	"cpuset" of <vcpu> then?
	Problem 4:
	Doc for <emulatorpin> says it pin the emulator threads (domain
	process in other context, perhaps another follow up patch to
	cleanup the inconsistency is needed) to the physical CPUs
	specified its attribute "cpuset". Which conflicts with
	<vcpu>'s "cpuset". And actually in the underlying codes,
	it set the affinity for domain process twice if both
	"cpuset" for <vcpu> and <emulatorpin> are specified,
	and <emulatorpin>'s pinning will override <vcpu>'s.
	Problem 5:
	When "placement" of <vcpu> is "auto" (I.e. uses numad to
	get the advisory nodeset to which the domain process is
	pinned to), it will also be overridden by <emulatorpin>,
	This patch is trying to sort out the conflicts or bugs by:
	1) Don't say <vcpu> is superseded by <cputune>
	2) Keep the semanteme for "cpuset" of <vcpu> (I.e. Still says it
	   specify the physical CPUs the virtual CPUs). But modifying it
	   to mention it also set the pinning policy for domain process,
	   and the CPU placement of domain process specified by "cpuset"
	   of <vcpu> will be ingored if <emulatorpin> specified, and
	   similary, the CPU placement of vcpu thread will be ignored
	   if it has <vcpupin> specified, for vcpu which doesn't have
	   <vcpupin> specified, it inherits "cpuset" of <vcpu>.
	3) Don't say <vcpu> is supersed by <vcpupin>. If neither <vcpupin>
	   nor "cpuset" of <vcpu> is specified, the vcpu will be pinned
	   to all available pCPUs.
	4) If neither <emulatorpin> nor "cpuset" of <vcpu> is specified,
	   the domain process (emulator threads in the context) will be
	   pinned to all available pCPUs.
	5) If "placement" of <vcpu> is "auto", <emulatorpin> is not allowed.
	6) hotplugged vcpus will also inherit "cpuset" of <vcpu>
	Codes changes according to above document changes:
	1) Inherit def->cpumask for each vcpu which doesn't have <vcpupin>
	   specified, during parsing.
	2) ping the vcpu which doesn't have <vcpupin> specified to def->cpumask
	   either by cgroup for sched_setaffinity(2), which is actually done
	   by 1).
	3) Error out if "placement" == "auto", and <emulatorpin> is specified.
	   Otherwise, <emulatorpin> is honored, and "cpuset" of <cpuset> is
	   ignored.
	4) Setup cgroup for each hotplugged vcpu, and setup the pinning policy
	   by either cgroup or sched_setaffinity(2).
	5) Remove cgroup and <vcpupin> for each hot unplugged vcpu.
	Patches are following (6 in total except this patch)

2012-10-15  Cole Robinson  <crobinso@redhat.com>

	Tweak comments in the policykit rules file
	- Add the XML header so vim gives us syntax highlighting
	- polkit-policy-file-validate hasn't existed for 3 years
	- Permissions comment was not accurate

	Only keep one polkit rules file
	Just tweak it at build time depending on what polkit version we are
	building for.

	daemon: Use $(AM_V_GEN) in a few more places

2012-10-13  Guido Günther  <agx@sigxcpu.org>

	Properly parse (unsigned) long long
	This fixes problems on platforms where sizeof(long) != sizeof(long long)
	like ia32.

2012-10-13  Peter Krempa  <pkrempa@redhat.com>

	spec: Add support for libssh2 transport
	Libssh2 transport support was enabled lately but the spec file wasn't
	updated to take this into account. This caused libvirt to be built
	without libssh2 support in Red Hat based OSes.

2012-10-12  Martin Kletzander  <mkletzan@redhat.com>

	selinux: Use raw contexts
	We are currently able to work only with non-translated SELinux
	contexts, but we are using functions that work with translated
	contexts throughout the code.  This patch swaps all SELinux context
	translation relative calls with their raw sisters to avoid parsing
	problems.
	The problems can be experienced with mcstrans for example.  The
	difference is that if you have translations enabled (yum install
	mcstrans; service mcstrans start), fgetfilecon_raw() will get you
	something like 'system_u:object_r:virt_image_t:s0', whereas
	fgetfilecon() will return 'system_u:object_r:virt_image_t:SystemLow'
	that we cannot parse.
	I was trying to confirm that the _raw variants were here since the dawn of
	time, but the only thing I see now is that it was imported together in
	the upstream repo [1] from svn, so before 2008.
	Thanks Laurent Bigonville for finding this out.
	[1] http://oss.tresys.com/git/selinux.git

2012-10-12  Jiri Denemark  <jdenemar@redhat.com>

	conf: Mark missing optional USB devices in domain XML
	When startupPolicy set for a USB devices allows such device to be
	missing, there was no way this could be detected from domain XML. With
	this patch, libvirt emits a new missing='yes' attribute for such devices
	when active domain XML is generated.

2012-10-12  Ján Tomko  <jtomko@redhat.com>

	virsh: remove reference to migration in blockcopy

	virsh: block SIGINT while getting BlockJobInfo
	SIGINT hasn't been blocked, which could lead to losing it somewhere in
	virDomainGetBlockJobInfo and not aborting the job.

	Various typos and misspellings

2012-10-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix misleading comment for qemuDomainObjBeginJobWithDriver()
	The comment stated that you may call qemuDomainObjBeginJobWithDriver
	without passing qemud_driver to signal it's not locked.
	qemuDomainObjBeginJobWithDriver still accesses the qemud_driver
	structure and the lock singaling is done through a separate parameter.

2012-10-11  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Make save/restore with USB devices usable
	Save/restore with passed through USB devices currently only works if the
	USB device can be found at the same USB address where it used to be
	before saving a domain. This makes sense in case a user explicitly
	configure the USB address in domain XML. However, if the device was
	found automatically by vendor/product identification, we should try to
	search for that device when restoring the domain and use any device we
	find as long as there is only one available. In other words, the USB
	device can now be removed and plugged again or the host can be rebooted
	between saving and restoring the domain.

	Add MIGRATABLE flag for virDomainGetXMLDesc
	Using VIR_DOMAIN_XML_MIGRATABLE flag, one can request domain's XML
	configuration that is suitable for migration or save/restore. Such XML
	may contain extra run-time stuff internal to libvirt and some default
	configuration may be removed for better compatibility of the XML with
	older libvirt releases.
	This flag may serve as an easy way to get the XML that can be passed
	(after desired modifications) to APIs that accept custom XMLs, such as
	virDomainMigrate{,ToURI}2 or virDomainSaveFlags.

	qemu: Implement startupPolicy for USB passed through devices

	qemu: Add option to treat missing USB devices as success
	All USB device lookup functions emit an error when they cannot find the
	requested device. With this patch, their caller can choose if a missing
	device is an error or normal condition.

	qemu: Introduce qemuFindHostdevUSBDevice
	The code which looks up a USB device specified by hostdev is duplicated
	in two places. This patch creates a dedicated function that can be
	called in both places.

	conf: Add support for startupPolicy for USB devices
	USB devices can disappear without OS being mad about it, which makes
	them ideal for startupPolicy. With this attribute, USB devices can be
	configured to be mandatory (the default), requisite (will disappear
	during migration if they cannot be found), or completely optional.

	locking: Implement lock failure action in sanlock driver
	While the changes to sanlock driver should be stable, the actual
	implementation of sanlock_helper is supposed to be replaced in the
	future. However, before we can implement a better sanlock_helper, we
	need an administrative interface to libvirtd so that the helper can just
	pass a "leases lost" event to the particular libvirt driver and
	everything else will be taken care of internally. This approach will
	also allow libvirt to pass such event to applications and use
	appropriate reasons when changing domain states.
	The temporary implementation handles all actions directly by calling
	appropriate libvirt APIs (which among other things means that it needs
	to know the credentials required to connect to libvirtd).

	locking: Add support for lock failure action

	locking: Pass hypervisor driver name when acquiring locks
	This is required in case a lock manager needs to contact libvirtd in
	case of an unexpected event.

	locking: Add const char * parameter to avoid ugly typecasts

	conf: Add on_lockfailure event configuration
	Using this new element, one can configure an action that should be
	performed when resource locks are lost.

	conf: Rename life cycle actions to event actions
	While current on_{poweroff,reboot,crash} action configuration is about
	configuring life cycle actions, they can all be considered events and
	actions that need to be done on a particular event. Let's generalize the
	code by renaming life cycle actions to event actions so that it can be
	reused later for non-lifecycle events.

2012-10-11  Zeeshan Ali (Khattak)  <zeeshanak@gnome.org>

	Correct name of domain/pm/suspend-to-mem in docs

2012-10-11  Cole Robinson  <crobinso@redhat.com>

	storage: Report UUID/name consistently in driver errors
	Done with:
	sed -i -e "s/no pool with matching uuid/no storage pool with matching uuid/g" src/storage/storage_driver.c
	sed -i -e 's/"%s", _("no storage pool with matching uuid")/_("no storage pool with matching uuid %s"), obj->uuid/g' src/storage/storage_driver.c
	sed -i -e 's/"%s", _("storage pool is not active")/_("storage pool '%s' is not active"), pool->def->name/g' src/storage/storage_driver.c
	And a couple fixups before, during, and after, and a manual inspection
	pass to make sure nothing was wonky.

2012-10-10  Daniel P. Berrange  <berrange@redhat.com>

	Change qemuSetSchedularParameters to use AFFECT_CURRENT
	When adding variants of parameter setting APIs which accepted
	flags, the existing APIs were all adapted internally to pass
	VIR_DOMAIN_AFFECT_CURRENT to the new API. The QEMU impl
	qemuSetSchedularParameters was an exception, which instead
	used VIR_DOMAIN_AFFECT_LIVE. Change this to match other
	compatibility scenarios, so that calling
	   virDomainSetSchedularParameters(dom, params, nparams);
	Has the same semantics as
	   virDomainSetSchedularParametersFlags(dom, params, nparams, 0);
	And
	   virDomainSetSchedularParametersFlags(dom, params, nparams, VIR_DOMAIN_AFFECT_CURRENT);

2012-10-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	win32: Pretend that close-on-exec works
	Currently virNetSocketNew fails because virSetCloseExec fails as there
	is no proper implementation for it on Windows at the moment. Workaround
	this by pretending that setting close-on-exec on the fd works. This can
	be done because libvirt currently lacks the ability to create child
	processes on Windows anyway. So there is no point in failing to set a
	flag that isn't useful at the moment anyway.

	esx: Fix dynamic dispatch for types with more than one level of inheritance
	Traverse the whole inheritance hierarchy for dynamic dispatch as it is
	already done for the dynamic cast.
	Also make AnyType cast errors more verbose.
	Reported by Ata Bohra.

2012-10-10  Doug Goldstein  <cardoe@cardoe.com>

	interface: add udevIfaceIsActive() to udev backend
	Add support to check if a specific interface is active by supporting the
	following API function in the udev based virInterface backend:
	* virConnectInterfaceIsActive()

2012-10-09  Doug Goldstein  <cardoe@cardoe.com>

	interface: always build all available backends
	Always build all available backends to avoid bit-rot. At run time we
	select the correct backend and load it by attempting netcf first and
	then udev.

	interface: fix netcf based backend naming
	All other backends for virInterface or other HVs implementations of
	virInterface list their own names for the name instead of the generic
	'Interface' value. This does the same for the netcf based backend.
	Also, report any errors during registration.

	interface: add udev based backend for virInterface
	Add a read-only udev based backend for virInterface. Useful for distros
	that do not have netcf support yet. Multiple libvirt based utilities use
	a HAL based fallback when virInterface is not available which is less
	than ideal. This implements:
	* virConnectNumOfInterfaces()
	* virConnectListInterfaces()
	* virConnectNumOfDefinedInterfaces()
	* virConnectListDefinedInterfaces()
	* virConnectListAllInterfaces()
	* virConnectInterfaceLookupByName()
	* virConnectInterfaceLookupByMACString()

2012-10-09  Eric Blake  <eblake@redhat.com>

	hooks: let virCommand do the error reporting
	The code was reporting raw exit status without decoding it into
	normal vs. signal exit.  virCommandRun already does this, but
	with a different error type, so all we have to do is recast
	the error to the correct type.
	Reported by li guang.
	* src/util/hooks.c (virHookCall): Simplify.

2012-10-09  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	doc: update description about user/group in qemu.conf
	As a side effect of changes in the functions virGetUserID and
	virGetGroupID, the user and group configurations for DAC in qemu.conf
	are now able to accept both names and IDs, supporting a leading plus
	sign to ensure that a numeric value will not be interpreted as a name.
	This patch updates the comments in qemu.conf, including a description of
	this new behavior.

2012-10-09  Michal Privoznik  <mprivozn@redhat.com>

	docs: Drop useless </p> in drvphyp.html.in

	nodeinfo: Fully convert to new virReportError
	With our latest s/[a-z]+ReportError/virReportError/ rewrite
	(47ab34e2) we forgot to update arm part of the code.

2012-10-09  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix QMP detection of QXL graphics
	With the recent introduction of QMP capabilities probing, libvirt failed
	to detect support for QXL graphics in QEMU 1.2 and newer. In addition to
	fixing that, this patch also causes libvirt to detect QXL support for
	qemu-kvm-0.13.0, which doesn't advertise it in -help output but mentions
	it in device list. Since qemu-kvm-0.13.0 supported -spice, it looks like
	not having qxl in -help was a bug.

2012-10-09  Eric Blake  <eblake@redhat.com>

	virsh: add qemu-monitor-command --pretty
	I was using qemu-monitor-command during development, and found it quite
	hard to use.  Compare the results of this patch on ease of reading:
	$ virsh qemu-monitor-command          dom '{"execute":"query-version"}'
	{"return":{"qemu":{"micro":1,"minor":12,"major":0},"package":"(qemu-kvm-0.12.1.2)"},"id":"libvirt-7683"}
	$ virsh qemu-monitor-command --pretty dom '{"execute":"query-version"}'
	{
	    "return": {
	        "qemu": {
	            "micro": 1,
	            "minor": 12,
	            "major": 0
	        },
	        "package": "(qemu-kvm-0.12.1.2)"
	    },
	    "id": "libvirt-7674"
	}
	* tools/virsh-host.c (cmdQemuMonitorCommand): New option.
	* tools/virsh.pod (qemu-monitor-command): Document it.

2012-10-09  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	security: update user and group parsing in security_dac.c
	The functions virGetUserID and virGetGroupID are now able to parse
	user/group names and IDs in a similar way to coreutils' chown. So, user
	and group parsing in security_dac can be simplified.

	util: extend virGetUserID and virGetGroupID to support names and IDs
	This patch updates virGetUserID and virGetGroupID to be able to parse a
	user or group name in a similar way to coreutils' chown. This means that
	a numeric value with a leading plus sign is always parsed as an ID,
	otherwise the functions try to parse the input first as a user or group
	name and if this fails they try to parse it as an ID.
	This patch includes Peter Krempa's changes to correctly handle errors
	returned by getpwnam_r and getgrnam_r.

2012-10-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	Call curl_global_init from virInitialize to avoid thread-safety issues
	curl_global_init is not thread-safe. curl_easy_init might call
	curl_global_init when it was no called before. But curl_easy_init
	can be called from different threads by the ESX driver. Therefore,
	call curl_global_init from virInitialize to stop curl_easy_init from
	calling it.
	Reported by Benjamin Wang.

2012-10-09  Martin Kletzander  <mkletzan@redhat.com>

	fix kvm_pv_eoi with kvmclock
	When both kvmclock and kvm_pv_eoi are configured (either disabled or
	enabled) libvirt will generate invalid CPU specification due to the
	fact that even though kvmclock causes the CPU to be specified, it
	doesn't set have_cpu flag to true (and the new kvm_pv_eoi as well).
	This patch fixes the issue and adds a test exactly for that to show
	that it is fixed correctly (and also to keep it that way in the future
	of course).

2012-10-09  Alexander Larsson  <alexl@redhat.com>

	Fix typo in HAVE_DBUS automake conditional
	The variable that is set in the script is with_dbus, not have_dbus.

2012-10-08  Guannan Ren  <gren@redhat.com>

	python: keep consistent handling of Python integer conversion
	libvirt_ulonglongUnwrap requires the integer type of python obj.
	But libvirt_longlongUnwrap still could handle python obj of
	Pyfloat_type which causes the float value to be rounded up
	to an integer.
	For example
	 >>> dom.setSchedulerParameters({'vcpu_quota': 0.88})
	 0
	libvirt_longlongUnwrap treats 0.88 as a valid value 0
	However
	 >>> dom.setSchedulerParameters({'cpu_shares': 1000.22})
	libvirt_ulonglongUnwrap will throw out an error
	"TypeError: an integer is required"
	The patch make this consistent.

	python: cleanup vcpu related binding APIs
	libvirt_virDomainGetVcpus: add error handling, return -1 instead of None
	libvirt_virDomainPinVcpu and libvirt_virDomainPinVcpuFlags:
	  check the type of argument
	  make use of libvirt_boolUnwrap
	  Set bitmap according to these values which are contained in given
	  argument of vcpu tuple and turn off these bit corresponding to
	  missing vcpus in argument tuple
	  The original way ignored the error info from PyTuple_GetItem
	  if index is out of range.
	  "IndexError: tuple index out of range"
	  The error message will only be raised on next command in interactive mode.

2012-10-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Disable libcurl's use of signals to fix a segfault
	libcurl uses a SIGALRM in combination with sigsetjmp/siglongjmp to be
	able to abort a DNS lookup when it takes too long. The problem with this
	in a multi-threaded application is that the signal handler for SIGALRM
	and the call to siglongjmp can be executed on a thread that is different
	from the one that initially did the SIGALRM setup and the call to
	sigsetjmp. In the reported case this triggered a segfault.
	Disable libcurl's use of signals to avoid this situation. This has the
	disadvantage of losing the ability to abort synchronous DNS lookups which
	might result in libcurl getting stuck in a DNS lookup in the worst case.
	When libcurl was build with an asynchronous DNS backend such as c-ares
	then there is no problem because the timeout mechanism works without
	signals here anyway.
	Reported by Benjamin Wang.

2012-10-05  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Buffer too small for large CPU numbers.
	The output buffer for virFileReadAll was too small for systems with
	more than 30 CPUs which leads to a log entry and incorrect behavior.
	The new size will be sufficient for the current
	architectural limits.

2012-10-05  Eric Blake  <eblake@redhat.com>

	build: fix VPATH builds
	This reverts part of commit 5468594f465; the perl changes in that
	patch were sufficient.  Since libvirt.syms is already a generated
	file created in part from libvirt_private.syms, we don't need a
	second pass over libvirt_private.syms in isolation.
	* src/Makefile.am: Undo addition of check-private-symfile.

2012-10-05  Michal Privoznik  <mprivozn@redhat.com>

	Check for private symbols presence as well
	Currently, we are checking if libvirt.so contains public symbols.
	However, sometimes we rename an internal symbol and forget to
	change libvirt_private.syms accordingly. Hence, it's safer to check
	for internal symbols as well.

2012-10-05  Eric Blake  <eblake@redhat.com>

	spec: prefer canonical name of util-linux
	I noticed that in two places, we require util-linux, and in a third,
	we require util-linux-ng.  On Fedora (I tested F15 through rawhide),
	util-linux-ng is obsoleted by util-linux; on RHEL 6, util-linux
	is obsoleted by util-linux-ng.  That is, on either platform, either
	name will get you the correct package installed (where the preferred
	name on fedora is util-linux, and on RHEL 6 is util-linux-ng).  But
	on RHEL 5, there is no util-linux-ng
	* libvirt.spec.in (Requires): Use util-linux, not util-linux-ng.

2012-10-05  Michal Privoznik  <mprivozn@redhat.com>

	private.syms: Drop virKillProcess
	After it got renamed to virProcessKill (cf470068a11)
	it is no longer needed in the private syms file.

2012-10-05  Eric Blake  <eblake@redhat.com>

	docs: fix links in migration.html TOC
	Use of the wrong attribute name caused the table of contents to
	be useless.  Fix suggested by Daniel P. Berrange.
	* docs/migration.html.in: Use correct anchoring attribute.

2012-10-04  Wido den Hollander  <wido@widodh.nl>

	doc: Add Maven repository to Java bindings documentation
	Getting a artifact into Maven central has a lot of restrictions as
	where the artifact should be hosted.
	This seemed like a big hassle which we don't want to go through now.
	Document a way for users to use libvirt.org as a repository so they can
	fetch the Java bindings with maven.

2012-10-04  Kyle Mestery  <kmestery@cisco.com>

	Correct checking of virStrcpyStatic() return value
	Correct the check for the return value of virStrcpyStatic()
	when copying port-profile names. Fixes Open vSwitch ports
	which utilize port-profiles from network definitions.

2012-10-04  Eric Blake  <eblake@redhat.com>

	docs: rudimentary phyp documentation
	Based on a report that phyp is undocumented:
	https://www.redhat.com/archives/libvirt-users/2012-July/msg00013.html
	* docs/drvphyp.html.in (phyp): New file.
	* docs/drivers.html.in: List it.

	build: update gnulib for FreeBSD build
	Several gnulib tests were failing 'make check', and compilation with
	CFLAGS=-g failed due to a gcc 4.2.1 limitation.
	* .gnulib: Update to latest, for gcc 4.2 support and fixed FreeBSD tests.

2012-10-03  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	doc: update description about security labels on formatdomain.html
	This patch adds a brief description about labels for each security
	driver.

	security: also parse user/group names instead of just IDs for DAC labels
	The DAC driver is missing parsing of group and user names for DAC labels
	and currently just parses uid and gid. This patch extends it to support
	names, so the following security label definition is now valid:
	  <seclabel type='static' model='dac' relabel='yes'>
	      <label>qemu:qemu</label>
	      <imagelabel>qemu:qemu</imagelabel>
	  </seclabel>
	When it tries to parse an owner or a group, it first tries to resolve it as
	a name, if it fails or it's an invalid user/group name then it tries to
	parse it as an UID or GID. A leading '+' can also be used for both owner and
	group to force it to be parsed as IDs, so the following example is also
	valid:
	  <seclabel type='static' model='dac' relabel='yes'>
	      <label>+101:+101</label>
	      <imagelabel>+101:+101</imagelabel>
	  </seclabel>
	This ensures that UID 101 and GUI 101 will be used instead of an user or
	group named "101".

2012-10-02  Eric Blake  <eblake@redhat.com>

	build: avoid -Wno-format on new-enough gcc
	Commit c579d6b added a sledgehammer to silence spurious warnings from
	gcc 4.2, but in the process, it also silenced useful warnings from
	gcc 4.3 through 4.5.  As a result, a bug slipped in to commit 0caccb58.
	Tested with FreeBSD (gcc 4.2.1), RHEL 6.3 (gcc 4.4), and F17 (gcc 4.7.2),
	where the former didn't trip on spurious warnings, and where the latter
	two detected a revert of 2b804cf.
	* m4/virt-compile-warnings.m4 (-Wno-format): Probe for the actual
	spurious message, to once again allow gcc 4.4 to use -Wformat.

	build: fix typo in debug message
	Introduced in commit 0caccb58.
	  CC     libvirt_driver_qemu_impl_la-qemu_capabilities.lo
	../../src/qemu/qemu_capabilities.c: In function 'qemuCapsInitQMP':
	../../src/qemu/qemu_capabilities.c:2327:13: error: format '%d' expects argument of type 'int', but argument 8 has type 'const char *' [-Werror=format]
	* src/qemu/qemu_capabilities.c (qemuCapsInitQMP): Use correct format.

2012-10-02  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Kill processes used for QMP caps probing
	Since libvirt switched to QMP capabilities probing recently, it starts
	QEMU process used for this probing with -daemonize, which means
	virCommandAbort can no longer reach these processes. As a result of
	that, restarting libvirtd will leave several new QEMU processes behind.
	Let's use QEMU's -pidfile and use it to kill the process when QMP caps
	probing is done.

2012-10-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: Use proper agent entering function when freezing filesystems
	When doing snapshots, the filesystem freeze function used the agent
	entering function that expects the qemud_driver unlocked. This might
	cause a deadlock of the qemu driver if the agent does not respond.
	The only call path of this function has the qemud_driver locked, so this
	patch changes the entering functions to those expecting the driver
	locked.

2012-10-02  Michal Privoznik  <mprivozn@redhat.com>

	lxc: Correctly report active cgroups
	There was an inverted return value in lxcCgroupControllerActive().
	The function assumes cgroups are active and do couple of checks
	to prove that. If any of them fails, false is returned. Therefore,
	at the end, after all checks are done we must return true, not false.

2012-10-02  Eric Blake  <eblake@redhat.com>

	build: avoid journald on rhel 5
	Commit f6430390 broke builds on RHEL 5, where glibc (2.5) is too
	old to support mkostemp (2.7) or htole64 (2.9).  While gnulib
	has mkostemp, it still lacks htole64; and it's not worth dragging
	in replacements on systems where journald is unlikely to exist
	in the first place, so we just use an extra configure-time check
	as our witness of whether to attempt compiling the code.
	* src/util/logging.c (virLogParseOutputs): Don't attempt to
	compile journald on older glibc.
	* configure.ac (AC_CHECK_DECLS): Check for htole64.

	build: fix bitmap conversion when !CPU_ALLOC
	Commit f1a43a8 missed one side of an #if/#else.
	* src/util/processinfo.c (virProcessInfoGetAffinity): Use correct
	bitmap operation.

2012-10-02  Dave Allan  <dallan@redhat.com>

	Add note about numeric domain names to manpage
	Clarify that domains with numeric names can only be identified by
	their domain id.

2012-10-01  Eric Blake  <eblake@redhat.com>

	build: avoid infinite autogen loop
	Several people have reported that if the .gnulib submodule is dirty,
	then 'make' will go into an infinite loop attempting to rerun bootstrap,
	because that never cleans up the dirty submodule.  By default, we
	should halt and make the user investigate, but if the user doesn't
	know why or care that the submodule is dirty, I also added the ability
	to 'make CLEAN_SUBMODULE=1' to get things going again.
	Also, while testing this, I noticed that when a submodule update was
	needed, 'make' would first run autoreconf, then bootstrap (which
	reruns autoreconf); adding a strategic dependency allows for less work.
	* .gnulib: Update to latest, for maint.mk improvements.
	* cfg.mk (_autogen): Also hook maint.mk, to run before autoreconf.
	* autogen.sh (bootstrap): Refuse to run if gnulib is dirty, unless
	user requests discarding gnulib changes.

2012-09-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	hyperv: Fix and improve hypervListAllDomains
	Use MATCH for all flags checks.
	hypervMsvmComputerSystemToDomain expects the domain pointer to the
	initialized to NULL.
	All items in doms up to the count-th one are valid, no need to double
	check before freeing them.

	esx: Fix and improve esxListAllDomains function
	Avoid requesting information such as identity or power state when it
	is not necessary.
	Lookup virtual machine list with the required fields (configStatus,
	name, and config.uuid) to make esxVI_GetVirtualMachineIdentity work.
	No need to call esxVI_GetNumberOfSnapshotTrees. rootSnapshotTreeList
	can be tested for emptiness by checking it for NULL.
	esxVI_LookupRootSnapshotTreeList already does the error reporting,
	don't overwrite it.
	Check if autostart is enabled at all before looking up the individual
	autostart setting of a virtual machine.
	Reorder VIR_EXPAND_N(doms, ndoms, 1) to avoid leaking the result of
	the call to virGetDomain if VIR_EXPAND_N fails.
	Replace VIR_EXPAND_N by VIR_RESIZE_N to avoid quadratic scaling, as in
	the Hyper-V version of the function.
	If virGetDomain fails it already reports an error, don't overwrite it
	with an OOM error.
	All items in doms up to the count-th one are valid, no need to double
	check before freeing them.
	Finally, don't leak autoStartDefaults and powerInfoList.

2012-09-29  Daniel J Walsh  <dwalsh@redhat.com>

	build: default selinuxfs mount point to /sys/fs/selinux
	Currently if you build on a machine that does not support SELinux we end up
	with the default mount point being /selinux, since this is moved to
	/sys/fs/selinux, we should start defaulting there.
	I believe this is causing a bug in libvirt-lxc when /selinux does not exists,
	even though /sys/fs/selinux exists.

2012-09-28  Daniel P. Berrange  <berrange@redhat.com>

	Add support for detecting capablities using QMP commands
	Start a QEMU process using
	   $QEMU -S -no-user-config -nodefaults \
	         -nographic -M none -qmp unix:/some/path,server,nowait
	and talk QMP over stdio to discover what capabilities the
	binary supports. This works for QEMU 1.2.0 or later and
	for older QEMU automatically fallback to the old approach
	of parsing -help and related command line args.

	Ignore error from query-cpu-definitions
	Some architectures provide the query-cpu-definitions command,
	but are set to always return a "GenericError" from it :-(
	Catch this & treat it as if there was an empty list of CPUs
	returned

	Avoid bogus I/O event errors when closing the QEMU monitor
	After calling qemuMonitorClose(), it is still possible for
	the QEMU monitor I/O event callback to get invoked. This
	will trigger an error message because mon->fd has been set
	to -1 at this point. Silently ignore the case where mon->fd
	is -1, likewise for mon->watch being zero.

	Remove need to pass in a virDomainObjPtr instance to qemuMonitorOpen
	The qemuMonitorOpen method only needs a virDomainObjPtr in order
	to access the QEMU pid. This is not critical when detecting the
	QEMU capabilties, so can easily be skipped

	Fix QEMU test with 1.2.0 help output
	The help output for QEMU 1.2.0 changed 'pci-assign' to 'kvm-pci-assign'.
	Since the new capabilities code does exact device name matching
	instead of substring matching, this caused the capabilities to go
	missing.

2012-09-28  Chuck Short  <zulcss@gmail.com>

	ARMHF: implement /proc/cpuinfo parsing
	Minimal CPU "parser" for armhf to avoid compile time warning.

2012-09-28  Daniel P. Berrange  <berrange@redhat.com>

	Automatically enable systemd journal logging
	Probe to see if the systemd journal is accessible, and if
	so enable logging to the journal by default, rather than
	stderr (current default under systemd).

	Add systemd journal support
	Add support for logging to the systemd journal, using its
	simple client library. The benefit over syslog is that it
	accepts structured log data, so the journald can store
	individual items like code file/line/func separately from
	the string message. Tools which require structured log
	data can then query the journal to extract exactly what
	they desire without resorting to string parsing
	While systemd provides a simple client library for logging,
	it is more convenient for libvirt to directly write its
	own client code. This lets us build up the iovec's on
	the stack, avoiding the need to alloc memory when writing
	log messages.

	Refactor qemuCapsParseDeviceStr to work from data tables
	Currently the qemuCapsParseDeviceStr method has a bunch of open
	coded string searches/comparisons to detect devices and their
	properties. Soon this data will be obtained from QMP queries
	instead of -device help output. Maintaining the list of device
	and properties in two places is undesirable. Thus the existing
	qemuCapsParseDeviceStr() method needs to be refactored to
	separate the device types and properties from the actual
	search code.
	Thus the -device help output is now parsed to construct a
	list of device names, and device properties. These are then
	checked against a set of datatables to set the capability
	flags

	Don't initialize logging twice in libvirtd
	The virInitialize function initializes logging from the env,
	so there is no need for another call to virLogSetFromEnv

	Change logging category parameter into an enum
	The 'const char *category' parameter only has a few possible
	values now that the filename has been separated. Turn this
	parameter into an enum instead.

	Include filename explicitly in logging APIs
	Currently the logging APIs have a 'const char *category' parameter
	which indicates where the log message comes from. This is typically
	a combination of the __FILE__ string and other prefix. Split the
	__FILE__ off into a dedicated parameter so it can passed to the
	log outputs

	Whitespace cleanup in logging files
	General whitespace cleanup in the logging files
	 - Move '{' to a new line after funtion declaration
	 - Put each parameter on a new line to avoid long lines
	 - Put return type on new line
	 - Leave 2 blank lines between functions

	s/int/virLogDestination/ in logging code
	The log destinations are an enum, but most of the code was
	just using a plain 'int' for function params / variables.

	s/long long/size_t/ for file line numbers in logging code
	The __LINE__ macro value is specified to fit in the size_t
	type, so use that instead of 'long long' in the logging code

	s/int/virLogPriority/ in logging code
	The log priority levels are an enum, but most of the code was
	just using a plain 'int' for function params / variables.

2012-09-28  Guannan Ren  <gren@redhat.com>

	python: return error if PyObject obj is NULL for unwrapper helper functions
	The result is indeterminate for NULL argument to python
	functions as follows. It's better to return negative value in
	these situations.
	PyObject_IsTrue will segfault if the argument is NULL
	PyFloat_AsDouble(NULL) is -1.000000
	PyLong_AsUnsignedLongLong(NULL) is 0.000000

2012-09-28  Benjamin Cama  <benjamin.cama@telecom-bretagne.eu>

	network: fix dnsmasq/radvd binding to IPv6 on recent kernels
	I hit this problem recently when trying to create a bridge with an IPv6
	address on a 3.2 kernel: dnsmasq (and, further, radvd) would not bind to
	the given address, waiting 20s and then giving up with -EADDRNOTAVAIL
	(resp. exiting immediately with "error parsing or activating the config
	file", without libvirt noticing it, BTW). This can be reproduced with (I
	think) any kernel >= 2.6.39 and the following XML (to be used with
	"virsh net-create"):
	        <network>
	          <name>test-bridge</name>
	          <bridge name='testbr0' />
	          <ip family='ipv6' address='fd00::1' prefix='64'>
	          </ip>
	        </network>
	(it happens even when you have an IPv4, too)
	The problem is that since commit [1] (which, ironically, was made to
	“help IPv6 autoconfiguration”) the linux bridge code makes bridges
	behave like “real” devices regarding carrier detection. This makes the
	bridges created by libvirt, which are started without any up devices,
	stay with the NO-CARRIER flag set, and thus prevents DAD (Duplicate
	address detection) from happening, thus letting the IPv6 address flagged
	as “tentative”. Such addresses cannot be bound to (see RFC 2462), so
	dnsmasq fails binding to it (for radvd, it detects that "interface XXX
	is not RUNNING", thus that "interface XXX does not exist, ignoring the
	interface" (sic)). It seems that this behavior was enhanced somehow with
	commit [2] by avoiding setting NO-CARRIER on empty bridges, but I
	couldn't reproduce this behavior on my kernel. Anyway, with the “dummy
	tap to set MAC address” trick, this wouldn't work.
	To fix this, the idea is to get the bridge's attached device to be up so
	that DAD can happen (deactivating DAD altogether is not a good idea, I
	think). Currently, libvirt creates a dummy TAP device to set the MAC
	address of the bridge, keeping it down. But even if we set this device
	up, it is not RUNNING as soon as the tap file descriptor attached to it
	is closed, thus still preventing DAD. So, we must modify the API a bit,
	so that we can get the fd, keep the tap device persistent, run the
	daemons, and close it after DAD has taken place. After that, the bridge
	will be flagged NO-CARRIER again, but the daemons will be running, even
	if not happy about the device's state (but we don't really care about
	the bridge's daemons doing anything when no up interface is connected to
	it).
	Other solutions that I envisioned were:
	      * Keeping the *-nic interface up: this would waste an fd for each
	        bridge during all its life. May be acceptable, I don't really
	        know.
	      * Stop using the dummy tap trick, and set the MAC address directly
	        on the bridge: it is possible since quite some time it seems,
	        even if then there is the problem of the bridge not being
	        RUNNING when empty, contrary to what [2] says, so this will need
	        fixing (and this fix only happened in 3.1, so it wouldn't work
	        for 2.6.39)
	      * Using the --interface option of dnsmasq, but I saw somewhere
	        that it's not used by libvirt for backward compatibility. I am
	        not sure this would solve this problem, though, as I don't know
	        how dnsmasq binds itself to it with this option.
	This is why this patch does what's described earlier.
	This patch also makes radvd start even if the interface is
	“missing” (i.e. it is not RUNNING), as it daemonizes before binding to
	it, and thus sometimes does it after the interface has been brought down
	by us (by closing the tap fd), and then originally stops. This also
	makes it stop yelling about it in the logs when the interface is down at
	a later time.
	[1]
	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=1faa4356a3bd89ea11fb92752d897cff3a20ec0e
	[2]
	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=b64b73d7d0c480f75684519c6134e79d50c1b341

2012-09-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix regression starting QEMU instances without query-events
	If QEMU reports CommandNotFound for the 'query-events' command,
	we must treat that as success, returning a zero-length array
	of events

2012-09-28  Jim Fehlig  <jfehlig@suse.com>

	Fix compilation of legacy xen driver with Xen 4.2
	In Xen 4.2, xs.h is deprecated in favor of xenstore.h.  xs.h now
	contains
	#warning xs.h is deprecated use xenstore.h instead
	#include <xenstore.h>
	which fails compilation when warnings are treated as errors.
	Introduce a configure-time check for xenstore.h and if found,
	use it instead of xs.h.

2012-09-27  Miloslav Trmač  <mitr@redhat.com>

	Pass the "raw" log message to each virLogOutputFunc
	In addition to the preformatted text line, pass the raw message as well,
	to allow the output functions to use a different output format.

	Split priority conversion from virLogOutputToSyslog
	Allow for the code converting from libvirt log levels to syslog
	log levels to be reused.

2012-09-27  Daniel P. Berrange  <berrange@redhat.com>

	Move command/event capabilities detection out of QEMU monitor code
	The qemuMonitorSetCapabilities() API is used to initialize the QMP
	protocol capabilities. It has since been abused to initialize some
	libvirt internal capabilities based on command/event existance too.
	Move the latter code out into qemuCapsProbeQMP() in the QEMU
	capabilities source file instead

	Remove some unused includes in QEMU code
	The qemu monitor does not require qemu_conf.h, and the
	qemu capabilities code actually wants bitmap.h

	Add a qemuMonitorGetTargetArch() method for QMP query-target command
	Add a new qemuMonitorGetTargetArch() method to support invocation
	of the 'query-target' JSON monitor command. No HMP equivalent
	is required, since this will only be present for QEMU >= 1.2

	Add a qemuMonitorGetObjectProps() method for QMP device-list-properties command
	Add a new qemuMonitorGetObjectProps() method to support invocation
	of the 'device-list-properties' JSON monitor command. No HMP equivalent
	is required, since this will only be present for QEMU >= 1.2

	Add a qemuMonitorGetObjectTypes() method for QMP qom-list-types command
	Add a new qemuMonitorGetObjectTypes() method to support invocation
	of the 'qom-list-types' JSON monitor command. No HMP equivalent
	is required, since this will only be present for QEMU >= 1.2

	Add a qemuMonitorGetEvents() method for QMP query-events command
	Add a new qemuMonitorGetEvents() method to support invocation
	of the 'query-events' JSON monitor command. No HMP equivalent
	is required, since this will only be used when JSON is available
	The existing qemuMonitorJSONCheckEvents() method is refactored
	to use this new method

	Add a qemuMonitorGetCommands() method for QMP query-commands command
	Add a new qemuMonitorGetCPUCommands() method to support invocation
	of the 'query-commands' JSON monitor command. No HMP equivalent
	is required, since this will only be used when JSON is available
	The existing qemuMonitorJSONCheckCommands() method is refactored
	to use this new method

	Add a qemuMonitorGetCPUDefinitions method for QMP query-cpu-definitions command
	Add a new qemuMonitorGetCPUDefinitions() method to support invocation
	of the 'query-cpu-definitions' JSON monitor command. No HMP equivalent
	is required, since this will only be present for QEMU >= 1.2

	Add a qemuMonitorGetMachines() method for QMP query-machines command
	Add a new qemuMonitorGetMachines() method to support invocation
	of the 'query-machines' JSON monitor command. No HMP equivalent
	is required, since this will only be present for QEMU >= 1.2

	Add a qemuMonitorGetVersion() method for QMP query-version command
	Add a new qemuMonitorGetVersion() method to support invocation
	of the 'query-version' JSON monitor command. No HMP equivalent
	is provided, since this will only be used for QEMU >= 1.2

	Refactor guest init to support qemu-system-i386 binary too

	Remove xenner support

	Make qemuCapsProbeMachineTypes & qemuCapsProbeCPUModels static
	The qemuCapsProbeMachineTypes & qemuCapsProbeCPUModels methods
	do not need to be invoked directly anymore. Make them static
	and refactor them to directly populate the qemuCapsPtr object

	Remove probing of CPU models when launching QEMU guests
	When launching a QEMU guest the binary is probed to discover
	the list of supported CPU names. Remove this probing with a
	simple lookup of CPU models in the qemuCapsPtr object. This
	avoids another invocation of the QEMU binary during the
	startup path.
	As a nice benefit we can now remove all the nasty hacks from
	the test suite which were done to avoid having to exec QEMU
	on the test system. The building of the -cpu command line
	can just rely on data we pre-populate in qemuCapsPtr.

	Remove probing of machine types when canonicalizing XML
	When XML for a new guest is received, the machine type is
	immediately canonicalized into the version specific name.
	This involves probing QEMU for supported machine types.
	Replace this probing with a lookup of the machine types
	in the (hopefully cached) qemuCapsPtr object

	Remove probing of flags when launching QEMU guests
	Remove all use of the existing APIs for querying QEMU
	capability flags. Instead obtain a qemuCapsPtr object
	from the global cache. This avoids the execution of
	'qemu -help' (and related commands) when launching new
	guests.

	Switch over to use cache for building QEMU capabilities
	When building up a virCapsPtr instance, the QEMU driver
	was copying the list of machine types across from the
	previous virCapsPtr instance, if the QEMU binary had not
	changed. Replace this ad-hoc caching of data with use
	of the new qemuCapsCache global cache.

	Add a qemu capabilities cache manager
	Introduce a qemuCapsCachePtr object to provide a global cache
	of capabilities for QEMU binaries. The cache auto-populates
	on first request for capabilities about a binary, and will
	auto-refresh if the binary has changed since a previous cache
	was populated

	Fix handling of itanium arch name in QEMU driver
	For historical compat we use 'itanium' as the arch name, so
	if the QEMU binary suffix is 'ia64' we need to translate it

	Fix potential deadlock when agent is closed
	If the qemuAgentClose method is called from a place which holds
	the domain lock, it is theoretically possible to get a deadlock
	in the agent destroy callback. This has not been observed, but
	the equivalent code in the QEMU monitor destroy callback has seen
	a deadlock.
	Remove the redundant locking while unrefing the object and the
	bogus assignment

	Use size_t instead of int for virDomainDefPtr struct
	Many parts of virDomainDefPtr were using 'int' variables as
	array length counts. Replace all these with size_t and update
	various format strings & API signatures to adapt

	Fix (rare) deadlock in QEMU monitor callbacks
	Some users report (very rarely) seeing a deadlock in the QEMU
	monitor callbacks
	 Thread 10 (Thread 0x7fcd11e20700 (LWP 26753)):
	 #0  0x00000030d0e0de4d in __lll_lock_wait () from /lib64/libpthread.so.0
	 #1  0x00000030d0e09ca6 in _L_lock_840 () from /lib64/libpthread.so.0
	 #2  0x00000030d0e09ba8 in pthread_mutex_lock () from /lib64/libpthread.so.0
	 #3  0x00007fcd162f416d in virMutexLock (m=<optimized out>)
	     at util/threads-pthread.c:85
	 #4  0x00007fcd1632c651 in virDomainObjLock (obj=<optimized out>)
	     at conf/domain_conf.c:14256
	 #5  0x00007fcd0daf05cc in qemuProcessHandleMonitorDestroy (mon=0x7fcccc0029e0,
	     vm=0x7fcccc00a850) at qemu/qemu_process.c:1026
	 #6  0x00007fcd0db01710 in qemuMonitorDispose (obj=0x7fcccc0029e0)
	     at qemu/qemu_monitor.c:249
	 #7  0x00007fcd162fd4e3 in virObjectUnref (anyobj=<optimized out>)
	     at util/virobject.c:139
	 #8  0x00007fcd0db027a9 in qemuMonitorClose (mon=<optimized out>)
	     at qemu/qemu_monitor.c:860
	 #9  0x00007fcd0daf61ad in qemuProcessStop (driver=driver@entry=0x7fcd04079d50,
	     vm=vm@entry=0x7fcccc00a850,
	     reason=reason@entry=VIR_DOMAIN_SHUTOFF_DESTROYED, flags=flags@entry=0)
	     at qemu/qemu_process.c:4057
	 #10 0x00007fcd0db323cf in qemuDomainDestroyFlags (dom=<optimized out>,
	     flags=<optimized out>) at qemu/qemu_driver.c:1977
	 #11 0x00007fcd1637ff51 in virDomainDestroyFlags (
	     domain=domain@entry=0x7fccf00c1830, flags=1) at libvirt.c:2256
	At frame #10 we are holding the domain lock, we call into
	qemuProcessStop() to cleanup QEMU, which triggers the monitor
	to close, which invokes qemuProcessHandleMonitorDestroy() which
	tries to obtain the domain lock again. This is a non-recursive
	lock, hence hang.
	Since qemuMonitorPtr is a virObject, the unref call in
	qemuProcessHandleMonitorDestroy no longer needs mutex
	protection. The assignment of priv->mon = NULL, can be
	instead done by the caller of qemuMonitorClose(), thus
	removing all need for locking.

	Don't skip over socket label cleanup
	If QEMU quits immediately after we opened the monitor it was
	possible we would skip the clearing of the SELinux process
	socket context

	Move most of qemuProcessKill into virProcessKillPainfully
	In the cgroups APIs we have a virCgroupKillPainfully function
	which does the loop sending SIGTERM, then SIGKILL and waiting
	for the process to exit. There is similar functionality for
	simple processes in qemuProcessKill, but it is tangled with
	the QEMU code. Untangle it to provide a virProcessKillPainfuly
	function

	Don't ignore return value of qemuProcessKill
	When calling qemuProcessKill from the virDomainDestroy impl
	in QEMU, do not ignore the return value. This ensures that
	if QEMU fails to respond to SIGKILL, the caller will know
	about the failure.

	Fix deadlock in handling EOF in LXC monitor
	Depending on the scenario in which LXC containers exit, it is
	possible for the EOF callback of the LXC monitor to deadlock
	the driver.
	  #0  0x00000038a0a0de4d in __lll_lock_wait () from /lib64/libpthread.so.0
	  #1  0x00000038a0a09ca6 in _L_lock_840 () from /lib64/libpthread.so.0
	  #2  0x00000038a0a09ba8 in pthread_mutex_lock () from /lib64/libpthread.so.0
	  #3  0x00007f4bd9579d55 in virMutexLock (m=<optimized out>) at util/threads-pthread.c:85
	  #4  0x00007f4bcacc7597 in lxcDriverLock (driver=0x7f4bc40c8290) at lxc/lxc_conf.h:81
	  #5  virLXCProcessMonitorEOFNotify (mon=<optimized out>, vm=0x7f4bb4000b00) at lxc/lxc_process.c:581
	  #6  0x00007f4bd9645c91 in virNetClientCloseLocked (client=client@entry=0x7f4bb4009e60)
	      at rpc/virnetclient.c:554
	  #7  0x00007f4bd96460f8 in virNetClientIOEventLoopPassTheBuck (thiscall=0x0, client=0x7f4bb4009e60)
	      at rpc/virnetclient.c:1306
	  #8  virNetClientIOEventLoopPassTheBuck (client=0x7f4bb4009e60, thiscall=0x0)
	      at rpc/virnetclient.c:1287
	  #9  0x00007f4bd96467a2 in virNetClientCloseInternal (reason=3, client=0x7f4bb4009e60)
	      at rpc/virnetclient.c:589
	  #10 virNetClientCloseInternal (client=0x7f4bb4009e60, reason=3) at rpc/virnetclient.c:561
	  #11 0x00007f4bcacc4a82 in virLXCMonitorClose (mon=0x7f4bb4000a00) at lxc/lxc_monitor.c:201
	  #12 0x00007f4bcacc55ac in virLXCProcessCleanup (reason=<optimized out>, vm=0x7f4bb4000b00,
	      driver=0x7f4bc40c8290) at lxc/lxc_process.c:240
	  #13 virLXCProcessStop (driver=0x7f4bc40c8290, vm=vm@entry=0x7f4bb4000b00,
	      reason=reason@entry=VIR_DOMAIN_SHUTOFF_DESTROYED) at lxc/lxc_process.c:735
	  #14 0x00007f4bcacc5bd2 in virLXCProcessAutoDestroyDom (payload=<optimized out>,
	      name=0x7f4bb4003c80, opaque=0x7fff41af2df0) at lxc/lxc_process.c:94
	  #15 0x00007f4bd9586649 in virHashForEach (table=0x7f4bc409b270,
	      iter=iter@entry=0x7f4bcacc5ab0 <virLXCProcessAutoDestroyDom>, data=data@entry=0x7fff41af2df0)
	      at util/virhash.c:514
	  #16 0x00007f4bcacc52d7 in virLXCProcessAutoDestroyRun (driver=driver@entry=0x7f4bc40c8290,
	      conn=conn@entry=0x7f4bb8000ab0) at lxc/lxc_process.c:120
	  #17 0x00007f4bcacca628 in lxcClose (conn=0x7f4bb8000ab0) at lxc/lxc_driver.c:128
	  #18 0x00007f4bd95e67ab in virReleaseConnect (conn=conn@entry=0x7f4bb8000ab0) at datatypes.c:114
	When the driver calls virLXCMonitorClose, there is really no
	need for the EOF callback to be invoked in this case, since
	the caller can easily handle events itself. In changing this,
	the monitor needs to take a deep copy of the callback list,
	not merely a reference.
	Also adds debug statements in various places to aid
	troubleshooting

2012-09-27  Jim Fehlig  <jfehlig@suse.com>

	Support Xen sysctl version 9 in Xen 4.2
	Xen upstream c/s 24102:dc8e55c9 bumped the sysctl version to 9.
	Support this sysctl version in the xen_hypervisor sub-driver.

2012-09-27  Laine Stump  <laine@laine.org>

	network: backend for virNetworkUpdate of interface list
	<interface> elements are location inside the <forward> element of a
	network. There is only one <forward> element in any network, but it
	might have many <interface> elements. This element only contains a
	single attribute, "dev", which is the name of a network device
	(e.g. "eth0").
	Since there is only a single attribute, the modify operation isn't
	supported for this "section", only add-first, add-last, and
	delete. Also, note that it's not permitted to delete an interface from
	the list while any guest is using it. We may later decide this is safe
	(because removing it from the list really only excludes it from
	consideration in future guest allocations of interfaces, but doesn't
	affect any guests currently connected), but for now this limitation
	seems prudent (of course when changing the persistent config, this
	limitation doesn't apply, because the persistent config doesn't
	support the concept of "in used").
	Another limitation - it is also possible for the interfraces in this
	list to be described by PCI address rather than netdev name. However,
	I noticed while writing this function that we currently don't support
	defining interfaces that way in config - the only method of getting
	interfaces specified as <adress type='pci' ..../> instead of
	<interface dev='xx'/> is to provide a <pf dev='yy'/> element under
	forward, and let the entries in the interface list be automatically
	populated with the virtual functions (VF) of the physical function
	device given in <pg>.
	As with the other virNetworkUpdate section backends, support for this
	section is completely contained within a single static function, no
	other changes were required, and only functions already called from
	elsewhere within the same file are used in the new content for this
	existing function (i.e., adding this code should not cause a new build
	problem on any platform).

2012-09-27  Eric Blake  <eblake@redhat.com>

	build: avoid older gcc warning
	Jim Fehlig reported a compilation error with older gcc 4.3.4:
	libvirt.c: In function 'virDomainGetEmulatorPinInfo':
	libvirt.c:9111: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	It looks like someone programmed via too much copy-and-paste.
	* src/libvirt.c (virDomainGetEmulatorPinInfo): Multiplying by 1 is
	a no-op, and thus will never overflow.

2012-09-26  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: don't give null pointers to virBitmapEqual

	parallels: remove unneded code from parallelsDoCmdRun
	scmd was used for debugging and I forgot to remove it before
	commit, so remove it now.

	parallels: fix memory allocation
	size of videos array must be increased.

	parallels: remove unused member 'os' from parallelsDomObj

2012-09-26  Michal Privoznik  <mprivozn@redhat.com>

	qemu: wait for SPICE to migrate
	Recently, there have been some improvements made to qemu so it
	supports seamless migration or something very close to it.
	However, it requires libvirt interaction. Once qemu is migrated,
	the SPICE server needs to send its internal state to the destination.
	Once it's done, it fires SPICE_MIGRATE_COMPLETED event and this
	fact is advertised in 'query-spice' output as well.
	We must not kill qemu until SPICE server finishes the transfer.

2012-09-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in header file comment
	s/mmeory/memory/ in libvirt.h.in

	Don't use O_TRUNC when opening QEMU logfiles
	SELinux wants all log files opened with O_APPEND. When
	running non-root though, libvirtd likes to use O_TRUNC
	to avoid log files growing in size indefinitely. Instead
	of using O_TRUNC though, we can use O_APPEND and then
	call ftruncate() which keeps SELinux happier.

	Simplify some redundant locking while unref'ing objects
	There is no need to hold the mutex when unref'ing
	virObject instances

	Remove pointless virLXCProcessMonitorDestroy method
	Asynchronously setting priv->mon to NULL was pointless,
	just remove the destroy callback entirely.

	Convert virLXCMonitor to use virObject
	Remove custom reference counting from virLXCMonitor, using
	virObject instead

	Move virProcess{Kill,Abort,TranslateStatus} into virprocess.{c,h}
	Continue consolidation of process functions by moving some
	helpers out of command.{c,h} into virprocess.{c,h}

	Move virProcessKill into virprocess.{h,c}
	There are a number of process related functions spread
	across multiple files. Start to consolidate them by
	creating a virprocess.{c,h} file

	Rename virCommandTranslateStatus to virProcessTranslateStatus
	The virCommand prefix was inappropriate because the API
	does not use any virCommandPtr object instance. This
	API closely related to waitpid/exit, so use virProcess
	as the prefix

	Rename virPid{Abort,Wait} to virProcess{Abort,Wait}
	Change "Pid" to "Process" to align with the virProcessKill
	API naming prefix

	Rename virKillProcess to virProcessKill
	Changing naming to follow the convention of "object" followed
	by "action"

	Fix start of containers with custom root filesystem
	A prefix change to unmount the SELinux filesystem broke starting
	of LXC containers with a custom root filesystem

2012-09-25  Doug Goldstein  <cardoe@cardoe.com>

	Update how to compile with -Werror
	--enable-compile-warnings=error has been renamed to --enable-werror so
	update the HACKING and the hacking.html to reflect that.

2012-09-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: Avoid holding the driver lock in trivial snapshot API's
	In most of the snapshot API's there's no need to hold the driver lock
	the whole time.
	This patch adds helper functions that get the domain object in functions
	that don't require the driver lock and simplifies call paths from
	snapshot-related API's.

2012-09-25  Osier Yang  <jyang@redhat.com>

	storage: Add timeout for iscsi volume's stable path discovery
	It might need some time till the LUN's stable path shows up on
	initiator host, and although the time window is not foreseeable,
	as a better than nothing fix, this patch adds timeout for the
	stable path discovery process.

2012-09-25  Christophe Fergeau  <cfergeau@redhat.com>

	build: fix detection of netcf linked with libnl1
	Commit 9298bfbcb introduced code to detect if netcf is linked with
	libnl1, and to prefer libnl1 over libnl3 when this is the case.
	This behaviour can be disabled by setting LIBNL_CFLAGS to any value,
	including the empty string.
	However, configure.ac sets LIBNL_CFLAGS to "" before attempting
	libnl detection, so the libnl1 detection code is always disabled.
	This caused issues on my f17 system where netcf is linked with libnl1
	but libvirt got built with libnl3.
	This commit removes the setting of the LIBNL_* variables to "" as
	this does not appear to be needed. After this change, libnl1 is
	used when building libvirt on my f17 system.

2012-09-25  Osier Yang  <jyang@redhat.com>

	node_memory: Improve the docs
	To declare that it's not recommended to use the tuning API while
	the outside tuning program (such as ksmtuned under Linux) is running.

2012-09-25  Eric Blake  <eblake@redhat.com>

	tests: test previous commit
	Add a test to avoid virCommand regressions.
	* tests/commandtest.c (test8): Explicitly test env-var overrides.

2012-09-25  Richard W.M. Jones  <rjones@redhat.com>

	command: Change virCommandAddEnv so it replaces existing environment variables.

	command: Move environ-adding code to common function virCommandAddEnv.
	This is just code motion.  The semantics of the code should be
	identical after this change.

2012-09-24  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.10.2
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: update from transifex and regenerate

	Fix another rpmbuild failure
	without systemd we should not try to package the non-installed
	%{_sysconfdir}/rc.d/init.d/libvirtd

	Fix an rpmbuild failure
	$RPM_BUILD_ROOT was embedded in /etc/rc.d/init.d/libvirt-guests

2012-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Don't install legacy initscripts at same time as systemd ones
	The Fedora policies don't want us installing the legacy initscripts
	in parallel with the systemd ones, so switch to only install the
	systemd unit

2012-09-22  Laine Stump  <laine@laine.org>

	network: log error for unknown virNetworkUpdate command codes
	Every level of the code for virNetworkUpdate was assuming that some
	other level was checking for validity of the "command" arg, but none
	actually were. The result was that an invalid command code would do
	nothing, but also report success.
	Since the command code isn't used until the very lowest level backend
	functions, that's where I put the check. I made a separate one-line
	function to log the error. The compiler would have combined the
	identical strings used by multiple calls if I'd just called
	virReportError directly in each location, but sending them all to the
	same string in the source guards against inadvertant divergence (which
	would lead to extra work for translators.)

	network: make virNetworkObjUpdate error detection/recovery better
	1) virNetworkObjUpdate should be an all or none operation, but in the
	case that we want to update both the live state and persistent config
	versions of the network, it was committing the update to the live
	state before starting to update the persistent config. If update of
	the persistent config failed, we would leave with things in an
	inconsistent state - the live state would be updated (even though an
	error was returned), but persistent config unchanged.
	This patch changed virNetworkObjUpdate to use a separate pointer for
	each copy of the virNetworkDef, and not commit either of them in the
	virNetworkObj until both live and config parts of the update have
	successfully completed.
	2) The parsers for various pieces of the virNetworkDef have all sorts
	of subtle limitations on them that may not be known by the
	Update[section] function, making it possible for one of these
	functions to make a modification directly to the object that may not
	pass the scrutiny of a subsequent parse. But normally another parse
	wouldn't be done on the data until the *next* time the object was
	updated (which could leave the network definition in an unusable
	state).
	Rather than fighting the losing battle of trying to duplicate all the
	checks from the parsers into the update functions as well, the more
	foolproof solution to this is to simply do an extra
	virNetworkDefCopy() operation on the updated networkdef -
	virNetworkDefCopy() does a virNetworkFormat() followed by a
	virNetworkParseString(), so it will do all the checks we need. If this
	fails, then we don't commit the changed def.

	network: don't "refresh" iptables rules on rule-less networks
	The bridge driver implementation of virNetworkUpdate() removes and
	re-adds iptables rules any time a network has an <ip>, <forward>, or
	<forward>/<interface> element updated. There are some types of
	networks that have those elements and yet have no iptables rules
	associated with them, and unfortunately the functions that remove/add
	iptables rules don't check the type of network before attempting to
	remove/add the rules, sometimes leading to an erroneous failure of the
	entire update operation.
	Under normal circumstances I would refactor the lower level functions
	to be more robust, but to avoid code churn as much as possible, I've
	just added extra checks directly to networkUpdate().

2012-09-22  Miloslav Trmač  <mitr@redhat.com>

	Drop unused return value of virLogOutputFunc
	Nothing uses the return value, and creating it requries otherwise
	unnecessary strlen () calls.
	This cleanup is conceptually independent from the rest of the series
	(although the later patches won't apply without it).  This just seems
	a good opportunity to clean this up, instead of entrenching the unnecessary
	return value in the virLogOutputFunc instance that will be added in this
	series.

2012-09-22  Tang Chen  <tangchen@cn.fujitsu.com>

	Remove redundant lines in src/qemu/qemu_driver.c
	maxcpu and hostcpus are defined and calculated in qemudDomainPinVcpuFlags()
	and qemudDomainPinEmulator(), but never used. So remove them including nodeinfo.

2012-09-21  Richard W.M. Jones  <rjones@redhat.com>

	Add <seclabel> to character devices.
	This allows the user to control labelling of each character device
	separately (the default is to inherit from the VM).

	Make virSecurityDeviceLabelDefParseXML into generic device <seclabel> parser.
	This is just code motion, allowing us to reuse the same function to
	parse the <seclabel> from character devices too.
	However it also fixes a possible segfault in the original code if
	VIR_ALLOC_N returns an error and the cleanup code (at the error:
	label) tries to iterate over the unallocated array (thanks Michal
	Privoznik for spotting this).

2012-09-21  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix failure path in disk hotplug
	Disk hotplug is a two phase action: qemuMonitorAddDrive followed by
	qemuMonitorAddDevice. When the first part succeeds but the second one
	fails, we need to rollback the drive addition.

	locking: Remove README file in favor of internals/locking.html
	The README file seems to be a leftover from some previous version of
	locking driver. It is not consistent with what the code does nor is it
	consistent with existing documentation in internals/locking.html.

2012-09-21  Daniel P. Berrange  <berrange@redhat.com>

	Improve some debugging log messages in LXC mount setup

	Ensure existing selinux mount is removed before mounting new one in LXC
	Some kernel versions (at least RHEL-6 2.6.32) do not let you over-mount
	an existing selinuxfs instance with a new one. Thus we must unmount the
	existing instance inside our namespace.

	Fix crash accessing a NULL URI when looking up auth credentials
	When auto-probing hypervisor drivers, the conn->uri field will
	initially be NULL. Care must be taken not to access members
	when doing auth lookups in the config file

2012-09-21  Tang Chen  <tangchen@cn.fujitsu.com>

	Remove a redundant line in src/qemu/qemu_driver.c

2012-09-21  Laine Stump  <laine@laine.org>

	network: backend for virNetworkUpdate of portgroups
	portgroup elements are located in the toplevel of <network>
	objects. There can be multiple <portgroup> elements, and they each
	have a unique name attribute.
	Add, delete, and modify are all supported for portgroup. When deleting
	a portgroup, only the name must be specified in the provided xml - all
	other attributes and subelements are ignored for the purposes of
	matching and existing portgroup.
	The bridge driver and virsh already know about the portgroup element,
	so providing this backend should cause the entire stack to work. Note
	that in the case of portgroup, there is no external daemon based on
	the portgroup config, so nothing must be restarted.
	It is important to note that guests make a copy of the appropriate
	network's portgroup data when they are started, so although an updated
	portgroup's configuration will have an affect on new guests started
	after the cahange, existing guests won't magically have their
	bandwidth changed, for example. If something like that is desired, it
	will take a lot of redesign work in the way network devices are setup
	(there is currently no link from the network back to the individual
	interfaces using it, much less from a portgroup within a network back
	to the individual interfaces).

	network: backend for virNetworkUpdate of dhcp range
	The dhcp range element is contained in the <dhcp> element of one of a
	network's <ip> elements. There can be multiple <range>
	elements. Because there are only two attributes (start and end), and
	those are exactly what you would use to identify a particular range,
	it doesn't really make sense to modify an existing element, so
	VIR_NETWORK_UPDATE_COMMAND_MODIFY isn't supported for this section,
	only ADD_FIRST, ADD_LAST, and DELETE.
	Since virsh already has support for understanding all the defined
	sections, this new backend is automatically supported by virsh. You
	would use it like this:
	  virsh net-update mynet add ip-dhcp-range \
	        "<range start='1.2.3.4' end='1.2.3.20'/>" --live --config
	The bridge driver also already supports all sections, so it's doing
	the correct thing in this case as well - since the dhcp range is
	placed on the dnsmasq commandline, the bridge driver recreates the
	dnsmasq commandline, and re-runs dnsmasq whenever a range is
	added/deleted (and AFFECT_LIVE is specified in the flags).

	virsh: new net-update command
	This command uses the new virNetworkUpdate() API to modify an existing
	network definition, and optionally have those modifications take
	effect immediately without restarting the network.
	An example usage:
	  virsh net-update mynet add-last ip-dhcp-host \
	   "<host mac='00:11:22:33:44:55' ip='192.168.122.45'/>" \
	   --live --config
	If you like, you can instead put the xml into a file, and call like
	this:
	  virsh net-update mynet add ip-dhcp-host /tmp/myxml.xml
	   --live --config
	virsh will autodetect whether the argument is itself an xml element,
	or if it's a file, by looking at the first character - the first
	character of an xml element is always "<", and the first character of
	a file is almost always *not* "<" (in the rare case that it is, the
	user could specify "./<filename...").
	A --parent-index option is also available (to give the index within a
	list of parent objects, e.g. the index of the parent <ip> element when
	updating ip-dhcp-host elements), but is optional and at least for now
	will probably be used rarely.
	--live, --config, and --current options - if you specify --live, only
	the live state of the network will be updated. If you also specify
	--config, then the persistent configuration will also be updated;
	these two commands can be given separately, or both together. If you
	don't specify either (you can optionally specify "--current" for the
	same effect), then the "current" config will be updated (i.e. if the
	network is active, then only its live config is affected, but if the
	network is inactive, only the persistent config is affected).

2012-09-21  Eric Blake  <eblake@redhat.com>

	docs: fix typo in filesystem docs
	Noticed this by reading the page.  It would be so much nicer if our
	tools could automatically flag things like this as part of 'make'.
	* docs/formatdomain.html.in: Remove extra '>'.

	maint: fix up copyright notice inconsistencies
	https://www.gnu.org/licenses/gpl-howto.html recommends that
	the 'If not, see <url>.' phrase be a separate sentence.
	* tests/securityselinuxhelper.c: Remove doubled line.
	* tests/securityselinuxtest.c: Likewise.
	* globally: s/;  If/.  If/

2012-09-21  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	doc: include article about libvirt+audit in relatedlinks.html
	This patch adds to relatedlinks.html a link to an article about libvirt
	describing how the Linux audit subsystem can be used to track qemu
	guest's life-cycle.

2012-09-20  Daniel P. Berrange  <berrange@redhat.com>

	Ensure autogen.sh exists if bootstrap fails
	If any of the bootstrap tasks (autoconf/automake/etc) failed,
	autogen.sh carried on running any pre-existing configure anyway.
	Use 'set -e' to ensure autogen.sh immediately exists on error.

2012-09-20  Martin Kletzander  <mkletzan@redhat.com>

	tests: Add tests for dump-core option

	qemu: add support for dump-guest-core option
	The "dump-guest-core' option is new option for the machine type
	(-machine pc,dump-guest-core) that controls whether the guest memory
	will be marked as dumpable.
	While testing this, I've found out that the value for the '-M' options
	is not parsed correctly when additional parameters are used. However,
	when '-machine' is used for the same options, it gets parsed as
	expected. That's why this patch also modifies the parsing and creating
	of the command line, so both '-M' and '-machine' are recognized. In
	QEMU's help there is only mention of the 'machine parameter now with
	no sign of the older '-M'.

	Add support for limiting guest coredump
	Sometimes when guest machine crashes, coredump can get huge due to the
	guest memory. This can be limited using madvise(2) system call and is
	being used in QEMU hypervisor. This patch adds an option for configuring
	that in the domain XML and related documentation.

	QEMU Tests for reboot-timeout

	qemu: Add support for reboot-timeout
	This patch adds support for "-boot reboot-timeout=rb_time" that is
	added in QEMU.

	Add support for reboot-timeout
	Whenever the guest machine fails to boot, new parameter (reboot-timeout)
	controls whether it should reboot and after how many ms it should do so.
	Docs included.

2012-09-20  Peter Krempa  <pkrempa@redhat.com>

	security: Don't ignore errors when parsing DAC security labels
	The DAC security driver silently ignored errors when parsing the DAC
	label and used default values instead.
	With a domain containing the following label definition:
	<seclabel type='static' model='dac' relabel='yes'>
	  <label>sdfklsdjlfjklsdjkl</label>
	</seclabel>
	the domain would start normaly but the disk images would be still owned
	by root and no error was displayed.
	This patch changes the behavior if the parsing of the label fails (note
	that a not present label is not a failure and in this case the default
	label should be used) the error isn't masked but is raised that causes
	the domain start to fail with a descriptive error message:
	virsh #  start tr
	error: Failed to start domain tr
	error: internal error invalid argument: failed to parse DAC seclabel
	'sdfklsdjlfjklsdjkl' for domain 'tr'
	I also changed the error code to "invalid argument" from "internal
	error" and tweaked the various error messages to contain correct and
	useful information.

2012-09-20  liguang  <lig.fnst@cn.fujitsu.com>

	simplify xenXMDomainPinVcpu function
	supersede tedious statements getting cpu bitmap
	from parameter cpumap by virBitmapNewData function

2012-09-20  Martin Kletzander  <mkletzan@redhat.com>

	Cleanup of domain_conf sentinels
	This patch removes all commas after *_LAST sentinels in the enums.

	qemu: Cleanup boot parameter building
	This patch cleans up building the "-boot" parameter and while on that
	fixes one inconsistency by modifying these things:
	 - I completed the unfinished virDomainBootMenu enum by specifying
	   LAST, declaring it and also declaring the TypeFromString and
	   TypeToString parameters.
	 - Previously mentioned TypeFromString and TypeToString are used when
	   parsing the XML.
	 - Last, but not least, visible change is that the "-boot" parameter
	   is built and parsed properly:
	    - The "order=" prefix is used only when additional parameters are
	      used (menu, etc.).
	    - It's rewritten in a way that other parameters can be added
	      easily in the future (used in following patch).
	    - The "order=" parameter is properly parsed regardless to where it
	      is placed in the string (e.g. "menu=on,order=nc").
	    - The "menu=" parameter (and others in the future) are created
	      when they should be (i.e. even when bootindex is supported and
	      used, but not when bootloader is selected).

2012-09-20  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Transition domain to PAUSED after 'stop' command
	Currently, we mark domain PAUSED (but not emit an event)
	just before we issue 'stop' on monitor; This command can
	take ages to finish, esp. when domain's doing a lot of
	IO - users can enforce qemu to open files with O_DIRECT
	which doesn't return from write() until data reaches the
	block device. Having said that, we report PAUSED even if
	domain is not paused yet.

2012-09-20  Laine Stump  <laine@laine.org>

	network: fix element size / length in memmove
	The memmove to move elements in the dhcp hosts array when inserting
	and deleting items was mistakenly basing the length of the copy on the
	size of a virNetworkDHCPHostDefPtr rather than virNetworkDHCPHostDef,
	with the expected disastrous results.
	The memmove to delete an entry commits two errors - along with the
	size of each element being wrong, it also omits some required
	parentheses.

2012-09-20  Doug Goldstein  <cardoe@cardoe.com>

	virsh: Move daemon to misc since its not a network
	Move the 'Daemon' entry to the Miscellaneous section since its not a
	networking driver or component.

2012-09-19  Laine Stump  <laine@laine.org>

	network: fix incorrect VIR_NETWORK_UPDATE_COMMAND_* values
	These enums originally were put into the flags for virNetworkUpdate,
	and when they were moved into their own enum, the numbers weren't
	appropriately changed, causing the commands to start with value 2
	instead of 1. This causes problems for things like ENUM_IMPL, which
	wants a string for every value in the requested range, including those
	not used in the enum.

2012-09-19  Doug Goldstein  <cardoe@cardoe.com>

	build: define WITH_INTERFACE for the driver
	Based exclusively on work by Eric Blake in a patch posted with the same
	subject. However some modifications related to comments and my plans to
	add another backend.
	Added WITH_INTERFACE as the only automake variable deciding whether to
	build the driver and using WITH_NETCF to identify that we're wanting to
	use the netcf library as the backend.
	* configure.ac: Added with_interface
	* src/interface/netcf_driver.c: Renamed..
	* src/interface/interface_backend_netcf.c: ..to this to match storage.
	* src/interface/netcf_driver.h: Renamed..
	* src/interface/interface_driver.h: ..to this.
	* daemon/Makefile.am: Respect WITH_INTERFACE and WITH_NETCF.
	* libvirt.spec.in: Add RPM support for --with-interface

	virsh: Rename QEmu to QEMU to match upstream
	Match upstream's naming of QEMU. There was a notice on the ML that said
	the preferred spelling was QEMU a while back.

2012-09-19  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix resource leaks when editing files.
	The cleanup path in virsh-edit helper was never reached when the edit
	was successful leaking the document in memory as well as the temporary
	file.

2012-09-19  Eric Blake  <eblake@redhat.com>

	util: don't print free'd dmidecode path
	The path was freed before printing the error message, resulting in:
	error : virSysinfoRead:773 : internal error Failed to execute command
	(null)
	But virCommandRun already gives a better error message.
	* src/util/sysinfo.c (virSysinfoRead): Avoid overwriting error.

	build: avoid unused symbol
	Commit f36309d added an export with no matching implementation;
	probably a misspelling of an earlier version of the final addition
	of virNetworkObjSetDefTransient.
	* src/libvirt_private.syms (network_conf.h): Drop bogus
	virNetworkSetDefTransient.

	build: fix nodeinfo build on non-Linux platforms
	Commit aaa8ab3 added new static functions that are only used on Linux;
	but commit 22acfdc didn't go far enough to fix compiler issues.
	* src/nodeinfo.c (nodeSetMemoryParameterValue)
	(nodeGetMemoryParameterValue): Conditionally compile based on use.

	bitmap: fix problems in previous commit
	Commit ee3d3893 missed the fact that (unsigned char)<<(int)
	is truncated to int, and therefore failed for any bitmap data
	longer than four bytes.
	Also, I failed to run 'make syntax-check' on my commit 4bba6579;
	for whatever odd reason, ffs lives in a different header than ffsl.
	* src/util/bitmap.c (virBitmapNewData): Use correct shift type.
	(includes): Glibc (and therefore gnulib) decided ffs is in
	<strings.h>, but ffsl is in <string.h>.
	* tests/virbitmaptest.c (test5): Test it.

	build: avoid non-portable byte-swapping
	Commit 0fc89098 used functions only available on glibc, completely
	botched 32-bit environments, and risked SIGBUS due to unaligned
	memory access on platforms that aren't as forgiving as x86_64.
	* bootstrap.conf (gnulib_modules): Import ffsl.
	* src/util/bitmap.c (includes): Use <strings.h> for ffsl.
	(virBitmapNewData, virBitmapToData): Avoid 64-bit assumptions and
	non-portable functions.

2012-09-18  Martin Kletzander  <mkletzan@redhat.com>

	Fix minor details not only in apic eoi
	The introduction of APIC EOI patches had a few little details that
	could look better, so this patch fixes that and one more place in the
	file as well (same problem).

	secret: Fix error for private secrets
	When trying to get the value of a private secret, the code used
	'operation denied' error. That error is specified as a error for
	read-only connections trying to perform denied operation. The
	following error seems more accurate.
	To compare the difference:
	 - BEFORE
	error: operation secret is private forbidden for read only access
	 - AFTER
	error: Invalid secret: secret is private

	virNetDevBandwidthClear: Improve error handling
	Two changes are introduced in this patch:
	 - The first change removes ATTRIBUTE_RETURN_CHECK from
	   virNetDevBandwidthClear, because it was called with ignore_value
	   always, anyway. The function is used even when it's not necessary
	   to call it, just for cleanup purposes.
	 - The second change is added ignoring of the command's exit status,
	   since it may report an error even when run just as "to be sure we
	   clean up" function. No libvirt errors are suppresed by this.

	syntax-check: fix run.in
	Two more problems in "run.in" made the syntax-check fail.

2012-09-18  Guido Günther  <agx@sigxcpu.org>

	Adhere to copyright_address check
	to fix "make syntax-check"
	Found by http://honk.sigxcpu.org:8001/job/libvirt-syntax-check/

2012-09-18  Richard W.M. Jones  <rjones@redhat.com>

	Add a ./run script for running programs from the local directory.
	With this script you can run libvirt programs without needing to
	install them first.  You just have to do for example:
	  ./run ./tools/virsh [args ...]
	If you are already in the tools/ subdirectory, then the following
	command will also work:
	  ../run ./virsh [...]
	You can also run the C programs under valgrind like this:
	  ./run valgrind [valgrind opts...] ./program
	or under gdb:
	  ./run gdb --args ./program
	This also works with sudo (eg. if you need root access for libvirt):
	  sudo ./run ./tools/virsh list --all
	Derived from libguestfs and simplified.  The ./run script in
	libguestfs is much more sophisticated:
	https://github.com/libguestfs/libguestfs/blob/master/run.in

2012-09-18  Peter Krempa  <pkrempa@redhat.com>

	rpc: Fix name of member in remote_protocol-structs
	Commit 7a99b0abafb69e1686198ac3473892a9aaeb8255 adds a new RPC struct
	but one of the members has different names in remote_protocol.x and
	remote_protocol-struct breaking make check.

2012-09-18  Ján Tomko  <jtomko@redhat.com>

	virBitmap: fix build without HAVE_NUMACTL
	Commit 75b198b3e7b2c8b4106afbd42f8bb795c4773511 forgot to change
	arguments of dummy qemuProcessInitNumaMemoryPolicy from char* to
	virBitmapPtr.

	qemuhelptest: convert runaway tab to spaces
	Make syntax-check happy and smiling again.

2012-09-18  Richard W.M. Jones  <rjones@redhat.com>

	daemon: Fix error message when libvirtd is missing.
	Currently we search along the hard-coded names:
	  SBINDIR "/libvirtd"
	  SBINDIR "/libvirtd_dbg"
	but if the environment variable $LIBVIRTD_PATH is set to the
	name of the libvirtd binary, that is used instead.  Fix the
	error message so it accurately reflects current behaviour
	($PATH is NOT searched).

	gitignore: Ignore .gdb_history file.

2012-09-18  Daniel Veillard  <veillard@redhat.com>

	Fix the augea test for qemu libvirtd options
	Commit 1ccf22277be013beb3f26f0083867c9c9eddca18 forgot to
	add the output to the augeas test

2012-09-18  Laine Stump  <laine@laine.org>

	network: implement backend of virNetworkUpdate(IP_DHCP_HOST)
	This patch fills in the first implementation for one of the
	virNetworkUpdate sections. With this code, you can now add/delete/edit
	<host> entries in a network's <ip> address <dhcp> element (by
	specifying a section of VIR_NETWORK_SECTION_IP_DHCP_HOST).
	If you pass in a parentIndex of -1, the code will automatically find
	the one ip element that has a <dhcp> section and make the updates
	there. Otherwise, you can specify an index >= 0, and libvirt will look
	for that particular instance of <ip> in the network, and modify its
	<dhcp> element. (This currently isn't very useful, because libvirt
	only supports having dhcp information on a single IP address, but that
	could change in the future).
	When adding a new host entry
	(VIR_NETWORK_UPDATE_COMMAND_ADD_(FIRST|LAST)), the existing entries
	will be compared to the new entry, and if any non-empty attribute
	matches, the add will fail. When updating an existing entry
	(VIR_NETWORK_UPDATE_COMMAND_MODIFY), the mac address or name will be
	used to find the existing entry, and other fields will only be updated
	(note there is some potential for ambiguity here if you specify the
	mac address from one entry and the name from another).  When deleting
	an existing entry (VIR_NETWORK_UPDATE_COMMAND_DELETE), all non-empty
	attributes in the supplied xml arg will be compared - all of them must
	match before libvirt will delete the host.
	The xml should be a fully formed <host> element as it would appear in
	a network definition, e.g. "<host mac=00:11:22:33:44:55 ip=10.1.23.22
	name='testbox'/>" (when adding/updating, ip and one of mac|name is
	required; when deleting, you can specify any one, two, or all
	attributes, but they all must match the target element).
	As with the update of any other section, you can choose to affect the
	live config (with flag VIR_NETWORK_UPDATE_AFFECT_LIVE), the persistent
	config (VIR_NETWORK_UPDATE_AFFECT_CONFIG), or both. If you've chosen
	to affect the live config, those changes will take effect immediately,
	with no need to destroy/restart the network.
	An example of adding a host entry:
	   virNetworkUpdate(net, VIR_NETWORK_UPDATE_COMMAND_ADD_LAST,
	                     VIR_NETWORK_SECTION_IP_DHCP_HOST, -1,
	                    "<host mac='00:11:22:33:44:55' ip='192.168.122.5'/>",
	                    VIR_NETWORK_UPDATE_AFFECT_LIVE
	                    | VIR_NETWORK_UPDATE_AFFECT_CONFIG);
	To delete that same entry:
	   virNetworkUpdate(net, VIR_NETWORK_UPDATE_COMMAND_DELETE,
	                    VIR_NETWORK_SECTION_IP_DHCP_HOST, -1,
	                    "<host mac='00:11:22:33:44:55'/>",
	                    VIR_NETWORK_UPDATE_AFFECT_LIVE
	                    | VIR_NETWORK_UPDATE_AFFECT_CONFIG);
	(you could also delete it by replacing "mac='00:11:22:33:44:55'" with
	"ip='192.168.122.5'".)

	network: restart radvd/dnsmasq if needed when libvirtd is restarted
	A user on IRC had accidentally killed all of his libvirt-started
	dnsmasq instances (due to a buggy dnsmasq service script in Fedora
	16), and had hoped that libvirtd would notice this on restart and
	reload all the dnsmasq daemons (as it does with iptables
	rules). Unfortunately this was not the case - as long as the network
	object had a pid registered for dnsmasq and/or radvd, it assumed that
	the processes were running.
	This patch takes advantage of the new utility functions in
	bridge_driver.c to do a "refresh" of all radvd and dnsmasq processes
	started by libvirt each time libvirtd is restarted - this function
	attempts to do a SIGHUP of each existing process, and if that fails,
	it restarts the process, rebuilding all the associated config files
	and commandline parameters in the process. This normally has no
	effect, but will be useful in solving the occasional "odd situation"
	without needing to take the drastic step of destroying/re-starting the
	network.

	network: implement virNetworkUpdate for test_driver
	The test driver does nothing outside of keeping track of each
	network's config/state in the in-memory database maintained by
	network_conf functions, so all we have to do is call the function that
	updates the network's entry in the in-memory database.

	network: implement virNetworkUpdate for bridge_driver
	Call the network_conf function that modifies the live/persistent/both
	config, then refresh/restart dnsmasq/radvd if necessary, and finally
	save the config in the proper place(s).
	This patch also needed to uncomment a few utility functions that were
	added inside #if 0 in the previous commit (to avoid compiler errors
	due to unreferenced static functions).

	network: reorganize dnsmasq and radvd config file / startup
	This patch splits the starting of dnsmasq and radvd into multiple
	files, and adds new networkRefreshXX() and networkRestartXX()
	functions for each. These new functions are currently commented out
	because they won't be used until the next commit, and the compile options
	require all static functions to be used.
	networkRefreshXX() - rewrites any file-based config for dnsmasq/radvd,
	and sends SIGHUP to the process to make it reread its config. If the
	program isn't already running, it's just started.
	networkRestartXX() - kills the given program, waits for it to exit
	(see the comments in the function networkKillDaemon()), then calls
	networkStartXX().
	This commit is here mostly as a checkpoint to verify no change in
	functional behavior after refactoring networkStartXX() functions to
	fit in with these new functions.

	conf: implement NetworkObj backend of virNetworkUpdate API
	virNetworkObjUpdate takes care of all virNetworkUpdate-related changes
	to the data stored in the in-memory virNetworkObj list. It should be
	called by network drivers that use this in-memory list.
	virNetworkObjUpdate *does not* take care of updating any disk-based
	copies of the config, nor does it perform any other operations
	necessary to have the new config data take effect (e.g. it won't
	re-write dnsmasq host files, nor will it send a SIGHUP to dnsmasq) -
	those things should all be taken care of in the network driver
	function that calls virNetworkObjUpdate (assuming that it returns
	success).

	network: utility functions for updating network config
	These new functions are highly inspired by those in domain_conf.c (but
	not identical), and are intended to make it simpler to update the
	various combinations of live/persistent network configs.
	The network driver wasn't previously as careful about the separation
	between the live "status" in network->def and the persistent "config"
	in network->newDef (or sometimes in network->def). This series
	attempts to remedy some of that, but probably doesn't go all the way
	(enough to get these functions working and enable continued work on
	virNetworkUpdate though).
	bridge_driver.c and test_driver.c were updated in a few places to take
	advantage of the new functions and/or account for changes in argument
	lists.

	network: implement RPC calls for virNetworkUpdate
	This is very short, because almost everything is autogenerated. All
	that's needed are:
	* src/remote/remote_driver.c: add pointer to autogenerated
	    remoteNetworkUpdate to the function table for the remote
	    network driver.
	* src/remote/remote_protocol.x: add the "args" struct and add one more
	    item to the remote_procedure enum for this function.
	* src/remote_protocol-struct: update to match remote_protocol.x

	network: define new API virNetworkUpdate
	This patch adds a new public API virNetworkUpdate that will permit
	updating an existing network configuration without requiring that the
	network be destroyed/restarted for the changes to take effect.

2012-09-18  Ján Tomko  <jtomko@redhat.com>

	tests: add qemu-1.2.0 help data
	Generated with:
	qemu-system-x86_64 -help >tests/qemuhelpdata/qemu-1.2.0
	qemu-system-x86_64 \
	    -device ? \
	    -device pci-assign,? \
	    -device virtio-blk-pci,? \
	    -device virtio-net-pci,? \
	    -device scsi-disk,? 2>tests/qemuhelpdata/qemu-1.2.0-device

	qemu: add -sandbox to command line if requested

	qemu: conf: add seccomp_sandbox option

	qemu: add capability flag for seccomp sandbox
	This series adds support to run QEMU with seccomp sandbox enabled. It can be
	configured in qemu.conf to on, off, or the QEMU default, which is off in 1.2.
	Default value is the QEMU default.

2012-09-18  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Avoid deadlock on HandleAgentEOF
	On agent EOF the qemuProcessHandleAgentEOF() callback is called
	which locks virDomainObjPtr. Then qemuAgentClose() is called
	(with domain object locked) which eventually calls qemuAgentDispose()
	and qemuProcessHandleAgentDestroy(). This tries to lock the
	domain object again. Hence the deadlock.

2012-09-18  Osier Yang  <jyang@redhat.com>

	qemu: Use disk wwn in qemu command line
	All of ide-drive, ide-hd, ide-cd, scsi-disk, scsi-hd, and scsi-cd
	supports wwn property. (NB, scsi-block doesn't support to set wwn).
	* src/qemu/qemu_command.c: Error out if underlying QEMU doesn't
	support wwn property for the device; Set wwn for the device otherwise.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-ide-wwn.args: New test
	* tests/qemuxml2argvdata/qemuxml2argv-disk-ide-wwn.xml: Likewise
	* tests/qemuxml2argvdata/qemuxml2argv-disk-scsi-disk-wwn.args: Likewise
	* tests/qemuxml2argvdata/qemuxml2argv-disk-scsi-disk-wwn.xml: Likewise
	* tests/qemuxml2argvtest.c: Add the new tests.

	qemu: Add caps to indentify if setting wwn is supported by qemu
	This assumes ide-drive.wwn, ide-hd.wwn, ide-cd.wwn were supported
	at the same time, similar for scsi-disk.wwn, scsi-hd.wwn, and
	scsi-cd.wwn. So only two new caps (QEMU_CAPS_IDE_DRIVE_WWN,
	and QEMU_CAPS_SCSI_DISK_WWN) are introduced.

	conf: Parse and format disk <wwn>
	Validates the wwn while parsing, error out if it's malformed.
	* src/util/util.h: Declare virValidateWWN
	* src/util/util.c: Implement virValidateWWN
	* src/libvirt_private.syms: Export virValidateWWN.
	* src/conf/domain_conf.h: New member 'wwn' for disk def.
	* src/conf/domain_conf.c: Parse and format disk <wwn>

	schema: Add schema for disk <wwn>
	* docs/formatdomain.html.in: Add document.
	* docs/schemas/nodedev.rng: Move definition of "wwn" to ...
	* docs/schemas/basictypes.rng: ...Here
	* docs/schemas/domaincommon.rng: Add schema for disk <wwn>

2012-09-18  Eric Blake  <eblake@redhat.com>

	blockjob: add blockcommit support to rpc
	Relatively straightforward.  Our decision to make block job
	speed a long keeps haunting us on new API.
	* src/remote/remote_protocol.x (remote_domain_block_commit_args):
	New struct.
	* src/remote/remote_driver.c (remote_driver): Enable it.
	* src/remote_protocol-structs: Regenerate.
	* src/rpc/gendispatch.pl (long_legacy): Exempt another bandwidth.

	blockjob: add virsh blockcommit
	The new command 'virsh blockcommit $dom $disk' requests the start
	of an asynchronous commit operation across the entire chain of
	$disk.  Further arguments can fine-tune which portion of the
	chain is committed.  Existing 'virsh blockjob' commands can then
	track the status, change the bandwidth, or abort the commit job.
	With a bit more on the command line, 'virsh blockcommit $dom $disk
	--wait --verbose' can be used for blocking behavior, with visual
	feedback on the overall status, and can be canceled with Ctrl-C.
	The overall design, including the wait loop logic, borrows heavily
	from the existing blockpull command.
	* tools/virsh-domain.c (cmdBlockCommit): New function.
	* tools/virsh.pod (blockcommit): Document it.

	blockjob: add virDomainBlockCommit
	A block commit moves data in the opposite direction of block pull.
	Block pull reduces the chain length by dropping backing files after
	data has been pulled into the top overlay, and is always safe; block
	commit reduces the chain length by dropping overlays after data has
	been committed into the backing file, and any files that depended
	on base but not on top are invalidated at any point where they have
	unallocated data that is now pointing to changed contents in base.
	Both directions are useful, however: a qcow2 layer that is more than
	50% allocated will typically be faster with a pull operation, while
	a qcow2 layer with less than 50% allocation will be faster as a
	commit operation.  Committing across multiple layers can be more
	efficient than repeatedly committing one layer at a time, but
	requires extra support from the hypervisor.
	This API matches Jeff Cody's proposed qemu command 'block-commit':
	https://lists.gnu.org/archive/html/qemu-devel/2012-09/msg02226.html
	Jeff's command is still in the works for qemu 1.3, and may gain
	further enhancements, such as the ability to control on-error
	handling (it will be comparable to the error handling Paolo is
	adding to 'drive-mirror', so a similar solution will be needed
	when I finally propose virDomainBlockCopy with more functionality
	than the basics supported by virDomainBlockRebase).  However, even
	without qemu support, this API will be useful for _offline_ block
	commits, by wrapping qemu-img calls and turning them into a block
	job, so this API is worth committing now.
	For some examples of how this will be implemented, all starting
	with the chain: base <- snap1 <- snap2 <- active
	+ These are equivalent:
	 virDomainBlockCommit(dom, disk, NULL, NULL, 0, 0)
	 virDomainBlockCommit(dom, disk, NULL, "active", 0, 0)
	 virDomainBlockCommit(dom, disk, "base", NULL, 0, 0)
	 virDomainBlockCommit(dom, disk, "base", "active", 0, 0)
	but cannot be implemented for online qemu with round 1 of
	Jeff's patches; and for offline images, it would require
	three back-to-back qemu-img invocations unless qemu-img
	is patched to allow more efficient multi-layer commits;
	the end result would be 'base' as the active disk with
	contents from all three other files, where 'snap1' and
	'snap2' are invalid right away, and 'active' is invalid
	once any further changes to 'base' are made.
	+ These are equivalent:
	 virDomainBlockCommit(dom, disk, "snap2", NULL, 0, 0)
	 virDomainBlockCommit(dom, disk, NULL, NULL, 0, _SHALLOW)
	they cannot be implemented for online qemu, but for offline,
	it is a matter of 'qemu-img commit active', so that 'snap2'
	is now the active disk with contents formerly in 'active'.
	+ Similarly:
	 virDomainBlockCommit(dom, disk, "snap2", NULL, 0, _DELETE)
	for an offline domain will merge 'active' into 'snap2', then
	delete 'active' to avoid leaving a potentially invalid file
	around.
	+ This version:
	 virDomainBlockCommit(dom, disk, NULL, "snap2", 0, _SHALLOW)
	can be implemented online with 'block-commit' passing a base of
	snap1 and a top of snap2; and can be implemented offline by
	'qemu-img commit snap2' followed by 'qemu-img rebase -u
	-b snap1 active'
	* include/libvirt/libvirt.h.in (virDomainBlockCommit): New API.
	* src/libvirt.c (virDomainBlockCommit): Implement it.
	* src/libvirt_public.syms (LIBVIRT_0.10.2): Export it.
	* src/driver.h (virDrvDomainBlockCommit): New driver callback.
	* docs/apibuild.py (CParser.parseSignature): Add exception.

	qemu: drop unused arguments for dump-guest-memory
	Upstream qemu has raised a concern about whether dumping guest
	memory by reading guest paging tables is a security hole:
	https://lists.gnu.org/archive/html/qemu-devel/2012-09/msg02607.html
	While auditing libvirt to see if we would be impacted, I noticed
	that we had some dead code.  It is simpler to nuke the dead code
	and limit our monitor code to just the subset we make use of.
	* src/qemu/qemu_monitor.h (QEMU_MONITOR_DUMP): Drop poorly named
	and mostly-unused enum.
	* src/qemu/qemu_monitor.c (qemuMonitorDumpToFd): Drop arguments.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDump): Likewise.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDump): Likewise.
	* src/qemu/qemu_driver.c (qemuDumpToFd): Update caller.

2012-09-18  Osier Yang  <jyang@redhat.com>

	build: Fix build failure on non-linux platform

2012-09-18  Laine Stump  <laine@laine.org>

	conf: avoid freeing network object with undestroyed mutex
	virNetworkAssignDef was allocating a new network object, initing and
	grabbing its lock, then potentially freeing it without unlocking or
	destroying the lock. In practice 1) this will probably never happen,
	and 2) even if it did, the lock implementation used on most (all?)
	platforms doesn't actually hold any resources for an initialized or
	held lock, but it still bothered me, so I moved the realloc that could
	lead to this bad situation earlier in the function, and now the mutex
	isn't inited or locked until we are assured of complete success.

	conf: separate functions to parse DHCPHostDef and DHCPRangeDef
	These two objects were previously always parsed as a part of an IpDef,
	but we will now need to be able to parse them on their own for
	virNetworkUpdate(). Split the parsing functions out, with no
	functional changes.

2012-09-18  Hu Tao  <hutao@cn.fujitsu.com>

	remove virDomainCpuSetFormat and virDomainCpuSetParse
	virBitmap is recommanded to store cpuset info, and
	virBitmapFormat/virBitmapParse can do the format/parse
	jobs.

2012-09-18  Laine Stump  <laine@laine.org>

	xen: eliminate remaining uses of virDomainCpuSetParse
	The final patch in Hu Tao's series to enhance virBitmap actually
	removes virDomainCpuSetParse and virDomainCpuSetFormat as "no longer
	used", and the rest of the series hadn't taken care of two uses of
	virDomainCpuSetParse in the xen code.
	This patch replaces those with appropriate virBitmap functions. It
	should be pushed prior to the patch removing virDomainCpuSetParse.

2012-09-18  Hu Tao  <hutao@cn.fujitsu.com>

	use virBitmap to store nodeinfo.

	use virBitmap to store cells' cpumask info.

	use virBitmap to store cpumask info.

	use virBitmap to store numa nodemask info.

	use virBitmap to store cpu affinity info

	use virBitmap to store cpupin info

	New functions for virBitmap
	In many places we store bitmap info in a chunk of data
	(pointed to by a char *), and have redundant codes to
	set/unset bits. This patch extends virBitmap, and convert
	those codes to use virBitmap in subsequent patches.

	bitmap: new member variable and function renaming
	Add a new member variable map_len to store map len of bitmap.
	and rename size to max_bit accordingly.
	rename virBitmapAlloc to virBitmapNew.

2012-09-17  Peter Krempa  <pkrempa@redhat.com>

	virsh: Clarify behavior of domain list filtering.
	Some combinations of filtering flags produce no result. This patch tries
	to clarify this.

2012-09-17  Osier Yang  <jyang@redhat.com>

	Build: Fix typos which cause build failure
	Pushed under build-breaker rules.

	node_memory: Expose the APIs to Python bindings
	* python/libvirt-override-api.xml: (Add document to describe
	  the APIs).
	* python/libvirt-override.c: (Implement the API wrappers manually)

	node_memory: Expose the APIs to virsh
	New command node-memory-tune to get/set the node memory parameters,
	only two parameters are allowed to set (pages_to_scan, and sleep_millisecs,
	see documents in this patch for more details).
	Example of node-memory-tune's output:
	Shared memory:
		pages_to_scan   100
		sleep_millisecs 20
		pages_shared    0
		pages_sharing   0
		pages_unshared  0
		pages_volatile  0
		full_scans      0

	node_memory: Support get/set memory parameters for drivers
	Including QEMU, LXC, UML, XEN drivers.

	node_memory: Implement the internal APIs
	Only implemented for linux platform.
	* src/nodeinfo.h: (Declare node{Get,Set}MemoryParameters)
	* src/nodeinfo.c: (Implement node{Get,Set}MemoryParameters)
	* src/libvirt_private.syms: (Export those two new internal APIs to
	  private symbols)

	node_memory: Wire up the RPC protocol
	* src/rpc/gendispatch.pl: (virNodeSetMemoryParameters is the
	  the special one which needs a connection object as the first
	  argument, improve the generator to support it).
	* daemon/remote.c: (Implement the server side handler for
	  virDomainGetMemoryParameters)
	* src/remote/remote_driver.c: (Implement the client side handler
	  for virDomainGetMemoryParameters)
	* src/remote/remote_protocol.x: (New RPC procedures for the two
	  new APIs and structs to represent the args and ret for it)
	* src/remote_protocol-structs: Likewise

	node_memory: Define the APIs to get/set memory parameters
	* include/libvirt/libvirt.h.in: (Add macros for the param fields,
	  declare the APIs).
	* src/driver.h: (New methods for the driver struct)
	* src/libvirt.c: (Implement the public APIs)
	* src/libvirt_public.syms: (Export the public symbols)

	list: Use virConnectListAllSecrets in virsh
	This introduces four new options for secret-list, to filter the
	returned secrets by whether it's ephemeral or not, and/or by
	whether it's private or not.
	* tools/virsh-secret.c: (New helper vshSecretSorter,
	  vshSecretListFree, and vshCollectSecretList; Use the new
	  API for secret-list; error out if flags are specified,
	  because there is no way to filter the results when using
	  old APIs (no APIs to get the properties (ephemeral, private)
	  of a secret yet).
	* tools/virsh.pod: Document the 4 new options.

	list: Expose virConnectListAllSecrets to Python binding
	The implementation is done manually as the generator does not support
	wrapping lists of C pointers into Python objects.
	python/libvirt-override-api.xml: Document
	python/libvirt-override-virConnect.py: Implementation for listAllSecrets.
	python/libvirt-override.c: Implementation for the wrapper.

	list: Implement listAllSecrets
	Simply returns the object list. Supports to filter the secrets
	by its storage location, and whether it's private or not.
	src/secret/secret_driver.c: Implement listAllSecrets

	list: Implement RPC calls for virConnectListAllSecrets
	The RPC generator doesn't support returning list of object yet, this patch
	does the work manually.
	  * daemon/remote.c:
	    Implement the server side handler remoteDispatchConnectListAllSecrets.
	  * src/remote/remote_driver.c:
	    Add remote driver handler remoteConnectListAllSecrets.
	  * src/remote/remote_protocol.x:
	    New RPC procedure REMOTE_PROC_CONNECT_LIST_ALL_SECRETS and
	    structs to represent the args and ret for it.
	  * src/remote_protocol-structs: Likewise.

	list: Define new API virConnectListAllSecrets
	This is to list the secret objects. Supports to filter the secrets
	by its storage location, and whether it's private or not.
	include/libvirt/libvirt.h.in: Declare enum virConnectListAllSecretFlags
	                              and virConnectListAllSecrets.
	python/generator.py: Skip auto-generating
	src/driver.h: (virDrvConnectListAllSecrets)
	src/libvirt.c: Implement the public API
	src/libvirt_public.syms: Export the symbol to public

	list: Use virConnectListAllNWFilters in virsh
	tools/virsh-nwfilter.c:
	  * vshNWFilterSorter to sort network filters by name
	  * vshNWFilterListFree to free the network filter objects list.
	  * vshNWFilterListCollect to collect the network filter objects, trying
	    to use new API first, fall back to older APIs if it's not supported.

	list: Expose virConnectListAllNWFilters to Python binding
	The implementation is done manually as the generator does not support
	wrapping lists of C pointers into Python objects.
	python/libvirt-override-api.xml: Document
	python/libvirt-override-virConnect.py:
	  * Implementation for listAllNWFilters.
	python/libvirt-override.c: Implementation for the wrapper.

	list: Implement listAllNWFilters
	Simply returns the object list. No filtering.
	src/nwfilter/nwfilter_driver.c: Implement listAllNWFilters

	list: Implement RPC calls for virConnectListAllNWFilters
	The RPC generator doesn't support returning list of object yet, this patch
	do the work manually.
	  * daemon/remote.c:
	    Implemente the server side handler remoteDispatchConnectListAllNWFilters.
	  * src/remote/remote_driver.c:
	    Add remote driver handler remoteConnectListAllNWFilters.
	  * src/remote/remote_protocol.x:
	    New RPC procedure REMOTE_PROC_CONNECT_LIST_ALL_NWFILTERS and
	    structs to represent the args and ret for it.
	  * src/remote_protocol-structs: Likewise.

	list: Define new API virConnectListAllNWFilters
	This is to list the network filter objects. No flags are supported
	include/libvirt/libvirt.h.in: Declare enum virConnectListAllNWFilterFlags
	                              and virConnectListAllNWFilters.
	python/generator.py: Skip auto-generating
	src/driver.h: (virDrvConnectListAllNWFilters)
	src/libvirt.c: Implement the public API
	src/libvirt_public.syms: Export the symbol to public

	list: Use virConnectListAllNodeDevices in virsh
	tools/virsh-nodedev.c:
	  * vshNodeDeviceSorter to sort node devices by name
	  * vshNodeDeviceListFree to free the node device objects list.
	  * vshNodeDeviceListCollect to collect the node device objects, trying
	    to use new API first, fall back to older APIs if it's not supported.
	  * Change option --cap to accept multiple capability types.
	tools/virsh.pod
	  * Update document for --cap

	virsh: Don't motify the const string
	This improve helper vshStringToArray to accept const string as
	argument instead. To not convert the const string when using
	vshStringToArray, and thus avoid motifying it.

	list: Expose virConnectListAllNodeDevices to Python binding
	The implementation is done manually as the generator does not support
	wrapping lists of C pointers into Python objects.
	python/libvirt-override-api.xml: Document
	python/libvirt-override-virConnect.py:
	  * Implementation for listAllNodeDevices.
	python/libvirt-override.c: Implementation for the wrapper.

	list: Implement listAllNodeDevices
	This simply implements listAllNodeDevices using helper virNodeDeviceList
	src/node_device/node_device_driver.h:
	  * Declare nodeListAllNodeDevices.
	src/node_device/node_device_driver.c:
	  * Implement nodeListAllNodeDevices.
	src/node_device/node_device_hal.c:
	  * Hook listAllNodeDevices to nodeListAllNodeDevices.
	src/node_device/node_device_udev.c
	  * Hook listAllNodeDevices to nodeListAllNodeDevices.

	list: Add helpers for listing node devices
	src/conf/node_device_conf.h:
	  * New macro VIR_CONNECT_LIST_NODE_DEVICES_FILTERS_CAP
	  * Declare virNodeDeviceList
	src/conf/node_device_conf.c:
	  * New helpers virNodeDeviceCapMatch, virNodeDeviceMatch.
	    virNodeDeviceCapMatch looks up the list of all the caps the device
	    support, to see if the device support the cap type.
	  * Implement virNodeDeviceList
	src/libvirt_private.syms:
	  * Export virNodeDeviceList
	  * Export virNodeDevCapTypeFromString

	list: Implement RPC calls for virConnectListAllNodeDevices
	The RPC generator doesn't support returning list of object yet, this patch
	does the work manually.
	  * daemon/remote.c:
	    Implemente the server side handler remoteDispatchConnectListAllNodeDevices.
	  * src/remote/remote_driver.c:
	    Add remote driver handler remoteConnectListAllNodeDevices.
	  * src/remote/remote_protocol.x:
	    New RPC procedure REMOTE_PROC_CONNECT_LIST_ALL_INTERFACES and

	list: Define new API virConnectListAllNodeDevices
	This is to list the node device objects, supports to filter the results
	by capability types.
	include/libvirt/libvirt.h.in: Declare enum virConnectListAllNodeDeviceFlags
	                              and virConnectListAllNodeDevices.
	python/generator.py: Skip auto-generating
	src/driver.h: (virDrvConnectListAllNodeDevices)
	src/libvirt.c: Implement the public API
	src/libvirt_public.syms: Export the symbol to public

2012-09-15  Dwight Engen  <dwight.engen@oracle.com>

	build: fix missing include
	virNWFilterSnoopAdjustPoll() uses a struct pollfd but poll.h is never included
	nwfilter/nwfilter_dhcpsnoop.c:1297: error: 'struct pollfd' declared inside parameter list

2012-09-15  Daniel P. Berrange  <berrange@redhat.com>

	Add missing 'goto error' in QEMU command line building
	If reporting case of a binary not supporting KVM or kQEMU, libvirt
	forgot to jump to the error branch for cleanup

	Fix initialization of virCommandPtr when creating QEMU argv
	If the qemuBuildCommandLine method raised an error before the
	virCommandPtr instance was created, the local var would not
	be initialized, resulting in a possible SEGV in the error
	cleanup branch. Also add some debugging of the method params

	Fix 3 broken test cases which were mistakenly raising errors
	Several test cases were mistakenly raising errors due to the
	QEMU_CAPS_KVM flag being missed.

2012-09-14  Ján Tomko  <jtomko@redhat.com>

	qemu: fix uninitialized variable in qemuParseCommandLine
	Newly added if branch for kvm_pv_eoi did not set the ret variable.

2012-09-14  Daniel P. Berrange  <berrange@redhat.com>

	Introduce a API for creating QEMU capabilities for a binary
	Introduce a qemuCapsNewForBinary() API which creates a new
	QEMU capabilities object, populated with data relating to
	a specific QEMU binary. The qemuCaps object is also given
	a timestamp, which makes it possible to detect when the
	cached capabilities for a binary are out of date

	Remove upfront check for hmp - just try it cope with failure
	Don't bother checking for the existance of the HMP passthrough
	command. Just try to execute it, and propagate the failure.

	Don't overwrite errors raised by qemuMonitorHMPCommand
	The qemuMonitorHMPCommand() API and things it calls will report
	a wide variety of errors. The QEMU text monitor should not be
	overwriting these errors

2012-09-14  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Add support for EOI with APIC
	This patch adds full support for EOI setting for domains. Because this
	is CPU feature (flag), the model needs to be added even when it's not
	specified. Fortunately this problem was already solved with kvmclock,
	so this patch simply abuses that.
	And due to the size of the patch (17 lines) I dared to include the tests.

	Add support for EOI with APIC
	New options is added to support EOI (End of Interrupt) exposure for
	guests. As it makes sense only when APIC is enabled, I added this into
	the <apic> element in <features> because this should be tri-state
	option (cannot be handled as standalone feature).

	security: Fix libvirtd crash possibility
	Fix for CVE-2012-4423.
	When generating RPC protocol messages, it's strictly needed to have a
	continuous line of numbers or RPC messages. However in case anyone
	tries backporting some functionality and will skip a number, there is
	a possibility to make the daemon segfault with newer virsh (version of
	the library, rpc call, etc.) even unintentionally.
	The problem is that the skipped numbers will get func filled with
	NULLs, but there is no check whether these are set before the daemon
	tries to run them. This patch very simply enhances one check and fixes
	that.

2012-09-14  Guannan Ren  <gren@redhat.com>

	snapshot: fix rollback failure in transaction mode
	BZ:https://bugzilla.redhat.com/show_bug.cgi?id=843372
	when qemu supports the 'transaction' monitor command,
	and libvirt's --reuse-ext flag was not specified, libvirt created
	a stub file with zero size in first place. After the failure of
	QEMU transaction command performing qcow2 snapshots on more than
	one drives, the stub file is left behind with non-empty
	by the QEMU transaction command.
	In order to unlink the file, the patch removes the file size checking.
	Steps to reproduce the issue:
	Steps:
	 1, Create a qemu instance with two drive images of qcow2 type (root user)
	    /usr/libexec/qemu-kvm -m 1024 -smp 1 -name "rhel6u1" \
	      -drive file=/var/lib/libvirt/images/firstqcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none
	      -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 \
	      -drive file=/var/lib/libvirt/images/secondqcow2,if=none,id=drive-virtio-disk1,format=qcow2,cache=none \
	      -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk1,id=virtio-disk1 -qmp stdio
	 2, Initialize qemu qmp
	    {"execute":"qmp_capabilities"}
	 3, Remove the second drive image file
	    rm -f /var/lib/libvirt/images/secondqcow2
	 4, Run 'transaction' command with snapshot qemu commands in.
	    {"execute":"transaction","arguments":
	      {"actions":
	        [{"type":"blockdev-snapshot-sync","data":
	          {"device":"drive-virtio-disk0","snapshot-file":"/var/lib/libvirt/images/firstqcow2-snapshot.img","format":"qcow2"}
	         },
	         {"type":"blockdev-snapshot-sync","data":
	          {"device":"drive-virtio-disk1","snapshot-file":"/var/lib/libvirt/images/secondqcow2-snapshot.img","format":"qcow2"}
	         }]
	      },
	   "id":"libvirt-6"}
	 5, Got the error as follows:
	    {"id": "libvirt-6",
	      "error": {"class": "OpenFileFailed", "desc": "Could not open '/var/lib/libvirt/images/secondqcow2-snapshot.img'",
	                "data": {"filename": "/var/lib/libvirt/images/secondqcow2-snapshot.img"}
	               }
	    }
	 6, List first newly-created snapshot file:
	    -rw-r--r--. 1 root root     262144 Sep 13 11:43 firstqcow2-snapshot.img

2012-09-14  Osier Yang  <jyang@redhat.com>

	Improve virTypedParameterValidateSet
	Assume not only domain object will use it.

2012-09-14  Guido Günther  <agx@sigxcpu.org>

	Look in Debian's multiarch libs too
	so we don't fail when libnetcf is built as multiarch lib.

2012-09-14  Eric Blake  <eblake@redhat.com>

	build: don't fail if libnl-3 is not found
	Commit 9298bfb changed configure to split the libnl into two
	separate pkg config checks instead of nesting the second check
	on the failure path of the first.  But the default pkg config
	behavior is to abort configure if a check fails.  Since we have
	a second check lined up, we need an explicit failure case that
	does not abort if the first check fails.
	Meanwhile, commit 51b708c is reverted.  It did not fix any
	behavior, and in fact, introduced a regression to the fallback
	case when the user explicitly sets $LIBNL_CFLAGS.
	* configure.ac: Don't abort if libnl-3 is not found.

2012-09-14  Alex Jia  <ajia@redhat.com>

	conf: avoid libvirt crash with empty address guestfwd channel
	The 'def->target.addr' hasn't been initialized in virDomainChrDefNew() and
	its value is always '0xffffffff', in addition, the following test scenario
	hasn't also include 'address' element in channel XML block, so the branch
	'if (addrStr == NULL)' is hit in virDomainChrDefParseTargetXML(), the
	programming jumps to 'error' label to release relevant resources, and the
	statement 'if (VIR_ALLOC(def->target.addr) < 0)' hasn't been executed then
	the virDomainChrDefFree() will free 'def->target.addr'(0xffffffff) via
	VIR_FREE(), which results in libvirt crash, to use valgrind can also
	find a 'Invalid free() / delete / delete[]' error. This patch just adjusts
	codes order to initialize 'def->target.addr' firstly.
	With this patch, libvirt hasn't crash and can get a expected error message "
	XML error: guestfwd channel does not define a target address".
	How to reproduce?
	1. define a guest with the following channel XML configuration
	$ cat foo.xml
	<snip>
	    <channel type='pty'>
	      <target type='guestfwd'/>
	    </channel>
	</snip>
	$ virsh define foo.xml
	2. actual result
	error: Failed to define domain from /tmp/foo.xml
	error: End of file while reading data: Input/output error
	error: Failed to reconnect to the hypervisor
	GDB debugger information:
	<snip>
	Breakpoint 1, virDomainChrDefFree (def=0x7f8ab000ec70) at conf/domain_conf.c:1264
	...ignore
	1264    {
	(gdb) p def->target
	$2 = {port = -1, addr = 0xffffffff, name = 0xffffffff <Address 0xffffffff out of bounds>}
	</snip>
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=856489

2012-09-13  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: implement containers creation
	Add separate function parallelsCreateCt, which creates container.
	Also add example xml configuration domain-parallels-ct-simple.xml.

	parallels: fix parallelsDomainDefineXML for existing containers
	Fix code, which checks what is changed in virDomainDef structure.
	It looks slightly different for containers and VMs: containers haven't
	boot devices, but have init path

	parallels: handle unlimited cpus on containers
	User may set "unlimited" cpus for containers, which means to
	take all available cpus on the node.

	parallels: add support of containers to the driver
	This patch makes parallelsLoadDomains to be able to load information
	about containers. So functions, which return different information
	and change state will work.
	parallelsDomainDefineXML will be fixed in separate patch.

2012-09-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix data types used for list sizes in QEMU capabilities
	The QEMU capabilities APIs used a misc of 'int' and
	'unsigned int' for variables relating to array sizes.
	Change all these to use 'size_t'

	Add API for copying instances of the qemuCapsPtr object
	To allow each VM instance to record additional capabilities
	without affecting other VMs, there needs to be a way to do
	a deep copy of the qemuCapsPtr object

	Add ability to store other metadata in the qemu capabilities object
	Add struct fields and APIs to allow the qemu capabilities object
	to store version, arch, machines & cpu names, etc

	Make qemuCapsProbeCommand static
	The qemuCapsProbeCommand API is only used by the capabilities
	code, so can be static

	Turn QEMU capabilities object into a full virObjectPtr
	The current qemu capabilities are stored in a virBitmapPtr
	object, whose type is exposed to callers. We want to store
	more data besides just the flags, so we need to move to a
	struct type. This object will also need to be reference
	counted, since we'll be maintaining a cache of data per
	binary. This change introduces a 'qemuCapsPtr' virObject
	class. Most of the change is just renaming types and
	variables in all the callers

	Allow caps to be NULL when creating virDomainObjPtr instances
	If no private data needs to be maintained, it can be useful
	to create virDomainObjPtr instances without having a virCapsPtr
	instance around. Adapt the virDomainObjNew() function to allow
	for a NULL caps

	Wait to receive QMP greeting before sending any monitor commands
	Technically speaking we should wait until we receive the QMP
	greeting message before attempting to send any QMP monitor
	commands. Mostly we've got away with this, but there is a race
	in some QEMU which cause it to SEGV if you sent it data too
	soon after startup. Waiting for the QMP greeting avoids the
	race

	Add a virBitmapCopy API
	Add an API allowing flags from one virBitmapPtr to be copied
	into another instance.

2012-09-13  Guannan Ren  <gren@redhat.com>

	doc: update usb redirection filter infomation on formatdomain.html

	test: add xml2argvtest for usb-redir filter and update xml schema

	qemu: build USB redirection filter qemu command line
	Input XML snip:
	<redirdev bus='usb' type='spicevmc'>
	   <address type='usb' bus='0' port='4'/>
	 </redirdev>
	<redirfilter>
	  <usbdev class='0x08' vendor='0x1234' product='0xbeef' \
	          version='2.00' allow='yes'/>
	  <usbdev class='-1' vendor='-1' product='-1' version='-1' allow='no'/>
	</redirfilter>
	will be converted to:
	-device usb-redir,chardev=charredir0,id=redir0,\
	filter=0x08:0x1234:0xBEEF:0x2000:1|-1:-1:-1:-1:0,bus=usb.0,port=4

	qemu: define and parse USB redirection filter XML
	https://bugzilla.redhat.com/show_bug.cgi?id=795929
	http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6af165892cf900291046f1d25f95416f379504c2
	This patch define and parse the input XML of USB redirection filter.
	<devices>
	...
	  <redirdev bus='usb' type='spicevmc'>
	    <address type='usb' bus='0' port='4'/>
	  </redirdev>
	  <redirfilter>
	    <usbdev class='0x08' vendor='0x1234' product='0xbeef' \
	            version='2.00' allow='yes'/>
	    <usbdev allow='no'/>
	  </redirfilter>
	...
	</devices>
	There is no 1:1 mapping between ports and redirected devices and
	qemu and spicy client couldn't decide into which usbredir ports
	the client can 'plug' redirected devices. So it make sense to apply
	all of filter rules global to all existing usb redirection devices.
	class attribute is USB Class codes. version is bcdDevice value
	of USB device. vendor and product is USB vendorId and productId.
	-1 can be used to allow any value for a field. Except allow attribute
	the other four are optional, default value is -1.

2012-09-13  Osier Yang  <jyang@redhat.com>

	virsh: Fix version numbers in comments
	And redundant error resetting.
	Pushed under trivial rule.

2012-09-13  Guannan Ren  <gren@redhat.com>

	qemu: add usb-redir.filter qemu capability flag
	Add a qemu flag for USB redirection filter support.
	The output:
	usb-redir.chardev=chr
	usb-redir.debug=uint8
	usb-redir.filter=string
	usb-redir.port=string

2012-09-13  Osier Yang  <jyang@redhat.com>

	build: Fix typo which causes build failure
	Pushed under build-breaker rule.

2012-09-13  Eric Blake  <eblake@redhat.com>

	build: force libnl1 if netcf also used libnl1
	Recent spec file changes ensure that in distro situations, netcf
	and libvirt will link against the same libnl in order to avoid
	dumping core.  But for every-day development, if you use F17 and
	have the libnl3-devel headers available, libvirt was blindly
	linking against libnl3 even though F17 netcf still links against
	libnl1, making testing a self-built binary on F17 impossible.
	By making configure a little bit smarter, we can avoid this
	situation - we merely skip the probe of libnl-3 if we can prove
	that netcf is still using libnl-1.  I intentionally wrote the
	test so that we still favor libnl-3 if netcf is not installed or
	if we couldn't use ldd to determine things.
	Defaults being what they are, someone will invariably complain
	that our smarts were wrong.  Never fear - in that case, just run
	./configure LIBNL_CFLAGS=..., where the fact that you set
	LIBNL_CFLAGS (even to the empty string) will go back to probing
	for libnl-3, regardless of netcf's choice.
	* configure.ac (LIBNL): Don't probe libnl3 if netcf doesn't use it.

	maint: fix missing spaces in message
	I got an off-list report about a bad diagnostic:
	Target network card mac 52:54:00:49:07:ccdoes not match source 52:54:00:49:07:b8
	True to form, I've added a syntax check rule to prevent it
	from recurring, and found several other offenders.
	* cfg.mk (sc_require_whitespace_in_translation): New rule.
	* src/conf/domain_conf.c (virDomainNetDefCheckABIStability): Add
	space.
	* src/esx/esx_util.c (esxUtil_ParseUri): Likewise.
	* src/qemu/qemu_command.c (qemuCollectPCIAddress): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSetMetadata)
	(qemuDomainGetMetadata): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainChangeNetBridge): Likewise.
	* src/rpc/virnettlscontext.c
	(virNetTLSContextCheckCertDNWhitelist): Likewise.
	* src/vmware/vmware_driver.c (vmwareDomainResume): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc, vboxAttachDrives):
	Avoid false negatives.
	* tools/virsh-domain.c (info_save_image_dumpxml): Reword.
	Based on a report by Luwen Su.

	build: avoid confusing make with raw name 'undefine'
	Make has a builtin operator 'undefine', and coupled with latest
	automake.git, this test name ended up confusing make into thinking
	the file name was meant to be used as the make operator.  Renaming
	the file avoids the confusion.
	* tests/undefine: Rename...
	* tests/virsh-undefine: ...to this.
	* tests/Makefile.am (test_scripts): Use new name.
	Reported by Jim Meyering.

2012-09-13  Daniel P. Berrange  <berrange@redhat.com>

	Add API for opening a QEMU monitor from a socket FD
	Currently qemuMonitorOpen() requires an address of the QEMU
	monitor. When doing QMP based capabilities detection it is
	easier if a pre-opened FD can be provided, since then the
	monitor can be run on the STDIO console. Add a new API
	qemuMonitorOpenFD() for such usage

2012-09-12  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: fix parallelsDomainDefineXML for domains with VNC and autoport
	virDomainDefParseString assigns 0 to port if autoport enabled.
	So fix code, which check different between old and new
	configurations.

	parallels: fix parallelsDoCmdRun in case of command failure
	Don't try to dereferece NULL pointer.

2012-09-12  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Backcompt for console devices in virDomainDeviceInfoIterate
	Historically, the first <console> element is treated as the
	alias of a <serial> device. In the virDomainDeviceInfoIterate,
	This situation is not considered. It still handles the first <console>
	element as another devices, which means that for console[0] with
	serial targetType, it calls callback function another time.
	It will cause the problem of address conflicts when assigning
	spapr-vio address for serial device on pSeries guest.
	For pSeries guest, the serial configuration in the xml file
	is as the following:
	         <serial type='pty'>
	               <target port='0'/>
	               <address type='spapr-vio'/>
	          </serial>
	Console configuration is default, the dumped xml file is as the following:
	   <serial type='pty'>
	      <source path='/dev/pts/5'/>
	      <target port='0'/>
	      <alias name='serial0'/>
	      <address type='spapr-vio' reg='0x30000000'/>
	    </serial>
	    <console type='pty' tty='/dev/pts/5'>
	      <source path='/dev/pts/5'/>
	      <target type='serial' port='0'/>
	      <alias name='serial0'/>
	      <address type='spapr-vio' reg='0x30000000'/>
	    </console>
	It shows that the <console> device is the alias of serial device.
	So its address is the same as the serial device. When detecting
	the conflicts in the qemuAssignSpaprVIOAddress the first console
	and the serial device conflicts because virDomainDeviceInfoIterate()
	still handle these as two different devices, and in the qemuAssignSpaprVIOAddress(),
	it will compare these two devices' addressed. If they have same address,
	it will report address conflict error.
	So this patch is to handle the first console which targetType is serial
	as the alias of serial device to avoid address conflicts error reported.

2012-09-12  Osier Yang  <jyang@redhat.com>

	list: Expose virConnectListAllInterfaces to Python binding
	The implementation is done manually as the generator does not support
	wrapping lists of C pointers into Python objects.
	python/libvirt-override-api.xml: Document
	python/libvirt-override-virConnect.py:
	  * New file, includes implementation of listAllInterfaces.
	python/libvirt-override.c: Implementation for the wrapper.

	list: Use virConnectListAllInterfaces in virsh
	tools/virsh-interface.c:
	  * vshInterfaceSorter to sort interfaces by name
	  * vshInterfaceListFree to free the interface objects list.
	  * vshInterfaceListCollect to collect the interface objects, trying
	    to use new API first, fall back to older APIs if it's not supported.

	list: Implement listAllInterfaces
	This is not that ideal as API for other objects, as it's still
	O(n). Because interface driver uses netcf APIs to manage the
	stuffs, instead of by itself. And netcf APIs don't return a object.
	It provides APIs like old libvirt APIs:
	   ncf_number_of_interfaces
	   ncf_list_interfaces
	   ncf_lookup_by_name
	   ......
	Perhaps we should further improve netcf to let it provide an API
	to return the object, but it could be a later patch. And anyway,
	we will still benefit from the new API for the simplification,
	and no race like the old APIs.
	src/interface/netcf_driver.c: Implement listAllInterfaces

	list: Implemente RPC calls for virConnectListAllInterfaces
	The RPC generator doesn't support returning list of object yet, this patch
	do the work manually.
	  * daemon/remote.c:
	    Implemente the server side handler remoteDispatchConnectListAllInterfaces.
	  * src/remote/remote_driver.c:
	    Add remote driver handler remoteConnectListAllInterfaces.
	  * src/remote/remote_protocol.x:
	    New RPC procedure REMOTE_PROC_CONNECT_LIST_ALL_INTERFACES and
	    structs to represent the args and ret for it.
	  * src/remote_protocol-structs: Likewise.

	list: Define new API virConnectListAllInterfaces
	This is to list the interface objects, supported filtering flags
	are: active|inactive.
	include/libvirt/libvirt.h.in: Declare enum virConnectListAllInterfaceFlags
	                              and virConnectListAllInterfaces.
	python/generator.py: Skip auto-generating
	src/driver.h: (virDrvConnectListAllInterfaces)
	src/libvirt.c: Implement the public API
	src/libvirt_public.syms: Export the symbol to public

2012-09-12  Eric Blake  <eblake@redhat.com>

	docs: mention another iaas app built on libvirt
	Reported on the libvirt-users list.
	* docs/apps.html.in: Add Eucalyptus.
	Reported by Eric Choi.

2012-09-12  Hu Tao  <hutao@cn.fujitsu.com>

	fix bug in qemuSetupCgroupForEmulator
	Should not return 0 when failed to setup cgroup.

2012-09-12  Eric Blake  <eblake@redhat.com>

	build: avoid dirty docs on fresh bootstrap
	* HACKING: Regenerate.

2012-09-12  Federico Simoncelli  <fsimonce@redhat.com>

	python: Initialize new_params in virDomainSetSchedulerParameters
	The new_params variable must be initialized in case the
	virDomainGetSchedulerParameters call fails and we hit the cleanup
	section before actually allocating the new parameters.

2012-09-11  Ján Tomko  <jtomko@redhat.com>

	docs: page.xsl: fix FAQ link in subdirectories
	Links to the FAQ didn't work on pages in subdirectories, like
	devhelp/libvirt-virterror.html or internals/command.html, because
	they have had href_base prepended to them.

	docs: hacking.html.in: fix table of contents
	Two sections didn't have a working link in the TOC.

2012-09-11  Osier Yang  <jyang@redhat.com>

	Build: Fix typos which cause build failure
	Pushed under trivial rule.

2012-09-11  Daniel P. Berrange  <berrange@redhat.com>

	Don't invoke the auth callback if all credentials were in config file
	The remote driver first looks at the libvirt auth config file to
	fill in any credentials. It then invokes the auth callback for
	any remaining credentials. It was accidentally invoking the
	auth callback even if there were not any more credentials
	required.

	Call virResetLastError in all virConnectOpen* functions
	All public API functions must call virResetLastError to clear
	out any previous error. The virConnectOpen* functions forgot
	to do this.

	Check against python None type when filling in auth parameters
	When deciding whether to provide an auth function callback
	in openAuth(), credcb was checked against NULL, when it
	really needs to be checked against Py_None

	Print any exception that occurs in authentication callback
	If an exception occurs in the python callback for openAuth()
	the stack trace isn't seen by the apps, since this code is
	called from libvirt context. To aid diagnostics, print the
	error to stderr at least

	Fix crash passing an empty list to python openAuth() API
	If passing a 'credtype' parameter which was an empty list
	to the python openAuth() API, the 'credtype' field in
	the virConnectAuth struct would not be initialized. This
	lead to a crash when later trying to free that field.

2012-09-11  Osier Yang  <jyang@redhat.com>

	virsh: Fix the typos
	* tools/virsh-network.c: s/MATCH/VSH_MATCH/

	list: Expose virConnectListAllNetworks to Python binding
	The implementation is done manually as the generator does not support
	wrapping lists of C pointers into Python objects.
	python/libvirt-override-api.xml: Document
	python/libvirt-override-virConnect.py: Implement listAllNetworks.
	python/libvirt-override.c: Implementation for the wrapper.

	list: Use virConnectListAllNetworks in virsh
	tools/virsh-network.c:
	  * vshNetworkSorter to sort networks by name
	  * vshNetworkListFree to free the network objects list.
	  * vshNetworkListCollect to collect the network objects, trying
	    to use new API first, fall back to older APIs if it's not supported.
	  * New options --persistent, --transient, --autostart, --no-autostart,
	    for net-list, and new field 'Persistent' for its output.
	tools/virsh.pod:
	  * Add documents for the new options.

	list: Implement listAllNetworks for test driver
	src/test/test_driver.c: Implement listAllNetworks.

	list: Implement listAllNetworks for network driver
	src/network/bridge_driver.c: Implement listAllNetworks.

	list: Add helpers to list network objects
	src/conf/network_conf.c: Add virNetworkMatch to filter the networks;
	and virNetworkList to iterate over all the networks with the filter.
	src/conf/network_conf.h: Declare virNetworkList and define the macros
	for filters.
	src/libvirt_private.syms: Export virNetworkList.

	list: Implement RPC calls for virConnectListAllNetworks
	The RPC generator doesn't support returning list of object, this patch
	do the work manually.
	* daemon/remote.c:
	  Implemente the server side handler remoteDispatchConnectListAllNetworks.
	* src/remote/remote_driver.c:
	  Add remote driver handler remoteConnectListAllNetworks.
	* src/remote/remote_protocol.x:
	  New RPC procedure REMOTE_PROC_CONNECT_LIST_ALL_NETWORKS and
	  structs to represent the args and ret for it.
	* src/remote_protocol-structs: Likewise.

	list: Define new API virConnectListAllNetworks
	This is to list the network objects, supported filtering flags
	are: active|inactive, persistent|transient, autostart|no-autostart.
	include/libvirt/libvirt.h.in: Declare enum virConnectListAllNetworkFlags
	                              and virConnectListAllNetworks.
	python/generator.py: Skip auto-generating
	src/driver.h: (virDrvConnectListAllNetworks)
	src/libvirt.c: Implement the public API
	src/libvirt_public.syms: Export the symbol to public

2012-09-10  Christophe Fergeau  <cfergeau@redhat.com>

	Fix unwanted closing of libvirt client connection
	e5a1bee07 introduced a regression in Boxes: when Boxes is left idle
	(it's still doing some libvirt calls in the background), the
	libvirt connection gets closed after a few minutes. What happens is
	that this code in virNetClientIOHandleOutput gets triggered:
	if (!thecall)
	    return -1; /* Shouldn't happen, but you never know... */
	and after the changes in e5a1bee07, this causes the libvirt connection
	to be closed.
	Upon further investigation, what happens is that
	virNetClientIOHandleOutput is called from gvir_event_handle_dispatch
	in libvirt-glib, which is triggered because the client fd became
	writable. However, between the times gvir_event_handle_dispatch
	is called, and the time the client lock is grabbed and
	virNetClientIOHandleOutput is called, another thread runs and
	completes the current call. 'thecall' is then NULL when the first
	thread gets to run virNetClientIOHandleOutput.
	After describing this situation on IRC, danpb suggested this:
	11:37 < danpb> In that case I think the correct thing would be to change
	               'return -1' above to 'return 0' since that's not actually an
	               error - its a rare, but expected event
	which is what this patch is doing. I've tested it against master
	libvirt, and I didn't get disconnected in ~10 minutes while this
	happens in less than 5 minutes without this patch.

2012-09-10  Osier Yang  <jyang@redhat.com>

	list: Expose virStoragePoolListAllVolumes to Python binding
	The implementation is done manually as the generator does not support
	wrapping lists of C pointers into Python objects.
	python/libvirt-override-api.xml: Document
	python/libvirt-override-virStoragePool.py:
	  * New file, includes implementation of listAllVolumes.
	python/libvirt-override.c: Implementation for the wrapper.

	list: Use virStoragePoolListAllVolumes in virsh
	tools/virsh-volume.c:
	  * vshStorageVolSorter to sort storage vols by name
	  * vshStorageVolumeListFree to free the volume objects list
	  * vshStorageVolumeListCollect to collect the volume objects, trying
	    to use new API first, fall back to older APIs if it's not supported.

	list: Implement virStoragePoolListAllVolumes for test driver
	src/test/test_driver.c: Implement poolListAllVolumes.

	list: Implement virStoragePoolListAllVolumes for storage driver
	src/storage/storage_driver.c: Implement poolListAllVolumes.

	list: Implement RPC calls for virStoragePoolListAllVolumes
	The RPC generator doesn't returning support list of object, this
	patch do the work manually.
	  * daemon/remote.c:
	    Implemente the server side handler remoteDispatchStoragePoolListAllVolumes
	  * src/remote/remote_driver.c:
	    Add remote driver handler remoteStoragePoolListAllVolumes
	  * src/remote/remote_protocol.x:
	    New RPC procedure REMOTE_PROC_STORAGE_POOL_LIST_ALL_VOLUMES and
	    structs to represent the args and ret for it.
	  * src/remote_protocol-structs: Likewise.

	list: Define new API virStoragePoolListAllVolumes
	Simply returns the storage volume objects. No supported filter
	flags.
	include/libvirt/libvirt.h.in: Declare the API
	python/generator.py: Skip the function for generating. virStoragePool.py
	                     will be added in later patch.
	src/driver.h: virDrvStoragePoolListVolumesFlags
	src/libvirt.c: Implementation for the API.
	src/libvirt_public.syms: Export the symbol to public

2012-09-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Remove unused variable from esxDomainGetAutostart

2012-09-09  Laine Stump  <laine@laine.org>

	docs: point out git send-email location, be more stern about make check
	An email came to libvir-list wondering why the git send-email command
	was missing in spite of having git installed; this is due to the
	send-email command being in a sub-package of the main git package.
	While touching the hacking file, I thought it would be useful to 1)
	indicate the location of the source (docs/hacking.html.in) in the
	message at the top of HACKING, and also to make the note about running
	"make check" and "make syntax-check" a bit more stern.

2012-09-08  Eric Blake  <eblake@redhat.com>

	build: fix build on older gcc
	On RHEL 6.2, gcc 4.4.6 complains:
	cc1: warning: command line option "-Wenum-compare" is valid for C++/ObjC++ but not for C
	which in turn breaks a -Werror build.
	Meanwhile, in Fedora 17, gcc 4.7.0, -Wenum-compare has been enhanced
	to also work on C, but at the same time, it is documented that -Wall
	now implicitly includes -Wenum-compare.
	Therefore, it is sufficient to remove explicit checks for this option,
	avoiding the warning from older gcc while still getting the
	compile-time safety from newer gcc.
	* m4/virt-compile-warnings.m4 (-Wenum-compare): Omit explicit check.

2012-09-07  Daniel P. Berrange  <berrange@redhat.com>

	Fix RPM spec conditional when %{rhel} is not defined

2012-09-07  Christophe Fergeau  <cfergeau@redhat.com>

	events: Fix domain event race on client disconnect
	GNOME Boxes sometimes stops getting domain events from libvirtd, even
	after restarting it. Further investigation in libvirtd shows that
	events are properly queued with virDomainEventStateQueue, but the
	timer virDomainEventTimer which flushes the events and sends them to
	the clients never gets called. Looking at the event queue in gdb
	shows that it's non-empty and that its size increases with each new
	events.
	virDomainEventTimer is set up in virDomainEventStateRegister[ID]
	when going from 0 client connecte to 1 client connected, but is
	initially disabled. The timer is removed in
	virDomainEventStateRegister[ID] when the last client is disconnected
	(going from 1 client connected to 0).
	This timer (which handles sending the events to the clients) is
	enabled in virDomainEventStateQueue when queueing an event on an
	empty queue (queue containing 0 events). It's disabled in
	virDomainEventStateFlush after flushing the queue (ie removing all
	the elements from it). This way, no extra work is done when the queue
	is empty, and when the next event comes up, the timer will get
	reenabled because the queue will go from 0 event to 1 event, which
	triggers enabling the timer.
	However, with this Boxes bug, we have a client connected (Boxes), a
	non-empty queue (there are events waiting to be sent), but a disabled
	timer, so something went wrong.
	When Boxes connects (it's the only client connecting to the libvirtd
	instance I used for debugging), the event timer is not set as expected
	(state->timer == -1 when virDomainEventStateRegisterID is called),
	but at the same time the event queue is not empty. In other words,
	we had no clients connected, but pending events. This also explains
	why the timer never gets enabled as this is only done when an event
	is queued on an empty queue.
	I think this can happen if an event gets queued using
	virDomainEventStateQueue and the client disconnection happens before
	the event timer virDomainEventTimer gets a chance to run and flush
	the event. In this situation, virDomainEventStateDeregister[ID] will
	get called with a non-empty event queue, the timer will be destroyed
	if this was the only client connected. Then, when other clients connect
	at a later time, they will never get notified about domain events as
	the event timer will never get enabled because the timer is only
	enabled if the event queue is empty when virDomainEventStateRegister[ID]
	gets called, which will is no longer the case.
	To avoid this issue, this commit makes sure to remove all events from
	the event queue when the last client in unregistered. As there is
	no longer anyone interested in receiving these events, these events
	are stale so there is no need to keep them around. A client connecting
	later will have no interest in getting events that happened before it
	got connected.

2012-09-07  Daniel P. Berrange  <berrange@redhat.com>

	Fix location of SELinux mount during RPM builds
	When building RPMs the host kernel cannot be assumed to match
	the target OS kernel. Thus auto-detecting /selinux vs
	/sys/fs/selinux based on the host kernel can result in the
	wrong choice (eg F18 builds on a RHEL6 host kernel)

	Don't assume use of /sys/fs/cgroup
	The introduction of /sys/fs/cgroup came in fairly recent kernels.
	Prior to that time distros would pick a custom directory like
	/cgroup or /dev/cgroup. We need to auto-detect where this is,
	rather than hardcoding it

	Introduce a test suite for the JSON monitor
	Take advantage of the previously added monitor helpers to
	create a test suite for the QEMU JSON monitor impl. As a
	proof of concept, this tests the 'qemuMonitorGetStatus'
	implementation

	Add helper library for testing the qemu monitor code
	To be able to test the QEMU monitor code, we need to have a fake
	QEMU monitor server. This introduces a simple (dumb) framework
	that can do this. The test case registers a series of items to
	be sent back as replies to commands that will be executed. A
	thread runs the event loop looking for incoming replies and
	sending back this pre-registered data. This allows testing all
	QEMU monitor code that deals with parsing responses and errors
	from QEMU, without needing QEMU around

	Add non-null annotations to qemuMonitorOpen
	Add some non-null annotations to qemuMonitorOpen and also
	check that the error callback is set, since it is mandatory

2012-09-07  Jiri Denemark  <jdenemar@redhat.com>

	examples: Fix event detail printing in python test
	If there is only one detail string for a particular event, we need to pu
	comma after the string otherwise the string itself will be taken as a
	list and only its first character will be printed out. For example,
	    myDomainEventCallback1 EVENT: Domain fedora17(12) Shutdown F
	instead of the desired
	    myDomainEventCallback1 EVENT: Domain fedora17(12) Shutdown Finished

	Add PMSUSPENDED life cycle event
	While PMSUSPENDED state was added a long time ago, we didn't have
	corresponding life cycle event.

	Fix PMSuspend and PMWakeup events
	The unused reason parameter of PM{Suspend,Wakeup} event callbacks was
	completely ignored in lot of places and those events were not actually
	working at all.

2012-09-07  Peter Krempa  <pkrempa@redhat.com>

	virsh: Update only changed scheduler tunables
	When setting the cpu tunables in virsh you are able to update only a
	subset of them. Virsh while doing the update updated all of the
	tunables, changed ones with new values and unchanged with old ones.
	This is unfortunate as it:
	a) might overwrite some other change by a race condition (unprobable)
	b) fails with range checking as some of the old values saved might be
	   out of range
	This patch changes the update procedure so that only the changed value
	is updated on the host.
	This patch also fixes a very unprobable memory leak if the daemon would
	return a string tunable parameter, as the typed parameter array was not
	cleared.

	util: Add helper to assign typed params from string
	This patch adds a helper to deal with assigning values to
	virTypedParameter structures from strings. The helper parses the value
	from the string and assigns it to the corresponding union value.

	qemu: Add range checking for scheduler tunables when changed by API
	The quota and period tunables for cpu scheduler accept only a certain
	range of values. When changing the live configuration invalid values get
	rejected. This check is not performed when changing persistent config.
	This patch adds a separate range check, that improves error messages
	when changing live config and adds the check for persistent config.
	This check is done only when using the API. It is still possible to
	specify invalid values in the XML.

	qemu: clean up qemuSetSchedulerParametersFlags()
	This patch tries to clean the code up a little bit and shorten very long
	lines.
	The apparent semantic change from moving the condition before calling
	the setter function is a non-issue here as the setter function is a
	no-op when called with both arguments zero.

2012-09-07  Osier Yang  <jyang@redhat.com>

	virsh: Improve the document for pool-list
	Which is lost by commit 93a346d353.

2012-09-07  Eric Blake  <eblake@redhat.com>

	nwfilter: drop use of awk
	Commit 2a41bc9 dropped a dependency on gawk, but we can go one step
	further and avoid awk altogether.
	* src/nwfilter/nwfilter_ebiptables_driver.c
	(iptablesLinkIPTablesBaseChain): Simplify command.
	(ebiptablesDriverInit, ebiptablesDriverShutdown): Drop awk probe.

2012-09-07  Gene Czarcinski  <gene@czarc.net>

	remove dnsmasq command line parameter "--filterwin2k"
	This patch removed the "--filterwin2k" dnsmasq command line
	parameter which was unnecessary for domain specification,
	possibly blocked some usage, and was command line clutter.
	Gene Czarcinski <gene@czarc.net>

2012-09-07  Eric Blake  <eblake@redhat.com>

	build: improved handling of <execinfo.h>, BSD <net/if.h>
	FreeBSD and OpenBSD have a <net/if.h> that is not self-contained;
	and mingw lacks the header altogether.  But gnulib has just taken
	care of that for us, so we might as well simplify our code.  In
	the process, I got a syntax-check failure if we don't also take
	the gnulib execinfo module.
	* .gnulib: Update to latest, for execinfo and net_if.
	* bootstrap.conf (gnulib_modules): Add execinfo and net_if modules.
	* configure.ac: Let gnulib check for headers.  Simplify check for
	'struct ifreq', while also including enough prereq headers.
	* src/internal.h (IF_NAMESIZE): Drop, now that gnulib guarantees it.
	* src/nwfilter/nwfilter_learnipaddr.h: Use correct header for
	IF_NAMESIZE.
	* src/util/virnetdev.c (includes): Assume <net/if.h> exists.
	* src/util/virnetdevbridge.c (includes): Likewise.
	* src/util/virnetdevtap.c (includes): Likewise.
	* src/util/logging.c (includes): Assume <execinfo.h> exists.
	(virLogStackTraceToFd): Handle gnulib's fallback implementation.

2012-09-06  Eric Blake  <eblake@redhat.com>

	build: avoid tabs that failed syntax-check
	Introduced in commit f299ddd6.
	* src/check-symfile.pl: Fix whitespace.
	* .dir-locals.el (perl-mode): Prevent future occurrences.

	list: fix typo in virsh patch
	A last minute rename in commit fc122e1a to virsh.h was not properly
	reflected when rebasing virsh-pool.c in commit 93a346d.
	* tools/virsh-pool.c (vshStoragePoolListCollect): Use VSH_MATCH,
	not MATCH.

2012-09-06  Daniel P. Berrange  <berrange@redhat.com>

	Remove duplicate symbols and add test case
	When the event symbols were added to the public API, not all
	of them were removed from the private exports list. Solaris
	gets unhappy when there are duplicated symbols. Extend the
	symfile check to test for this scenario

2012-09-06  Osier Yang  <jyang@redhat.com>

	python: Expose virStorageListAllStoragePools to python binding
	The implementation is done manually as the generator does not support
	wrapping lists of C pointers into Python objects.
	python/libvirt-override-api.xml: Document
	python/libvirt-override-virConnect.py: Add listAllStoragePools
	python/libvirt-override.c: Implementation for the wrapper.

	list: Use virConnectListAllStoragePools in virsh
	tools/virsh-pool.c:
	  * vshStoragePoolSorter to sort the pool list by pool name.
	  * struct vshStoragePoolList to present the pool list, pool info
	    is collected by list->poolinfo if 'details' is specified by
	    user.
	  * vshStoragePoolListFree to free the pool list
	  * vshStoragePoolListCollect to collect the pool list, new API
	    virStorageListAllPools is tried first, if it's not supported,
	    fall back to older APIs.
	  * New options --persistent, --transient, --autostart, --no-autostart
	    and --type for pool-list. --persistent or --transient is to filter
	    the returned pool list by whether the pool is persistent or not.
	    --autostart or --no-autostart is to filter the returned pool list
	    by whether the pool is autostarting or not. --type is to filter
	    the pools by pool types. E.g.
	    % virsh pool-list --all --persistent --type dir,disk
	tools/virsh.pod:
	   * Add documentations for the new options.

	list: Change MATCH for common use in virsh
	Move definition of MATCH from virsh-domain-monitor.c into
	virsh.h, and rename it as VSH_MATCH for further use.
	* tools/virsh-domain-monitor.c: Change MATCH into VSH_MATCH
	* tools/virsh.h: Define VSH_MATCH

	virsh: Fix the wrong doc for pool-list
	The storage pool's management doesn't relate with a domain, it
	probably was an intention, but not achieved yet. And the fact
	is only active pools are listed by default.

	list: Add helper to convert strings separated by ', ' to array
	tools/virsh.c: New helper function vshStringToArray.
	tools/virsh.h: Declare vshStringToArray.
	tools/virsh-domain.c: use the helper in cmdUndefine.

	list: Implement listAllStoragePools for test driver
	src/test/test_driver.c: Implement listAllStoragePools

	list: Implement listAllStoragePools for storage driver
	src/storage/storage_driver.c: Implement listAllStoragePools.

	list: Implement the RPC calls for virConnectListAllStoragePools
	The RPC generator doesn't support returning list of object, this patch does
	the work manually.
	  * daemon/remote.c:
	    Implement the server side handler remoteDispatchConnectListAllStoragePools
	  * src/remote/remote_driver.c:
	    Add remote driver handler remoteConnectListAllStoragePools.
	  * src/remote/remote_protocol.x:
	    New RPC procedure REMOTE_PROC_CONNECT_LIST_ALL_STORAGE_POOLS and
	    structs to represent the args and ret for it.
	  * src/remote_protocol-structs: Likewise.

	list: Add helpers for listing storage pool objects
	src/conf/storage_conf.c: Add virStoragePoolMatch to filter the
	pools; Add virStoragePoolList to iterate over the pool objects
	with filter.
	src/conf/storage_conf.h: Declare virStoragePoolMatch,
	virStoragePoolList, and the macros for filters.
	src/libvirt_private.syms: Export helper virStoragePoolList.

	list: Define new API virStorageListAllStoragePools
	This introduces a new API to list the storage pool objects,
	4 groups of flags are provided to filter the returned pools:
	  * Active or not
	  * Autostarting or not
	  * Persistent or not
	  * And the pool type.
	include/libvirt/libvirt.h.in: New enum virConnectListAllStoragePoolFlags;
	                              Declare the API.
	python/generator.py: Skip the generating
	src/driver.h: (virDrvConnectListAllStoragePools)
	src/libvirt.c: Implementation for the API.
	src/libvirt_public.syms: Export the symbol.

2012-09-06  Peter Krempa  <pkrempa@redhat.com>

	esx: Add implementation for virConnectListAllDomains()
	ESX doesn't use the common virDomainObj implementation so this patch
	adds a separate implementation.
	This driver supports all currently defined filtering flags, but as with
	other drivers some combinations yield a empty result list.

	hyperv: Add implementation for virConnectListAllDomains()
	Hyperv doesn't use the common virDomainObj implementation so this patch
	adds a separate implementation.
	This driver supports all currently added flags for filtering although
	some of those don't make sense with this driver (no support yet) and
	thus produce no output when used.

2012-09-06  Jasper Lievisse Adriaanse  <jasper@humppa.nl>

	Define DYNLIB_NAME on OpenBSD.

2012-09-06  Eric Blake  <eblake@redhat.com>

	build: avoid test failure when sasl was not compiled in
	On systems without cyrus-sasl-devel available (I happened to be
	in that situation on my FreeBSD testing), this test fails rather
	miserably:
	TEST: libvirtdconftest
	      .....!!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!  39  FAIL
	FAIL: libvirtdconftest
	with verbose output showing things like:
	39) Test corruption                                          ... libvir: Config File error : unsupporeted configuration: remoteReadConfigFile: /usr/home/dummy/libvirt/tests/../daemon/libvirtd.conf: auth_tcp: unsupported auth sasl
	* tests/libvirtdconftest.c (testCorrupt): Avoid failure when sasl
	is missing.

	build: avoid check-symfile on non-Linux
	I tested both OpenBSD and cygwin; both failed 'make check' with:
	  GEN    check-symfile
	Can't return outside a subroutine at ./check-symfile.pl line 13.
	Perl requires 'exit 77' instead of 'return 77' in that context,
	but even with that tweak, the build still fails, since the exit
	code of 77 is only special to explicit TESTS=foo listings, and
	not to make-only dependency rules where we are not going through
	automake's test framework.
	* src/check-symfile.pl: Kill bogus platform check...
	* src/Makefile.am (check-symfile): ...and replace with an automake
	conditional.

2012-09-06  Laine Stump  <laine@laine.org>

	network: prevent infinite hang if ovs-vswitchd isn't running
	This fixes https://bugzilla.redhat.com/show_bug.cgi?id=852984
	If a network or interface is configured to use Open vSwitch, but
	ovs-vswitchd (the Open vSwitch database service) isn't running, the
	ovs-vsctl add-port/del-port commands will hang indefinitely rather
	than returning an error. There is a --nowait option, but that appears
	to have no effect on add-port and del-port commands, so instead we add
	a --timeout=5 to the commands - they will retry for up to 5 seconds,
	then fail if there is no response.

	build: require netcf-0.2.2 when installing on Fedora18+
	A previous patch forced libnl-3 and netcf-0.2.2 (which itself requires
	libnl-3) when *building* for Fedora 18+ (and RHEL 7+), but the
	install-time Requires: for netcf has always been implicit due to
	libvirtd linking with libnetcf.so. However, the since the API of netcf
	didn't change when it was rebuilt to use libnl-3, the internal library
	version didn't change either, making it possible (from rpm's point of
	view) to upgrade libvirt without upgrading netcf (in reality, that
	leads to a segfault - see
	https://bugzilla.redhat.com/show_bug.cgi?id=853381).
	The solution is to put an explicit Requires: line in libvirt's
	specfile for fedora >= 18 and rhel >= 7.

2012-09-06  Eric Blake  <eblake@redhat.com>

	build: don't fail when xsltproc is missing
	On a machine without xsltproc, the build failed with:
	Scripting search.php
	/usr/local/bin/bash: line 1: search.php.tmp: No such file or directory
	rm: ./search.php: No such file or directory
	Regression introduced in commit 28183590.
	* docs/Makefile.am (%.php): Skip in the same conditions when the
	.tmp file is skipped.

	build: avoid warnings from gcc 4.2.1
	OpenBSD ships with gcc 4.2.1, which annoyingly treats all format
	strings as though they were also attribute((nonnull)).  The two
	concepts are orthogonal, though, as evidenced by the number of
	spurious warnings it generates on uses where we know that
	virReportError specifically handles NULL instead of a format
	string; worse, since we now force -Werror on git builds, it
	prevents development builds on OpenBSD.
	I hate to do this, as it disables ALL format checking on older
	gcc, and therefore misses out on some useful checks (code that
	happened to compile on Linux may still have type mismatches
	when compiled on other platforms, as evidenced by the number
	of times I have fixed formatting mismatches for uid_t as found
	by warnings on Cygwin), but I don't see any other way to keep
	-Werror alive and still compile on OpenBSD.
	A more invasive change would be to make virReportError() mark
	its format attribute as nonnull, and fix (a lot of) fallout;
	we may end up doing that anyways as part of danpb's error
	refactoring improvements, but not today.
	* src/internal.h (ATTRIBUTE_FMT_PRINTF): Use preferred spellings.
	* m4/virt-compile-warnings.m4 (-Wformat): Disable on older gcc.

2012-09-06  Martin Kletzander  <mkletzan@redhat.com>

	qemu: don't pin all the cpus
	This is another fix for the emulator-pin series. When going through
	the cputune pinning settings, the current code is trying to pin all
	the CPUs, even when not all of them are specified. This causes error
	in the subsequent function which, of course, cannot find the cpu to
	pin. Since it's enough to pass the correct VCPU ID to the function,
	the fix is trivial.

2012-09-06  Eric Blake  <eblake@redhat.com>

	maint: avoid doubled name in syntax check failures
	Based on the similar gnulib commit 96ad9077.  The use of
	$(_sc_search_regexp) already injects $(ME) into any output
	messages, so a failure of these rules would look like this,
	pre-patch:
	maint.mk: maint.mk: use virStrToLong_*, not strtol variants
	* cfg.mk (sc_prohibit_strncmp, sc_prohibit_strtol)
	(sc_libvirt_unmarked_diagnostics): Drop redundant $(ME).

	build: use re-entrant functions in virsh
	Yesterday's commit 15d2c9f pointed out that virsh was still using
	localtime(), which is not thread-safe, even though virsh is
	definitely multi-threaded.  Even if we only ever triggered it from
	one thread, it's better safe than sorry for maintenance purposes.
	* cfg.mk (exclude_file_name_regexp--sc_prohibit_nonreentrant):
	Tighten the rule.
	* tools/virsh.c (vshOutputLogFile): Avoid localtime.
	(vshEditWriteToTempFile, vshEditReadBackFile, cmdCd, cmdPwd)
	(vshCloseLogFile): Avoid strerror.
	* tools/console.c (vshMakeStdinRaw): Likewise.
	* tools/virsh-domain.c (vshGenFileName): Fix spacing in previous
	patch.

2012-09-05  Daniel P. Berrange  <berrange@redhat.com>

	Remove explicit dependency on ceph RPM
	The libvirt storage driver uses librbd.so for its functionality.
	RPM will automatically add a dependency on the library, so there
	is no need to have an explicit dependency on the ceph RPM itself.
	This allows newer Fedora distros to avoid pulling in the huge
	ceph RPM, in favour of just having the libraries installed

2012-09-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Do not require auth scheme in graphics events
	Only VNC_{{DIS,}CONNECTED,INITIALIZED} and SPICE_INITIALIZED events are
	documented to support server/auth field and even there it is marked as
	optional. Emit "" auth scheme in case QEMU didn't send it.

2012-09-05  Martin Kletzander  <mkletzan@redhat.com>

	conf: describe security_driver behavior
	As a request was raised for this, I added few lines in the "Notes"
	part of the "security_driver" comments about allowed values.

	docs: correct dompmwakeup description

2012-09-05  Paul Eggert  <eggert@cs.ucla.edu>

	Pass a correct pointer type to localtime_r(3).
	On 09/04/2012 08:20 AM, Eric Blake wrote:
	> tv_sec is required by POSIX to be
	> of type time_t; so this is a bug in the OpenBSD header
	> [for declaring it as long]
	Most likely this problem arose because of the patch I pushed
	in gnulib commit e07d7c40f3ca5ec410cf5aa6fa03cfe51e712039.
	Previously, gnulib required timeval's tv_sec to be
	the same size as time_t.  But now, it requires only that
	tv_sec be big enough to hold a time_t.
	This patch was needed for Emacs.  Without the patch, gnulib
	replaced struct timeval on OpenBSD, and this messed up
	utimens.c, and Emacs wouldn't build.
	Alternatively, gnulib could substitute its own struct timeval
	for the system's, wrapping every struct timeval-using function
	(gettimeofday, futimesat, futimes, lutimes, etc.  That'd be
	more work, though.  And it would introduce some performance
	issues with gettimeofday, which is supposed to be fast.
	I've been trying to get away from using struct timeval,
	and to use the higher-resolution struct timespec instead,
	so messing with these obsolescent interfaces has been
	lower priority for me.  But if someone wants to take the
	more-ambitious approach that'd be fine, I expect.
	For this particular case, though, how about if we avoid
	the problem entirely?  libvirt doesn't need to use struct
	timeval here at all.  It makes libvirt smaller and probably
	faster, and it ports to OpenBSD without messing with gnulib.

2012-09-05  Eric Blake  <eblake@redhat.com>

	build: use correct libraries for clock_gettime
	On OpenBSD, clock_gettime() exists in libc rather than librt, and
	blindly linking with -lrt made the build fail.  Gnulib already
	did the work for determining which libraries to use, so we should
	reuse that work rather than doing it ourselves.
	* bootstrap.conf (gnulib_modules): Pull in clock-time.
	* configure.ac (RT_LIBS): Drop.
	* src/Makefile.am (libvirt_util_la_LIBADD): Use gnulib variable
	instead.
	* src/util/virtime.c (includes): Simplify.

2012-09-05  Jasper Lievisse Adriaanse  <jasper@humppa.nl>

	Include an extra header needed for OpenBSD.

2012-09-04  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	Rename iolimit to blockio.
	After discussion with DB we decided to rename the new iolimit
	element as it creates the impression it would be there to
	limit (i.e. throttle) I/O instead of specifying immutable
	characteristics of a block device.
	This is also backed by the fact that the term I/O Limits has
	vanished from newer storage admin documentation.

2012-09-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix reboot with guest agent
	When reboot using qemu guest agent was requested, qemu driver kept
	waiting for SHUTDOWN event from qemu. However, such event is never
	emitted during guest reboot and qemu driver would keep waiting forever.

2012-09-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix mingw64 build by using intptr_t for int->void* casts
	The viratomictest.c was casting from an int to a void* via a
	long. This works on Linux or Mingw32, but fails on Mingw64
	due to a pointer/integer size mis-match. Replacing 'long'
	with 'intptr_t' ensures matching type sizes

2012-09-03  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't update graphic definitions on password change failure
	When the password change failed we updated the graphic definition
	anyways, which is not desired.

2012-09-03  Martin Kletzander  <mkletzan@redhat.com>

	tests: Add tests for qemu S3/S4 state configuration
	Few tests were added which are checking whether the parsing of the xml
	and command-line arguments is working and compatible with each other.

	qemu: Add support for S3/S4 state configuration
	This patch adds support for running qemu guests with the required
	parameters to forcefully enable or disable BIOS advertising of S3 and
	S4 states.  The support for this is added to capabilities and there is
	also a qemu command parameter parsing implemented.

	Add per-guest S3/S4 state configuration
	There is a new <pm/> element implemented that can control what ACPI
	sleeping states will be advertised by BIOS and allowed to be switched
	to by libvirt. The default keeps defaults on hypervisor, otherwise
	forces chosen setting.
	The documentation of the pm element is added as well.

2012-09-01  Eric Blake  <eblake@redhat.com>

	python: don't mask libvirt errors
	A user reported this crash when using python bindings:
	  File "/home/nox/workspace/NOX/src/NOX/hooks.py", line 134, in trigger
	    hook.trigger(event)
	  File "/home/nox/workspace/NOX/src/NOX/hooks.py", line 33, in trigger
	    self.handlers[event]()
	  File "/home/nox/workspace/NOX/hooks/volatility.py", line 81, in memory_dump
	    for block in Memory(self.ctx):
	  File "/home/see/workspace/NOX/src/NOX/lib/libtools.py", line 179, in next
	    libvirt.VIR_MEMORY_PHYSICAL)
	  File "/usr/lib/python2.7/dist-packages/libvirt.py", line 1759, in memoryPeek
	    ret = libvirtmod.virDomainMemoryPeek(self._o, start, size, flags)
	SystemError: error return without exception set
	In the python bindings, returning NULL makes python think an
	exception was thrown, while returning the None object lets the
	wrappers know that a libvirt error exists.
	Reported by Nox DaFox, fix suggested by Dan Berrange.
	* python/libvirt-override.c (libvirt_virDomainBlockPeek)
	(libvirt_virDomainMemoryPeek): Return python's None object, so
	wrapper knows to check libvirt error.

2012-09-01  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Support for Block Device IO Limits.
	Implementation of iolimits for the qemu driver with
	capability probing for block size attribute and
	command line generation for block sizes.
	Including testcase for qemuxml2argvtest.

	conf: Support for Block Device IO Limits
	Introducing a new iolimits element allowing to override certain
	properties of a guest block device like the physical and logical
	block size.
	This can be useful for platforms with 'non-standard' disk formats
	like S390 DASD with its 4K block size.

2012-08-31  Eric Blake  <eblake@redhat.com>

	command: shell-quote when logging commands
	Without this patch, logged command executions can be ambiguous if
	the command contained any shell metacharacters.  This has caused
	more than one person to attempt to patch clients to add unnecessary
	quoting, without realizing that the command itself was run with
	correct args, and only the logged output was ambiguous.
	* src/util/command.c (virCommandToString): Add shell escapes.
	* tests/commandtest.c (test16): Test new behavior.
	* tests/commanddata/test16.log: Update expected output.
	* tests/qemuxml2argvdata/qemuxml2argv-*.args: Likewise.
	* tests/networkxml2argvdata/*.argv: Likewise.

2012-08-31  Peter Krempa  <pkrempa@redhat.com>

	virsh: remove unneeded usage of vshConnectionUsability()
	Now that vshCommandRun() checks for the connection automaticaly, remove
	all of the redundant checks in the code.
	vshConnectionUsability() no longer needs to be exported and this patch
	marks it static.

	virsh: Improve checking for connection when running commands
	Almost each virsh command uses the function vshConnectionUsability
	before doing anything, to check if the connection is "alive".  Commands
	that don't need an conection are already conveniently marked with
	VSH_CMD_FLAG_NOCONNECT. We can automaticaly check for the connection
	before calling any remote command so we don't forget to do so.
	This patch also upgrades the connection check to use virConnectIsAlive
	along with the current approach.

2012-08-31  Martin Kletzander  <mkletzan@redhat.com>

	qemu: fix remote port searching
	After fixing the last review comments on remote port searching (commit
	a14b4aea512d6c3a42af56207a65ef10ac4a12a1), the commit right after that
	wasn't modified accordingly, therefore two values weren't changed as
	they should and the configurable ports don't work as expected.
	This simple commit changes last two values missed and fixes the issue.

2012-08-31  Osier Yang  <jyang@redhat.com>

	schemas: Fix wwn pattern
	It should be [] instead of ().

	util: Update the inconsistent and outdated comments
	The codes were updated to allow to reset the device as long as
	there is no devices/functions behind the same bus. However, the
	comments were kept without touched.

2012-08-31  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.10.1
	* configure.ac docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: pulled localization updates for sp,ja,mr,pa,uk,zh_CN,zh_TW
	  and regenerated

2012-08-31  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	conf: Avoid formatting auto-generated DAC labels
	To avoid backward compatibility issues, this patch suppresses
	auto-generated DAC labels from XML. This change affects commands such as
	dumpxml and save.

	conf: Fix parsing of seclabels without model
	With this patch libvirt tries to assign a model to a single seclabel
	when model is missing. Libvirt will look up at host's capabilities and
	assign the first model to seclabel.
	This patch fixes:
	1. The problem with existing guests that have a seclabel defined in its XML.
	2. A XML parse error when a guest is restored.

2012-08-31  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	virsh: fixed incorrect timing report
	When executing virsh -t <command> the reported timing was off
	by 3 orders of magnitude if the command took more than one
	second.

2012-08-31  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Document subdriver option of attach-disk

	qemu: Don't ignore CPU tuning config if required cgroups are missing
	When domain XML contains any of the elements for setting up CPU
	scheduling parameters (period, quota, emulator_period, or
	emulator_quota) we need cpu cgroup to enforce the configuration.
	However, the existing code would just ignore silently such settings if
	either cgroups were not available at all cpu cgroup was not available.
	Moreover, APIs for manipulating CPU scheduler parameters were already
	failing if cpu cgroup was not available. This patch makes cpu cgroup
	mandatory for all domains that use CPU scheduling elements in their XML.

2012-08-31  Guannan Ren  <gren@redhat.com>

	doc: update option force to subcommand change-media
	BZ: https://bugzilla.redhat.com/show_bug.cgi?id=837761

	cgroup: fix libvirtd crash caused by messed memory
	The variable max_id is initialized again in the step of
	getting cpu mapping variable map2. But in the next for loop
	we still expect original value of max_id, the bug will
	crash libvirtd when using on NUMA machine with big number
	of cpus.

	cgroup: fix a typo on extracting data from vcpu cgroup

	cgroup: read more data from cgroup cpuacct.usage_percpu
	On NUMA machine, the length of string got from file
	cpuacct.usage_percpu is quite large, so expand the
	limit of 1024 bytes.
	errors like:
	Failed to read file \
	'/cgroup/cpuacct/libvirt/qemu/rhel6q/cpuacct.usage_percpu': \
	Value too large for defined data type

2012-08-31  Jiri Denemark  <jdenemar@redhat.com>

	docs: Fix typo in CPU tuning

2012-08-31  Peter Krempa  <pkrempa@redhat.com>

	doc: Fix emulator pinning example in formatdomain.html
	Add correct closing tags.

2012-08-31  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: adapt IP learning for broadcasted DHCP replies
	Adapt the IP learning code to also accept broadcasted DHCP replies

	nwfilter: accept broadcasted DHCP replies in DHCP snooping code
	Some DHCP servers send their DHCP replies to the broadcast MAC address
	rather than to the MAC address of the VM. The existing DHCP snooping
	code assumes that the reply always goes to the MAC address of the VM
	thus filtering the traffic of some DHCP servers' replies.
	The below patch adapts the code to
	1) filter DHCP replies by comparing the MAC address in the reply against
	   the MAC address of the VM (held in the snoop request)
	2) adapts the pcap filter for traffic towards the VM to accept DHCP replies
	   sent to any MAC address; for further filtering we rely on 1)
	3) creates initial rules that are active while waiting for DHCP replies;
	   these rules now accept DHCP replies to the VM's MAC address or to the
	   MAC broadcast address

	Implement virMacAddrIsBroadcastRaw
	Add function for testing for Ethernet broadcast address

2012-08-31  Kyle Mestery  <kmestery@cisco.com>

	Fix adding ports to OVS bridges without VLAN tags
	The introduction of the new VLAN code, along with the fix
	from 5e465df6be8bcb00f0b4bff831e91f4042fae272, caused the
	addition of OVS ports to fail with the following message:
	ovs-vsctl: 00002|vsctl|ERR|: missing column name
	This fix takes into account the VLAN arguments are optional,
	and correctly sets up the command line to run the "ovs-vsctl"
	command to add ports to the OVS bridge.
	CC: Eric Blake <eblake@redhat.com>

2012-08-31  Jim Fehlig  <jfehlig@suse.com>

	Fix xen driver following changes to make it stateful
	Recent work to improve support for loadable driver modules introduced
	a regression in the xen driver.  The legacy xen driver is now a
	stateful, libvirtd driver but was not being registered when building
	without driver modules.
	A slight behavior change was also noted in the xen drivers when
	built as driver modules.  Previously, explicitly specifying a
	connection URI was not necessary, but now
	Compiled against library: libvirt 0.10.0
	Using library: libvirt 0.10.0
	Using API: QEMU 0.10.0
	error: failed to get the hypervisor version
	error: internal error Cannot find suitable emulator for x86_64
	The xen drivers need to be registered before the qemu driver since
	the qemu driver will return success with a null connection URI.
	This ordering is safe since the xen drivers will decline when not
	running the xen kernel.

2012-08-31  Nishank Trivedi  <nistrive@cisco.com>

	Fix issue of PF brought down if VF is 8021.Qbh and pci passthrough
	If a 8021.Qbh network device supports SRIOV and its VF is being used
	in pci passthrough mode, when the guest is shutdown or destroyed, the
	PF inteface is also brought down. qemuDomainHostdevNetConfigRestore()
	finds out the PF for provided hostdev (which is VF) and passes it to
	virNetDevPortProfileDisassociate() as linkdev. Later, linkdev gets passed
	to virNetDevSetOnline() where the interface is brought down by clearing
	IFF_UP flag.
	Bringing down a PF, when only VF is being brought down is not expected
	behavior. This patch adds a check so that virNetDevSetOnline() is called
	only for PF and not if device is a VF.

2012-08-31  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: loop generated too many rules
	The loop processing the trusted DHCP server generated one too
	many rules and added one final rules that accepted responses
	from all DHCP servers. Below patch fixes this.

2012-08-30  Peter Krempa  <pkrempa@redhat.com>

	security: Re-apply commit ce53382ba28179d3a504b29b4f888b6e130d53f0
	Recent changes in the security driver discarded changes that fixed
	labeling un-confined guests.

	vcpupin: Fix returning of arrays from virDomainVcpuPinAdd
	virDomainVcpuPinAdd does a realloc on vcpupin_list if the new vcpu pin
	definition doesn't fit into the array. The list is an array of pointers
	but the function definition didn't support returning the changed pointer
	to the caller if it was realloced. This caused segfaults if realloc
	would change the base pointer.

	qemu: Fix possible infinite loop and segfault on error path.
	virDomainVcpuPinDefCopy when the control flow reaches out of memory
	cleanup code, the flow would end in a infinite loop as the loop variable
	wasn't decremented.
	Also a dereference of NULL pointers was possible if allocation of the
	Vcpu pinning definiton structure failed.

	qemu: Clean up security driver initialisation and config file
	Commit d0c0e79ac646462aaa815f81ad324a0d3ef12954 left behind some dead
	code (hasDAC can't be efectively set to true, because
	virSecurityManagerNew fails to load the "dac" driver).
	This patch also enhances the condition for adding the default
	auto-detected security manager if the manager array is allocated but
	empty.
	Also the configuration file for qemu driver still contains reference to
	the DAC driver that can't be enabled manualy.

2012-08-30  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Revert to blocking behavior of qemuAgentCommand
	Before commit 05447e3af44ec153314ff97cd611330d9b4b5730, qemuAgentCommand
	blocked until it got a reply or appropriate event. When new parameter
	was added to qemuAgentCommand in the above commit, all existing callers
	of it were updated in a wrong way changing them from blocking to
	5-seconds timeout.

	qemu: Remove redundant parameter from qemuAgentSend
	The @timeout parameter of qemuAgentSend is both redundant and confusing.
	This patch should not result in any functional changes.

2012-08-30  Laine Stump  <laine@laine.org>

	network: get vlan info for Open vSwitch interfaces from proper source
	This bug was revealed by the crash described in
	  https://bugzilla.redhat.com/show_bug.cgi?id=852383
	The vlan info pointer sent to virNetDevOpenvswitchAddPort should never
	be non-NULL unless there is at least one tag. The factthat such a vlan
	info pointer was receveid pointed out that a caller was passing the
	wrong pointer. Instead of sending &net->vlan, the result of
	virDomainNetGetActualVlan(net) should be sent - that function will
	look for vlan info in net->data.network.actual->vlan, and in cany case
	return NULL instead of a pointer if the vlan info it finds has no
	tags.
	Aside from causing the crash, sending a hardcoded &net->vlan has the
	effect of ignoring vlan info from a <network> or <portgroup> config.

2012-08-30  Daniel Veillard  <veillard@redhat.com>

	Small cleanup on previous patch
	As pointed by Eric Blake

2012-08-30  Kyle Mestery  <kmestery@cisco.com>

	Fix a crash when using Open vSwitch virtual ports
	Fixup buffer usage when handling VLANs. Also fix the logic
	used to determine if the virNetDevVlanPtr is valid or not.
	Fixes crashes in the latest code when using Open vSwitch
	virtualports.

2012-08-30  Osier Yang  <jyang@redhat.com>

	qemu: Sort the numa params only when it affects the live config
	As the next boot doesn't have to worry about the previous numa
	params setting (there is no).

2012-08-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix configuration of QEMU security drivers
	If no 'security_driver' config option was set, then the code
	just loaded the 'dac' security driver. This is a regression
	on previous behaviour, where we would probe for a possible
	security driver. ie default to SELinux if available.
	This changes things so that it 'security_driver' is not set,
	we once again do probing. For simplicity we also always
	create the stack driver, even if there is only one driver
	active.
	The desired semantics are:
	 - security_driver not set
	     -> probe for selinux/apparmour/nop
	     -> auto-add DAC driver
	 - security_driver set to a string
	     -> add that one driver
	     -> auto-add DAC driver
	 - security_driver set to a list
	     -> add all drivers in list
	     -> auto-add DAC driver
	It is not allowed, or possible to specify 'dac' in the
	security_driver config param, since that is always
	enabled.

2012-08-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor initialisation of security drivers.
	The security driver loading code in qemu has a flaw that causes it to
	register the DAC security driver twice. This causes problems (machines
	unable to start) as the two DAC drivers clash together.
	This patch refactors the code to allow loading the DAC driver even if
	its specified in configuration (it can't be registered as a common
	security driver), and does not add the driver twice.

	Revert "security: Add DAC to security_drivers"
	This reverts commit 9f9b7b85c9b422e8f4e813f3920bf8f433246a4a.
	The DAC security driver needs special handling and extra parameters and
	can't just be added to regular security drivers.

2012-08-29  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix starting domains with no cpu cgroup
	If cgroups are enabled in general but cpu cgroup is disabled in
	qemu.conf or not mounted at all, libvirt would refuse to start any
	domain even though scheduler parameters are not set in domain XML.
	This patch makes cpu cgroup mandatory only for domains that actually
	want to use it.

2012-08-29  Alex Jia  <ajia@redhat.com>

	security: remove dead code from virSecurityDACGenLabel
	* src/security/security_dac.c: remove useless dead code.

2012-08-29  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.10.0
	* configure.ac docs/news.html.in libvirt.spec.in: updates for the release
	* po/*.po*: update localizations for zh_CN, uk, ja, pt_BR, as, sp, mr, zh_TW

2012-08-29  Peter Krempa  <pkrempa@redhat.com>

	nwfilter: Don't try to acquire DBus context when DBus is disabled
	To silence error if DBus support is not compiled in.

2012-08-29  Guido Günther  <agx@sigxcpu.org>

	Don't require gawk for a simple print expression
	Fedora uses gawk as awk so there's no change and in behavior while
	Debian/Ubuntu use mawk by default.
	This was reported by Luca Capello in
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636712

2012-08-29  Alex Jia  <ajia@redhat.com>

	util: Prevent libvirtd crash from virNetDevOpenvswitchAddPort()
	* src/util/virnetdevopenvswitch.c (virNetDevOpenvswitchAddPort): avoid libvirtd
	crash due to derefing a NULL virtVlan->tag.
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=852383

2012-08-29  Osier Yang  <jyang@redhat.com>

	qemu: Set placement when setting numa parameters
	To keep the internal data structure consistent.

2012-08-29  Daniel Veillard  <veillard@redhat.com>

	Portability fixes for non-linux or old linux platforms
	The commits d57567940153147f4d43875fb92c3030b3178b03 and
	080bf330e3749d94ebe094f8deca0e3e67d3f2fe made use directly of
	macro defined in recent linux netlink version. Make those
	part conditional on the definition
	* daemon/libvirtd.c: do not use NETLINK_ROUTE and NETLINK_KOBJECT_UEVENT
	  without some check first

2012-08-29  Peter Krempa  <pkrempa@redhat.com>

	security_dac: Don't return uninitialised uid and gid for image labels
	As in the previous commit, images are also chowned to uninitialised
	uid and gid if the label is not present.

	security_dac: Don't return uninitialised value when parsing seclabels
	When starting a machine the DAC security driver tries to set the UID and
	GID of the newly spawned process. This worked as desired if the desired
	label was set. When the label was missing a logical bug in
	virSecurityDACGenLabel() caused that uninitialised values were used as
	uid and gid for the new process.
	With this patch, default values (from qemu driver configuration)
	are used if the label is not found.

	security_dac: Avoid segfault when no label is requested
	When no DAC "label" was requested for a domain the DAC manager tried to
	strdup a NULL string causing a segfault.

	util: Fix error message when getpwuid_r fails to find the user
	getpwuid_r returns success but sets the return structure to NULL when it
	fails to deliver data about the requested uid. In our helper code this
	created following strange error messages:
	" ... cannot getpwuid_r(1234): Success"
	This patch creates a more helpful message:
	" ... getpwuid_r failed to retrieve data for uid '1234'"

2012-08-28  Osier Yang  <jyang@redhat.com>

	conf: Fix the problem which cause libvirtd to crash
	* src/conf/domain_conf.c: Use STREQ_NULLABLE instead of STREQ,
	as def->seclables[i]->model could be NULL.

2012-08-28  Michal Privoznik  <mprivozn@redhat.com>

	build: define 'inline' iff HAVE_LIBNL1
	Previous commit 0b4b53bb80 defined 'inline' to prevent broken build on
	systems with libnl1 headers. However, it broke build on systems with
	libnl3 headers. Therefore we must make that fix conditional.

2012-08-28  Martin Kletzander  <mkletzan@redhat.com>

	docs: CPU allocation and pinning clarification
	There was a request for clarifying this part of the
	documentation. This also fixes a case used with CPU.

2012-08-28  Eric Blake  <eblake@redhat.com>

	build: work with older libnl1 headers
	Ubuntu 10.04 shipped with out-of-the-box libnl1 headers, which
	assumed the old gcc semantics of 'extern inline' as a C89 extension:
	the function will _always_ be inline if it is used, and that
	it may be declared extern inline in headers without a definition,
	as long as the definition occurs before any use.  But when C99
	added 'extern inline' as a mandatory feature of the language, with
	slightly different semantics than gcc (the function MUST have
	external linkage, and the inline definition MUST be present
	alongside any declaration, where the compiler can then choose
	which of the two versions to use), this rendered the use of
	'inline' in libnl's header obsolete.  Most distros already solved
	this by removing 'inline' (the resulting 'extern' is correct,
	regardless of gcc semantics), and libnl-3 does not have the
	problem (where it has switched to 'static inline' instead, again
	with the definition present, and again, our hack will result in
	plain 'static' with no ill effects).  But for the case of building
	out of the box, we hack around the broken Ubuntu header.
	* src/util/virnetlink.h: Work around libnl issue.

2012-08-28  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Fix define logic
	With current flow in qemudDomainDefine we might lose data
	when updating an existing domain. We parse given XML and
	overwrite the configuration.  Then we try to save the new
	config. However, this step may fail and we don't perform any
	roll back.  In fact, we remove the domain from the list of
	domains held up by qemu driver. This is okay as long as the
	domain was brand new one.

	qemu_agent: Switch to virReportSystemError() on system error
	Currently, if a syscall in qemu_agent.c fails we report an internal
	error even though we should be reporting a system error.

	Introduce new VIR_ERR_AGENT_UNRESPONSIVE error code
	Currently, when guest agent is configured but not responsive
	(e.g. due to appropriate service not running in the guest)
	we return VIR_ERR_INTERNAL_ERROR. Both are wrong. Therefore
	we need to introduce new error code to reflect this case.

2012-08-27  Ján Tomko  <jtomko@redhat.com>

	conf: prevent NULL pointer access in virSecurityLabelDefsParseXML
	When checking for seclabels without security models, def->nseclabels is
	already set to n. In the case of an error def->seclabels is freed but
	nseclabels is left untouched. This leads to a segmentation fault when
	def is freed in virDomainDefParseXML.

2012-08-27  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Switch to unified func name
	With the latest patches libvirt supports qemu agent monitor
	passthrough. However, function in qemu driver is called
	qemuDrvDomainAgentCommand. s/Drv// as used in all other names.

2012-08-27  Guannan Ren  <gren@redhat.com>

	rpc: fix segmentation fault caused by null client-sock
	The client-sock could have been set to NULL by eventloop thread
	after async event fired.

2012-08-27  Martin Kletzander  <mkletzan@redhat.com>

	qemu: fix regression with spice tls port allocation
	In my quest for reusing variables I failed to edit one variable when
	fixing details between two patch versions. That results in a failure
	to start qemu with autoport and spice tls, because qemu is trying to
	bind two sockets to the same port.

	qemu: fix regression with pinning
	Commit 4b03d59167f4a4c6ec57def315a61d977466e75b changed the pinning
	behavior in a way that makes some machines non-startable.
	The comment mentioning that we cannot control each vcpu when there is
	not VCPU<-> PID mapping available is true, however, this isn't
	necessarily an error, because this can be caused by old QEMU without
	support for "query-cpus" command as well as a software emulated
	machines that don't create more than one process.

2012-08-27  Alex Jia  <ajia@redhat.com>

	virsh: fix missing return value
	Although virsh command raises a correct error information, the command status
	returns 0(true), this patch is used for fixing this issue.

2012-08-27  Laine Stump  <laine@laine.org>

	specfile: require libnl3 for Fedora >= 18 and RHEL >= 7
	Everything is ready in both netcf and libvirt to switch over to libnl3
	in future releases of both Fedora and RHEL. This needs to be done more
	or less simultaneously in both packages, though, because you can't mix
	libnl1.1 and libnl3 in the same process (e.g. libvirtd using
	libnl-3.so and libnetcf.so, while libnetcf.so uses libnl.so)
	This patch does two things when fedora >= 18 || rhel >= 7):
	  1) requires libnl3-devel
	  2) requires netcf-devel-0.2.2 or greater
	(the idea is that a similar patch is going into netcf's specfile, so
	that when a build of netcf is done on F18 or later (or RHEL7 or later)
	netcf will be guaranteed to be built with libnl3 rather than
	libnl-1.1)

2012-08-26  Laine Stump  <laine@laine.org>

	build: add LIBNL_CFLAGS to build of libvirt_lxc
	When libvirt_lxc is built, it uses the utility library and #includes
	virnetdev.h, which #includes virnetlink.h, which includes
	<netlink/msg.h>.
	Normally, the netlink include directory would be just off
	/usr/include, so that wouldn't create a problem, but on Fedora and
	RHEL systems using libnl3, the libnl includes have been moved into
	/usr/include/libnl3 (to allow concurrent installation of libnl-1.1).
	All other binaries that need it have added $(LIBNL_CFLAGS) to their
	CFLAGS, but not libvirt_lxc, so it fails to build on Fedora and RHEL
	that have only libnl3-devel installed. This was previously unnoticed
	because everyone was building with libnl headers in
	/usr/include/netlink (even on systems with the headers in
	/usr/include/libnl3/netlink, many people (like me) usually also have
	the libnl1.1 headers in /usr/include/netlink).
	This patch adds the necessary CFLAGS for libvirt_lxc.
	Note that we don't need to add $(LIBNL_LIBS) to the LDADD for this
	binary, because it never directly calls libnl functions, but only
	calls them indirectly through the util library, which it's already
	linking against.

2012-08-24  Eric Blake  <eblake@redhat.com>

	snapshot: rename an enum
	The name 'virDomainDiskSnapshot' didn't fit in with our normal
	conventions of using a prefix hinting that it is related to a
	virDomainSnapshotPtr.  Also, a future patch will reuse the
	enum for declaring where the VM memory is stored.
	* src/conf/snapshot_conf.h (virDomainDiskSnapshot): Rename...
	(virDomainSnapshotLocation): ...to this.
	(_virDomainSnapshotDiskDef): Update clients.
	* src/conf/domain_conf.h (_virDomainDiskDef): Likewise.
	* src/libvirt_private.syms (domain_conf.h): Likewise.
	* src/conf/domain_conf.c (virDomainDiskDefParseXML)
	(virDomainDiskDefFormat): Likewise.
	* src/conf/snapshot_conf.c: (virDomainSnapshotDiskDefParseXML)
	(virDomainSnapshotAlignDisks, virDomainSnapshotDefFormat):
	Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare)
	(qemuDomainSnapshotCreateSingleDiskActive)
	(qemuDomainSnapshotCreateDiskActive, qemuDomainSnapshotCreateXML):
	Likewise.

	snapshot: split snapshot conf code into own file
	This has several benefits:
	1. Future snapshot-related code has a definite place to go (and I
	_will_ be adding some)
	2. Snapshot errors now use the VIR_FROM_DOMAIN_SNAPSHOT error
	classification, which has been underutilized (previously only in
	libvirt.c)
	* src/conf/domain_conf.h, domain_conf.c: Split...
	* src/conf/snapshot_conf.h, snapshot_conf.c: ...into new files.
	* src/Makefile.am (DOMAIN_CONF_SOURCES): Build new files.
	* po/POTFILES.in: Mark new file for translation.
	* src/vbox/vbox_tmpl.c: Update caller.
	* src/esx/esx_driver.c: Likewise.
	* src/qemu/qemu_command.c: Likewise.
	* src/qemu/qemu_domain.h: Likewise.

	snapshot: make virDomainSnapshotObjList opaque
	We were failing to react to allocation failure when initializing
	a snapshot object list.  Changing things to store a pointer
	instead of a complete object adds one more possible point of
	allocation failure, but at the same time, will make it easier to
	react to failure now, as well as making it easier for a future
	patch to split all virDomainSnapshotPtr handling into a separate
	file, as I continue to add even more snapshot code.
	Luckily, there was only one client outside of domain_conf.c that
	was actually peeking inside the object, and a new wrapper function
	was easy.
	* src/conf/domain_conf.h (_virDomainObj): Use a pointer.
	(virDomainSnapshotObjListInit): Rename.
	(virDomainSnapshotObjListFree, virDomainSnapshotForEach): New
	declarations.
	(_virDomainSnapshotObjList): Move definitions...
	* src/conf/domain_conf.c: ...here.
	(virDomainSnapshotObjListInit, virDomainSnapshotObjListDeinit):
	Rename...
	(virDomainSnapshotObjListNew, virDomainSnapshotObjListFree): ...to
	these.
	(virDomainSnapshotForEach): New function.
	(virDomainObjDispose, virDomainListPopulate): Adjust callers.
	* src/qemu/qemu_domain.c (qemuDomainSnapshotDiscard)
	(qemuDomainSnapshotDiscardAllMetadata): Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad)
	(qemuDomainUndefineFlags, qemuDomainSnapshotCreateXML)
	(qemuDomainSnapshotListNames, qemuDomainSnapshotNum)
	(qemuDomainListAllSnapshots)
	(qemuDomainSnapshotListChildrenNames)
	(qemuDomainSnapshotNumChildren)
	(qemuDomainSnapshotListAllChildren)
	(qemuDomainSnapshotLookupByName, qemuDomainSnapshotGetParent)
	(qemuDomainSnapshotGetXMLDesc, qemuDomainSnapshotIsCurrent)
	(qemuDomainSnapshotHasMetadata, qemuDomainRevertToSnapshot)
	(qemuDomainSnapshotDelete): Likewise.
	* src/libvirt_private.syms (domain_conf.h): Export new function.

2012-08-24  Philipp Hahn  <hahn@univention.de>

	xen-xs: fix uuid of renamed domain
	When the XenStore tdb lives persistently and is not cleared between host
	reboots, Xend (version 3.4 and 4.1) re-creates the domain information
	located in XenStore below /vm/$UUID. (According to the xen-3.2-commit
	hg265950e3df69 to fix a problem when locally migrating a domain to the
	host itself.)
	When doing so a version number is added to the UUID separated by one
	dash, which confuses xenStoreDomainIntroduced(): It iterates over all
	domains and tries to lookup all inactive domains using
	xenStoreDomainGetUUID(), which fails if the running domain is renamed:
	virUUIDParse() fails to parse the versioned UUID and the domain is
	flagged as missing. When this happens the function delays .2s and
	re-tries 20 times again, multiplied by the number of renamed VMs.
	  14:48:38.878: 4285: debug : xenStoreDomainIntroduced:1354 : Some domains were missing, trying again
	This adds a significant delay:
	  # time virsh list >/dev/null
	  real    0m6.529s
	  # xenstore-list /vm
	  00000000-0000-0000-0000-000000000000
	  00000000-0000-0000-0000-000000000000-1
	  00000000-0000-0000-0000-000000000000-2
	  00000000-0000-0000-0000-000000000000-3
	  00000000-0000-0000-0000-000000000000-4
	  00000000-0000-0000-0000-000000000000-5
	  7c06121e-90c3-93d4-0126-50481d485cca
	  00000000-0000-0000-0000-000000000000-6
	  00000000-0000-0000-0000-000000000000-7
	  144ad19d-dfb4-2f80-8045-09196bb8784f
	  00000000-0000-0000-0000-000000000000-8
	  144ad19d-dfb4-2f80-8045-09196bb8784f-1
	  00000000-0000-0000-0000-000000000000-9
	  00000000-0000-0000-0000-000000000000-10
	  00000000-0000-0000-0000-000000000000-11
	  00000000-0000-0000-0000-000000000000-12
	  00000000-0000-0000-0000-000000000000-13
	  00000000-0000-0000-0000-000000000000-14
	  144ad19d-dfb4-2f80-8045-09196bb8784f-2
	  00000000-0000-0000-0000-000000000000-15
	  144ad19d-dfb4-2f80-8045-09196bb8784f-3
	  00000000-0000-0000-0000-000000000000-16
	The patch adds truncation of the UUID as read from the XenStore path
	before passing it to virUUIDParse().
	The same issue is reported at
	<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666135>

2012-08-24  Michal Privoznik  <mprivozn@redhat.com>

	conf: Don't always require security/@model
	Only parse model, if static labelling, or
	a base label is set, or doing active XML.

	security: Add DAC to security_drivers
	Currently, if users set 'security_driver="dac"' in qemu.conf libvirtd
	fails to initialize as DAC driver is not found because it is missing
	in our security drivers array.

2012-08-24  Peter Krempa  <pkrempa@redhat.com>

	libssh2_transport: Add docs to remote.html
	Describe the existence of the transport driver and document the
	configurable options.

2012-08-24  Laine Stump  <laine@laine.org>

	nwfilter: don't log error if firewalld is disabled, improve diagnostics
	The original patch to support firewalld in nwfilter wasn't personally
	checking the exit status of firewall-cmd, but was instead sending NULL
	in the *exitstatus arg, which meant that virCommandWait would log an
	error just for the exit status being non-0 (and a "more scary than
	useful" error at that).
	We don't want to treat this as an error, though, just as a reason to
	use standard (ip|eb)tables commands instead of firewall-cmd.
	This patch modifies the virCommandRun in the nwfilter code to request
	status back from the caller. This avoids virCommandWait logging an
	error message, and allows the caller to do as it likes after examining
	the status.
	The VIR_DEBUG() logged when firewalld is enabled has also been
	reworded and changed to a VIR_INFO, and a similar VIR_INFO has been
	added in the case that firewalld is *not* found+enabled.

	openvz: check the exitstatus of vzlist
	I noticed this while auditing all calls to virCommandRun that request
	an exit status from virCommandRun. Two functions in the openvz driver
	  openvzDomainGetBarrierLimit
	  openvzDomainSetBarrierLimit
	request an exit status from virCommandRun (thus assuring that
	virCommandRun won't log any errors just due to a non-0 exit status),
	but then fail to examine that exit status. This could result in the
	functions believing that the call to "vzlist" was successful, even
	though it may have encountered an error.

2012-08-24  Eric Blake  <eblake@redhat.com>

	qemu-agent: available in 0.10.0
	The recent virDomainQemuAgentCommand addition is part of 0.10.0;
	also, grouping all libvirt-qemu.so callbacks together makes them
	easier to identify.
	* src/libvirt_qemu.syms: Fix release symbol.
	* src/qemu/qemu_driver.c (qemuDriver): Likewise.
	* src/remote/remote_driver.c (remote_driver): Likewise.
	* src/driver.h (_virDriver): Group qemu-specific callbacks.

2012-08-24  Laine Stump  <laine@laine.org>

	network: fix virtual network bridge delay setting
	libvirt's network config documents that a bridge's STP "forward delay"
	(called "delay" in the XML) should be specified in seconds, but
	virNetDevBridgeSetSTPDelay() assumes that it is given a delay in
	milliseconds (although the comment at the top of the function
	incorrectly says "seconds".
	This fixes the comment, and converts the delay to milliseconds before
	calling virNetDevBridgeSetSTPDelay().

2012-08-23  Michal Privoznik  <mprivozn@redhat.com>

	qemu: forbid suspend if already pmsuspended
	If a domain is pmsuspended then virsh suspend will succeed. Beside
	obvious flaw, virsh resume will report success and change domain
	state to running which is another mistake. Therefore we must forbid
	any attempts for suspend and resume when pmsuspended.

2012-08-23  MATSUDA Daiki  <matsudadik@intellilink.co.jp>

	agent: add qemu-agent-command to virsh
	Add qemu-agent-command to virsh to support virDomainQemuAgentCommand().

	agent: add python module support
	Add virDomainQemuAgentCommand() support function to python module.

	agent: add remote driver support
	Add qemuDomainAgentCommand() which is generated automatically,
	for .qemuDomainArbitraryAgentCommand to remote driver.

	agent: add qemu driver support
	Add qemuDrvDomainAgentCommand() for .qemuDomainArbitraryAgentCommand
	to qemu driver.

	agent: add virDrvDomainQemuAgentCommand prototype for drivers.
	Add virDrvDomainQemuAgentCommand prototype for drivers.
	Add virDomainQemuAgentCommand() for virDrvDomainQemuAgentCommand.

	agent: add qemuAgentArbitraryCommand() for general qemu agent command
	Add a function qemuAgentArbitraryCommand() for general qemu agent command.

	agent : add @seconds variable to qemuAgentSend().
	Add @seconds variable to qemuAgentSend().
	When @timemout is true, @seconds controls how long to wait for a
	response (if @seconds is VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT,
	default to QEMU_AGENT_WAIT_TIME).
	In addition, @seconds must be >= 0 or VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT.
	If @timeout is false, @seconds is ignored.

2012-08-23  Daniel Veillard  <veillard@redhat.com>

	Fix a missing build requirement on dbus-devel
	Communication with the firewall daemon uses DBus
	so if we compile with firewalld support, the dbus-devel
	is required for building

2012-08-23  Hu Tao  <hutao@cn.fujitsu.com>

	fix check of vcpuid in virDomainVcpuPinDefParseXML
	For emulator, the vcpuid field is always set to -1, instead of parsing
	XML for the value of it.

2012-08-23  Laine Stump  <laine@laine.org>

	util: eliminate erroneous VIR_WARNs in (eb|ip)tables.c
	Several VIR_DEBUG()'s were changed to VIR_WARN() while I was testing
	the firewalld support patch, and I neglected to change them back
	before I pushed.
	In the meantime I've decided that it would be useful to have them be
	VIR_INFO(), just so there will be logged evidence of which method is
	being used (firewall-cmd vs. (eb|ip)tables) without needing to crank
	logging to 11. (at most this adds 2 lines to libvirtd's logs per
	libvirtd start).

2012-08-23  Yuri Chornoivan  <yurchor@ukr.net>

	Fix some typos in messages, docs and comments.

2012-08-23  Gene Czarcinski  <gene@czarc.net>

	dnsmasq: avoid forwarding queries without a domain
	dnsmasq is forwarding a number of queries upstream that should not
	be done.  There still remains an MX query for a plain name with no
	domain specified that will be forwarded is dnsmasq has --domain=xxx
	--local=/xxx/ specified. This does not happen with no domain name
	and --local=// ... not a libvirt problem.
	BTW, thanks again to Claudio Bley!

2012-08-22  Stefan Hajnoczi  <stefanha@linux.vnet.ibm.com>

	docs: fix blockpull/blockcopy bandwidth Mbps -> MiB/s
	The bandwidth units for blockpull and blockcopy are in Megabytes per
	Second, not Megabits per Second.

2012-08-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix parameter list in virNetlinkEvent{Add,Remove}Client Win32 stubs
	The virNetlinkEventAddClient / virNetlinkEventRemoveClient stub
	impls had syntax errors in their parameter lists, using a ')'
	after the second-to-last parameter instead of a ','

2012-08-22  Guannan Ren  <gren@redhat.com>

	virsh: don't print error info when snapshot xml is not changed
	If xml is not changed, error message is printed.
	So check ret value instead of edit variable for error message.

2012-08-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in Makefile.am  s/LDFOAGS/LDFLAGS/

2012-08-22  Tang Chen  <tangchen@cn.fujitsu.com>

	Add uevent netlink service.
	This patch adds a new netlink service with NETLINK_KOBJECT_UEVENT
	protocol hotplug event.

	Introduce virNetlinkEventServiceStopAll() to stop all netlink services.
	This patch introduce virNetlinkEventServiceStopAll() to stop
	all the monitors to receive netlink messages for libvirtd.

	Improve netlink to support all protocol.
	This patch improve all the API in virnetlink.c to support
	all kinds of netlink protocols, and make all netlink sockets
	be able to join in groups.

2012-08-22  Peter Krempa  <pkrempa@redhat.com>

	client: Change default location of known_hosts file for libssh2 layer
	Unfortunately libssh2 doesn't support all types of host keys that can be
	saved in the known_hosts file. Also it does not report that parsing of
	the file failed. This results into truncated known_hosts files where the
	standard client stores keys also in other formats (eg.
	ecdsa-sha2-nistp256).
	This patch changes the default location of the known_hosts file into the
	libvirt private configuration directory, where it will be only written
	by the libssh2 layer itself. This prevents trashing user's known_host
	file.

	libssh2_session: Add support for creating known_hosts file
	The libssh2 code wasn't supposed to create the known_hosts file, but
	recent findings show, that we can't use the default created by OpenSSH
	as libssh2 might damage it. We need to create a private known_hosts file
	in the config path.
	This patch adds support for skipping error if the known_hosts file is
	not present and let libssh2 create a new one.

2012-08-22  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: support of emulator_period and emulator_quota's modification
	allow the user change/get emulator's period and quota when the vm is running.

2012-08-22  Hu Tao  <hutao@cn.fujitsu.com>

	new interface to control emulator_period/emulator_quota
	This patch adds two macros: VIR_DOMAIN_SCHEDULER_EMULATOR_PERIOD,
	VIR_DOMAIN_SCHEDULER_EMULATOR_QUOTA for controlling cpu bandwidth
	for emulator activities not tied to vcpus

	qemu: introduce period/quota tuning for emulator
	This patch introduces support of setting emulator's period and
	quota to limit cpu bandwidth when the vm starts.  Also updates
	XML Schema for new entries and docs.

	limit cpu bandwidth only for vcpus
	This patch changes the behaviour of xml element cputune.period
	and cputune.quota to limit cpu bandwidth only for vcpus, and no
	longer limit cpu bandwidth for the whole guest.
	The reasons to do this are:
	  - This matches docs of cputune.period and cputune.quota.
	  - The other parts excepting vcpus are treated as "emulator",
	    and there are separate period/quota settings for emulator
	    in the subsequent patches

	new command emulatorpin

	Add a new function vshPrintPinInfo.
	This is a helper function to print vcpu pin info.

2012-08-22  Tang Chen  <tangchen@cn.fujitsu.com>

	remote: introduce emulator pinning RPCs
	Introduce 2 APIs to support emulator threads in remote driver.
	    1) remoteDomainPinEmulator: call driver api, such as qemudDomainPinEmulator.
	    2) remoteDomainGetEmulatorPinInfo: call driver api, such as qemudDomainGetEmulatorPinInfo.
	They are similar to remoteDomainPinVcpuFlags and remoteDomainGetVcpuPinInfo.

2012-08-22  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: support emulator pinning
	Introduce 2 APIs to support emulator threads pin in qemu driver.
	    1) qemudDomainPinEmulator: setup emulator threads pin info.
	    2) qemudDomainGetEmulatorPinInfo: get all emulator threads pin info.
	They are similar to qemudDomainPinVcpuFlags and qemudDomainGetVcpuPinInfo.
	And also, remoteDispatchDomainPinEmulatorFlags and remoteDispatchDomainGetEmulatorPinInfo
	functions are introduced.

2012-08-22  Tang Chen  <tangchen@cn.fujitsu.com>

	Introduce virDomainEmulatorPinAdd and virDomainEmulatorPinDel functions
	Introduce 2 APIs to support emulator threads pin.
	    1) virDomainEmulatorPinAdd: setup emulator threads pin with a given cpumap string.
	    2) virDomainEmulatorPinDel: remove all emulator threads pin.

	Introduce virDomainPinEmulator and virDomainGetEmulatorPinInfo functions.
	Introduce 2 APIs to set/get physical cpu pinning info of emulator threads.

	Add qemuProcessSetEmulatorAffinites and set emulator threads affinities
	Emulator threads should also be pinned by sched_setaffinity(), just
	the same as vcpu threads.

	qemu: synchronize emulatorpin info to cgroup
	Introduce qemuSetupCgroupEmulatorPin() function to add emulator
	threads pin info to cpuset cgroup, the same as vcpupin.

	Support emulatorpin xml parse.
	This patch adds a new xml element <emulatorpin>, which is a sibling
	to the existing <vcpupin> element under the <cputune>, to pin emulator
	threads to specified physical CPUs.

2012-08-22  Hu Tao  <hutao@cn.fujitsu.com>

	Change virDomainVcpuPinDefParseXML to support parsing emulatorpin

	Enable cpuset cgroup and synchronous vcpupin info to cgroup.
	vcpu threads pin are implemented using sched_setaffinity(), but
	not controlled by cgroup. This patch does the following things:
	    1) enable cpuset cgroup
	    2) reflect all the vcpu threads pin info to cgroup

	updates of some vcpupin related functions
	1. add a new function virDomainVcpuPinDefCopy
	2. make virDomainVcpuPinDefFree non-static

	refactor virDomainVcpuPinAdd()

	add function bitmapFromBytemap() to convert bytemap to bitmap

2012-08-22  Wen Congyang  <wency@cn.fujitsu.com>

	create a new cgroup and move all emulator threads to the new cgroup
	Create a new cgroup and move all emulator threads to the new cgroup.
	And then we can do the other things:
	1. limit only vcpu usage rather than the whole qemu
	2. limit for emulator threads(include vhost-net threads)

2012-08-22  Hu Tao  <hutao@cn.fujitsu.com>

	Introduce the function virCgroupMoveTask
	Introduce a new API to move tasks of one controller from a cgroup to another cgroup

2012-08-22  Wen Congyang  <wency@cn.fujitsu.com>

	Introduce the function virCgroupForEmulator
	Introduce the function virCgroupForEmulator() to create sub directory
	for simulator thread(include I/O thread, vhost-net thread)

2012-08-22  Gerd v. Egidy  <lists@egidy.de>

	output status information during guest shutdown again
	Since the move to systemd libvirt-guests doesn't output this progress
	information anymore. This patch brings back this feature.
	It is helpful to show the admin what the system is waiting for and what
	is left of the timeout (e.g. for calibrating the shutdown timing of a ups).
	Rewriting the current line with \r doesn't work anymore in the context
	of systemd. So always write new lines, but move to 5 second intervals
	to avoid flooding the console.

2012-08-22  J.B. Joret  <jb@linux.vnet.ibm.com>

	qemu: Disk Geometry Override Support
	Qemu command line generation for geometry override and testcases.

	Support for Disk Geometry Override
	A hypervisor may allow to override the disk geometry of drives.
	Qemu, as an example with cyls=,heads=,secs=[,trans=].
	This patch extends the domain config to allow the specification of
	disk geometry with libvirt.

2012-08-22  Eric Blake  <eblake@redhat.com>

	build: avoid $(builddir) in Makefile
	Older automake 1.9.6 (hello there, RHEL 5) did not populate
	$(builddir), which meant 'make check' failed with:
	make[3]: *** No rule to make target `/.libs/libvirt.la', needed by `check-symfile'.  Stop.
	For that matter, even newer automake doesn't directly emit rules
	to build .libs/libvirt.la; we are better off basing our rules
	on the public ./libvirt.la.
	* src/Makefile.am (check-symfile): Delete useless variable.

	build: network requires location of dbus headers
	Without this patch, RHEL 5 fails to compile, since the dbus
	files lives under /usr/include/dbus-1.0/dbus/dbus.h, and
	DBUS_CFLAGS contains -I/usr/include/dbus-1.0.
	In file included from network/bridge_driver.c:67:
	../src/util/virdbus.h:26:25: error: dbus/dbus.h: No such file or directory
	* src/Makefile.am (libvirt_driver_network_impl_la_CFLAGS): Add
	DBUS_CFLAGS.

	atomic: fix whitespace in previous patch

	atomic: mark header functions static
	When gcc atomic intrinsics are not available (such as on RHEL 5
	with gcc 4.1.2), we were getting link errors due to multiple
	definitions:
	./.libs/libvirt_util.a(libvirt_util_la-virobject.o): In function `virAtomicIntXor':
	/home/dummy/l,ibvirt/src/util/viratomoic.h:404: multiple definition of `virAtomicIntXor'
	./.libs/libvirt_util.a(libvirt_util_la-viratomic.o):/home/dummy/libvirt/src/util/viratomic.h:404: first defined here
	Solve this by conditionally marking the functions static (the
	condition avoids falling foul of gcc warnings about unused
	static function declarations).
	* src/util/viratomic.h: When not using gcc intrinsics, use static
	functions to avoid linker errors on duplicate functions.

	build: work with glibc that lacks CPU_COUNT
	Building on RHEL 5 warned:
	nodeinfo.c: 305: warning: implicit declaration of function 'CPU_COUNT'
	This extension macro in <sched.h> was not added until later glibc.
	* src/nodeinfo.c (CPU_COUNT): Add fallback implementation.

	build: work with older RHEL 5 kernel
	We already skip out on building the LXC under RHEL 5, because the
	kernel is too old (commits 4c18acf, 2dee896); but commit 9612e4b
	moved some LXC-only code into common files, resulting in this
	build failure:
	util/virfile.c: In function 'virFileLoopDeviceAssociate':
	util/virfile.c:580: error: 'LO_FLAGS_AUTOCLEAR' undeclared (first use in this function)
	Unfortunately, the kernel folks only made it an enum, rather than
	also a #define, so we have to modify configure.ac to record when
	it is usable.
	* configure.ac (with_lxc): Mark when LO_FLAGS_AUTOCLEAR was found.
	* src/util/virfile.c (virFileLoopDeviceAssociate): Avoid
	compilation when kernel is too old.

2012-08-22  Ján Tomko  <jtomko@redhat.com>

	command: avoid double close in virExecWithHook
	Fix possible double close in the child process after the fork in case
	infd and outfd are equal, just like they are after being called from
	virNetSocketNewConnectCommand.

2012-08-22  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: provide basic support for firewalld
	This patch provides basic support for using firewalld's firewall-cmd
	rather than then plain eb/ip(6)tables commands.

2012-08-22  Thomas Woerner  <twoerner@redhat.com>

	network: use firewalld instead of iptables, when available
	* configure.ac, spec file: firewalld defaults to enabled if dbus is
	  available, otherwise is disabled. If --with_firewalld is explicitly
	  requested and dbus is not available, configure will fail.
	* bridge_driver: add dbus filters to get the FirewallD1.Reloaded
	  signal and DBus.NameOwnerChanged on org.fedoraproject.FirewallD1.
	  When these are encountered, reload all the iptables reuls of all
	  libvirt's virtual networks (similar to what happens when libvirtd is
	  restarted).
	* iptables, ebtables: use firewall-cmd's direct passthrough interface
	  when available, otherwise use iptables and ebtables commands. This
	  decision is made once the first time libvirt calls
	  iptables/ebtables, and that decision is maintained for the life of
	  libvirtd.
	* Note that the nwfilter part of this patch was separated out into
	  another patch by Stefan in V2, so that needs to be revised and
	  re-reviewed as well.
	================
	All the configure.ac and specfile changes are unchanged from Thomas'
	V3.
	V3 re-ran "firewall-cmd --state" every time a new rule was added,
	which was extremely inefficient.  V4 uses VIR_ONCE_GLOBAL_INIT to set
	up a one-time initialization function.
	The VIR_ONCE_GLOBAL_INIT(x) macro references a static function called
	vir(Ip|Eb)OnceInit(), which will then be called the first time that
	the static function vir(Ip|Eb)TablesInitialize() is called (that
	function is defined for you by the macro). This is
	thread-safe, so there is no chance of any race.
	IMPORTANT NOTE: I've left the VIR_DEBUG messages in these two init
	functions (one for iptables, on for ebtables) as VIR_WARN so that I
	don't have to turn on all the other debug message just to see
	these. Even if this patch doesn't need any other modification, those
	messages need to be changed to VIR_DEBUG before pushing.
	This one-time initialization works well. However, I've encountered
	problems with testing:
	1) Whenever I have enabled the firewalld service, *all* attempts to
	call firewall-cmd from within libvirtd end with firewall-cmd hanging
	internally somewhere. This is *not* the case if firewall-cmd returns
	non-0 in response to "firewall-cmd --state" (i.e. *that* command runs
	and returns to libvirt successfully.)
	2) If I start libvirtd while firewalld is stopped, then start
	firewalld later, this triggers libvirtd to reload its iptables rules,
	however it also spits out a *ton* of complaints about deletion failing
	(I suppose because firewalld has nuked all of libvirt's rules). I
	guess we need to suppress those messages (which is a more annoying
	problem to fix than you might think, but that's another story).
	3) I noticed a few times during this long line of errors that
	firewalld made a complaint about "Resource Temporarily
	unavailable. Having libvirtd access iptables commands directly at the
	same time as firewalld is doing so is apparently problematic.
	4) In general, I'm concerned about the "set it once and never change
	it" method - if firewalld is disabled at libvirtd startup, causing
	libvirtd to always use iptables/ebtables directly, this won't cause
	*terrible* problems, but if libvirtd decides to use firewall-cmd and
	firewalld is later disabled, libvirtd will not be able to recover.

2012-08-22  Jiri Denemark  <jdenemar@redhat.com>

	sanlock: Provide better error if lockspace directory is missing
	Generating "Unable to add lockspace /lock/space/dir/__LIBVIRT__DISKS__:
	No such file or directory" is correct but not exactly clear. This patch
	changes the error message to "Unable to create lockspace
	/lock/space/dir/__LIBVIRT__DISKS__: parent directory does not exist or
	is not a directory".

	daemon: Autodetect lock driver directory
	When running libvirtd from a build directory, libvirtd would load lock
	drivers from system directory unless explicitly overridden by setting
	LIBVIRT_LOCK_MANAGER_PLUGIN_DIR environment variable. Since we already
	autodetect driver directory if libvirt is build with driver modules, we
	can use the same trick to automagically set lock driver directory.

2012-08-21  Eric Blake  <eblake@redhat.com>

	build: split driver_storage into convenience library
	Commit 1d22ba95 was complete at the time, but we have since
	reintroduced a warning that is fixed in the same manner:
	  CCLD   storagebackendsheepdogtest
	*** Warning: Linking the executable storagebackendsheepdogtest against the loadable module
	*** libvirt_driver_storage.so is not portable!
	* src/Makefile.am (libvirt_driver_storage.la): Factor into new
	convenience library libvirt_driver_storage_impl.la.
	* tests/Makefile.am (storagebackendsheepdogtest_LDADD): Link to
	convenience library, not shared library.

	build: silence stupid gcc warning on STREQ_NULLABLE
	Our existing STRNEQ_NULLABLE() triggered a warning in gcc 4.7 when
	used with a literal NULL argument:
	qemumonitorjsontest.c: In function 'testQemuMonitorJSONGetMachines':
	qemumonitorjsontest.c:289:5: error: null argument where non-null required (argument 1) [-Werror=nonnull]
	even though the strcmp is provably dead when a null argument is
	present.  Squelch the warning by refactoring things so that gcc
	never sees strcmp() called with NULL arguments (we still compare
	NULL as not equal to "", this rewrite merely aids gcc).
	Next, gcc has a valid warning about a literal NULLSTR(NULL):
	qemumonitorjsontest.c:289:5: error: invalid application of 'sizeof' to a void type [-Werror=pointer-arith]
	Of course, you'd never write NULLSTR(NULL) directly, but it is
	handy to use through macros.  But the entire part about verify_true()
	is unnecessary - gcc already warns about type mismatch with ?:,
	without needing to make it more complex.
	* src/internal.h (STREQ_NULLABLE, STRNEQ_NULLABLE): Avoid gcc 4.7
	stupidity.
	(NULLSTR): Simplify, to allow passing compile-time constants.

2012-08-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix parsing of uid/gid on Mingw32
	The DAC security driver uses the virStrToLong_ui function to
	parse the uid/gid out of the seclabel string. This works on
	Linux where 'uid_t' is an unsigned int, but on Mingw32 it is
	just an 'int'. This causes compiler warnings about signed/
	unsigned int pointer mis-match.
	To avoid this, use explicit 'unsigned int ouruid' local
	vars to pass into virStrToLong_ui, and then simply assign
	to the 'uid_t' type after parsing

2012-08-21  Peter Krempa  <pkrempa@redhat.com>

	libssh2_transport: Use libssh2 driver code in remote driver
	This patch adds URI options to support libssh2 transport in the remote
	driver.
	A new transport sceme is introduced eg. "qemu+libssh2://..." that
	utilizes the libssh2 code added in previous patches.
	The libssh2 code requires the authentication callback to be able to
	perform keyboard-interactive authentication or to ask t passprhases or
	add host keys to known hosts database.
	Added URI components:
	- known_hosts -  path to a knownHosts file in OpenSSH format to check
	                 for known ssh host keys
	- known_hosts_verify - how to deal with server key verification:
	                            * "normal" (default) - ask to add new keys
	                            * "auto" - automaticaly add new keys
	                            * "ignore" - don't validate host keys
	- sshauth - authentication methods to use. Default is
	            "agent,privkey,keyboard-interactive". It's a comma separated
	            string of methods to try while authenticating. The order is
	            preserved. Some of the methods may require additional
	            parameters.
	Locations of the known_hosts file and private keys are set to default
	values if they're present. (~/.ssh/known_hosts, ~/.ssh/id_rsa,
	                            ~/.ssh/id_dsa)

	libssh2_transport: Add libssh2 session support to net client code
	This patch adds a glue layer to enable using libssh2 code with the
	network client code.
	As in the original client implementation, shell code is sent to the
	server to detect correct options for netcat and connect to libvirt's
	unix socket.

	libssh2_transport: add ssh context support to virNetSocket
	This patch enables virNetSocket to be used as an ssh client when
	properly configured.
	This patch adds function virNetSocketNewConnectLibSSH2() that takes all
	needed parameters and creates a libssh2 session and performs steps
	needed to open the connection and then create a virNetSocket that
	seamlesly encapsulates the communication.

	libssh2_transport: add main libssh2 transport implementation
	This patch adds helper functions that enable us to use libssh2 in
	conjunction with libvirt's virNetSockets for ssh transport instead of
	spawning "ssh" client process.
	This implemetation supports tunneled plaintext, keyboard-interactive,
	private key, ssh agent based and null authentication. Libvirt's Auth
	callback is used for interaction with the user. (Keyboard interactive
	authentication, adding of host keys, private key passphrases). This
	enables seamless integration into the application using libvirt. No
	helpers as "ssh-askpass" are needed.
	Reading and writing of OpenSSH style "known_hosts" files is supported.
	Communication is done using SSH exec channel, where the user may specify
	arbitrary command to be executed on the remote side and reads and writes
	to/from stdin/out are sent through the ssh channel. Usage of stderr is
	not (yet) supported.

2012-08-21  Daniel P. Berrange  <berrange@redhat.com>

	Add test case for SELinux label generation
	This test case validates the correct generation of SELinux labels
	for VMs, wrt the current process label. Since we can't actually
	change the label of the test program process, we create a shared
	library libsecurityselinuxhelper.so which overrides the getcon()
	and setcon() libselinux.so functions. When started the test case
	will check to see if LD_PRELOAD is set, and if not, it will
	re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so

	Honour current sensitivity and category ranges in SELinux label generation
	Currently the dynamic label generation code will create labels
	with a sensitivity of s0, and a category pair in the range
	0-1023. This is fine when running a standard MCS policy because
	libvirtd will run with a label
	  system_u:system_r:virtd_t:s0-s0:c0.c1023
	With custom policies though, it is possible for libvirtd to have
	a different sensitivity, or category range. For example
	  system_u:system_r:virtd_t:s2-s3:c512.c1023
	In this case we must assign the VM a sensitivity matching the
	current lower sensitivity value, and categories in the range
	512-1023

	Fix regression generating image context
	The code to refactor sec label handling accidentally changed the
	SELinux driver to use the 'domain_context' when generating the
	image label instead of the 'file_context'

2012-08-21  Martin Kletzander  <mkletzan@redhat.com>

	qemu: modify 3 error messages
	After the cleanup of remote display port allocation, I noticed some
	messages that didn't make a lot of sense the way they were written. So
	I rephrased them.

	qemu: configurable remote display port boundaries
	The defines QEMU_REMOTE_PORT_MIN and QEMU_REMOTE_PORT_MAX were used to
	find free port when starting domains. As this was hard-coded to the
	same ports as default VNC servers, there were races with these other
	programs. This patch includes the possibility to change the default
	starting port as well as the maximum port (mostly for completeness) in
	qemu config file.
	Support for two new config options in qemu.conf is added:
	 - remote_port_min (defaults to QEMU_REMOTE_PORT_MIN and
	   must be >= than this value)
	 - remote_port_max (defaults to QEMU_REMOTE_PORT_MAX and
	   must be <= than this value)

	qemu: Unify port-wise SPICE and VNC behavior
	Port allocations for SPICE and VNC behave almost the same (with
	default ports), but there is some mess in the code. This patch clears
	these inconsistencies and makes sure the same behavior will be used
	when ports for remote displays are changed.
	Changes:
	 - hard-coded number 5900 removed (handled elsewhere like with VNC)
	 - reservedVNCPorts renamed to reservedRemotePorts (it's not just for
	   VNC anymore)
	 - QEMU_VNC_PORT_{MIN,MAX} renamed to QEMU_REMOTE_PORT_{MIN,MAX}
	 - port allocation unified for VNC and SPICE

2012-08-21  Eric Blake  <eblake@redhat.com>

	build: fix build with autoconf 2.59
	Commit 350583c8 broke development on a RHEL 5 box, where the
	ancient Autoconf 2.59 lacks AS_VERSION_STRING.  Rather than
	backport the complex awk script that newer autoconf uses for
	true strverscmp comparisons from the shell, it was easier to
	just open-code a shell case statement.
	* configure.ac (qemu_version): Open-code a replacement for
	AS_VERSION_CHECK.

	virsh: split out virsh-volume.c
	Last of the file splits.
	* tools/virsh-volume.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh.c: Use new header.
	* tools/virsh-volume.c: Likewise.
	(vshCommandOptVolBy): Fix flag usage.

	virsh: split out virsh-snapshot.c
	Almost done with the splits.
	* tools/virsh-snapshot.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh.c: Use new header.
	* tools/virsh-snapshot.c: Likewise.

	virsh: split out virsh-secret.c
	One of the simpler splits.
	* tools/virsh-secret.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh.c: Use new header.
	* tools/virsh-secret.c: Likewise.

	virsh: split out virsh-pool.c
	More in a series of file splits.
	* tools/virsh-pool.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh.c: Use new header.
	* tools/virsh-pool.c: Likewise.
	(virCommandOptPoolBy): Fix flag usage.

	virsh: split out virsh-nwfilter.c
	Yet another split file.
	* tools/virsh-nwfilter.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh.c: Use new header.
	* tools/virsh-nwfilter.c: Likewise.

	virsh: split out virsh-nodedev.c
	Another worthwhile split, needed one more public function.
	* tools/virsh-nodedev.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh-nodedev.c: Use new header.
	* tools/virsh.c: Likewise.
	(vshTreePrint): Export.
	* tools/virsh.h (vshTreePrint): Declare.

	virsh: split out virsh-network.c
	Another relatively easy file split.
	* tools/virsh-network.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh.c: Use new header.
	* tools/virsh-network.c: Likewise.
	(vshCommandOptNetworkBy): Update signature.

	virsh: split out virsh-interface.c
	Another relatively easy split, since helper functions were fixed
	in the previous patch.
	* tools/virsh-interface.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh.c: Use new header.
	* tools/virsh-interface.c: Likewise.
	(vshCommandOptInterfaceBy): Check flags.

	virsh: declare more common functions
	In preparation for splitting virsh-interface.c, I found these
	functions need to be declared in virsh.h, as well as one that
	belongs more properly in virsh-domain.h.  Also, since we
	use the VSH_BY* flags in more than one function, I improved
	how they are used.
	* tools/virsh.h (vshNameSorter, vshCmdHasOption): Declare.
	(VSH_BYID): Turn into enum.
	(vshCommandOptDomainBy): Move...
	* tools/virsh-domain.h): ...here.
	* tools/virsh.c: (vshNameSorter): Export.
	(cmd_has_option): Rename...
	(vshCmdHasOption): ...and export.
	(vshCommandOptDomainBy): Move...
	* tools/virsh-domain.c (vshCommandOptDomainBy): ...here, adjust
	signature, and check flags.
	* tools/virsh-network.c (vshCommandOptNetworkBy): Update callers.
	* tools/virsh-nwfilter.c (vshCommandOptNWFilterBy): Likewise.
	* tools/virsh-secret.c (vshCommandOptSecret): Likewise.
	* tools/virsh-domain-monitor.c (includes): Likewise.
	* tools/virsh-host.c (includes): Likewise.

	virsh: split out virsh-host.c
	The splits are getting easier, with fewer cleanups needed in virsh.h.
	* tools/virsh-host.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh-host.c: Use new header.
	* tools/virsh.c: Likewise.

	virsh: split out virsh-domain-monitor.c
	Another file worth compiling on its own instead of by .c inclusion.
	* tools/virsh-domain-monitor.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh.h (vshGetDomainDescription): Move to correct
	header.
	* tools/virsh-domain-monitor.c: Use new header.
	* tools/virsh.c: Likewise.
	* tools/virsh-domain.c: Likewise.

2012-08-21  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	Update the remote API
	This patch updates libvirt's API to allow applications to inspect the
	full list of security labels of a domain.

	Support for multiple default security drivers in QEMU config
	This patch updates the key "security_driver" in QEMU config to suport
	both a sigle default driver or a list of default drivers. This ensures
	that it will remain compatible with older versions of the config file.

	Update security layer to handle many security labels
	These changes make the security drivers able to find and handle the
	correct security label information when more than one label is
	available. They also update the DAC driver to be used as an usual
	security driver.

	Multiple security drivers in XML data
	This patch updates the domain and capability XML parser and formatter to
	support more than one "seclabel" element for each domain and device. The
	RNG schema and the tests related to this are also updated by this patch.

	Internal refactory of data structures
	This patch updates the structures that store information about each
	domain and each hypervisor to support multiple security labels and
	drivers. It also updates all the remaining code to use the new fields.

2012-08-21  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	selinux: Fix incorrect object label generation.
	This is a fix for the object label generation. It uses a new flag for
	virSecuritySELinuxGenNewContext that specifies whether the context is
	for an object. If so the context role remains unchanged.
	Without this fix it is not possible to start domains with image file or
	block device backed storage when selinux is enabled.

2012-08-20  Eric Blake  <eblake@redhat.com>

	virsh: drop unused headers
	The previous commit now trips up 'make syntax-check' due to a useless
	use of <signal.h>.
	* tools/virsh.c (includes): Drop useless includes.

	maint: prohibit translations in testsuite
	Nothing in the testsuite or examples directory should be translated,
	as it is not part of the normally installed binary.  We already
	meet this rule, but enforcing it will make it easier to remember.
	Suggested by Daniel P. Berrange.
	* cfg.mk (sc_prohibit_useless_translation): Enhance rule.

2012-08-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix build of virsh on Win32 by moving SA_SIGINFO stub
	On Win32 SA_SIGINFO is not defined, so virsh.c stub'd it out
	to 0, but recent changes moved the usage out of virsh.c and
	into virsh-domain.c

2012-08-20  Eric Blake  <eblake@redhat.com>

	virsh: use common namespacing
	Convert the exported items in virsh.h to use a common 'vsh' prefix.
	* tools/virsh.h (VIRSH_MAX_XML_FILE): Rename...
	(VSH_MAX_XML_FILE): ...and parenthesize.
	(DIFF_MSEC, CTRL_CLOSE_BRACKET): Delete.
	(vshUsage, vshInit, vshDeinit, vshParseArgv): Remove prototype.
	(editWriteToTempFile, editFile, editReadBackFile, prettyCapacity)
	(virshReportError): Rename...
	(vshEditWriteToTempFile, vshEditFile, vshEditReadBackFile)
	(vshPrettyCapacity, vshReportError): ...into vsh namespace.
	(jobWatchTimeoutFunc): Move to virsh-domain.c.
	* tools/virsh.c (vshCommandRun): Inline former DIFF_MSEC.
	(main): Inline former CTRL_CLOSE_BRACKET.
	(vshUsage, vshInit, vshDeinit, vshParseArgv): Make static.
	(prettyCapacity, virshReportError, editWriteToTempFile, editFile):
	Fix naming, and adjust usage.
	(vshAskReedit, vshCommandRun, vshEventLoop, vshInit): Adjust
	usage.
	* tools/virsh-domain.c (cmdAttachDevice, cmdCPUCompare)
	(cmdCPUBaseline, cmdCreate, cmdDefine, cmdDetachDevice)
	(cmdUpdateDevice, cmdDesc, cmdUndefine, cmdStart, cmdVcpucount)
	(cmdAttachDevice, cmdDomjobinfo): Likewise.
	* tools/virsh-edit.c (do): Likewise.
	* tools/virsh-interface.c (cmdInterfaceDefine): Likewise.
	* tools/virsh-network.c (cmdNetworkCreate, cmdNetworkDefine):
	Likewise.
	* tools/virsh-nodedev.c (cmdNodeDeviceCreate): Likewise.
	* tools/virsh-nwfilter.c (cmdNWFilterDefine): Likewise.
	* tools/virsh-pool.c (cmdPoolCreate, cmdPoolDefine)
	(cmdPoolDiscoverSources, cmdPoolList): Likewise.
	* tools/virsh-secret.c (cmdSecretDefine): Likewise.
	* tools/virsh-snapshot.c (cmdSnapshotCreate, vshSnapshotCreate)
	(vshLookupSnapshot, cmdSnapshotEdit, cmdSnapshotCurrent)
	(vshGetSnapshotParent): Likewise.
	* tools/virsh-volume.c (cmdVolCreate, cmdVolCreateFrom)
	(cmdVolInfo, cmdVolList): Likewise.

2012-08-20  Daniel P. Berrange  <berrange@redhat.com>

	Add support for creating sockets & RPC servers from a pre-opened fd
	In order to support systemd socket based activation, it needs to
	be possible to create virNetSocketPtr and virNetServerServicePtr
	instance from a pre-opened file descriptor

	Refactor impl of the virNetServerClientNew method
	In preparation for adding further constructors, refactor
	the virNetServerClientNew method to move most of the code
	into a common virNetServerClientNewInternal helper API.

	Refactor the way new clients are registered with the server
	Currently the virNetServerDispatchNewClient both creates the
	virNetServerClientPtr instance and registers it with the
	virNetServerPtr internal state. Split the client registration
	code out into a separate virNetServerAddClient method to
	allow future reuse from other contexts

	Make Win32 stub of vshAskReedit non-static
	The main impl of vshAskReedit is non-static, so the Win32
	stub must be the same

	Fix syntax-check failures wrt virsh
	* cfg.mk: Whitelist virsh.h instead of virsh.c for strcasecmp check
	* tools/virsh-domain.h, tools/virsh.h: Fix #define indentation

2012-08-18  Eric Blake  <eblake@redhat.com>

	virsh: kill some double underscores
	C99 says that __foo naming is reserved for the compiler.  Besides,
	we had several different styles in use; this consolidates things
	to set up the typedefs up front then declare the types with
	consistent naming.
	* tools/virsh.h: Use consistent struct naming.
	* tools/virsh.c (_vshCommandParser): Likewise.

	virsh: split out virsh-domain.c
	The virsh-domain.c file was pretty self-contained; the only
	entry point was the table of command definitions.  The bulk
	of this patch is making more functions in virsh.c reusable.
	A later patch will clean up poor naming choices.
	* tools/Makefile.am (virsh_SOURCES): Build virsh-domain.c.
	* tools/virsh-domain.h: New file.
	* tools/virsh.h (virshReportError, vshResetLibvirtError)
	(vshAskReedit, vshStreamSink): Declare.
	* tools/virsh.c: Switch from using .c to .h.
	(virshReportError, vshResetLibvirtError, vshAskReedit)
	(vshStreamSink, prettyCapacity): Export.
	(vshCatchInt): Move...
	* tools/virsh-domain.c: ...into sole user.  Use header.

	virsh: split out virsh.h
	Having one .c file include another does not give any compilation
	benefits; move towards modular .o files by first splitting out
	reused declarations into a new virsh.h.  This patch doesn't try
	very hard to see which functions are used or not, to make it
	easier to review the file split.  Future patches can further trim
	the header to be smaller.
	* tools/Makefile.am (virsh_SOURCES): List new file, and prepare
	for others.
	* tools/virsh.c: Split declarations...
	* tools/virsh.h: ...into new file, and make several functions
	non-static.
	* tools/virsh-domain-monitor.c (vshGetDomainDescription): Make
	non-static.

	virsh: move vshWatchJob earlier
	It's easier to order things in topological order than it is to
	forward declare in one file for use only by one other file.
	* tools/virsh.c (vshWatchJob, parseRateStr)
	(vshDomainStateToString, vshDomainStateReasonToString)
	(vshDomainControlStateToString, vshDomainVcpuStateToString): Drop
	useless prototypes.
	* tools/virsh-domain.c (vshWatchJob): Move earlier.

2012-08-18  Shradha Shah  <sshah@solarflare.com>

	qemu: support netdevs from <forward mode='hostdev'> networks
	For network devices allocated from a network with <forward
	mode='hostdev'>, there is a need to add the newly minted hostdev to
	the hostdevs array.
	In this case we also need to call qemuPrepareHostDevices just for this
	one device, as the standard call to initialize all the hostdevs that
	were defined directly in the domain's configuration has already been
	made by the time we allocate a device from a libvirt network, and thus
	have something that needs initializing.

	network: support <forward mode='hostdev'> in network driver
	This patch updates the network driver to properly utilize the new
	attributes/elements that are now in virNetworkDef

	conf: add function virDevicePCIAddressEqual
	This function is needed by the network driver in a later commit.
	It is useful in functions like networkNotifyActualDevice and
	networkReleaseActualDevice

	network: return netdev name or pci addr of the VF in actualDevice
	The network pool should be able to keep track of both network device
	names and PCI addresses, and return the appropriate one in the
	actualDevice when networkAllocateActualDevice is called.

	conf: parser/formatter/rng for <forward mode='hostdev'>
	This patch introduces the new forward mode='hostdev' along with
	attribute managed. Includes updates to the network RNG and new xml
	parser/formatter code.

	network: helper function to create interface pool from PF
	Existing code that creates a list of forwardIfs from a single PF
	was moved to the new utility function networkCreateInterfacePool.
	No functional change.

	conf: move DevicePCIAddress functions to separate file
	Move the functions the parse/format, and validate PCI addresses to
	their own file so they can be conveniently used in other places
	besides device_conf.c
	Refactoring existing code without causing any functional changes to
	prepare for new code.
	This patch makes the code reusable.

2012-08-18  Jiri Denemark  <jdenemar@redhat.com>

	docs: Enhance documentation of log_filters
	Also make sure documentation in libvirtd.conf matches the one from
	logging.html.

	conf: Fix ABI stability check for spicevmc channel
	Change device type of a virtio channel from/to spicevmc is not a user
	visible change. However, spicevmc channels use different default target
	name than other virtio channels. To maintain ABI stability during this
	change target name must be explicitly specified (and equal) in both
	configurations.

2012-08-17  Kyle Mestery  <kmestery@cisco.com>

	network: add support for setting VLANs on Open vSwitch ports
	Add the ability to support VLAN tags for Open vSwitch virtual port
	types. To accomplish this, modify virNetDevOpenvswitchAddPort and
	virNetDevTapCreateInBridgePort to take a virNetDevVlanPtr
	argument. When adding the port to the OVS bridge, setup either a
	single VLAN or a trunk port based on the configuration from the
	virNetDevVlanPtr.

2012-08-17  Osier Yang  <jyang@redhat.com>

	Fix the indentions of libvirt.h.in
	Substitute 2 spaces with 4 spaces instead.

	qemu: Set swap_hard_limit before hard_limit
	Setting hard_limit larger than previous swap_hard_limit must fail,
	it's not that good if one wants to change the swap_hard_limit
	and hard_limit together. E.g.
	% virsh memtune rhel6
	hard_limit     : 1000000
	soft_limit     : 1000000
	swap_hard_limit: 1000000
	% virsh memtune rhel6 --hard-limit 1000020 --soft-limit 1000020 \
	--swap-hard-limit 1000020 --live
	This patch reorder the limits setting to set the swap_hard_limit
	first, hard_limit then, and soft_limit last if it's greater than
	current swap_hard_limit. And soft_limit first, hard_limit then,
	swap_hard_limit last, if not.

2012-08-17  Eric Blake  <eblake@redhat.com>

	build: fix syntax check during 'make distcheck'
	'make distcheck' was failing because a syntax check file,
	.sc-start-sc_vulnerable_makefile_CVE-2012-3386, got left
	behind.  I traced it to the 'distdir' rule depending on a
	shortcut syntax-check name rather than the full rule name
	normally used during 'local-check' from maint.mk.
	* cfg.mk (distdir): Depend on full rule, not shorthand name.

	build: ship stamp files
	'make distcheck' fails because the generated ESX and HyperV files
	are (intentionally) marked read-only, but since the stamp file was
	missing, make assumes they need to be rebuilt.  Shipping the stamp
	file solves the problem.
	* src/Makefile.am (EXTRA_DIST): Ship stamp files.

2012-08-16  Laine Stump  <laine@laine.org>

	qemu: support setting vlan tag for <interface type='hostdev'>
	The underlying function to set the vlan tag of an SR-IOV network
	device was already in place (although an extra patch to save/restore
	the original vlan tag was needed), and recent patches added the
	ability to configure a vlan tag. This patch just ties those two
	together.
	An SR-IOV device doesn't support vlan trunking, so if anyone tries to
	configure more than a single tag, or set the trunk flag, and error is
	logged.

	util: properly save/restore original vlan tag for VFs
	When a network device that is a VF of an SR-IOV card was assigned to a
	guest using <interface type='hostdev'>, only the MAC address was being
	saved/restored, but the VLAN tag was left untouched. Up to now we
	haven't actually used vlan tags on SR-IOV devices, so the guest would
	have used whatever was set, and left it the same at the end.
	The patch following this one will hook up the <vlan> element from the
	interface config, so save/restore of the device state needs to also
	include the vlan tag.
	MAC address is being saved as a simple ASCII string in a file named
	for the device under /var/run.  The VLAN tag is now just added at the
	end of that file, after a newline. It might be nicer if the file was
	XML (in case it ever gets more complicated) but at the moment there's
	nothing else on the horizon, and this makes backward compatibility
	easier.

2012-08-16  Osier Yang  <jyang@redhat.com>

	qemu: Ensure the cpuset is formatted as expected before passing to cgroup
	The parameter value for cpuset could be in special format like
	"0-10,^7", which is not recognized by cgroup. This patch is to
	ensure the cpuset is formatted as expected before passing it to
	cgroup. As a side effect, after the patch, it parses the cpuset
	early before cgroup setting, to avoid the rollback if cpuset
	parsing fails afterwards.

2012-08-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix WIN32 conditional for disabling console command
	The '#endif' for a WIN32 conditional was placed one function
	too high, leaving the impl of the console command enabled
	and referencing functions that were disabled

	Move some SASL symbols into libvirt_sasl.syms
	Previous commit:
	  commit 9093ab77345767f741304aa0adb02adbbe766f14
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Wed Jul 18 17:03:17 2012 +0100
	    Add lots of internal symbols to libvirt_private.syms
	mistakenly put some conditional SASL symbols in libvirt_private.syms
	instead of libvirt_sasl.syms

2012-08-16  Eric Blake  <eblake@redhat.com>

	build: avoid warnings on older gcc
	A previous patch (c606671a) pulled in a newer version of
	stat-time.h from gnulib, which causes some warnings in older gcc:
	  CC     libvirt_driver_storage_la-storage_backend.lo
	cc1: warnings being treated as errors
	In file included from ../../src/storage/storage_backend.c:59:
	../../gnulib/lib/stat-time.h:55: error: no previous prototype for 'get_stat_atime_ns' [-Wmissing-prototypes]
	Upstream gnulib argues that these warnings are stupid (and I agree;
	see <http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54113>), and has
	used a modern gcc feature (#pragma GCC diagnostic push) to avoid the
	warning.  But we still aim to compile on RHEL 6.3, with gcc 4.4.6
	(not to mention even older platforms like RHEL 5), and therefore
	the warning trips up our default of development with -Werror.
	It took me a while to figure out how to make our set of warnings
	smaller on older gcc without losing the benefit of the warnings
	when using newer gcc (such as the one on Fedora 17), but this
	should do the trick.
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Avoid
	warnings that gnulib can't silence on older gcc.

2012-08-16  Laine Stump  <laine@laine.org>

	network: make network driver vlan-aware
	The network driver now looks for the vlan element in network and
	portgroup objects, and logs an error at network define time if a vlan
	is requested for a network type that doesn't support it. (Currently
	vlan configuration is only supported for openvswitch networks, and
	networks used to do hostdev assignment of SR-IOV VFs.)
	At runtime, the three potential sources of vlan information are
	examined in this order: interface, chosen portgroup, network, and the
	first that is non-empty is used.  Another check for valid network type
	is made at this time, since the interface may have requested a vlan (a
	legal thing to have in the interface config, since it's not known
	until runtime if the chosen network will actually support it).
	Since we must also check for domains requesting vlans for unsupported
	connection types even if they are type='network', and since
	networkAllocateActualDevice() is being called in exactly the correct
	places, and has all of the necessary information to check, I slightly
	modified the logic of that function so that interfaces that aren't
	type='network' don't just return immediately. Instead, they also
	perform all the same validation for supported features. Because of
	this, it's not necessary to make this identical check in the other
	three places that would normally require it: 1) qemu domain startup,
	2) qemu device hotplug, 3) lxc domain startup.
	This can be seen as a first step in consolidating network-related
	functionality into the network driver, rather than having copies of
	the same code spread around in multiple places; this will make it
	easier to split the network parts off into a separate daemon, as we've
	discussed recently.

	conf: add <vlan> element to network and domain interface elements
	The following config elements now support a <vlan> subelements:
	within a domain: <interface>, and the <actual> subelement of <interface>
	within a network: the toplevel, as well as any <portgroup>
	Each vlan element must have one or more <tag id='n'/> subelements.  If
	there is more than one tag, it is assumed that vlan trunking is being
	requested. If trunking is required with only a single tag, the
	attribute "trunk='yes'" should be added to the toplevel <vlan>
	element.
	Some examples:
	  <interface type='hostdev'/>
	    <vlan>
	      <tag id='42'/>
	    </vlan>
	    <mac address='52:54:00:12:34:56'/>
	    ...
	  </interface>
	  <network>
	    <name>vlan-net</name>
	    <vlan trunk='yes'>
	      <tag id='30'/>
	    </vlan>
	    <virtualport type='openvswitch'/>
	  </network>
	  <interface type='network'/>
	    <source network='vlan-net'/>
	    ...
	  </interface>
	  <network>
	    <name>trunk-vlan</name>
	    <vlan>
	      <tag id='42'/>
	      <tag id='43'/>
	    </vlan>
	    ...
	  </network>
	  <network>
	    <name>multi</name>
	    ...
	    <portgroup name='production'/>
	      <vlan>
	        <tag id='42'/>
	      </vlan>
	    </portgroup>
	    <portgroup name='test'/>
	      <vlan>
	        <tag id='666'/>
	      </vlan>
	    </portgroup>
	  </network>
	  <interface type='network'/>
	    <source network='multi' portgroup='test'/>
	    ...
	  </interface>
	IMPORTANT NOTE: As of this patch there is no backend support for the
	vlan element for *any* network device type. When support is added in
	later patches, it will only be for those select network types that
	support setting up a vlan on the host side, without the guest's
	involvement. (For example, it will be possible to configure a vlan for
	a guest connected to an openvswitch bridge, but it won't be possible
	to do that for one that is connected to a standard Linux host bridge.)

	util: add virNetDevVlanType
	To allow for the possibility of vlan "trunks", which have more than
	one vlan tag associated with them, we need a vlan struct. Since it
	will be used by multiple files in src/util, src/conf, src/network, and
	src/qemu, it must be defined in src/util. Unfortunately there isn't
	currently a common file for simple netdev data definitions, so I
	created a new file.

	schema: fix some problems in network/interface schemas
	<portgroup> allows a <bandwidth> element, but the schema didn't have
	this. Since this makes for multiple elements in portgroup, they must
	be interleaved.
	<interface type='bridge'> needs to allow <virtualport> elements
	for openvswitch, but the schema didn't allow this.

2012-08-15  Laine Stump  <laine@laine.org>

	util: include memory.h even if WITH_VIRTUALPORT isn't defined
	This caused compilation of virnetdevvportprofile.c to fail on systems
	without IFLA support in netlink (these are netlink commands used to
	configure the VF's of SR-IOV network devices).

2012-08-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix virJSONValueToString prototype for Mingw32
	Fix build on platforms lacking YAJL library by adding missing
	'bool pretty' parameter to virJSONValueToString.

2012-08-15  Doug Goldstein  <cardoe@cardoe.com>

	Update libvirtd --help output to match code
	Updated the paths that libvirtd --help says are used when run as
	non-root to match what the code actually does.

	Update paths in man page to reflect libvirtd code
	Updated the paths in the man page to reflect what the code in libvirtd
	does. In addition broke out the FILES section into two subsections for
	files used when run as root and files used when run as non-root.
	Provided information about the defaults that libvirtd uses when running
	as non-root and when XDG_CONFIG_HOME and XDG_RUNTIME_DIR are not set in
	the environment.

	Replace unset REMOTE_PID_FILE with proper value
	REMOTE_PID_FILE is no longer used in the source or the build process but
	the man page still used it resulting in no file name being displayed.
	The same value that the libvirtd daemon code uses is now used in the man
	page.

	Fix man page file paths to real paths
	Currently the man page has paths that start with @sysconfdir@,
	@localstatedir@ and @remote_pid_file@. The sed command attempts to
	replace these during the build but unfortunately pod2man gets to the
	files first and escapes the @ character resulting in the sed not
	working. This removes the @ character and makes the paths correct.

2012-08-15  Daniel P. Berrange  <berrange@redhat.com>

	Refactor RPC client private data setup
	Currently there is a hook function that is invoked when a
	new client connection comes in, which allows an app to
	setup private data. This setup will make it difficult to
	serialize client state during process re-exec(). Change to
	a model where the app registers a callback when creating
	the virNetServerPtr instance, which is used to allocate
	the client private data immediately during virNetClientPtr
	construction.

	Add further debugging lines to domain lock manager

	Allow sync IO and keepalives to be skipped in RPC client setup
	Currently the virNetClientPtr constructor will always register
	the async IO event handler and the keepalive objects. In the
	case of the lock manager, there will be no event loop available
	nor keepalive support required. Split this setup out of the
	constructor and into separate methods.
	The remote driver will enable async IO and keepalives, while
	the LXC driver will only enable async IO

	Change interaction when accepting new RPC client connections
	Currently the virNetServerServicePtr is responsible for
	creating the virNetServerClientPtr instance when accepting
	a new connection. Change this so that the virNetServerServicePtr
	merely gives virNetServerPtr a virNetSocketPtr instance. The
	virNetServerPtr can then create the virNetServerClientPtr
	as it desires

	Add APIs for virThreadPoolPtr to query some config params
	It is desirable to be able to query the config params of
	the thread pool, in order to save the server state. Add
	virThreadPoolGetMinWorkers, virThreadPoolGetMaxWorkers
	and virThreadPoolGetPriorityWorkers APIs.

	Allow control over JSON string pretty printing
	While the QEMU monitor/agent do not want JSON strings pretty
	printed, other parts of libvirt might. Instead of hardcoding
	QEMU's desired behaviour in virJSONValueToString(), add a
	boolean flag to control pretty printing

	Change function signature for creating new lock manager instances
	To allow a virLockManagerPtr to be created directly from a
	driver table struct, replace the virLockManagerPluginPtr parameter
	with a virLockDriverPtr parameter.
	* src/locking/domain_lock.c, src/locking/lock_manager.c,
	  src/locking/lock_manager.h: Replace plugin param with
	  a driver in virLockManagerNew

	Remove unused qemuProcessAutoDestroyRun decl from header
	The qemuProcessAutoDestroyRun function was removed in an earlier
	commit, but the header file declaration was not deleted

2012-08-15  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add domain configuration example

	parallels: cleanup parallelsOpen and fix error message
	Do some cleanup of parallelsOpen, STREQ_NULLABLE can replace
	a lot of checks.
	Also fix error message to be VIR_ERR_INTERNAL_ERROR, the same
	as in other drivers.

	parallels: change URI to parallels:///system
	Let's change URI to parallels:///system. Parallels Server supports
	creating VMs from non-privileged accounts, but it's not main usage
	scenario and it may be forbidden in the future.
	Also containers, which will be supported by the driver, can be managed
	only by root, so /system path is more suitable for this driver.

2012-08-15  Daniel Veillard  <veillard@redhat.com>

	Adding Sukadev Bhattiprolu

2012-08-15  Sukadev Bhattiprolu  <sukadev@linux.vnet.ibm.com>

	Update documentation for CPU quota/period support for LXC
	Following commit added suport the CPU quota/period to the LXC driver.
	Update the documentation to reflect that.
		commit d9724a81b3c53a40f45bf76067a976cce73ed278
		Author: Daniel P. Berrange <berrange@redhat.com>
		Date:   Thu Nov 10 12:16:26 2011 +0000
		Add support for CPU quota/period to LXC driver

2012-08-15  Osier Yang  <jyang@redhat.com>

	virsh: Add helper to avoid the strcase check for virsh-*.c
	* tools/virsh.c: New macro vshStrcasecmp
	* tools/virsh-domain-monitor.c: Use vshStrcasecmp instead of
	                                strcasecmp
	* tools/virsh-snapshot.c: Likewise
	* cfg.mk: Only avoid doing strcase checking for virsh.c

2012-08-15  Laine Stump  <laine@laine.org>

	conf: log error when encountering multiple filterrefs in interface
	Each interface has a single pointer to a filterref object. That
	filterref can itself point to multiple other filterrefs, but at the
	toplevel there is only one.
	The parser had previously just silently overwritten earlier filterrefs
	when a new one was encountered, so the interface was left with
	whichever was the last filterref in the xml, ignoring all the
	others. This patch logs an error when it sees more than one filterref.

	network: add connections counter to networks
	Just as each physical device used by a network has a connections
	counter, now each network has a connections counter which is
	incremented once for each guest interface that connects using this
	network.
	The count is output in the live network XML, like this:
	   <network connections='20'>
	   ...
	   </network>
	It is read-only, and for informational purposes only - it isn't used
	internally anywhere by libvirt.

	network: change cleanup: to success/cleanup/error: in network*() functions
	A later patch will be adding a counter that will be
	incremented/decremented each time an guest interface starts/stops
	using a particular network. For this to work, all types of networks
	need to go through a common return sequence rather than returning
	early. To setup for this, a new success: label is added (when
	necessary), a new error: label is added which does any cleanup
	necessary only for error returns and then does goto cleanup, and early
	returns are changed to goto error if it's a failure, or goto success
	if it's successful. This way the intent of all the gotos is
	unambiguous, and a successful return path never encounters the
	"error:" label.

	conf: output forward device connections count in network XML
	It may be useful for management applications to know which physical
	network devices are in use by guests. This information is already
	available in the network objects, but wasn't output in the XML. This
	patch outputs it when the INACTIVE flag isn't set (and if it's non-0).

	conf: rename interface "usageCount" to "connections"
	I want to include this count in the xml output of networks, but
	calling it "connections" in the XML sounds better than "usageCount", and it
	would be better if the name in the XML matched the variable name.
	In a few places, usageCount was being initialized to 0, but this is
	unnecessary, because VIR_ALLOC_N zero-fills everything anyway.

	conf: use a unique data type for PF array in virDomainNetDef
	This array was originally defined using the existing
	virNetworkForwardIfDef, but that struct has a UsageCount field that
	isn't used in the case of PFs. This patch just copies that struct and
	removes UsageCount. It ends up being a struct with a single field, but
	I left it as a struct in case we need to add other fields to it in the
	future.

2012-08-15  Eric Blake  <eblake@redhat.com>

	random: link with -lm when needed
	Use of ldexp() requires -lm on some platforms; use gnulib to determine
	this for our makefile.  Also, optimize virRandomInt() for the case
	of a power-of-two limit (actually rather common, given that Daniel
	has a pending patch to replace virRandomBits(10) with code that will
	default to virRandomInt(1024) on default SELinux settings).
	* .gnulib: Update to latest, for ldexp.
	* bootstrap.conf (gnulib_modules): Import ldexp.
	* src/Makefile.am (libvirt_util_la_CFLAGS): Link with -lm when
	needed.
	* src/util/virrandom.c (virRandomInt): Optimize powers of 2.

2012-08-15  Laine Stump  <laine@laine.org>

	network: merge relevant virtualports rather than choosing one
	One of the original ideas behind allowing a <virtualport> in an
	interface definition as well as in the <network> definition *and*one
	or more <portgroup>s within the network, was that guest-specific
	parameteres (like instanceid and interfaceid) could be given in the
	interface's virtualport, and more general things (portid, managerid,
	etc) could be given in the network and/or portgroup, with all the bits
	brought together at guest startup time and combined into a single
	virtualport to be used by the guest. This was somehow overlooked in
	the implementation, though - it simply picks the "most specific"
	virtualport, and uses the entire thing, with no attempt to merge in
	details from the others.
	This patch uses virNetDevVPortProfileMerge3() to combine the three
	possible virtualports into one, then uses
	virNetDevVPortProfileCheck*() to verify that the resulting virtualport
	type is appropriate for the type of network, and that all the required
	attributes for that type are present.
	An example of usage is this: assuming a <network> definitions on host
	ABC of:
	  <network>
	    <name>testA</name>
	    ...
	    <virtualport type='openvswitch'/>
	    ...
	    <portgroup name='engineering'>
	      <virtualport>
	        <parameters profileid='eng'/>
	      </virtualport>
	    </portgroup>
	    <portgroup name='sales'>
	      <virtualport>
	        <parameters profileid='sales'/>
	      </virtualport>
	    </portgroup>
	  </network>
	and the same <network> on host DEF of:
	  <network>
	    <name>testA</name>
	    ...
	    <virtualport type='802.1Qbg'>
	      <parameters typeid="1193047" typeidversion="2"/>
	    </virtualport>
	    ...
	    <portgroup name='engineering'>
	      <virtualport>
	        <parameters managerid="11"/>
	      </virtualport>
	    </portgroup>
	    <portgroup name='sales'>
	      <virtualport>
	        <parameters managerid="55"/>
	      </virtualport>
	    </portgroup>
	  </network>
	and a guest <interface> definition of:
	  <interface type='network'>
	    <source network='testA' portgroup='sales'/>
	    <virtualport>
	      <parameters instanceid="09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f"
	                  interfaceid="09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f"\>
	    </virtualport>
	    ...
	  </interface>
	If the guest was started on host ABC, the <virtualport> used would be:
	  <virtualport type='openvswitch'>
	    <parameters interfaceid='09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f'
	                profileid='sales'/>
	  </virtualport>
	but if that guest was started on host DEF, the <virtualport> would be:
	    <virtualport type='802.1Qbg'>
	      <parameters instanceid="09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f"
	                  typeid="1193047" typeidversion="2"
	                  managerid="55"/>
	    </virtualport>
	Additionally, if none of the involved <virtualport>s had a specified type
	(this includes cases where no virtualport is given at all),

	conf: support partially-specified <virtualport> in parser and formatter
	Until now, all attributes in a <virtualport> parameter list that were
	acceptable for a particular type, were also required. There were no
	optional attributes.
	One of the aims of supporting <virtualport> in libvirt's virtual
	networks and portgroups is to allow specifying the group-wide
	parameters in the network's virtualport, and merge that with the
	interface's virtualport, which will have the instance-specific info
	(i.e. the interfaceid or instanceid).
	Additionally, the guest's interface XML shouldn't need to know what
	type of network connection will be used prior to runtime - it could be
	openvswitch, 802.1Qbh, 802.1Qbg, or none of the above - but should
	still be able to specify instance-specific info just in case it turns
	out to be applicable.
	Finally, up to now, the parser for virtualport has always generated a
	random instanceid/interfaceid when appropriate, making it impossible
	to leave it blank (which is what's required for virtualports within a
	network/portprofile definition).
	This patch modifies the parser and formatter of the <virtualport>
	element in the following ways:
	* because most of the attributes in a virNetDevVPortProfile are fixed
	  size binary data with no reserved values, there is no way to embed a
	  "this value wasn't specified" sentinel into the existing data. To
	  solve this problem, the new *_specified fields in the
	  virNetDevVPortProfile object that were added in a previous patch of
	  this series are now set when the corresponding attribute is present
	  during the parse.
	* allow parsing/formatting a <virtualport> that has no type set. In
	  this case, all fields are settable, but all are also optional.
	* add a GENERATE_MISSING_DEFAULTS flag to the parser - if this flag is
	  set and an instanceid/interfaceid is expected but not provided, a
	  random one will be generated. This was previously the default
	  behavior, but is now done only for virtualports inside an
	  <interface> definition, not for those in <network> or <portgroup>.
	* add a REQUIRE_ALL_ATTRIBUTES flag to the parser - if this flag is
	  set the parser will call the new
	  virNetDevVPortProfileCheckComplete() functions at the end of the
	  parser to check for any missing attributes (based on type), and
	  return failure if anything is missing. This used to be default
	  behavior. Now it is only used for the virtualport defined inside an
	  interface's <actual> element (by the time you've figured out the
	  contents of <actual>, you should have all the necessary data to fill
	  in the entire virtualport)
	* add a REQUIRE_TYPE flag to the parser - if this flag is set, the
	  parser will return an error if the virtualport has no type
	  attribute. This also was previously the default behavior, but isn't
	  needed in the case of the virtualport for a type='network' interface
	  (i.e. the exact type isn't yet known), or the virtualport of a
	  portgroup (i.e. the portgroup just has modifiers for the network's
	  virtualport, which *does* require a type) - in those cases, the
	  check will be done at domain startup, once the final virtualport is
	  assembled (this is handled in the next patch).

	conf: simplify Buffer Indentation in virDomainNetDefFormat
	This function has several calls to increase the buffer indent by 6,
	then decrease it again, then increase, then decrease. Additionally,
	there were several printfs that had 6 spaces at the beginning of the
	line.
	virDomainActualNetDefFormat, which is called by virDomainNetDefFormat,
	had similar ugliness.
	This patch changes both functions to just increase the indent at the
	beginning, decrease it at (well, just before*) the end, and remove all
	of the occurences of 6/8 spaces at the beginning of lines.
	*The indent had to be reset before the end of the function because
	virDomainDeviceInfoFormat assumes a 0 indent and is called from many
	other places, and I didn't want to do an overhaul of every caller of
	that function. A separate patch to switch all of domain_conf.c would
	be a useful exercise, but my current goal is unrelated to that, so
	I'll leave it for another day.

	conf: make error returns from virDomainActualNetDefFormat consistent
	There was an error: label that simply did "return ret", but ret was
	defaulted to -1, and was never used other than setting it manually to
	0 just before a non-error return. Aside from this, some of the error
	return paths used "goto error" and others used "return ret".
	This patch removes ret and the error: label, and makes all error
	returns just consistently do "return -1".

	conf: move virtPortProfile out of unions in virDomainNetDef
	virtPortProfile is now used by 4 different types of network devices
	(NETWORK, BRIDGE, DIRECT, and HOSTDEV), and it's getting cumbersome to
	replicate so much code in 4 different places just because each type
	has the virtPortProfile in a slightly different place. This patch puts
	a single virtPortProfile in a common place (outside the type-specific
	union) in both virDomainNetDef and virDomainActualNetDef, and adjusts
	the parse and format code (and the few other places where it is used)
	accordingly.
	Note that when a <virtualport> element is found, the parse functions
	verify that the interface is of a type that supports one, otherwise an
	error is generated (CONFIG_UNSUPPORTED in the case of <interface>, and
	INTERNAL in the case of <actual>, since the contents of <actual> are
	always generated by libvirt itself).

	util: utility functions for virNetDevVPortProfile
	This patch adds three utility functions that operate on
	virNetDevVPortProfile objects.
	* virNetDevVPortProfileCheckComplete() - verifies that all attributes
	    required for the type of the given virtport are specified.
	* virNetDevVPortProfileCheckNoExtras() - verifies that there are no
	    attributes specified which are inappropriate for the type of the
	    given virtport.
	* virNetDevVPortProfileMerge3() - merges 3 virtports into a single,
	    newly allocated virtport. If any attributes are specified in
	    more than one of the three sources, and do not exactly match,
	    an error is logged and the function fails.
	These new functions depend on new fields in the virNetDevVPortProfile
	object that keep track of whether or not each attribute was
	specified. Since the higher level parse function doesn't yet set those
	fields, these functions are not actually usable yet (but that's okay,
	because they also aren't yet used - all of that functionality comes in
	a later patch.)
	Note that these three functions return 0 on success and -1 on
	failure. This may seem odd for the first two Check functions, since
	they could also easily return true/false, but since they actually log
	an error when the requested condition isn't met (and should result in
	a failure of the calling function), I thought 0/-1 was more
	appropriate.

	util: add openvswitch case to virNetDevVPortProfileEqual
	This function was overlooked when openvswitch support was
	added. Fortunately it's only use for update-device, which is
	relatively new and seldom-used.

	util: eliminate union in virNetDevVPortProfile
	virNetDevVPortProfile has (had) a type field that can be set to one of
	several values, and a union of several structs, one for each
	type. When a domain's interface object is of type "network", the
	domain config may not know beforehand which type of virtualport is
	going to be provided in the actual device handed down from the network
	driver at runtime, but may want to set some values in the virtualport
	that may or may not be used, depending on the type. To support this
	usage, this patch replaces the union of structs with toplevel fields
	in the struct, making it possible for all of the fields to be set at
	the same time.

	util: make return value of virUUIDFormat and virMacAddrFormat useful
	Both of these functions returned void, but it's convenient for them to
	return a const char* of the char* that is passed in. This was you can
	call the function and use the result in the same expression/arg.

2012-08-15  Eric Blake  <eblake@redhat.com>

	build: fix link error with appArmor
	Commit bb705e25 missed that the appArmor helper file also needs to
	resolve the new symbols dragged in by domain_conf.c.
	* src/Makefile.am (SECURITY_DRIVER_APPARMOR_HELPER_SOURCES): Pull
	in datatypes.c.

	maint: drop a leftover comment line
	* tests/viratomictest.c: Fix copy-and-paste bug.

2012-08-14  Dmitry Guryanov  <dguryanov@parallels.com>

	openvz: unlock virDomainObj objects in openvzOpen
	openvzOpen fucntion must leave unlocked virDomainObj objects in
	driver->domains.
	Now even simple commands like list or domain lookup hang,
	for example virsh -c openvz:///system list --all.

2012-08-14  Daniel P. Berrange  <berrange@redhat.com>

	Pull code which finds a free MCS label out into its own method
	The code for picking a MCS label is about to get significantly
	more complicated, so it deserves to be in a standlone method,
	instead of a switch/case body.

	Honour current user and role in SELinux label generation
	When generating an SELinux context for a VM from the template
	"system_u:system_r:svirt_t:s0", copy the role + user from the
	current process instead of the template context. So if the
	current process is
	   unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
	then the VM context ends up as
	  unconfined_u:unconfined_r:svirt_t:s0:c386,c703
	instead of
	   system_u:system_r:svirt_t:s0:c177,c424
	Ideally the /etc/selinux/targeted/contexts/virtual_domain_context
	file would have just shown the 'svirt_t' type, and not the full
	context, but that can't be changed now for compatibility reasons.

	Fix error reporting in virSecuritySELinuxGenNewContext
	The virSecuritySELinuxGenNewContext method was not reporting any
	errors, leaving it up to the caller to report a generic error.
	In addition it could potentially trigger a strdup(NULL) in an
	OOM scenario. Move all error reporting into the
	virSecuritySELinuxGenNewContext method where accurate info
	can be provided

	Use VIR_ERR_CONFIG_UNSUPPORTED if requested security driver is disabled
	There is currently no way to distinguish the case that a requested
	security driver was disabled, from the case where no security driver
	was available. Use VIR_ERR_CONFIG_UNSUPPORTED as the error when an
	explicitly requested security driver was disabled

	Add missing domain_conf.h include in security_manager.h
	The security_manager.h header is not self-contained because it
	uses the virDomainDefPtr without first including domain_conf.h

	Add virRandom() API to generate numbers with non-power-of-2 limit
	The current virRandomBits() API is only usable if the caller wants
	a random number in the range [0, n-1) where n is a power of two.
	This adds a virRandom() API which generates a double in the
	range [0.0,1.0) with 48 bits of entropy. It then also adds a
	virRandomInt(uint32_t max) API which generates an unsigned
	in the range [0,@max)

2012-08-14  Martin Kletzander  <mkletzan@redhat.com>

	util: typos in fallback code fo virDoubleToStr
	Fixes for some typos that somehow didn't get to the final push of the
	commit 43bfa23e6f968be9a8c134a4b5c3cfb6da3816d9.

2012-08-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix timebomb in LIBVIRT_VERSION_INFO calculation
	The way LIBVIRT_VERSION_INFO is calculated has a timebomb that
	will cause us to accidentally break soname when we change the
	major version number to a non-zero value !
	Given CURRENT:REVISION:AGE, libtool will generate
	   libvirt.so.($CURRENT-$AGE).$AGE.$REVISION
	We set CURRENT to be MAJOR+MINOR and AGE to $MINOR, so as
	soon as MAJOR changes to non-zero, we get libvirt.so.1
	as the soname, eg  1.3.9 would create libvirt.so.1.3.9
	Looks natural but is not ABI compatible with libvirt.so.0.x.y
	The fix is to set CURRENT to always be exactly the same
	as AGE. We want to have the major version reflected in
	the so symlinks though. So then we set AGE to MAJOR*1000+MINOR
	eg, so 1.3.9 would create libvirt.so.0.1003.9 and libvirt
	2.51.3 would create libvirt.so.0.2051.3

2012-08-14  Osier Yang  <jyang@redhat.com>

	Destroy virdomainlist.[ch]
	As the consensus in:
	https://www.redhat.com/archives/libvir-list/2012-July/msg01692.html,
	this patch is to destroy conf/virdomainlist.[ch], folding the
	helpers into conf/domain_conf.[ch].
	* src/Makefile.am:
	  - Various indention fixes incidentally
	  - Add macro DATATYPES_SOURCES (datatypes.[ch])
	  - Link datatypes.[ch] for libvirt_lxc
	* src/conf/domain_conf.c:
	  - Move all the stuffs from virdomainlist.c into it
	  - Use virUnrefDomain and virUnrefDomainSnapshot instead of
	    virDomainFree and virDomainSnapshotFree, which are defined
	    in libvirt.c, and we don't want to link to it.
	  - Remove "if" before "free" the object, as virObjectUnref
	    is in the list "useless_free_options".
	* src/conf/domain_conf.h:
	  - Move all the stuffs from virdomainlist.h into it
	  - s/LIST_FILTER/LIST_DOMAINS_FILTER/
	* src/libxl/libxl_driver.c:
	  - s/LIST_FILTER/LIST_DOMAINS_FILTER/
	  - no (include "virdomainlist.h")
	* src/libxl/libxl_driver.c: Likewise
	* src/lxc/lxc_driver.c: Likewise
	* src/openvz/openvz_driver.c: Likewise
	* src/parallels/parallels_driver.c: Likewise
	* src/qemu/qemu_driver.c: Likewise
	* src/test/test_driver.c: Likewise
	* src/uml/uml_driver.c: Likewise
	* src/vbox/vbox_tmpl.c: Likewise
	* src/vmware/vmware_driver.c: Likewise
	* tools/virsh-domain-monitor.c: Likewise
	* tools/virsh.c: Likewise

2012-08-14  Martin Kletzander  <mkletzan@redhat.com>

	json: fix interface locale dependency
	libvirt creates invalid commands if wrong locale is selected. For
	example with locale that uses comma as a decimal point, JSON commands
	created with decimal numbers are invalid because comma separates the
	entries in JSON. Fortunately even when decimal point is affected,
	thousands grouping is not, because for grouping to be enabled with
	*printf, there has to be an apostrophe flag specified (and supported).
	This patch adds specific internal function for converting doubles to
	strings with C locale.

2012-08-14  Ján Tomko  <jtomko@redhat.com>

	virsh: say save-image-edit failed only when it does
	The common code for editing files in virsh-edit.c expects EDIT_DEFINE to
	return 0 on failure. virDomainSaveImageDefineXML returns 0 on success.

2012-08-14  Asad Saeed  <asad.saeed@acidseed.com>

	sanlock: don't unlink lockspace if registration fails
	This is a patch for bug 847848
	If registering an existing lockspace with the sanlock daemon
	returns an error, libvirt should not proceed to unlink the lockspace.

2012-08-14  Cole Robinson  <crobinso@redhat.com>

	virsh: make 'help' command ignore spurious options
	Similar to the previous patch, prepending 'help' to a partial
	command string doesn't cut us any slack.
	$ virsh help pool-define-as --name foo --type dir
	error: command 'help' doesn't support option --name
	This patch adds a few hacks to make 'help' ignore everything after the
	first data bit, so the above command shows help output for pool-define-as.

	virsh: Convert '<cmd> --help' to 'help <cmd>'
	Often times I find myself halfway through typing a long command when
	I want to see 'help' output. I instinctively append '--help' to the
	command I'm typing, only to get an error:
	    $ virsh vol-create-as foo --help
	    error: command 'vol-create-as' doesn't support option --help
	This patch makes --help work in a pretty hacky way. One missing piece
	here is that --help isn't listed as an option in the actual 'help <cmd>'
	output, but maybe this can be a starting point for someone.

	virsh.c: Fix compiler warning
	For some reason I only get this after applying subsequent upcoming
	patches that touch virsh, but don't seem to actually cause the warning.
	virsh.c: In function ‘vshCommandParse’:
	virsh.c:2014:46: error: ‘opt_index’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
	cc1: all warnings being treated as errors

	build: Distribute check-symfile.pl
	Otherwise distcheck can fail with:
	  GEN      check-symfile
	  Can't open perl script "../../src/check-symfile.pl": No such file or directory
	  make[4]: *** [check-symfile] Error 2

2012-08-14  Eric Blake  <eblake@redhat.com>

	maint: add attribution for last patch
	* AUTHORS: Add Frido Roose.

2012-08-14  Frido Roose  <frido.roose@gmail.com>

	Release only specific sanlock resource
	This is a patch for bug 826704
	All sanlock resources get released when hot-dettaching a disk from the domain
	because virLockManagerSanlockRelease uses the wrong function parameters/flags.
	With the patch only the resources that should be released are cleaned up.

2012-08-11  Peter Krempa  <pkrempa@redhat.com>

	virterror: Add error message for unsupported operations.
	This patch introduces a new error code VIR_ERR_OPERATION_UNSUPPORTED to
	mark error messages regarding operations that failed due to lack of
	support on the hypervisor or other than libvirt issues.
	The code is first used in reporting error if qemu does not support block
	IO tuning variables yielding error message:
	error: Unable to get block I/O throttle parameters
	error: Operation not supported: block_io_throttle field
	'total_bytes_sec' missing in qemu's output
	instead of:
	error: Unable to get block I/O throttle parameters
	error: internal error cannot read total_bytes_sec

2012-08-11  Laine Stump  <laine@laine.org>

	build: fix binary location in stap files --with-driver-modules
	libvirt_qemu_probes.stp stopped working after switching to a build
	that used --with-driver-modules. This was because the symbols listed
	int libvirt_qemu_probes.stp are no longer in $(bindir)/libvirtd, but
	are now in $(libdir)/connection-driver/libvirt_driver_qemu.so.
	This patch enhances dtrace2systemtap.pl (which generates the .stp
	files from .d files) to look for a new "module" setting in the
	comments of the .d file (similar to the existing "binary" setting),
	and to look for a --with-modules option. If the --with-modules option
	is set *and* a "module" setting is present in the .d file, the process
	name for the stap line is set to
	   $libdir/$module
	If either of these isn't true, it reverts to the old behavior.
	src/Makefile.am was also modified to add the --with-modules option
	when the build calls for it, and src/libvirt_qemu_probes.d has added a
	"module" line pointing to the correct .so file for the qemu driver.

2012-08-10  Martin Kletzander  <mkletzan@redhat.com>

	docs/virsh: various minor fixes
	List:
	 - some old libvir/libvirt rename leftovers (the only problem can be
	   if somebody parses 'virsh version' output really badly)
	 - remove pointless tags specified in some pages that are not used

	docs: autogenerate search.php
	This patch makes search.php autogenerated from search.php.in, thus
	removing hardcoded menus, footer etc. and the search.php is added to
	.gitignore.
	There is new rule added for *.php files (to make it bit less
	hardcoded) that takes *.php.code.in and injects it inside the
	generated *.php (xslt was not happy about php code in the source xml).

	docs: fix 404 page when fetched from different location
	Error 404 page had relative paths specified for both the image and
	stylesheets which caused a problem when requested URL included a
	subfolder (e.g. http://libvirt.org/asdf/asdf ). This patch corrects
	this behaviour by modifying href_base to '/' (for style-sheets) and
	changing the src of the image (to be '/' always).

2012-08-10  Laine Stump  <laine@laine.org>

	nwfilter: fix crash during filter define when lxc driver failed startup
	The meat of this patch is just moving the calls to
	virNWFilterRegisterCallbackDriver from each hypervisor's "register"
	function into its "initialize" function. The rest is just code
	movement to allow that, and a new virNWFilterUnRegisterCallbackDriver
	function to undo what the register function does.
	The long explanation:
	There is an array in nwfilter called callbackDrvArray that has
	pointers to a table of functions for each hypervisor driver that are
	called by nwfilter. One of those function pointers is to a function
	that will lock the hypervisor driver. Entries are added to the table
	by calling each driver's "register" function, which happens quite
	early in libvirtd's startup.
	Sometime later, each driver's "initialize" function is called. This
	function allocates a driver object and stores a pointer to it in a
	static variable that was previously initialized to NULL. (and here's
	the important part...) If the "initialize" function fails, the driver
	object is freed, and that pointer set back to NULL (but the entry in
	nwfilter's callbackDrvArray is still there).
	When the "lock the driver" function mentioned above is called, it
	assumes that the driver was successfully loaded, so it blindly tries
	to call virMutexLock on "driver->lock".
	BUT, if the initialize never happened, or if it failed, "driver" is
	NULL. And it just happens that "lock" is always the first field in
	driver so it is also NULL.
	Boom.
	To fix this, the call to virNWFilterRegisterCallbackDriver for each
	driver shouldn't be called until the end of its (*already guaranteed
	successful*) "initialize" function, not during its "register" function
	(which is currently the case). This implies that there should also be
	a virNWFilterUnregisterCallbackDriver() function that is called in a
	driver's "shutdown" function (although in practice, that function is
	currently never called).

2012-08-10  Eric Blake  <eblake@redhat.com>

	build: fix PROBE() usage of intptr_t
	Otherwise, in locations like virobject.c where PROBE is used,
	for certain configure options, the compiler warns:
	util/virobject.c:110:1: error: 'intptr_t' undeclared (first use in this function)
	As long as we are making this header always available, we can
	clean up several other files.
	* src/internal.h (includes): Pull in <stdint.h>.
	* src/conf/nwfilter_conf.h: Rely on internal.h.
	* src/storage/storage_backend.c: Likewise.
	* src/storage/storage_backend.h: Likewise.
	* src/util/cgroup.c: Likewise.
	* src/util/sexpr.h: Likewise.
	* src/util/virhashcode.h: Likewise.
	* src/util/virnetdevvportprofile.h: Likewise.
	* src/util/virnetlink.h: Likewise.
	* src/util/virrandom.h: Likewise.
	* src/vbox/vbox_driver.c: Likewise.
	* src/xenapi/xenapi_driver.c: Likewise.
	* src/xenapi/xenapi_utils.c: Likewise.
	* src/xenapi/xenapi_utils.h: Likewise.
	* src/xenxs/xenxs_private.h: Likewise.
	* tests/storagebackendsheepdogtest.c: Likewise.

	build: fix author of previous commit
	Stefan's attribution came through with an extra 'n' in the email address.

2012-08-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Implement network driver
	An ESX server has one or more PhysicalNics that represent the actual
	hardware NICs. Those can be listed via the interface driver.
	A libvirt virtual network is mapped to a HostVirtualSwitch. On the
	physical side a HostVirtualSwitch can be connected to PhysicalNics.
	On the virtual side a HostVirtualSwitch has HostPortGroups that are
	mapped to libvirt virtual network's portgroups. Typically there is
	HostPortGroups named 'VM Network' that is used to connect virtual
	machines to a HostVirtualSwitch. A second HostPortGroup typically
	named 'Management Network' is used to connect the hypervisor itself
	to the HostVirtualSwitch. This one is not mapped to a libvirt virtual
	network's portgroup. There can be more HostPortGroups than those
	typical two on a HostVirtualSwitch.
	         +---------------+-------------------+
	   ...---|               |                   |   +-------------+
	         | HostPortGroup |                   |---| PhysicalNic |
	         |   VM Network  |                   |   |    vmnic0   |
	   ...---|               |                   |   +-------------+
	         +---------------+ HostVirtualSwitch |
	                         |     vSwitch0      |
	         +---------------+                   |
	         | HostPortGroup |                   |
	   ...---|   Management  |                   |
	         |    Network    |                   |
	         +---------------+-------------------+
	The virtual counterparts of the PhysicalNic is the HostVirtualNic for
	the hypervisor and the VirtualEthernetCard for the virtual machines
	that are grouped into HostPortGroups.
	   +---------------------+   +---------------+---...
	   | VirtualEthernetCard |---|               |
	   +---------------------+   | HostPortGroup |
	   +---------------------+   |   VM Network  |
	   | VirtualEthernetCard |---|               |
	   +---------------------+   +---------------+
	                                             |
	                             +---------------+
	   +---------------------+   | HostPortGroup |
	   |    HostVirtualNic   |---|   Management  |
	   +---------------------+   |    Network    |
	                             +---------------+---...
	The currently implemented network driver can list, define and undefine
	HostVirtualSwitches including HostPortGroups for virtual machines.
	Existing HostVirtualSwitches cannot be edited yet. This will be added
	in a followup patch.

	esx: Remove redundant checks for esxVI_LookupHostSystemProperties result
	esxVI_LookupHostSystemProperties guarantees that hostSystem is non-NULL.
	Remove redundant NULL checks from callers.
	Also prefer esxVI_GetStringValue over open-coding the logic.

	esx: Fix dynamic deep copy
	The static deep copy allocates storage for the copy. The dynamic
	version injected the dynamic dispatch after the allocation. This
	triggered the invalid argument check in the dynamically dispatched
	deep copy call. The deep copy function expects its dest parameter
	to be a pointer to a NULL-pointer. This expectation wasn't met due
	to the dispatching deep copy doing the allocation before the call.
	Fix this by dynamically dispatching to the correct type before the
	allocation.

	esx: Implement interface driver
	Lists available PhysicalNic devices. A PhysicalNic is always active
	and can neither be defined nor undefined.
	A PhysicalNic is used to bridge a HostVirtualSwitch to the physical
	network.

2012-08-10  Stefan Berger  <stefannb@linux.vnet.ibm.com>

	nwfilter: remove target table before renaming it
	Remove the target table before renaming a table to it, i.e.,
	remove table B before renaming A to B. This makes the
	renaming more robust against unconnected left-over tables.

2012-08-09  Daniel P. Berrange  <berrange@redhat.com>

	Add APIs for obtaining the unique ID of LVM & SCSI volumes
	Both LVM volumes and SCSI LUNs have a globally unique
	identifier associated with them. It is useful to be able
	to query this identifier to then perform disk locking,
	rather than try to figure out a stable pathname.

2012-08-09  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix debug message in p2p migration
	When entering "confirm" phase, we are interested in the value of
	cancelled rather then ret variable which was interesting before "finish"
	phase and didn't change since then.

	examples: Update strings for event details

	qemu: Migrate at unlimited speed by default
	Previously, qemu did not respond to monitor commands during migration if
	the limit was too high. This prevented us from raising the limit
	earlier. The qemu issue seems to be fixed (according to my testing) and
	we may remove the 32Mb/s limit.

2012-08-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor parsing of block device IO tuning parameters.
	This patch refactors the JSON parsing function that extracts the block
	IO tuning parameters from qemu's output. The most impacting change
	concerns the error message that is returned if the reply from qemu does
	not contain the needed data. The data for IO parameter tuning were added
	in qemu 1.1 and the previous error message was confusing.
	This patch also breaks long lines and extracts a multiple time used code
	pattern to a macro.

	remote: Clean up coding style and refactor remote connection opening
	Remove spaces before function calls and some other coding nits in some
	parts of the remote driver and refactor getting of URI argument
	components into variables used by libvirt later on.

2012-08-09  Peter Feiner  <peter@gridcentric.ca>

	Allow rbd backing stores
	Prevents libvirt from treating RBD backing stores as files. Without this
	patch, creating a domain with a qcow2 overlay on an RBD would fail.
	This patch essentially extends 9c7c4a4fc533598e59e9a0038ec783e61a38e664,
	which allows nbd backing stores, to allow rbd backing stores.

	Fix errno check, prevent spurious errors under heavy load
	From man poll(2), poll does not set errno=EAGAIN on interrupt, however
	it does set errno=EINTR. Have libvirt retry on the appropriate errno.
	Under heavy load, a program of mine kept getting libvirt errors 'poll on
	socket failed: Interrupted system call'. The signals were SIGCHLD from
	processes forked by threads unrelated to those using libvirt.

2012-08-08  Guannan Ren  <gren@redhat.com>

	qemu:rename qemuCheckScsiControllerModel function

	rpc: fix a virObject typo error in struct _virNetServer
	This typo will crash libvirtd when it recevies signal SIGINT

	qemu: add two qemu caps for lsi and virtio-scsi SCSI controllers
	Rename qemuDefaultScsiControllerModel to qemuCheckScsiControllerModel.
	When scsi model is given explicitly in XML(model > 0) checking if the
	underlying QEMU supports it or not first, raise an error on checking
	failure.
	When the model is not given(mode <= 0), return LSI by default, if
	the QEMU doesn't support it, raise an error.

	qemu: add capabilities flags related to scsi controller
	  QEMU_CAPS_SCSI_LSI
	    set the flag when "lsi53c895a", bus PCI, alias "lsi" in
	    the output of "qemu -device ?"
	    -device lsi in qemu command line
	  QEMU_CAPS_VIRTIO_SCSI_PCI
	    set the flag when "name "virtio-scsi-pci", bus PCI" in
	    the output of qemu devices query.
	    -device virtio-scsi-pci in qemu command line

2012-08-08  Laine Stump  <laine@laine.org>

	util: include stderr in log message when an external command fails
	This patch is in response to:
	  https://bugzilla.redhat.com/show_bug.cgi?id=818467
	If a caller to virCommandRun doesn't ask for the exitstatus of the
	program it's running, the virCommand functions assume that they should
	log an error message and return failure if the exit code isn't
	0. However, only the commandline and exit status are logged, while
	potentially useful information sent by the program to stderr is
	discarded.
	Fortunately, virCommandRun is already checking if the caller had asked
	for stderr to be saved and, if not, sets things up to save it in
	*cmd->errbuf. This makes it fairly simple for virCommandWait to
	include *cmd->errbuf in the error log (there are still other callers
	that don't setup errbuf, and even virCommandRun won't set it up if the
	command is being daemonized, so we have to check that it's non-zero).

2012-08-07  Daniel P. Berrange  <berrange@redhat.com>

	Set LIBVIRT_AUTOSTART=0 when running test suites
	Occasionally some test cases will (accidentally) try to spawn
	libvirtd. Set the LIBVIRT_AUTOSTART=0 environment variable to
	ensure the remote driver never tries autostart.

	Don't check the 'connect' command in virsh-all test
	The 'virsh-all' test case will invoke each virsh command with
	no args. With the 'connect' command this causes virsh to try
	to connect to the default URI, which in turn tries to spawn
	libvirtd. This is not something we want todo in the test suite,
	so skip the 'connect' command.

	Turn virNetClient* into virObject instances
	Make all the virNetClient* objects use virObject APIs for
	reference counting

	Turn virNetServer* into virObject instances
	Make all the virNetServer* objects use the virObject APIs
	for reference counting

	Turn virSocket into a virObject
	Make virSocket use the virObject APIs for reference counting

	Turn virKeepAlive into a virObject
	Make virKeepAlive use the virObject APIs for reference counting

	Turn virNetSASLContext and virNetSASLSession into virObject instances
	Make virNetSASLContext and virNetSASLSession use virObject APIs
	for reference counting

	Turn virNetTLSContext and virNetTLSSession into virObject instances
	Make virNetTLSContext and virNetTLSSession use the virObject
	APIs for reference counting

	Turn qemuAgentPtr and qemuMonitorPtr into virObjectPtr instances
	Make qemuAgentPtr and qemuMonitorPtr types use the virObject APIs
	for reference counting

	Turn virDomainObjPtr into a virObjectPtr
	Switch virDomainObjPtr to use the virObject APIs for reference
	counting. The main change is that virObjectUnref does not return
	the reference count, merely a bool indicating whether the object
	still has any refs left. Checking the return value is also not
	mandatory.

	Convert public datatypes to inherit from virObject
	This converts the following public API datatypes to use the
	virObject infrastructure:
	  virConnectPtr
	  virDomainPtr
	  virDomainSnapshotPtr
	  virInterfacePtr
	  virNetworkPtr
	  virNodeDevicePtr
	  virNWFilterPtr
	  virSecretPtr
	  virStreamPtr
	  virStorageVolPtr
	  virStoragePoolPtr
	The code is significantly simplified, since the mutex in the
	virConnectPtr object now only needs to be held when accessing
	the per-connection virError object instance. All other operations
	are completely lock free.
	* src/datatypes.c, src/datatypes.h, src/libvirt.c: Convert
	  public datatypes to use virObject
	* src/conf/domain_event.c, src/phyp/phyp_driver.c,
	  src/qemu/qemu_command.c, src/qemu/qemu_migration.c,
	  src/qemu/qemu_process.c, src/storage/storage_driver.c,
	  src/vbox/vbox_tmpl.c, src/xen/xend_internal.c,
	  tests/qemuxml2argvtest.c, tests/qemuxmlnstest.c,
	  tests/sexpr2xmltest.c, tests/xmconfigtest.c: Convert
	  to use virObjectUnref/virObjectRef

	Add a generic reference counted virObject type
	This introduces a fairly basic reference counted virObject type
	and an associated virClass type, that use atomic operations for
	ref counting.
	In a global initializer (recommended to be invoked using the
	virOnceInit API), a virClass type must be allocated for each
	object type. This requires a class name, a "dispose" callback
	which will be invoked to free memory associated with the object's
	fields, and the size in bytes of the object struct.
	eg,
	   virClassPtr  connclass = virClassNew("virConnect",
	                                        sizeof(virConnect),
	                                        virConnectDispose);
	The struct for the object, must include 'virObject' as its
	first member
	eg
	  struct _virConnect {
	    virObject object;
	    virURIPtr uri;
	  };
	The 'dispose' callback is only responsible for freeing
	fields in the object, not the object itself. eg a suitable
	impl for the above struct would be
	  void virConnectDispose(void *obj) {
	     virConnectPtr conn = obj;
	     virURIFree(conn->uri);
	  }
	There is no need to reset fields to 'NULL' or '0' in the
	dispose callback, since the entire object will be memset
	to 0, and the klass pointer & magic integer fields will
	be poisoned with 0xDEADBEEF before being free()d
	When creating an instance of an object, one needs simply
	pass the virClassPtr eg
	   virConnectPtr conn = virObjectNew(connclass);
	   if (!conn)
	      return NULL;
	   conn->uri = virURIParse("foo:///bar")
	Object references can be manipulated with
	   virObjectRef(conn)
	   virObjectUnref(conn)
	The latter returns a true value, if the object has been
	freed (ie its ref count hit zero)

2012-08-06  Richa Marwaha  <rmarwah@linux.vnet.ibm.com>

	apparmor: QEMU bridge helper policy updates
	This patch provides AppArmor policy updates for the QEMU bridge helper.
	The QEMU bridge helper is a SUID executable exec'd by QEMU that drops
	capabilities to CAP_NET_ADMIN and adds a tap device to a network bridge.

	Add -netdev bridge support
	This patch adds the support to run the QEMU network helper
	under unprivileged user. It also adds the support for
	attach-interface option in virsh to run under unprivileged
	user.

	Add -netdev bridge capabilities
	This patch adds the capability in libvirt to check if
	-netdev bridge option is supported or not.

2012-08-06  Eric Blake  <eblake@redhat.com>

	virrandom: make virRandomInitialize an automatic one-shot
	All callers used the same initialization seed (well, the new
	viratomictest forgot to look at getpid()); so we might as well
	make this value automatic.  And while it may feel like we are
	giving up functionality, I documented how to get it back in the
	unlikely case that you actually need to debug with a fixed
	pseudo-random sequence.  I left that crippled by default, so
	that a stray environment variable doesn't cause a lack of
	randomness to become a security issue.
	* src/util/virrandom.c (virRandomInitialize): Rename...
	(virRandomOnceInit): ...and make static, with one-shot call.
	Document how to do fixed-seed debugging.
	* src/util/virrandom.h (virRandomInitialize): Drop prototype.
	* src/libvirt_private.syms (virrandom.h): Don't export it.
	* src/libvirt.c (virInitialize): Adjust caller.
	* src/lxc/lxc_controller.c (main): Likewise.
	* src/security/virt-aa-helper.c (main): Likewise.
	* src/util/iohelper.c (main): Likewise.
	* tests/seclabeltest.c (main): Likewise.
	* tests/testutils.c (virtTestMain): Likewise.
	* tests/viratomictest.c (mymain): Likewise.

	build: drop conditional use of mdns code
	Commit 1f6f723 missed a step.  At first I was worried that scrubbing
	the conditionals would lead to a runtime failure when compiled without
	avahi, but my testing makes it appear that the runtime error will only
	occur if the .conf files in /etc request mdns advertisement; and the
	old behavior was to silently ignore the request, so this is actually
	a better behavior of only failing when the config requests the
	impossible.
	* src/rpc/virnetserver.c: Drop HAVE_AVAHI conditionals; all
	callers already passed NULL if mdns_adv was not configured.

2012-08-06  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Set reasonable RSS limit on domain startup
	If there's a memory leak in qemu or qemu is exploited the host's
	system will sooner or later start trashing instead of killing
	the bad process. This however has impact on performance and other
	guests as well. Therefore we should set a reasonable RSS limit
	even when user hasn't set any. It's better to be secure by default.

2012-08-06  Osier Yang  <jyang@redhat.com>

	virsh: Use vshPrint instead of printf

2012-08-04  Jim Fehlig  <jfehlig@suse.com>

	xen-xm: Generate UUID if not specified
	Parsing xen-xm format configuration will fail if UUID is not
	specified, e.g.
	virsh domxml-from-native xen-xm some-config-without-uuid
	error: internal error parsing xm config failed
	Initially I thought to skip parsing the UUID in xenParseXM() when
	not present in the configuration, but this results in a UUID of
	all zeros since it is never set
	virsh domxml-from-native xen-xm /tmp/jim/bug-773621_pierre-test
	<domain type='xen'>
	  <name>test</name>
	  <uuid>00000000-0000-0000-0000-000000000000</uuid>
	  ...
	which certainly can't be correct since this is the UUID the xen
	tools use for dom0.
	This patch takes the approach of generating a UUID when it is not
	specified in the configuration.

2012-08-04  Peter Krempa  <pkrempa@redhat.com>

	conf: Remove console stream callback only when freeing console helper
	Commit ba226d334acbc49f6751b430e0c4e00f69eef6bf tried to fix crash of
	the daemon when a domain with an open console was destroyed. The fix was
	wrong as it tried to remove the callback also when the stream was
	aborted, where at that point the fd stream driver was already freed and
	removed.
	This patch clears the callbacks with a helper right before the hash is
	freed, so that it doesn't interfere with other codepaths where the
	stream object is freed.

	client: Free message when freeing client
	The last message of the client was not freed leaking 4 bytes of memory
	in the client when the remote daemon crashed while processing a message.

2012-08-04  Ata E Husain Bohra  <ata.husain@hotmail.com>

	ESX: Add "Byte" datatype
	Append "Byte" to set of predefined datatype objects.

2012-08-04  Eric Blake  <eblake@redhat.com>

	parallels: translate error message
	Without this patch, the English phrase 'no name' would appear
	literally within the remaining translated message.
	* src/parallels/parallels_driver.c (parallelsCreateVm)
	(parallelsDomainDefineXML): Tweak error message.

2012-08-03  Laine Stump  <laine@laine.org>

	build: fix "make rpm"
	make rpm was failing with the following error:
	Entering directory `/home/laine/devel/libvirt/tests'
	make[2]: *** No rule to make target `viratomicdata.h',
	             needed by `distdir'.  Stop.
	viratomicdata.h is listed in tests/Makefile.am as a dependency of
	viratomictest, but doesn't exist, is never referenced, and removing
	that dependency permits make rpm to complete successfully.

2012-08-03  Daniel P. Berrange  <berrange@redhat.com>

	Export virUUIDIsValid to libvirt internal code

	Fix typo s/AM_CLFAGS/AM_CFLAGS/ in sanlock link

2012-08-03  Peter Krempa  <pkrempa@redhat.com>

	virsh: console: Avoid using stream after being freed.
	The stream object wasn't set to NULL after freeing causing a double free
	attempt on the cleanup path.

	remote: Fill snapshot argument in remoteDomainSnapshotListAllChildren
	The remote driver did not fill the required snapshot parent argument in
	the RPC call structure that caused a client crash when trying to use
	this new API.

2012-08-03  Osier Yang  <jyang@redhat.com>

	qemu: Allow to attach/detach controller device persistently
	* src/conf/domain_conf.c:
	  - Add virDomainControllerFind to find controller device by type
	    and index.
	  - Add virDomainControllerRemove to remove the controller device
	    from maintained controler list.
	* src/conf/domain_conf.h:
	  - Declare the two new helpers.
	* src/libvirt_private.syms:
	  - Expose private symbols for the two new helpers.
	* src/qemu/qemu_driver.c:
	  - Support attach/detach controller device persistently
	* src/qemu/qemu_hotplug.c:
	  - Use the two helpers to simplify the codes.

2012-08-03  Hendrik Schwartke  <hendrik@os-t.de>

	Added timestamps to storage volumes
	The access, birth, modification and change times are added to
	storage volumes and corresponding xml representations.  This
	shows up in the XML in this format:
	<timestamps>
	  <atime>1341933637.027319099</atime>
	  <mtime>1341933637.027319099</mtime>
	</timestamps>

2012-08-03  Ján Tomko  <jtomko@redhat.com>

	Update xml schemas according to libvirt source
	capability.rng: Guest features can be in any order.
	nodedev.rng: Added <driver> element, <capability> phys_function and
	virt_functions for PCI devices.
	storagepool.rng: Owner or group ID can be -1.
	schema tests: New capabilities and nodedev files; changed owner and
	group to -1 in pool-dir.xml.
	storage_conf: Print uid_t and gid_t as signed to storage pool XML.

2012-08-03  Eric Blake  <eblake@redhat.com>

	build: add stubs so mdns code can be unconditionally compiled
	The recent changes to the testsuite to validate exported symbols
	flushed out a case of unconditionally exporting symbols that
	were only conditionally compiled under HAVE_AVAHI.
	* src/Makefile.am (libvirt_net_rpc_server_la_SOURCES): Compile
	virnetservermdns unconditionally.
	* configure.ac (HAVE_AVAHI): Drop unused automake conditional.
	* src/rpc/virnetservermdns.c: Add fallbacks when Avahi is not
	present.

2012-08-03  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Switch to close callback
	Since we've introduced close callbacks we can drop this SIGINT magic
	(which doesn't work now neither) and fully utilize the new feature.

2012-08-02  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Fix typo in qemuDomainModifyDeviceFlags
	One of our latest commits fbe87126 introduced this nasty typo:
	func(vmdef, ...); where func() dereference vmdef->ncontrollers,
	and vmdef was initialized to NULL. This leaves us with unconditional
	immediate segfault. It should be vm->def instead.

2012-08-02  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Portable auto-detection of driver module directory
	When running libvirtd from a build directory on a system with unmodified
	libtool, libvirtd's binary is not renamed as "lt-libvirtd". Check for
	"/daemon/.libs/libvirtd" in addition to "lt-libvirtd".

	build: Rename security manager library
	Security manager is not a dynamically loadable driver. Let's avoid the
	confusion by renaming libvirt_driver_security library as
	libvirt_security_manager.

	build: Link security manager into libvirt.so
	Security manager is not a dynamically loadable driver, it's a common
	infrastructure similar to util, conf, cpu, etc. used by individual
	drivers. Such code is allowed to be linked into libvirt.so.
	This reverts commit ec5b7bd2ecbf40ceff5b2d4fc00d5cfdfba966a4 and most of
	aae5cfb69948fddef556f8f5b9f80a444f9c6125.
	This patch is supposed to fix virdrivermoduletest failures for qemu and
	lxc drivers as well as libvirtd's ability to load qemu and lxc drivers.

2012-08-02  Daniel P. Berrange  <berrange@redhat.com>

	Avoid clash of base64 symbols
	On Debian/Ubuntu, one of the libraries libvirt (indirectly) links
	with exports a symbol named 'base64_encode'. This takes precedence
	over GNULIB's base64_encode function during linking. Unfortunately
	they of course have different API semantics. To avoid this problem
	use a few #defines in config.h to rename the GNULIB provided
	function to have a 'libvirt_gl_' prefix

2012-08-02  Eric Blake  <eblake@redhat.com>

	build: commit to 0.10.0 release naming
	With 0.10.0-rc0 out the door, we are committed to the next version
	number.
	* src/libvirt_public.syms (LIBVIRT_0.9.14): Rename...
	(LIBVIRT_0.10.0): ...to this.
	* docs/formatdomain.html.in: Fix fallout.
	* src/openvz/openvz_driver.c (openvzDriver): Likewise.
	* src/remote/remote_driver.c (remote_driver): Likewise.

2012-08-02  Daniel P. Berrange  <berrange@redhat.com>

	Remove unused uuidstr variable from datatypes.c
	Several APIs in src/datatypes.c were formatting an UUID to a
	uuidstr variable and then not using it.

	Rewrite virAtomic APIs using GLib's atomic ops code
	There are a few issues with the current virAtomic APIs
	 - They require use of a virAtomicInt struct instead of a plain
	   int type
	 - Several of the methods do not implement memory barriers
	 - The methods do not implement compiler re-ordering barriers
	 - There is no Win32 native impl
	The GLib library has a nice LGPLv2+ licensed impl of atomic
	ops that works with GCC, Win32, or pthreads.h that addresses
	all these problems. The main downside to their code is that
	the pthreads impl uses a single global mutex, instead of
	a per-variable mutex. Given that it does have a Win32 impl
	though, we don't expect anyone to seriously use the pthread.h
	impl, so this downside is not significant.
	* .gitignore: Ignore test case
	* configure.ac: Check for which atomic ops impl to use
	* src/Makefile.am: Add viratomic.c
	* src/nwfilter/nwfilter_dhcpsnoop.c: Switch to new atomic
	  ops APIs and plain int datatype
	* src/util/viratomic.h: inline impls of all atomic ops
	  for GCC, Win32 and pthreads
	* src/util/viratomic.c: Global pthreads mutex for atomic
	  ops
	* tests/viratomictest.c: Test validate to validate safety
	  of atomic ops.

	Remove manual one-shot global initializers
	Remove the use of a manually run virLogStartup and
	virNodeSuspendInitialize methods. Instead make sure they
	are automatically run using VIR_ONCE_GLOBAL_INIT

2012-08-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add support for "none" USB controller
	This patch enables the "none" USB controller for qemu guests and adds
	valdiation on hot-plugged devices if the guest has USB disabled.
	This patch also adds a set of tests to check parsing of domain XMLs that
	use the "none" controller and some forbidden situations concerning it.

	domain_conf: Add helpers to verify if device configuration is valid
	This patch adds helpers that validate domain's device configuration.
	This will be needed later on to verify devices being hot-plugged to
	guests. If the guest has no USB bus, then it's not valid to plug a USB
	device to that guest.

	domain_conf: Add USB controler model "none"
	Libvirt adds a USB controller to the guest even if the user does not
	specify any in the XML. This is due to back-compat reasons.
	To allow disabling USB for a guest this patch adds a new USB controller
	type "none" that disables USB support for the guest.

2012-08-02  Osier Yang  <jyang@redhat.com>

	Fix indentions
	Some of the macros use tab, while the left use spaces, this patch
	change it to always use the spaces. And a few aligning fixes.

2012-08-02  Guannan Ren  <gren@redhat.com>

	storage: netfs and iscsi need option srcSpec for resource discovery
	The option 'srcSpec' to virsh command find-storage-pool-sources
	is optional for logical type of storage pool, but mandatory for
	netfs and iscsi type.
	When missing the option for netfs and iscsi, libvirt reports XML
	parsing error due to null string option srcSpec.
	before
	error: Failed to find any netfs pool sources
	error: (storage_source_specification):1: Document is empty
	(null)
	after:
	error: pool type 'iscsi' requires option --srcSpec for source discovery

2012-08-02  Gerd v. Egidy  <lists@egidy.de>

	maint: consolidate AUTHOR listings for Gerd von Egidy

2012-08-01  Michal Privoznik  <mprivozn@redhat.com>

	gitignore: Reorder alphabetically
	One of our latest patches added some files to .gitignore. However,
	not in the right place leaving the file not sorted. Since my git
	is set up to sort these files contents, fix this issue as it keeps
	showing up in git status.

2012-08-01  Jiri Denemark  <jdenemar@redhat.com>

	spec: Remove extra () with return statement

	build: Link security driver into daemon
	Commit aae5cfb69948fddef556f8f5b9f80a444f9c6125 removed security driver
	from libvirt_la but forgot to link it into libvirtd in case libvirt is
	built without modules.

2012-08-01  Daniel Veillard  <veillard@redhat.com>

	Fix rpm build failures
	The 'make check' was rebuilding the binaries just overrided,
	so for more safety also override the C program
	Also daemon-conf isn't built anymore so remove it from the list

	Add missing parallels_utils.h to Makefile.am
	Otherwise the file is missing from the dist tarball and distcheck fails

2012-08-01  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: implement VM creation
	To create a new VM in Parallels Clud Server we should issue
	"prlctl create" command, and give path to the directory,
	where VM should be created. VM's storage will be in that
	directory later. So in this first version find out location
	of first VM's hard disk and create VM there.

	parallels: add storage driver
	Parallels Cloud Server has one serious discrepancy with libvirt:
	libvirt stores domain configuration files in one place, and storage
	files in other places (with the API of storage pools and storage volumes).
	Parallels Cloud Server stores all domain data in a single directory,
	for example, you may have domain with name fedora-15, which will be
	located in '/var/parallels/fedora-15.pvm', and it's hard disk image will be
	in '/var/parallels/fedora-15.pvm/harddisk1.hdd'.
	I've decided to create storage driver, which produces pseudo-volumes
	(xml files with volume description), and they will be 'converted' to
	real disk images after attaching to a VM.
	So if someone creates VM with one hard disk using virt-manager,
	at first virt-manager creates a new volume, and then defines a
	domain. We can lookup a volume by path in XML domain definition
	and find out location of new domain and size of its hard disk.

	parallels: implement virDomainDefineXML operation for existing domains
	Add parallelsDomainDefineXML function, it works only for existing
	domains for the present.
	It's too hard to convert libvirt's XML domain configuration into
	Parallel's one, so I've decided to compare virDomainDef structures:
	current domain definition and the one created from XML, given to
	the function. And change only different parameters.
	Currently only name, description, number of cpus, memory amount
	and video memory can be changed.
	Video device and console added, because libvirt supposes that
	VM must always have one video device, if there are some
	graphics and one console.

	parallels: add support of VNC remote display
	Add support for reading VNC parameters of the VM.

	parallels: get info about serial ports
	Add support of collecting information about serial
	ports. This change is needed mostly as an example,
	support of other devices will be added later.

	parallels: implement functions for domain life cycle management
	Add functions for create/shutdown/destroy and suspend/resume domain.

	parallels: add functions to list domains and get info
	Parallels driver is 'stateless', like vmware or openvz drivers.
	It collects information about domains during startup using
	command-line utility prlctl. VMs in Parallels are identified by UUIDs
	or unique names, which can be used as respective fields in
	virDomainDef structure. Currently only basic info, like
	description, virtual cpus number and memory amount, is implemented.
	Querying devices information will be added in the next patches.
	Parallels doesn't support non-persistent domains - you can't run
	a domain having only disk image, it must always be registered
	in system.
	Functions for querying domain info have been just copied from
	test driver with some changes - they extract needed data from
	previously created list of virDomainObj objects.

	add function virCommandNewVAList
	Add function virCommandNewVAList which is equivalent to the
	virCommandNewArgList but with va_list instead of a variable number
	of arguments.

	parallels: add driver skeleton
	Parallels Cloud Server is a cloud-ready virtualization
	solution that allows users to simultaneously run multiple virtual
	machines and containers on the same physical server.
	More information can be found here: http://www.parallels.com/products/pcs/
	Also beta version of Parallels Cloud Server can be downloaded there.

2012-08-01  Marc-André Lureau  <marcandre.lureau@gmail.com>

	qemu: syntax fix
	Pushed without ack, under the trivial rule.

2012-08-01  Daniel P. Berrange  <berrange@redhat.com>

	Only perform symbol check against libvirt.so
	The 'check-symfile' test case was checking the contents of
	libvirt.syms against libvirt.so + all of libvirt_driver_XXX.so
	This was in fact bogus - libvirt.syms should only refer to
	stuff in libvirt.so, but it had some symbols from the various
	driver modules in it too. Now that libvirt.syms has been
	fixed, the check-symfile test can be simplified to only
	consider libvirt.so

	Don't link nwfilter or secrets driver to libvirt.so
	The nwfilter and secrets drivers are both stateful and are already
	linked directly to libvirtd. Linking them to libvirt.so is thus
	wrong, likewise exporting their symbols in libvirt.so is wrong

	Remove bogus libvirt_network.syms file
	The network driver is stateful, so it is linked directly to libvirtd,
	rather than libvirt.so. Thus there are no network symbols to be exported
	in libvirt.so, and libvirt_network.syms can be deleted

2012-07-31  Eric Blake  <eblake@redhat.com>

	qemu: fix use after free
	Detected by Coverity.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachHostDevice): Avoid
	double free of usb on failure.

2012-07-31  Jiri Denemark  <jdenemar@redhat.com>

	build: Don't export xenLinuxDomainBlockStats symbol
	The symbol is only used within Xen driver.

2012-07-31  Guannan Ren  <gren@redhat.com>

	build: distribute virsh related source files
	In virsh.c, it includes multiple virsh source files, we need
	to have them distributed.

2012-07-31  Eric Blake  <eblake@redhat.com>

	build: fix build without HAVE_CAPNG
	Otherwise, a build may fail with:
	lxc/lxc_conatiner.c: In function 'lxcContainerDropCapabilities':
	lxc/lxc_container.c:1662:46: error: unused parameter 'keepReboot' [-Werror=unused-parameter]
	* src/lxc/lxc_container.c (lxcContainerDropCapabilities): Mark
	parameter unused.

2012-07-31  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Fix crash in virTypedParameterArrayClear
	Daemon uses the following pattern when dispatching APIs with typed
	parameters:
	    VIR_ALLOC_N(params, nparams);
	    virDomain*(dom, params, &nparams, flags);
	    virTypedParameterArrayClear(params, nparams);
	In case nparams was originally set to 0, virDomain* API would fill it
	with the number of typed parameters it can provide and we would use this
	number (rather than zero) to clear params. Because VIR_ALLOC* returns
	non-NULL pointer even if size is 0, the code would end up walking
	through random memory. If we were lucky enough and the memory contained
	7 (VIR_TYPED_PARAM_STRING) at the right place, we would try to free a
	random pointer and crash.
	Let's make sure params stays NULL when nparams is 0.

2012-07-30  Peter Krempa  <pkrempa@redhat.com>

	conf: Remove callback from stream when freeing entries in console hash
	When a domain has a active console connection and is destroyed the
	callback is called on private data that no longer exist causing a
	segfault.

	conf: Remove dead code from virConsoleOpen()

	python: Don't generate bodies for close callback functions
	Commit 6ed5a1b9bd6240b8f2736790e48dd1c284c2e0e1 adds close callback
	functions to the public API but doesn't add python implementation. This
	patch sets the function to be written manually (to fix the build), but
	doesn't implement them yet.

2012-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Improve error message in LXC startup with network is not active
	If an LXC container is using a virtual network and that network
	is not active, currently the user gets a rather unhelpful
	error message about tap device setup failure. Add an explicit
	check for whether the network is active, in exactly the same
	way as the QEMU driver

	Remove tabs from all perl files & enforce this
	The cfg.mk file rule to check for tab characters was not
	applied to perl files. Much of our Perl code is full of
	tabs as a result. Kill them, kill them all !

	Add handling for reboots of LXC containers
	The reboot() syscall is allowed by new kernels for LXC containers.
	The LXC controller can detect whether a reboot was requested
	(instead of a normal shutdown) by looking at the "init" process
	exit status. If a reboot was triggered, the exit status will
	record SIGHUP as the kill reason.
	The LXC controller has cleared all its capabilities, and the
	veth network devices will no longer exist at this time. Thus
	it cannot restart the container init process itself. Instead
	it emits an event which is picked up by the LXC driver in
	libvirtd. This will then re-create the container, using the
	same configuration as it was previously running with (ie it
	will not activate 'newDef').

	Allow CAP_SYS_REBOOT on new enough kernels
	Check whether the reboot() system call is virtualized, and if
	it is, then allow the container to keep CAP_SYS_REBOOT.
	Based on an original patch by Serge Hallyn

	Run an RPC protocol over the LXC controller monitor
	This defines a new RPC protocol to be used between the LXC
	controller and the libvirtd LXC driver. There is only a
	single RPC message defined thus far, an asynchronous "EXIT"
	event that is emitted just before the LXC controller process
	exits. This provides the LXC driver with details about how
	the container shutdown - normally, or abnormally (crashed),
	thus allowing the driver to emit better libvirt events.
	Emitting the event in the LXC controller requires a few
	little tricks with the RPC service. Simply calling the
	virNetServiceClientSendMessage does not work, since this
	merely queues the message for asynchronous processing.
	In addition the main event loop is no longer running at
	the point the event is emitted, so no I/O is processed.
	Thus after invoking virNetServiceClientSendMessage it is
	necessary to mark the client as being in "delayed close"
	mode. Then the event loop is run again, until the client
	completes its close - this happens only after the queued
	message has been fully transmitted. The final complexity
	is that it is not safe to run virNetServerQuit() from the
	client close callback, since that is invoked from a
	context where the server is locked. Thus a zero-second
	timer is used to trigger shutdown of the event loop,
	causing the controller to finally exit.
	* src/Makefile.am: Add rules for generating RPC protocol
	  files and dispatch methods
	* src/lxc/lxc_controller.c: Emit an RPC event immediately
	  before exiting
	* src/lxc/lxc_domain.h: Record the shutdown reason
	  given by the controller
	* src/lxc/lxc_monitor.c, src/lxc/lxc_monitor.h: Register
	  RPC program and event handler. Add callback to let
	  driver receive EXIT event.
	* src/lxc/lxc_process.c: Use monitor exit event to decide
	  what kind of domain event to emit
	* src/lxc/lxc_protocol.x: Define wire protocol for LXC
	  controller monitor.

	Make RPC code generator a little more flexible
	Update the gendispatch.pl script to get a little closer to
	being able to generate code for the LXC monitor, by passing
	in the struct prefix separately from the procedure prefix.
	Also allow method names using virCapitalLetters instead
	of vir_underscore_separator

	Move LXC monitor code out into separate file
	Move the code that handles the LXC monitor out of the
	lxc_process.c file and into lxc_monitor.{c,h}

	Convert the LXC driver to use virNetClient
	Update the LXC driver to use the virNetClient APIs for
	connecting to the libvirt_lxc monitor, instead of the
	low-level socket APIs. This is a step towards running
	a full RPC protocol with libvirt_lxc

	Replace use of lxcError with virReportError
	Update all LXC code to use virReportError instead of the custom
	lxcError macro

	Rename lxc_driver_t to virLXCDriver
	Rename the lxc_driver_t struct typedef to virLXCDriver to more
	closely follow normal libvirt naming conventions

	Rename all APIs in lxc_domain.c to have a virLXCDomain prefix
	For consistency all the APIs in the lxc_domain.c file should
	have a virLXCDomain prefix in their name

	Rename all APIs in lxc_process.c to have a virLXCProcess prefix
	For consistency all the APIs in the lxc_process.c file should
	have a virLXCProcess prefix in their name

	Process all pending I/O for a RPC client before checking EOF
	In the socket event handler for the RPC client we must deal
	with read/write events, before checking for EOF, otherwise
	we might close the socket before we've read & acted upon the
	last RPC messages

	Extend events demo to show close callbacks in use
	Use a driver close callback to trigger shutdown of the
	events demo program

	Update remote driver to support the connection close callbacks
	Update the remote driver to use the virNetClient close callback
	to trigger the virConnectPtr close callbacks

	Add callback to virNetClient to be invoked on connection close
	Allow detection of socket close in virNetClient via a callback
	function, triggered on any condition that causes the socket to
	be closed.

	Ensure client is marked for close in all error paths
	Currently if the keepalive timer triggers, the 'markClose'
	flag is set on the virNetClient. A controlled shutdown will
	then be performed. If an I/O error occurs during read or
	write of the connection an error is raised back to the
	caller, but the connection isn't marked for close. This
	patch ensures that all I/O error scenarios always result
	in the connection being marked for close.

	Add public API to register a callback to be invoked on connection close
	Define new virConnect{Register,Unregister}CloseCallback() public APIs
	which allows registering/unregistering a callback to be invoked when
	the connection to a hypervisor is closed. The callback is provided
	with the reason for the close, which may be 'error', 'eof', 'client'
	or 'keepalive'.

2012-07-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Improve error reporting for unknown VI types
	Print the actual unknown type name instead of <other> for AnyType objects.

2012-07-28  Jiri Denemark  <jdenemar@redhat.com>

	security: Skip labeling resources when seclabel defaults to none
	If a domain is explicitly configured with <seclabel type="none"/> we
	correctly ensure that no labeling will be done by setting
	norelabel=true. However, if no seclabel element is present in domain XML
	and hypervisor is configured not to confine domains by default, we only
	set type to "none" without turning off relabeling. Thus if such a domain
	is being started, security driver wants to relabel resources with
	default label, which doesn't make any sense.
	Moreover, with SELinux security driver, the generated image label lacks
	"s0" sensitivity, which causes setfilecon() fail with EINVAL in
	enforcing mode.

2012-07-27  Eric Blake  <eblake@redhat.com>

	maint: regenerate bootstrap
	Commit 3ad13c92a7 blindly touched all files to have a 3-line
	hint for getting LGPL, but bootstrap is synced from gnulib where
	it has a 2-line hint.
	* bootstrap: Resync from gnulib.

2012-07-27  Gerd v. Egidy  <lists@egidy.de>

	libvirt-guests: systemd host shutdown does not work
	I originally postet this into the Fedora bugzilla
	https://bugzilla.redhat.com/show_bug.cgi?id=843836
	Currently gracefully shutting down guest vms on host shutdown does not work on
	Fedora 17, the guests are killed hard on system shutdown.
	The reason is systemd considers libvirt-guests.service to be stopped when the
	system is running:
	$ systemctl status libvirt-guests.service
	libvirt-guests.service - Suspend Active Libvirt Guests
	          Loaded: loaded (/usr/lib/systemd/system/libvirt-guests.service;
	enabled)
	          Active: deactivating (stop) since Fri, 27 Jul 2012 15:47:31 +0200;
	2min 48s ago
	         Process: 1085 ExecStart=/etc/init.d/libvirt-guests start
	(code=exited, status=0/SUCCESS)
	         Control: 1150 (libvirt-guests)
	          CGroup: name=systemd:/system/libvirt-guests.service
	                  └ control
	                    ├ 1150 /bin/sh /etc/init.d/libvirt-guests stop
	                    └ 2257 sleep 1
	libvirt-guests.service is defined as type "simple" in systemd (the default).
	That means systemd will shut down the service when the start executable is
	terminated after starting is done. Systemd will not call stop again on system
	shutdown because it thinks it is already stopped.
	The solution is to define it as type "oneshot" and set the flag
	"RemainAfterExit". Then systemd will consider the service as active after
	startup and will call the stop function on host shutdown.

2012-07-27  Peter Krempa  <pkrempa@redhat.com>

	lib: Revert removing of Summary and Description fields in headers
	Those fields are used by the apibuild script to create documentation.
	This commit partialy reverts a4bcefbcff01c9cdc257127df376929cd80304b1.

	docs: Add method to print warnings in docBuilder class
	The method was not existing and did not allow to diagnose problems.

2012-07-27  Eric Blake  <eblake@redhat.com>

	maint: avoid regression on copyright listings
	Commit f9ce7dad6 tried to kill uses of a raw street address, but
	missed a few instances.  Automate things so we don't introduce
	new problems in the future.
	* cfg.mk (sc_copyright_address): New rule.
	(exclude_file_name_regexp--sc_copyright_address): Add exemption.
	* bootstrap.conf: Adjust offenders.
	* build-aux/augeas-gentest.pl: Likewise.
	* examples/systemtap/events.stp: Likewise.
	* examples/systemtap/qemu-monitor.stp: Likewise.
	* examples/systemtap/rpc-monitor.stp: Likewise.
	* src/dtrace2systemtap.pl: Likewise.
	* src/esx/esx_vi_generator.py: Likewise.
	* src/hyperv/hyperv_wmi_generator.py: Likewise.
	* src/remote/qemu_protocol.x: Likewise.
	* src/remote/remote_protocol.x: Likewise.
	* src/rpc/gensystemtap.pl: Likewise.
	* src/rpc/virnetprotocol.x: Likewise.
	* tests/object-locking.ml: Likewise.
	* tools/virt-xml-validate.in: Likewise.

2012-07-27  Osier Yang  <jyang@redhat.com>

	maint: Use consistent copyright.
	This is a follow up patch of commit f9ce7dad6, it modifies all
	the files which declare the copyright like "See COPYING.LIB for
	the License of this software" to use the detailed/consistent one.
	And deserts the outdated comments like:
	 * libvirt-qemu.h:
	 * Summary: qemu specific interfaces
	 * Description: Provides the interfaces of the libvirt library to handle
	 *              qemu specific methods
	 *
	 * Copy:  Copyright (C) 2010, 2012 Red Hat, Inc.
	Uses the more compact style like:
	 * libvirt-qemu.h: Interfaces specific for QEMU/KVM driver
	 *
	 * Copyright (C) 2010, 2012 Red Hat, Inc.

2012-07-27  Daniel P. Berrange  <berrange@redhat.com>

	Add a test case that checks there are no bogus entries in .syms
	During refactoring of code, it has proved common to forget to
	remove old symbols from the .syms file. While the Win32 linker
	will complain about this, the Linux ELF linker does not. The
	new test case validates that every symbol listed in the .syms
	file actually exists in the built ELF libraries.

	Remove accidentally commited virNetClientSetEOFNotify symbol
	The virNetClientSetEOFNotify symbol was accidentally added to
	the libvirt_private.syms file due to an out-of-order cherry-pick

	Remove two non-existant NWFilter driver symbols from .syms
	virNWFilterGetIpAddrForIfname and virNWFilterDelIpAddrForIfname
	do not exist, so remove them from libvirt_nwfilter.syms

2012-07-27  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix error resetting on fallback paths
	On some fallback paths in virsh, error reported by the previously failed
	API is cleared by virResetLastError() that doesn't free error stored by
	virsh. This patch changes this to clear it using vshResetLibvirtError().

	virsh: Refactor error clearing on graceful fallback paths
	Virsh uses an error handler to save errors from libvirt. On some code
	paths it's needed to clear libvirt errors and continue on fallback code
	paths without reporting failure.
	This patch adds function vshResetLibvirtError() that clears error
	returned by libvirt and updates all places where the old two-line method
	was used.

2012-07-27  Eric Blake  <eblake@redhat.com>

	maint: don't permit format strings without %
	Any time we have a string with no % passed through gettext, a
	translator can inject a % to cause a stack overread.  When there
	is nothing to format, it's easier to ask for a string that cannot
	be used as a formatter, by using a trivial "%s" format instead.
	In the past, we have used --disable-nls to catch some of the
	offenders, but that doesn't get run very often, and many more
	uses have crept in.  Syntax check to the rescue!
	The syntax check can catch uses such as
	virReportError(code,
	               _("split "
	                 "string"));
	by using a sed script to fold context lines into one pattern
	space before checking for a string without %.
	This patch is just mechanical insertion of %s; there are probably
	several messages touched by this patch where we would be better
	off giving the user more information than a fixed string.
	* cfg.mk (sc_prohibit_diagnostic_without_format): New rule.
	* src/datatypes.c (virUnrefConnect, virGetDomain)
	(virUnrefDomain, virGetNetwork, virUnrefNetwork, virGetInterface)
	(virUnrefInterface, virGetStoragePool, virUnrefStoragePool)
	(virGetStorageVol, virUnrefStorageVol, virGetNodeDevice)
	(virGetSecret, virUnrefSecret, virGetNWFilter, virUnrefNWFilter)
	(virGetDomainSnapshot, virUnrefDomainSnapshot): Add %s wrapper.
	* src/lxc/lxc_driver.c (lxcDomainSetBlkioParameters)
	(lxcDomainGetBlkioParameters): Likewise.
	* src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML)
	(virDomainDiskDefParseXML, virDomainGraphicsDefParseXML):
	Likewise.
	* src/conf/network_conf.c (virNetworkDNSHostsDefParseXML)
	(virNetworkDefParseXML): Likewise.
	* src/conf/nwfilter_conf.c (virNWFilterIsValidChainName):
	Likewise.
	* src/conf/nwfilter_params.c (virNWFilterVarValueCreateSimple)
	(virNWFilterVarAccessParse): Likewise.
	* src/libvirt.c (virDomainSave, virDomainSaveFlags)
	(virDomainRestore, virDomainRestoreFlags)
	(virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML)
	(virDomainCoreDump, virDomainGetXMLDesc)
	(virDomainMigrateVersion1, virDomainMigrateVersion2)
	(virDomainMigrateVersion3, virDomainMigrate, virDomainMigrate2)
	(virStreamSendAll, virStreamRecvAll)
	(virDomainSnapshotGetXMLDesc): Likewise.
	* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel)
	(virNWFilterDHCPSnoopReq): Likewise.
	* src/openvz/openvz_driver.c (openvzUpdateDevice): Likewise.
	* src/openvz/openvz_util.c (openvzKBPerPages): Likewise.
	* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Likewise.
	* src/qemu/qemu_command.c (qemuBuildHubDevStr, qemuBuildChrChardevStr)
	(qemuBuildCommandLine): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
	* src/rpc/virnetsaslcontext.c (virNetSASLSessionGetIdentity):
	Likewise.
	* src/rpc/virnetsocket.c (virNetSocketNewConnectUNIX)
	(virNetSocketSendFD, virNetSocketRecvFD): Likewise.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskBuildPool): Likewise.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemProbe)
	(virStorageBackendFileSystemBuild): Likewise.
	* src/storage/storage_backend_rbd.c
	(virStorageBackendRBDOpenRADOSConn): Likewise.
	* src/storage/storage_driver.c (storageVolumeResize): Likewise.
	* src/test/test_driver.c (testInterfaceChangeBegin)
	(testInterfaceChangeCommit, testInterfaceChangeRollback):
	Likewise.
	* src/vbox/vbox_tmpl.c (vboxListAllDomains): Likewise.
	* src/xenxs/xen_sxpr.c (xenFormatSxprDisk, xenFormatSxpr):
	Likewise.
	* src/xenxs/xen_xm.c (xenXMConfigGetUUID, xenFormatXMDisk)
	(xenFormatXM): Likewise.

	maint: avoid empty regex in syntax checker
	We were defining 'func_or' as '|VIR_ERROR|...', which when put
	inside 'func_re' resulted in a regex that matches everything in
	isolation.  Thankfully, we always used func_re with a leading
	anchor \<, and since the empty regex does not start a word, we
	happened to get the result we wanted; but it's better to define
	func_or without a leading space converted into a leading empty
	alternation.
	* cfg.mk (func_or): Strip leading space.

2012-07-26  Ján Tomko  <jtomko@redhat.com>

	virsh: check if specified debug level is in range

2012-07-26  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib, for secure tarball
	Pick up some build fixes in the latest gnulib.  In particular,
	we want to ensure that official tarballs are secure, but don't
	want to penalize people who don't run 'make dist', since fixed
	automake still hasn't hit common platforms like Fedora 17.
	* .gnulib: Update to latest, for Automake CVE-2012-3386 detection.
	* bootstrap: Resync from gnulib.
	* bootstrap.conf (gnulib_extra_files): Drop missing, since gnulib
	has dropped it in favor of Automake's version.
	* cfg.mk (local-checks-to-skip): Conditionally skip the security
	check in cases where it doesn't matter.

2012-07-26  Peter Krempa  <pkrempa@redhat.com>

	virsh: Check for existence of storage before undefining the domain
	When undefining a domain and removing associated storage using "virsh
	undefine --storage" the domain was at first undefined and after that the
	storage removal proces was started. If the user specified an invalid
	disk to remove, the error could not be corrected.
	This patch moves enumeration and filtering of volumes that should be
	removed before the domain is undefined, but the removal process is still
	kept after the domain has been undefined.

2012-07-26  Guannan Ren  <gren@redhat.com>

	doc: add more description on libvirtd option timeout

	util: set minimum value of nodesuspend duration to 60 seconds
	Change the permissible minimum value of nodesuspend duration time
	to 60 seconds. If option is less than the value, reports error.
	Update virsh help and manpage the infomation.

2012-07-26  Osier Yang  <jyang@redhat.com>

	virsh: Move command group definition into its own file
	* virsh-domain-monitor.c: Add domMonitoringCmds
	* virsh-domain.c: Add domManagementCmds
	* virsh-host.c: Add hostAndHypervisorCmds
	* virsh-interface.c: Add ifaceCmds
	* virsh-network.c: Add networkCmds
	* virsh-nodedev.c: Add nodedevCmds
	* virsh-nwfilter.c: Add nwfilterCmds
	* virsh-pool.c: Add storagePoolCmds
	* virsh-secret.c: Add secretCmds
	* virsh-snapshot.c: Add snapshotCmds
	* virsh-volume.c: Add storageVolCmds
	* virsh.c: Remove all the above *Cmds.

	virsh: Split cmds in node device group from virsh.c
	Commands in node device group moved from virsh.c to virsh-nodedev.c,
	* virsh.c: Remove commands in node device group.
	* virsh-nodedev.c: New file, filled with commands in node device group
	* po/POTFILES.in: Add virsh-nodedev.c
	* cfg.mk: Skip to check config.h including for virsh-nodedev.c

	virsh: Split cmds in host group from virsh.c
	Commands in host group moved from virsh.c to virsh-host.c,
	* virsh.c: Remove commands in host group.
	* virsh-host.c: New file, filled with commands in host group
	* po/POTFILES.in: Add virsh-host.c
	* cfg.mk: Skip to check config.h including for virsh-host.c

	virsh: Split cmds to manage domain snapshot from virsh.c
	Commands to manage domain snapshot are moved from virsh.c to
	virsh-snapshot.c.
	* virsh.c: Remove domain snapshot commands.
	* virsh-snapshot.c: New file, filled with domain snapshot commands.
	* po/POTFILES.in: Add virsh-snapshot.c
	* cfg.mk: Skip strcase and config.h including checking for
	          virsh-snapshot.c

	virsh: Split cmds to manage secret from virsh.c
	Commands to manage secret are moved from virsh.c to virsh-secret.c,
	with a few helpers for secret command use.
	* virsh.c: Remove secret commands and a few helpers.
	           (vshCommandOptSecret, and vshCommandOptSecretBy)
	* virsh-secret.c: New file, filled with secret commands and its helpers.
	* po/POTFILES.in: Add virsh-secret.c
	* cfg.mk: Skip to check config.h including for virsh-secret.c

	virsh: Split cmds to manage network filter from virsh.c
	Commands to manage network filter are moved from virsh.c to virsh-nwfilter.c,
	with a few helpers for network filter command use.
	* virsh.c: Remove network filter commands and a few helpers.
	           (vshCommandOptNWFilter, and vshCommandOptNWFilterBy)
	* virsh-nwfilter.c: New file, filled with network filter commands and its helpers.
	* po/POTFILES.in: Add virsh-nwfilter.c
	* cfg.mk: Skip to check config.h including for virsh-nwfilter.c

	virsh: Split cmds to manage host interface from virsh.c
	Commands to manage host interface are moved from virsh.c to
	virsh-interface.c, with a few helpers for interface command use.
	* virsh.c: Remove interface commands and a few helpers.
	           (vshCommandOptInterface, vshCommandOptInterfaceBy)
	* virsh-interface.c: New file, filled with interface commands and
	                     its helpers.
	* cfg.mk: Skip to check config.h including for virsh-interface.c
	* po/POTFILES.in: Add virsh-interface.c

	virsh: Split cmds to manage network from virsh.c
	Commands to manage network are moved from virsh.c to virsh-network.c,
	with a few helpers for network command use.
	* virsh.c: Remove network commands and a few helpers.
	* virsh-network.c: New file, filled with network commands and its
	                   helpers.
	* po/POTFILES.in: Add virsh-network.c
	* cfg.mk: Skip to check config.h including for virsh-network.c

	virsh: Split cmds of storage pool group from virsh.c
	This splits commands of storage pool group into virsh-pool.c,
	The helpers not for common use are moved too. Standard copyright
	is added for the new file.
	* tools/virsh.c:
	  Remove commands for storage storage pool and a few helpers.
	  (vshCommandOptVol, vshCommandOptVolBy).
	* tools/virsh-pool.c:
	  New file, filled with commands of storage pool group and its
	  helpers.
	* po/POTFILES.in:
	  Add virsh-pool.c
	* cfg.mk:
	  Skip to check config.h including for virsh-pool.c

	virsh: Split cmds of storage volume group from virsh.c
	This splits commands of storage volume group into virsh-volume.c,
	The helpers not for common use are moved too. Standard copyright
	is added for the new file.
	* tools/virsh.c:
	  Remove commands for storage storage volume and a few helpers.
	  (vshCommandOptVol, vshCommandOptVolBy).
	* tools/virsh-volume.c:
	  New file, filled with commands of storage volume group and its
	  helpers.
	* po/POTFILES.in:
	  Add virsh-volume.c
	* cfg.mk:
	  Skip to check config.h including for virsh-volume.c

	virsh: Split cmds of domain group from virsh.c
	This splits commands to manage domain into virsh-domain.c,The helpers
	not for common use are moved into them too. Standard copyright is added
	for the new file.
	* tools/virsh.c:
	  - Remove commands for domain group, and one helper
	    (vshDomainVcpuStateToString)
	  - vshStreamSink is moved before commands's definition for it's
	    also used by commands not of domain group, such as volUpload.
	* tools/virsh-domain.c:
	  - New file, commands for domain group and the one helper are
	    moved into it.
	* po/POTFILES.in:
	  - Add virsh-domain.c
	* cfg.mk:
	  - Skip to check config.h including for virsh-domain.c

	virsh: Split cmds for domain monitoring from virsh.c
	This splits commands commands to monitor domain status into
	virsh-domain-monitor.c. The helpers not for common use are moved too.
	Standard copyright is added.
	* tools/virsh.c:
	  - Remove commands for domain monitoring group and a few helpers (
	    vshDomainIOErrorToString, vshGetDomainDescription,
	    vshDomainControlStateToString, vshDomainStateToString) not for
	    common use.
	  - Remove (incldue "intprops.h").
	* tools/virsh-domain-monitor.c:
	  - New file, filled with commands of domain monitor group.
	  - Add "intprops.h".
	* cfg.mk:
	  - Skip strcase checking for virsh-domain-monitor.c
	  - Skip to check config.h including for virsh-domain-monitor.c
	* po/POTFILES.in
	  - Add virsh-domain-monitor.c

	virsh: Move definition of cmds and cmd groups right at the top of main
	This will avoid many conflicts if moving the codes for each command
	group into separate files in later patches.

2012-07-26  Jan Tomko  <jtomko@redhat.com>

	virsh man page - domain-id consistency
	Using 'domain' to represent domain name, domain id or uuid all over
	the man page, to be consistent with virsh help.

2012-07-26  Laine Stump  <laine@laine.org>

	Fixup manpage names and copyright dates
	The copyright dates in the manpages haven't been updated in awhile.
	Also, when pod2man converts a pod file into a manpage, it will only
	remove the extension from the filename if it is ".pod". Some of the
	libvirt pod files are named *.pod.in, and that filename is placed
	unchanged into the manpage. This patch uses pod2man's --name option to
	fix that.
	Believe it or not, there's even a BZ for this:
	  https://bugzilla.redhat.com/show_bug.cgi?id=819364

2012-07-25  Jiri Denemark  <jdenemar@redhat.com>

	conf: Fix typo in virDomainHostdevSubsys comment

2012-07-25  Eric Blake  <eblake@redhat.com>

	maint: spelling correction in AUTHORS
	Ján Tomko has an accented name.

2012-07-25  Guannan Ren  <gren@redhat.com>

	util: Fix typoes on return value and comments
	virNetDevTapCreateInBridgePort: Fix return value to -1
	virNetDevTapCreate: Fix comments

2012-07-25  Martin Kletzander  <mkletzan@redhat.com>

	fixed SegFault in virauth
	No check for conn->uri being NULL in virAuthGetConfigFilePath (valid
	state) made the client segfault. This happens for example with these
	settings:
	 - no virtualbox driver installed (modifies conn->uri)
	 - no default URI set (VIRSH_DEFAULT_CONNECT_URI="",
	   LIBVIRT_DEFAULT_URI="", uri_default="")
	 - auth_sock_rw="sasl"
	 - virsh run as root
	That are unfortunately the settings with fresh Fedora 17 installation
	with VDSM.
	The check ought to be enough as conn->uri being NULL is valid in later
	code and is handled properly.

2012-07-25  Osier Yang  <jyang@redhat.com>

	daemon: Fix the wrong macro name
	WITH_INTERFACE is not defined, it should be WITH_NETCF there to load
	the interface driver.
	Eric posted patch weeks ago to resolve the problems in the whole
	build system, but it's not finalised yet:
	https://www.redhat.com/archives/libvir-list/2012-June/msg01299.html
	I'm going to simply fix the wrong macro name here so that the
	interface driver could loaded, and continue the work on the listing
	API for interface driver.

2012-07-25  Jan Tomko  <jtomko@redhat.com>

	virsh: Clarify that memtune parameters may be rounded in the man page

2012-07-25  Doug Goldstein  <cardoe@cardoe.com>

	Fix libnl CFLAGS/LIBS inclusion
	When using libnl, use the variables pkg-config provides in case there are
	additional libraries or CFLAGS required to build it. Specifically if
	the libnl headers are not directly in /usr/include.

2012-07-24  Martin Kletzander  <mkletzan@redhat.com>

	virsh: fixed domdisplay command
	The 'domdisplay' command didn't properly evaluate '--include-password'
	option.

2012-07-24  Wen Congyang  <wency@cn.fujitsu.com>

	building: fix deps error when some drivers are not built
	libvirt-daemon-driver-XXX should be a dependency only when with_driver_modules
	is 1.
	libvirt-daemon-driver-libxl should be a dependency only when with_libxl is 1.
	libvirt-daemon-driver-lxc should be a dependency only when with_lxc is 1.
	libvirt-daemon-driver-qemu should be a dependency only when with_qemu is 1.
	libvirt-daemon-driver-uml should be a dependency only when with_uml is 1.
	libvirt-daemon-driver-xen should be a dependency only when with_xen is 1.

2012-07-24  Daniel P. Berrange  <berrange@redhat.com>

	More advanced auto-detection of driver module directory
	When running directly from GIT, libvirtd attempts to locate
	the directory containing loadable modules. This currently
	only works if executing libvirtd with a CWD inside the libvirt
	source tree. Switch to locate based on the path to the current
	binary instead

2012-07-24  Royce Lv  <lvroyce@linux.vnet.ibm.com>

	adding handling EINTR to poll to make it more robust
	some system call and signal will interrupt poll,
	making event loop stops and fails to react events and keepalive message
	from libvirt.
	adding handling EINTR to poll to make it more robust

2012-07-24  Eric Blake  <eblake@redhat.com>

	build: regenerate .png files
	We don't expect people to have tools installed to regenerate .png
	from .fig by default.  However, since commit 5eb3df8, several
	.fig files were updated without regenerating the .png file, and
	as a result, 'make dist' ends up regenerating those five files,
	or worse, failing because of missing tools (convert from
	ImageMagick).
	Additionally, even if the tools are present, the generation of
	.png files is nondeterministic (the resulting files contain a
	timestamp), which means prior to this patch, running 'make dist'
	from two checkouts will end up producing different tarball
	contents (two 'make dist' runs will always produce different tar
	files, since tarballs also contain timestamps; but unpacking the
	tarballs and doing a recursive diff will show if the contents
	are unchanged).
	After this patch, the timestamps are now up-to-date, and 'make
	dist' no longer has anything to do for the .png files.  This gets
	us closer to the goal of two checkouts being able to produce the
	same tarball.
	* docs/libvirt-*.png: Regenerate.

2012-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Make ESX & Hyper-V code generator safe with parallel builds
	If from a clean GIT checkout 'make -j 8' is run, the ESX
	and Hyper-V code will be generated multiple times over.
	This is because there are multiple files being generated
	from one invocation of the generator script. make does not
	realize this and so invokes the generator once per file.
	This doesn't matter with serialized builds, but with
	parallel builds multiple instances of the generator get
	run at once.
	make[2]: Entering directory `/home/berrange/src/virt/libvirt/src'
	  GEN    util/virkeymaps.h
	  GEN    remote/remote_protocol.h
	  GEN    remote/remote_client_bodies.h
	  GEN    remote/qemu_protocol.h
	  GEN    remote/qemu_client_bodies.h
	  GEN    esx/esx_vi_methods.generated.c
	  GEN    esx/esx_vi_methods.generated.h
	  GEN    esx/esx_vi_methods.generated.macro
	  GEN    esx/esx_vi_types.generated.c
	  GEN    esx/esx_vi_types.generated.h
	  GEN    esx/esx_vi_types.generated.typedef
	  GEN    esx/esx_vi_types.generated.typedef
	  GEN    esx/esx_vi_types.generated.typeenum
	  GEN    esx/esx_vi_types.generated.typetostring
	  GEN    esx/esx_vi_types.generated.typefromstring
	  GEN    esx/esx_vi_types.generated.h
	  GEN    esx/esx_vi_types.generated.c
	  GEN    esx/esx_vi_methods.generated.h
	  GEN    esx/esx_vi_methods.generated.c
	  GEN    esx/esx_vi_methods.generated.macro
	  GEN    esx/esx_vi.generated.h
	  GEN    esx/esx_vi.generated.c
	  GEN    esx/esx_vi_types.generated.typeenum
	  GEN    esx/esx_vi_types.generated.typedef
	  GEN    esx/esx_vi_types.generated.typeenum
	  GEN    esx/esx_vi_types.generated.typetostring
	  GEN    esx/esx_vi_types.generated.typefromstring
	  GEN    esx/esx_vi_types.generated.h
	  GEN    esx/esx_vi_types.generated.c
	  GEN    esx/esx_vi_methods.generated.h
	  ...snip...
	  GEN    hyperv/hyperv_wmi.generated.h
	  GEN    libvirt_qemu_probes.h
	  GEN    locking/qemu-sanlock.conf
	  GEN    hyperv/hyperv_wmi.generated.c
	  GEN    rpc/virnetprotocol.h
	  GEN    hyperv/hyperv_wmi_classes.generated.typedef
	  GEN    hyperv/hyperv_wmi_classes.generated.h
	  GEN    hyperv/hyperv_wmi_classes.generated.c
	  GEN    rpc/virkeepaliveprotocol.h
	  GEN    remote/remote_protocol.c
	  GEN    remote/qemu_protocol.c
	  GEN    rpc/virkeepaliveprotocol.c
	  GEN    rpc/virnetprotocol.c
	  GEN    libvirt.def
	Prevent this using a timestamp file to control generation,
	as was previously done for the python bindings in commit
	a7868e0131516ef2dece82586edd52dc87fe336c

2012-07-23  Peter Krempa  <pkrempa@redhat.com>

	tests: Add support for catching domain XML parsing errors
	This patch enhances qemuxml2argvtest to deal with semantically incorrect
	domain XMLs, that generate errors while parsing.
	This patch cleans up macros that invoke the tests and changes boolean
	flags to a bit array flag variable.

	maint: Clean up coding style and fix error message spelling
	This patch cleans up coding style breaks some long lines and fixes error
	message spelling on various places in domain_conf.c and in the qemu
	driver.

2012-07-23  Doug Goldstein  <cardoe@cardoe.com>

	doc: Fix time keeping example for the guest clock
	The time keeping example was missing quotes which resulted in an error
	if you copied and pasted the example into a domain's XML. Additionally
	the rest of the examples use single quotes (') instead of double quotes
	(") so standardized that.

	Fix test failure when no IPv6 is avail
	When the system doesn't have IPv6 available (e.g. not built into the
	kernel or the module isn't loaded), you can not create an IPv6 socket.
	The test determines earlier on that IPv6 isn't available then goes and
	creates a socket. This makes socket creation conditional on IPv6
	availability.

2012-07-23  Osier Yang  <jyang@redhat.com>

	Desert the FSF address in copyright
	Per the FSF address could be changed from time to time, and GNU
	recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)
	  You should have received a copy of the GNU General Public License
	  along with Foobar.  If not, see <http://www.gnu.org/licenses/>.
	This patch removes the explicit FSF address, and uses above instead
	(of course, with inserting 'Lesser' before 'General').
	Except a bunch of files for security driver, all others are changed
	automatically, the copyright for securify files are not complete,
	that's why to do it manually:
	  src/security/security_selinux.h
	  src/security/security_driver.h
	  src/security/security_selinux.c
	  src/security/security_apparmor.h
	  src/security/security_apparmor.c
	  src/security/security_driver.c

2012-07-22  Ata E Husain Bohra  <ata.husain@hotmail.com>

	ESX: Fix ESX_VI__TEMPLATE__DYNAMIC_DEEP_COPY
	Fix addresses two issues:
	1. Fix generator code to allow deep copy operation for objects with
	   Dynamic_Cast capabilities.
	2. Add missing deep copy routine to Long datatype.

2012-07-22  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vmx: handle shared folders parsing
	This patch adds support for parsing vmx files with
	shared folders enabled.
	Update test suite accordingly.

	vmx: handle shared folders formatting
	This patch adds support for generating vmx files with
	shared folders enabled.
	Update test suite accordingly.

2012-07-21  Eric Blake  <eblake@redhat.com>

	tests: reduce length of nodeinfodata test names
	Commit ddd6bef4 switched to the ustar format to fix an issue where
	'make dist' fails to create a tarball because we have files with
	relative names longer than 100 bytes by the time you include a
	'libvirt-0.9.13' prefix.  Unfortunately, even with ustar format,
	the use of 'tar -ch' tries to convert symlinks to hard links,
	also with a name too long (omitting the -h works, but automake
	automatically passes -h); such symlinks were added in commit
	6dcf98c, which resulted in 'make dist' breaking again.  The
	solution is to rename the offending symlinks to something shorter,
	by shortening the entire nodeinfodata naming scheme.
	* tests/nodeinfotest.c (mymain): Shorten test names.
	(linuxTestNodeInfo): Accommodate new names.
	* tests/nodeinfodata/*: Rename files accordingly.

	tests: avoid seclabeltest crash
	Commit a56c347 introduced a use of random numbers into seclabel
	handling, but failed to initialize the random number generator
	in the testsuite.  Also, fail with usual status, not 255.
	* tests/seclabeltest.c (main): Initialize randomness.

2012-07-21  Guido Günther  <agx@sigxcpu.org>

	openvz: Implement domainGetHostname

	openvz: Add openvzVEGetStringParam
	to retrieve a VEs config parameters as a single string. This will be
	used by the upcoming domainGetHostname implementation.

	remote: Provide RPC call for domainGetHostname

	virsh: Add domhostname
	to query the guest's hostname.

	Add virDomainGetHostname
	to query a guests's hostname. Containers like LXC and OpenVZ allow to
	set a hostname different from the hosts name and QEMU's guest agent
	could provide similar functionality.

2012-07-21  Daniel P. Berrange  <berrange@redhat.com>

	Report 'errno' in int1 field of virErrorPtr
	When reporting a system error (VIR_ERR_SYSTEM_ERROR) via
	virReportSystemError, we should copy the errno value into
	the 'int1' field of the virErrorPtr struct. This allows
	callers to detect certain errno conditions & discard the
	error
	* src/util/virterror.c: Place errno value in int1 field

	Only enforce check for YAJL when starting a VM
	The previous check for YAJL would have many undesirable
	consequences, the most important being that it caused the
	capabilities XML to lose all <guest> elements. There is
	no user visible feedback as to what is wrong in this respect,
	merely a syslog message. The empty capabilities causes
	libvirtd to then throw away all guest XML configs that are
	stored.
	This changes the code so that the check for YAJL is only
	performed at the time we attempt to spawn a QEMU process
	error: Failed to start domain vm-vnc
	error: unsupported configuration: this qemu binary requires libvirt to be compiled with yajl

	Use a hash table for storing MCS labels
	Instead of using an O(n) efficiency linked list for storing
	MCS labels, use a hash table. Instead of having the list
	be global, put it in the SELinux driver private data struct
	to ensure uniqueness across different instances of the driver.
	This also ensures thread safety when multiple hypervisor
	drivers are used in the same libvirtd process

	Fix error handling when adding MCS labels
	When adding MCS labels, OOM was not being handled correctly.
	In addition when reserving an existing label, no check was
	made to see if it was already reserved

	Use standard naming prefix for SELinux driver function names
	The function names in the SELinux driver all start with
	SELinux or 'mcs' as a prefix. Sanitize this so that they
	all use 'virSecuritySELinux' as the prefix

	Disable NWFilter driver completely when unprivileged
	Running libvirtd unprivileged results in a warning message from
	the NWFilter driver
	  virNWFilterSnoopLeaseFileRefresh:1882 : open("/var/run/libvirt/network/nwfilter.ltmp"): No such file or directory
	Since it requires privileged network access, this driver should
	not even run when unprivileged.

2012-07-20  Daniel P. Berrange  <berrange@redhat.com>

	Replace use of custom macros with virReportError in the Xen drivers
	Update the legacy Xen drivers to use virReportError instead of
	the statsError, virXenInotifyError, virXenStoreError,
	virXendError, xenUnifiedError, xenXMError custom macros

	Make sure xenHypervisorInit correctly reports errors
	The xenHypervisorInit method was called from two different
	locations, during initial driver registration and also while
	opening a Xen connection. The former can't report any useful
	errors to the end user/app, so remove it. To ensure thread
	safety use a VIR_ONCE_GLOBAL_INIT call to invoke
	xenHypervisorInit from the xenHypervisorOpen method.

	Ensure failure to talk to Xen hypervisor is fatal when privileged
	As per the comment, the Xen hypervisor driver is considered to
	be mandatory when running privileged. When it fails to open,
	we should thus return an error, not ignore it.

	Using virOnce for global initialization is desirable since it ensures that initialization will always take place when it is needed, and guarantees it only occurs once. The problem is that the code to setup a global initializer with proper error propagation is tedious. This introduces VIR_ONCE_GLOBAL_INIT macro to simplify this.

	Replace use of VMX_ERROR with virReportError
	Update the VMX shared code to use virReportError instead of
	the VMX_ERROR custom macro

	Replace use of virNetError with virReportError
	Update the libvirtd dispatch code to use virReportError
	instead of the virNetError custom macro

	Replace use of virConfError with virReportError
	Update the libvirtd config handling code to use virReportError
	instead of the virConfError custom macro

	Replace use of nodeReportError with virReportError
	Update the nodeinfo helper code to use virReportError instead
	of the nodeReportError custom macro

	Replace use of virSecurityReportError with virReportError
	Update the security drivers to use virReportError instead of
	the virSecurityReportError custom macro

	Replace use of PHYP_ERROR with virReportError
	Update the Power-Hypervisor driver to use virReportError
	instead of the PHYP_ERROR custom macro

	Replace use of HYPERV_ERROR with virReportError
	Update the Hyper-V driver to use virReportError instead
	of the HYPERV_ERROR custom macro

	Replace use of ESX_ERROR & ESX_VI_ERROR with virReportError
	Update the ESX driver to use virReportError instead of
	the ESX_ERROR & ESX_VI_ERROR custom macros

	Replace use of virLockError with virReportError
	Update the lock manager drivers to use virReportError instead
	of the virLockError custom macro

	Replace use of libxlError with virReportError
	Update the libxl driver to use virReportError instead of
	the libxlError custom macro

2012-07-20  Jiri Denemark  <jdenemar@redhat.com>

	Add missing "%s" format string to constant error messages in lock manager
	Updates the lock manager code so that it passes "%s" as the format
	string whenever raising an error message with a const string.

	Add missing "%s" format string to constant error messages in libxl driver
	Updates the libxl driver code so that it passes "%s" as the format
	string whenever raising an error message with a const string.

2012-07-20  Gao feng  <gaofeng@cn.fujitsu.com>

	Make the 'lxc_driver' global variable non-static
	The 'lxc_driver' global variable is now used from several of
	the LXC sources files. Thus it needs to be non-static to
	avoid runtime linkage errors

2012-07-20  Daniel P. Berrange  <berrange@redhat.com>

	Replace use of streamsReportError with virReportError
	Update the streams code to use virReportError instead of
	the streamsReportError custom macro

	Replace use of remoteError with virReportError
	Update the remote driver to use virReportError instead of
	the remoteError custom macro

	Replace use of XENXS_ERROR with virReportError
	Update the XenXS shared code to use virReportError instead
	of the XENXS_ERROR custom macro

	Replace use of openvzError with virReportError
	Update the OpenVZ driver to use virReportError instead of
	the openvzError custom macro

	Fix Xen driver to have sensible error messages
	The Xen driver had a number of error reports which passed a
	constant string without format specifiers and was missing
	"%s". Furthermore the errors were related to failing system
	calls, but virReportSystemError was not used. So the only
	useful piece of info (the errno) was being discarded

2012-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Move LXC process management code into separate file
	Move all the code that manages stop/start of LXC processes
	into separate lxc_process.{c,h} file to make the lxc_driver.c
	file smaller

	Move cgroup setup code out of lxc_controller.c
	Move the cgroup setup code out of the lxc_controller.c file
	and into lxc_cgroup.{c,h}. This reduces the size of the
	lxc_controller.c file and paves the way to invoke cgroup
	setup from lxc_driver.c instead of lxc_controller.c in the
	future

	Move LXC domain private data into separate file
	Move the LXC driver code related to the virDomainObjPtr
	private data into separate lxc_domain.{c,h} files
	to reduce the size of lxc_driver.c

	Replace use of vmwareError with virReportError
	Update the VMWare driver to use virReportError instead of
	the vmwareError custom macro

	Replace use of virCPUReportError with virReportError
	Update the CPU helper APIs to use virReportError instead
	of the virCPUReportError custom macor

	Replace use of testError with virReportError
	Update the test driver to use virReportError instead of the
	testError custom macro

	Replace use of vboxError with virReportError
	Update the VirtualBox driver to use virReportError instead of
	the vboxError custom macro

	Replace use of xenapiError with virReportError
	Update the XenAPI driver to use virReportError instead of
	the xenapiError custom macro

	Replace use of qemuReportError with virReportError
	Update the QEMU driver to use virReportError instead of
	the qemuReportError custom macro

2012-07-19  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add missing "%s" before translation macros
	This patch cleans up some missing "%s" before translation macros,
	for strings which are const without format specifiers

2012-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Replace use of umlReportError with virReportError
	Update the UML driver to use virReportError instead of the
	umlReportError custom macro

	Add lots of internal symbols to libvirt_private.syms
	Make sure that libvirt_private.syms has all the internal symbols
	from APIs in src/rpc/*.h and src/util/cgroup.h, since the LXC
	controller/driver will shortly need them

	Reset the 'quit' flag in virNetServerRun
	To allow virNetServerRun/virNetServerQuit to be invoked multiple
	times, we must reset the 'quit' flag in virNetServerRun

	If in delay close mode for an RPC client, don't read further data
	In the delayed close mode, we're just waiting for final data to
	be written back to the client. While waiting, we should not
	bother to read more data from the client.

	Don't autostart domains when reloading config
	When sending SIGHUP to libvirtd, it will trigger the virStateDriver
	reload operation. This is intended to reload the configuration files
	for guests. For unknown historical reasons this is also triggering
	autostart of all guests. Autostart is generally expected to be
	something that happens on OS startup. Starting VMs on SIGHUP will
	violate that expectation and potentially cause dangerous scenarios
	if the admin has explicitly shutdown a misbehaving VM that has
	been marked as autostart

	Add missing deps on driver modules in libvirt RPM
	Turning on the building of driver modules in libvirt.spec.in
	means that installing 'libvirt' no longer pulls in all the
	drivers. For upgrade compatibility we need to list all drivers
	module sub-RPMs against the 'libvirt' RPM.

	Replace use of networkReportError with virReportError
	Update the linux bridge driver to use virReportError instead
	of the networkReportError custom macro

2012-07-19  Guannan Ren  <gren@redhat.com>

	rpc: remove trailing whitespace character in error string
	Instead of only removing the ending newline character, it is
	better to remove all of standard whitespace character for the
	sake of log format.
	One example that we have to do this is:
	After three times incorrect password input, virsh command
	virsh -c qemu://remoteserver/system will report error like:
	: Connection reset by peerey,gssapi-keyex,gssapi-with-mic,password).
	But it should be:
	Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
	: Connection reset by peer
	The reason is that we dropped the newline, but have a '\r' left.
	The terminal interprets it as "move the cursor back to the start
	of the current line", so the error string is messed up.

2012-07-19  Eric Blake  <eblake@redhat.com>

	po: avoid spurious double spaces in messages
	Noticed during the recent error cleanups.
	* src/network/bridge_driver.c (networkStartRadvd): Fix spacing.
	* src/openvz/openvz_conf.c (openvzReadMemConf): Likewise.
	* src/qemu/qemu_command.c (qemuNetworkIfaceConnect): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainDetachNetDevice): Likewise.
	* src/qemu/qemu_process.c (qemuProcessStop): Likewise.
	* src/security/virt-aa-helper.c (vah_add_file): Likewise.

	build: fix compilation without struct ifreq
	Detected on Cygwin.  Broken in commit 387117ad.
	* src/util/virnetdev.c (virNetDevValidateConfig)
	(virNetDevReplaceNetConfig): Fix prototypes.
	* src/util/virnetlink.c (virNetlinkEventAddClient)
	(virNetlinkEventRemoveClient): Likewise.

2012-07-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix esxVI_String_Deserialize
	It was broken since forever as it expected a libxml2
	XML_ELEMENT_NODE containing a XML_TEXT_NODE instead of
	just a XML_TEXT_NODE.
	This problem was not discovered for so long because
	esxVI_String_Deserialize was not used until now.
	Reported by Ata Bohra

2012-07-19  Eric Blake  <eblake@redhat.com>

	nodeinfo: deal with offline cpus in a node
	Commit 80533ca forgot to think about offline cpus.  When a node
	cpu is offline, then its topology/ subdirectory is not present,
	leading to spurious error messages leaked to the user such as:
	libvir:  error : cannot open /home/dummy/libvirt/tests/nodeinfodata/linux-nodeinfo-sysfs-test-6/node/node0/cpu7/topology/physical_package_id: No such file or directory
	Fix that, as well as test it; the test data is gathered from a
	machine with one NUMA node, hyperthreading, and with 2 of the
	8 cpus offline.
	* src/nodeinfo.c (virNodeParseNode): Don't parse topology of
	offline cpus.
	* tests/nodeinfotest.c (mymain): Run new test.
	* tests/nodeinfodata/linux-nodeinfo-sysfs-test-6*: New data.

	maint: add mailmap entry for Dan Walsh
	As confirmed with Dan on IRC.
	* .mailmap: List Dan's preferred 'shortlog' name.

2012-07-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Extend esxVI_CURL_Download for partial downloads
	Also ensure that the virBuffer used to store the downloaded data
	does not overflow.

2012-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Replace use of interfaceReportError with virReportError
	Update the netcf driver to use virReportError instead of the
	interfaceReportError custom macro

	Replace use of virNWFilterReportError with virReportError
	Update the network filter driver to use virReportError instead
	of the virNWFilterReportError custom macro

	Add missing "%s" with constant string error message in nwfilter_dhcpsnoop.c

2012-07-19  Dan Walsh  <dwalsh@redhat.com>

	lxcContainerMountCGroups also mounts a tmpfs that needs to be labeled.
	This patch passes down the sec_mount_options to the
	lxcContainerMountCGroups function and then mounts the tmpfs with
	the correct label.

2012-07-19  Sebastian Wiedenroth  <wiedi@frubar.net>

	Add a sheepdog backend for the storage driver
	This patch brings support to manage sheepdog pools and volumes to libvirt.
	It uses the "collie" command-line utility that comes with sheepdog for that.
	A sheepdog pool in libvirt maps to a sheepdog cluster.
	It needs a host and port to connect to, which in most cases
	is just going to be the default of localhost on port 7000.
	A sheepdog volume in libvirt maps to a sheepdog vdi.
	To create one specify the pool, a name and the capacity.
	Volumes can also be resized later.
	In the volume XML the vdi name has to be put into the <target><path>.
	To use the volume as a disk source for virtual machines specify
	the vdi name as "name" attribute of the <source>.
	The host and port information from the pool are specified inside the host tag.
	  <disk type='network'>
	    ...
	    <source protocol="sheepdog" name="vdi_name">
	      <host name="localhost" port="7000"/>
	    </source>
	  </disk>
	To work right this patch parses the output of collie,
	so it relies on the raw output option. There recently was a bug which caused
	size information to be reported wrong. This is fixed upstream already and
	will be in the next release.

2012-07-19  Daniel J Walsh  <dwalsh@redhat.com>

	Mount all tmpfs filesystems with correct SELinux label
	Basically within a Secure Linux Container (virt-sandbox) we want all content
	that the process within the container can write to be labeled the same.  We
	are labeling the physical disk correctly but when we create "RAM" based file
	systems
	libvirt is not labeling them, and they are defaulting to tmpfs_t, which will
	will not allow the processes to write.  This patch labels the RAM based file
	systems correctly.

2012-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Replace use of virNodeDeviceReportError with virReportError
	Update the node device driver to use virReportError instead of
	the virNodeDeviceReportError custom macro

	Replace use of virSecretReportError with virReportError
	Update the secret driver to use virReportError instead of the
	virSecretReportError custom macro

	Replace use of virStorageReportError with virReportError
	Update the storage driver to use virReportError instead of
	the virStorageReportError custom macro

	Add missing "%s" format to const error message in RBD storage driver
	When passing a const message string to the error reporting APIs
	RBD forgot to use "%s" to avoid GCC format string warnings

	Convert all files in src/conf/ to use virReportError()
	This removes all the per-file error reporting macros
	from the code in src/conf/

2012-07-18  Daniel P. Berrange  <berrange@redhat.com>

	Add missing _(...) around 2 error messages in test driver

	Fix parameter passed with VIR_ERR_INVALID_ARG in sanlock driver
	The VIR_ERR_INVALID_ARG is typically given the function name
	via __FUNCTION__

	Convert all files in src/rpc/ to use virReportError()
	This rmoves all the per-file error reporting macros
	from the code in src/rpc/

	Convert (nearly) all files in src/util/ to use virReportError()
	This removes nearly all the per-file error reporting macros
	from the code in src/util/. A few custom macros remain for the
	case, where the file needs to report errors with a variety of
	different codes or parameters

	Fix bogus cast to (int) in virNetServerMDNSTimeoutNew
	The virNetServerMDNSTimeoutNew method was casting a long long
	to an int when reporting errors. This should just be using
	%lld instead of %d, avoiding the need to cast

	Add missing "%s" with constant string error message in stats_linux.c

	Remove newline from end of error message in virnodesuspend.c

	Add _(...) around two error messages in src/util/
	The virnetdevtap.c and viruri.c files had two error report
	messages which were not annotated with _(...)

	Introduce virReportError macro for general error reporting
	Nearly every source file does something like
	  #define VIR_FROM_THIS VIR_FROM_FOO
	  #define virFooReportErorr(code, ...) \
	     virReportErrorHelper(VIR_FROM_THIS, code,  __FILE__,    \
	                          __FUNCTION__, __LINE__, \
	                          __VA_ARGS__)
	This creates needless duplication and inconsistent error
	reporting function names in each file. It is trivial to
	just have virterror_internal.h provide a virReportError
	macro that is equivalent
	* src/util/virterror_internal.h: Define virReportError(code, ...)

2012-07-18  Jiri Denemark  <jdenemar@redhat.com>

	remote: Fix locking in stream APIs
	Remote driver needs to make sure the driver lock is released before
	entering client IO loop as that may block indefinitely in poll(). As a
	direct consequence of not following this in stream APIs, tunneled
	migration to a destination host which becomes non-responding may block
	qemu driver. Luckily, if keepalive is turned for p2p migrations, both
	remote and qemu drivers will get automagically unblocked after keepalive
	timeout.

2012-07-17  Jiri Denemark  <jdenemar@redhat.com>

	xenapi: Convert to virMacAddr

2012-07-17  Michal Privoznik  <mprivozn@redhat.com>

	nwfilter: Convert to virMacAddrPtr not virMacAddrPtr*
	My previous patch wasn't complete as it converted from
	(unsigned char *) to (virMacAddrPtr *). It should be
	(virMacAddrPtr) only.

	nwfilter: Convert to virMacAddrPtr completely
	The previous commit (387117ad92) was incomplete leaving those
	who does not use libpcap with uncompilable sources beacuse
	of incomplete conversion of virNWFilterDHCPSnoopReq function.

2012-07-17  Cole Robinson  <crobinso@redhat.com>

	configure: rbd doesn't need -lcrypto
	See https://www.redhat.com/archives/libvir-list/2012-July/msg00493.html
	Basically building against librbd doesn't seem to actually require -lcrypto.
	Also report the rbd linker flags in configure output

2012-07-17  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Convert 'raw MAC address' usages to use virMacAddr
	Introduce new members in the virMacAddr 'class'
	- virMacAddrSet: set virMacAddr from a virMacAddr
	- virMacAddrSetRaw: setting virMacAddr from raw 6 byte MAC address buffer
	- virMacAddrGetRaw: writing virMacAddr into raw 6 byte MAC address buffer
	- virMacAddrCmp: comparing two virMacAddr
	- virMacAddrCmpRaw: comparing a virMacAddr with a raw 6 byte MAC address buffer
	then replace raw MAC addresses by replacing
	- 'unsigned char *' with virMacAddrPtr
	- 'unsigned char ... [VIR_MAC_BUFLEN]' with virMacAddr
	and introduce usage of above functions where necessary.

2012-07-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Do not fail virConnectCompareCPU if host CPU is not known
	When host CPU could not be properly detected, virConnectCompareCPU will
	just report that any CPU is incompatible with host CPU instead of
	failing.

	qemu: Fix probing for guest capabilities
	Even though qemu-kvm binaries can be used in TCG mode, libvirt would
	only detect them if /dev/kvm was available. Thus, one would need to make
	a /usr/bin/qemu symlink to be able to use TCG mode with qemu-kvm in an
	environment without KVM support.
	And even though QEMU is able to make use of KVM, libvirt would not
	advertise KVM support unless there was a qemu-kvm symlink available.
	This patch fixes both issues.

2012-07-16  Michal Privoznik  <mprivozn@redhat.com>

	docs: Improve patch submission guidelines
	We should really advise (new) developers to send rebased patches
	that apply cleanly and use git-send-email rather than all other
	obscure ways.

2012-07-14  Daniel P. Berrange  <berrange@redhat.com>

	Wire up handling for QMP's BALLOON_EVENT
	If QEMU supports the BALLOON_EVENT QMP event, then we can
	avoid invoking 'query-balloon' when returning XML or the
	domain info.
	* src/qemu/qemu_capabilities.c, src/qemu/qemu_capabilities.h:
	  Add QEMU_CAPS_BALLOON_EVENT
	* src/qemu/qemu_driver.c: Skip query-balloon in
	  qemudDomainGetInfo and qemuDomainGetXMLDesc if we have
	  QEMU_CAPS_BALLOON_EVENT set
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Check
	  for BALLOON_EVENT at connect to monitor. Add callback
	  for balloon change notifications
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h:
	  Add handling of BALLOON_EVENT and impl 'query-events'
	  check

	Define public API for receiving guest memory balloon events
	When the guest changes its memory balloon applications may want
	to know what the new value is, without having to periodically
	poll on XML / domain info. Introduce a "balloon change" event
	to let apps see this
	* include/libvirt/libvirt.h.in: Define the
	  virConnectDomainEventBalloonChangeCallback callback
	  and VIR_DOMAIN_EVENT_ID_BALLOON_CHANGE constant
	* python/libvirt-override-virConnect.py,
	  python/libvirt-override.c: Wire up helpers for new event
	* daemon/remote.c: Helper for serializing balloon event
	* examples/domain-events/events-c/event-test.c,
	  examples/domain-events/events-python/event-test.py: Add
	  example of balloon event usage
	* src/conf/domain_event.c, src/conf/domain_event.h: Handling
	  of balloon events
	* src/remote/remote_driver.c: Add handler of balloon events
	* src/remote/remote_protocol.x: Define wire protocol for
	  balloon events
	* src/remote_protocol-structs: Likewise.

2012-07-14  Chuck Short  <chuck.short@canonical.com>

	ARMHF: CPU Support for armhf.
	Adding CPU encoder/decoder for armhf to avoid runtime error messages.

2012-07-13  Hu Tao  <hutao@cn.fujitsu.com>

	fix failure when building with --disable-debug
	When building with --disable-debug, VIR_DEBUG expands to a nop.
	But parameters to VIR_DEBUG can be variables that are passed only
	to VIR_DEBUG. In the case the building system complains about unused
	variables.

2012-07-13  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	virsh: remove unnecessary sleep for nodecpustats --percent
	Fix for a minor issue:
	the sleep(1) statement was called twice,
	effectively doubling the elapsed time
	execution "virsh nodecpustats --percent".

2012-07-13  Jiri Denemark  <jdenemar@redhat.com>

	Clarify direct migration
	When --direct is used when migrating a domain running on a hypervisor
	that does not support direct migration (such as QEMU), the caller would
	get the following error message:
	    this function is not supported by the connection driver:
	    virDomainMigrateToURI2
	which is a complete nonsense since qemu driver implements
	virDomainMigrateToURI2. This patch would emit a more sensible error in
	this case:
	    Requested operation is not valid: direct migration is not supported
	    by the connection driver

2012-07-12  Christophe Fergeau  <cfergeau@redhat.com>

	Fix daemon auto-spawning
	Commit 32a9aac switched libvirt to use the XDG base directories
	to locate most of its data/config. In particular, the per-user socket
	for qemu:///session is now stored in the XDG runtime directory.
	This directory is located by looking at the XDG_RUNTIME_DIR environment
	variable, with a fallback to ~/.cache/libvirt if this variable is not
	set.
	When the daemon is autospawned because a client application wants
	to use qemu:///session, the daemon is ran in a clean environment
	which does not contain XDG_RUNTIME_DIR. It will create its socket
	in ~/.cache/libvirt. If the client application has XDG_RUNTIME_DIR
	set, it will not look for the socket in the fallback place, and will
	fail to connect to the autospawned daemon.
	This patch adds XDG_RUNTIME_DIR to the daemon environment before
	auto-starting it. I've done this in virNetSocketForkDaemon rather
	than in virCommandAddEnvPassCommon as I wasn't sure we want to pass
	these variables to other commands libvirt spawns. XDG_CACHE_HOME
	and XDG_CONFIG_HOME are also added to the daemon env as it makes use
	of those as well.

2012-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Support creation of sparse LVM volumes
	When calling 'lvcreate' if specifying both the '-L' and
	'--virtualsize' options, the latter will be treated as
	the capacity and the former as the allocation. This can
	be used to support sparse volume creation. In addition,
	when listing volumes it is necessary to include the 'size'
	field in lvs output, so that we can detect sparse volume
	allocation correctly.

	Remove all use of virRun in storage code
	To make it easier to dynamically change the command line ARGV,
	switch all storage code over to use virCommandPtr APIs for
	running programs

2012-07-12  Guido Günther  <agx@sigxcpu.org>

	virsh: remove extra space between function name and opening brace
	to match our CodingStyle.

2012-07-11  Sascha Peilicke  <saschpe@suse.de>

	Fix directory removal in filesystem storage driver
	Fix the virStorageBackendFileSystemVolDelete method to not use
	unlink() unconditionally. It must use rmdir() for volumes which
	are directories. It should also raise an error if given a volume
	which has the network/block type.

2012-07-11  Osier Yang  <jyang@redhat.com>

	storage: Default pool permission mode to 0755
	Per the typical use of libvirt is to fork the qemu process with
	qemu:qemu. Setting the pool permission mode as 0700 by default
	will prevent the guest start with permission reason.
	Define macro for the default pool and vol permission modes
	incidentally.

2012-07-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix shutdown of LXC controller
	Since we are not yet using the virNetServerPtr object for running
	the event loop, we can't use virNetServerQuit(). Instead set the
	global 'quit' flag in libvirt_lxc

2012-07-11  Peter Krempa  <pkrempa@redhat.com>

	test: Add test case for nodeinfotest if host machine doesn't have NUMA
	Test filling of nodeinfo structure if /sys/devices/system/node does not
	exist. (Based on dump from a real machine)

	test: Add new test case for nodeinfotest
	This patch adds test data that describe a machine that has two physical
	processors that don't share same core id's on their cores. On this data
	the "virsh nodeinfo" reported that the machine had 10 cores per socket
	while the processor had only 8. (Before fixing nodeinfo gathering code).

	nodeinfo: Fix gathering of nodeinfo data structure
	This patch changes the way data to fill the nodeinfo structure are
	gathered. We've gathere the test data by iterating processors an sockets
	separately from nodes. The reported data was based solely on information
	about core id. Problems arise when eg cores in mulit-processor machines
	don't have same id's on both processors or maybe one physical processor
	contains more NUMA nodes.
	This patch changes the approach how we detect processors and nodes. Now
	we start at enumerating nodes and for each node processors, sockets and
	threads are enumerated separately. This approach provides acurate data
	that comply to docs about the nodeinfo structure. This also enables to
	get rid of hacks: see commits 10d9038b744a69c8d4bd29c2e8c012a097481586,
	ac9dd4a676f21b5e3ca6dbe0526f2a6709072beb. (Those changes in nodeinfo.c
	are efectively reverted by this patch).
	This patch also changes output of one of the tests, as the processor
	topology is now acquired more precisely.

	nodeinfo_test: Enhance test data before changing nodeinfo gathering
	This patch adds test data needed by the new way node information will be
	gathered. This patch adds symlinks to cpu cores to their corresponding
	node directory.

2012-07-11  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Adding testcases for s390
	Add minimal s390-virtio domain testcase and testcases for virtio serial,
	net, disk for the virtio-s390 bus.

	S390: Domain Schema for s390-virtio machines.
	Added s390-virtio machine type to the XML schema for domains in order
	to not fail the domain schema tests.

	S390: Add support for virtio-s390 devices.
	The s390(x) architecture doesn't feature a PCI bus. For the purpose of
	supporting virtio devices a virtual bus called virtio-s390 is used.
	A new address type VIR_DOMAIN_DEVICE_ADDRESS_TYPE_VIRTIO_S390 is used to
	distinguish the virtio devices on s390 from PCI-based virtio devices.
	V3 Change: updated QEMU_CAPS_VIRTIO_S390 to fit upstream.

	qemu: Change tests to use (modified) qemuDomainAssignAddresses
	Rewrote the device assignment parts in tests to use qemuDomainAssignAddresses.
	This way the tests will work for new device address types as they show
	up in the future (like s390 device types).

	qemu: Extended qemuDomainAssignAddresses to be callable from everywhere.
	This is in preparation of the enablement of s390 guests with virtio devices.
	The assignment of device addresses happens in different places, i.e. the
	qemu driver and process modules as well as in the unit tests in slightly
	different flavors. Currently, these are PPC spapr-vio and PCI
	devices, virtio-s390 (not PCI based) will follow.
	By optionally passing to qemuDomainAssignAddresses the domain
	object and the capabilities it is now possible to call the function
	from most of the places (except for hotplug) where address assignment
	is done.

2012-07-11  Guido Günther  <agx@sigxcpu.org>

	openvz: Handle domain obj hash map errors
	This makes the driver fail with a clear error message in case of UUID
	collisions (for example if somebody copied a container configuration
	without updating the UUID) and also raises an error on other hash map
	failures.
	OpenVZ itself doesn't complain about duplicate UUIDs since this
	parameter is only used by libvirt.

2012-07-11  Christophe Fergeau  <cfergeau@redhat.com>

	Fix /domain/features setting in qemuParseCommandLine
	Commit 5e6ce1 moved down detection of the ACPI feature in
	qemuParseCommandLine. However, when ACPI is detected, it clears
	all feature flags in def->features to only set ACPI. This used to
	be fine because this was the first place were def->features was set,
	but after the move this is no longer necessarily true because this
	block comes before the ACPI check:
	if (strstr(def->emulator, "kvm")) {
	    def->virtType = VIR_DOMAIN_VIRT_KVM;
	    def->features |= (1 << VIR_DOMAIN_FEATURE_PAE);
	}
	Since def is allocated in qemuParseCommandLine using VIR_ALLOC, we
	can always use |= when modifying def->features

2012-07-11  Eric Blake  <eblake@redhat.com>

	build: detect all improper uses of _("%s")
	The only useful translation of "%s" as a format string is "%s" (I
	suppose you could claim "%1$s" is also valid, but why bother).  So
	it is not worth translating; fixing this exposes some instances
	where we were failing to translate real error messages.  This makes
	the fix of commit 097da1ab more generic, as well as ensuring no
	future regressions.
	* cfg.mk (sc_prohibit_useless_translation): New rule.
	* src/lxc/lxc_driver.c (lxcSetVcpuBWLive): Fix offender.
	* src/openvz/openvz_conf.c (openvzReadFSConf): Likewise.
	* src/qemu/qemu_cgroup.c (qemuSetupCgroupForVcpu): Likewise.
	* src/qemu/qemu_driver.c (qemuSetVcpusBWLive): Likewise.
	* src/xenapi/xenapi_utils.c (xenapiSessionErrorHandle): Likewise.

2012-07-10  Jim Fehlig  <jfehlig@suse.com>

	systemd: start libvirtd after network
	Domains configured with autostart may fail to start if the host
	network stack has not been started.  E.g. when using bridged
	networking autostarting a domain can fail with
	libvirtd[1403]: 2012-06-20 13:23:49.833+0000: 1485: error :
	qemuAutostartDomain:177 : Failed to autostart VM 'test': Cannot get
	interface MTU on 'br0': No such device

2012-07-10  Osier Yang  <jyang@redhat.com>

	util: Use current uid and gid if they are passed as -1 for virDirCreate
	All the callers of virDirCreate are updated incidentally.

	virsh: Ensure the parents of the readline history path exists
	Instead of changing the existed virFileMakePath to accept mode
	argument and modifying a pile of its uses, this patch introduces
	virFileMakePathWithMode, and use it instead of mkdir() to create
	the readline history dir.

2012-07-10  Hendrik Schwartke  <hendrik@os-t.de>

	docs: added description of the vendor_id attribute

2012-07-10  tangchen  <tangchen@cn.fujitsu.com>

	Fix a string format bug in qemu_cgroup.c

2012-07-10  Eric Blake  <eblake@redhat.com>

	maint: revert gnulib update, until fixed automake is in more distros
	The previous commit (56f34e5) accidentally bumped to latest gnulib,
	but that adds a syntax check for CVE-2012-3386 that won't be fixed
	until Automake 1.11.6/1.12.2 lands in more distros.
	* .gnulib: Undo accidental commit.

	build: fix typo that breaks non-Linux builds
	Commit 9612e4b2 introduced a typo and unused variable that break
	non-Linux builds.
	* src/util/virfile.c (virFileLoopDeviceAssociate): Fix syntax error.

	maint: update preferred contributor name
	Based on off-list discussion with Royce.
	* AUTHORS: Update to Royce Lv's preferred anglicized name.
	* .mailmap: Likewise.

2012-07-10  Peter Krempa  <pkrempa@redhat.com>

	virsh: Clarify documentation for virsh dompmsuspend command
	Clarify the docs to make more clear what this command does and that it
	requires a guest agent running in the guest.

2012-07-09  Peter Krempa  <pkrempa@redhat.com>

	storage_backend_fs: Allocate entry for host before accessing it
	Commit 122fa379de44a2fd0a6d5fbcb634535d647ada17 introduces option to
	store more than one host entry in a storage pool source definition. That
	commit causes a regression, where a check is added that only one host
	entry should be present (that actualy is not present as the source
	structure was just allocated and zeroed) instead of allocating memory
	for the host entry.

	storage_backend_fs: Don't free a part of a structure on error
	As the storage pool sources are stored in a list of structs, the pointer
	returned by virStoragePoolSourceListNewSource() shouldn't be freed as it
	points in the middle of a memory block. This combined with a regression
	that takes the error path every time on caused a double-free abort on
	the src struct in question.

	storage_conf: Break long line and polish coding style

2012-07-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Wrap libcurl multi handle

2012-07-06  Daniel P. Berrange  <berrange@redhat.com>

	Only ummount /proc, /sys, /dev if the root source is '/'
	Previous commits added code to unmount the existing /proc,
	/sys and /dev hierarchies on the root filesystem of the
	container. This should only have been done if the container's
	root filesystem was the same as the host's root. ie if
	the root source is '/'.   As it is, this causes LXC containersr
	to fail to start if their root source is not '/'

2012-07-05  Daniel Veillard  <veillard@redhat.com>

	Fix one test regression on auth Ceph support
	The extra data need to be added to one test case

2012-07-05  Daniel P. Berrange  <berrange@redhat.com>

	Switch to using virNetServer APIs for monitor socket
	In preparation for introducing a full RPC protocol for
	libvirt_lxc, switch over to using the virNetServer APIs
	for the monitor connection

	Move loop device setup code into virfile.{c,h}
	While it is not currently used elsewhere in libvirt, the code
	for finding a free loop device & associating a file with it
	is not LXC specific. Move it into the viffile.{c,h} file where
	potentially shared code is more commonly kept.

	Move cgroup objects into virLXCControllerPtr
	Move the cgroup object into virLXCControllerPtr and rename
	all the setup methods to include 'Cgroup' in their name
	if appropriate

	Move monitor into virLXCControllerPtr
	Move the monitor FDs into the virLXCControllerPtr object
	removing the need for the 'struct lxcMonitor' object

	Move /dev/pts setup out of virLXCControllerRun
	The virLXCControllerRun method is getting a little too large,
	and about 50% of its code is related to setting up a /dev/pts
	mount. Move the latter out into a dedicated method

	Move security manager into virLXCControllerPtr object
	Move the security manager object into the virLXCControllerPtr
	object. Also simplify the code creating it in the first place

	Move loop device FDs into virLXCControllerPtr object
	Move the list of loop device FDs into the virLXCControllerPtr
	object and make sure that virLXCControllerStopInit will
	close them all

	Move daemon handshake FD into virLXCControllerPtr
	Keep the FD used to handshake with the libvirtd daemon in the
	virLXCControllerPtr object.

	Make console handling part of virLXCControllerPtr
	Turn 'struct lxc_console' into virLXCControllerConsolePtr and make it
	a part of virLXCControllerPtr

	Store the init PID in the virLXCController object
	Keep a record of the init PID in the virLXCController object
	and create a virLXCControllerStopInit method for killing this
	process

	Move veth device management into virLXCControllerPtr object
	Move the veth device name state into the virLXCControllerPtr
	object and stop passing it around. Also use size_t instead
	of unsigned int for the array length parameters.

	Introduce a virLXCControllerPtr object to hold LXC controller state
	The LXC controller code is having to pass around an ever increasing
	number of parameters between methods. To make the code more managable
	introduce a virLXCControllerPtr to hold all this state, starting with
	the container name and virDomainDefPtr object

	Avoid build shared source files again for libvirt_lxc
	Currently the build of libvirt_lxc will cause recompilation
	of all sources under src/util, src/conf, src/security and
	more. Switch the libvirt_lxc process to link against the
	libtool convenience libraries that are already built as
	part of the main libvirt.os & libvirtd build process

	Allow RPC server to run single threaded
	Refactor the RPC server dispatcher code so that if 'max_workers==0'
	the entire server will run single threaded. This is useful for
	use cases where there will only ever be 1 client connected
	which serializes its requests

	Add a opaque parameter to the RPC client init callback
	The callback that is invoked when a new RPC client is
	initialized does not have any opaque parameter. Add
	one so that custom data can be passed into the callback

2012-07-05  Wido den Hollander  <wido@widodh.nl>

	qemu: Always set auth_supported for Ceph disks.
	Recently the Ceph project defaulted auth_supported from 'none' to 'cephx'.
	When no auth information was set for Ceph disks this would lead to librados defaulting to
	'cephx', but there would be no additional authorization information.
	We now explicitly set auth_supported to none when passing down arguments to Qemu.

2012-07-04  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix ordering of arguments when calling vshCalloc.
	In vshSnapshotListCollect() vshCalloc was called with swapped nmemb and
	size argument. This caused division by zero in xalloc_oversized as the
	macro doesn't expect size to be zero.

2012-07-04  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vmware: detect when a domain was shut down from the inside
	This patch adds an internal function vmwareUpdateVMStatus to
	update the real state of the domain. This function is used in
	various places in the driver, in particular to detect when
	the domain has been shut down by the user with the "halt"
	command.

2012-07-04  Peter Krempa  <pkrempa@redhat.com>

	remote: Fill remote parameters in remoteDomainListAllSnapshots()
	This patch fills the domain argument that is sent to the remote side.
	This caused a client segfault as the argument was NULL.

	qemu: Mark domains as having managed state image only on managed save
	QEMU domains were marked as having managed save image even if they were
	saved using the regular save. With this patch, domains are marked so
	only when using managed save API.

2012-07-03  Hendrik Schwartke  <hendrik@os-t.de>

	Added the attribute vendor_id to the cpu model
	Introducing the attribute vendor_id to force the CPUID instruction
	in a kvm guest to return the specified vendor.

2012-07-03  Josh Durgin  <josh.durgin@inktank.com>

	qemu: add rbd to whitelist of migration-safe formats
	QEMU (and librbd) flush the cache on the source before the
	destination starts, and the destination does not read any
	changeable data before that, so live migration with rbd caching
	is safe.
	This makes 'virsh migrate' work with rbd and caching without the
	--unsafe flag.
	Reported-by: Vladimir Bashkirtsev <vladimir@bashkirtsev.com>

2012-07-02  Eric Blake  <eblake@redhat.com>

	maint: use full author name for previous commit
	* .mailmap: Add a name alias.

2012-07-02  lvroyce  <lvroyce@linux.vnet.ibm.com>

	fix key error for qemuMonitorGetBlockStatsInfo
	virDomainBlockStatsFlags can't collect total_time_ns for read/write/flush
	because of key typo when retriveing from qemu cmd result

2012-07-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.13
	* configure.ac docs/news.html.in libvirt.spec.in: new version and
	  documentation update
	* po/*.po*: updated and regenerated localizations

2012-06-30  Doug Goldstein  <cardoe@cardoe.com>

	virsh: Cleanup virsh -V output
	Fixed up virsh -V output by removing invalid WITH_PROXY & WITH_ONE
	checks, adding several missing checks, and fixing the DTrace check.

2012-06-30  Eric Blake  <eblake@redhat.com>

	build: use correct limit for unsigned long long
	Reported by Jason Helfman as a build-breaker on FreeBSD.
	* src/conf/domain_conf.c (virDomainFSDefParseXML): Use POSIX
	spelling.
	* src/openvz/openvz_conf.c (openvzReadFSConf): Likewise.

2012-06-30  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Fix memory leak
	Below patch fixes this coverity report:
	/libvirt/src/conf/nwfilter_conf.c:382:
	leaked_storage: Variable "varAccess" going out of scope leaks the storage it points to.

2012-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Remove sub-mounts under /dev when starting an LXC container
	Since we are mounting a new /dev in the container, we must
	remove any sub-mounts like /dev/shm, /dev/mqueue, etc,
	otherwise they'll be recorded in /proc/mounts, but not be
	accessible to applications.

2012-06-29  Eiichi Tsukata  <eiichi.tsukata.xh@hitachi.com>

	Fix vm's outbound traffic control problem
	Hello,
	This is a patch to fix vm's outbound traffic control problem.
	Currently, vm's outbound traffic control by libvirt doesn't go well.
	This problem was previously discussed at libvir-list ML, however
	it seems that there isn't still any answer to the problem.
	http://www.redhat.com/archives/libvir-list/2011-August/msg00333.html
	I measured Guest(with virtio-net) to Host TCP throughput with the
	command "netperf -H".
	Here are the outbound QoS parameters and the results.
	outbound average rate[kilobytes/s] : Guest to Host throughput[Mbit/s]
	======================================================================
	1024  (8Mbit/s)                    : 4.56
	2048  (16Mbit/s)                   : 3.29
	4096  (32Mbit/s)                   : 3.35
	8192  (64Mbit/s)                   : 3.95
	16384 (128Mbit/s)                  : 4.08
	32768 (256Mbit/s)                  : 3.94
	65536 (512Mbit/s)                  : 3.23
	The outbound traffic goes down unreasonably and is even not controled.
	The cause of this problem is too large mtu value in "tc filter" command run by
	libvirt. The command uses burst value to set mtu and the burst is equal to
	average rate value if it's not set. This value is too large. For example
	if the average rate is set to 1024 kilobytes/s, the mtu value is set to 1024
	kilobytes. That's too large compared to the size of network packets.
	Here libvirt applies tc ingress filter to Host's vnet(tun) device.
	Tc ingress filter is implemented with TBF(Token Buckets Filter) algorithm. TBF
	uses mtu value to calculate the amount of token consumed by each packet. With too
	large mtu value, the token consumption rate is set too large. This leads to
	token starvation and deterioration of TCP throughput.
	Then, should we use the default mtu value 2 kilobytes?
	The anser is No, because Guest with virtio-net device uses 65536 bytes
	as mtu to transmit packets to Host, and the tc filter with the default mtu
	value 2k drops packets whose size is larger than 2k. So, the most packets
	is droped and again leads to deterioration of TCP throughput.
	The appropriate mtu value is 65536 bytes which is equal to the maximum value
	of network interface device defined in <linux/netdevice.h>. The value is
	not so large that it causes token starvation and not so small that it
	drops most packets.
	Therefore this patch set the mtu value to 64kb(== 65535 bytes).
	Again, here are the outbound QoS parameters and the TCP throughput with
	the libvirt patched.
	outbound average rate[kilobytes/s] : Guest to Host throughput[Mbit/s]
	======================================================================
	1024  (8Mbit/s)                    : 8.22
	2048  (16Mbit/s)                   : 16.42
	4096  (32Mbit/s)                   : 32.93
	8192  (64Mbit/s)                   : 66.85
	16384 (128Mbit/s)                  : 133.88
	32768 (256Mbit/s)                  : 271.01
	65536 (512Mbit/s)                  : 547.32
	The outbound traffic conforms to the given limit.
	Thank you,

2012-06-29  Peter Krempa  <pkrempa@redhat.com>

	network_conf: Don't free uninitialized pointers while parsing DNS SRV
	If the user specified invalid protocol type in a network's SRV record
	the error path ended up in freeing uninitialized pointers causing a
	daemon crash.
	*network_conf.c: virNetworkDNSSrvDefParseXML(): initialize local
	                                                variables

2012-06-28  Peter Krempa  <pkrempa@redhat.com>

	conf: Don't shadow error from virGetDomain()
	virGetDomain() does a good job of reporting errors itself. This patch
	removes shadowing of that error in virDomainListPopulate().

	maint: include ignore-value in internal.h
	The ignore_value macro is used across libvirt. This patch includes it in
	the internal header and cleans all other includes.

	vbox: Add support for virConnectListAllDomains()
	VirtualBox doesn't use the common virDomainObj implementation so this
	patch adds a separate implementation using the VirtualBox API.
	This driver implementation supports all currently defined flags. As
	VirtualBox does not support transient guests, managed save images and
	autostarting we assume all guests are persistent, don't have a managed
	save image and are not autostarted. Filtering for existence of those
	properities results in empty list.

2012-06-28  Osier Yang  <jyang@redhat.com>

	storage: Error out if the target is already mounted for netfs pool
	mnt_fsname can not be the same, as we check the duplicate pool
	sources earlier before, means it can't be the same pool, moreover,
	a pool can't be started if it's already active anyway. So no reason
	to act as success.

2012-06-28  Marc-André Lureau  <marcandre.lureau@gmail.com>

	configure: show correct default argument in help
	Pushed without ack, under the trivial rule.

2012-06-27  Michal Privoznik  <mprivozn@redhat.com>

	events: Don't fail on registering events for two different domains
	virConnectDomainEventRegisterAny() takes a domain as an argument.
	So it should be possible to register the same event (be it
	VIR_DOMAIN_EVENT_ID_LIFECYCLE for example) for two different domains.
	That is, we need to take domain into account when searching for
	duplicate event being already registered.

2012-06-27  Doug Goldstein  <cardoe@cardoe.com>

	virsh: Add domdisplay cmd for VNC, SPICE and RDP
	v2:
	- Refactored to use virBuffer
	- Refactored to use virXPath wrappers
	- Added support for tls-port and password for SPICE
	- Added optional flag to disable SPICE password to the URI
	- Added support for RDP
	- Fixed code reviews
	Add a new 'domdisplay' command that provides a URI for VNC, SPICE and
	RDP connections. Presently the 'vncdisplay' command provides you with
	the port info that QEMU is listening on but there is no counterpart for
	SPICE and RDP. Additionally this provides you with the bind address as
	specified in the XML, which the existing 'vncdisplay' lacks. For SPICE
	connections it supports secure and unsecure channels and optionally
	providing the password for the SPICE channel.

2012-06-27  Daniel P. Berrange  <berrange@redhat.com>

	Remove accidentally added Patch: lines from mingw-libvirt.spec.in

2012-06-27  Christophe Fergeau  <cfergeau@redhat.com>

	doc: fix typo in virDomainDestroy API doc

2012-06-27  Guido Günther  <agx@sigxcpu.org>

	Add /tools/libvirt-guests.service to .gitignore
	since it's an autogenerated file

	Don't install systemd service files executable
	since they aren't. Detected by Debian's lintian.

2012-06-25  Michal Privoznik  <mprivozn@redhat.com>

	AUTHORS: Update
	Latest patchset enabling libvirt on s390(x) was developed by
	  Viktor Mihajlovski   <mihajlov@linux.vnet.ibm.com>
	  Thang Pham           <thang.pham@us.ibm.com>
	Add them to the AUTHORS file.

2012-06-25  Thang Pham  <thang.pham@us.ibm.com>

	S390: Added sysinfo for host on s390(x).
	In order to retrieve some sysinfo data we need to parse /proc/sysinfo and
	/proc/cpuinfo.

2012-06-25  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Fixed core identification for s390
	For the s390x architecture the sysfs core_id alone is not unique. As a
	result it can happen that libvirt thinks there are less host CPUs available
	than really present.
	Currently, a logical CPU is equivalent to a core for s390x. We therefore
	produce a fake core id from the CPU number.

2012-06-25  Thang Pham  <thang.pham@us.ibm.com>

	S390: Fixed Parser for /proc/cpuinfo needs to be adapted for your architecture
	Minimal CPU "parser" for s390 to avoid compile time warning.

	S390: CPU support for s390(x)
	Adding CPU encoder/decoder for s390 to avoid runtime error messages.

2012-06-25  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Override QEMU_CAPS_NO_ACPI for s390x
	Starting a KVM guest on s390 fails immediately. This is because
	"qemu --help" reports -no-acpi even for the s390(x) architecture but
	-no-acpi isn't supported there.
	Workaround is to remove QEMU_CAPS_NO_ACPI from the capability set
	after the version/capability extraction.

2012-06-25  Wido den Hollander  <wido@widodh.nl>

	storage backend rbd: Do not prefix rbd: on volume names.
	We used to prefix 'rbd:' to volume names, this is not necessary.
	Qemu takes RBD devices in this way, like: qemu -drive rbd:pool/image
	When attaching a network disk like RBD to a guest we however do not use this prefix.
	Currently you can't map a RBD volume name directly to a domain without removing the prefix.

2012-06-25  Osier Yang  <jyang@redhat.com>

	qemu: Improve error if setmem fails for lacking of balloon support
	"cannot set memory of an active domain" is misleading, it sounds
	like setting memory of active domain is not supported.

2012-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Include the default listen address in the live guest XML
	If no 'listen' attribute or <listen> element is set in the
	guest XML, the default driver configured listen address is
	used. There is no way to client applications to determine
	what this address is though. When starting the guest, we
	should update the live XML to include this default listen
	address

2012-06-25  Michal Privoznik  <mprivozn@redhat.com>

	storage: Introduce --inactive for pool-dumpxml
	Storage is one of the last domains in libvirt where we don't fully
	utilize inactive and live XML. Okay, it might be because we don't
	have support for that. So implement such support. However, we need
	to fallback when talking to old daemon which doesn't support this
	new flag called VIR_STORAGE_XML_INACTIVE.

	storage: Switch to new def on pool-destroy
	Currently, we share the idea of old & new def with domains. Users can
	*-edit an object (domain, pool) which spawns a new internal
	representation for them. This is referenced via
	{domainObj,poolObj}->newDef [compared to ->def]. However, for pool we
	were never overwriting def with newDef. This must be done on
	pool-destroy (like we do analogically in domain detroy).

	sanlock: Properly indent
	One of latest patches (0fce94fe) didn't properly indented #define
	making syntax-check fail.

2012-06-25  Daniel Veillard  <veillard@redhat.com>

	Fix compilation on older sanlock
	Temporary fix since compilation broke with older version of
	sanlock following acbd4965c44c4dbc676dfe89aff970052e376073

2012-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Remove stray debug fprintf in XML parser

2012-06-25  Daniel J Walsh  <dwalsh@redhat.com>

	Support bind mounting host files, as well as directories in LXC
	Currently libvirt-lxc checks to see if the destination exists and is a
	directory.  If it is not a directory then the mount fails.  Since
	libvirt-lxc can bind mount files on an inode, this patch is needed to
	allow us to bind mount files on files.  Currently we want to bind mount
	on top of /etc/machine-id, and /etc/adjtime
	If the destination of the mount point does not exists, it checks if the
	src is a directory and then attempts to create a directory, otherwise it
	creates an empty file for the destination.  The code will then bind mount
	over the destination.

2012-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Allow NOCONFIGURE=1 to make autogen.sh skip ./configure
	Sometimes it is useful to re-bootstrap libvirt without running
	through a ./configure invocation immediately. eg if you want
	to run ./configure for Mingw32 rather than native.

	Fix unused parameters / functions in virsh on Win32
	The vshPrintRaw function is not used on Win32, and neither
	is the 'msg' parameter of vshAskReedit. Change the nesting
	of #ifdef WIN32 conditionals to address this

	Update to latest GNULIB to fix compat with Mingw64 toolchain
	On both x86_64-w64-mingw32 and i686-w64-mingw32 there were
	the following warnings/errors:
	  CC     fstat.lo
	../../../gnulib/lib/fstat.c:27:0: warning: "stat" redefined [enabled by default]
	In file included from ./sys/stat.h:32:0,
	                 from ../../../gnulib/lib/fstat.c:25:
	/usr/x86_64-w64-mingw32/sys-root/mingw/include/sys/stat.h:258:0: note: this is the location of the previous definition
	../../../gnulib/lib/fstat.c:28:0: warning: "fstat" redefined [enabled by default]
	In file included from ./sys/stat.h:32:0,
	                 from ../../../gnulib/lib/fstat.c:25:
	/usr/x86_64-w64-mingw32/sys-root/mingw/include/sys/stat.h:259:0: note: this is the location of the previous definition
	  CC     stat.lo
	../../../gnulib/lib/stat.c:32:0: warning: "stat" redefined [enabled by default]
	In file included from ./sys/stat.h:32:0,
	                 from ../../../gnulib/lib/stat.c:27:
	/usr/x86_64-w64-mingw32/sys-root/mingw/include/sys/stat.h:258:0: note: this is the location of the previous definition
	  CC     stdio-read.lo
	../../../gnulib/lib/stdio-read.c:102:1: error: redefinition of 'vscanf'
	In file included from ./stdio.h:43:0,
	                 from ../../../gnulib/lib/stdio-read.c:21:
	/usr/x86_64-w64-mingw32/sys-root/mingw/include/stdio.h:397:7: note: previous definition of 'vscanf' was here
	../../../gnulib/lib/stdio-read.c:108:1: error: redefinition of 'vfscanf'
	In file included from ./stdio.h:43:0,
	                 from ../../../gnulib/lib/stdio-read.c:21:
	/usr/x86_64-w64-mingw32/sys-root/mingw/include/stdio.h:384:7: note: previous definition of 'vfscanf' was here
	make[3]: *** [stdio-read.lo] Error 1
	make[3]: Leaving directory `/home/berrange/src/virt/libvirt/build/gnulib/lib'
	While on x86_64-w64-mingw32 only there was:
	In file included from ../../../gnulib/lib/regex.c:69:0:
	../../../gnulib/lib/regcomp.c: In function 'parse_dup_op':
	../../../gnulib/lib/regcomp.c:2624:39: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
	../../../gnulib/lib/regcomp.c: In function 'mark_opt_subexp':
	../../../gnulib/lib/regcomp.c:3859:19: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]

	winsock2.h must always be included before windows.h
	Some GNULIB headers (eg unistd.h) will often need to include
	winsock2.h for various symbols. There is a rule that winsock2.h
	must be included before windows.h. This means that any file
	which does
	  #ifdef WIN32
	  #include <windows.h>
	  #endif
	  #include <unistd.h>
	is potentially broken. A simple rule is that /all/ includes of
	windows.h must be matched with a preceding include of winsock2.h
	regardless of whether unistd.h is used currently

	Switch automated builds to use Mingw64 toolchain instead of Mingw32
	The Mingw32 toolchain is broadly obsoleted by the Mingw64 toolchain.
	The latter has been adopted by Fedora 17 and newer. Maintaining a
	RPM spec for Mingw32 is a needless burden, so switch to a Mingw64
	RPM spec (which provides 32 & 64 bit builds).

2012-06-25  Doug Goldstein  <cardoe@cardoe.com>

	virsh: Use virXPath wrappers for vncdisplay cmd
	Update the vncdisplay command to use the virXPath wrappers as well as
	check if the domain is up rather than using the port set to -1 to mean
	the domain is not up.

2012-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Add support for shared sanlock leases
	A sanlock lease can be marked as shared (rather
	than exclusive)  using SANLK_RES_SHARED flag. This
	adds support for that flag and ensures that in auto
	disk mode, any shared disks use shared leases. This
	also makes any read-only disks be completely
	ignored.
	These changes remove the need for the option
	  ignore_readonly_and_shared_disks
	so that is removed

	Add support for guest bind mounts with LXC
	Currently you can configure LXC to bind a host directory to
	a guest directory, but not to bind a guest directory to a
	guest directory. While the guest container init could do
	this itself, allowing it in the libvirt XML means a stricter
	SELinux policy can be written

	Add support for RAM filesystems for LXC
	Introduce a new syntax for filesystems to allow use of a RAM
	filesystem
	   <filesystem type='ram'>
	      <source usage='10' units='MiB'/>
	      <target dir='/mnt'/>
	   </filesystem>
	The usage units default to KiB to limit consumption of host memory.
	* docs/formatdomain.html.in: Document new syntax
	* docs/schemas/domaincommon.rng: Add new attributes
	* src/conf/domain_conf.c: Parsing/formatting of RAM filesystems
	* src/lxc/lxc_container.c: Mounting of RAM filesystems

2012-06-23  Hu Tao  <hutao@cn.fujitsu.com>

	fix a bug of ref count in virnetserver.c
	The test of ref count is not protected by lock, which is unsafe because
	the ref count may have been changed by other threads during the test.
	This patch fixes this.

2012-06-22  Peter Krempa  <pkrempa@redhat.com>

	virsh: Improve error when trying to change vm's cpu count 0
	This patch adds a check for the count of processors the user requests
	for the guest machine so that invalid values produce a more helpful
	error message.

2012-06-22  Jim Fehlig  <jfehlig@suse.com>

	Fix deadlock on libvirtd shutdown
	When shutting down libvirtd, the virNetServer shutdown can deadlock
	if there are in-flight jobs being handled by virNetServerHandleJob().
	virNetServerFree() will acquire the virNetServer lock and call
	virThreadPoolFree() to terminate the workers, waiting for the workers
	to finish.  But in-flight workers will attempt to acquire the
	virNetServer lock, resulting in deadlock.
	Fix the deadlock by unlocking the virNetServer lock before calling
	virThreadPoolFree().  This is safe since the virNetServerPtr object
	is ref-counted and only decrementing the ref count needs to be
	protected.  Additionally, there is no need to re-acquire the lock
	after virThreadPoolFree() completes as all the workers have
	terminated.

2012-06-21  Gerd Hoffmann  <kraxel@redhat.com>

	qemu: Add xhci support
	qemu 1.1 features a xhci controller,
	this patch adds support for it.

2012-06-21  Peter Krempa  <pkrempa@redhat.com>

	virsh: add support for virConnectListAllDomains and clean up cmdList
	This patch makes use of the newly added api virConnectListAllDomains()
	to list domains in virsh.
	Virsh now represents lists of domains using an internal structure
	vshDomainList. This structure contains the virDomainPtr list as provided
	by virConnectListAllDomains() and the count of domains in the list.
	For backwards compatibility, the function vshDomainListCollect was added
	that tries to enumerate the domains using the new API and if the API is
	not supported falls back to the older approach with the two list
	functions.  The helper function also simulates filtering by all
	currently supported flags added with virConnectListAllDomains().
	This patch also cleans up the "list" command handler to use the new
	helpers and adds new command line flags to make use of filtering.

	virsh: Rename namesorter to vshNameSorter and clean up indentation

2012-06-21  Osier Yang  <jyang@redhat.com>

	util: Fix the indention
	src/util/util.c: virFileOpenAs.

2012-06-21  Jim Fehlig  <jfehlig@suse.com>

	Initialize random generator in lxc controller
	The lxc contoller eventually makes use of virRandomBits(), which was
	segfaulting since virRandomInitialize() is never invoked.
	Program received signal SIGSEGV, Segmentation fault.
	0x00007ffff554d560 in random_r () from /lib64/libc.so.6
	(gdb) bt
	0  0x00007ffff554d560 in random_r () from /lib64/libc.so.6
	1  0x0000000000469eaa in virRandomBits (nbits=32) at util/virrandom.c:80
	2  0x000000000045bf69 in virHashCreateFull (size=256,
	    dataFree=0x4aa2a2 <hashDataFree>, keyCode=0x45bd40 <virHashStrCode>,
	    keyEqual=0x45bdad <virHashStrEqual>, keyCopy=0x45bdfa <virHashStrCopy>,
	    keyFree=0x45be37 <virHashStrFree>) at util/virhash.c:134
	3  0x000000000045c069 in virHashCreate (size=0, dataFree=0x4aa2a2 <hashDataFree>)
	    at util/virhash.c:164
	4  0x00000000004aa562 in virNWFilterHashTableCreate (n=0)
	    at conf/nwfilter_params.c:686
	5  0x00000000004aa95b in virNWFilterParseParamAttributes (cur=0x711d30)
	    at conf/nwfilter_params.c:793
	6  0x0000000000481a7f in virDomainNetDefParseXML (caps=0x702c90, node=0x7116b0,
	    ctxt=0x7101b0, bootMap=0x0, flags=0) at conf/domain_conf.c:4589
	7  0x000000000048cc36 in virDomainDefParseXML (caps=0x702c90, xml=0x710040,
	    root=0x7103b0, ctxt=0x7101b0, expectedVirtTypes=16, flags=0)
	    at conf/domain_conf.c:8658
	8  0x000000000048f011 in virDomainDefParseNode (caps=0x702c90, xml=0x710040,
	    root=0x7103b0, expectedVirtTypes=16, flags=0) at conf/domain_conf.c:9360
	9  0x000000000048ee30 in virDomainDefParse (xmlStr=0x0,
	    filename=0x702ae0 "/var/run/libvirt/lxc/x.xml", caps=0x702c90,
	    expectedVirtTypes=16, flags=0) at conf/domain_conf.c:9310
	10 0x000000000048ef00 in virDomainDefParseFile (caps=0x702c90,
	    filename=0x702ae0 "/var/run/libvirt/lxc/x.xml", expectedVirtTypes=16, flags=0)
	    at conf/domain_conf.c:9332
	11 0x0000000000425053 in main (argc=5, argv=0x7fffffffe2b8)
	    at lxc/lxc_controller.c:1773

2012-06-21  Osier Yang  <jyang@redhat.com>

	storage: Set the perms if the pool target already exists for fs pools
	The comment says:
	/* Now create the final dir in the path with the uid/gid/mode
	 * requested in the config. If the dir already exists, just set
	 * the perms.
	 */
	However, virDirCreate is only invoked if the target path doesn't
	exist yet (which is opposite with the comment), or the uid from
	the config is not -1 (I don't understand why, think it's just
	another mistake). And the result is the perms of the pool won't
	be changed if one tries to build the pool with different perms
	again.
	Besides these logic error fix, if no uid and gid are specified in
	the config, the practical used uid, gid are reflected.

2012-06-21  Eric Blake  <eblake@redhat.com>

	snapshot: implement new APIs for esx and vbox
	The two new APIs are rather trivial; based on bits and pieces of
	other existing APIs.  But rather than blindly return 0 or 1 for
	HasMetadata, I chose to first validate that the snapshot in
	question in fact exists.
	* src/esx/esx_driver.c (esxDomainSnapshotIsCurrent)
	(esxDomainSnapshotHasMetadata): New functions.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotIsCurrent)
	(vboxDomainSnapshotHasMetadata): Likewise.

	snapshot: require existence before returning success
	Blindly returning success is misleading if the object no longer
	exists; it is a bit better to check for existence up front before
	returning information about that object.  This pattern matches the
	fact that most of our other APIs check for existence as a side
	effect prior to getting at the real piece of information being
	queried.
	* src/esx/esx_driver.c (esxDomainIsUpdated, esxDomainIsPersistent):
	Add existence checks.
	* src/vbox/vbox_tmpl.c (vboxDomainIsPersistent)
	(vboxDomainIsUpdated): Likewise.

2012-06-20  Peter Krempa  <pkrempa@redhat.com>

	drivers: Implement virListAllDomains for drivers using virDomainObj
	This patch adds support for listing all domains into drivers that use
	the common virDomainObj implementation: libxl, lxc, openvz, qemu, test,
	uml, vmware.
	For drivers that don't support managed save images the guests are
	treated as if they had none, so filtering guests that do have such an
	image on this driver succeeds and produces 0 results.

2012-06-20  Guido Günther  <agx@sigxcpu.org>

	openvz: check pointer size instead of int
	since int is 4 bytes on both i386 and amd64.

2012-06-20  Dipankar Sarma  <dipankar@in.ibm.com>

	Fix default USB controller for ppc64
	Fix the default usb controller for pseries systems if none
	specified.

2012-06-20  Eric Blake  <eblake@redhat.com>

	list: add qemu snapshot list support
	The two new functions are very similar to the existing functions;
	just a matter of different arguments and a call to a different
	helper function.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotListNames)
	(qemuDomainSnapshotNum, qemuDomainSnapshotListChildrenNames)
	(qemuDomainSnapshotNumChildren): Support new flags.
	(qemuDomainListAllSnapshots): New functions.

	list: new helper function to collect snapshots
	Wraps the conversion from 'char *name' to virDomainSnapshotPtr in
	a reusable manner.
	* src/conf/virdomainlist.h (virDomainListSnapshots): New declaration.
	* src/conf/virdomainlist.c (virDomainListSnapshots): Implement it.
	* src/libvirt_private.syms (virdomainlist.h): Export it.

	list: provide RPC call for snapshots
	The generator doesn't handle lists of virDomainSnapshotPtr, so
	this commit requires a bit more work than some RPC additions.
	* src/remote/remote_protocol.x
	(REMOTE_PROC_DOMAIN_LIST_ALL_SNAPSHOTS)
	(REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_ALL_CHILDREN): New RPC calls,
	with corresponding structs.
	* daemon/remote.c (remoteDispatchDomainListAllSnapshots)
	(remoteDispatchDomainSnapshotListAllChildren): New functions.
	* src/remote/remote_driver.c (remoteDomainListAllSnapshots)
	(remoteDomainSnapshotListAllChildren): Likewise.
	* src/remote_protocol-structs: Regenerate.

	list: provide python bindings for snapshots
	This adds support for the new virDomainListAllSnapshots (a domain
	function) and virDomainSnapshotListAllChildren (a snapshot function)
	to the libvirt-python bindings.  The implementation is done manually
	as the generator does not support wrapping lists of C pointers into
	python objects.
	* python/libvirt-override.c (libvirt_virDomainListAllSnapshots)
	(libvirt_virDomainSnapshotListAllChildren): New functions.
	* python/libvirt-override-api.xml: Document them.
	* python/libvirt-override-virDomain.py (listAllSnapshots): New
	file.
	* python/libvirt-override-virDomainSnapshot.py (listAllChildren):
	Likewise.
	* python/Makefile.am (CLASSES_EXTRA): Ship them.

	list: use the new snapshot API in virsh when possible
	Using the new API is so much shorter than the rest of the remainder
	of the function.
	* tools/virsh.c (vshSnapshotList): Use the new API.

	list: add virDomainListAllSnapshots API
	There was an inherent race between virDomainSnapshotNum() and
	virDomainSnapshotListNames(), where an additional snapshot could
	be created in the meantime, or where a snapshot could be deleted
	before converting the name back to a virDomainSnapshotPtr.  It
	was also an awkward name: the function operates on domains, not
	domain snapshots.  virDomainSnapshotListChildrenNames() suffered
	from the same inherent race, although its naming was nicer.
	This patch makes things nicer by grabbing a snapshot list
	atomically, in the format most useful to the user.
	* include/libvirt/libvirt.h.in (virDomainListAllSnapshots)
	(virDomainSnapshotListAllChildren): New declarations.
	* src/libvirt.c (virDomainSnapshotListNames)
	(virDomainSnapshotListChildrenNames): Add cross-references.
	(virDomainListAllSnapshots, virDomainSnapshotListAllChildren):
	New functions.
	* src/libvirt_public.syms (LIBVIRT_0.9.13): Export them.
	* src/driver.h (virDrvDomainListAllSnapshots)
	(virDrvDomainSnapshotListAllChildren): New callbacks.
	* python/generator.py (skip_function): Prepare for later
	hand-written versions.

	snapshot: expose new flags in virsh
	Previously, to get the name of all snapshots with children, it was
	necessary to get the name of all snapshots and then remove the
	name of leaf snapshots.  This is racy, and somewhat inefficient
	compared to planned API additions.  We can emulate --no-metadata on
	0.9.5-0.9.12, but for now, there is no emulation of --no-leaves.
	* tools/virsh.c (cmdSnapshotList): Add new options --no-leaves and
	--no-metadata.
	(vshSnapshotList): Emulate where possible.
	* tools/virsh.pod (snapshot-list): Document them.

	snapshot: add additional filters when getting lists
	It turns out that one-bit filtering makes it hard to select the inverse
	set, so it is easier to provide filtering groups.  For back-compat,
	omitting all bits within a group means the group is not used for
	filtering, and by definition of a group (each snapshot matches exactly
	one bit within the group, and the set of bits in the group covers all
	snapshots), selecting all bits also makes the group useless.
	Unfortunately, virDomainSnapshotListChildren defined the bit
	VIR_DOMAIN_SNAPSHOT_LIST_DESCENDANTS as an expansion rather than a
	filter, so we cannot make it part of a filter group, so that bit
	(and its counterpart VIR_DOMAIN_SNAPSHOT_LIST_ROOTS for
	virDomainSnapshotList) remains a single control bit.
	* include/libvirt/libvirt.h.in (virDomainSnapshotListFlags): Add a
	couple more flags.
	* src/libvirt.c (virDomainSnapshotNum)
	(virDomainSnapshotNumChildren): Document them.
	(virDomainSnapshotListNames, virDomainSnapshotListChildrenNames):
	Likewise, and add thread-safety caveats.
	* src/conf/virdomainlist.h (VIR_DOMAIN_SNAPSHOT_FILTERS_*): New
	convenience macros.
	* src/conf/domain_conf.c (virDomainSnapshotObjListCopyNames)
	(virDomainSnapshotObjListCount): Support the new flags.

2012-06-20  Martin Kletzander  <mkletzan@redhat.com>

	virsh: fix few typos on desc command
	virsh help fix:
	 - <--title> can also /get/ the title
	virsh man page:
	 - missing <domain-id>
	 - <new_desc> should be <new-desc>

	domain_conf: fix possible memory leak
	Until now, it was possible to crash libvirtd when defining domain with
	channel device with missing source element.
	When creating new virDomainChrDef, target.port is set to -1, but
	unfortunately it is an union with addresses that virDomainChrDefFree
	tries to free in case the deviceType is channel. Having the port set
	to -1 is intended, however the cleanest way to get around the problems
	with the crash seems to be renumbering the VIR_DOMAIN_CHR_CHANNEL_
	target types to cover new NONE type (with value 0) being the default
	(no target type yet).

2012-06-19  Peter Krempa  <pkrempa@redhat.com>

	error: Fix typos in argument checking macros
	Macro virCheckNullArgGoto is supposed to check for NULL argument but
	checks non-NULL instead.
	Macro virCheckNonNullArgReturn reports error as if the argument should
	be NULL when it shouldn't.

2012-06-19  Martin Kletzander  <mkletzan@redhat.com>

	virsh: make domiftune interface help string consistent
	Append '(MAC Address)' after the help string of domiftune virsh
	command as it takes the same type of argument as domif-{get,set}link
	which have it specified.

2012-06-19  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: avoid useless duplicate memory free
	when lxcContainerIdentifyCGroups failed, the memory it allocated
	has been freed, so we should not free this memory again in
	lxcContainerSetupPivortRoot and lxcContainerSetupExtraMounts.

2012-06-19  Peter Krempa  <pkrempa@redhat.com>

	driver: Clean up driver header to space indentation

2012-06-19  Eric Blake  <eblake@redhat.com>

	snapshot: merge count and name collection
	Another case where we can do the same amount of work with fewer
	lines of redundant code, which will make adding new filters easier.
	* src/conf/domain_conf.c (virDomainSnapshotNameData): Adjust
	struct.
	(virDomainSnapshotObjListCount): Delete, now taken care of...
	(virDomainSnapshotObjListCopyNames): ...here.
	(virDomainSnapshotObjListGetNames): Adjust caller to handle
	counting.
	(virDomainSnapshotObjListNum): Simplify.

	snapshot: merge domain and snapshot computation
	Now that domain listing is a thin wrapper around child listing,
	it's easier to have a common entry point.  This restores the
	hashForEach optimization lost in the previous patch when there
	are no snapshots being filtered out of the entire list.
	* src/conf/domain_conf.h (virDomainSnapshotObjListGetNames)
	(virDomainSnapshotObjListNum): Add parameter.
	(virDomainSnapshotObjListGetNamesFrom)
	(virDomainSnapshotObjListNumFrom): Delete.
	* src/libvirt_private.syms (domain_conf.h): Drop deleted functions.
	* src/conf/domain_conf.c (virDomainSnapshotObjListGetNames):
	Merge, and (re)add an optimization.
	* src/qemu/qemu_driver.c (qemuDomainUndefineFlags)
	(qemuDomainSnapshotListNames, qemuDomainSnapshotNum)
	(qemuDomainSnapshotListChildrenNames)
	(qemuDomainSnapshotNumChildren): Update callers.
	* src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Likewise.
	* src/conf/virdomainlist.c (virDomainListPopulate): Likewise.

	snapshot: use metaroot node to simplify management
	This idea was first suggested by Daniel Veillard here:
	https://www.redhat.com/archives/libvir-list/2011-October/msg00353.html
	Now that I am about to add more complexity to snapshot listing, it
	makes sense to avoid code duplication and special casing for domain
	listing (all snapshots) vs. snapshot listing (descendants); adding
	a metaroot reduces the number of code lines by having the domain
	listing turn into a descendant listing of the metaroot.
	Note that this has one minor pessimization - if we are going to list
	ALL snapshots without filtering, then virHashForeach is more efficient
	than recursing through the child relationships; restoring that minor
	optimization will occur in the next patch.
	* src/conf/domain_conf.h (_virDomainSnapshotObj)
	(_virDomainSnapshotObjList): Repurpose some fields.
	(virDomainSnapshotDropParent): Drop unused parameter.
	* src/conf/domain_conf.c (virDomainSnapshotObjListGetNames)
	(virDomainSnapshotObjListCount): Simplify.
	(virDomainSnapshotFindByName, virDomainSnapshotSetRelations)
	(virDomainSnapshotDropParent): Match new field semantics.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
	(qemuDomainSnapshotReparentChildren, qemuDomainSnapshotDelete):
	Adjust clients.

2012-06-19  Guido Günther  <agx@sigxcpu.org>

	openvz: Fix wordsize on 64 bit architectures
	The word size there is 64 bit not 8.

2012-06-19  Peter Krempa  <pkrempa@redhat.com>

	conf: Add helper for listing domains on drivers supporting virDomainObj
	This patch adds common code to list domains in fashion used by
	virListAllDomains with all currently supported flags. The header file
	also contains macros that group filters together that are used to
	shorten filter conditions.

	conf: Store managed save image existence in virDomainObj
	This patch stores existence of the image in the object. At start of the
	daemon the state is checked and then updated in key moments in domain
	lifecycle.

	remote: implement remote protocol for virConnectListAllDomains()
	This patch wires up the RPC protocol handlers for
	virConnectListAllDomains(). The RPC generator has no support for the way
	how virConnectListAllDomains() returns the results so the handler code
	had to be done manually.
	The new api is handled by REMOTE_PROC_CONNECT_LIST_ALL_DOMAINS, with
	number 273 and marked with high priority.

	python: add API exports for virConnectListAllDomains()
	This patch adds export of the new API function
	virConnectListAllDomains() to the libvirt-python bindings. The
	virConnect object now has method "listAllDomains" that takes only the
	flags parameter and returns a python list of virDomain object
	corresponding to virDomainPtrs returned by the underlying api.
	The implementation is done manually as the generator does not support
	wrapping list of virDomainPtrs into virDomain objects.

	lib: Add public api to enable atomic listing of guest
	This patch adds a new public api that lists domains. The new approach is
	different from those used before. There are key points to this:
	1) The list is acquired atomically and contains both active and inactive
	domains (guests). This eliminates the need to call two different list
	APIs, where the state might change in between the calls.
	2) The returned list consists of virDomainPtrs instead of names or ID's
	that have to be converted to virDomainPtrs anyways using separate calls
	for each one of them. This is more convenient and saves hypervisor calls.
	3) The returned list is auto-allocated. This saves a lot of hassle for
	the users.
	4) Built in support for filtering. The API call supports various
	filtering flags that modify the output list according to user needs.
	Available filter groups:
	    Domain status:
	    VIR_CONNECT_LIST_DOMAINS_ACTIVE, VIR_CONNECT_LIST_DOMAINS_INACTIVE
	    Domain persistence:
	    VIR_CONNECT_LIST_DOMAINS_PERSISTENT,
	    VIR_CONNECT_LIST_DOMAINS_TRANSIENT
	    Domain state:
	    VIR_CONNECT_LIST_DOMAINS_RUNNING, VIR_CONNECT_LIST_DOMAINS_PAUSED,
	    VIR_CONNECT_LIST_DOMAINS_SHUTOFF, VIR_CONNECT_LIST_DOMAINS_OTHER
	    Existence of managed save image:
	    VIR_CONNECT_LIST_DOMAINS_MANAGEDSAVE,
	    VIR_CONNECT_LIST_DOMAINS_NO_MANAGEDSAVE
	    Auto-start option:
	    VIR_CONNECT_LIST_DOMAINS_AUTOSTART,
	    VIR_CONNECT_LIST_DOMAINS_NO_AUTOSTART
	    Existence of snapshot:
	    VIR_CONNECT_LIST_DOMAINS_HAS_SNAPSHOT,
	    VIR_CONNECT_LIST_DOMAINS_NO_SNAPSHOT
	5) The python binding returns a list of domain objects that is very neat
	to work with.
	The only problem with this approach is no support from code generators
	so both RPC code and python bindings had to be written manually.
	*include/libvirt/libvirt.h.in: - add API prototype
	                               - clean up whitespace mistakes nearby
	*python/generator.py: - inhibit generation of the bindings for the new
	                        api
	*src/driver.h: - add driver prototype
	               - clean up some whitespace mistakes nearby
	*src/libvirt.c: - add public implementation
	*src/libvirt_public.syms: - export the new symbol

2012-06-19  Daniel P. Berrange  <berrange@redhat.com>

	Add a custom 404 error page for the website

2012-06-19  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: fix incorrect DEBUG info
	print debug info "container support is enabled"
	when host support the user or net namespace.

	LXC: fix memory leak in lxcContainerSetupExtraMounts
	kill the "return 0;" code, it will cause memory leak.

2012-06-19  Eric Blake  <eblake@redhat.com>

	build: fix whitespace damage
	Introduced in commit 1f8c33b67.
	* src/lxc/lxc_container.c (lxcContainerGetSubtree): Avoid TAB.

2012-06-18  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: fix memory leak in lxcContainerGetSubtree
	when libvirt_lxc trigger oom error in lxcContainerGetSubtree
	we should free the alloced memory for mounts.
	so when lxcContainerGetSubtree failed,we should do some
	memory cleanup in lxcContainerUnmountSubtree.

	LXC: fix memory leak in lxcContainerMountFSBlockHelper
	we alloc the memory for format in lxcContainerMountDetectFilesystem
	but without free it in lxcContainerMountFSBlockHelper.
	this patch just call VIR_FREE to free it.

2012-06-18  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Update vol-create-as manpage
	as we support qed format as well.

	virsh: Tweak attach-* documentation
	as we are missing:
	attach-disk: --type can accept 'lun' too, not just cdrom or floppy.
	attach-disk: --target specify logical device name, not path
	attach-interface: --target silently drops strings with vnet* prefix

2012-06-16  Michal Privoznik  <mprivozn@redhat.com>

	qemu_agent: Wait for events instead of agent response
	With latest changes to qemu-ga success on some commands is not reported
	anymore, e.g. guest-shutdown or guest-suspend-*. However, errors are
	still being reported. Therefore, we need to find different source of
	indication if operation was successful. Events.

	qemu_agent: Add some more debug prints
	for agent ref count and qemuProcessHandleAgentDestroy

2012-06-16  Eric Blake  <eblake@redhat.com>

	snapshot: use new virsh function for snapshot-list
	Operating on a list of snapshot objects looks so much simpler.
	In particular, since the helper function already trimmed out
	irrelevant entries, we no longer have quite so many special cases
	on finding the first snapshot to operate on.  Also, vshTreePrint
	no longer has a generic callback struct; both clients now pass
	something different according to their own needs.
	* tools/virsh.c (cmdSnapshotList): Use previous patches.
	(vshTreeArrayLookup): Rename...
	(vshNodeListLookup): ...now that it only has one client.
	(cmdNodeListDevices): Adjust caller.

	snapshot: new virsh function factored from snapshot-list
	This patch is based on the fallback code out of cmdSnapshotList,
	with tweaks to keep the snapshot objects around rather than just
	their name, and to remove unwanted elements before returning.
	It looks forward to a future patch when we add a way to list all
	snapshot objects at once, and the next patch will simplify
	cmdSnapshotList to take advantage of this factorization.
	* tools/virsh.c (vshSnapshotList, vshSnapshotListFree): New functions.

	build: hoist qemu dependence on yajl to configure
	Commit 6e769eba made it a runtime error if libvirt was compiled
	without yajl support but targets a new enough qemu.  But enough
	users are hitting this on self-compiled libvirt that it is worth
	erroring out at compilation time, rather than an obscure failure
	when trying to use the built executable.
	* configure.ac: If qemu is requested and -version works, require
	yajl when qemu version is new enough.
	* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Add
	comment.

2012-06-16  Cole Robinson  <crobinso@redhat.com>

	autogen: Always abide --system
	If we do ./autogen.sh && ./configure, then later try ./autogen.sh --system,
	configure isn't invoked with the requested params. Instead
	config.status --recheck is run.

2012-06-16  Jim Fehlig  <jfehlig@suse.com>

	Check for errors when parsing bridge interface XML
	The return status of virInterfaceDefParseBridge() was not being
	checked, potentially resulting in the creation of a broken
	interface.

2012-06-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix launch of libvirtd when DHCP snooping support is not available.
	When libpcap is not available, the NWFilter driver provides a
	no-op stub for the DHCP snooping initialization. This was
	mistakenly returning '-1' instead of '0', so the entire driver
	initialization failed

	Add more debug logging for libvirtd startup
	To facilitate future troubleshooting add a bunch more debugging
	statements into important startup parts of libvirt

2012-06-15  Osier Yang  <jyang@redhat.com>

	schema: Update domain XML schema
	'boot' tag shouldn't be exclusive with 'kernel', 'initrd', and 'cmdline',
	though the boot sequence doesn't make sense when the guest boots from
	kernel directly. But it's useful if booting from kernel is to install
	a newguest, even if it's not to install a guest, there is no hurt. And
	on the other hand, we allow 'boot' and the kernel tags when parsing.

2012-06-15  Wen Congyang  <wency@cn.fujitsu.com>

	virsh: allow the user to specify vmcore's format
	Add a new parameter --memory-only for 'virsh dump' command. So
	the user can decide the vmcore's format.

	qemu: allow the client to choose the vmcore's format
	This patch updates qemu driver to allow the client to choose the
	vmcore's format: memory only or including device state.

	qemu: implement qemu's dump-guest-memory
	dump-guest-memory is a new dump mechanism, and it can work when the
	guest uses host devices. This patch adds a API to use this new
	monitor command.
	We will always use json mode if qemu's version is >= 0.15, so I
	don't implement the API for text mode.

	qemu: fix potential dead lock
	If we lock the qemu_driver, we should call qemuDomainObjBeginJobWithDriver()
	not qemuDomainObjBeginJob().

2012-06-15  Osier Yang  <jyang@redhat.com>

	virsh: Null terminated the string memcpy from buffer explicitly
	Detected by valgrind:
	==16217== 1 errors in context 1 of 12:
	==16217== Invalid read of size 1
	==16217==    at 0x4A07804: __GI_strlen (mc_replace_strmem.c:284)
	==16217==    by 0x3019F167F6: xdr_string (in /lib64/libc-2.12.so)
	==16217==    by 0x3033709E8D: xdr_remote_nonnull_string (remote_protocol.c:31)
	==16217==    by 0x303370E5CB: xdr_remote_domain_update_device_flags_args (remote_protocol.c:2028)
	==16217==    by 0x30337197D1: virNetMessageEncodePayload (virnetmessage.c:341)
	==16217==    by 0x30337135E1: virNetClientProgramCall (virnetclientprogram.c:327)
	==16217==    by 0x30336F1EFD: callWithFD (remote_driver.c:4586)
	==16217==    by 0x30336F1F7B: call (remote_driver.c:4607)
	==16217==    by 0x30336F42F2: remoteDomainUpdateDeviceFlags (remote_client_bodies.h:2865)
	==16217==    by 0x30336D46E5: virDomainUpdateDeviceFlags (libvirt.c:9457)
	==16217==    by 0x41AEE8: cmdChangeMedia (virsh.c:15249)
	==16217==    by 0x413CB4: vshCommandRun (virsh.c:18669)
	==16217==  Address 0x4ec5e25 is 0 bytes after a block of size 293 alloc'd
	==16217==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==16217==    by 0x303364F1DB: virAllocN (memory.c:129)
	==16217==    by 0x41A844: vshPrepareDiskXML (virsh.c:15043)
	==16217==    by 0x41AECC: cmdChangeMedia (virsh.c:15246)
	==16217==    by 0x413CB4: vshCommandRun (virsh.c:18669)
	==16217==    by 0x423973: main (virsh.c:20261)

2012-06-15  Laine Stump  <laine@laine.org>

	docs: small typo in formatdomain.html

2012-06-15  Daniel P. Berrange  <berrange@redhat.com>

	Always pivot_root event if the new root source is '/'
	This reverts
	  commit c16b4c43fcdd8ec02581f38377983b2e0925bfcd
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Fri May 11 15:09:27 2012 +0100
	    Avoid LXC pivot root in the root source is still /
	This commit broke setup of /dev, because the code which
	deals with setting up a private /dev and /dev/pts only
	works if you do a pivotroot.
	The original intent of avoiding the pivot root was to
	try and ensure the new root has a minimumal mount
	tree. The better way todo this is to just unmount the
	bits we don't want (ie old /proc & /sys subtrees.
	So apply the logic from
	  commit c529b47a756960d332fbe9903943dae855e7b949
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Fri May 11 11:35:28 2012 +0100
	    Trim /proc & /sys subtrees before mounting new instances
	to the pivot_root codepath as well

	Improve error message diagnosing incorrect XML CPU mode
	Tell the user what CPU mode value is wrong

2012-06-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: Enable disconnecting SPICE clients without changing password
	Libvirt updates the configuration of SPICE server only when something
	changes. This is unfortunate when the user wants to disconnect a
	existing spice session when the connected attribute is already
	"disconnect".
	This patch modifies the conditions for calling the password updater to
	be called when nothing changes, but the connected attribute is already
	"disconnect".

2012-06-14  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Report name from edited object
	There is a little easter egg in virsh: one can easily clone
	an object (domain, network, ...). Just 'virsh edit' change the name
	and remove <uuid>. And then, in the end when reporting success
	the new name was printed out.
	However, with recent edit rewrite we lost the final part and are
	still printing the original name out.

	virsh: Honor reedit opts printing to a function
	When printing reedit options we make stdin raw. However,
	this results in stdout being raw as well. Therefore we need
	to return carriage when doing new line. Unfortunately,
	'\r' cannot be part of internationalized messages hence
	we must move them to formatting string which then in turn
	become huge and disarranged. To solve this, a new function
	is introduced which takes variable string arguments and
	prepend each with "\r\n" just before printing.

2012-06-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix off-by-one error while unescaping monitor strings
	While unescaping the commands the commands passed through to the monitor
	function qemuMonitorUnescapeArg() initialized lenght of the input string
	to strlen()+1 which is fine for alloc but not for iteration of the
	string.
	This patch fixes the off-by-one error and drops the pointless check for
	a single trailing slash that is automaticaly handled by the default
	branch of switch.

	virsh: Don't generate invalid XML in attach-disk command
	The attach-disk command used with parameter --cache created an invalid
	XML snippet as the beginning of the <driver> element was not printed
	when used solely with --cache and no other attribute to driver.

2012-06-14  Laine Stump  <laine@laine.org>

	network: fully support/use VIR_NETWORK_XML_INACTIVE flag
	commit 52d064f42dbc857f4096dc60c0335395ffac73aa added
	VIR_NETWORK_XML_INACTIVE in order to allow suppressing the
	auto-generated list of VFs in network definitions, and a --inactive
	flag to virsh net-dumpxml to take advantage of the flag. However, it
	missed out on two opportunities:
	1) Use INACTIVE to get the current config of the network as it
	   exists on disk, rather than the currently active config.
	2) Add INACTIVE to the flags used for the virsh net-edit command, so
	   that it won't include the forward-pool interfaces that were
	   autogenerated, and so that a re-edit of the network prior to
	   restarting it will show any other edits made since the last restart
	   of the network. (prior to this patch, if you edited a network a 2nd
	   time without restarting, all of the previous edits would magically
	   disappear).
	In order to fit with the new #define-based generic edit function in
	virsh.c, a new function vshNetworkGetXMLDesc() was added. This
	function first tries to call virNetworkGetXMLDesc with the INACTIVE
	flag added, then retries without if the first attempt fails (in the
	manner expected when the server doesn't support it).

2012-06-14  Daniel P. Berrange  <berrange@redhat.com>

	Add some missing hook functions
	A core use case of the hook scripts is to be able to do things
	to a guest's network configuration. It is possible to hook into
	the 'start' operation for a QEMU guest which runs just before
	the guest is started. The TAP devices will exist at this point,
	but the QEMU process will not. It can be desirable to have a
	'started' hook too, which runs once QEMU has started.
	If libvirtd is restarted it will re-populate firewall rules,
	but there is no QEMU hook to trigger for existing domains.
	This is solved with a 'reconnect' hook.
	Finally, if attaching to an external QEMU process there needs
	to be an 'attach' hook script.
	This all also applies to the LXC driver
	* docs/hooks.html.in: Document new operations
	* src/util/hooks.c, src/util/hooks.c: Add 'started', 'reconnect'
	  and 'attach' operations for QEMU. Add 'prepare', 'started',
	  'release' and 'reconnect' operations for LXC
	* src/lxc/lxc_driver.c: Add hooks for 'prepare', 'started',
	  'release' and 'reconnect' operations
	* src/qemu/qemu_process.c: Add hooks for 'started', 'reconnect'
	  and 'reconnect' operations

2012-06-13  Daniel P. Berrange  <berrange@redhat.com>

	client rpc: Fix error checking after poll()
	First 'poll' can't return EWOULDBLOCK, and second, we're checking errno
	so far away from the poll() call that we've probably already trashed the
	original errno value.

2012-06-13  Jiri Denemark  <jdenemar@redhat.com>

	client rpc: Send keepalive requests from IO event loop
	In addition to keepalive responses, we also need to send keepalive
	requests from client IO loop to properly detect dead connection in case
	a libvirt API is called from the main loop, which prevents any timers to
	be called.

	server rpc: Remove APIs for manipulating filters on locked client
	We don't need to add or remove filters when client object is already
	locked anymore. There's no reason to keep the *Locked variants of those
	APIs.

	rpc: Remove unused parameter in virKeepAliveStopInternal
	The previous commit removed the only usage of ``all'' parameter in
	virKeepAliveStopInternal, which was actually the only reason for having
	virKeepAliveStopInternal. This effectively reverts most of commit
	6446a9e20cc65561ce6061742baf35a3a63d5ba1.

	rpc: Do not use timer for sending keepalive responses
	When a libvirt API is called from the main event loop (which seems to be
	common in event-based glib apps), the client IO loop would properly
	handle keepalive requests sent by a server but will not actually send
	them because the main event loop is blocked with the API. This patch
	gets rid of response timer and the thread which is processing keepalive
	requests is also responsible for queueing responses for delivery.

	client rpc: Separate call creation from running IO loop
	This makes it possible to create and queue new calls while we are
	running IO loop.

	rpc: Add APIs for direct triggering of keepalive timer
	Add virKeepAliveTimeout and virKeepAliveTrigger APIs that can be used to
	set poll timeouts and trigger keepalive timer. virKeepAliveTrigger
	checks if it is called to early and does nothing in that case.

	rpc: Refactor keepalive timer code
	The code that needs to be run every keepalive interval of inactivity was
	only called from a timer and thus from the main event loop. We will need
	to call the code directly from another place.

	client rpc: Drop unused return value of virNetClientSendNonBlock
	As we never drop non-blocking calls, the return value that used to
	indicate a call was dropped is no longer needed.

	client rpc: Just queue non-blocking call if another thread has the buck
	As non-blocking calls are no longer dropped, we don't really need to
	care that much about their fate and wait for the thread with the buck
	to process them. If another thread has the buck, we can just push a
	non-blocking call to the queue and be done with it.

	client rpc: Don't drop non-blocking calls
	So far, we were dropping non-blocking calls whenever sending them would
	block. In case a client is sending lots of stream calls (which are not
	supposed to generate any reply), the assumption that having other calls
	in a queue is sufficient to get a reply from the server doesn't work. I
	tried to fix this in b1e374a7ac56927cfe62435179bf0bba1e08b372 but
	failed and reverted that commit.
	With this patch, non-blocking calls are never dropped (unless the
	connection is being closed) and will always be sent.

	client rpc: Use event loop for writing
	Normally, when every call has a thread associated with it, the thread
	may get the buck and be in charge of sending all calls until its own
	call is done. When we introduced non-blocking calls, we had to add
	special handling of new non-blocking calls. This patch uses event loop
	to send data if there is no thread to get the buck so that any
	non-blocking calls left in the queue are properly sent without having to
	handle them specially. It also avoids adding even more cruft to client
	IO loop in the following patches.
	With this change in, non-blocking calls may see unpredictable delays in
	delivery when the client has no event loop registered. However, the only
	non-blocking calls we have are keepalives and we already require event
	loop for them, which makes this a non-issue until someone introduces new
	non-blocking calls.

	client rpc: Improve debug messages in virNetClientIO
	When analyzing our debug log, I'm always confused about what each of the
	pointers mean. Let's be explicit.

2012-06-13  Eric Blake  <eblake@redhat.com>

	build: fix 'make dist' on virgin checkout
	'make dist' was depending on *protocol-structs files, which are
	stored in git but in turn depended on generated files.  We still
	want to ship the protocol-structs files, but by renaming the
	tests to something not matching a file name, we separate 'make
	check' (which depends on the generated file) from 'make dist'
	(which only depends on the git files).  After all, the tarball
	should never depend on a generated file not stored in git.
	I found one more case of a git file depending on a generated
	file, in a bogus virkeycode.c listing; but at least this one
	had no associated rules so it never broke 'make dist'.
	Reported by Wen Congyang.  Latent bug has been present since
	commit 62dee6f, but only recently exposed by commit 7bff56a.
	* src/Makefile.am ($(srcdir)/util/virkeycode.c): Drop useless
	dependency.
	(BUILT_SOURCES): ...and build virkeymaps.h sooner.
	(PROTOCOL_STRUCTS): Rather than depend on the struct file...
	(check-local): ...convert things into a phony target of...
	(check-protocol): ...a new check.
	($(srcdir)/remote_protocol-struct): Rename to isolate the distributed
	file from the conditional test.
	(PDWTAGS): Deal with rename.  Swap to compare 'expected actual'.

	build: silence gettext warning
	Otherwise, 'make dist' gives multiple warnings like:
	libvirt.pot:20814: warning: internationalized messages should not contain the `\r' escape sequence
	* tools/virsh.c (vshAskReedit): Avoid \r in _().

2012-06-12  Guido Günther  <agx@sigxcpu.org>

	openvz: wire up domainUpdateDeviceFlags
	so we can update file system quota

	openvz: add persist parameter to openvzSetDiskQuota
	with persist=false the domain config file will not be updated.

	Introduce virDomainFSIndexByName
	for containers matching virDomainDiskIndexByName.

2012-06-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in RPM specfile
	libvirt.spec.in: s/{?rhel}/%{?rhel}/

2012-06-12  Eric Blake  <eblake@redhat.com>

	python: fix snapshot listing bugs
	Python exceptions are different than libvirt errors, and we had
	some corner case bugs on OOM situations.
	* python/libvirt-override.c (libvirt_virDomainSnapshotListNames)
	(libvirt_virDomainSnapshotListChildrenNames): Use correct error
	returns, avoid segv on OOM, and avoid memory leaks on error.

	python: use simpler methods
	* python/libvirt-override.c (libvirt_virDomainGetVcpus)
	(libvirt_virDomainGetVcpuPinInfo): Use Py_XDECREF instead of
	open-coding it.

2012-06-12  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't overwrite security labels
	Currently, if qemuProcessStart fail at some point, e.g. because
	domain being started wants a PCI/USB device already assigned to
	a different domain, we jump to cleanup label where qemuProcessStop
	is performed. This unconditionally calls virSecurityManagerRestoreAllLabel
	which is wrong because the other domain is still using those devices.
	However, once we successfully label all devices/paths in
	qemuProcessStart() from that point on, we have to perform a rollback
	on failure - that is - we have to virSecurityManagerRestoreAllLabel.

	qemuProcessStop: Switch to flags
	Currently, we are passing only one boolean (migrated) so there is
	no real profit in this. But it creates starting position for
	next patch.

2012-06-12  Eric Blake  <eblake@redhat.com>

	snapshot: implement new APIs for qemu
	The two APIs are rather trivial; based on bits and pieces of other
	existing APIs.  It leaves the door open for future extension to
	qemu to report snapshots without metadata based on reading qcow2
	internal snapshot names.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotIsCurrent)
	(qemuDomainSnapshotHasMetadata): New functions.

2012-06-12  Laine Stump  <laine@laine.org>

	docs: minor fixes to domain interface documentation
	A few examples for <interface> had a type='direct' interface with no
	sub-elements. This is not allowed - a type='direct' interface must
	have at least a source element. (Most likely the example was copied
	from the type='user' or type='ethernet' examples - they *do* allow an
	instance with no sub-elements).
	There was also one place that mistakenly used %lt; ... %gt; instead of
	&lt; ... &gt; (for some reason, I make that typo all the time).

2012-06-12  Eric Blake  <eblake@redhat.com>

	snapshot: RPC for new query APIs
	Pretty straightforward.
	* src/remote/remote_protocol.x
	(remote_domain_snapshot_is_current_args)
	(remote_domain_snapshot_is_current_ret)
	(remote_domain_snapshot_has_metadata_args)
	(remote_domain_snapshot_has_metadata_ret): New structs.
	(REMOTE_PROC_DOMAIN_SNAPSHOT_IS_CURRENT)
	(REMOTE_PROC_DOMAIN_SNAPSHOT_HAS_METADATA): New RPC calls.
	* src/remote/remote_driver.c (remote_driver): Call them.
	* src/remote_protocol-structs: Regenerate.

	snapshot: add 'virsh snapshot-info'
	Expose the recent API additions in virsh.  Borrows ideas from 'dominfo'
	for the general type of information to display.
	Output looks like:
	$ tools/virsh snapshot-info fedora-local tmp
	Name:           tmp
	Domain:         fedora-local
	Current:        no
	State:          disk-snapshot
	Parent:         -
	Children:       1
	Descendants:    2
	Metadata:       yes
	possibly with fewer lines when talking to older servers.
	* tools/virsh.c (cmdSnapshotInfo): New command.
	* tools/virsh.pod (snapshot-info): Document it.

	docs: link to FLOSS Weekly podcast, virt blogs
	Eric Blake and Guido Günther were guests during this week's
	FLOSS Weekly podcast, giving insights into libvirt as a Free
	Software project.  Also, there are several useful blogs on
	virt-related topics.
	* docs/relatedlinks.html.in (Blogs and Podcasts): New section.

2012-06-12  Daniel P. Berrange  <berrange@redhat.com>

	Two RPM conditional fixes for RHEL-7
	Ensure systemd is used in RHEL-7 and cgconfig is not used in
	RHEL-7

2012-06-12  Eric Blake  <eblake@redhat.com>

	snapshot: new query APIs
	Right now, starting from just a virDomainSnapshotPtr, and wanting to
	know if it is the current snapshot for its respective domain, you have
	to use virDomainSnapshotGetDomain(), then virDomainSnapshotCurrent(),
	then compare the two names returned by virDomainSnapshotGetName().
	It is a bit easier if we can directly query this information from the
	snapshot itself.
	Right now, it is possible to filter a snapshot listing based on
	whether snapshots have metadata that would prevent domain deletion,
	but the only way to learn if an individual snapshot has metadata is
	to see if that snapshot appears in the list returned by a listing.
	Additionally, I hope to expand the qemu driver in a future patch to
	use qemu-img to reconstruct snapshot XML corresponding to internal
	qcow2 snapshot names not otherwise tracked by libvirt (in part, so
	that libvirt can guarantee that new snapshots are not created with
	a name that would silently corrupt the existing portion of the qcow2
	file); if I ever get that in, then it would no longer be an all-or-none
	decision on whether snapshots have metadata, and becomes all the more
	important to be able to directly determine that information from a
	particular snapshot.
	Other query functions (such as virDomainIsActive) do not have a flags
	argument, but since virDomainHasCurrentSnapshot takes a flags argument,
	I figured it was safer to provide a flags argument here as well.
	* include/libvirt/libvirt.h.in (virDomainSnapshotIsCurrent)
	(virDomainSnapshotHasMetadata): New declarations.
	* src/libvirt.c (virDomainSnapshotIsCurrent)
	(virDomainSnapshotHasMetadata): New functions.
	* src/libvirt_public.syms (LIBVIRT_0.9.13): Export them.
	* src/driver.h (virDrvDomainSnapshotIsCurrent)
	(virDrvDomainSnapshotHasMetadata): New driver callbacks.

2012-06-11  Eric Blake  <eblake@redhat.com>

	snapshot: virsh indentation cleanup
	No semantic change; this will make it easier to refactor code.
	* tools/virsh.c (cmdSnapshotList): Drop level of indentation, and
	rename a variable.

	virsh: make tree listing more flexible
	Requiring the user to pass in parallel arrays of names and parents
	is annoying; it means that you can't qsort one of the arrays without
	invalidating the ordering of the other.  By refactoring this function
	to use callbacks, we isolate the layout to be independent of the
	printing, and a future patch can exploit that to improve layout.
	* tools/virsh.c (vshTreePrintInternal): Use callbacks rather than
	requiring a char** array.
	(vshTreeArrayLookup): New helper function.
	(vshTreePrint, cmdNodeListDevices, cmdSnapshotList): Update callers.

	virsh: remove limits on tree listing
	I am not a fan of fixed-width buffers.  All it takes is a
	linear chain of more than 100 snapshots to mess up 'virsh
	snapshot-list --tree'.  Now that virBuffer is more powerful,
	we might as well exploit its power.
	* tools/virsh.c (cmdNodeListDevicesPrint): Simplify to use a
	virBuffer instead of fixed-width prefix, factor guts, and rename...
	(vshTreePrint, vshTreePrintInternal): ...along with new helper.
	(cmdNodeListDevices, cmdSnapshotList): Update callers.

	buf: support peeking at string contents
	Right now, the only way to get at the contents of a virBuffer is
	to destroy it.  But there are cases in my upcoming patches where
	peeking at the contents makes life easier.  I suppose this does
	open up the potential for bad code to dereference a stale pointer,
	by disregarding the docs that the return value is invalid on the
	next virBuf operation, but such is life.
	* src/util/buf.h (virBufferCurrentContent): New declaration.
	* src/util/buf.c (virBufferCurrentContent): Implement it.
	* src/libvirt_private.syms (buf.h): Export it.
	* tests/virbuftest.c (testBufAutoIndent): Test it.

2012-06-11  Michal Privoznik  <mprivozn@redhat.com>

	rpc: Fix memleak in virNetMessageEncodeHeader
	My latest patch for RPC rework (a2c304f6872) introduced a memory leak.
	virNetMessageEncodeHeader() is calling VIR_ALLOC_N(msg->buffer, ...)
	despite fact, that msg->buffer isn't VIR_FREE()'d on all paths calling
	the function. Therefore, rather than injecting free statement switch to
	VIR_REALLOC_N().

2012-06-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix privileges on /var/run/libvirt directory
	Previous commit
	  commit 32a9aac2e04c991340b66c855a1095e4e6445e54
	  Author: William Jon McCann <william.jon.mccann@gmail.com>
	  Date:   Thu May 3 12:36:27 2012 -0400
	    Use XDG Base Directories instead of storing in home directory
	Accidentally changed the umask when creating /var/run/libvirt
	to 077. This prevents /var/run/libvirt being readable by non-root,
	which is required for non-root to connect to libvirtd. Fix the
	code so that umask 077 is only used for the non-privileged libvirtd
	instance.

	Only migrate profile in non-privileged libvirtd instance
	Only the non-privileged libvirtd instance uses $HOME. So avoid
	running the code for migrating to XDG directories unless using
	a non-privileged libvirtd

2012-06-11  Eric Blake  <eblake@redhat.com>

	snapshot: avoid virsh crash with older servers
	Commits 51082301, 16d7b39, and 521cc447 introduced support for
	'virsh snapshot-list --from' when talking to a server older than
	0.9.5, but broke support for plain 'virsh snapshot-list' for the
	same old server in the process.  Because the code is not properly
	gated, we end up with a SIGSEGV during a strcmp with a NULL argument.
	* tools/virsh.c (cmdSnapshotList): Don't waste time on fallbacks
	when --from is not present.

2012-06-11  Osier Yang  <jyang@redhat.com>

	Update AUTHORS
	Commit a80bb970 forgot to update authors.

2012-06-11  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: fix memory leak in lxcContainerMountFSBlockAuto
	we forgot to free fslist,just add VIR_FREE(fslist).

	LXC: fix incorrect parameter of mount in lxcContainerMountFSBind
	when do remount,the source and target should be the same
	values specified in the initial mount() call.
	So change fs->dst to src.

	LXC: Delete unused variable src in lxcContainerMountBasicFS
	There is no code use the variable "src" in lxcContainerMountBasicFS.
	so delete it and VIR_FREE.

2012-06-11  Guido Günther  <agx@sigxcpu.org>

	msg_buf_size is unsigned long not size_t
	This fixes the build on 32bit systems which otherwise fails with:
	virnetmessagetest.c: In function 'testMessageHeaderEncode':
	virnetmessagetest.c:75:9: error: format '%zu' expects argument of type 'size_t', but argument 7 has type 'long unsigned int' [-Werror=format]

2012-06-09  Guido Günther  <agx@sigxcpu.org>

	Only check for cluster fs if we're using a filesystem
	otherwise migration fails for e.g. network filesystems like sheepdog
	with:
	   error: Invalid relative path 'virt-name': Invalid argument
	while we should fail with:
	    Migration may lead to data corruption if disks use cache != none
	References:
	    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676328
	    https://www.redhat.com/archives/libvirt-users/2012-May/msg00088.html

2012-06-09  Eric Blake  <eblake@redhat.com>

	snapshot: add virDomainSnapshotRef API
	virDomainSnapshotPtr has a refcount member, but no one was able
	to use it.  Furthermore, all of our other vir*Ptr objects have
	a *Ref method to match their *Free method.  Thankfully, this is
	client-side only, so we can use this new function regardless of
	how old the server side is!  (I have future patches to virsh
	that want to use it.)
	* include/libvirt/libvirt.h.in (virDomainSnapshotRef): Declare.
	* src/libvirt.c (virDomainSnapshotRef): Implement it.
	* src/libvirt_public.syms (LIBVIRT_0.9.13): Export it.

2012-06-08  Jiri Denemark  <jdenemar@redhat.com>

	util: Fix deadlock in virLogReset
	When libvirtd forks off a new child, the child then calls virLogReset(),
	which ends up closing file descriptors used as log outputs. However, we
	recently started logging closed file descriptors, which means we need to
	lock logging mutex which was already locked by virLogReset(). We don't
	really want to log anything when we are in the process of closing log
	outputs.

2012-06-08  Cole Robinson  <crobinso@redhat.com>

	Fix missing ) in 2 strings
	https://bugzilla.redhat.com/show_bug.cgi?id=801656

2012-06-08  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Assign correct address type to spapr-vlan and spapr-vty.
	For pseries guest, spapr-vlan and spapr-vty is based
	on spapr-vio address. According to model of network
	device, the address type should be assigned automatically.
	For serial device, serial pty device is recognized as
	spapr-vty device, which is also on spapr-vio.
	So this patch is to correct the address type of
	spapr-vlan and spapr-vty, and build correct
	command line of spapr-vty.
	Reviewed-by:   Michael Ellerman<michaele@au1.ibm.com>

2012-06-08  Eric Blake  <eblake@redhat.com>

	maint: make it easier to copy FORTIFY_SOURCE snippet
	While libvirt intentionally avoids -Wundef (after all, C99
	guarantees sane semantics of treating undefined macros as 0),
	the glibc insanity of #warning on _FORTIFY_SOURCE coupled with
	what some people feel is the black magic of autoconf means
	that other projects are likely to copy our snippet verbatim.
	We can be nicer to other projects by making it easier to
	integrate into projects that use -Wundef.
	Suggested by Christophe Fergeau.
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Be nice
	to other projects using -Wundef.

2012-06-07  Eric Blake  <eblake@redhat.com>

	command: avoid potential deadlock on handshake
	There is a theoretical problem of an extreme bug where we can get
	into deadlock due to command handshaking.  Thanks to a pair of pipes,
	we have a situation where the parent thinks the child reported an
	error and is waiting for a message from the child to explain the
	error; but at the same time the child thinks it reported success
	and is waiting for the parent to acknowledge the success; so both
	processes are now blocked.
	Thankfully, I don't think this deadlock is possible without at
	least one other bug in the code, but I did see exactly that sort
	of situation prior to commit da831af - I saw a backtrace where a
	double close bug in the parent caused the parent to read from the
	wrong fd and assume the child failed, even though the child really
	sent success.
	This potential deadlock is not quite like commit 858c247 (a deadlock
	due to multiple readers on one pipe preventing a write from completing),
	although the solution is similar - always close unused pipe fds before
	blocking, rather than after.
	* src/util/command.c (virCommandHandshakeWait): Close unused fds
	sooner.

2012-06-07  Martin Kletzander  <mkletzan@redhat.com>

	qemu: better detection of crashed domains
	When libvirtd is started and there is an unusable/not-connectable
	leftover from earlier started machine, it's more reasonable to say
	that the machine "crashed" if we know it was started with
	"-no-shutdown".
	This patch fixes that and also changes the other result (when machine
	was started without "-no-shutdown") to "unknown", because the previous
	"failed" reason means (according to include/libvirt/libvirt.h.in:174),
	that the machine failed to start.

2012-06-07  Eric Blake  <eblake@redhat.com>

	build: fix build without i18n
	If you compile without NLS support, where _() is a no-op macro,
	then we end up passing a string literal to a char*, provoking:
	In file included from virsh.c:3639:0:
	virsh-edit.c: In function ‘cmdSaveImageEdit’:
	virsh-edit.c:97:13: error: assignment discards ‘const’ qualifier from pointer target type [-Werror]
	virsh-edit.c:106:13: error: assignment discards ‘const’ qualifier from pointer target type [-Werror]
	* tools/virsh-edit.c: Be const-safe.

2012-06-07  Cole Robinson  <crobinso@redhat.com>

	spec: Build against systemd for udev
	They have now merged. Fedora details here:
	https://lists.fedoraproject.org/pipermail/devel/2012-June/168227.html

2012-06-07  Eric Blake  <eblake@redhat.com>

	build: fix build of fresh checkout
	Commit 7bff56a worked in an incremental build, but fails for a
	fresh clone; apparently, if make sees both an actual file
	spelling and an inference rule, only the exact spelling is used.
	  CCLD   libvirt_driver_test.la
	  CC     libvirt_driver_remote_la-remote_driver.lo
	remote/remote_driver.c:4707:34: fatal error: remote_client_bodies.h: No such file or directory
	compilation terminated.
	BUILT_SOURCES to the rescue, instead of trying to mess with .lo
	dependencies directly.
	* src/Makefile.am (REMOTE_DRIVER_PREREQS, %remote_driver.lo): Drop...
	(BUILT_SOURCES): ...and add here instead.

2012-06-06  Eric Blake  <eblake@redhat.com>

	build: ensure storage driver is used
	Commit 1c275e9a accidentally dropped the storage driver from
	libvirtd, because it depended on a C preprocessor macro that
	was not defined.  Furthermore, if you do './configure
	--without-storage-dir --with-storage-disk' or any other combination
	where you explicitly build a subset of storage backends excluding
	the dir backend, then the build is broken.
	Based on analysis by Osier Yang.
	* configure.ac (WITH_STORAGE): Define top-level conditional.
	* src/Makefile.am (mod_LTLIBRARIES): Build driver even when
	storage_dir is disabled.
	* daemon/libvirtd.c: Pick up storage driver for any backend, not
	just dir.
	* daemon/Makefile.am (libvirtd_LDADD): Likewise.

2012-06-05  Michal Privoznik  <mprivozn@redhat.com>

	rpc: Size up RPC limits
	Since we are allocating RPC buffer dynamically, we can increase limits
	for max. size of RPC message and RPC string. This is needed to cover
	some corner cases where libvirt is run on such huge machines that their
	capabilities XML is 4 times bigger than our current limit. This leaves
	users with inability to even connect.

	rpc: Switch to dynamically allocated message buffer
	Currently, we are allocating buffer for RPC messages statically.
	This is not such pain when RPC limits are small. However, if we want
	ever to increase those limits, we need to allocate buffer dynamically,
	based on RPC message len (= the first 4 bytes). Therefore we will
	decrease our mem usage in most cases and still be flexible enough in
	corner cases.

2012-06-05  Eric Blake  <eblake@redhat.com>

	build: fix 'make distcheck' issues
	We had a distributed file (remote_protocol.h, which in turn was
	a prereq to remote_driver.c) depending on a generated file
	(libvirt_probes.h), which is a no-no for a VPATH build from a
	read-only source tree (no wonder 'make distcheck' tests precisely
	that situation):
	     File `libvirt_driver_remote.la' does not exist.
	       File `libvirt_driver_remote_la-remote_driver.lo' does not exist.
	             Prerequisite `libvirt_probes.h' is newer than target `../../src/remote/remote_protocol.h'.
	            Must remake target `../../src/remote/remote_protocol.h'.
	Invoking recipe from Makefile:7464 to update target `../../src/remote/remote_protocol.h'.
	make[3]: Entering directory `/home/remote/eblake/libvirt-tmp2/build/libvirt-0.9.12/_build/src'
	  GEN    ../../src/remote/remote_protocol.h
	cannot create ../../src/remote/remote_protocol.h: Permission denied at ../../src/rpc/genprotocol.pl line 31.
	make[3]: *** [../../src/remote/remote_protocol.h] Error 13
	Rather than making distributed .c files depend on generated files, we
	really want to ensure that compilation into .lo files is not attempted
	until the generated files are present, done by this patch.  Since there
	were two different sets of conditionally generated files that both
	feed the .lo file, I had to introduce a new variable REMOTE_DRIVER_PREREQS
	to keep automake happy.
	After that fix, the next issue was that make treats './foo' and 'foo'
	differently in determining whether an implicit %foo rule is applicable,
	with the result that locking/qemu-sanlock.conf wasn't properly being
	built at the right times.  Also, the output for using the .aug test
	files was a bit verbose.
	After fixing the src directory, the next error is related to the docs
	directory, where the tarball is missing a stamp file and thus tries to
	regenerate files that are already present:
	  GEN    ../../docs/apibuild.py.stamp
	Traceback (most recent call last):
	  File "../../docs/apibuild.py", line 2511, in <module>
	    rebuild("libvirt")
	  File "../../docs/apibuild.py", line 2495, in rebuild
	    builder.serialize()
	  File "../../docs/apibuild.py", line 2424, in serialize
	    output = open(filename, "w")
	IOError: [Errno 13] Permission denied: '../../docs/libvirt-api.xml'
	make[5]: *** [../../docs/apibuild.py.stamp] Error 1
	and fixing that exposed another case of a distributed file (generated
	html) depending on a built file (libvirt.h), but only when doing an
	in-tree build, because of a file glob.
	* src/Makefile.am ($(srcdir)/remote/remote_driver.c): Change...
	(libvirt_driver_remote_la-remote_driver.lo): ...to the real
	dependency.
	($(builddir)/locking/%-sanlock.conf): Drop $(builddir), so that
	rule gets run in time for test_libvirt_sanlock.aug.
	(test_libvir*.aug): Cater to silent build.
	(conf_DATA): Don't ship qemu-sanlock.conf in the tarball, since it
	is trivial to regenerate.
	* docs/Makefile.am (EXTRA_DIST): Ship our stamp file.
	($(APIBUILD_STAMP)): Don't depend on generated file.

2012-06-05  Jiri Denemark  <jdenemar@redhat.com>

	tests: Refresh qemu-1.1.0 data
	QEMU 1.1.0 has been officially released. With 1.1.0 QEMU went back to
	three-digits version even for the initial release and I renamed the data
	files to match this fact. They were generated with
	qemu-system-x86_64 -help >tests/qemuhelpdata/qemu-1.1.0
	qemu-system-x86_64 \
	    -device ? \
	    -device pci-assign,? \
	    -device virtio-blk-pci,? \
	    -device virtio-net-pci,? \
	    -device scsi-disk,? 2>tests/qemuhelpdata/qemu-1.1.0-device

2012-06-05  Osier Yang  <jyang@redhat.com>

	virsh: Back out if the argument for vol-create-as is malformed

	virsh: Accept UUID as an argument for net-info and net-start

	virsh: Accept UUID as an argument for storage commands
	Affected commands are: pool-start, vol-create-from.

2012-06-05  Beat Jörg  <Beat.Joerg@ssatr.ch>

	Fix for parallel port passthrough for QEMU
	I came across a bug that the command line generated for passthrough
	of the host parallel port /dev/parport0 by libvirt for QEMU is incorrect.
	It currently produces:
	-chardev tty,id=charparallel0,path=/dev/parport0
	-device isa-parallel,chardev=charparallel0,id=parallel0
	The first parameter is "tty". It sould be "parport".
	If I launch qemu with -chardev parport,... it works as expected.
	I have already filled a bug report (
	https://bugzilla.redhat.com/show_bug.cgi?id=823879 ), the topic was
	already on the list some months ago:
	https://www.redhat.com/archives/libvirt-users/2011-September/msg00095.html

2012-06-05  Eric Blake  <eblake@redhat.com>

	maint: command.c whitespace cleanups
	Noticed during the previous commit.
	* src/util/command.c: Fix some spacing and break long lines.

	command: avoid deadlock on EPIPE situation
	It is possible to deadlock libvirt by having a domain with XML
	longer than PIPE_BUF, and by writing a hook script that closes
	stdin early.  This is because libvirt was keeping a copy of the
	child's stdin read fd open, which means the write fd in the
	parent will never see EPIPE (remember, libvirt should always be
	run with SIGPIPE ignored, so we should never get a SIGPIPE signal).
	Since there is no error, libvirt blocks waiting for a write to
	complete, even though the only reader is also libvirt.  The
	solution is to ensure that only the child can act as a reader
	before the parent does any writes; and then dealing with the
	fallout of dealing with EPIPE.
	Thankfully, this is not a security hole - since the only way to
	trigger the deadlock is to install a custom hook script, anyone
	that already has privileges to install a hook script already has
	privileges to do any number of other equally disruptive things
	to libvirt; it would only be a security hole if an unprivileged
	user could install a hook script to DoS a privileged user.
	* src/util/command.c (virCommandRun): Close parent's copy of child
	read fd earlier.
	(virCommandProcessIO): Don't let EPIPE be fatal; the child may
	be done parsing input.
	* tests/commandhelper.c (main): Set up a SIGPIPE situation.
	* tests/commandtest.c (test20): Trigger it.
	* tests/commanddata/test20.log: New file.

2012-06-05  Laine Stump  <laine@laine.org>

	util: fix "make rpm" when viratomic.h is used
	Although src/util/viratomic.h has been added to the repo, up until now
	it hasn't been used. Stefan Berger is using it in his proposed dhcp
	snooping patches, and an rpm build with those patches failed due to
	viratomic.h not being packed up with the rest of the sources.

2012-06-05  Eric Blake  <eblake@redhat.com>

	build: allow building with newer glibc-headers and -O0
	glibc 2.15 (on Fedora 17) coupled with explicit disabling of
	optimization during development dies a painful death:
	In file included from /usr/include/limits.h:27:0,
	                 from /usr/lib/gcc/x86_64-redhat-linux/4.7.0/include/limits.h:169,
	                 from /usr/lib/gcc/x86_64-redhat-linux/4.7.0/include/syslimits.h:7,
	                 from /usr/lib/gcc/x86_64-redhat-linux/4.7.0/include/limits.h:34,
	                 from util/bitmap.c:26:
	/usr/include/features.h:314:4: error: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror=cpp]
	cc1: all warnings being treated as errors
	Work around this by only conditionally defining _FORTIFY_SOURCE,
	in the case where glibc can actually use it.  The trick is using
	AH_VERBATIM instead of AC_DEFINE.
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Squelch
	_FORTIFY_SOURCE when needed to avoid glibc #warnings.

2012-06-04  Wen Congyang  <wency@cn.fujitsu.com>

	fix make syntax-check failed

2012-06-04  Eric Blake  <eblake@redhat.com>

	build: fix sc_prohibit_readlink
	I noticed this during 'make syntax-check':
	prohibit_readlink
	grep: Unmatched ( or \(
	* cfg.mk (exclude_file_name_regexp--sc_prohibit_readlink): Fix
	mismatched '('.

2012-06-04  Jiri Denemark  <jdenemar@redhat.com>

	file: Log closing filedescriptors
	EBADF errors are logged as warnings as they normally indicate a double
	close bug. This patch also provides VIR_MASS_CLOSE helper to be user in
	the only case of mass close after fork when EBADF should rather be
	ignored.

	command: Fix debug message during handshake
	Probably a result of copy&paste...

2012-06-04  Radu Caragea  <dmns_serp@yahoo.com>

	Fix sync issue in virNetClientStreamEventRemoveCallback
	The stream lock is unlocked twice instead of being locked and then
	unlocked. Probably a typo.

2012-06-02  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Allow users to reedit rejected XML
	If users *-edit but make a mistake in XML all changes are
	permanently lost. However, if virsh is not running within
	a script we can ask user if he wants to re-edit the file
	and correct the mistakes.

	virsh: Switch from generated cmd*Edit commands to nongenerated
	Currently, we either generate some cmd*Edit commands (cmdPoolEdit
	and cmdNetworkEdit) via sed script or copy the body of cmdEdit
	(e.g. cmdInterfaceEdit, cmdNWFilterEdit, etc.). This fact makes
	it harder to implement any new feature to our editing system.
	Therefore switch to new implementation - define macros to:
	- dump XML (EDIT_GET_XML)
	- take an action if XML wasn't changed,
	  usually just vshPrint() (EDIT_NOT_CHANGED)
	- define new object (EDIT_DEFINE) - the edited XML is in @doc_edited
	- free object defined by EDIT_DEFINE (EDIT_FREE)
	and #include "virsh-edit.c"

2012-06-02  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Add multiple IP address support to DHCP snooping
	With support for multiple IP addresses per interface in place, this patch
	now adds support for multiple IP addresses per interface for the DHCP
	snooping code.
	Testing:
	Since the infrastructure I tested this with does not provide multiple IP
	addresses per MAC address (anymore), I either had to plug the VM's interface
	from the virtual bride connected directly to the infrastructure to virbr0
	to get a 2nd IP address from dnsmasq (kill and run dhclient inside the VM)
	or changed the lease file  (/var/run/libvirt/network/nwfilter.leases) and
	restart libvirtd to have a 2nd IP address on an existing interface.
	Note that dnsmasq can take a lease timeout parameter as part of the --dhcp-range
	command line parameter, so that timeouts can be tested that way
	(--dhcp-range 192.168.122.2,192.168.122.254,120). So, terminating and restarting
	dnsmasq with that parameter is another choice to watch an IP address disappear
	after 120 seconds.
	Regards,
	   Stefan

	nwfilter: move code for IP address map into separate file
	The goal of this patch is to prepare for support for multiple IP
	addresses per interface in the DHCP snooping code.
	Move the code for the IP address map that maps interface names to
	IP addresses into their own file. Rename the functions on the way
	but otherwise leave the code as-is. Initialize this new layer
	separately before dependent layers (iplearning, dhcpsnooping)
	and shut it down after them.

	nwfilter: add DHCP snooping
	This patch adds DHCP snooping support to libvirt. The learning method for
	IP addresses is specified by setting the "CTRL_IP_LEARNING" variable to one of
	"any" [default] (existing IP learning code), "none" (static only addresses)
	or "dhcp" (DHCP snooping).
	Active leases are saved in a lease file and reloaded on restart or HUP.
	The following interface XML activates and uses the DHCP snooping:
	    <interface type='bridge'>
	      <source bridge='virbr0'/>
	      <filterref filter='clean-traffic'>
	        <parameter name='CTRL_IP_LEARNING' value='dhcp'/>
	      </filterref>
	    </interface>
	All filters containing the variable 'IP' are automatically adjusted when
	the VM receives an IP address via DHCP. However, multiple IP addresses per
	interface are silently ignored in this patch, thus only supporting one IP
	address per interface. Multiple IP address support is added in a later
	patch in this series.

2012-06-02  Marti Raudsepp  <marti@juffo.org>

	qemu: move -name arg to be 1st in "ps x" output
	Currently, monitoring QEMU virtual machines with standard Unix
	sysadmin tools is harder than it has to be. The QEMU command line is
	often miles long and mostly redundant, it's hard to tell which process
	is which.
	This patch reorders the QEMU -name argument to be the first, so it's
	immediately visible in "ps x", htop and "atop -c" output.

2012-06-02  Laine Stump  <laine@laine.org>

	qemu: fix netdev alias name assignment wrt type='hostdev'
	This patch resolves:
	   https://bugzilla.redhat.com/show_bug.cgi?id=827519
	The problem is that an interface with type='hostdev' will have an
	alias of the form "hostdev%d", while the function that looks through
	existing netdevs to determine the name to use for a new addition will
	fail if there's an existing entry that does not match the form
	"net%d".
	This is another of the handful of places that need an exception due to
	the hybrid nature of <interface type='hostdev'> (which is not exactly
	an <interface> or a <hostdev>, but is both at the same time).

2012-05-31  Martin Kletzander  <mkletzan@redhat.com>

	tools: make virt-pki-validate work with acls and xattrs
	This patch makes virt-pki-validate work with certificates that have
	acl or xattr set. Otherwise it failing due to wrong permissions.

2012-05-31  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: avoid closing fd more than once
	If we migrate to fd, spec->fwdType is not MIGRATION_FWD_DIRECT,
	we will close spec->dest.fd.local in qemuMigrationRun(). So we
	should set spec->dest.fd.local to -1 in qemuMigrationRun().
	Bug present since 0.9.5 (commit 326176179).

	command: check for fork error before closing fd
	We should not set *outfd or *errfd if virExecWithHook() failed
	because the caller may close these fds.
	Bug present since v0.4.5 (commit 60ed1d2a).

2012-05-31  Eric Blake  <eblake@redhat.com>

	fdstream: avoid double close bug
	Wen Congyang reported that we have a double-close bug if we fail
	virFDStreamOpenInternal, since childfd duplicated one of the fds[]
	array contents.  In truth, since we always transfer both members
	of fds to other variables, we should close the fds through those
	other names, and just use fds[] for pipe().
	Bug present since 0.9.0 (commit e886237a).
	* src/fdstream.c (virFDStreamOpenFileInternal): Swap scope of
	childfd and fds[], to avoid a double close.

	command: avoid double close bugs
	KAMEZAWA Hiroyuki reported a nasty double-free bug when virCommand
	is used to convert a string into input to a child command.  The
	problem is that the poll() loop of virCommandProcessIO would close()
	the write end of the pipe in order to let the child see EOF, then
	the caller virCommandRun() would also close the same fd number, with
	the second close possibly nuking an fd opened by some other thread
	in the meantime.  This in turn can have all sorts of bad effects.
	The bug has been present since the introduction of virCommand in
	commit f16ad06f.
	This is based on his first attempt at a patch, at
	https://bugzilla.redhat.com/show_bug.cgi?id=823716
	* src/util/command.c (_virCommand): Drop inpipe member.
	(virCommandProcessIO): Add argument, to avoid closing caller's fd
	without informing caller.
	(virCommandRun, virCommandNewArgs): Adjust clients.

2012-05-31  Wen Congyang  <wency@cn.fujitsu.com>

	avoid fd leak
	virCommandRunAsync() will set errfd if it succeed. We should
	close it if virFDStreamOpenInternal() fails.

	avoid closing uninitialized fd
	If the system does not support bypass cache, we will close fd,
	but it is uninitialized.

2012-05-31  Martin Kletzander  <mkletzan@redhat.com>

	Fixes for check and rpm builds without sanlock (and qemu)
	Apart from the non-sanlock check build, there is also a little fix for
	qemu (EXTRA_DIST had qemu.conf and others inside even if the build was
	supposed to be without qemu).

2012-05-30  Wen Congyang  <wency@cn.fujitsu.com>

	build: include augeas-gentest.pl into dist file
	We generate *.aug from *.aug.in by augeas-gentest.pl, so this script
	should be included in dist file.

2012-05-30  Eric Blake  <eblake@redhat.com>

	build: use same perl binary throughout build
	Some of our rules used $(PERL), while others used 'perl'.  Always
	using the variable allows a developer to point to a different (often
	better) perl than the default one found on $PATH.
	* daemon/Makefile.am ($(srcdir)/remote_dispatch.h): s/perl/$(PERL).
	* src/Makefile.am ($(srcdir)/remote/remote_client_bodies.h)
	(PDWTAGS, %protocol.c, %_probes.stp): Likewise.

	build: fix testing of augeas files in VPATH builds
	Without this fix, a VPATH build (such as used by ./autobuild.sh)
	fails with messages like:
	make[3]: Entering directory `/home/remote/eblake/libvirt-tmp2/build/daemon'
	../../build-aux/augeas-gentest.pl libvirtd.conf ../../daemon/test_libvirtd.aug.in test_libvirtd.aug
	cannot read libvirtd.conf: No such file or directory at ../../build-aux/augeas-gentest.pl line 38.
	Since the test files are not part of the tarball, we can generate
	them into the build dir, but rather than create a subdirectory
	just for the test file, it is easier to test them directly in
	libvirt.git/src.
	* daemon/Makefile.am (AUG_GENTEST): Factor out definition.
	(test_libvirtd.aug): Look for correct file.
	* src/Makefile.am (AUG_GENTEST): Use $(PERL).
	(qemu/test_libvirtd_qemu.aug, lxc/test_libvirtd_lxc.aug)
	(locking/test_libvirt_sanlock.aug): Rename to avoid subdirectories.
	(check-augeas-qemu, check-augeas-lxc, check-augeas-sanlock): Reflect
	location of built tests.
	* configure.ac (PERL): Substitute perl.

	build: silence warning from autoconf
	Autoconf 2.60 and later insist on using ${datarootdir}, rather than
	the derived ${datadir} (although the latter defaults to the former,
	it is possible to set configure arguments so that they differ):
	config.status: creating libvirt.pc
	config.status: WARNING:  'libvirt.pc.in' seems to ignore the --datarootdir setting
	This patch follows the autoconf manual's suggestions for how to
	support 2.59 (RHEL 5) and newer simultaneously.
	* libvirt.pc.in (datarootdir): Define, so ${datadir} will not ignore
	datarootdir when using newer autoconf.

2012-05-30  Michal Privoznik  <mprivozn@redhat.com>

	virCommand: Extend debug message for handshake
	Currently, we are logging only one side of pipes we
	create in virCommandRequireHandshake(); This is enough
	in cases where pipe2() returns two consecutive FDs. However,
	it is not guaranteed and it may return any FDs.
	Therefore, it's wise to log the other ends as well.

2012-05-30  Martin Kletzander  <mkletzan@redhat.com>

	lxc: return correct number of CPUs
	When getting number of CPUs the host has assigned, there was always
	number "1" returned. Even though all lxc domains with no pinning
	launched by libvirt run on all pCPUs (by default, no matter what's the
	number), we should at least return the same number as the user
	specified when creating the domain.

	build: Fixed generating of libvirt_qemu_probes.h
	I added libvirt_qemu_probes.h into BUILT_SOURCES. That makes it
	generated, but most probably it is not the clearest way how to do
	that, but it fixes the build.

2012-05-30  Dave Allan  <dallan@redhat.com>

	examples: add consolecallback example python script
	A while back I wrote the attached code to demonstrate how to use
	events and serial console to create a serial console that stays up
	even when the VM is down.  It might need some work, as I am not
	terribly strong with Python.
	* examples/python/consolecallback.py: New file.
	* examples/python/Makefile.am (EXTRA_DIST): Ship it.

2012-05-30  Eric Blake  <eblake@redhat.com>

	build: don't lose probes.o files
	The previous patch fixed an incremental build, but missed that on
	a fresh checkout, we now have nothing left that stops make from
	nuking libvirt_qemu_probes.o.
	* src/Makefile.am ($(libvirt_driver_qemu_la_SOURCES)): Delete,
	since this variable is empty.
	(.PRECIOUS): Add %_probes.o, so they don't get nuked as an
	intermediate by-product after creating %_probes.lo.

	build: fix missing dependencies for libvirt-qemu.so
	The moment you specify a _DEPENDENCIES, older automake (stupidly)
	assumes that you will specify _all_ dependencies for that target.
	This stupidity has been fixed in automake 1.12, but we cannot rely on
	newer automake everywhere.  For libvirt_la_DEPENDENCIES, we took
	care of providing the full list, but for libvirt_qemu_la_DEPENDENCIES,
	we were missing the dependency on libvirt_qemu_impl.la, which resulted
	in a failed build:
	make[3]: Entering directory `/home/ajia/Workspace/libvirt/src'
	   CCLD   libvirt_driver_qemu.la
	libtool: link: `libvirt_qemu_probes.lo' is not a valid libtool object
	* src/Makefile.am (libvirt_driver_qemu_la_DEPENDENCIES): Delete;
	automake does a better job if it does the entire job.

	build: don't clean a file that belongs in the tarball
	Otherwise, 'make rpm' fails with:
	make[2]: *** No rule to make target `locking/test_libvirt_sanlock.aug.in', needed by `distdir'.  Stop.
	make[2]: Leaving directory `/home/dipankar/src/powerpc/libvirt-ppc/src'
	make[1]: *** [distdir] Error 1
	Reported by Dipankar Sarma.
	* src/Makefile.am (CLEANFILES): Clean only the generated file.

2012-05-29  Eric Blake  <eblake@redhat.com>

	virsh: avoid strncpy
	strncpy is generally evil - it runs the risk of missing NUL
	termination, and more often than not wastes time zeroing way
	more bytes than strictly necessary.  We've avoided this evil
	in our virStrncpy wrapper, except for places where we forgot
	to use the wrapper; meanwhile, we have also added an even
	higher layer wrapper for setting virTypedParameter values.
	* tools/virsh.c (cmdMemtune, cmdBlkdeviotune): Use modern API.
	* cfg.mk (exclude_file_name_regexp--sc_prohibit_strncpy): Tighten.

	build: update to latest gnulib
	Gnulib finally relaxed the isatty license, needed as first mentioned here:
	https://www.redhat.com/archives/libvir-list/2012-February/msg01022.html
	Other improvements include better syntax-check rules (we can delete one
	of ours now that it is a duplicate) and better compiler warning usage.
	* .gnulib: Update to latest, for isatty.
	* cfg.mk (sc_prohibit_strncpy): Drop a now-redundant rule.
	* bootstrap.conf (gnulib_modules): Add isatty.
	* bootstrap: Resync from gnulib.

2012-05-29  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	leak_fix.diff
	==3240== 23 bytes in 1 blocks are definitely lost in loss record 242 of 744
	==3240==    at 0x4C2A4CD: malloc (vg_replace_malloc.c:236)
	==3240==    by 0x8077537: __vasprintf_chk (vasprintf_chk.c:82)
	==3240==    by 0x509C677: virVasprintf (stdio2.h:199)
	==3240==    by 0x509C733: virAsprintf (util.c:1912)
	==3240==    by 0x1906583A: qemudStartup (qemu_driver.c:679)
	==3240==    by 0x511991D: virStateInitialize (libvirt.c:809)
	==3240==    by 0x40CD84: daemonRunStateInit (libvirtd.c:751)
	==3240==    by 0x5098745: virThreadHelper (threads-pthread.c:161)
	==3240==    by 0x7953D8F: start_thread (pthread_create.c:309)
	==3240==    by 0x805FF5C: clone (clone.S:115)

	Introduce virMacAddr typedef

2012-05-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in comment start
	src/libvirt.c: s,//,/,

2012-05-28  Daniel P. Berrange  <berrange@redhat.com>

	Santize the reporting of VIR_ERR_INVALID_ERROR
	To ensure consistent error reporting of invalid arguments,
	provide a number of predefined helper methods & macros.
	 - An arg which must not be NULL:
	   virCheckNonNullArgReturn(argname, retvalue)
	   virCheckNonNullArgGoto(argname, label)
	 - An arg which must be NULL
	   virCheckNullArgGoto(argname, label)
	 - An arg which must be positive (ie 1 or greater)
	   virCheckPositiveArgGoto(argname, label)
	 - An arg which must not be 0
	   virCheckNonZeroArgGoto(argname, label)
	 - An arg which must be zero
	   virCheckZeroArgGoto(argname, label)
	 - An arg which must not be negative (ie 0 or greater)
	   virCheckNonNegativeArgGoto(argname, label)
	* src/libvirt.c, src/libvirt-qemu.c,
	  src/nodeinfo.c, src/datatypes.c: Update to use
	  virCheckXXXX macros
	* po/POTFILES.in: Add libvirt-qemu.c and virterror_internal.h
	* src/internal.h: Define macros for checking invalid args
	* src/util/virterror_internal.h: Define macros for reporting
	  invalid args

2012-05-28  Eric Blake  <eblake@redhat.com>

	build: silence libtool during tests
	Libtool is picky about linking against a module library (aka a .so);
	giving lots of warnings like this in the tests directory:
	  CCLD   networkxml2argvtest
	*** Warning: Linking the executable networkxml2argvtest against the loadable module
	*** libvirt_driver_network.so is not portable!
	Fix that by splitting things into a convenience library which can
	be used directly by the tests, and making the real .so just wrap
	the convenience library.
	Based on a suggestion by Daniel P. Berrange.
	* configure.ac (--with-driver-modules): Fix help test.
	* src/Makefile.am (libvirt_driver_xen.la, libvirt_driver_libxl.la)
	(libvirt_driver_qemu.la, libvirt_driver_lxc.la)
	(libvirt_driver_uml.la): Factor into new convenience libraries.
	* tests/Makefile.am (xen_LDADDS, qemu_LDADDS, lxc_LDADDS)
	(networkxml2argvtest_LDADD): Link to convenience libraries, not
	shared libraries.

2012-05-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix linking to DTrace probes file
	There was no rule forcing libvirt_qemu_probes.o to be built
	before libvirt_qemu_probes.lo was used. Also libvirtd was
	still referencing the .o file, rather than the .lo file.
	Both the .lo and .o file must be listed as DEPENDENCIES,
	otherwise libtool will unhelpfully delete the .o file
	once the .lo file is created.

	Fix Win32 build by linking to ole32
	The CoTaskMemFree function requires the ole32 DLL to be
	linked against. Currently this is only done for the
	VirtualBox driver. Also add it to libvirt_util.la
	* configure.ac: Unconditionally add ole32 DLL to Win32
	* src/Makefile.am: Link old32 to libvirt_util.la

2012-05-28  Martin Kletzander  <mkletzan@redhat.com>

	docs: typo in acceleration element
	"accel3d" was specified twice, the second one is obviously "accel2d"
	(also from the text down below.

2012-05-28  Daniel P. Berrange  <berrange@redhat.com>

	Autogenerate augeas test case from default config files
	When adding new config file parameters, the corresponding
	additions to the augeas lens' are constantly forgotten.
	Also there are augeas test cases, these don't catch the
	error, since they too are never updated.
	To address this, the augeas test cases need to be auto-generated
	from the example config files.
	* build-aux/augeas-gentest.pl: Helper to generate an
	  augeas test file, substituting in elements from the
	  example config files
	* src/Makefile.am, daemon/Makefile.am: Switch to
	  auto-generated augeas test cases
	* daemon/test_libvirtd.aug, daemon/test_libvirtd.aug.in,
	  src/locking/test_libvirt_sanlock.aug,
	  src/locking/test_libvirt_sanlock.aug.in,
	  src/lxc/test_libvirtd_lxc.aug,
	  src/lxc/test_libvirtd_lxc.aug.in,
	  src/qemu/test_libvirtd_qemu.aug,
	  src/qemu/test_libvirtd_qemu.aug.in: Remove example
	  config file data, replacing with a ::CONFIG:: placeholder

	Re-order config options in qemu driver augeas lens
	Currently all the config options are listed under a 'vnc_entry'
	group. Create a bunch of new groups & move options to the
	right place

	Fix mistakes in augeas lens
	Add nmissing 'host_uuid' entry to libvirtd.conf lens and
	rename spice_passwd to spice_password in qemu.conf lens

	Standardize whitespace used in example config files
	Instead of doing
	  # example_config
	use
	  #example_config
	so it is possible to programatically uncomment example config
	options, as distinct from their comment/descriptions
	Also delete rogue trailing comma not allowed by lens

	Add impl of APIs to get user directories on Win32
	Add an impl of +virGetUserRuntimeDirectory, virGetUserCacheDirectory
	virGetUserConfigDirectory and virGetUserDirectory for Win32 platform.
	Also create stubs for non-Win32 platforms which lack getpwuid_r()
	In adding these two helpers were added virFileIsAbsPath and
	virFileSkipRoot, along with some macros VIR_FILE_DIR_SEPARATOR,
	VIR_FILE_DIR_SEPARATOR_S, VIR_FILE_IS_DIR_SEPARATOR,
	VIR_FILE_PATH_SEPARATOR, VIR_FILE_PATH_SEPARATOR_S
	All this code was adapted from GLib2 under terms of LGPLv2+ license.

	Remove uid param from directory lookup APIs
	Remove the uid param from virGetUserConfigDirectory,
	virGetUserCacheDirectory, virGetUserRuntimeDirectory,
	and virGetUserDirectory
	These functions were universally called with the
	results of getuid() or geteuid(). To make it practical
	to port to Win32, remove the uid parameter and hardcode
	geteuid()

	Fix typos in RPM dependencies
	s/daemon-driver-nwilter/daemon-driver-nwfilter/
	s/daemon-network/daemon-driver-network/

	Fix check for socket existance / daemon spawn
	When you try to connect to a socket in the abstract namespace,
	the error will be ECONNREFUSED for a non-listening daemon. With
	the non-abstract namespace though, you instead get ENOENT. Add
	a check for this extra errno when auto-spawning the daemon

	Remove last usage of PATH_MAX and ban its future use
	Remove a number of pointless checks against PATH_MAX and
	add a syntax-check rule to prevent its use in future

2012-05-26  Jim Meyering  <meyering@redhat.com>

	maint: avoid new automake warning about AM_PROG_CC_STDC
	* configure.ac (AM_PROG_CC_STDC): Stop using this macro.
	It provokes warnings from newer automake and is superseded by
	autoconf's AC_PROG_CC, which we're already using.

2012-05-26  Eric Blake  <eblake@redhat.com>

	build: silence libtool warning on probes.o
	Libtool supports linking directly against .o files on some platforms
	(such as Linux), which happens to be the only place where we are
	actually doing that (for the dtrace-generated probes.o files).  However,
	it raises a big stink about the non-portability, even though we don't
	attempt it on platforms where it would actually fail:
	  CCLD   libvirt_driver_qemu.la
	*** Warning: Linking the shared library libvirt_driver_qemu.la against
	the non-libtool
	*** objects  libvirt_qemu_probes.o is not portable!
	This shuts libtool up by creating a proper .lo file that matches
	what libtool normally expects.
	* src/Makefile.am (%_probes.lo): New rule.
	(libvirt_probes.stp, libvirt_qemu_probes.stp): Simplify into...
	(%_probes.stp): ...shorter rule.
	(CLEANFILES): Clean new .lo files.
	(libvirt_la_BUILT_LIBADD, libvirt_driver_qemu_la_LIBADD)
	(libvirt_lxc_LDADD, virt_aa_helper_LDADD): Link against .lo file.
	* tests/Makefile.am (PROBES_O, qemu_LDADDS): Likewise.

2012-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Improve docs about compiling libvirt from GIT
	Add a note about setting the LIBVIRT_DRIVER_DIR env variable,
	explain --system and fix example to use --disable-werror

2012-05-25  Eric Blake  <eblake@redhat.com>

	tests: run valgrind on real executables, not libtool wrappers
	* tests/Makefile.am (valgrind): Use libtool's ability to bypass
	libtool wrappers when running valgrind.

2012-05-25  Douglas Schilling Landgraf  <dougsland@redhat.com>

	qemu augeas: Add spice_tls/spice_tls_x509_cert_dir
	If vdsm is installed and configured in Fedora 17, we add the following
	items into qemu.conf:
	spice_tls=1
	spice_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-spice"
	However, after this changes, augtool cannot identify qemu.conf anymore.

2012-05-25  Eric Blake  <eblake@redhat.com>

	tests: back to short test names
	With the switch to modules by default, I was getting super long
	test output:
	TEST: /home/remote/eblake/libvirt/tests/.libs/lt-interfacexml2xmltest
	compared to the former:
	TEST: interfacexml2xmltest
	* tests/testutils.c (virtTestMain): Trim off libtool goop.

	maint: ignore more files from version control
	* .gitignore: Exempt recent test binary and probes.h name change.

2012-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Add sentinel for virErrorDomain enum
	Add a VIR_ERR_DOMAIN_LAST sentinel for virErrorDomain and
	replace the virErrorDomainName function by a VIR_ENUM_IMPL
	In the process the naming of error domains is sanitized
	* src/util/virterror.c: Use VIR_ENUM_IMPL for converting
	  error domains to strings
	* include/libvirt/virterror.h: Add VIR_ERR_DOMAIN_LAST

	Add parsing for VIR_ENUM_IMPL & VIR_ENUM_DECL in apibuild.py
	The apibuild.py parser needs to be able to parse & ignore
	any VIR_ENUM_IMPL/VIR_ENUM_DECL macros in the source. Add
	some special case code to deal with this rather than trying
	to figure out a generic syntax for parsing macros.
	* apibuild.py: Special case  VIR_ENUM_IMPL & VIR_ENUM_DECL

2012-05-24  Michal Privoznik  <mprivozn@redhat.com>

	security: Switch to C99-style struct initialization

2012-05-24  Wen Congyang  <wency@cn.fujitsu.com>

	fix building error on non fedora system
	We forget to define with_storage_rbd if the system is not fedora,
	or the version is less than 16.

2012-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Add stub impl of virNetlinkEventServiceLocalPid for Win32
	The libvirt_private.syms file exports virNetlinkEventServiceLocalPid
	so there needs to be a no-op stub for Win32 to avoid linker errors

	Enable driver modules in libvirt RPM
	Turn on loadable modules for libvirtd. Add new sub-RPMs
	libvirt-daemon-driver-XXX, one for each loadable .so.
	Modify the libvirt-daemon-YYY RPMs to depend on each of
	the individual drivers they required
	* libvirt.spec.in: Enable driver modules

	Default to enable driver modules for libvirtd
	Always enable driver modules for libvirtd, if we have dlopen
	available. This allows more modular packaging by distros
	and ensures we don't break this config
	* configure.ac: Default to enable driver modules

	Add test case for loading driver modules
	To ensure all symbols used by loadable driver modules are
	exported in libvirt.so, add a test suite that simply loads
	each driver in turn
	* tests/Makefile.am, tests/virdrivermoduletest.c: Add
	  a test case for loading drivers

	Override default driver dir when running from GIT
	* daemon/libvirtd.c: Set custom driver module dir if the current
	  binary name is 'lt-libvirtd' (indicating execution directly
	  from GIT checkout)
	* src/driver.c, src/driver.h, src/libvirt_driver_modules.syms: Add
	  virDriverModuleInitialize to allow driver module location to
	  be changed

	Split QEMU dtrace probes into separate file
	When building as driver modules, it is not possible for the QEMU
	driver module to reference the DTrace/SystemTAP probes linked into
	the main libvirt.so. Thus we need to move the QEMU probes into a
	separate file 'libvirt_qemu_probes.d'. Also rename the existing
	file from 'probes.d' to 'libvirt_probes.d' while we're at it
	* daemon/Makefile.am, src/internal.h: Include libvirt_probes.h
	  instead of probes.h
	* src/Makefile.am: Add rules for libvirt_qemu_probes.d
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor_json.c,
	  src/qemu/qemu_monitor_text.c: Include libvirt_qemu_probes.h
	* src/libvirt_probes.d: Rename from probes.d
	* src/libvirt_qemu_probes.d: QEMU specific probes formerly
	  in probes.d

	Replace RTLD_LOCAL with RTLD_GLOBAL
	Since we have drivers which depend on each other (ie QEMU/LXC
	depend on the network driver APIs), we need to use RTLD_GLOBAL
	instead of RTLD_LOCAL. While this pollutes the calling binary
	with many more symbols, this is no worse than if we directly
	link to the drivers, and this only applies to libvirtd
	* src/driver.c: s/RTLD_LOCAL/RTLD_GLOBAL/

	Ensure LXC driver links against libblkid explicitly.
	Only libvirt_driver_storage.la links to libblkid currently. If
	we are running in a scenario with driver modules, LXC must
	directly link to it, since it can't assume the storage driver
	is present

	Remove libvirt_test.la library
	The libvirt_test.la library was introduced to allow test suites
	to reference internal-only symbols. These days, nearly every
	symbol we care about is in src/libvirt_private.syms, so there
	is no need for libvirt_test.la to continue to exist
	* src/Makefile.am: Delete libvirt_test.la & add new .syms files
	* src/libvirt_private.syms: Export symbols needed by test suite
	* tests/Makefile.am: Link to libvirt_test.la. Ensure LXC tests link
	  to network_driver.la
	* src/libvirt_esx.syms, src/libvirt_openvz.syms: Add exports needed
	  by test suite

	Fix broken linkage of libvirt_driver_nodedev.la
	libvirt_driver_nodedev.la should not link against either
	libvirt_util.la or gnulib.la, since libvirt.so brings
	in those deps.
	* src/Makefile.am: Fix broken linkage of libvirt_driver_nodedev.la

	Only build server side drivers as modules
	The driver modules all use symbols which are defined in libvirt.so.
	Thus for loading of modules to work, the binary that libvirt.so
	is linked to must export its symbols back to modules. If the
	libvirt.so itself is dlopen()d then the RTLD_GLOBAL flag must
	be set. Unfortunately few, if any, programming languages use
	the RTLD_GLOBAL flag when loading modules :-( This means is it
	not practical to use driver modules for any libvirt client side
	drivers (OpenVZ, VMWare, Hyper-V, Remote client, test).
	This patch changes the build process so only server side drivers
	are built as modules (Xen, QEMU, LXC, UML)
	* daemon/libvirtd.c: Add missing load of 'interface' driver
	* src/Makefile.am: Only build server side drivers as modules
	* src/libvirt.c: Don't load any driver modules

	Fix dep from libvirt-lock-sanlock RPM
	The libvirt-lock-sanlock RPM requires libvirtd, so its RPM dep
	should be on libvirt-daemon, not libvirt

2012-05-24  Guido Günther  <agx@sigxcpu.org>

	openvz: add quota argument when creating container

	openvz: support file system quota reporting

	Introduce filesystem limits to virDomainFSDef

	Introduce virDomainParseScaledValue
	and use it for virDomainParseMemory. This allows to parse arbitrary
	scaled value, not only memory related values as needed for the
	filesystem limits code following later in this series.

2012-05-23  Daniel P. Berrange  <berrange@redhat.com>

	Remove more bogus systemd service dependencies
	Adding syslog.target is obsolete, avahi.target does not
	exist and dbus.target is also obsolete
	Reported-by: Lennart Poettering <lpoetter@redhat.com>

2012-05-23  Jiri Denemark  <jdenemar@redhat.com>

	Revert "rpc: Discard non-blocking calls only when necessary"
	This reverts commit b1e374a7ac56927cfe62435179bf0bba1e08b372, which was
	rather bad since I failed to consider all sides of the issue. The main
	things I didn't consider properly are:
	- a thread which sends a non-blocking call waits for the thread with
	  the buck to process the call
	- the code doesn't expect non-blocking calls to remain in the queue
	  unless they were already partially sent
	Thus, the reverted patch actually breaks more than what it fixes and
	clients (which may even be libvirtd during p2p migrations) will likely
	end up in a deadlock.

2012-05-23  Peter Krempa  <pkrempa@redhat.com>

	qemu_hotplug: Don't free the PCI device structure after hot-unplug
	The pciDevice structure corresponding to the device being hot-unplugged
	was freed after it was "stolen" from activeList. The pointer was still
	used for eg-inactive list. This patch removes the free of the structure
	and frees it only if reset fails on the device.

2012-05-22  Laine Stump  <laine@laine.org>

	util: export virBufferTrim
	This was forgotten in commit cdb87b1c4b3c325c61e2a6a7d8edcca3ca73a765.

2012-05-22  Eric Blake  <eblake@redhat.com>

	virBuffer: add way to trim back extra text
	I'm tired of writing:
	bool sep = false;
	while (...) {
	    if (sep)
	       virBufferAddChar(buf, ',');
	    sep = true;
	    virBufferAdd(buf, str);
	}
	This makes it easier, allowing one to write:
	while (...)
	    virBufferAsprintf(buf, "%s,", str);
	virBufferTrim(buf, ",", -1);
	to trim any remaining comma.
	* src/util/buf.h (virBufferTrim): Declare.
	* src/util/buf.c (virBufferTrim): New function.
	* tests/virbuftest.c (testBufTrim): Test it.

2012-05-22  Wido den Hollander  <wido@widodh.nl>

	storage backend: Add RBD (RADOS Block Device) support
	This patch adds support for a new storage backend with RBD support.
	RBD is the RADOS Block Device and is part of the Ceph distributed storage
	system.
	It comes in two flavours: Qemu-RBD and Kernel RBD, this storage backend only
	supports Qemu-RBD, thus limiting the use of this storage driver to Qemu only.
	To function this backend relies on librbd and librados being present on the
	local system.
	The backend also supports Cephx authentication for safe authentication with
	the Ceph cluster.
	For storing credentials it uses the built-in secret mechanism of libvirt.

2012-05-22  Eric Blake  <eblake@redhat.com>

	build: fix unused variable after last patch
	The previous commit (2cb0899) left a dead variable behind.
	* src/libxl/libxl_driver.c (libxlClose): Drop dead variable.

2012-05-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix potential events deadlock when unref'ing virConnectPtr
	When the last reference to a virConnectPtr is released by
	libvirtd, it was possible for a deadlock to occur in the
	virDomainEventState functions. The virDomainEventStatePtr
	holds a reference on virConnectPtr for each registered
	callback. When removing a callback, the virUnrefConnect
	function is run. If this causes the last reference on the
	virConnectPtr to be released, then virReleaseConnect can
	be run, which in turns calls qemudClose. This function has
	a call to virDomainEventStateDeregisterConn which is intended
	to remove all callbacks associated with the virConnectPtr
	instance. This will try to grab a lock on virDomainEventState
	but this lock is already held. Deadlock ensues
	Thread 1 (Thread 0x7fcbb526a840 (LWP 23185)):
	Since each callback associated with a virConnectPtr holds a
	reference on virConnectPtr, it is impossible for the qemudClose
	method to be invoked while any callbacks are still registered.
	Thus the call to virDomainEventStateDeregisterConn must in fact
	be a no-op. Thus it is possible to just remove all trace of
	virDomainEventStateDeregisterConn and avoid the deadlock.
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Delete virDomainEventStateDeregisterConn
	* src/libxl/libxl_driver.c, src/lxc/lxc_driver.c,
	  src/qemu/qemu_driver.c, src/uml/uml_driver.c: Remove
	  calls to virDomainEventStateDeregisterConn

2012-05-21  Jim Fehlig  <jfehlig@suse.com>

	Fix build when configuring with polkit0
	Commit 2223ea98 removed the only use of 'server' param in
	remoteDispatchAuthPolkit().  Mark the parameter with ATTRIBUTE_UNUSED
	to fix the build when configuring with polkit0.

2012-05-21  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Add support for ipset
	This patch adds support for the recent ipset iptables extension
	to libvirt's nwfilter subsystem. Ipset allows to maintain 'sets'
	of IP addresses, ports and other packet parameters and allows for
	faster lookup (in the order of O(1) vs. O(n)) and rule evaluation
	to achieve higher throughput than what can be achieved with
	individual iptables rules.
	On the command line iptables supports ipset using
	iptables ... -m set --match-set <ipset name> <flags> -j ...
	where 'ipset name' is the name of a previously created ipset and
	flags is a comma-separated list of up to 6 flags. Flags use 'src' and 'dst'
	for selecting IP addresses, ports etc. from the source or
	destination part of a packet. So a concrete example may look like this:
	iptables -A INPUT -m set --match-set test src,src -j ACCEPT
	Since ipset management is quite complex, the idea was to leave ipset
	management outside of libvirt but still allow users to reference an ipset.
	The user would have to make sure the ipset is available once the VM is
	started so that the iptables rule(s) referencing the ipset can be created.
	Using XML to describe an ipset in an nwfilter rule would then look as
	follows:
	  <rule action='accept' direction='in'>
	    <all ipset='test' ipsetflags='src,src'/>
	  </rule>
	The two parameters on the command line are also the two distinct XML attributes
	'ipset' and 'ipsetflags'.
	FYI: Here is the man page for ipset:
	https://ipset.netfilter.org/ipset.man.html
	Regards,
	    Stefan

2012-05-18  Eric Blake  <eblake@redhat.com>

	build: fix virnetlink on glibc 2.11
	We were being lazy - virnetlink.c was getting uint32_t as a
	side-effect from glibc 2.14's <unistd.h>, but older glibc 2.11
	does not provide uint32_t from <unistd.h>.  In fact, POSIX states
	that <unistd.h> need only provide intptr_t, not all of <stdint.h>,
	so the bug really is ours.  Reported by Jonathan Alescio.
	* src/util/virnetlink.h: Include <stdint.h>.

2012-05-18  Hu Tao  <hutao@cn.fujitsu.com>

	Adds support to param 'vcpu_time' in qemu_driver.
	This involves setting the cpuacct cgroup to a per-vcpu granularity,
	as well as summing the each vcpu accounting into a common array.
	Now that we are reading more than one cgroup file, we double-check
	that cpus weren't hot-plugged between reads to invalidate our
	summing.

	Add a new param 'vcpu_time' to virDomainGetCPUStats
	Currently virDomainGetCPUStats gets total cpu usage, which consists
	of:
	  1. vcpu usage: the physical cpu time consumed by virtual cpu(s) of
	     domain
	  2. hypervisor: `total cpu usage' - `vcpu usage'
	The param 'vcpu_time' is for getting vcpu usages.

2012-05-18  Marc-André Lureau  <marcandre.lureau@gmail.com>

	tests: add ich6 codec type test to qemuxml2argv-sound-device
	Test new codec type element.

	qemu: honour sound <codec> sub-elements
	With ICH6 audio device, allow to specify codecs.
	By default, for compatibility reasons, if no codec is specified,
	"hda-duplex" will be used.

	domain: add <codec> sound sub-element
	Allow specifying sound device codecs. See formatdomain.html for
	more details.

	qemu: test CAPS_HDA_MICRO

2012-05-17  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't delete USB device on failed qemuPrepareHostdevUSBDevices
	If qemuPrepareHostdevUSBDevices fail it will roll back devices added
	to the driver list of used devices. However, if it may fail because
	the device is being used already. But then again - with roll back.
	Therefore don't try to remove a usb device manually if the function
	fail. Although, we want to remove the device if any operation
	performed afterwards fail.

2012-05-17  Eric Blake  <eblake@redhat.com>

	nodeinfo: test more details
	Make it obvious why we need Osier's patch in commit 10d9038b
	to fix NUMA parsing of an AMD machine with two cores sharing
	a socket id.
	* tests/nodeinfotest.c (linuxTestCompareFiles): Enhance the test.
	* tests/nodeinfodata/linux-nodeinfo-sysfs-test-*-output.txt: Update.

2012-05-17  Daniel P. Berrange  <berrange@redhat.com>

	Add a virLogMessage alternative taking va_list args
	Allow the logging APIs to be called with a va_list for format
	args, instead of requiring var-args usage.
	* src/util/logging.h, src/util/logging.c: Add virLogVMessage

2012-05-16  Eric Blake  <eblake@redhat.com>

	build: fix recent syntax-check breakage
	The use of readlink() in lxc_container.c is intentional; we don't
	want an absolute pathname there.
	* src/util/cgroup.h (VIR_CGROUP_SYSFS_MOUNT): Indent properly.
	* cfg.mk (exclude_file_name_regexp--sc_prohibit_readlink): Add
	exemption.

2012-05-16  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Rollback on used USB devices
	One of our latest USB device handling patches
	05abd1507d66aabb6cad12eeafeb4c4d1911c585 introduced a regression.
	That is, we first create a temporary list of all USB devices that
	are to be used by domain just starting up. Then we iterate over and
	check if a device from the list is in the global list of currently
	assigned devices (activeUsbHostdevs). If not, we add it there and
	continue with next iteration then. But if a device from temporary
	list is either taken already or adding to the activeUsbHostdevs fails,
	we remove all devices in temp list from the activeUsbHostdevs list.
	Therefore, if a device is already taken we remove it from
	activeUsbHostdevs even if we should not. Thus, next time we allow
	the device to be assigned to another domain.

2012-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix build compat with older libselinux for LXC
	Most versions of libselinux do not contain the function
	selinux_lxc_contexts_path() that the security driver
	recently started using for LXC. We must add a conditional
	check for it in configure and then disable the LXC security
	driver for builds where libselinux lacks this function.
	* configure.ac: Check for selinux_lxc_contexts_path
	* src/security/security_selinux.c: Disable LXC security
	  if selinux_lxc_contexts_path() is missing

	Reject any non-option command line arguments
	Due to a bug in editing /etc/sysconfig/libvirtd, VDSM was causing
	libvirt processes to run with the following command line args
	   /usr/sbin/libvirtd --listen '#' 'by vdsm'
	While it correctly rejects any invalid option flags, libvirtd
	was not rejecting any non-option command line arguments
	* daemon/libvirtd.c: Reject non-option argv

	Remount cgroups controllers after setting up new /sys in LXC
	Normal practice is for cgroups controllers to be mounted at
	/sys/fs/cgroup. When setting up a container, /sys is mounted
	with a new sysfs instance, thus we must re-mount all the
	cgroups controllers. The complexity is that we must mount
	them in the same layout as the host OS. ie if 'cpu' and 'cpuacct'
	were mounted at the same location in the host we must preserve
	this in the container. Also if any controllers are co-located
	we must setup symlinks from the individual controller name to
	the co-located mount-point

	Trim /proc & /sys subtrees before mounting new instances
	Both /proc and /sys may have sub-mounts in them from the host
	OS. We must explicitly unmount them all before mounting the
	new instance over that location. If we don't then /proc/mounts
	will show the sub-mounts as existing, even though nothing will
	be able to access them, due to the over-mount.

	Avoid LXC pivot root in the root source is still /
	If the LXC config has a filesystem
	  <filesystem>
	     <source dir='/'/>
	     <target dir='/'/>
	  </filesystem>
	then there is no need to go down the pivot root codepath.
	We can simply use the existing root as needed.

	Mount fresh instance of sysfs/selinux in LXC
	Currently to make sysfs readonly, we remount the existing
	instance and then bind it readonly. Unfortunately this means
	sysfs is still showing device objects wrt the host OS namespace.
	We need it to reflect the container namespace, so we must mount
	a completely new instance of it. Do the same for selinuxfs since
	there is no benefit to bind mounting & this lets us simplify
	the code.
	* src/lxc/lxc_container.c: Mount fresh sysfs instance

2012-05-16  Daniel Walsh  <dwalsh@redhat.com>

	Convert the LXC driver to use the security driver API for mount options
	Instead of hardcoding use of SELinux contexts in the LXC driver,
	switch over to using the official security driver API.

	Add security driver APIs for getting mount options
	Some security drivers require special options to be passed to
	the mount system call. Add a security driver API for handling
	this data.

	Add support for LXC specific SELinux configuration
	The SELinux policy for LXC uses a different configuration file
	than the traditional svirt one. Thus we need to load
	/etc/selinux/targeted/contexts/lxc_contexts which contains
	something like this:
	 process = "system_u:system_r:svirt_lxc_net_t:s0"
	 file = "system_u:object_r:svirt_lxc_file_t:s0"
	 content = "system_u:object_r:virt_var_lib_t:s0"
	cleverly designed to be parsable by virConfPtr

	Use private data struct in SELinux driver
	Currently the SELinux driver stores its state in a set of global
	variables. This switches it to use a private data struct instead.
	This will enable different instances to have their own data.

	Don't enable the AppArmour security driver with LXC
	The AppArmour driver does not currently have support for LXC
	so ensure that when probing, it claims to be disabled

	Pass the virt driver name into security drivers
	To allow the security drivers to apply different configuration
	information per hypervisor, pass the virtualization driver name
	into the security manager constructor.

2012-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus udev.target dep from libvirtd unit
	There is no 'udev.target' unit in systemd (only 'udev.service')
	yet libvirtd's unit file had a dep on one. There's no compelling
	reason for a dep on udev, so remove it altogether.
	Reported-by: Avi Kivity <avi@redhat.com>

2012-05-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add support for -no-user-config
	Thanks to this new option we are now able to use modern CPU models (such
	as Westmere) defined in external configuration file.
	The qemu-1.1{,-device} data files for qemuhelptest are filled in with
	qemu-1.1-rc2 output for now. I will update those files with real
	qemu-1.1 output once it is released.

2012-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Set a sensible default master start port for ehci companion controllers
	The uhci1, uhci2, uhci3 companion controllers for ehci1 must
	have a master start port set. Since this value is predictable
	we should set it automatically if the app does not supply it

	Fix logic for assigning PCI addresses to USB2 companion controllers
	Currently each USB2 companion controller gets put on a separate
	PCI slot. Not only is this wasteful of PCI slots, but it is not
	in compliance with the spec for USB2 controllers. The master
	echi1 and all companion controllers should be in the same slot,
	with echi1 in function 7, and uhci1-3 in functions 0-2 respectively.
	* src/qemu/qemu_command.c: Special case handling of USB2 controllers
	  to apply correct pci slot assignment
	* tests/qemuxml2argvdata/qemuxml2argv-usb-ich9-ehci-addr.args,
	  tests/qemuxml2argvdata/qemuxml2argv-usb-ich9-ehci-addr.xml: Expand
	  test to cover automatic slot assignment

	Fix virDomainDeviceInfoIsSet() to check all struct fields
	The virDomainDeviceInfoIsSet API was only checking if an
	address or alias was set in the struct. Thus if only a
	rom bar setting / filename, boot index, or USB master
	value was set, they could be accidentally dropped when
	formatting XML

	Remove redundant trailing slash in user dir paths
	Callers of virGetUser{Config,Runtime,Cache}Directory all
	append further path component. We should not be
	adding a trailing slash in the return path otherwise we
	get paths containing '//'

	Allow stack traces to be included with log messages
	Sometimes it is useful to see the callpath for log messages.
	This change enhances the log filter syntax so that stack traces
	can be show by setting '1:+NAME' instead of '1:NAME'.
	This results in output like:
	2012-05-09 14:18:45.136+0000: 13314: debug : virInitialize:414 : register drivers
	/home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(virInitialize+0xd6)[0x7f89188ebe86]
	/home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x431921]
	/lib64/libc.so.6(__libc_start_main+0xf5)[0x3a21e21735]
	/home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x40a279]
	2012-05-09 14:18:45.136+0000: 13314: debug : virRegisterDriver:775 : driver=0x7f8918d02760 name=Test
	/home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(virRegisterDriver+0x6b)[0x7f89188ec717]
	/home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(+0x11b3ad)[0x7f891891e3ad]
	/home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(virInitialize+0xf3)[0x7f89188ebea3]
	/home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x431921]
	/lib64/libc.so.6(__libc_start_main+0xf5)[0x3a21e21735]
	/home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x40a279]
	* docs/logging.html.in: Document new syntax
	* configure.ac: Check for execinfo.h
	* src/util/logging.c, src/util/logging.h: Add support for
	  stack traces
	* tests/testutils.c: Adapt to API change

2012-05-15  Daniel P. Berrange  <berrange@redhat.com>

	Move user libvirtd socket out of abstract namespace
	The current unprivileged user libvirtd sockets are in the abstract
	namespace. This has a number of problems
	 - You can't connect to them remotely using the nc/ssh tunnel
	 - This is not portable for OS-X, BSD & probably others
	 - Parent directory permissions don't apply

	Add openvz_util.c to POTFILES

	Add bundled(gnulib) to RPM specfile
	According to Fedora guidelines, because we bundle gnulib we
	need to add a virtual Provides: bundled(gnulib).
	https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Requirement_if_you_bundle

2012-05-15  Guido Günther  <agx@sigxcpu.org>

	openvz: determine kb/pages only once
	to save some syscalls (as suggested by Eric Blake)

2012-05-15  Osier Yang  <jyang@redhat.com>

	libvirt-guests: Remove LISTFILE if it's empty when stopping service
	$LISTFILE is created even no domain is running, and the empty
	$LISTFILE could cause improper service status.
	    stopped ,with saved guests
	Which is not right, as there is no domain was saved.

	nodeinfo: Get the correct CPU number on AMD Magny Cours platform
	"Instead of developing one CPU with 12 cores, the Magny Cours is
	actually two 6 core “Bulldozer” CPUs combined in to one package"
	I.e, each package has two NUMA nodes, and the two numa nodes share
	the same core ID set (0-6), which means parsing the cores number
	from sysfs doesn't work in this case.
	And the wrong CPU number could cause three problems for libvirt:
	1) performance lost
	  A domain without "cpuset" or "placement='auto'" (to drive numad)
	specified will be only pinned to part of the CPUs.
	2) domain can be started
	  If a domain uses numad, and the advisory nodeset returned from
	numad contains node which exceeds the range of wrong total CPU
	number. The domain will fail to start, as the bitmask passed to
	sched_setaffinity could be fully filled with zero.
	3) wrong CPU number affects lots of stuffs.
	  E.g. for command "virsh vcpuinfo", "virsh vcpupin", it will always
	output with the truncated CPU list.
	For more details:
	https://www.redhat.com/archives/libvir-list/2012-May/msg00607.html
	This patch is to fix the problem by parsing /proc/cpuinfo to get
	the value of field "cpu cores", and use it as nodeinfo->cores if
	it's greater than the cores number from sysfs.

	qemu: Set memory policy using cgroup if placement is auto
	Like for 'static' placement, when the memory policy mode is
	'strict', set the memory policy by writing the advisory nodeset
	returned from numad to cgroup file cpuset.mems,

	qemu: Use the CPU index in capabilities to map NUMA node to cpu list.
	On some of the NUMA platforms, the CPU index in each NUMA node
	grows non-consecutive. While on other platforms, it can be inconsecutive,
	E.g.
	% numactl --hardware
	available: 4 nodes (0-3)
	node 0 cpus: 0 4 8 12 16 20 24 28
	node 0 size: 131058 MB
	node 0 free: 86531 MB
	node 1 cpus: 1 5 9 13 17 21 25 29
	node 1 size: 131072 MB
	node 1 free: 127070 MB
	node 2 cpus: 2 6 10 14 18 22 26 30
	node 2 size: 131072 MB
	node 2 free: 127758 MB
	node 3 cpus: 3 7 11 15 19 23 27 31
	node 3 size: 131072 MB
	node 3 free: 127226 MB
	node distances:
	node   0   1   2   3
	  0:  10  20  20  20
	  1:  20  10  20  20
	  2:  20  20  10  20
	  3:  20  20  20  10
	This patch is to fix the problem by using the CPU index in
	caps->host.numaCell[i]->cpus[i] to set the bitmask instead of
	assuming the CPU index of the NUMA nodes are always sequential.

2012-05-15  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Assign spapr-vio bus address to ibmvscsi controller
	For pseries guest, the default controller model is
	ibmvscsi controller, this controller only can work
	on spapr-vio address.
	This patch is to assign spapr-vio address type to
	ibmvscsi controller and correct vscsi test case.

2012-05-15  David Weber  <wb@munzinger.de>

	sanlock: fix locking for readonly devices
	Add ignore param for readonly and shared disk in sanlock

2012-05-15  Eric Blake  <eblake@redhat.com>

	nodeinfo: add some more tests
	Test 2 data grabbed from a 2-core 1-node laptop.
	Test 3 data grabbed from a 48-cpu AMD Magny Cours box.
	* tests/nodeinfodata/linux-nodeinfo-sysfs-test-2*: New test data.
	* tests/nodeinfodata/linux-nodeinfo-sysfs-test-3*: Likewise.
	* tests/nodeinfotest.c (mymain): Run them.
	* cfg.mk
	(exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF): Exempt
	new test files.

	nodeinfo: avoid probing host filesystem during test
	We had previously weakened our nodeinfotest in order to ignore parsed
	node values, because the parse function was mistakenly relying on
	host files.  A better fix is to avoid using the numactl library, but
	to instead parse the same files that numactl would read, all while
	allowing the files to be relative to our choice of directory.
	* src/nodeinfo.c (CPU_SYS_PATH, NODE_SYS_PATH): Replace with...
	(SYSFS_SYSTEM_PATH): ...parent directory.
	(linuxNodeInfoCPUPopulate): Check NUMA nodes from requested
	directory (by inlining numactl code).
	(nodeGetCPUmap, nodeGetMemoryStats): Adjust macro use.
	* tests/nodeinfotest.c (linuxTestCompareFiles, linuxTestNodeInfo):
	Update test to match.

	nodeinfo: drop static variable
	We were wasting time to malloc a copy of a constant string, then
	copy it into static storage, for every call to nodeGetInfo.  At
	least we were lucky that it was a constant source, and thus not
	subject to even worse issues with one thread clobbering the static
	storage while another was using it.  This gets rid of the waste,
	by passing the string through the stack instead, as well as renaming
	internal functions to better match our conventions.
	* src/nodeinfo.c (sysfs_path): Delete.
	(get_cpu_value, count_thread_siblings, parse_socket): Add
	parameter, and rename...
	(virNodeGetCpuValue, virNodeCountThreadSiblings)
	(virNodeParseSocket): ... into a common namespace.
	(cpu_online, parse_core): Inline into callers.
	(linuxNodeInfoCPUPopulate): Update caller.
	(nodeGetInfo): Drop a useless malloc.

2012-05-14  Eric Blake  <eblake@redhat.com>

	build: really silence the 32-bit warning
	Commit cdce2f42d tried to silence a compiler warning on 32-bit builds,
	but the gcc shipped with RHEL 5 is old enough that the type conversion
	via multiplication by 1 was insufficient for the task.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockJob): Previous attempt
	didn't get past all gcc versions.

	maint: fix AUTHORS
	Use the address specified in the actual commit, to placate
	'make syntax-check'.

2012-05-14  William Jon McCann  <william.jon.mccann@gmail.com>

	Use XDG Base Directories instead of storing in home directory
	As defined in:
	http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
	This offers a number of advantages:
	 * Allows sharing a home directory between different machines, or
	sessions (eg. using NFS)
	 * Cleanly separates cache, runtime (eg. sockets), or app data from
	user settings
	 * Supports performing smart or selective migration of settings
	between different OS versions
	 * Supports reseting settings without breaking things
	 * Makes it possible to clear cache data to make room when the disk
	is filling up
	 * Allows us to write a robust and efficient backup solution
	 * Allows an admin flexibility to change where data and settings are stored
	 * Dramatically reduces the complexity and incoherence of the
	system for administrators

2012-05-14  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.12
	* configure.ac docs/news.html.in libvirt.spec.in: updates for the release
	* po/*.po: pushed new sources and synchronized new languages translations

2012-05-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix memory leaks in error paths related to transferred ownership
	Appending an item to a list transfers ownership of that item to the
	list owner. But an error can occur in between item allocation and
	appending it to the list. In this case the item has to be freed
	explicitly. This was not done in some special cases resulting in
	possible memory leaks.
	Reported by Coverity.

2012-05-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't skip detection of virtual cpu's on non KVM targets
	This patch lifts the limit of calling thread detection code only on KVM
	guests. With upstream qemu the thread mappings are reported also on
	non-KVM machines.
	QEMU adopted the thread_id information from the kvm branch.
	To remain compatible with older upstream versions of qemu the check is
	attempted but the failure to detect threads (or even run the monitor
	command - on older versions without SMP support) is treated non-fatal
	and the code reports one vCPU with pid of the hypervisor (in same
	fashion this was done on non-KVM guests).

	qemu: Re-detect virtual cpu threads after cpu hot (un)plug.
	After a cpu hotplug the qemu driver did not refresh information about
	virtual processors used by qemu and their corresponding threads. This
	patch forces a re-detection as is done on start of QEMU.
	This ensures that correct information is reported by the
	virDomainGetVcpus API and "virsh vcpuinfo".
	A failure to obtain the thread<->vcpu mapping is treated non-fatal and
	the mapping is not updated in a case of failure as not all versions of
	QEMU report this in the info cpus command.

	qemu: Refactor qemuDomainSetVcpusFlags
	This patch changes a switch statement into ifs when handling live vs.
	configuration modifications getting rid of redundant code in case when
	both live and persistent configuration gets changed.

2012-05-11  Eric Blake  <eblake@redhat.com>

	build: fix stamp file name
	Ever since commit c964b6a, make was trying to find the timestamp
	of '""./apibuild.py".stamp"', but only touching 'apibuild.py.stamp',
	and thus always rebuilding.  Reported by Daniel P. Berrange.
	* docs/Makefile.am (APIBUILD, APIBUILD_STAMP): Omit bogus quotes.

2012-05-11  Guannan Ren  <gren@redhat.com>

	usb: fix crash when failing to attach a second usb device
	when failing to attach another usb device to a domain for some reason
	which has one use device attached before, the libvirtd crashed.
	The crash is caused by null-pointer dereference error in invoking
	usbDeviceListSteal passed in NULL value usb variable.
	commit 05abd1507d66aabb6cad12eeafeb4c4d1911c585 introduces the bug.

2012-05-11  Eric Blake  <eblake@redhat.com>

	docs: mention migration issue of which credentials are used
	Based on a report by Seth Vidal.  Just because _you_ can use virsh
	to connect to both source and destinations does not mean that libvirtd
	on the source (aka _root_) can likewise connect to the destination;
	this matters when setting up a peer-to-peer migration instead of a
	native one.
	* docs/migration.html.in: Mention that in peer-to-peer, the owner
	of the source libvirtd (usually root) must be able to connect to
	the destination.

2012-05-10  Osier Yang  <jyang@redhat.com>

	build: Fix the typo in configure.ac
	s/nuamd/numad/,

2012-05-10  Alex Jia  <ajia@redhat.com>

	conf: Fix memory leaks in virStoragePoolDefParseSource
	Detected by valgrind. Leaks are introduced in commit 122fa379.
	src/conf/storage_conf.c: fix memory leaks.
	How to reproduce?
	$ make && make -C tests check TESTS=storagepoolxml2xmltest
	$ cd tests && valgrind -v --leak-check=full ./storagepoolxml2xmltest
	actual result:
	==28571== LEAK SUMMARY:
	==28571==    definitely lost: 40 bytes in 5 blocks
	==28571==    indirectly lost: 0 bytes in 0 blocks
	==28571==      possibly lost: 0 bytes in 0 blocks
	==28571==    still reachable: 1,054 bytes in 21 blocks
	==28571==         suppressed: 0 bytes in 0 blocks

2012-05-10  Eric Blake  <eblake@redhat.com>

	qemu: fix build when !HAVE_NUMACTL
	Commit 97010eb1f forgot to change the other side of an #ifdef.
	* src/qemu/qemu_process.c (qemuProcessInitNumaMemoryPolicy): Add
	argument.

2012-05-10  Jim Fehlig  <jfehlig@suse.com>

	Report error when parsing character device target type
	No useful error was being reported when an invalid character device
	target type is specified in the domainXML. E.g.
	    ...
	    <console type="pty">
	      <source path="/dev/pts/2"/>
	      <target type="kvm" port="0"/>
	    </console>
	    ...
	resulted in
	error: Failed to define domain from x.xml
	error: An error occurred, but the cause is unknown
	With this small patch, the error is more helpful
	error: Failed to define domain from x.xml
	error: XML error: unknown target type 'kvm' specified for character device

2012-05-09  Jiri Denemark  <jdenemar@redhat.com>

	netlink: Fix build with libnl-3
	Commit 642973135c54b93242c4548ef27d591b52b0994c added three direct
	references to nl_handle_* instead of using our aliases which hide
	differences between libnl-3 and libnl-1.

2012-05-09  Osier Yang  <jyang@redhat.com>

	numad: Update comments in libvirt.spec.in
	Not only support CPU placement now.

	numad: Check numactl-devel if compiled with numad support
	Since now we pre-set memory policy using libnuma to fully
	drive numad, it needs to check numactl-devel if "with_numad"
	is "yes".
	configure with groups "--with-numad=yes --with-numactl=yes",
	"--with-numad=no --with-numactl=yes", "--with-numad=yes
	--with-numactl=yes" works fine after the change.

	numad: Divide cur_balloon by 1024 before passing it to numad
	Numad expects MB by default.

	numad: Always output 'placement' of <vcpu>
	<vcpu> is not an optional node. The value for its 'placement'
	actually always defaults to 'static' in the underlying codes.
	(Even no 'cpuset' and 'placement' is specified, the domain
	process will be pinned to all the available pCPUs).

	numad: Copy 'placement' of <numatune> to <vcpu> by default
	With this patch, one can also fully drive numad by:
	  <vcpu>2</vcpu>
	  <numatune>
	    <memory placement='auto'/>
	  </numatune>
	New tests are added.

	numad: Set memory policy from numad advisory nodeset
	Though numad will manage the memory allocation of task dynamically,
	it wants management application (libvirt) to pre-set the memory
	policy according to the advisory nodeset returned from querying numad,
	(just like pre-bind CPU nodeset for domain process), and thus the
	performance could benefit much more from it.
	This patch introduces new XML tag 'placement', value 'auto' indicates
	whether to set the memory policy with the advisory nodeset from numad,
	and its value defaults to the value of <vcpu> placement, or 'static'
	if 'nodeset' is specified. Example of the new XML tag's usage:
	  <numatune>
	    <memory placement='auto' mode='interleave'/>
	  </numatune>
	Just like what current "numatune" does, the 'auto' numa memory policy
	setting uses libnuma's API too.
	If <vcpu> "placement" is "auto", and <numatune> is not specified
	explicitly, a default <numatume> will be added with "placement"
	set as "auto", and "mode" set as "strict".
	The following XML can now fully drive numad:
	1) <vcpu> placement is 'auto', no <numatune> is specified.
	   <vcpu placement='auto'>10</vcpu>
	2) <vcpu> placement is 'auto', no 'placement' is specified for
	   <numatune>.
	   <vcpu placement='auto'>10</vcpu>
	   <numatune>
	     <memory mode='interleave'/>
	   </numatune>
	And it's also able to control the CPU placement and memory policy
	independently. e.g.
	1) <vcpu> placement is 'auto', and <numatune> placement is 'static'
	   <vcpu placement='auto'>10</vcpu>
	   <numatune>
	     <memory mode='strict' nodeset='0-10,^7'/>
	   </numatune>
	2) <vcpu> placement is 'static', and <numatune> placement is 'auto'
	   <vcpu placement='static' cpuset='0-24,^12'>10</vcpu>
	   <numatune>
	     <memory mode='interleave' placement='auto'/>
	   </numatume>
	A follow up patch will change the XML formatting codes to always output
	'placement' for <vcpu>, even it's 'static'.

2012-05-09  Eric Blake  <eblake@redhat.com>

	snapshot: allow block devices past cgroup
	It turns out that when cgroups are enabled, the use of a block device
	for a snapshot target was failing with EPERM due to libvirt failing
	to add the block device to the cgroup whitelist.  See also
	https://bugzilla.redhat.com/show_bug.cgi?id=810200
	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive)
	(qemuDomainSnapshotUndoSingleDiskActive): Account for cgroup.
	(qemuDomainSnapshotCreateDiskActive): Update caller.

2012-05-09  Alon Levy  <alevy@redhat.com>

	tests: add some self-documentation to tests
	Alon tried './qemuxml2argvtest --help' to figure out a test failure,
	but it didn't help.  The information is in HACKING, but it doesn't
	hurt to make the tests also provide their own help.

	domain_conf: add "default" to list of valid spice channels
	qemu's behavior in this case is to change the spice server behavior to
	require secure connection to any channel not otherwise specified as
	being in plaintext mode. libvirt doesn't currently allow requesting this
	(via plaintext-channel=<channel name>).
	RHBZ: 819499

2012-05-08  Alon Levy  <alevy@redhat.com>

	domain_conf: add "usbredir" to list of valid spice channels
	Add "usbredir" channel to list of recognized spice channels.
	RHBZ: 819498

2012-05-08  Eric Blake  <eblake@redhat.com>

	build: avoid link failure on Windows
	We only know -lpthread exists on platforms where we build
	threads-pthread.c; but when we build threads-win32.c, LIB_PTHREAD
	is empty.
	* tests/Makefile.am (shunloadtest_LDADD): Use correct library.

2012-05-08  Jim Meyering  <meyering@redhat.com>

	virsh: avoid heap corruption leading to virsh abort
	* tools/virsh.c (vshParseSnapshotDiskspec): Fix off-by-3 memmove
	that would corrupt heap when parsing escaped --diskspec comma.
	Bug introduced via commit v0.9.4-260-g35d52b5.

2012-05-08  Laine Stump  <laine@laine.org>

	util: set src_pid for virNetlinkCommand when appropriate
	Until now, the nl_pid of the source address of every message sent by
	virNetlinkCommand has been set to the value of getpid(). Most of the
	time this doesn't matter, and in the one case where it does
	(communication with lldpad), it previously was the proper thing to do,
	because the netlink event service (which listens on a netlink socket
	for unsolicited messages from lldpad) coincidentally always happened
	to bind with a local nl_pid == getpid().
	With the fix for:
	  https://bugzilla.redhat.com/show_bug.cgi?id=816465
	that particular nl_pid is now effectively a reserved value, so the
	netlink event service will always bind to something else
	(coincidentally "getpid() + (1 << 22)", but it really could be
	anything). The result is that communication between lldpad and
	libvirtd is broken (lldpad gets a "disconnected" error when it tries
	to send a directed message).
	The solution to this problem caused by a solution, is to query the
	netlink event service's nlhandle for its "local_port", and send that
	as the source nl_pid (but only when sending to lldpad, of course - in
	other cases we maintain the old behavior of sending getpid()).
	There are two cases where a message is being directed at lldpad - one
	in virNetDevLinkDump, and one in virNetDevVPortProfileOpSetLink.
	The case of virNetDevVPortProfileOpSetLink is simplest to explain -
	only if !nltarget_kernel, i.e. the message isn't targetted for the
	kernel, is the dst_pid set (by calling
	virNetDevVPortProfileGetLldpadPid()), so only in that case do we call
	virNetlinkEventServiceLocalPid() to set src_pid.
	For virNetDevLinkDump, it's a bit more complicated. The call to
	virNetDevVPortProfileGetLldpadPid() was effectively up one level (in
	virNetDevVPortProfileOpCommon), although obscured by an unnecessary
	passing of a function pointer. This patch removes the function
	pointer, and calls virNetDevVPortProfileGetLldpadPid() directly in
	virNetDevVPortProfileOpCommon - if it's doing this, it knows that it
	should also call virNetlinkEventServiceLocalPid() to set src_pid too;
	then it just passes src_pid and dst_pid down to
	virNetDevLinkDump. Since (src_pid == 0 && dst_pid == 0) implies that
	the kernel is the destination, there is no longer any need to send
	nltarget_kernel as an arg to virNetDevLinkDump, so it's been removed.
	The disparity between src_pid being int and dst_pid being uint32_t may
	be a bit disconcerting to some, but I didn't want to complicate
	virNetlinkEventServiceLocalPid() by having status returned separately
	from the value.

	util: function to get local nl_pid used by netlink event socket
	This value will be needed to set the src_pid when sending netlink
	messages to lldpad. It is part of the solution to:
	  https://bugzilla.redhat.com/show_bug.cgi?id=816465
	Note that libnl's port generation algorithm guarantees that the
	nl_socket_get_local_port() will always be > 0 (since it is "getpid() +
	(n << 22>" where n is always < 1024), so it is okay to cast the
	uint32_t to int (thus allowing us to use -1 as an error sentinel).

	util: allow specifying both src and dst pid in virNetlinkCommand
	Until now, virNetlinkCommand has assumed that the nl_pid in the source
	address of outgoing netlink messages should always be the return value
	of getpid(). In most cases it actually doesn't matter, but in the case
	of communication with lldpad, lldpad saves this info and later uses it
	to send netlink messages back to libvirt. A recent patch to fix Bug
	816465 changed the order of the universe such that the netlink event
	service socket is no longer bound with nl_pid == getpid(), so lldpad
	could no longer send unsolicited messages to libvirtd. Adding src_pid
	as an argument to virNetlinkCommand() is the first step in notifying
	lldpad of the proper address of the netlink event service socket.

	util: fix libvirtd startup failure due to netlink error
	This is part of the solution to the problem detailed in:
	  https://bugzilla.redhat.com/show_bug.cgi?id=816465
	and further detailed in
	  https://www.redhat.com/archives/libvir-list/2012-May/msg00202.htm
	A short explanation is included in the comments of the patch itself.
	Note that this patch by itself breaks communication between lldpad and
	libvirtd, so the other 3 patches in the series must be applied at the
	same time as this patch.

2012-05-07  Guido Günther  <agx@sigxcpu.org>

	openvz: simplify openvzDomainDefineCmd by using virCommandPtr

2012-05-07  Guannan Ren  <gren@redhat.com>

	qemu: call usb search function for hostdev initialization and hotplug
	src/qemu/qemu_hostdev.c:
	refactor qemuPrepareHostdevUSBDevices function, make it focus on
	adding usb device to activeUsbHostdevs after check. After that,
	the usb hotplug function qemuDomainAttachHostDevice also could use
	it.
	expand qemuPrepareHostUSBDevices to perform the usb search,
	rollback on failure.
	src/qemu/qemu_hotplug.c:
	If there are multiple usb devices available with same vendorID and productID,
	but with different value of "bus, device", we give an error to let user
	use <address> to specify the desired one.

	usb: create functions to search usb device accurately
	usbFindDevice():get usb device according to
	                idVendor, idProduct, bus, device
	                it is the exact match of the four parameters
	usbFindDeviceByBus():get usb device according to bus, device
	                  it returns only one usb device same as usbFindDevice
	usbFindDeviceByVendor():get usb device according to idVendor,idProduct
	                     it probably returns multiple usb devices.
	usbDeviceSearch(): a helper function to do the actual search

2012-05-07  Cole Robinson  <crobinso@redhat.com>

	rpm: Handle different source URLs for maint releases

	docs: Add 'maintenance releases' link in 'News' sidebar

2012-05-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Emit compatible XML when migrating a domain
	When we added the default USB controller into domain XML, we efficiently
	broke migration to older versions of libvirt that didn't support USB
	controllers at all (0.9.4 and earlier) even for domains that don't use
	anything that the older libvirt can't provide. We still want to present
	the default USB controller in any XML seen by a user/app but we can
	safely remove it from the domain XML used during migration. If we are
	migrating to a new enough libvirt, it will add the controller XML back,
	while older libvirt won't be confused with it although it will still
	tell qemu to create the controller.
	Similar approach can be used in the future whenever we find out we
	always enabled some kind of device without properly advertising it in
	domain XML.

2012-05-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't use virDomainDefFormat* directly
	Always use appropriate qemuDomain{,Def}Format wrapper since it may do
	some additional magic based on the flags.

2012-05-05  Eric Blake  <eblake@redhat.com>

	qemu: reject blockiotune if qemu too old
	Commit 4c82f09e added a capability check for qemu per-device io
	throttling, but only applied it to domain startup.  As mentioned
	in the previous commit (98cec05), the user can still get an 'internal
	error' message during a hotplug attempt, when the monitor command
	doesn't exist.  It is confusing to allow tuning on inactive domains
	only to then be rejected when starting the domain.
	* src/qemu/qemu_driver.c (qemuDomainSetBlockIoTune): Reject
	offline tuning if online can't match it.

	qemu: don't modify domain on failed blockiotune
	If you have a qemu build that lacks the blockio tune monitor command,
	then this command:
	$ virsh blkdeviotune rhel6u2 hda --total_bytes_sec 1000
	error: Unable to change block I/O throttle
	error: internal error Unexpected error
	fails as expected (well, the error message is lousy), but the next
	dumpxml shows that the domain was modified anyway.  Worse, that means
	if you save the domain then restore it, the restore will likely fail
	due to throttling being unsupported, even though no throttling should
	even be active because the monitor command failed in the first place.
	* src/qemu/qemu_driver.c (qemuDomainSetBlockIoTune): Check for
	error before making modification permanent.

2012-05-05  Laine Stump  <laine@laine.org>

	util: remove error log from stubs of virNetlinkEventServiceStart|Stop
	These two functions are called from main() on all platforms, and
	always return success on platforms that don't support libnl. They
	still log an error message, though, which doesn't make sense - they
	should just be NOPs on those platforms. (Per a suggestion during
	review, I've turned the logs into debug messages rather than removing
	them completely).

2012-05-05  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	node_device: fix possible non-terminated string
	Error: STRING_NULL:
	/libvirt/src/node_device/node_device_linux_sysfs.c:80:
	string_null_argument: Function "saferead" does not terminate string "*buf".
	/libvirt/src/util/util.c:101:
	string_null_argument: Function "read" fills array "*buf" with a non-terminated string.
	/libvirt/src/node_device/node_device_linux_sysfs.c:87:
	string_null: Passing unterminated string "buf" to a function expecting a null-terminated string.

	uuid: fix possible non-terminated string
	Error: STRING_NULL:
	/libvirt/src/util/uuid.c:273:
	string_null_argument: Function "getDMISystemUUID" does not terminate string "*dmiuuid".
	/libvirt/src/util/uuid.c:241:
	string_null_argument: Function "saferead" fills array "*uuid" with a non-terminated string.
	/libvirt/src/util/util.c:101:
	string_null_argument: Function "read" fills array "*buf" with a non-terminated string.
	/libvirt/src/util/uuid.c:274:
	string_null: Passing unterminated string "dmiuuid" to a function expecting a null-terminated string.
	/libvirt/src/util/uuid.c:138:
	var_assign_parm: Assigning: "cur" = "uuidstr". They now point to the same thing.
	/libvirt/src/util/uuid.c:164:
	string_null_sink_loop: Searching for null termination in an unterminated array "cur".

2012-05-04  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	tests: fix resource leak
	Error: RESOURCE_LEAK:
	/libvirt/tests/qemuxml2argvtest.c:47:
	alloc_arg: Calling allocation function "virAlloc" on "ret".
	/libvirt/src/util/memory.c:101:
	alloc_fn: Storage is returned from allocation function "calloc".
	/libvirt/src/util/memory.c:101:
	var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
	/libvirt/tests/qemuxml2argvtest.c:54:
	leaked_storage: Variable "ret" going out of scope leaks the storage it points to.

	qemu: fix resource leak
	Error: RESOURCE_LEAK:
	/libvirt/src/qemu/qemu_driver.c:6968:
	alloc_fn: Calling allocation function "calloc".
	/libvirt/src/qemu/qemu_driver.c:6968:
	var_assign: Assigning: "nodeset" =  storage returned from "calloc(1UL, 1UL)".
	/libvirt/src/qemu/qemu_driver.c:6977:
	noescape: Variable "nodeset" is not freed or pointed-to in function "virTypedParameterAssign".
	/libvirt/src/qemu/qemu_driver.c:6997:
	leaked_storage: Variable "nodeset" going out of scope leaks the storage it points to.

	vmx: fix resource leak
	Error: RESOURCE_LEAK:
	/libvirt/src/vmx/vmx.c:2431:
	alloc_fn: Calling allocation function "calloc".
	/libvirt/src/vmx/vmx.c:2431:
	var_assign: Assigning: "networkName" =  storage returned from "calloc(1UL, 1UL)".
	/libvirt/src/vmx/vmx.c:2495:
	leaked_storage: Variable "networkName" going out of scope leaks the storage it points to.

2012-05-04  Guido Günther  <agx@sigxcpu.org>

	openvz: read vmguarpages/privvmpages to set memory tunables

2012-05-04  Osier Yang  <jyang@redhat.com>

	Coverity: Fix resource leak in virnetlink.c

	Coverity: Fix resource leak in nodeinfo.c
	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/nodeinfo.c:629: alloc_fn: Calling allocation function "fopen".
	/builddir/build/BUILD/libvirt-0.9.10/src/nodeinfo.c:629: var_assign: Assigning: "cpuinfo" =  storage returned from "fopen("/proc/cpuinfo", "r")".
	/builddir/build/BUILD/libvirt-0.9.10/src/nodeinfo.c:638: leaked_storage: Variable "cpuinfo" going out of scope leaks the storage it points to.

	Coverity: Fix resource leak in test driver
	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/test/test_driver.c:1041: alloc_arg: Calling allocation function "virXPathNodeSet" on "devs".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/xml.c:621: alloc_arg: "virAllocN" allocates memory that is stored into "*list".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: alloc_fn: Storage is returned from allocation function "calloc".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/xml.c:625: noescape: Variable "*list" is not freed or pointed-to in function "memcpy".
	/builddir/build/BUILD/libvirt-0.9.10/src/test/test_driver.c:1098: leaked_storage: Variable "devs" going out of scope leaks the storage it points to.

	Coverity: Fix resource leak in xen driver
	Coverity logs:
	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_inotify.c:103: alloc_fn: Calling allocation function "xenDaemonLookupByUUID".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xend_internal.c:2534: alloc_fn: Storage is returned from allocation function "virGetDomain".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:191: alloc_arg: "virAlloc" allocates memory that is stored into "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:210: return_alloc: Returning allocated memory "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xend_internal.c:2534: var_assign: Assigning: "ret" = "virGetDomain(conn, name, uuid)".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xend_internal.c:2541: return_alloc: Returning allocated memory "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_inotify.c:103: var_assign: Assigning: "dom" =  storage returned from "xenDaemonLookupByUUID(conn, rawuuid)".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_inotify.c:126: leaked_storage: Variable "dom" going out of scope leaks the storage it points to.
	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2742: alloc_fn: Calling allocation function "fopen".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2742: var_assign: Assigning: "cpuinfo" =  storage returned from "fopen("/proc/cpuinfo", "r")".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2763: noescape: Variable "cpuinfo" is not freed or pointed-to in function "xenHypervisorMakeCapabilitiesInternal".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2574:45: noescape: "xenHypervisorMakeCapabilitiesInternal" does not free or save its pointer parameter "cpuinfo".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2768: leaked_storage: Variable "cpuinfo" going out of scope leaks the storage it points to.
	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2752: alloc_fn: Calling allocation function "fopen".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2752: var_assign: Assigning: "capabilities" =  storage returned from "fopen("/sys/hypervisor/properties/capabilities", "r")".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2763: noescape: Variable "capabilities" is not freed or pointed-to in function "xenHypervisorMakeCapabilitiesInternal".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2574:60: noescape: "xenHypervisorMakeCapabilitiesInternal" does not free or save its pointer parameter "capabilities".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2768: leaked_storage: Variable "capabilities" going out of scope leaks the storage it points to.

	Coverity: Fix resource leaks in phyp driver
	Coverity logs:
	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:523: alloc_fn: Calling allocation function "fopen".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:523: var_assign: Assigning: "fd" =  storage returned from "fopen(local_file, "rb")".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:540: noescape: Variable "fd" is not freed or pointed-to in function "fread".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:542: noescape: Variable "fd" is not freed or pointed-to in function "feof".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:575: leaked_storage: Variable "fd" going out of scope leaks the storage it points to.
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:585: leaked_storage: Variable "fd" going out of scope leaks the storage it points to.
	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2088: alloc_fn: Calling allocation function "phypVolumeLookupByName".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2026: alloc_fn: Storage is returned from allocation function "virGetStorageVol".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:724: alloc_arg: "virAlloc" allocates memory that is stored into "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:753: return_alloc: Returning allocated memory "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2026: var_assign: Assigning: "vol" = "virGetStorageVol(pool->conn, pool->name, volname, key)".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2030: return_alloc: Returning allocated memory "vol".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2088: leaked_storage: Failing to save storage allocated by "phypVolumeLookupByName(pool, voldef->name)" leaks it.
	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2725: alloc_fn: Calling allocation function "phypGetStoragePoolLookUpByUUID".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2689: alloc_fn: Storage is returned from allocation function "virGetStoragePool".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:592: alloc_arg: "virAlloc" allocates memory that is stored into "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:610: return_alloc: Returning allocated memory "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2689: var_assign: Assigning: "sp" = "virGetStoragePool(conn, pools[i], uuid)".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2694: return_alloc: Returning allocated memory "sp".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2725: leaked_storage: Failing to save storage allocated by "phypGetStoragePoolLookUpByUUID(conn, def->uuid)" leaks it.
	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2719: alloc_fn: Calling allocation function "phypStoragePoolLookupByName".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2254: alloc_fn: Storage is returned from allocation function "virGetStoragePool".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:592: alloc_arg: "virAlloc" allocates memory that is stored into "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:610: return_alloc: Returning allocated memory "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2254: return_alloc_fn: Directly returning storage allocated by "virGetStoragePool".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2719: leaked_storage: Failing to save storage allocated by "phypStoragePoolLookupByName(conn, def->name)" leaks it.
	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2270: alloc_fn: Calling allocation function "phypStoragePoolLookupByName".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2254: alloc_fn: Storage is returned from allocation function "virGetStoragePool".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:592: alloc_arg: "virAlloc" allocates memory that is stored into "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:610: return_alloc: Returning allocated memory "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2254: return_alloc_fn: Directly returning storage allocated by "virGetStoragePool".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2270: var_assign: Assigning: "sp" =  storage returned from "phypStoragePoolLookupByName(vol->conn, vol->pool)".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2324: leaked_storage: Variable "sp" going out of scope leaks the storage it points to.
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2327: leaked_storage: Variable "sp" going out of scope leaks the storage it points t

	Coverity: Fix the forward_null error in Python binding codes
	Related coverity log:
	Error: FORWARD_NULL:
	/builddir/build/BUILD/libvirt-0.9.10/python/libvirt-override.c:355:
	assign_zero: Assigning: "params" = 0.
	/builddir/build/BUILD/libvirt-0.9.10/python/libvirt-override.c:458:
	var_deref_model: Passing null variable "params" to function
	"getPyVirTypedParameter", which dereferences it. (The dereference is assumed on
	the basis of the 'nonnull' parameter attribute.)

2012-05-04  Eric Blake  <eblake@redhat.com>

	qemu: avoid 32-bit compiler warning
	On 32-bit platforms, gcc warns that the comparison between a long
	and (ULLONG_MAX/1024/1024) is always false; throwing in a type
	conversion shuts up the warning.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockJob): Shut gcc up.

2012-05-04  Serge Hallyn  <serge.hallyn@canonical.com>

	build: support libnl-3
	configure.ac: check for libnl-3 in addition to libnl-1
	src/Makefile.am: link against libnl when needed
	src/util/virnetlink.c:
	support libnl3 api.  To minimize impact on code flow, wrap the
	differences under the virNetlink* namespace.
	Unfortunately libnl3 moves netlink/msg.h to
	/usr/include/libnl3/netlink/msg.h, so the LIBNL_CFLAGS need to be added
	to a bunch of places where they weren't needed with libnl1.

2012-05-04  Eric Blake  <eblake@redhat.com>

	build: fix build on cygwin
	On cygwin, <rpc/rpc.h> lives in a different directory than
	/usr/include, so anything that uses it must modify CFLAGS.  This
	previously tripped up just 'make check', but now that we build
	all test programs unconditionally, it also trips up 'make'.
	* tests/Makefile.am (virnetmessagetest_CFLAGS): Find rpc headers.

2012-05-03  Dmitry Guryanov  <dguryanov@parallels.com>

	util: add functions for interating over json object
	Add function virJSONValueObjectKeysNumber, virJSONValueObjectGetKey
	and virJSONValueObjectGetValue, which allow you to iterate over all
	fields of json object: you can get number of fields and then get
	name and value, stored in field with that name by index.

2012-05-03  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Correct indent errors in the function qemuDomainNetsRestart
	qemuDomainNetsRestart indents with 3 spaces.
	This patch is to correct it.

2012-05-03  Marc-André Lureau  <marcandre.lureau@gmail.com>

	build: update pid_t type static check
	The code uses long long for pid_t now.
	It fails on mingw64 without this change.

	build: fix output of pid values
	Fix a few more places where pid_t is printed with wrong type

2012-05-03  Eugen Feller  <eugen.feller@inria.fr>

	Added Snooze cloud manager to the IaaS section

2012-05-02  Eric Blake  <eblake@redhat.com>

	virsh: output scaled values with correct units
	The recent push to use correct scaling terms (kB for 1000, KiB for
	1024 - such as commit 9dfdead) missed some places in virsh.
	* tools/virsh.c (prettyCapacity, cmdDominfo, cmdFreecell)
	(cmdNodeinfo, cmdNodeMemStats, cmdMigrateSetMaxSpeed)
	(cmdBlockCopy, cmdBlockPull, cmdBlockJob): Use KiB, not kB, when
	referring to multiples of 1024.
	* tests/virshtest.c: Update expected output to match.

	virsh: make -h always give help
	https://bugzilla.redhat.com/show_bug.cgi?id=817244 mentions that
	unlike most other tools, where --help or --version prevent all
	further parsing of all later options, virsh was strange in that
	--version stopped parsing but --help tried to plow on to the end.
	There was no rationale for this original implementation (since
	2005!), so I think we can safely conform to common usage patterns.
	* tools/virsh.c (main): Drop useless 'help' variable.

2012-05-02  Laine Stump  <laine@laine.org>

	build: make ATTRIBUTE_NONNULL() a NOP unless STATIC_ANALYSIS is on
	The ATTRIBUTE_NONNULL(m) macro normally resolves to the gcc builtin
	__attribute__((__nonnull__(m))). The effect of this in gcc is
	unfortunately only to make gcc believe that "m" can never possibly be
	NULL, *not* to add in any checks to guarantee that it isn't ever NULL
	(i.e. it is an optimization aid, *not* something to verify code
	correctness.) - see the following gcc bug report for more details:
	  http://gcc.gnu.org/bugzilla/show_bug.cgi?id=17308
	Static source analyzers such as clang and coverity apparently can use
	ATTRIBUTE_NONNULL(), though, to detect dead code (in the case that the
	arg really is guaranteed non-NULL), as well as situations where an
	obviously NULL arg is given to the function.
	https://bugzilla.redhat.com/show_bug.cgi?id=815270 is a good example
	of a bug caused by erroneous application of ATTRIBUTE_NONNULL().
	Several people spent a long time staring at this code and not finding
	the problem, because the problem wasn't in the function itself, but in
	the prototype that specified ATTRIBUTE_NONNULL() for an arg that
	actually *wasn't* always non-NULL, and caused a segv when dereferenced
	(even though the code that dereferenced the pointer was inside an if()
	that checked for a NULL pointer, that code was optimized out by gcc).
	There may be some very small gain to be had from the optimizations
	that can be inferred from ATTRIBUTE_NONNULL(), but it seems safer to
	err on the side of generating code that behaves as expected, while
	turning on the attribute for static analyzers.

2012-05-01  Daniel P. Berrange  <berrange@redhat.com>

	Make lxcContainerSetStdio the last thing to be called in container startup
	Once lxcContainerSetStdio is invoked, logging will not work as
	expected in libvirt_lxc. So make sure this is the last thing to
	be called, in particular after setting the security process label

	Ensure logging is initialized early in libvirt_lxc
	The virLogSetFromEnv call was done too late in startup to
	catch many log messages (eg from security driver initialization).
	To assist debugging also explicitly log the security details
	at startup

	Ensure LXC security driver is set unconditonally
	The driver->securityDriverName field may be NULL, if automatic
	probing is used to determine security driver. This meant that
	unless selinux was explicitly requested in lxc.conf, it was
	not being sent to the libvirt_lxc process.
	The driver->securityManager field is guaranteed non-NULL, since
	there will always be the 'none' security driver present if
	nothing else exists. So use that to set the driver name for
	libvirt_lxc

	Ensure libvirt_lxc process loads the live XML config
	Currently the libvirt_lxc process uses VIR_DOMAIN_XML_INACTIVE
	when loading the XML for the container. This means it loses
	any dynamic data such as the, just allocated, SELinux label.
	Further there is an inconsistency in the libvirt LXC driver
	whereby it saves the live config XML and then later overwrites
	the file with the live status XML instead. Add a comment about
	this for future reference.
	* src/lxc/lxc_controller.c: Remove VIR_DOMAIN_XML_INACTIVE
	  when loading XML
	* src/lxc/lxc_driver.c: Add comment about inconsistent
	  config file formats

2012-05-01  Eric Blake  <eblake@redhat.com>

	maint: avoid false positives on unmarked diagnostics
	Otherwise, a string such as _("Don't use \"" VAR "\".") would
	complain about unmarked diagnostics.
	* cfg.mk (sc_libvirt_unmarked_diagnostics): Handle \" in message.

2012-05-01  Josh Durgin  <josh.durgin@dreamhost.com>

	qemu: allow snapshotting of sheepdog and rbd disks

	qemu: change rbd auth_supported separation character to ;
	This works with newer qemu that doesn't allow escaping spaces.
	It's backwards compatible as well.

2012-05-01  Alex Jia  <ajia@redhat.com>

	util: Avoid libvirtd crash in virNetDevTapCreate
	In fact, the 'tapfd' is always NULL, the function 'virNetDevTapCreate()' hasn't
	assign 'fd' to 'tapfd', when the function 'virNetDevSetMAC()' is failed then
	goto 'error' label, finally, the VIR_FORCE_CLOSE() will deref a NULL 'tapfd'.
	* util/virnetdevtap.c (virNetDevTapCreateInBridgePort): fix a NULL pointer derefing.
	* How to reproduce?
	$ cat > /tmp/net.xml <<EOF
	<network>
	  <name>test</name>
	  <forward mode='nat'/>
	  <bridge name='br1' stp='off' delay='1' />
	  <mac address='00:00:00:00:00:00'/>
	  <ip address='192.168.100.1' netmask='255.255.255.0'>
	    <dhcp>
	      <range start='192.168.100.2' end='192.168.100.254' />
	    </dhcp>
	  </ip>
	</network>
	EOF
	$ virsh net-define /tmp/net.xml
	$ virsh net-start test
	error: Failed to start network brTest
	error: End of file while reading data: Input/output error

2012-05-01  Eric Blake  <eblake@redhat.com>

	storage: fix build with iscsi
	The previous storage patch missed an instance affected by the struct
	member rename.  It also had some botched whitespace detected by
	'make check'.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIFindPoolSources): Adjust to new struct.
	* src/conf/storage_conf.c (virStoragePoolSourceFormat): Fix
	indentation.

2012-04-30  Osier Yang  <jyang@redhat.com>

	storage: Break out the loop if duplicate pool is found
	It doesn't break out the "for" loop even if duplicate pool is
	found, and thus the "matchpool" could be overriden as NULL again
	if there is different pool afterwards.
	To address the problem in libvirt-user list:
	https://www.redhat.com/archives/libvirt-users/2012-April/msg00150.html

2012-04-30  Wido den Hollander  <wido@widodh.nl>

	storage: Allow multiple hosts for a storage pool
	The current storage pools for NFS and iSCSI only require one host to
	connect to. Future storage pools like RBD and Sheepdog will require
	multiple hosts.
	This patch allows multiple source hosts and rewrites the current
	storage drivers.

2012-04-30  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Make sure qemu can access its directory in hugetlbfs
	When libvirtd is started, we create "libvirt/qemu" directories under
	hugetlbfs mount point. Only the "qemu" subdirectory is chowned to qemu
	user and "libvirt" remains owned by root. If umask was too restrictive
	when libvirtd started, qemu user may lose access to "qemu"
	subdirectory. Let's explicitly grant search permissions to "libvirt"
	directory for all users.

2012-04-28  Michal Privoznik  <mprivozn@redhat.com>

	qemu_agent: Report error class at least
	Currently, qemu GA is not providing 'desc' field for errors like
	we are used to from qemu monitor. Therefore, we fall back to this
	general 'unknown error' string. However, GA is reporting 'class' which
	is not perfect, but much more helpful than generic error string.
	Thus we should fall back to class firstly and if even no class
	is presented, then we can fall back to that generic string.
	Before this patch:
	virsh # dompmsuspend --target mem f16
	error: Domain f16 could not be suspended
	error: internal error unable to execute QEMU command
	'guest-suspend-ram': unknown QEMU command error
	After this patch:
	virsh # dompmsuspend --target mem f16
	error: Domain f16 could not be suspended
	error: internal error unable to execute QEMU command
	'guest-suspend-ram': The command has not been found

2012-04-28  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	More coverity findings addressed
	More bug extermination in the category of:
	Error: CHECKED_RETURN:
	/libvirt/src/conf/network_conf.c:595:
	check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 515 out of 543 times).
	/libvirt/src/qemu/qemu_process.c:2780:
	unchecked_value: No check of the return value of "virAsprintf(&msg, "was paused (%s)", virDomainPausedReasonTypeToString(reason))".
	/libvirt/tests/commandtest.c:809:
	check_return: Calling function "setsid" without checking return value (as is done elsewhere 4 out of 5 times).
	/libvirt/tests/commandtest.c:830:
	unchecked_value: No check of the return value of "virTestGetDebug()".
	/libvirt/tests/commandtest.c:831:
	check_return: Calling function "virTestGetVerbose" without checking return value (as is done elsewhere 41 out of 42 times).
	/libvirt/tests/commandtest.c:833:
	check_return: Calling function "virInitialize" without checking return value (as is done elsewhere 18 out of 21 times).
	One note about the error in commandtest line 809: setsid() seems to fail when running the test -- could be removed ?

2012-04-28  Eric Blake  <eblake@redhat.com>

	blockjob: fix block-stream bandwidth race
	With RHEL 6.2, virDomainBlockPull(dom, dev, bandwidth, 0) has a race
	with non-zero bandwidth: there is a window between the block_stream
	and block_job_set_speed monitor commands where an unlimited amount
	of data was let through, defeating the point of a throttle.
	This race was first identified in commit a9d3495e, and libvirt was
	able to reduce the size of the window for that race.  In the meantime,
	the qemu developers decided to fix things properly; per this message:
	https://lists.gnu.org/archive/html/qemu-devel/2012-04/msg03793.html
	the fix will be in qemu 1.1, and changes block-job-set-speed to use
	a different parameter name, as well as adding a new optional parameter
	to block-stream, which eliminates the race altogether.
	Since our documentation already mentioned that we can refuse a non-zero
	bandwidth for some hypervisors, I think the best solution is to do
	just that for RHEL 6.2 qemu, so that the race is obvious to the user
	(anyone using stock RHEL 6.2 binaries won't have this patch, and anyone
	building their own libvirt with this patch for RHEL can also rebuild
	qemu to get the modern semantics, so it is no real loss in behavior).
	Meanwhile the code must be fixed to honor actual qemu 1.1 naming.
	Rename the parameter to 'modern', since the naming difference now
	covers more than just 'async' block-job-cancel.  And while at it,
	fix an unchecked integer overflow.
	* src/qemu/qemu_monitor.h (enum BLOCK_JOB_CMD): Drop unused value,
	rename enum to match conventions.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockJob): Reflect enum rename.
	* src/qemu_qemu_monitor_json.h (qemuMonitorJSONBlockJob): Likewise.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockJob): Likewise,
	and support difference between RHEL 6.2 and qemu 1.1 block pull.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Reject
	bandwidth during pull with too-old qemu.
	* src/libvirt.c (virDomainBlockPull, virDomainBlockRebase):
	Document this.

2012-04-28  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	lxc: Fix coverity findings
	Error: UNINIT:
	/libvirt/src/lxc/lxc_driver.c:1412:
	var_decl: Declaring variable "fd" without initializer.
	/libvirt/src/lxc/lxc_driver.c:1460:
	uninit_use_in_call: Using uninitialized value "fd" when calling "virFileClose".
	/libvirt/src/util/virfile.c:50:
	read_parm: Reading a parameter value.
	Error: DEADCODE:
	/libvirt/src/lxc/lxc_controller.c:960:
	dead_error_condition: On this path, the condition "ret == 4" cannot be true.
	/libvirt/src/lxc/lxc_controller.c:959:
	at_most: After this line, the value of "ret" is at most -1.
	/libvirt/src/lxc/lxc_controller.c:959:
	new_values: Noticing condition "ret < 0".
	/libvirt/src/lxc/lxc_controller.c:961:
	dead_error_line: Execution cannot reach this statement "continue;".
	Error: UNINIT:
	/libvirt/src/lxc/lxc_controller.c:1104:
	var_decl: Declaring variable "consoles" without initializer.
	/libvirt/src/lxc/lxc_controller.c:1237:
	uninit_use: Using uninitialized value "consoles".

2012-04-28  Cole Robinson  <crobinso@redhat.com>

	python: Fix doc directory name for stable releases
	We were using the libvirt release version (like 0.9.11) and not
	the configure version (which for stable releases is 0.9.11.X)
	Most other places got this right so hopefully that's all the fallout
	from the version format change :)

	docs: Serialize running apibuild.py
	Use a witness file approach like we do for python/generator.py,
	as suggested by Eric. Fixes the build issue reported here:
	https://www.redhat.com/archives/libvir-list/2012-April/msg01435.html

	configure: Use ustar format for dist tarball
	Since for stable releases, some test files were over the 99 char
	limit for traditional tar filenames.
	Suggested by Osier here:
	https://www.redhat.com/archives/libvir-list/2012-April/msg01435.html

2012-04-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use common helper when probing qemu capabilities
	QEMU binary is called several times when we probe different kinds of
	capabilities the binary supports. This patch introduces new common
	helper so that all probes use a consistent way of invoking qemu.

2012-04-27  Eric Blake  <eblake@redhat.com>

	qemu: improve errors related to offline domains
	https://bugzilla.redhat.com/show_bug.cgi?id=816662 pointed out
	that attempting 'virsh blockpull' on an offline domain gave a
	misleading error message about qemu lacking support for the
	operation, even when qemu was specifically updated to support it.
	The real problem is that we have several capabilities that are
	only determined when starting a domain, and therefore are still
	clear when first working with an inactive domain (namely, any
	capability set by qemuMonitorJSONCheckCommands).
	While this patch was able to hoist an existing check in one of the
	three culprits, it had to add redundant checks in the other two
	places (because you always have to check for an active domain after
	obtaining a VM job lock, but the capability bits were being checked
	prior to obtaining the job lock).
	Someday it would be nice to patch libvirt to cache the set of
	capabilities per qemu binary (as determined by inode and timestamp),
	rather than re-probing the binary every time a domain is started,
	and to teach the cache how to query the monitor during the one
	time the probe is made rather than having to wait until a guest
	is started; then, a capability probe would succeed even for offline
	guests because it just refers to the cache, and the single check for
	an active domain after grabbing the job lock would be sufficient.
	But since that will involve a lot more coding, I'm happy to go
	with this simpler solution for an immediate solution.
	* src/qemu/qemu_driver.c (qemuDomainPMSuspendForDuration)
	(qemuDomainSnapshotCreateXML, qemuDomainBlockJobImpl): Check for
	offline state before checking an online-only cap.

2012-04-27  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	macvtap: fix a typo
	Below patch fixes the following coverity findings
	Error: OVERRUN_STATIC:
	/libvirt/src/qemu/qemu_command.c:152:
	overrun-buffer-val: Overrunning static array "net->mac" of size 6 bytes by passing it as an argument to a function which indexes it at byte position 15.
	/libvirt/src/util/virnetdevmacvlan.c:948:
	access_dbuff_const: Calling "virNetDevMacVLanVPortProfileRegisterCallback" indexes array "macaddress" at byte position 15.
	/libvirt/src/util/virnetdevmacvlan.c:773:
	access_dbuff_const: Calling "memcpy" indexes array "macaddress" with index "16UL" at byte position 15.
	Error: OVERRUN_STATIC:
	/libvirt/src/qemu/qemu_migration.c:2744:
	overrun-buffer-val: Overrunning static array "net->mac" of size 6 bytes by passing it as an argument to a function which indexes it at byte position 15.
	/libvirt/src/util/virnetdevmacvlan.c:773:
	access_dbuff_const: Calling "memcpy" indexes array "macaddress" with index "16UL" at byte position 15.
	Error: OVERRUN_STATIC:
	/libvirt/src/qemu/qemu_driver.c:435:
	overrun-buffer-val: Overrunning static array "net->mac" of size 6 bytes by passing it as an argument to a function which indexes it at byte position 15.
	/libvirt/src/util/virnetdevmacvlan.c:1036:
	access_dbuff_const: Calling "virNetDevMacVLanVPortProfileRegisterCallback" indexes array "macaddress" at byte position 15.
	/libvirt/src/util/virnetdevmacvlan.c:773:
	access_dbuff_const: Calling "memcpy" indexes array "macaddress" with index "16UL" at byte position 15.

	nwfilter: address more coverity findings
	This patch addresses the following coverity findings:
	/libvirt/src/conf/nwfilter_params.c:390:
	var_assigned: Assigning: "varValue" = null return value from "virHashLookup".
	/libvirt/src/conf/nwfilter_params.c:392:
	dereference: Dereferencing a pointer that might be null "varValue" when calling "virNWFilterVarValueGetNthValue".
	/libvirt/src/conf/nwfilter_params.c:399:
	dereference: Dereferencing a pointer that might be null "tmp" when calling "virNWFilterVarValueGetNthValue".

	nwfilter: address coverity findings
	This patch addresses the following coverity findings:
	/libvirt/src/conf/nwfilter_params.c:157:
	deref_parm: Directly dereferencing parameter "val".
	/libvirt/src/conf/nwfilter_params.c:473:
	negative_returns: Using variable "iterIndex" as an index to array "res->iter".
	/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2891:
	unchecked_value: No check of the return value of "virAsprintf(&protostr, "-d 01:80:c2:00:00:00 ")".
	/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2894:
	unchecked_value: No check of the return value of "virAsprintf(&protostr, "-p 0x%04x ", l3_protocols[protoidx].attr)".
	/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:3590:
	var_deref_op: Dereferencing null variable "inst".

2012-04-27  Laine Stump  <laine@laine.org>

	util: fix error messages in virNetlinkEventServiceStart
	Some of the error messages in this function should have been
	virReportSystemError (since they have an errno they want to log), but
	were mistakenly written as netlinkError, which expects a libvirt error
	code instead. The result was that when one of the errors was
	encountered, "No error message provided" would be printed instead of
	something meaningful (see
	https://bugzilla.redhat.com/show_bug.cgi?id=816465 for an example).

2012-04-26  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid bogus error at the end of tunnelled migration
	Once qemu monitor reports migration has completed, we just closed our
	end of the pipe and let migration tunnel die. This generated bogus error
	in case we did so before the thread saw EOF on the pipe and migration
	was aborted even though it was in fact successful.
	With this patch we first wake up the tunnel thread and once it has read
	all data from the pipe and finished the stream we close the
	filedescriptor.
	A small additional bonus of this patch is that real errors reported
	inside qemuMigrationIOFunc are not overwritten by virStreamAbort any
	more.

	qemu: Fix detection of failed migration
	When QEMU reported failed or canceled migration, we correctly detected
	it but didn't really consider it as an error condition and migration
	protocol just went on. Luckily, some of the subsequent steps eventually
	failed end we reported an (unrelated and mostly random) error back to
	the caller.

	rpc: Discard non-blocking calls only when necessary
	Currently, non-blocking calls are either sent immediately or discarded
	in case sending would block. This was implemented based on the
	assumption that the non-blocking keepalive call is not needed as there
	are other calls in the queue which would keep the connection alive.
	However, if those calls are no-reply calls (such as those carrying
	stream data), the remote party knows the connection is alive but since
	we don't get any reply from it, we think the connection is dead.
	This is most visible in tunnelled migration. If it happens to be longer
	than keepalive timeout (30s by default), it may be unexpectedly aborted
	because the connection is considered to be dead.
	With this patch, we only discard non-blocking calls when the last call
	with a thread is completed and thus there is no thread left to keep
	sending the remaining non-blocking calls.

	qemu: Preserve original error during migration
	In some cases (spotted with broken connection during tunneled migration)
	we were overwriting the original error with worse or even misleading
	errors generated when we were cleaning up after failed migration.

2012-04-26  Peter Krempa  <pkrempa@redhat.com>

	keepalive: Add ability to disable keepalive messages
	The docs for virConnectSetKeepAlive() advertise that this function
	should be able to disable keepalives on negative or zero interval time.
	This patch removes the check that prohibited this and adds code to
	disable keepalives on negative/zero interval.
	* src/libvirt.c: virConnectSetKeepAlive(): - remove check for negative
	                                             values
	* src/rpc/virnetclient.c
	* src/rpc/virnetclient.h: - add virNetClientKeepAliveStop() to disable
	                            keepalive messages
	* src/remote/remote_driver.c: remoteSetKeepAlive(): -add ability to
	                                                     disable keepalives

2012-04-26  Laine Stump  <laine@laine.org>

	util: fix crash when starting macvtap interfaces
	This patch resolves https://bugzilla.redhat.com/show_bug.cgi?id=815270
	The function virNetDevMacVLanVPortProfileRegisterCallback() takes an
	arg "virtPortProfile", and was checking it for non-NULL before using
	it. However, the prototype for
	virNetDevMacVLanPortProfileRegisterCallback had marked that arg with
	ATTRIBUTE_NONNULL(). Contrary to what one may think,
	ATTRIBUTE_NONNULL() does not provide any guarantee that an arg marked
	as such really is always non-null; the only effect to the code
	generated by gcc, is that gcc *assumes* it is non-NULL; this results
	in, for example, the check for a non-NULL value being optimized out.
	(Unfortunately, this code removal only occurs when optimization is
	enabled, and I am in the habit of doing local builds with optimization
	off to ease debugging, so the bug didn't show up in my earlier local
	testing).
	In general, virPortProfile might always be NULL, so it shouldn't be
	marked as ATTRIBUTE_NONNULL. One other function prototype made this
	same error, so this patch fixes it as well.

2012-04-26  Eric Blake  <eblake@redhat.com>

	build: fix bootstrap on RHEL
	Commit 8fe455fd364cd7462e02170084c45a58ee302cc3 tried to work around
	a regression introduced in upstream gnulib that requires gettext 0.18
	or newer on all projects using bootstrap, by making libvirt require
	gettext 0.18.  But this fails on RHEL 6.2, which still ships gettext
	0.17.  Revert that change, and instead, import the latest round of
	gnulib updates that fix that problem properly.
	If you have already built in the window where libvirt required 0.18,
	be aware that incremental updates may run into problems: this is
	because 'autopoint --force' will not downgrade m4/po.m4 back to an
	older version, but it must be downgraded back to 0.17 levels to work
	with this patch.  You may either manually remove that file then rerun
	bootstrap, or it may prove easier to just clean up all non-git files
	to start from a clean slate.
	* bootstrap.conf: Revert minimum gettext back to 0.17.
	* configure.ac: Likewise.
	* .gnulib: Update to latest, for bootstrap fixes.
	* bootstrap: Resync from gnulib.

2012-04-25  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add new functions to virSocketAddr
	Add 2 new functions to the virSocketAddr 'class':
	- virSocketAddrEqual: tests whether two IP addresses and their ports are equal
	- virSocketaddSetIPv4Addr: set a virSocketAddr given a 32 bit int

	macvtap: use embedded buffers
	Use embedded buffers for the MAC addresses and the VM's UUID.

2012-04-24  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Improve on virAtomic implementation
	This patch improves the previously added virAtomicInt implementation
	by using gcc-builtins if possible. The needed builtins are available
	since GCC >= 4.1. At least the 4.0 docs don't mention them.

2012-04-24  Hu Tao  <hutao@cn.fujitsu.com>

	fix memleak in linuxParseCPUmap

2012-04-24  Peter Krempa  <pkrempa@redhat.com>

	build: Fix version of gettext macros
	Commit c9cd419caba9effa11ca53e8696e5f6a4b424d60 added copying of the
	makefile for translation files from gnulib. The makefile from gnulib is
	of version 0.18 but the build configuration cretes macros from version
	0.17 which breaks the build with message:
	*** error: gettext infrastructure mismatch: using a Makefile.in.in from
	gettext version 0.18 but the autoconf macros are from gettext version
	0.17

2012-04-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Fix passing an empty IMedium* array to IMachine::Delete
	vboxArray is not castable to a COM item type. vboxArray is a
	wrapper around the XPCOM and MSCOM specific array handling.
	In this case we can avoid passing NULL as an empty array to
	IMachine::Delete by passing a dummy IMedium* array with a single
	NULL item.

2012-04-24  Guido Günther  <agx@sigxcpu.org>

	openvz: add network interface stats
	This will only work for veth devices since venet devices don't have
	a target element.

2012-04-23  Eric Blake  <eblake@redhat.com>

	blockjob: enhance xml to track mirrors across libvirtd restart
	In order to track a block copy job across libvirtd restarts, we
	need to save internal XML that tracks the name of the file
	holding the mirror.  Displaying this name in dumpxml might also
	be useful to the user, even if we don't yet have a way to (re-)
	start a domain with mirroring enabled up front.  This is done
	with a new <mirror> sub-element to <disk>, as in:
	    <disk type='file' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source file='/var/lib/libvirt/images/original.img'/>
	      <mirror file='/var/lib/libvirt/images/copy.img' format='qcow2' ready='yes'/>
	      ...
	    </disk>
	For now, the element is output-only, in live domains; it is ignored
	when defining a domain or hot-plugging a disk (since those contexts
	use VIR_DOMAIN_XML_INACTIVE in parsing).  The 'ready' attribute appears
	when libvirt knows that the job has changed from the initial pulling
	phase over to the mirroring phase, although absence of the attribute
	is not a sure indicator of the current phase.  If we come up with a way
	to make qemu start with mirroring enabled, we can relax the xml
	restriction, and allow <mirror> (but not attribute 'ready') on input.
	Testing active-only XML meant tweaking the testsuite slightly, but it
	was worth it.
	* docs/schemas/domaincommon.rng (diskspec): Add diskMirror.
	* docs/formatdomain.html.in (elementsDisks): Document it.
	* src/conf/domain_conf.h (_virDomainDiskDef): New members.
	* src/conf/domain_conf.c (virDomainDiskDefFree): Clean them.
	(virDomainDiskDefParseXML): Parse them, but only internally.
	(virDomainDiskDefFormat): Output them.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml: New test file.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-mirror.xml: Likewise.
	* tests/qemuxml2xmltest.c (testInfo): Alter members.
	(testCompareXMLToXMLHelper): Allow more test control.
	(mymain): Run new test.

	blockjob: add 'blockcopy' to virsh
	Rather than further overloading 'blockpull', I decided to create a
	new virsh command to expose the new flags of virDomainBlockRebase.
	Blocking until the command completes naturally is pointless, since
	the block copy job is intended to run indefinitely.  Instead, I
	made the command support three --wait modes: by default, it runs until
	mirroring is started; with --pivot, it pivots as soon as mirroring
	is started; and with --finish, it aborts (for a clean copy) as
	soon as mirroring is started.
	* tools/virsh.c (VSH_CMD_BLOCK_JOB_COPY): New mode.
	(blockJobImpl): Support new flags.
	(cmdBlockCopy): New command.
	(cmdBlockJob): Support new job info, new abort flag.
	* tools/virsh.pod (blockcopy, blockjob): Document the new command
	and flags.

	blockjob: add new API flags
	This patch introduces a new block job, useful for live storage
	migration using pre-copy streaming.  Justification for including
	this under virDomainBlockRebase rather than adding a new command
	includes: 1) there are now two possible block jobs in qemu, with
	virDomainBlockRebase starting either type of command, and
	virDomainBlockJobInfo and virDomainBlockJobAbort working to end
	either type; 2) reusing this command allows distros to backport
	this feature to the libvirt 0.9.10 API without a .so bump.
	Note that a future patch may add a more powerful interface named
	virDomainBlockJobCopy, dedicated to just the block copy job, in
	order to expose even more options (such as setting an arbitrary
	format type for the destination without having to probe it from a
	pre-existing destination file); adding a new command for targetting
	just block copy would be similar to how we already have
	virDomainBlockPull for targetting just the block pull job.
	Using a live VM with the backing chain:
	  base <- snap1 <- snap2
	as the starting point, we have:
	- virDomainBlockRebase(dom, disk, "/path/to/copy", 0,
	    VIR_DOMAIN_BLOCK_REBASE_COPY)
	creates /path/to/copy with the same format as snap2, with no backing
	file, so entire chain is copied and flattened
	- virDomainBlockRebase(dom, disk, "/path/to/copy", 0,
	    VIR_DOMAIN_BLOCK_REBASE_COPY|VIR_DOMAIN_BLOCK_REBASE_COPY_RAW)
	creates /path/to/copy as a raw file, so entire chain is copied and
	flattened
	- virDomainBlockRebase(dom, disk, "/path/to/copy", 0,
	    VIR_DOMAIN_BLOCK_REBASE_COPY|VIR_DOMAIN_BLOCK_REBASE_SHALLOW)
	creates /path/to/copy with the same format as snap2, but with snap1 as
	a backing file, so only snap2 is copied.
	- virDomainBlockRebase(dom, disk, "/path/to/copy", 0,
	    VIR_DOMAIN_BLOCK_REBASE_COPY|VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT)
	reuse existing /path/to/copy (must have empty contents, and format is
	probed[*] from the metadata), and copy the full chain
	- virDomainBlockRebase(dom, disk, "/path/to/copy", 0,
	    VIR_DOMAIN_BLOCK_REBASE_COPY|VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT|
	    VIR_DOMAIN_BLOCK_REBASE_SHALLOW)
	reuse existing /path/to/copy (contents must be identical to snap1,
	and format is probed[*] from the metadata), and copy only the contents
	of snap2
	- virDomainBlockRebase(dom, disk, "/path/to/copy", 0,
	    VIR_DOMAIN_BLOCK_REBASE_COPY|VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT|
	    VIR_DOMAIN_BLOCK_REBASE_SHALLOW|VIR_DOMAIN_BLOCK_REBASE_COPY_RAW)
	reuse existing /path/to/copy (must be raw volume with contents
	identical to snap1), and copy only the contents of snap2
	Less useful combinations:
	- virDomainBlockRebase(dom, disk, "/path/to/copy", 0,
	    VIR_DOMAIN_BLOCK_REBASE_COPY|VIR_DOMAIN_BLOCK_REBASE_SHALLOW|
	    VIR_DOMAIN_BLOCK_REBASE_COPY_RAW)
	fail if source is not raw, otherwise create /path/to/copy as raw and
	the single file is copied (no chain involved)
	- virDomainBlockRebase(dom, disk, "/path/to/copy", 0,
	    VIR_DOMAIN_BLOCK_REBASE_COPY|VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT|
	    VIR_DOMAIN_BLOCK_REBASE_COPY_RAW)
	makes little sense: the destination must be raw but have no contents,
	meaning that it is an empty file, so there is nothing to reuse
	The other three flags are rejected without VIR_DOMAIN_BLOCK_COPY.
	[*] Note that probing an existing file for its format can be a security
	risk _if_ there is a possibility that the existing file is 'raw', in
	which case the guest can manipulate the file to appear like some other
	format.  But, by virtue of the VIR_DOMAIN_BLOCK_REBASE_COPY_RAW flag,
	it is possible to avoid probing of raw files, at which point, probing
	of any remaining file type is no longer a security risk.
	It would be nice if we could issue an event when pivoting from phase 1
	to phase 2, but qemu hasn't implemented that, and we would have to poll
	in order to synthesize it ourselves.  Meanwhile, qemu will give us a
	distinct job info and completion event when we either cancel or pivot
	to end the job.  Pivoting is accomplished via the new:
	virDomainBlockJobAbort(dom, disk, VIR_DOMAIN_BLOCK_JOB_ABORT_PIVOT)
	Management applications can pre-create the copy with a relative
	backing file name, and use the VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT
	flag to have qemu reuse the metadata; if the management application
	also copies the backing files to a new location, this can be used
	to perform live storage migration of an entire backing chain.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_BLOCK_JOB_TYPE_COPY):
	New block job type.
	(virDomainBlockJobAbortFlags, virDomainBlockRebaseFlags): New enums.
	* src/libvirt.c (virDomainBlockRebase): Document the new flags,
	and implement general restrictions on flag combinations.
	(virDomainBlockJobAbort): Document the new flag.
	(virDomainSaveFlags, virDomainSnapshotCreateXML)
	(virDomainRevertToSnapshot, virDomainDetachDeviceFlags): Document
	restrictions.
	* include/libvirt/virterror.h (VIR_ERR_BLOCK_COPY_ACTIVE): New
	error.
	* src/util/virterror.c (virErrorMsg): Define it.

2012-04-23  Peter Krempa  <pkrempa@redhat.com>

	cpu: Improve error reporting on incompatible CPUs
	This patch modifies the CPU comparrison function to report the
	incompatibilities in more detail to ease identification of problems.
	* src/cpu/cpu.h:
	    cpuGuestData(): Add argument to return detailed error message.
	* src/cpu/cpu.c:
	    cpuGuestData(): Add passthrough for error argument.
	* src/cpu/cpu_x86.c
	    x86FeatureNames(): Add function to convert a CPU definition to flag
	                       names.
	    x86Compute(): - Add error message parameter
	                  - Add macro for reporting detailed error messages.
	                  - Improve error reporting.
	                  - Simplify calculation of forbidden flags.
	    x86DataIteratorInit():
	    x86cpuidMatchAny(): Remove functions that are no longer needed.
	* src/qemu/qemu_command.c:
	    qemuBuildCpuArgStr(): - Modify for new function prototype
	                          - Add detailed error reports
	                          - Change error code on incompatible processors
	                            to VIR_ERR_CONFIG_UNSUPPORTED instead of
	                            internal error
	* tests/cputest.c:
	    cpuTestGuestData(): Modify for new function prototype

2012-04-22  Wen Congyang  <wency@cn.fujitsu.com>

	building: remove libvirt_dbus.syms from EXTRA_DIST
	commit 2223ea98 removes src/libvirt_dbus.syms, but it forgets
	to remove it from EXTRA_DIST. It will cause 'make dist' failed.

2012-04-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	win32: Properly handle TlsGetValue returning NULL
	virThreadSelf tries to access the virThreadPtr stored in TLS for the
	current thread via TlsGetValue. When virThreadSelf is called on a thread
	that was not created via virThreadCreate (e.g. the main thread) then
	TlsGetValue returns NULL as TlsAlloc initializes TLS slots to NULL.
	virThreadSelf can be called on the main thread via this call chain from
	virsh
	vshDeinit
	virEventAddTimeout
	virEventPollAddTimeout
	virEventPollInterruptLocked
	virThreadIsSelf
	triggering a segfault as virThreadSelf unconditionally dereferences the
	return value of TlsGetValue.
	Fix this by making virThreadSelf check the TLS slot value for NULL and
	setting the given virThreadPtr accordingly.
	Reported by Marcel Müller.

2012-04-21  Ryan Woodsmall  <rwoodsmall@gmail.com>

	esx: Fix segfault in esxConnectToHost
	Caused by commit 4445e16bfa8056980ac643fabf17186f9e685925 that
	made the code used the connection private data pointer before
	it was initialized.

2012-04-20  Guido Günther  <agx@sigxcpu.org>

	openvz: wire up getHostname

2012-04-20  Eric Blake  <eblake@redhat.com>

	virnetserver: handle sigaction correctly
	POSIX says that sa_sigaction is only safe to use if sa_flags
	includes SA_SIGINFO; conversely, sa_handler is only safe to
	use when flags excludes that bit.  Gnulib doesn't guarantee
	an implementation of SA_SIGINFO, but does guarantee that
	if SA_SIGINFO is undefined, we can safely define it to 0 as
	long as we don't dereference the 2nd or 3rd argument of
	any handler otherwise registered via sa_sigaction.
	Based on a report by Wen Congyang.
	* src/rpc/virnetserver.c (SA_SIGINFO): Stub for mingw.
	(virNetServerSignalHandler): Avoid bogus dereference.
	(virNetServerFatalSignal, virNetServerNew): Set flags properly.
	(virNetServerAddSignalHandler): Drop unneeded #ifdef.

	conf: remove redundant ()
	I almost copied-and-pasted some redundant () into my new code,
	and figured a general cleanup prereq patch would be better instead.
	No semantic change.
	* src/conf/domain_conf.c (virDomainLeaseDefParseXML)
	(virDomainDiskDefParseXML, virDomainFSDefParseXML)
	(virDomainActualNetDefParseXML, virDomainNetDefParseXML)
	(virDomainGraphicsDefParseXML, virDomainVideoAccelDefParseXML)
	(virDomainVideoDefParseXML, virDomainHostdevFind)
	(virDomainControllerInsertPreAlloced, virDomainDefParseXML)
	(virDomainObjParseXML, virDomainCpuSetFormat)
	(virDomainCpuSetParse, virDomainDiskDefFormat)
	(virDomainActualNetDefFormat, virDomainNetDefFormat)
	(virDomainTimerDefFormat, virDomainGraphicsListenDefFormat)
	(virDomainDefFormatInternal, virDomainNetGetActualHostdev)
	(virDomainNetGetActualBandwidth, virDomainGraphicsGetListen):
	Reduce extra ().

	build: avoid strtol and strtod
	Ensure we don't introduce any more lousy integer parsing in new
	code, while avoiding a scrub-down of existing legacy code.
	Note that we also need to enable sc_prohibit_atoi_atof (see cfg.mk
	local-checks-to-skip) before we are bulletproof, but that also
	entails scrubbing I'm not ready to do at the moment.
	* src/util/util.c (virStrToLong_i, virStrToLong_ui)
	(virStrToLong_l, virStrToLong_ul, virStrToLong_ll)
	(virStrToLong_ull, virStrToDouble): Mark exemptions.
	* src/util/virmacaddr.c (virMacAddrParse): Likewise.
	* cfg.mk (sc_prohibit_strtol): New syntax check.
	(exclude_file_name_regexp--sc_prohibit_strtol): Ignore files that
	I'm not willing to fix yet.
	(local-checks-to-skip): Re-enable sc_prohibit_atoi_atof.

	conf: tighten up XML integer parsing
	https://bugzilla.redhat.com/show_bug.cgi?id=617711 reported that
	even with my recent patched to allow <memory unit='G'>1</memory>,
	people can still get away with trying <memory>1G</memory> and
	silently get <memory unit='KiB'>1</memory> instead.  While
	virt-xml-validate catches the error, our C parser did not.
	Not to mention that it's always fun to fix bugs while reducing
	lines of code.  :)
	* src/conf/domain_conf.c (virDomainParseMemory): Check for parse error.
	(virDomainDefParseXML): Avoid strtoll.
	* src/conf/storage_conf.c (virStorageDefParsePerms): Likewise.
	* src/util/xml.c (virXPathLongBase, virXPathULongBase)
	(virXPathULongLong, virXPathLongLong): Likewise.

	virsh: avoid strtol
	We were forgetting to check errno for overflow.
	* tools/virsh.c (get_integer_keycode, vshCommandOptInt)
	(vshCommandOptUInt, vshCommandOptUL, vshCommandOptLongLong)
	(vshCommandOptULongLong): Rewrite to be safer.

	build: avoid type-punning in vbox
	Commit 78345c68 makes at least gcc 4.1.2 on RHEL 5 complain:
	cc1: warnings being treated as errors
	In file included from vbox/vbox_V4_0.c:13:
	vbox/vbox_tmpl.c: In function 'vboxDomainUndefineFlags':
	vbox/vbox_tmpl.c:5298: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
	* src/vbox/vbox_tmpl.c (vboxDomainUndefineFlags): Use union to
	avoid compiler warning.

	build: fix fresh checkout on RHEL5
	Building a fresh checkout on RHEL 5 has been broken since commit
	29db7a00, due to a gnulib regression in the bootstrap script
	(incremental builds from a checkout earlier than that point were
	okay, though).
	* .gnulib: Update to latest, for bootstrap fixes.
	* bootstrap: Resync from gnulib.
	* gnulib/local/top/maint.mk.diff: Drop patch that was added
	upstream in the meantime.

	virsh: avoid uninitialized memory usage
	Detected by valgrind, via Alex Jia.  Caused by imcomplete
	copy-and-paste from vshWatchJob in commit 3b96a892.
	* tools/virsh.c (cmdBlockPull): fix uninitialized memory usage.
	* How to reproduce?
	$ qemu-img create /var/lib/libvirt/images/test 1M
	$ cat > /tmp/test.xml <<EOF
	<domain type='qemu'>
	  <name>test</name>
	  <memory>219200</memory>
	  <vcpu>1</vcpu>
	  <os>
	    <type arch='x86_64'>hvm</type>
	    <boot dev='hd'/>
	  </os>
	  <devices>
	    <disk type='file' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source file='/var/lib/libvirt/images/test'/>
	      <target dev='vda' bus='virtio'/>
	    </disk>
	    <input type='mouse' bus='ps2'/>
	    <graphics type='spice' autoport='yes' listen='0.0.0.0'/>
	  </devices>
	</domain>
	EOF
	$ virsh define /tmp/test.xml
	$ valgrind -v virsh blockpull test /var/lib/libvirt/images/test --wait
	actual result:
	==10906== 1 errors in context 1 of 1:
	==10906== Syscall param rt_sigaction(act->sa_flags) points to uninitialised byte(s)
	==10906==    at 0x39CF80F5BE: __libc_sigaction (sigaction.c:67)
	==10906==    by 0x43016C: cmdBlockPull (virsh.c:7638)
	==10906==    by 0x4150D4: vshCommandRun (virsh.c:18574)
	==10906==    by 0x425E73: main (virsh.c:20178)
	==10906==  Address 0x7fefffae8 is on thread 1's stack

2012-04-20  Daniel P. Berrange  <berrange@redhat.com>

	The policy kit and HAL node device drivers both require a DBus connection. The HAL device code further requires that the DBus connection is integrated with the event loop and provides such glue logic itself.
	The forthcoming FirewallD integration also requires a
	dbus connection with event loop integration. Thus we need
	to pull the current event loop glue out of the HAL driver.
	Thus we create src/util/virdbus.{c,h} files. This contains
	just one method virDBusGetSystemBus() which obtains a handle
	to the single shared system bus instance, with event glue
	automagically setup.

2012-04-19  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Fix support for trusted DHCP servers
	Fix the support for trusted DHCP server in the ebtables code's
	hard-coded function applying DHCP only filtering rules:
	Rather than using a char * use the more flexible
	virNWFilterVarValuePtr that contains the trusted DHCP server(s)
	IP address. Process all entries.
	Since all callers so far provided NULL as parameter, no changes
	are necessary in any other code.

	Support for atomic operations on integers
	For threading support, add atomic add and sub operations working on
	integers. Base this on locking support provided by virMutex.

	Implement virHashRemoveAll function
	Implement function to remove all entries of a hash table.

2012-04-19  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix and clarify the --title flag for the list command in man page

2012-04-19  Eric Blake  <eblake@redhat.com>

	util: remove dead casts
	The sequence:
	  long long val;
	  if ((long long) val != val)
	is dead code.
	* src/util/util.c (virStrToLong_ll, virStrToLong_ull): Remove
	useless cast.

2012-04-18  D. Herrendoerfer  <d.herrendoerfer@herrendoerfer.name>

	util: only register callbacks for CREATE operations in virnetdevmacvlan.c
	Currently upon a migration a callback is created when a 802.1qbg link
	is set to PREASSOCIATE, this should not happen because this is a no-op
	on most switches, and does not lead to an ASSOCIATE state.  This patch
	only creates callbacks when CREATE or RESTORE is requested.  Migration
	and libvirtd restart scenarios are already handled elsewhere.

2012-04-18  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Fix a memory leak
	The below patch fixes the following memory leak.
	==20624== 24 bytes in 2 blocks are definitely lost in loss record 532 of 1,867
	==20624==    at 0x4A05E46: malloc (vg_replace_malloc.c:195)
	==20624==    by 0x38EC27FC01: strdup (strdup.c:43)
	==20624==    by 0x4EB6BA3: virDomainChrSourceDefCopy (domain_conf.c:1122)
	==20624==    by 0x495D76: qemuProcessFindCharDevicePTYs (qemu_process.c:1497)
	==20624==    by 0x498321: qemuProcessWaitForMonitor (qemu_process.c:1258)
	==20624==    by 0x49B5F9: qemuProcessStart (qemu_process.c:3652)
	==20624==    by 0x468B5C: qemuDomainObjStart (qemu_driver.c:4753)
	==20624==    by 0x469171: qemuDomainStartWithFlags (qemu_driver.c:4810)
	==20624==    by 0x4F21735: virDomainCreate (libvirt.c:8153)
	==20624==    by 0x4302BF: remoteDispatchDomainCreateHelper (remote_dispatch.h:852)
	==20624==    by 0x4F72C14: virNetServerProgramDispatch (virnetserverprogram.c:416)
	==20624==    by 0x4F6D690: virNetServerHandleJob (virnetserver.c:164)
	==20624==    by 0x4E8F43D: virThreadPoolWorker (threadpool.c:144)
	==20624==    by 0x4E8EAB5: virThreadHelper (threads-pthread.c:161)
	==20624==    by 0x38EC606CCA: start_thread (pthread_create.c:301)
	==20624==    by 0x38EC2E0C2C: clone (clone.S:115)

2012-04-18  Eric Blake  <eblake@redhat.com>

	blockjob: add virsh blockpull --wait
	I'm tired of shell-scripting to wait for completion of a block pull,
	when virsh can be taught to do the same.  I couldn't quite reuse
	vshWatchJob, as this is not a case of a long-running command where
	a second thread must be used to probe job status (at least, not unless
	I make virsh start doing blocking waits for an event to fire), but it
	served as inspiration for my simpler single-threaded loop.  There is
	up to a half-second delay between sending SIGINT and the job being
	aborted, but I didn't think it worth the complexity of a second thread
	and use of poll() just to minimize that delay.
	* tools/virsh.c (cmdBlockPull): Add new options to wait for
	completion.
	(blockJobImpl): Add argument.
	(cmdBlockJob): Adjust caller.
	* tools/virsh.pod (blockjob): Document new mode.

	qemu: use consistent error when qemu binary is too old
	Most of our errors complaining about an inability to support a
	particular action due to qemu limitations used CONFIG_UNSUPPORTED,
	but we had a few outliers.  Reported by Jiri Denemark.
	* src/qemu/qemu_command.c (qemuBuildDriveDevStr): Prefer
	CONFIG_UNSUPPORTED.
	* src/qemu/qemu_driver.c (qemuDomainReboot)
	(qemuDomainBlockJobImpl): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachPciControllerDevice):
	Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorTransaction)
	(qemuMonitorBlockJob, qemuMonitorSystemWakeup): Likewise.

	virsh: minor syntactic cleanups
	No semantic change.
	* tools/virsh.c: Fix some spacing issues, {} usage, long lines,
	and redundant ().

2012-04-18  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vbox: avoid provoking assertions in VBoxSVC
	Passing a NULL pointer to IMachine::delete virtualbox API
	causes VBoxSVC to raise an assertion. This patch passes
	an empty array instead.

2012-04-18  Osier Yang  <jyang@redhat.com>

	docs: Improve the schema for fs device
	<filesystemtgt> is redundant, as every group uses it; <address>
	shouldn't be in <filesystemtgt> in case of the meaning could be
	"filesystemtarget"; The elements <address>, <alias>, <target>,
	... should be interleaved.

2012-04-17  Osier Yang  <jyang@redhat.com>

	conf: Do not parse cpuset only if the placement is auto
	So that a domain xml which doesn't have "placement" specified, but
	"cpuset" is specified, could be parsed. And in this case, the
	"placement" mode will be set as "static".

	tests: Update read-bufsiz to delete the UUID of vm XML
	Since now we have fixed domain UUID for test driver, defining
	a domain with different name but same UUID doesn't work any
	more. This patch delete the UUID from the dumped XML so that
	it could be generated.

	test: Set the fixed uuid for the default XMLs
	The objects (domain, pool, network, etc) for testing are defined/
	started each time when opening a connect to test driver, and thus
	the UUID for the objects will be generated each time, with different
	values. e.g.
	% for i in {1..3}; do ./tools/virsh --connect \
	  test:///default dumpxml test | grep uuid; done
	  <uuid>a1b6ee1f-97de-f0ee-617a-0cdb74947df5</uuid>
	  <uuid>ee68d7d2-3eb9-593e-2769-797ce1f4c4aa</uuid>
	  <uuid>fecb1d3a-918a-8412-e534-76192cf32b18</uuid>
	It's the potential bug which can cause operations like below to fail:
	$ virsh -c test:///default dumpxml test > test.xml
	[ Some modificatons, though it's not supported, but it should work ]
	$ virsh -c test:///default define test.xml
	This patch set fixed UUID for objects which support it. (domain,
	pool, network).

	qemu: Split ide-drive into ide-cd and ide-hd
	A "ide-drive" device can be either a hard disk or a CD-ROM,
	if there is ",media=cdrom" specified for the backend, it's
	a CD-ROM, otherwise it's a hard disk.
	Upstream qemu splitted "ide-drive" into "ide-hd" and "ide-cd"
	since commit 1f56e32, and ",media=cdrom" is not required for
	ide-cd anymore. "ide-drive" is still supported for backwards
	compatibility, but no doubt we should go foward.

	qemu: Split scsi-disk into into scsi-hd and scsi-cd
	A "scsi-disk" device can be either a hard disk or a CD-ROM,
	if there is ",media=cdrom" specified for the backend, it's
	a CD-ROM, otherwise it's a hard disk.
	But upstream qemu splitted "scsi-disk" into "scsi-hd" and
	"scsi-cd" since commit b443ae, and ",media=cdrom" is not
	required for scsi-cd anymore. "scsi-disk" is still supported
	for backwards compatibility, but no doubt we should go
	foward.

2012-04-17  Jan Kiszka  <jan.kiszka@siemens.com>

	Do not enforce source type of console[0]
	If console[0] is an alias for serial[0], do not enforce the former to
	have a PTY source type. This breaks serial consoles on stdio and makes
	no sense.

2012-04-17  Stefan Bader  <stefan.bader@canonical.com>

	xen: do not use ioemu type for any emulated NIC
	When using the xm/xend stack to manage instances there is a bug
	that causes the emulated interfaces to be unusable when the vif
	config contains type=ioemu.
	The current code already has a special quirk to not use this
	keyword if no specific model is given for the emulated NIC
	(defaulting to rtl8139).
	Essentially it works because regardless of the type argument,i
	the Xen stack always creates emulated and paravirt interfaces and
	lets the guest decide which one to use. So neither xl nor xm stack
	actually require the type keyword for emulated NICs.

2012-04-17  Osier Yang  <jyang@redhat.com>

	openvz: Correct the comments for new node APIs
	It should be 0.9.12 instead of 0.9.11

2012-04-17  Christophe Fergeau  <cfergeau@redhat.com>

	docs: fix 'omitted' typo in <cputune> doc
	'omitted' was mispelt 'commited' twice. One of the sentences with
	the typo was also missing an 'is' ('each VCPU *is* pinned to all...')
	which I added in this commit while I was at it.

	docs: add missing </span> in <vcpu placement> doc

2012-04-16  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessStart: Switch to flags instead of bunch booleans
	Currently, we have 3 boolean arguments we have to pass
	to qemuProcessStart(). As libvirt grows it is harder and harder
	to remember them and their position. Therefore we should
	switch to flags instead.

2012-04-16  Guido Günther  <agx@sigxcpu.org>

	docs: fix path to openvz network configuration file
	It's vznet.conf not vznetctl.conf, see e.g.:
	http://git.openvz.org/?p=vzctl;a=blob;f=bin/vznetcfg.in;h=e91f5c4a0744c1ea149e1b8c241b666052e10b12;hb=HEAD

2012-04-16  Cole Robinson  <crobinso@redhat.com>

	storage: lvm: use correct lv* command parameters
	lvcreate want's the parent pool's name, not the pool path
	lvchange and lvremove want lv specified as $vgname/$lvname
	This largely worked before because these commands strip off a
	starting /dev. But https://bugzilla.redhat.com/show_bug.cgi?id=714986
	is from a user using a 'nested VG' that was having problems.
	I couldn't find any info on nested LVM and the reporter never responded,
	but I reproduced with XML that specified a valid source name, and
	set target path to a symlink.

2012-04-16  Osier Yang  <jyang@redhat.com>

	qemu: Avoid the memory allocation and freeing

	numad: Ignore cpuset if placement is auto
	As explained in previous patch, numad will balance the affinity
	dynamically, so reflecting the cpuset from numad at the first
	time doesn't make much case, and may just could cause confusion.

	numad: Convert node list to cpumap before setting affinity
	Instead of returning a CPUs list, numad returns NUMA node
	list instead, this patch is to convert the node list to
	cpumap before affinity setting. Otherwise, the domain
	processes will be pinned only to CPU[$numa_cell_num],
	which will cause significiant performance losses.
	Also because numad will balance the affinity dynamically,
	reflecting the cpuset from numad back doesn't make much
	sense then, and it may just could produce confusion for
	the users. Thus the better way is not to reflect it back
	to XML. And in this case, it's better to ignore the cpuset
	when parsing XML.
	The codes to update the cpuset is removed in this patch
	incidentally, and there will be a follow up patch to ignore
	the manually specified "cpuset" if "placement" is "auto",
	and document will be updated too.

2012-04-16  Daniel Veillard  <veillard@redhat.com>

	Set Martin Kletzander as a commiter

2012-04-16  Guido Günther  <agx@sigxcpu.org>

	openvz: wire up more node information functions
	in detail nodeGetCPUStats, nodeGetMemoryStats, nodeGetCellsFreeMemory
	and nodeGetFreeMemory

2012-04-15  Guido Günther  <agx@sigxcpu.org>

	Fix macvtap detection by also checking for IFLA_VF_MAX
	since this isn't available on older kernels such as Debian Squeeze's
	2.6.32. This make --with-macvtap=check work as expected.

2012-04-14  Philipp Hahn  <hahn@univention.de>

	virnetdev: Check for defined IFLA_VF_*
	The linux-2.6.32 kernel header does not yet define IFLA_VF_MAX and others,
	which breaks compiling a new libvirt on old systems like Debian Squeeze.
	(I also have to add --without-macvtap --disable-werror --without-virtualport to
	 ./configure to get it to compile.)

2012-04-13  Daniel Veillard  <veillard@redhat.com>

	Web placeholder for pending patches on the web site
	This is based on recent developments on patch checker and the
	goal is to keep a list of pending patches needing review on the
	project web site. The page template in git just holds a pointer
	to the web page.

2012-04-13  Michal Privoznik  <mprivozn@redhat.com>

	gitignore: Reorder alphabetically
	Recent git reorders .gitignore alphabetically. However, changes are
	not committed and I am tired of discarding these changes from
	my patches.

	conf: Avoid double assignment in virDomainDiskRemove
	Although it should be harmless to do:
	    disk = disk = def->disks[i]
	some not-so-wise compilers may fool around.
	Besides, such assignment is useless here.

	qemu: Fix mem leak in qemuProcessInitCpuAffinity
	If placement mode is AUTO, on some return paths char *cpumap or
	char *nodeset are leaked.

2012-04-13  Stefan Bader  <stefan.bader@canonical.com>

	xend_internal: Use domain/status for shutdown check
	On newer xend (v3.x and after) there is no state and domid reported
	for inactive domains. When initially creating connections this is
	handled in various places by assigning domain->id = -1.
	But once an instance has been running, the id is set to the current
	domain id. And it does not change when the instance is shut down.
	So when querying the domain info, the hypervisor driver, which gets
	asked first will indicate it cannot find information, then the
	xend driver is asked and will set the status to NOSTATE because it
	checks for the -1 domain id.
	Checking domain/status for 0 seems to be more reliable for that.
	One note: I am not sure whether the domain->id also should get set
	back to -1 whenever any sub-driver thinks the instance is no longer
	running.
	BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=746007
	BugLink: http://bugs.launchpad.net/bugs/929626

2012-04-13  D. Herrendoerfer  <d.herrendoerfer@herrendoerfer.name>

	qemu,util: fix netlink callback registration for migration
	This patch adds a netlink callback when migrating a VEPA enabled
	virtual machine.  It fixes a Bug where a VM would not request a port
	association when it was cleared by lldpad.
	This patch requires the latest git version of lldpad to work.

2012-04-12  Michal Privoznik  <mprivozn@redhat.com>

	qemuOpenFile: Don't force chown on NFS
	If dynamic_ownership is off and we are creating a file on NFS
	we force chown. This will fail as chown/chmod are not supported
	on NFS. However, with no dynamic_ownership we are not required
	to do any chown.

2012-04-12  Alex Jia  <ajia@redhat.com>

	daemon: Plug memory leaks
	* daemon/libvirtd-config.c (daemonConfigFree): fix memory leaks.
	How to reproduce?
	% make && make -C tests check TESTS=libvirtdconftest
	% cd tests && valgrind -v --leak-check=full ./libvirtdconftest
	actual result:
	==11008== 185 bytes in 5 blocks are definitely lost in loss record 3 of 5
	==11008==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==11008==    by 0x39CF07F6E1: strdup (strdup.c:43)
	==11008==    by 0x406626: daemonConfigLoadOptions (libvirtd-config.c:438)
	==11008==    by 0x406800: daemonConfigLoadData (libvirtd-config.c:492)
	==11008==    by 0x403CCF: testCorrupt (libvirtdconftest.c:110)
	==11008==    by 0x404FAD: virtTestRun (testutils.c:145)
	==11008==    by 0x403A34: mymain (libvirtdconftest.c:219)
	==11008==    by 0x404687: virtTestMain (testutils.c:700)
	==11008==    by 0x39CF01ECDC: (below main) (libc-start.c:226)
	==11008==
	==11008== LEAK SUMMARY:
	==11008==    definitely lost: 185 bytes in 5 blocks

2012-04-12  Eric Blake  <eblake@redhat.com>

	blockjob: allow for fast-finishing job
	In my testing, I was able to provoke an odd block pull failure:
	$ virsh blockpull dom vda --bandwidth 10000
	error: Requested operation is not valid: No active operation on device: drive-virtio-disk0
	merely by using gdb to artifically wait to do the block job set speed
	until after the pull had already finished.  But in reality, that should
	be a success, since the pull finished before we had a chance to set
	speed.  Furthermore, using a double job lock is not only annoying, but
	a bug in itself - if you do parallel virDomainBlockRebase, and hit
	the race window just right, the first call grabs the VM job to start
	a fast block job, then the second call grabs the VM job to start
	a long-running job with unspecified speed, then the first call finally
	regrabs the VM job and sets the speed, which ends up running the
	second job under the speed from the first call.  By consolidating
	things into a single job, we avoid opening that race, as well as reduce
	the time between starting the job and changing the speed, for less
	likelihood of the speed change happening after block job completion
	in the first place.
	* src/qemu/qemu_monitor.h (BLOCK_JOB_CMD): Add new mode.
	* src/qemu/qemu_driver.c (qemuDomainBlockRebase): Move secondary
	job call...
	(qemuDomainBlockJobImpl): ...here, for fewer locks.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockJob): Change
	return value on new internal mode.

	blockjob: wire up qemu async virDomainBlockJobAbort
	Without the VIR_DOMAIN_BLOCK_JOB_ABORT_ASYNC flag, libvirt will internally
	poll using qemu's "query-block-jobs" API and will not return until the
	operation has been completed.  API users are advised that this operation
	is unbounded and further interaction with the domain during this period
	may block.  Future patches may refactor things to allow other queries in
	parallel with this polling.  For older qemu, we synthesize the cancellation
	event, since qemu won't generate it.
	The choice of polling duration copies from the code in qemu_migration.c.
	Cc: Stefan Hajnoczi <stefanha@gmail.com>

	blockjob: optimize JSON event handler lookup
	Probably in the noise, but this will let us scale more efficiently
	as we learn to recognize even more qemu events.
	* src/qemu/qemu_monitor_json.c (eventHandlers): Sort.
	(qemuMonitorEventCompare): New helper function.
	(qemuMonitorJSONIOProcessEvent): Optimize event lookup.

2012-04-12  Adam Litke  <agl@us.ibm.com>

	blockjob: add API for async virDomainBlockJobAbort
	Block job cancellation can take a while.  Now that upstream qemu 1.1
	has asynchronous block cancellation, we want to expose that to the user.
	Therefore, the following updates are made to the virDomainBlockJob API:
	A new block job event type VIR_DOMAIN_BLOCK_JOB_CANCELED is managed by
	libvirt.  Regardless of the flags used with virDomainBlockJobAbort, this
	event will be raised: 1. when using synchronous block_job_cancel (the
	event will be synthesized by libvirt), and 2. whenever it is received
	from qemu (via asynchronous block-job-cancel).  Note that the event
	may be detected by libvirt even before the virDomainBlockJobAbort
	completes (always true when it is synthesized, but also possible if
	cancellation was fast).
	A new extension flag VIR_DOMAIN_BLOCK_JOB_ABORT_ASYNC is added to the
	virDomainBlockJobAbort API.  When enabled, this function will allow
	(but not require) asynchronous operation (ie, it returns as soon as
	possible, which might be before the job has actually been canceled).
	When the API is used in this mode, it is the responsibility of the
	caller to wait for a VIR_DOMAIN_BLOCK_JOB_CANCELED event or poll via
	the virDomainGetBlockJobInfo API to check the cancellation status.
	This patch also exposes the new flag through virsh, and makes virsh
	slightly easier to use (--async implies --abort, and lack of any options
	implies --info), although it leaves the qemu implementation for later
	patches.
	Cc: Stefan Hajnoczi <stefanha@gmail.com>

2012-04-12  Eric Blake  <eblake@redhat.com>

	blockjob: add qemu capabilities related to block pull jobs
	RHEL 6.2 was released with an early version of block jobs, which only
	worked on the qed file format, where the commands were spelled with
	underscore (contrary to QMP style), and where 'block_job_cancel' was
	synchronous and did not trigger an event.
	The upcoming qemu 1.1 release has fixed these short-comings [1][2]:
	the commands now work on multiple file types, are spelled with dash,
	and 'block-job-cancel' is asynchronous and emits an event upon conclusion.
	[1]qemu commit 370521a1d6f5537ea7271c119f3fbb7b0fa57063
	[2]https://lists.gnu.org/archive/html/qemu-devel/2012-04/msg01248.html
	This patch recognizes the new spellings, and fixes virDomainBlockRebase
	to give a graceful error when talking to a too-old qemu on a partial
	rebase attempt.  Fixes for the new semantics will come later.  This
	patch also removes a bogus ATTRIBUTE_NONNULL mistakenly added in
	commit 10ec36e2.
	* src/qemu/qemu_capabilities.h (QEMU_CAPS_BLOCKJOB_SYNC)
	(QEMU_CAPS_BLOCKJOB_ASYNC): New bits.
	* src/qemu/qemu_capabilities.c (qemuCaps): Name them.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONCheckCommands): Set
	them.
	(qemuMonitorJSONBlockJob): Manage both command names.
	(qemuMonitorJSONDiskSnapshot): Minor formatting fix.
	* src/qemu/qemu_monitor.h (qemuMonitorBlockJob): Alter signature.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockJob): Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockJob): Pass through
	capability bit.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Update callers.

2012-04-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix deadlock when qemuDomainOpenConsole cleans up a connection
	The new safe console handling introduced a possibility to deadlock the
	qemu driver when a new console connection forcibly disconnects a
	previous console stream that belongs to an already closed connection.
	The virStreamFree function calls subsequently a the virReleaseConnect
	function that tries to lock the driver while discarding the connection,
	but the driver was already locked in qemuDomainOpenConsole.
	Backtrace of the deadlocked thread:
	0  0x00007f66e5aa7f14 in __lll_lock_wait () from /lib64/libpthread.so.0
	1  0x00007f66e5aa3411 in _L_lock_500 () from /lib64/libpthread.so.0
	2  0x00007f66e5aa322a in pthread_mutex_lock () from/lib64/libpthread.so.0
	3  0x0000000000462bbd in qemudClose ()
	4  0x00007f66e6e178eb in virReleaseConnect () from/usr/lib64/libvirt.so.0
	5  0x00007f66e6e19c8c in virUnrefStream () from /usr/lib64/libvirt.so.0
	6  0x00007f66e6e3d1de in virStreamFree () from /usr/lib64/libvirt.so.0
	7  0x00007f66e6e09a5d in virConsoleHashEntryFree () from/usr/lib64/libvirt.so.0
	8  0x00007f66e6db7282 in virHashRemoveEntry () from/usr/lib64/libvirt.so.0
	9  0x00007f66e6e09c4e in virConsoleOpen () from /usr/lib64/libvirt.so.0
	10 0x00000000004526e9 in qemuDomainOpenConsole ()
	11 0x00007f66e6e421f1 in virDomainOpenConsole () from/usr/lib64/libvirt.so.0
	12 0x00000000004361e4 in remoteDispatchDomainOpenConsoleHelper ()
	13 0x00007f66e6e80375 in virNetServerProgramDispatch () from/usr/lib64/libvirt.so.0
	14 0x00007f66e6e7ae11 in virNetServerHandleJob () from/usr/lib64/libvirt.so.0
	15 0x00007f66e6da897d in virThreadPoolWorker () from/usr/lib64/libvirt.so.0
	16 0x00007f66e6da7ff6 in virThreadHelper () from/usr/lib64/libvirt.so.0
	17 0x00007f66e5aa0c5c in start_thread () from /lib64/libpthread.so.0
	18 0x00007f66e57e7fcd in clone () from /lib64/libc.so.6
	* src/qemu/qemu_driver.c: qemuDomainOpenConsole()
	        -- unlock the qemu driver right after acquiring the domain
	        object

2012-04-11  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Warn on possibly incorrect usage of EnterMonitor*
	qemuDomainObjEnterMonitor{,WithDriver} should not be called from async
	jobs, only EnterMonitorAsync variant is allowed.

	qemu: Track job owner for better debugging
	In case an API fails with "cannot acquire state change lock", searching
	for the API that possibly forgot to end its job is not always easy.
	Let's keep track of the job owner and print it out for easier
	identification.

	qemu: Avoid excessive calls to qemuDomainObjSaveJob()
	As reported by Daniel Berrangé, we have a huge performance regression
	for virDomainGetInfo() due to the change which makes virDomainEndJob()
	save the XML status file every time it is called. Previous to that
	change, 2000 calls to virDomainGetInfo() took ~2.5 seconds. After that
	change, 2000 calls to virDomainGetInfo() take 2 *minutes* 45 secs.
	We made the change to be able to recover from libvirtd restart in the
	middle of a job. However, only destroy and async jobs are taken care of.
	Thus it makes more sense to only save domain state XML when these jobs
	are started/stopped.

	tests: Fix libvirtdconftest in VPATH build
	Without this, libvirtdconftest fails to build with "fatal error:
	daemon/libvirtd-config.h: No such file or directory"

2012-04-10  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Add libvirtd-config.c to the list of files to translate

2012-04-10  Eric Blake  <eblake@redhat.com>

	build: avoid s390 compiler warnings
	I noticed these compiler warnings when building for the s390 architecture.
	* src/node_device/node_device_udev.c (udevDeviceMonitorStartup):
	Mark unused variable.
	* src/nodeinfo.c (linuxNodeInfoCPUPopulate): Avoid unused variable.

2012-04-10  Daniel P. Berrange  <berrange@redhat.com>

	Wire up <loader> to set the QEMU BIOS path
	* src/qemu/qemu_command.c: Wire up -bios with <loader>
	* tests/qemuxml2argvdata/qemuxml2argv-bios.args,
	  tests/qemuxml2argvdata/qemuxml2argv-bios.xml: Expand
	  existing BIOS test case to cover <loader>

2012-04-10  Peter Krempa  <pkrempa@redhat.com>

	virsh: Clean up usage of boolean flag variables
	This patch cleans up variables used to store boolean command flags that
	are inquired by vshCommandOptBool to use the bool data type instead of
	an integer.
	Additionally this patch cleans up flag variables that are inferred from
	existing flags.

	virsh: Clarify use of the --managed-save flag for the list command
	The documentation for the flag doesn't clearly state that the flag only
	enhances the output and the user needs to specify other flags to list
	inactive domains, that are enhanced by this flag.

2012-04-10  Daniel P. Berrange  <berrange@redhat.com>

	Fix comment about GNUTLS initialization/cleanup

2012-04-10  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Fix compilation error on 32bit
	Below code failed to compile on a 32 bit machine with error
	typewrappers.c: In function 'libvirt_intUnwrap':
	typewrappers.c:135:5: error: logical 'and' of mutually exclusive tests is always false [-Werror=logical-op]
	cc1: all warnings being treated as errors
	The patch fixes this error.

2012-04-10  Daniel P. Berrange  <berrange@redhat.com>

	Replace daemon-conf test script with a proper test case
	The daemon-conf test script continues to be very fragile to
	changes in libvirt. It currently fails 1 time in 3/4 due
	to race conditions in startup/shutdown of the test script.
	Replace it with a proper test case tailored to the code
	being tested
	* tests/Makefile.am: Remove daemon-conf, add libvirtdconftest
	* tests/daemon-conf: Delete obsolete test
	* tests/libvirtdconftest.c: Test config file handling

	Switch libvirtd config loading code to use error APIs
	Using VIR_ERROR means the test suite can't catch error messages
	easily. Use the proper error reporting APIs instead

	Add API for loading daemon config from in-memory blob
	Rename existing daemonConfigLoad API to daemonConfigLoadFile and
	add an alternative daemonConfigLoadData
	* daemon/libvirtd-config.c, daemon/libvirtd-config.h: Add
	  daemonConfigLoadData and rename daemonConfigLoad to
	  daemonConfigLoadFile
	* daemon/libvirtd.c: Update for renamed API

	Split libvirtd config file loading out into separate files
	To enable creation of unit tests, split the libvirtd config file
	loading code out into separate files.
	* daemon/libvirtd.c: Delete config loading code / structs
	* daemon/libvirtd-config.c, daemon/libvirtd-config.h: Config
	  file loading APIs

2012-04-10  MATSUDA, Daiki  <matsudadik@intellilink.co.jp>

	UML: fix iteration over consoles
	I found typo in UML driver.
	MATSUDA Daiki

2012-04-06  Eric Blake  <eblake@redhat.com>

	snapshot: fix memory leak on error
	Leak introduced in commit 0436d32.  If we allocate an actions array,
	but fail early enough to never consume it with the qemu monitor
	transaction call, we leaked memory.
	But our semantics of making the transaction command free the caller's
	memory is awkward; avoiding the memory leak requires making every
	intermediate function in the call chain check for error.  It is much
	easier to fix things so that the function that allocates also frees,
	while the call chain leaves the caller's data intact.  To do that,
	I had to hack our JSON data structure to make it easy to protect a
	portion of an arbitrary JSON tree from being freed.
	* src/util/json.h (virJSONType): Name the enum.
	(_virJSONValue): New field.
	* src/util/json.c (virJSONValueFree): Use it to protect a portion
	of an array.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONTransaction): Avoid
	freeing caller's data.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive):
	Free actions array on failure.

2012-04-06  Michal Privoznik  <mprivozn@redhat.com>

	qemu_ga: Don't overwrite errors on FSThaw
	We can tell qemuDomainSnapshotFSThaw if we want it to report errors or
	not. However, if we don't want to and an error has been already set by
	previous qemuReportError() we must keep copy of that error not just a
	pointer to it. Otherwise, it get overwritten if FSThaw reports an error.

2012-04-06  Stefan Bader  <stefan.bader@canonical.com>

	xen config: No vfb in HVM guest configuration
	This causes an implicit vkbd device to be added which takes
	6min to finally fail being initialized in the guest.
	http://lists.xen.org/archives/html/xen-devel/2012-04/msg00409.html

2012-04-06  Eric Blake  <eblake@redhat.com>

	tests: avoid compiler warnings
	gcc 4.7 warns about uninitialized struct members
	* tests/testutilsqemu.c (testQemuCapsInit): Populate new members.
	* tests/viruritest.c (mymain): Likewise.

2012-04-06  Laine Stump  <laine@laine.org>

	test: fix build errors with gcc 4.7.0 and -O0
	When building on Fedora 17 (which uses gcc 4.7.0) with -O0 in CFLAGS,
	three of the tests failed to compile.
	cputest.c and qemuxml2argvtest.c had non-static structs defined
	inside the macro that was being repeatedly invoked. Due to some so-far
	unidentified change in gcc, the stack space used by variables defined
	inside { } is not recovered/re-used when the block ends, so all these
	structs have become additive (this is the same problem worked around
	in commit cf57d345b). Fortunately, these two files could be fixed with
	a single line addition of "static" to the struct definition in the
	macro.
	virnettlscontexttest.c was a bit different, though. The problem structs
	in the do/while loop of macros had non-constant initializers, so it
	took a bit more work and piecemeal initialization instead of member
	initialization to get things to be happy.
	In an ideal world, none of these changes should be necessary, but not
	knowing how long it will be until the gcc regressions are fixed, and
	since the code is just as correct after this patch as before, it makes
	sense to fix libvirt's build for -O0 while also reporting the gcc
	problem.

2012-04-06  Guido Günther  <agx@sigxcpu.org>

	virURIParse: don't forget to copy the user part
	This got dropped with 300e60e15b22387dda41ed5985a9ebadfd86dd25
	Cheers,
	 -- Guido

2012-04-05  Laine Stump  <laine@laine.org>

	test: fix segfault in networkxml2argvtest
	This bug resolves https://bugzilla.redhat.com/show_bug.cgi?id=810100
	rpm builds for i686 were failing with a segfault in
	networkxml2argvtest. Running under valgrind showed that a region of
	memory was being referenced after it had been freed (as the result of
	realloc - see the valgrind report in the BZ).
	The problem (in replaceTokens() - added in commit 22ec60, meaning this
	bug was in 0.9.10 and 0.9.11) was that the pointers token_start and
	token_end were being computed based on the value of *buf, then *buf
	was being realloc'ed (potentially moving it), then token_start and
	token_end were used without recomputing them to account for movement
	of *buf.
	The solution is to change the code so that token_start and token_end
	are offsets into *buf rather than pointers. This way there is only a
	single pointer to the buffer, and nothing needs readjusting after a
	realloc. (You may note that some uses of token_start/token_end didn't
	need to be changed to add in "*buf +" - that's because there ended up
	being a +*buf and -*buf which canceled each other out).
	DV gets the credit for finding this bug and pointing out the valgrind
	report.

2012-04-05  Alex Jia  <ajia@redhat.com>

	conf: Plug memory leaks on virDomainDiskDefParseXML
	Detected by valgrind. Leaks are introduced in commit b22eaa7.
	* src/conf/domain_conf.c (virDomainDiskDefParseXML): fix memory leaks.
	How to reproduce?
	% make && make -C tests check TESTS=qemuxml2argvtest
	% cd tests && valgrind -v --leak-check=full ./qemuxml2argvtest
	actual result:
	==2143== 12 bytes in 2 blocks are definitely lost in loss record 74 of 179
	==2143==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==2143==    by 0x39D90A67DD: xmlStrndup (xmlstring.c:45)
	==2143==    by 0x4F5EC0: virDomainDiskDefParseXML (domain_conf.c:3438)
	==2143==    by 0x502F00: virDomainDefParseXML (domain_conf.c:8304)
	==2143==    by 0x505FE3: virDomainDefParseNode (domain_conf.c:9080)
	==2143==    by 0x5069AE: virDomainDefParse (domain_conf.c:9030)
	==2143==    by 0x41CBF4: testCompareXMLToArgvHelper (qemuxml2argvtest.c:105)
	==2143==    by 0x41E5DD: virtTestRun (testutils.c:145)
	==2143==    by 0x416FA3: mymain (qemuxml2argvtest.c:399)
	==2143==    by 0x41DCB7: virtTestMain (testutils.c:700)
	==2143==    by 0x39CF01ECDC: (below main) (libc-start.c:226)

2012-04-05  Ilja Livenson  <ilja.livenson@gmail.com>

	openvz: support vzctl 3.1
	https://bugzilla.redhat.com/show_bug.cgi?id=809895
	Basically, openvz dropped strict version numbering (3.1 vs 3.1.0),
	which caused parsing to fail.

2012-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Don't install sysctl file on non-Linux hosts
	* configure.ac: Set WITH_SYSCTL only on Linux hosts
	* daemon/Makefile.am: Conditionalize install-sysctl using WITH_SYSCTL
	Cc: Jason Helfman <jhelfman@e-e.com>

2012-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix parallel build in docs/ directory
	Every now & then, with parallel builds, we get a failure to
	validate hvsupport.html.in.  I eventually noticed that this
	is because we get 2 instances of the generator running at
	once.
	We already list hvsupport.html.in in BUILT_SOURCES but this
	was not working. It turns out the flaw is that we were
	adding deps to the 'all:' target instead of the 'all-am:'
	target. BUILT_SOURCES is a dep of 'all', so any custom
	targets written in Makefile.am must use 'all-am:' so that
	they don't get run until BUILT_SOURCES are completely
	generated
	* docs/Makefile.am: s/all/all-am/

	Pull in GNULIB regex module for benefit of test suite on Win32

	Add linuxNodeInfoCPUPopulate to src/libvirt_linux.syms
	This symbol is used in the test suites

	Fix format specifiers in test cases on Win32
	Some of the test suites use fprintf with format specifiers
	that are not supported on Win32 and are not fixed by gnulib.
	The mingw32 compiler also has trouble detecting ssize_t
	correctly, complaining that 'ssize_t' does not match
	'signed size_t' (which it expects for %zd). Force the
	cast to size_t to avoid this problem
	* tests/testutils.c, tests/testutils.h: Fix printf
	  annotation on virTestResult. Use virVasprintf
	  instead of vfprintf
	* tests/virhashtest.c: Use VIR_WARN instead of fprintf(stderr).
	  Cast to size_t to avoid mingw32 compiler bug

2012-04-04  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Build activeUsbHostdevs list on process reconnect
	If the daemon is restarted it will lose list of active
	USB devices assigned to active domains. Therefore we need
	to rebuild this list on qemuProcessReconnect().

	qemu: Delete USB devices used by domain on stop
	To prevent assigning one USB device to two domains,
	we keep a list of assigned USB devices. On domain
	startup - qemuProcessStart() - we insert devices
	used by domain into the list but remove them only
	on detach-device. Devices are, however, released
	on qemuProcessStop() as well.

	qemu: Don't leak temporary list of USB devices
	and add debug message when adding USB device
	to the list of active devices.

2012-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix initial hypervisor conditionals
	The openvz, virtualbox and vmware drivers do not run inside
	libvirtd, therefore they should be grouped with the other
	client side drivers

	Remove bogus xen-devel dep from libvirt-devel RPM
	The public libvirt API does not have any application visible
	dependency on Xen libraries. The xen-devel dependency is thus
	bogus

	Introduce per-hypervisor virtual RPMs
	Introduce a set sub-RPMs, one per hypervisor, which can be used
	as dependency targets by applications wishing to pull in the
	full stack of packages required for a specific hypervisor. This
	avoids the application needing to know what the hypervisor specific
	package set is.
	ie, applications should not need to know that using the libvirt
	Xen hypervisor requires the 'xen' RPM - libvirt should take care
	of that knowledge. All the application wants is 'libvirt-daemon-xen'
	There are 5 sub-RPMs:
	  libvirt-daemon-qemu - non-native TCG based emulators
	  libvirt-daemon-kvm  - native KVM hypervisor
	  libvirt-daemon-uml  - User Mode linux
	  libvirt-daemon-xen  - Xen, either via XenD or libxl
	  libvirt-daemon-lxc  - Linux native containers
	When driver modules get turned on, these sub-RPMs will also
	gain dependencies on the appropriate driver module .so files

	Split config files & daemon off from main daemon RPM
	Take the libvirt RPM and split it into three pieces
	 - libvirt-daemon - libvirtd & other mandatory bits for its operation
	 - libvirt-daemon-config-network - the virbr0 config definition
	 - libvirt-daemon-config-nwfilter - the firewall config rules
	For backwards compatibility with existing installs / application RPM
	deps, the 'libvirt' RPM is retained, but will have a dependency on
	the 3 new RPMs.

	Remove API XML files from libvirt RPM
	The API XML files are now formally installed as part of the
	libvirt-devel RPM. Thus there is no need to include them as
	%doc in the main libvirt RPM

	Move all documentation into a -docs sub-RPM
	Currently documentation is split between the libvirt RPM and the
	libvirt-devel RPM. In the client-only build there is no libvirt
	RPM, so the docs need to live elsewhere. The obvious answer is a
	dedicated libvirt-docs RPM. For back-compatibility make the
	libvirt-devel RPM require the libvirt-docs RPM
	* libvirt.spec.in: Create separate libvirt-docs RPM

2012-04-03  Eric Blake  <eblake@redhat.com>

	docs: fix typo in previous patch
	* docs/news.html.in: Fix accidental deletion.

2012-04-03  Michal Privoznik  <mprivozn@redhat.com>

	news.html.in: Fix </br> void tag
	Void elements should be written with slash *after* the tag name,
	not before, so they are not confused with ending tags.

	virsh: Clarify escape sequence
	Currently, we put no strains on escape sequence possibly leaving users
	with console that cannot be terminated. However, not all ASCII
	characters can be used as escape sequence. Only those falling in
	@ - _ can be; implement and document this constraint.

2012-04-03  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt 0.9.11
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: updated a number of languages translation including new
	  indian languages and regenerated

	Revert "Refactor the libvirt RPM daemon pieces"
	This reverts commit 06a0d57f5a90e408a6280dc2f9db0badeeeb78ee.

2012-04-03  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Start nested job in qemuDomainCheckEjectableMedia
	Originally, qemuDomainCheckEjectableMedia was entering monitor with qemu
	driver lock. Commit 2067e31bf97667eab9f111b496f5e9a44e827c5b, which I
	made to fix that, revealed another issue we had (but didn't notice it
	since the driver was locked): we didn't set nested job when
	qemuDomainCheckEjectableMedia is called during migration. Thus the
	original fix I made was wrong.

2012-04-02  Philipp Hahn  <hahn@univention.de>

	Xen: Fix <clock> handling
	XenD-3.1 introduced managed domains. HV-domains have rtc_timeoffset
	(hgd24f37b31030 from 2007-04-03), which tracks the offset between the
	hypervisors clock and the domains RTC, and is persisted by XenD.
	In combination with localtime=1 this had a bug until XenD-3.4
	(hg5d701be7c37b from 2009-04-01) (I'm not 100% sure how that bug
	manifests, but at least for me in TZ=Europe/Berlin I see the previous
	offset relative to utc being applied to localtime again, which manifests
	in an extra hour being added)
	XenD implements the following variants for clock/@offset:
	- PV domains don't have a RTC → 'localtime' | 'utc'
	- <3.1: no managed domains → 'localtime' | 'utc'
	- ≥3.1: the offset is tracked for HV → 'variable'
	        due to the localtime=1 bug → 'localtime' | 'utc'
	- ≥3.4: the offset is tracked for HV → 'variable'
	Current libvirtd still thinks XenD only implements <clock offset='utc'/>
	and <clock offset='localtime'/>, which is wrong, since the semantic of
	'utc' and 'localtime' specifies, that the offset will be reset on
	domain-restart, while with 'variable' the offset is kept. (keeping the
	offset over "virsh edit" is important, since otherwise the clock might
	jump, which confuses certain guest OSs)
	xendConfigVersion was last incremented to 4 by the xen-folks for
	xen-3.1.0. I know of no way to reliably detect the version of XenD
	(user space tools), which may be different from the version of the
	hypervisor (kernel) version! Because of this only the change from
	'utc'/'localtime' to 'variable' in XenD-3.1 is handled, not the buggy
	behaviour of XenD-3.1 until XenD-3.4.
	For backward compatibility with previous versions of libvirt Xen-HV
	still accepts 'utc' and 'localtime', but they are returned as 'variable'
	on the next read-back from Xend to libvirt, since this is what XenD
	implements: The RTC is NOT reset back to the specified time on next
	restart, but the previous offset is kept.
	This behaviour can be turned off by adding the additional attribute
	adjustment='reset', in which case libvirt will report an error instead
	of doing the conversion. The attribute can also be used as a shortcut to
	offset='variable' with basis='...'.
	With these changes, it is also necessary to adjust the xen tests:
	"localtime = 0" is always inserted, because otherwise on updates the
	value is not changed within XenD.
	adjustment='reset' is inserted for all cases, since they're all <
	XEND_CONFIG_VERSION_3_1_0, only 3.1 introduced persistent
	rtc_timeoffset.
	Some statements change their order because code was moved around.

	Support clock=variable relative to localtime
	Since Xen 3.1 the clock=variable semantic is supported. In addition to
	qemu/kvm Xen also knows about a variant where the offset is relative to
	'localtime' instead of 'utc'.
	Extends the libvirt structure with a flag 'basis' to specify, if the
	offset is relative to 'localtime' or 'utc'.
	Extends the libvirt structure with a flag 'reset' to force the reset
	behaviour of 'localtime' and 'utc'; this is needed for backward
	compatibility with previous versions of libvirt, since they report
	incorrect XML.
	Adapt the only user 'qemu' to the new name.
	Extend the RelaxNG schema accordingly.
	Document the new 'basis' attribute in the HTML documentation.
	Adapt test for the new attribute.

2012-04-02  Yuri Chornoivan  <yurchor@ukr.net>

	Fix typos and spacing in messages.

2012-04-02  Laine Stump  <laine@laine.org>

	qemu: fix memory leak in virDomainGetVcpus
	https://bugzilla.redhat.com/show_bug.cgi?id=808979
	The leak is really in virProcessInfoGetAffinity, as shown in the
	valgrind output given in the above bug report - it calls CPU_ALLOC(),
	but then fails to call CPU_FREE().
	This leak has existed in every version of libvirt since 0.7.5.

2012-03-31  Eric Blake  <eblake@redhat.com>

	conf: allow fuzz in XML with cur balloon > max
	Commit 1b1402b introduced a regression.  Since older libvirt versions
	would silently round memory up (until the previous patch), but populated
	current memory based on querying the guest, it was possible to have
	dumpxml show cur > max by the amount of the rounding.  For example, if
	a user requested 1048570 KiB memory (just shy of 1GiB), the qemu
	driver would actually run with 1048576 KiB, and libvirt 0.9.10 would
	output a current that was 6KiB larger than the maximum.  Situations
	where this could have an impact include, but are not limited to,
	migration from old to new libvirt, managedsave in old libvirt and
	start in new libvirt, snapshot creation in old libvirt and revert in
	new libvirt - without this patch, the new libvirt would reject the
	VM because of the rounding discrepancy.
	Fix things by adding a fuzz factor, and silently clamp current down to
	maximum in that case, rather than failing to reparse XML for an existing
	VM.  From a practical standpoint, this has no user impact: 'virsh
	dumpxml' will continue to query the running guest rather than rely on
	the incoming xml, which will see the currect current value, and even if
	clamping down occurs during parsing, it will be by at most the fuzz
	factor of a megabyte alignment, and rounded back up when passed back to
	the hypervisor.
	Meanwhile, we continue to reject cur > max if the difference is beyond
	the fuzz factor of nearest megabyte.  But this is not a real change in
	behavior, since with 0.9.10, even though the parser allowed it, later
	in the processing stream we would reject it at the qemu layer; so
	rejecting it in the parser just moves error detection to a nicer place.
	* src/conf/domain_conf.c (virDomainDefParseXML): Don't reject
	existing XML.
	Based on a report by Zhou Peng.

	qemu: reflect any memory rounding back to xml
	If we round up a user's memory request, we should update the XML
	to reflect the actual value in use by the VM, rather than giving
	an artificially small value back to the user.
	* src/qemu/qemu_command.c (qemuBuildNumaArgStr)
	(qemuBuildCommandLine): Reflect rounding back to XML.

	python: improve conversion validation
	Laszlo Ersek pointed out that in trying to convert a long to an
	unsigned int, we used:
	long long_val = ...;
	if ((unsigned int)long_val == long_val)
	According to C99 integer promotion rules, the if statement is
	equivalent to:
	(unsigned long)(unsigned int)long_val == (unsigned long)long_val
	since you get an unsigned comparison if at least one side is
	unsigned, using the largest rank of the two sides; but on 32-bit
	platforms, where unsigned long and unsigned int are the same size,
	this comparison is always true and ends up converting negative
	long_val into posigive unsigned int values, rather than rejecting
	the negative value as we had originally intended (python longs
	are unbounded size, and we don't want to do silent modulo
	arithmetic when converting to C code).
	Fix this by using direct comparisons, rather than casting.
	* python/typewrappers.c (libvirt_intUnwrap, libvirt_uintUnwrap)
	(libvirt_ulongUnwrap, libvirt_ulonglongUnwrap): Fix conversion
	checks.

2012-03-31  Daniel P. Berrange  <berrange@redhat.com>

	Fix client only RPM build & other misc RPM problems
	* libvirt.spec.in: Remove obsolete --with-remote-pid-file arg.
	  Add missing %{without_libxl} statement. Fix handling of docs
	  in client only build. Put systemtap files in -client RPM
	  instead of -daemon RPM
	* examples/xml/nwfilter/Makefile.am: Don't install examples if
	  nwfilter is disabled.

	Refactor the libvirt RPM daemon pieces
	There are a number of flaws with our packaging of the libvirtd
	daemon:
	 - Installing 'libvirt' does not install 'qemu-kvm' or 'xen'
	   etc which are required to actually run the hypervisor in
	   question
	 - Installing 'libvirt' pulls in the default configuration
	   files which may not be wanted & cause problems if installed
	   inside a guest
	 - It is not possible to explicitly required all the peices
	   required to manage a specific hypervisor
	This change takes the 'libvirt' RPM and and changes it thus
	 - libvirt: just a virtual package with dep on libvirt-daemon,
	   libvirt-daemon-config-network & libvirt-daemon-config-nwfilter
	 - libvirt-daemon: the libvirt daemon and related pieces
	 - libvirt-daemon-config-network: the default network config
	 - libvirt-daemon-config-nwfilter: the network filter configs
	 - libvirt-docs: the website HTML
	We then introduce some more virtual (empty) packages
	 - libvirt-daemon-qemu: Deps on libvirt-daemon & 'qemu'
	 - libvirt-daemon-kvm: Deps on libvirt-daemon & 'qemu-kvm'
	 - libvirt-daemon-lxc: Deps on libvirt-daemon
	 - libvirt-daemon-uml: Deps on libvirt-daemon
	 - libvirt-daemon-xen: Deps on libvirt-daemon & 'xen'
	 - libvirt-qemu: Deps on libvirt-daemon-qemu & libvirt-daemon-config-{network,nwfilter}
	 - libvirt-kvm: Deps on libvirt-daemon-kvm & libvirt-daemon-config-{network,nwfilter}
	 - libvirt-lxc: Deps on libvirt-daemon-lxc & libvirt-daemon-config-{network,nwfilter}
	 - libvirt-uml: Deps on libvirt-daemon-uml & libvirt-daemon-config-{network,nwfilter}
	 - libvirt-xen: Deps on libvirt-daemon-xen & libvirt-daemon-config-network
	My intent in the future is to turn on the driver modules by
	default, at which time 'libvirt-daemon' will cease to include
	any specific drivers, instead we'll get libvirt-daemon-driver-XXXX
	packages for each driver. The libvirt-daemon-XXX packages will
	then pull in each driver that they require.
	It is recommended that applications required a locally installed
	libvirtd daemon, use either 'Requires: libvirt-daemon-XXXX' or
	'Requires: libvirt-XXX' and *not* "Requires: libvirt-daemon"
	or 'Requires: libvirt'
	* libvirt.spec.in: Refactor RPMs
	* docs/packaging.html.in, docs/sitemap.html.in: Document
	  new RPM split rationale

2012-03-31  Hendrik Schwartke  <hendrik@os-t.de>

	qemu: support live change of the bridge used by a guest network device
	This patch was created to resolve this upstream bug:
	  https://bugzilla.redhat.com/show_bug.cgi?id=784767
	and is at least a partial solution to this RHEL RFE:
	  https://bugzilla.redhat.com/show_bug.cgi?id=805071
	Previously the only attribute of a network device that could be
	modified by virUpdateDeviceFlags() ("virsh update-device") was the
	link state; attempts to change any other attribute would log an error
	and fail.
	This patch adds recognition of a change in bridge device name, and
	supports reconnecting the guest's interface to the new device.
	Standard audit logs for detaching and attaching a network device are
	also generated. Although the current auditing function doesn't log the
	bridge being attached to, this will later be changed in a separate
	patch.

2012-03-31  Eric Blake  <eblake@redhat.com>

	build: fix build on cygwin
	Regression introduced when we changed types in commit 3e2c3d8f6.
	We've done this sort of cleanup before (see commit c685993d7).
	* src/conf/storage_conf.c (virStoragePoolDefFormat)
	(virStorageVolTargetDefFormat): Cast gid_t and uid_t.

	build: fix mingw ssize_t, syntax check
	We are so close to a release that we don't want to pull in a
	gnulib submodule update and risk regressions, since there has
	been a lot of other gnulib churn upstream.  However, there are
	a couple of gnulib issues that are worth fixing in isolation,
	by applying local patches to gnulib.
	There was an upstream gnulib bug in maint.mk that rendered most
	of our syntax checks ineffective (and fixing it flushed out a
	minor bug in our code):
	https://lists.gnu.org/archive/html/bug-gnulib/2012-03/msg00194.html
	There is still an upstream bug where gnulib uses the wrong type
	for ssize_t on mingw; we need the fix now even though it has not
	yet been accepted into gnulib:
	https://lists.gnu.org/archive/html/bug-gnulib/2012-03/msg00188.html
	* gnulib/local/top/maint.mk.diff: Pick up upstream gnulib
	maint.mk.
	* gnulib/local/m4/ssize_t.m4.diff: Work around gnulib bug.
	* src/libvirt.c: Remove unused header.
	* cfg.mk
	(exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF): Exempt
	gnulib local files.

2012-03-31  Laine Stump  <laine@laine.org>

	qemu: eliminate nested switch, simplify code
	qemuBuildHostNetStr had a switch-within-a-switch where both were
	looking at the same variable. This was apparently to take advantage of
	code common to three different cases (while also taking care of some
	code that was different). However, there were only 2 lines common to
	all, one of those can be eliminated by merging it into the
	virAsprintfs that are in each case. On top of that, all the extra
	empty cases cause Coverity complaints (because they are unreachable),
	but absence of the empty cases causes a compile error due to
	"enumeration value not handled in switch".
	The solution is to just make each toplevel case independent, folding
	in the common code to each.

	Revert "Set default name for SPICE agent channel"
	This patch reverts commit b0e2bb3. Its functionality has been replaced
	by commit 3269ee6.

	qemu: set default name for SPICE agent channel when generating command
	commit b0e2bb33 set a default value for the SPICE agent channel by
	inserting it during parsing of the channel XML. That method of setting
	a default is problematic because it makes a format/parse roundtrip
	unclean, and experience with setting other values as a side effect of
	parsing has led to headaches (e.g. automatically setting a MAC address
	in the parser when one isn't specified in the input XML).
	This patch does not revert commit b0e2bb33 (it will be reverted in a
	separate patch) but adds the alternate implementation of simply
	inserting the default value in the appropriate place on the qemu
	commandline when no value is provided.

2012-03-31  Michal Privoznik  <mprivozn@redhat.com>

	qemu_agent: Issue guest-sync prior to every command
	If we issue guest command and GA is not running, the issuing thread
	will block endlessly. We can check for GA presence by issuing
	guest-sync with unique ID (timestamp). We don't want to issue real
	command as even if GA is not running, once it is started, it process
	all commands written to GA socket.

2012-03-30  Michal Privoznik  <mprivozn@redhat.com>

	virnetdevtap: Don't check for flags in virNetDevTapCreateFlags
	With latest gnulib we are checking even the lowest level functions
	whether they check flags. Moreover, we are shadowing the real error
	on system without TUNSETIFF support.

2012-03-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in previous patch
	* src/remote/remote_driver.c: s/sizeof(ret)2/sizeof(ret2)/

	Consistent style for usage of sizeof operator
	The code is splattered with a mix of
	  sizeof foo
	  sizeof (foo)
	  sizeof(foo)
	Standardize on sizeof(foo) and add a syntax check rule to
	enforce it

	Disable build of commandhelper & ssh on Win32
	The commandhelper.c & ssh.c programs rely on various APIs not present
	on Win32. Disable them, since the tests that uses these helpers are
	already disabled
	* tests/commandhelper.c, tests/ssh.c: Disable on WIN32

	Don't redefine the CPU comparison constants in CPU test
	Defining an enum with names like "ERROR" causes  a world of
	hurt on Win32 whose headers have such symbol names already
	* tests/cputest.c: Remove redefinition of CPU constants

	Fix some format specifiers for size_t vs ssize_t
	A handful of places used %zd for format specifiers even
	though the args was size_t, not ssize_t.
	* src/remote/remote_driver.c, src/util/xml.c: s/%zd/%zu/

2012-03-30  Alex Jia  <ajia@redhat.com>

	conf: Prevent crash of libvirtd without channel target name
	* src/conf/domain_conf.c (virDomainChannelDefCheckABIStability): avoid
	  crashing libvirtd due to derefing a NULL pointer.
	For details, please see bug:
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=808371

2012-03-30  Wen Congyang  <wency@cn.fujitsu.com>

	fix a deadlock when qemu cannot start
	When qemu cannot start, we may call qemuProcessStop() twice.
	We have check whether the vm is running at the beginning of
	qemuProcessStop() to avoid libvirt deadlock. We call
	qemuProcessStop() with driver and vm locked. It seems that
	we can avoid libvirt deadlock. But unfortunately we may
	unlock driver and vm in the function qemuProcessKill() while
	vm->def->id is not -1. So qemuProcessStop() will be run twice,
	and monitor will be freed unexpectedly. So we should set
	vm->def->id to -1 at the beginning of qemuProcessStop().

2012-03-30  Eric Blake  <eblake@redhat.com>

	build: silence recent syntax check violations
	An upstream gnulib bug[1] meant that some of our syntax checks
	weren't being run.  Fix up our offenders before we upgrade to
	a newer gnulib.
	[1] https://lists.gnu.org/archive/html/bug-gnulib/2012-03/msg00194.html
	* src/util/virnetdevtap.c (virNetDevTapCreate): Use flags.
	* tests/lxcxml2xmltest.c (mymain): Strip useless ().

	build: avoid 'devname' for BSD
	Commit 21b5daa1 was the last time we cleaned this up.
	* tools/virt-host-validate-common.c (virHostValidateDevice):
	Rename local variable.

2012-03-29  Zhou Peng  <ailvpeng25@gmail.com>

	private.syms: Add virNetDevMacVLanRestartWithVPortProfile
	virNetDevMacVLanRestartWithVPortProfile is omitted in src/libvirt_private.syms,
	which causes link err.

2012-03-29  Christian Benvenuti  <benve@cisco.com>

	qemu: Make migration fail when port profile association fails on the dst host
	In the current V3 migration protocol, Libvirt does not
	check the result of the function
	  qemuMigrationVPAssociatePortProfiles
	This means that it is possible for a migration to complete
	successfully even when the VM loses network connectivity on
	the destination host.
	With this change libvirt aborts the migration
	(during the "finish" step) when the above function fails, that
	is to say when at least one of the port profile associations fails.
	Signed-off by: Christian Benvenuti <benve@cisco.com>

2012-03-29  Christophe Fergeau  <cfergeau@redhat.com>

	Set default name for SPICE agent channel
	libvirt documentation for channels with type 'spicevmc' says that the
	'target' child node has:
	"an optional attribute name controls how the guest will have access
	 to the channel, and defaults to name='com.redhat.spice.0'."
	However, this default value is never set in libvirt code base,
	there's only a check in qemu_command.c to error out if the name
	attribute doesn't have the expected value (if it's set).
	This commit sets a default target name for spicevmc channels during
	the domain configuration parsing so that the code agrees with the
	documentation.

2012-03-28  Alex Jia  <ajia@redhat.com>

	virsh: plug memory leaks on failure path
	Leaks are introduced in commit 1cf0e3d and fe383bb.
	Fixing memory leaks, in addition, the patch also fixes a potential missing
	return value issue in 'if (from)' statement, without the fixing, although
	the programming met a error, the subsequent codes will be executed
	continually.
	* tools/virsh.c (cmdSnapshotList): fix memory leaks and missing return value.
	* How to reproduce?
	% virsh snapshot-list <domain> --parent --roots
	% virsh snapshot-list <domain> --parent --tree
	% virsh snapshot-list <domain> --roots --tree
	actual result:
	error: --parent and --roots are mutually exclusive
	error: Failed to disconnect from the hypervisor, 1 leaked reference(s)
	error: --parent and --tree are mutually exclusive
	error: Failed to disconnect from the hypervisor, 1 leaked reference(s)
	error: --roots and --tree are mutually exclusive
	error: Failed to disconnect from the hypervisor, 1 leaked reference(s)
	% virsh snapshot-create-as <domain> --name "hello"
	% virsh snapshot-create-as <domain> --name "libvirt"
	% virsh snapshot-list <domain> --roots --from "hello"
	actual result:
	error: --roots and --from are mutually exclusive
	 Name                 Creation Time             State
	------------------------------------------------------------
	 libvirt              2012-03-28 13:46:51 +0800 running

2012-03-28  Guannan Ren  <gren@redhat.com>

	python: make python APIs use these helper functions
	    *setPyVirTypedParameter
	    *libvirt_virDomainGetCPUStats

	python: Add new helper functions for python to C integral conversion
	    int libvirt_intUnwrap(PyObject *obj, int *val);
	    int libvirt_uintUnwrap(PyObject *obj, unsigned int *val);
	    int libvirt_longUnwrap(PyObject *obj, long *val);
	    int libvirt_ulongUnwrap(PyObject *obj, unsigned long *val);
	    int libvirt_longlongUnwrap(PyObject *obj, long long *val);
	    int libvirt_ulonglongUnwrap(PyObject *obj, unsigned long long *val);
	    int libvirt_doubleUnwrap(PyObject *obj, double *val);
	    int libvirt_boolUnwrap(PyObject *obj, bool *val);

2012-03-28  Eric Blake  <eblake@redhat.com>

	snapshot: fix virsh docs
	Commit d42a2ff forgot to touch up virsh documentation, and commit
	4e9953a mis-spelled the option name.
	* tools/virsh.pod (snapshot-create, snapshot-create-as): Fix typo
	and match recent change in flag meaning.

2012-03-28  Daniel P. Berrange  <berrange@redhat.com>

	Enable all warnings permanently & default to -Werror for GIT builds
	Given that we auto-detect whether each -Wxxxx flag is supported by
	GCC, and we are warning-free and use automake silent rules, there
	is no compelling reason to allow compile warnings to be disabled.
	Replace the --enable-compile-warnings flag with a simpler
	--enable-werror flag, which defaults to 'yes' if building
	from GIT, or 'no' if building from tar.gz
	This helps ensure that everyone writing patches for libvirt will
	take care to fix their warning problems before submitting for
	review
	* autobuild.sh: Force -Werror
	* configure.ac: Update for LIBVIRT_COMPILE_WARNINGS macro change
	* m4/virt-compile-warnings.m4: Permanently enable all warnings,
	  auto-enable Werror for GIT builds

	Enable build of test suite programs by default for GIT checkouts
	Add a new flag '--with-test-suite' to configure to control whether
	the test suite binaries are built by default. ie built with a
	plain 'make', as opposed to delayed until 'make check'
	For builds from tar.gz tests will not be built by default. For
	builds from GIT, tests with be on by default, to try and ensure
	that patch developers don't accidentally break the test suites
	without noticing.
	* configure.ac: Add --with-test-suite
	* tests/Makefile.am: Use noinst_PROGRAMS instead of check_PROGRAMS
	  if building tests by default. Consolidate setting of TESTS and
	  {noinst,check}_PROGRAMS to avoid duplication

2012-03-27  Stef Walter  <stefw@gnome.org>

	Change the default of mdns_adv to false
	 * Don't advertise information on the network without consent of
	   the user, either through manual configuration, or a user
	   interface that drives this option.
	 * Since libvirtd must be configured for network access anyway
	   (for all but ssh), this setting was not useful "out of the box",
	   so changing this default setting does not remove "out of the box"
	   functionality.

2012-03-27  Eric Blake  <eblake@redhat.com>

	snapshot: don't pass NULL to QMP command creation
	Commit d42a2ff caused a regression in creating a disk-only snapshot
	of a qcow2 disk; by passing the wrong variable to the monitor call,
	libvirt ended up creating JSON that looked like "format":null instead
	of the intended "format":"qcow2".
	To make it easier to diagnose this in the future, make JSON creation
	error out if "s:arg" is paired with NULL (it is still possible to
	use "n:arg" in the rare cases where qemu will accept a null).
	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive): Pass correct value.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMakeCommandRaw):
	Improve error message.

2012-03-27  Daniel P. Berrange  <berrange@redhat.com>

	Add LXC XML files to schema test & fix problems this uncovers
	* docs/schemas/domaincommon.rng: Add missing lxc & openvz
	  console target types. Allow arch on LXC <os> type element
	* tests/domainschematest: Include tests/lxcxml2xmldata/

	Add support for setting init argv for LXC
	Pass argv to the init binary of LXC, using a new <initarg> element.
	* docs/formatdomain.html.in: Document <os> usage for containers
	* docs/schemas/domaincommon.rng: Add <initarg> element
	* src/conf/domain_conf.c, src/conf/domain_conf.h: parsing and
	  formatting of <initarg>
	* src/lxc/lxc_container.c: Setup LXC argv
	* tests/Makefile.am, tests/lxcxml2xmldata/lxc-systemd.xml,
	  tests/lxcxml2xmltest.c, tests/testutilslxc.c,
	  tests/testutilslxc.h: Test parsing/formatting of LXC related
	  XML parts

	Detect location fo selinux mount point
	The SELinux mount point moved from /selinux to /sys/fs/selinux
	when systemd came along.
	* configure.ac: Probe for SELinux mount point
	* src/lxc/lxc_container.c: Use SELinux mount point determined
	  by configure.ac

	Expand docs for timer tick policy

2012-03-27  D. Herrendoerfer  <d.herrendoerfer@herrendoerfer.name>

	qemu,util: on restart of libvirt restart vepa callbacks
	When libvirtd is restarted, also restart the netlink event
	message callbacks for existing VEPA connections and send
	a message to lldpad for these existing links, so it learns
	the new libvirtd pid.

2012-03-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid entering monitor with locked driver
	This avoids possible deadlock of the qemu driver in case a domain is
	begin migrated (in Begin phase) and unrelated connection to qemu driver
	is closed at the right time.
	I checked all callers of qemuDomainCheckEjectableMedia() and they are
	calling this function with qemu driver locked.

2012-03-27  Laine Stump  <laine@laine.org>

	build: fix "missing initializer" error in qemu_process.c
	Found when attempting to build on Fedora 17 alpha with:
	   ./autogen.sh --system --enable-compile-warnings=error
	(this same build command works without problem on Fedora 16). Since
	the consumer of the qemuProcessReconnectData doesn't assume that the
	other fields of the struct are initialized (although it uses them
	internally), the simpler solution is to just switch to C99-style
	struct initialization (which doesn't require specification of all
	fields).

	build: fix "missing initializer" errors in virsh.c
	Found when attempting to build on Fedora 17 alpha with:
	   ./autogen.sh --system --enable-compile-warnings=error
	(this same build command works without problem on Fedora 16). All
	other struct initializers for this struct have the extra field filled
	in (almost always to 0), so the two errant ones were fixed by adding
	in the extra 0 field.

	build: avoid frame size error when building without -O2
	libvirt always adds -Werror-frame-larger-than=4096 to the flags when
	it builds. When building on Fedora 17, two functions with multiple
	1024 buffers declared inside if {} blocks would generate frame size
	errors; apparently the version of gcc on Fedora 16 will merge these
	multiple buffers into a single buffer even when optimization is off,
	but Fedora 17 won't.
	The fix is to declare a single 1024 buffer at the top of the two
	offending functions, and reuse the single buffer throughout the
	functions.

2012-03-27  Martin Kletzander  <mkletzan@redhat.com>

	Added syntax-check rule for return with parentheses
	After cleanup introduced with previous commit, there is a need for
	syntax-check rule taking care of return(). Regexp used in 'prohibit'
	parameter is taken from the cleanup commit and modified so it fits
	'grep -E' format. Semicolon at the end is needed, otherwise the regexp
	could match return with cast.
	Exception is created for python source files because we don't have any
	documentation restricting the use of return that matches this case.

	Cleanup for a return statement in source files
	Return statements with parameter enclosed in parentheses were modified
	and parentheses were removed. The whole change was scripted, here is how:
	List of files was obtained using this command:
	git grep -l -e '\<return\s*([^()]*\(([^()]*)[^()]*\)*)\s*;' |             \
	grep -e '\.[ch]$' -e '\.py$'
	Found files were modified with this command:
	sed -i -e                                                                 \
	's_^\(.*\<return\)\s*(\(\([^()]*([^()]*)[^()]*\)*\))\s*\(;.*$\)_\1 \2\4_' \
	-e 's_^\(.*\<return\)\s*(\([^()]*\))\s*\(;.*$\)_\1 \2\3_'
	Then checked for nonsense.
	The whole command looks like this:
	git grep -l -e '\<return\s*([^()]*\(([^()]*)[^()]*\)*)\s*;' |             \
	grep -e '\.[ch]$' -e '\.py$' | xargs sed -i -e                            \
	's_^\(.*\<return\)\s*(\(\([^()]*([^()]*)[^()]*\)*\))\s*\(;.*$\)_\1 \2\4_' \
	-e 's_^\(.*\<return\)\s*(\([^()]*\))\s*\(;.*$\)_\1 \2\3_'

2012-03-26  Eric Blake  <eblake@redhat.com>

	Fix and test round-trip of query parameters
	When qparams support was dropped in commit bc1ff160, we forgot
	to add tests to ensure that viruri can do the same round trip
	handling of a URI. This round trip was broken, due to use
	of the old 'query' field of xmlUriPtr, instead of the new
	'query_raw'
	Also, we forgot to report an OOM error.
	* tests/viruritest.c (mymain): Add tests based on just-deleted
	qparamtest.
	(testURIParse): Allow difference in input and expected output.
	* src/util/viruri.c (virURIFormat): Add missing error. Use
	  query_raw, instead of query for xmlUriPtr object.

2012-03-24  Osier Yang  <jyang@redhat.com>

	spec: Add missed dependancy for numad
	numad is available since Fedora 17 and RHEL6.X. And it's not supported
	on s390[x] and ARM.

2012-03-24  Eric Blake  <eblake@redhat.com>

	snapshot: improve qemu handling of reused snapshot targets
	The oVirt developers have stated that the real reasons they want
	to have qemu reuse existing volumes when creating a snapshot are:
	1. the management framework is set up so that creation has to be
	done from a central node for proper resource tracking, and having
	libvirt and/or qemu create things violates the framework, and
	2. qemu defaults to creating snapshots with an absolute path to
	the backing file, but oVirt wants to manage a backing chain that
	uses just relative names, to allow for easier migration of a chain
	across storage locations.
	When 0.9.10 added VIR_DOMAIN_SNAPSHOT_CREATE_REUSE_EXT (commit
	4e9953a4), it only addressed point 1, but libvirt was still using
	O_TRUNC which violates point 2.  Meanwhile, the new qemu
	'transaction' monitor command includes a new optional mode argument
	that will force qemu to reuse the metadata of the file it just
	opened (with the burden on the caller to have valid metadata there
	in the first place).  So, this tweaks the meaning of the flag to
	cover both points as intended for use by oVirt.  It is not strictly
	backward-compatible to 0.9.10 behavior, but it can be argued that
	the O_TRUNC of 0.9.10 was a bug.
	Note that this flag is all-or-nothing, and only selects between
	'existing' and the default 'absolute-paths'.  A more flexible
	approach that would allow per-disk selections, as well as adding
	support for the 'no-backing-file' mode, would be possible by
	extending the <domainsnapshot> xml to have a per-disk mode, but
	until we have a management application expressing a need for that
	additional complexity, it is not worth doing.
	* src/libvirt.c (virDomainSnapshotCreateXML): Tweak documentation.
	* src/qemu/qemu_monitor.h (qemuMonitorDiskSnapshot): Add
	parameters.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDiskSnapshot):
	Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorDiskSnapshot): Pass them
	through.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskSnapshot): Use
	new monitor command arguments.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive)
	(qemuDomainSnapshotCreateSingleDiskActive): Adjust callers.
	(qemuDomainSnapshotDiskPrepare): Allow qed, modify rules on reuse.

	snapshot: wire up qemu transaction command
	The hardest part about adding transactions is not using the new
	monitor command, but undoing the partial changes we made prior
	to a failed transaction.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive): Use
	transaction when available.
	(qemuDomainSnapshotUndoSingleDiskActive): New function.
	(qemuDomainSnapshotCreateSingleDiskActive): Pass through actions.
	(qemuDomainSnapshotCreateXML): Adjust caller.

	snapshot: add support for qemu transaction command
	QEmu 1.1 is adding a 'transaction' command to the JSON monitor.
	Each element of a transaction corresponds to a top-level command,
	with the additional guarantee that the transaction flushes all
	pending I/O, then guarantees that all actions will be successful
	as a group or that failure will roll back the state to what it
	was before the monitor command.  The difference between a
	top-level command:
	{ "execute": "blockdev-snapshot-sync", "arguments":
	  { "device": "virtio0", ... } }
	and a transaction:
	{ "execute": "transaction", "arguments":
	  { "actions": [
	    { "type": "blockdev-snapshot-sync", "data":
	      { "device": "virtio0", ... } } ] } }
	is just a couple of changed key names and nesting the shorter
	command inside a JSON array to the longer command.  This patch
	just adds the framework; the next patch will actually use a
	transaction.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMakeCommand): Move
	guts...
	(qemuMonitorJSONMakeCommandRaw): ...into new helper.  Add support
	for array element.
	(qemuMonitorJSONTransaction): New command.
	(qemuMonitorJSONDiskSnapshot): Support use in a transaction.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDiskSnapshot): Add
	argument.
	(qemuMonitorJSONTransaction): New declaration.
	* src/qemu/qemu_monitor.h (qemuMonitorTransaction): Likewise.
	(qemuMonitorDiskSnapshot): Add argument.
	* src/qemu/qemu_monitor.c (qemuMonitorTransaction): New wrapper.
	(qemuMonitorDiskSnapshot): Pass argument on.
	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive): Update caller.

	snapshot: rudimentary qemu support for atomic disk snapshot
	Taking an external snapshot of just one disk is atomic, without having
	to pause and resume the VM.  This also paves the way for later patches
	to interact with the new qemu 'transaction' monitor command.
	The various scenarios when requesting atomic are:
	online, 1 disk, old qemu - safe, allowed by this patch
	online, more than 1 disk, old qemu - failure, this patch
	offline snapshot - safe, once a future patch implements offline disk snapshot
	online, 1 or more disks, new qemu - safe, once future patch uses transaction
	Taking an online system checkpoint snapshot is atomic, since it is
	done via a single 'savevm' monitor command.  Taking an offline system
	checkpoint snapshot is atomic, thanks to the previous patch.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Support
	new flag for single-disk setups.
	(qemuDomainSnapshotDiskPrepare): Check for atomic here.
	(qemuDomainSnapshotCreateDiskActive): Skip pausing the VM when
	atomic supported.
	(qemuDomainSnapshotIsAllowed): Use bool instead of int.

	snapshot: make offline qemu snapshots atomic
	Offline internal snapshots can be rolled back with just a little
	bit of refactoring, meaning that we are now automatically atomic.
	* src/qemu/qemu_domain.c (qemuDomainSnapshotForEachQcow2): Move
	guts...
	(qemuDomainSnapshotForEachQcow2Raw): ...to new helper, to allow
	rollbacks.

	snapshot: add atomic create flag
	Right now, it is appallingly easy to cause qemu disk snapshots
	to alter a domain then fail; for example, by requesting a two-disk
	snapshot where the second disk name resides on read-only storage.
	In this failure scenario, libvirt reports failure, but modifies
	the live domain XML in-place to record that the first disk snapshot
	was taken; and places a difficult burden on the management app
	to grab the XML and reparse it to see which disks, if any, were
	altered by the partial snapshot.
	This patch adds a new flag where implementations can request that
	the hypervisor make snapshots atomically; either no changes to
	XML occur, or all disks were altered as a group.  If you request
	the flag, you either get outright failure up front, or you take
	advantage of hypervisor abilities to make an atomic snapshot. Of
	course, drivers should prefer the atomic means even without the
	flag explicitly requested.
	There's no way to make snapshots 100% bulletproof - even if the
	hypervisor does it perfectly atomic, we could run out of memory
	during the followup tasks of updating our in-memory XML, and report
	a failure.  However, these sorts of catastrophic failures are rare
	and unlikely, and it is still nicer to know that either all
	snapshots happened or none of them, as that is an easier state to
	recover from.
	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_CREATE_ATOMIC): New flag.
	* src/libvirt.c (virDomainSnapshotCreateXML): Document it.
	* tools/virsh.c (cmdSnapshotCreate, cmdSnapshotCreateAs): Expose it.
	* tools/virsh.pod (snapshot-create, snapshot-create-as): Document
	it.

	snapshot: add qemu capability for 'transaction' command
	We need a capability bit to gracefully error out if some of the
	additions in future patches can't be implemented by the running qemu.
	* src/qemu/qemu_capabilities.h (QEMU_CAPS_TRANSACTION): New cap.
	* src/qemu/qemu_capabilities.c (qemuCaps): Name it.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONCheckCommands): Set
	it.

	build: drop obsolete qparams test
	Otherwise, 'make check' breaks since commit bc1ff160 deleted
	qparams.h.  A later patch will ensure that viruri takes over
	what qparams used to do.
	* tests/qparamtest.c (mymain): Delete, now that we have viruri.
	* tests/Makefile.am (check_PROGRAMS, TESTS, qparamtest_SOURCES):
	Delete old test.
	* .gitignore: Add recent test additions.

	build: fix incorrect enum declaration
	Recent changes have caused build failures on systems where pdwtags works:
	commit a26a196 mistakenly exported a public variable
	commits a26a196, 57ddcc2, 487c063 all had copy-paste bugs in
	hand-updating the golden API rather than rerunning pdwtags
	* include/libvirt/libvirt.h.in (virDomainEventTrayChangeReason):
	Make this a typedef, not external storage.
	* src/remote_protocol-structs (remote_procedure): Fix spelling.

2012-03-24  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Add qemu support for ppc64 on FC16 or above for rpm packaging
	On Fedora16 or above, qemu is supported now. So it is added
	in rpm packaging.

2012-03-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo s/virURIFormatQuery/virURIFormatParams/

2012-03-23  Osier Yang  <jyang@redhat.com>

	qemu: Update domain status to running while wakeup event is emitted
	This introduces a new running reason VIR_DOMAIN_RUNNING_WAKEUP,
	and new suspend event type VIR_DOMAIN_EVENT_STARTED_WAKEUP.
	While a wakeup event is emitted, the domain which entered into
	VIR_DOMAIN_PMSUSPENDED will be transferred to "running"
	with reason VIR_DOMAIN_RUNNING_WAKEUP, and a new domain lifecycle
	event emitted with type VIR_DOMAIN_EVENT_STARTED_WAKEUP.

	qemu: Update domain state to pmsuspended while suspend event occurs

	New domain state pmsuspended
	This introduces a new domain state pmsuspended to represent
	the domain which has been suspended by guest power management,
	e.g. (entered itno s3 state). Because a "running" state could
	be confused in this case, one will see the guest is paused
	actually while playing. And state "paused" is for the domain
	which was paused by virDomainSuspend.

	Add support for the suspend event
	This patch introduces a new event type for the QMP event
	SUSPEND:
	    VIR_DOMAIN_EVENT_ID_PMSUSPEND
	The event doesn't take any data, but considering there might
	be reason for wakeup in future, the callback definition is:
	typedef void
	(*virConnectDomainEventSuspendCallback)(virConnectPtr conn,
	                                        virDomainPtr dom,
	                                        int reason,
	                                        void *opaque);
	"reason" is unused currently, always passes "0".

	Add support for the wakeup event
	This patch introduces a new event type for the QMP event
	WAKEUP:
	    VIR_DOMAIN_EVENT_ID_PMWAKEUP
	The event doesn't take any data, but considering there might
	be reason for wakeup in future, the callback definition is:
	typedef void
	(*virConnectDomainEventWakeupCallback)(virConnectPtr conn,
	                                       virDomainPtr dom,
	                                       int reason,
	                                       void *opaque);
	"reason" is unused currently, always passes "0".

	qemu: Update tray status while tray moved event is emitted
	With this patch, libvirt won't start the guest with the medium
	source which already ejected by guest when doing migration, or
	saving/restoring.

	qemu: Prohibit setting tray status as open for block type disk

	qemu: Do not start with source for removable disks if tray is open
	This is similiar with physical world, one will be surprised if the
	box starts with medium exists while the tray is open.
	New tests are added, tests disk-{cdrom,floppy}-tray are for the qemu
	supports "-device" flag, and disk-{cdrom,floppy}-no-device-cap are
	for old qemu, i.e. which doesn't support "-device" flag.

	conf: Parse and for the tray attribute
	The "tray" is only allowed for removable disks, i.e. CDROM and
	Floppy disks.

	docs: Add documentation for new attribute tray of disk target
	Example XML:
	    <disk type='file' device='cdrom'>
	      <driver name='qemu' type='raw'/>
	      <source file='/tmp/cdrom.img'/>
	      <target dev='hdd' bus='ide' tray='open'/>
	    </disk>

	Add support for event tray moved of removable disks
	This patch introduces a new event type for the QMP event
	DEVICE_TRAY_MOVED, which occurs when the tray of a removable
	disk is moved (i.e opened or closed):
	    VIR_DOMAIN_EVENT_ID_TRAY_CHANGE
	The event's data includes the device alias and the reason
	for tray status' changing, which indicates why the tray
	status was changed. Thus the callback definition for the event
	is:
	enum {
	    VIR_DOMAIN_EVENT_TRAY_CHANGE_OPEN = 0,
	    VIR_DOMAIN_EVENT_TRAY_CHANGE_CLOSE,
	\#ifdef VIR_ENUM_SENTINELS
	    VIR_DOMAIN_EVENT_TRAY_CHANGE_LAST
	\#endif
	} virDomainEventTrayChangeReason;
	typedef void
	(*virConnectDomainEventTrayChangeCallback)(virConnectPtr conn,
	                                           virDomainPtr dom,
	                                           const char *devAlias,
	                                           int reason,
	                                           void *opaque);

2012-03-23  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Implement sysinfo on PowerPC.
	Libvirt on x86 parses 'dmidecode' to gather characteristics of host
	system. On PowerPC, this is now implemented by reading /proc/cpuinfo
	NOTE: memory-DIMM information is not presently implemented.
	Acked-by: Daniel Veillard <veillard@redhat.com>
	Acked-by: Daniel P Berrange <berrange@redhat.com>

2012-03-23  Daniel P. Berrange  <berrange@redhat.com>

	Lookup auth credentials in config file before prompting
	When SASL requests auth credentials, try to look them up in the
	config file first. If any are found, remove them from the list
	that the user is prompted for

	Refactor code prompting for SASL credentials
	SASL may prompt for credentials after either a 'start' or 'step'
	invocation. In both cases the code to handle this is the same.
	Refactor this code into a separate method to reduce the duplication,
	since the complexity is about to grow
	* src/remote/remote_driver.c: Refactor interaction with SASL

	Add helper API for finding auth file path
	* src/util/virauth.c, src/util/virauth.h: Add virAuthGetConfigFilePath
	* include/libvirt/virterror.h, src/util/virterror.c: Add
	  VIR_FROM_AUTH error domain

	Rename virRequest{Username,Password} to virAuthGet{Username,Password}
	Ensure that the functions in virauth.h have names matching the file
	prefix, by renaming  virRequest{Username,Password} to
	virAuthGet{Username,Password}

	Rename src/util/authhelper.[ch] to src/util/virauth.[ch]
	To follow latest naming conventions, rename src/util/authhelper.[ch]
	to src/util/virauth.[ch].
	* src/util/authhelper.[ch]: Rename to src/util/virauth.[ch]
	* src/esx/esx_driver.c, src/hyperv/hyperv_driver.c,
	  src/phyp/phyp_driver.c, src/xenapi/xenapi_driver.c: Update
	  for renamed include files

	Add a virKeyfilePtr object for parsing '.ini' files
	The '.ini' file format is a useful alternative to the existing
	config file style, when you need to have config files which
	are hashes of hashes. The 'virKeyFilePtr' object provides a
	way to parse these file types.
	* src/Makefile.am, src/util/virkeyfile.c,
	  src/util/virkeyfile.h: Add .ini file parser
	* tests/Makefile.am, tests/virkeyfiletest.c: Test
	  basic parsing capabilities

	Convert drivers over to use virURIPtr for query params
	Convert drivers currently using the qparams APIs, to instead
	use the virURIPtr query parameters directly.
	* src/esx/esx_util.c, src/hyperv/hyperv_util.c,
	  src/remote/remote_driver.c, src/xenapi/xenapi_utils.c: Remove
	  use of qparams
	* src/util/qparams.h, src/util/qparams.c: Delete
	* src/Makefile.am, src/libvirt_private.syms: Remove qparams

	Store parsed query parameters directly in the virURIPtr struct
	Avoid the need for each driver to parse query parameters itself
	by storing them directly in the virURIPtr struct. The parsing
	code is a copy of that from src/util/qparams.c  The latter will
	be removed in a later patch
	* src/util/viruri.h: Add query params to virURIPtr
	* src/util/viruri.c: Parse query parameters when creating virURIPtr
	* tests/viruritest.c: Expand test to cover params

	Use a libvirt custom struct for virURIPtr
	Instead of just typedef'ing the xmlURIPtr struct for virURIPtr,
	use a custom libvirt struct. This allows us to fix various
	problems with libxml2. This initially just fixes the query vs
	query_raw handling problems.

	Centralize error reporting for URI parsing/formatting problems
	Move error reporting out of the callers, into virURIParse
	and virURIFormat, to get consistency.
	* include/libvirt/virterror.h, src/util/virterror.c: Add VIR_FROM_URI
	* src/util/viruri.c, src/util/viruri.h: Add error reporting
	* src/esx/esx_driver.c, src/libvirt.c, src/libxl/libxl_driver.c,
	  src/lxc/lxc_driver.c, src/openvz/openvz_driver.c,
	  src/qemu/qemu_driver.c, src/qemu/qemu_migration.c,
	  src/remote/remote_driver.c, src/uml/uml_driver.c,
	  src/vbox/vbox_tmpl.c, src/vmx/vmx.c, src/xen/xen_driver.c,
	  src/xen/xend_internal.c, tests/viruritest.c: Remove error
	  reporting

	s/xmlURIPtr/virURIPtr/ in virURIFormat impl
	The parameter in the virURIFormat impl mistakenly used the
	xmlURIPtr type, instead of virURIPtr. Since they will soon
	cease to be identical, this needs fixing

	Use virURIFree instead of xmlFreeURI
	Since we defined a custom virURIPtr type, we should use a
	virURIFree method instead of assuming it will always be
	a typedef for xmlURIPtr
	* src/util/viruri.c, src/util/viruri.h, src/libvirt_private.syms:
	  Add a virURIFree method
	* src/datatypes.c, src/esx/esx_driver.c, src/libvirt.c,
	  src/qemu/qemu_migration.c, src/vmx/vmx.c, src/xen/xend_internal.c,
	  tests/viruritest.c: s/xmlFreeURI/virURIFree/

	Add test case for virURIPtr classs
	To ensure we properly escape & unescape IPv6 numeric addresses,
	add a test case
	* tests/Makefile.am, tests/viruritest.c: URI parsing test

	Leave all child processes running when stopping systemd service
	Currently the libvirt.service unit file for systemd does not
	specify any kill mode. So systemd kills off every process
	inside its cgroup. ie all dnsmasq processes, all virtual
	machines. This obviously not what we want. Set KillMode=process
	so that it only kills the top level process of libvirtd
	* daemon/libvirtd.service.in: Add KillMode=process
	Reported-By: Mark McLoughlin <markmc@redhat.com>

2012-03-23  Dave Allan  <dallan@redhat.com>

	Clarify virsh freecell manpage entry

2012-03-23  Zhou Peng  <ailvpeng25@gmail.com>

	docs: fix typo
	Bogus <code/>, and incorrect use of it's instead of its.

2012-03-23  Dave Allan  <dallan@redhat.com>

	Clarify what documentation is being referenced
	virsh.pod had several instances in which it referred to "the
	documentation" which was a little puzzling to me since it is
	documentation.  Reading the document from end to end makes it clear
	that it means a specific URI which was noted previously in the text,
	but I had never noticed those URIs in several years of referring to
	the man page.  This patch adds those URIs to several additional places
	in the text.

2012-03-22  Guannan Ren  <gren@redhat.com>

	python: add virDomainGetCPUStats python binding API
	    dom.getCPUStats(True, 0)
	      [{'cpu_time': 24699446159L, 'system_time': 10870000000L, 'user_time': 950000000L}]
	    dom.getCPUStats(False, 0)
	      [{'cpu_time': 8535292289L}, {'cpu_time': 1005395355L}, {'cpu_time': 9351766377L}, {'cpu_time': 5813545649L}]
	    *generator.py Add a new naming rule
	    *libvirt-override-api.xml The API function description
	    *libvirt-override.c Implement it.

2012-03-22  Alex Jia  <ajia@redhat.com>

	python: Avoid memory leaks on libvirt_virNodeGetCPUStats
	Detected by valgrind. Leaks are introduced in commit 4955602.
	* python/libvirt-override.c (libvirt_virNodeGetCPUStats): fix memory leaks
	and improve codes return value.
	For details, please see the following link:
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=770943

2012-03-22  Eric Blake  <eblake@redhat.com>

	build: drop a painfully long gnulib test
	On machines with massive amounts of CPUs, the gnulib 'test-lock'
	could take minutes, or even appear to deadlock, because of poor
	scaling of timing interactions between multiple cores.
	See https://bugzilla.redhat.com/show_bug.cgi?id=797284.
	For precedence, note that iwhd has done the same:
	https://lists.gnu.org/archive/html/bug-gnulib/2012-01/msg00311.html
	We can re-enable things if gnulib ever analyzes and improves the
	situation.
	* bootstrap.conf (gnulib_tool_option_extras): Avoid lock-tests.

2012-03-22  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid dangling migration-out job when client dies
	When a client which started non-p2p migration dies in a bad time, the
	source libvirtd never clears the migration job and almost nothing can be
	done with the domain without restarting the daemon. This patch makes use
	of connection close callbacks and ensures that migration job is properly
	discarded when the client disconnects.

	qemu: Make autodestroy utilize connection close callbacks

	qemu: Add connection close callbacks
	Add support for registering arbitrary callback to be called for a domain
	when a connection gets closed.

	qemu: Avoid dangling migration-in job on shutoff domains
	Destination daemon should not rely on the client or source daemon
	(depending on the type of migration) to call Finish when migration
	fails, because the client may crash before it can do so. The domain
	prepared for incoming migration is set to be destroyed (and migration
	job cleaned up) when connection with the client closes but this is not
	enough. If the associated qemu process crashes after Prepare step and
	the domain is cleaned up before the connection gets closed, autodestroy
	is not called for the domain and migration jobs remains set. In case the
	domain is defined on destination host (i.e., it is not completely
	removed once destroyed) we keep the job set for ever. To fix this, we
	register a cleanup callback which is responsible to clean migration-in
	job when a domain dies anywhere between Prepare and Finish steps. Note
	that we can't blindly clean any job when spotting EOF on monitor since
	normally an API is running at that time.

	qemu: Add support for domain cleanup callbacks
	Add support for registering cleanup callbacks to be run when a domain
	transitions to shutoff state.

	qemu: Use unlimited speed when migrating to file
	This reverts commit 61f2b6ba5fdef0613d6351b99913b5ef468144ce and most of
	commit d8916dc8e2f612ab3ce46f32c4bfeb0bd73f6007, which effectively
	brings back commit ef1065cf5acad13767c054758cbe7f4e8af5d241 written by
	Jim Fehlig:
	The qemu migration speed default is 32MiB/s as defined in migration.c
	/* Migration speed throttling */
	static int64_t max_throttle = (32 << 20);
	There's no need to throttle migration when targeting a file, so set
	migration speed to unlimited prior to migration, and restore to libvirt
	default value after migration.
	Default units is MB for migrate_set_speed monitor command, so
	(INT64_MAX / (1024 * 1024)) is used for unlimited migration speed.
	This was reverted because migration to file could not be canceled and
	even monitored since qemu was not processing any monitor commands until
	the migration finished. This is now different as we make sure the
	file descriptor we pass to qemu is able to properly report EAGAIN.
	Recent qemu changes might have helped as well.
	I tested managedsave with this patch in and indeed, it is 10x faster
	while I can still monitor its progress.

2012-03-21  Alex Jia  <ajia@redhat.com>

	python: Avoid memory leaks on libvirt_virNodeGetMemoryStats
	Detected by valgrind. Leaks are introduced in commit 17c7795.
	* python/libvirt-override.c (libvirt_virNodeGetMemoryStats): fix memory leaks
	and improve codes return value.
	For details, please see the following link:
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=770944

2012-03-21  Eric Blake  <eblake@redhat.com>

	python: always include config.h first
	On RHEL 5.7, I got this compilation failure:
	In file included from /usr/include/python2.4/pyport.h:98,
	                 from /usr/include/python2.4/Python.h:55,
	                 from libvirt.c:3:
	../gnulib/lib/time.h:468: error: expected ';', ',' or ')' before '__timer'
	Turns out that our '#define restrict __restrict' from config.h wasn't
	being picked up.  Gnulib _requires_ that all .c files include <config.h>
	first, otherwise the gnulib header overrides tend to misbehave.
	Problem introduced by patch c700613b8.
	* python/generator.py (buildStubs): Include <config.h> first.

2012-03-20  Martin Kletzander  <mkletzan@redhat.com>

	Minor docs fix
	End tag for "host" element was missing in example configuration

2012-03-20  Laine Stump  <laine@laine.org>

	conf: forbid use of multicast mac addresses
	A few times libvirt users manually setting mac addresses have
	complained of a networking failure that ends up being due to a multicast
	mac address being used for a guest interface. This patch prevents that
	by logging an error and failing if a multicast mac address is
	encountered in each of the three following cases:
	1) domain xml <interface> mac address.
	2) network xml bridge mac address.
	3) network xml dhcp/host mac address.
	There are several other places where a mac address can be input that
	aren't controlled in this manner because failure to do so has no
	consequences (e.g., if the address will be used to search through
	existing interfaces for a match).
	The RNG has been updated to add multiMacAddr and uniMacAddr along with
	the existing macAddr, and macAddr was switched to uniMacAddr where
	appropriate.

	conf: return immediately on error in dhcp host element
	If an error was encountered parsing a dhcp host entry mac address or
	name, parsing would continue and log a less descriptive error that
	might make it more difficult to notice the true nature of the problem.
	This patch returns immediately on logging the first error.

	util: fail attempts to use same mac address for guest and tap
	This patch is in response to:
	  https://bugzilla.redhat.com/show_bug.cgi?id=798467
	If a guest's tap device is created using the same MAC address the
	guest uses for its own network card (which connects to the tap
	device), the Linux kernel will log the following message and traffic
	will not pass:
	 kernel: vnet9: received packet with own address as source address
	This patch disallows MAC addresses with a first byte of 0xFE, but only in
	the case that the MAC address is used for a guest interface that's
	connected by way of a standard tap device. (In other words, the
	validation is done at runtime at the same place the MAC address is
	modified for the tap device, rather than when mac address is parsed,
	the idea being that it is then we know for sure the address will be
	problematic.)

2012-03-20  Martin Kletzander  <mkletzan@redhat.com>

	Cpu mapping cleanup
	Using inheritance, this patch cleans up the cpu_map.xml file and also
	sorts all CPU features according to the feature and registry
	values. Model features are sorted the same way as foeatures in the
	specification.
	Also few models that are related were organized together and parts of
	the XML are marked with comments

2012-03-20  Eric Blake  <eblake@redhat.com>

	snapshot: make quiesce a bit safer
	If a guest is paused, we were silently ignoring the quiesce flag,
	which results in unclean snapshots, contrary to the intent of the
	flag.  Since we can't quiesce without guest agent support, we should
	instead fail if the guest is not running.
	Meanwhile, if we attempt a quiesce command, but the guest agent
	doesn't respond, and we time out, we may have left the command
	pending on the guest's queue, and when the guest resumes parsing
	commands, it will freeze even though our command is no longer
	around to issue a thaw.  To be safe, we must _always_ pair every
	quiesce call with a counterpart thaw, even if the quiesce call
	failed due to a timeout, so that if a guest wakes up and starts
	processing a command backlog, it will not get stuck in a frozen
	state.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive):
	Always issue thaw after a quiesce, even if quiesce failed.
	(qemuDomainSnapshotFSThaw): Add a parameter.

2012-03-19  Martin Kletzander  <mkletzan@redhat.com>

	virConfGetValue: Fixed NULL pointer check
	This patch fixes a NULL pointer check that was causing SegFault on
	some specific configurations. It also reverts commit 59d0c9801c1ab
	that was checking for this value in one place.

2012-03-17  Eric Blake  <eblake@redhat.com>

	virsh: trim aliases from -h output
	Commit af3f9aab taught 'virsh help' to ignore command aliases,
	but forgot 'virsh -h'.
	* tools/virsh.c (vshUsage): Handle aliases.

2012-03-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of blkio deviceWeight empty string
	A common coding pattern for changing blkio parameters is
	  1. virDomainGetBlkioParameters
	  2. change one or more params
	  3. virDomainSetBlkioParameters
	For this to work, it must be possible to roundtrip through
	the methods without error. Unfortunately virDomainGetBlkioParameters
	will return "" for the deviceWeight parameter for guests by default,
	which virDomainSetBlkioParameters will then reject as invalid.
	This fixes the handling of "" to be a no-op, and also improves the
	error message to tell you what was invalid

2012-03-16  Osier Yang  <jyang@redhat.com>

	remote: Fix migration leaks
	How to reproduce:
	% valgrind -v --leak-check=full virsh migrate mig \
	  qemu+ssh://$dest/system --unsafe
	== 8 bytes in 1 blocks are definitely lost in loss record 1 of 28
	==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==    by 0x3EB7115FB8: xdr_reference (in /lib64/libc-2.12.so)
	==    by 0x3EB7115F10: xdr_pointer (in /lib64/libc-2.12.so)
	==    by 0x4D1EA84: xdr_remote_string (remote_protocol.c:40)
	==    by 0x4D1EAD8: xdr_remote_domain_migrate_prepare3_ret (remote_protocol.c:4772)
	==    by 0x4D2FFD2: virNetMessageDecodePayload (virnetmessage.c:382)
	==    by 0x4D2789C: virNetClientProgramCall (virnetclientprogram.c:382)
	==    by 0x4D0707D: callWithFD (remote_driver.c:4549)
	==    by 0x4D070FB: call (remote_driver.c:4570)
	==    by 0x4D12AEE: remoteDomainMigratePrepare3 (remote_driver.c:4138)
	==    by 0x4CF7BE9: virDomainMigrateVersion3 (libvirt.c:4815)
	==    by 0x4CF9432: virDomainMigrate2 (libvirt.c:5454)
	==
	== LEAK SUMMARY:
	==    definitely lost: 8 bytes in 1 blocks
	==    indirectly lost: 0 bytes in 0 blocks
	==      possibly lost: 0 bytes in 0 blocks
	==    still reachable: 126,995 bytes in 1,343 blocks
	==         suppressed: 0 bytes in 0 blocks
	This patch also fixes the leaks in remoteDomainMigratePrepare and
	remoteDomainMigratePrepare2.

2012-03-16  Alex Jia  <ajia@redhat.com>

	libvirt: fix comment typo
	* src/libvirt.c (virStorageVolResize): correct comment typo according to
	  virStorageVolResizeFlags enum definition.

2012-03-16  Daniel P. Berrange  <berrange@redhat.com>

	Add support for forcing a private network namespace for LXC guests
	If no <interface> elements are included in an LXC guest XML
	description, then the LXC guest will just see the host's
	network interfaces. It is desirable to be able to hide the
	host interfaces, without having to define any guest interfaces.
	This patch introduces a new feature flag <privnet/> to allow
	forcing of a private network namespace for LXC. In the future
	I also anticipate that we will add <privuser/> to force a
	private user ID namespace.
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Add support
	  for <privnet/> feature. Auto-set <privnet> if any <interface>
	  devices are defined
	* src/lxc/lxc_container.c: Honour request for private network
	  namespace

2012-03-16  Peter Krempa  <pkrempa@redhat.com>

	lib: Don't access configuration if none is present
	Commit e457d5ef2015e6106094b85f8bbd1582002edc4d adds ability to pass the
	default URI using the client configuration file. If the file is not
	present, it still accesses the NULL config object causing a segfault.
	Caught running "make check".

2012-03-16  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainDetachPciDiskDevice: Free allocated cgroup
	This function potentially allocates new virCgroup but never
	frees it.

2012-03-15  Laine Stump  <laine@laine.org>

	Emit graphics events when a SPICE client connects/disconnects
	Wire up the domain graphics event notifications for SPICE. Adapted
	from a RHEL-only patch written by Dan Berrange that used custom
	__com.redhat_SPICE events - equivalent events are now available in
	upstream QEMU (including a SPICE_CONNECTED event, which was missing in
	the __COM.redhat_SPICE version).
	* src/qemu/qemu_monitor_json.c: Wire up SPICE graphics events

2012-03-15  Osier Yang  <jyang@redhat.com>

	numad: Fix typo and warning
	src/libvirt_private.syms:
	  s/virDomainCpuPlacement/virDomainCpuPlacementMode/
	src/qemu/qemu_process.c
	  def->mem.cur_balloon expects "llu"
	--
	pushed under build-breaker rule

2012-03-15  Daniel P. Berrange  <berrange@redhat.com>

	Add container_uuid env variable to LXC guests
	Systemd has declared that all container virtualization technologies
	should set 'container_uuid' to identify themselves.
	http://cgit.freedesktop.org/systemd/systemd/commit/?id=09b967eaa51a39dabb7f238927f67bd682466dbc

	Allow overriding default URI in config file
	Currently if the URI passed to virConnectOpen* is NULL, then we
	 - Look for LIBVIRT_DEFAULT_URI env var
	 - Probe for drivers
	This changes it so that
	 - Look for LIBVIRT_DEFAULT_URI env var
	 - Look for 'uri_default' in $HOME/.libvirt/libvirt.conf
	 - Probe for drivers

2012-03-15  Osier Yang  <jyang@redhat.com>

	virsh: A bit smarter attach-disk
	Detects the file type of source path if no "--sourcetype" and
	"driver" is specified, instead of always set the disk type as
	"block".

2012-03-15  Alex Jia  <ajia@redhat.com>

	virsh: fix invalid free
	* tools/virsh.c (cmdDetachDisk): fix invalid free due to using
	  uninitialised value.
	* How to reproduce?
	# virsh detach-disk a b
	error: failed to get domain 'a'
	*** glibc detected *** virsh: double free or corruption (out): 0x00007fff410ed1a0 ***
	======= Backtrace: =========
	/lib64/libc.so.6[0x39cf0750c6]
	/usr/lib/libvirt.so.0(virFree+0x39)[0x7f045938a239]
	virsh[0x41c768]
	virsh[0x415075]
	virsh[0x425d64]
	/lib64/libc.so.6(__libc_start_main+0xfd)[0x39cf01ecdd]
	virsh[0x40a419]
	======= Memory map: ========
	00400000-0044e000 r-xp 00000000 08:0e 760441                             /usr/bin/virsh
	0064e000-00650000 rw-p 0004e000 08:0e 760441                             /usr/bin/virsh
	......
	39d7229000-39d722b000 r--p 00029000 08:0e 2183477                        /lib64/libk5crypto.so.3.1
	39d722b000-39d722c000 rw-p 0002b000 08:0e 2183477                        /lib64/lAborted (core dumped)

2012-03-15  Osier Yang  <jyang@redhat.com>

	qemu: Support numad
	numad is an user-level daemon that monitors NUMA topology and
	processes resource consumption to facilitate good NUMA resource
	alignment of applications/virtual machines to improve performance
	and minimize cost of remote memory latencies. It provides a
	pre-placement advisory interface, so significant processes can
	be pre-bound to nodes with sufficient available resources.
	More details: http://fedoraproject.org/wiki/Features/numad
	"numad -w ncpus:memory_amount" is the advisory interface numad
	provides currently.
	This patch add the support by introducing a new XML attribute
	for <vcpu>. e.g.
	  <vcpu placement="auto">4</vcpu>
	  <vcpu placement="static" cpuset="1-10^6">4</vcpu>
	The returned advisory nodeset from numad will be printed
	in domain's dumped XML. e.g.
	  <vcpu placement="auto" cpuset="1-10^6">4</vcpu>
	If placement is "auto", the number of vcpus and the current
	memory amount specified in domain XML will be used for numad
	command line (numad uses MB for memory amount):
	  numad -w $num_of_vcpus:$current_memory_amount / 1024
	The advisory nodeset returned from numad will be used to set
	domain process CPU affinity then. (e.g. qemuProcessInitCpuAffinity).
	If the user specifies both CPU affinity policy (e.g.
	(<vcpu cpuset="1-10,^7,^8">4</vcpu>) and placement == "auto"
	the specified CPU affinity will be overridden.
	Only QEMU/KVM drivers support it now.
	See docs update in patch for more details.

2012-03-14  Osier Yang  <jyang@redhat.com>

	qemu: Use scsi-block for lun passthrough instead of scsi-disk
	And don't allow to hotplug a usb disk with "device == lun". This
	is the missed pieces in previous virtio-scsi patchset:
	http://www.redhat.com/archives/libvir-list/2012-February/msg01052.html

2012-03-14  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Reverse condition in qemuDomainCheckDiskPresence
	With current code, we pass true iff domain is cold booting. However,
	if disk is inaccessible and startupPolicy for that disk is set to
	'requisite' we have to fail iff cold booting.

2012-03-14  Peter Krempa  <pkrempa@redhat.com>

	cpu: Add cpu definition for Intel Sandy Bridge cpu type
	This patch adds support for the new tsc-deadline feature flag
	and a new model to the supported model list describing the
	Intel Sandy Bridge platform.

2012-03-13  Martin Kletzander  <mkletzan@redhat.com>

	Added support for AMD Bulldozer CPU
	AMD Bulldozer (or Opteron_G4 as called in QEMU) was added to the list
	of cpu models, flags were taken from upstream qemu cpu specifications
	and should be sorted by bit values (or first occurence in the feature
	specification part of cpu_map.xml).
	Based on QEMU upstream commit 885bb0369a4f0abe2c0185178f3cb347cb02cdf1.

2012-03-13  Michal Privoznik  <mprivozn@redhat.com>

	graphics: Cleanup port policy
	Even though we say in documentation setting (tls-)port to -1 is legacy
	compat style for enabling autoport, we're roughly doing this for VNC.
	However, in case of SPICE auto enable autoport iff both port & tlsPort
	are equal -1 as documentation says autoport plays with both.

2012-03-13  Guannan Ren  <gren@redhat.com>

	qemu: fix segfault when detaching non-existent network device
	In qemuDomainDetachNetDevice, detach was being used before it had been
	validated. If no matching device was found, this resulted in a
	dereference of a NULL pointer.
	This behavior was a regression introduced in commit
	cf90342be0022520e25cfa258cef1034b229a100, so it has not been a part of
	any official libvirt release.

2012-03-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix (managed)save and snapshots with host mode CPU
	When host-model and host-passthrouh CPU modes were introduced, qemu
	driver was properly modify to update guest CPU definition during
	migration so that we use the right CPU at the destination. However,
	similar treatment is needed for (managed)save and snapshots since they
	need to save the exact CPU so that a domain can be properly restored.
	To avoid repetition of such situation, all places that need live XML
	share the code which generates it.
	As a side effect, this patch fixes error reporting from
	qemuDomainSnapshotWriteMetadata().

2012-03-13  Eric Blake  <eblake@redhat.com>

	docs: fix usage example on setting log levels
	Reported by Michael S. Tsirkin.
	* docs/logging.html.in (log_examples): Use correct libvirtd.conf
	syntax.

2012-03-12  Eric Blake  <eblake@redhat.com>

	cpustats: report user and sys times
	Thanks to cgroups, providing user vs. system time of the overall
	guest is easy to add to our existing API.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_CPU_STATS_USERTIME)
	(VIR_DOMAIN_CPU_STATS_SYSTEMTIME): New constants.
	* src/util/virtypedparam.h (virTypedParameterArrayValidate)
	(virTypedParameterAssign): Enforce checking the result.
	* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Fix offender.
	(qemuDomainGetTotalcpuStats): Implement new parameters.
	* tools/virsh.c (cmdCPUStats): Tweak output accordingly.

	cpustats: collect VM user and sys times
	As documented in linux.git/Documentation/cgroups/cpuacct.txt,
	cpuacct.stat returns user and system time in ticks (the same
	unit used in times(2)).  It would be a bit nicer if it were like
	getrusage(2) and reported timeval contents, or like cpuacct.usage
	and in nanoseconds, but we can't be picky.
	* src/util/cgroup.h (virCgroupGetCpuacctStat): New function.
	* src/util/cgroup.c (virCgroupGetCpuacctStat): Implement it.
	(virCgroupGetValueStr): Allow for multi-line files.
	* src/libvirt_private.syms (cgroup.h): Export it.

	qemu: support disk filenames with comma
	If there is a disk file with a comma in the name, QEmu expects a double
	comma instead of a single one (e.g., the file "virtual,disk.img" needs
	to be specified as "virtual,,disk.img" in QEmu's command line). This
	patch fixes libvirt to work with that feature. Fix RHBZ #801036.
	Based on an initial patch by Crístian Viana.
	* src/util/buf.h (virBufferEscape): Alter signature.
	* src/util/buf.c (virBufferEscape): Add parameter.
	(virBufferEscapeSexpr): Fix caller.
	* src/qemu/qemu_command.c (qemuBuildRBDString): Likewise.  Also
	escape commas in file names.
	(qemuBuildDriveStr): Escape commas in file names.
	* docs/schemas/basictypes.rng (absFilePath): Relax RNG to allow
	commas in input file names.
	* tests/qemuxml2argvdata/*-disk-drive-network-sheepdog.*: Update
	test.

2012-03-12  Daniel Veillard  <veillard@redhat.com>

	Fix a few typo in translated strings
	this was raised by our hindi localization team
	chandan kumar <chandankumar.093047@gmail.com>

2012-03-09  Martin Kletzander  <mkletzan@redhat.com>

	Removed more AMD-specific features from cpu64-rhel* models
	We found few more AMD-specific features in cpu64-rhel* models that
	made it impossible to start qemu guest on Intel host (with this
	setting) even though qemu itself starts correctly with them.
	This impacts one test, thus the fix in tests/cputestdata/.

2012-03-09  Laine Stump  <laine@laine.org>

	conf: eliminate redundant VIR_ALLOC of 1st element of network DNS hosts.
	virNetworkDNSHostsDefParseXML was calling VIR_ALLOC(def->hosts) if
	def->hosts was NULL. This is a waste of time, though, since
	VIR_REALLOC_N is called a few lines further down, prior to any use of
	def->hosts. (initializing def->nhosts to 0 is also redundant, because
	the newly allocated memory will always be cleared to all 0's anyway).

2012-03-09  Michal Privoznik  <mprivozn@redhat.com>

	qemuxml2argvtest: Pass some additional flags to graphics-spice-agentmouse
	One of the recent commits introduced support for
	spice agent-mouse. However, test for this feature
	require some tweaking: pass QEMU_CAPS_CHARDEV_SPICEVMC |
	QEMU_CAPS_NODEFCONFIG and add "-vga cirrus".

	qemuBuildCommandLine: Don't add tlsPort if none set
	If user hasn't supplied any tlsPort we default to setting it
	to zero in our internal structure. However, when building command
	line we test it against -1 which is obviously wrong.

2012-03-09  Peng Zhou  <ailvpeng25@gmail.com>

	qemu: spice agent-mouse support
	spice agent-mouse support
	Usage:
	  <graphics type='spice'>
	    <mouse mode='client'|'server'/>
	  <graphics/>

2012-03-09  Osier Yang  <jyang@redhat.com>

	virsh: Use option alias for outmoded "--persistent"
	Since VIR_DOMAIN_AFFECT_{LIVE,CONFIG,CURRENT} was created,
	all new virsh commands use "--config" to represents the
	persistent changing. This patch add "--config" option
	for the old commands which still use "--persistent",
	and "--persistent" is now alias of "--config".
	tools/virsh.c: (use "--config", and "--persistent" is
	    alias of "--config" now).
	    cmdDomIfSetLink, cmdDomIfGetLink, cmdAttachDevice,
	    cmdDetachDevice, cmdUpdateDevice, cmdAttachInterface,
	    cmdDetachInterface, cmdAttachDisk, cmdDetachDisk
	toos/virsh.pod: Update docs of the changed commands, and
	    add some missed docs for "--config" (detach-interface,
	    detach-disk, and detach-device).

2012-03-09  Laine Stump  <laine@laine.org>

	remove daemon/probes.h from .gitignore
	The file daemon/probes.h used to be generated as part of a build, but
	is no longer used. However, a stale copy of it lying around could
	cause a build to fail. Removing it from .gitignore will make it more
	likely someone will notice that they have it lying around.

	util: consolidate duplicated error messages in pci.c
	This is nearly identical to an earlier patch for virnetlink.c.
	There are special stub versions of all public functions in this file
	that are compiled when the platform isn't linux. Each of these
	functions had an almost identical message, differing only in the
	function name included in the message. Since log messages already
	contain the function name, we can just define a const char* with the
	common part of the string, and use that same string for all the log
	messages.
	If nothing else, this at least makes for less strings that need
	translating...

	qemu: eliminate memory leak in qemuDomainUpdateDeviceConfig
	This function was freeing a virDomainNetDef with
	VIR_FREE(). virDomainNetDef is a complex structure with many pointers
	to other dynamically allocated data; to properly free it
	virDomainNetDefFree() must be called instead, otherwise several
	strings (and potentially other things) will be leaked.

	qemu: support persistent hotplug of <hostdev> devices
	For some reason, although live hotplug of <hostdev> devices is
	supported, persistent hotplug is not. This patch adds the proper
	VIR_DOMAIN_DEVICE_HOSTDEV cases to the switches in
	qemuDomainAttachDeviceConfig and qemuDomainDetachDeviceConfig.

	util: standardize return from functions calling virNetlinkCommand
	There are several functions that call virNetlinkCommand, and they all
	follow a common pattern, with three exit labels: err_exit (or
	cleanup), malformed_resp, and buffer_too_small. All three of these
	labels do their own cleanup and have their own return. However, the
	malformed_resp label usually frees the same items as the
	cleanup/err_exit label, and the buffer_too_small label just doesn't
	free recvbuf (because it's known to always be NULL at the time we goto
	buffer_too_small.
	In order to simplify and standardize the code, I've made the following
	changes to all of these functions:
	1) err_exit is replaced with the more libvirt-ish "cleanup", which
	   makes sense because in all cases this code is also executed in the
	   case of success, so labelling it err_exit may be confusing.
	2) rc is initialized to -1, and set to 0 just before the cleanup
	   label. Any code that currently sets rc = -1 is made to instead goto
	   cleanup.
	3) malformed_resp and buffer_too_small just log their error and goto
	   cleanup. This gives us a single return path, and a single place to
	   free up resources.
	4) In one instance, rather then logging an error immediately, a char*
	   msg was pointed to an error string, then goto cleanup (and cleanup
	   would log an error if msg != NULL). It takes no more lines of code
	   to just log the message as we encounter it.
	This patch should have 0 functional effects.

	util: eliminate device object leaks related to virDomain*Remove*()
	There are several functions in domain_conf.c that remove a device
	object from the domain's list of that object type, but don't free the
	object or return it to the caller to free. In many cases this isn't a
	problem because the caller already had a pointer to the object and
	frees it afterward, but in several cases the removed object was just
	left floating around with no references to it.
	In particular, the function qemuDomainDetachDeviceConfig() calls
	functions to locate and remove net (virDomainNetRemoveByMac), disk
	(virDomainDiskRemoveByName()), and lease (virDomainLeaseRemove())
	devices, but neither it nor its caller qemuDomainModifyDeviceConfig()
	ever obtain a pointer to the device being removed, much less free it.
	This patch modifies the following "remove" functions to return a
	pointer to the device object being removed from the domain device
	arrays, to give the caller the option of freeing the device object
	using that pointer if needed. In places where the object was
	previously leaked, it is now freed:
	  virDomainDiskRemove
	  virDomainDiskRemoveByName
	  virDomainNetRemove
	  virDomainNetRemoveByMac
	  virDomainHostdevRemove
	  virDomainLeaseRemove
	  virDomainLeaseRemoveAt
	The functions that had been leaking:
	  libxlDomainDetachConfig - leaked a virDomainDiskDef
	  qemuDomainDetachDeviceConfig - could leak a virDomainDiskDef,
	                            a virDomainNetDef, or a
	                            virDomainLeaseDef
	  qemuDomainDetachLease   - leaked a virDomainLeaseDef

	qemu: don't 'remove' hostdev objects from domain if operation fails
	There were certain paths through the hostdev detach code that could
	lead to the lower level function failing (and not removing the object
	from the domain's hostdevs list), but the higher level function
	free'ing the hostdev object anyway. This would leave a stale
	hostdevdef pointer in the list, which would surely cause a problem
	eventually.
	This patch relocates virDomainHostdevRemove from the lower level
	functions qemuDomainDetachThisHostDevice and
	qemuDomainDetachHostPciDevice, to their caller
	qemuDomainDetachThisHostDevice, placing it just before the call to
	virDomainHostdevDefFree. This makes it easy to verify that either both
	operations are done, or neither.
	NB: The "dangling pointer" part of this problem was introduced in
	commit 13d5a6, so it is not present in libvirt versions prior to
	0.9.9. Earlier versions would return failure in certain cases even
	though the the device object was removed/deleted, but the removal and
	deletion operations would always both happen or neither.

	util: make virDomainLeaseDefFree global
	It will be used in a different file in an upcoming patch.

	util: consolidate duplicated error messages in virnetlink.c
	There are special stub versions of all public functions in this file
	that are compiled when either libnl isn't available or the platform
	isn't linux. Each of these functions had two almost identical message,
	differing only in the function name included in the message. Since log
	messages already contain the function name, we can just define a const
	char* with the common part of the string, and use that same string for
	all the log messages.
	Also, rather than doing #if defined ... #else ... #endif *inside the
	error log macro invocation*, this patch does #if defined ... just
	once, using it to decide which single string to define. This turns the
	error log in each function from 6 lines, to 1 line.

	util: log error on OOM in virNetDevOpenvswitchAddPort
	OOM conditions silently returned failure.

2012-03-09  Ansis Atteka  <aatteka@nicira.com>

	Attach vm-id to Open vSwitch interfaces.
	This patch will allow OpenFlow controllers to identify which interface
	belongs to a particular VM by using the Domain UUID.
	ovs-vsctl get Interface vnet0 external_ids
	{attached-mac="52:54:00:8C:55:2C", iface-id="83ce45d6-3639-096e-ab3c-21f66a05f7fa", iface-status=active, vm-id="142a90a7-0acc-ab92-511c-586f12da8851"}
	V2 changes:
	Replaced vm-uuid with vm-id. There was a discussion in Open vSwitch
	mailinglist that we should stick with the same DB key postfixes for the
	sake of consistency (e.g iface-id, vm-id ...).

2012-03-09  Laine Stump  <laine@laine.org>

	util: whitespace change to virNetDevOpenvswitchAddPort
	The indentation on the final lines of the function was off by four
	spaces, making me wonder for a second if there was something
	missing. (There wasn't.)

	util: add stub pciConfigAddressToSysfsFile for non-linux platforms
	Absence of this stub function caused a build failure on mingw32.

2012-03-08  Eric Blake  <eblake@redhat.com>

	rpc: generalize solution for VPATH builds
	Commit 5d4b0c4c80 tried to fix certain classes of VPATH builds,
	but was too limited.  In particular, Guannan Ren reported:
	>    For example: The libvirt source code resides in /home/testuser,
	>                 I make dist in /tmp/buildvpath, the XDR routine .c file will
	>                 include full path of the header file like:
	>
	>                 #include "/home/testuser/src/rpc/virnetprotocol.h"
	>                 #include "internal.h"
	>                 #include <arpa/inet.h>
	>
	>    If we distribute the tarball to another machine to compile,
	>    it will report error as follows:
	>
	>    rpc/virnetprotocol.c:7:59: fatal error:
	>    /home/testuser/src/rpc/virnetprotocol.h: No such file or directory
	* src/rpc/genprotocol.pl: Fix more include lines.

2012-03-08  Peter Krempa  <pkrempa@redhat.com>

	xml: Clean up schemas to use shared data types instead of local
	The schema files contained duplicate data types that can be shared from
	the basictypes.rng file.

2012-03-08  Michal Privoznik  <mprivozn@redhat.com>

	util: Don't overflow on errno in virFileAccessibleAs
	If we need to virFork() to check assess() under different
	UID+GID we need to translate returned status via WEXITSTATUS().
	Otherwise, we may return values greater than 255 which is
	obviously wrong.

2012-03-08  Peter Krempa  <pkrempa@redhat.com>

	sanlock: Use STREQ_NULLABLE instead of STREQ on strings that may be null
	The function sanlock_inquire can return NULL in the state string if the
	message consists only of a header. The return value is arbitrary and
	sent by the server. We should proceed carefully while touching such
	pointers.

	sanlock: Fix condition left crippled while debugging

2012-03-08  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't parse device twice in attach/detach
	Some members are generated during XML parse (e.g. MAC address of
	an interface); However, with current implementation, if we
	are plugging a device both to persistent and live config,
	we parse given XML twice: first time for live, second for config.
	This is wrong then as the second time we are not guaranteed
	to generate same values as we did for the first time.
	To prevent that we need to create a copy of DeviceDefPtr;
	This is done through format/parse process instead of writing
	functions for deep copy as it is easier to maintain:
	adding new field to any virDomain*DefPtr doesn't require change
	of copying function.

	qemu: Fix startupPolicy for snapshot-revert
	Currently, startupPolicy='requisite' was determining cold boot
	by migrateFrom != NULL. That means, if domain was started up
	with migrateFrom set we didn't require disk source path and allowed
	it to be dropped. However, on snapshot-revert domain wasn't migrated
	but according to documentation, requisite should drop disk source
	as well.

2012-03-08  Eric Blake  <eblake@redhat.com>

	virsh: improve memory unit parsing
	The last vestige of the inaccurate 'kilobytes' when we meant 1024 is
	now gone.  And virsh is now useful for setting memory in units other
	than KiB.
	* tools/virsh.c (cmdSetmem, cmdSetmaxmem): Use new helper routine,
	allow passing bogus arguments on to hypervisor to test driver
	sanity checking, and fix leak on parse error.
	(vshMemtuneGetSize): New helper.
	(cmdMemtune): Use it.
	* tools/virsh.pod (setmem, setmaxmem, memtune): Document this.

	virsh: improve storage unit parsing
	Now can now do:
	virsh vol-resize $vol 10M
	virsh blockresize $dom $vol 10M
	to get both interfaces to resize to 10MiB.  The remaining wart
	is that vol-resize defaults to bytes, but blockresize defaults
	to KiB, but we can't break existing scripts; oh well, it's no
	worse than the same wart of the underlying virDomainBlockResize.
	The API for virStorageVolResize states that capacity must always
	be positive, and that the presence of shrink and delta flags is
	what implies a negative change.
	* tools/virsh.c (vshCommandOptScaledInt): New function.
	(cmdVolResize): Don't pass negative size.
	(cmdVolSize): Rename...
	(vshVolSize): ...and use new helper routine.
	(cmdBlockResize): Use new helper routine, and support new bytes
	flag.
	* tools/virsh.pod (NOTES): Document suffixes.
	(blockresize, vol-create-as, vol-resize): Point to notes.

	virsh: add command aliases, and rename nodedev-detach
	Just because our public API has a typo doesn't mean that virsh
	has to keep the typo.
	* tools/virsh.c (VSH_CMD_FLAG_ALIAS): New flag.
	(nodedevCmds): Use it.
	(cmdHelp): Omit alias commands.
	(cmdNodeDeviceDettach): Rename...
	(cmdNodeDeviceDetach): ...to this.
	* tools/virsh.pod (nodedev-detach): Document it.

	virsh: use option aliases
	Command line interfaces should use dash, not underscore, as many
	keyboard layouts allow that to be typed with fewer shift key presses.
	Also, the US spelling of --tunneled gets more google hits than the
	UK spelling of --tunnelled.
	* tools/virsh.c (opts_migrate): Allow US variant.
	(opts_blkdeviotune): Prefer - over _.
	* tools/virsh.pod (blkdeviotune): Fix spelling.

	virsh: add option aliases
	In the past, we have created some virsh options with less-than-stellar
	names.  For back-compat reasons, those names must continue to parse,
	but we don't want to document them in help output.  This introduces
	a new option type, an alias, which points to a canonical option name
	later in the option list.
	I'm actually quite impressed that our code has already been factored
	to do all option parsing through common entry points, such that I
	got this added in relatively few lines of code!
	* tools/virsh.c (VSH_OT_ALIAS): New option type.
	(opts_echo): Hook up an alias, for easy testing.
	(vshCmddefOptParse, vshCmddefHelp, vshCmddefGetOption): Allow for
	aliases.
	* tools/virsh.pod (NOTES): Document promise of back-compat.
	* tests/virshtest.c (mymain): Test new feature.

	xml: allow scaled memory on input
	Output is still in kibibytes, but input can now be in different
	scales for ease of typing.
	* src/conf/domain_conf.c (virDomainParseMemory): New helper.
	(virDomainDefParseXML): Use it when parsing.
	* docs/schemas/domaincommon.rng: Expand XML; rename memoryKBElement
	to memoryElement and update callers.
	* docs/formatdomain.html.in (elementsMemoryAllocation): Document
	scaling.
	* tests/qemuxml2argvdata/qemuxml2argv-memtune.xml: Adjust test.
	* tests/qemuxml2xmltest.c: Likewise.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-memtune.xml: New file.

	xml: use better types for memory values
	Using 'unsigned long' for memory values is risky on 32-bit platforms,
	as a PAE guest can have more than 4GiB memory.  Our API is
	(unfortunately) locked at 'unsigned long' and a scale of 1024, but
	the rest of our system should consistently use 64-bit values,
	especially since the previous patch centralized overflow checking.
	* src/conf/domain_conf.h (_virDomainDef): Always use 64-bit values
	for memory.  Change hugepage_backed to a bool.
	* src/conf/domain_conf.c (virDomainDefParseXML)
	(virDomainDefCheckABIStability, virDomainDefFormatInternal): Fix
	clients.
	* src/vmx/vmx.c (virVMXFormatConfig): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxpr, xenFormatSxpr): Likewise.
	* src/xenxs/xen_xm.c (xenXMConfigGetULongLong): New function.
	(xenXMConfigGetULong, xenXMConfigSetInt): Avoid truncation.
	(xenParseXM, xenFormatXM): Fix clients.
	* src/phyp/phyp_driver.c (phypBuildLpar): Likewise.
	* src/openvz/openvz_driver.c (openvzDomainSetMemoryInternal):
	Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainDefineXML): Likewise.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Likewise.
	* src/qemu/qemu_process.c (qemuProcessStart): Likewise.
	* src/qemu/qemu_monitor.h (qemuMonitorGetBalloonInfo): Likewise.
	* src/qemu/qemu_monitor_text.h (qemuMonitorTextGetBalloonInfo):
	Likewise.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetBalloonInfo):
	Likewise.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONGetBalloonInfo):
	Likewise.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBalloonInfo):
	Likewise.
	* src/qemu/qemu_driver.c (qemudDomainGetInfo)
	(qemuDomainGetXMLDesc): Likewise.
	* src/uml/uml_conf.c (umlBuildCommandLine): Likewise.

	xml: use long long internally, to centralize overflow checks
	On 64-bit platforms, unsigned long and unsigned long long are
	identical, so we don't have to worry about overflow checks.
	On 32-bit platforms, anywhere we narrow unsigned long long back
	to unsigned long, we have to worry about overflow; it's easier
	to do this in one place by having most of the code use the same
	or wider types, and only doing the narrowing at the last minute.
	Therefore, the memory set commands remain unsigned long, and
	the memory get command now centralizes the overflow check into
	libvirt.c, so that drivers don't have to repeat the work.
	This also fixes a bug where xen returned the wrong value on
	failure (most APIs return -1 on failure, but getMaxMemory
	must return 0 on failure).
	* src/driver.h (virDrvDomainGetMaxMemory): Use long long.
	* src/libvirt.c (virDomainGetMaxMemory): Raise overflow.
	* src/test/test_driver.c (testGetMaxMemory): Fix driver.
	* src/rpc/gendispatch.pl (name_to_ProcName): Likewise.
	* src/xen/xen_hypervisor.c (xenHypervisorGetMaxMemory): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainGetMaxMemory): Likewise.
	* src/xen/xend_internal.c (xenDaemonDomainGetMaxMemory):
	Likewise.
	* src/xen/xend_internal.h (xenDaemonDomainGetMaxMemory):
	Likewise.
	* src/xen/xm_internal.c (xenXMDomainGetMaxMemory): Likewise.
	* src/xen/xm_internal.h (xenXMDomainGetMaxMemory): Likewise.
	* src/xen/xs_internal.c (xenStoreDomainGetMaxMemory): Likewise.
	* src/xen/xs_internal.h (xenStoreDomainGetMaxMemory): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainGetMaxMemory):
	Likewise.
	* src/esx/esx_driver.c (esxDomainGetMaxMemory): Likewise.
	* src/libxl/libxl_driver.c (libxlDomainGetMaxMemory): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainGetMaxMemory): Likewise.
	* src/lxc/lxc_driver.c (lxcDomainGetMaxMemory): Likewise.
	* src/uml/uml_driver.c (umlDomainGetMaxMemory): Likewise.

	xml: drop unenforced minimum memory limit from RNG
	The test domain allows <memory>0</memory>, but the RNG was stating
	that memory had to be at least 4096000 bytes.  Hypervisors should
	enforce their own limits, rather than complicating the RNG.
	Meanwhile, some copy and paste had introduced some fishy constructs
	in various unit tests.
	* docs/schemas/domaincommon.rng (memoryKB, memoryKBElement): Drop
	limit that isn't enforced in code.
	* src/conf/domain_conf.c (virDomainDefParseXML): Require current
	<= maximum.
	* tests/qemuxml2argvdata/*.xml: Fix offenders.

	storage: support more scaling suffixes
	Disk manufacturers are fond of quoting sizes in powers of 10,
	rather than powers of 2 (after all, 2.1 GB sounds larger than
	2.0 GiB, even though the exact opposite is true).  So, we might
	as well follow coreutils' lead in supporting three types of
	suffix: single letter ${u} (which we already had) and ${u}iB
	for the power of 2, and ${u}B for power of 10.
	Additionally, it is impossible to create a file with more than
	2**63 bytes, since off_t is signed (if you have enough storage
	to even create one 8EiB file, I'm jealous).  This now reports
	failure up front rather than down the road when the kernel
	finally refuses an impossible size.
	* docs/schemas/basictypes.rng (unit): Add suffixes.
	* src/conf/storage_conf.c (virStorageSize): Use new function.
	* docs/formatstorage.html.in: Document it.
	* tests/storagevolxml2xmlin/vol-file-backing.xml: Test it.
	* tests/storagevolxml2xmlin/vol-file.xml: Likewise.

	xml: output memory unit for clarity
	Make it obvious to 'dumpxml' readers what unit we are using,
	since our default of KiB for memory (1024) differs from qemu's
	default of MiB; and differs from our use of bytes for storage.
	Tests were updated via:
	$ find tests/*data tests/*out -name '*.xml' | \
	  xargs sed -i 's/<\(memory\|currentMemory\|hard_limit\|soft_limit\|min_guarantee\|swap_hard_limit\)>/<\1 unit='"'KiB'>/"
	$ find tests/*data tests/*out -name '*.xml' | \
	  xargs sed -i 's/<\(capacity\|allocation\|available\)>/<\1 unit='"'bytes'>/"
	followed by a few fixes for the stragglers.
	Note that with this patch, the RNG for <memory> still forbids
	validation of anything except unit='KiB', since the code silently
	ignores the attribute; a later patch will expand <memory> to allow
	scaled input in the code and update the RNG to match.
	* docs/schemas/basictypes.rng (unit): Add 'bytes'.
	(scaledInteger): New define.
	* docs/schemas/storagevol.rng (sizing): Use it.
	* docs/schemas/storagepool.rng (sizing): Likewise.
	* docs/schemas/domaincommon.rng (memoryKBElement): New define; use
	for memory elements.
	* src/conf/storage_conf.c (virStoragePoolDefFormat)
	(virStorageVolDefFormat): Likewise.
	* src/conf/domain_conf.h (_virDomainDef): Document unit used
	internally.
	* src/conf/storage_conf.h (_virStoragePoolDef, _virStorageVolDef):
	Likewise.
	* tests/*data/*.xml: Update all tests.
	* tests/*out/*.xml: Likewise.
	* tests/define-dev-segfault: Likewise.
	* tests/openvzutilstest.c (testReadNetworkConf): Likewise.
	* tests/qemuargv2xmltest.c (blankProblemElements): Likewise.

	xml: share 'unit' in RNG
	The code supported unit='E' for "exabyte", but the RNG did not;
	conversely, the RNG supported "z" and "y" but the code did not
	(I'm jealous if you have that much storage, particularly since
	it won't fit in 64-bit off_t).  Also, the code supported
	<allocation unit='...'>, but not the RNG.
	In an effort to make 'unit' more worthwhile in future patches,
	it's easier to share it between files.
	In making this factorization, note that absFilePath is more
	permissive than 'path', so storage pools and storage volumes
	will now validate with a wider set of file names than before.
	I don't think this should be a problem in practice.
	* docs/schemas/storagepool.rng: Include basic types, rather than
	repeating things here.
	* docs/schemas/storagevol.rng: Likewise.
	* docs/schemas/basictypes.rng: Add 'unsignedLong', 'unit', and fix
	to match storage code.

	util: new function for scaling numbers
	Scaling an integer based on a suffix is something we plan on reusing
	in several contexts: XML parsing, virsh CLI parsing, and possibly
	elsewhere.  Make it easy to reuse, as well as adding in support for
	powers of 1000.
	* src/util/util.h (virScaleInteger): New function.
	* src/util/util.c (virScaleInteger): Implement it.
	* src/libvirt_private.syms (util.h): Export it.

	api: add overflow error
	Overflow can be user-induced, so it deserves more than being called
	an internal error.  Note that in general, 32-bit platforms have
	far more places to trigger this error (anywhere the public API
	used 'unsigned long' but the other side of the connection is a
	64-bit server); but some are possible on 64-bit platforms (where
	the public API computes the product of two numbers).
	* include/libvirt/virterror.h (VIR_ERR_OVERFLOW): New error.
	* src/util/virterror.c (virErrorMsg): Translate it.
	* src/libvirt.c (virDomainSetVcpusFlags, virDomainGetVcpuPinInfo)
	(virDomainGetVcpus, virDomainGetCPUStats): Use it.
	* daemon/remote.c (HYPER_TO_TYPE): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainBlockResize): Likewise.

	docs: use correct terminology for 1024 bytes
	Yes, I like kilobytes better than kibibytes (when I say kilobytes,
	I generally mean 1024).  But since the term is ambiguous, it can't
	hurt to say what we mean, by using both the correct name and
	calling out the numeric equivalent.
	* src/libvirt.c (virDomainGetMaxMemory, virDomainSetMaxMemory)
	(virDomainSetMemory, virDomainSetMemoryFlags)
	(virNodeGetFreeMemory): Tweak wording.
	* docs/formatdomain.html.in: Likewise.
	* docs/formatstorage.html.in: Likewise.

2012-03-08  Laine Stump  <laine@laine.org>

	util: fix build mingw (and all non-linux) build failure
	ATTRIBUTE_UNUSED was accidentally forgotten on one arg of a stub
	function for functionality that's not present on non-linux
	platforms. This causes a non-linux build with
	--enable-compile-warnings=error to fail.

2012-03-07  Eric Blake  <eblake@redhat.com>

	rpc: allow truncated return for virDomainGetCPUStats
	The RPC code assumed that the array returned by the driver would be
	fully populated; that is, ncpus on entry resulted in ncpus * return
	value on exit.  However, while we don't support holes in the middle
	of ncpus, we do want to permit the case of ncpus on entry being
	longer than the array returned by the driver (that is, it should be
	safe for the caller to pass ncpus=128 on entry, and the driver will
	stop populating the array when it hits max_id).
	Additionally, a successful return implies that the caller will then
	use virTypedParamArrayClear on the entire array; for this to not
	free uninitialized memory, the driver must ensure that all skipped
	entries are explicitly zeroed (the RPC driver did this, but not
	the qemu driver).
	There are now three cases:
	server 0.9.10 and client 0.9.10 or newer: No impact - there were no
	hypervisor drivers that supported cpu stats
	server 0.9.11 or newer and client 0.9.10: if the client calls with
	ncpus beyond the max, then the rpc call will fail on the client side
	and disconnect the client, but the server is no worse for the wear
	server 0.9.11 or newer and client 0.9.11: the server can return a
	truncated array and the client will do just fine
	I reproduced the problem by using a host with 2 CPUs, and doing:
	virsh cpu-stats $dom --start 1 --count 2
	* daemon/remote.c (remoteDispatchDomainGetCPUStats): Allow driver
	to omit tail of array.
	* src/remote/remote_driver.c (remoteDomainGetCPUStats):
	Accommodate driver that omits tail of array.
	* src/libvirt.c (virDomainGetCPUStats): Document this.
	* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Clear all
	unpopulated entries.

2012-03-07  Laine Stump  <laine@laine.org>

	conf: fix error log with "address address"
	Addresses https://bugzilla.redhat.com/show_bug.cgi?id=800762

2012-03-07  Daniel P. Berrange  <berrange@redhat.com>

	Ensure max_id is initialized in linuxParseCPUmap()

2012-03-07  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	cpu-stats command shows cpu statistics information of a domain.
	CPU0:
		cpu_time   88.231593093 seconds
	CPU1:
		cpu_time   123.613341883 seconds
	Total:
		cpu_time   211.844934976 seconds

	qemu driver for virDomainGetCPUstats using cpuacct cgroup.
	* For now, only "cpu_time" is supported.
	* cpuacct cgroup is used for providing percpu cputime information.
	* src/qemu/qemu.conf     - take care of cpuacct cgroup.
	* src/qemu/qemu_conf.c   - take care of cpuacct cgroup.
	* src/qemu/qemu_driver.c - added an interface
	* src/util/cgroup.c/h    - added interface for getting percpu cputime

	add nodeGetCPUmap() for getting available CPU IDs in a cpumap.

2012-03-07  Osier Yang  <jyang@redhat.com>

	docs: Fix typo
	It used "&lt" for ">", reported by Kyla Zhang <weizhan@redhat.com>

2012-03-07  Duncan Rance  <libvirt@dunquino.com>

	Build error on OSX in src/util/virnetlink.c
	I'm building on OSX with no libnl. I had to do this to get src/util/virnetlink.c to compile:

2012-03-06  Roopa Prabhu  <roprabhu@cisco.com>

	qemu: install port profile and mac address on netdev hostdevs
	These changes are applied only if the hostdev has a parent net device
	(i.e. if it was defined as "<interface type='hostdev'>" rather than
	just "<hostdev>").  If the parent netdevice has virtual port
	information, the original virtualport associate functions are called
	(these set and restore both mac and port profile on an
	interface). Otherwise, only mac address is set on the device.
	Note that This is only supported for SR-IOV Virtual Functions (not for
	standard PCI or USB netdevs), and virtualport association is only
	supported for 802.1Qbh. For all other types of cards and types of
	virtualport, a "Config Unsupported" error is returned and the
	operation fails.

	util: Changes to support portprofiles for hostdevs
	This patch includes the following changes to virnetdevmacvlan.c and
	virnetdevvportprofile.c:
	 - removes some netlink functions which are now available in
	   virnetdev.c
	 - Adds a vf argument to all port profile functions.
	For 802.1Qbh devices, the port profile calls can use a vf argument if
	passed by the caller. If the vf argument is -1 it will try to derive the vf
	if the device passed is a virtual function.
	For 802.1Qbg devices, This patch introduces a null check for the device
	argument because during port profile assignment on a hostdev, this argument
	can be null.

	util: support functions for mac/portprofile associations on hostdev
	This patch adds the following:
	- functions to set and get vf configs
	- Functions to replace and store vf configs (Only mac address is handled today.
	  But the functions can be easily extended for vlans and other vf configs)
	- function to dump link dev info (This is moved from virnetdevvportprofile.c)

	util: two new pci util functions
	pciDeviceGetVirtualFunctionInfo returns pf netdevice name and virtual
	function index for a given vf. This is just a wrapper around existing functions
	to return vf's pf and vf_index with one api call
	pciConfigAddressToSysfsfile returns the sysfile pci device link
	from a 'struct pci_config_address'

2012-03-06  Laine Stump  <laine@laine.org>

	qemu: support type=hostdev network device live hotplug attach/detach
	qemuDomainAttachNetDevice
	  - re-ordered some things at start of function because
	    networkAllocateActualDevice should always be run and a slot
	    in def->nets always allocated, but host_net_add isn't needed
	    if the actual type is hostdev.
	  - if actual type is hostdev, defer to
	    qemuDomainAttachHostDevice (which will reach up to the NetDef
	    for things like MAC address when necessary). After return
	    from qemuDomainAttachHostDevice, slip directly to cleanup,
	    since the rest of the function is specific to emulated net
	    devices.
	  - put assignment of new NetDef into expanded def->nets down
	    below cleanup: (but only on success) since it is also needed
	    for emulated and hostdev net devices.
	qemuDomainDetachHostDevice
	  - after locating the exact device to detach, check if it's a
	    network device and, if so, use toplevel
	    qemuDomainDetachNetDevice instead so that the def->nets list
	    is properly updated, and 'actual device' properly returned to
	    network pool if appropriate. Otherwise, for normal hostdevs,
	    call the lower level qemuDomainDetachThisDevice.
	qemuDomainDetachNetDevice
	  - This is where it gets a bit tricky. After locating the device
	    on the def->nets list, if the network device type == hostdev,
	    call the *lower level* qemuDomainDetachThisDevice (which will
	    reach back up to the parent net device for MAC address /
	    virtualport when appropriate, then clear the device out of
	    def->hostdevs) before skipping past all the emulated
	    net-device-specific code to cleanup:, where the network
	    device is removed from def->nets, and the network device
	    object is freed.
	In short, any time a hostdev-type network device is detached, we must
	go through the toplevel virDomaineDetachNetDevice function first and
	last, to make sure 1) the def->nnets list is properly managed, and 2)
	any device allocated with networkAllocateActualDevice is properly
	freed. At the same time, in the middle we need to go through the
	lower-level vidDomainDetach*This*HostDevice to be sure that 1) the
	def->hostdevs list is properly managed, 2) the PCI device is properly
	detached from the guest and reattached to the host (if appropriate),
	and 3) any higher level teardown is called at the appropriate time, by
	reaching back up to the NetDef config (part (3) will be covered in a
	separate patch).

	qemu: use virDomainNetRemove instead of inline code
	The code being replaced is exactly identical to the newly global
	function, right down to the comment.

	conf: change virDomainNetRemove from static to global
	This exact code is duplicated in qemuDomainDetachNetDevice().

	qemu: support type='hostdev' network devices at domain start
	This patch makes sure that each network device ("interface") of
	type='hostdev' appears on both the hostdevs list and the nets list of
	the virDomainDef, and it modifies the qemu driver startup code so that
	these devices will be presented to qemu on the commandline as hostdevs
	rather than as network devices.
	It does not add support for hotplug of these type of devices, or code
	to honor the <mac address> or <virtualport> given in the config (both
	of those will be done in separate patches).
	Once each device is placed on both lists, much of what this patch does
	is modify places in the code that traverse all the device lists so
	that these hybrid devices are only acted on once - either along with
	the other hostdevs, or along with the other network interfaces. (In
	many cases, only one of the lists is traversed / a specific operation
	is performed on only one type of device. In those instances, the code
	can remain unchanged.)
	There is one special case - when building the commandline, interfaces
	are allowed to proceed all the way through
	networkAllocateActualDevice() before deciding to skip the rest of
	netdev-specific processing - this is so that (once we have support for
	networks with pools of hostdev devices) we can get the actual device
	allocated, then rely on the loop processing all hostdevs to generate
	the correct commandline.
	(NB: <interface type='hostdev'> is only supported for PCI network
	devices that are SR-IOV Virtual Functions (VF). Standard PCI[e] and
	USB devices, and even the Physical Functions (PF) of SR-IOV devices
	can only be assigned to a guest using the more basic <hostdev> device
	entry. This limitation is mostly due to the fact that non-SR-IOV
	ethernet devices tend to lose mac address configuration whenever the
	card is reset, which happens when a card is assigned to a guest;
	SR-IOV VFs fortunately don't suffer the same problem.)

	conf: parse/format type='hostdev' network interfaces
	This is the new interface type that sets up an SR-IOV PCI network
	device to be assigned to the guest with PCI passthrough after
	initializing some network device-specific things from the config
	(e.g. MAC address, virtualport profile parameters). Here is an example
	of the syntax:
	  <interface type='hostdev' managed='yes'>
	    <source>
	      <address type='pci' domain='0' bus='0' slot='4' function='3'/>
	    </source>
	    <mac address='00:11:22:33:44:55'/>
	    <address type='pci' domain='0' bus='0' slot='7' function='0'/>
	  </interface>
	This would assign the PCI card from bus 0 slot 4 function 3 on the
	host, to bus 0 slot 7 function 0 on the guest, but would first set the
	MAC address of the card to 00:11:22:33:44:55.
	NB: The parser and formatter don't care if the PCI card being
	specified is a standard single function network adapter, or a virtual
	function (VF) of an SR-IOV capable network adapter, but the upcoming
	code that implements the back end of this config will work *only* with
	SR-IOV VFs. This is because modifying the mac address of a standard
	network adapter prior to assigning it to a guest is pointless - part
	of the device reset that occurs during that process will reset the MAC
	address to the value programmed into the card's firmware.
	Although it's not supported by any of libvirt's hypervisor drivers,
	usb network hostdevs are also supported in the parser and formatter
	for completeness and consistency. <source> syntax is identical to that
	for plain <hostdev> devices, except that the <address> element should
	have "type='usb'" added if bus/device are specified:
	  <interface type='hostdev'>
	    <source>
	      <address type='usb' bus='0' device='4'/>
	    </source>
	    <mac address='00:11:22:33:44:55'/>
	  </interface>
	If the vendor/product form of usb specification is used, type='usb'
	is implied:
	  <interface type='hostdev'>
	    <source>
	      <vendor id='0x0012'/>
	      <product id='0x24dd'/>
	    </source>
	    <mac address='00:11:22:33:44:55'/>
	  </interface>
	Again, the upcoming patch to fill in the backend of this functionality
	will log an error and fail with "Unsupported Config" if you actually
	try to assign a USB network adapter to a guest using <interface
	type='hostdev'> - just use a standard <hostdev> entry in that case
	(and also for single-port PCI adapters).

	qemu: refactor hotplug detach of hostdevs
	This refactoring is necessary to support hotplug detach of
	type=hostdev network devices, but needs to be in a separate patch to
	make potential debugging of regressions more practical.
	Rather than the lowest level functions searching for a matching
	device, the search is now done in the toplevel function, and an
	intermediate-level function (qemuDomainDetachThisHostDevice()), which
	expects that the device's entry is already found, is called (this
	intermediate function will be called by qemuDomainDetachNetDevice() in
	order to support detach of type=hostdev net devices)
	This patch should result in 0 differences in functionality.

	qemu: re-order functions in qemu_hotplug.c
	Code movement only, no functional change. This is necessary to prevent
	a forward reference in an upcoming patch.

	conf: hostdev utility functions
	Three new functions useful in other files:
	virDomainHostdevInsert:
	Add a new hostdev at the end of the array. This would more sensibly be
	called virDomainHostdevAppend, but the existing functions for other
	types of devices are called Insert.
	virDomainHostdevRemove:
	Eliminates one entry from the hostdevs array, but doesn't free it;
	patterned after the code at the end of the two
	qemuDomainDetachHostXXXDevice functions (and also other pre-existing
	virDomainXXXRemove functions for other device types).
	virDomainHostdevFind:
	This function is patterned from the search loops at the top of
	qemuDomainDetachHostPciDevice and qemuDomainDetachHostUsbDevice, and
	will be used to re-factor those (and other detach-related) functions.

	conf: put subsys part of virDomainHostdevDef into its own struct
	To shorten some new code that accesses the many fields within the
	subsys struct of a hostdev, create a separate toplevel, typedefed
	virDomainHostdevSubsys struct so that we can define temporary pointers
	to the subsys part.

	conf: give each hostdevdef a parent pointer
	The parent can be any type of device. It defaults to type=none, and a
	NULL pointer. The intent is that if a hostdevdef is contained in the
	def for a higher level device (e.g. virDomainNetDef), hostdev->parent
	will point to the higher level device, and type will be set to that
	type of device. This way, during attach and detach of the device,
	parent can be checked, and appropriate callouts made to do higher
	level device initialization (e.g. setting MAC address).
	Also, although these hostdevs with parents will be added to a domain's
	hostdevs list, they will be treated slightly differently when
	traversing the list, e.g. virDomainHostdefDefFree for a hostdev that
	has a parent doesn't need to be called (and will be a NOP); it will
	simply be removed from the list (since the parent device object is in
	its own type-specific list, and will be freed from there).

	conf: HostdevDef parse/format helper functions
	In an upcoming patch, virDomainNetDef will acquire a
	virDomainHostdevDef, and the <interface> XML will take on some of the
	elements of a <hostdev>. To avoid duplicating the code for parsing and
	formatting the <source> element (which will be nearly identical in
	these two cases), this patch factors those parts out of the
	HostdevDef's parse and format functions, and puts them into separate
	helper functions that are now called by the HostdevDef
	parser/formatter, and will soon be called by the NetDef
	parser/formatter.
	One change in behavior - previously virDomainHostdevDefParseXML() had
	diverged from current common coding practice by logging an error and
	failing if it found any subelements of <hostdev> other than those it
	understood (standard libvirt practice is to ignore/discard unknown
	elements and attributes during parse). The new helper function ignores
	unknown elements, and thus so does the new
	virDomainHostdevDefParseXML.

	conf: make hostdev info a separate object
	In order to allow for a virDomainHostdevDef that uses the
	virDomainDeviceInfo of a "higher level" device (such as a
	virDomainNetDef), this patch changes the virDomainDeviceInfo in the
	HostdevDef into a virDomainDeviceInfoPtr. Rather than adding checks
	all over the code to check for a null info, we just guarantee that it
	is always valid. The new function virDomainHostdevDefAlloc() allocates
	a virDomainDeviceInfo and plugs it in, and virDomainHostdevDefFree()
	makes sure it is freed.
	There were 4 places allocating virDomainHostdevDefs, all of them
	parsers of one sort or another, and those have all had their
	VIR_ALLOC(hostdev) changed to virDomainHostdevDefAlloc(). Other than
	that, and the new functions, all the rest of the changes are just
	mechanical removals of "&" or changing "." to "->".

	conf: add device pointer to args of virDomainDeviceInfoIterate callback
	There will be cases where the iterator callback will need to know the
	type of the device whose info is being operated on, and possibly even
	need to use some of the device's config. This patch adds a
	virDomainDeviceDefPtr to the args of every callback, and fills it in
	appropriately as the devices are iterated through.

	qemu: rename virDomainDeviceInfoPtr variables to avoid confusion
	The virDomainDeviceInfoPtrs in qemuCollectPCIAddress and
	qemuComparePCIDevice are named "dev" and "dev1", but those functions
	will be changed (in order to match a change in the args sent to
	virDomainDeviceInfoIterate() callback args) to contain a
	virDomainDeviceDefPtr device.
	This patch renames "dev" to "info" (and "dev[n]" to "info[n]") to
	avoid later confusion.

	conf: reorder static functions in domain_conf.c
	No code change, movement only.  This is necessary to eliminate forward
	references.

	conf: relocate virDomainDeviceDef and virDomainHostdevDef
	This patch is only code movement + adding some forward definitions of
	typedefs.
	virDomainHostdevDef (not just a pointer to it, but an actual object)
	will be needed in virDomainNetDef and virDomainActualNetDef, so it
	must be relocated earlier in the file.
	Likewise, virDomainDeviceDef will be needed in virDomainHostdevDef, so
	it must be moved up even earlier. This, in turn, creates a forward
	reference problem, but fortunately only with pointers to other device
	types, so their typedefs can be moved up in the file, eliminating the
	problem.

	conf: add missing device types to virDomainDevice(Type|Def)
	Not all device types were represented in virDomainDeviceType, so some
	types of devices couldn't be represented in a virDomainDeviceDef
	(which requires a different type of pointer in the union for each
	different kind of device).
	Since serial, parallel, channel, and console devices are all
	virDomainChrDef, and the virDomainDeviceType is never used to produce
	a string from the type (and only used in the other direction
	internally to code, never to produce XML), I only added one "CHR"
	type, which is associated with "virDomainChrDefPtr chr" in the union.

2012-03-06  Jim Fehlig  <jfehlig@suse.com>

	Fix build after commit e3ba4025
	Commit e3ba4025 introduced a few build errors with HAVE_LIBNL undefined.

2012-03-06  Laine Stump  <laine@laine.org>

	util: eliminate crash in virNetDevMacVLanCreateWithVPortProfile
	Commit 723d5c (added after the release of 0.9.10) adds a
	NetlinkEventClient for each interface sent to
	virNetDevMacVLanCreateWithVPortProfile. This should only be done if
	the interface actually *has* a virtPortProfile, otherwise the event
	handler would be a NOP. The bigger problem is that part of the setup
	to create the NetlinkEventClient is to do a memcpy of virtPortProfile
	- if it's NULL, this triggers a segv.
	This patch just qualifies the code that adds the client - if
	virtPortProfile is NULL, it's skipped.

2012-03-06  Eric Blake  <eblake@redhat.com>

	blockResize: add flag for bytes
	Qemu supports sizing by bytes; we shouldn't force the user to
	round up if they really wanted an unaligned total size.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_BLOCK_RESIZE_BYTES):
	New flag.
	* src/libvirt.c (virDomainBlockResize): Document it.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockResize): Take
	size in bytes.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextBlockResize):
	Likewise.  Pass bytes, not megabytes, to monitor.
	* src/qemu/qemu_driver.c (qemuDomainBlockResize): Implement new
	flag.

2012-03-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Shared or readonly disks are always safe wrt migration
	No matter what cache mode is used, readonly disks are always safe wrt
	migration. Shared disks are required to be readonly or to disable
	host-side cache, which makes them safe as well.

2012-03-05  Peter Krempa  <pkrempa@redhat.com>

	libvirt-guests: Add parallel startup and shutdown of guests
	With this patch, it's possible to shut down guests in parallel. Parallel
	startup was possible before, but this functionality was not documented
	properly.
	To enable parallel startup set the START_DELAY to 0.
	Parallel shutdown has a configurable parameter PARALLEL_SHUTDOWN that
	defines the number of machines being shut down in parallel. Enabling
	this feature changes the semantics of SHUTDOWN_TIMEOUT parameter that is
	applied as a cumulative timeout to shutdown all guests on a URI.

2012-03-05  Jiri Denemark  <jdenemar@redhat.com>

	rpc: Fix client crash on connection close
	A multi-threaded client with event loop may crash if one of its threads
	closes a connection while event loop is in the middle of sending
	keep-alive message (either request or response). The right place for it
	is inside virNetClientIOEventLoop() between poll() and
	virNetClientLock(). We should only close a connection directly if no-one
	is using it and defer the closing to the last user otherwise. So far we
	only did so if the close was initiated by keep-alive timeout.

	build: Fix build with dtrace + apparmor
	Building virt-aa-helper with dtrace probes enabled, ldd complained about
	undefined references:
	./.libs/libvirt_util.a(libvirt_util_la-event_poll.o):(.note.stapsdt+0x24):
	undefined reference to `libvirt_event_poll_purge_timeout_semaphore'
	...

2012-03-05  Osier Yang  <jyang@redhat.com>

	Fix type and add missed comment for diskChange callback
	Comment for parameter devAlias is missed. And a typo should
	be caused by copy & paste.

	qemu: Fix indention

2012-03-05  Peter Krempa  <pkrempa@redhat.com>

	cpu: Add new flag supported by qemu to the cpu definition
	Some new cpu features were added to qemu. This patch adds some of them
	to our CPU map.

2012-03-03  Zeeshan Ali (Khattak)  <zeeshanak@gnome.org>

	Correct a check for capacity arg of storageVolumeResize()
	Lets say I got a volume with '1G' allocation and '10G' capacity. The
	available space in the parent pool is '5G'. With the current check for
	overcapacity, I can only try to resize to <= '6G'. You see the problem?

2012-03-03  Laine Stump  <laine@laine.org>

	util: combine bools in virNetDevTapCreateInBridgePort into flags
	With an additional new bool added to determine whether or not to
	discourage the use of the supplied MAC address by the bridge itself,
	virNetDevTapCreateInBridgePort had three booleans (well, 2 bools and
	an int used as a bool) in the arg list, which made it increasingly
	difficult to follow what was going on. This patch combines those three
	into a single flags arg, which not only shortens the arg list, but
	makes it more self-documenting.

2012-03-03  Ansis Atteka  <aatteka@nicira.com>

	util: centralize tap device MAC address 1st byte "0xFE" modification
	When a tap device for a domain is created and attached to a bridge,
	the first byte of the tap device MAC address is set to 0xFE, while the
	rest is set to match the MAC address that will be presented to the
	guest as its network device MAC address. Setting this high value in
	the tap's MAC address discourages the bridge from using the tap
	device's MAC address as the bridge's own MAC address (Linux bridges
	always take on the lowest numbered MAC address of all attached devices
	as their own).
	In one case within libvirt, a tap device is created and attached to
	the bridge with the intent that its MAC address be taken on by the
	bridge as its own (this is used to assure that the bridge has a fixed
	MAC address to prevent network outages created by the bridge MAC
	address "flapping" as guests are started and stopped). In this case,
	the first byte of the mac address is *not* altered to 0xFE.
	In the current code, callers to virNetDevTapCreateInBridgePort each
	make the MAC address modification themselves before calling, which
	leads to code duplication, and also prevents lower level functions
	from knowing the real MAC address being used by the guest. The problem
	here is that openvswitch bridges must be informed about this MAC
	address, or they will be unable to pass traffic to/from the guest.
	This patch centralizes the location of the MAC address "0xFE fixup"
	into virNetDevTapCreateInBridgePort(), meaning 1) callers of this
	function no longer need the extra strange bit of code, and 2)
	bitNetDevTapCreateBridgeInPort itself now is called with the guest's
	unaltered MAC address, and can pass it on, unmodified, to
	virNetDevOpenvswitchAddPort.
	There is no other behavioral change created by this patch.

2012-03-02  Peter Krempa  <pkrempa@redhat.com>

	daemon: Remove deprecated HAL from init script dependencies
	The init script for the daemon requests to start HAL although it has
	been deprecated long time ago. This patch removes the dependency.

2012-03-02  Eric Blake  <eblake@redhat.com>

	build: fix output of pid values
	Nuke the last vestiges of printing pid_t values with the wrong
	types, at least in code compiled on mingw64.  There may be other
	places, but for now they are only compiled on systems where the
	existing %d doesn't trigger gcc warnings.
	* src/rpc/virnetsocket.c (virNetSocketNew): Use %lld and casting,
	rather than assuming any particular int type for pid_t.
	* src/util/command.c (virCommandRunAsync, virPidWait)
	(virPidAbort): Likewise.
	(verify): Drop a now stale assertion.

	build: use correct type for pid and similar types
	No thanks to 64-bit windows, with 64-bit pid_t, we have to avoid
	constructs like 'int pid'.  Our API in libvirt-qemu cannot be
	changed without breaking ABI; but then again, libvirt-qemu can
	only be used on systems that support UNIX sockets, which rules
	out Windows (even if qemu could be compiled there) - so for all
	points on the call chain that interact with this API decision,
	we require a different variable name to make it clear that we
	audited the use for safety.
	Adding a syntax-check rule only solves half the battle; anywhere
	that uses printf on a pid_t still needs to be converted, but that
	will be a separate patch.
	* cfg.mk (sc_correct_id_types): New syntax check.
	* src/libvirt-qemu.c (virDomainQemuAttach): Document why we didn't
	use pid_t for pid, and validate for overflow.
	* include/libvirt/libvirt-qemu.h (virDomainQemuAttach): Tweak name
	for syntax check.
	* src/vmware/vmware_conf.c (vmwareExtractPid): Likewise.
	* src/driver.h (virDrvDomainQemuAttach): Likewise.
	* tools/virsh.c (cmdQemuAttach): Likewise.
	* src/remote/qemu_protocol.x (qemu_domain_attach_args): Likewise.
	* src/qemu_protocol-structs (qemu_domain_attach_args): Likewise.
	* src/util/cgroup.c (virCgroupPidCode, virCgroupKillInternal):
	Likewise.
	* src/qemu/qemu_command.c(qemuParseProcFileStrings): Likewise.
	(qemuParseCommandLinePid): Use pid_t for pid.
	* daemon/libvirtd.c (daemonForkIntoBackground): Likewise.
	* src/conf/domain_conf.h (_virDomainObj): Likewise.
	* src/probes.d (rpc_socket_new): Likewise.
	* src/qemu/qemu_command.h (qemuParseCommandLinePid): Likewise.
	* src/qemu/qemu_driver.c (qemudGetProcessInfo, qemuDomainAttach):
	Likewise.
	* src/qemu/qemu_process.c (qemuProcessAttach): Likewise.
	* src/qemu/qemu_process.h (qemuProcessAttach): Likewise.
	* src/uml/uml_driver.c (umlGetProcessInfo): Likewise.
	* src/util/virnetdev.h (virNetDevSetNamespace): Likewise.
	* src/util/virnetdev.c (virNetDevSetNamespace): Likewise.
	* tests/testutils.c (virtTestCaptureProgramOutput): Likewise.
	* src/conf/storage_conf.h (_virStoragePerms): Use mode_t, uid_t,
	and gid_t rather than int.
	* src/security/security_dac.c (virSecurityDACSetOwnership): Likewise.
	* src/conf/storage_conf.c (virStorageDefParsePerms): Avoid
	compiler warning.

	build: prohibit cross-inclusion
	Make it easier to detect invalid cross-directory includes, by
	adding a syntax check.  The check is designed to be extensible:
	the default case lists only the non-driver directories, and
	specific directories can list a different set (for example,
	util/ can only use itself, network/ can only use itself, util/,
	or conf/).
	* .gnulib: Update to latest, for syntax check improvment.
	* cfg.mk (sc_prohibit_cross_inclusion): New check.
	(sc_prohibit_strncmp, sc_libvirt_unmarked_diagnostics): Simplify.

2012-03-02  Hu Tao  <hutao@cn.fujitsu.com>

	avoid global variable shadowed
	If "conf/domain_conf.h" included in file nodeinfo.c, gcc complains about
	a variable shadowing. fix it for potential further including of the file.
	ref: https://www.redhat.com/archives/libvir-list/2012-February/msg00955.html

2012-03-02  Laine Stump  <laine@laine.org>

	util: remove unneeded #include in virrandom.c
	Commit 7c90026 added #include "conf/domain_conf.h" to
	util/virrandom.c. Fortunately it didn't actually use anything from
	domain_conf.h, since as far as I'm aware, files in util aren't allowed
	to reference anything in conf (although the opposite is allowed). So
	this #include is unnecessary.
	I verified it still compiles with the line removed, but have placed a
	one day moratorium on me doing any "trivial rule" pushes, so will
	wait for someone else to verify/ACK before pushing.

2012-03-01  Eric Blake  <eblake@redhat.com>

	virsh: expose partial pull
	Now virsh can call virDomainBlockRebase.
	* tools/virsh.c (cmdBlockPull): Add --base parameter.
	(blockJobImpl): Use it to expose BlockRebase API.
	* tools/virsh.pod (blockpull): Document it.

	qemu: pass block pull backing file to monitor
	This actually wires up the new optional parameter to block_stream:
	http://wiki.qemu.org/Features/LiveBlockMigration/ImageStreamingAPI
	The error checking is still sparse, since libvirt must not use
	qemu-img or header probing on a qcow2 file in use by qemu to
	check if the backing file name is valid; so for now, libvirt is
	relying on qemu to diagnose an incorrect backing name.  Fixing this
	will require libvirt to track the entire backing file chain at the
	time qemu is started and keeps it updated with snapshot and pull
	operations.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockJob): Add
	parameter, and update callers.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockJob): Update
	signature.
	* src/qemu/qemu_monitor.h (qemuMonitorBlockJob): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Update caller.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockJob): Likewise.

	qemu: require json for block jobs
	Block job commands are not part of upstream qemu until 1.1; and
	proper support of job completion and cancellation depends on being
	able to receive QMP events, which implies the JSON monitor.
	Additionally, some early versions of block job commands were
	backported to RHEL qemu, but these versions lacked asynchronous
	job cancellation and partial block pull, so there are several
	patches that will still be needed in this area of libvirt code
	to support both flavors of block job commands.
	Due to earlier patches in libvirt, we are guaranteed that all versions
	of qemu that support block job commands already require libvirt to
	use the JSON monitor.  That means that the text version of block jobs
	will not be used, and having to refactor two copies of the block job
	handlers makes no sense.  So instead, we delete the text handlers.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockJob): Drop text monitor
	support.
	* src/qemu/qemu_monitor_text.h (qemuMonitorTextBlockJob): Delete.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextParseBlockJobOne)
	(qemuMonitorTextParseBlockJob, qemuMonitorTextBlockJob):
	Likewise.

2012-03-01  Laine Stump  <laine@laine.org>

	fix alphabetical order of virNetlink functions in symbol file

	util: wrap virnetlink.c to 80 columns

2012-03-01  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	It's been a while, and we're between releases, so now's as good
	a time as any to resync.  This also fixes a build-breaker on
	cygwin, where cygwin 1.7.11 introduced a header bug in <termios.h>.
	* .gnulib: Update to latest.
	* bootstrap: Resync.
	* cfg.mk (sc_prohibit_strncmp): Copy upstream changes to
	sc_prohibit_strcmp.

2012-03-01  Christophe Fergeau  <cfergeau@redhat.com>

	Fix typo in domain XML documentation
	s/Modyfing/Modifying

2012-02-29  D. Herrendoerfer  <d.herrendoerfer@herrendoerfer.name>

	Add de-association handling to macvlan code
	Add de-association handling for 802.1qbg (vepa) via lldpad
	netlink messages. Also adds the possibility to perform an
	association request without waiting for a confirmation.

	util: Add netlink event handling to virnetlink.c
	This code adds a netlink event interface to libvirt.
	It is based upon the event_poll code and makes use of
	it. An event is generated for each netlink message sent
	to the libvirt pid.

2012-02-29  Martin Kletzander  <mkletzan@redhat.com>

	Support for cpu64-rhel* qemu cpu models
	In qemu there are 2 cpu models (cpu64-rhel5 and cpu64-rhel6) not
	supported by libvirt. This patch adds the support with the flags
	specifications from /usr/share/qemu-kvm/cpu-model/cpu-x86_64.conf
	The only difference is that AMD-specific features are removed so
	the processor type is not vendor-specific. Those features are either
	emulated or ignored by qemu if host CPU doesn't support them.

	lxc: Cleaner fix for compilation without SELinux
	Just a cleanup of commit 32f881c6c42f94da70a3782fe20a058fe3dc39cc.

2012-02-29  Peter Krempa  <pkrempa@redhat.com>

	libvirt-guests: Check if URI is reachable before launching commands
	This patch adds a check to the libvirt-guests script to check for the
	URI to be alive before attempting any calls. This avoids nasty error
	messages and allows us to fail gracefully and continue on other URIs
	configured in the script.

	libvirt-guests: Don't try to do a managed-save of transient guests
	The libvirt-guests script tried to do a managed save of transient guest
	that failed. This patch notifies which guests are transient (and not
	being saved) and saves only the persistent ones.

	libvirt-guests: Add documentation and clean up to use virsh's improved list
	This patch adds documentation to functions defined in the libvirt-guests
	init script and changes use of virsh's new commands to make the script
	easier.

2012-02-29  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add pre-migration hook
	This hook is called during the Prepare phase on destination host and may
	be used for changing domain XML.

	hooks: Add support for capturing hook output
	Hooks may now be used as filters.

2012-02-29  Michal Privoznik  <mprivozn@redhat.com>

	storage: fix typo
	* src/storage/storage_driver.c (storageVolumeWipeInternal):
	    s/ pfitzner33/pfitzner33/.

2012-02-29  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't emit tls-port spice option if port is -1
	Bug introduced by commit eda0fc7a.

2012-02-29  Alex Jia  <ajia@redhat.com>

	docs: comments wiping supported algorithms
	The current scrub version doesn't support pfitzner7, pfitzner33 and schneier
	patterns on RHEL, we should comment it in virsh man page.
	* tools/virsh.pod: update wiping algorithms docs.

	util: fix a typo
	* src/util/event_poll.c: (virEventPollRunOnce): s/imeout/timeout/.

	storage: fix a typo
	* src/storage/storage_driver.c (storageVolumeWipeInternal): s/shneier/schneier.
	http://code.google.com/p/diskscrub/

2012-02-29  Daniel Veillard  <veillard@redhat.com>

	Do not include binaries in EXTRA_DIST
	commit f27f616ff899732fe90ce1f0f4abb3887cea5e17 broke "make dist"
	by adding qemumonitortest which is a generated binary to the
	EXTRA_DIST, hence breaking "make dist"

2012-02-29  Michal Privoznik  <mprivozn@redhat.com>

	docs: Fix libvirt name in qemu commandline namespace URL
	s/libirt/libvirt/g

2012-02-28  Laine Stump  <laine@laine.org>

	libxl: eliminate memory leak in libxmlDomainModifyDeviceFlags
	This call to virDomainDeviceDefParse is both unnecessary (since
	it will again be called at the top of the immediately following if(),
	and if not there, then at the top of the if following that), but it
	also creates a leak of one virDomainDeviceDef and one [whatever type
	of device the DeviceDef is pointing to; probably a virDomainDiskDef]
	in the case that the function has been called with
	VIR_DOMAIN_DEVICE_MODIFY_CONFIG (the second parse will overwrite the
	devicedef that was just created).

2012-02-28  Osier Yang  <jyang@redhat.com>

	virsh: Break long lines in virsh.pod
	No content changes, just breaking long lines.

	virsh: New command cmdChangeMedia
	One could use it to eject, insert, or update media of the CDROM
	or floppy drive. See the documentation for more details.

	virsh: Use vshFindDisk and vshPrepareDiskXML in cmdDetachDisk
	The first use of the two new helper functions.

	virsh: Two new helper functions for disk device changes
	vshFindDisk is to find the disk node in xml doc with given source
	path or target of disk device, and type (indicates disk type,
	normal disk or changeable disk).
	vshPrepareDiskXML is to make changes on the disk node (e.g. create
	and insert the new <source> node for inserting media of CDROM drive).
	They are marked as unused temporarily.

	tests: Add tests for virtio-scsi and ibmvscsi controllers

	qemu: Build command line for the new address format
	For any disk controller model which is not "lsilogic", the command
	line will be like:
	  -drive file=/dev/sda,if=none,id=drive-scsi0-0-3-0,format=raw \
	  -device scsi-disk,bus=scsi0.0,channel=0,scsi-id=3,lun=0,i\
	  drive=drive-scsi0-0-3-0,id=scsi0-0-3-0
	The relationship between the libvirt address attrs and the qdev
	properties are (controller model is not "lsilogic"; strings
	inside <> represent libvirt adress attrs):
	  bus=scsi<controller>.0
	  channel=<bus>
	  scsi-id=<target>
	  lun=<unit>
	* src/qemu/qemu_command.h: (New param "virDomainDefPtr def"
	  for function qemuBuildDriveDevStr; new param "virDomainDefPtr
	  vmdef" for function qemuAssignDeviceDiskAlias. Both for
	  virDomainDiskFindControllerModel's use).
	* src/qemu/qemu_command.c:
	  - New param "virDomainDefPtr def" for qemuAssignDeviceDiskAliasCustom.
	    For virDomainDiskFindControllerModel's use, if the disk bus is "scsi"
	    and the controller model is not "lsilogic", "target" is one part of
	    the alias name.
	  - According change on qemuAssignDeviceDiskAlias and qemuBuildDriveDevStr
	* src/qemu/qemu_hotplug.c:
	  - Changes to be consistent with declarations of qemuAssignDeviceDiskAlias
	    qemuBuildDriveDevStr, and qemuBuildControllerDevStr.
	* tests/qemuxml2argvdata/qemuxml2argv-pseries-vio-user-assigned.args,
	  tests/qemuxml2argvdata/qemuxml2argv-pseries-vio.args: Update the
	  generated command line.

	qemu: New cap flag to indicate if channel is supported by scsi-disk

	conf: Introduce new attribute for device address format
	* src/conf/domain_conf.h: Add new member "target" to struct
	  _virDomainDeviceDriveAddress.
	* src/conf/domain_conf.c: Parse and format "target"
	* Lots of tests (.xml) in tests/domainsnapshotxml2xmlout,
	  tests/qemuxml2argvdata, tests/qemuxml2xmloutdata, and
	  tests/vmx2xmldata/ are modified for newly introduced
	  attribute "target" for address of "drive" type.

	conf: Add helper function to look up disk controller model

2012-02-28  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: add virtio-scsi controller model
	Adding a new model for virtio-scsi roughly follows the same scheme
	as the previous patch.

	qemu: add ibmvscsi controller model
	KVM will be able to use a PCI SCSI controller even on POWER.  Let
	the user specify the vSCSI controller by other means than a default.
	After this patch, the QEMU driver will actually look at the model
	and reject anything but auto, lsilogic and ibmvscsi.

2012-02-28  Laine Stump  <laine@laine.org>

	qemu: fix cleanup of bridge during failure of qemuDomainAttachNetDevice
	In qemuDomainAttachNetDevice, the guest's tap interface has only been
	attached to the bridge if iface_connected is true. It's possible for
	an error to occur prior to that happening, and previously we would
	attempt to remove the tap interface from the bridge even if it hadn't
	been attached.

2012-02-28  Josh Durgin  <josh.durgin@dreamhost.com>

	qemu: unescape HMP commands before converting them to json
	QMP commands don't need to be escaped since converting them to json
	also escapes special characters. When a QMP command fails, however,
	libvirt falls back to HMP commands. These fallback functions
	(qemuMonitorText*) do their own escaping, and pass the result directly
	to qemuMonitorHMPCommandWithFd. If the monitor is in json mode, these
	pre-escaped commands will be escaped again when converted to json,
	which can result in the wrong arguments being sent.
	For example, a filename test\file would be sent in json as
	test\\file.
	This prevented attaching an image file with a " or \ in its name in
	qemu 1.0.50, and also broke rbd attachment (which uses backslashes to
	escape some internal arguments.)
	Reported-by: Masuko Tomoya <tomoya.masuko@gmail.com>

2012-02-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add ability to abort existing console while creating new one
	This patch fixes console corruption, that happens if two concurrent
	sessions are opened for a single console on a domain. Result of this
	corruption was that each of the console streams recieved just a part
	of the data written to the pipe so every console rendered unusable.
	New helper function for safe console handling is used to establish the
	console stream connection. This function ensures that no other libvirt
	client is using the console (with the ability to disconnect consoles of
	libvirt clients) and that no UUCP style lockfile is placed on the PTY
	device.
	* src/qemu/qemu_domain.h
	        - add data structure to domain's private data dealing with
	          console connections
	* src/qemu/qemu_domain.c:
	        - allocate/free domain's console data structure
	* src/qemu/qemu_driver.c
	        - use the new helper function for console handling

	util: Add helpers for safe domain console operations
	This patch adds a set of functions used in creating console streams for
	domains using PTYs and ensures mutually exclusive access to the PTYs.
	If mutually exclusive access is not used, two clients may open the same
	console, which results in corruption on both clients as both of them
	race to read data from the PTY.
	Two approaches are used to ensure this:
	1) Internal data structure holding open PTYs.
	        This is used internally and enables the user to forcibly
	        terminate another console connection eg. when somebody leaves
	        the console open on another host.
	2) UUCP style lock files:
	        This uses UUCP lock files according to the  FHS
	        ( http://www.pathname.com/fhs/pub/fhs-2.3.html#VARLOCKLOCKFILES )
	        to check if other programs (like minicom) are not using the pty
	        device of the console.
	        This feature is disabled by default and may be enabled using
	        configure parameter
	        --with-console-lock-files=/path/to/lock/file/directory
	        or --with-console-lock-files=auto (which tries to infer the
	        location from OS used (currently only linux).
	        On usual linux systems, normal users may not write to the
	        /var/lock directory containing the locks. This poses problems
	        while in session mode. If the current user has no access to the
	        lockfile directory, check for presence of the file is still
	        done, but no lock file is created. This does NOT result in an
	        error.

	fdstream: Add internal callback on stream close
	This patch adds another callback to a FDstream object. The original
	callback is used by the daemon stream driver to handle events.
	This callback is called if and only if the stream is about to be closed.
	This might be used to handle cleanup steps after a fdstream exits. This
	will be used later on in ensuring mutually exclusive access to consoles.
	* src/fdstream.c:
	        - emit the callback, when stream is being closed
	        - add data structures needed to handle the callback
	        - add function to register callback
	* src/fdstream.h:
	        - define function prototypes for the callback

	fdstream: Emit stream abort callback even if poll() doesnt.
	This patch causes the fdstream driver to call the stream event callback
	if virStreamAbort() is called on a stream using this driver.
	A remote handler for a stream can only detect changes via stream events,
	so this event callback is necessary in order to enable a daemon to abort
	a stream in such a way that the client will see the change.
	* src/fdstream.c:
	        - modify close function to call stream event callback

	virsh: add support for VIR_DOMAIN_CONSOLE_* flags
	This patch adds support for the newly introduced
	VIR_DOMAIN_CONSOLE_FORCE and VIR_DOMAIN_CONSOLE_SAFE flags. The console
	command now has an optional parameter --force that specifies that the
	user wants to forcibly interrupt an ongoing console session and create
	a new one. Flag --safe requests that the console should be opened only
	if the hypervisor driver supports safe console handling.
	The behaviour to this point was that the daemon opened two streams to
	the console, that competed for data from the pipe, and the result was
	that both of the consoles ended up scrambled.
	This patch doesn't modify operation of other commands dealing with
	console connections (start, create) as those open connections to newly
	started domains making it virtually impossible for another client to race
	for the console and steal it.
	* tools/console.c:
	        - add support for flag passthrough
	* tools/console.h:
	        - modify function prototypes to match impl.
	* tools/virsh.c:
	        - add flag --force for the console command

	Add flags for virDomainOpenConsole
	This patch adds a set of flags to be used with the virDomainOpenConsole
	API call to specify if the user wishes to interrupt an existing console
	session or just to try open a new one.
	VIR_DOMAIN_CONSOLE_SAFE - specifies that the console connection should
	                          be opened only if the hypervisor supports
	                          mutually exclusive access to console devices
	VIR_DOMAIN_CONSOLE_FORCE - specifies that the caller wishes to interrupt
	                           existing session and force a creation of a
	                           new one.

	pidfile: Make checking binary path in virPidFileRead optional
	This patch changes behavior of virPidFileRead to enable passing NULL as
	path to the binary the pid file should be checked against to skip this
	check. This enables using this function for reading files that have same
	semantics as pid files, but belong to unknown processes.

2012-02-27  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement virDomainPMWakeup API
	using 'system-wakeup' monitor command. It is supported only in JSON,
	as we are enabling it if possible. Moreover, this command is available
	in qemu-1.1+ which definitely has JSON.

	virsh: Expose virDomainPMWakeup

	Introduce virDomainPMWakeup API
	This API allows a domain which previously called
	virDomainPMSuspendForDuration() to be woken up.

2012-02-25  Martin Kletzander  <mkletzan@redhat.com>

	Fixed URI parsing
	Function xmlParseURI does not remove square brackets around IPv6
	address when parsing. One of the solutions is making wrappers around
	functions working with xmlURI*. This assures that uri->server will be
	always properly assigned and it doesn't have to be changed when used
	on some new place in the code.
	For this purpose, functions virParseURI and virSaveURI were
	added. These function are wrappers around xmlParseURI and xmlSaveUri
	respectively.
	Also there is one new syntax check function to prohibit these functions
	anywhere else.
	File changes:
	 - src/util/viruri.h        -- declaration
	 - src/util/viruri.c        -- definition
	 - src/libvirt_private.syms -- symbol export
	 - src/Makefile.am          -- added source and header files
	 - cfg.mk                   -- added sc_prohibit_xmlURI
	 - all others               -- ID name and include fixes

	Fixed service handling in specfile
	After adding the libvirt-guests service into usual runlevels, we used
	to start the libvirt-guests service. However this is usually not a
	good practice. As mentioned on fedoraproject wiki, the installations
	can be in changeroots, in an installer context, or in other situations
	where we don't want the services autostarted.

2012-02-25  Laine Stump  <laine@laine.org>

	virsh: fix informational message in iface-bridge command
	See: https://bugzilla.redhat.com/show_bug.cgi?id=797066
	The position of the bridge name and ethernet device name were
	accidentally swapped in the message informing of success creating the
	bridge.

2012-02-25  Daniel P. Berrange  <berrange@redhat.com>

	Workaround python header file insanity
	The /usr/include/python/pyconfig.h file pollutes the global
	namespace with a huge number of HAVE_XXX and WITH_XXX
	defines. These change what we detected in our own config.h
	In particular if you try to build without DTrace, python's
	headers turn it back on with predictable fail.
	THe hack to workaround this is to rename WITH_DTRACE to
	WITH_DTRACE_PROBES to avoid the namespace clash

	Improve error reporting when virsh console is run without a TTY
	If attempting to run
	  ssh root@somehost virsh console someguest
	You'll get an error
	  2012-02-15 13:11:47.683+0000: 4765: info : libvirt version: 0.9.10, package: 1.fc18 (Unknown, 2012-02-15-11:48:57, lettuce.camlab.fab.redhat.com)
	  2012-02-15 13:11:47.683+0000: 4765: error : vshRunConsole:320 : unable to get tty attributes: Invalid argument
	  Connected to domain f16x86_64
	  Escape character is ^]
	There are several problems here
	 - The actual error message is bad for users
	 - We shouldn't rely on VIR_ERROR for this case
	 - The prompt makes it look like we still connected
	   because we didn't flush stdout.
	* virsh.c: Flush stdout before starting console and check
	  for a valid tty

2012-02-25  Christophe Fergeau  <cfergeau@redhat.com>

	Error out when using SPICE TLS with spice_tls=0
	It's possible to disable SPICE TLS in qemu.conf. When this happens,
	libvirt ignores any SPICE TLS port or x509 directory that may have
	been set when it builds the qemu command line to use. However, it's
	not ignoring the secure channels that may have been set and adds
	tls-channel arguments to qemu command line.
	Current qemu versions don't report an error when this happens, and try to use
	TLS for the specified channels.
	Before this patch
	<domain type='kvm'>
	  <name>auto-tls-port</name>
	  <memory>65536</memory>
	  <os>
	    <type arch='x86_64' machine='pc'>hvm</type>
	  </os>
	  <devices>
	    <graphics type='spice' port='5900' tlsPort='-1' autoport='yes' listen='0' ke
	      <listen type='address' address='0'/>
	      <channel name='main' mode='secure'/>
	      <channel name='inputs' mode='secure'/>
	    </graphics>
	  </devices>
	</domain>
	generates
	-spice port=5900,addr=0,disable-ticketing,tls-channel=main,tls-channel=inputs
	and starts QEMU.
	After this patch, an error is reported if a TLS port is set in the XML
	or if secure channels are specified but TLS is disabled in qemu.conf.
	This is the behaviour the oVirt people (where I spotted this issue) said
	they would expect.
	This fixes bug #790436

2012-02-24  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vmx: Better Workstation vmx handling
	This patch adds support for vmx files with empty networkName
	values (which is the case for vmx generated by Workstation).
	It also adds support for vmx containing NATed network interfaces.
	Update test suite accordingly

2012-02-24  Benjamin Cama  <benoar@dolka.fr>

	virterror: Misleading error message when name is missing
	[forwarding this here from RH bug #796732]
	When creating a network (virsh net-create) with an erroneous XML
	containing an empty <name> element, the error message is misleading:
	error: Failed to create network from foo.xml
	error: missing domain name information
	It took me a bit of time to figure out that it was the *network* name
	that was missing (I generate this xml and didn't look at it, first).
	I realized that the same message is used for missing name when creating
	a domain, network, or device node.

2012-02-24  Dave Allan  <dallan@redhat.com>

	Update bug reporting page
	Remove suggestion that people file bugs against RHEL 5 and add a
	suggestion that people increase the visibility of their bugs by
	mentioning them on libvir-list.

2012-02-23  Eric Blake  <eblake@redhat.com>

	qemu: nicer error message on failed graceful destroy
	https://bugzilla.redhat.com/show_bug.cgi?id=795656 mentions
	that a graceful destroy request can time out, meaning that the
	error message is user-visible and should be more appropriate
	than just internal error.
	* src/qemu/qemu_driver.c (qemuDomainDestroyFlags): Swap error type.

2012-02-23  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Forbid migration with cache != none
	Migrating domains with disks using cache != none is unsafe unless the
	disk images are stored on coherent clustered filesystem. Thus we forbid
	migrating such domains unless VIR_MIGRATE_UNSAFE flags is used.

	Introduce virStorageFileIsClusterFS

	virsh: Add --unsafe option to migrate command

2012-02-22  Jiri Denemark  <jdenemar@redhat.com>

	Add support for unsafe migration
	This patch adds VIR_MIGRATE_UNSAFE flag for migration APIs and new
	VIR_ERR_MIGRATION_UNSAFE error code.  The error code should be returned
	whenever migrating a domain is considered unsafe (e.g., it's configured
	in a way that does not ensure data integrity once it is migrated).
	VIR_MIGRATE_UNSAFE flag may be used to force migration even though it
	would normally be considered unsafe and forbidden.

2012-02-22  Michal Privoznik  <mprivozn@redhat.com>

	configure: Define program name if not found
	AC_CHECK_PROG checks for program in given path. However, if it doesn't
	exists, [variable] is set to [value-if-not-found]. We don't want this
	to be the empty string in case of 'modprobe' and 'scrub' as we want to
	fallback to runtime detection.

	util: Fix virFileAccessibleAs return path from parent
	Despite documentation, if we do fork() parent always returns -1
	even if file is accessible. Which is wrong obviously.

2012-02-22  Peter Krempa  <pkrempa@redhat.com>

	virsh: Enhance list command to ease creation of shell scripts
	This patch adds new options to the "virsh list" command enabling
	filtering of persistent and transient domains along with the option to
	print only UUIDs or names of domains instead of printing the table.
	Option --name prints domain names (one per line) instead of the default
	table. Similarly --uuid prints domain's UUID. The option --table is
	an alias for the default behavior.
	Aditionally --persistent and/or --transient may be specified to filter
	the output of domains.

2012-02-22  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vmware: implement domainXMLFromNative

2012-02-22  Peter Krempa  <pkrempa@redhat.com>

	lib: Fix function documentation for virConnectListDomains
	Clarify the documentation of virConnectListDomains.

2012-02-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Correctly disable HTTP Expect header usage of libcurl
	Adding "Expect:" to the header list stops libcurl from sending a
	Expect header at all.
	Before, a dummy Expect header was added that might confuse HTTP
	proxies and result in HTTP error code 417 being reported.

2012-02-21  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix docs for list command
	Commit fad5cd210899dfde4afe36712754dc921c3f3051 introduced option to
	display domain's title in the list command output. There was a mistake
	in the virsh man page example for this command stating --note instead of
	--title.

2012-02-21  Cole Robinson  <crobinso@redhat.com>

	caps: Improve error if passed an unknown arch
	Previously we would have:
	"os type 'hvm' & arch 'idontexist' combination is not supported"
	Now we get
	"No guest options available for arch 'idontexist'"
	or if options available but guest OS type not applicable:
	"No os type 'xen' available for arch 'x86_64'"

2012-02-21  Peter Robinson  <pbrobinson@gmail.com>

	spec: use ix86 macros
	* libvirt.spec.in: Use %{ix86} rather than open-coded list.

2012-02-20  Lincoln Myers  <lincoln_myers@yahoo.com>

	Fix compilation on MacOS X
	* src/util/virfile.h: the virFileWrapperFdFlags being defined as
	  a globa variable instead of a type ended up generating a duplicate
	  symbol error.
	* AUTHORS: added Lincoln Myers

2012-02-17  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: improved logging during driver initialization
	Improve the logging during driver initialization when testing the command
	line tools.

2012-02-16  Alex Jia  <ajia@redhat.com>

	qemu: Prevent crash of libvirtd without guest agent
	* src/qemu/qemu_process.c (qemuFindAgentConfig): avoid crash libvirtd due to
	deref a NULL pointer.
	* How to reproduce?
	1. virsh edit the following xml into guest configuration:
	    <channel type='pty'>
	      <target type='virtio'/>
	    </channel>
	2. virsh start <domain>
	or
	% virt-install -n foo -r 1024 --disk path=/var/lib/libvirt/images/foo.img,size=1 \
	--channel pty,target_type=virtio -l <installation tree>

2012-02-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Unlock monitor when connecting to dest qemu fails
	When migrating a qemu domain, we enter the monitor, send some commands,
	try to connect to destination qemu, send other commands, end exit the
	monitor. However, if we couldn't connect to destination qemu we forgot
	to exit the monitor.
	Bug introduced by commit d9d518b1c8ef3b65658cc91f85ba33a63c0959a4.

	qemu: Fix segfault when host CPU is empty
	In case libvirtd cannot detect host CPU model (which may happen if it
	runs inside a virtual machine), the daemon is likely to segfault when
	starting a new qemu domain. It segfaults when domain XML asks for host
	(either model or passthrough) CPU or does not ask for any specific CPU
	model at all.

2012-02-16  Michal Privoznik  <mprivozn@redhat.com>

	storage: Allow runtime detection of scrub
	Currently, if scrub (used for wiping algorithms) is not present
	at compile time, we don't support any other wiping algorithms than
	zeroing, even if it was installed later. Switch to runtime detection
	instead.

2012-02-16  Jim Fehlig  <jfehlig@suse.com>

	Fix polkit0 authentication
	Commit 7033c5f2 introduced some bugs in polkit0 authentication.
	Fix libvirtd segfault in remoteDispatchAuthPolkit().
	Fix polkit authentication bypass when caller UID = 0.

	Fix build with polkit0
	Commit 8dd623b9 introduced a build error with --enable-compile-warnings=error
	  remote.c:2593: error: unused variable 'rv' [-Wunused-variable]
	Pushing under build-breaker rule.

2012-02-16  Alex Jia  <ajia@redhat.com>

	python: Expose virDomain{G,S}etInterfaceParameters APIs in python binding
	The v4 patch corrects indentation issues.
	The v3 patch follows latest python binding codes and change 'size'
	type from int to Py_ssize_t.
	An simple example to show how to use it:
	#!/usr/bin/env python
	import libvirt
	conn = libvirt.open(None)
	dom = conn.lookupByName('foo')
	print dom.interfaceParameters('vnet0', 0)
	params = {'outbound.peak': 10,
	          'inbound.peak': 10,
	          'inbound.burst': 20,
	          'inbound.average': 20,
	          'outbound.average': 30,
	          'outbound.burst': 30}
	print dom.setInterfaceParameters('vnet0', params, 0)
	print dom.interfaceParameters('vnet0', 0)

2012-02-16  Eric Blake  <eblake@redhat.com>

	snapshot: fix snapshot deletion use-after-free
	Bug introduced in commit 35abced.  On an inactive domain,
	$ virsh snapshot-create-as dom snap
	$ virsh snapshot-create dom
	$ virsh snapshot-create dom
	$ virsh snapshot-delete --children dom snap
	could crash libvirtd, due to a use-after-free that results
	when the callback freed the current element in the iteration.
	* src/conf/domain_conf.c (virDomainSnapshotForEachChild)
	(virDomainSnapshotActOnDescendant): Allow iteration to delete
	current child.

	daemon: fix logic bug with virAsprintf
	Regression introduced in commit 7033c5f2, due to improper conversion
	from snprintf to virAsprintf.
	* daemon/remote.c (remoteDispatchAuthList): Check return value
	correctly.

	daemon: plug memory leak
	Leak introduced in commit bb2eddc6.
	* daemon/remote.c (remoteDispatchAuthPolkit): Also free pkout on
	success.

2012-02-16  Ansis Atteka  <aatteka@nicira.com>

	network: support Open vSwitch
	This patch allows libvirt to add interfaces to already
	existing Open vSwitch bridges. The following syntax in
	domain XML file can be used:
	    <interface type='bridge'>
	      <mac address='52:54:00:d0:3f:f2'/>
	      <source bridge='ovsbr'/>
	      <virtualport type='openvswitch'>
	        <parameters interfaceid='921a80cd-e6de-5a2e-db9c-ab27f15a6e1d'/>
	      </virtualport>
	      <address type='pci' domain='0x0000' bus='0x00'
	                          slot='0x03' function='0x0'/>
	    </interface>
	or if libvirt should auto-generate the interfaceid use
	following syntax:
	    <interface type='bridge'>
	      <mac address='52:54:00:d0:3f:f2'/>
	      <source bridge='ovsbr'/>
	      <virtualport type='openvswitch'>
	      </virtualport>
	      <address type='pci' domain='0x0000' bus='0x00'
	                          slot='0x03' function='0x0'/>
	    </interface>
	It is also possible to pass an optional profileid. To do that
	use following syntax:
	   <interface type='bridge'>
	     <source bridge='ovsbr'/>
	     <mac address='00:55:1a:65:a2:8d'/>
	     <virtualport type='openvswitch'>
	       <parameters interfaceid='921a80cd-e6de-5a2e-db9c-ab27f15a6e1d'
	                   profileid='test-profile'/>
	     </virtualport>
	   </interface>
	To create Open vSwitch bridge install Open vSwitch and
	run the following command:
	    ovs-vsctl add-br ovsbr

2012-02-16  Laine Stump  <laine@laine.org>

	conf: rename virDomainNetGetActualDirectVirtPortProfile
	An upcoming patch will add a <virtualport> element to interfaces of
	type='bridge', so it makes sense to give this function a more generic
	name.

	qemu: increase the timeout before sending SIGKILL to qemu process
	The current default method of terminating the qemu process is to send
	a SIGTERM, wait for up to 1.6 seconds for it to cleanly shutdown, then
	send a SIGKILL and wait for up to 1.4 seconds more for the process to
	terminate. This is problematic because occasionally 1.6 seconds is not
	long enough for the qemu process to flush its disk buffers, so the
	guest's disk ends up in an inconsistent state.
	Since this only occasionally happens when the timeout prior to SIGKILL
	is 1.6 seconds, this patch increases that timeout to 10 seconds. At
	the very least, this should reduce the occurrence from "occasionally"
	to "extremely rarely". (Once SIGKILL is sent, it waits another 5
	seconds for the process to die before returning).
	Note that in the cases where it takes less than this for qemu to
	shutdown cleanly, libvirt will *not* wait for any longer than it would
	without this patch - qemuProcessKill polls the process and returns as
	soon as it is gone.

	qemu: drop driver lock while trying to terminate qemu process
	This patch is based on an earlier patch by Eric Blake which was never
	committed:
	https://www.redhat.com/archives/libvir-list/2011-November/msg00243.html
	Aside from rebasing, this patch only drops the driver lock once (prior
	to the first time the function sleeps), then leaves it dropped until
	it returns (Eric's patch would drop and re-acquire the lock around
	each call to sleep).
	At the time Eric sent his patch, the response (from Dan Berrange) was
	that, while it wasn't a good thing to be holding the driver lock while
	sleeping, we really need to rethink locking wrt the driver object,
	switching to a finer-grained approach that locks individual items
	within the driver object separately to allow for greater concurrency.
	This is a good plan, and at the time it made sense to not apply the
	patch because there was no known bug related to the driver lock being
	held in this function.
	However, we now know that the length of the wait in qemuProcessKill is
	sometimes too short to allow the qemu process to fully flush its disk
	cache before SIGKILL is sent, so we need to lengthen the timeout (in
	order to improve the situation with management applications until they
	can be updated to use the new VIR_DOMAIN_DESTROY_GRACEFUL flag added
	in commit 72f8a7f19753506ed957b78ad800c0f3892c9304). But, if we
	lengthen the timeout, we also lengthen the amount of time that all
	other threads in libvirtd are essentially blocked from doing anything
	(since just about everything needs to acquire the driver lock, if only
	for long enough to get a pointer to a domain).
	The solution is to modify qemuProcessKill to drop the driver lock
	while sleeping, as proposed in Eric's patch. Then we can increase the
	timeout with a clear conscience, and thus at least lower the chances
	that someone running with existing management software will suffer the
	consequence's of qemu's disk cache not being flushed.
	In the meantime, we still should work on Dan's proposal to make
	locking within the driver object more fine grained.
	(NB: although I couldn't find any instance where qemuProcessKill() was
	called with no jobs active for the domain (or some other guarantee
	that the current thread had at least one refcount on the domain
	object), this patch still follows Eric's method of temporarily adding
	a ref prior to unlocking the domain object, because I couldn't
	convince myself 100% that this was the case.)

2012-02-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix typos in API XML file paths
	* libvirt.pc.in: Add missing '/api/' in path
	* libvirt.spec.in, mingw32-libvirt.spec.in: s/apis/api/

2012-02-15  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement DomainPMSuspendForDuration
	via user agent. Allow targets mem & hybrid iff system_wakeup
	monitor command is available.

	qemu: Set capabilities based on supported monitor commands
	In the future (my next patch in fact) we may want to make
	decisions depending on qemu having a monitor command or not.
	Therefore, we want to set qemuCaps flag instead of querying
	on the monitor each time we are about to make that decision.

2012-02-15  Daniel P. Berrange  <berrange@redhat.com>

	Install API XML desc to a standard location
	Language bindings may well want to use the libvirt-api.xml and
	libvirt-qemu-api.xml files to either auto-generate themselves,
	or sanity check the manually written bindings for completeness.
	Currently these XML files are not installed as standard, merely
	ending up as a %doc file in the RPM.
	This changes them to be installed into $prefix/share/libvirt/apis/
	The *-refs.xml files are not installed, since those are only
	useful during generation of the online API doc files.
	The pkg-config file is enhanced so that you can query the install
	location of the API files. eg
	  # pkg-config --variable=libvirt_qemu_api libvirt
	  /home/berrange/builder/i686-pc-mingw32/sys-root/mingw/share/libvirt/libvirt-qemu-api.xml
	* docs/Makefile.am: Install libvirt-api.xml & libvirt-qemu-api.xml
	* libvirt.pc.in: Add vars for querying API install location
	* libvirt.spec.in, mingw32-libvirt.spec.in: Include API XML files

2012-02-14  Eric Blake  <eblake@redhat.com>

	qemu: make block io tuning smarter
	When blkdeviotune was first committed in 0.9.8, we had the limitation
	that setting one value reset all others.  But bytes and iops should
	be relatively independent.  Furthermore, setting tuning values on
	a live domain followed by dumpxml did not output the new settings.
	* src/qemu/qemu_driver.c (qemuDiskPathToAlias): Add parameter, and
	update callers.
	(qemuDomainSetBlockIoTune): Don't lose previous unrelated
	settings.  Make live changes reflect to dumpxml output.
	* tools/virsh.pod (blkdeviotune): Update documentation.

2012-02-13  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.10
	* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
	* po/*.po*: update ja, it and uk localization, fixed the ja one

2012-02-13  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Fix name of domain suspend command
	It's dompmsuspend, not suspend-duration.

	virpidfile: Allow whitespace character at the end of pidfile
	Some programs, notably dnsmasq, which are writing pidfiles on their
	own do append a whitespace character after pid, e.g. '\n'.

2012-02-13  Daniel Veillard  <veillard@redhat.com>

	Revert "qemu: add ibmvscsi controller model"
	This reverts commit 7b345b69f28eb112238b941b743c5f6d57bd4a04.
	Conflicts:
		tests/qemuxml2argvdata/qemuxml2argv-disk-scsi-vscsi.xml

	Revert "qemu: add virtio-scsi controller model"
	This reverts commit c9abfadf3721505e8eaffbf56ef1e53202c1db3c.
	Conflicts:
		tests/qemuxml2argvdata/qemuxml2argv-disk-scsi-virtio-scsi.xml

2012-02-11  Guannan Ren  <gren@redhat.com>

	python: make other APIs share common {get, set}PyVirTypedParameter
	        *libvirt_virDomainBlockStatsFlags
	        *libvirt_virDomainGetSchedulerParameters
	        *libvirt_virDomainGetSchedulerParametersFlags
	        *libvirt_virDomainSetSchedulerParameters
	        *libvirt_virDomainSetSchedulerParametersFlags
	        *libvirt_virDomainSetBlkioParameters
	        *libvirt_virDomainGetBlkioParameters
	        *libvirt_virDomainSetMemoryParameters
	        *libvirt_virDomainGetMemoryParameters
	        *libvirt_virDomainSetBlockIoTune
	        *libvirt_virDomainGetBlockIoTune

2012-02-11  Marc-André Lureau  <marcandre.lureau@gmail.com>

	virpidfile: replace fopen/fwrite/fscanf with more portable version
	Replace calls to fwrite() and fscanf() with more portable-friendly
	version, such as snprintf() and virStrToLong().

2012-02-10  Osier Yang  <jyang@redhat.com>

	util: Do not use PRIx64 macro
	It breaks the build on Mingw32,  because PRIx64 is coming
	from the Win32 headers, but virAsprintf uses the gnulib printf.

2012-02-10  Alex Jia  <ajia@redhat.com>

	rpc: Plug memory leaks on doRemoteOpen() failure path
	Detected by valgrind. Leaks are introduced in commit c1b2264.
	* src/remote/remote_driver.c (doRemoteOpen): free client program memory in failure path.
	* How to reproduce?
	% valgrind -v --leak-check=full virsh -c qemu:
	* Actual result
	==3969== 40 bytes in 1 blocks are definitely lost in loss record 8 of 28
	==3969==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	    ==3969==    by 0x4C89C41: virAlloc (memory.c:101)
	    ==3969==    by 0x4D5A236: virNetClientProgramNew (virnetclientprogram.c:60)
	    ==3969==    by 0x4D47AB4: doRemoteOpen (remote_driver.c:658)
	    ==3969==    by 0x4D49FFF: remoteOpen (remote_driver.c:871)
	    ==3969==    by 0x4D13373: do_open (libvirt.c:1196)
	    ==3969==    by 0x4D14535: virConnectOpenAuth (libvirt.c:1422)
	    ==3969==    by 0x425627: main (virsh.c:18537)
	    ==3969==
	    ==3969== 40 bytes in 1 blocks are definitely lost in loss record 9 of 28
	    ==3969==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	    ==3969==    by 0x4C89C41: virAlloc (memory.c:101)
	    ==3969==    by 0x4D5A236: virNetClientProgramNew (virnetclientprogram.c:60)
	    ==3969==    by 0x4D47AD7: doRemoteOpen (remote_driver.c:664)
	    ==3969==    by 0x4D49FFF: remoteOpen (remote_driver.c:871)
	    ==3969==    by 0x4D13373: do_open (libvirt.c:1196)
	    ==3969==    by 0x4D14535: virConnectOpenAuth (libvirt.c:1422)
	    ==3969==    by 0x425627: main (virsh.c:18537)
	    ==3969==
	    ==3969== LEAK SUMMARY:
	    ==3969==    definitely lost: 80 bytes in 2 blocks

2012-02-10  Osier Yang  <jyang@redhat.com>

	npiv: Auto-generate WWN if it's not specified
	The auto-generated WWN comply with the new addressing schema of WWN:
	<quote>
	the first nibble is either hex 5 or 6 followed by a 3-byte vendor
	identifier and 36 bits for a vendor-specified serial number.
	</quote>
	We choose hex 5 for the first nibble. And for the 3-bytes vendor ID,
	we uses the OUI according to underlying hypervisor type, (invoking
	virConnectGetType to get the virt type). e.g. If virConnectGetType
	returns "QEMU", we use Qumranet's OUI (00:1A:4A), if returns
	ESX|VMWARE, we use VMWARE's OUI (00:05:69). Currently it only
	supports qemu|xen|libxl|xenapi|hyperv|esx|vmware drivers. The last
	36 bits are auto-generated.

2012-02-10  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	Remove single quotes from audit records
	Some audit records generated by libvirt contain fields enclosed by single
	quotes. Since those fields are inside the msg field, which is enclosed by
	single quotes, these records generated by libvirt are not correctly parsed by
	libauparse.

2012-02-10  Lai Jiangshan  <laijs@cn.fujitsu.com>

	GetCPUStats: fix overflow test
	Bug introduced in commit c6ec021b.

2012-02-10  Marc-André Lureau  <marcandre.lureau@gmail.com>

	domain: add implicit USB controller
	Some tools, such as virt-manager, prefers having the default USB
	controller explicit in the XML document. This patch makes sure there
	is one. With this patch, it is now possible to switch from USB1 to
	USB2 from the release 0.9.1 of virt-manager.
	Fix tests to pass with this change.

2012-02-10  Guannan Ren  <gren@redhat.com>

	python: refactoring virTypedParameter conversion for NUMA tuning APIs
	          *getPyVirTypedParameter
	          *setPyVirTypedParameter
	          *virDomainSetNumaParameters
	          *virDomainGetNumaParameters

2012-02-10  Eric Blake  <eblake@redhat.com>

	docs: fix typo in python bindings
	* docs/python.html.in: Class is virConnect, not virConn.

2012-02-09  Laine Stump  <laine@laine.org>

	conf: small changes to comments in virDomainDeviceInfo
	romfile wasn't mentioned in the comment, and the fact that rombar is
	now supported for network interfaces also wasn't there.

2012-02-09  Osier Yang  <jyang@redhat.com>

	python: Correct arguments number for migrateSetMaxSpeed
	The API definition accepts "flags" argument, however, the
	implementation ignores it, though "flags" is unused currently,
	we should expose it instead of hard coding, the API
	implementation inside hypervisor driver is responsible to check
	if the passed "flags" is valid.

2012-02-09  Eric Blake  <eblake@redhat.com>

	qemu: fix persistent setting of blkiodevice weights
	virsh blkiotune dom --device-weights /dev/sda,400 --config
	wasn't working correctly.
	* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Use
	correct definition.

	qemu: make blkiodevice weights easier to read
	The merge code had too many indirections to easily analyze.
	* src/qemu/qemu_driver.c (qemuDomainMergeDeviceWeights): Pick
	better variable names.

	sysinfo: simplify function signature
	Now that no one is relying on the return value being a pointer to
	somewhere inside of the passed-in argument, we can simplify the
	callers to simply return success or failure.  Also wrap some long
	lines and add some const-correctness.
	* src/util/sysinfo.c (virSysinfoParseBIOS, virSysinfoParseSystem)
	(virSysinfoParseProcessor, virSysinfoParseMemory): Change return.
	(virSysinfoRead): Adjust caller.

2012-02-09  Daniel P. Berrange  <berrange@redhat.com>

	Populate /dev/std{in,out,err} symlinks in LXC containers
	Some applications expect /dev/std{in,out,err} to exist. Populate
	them during container startup as symlinks to /proc/self/fd

	Replace truncate() with ftruncate()
	Mingw32 does not have any truncate() API defined, but it does
	have ftruncate(). So replace use of the former with the latter

	Update symbols file for virFileDirectFd/virFileWrapperFd rename

2012-02-08  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix flag semantics and docs for "desc" command
	This patch fixes the domain modification impact flags for tie virsh
	desc command to match the new semantics and fix the docs to match
	actual behavior.

2012-02-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix memory leak when building -cpu argument
	Reported by Alex Jia:
	==21503== 112 (32 direct, 80 indirect) bytes in 1 blocks are
	definitely lost in loss record 37 of 40
	==21503==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==21503==    by 0x4A8991: virAlloc (memory.c:101)
	==21503==    by 0x505A6C: x86DataCopy (cpu_x86.c:247)
	==21503==    by 0x507B34: x86Compute (cpu_x86.c:1225)
	==21503==    by 0x43103C: qemuBuildCommandLine (qemu_command.c:3561)
	==21503==    by 0x41C9F7: testCompareXMLToArgvHelper
	(qemuxml2argvtest.c:183)
	==21503==    by 0x41E10D: virtTestRun (testutils.c:141)
	==21503==    by 0x41B942: mymain (qemuxml2argvtest.c:705)
	==21503==    by 0x41D7E7: virtTestMain (testutils.c:696)

	qemu: Always use iohelper for domain save
	This is probably not strictly needed as save operation is not live but
	we may have other reasons to avoid blocking qemu's main loop.

	security: Driver 'none' cannot create confined guests
	In case the caller specifies that confined guests are required but the
	security driver turns out to be 'none', we should return an error since
	this driver clearly cannot meet that requirement.  As a result of this
	error, libvirtd fails to start when the host admin explicitly sets
	confined guests are required but there is no security driver available.
	Since security driver 'none' cannot create confined guests, we override
	default confined setting so that hypervisor drivers do not thing they
	should create confined guests.

	seclabel: Do not output relabel attribute for type 'none'
	Security label type 'none' requires relabel to be set to 'no' so there's
	no reason to output this extra attribute.  Moreover, since relabel is
	internally stored in a negative from (norelabel), the default value for
	relabel would be 'yes' in case there is no <seclabel> element in domain
	configuration.  In case VIR_DOMAIN_SECLABEL_DEFAULT turns into
	VIR_DOMAIN_SECLABEL_NONE, we would incorrectly output relabel='yes' for
	seclabel type 'none'.

	qemu: Always use iohelper for dumping domain core
	Qemu uses non-blocking I/O which doesn't play nice with regular file
	descriptors. We need to pass a pipe to qemu instead, which can easily be
	done using iohelper.

	util: Generalize virFileDirectFd
	virFileDirectFd was used for accessing files opened with O_DIRECT using
	libvirt_iohelper. We will want to use the helper for accessing files
	regardless on O_DIRECT and thus virFileDirectFd was generalized and
	renamed to virFileWrapperFd.

2012-02-08  Alex Jia  <ajia@redhat.com>

	virsh: Plug memory leak on cmdDesc

2012-02-08  Osier Yang  <jyang@redhat.com>

	virsh: Do not check the input XML at virsh layer for cmdDetachDevice
	Any device XML doesn't use the same order as libvirt generates, or
	uses decimal for attributes like "slot" of "<address>" will cause
	device detaching to fail, as virsh compares the XML simply earlier
	in strict manner before internal parsing.
	This is regression introduced by ea7182c.

2012-02-08  Eric Blake  <eblake@redhat.com>

	python: drop unused function
	Gcc warned about an unused static function.
	* python/libvirt-qemu-override.c (py_str): Delete.

2012-02-08  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	On systems with dmidecode version 2.10 or older,
	 dmidecode displays processor information, followed by BIOS, system and
	 memory-DIMM details.
	 Calls to virSysinfoParseBIOS(), virSysinfoParseSystem() would update
	 the buffer pointer 'base', so the processor information would be lost
	 before virSysinfoParseProcessor() was called. Sysinfo would therefore
	 not be able to display processor details -- It only described <bios>,
	 <system> and <memory_device> details.
	 This patch attempts to insulate sysinfo from ordering of dmidecode
	 output.
	Before the fix:
	---------------
	virsh # sysinfo
	<sysinfo type='smbios'>
	  <bios>
	    ....
	  </bios>
	  <system>
	    ....
	  </system>
	  <memory_device>
	    ....
	  </memory_device>
	After the fix:
	-------------
	virsh # sysinfo
	<sysinfo type='smbios'>
	  <bios>
	    ....
	  </bios>
	  <system>
	    ....
	  </system>
	  <processor>
	    ....
	  </processor>
	  <memory_device>
	    ....
	  </memory_device>

2012-02-08  Cole Robinson  <crobinso@redhat.com>

	storage: Don't unsparsify images when cloning
	Input to the volume cloning code is a source volume and an XML
	descriptor for the new volume. It is possible for the new volume
	to have a greater size than source volume, at which point libvirt
	will just stick 0s on the end of the new image (for raw format
	anyways).
	Unfortunately a logic error messed up our tracking of the of the
	excess amount that needed to be written: end result is that sparse
	clones were made very much non-sparse, and cloning regular disk
	images could end up excessively sized (though data unaltered).
	Drop the 'remain' variable entriely here since it's redundant, and
	track actual allocation directly against the desired 'total'.

2012-02-08  Laine Stump  <laine@laine.org>

	build: don't require avahi during install
	See: https://bugzilla.redhat.com/show_bug.cgi?id=785269
	The specfile requires avahi during install if libvirt was built with
	avahi support, but there are many situations where it is undesirable
	to install avahi due to security concerns. This patch requires only
	the avahi-libs package, which is needed by libvirt to call the
	function that tries to attach to the avahi daemon, but will instead
	silently fail because the avahi-daemon is in the main avahi package,
	and that package isn't installed.

2012-02-08  Cole Robinson  <crobinso@redhat.com>

	Allow polkit auth for VNC and SSH users
	If you are sitting in front of a physical machine and logged in as
	a regular user, you can connect to the system libvirtd instance
	by providing a root password to policykit. This is how most
	virt-manager users talk to libvirt.
	However, if you are launching virt-manager over ssh -X, or over
	VNC started from say /etc/sysconfig/vncservers, our policykit policy
	rejects the user outright, providing no option to provide the root
	password. This is confusing to users and doesn't seem to serve much
	point.
	Change the policy to allow inactive (VNC) and non-local (SSH, VNC)
	to provide root credentials for accessing system libvirtd. We use
	auth_admin rather than auth_admin_keep so that credentials aren't
	cached at all, and every subsequent reconnection to libvirt requires
	auth.
	Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=625115
	Similar change to PackageKit policy:
	https://bugzilla.redhat.com/show_bug.cgi?id=528511

2012-02-07  Michal Privoznik  <mprivozn@redhat.com>

	pyhton: Don't link against libvirt_util.la
	As we already link with libvirt.la which contains libvirt_utils.la.
	Double linking causes global symbols to be presented twice and
	thus confusion. This partially reverts c700613b8d463212d142c97108b7a2352e23e559

2012-02-07  Eric Blake  <eblake@redhat.com>

	build: avoid gcc 4.7 warning about inlines
	gcc 4.7 complains:
	util/virhashcode.c:49:17: error: always_inline function might not be inlinable [-Werror=attributes]
	util/virhashcode.c:35:17: error: always_inline function might not be inlinable [-Werror=attributes]
	Normal 'inline' is a hint that the compiler may ignore; the fact
	that the function is static is good enough.  We don't care if the
	compiler decided not to inline after all.
	* src/util/virhashcode.c (getblock, fmix): Relax attribute.

2012-02-07  Dave Allan  <dallan@redhat.com>

	Clarify the purpose of domxml-from-native
	Someone mentioned to me that they interpreted this section of the KVM
	driver page as suggesting that new guests should be created by
	creating a qemu commandline and converting it to XML with
	domxml-from-native.  I don't think that's the intent of
	domxml-from-native, so I added that clarification.

2012-02-07  Philipp Hahn  <hahn@univention.de>

	xen-xm: SIGSEGV in xenXMDomainDefineXML: filename
	filename is not initialized to NULL while it's unconditionally freed in
	the error path.

	xen-xm: fix data loss in domain edit
	On CentOS5:
	If "virsh edit $DOM" is used and an error happens (for example changing
	any live cycle action to a non-existing value), libvirt forgets that
	$DOM exists, since it is already removed from the internal hash tables,
	which are used for domain lookup.
	In once case (unreproducible) even the persistent configuration
	/etc/xen/$DOM was deleted.
	Instead of using the compound function xenXMConfigSaveFile() explicitly
	use xenFomatXM() and virConfWriteFile() to distinguish between a failure
	in converting the libvirt definition to the xen-xm format and a problem
	when writing the file.

2012-02-07  Eric Blake  <eblake@redhat.com>

	seclabel: make code and RNG match
	Commit b170eb99 introduced a bug: domains that had an explicit
	<seclabel type='none'/> when started would not be reparsed if
	libvirtd restarted.  It turns out that our testsuite was not
	exercising this because it never tried anything but inactive
	parsing.  Additionally, the live XML for such a domain failed
	to re-validate.  Applying just the tests/ portion of this patch
	will expose the bugs that are fixed by the other two files.
	* docs/schemas/domaincommon.rng (seclabel): Allow relabel under
	type='none'.
	* src/conf/domain_conf.c (virSecurityLabelDefParseXML): Per RNG,
	presence of <seclabel> with no type implies dynamic.  Don't
	require sub-elements for type='none'.
	* tests/qemuxml2xmltest.c (mymain): Add test.
	* tests/qemuxml2argvtest.c (mymain): Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml: Add file.
	* tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.args: Add file.
	Reported by Ansis Atteka.

2012-02-07  Peter Krempa  <pkrempa@redhat.com>

	maint: Add test output files to .gitignore
	Commit 8f00276c8a6140cec6a6d50441c802981d329c0c consolidated other
	.gitignore files to the master one, but forgot to add some test output
	files.

2012-02-06  Alex Jia  <ajia@redhat.com>

	Update myself in AUTHORS
	Move myself from 'Previous maintainers' section to 'the primary maintainers and
	people with commit access rights' section, because I have a commit rights now.

2012-02-06  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix resource leak while listing inactive domains with titles
	Commit fad5cd210899dfde4afe36712754dc921c3f3051 introduces a new flag
	that allows to show domain's title with domains. This commit introduced
	resource leak while listing inactive domains with titles.

2012-02-06  Philipp Hahn  <hahn@univention.de>

	xen_xm: Fix SIGSEGV in xenXMDomainDefineXML
	On CentOS5 with xen-3.0.3:
	 Program received signal SIGSEGV, Segmentation fault.
	 virFree (ptrptr=0x8) at util/memory.c:310
	 310         free(*(void**)ptrptr);
	 (gdb) bt
	 #0  virFree (ptrptr=0x8) at util/memory.c:310
	 #1  0x00002aaaaae167c8 in xenXMDomainDefineXML (conn=0x694e80, xml=0x6b2ce0 "P\fk") at xen/xm_internal.c:1199
	 #2  0x00002aaaaae070d7 in xenUnifiedDomainDefineXML (conn=0x8,
	     xml=0x6ac040 "<domain type='xen'>\n  <name>pv</name>\n  <uuid>20291bc0-453a-4d6c-c6ac-4e5af63b932c</uuid>\n  <memory>1048576</memory>\n  <currentMemory>1048576</currentMemory>\n  <vcpu>1</vcpu>\n  <os>\n    <type arch='x8"...) at xen/xen_driver.c:1524
	 #3  0x00002aaaaada7803 in virDomainDefineXML (conn=0x694e80,
	     xml=0x6ac040 "<domain type='xen'>\n  <name>pv</name>\n  <uuid>20291bc0-453a-4d6c-c6ac-4e5af63b932c</uuid>\n  <memory>1048576</memory>\n  <currentMemory>1048576</currentMemory>\n  <vcpu>1</vcpu>\n  <os>\n    <type arch='x8"...) at libvirt.c:7823
	 #4  0x0000000000426173 in cmdEdit (ctl=0x7fffffffb8e0, cmd=<value optimized out>) at virsh.c:14882
	 #5  0x000000000041c9ce in vshCommandRun (ctl=0x7fffffffb8e0, cmd=0x658c50) at virsh.c:17712
	 #6  0x000000000042c3b9 in main (argc=1, argv=<value optimized out>) at virsh.c:19317

2012-02-06  Jiri Denemark  <jdenemar@redhat.com>

	docs: Enhance documentation of the old-style boot configuration
	Also encourages people to use per-device boot elements for better
	control.

	qemu: Fix seamless spice migration
	Calling qemuDomainMigrateGraphicsRelocate notifies spice clients to
	connect to destination qemu so that they can seamlessly switch streams
	once migration is done. Unfortunately, current qemu is not able to
	accept any connections while incoming migration connection is open.
	Thus, we need to delay opening the migration connection to the point
	spice client is already connected to the destination qemu.

	tests: Fix build with -Werror

	apparmor: Add missing comma
	Typo introduced by c18a88ac

2012-02-06  Alex Jia  <ajia@redhat.com>

	virsh: Avoid invalid read of size errors
	Detected by valgrind. the codes are allocating 0 bytes memory to variable
	cpumap by vshCalloc function, and then the function VIR_USE_CPU will access
	it later, a invalid read error will be hit.
	* tools/virsh.c(cmdVcpuPin): fix invalid read error.
	* How to reproduce?
	% valgrind -v --read-var-info=yes virsh vcpupin <domain> 0 0
	* Actual result:
	==27271== ERROR SUMMARY: 5 errors from 2 contexts (suppressed: 8 from 6)
	==27271==
	==27271== 1 errors in context 1 of 2:
	==27271== Invalid read of size 1
	==27271==    at 0x39CF087E2E: __GI_memcpy (in /lib64/libc-2.12.so)
	==27271==    by 0x39CF114FDC: xdrmem_putbytes (in /lib64/libc-2.12.so)
	==27271==    by 0x39CF114707: xdr_opaque (in /lib64/libc-2.12.so)
	==27271==    by 0x4D56194: xdr_remote_domain_pin_vcpu_args (remote_protocol.c:1844)
	==27271==    by 0x4D6CCE1: virNetMessageEncodePayload (virnetmessage.c:341)
	==27271==    by 0x4D5A44B: virNetClientProgramCall (virnetclientprogram.c:327)
	==27271==    by 0x4D36EDB: callWithFD (remote_driver.c:4546)
	==27271==    by 0x4D36F7B: call (remote_driver.c:4567)
	==27271==    by 0x4D3B2C1: remoteDomainPinVcpu (remote_client_bodies.h:1566)
	==27271==    by 0x4D199D3: virDomainPinVcpu (libvirt.c:8585)
	==27271==    by 0x4241F4: cmdVcpuPin (virsh.c:5262)
	==27271==    by 0x4150A6: vshCommandRun (virsh.c:17712)
	==27271==  Address 0x5602b80 is 0 bytes after a block of size 0 alloc'd
	==27271==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==27271==    by 0x4C89BDF: virAllocN (memory.c:129)
	==27271==    by 0x423868: _vshCalloc.clone.2 (virsh.c:454)
	==27271==    by 0x423EF9: cmdVcpuPin (virsh.c:5190)
	==27271==    by 0x4150A6: vshCommandRun (virsh.c:17712)
	==27271==    by 0x426583: main (virsh.c:19289)
	==27271==
	==27271==
	==27271== 4 errors in context 2 of 2:
	==27271== Invalid read of size 1
	==27271==    at 0x424133: cmdVcpuPin (virsh.c:5245)
	==27271==    by 0x4150A6: vshCommandRun (virsh.c:17712)
	==27271==    by 0x426583: main (virsh.c:19289)
	==27271==  Address 0x5602b80 is 0 bytes after a block of size 0 alloc'd
	==27271==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==27271==    by 0x4C89BDF: virAllocN (memory.c:129)
	==27271==    by 0x423868: _vshCalloc.clone.2 (virsh.c:454)
	==27271==    by 0x423EF9: cmdVcpuPin (virsh.c:5190)
	==27271==    by 0x4150A6: vshCommandRun (virsh.c:17712)
	==27271==    by 0x426583: main (virsh.c:19289)

2012-02-04  Eric Blake  <eblake@redhat.com>

	maint: consolidate several .gitignore files
	Unlike .cvsignore under CVS, git allows for ignoring nested
	names.  We weren't very consistent where new tests were
	being ignored (some in .gitignore, some in tests/.gitignore),
	and I found it easier to just consolidate everything.
	* .gitignore: Subsume entries from subdirectories.
	* daemon/.gitignore: Delete.
	* docs/.gitignore: Likewise.
	* docs/devhelp/.gitignore: Likewise.
	* docs/html/.gitignore: Likewise.
	* examples/dominfo/.gitignore: Likewise.
	* examples/domsuspend/.gitignore: Likewise.
	* examples/hellolibvirt/.gitignore: Likewise.
	* examples/openauth/.gitignore: Likewise.
	* examples/domain-events/events-c/.gitignore: Likewise.
	* include/libvirt/.gitignore: Likewise.
	* src/.gitignore: Likewise.
	* src/esx/.gitignore: Likewise.
	* tests/.gitignore: Likewise.
	* tools/.gitignore: Likewise.

2012-02-04  Laine Stump  <laine@laine.org>

	qemu: eliminate "Ignoring open failure" when using root-squash NFS
	This eliminates the warning message reported in:
	 https://bugzilla.redhat.com/show_bug.cgi?id=624447
	It was caused by a failure to open an image file that is not
	accessible by root (the uid libvirtd is running as) because it's on a
	root-squash NFS share, owned by a different user, with permissions of
	660 (or maybe 600).
	The solution is to use virFileOpenAs() rather than open(). The
	codepath that generates the error is during qemuSetupDiskCGroup(), but
	the actual open() is in a lower-level generic function called from
	many places (virDomainDiskDefForeachPath), so some other pieces of the
	code were touched just to add dummy (or possibly useful) uid and gid
	arguments.
	Eliminating this warning message has the nice side effect that the
	requested operation may even succeed (which in this case isn't
	necessary, but shouldn't hurt anything either).

	util: refactor virFileOpenAs
	virFileOpenAs previously would only try opening a file as the current
	user, or as a different user, but wouldn't try both methods in a
	single call. This made it cumbersome to use as a replacement for
	open(2). Additionally, it had a lot of historical baggage that led to
	it being difficult to understand.
	This patch refactors virFileOpenAs in the following ways:
	* reorganize the code so that everything dealing with both the parent
	  and child sides of the "fork+setuid+setgid+open" method are in a
	  separate function. This makes the public function easier to understand.
	* Allow a single call to virFileOpenAs() to first attempt the open as
	  the current user, and if that fails to automatically re-try after
	  doing fork+setuid (if deemed appropriate, i.e. errno indicates it
	  would now be successful, and the file is on a networkFS). This makes
	  it possible (in many, but possibly not all, cases) to drop-in
	  virFileOpenAs() as a replacement for open(2).
	  (NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
	  without forking, then again with forking. That unfortunately can't
	  be changed without at least some discussion of the ramifications,
	  because the requested file permissions are different in each case,
	  which is something that a single call to virFileOpenAs() can't deal
	  with.)
	* Add a flag so that any fchown() of the file to a different uid:gid
	  is explicitly requested when the function is called, rather than it
	  being implied by the presence of the O_CREAT flag. This just makes
	  for less subtle surprises to consumers. (Commit
	  b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
	  before forcing ownership. This patch just makes that restriction
	  more explicit.)
	* If either the uid or gid is specified as "-1", virFileOpenAs will
	  interpret this to mean "the current [gu]id".
	All current consumers of virFileOpenAs should retain their present
	behavior (after a few minor changes to their setup code and
	arguments).

2012-02-04  D. Herrendoerfer  <d.herrendoerfer@herrendoerfer.name>

	util: rename netlink.[ch] to virnetlink.[ch]
	Rename the src/util/netlink files to src/util/virnetlink to
	better fit the naming scheme. Also rename nlComm to virNetlinkCommand.

2012-02-04  Laine Stump  <laine@laine.org>

	virsh: add --graceful switch to destroy command
	This allows virsh to use the new VIR_DOMAIN_DESTROY_GRACEUL flag for
	virDomainDestroyFlags.

	qemu: new GRACEFUL flag for virDomainDestroy w/ QEMU support
	When libvirt's virDomainDestroy API is shutting down the qemu process,
	it first sends SIGTERM, then waits for 1.6 seconds and, if it sees the
	process still there, sends a SIGKILL.
	There have been reports that this behavior can lead to data loss
	because the guest running in qemu doesn't have time to flush its disk
	cache buffers before it's unceremoniously whacked.
	This patch maintains that default behavior, but provides a new flag
	VIR_DOMAIN_DESTROY_GRACEFUL to alter the behavior. If this flag is set
	in the call to virDomainDestroyFlags, SIGKILL will never be sent to
	the qemu process; instead, if the timeout is reached and the qemu
	process still exists, virDomainDestroy will return an error.
	Once this patch is in, the recommended method for applications to call
	virDomainDestroyFlags will be with VIR_DOMAIN_DESTROY_GRACEFUL
	included. If that fails, then the application can decide if and when
	to call virDomainDestroyFlags again without
	VIR_DOMAIN_DESTROY_GRACEFUL (to force the issue with SIGKILL).
	(Note that this does not address the issue of existing applications
	that have not yet been modified to use VIR_DOMAIN_DESTROY_GRACEFUL.
	That is a separate patch.)

2012-02-04  Philipp Hahn  <hahn@univention.de>

	virterror.c: Fix several spelling mistakes
	compat{a->i}bility
	erron{->e}ous
	nec{c->}essary.
	Either "the" or "a".

2012-02-04  Martin Kletzander  <mkletzan@redhat.com>

	Added missing memory reporting into python bindings
	Two types of memory stats were not reported by python bindings. This
	patch fixes both of them.

2012-02-04  Eric Blake  <eblake@redhat.com>

	python: use libvirt_util to avoid raw free
	This patch starts the process of elevating the python binding code
	to be on the same level as the rest of libvirt when it comes to
	requiring good coding styles.  Statically linking against the
	libvirt_util library makes it much easier to write good code,
	rather than having to open-code and reinvent things locally.
	Done by global search and replace of s/free(/VIR_FREE(/, followed
	by hand-inspection of remaining malloc and redundant memset.
	* cfg.mk (exclude_file_name_regexp--sc_prohibit_raw_allocation):
	Remove python from exemption.
	* python/Makefile.am (INCLUDES): Add gnulib and src/util.  Drop
	$(top_builddir)/$(subdir), as automake already guarantees that.
	(mylibs, myqemulibs): Pull in libvirt_util and gnulib.
	(libvirtmod_la_CFLAGS): Catch compiler warnings if configured to
	use -Werror.
	* python/typewrappers.c (libvirt_charPtrSizeWrap)
	(libvirt_charPtrWrap): Convert free to VIR_FREE.
	* python/generator.py (print_function_wrapper): Likewise.
	* python/libvirt-override.c: Likewise.

	build: expand rule to cover testsuite
	The bulk of this patch was done with:
	sed -i 's/\(\bfree *(/VIR_FREE(/g' tests/*.c
	followed by fixing the few compile errors that resulted.
	* cfg.mk (exclude_file_name_regexp--sc_prohibit_raw_allocation):
	Remove tests from exemption.
	* tests/testutils.h: Add common header.
	* tests/commandhelper.c: Fix offenders.
	* tests/cputest.c: Likewise.
	* tests/domainsnapshotxml2xmltest.c: Likewise.
	* tests/interfacexml2xmltest.c: Likewise.
	* tests/networkxml2argvtest.c: Likewise.
	* tests/networkxml2xmltest.c: Likewise.
	* tests/nodedevxml2xmltest.c: Likewise.
	* tests/nodeinfotest.c: Likewise.
	* tests/nwfilterxml2xmltest.c: Likewise.
	* tests/qemuargv2xmltest.c: Likewise.
	* tests/qemuxml2argvtest.c: Likewise.
	* tests/qemuxml2xmltest.c: Likewise.
	* tests/qemuxmlnstest.c: Likewise.
	* tests/qparamtest.c: Likewise.
	* tests/sexpr2xmltest.c: Likewise.
	* tests/storagepoolxml2xmltest.c: Likewise.
	* tests/storagevolxml2xmltest.c: Likewise.
	* tests/testutils.c: Likewise.
	* tests/virshtest.c: Likewise.
	* tests/xencapstest.c: Likewise.
	* tests/xmconfigtest.c: Likewise.
	* tests/xml2sexprtest.c: Likewise.

	build: prohibit raw malloc and free
	Our HACKING discourages use of malloc and free, for at least
	a couple of years now.  But we weren't enforcing it, until now :)
	For now, I've exempted python and tests, and will clean those up
	in subsequent patches.  Examples should be permanently exempt,
	since anyone copying our examples won't have use of our
	internal-only memory.h via libvirt_util.la.
	* cfg.mk (sc_prohibit_raw_allocation): New rule.
	(exclude_file_name_regexp--sc_prohibit_raw_allocation): and
	exemptions.
	* src/cpu/cpu.c (cpuDataFree): Avoid false positive.
	* src/conf/network_conf.c (virNetworkDNSSrvDefParseXML): Fix
	offenders.
	* src/libxl/libxl_conf.c (libxlMakeDomBuildInfo, libxlMakeVfb)
	(libxlMakeDeviceModelInfo): Likewise.
	* src/rpc/virnetmessage.c (virNetMessageSaveError): Likewise.
	* tools/virsh.c (_vshMalloc, _vshCalloc): Likewise.

	python: drop redundant function
	I noticed some redundant code while preparing my next patch.
	* python/generator.py (py_types): Fix 'const char *' mapping.
	* python/typewrappers.h (libvirt_charPtrConstWrap): Drop.
	* python/typewrappers.c (libvirt_charPtrConstWrap): Delete, since
	it is identical to libvirt_constcharPtrWrap.

	build: clean up CPPFLAGS/INCLUDES usage
	Our syntax checker missed all-lower-case variables (this will
	be fixed by the next .gnulib update).  Additionally, anywhere
	that we mix in-tree files with generated files, automake recommends
	listing builddir prior to srcdir for VPATH builds.
	* src/Makefile.am (*_la_CFLAGS): Favor $(top_srcdir).
	(INCLUDES): Likewise, and follow automake recommendations on
	builddir before srcdir.
	* python/Makefile.am (INCLUDES): Swap directory order.
	* tests/Makefile.am (INCLUDES): Likewise.
	* tools/Makefile.am (INCLUDES): Likewise.
	* daemon/Makefile.am (INCLUDES): Likewise.
	(libvirtd.init, libvirtd.service): Favor $().
	* examples/hellolibvirt/Makefile.am (hellolibvirt_LDADD):
	Likewise.
	* examples/openauth/Makefile.am (openauth_LDADD): Likewise.
	* examples/dominfo/Makefile.am (INCLUDES): Drop dead include.
	* examples/domsuspend/Makefile.am (INCLUDES): Likewise.

	command: allow merging stdout and stderr in string capture
	Sometimes, its easier to run children with 2>&1 in shell notation,
	and just deal with stdout and stderr interleaved.  This was already
	possible for fd handling; extend it to also work when doing string
	capture of a child process.
	* docs/internals/command.html.in: Document this.
	* src/util/command.c (virCommandSetErrorBuffer): Likewise.
	(virCommandRun, virExecWithHook): Implement it.
	* tests/commandtest.c (test14): Test it.
	* daemon/remote.c (remoteDispatchAuthPolkit): Use new command
	feature.

	maint: prune duplicate listings in AUTHORS
	* AUTHORS: Remove duplicates.
	* .mailmap: Update accordingly.

2012-02-04  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	virsh: extension of virsh attach-disk for rawio
	This patch extends "virsh attach-disk" command so that
	we can specify "rawio" attribute.

2012-02-03  Martin Kletzander  <mkletzan@redhat.com>

	Fixed connection definition for non-SELinux builds
	This patch fixes the access of variable "con" in two files where the
	variable was declared only on SELinux builds and thus the build failed
	without SELinux. It's a rather nasty fix but helps fix the build
	quickly and without any major changes to the code.

	Added RSS reporting
	Added RSS information gathering into qemuMemoryStats into qemu driver
	and the reporting into virsh dommemstat.

	Added RSS information gathering into qemudGetProcessInfo
	One more parameter added into the function parsing /proc/<pid>/stat
	and the call of the function is fixed as well.

2012-02-03  Osier Yang  <jyang@redhat.com>

	Replace TAB with white spaces

2012-02-03  Jiri Denemark  <jdenemar@redhat.com>

	lxc: Fix build with AppArmor

2012-02-03  Alex Jia  <ajia@redhat.com>

	conf: Plug memory on virDomainDiskDefParseXML
	Detected by valgrind. Leak is introduced in commit 397e6a7.
	* src/conf/domain_conf.c(virDomainDiskDefParseXML): fix memory leak.
	How to reproduce?
	% make -C tests check TESTS=qemuxml2argvtest
	% cd tests && valgrind -v --leak-check=full ./qemuxml2argvtest
	* Actual result:
	==16352== 4 bytes in 1 blocks are definitely lost in loss record 12 of 147
	==16352==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==16352==    by 0x39D90A67DD: xmlStrndup (xmlstring.c:45)
	==16352==    by 0x4E83D5: virDomainDiskDefParseXML (domain_conf.c:2894)
	==16352==    by 0x4F542D: virDomainDefParseXML (domain_conf.c:7626)
	==16352==    by 0x4F8683: virDomainDefParseNode (domain_conf.c:8390)
	==16352==    by 0x4F904E: virDomainDefParse (domain_conf.c:8340)
	==16352==    by 0x41C626: testCompareXMLToArgvHelper (qemuxml2argvtest.c:105)
	==16352==    by 0x41DED1: virtTestRun (testutils.c:142)
	==16352==    by 0x418172: mymain (qemuxml2argvtest.c:486)
	==16352==    by 0x41D5C7: virtTestMain (testutils.c:697)
	==16352==    by 0x39CF01ECDC: (below main) (in /lib64/libc-2.12.so)

2012-02-03  Daniel P. Berrange  <berrange@redhat.com>

	Set a security context on /dev and /dev/pts mounts
	To allow the container to access /dev and /dev/pts when under
	sVirt, set an explicit mount option. Also set a max size on
	the /dev mount to prevent DOS on memory usage
	* src/lxc/lxc_container.c: Set /dev mount context
	* src/lxc/lxc_controller.c: Set /dev/pts mount context

	Add support for sVirt in the LXC driver
	For the sake of backwards compat, LXC guests are *not*
	confined by default. This is because it is not practical
	to dynamically relabel containers using large filesystem
	trees. Applications can create confined containers though,
	by giving suitable XML configs
	* src/Makefile.am: Link libvirt_lxc to security drivers
	* src/lxc/libvirtd_lxc.aug, src/lxc/lxc_conf.h,
	  src/lxc/lxc_conf.c, src/lxc/lxc.conf,
	  src/lxc/test_libvirtd_lxc.aug: Config file handling for
	  security driver
	* src/lxc/lxc_driver.c: Wire up security driver functions
	* src/lxc/lxc_controller.c: Add a '--security' flag to
	  specify which security driver to activate
	* src/lxc/lxc_container.c, src/lxc/lxc_container.h: Set
	  the process label just before exec'ing init.

	Add two new security label types
	Curently security labels can be of type 'dynamic' or 'static'.
	If no security label is given, then 'dynamic' is assumed. The
	current code takes advantage of this default, and avoids even
	saving <seclabel> elements with type='dynamic' to disk. This
	means if you temporarily change security driver, the guests
	can all still start.
	With the introduction of sVirt to LXC though, there needs to be
	a new default of 'none' to allow unconfined LXC containers.
	This patch introduces two new security label types
	 - default:  the host configuration decides whether to run the
	             guest with type 'none' or 'dynamic' at guest start
	 - none:     the guest will run unconfined by security policy
	The 'none' label type will obviously be undesirable for some
	deployments, so a new qemu.conf option allows a host admin to
	mandate confined guests. It is also possible to turn off default
	confinement
	  security_default_confined = 1|0  (default == 1)
	  security_require_confined = 1|0  (default == 0)
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Add new
	  seclabel types
	* src/security/security_manager.c, src/security/security_manager.h:
	  Set default sec label types
	* src/security/security_selinux.c: Handle 'none' seclabel type
	* src/qemu/qemu.conf, src/qemu/qemu_conf.c, src/qemu/qemu_conf.h,
	  src/qemu/libvirtd_qemu.aug: New security config options
	* src/qemu/qemu_driver.c: Tell security driver about default
	  config

	Re-add domain device seclabel parsing / formatting
	This re-introduces parsing & formatting for per device seclabels.
	There is a new virDomainDeviceSeclabelPtr struct and corresponding
	APIs for parsing/formatting.

	Revert changes to sec label parsing
	Revert parsing changes:
	  commit 302fe95ffa1bc5f1c61c0beb31a1adfbc38c668e
	  Author: Eric Blake <eblake@redhat.com>
	  Date:   Wed Jan 4 16:01:24 2012 -0700
	    seclabel: fix regression in libvirtd restart
	  commit b43432931aef92325920953ff92beabfbe5224c8
	  Author: Eric Blake <eblake@redhat.com>
	  Date:   Thu Dec 22 17:47:50 2011 -0700
	    seclabel: allow a seclabel override on a disk src
	These two commits changed the sec label parsing code so that
	the same code dealt with both the VM level sec label, and the
	per device label. Unfortunately, as we add more options to the
	VM level sec label, the logic required to use the same parsing
	code for the per device label becomes unintelligible.
	* src/conf/domain_conf.c: Remove support for parsing per
	  device sec labels

2012-02-03  Dave Allan  <dallan@redhat.com>

	Add detail to documentation on storage pools and volumes.
	The storage pools page contains details about the capabilities of the
	various pool types, but not an overview of how they are intended to be
	used.  This patch adds some explanation of what pools and volumes can
	be used for and why an administrator might want to use them.

2012-02-02  Alex Jia  <ajia@redhat.com>

	virsh: Plug memory leak on cmdUndefine
	Detected by valgrind. Leak is introduced in commit 3bb6bcf.
	Free 'vol' memory before allocating memory, the codes will miss one time
	free when 'vol_i = nvolumes' in for loop, so plug memory leak.
	* tools/virsh.c: fix memory leak on cmdUndefine.
	* How to reproduce?
	% dd if=/dev/null of=/var/lib/libvirt/images/foo bs=1 count=1 seek=10M
	% virsh define foo.xml                   (disk source file points to '/var/lib/libvirt/images/foo')
	% virsh vol-clone foo foo-clone default  (the original guest name is 'foo')
	% virsh pool-refresh default
	% virsh vol-list default                 (make sure 'foo-clone' volume exists)
	% virsh define foo-clone.xml             (disk source file points to '/var/lib/libvirt/images/foo-clone')
	% valgrind -v --leak-check=full virsh undefine foo-clone --remove-all-storage
	* Actual results:
	1. virsh output
	Domain foo-clone has been undefined
	Volume '/var/lib/libvirt/images/foo-clone' removed.
	error: Failed to disconnect from the hypervisor, 1 leaked reference(s)
	2. valgrind result
	==6515== 92 (40 direct, 52 indirect) bytes in 1 blocks are definitely lost in loss record 46 of 69
	==6515==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==6515==    by 0x4C89B71: virAlloc (memory.c:101)
	==6515==    by 0x4CFCACE: virGetStorageVol (datatypes.c:724)
	==6515==    by 0x4D4A8E0: remoteStorageVolLookupByPath (remote_driver.c:4664)
	==6515==    by 0x4D07153: virStorageVolLookupByPath (libvirt.c:12508)
	==6515==    by 0x4270E6: cmdUndefine (virsh.c:2828)
	==6515==    by 0x4151B6: vshCommandRun (virsh.c:17693)
	==6515==    by 0x4264D3: main (virsh.c:19270)
	==6515==
	==6515== LEAK SUMMARY:
	==6515==    definitely lost: 40 bytes in 1 blocks
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=786674

2012-02-02  Marc-André Lureau  <marcandre.lureau@gmail.com>

	Update gnulib to fix mingw64 compilation errors

2012-02-02  Philipp Hahn  <hahn@univention.de>

	tests: dynamically replace dnsmasq path
	The path to the dnsmasq binary can be configured while in the test data
	the path is hard-coded to /usr/bin/. This break the test suite if a the
	binary is located in a different location, like /usr/local/sbin/.
	Replace the hard coded path in the test data by a token, which is
	dynamically replaced in networkxml2argvtest with the configured path
	after the test data has been loaded.
	(Another option would have been to modify configure.ac to generate the
	 test data during configure, but I do not know of an easy way do trick
	 configure into mass-generate those test files without listing every
	 single one, which I consider less flexible.)
	- unit-test the unit-test:
	  #include <assert.h>
	  #define TEST(in,token,rep,out) { char *buf = strdup(in); assert(!replaceTokens(&buf, token, rep) && !strcmp(buf, out)); free(buf); }
	  TEST("", "AA", "B", "");
	  TEST("A", "AA", "B", "A");
	  TEST("AA", "AA", "B", "B");
	  TEST("AAA", "AA", "B", "BA");
	  TEST("AA", "AA", "BB", "BB");
	  TEST("AA", "AA", "BBB", "BBB");
	  TEST("<AA", "AA", "B", "<B");
	  TEST("<AA", "AA", "BB", "<BB");
	  TEST("<AA", "AA", "BBB", "<BBB");
	  TEST("AA>", "AA", "B", "B>");
	  TEST("AA>", "AA", "BB", "BB>");
	  TEST("AA>", "AA", "BBB", "BBB>");
	  TEST("<AA>", "AA", "B", "<B>");
	  TEST("<AA>", "AA", "BB", "<BB>");
	  TEST("<AA>", "AA", "BBB", "<BBB>");
	  TEST("<AA|AA>", "AA", "B", "<B|B>");
	  TEST("<AA|AA>", "AA", "BB", "<BB|BB>");
	  TEST("<AA|AA>", "AA", "BBB", "<BBB|BBB>");
	  TEST("<AAAA>", "AA", "B", "<BB>");
	  TEST("<AAAA>", "AA", "BB", "<BBBB>");
	  TEST("<AAAA>", "AA", "BBB", "<BBBBBB>");
	  TEST("AAAA>", "AA", "B", "BB>");
	  TEST("AAAA>", "AA", "BB", "BBBB>");
	  TEST("AAAA>", "AA", "BBB", "BBBBBB>");
	  TEST("<AAAA", "AA", "B", "<BB");
	  TEST("<AAAA", "AA", "BB", "<BBBB");
	  TEST("<AAAA", "AA", "BBB", "<BBBBBB");
	  alarm(1); /* no infinite loop */
	  TEST("A", "A", "A", "A");
	  TEST("AA", "A", "A", "AA");
	  alarm(0);

2012-02-02  Eric Blake  <eblake@redhat.com>

	network: fix testsuite regression
	I slightly botched commit be9fb5a - I converted '--arg=value' to
	'--arg value', which has no semantic change, but did trip up the
	testsuite.
	* src/network/bridge_driver.c (networkBuildDnsmasqArgv): Restore
	expected output.

2012-02-02  Philipp Hahn  <hahn@univention.de>

	tests: virnettlscontexttest needs gnutls-2.6.0
	virnettlscontexttest uses gnutls_x509_crt_set_subject_alt_name() and
	GNUTLS_FSAN_APPEND, which - according to
	<http://www.gnu.org/software/gnutls/manual/gnutls.html> - are only
	available since 2.6.0.
	Since libvirt still works fine with gnutls-1.0.25 from RHEL5, only
	enable the test when the version of GNUTLS is at least 2.6.0.

	xen_xs: name xendConfigVersion magic numbers
	libvirt supports 4 different versions of the user-land XenD daemon. When
	queried the daemon just returns its generation number, which is hard to
	match to the version of the Xen tools.
	Replace the magic generation numbers by named enum definitions to
	improve code readability.

2012-02-02  Alex Jia  <ajia@redhat.com>

	network: Avoid memory leaks on networkBuildDnsmasqArgv
	Detected by valgrind. Leaks introduced in commit 973af236.
	* src/network/bridge_driver.c: fix memory leaks on failure and successful path.
	* How to reproduce?
	% make -C tests check TESTS=networkxml2argvtest
	% cd tests && valgrind -v --leak-check=full ./networkxml2argvtest
	* Actual result:
	==2226== 3 bytes in 1 blocks are definitely lost in loss record 1 of 24
	==2226==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==2226==    by 0x39CF0FEDE7: __vasprintf_chk (in /lib64/libc-2.12.so)
	==2226==    by 0x41DFF7: virVasprintf (stdio2.h:199)
	==2226==    by 0x41E0B7: virAsprintf (util.c:1695)
	==2226==    by 0x41A2D9: networkBuildDhcpDaemonCommandLine (bridge_driver.c:545)
	==2226==    by 0x4145C8: testCompareXMLToArgvHelper (networkxml2argvtest.c:47)
	==2226==    by 0x4156A1: virtTestRun (testutils.c:141)
	==2226==    by 0x414332: mymain (networkxml2argvtest.c:123)
	==2226==    by 0x414D97: virtTestMain (testutils.c:696)
	==2226==    by 0x39CF01ECDC: (below main) (in /lib64/libc-2.12.so)
	==2226==
	==2226== 3 bytes in 1 blocks are definitely lost in loss record 2 of 24
	==2226==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==2226==    by 0x39CF0FEDE7: __vasprintf_chk (in /lib64/libc-2.12.so)
	==2226==    by 0x41DFF7: virVasprintf (stdio2.h:199)
	==2226==    by 0x41E0B7: virAsprintf (util.c:1695)
	==2226==    by 0x41A307: networkBuildDhcpDaemonCommandLine (bridge_driver.c:551)
	==2226==    by 0x4145C8: testCompareXMLToArgvHelper (networkxml2argvtest.c:47)
	==2226==    by 0x4156A1: virtTestRun (testutils.c:141)
	==2226==    by 0x414332: mymain (networkxml2argvtest.c:123)
	==2226==    by 0x414D97: virtTestMain (testutils.c:696)
	==2226==    by 0x39CF01ECDC: (below main) (in /lib64/libc-2.12.so)
	==2226==
	==2226== 5 bytes in 1 blocks are definitely lost in loss record 4 of 24
	==2226==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==2226==    by 0x39CF0FEDE7: __vasprintf_chk (in /lib64/libc-2.12.so)
	==2226==    by 0x41DFF7: virVasprintf (stdio2.h:199)
	==2226==    by 0x41E0B7: virAsprintf (util.c:1695)
	==2226==    by 0x41A2AB: networkBuildDhcpDaemonCommandLine (bridge_driver.c:539)
	==2226==    by 0x4145C8: testCompareXMLToArgvHelper (networkxml2argvtest.c:47)
	==2226==    by 0x4156A1: virtTestRun (testutils.c:141)
	==2226==    by 0x414332: mymain (networkxml2argvtest.c:123)
	==2226==    by 0x414D97: virtTestMain (testutils.c:696)
	==2226==    by 0x39CF01ECDC: (below main) (in /lib64/libc-2.12.so)
	==2226==
	==2226== LEAK SUMMARY:
	==2226==    definitely lost: 11 bytes in 3 blocks

2012-02-02  Eric Blake  <eblake@redhat.com>

	block rebase: initial qemu implementation
	This is a trivial implementation, which works with the current
	released qemu 1.0 with backports of preliminary block pull but
	no partial rebase.  Future patches will update the monitor handling
	to support an optional parameter for partial rebase; but as qemu
	1.1 is unreleased, it can be in later patches, designed to be
	backported on top of the supported API.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Add parameter,
	and adjust callers.  Drop redundant check.
	(qemuDomainBlockPull): Move guts...
	(qemuDomainBlockRebase): ...to new function.

	block rebase: wire up remote protocol
	Nice and simple.
	* src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_BLOCK_REBASE):
	New RPC.
	* src/remote/remote_driver.c (remote_driver): Wire it up.
	* src/remote_protocol-structs: Regenerate.

	block rebase: add new API virDomainBlockRebase
	Qemu is adding the ability to do a partial rebase.  That is, given:
	base <- intermediate <- current
	virDomainBlockPull will produce:
	current
	but qemu now has the ability to leave base in the chain, to produce:
	base <- current
	Note that current qemu can only do a forward merge, and only with
	the current image as the destination, which is fully described by
	this API without flags.  But in the future, it may be possible to
	enhance this API for additional scenarios by using flags:
	Merging the current image back into a previous image (that is,
	undoing a live snapshot), could be done by passing base as the
	destination and flags with a bit requesting a backward merge.
	Merging any other part of the image chain, whether forwards (the
	backing image contents are pulled into the newer file) or backwards
	(the deltas recorded in the newer file are merged back into the
	backing file), could also be done by passing a new flag that says
	that base should be treated as an XML snippet rather than an
	absolute path name, where the XML could then supply the additional
	instructions of which part of the image chain is being merged into
	any other part.
	* include/libvirt/libvirt.h.in (virDomainBlockRebase): New
	declaration.
	* src/libvirt.c (virDomainBlockRebase): Implement it.
	* src/libvirt_public.syms (LIBVIRT_0.9.10): Export it.
	* src/driver.h (virDrvDomainBlockRebase): New driver callback.
	* src/rpc/gendispatch.pl (long_legacy): Add exemption.
	* docs/apibuild.py (long_legacy_functions): Likewise.

2012-02-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add support for virDomainGetMetadata and virDomainSetMetadata
	This patch adds support for the new api into the qemu driver to support
	modification and retrieval of domain description and title. This patch
	does not add support for modifying the <metadata> element.

	virsh: Add support for modifying domain description and titles
	This patch adds a new command "desc" to show and modify titles and
	description for the domains using the new API.
	This patch also adds a new flag for the "list" command to show titles in
	the domain list, to allow easy identification of VMs by storing a short
	description.
	Example:
	virsh # list --title
	 Id Name                 State      Title
	 -----------------------------------------------
	   0 Domain-0             running    Mailserver 1
	   2 fedora               paused

	API: Add api to set and get domain metadata
	This patch adds API to modify domain metadata for running and stopped
	domains. The api supports changing description, title as well as the
	newly added <metadata> element. The API has support for storing data in
	the metadata element using xml namespaces.
	* include/libvirt/libvirt.h.in
	* src/libvirt_public.syms
	        - add function headers
	        - add enum to select metadata to operate on
	        - export functions
	* src/libvirt.c
	        - add public api implementation
	* src/driver.h
	        - add driver support
	* src/remote/remote_driver.c
	* src/remote/remote_protocol.x
	        - wire up the remote protocol
	* include/libvirt/virterror.h
	* src/util/virterror.c
	        - add a new error message note that metadata for domain are
	        missing

	xml: Add element <title> to allow short description of domains
	This patch adds a new element <title> to the domain XML. This attribute
	can hold a short title defined by the user to ease the identification of
	domains. The title may not contain newlines and should be reasonably short.
	 *docs/formatdomain.html.in
	 *docs/schemas/domaincommon.rng
	        - add schema grammar for the new element and documentation
	  *src/conf/domain_conf.c
	  *src/conf/domain_conf.h
	        - add field to hold the new attribute
	        - add code to parse and create XML with the new attribute

2012-02-02  Laine Stump  <laine@laine.org>

	build: add missing virStorageFileResize to libvirt_private.syms
	This was forgotten when the function was originally written (not
	noticed because it wasn't used at the time). It's required for
	proper compilation with modules enabled after applying the recent
	virStorageVolResize patches.

	build: add missing virCommandAddCap to libvirt_private.syms
	This was forgotten when the function was initially written (not
	noticed because it wasn't used at the time). It's required for proper
	compilation with modules enabled after applying the recent rawio
	patches.

2012-02-01  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Silent bogus warning about unitialized variable
	GCC complaints about uninitialized use of len, which however is only
	used when errors != NULL and in that case len is always initialized.
	It's trivial to silence this by always initializing len.

2012-02-01  Michal Privoznik  <mprivozn@redhat.com>

	daemon: Allow overriding NOFILES ulimit for the daemon as well
	One of my latest patches (d8db0f9690) created support for setting
	the limit for the maximum of opened files by qemu user. However,
	since libvirtd keeps one FD opened per domain (well, for qemu at least)
	it will likely hit this limit on huge scenarios.

2012-02-01  Jiri Denemark  <jdenemar@redhat.com>

	python: Add binding for virDomainGetDiskErrors

	virsh: Implement domblkerror command
	This command lists all disk devices with errors

	qemu: Implement virDomainGetDiskErrors

	Remote protocol for virDomainGetDiskErrors

	virDomainGetDiskErrors public API
	We already provide ways to detect when a domain has been paused as a
	result of I/O error, but there was no way of getting the exact error or
	even the device that experienced it.  This new API may be used for both.

2012-02-01  Alex Jia  <ajia@redhat.com>

	python: correct a copy-paste error
	* python/libvirt-override-virStream.py: fix a copy-paste error in sendAll().

2012-02-01  Michal Privoznik  <mprivozn@redhat.com>

	command: Fix ATTRIBUTE_UNUSED on virSetCapabilities
	If we are building not on a WIN32 architecture and without HAVE_CAPNG
	virSetCapabilities has unused argument and virClearCapabilities
	is unused as well.

	qemu: Clenup qemuDomainSetInterfaceParameters
	which contained some useless lines, copied code, NULL
	dereference.

	qemu: Don't jump to endjob if no job was even started
	In qemuDomainShutdownFlags if we try to use guest agent,
	which has error or is not configured, we jump go endjob
	label even if we haven't started any job yet. This may
	lead to the daemon crash:
	1) virsh shutdown --mode agent on a domain without agent configured
	2) wait until domain quits
	3) virsh edit

2012-02-01  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	qemu: fix my typo at commit 74e034964c32edb1732d0ff7642f3977f3587d72
	Fix my typo at
	  commit 74e034964c32edb1732d0ff7642f3977f3587d72
	"disk->rawio == -1" indicates that this value is not
	specified. So in case of this, domain must not
	be tainted.

2012-02-01  Alex Jia  <ajia@redhat.com>

	simplify block of codes
	Using new function 'virTypedParameterArrayClear' to simplify block of codes.
	* daemon/remote.c, src/remote/remote_driver.c: simplify codes.

2012-02-01  Eric Blake  <eblake@redhat.com>

	build: fix text regression
	Commit 8a09ee410 tickles a bug in libxml2-2.7.6 on RHEL 6.2,
	where libxml2 treats the pattern [^\n] as excluding literal
	backslash and n, instead of the intended newline, thus failing
	to validate any domain name containing 'n'.
	* docs/schemas/domaincommon.rng: Use literal newline instead.

2012-02-01  Laine Stump  <laine@laine.org>

	docs: fill out rawio description
	The original doc entry for rawio didn't mention the values it could
	have, the default, or the fact that setting it to "yes" for one disk
	effectively set it to "yes" for all disks in the domain.

2012-02-01  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	qemu: make qemu processes to retain rawio capability
	This patch revises qemuProcessStart() function for qemu
	processes to retain CAP_SYS_RAWIO if needed.
	And in case of that, add taint flag to domain.

	util: extend virExecWithHook()
	This patch extends virExecWithHook() to receive
	capability information.

	util: add functions to keep capabilities
	This patch introduces virSetCapabilities() function and implements
	virCommandAllowCap() function.
	Existing virClearCapabilities() is function to clear all capabilities.
	Instead virSetCapabilities() is function to set arbitrary capabilities.

	conf: add rawio attribute to disk element of domain XML
	 This patch adds a new attribute "rawio" to the "disk" element
	 of domain XML. Valid values of "rawio" attribute are "yes"
	 and "no".
	 rawio='yes' indicates the disk is desirous of CAP_SYS_RAWIO.
	 If you specify the following XML:
	 <disk type='block' device='lun' rawio='yes'>
	  ...
	 </disk>
	 the domain will be granted CAP_SYS_RAWIO.
	 (of course, the domain have to be executed with root privilege)
	NOTE:
	   - "rawio" attribute is only valid when device='lun'
	   - At the moment, any other disks you won't use rawio can use rawio.

2012-02-01  Zeeshan Ali (Khattak)  <zeeshanak@gnome.org>

	Implement virStorageVolResize() for FS backend
	Currently only VIR_STORAGE_VOL_RESIZE_DELTA flag is supported.

2012-02-01  Eric Blake  <eblake@redhat.com>

	resize: slightly alter signature
	Our existing virDomainBlockResize takes an unsigned long long
	argument; if that command is later taught a DELTA and SHRINK flag,
	we cannot change its type without breaking API (but at least such
	a change would be ABI compatible).  Meanwhile, the only time a
	negative size makes sense is if both DELTA and SHRINK are used
	together, but if we keep the argument unsigned, applications can
	pass the positive delta amount by which they would like to shrink
	the system, and have the flags imply the negative value.  So,
	since this API has not yet been released, and in the interest of
	consistency with existing API, we swap virStorageVolResize to
	always pass an unsigned value.
	* include/libvirt/libvirt.h.in (virStorageVolResize): Use unsigned
	argument.
	* src/libvirt.c (virStorageVolResize): Likewise.
	* src/driver.h (virDrvStorageVolUpload): Adjust clients.
	* src/remote/remote_protocol.x (remote_storage_vol_resize_args):
	Likewise.
	* src/remote_protocol-structs: Regenerate.
	Suggested by Daniel P. Berrange.

2012-01-31  Philipp Hahn  <hahn@univention.de>

	XenXs: Update documentation
	Fix several references to now renamed functions and parameters when the
	functions were moved from src/xen/ to src/xenxs/.

2012-01-31  Laine Stump  <laine@laine.org>

	qemu: add "romfile" support to specify device boot ROM
	This patch addresses: https://bugzilla.redhat.com/show_bug.cgi?id=781562
	Along with the "rombar" option that controls whether or not a boot rom
	is made visible to the guest, qemu also has a "romfile" option that
	allows specifying a binary file to present as the ROM BIOS of any
	emulated or passthrough PCI device. This patch adds support for
	specifying romfile to both passthrough PCI devices, and emulated
	network devices that attach to the guest's PCI bus (just about
	everything other than ne2k_isa).
	One example of the usefulness of this option is described in the
	bugzilla report: 82576 sriov network adapters don't provide a ROM BIOS
	for the cards virtual functions (VF), but an image of such a ROM is
	available, and with this ROM visible to the guest, it can PXE boot.
	In libvirt's xml, the new option is configured like this:
	   <hostdev>
	     ...
	     <rom file='/etc/fake/boot.bin'/>
	     ...
	   </hostdev
	(similarly for <interface>).

	qemu: (and conf) support rombar for network devices
	When support for the rombar option was added, it was only added for
	PCI passthrough devices, configured with <hostdev>. The same option is
	available for any network device that is attached to the guest's PCI
	bus. This patch allows setting rombar for any PCI network device type.
	After adding cases to test this to qemuxml2argv-hostdev-pci-rombar.*,
	I decided to rename those files (to qemuxml2argv-pci-rom.*) to more
	accurately reflect the additional tests, and also noticed that up to
	now we've only been performing a domainschematest for that case, so I
	added the "pci-rom" test to both qemuxml2argv and qemuxml2xml (and in
	the process found some bugs whose fixes I squashed into previous
	commits of this series).

	conf: relocate rombar and boot order parse/format
	Since these two items are now in the virDomainDeviceInfo struct, it
	makes sense to parse/format them in the functions written to
	parse/format that structure. Not all types of devices allow them, so
	two internal flags are added to indicate when it is appropriate to do
	so.
	I was lucky - only one test case needed to be re-ordered!

	conf: put all guest-related HostdevDef data in one object
	To help consolidate the commonality between virDomainHostdevDef and
	virDomainNetDef into as few members as possible (and because I
	think it makes sense), this patch moves the rombar and bootIndex
	members into the "info" member that is common to both (and to all the
	other structs that use them).
	It's a bit problematic that this gives rombar and bootIndex to many
	device types that don't use them, but this is already the case for the
	master and mastertype members of virDomainDeviceInfo, and is properly
	commented as such in the definition.
	Note that this opens the door to supporting rombar for other devices
	that are attached to the guest PCI bus - virtio-blk-pci,
	virtio-net-pci, various other network adapters - which which have that
	capability in qemu, but previously had no support in libvirt.

	conf: remove duplicate call to VIR_FREE(info->alias)
	There is another identical call 4 lines up in the same function.

2012-01-30  Hendrik Schwartke  <hendrik@os-t.de>

	qemu: Fix segfault in qemuMonitorTextGetBlockInfo
	If some error occurs then the cleanup code calls VIR_FREE(info)
	without ensuring that info is initialized.

2012-01-30  Cole Robinson  <crobinso@redhat.com>

	xen: Don't add <console> to xml for dom0
	It just doesn't really make sense and confuses virt-manager

2012-01-30  Daniel P. Berrange  <berrange@redhat.com>

	Add virt-host-validate.1 to Mingw32 RPM spec file list

2012-01-29  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	remote handler for virDomainGetCPUStats()
	Unlike other users of virTypedParameter with RPC, this interface
	can return zero-filled entries because the interface assumes
	2 dimensional array. We compress these entries out from the
	server when generating the over-the-wire contents, then reconstitute
	them in the client.

2012-01-28  Eric Blake  <eblake@redhat.com>

	docs: reorder public header
	The bottom of the public header is reserved for deprecated APIs;
	it's nicer to arrange things in logical groups.
	* include/libvirt/libvirt.h.in (virConnectSetKeepAlive)
	(virDomainGetCPUStats): Float earlier in the file.

	docs: tweak recent suspend API additions
	* src/libvirt.c (virDomainPMSuspendForDuration): Clarify usage.

2012-01-28  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	Add new public API virDomainGetCPUStats()
	add new API virDomainGetCPUStats() for getting cpu accounting information
	per real cpus which is used by a domain.  The API is designed to allow
	future extensions for additional statistics.
	based on ideas by Lai Jiangshan and Eric Blake.
	* src/libvirt_public.syms: add API for LIBVIRT_0.9.10
	* src/libvirt.c: define virDomainGetCPUStats()
	* include/libvirt/libvirt.h.in: add virDomainGetCPUStats() header
	* src/driver.h: add driver API
	* python/generator.py: add python API (as not implemented)

2012-01-28  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Expose new virDomainPMSuspendForDuration API
	under new command "dompmsuspend"

	Introduce virDomainPMSuspendForDuration API
	This API allows a domain to be put into one of S# ACPI states.
	Currently, S3 and S4 are supported. These states are shared
	with virNodeSuspendForDuration.
	However, for now we don't support any duration other than zero.
	The same apply for flags.

2012-01-28  Zeeshan Ali (Khattak)  <zeeshanak@gnome.org>

	resize: implement remote protocol for virStorageVolResize()
	Autogeneration saves the day.

	resize: add virStorageVolResize() API
	Add a new function to allow changing of capacity of storage volumes.
	Plan out several flags, even if not all of them will be implemented
	up front.
	Expose the new command via 'virsh vol-resize'.

2012-01-28  Eric Blake  <eblake@redhat.com>

	tests: fix reversed comparisons
	Otherwise, a failed test gives misleading output.
	* tests/commandtest.c (test13, test14, test16): Pass arguments in
	correct order.

2012-01-28  Cole Robinson  <crobinso@redhat.com>

	Return more error output if policykit auth fails.
	Several not uncommon issues can be diagnosed through pkcheck output, like
	lack of/malfunctioning desktop agent, or lack of/malfunctioning polkit
	dbus agent.

	Add new error code VIR_ERROR_AUTH_CANCELLED
	And hook it up for policykit auth. This allows virt-manager to detect
	that the user clicked the policykit 'cancel' button and not throw
	an 'authentication failed' error message at the user.

2012-01-28  Eric Blake  <eblake@redhat.com>

	qemu: avoid double free of qemu help output
	If yajl was not compiled in, we end up freeing an incoming
	parameter, which leads to a bogus free later on.  Regression
	introduced in commit 6e769eb.
	* src/qemu/qemu_capabilities.c (qemuCapsParseHelpStr): Avoid alloc
	on failure path, which in turn fixes bogus free.
	Reported by Cole Robinson.

	build: fix missing include
	Fix a build failure:
	virt-host-validate.c: In function 'main':
	virt-host-validate.c:82:5: error: implicit declaration of function 'setlocale' [-Werror=implicit-function-declaration]
	virt-host-validate.c:82:5: error: nested extern declaration of 'setlocale' [-Werror=nested-externs]
	virt-host-validate.c:82:20: error: 'LC_ALL' undeclared (first use in this function)
	* tools/virt-host-validate.c: Add <locale.h>.
	* .gitignore: Ignore built executable.

	xml: fix struct typos
	Noticed this while reviewing Dan's patches.
	* src/util/xml.c (virXMLRewritFileData): Rename to
	virXMLRewriteFileData.

2012-01-28  Daniel P. Berrange  <berrange@redhat.com>

	Move virEmitXMLWarning into xml.h
	The virEmitXMLWarning function should always have been in
	the xml.[hc] files, and should use virXML as its name
	prefix
	* src/util/util.c, src/util/util.h: Remove virEmitXMLWarning
	* src/util/xml.c, src/util/xml.h: Add virXMLEmitWarning

	Move virMacAddrXXX functions to src/util/virmacaddr.[ch]
	Move the virMacAddrXXX functions out of util.[ch] and into a
	new dedicate file virmacaddr.[ch]

	Rename virXXXXMacAddr to virMacAddrXXX
	Rename virFormatMacAddr, virGenerateMacAddr and virParseMacAddr
	to virMacAddrFormat, virMacAddrGenerate and virMacAddrParse
	respectively

	Add a virt-host-validate command to sanity check HV config
	To assist people in verifying that their host is operating in an
	optimal manner, provide a 'virt-host-validate' command. For each
	type of hypervisor, it will check any pre-requisites, or other
	good recommendations and report what's working & what is not.
	eg
	  # virt-host-validate
	  QEMU: Checking for device /dev/kvm                                         : FAIL (Check that the 'kvm-intel' or 'kvm-amd' modules are loaded & the BIOS has enabled virtualization)
	  QEMU: Checking for device /dev/vhost                                       : WARN (Load the 'vhost_net' module to improve performance of virtio networking)
	  QEMU: Checking for device /dev/net/tun                                     : PASS
	   LXC: Checking for Linux >= 2.6.26                                         : PASS
	This warns people if they have vmx/svm, but don't have /dev/kvm. It
	also warns about missing /dev/vhost net.

2012-01-27  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: parse and create -cpu ...,-kvmclock
	QEMU supports a bunch of CPUID features that are tied to the kvm CPUID
	nodes rather than the processor's.  They are "kvmclock",
	"kvm_nopiodelay", "kvm_mmu", "kvm_asyncpf".  These are not known to
	libvirt and their CPUID leaf might move if (for example) the Hyper-V
	extensions are enabled. Hence their handling would anyway require some
	special-casing.
	However, among these the most useful is kvmclock; an additional
	"property" of this feature is that a <timer> element is a better model
	than a CPUID feature.  Although, creating part of the -cpu command-line
	from something other than the <cpu> XML element introduces some
	ugliness.
	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

	conf: add kvmclock timer
	Add kvmclock timer to documentation, schema and parsers.  Keep the
	platform timer first since it is kind of special, and alphabetize
	the others when possible (i.e. when it does not change the ABI).
	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

	qemu: do not create useless <cpu> element
	Avoid creating an empty <cpu> element when the QEMU command-line simply
	specifies the default "-cpu qemu32" or "-cpu qemu64".
	This requires the previous patch, which lets us represent "-cpu qemu32"
	as <os arch='i686'> in the generated XML.

	qemu: get arch name from <cpu> element
	The qemu32 CPU model is chosen based on the <os arch=...> name when
	creating the QEMU command line for a 64-bit host.  For the opposite
	transformation we can test the guest CPU model for the "lm" feature.
	If it is absent, def->os.arch needs to be corrected.

	qemu: detect arch correctly for KVM
	When running under KVM, the arch is usually set to i686 because
	the name of the emulator is not qemu-system-x86_64.  Use the host
	arch instead.

	x86: add kvm32 and kvm64, update qemu64
	Recently (or not so recently) QEMU added the kvm32 and kvm64
	architectures, representing a least common denominator of all
	hosts that can run KVM.  Add them to the machine map.
	Also, some features that TCG supports were added to qemu64.
	Add them to the cpu_map.xml whenever KVM is guaranteed to support
	those.  We still have to leave some out, because they would not
	be available to guests running on older hosts.

	qemu: parse -enable-kvm

2012-01-27  Eric Blake  <eblake@redhat.com>

	qemu: require qmp on new enough qemu
	The qemu developers have made it clear that modern qemu will no
	longer guarantee human monitor command stability; furthermore,
	some features, such as async events, are only supported via qmp.
	If we are compiled without support for handling JSON, we cannot
	expect to sanely interact with modern qemu.
	However, things must continue to build on RHEL 5, where qemu
	is stuck at 0.10, and where yajl is not available.
	Another benefit of this patch: future additions of new monitor
	commands need only focus on qemu_monitor_json.c, instead of
	also wasting time with qemu_monitor_text.c.
	* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Report
	error if yajl is missing but qemu requires qmp.
	(qemuCapsParseHelpStr): Propagate error.
	(qemuCapsExtractVersionInfo): Update caller.
	* tests/qemuhelptest.c (testHelpStrParsing): Likewise.

	qemu: support qmp on RHEL/CentOS qemu
	I'm getting tired of remembering to backport RHEL-specific
	patches when building upstream libvirt on RHEL 6.x or CentOS.
	All the affected versions of RHEL qemu-kvm have backported
	enough patches to a) make JSON useful, and b) modify the
	-help text to mention libvirt as the preferred interface;
	which means this string in the help output is a reliable
	indicator that we can outsmart a strict version check,
	even when upstream qemu 0.12 lacked the needed features.
	* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags):
	Recognize particular help string present when enough features were
	backported to be worth using JSON.
	* tests/qemuhelptest.c (mymain): Update tests accordingly.

2012-01-27  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Rebuild filters only if new filter is different than current
	Compare two filters' XML for equality and only rebuild/instantiate the new
	filter if the new and current filters are found to be different. This
	improves performance during an update of a filter with no obvious change
	or the reloading of filters during a 'kill -SIGHUP'

	nwfilter: Force instantiation of filters upon driver reload
	Introduce a function that rebuilds all running VMs' filters. Call
	this function when reloading the nwfilter driver.
	This addresses a problem introduced by the 2nd patch that typically
	causes no filters to be reinstantiate anymore upon driver reload
	since their XML has not changed. Yet the current behavior is that
	upon a SIGHUP all filters get reinstantiated.

2012-01-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Refactor qemuMonitorGetBlockInfo
	QEMU always sends details about all available block devices as an answer
	for "info block"/"query-block" command. On the other hand, our
	qemuMonitorGetBlockInfo was made for a single block devices queries
	only. Thus, when asking for multiple devices, we asked qemu multiple
	times to always get the same answer from which different parts were
	filtered. This patch makes qemuMonitorGetBlockInfo return a hash table
	of all block devices, which may later be used for getting details about
	specific devices.

	apparmor: Fix use of uninitialized random_data
	Without this, virt-aa-helper would segfault in -c or -r commands.

2012-01-27  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	Update VIRT_CONTROL audit record with pid.
	Added a new field "vm-pid" to the VIRT_CONTROL audit record. This information
	is useful to correlated another audit events to the events generated by
	libvirt.

2012-01-27  Eric Blake  <eblake@redhat.com>

	build: allow for 64-bit pid in daemon
	Convert daemon code to handle 64-bit pid_t (even though at the
	moment, it is not compiled on mingw).
	* daemon/remote.c (remoteDispatchAuthList)
	(remoteDispatchAuthPolkit): Print pid_t via %lld.

	daemon: convert virRun to virCommand
	Using snprintf to build up argv seems archaic.
	* daemon/remote.c (remoteDispatchAuthPolkit): Modernize command call.

	hash: minor touchups
	On RHEL5, I got:
	util/virrandom.c:66: warning: nested extern declaration of '_gl_verify_function66' [-Wnested-externs]
	The fix is to hoist the verify earlier.  Also some other hodge-podge
	fixes I noticed while reviewing Dan's recent series.
	* .gitignore: Ignore new test.
	* src/util/cgroup.c: Bump copyright year.
	* src/util/virhash.c: Fix typo in description.
	* src/util/virrandom.c (virRandomBits): Mark doc comment, and
	hoist assert to silence older gcc.

2012-01-27  Michal Privoznik  <mprivozn@redhat.com>

	util: Include stdint.h because of uint32_t
	Some files are using uint32_t or int64_t without including
	stdint.h which defines them. Fix this.

2012-01-26  Daniel P. Berrange  <berrange@redhat.com>

	Remove tabs from libvirt_public.syms & enforce it
	* src/libvirt_public.syms: Death to tabs
	* cfg.mk: Check .syms files for tabs

	Add missing docs for <viridian/> feature flag

	Replace hashing algorithm with murmurhash
	Recent discussions have illustrated the potential for DOS attacks
	with the hash table implementations used by most languages and
	libraries.
	   https://lwn.net/Articles/474912/
	libvirt has an internal hash table impl, and uses hash tables for
	a variety of purposes. The hash key generation code is pretty
	simple and thus not strongly collision resistant.
	This patch replaces the current libvirt hash key generator with
	the (public domain) Murmurhash3 code. In addition every hash
	table now gets a random seed value which is used to perturb the
	hashing code. This should make it impossible to mount any
	practical attack against libvirt hashing code.
	* bootstrap.conf: Import bitrotate module
	* src/Makefile.am: Add virhashcode.[ch]
	* src/util/util.c: Make virRandom() return a fixed 32 bit
	  integer value.
	* src/util/hash.c, src/util/hash.h, src/util/cgroup.c: Replace
	  hash code generation with a call to virHashCodeGen()
	* src/util/virhashcode.h, src/util/virhashcode.c: Add a new
	  virHashCodeGen() API using the Murmurhash3 algorithm.

	Rename  hash.h and hash.c to virhash.h and virhash.c
	In preparation for the patch to include Murmurhash3, which
	introduces a virhashcode.h and virhashcode.c files, rename
	the existing hash.h and hash.c to virhash.h and virhash.c
	respectively.

	Convert various virHash functions to use size_t / uint32
	In preparation for conversion over to use the Murmurhash3
	algorithm, convert various virHash APIs to use size_t or
	uint32 for their return values/parameters, instead of the
	variable size 'unsigned long' or 'int' types

	Introduce new API for generating random numbers
	The old virRandom() API was not generating good random numbers.
	Replace it with a new API virRandomBits which instead of being
	told the upper limit, gets told the number of bits of randomness
	required.
	* src/util/virrandom.c, src/util/virrandom.h: Add virRandomBits,
	  and move virRandomInitialize
	* src/util/util.h, src/util/util.c: Delete virRandom and
	  virRandomInitialize
	* src/libvirt.c, src/security/security_selinux.c,
	  src/test/test_driver.c, src/util/iohelper.c: Update for
	  changes from virRandom to virRandomBits
	* src/storage/storage_backend_iscsi.c: Remove bogus call
	  to virRandomInitialize & convert to virRandomBits

2012-01-26  Peter Krempa  <pkrempa@redhat.com>

	schema: Relax schema for domain name
	The domain schema enforced restrictions on the domain name string that
	the code doesn't. This patch relaxes the check, leaving the restrictions
	on the driver or hypervisor. The only invalid character is a newline.

2012-01-26  Michal Privoznik  <mprivozn@redhat.com>

	storage: Support different wiping algorithms
	Currently, we support only filling a volume with zeroes on wiping.
	However, it is not enough as data might still be readable by
	experienced and equipped attacker. Many technical papers have been
	written, therefore we should support other wiping algorithms.

2012-01-26  Eric Blake  <eblake@redhat.com>

	docs: fix virsh man page
	Typo introduced in commit 4e9953a, and remained in 6fba577.
	* tools/virsh.pod (snapshot-create): Fix pod error.

2012-01-26  Marc-André Lureau  <marcandre.lureau@gmail.com>

	Cast pointer to int using intptr_t
	Fix a few warnings with mingw64 x86_64.

2012-01-26  Eric Blake  <eblake@redhat.com>

	build: fix header order on mingw
	In file included from ../gnulib/lib/unistd.h:51:0,
	                 from ../src/util/util.h:30,
	                 from rpc/virkeepalive.c:29:
	/usr/x86_64-w64-mingw32/sys-root/mingw/include/winsock2.h:15:2: warning: #warning Please include winsock2.h before windows.h [-Wcpp]
	Reported by Marc-André Lureau.
	* src/util/threads-win32.h (includes): Pick up winsock2.h before
	windows.h, as required by mingw64.

2012-01-26  Marc-André Lureau  <marcandre.lureau@gmail.com>

	errcode is typedef by mingw, rename an argument name
	Fixes the following warning:
	util/virterror.c:1242:31: warning: declaration of 'errcode' shadows a global declaration [-Wshadow]

	Add missing virGetGroupName()
	Add missing function if !HAVE_GETPWUID_R.

2012-01-26  Cole Robinson  <crobinso@redhat.com>

	storage: Fix any VolLookupByPath if we have an empty logical pool
	On F16 at least, empty volume groups don't have a directory under /dev.
	The directory only appears once a logical volume is created.
	This tickles some behavior in BackendStablePath which ends with
	libvirt sleeping for 5 seconds while waiting for the directory to appear.
	This causes all sorts of problems for the virStorageVolLookupByPath API
	which virtinst uses, even if trying to resolve a path that is independent
	of the logical pool.
	In reality we don't even need to do that checking since logical pools
	always have a stable target path. Short circuit the polling in that
	case.
	Fixes bug 782261

2012-01-25  Eric Blake  <eblake@redhat.com>

	lxc: export container=lxc-libvirt for systemd
	Systemd detects containers based on whether they have
	an environment variable starting with 'container=lxc';
	using a longer name fits the expectations, while also
	allowing detection of who created the container.
	Requested by Lennart Poettering, in response to
	https://bugs.freedesktop.org/show_bug.cgi?id=45175
	* src/lxc/lxc_container.c (lxcContainerBuildInitCmd): Add another
	env-var.

2012-01-25  Daniel P. Berrange  <berrange@redhat.com>

	Don't bind mount onto a char device for /dev/ptmx in LXC
	The current setup code for LXC is bind mounting /dev/pts/ptmx
	on top of a character device /dev/ptmx. This is denied by SELinux
	policy and is just wrong. The target of a bind mount should just
	be a plain file
	* src/lxc/lxc_container.c: Don't bind /dev/pts/ptmx onto
	  a char device

	Add virFileTouch for creating empty files
	Add a virFileTouch API which ensures that a file will always
	exist, even if zero length
	* src/util/virfile.c, src/util/virfile.h,
	  src/libvirt_private.syms: Introduce virFileTouch

2012-01-25  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Expose new VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE flag
	to cmdSnapshotCreate and cmdSnapshotCreateAs.

	snapshots: Introduce VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE flag
	With this flag, virDomainSnapshotCreate will use fs-freeze and
	fs-thaw guest agent commands to quiesce guest's disks.

	qemu_agent: Create file system freeze and thaw functions
	These functions simply issue command to guest agent which
	should freeze or unfreeze all file systems within guest.

2012-01-25  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Emit bootindex even for direct boot
	Direct boot (using kernel, initrd, and command line) is used by
	virt-install/virt-manager for network install. While any bootindex has
	no direct effect since -kernel is always first, we need it as a hint for
	SeaBIOS to present disks in the same order as they will be presented
	during normal boot.

2012-01-25  Laine Stump  <laine@laine.org>

	docs: fix a few small typos in formatdomain.html.in

2012-01-25  Eric Blake  <eblake@redhat.com>

	metadata: group metadata next to description
	It's better to group all the metadata together.  This is a
	cosmetic output change; since the RNG allows interleave, it
	doesn't matter where the user stuck it on input, and an XPath
	query will find the same information when parsing the output.
	* src/conf/domain_conf.c (virDomainDefFormatInternal): Output
	metadata earlier.
	* docs/formatdomain.html.in: Update documentation.
	* tests/domainsnapshotxml2xmlout/metadata.xml: Update test.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-metadata.xml: Likewise.

	build: simplify xmlFreeNode usage
	Noticed while reviewing the previous patch; thankfully, there
	are no violations.
	* cfg.mk (useless_free_options): Add xmlFreeNode.

2012-01-25  Zeeshan Ali (Khattak)  <zeeshanak@gnome.org>

	Allow custom metadata in domain configuration XML
	Applications can now insert custom nodes and hierarchies into domain
	configuration XML. Although currently not enforced, applications are
	required to use their own namespaces on every custom node they insert,
	with only one top-level element per namespace.

2012-01-25  Laszlo Ersek  <lersek@redhat.com>

	virCommandProcessIO(): make poll() usage more robust
	POLLIN and POLLHUP are not mutually exclusive. Currently the following
	seems possible: the child writes 3K to its stdout or stderr pipe, and
	immediately closes it. We get POLLIN|POLLHUP (I'm not sure that's possible
	on Linux, but SUSv4 seems to allow it). We read 1K and throw away the
	rest.
	When poll() returns and we're about to check the /revents/ member in a
	given array element, let's map all the revents bits to two (independent)
	ideas: "let's attempt to read()", and "let's attempt to write()". This
	should cover all errors, EOFs, and normal conditions; the read()/write()
	call should report any pending error.
	Under this approach, both POLLHUP and POLLERR are mapped to "needs read()"
	if we're otherwise prepared for POLLIN. POLLERR also maps to "needs
	write()" if we're otherwise prepared for POLLOUT. The rest of the mappings
	(POLLPRI etc.) would be easy, but probably useless for pipes.
	Additionally, SUSv4 doesn't appear to forbid POLLIN|POLLERR (or
	POLLOUT|POLLERR) set simultaneously. One could argue that the read() or
	write() call would return without blocking in these cases (with an error),
	so POLLIN / POLLOUT would be justified beside POLLERR.
	The code now penalizes POLLIN|POLLERR differently from plain POLLERR. The
	former (ie. read() returning -1) is terminal and we jump to cleanup, while
	plain POLLERR masks only the affected file descriptor for the future.
	Let's unify those.

2012-01-24  Alon Levy  <alevy@redhat.com>

	src/datatypes.h: fix typo

2012-01-24  Daniel P. Berrange  <berrange@redhat.com>

	Allow choice of shutdown method via virsh
	Extend the 'shutdown' and 'reboot' methods so that they both
	accept a new argument
	    --mode acpi|agent
	* tools/virsh.c: New args for shutdown/reboot
	* tools/virsh.pod: Document new args

	Wire up QEMU agent to reboot/shutdown APIs
	This makes use of the QEMU guest agent to implement the
	virDomainShutdownFlags and virDomainReboot APIs. With
	no flags specified, it will prefer to use the agent, but
	fallback to ACPI. Explicit choice can be made by using
	a suitable flag
	* src/qemu/qemu_driver.c: Wire up use of agent

	Add new virDomainShutdownFlags API
	Add a new API virDomainShutdownFlags and define:
	    VIR_DOMAIN_SHUTDOWN_DEFAULT        = 0,
	    VIR_DOMAIN_SHUTDOWN_ACPI_POWER_BTN = (1 << 0),
	    VIR_DOMAIN_SHUTDOWN_GUEST_AGENT    = (1 << 1),
	Also define some flags for the reboot API
	    VIR_DOMAIN_REBOOT_DEFAULT        = 0,
	    VIR_DOMAIN_REBOOT_ACPI_POWER_BTN = (1 << 0),
	    VIR_DOMAIN_REBOOT_GUEST_AGENT    = (1 << 1),
	Although these two APIs currently have the same flags, using
	separate enums allows them to expand separately in the future.
	Add stub impls of the new API for all existing drivers

	QEMU guest agent support
	There is now a standard QEMU guest agent that can be installed
	and given a virtio serial channel
	    <channel type='unix'>
	      <source mode='bind' path='/var/lib/libvirt/qemu/f16x86_64.agent'/>
	      <target type='virtio' name='org.qemu.guest_agent.0'/>
	    </channel>
	The protocol that runs over the guest agent is JSON based and
	very similar to the JSON monitor. We can't use exactly the same
	code because there are some odd differences in the way messages
	and errors are structured. The qemu_agent.c file is based on
	a combination and simplification of qemu_monitor.c and
	qemu_monitor_json.c
	* src/qemu/qemu_agent.c, src/qemu/qemu_agent.h: Support for
	  talking to the agent for shutdown
	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add thread
	  helpers for talking to the agent
	* src/qemu/qemu_process.c: Connect to agent whenever starting
	  a guest
	* src/qemu/qemu_monitor_json.c: Make variable static

2012-01-24  Michal Privoznik  <mprivozn@redhat.com>

	hashtest: Initialize variable in virHashEqual test
	One of latest patches (b7bcb22ce2) enhanced testing for virHashEqual.
	However, hash2 variable might be used uninitialized.

2012-01-24  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add test case for virHashEqual function
	Add a test case to test the virHashEqual function.

	Compare two hash tables for equality
	Add function to compare two hash tables for equality.

2012-01-23  Eric Blake  <eblake@redhat.com>

	build: skip lxc with too-old glibc
	Since we already require the kernel to be new enough to support
	LO_FLAGS_AUTOCLEAR, we might as well also require glibc to be
	new enough to support epoll_create1().
	* configure.ac (with_lxc): We require glibc 2.9 for LXC.
	Reported and tested by Philipp Hahn.

2012-01-23  Guido Günther  <agx@sigxcpu.org>

	xen: Don't crash when we fail to init caps
	by dereferencing a NULL pointer in the call to
	virNodeSuspendGetTargetMask.

2012-01-21  Guido Günther  <agx@sigxcpu.org>

	xen: properly report out of memory when hvm_type is too small

2012-01-21  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	virsh: let domif-{get,set}link take target name
	Other virsh domifXXX commands can accept target name
	as a parameter to specify interface. From viewpoint of
	consistency, virsh domif-getlink command should accept
	target name as a parameter. This patch achieves this.

2012-01-21  Eric Blake  <eblake@redhat.com>

	maint: cleanup qemu capabilities
	Fix inconsistent whitespace and long lines.
	* src/qemu/qemu_capabilities.h (qemuCapsFlags): Improve formatting.

	maint: enforce use of _LAST marker
	When converting a linear enum to a string, we have checks in
	place in the VIR_ENUM_IMPL macro to ensure that there is one
	string for every value, which lets us quickly flag if a user
	added a value but forgot to add a counterpart string.  However,
	this only works if we use the _LAST marker.
	* cfg.mk (sc_require_enum_last_marker): New syntax check.
	* src/conf/domain_conf.h (virDomainSnapshotState): Add new marker.
	* src/conf/domain_conf.c (virDomainSnapshotState): Fix offender.
	* src/qemu/qemu_monitor_json.c (qemuMonitorWatchdogAction)
	(qemuMonitorIOErrorAction, qemuMonitorGraphicsAddressFamily):
	Likewise.
	* src/util/virtypedparam.c (virTypedParameter): Likewise.

	API: make declaration of _LAST enum values conditional
	Although this is a public API break, it only affects users that
	were compiling against *_LAST values, and can be trivially
	worked around without impacting compilation against older
	headers, by the user defining VIR_ENUM_SENTINELS before using
	libvirt.h.  It is not an ABI break, since enum values do not
	appear as .so entry points.  Meanwhile, it prevents users from
	using non-stable enum values without explicitly acknowledging
	the risk of doing so.
	See this list discussion:
	https://www.redhat.com/archives/libvir-list/2012-January/msg00804.html
	* include/libvirt/libvirt.h.in: Hide all sentinels behind
	LIBVIRT_ENUM_SENTINELS, and add missing sentinels.
	* src/internal.h (VIR_DEPRECATED): Allow inclusion after
	libvirt.h.
	(LIBVIRT_ENUM_SENTINELS): Expose sentinels internally.
	* daemon/libvirtd.h: Use the sentinels.
	* src/remote/remote_protocol.x (includes): Don't expose sentinels.
	* python/generator.py (enum): Likewise.
	* tests/cputest.c (cpuTestCompResStr): Silence compiler warning.
	* tools/virsh.c (vshDomainStateReasonToString)
	(vshDomainControlStateToString): Likewise.

2012-01-20  Eric Blake  <eblake@redhat.com>

	error: drop old-style error reporting
	While we still don't want to enable gcc's new -Wformat-literal
	warning, I found a rather easy case where the warning could be
	reduced, by getting rid of obsolete error-reporting practices.
	This is the last place where we were passing the (unused) net
	and conn arguments for constructing an error.
	* src/util/virterror_internal.h (virErrorMsg): Delete prototype.
	(virReportError): Delete macro.
	* src/util/virterror.c (virErrorMsg): Make static.
	* src/libvirt_private.syms (virterror_internal.h): Drop export.
	* src/util/conf.c (virConfError): Convert to macro.
	(virConfErrorHelper): New function, and adjust error calls.
	* src/xen/xen_hypervisor.c (virXenErrorFunc): Delete.
	(xenHypervisorGetSchedulerType)
	(xenHypervisorGetSchedulerParameters)
	(xenHypervisorSetSchedulerParameters)
	(xenHypervisorDomainBlockStats)
	(xenHypervisorDomainInterfaceStats)
	(xenHypervisorDomainGetOSType)
	(xenHypervisorNodeGetCellsFreeMemory, xenHypervisorGetVcpus):
	Update callers.

	util: use new virTypedParameter helpers
	Reusing common code makes things smaller; it also buys us some
	additional safety, such as now rejecting duplicate parameters
	during a set operation.
	* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters)
	(qemuDomainSetMemoryParameters, qemuDomainSetNumaParameters)
	(qemuSetSchedulerParametersFlags)
	(qemuDomainSetInterfaceParameters, qemuDomainSetBlockIoTune)
	(qemuDomainGetBlkioParameters, qemuDomainGetMemoryParameters)
	(qemuDomainGetNumaParameters, qemuGetSchedulerParametersFlags)
	(qemuDomainBlockStatsFlags, qemuDomainGetInterfaceParameters)
	(qemuDomainGetBlockIoTune): Use new helpers.
	* src/esx/esx_driver.c (esxDomainSetSchedulerParametersFlags)
	(esxDomainSetMemoryParameters)
	(esxDomainGetSchedulerParametersFlags)
	(esxDomainGetMemoryParameters): Likewise.
	* src/libxl/libxl_driver.c
	(libxlDomainSetSchedulerParametersFlags)
	(libxlDomainGetSchedulerParametersFlags): Likewise.
	* src/lxc/lxc_driver.c (lxcDomainSetMemoryParameters)
	(lxcSetSchedulerParametersFlags, lxcDomainSetBlkioParameters)
	(lxcDomainGetMemoryParameters, lxcGetSchedulerParametersFlags)
	(lxcDomainGetBlkioParameters): Likewise.
	* src/test/test_driver.c (testDomainSetSchedulerParamsFlags)
	(testDomainGetSchedulerParamsFlags): Likewise.
	* src/xen/xen_hypervisor.c (xenHypervisorSetSchedulerParameters)
	(xenHypervisorGetSchedulerParameters): Likewise.

	util: add new file for virTypedParameter utils
	Preparation for another patch that refactors common patterns
	into the new file for fewer lines of code overall.
	* src/util/util.h (virTypedParameterArrayClear): Move...
	* src/util/virtypedparam.h: ...to new file.
	(virTypedParameterArrayValidate, virTypedParameterAssign): New
	prototypes.
	* src/util/util.c (virTypedParameterArrayClear): Likewise.
	* src/util/virtypedparam.c: New file.
	* po/POTFILES.in: Mark file for translation.
	* src/Makefile.am (UTIL_SOURCES): Build it.
	* src/libvirt_private.syms (util.h): Split...
	(virtypedparam.h): to new section.
	(virkeycode.h): Sort.
	* daemon/remote.c: Adjust callers.
	* tools/virsh.c: Likewise.

	lxc: use live/config helper
	Based on qemu changes made in commits ae523427 and 659ded58.
	* src/lxc/lxc_driver.c (lxcSetSchedulerParametersFlags)
	(lxcGetSchedulerParametersFlags, lxcDomainSetBlkioParameters)
	(lxcDomainGetBlkioParameters): Use helpers.
	(lxcDomainSetBlkioParameters): Allow setting live and config at
	once.

	build: silence some compiler warnings from gnulib
	Gnulib claims that there are some classes of warnings that are
	worth enabling during development, but where silencing those
	warnings causes code bloat that is not necessary in an optimized
	build.  The code bloat to silence the warnings is only enabled
	by -Dlint.  Follow the lead of coreutils in setting up -Dlint
	whenever full warnings are requested.
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Add
	-Dlint, and move _FORTIFY_SOURCE to config.h instead of CFLAGS.

	threads: check for failure to set thread-local value
	We had a memory leak on a very arcane OOM situation (unlikely to ever
	hit in practice, but who knows if libvirt.so would ever be linked
	into some other program that exhausts all thread-local storage keys?).
	I found it by code inspection, while analyzing a valgrind report
	generated by Alex Jia.
	* src/util/threads.h (virThreadLocalSet): Alter signature.
	* src/util/threads-pthread.c (virThreadHelper): Reduce allocation
	lifetime.
	(virThreadLocalSet): Detect failure.
	* src/util/threads-win32.c (virThreadLocalSet): Likewise.
	(virCondWait): Fix caller.
	* src/util/virterror.c (virLastErrorObject): Likewise.

2012-01-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix rpc generator to anchor matches for method names
	The RPC generator transforms methods matching certain
	patterns like 'id' or 'uuid', etc but does not anchor
	its matches to the end of the word. So if a method
	contains 'id' in the middle (eg virIdentity) then the
	RPC generator munges that.
	* src/rpc/gendispatch.pl: Anchor matches

	Rename APIs for fetching UNIX socket credentials
	To avoid a namespace clash with forthcoming identity APIs,
	rename the virNet*GetLocalIdentity() APIs to have the form
	virNet*GetUNIXIdentity()
	* daemon/remote.c, src/libvirt_private.syms: Update
	  for renamed APIs
	* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h,
	  src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: s/LocalIdentity/UNIXIdentity/

	Add virGetGroupName to convert from GID to group name

	Remove duplicate call to virNetSASLSessionGetIdentity
	* daemon/remote.c: remoteSASLFinish called the method
	  virNetSASLSessionGetIdentity twice, remove second call

	Also retrieve GID from SO_PEERCRED
	* daemon/remote.c, src/rpc/virnetserverclient.c,
	  src/rpc/virnetserverclient.h, src/rpc/virnetsocket.c,
	  src/rpc/virnetsocket.h: Add gid parameter

2012-01-19  Martin Kletzander  <mkletzan@redhat.com>

	Added capability checking for block <iotune> setting.
	There was missing capability for blkiotune and thus specifying these
	settings caused libvirt to run qemu with invalid parameters and then
	reporting qemu error instead of the standard libvirt one. The support
	for blkiotune setting was added in upstream qemu repo under commit
	0563e191516289c9d2f282a8c50f2eecef2fa773.

2012-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix startup of LXC containers with filesystems containing symlinks
	Given an LXC guest with a root filesystem path of
	  /export/lxc/roots/helloworld/root
	During startup, we will pivot the root filesystem to end up
	at
	  /.oldroot/export/lxc/roots/helloworld/root
	We then try to open
	  /.oldroot/export/lxc/roots/helloworld/root/dev/pts
	Now consider if '/export/lxc' is an absolute symlink pointing
	to '/media/lxc'. The kernel will try to open
	  /media/lxc/roots/helloworld/root/dev/pts
	whereas it should be trying to open
	  /.oldroot//media/lxc/roots/helloworld/root/dev/pts
	To deal with the fact that the root filesystem can be moved,
	we need to resolve symlinks in *any* part of the filesystem
	source path.
	* src/libvirt_private.syms, src/util/util.c,
	  src/util/util.h: Add virFileResolveAllLinks to resolve
	  all symlinks in a path
	* src/lxc/lxc_container.c: Resolve all symlinks in filesystem
	  paths during startup

2012-01-18  Osier Yang  <jyang@redhat.com>

	qemu: Prohibit reattaching node device if it is in use
	It doesn't make sense to reattach a device to host while it's
	still in use, e.g, by a domain.

	qemu: Introduce inactive PCI device list
	pciTrySecondaryBusReset checks if there is active device on the
	same bus, however, qemu driver doesn't maintain an effective
	list for the inactive devices, and it passes meaningless argument
	for parameter "inactiveDevs". e.g. (qemuPrepareHostdevPCIDevices)
	if (!(pcidevs = qemuGetPciHostDeviceList(hostdevs, nhostdevs)))
	    return -1;
	..skipped...
	if (pciResetDevice(dev, driver->activePciHostdevs, pcidevs) < 0)
	    goto reattachdevs;
	NB, the "pcidevs" used above are extracted from domain def, and
	thus one won't be able to attach a device of which bus has other
	device even detached from host (nodedev-detach). To see more
	details of the problem:
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=773667
	This patch is to resolve the problem by introducing an inactive
	PCI device list (just like qemu_driver->activePciHostdevs), and
	the whole logic is:
	  * Add the device to inactive list during nodedev-dettach
	  * Remove the device from inactive list during nodedev-reattach
	  * Remove the device from inactive list during attach-device
	    (for non-managed device)
	  * Add the device to inactive list after detach-device, only
	    if the device is not managed
	With the above, we have a sufficient inactive PCI device list, and thus
	we can use it for pciResetDevice. e.g.(qemuPrepareHostdevPCIDevices)
	if (pciResetDevice(dev, driver->activePciHostdevs,
	                   driver->inactivePciHostdevs) < 0)
	    goto reattachdevs;

2012-01-18  Martin Kletzander  <mkletzan@redhat.com>

	Permission change for systemtap examples.
	Execute bit on *.stp files in examples/systemtap/ caused dependency when
	building RPM packages. Disabling execute permission should help the auto
	dependency resolver to see that systemtap is not needed.

2012-01-18  Deepak C Shetty  <deepakcs@linux.vnet.ibm.com>

	Add new attribute wrpolicy to <driver> element
	This introduces new attribute wrpolicy with only supported
	value as immediate. This will be an optional
	attribute with no defaults. This helps specify whether
	to skip the host page cache.
	When wrpolicy is specified, meaning when wrpolicy=immediate
	a writeback is explicitly initiated for the dirty pages in
	the host page cache as part of the guest file write operation.
	Usage:
	<filesystem type='mount' accessmode='passthrough'>
	  <driver type='path' wrpolicy='immediate'/>
	  <source dir='/export/to/guest'/>
	  <target dir='mount_tag'/>
	</filesystem>
	Currently this only works with type='mount' for the QEMU/KVM driver.

2012-01-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't break domain with 0:0:2.0 assigned to anything but VGA
	In the past we didn't reserve 0:0:2.0 PCI address if there was no video
	device assigned to a domain, which made it impossible to add a video
	device later on. So we fixed it (commit v0.9.0-37-g7b2cac1) by always
	reserving that address. However, that breaks existing domains without
	video devices that already have another device assigned to the
	problematic address.
	This patch reserves address 0:0:2.0 only in case it was not explicitly
	assigned to another device, which means libvirt will try to keep this
	address free and will not automatically assign it new devices. But
	existing domains for which older libvirt already assigned the address to
	a non-video device will keep working as they used to work before 0.9.1.
	Moreover, users who want to create a domain without a video device and
	use its address for another device may do so by explicitly configuring
	the PCI address in domain XML.

2012-01-18  Eric Blake  <eblake@redhat.com>

	tests: avoid dirname in tests
	qemuxml2argvtest sanitizes PATH to just /bin, but on at least
	Fedora 16, dirname lives in /usr/bin instead.  Regression
	introduced in commit e7201afd.
	* tests/qemuxml2argvdata/qemu.sh: Avoid forking a dirname call,
	since dirname might not be in PATH after test sanitization.
	* tests/qemuxml2argvdata/qemu-supported-cpus.sh: Likewise.
	Diagnosed by Michal Privoznik.

2012-01-18  Martin Kletzander  <mkletzan@redhat.com>

	Fixed dumpxml of <iotune> parameters
	The output of dumpxml for <iotune> settings was misformatted, this
	patch just adds missing newlines.

2012-01-18  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: fix typing error in filter
	Fix a typing error in the no-ip-spoofing filter.
	Return DHCP request packets passing through this filter. Have
	the user use another filter to actually allow DHCP requests to be
	sent (action='accept').

2012-01-18  Daniel Veillard  <veillard@redhat.com>

	Remove dmidecode dependancy outside PC arches
	The new dependancy is only available on ix86, x86_64 and ia64

2012-01-17  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add support for host CPU modes
	This adds support for host-model and host-passthrough CPU modes to qemu
	driver. The host-passthrough mode is mapped to -cpu host.

	Taint domains configured with cpu mode=host-passthrough
	There are several reasons for doing this:
	- the CPU specification is out of libvirt's control so we cannot
	  guarantee stable guest ABI
	- not every feature of a CPU may actually work as expected when
	  advertised directly to a guest
	- migration between two machines with exactly the same CPU may work but
	  no guarantees can be made
	- this mode is not supported and its use is at one's own risk

	cpu: Update guest CPU in host-* mode
	VIR_DOMAIN_XML_UPDATE_CPU flag for virDomainGetXMLDesc may be used to
	get updated custom mode guest CPU definition in case it depends on host
	CPU. This patch implements the same behavior for host-model and
	host-passthrough CPU modes.

	Add support for cpu mode attribute
	The mode can be either of "custom" (default), "host-model",
	"host-passthrough". The semantics of each mode is described in the
	following examples:
	- guest CPU is a default model with specified topology:
	    <cpu>
	      <topology sockets='1' cores='2' threads='1'/>
	    </cpu>
	- guest CPU matches selected model:
	    <cpu mode='custom' match='exact'>
	      <model>core2duo</model>
	    </cpu>
	- guest CPU should be a copy of host CPU as advertised by capabilities
	  XML (this is a short cut for manually copying host CPU specification
	  from capabilities to domain XML):
	    <cpu mode='host-model'/>
	  In case a hypervisor does not support the exact host model, libvirt
	  automatically falls back to a closest supported CPU model and
	  removes/adds features to match host. This behavior can be disabled by
	    <cpu mode='host-model'>
	      <model fallback='forbid'/>
	    </cpu>
	- the same as previous returned by virDomainGetXMLDesc with
	  VIR_DOMAIN_XML_UPDATE_CPU flag:
	    <cpu mode='host-model' match='exact'>
	      <model fallback='allow'>Penryn</model>       --+
	      <vendor>Intel</vendor>                         |
	      <topology sockets='2' cores='4' threads='1'/>  + copied from
	      <feature policy='require' name='dca'/>         | capabilities XML
	      <feature policy='require' name='xtpr'/>        |
	      ...                                          --+
	    </cpu>
	- guest CPU should be exactly the same as host CPU even in the aspects
	  libvirt doesn't model (such domain cannot be migrated unless both
	  hosts contain exactly the same CPUs):
	    <cpu mode='host-passthrough'/>
	- the same as previous returned by virDomainGetXMLDesc with
	  VIR_DOMAIN_XML_UPDATE_CPU flag:
	    <cpu mode='host-passthrough' match='minimal'>
	      <model>Penryn</model>                        --+ copied from caps
	      <vendor>Intel</vendor>                         | XML but doesn't
	      <topology sockets='2' cores='4' threads='1'/>  | describe all
	      <feature policy='require' name='dca'/>         | aspects of the
	      <feature policy='require' name='xtpr'/>        | actual guest CPU
	      ...                                          --+
	    </cpu>

	cpu: Optionally forbid fallback CPU models
	In case a hypervisor doesn't support the exact CPU model requested by a
	domain XML, we automatically fallback to a closest CPU model the
	hypervisor supports (and make sure we add/remove any additional features
	if needed). This patch adds 'fallback' attribute to model element, which
	can be used to disable this automatic fallback.

	tests: Print XML file name in verbose CPU test
	It's not totally obvious that a failure in
	    CPU guest data(x86): host/guest (models, pref="qemu64")
	test means one needs to fix
	    x86-host+guest,models,qemu64-result.xml
	where the expected XML is stored. Better to provide a nice hint in
	verbose mode for failed tests.

	Clarify semantics of virDomainMigrate{,ToURI}2
	Commit 5d784bd6d7b19314b0908aec6b46bfe377aeba42 was a nice attempt to
	clarify the semantics by requiring domain name from dxml to either match
	original name or dname. However, setting dxml domain name to dname
	doesn't really work since destination host needs to know the original
	domain name to be able to use it in migration cookies. This patch
	requires domain name in dxml to match the original domain name. The
	change should be safe and backward compatible since migration would fail
	just a bit later in the process.

2012-01-17  Osier Yang  <jyang@redhat.com>

	docs: Add missed RNG schema for interface
	We support <interface> of type "mcast", "server", and "client",
	but the RNG schema for them are missed. Attribute "address" is
	optional for "server" type. And these 3 types support
	<mac address='MAC'/>, too.

2012-01-17  Eric Blake  <eblake@redhat.com>

	build: fix bootstrap on fresh clone
	Commit 29db7a0 picked up a gnulib bug, where a change in
	bootstrap meant that it would fail to run libtoolize on
	projects, like libvirt, that used the older spelling
	AM_PROG_LIBTOOL instead of LT_INIT for the sake of building
	on RHEL 5.  Now that gnulib is fixed, we should pick up that
	fix.
	* .gnulib: Update to latest, for bootstrap fix.
	* bootstrap: Resync from gnulib.

2012-01-16  Osier Yang  <jyang@redhat.com>

	docs: Expose alias tag in domain RNG schema
	Though <alias> is ignored when defining a domain, it can cause
	failure if one validates (e.g. virt-xml-validate) the XML dumped
	from a running domain. This patch expose it in domain RNG schema
	for all the devices which support it.

	docs: Add readonly to filesystem RNG schema
	"<readonly/>" is supported by filesystem XML, and also documented.

2012-01-14  Michael Ellerman  <michael@ellerman.id.au>

	conf: Remove do-nothing validation functions
	There are three address validation routines that do nothing:
	  virDomainDeviceDriveAddressIsValid()
	  virDomainDeviceUSBAddressIsValid()
	  virDomainDeviceVirtioSerialAddressIsValid()
	Remove them, and replace their call sites with "1" which is what they
	currently return. In some cases this means we can remove an entire
	if block.

	tests: Add qemuxml2argv tests for PPC64 pseries machine
	Add four tests of the XML -> argv handling for the PPC64 pseries machine.
	The first is just a basic test of a bare bones machine.
	The three others test various aspects of the spapr-vio address handling.
	It seems that currently we can't include network devices, doing so leads
	to a segfault because the network driverState is not initialised. Working
	around that leads us to the problem that the 'default' network doesn't
	exist. So for now just leave network devices out.

	tests: Teach qemuxml2argvtest about spapr-vio addresses
	We can't call qemuCapsExtractVersionInfo() from test code, because it
	expects to be able to call the emulator, and for testing we have fake
	emulators that can't be executed. For that reason qemuxml2argvtest.c
	doesn't call qemuDomainAssignPCIAddresses(), instead it open codes its
	own version.
	That means we can't call qemuDomainAssignAddresses() from the test code,
	instead we need to manually call qemuDomainAssignSpaprVioAddresses().
	Also add logic to cope with qemuDomainAssignSpaprVioAddresses() failing,
	so that we can write a test that checks for a known failure in there.

	Make drive unit attribute optional in the XML schema
	The "unit" attribute of a drive address is optional in the code, so should
	also be in the XML schema.

2012-01-14  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: add virtio-scsi controller model
	Adding a new model for virtio-scsi roughly follows the same scheme
	as the previous patch.

	qemu: add ibmvscsi controller model
	KVM will be able to use a PCI SCSI controller even on POWER.  Let
	the user specify the vSCSI controller by other means than a default.
	After this patch, the QEMU driver will actually look at the model
	and reject anything but auto, lsilogic and ibmvscsi.

2012-01-14  Adam Litke  <agl@us.ibm.com>

	events: Return the correct number of registered events
	Commit d09f6ba5feb655925175dc80122ca2a1e14db2b9 introduced a regression in event
	registration.  virDomainEventCallbackListAddID() will only return a positive
	integer if the type of event being registered is VIR_DOMAIN_EVENT_ID_LIFECYCLE.
	For other event types, 0 is always returned on success.  This has the
	unfortunate side effect of not enabling remote event callbacks because
	remoteDomainEventRegisterAny() uses the return value from the local call to
	determine if an event callback needs to be registered on the remote end.
	Make sure virDomainEventCallbackListAddID() returns the callback count for the
	eventID being registered.

2012-01-13  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	virsh domiflist: change output
	When using "virsh domifstat" command or "virsh domiftune" command,
	we pass an interface name as a parameter, so interface name is
	important.
	"virsh domiflist" output should display interface names
	on the first row.

2012-01-13  Paolo Bonzini  <pbonzini@redhat.com>

	export virNetDevGetVirtualFunctions as a private symbol
	This avoids a linking error.

2012-01-13  Osier Yang  <jyang@redhat.com>

	virsh: Two new fields for command domblklist
	Disk "type" and "device" are generally interesting stuff the
	user may want to known, too. To not break any scripts which
	parsed the output field, a new option "--details" is introduced
	to output the two introduced fields.

	qemu: Support copy on read for disk
	The new introduced optional attribute "copy_on_read</code> controls
	whether to copy read backing file into the image file. The value can
	be either "on" or "off". Copy-on-read avoids accessing the same backing
	file sectors repeatedly and is useful when the backing file is over a
	slow network. By default copy-on-read is off.

2012-01-13  Martin Kletzander  <mkletzan@redhat.com>

	Added check for maximum number of vcpus exceeding topology limit
	Earlier, when the number of vcpus was greater than the topology allowed,
	libvirt didn't raise an error and continued, resulting in running qemu
	with parameters making no sense. Even though qemu did not report any
	error itself, the number of vcpus was set to maximum allowed by the
	topology.

2012-01-13  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	Pick up recent gnulib improvements.
	* .gnulib: Update to latest.
	* bootstrap: Resync.
	* bootstrap.conf (gnulib_tool_option_extras): Adjust to bootstrap
	changes.
	* gnulib/lib/Makefile.am: Likewise.

	uuid: fix off-by-one
	Detected by Coverity.  Although unlikely, if we are ever started
	with stdin closed, we could reach a situation where we open a
	uuid file but then fail to close it, making that file the new
	stdin for the rest of the process.
	* src/util/uuid.c (getDMISystemUUID): Allow for stdin.

	build: fix virsh reformat fallout
	Commit 69f0b446 failed to update the expected test output.
	* tests/virshtest.c (testCompareListDefault)
	(testCompareListCustom): Adjust to recent code change.

2012-01-13  Daniel P. Berrange  <berrange@redhat.com>

	Rsync keymaps.csv file with GTK-VNC

	Re-write LXC controller end-of-file I/O handling yet again
	Currently the LXC controller attempts to deal with EOF on a
	tty by spawning a thread to do an edge triggered epoll_wait().
	This avoids the normal event loop spinning on POLLHUP. There
	is a subtle mistake though - even after seeing POLLHUP on a
	master PTY, it is still perfectly possible & valid to write
	data to the PTY. There is a buffer that can be filled with
	data, even when no client is present.
	The second mistake is that the epoll_wait() thread was not
	looking for the EPOLLOUT condition, so when a new client
	connects to the LXC console, it had to explicitly send a
	character before any queued output would appear.
	Finally, there was in fact no need to spawn a new thread to
	deal with epoll_wait(). The epoll file descriptor itself
	can be poll()'d on normally.
	This patch attempts to deal with all these problems.
	 - The blocking epoll_wait() thread is replaced by a poll
	   on the epoll file descriptor which then does a non-blocking
	   epoll_wait() to handle events
	 - Even if POLLHUP is seen, we continue trying to write
	   any pending output until getting EAGAIN from write.
	 - Once write returns EAGAIN, we modify the epoll event
	   mask to also look for EPOLLOUT
	* src/lxc/lxc_controller.c: Avoid stalled I/O upon
	  connected to an LXC console

	Allow 10 chars for domain IDs & 30 chars for names in virsh list
	Domain IDs are at least 16 bits for most hypervisors, theoretically
	event 32-bits.  3 characters is clearly too small an alignment.
	Increase alignment to 5 characters to allow 16-bit domain IDs to
	display cleanly. Commonly seen with LXC where domain IDs are the
	process IDs by default.  Also increase the 'name' field from 20
	to 30 characters to cope with longer guest names which are quite
	common

2012-01-12  Michal Privoznik  <mprivozn@redhat.com>

	stream: Check for stream EOF
	If client stream does not have any data to sink and neither received
	EOF, a dummy packet is sent to the daemon signalising client is ready to
	sink some data. However, after we added event loop to client a race may
	occur:
	Thread 1 calls virNetClientStreamRecvPacket and since no data are cached
	nor stream has EOF, it decides to send dummy packet to server which will
	sent some data in turn. However, during this decision and actual message
	exchange with server -
	Thread 2 receives last stream data from server. Therefore an EOF is set
	on stream and if there is a call waiting (which is not yet) it is woken
	up. However, Thread 1 haven't sent anything so far, so there is no call
	to be woken up. So this thread sent dummy packet to daemon, which
	ignores that as no stream is associated with such packet and therefore
	no reply will ever come.
	This race causes client to hang indefinitely.

2012-01-12  Osier Yang  <jyang@redhat.com>

	virsh: New command print summary of all virtual interfaces
	Just like command "domblklist", the command extracts "type",
	"source", "target", "model", and "MAC" of all virtual interfaces
	from domain XML (live or persistent).

2012-01-12  Deepak C Shetty  <deepakcs@linux.vnet.ibm.com>

	Do not generate security_model when fs driver is anything but 'path'
	QEMU does not support security_model for anything but 'path' fs driver type.
	Currently in libvirt, when security_model ( accessmode attribute) is not
	specified it auto-generates it irrespective of the fs driver type, which
	can result in a qemu error for drivers other than path. This patch ensures
	that the qemu cmdline is correctly generated by taking into account the
	fs driver type.

2012-01-12  Shradha Shah  <sshah@solarflare.com>

	Added new option to virsh net-dumpxml called --inactive
	The above option helps to differentiate between implicit and explicit
	interface pools.

	Functionality to implicitly get interface pool from SR-IOV PF.
	If a system has 64 or more VF's, it is quite tedious to mention each VF
	in the interface pool.
	The following modification will implicitly create an interface pool from
	the SR-IOV PF.

	Adding the element pf to network xml.
	This element will help the user to just specify the SR-IOV physical
	function in order to access all the Virtual functions attached to it.

	Added Function virNetDevGetVirtualFunctions
	This functions enables us to get the Virtual Functions attached to
	a Physical function given the name of a SR-IOV physical functio.
	In order to accomplish the task, added a getter function pciGetDeviceAddrString
	to get the BDF of the Virtual Function in a char array.

	Added function pciSysfsFile to enable access to the PCI SYSFS files.

2012-01-11  Daniel P. Berrange  <berrange@redhat.com>

	Disable netcf if building without libvirtd
	Although the netcf interface driver can in theory be used by
	the stateless drivers, in practice none of them want to use
	it because they have different ways of dealing with interfaces.
	Furthermore, if you have mingw32-netcf installed, then the
	libvirt mingw32 build will fail with
	  ../../src/interface/netcf_driver.c:644:5: error: unknown field 'close_used_without_including_unistd_h' specified in initializer
	 * configure.ac: disable netcf if built without libvirtd

2012-01-11  Eric Blake  <eblake@redhat.com>

	build: fix build on mingw with netcf available
	The autobuilder pointed out an odd failure on mingw:
	../../src/interface/netcf_driver.c:644:5: error: unknown field 'close_used_without_including_unistd_h' specified in initializer
	cc1: warnings being treated as errors
	This is because the gnulib headers #define close to different strings,
	according to which headers are included, in order to work around some
	odd mingw problems with close(), and these defines happen to also
	affect field members declared with a name of struct foo.close. As long
	as all headers are included before both the definition and use of the
	struct, the various #define doesn't matter, but the netcf file hit
	an instance where things were included in a different order.  Fix this
	for all clients that use a struct member named 'close'.
	* src/driver.h: Include <unistd.h> before using 'close'.

	build: avoid spurious compiler warning
	For some weird reason, i686-pc-mingw32-gcc version 4.6.1 at -O2 complained:
	../../src/conf/nwfilter_params.c: In function 'virNWFilterVarCombIterCreate':
	../../src/conf/nwfilter_params.c:346:23: error: 'minValue' may be used uninitialized in this function [-Werror=uninitialized]
	../../src/conf/nwfilter_params.c:319:28: note: 'minValue' was declared here
	../../src/conf/nwfilter_params.c:344:23: error: 'maxValue' may be used uninitialized in this function [-Werror=uninitialized]
	../../src/conf/nwfilter_params.c:319:18: note: 'maxValue' was declared here
	cc1: all warnings being treated as errors
	even though all paths of the preceding switch statement either
	assign the variables or return.
	* src/conf/nwfilter_params.c (virNWFilterVarCombIterAddVariable):
	Initialize variables.

2012-01-11  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add documentation new ways to access members of variables
	This patch adds documentation about the new 'ways' that users can
	access the contents of variables in filters:
	- access via index: $TEST[2]
	- access via iterators $TEST[@1]

	Add test cases for new ways to access variables in filters
	This patch adds a couple of XML parser / schema validator test cases
	for the new 'ways' to access variables via index or iterator.

	Address side effects of accessing vars via index
	Address side effect of accessing a variable via an index: Filters
	accessing a variable where an element is accessed that is beyond the
	size of the list (for example $TEST[10] and only 2 elements are available)
	cannot instantiate that filter. Test for this and report proper error
	to user.

	Add access to elements of variables via index
	This patch adds access to single elements of variables via index. Example:
	  <rule action='accept' direction='in' priority='500'>
	    <tcp srcipaddr='$ADDR[1]' srcportstart='$B[2]'/>
	  </rule>

	Introduce possibility to have an iterator per variable
	This patch introduces the capability to use a different iterator per
	variable.
	The currently supported notation of variables in a filtering rule like
	  <rule action='accept' direction='out'>
	     <tcp  srcipaddr='$A' srcportstart='$B'/>
	  </rule>
	processes the two lists 'A' and 'B' in parallel. This means that A and B
	must have the same number of 'N' elements and that 'N' rules will be
	instantiated (assuming all tuples from A and B are unique).
	In this patch we now introduce the assignment of variables to different
	iterators. Therefore a rule like
	  <rule action='accept' direction='out'>
	     <tcp  srcipaddr='$A[@1]' srcportstart='$B[@2]'/>
	  </rule>
	will now create every combination of elements in A with elements in B since
	A has been assigned to an iterator with Id '1' and B has been assigned to an
	iterator with Id '2', thus processing their value independently.
	The first rule has an equivalent notation of
	  <rule action='accept' direction='out'>
	     <tcp  srcipaddr='$A[@0]' srcportstart='$B[@0]'/>
	  </rule>

	Optimize the elements the iterator visits.
	In this patch we introduce testing whether the iterator points to a
	unique set of entries that have not been seen before at one of the previous
	iterations. The point is to eliminate duplicates and with that unnecessary
	filtering rules by preventing identical filtering rules from being
	instantiated.
	Example with two lists:
	list1 = [1,2,1]
	list2 = [1,3,1]
	The 1st iteration would take the 1st items of each list -> 1,1
	The 2nd iteration would take the 2nd items of each list -> 2,3
	The 3rd iteration would take the 3rd items of each list -> 1,1 but
	skip them since this same pair has already been encountered in the 1st
	iteration
	Implementation-wise this is solved by taking the n-th element of list1 and
	comparing it against elements 1..n-1. If no equivalent is found, then there
	is no possibility of this being a duplicate. In case an equivalent element
	is found at position i, then the n-th element in the 2nd list is compared
	against the i-th element in the 2nd list and if that is not the same, then
	this is a unique pair, otherwise it is not unique and we may need to do
	the same comparison on the 3rd list.

2012-01-11  Jiri Denemark  <jdenemar@redhat.com>

	apparmor: Mark pid parameter as unused

2012-01-11  Alex Jia  <ajia@redhat.com>

	virsh: improve doMigrate function docs
	When running virsh migrate with --xml option and actual xml file doesn't
	exist, virsh hasn't output any error information, although return value
	is 1.
	* tools/virsh.c: Raising a appropriate error information when operation fails.
	* How to reproduce?
	% virsh migrate <domain> --live qemu+ssh://<target host>/system --xml non-existent.xml
	% echo $?
	* Fixed result:
	error: file 'non-existent.xml' doesn't exist

2012-01-11  Daniel P. Berrange  <berrange@redhat.com>

	Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr
	When sVirt is integrated with the LXC driver, it will be neccessary
	to invoke the security driver APIs using only a virDomainDefPtr
	since the lxc_container.c code has no virDomainObjPtr available.
	Aside from two functions which want obj->pid, every bit of the
	security driver code only touches obj->def. So we don't need to
	pass a virDomainObjPtr into the security drivers, a virDomainDefPtr
	is sufficient. Two functions also gain a 'pid_t pid' argument.
	* src/qemu/qemu_driver.c, src/qemu/qemu_hotplug.c,
	  src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
	  src/security/security_apparmor.c,
	  src/security/security_dac.c,
	  src/security/security_driver.h,
	  src/security/security_manager.c,
	  src/security/security_manager.h,
	  src/security/security_nop.c,
	  src/security/security_selinux.c,
	  src/security/security_stack.c: Change all security APIs to use a
	  virDomainDefPtr instead of virDomainObjPtr

2012-01-11  Eric Blake  <eblake@redhat.com>

	snapshot: allow reuse of existing files in disk snapshot
	When disk snapshots were first implemented, libvirt blindly refused
	to allow an external snapshot destination that already exists, since
	qemu will blindly overwrite the contents of that file during the
	snapshot_blkdev monitor command, and we don't like a default of
	data loss by default.  But VDSM has a scenario where NFS permissions
	are intentionally set so that the destination file can only be
	created by the management machine, and not the machine where the
	guest is running, so that libvirt will necessarily see the destination
	file already existing; adding a flag will allow VDSM to force the file
	reuse without libvirt complaining of possible data loss.
	https://bugzilla.redhat.com/show_bug.cgi?id=767104
	* include/libvirt/libvirt.h.in (virDomainSnapshotCreateFlags): Add
	VIR_DOMAIN_SNAPSHOT_CREATE_REUSE_EXT.
	* src/libvirt.c (virDomainSnapshotCreateXML): Document it.  Add
	note about partial failure.
	* tools/virsh.c (cmdSnapshotCreate, cmdSnapshotCreateAs): Add new
	flag.
	* tools/virsh.pod (snapshot-create, snapshot-create-as): Document
	it.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare)
	(qemuDomainSnapshotCreateXML): Implement the new flag.

	docs: standardize description of flags
	We had loads of different styles in describing the @flags parameter
	for various APIs, as well as several APIs that didn't list which
	enums provided the bit values valid for the flags.
	The end result is one of two formats:
	@flags: bitwise-OR of vir...Flags
	@flags: extra flags; not used yet, so callers should always pass 0
	* src/libvirt.c: Use common sentences for flags.  Also,
	(virDomainGetBlockIoTune): Mention virTypedParameterFlags.
	(virConnectOpenAuth): Mention virConnectFlags.
	(virDomainMigrate, virDomainMigrate2, virDomainMigrateToURI)
	(virDomainMigrateToURI2): Mention virDomainMigrateFlags.
	(virDomainMemoryPeek): Mention virDomainMemoryFlags.
	(virStoragePoolBuild): Mention virStoragePoolBuildFlags.
	(virStoragePoolDelete): Mention virStoragePoolDeleteFlags.
	(virStreamNew): Mention virStreamFlags.
	(virDomainOpenGraphics): Mention virDomainOpenGraphicsFlags.

2012-01-11  Laine Stump  <laine@laine.org>

	qemu: check for kvm availability before starting kvm guests
	This *kind of* addresses:
	  https://bugzilla.redhat.com/show_bug.cgi?id=772395
	(it doesn't eliminate the failure to start, but causes libvirt to give
	a better idea about the cause of the failure).
	If a guest uses a kvm emulator (e.g. /usr/bin/qemu-kvm) and the guest
	is started when kvm isn't available (either because virtualization is
	unavailable / has been disabled in the BIOS, or the kvm modules
	haven't been loaded for some reason), a semi-cryptic error message is
	logged:
	  libvirtError: internal error Child process (LC_ALL=C
	  PATH=/sbin:/usr/sbin:/bin:/usr/bin /usr/bin/qemu-kvm -device ? -device
	  pci-assign,? -device virtio-blk-pci,? -device virtio-net-pci,?) status
	  unexpected: exit status 1
	This patch notices at process start that a guest needs kvm, and checks
	for the presence of /dev/kvm (a reasonable indicator that kvm is
	available) before trying to execute the qemu binary. If kvm isn't
	available, a more useful (too verbose??) error is logged.

2012-01-10  Alex Jia  <ajia@redhat.com>

	qemu: fix a typo on qemuDomainSetBlkioParameters
	It should be a copy-paste error, the result is programming will result in an
	infinite loop again due to without iterating 'j' variable.
	* src/qemu/qemu_driver.c: fix a typo on qemuDomainSetBlkioParameters.
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=770520

2012-01-10  Michal Privoznik  <mprivozn@redhat.com>

	Docs: Document Android application using libvirt
	This is actually a patch for VM Manager for Android.
	https://www.redhat.com/archives/libvirt-users/2011-November/msg00076.html

2012-01-10  Jim Fehlig  <jfehlig@suse.com>

	PolicyKit: Check auth before asking client to obtain it
	I previously mentioned [1] a PolicyKit issue where libvirt would
	proceed with authentication even though polkit-auth failed:
	testusr xen134:~> virsh list --all
	Attempting to obtain authorization for org.libvirt.unix.manage.
	polkit-grant-helper: given auth type (8 -> yes) is bogus
	Failed to obtain authorization for org.libvirt.unix.manage.
	 Id Name                 State
	----------------------------------
	  0 Domain-0             running
	  - sles11sp1-pv         shut off
	AFAICT, libvirt attempts to obtain a privilege it already has,
	causing polkit-auth to fail with above message.  Instead of calling
	obtain and then checking auth, IMO the workflow should be for the
	server to check auth first, and if that fails ask the client to
	obtain it and check again.  This workflow also allows for checking
	only successful exit of polkit-auth in virConnectAuthGainPolkit().
	[1] https://www.redhat.com/archives/libvir-list/2011-December/msg00837.html

2012-01-09  Laine Stump  <laine@laine.org>

	qemu: add new disk device='lun' for bus='virtio' & type='block'
	In the past, generic SCSI commands issued from a guest to a virtio
	disk were always passed through to the underlying disk by qemu, and
	the kernel would also pass them on.
	As a result of CVE-2011-4127 (see:
	http://seclists.org/oss-sec/2011/q4/536), qemu now honors its
	scsi=on|off device option for virtio-blk-pci (which enables/disables
	passthrough of generic SCSI commands), and the kernel will only allow
	the commands for physical devices (not for partitions or logical
	volumes). The default behavior of qemu is still to allow sending
	generic SCSI commands to physical disks that are presented to a guest
	as virtio-blk-pci devices, but libvirt prefers to disable those
	commands in the standard virtio block devices, enabling it only when
	specifically requested (hopefully indicating that the requester
	understands what they're asking for). For this purpose, a new libvirt
	disk device type (device='lun') has been created.
	device='lun' is identical to the default device='disk', except that:
	1) It is only allowed if bus='virtio', type='block', and the qemu
	   version is "new enough" to support it ("new enough" == qemu 0.11 or
	   better), otherwise the domain will fail to start and a
	   CONFIG_UNSUPPORTED error will be logged).
	2) The option "scsi=on" will be added to the -device arg to allow
	   SG_IO commands (if device !='lun', "scsi=off" will be added to the
	   -device arg so that SG_IO commands are specifically forbidden).
	Guests which continue to use disk device='disk' (the default) will no
	longer be able to use SG_IO commands on the disk; those that have
	their disk device changed to device='lun' will still be able to use SG_IO
	commands.
	*docs/formatdomain.html.in - document the new device attribute value.
	*docs/schemas/domaincommon.rng - allow it in the RNG
	*tests/* - update the args of several existing tests to add scsi=off, and
	 add one new test that will test scsi=on.
	*src/conf/domain_conf.c - update domain XML parser and formatter
	*src/qemu/qemu_(command|driver|hotplug).c - treat
	 VIR_DOMAIN_DISK_DEVICE_LUN *almost* identically to
	 VIR_DOMAIN_DISK_DEVICE_DISK, except as indicated above.
	Note that no support for this new device value was added to any
	hypervisor drivers other than qemu, because it's unclear what it might
	mean (if anything) to those drivers.

	qemu: add capabilities flags related to SG_IO
	This patch adds two capabilities flags to deal with various aspects
	of supporting SG_IO commands on virtio-blk-pci devices:
	  QEMU_CAPS_VIRTIO_BLK_SCSI
	    set if -device virtio-blk-pci accepts the scsi="on|off" option
	    When present, this is on by default, but can be set to off to disable
	    SG_IO functions.
	  QEMU_CAPS_VIRTIO_BLK_SG_IO
	    set if SG_IO commands are supported in the virtio-blk-pci driver
	    (present since qemu 0.11 according to a qemu developer, if I
	     understood correctly)

2012-01-08  Laine Stump  <laine@laine.org>

	config: report error when script given for inappropriate interface type
	This fixes https://bugzilla.redhat.com/show_bug.cgi?id=638633
	Although scripts are not used by interfaces of type other than
	"ethernet" in qemu, due to the fact that the parser stores the script
	name in a union that is only valid when type is ethernet or bridge,
	there is no way for anyone except the parser itself to catch the
	problem of specifying an interface script for an inappropriate
	interface type (by the time the parsed data gets back to the code that
	called the parser, all evidence that a script was specified is
	forgotten).
	Since the parser itself should be agnostic to which type of interface
	allows scripts (an example of why: a script specified for an interface
	of type bridge is valid for xen domains, but not for qemu domains),
	the solution here is to move the script out of the union(s) in the
	DomainNetDef, always populate it when specified (regardless of
	interface type), and let the driver decide whether or not it is
	appropriate.
	Currently the qemu, xen, libxml, and uml drivers recognize the script
	parameter and do something with it (the uml driver only to report that
	it isn't supported). Those drivers have been updated to log a
	CONFIG_UNSUPPORTED error when a script is specified for an interface
	type that's inappropriate for that particular hypervisor.
	(NB: There was earlier discussion of solving this problem by adding a
	VALIDATE flag to all libvirt APIs that accept XML, which would cause
	the XML to be validated against the RNG files. One statement during
	that discussion was that the RNG shouldn't contain hypervisor-specific
	things, though, and a proper solution to this problem would require
	that (again, because a script for an interface of type "bridge" is
	accepted by xen, but not by qemu).

2012-01-07  Eric Blake  <eblake@redhat.com>

	qemu: one more client to live/config helper
	Commit ae523427 missed one pair of functions that could use
	the helper routine.
	* src/qemu/qemu_driver.c (qemuSetSchedulerParametersFlags)
	(qemuGetSchedulerParametersFlags): Simplify.

2012-01-07  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.9
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: updated localizations from transifex and regenerated

2012-01-07  Eric Blake  <eblake@redhat.com>

	tests: work around pdwtags 1.9 failure
	On rawhide, gcc is new enough to output new DWARF information that
	pdwtags has not yet learned, but the resulting 'make check' output
	was rather confusing:
	$ make -C src check
	...
	  GEN    virkeepaliveprotocol-structs
	die__process_function: DW_TAG_INVALID (0x4109) @ <0x58c> not handled!
	WARNING: your pdwtags program is too old
	WARNING: skipping the virkeepaliveprotocol-structs test
	WARNING: install dwarves-1.3 or newer
	...
	$ pdwtags --version
	v1.9
	I've filed the pdwtags deficiency as
	https://bugzilla.redhat.com/show_bug.cgi?id=772358
	* src/Makefile.am (PDWTAGS): Don't leave -t file behind on version
	mismatch.  Soften warning message, since 1.9 is newer than 1.3.
	Don't leak stderr from broken version.

	build: fix mingw virCommand build
	Commit db371a2 mistakenly added new functions inside a #ifndef WIN32
	guard, even though they are needed on all platforms.
	* src/util/command.c (virCommandFDSet): Move outside WIN32
	conditional.

	tests: avoid test failure on rawhide gnutls
	I hit a VERY weird testsuite failure on rawhide, which included
	_binary_ output to stderr, followed by a hang waiting for me
	to type something! (Here, using ^@ for NUL):
	$ ./commandtest
	TEST: commandtest
	      WARNING: gnome-keyring:: couldn't send data: Bad file descriptor
	.WARNING: gnome-keyring:: couldn't send data: Bad file descriptor
	.WARNING: gnome-keyring:: couldn't send data: Bad file descriptor
	WARNING: gnome-keyring:: couldn't send data: Bad file descriptor
	.8^@^@^@8^@^@^@^A^@^@^@^Bay^A^@^@^@)PRIVATE-GNOME-KEYRING-PKCS11-PROTOCOL-V-1
	I finally traced it to the fact that gnome-keyring, called via
	gnutls_global_init which is turn called by virNetTLSInit, opens
	an internal fd that it expects to communicate to via a
	pthread_atfork handler (never mind that it violates POSIX by
	using non-async-signal-safe functions in that handler:
	https://bugzilla.redhat.com/show_bug.cgi?id=772320).
	Our problem stems from the fact that we pulled the rug out from
	under the library's expectations by closing an fd that it had
	just opened.  While we aren't responsible for fixing the bugs
	in that pthread_atfork handler, we can at least avoid the bugs
	by not closing the fd in the first place.
	* tests/commandtest.c (mymain): Avoid closing fds that were opened
	by virInitialize.

2012-01-06  Alex Jia  <ajia@redhat.com>

	qemu: Avoid memory leaks on qemuParseRBDString
	Detected by valgrind. Leak introduced in commit 5745dc1.
	* src/qemu/qemu_command.c: fix memory leak on failure and successful path.
	* How to reproduce?
	% valgrind -v --leak-check=full ./qemuargv2xmltest
	* Actual result:
	==2196== 80 bytes in 1 blocks are definitely lost in loss record 3 of 4
	==2196==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==2196==    by 0x39CF07F6E1: strdup (in /lib64/libc-2.12.so)
	==2196==    by 0x419823: qemuParseRBDString (qemu_command.c:1657)
	==2196==    by 0x4221ED: qemuParseCommandLine (qemu_command.c:5934)
	==2196==    by 0x422AFB: qemuParseCommandLineString (qemu_command.c:7561)
	==2196==    by 0x416864: testCompareXMLToArgvHelper (qemuargv2xmltest.c:48)
	==2196==    by 0x417DB1: virtTestRun (testutils.c:141)
	==2196==    by 0x415CAF: mymain (qemuargv2xmltest.c:175)
	==2196==    by 0x4174A7: virtTestMain (testutils.c:696)
	==2196==    by 0x39CF01ECDC: (below main) (in /lib64/libc-2.12.so)
	==2196==
	==2196== LEAK SUMMARY:
	==2196==    definitely lost: 80 bytes in 1 blocks

2012-01-06  Eric Blake  <eblake@redhat.com>

	build: drop check for ANSI compiler
	Using automake.git (will become 1.12 someday), I got this error:
	configure.ac:90: error: automatic de-ANSI-fication support has been removed
	/usr/local/share/aclocal-1.11a/protos.m4:13: AM_C_PROTOTYPES is expanded from...
	configure.ac:90: the top level
	autom4te: /usr/bin/m4 failed with exit status: 1
	In short, pre-C89 compilers are no longer a viable portability
	target.  Besides, our code base already requires C99, so worrying
	about pre-C89 seems pointless.
	* configure.ac (AM_C_PROTOTYPES): Drop, since newer automake no
	longer provides it.

2012-01-06  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: fix a bug in numatune
	When setting numa nodeset for a domain which has no nodeset set
	before, libvirtd crashes by dereferencing the pointer to the old
	nodemask which is null in that case.

2012-01-06  Eric Blake  <eblake@redhat.com>

	qemu: fix use-after-free regression
	Commit baade4d fixed a memory leak on failure, but in the process,
	introduced a use-after-free on success, which can be triggered with:
	1. set bandwidth with --live
	2. query bandwidth
	3. set bandwidth with --live
	* src/qemu/qemu_driver.c (qemuDomainSetInterfaceParameters): Don't
	free newBandwidth on success.
	Reported by Hu Tao.

2012-01-05  Eric Blake  <eblake@redhat.com>

	seclabel: fix regression in libvirtd restart
	Commit b434329 has a logic bug: seclabel overrides don't set
	def->type, but the default value is 0 (aka static).  Restarting
	libvirtd would thus reject the XML for any domain with an
	override of <seclabel relabel='no'/> (which happens quite
	easily if a disk image lives on NFS), with a message:
	2012-01-04 22:29:40.949+0000: 6769: error : virSecurityLabelDefParseXMLHelper:2593 : XML error: security label is missing
	Fix the logic to never read from an override's def->type, and
	to allow a missing <label> subelement when relabel is no.  There's
	a lot of stupid double-negatives in the code (!norelabel) because
	of the way that we want the zero-initialized defaults to behave.
	* src/conf/domain_conf.c (virSecurityLabelDefParseXMLHelper): Use
	type field from correct location.

2012-01-05  Michal Privoznik  <mprivozn@redhat.com>

	command: Discard FD_SETSIZE limit for opened files
	Currently, virCommand implementation uses FD_ macros from
	sys/select.h. However, those cannot handle more opened files
	than FD_SETSIZE. Therefore switch to generalized implementation
	based on array of integers.

2012-01-05  Jim Fehlig  <jfehlig@suse.com>

	Support Xen domctl v8
	xen-unstable c/s 23874:651aed73b39c added another member to
	xen_domctl_getdomaininfo struct and bumped domctl version to 8.
	Add a corresponding domctl v8 struct in xen hypervisor sub-driver
	and detect domctl v8 during initialization.

	Fix xenstore serial console path for HVM guests
	The console path in xenstore is /local/domain/<id>/console/tty
	for PV guests (PV console) and /local/domain/<id>/serial/0/tty
	(serial console) for HVM guests.  Similar to Xen's in-tree console
	client, read the correct path for PV vs HVM.

2012-01-04  Jiri Denemark  <jdenemar@redhat.com>

	schemas: Allow '.' in CPU feature name
	We already support CPU features with '.' in their name (e.g., sse4.1) so
	we should not forbid that in the schema.

2012-01-04  Michal Privoznik  <mprivozn@redhat.com>

	virCommand: Properly handle POLLHUP
	It is a good practise to set revents to zero before doing any poll().
	Moreover, we should check if event we waited for really occurred or
	if any of fds we were polling on didn't encountered hangup.

2012-01-04  Yuri Chornoivan  <yurchor@ukr.net>

	Fix typos in messages.
	https://bugzilla.redhat.com/show_bug.cgi?id=770954

2012-01-04  Jiri Denemark  <jdenemar@redhat.com>

	virCPUDefCopy forgot to copy NUMA topology
	As a result of it, guest NUMA topology would be lost during migration.

2012-01-03  Eric Blake  <eblake@redhat.com>

	qemu: fix block stat naming
	Typo has existed since API introduction in commit ee0d8c3.
	* src/qemu/qemu_driver.c (qemuDomainBlockStatsFlags): Use correct
	name.

	domiftune: clean up previous patches
	Most severe here is a latent (but currently untriggered) memory leak
	if any hypervisor ever adds a string interface property; the
	remainder are mainly cosmetic.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_BANDWIDTH_*): Move
	macros closer to interface that uses them, and document type.
	* src/libvirt.c (virDomainSetInterfaceParameters)
	(virDomainGetInterfaceParameters): Formatting tweaks.
	* daemon/remote.c (remoteDispatchDomainGetInterfaceParameters):
	Avoid memory leak.
	* src/libvirt_public.syms (LIBVIRT_0.9.9): Sort lines.
	* src/libvirt_private.syms (domain_conf.h): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSetInterfaceParameters): Fix
	comments, break long lines.

2012-01-03  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix checking for reconnect conditions
	virshReportError() function frees the most recent error reported from
	libvirt. Condition that checks if connection to the daemon was broken
	during last command was then limited to check for SIGPIPE signal not
	taking into account possible errors signalized without SIGPIPE.
	This patch moves the check before the error is freed, to take into
	account code that does not emit SIGPIPE while failing.
	* tools/virsh.c: - move check for broken connection before error print.

	network_conf: Fix whitespace to pass syntax-check

2012-01-02  Michal Novotny  <minovotn@redhat.com>

	Implement DNS SRV record into the bridge driver
	Hi,
	this is the fifth version of my SRV record for DNSMasq patch rebased
	for the current codebase to the bridge driver and libvirt XML file to
	include support for the SRV records in the DNS. The syntax is based on
	DNSMasq man page and tests for both xml2xml and xml2argv were added as
	well. There are some things written a better way in comparison with
	version 4, mainly there's no hack in tests/networkxml2argvtest.c and
	also the xPath context is changed to use a simpler query using the
	virXPathInt() function relative to the current node.
	Also, the patch is also fixing the networkxml2argv test to pass both
	checks, i.e. both unit tests and also syntax check.
	Please review,
	Michal

2012-01-01  Alex Jia  <ajia@redhat.com>

	qemu: Fix bandwidth memory leak on failure
	Detected by Coverity. Leaks introduced in commit e8d6b29.

2012-01-01  Eric Blake  <eblake@redhat.com>

	qemu: fix blkio memory leak on failure
	Leak detected by Coverity, and introduced in commit 93ab585.
	Reported by Alex Jia.
	* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Free
	devices array on error.

2011-12-31  Eric Blake  <eblake@redhat.com>

	docs: re-fix stray /
	Commit 6cb4acc reintroduced the bug fixed in commit d145fe3.
	* docs/formatdomain.html.in (elementsDisks): Fix again.

2011-12-30  Daniel Veillard  <veillard@redhat.com>

	Fix build on s390(x) and other stange arches
	The blocks to extract node information on a per-arch
	basis wasn't well balanced leading to a compilation
	failure if not on one of the handled arches (PCs and PPCs)

2011-12-30  Eric Blake  <eblake@redhat.com>

	seclabel: honor device override in selinux
	This wires up the XML changes in the previous patch to let SELinux
	labeling honor user overrides, as well as affecting the live XML
	configuration in one case where the user didn't specify anything
	in the offline XML.
	I noticed that the logs contained messages like this:
	2011-12-05 23:32:40.382+0000: 26569: warning : SELinuxRestoreSecurityFileLabel:533 : cannot lookup default selinux label for /nfs/libvirt/images/dom.img
	for all my domain images living on NFS.  But if we would just remember
	that on domain creation that we were unable to set a SELinux label (due to
	NFSv3 lacking labels, or NFSv4 not being configured to expose attributes),
	then we could avoid wasting the time trying to clear the label on
	domain shutdown.  This in turn is one less point of NFS failure,
	especially since there have been documented cases of virDomainDestroy
	hanging during an attempted operation on a failed NFS connection.
	* src/security/security_selinux.c (SELinuxSetFilecon): Move guts...
	(SELinuxSetFileconHelper): ...to new function.
	(SELinuxSetFileconOptional): New function.
	(SELinuxSetSecurityFileLabel): Honor override label, and remember
	if labeling failed.
	(SELinuxRestoreSecurityImageLabelInt): Skip relabeling based on
	override.

	seclabel: allow a seclabel override on a disk src
	Implement the parsing and formatting of the XML addition of
	the previous commit.  The new XML doesn't affect qemu command
	line, so we can now test round-trip XML->memory->XML handling.
	I chose to reuse the existing structure, even though per-device
	override doesn't use all of those fields, rather than create a
	new structure, in order to reuse more code.
	* src/conf/domain_conf.h (_virDomainDiskDef): Add seclabel member.
	* src/conf/domain_conf.c (virDomainDiskDefFree): Free it.
	(virSecurityLabelDefFree): New function.
	(virDomainDiskDefFormat): Print it.
	(virSecurityLabelDefFormat): Reduce output if model not present.
	(virDomainDiskDefParseXML): Alter signature, and parse seclabel.
	(virSecurityLabelDefParseXML): Split...
	(virSecurityLabelDefParseXMLHelper): ...into new helper.
	(virDomainDeviceDefParse, virDomainDefParseXML): Update callers.
	* tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-override.args:
	New file.
	* tests/qemuxml2xmltest.c (mymain): Enhance test.
	* tests/qemuxml2argvtest.c (mymain): Likewise.

	seclabel: extend XML to allow per-disk label overrides
	When doing security relabeling, there are cases where a per-file
	override might be appropriate.  For example, with a static label
	and relabeling, it might be appropriate to skip relabeling on a
	particular disk, where the backing file lives on NFS that lacks
	the ability to track labeling.  Or with dynamic labeling, it might
	be appropriate to use a custom (non-dynamic) label for a disk
	specifically intended to be shared across domains.
	The new XML resembles the top-level <seclabel>, but with fewer
	options (basically relabel='no', or <label>text</label>):
	<domain ...>
	  ...
	  <devices>
	    <disk type='file' device='disk'>
	      <source file='/path/to/image1'>
	        <seclabel relabel='no'/> <!-- override for just this disk -->
	      </source>
	      ...
	    </disk>
	    <disk type='file' device='disk'>
	      <source file='/path/to/image1'>
	        <seclabel relabel='yes'> <!-- override for just this disk -->
	          <label>system_u:object_r:shared_content_t:s0</label>
	        </seclabel>
	      </source>
	      ...
	    </disk>
	    ...
	  </devices>
	  <seclabel type='dynamic' model='selinux'>
	    <baselabel>text</baselabel> <!-- used for all devices without override -->
	  </seclabel>
	</domain>
	This patch only introduces the XML and documentation; future patches
	will actually parse and make use of it.  The intent is that we can
	further extend things as needed, adding a per-device <seclabel> in
	more places (such as the source of a console device), and possibly
	allowing a <baselabel> instead of <label> for labeling where we want
	to reuse the cNNN,cNNN pair of a dynamically labeled domain but a
	different base label.
	First suggested by Daniel P. Berrange here:
	https://www.redhat.com/archives/libvir-list/2011-December/msg00258.html
	* docs/schemas/domaincommon.rng (devSeclabel): New define.
	(disk): Use it.
	* docs/formatdomain.html.in (elementsDisks, seclabel): Document
	the new XML.
	* tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-override.xml:
	New test, to validate RNG.

	seclabel: move seclabel stuff earlier
	Pure code motion; no semantic change.
	* src/conf/domain_conf.h (virDomainSeclabelType)
	(virSecurityLabelDefPtr): Declare earlier.
	* src/conf/domain_conf.c (virSecurityLabelDefClear)
	(virSecurityLabelDefParseXML): Move earlier.
	(virDomainDefParseXML): Move seclabel parsing earlier.

	seclabel: refactor existing domain_conf usage
	A future patch will parse and output <seclabel> in more than one
	location in a <domain> xml; make it easier to reuse code.
	* src/conf/domain_conf.c (virSecurityLabelDefFree): Rename...
	(virSecurityLabelDefClear): ...and make static.
	(virSecurityLabelDefParseXML): Alter signature.
	(virDomainDefParseXML, virDomainDefFree): Adjust callers.
	(virDomainDefFormatInternal): Split output...
	(virSecurityLabelDefFormat): ...into new helper.

	schema: rewrite seclabel rng to match code
	The RNG for <seclabel> was too strict - if it was present, then it
	had to have sub-elements, even if those didn't make sense for the
	given attributes.  Also, we didn't have any tests of <seclabel>
	parsing or XML output.
	In this patch, I added more parsing tests than output tests (since
	the output populates and/or reorders fields not present in certain
	inputs).  Making the RNG reliable is a precursor to using <seclabel>
	variants in more places in the XML in later patches.
	See also:
	http://berrange.com/posts/2011/09/29/two-small-improvements-to-svirt-guest-configuration-flexibility-with-kvmlibvirt/
	* docs/schemas/domaincommon.rng (seclabel): Tighten rules.
	* tests/qemuxml2argvtest.c (mymain): New tests.
	* tests/qemuxml2xmltest.c (mymain): Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-seclabel-*.*: New files.

2011-12-29  Daniel Veillard  <veillard@redhat.com>

	Require avahi as an rpm dependancy
	As seen in https://bugzilla.redhat.com/show_bug.cgi?id=746111
	If compiled with the daemon and avahi support, then it's better
	to require avahi at the rpm level to avoid daemon startup errors.

2011-12-29  Hu Tao  <hutao@cn.fujitsu.com>

	domiftune: Enable the virDomain{S,G}etInterfaceParameters in virsh
	Add a new command domiftune to get/set interface parameters.
	* tools/virsh.c: implement the new command
	* tools/virsh.pod: documentation of the new command

	domiftune: Add virDomain{S,G}etInterfaceParameters support to qemu driver
	* src/qemu/qemu_driver.c: implement the qemu driver support

	domiftune: Add a util function virDomainNetFind
	Add a util function virDomainNetFind to find a domain's net def.

	domiftune: Add support of new APIs to the remote driver
	* daemon/remote.c: implement the server side support
	* src/remote/remote_driver.c: implement the client side support
	* src/remote/remote_protocol.x: definitions for the new entry points
	* src/remote_protocol-structs: structure definitions

	domiftune: virDomain{S,G}etInterfaceParameters: the main entry points
	* src/libvirt.c: implement the main entry points

	domiftune: Add API virDomain{S,G}etInterfaceParameters
	The APIs are used to set/get domain's network interface's parameters.
	Currently supported parameters are bandwidth settings.
	* include/libvirt/libvirt.h.in: new API and parameters definition
	* python/generator.py: skip the Python API generation
	* src/driver.h: add new entry to the driver structure
	* src/libvirt_public.syms: export symbols

2011-12-29  Daniel Veillard  <veillard@redhat.com>

	remove a static limit on max domains in python bindings
	* python/libvirt-override.c: remove the predefined array in the
	  virConnectListDomainsID binding and call virConnectNumOfDomains
	  to do a proper allocation

2011-12-29  Alex Jia  <ajia@redhat.com>

	python: Fix problems of virDomain{Set, Get}BlockIoTune bindings
	The parameter 'params' is useless for virDomainGetBlockIoTune API,
	and the return value type should be a virTypedParameterPtr but not
	integer. And "PyArg_ParseTuple" in functions
	libvirt_virDomain{Set,Get}BlockIoTune misses format unit for "format"
	argument.
	* libvirt-override-api.xml: Remove useless the parameter 'params'
	from virDomainGetBlockIoTune API, and change return value type from
	integer to virTypedParameterPtr.
	* python/libvirt-override.c: Add the missed format units.
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=770683

2011-12-28  Eric Blake  <eblake@redhat.com>

	qemu: fix inf-loop in blkio parameters
	https://bugzilla.redhat.com/show_bug.cgi?id=770520
	We had two nested loops both trying to use 'i' as the iteration
	variable, which can result in an infinite loop when the inner
	loop interferes with the outer loop.  Introduced in commit 93ab585.
	* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Don't
	reuse iteration variable across two loops.

2011-12-28  Lai Jiangshan  <laijs@cn.fujitsu.com>

	virsh: move version command to host group
	Trivial patch, move version command to host commands group.
	It has no any related with any domain.
	It may connect to the daemon, so the flag is 0 but not VSH_CMD_FLAG_NOCONNECT.

2011-12-28  Eric Blake  <eblake@redhat.com>

	daemon: clean up daemonization
	Valgrind detected a pipe fd leak before the parent exits on success,
	introduced in commit 4296cea; by itself, the leak is not bad, since
	we immediately called _exit(), but we might as well be clean to make
	valgrind analysis easier.  Meanwhile, if the daemon grandchild detects
	an error, the parent failed to flush the error message before exiting.
	Also, we had the possibility of both parent and child returning to the
	caller, such that the user could see duplicated reports of failure
	from the two return paths.  And we might as well be robust to the
	(unlikely) situation of being started with stdin closed.
	* daemon/libvirtd.c (daemonForkIntoBackground): Use exit if an
	error message was generated, avoid fd leaks for valgrind's sake,
	avoid returning to caller in both parent and child, and don't
	close a just-dup'd stdin.
	Based on a report by Alex Jia.
	* How to reproduce?
	  % service libvirtd stop
	  % valgrind -v --track-fds=yes /usr/sbin/libvirtd --daemon
	* Actual valgrind result:
	==16804== FILE DESCRIPTORS: 7 open at exit.
	==16804== Open file descriptor 7:
	==16804==    at 0x321FAD8B87: pipe (in /lib64/libc-2.12.so)
	==16804==    by 0x41F34D: daemonForkIntoBackground (libvirtd.c:186)
	==16804==    by 0x4207A0: main (libvirtd.c:1420)

2011-12-26  Satoru SATOH  <satoru.satoh@gmail.com>

	docs: Move 'echo' command description into the generic commands section
	Virsh's echo command looks not having any relations with domains and its
	description should go into the generic commands section instead of the
	domain commands section (current).

	docs: Move 'send-key' command description into the domain commands section
	Virsh's send-key command manipulates domains and its description should
	go into the domain commands section instead of generic commands section
	(current).

2011-12-25  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Keep list of USB devices attached to domains
	In order to avoid situation where a USB device is
	in use by two domains, we must keep a list of already
	attached devices like we do for PCI.

2011-12-24  Eric Blake  <eblake@redhat.com>

	docs: remove stray /
	Commit e5a84d74 added a new attribute in the wrong location;
	commit c8b9fa74 fixed the missing / at the end but not the extra
	/ in the middle.
	* docs/formatdomain.html.in (elementsDisks): Fix another typo.

2011-12-23  Eric Blake  <eblake@redhat.com>

	docs: fix missing / in xml examples
	* docs/formatdomain.html.in: Fix typos in examples.

	tests: fix schema checks sorting
	Commit 6fdbce12 attempted to sort the list of tests, but failed
	(without quotes, echo merges all the tests into a single line,
	so there was nothing to sort).
	* tests/schematestutils.sh: Fix thinko in previous patch.

2011-12-23  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Support for overriding NOFILE limit
	This patch adds max_files option to qemu.conf which can be used to
	override system default limit on number of opened files that are
	allowed for qemu user.

2011-12-22  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Use vshWatchJob in cmdManagedSave
	This patch alters saving code, so we can report progress
	and allow cancel via ^C.

	virsh: Use vshWatchJob in cmdSave
	This patch alters saving code, so we can report progress
	and allow cancel via ^C.

	virsh: Use vshWatchJob in cmdDump
	This patch alters dumping code, so we can report progress
	and allow cancel via ^C.

	virsh: Move job watch code to a separate function
	called vshWatchJob. This can be later used in other
	job oriented commands like dump, save, managedsave
	to report progress and allow user to cancel via ^C.

	qemuhelptest: Add new qemuCap flag
	Latest patch a1a83c587443 introduces new qemu capability flag
	QEMU_CAPS_FSDEV_READONLY. However, it was missing in qemuhelptest
	making test for qemu-1.0 fail.

2011-12-22  Osier Yang  <jyang@redhat.com>

	qemu: Support readonly filesystem passthrough
	Upstream QEMU starts to support it from commit 2c74c2cb.

2011-12-21  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Do not require DHCP requests to be broadcasted
	Remove the requirement that DHCP messages have to be broadcasted.
	DHCP requests are most often sent via broadcast but can be directed
	towards a specific DHCP server. For example 'dhclient' takes '-s <server>'
	as a command line parameter thus allowing DHCP requests to be sent to a
	specific DHCP server.

2011-12-21  Osier Yang  <jyang@redhat.com>

	qemu: Release the lock on domobj if fails on finding the disk path

2011-12-21  Eric Blake  <eblake@redhat.com>

	tests: run schema checks in sorted order
	Having a test that depends on file system timestamps and/or inode
	allocation order gives non-deterministic output.
	* tests/schematestutils.sh: Run test in deterministic order.

2011-12-21  Michael Ellerman  <michael@ellerman.id.au>

	tests: Add fake PPC64 emulator for QEMU testing
	Create a fake PPC64 QEMU so that we can run PPC64 QEMU tests when we
	don't have a real version of the emulator available.

	qemu: Add spapr-vio address assignment
	Add logic to assign addresses for devices with spapr-vio addresses.
	We also do validation of addresses specified by the user, ie. ensuring
	that there are not duplicate addresses on the bus.

2011-12-21  Bharata B Rao  <bharata@linux.vnet.ibm.com>

	Add New address type spapr-vio to domain.rng
	Original patch by Bharata. Updated to use {1,16} in spaprvioReg based
	on example from Eric Blake.

2011-12-21  Michael Ellerman  <michael@ellerman.id.au>

	Add address type for SPAPR VIO devices
	For QEMU PPC64 we have a machine type ("pseries") which has a virtual
	bus called "spapr-vio". We need to be able to create devices on this
	bus, and as such need a way to specify the address for those devices.
	This patch adds a new address type "spapr-vio", which achieves this.
	The addressing is specified with a "reg" property in the address
	definition. The reg is optional, if it is not specified QEMU will
	auto-assign an address for the device.

2011-12-21  Alex Jia  <ajia@redhat.com>

	docs: improve virsh domxml-*-native command docs
	* tools/virsh.pod: improve virsh man page for domxml-from-native and
	domxml-to-native commands.

	virsh: plug mem leaks in domxml-*-native
	Detected by valgrind. Leaks introduced in commit 4d5383f.
	* tools/virsh.c: fix memory leaks on cmdDomXMLFromNative and cmdDomXMLToNative.
	* how to reproduce?
	  % virsh dumpxml ${guest} > foo.xml
	  % valgrind -v --leak-check=full virsh domxml-from-native qemu-argv foo.xml
	  % valgrind -v --leak-check=full virsh domxml-to-native qemu-argv foo.xml
	* actual valgrind results:
	==9724== 8,193 bytes in 1 blocks are definitely lost in loss record 31 of 33
	==9724==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==9724==    by 0x4A06167: realloc (vg_replace_malloc.c:525)
	==9724==    by 0x4C7510B: virReallocN (memory.c:161)
	==9724==    by 0x4C84679: virFileReadLimFD (util.c:394)
	==9724==    by 0x4C84815: virFileReadAll (util.c:455)
	==9724==    by 0x41A89F: cmdDomXMLFromNative (virsh.c:5532)
	==9724==    by 0x414872: vshCommandRun (virsh.c:16464)
	==9724==    by 0x425623: main (virsh.c:17971)
	==9724==
	==9724== LEAK SUMMARY:
	==9724==    definitely lost: 8,193 bytes in 1 blocks
	==9724==    indirectly lost: 0 bytes in 0 blocks
	==9724==      possibly lost: 0 bytes in 0 blocks
	==9724==    still reachable: 127,128 bytes in 1,347 blocks
	==7409== 8,193 bytes in 1 blocks are definitely lost in loss record 31 of 33
	==7409==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==7409==    by 0x4A06167: realloc (vg_replace_malloc.c:525)
	==7409==    by 0x4C7510B: virReallocN (memory.c:161)
	==7409==    by 0x4C84679: virFileReadLimFD (util.c:394)
	==7409==    by 0x4C84815: virFileReadAll (util.c:455)
	==7409==    by 0x41A7AF: cmdDomXMLToNative (virsh.c:5578)
	==7409==    by 0x414892: vshCommandRun (virsh.c:16463)
	==7409==    by 0x425633: main (virsh.c:17970)
	==7409==
	==7409== LEAK SUMMARY:
	==7409==    definitely lost: 8,193 bytes in 1 blocks
	==7409==    indirectly lost: 0 bytes in 0 blocks
	==7409==      possibly lost: 0 bytes in 0 blocks
	==7409==    still reachable: 127,128 bytes in 1,347 blocks

	console: plug memory leaks
	Using 'virReallocN' to allocate memory on virConsoleEventOnStdin,
	virConsoleEventOnStdout and virConsoleEventOnStream, however, the
	cleanup function virConsoleShutdown hasn't released these memory.
	* tools/console.c: fix memory leaks on virConsoleShutdown.
	https://bugzilla.redhat.com/show_bug.cgi?id=767488

2011-12-21  Michael Ellerman  <michael@ellerman.id.au>

	qemu: Add a capability flag for -no-acpi
	Currently non-x86 guests must have <acpi/> defined in <features> to
	prevent libvirt from running qemu with -no-acpi. Although it works, it
	is a hack.
	Instead add a capability flag which indicates whether qemu understands
	the -no-acpi option. Use it to control whether libvirt emits -no-acpi.
	Current versions of qemu always display -no-acpi in their help output,
	so this patch has no effect. However the development version of qemu
	has been modified such that -no-acpi is only displayed when it is
	actually supported.

2011-12-21  Hu Tao  <hutao@cn.fujitsu.com>

	add new command numatune to virsh
	add new command numatune to virsh to get/set numa parameters

	Implement virDomain{G, S}etNumaParameters for the qemu driver

	Add virDomain{G, S}etNumaParameters support to the remote driver

	add new API virDomain{G, S}etNumaParameters
	Set up the types for the numa functions and insert them into the
	virDriver structure definition.

	use cpuset to manage numa
	This patch also sets cgroup cpuset parameters for numatune.

	Add functions to set/get cgroup cpuset parameters

2011-12-20  Eric Blake  <eblake@redhat.com>

	rpc: handle param_int, plug memory leaks
	The RPC code had several latent memory leaks and an attempt to
	free the wrong string, but thankfully nothing triggered them
	(blkiotune was the only one returning a string, and always as
	the last parameter).  Also, our cleanups for rpcgen ended up
	nuking a line of code that renders VIR_TYPED_PARAM_INT broken,
	because it was the only use of 'i' in a function, even though
	it was a member usage rather than a standalone declaration.
	* daemon/remote.c (remoteSerializeTypedParameters): Free the
	correct array element.
	(remoteDispatchDomainGetSchedulerParameters)
	(remoteDispatchDomainGetSchedulerParametersFlags)
	(remoteDispatchDomainBlockStatsFlags)
	(remoteDispatchDomainGetMemoryParameters): Don't leak strings.
	* src/rpc/genprotocol.pl: Don't nuke member-usage of 'buf' or 'i'.

	virsh: simplify printing of typed parameters
	No need to repeat code for formatting typed parameters.
	* tools/virsh.c (vshGetTypedParamValue): Support strings, and exit
	on OOM.
	(cmdSchedinfo, cmdBlkiotune, cmdMemtune, cmdBlkdeviotune): Use
	it for less code.

	docs: document <qemu:commandline> xml
	Even though we technically don't support <qemu:commandline> (as in,
	if you mis-use things, you get to keep the pieces), we should at
	least document how to use it.
	[See also http://berrange.com/posts/2011/12/19/using-command-line-arg-monitor-command-passthrough-with-libvirt-and-kvm/]
	* docs/drvqemu.html.in (qemucommand): New section.

2011-12-20  Alex Jia  <ajia@redhat.com>

	python: plug memory leak on libvirt_virConnectOpenAuth
	* Detected by valgrind. Leak introduced in commit 5ab109f.
	* python/libvirt-override.c: avoid memory leak on libvirt_virConnectOpenAuth.
	* How to reproduce?
	  % valgrind -v --leak-check=full virt-clone --print-xml
	  Note: it can hit the issue although options are incomplete.
	* Actual valgrind result:
	==1801== 12 bytes in 1 blocks are definitely lost in loss record 25 of 3,270
	==1801==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==1801==    by 0xCF1F60E: libvirt_virConnectOpenAuth (libvirt-override.c:1507)
	==1801==    by 0x3AFEEDE7F3: PyEval_EvalFrameEx (ceval.c:3794)
	==1801==    by 0x3AFEEDF99E: PyEval_EvalFrameEx (ceval.c:3880)
	==1801==    by 0x3AFEEDF99E: PyEval_EvalFrameEx (ceval.c:3880)
	==1801==    by 0x3AFEEDF99E: PyEval_EvalFrameEx (ceval.c:3880)
	==1801==    by 0x3AFEEDF99E: PyEval_EvalFrameEx (ceval.c:3880)
	==1801==    by 0x3AFEEE0466: PyEval_EvalCodeEx (ceval.c:3044)
	==1801==    by 0x3AFEEE0541: PyEval_EvalCode (ceval.c:545)
	==1801==    by 0x3AFEEFB88B: run_mod (pythonrun.c:1351)
	==1801==    by 0x3AFEEFB95F: PyRun_FileExFlags (pythonrun.c:1337)
	==1801==    by 0x3AFEEFCE4B: PyRun_SimpleFileExFlags (pythonrun.c:941)

2011-12-19  Christophe Fergeau  <cfergeau@redhat.com>

	Fix typo in storage pool documentation
	Remove 2 words that shouldn't be here.

2011-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Disable python explicitly in mingw32 autobuild

	Only add the timer when a callback is registered
	The lifetime of the virDomainEventState object is tied to
	the lifetime of the driver, which in stateless drivers is
	tied to the lifetime of the virConnectPtr.
	If we add & remove a timer when allocating/freeing the
	virDomainEventState object, we can get a situation where
	the timer still triggers once after virDomainEventState
	has been freed. The timeout callback can't keep a ref
	on the event state though, since that would be a circular
	reference.
	The trick is to only register the timer when a callback
	is registered with the event state & remove the timer
	when the callback is unregistered.
	The demo for the bug is to run
	  while true ; do date ; ../tools/virsh -q -c test:///default 'shutdown test; undefine test; dominfo test' ; done
	prior to this fix, it will frequently hang and / or
	crash, or corrupt memory

	Hide use of timers for domain event dispatch
	Currently all drivers using domain events need to provide a callback
	for handling a timer to dispatch events in a clean stack. There is
	no technical reason for dispatch to go via driver specific code. It
	could trivially be dispatched directly from the domain event code,
	thus removing tedious boilerplate code from all drivers
	Also fix the libxl & xen drivers to pass 'true' when creating the
	virDomainEventState, since they run inside the daemon & thus always
	expect events to be present.
	* src/conf/domain_event.c, src/conf/domain_event.h: Internalize
	  dispatch of events from timer callback
	* src/libxl/libxl_driver.c, src/lxc/lxc_driver.c,
	  src/qemu/qemu_domain.c, src/qemu/qemu_driver.c,
	  src/remote/remote_driver.c, src/test/test_driver.c,
	  src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c: Remove all timer dispatch functions

	Remove decl of all APIs related to domain event callbacks & queues
	The virDomainEventCallbackList and virDomainEventQueue APIs are
	now solely helpers used internally by virDomainEventState APIs.
	Remove their decls from domain_event.h since no driver code should
	need to use them any more.
	* src/conf/domain_event.c: Make virDomainEventCallbackList and
	  virDomainEventQueue APIs static & remove some unused APIs
	* src/conf/domain_event.h, src/libvirt_private.syms: Remove
	  virDomainEventCallbackList and virDomainEventQueue APIs

	Remove all domain event structs from header
	No caller of the domain events APIs should need to poke at the
	struct internals. Thus they should all be removed from the
	header file
	* src/conf/domain_event.h: Remove struct definitions
	* src/conf/domain_event.c: Add struct definitions

	Convert drivers to thread safe APIs for adding callbacks
	* src/libxl/libxl_driver.c, src/lxc/lxc_driver.c,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c,
	  src/vbox/vbox_tmpl.c, src/xen/xen_driver.c: Convert
	  to threadsafe APIs

	Add APIs to allow management of callbacks purely with virDomainEventState
	While virDomainEventState has APIs for managing removal of callbacks,
	while locked, adding callbacks in the first place requires direct
	access to the virDomainEventCallbackList structure. This is not
	threadsafe since it is bypassing the virDomainEventState locks
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Add APIs for managing callbacks
	  via virDomainEventState.

	Return count of callbacks when registering callbacks
	When registering a callback for a particular event some callers
	need to know how many callbacks already exist for that event.
	While it is possible to ask for a count, this is not free from
	race conditions when threaded. Thus the API for registering
	callbacks should return the count of callbacks. Also rename
	virDomainEventStateDeregisterAny to virDomainEventStateDeregisterID
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Return count of callbacks when
	  registering callbacks
	* src/libxl/libxl_driver.c, src/libxl/libxl_driver.c,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/remote/remote_driver.c, src/uml/uml_driver.c,
	  src/vbox/vbox_tmpl.c, src/xen/xen_driver.c: Update
	  for change in APIs

	Convert Xen & VBox drivers to use virDomainEventState
	The Xen & VBox drivers deal with callbacks & dispatching of
	events directly. All the other drivers use a timer to dispatch
	events from a clean stack state, rather than deep inside the
	drivers. Convert Xen & VBox over to virDomainEventState so
	that they match behaviour of other drivers
	* src/conf/domain_event.c: Return count of remaining
	  callbacks when unregistering event callback
	* src/vbox/vbox_tmpl.c, src/xen/xen_driver.c,
	  src/xen/xen_driver.h: Convert to virDomainEventState

2011-12-17  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: do not create ebtables chain unnecessarily
	If only iptables rules are created then two unnecessary ebtables chains
	are also created. This patch fixes this and prevents these chains from
	being created. They have been cleaned up properly, though.

2011-12-16  Eric Blake  <eblake@redhat.com>

	build: disable dtrace on non-Linux builds
	Using dtrace (and systemtap in general) is Linux-specific.
	Running ./autobuild.sh shows that attempting a cross-build to
	target mingw was mistakenly trying to build dtrace code, merely
	because it was present on the compilation host.
	* configure.ac (with_dtrace): Don't attempt to use dtrace when
	doing a cross-build hosted on Linux but targetting elsewhere.
	Reported by Daniel P. Berrange.

2011-12-16  Peter Krempa  <pkrempa@redhat.com>

	migration: Add more specific error code/message on migration abort
	A generic error code was returned, if the user aborted a migration job.
	This made it hard to distinguish between a user requested abort and an
	error that might have occured. This patch introduces a new error code,
	which is returned in the specific case of a user abort, while leaving
	all other failures with their existing code. This makes it easier to
	distinguish between failure while mirgrating and an user requested
	abort.
	 * include/libvirt/virterror.h: - add new error code
	 * src/util/virterror.c: - add message for the new error code
	 * src/qemu/qemu_migration.h: - Emit operation aborted error instead of
	                                operation failed, on migration abort

2011-12-16  Eric Blake  <eblake@redhat.com>

	qemu: detect truncated file as invalid save image
	If managed save fails at the right point in time, then the save
	image can end up with 0 bytes in length (no valid header), and
	our attempts in commit 55d88def to detect and skip invalid save
	files missed this case.
	* src/qemu/qemu_driver.c (qemuDomainSaveImageOpen): Also unlink
	empty file as corrupt.  Reported by Dennis Householder.

2011-12-16  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't drop hostdev config until security label restore
	Currently, on device detach, we parse given XML, find the device
	in domain object, free it and try to restore security labels.
	However, in some cases (e.g. usb hostdev) parsed XML contains
	less information than freed device. In usb case it is bus & device
	IDs. These are needed during label restoring as a symlink into
	/dev/bus is generated from them. Therefore don't drop device
	configuration until security labels are restored.

2011-12-16  Peter Krempa  <pkrempa@redhat.com>

	virsh: Add option to undefine storage with domains
	Add an option for virsh undefine command, to remove associated storage
	volumes while undefining a domain. This patch allows the user to remove
	associated (libvirt managed ) storage volumes while undefining a domain.
	The new option --storage for the undefine command takes a string
	argument that consists of comma separated list of target or source path
	of volumes to be undefined. Volumes are removed after the domain has
	been successfully undefined,
	If a volume is not part of a storage pool, the user is warned to remove
	the volume in question himself.
	Option --wipe-storage may be specified along with this, that ensures
	the image is wiped before removing.
	Option --remove-all-storage enables the user to remove all storage. The
	name is chosen long as the users should be aware what they're about to
	do.

2011-12-16  Eric Blake  <eblake@redhat.com>

	build: let autobuild check more code
	Some gcc warnings about no % in a printf format string only
	appear under --disable-nls.  And configure.ac should automatically
	be excluding modules on mingw without us having to be explicit.
	Improving autobuild.sh to stress more combinations can only help.
	* autobuild.sh: Add --disable-nls on first build.  Update mingw
	build to rely more on configure.ac detection.

2011-12-16  Jim Fehlig  <jfehlig@suse.com>

	Fix default migration speed in qemu driver
	In commit 6f84e110 I mistakenly set default migration speed to
	33554432 Mb!  The units of migMaxBandwidth is Mb, with conversion
	handled in qemuMonitor{JSON,Text}SetMigrationSpeed().
	Also, remove definition of QEMU_DOMAIN_FILE_MIG_BANDWIDTH_MAX since
	it is no longer used after reverting commit ef1065cf.

2011-12-15  Osier Yang  <jyang@redhat.com>

	python: Expose blockPeek and memoryPeek in Python binding
	A simple example to show how to use it:
	\#! /usr/bin/python
	import os
	import sys
	import libvirt
	disk = "/var/lib/libvirt/images/test.img"
	conn = libvirt.open(None)
	dom = conn.lookupByName('test')
	mem_contents = dom.memoryPeek(0, 32, libvirt.VIR_MEMORY_VIRTUAL);
	sys.stdout.write(mem_contents)
	% python test.py | hexdump
	0000000 1660 0209 0000 0000 0000 0000 0000 0000
	0000010 0000 0000 0000 0000 d3a0 01d0 0000 0000
	0000020

2011-12-15  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix race between async and query jobs
	If an async job run on a domain will stop the domain at the end of the
	job, a concurrently run query job can hang in qemu monitor and nothing
	can be done with that domain from this point on. An attempt to start
	such domain results in "Timed out during operation: cannot acquire state
	change lock" error.
	However, quite a few things have to happen at the right time... There
	must be an async job running which stops a domain at the end. This race
	was reported with dump --crash but other similar jobs, such as
	(managed)save and migration, should be able to trigger this bug as well.
	While this async job is processing its last monitor command, that is a
	query-migrate to which qemu replies with status "completed", a new
	libvirt API that results in a query job must arrive and stay waiting
	until the query-migrate command finishes. Once query-migrate is done but
	before the async job closes qemu monitor while stopping the domain, the
	other thread needs to wake up and call qemuMonitorSend to send its
	command to qemu. Before qemu gets a chance to respond to this command,
	the async job needs to close the monitor. At this point, the query job
	thread is waiting for a condition that no-one will ever signal so it
	never finishes the job.

2011-12-15  Osier Yang  <jyang@redhat.com>

	qemu: Do not free the device from activePciHostdevs if it's in use
	* src/qemu/qemu_hostdev.c (qemuDomainReAttachHostdevDevices):
	pciDeviceListFree(pcidevs) in the end free()s the device even if
	it's in use by other domain, which can cause a race.
	How to reproduce:
	<script>
	virsh nodedev-dettach pci_0000_00_19_0
	virsh start test
	virsh attach-device test hostdev.xml
	virsh start test2
	for i in {1..5}; do
	        echo "[ -- ${i}th time --]"
	        virsh nodedev-reattach pci_0000_00_19_0
	done
	echo "clean up"
	virsh destroy test
	virsh nodedev-reattach pci_0000_00_19_0
	</script>
	Device pci_0000_00_19_0 dettached
	Domain test started
	Device attached successfully
	error: Failed to start domain test2
	error: Requested operation is not valid: PCI device 0000:00:19.0 is in use by domain test
	[ -- 1th time --]
	Device pci_0000_00_19_0 re-attached
	[ -- 2th time --]
	Device pci_0000_00_19_0 re-attached
	[ -- 3th time --]
	Device pci_0000_00_19_0 re-attached
	[ -- 4th time --]
	Device pci_0000_00_19_0 re-attached
	[ -- 5th time --]
	Device pci_0000_00_19_0 re-attached
	clean up
	Domain test destroyed
	Device pci_0000_00_19_0 re-attached
	The patch also fixes another problem, there won't be error like
	"qemuDomainReAttachHostdevDevices: Not reattaching active
	device 0000:00:19.0" in daemon log if some device is in active.
	As pciResetDevice and pciReattachDevice won't be called for
	the device anymore. This is sensible as we already reported
	error when preparing the device if it's active. Blindly trying
	to pciResetDevice & pciReattachDevice on the device and getting
	an error is just redundant.

	qemu: Honor the original properties of PCI device when detaching
	This patch fixes two problems:
	    1) The device will be reattached to host even if it's not
	       managed, as there is a "pciDeviceSetManaged".
	    2) The device won't be reattached to host with original
	       driver properly. As it doesn't honor the device original
	       properties which are maintained by driver->activePciHostdevs.

2011-12-15  Wen Congyang  <wency@cn.fujitsu.com>

	spec: fix inverted logic on sanlock
	Commit d336dbdb tried to refactor sanlock to avoid building it
	on RHEL for architectures where it is not available, but used
	the wrong conditional.
	* libvirt.spec.in (with_sanlock): Use %ifarch, not %ifnarch.

2011-12-14  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	virsh: support multifunction in attach-disk
	PCI <address...> can be specified by attach-disk but multifunction cannot
	be specified. Add --multifunction support.

2011-12-14  Eric Blake  <eblake@redhat.com>

	docs: tweak 'virsh edit' wording
	I was wondering why 'virsh edit' didn't support the same
	'--inactive' option as 'virsh dumpxml'; reading the source
	code showed that --inactive was already implied, and that
	the only way to alter a running guest rather than affecting
	next boot is by hot-plugging individual devices, or by
	something complex like saving the guest and modifying the
	save image.
	* tools/virsh.pod (define, edit): Mention behavior when guest is
	already running.

2011-12-14  Peter Krempa  <pkrempa@redhat.com>

	python: Fix export of virDomainSnapshotListChildrenNames
	Commit f2013c9dd1ce468b8620ee35c232a93ef7026fb0 added implementation of
	virDomainSnapshotListChildrenNames override export, but registration of
	the newly exported function was not added.
	 *python/libvirt-override.c: - register export of function

2011-12-14  Lei Li  <lilei@linux.vnet.ibm.com>

	Provide a helper method virDomainLiveConfigHelperMethod
	This chunk of code below repeated in several functions, factor it into
	a helper method virDomainLiveConfigHelperMethod to eliminate duplicated code
	based on Eric and Adam's suggestion. I have tested it for all the
	relevant APIs changed.

2011-12-13  Peter Krempa  <pkrempa@redhat.com>

	virsh: Print error message if argument parsing fails for cmdNodesuspend
	If parsing of arguments failed, virsh did silently exit returning and
	error state, but not specifying the possible problem.
	 * tools/virsh: cmdNodesuspend: - error handling added

2011-12-13  Alex Jia  <ajia@redhat.com>

	tests: plug memory leak on linuxTestNodeInfo
	Detected by valgrind. Leak introduced in commit 82ff25e.
	* tests/nodeinfotest.c: avoid memory leak on nodeinfo test case.
	* how to reproduce?
	  % cd tests && valgrind -v --leak-check=full ./nodeinfotest
	* actual valgrind result:
	==22147== 65 bytes in 1 blocks are definitely lost in loss record 14 of 29
	==22147==    at 0x4A0610F: realloc (vg_replace_malloc.c:525)
	==22147==    by 0x330D6FED94: __vasprintf_chk (in /lib64/libc-2.12.so)
	==22147==    by 0x426697: virVasprintf (stdio2.h:199)
	==22147==    by 0x426757: virAsprintf (util.c:1695)
	==22147==    by 0x41585F: linuxTestNodeInfo (nodeinfotest.c:108)
	==22147==    by 0x416B21: virtTestRun (testutils.c:141)
	==22147==    by 0x4157EA: mymain (nodeinfotest.c:140)
	==22147==    by 0x416217: virtTestMain (testutils.c:696)
	==22147==    by 0x330D61ECDC: (below main) (in /lib64/libc-2.12.so)
	==22147==
	==22147== LEAK SUMMARY:
	==22147==    definitely lost: 65 bytes in 1 blocks
	==22147==    indirectly lost: 0 bytes in 0 blocks
	==22147==      possibly lost: 0 bytes in 0 blocks
	==22147==    still reachable: 126,126 bytes in 1,341 blocks

2011-12-13  Osier Yang  <jyang@redhat.com>

	storage: Fix a potential crash when creating vol object
	If the vol object is newly created, it increases the volumes count,
	but doesn't decrease the volumes count when do cleanup. It can
	cause libvirtd to crash when one trying to free the volume objects
	like:
	    for (i = 0; i < pool->volumes.count; i++)
	        virStorageVolDefFree(pool->volumes.objs[i]);
	It's more reliable if we add the newly created vol object in the
	end.

2011-12-13  Eric Blake  <eblake@redhat.com>

	docs: document <address> elements in one place
	Improve the documentation of what forms a valid <address> element,
	since these elements appear in numerous devices.
	* docs/formatdomain.html.in (elementsAddress): New section.
	(elementsControllers, elementsUSB, elementsNICS, elementsInput)
	(elementsHub, elementsCharChannel, elementsSound): Refer to it.

	build: follow directory install conventions
	Commit 4d9e51f6 fixed a 'make uninstall' failure, but failed
	to follow other conventions already present in src/Makefile.am.
	In particular, we prefer MKDIR_P over mkdir -p, and should
	have a matching rmdir during uninstall for every directory
	created during install (the idea being that uninstall in a
	DESTDIR should be clean, while installation in the final
	system should not fail with non-empty directories left behind).
	* tools/Makefile.am (install-sysconfig, install-initscript)
	(install-systemd): Use MKDIR_P.
	(uninstall-sysconfig, uninstall-initscript, uninstall-systemd):
	Also remove directories.
	* daemon/Makefile.am (install-data-local, install-data-polkit)
	(install-logrotate, install-sysconfig, install-sysctl)
	(install-init-redhat, install-init-upstart, install-init-systemd)
	(install-data-sasl): Use MKDIR_P.
	(uninstall-data-polkit, uninstall-sysconfig, uninstall-sysctl)
	(uninstall-init-redhat, uninstall-init-upstart)
	(uninstall-init-systemd): Also remove directory.
	(uninstall-logrotate): New rule.
	(uninstall-local): Add uninstall-logrotate.

2011-12-12  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Disable EOF processing during qemuDomainDestroy
	When destroying a domain qemuDomainDestroy kills its qemu process and
	starts a new job, which means it unlocks the domain object and locks it
	again after some time. Although the object is usually unlocked for a
	pretty short time, chances are another thread processing an EOF event on
	qemu monitor is able to lock the object first and does all the cleanup
	by itself. This leads to wrong shutoff reason and lifecycle event detail
	and virDomainDestroy API incorrectly reporting failure to destroy an
	inactive domain.
	Reported by Charlie Smurthwaite.

2011-12-12  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Free returned MIME type string
	In terms of documentation to virDomainScreenshot, caller MUST free
	returned value. But virsh was not.

2011-12-12  Osier Yang  <jyang@redhat.com>

	Maint: Update AUTHORs
	Add Rommer in.

2011-12-12  Rommer  <rommer@active.by>

	storage: Activate/deactivate logical volumes only on local node
	Current "-ay | -an" has problems on pool starting/refreshing if
	the volumes are clustered. Rommer has posted a patch to list 2
	months ago.
	https://www.redhat.com/archives/libvir-list/2011-October/msg01116.html
	But IMO we shouldn't skip the inactived vols. So this is a squashed
	patch by Rommer.

2011-12-12  Josh Durgin  <josh.durgin@dreamhost.com>

	security: don't try to label network disks
	Network disks don't have paths to be resolved or files to be checked
	for ownership. ee3efc41e6233e625aa03003bf3127319ccd546f checked this
	for some image label functions, but was partially reverted in a
	refactor.  This finishes adding the check to each security driver's
	set and restore label methods for images.

2011-12-12  Dave Allan  <dallan@redhat.com>

	Fix make uninstall
	Make uninstall currently fails with the following message:
	rmdir /etc/sasl2/
	rmdir: failed to remove `/etc/sasl2/': Directory not empty
	That's fine (correct in fact) so force the command to return success
	with || :

2011-12-10  Laine Stump  <laine@laine.org>

	test: replace deprecated "fedora-13" machine with "pc-0.13"
	One of the xml tests in the test suite was created using a
	now-deprecated qemu machine type ("fedora-13", which was only ever
	valid for Fedora builds of qemu). Although strictly speaking it's not
	necessary to replace it with an actual supported qemu machine type
	(since the xml in question is never actually sent to qemu), this patch
	changes it to the actually-supported "pc-0.13" just for general
	tidiness. (Also, on some Fedora builds which contain a special patch
	to rid the world of "fedora-13", having it mentioned in the test suite
	will cause make check to fail.)

2011-12-10  Laine Stump  <laine@redhat.com>

	network: don't add iptables rules for externally managed networks
	This patch addresses https://bugzilla.redhat.com/show_bug.cgi?id=760442
	When a network has any forward type other than route, nat or none, the
	network configuration should be done completely external to libvirt -
	libvirt only uses these types to allow configuring guests in a manner
	that isn't tied to a specific host (all the host-specific information,
	in particular interface names, port profile data, and bandwidth
	configuration is in the network definition, and the guest
	configuration only references it).
	Due to a bug in the bridge network driver, libvirt was adding iptables
	rules for networks with forward type='bridge' etc. any time libvirtd
	was restarted while one of these networks was active.
	This patch eliminates that error by only "reloading" iptables rules if
	forward type is route, nat, or none.

2011-12-10  Michael Ellerman  <michael@ellerman.id.au>

	qemu: Prepare to cater for more general address assignment
	Currently qemuDomainAssignPCIAddresses() is called to assign addresses
	to PCI devices.
	We need to do something similar for devices with spapr-vio addresses.
	So create one place where address assignment will be done, that is
	qemuDomainAssignAddresses().

	qemu: Add address in qemuBuildChrDeviceStr() on pseries
	For the PPC64 pseries machine type we need to add address information
	for the spapr-vty device.

	qemu: Use spapr-vscsi on pseries machine type
	On the PPC64 pseries machine type we need to use the spapr-vscsi device
	rather than an lsi.

2011-12-10  Eric Blake  <eblake@redhat.com>

	network: allow '-' in model name
	In QEMU PPC64 we have a network device called "spapr-vlan". We can specify
	this using the existing syntax for network devices, however libvirt
	currently rejects "spapr-vlan" in virDomainNetDefParseXML() because of
	the "-". Fix the code to accept "-".
	* src/conf/domain_conf.c (virDomainNetDefParseXML): Allow '-' in
	model name, and be more efficient.
	* docs/schemas/domaincommon.rng: Limit valid model names to match code.
	Based on a patch by Michael Ellerman.

2011-12-10  Michal Privoznik  <mprivozn@redhat.com>

	threadpool: Use while loop on virCondWait
	instead of simple 'if' statement as virCondWait can return
	even if associated condition was not signaled.

	threads: Document spurious wakeups on virCondWait

2011-12-10  Alex Jia  <ajia@redhat.com>

	virsh: plug memory leak on cmdDomblklist
	Detected by valgrind. Leak introduced in commit 88a993b:
	* tools/virsh.c: fix memory leak on cmdDomblklist.
	* how to reproduce?
	  % valgrind -v --leak-check=full virsh domblklist <domain name>
	* actual valgrind result:
	==6573== 1,836 bytes in 1 blocks are definitely lost in loss record 110 of 124
	==6573==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==6573==    by 0x330D71497D: xdr_string (in /lib64/libc-2.12.so)
	==6573==    by 0x4D26CED: xdr_remote_nonnull_string (remote_protocol.c:30)
	==6573==    by 0x4D28138: xdr_remote_domain_get_xml_desc_ret (remote_protocol.c:1418)
	==6573==    by 0x4D3C0C2: virNetMessageDecodePayload (virnetmessage.c:382)
	==6573==    by 0x4D3279F: virNetClientProgramCall (virnetclientprogram.c:382)
	==6573==    by 0x4D0D50B: callWithFD (remote_driver.c:4339)
	==6573==    by 0x4D0D5AB: call (remote_driver.c:4360)
	==6573==    by 0x4D16EAF: remoteDomainGetXMLDesc (remote_client_bodies.h:861)
	==6573==    by 0x4CF9F4F: virDomainGetXMLDesc (libvirt.c:4098)
	==6573==    by 0x4154D9: cmdDomblklist (virsh.c:1722)
	==6573==    by 0x4149E2: vshCommandRun (virsh.c:16365)
	==6573==
	==6573== 46,009 (352 direct, 45,657 indirect) bytes in 1 blocks are definitely lost in loss record 123 of 124
	==6573==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==6573==    by 0x3318286DC6: xmlXPathNewContext (in /usr/lib64/libxml2.so.2.7.6)
	==6573==    by 0x4C79AE2: virXMLParseHelper (xml.c:779)
	==6573==    by 0x415512: cmdDomblklist (virsh.c:1726)
	==6573==    by 0x4149E2: vshCommandRun (virsh.c:16365)
	==6573==    by 0x427743: main (virsh.c:17867)
	==6573==
	==6573== LEAK SUMMARY:
	==6573==    definitely lost: 2,188 bytes in 2 blocks
	==6573==    indirectly lost: 45,657 bytes in 332 blocks
	==6573==      possibly lost: 0 bytes in 0 blocks
	==6573==    still reachable: 128,034 bytes in 1,364 blocks
	==6573==         suppressed: 0 bytes in 0 blocks

2011-12-10  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	fix error when parsing ppc64 models on x86 host
	When parsing ppc64 models on an x86 host an out-of-memory error message is displayed due
	to it checking for retcpus being NULL. Fix this by removing the check whether retcpus is NULL
	since we will realloc into this variable.
	Also in the X86 model parser display the OOM error at the location where it happens.

	fix memory leak in src/nodeinfo.c
	Fix memory leak:
	==27534== 24 bytes in 1 blocks are definitely lost in loss record 207 of 530
	==27534==    at 0x4A05E46: malloc (vg_replace_malloc.c:195)
	==27534==    by 0x38EC26EC37: vasprintf (in /lib64/libc-2.13.so)
	==27534==    by 0x4E998E6: virVasprintf (util.c:1677)
	==27534==    by 0x4E999F1: virAsprintf (util.c:1695)
	==27534==    by 0x4F1EAAC: nodeGetInfo (nodeinfo.c:593)
	==27534==    by 0x47948F: qemuCapsInitCPU (qemu_capabilities.c:855)
	==27534==    by 0x4796B1: qemuCapsInit (qemu_capabilities.c:915)
	==27534==    by 0x456550: qemuCreateCapabilities (qemu_driver.c:245)
	==27534==    by 0x4578C4: qemudStartup (qemu_driver.c:580)
	==27534==    by 0x4F20886: virStateInitialize (libvirt.c:852)
	==27534==    by 0x420E55: daemonRunStateInit (libvirtd.c:1156)
	==27534==    by 0x4E94C56: virThreadHelper (threads-pthread.c:157)
	Mark this leaked variable as const char * when it is passed into another
	function.

2011-12-09  Michal Privoznik  <mprivozn@redhat.com>

	threadpool: Don't wait on condition if pool has no workers
	Pool creates new workers dynamically. However, it is possible
	for a pool to have no workers. If we want to free that pool,
	we don't want to wait on quit condition as it will never be
	signaled.

2011-12-09  Jiri Denemark  <jdenemar@redhat.com>

	bridge: Fix forward delay APIs
	Due to copy&paste error in c1df2c14b590b3d68b707aa4f3a570f95a6bc548,
	virNetDevBridge[SG]etSTPDelay APIs were accessing wrong file.

2011-12-09  Peter Krempa  <pkrempa@redhat.com>

	cpu: Add cpu flags supported by newest qemu
	Add support for newly supported Intel cpu features. Newly supported
	flags are: pclmuldq, dtes64, smx, fma, pdcm, movbe, xsave, osxsave and
	avx. This adds support for Intel's Sandy Bridge platform.

	virsh: return correct value from cmdDomIfGetLink
	Reported by Alex Jia <ajia@redhat.com>. Function cmdDomIfGetLink did not
	set a success return value on success path.

2011-12-09  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Pass the VM's UUID into the nwfilter subsystem
	A preparatory patch for DHCP snooping where we want to be able to
	differentiate between a VM's interface using the tuple of
	<VM UUID, Interface MAC address>. We assume that MAC addresses could
	possibly be re-used between different networks (VLANs) thus do not only
	want to rely on the MAC address to identify an interface.
	At the current 'final destination' in virNWFilterInstantiate I am leaving
	the vmuuid parameter as ATTRIBUTE_UNUSED until the DHCP snooping patches arrive.
	(we may not post the DHCP snooping patches for 0.9.9, though)
	Mostly this is a pretty trivial patch. On the lowest layers, in lxc_driver
	and uml_conf, I am passing the virDomainDefPtr around until I am passing
	only the VM's uuid into the NWFilter calls.

	nwfilter: cleanup return codes in nwfilter subsystem
	This patch cleans up return codes in the nwfilter subsystem.
	Some functions in nwfilter_conf.c (validators and formatters) are
	keeping their bool return for now and I am converting their return
	code to true/false.
	All other functions now have failure return codes of -1 and success
	of 0.
	[I searched for all occurences of ' 1;' and checked all 'if ' and
	adapted where needed. After that I did a grep for 'NWFilter' in the source
	tree.]

2011-12-09  Alex Jia  <ajia@redhat.com>

	virsh: plug memory leak on cmdDomIfGetLink() sucessful path
	Detected by valgrind. Leak introduced in commit dc675f3:
	* tools/virsh.c: fix memory leak on cmdDomIfGetLink.
	* how to reproduce?
	  % valgrind -v --leak-check=full virsh domif-getlink <domain name> 0
	* actual valgrind result:
	==13102== 18 bytes in 1 blocks are definitely lost in loss record 9 of 47
	==13102==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==13102==    by 0x322A6A67DD: xmlStrndup (in /usr/lib64/libxml2.so.2.7.6)
	==13102==    by 0x414892: cmdDomIfGetLink (virsh.c:1538)
	==13102==    by 0x4136A2: vshCommandRun (virsh.c:16363)
	==13102==    by 0x4253FB: main (virsh.c:17865)
	==13102==
	==13102== LEAK SUMMARY:
	==13102==    definitely lost: 18 bytes in 1 blocks
	==13102==    indirectly lost: 0 bytes in 0 blocks
	==13102==      possibly lost: 0 bytes in 0 blocks
	==13102==    still reachable: 127,888 bytes in 1,361 blocks
	==13102==         suppressed: 0 bytes in 0 blocks

	virsh: plug memory leak on cmdBlkdeviotune() sucessful path
	Detected by valgrind. Leak introduced in commit e9bd9a0:
	* tools/virsh.c: fix memory leak on cmdBlkdeviotune.
	* how to reproduce?
	  % valgrind -v --leak-check=full virsh blkdeviotune <domain name> <block device>
	* actual valgrind result:
	==12759== 576 bytes in 1 blocks are definitely lost in loss record 18 of 29
	==12759==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==12759==    by 0x42134E: _vshCalloc.clone.2 (virsh.c:422)
	==12759==    by 0x4217CB: cmdBlkdeviotune (virsh.c:6364)
	==12759==    by 0x4136A2: vshCommandRun (virsh.c:16363)
	==12759==    by 0x4253FB: main (virsh.c:17865)
	==12759==
	==12759== LEAK SUMMARY:
	==12759==    definitely lost: 576 bytes in 1 blocks
	==12759==    indirectly lost: 0 bytes in 0 blocks
	==12759==      possibly lost: 0 bytes in 0 blocks
	==12759==    still reachable: 126,964 bytes in 1,342 blocks
	==12759==         suppressed: 0 bytes in 0 blocks

2011-12-09  Eric Blake  <eblake@redhat.com>

	maint: allow bootstrap in a sandbox
	Jiri Denemark reported an instance of bootstrapping libvirt
	failing when run inside a sandbox, traced to rpm trying to
	access /var/ which was not permitted by the sandbox.
	Alex Jia reported that 0.9.8-rc1 failed to bootstrap if patch(1)
	is not installed.
	* bootstrap.conf (buildreq): Avoid rpm call if python-config
	exists.  Also, require patch, in case we have gnulib-local diffs.

2011-12-09  Laine Stump  <laine@redhat.com>

	test: fix potential lock corruption in test driver
	In some error situations, the function testDomainRestoreFlags() could
	unlock the test driver mutex without first locking it. This patch
	moves the lock operation earlier, so that it occurs before any
	potential jump down to the unlock call.
	I found this problem while auditing the test driver lock usage to
	determine the cause of a hang while running the following test:
	  cd tests; while true; do printf x; ./undefine; done
	This patch *does not* solve that problem, but we now understand its
	actual source, and danpb is working on a patch.

2011-12-09  Eric Blake  <eblake@redhat.com>

	spec: fix logic bug in deciding to turn on cgconfig
	https://bugzilla.redhat.com/show_bug.cgi?id=738725
	Commit ecd8725 tried to silence a spurious warning on the initial
	libvirt install, and commit ba6cbb1 tried to fix up the logic to the
	correct Fedora version, but the warning was still present due to a
	logic bug: since %{fedora} and %{rhel} are never simulatanously
	set, then 0%{rhel} <= 6 made the %if always true.  Checking for
	minimum versions (via >=) is okay, but checking for maximum versions
	(via <=) requires a prerequisite test that the platform being tested
	is non-zero.
	Also fix a bogus setting of with_libxl (although we previously
	hard-code with_libxl to 0 for rhel earlier in the file, so this
	was not as severe a bug).
	* libvirt.spec.in (with_cgconfig): Don't enable cgconfig on F16.

	spec: make it easier to autoreconf when building rpm
	Over time, Fedora and RHEL RPMs have often backported upstream
	patches that touched configure.ac and/or Makefile.am; this
	necessitates rerunning the autotools for the patch to be effective.
	Making this a one-liner spec tweak will make it easier for future
	backports to pull patches without having to find all the places
	to touch to properly use the autotools.  Meanwhile, there have been
	historical instances where an update in the autotools caused FTBFS
	situations, so this is not on by default.
	* libvirt.spec.in (enable_autotools): New variable, default off.
	(BuildRequires): Conditionally add autotools.
	(%build): Conditionally use them before configure.
	* mingw32-libvirt.spec.in: Likewise.

2011-12-08  Daniel P. Berrange  <berrange@redhat.com>

	When checking nttyFDs to see if it is != 1, be sure to use '1' and not '-1'
	* src/lxc/lxc_controller.c: Fix check for tty count

	Fix installation of libvirt-guests.service
	The installation rules for the libvirt-guests.service were
	totally broken
	 - Installing in the wrong location
	 - The location was not overridable
	 - The install-systemd rule was not invoked anywhere
	 - The install-systemd rule was not invoking install-initscript
	   which it depends on
	 - The installed service file lacked a .service extension
	* tools/Makefile.am: Fix install of libvirt-guests.service

	Ensure to prefix %{buildroot} when overriding systemd install location
	The %makeinstall macro does not set DESTDIR, instead of explicitly
	prefixes %{buildroot} onto all paths. Thus we need to do the same
	when setting the systemd unit dir
	* libvirt.spec.in: Prefix %{buildroot} onto %{unitdir}

2011-12-08  Bharata B Rao  <bharata@linux.vnet.ibm.com>

	Add ppc64 specific definitions to domain.rng
	ppc64 as new arch type and pseries as new machine type are
	added under <os> ...  </os>.

2011-12-08  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Clean up qemuBuildCommandLine to remove x86-specific
	 assumptions from generic code.
	This implements the minimal set of changes needed in libvirt to launch a
	PowerPC-KVM based guest.
	It removes x86-specific assumptions about choice of serial driver backend
	from generic qemu guest commandline generation code.
	It also restricts the ACPI capability to be available for an x86 or
	x86_64 domain.
	This is not a complete solution -- it still does not guarantee libvirt
	the capability to flag non-supported options in guest XML. (Eg, an ACPI
	specification in a PowerPC guest XML will still get processed, even
	though qemu-system-ppc64 does not support it while qemu-system-x86_64 does.)
	This drawback exists because libvirt falls back on qemu to query supported
	features, and qemu '-h' blindly lists all capabilities -- irrespective
	of whether they are available while emulating a given architecture or not.
	The long-term solution would be for qemu to list out capabilities based
	on architecture and platform -- so that libvirt can cleanly make out what
	devices are supported on an arch (say 'ppc64') and platform (say, 'mac99').

	Add support for ppc64 qemu
	This enables libvirt to select the correct qemu binary (qemu-system-ppc64)
	for a guest vm based on arch 'ppc64'.
	Also, libvirt is enabled to correctly parse the list of supported PowerPC
	CPUs, generated by running 'qemu-system-ppc64 -cpu ?'
	Acked-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

	Modify the tests/nodeinfotest.c to use sysfs in addition
	 to proc/cpuinfo
	This patch creates a new sysfs hierarchy under
	tests/nodeinfodata/linux-nodeinfo-sysfs-test-1.
	Output files and /proc/cpuinfo files are also respectively added for
	both x86 and ppc64.

	Use sysfs to gather host topology, in place of
	 /proc/cpuinfo
	Libvirt at present depends on /proc/cpuinfo to gather host
	details such as CPUs, cores, threads, etc. This is an architecture-
	dependent approach. An alternative is to use 'Sysfs', which provides
	a platform-agnostic interface to parse host CPU topology.

2011-12-08  Christophe Fergeau  <cfergeau@redhat.com>

	maint: move my name to commiters
	Since I have commit rights on libvirt-glib, I can also push to
	libvirt, Eric Blake told to move my name up to committers to better
	reflect reality.

2011-12-08  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.8
	* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
	* po/*.po*: fetched localization update and regenerated

2011-12-08  Eric Blake  <eblake@redhat.com>

	spec: don't use chkconfig --list
	https://bugzilla.redhat.com/show_bug.cgi?id=694403 reports that
	the specfile is incorrectly checking for a running libvirt-guests
	service.  For example,
	$ LC_ALL=es_ES chkconfig --list libvirt-guests
	libvirt-guests 	  0:desactivado		 1:desactivado	   2:desactivado     3:activo	 4:activo  5:activo	    6:desactivado
	will fail to find 5:on, even though it is active.  But chkconfig
	already has a mode where you can silently use the exit status to
	check for an active service.
	* libvirt.spec.in (%post): Use simpler chkconfig options, to avoid
	issues with localization.

	build: fix build with older libxml2
	On RHEL 5, with libxml2-2.6.26, the build failed with:
	virsh.c: In function 'vshNodeIsSuperset':
	virsh.c:11951: warning: implicit declaration of function 'xmlChildElementCount'
	(or if warnings aren't errors, a link failure later on).
	* src/util/xml.h (virXMLChildElementCount): New prototype.
	* src/util/xml.c (virXMLChildElementCount): New function.
	* src/libvirt_private.syms (xml.h): Export it.
	* tools/virsh.c (vshNodeIsSuperset): Use it.

2011-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix updating of haveTheBuck in RPC client to be race-free
	When one thread passes the buck to another thread, it uses
	virCondSignal to wake up the target thread. The variable
	'haveTheBuck' is not updated in a race-free manner when
	this occurs. The current thread sets it to false, and the
	woken up thread sets it to true. There is a window where
	a 3rd thread can come in and grab the buck.
	Even if this didn't lead to crashes & deadlocks, this would
	still result in unfairness in the buckpassing algorithm.
	A better solution is to *never* set haveTheBuck to false
	when we're passing the buck. Only set it to false when there
	is no further thread waiting for the buck.
	* src/rpc/virnetclient.c: Only set haveTheBuck to false
	  if no thread is waiting

	Revert fd066925440ba48acc95d8f31b2c98b1cc9d582d
	Commit fd066925440ba48acc95d8f31b2c98b1cc9d582d tried to fix
	a race condition in
	  commit fa9595003d043df9f2efe95521c00898cef27106
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Fri Nov 11 15:28:41 2011 +0000
	    Explicitly track whether the buck is held in remote client
	Unfortunately there is a second race condition whereby the
	event loop can trigger due to incoming data to read. Revert
	this fix, so a complete fix for the problem can be cleanly
	applied
	* src/rpc/virnetclient.c: Revert fd066925440ba48acc95d8f31b2c98b1cc9d582d

2011-12-08  Jim Fehlig  <jfehlig@suse.com>

	Prevent crash of libvirtd when attaching to existing qemu process
	With security_driver set to "none" in /etc/libvirt/qemu.conf,
	libvirtd would crash when attempted to attach to an existing
	qemu process.  Only copy the security model if it actually exists.

2011-12-08  Christophe Fergeau  <cfergeau@redhat.com>

	Add documentation for <disk><source type="dir">

	Fix typo in virDomainResume API doc
	It's referring to virSuspendDomain instead of
	virDomainSuspend.

2011-12-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Ignore shutdown event from destroyed domain
	During virDomainDestroy, QEMU may emit SHUTDOWN event as a response to
	SIGTERM and since domain object is still locked, the event is processed
	after the domain is destroyed. We need to ignore this event in such case
	to avoid changing domain state from shutoff to shutdown.

2011-12-07  Osier Yang  <jyang@redhat.com>

	npiv: Expose fabric_name outside
	This patch is to expose the fabric_name of fc_host class, which
	might be useful for users who wants to known which fabric the
	(v)HBA connects to.
	The patch also adds the missed capabilities' XML schema of scsi_host,
	(of course, with fabric_wwn added), and update the documents
	(docs/formatnode.html.in)

2011-12-07  Daniel P. Berrange  <berrange@redhat.com>

	Conditionalize daemonPath decl for Win32 which lacks UNIX sockets

	Improve error reporting when libvirtd is not installed
	Currently if you try to connect to a local libvirtd when
	libvirtd is not in $PATH, you'll get an error
	  error: internal error invalid use of command API
	This is because remoteFindDaemonPath() returns NULL, which
	causes us to pass NULL into virNetSocketConnectUNIX which
	in turn causes us to pass NULL into virCommandNewArgList.
	Adding missing error checks improves this to
	  error: internal error Unable to locate libvirtd daemon in $PATH
	* src/remote/remote_driver.c: Report error if libvirtd
	  cannot be found
	* src/rpc/virnetsocket.c: Report error if caller requested
	  spawning of daemon, but provided no binary path

2011-12-06  Eric Blake  <eblake@redhat.com>

	spec: fix sanlock dependency
	* libvirt.spec.in (with_sanlock): On RHEL, don't force sanlock
	on architectures where it isn't available.

	spec: add dmidecode as prereq
	https://bugzilla.redhat.com/show_bug.cgi?id=754909 complains that
	because libvirt didn't require dmidecode, that the logs are noisy
	and virConnectGetSysinfo needlessly fails.  Even 'virt-what' requires
	dmidecode, so it's not that onerous of a dependency.  We may be
	able to drop this in the future when we move to parsing sysfs data,
	but for now, listing the dependency will help matters.
	* libvirt.spec.in (Requires): Sort Requires before BuildRequires.
	Add dmidecode.

	build: reduce warnings from older gcc
	Older gcc warns (on every file!) that -Wabi and -Wdeprecated only
	make sense on C++ projects.  Newer gcc accepts these warnings for
	C, but it is not clear that they can do anything useful, so it
	is easier to just drop the warnings altogether.
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Silence
	-Wabi and -Wdeprecated on older gcc.
	Reported by Peter Krempa.

2011-12-06  Jiri Denemark  <jdenemar@redhat.com>

	examples: Update event tests for shutdown event

2011-12-05  Daniel P. Berrange  <berrange@redhat.com>

	Fix incorrect symbols for virtime.h module breaking Mingw32
	The Mingw32 linker highlighted that the symbols for virtime.h
	declared in libvirt_private.syms were incorrect
	* src/libvirt_private.syms: Fix virtime.h symbols

2011-12-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Rework handling of shutdown event
	When QEMU guest finishes its shutdown sequence, qemu stops virtual CPUs
	and when started with -no-shutdown waits for us to kill it using
	SGITERM. Since QEMU is flushing its internal buffers, some time may pass
	before QEMU actually dies. We mistakenly used "paused" state (and
	events) for this which is quite confusing since users may see a domain
	going to pause while they expect it to shutdown. Since we already have
	"shutdown" state with "the domain is being shut down" semantics, we
	should use it for this state.
	However, the state didn't have a corresponding event so I created one
	and called its detail as VIR_DOMAIN_EVENT_SHUTDOWN_FINISHED (guest OS
	finished its shutdown sequence) with the intent to add
	VIR_DOMAIN_EVENT_SHUTDOWN_STARTED in the future if we have a
	sufficiently capable guest agent that can notify us when guest OS starts
	to shutdown.

2011-12-05  Guido Günther  <agx@sigxcpu.org>

	remote_driver: don't fail if keepalive check fails
	Otherwise connections to older libvirt abort with:
	$ virsh -c qemu+ssh://host.example.com/system list
	error: invalid connection pointer in virDrvSupportsFeature
	error: failed to connect to the hypervisor
	Tested against 0.8.3 and 0.9.8-rc2.

2011-12-05  Jiri Denemark  <jdenemar@redhat.com>

	Add support for QEMU 1.0

2011-12-05  Peter Krempa  <pkrempa@redhat.com>

	python: Expose binding for virNodeGetMemoryStats()
	This patch adds binding for virNodeGetMemoryStats method of libvirtd.
	Return value is represented as a python dictionary mapping field
	names to values.

	python: Expose binding for virNodeGetCPUStats()
	This patch adds binding for virNodeGetCPUStats method of libvirtd.
	Return value is represented as a python dictionary mapping field names
	to values.

2011-12-04  Eric Blake  <eblake@redhat.com>

	maint: fix improper use of 'an'
	https://bugzilla.redhat.com/show_bug.cgi?id=648855 mentioned a
	misuse of 'an' where 'a' is proper; that has since been fixed,
	but a search found other problems (some were a spelling error for
	'and', while most were fixed by 'a').
	* daemon/stream.c: Fix grammar.
	* src/conf/domain_conf.c: Likewise.
	* src/conf/domain_event.c: Likewise.
	* src/esx/esx_driver.c: Likewise.
	* src/esx/esx_vi.c: Likewise.
	* src/rpc/virnetclient.c: Likewise.
	* src/rpc/virnetserverprogram.c: Likewise.
	* src/storage/storage_backend_fs.c: Likewise.
	* src/util/conf.c: Likewise.
	* src/util/dnsmasq.c: Likewise.
	* src/util/iptables.c: Likewise.
	* src/xen/xen_hypervisor.c: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* src/xen/xs_internal.c: Likewise.
	* tools/virsh.c: Likewise.

	build: require more tools from maintainers
	We want our tarballs to be complete - this means that any
	generated file that gets shipped as part of the tarball so that
	ordinary users don't have to rebuild it must be something
	that the maintainer can generate.  There have been various
	reports of random build failures when using libvirt.git
	instead of a tarball, and often it is due to missing a
	maintainer-specific tool to produce one of these generated
	files.  This patch raises the bar for what you must have
	installed to build libvirt.git, but does not impact what
	you can get away with for building tarballs.
	Note: It still remains possible to do a successful 'make dist'
	without these tools, when starting from a release tarball.
	* bootstrap.conf (buildreq): Add tools that maintainers need for a
	successful 'make dist' from a fresh git checkout.

	command: handle empty buffer argument correctly
	virBufferContentAndReset (intentionally) returns NULL for a buffer
	with no content, but it is feasible to invoke a command with an
	explicit empty string.
	* src/util/command.c (virCommandAddEnvBuffer): Reject empty string.
	(virCommandAddArgBuffer): Allow explicit empty argument.
	* tests/commandtest.c (test9): Test it.
	* tests/commanddata/test9.log: Adjust.

	build: fix build on Cygwin
	The RPC fixups needed on Linux are also needed on cygwin, and
	worked without further tweaking to the list of fixups.  Also,
	unlike BSD, Cygwin exports 'struct ifreq', but unlike Linux,
	Cygwin lacks the ioctls that we were using 'struct ifreq' to
	access.  This patch allows compilation under cygwin.
	* src/rpc/genprotocol.pl: Also perform fixups on cygwin.
	* src/util/virnetdev.c (HAVE_STRUCT_IFREQ): Also require AF_PACKET
	definition.
	* src/util/virnetdevbridge.c (virNetDevSetupControlFull): Only
	compile if SIOCBRADDBR works.

2011-12-03  Eric Blake  <eblake@redhat.com>

	build: fix build at -O2 on rawhide
	I had previously tested commit 059d746 with -O intentionally omitted
	from my CFLAGS; but that means that I missed out on this warning
	from gcc 4.6.2 when optimizations are enabled:
	util/buf.c: In function 'virBufferGetIndent':
	util/buf.c:86:1: error: function might be candidate for attribute 'pure' [-Werror=suggest-attribute=pure]
	While it is probably a good idea to add the attributes and silence
	this warning, it's also invasive; 'make -k' found more than 75 such
	complaints.  And it doesn't help that gcc 4.6.2 is still buggy
	(coreutils reported a case where gcc 4.6.2 incorrectly suggested
	marking a function pure that incremented a global variable; fixed
	in gcc 4.7).  So the best fix for now is to disable the warning.
	It also doesn't help that I stumbled across another problem - gcc
	documents that -Wsuggest-attribute=pure only warns if you use -O,
	or if you use -fipa-pure-const.  But in practice, when I omitted -O
	but added -fipa-pure-const, the warnings are fickle - I got warnings
	for simple compilation that disappeared when I also added -fPIC.
	And the way libtool compiles things is with -fPIC first, then without
	-fPIC but with errors sent to /dev/null - which meant that without
	disabling -Wsuggest-attribute=pure, I got a compile error with no
	message.  :(  See http://debbugs.gnu.org/cgi/bugreport.cgi?bug=10197
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Silence
	-Wsuggest-attribute warnings for now.

2011-12-03  Serge Hallyn  <serge.hallyn@canonical.com>

	apparmor: allow tunnelled migrations.
	The pathname for the pipe for tunnelled migration is unresolvable.  The
	libvirt apparmor driver therefore refuses access, causing migration to
	fail.  If we can't resolve the path, the worst that can happen is that
	we should have given permission to the file but didn't.  Otherwise
	(especially since this is a /proc/$$/fd/N file) the file is already open
	and libvirt won't be refused access by apparmor anyway.
	Also adjust virt-aa-helper to allow access to the
	*.tunnelmigrate.dest.name files.
	For more information, see https://launchpad.net/bugs/869553.

2011-12-02  Peter Krempa  <pkrempa@redhat.com>

	client: Check if other thread claims it has the buck before claiming it.
	Originaly, the code checked if another client is the queue and infered
	ownership of the buck from that. Commit fa9595003d043df9f2efe95521c008
	added a separate variable to track the buck. That caused, that a new
	call might enter claiming it has the buck, while another thread was
	signalled to take the buck. This ends in two threads claiming they hold
	the buck and entering poll(). This happens due to a race on waking up
	threads on the client lock mutex.
	This caused multi-threaded clients to hang, most prominently visible and
	reproducible on python based clients, like virt-manager.
	This patch causes threads, that have been signalled to take the buck to
	re-check if buck is held by another thread.

2011-12-02  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Update of filters to handle multiple IP addresses
	With fragments borrowed from David Steven's previous submission and some
	further modifications:
	A set of modifications to filters to handle multiple IP addresses
	(and MAC addresses) per interface.
	Also:
	- enable DHCP traffic from VM to any DHCP server
	- will require an update to a libvirt-tck data file

2011-12-02  Eric Blake  <eblake@redhat.com>

	virsh: translate net-info help
	Reported by kato.tomoyuki@jp.fujitsu.com at
	https://bugzilla.redhat.com/show_bug.cgi?id=749564
	* tools/virsh.c (info_network_info): Mark string for translation.

	maint: typo fixes
	Many of these were mentioned by Yuri Chornoivan in:
	https://bugzilla.redhat.com/show_bug.cgi?id=669506
	* src/esx/esx_vi.c (esxVI_WaitForTaskCompletion): Fix spelling.
	* src/conf/netdev_vport_profile_conf.c
	(virNetDevVPortProfileParse): Likewise.
	* src/xen/xend_internal.c (xenDaemonDomainSetVcpusFlags):
	Likewise.
	* src/xen/xm_internal.c (xenXMDomainSetVcpusFlags): Likewise.
	* src/esx/esx_util.c (esxUtil_ResolveHostname): Likewise.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemBuild): Likewise.
	* daemon/libvirtd.conf: Likewise.
	* src/util/logging.c (virLogMessage): Likewise.
	* src/uml/uml_conf.c (umlBuildCommandLineNet): Likewise.
	* src/vmx/vmx.c (virVMXFormatEthernet): Likewise.

	build: update to latest gnulib
	* .gnulib: Update to latest, for improved 'make syntax-check' and
	compiler warnings.
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS):
	Re-silence -Wformat-nonliteral.
	* cfg.mk (_test_script_regex): Recognize our test scripts.
	* gnulib/local/lib/*.diff: Drop, now that gnulib has this.
	* tests/virsh-optparse: Fix use of compare.
	* tests/virsh-schedinfo: Likewise.

	build: properly skip tests
	I got this failure on FreeBSD:
	shunloadtest.c: In function 'main':
	shunloadtest.c:150: error: 'EXIT_AM_SKIP' undeclared (first use in this function)
	but inspection showed several other problems, all fixed here.
	* tests/domainsnapshotxml2xmltest.c [!WITH_QEMU]: Ensure
	EXIT_AM_SKIP is defined.
	* tests/esxutilstest.c [!WITH_ESX]: Likewise.
	* tests/openvzutilstest.c [!WITH_OPENVZ]: Likewise.
	* tests/qemuargv2xmltest.c [!WITH_QEMU]: Likewise.
	* tests/qemuhelptest.c [!WITH_QEMU]: Likewise.
	* tests/qemuxml2argvtest.c [!WITH_QEMU]: Likewise.
	* tests/qemuxml2xmltest.c [!WITH_QEMU]: Likewise.
	* tests/qemuxmlnstest.c [!WITH_QEMU]: Likewise.
	* tests/shunloadtest.c [!linux]: Likewise.
	* tests/vmx2xmltest.c [!WITH_VMX]: Likewise.
	* tests/xml2vmxtest.c [!WITH_VMX]: Likewise.

2011-12-02  Daniel P. Berrange  <berrange@redhat.com>

	Avoid crash in shunloadtest
	For unknown reasons, the shunloadtest will crash on Fedora 16
	inside dlopen()
	 (gdb) bt
	 #0  0x00000000000050e6 in ?? ()
	 #1  0x00007ff61a77b9d5 in floor () from /lib64/libm.so.6
	 #2  0x00007ff61e522963 in _dl_relocate_object () from /lib64/ld-linux-x86-64.so.2
	 #3  0x00007ff61e5297e6 in dl_open_worker () from /lib64/ld-linux-x86-64.so.2
	 #4  0x00007ff61e525006 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
	 #5  0x00007ff61e52917a in _dl_open () from /lib64/ld-linux-x86-64.so.2
	 #6  0x00007ff61e0f6f26 in dlopen_doit () from /lib64/libdl.so.2
	 #7  0x00007ff61e525006 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
	 #8  0x00007ff61e0f752f in _dlerror_run () from /lib64/libdl.so.2
	 #9  0x00007ff61e0f6fc1 in dlopen@@GLIBC_2.2.5 () from /lib64/libdl.so.2
	 #10 0x0000000000400a15 in main (argc=<optimized out>, argv=<optimized out>) at shunloadtest.c:105
	Changing from RTLD_NOW to RTLD_LAZY avoids this problem,
	but quite possibly does not fix the root cause.
	* shunloadtest.c: s/NOW/LAZY/

	Fix build for platforms lacking struct ifreq
	This ought to fix the build if you have net/if.h but do
	not have struct ifreq
	* configure.ac: Check for struct ifreq in net/if.h
	* src/util/virnetdev.c: Conditionalize to avoid use of
	  struct ifreq if it does not exist

2011-12-02  Eric Blake  <eblake@redhat.com>

	build: fix 'make dist' without dtrace
	probes.h can only be generated on Linux, and then only with dtrace
	installed.  If it is part of the tarball, then either 'make dist'
	will fail if you don't have that setup, or we would have to start
	keeping probes.h in libvirt.git.  Since we only need it to be
	generated when dtrace is in use, it's better to avoid shipping
	it in the first place, and avoid tracking it in git.
	Meanwhile, there is a build dependency - since the RPC code is
	generated, it can be built early; but when dtrace is enabled, we
	must ensure probes.h is built even earlier.  Commit 1afcfbdd tried
	to fix this, but did so in a way that added probes.h into the
	tarball, and broke VPATH as well.  Commit ecbca767 fixed VPATH,
	but didn't fix the more fundamental problem.  This patch solves
	the issue by adding a dependency instead.
	Tested with 'make dist' in a clean VPATH builds, for both
	'./configure --without-dtrace' and './configure --with-dtrace';
	all configurations were able to correctly build a tarball, and
	the dtrace configuration no longer sticks probes.h in the tarball.
	* src/Makefile.am (REMOTE_DRIVER_GENERATED): Don't ship probes.h;
	rather, make it a dependency.

2011-12-01  Lei Li  <lilei@linux.vnet.ibm.com>

	Fix a logic error for setting block I/O
	Fix a logic error, the initial value of ret = -1, if just set --config,
	it will goto endjob directly without doing its really job here.

2011-12-01  Daniel P. Berrange  <berrange@redhat.com>

	Don't use undocumented __isleap macro
	The glibc time.h header has an undocumented __isleap macro
	that we are using. Since it is undocumented & does not appear
	on any other OS, stop using it and just define the macro in
	libvirt code instead.
	* src/util/virtime.c: Remove __isleap usage

2011-12-01  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Allow other escape characters for console
	Currently virsh supports only ^] as escape character for console.
	However, some users might want to use something else. This patch
	creates such ability by specifying '-e' switch on virsh command
	line.

2011-12-01  Peter Krempa  <pkrempa@redhat.com>

	bridge_driver: Don't define network if XML contains more IPv4 adreses.
	Only one IPv4 DHCP definition is supported. Originally the code checked
	for a multiple definition and returned an error, but the new domain
	definition was already added to networks. This patch moves the check
	before the newly defined network is added to active networks.
	 *src/network/bridge_driver.c: networkDefine(): - move multiple IPv4
	                                                  addresses check before
	                                                  definition is used.

2011-12-01  Eric Blake  <eblake@redhat.com>

	spec: mark directories in /var/run as ghosts
	We have several directories that are created on the fly, and which
	only contain state relevant to a running libvirtd process (all
	located in /var/run).  Since the directories are created as needed,
	and make no sense without a running libvirtd, we want them deleted
	if libvirt is uninstalled.  And in F15 and newer, /var/run is on
	tmpfs (forcing us to recreate on the fly); which means that someone
	trying to verify a complete rpm will fail if the directory does not
	currently exist because libvirtd has not been started since boot.
	The solution, then, is to mark the directories as %ghost, so that
	rpm knows that we own them and will clean it up if libvirt is
	uninstalled, but will no longer create the directory for us at
	install, nor complain at verify time if the directory does not exist.
	See https://bugzilla.redhat.com/show_bug.cgi?id=656611.
	* libvirt.spec.in (%files): Add %ghost to temporary directories
	that we don't install, but want cleaned up on libvirt removal.

2011-12-01  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Fix possible deadlock when virsh is about to exit
	Not only was ctl->quit accessed without a mutex but unfortunately,
	virEventAddTimeout only interrupts the poll when event loop is running
	so the hack needs to add a timeout that will make next poll return
	immediately without blocking.

2011-12-01  Alex Jia  <ajia@redhat.com>

	util: Plug memory leak on virNetDevMacVLanCreateWithVPortProfile() error path
	Detected by Coverity. Leak introduced in commit 90074ec.

	util: Plug memory leak on virNetDevBridgeGet() sucessful path
	Detected by Coverity. Leak introduced in commit c1df2c1.
	Two bugs here:
	1. memory leak on successful parse
	2. failure to parse still returned success

	uml: Plug memory leak on umlStartVMDaemon() error path
	Detected by Coverity.  Leak introduced in commit 8866eed.
	Two bugs here:
	1. logfd wasn't closed on all return paths
	2. if we failed to mark a domain autodestroy, then the domain
	was not made transient but we still returned success

	rpc: Plug memory leak on virNetClientSendInternal() error path
	Detected by Coverity. Leak introduced in commit 673adba.
	Two separate bugs here:
	1. call was not freed on all error paths
	2. virCondDestroy was called even if virCondInit failed

	conf: Plug memory leak on virDomainDefParseXML() error path
	Detected by Coverity. Leak introduced in commit 0873b68.

	qemu: Plug memory leak onqemuProcessWaitForMonitor() error path
	Detected by Coverity. Leak introduced in commit 109efd7.

2011-12-01  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Add PPC cpu driver.
	To add support for running libvirt on PowerPC, a CPU driver for the
	PowerPC platform must be added.
	Most generic cpu driver routines such as CPU compare, decode, etc
	are based on CPUID comparison and are not relevant for non-x86
	platforms.
	Here, we introduce stubs for relevant PowerPC routines invoked by libvirt.

2011-12-01  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: filter blkio 0-device-weight at two other places
	filter 0-device-weight when:
	  - getting blkio parameters with --config
	  - starting up a domain
	When testing with blkio, I found these issues:
	  (dom is down)
	  virsh blkiotune dom --device-weights /dev/sda,300,/dev/sdb,500
	  virsh blkiotune dom --device-weights /dev/sda,300,/dev/sdb,0
	  virsh blkiotune dom
	  weight         : 800
	  device_weight  : /dev/sda,200,/dev/sdb,0
	  # issue 1: shows 0 device weight of /dev/sdb that may confuse user
	  (continued)
	  virsh start dom
	  # issue 2: If /dev/sdb doesn't exist, libvirt refuses to bring the
	  # dom up because it wants to set the device weight to 0 of a
	  # non-existing device. Since 0 means no weight-limit, we really don't
	  # have to set it.

2011-12-01  Eric Blake  <eblake@redhat.com>

	qemu: amend existing table of device weights
	Prior to this patch, for a running dom, the commands:
	$ virsh blkiotune dom --device-weights /dev/sda,502,/dev/sdb,498
	$ virsh blkiotune dom --device-weights /dev/sda,503
	$ virsh blkiotune dom
	weight         : 500
	device_weight  : /dev/sda,503
	claim that /dev/sdb no longer has a non-default weight, but
	directly querying cgroups says otherwise:
	$ cat /cgroup/blkio/libvirt/qemu/dom/blkio.weight_device
	8:0     503
	8:16    498
	After this patch, an explicit 0 is required to remove a device path
	from the XML, and omitting a device path that was previously
	specified leaves that device path untouched in the XML, to match
	cgroups behavior.
	* src/qemu/qemu_driver.c (parseBlkioWeightDeviceStr): Rename...
	(qemuDomainParseDeviceWeightStr): ...and use correct type.
	(qemuDomainSetBlkioParameters): After parsing string, modify
	rather than replacing existing table.
	* tools/virsh.pod (blkiotune): Tweak wording.

	conf: reject duplicate paths in device weights
	The next patch will make it possible to have virDomainSetBlkioParameters
	leave device weights unchanged if they are not mentioned in the incoming
	string, but this only works if the list of block weights does not allow
	duplicate paths.  Technically, a user can still confuse libvirt by
	passing alternate spellings that resolve to the same device, but it
	is not worth worrying about working around that kind of abuse.
	* src/conf/domain_conf.c (virDomainDefParseXML): Require unique
	paths.

2011-12-01  Hu Tao  <hutao@cn.fujitsu.com>

	virsh: fix setting weight and device-weights at the same time
	When setting both blkio weight and device-weights at the same time, the weight
	is lost. Fix it.

2011-12-01  Lei Li  <lilei@linux.vnet.ibm.com>

	Add tests for blkdeviotune

	Support virDomain{Set, Get}BlockIoTune in the python API
	Python support for both setting and getting block I/O throttle.

	Enable the blkdeviotune command in virsh
	Support virsh command blkdeviotune. Can set or query a block disk
	I/O throttle setting.

	Implement virDomain{Set, Get}BlockIoTune for the qemu driver
	Implement the block I/O throttle setting and getting support to qemu
	driver.

	Support block I/O throttle in XML
	Enable block I/O throttle for per-disk in XML, as the first
	per-disk IO tuning parameter.

	Add virDomain{Set, Get}BlockIoTune support to the remote driver
	Support Block I/O Throttle setting and query to remote driver.

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak build config file path
	* src/libvirt.c: Free user directory path

	Remove time APIs from src/util/util.h
	The virTimestamp and virTimeMs functions in src/util/util.h
	duplicate functionality from virtime.h, in a non-async signal
	safe manner. Remove them, and convert all code over to the new
	APIs.
	* src/util/util.c, src/util/util.h: Delete virTimeMs and virTimestamp
	* src/lxc/lxc_driver.c, src/qemu/qemu_domain.c,
	  src/qemu/qemu_driver.c, src/qemu/qemu_migration.c,
	  src/qemu/qemu_process.c, src/util/event_poll.c: Convert to use
	  virtime APIs

	Make logging async signal safe wrt time stamp generation
	Use the new virTimeStringNowRaw() API for generating log timestamps
	in an async signal safe manner
	* src/util/logging.c: Use virTimeStringNowRaw

	Add internal APIs for dealing with time
	The logging APIs need to be able to generate formatted timestamps
	using only async signal safe functions. This rules out using
	gmtime/localtime/malloc/gettimeday(!) and much more.
	Introduce a new internal API which is async signal safe.
	  virTimeMillisNowRaw replacement for gettimeofday. Uses clock_gettime
	                      where available, otherwise falls back to the unsafe
	                      gettimeofday
	  virTimeFieldsNowRaw  replacements for gmtime(), convert a timestamp
	  virTimeFieldsThenRaw into a broken out set of fields. No localtime()
	                       replacement is provided, because converting to
	                       local time is not practical with only async signal
	                       safe APIs.
	  virTimeStringNowRaw  replacements for strftime() which print a timestamp
	  virTimeStringThenRaw into a string, using a pre-determined format, with
	                       a fixed size buffer (VIR_TIME_STRING_BUFLEN)
	For each of these there is also a version without the Raw postfix
	which raises a full libvirt error. These versions are not async
	signal safe
	* src/Makefile.am, src/util/virtime.c, src/util/virtime.h: New files
	* src/libvirt_private.syms: New APis
	* configure.ac: Check for clock_gettime in -lrt
	* tests/virtimetest.c, tests/Makefile.am: Test new APIs

	Remove obsolete virGetPMCapabilities sym from private symbols file
	Fix the build on Mingw32 by removing the now obsolete
	virGetPMCapabilities symbol from the private exports file
	* src/libvirt_private.syms: Remove virGetPMCapabilities

	Don't mark suspend as active until we know it is running
	If suspend failed for some reason (e.g. too short duration) then
	subsequent attempts to trigger suspend were rejected because we
	had already marked a suspend as being in progress
	* src/util/virnodesuspend.c: Don't mark suspend as active
	  until we've successfully triggered it

	Add suspend info to Xen, LXC and UML hypervisor capabilities
	* src/lxc/lxc_conf.c, src/uml/uml_conf.c,
	  src/xen/xen_hypervisor.c: Initialize suspend capabilities
	* tests/xencapsdata/*xml: Add empty powermgmt capabilities

	Remove pointless strdup in node suspend code
	The command name for the suspend action does not need to be
	strdup'd. The constant string can be used directly. This
	also means the code can be trivially rearranged to make the
	switch clearer
	* src/util/virnodesuspend.c: Remove strdup of cmdString

	Do lazy init of host PM features
	To avoid probing the host power management features on any
	call to virInitialize, only initialize the mutex in
	virNodeSuspendInit. Do lazy load of the supported PM target
	mask when it is actually needed
	* src/util/virnodesuspend.c: Lazy init of supported features

	Remove powerMgmt_valid field from capabilities struct
	If we ensure that virNodeSuspendGetTargetMask always resets
	*bitmask to zero upon failure, there is no need for the
	powerMgmt_valid field.
	* src/util/virnodesuspend.c: Ensure *bitmask is zero upon
	  failure
	* src/conf/capabilities.c, src/conf/capabilities.h: Remove
	  powerMgmt_valid field
	* src/qemu/qemu_capabilities.c: Remove powerMgmt_valid

	Add export of node suspend capabilities APIs
	* src/libvirt_private.syms: Export virNodeSuspendSupportsTarget
	  and virNodeSuspendGetTargetMask

	Move suspend capabilities APIs out of util.h into virnodesuspend.c
	The node suspend capabilities APIs should not have been put into
	util.[ch]. Instead move them into virnodesuspend.[ch]
	* src/util/util.c, src/util/util.h: Remove suspend capabilities APIs
	* src/util/virnodesuspend.c, src/util/virnodesuspend.h: Add
	  suspend capabilities APIs
	* src/qemu/qemu_capabilities.c: Include virnodesuspend.h

	Rename suspend capabilities APIs
	Rename virGetPMCapabilities to virNodeSuspendGetTargetMask and
	virDiscoverHostPMFeature to virNodeSuspendSupportsTarget.
	* src/util/util.c, src/util/util.h: Rename APIs
	* src/qemu/qemu_capabilities.c, src/util/virnodesuspend.c: Adjust
	  for new names

	Sanitize virDiscoverHostPMFeature to return a boolean
	Since virDiscoverHostPMFeature is just checking one feature,
	there is no reason for it to return a bitmask. Change it to
	return a boolean
	* src/util/util.c, src/util/util.h: Make virDiscoverHostPMFeature
	  return a boolean

	Move the virHostPMCapability enum helpers into capabilities.c
	The virHostPMCapability enum helper was declared in util.h
	but implemented in capabilities.c, which is in a completely
	separate library at link time. Move the declaration into the
	capabilities.c file and rename it to match normal conventions
	* src/util/util.h: Remove virHostPMCapability enum decl
	* src/conf/capabilities.c: Add virCapsHostPMTarget enum

	Fix capabilities XML to use generic terms for suspend targets
	The capabilities XML uses the x86 specific terms 'S3', 'S4'
	and 'Hybrid-Syspend'. Switch it to use the same terminology
	as the API constants and virsh options, eg 'suspend_mem'
	'suspend_disk' and 'suspend_hybrid'
	* docs/formatcaps.html.in, docs/schemas/capability.rng,
	  src/conf/capabilities.c: Rename suspend constants

	Remove internal only virHostPMCapability enum
	The internal virHostPMCapability enum just duplicates the
	public virNodeSuspendTarget enum, but with different names.
	* src/util/util.c: Use VIR_NODE_SUSPEND_TARGET constants
	* src/util/util.h: Remove virHostPMCapability enum
	* src/conf/capabilities.c: Use VIR_NODE_SUSPEND_TARGET_LAST

	Fix values of PM target type constants
	The VIR_NODE_SUSPEND_TARGET constants are not flags, so they
	should just be assigned straightforward incrementing values.
	* include/libvirt/libvirt.h.in: Change VIR_NODE_SUSPEND_TARGET
	  values
	* src/util/virnodesuspend.c: Fix suspend target checks

2011-11-30  Alex Jia  <ajia@redhat.com>

	util: avoid null deref on qcowXGetBackingStore
	Detected by Coverity. the only case is caller passes a NULL to 'format' variable,
	then taking 'if (format)' false branch, the function qcow2GetBackingStoreFormat
	will directly dereferences the NULL 'format' pointer variable.

	virsh: correct return value error
	Fix cmdDomblklist to return 'true' on success instead of '0'
	https://bugzilla.redhat.com/show_bug.cgi?id=758590

2011-11-30  Lei Li  <lilei@linux.vnet.ibm.com>

	Add new API virDomain{Set, Get}BlockIoTune
	This patch add new pulic API virDomainSetBlockIoTune and
	virDomainGetBlockIoTune.

2011-11-30  Hu Tao  <hutao@cn.fujitsu.com>

	blkiotune: add qemu support for blkiotune.device_weight
	Implement setting/getting per-device blkio weights in qemu,
	using the cgroups blkio.weight_device tunable.

	blkiotune: add interface for blkiotune.device_weight
	This adds per-device weights to <blkiotune>.  Note that the
	cgroups implementation only supports weights per block device,
	and not per-file within the device; hence this option must be
	global to the domain definition rather than tied to individual
	<devices>/<disk> entries:
	<domain ...>
	  <blkiotune>
	    <device>
	      <path>/path/to/block</path>
	      <weight>1000</weight>
	    </device>
	  </blkiotune>
	..
	This patch also adds a parameter --device-weights to virsh command
	blkiotune for setting/getting blkiotune.weight_device for any
	hypervisor that supports it.  All <device> entries under
	<blkiotune> are concatenated into a single string attribute under
	virDomain{Get,Set}BlkioParameters, named "device_weight".

2011-11-30  Eric Blake  <eblake@redhat.com>

	qemu: fix blkiotune --live --config
	Without this,  'virsh blkiotune --live --config --weight=n'
	only affected live.
	* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Allow
	setting both configurations at once.

	qemu, lxc: drop redundant checks
	After the previous patch, there are now some redundant checks.
	* src/qemu/qemu_driver.c (qemudDomainGetVcpuPinInfo)
	(qemuGetSchedulerParametersFlags): Drop checks now guaranteed by
	libvirt.c.
	* src/lxc/lxc_driver.c (lxcGetSchedulerParametersFlags):
	Likewise.

	API: prevent query of --live and --config at once
	Drivers were inconsistent when presented both --live and --config
	at once.  For example, within qemu, getting memory parameters
	favored live, getting blkio tuning favored config, and getting
	scheduler parameters errored out.  Also, some, but not all,
	attempts to mix flags on query were filtered at the virsh level.
	We shouldn't have to duplicate efforts in every client app, nor
	in every driver.  So, it is simpler to just enforce that the two
	flags cannot both be used at once on query operations, which has
	precedent in libvirt.c, and which matches the documentation of
	virDomainModificationImpact.
	* src/libvirt.c (virDomainGetMemoryParameters)
	(virDomainGetBlkioParameters)
	(virDomainGetSchedulerParametersFlags, virDomainGetVcpuPinInfo):
	Borrow sanity checking from virDomainGetVcpusFlags.

	build: fix typo in last patch
	* src/remote_protocol-structs: Use correct RPC name.

2011-11-29  Osier Yang  <jyang@redhat.com>

	block_resize: Update test file for RPC
	Pushed under build failure rule.

	block_resize: Expose the new API to virsh

	block_resize: Implement qemu driver method
	It requires the domain is running, otherwise fails. Resize to a lower
	size is supported, but should be used with extreme caution.
	In order to prohibit the "size" overflowing after multiplied by
	1024. We do checking in the codes. For QMP mode, the default units
	is Bytes, the passed size needs to be multiplied by 1024, however,
	for HMP mode, the default units is "Megabytes", the passed "size"
	needs to be divided by 1024 then.

	block_resize: Implement qemu monitor functions
	Implements functions for both HMP and QMP mode.
	For HMP mode, qemu uses "M" as the units by default, so the passed "sized"
	is divided by 1024.
	For QMP mode, qemu uses "Bytes" as the units by default, the passed "sized"
	is multiplied by 1024.
	All of the monitor functions return -1 on failure, 0 on success, or -2 if
	not supported.

	block_resize: Wire up the remote protocol

	block_resize: Define the new API
	The new API is named as "virDomainBlockResize", intending to add
	support for qemu monitor command "block_resize" (both HMP and QMP).
	Similar with APIs like "virDomainSetMemoryFlags", the units for
	argument "size" is kilobytes.

2011-11-29  Michal Privoznik  <mprivozn@redhat.com>

	bandwidth: Fix funky identation

2011-11-29  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Fix typos in man page

	lxc: Fix suspend/resume with freezer cgroup

2011-11-29  Osier Yang  <jyang@redhat.com>

	examples: Correct the example command to use testnode.xml
	 * s/-connection/-c/
	 * Removes the redundant '/'.
	 * Add "absolute" so that it's more clear.
	Pushed under trivial rule.

2011-11-29  Srivatsa S. Bhat  <srivatsa.bhat@linux.vnet.ibm.com>

	Add virsh command to initiate suspend on the host
	Add a new command 'nodesuspend' to perform a timed suspend on the host.

	Implement the core API to suspend/resume the host
	Add the core functions that implement the functionality of the API.
	Suspend is done by using an asynchronous mechanism so that we can return
	the status to the caller before the host gets suspended. This asynchronous
	operation is achieved by suspending the host in a separate thread of
	execution. However, returning the status to the caller is only best-effort,
	but not guaranteed.
	To resume the host, an RTC alarm is set up (based on how long we want to
	suspend) before suspending the host. When this alarm fires, the host
	gets woken up.
	Suspend-to-RAM operation on a host running Linux can take upto more than 20
	seconds, depending on the load of the system. (Freezing of tasks, an operation
	preceding any suspend operation, is given up after a 20 second timeout).
	And Suspend-to-Disk can take even more time, considering the time required
	for compaction, creating the memory image and writing it to disk etc.
	So, we do not allow the user to specify a suspend duration of less than 60
	seconds, to be on the safer side, since we don't want to prematurely declare
	failure when we only had to wait for some more time.

	Add the remote protocol implementation for virNodeSuspendForDuration
	Implement the remote protocol for virNodeSuspendForDuration() API.

	Add a public API to invoke suspend/resume on the host
	Implement the public definitions for the new API
	virNodeSuspendForDuration() which will be subsequently used to
	do a timed suspend on the host.

	Add 'Hybrid-Suspend' power management discovery for the host
	Some systems support a feature known as 'Hybrid-Suspend', apart from the
	usual system-wide sleep states such as Suspend-to-RAM (S3) or Suspend-to-Disk
	(S4). Add the functionality to discover this power management feature and
	export it in the capabilities XML under the <power_management> tag.

2011-11-29  Jiri Denemark  <jdenemar@redhat.com>

	rpc: Really send non-blocking calls while waiting for another call
	When another thread was dispatching while we wanted to send a
	non-blocking call, we correctly queued the call and woke up the thread
	but the thread just threw the call away since it forgot to recheck if
	its socket was writable.

2011-11-29  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Don't traverse childless nodes in vshNodeIsSuperset
	If both nodes do not have any children, we pass zero to
	virBitmapAlloc which returns NULL. In turn we report OOM error
	and return false (meaning nodes are different). This is not true.

2011-11-29  Christian Franke  <nobody@nowhere.ws>

	virnetsocket: pass XAUTORITY for ssh connection
	When spawning an ssh connection, the environment variables
	DISPLAY, SSH_ASKPASS, ... are passed. However XAUTHORITY,
	which is necessary if the .Xauthority is in a non default
	place, was not passed.

2011-11-29  Lorin Hochstein  <lorin@isi.edu>

	conf: make virt-xml-validate work with vbox domains
	virt-xml-validate fails when run on a domain XML file of type 'vbox'.
	For failing test case, see https://bugzilla.redhat.com/show_bug.cgi?id=757097
	This patch updates the XML schema to accept all valid hypervisor
	types, as well as dropping hypervisor types that are not in use
	by the current code base.

2011-11-28  Michal Privoznik  <mprivozn@redhat.com>

	conf: Improve incorrect root element error messages
	When user pass wrong root element, it is not 'internal error' and
	we can give him hint what we are expecting.

2011-11-28  Daniel P. Berrange  <berrange@redhat.com>

	Refactor initial LXC mem tune / device ACL code
	To make lxcSetContainerResources smaller, pull the mem tune
	and device ACL setup code out into separate methods
	* src/lxc/lxc_controller.c: Introduce lxcSetContainerMemTune
	  and lxcSetContainerDeviceACL

	Add support for blkio tuning of LXC containers
	* src/lxc/lxc_controller.c: Refactor setting of initial blkio
	  tuning parameters
	* src/lxc/lxc_driver.c: Enable live change of blkio tuning

	Add support for CPU quota/period to LXC driver
	* src/lxc/lxc_driver.c: Support changing quota/period for LXC
	  containers
	* src/lxc/lxc_controller.c: Set initial quota/period at startup

	Support CPU placement in LXC driver
	While LXC does not have the concept of VCPUS, so we can't do
	per-VCPU pCPU placement, we can support the VM level CPU
	placement. Todo this simply set the CPU affinity of the LXC
	controller at startup. All child processes will inherit this
	affinity.
	* src/lxc/lxc_controller.c: Set process affinity

	Support NUMA memory placement for LXC containers
	Use numactl to set NUMA memory placement for LXC containers
	* src/lxc/lxc_controller.c: Support NUMA memory placement

2011-11-25  Michal Privoznik  <mprivozn@redhat.com>

	storage: Refetch file status after open
	This partly reverts my previous patch f88de3eb. We need to
	get file status after open, as given path could have been symlink,
	so fstat() will operate on different file than lstat().

2011-11-25  Paolo Bonzini  <pbonzini@redhat.com>

	util: fix thinko in runIO
	When aligning you need to clear the bits in the mask and leave the
	others aside.  Likely this code has never run, and will never run.

2011-11-25  Michal Privoznik  <mprivozn@redhat.com>

	storage: Skip socket and fifo on pool-start
	If pool directory contains special files like FIFO or sockets
	we want to skip those on pool-start or pool-refresh otherwise
	open() will get an error.

	conf: Don't drop console definition on domain restart
	One of my latest patches 2e37bf42d28d8bb5d045b206587c64643c64d02a
	copy serial console definition. On domain shutdown we save this
	info into state XML. However, later on the daemon start we simply
	drop this info and since we are not re-reading qemu log,
	vm->def->consoles[0] does not get populated with copy. Therefore
	we need to avoid dropping console definition if it is just alias
	for serial console.

2011-11-24  Jiri Denemark  <jdenemar@redhat.com>

	Fix version numbers for isAlive and setKeepAlive driver APIs

	build: Properly generate and check virkeepaliveprotocol-structs
	This fixes make dist broken by recent keepalive series

	examples: Use virConnectOpenAuth in events-c

	qemu: Cancel p2p migration when connection breaks
	If a connection to destination host is lost during peer-to-peer
	migration (because keepalive protocol timed out), we won't be able to
	finish the migration and it doesn't make sense to wait for qemu to
	transmit all data. This patch automatically cancels such migration
	without waiting for virDomainAbortJob to be called.

	qemu: Add support for keepalive messages during p2p migration

	Add keepalive support into domain-events examples

	Implement virConnectIsAlive in all drivers

	Introduce virConnectIsAlive API
	This API can be used to check if the socket associated with
	virConnectPtr is still open or it was closed (probably because keepalive
	protocol timed out). If there the connection is local (i.e., no socket
	is associated with the connection, it is trivially always alive.

	Implement keepalive protocol in remote driver

	Add support for async close of client RPC socket

	Implement keepalive protocol in libvirt daemon

	virsh: Always run event loop
	Since virsh already implements event loop, it has to also run it. So far
	the event loop was only running during virsh console command.

	Introduce virConnectSetKeepAlive
	virConnectSetKeepAlive public API can be used by a client connecting to
	remote server to start using keepalive protocol. The API is handled
	directly by remote driver and not transmitted over the wire to the
	server.

	Implement common keepalive handling
	These APIs are used by both client and server RPC layer to handle
	processing of keepalive messages.

	Define keepalive protocol
	The keepalive program has two procedures: PING, and PONG.
	Both are used only in asynchronous messages and the sender doesn't wait
	for any reply. However, the party which receives PING messages is
	supposed to react by sending PONG message the other party, but no
	explicit binding between PING and PONG messages is made. For backward
	compatibility neither server nor client are allowed to send keepalive
	messages before checking that remote party supports them.

	rpc: Add some debug messages to virNetClient

	rpc: Fix handling of non-blocking calls that could not be sent
	When virNetClientIOEventLoop is called for a non-blocking call and not
	even a single byte can be sent from this call without blocking, we
	properly reported that to the caller which properly frees the call. But
	we never removed the call from a call queue.

	rpc: Fix a typo in virNetClientSendNonBlock documentation

	rpc: Pass the buck only to the first available thread

2011-11-24  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: remove virConnectPtr from internal API calls
	Remove the virConnectPtr from the nwfilter's internal API calls as
	far as possible.

2011-11-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Avoid dereference of NULL pointer
	If something fails while initializing qemu job object in
	qemuDomainObjPrivateAlloc(), memory to the private pointer is freed, but
	after that, the pointer is still dereferenced, which may result in a
	segfault.
	* qemuDomainObjPrivateAlloc() - Don't dereference NULL pointer.

2011-11-23  Eric Blake  <eblake@redhat.com>

	qemu: fix a const-correctness issue
	Generally, functions which return malloc'd strings should be typed
	as 'char *', not 'const char *', to make it obvious that the caller
	is responsible to free things.  free(const char *) fails to compile,
	and although we have a cast embedded in VIR_FREE to work around poor
	code that frees const char *, it's better to not rely on that hack.
	* src/qemu/qemu_driver.c (qemuDiskPathToAlias): Change return type.
	(qemuDomainBlockJobImpl): Update caller.

	API: prefer 'disk' over 'block' or 'path'
	Given that we can now handle the target's disk shorthand, in addition
	to an absolute path to the file or block device used on the host,
	the term 'disk' fits a bit better as the parameter name than 'path'.
	* include/libvirt/libvirt.h.in: Update some parameter names.
	* src/libvirt.c (virDomainBlockStats, virDomainBlockStatsFlags)
	(virDomainBlockPeek, virDomainGetBlockInfo, virDomainBlockJobAbort)
	(virDomainGetBlockJobInfo, virDomainBlockJobSetSpeed)
	(virDomainBlockPull): Likewise.

	blockstats: support lookup by path in blockstats
	Commit 89b6284f made it possible to pass either a source name or
	the target device to most API demanding a disk designation, but
	forgot to update the documentation.  It also failed to update
	virDomainBlockStats to take both forms. This patch fixes both the
	documentation and the remaining function.
	Xen continues to use just device shorthand (that is, I did not
	implement path lookup there, since xen does not track a domain_conf
	to quickly tie a path back to the device shorthand).
	* src/libvirt.c (virDomainBlockStats, virDomainBlockStatsFlags)
	(virDomainGetBlockInfo, virDomainBlockPeek)
	(virDomainBlockJobAbort, virDomainGetBlockJobInfo)
	(virDomainBlockJobSetSpeed, virDomainBlockPull): Document
	acceptable disk naming conventions.
	* src/qemu/qemu_driver.c (qemuDomainBlockStats)
	(qemuDomainBlockStatsFlags): Allow lookup by source name.
	* src/test/test_driver.c (testDomainBlockStats): Likewise.

2011-11-23  Michal Privoznik  <mprivozn@redhat.com>

	nwfilter: Initialize virNWFilterAddIpAddrForIfname return variable
	Latest nwfilter patch ad6c67cf introduced uninitialized return
	value. This was spotted by 4.6.2 gcc.

2011-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix disabling of virtual port profile code on old hosts
	The WITH_VIRTUALPORT macro is defined to 0 when disabled, not
	left undefined. So #if must be used instead of #ifdef
	* src/util/virnetdevvportprofile.c: s/#ifdef/#if/

	Fix uninitialized variable in NWfilter IP learning code
	* src/nwfilter/nwfilter_learnipaddr.c: Initialize ret variable

2011-11-23  Michal Prívozník  <mprivozn@redhat.com>

	virsh: Increase device-detach intelligence
	Up to now users have to give a full XML description on input when
	device-detaching. If they omitted something it lead to unclear
	error messages (like generated MAC wasn't found, etc.).
	With this patch users can specify only those information which
	specify one device sufficiently precise. Remaining information is
	completed from domain.

2011-11-23  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Enable detection of multiple IP addresses
	In preparation of DHCP Snooping and the detection of multiple IP
	addresses per interface:
	The hash table that is used to collect the detected IP address of an
	interface can so far only handle one IP address per interface. With
	this patch we extend this to allow it to handle a list of IP addresses.
	Above changes the returned variable type of virNWFilterGetIpAddrForIfname()
	from char * to virNWFilterVarValuePtr; adapt all existing functions calling
	this function.

2011-11-23  Eli Qiao  <taget@linux.vnet.ibm.com>

	fix error message when using wrong URI alias
	When configuring a URI alias like this in 'libvirt.conf':
	uri_aliases = [
	  "jj#j=qemu+ssh://root@127.0.0.1/system",
	  "sleet=qemu+ssh://root@sleet.cloud.example.com/system",
	]
	virsh -c jj#j
	It will show this error message:
	'no connection driver available for No connection for URI jj#j'
	Actually，we expect this message below：
	Malformed 'uri_aliases' config entry 'jj#j=qemu+ssh://root@127.0.0.1/system', aliases may only contain 'a-Z, 0-9, _, -'
	Give this patch to fix this error.

2011-11-23  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Pass additional parameter into applyDHCPOnly function
	In preparation for the DHCP Snooping code:
	Pass an additional parameter into the applyDHCPOnly function
	of the 'techdriver'.

	nwfilter: use shell variable to invoke 'ip(6)tables' command
	Introduce a shell variable 'IBT' to invoke the ip(6)tables command.
	Tested with libvirt-tck.

	nwfilter: use shell variable to invoke 'ebtables' command
	Introduce a shell variable 'EBT' to invoke the ebtables command.
	Hard-code the used ebtables table to '-t nat'.
	Tested with libvirt-tck.

	Improve error reporting of failures to apply filtering rules
	Display the executed command and failure message if a command failed to
	execute.

	Add documentation for STP filtering support
	Add documentation for the STP filtering support. Describe the XML attributes
	that are supported.

	Add test cases for STP traffic filtering
	This patch adds a few test cases for the XML parsing of STP filtering nodes.

	Add support for STP filtering
	This patch adds support for filtering of STP (spanning tree protocol) traffic
	to the parser and makes us of the ebtables support for STP filtering. This code
	now enables the filtering of traffic in chains with prefix 'stp'.

	Add a 'mac' chain
	With hunks borrowed from one of David Steven's previous patches, we now
	add the capability of having a 'mac' chain which is useful to filter
	for multiple valid MAC addresses.

2011-11-23  Eric Blake  <eblake@redhat.com>

	docs: fix grammar of capabilities
	* docs/formatcaps.html.in: Avoid run-on sentence, wrap lines.

2011-11-22  Daniel P. Berrange  <berrange@redhat.com>

	Add strings.h include to capabilities.h for ffs() function prototype
	On Mingw32 the ffs() function was not declared due to missing header
	include
	* src/conf/capabilities.c: The ffs() function lives in strings.h

2011-11-22  Osier Yang  <jyang@redhat.com>

	build: Update AUTHORS
	Add Chang Liu to the AUTHORS' list.

2011-11-22  Chang Liu  <lingjiao.lc@taobao.com>

	storage: Fallback to use lvchange first if lvremove fails
	virStorageBackendLogicalDeleteVol() could not remove the lv with error
	"could not remove open logical volume" sometimes. Generally it's caused
	by the volume is still active, even if lvremove tries to remove it with
	option "--force".
	This patch is to fix it by disbale the lv first using "lvchange -aln"
	and "lvremove -f" afterwards if the direct "lvremove -f" failed.

2011-11-22  Srivatsa S. Bhat  <srivatsa.bhat@linux.vnet.ibm.com>

	Export KVM Host Power Management capabilities
	This patch exports KVM Host Power Management capabilities as XML so that
	higher-level systems management software can make use of these features
	available in the host.
	The script "pm-is-supported" (from pm-utils package) is run to discover if
	Suspend-to-RAM (S3) or Suspend-to-Disk (S4) is supported by the host.
	If either of them are supported, then a new tag "<power_management>" is
	introduced in the XML under the <host> tag.
	However in case the query to check for power management features succeeded,
	but the host does not support any such feature, then the XML will contain
	an empty <power_management/> tag. In the event that the PM query itself
	failed, the XML will not contain any "power_management" tag.
	To use this, new APIs could be implemented in libvirt to exploit power
	management features such as S3/S4.

2011-11-22  Eric Blake  <eblake@redhat.com>

	conf: don't modify cpu set string during parsing
	None of the callers cared if str was updated to point to the next
	byte after the parsed cpuset; simplifying this results in quite
	a few code simplifications.  Additionally, virCPUDefParseXML was
	strdup()'ing a malloc()'d string; avoiding a memory copy resulted
	in less code.
	* src/conf/domain_conf.h (virDomainCpuSetParse): Alter signature.
	* src/conf/domain_conf.c (virDomainCpuSetParse): Don't modify str.
	(virDomainVcpuPinDefParseXML, virDomainDefParseXML): Adjust
	callers.
	* src/conf/cpu_conf.c (virCPUDefParseXML): Likewise.
	* src/xen/xend_internal.c (sexpr_to_xend_topology): Likewise.
	* src/xen/xm_internal.c (xenXMDomainPinVcpu): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxpr): Likewise.
	* src/xenxs/xen_xm.c (xenParseXM): Likewise.

2011-11-22  Roopa Prabhu  <roprabhu@cisco.com>

	qemu: don't release network actual device twice
	For direct attach devices, in qemuBuildCommandLine, we seem to be freeing
	actual device on error path (with networkReleaseActualDevice). But the actual
	device is not deleted.
	qemuProcessStop eventually deletes the direct attach device and releases
	actual device. But by the time qemuProcessStop is called qemuBuildCommandLine
	has already freed actual device, leaving stray macvtap devices behind on error.
	So the simplest fix is to remove the networkReleaseActualDevice in
	qemuBuildCommandLine. This patch does just that.

2011-11-21  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Copy console definition from serial
	Now, when we support multiple consoles per domain,
	the vm->def->console[0] can still remain an alias
	for vm->def->serial[0]; However, we need to copy
	it's source definition as well otherwise we'll regress
	on virDomainOpenConsole.

2011-11-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix distribution of .syms files for previous commit
	* src/Makefile.am: Remove libvirt_bridge.syms and libvirt_macvtap.syms
	  from EXTRA_DIST. Add libvirt_dbus.syms

	Fix build on Mingw32 wrt export of virNetServerGetDBusConn
	Mingw32 complains if you request export of a symbol which does
	not in fact exist.
	* src/libvirt_bridge.syms, src/libvirt_macvtap.syms: Delete
	  obsolete files
	* src/libvirt_private.syms: Remove virNetServerGetDBusConn
	* src/libvirt_dbus.syms: Add virNetServerGetDBusConn

2011-11-21  Osier Yang  <jyang@redhat.com>

	storage: Skips backingStore of virtual snapshot lv
	lvs outputs "[$lvname_vorigin]" for the virtual snapshot lv
	(created with "--virtualsize"), and the original device pointed
	by "$lvname_vorigin" is just for lvm internal use, one should
	never use it.
	Per lvm's nameing rules, "[" is not valid as part of the vg/lv name.
	(man 8 lvm).
	<quote>
	VALID NAMES
	The following characters are valid for VG and LV names: a-z A-Z 0-9 + _
	. -
	VG and LV names cannot begin with a hyphen.   There  are  also  various
	reserved  names that are used internally by lvm that can not be used as
	LV or VG names.  A VG cannot be called anything that exists in /dev/ at
	the time of creation, nor can it be called '.' or '..'.  A LV cannot be
	called '.' '..' 'snapshot' or 'pvmove'. The LV name may also  not  con‐
	tain the strings '_mlog' or '_mimage'
	</quote>
	So we can skip the set the lv's backingStore by checking if the name
	begins with a "[".

2011-11-19  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add documentation for VLAN filtering support
	Add documentation for the VLAN filtering support. Describe the XML attributes
	that are supported.

	Add test cases for VLAN traffic filtering
	This patch adds a few test cases for the XML parsing of VLAN filtering nodes.

	Add support for VLAN filtering
	This patch adds support for filtering of VLAN (802.1Q) traffic to the
	parser and makes us of the ebtables support for VLAN filtering. This code
	now enables the filtering of traffic in chains with prefix 'vlan'.

2011-11-19  Jim Fehlig  <jfehlig@suse.com>

	Don't copy sexpr node value that is an empty string
	Xen4.1 initializes some unspecified sexpr config items to an empty
	string, unlike previous Xen versions that would leave the item unset.
	E.g. the kernel item for an HVM guest (non-direct kernel boot):
	Xen4.0 and earlier
	  ...
	  (image
	    (hvm
	      (kernel )
	  ...
	Xen4.1
	  ...
	  (image
	    (hvm
	      (kernel '')
	  ...
	The empty string for kernel causes some grief in subsequent parsing
	where existence of specified kernel is checked, e.g.
	  if (!def->os.kernel)
	  ...
	This patch solves the problem in sexpr_node_copy() by not copying
	a node containing an empty string.

2011-11-19  Eric Blake  <eblake@redhat.com>

	tests: avoid xend ABRT crash report
	I installed the xen development packages on my non-Xen F16 machine
	in order to compile-test xen code and ensure we don't break things
	on that front, but being a non-xen machine, /usr/sbin/xend is
	obviously not running.  Unfortunately, xen-4.1.2-1.fc16 has a bug
	where merely trying to probe xend status on a non-xen kernel causes
	xend to issue an ABRT crash report:
	https://bugzilla.redhat.com/show_bug.cgi?id=728696
	Even though libvirt (correctly) skips the test, the xend crash report
	is unnecessary noise.  Fix this by first filtering out non-xen
	kernels even before attempting to probe xend.  The test still runs
	and passes on a RHEL 5 xen kernel after this patch.
	* tests/reconnect.c (mymain): Skip xend probe on non-xen kernel.
	* tests/statstest.c (mymain): Likewise.

	build: fix compile error with no macvtap
	Since commit 6ec8288a, compilation has failed on RHEL 5:
	util/virnetdevmacvlan.c:672: error: conflicting types for 'virNetDevMacVLanCreateWithVPortProfile'
	* src/util/virnetdevmacvlan.c
	(virNetDevMacVLanCreateWithVPortProfile): Add missing parameter.

2011-11-19  Hu Tao  <hutao@cn.fujitsu.com>

	enable cgroup cpuset by default
	This prepares for subsequent patches which introduce dependence
	on cgroup cpuset. Enable cgroup cpuset by default so users don't
	have to modify configuration file before encountering a cpuset
	error.

2011-11-19  Eric Blake  <eblake@redhat.com>

	build: fix accidental POTFILES.in regression
	The original patch for commit 4789fb2 considered renaming a file,
	then backed out the name change, but forgot to back out the POTFILES.in
	change, resulting in 'make syntax-check' failure.

	tests: test recent hash addition
	Excercise the new hash API, to ensure we avoid regressions.
	* tests/hashtest.c (testHashGetItems): New test.

2011-11-19  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add test cases for parsing of list values
	This patch adds test cases for parsing of parameters with
	multiple occurrances of the same name.

	Extend NWFilter parameter parser to cope with lists of values
	This patch modifies the NWFilter parameter parser to support multiple
	elements with the same name and to internally build a list of items.
	An example of the XML looks like this:
	        <parameter name='TEST' value='10.1.2.3'/>
	        <parameter name='TEST' value='10.2.3.4'/>
	        <parameter name='TEST' value='10.1.1.1'/>
	The list of values is then stored in the newly introduced data type
	virNWFilterVarValue.
	The XML formatter is also adapted to print out all items in alphabetical
	order sorted by 'name'.
	This patch also fixes a bug in the XML schema on the way.

	Create rules for each member of a list
	This patch extends the NWFilter driver for Linux (ebiptables) to create
	rules for each member of a previously introduced list. If for example
	an attribute value (internally) looks like this:
	IP = [10.0.0.1, 10.0.0.2, 10.0.0.3]
	then 3 rules will be generated for a rule accessing the variable 'IP',
	one for each member of the list. The effect of this is that this now
	allows for filtering for multiple values in one field. This can then be
	used to support for filtering/allowing of multiple IP addresses per
	interface.
	An iterator is introduced that extracts each member of a list and
	puts it into a hash table which then is passed to the function creating
	a rule. For the above example the iterator would cause 3 loops.

	Rework value part of name-value pairs
	NWFilters can be provided name-value pairs using the following
	XML notation:
	      <filterref filter='xyz'>
	        <parameter name='PORT' value='80'/>
	        <parameter name='VAL' value='abc'/>
	      </filterref>
	The internal representation currently is so that a name is stored as a
	string and the value as well. This patch now addresses the value part of it
	and introduces a data structure for storing a value either as a simple
	value or as an array for later support of lists.
	This patch adjusts all code that was handling the values in hash tables
	and makes it use the new data type.

	Documentation about chains' priorities, lists of elements etc.
	This patch adds several aspects of documentation about the network filtering
	system:
	- chains, chains' priorities and chains' default priorities
	- talks about lists of elements, i.e., a variable assigned multiple values
	  (part of already ACK-ed series)
	- already mentions the vlan, stp and mac chains added later on
	  (https://www.redhat.com/archives/libvir-list/2011-October/msg01238.html)
	- mentions limitations of vlan filtering (when sent by VM) on Linux systems

	Add test cases
	Add test case for the chain names with known prefixes and the chain
	priority.

	Interleave jumping into chains with filtering rules in 'root' table
	The previous patch extends the priority of filtering rules into negative
	numbers. We now use this possibility to interleave the jumping into
	chains with filtering rules to for example create the 'root' table of
	an interface with the following sequence of rules:
	Bridge chain: libvirt-I-vnet0, entries: 6, policy: ACCEPT
	-p IPv4 -j I-vnet0-ipv4
	-p ARP -j I-vnet0-arp
	-p ARP -j ACCEPT
	-p 0x8035 -j I-vnet0-rarp
	-p 0x835 -j ACCEPT
	-j DROP
	The '-p ARP -j ACCEPT' rule now appears between the jumps.
	Since the 'arp' chain has been assigned priority -700 and the 'rarp'
	chain -600, the above ordering can now be achieved with the following
	rule:
	  <rule action='accept' direction='out' priority='-650'>
	    <mac protocolid='arp'/>
	  </rule>
	This patch now sorts the commands generating the above shown jumps into
	chains and interleaves their execution with those for generating rules.

	Extend rule priorities into negative numbers
	So far rules' priorities have only been valid in the range [0,1000].
	Now I am extending their priority into the range [-1000, 1000] for subsequently
	being able to sort rules and the access of (jumps into) chains following
	priorities.

	Enable chains with names having a known prefix
	This patch enables chains that have a known prefix in their name.
	Known prefixes are: 'ipv4', 'ipv6', 'arp', 'rarp'. All prefixes
	are also protocols that can be evaluated on the ebtables level.
	Following the prefix they will be automatically connected to an interface's
	'root' chain and jumped into following the protocol they evaluate, i.e.,
	a table 'arp-xyz' will be accessed from the root table using
	ebtables -t nat -A <iface root table> -p arp -j I-<ifname>-arp-xyz
	thus generating a 'root' chain like this one here:
	Bridge chain: libvirt-O-vnet0, entries: 5, policy: ACCEPT
	-p IPv4 -j O-vnet0-ipv4
	-p ARP -j O-vnet0-arp
	-p 0x8035 -j O-vnet0-rarp
	-p ARP -j O-vnet0-arp-xyz
	-j DROP
	where the chain 'arp-xyz' is accessed for filtering of ARP packets.

	Extend the filter XML to support priorities of chains
	This patch extends the filter XML to support priorities of chains
	in the XML. An example would be:
	<filter name='allow-arpxyz' chain='arp-xyz' priority='200'>
	[...]
	</filter>
	The permitted values for priorities are [-1000, 1000].
	By setting the priority of a chain the order in which it is accessed
	from the interface root chain can be influenced.

	Use the actual names of chains in data structure
	Use the name of the chain rather than its type index (enum).
	This pushes the later enablement of chains with user-given names
	into the XML parser. For now we still only allow those names that
	are well known ('root', 'arp', 'rarp', 'ipv4' and 'ipv6').

	Use scripting for cleaning and renaming of chains
	Use scripts for the renaming and cleaning up of chains. This allows us to get
	rid of some of the code that is only capable of renaming and removing chains
	whose names are hardcoded.
	A shell function 'collect_chains' is introduced that is given the name
	of an ebtables chain and then recursively determines the names of all
	chains that are accessed from this chain and its sub-chains using 'jumps'.
	The resulting list of chain names is then used to delete all the found
	chains by first flushing and then deleting them.
	The same function is also used for renaming temporary filters to their final
	names.
	I tested this with the bash and dash as script interpreters.

	Make filter creation in root table more flexible
	Use the previously introduced chain priorities to sort the chains for access
	from an interface's 'root' table and have them created in the proper order.
	This gets rid of a lot of code that was previously creating the chains in a
	more hardcoded way.
	To determine what protocol a filter is used for evaluation do prefix-
	matching, i.e., the filter 'arp' is used to filter for the 'arp' protocol,
	'ipv4' for the 'ipv4' protocol and 'arp-xyz' will also be used to filter
	for the 'arp' protocol following the prefix 'arp' in its name.

	Introduce an internal priority for chains
	For better handling of the sorting of chains introduce an internally used
	priority. Use a lookup table to store the priorities. For now their actual
	values do not matter just that the values cause the chains to be properly
	sorted through changes in the following patches. However, the values are
	chosen as negative so that once they are sorted along with filtering rules
	(whose priority may only be positive for now) they will always be instantiated
	before them (lower values cause instantiation before higher values). This
	is done to maintain backwards compatibility.

	Add function to get hash table's key/value pairs
	Add a function to the virHashTable for getting an array of the hash table's
	key-value pairs and have the keys (optionally) sorted.

2011-11-19  Daniel P. Berrange  <berrange@redhat.com>

	Add support for systemd init service
	This patch adds support for a systemd init service for libvirtd
	and libvirt-guests. The libvirtd.service is *not* written to use
	socket activation, since we want libvirtd to start on boot so it
	can do guest auto-start.
	The libvirt-guests.service is pretty lame, just exec'ing the
	original init script for now. Ideally we would factor out the
	functionality, into some shared tool.
	Instead of
	  ./configure --with-init-script=redhat
	You can now do
	  ./configure --with-init-script=systemd
	Or better still:
	  ./configure --with-init-script=systemd+redhat
	We can also now support install of the upstart init script
	* configure.ac: Add systemd, and systemd+redhat options to
	  --with-init-script option
	* daemon/Makefile.am: Install systemd services
	* daemon/libvirtd.sysconf: Add note about unused env variable
	  with systemd
	* daemon/libvirtd.service.in: libvirtd systemd service unit
	* libvirt.spec.in: Add scripts to installing systemd services
	  and migrating from legacy init scripts
	* tools/Makefile.am: Install systemd services
	* tools/libvirt-guests.init.sh: Rename to tools/libvirt-guests.init.in
	* tools/libvirt-guests.service.in: systemd service unit

	Add support for interfaces with type=direct to LXC
	Support creation of macvlan devices for LXC containers. Do not
	allow setting of bandwidth controls or vport profiles due to the
	complication that there is no host side visible device to work
	with.
	* src/lxc/lxc_driver.c: Support type=direct interfaces

	Allow creation of plain macvlan devices
	Update virNetDevMacVLanCreateWithVPortProfile to allow creation
	of plain macvlan devices, as well as macvtap devices. The former
	is useful for LXC containers
	* src/qemu/qemu_command.c: Explicitly request a macvtap device
	* src/util/virnetdevmacvlan.c, src/util/virnetdevmacvlan.h: Add
	  new flag to allow switching between macvlan and macvtap
	  creation

	Refactor LXC network setup to allow future enhancements
	The current lxcSetupInterfaces() method directly performs setup
	of the bridge devices. Since it will shortly need to also create
	macvlan devices, move the bridge related code into a separate
	method
	* src/lxc/lxc_driver.c: Split lxcSetupInterfaces() to create a
	  new lxcSetupInterfaceBridge()

	Add missing 'const' annotations for internal domain conf helpers
	The virDomainNetGetActualBridgeName and virDomainNetGetActualDirectDev
	methods both return strings that point to data in the virDomainDefPtr
	struct, and should therefore not be freed. The return values should
	thus be 'const char *' not 'char *'.
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Mark const
	* src/network/bridge_driver.c: Update to use a const char *

	Fix up ordering of private symbols file
	Fix ordering of symbols after re-arranging network device
	management API source files
	* src/libvirt_private.syms: Fix ordering

	Move ifaceMacvtapLinkDump and ifaceGetNthParent functions
	Move the ifaceMacvtapLinkDump and ifaceGetNthParent functions
	into virnetdevvportprofile.c since they are specific to that
	code. This avoids polluting the headers with the Linux specific
	netlink data types
	* src/util/interface.c, src/util/interface.h: Move
	  ifaceMacvtapLinkDump and ifaceGetNthParent functions and delete
	  remaining file
	* src/util/virnetdevvportprofile.c: Add ifaceMacvtapLinkDump
	  and ifaceGetNthParent functions
	* src/network/bridge_driver.c, src/nwfilter/nwfilter_gentech_driver.c,
	  src/nwfilter/nwfilter_learnipaddr.c, src/util/virnetdevmacvlan.c:
	  Remove include of interface.h

	Move functions for dealing with physical/virtual devices
	Move virNetDevIsVirtualFunction, virNetDevGetVirtualFunctionIndex
	and virNetDevGetPhysicalFunction to virnetdev.c
	* src/util/interface.c, src/util/interface.h, src/util/virnetdev.c,
	  src/util/virnetdev.h: Move APIs

	Rename APIs for dealing with virtual/physical functions
	Rename ifaceIsVirtualFunction to virNetDevIsVirtualFunction,
	ifaceGetVirtualFunctionIndex to virNetDevGetVirtualFunctionIndex
	and ifaceGetPhysicalFunction to virNetDevGetPhysicalFunction
	* src/util/interface.c, src/util/interface.h: Rename APIs
	* src/util/virnetdevvportprofile.c: Update for API rename

	Move virNetDevValidateConfig to virnetdev.c
	* src/util/interface.c, src/util/interface.h: Remove virNetDevValidateConfig
	* src/util/virnetdev.c, src/util/virnetdev.h: Add virNetDevValidateConfig

	Rename ifaceCheck to virNetDevValidateConfig
	Rename the ifaceCheck method to virNetDevValidateConfig and change
	so that it always raises an error and returns -1 on error.
	* src/util/interface.c, src/util/interface.h: Rename ifaceCheck
	  to virNetDevValidateConfig
	* src/nwfilter/nwfilter_gentech_driver.c,
	  src/nwfilter/nwfilter_learnipaddr.c: Update for API rename

	Move virNetDevGetIPv4Address to virnetdev.c
	Move the virNetDevGetIPv4Address function to virnetdev.c
	* util/interface.c, util/interface.h: Remove virNetDevGetIPv4Address
	* util/virnetdev.c, util/virnetdev.h: Add virNetDevGetIPv4Address

	Rename ifaceGetIPAddress to virNetDevGetIPv4Address
	To match up with the existing virNetDevSetIPv4Address, rename
	ifaceGetIPAddress to virNetDevGetIPv4Address
	* util/interface.h, util/interface.c: Rename API
	* network/bridge_driver.c: Update for API rename

	Move virNetDevGetIndex & virNetDevGetVLanID to virnetdev.c
	Move virNetDevGetIndex & virNetDevGetVLanID to virnetdev.c to
	suit their functional purpose
	* util/interface.c, util/interface.h: Remove virNetDevGetIndex &
	  virNetDevGetVLanID
	* util/virnetdev.c, util/virnetdev.h: Add virNetDevGetIndex &
	  virNetDevGetVLanID

	Rename ifaceGetIndex and ifaceGetVLAN
	Rename the ifaceGetIndex method to virNetDevGetIndex and
	ifaceGetVlanID to virNetDevGetVLanID. Also change the error
	reporting behaviour to always raise errors and return -1 on
	failure
	* util/interface.c, util/interface.h: Rename ifaceGetIndex
	  and ifaceGetVLAN
	* nwfilter/nwfilter_gentech_driver.c, nwfilter/nwfilter_learnipaddr.c,
	  nwfilter/nwfilter_learnipaddr.c, util/virnetdevvportprofile.c: Update
	  for API renames and error handling changes

	Move MAC address replacement functions to virnetdev.c
	Move virNetDevReplaceMacAddress and virNetDevRestoreMacAddress
	to the virnetdev.c file where they naturally belong
	* util/interface.c, util/interface.h: Remove
	  virNetDevReplaceMacAddress and virNetDevRestoreMacAddress
	* util/virnetdev.c, util/virnetdev.h: Add
	  virNetDevReplaceMacAddress and virNetDevRestoreMacAddress

	Rename interface MAC address replacement APIs
	Rename ifaceReplaceMacAddress to virNetDevReplaceMacAddress
	and ifaceRestoreMacAddress to virNetDevRestoreMacAddress.
	* util/interface.c, util/interface.h, util/virnetdevmacvlan.c:
	  Rename APIs

	Move the low level macvlan creation APIs
	Move the low level macvlan creation APIs into the
	virnetdevmacvlan.c file where they more naturally
	belong
	* util/interface.c, util/interface.h: Remove virNetDevMacVLanCreate
	  and virNetDevMacVLanDelete
	* util/virnetdevmacvlan.c, util/virnetdevmacvlan.h: Add
	  virNetDevMacVLanCreate and virNetDevMacVLanDelete

	Rename low level macvlan creation APIs
	Rename ifaceMacvtapLinkAdd to virNetDevMacVLanCreate and
	ifaceLinkDel to virNetDevMacVLanDelete. Strictly speaking
	the latter isn't restricted to macvlan devices, but that's
	the only use libvirt has for it.
	* util/interface.c, util/interface.h,
	  util/virnetdevmacvlan.c: Rename APIs

	Rename high level macvlan creation APIs
	Rename virNetDevMacVLanCreate to virNetDevMacVLanCreateWithVPortProfile
	and virNetDevMacVLanDelete to virNetDevMacVLanDeleteWithVPortProfile
	To make way for renaming the other macvlan creation APIs in
	interface.c
	* util/virnetdevmacvlan.c, util/virnetdevmacvlan.h,
	  qemu/qemu_command.c, qemu/qemu_hotplug.c, qemu/qemu_process.c:
	  Rename APIs

	Rename and split the macvtap.c file
	Rename the macvtap.c file to virnetdevmacvlan.c to reflect its
	functionality. Move the port profile association code out into
	virnetdevvportprofile.c. Make the APIs available unconditionally
	to callers
	* src/util/macvtap.h: rename to src/util/virnetdevmacvlan.h,
	* src/util/macvtap.c: rename to src/util/virnetdevmacvlan.c
	* src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h:
	  Pull in vport association code
	* src/Makefile.am, src/conf/domain_conf.h, src/qemu/qemu_conf.c,
	  src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update include
	  paths & remove conditional compilation

	Rename Macvtap management APIs
	In preparation for code re-organization, rename the Macvtap
	management APIs to have the following patterns
	  virNetDevMacVLanXXXXX     - macvlan/macvtap interface management
	  virNetDevVPortProfileXXXX - virtual port profile management
	* src/util/macvtap.c, src/util/macvtap.h: Rename APIs
	* src/conf/domain_conf.c, src/network/bridge_driver.c,
	  src/qemu/qemu_command.c, src/qemu/qemu_command.h,
	  src/qemu/qemu_driver.c, src/qemu/qemu_hotplug.c,
	  src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
	  src/qemu/qemu_process.h: Update for renamed APIs

	Fix use of uninitialized variable in QEMU driver

2011-11-18  Bharata B Rao  <bharata@linux.vnet.ibm.com>

	qemu: Generate -numa option
	Add routines to generate -numa QEMU command line option based on
	<numa> ... </numa> XML specifications.

	XML definitions for guest NUMA and parsing routines
	This patch adds XML definitions for guest NUMA specification and contains
	routines to parse the same. The guest NUMA specification looks like this:
	<cpu>
	        ...
	        <topology sockets='2' cores='4' threads='2'/>
	        <numa>
	                <cell cpus='0-7' memory='512000'/>
	                <cell cpus='8-15' memory='512000'/>
	        </numa>
	        ...
	</cpu>

2011-11-18  Eric Blake  <eblake@redhat.com>

	snapshot: refuse to generate names for non-regular backing files
	For whatever reason, the kernel allows you to create a regular
	file named /dev/sdc.12345; although this file will disappear the
	next time devtmpfs is remounted.  If you let libvirt generate
	the name of the external snapshot for a disk image originally
	using the block device /dev/sdc, then the domain will be rendered
	unbootable once the qcow2 file is lost on the next devtmpfs
	remount.  In this case, the user should have used 'virsh
	snapshot-create --xmlfile' or 'virsh snapshot-create-as --diskspec'
	to specify the name for the qcow2 file in a sane location, rather
	than relying on libvirt generating a name that is most likely to
	be wrong.  We can help avoid naive mistakes by enforcing that
	the user provide the external name for any backing file that is
	not a regular file.
	* src/conf/domain_conf.c (virDomainSnapshotAlignDisks): Only
	generate names if backing file exists as regular file.
	Reported by MATSUDA Daiki.

2011-11-17  Jim Fehlig  <jfehlig@suse.com>

	Fix build with polkit0
	I missed adding virNetServerGetDBusConn() to libvirtd_private.syms
	in commit b8adfcc6, which didn't cause a problem in 0.9.6 but
	results in this build error in 0.9.7
	libvirtd-remote.o: In function `remoteDispatchAuthPolkit':
	remote.c:(.text+0x188dd): undefined reference to `virNetServerGetDBusConn'

	Revert commit 0f590c62
	As noted by Daniel Berrange [1], the proper fix for the older
	PolicyKit build issue is to add virNetServerGetDBusConn to
	libvirt_private.syms.  Revert unnecessary changes to
	daemon/Makefile.am
	[1] https://www.redhat.com/archives/libvir-list/2011-November/msg00852.html

2011-11-17  Laine Stump  <laine@laine.org>

	virsh: add iface-bridge and iface-unbridge commands
	One of the top questions by libvirt users is how to create a host
	bridge device so that guests can be directly on the physical
	network. There are several example documents that explain how to do
	this manually, but following them often results in confusion and
	failure. virt-manager does a good job of creating a bridge based on an
	existing network device, but not everyone wants to use virt-manager.
	This patch adds a new command, iface-bridge that makes it just about
	as simple as possible to create a new bridge device based on an
	existing ethernet/vlan/bond device (including associating IP
	configuration with the bridge rather than the now-attached device),
	and start that new bridge up ready for action, eg:
	    virsh iface-bridge eth0 br0
	For symmetry's sake, it also adds a command to remove a device from a
	bridge, restoring the IP config to the now-unattached device:
	    virsh iface-unbridge br0
	(I had a short debate about whether to do "iface-unbridge eth0"
	instead, but that would involve searching through all bridge devices
	for the one that contained eth0, which seems like a bit too much
	trouble).
	NOTE: These two commands require that the netcf library be available
	on the host. Hopefully this will provide some extra incentive for
	people using suse, debian, ubuntu, and other similar systems to polish
	up (and push downstream) the ports to those distros recently pushed to
	the upstream netcf repo by Dan Berrange. Anyone interested in helping
	with that effort in any way should join the netcf-devel mailing list
	(subscription info at
	https://fedorahosted.org/mailman/listinfo/netcf-devel)
	During creation of the bridge, it's possible to specify whether or not
	the STP protocol should be started up on the bridge and, if so, how
	many seconds the bridge should squelch traffic from newly added
	devices while learning new topology (defaults are stp='on' and
	delay='0', which seems to usually work best for bridges used in the
	context of libvirt guests).
	There is also an option to not immediately start the bridge (and a
	similar option to not immediately start the un-attached device after
	destroying the bridge. Default is to start the new device, because in
	the case of iface-unbridge not starting is strongly discouraged as it
	will leave the system with no network connectivity on that interface
	(because it's necessary to destroy/undefine the bridge device before
	the unattached device can be defined), and it seemed better to make
	the option for iface-bridge behave consistently.
	NOTE TO THOSE TRYING THESE COMMANDS FOR THE FIRST TIME: to guard
	against any "unexpected" change to configuration, it is advisable to
	issue an "virsh iface-begin" command before starting any interface
	config changes, and "virsh iface-commit" only after you've verified
	that everything is working as you expect. If something goes wrong,
	you can always run "virsh iface-rollback" or reboot the system (which
	should automatically do iface-rollback).
	Aside from adding the code for these two functions, and the two
	entries into the command table, the only other change to virsh.c was
	to add the option name to vshCommandOptInterfaceBy(), because the
	iface-unbridge command names its interface option as "bridge".
	virsh.pod has also been updated with short descriptions of these two
	new commands.

2011-11-16  Hu Tao  <hutao@cn.fujitsu.com>

	fix a bug in remoteSerializeTypedParameters
	This is a fatal typo believed to be very likely to happen when using
	both i and j at the same time for indexing.

2011-11-16  Daniel P. Berrange  <berrange@redhat.com>

	Don't return a fatal error if receiving unexpected stream data
	Due to the asynchronous nature of streams, we might continue to
	receive some stream packets from the server even after we have
	shutdown the stream on the client side. These should be discarded
	silently, rather than raising an error in the RPC layer.
	* src/rpc/virnetclient.c: Discard stream data silently

	Fix handling of stream EOF
	Very occasionally the sequence of events from poll would result
	in getting a HANGUP on its own, instead of a HANGUP+READABLE
	at the same time. In the former case we would send back an error
	event to the client, but never send the empty packet to indicate
	EOF.

	Allow non-blocking message sending on virNetClient
	Add a new virNetClientSendNonBlock which returns 2 on
	full send, 1 on partial send, 0 on no send, -1 on error
	If a partial send occurs, then a subsequent call to any
	of the virNetClientSend* APIs will finish any outstanding
	I/O.
	TODO: the virNetClientEvent event handler could be used
	to speed up completion of partial sends if an event loop
	is present.
	* src/rpc/virnetsocket.h, src/rpc/virnetsocket.c: Add new
	  virNetSocketHasPendingData() API to test for cached
	  data pending send.
	* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Add new
	  virNetClientSendNonBlock() API to send non-blocking API

	Refactor code for enabling/disabling I/O callback in remote client
	* src/rpc/virnetclient.c: Add helper for setting I/O callback events

	Split virNetClientSend into 2 methods
	Stop multiplexing virNetClientSend for two different purposes,
	instead add virNetClientSendWithReply and virNetClientSendNoReply
	* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Replace
	  virNetClientSend with virNetClientSendWithReply and
	  virNetClientSendNoReply
	* src/rpc/virnetclientprogram.c, src/rpc/virnetclientstream.c:
	  Update for new API names

	Refactor code for passing the buck in the remote client
	Remove some duplication by pulling the code for passing the
	buck out into a helper method
	* src/rpc/virnetclient.c: Introduce virNetClientIOEventLoopPassTheBuck

	Explicitly track whether the buck is held in remote client
	Instead of inferring whether the buck is held from the waitDispatch
	pointer, use an explicit 'bool haveTheBuck' field
	* src/rpc/virnetclient.c: Explicitly track the buck

	Remove all linked list handling from remote client event loop
	Directly messing around with the linked list is potentially
	dangerous. Introduce some helper APIs to deal with list
	manipulating the list
	* src/rpc/virnetclient.c: Create linked list handlers

2011-11-16  Eli Qiao  <taget@linux.vnet.ibm.com>

	util: Add netdev helper functions to private symbols

2011-11-16  Sage Weil  <sage@newdream.net>

	qemu/rbd: improve rbd device specification
	This improves the support for qemu rbd devices by adding support for a few
	key features (e.g., authentication) and cleaning up the way in which
	rbd configuration options are passed to qemu.
	An <auth> member of the disk source xml specifies how librbd should
	authenticate. The username attribute is the Ceph/RBD user to authenticate as.
	The usage or uuid attributes specify which secret to use. Usage is an
	arbitrary identifier local to libvirt.
	The old RBD support relied on setting an environment variable to
	communicate information to qemu/librbd.  Instead, pass those options
	explicitly to qemu.  Update the qemu argument parsing and tests
	accordingly.

2011-11-16  Jim Fehlig  <jfehlig@suse.com>

	Fix build with polkit0
	I missed adding libvirt_driver_remote.la to libvirtd_LDADD in
	commit b8adfcc6, which didn't cause a problem in 0.9.6 but
	results in this build error in 0.9.7
	libvirtd-remote.o: In function `remoteDispatchAuthPolkit':
	remote.c:(.text+0x188dd): undefined reference to `virNetServerGetDBusConn'

2011-11-16  Stefan Berger  <stefanb@us.ibm.com>

	Fix strchr call triggering gcc 4.3 & 4.4 bug
	Replacing the strchr call with two variables through a strstr call.
	Calling strchr with two variables triggers a gcc 4.3/4.4
	bug when used in combination with -Wlogical-op and at least -O1.

	maint: fix build
	include stdint.h to fix the build

2011-11-15  Daniel P. Berrange  <berrange@redhat.com>

	Remove ifaceSetMac and ifaceGetMac APIs
	The ifaceSetMac and ifaceGetMac APIs duplicate the functionality
	of the virNetDevSetMAC and virNetDevGetMAC APIs, but returning
	errno's instead of raising errors.
	* src/util/interface.c, src/util/interface.h: Remove
	  ifaceSetMac and ifaceGetMac APIs, adjusting callers
	  for new error behaviour

	Remove ifaceUp, ifaceDown, ifaceCtrl & ifaceIsUp APIs
	The ifaceUp, ifaceDown, ifaceCtrl & ifaceIsUp APIs can be replaced
	with calls to virNetDevSetOnline and virNetDevIsOnline
	* src/util/interface.c, src/util/interface.h: Delete ifaceUp,
	  ifaceDown, ifaceCtrl & ifaceIsUp
	* src/nwfilter/nwfilter_gentech_driver.c, src/util/macvtap.c:
	  Update to use virNetDevSetOnline and virNetDevIsOnline

	Move LXC veth.c code into shared utility APIs
	Move the virNetDevSetName and virNetDevSetNamespace APIs out
	of LXC's veth.c and into virnetdev.c.
	Move the remaining content of the file to src/util/virnetdevveth.c
	* src/lxc/veth.c: Rename to src/util/virnetdevveth.c
	* src/lxc/veth.h: Rename to src/util/virnetdevveth.h
	* src/util/virnetdev.c, src/util/virnetdev.h: Add
	  virNetDevSetName and virNetDevSetNamespace
	* src/lxc/lxc_container.c, src/lxc/lxc_controller.c,
	  src/lxc/lxc_driver.c: Update include paths

	Rename the LXC veth management APIs and delete duplicated APIs
	The src/lxc/veth.c file contains APIs for managing veth devices,
	but some of the APIs duplicate stuff from src/util/virnetdev.h.
	Delete thed duplicate APIs and rename the remaining ones to
	follow virNetDevVethXXXX
	* src/lxc/veth.c, src/lxc/veth.h: Rename APIs & delete duplicates
	* src/lxc/lxc_container.c, src/lxc/lxc_controller.c,
	  src/lxc/lxc_driver.c: Update for API renaming

	Split src/util/network.{c,h} into 5 pieces
	The src/util/network.c file is a dumping ground for many different
	APIs. Split it up into 5 pieces, along functional lines
	 - src/util/virnetdevbandwidth.c: virNetDevBandwidth type & helper APIs
	 - src/util/virnetdevvportprofile.c: virNetDevVPortProfile type & helper APIs
	 - src/util/virsocketaddr.c: virSocketAddr and APIs
	 - src/conf/netdev_bandwidth_conf.c: XML parsing / formatting
	   for virNetDevBandwidth
	 - src/conf/netdev_vport_profile_conf.c: XML parsing / formatting
	   for virNetDevVPortProfile
	* src/util/network.c, src/util/network.h: Split into 5 pieces
	* src/conf/netdev_bandwidth_conf.c, src/conf/netdev_bandwidth_conf.h,
	  src/conf/netdev_vport_profile_conf.c, src/conf/netdev_vport_profile_conf.h,
	  src/util/virnetdevbandwidth.c, src/util/virnetdevbandwidth.h,
	  src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h,
	  src/util/virsocketaddr.c, src/util/virsocketaddr.h: New pieces
	* daemon/libvirtd.h, daemon/remote.c, src/conf/domain_conf.c,
	  src/conf/domain_conf.h, src/conf/network_conf.c,
	  src/conf/network_conf.h, src/conf/nwfilter_conf.h,
	  src/esx/esx_util.h, src/network/bridge_driver.c,
	  src/qemu/qemu_conf.c, src/rpc/virnetsocket.c,
	  src/rpc/virnetsocket.h, src/util/dnsmasq.h, src/util/interface.h,
	  src/util/iptables.h, src/util/macvtap.c, src/util/macvtap.h,
	  src/util/virnetdev.h, src/util/virnetdevtap.c,
	  tools/virsh.c: Update include files

	Fix error reporting in port profile parsing/formatting APIs
	The virtual port profile parsing/formatting APIs do not
	correctly handle unknown profile type strings/numbers.
	They behave as a no-op, instead of raising an error
	* src/util/network.c, src/util/network.h: Fix error
	  handling of port profile APIs
	* src/conf/domain_conf.c, src/conf/network_conf.c: Update
	  for API changes

	Rename virVirtualPortProfileParams & APIs
	Rename the virVirtualPortProfileParams struct to be
	virNetDevVPortProfile, and rename the APIs to match
	this prefix.
	* src/util/network.c, src/util/network.h: Rename port profile
	  APIs
	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/conf/network_conf.c, src/conf/network_conf.h,
	  src/network/bridge_driver.c, src/qemu/qemu_hotplug.c,
	  src/util/macvtap.c, src/util/macvtap.h: Update for
	  renamed APIs/structs

2011-11-15  Stefan Berger  <stefanb@us.ibm.com>

	maint: Add Michael Wood as an author
	Add Michael Wood <esiotrot@gmail.com> as an author.

2011-11-15  Michael Wood  <esiotrot@gmail.com>

	PATCH: Fix build without MACVTAP
	Hi
	Commit c31d23a78715f1144c73862c46ab0436de8b5e85 removed the "conn"
	parameter from qemuPhysIfaceConnect(), but it's still used if
	WITH_MACVTAP is false.  Also, it's still mentioned in the comment
	above the function:
	/**
	 * qemuPhysIfaceConnect:
	 * @def: the definition of the VM (needed by 802.1Qbh and audit)
	 * @conn: pointer to virConnect object
	 * @driver: pointer to the qemud_driver
	 * @net: pointer to he VM's interface description with direct device type
	 * @qemuCaps: flags for qemu
	 *
	 * Returns a filedescriptor on success or -1 in case of error.
	 */
	int
	qemuPhysIfaceConnect(virDomainDefPtr def,
	                     struct qemud_driver *driver,
	                     virDomainNetDefPtr net,
	                     virBitmapPtr qemuCaps,
	                     enum virVMOperationType vmop)
	{
	    int rc;
	#if WITH_MACVTAP
	[...]
	#else
	    (void)def;
	    (void)conn;
	    (void)net;
	    (void)qemuCaps;
	    (void)driver;
	    (void)vmop;
	    qemuReportError(VIR_ERR_INTERNAL_ERROR,
	                    "%s", _("No support for macvtap device"));
	    rc = -1;
	#endif
	    return rc;
	}
	--
	Michael Wood <esiotrot@gmail.com>
	From f4fc43b4111a4c099395c55902e497b8965e2b53 Mon Sep 17 00:00:00 2001
	From: Michael Wood <esiotrot@gmail.com>
	Date: Sat, 12 Nov 2011 13:37:53 +0200
	Subject: [PATCH] Fix build without MACVTAP.

2011-11-15  Guido Günther  <agx@sigxcpu.org>

	storage: forbid rebuilding existing disk storage pools
	which would blow away all volumes. Honor VIR_STORAGE_POOL_BUILD_OVERWRITE
	to force a rebuild.
	This was caught by libvirt-tck's storage/110-disk-pool.t.

2011-11-12  Eric Blake  <eblake@redhat.com>

	API: add trivial qemu support for VIR_TYPED_PARAM_STRING
	Qemu will be the first driver to make use of a typed string in the
	next round of additions.  Separate out the trivial addition.
	* src/qemu/qemu_driver.c (qemudSupportsFeature): Advertise feature.
	(qemuDomainGetBlkioParameters, qemuDomainGetMemoryParameters)
	(qemuGetSchedulerParametersFlags, qemudDomainBlockStatsFlags):
	Allow typed strings flag where trivially supported.

	API: remote support for VIR_TYPED_PARAM_STRING
	Send and receive string typed parameters across RPC.  This also
	completes the back-compat mentioned in the previous patch - the
	only time we have an older client talking to a newer server is
	if RPC is in use, so filtering out strings during RPC prevents
	returning an unknown type to the older client.
	* src/remote/remote_protocol.x (remote_typed_param_value): Add
	another union value.
	* daemon/remote.c (remoteDeserializeTypedParameters): Handle
	strings on rpc.
	(remoteSerializeTypedParameters): Likewise; plus filter out
	strings when replying to older clients.  Adjust callers.
	* src/remote/remote_driver.c (remoteFreeTypedParameters)
	(remoteSerializeTypedParameters)
	(remoteDeserializeTypedParameters): Handle strings on rpc.
	* src/rpc/gendispatch.pl: Properly clean up typed arrays.
	* src/remote_protocol-structs: Update.
	Based on an initial patch by Hu Tao, with feedback from
	Daniel P. Berrange.

	API: add VIR_TYPED_PARAM_STRING
	This allows strings to be transported between client and server
	in the context of name-type-value virTypedParameter functions.
	For compatibility,
	    o new clients will not send strings to old servers, based on
	      a feature check
	    o new servers will not send strings to old clients without the
	      flag VIR_TYPED_PARAM_STRING_OKAY; this will be enforced at
	      the RPC layer in the next patch, so that drivers need not
	      worry about it in general.  The one exception is that
	      virDomainGetSchedulerParameters lacks a flags argument, so
	      it must not return a string; drivers that forward that
	      function on to virDomainGetSchedulerParametersFlags will
	      have to pay attention to the flag.
	    o the flag VIR_TYPED_PARAM_STRING_OKAY is set automatically,
	      based on a feature check (so far, no driver implements it),
	      so clients do not have to worry about it
	Future patches can then enable the feature on a per-driver basis.
	This patch also ensures that drivers can blindly strdup() field
	names (previously, a malicious client could stuff 80 non-NUL bytes
	into field and cause a read overrun).
	* src/libvirt_internal.h (VIR_DRV_FEATURE_TYPED_PARAM_STRING): New
	driver feature.
	* src/libvirt.c (virTypedParameterValidateSet)
	(virTypedParameterSanitizeGet): New helper functions.
	(virDomainSetMemoryParameters, virDomainSetBlkioParameters)
	(virDomainSetSchedulerParameters)
	(virDomainSetSchedulerParametersFlags)
	(virDomainGetMemoryParameters, virDomainGetBlkioParameters)
	(virDomainGetSchedulerParameters)
	(virDomainGetSchedulerParametersFlags, virDomainBlockStatsFlags):
	Use them.
	* src/util/util.h (virTypedParameterArrayClear): New helper
	function.
	* src/util/util.c (virTypedParameterArrayClear): Implement it.
	* src/libvirt_private.syms (util.h): Export it.
	Based on an initial patch by Hu Tao, with feedback from
	Daniel P. Berrange.

2011-11-12  Eli Qiao  <taget@linux.vnet.ibm.com>

	util: fix compile error on debian
	Add virnetdev.h,virnetdevbridge.h,virnetdevtap.h to private symbols,
	since debian linker no longer allows transitive link resolution

2011-11-12  Eric Blake  <eblake@redhat.com>

	qemu: fix domjobabort regression
	This reverts commit ef1065cf5ac; see also this bug report:
	https://bugzilla.redhat.com/show_bug.cgi?id=751900
	In qemu 0.15.1 and earlier, during migration to file, the
	qemu_savevm_state_begin and qemu_savevm_state_iterate methods
	will both process as much migration data as possible until either
	  1. The file descriptor returns EAGAIN
	  2. The bandwidth rate limit is reached
	If we set the rate limit to ULONG_MAX, test 2 never becomes true. We're
	passing a plain file descriptor to QEMU and POSIX does not support EAGAIN on
	regular files / block devices, so test 1 never becomes true either.
	In the 'virsh save --bypass-cache' case, we pass a pipe instead of a
	regular fd, but using a pipe adds I/O overhead, so always passing a
	pipe just so qemu can see EAGAIN doesn't seem nice.
	The ultimate fix needs to come from qemu - background migration must
	respect asynchronous abort requests, or else periodically return
	control to the main handling loop without an EAGAIN and without
	waiting to hit an insanely large amount of data.  But until a
	version of qemu is fixed to support "unlimited" data rates while
	still allowing cancellation, the best we can do is avoid the
	automatic use of unlimited rates from within libvirt (users can
	still explicitly change the migration rates, if they are aware that
	they are giving up the ability to cancel a job).
	Reverting the lone use of QEMU_DOMAIN_FILE_MIG_BANDWIDTH_MAX is
	the simplest patch; this slows migration back down to a default
	32M/sec cap, but also ensures that the main qemu processing loop
	will still be responsive to cancellation requests.  Hopefully
	upstream qemu will provide us a means of safely using unlimited
	speed, including a runtime probe of that capability.
	* src/qemu/qemu_migration.c (qemuMigrationToFile): Revert attempt
	to use unlimited migration bandwidth when migrating to file.

2011-11-12  Hu Tao  <hutao@cn.fujitsu.com>

	fix two bugs in bridge_driver.c
	steps to reproduce:
	1. having a network xml file(named default.xml) like this one:
	<network>
	  <name>default</name>
	  <uuid>c5322c4c-81d0-4985-a363-ad6389780d89</uuid>
	  <bridge name="virbr0" />
	  <forward/>
	  <ip address="192.168.122.1" netmask="255.255.255.0">
	    <dhcp>
	      <range start="192.168.122.2" end="192.168.122.254" />
	    </dhcp>
	  </ip>
	</network>
	in /etc/libvirt/qemu/networks/, and mark it as autostart:
	$ ls -l /etc/libvirt/qemu/networks/autostart
	total 0
	lrwxrwxrwx 1 root root 14 Oct 12 14:02 default.xml -> ../default.xml
	2. start libvirtd and the device virbr0 is not automatically up.
	The reason is that the function virNetDevExists is now returns 1 if
	the device exists, comparing to the former one returns 0 if the device
	exists. But with only this fix will cause a segmentation fault(the same
	steps as above)  that is fixed by the second chunk of code.

2011-11-12  Eric Blake  <eblake@redhat.com>

	build: drop useless dirent.h includes
	* .gnulib: Update to latest, for improved syntax-check.
	* src/lxc/lxc_container.c (includes): Drop unused include.
	* src/network/bridge_driver.c: Likewise.
	* src/node_device/node_device_linux_sysfs.c: Likewise.
	* src/openvz/openvz_driver.c: Likewise.
	* src/qemu/qemu_conf.c: Likewise.
	* src/storage/storage_backend_iscsi.c: Likewise.
	* src/storage/storage_backend_mpath.c: Likewise.
	* src/uml/uml_conf.c: Likewise.
	* src/uml/uml_driver.c: Likewise.

	xenapi: remove unused variable
	  CC     libvirt_driver_xenapi_la-xenapi_driver.lo
	xenapi/xenapi_driver.c: In function 'xenapiDomainGetVcpus':
	xenapi/xenapi_driver.c:1209:21: error: variable 'cpus' set but not used [-Werror=unused-but-set-variable]
	* src/xenapi/xenapi_driver.c (xenapiDomainGetVcpus): Silence
	compiler warning.

2011-11-11  Eric Blake  <eblake@redhat.com>

	maint: use mailmap, not AUTHORS, for secondary addresses
	* AUTHORS: Move Stefan's second entry...
	* .mailmap: ...here.

2011-11-11  Stefan Berger  <stefanb@us.ibm.com>

	maint: fix make syntax-check
	Add my 2nd email to the list of AUTHORS to get 'make syntax-check'
	to pass.

2011-11-11  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Remove code instantiating filters on direct interfaces
	Remove the code that instantiates network filters on direct type
	of interfaces. The parser already does not accept it.

2011-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Disable numactl on ARM architectures too
	* libvirt.spec.in: Disable numactl on ARM

	Add libvirt confdir to files section in mingw32 spec
	* mingw32-libvirt.spec.in: Ensure we own the confdir

2011-11-10  Eric Blake  <eblake@redhat.com>

	nwfilter: simplify execution of ebiptables scripts
	It's not worth even worrying about a temporary file, unless we
	ever expect the script to exceed maximum command-line argument
	length limits.
	* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesExecCLI):
	Run the commands as an argument to /bin/sh, rather than worrying
	about a temporary file.
	(ebiptablesWriteToTempFile): Delete unused function.

	nwfilter: avoid failure with noexec /tmp
	If /tmp is mounted with the noexec flag (common on security-conscious
	systems), then nwfilter will fail to initialize, because we cannot
	run any temporary script via virRun("/tmp/script"); but we _can_
	use "/bin/sh /tmp/script".  For that matter, using /tmp risks collisions
	with other unrelated programs; we already have /var/run/libvirt as a
	dedicated temporary directory for use by libvirt.
	* src/nwfilter/nwfilter_ebiptables_driver.c
	(ebiptablesWriteToTempFile): Use internal directory, not /tmp;
	drop attempts to make script executable; and detect close error.
	(ebiptablesExecCLI): Switch to virCommand, and invoke the shell to
	read the script, rather than requiring an executable script.

2011-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Adjust naming of network device bandwidth management APIs
	Rename virBandwidth to virNetDevBandwidth, and virRate to
	virNetDevBandwidthRate.
	* src/util/network.c, src/util/network.h: Rename bandwidth
	  structs and APIs
	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/conf/network_conf.c, src/conf/network_conf.h,
	  src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/qemu/qemu_command.c, src/util/macvtap.c,
	  src/util/macvtap.h, tools/virsh.c: Update for API changes.

	Santize naming of socket address APIs
	The socket address APIs in src/util/network.h either take the
	form  virSocketAddrXXX, virSocketXXX or virSocketXXXAddr.
	Sanitize this so everything is virSocketAddrXXXX, and ensure
	that the virSocketAddr parameter is always the first one.
	* src/util/network.c, src/util/network.h: Santize socket
	  address API naming
	* src/conf/domain_conf.c, src/conf/network_conf.c,
	  src/conf/nwfilter_conf.c, src/network/bridge_driver.c,
	  src/nwfilter/nwfilter_ebiptables_driver.c,
	  src/nwfilter/nwfilter_learnipaddr.c,
	  src/qemu/qemu_command.c, src/rpc/virnetsocket.c,
	  src/util/dnsmasq.c, src/util/iptables.c,
	  src/util/virnetdev.c, src/vbox/vbox_tmpl.c: Update for
	  API renaming

	Split bridge.h into three separate files
	Following the renaming of the bridge management APIs, we can now
	split the source file into 3 corresponding pieces
	 * src/util/virnetdev.c: APIs for any type of network interface
	 * src/util/virnetdevbridge.c: APIs for bridge interfaces
	 * src/util/virnetdevtap.c: APIs for TAP interfaces
	* src/util/virnetdev.c, src/util/virnetdev.h,
	  src/util/virnetdevbridge.c, src/util/virnetdevbridge.h,
	  src/util/virnetdevtap.c, src/util/virnetdevtap.h: Copied
	  from bridge.{c,h}
	* src/util/bridge.c, src/util/bridge.h: Split into 3 pieces
	* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/openvz/openvz_driver.c, src/qemu/qemu_command.c,
	  src/qemu/qemu_conf.h, src/uml/uml_conf.c, src/uml/uml_conf.h,
	  src/uml/uml_driver.c: Update #include directives

	Remove usage of brctl command line tool
	Convert the virNetDevBridgeSetSTP and virNetDevBridgeSetSTPDelay
	to use ioctls instead of spawning brctl.
	Implement the virNetDevBridgeGetSTP and virNetDevBridgeGetSTPDelay
	methods which were declared in the header but never existed
	* src/util/bridge.c: Convert to use bridge ioctls instead of brctl

	Add an API for retrieving the MAC address of an interface
	* src/util/bridge.c, src/util/bridge.h: Add virNetDevGetMAC

	Expose MTU management APIs
	The MTU management APIs are useful to other code inside libvirt,
	so should be exposed as non-static APIs.
	* src/util/bridge.c, src/util/bridge.h: Expose virNetDevSetMTU,
	  virNetDevSetMTUFromDevice & virNetDevGetMTU

	Turn two int parameters into bools in bridge APIs
	* src/util/bridge.c, src/util/bridge.h: s/int/bool/ in
	  virNetDevSetOnline and virNetDevBridgeSetSTP

	Rename all brXXXX APIs to follow new convention
	The existing brXXX APIs in src/util/bridge.h are renamed to
	follow one of three different conventions
	 - virNetDevXXX       - operations for any type of interface
	 - virNetDevBridgeXXX - operations for bridge interfaces
	 - virNetDevTapXXX    - operations for tap interfaces
	* src/util/bridge.h, src/util/bridge.c: Rename all APIs
	* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/qemu/qemu_command.c, src/uml/uml_conf.c,
	  src/uml/uml_driver.c: Update for API renaming

	Make all brXXX APIs raise errors, instead of returning errnos
	Currently every caller of the brXXX APIs has to store the returned
	errno value and then raise an error message. This results in
	inconsistent error messages across drivers, additional burden on
	the callers and makes the error reporting inaccurate since it is
	hard to distinguish different scenarios from 1 errno value.
	* src/util/bridge.c: Raise errors instead of returning errnos
	* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/qemu/qemu_command.c, src/uml/uml_conf.c,
	  src/uml/uml_driver.c: Remove error reporting code

	Remove 'brControl' object
	The bridge management APIs in src/util/bridge.c require a brControl
	object to be passed around. This holds the file descriptor for the
	control socket. This extra object complicates use of the API for
	only a minor efficiency gain, which is in turn entirely offset by
	the need to fork/exec the brctl command for STP configuration.
	This patch removes the 'brControl' object entirely, instead opening
	the control socket & closing it again within the scope of each method.
	The parameter names for the APIs are also made to consistently use
	'brname' for bridge device name, and 'ifname' for an interface
	device name. Finally annotations are added for non-NULL parameters
	and return check validation
	* src/util/bridge.c, src/util/bridge.h: Remove brControl object
	  and update API parameter names & annotations.
	* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/uml/uml_conf.h, src/uml/uml_conf.c, src/uml/uml_driver.c,
	  src/qemu/qemu_command.c, src/qemu/qemu_conf.h,
	  src/qemu/qemu_driver.c: Remove reference to 'brControl' object

2011-11-10  Eric Blake  <eblake@redhat.com>

	build: fix mingw build of gnulib openpty
	Commit f7bd00c12 pulled in a gnulib module that fails to compile
	on mingw.  Work around it while waiting for an upstream gnulib fix.
	* gnulib/local/lib/pty.in.h (openpty): Provide forward
	declarations of opaque structs not present on mingw.
	* gnulib/local/lib/openpty.c (openpty): Provide stub for mingw.

	build: allow for local gnulib diffs
	Commit f7bd00c12 pulled in a gnulib module that fails to compile
	on mingw.  While it would be nice to pull in a newer version of
	.gnulib that fixes this, it is difficult to backport any .gnulib
	update to older releases.  So, it makes sense to take advantage
	of gnulib-tool's ability to support local diffs, where we can
	apply specific diffs in our use of gnulib without waiting for
	upstream gnulib to pick up those changes, as well as avoiding
	a wholesale .gnulib update.  The existence of local diffs will
	also make it easier to backport fixes against a tarball (as long
	as a tarball and libvirt.git share the same .gnulib commit, then
	the tarball can be patched by applying the same local diffs as
	a post-release libvirt.git commit, without having to rerun an
	entire gnulib-tool bootstrap).
	This patch introduces the framework for supporting local diffs,
	without actually introducing any.
	* bootstrap.conf (local_gl_dir): New variable.
	* autogen.sh (bootstrap_hash): Hash any local diffs, to force a
	re-bootstrap if just diffs change.
	* cfg.mk (_update_required): Likewise.

2011-11-09  Alex Jia  <ajia@redhat.com>

	lxc: free error object to avoid memory leak
	Detected by Coverity. Leak introduced in commit 9d201a5.
	* src/lxc/lxc_driver.c: Clean up on failure.

	lxc: free 'ttyFDs' array on return from lxcVmStart
	Detected by Coverity. Leak introduced in commit 0f31f7b.
	* src/lxc/lxc_driver.c: Clean up on failure.

2011-11-09  Osier Yang  <jyang@redhat.com>

	qemu: Fix improper error message for disk detaching
	s/virDomainDeviceTypeToString/virDomainDiskDeviceTypeToString/
	Report by Xu He Jie <xuhj@linux.vnet.ibm.

2011-11-09  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	virsh: Add VSH_OFLAG_EMPTY_OK for attach-disk command
	As the description of removing CDROM media from
	  http://wiki.libvirt.org/page/QEMUSwitchToLibvirt#eject_DEV
	Add flag 'VSH_OFLAG_EMPTY_OK' to the option 'source' of attach-disk
	Then avoid outputting <source> in the XML if 'source' was empty,
	rather than trusting libvirt domain_conf.c to understand an empty
	string.

2011-11-08  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.7
	* confiure.ac docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: update localizations and rebuilt

2011-11-08  Eric Blake  <eblake@redhat.com>

	build: fix build on platforms without ptsname_r
	MacOS lacks ptsname_r, and gnulib doesn't (yet) provide it.
	But we can avoid it altogether, by using gnulib openpty()
	instead.  Note that we do _not_ want the pt_chown module;
	gnulib uses it only to implement a replacement openpty() if
	the system lacks both openpty() and granpt(), but all
	systems that we currently port to either have at least one of
	openpty() and/or grantpt(), or lack ptys altogether.  That is,
	we aren't porting to any system that requires us to deal with
	the hassle of installing a setuid pt_chown helper just to use
	gnulib's ability to provide openpty() on obscure platforms.
	* .gnulib: Update to latest, for openpty fixes
	* bootstrap.conf (gnulib_modules): Add openpty, ttyname_r.
	(gnulib_tool_option_extras): Exclude pt_chown module.
	* src/util/util.c (virFileOpenTty): Rewrite in terms of openpty
	and ttyname_r.
	* src/util/util.h (virFileOpenTtyAt): Delete dead prototype.

2011-11-07  Daniel P. Berrange  <berrange@redhat.com>

	Add missing defaultConsoleTargetType callback for AppArmour
	Every instance of virCapsPtr must have the defaultConsoleTargetType
	field set.
	* src/security/virt-aa-helper.c: Add defaultConsoleTargetType to
	  virCapsPtr

	Fix sending/receiving of FDs when stream returns EAGAIN
	The code calling sendfd/recvfd was mistakenly assuming those
	calls would never block. They can in fact return EAGAIN and
	this is causing us to drop the client connection when blocking
	ocurrs while sending/receiving FDs.
	Fixing this is a little hairy on the incoming side, since at
	the point where we see the EAGAIN, we already thought we had
	finished receiving all data for the packet. So we play a little
	trick to reset bufferOffset again and go back into polling for
	more data.
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Update
	  virNetSocketSendFD/RecvFD to return 0 on EAGAIN, or 1
	  on success
	* src/rpc/virnetclient.c: Move decoding of header & fds
	  out of virNetClientCallDispatch and into virNetClientIOHandleInput.
	  Handling blocking when sending/receiving FDs
	* src/rpc/virnetmessage.h: Add a 'donefds' field to track
	  how many FDs we've sent / received
	* src/rpc/virnetserverclient.c: Handling blocking when
	  sending/receiving FDs

2011-11-05  Eric Blake  <eblake@redhat.com>

	build: silence compiler warning on BSD
	Building on 64-bit FreeBSD 8.2 complained about a cast between
	a pointer and a smaller integer.  Going through an intermediate
	cast shuts up the compiler.
	* src/util/threads-pthread.c (virThreadSelfID): Silence a warning.

	build: fix linking on BSD
	While building on FreeBSD (and after fixing a ptsname_r link error),
	I got this failure:
	./.libs/libvirt_util.a(libvirt_util_la-threads.o)(.text+0x240): In function `virThreadCreate':
	util/threads-pthread.c:185: undefined reference to `pthread_create'
	It turns out that gnulib used only pthread_join for LIB_PTHREAD,
	but on FreeBSD, libc provides that (as a stub function); whereas
	the more complex pthread_create really does require -pthread,
	which gnulib tracked under [LT]LIBMULTITHREAD.
	* configure.ac (LIBS): Check LIBMULTITHREAD alongside LIB_PTHREAD.
	* src/Makefile.am (THREAD_LIBS): New variable.
	(libvirt_util_la_LIBADD, libvirt_lxc_LDADD): Use it.

2011-11-05  Laine Stump  <laine@laine.org>

	remote: fix mingw32 build
	tty is initialized, and later set in code that is compiled for all
	platforms, but is only used in a section that's inside #ifndef WIN32.

2011-11-04  Eric Blake  <eblake@redhat.com>

	lxc: avoid use-after-free
	I got this weird failure:
	error: Failed to start domain simple
	error: internal error cannot mix caller fds with blocking execution
	and tracked it down to a use-after-free - virCommandSetOutputFD
	was storing the address of a stack-local variable, which then
	went out of scope before the virCommandRun that dereferenced it.
	Bug introduced in commit 451cfd05 (0.9.2).
	* src/lxc/lxc_driver.c (lxcBuildControllerCmd): Move log fd
	registration...
	(lxcVmStart): ...to caller.

2011-11-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix naming of constant for disk event
	All constants related to events should have a prefix of
	VIR_DOMAIN_EVENT_
	* include/libvirt/libvirt.h.in, src/qemu/qemu_domain.c:
	  Rename VIR_DOMAIN_DISK_CHANGE_MISSING_ON_START to
	  VIR_DOMAIN_EVENT_DISK_CHANGE_MISSING_ON_START

2011-11-04  Jiri Denemark  <jdenemar@redhat.com>

	conf: Don't free uninitialized pointer
	This causes libvirtd to crash when both <boot dev='...'/> and <boot
	order='...'/> are used in one domain XML. Introduced by
	5fa3d775a9f8cdb3423373eb084219aaf778df11

2011-11-04  Eric Blake  <eblake@redhat.com>

	build: fix deep VPATH builds
	I ran into the following build failure:
	$ mkdir -p build1 build2/a/very/deep/hierarcy
	$ cd build2/a/very/deep/hierarcy
	$ ../../../../../configure && make
	$ cd ../../../../build1
	$ ../configure && make
	...
	../../src/remote/remote_protocol.c:7:55: fatal error: ../../../../../src/remote/remote_protocol.h: No such file or directory
	Turns out that we were sometimes generating the remote_protocol.c
	file with information from the VPATH build, which is bad, since
	any file shipped in the tarball should be idempotent no matter how
	deep the VPATH build tree that created it.
	* src/rpc/genprotocol.pl: Don't embed VPATH into generated file.

2011-11-04  Philipp Hahn  <hahn@univention.de>

	doc: Add <deviceboot> capability.
	Allow /capabilities/guest/features/deviceboot.

2011-11-03  Eric Blake  <eblake@redhat.com>

	lxc: use common code for process cleanup
	Based on a Coverity report - the return value of waitpid() should
	always be checked, to avoid problems with leaking resources.
	* src/lxc/lxc_controller.c (lxcControllerRun): Use simpler virPidAbort.

2011-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix default console type setting
	The default console type may vary based on the OS type. ie a Xen
	paravirt guests wants a 'xen' console, while a fullvirt guests
	wants a 'serial' console.
	A plain integer default console type in the capabilities does
	not suffice. Instead introduce a callback that is passed the
	OS type.
	* src/conf/capabilities.h: Use a callback for default console
	  type
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Use callback
	  for default console type. Add missing LXC/OpenVZ console types.
	* src/esx/esx_driver.c, src/libxl/libxl_conf.c,
	  src/lxc/lxc_conf.c, src/openvz/openvz_conf.c,
	  src/phyp/phyp_driver.c, src/qemu/qemu_capabilities.c,
	  src/uml/uml_conf.c, src/vbox/vbox_tmpl.c,
	  src/vmware/vmware_conf.c, src/xen/xen_hypervisor.c,
	  src/xenapi/xenapi_driver.c: Set default console type callback

	Set aliases for LXC/UML console devices
	To allow virDomainOpenConsole to access non-primary consoles,
	device aliases are required to be set. Until now only the QEMU
	driver has done this. Update LXC & UML to set aliases for any
	console devices
	* src/lxc/lxc_driver.c, src/uml/uml_driver.c: Set aliases
	  for console devices

	Default console target type with no <target> element
	When no <target> element was set at all, the default console
	target type was not being honoured
	* src/conf/domain_conf.c: Set default target type for consoles
	  with no <target>

	Add support for multiple consoles in LXC
	Currently the LXC controller only supports setup of a single
	text console. This is wired up to the container init's stdio,
	as well as /dev/console and /dev/tty1. Extending support for
	multiple consoles, means wiring up additional PTYs to /dev/tty2,
	/dev/tty3, etc, etc. The LXC controller is passed multiple open
	file handles, one for each console requested.
	* src/lxc/lxc_container.c, src/lxc/lxc_container.h: Wire up
	  all the /dev/ttyN links required to symlink to /dev/pts/NN
	* src/lxc/lxc_container.h: Open more container side /dev/pts/NN
	  devices, and adapt event loop to handle I/O from all consoles
	* src/lxc/lxc_driver.c: Setup multiple host side PTYs

	Rewrite LXC I/O forwarding to use main event loop
	The current I/O code for LXC uses a hand crafted event loop
	to forward I/O between the container & host app, based on
	epoll to handle EOF on PTYs. This event loop is not easily
	extensible to add more consoles, or monitor other types of
	file descriptors.
	Remove the custom event loop and replace it with a normal
	libvirt event loop. When detecting EOF on a PTY, disable
	the event watch on that FD, and fork off a background thread
	that does a edge-triggered epoll() on the FD. When the FD
	finally shows new incoming data, the thread re-enables the
	watch on the FD and exits.
	When getting EOF from a read() on the PTY, the existing code
	would do waitpid(WNOHANG) to see if the container had exited.
	Unfortunately there is a race condition, because even though
	the process has closed its stdio handles, it might still
	exist.
	To deal with this the new event loop uses a SIG_CHILD handler
	to perform the waitpid only when the container is known to
	have actually exited.
	* src/lxc/lxc_controller.c: Rewrite the event loop to use
	  the standard APIs.

	Fix crash formatting virtio console
	qemuBuildVirtioSerialPortDevStr was mistakenly accessing the
	target.name field in the virDomainChrDef object for chardevs
	belonging to a console. Those chardevs only have port set,
	and if there's > 1 console, the > 1port number results in
	trying to access a target.name with address 0x1
	* src/qemu/qemu_command.c: Fix target.name handling and
	  make code more robust wrt error reporting
	* src/qemu/qemu_command.c: Conditionally access target.name

	Allow multiple consoles per virtual guest
	While Xen only has a single paravirt console, UML, and
	QEMU both support multiple paravirt consoles. The LXC
	driver can also be trivially made to support multiple
	consoles. This patch extends the XML to allow multiple
	<console> elements in the XML. It also makes the UML
	and QEMU drivers support this config.
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Allow
	  multiple <console> devices
	* src/lxc/lxc_driver.c, src/xen/xen_driver.c,
	  src/xenxs/xen_sxpr.c, src/xenxs/xen_xm.c: Update for
	  internal API changes
	* src/security/security_selinux.c, src/security/virt-aa-helper.c:
	  Only label consoles that aren't a copy of the serial device
	* src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
	  src/qemu/qemu_process.c, src/uml/uml_conf.c,
	  src/uml/uml_driver.c: Support multiple console devices
	* tests/qemuxml2xmltest.c, tests/qemuxml2argvtest.c: Extra
	  tests for multiple virtio consoles. Set QEMU_CAPS_CHARDEV
	  for all console /channel tests
	* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-auto.args,
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args
	  tests/qemuxml2argvdata/qemuxml2argv-console-virtio.args: Update
	  for correct chardev syntax
	* tests/qemuxml2argvdata/qemuxml2argv-console-virtio-many.args,
	  tests/qemuxml2argvdata/qemuxml2argv-console-virtio-many.xml: New
	  test file

	Remove translations in socket test case
	The test case errors should not be translated since they're only
	targetted at developers, not users.
	* tests/virnetsockettest.c: Remove error reporting with translations

2011-11-03  Guido Günther  <agx@sigxcpu.org>

	virnetsockettest: Use a temporary directory in /tmp
	to avoid exceeding UNIX_PATH_MAX

	Use ENAMETOOLONG if the the socket path is longer than UNIX_PATH_MAX

2011-11-03  Eric Blake  <eblake@redhat.com>

	xen: allow getting < max typed parameters
	Allow the user to call with nparams too small, per API documentation.
	* src/xen/xen_hypervisor.c (xenHypervisorGetSchedulerParameters):
	Allow fewer than max.
	* src/xen/xend_internal.c (xenDaemonGetSchedulerParameters):
	Likewise.

	test: drop redundant check
	libvirt.c guarantees that nparams is non-zero for scheduler parameters.
	* src/test/test_driver.c (testDomainGetSchedulerParamsFlags): Drop
	redundant check.  Avoid strcpy.

	lxc: allow getting < max typed parameters
	Allow the user to call with nparams too small, per API documentation.
	Also, libvirt.c filters out nparams of 0 for scheduler parameters.
	* src/lxc/lxc_driver.c (lxcDomainGetMemoryParameters): Allow fewer
	than max.
	(lxcGetSchedulerParametersFlags): Drop redundant check.

	libxl: allow getting < max typed parameters
	Allow the user to call with nparams too small, per API documentation.
	* src/libxl/libxl_driver.c
	(libxlDomainGetSchedulerParametersFlags): Allow fewer than max.

	esx: allow getting < max typed parameters
	Allow the user to call with nparams too small, per API documentation.
	* src/esx/esx_driver.c (esxDomainGetMemoryParameters): Drop
	redundant check.
	(esxDomainGetSchedulerParametersFlags): Allow fewer than max.

	API: document scheduler parameter names
	Document the parameter names that will be used by
	virDomain{Get,Set}SchedulerParameters{,Flags}, rather than
	hard-coding those names in each driver, to match what is
	done with memory, blkio, and blockstats parameters.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SCHEDULER_CPU_SHARES)
	(VIR_DOMAIN_SCHEDULER_VCPU_PERIOD)
	(VIR_DOMAIN_SCHEDULER_VCPU_QUOTA, VIR_DOMAIN_SCHEDULER_WEIGHT)
	(VIR_DOMAIN_SCHEDULER_CAP, VIR_DOMAIN_SCHEDULER_RESERVATION)
	(VIR_DOMAIN_SCHEDULER_LIMIT, VIR_DOMAIN_SCHEDULER_SHARES): New
	field name macros.
	* src/qemu/qemu_driver.c (qemuSetSchedulerParametersFlags)
	(qemuGetSchedulerParametersFlags): Use new defines.
	* src/test/test_driver.c (testDomainGetSchedulerParamsFlags)
	(testDomainSetSchedulerParamsFlags): Likewise.
	* src/xen/xen_hypervisor.c (xenHypervisorGetSchedulerParameters)
	(xenHypervisorSetSchedulerParameters): Likewise.
	* src/xen/xend_internal.c (xenDaemonGetSchedulerParameters)
	(xenDaemonSetSchedulerParameters): Likewise.
	* src/lxc/lxc_driver.c (lxcSetSchedulerParametersFlags)
	(lxcGetSchedulerParametersFlags): Likewise.
	* src/esx/esx_driver.c (esxDomainGetSchedulerParametersFlags)
	(esxDomainSetSchedulerParametersFlags): Likewise.
	* src/libxl/libxl_driver.c (libxlDomainGetSchedulerParametersFlags)
	(libxlDomainSetSchedulerParametersFlags): Likewise.

2011-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix off-by-one printing month in logging code
	The field 'mon' in 'struct tm' gives months 0-11, where as
	humans tend to expect months 1-12. Thus the month number
	needing adjusting by 1
	* src/util/logging.c: Use human friendly month number

	Add missing param initialization in qemuDomainBlockStatsFlags
	* src/qemu/qemu_driver.c: Fix use of uninitialized 'params'

2011-11-02  Wen Congyang  <wency@cn.fujitsu.com>

	fix crash when starting network
	commit 27908453 introduces a regression, and it will
	cause libvirt crashed when starting network.
	The reason is that tapfd may be NULL, but we dereference
	it without checking whether it is NULL.

2011-11-02  Eric Blake  <eblake@redhat.com>

	qemu: allow getting < max typed parameters
	Since all virTypedParameter APIs allow us to return the number
	of slots we actually populated, we should allow the user to
	call with nparams too small (without overrunning their array)
	or too large (ignoring the tail of the array that we can't fill),
	rather than requiring that they get things exactly right.
	Making this change will make it easier for a future patch to
	introduce VIR_TYPED_PARAM_STRING, with filtering in libvirt.c
	rather than in every single driver, since users already have
	to be prepared for *nparams to be smaller on exit than on entry.
	* src/qemu/qemu_driver.c (qemuDomainGetBlkioParameters)
	(qemuDomainGetMemoryParameters): Allow variable nparams on entry.
	(qemuGetSchedulerParametersFlags): Drop redundant check.
	(qemudDomainBlockStats, qemudDomainBlockStatsFlags): Rename...
	(qemuDomainBlockStats, qemuDomainBlockStatsFlags): ...to this.
	Don't return unavailable stats.

	docs: improve typed parameter documentation
	virDomainBlockStatsFlags was missing a check that was present in
	virDomainGetMemoryParameters.  Additionally, I found that the
	existing descriptions were a bit hard to read.  A later patch
	will fix qemu to return fewer than max parameters if @nparams
	was too small on input.
	* src/libvirt.c (virDomainGetMemoryParameters)
	(virDomainGetBlkioParameters, virDomainGetSchedulerParameters)
	(virDomainGetSchedulerParametersFlags):
	Tweak documentation wording.
	(virDomainBlockStatsFlags): Likewise, and add sanity check.

2011-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Don't overwrite error message during VM cleanup
	If an LXC VM fails to start, quite a few cleanup paths will
	result in the original error message being overwritten. Some
	other cleanup paths also forgot to actually terminate the VM.
	* src/lxc/lxc_driver.c: Ensure VM is terminated on startup
	  failure and preserve original error

	Add support for probing filesystem with libblkid
	The LXC code for mounting container filesystems from block devices
	tries all filesystems in /etc/filesystems and possibly those in
	/proc/filesystems. The regular mount binary, however, first tries
	using libblkid to detect the format. Add support for doing the same
	in libvirt, since Fedora's /etc/filesystems is missing many formats,
	most notably ext4 which is the default filesystem Fedora uses!
	* src/Makefile.am: Link libvirt_lxc to libblkid
	* src/lxc/lxc_container.c: Probe filesystem format with libblkid

	Fix error message when failing to detect filesystem
	If we looped through /etc/filesystems trying to mount with each
	type and failed all options, we forget to actually raise an
	error message.
	* src/lxc/lxc_container.c: Raise error if unable to detect
	  the filesystems. Also fix existing error message

	Workaround for broken kernel autofs mounts
	The kernel automounter is mostly broken wrt to containers. Most
	notably if you start a new filesystem namespace and then attempt
	to unmount any autofs filesystem, it will typically fail with a
	weird error message like
	  Failed to unmount '/.oldroot/sys/kernel/security':Too many levels of symbolic links
	Attempting to detach the autofs mount using umount2(MNT_DETACH)
	will also fail with the same error. Therefore if we get any error on
	unmount()ing a filesystem from the old root FS when starting a
	container, we must immediately break out and detach the entire
	old root filesystem (ignoring any mounts below it).
	This has the effect of making the old root filesystem inaccessible
	to anything inside the container, but at the cost that the mounts
	live on in the kernel until the container exits. Given that SystemD
	uses autofs by default, we need LXC to be robust this scenario and
	thus this tradeoff is worthwhile.
	* src/lxc/lxc_container.c: Detach root filesystem if any umount
	  operation fails.

	Correctly handle '*' in /etc/filesystems
	The /etc/filesystems file can contain a '*' on the last line to
	indicate that /proc/filessystems should be tried next. We have
	a check that this '*' only occurs on the last line. Unfortunately
	when we then start reading /proc/filesystems, we mistakenly think
	we've seen '*' in /proc/filesystems and fail
	* src/lxc/lxc_container.c: Skip '*' validation when we're reading
	  /proc/filesystems

	Ensure errno is valid when returning from lxcContainerWaitForContinue
	Only some of the return paths of lxcContainerWaitForContinue will
	have set errno. In other paths we need to set it manually to avoid
	the caller getting a random stale errno value
	* src/lxc/lxc_container.c: Set errno in lxcContainerWaitForContinue

	Create /var/lib/libvirt/filesystems for LXC trees
	We already have a /var/lib/libvirt/images for OS install images.
	We need a separate /var/lib/libvirt/filesystems for OS install
	trees, since SELinux labelling will be different
	* libvirt.spec.in: Add /var/lib/libvirt/filesystems
	* src/Makefile.am: Create /var/lib/libvirt/filesystems

2011-11-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Support folders in the path of vpx:// connection URIs
	Allow the datacenter and compute resource parts of the path
	to be prefixed with folders. Therefore, the way the path is
	parsed has changed. Before, it was split in 2 or 3 items and
	the items' meanings were determined by their positions. Now
	the path can have 2 or more items and the the vCenter server
	is asked whether a folder, datacenter of compute resource
	with the specified name exists at the current hierarchy level.
	Before the datacenter and compute resource lookup automatically
	traversed folders during lookup. This is logic got removed
	and folders have to be specified explicitly.
	The proper datacenter path including folders is now used when
	accessing a datastore over HTTPS. This makes virsh dumpxml
	and define work for datacenters in folders.
	https://bugzilla.redhat.com/show_bug.cgi?id=732676

2011-11-02  Patrice LACHANCE  <patlachance@gmail.com>

	esx: Support vSphere 5.x
	And virtual hardware version 8.

2011-11-02  Wen Ruo Lv  <lvroyce@linux.vnet.ibm.com>

	Fix URI alias prefix matching
	with /etc/libvirt/libvirt.conf below:
	uri_aliases = [
	  "hail=qemu:///system",
	  "sleet=qemu+ssh://root 9 115 122 57/system",
	  "sam=qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock",
	]
	Neither "virsh -c hailly" nor "hai" should result in matching "hail=qemu:///system"
	Fix URI alias prefix matching when connecting

2011-11-02  Eric Blake  <eblake@redhat.com>

	docs: fix typo in <disk>/<target> example
	* docs/formatdomain.html.in: Use dev, not def.
	Reported by Alexander Biryukov.

2011-11-01  Michal Privoznik  <mprivozn@redhat.com>

	ServerClient: Flush cached data
	If daemon is using SASL it reads client data into a cache. This cache is
	big (usually 65KB) and can thus contain 2 or more messages. However,
	on socket event we can dispatch only one message. So if we read two
	messages at once, the second will not be dispatched as the socket event
	goes away with filling the cache.
	Moreover, when dispatching the cache we need to remember to take care
	of client max requests limit.

2011-11-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix storage pool source comparison to avoid comparing with self
	If we are comparing storage pools we must skip comparing with
	ourself, so that re-defining an existing pool works
	* conf/storage_conf.c: Skip self when comparing

2011-11-01  Sage Weil  <sage@newdream.net>

	qemu: pass virConnectPtr into Domain{Attach,Detach}*
	The qemu RBD driver needs access to the conn in order to get the secret
	needed for connecting to the ceph cluster.

2011-11-01  Alex Jia  <ajia@redhat.com>

	qemu: plug memory leak
	Detected by Coverity. Leak introduced in commit 6cabc0b.
	* src/qemu/qemu_command.c: Clean up on failure.

2011-11-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	python: Fix documentation of virStream recv
	This was fixed in be757a3f7baf93b for libvirt.c.

2011-10-31  Michal Privoznik  <mprivozn@redhat.com>

	startupPolicty: Minor cleanups
	This patch does some cleanups to my previous startupPolicy patchset.

2011-10-30  Osier Yang  <jyang@redhat.com>

	qemu: Restore the original states of PCI device when restarting daemon
	To support "managed" mode of host PCI device, we record the original
	states (unbind_from_stub, remove_slot, and reprobe) so that could
	reattach the device to host with original driver. But there is no XML
	for theses attrs, and thus after daemon is restarted, we lose the
	original states. It's easy to reproduce:
	    1) virsh start domain
	    2) virsh attach-device dom hostpci.xml (in 'managed' mode)
	    3) service libvirtd restart
	    4) virsh destroy domain
	    You will see the device won't be bound to the original driver
	if there was one.
	This patch is to solve the problem by introducing internal XML
	(won't be dumped to user, only dumped to status XML). The XML is:
	    <origstates>
	      <unbind/>
	      <remove_slot/>
	      <reprobe/>
	    </origstates>
	Which will be child node of <hostdev><source>...</souce></hostdev>.
	(only for PCI device).
	A new struct "virDomainHostdevOrigStates" is introduced for the XML,
	and the according members are updated when preparing the PCI device.
	And function "qemuUpdateActivePciHostdevs" is modified to honor
	the original states. Use of qemuGetPciHostDeviceList is removed
	in function "qemuUpdateActivePciHostdevs", and the "managed" value of
	the device config is honored by the change. This fixes another problem
	alongside:
	    qemuGetPciHostDeviceList set the device as "managed" force
	    regardless of whether the device is configured as "managed='yes'"
	    or not in XML, which is not right.

2011-10-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Add support for VirtualBox 4.1
	Deal with the incompatible changes in the VirtualBox 4.1 API.
	INetworkAdapter has its different AttachTo* method replaced by
	a settable attachmentType property.
	The maximum number of network adapters is now requestable per
	chipset type.
	The OpenMedium method got a bool parameter to request opening
	a medium under a new IID.

	vbox: Support shared folders
	Shared folders are handled as filesystems and can also be hotplugged.

	xenapi: Improve error reporting in xenapiOpen once again
	privP->session->error_description is a list and in order to get the
	complete error message all parts of the list should be concatenated.
	xenapiSessionErrorHandler does this when its third parameter is NULL.
	The current code discards all but the first part of the error message
	resulting in a potentially incomplete error message.
	This partly reverts 006be75ee214f9b4, that tried to avoid reporting
	a (null) in the error message. The actual problem is more general in
	returnErrorFromSession that might return NULL if there is no error.
	Make sure that returnErrorFromSession return non-NULL always. Also
	don't skip the last error message part.

2011-10-29  Roopa Prabhu  <roprabhu@cisco.com>

	macvtap: Fix error return value convention/inconsistencies
	- changed some return 1's to return -1
	- changed if (rc) error checks to if (rc < 0)
	- fixed some other minor convention violations
	I might have missed some. Can fix in another patch or can respin
	Reported-by: Eric Blake <eblake@redhat.com>
	Reported-by: Laine Stump <laine@laine.org>

2011-10-29  Josh Durgin  <josh.durgin@dreamhost.com>

	Use a common xml type for ceph secret usage.
	The types used in domaincommon.rng and secret.rng should be the same.
	Move genericName to basictypes.rng, then drop redundant types now
	that secret.rng uses basictypes.rng.

2011-10-29  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	pci address conflict when virtio disk with drive type
	When using the xml as below:
	------------------------------------------------------
	<devices>
	  <emulator>/home/soulxu/data/work-code/qemu-kvm/x86_64-softmmu/qemu-system-x86_64</emulator>
	    <disk type='file' device='disk'>
	    <driver name='qemu' type='qcow2'/>
	    <source file='/home/soulxu/data/VM/images/linux.img'/>
	    <target dev='vda' bus='virtio'/>
	    <address type='drive' controller='0' bus='0' unit='0'/>
	  </disk>
	  <input type='mouse' bus='ps2'/>
	  <graphics type='vnc' port='-1' autoport='yes'/>
	  <video>
	    <model type='cirrus' vram='9216' heads='1'/>
	    <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
	  </video>
	  <memballoon model='virtio'>
	    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
	  </memballoon>
	</devices>
	------------------------------------------------------
	Then can't startup qemu, the error message as below:
	virsh # start test-vm
	error: Failed to start domain test-vm
	error: internal error process exited while connecting to monitor: qemu-system-x86_64: -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3: PCI: slot 3 function 0 not available for virtio-balloon-pci, in use by virtio-blk-pci
	qemu-system-x86_64: -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3: Device 'virtio-balloon-pci' could not be initialized
	So adding check for bus type and address type. Only the address of pci type support by virtio bus.

2011-10-29  Eric Blake  <eblake@redhat.com>

	secret: fix bad patch application
	In hand-applying Josh and Sage's patch, I missed out on a break.
	* src/conf/secret_conf.c (virSecretDefFree): Fix my botch.

2011-10-29  Josh Durgin  <josh.durgin@dreamhost.com>

	storage: add auth to virDomainDiskDef
	Add additional fields to let you specify the how to authenticate with a disk.
	The secret to use may be referenced by a usage string or a UUID, i.e.:
	<auth username='myuser'>
	 <secret type='ceph' usage='secretname'/>
	</auth>
	or
	<auth username='myuser'>
	 <secret type='ceph' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
	</auth>

2011-10-29  Sage Weil  <sage@newdream.net>

	secret: add Ceph secret type
	Add a new secret type to store a Ceph authentication key. The name
	is simply an identifier for easy human reference.
	The xml looks like this:
	<secret ephemeral='no' private='no'>
	 <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid>
	 <usage type='ceph'>
	   <name>mycluster_admin</name>
	 </usage>
	</secret>

2011-10-29  Alex Jia  <ajia@redhat.com>

	qemu: plug memory leak
	Leak introduced in commit c1bc3d89.
	Detected by valgrind:
	==18462== 1,100 bytes in 1 blocks are definitely lost in loss record 183 of 184
	==18462==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==18462==    by 0x4A06167: realloc (vg_replace_malloc.c:525)
	==18462==    by 0x4AADBB: virReallocN (memory.c:161)
	==18462==    by 0x4A975E: virBufferGrow (buf.c:117)
	==18462==    by 0x4A9D92: virBufferVasprintf (buf.c:290)
	==18462==    by 0x4A9EF7: virBufferAsprintf (buf.c:263)
	==18462==    by 0x429488: qemuBuildControllerDevStr (qemu_command.c:1993)
	==18462==    by 0x42C4B6: qemuBuildCommandLine (qemu_command.c:3803)
	==18462==    by 0x41A604: testCompareXMLToArgvHelper (qemuxml2argvtest.c:124)
	==18462==    by 0x41BB81: virtTestRun (testutils.c:141)
	==18462==    by 0x416DFF: mymain (qemuxml2argvtest.c:369)
	==18462==    by 0x41B277: virtTestMain (testutils.c:696)
	==18462==
	==18462== LEAK SUMMARY:
	==18462==    definitely lost: 1,100 bytes in 1 blocks
	==18462==    indirectly lost: 0 bytes in 0 blocks
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Clean up on success.

2011-10-28  Eric Blake  <eblake@redhat.com>

	qemu: avoid leaking uninit data from hotplug to dumpxml
	Detected by Coverity.  The fix in 2c27dfa didn't catch all bad
	instances of memcpy().  Thankfully, on further analysis, all of
	the problematic uses are only triggered by old qemu that lacks
	-device.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachPciDiskDevice)
	(qemuDomainAttachNetDevice, qemuDomainAttachHostPciDevice): Init
	all fields since monitor only populates some of them.

2011-10-28  Ryota Ozaki  <ozaki.ryota@gmail.com>

	util: Fix virUUIDGeneratePseudoRandomBytes
	It forgets to move a pointer to a buffer for UUID and as a result
	fills only the first byte of the buffer.

2011-10-28  Daniel P. Berrange  <berrange@redhat.com>

	Implement RPC driver support for virDomainOpenGraphics
	Since it needs to access file descriptors passed in the msg,
	the RPC driver for virDomainOpenGraphics needs to be manually
	implemented.
	* daemon/remote.c: RPC server dispatcher
	* src/remote/remote_driver.c: RPC client dispatcher
	* src/remote/remote_protocol.x: Define protocol

	Extend RPC server to allow FD passing
	The RPC server classes are extended to allow FDs to be received
	from clients with calls. There is not currently any way for a
	procedure to pass FDs back to the client with replies
	* daemon/remote.c, src/rpc/gendispatch.pl: Change virNetMessageHeaderPtr
	  param to virNetMessagePtr in dispatcher impls
	* src/rpc/virnetserver.c, src/rpc/virnetserverclient.c,
	  src/rpc/virnetserverprogram.c, src/rpc/virnetserverprogram.h:
	  Extend to support FD passing

	Add client side support for FD passing
	Extend the RPC client code to allow file descriptors to be sent
	to the server with calls, and received back with replies.
	* src/remote/remote_driver.c: Stub extra args
	* src/libvirt_private.syms, src/rpc/virnetclient.c,
	  src/rpc/virnetclient.h, src/rpc/virnetclientprogram.c,
	  src/rpc/virnetclientprogram.h: Extend APIs to allow
	  FD passing

	Extend RPC protocol to allow FD passing
	Define two new RPC message types VIR_NET_CALL_WITH_FDS and
	VIR_NET_REPLY_WITH_FDS. These message types are equivalent
	to VIR_NET_CALL and VIR_NET_REPLY, except that between the
	message header, and payload there is a 32-bit integer field
	specifying how many file descriptors have been passed.
	The actual file descriptors are sent/recv'd out of band.
	* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h,
	  src/libvirt_private.syms: Add support for handling
	  passed file descriptors
	* src/rpc/virnetprotocol.x: Extend protocol for FD
	  passing

	Add APIs for virNetSocket for sending/receiving file descriptors
	Add APIs to the virNetSocket object, to allow file descriptors
	to be sent/received over UNIX domain socket connections
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h,
	  src/libvirt_private.syms: Add APIs for FD send/recv

	Wire up QEMU implementation for virDomainOpenGraphics
	The QEMU monitor command 'add_client' can be used to connect to
	a VNC or SPICE graphics display. This allows for implementation
	of the virDomainOpenGraphics API
	* src/qemu/qemu_driver.c: Implement virDomainOpenGraphics
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Add binding for 'add_client' command

	Extend graphics event to include UNIX socket
	Not all VNC/SPICE servers use a TCP socket for their connections.
	It is possible to configure a UNIX socket server. The graphics
	event must thus include a UNIX socket address type.
	* include/libvirt/libvirt.h.in: Add UNIX socket address type
	  for graphics event
	* src/qemu/qemu_monitor_json.c: Add 'unix' string to address
	  type enum

	Introduce the virDomainOpenGraphics API
	The virDomainOpenGraphics API allows a libvirt client to pass in
	a file descriptor for an open socket pair, and get it connected
	to the graphics display of the guest. This is limited to working
	with local libvirt hypervisors connected over a UNIX domain
	socket, since it will use UNIX FD passing
	* include/libvirt/libvirt.h.in: Define virDomainOpenGraphics
	* src/driver.h: Define driver for virDomainOpenGraphics
	* src/libvirt_public.syms, src/libvirt.c: Entry point for
	  virDomainOpenGraphics
	* src/libvirt_internal.h: VIR_DRV_FEATURE_FD_PASSING

	Remove trailing whitespace from all xfig files
	The 5th line of every xfig file has 'Letter   ' which
	annoys GITs trailing-whitespace commit hook. Hand edit
	the files to remove that trailing whitespace
	* docs/*.fig: Remove trailing whitespace

	Add documentation about migration.
	This adds a page documenting many aspects of migration:
	 - The types of migration (managed direct, p2p, unmanaged direct)
	 - Data transports (native, tunnelled)
	 - Migration URIs
	 - Config file handling
	 - Example scenarios
	* libvirt.css: Rules for data tables and diagrams
	* Makefile.am: Include extra png/fig files
	* migration-managed-direct.fig, migration-managed-direct.png,
	  migration-managed-direct.png, migration-managed-p2p.png,
	  migration-native.fig, migration-native.png,
	  migration-tunnel.fig, migration-tunnel.png,
	  migration-unmanaged-direct.fig, migration-unmanaged-direct.png:
	  Diagrams of migration
	* migration.html.in, sitemap.html.in: New migration doc

2011-10-28  Ryota Ozaki  <ozaki.ryota@gmail.com>

	virsh: Fix error message on vol-create-from failure
	If vol-create-from is failed due to 'input volume not found',
	virsh outputs like this:
	  $ sudo virsh vol-create-from testpool test-vol.xml test.img
	  error: failed to get vol 'test.img', specifying --pool might help
	  error: Storage volume not found: no storage vol with matching path
	However, '--pool' is incorrect because it is already specified as
	second argument ('testpool' in this case). It should be "--inputpool".
	The patch fixes this by using pooloptname, which will be "inputpool"
	in this case and "pool" in other cases, as error message.

2011-10-28  Tyler Coumbes  <coumbes@gmail.com>

	bridge: modify for use when sVirt is enabled with qemu
	This refactors the TAP creation code out of brAddTap into a new
	function brCreateTap to allow it to be used on its own. I have also
	changed ifSetInterfaceMac to brSetInterfaceMac and exported it since
	it is will be needed by code outside of util/bridge.c in the next
	patch.
	 AUTHORS                 |    1 +
	 src/libvirt_bridge.syms |    2 +
	 src/util/bridge.c       |  116 +++++++++++++++++++++++++++++++----------------
	 src/util/bridge.h       |    9 ++++
	 4 files changed, 89 insertions(+), 39 deletions(-)

2011-10-28  Jiri Denemark  <jdenemar@redhat.com>

	Use virXMLSaveFile when writing XML config

	Introduce virXMLSaveFile as a wrapper for virFileRewrite
	Every time we write XML into a file we call virEmitXMLWarning to write a
	warning that the file is automatically generated. virXMLSaveFile
	simplifies this into a single step and makes rewriting existing XML file
	safe by using virFileRewrite internally.

	Introduce virFileRewrite for safe file rewrite
	When saving config files we just overwrite old content of the file. In
	case something fails during that process (e.g. disk gets full) we lose
	both old and new content. This patch makes the process more robust by
	writing the new content into a separate file and only if that succeeds
	the original file is atomically replaced with the new one.

2011-10-27  Daniel P. Berrange  <berrange@redhat.com>

	Add a systemtap script for watching QEMU monitor interactions
	This change adds some systemtap/dtrace probes to the QEMU monitor
	client code. In particular it allows watching of all operations
	for a VM
	* examples/systemtap/qemu-monitor.stp: Watch all monitor commands
	* src/Makefile.am: Passing libdir/bindir/sbindir to dtrace2systemtap.pl
	* src/dtrace2systemtap.pl: Accept libdir/bindir/sbindir as args
	  and look for '# binary:' comment to mark probes against libvirtd
	  vs libvirt.so
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor_json.c,
	  src/qemu/qemu_monitor_text.c: Add probes for key functions

2011-10-27  Peter Krempa  <pkrempa@redhat.com>

	lxc: Revert zeroing count of allocated items if VIR_REALLOC_N fails
	Previous commit clears number of items alocated in lxcSetupLoopDevices
	if VIR_REALLOC_N fails. In that case, the pointer is not NULL, and
	causes leaking FDs that have been allocated.
	 *  src/lxc/lxc_controller.c: revert zeroing array size

2011-10-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in virFileAccessibleAs
	* src/util/util.c: s/git_t/gid_t/ in parameter list of virFileAccessibleAs

2011-10-27  Alex Jia  <ajia@redhat.com>

	lxc: avoid null deref on lxcSetupLoopDevices failure
	If the function lxcSetupLoopDevices(def, &nloopDevs, &loopDevs) failed,
	the variable loopDevs will keep a initial NULL value, however, the
	function VIR_FORCE_CLOSE(loopDevs[i]) will directly deref it.
	This patch also fixes returning a bogous number of devices from
	lxcSetupLoopDevices on an error path.
	* rc/lxc/lxc_controller.c: fixed a null pointer dereference.

	lxc: avoid missing '{' in the function
	Cppcheck detected a syntaxError on lxcDomainInterfaceStats.
	* src/lxc/lxc_driver.c: fixed missing '{' in the function lxcDomainInterfaceStats.

2011-10-27  Eric Blake  <eblake@redhat.com>

	qemu: simplify use of HAVE_YAJL
	Rather than making all clients of monitor commands that are JSON-only
	check whether yajl support was compiled in, it is simpler to just
	avoid setting the capability bit up front if we can't use the capability.
	* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Only set
	capability bit if we also have yajl library to use it.
	* src/qemu/qemu_driver.c (qemuDomainReboot): Drop #ifdefs.
	* src/qemu/qemu_process.c (qemuProcessStart): Likewise.
	* tests/qemuhelptest.c (testHelpStrParsing): Pass test even
	without yajl.
	* tests/qemuxml2argvtest.c (mymain): Simplify use of json flag.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-*.args:
	Update expected results to match.

	snapshot: minor cleanups from reviewing indentation
	Break some long lines, and use more efficient functions when possible,
	such as relying on virBufferEscapeString to skip output on a NULL arg.
	Ensure that output does not embed newlines, since auto-indent won't
	work in those situations.
	* src/conf/domain_conf.c (virDomainTimerDefFormat): Break output lines.
	(virDomainDefFormatInternal, virDomainDiskDefFormat)
	(virDomainActualNetDefFormat, virDomainNetDefFormat)
	(virDomainHostdevDefFormat): Minor cleanups.

	snapshot: simplify indentation of disk encryption xml
	Use auto-indent in more places.
	* src/conf/storage_encryption_conf.h (virStorageEncryptionFormat):
	Drop parameter.
	* src/conf/storage_encryption_conf.c (virStorageEncryptionFormat)
	(virStorageEncryptionSecretFormat): Simplify with auto-indent.
	* src/conf/domain_conf.c (virDomainDiskDefFormat): Adjust caller.
	* src/conf/storage_conf.c (virStorageVolTargetDefFormat): Likewise.

	snapshot: simplify indentation of nwfilter
	Fixing this involved some refactoring of common code out of
	domain_conf and nwfilter_conf into nwfilter_params.
	* src/conf/nwfilter_params.h (virNWFilterFormatParamAttributes):
	Adjust signature.
	* src/conf/nwfilter_params.c (_formatParameterAttrs)
	(virNWFilterFormatParamAttributes): Adjust indentation handling,
	and handle filterref here.
	(formatterParam): Delete unused struct.
	* src/conf/domain_conf.c (virDomainNetDefFormat): Adjust caller.
	* src/conf/nwfilter_conf.c (virNWFilterIncludeDefFormat): Likewise.

	storage: avoid null deref on qemu-img failure
	Detected by Coverity.  Only possible if qemu-img gives bogus output,
	but we might as well be robust.
	* src/storage/storage_backend.c
	(virStorageBackendQEMUImgBackingFormat): Check for strstr failure.

	build: avoid RHEL 5 build failure on LXC
	Per the discussion here, LXC on RHEL 5 makes no sense.
	https://www.redhat.com/archives/libvir-list/2011-September/msg01169.html
	* configure.ac (with_lxc): Reject RHEL 5.x LXC as too old.

2011-10-25  Eric Blake  <eblake@redhat.com>

	build: use gnulib fdatasync
	Commit 1726a73 hacked around MacOS' lack of fdatasync, since
	gnulib did not have it at the time.  But now that we use newer
	gnulib, we can avoid the hack.
	* bootstrap.conf (gnulib_modules): Add fdatasync.
	* configure.ac (AC_CHECK_FUNCS_ONCE): Drop our own check.

2011-10-25  Daniel P. Berrange  <berrange@redhat.com>

	Add REMOTE_PROC_DOMAIN_EVENT_DISK_CHANGE to remote_protocol-structs
	* src/remote_protocol-structs: Add new event

2011-10-25  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: extend schema to support new targets
	Extend the nwfilter schema to support the continue and return targets.

2011-10-25  Michal Privoznik  <mprivozn@redhat.com>

	util: Add virFileAccessibleAs to private symbols
	Commit 458b7099b2e791b58f1286002974927d3e8bcc80 introduced this
	function. However it was not added into libvirt_private.syms so
	the compilation may not succeed on some hosts.

	startupPolicy: Emit event on disk source dropping
	If a disk source gets dropped because it is not accessible,
	mgmt application might want to be informed about this. Therefore
	we need to emit an event. The event presented in this patch
	is however a bit superset of what written above. The reason is simple:
	an intention to be easily expanded, e.g. on 'user ejected disk
	in guest' events. Therefore, callback gets source string and disk alias
	(which should be unique among a domain) and reason (an integer);

	qemu: implement startupPolicy
	This patch implements on_missing feature in qemu driver.
	Upon qemu startup process an accessibility of CDROMs
	and floppy disks is checked. The source might get dropped
	if unavailable and on_missing is set accordingly.
	No event is emit thought. Look for follow up patch.

	qemu: Move device alias assigning before command line construction
	This patch is rather cosmetic as it only moves device alias
	assignation from command line construction just before that.
	However, it is needed in connotation of previous and next patch.

	util: Create virFileAccessibleAs function
	This function checks if a given path is accessible under
	given uid and gid.

	conf: Introduce optional startupPolicy attribute for cdrom and floppy
	This attribute says what to do with cdrom (or floppy) if
	the source is missing. It accepts:
	- mandatory - fail if missing for any reason (the default)
	- requisite - fail if missing on boot up, drop if missing on
	              migrate/restore/revert
	- optional  - drop if missing at any start attempt.
	However, this patch introduces only XML part of this new
	functionality.

2011-10-25  Eric Blake  <eblake@redhat.com>

	storage: make previous leak less likely to regress
	Splitting into two functions allows the user to call the right
	function, rather than having to remember that a *Free function is
	an exception to the rule.
	* src/conf/storage_conf.h (virStoragePoolSourceClear): New function.
	* src/libvirt_private.syms (storage_conf.h): Export it.
	* src/conf/storage_conf.c (virStoragePoolSourceFree): Split...
	(virStoragePoolSourceClear): ...into new function.
	(virStoragePoolDefFree, virStoragePoolDefParseSourceString):
	Update callers.
	* src/test/test_driver.c (testStorageFindPoolSources): Likewise.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemNetFindPoolSourcesFunc)
	(virStorageBackendFileSystemNetFindPoolSources): Likewise.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIFindPoolSources): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalFindPoolSources): Likewise.

	storage: plug iscsi memory leak
	Detected by Coverity.  virStoragePoolSourceFree does not free the
	actual passed-in pointer.  A bigger patch would be to rename it
	virStoragePoolSourceClear to match behavior, or even split it into
	two functions depending on needed behavior; but this is the minimal
	fix to the one location out of eight that leaked memory.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIFindPoolSources): Free memory.

	waitpid: improve safety
	Based on a report by Coverity.  waitpid() can leak resources if it
	fails with EINTR, so it should never be used without checking return
	status.  But we already have a helper function that does that, so
	use it in more places.
	* src/lxc/lxc_container.c (lxcContainerAvailable): Use safer
	virWaitPid.
	* daemon/libvirtd.c (daemonForkIntoBackground): Likewise.
	* tests/testutils.c (virtTestCaptureProgramOutput, virtTestMain):
	Likewise.
	* src/libvirt.c (virConnectAuthGainPolkit): Simplify with virCommand.

	qemu: avoid leaking uninit data from hotplug to dumpxml
	Detected by Coverity.  Both text and JSON monitors set only the
	bus and unit fields, which means driveAddr.controller spends
	life as garbage on the stack, and is then memcpy()'d into the
	in-memory representation which the user can see via dumpxml.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachSCSIDisk): Only copy
	defined fields.

2011-10-24  Ryota Ozaki  <ozaki.ryota@gmail.com>

	virsh: Fix vol-info's 'Type' output
	We have a new vol type "dir" in addition to "file" and "block", but
	virsh doesn't know it. Fix it.
	Additionally, the patch lets virsh output "unknown" if not matched
	any of them.

2011-10-21  Ryota Ozaki  <ozaki.ryota@gmail.com>

	docs: Document filesystem type='block' for LXC
	Commit 77791dc0e allows LXC to use a host block device as a guest
	filesystem, but it isn't documented yet.

2011-10-21  David L Stevens  <dlstevens@us.ibm.com>

	support continue/return targets in nwfilter
		This patch adds support for "continue" and "return" actions
	in filter rules.

2011-10-21  Eric Blake  <eblake@redhat.com>

	snapshot: simplify indentation of network xml
	More simplifications possible due to auto-indent.  Also,
	<bandwidth> within <actual> was only using 6 instead of 8 spaces.
	* src/util/network.h (virVirtualPortProfileFormat)
	(virBandwidthDefFormat): Alter signature.
	* src/util/network.c (virVirtualPortProfileFormat)
	(virBandwidthDefFormat): Alter indentation.
	(virBandwidthChildDefFormat): Tweak to make use easier.
	* src/conf/network_conf.c (virPortGroupDefFormat)
	(virNetworkDefFormat): Adjust callers.
	* src/conf/domain_conf.c (virDomainNetDefFormat): Likewise.
	(virDomainActualNetDefFormat): Likewise, and fix bandwidth
	indentation.

	snapshot: simplify indentation of cpu features
	Auto-indent makes life a bit easier; this patch also drops unused
	arguments and replaces a misspelled flag name with two entry points
	instead, so that callers don't have to worry about how much spacing
	is present when embedding cpu elements.
	* src/conf/cpu_conf.h (virCPUFormatFlags): Delete.
	(virCPUDefFormat): Drop unused argument.
	(virCPUDefFormatBuf): Alter signature.
	(virCPUDefFormatBufFull): New prototype.
	* src/conf/cpu_conf.c (virCPUDefFormatBuf): Split...
	(virCPUDefFormatBufFull): ...into new function.
	(virCPUDefFormat): Adjust caller.
	* src/conf/domain_conf.c (virDomainDefFormatInternal): Likewise.
	* src/conf/capabilities.c (virCapabilitiesFormatXML): Likewise.
	* src/cpu/cpu.c (cpuBaselineXML): Likewise.
	* tests/cputest.c (cpuTestCompareXML): Likewise.

	snapshot: simplify indentation of sysinfo
	The improvements to virBuffer, along with a paradigm shift to pass
	the original buffer through rather than creating a second buffer,
	allow us to shave off quite a few lines of code.
	* src/util/sysinfo.h (virSysinfoFormat): Alter signature.
	* src/util/sysinfo.c (virSysinfoFormat, virSysinfoBIOSFormat)
	(virSysinfoSystemFormat, virSysinfoProcessorFormat)
	(virSysinfoMemoryFormat): Change indentation parameter.
	* src/conf/domain_conf.c (virDomainSysinfoDefFormat): Adjust
	caller.
	* src/qemu/qemu_driver.c (qemuGetSysinfo): Likewise.

	snapshot: test domainsnapshot indentation
	Add a test for the simple parts of my indentation changes, and
	fix the fallout.
	* tests/domainsnapshotxml2xmltest.c: New test.
	* tests/Makefile.am (domainsnapshotxml2xmltest_SOURCES): Build it.
	* src/conf/domain_conf.c (virDomainSnapshotDefFormat): Avoid NULL
	deref, match documented order.
	* src/conf/domain_conf.h (virDomainSnapshotDefFormat): Add const.
	* tests/domainsnapshotxml2xmlout/all_parameters.xml: Tweak output.
	* tests/domainsnapshotxml2xmlout/disk_snapshot.xml: Likewise.
	* tests/domainsnapshotxml2xmlout/full_domain.xml: Likewise.
	* .gitignore: Exempt new binary.

	snapshot: indent domain xml when nesting
	<domainsnapshot> is the first public instance of <domain> being
	used as a sub-element, although we have two other private uses
	(runtime state, and migration cookie).  Although indentation has
	no effect on XML parsing, using it makes the output more consistent.
	This uses virBuffer auto-indentation to obtain the effect, for all
	but the portions of <domain> that are not generated a line at a
	time into the same virBuffer.  Further patches will clean up the
	remaining problems.
	* src/conf/domain_conf.h (virDomainDefFormatInternal): New prototype.
	* src/conf/domain_conf.c (virDomainDefFormatInternal): Export.
	(virDomainObjFormat, virDomainSnapshotDefFormat): Update callers.
	* src/libvirt_private.syms (domain_conf.h): Add new export.
	* src/qemu/qemu_migration.c (qemuMigrationCookieXMLFormat): Use
	new function.
	(qemuMigrationCookieXMLFormatStr): Update caller.

	virbuf: add auto-indentation support
	Rather than having to adjust all callers in a chain to deal with
	indentation, it is nicer to have virBuffer do auto-indentation.
	* src/util/buf.h (_virBuffer): Increase size.
	(virBufferAdjustIndent, virBufferGetIndent): New prototypes.
	* src/libvirt_private.syms (buf.h): Export new functions.
	* src/util/buf.c (virBufferAdjustIndent, virBufferGetIndent): New
	functions.
	(virBufferSetError, virBufferAdd, virBufferAddChar)
	(virBufferVasprintf, virBufferStrcat, virBufferURIEncodeString):
	Implement auto-indentation.
	* tests/virbuftest.c (testBufAutoIndent): Test it.
	(testBufInfiniteLoop): Don't rely on internals.
	Idea by Daniel P. Berrange.

	virbuf: more detailed error reporting
	The next patch wants to add some sanity checking, which would
	be a different error than ENOMEM.  Many existing callers blindly
	report OOM failure if virBuf reports an error, and this will be
	wrong in the (unlikely) case that they actually had a usage error
	instead; but since the most common error really is ENOMEM, I'm
	not going to fix all callers.  Meanwhile, new discriminating
	callers can react differently depending on what failure happened.
	* src/util/buf.c (virBufferSetError): Add parameter.
	(virBufferGrow, virBufferVasprintf, virBufferEscapeString)
	(virBufferEscapeSexpr, virBufferEscapeShell): Adjust callers.

	virbuf: improve testsuite reporting
	I had some temporary test failures while working on virbuf
	improvements in later patches, with output that looked like:
	Expected [<]
	Actual [  <]
	which is pretty hard to figure out.  Adding an Offset designation
	made it much easier to find which particular '<' was at the
	wrong indentation, to fix the right part of the code.
	* tests/testutils.c (virtTestDifference): Make it easier to
	diagnose test failures.

	virbuf: fix const-correctness
	Although the compiler wasn't complaining (since it was the pointer,
	rather than what was being pointed to, that was actually const), it
	looks quite suspicious to call a function with an argument labeled
	const when the nature of the pointer (virBufferPtr) is hidden behind
	a typedef.  Dropping const makes the function declarations easier
	to read.
	* src/util/buf.h: Drop const from all functions that modify buffer
	argument.
	* src/util/buf.c (virBufferSetError, virBufferAdd)
	(virBufferContentAndReset, virBufferFreeAndReset)
	(virBufferAsprintf, virBufferVasprintf, virBufferEscapeString)
	(virBufferEscapeSexpr, virBufferEscape): Fix fallout.

2011-10-21  Laine Stump  <laine@laine.org>

	docs: fix incorrect info about routed networks
	In a recent expansion of the documentation on network forward modes, I
	incorrectly stated that incoming sessions to guests on routed networks
	were blocked. This is true for guests on NATed networks, but not
	routed. This patch corrects that error, and adds a pointer to the
	nwfilter page for those who do want to restrict incoming sessions to
	hosts on routed networks.

2011-10-21  tangchen  <tangchen@cn.fujitsu.com>

	qemu: allow json in domxml-to-native
	There is a little difference between the output of domxml-to-native and the actual commandline.
	No matter qemu is in control or readline mode, domxml-to-native always converts it to readline mode.
	That is because the parameter "monitor_json" for qemuBuildCommandLine() is always set to false
	in qemuDomainXMLToNative().

2011-10-21  Eric Blake  <eblake@redhat.com>

	docs: document managed=yes of hostdev passthrough
	Clarify some of the effects of managed passthrough <hostdev> devices;
	with recent changes (commit d093547), a nodedev-reattach is only needed
	to pair up to an explicit nodedev-dettach (but beware that older
	virt-manager has a bug where it uses explicit nodedev-dettach under the
	hood when using the gui to hotplug a hostdev device).
	* docs/formatdomain.html.in: Mention reattach.
	* tools/virsh.pod (nodedev): Mention managed mode.

2011-10-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix virFileOpenTty definition on Win32
	Stub out a complete impl of virFileOpenTty to avoid unused
	parameter warnings
	* src/util/util.c: Fix virFileOpenTty on Win32

2011-10-20  Hu Tao  <hutao@cn.fujitsu.com>

	support setting bandwidth from virsh attach-interface
	Adds two options, inbound and outbound, to attach-interface to set
	bandwidth when attaching interfaces

2011-10-20  Serge E. Hallyn  <serge.hallyn@canonical.com>

	lxc: use hand-rolled code in place of unlockpt and grantpt
	The glibc ones (intentionally) cannot handle ptys opened in a
	devpts not mounted at /dev/pts.
	Drop the (un-exported, unused) virFileOpenTtyAt.

2011-10-20  Eric Blake  <eblake@redhat.com>

	build: ignore test executable
	* .gitignore: Add exemption.

2011-10-19  Philipp Hahn  <hahn@univention.de>

	qemu: Test name-space handling
	Add test cases for parsing the qemu-name-space.
	This is based on qemuxml2argv{test,data/}, but can not reside in
	qemuxml2argv{test,data/} because ...
	1. qemuxmlns-qemu-ns-domain.xml is not schema-valid and breaks
	domainschematest. The test is still important to detect xmlns:qemu
	bindings to a name-space other than
	http://libvirt.org/schemas/domain/qemu/1.0
	2. they break qemuxml2xml, because the xmlns:qemu binding is moved to
	the top-level <domain> element when converting from argv to xml.

	qemu: Fix name-space handling
	The XML parser for the qemu specific extensions expects the qemu name-space
	to be bound to the 'qemu' prefix. This is too strict, since the name of the
	name-space-prefix is only meant as an internal lookup key. Only the associated
	URI is relevant.
	<domain>...
	  <qemu:commandline xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0">
	  ...</qemu:commandline>
	</domain>
	<domain xmlns:ns0="http://libvirt.org/schemas/domain/qemu/1.0">...
	  <ns0:commandline>
	  ...</ns0:commandline>
	</domain>
	<domain xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0">
	  <qemu:commandline xmlns:qemu="urn:foo">
	  ...</qemu:commandline>
	</domain>
	Remove the test for checking the name-space binding on the top-level <domain>
	element. Registering the name-space with XPath is enough.

2011-10-19  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	compile: fix undefined reference to gnutls_x509_crt_get_dn with gcc-4.6.1
	When I compile libvirt with gcc-4.6.1 in ubuntu 11.10, got error as below:
	  CCLD   libvirtd
	/usr/bin/ld: ../src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_migration.o): undefined reference to symbol 'gnutls_x509_crt_get_dn@@GNUTLS_1_4'
	/usr/bin/ld: note: 'gnutls_x509_crt_get_dn@@GNUTLS_1_4' is defined in DSO /usr/lib/x86_64-linux-gnu/libgnutls.so so try adding it to the linker command line
	/usr/lib/x86_64-linux-gnu/libgnutls.so: could not read symbols: Invalid operation
	collect2: ld returned 1 exit status
	make[3]: *** [libvirtd] Error 1
	It can compile with gcc-4.5.2 in ubuntu 11.04, but it can not compile with gcc-4.6.1 in ubuntu 11.10.
	I didn't find reason. Does Anyone know the reason or the different between gcc-4.5.2 and gcc-4.6.1?
	I still provide a patch for this. Just make it is working now.

2011-10-19  Daniel P. Berrange  <berrange@redhat.com>

	Replace virBufferAdd with virBufferAddLit for const string
	The statement
	        virBufferAdd(buf, "''", 2);
	triggers a syntax-check warning
	* src/util/buf.c: Replace virBufferAdd with virBufferAddLit

2011-10-19  Philipp Hahn  <hahn@univention.de>

	documentation: trivial spelling fix

2011-10-19  Daniel P. Berrange  <berrange@redhat.com>

	Allow for URI aliases when connecting to libvirt
	This adds support for a libvirt client configuration file
	either /etc/libvirt/libvirt.conf for privileged clients,
	or $HOME/.libvirt/libvirt.conf for unprivileged clients.
	It allows one parameter
	 uri_aliases = [
	   "hail=qemu+ssh://root@hail.cloud.example.com/system",
	   "sleet=qemu+ssh://root@sleet.cloud.example.com/system",
	 ]
	Any call to virConnectOpen with a non-NULL URI will first
	attempt to match against the uri_aliases list. An application
	can disable this by using VIR_CONNECT_NO_ALIASES
	* docs/uri.html.in: Document URI aliases
	* include/libvirt/libvirt.h.in: Add VIR_CONNECT_NO_ALIASES
	* libvirt.spec.in, mingw32-libvirt.spec.in: Add /etc/libvirt/libvirt.conf
	* src/Makefile.am: Install default config file
	* src/libvirt.c: Add support for URI aliases
	* src/remote/remote_driver.c: Don't try to handle URIs
	  with no scheme and which clearly are not paths
	* src/util/conf.c: Don't raise error on virConfFree(NULL)
	* src/xen/xen_driver.c: Don't raise error on URIs
	  with no scheme

	Add support for autodestroy of guests to the LXC and UML drivers
	We recently added support for VIR_DOMAIN_START_AUTODESTROY and
	an impl to the QEMU driver. It is very desirable to support in
	other drivers, so this adds it to LXC and UML
	* src/lxc/lxc_conf.h, src/lxc/lxc_driver.c,
	  src/uml/uml_conf.h, src/uml/uml_driver.c: Wire up autodestroy
	  functions

2011-10-19  Guido Günther  <agx@sigxcpu.org>

	Use virBufferEscapeShell in cmdEcho

	qemu: replace qemuMonitorEscapeShell by virBufferEscapeShell

	virBufferEscapeShell: Emit quotes for the empty string
	Make the empty string return '' to match cmdEcho's behavior.

2011-10-19  Eric Blake  <eblake@redhat.com>

	snapshot: detect when qemu lacks disk-snapshot support
	Noticed when testing new libvirt against old qemu that lacked the
	snapshot_blkdev HMP command.  Libvirt was mistakenly treating the
	command as successful, and re-writing the domain XML to use the
	just-created 0-byte file, rendering the domain broken on restart.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextDiskSnapshot):
	Notice another possible error message.
	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive): Don't keep 0-byte file
	on failure.

2011-10-18  Guido Günther  <agx@sigxcpu.org>

	virBufferEscapeShell: Fix escaping of single quotes.
	When checking if we need to escape a single quote we were looking at the
	character after the quote instead of at the quote itself.

2011-10-18  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	compile: Add a missing function 'pciDeviceListFind' to libvirt_private.syms
	compile error:
	./src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_hostdev.o): In function `qemuPrepareHostdevPCIDevices':
	/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:183: undefined reference to `pciDeviceListFind'
	/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:230: undefined reference to `pciDeviceListFind'
	./src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_hostdev.o): In function `qemuGetActivePciHostDeviceList':
	/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:102: undefined reference to `pciDeviceListFind'
	./src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_hostdev.o): In function `qemuDomainReAttachHostdevDevices':
	/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:370: undefined reference to `pciDeviceListFind'

2011-10-18  Osier Yang  <jyang@redhat.com>

	qemu: Do not wait if the PCI device is not managed when reattaching
	Waiting for qemu-kvm cleaning up the PCI bar(s) mapping with long time
	while the device is not managed is just waste of time.

2011-10-18  Jim Fehlig  <jfehlig@suse.com>

	Add AHCI support to qemu driver
	Tested with multiple AHCI controllers and multiple disks attached
	to a controller. E.g.,
	    <disk type='file' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source file='/var/lib/libvirt/images/test/disk0.raw'/>
	      <target dev='sda' bus='sata'/>
	      <address type='drive' controller='0' bus='0' unit='0'/>
	    </disk>
	    <disk type='file' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source file='/var/lib/libvirt/images/test/disk1.raw'/>
	      <target dev='sdb' bus='sata'/>
	      <address type='drive' controller='0' bus='0' unit='1'/>
	    </disk>
	    <disk type='file' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source file='/var/lib/libvirt/images/test/disk2.raw'/>
	      <target dev='sdc' bus='sata'/>
	      <address type='drive' controller='1' bus='0' unit='0'/>
	    </disk>
	    <controller type='sata' index='0'>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
	    </controller>
	    <controller type='sata' index='1'>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
	    </controller>

2011-10-18  Eric Blake  <eblake@redhat.com>

	snapshot: implement LIST_LEAVES flag in esx
	Relatively straight-forward filtering.
	* src/esx/esx_vi.h (esxVI_GetNumberOfSnapshotTrees)
	(esxVI_GetSnapshotTreeNames): Add parameter.
	* src/esx/esx_vi.c (esxVI_GetNumberOfSnapshotTrees)
	(esxVI_GetSnapshotTreeNames): Allow leaf filtering.
	* src/esx/esx_driver.c (esxDomainSnapshotNum)
	(esxDomainSnapshotListNames, esxDomainSnapshotNumChildren)
	(esxDomainSnapshotListChildrenNames): Pass new flag through.

2011-10-18  Philipp Hahn  <hahn@univention.de>

	Fix virt-sanlock-cleanup documentation
	The referenced page does not exist, but locking.html has a section about
	sanlock.

2011-10-17  Jiri Denemark  <jdenemar@redhat.com>

	Fix VPATH build
	probes.h is generated in build directory; setting a dependency on
	probes.h from source directory doesn't work well in VPATH builds. Caused
	by commit 1afcfbdda0cac112faa61f74ec943e46aa43f2f5

	qemu: Relax -no-shutdown check to [0.14.0, 0.15.0]
	The patch that fixes SIGTERM handling with -no-shutdown was taken into
	0.15.1 stable release of qemu.

2011-10-17  Philipp Hahn  <hahn@univention.de>

	Fix two comments related to error handling

2011-10-15  Wen Congyang  <wency@cn.fujitsu.com>

	build: fix 'make dist' error
	When I run 'make dist', I receive the following error messages:
	make[1]: Entering directory `/home/wency/source/libvirt/src'
	  GEN    remote/remote_protocol.h
	  GEN    remote/remote_protocol.c
	  GEN    remote/qemu_protocol.h
	  GEN    remote/qemu_protocol.c
	  GEN    remote/qemu_client_bodies.h
	  CC     libvirt_driver_remote_la-remote_protocol.lo
	In file included from ./remote/remote_protocol.h:16,
	                 from ./remote/remote_protocol.c:7:
	/internal.h:249:23: error: probes.h: No such file or directory
	make[1]: *** [libvirt_driver_remote_la-remote_protocol.lo] Error 1
	make[1]: Leaving directory `/home/wency/source/libvirt/src'
	make: *** [distdir] Error 1
	The reason is that we use probes.h before generating it.

2011-10-15  Roopa Prabhu  <roprabhu@cisco.com>

	Add missing strdup return value check
	Check strdup return value and fail if error

2011-10-15  Osier Yang  <jyang@redhat.com>

	qemu: Honor the orginal PCI dev properties when reattaching
	BZ# https://bugzilla.redhat.com/show_bug.cgi?id=736214
	The problem is caused by the original info of domain's PCI dev is
	maintained by qemu_driver->activePciHostdevs list, (E.g. dev->reprobe,
	which stands for whether need to reprobe driver for the dev when do
	reattachment). The fields (dev->reprobe, dev->unbind_from_stub, and
	dev->remove_slot) are initialized properly when preparing the PCI
	device for managed attachment. However, when do reattachment, it
	construct a complete new "pciDevice" without honoring the original
	dev info, and thus the dev won't get the original driver or can get
	other problem.
	This patch is to fix the problem by get the devs from list
	driver->activePciHostdevs.
	Tested with following 3 scenarios:
	  * the PCI was bound to some driver not pci-stub before attaching
	    result: the device will be bound to the original driver
	  * the PCI was bound to pci-stub before attaching
	    result: no driver reprobing, and still bound to pci-stub
	  * The PCI was not bound to any driver
	    result: no driver reprobing, and still not bound to any driver.

2011-10-15  Roopa Prabhu  <roprabhu@cisco.com>

	macvtap: avoid invalid free
	Commit 0472f39 plugged a leak, but introduced another bug:
	Actually looks like physfndev is conditionally allocated in getPhysfnDev
	Its better to modify getPhysfnDev to allocate physfndev every time.

2011-10-15  Laine Stump  <laine@laine.org>

	docs: fix network XML documentation
	A few people have attempted to use the new forwarding modes with older
	versions of libvirt. The docs where the modes are described have
	always stated the minimum required libvirt version, but the examples
	at the end didn't, which I believe is what has caused the confusion.
	Similarly, the section on portgroups now has a version tag added at
	the beginning.
	I also noticed that there was no example of defining a <dns> hostname,
	so I added one, as well as making the domain name example more
	recognizable (by adding ".com" to the domain).

2011-10-15  Jiri Denemark  <jdenemar@redhat.com>

	Clarify semantics of virDomainMigrate2
	Explicitly disallow conflicts between domain name from dxml and dname.

2011-10-15  Osier Yang  <jyang@redhat.com>

	qemu: Do not reattach PCI device used by other domain when shutdown
	When failing on starting a domain, it tries to reattach all the PCI
	devices defined in the domain conf, regardless of whether the devices
	are still used by other domain. This will cause the devices to be deleted
	from the list qemu_driver->activePciHostdevs, thus the devices will be
	thought as usable even if it's not true. And following commands
	nodedev-{reattach,reset} will be successful.
	How to reproduce:
	  1) Define two domains with same PCI device defined in the confs.
	  2) # virsh start domain1
	  3) # virsh start domain2
	  4) # virsh nodedev-reattach $pci_device
	You will see the device will be reattached to host successfully.
	As pciDeviceReattach just check if the device is still used by
	other domain via checking if the device is in list driver->activePciHostdevs,
	however, the device is deleted from the list by step 2).
	This patch is to prohibit the bug by:
	  1) Prohibit a domain starting or device attachment right at
	     preparation period (qemuPrepareHostdevPCIDevices) if the
	     device is in list driver->activePciHostdevs, which means
	     it's used by other domain.
	  2) Introduces a new field for struct _pciDevice, (const char *used_by),
	     it will be set as the domain name at preparation period,
	     (qemuPrepareHostdevPCIDevices). Thus we can prohibit deleting
	     the device from driver->activePciHostdevs if it's still used by
	     other domain when stopping the domain process.
	* src/pci.h (define two internal functions, pciDeviceSetUsedBy and
	    pciDevceGetUsedBy)
	* src/pci.c (new field "const char *used_by" for struct _pciDevice,
	    implementations for the two new functions)
	* src/libvirt_private.syms (Add the two new internal functions)
	* src/qemu_hostdev.h (Modify the definition of functions
	    qemuPrepareHostdevPCIDevices, and qemuDomainReAttachHostdevDevices)
	* src/qemu_hostdev.c (Prohibit preparation and don't delete the
	    device from activePciHostdevs list if it's still used by other domain)
	* src/qemu_hotplug.c (Update function usage, as the definitions are
	    changed)

2011-10-14  Philipp Hahn  <hahn@univention.de>

	Xen: Fake versions in xencapstest
	virInitialize() → xenRegister() → xenhypervisorInit() determines the
	version of the Hypervisor. This breaks xencapstest when building as root
	on a dom0 system, since xenHypervisorBuildCapabilities() adds the "hap"
	and "viridian" features based on the detected version.
	Add an optional parameter to xenhypervisorInit() to disable automatic
	detection of the Hypervisor version. The passed in arguments are used
	instead.

	Xen: move versions to struct
	Calling virInitialize() → xenRegister() → xenhypervisorInit() directly
	opens a connection to the Xen Hypervisor, which breaks some unit tests.
	Move all static variables into a struct to make it easier to override
	them when testing.

2011-10-14  Eric Blake  <eblake@redhat.com>

	esx: drop dead code to silence Coverity
	Coverity detected that the only way to get to the cleanup label
	is if objectSpec had been successfully allocated, so the null
	check was dead code.
	* src/esx/esx_vi.c (esxVI_LookupObjectContentByType): Drop
	redundant null check.

2011-10-14  Jiri Denemark  <jdenemar@redhat.com>

	util: Fix typo in virGetHostname description

2011-10-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix syntax problem in mingw32-libvirt.spec.in
	When defining macros, you can't put comments on the end of the
	line because they will get included in the macro definition
	* mingw32-libvirt.spec.in: Fix comment about hyperv

2011-10-14  Eric Blake  <eblake@redhat.com>

	macvtap: plug memory leak for 802.1Qbh
	Detected by Coverity.  Leak present since commit ca3b22b.
	* src/util/macvtap.c (doPortProfileOp8021Qbh): Release device name.

	qemu: plug memory leak on migration
	Detected by Coverity.  Leak introduced in commit 72de0d2.
	* src/qemu/qemu_migration.c (qemuMigrationCookieGraphicsXMLParse):
	Clean up on success.

	conf: plug memory leak on error
	Detected by Coverity.  Leak present since commit 874e65a; and
	while commit d50bb45 tried to fix the issue, it missed a path.
	* src/conf/domain_conf.c (virDomainDefParseBootXML): Always clean
	up useserial.

2011-10-14  Guido Günther  <agx@sigxcpu.org>

	Use virBufferEscapeShell in virNetSocketNewConnectSSH
	to escape the netcat command since it's passed to the shell. Adjust
	expected test case output accordingly.

	Add virBufferEscapeShell
	Escape strings so they're safe to pass to the shell. It's based on
	virsh's cmdEcho.

	Autodetect if the remote nc command supports the -q option
	Based on a patch by Marc Deslauriers <marc.deslauriers@ubuntu.com>
	RH: https://bugzilla.redhat.com/show_bug.cgi?id=562176
	Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/517478
	Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573172

2011-10-14  Eric Blake  <eblake@redhat.com>

	storage: plug memory leak on error
	Detected by Coverity.  Present since commit 82c1740.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalMakeVol): Fix leak.

2011-10-14  Jiri Denemark  <jdenemar@redhat.com>

	util: Make getaddrinfo failure nonfatal in virGetHostname
	Setting a hostname that cannot be resolved is not the best configuration
	but since virGetHostname only calls getaddrinfo to get host's canonical
	name and we do not fail if the returned canonical name is NULL or
	"localhost", there is no reason why we should fail if getaddrinfo itself
	fails.

	qemu: Make sure BeginJob is always followed by EndJob
	Otherwise we can end up with a dangling job that can only be cleared by
	restarting libvirtd.

	qemu: Log debug messages when changing job
	Log debug messages anytime we call *BeginJob* or *EndJob* so that it's
	easier to spot incorrect usage of domain job APIs.

2011-10-14  Eric Blake  <eblake@redhat.com>

	qemu: fix text block info parsing
	Detected by Coverity.  p (the pointer to the string) is always true;
	when in reality, we wanted to know whether the integer value of the
	just-parsed string is '0' or '1'.  Logic bug since commit b1b5b51.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetBlockInfo): Set
	results to proper value.

	qemu: avoid text monitor null deref
	Detected by Coverity.  If, for some reason, our text monitor input
	does not match our assumptions, we end up incrementing p while it
	is NULL, then dereferencing the pointer 0x1, which will fault.
	* src/qemu/qemu_monitor_text.c
	(qemuMonitorTextGetBlockStatsParamsNumber): Rewrite to avoid
	deref of strchr failure.  Fix indentation.

	qemu: check for json allocation failure
	Detected by Coverity.  Introduced in commit b1b5b51.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockInfo):
	Avoid null dereference.

	build: add compiler attributes to virUUIDParse
	Coverity complained that most, but not all, clients of virUUIDParse
	were checking for errors.  Silence those coverity warnings by
	explicitly marking the cases where we trust the input, and fixing
	one instance that really should have been checking.  In particular,
	this silences a rather large percentage of the warnings I saw on my
	most recent Coverity analysis run.
	* src/util/uuid.h (virUUIDParse): Enforce rules.
	* src/util/uuid.c (virUUIDParse): Drop impossible check; at least
	Coverity will detect if we break rules and pass NULL.
	* src/xenapi/xenapi_driver.c (xenapiDomainCreateXML)
	(xenapiDomainLookupByID, xenapiDomainLookupByName)
	(xenapiDomainDefineXML): Ignore return when we trust data source.
	* src/vbox/vbox_tmpl.c (nsIDtoChar, vboxIIDToUUID_v3_x)
	(vboxCallbackOnMachineStateChange)
	(vboxCallbackOnMachineRegistered, vboxStoragePoolLookupByName):
	Likewise.
	* src/node_device/node_device_hal.c (gather_system_cap): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxpr): Check for errors.

2011-10-14  Marc-André Lureau  <marcandre.lureau@gmail.com>

	virFDStream: close also given errfd (fd leak)
	In virFDStreamOpenFileInternal(), a errfd pipe is opened by
	virCommandRunAsync() and given to virFDStreamOpenInternal().
	It seems virFDStream should close errfd, just like the other
	fd it is given.
	This fixes screenshots leaking FDs:
	http://bugzilla.redhat.com/show_bug.cgi?id=745761

2011-10-14  Eric Blake  <eblake@redhat.com>

	command: avoid fd leak on failure
	virCommandTransferFD promises that the fd is no longer owned by
	the caller.  Normally, we want the fd to remain open until the
	child runs, but in error situations, we must close it earlier.
	* src/util/command.c (virCommandTransferFD): Close fd now if we
	can't track it to close later.
	(virCommandKeepFD): Adjust helper to make this easier.

2011-10-13  Serge E. Hallyn  <serge.hallyn@canonical.com>

	Fix typo in lxc_controller
	s/Mouting/Mounting.

2011-10-13  Eric Blake  <eblake@redhat.com>

	spec: mingw cleanups
	* libvirt.spec.in (%configure): Drop unused %{one} macro.
	* mingw32-libvirt.spec.in (%{rhel}): Compile ESX but not HyperV on
	mingw build for RHEL.
	(%build): Make configure honor spec conditionals.  Reorder to
	match libvirt.spec.
	* autobuild.sh (mingw): Update list to match.
	Suggested by Daniel P. Berrange.

	build: update to latest gnulib
	358 changes; most probably have no impact on libvirt, but we
	might as well stay current.
	* .gnulib: Update to latest.

2011-10-13  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Check for domain being active on successful job acquire
	As this is needed. Although some functions check for domain
	being active before obtaining job, we need to check it after,
	because obtaining job unlocks domain object, during which
	a state of domain can be changed.

	events: Propose a separate lock for event queue
	Currently, push & pop from event queue (both server & client side)
	rely on lock from higher levels, e.g. on driver lock (qemu),
	private_data (remote), ...; This alone is not sufficient as not
	every function that interacts with this queue can/does lock,
	esp. in client where we have a different approach, "passing
	the buck".
	Therefore we need a separate lock just to protect event queue.
	For more info see:
	https://bugzilla.redhat.com/show_bug.cgi?id=743817

	qemu: Implement VIR_DUMP_RESET
	This patch extends qemudDomainCoreDump so it supports new VIR_DUMP_RESET
	flag. If this flag is set, domain is reset on successful dump. However,
	this is needed to be done after we start CPUs.

	virDomainCoreDump: Introduce VIR_DUMP_RESET flag
	This flag is intended to allow user to do so called system reset
	after dump, instead of sending ACPI reboot event.

2011-10-13  Philipp Hahn  <hahn@univention.de>

	example: Support debug output and loop switch
	Add support for enabling debug output via command line option.
	Allow to toggle the loop implementation between pure-Python and
	native-C.

	example: Redirect --help output to stdout/stderr
	When --help is requested, print usage() to stdout.
	When an illegal option is passed, print usage to stderr.

	example: Fix argument handling
	sys.argv contains the original command line arguments, while args only
	contains the arguments not handled by getopt(). Currently this is no
	problem since --help is the only command line option passable, which
	terminates the process, so the code is never reached. Any option added
	in the future will reveal the bug.

2011-10-13  Eric Blake  <eblake@redhat.com>

	snapshot: implement LIST_LEAVES flag in qemu
	With the recent refactoring of qemu snapshot relationships, it
	is now trivial to filter on leaves.
	* src/conf/domain_conf.c (virDomainSnapshotObjListCount)
	(virDomainSnapshotObjListCopyNames): Handle new flag.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotListNames)
	(qemuDomainSnapshotNum, qemuDomainSnapshotListChildrenNames)
	(qemuDomainSnapshotNumChildren): Pass new flag through.

	snapshot: add API for filtering by leaves
	Counterpart to --roots.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_LIST_LEAVES):
	New flag.
	* src/libvirt.c (virDomainSnapshotNum, virDomainSnapshotListNames)
	(virDomainSnapshotNumChildren)
	(virDomainSnapshotListChildrenNames): Document it.
	* tools/virsh.c (cmdSnapshotList): Expose it.
	* tools/virsh.pod (snapshot-list): Document --leaves.

2011-10-13  Philipp Hahn  <hahn@univention.de>

	xen: Return tap2 for tap2 disks
	For some versions of Xen the difference between "tap" and "tap2" is
	important. When converting back from xen-sxpr to libvirt-xml, that
	information is lost, which breaks re-defining the domain using that
	data.
	Explicitly return "tap2" for disks defined as "device/tap2".

	xen: fix PyGrub boot device order
	When PyGrub is used as the bootloader in Xen, it gets passed the first
	bootable disk. Xend supports a "bootable"-flag for this, which isn't
	explicitly supported by libvirt.
	When converting libvirt-xml to xen-sxpr the "bootable"-flag gets
	implicitly set by xen.xend.XenConfig.device_add() for the first disk
	(marked as "Compat hack -- mark first disk bootable").
	When converting back xen-sxpr to libvirt-xml, the disks are returned in
	the internal order used by Xend ignoring the "bootable"-flag, which
	loses the original order. When the domain is then re-defined, the order
	of disks is changed, which breaks PyGrub, since a different disk gets
	passed.
	When converting xen-sxpr to libvirt-xml, use the "bootable"-flag to
	determine the first disk.
	This isn't perfect, since several disks can be marked as bootable using
	the Xend-API, but that is not supported by libvirt. In all known cases
	relevant to libvirt exactly one disk is marked as bootable.

	tests: Add support for skipping tests
	AM_TESTS has support for skipping tests, while the C-implementation
	virtTestRun() does not support that feature.
	Print "_" or "SKIP" in verbose mode for tests returning EXIT_AM_SKIP=77.

2011-10-13  Harsh Prateek Bora  <harsh@linux.vnet.ibm.com>

	Introduce <driver> under <filesystem> to support open-by-handle
	VirtFS allows the user to choose between path/handle based fs driver.
	As of now, libvirt hardcoded path based driver only. This patch provides
	a solution to allow user to choose between path/handle based fs driver.
	Sample:
	    <filesystem type='mount'>
	      <driver type='handle'/>
	      <source dir='/folder/to/share1'/>
	      <target dir='mount_tag1'/>
	    </filesystem>
	    <filesystem type='mount'>
	      <driver type='path'/>
	      <source dir='/folder/to/share2'/>
	      <target dir='mount_tag2'/>
	    </filesystem>

2011-10-13  Sage Weil  <sage@newdream.net>

	buf: implement generic virBufferEscape
	Implement a generic helper to escape a given set of characters with a
	leading '\'.  Generalizes virBufferEscapeSexpr().

2011-10-12  Osier Yang  <jyang@redhat.com>

	daemon: Always advertise libvirtd service
	This is a regression introduced by new RPC codes, previously
	we advertise the service via ssh even if the daemon doesn't
	listen on TLS port (TCP is not choosed). Now the service is
	only advertised when it listens on TLS or TCP port. This breaks
	upper layer apps which intends to discover the service, such
	as virt-manager.

2011-10-12  Eric Blake  <eblake@redhat.com>

	snapshot: drop dead parameters
	The previous optimizations lead to some follow-on cleanups.
	* src/conf/domain_conf.c (virDomainSnapshotForEachChild)
	(virDomainSnapshotForEachDescendant): Drop dead parameter.
	(virDomainSnapshotActOnDescendant)
	(virDomainSnapshotObjListNumFrom)
	(virDomainSnapshotObjListGetNamesFrom): Update callers.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotNumChildren)
	(qemuDomainSnapshotListChildrenNames, qemuDomainSnapshotDelete):
	Likewise.
	* src/conf/domain_conf.h: Update prototypes.

	snapshot: take advantage of new relations
	Among other improvements, virDomainSnapshotForEachDescendant is
	changed from iterative O(n^2) to recursive O(n).  A bit better
	than the O(n^3) implementation in virsh snapshot-list!
	* src/conf/domain_conf.c (virDomainSnapshotObjListNum)
	(virDomainSnapshotObjListNumFrom)
	(virDomainSnapshotObjeListGetNames, virDomainSnapshotForEachChild)
	(virDomainSnapshotForEachDescendant): Optimize.
	(virDomainSnapshotActOnDescendant): Tweak.
	(virDomainSnapshotActOnChild, virDomainSnapshotMarkDescendant):
	Delete, now that they are unused.

	snapshot: track qemu snapshot relations
	Maintain the parent/child relationships of all qemu snapshots.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Populate
	relationships after loading.
	(qemuDomainSnapshotCreateXML): Set relations on creation; tweak
	redefinition to reuse existing object.
	(qemuDomainSnapshotReparentChildren, qemuDomainSnapshotDelete):
	Clear relations on delete.

	snapshot: framework for more efficient relation traversal
	No one was using virDomainSnapshotHasChildren, but that was an
	O(n) function.  Exposing and tracking a bit more metadata for each
	snapshot will allow the same query to be made with an O(1) query
	of the member field.  For single snapshot operations (create,
	delete), callers can be trusted to maintain the metadata themselves,
	but for reloading, we can't compute parents as we go since there
	is no guarantee that parents were parsed before children, so we also
	provide a function to refresh the relationships, and which can
	be used to detect if the user has ignored our warnings and been
	directly modifying files in /var/lib/libvirt/qemu/snapshot.  This
	patch only adds metadata; later patches will actually use it.
	This layout intentionally hardcodes the size of each snapshot struct,
	by tracking sibling pointers, rather than having to deal with the
	headache of yet more memory management by directly sticking a
	dynamically sized child[] on each parent.
	* src/conf/domain_conf.h (_virDomainSnapshotObj)
	(_virDomainSnapshotObjList): Add members.
	(virDomainSnapshotUpdateRelations, virDomainSnapshotDropParent):
	New prototypes.
	(virDomainSnapshotHasChildren): Delete.
	* src/conf/domain_conf.c (virDomainSnapshotSetRelations)
	(virDomainSnapshotUpdateRelations, virDomainSnapshotDropParent):
	New functions.
	(virDomainSnapshotHasChildren): Drop unused function.
	* src/libvirt_private.syms (domain_conf): Update exports.

	snapshot: use correct qmp monitor command
	To date, JSON disk snapshots worked by accident, as they were always
	using hmp fallback due to a typo in commit e702b5b not picking up
	on the (intentional) difference in command names between the two
	monitor protocols.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskSnapshot):
	Spell QMP command correctly.
	Reported by Luiz Capitulino.

	snapshot: virsh shorthand for operating on current snap
	Rather than having to do:
	$ virsh snapshot-revert dom $(virsh snapshot-current dom --name)
	I thought it would be nice to do:
	$ virsh snapshot-revert dom --current
	I didn't add 'virsh snapshot-dumpxml --current' since we already have
	'virsh snapshot-current' for the same task.  snapshot-list accepted
	a name but did not require it, and that remains the case, with
	--current serving in place of that name.  For all other commands,
	name used to be required, and can now be replaced by --current;
	I intentionally made it so that omitting both --current and a name
	is an error (having the absence of a name imply --current seems
	just a bit too magic, so --current must be explicit).  I also had
	to keep snapshot-edit backwards-compatible, as the only command
	that already had a --current argument alongside a name, which still
	works to both edit a named snapshot and make it current.
	* tools/virsh.c (vshLookupSnapshot): New helper function.
	(cmdSnapshotEdit, cmdSnapshotList, cmdSnapshotParent)
	(cmdSnapshotDelete, cmdDomainSnapshotRevert): Use it, adding an
	option where needed.
	* tools/virsh.pod (snapshot-delete, snapshot-edit)
	(snapshot-list, snapshot-parent, snapshot-revert): Document
	use of --current.
	(snapshot-dumpxml): Mention alternative.

	build: fix mingw build without sasl
	Detected by autogen.sh on a cross-mingw build:
	Creating library file: .libs/libvirt.dll.a
	Cannot export virNetSASLContextCheckIdentity: symbol not defined
	Cannot export virNetSASLContextNewServer: symbol not defined
	...
	* src/libvirt_private.syms (virnetsaslcontext.h): Move symbols...
	* src/libvirt_sasl.syms: ...to new file.
	* src/Makefile.am (USED_SYM_FILES) [HAVE_SASL]: Use new file.
	(EXTRA_DIST): Ship it.

	build: fix 'make rpm'
	Since commit ddf3bd3, 'make rpm' failed with:
	RPM build errors:
	    File not found: /home/remote/eblake/rpmbuild/BUILDROOT/libvirt-0.9.6-1.fc14.eblake1318366440.x86_64/usr/share/systemtap/tapset/libvirtd.stp
	* libvirt.spec.in (with_dtrace): Match installed .stp files.

	build: fix 'make distcheck'
	I got these distcheck failures with sanlock enabled:
	ERROR: files left in build directory after distclean:
	./tools/virt-sanlock-cleanup
	./src/locking/qemu-sanlock.conf
	* src/Makefile.am (DISTCLEANFILES) [HAVE_SANLOCK]: Clean built
	file.
	* tools/Makefile.am (DISTCLEANFILES): Likewise.

	build: ship helper scripts
	Otherwise, 'make rpm' fails with:
	  GEN    libvirt_qemu.def
	make[2]: *** No rule to make target `dtrace2systemtap.pl', needed by `libvirt_probes.stp'.  Stop.
	* src/Makefile.am (EXTRA_DIST): Add recent script additions.

2011-10-12  Dan Horák  <dan@danny.cz>

	disable xenlight for non-Xen platforms
	when building libvirt in Fedora/s390x I've found that xenlight needs to
	be explicitly disabled in the spec file. Configure properly sets the
	library as non-existent, but the %files section still wants to package
	the 3 /var/*/libvirt/libxl directories. See also
	https://bugzilla.redhat.com/show_bug.cgi?id=745020

2011-10-12  Eric Blake  <eblake@redhat.com>

	build: fix 'make check' linkage with dtrace
	Building on Linux with dtrace enabled was failing 'make check':
	  CCLD   nodeinfotest
	../src/.libs/libvirt_test.a(libvirt_net_rpc_client_la-virnetclient.o): In function `virNetClientNew':
	/home/remote/eblake/libvirt/src/rpc/virnetclient.c:162: undefined reference to `libvirt_rpc_client_new_semaphore'
	On looking further, I see some earlier warnings emitted from libtool:
	*** Warning: Linking the shared library libvirt.la against the non-libtool
	*** objects  probes.o is not portable!
	Since src/probes.o is only built on Linux, and even then, only when
	dtrace is enabled, this failure does not affect other platforms, and
	despite libtool warning that it is not generally portable, it is not
	a problem for our use-case in libvirt.la.  But it turns out that while
	libtool is willing to jam raw .o files into an installed shared
	library (libvirt.la becomes libvirt.so), it is NOT willing to jam
	the same .o file into the convenience library libvirt_test.la.
	Perhaps this is a bug in libtool, but even if we get libtool fixed,
	libvirt must continue to build on platforms with older libtool.  So,
	the fix is the same as we are already using for the libvirt_lxc
	executable - don't rely on the .o file being in the convenience
	library, but instead use LDADD to pull it in directly.
	* tests/Makefile.am (PROBES_O): New macro.
	(LDADDS): Use it to fix link errors.

2011-10-12  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix VPATH build with new probes

2011-10-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix deps for probes.o to ensure correct build ordering

	Update examples for probing with systemtap
	This removes the old example for legacy probes and adds two
	new scripts demonstrating many of the new probe point facilities.
	The rpc-monitor.stp script will print out friendly details of all
	RPC traffic between a libvirt client/server. This is incredibly
	useful in seeing what RPC calls are being made, and also debugging
	problems in the RPC protocol code
	The events.stp script will print out lots of info about the poll
	event loop, which is useful for debugging event handling problems
	* examples/systemtap/events.stp, examples/systemtap/rpc-monitor.stp:
	  New examples
	* examples/systemtap/client.stp: Remove obsolete example

	Rewrite all the DTrace/SystemTAP probing
	The libvirtd daemon had a few crude system tap probes. Some of
	these were broken during the RPC rewrite. The new modular RPC
	code is structured in a way that allows much more effective
	tracing. Instead of trying to hook up the original probes,
	define a new set of probes for the RPC and event code.
	The master probes file is now src/probes.d.  This contains
	probes for virNetServerClientPtr, virNetClientPtr, virSocketPtr
	virNetTLSContextPtr and virNetTLSSessionPtr modules. Also add
	probes for the poll event loop.
	The src/dtrace2systemtap.pl script can convert the probes.d
	file into a libvirt_probes.stp file to make use from systemtap
	much simpler.
	The src/rpc/gensystemtap.pl script can generate a set of
	systemtap functions for translating RPC enum values into
	printable strings. This works for all RPC header enums (program,
	type, status, procedure) and also the authentication enum
	The PROBE macro will automatically generate a VIR_DEBUG
	statement, so any place with a PROBE can remove any existing
	manual DEBUG statements.
	* daemon/libvirtd.stp, daemon/probes.d: Remove obsolete probing
	* daemon/libvirtd.h: Remove probe macros
	* daemon/Makefile.am: Remove all probe buildings/install
	* daemon/remote.c: Update authentication probes
	* src/dtrace2systemtap.pl, src/rpc/gensystemtap.pl: Scripts
	  to generate STP files
	* src/internal.h: Add probe macros
	* src/probes.d: Master list of probes
	* src/rpc/virnetclient.c, src/rpc/virnetserverclient.c,
	  src/rpc/virnetsocket.c, src/rpc/virnettlscontext.c,
	  src/util/event_poll.c: Insert probe points, removing any
	  DEBUG statements that duplicate the info

	Fix missing lock calls on virNetTLSContextRef
	The virNetTLSContextRef API forgot to acquire/release the lock
	while changing ctxt->refs
	* src/rpc/virnettlscontext.c: Add lock calls

	Refactor TLS to facilitate dynamic probing
	Pull the call to gnutls_x509_crt_get_dn up into a higher function
	so that the 'dname' variable will be available for probe points
	* src/rpc/virnettlscontext.c: Pull gnutls_x509_crt_get_dn up
	  one level

	Add virSocketRef API to facilitate dynamic probing
	Instead of directly manipulating sock->refs, add a virSocketRef
	API
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add virSocketRef

	If receiving a stream error, mark EOF on the stream
	If we receive an error on the stream, set the EOF marker so
	that any further (bogus) incoming data is dropped.
	* src/rpc/virnetclientstream.c: Set EOF on stream

	Make libvirt.so include the RPC server code
	To avoid static linking libvirtd to the RPC server code, which
	then prevents sane introduction of DTrace probes, put it all
	in the libvirt.so, and export it
	* daemon/Makefile.am: Don't link to RPC libraries
	* src/Makefile.am: Link all RPC libraries to libvirt.so
	* src/libvirt_private.syms: Export all RPC functions

2011-10-11  Eric Blake  <eblake@redhat.com>

	snapshot: implement snapshot children listing in esx
	It was fairly trivial to return snapshot listing based on a
	point in the hierarchy, rather than starting at all roots.
	* src/esx/esx_driver.c (esxDomainSnapshotNumChildren)
	(esxDomainSnapshotListChildrenNames): New functions.

	snapshot: implement snapshot children listing in qemu
	Not too hard to wire up.  The trickiest part is realizing that
	listing children of a snapshot cannot use SNAPSHOT_LIST_ROOTS,
	and that we overloaded that bit to also mean SNAPSHOT_LIST_DESCENDANTS;
	we use that bit to decide which iteration to use, but don't want
	the existing counting/listing functions to see that bit.
	* src/conf/domain_conf.h (virDomainSnapshotObjListNumFrom)
	(virDomainSnapshotObjListGetNamesFrom): New prototypes.
	* src/conf/domain_conf.c (virDomainSnapshotObjListNumFrom)
	(virDomainSnapshotObjListGetNamesFrom): New functions.
	* src/libvirt_private.syms (domain_conf.h): Export them.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotNumChildren)
	(qemuDomainSnapshotListChildrenNames): New functions.

	snapshot: remote protocol for snapshot children
	Very mechanical.  I'm so glad we've automated the generation of things,
	compared to what it was in 0.8.x days, where this would be much longer.
	* src/remote/remote_protocol.x
	(REMOTE_PROC_DOMAIN_SNAPSHOT_NUM_CHILDREN)
	(REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_CHILDREN_NAMES): New rpcs.
	(remote_domain_snapshot_num_children_args)
	(remote_domain_snapshot_num_children_ret)
	(remote_domain_snapshot_list_children_names_args)
	(remote_domain_snapshot_list_children_names_ret): New structs.
	* src/remote/remote_driver.c (remote_driver): Use it.
	* src/remote_protocol-structs: Update.

	snapshot: virsh fallback for snapshot-list --descendants --from
	Given a list of snapshots and their parents, finding all descendants
	requires a hairy traversal.  This code is O(n^3); it could maybe be
	made to scale O(n^2) with the use of a hash table, but that costs more
	memory.  Hopefully there aren't too many people with a hierarchy
	so large as to approach REMOTE_DOMAIN_SNAPSHOT_LIST_NAMES_MAX (1024).
	* tools/virsh.c (cmdSnapshotList): Add final fallback.

	snapshot: virsh fallback for snapshot-list --from children
	Iterating over one level of children requires parsing all snapshots
	and their parents; a bit of code shuffling makes it pretty easy
	to do this as well.
	* tools/virsh.c (cmdSnapshotList): Add another fallback.

	snapshot: virsh fallback for snapshot-list --tree --from
	Emulating --from requires grabbing the entire list of snapshots
	and their parents, and recursively iterating over the list from
	the point of interest - but we already do that for --tree.  This
	turns on emulation for that situation.
	* tools/virsh.c (__vshControl): Rename member.
	(vshReconnect, cmdConnect, vshGetSnapshotParent): Update clients.
	(cmdSnapshotList): Add fallback.

	snapshot: virsh snapshot-list and children
	Sometimes, we only care about one branch of the snapshot hierarchy.
	Make it easier to list a single branch, by using the new APIs.
	Technically, I could emulate these new virsh options on old servers
	by doing a complete dump, then scraping xml to filter out just the
	snapshots that I care about, but I didn't want to do that in this patch.
	* tools/virsh.c (cmdSnapshotList): Add --from, --descendants.
	* tools/virsh.pod (snapshot-list): Document them.

	snapshot: new virDomainSnapshotListChildrenNames API
	The previous API addition allowed traversal up the hierarchy;
	this one makes it easier to traverse down the hierarchy.
	In the python bindings, virDomainSnapshotNumChildren can be
	generated, but virDomainSnapshotListChildrenNames had to copy
	from the hand-written example of virDomainSnapshotListNames.
	* include/libvirt/libvirt.h.in (virDomainSnapshotNumChildren)
	(virDomainSnapshotListChildrenNames): New prototypes.
	(VIR_DOMAIN_SNAPSHOT_LIST_DESCENDANTS): New flag alias.
	* src/libvirt.c (virDomainSnapshotNumChildren)
	(virDomainSnapshotListChildrenNames): New functions.
	* src/libvirt_public.syms: Export them.
	* src/driver.h (virDrvDomainSnapshotNumChildren)
	(virDrvDomainSnapshotListChildrenNames): New callbacks.
	* python/generator.py (skip_impl, nameFixup): Update lists.
	* python/libvirt-override-api.xml: Likewise.
	* python/libvirt-override.c
	(libvirt_virDomainSnapshotListChildrenNames): New wrapper function.

	docs: fix html bug
	</space> doesn't exist.  Introduced in commit 4bb4109f.
	* docs/formatdomain.html.in: Use correct end tag.

2011-10-11  Guido Günther  <agx@sigxcpu.org>

	xen_xs: Guard against set but empty kernel argument
	On xen 4.1 I observed configurations that look like:
	(image
	    (hvm
	        (kernel '')
	        (loader '/foo/bar')
	))
	The kernel element is there but unset. This leads to an empty <kernel/>
	element in the XML and even worse makes us skip the boot order parsing
	and therefore not emit a <boot device='$dev>'/> element which breaks CD
	booting.

	xen: add error handling to UUID parsing
	otherwise a missing UUID in a domain config just shows:
	error: An error occurred, but the cause is unknown
	Now we have:
	error: configuration file syntax error: config value uuid was missing

2011-10-11  Eric Blake  <eblake@redhat.com>

	maint: typo fixes
	I noticed a couple typos in recent commits, and fixed the remaining
	instances of them.
	* docs/internals/command.html.in: Fix spelling errors.
	* include/libvirt/libvirt.h.in (virConnectDomainEventCallback):
	Likewise.
	* python/libvirt-override.py (virEventAddHandle): Likewise.
	* src/lxc/lxc_container.c (lxcContainerChild): Likewise.
	* src/util/hash.c (virHashCreateFull): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalMakeVol): Likewise.
	* src/esx/esx_driver.c (esxFormatVMXFileName): Likewise.
	* src/vbox/vbox_tmpl.c (vboxIIDIsEqual_v3_x): Likewise.

	snapshot: avoid accidental renames with snapshot-edit
	I was a bit surprised that 'virsh snapshot-edit dom name' silently
	allowed me to clone things, while still telling me the old name,
	especially since other commands like 'virsh edit dom' reject rename
	attempts (*).  This fixes things to be more explicit (**).
	(*) Technically, 'virsh edit dom' relies on virDomainDefineXML
	behavior, which rejects attempts to mix a new name with existing
	uuid or new uuid with existing name, but you can create a new
	domain by changing both uuid and name.  On the other hand, while
	snapshot-edit --clone is a true clone, creating a new domain
	would also have to decide whether to clone snapshot metadata,
	managed save, and any other secondary data related to the domain.
	Domain renames are not trivial either.
	(**) Renaming or creating a clone is still a risky proposition -
	for offline snapshots and system checkpoints, if the new name
	does not match an actual name recorded in the qcow2 internal
	snapshots, then you cannot revert to the new checkpoint.  But it
	is assumed that anyone using the new virsh flags knows what they
	are doing, and can deal with the fallout caused by a rename/clone;
	that is, we can't completely prevent a user from shooting
	themselves in the foot, so much as we are making the default
	action less risky.
	* tools/virsh.c (cmdSnapshotEdit): Add --rename, --clone.
	* tools/virsh.pod (snapshot-edit): Document them.

	snapshot: sort snapshot-list --tree
	Otherwise, the results are not repeatable.
	* tools/virsh.c (cmdSnapshotList): Print tree in predictable order.

2011-10-10  Osier Yang  <jyang@redhat.com>

	storage: Do not use comma as seperator for lvs output
	* src/storage/storage_backend_logical.c:
	If a logical vol is created as striped. (e.g. --stripes 3),
	the "device" field of lvs output will have multiple fileds which are
	seperated by comma. Thus the RE we write in the codes will not
	work well anymore. E.g. (lvs output for a stripped vol, uses "#" as
	seperator here):
	test_stripes##fSLSZH-zAS2-yAIb-n4mV-Al9u-HA3V-oo9K1B#\
	/dev/sdc1(10240),/dev/sdd1(0)#42949672960#4194304
	The RE we use:
	    const char *regexes[] = {
	        "^\\s*(\\S+),(\\S*),(\\S+),(\\S+)\\((\\S+)\\),(\\S+),([0-9]+),?\\s*$"
	    };
	Also the RE doesn't match the "devices" field of striped vol properly,
	it contains multiple "device path" and "offset".
	This patch mainly does:
	    1) Change the seperator into "#"
	    2) Change the RE for "devices" field from "(\\S+)\\((\\S+)\\)"
	       into "(\\S+)".
	    3) Add two new options for lvs command, (segtype, stripes)
	    4) Extend the RE to match the value for the two new fields.
	    5) Parse the "devices" field seperately in virStorageBackendLogicalMakeVol,
	       multiple "extents" info are generated if the vol is striped. The
	       number of "extents" is equal to the stripes number of the striped vol.
	A incidental fix: (virStorageBackendLogicalMakeVol)
	    Free "vol" if it's new created and there is error.
	Demo on striped vol with the patch applied:
	% virsh vol-dumpxml /dev/test_vg/vol_striped2
	<volume>
	  <name>vol_striped2</name>
	  <key>QuWqmn-kIkZ-IATt-67rc-OWEP-1PHX-Cl2ICs</key>
	  <source>
	    <device path='/dev/sda5'>
	      <extent start='79691776' end='88080384'/>
	    </device>
	    <device path='/dev/sda6'>
	      <extent start='62914560' end='71303168'/>
	    </device>
	  </source>
	  <capacity>8388608</capacity>
	  <allocation>8388608</allocation>
	  <target>
	    <path>/dev/test_vg/vol_striped2</path>
	    <permissions>
	      <mode>0660</mode>
	      <owner>0</owner>
	      <group>6</group>
	      <label>system_u:object_r:fixed_disk_device_t:s0</label>
	    </permissions>
	  </target>
	</volume>
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=727474

2011-10-09  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainAttach: Initialize pidfile variable
	If parsing qemu command line fails (e.g. because of non-existing
	process number supplied), we jump to cleanup label where we free
	pidfile. Therefore it needs to be initialized. Otherwise we free
	random pointer.

2011-10-08  Eric Blake  <eblake@redhat.com>

	qemu: silence Coverity false positive
	Coverity complained that 4 out of 5 callers to virJSONValueObjectGetBoolean
	checked for errors.  But we documented that we don't care in this case.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockInfo): Use
	ignore_value.

	lxc: fix logic bug
	Detected by Coverity.  We want to increment the size_t counter,
	not the pointer to the counter.  Bug present since 5f5c6fde (0.9.5).
	* src/lxc/lxc_controller.c (lxcSetupLoopDevices): Use correct
	precedence.

2011-10-07  tangchen  <tangchen@cn.fujitsu.com>

	virsh: Update the help information for undefine command.
	virsh undefine command can now undefine an active guest, but the help information is still the old.
	This patch modifies it and make it coincident to the manpage of virsh.

2011-10-07  Daniel P. Berrange  <berrange@redhat.com>

	Don't send back unknown program errors for async messages
	If we send back an unknown program error for async messages,
	we will confuse the client because they only expect replies
	for method calls. Just log & drop any invalid async messages
	* src/rpc/virnetserver.c: Don't send error for async messages

	Fix deadlock when the RPC program is unknown
	Commit 597fe3cee68f561a181967b59a87b4e5c5880c4c accidentally
	introduced a deadlock when reporting an unknown RPC program.
	The virNetServerDispatchNewMessage method is called with
	the client locked, and must therefore not attempt to send
	any RPC messages back to the client. Only once the incoming
	message is passed off to the virNetServerHandleJob worker
	is it safe to start sending messages back
	* src/rpc/virnetserver.c: Delay checking for unknown RPC
	  program until in worker thread

2011-10-07  Eric Blake  <eblake@redhat.com>

	snapshot: simplify redefinition of disk snapshot
	Redefining disk-only snapshot xml should work even if the user
	did not explicitly pass VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY;
	the flag is only required for conditions where the <state>
	subelement is not already present in parsing (that is, defining
	a new snapshot).
	Also, fix the error code of some user-visible errors (the remaining
	VIR_ERR_INTERNAL_ERROR should not be user-visible, since parsing
	of <active> is only done from internal code).
	* src/conf/domain_conf.c (virDomainSnapshotDefParseString): Allow
	disks during redefinition of disk snapshot.

	snapshot: let virsh edit disk snapshots
	It was impossible for 'virsh snapshot-current dom name' to set name
	as the current snapshot, if name is a disk-only snapshot.
	Using strstr rather than full-blown xml parsing is safe, since the
	xml is assumed to be well-formed coming from libvirtd rather than
	arbitrary text coming from the user.
	* tools/virsh.c (cmdSnapshotCurrent, cmdSnapshotEdit): Pass
	disk_only flag when redefining a disk snapshot.

	snapshot: fix virsh error message typo
	* tools/virsh.c (cmdSnapshotList): Spell exclusive correctly.

2011-10-07  Michal Privoznik  <mprivozn@redhat.com>

	remote_driver: Avoid double free in EventControl building
	Don't xdr_free event data as they are freed by our caller
	virNetClientProgramDispatch.

2011-10-07  Eric Blake  <eblake@redhat.com>

	build: fix 'make distcheck' with pdwtags installed
	I am getting this failure with 'make distcheck':
	  GEN    ../../src/remote_protocol-structs
	/bin/sh: ../../src/remote_protocol-structs-t: Permission denied
	make[4]: *** [../../src/remote_protocol-structs] Error 1
	since it attempts a sub-run of a VPATH 'make check' where $(srcdir)
	is intentionally read-only.  I'm not sure which commit introduced
	the problem, although I suspect it was around 62dee6f when I
	refactored protocol struct checking to be more powerful.
	$(@F) is required by POSIX, and although it is not yet portable
	to all make implementations, we already require GNU make.
	* src/Makefile.am (PDWTAGS): Generate temp file into current
	directory, since $(srcdir) is read-only during distcheck.

2011-10-07  Guido Günther  <agx@sigxcpu.org>

	xenParseXM: don't dereference NULL pointer when script is empty

2011-10-07  Laine Stump  <laine@laine.org>

	qemu: add separate rerror_policy for disk errors
	Previously libvirt's disk device XML only had a single attribute,
	error_policy, to control both read and write error policy, but qemu
	has separate options for controlling read and write. In one case
	(enospc) a policy is allowed for write errors but not read errors.
	This patch adds a separate attribute that sets only the read error
	policy. If just error_policy is set, it will apply to both read and
	write error policy (previous behavior), but if the new rerror_policy
	attribute is set, it will override error_policy for read errors only.
	Possible values for rerror_policy are "stop", "report", and "ignore"
	("report" is the qemu-controlled default for rerror_policy when
	error_policy isn't specified).
	For consistency, the value "report" has been added to the possible
	values for error_policy as well.

	qemu: leave rerror policy at default when enospace is requested
	commit 12062ab set rerror=ignore when error_policy="enospace" was
	selected (since the rerror option in qemu doesn't accept "enospc", as
	the werror option does).
	After that patch was already pushed, Paolo Bonzini noticed it and
	commented that leaving rerror at the default ("report") would be a
	better choice. This patch corrects the problem - if error_policy =
	"enospace" is given, rerror is left off the qemu commandline,
	effectively setting it to "report". For other values, rerror is still
	set to match werror.
	Additionally, the parsing of error_policy was changed to no longer
	erroneously allow "default" as a choice - as with most other
	attributes, if you want the default setting, just don't specify an
	error_policy.
	Finally, two ommissions in the first patch were corrected - a
	long-dormant qemuxml2argv test for enospace was enabled, and fixed to
	pass, and the argv2xml parser in qemu_command.c was updated to
	recognize the different spelling on the qemu commandline.

2011-10-07  Eric Blake  <eblake@redhat.com>

	qemu: enable multifunction for older qemu
	Now that RHEL 6.2 Beta is out, it would be nice to test multifunction
	devices on that platform.  This changes things so that the multifunction
	cap bit can be set in two different ways: by version comparison (needed
	for qemu 0.13 which lacked a -device query), and by -device query
	(provided by qemu.git and backported to the RHEL beta build of
	qemu-kvm which still claims to be a modified 0.12, and therefore needed
	for RHEL).
	* src/qemu/qemu_capabilities.c (qemuCapsParseDeviceStr): Allow
	second method of setting multifunction cap bit.
	* tests/qemuhelptest.c (mymain): Test it.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel62-beta: New file.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel62-beta-device: Likewise.

2011-10-06  Guido Günther  <agx@sigxcpu.org>

	Document STREQ_NULLABLE and STRNEQ_NULLABLE

2011-10-06  Daniel P. Berrange  <berrange@redhat.com>

	Make LXC work with new network configuration types
	If using one of the new non-NAT/routed virtual network
	configurations, the LXC driver would not know how to
	setup the VETH devices. Adding in calls to setup the
	"actual" network configuration at VM startup and cleanup
	when shutting down fixes this.
	* src/lxc/lxc_driver.c: Setup/cleanup actual net devs

2011-10-06  Eric Blake  <eblake@redhat.com>

	init: raise default system aio limits
	https://bugzilla.redhat.com/show_bug.cgi?id=740899 documents that
	if qemu uses aio=native for its disks, then it consumes 128 aio
	requests per disk.  On a host with multiple guests, this can quickly
	run out of kernel aio requests with the default aio-max-nr of
	65536.  Kernel developers have confirmed that there is no up-front
	cost to raising this limit (a larger limit merely implies that more
	aio requests can be issued in parallel, which in turn will result
	in more kernel memory allocation, only if the system really does use
	that many requests).  Since the system default limit prevents 256
	disks, which is well within libvirt's current scalability, this
	patch installs a file to raise the limit and document it in case a
	system administrator has further cause to tune the limit.  The
	install only works on platforms new enough to source /etc/sysctl.d/*
	alongside /etc/sysctl.conf (F14 and RHEL 6).
	* daemon/libvirtd.sysctl: New file.
	* daemon/Makefile.am (EXTRA_DIST): Ship it.
	(install-init, uninstall-init): Install it.
	* libvirt.spec.in (%files): Include it in rpm.

	maint: fix minor issues in virterror public header
	Consistent use of tabs, fewer long lines, and a typo fix.
	* include/libvirt/virterror.h: Fix typos, layout.

	snapshot: enforce REVERT_FORCE on qemu
	Implements the documentation for snapshot revert vs. force.
	Part of the patch tightens existing behavior (previously, reverting
	to an old snapshot without <domain> was blindly attempted, now it
	requires force), while part of it relaxes behavior (previously, it
	was not possible to revert an active domain to an ABI-incompatible
	active snapshot, now force allows this transition).
	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Check for
	risky situations, and allow force to get past them.

	snapshot: use qemu-img on disks in use at time of snapshot
	Once we know which set of disks belong to a snapshot, reverting or
	deleting that snapshot should visit just those disks, rather than
	also visiting disks that were hot-plugged in the meantime or
	skipping disks that were hot-unplugged in the meantime.
	* src/qemu/qemu_domain.c (qemuDomainSnapshotForEachQcow2): Use
	snapshot domain details when available.  Avoid NULL deref.

	snapshot: add REVERT_FORCE to API
	Although reverting to a snapshot is a form of data loss, this is
	normally expected.  However, there are two cases where additional
	surprises (failure to run the reverted state, or a break in
	connectivity to the domain) can come into play.  Requiring extra
	acknowledgment in these cases will make it less likely that
	someone can get into an unrecoverable state due to a default revert.
	Also create a new error code, so users can distinguish when forcing
	would make a difference, rather than having to blindly request force.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_REVERT_FORCE):
	New flag.
	* src/libvirt.c (virDomainRevertToSnapshot): Document it.
	* include/libvirt/virterror.h (VIR_ERR_SNAPSHOT_REVERT_RISKY): New
	error value.
	* src/util/virterror.c (virErrorMsg): Implement it.
	* tools/virsh.c (cmdDomainSnapshotRevert): Add --force to virsh.
	* tools/virsh.pod (snapshot-revert): Document it.

2011-10-05  Eric Blake  <eblake@redhat.com>

	snapshot: implement snapshot roots listing in vbox
	Commit 9f5e53e introduced the ability to filter snapshots to
	just roots, but it was never implemented for VBox until now.
	The VBox implementation prohibits deletion of a snapshot with
	multiple children.  Hence, there can only be at most one root,
	which is found by searching for the snapshot with a NULL uuid.
	Prior to 4.0, snapshotGet looked up by UUID, and snapshotFind
	looked up by name; after that point, snapshotGet disappeared
	and snapshotFind handles uuid or name.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotNum)
	(vboxDomainSnapshotListNames): Implement limiting list to root.

2011-10-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't fail virDomainGetInfo if we can't update balloon info
	Qemu driver tries to update balloon data in virDomainGetInfo and if it
	can't do so because there is another monitor job running, it just
	reports what's known in domain def. However, if there was no job running
	but getting the data from qemu fails, we would fail the whole API. This
	doesn't make sense. Let's make the failure nonfatal.

2011-10-05  Eric Blake  <eblake@redhat.com>

	snapshot: simplify esx snapshot name lookup
	No need to request the parent of a snapshot if we aren't going to use it.
	* src/esx/esx_vi.c (esxVI_GetSnapshotTreeByName): Make parent
	optional.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML)
	(esxDomainSnapshotLookupByName, esxDomainRevertToSnapshot)
	(esxDomainSnapshotDelete): Simplify accordingly.

	snapshot: implement snapshot roots listing in esx
	Commit 9f5e53e introduced the ability to filter snapshots to
	just roots, but it was never implemented for ESX until now.
	* src/esx/esx_vi.h (esxVI_GetNumberOfSnapshotTrees)
	(esxVI_GetSnapshotTreeNames): Add parameter.
	* src/esx/esx_vi.c (esxVI_GetNumberOfSnapshotTrees)
	(esxVI_GetSnapshotTreeNames): Allow choice of recursion or not.
	* src/esx/esx_driver.c (esxDomainSnapshotNum)
	(esxDomainSnapshotListNames): Use it to limit to roots.

2011-10-05  Laine Stump  <laine@laine.org>

	qemu: correct misspelled 'enospc' option, and only use for werror
	This resolves:
	     https://bugzilla.redhat.com/show_bug.cgi?id=730909
	When support for setting the qemu disk error policy to "enospc" was
	added, it was inadvertently spelled "enospace". This patch corrects
	that on the qemu commandline (while retaining the "enospace" spelling
	for libvirt's XML).
	Also, while examining the qemu source, I found that "enospc" is not
	allowed for the read error policy, only for write error policy (makes
	sense). Since libvirt currently only has a single error policy
	setting, when "enospace" is selected, the read error policy is set to
	"ignore".

2011-10-05  Eric Blake  <eblake@redhat.com>

	snapshot: better virsh handling of missing current, parent
	Previously, virsh 'snapshot-parent' and 'snapshot-current' were
	completely silent in the case where the code conclusively proved
	there was no parent or current snapshot, but differed in exit
	status; this silence caused some confusion on whether the commands
	worked.  Furthermore, commit d1be48f introduced a regression where
	snapshot-parent would leak output about an unknown function, but
	only on the first attempt, when talking to an older server that
	lacks virDomainSnapshotGetParent.  This changes things to consistenly
	report an error message and exit with status 1 when no snapshot
	exists, and to avoid leaking unknown function warnings when using
	fallbacks.
	* tools/virsh.c (vshGetSnapshotParent): Alter signature, to
	distinguish between real error and missing parent.  Don't pollute
	last_error on success.
	(cmdSnapshotParent): Adjust caller.  Always output message on
	failure.
	(cmdSnapshotList): Adjust caller.
	(cmdSnapshotCurrent): Always output message on failure.

2011-10-05  Guido Günther  <agx@sigxcpu.org>

	Document that ff callbacks need to be invoked from a clean stack.
	Also fix a typo.

2011-10-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix migration with dname
	Destination libvirtd remembers the original name in the prepare phase
	and clears it in the finish phase. The original name is used when
	comparing domain name in migration cookie.

2011-10-04  Daniel P. Berrange  <berrange@redhat.com>

	Allow passing of command line args to LXC container
	When booting a virtual machine with a kernel/initrd it is possible
	to pass command line arguments using the <cmdline>...args...</cmdline>
	element in the guest XML. These appear to the kernel / init process
	in /proc/cmdline.
	When booting a container we do not have a custom /proc/cmdline,
	but we can easily set an environment variable for it. Ideally
	we could pass individual arguments to the init process as a
	regular set of 'char *argv[]' parameters, but that would involve
	libvirt parsing the <cmdline> XML text. This can easily be added
	later, even if we add the env variable now
	* docs/drvlxc.html.in: Document env variables passed to LXC
	* src/conf/domain_conf.c: Add <cmdline> to be parsed for
	  guests of type='exe'
	* src/lxc/lxc_container.c: Set LIBVIRT_LXC_CMDLINE env var

	Add support for bandwidth filtering on LXC guests
	Call virBandwidthEnable after creating the LXC veth, so that any
	bandwidth controls get applied
	* src/lxc/lxc_driver.c: Enable bandwidth limiting

2011-10-04  Laine Stump  <laine@laine.org>

	network: fill in bandwidth from portgroup for all forward modes
	This patch is a fix for:
	  https://bugzilla.redhat.com/show_bug.cgi?id=743176
	which was discovered by Dan Berrange while making bandwidth
	configuration work for LXC guests.
	Background: Although virtportprofile data from a network portgroup is
	only applicable for direct mode interfaces, the code that copies
	bandwidth data from the portgroup was also only being executed in the
	case of direct mode interfaces. The result was that interfaces using
	traditional virtual networks (forward mode='nat|route|none'), and
	those using a host bridge for forwarding, would not pick up bandwidth
	data from a portgroup defined in the network.
	This patch moves that code outside the conditional, so that bandwidth
	information is *alway* copied from the appropriate portgroup (unless
	the <interface> definition itself already has bandwidth information,
	which would take precedence over what's in the portgroup anyway).

2011-10-04  Neil Wilson  <neil@brightbox.co.uk>

	bridge_driver.c: Fix autoconf setting
	Code altered so that it is consistent with the associated comment. The
	'autoconf' variable is forced to zero.

2011-10-04  Marc-André Lureau  <marcandre.lureau@gmail.com>

	Set to NULL members that have been freed to prevent crashes
	Do not crash if virStreamFinish is called after error.
	==11000== Invalid read of size 4
	==11000==    at 0x373A8099A0: pthread_mutex_lock (pthread_mutex_lock.c:51)
	==11000==    by 0x4C7CADE: virMutexLock (threads-pthread.c:85)
	==11000==    by 0x4D57C31: virNetClientStreamRaiseError (virnetclientstream.c:203)
	==11000==    by 0x4D385E4: remoteStreamFinish (remote_driver.c:3541)
	==11000==    by 0x4D182F9: virStreamFinish (libvirt.c:14157)
	==11000==    by 0x40FDC4: cmdScreenshot (virsh.c:3075)
	==11000==    by 0x42BA40: vshCommandRun (virsh.c:14922)
	==11000==    by 0x42ECCA: main (virsh.c:16381)
	==11000==  Address 0x59b86c0 is 16 bytes inside a block of size 216 free'd
	==11000==    at 0x4A06928: free (vg_replace_malloc.c:427)
	==11000==    by 0x4C69E2B: virFree (memory.c:310)
	==11000==    by 0x4D57B56: virNetClientStreamFree (virnetclientstream.c:184)
	==11000==    by 0x4D3DB7A: remoteDomainScreenshot (remote_client_bodies.h:1812)
	==11000==    by 0x4CFD245: virDomainScreenshot (libvirt.c:2903)
	==11000==    by 0x40FB73: cmdScreenshot (virsh.c:3029)
	==11000==    by 0x42BA40: vshCommandRun (virsh.c:14922)
	==11000==    by 0x42ECCA: main (virsh.c:16381)

2011-10-03  Eric Blake  <eblake@redhat.com>

	snapshot: implement getparent for vbox
	Built by copying from existing functions.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotGetParent): New function.

	snapshot: implement getparent for esx
	Pretty easy to paste together compared to existing functions.
	* src/esx/esx_driver.c (esxDomainSnapshotGetParent): New function.

2011-10-01  Laine Stump  <laine@laine.org>

	qemu: make PCI multifunction support more manual
	When support for was added for PCI multifunction cards (in commit
	9f8baf, first included in libvirt 0.9.3), it was done by always
	turning on the multifunction bit for all PCI devices. Since that time
	it has been realized that this is not an ideal solution, and that the
	multifunction bit must be selectively turned on. For example, see
	  https://bugzilla.redhat.com/show_bug.cgi?id=728174
	and the discussion before and after
	  https://www.redhat.com/archives/libvir-list/2011-September/msg01036.html
	This patch modifies multifunction support so that the multifunction=on
	option is only added to the qemu commandline for a device if its PCI
	<address> definition has the attribute "multifunction='on'", e.g.:
	  <address type='pci' domain='0x0000' bus='0x00'
	           slot='0x04' function='0x0' multifunction='on'/>
	In practice, the multifunction bit should only be turned on if
	function='0' AND other functions will be used in the same slot - it
	usually isn't needed for functions 1-7 (although there are apparently
	some exceptions, e.g. the Intel X53 according to the QEMU source
	code), and should never be set if only function 0 will be used in the
	slot. The test cases have been changed accordingly to illustrate.
	With this patch in place, if a user attempts to assign multiple
	functions in a slot without setting the multifunction bit for function
	0, libvirt will issue an error when the domain is defined, and the
	define operation will fail. In the future, we may decide to detect
	this situation and automatically add multifunction=on to avoid the
	error; even then it will still be useful to have a manual method of
	turning on multifunction since, as stated above, there are some
	devices that excpect it to be turned on for all functions in a slot.
	A side effect of this patch is that attempts to use the same PCI
	address for two different devices will now log an error (previously
	this would cause the domain define operation to fail, but there would
	be no log message generated). Because the function doing this log was
	almost completely rewritten, I didn't think it worthwhile to make a
	separate patch for that fix (the entire patch would immediately be
	obsoleted).

	conf: remove unused VIR_ENUM_DECL
	While adding a new enum, I noticed a VIR_ENUM_DECL for a type that
	doesn't exist. There is also of course no matching VIR_ENUM_IMPL for
	it.

2011-10-01  Marc-André Lureau  <marcandre.lureau@gmail.com>

	virsh: do not unlink NULL file
	error:could not take a screenshot of xp
	==6216== Syscall param unlink(pathname) points to unaddressable byte(s)
	==6216==    at 0x373A0D4937: unlink (syscall-template.S:82)
	==6216==    by 0x40FD73: cmdScreenshot (virsh.c:3070)
	==6216==    by 0x42BA0D: vshCommandRun (virsh.c:14920)
	==6216==    by 0x42EC97: main (virsh.c:16379)
	==6216==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
	==6216==
	error:Requested operation is not valid: domain is not running

2011-10-01  Serge E. Hallyn  <serge.hallyn@canonical.com>

	lvm storage backend: handle command_names=1 in lvm.conf
	If the regexes supported (?:pvs)?, then we could handle this by
	optionally matching but not returning the initial command name.  But it
	doesn't.  So add a new char* argument to
	virStorageBackendRunProgRegex().  If that argument is NULL then we act
	as usual.  Otherwise, if the string at that argument is found at the
	start of a returned line, we drop that before running the regex.
	With this patch, virt-manager shows me lvs with command_names 1 or 0.
	The definitions of PVS_BASE etc may want to be moved into the configure
	scripts (though given how PVS is found, IIUC that could only happen if
	pvs was a link to pvs_real), but in any case no sense dealing with that
	until we're sure this is an ok way to handle it.

2011-09-30  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Check for outstanding async job too
	Currently, qemuDomainGetXMLDesc and qemudDomainGetInfo check for
	outstanding synchronous job before (eventual) monitor entering.
	However, there can be already async job set, e.g. migration.

2011-09-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix error message mentioning VNC instead of SPICE

2011-09-29  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	virsh: Add 'reset' command for virsh

	remote: Implement 'reset' for remote driver

	qemu: Implement 'reset' for qemu driver

	api: Add public api for 'reset'
	Add new public api for 'reset'.
	It can reset domain immediately without any guest shutdown.

2011-09-29  Jiri Denemark  <jdenemar@redhat.com>

	logging: Add date to log timestamp

	logging: Do not log timestamp through syslog
	Syslog puts the timestamp to every message anyway so this removes
	redundant data.

2011-09-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	hyperv: Report an error for acceptable URI schemes with a transport
	Before, URIs such as hyperv+ssh:// have been declined by the Hyper-V
	driver resulting in the remote driver trying to connect to an
	non-existing libvirtd.
	Now such URIs trigger an error in the yper-V driver suggesting to
	try again without the transport part in the scheme.

	esx: Report an error for acceptable URI schemes with a transport
	Before, URIs such as esx+ssh:// have been declined by the ESX driver
	resulting in the remote driver trying to connect to an non-existing
	libvirtd.
	Now such URIs trigger an error in the ESX driver suggesting to try
	again without the transport part in the scheme.

2011-09-29  Douglas Schilling Landgraf  <dougsland@redhat.com>

	formatdomain.html.in: fix tickpolicy
	there is no option "none":
	>From libvirt/src/conf/domain_conf.c
	<snip>
	VIR_ENUM_IMPL(virDomainTimerTickpolicy,
	VIR_DOMAIN_TIMER_TICKPOLICY_LAST,
	              "delay",
	              "catchup",
	              "merge",
	              "discard");
	</snip>
	Replacing with delay.

2011-09-29  Daniel Veillard  <veillard@redhat.com>

	virsh: describe attach-interface parameter target
	This patch is based on a improvement suggested by Kazuhiro Kikuchi
	of Fujitsu, it gives a description of the target parameter for that
	command
	* tools/virsh.pod: add description for target parameter of
	  attach-interface

	virsh: update man page for cpu_shares parameter
	The man page suggest that the cpu_shares parameter of schedinfo
	allows values 0-262144, but the kernel remaps values 0 and 1 to
	the minimum 2, just document that behaviour:
	[root@test ~]# cat /cgroup/cpu/libvirt/qemu/cpu.shares
	1024
	[root@test ~]# echo 0 > /cgroup/cpu/libvirt/qemu/cpu.shares
	[root@test ~]# cat /cgroup/cpu/libvirt/qemu/cpu.shares
	2
	[root@test ~]# echo 1 > /cgroup/cpu/libvirt/qemu/cpu.shares
	[root@test ~]# cat /cgroup/cpu/libvirt/qemu/cpu.shares
	2
	[root@test ~]#
	* tools/virsh.pod: update description of the cpu_shares parameter
	  to indicate the values 0 and 1 are automatically changed by the
	  kernel to minimal value 2

2011-09-29  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Check for ejected media during startup and migration
	If the daemon is restarted so we reconnect to monitor, cdrom media
	can be ejected. In that case we don't want to show it in domain xml,
	or require it on migration destination.
	To check for disk status use 'info block' monitor command.

2011-09-29  Alex Jia  <ajia@redhat.com>

	qemu: add return value check
	* src/qemu/qemu_migration.c: if 'vmdef' is NULL, the function
	  virDomainSaveConfig still dereferences it, it doesn't make
	  sense, so should add return value check to make sure 'vmdef'
	  is non-NULL before calling virDomainSaveConfig, in addition,
	  in order to debug later, also should record error information
	  into log.

2011-09-28  Eric Blake  <eblake@redhat.com>

	snapshot: implement getparent in qemu
	First hypervisor implementation of the new API.
	Allows 'virsh snapshot-list --tree' to be more efficient.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotGetParent): New
	function.

	snapshot: add virsh snapshot-list --tree
	Reuse the tree listing of nodedev-list, coupled with the new helper
	function to efficiently grab snapshot parent names, to produce
	tree output for a snapshot hierarchy.  For example:
	$ virsh snapshot-list dom --tree
	root1
	 |
	  +- sibling1
	  +- sibling2
	  |   |
	  |   +- grandchild
	  |
	  +- sibling3
	root2
	 |
	  +- child
	* tools/virsh.c (cmdSnapshotList): Add --tree.
	* tools/virsh.pod (snapshot-list): Document it.

	snapshot: refactor virsh snapshot parent computation
	Make parent computation reusable, using virDomainSnapshotGetParent
	when possible.
	* tools/virsh.c (vshGetSnapshotParent): New helper.
	(cmdSnapshotParent): Use it.

	snapshot: remote protocol for getparent
	Mostly straight-forward, although this is the first API that
	returns a new snapshot based on a snapshot rather than a domain.
	* src/remote/remote_protocol.x
	(REMOTE_PROC_DOMAIN_SNAPSHOT_GET_PARENT): New rpc.
	(remote_domain_snapshot_get_parent_args)
	(remote_domain_snapshot_get_parent_ret): New structs.
	* src/rpc/gendispatch.pl: Adjust generator.
	* src/remote/remote_driver.c (remote_driver): Use it.
	* src/remote_protocol-structs: Update.

	snapshot: new virDomainSnapshotGetParent API
	Although a client can already obtain a snapshot's parent by
	dumping and parsing the xml, then doing a snapshot lookup by
	name, it is more efficient to get the parent in one step, which
	in turn will make operations that must traverse a snapshot
	hierarchy easier to perform.
	* include/libvirt/libvirt.h.in (virDomainSnapshotGetParent):
	Declare.
	* src/libvirt.c (virDomainSnapshotGetParent): New function.
	* src/libvirt_public.syms: Export it.
	* src/driver.h (virDrvDomainSnapshotGetParent): New callback.

	docs: document node device XML
	Coupled with the recent virsh nodedev-* doc patch, this should now
	give a better picture of libvirt node device handling.
	* docs/formatnode.html.in: Fill in page.

	docs: document virsh nodedev-* commands
	This section of the man page was completely missing; I stumbled on
	it when I had no clue that I had to use nodedev-reattach after
	I was done playing with <hostdev> device passthrough to one of my
	guests.
	* tools/virsh.pod (NODEDEV COMMANDS): New section.
	(attach-device, detach-device): Add cross-references.

2011-09-28  Laine Stump  <laine@laine.org>

	security: properly chown/label bidirectional and unidirectional fifos
	This patch fixes the regression with using named pipes for qemu serial
	devices noted in:
	  https://bugzilla.redhat.com/show_bug.cgi?id=740478
	The problem was that, while new code in libvirt looks for a single
	bidirectional fifo of the name given in the config, then relabels that
	and continues without looking for / relabelling the two unidirectional
	fifos named ${name}.in and ${name}.out, qemu looks in the opposite
	order. So if the user had naively created all three fifos, libvirt
	would relabel the bidirectional fifo to allow qemu access, but qemu
	would attempt to use the two unidirectional fifos and fail (because it
	didn't have proper permissions/rights).
	This patch changes the order that libvirt looks for the fifos to match
	what qemu does - first it looks for the dual fifos, then it looks for
	the single bidirectional fifo. If it finds the dual unidirectional
	fifos first, it labels/chowns them and ignores any possible
	bidirectional fifo.
	(Note commit d37c6a3a (which first appeared in libvirt-0.9.2) added
	the code that checked for a bidirectional fifo. Prior to that commit,
	bidirectional fifos for serial devices didn't work because libvirt
	always required the ${name}.(in|out) fifos to exist, and qemu would
	always prefer those.

2011-09-28  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Preserve fakeReboot flag in domain status
	Thus, when libvirtd is restarted, it will know if a domain is supposed
	to be killed or reset when it shuts down.

	qemu: Finish domain shutdown on reconnect
	If a domain started with -no-shutdown shuts down while libvirtd is not
	running, it will be seen as paused when libvirtd reconnects to it. Use
	the paused reason to detect if a domain was stopped because of shutdown
	and finish the process just as if a SHUTDOWN event is delivered from
	qemu.

	qemu: Check domain status details when reconnecting monitor
	Current qemu is able to give us detailed domain status (not just if it
	is running or not) which we can translate into a status reason.

	qemu: Always remove domain object if MigratePrepare fails
	If migration failed in Prepare phase after virDomainAssignDef and before
	a job was started, the domain object was not properly removed.

2011-09-28  Jamie Strandboge  <jamie@canonical.com>

	fix AppArmor driver for pipe character devices
	The AppArmor security driver adds only the path specified in the domain
	XML for character devices of type 'pipe'. It should be using <path>.in
	and <path>.out. We do this by creating a new vah_add_file_chardev() and
	use it for char devices instead of vah_add_file(). Also adjust
	valid_path() to accept S_FIFO (since qemu chardevs of type 'pipe' use
	fifos). This is https://launchpad.net/bugs/832507

2011-09-28  Peter Krempa  <pkrempa@redhat.com>

	virsh: Allow using complete <capabilities> elements with cpu-baseline
	This patch cleans the cpu baseline function using new libvirt helper
	functions and fixes XPath expression that selects <cpu> elements from
	the source file, that can contain concatenated <capabilities> XMLs,
	domain XMLs and bare <cpu> elements. The fixed XPath expression ensures
	not to select NUMA <cpu id=... elements.
	This patch also removes vshRealloc function, that remained unused after
	cleaning up cpu-baseline.
	https://bugzilla.redhat.com/show_bug.cgi?id=731645

	virsh: Allow using domain and capabilities XMLs with cpu-compare
	This patch adds extraction of the <cpu> element from capabilities and
	domain definition XML documents to improve user experience.
	https://bugzilla.redhat.com/show_bug.cgi?id=731151

2011-09-28  Eric Blake  <eblake@redhat.com>

	snapshot: fix man page typos
	pod2man from perl-5.8.8 (RHEL 5) errors out on ill-formed POD:
	*** ERROR: unterminated I<...> at line 1114 in file virsh.pod
	*** ERROR: unterminated I<...> at line 1851 in file virsh.pod
	Newer pod2man appears to be more tolerant (which is a shame,
	because it meant that this error is harder to detect).
	* tools/virsh.pod (undefine, snapshot-current): Add missing >.

2011-09-27  Laine Stump  <laine@laine.org>

	qemu: add ability to set PCI device "rombar" on or off
	This patch was made in response to:
	  https://bugzilla.redhat.com/show_bug.cgi?id=738095
	In short, qemu's default for the rombar setting (which makes the
	firmware ROM of a PCI device visible/not on the guest) was previously
	0 (not visible), but they recently changed the default to 1
	(visible). Unfortunately, there are some PCI devices that fail in the
	guest when rombar is 1, so the setting must be exposed in libvirt to
	prevent a regression in behavior (it will still require explicitly
	setting <rom bar='off'/> in the guest XML).
	rombar is forced on/off by adding:
	  <rom bar='on|off'/>
	inside a <hostdev> element that defines a PCI device. It is currently
	ignored for all other types of devices.
	At the moment there is no clean method to determine whether or not the
	rombar option is supported by QEMU - this patch uses the advice of a
	QEMU developer to assume support for qemu-0.12+. There is currently a
	patch in the works to put this information in the output of "qemu-kvm
	-device pci-assign,?", but of course if we switch to keying off that,
	we would lose support for setting rombar on all the versions of qemu
	between 0.12 and whatever version gets that patch.

2011-09-27  Eric Blake  <eblake@redhat.com>

	spec: F15 still uses cgconfig, RHEL lacks hyperv
	Commit ecd8725c dropped attempts to probe the cgconfig service on
	new enough Fedora where systemd took over that aspect of the system,
	but mistakenly used F14 instead of F15 as the cutoff point.
	https://bugzilla.redhat.com/show_bug.cgi?id=741358
	Also, RHEL does not include HyperV support yet.
	* libvirt.spec.in (with_cgconfig): Check cgconfig service in F15.
	(%{?rhel}): Provide default for with_hyperv.

2011-09-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Relax -no-shutdown check to [0.14.0, 0.15.50)
	SIGTERM handling for -no-shutdown is already fixed in qemu git and
	libvirt can safely use it. The downside is that 0.15.50 version of qemu
	can be any qemu compiled from git, even that without the fix for
	SIGTERM. However, I think this patch is worth it since excluding 0.15.50
	from the check makes testing current qemu with libvirt much easier and
	someone running qemu from git should be able to rebuild fixed qemu from
	git if they hit the problem with a hang on shutdown.

	virsh: Better document --copy-storage migrate options
	Both --copy-storage-{all,inc} options require disk images to be present
	on destination host.

	virsh: Enhance documentation of commands starting jobs
	Some virsh commands start a (long-running) job that can be monitored
	using domjobinfo and aborted with domjobabort. Let's be explicit about
	this in virsh man page.

2011-09-27  Michal Privoznik  <mprivozn@redhat.com>

	virLockManagerNopInit: Rename flags to unused_flags
	As these might be not used and make syntax-check complains about checking
	them via virCheckFlags.

2011-09-27  Peter Krempa  <pkrempa@redhat.com>

	daemon: Don't remove pidfiles in init scripts
	Init scripts removed pid file of the daemon. Removing pid files may be
	harmful as new api for crash-safe pidfiles is used (introduced by
	c8a3a26).

2011-09-27  Michal Privoznik  <mprivozn@redhat.com>

	debug: Annotate some variables as unused
	as they are not used with debugging turned off.

2011-09-27  Osier Yang  <jyang@redhat.com>

	storage: Do not break the whole vol lookup process in the middle
	* src/storage/storage_driver.c: As virStorageVolLookupByPath lookups
	all the pool objs of the drivers, breaking when failing on getting
	the stable path of the pool will just breaks the whole lookup process,
	it can cause the API fails even if the vol exists indeed. It won't get
	any benefit. This patch is to fix it.

2011-09-24  Peter Krempa  <pkrempa@redhat.com>

	maint: update authors

2011-09-23  Oskari Saarenmaa  <os@ohmu.fi>

	Add unsafe cache mode support for disk driver
	QEMU 0.13 introduced cache=unsafe for -drive, this patch exposes
	it in the libvirt layer.
	  * Introduced a new QEMU capability flag ($prefix_CACHE_UNSAFE),
	    as even if $prefix_CACHE_V2 is set, we can't know if unsafe
	    is supported.
	  * Improved the reliability of qemu cache type detection.

2011-09-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix synchronous reading of stream data
	commit 984840a2c292402926ad100aeea33f8859ff31a9 removed the
	notification of waiting calls when VIR_NET_CONTINUE messages
	arrive. This was to fix the case of a virStreamAbort() call
	being prematurely notified of completion.
	The problem is that sometimes there are dummy calls from a
	virStreamRecv() call waiting that *do* need to be notified.
	These dummy calls should have a status VIR_NET_CONTINUE. So
	re-add the notification upon VIR_NET_CONTINUE, but only if
	the waiter also has a status of VIR_NET_CONTINUE.
	* src/rpc/virnetclient.c: Notify waiting call if stream data
	  arrives
	* src/rpc/virnetclientstream.c:  Mark dummy stream read packet
	  with status VIR_NET_CONTINUE

2011-09-23  Michal Privoznik  <mprivozn@redhat.com>

	selinux: Correctly report warning if virt_use_nfs not set
	Previous patch c9b37fee tried to deal with virt_use_nfs. But
	setfilecon() returns EOPNOTSUPP on NFS so we need to move the
	warning to else branch.

2011-09-23  Peter Krempa  <pkrempa@redhat.com>

	virsh: Improve virsh manual for virsh memtune command
	Commit 0a22f54 added --min-guarantee option for the memtune command.
	This option is supported only by the ESX hypervisor. This patch adds a
	statement about this fact, to prevent user confusion.
	This patch also adds explanation how to clear/set to unlimited the
	memory tunables. (documments the -1 value).

2011-09-22  Osier Yang  <jyang@redhat.com>

	virsh: Do not ignore the specified flags for cmdSaveImageDefine
	Introduced by commit 42c52d53c, which added the support for new
	flags, but forgot to update the API use to pass the flags.

2011-09-22  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Transfer inactive XML among cookie
	If a domain has inactive XML we want to transfer it to destination
	when migrating with VIR_MIGRATE_PERSIST_DEST. In order to harm
	the migration protocol as least as possible, a optional cookie was
	chosen.

2011-09-22  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.6

2011-09-22  Eric Blake  <eblake@redhat.com>

	snapshot: also delete empty directory
	The previous patch removed all snapshots, but not the directory
	where the snapshots lived, which is still a form of stale data.
	* src/qemu/qemu_domain.c (qemuDomainRemoveInactive): Wipe any
	snapshot directory.

	snapshot: remove snapshot metadata on transient exit
	Commit 282fe1f0 documented that transient domains will auto-delete
	any snapshot metadata when the last reference to the domain is
	removed, and that management apps are in charge of grabbing any
	snapshot metadata prior to that point.  However, this was not
	actually implemented for qemu until now.
	* src/qemu/qemu_driver.c (qemudDomainCreate)
	(qemuDomainDestroyFlags, qemuDomainSaveInternal)
	(qemudDomainCoreDump, qemuDomainRestoreFlags, qemudDomainDefine)
	(qemuDomainUndefineFlags, qemuDomainMigrateConfirm3)
	(qemuDomainRevertToSnapshot): Clean up snapshot metadata.
	* src/qemu/qemu_migration.c (qemuMigrationPrepareAny)
	(qemuMigrationPerformJob, qemuMigrationPerformPhase)
	(qemuMigrationFinish): Likewise.
	* src/qemu/qemu_process.c (qemuProcessHandleMonitorEOF)
	(qemuProcessReconnect, qemuProcessReconnectHelper)
	(qemuProcessAutoDestroyDom): Likewise.

	snapshot: prepare to remove transient snapshot metadata
	This patch is mostly code motion - moving some functions out
	of qemu_driver and into qemu_domain so they can be reused by
	multiple qemu_* files (since qemu_driver.h must not grow).
	It also adds a new helper function, qemuDomainRemoveInactive,
	which will be used in the next patch.
	* src/qemu/qemu_domain.h (qemuFindQemuImgBinary)
	(qemuDomainSnapshotWriteMetadata, qemuDomainSnapshotForEachQcow2)
	(qemuDomainSnapshotDiscard, qemuDomainSnapshotDiscardAll)
	(qemuDomainRemoveInactive): New prototypes.
	(struct qemu_snap_remove): New struct.
	* src/qemu/qemu_domain.c (qemuDomainRemoveInactive)
	(qemuDomainSnapshotDiscardAllMetadata): New functions.
	(qemuFindQemuImgBinary, qemuDomainSnapshotWriteMetadata)
	(qemuDomainSnapshotForEachQcow2, qemuDomainSnapshotDiscard)
	(qemuDomainSnapshotDiscardAll): Move here...
	* src/qemu/qemu_driver.c (qemuFindQemuImgBinary)
	(qemuDomainSnapshotWriteMetadata, qemuDomainSnapshotForEachQcow2)
	(qemuDomainSnapshotDiscard, qemuDomainSnapshotDiscardAll): ...from
	here.
	(qemuDomainUndefineFlags): Update caller.
	* src/conf/domain_conf.c (virDomainRemoveInactive): Doc fixes.

	snapshot: fix logic bug in qemu undefine
	Commit 19f8c98 introduced VIR_DOMAIN_UNDEFINE_SNAPSHOTS_METADATA,
	with the intent that omitting the flag makes undefine fail, and
	including the flag deletes metadata.  But it used the wrong logic.
	Also, hoist the transient domain sooner, so that we don't
	accidentally remove metadata of a transient domain.
	* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Check correct
	flag value.

	sanlock: fix memory leak
	Detected by Coverity.  The only way to get to error_unlink is if
	path was successfully assigned, so the if was useless.  Meanwhile,
	there was a return statement that did not free path.
	* src/locking/lock_driver_sanlock.c
	(virLockManagerSanlockSetupLockspace): Fix mem-leak, and drop
	useless if.

	virsh: fix regression in argv parsing
	Prior to commit 85d2810, we had an issue where:
	snapshot-create-as dom name --diskspec spec --diskspec spec
	failed to parse the second spec, because the first spec had marked
	that option as no longer requiring an argument.
	In commit 85d2810, I fixed it by making argv options no longer mark
	the option as seen.  But this in turn breaks mandatory argv options,
	which now complain that the argv option is missing.
	This patch reverts that part of 85d2810, and instead replaces it with
	fixes to no longer clear opts_need_arg of an argv argument.
	* tools/virsh.c (vshCmddefGetOption, vshCmddefGetData)
	(vshCommandParse): Fix option parsing for required argv option.
	(vshCmddefOptParse): Check that argv option is last.
	* tests/virsh-optparse: Enhance test.

2011-09-22  Osier Yang  <jyang@redhat.com>

	virsh: More friendly err if no pool is specified for looking up a vol
	There are 3 ways to lookup a volume, only virStorageVolLookupByName
	needs pool object. So if no --pool is specified, it will tries to
	get the volume via virStorageVolLookupByPath/virStorageVolLookupByKey.
	But if all 3 ways fails, and no --pool is specified, a friendly
	error might help the user get right way quickly.

	storage: Wait udev events are handled before removing lvm vol
	Related #BZ: https://bugzilla.redhat.com/show_bug.cgi?id=702260.
	There are two problems described in the BZ:
	1) "Can't remove open logical volume".
	2) "Unable to deactivate logical volume "foo""
	This patch just intends to fix 2), as 1) is expected if the vol
	is still used by something, and you never known if "lvchange -an"
	will fail or not either (sometime, it will succeed, sometimes not).
	We'd better not look for trouble, :-)
	For 2), that's caused by race between lvremove and udev event handling,
	the only workable way now is to wait the events handling are finished,
	though it might introduce latencies, as "udevadmin settle" exits
	after *all* events are handled, it's the only way we can fix
	the racing in libvirt layer.
	See https://bugzilla.redhat.com/show_bug.cgi?id=570359 for more
	details.

2011-09-22  Alex Jia  <ajia@redhat.com>

	qemu: avoid dereferencing a NULL pointer
	* src/qemu/qemu_process.c: Taking if (qemuDomainObjEndJob(driver, obj) == 0)
	  true branch then 'obj' is NULL, virDomainObjIsActive(obj) and
	  virDomainObjUnref(obj) will dereference NULL pointer.

2011-09-22  Oskari Saarenmaa  <os@ohmu.fi>

	tests: improve test failure diagnosis
	  * qemuhelptest prints test case name on failure.

2011-09-21  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid loop of fake reboots
	Once virDomainReboot is called for a domain, guest OS initiated shutdown
	would always result in reboot instead of shutdown. Only
	virDomainShutdown would actually shutd such domain down. That's because
	we forgot to reset fakeReboot flag once we asked the domain to reboot.

	qemu: Fix shutdown regression with buggy qemu
	The commit that prevents disk corruption on domain shutdown
	(96fc4784177ecb70357518fa863442455e45ad0e) causes regression with QEMU
	0.14.* and 0.15.* because of a regression bug in QEMU that was fixed
	only recently in QEMU git. The affected versions of QEMU do not quit on
	SIGTERM if started with -no-shutdown, which we use to implement fake
	reboot. Since -no-shutdown tells QEMU not to quit automatically on guest
	shutdown, domains started using the affected QEMU cannot be shutdown
	properly and stay in a paused state.
	This patch disables fake reboot feature on such QEMU by not using
	-no-shutdown, which makes shutdown work as expected. However,
	virDomainReboot will not work in this case and it will report "Requested
	operation is not valid: Reboot is not supported with this QEMU binary".

2011-09-21  Osier Yang  <jyang@redhat.com>

	API: prefer to use NULLSTR macro

2011-09-21  Eric Blake  <eblake@redhat.com>

	remote: fix crash on OOM
	Bug introduced in commit 675464b.  On an OOM, this would try to
	dereference a char* and free the contents as a pointer, which is
	doomed to failure.
	Adding a syntax check will prevent mistakes like this in the future.
	* cfg.mk (sc_prohibit_internal_functions): New syntax check.
	(exclude_file_name_regexp--sc_prohibit_internal_functions): Add
	exemptions.
	* daemon/remote.c (remoteRelayDomainEventIOError)
	(remoteRelayDomainEventIOErrorReason)
	(remoteRelayDomainEventGraphics, remoteRelayDomainEventBlockJob):
	Use correct free function.

	xen: use typical allocations
	The next patch will add a syntax check that flags this usage in xen
	as awkward - while it was valid memory management, it was very hard
	to maintain.  Swapping to a more traditional allocation may be a bit
	slower, but easier to understand.
	* src/xen/xend_internal.c (xenDaemonListDomainsOld): Use two-level
	allocation, rather than abusing allocation function.
	(xenDaemonLookupByUUID): Update caller.

2011-09-21  Osier Yang  <jyang@redhat.com>

	virsh: Remove useless codes of cmdVolPath
	Variable "name" is never used in the codes, it's useless.

2011-09-21  Eric Blake  <eblake@redhat.com>

	build: silence warning on 32-bit build
	gcc warns when building libvirt 0.9.5 on a 32-bit machine:
	qemu/qemu_migration.c: In function 'qemuMigrationToFile':
	qemu/qemu_migration.c:2727:38: error: large integer implicitly truncated to unsigned type [-Woverflow]
	* src/qemu/qemu_domain.h (QEMU_DOMAIN_FILE_MIG_BANDWIDTH_MAX): Cap
	to long when building for 32-bit platform.

2011-09-20  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.5
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: fetch updated translations from transifex and rebuilt

	Fix crash on events due to allocation errors
	remoteRelayDomainEventBlockJob, remoteRelayDomainEventIOError,
	remoteRelayDomainEventIOErrorReason and remoteRelayDomainEventGraphics
	were using const string directly in rpc structure, before calling
	remoteDispatchDomainEventSend(). But that routine now frees up all
	the pointed allocated memory from the rpc structure and we end up
	with a double free.
	This now strdup() all the strings passed and provide mem_error goto
	labels to be used when an allocation error occurs.
	Note that the cleanup isn't completely finished because all relaying
	function also call make_nonnull_domain() which also allocate a string
	and never handle the error case. This patches doesn't try to address
	this as this is only error correctness a priori and touches far more
	functions in this module:
	* daemon/remote.c: fix string allocations and memory error handling
	  for remoteRelayDomainEventBlockJob, remoteRelayDomainEventIOError,
	  remoteRelayDomainEventIOErrorReason and remoteRelayDomainEventGraphics

2011-09-20  Daniel P. Berrange  <berrange@redhat.com>

	Update to require sanlock 1.8 for license compliance
	Inexplicably the sanlock code all got placed under the GPLv2-only,
	so libvirt's use of sanlock introduces a license incompatibility.
	The sanlock developers have now rearranged the code such that there
	is a 'sanlock_client.so' which is LGPLv2+ while their daemon remains
	GPLv2-only. To use the new client library we need to call the new
	sanlock_init and sanlock_align APIs instead of sanlock_direct_init
	and sanlock_direct_align. These APIs calls are now routed via the
	sanlock daemon, instead of doing direct I/O calls to disk.
	For all this we require sanlock >= 1.8
	* configure.ac: Check for sanlock_client.so instead of sanlock.so
	  and fix various comments
	* libvirt.spec.in: Mandate sanlock >= 1.8
	* src/Makefile.am: Link to -lsanlock_client
	* src/locking/lock_driver_sanlock.c: Use sanlock_init and
	  sanlock_align

2011-09-20  Osier Yang  <jyang@redhat.com>

	conf: Assign newDef of active domain as persistent conf if it is NULL
	Libvirt loads the domain conf from status XML if it's running when
	starting up. The problem is there is no record of the original conf.
	(dom->newDef is NULL here).
	So libvirt won't be able to restore the domain conf to original one
	when destroying/shutdown. E.g.
	1) attach a device without "--persistent"
	2) restart libvirtd
	3) destroy domain
	4) start domain
	One will see the the disk still exists.
	This patch is to fix the peoblem by assigning persistent domain conf
	to dom->newDef if it's NULL and the domain is running.

	storage: Ensure the device path exists before refreshing disk pool
	Doing libvirt_parthelper on an not existed device path will get
	an unfriendly error message. This patch is to prohibit it.

	daemon: Error and exit if specified value for timeout is not valid
	Silently setting "timeout" as -1 if the specified value is invalid
	is a bit confused.

2011-09-20  Peter Krempa  <pkrempa@redhat.com>

	Remove devname identifier from autogenerated RPC code
	Patch 79cf07a missed one instance of "devname" in source for RPC code
	generator.

2011-09-20  Eric Blake  <eblake@redhat.com>

	virsh: tweak previous domblkstat patch
	Translators are likely to botch trailing spacing; by doing the
	formatting outside of the translation, we can generally get
	better alignment.  Also, for consistency, use 'bytes read' to
	match 'bytes written'.
	* tools/virsh.c (domblkstat_output): Drop trailing space. Tweak
	rd_bytes output.
	(cmdDomblkstat, DOMBLKSTAT_LEGACY_PRINT): Update formatting.

2011-09-20  Peter Krempa  <pkrempa@redhat.com>

	virsh: doc: Fix supported driver types for attach-disk command
	Virsh man page lists driver types to be used with attach-device
	command, but does not specify that those are usable only with the XEN
	Hypervisor.
	This patch adds statement, that those options specified are applicable
	only on the Xen hypervisor and adds option usable with qemu emulator.
	This patch also changes type of error returned by QEMU driver if the
	user specifies incompatible driver type from VIR_ERR_INTERNAL_ERROR to
	VIR_ERR_CONFIG_UNSUPPORTED.

2011-09-20  Eric Blake  <eblake@redhat.com>

	maint: Prefer names over email in 'git shortlog'
	Alex recently committed some patches with just an email instead
	of a preferred name; this fixes things so 'git shortlog' gives
	nicer output.
	* .mailmap: Update.

2011-09-20  Peter Krempa  <pkrempa@redhat.com>

	virsh: Add more human-friendly output of domblkstat command
	Users of virsh complain that output of the domblkstat command
	is not intuitive enough. This patch adds explanation of fields
	returned by this command to the help section for domblkstat and
	the man page of virsh. Also a switch --human is added for
	domblkstat that prints the fields with more descriptive
	texts.
	This patch also changes sequence of the output fields and their
	names back to the order and spelling established by previous
	versions of virsh to maintain compatibility with scripts.
	Example of ordered and "translated" output:
	PRE-patch:
	virsh # domblkstat 1 vda
	vda wr_bytes 5170176
	vda wr_operations 511
	vda rd_bytes 82815488
	vda rd_operations 3726
	POST-patch:
	virsh # domblkstat 1 vda
	vda rd_req 3726
	vda rd_bytes 82815488
	vda wr_req 478
	vda wr_bytes 4965376
	Example of human readable output:
	virsh # domblkstat 1 vda --human
	Device: vda
	 number of read operations:      3726
	 number of read bytes:           82815488
	 number of write operations:     478
	 number of bytes written:        4965376
	https://bugzilla.redhat.com/show_bug.cgi?id=731656

2011-09-20  ajia@redhat.com  <ajia@redhat.com>

	vmx: avoid memory leak
	* src/vmx/vmx.c: fix memory leak, 'def' has a initial value 'NULL', so
	  'goto cleanup' is perfected instead of adding a virConfFree before
	  'return NULL'.

	util: avoid memory leak
	Leak in pciGetVirtualFunctionIndex present since commit 17d64ca.
	* src/util/pci.c: fix memory leak.

	remote: avoid memory leak
	Leak present since introduction of remoteDomainBuildEventGraphics
	in commit 987e31e.
	* src/remote/remote_driver.c: fix memory leak.

	qemu: avoid memory leak
	Leak introduced in commit 036ad50, affects only error case.
	* src/qemu/qemu_command.c: fix memory leak.

	daemon: avoid memory leak
	Introduced in commit efa7fc9f.
	* daemon/remote.c: fix memory leak in remoteDispatchDomainBlockStatsFlags

2011-09-17  Eric Blake  <eblake@redhat.com>

	spec: silence warnings when installing in F16
	https://bugzilla.redhat.com/show_bug.cgi?id=738725 documents that
	'yum install libvirt' in Fedora 16 is rather noisy.  This fixes
	the problems.
	* libvirt.spec.in (%post client): Silence chkconfig warning about
	SysV services.
	(%post) [with_cgconfig]: Drop for Fedora 15 and newer, where
	systemd does this automatically.

	snapshot: allow disk snapshots of qcow2 disks
	For all types of disks other than qcow2, we were requesting that
	SELinux labeling visit the new file as if it were qcow2, which
	means labeling would try to find the backing files of an empty file.
	And for a pre-existing qcow2 disk, we were passing NULL, which meant
	that labelling tried to probe the file type (and if probing is
	disabled, per the default qemu.conf, this made snapshots fail).
	What we really want is to make SELinux labeling visit the new
	file as raw; it will later be converted to qcow2 if qemu successfully
	made the snapshot.
	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive): Force SELinux labeling
	to avoid probe of new file.

	snapshot: affect persistent xml after disk snapshot
	For external snapshots to be useful on persistent domains, we must
	alter the persistent definition alongside the running definition.
	Thanks to the possibility of disk hotplug as well as of edits that
	only affect the persistent xml, we can't assume that vm->def and
	vm->newDef have the same disk at the same index, so we can only
	update the persistent copy if the device destination matches up.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive)
	(qemuDomainSnapshotCreateSingleDiskActive): Also affect newDef, if
	present.

	build: work around lack of MacOS fdatasync
	Mingw lacks fsync, but gnulib provides that.  Meanwhile, gnulib does
	not (yet) provide fdatasync, so this is a quick hack to fake that
	function on MacOS X; we can revert this configure change once gnulib
	gives us a real module.
	We have been implicitly relying on gnulib's largefile module being
	pulled in by other modules, but it's better to make that explicit.
	* bootstrap.conf (gnulib_modules): Add fsync.  Make largefile use
	explicit.
	* configure.ac (AC_CHECK_FUNCS_ONCE): Check for fdatasync, and
	fake it with fsync when not present.

2011-09-17  Daniel P. Berrange  <berrange@redhat.com>

	Prevent crash from dlclose() of libvirt.so
	When libvirt calls virInitialize it creates a thread local
	for the virErrorPtr storage, and registers a callback to
	cleanup memory when a thread exits. When libvirt is dlclose()d
	or otherwise made non-resident, the callback function is
	removed from memory, but the thread local may still exist
	and if a thread later exists, it will invoke the callback
	and SEGV. There may also be other thread locals with callbacks
	pointing to libvirt code, so it is in general never safe to
	unload libvirt.so from memory once initialized.
	To allow dlclose() to succeed, but keep libvirt.so resident
	in memory, link with '-z nodelete'. This issue was first
	found with the libvirt CIM provider, but can potentially
	hit many of the dynamic language bindings which all ultimately
	involve dlopen() in some way, either on libvirt.so itself,
	or on the glue code for the binding which in turns links
	to libvirt
	* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
	  with -z nodelete
	* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
	  tests/shunloadtest.c: A test case to unload libvirt while
	  a thread is still running.

2011-09-17  Alex Jia  <ajia@redhat.com>

	qemu: add return value check
	* src/qemu/qemu_command.c: missing return value check.

2011-09-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Introduce shutdown reason for paused state
	Qemu sends STOP event as part of the shutdown process. Detect such STOP
	event and consider shutdown to be reason of emitting such event. That's
	the best we can do until qemu provides us the reason directly in STOP
	event. This allows us to report shutdown reason for paused state so that
	apps can detect domains that failed to finish the shutdown process
	(e.g., because qemu is buggy and doesn't exit on SIGTERM or it is
	blocked in flushing disk buffers).

	qemu: Prevent disk corruption on domain shutdown
	Ever since we introduced fake reboot, we call qemuProcessKill as a
	reaction to SHUTDOWN event. Unfortunately, qemu doesn't guarantee it
	flushed all internal buffers before sending SHUTDOWN, in which case
	killing the process forcibly may result in (virtual) disk corruption.
	By sending just SIGTERM without SIGKILL we give qemu time to to flush
	all buffers and exit. Once qemu exits, we will see an EOF on monitor
	connection and tear down the domain. In case qemu ignores SIGTERM or
	just hangs there, the process stays running but that's not any different
	from a possible hang anytime during the shutdown process so I think it's
	just fine.
	Also qemu (since 0.14 until it's fixed) has a bug in SIGTERM processing
	which causes it not to exit but instead send new SHUTDOWN event and keep
	waiting. I think the best we can do is to ignore duplicate SHUTDOWN
	events to avoid a SHUTDOWN-SIGTERM loop and leave the domain in paused
	state.

	qemu: Properly detect crash of a rebooted domain
	When a domain is rebooted using libvirt API, we use fake reboot
	consisting of shutting down and resetting the domain. Thus we see a
	SHUTDOWN event and set gotShutdown flag. But we never reset it back and
	if the domain crashes after it was rebooted this way, we consider it was
	a normal shutdown and not a crash.

	qemu: Fix shutoff reason when domain crashes
	Commit 4454a9efc728b91e791b1f14c26ea23a19d57f48 changed shutoff reason
	from VIR_DOMAIN_SHUTOFF_CRASHED to VIR_DOMAIN_SHUTOFF_FAILED in case we
	see an unexpected EOF on monitor connection. But FAILED reason is
	dedicated for domains that fail to start. CRASHED reason is the right
	one to use in this situation.

	python: Fix bindings generated in VPATH build

2011-09-16  Eric Blake  <eblake@redhat.com>

	Revert "virsh: Use old API if remote libvirtd does not support new"
	This reverts commit 799912fa05b8c3aa37bd04c57b196755f3f70552; now
	that the rpc regression is fixed, virsh no longer needs the special
	case here.

	rpc: convert unknown procedures to VIR_ERR_NO_SUPPORT
	Libvirt special-cases a specific VIR_ERR_RPC from the remote driver
	back into VIR_ERR_NO_SUPPORT on the client, so that clients can
	handle missing rpc functions the same whether the hypervisor driver
	is local or remote.  However, commit c1b22644 introduced a regression:
	VIR_FROM_THIS changed from VIR_FROM_REMOTE to VIR_FROM_RPC, so the
	special casing no longer works if the server uses the newer error
	domain.
	* src/rpc/virnetclientprogram.c
	(virNetClientProgramDispatchError): Also cater to 0.9.3 and newer.

2011-09-16  Stefan Berger  <stefanb@us.ibm.com>

	Fix buzzilla 738778
	This patch fixes the bug shown in bugzilla 738778. It's not an nwfilter problem but a connection sharing / closure issue.
	https://bugzilla.redhat.com/show_bug.cgi?id=738778
	Depending on the speed / #CPUs of the machine you are using you may not see this bug all the time.

2011-09-16  Alex Jia  <ajia@redhat.com>

	conf: avoid memory leak on virDomainDefParseXML
	* conf/domain_conf.c: allocate memory to def->redirdevs in
	  virDomainDefParseXML such as VIR_ALLOC_N(def->redirdevs, n),
	  however, virDomainDefFree(def) hasn't released these memory.
	* Detected in valgrind run:
	==19820== 209 (16 direct, 193 indirect) bytes in 1 blocks are definitely lost in loss record 25 of 26
	==19820==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==19820==    by 0x4A13AF: virAllocN (memory.c:129)
	==19820==    by 0x4D4A0E: virDomainDefParseXML (domain_conf.c:7258)
	==19820==    by 0x4D4C93: virDomainDefParseNode (domain_conf.c:7512)
	==19820==    by 0x4D562F: virDomainDefParse (domain_conf.c:7465)
	==19820==    by 0x415863: testCompareXMLToXMLFiles (qemuxml2xmltest.c:35)
	==19820==    by 0x415982: testCompareXMLToXMLHelper (qemuxml2xmltest.c:80)
	==19820==    by 0x416D31: virtTestRun (testutils.c:140)
	==19820==    by 0x415604: mymain (qemuxml2xmltest.c:192)
	==19820==    by 0x416437: virtTestMain (testutils.c:689)
	==19820==    by 0x3CA7A1ECDC: (below main) (in /lib64/libc-2.12.so)
	==19820==
	==19820== LEAK SUMMARY:
	==19820==    definitely lost: 16 bytes in 1 blocks
	==19820==    indirectly lost: 193 bytes in 5 blocks
	==19820==      possibly lost: 0 bytes in 0 blocks
	==19820==    still reachable: 1,054 bytes in 21 blocks
	* How to reproduce?
	% valgrind -v --leak-check=full ./tests/qemuxml2xmltest

2011-09-16  Peter Krempa  <pkrempa@redhat.com>

	build: storage: Macro 'MKFS' is undefined on some platforms.
	Mac OS X 10.6. Snow Leopard and probably other do not provide a mkfs
	command to create filesystems. Macro MKFS then remained undefined and
	did not provide any substitute, so that build failed on a missing
	argument.

	build: storage: Conditionaly compiled structure caused build fail on OSX
	Struct virStoragePoolProbeResult was compiled in conditionaly, but
	virStorageBackendFileSystemProbe used it unconditionaly. This patch
	exempts the struct from conditional include.

	Avoid using "devname" as an identifier.
	/usr/lib/stdlib.h in Mac OS X and probably also in BSD's
	exports this symbol :(

	doc: Add statment about permissions needed to do a core dump
	Documentation did not specify, that some permissions are required on
	target path for coredump for the user running the hypervisor.
	Diff to v1:
	- reword statements

2011-09-16  Eric Blake  <eblake@redhat.com>

	snapshot: tweak snapshot-create-as diskspec docs
	With this patch, it is hopefully a bit more obvious that for
	snapshot-create-as, a literal '--diskspec' is mandatory if name
	or description was omitted, but optional if all earlier options
	were provided.
	These all denote two diskspecs and a description:
	virsh snapshot-create-as dom name desc vda vdb
	virsh snapshot-create-as dom name desc --diskspec vda --diskspec vdb
	virsh snapshot-create-as dom name desc --diskspec vda vdb
	virsh snapshot-create-as dom name desc vda --diskspec vdb
	virsh snapshot-create-as dom --diskspec vda --diskspec vdb name desc
	This gives two diskspecs but no description:
	virsh snapshot-create-as dom name --diskspec vda --diskspec vdb
	And this treats 'vda' as the description, with only one diskspec:
	virsh snapshot-create-as dom name vda vdb
	The help output now shows:
	    snapshot-create-as <domain> [<name>] [<description>] [--print-xml] [--no-metadata] [--halt] [--disk-only] [[--diskspec] <string>]...
	I also checked the help output for echo and send-key, which are two
	other variants of argv commands.
	* tools/virsh.pod (snapshot-create-as): Document when a literal
	--diskspec must preceed a diskspec argument.
	* tools/virsh.c (vshCmddefHelp): Update help output for argv when
	naming the option is useful.
	(vshCmddefGetData): Fix logic on when argv was seen.
	* tests/virsh-optparse: Add tests to avoid regressions.

2011-09-16  Cole Robinson  <crobinso@redhat.com>

	python: Fix libvirt.py generation to include virterror info
	Recent generator refactoring broke libvirt.py. With this patch, libvirt.py
	is generated exactly the same as before offending commit 9eba0d25.

2011-09-16  Eric Blake  <eblake@redhat.com>

	qemu_api: doc improvements
	The new doc text had a few readability issues.  Also, the
	monitor command text copied a bit too much from the attach case.
	* src/libvirt-qemu.c (virDomainQemuMonitorCommand)
	(virDomainQemuAttach): Fix typos and grammar.

2011-09-16  Peter Krempa  <pkrempa@redhat.com>

	doc: virsh: Fix command name in man page
	Fix cut&paste error having command named domif-setlink instead of
	domif-getlink.

2011-09-15  Alex Jia  <ajia@redhat.com>

	sanlock: add missing test command in virt-sanlock-cleanup.in
	* tools/virt-sanlock-cleanup.in: fix missing test command when judging
	  second condition.
	https://bugzilla.redhat.com/show_bug.cgi?id=738534

2011-09-15  Michal Privoznik  <mprivozn@redhat.com>

	spec: Require augeas for sanlock
	Even though we BuildRequire augeas in some cases, we need to require
	it even after if we build with sanlock. virt-sanlock-cleanup use it.

2011-09-15  Jim Fehlig  <jfehlig@suse.com>

	Fix build after commit 829bce17
	Pushing under build-breaker rule.

2011-09-15  Jim Fehlig  <jfehlig@novell.com>

	Use max bandwidth from qemuDomainObjPrivate struct when migrating
	Adjust qemuMigrationRun() to use migMaxBandwidth in qemuDomainObjPrivate
	structure when setting qemu migration speed.  Caller-specified 'resource'
	parameter overrides migMaxBandwidth.

	Set qemu migration speed unlimited when migrating to file
	The qemu migration speed default is 32MiB/s as defined in migration.c
	/* Migration speed throttling */
	static int64_t max_throttle = (32 << 20);
	There's no need to throttle migration when targeting a file, so set migration
	speed to unlimited prior to migration, and restore to libvirt default value
	after migration.
	Default units is MB for migrate_set_speed monitor command, so
	(INT64_MAX / (1024 * 1024)) is used for unlimited migration speed.
	Tested with both json and text monitors.

	Save migration speed in qemuDomainMigrateSetMaxSpeed
	Now that migration speed is stored in qemuDomainObjPrivate structure,
	save the new value when invoking qemuDomainMigrateSetMaxSpeed().
	Allow setting migration speed on inactive domain too.

	Impl virDomainMigrateGetMaxSpeed in qemu driver

	Store max migration bandwidth in qemuDomainObjPrivate struct
	The maximum bandwidth that can be consumed when migrating a domain
	is better classified as an operational vs configuration parameter of
	the dommain.  As such, store this parameter in qemuDomainObjPrivate
	structure.

2011-09-15  Marc-André Lureau  <marcandre.lureau@gmail.com>

	conf: add missing break in virDomainAuditRedirdev
	Also initialize to NULL a few variables that might get
	free before being set.

2011-09-15  Eric Blake  <eblake@redhat.com>

	network: add missing exports
	Commit c246b025 added new functions, but forgot to export them,
	resulting in a build failure when using modules.
	* src/libvirt_private.syms (network.h): Export new functions.

2011-09-14  Eric Blake  <eblake@redhat.com>

	snapshot: ABI stability must include memory sizing
	Commit 973fcd8f introduced the ability for qemu to reject snapshot
	reversion on an ABI incompatibility; but the very example that was
	first proposed on-list[1] as a demonstration of an ABI incompatibility,
	namely that of changing the max memory allocation, was not being
	checked for, resulting in a cryptic failure when running with larger
	max mem than what the snapshot was created with:
	error: operation failed: Error -22 while loading VM state
	This commit merely protects the three variables within mem that are
	referenced by qemu_command.c, rather than all 7 (the other 4 variables
	affect cgroup handling, but as far as I can tell, have no visible effect
	to the qemu guest).  This also affects migration and save file handling,
	which are other places where we perform ABI compatibility checks.
	[1] https://www.redhat.com/archives/libvir-list/2010-December/msg00331.html
	* src/conf/domain_conf.c (virDomainDefCheckABIStability): Add
	memory sizing checks.

	maint: ignore generated files
	* .gitignore: Exempt recently added generated files.

2011-09-14  Peter Krempa  <pkrempa@redhat.com>

	xml: Clean up rest of virtual XML document names for XML strings
	Commit 498d783 cleans up some of virtual file names for parsing strings
	in memory. This patch cleans up (hopefuly) the rest forgotten by the
	first patch.
	This patch also changes all of the previously modified "filenames" to
	valid URI's replacing spaces for underscores.
	Changes to v1:
	- Replace all spaces for underscores, so that the strings form valid
	  URI's
	- Replace spaces in places changed by commit 498d783

2011-09-14  Daniel Veillard  <veillard@redhat.com>

	Remove two references to files not generated
	This was breaking "make dist"

2011-09-14  Peter Krempa  <pkrempa@redhat.com>

	make: Fix 'make syntax-check' failing.
	Commit 2a0d75e5 added file python/libvirt-qemu-override.c that contains
	code that does not pass "make syntax-check". This patch adds an
	exception for this file and the check.
	prohibit_always_true_header_tests
	python/libvirt-qemu-override.c:17:#undef HAVE_PTHREAD_H
	maint.mk: do not test the above HAVE_<header>_H symbol(s);
	  with the corresponding gnulib module, they are always true
	make: *** [sc_prohibit_always_true_header_tests] Error 1

2011-09-14  Osier Yang  <jyang@redhat.com>

	qemu_api: Update libvirt spec file

	qemu_api: Update Makefile to generate libvirtmod_qemu lib

	qemu_api: Update Py binding generator to generate files for QEMU APIs
	It will generate:
	  libvirt-qemu.py
	  libvirt-qemu.h
	  libvirt-qemu.c
	  libvirt-qemu-export.c

	qemu_api: Add override XML and C files for QEMU APIs
	There is only one function (virDomainQemuMonitorCommand) need to
	be hand-craft.

	qemu_api: Add comments for API virDomainQemuMonitorCommand
	And fix argument @pid's type of virDomainQemuAttach.

	qemu_api: Update Makefile for subdir docs

	qemu_api: Modify apibuild.py to generate docs for QEMU APIs
	The generated docs are: libvirt-qemu-api.xml, libvirt-qemu-refs.xml

2011-09-14  Peter Krempa  <pkrempa@redhat.com>

	virsh: Use old API if remote libvirtd does not support new
	Commit ffe28ab74b821c916ec4ba8efb5c992454e4bd24 introduced regression
	while communicating with older libvirtd command 'domblkstat' used the new
	API and did not check for VIR_ERR_RPC error code signalling the remote
	server does not support this API and did not fall back to older API.
	Thereafter 'domblkstat' ended with "error: unknown procedure: 243".

2011-09-13  Guannan Ren  <gren@redhat.com>

	snapshot: fix double free of qemuImgBinary
	Regression introduced in commit 3881a470, due to an improper rebase
	of a cleanup written beforehand but only applied after a rebased of
	a refactoring that created a new function in commit 25fb3ef.
	Also avoids passing NULL to printf %s.
	* src/qemu/qemu_driver.c: In qemuDomainSnapshotForEachQcow2()
	it free up the memory of qemu_driver->qemuImgBinary in the
	cleanup tag which leads to the garbage value of qemuImgBinary
	in qemu_driver struct and libvirtd crash when running
	"virsh snapshot-create" command a second time.

2011-09-13  Daniel Veillard  <veillard@redhat.com>

	Do not log invalid operations in libvirtd logs
	  This is a bit painful for example when starting virt-manager
	it tends to clutter libvirtd.log with invalid operation on cpu pinning
	for defined but not running domains. A priori those kind of errors
	don't indicate an error when executing the command but on a precondition
	for running the API, and honnestly while the application should report
	it, logging it as an error in libvirtd.log is not really useful,
	   Related bug: https://bugzilla.redhat.com/show_bug.cgi?id=590807
	* daemon/libvirtd.c: extend daemonErrorLogFilter() to filter out
	   errors of type VIR_ERR_OPERATION_INVALID

2011-09-09  Michal Privoznik  <mprivozn@redhat.com>

	virnetsocket: Pass KRB5CCNAME env variable
	So we can allow GSSAPI authentication for ssh.

	selinux: Detect virt_use_nfs boolean set
	If we fail setting label on a file and this file is on NFS share,
	it is wise to advise user to set virt_use_nfs selinux boolean
	variable.

2011-09-09  Philipp Hahn  <hahn@univention.de>

	Fix URL-escaping for domainDefine
	'+' in strings get translated to ' ' when editing domains.
	While xenDaemonDomainCreateXML() did URL-escape the sexpr,
	xenDaemonDomainDefineXML() did not.
	Remove the explicit urlencode() in xenDaemonDomainCreateXML() and add
	the direct encoding calls to xend_op_ext() because it calls xend_post()
	which uses "Content-Type: application/x-www-form-urlencoded". According
	to <http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4.1> this
	requires all parameters to be url-encoded as specified in rfc1738.
	Notice: virBufferAsprintf(..., "%s=%s", ...) is again replaced by three
	calls to virBufferURIEncodeString() and virBufferAddChar() because '='
	is a "reserved" character, which would get escaped by
	virBufferURIEncodeString(), which - by the way - escapes anything not
	c_isalnum().

2011-09-09  Peter Krempa  <pkrempa@redhat.com>

	xml: Change virtual file names of xml documents parsed in memory
	While parsing XML strings from memory, the previous convention in
	libvirt was to set the virtual file name to "domain.xml" or something
	similar. This could potentialy trick the user into looking for a file
	named domain.xml on the disk in an attempt to fix the error.
	This patch changes these filenames to something that can't be as easily
	confused for a valid filename.
	Examples of error messages:
	---------------------------
	Error while loading file from disk:
	15:07:59.015: 527: error : catchXMLError:709 : /path/to/domain.xml:1: StartTag: invalid element name
	<domain type='kvm'><
	--------------------^
	Error while parsing definition in memory:
	15:08:43.581: 525: error : catchXMLError:709 : (domain definition):2: error parsing attribute name
	  <name>vm1</name>
	--^

2011-09-08  Eric Blake  <eblake@redhat.com>

	snapshot: fix regression with system checkpoints
	Regression introduced in commit d6f6b2d194c.  Running
	'virsh snapshot-create dom' would mistakenly report that
	disks can only be specified for disk snapshots.
	* src/conf/domain_conf.c (virDomainSnapshotDefParseString): Only
	give error about no disk support when <disk> was found.

	maint: update to latest gnulib
	* .gnulib: Update to latest.

	snapshot: use new API for less work
	This has the added benefit of making 'snapshot-create dom --no-metadata'
	now able to tell you the name of the just-generated snapshot.
	* tools/virsh.c (vshSnapshotCreate, cmdSnapshotCurrent): Don't get
	XML just for name.

	snapshot: new APIs for inspecting snapshot object
	These functions access internals of the opaque object, and do
	not need any rpc counterpart.  It could be argued that we should
	have provided these when snapshot objects were first introduced,
	since all the other vir*Ptr objects have at least a GetName accessor.
	* include/libvirt/libvirt.h.in (virDomainSnapshotGetName)
	(virDomainSnapshotGetDomain, virDomainSnapshotGetConnect): Declare.
	* src/libvirt.c (virDomainSnapshotGetName)
	(virDomainSnapshotGetDomain, virDomainSnapshotGetConnect): New
	functions.
	* src/libvirt_public.syms: Export them.

2011-09-08  Soren Hansen  <soren@linux2go.dk>

	Don't treat pci_system_init failure as fatal if no PCI bus is present
	Xen PV domU's have no PCI bus. node_device_udev.c calls pci_system_init
	which looks for /sys/bus/pci. If it does not find /sys/bus/pci (which it
	won't in a Xen PV domU) it returns unsuccesfully (ENOENT), which libvirt
	considers fatal. This makes libvirt unusable in this environment, even
	though there are plenty of valid virtualisation options that work
	there (LXC, UML, and QEmu spring to mind)
	https://bugzilla.redhat.com/show_bug.cgi?id=709471

2011-09-08  Alex Jia  <ajia@redhat.com>

	doc: fix incorrect option in send-key
	* tools/virsh.pod: fix a option typo of send-key section.

	virsh: fix typo in opts_send_key
	* tools/virsh.c: millseconds should be milliseconds in opts_send_key.

	rpc: avoid memory leak on virNetTLSContextValidCertificate
	* src/rpc/virnettlscontext.c: fix memory leak on
	  virNetTLSContextValidCertificate.
	* Detected in valgrind run:
	==25667==
	==25667== 6,085 (44 direct, 6,041 indirect) bytes in 1 blocks are definitely
	lost in loss record 326 of 351
	==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
	==25667==    by 0x4F2791F3: _asn1_add_node_only (structure.c:53)
	==25667==    by 0x4F27997A: _asn1_copy_structure3 (structure.c:421)
	==25667==    by 0x4F276A50: _asn1_append_sequence_set (element.c:144)
	==25667==    by 0x4F2743FF: asn1_der_decoding (decoding.c:1194)
	==25667==    by 0x4F22B9CC: gnutls_x509_crt_import (x509.c:229)
	==25667==    by 0x805274B: virNetTLSContextCheckCertificate
	(virnettlscontext.c:1009)
	==25667==    by 0x804DE32: testTLSSessionInit (virnettlscontexttest.c:693)
	==25667==    by 0x804F14D: virtTestRun (testutils.c:140)
	==25667==
	==25667== 23,188 (88 direct, 23,100 indirect) bytes in 11 blocks are definitely
	lost in loss record 346 of 351
	==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
	==25667==    by 0x4F22B841: gnutls_x509_crt_init (x509.c:50)
	==25667==    by 0x805272B: virNetTLSContextCheckCertificate
	(virnettlscontext.c:1003)
	==25667==    by 0x804DDD1: testTLSSessionInit (virnettlscontexttest.c:673)
	==25667==    by 0x804F14D: virtTestRun (testutils.c:140)
	* How to reproduce?
	% cd libvirt && ./configure && make && make -C tests valgrind
	or
	% valgrind -v --leak-check=full ./tests/virnettlscontexttest

	tests: avoid memory leak on testTLSSessionInit
	* tests/virnettlscontexttest: fix memory leak on virnettlscontext test case.
	* Detected in valgrind run:
	==25667==
	==25667== 86,651 (34,680 direct, 51,971 indirect) bytes in 10 blocks are
	definitely lost in loss record 350 of 351
	==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
	==25667==    by 0x4F1F515D: gnutls_init (gnutls_state.c:270)
	==25667==    by 0x8053432: virNetTLSSessionNew (virnettlscontext.c:1181)
	==25667==    by 0x804DD24: testTLSSessionInit (virnettlscontexttest.c:624)
	==25667==    by 0x804F14D: virtTestRun (testutils.c:140)
	==25667==
	==25667== 100,578 (38,148 direct, 62,430 indirect) bytes in 11 blocks are
	definitely lost in loss record 351 of 351
	==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
	==25667==    by 0x4F1F515D: gnutls_init (gnutls_state.c:270)
	==25667==    by 0x8053432: virNetTLSSessionNew (virnettlscontext.c:1181)
	==25667==    by 0x804DD3C: testTLSSessionInit (virnettlscontexttest.c:625)
	==25667==    by 0x804F14D: virtTestRun (testutils.c:140)
	* How to reproduce?
	% cd libvirt && ./configure && make && make -C tests valgrind
	or
	% valgrind -v --leak-check=full ./tests/virnettlscontexttest

	libxl: avoid a dereference of a null pointer
	Variable 'l_disk' initialized to a null pointer value, control jumps to 'case
	VIR_DOMAIN_DISK_DEVICE_DISK and then taking false branch, Within the expansion
	of the macro 'libxlError': Field access results in a dereference of a null
	pointer (loaded from variable 'l_disk').
	* src/libxl/libxl_driver.c: Field access results in a dereference of a null
	  pointer (loaded from variable 'l_disk')

2011-09-08  Eric Blake  <eblake@redhat.com>

	blockinfo: fix qemu regression in handling disk name
	Regression introduced in commit 89b6284fd, due to an incorrect
	conversion to the new means of converting disk names back to
	the correct object.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Avoid NULL deref.

2011-09-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix managed object lookup with optional occurrence
	Exit early if managed object is not found, instead of dereferencing
	a NULL pointer and triggering a segfault.

2011-09-07  Michal Privoznik  <mprivozn@redhat.com>

	Threadpool: Initialize new dynamic workers
	Although we were initializing worker threads during pool creating,
	we missed this during virThreadPoolSendJob. This bug led to segmenation
	fault as worker thread free() given argument.

2011-09-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	mingw: Don't use interface as an identifier
	Because it's a define used in MSCOM and its usage as
	identifier results in a compile error.

2011-09-06  Peter Krempa  <pkrempa@redhat.com>

	link-state: virsh: Add wrapper commands for changing link state
	Two new commands are added to virsh that wrap usage of
	virDomainUpdateDeviceFlags for changing link state of domain's network
	interfaces. These wrappers extract network devices's xml configuration
	and modify the link state for easy manipulation from an user's perspective.
	 - domif-setlink - set link state of a domains virtual network interface
	 - domif-getlink - get link state
	* tools/virsh.c   - Add functionality to virsh
	* tools/virsh.pod - Manpage documentation

	link-state: qemu: Add net intf modification to virUpdateDeviceFlags
	This patch enables modifying network device configuration using the
	virUpdateDeviceFlags API method. Matching of devices is accomplished
	using MAC addresses.
	While updating live configuration of a running domain, the user is
	allowed only to change link state of the interface. Additional
	modifications may be added later. For now the code checks for
	unsupported changes and thereafter changes the link state, if
	applicable.
	When updating persistent configuration of guest's network interface the
	whole configuration (except for the MAC address) may be modified and
	is stored for the next startup.
	* src/qemu/qemu_driver.c   - Add dispatching of virUpdateDevice for
	                             network devices update (live/config)
	* src/qemu/qemu_hotplug.c  - add setting of initial link state on live
	                             device addition
	                           - add function to change network device
	                             configuration. By now it supports only
	                             changing of link state
	* src/qemu/qemu_hotplug.h  - Headers to above functions
	* src/qemu/qemu_process.c  - set link states before virtual machine
	                             start. Qemu does not support setting of
	                             this on the command line.

	link-state: qemu: Add monitor handling for link state modification
	This patch adds handlers for modification of guest's interface
	link state. Both HMP and QMP commands are supported, but as the
	link state functionality is from the beginning supported in QMP
	the HMP code will probably never be used.

	link-state: conf: Add element to XML for controling link state
	A new element is introduced to XML that allows to control
	state of virtual network interfaces in hypervisors.
	Live modification of the link state allows networking tools
	propagate topology changes to guest OS or testing of
	scenarios in complex (virtual) networks.
	This patch adds elements to XML grammars and parsing and generating
	code.

	link-state: util: Add equality comparison functions for structures
	This patch adds functions to compare structures containing network
	device configuration for equality. They serve for the purpose of
	disallowing unsupported changes to live network devices.

	XML: Improve XML parsing error messages
	This patch modifies error handling function for the XML parser provided
	by libxml2.
	Originaly only a line number and error message were logged. With this
	new error handler function, the user is provided with a more complex
	description of the parsing error.
	Context of the error is printed in libXML2 style and filename of the
	file, that caused the error is printed. Example of an parse error:
	13:41:36.262: 16032: error : catchXMLError:706 :
	/etc/libvirt/qemu/rh_bad.xml:58: Opening and ending tag mismatch: name
	line 2 and domain
	</domain>
	---------^
	Context of the error gives the user hints that may help to quickly
	locate a corrupt xml file.
	fixes BZs:
	----------
	Bug 708735 - [RFE] Show column and line on XML parsing error
	https://bugzilla.redhat.com/show_bug.cgi?id=708735
	Bug 726771 - libvirt does not specify problem file if persistent xml is
	invalid
	https://bugzilla.redhat.com/show_bug.cgi?id=726771

2011-09-06  Marc-André Lureau  <marcandre.lureau@redhat.com>

	redirdev: allows to specify device address
	It is important to be able to attach USB redirected devices to a
	particular controller (one that supports USB2 for instance).
	Without this patch, only the default bus was used.
	     <redirdev bus='usb' type='spicevmc'>
	       <address type='usb' bus='0' port='4'/>
	     </redirdev>

2011-09-06  Daniel Veillard  <veillard@redhat.com>

	latency: fix make check for remote protocol structs and numbers

2011-09-06  Osier Yang  <jyang@redhat.com>

	latency: Update virsh command domblkstat to use new API
	The modified function fallbacks to use virDomainBlockStats if
	virDomainBlockStatsFlags is not supported by the hypervisor driver.
	If the new API is supported, it will be invoked instead of the
	old API.

	latency: Expose the new API for Python binding

	latency: Implemente internal API for qemu driver

	latency: Update monitor functions for new latency fields
	The mainly changes are:
	1) Update qemuMonitorGetBlockStatsInfo and it's children (Text/JSON)
	   functions to return the value of new latency fields.
	2) Add new function qemuMonitorGetBlockStatsParamsNumber, which is
	   to count how many parameters the underlying QEMU supports.
	3) Update virDomainBlockStats in src/qemu/qemu_driver.c to be
	   compatible with the changes by 1).

	latency: Wire up the remote protocol

	latency: Implemente the public API

	latency: Define the internal driver callback

	latency: Define new public API and structure

2011-09-06  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Deal with stucked qemu on daemon startup
	If libvirt daemon gets restarted and there is (at least) one
	unresponsive qemu, the startup procedure hangs up. This patch creates
	one thread per vm in which we try to reconnect to monitor. Therefore,
	blocking in one thread will not affect other APIs.

	qemu: Introduce job queue size limit
	This patch creates an optional BeginJob queue size limit. When
	active, all other attempts above level will fail. To set this
	feature assign desired value to max_queued variable in qemu.conf.
	Setting it to 0 turns it off.

	daemon: Create priority workers pool
	This patch annotates APIs with low or high priority.
	In low set MUST be all APIs which might eventually access monitor
	(and thus block indefinitely). Other APIs may be marked as high
	priority. However, some must be (e.g. domainDestroy).
	For high priority calls (HPC), there are some high priority workers
	(HPW) created in the pool. HPW can execute only HPC, although normal
	worker can process any call regardless priority. Therefore, only those
	APIs which are guaranteed to end in reasonable small amount of time
	can be marked as HPC.
	The size of this HPC pool is static, because HPC are expected to end
	quickly, therefore jobs assigned to this pool will be served quickly.
	It can be configured in libvirtd.conf via prio_workers variable.
	Default is set to 5.
	To mark API with low or high priority, append priority:{low|high} to
	it's comment in src/remote/remote_protocol.x. This is similar to
	autogen|skipgen. If not marked, the generator assumes low as default.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: use SELinux and lock manager with external snapshots
	With this, it is now possible to create external snapshots even
	when SELinux is enforcing, and to protect the new file with a
	lock manager.
	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive): Create and register
	new file with proper permissions and locks.
	(qemuDomainSnapshotCreateDiskActive): Update caller.

	snapshot: wire up live qemu disk snapshots
	Lots of earlier patches led up to this point - the qemu snapshot_blkdev
	monitor command can now be controlled by libvirt!  Well, insofar as
	SELinux doesn't prevent qemu from open(O_CREAT) on the files.  There's
	still some followup work before things work with SELinux enforcing,
	but this patch is big enough to post now.
	There's still room for other improvements, too (for example, taking a
	disk snapshot of an inactive domain, by using qemu-img for both internal
	and external snapshots; wiring up delete and revert control, including
	additional flags from my RFC; supporting active QED disk snapshots;
	supporting per-storage-volume snapshots such as LVM or btrfs snapshots;
	etc.).  But this patch is the one that proves the new XML works!
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Wire in
	active disk snapshots.
	(qemuDomainSnapshotDiskPrepare)
	(qemuDomainSnapshotCreateDiskActive)
	(qemuDomainSnapshotCreateSingleDiskActive): New functions.

	snapshot: wire up new qemu monitor command
	No one uses this yet, but it will be important once
	virDomainSnapshotCreateXML learns a VIR_DOMAIN_SNAPSHOT_DISK_ONLY
	flag, and the xml allows passing in the new file names.
	* src/qemu/qemu_monitor.h (qemuMonitorDiskSnapshot): New prototype.
	* src/qemu/qemu_monitor_text.h (qemuMonitorTextDiskSnapshot):
	Likewise.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDiskSnapshot):
	Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorDiskSnapshot): New
	function.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskSnapshot):
	Likewise.

	snapshot: make it possible to audit external snapshot
	Snapshots alter the set of disk image files opened by qemu, so
	they must be audited.  But they don't involve a full disk definition
	structure, just the new filename.  Make the next patch easier by
	refactoring the audit routines to just operate on file name.
	* src/conf/domain_audit.h (virDomainAuditDisk): Update prototype.
	* src/conf/domain_audit.c (virDomainAuditDisk): Act on strings,
	not definition structures.
	(virDomainAuditStart): Update caller.
	* src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia)
	(qemuDomainAttachPciDiskDevice, qemuDomainAttachSCSIDisk)
	(qemuDomainAttachUsbMassstorageDevice)
	(qemuDomainDetachPciDiskDevice, qemuDomainDetachDiskDevice):
	Likewise.

	snapshot: reject unimplemented disk snapshot features
	My RFC for snapshot support [1] proposes several rules for when it is
	safe to delete or revert to an external snapshot, predicated on
	the existence of new API flags.  These will be incrementally added
	in future patches, but until then, blindly mishandling a disk
	snapshot risks corrupting internal state, so it is better to
	outright reject the attempts until the other pieces are in place,
	thus incrementally relaxing the restrictions added in this patch.
	[1] https://www.redhat.com/archives/libvir-list/2011-August/msg00361.html
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCountExternal): New
	function.
	(qemuDomainUndefineFlags, qemuDomainSnapshotDelete): Use it to add
	safety valve.
	(qemuDomainRevertToSnapshot, qemuDomainSnapshotCreateXML): Add safety
	valve.

	snapshot: wire up disk-only flag to snapshot-create
	Expose the disk-only flag through virsh.  Additionally, make
	virsh snapshot-create-as take an arbitrary number of diskspecs,
	which can be used to build up the xml for <domainsnapshot>.
	* tools/virsh.c (cmdSnapshotCreate): Add --disk-only.
	(cmdSnapshotCreateAs): Likewise, and add argv diskspec.
	(vshParseSnapshotDiskspec): New helper function.
	(vshCmddefGetOption): Allow naming of argv field.
	* tools/virsh.pod (snapshot-create, snapshot-create-as): Document
	them.
	* tests/virsh-optparse: Test snapshot-create-as parsing.

	snapshot: add flag for requesting disk snapshot
	Prior to this patch, <domainsnapshot>/<disks> was ignored.  This
	changes it to be an error unless an explicit disk snapshot is
	requested (a future patch may relax things if it turns out to
	be useful to have a <disks> specification alongside a system
	checkpoint).
	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY): New flag.
	* src/libvirt.c (virDomainSnapshotCreateXML): Document it.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Disk
	snapshots not supported yet.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Likewise.

	snapshot: add virsh domblklist command
	This adds a convenience function to virsh that parses out block
	information from the domain xml, making it much easier to see
	what strings can be used in all other contexts that demand a
	specific block name, especially when given the previous patch
	that allows using either target or unique source name.
	As an example on a domain with one disk and an empty cdrom drive:
	Target     Source
	-------------------------------------------
	vda        /var/lib/libvirt/images/fedora_12.img
	hdc        -
	* tools/virsh.c (cmdDomblklist): New function.
	* tools/virsh.pod (domblklist): Document it.

	snapshot: also support disks by path
	I got confused when 'virsh domblkinfo dom disk' required the
	path to a disk (which can be ambiguous, since a single file
	can back multiple disks), rather than the unambiguous target
	device name that I was using in disk snapshots.  So, in true
	developer fashion, I went for the best of both worlds - all
	interfaces that operate on a disk (aka block) now accept
	either the target name or the unambiguous path to the backing
	file used by the disk.
	* src/conf/domain_conf.h (virDomainDiskIndexByName): Add
	parameter.
	(virDomainDiskPathByName): New prototype.
	* src/libvirt_private.syms (domain_conf.h): Export it.
	* src/conf/domain_conf.c (virDomainDiskIndexByName): Also allow
	searching by path, and decide whether ambiguity is okay.
	(virDomainDiskPathByName): New function.
	(virDomainDiskRemoveByName, virDomainSnapshotAlignDisks): Update
	callers.
	* src/qemu/qemu_driver.c (qemudDomainBlockPeek)
	(qemuDomainAttachDeviceConfig, qemuDomainUpdateDeviceConfig)
	(qemuDomainGetBlockInfo, qemuDiskPathToAlias): Likewise.
	* src/qemu/qemu_process.c (qemuProcessFindDomainDiskByPath):
	Likewise.
	* src/libxl/libxl_driver.c (libxlDomainAttachDeviceDiskLive)
	(libxlDomainDetachDeviceDiskLive, libxlDomainAttachDeviceConfig)
	(libxlDomainUpdateDeviceConfig): Likewise.
	* src/uml/uml_driver.c (umlDomainBlockPeek): Likewise.
	* src/xen/xend_internal.c (xenDaemonDomainBlockPeek): Likewise.
	* docs/formatsnapshot.html.in: Update documentation.
	* tools/virsh.pod (domblkstat, domblkinfo): Likewise.
	* docs/schemas/domaincommon.rng (diskTarget): Tighten pattern on
	disk targets.
	* docs/schemas/domainsnapshot.rng (disksnapshot): Update to match.
	* tests/domainsnapshotxml2xmlin/disk_snapshot.xml: Update test.

	snapshot: add <disks> to snapshot xml
	Adds an optional element to <domainsnapshot>, which will be used
	to give user control over external snapshot filenames on input,
	and specify generated filenames on output.
	For now, no driver accepts this element; that will come later.
	<domainsnapshot>
	  ...
	  <disks>
	    <disk name='vda' snapshot='no'/>
	    <disk name='vdb' snapshot='internal'/>
	    <disk name='vdc' snapshot='external'>
	      <driver type='qcow2'/>
	      <source file='/path/to/new'/>
	    </disk>
	  </disks>
	  <domain>
	    ...
	    <devices>
	      <disk ...>
	        <driver name='qemu' type='raw'/>
	        <target dev='vdc'/>
	        <source file='/path/to/old'/>
	      </disk>
	    </devices>
	  </domain>
	</domainsnapshot>
	* src/conf/domain_conf.h (_virDomainSnapshotDiskDef): New type.
	(_virDomainSnapshotDef): Add new elements.
	(virDomainSnapshotAlignDisks): New prototype.
	* src/conf/domain_conf.c (virDomainSnapshotDiskDefClear)
	(virDomainSnapshotDiskDefParseXML, disksorter)
	(virDomainSnapshotAlignDisks): New functions.
	(virDomainSnapshotDefParseString): Parse new fields.
	(virDomainSnapshotDefFree): Clean them up.
	(virDomainSnapshotDefFormat): Output them.
	* src/libvirt_private.syms (domain_conf.h): Export new function.
	* docs/schemas/domainsnapshot.rng (domainsnapshot, disksnapshot):
	Add more xml.
	* docs/formatsnapshot.html.in: Document it.
	* tests/domainsnapshotxml2xmlin/disk_snapshot.xml: New test.
	* tests/domainsnapshotxml2xmlout/disk_snapshot.xml: Update.

	snapshot: support extra state in snapshots
	In order to distinguish disk snapshots from system checkpoints, a
	new state value that is only valid for snapshots is helpful.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_LAST): New placeholder.
	* src/conf/domain_conf.h (virDomainSnapshotState): New enum mapping.
	(VIR_DOMAIN_DISK_SNAPSHOT): New internal enum value.
	* src/conf/domain_conf.c (virDomainState): Use placeholder.
	(virDomainSnapshotState): Extend mapping by one for use in snapshot.
	(virDomainSnapshotDefParseString, virDomainSnapshotDefFormat):
	Handle new state.
	(virDomainObjSetState, virDomainStateReasonToString)
	(virDomainStateReasonFromString): Avoid compiler warnings.
	* tools/virsh.c (vshDomainState, vshDomainStateReasonToString):
	Likewise.
	* src/libvirt_private.syms (domain_conf.h): Export new functions.
	* docs/schemas/domainsnapshot.rng: Tighten state definition.
	* docs/formatsnapshot.html.in: Document it.
	* tests/domainsnapshotxml2xmlout/disk_snapshot.xml: New test.

	snapshot: expose halt-after-creation in virsh
	Easy enough to emulate even with older servers.
	* tools/virsh.c (cmdSnapshotCreate, cmdSnapshotCreateAs): Add
	--halt flag.
	(vshSnapshotCreate): Emulate halt when flag is unsupported.
	* tools/virsh.pod (snapshot-create, snapshot-create-as): Document
	it.

	snapshot: allow halting after snapshot
	Since a snapshot is fully recoverable, it is useful to have a
	snapshot as a means of hibernating a guest, then reverting to
	the snapshot to wake the guest up.  This mode of usage is
	similar to 'virsh save/virsh restore', except that virsh
	save uses an external file while virsh snapshot keeps the
	vm state internal to a qcow2 file.  However, it only works on
	persistent domains.
	In the usage pattern of snapshot/revert for hibernating a guest,
	there is no need to keep the guest running between the two points
	in time, especially since that would generate runtime state that
	would just be discarded.  Add a flag to make it possible to
	stop the domain after the snapshot has completed.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_CREATE_HALT):
	New flag.
	* src/libvirt.c (virDomainSnapshotCreateXML): Document it.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
	(qemuDomainSnapshotCreateActive): Implement it.

	snapshot: expose new delete flag in virsh
	It would technically be possible to have virsh compute the list
	of descendants of a given snapshot, then delete those one at
	a time.  But it's complex, and not worth writing for a first
	cut at implementing the new flags.
	* tools/virsh.c (cmdSnapshotDelete): Add --children-only,
	--metadata.
	* tools/virsh.pod (snapshot-delete): Document them.

	snapshot: introduce new deletion flag
	Reverting to a state prior to an external snapshot risks
	corrupting any other branches in the snapshot hierarchy that
	were using the snapshot as a read-only backing file.  So
	disk snapshot code will default to preventing reverting to
	a snapshot that has any children, meaning that deleting just
	the children of a snapshot becomes a useful operation in
	preparing that snapshot for being a future reversion target.
	The code for the new flag is simple - it's one less deletion,
	plus a tweak to keep the current snapshot correct.
	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN_ONLY): New flag.
	* src/libvirt.c (virDomainSnapshotDelete): Document it, and
	enforce mutual exclusion.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDelete): Implement
	it.

	snapshot: reject transient disks where code is not ready
	The previous patch introduced new config, but if a hypervisor does
	not support that new config, someone can write XML that does not
	behave as documented.  This prevents some of those cases by
	explicitly rejecting transient disks for several hypervisors.
	Disk snapshots will require a new flag to actually affect a snapshot
	creation, so there's not much to reject there.
	* src/qemu/qemu_command.c (qemuBuildDriveStr): Reject transient
	disks for now.
	* src/libxl/libxl_conf.c (libxlMakeDisk): Likewise.
	* src/xenxs/xen_sxpr.c (xenFormatSxprDisk): Likewise.
	* src/xenxs/xen_xm.c (xenFormatXMDisk): Likewise.

	snapshot: additions to domain xml for disks
	As discussed here:
	https://www.redhat.com/archives/libvir-list/2011-August/msg00361.html
	https://www.redhat.com/archives/libvir-list/2011-August/msg00552.html
	Adds snapshot attribute and transient sub-element:
	<devices>
	  <disk type=... snapshot='no|internal|external'>
	    ...
	    <transient/>
	  </disk>
	</devices>
	* docs/schemas/domaincommon.rng (snapshot): New define.
	(disk): Add snapshot and persistent attributes.
	* docs/formatdomain.html.in: Document them.
	* src/conf/domain_conf.h (virDomainDiskSnapshot): New enum.
	(_virDomainDiskDef): New fields.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-transient.xml: New
	test of rng, no args counterpart until qemu support is complete.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-snapshot.args: New
	file, snapshot attribute does not affect args.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-snapshot.xml: Likewise.
	* tests/qemuxml2argvtest.c (mymain): Run new test.

2011-09-05  Lei Li  <lilei@linux.vnet.ibm.com>

	Check for source conflicts in storage pools
	Fix bug #611823 storage driver should prohibit pools with duplicate
	underlying storage.
	Add internal API virStoragePoolSourceFindDuplicate() to do uniqueness
	check based on source location infomation for pool type.
	* AUTHORS: add Lei Li

2011-09-05  Marc-André Lureau  <marcandre.lureau@redhat.com>

	Add a usb1 & usb2 qemuxml2argv test

	Default USB device is on slot 1 function 2
	Fix qemuAssignDevicePCISlots() and the associated regression tests

	PIIX3 USB controller is on function 2
	Current code reserves slot 1 function 2 even if there is a user
	defined PIIX3 USB controller there.

2011-09-05  Philipp Hahn  <hahn@univention.de>

	Fix localtime handling for Xen-PV domains
	At least Xen-3.4.3 translates the /vm/localtime SXPR value to
	/domain/platform/localtime and /domain/image/{linux,hvm}/localtime when
	the domain is defined.  When reading back that information libvirt only
	handles HVM domains, but not PV domains: This results in libvirtd always
	returning
	    <clock offset="utc"/>
	while Xend used (localtime 1).
	For PV domains use /domain/image/linux/localtime.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: store qemu domain details in xml
	When reverting to a snapshot, the inactive domain configuration
	has to be rolled back to what it was at the time of the snapshot.
	Additionally, if the VM is active and the snapshot was active,
	this now adds a failure if the two configurations are ABI
	incompatible, rather than risking qemu confusion.
	A future patch will add a VIR_DOMAIN_SNAPSHOT_FORCE flag, which
	will be required for two risky code paths - reverting to an
	older snapshot that lacked full domain information, and reverting
	from running to a live snapshot that requires starting a new qemu
	process.  Any reverting that stops a running vm is also a form
	of data loss (discarding the current running state to go back in
	time), but as that is what reversion usually implies, it is
	probably not worth requiring a force flag.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Copy out
	domain.
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot): Perform
	ABI compatibility checks.

	snapshot: update rng to support full domain in xml
	This patch will probably cause merge conflicts to those trying
	to do backports.  The end goal is simple - domaincommon.rng
	should be the state of domain.rng pre-patch, with a few lines
	tweaked in the header, while domain.rng post-patch is now just
	a shell that includes domaincommon.rng and sets the <start>.
	* docs/schemas/domain.rng: Move guts...
	* docs/schemas/domaincommon.rng: ...to new file.
	* docs/schemas/domainsnapshot.rng: Allow new xml.
	* docs/schemas/Makefile.am (schema_DATA): Distribute new file.
	* tests/domainsnapshotxml2xmlout/full_domain.xml: New test.
	* libvirt.spec.in (%files client): Ship new file.  Sort lines.
	* mingw32-libvirt.spec.in: Likewise.

	snapshot: correctly escape generated xml
	Commit 69278878 fixed one direction of arbitrarily-named snapshots,
	but not the round trip path.  While auditing domain_conf, I found
	a couple other instances that weren't escaping arbitrary strings.
	* src/conf/domain_conf.c (virDomainFSDefFormat)
	(virDomainGraphicsListenDefFormat, virDomainSnapshotDefFormat):
	Escape arbitrary strings.

	snapshot: allow full domain xml in snapshot
	Just like VM saved state images (virsh save), snapshots MUST
	track the inactive domain xml to detect any ABI incompatibilities.
	The indentation is not perfect, but functionality comes before form.
	Later patches will actually supply a full domain; for now, this
	wires up the storage to support one, but doesn't ever generate one
	in dumpxml output.
	Happily, libvirt.c was already rejecting use of VIR_DOMAIN_XML_SECURE
	from read-only connections, even though before this patch, there was
	no information to be secured by the use of that flag.
	And while we're at it, mark the libvirt snapshot metadata files
	as internal-use only.
	* src/libvirt.c (virDomainSnapshotGetXMLDesc): Document flag.
	* src/conf/domain_conf.h (_virDomainSnapshotDef): Add member.
	(virDomainSnapshotDefParseString, virDomainSnapshotDefFormat):
	Update signature.
	* src/conf/domain_conf.c (virDomainSnapshotDefFree): Clean up.
	(virDomainSnapshotDefParseString): Optionally parse domain.
	(virDomainSnapshotDefFormat): Output full domain.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML)
	(esxDomainSnapshotGetXMLDesc): Update callers.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML)
	(vboxDomainSnapshotGetXMLDesc): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
	(qemuDomainSnapshotLoad, qemuDomainSnapshotGetXMLDesc)
	(qemuDomainSnapshotWriteMetadata): Likewise.
	* docs/formatsnapshot.html.in: Rework doc example.
	Based on a patch by Philipp Hahn.

	snapshot: refactor domain xml output
	Minor semantic change - allow domain xml to be generated in place
	within a larger buffer, rather than having to go through a
	temporary string.
	* src/conf/domain_conf.c (virDomainDefFormatInternal): Add
	parameter.
	(virDomainDefFormat, virDomainObjFormat): Update callers.

	snapshot: prevent migration from stranding snapshot data
	Migration is another case of stranding metadata.  And since
	snapshot metadata is arbitrarily large, there's no way to
	shoehorn it into the migration cookie of migration v3.
	This patch consolidates two existing locations for migration
	validation into one helper function, then enhances that function
	to also do the new checks.  If we could always trust the source
	to validate migration, then the destination would not have to
	do anything; but since older servers that did not do checking
	can migrate to newer destinations, we have to repeat some of
	the same checks on the destination; meanwhile, we want to
	detect failures as soon as possible.  With migration v2, this
	means that validation will reject things at Prepare on the
	destination if the XML exposes the problem, otherwise at Perform
	on the source; with migration v3, this means that validation
	will reject things at Begin on the source, or if the source
	is old and the XML exposes the problem, then at Prepare on the
	destination.
	This patch is necessarily over-strict.  Once a later patch
	properly handles auto-cleanup of snapshot metadata on the
	death of a transient domain, then the only time we actually
	need snapshots to prevent migration is when using the
	--undefinesource flag on a persistent source domain.
	It is possible to recreate snapshot metadata on the destination
	with VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE and
	VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT.  But for now, that is limited,
	since if we delete the snapshot metadata prior to migration,
	then we won't know the name of the current snapshot to pass
	along; and if we delete the snapshot metadata after migration
	and use the v3 migration cookie to pass along the name of the
	current snapshot, then we need a way to bypass the fact that
	this patch refuses migration with snapshot metadata present.
	So eventually, we may have to introduce migration protocol v4
	that allows feature negotiation and an arbitrary number of
	handshake exchanges, so as to pass as many rpc calls as needed
	to transfer all the snapshot xml hierarchy.
	But all of that is thoughts for the future; for now, the best
	course of action is to quit early, rather than get into a
	funky state of stale metadata; then relax restrictions later.
	* src/qemu/qemu_migration.h (qemuMigrationIsAllowed): Make static.
	* src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Alter
	signature, and allow checks for both outgoing and incoming.
	(qemuMigrationBegin, qemuMigrationPrepareAny)
	(qemuMigrationPerformJob): Update callers.

	snapshot: support new undefine flags in qemu
	A nice benefit of deleting all snapshots at undefine time is that
	you don't have to do any reparenting or subtree identification - since
	everything goes, this is an O(n) process, whereas using multiple
	virDomainSnapshotDelete calls would be O(n^2) or worse.  But it is
	only doable for snapshot metadata, where we are in control of the
	data being deleted; for the actual snapshots, there's too much
	likelihood of something going wrong, and requiring even more API
	calls to figure out what failed in the meantime, so callers are
	better off deleting the snapshot data themselves one snapshot at
	a time where they can deal with failures as they happen.
	* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Honor new flags.

	snapshot: cache qemu-img location
	As more clients start to want to know this information, doing
	a PATH stat walk and malloc for every client adds up.
	We are only caching the location, not the capabilities, so even
	if qemu-img is updated in the meantime, it will still probably
	live in the same location.  So there is no need to worry about
	clearing this particular cache.
	* src/qemu/qemu_conf.h (qemud_driver): Add member.
	* src/qemu/qemu_driver.c (qemudShutdown): Cleanup.
	(qemuFindQemuImgBinary): Add an argument, and cache result.
	(qemuDomainSnapshotForEachQcow2, qemuDomainSnapshotDiscard)
	(qemuDomainSnapshotCreateInactive, qemuDomainSnapshotRevertInactive)
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot): Update
	callers.

	snapshot: refactor some qemu code
	Prepare for code sharing.  No semantic change.
	* src/qemu/qemu_driver.c (qemuFindQemuImgBinary)
	(qemuDomainSnapshotWriteMetadata)
	(qemuDomainSnapshotDiscard)
	(qemuDomainSnapshotForEachQcow2): Float up.
	(qemuDomainSnapshotDiscardDescendant): Likewise, and rename...
	(qemuDomainSnapshotDiscardAll): ...for generic use.
	(qemuDomainSnapshotDelete): Update caller.

	snapshot: teach virsh about new undefine flags
	Similar to 'undefine --managed-save' (commit 83e849c1), we must
	assume that the old API is unsafe; however, we cannot emulate
	metadata-only deletion on older servers.  Additionally, we have
	the wrinkle that while virDomainUndefineFlags and managed save
	cleanup were introduced in 0.9.4, it wasn't until 0.9.5 that
	snapshots block undefine of a domain.  Do the best we can given
	the server we are talking to.
	* tools/virsh.c (cmdUndefine): Add --snapshots-metadata flag.
	* tools/virsh.pod (undefine, destroy, shutdown): Document effect
	of snapshots.

	snapshot: prevent stranding snapshot data on domain destruction
	Just as leaving managed save metadata behind can cause problems
	when creating a new domain that happens to collide with the name
	of the just-deleted domain, the same is true of leaving any
	snapshot metadata behind.  For safety sake, extend the semantic
	change of commit b26a9fa9 to also cover snapshot metadata as a
	reason to reject undefining an inactive domain.  A future patch
	will make sure that shutdown of a transient domain automatically
	deletes snapshot metadata (whether by destroy, shutdown, or
	guest-initiated action).  Management apps of transient domains
	should take care to capture xml of snapshots, if it is necessary
	to recreate the snapshot metadata on a later transient domain
	with the same name and uuid.
	This also documents a new flag that hypervisors can choose to
	support as a shortcut for taking care of the metadata as part of
	the undefine process; however, nontrivial driver support for these
	flags will be deferred to future patches.
	Note that ESX and VBox can never be transient; therefore, they
	do not have to worry about automatic cleanup after shutdown
	(the persistent domain still remains); likewise they never
	store snapshot metadata, so the undefine flag is trivial.
	The nontrivial work remaining is thus in the qemu driver.
	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_UNDEFINE_SNAPSHOTS_METADATA): New flag.
	* src/libvirt.c (virDomainUndefine, virDomainUndefineFlags):
	Document new limitations and flag.
	* src/esx/esx_driver.c (esxDomainUndefineFlags): Trivial
	implementation.
	* src/vbox/vbox_tmpl.c (vboxDomainUndefineFlags): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Enforce
	the limitations.

	snapshot: add qemu snapshot redefine support
	Redefining a qemu snapshot requires a bit of a tweak to the common
	snapshot parsing code, but the end result is quite nice.
	Be careful that redefinitions do not introduce circular parent
	chains.  Also, we don't want to allow conversion between online
	and offline existing snapshots.  We could probably do some more
	validation for snapshots that don't already exist to make sure
	they are even feasible, by parsing qemu-img output, but that
	can come later.
	* src/conf/domain_conf.h (virDomainSnapshotParseFlags): New
	internal flags.
	* src/conf/domain_conf.c (virDomainSnapshotDefParseString): Alter
	signature to take internal flags.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Update caller.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Support
	new public flags.

	snapshot: add qemu snapshot creation without metadata
	Supporting NO_METADATA on snapshot creation is interesting - we must
	still return a valid opaque snapshot object, but the user can't get
	anything out of it (unless we add a virDomainSnapshotGetName()),
	since it is no longer registered with the domain.
	Also, virsh now tries to query for secure xml, in anticipation of
	when we store <domain> xml inside <domainsnapshot>; for now, we
	can trivially support it, since we have nothing secure.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Support
	new flag.
	(qemuDomainSnapshotGetXMLDesc): Trivially support VIR_DOMAIN_XML_SECURE.

	snapshot: improve virsh snapshot-create, add snapshot-edit
	Wire up the new snapshot creation flags in virsh.  For convenience,
	teach 'snapshot-current' how to make an existing snapshot become
	current (can be used after upgrading to newer libvirt to recover
	from the fact that the older libvirt lost track of the current
	snapshot after a restart).  The snapshot-create-as command is
	intentionally not taught --redefine or --current, as this would
	imply adding a lot of other options for everything else that can
	appear in the <domainsnapshot> xml, but which is normally read-only.
	Besides, redefining will usually be done on files created by
	snapshot-dumpxml, rather than something built up by hand on the
	command line.  And now that we can redefine, we can edit.
	* tools/virsh.c (cmdSnapshotCreate): Add --redefine, --current,
	and --no-metadata.
	(cmdSnapshotCreateAs): Add --no-metadata.
	(cmdSnapshotCurrent): Add snapshotname to alter current snapshot.
	(cmdSnapshotEdit): New command.
	* tools/virsh.pod (snapshot-create, snapshot-create-as)
	(snapshot-current, snapshot-edit):  Document these.

	snapshot: refactor virsh snapshot creation
	The next patch will make snapshot creation more complex, so it's
	better to avoid repetition of the complexity.
	* tools/virsh.c (vshSnapshotCreate): New helper function.
	(cmdSnapshotCreate, cmdSnapshotCreateAs): Use it.

	snapshot: allow recreation of metadata
	The first two flags are essential for being able to replicate
	snapshot hierarchies across multiple hosts, which will come in
	handy for supervised migrations.  It also allows a management app
	to take a snapshot of a transient domain, save the metadata, stop
	the domain, recreate a new transient domain by the same name,
	redefine the snapshot, then revert to it.
	This is not quite as convenient as leaving the metadata behind
	after a domain is no longer around, but doing that has a few
	problems: 1. the libvirt API can only delete snapshot metadata
	if there is a valid domain handle to use to get to that snapshot
	object - if stale data is left behind without a domain, there is
	no way to request that the data be cleaned up. 2. creating a new
	domain with the same name but different uuid than the older
	domain where a snapshot existed cannot use the older snapshot
	data; this risks confusing libvirt, and forbidding the stale
	data is similar to the recent patch to forbid stale managed save.
	The first two flags might be useful on hypervisors with no metadata,
	but only for modifying the notion of the current snapshot;
	however, I don't know how to do that for ESX or VBox.
	The third flag is a convenience option, to combine a creation with
	a delete metadata into one step.  It is trivial for hypervisors
	with no metadata.
	The qemu changes will be involved enough to warrant a separate patch.
	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE)
	(VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT)
	(VIR_DOMAIN_SNAPSHOT_CREATE_NO_METADATA): New flags.
	* src/libvirt.c (virDomainSnapshotCreateXML): Document them, and
	enforce mutual exclusion.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Trivial
	implementation.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
	* docs/formatsnapshot.html.in: Document re-creation.

	snapshot: identify qemu snapshot roots
	Filtering for roots is pretty easy to do.
	* src/conf/domain_conf.h (virDomainSnapshotObjListGetNames)
	(virDomainSnapshotObjListNum): Update prototype.
	* src/conf/domain_conf.c (virDomainSnapshotObjListCopyNames)
	(virDomainSnapshotObjListGetNames, virDomainSnapshotObjListCount)
	(virDomainSnapshotObjListNum): Support filtering.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotNum)
	(qemuDomainSnapshotListNames): Update callers.

	snapshot: reflect new dumpxml and list options in virsh
	New flag bits are worth exposing via virsh.  In the case of
	snapshot-list --roots, it's possible to emulate this even when
	talking to an older server that lacks the bit; whereas
	--metadata requires a newer server.
	Although we don't use --security-info yet, the flag is already
	documented for other dumpxml operations, and turning it on now
	will make it useful when a future patch actually has to honor it.
	* tools/virsh.c (cmdSnapshotDumpXML, cmdSnapshotCurrent): Add
	--security-info.
	(cmdSnapshotList): Add --roots, --metadata.
	* tools/virsh.pod (snapshot-dumpxml, snapshot-current)
	(snapshot-list): Document these.

	snapshot: identify which snapshots have metadata
	To make it easier to know when undefine will fail because of existing
	snapshot metadata, we need to know how many snapshots have metadata.
	Also, it is handy to filter the list of snapshots to just those that
	have no parents; document that flag now, but implement it in later patches.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_LIST_ROOTS)
	(VIR_DOMAIN_SNAPSHOT_LIST_METADATA): New flags.
	* src/libvirt.c (virDomainSnapshotNum)
	(virDomainSnapshotListNames): Document them.
	* src/esx/esx_driver.c (esxDomainSnapshotNum)
	(esxDomainSnapshotListNames): Implement trivial flag.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotNum)
	(vboxDomainSnapshotListNames): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotNum)
	(qemuDomainSnapshotListNames): Likewise.

	snapshot: let qemu discard only snapshot metadata
	Adding this was trivial compared to the previous patch for fixing
	qemu snapshot deletion in the first place.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiscard): Add
	parameter.
	(qemuDomainSnapshotDiscardDescendant, qemuDomainSnapshotDelete):
	Update callers.

	snapshot: allow deletion of just snapshot metadata
	A future patch will make it impossible to remove a domain if it
	would leave behind any libvirt-tracked metadata about snapshots,
	since stale metadata interferes with a new domain by the same name.
	But requiring snaphot contents to be deleted before removing a
	domain is harsh; with qemu, qemu-img can still make use of the
	contents after the libvirt domain is gone.  Therefore, we need
	an option to get rid of libvirt tracking information, but not
	the actual contents.  For hypervisors that do not track any
	metadata in libvirt, the implementation is trivial; all remaining
	hypervisors (really, just qemu) will be dealt with separately.
	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_DELETE_METADATA_ONLY): New flag.
	* src/libvirt.c (virDomainSnapshotDelete): Document it.
	* src/esx/esx_driver.c (esxDomainSnapshotDelete): Trivially
	supported when there is no libvirt metadata.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotDelete): Likewise.

	snapshot: simplify acting on just children
	Similar to the last patch in isolating the filtering from the
	client actions, so that clients don't have to reinvent the
	filtering.
	* src/conf/domain_conf.h (virDomainSnapshotForEachChild): New
	prototype.
	* src/libvirt_private.syms (domain_conf.h): Export it.
	* src/conf/domain_conf.c (virDomainSnapshotActOnChild)
	(virDomainSnapshotForEachChild): New functions.
	(virDomainSnapshotCountChildren): Delete.
	(virDomainSnapshotHasChildren): Simplify.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotReparentChildren)
	(qemuDomainSnapshotDelete): Likewise.

	snapshot: track current domain across deletion of children
	Deleting a snapshot and all its descendants had problems with
	tracking the current snapshot.  The deletion does not necessarily
	proceed in depth-first order, so a parent could be deleted
	before a child, wreaking havoc on passing the notion of the
	current snapshot to the parent.  Furthermore, even if traversal
	were depth-first, doing multiple file writes to pass current up
	the chain one snapshot at a time is wasteful, comparing to a
	single update to the current snapshot at the end of the algorithm.
	* src/qemu/qemu_driver.c (snap_remove): Add field.
	(qemuDomainSnapshotDiscard): Add parameter.
	(qemuDomainSnapshotDiscardDescendant): Adjust accordingly.
	(qemuDomainSnapshotDelete): Properly reset current.

	snapshot: avoid crash when deleting qemu snapshots
	This one's nasty.  Ever since we fixed virHashForEach to prevent
	nested hash iterations for safety reasons (commit fba550f6),
	virDomainSnapshotDelete with VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN
	has been broken for qemu: it deletes children, while leaving
	grandchildren intact but pointing to a no-longer-present parent.
	But even before then, the code would often appear to succeed to
	clean up grandchildren, but risked memory corruption if you have
	a large and deep hierarchy of snapshots.
	For acting on just children, a single virHashForEach is sufficient.
	But for acting on an entire subtree, it requires iteration; and
	since we declared recursion as invalid, we have to switch to a
	while loop.  Doing this correctly requires quite a bit of overhaul,
	so I added a new helper function to isolate the algorithm from the
	actions, so that callers do not have to reinvent the iteration.
	Note that this _still_ does not handle CHILDREN correctly if one
	of the children is the current snapshot; that will be next.
	* src/conf/domain_conf.h (_virDomainSnapshotDef): Add mark.
	(virDomainSnapshotForEachDescendant): New prototype.
	* src/libvirt_private.syms (domain_conf.h): Export it.
	* src/conf/domain_conf.c (virDomainSnapshotMarkDescendant)
	(virDomainSnapshotActOnDescendant)
	(virDomainSnapshotForEachDescendant): New functions.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiscardChildren):
	Replace...
	(qemuDomainSnapshotDiscardDescenent): ...with callback that
	doesn't nest hash traversal.
	(qemuDomainSnapshotDelete): Use new function.

	snapshot: speed up snapshot location
	Each snapshot lookup was iterating over the entire hash table, O(n),
	instead of honing in directly on the hash key, amortized O(1).
	Besides, fixing this means that virDomainSnapshotFindByName can now
	be used inside another virHashForeach iteration (without this patch,
	attempts to lookup a snapshot by name during a hash iteration will
	fail due to nested iteration).
	* src/conf/domain_conf.c (virDomainSnapshotFindByName): Simplify.
	(virDomainSnapshotObjListSearchName): Delete unused function.

	snapshot: add snapshot-list --parent to virsh
	Even though I recently added 'virsh snapshot-parent', doing it one
	snapshot at a time is painful, so make it possible to expand the
	snapshot-list table at once.
	* tools/virsh.c (cmdSnapshotList): Add --parent.
	* tools/virsh.pod (snapshot-list): Document it.

	snapshot: fine-tune qemu snapshot revert states
	For a system checkpoint of a running or paused domain, it's fairly
	easy to honor new flags for altering which state to use after the
	revert.  For an inactive snapshot, the revert has to be done while
	there is no qemu process, so do back-to-back transitions; this also
	lets us revert to inactive snapshots even for transient domains.
	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Support new
	flags.

	snapshot: properly revert qemu to offline snapshots
	Commit 5e47785 broke reverts to offline system checkpoint snapshots
	with older qemu, since there is no longer any code path to use
	qemu -loadvm on next boot.  Meanwhile, reverts to offline system
	checkpoints have been broken for newer qemu, both before and
	after that commit, since -loadvm no longer works to revert to
	disk state without accompanying vm state.  Fix both of these by
	using qemu-img to revert disk state.
	Meanwhile, consolidate the (now 3) clients of a qemu-img iteration
	over all disks of a VM into one function, so that any future
	algorithmic fixes to the FIXMEs in that function after partial
	loop iterations are dealt with at once.  That does mean that this
	patch doesn't handle partial reverts very well, but we're not
	making the situation any worse in this patch.
	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Use
	qemu-img rather than 'qemu -loadvm' to revert to offline snapshot.
	(qemuDomainSnapshotRevertInactive): New helper.
	(qemuDomainSnapshotCreateInactive): Factor guts...
	(qemuDomainSnapshotForEachQcow2): ...into new helper.
	(qemuDomainSnapshotDiscard): Use it.

	snapshot: improve reverting to qemu paused snapshots
	If you take a checkpoint snapshot of a running domain, then pause
	qemu, then restore the snapshot, the result should be a running
	domain, but the code was leaving things paused.  Furthermore, if
	you take a checkpoint of a paused domain, then run, then restore,
	there was a brief but non-deterministic window of time where the
	domain was running rather than paused.  Fix both of these
	discrepancies by always pausing before restoring.
	Also, check that the VM is active every time lock is dropped
	between two monitor calls.
	Finally, straighten out the events that get emitted on each
	transition.
	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Always
	pause before reversion, and improve events.

	snapshot: fine-tune qemu saved images starting paused
	Implement the new running/paused overrides for saved state management.
	Unfortunately, for virDomainSaveImageDefineXML, the saved state
	updates are write-only - I don't know of any way to expose a way
	to query the current run/pause setting of an existing save image
	file to the user without adding a new API or modifying the domain
	xml of virDomainSaveImageGetXMLDesc to include a new element to
	reflect the state bit encoded into the save image.  However, I
	don't think this is a show-stopper, since the API is designed to
	leave the state bit alone unless an explicit flag is used to
	change it.
	* src/qemu/qemu_driver.c (qemuDomainSaveInternal)
	(qemuDomainSaveImageOpen): Adjust signature.
	(qemuDomainSaveFlags, qemuDomainManagedSave)
	(qemuDomainRestoreFlags, qemuDomainSaveImageGetXMLDesc)
	(qemuDomainSaveImageDefineXML, qemuDomainObjRestore): Adjust
	callers.

	snapshot: expose --running and --paused in virsh
	Pretty straight-forward exposure of new flags.  For most commands,
	we let the API reject mutually exclusive flags; but for save-image-edit,
	we do the sanity check ourselves to avoid looping on flag failure if
	the edit cycle is ever enhanced to allow the user to retry an edit
	to fix up an xml validation error.
	* tools/virsh.c (cmdManagedSave, cmdRestore, cmdSave)
	(cmdSaveImageDefine, cmdSaveImageEdit): Add new flags.
	* tools/virsh.pod (managedsave, restore, save, save-image-define)
	(save-image-edit): Document them.

	snapshot: fine-tune ability to start paused
	While it is nice that snapshots and saved images remember whether
	the domain was running or paused, sometimes the restoration phase
	wants to guarantee a particular state (paused to allow hot-plugging,
	or running without needing to call resume).  This introduces new
	flags to allow the control, and a later patch will implement the
	flags for qemu.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SAVE_RUNNING)
	(VIR_DOMAIN_SAVE_PAUSED, VIR_DOMAIN_SNAPSHOT_REVERT_RUNNING)
	(VIR_DOMAIN_SNAPSHOT_REVERT_PAUSED): New flags.
	* src/libvirt.c (virDomainSaveFlags, virDomainRestoreFlags)
	(virDomainManagedSave, virDomainSaveImageDefineXML)
	(virDomainRevertToSnapshot): Document their use, and enforce
	mutual exclusion.

	snapshot: better events when starting paused
	There are two classes of management apps that track events - one
	that only cares about on/off (and only needs to track EVENT_STARTED
	and EVENT_STOPPED), and one that cares about paused/running (also
	tracks EVENT_SUSPENDED/EVENT_RESUMED).  To keep both classes happy,
	any transition that can go from inactive to paused must emit two
	back-to-back events - one for started and one for suspended (since
	later resuming of the domain will only send RESUMED, but the first
	class isn't tracking that).
	This also fixes a bug where virDomainCreateWithFlags with the
	VIR_DOMAIN_START_PAUSED flag failed to start paused when restoring
	from a managed save image.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_EVENT_SUSPENDED_RESTORED)
	(VIR_DOMAIN_EVENT_SUSPENDED_FROM_SNAPSHOT)
	(VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT): New sub-events.
	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Use them.
	(qemuDomainSaveImageStartVM): Likewise, and add parameter.
	(qemudDomainCreate, qemuDomainObjStart): Send suspended event when
	starting paused.
	(qemuDomainObjRestore): Add parameter.
	(qemuDomainObjStart, qemuDomainRestoreFlags): Update callers.
	* examples/domain-events/events-c/event-test.c
	(eventDetailToString): Map new detail strings.

2011-09-02  Marc-André Lureau  <marcandre.lureau@redhat.com>

	Learn to use spicevmc as a redirection type for usb-redir

	Add "redirdev" redirection device
	- create a new "redirdev" element for this purpose

	qemu: Don't append 0 at usb id, so that it is compatible with legacy -usb
	QEMU uses USB bus name "usb.0" when using the legacy -usb argument.
	If we want to allow USB devices to specify their addresses with legacy
	-usb, we should either in case of legacy bus name drop the 0 from the
	address bus, or just drop the 0 from device id. This patch does the
	later.
	Another solution would be to permit addressing on non-legacy USB
	controllers only.

	qemu: don't reserve slot 1 if a PIIX3 USB controller is defined there
	Applies only to piix3 and check if piix3 controller is on correct
	address, or report error

	Modify USB port to be defined as a port path
	So that devices can be attached to hubs. Example, to attach to first
	port of a usb-hub on port 1.
	      <hub type='usb'>
	         <address type='usb' bus='0' port='1'/>
	      </hub>
	      <input type='mouse' type='usb'>
	         <address type='usb' bus='0' port='1.1'/>
	      </hub>
	also add a test entry

	Add USB hub device
	domain parsing and serialization code, qemu driver backend and
	a couple of test

	Add USB companion controllers support
	Companion controllers take an extra 'master' attribute to associate
	them.
	Also add tests for this

	USB devices gain a new USB address child element
	Expand the domain and the QEmu driver code
	Adds a couple of tests

	test: USB controller can have a PCI address child element
	add a few tests for the new constructs

	Add a new controller type 'usb' with optionnal 'model'
	The model by default is piix3-uchi.
	Example:
	<controller type='usb' index='0' model='ich9-ehci'/>

	Add USB controller models
	List is: piix3-uhci piix4-uhci ehci ich9-ehci1 ich9-uhci1 ich9-uhci2
	ich9-uhci3 vt82c686b-uhci pci-ohci

	Rename virDomainControllerModel to virDomainControllerModelSCSI
	Since we are about to add USB controller support let's remove the
	ambiguity

	Add various USB devices QEMU_CAPS

2011-09-02  Eric Blake  <eblake@redhat.com>

	snapshot: fix corner case on OOM during creation
	Commit 6766ff10 introduced a corner case bug with snapshot creation:
	if a snapshot is created, but then we hit OOM while trying to
	create the return value of the function, then we have polluted the
	internal directory with the snapshot metadata with no way to clean
	it up from the running libvirtd.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Don't
	write metadata file on OOM condition.

	tests: add missing files
	Created by copying from qemuxml2argv-disk-drive-v2-wb.*, then
	s/writeback/directsync/.  Hopefully this matches Osier's intentions.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-cache-directsync.args:
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-cache-directsync.xml:
	Add missing files needed by 'make check'.

2011-09-02  Osier Yang  <jyang@redhat.com>

	Add directsync cache mode support for disk driver
	Newer QEMU introduced cache=directsync for -drive, this patchset
	is to expose it in libvirt layer.
	  * Introduced a new QEMU capability flag ($prefix_CACHE_DIRECTSYNC),
	    As even $prefix_CACHE_V2 is set, we can't known if directsync
	    is supported.

	storage: Add virsh support for fs pool formating

	storage: Add fs pool formatting
	This patch adds the ability to make the filesystem for a filesystem
	pool during a pool build.
	The patch adds two new flags, no overwrite and overwrite, to control
	when mkfs gets executed.  By default, the patch preserves the
	current behavior, i.e., if no flags are specified, pool build on a
	filesystem pool only makes the directory on which the filesystem
	will be mounted.
	If the no overwrite flag is specified, the target device is checked
	to determine if a filesystem of the type specified in the pool is
	present.  If a filesystem of that type is already present, mkfs is
	not executed and the build call returns an error.  Otherwise, mkfs
	is executed and any data present on the device is overwritten.
	If the overwrite flag is specified, mkfs is always executed, and any
	existing data on the target device is overwritten unconditionally.

	storage: Add mkfs and libblkid to build system

	API: Init conn in case of it might be used uninitialized
	There is a goto before "conn" is initialized.

2011-09-02  Eric Blake  <eblake@redhat.com>

	qemu: detect incomplete save files
	Several users have reported problems with 'virsh start' failing because
	it was encountering a managed save situation where the managed save file
	was incomplete.  Be more robust to this by using two different magic
	numbers, so that newer libvirt can gracefully handle an incomplete file
	differently than a complete one, while older libvirt will at least fail
	up front rather than trying to load only to have qemu fail at the end.
	Managed save is a convenience - it exists to preserve as much state
	as possible; if the state was not preserved, it is reasonable to just
	log that fact, then proceed with a fresh boot.  On the other hand,
	user saves are under user control, so we must fail, but by making
	the failure message distinct, the user can better decide how to handle
	the situation of an incomplete save file.
	* src/qemu/qemu_driver.c (QEMUD_SAVE_PARTIAL): New define.
	(qemuDomainSaveInternal): Use it to mark incomplete images.
	(qemuDomainSaveImageOpen, qemuDomainObjRestore): Add parameter
	that controls what to do with partial images.
	(qemuDomainRestoreFlags, qemuDomainSaveImageGetXMLDesc)
	(qemuDomainSaveImageDefineXML, qemuDomainObjStart): Update callers.
	Based on an initial idea by Osier Yang.

	qemu: refactor file opening
	In a SELinux or root-squashing NFS environment, libvirt has to go
	through some hoops to create a new file that qemu can then open()
	by name.  Snapshots are a case where we want to guarantee an empty
	file that qemu can open; also, reopening a save file to convert it
	from being marked partial to complete requires a reopen to avoid
	O_DIRECT headaches.  Refactor some existing code to make it easier
	to reuse in later patches.
	* src/qemu/qemu_migration.h (qemuMigrationToFile): Drop parameter.
	* src/qemu/qemu_migration.c (qemuMigrationToFile): Let cgroup do
	the stat, rather than asking caller to do it and pass info down.
	* src/qemu/qemu_driver.c (qemuOpenFile): New function, pulled from...
	(qemuDomainSaveInternal): ...here.
	(doCoreDump, qemuDomainSaveImageOpen): Use it here as well.

2011-09-02  Wen Congyang  <wency@cn.fujitsu.com>

	reserve slot 1 on pci bus0
	After supporting multi function pci device, we only reserve function 1 on slot 1.
	The user can use the other function on slot 1 in the xml config file. We should
	detect this wrong usage.

2011-09-02  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	libvirtd: create run dir when running at non-root user
	When libvirtd is running at non-root user, it won't create ${HOME}/.libvirt.
	It will show error message:
	17:44:16.838: 7035: error : virPidFileAcquirePath:322 : Failed to open pid file

2011-09-02  Scott Moser  <smoser@ubuntu.com>

	lxc: do not require 'ifconfig' or 'ipconfig' in container
	Currently, the lxc implementation invokes 'ip' and 'ifconfig' commands
	inside a container using 'virRun'.  That has the side effect of requiring
	those commands to be present and to function in a manner consistent with
	the usage.  Some small roots (such as ttylinux) may not have 'ip' or
	'ifconfig'.
	This patch replaces the use of these commands with usage of
	netdevice.  The result is that lxc containers do not have to implement
	those commands, and lxc in libvirt is only dependent on the netdevice
	interface.
	I've tested this patch locally against the ubuntu libvirt version enough
	to verify its generally sane.  I attempted to build upstream today, but
	failed with:
	  /usr/bin/ld:
	    ../src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_domain.o):
	   undefined reference to symbol 'xmlXPathRegisterNs@@LIBXML2_2.4.30
	Thats probably a local issue only, but I wanted to get this patch up and
	see what others thought of it.  This is ubuntu bug
	https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/828211 .

2011-09-02  Serge Hallyn  <serge.hallyn@canonical.com>

	Create ptmx as a device
	Hi,
	I'm seeing an issue with udev and libvirt-lxc.  Libvirt-lxc creates
	/dev/ptmx as a symlink to /dev/pts/ptmx.  When udev starts up, it
	checks the device type, sees ptmx is 'not right', and replaces it
	with a 'proper' ptmx.
	In lxc, /dev/ptmx is bind-mounted from /dev/pts/ptmx instead of being
	symlinked, so udev sees the right device type and leaves it alone.
	A patch like the following seems to work for me.  Would there be
	any objections to this?
	>From 4c5035de52de7e06a0de9c5d0bab8c87a806cba7 Mon Sep 17 00:00:00 2001
	From: Ubuntu <ubuntu@domU-12-31-39-14-F0-B3.compute-1.internal>
	Date: Wed, 31 Aug 2011 18:15:54 +0000
	Subject: [PATCH 1/1] make ptmx a bind mount rather than symlink
	udev on some systems checks the device type of /dev/ptmx, and replaces it if
	not as expected.  The symlink created by libvirt-lxc therefore gets replaced.
	By creating it as a bind mount, the device type is correct and udev leaves it
	alone.

2011-09-02  Adam Litke  <agl@us.ibm.com>

	BlockPull: Set initial bandwidth limit if specified
	The libvirt BlockPull API supports the use of an initial bandwidth limit but the
	qemu block_stream API does not.  To get the desired behavior we use the two APIs
	strung together: first BlockPull, then BlockJobSetSpeed.  We can do this at the
	driver level to avoid duplicated code in each monitor path.

	BlockJob: Bandwidth parameter is in MB when using text monitor
	Due to an unfortunate precedent in qemu, the units for the bandwidth parameter
	to block_job_set_speed are different between the text monitor and the qmp
	monitor.  While the qmp monitor uses bytes/s, the text monitor expects MB/s.
	Correct the units for the text interface.

2011-09-02  Jim Fehlig  <jfehlig@suse.com>

	Increase size of buffer for xend response
	On systems with many pcpus, the sexpr returned by xend can be quite
	large for dom0 when it is configured to have #vcpus = #pcpus (default).
	E.g. on a 80 pcpu system, where dom0 had 80 vcpus, the sexpr details
	for dom0 was 73817 bytes!  Increase maximum buffer size to 256k.

	Don't overwrite errors from xend_{get,req}
	xenDaemonDomainFetch() was overwriting errors reported by
	xend_get() and xend_req().  E.g. without patch
	error: failed Xen syscall xenDaemonDomainFetch failed to find this domain
	with patch
	error: internal error Xend returned HTTP Content-Length of 73817, which exceeds
	maximum of 65536

	Change my email domain
	I'd like to change my primary email address to jfehlig@suse.com.
	This patch changes it in AUTHORS and .mailmap.

2011-09-02  Eric Blake  <eblake@redhat.com>

	virsh: improve send-key documentation
	The 'virsh man' description of send-key was incomplete and used the
	old style (literal 'optional name' instead of '[name]' metasyntax).
	Meanwhile, none of the other virsh help texts include examples, so
	I moved it out of virsh help and into the man page.
	* tools/virsh.pod (send-key): Give better details.
	* tools/virsh.c (info_send_key): Drop example from here.

	virsh: support 'virsh start --force-boot' on older servers
	Managed save was added in 0.8.0, virDomainCreateWithFlags in 0.8.2,
	and FORCE_BOOT in 0.9.5.  The virsh flag is more useful if we
	emulate it for all older servers (note that if a hypervisor fails
	the query for a managed save image, then it does not have one to
	be removed, so the flag can be safely ignored).
	* tools/virsh.c (cmdStart): Add emulation for new flag.

2011-09-02  Alex Jia  <ajia@redhat.com>

	virsh: avoid memory leak on cmdVolCreateAs
	* tools/virsh.c: fix memory leak on cmdVolCreateAs function.
	* Detected in valgrind run:
	==4746==
	==4746== 48 (40 direct, 8 indirect) bytes in 1 blocks are definitely lost in loss record 26 of 52
	==4746==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==4746==    by 0x4C76E51: virAlloc (memory.c:101)
	==4746==    by 0x4CD9418: virGetStoragePool (datatypes.c:592)
	==4746==    by 0x4D21367: remoteStoragePoolLookupByName (remote_driver.c:4126)
	==4746==    by 0x4CE42B0: virStoragePoolLookupByName (libvirt.c:10232)
	==4746==    by 0x40C276: vshCommandOptPoolBy (virsh.c:13660)
	==4746==    by 0x40CA37: cmdVolCreateAs (virsh.c:8094)
	==4746==    by 0x412AF2: vshCommandRun (virsh.c:13770)
	==4746==    by 0x422F11: main (virsh.c:15127)
	==4746==
	==4746== 1,011 bytes in 1 blocks are definitely lost in loss record 45 of 52
	==4746==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==4746==    by 0x4A06167: realloc (vg_replace_malloc.c:525)
	==4746==    by 0x4C76ECB: virReallocN (memory.c:161)
	==4746==    by 0x4C60319: virBufferGrow (buf.c:72)
	==4746==    by 0x4C606AA: virBufferAdd (buf.c:106)
	==4746==    by 0x40CB37: cmdVolCreateAs (virsh.c:8118)
	==4746==    by 0x412AF2: vshCommandRun (virsh.c:13770)
	==4746==    by 0x422F11: main (virsh.c:15127)
	==4746==
	==4746== LEAK SUMMARY:
	==4746==    definitely lost: 1,051 bytes in 2 blocks
	==4746==    indirectly lost: 8 bytes in 1 blocks
	==4746==      possibly lost: 0 bytes in 0 blocks
	==4746==    still reachable: 390,767 bytes in 1,373 blocks
	==4746==         suppressed: 0 bytes in 0 blocks
	* How to reproduce?
	% valgrind -v --leak-check=full virsh vol-create-as default foo.img 10M \
	  --allocation 0 --format qcow2 --backing-vol bar.img
	Notes: bar.img doesn't exist.

2011-09-02  Eric Blake  <eblake@redhat.com>

	build: fix 'make check' with pdwtags
	Problem introduced by commit b12354b.
	* src/remote_protocol-structs: Remove spurious blank line.

2011-09-02  Jim Fehlig  <jfehlig@novell.com>

	virsh: Expose virDomainMigrateGetMaxSpeed API

	Add public API for getting migration speed
	Includes impl of python binding since the generator was not
	able to cope.
	Note: Requires gendispatch.pl patch from Matthias Bolte
	https://www.redhat.com/archives/libvir-list/2011-August/msg01367.html

2011-09-01  Eric Blake  <eblake@redhat.com>

	virsh: prefer unsigned flags
	virsh had some leftover 'int flags', and even an 'int flag'
	declaration, compared to our preferred style of 'unsigned int flags'.
	* tools/virsh.c (cmdUndefine, cmdSave, cmdSaveImageDumpxml)
	(cmdSaveImageEdit, cmdManagedSave, cmdRestore, cmdDump)
	(cmdVcpuPin, cmdSetvcpus, cmdSetmem, cmdSetmaxmem, cmdDumpXML)
	(cmdDomXMLFromNative, cmdDomXMLToNative, doMigrate)
	(cmdInterfaceEdit, cmdInterfaceDumpXML, cmdEdit): Match coding
	style for flags.
	(struct vshComdOptDef): Rename field member.
	(vshCmddefOptParse, vshCmddefHelp): Adjust clients.

2011-09-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix tracking of RPC messages wrt streams
	Commit 2c85644b0b51fbe5b6244e6773531af29933a727 attempted to
	fix a problem with tracking RPC messages from streams by doing
	-            if (msg->header.type == VIR_NET_REPLY) {
	+            if (msg->header.type == VIR_NET_REPLY ||
	+                (msg->header.type == VIR_NET_STREAM &&
	+                 msg->header.status != VIR_NET_CONTINUE)) {
	                 client->nrequests--;
	In other words any stream packet, with status NET_OK or NET_ERROR
	would cause nrequests to be decremented. This is great if the
	packet from from a synchronous virStreamFinish or virStreamAbort
	API call, but wildly wrong if from a server initiated abort.
	The latter resulted in 'nrequests' being decremented below zero.
	This then causes all I/O for that client to be stopped.
	Instead of trying to infer whether we need to decrement the
	nrequests field, from the message type/status, introduce an
	explicit 'bool tracked' field to mark whether the virNetMessagePtr
	object is subject to tracking.
	Also add a virNetMessageClear function to allow a message
	contents to be cleared out, without adversely impacting the
	'tracked' field as a naive memset() would do
	* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h: Add
	  a 'bool tracked' field and virNetMessageClear() API
	* daemon/remote.c, daemon/stream.c, src/rpc/virnetclientprogram.c,
	  src/rpc/virnetclientstream.c, src/rpc/virnetserverclient.c,
	  src/rpc/virnetserverprogram.c: Switch over to use
	  virNetMessageClear() and pass in the 'bool tracked' value
	  when creating messages.

	Avoid use-after-free on streams, due to message callbacks
	When sending outbound stream RPC messages, a callback is
	used to re-enable stream data transmission. If the stream
	aborts while one of these messages is outstanding, the
	stream may have been free'd by the time it is invoked. This
	results in a use-after-free error
	* daemon/stream.c: Ref-count streams to avoid use-after-free

	Fix parted sector size assumption
	Parted does not report disk size in 512 byte units, but
	rather the disks' logical sector size, which with modern
	drives might be 4k.
	* src/storage/parthelper.c: Remove hardcoded 512 byte sector
	  size

2011-09-01  Osier Yang  <jyang@redhat.com>

	qemu: Fix a regression of domain save
	* src/qemu/qemu_driver.c - qemuDomainSaveInternal: Return directly
	will keep the domain object locked, introduced by 173015bec6a.

	Revert "test: Cleanup improper VIR_ERR_NO_SUPPORT use"
	This reverts commit 172214bd304ff958160307be2efd6614e9868946.

	storage: Fix incorrect error codes
	Commit 0376f4a69b intended to fix incorrect use of VIR_ERR_NO_SUPPORT,
	but replacing it with VIR_ERR_OPERATION_INVALID is not proper either.

	remote: Fix incorrect error codes
	Introduced by d4b53ef6c. For "no internalFlags support", the
	error code is changed into INTERNAL_ERROR.

	nodeinfo: Fix incorrect error codes
	Introduced by 5e495c8b, except the ones for checking if numa
	is supported by host, all the NO_SUPPORT are changed back. For
	the ones about numa checking, change them into INTERNAL_ERROR.

	lxc: Fix incorrect changes on error codes.
	Fix incorrect changes introduced by commit 6ac47762bb9.

	conf: Substitute OPERATION_INVALID with INTERNAL_ERROR

2011-09-01  Daniel P. Berrange  <berrange@redhat.com>

	Stop libxl driver polluting logs on non-Xen hosts
	If the libxl driver is compiled in, then everytime libvirtd
	starts up on a non-Xen Dom0 host, it logs a error message.
	Since this is an expected condition, we should not log at
	'error' level, only 'info'.
	* src/libxl/libxl_driver.c: Lower log level for certain
	  expected errors during driver init

	Fix memory leak parsing 'relabel' attribute in domain security XML
	* src/conf/domain_conf.c: Free the 'relabel' attribute

	Fix memory leak dispatching domain events
	When dispatching domain events we will create an XDR struct
	containing the event info. Some of this data may be allocated
	on the heap and so must be freed. The graphics event dispatcher
	had a broken attempt to free one field, but missed others. All
	the events have a dom->name string that needs freeing. The code
	should have used the xdr_free() procedure for doing all this
	* daemon/remote.c: Use xdr_free after dispatching events

	Don't leak memory if a cgroup is mounted multiple times
	It is possible (expected/likely in Fedora 15) for a cgroup controller
	to be mounted in multiple locations at the same time, due to bind
	mounts. Currently we leak memory if this happens, because we overwrite
	the previous 'mountPoint' string. Instead just accept the first match
	we find.
	* src/util/cgroup.c: Only accept first match for a cgroup
	  controller mount

2011-08-31  Eric Blake  <eblake@redhat.com>

	security: fix build
	Regression introduced in commit 183383889.
	* src/libvirt_private.syms (security_manager.h): Drop deleted
	symbol. Detected by build-bot.

2011-08-31  Guannan Ren  <gren@redhat.com>

	stream: remove redundant reference to client while sending stream data
	    *daemon/stream.c: remove virNetServerClientRef()

2011-08-31  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus virSecurityManagerSetProcessFDLabel method
	The virSecurityManagerSetProcessFDLabel method was introduced
	after a mis-understanding from a conversation about SELinux
	socket labelling. The virSecurityManagerSetSocketLabel method
	should have been used for all such scenarios.
	* src/security/security_apparmor.c, src/security/security_apparmor.c,
	  src/security/security_driver.h, src/security/security_manager.c,
	  src/security/security_manager.h, src/security/security_selinux.c,
	  src/security/security_stack.c: Remove SetProcessFDLabel driver

	Fix sanlock socket security labelling
	It is not possible to change the label of a TCP socket once it
	has been opened. When creating a TCP socket care must be taken
	to ensure the socket creation label is set & then cleared.
	Remove the bogus call to virSecurityManagerSetProcessFDLabel
	from the lock driver guest setup code and instead make use of
	virSecurityManagerSetSocketLabel

	Fix incorrect path length check in sanlock lockspace setup
	The code for creating a sanlock lockspace accidentally used
	SANLK_NAME_LEN instead of SANLK_PATH_LEN for a size check.
	This meant disk paths were limited to 48 bytes !
	* src/locking/lock_driver_sanlock.c: Fix disk path length
	  check

2011-08-31  Eric Blake  <eblake@redhat.com>

	snapshot: forbid snapshot on autodestroy domain
	There is no reason to forbid pausing an autodestroy domain
	(not to mention that 'virsh start --paused --autodestroy'
	succeeds in creating a paused autodestroy domain).
	Meanwhile, qemu was failing to enforce the API documentation that
	autodestroy domains cannot be saved.  And while the original
	documentation only mentioned save/restore, snapshots are another
	form of saving that are close enough in semantics as to make no
	sense on one-shot domains.
	* src/qemu/qemu_driver.c (qemudDomainSuspend): Drop bogus check.
	(qemuDomainSaveInternal, qemuDomainSnapshotCreateXML): Forbid
	saves of autodestroy domains.
	* src/libvirt.c (virDomainCreateWithFlags, virDomainCreateXML):
	Document snapshot interaction.

2011-08-31  Philipp Hahn  <hahn@univention.de>

	Fix error detection in device change
	According to qemu-kvm/qerror.c all messages start with a capital
	"Device ", but the current code only scans for the lower case "device ".
	This results in "virDomainUpdateDeviceFlags()" to not detect locked
	CD-ROMs and reporting success even in the case of a failure:
		# virsh qemu-monitor-command "$VM" change\ drive-ide0-0-0\ \"/var/lib/libvirt/images/ucs_2.4-0-sec4-20110714145916-dvd-amd64.iso\"
		Device 'drive-ide0-0-0' is locked
		# virsh update-device "$VM" /dev/stdin <<<"<disk type='file' device='cdrom'><driver name='qemu' type='raw'/><source file='/var/lib/libvirt/images/ucs_2.4-0-sec4-20110714145916-dvd-amd64.iso'/><target dev='hda' bus='ide'/><readonly/><alias name='ide0-0-0'/><address type='drive' controller='0' bus='0' unit='0'/></disk>"
		Device updated successfully

2011-08-30  Eric Blake  <eblake@redhat.com>

	start: allow discarding managed save
	There have been several instances of people having problems with
	a broken managed save file, and not aware that they could use
	'virsh managedsave-remove dom' to fix things.  Making it possible
	to do this as part of starting a domain makes the same functionality
	easier to find, and one less API call.
	* include/libvirt/libvirt.h.in (VIR_DOMAIN_START_FORCE_BOOT): New
	flag.
	* src/libvirt.c (virDomainCreateWithFlags): Document it.
	* src/qemu/qemu_driver.c (qemuDomainObjStart): Alter signature.
	(qemuAutostartDomain, qemuDomainStartWithFlags): Update callers.
	* tools/virsh.c (cmdStart): Expose it in virsh.
	* tools/virsh.pod (start): Document it.

	build: simplify use of verify
	Back in 2008 when this line of util.h was written, gnulib's verify
	module didn't allow the use of multiple verify() in one file
	in combination with our choice of gcc -W options.  But that has
	since been fixed in gnulib, and newer gnulib even maps verify()
	to the C1x feature of _Static_assert, which gives even nicer
	diagnostics with a new enough compiler, so we might as well go
	with the simpler verify().
	* src/util/util.h (VIR_ENUM_IMPL): Use simpler verify, now that
	gnulib module is smarter.

	qemu: properly label outgoing pipe for tunneled migration
	Commit 3261761 made it possible to use pipes instead of sockets
	for outgoing tunneled migration; however, it caused a regression
	because the pipe was never given a SELinux label.
	* src/qemu/qemu_migration.c (doTunnelMigrate): Label outgoing pipe.

2011-08-30  Guannan Ren  <gren@redhat.com>

	rpc: fix a typo in debugging log in virNetServerProgramSendStreamData
	The bufferOffset has been initialized to zero in virNetMessageEncodePayloadRaw(),
	so, we use bufferLength to represent the length of message which is going to be
	sent to client side.

2011-08-27  Eric Blake  <eblake@redhat.com>

	maint: fix spelling errors on lose
	* docs/drvqemu.html.in: Fix typo.
	* src/libvirt.c (virDomainCreateXML, virDomainCreateWithFlags):
	Likewise.

2011-08-27  Jim Fehlig  <jfehlig@novell.com>

	Fix generator to cope with call-by-ref long types
	From: Matthias Bolte <matthias.bolte@googlemail.com>
	Tested-by: Jim Fehlig <jfehlig@novell.com>
	Matthias provided this patch to fix an issue I encountered in the
	generator with APIs containing call-by-ref long type, e.g.
	int virDomainMigrateGetMaxSpeed(virDomainPtr domain,
	                                unsigned long *bandwidth,
	                                unsigned int flags);

2011-08-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	hyperv: Add basic documentation

	hyperv: Add basic driver for Microsoft Hyper-V
	Domain listing, basic information retrieval and domain life cycle
	management is implemented. But currently the domain XML output
	lacks the complete devices section.
	The driver uses OpenWSMAN to directly communicate with a Hyper-V
	server over its WS-Management interface exposed via Microsoft WinRM.
	The driver is based on the work of Michael Sievers. This started in
	the same master program project group at the University of Paderborn
	as the ESX driver.
	See Michael's blog for details: http://hyperv4libvirt.wordpress.com/

	hyperv: Add OpenWSMAN based client for the Hyper-V WMI API
	Add a generator script to generate the structs and serialization
	information for OpenWSMAN.
	openwsman.h collects workarounds for problems in OpenWSMAN <= 2.2.6.
	There are also disabled sections that would use ws_serializer_free_mem
	but can't because it's broken in OpenWSMAN <= 2.2.6. Patches to fix
	this have been posted upstream.

	hyperv: Add driver skeleton

	hyperv: Add configure check for OpenWSMAN

2011-08-26  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	schedinfo: update man page about virsh schedinfo command
	This patch updates the man page about virsh schedinfo command.
	 - fix typo: 1844674407370955 -> 18446744073709551
	 - describe the value 0 of vcpu_period and vcpu_quota parameters

2011-08-26  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	Fix persistent migration config save
	When a user migrates a domain by command as
	libvirt saves vm's domain XML config in destination host after migration.
	But it saves vm->def. Then, the saved XML contains some garbage.
	  <domain type='kvm' id='50'>
	                     ^^^^^^^^
	  ...
	   <console type='pty' tty='/dev/pts/5'>
	                       ^^^^^^^^^^^^^^^^^
	Avoid saving unnecessary things by saving persistent vm definition.

2011-08-26  Jiri Denemark  <jdenemar@redhat.com>

	rpc: Don't close connection if program is unknown
	In case we add a new program in the future (we did that in the past and
	we are going to do it again soon) current daemon will behave badly with
	new client that wants to use the new program. Before the RPC rewrite we
	used to just send an error reply to any request with unknown program.
	With the RPC rewrite in 0.9.3 the daemon just closes the connection
	through which such request was sent. This patch fixes this regression.

2011-08-26  Michal Privoznik  <mprivozn@redhat.com>

	remote: Refuse connecting to remote socket
	If users wants to connect to remote unix socket, e.g.
	'qemu+unix://<remote>/system' currently the <remote> part is ignored,
	ending up connecting to localhost. Connecting to remote socket is not
	supported and user should have used TLS/TCP/SSH instead.

	virterror: Fix error message for VIR_ERR_INVALID_ARG
	When a detail message is presented, nobody expects prefix 'invalid
	argument in' but something more general, like 'invalid argument:'.

2011-08-26  Daniel P. Berrange  <berrange@redhat.com>

	Detect errors from the 'sendkey' command
	On success, the 'sendkey' command does not return any data, so
	any data in the reply should be considered to be an error
	message
	* src/qemu/qemu_monitor_text.c: Treat non-"" reply data as an
	  error message for 'sendkey' command

	Fix keymap used to talk with QEMU
	The QEMU 'sendkey' command expects keys to be encoded in the same
	way as the RFB extended keycode set. Specifically it wants extended
	keys to have the high bit of the first byte set, while the Linux
	XT KBD driver codeset uses the low bit of the second byte. To deal
	with this we introduce a new keymap 'RFB' and use that in the QEMU
	driver
	* include/libvirt/libvirt.h.in: Add VIR_KEYCODE_SET_RFB
	* src/qemu/qemu_driver.c: Use RFB keycode set instead of XT KBD
	* src/util/virkeycode-mapgen.py: Auto-generate the RFB keycode
	  set from the XT KBD set
	* src/util/virkeycode.c: Add RFB keycode entry to table. Add a
	  verify check on cardinality of the codeOffset table

2011-08-26  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Clarify documentation of -d option
	The default is 4, not 0.

	qemu: Correctly label migration TCP socket

	security: Introduce SetSocketLabel
	This API labels all sockets created until ClearSocketLabel is called in
	a way that a vm can access them (i.e., they are labeled with svirt_t
	based label in SELinux).

	security: Rename SetSocketLabel APIs to SetDaemonSocketLabel
	The APIs are designed to label a socket in a way that the libvirt daemon
	itself is able to access it (i.e., in SELinux the label is virtd_t based
	as opposed to svirt_* we use for labeling resources that need to be
	accessed by a vm). The new name reflects this.

	Ignore unused streams in virStreamAbort
	When virStreamAbort is called on a stream that has not been used yet,
	quite confusing error is returned: "this function is not supported by
	the connection driver". Let's just ignore such streams as there's
	nothing to abort anyway.

	Do not try to cancel non-existent migration on source
	If migration failed on source daemon, the migration is automatically
	canceled by the daemon itself. Thus we don't need to call
	virDomainMigrateConfirm3(cancelled=1). Calling it doesn't cause any harm
	but the resulting error message printed in logs may confuse people.

2011-08-26  Eric Blake  <eblake@redhat.com>

	snapshot: track current snapshot across restarts
	Audit all changes to the qemu vm->current_snapshot, and make them
	update the saved xml file for both the previous and the new
	snapshot, so that there is always at most one snapshot with
	<active>1</active> in the xml, and that snapshot is used as the
	current snapshot even across libvirtd restarts.
	This patch does not fix the case of virDomainSnapshotDelete(,CHILDREN)
	where one of the children is the current snapshot; that will be later.
	* src/conf/domain_conf.h (_virDomainSnapshotDef): Alter member
	type and name.
	* src/conf/domain_conf.c (virDomainSnapshotDefParseString)
	(virDomainSnapshotDefFormat): Update clients.
	* docs/schemas/domainsnapshot.rng: Tighten rng.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Reload current
	snapshot.
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
	(qemuDomainSnapshotDiscard): Track current snapshot.

	snapshot: only pass snapshot to qemu command line when reverting
	Changing the current vm, and writing that change to the file
	system, all before a new qemu starts, is risky; it's hard to
	roll back if starting the new qemu fails for some reason.
	Instead of abusing vm->current_snapshot and making the command
	line generator decide whether the current snapshot warrants
	using -loadvm, it is better to just directly pass a snapshot all
	the way through the call chain if it is to be loaded.
	This frees up the last use of snapshot->def->active for qemu's
	use, so the next patch can repurpose that field for tracking
	which snapshot is current.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Don't use active
	field of snapshot.
	* src/qemu/qemu_process.c (qemuProcessStart): Add a parameter.
	* src/qemu/qemu_process.h (qemuProcessStart): Update prototype.
	* src/qemu/qemu_migration.c (qemuMigrationPrepareAny): Update
	callers.
	* src/qemu/qemu_driver.c (qemudDomainCreate)
	(qemuDomainSaveImageStartVM, qemuDomainObjStart)
	(qemuDomainRevertToSnapshot): Likewise.
	(qemuDomainSnapshotSetCurrentActive)
	(qemuDomainSnapshotSetCurrentInactive): Delete unused functions.

	snapshot: don't leak resources on qemu snapshot failure
	https://bugzilla.redhat.com/show_bug.cgi?id=727709
	mentions that if qemu fails to create the snapshot (such as what
	happens on Fedora 15 qemu, which has qmp but where savevm is only
	in hmp, and where libvirt is old enough to not try the hmp fallback),
	then 'virsh snapshot-list dom' will show a garbage snapshot entry,
	and the libvirt internal directory for storing snapshot metadata
	will have a bogus file.
	This fixes the fallout bug of polluting the snapshot-list with
	garbage on failure (the root cause of the F15 bug of not having
	fallback to hmp has already been fixed in newer libvirt releases).
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Allocate
	memory before making snapshot, and cleanup on failure.  Don't
	dereference NULL if transient domain exited during snapshot creation.

2011-08-26  Alex Jia  <ajia@redhat.com>

	libvirt: avoid dead store in virDomainMigrateVersion3
	* src/qemu/qemu_migration.c: avoid dead 'ret' assignment and silence
	  clang warning.
	Detected by ccc-analyzer:
	libvirt.c:4277:5: warning: Value stored to 'ret' is never read
	    ret = domain->conn->driver->domainMigrateConfirm3
	    ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	qemu: avoid dead store in doPeer2PeerMigrate3
	* src/qemu/qemu_migration.c: avoid dead 'ret' assignment and silence
	  clang warning.
	Detected by ccc-analyzer:
	  CC     libvirt_driver_qemu_la-qemu_migration.lo
	qemu/qemu_migration.c:2046:5: warning: Value stored to 'ret' is never read
	    ret = qemuMigrationConfirm(driver, sconn, vm,
	    ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2011-08-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix command test wrt gnutls initialize & fix debugging
	The VIR_TEST_DEBUG and VIR_TEST_VERBOSE env vars did not work
	because we replaced 'environ' with 'newenv'. Simply calling
	virTestGetDebug/Verbose() before replacing the 'environ' ensures
	we have processed the env variables.
	The gnutls initialization code opens /dev/urandom and keeps that
	FD around for later use. We have code which kills off FDs 3-5
	to avoid interfereing with our test case. Move the virInitialize
	call before this point, so it kills off the gnutls /dev/urandom
	FD which is irrelevant for testing purposes
	* tests/commandtest.c: Fix test debugging & make it robust against
	  opened FDs

2011-08-25  Michal Privoznik  <mprivozn@redhat.com>

	daemon: Move TLS initialization to virInitialize
	My previous patch 74c75671331d284e1f777f9692b72e9737520bf0
	introduced a regression by removing TLS initialization from client.

2011-08-25  Laine Stump  <laine@laine.org>

	util: only fchown newly created files in virFileOpenAs
	virFileOpenAs takes desired uid:gid as arguments, and not only uses
	them for a fork/setuid/setgid when retrying failed open operations,
	but additionally always forces the opened file to be owned by the
	given uid:gid.
	One example of the problems this causes is that, when restoring a
	domain from a file that is owned by the qemu user, opening the file
	chowns it to root. if dynamic_ownership=1 this is coincidentally
	expected, but if dynamic_ownership=0, no existing file should ever
	have its ownership changed.
	This patch adds an extra check before calling fchown() - it only does
	it if O_CREAT was passed to virFileOpenAs() in the openflags.

2011-08-25  Shradha Shah  <sshah@solarflare.com>

	qemu: fix off-by-one in pci slot reservation

2011-08-25  Steve Hodgson  <shodgson@solarflare.com>

	maint: attribute second author of previous patch

2011-08-25  Shradha Shah  <sshah@solarflare.com>

	pci: fix pciDeviceListSteal on multiple devices
	pciDeviceListSteal(pcidevs, dev) removes dev from pcidevs reducing
	the length of pcidevs, so moving onto what was the next dev is wrong.
	Instead callers should pop entry 0 repeatedly until pcidevs is empty.

2011-08-24  Eric Blake  <eblake@redhat.com>

	libvirt: log all flags parameters
	I was testing a virsh patch, and wanted to see if I had passed the
	flags I thought.  But with LIBVIRT_DEBUG in the environment, I just
	saw:
	14:24:52.359: 15022: debug : virDomainSnapshotNum:15586 : dom=0xc9c180, (VM: name=rhel_6-64, uuid=48f8e8e7-e14f-0e14-02f0-ce71997bdcab),
	including a trailing space.  This fixes the issues.
	* src/libvirt.c: Log flag parameters, even if currently unused.
	(VIR_DOMAIN_DEBUG_0): Drop trailing comma in log.
	(VIR_DOMAIN_DEBUG_1): Split guts into...
	(VIR_DOMAIN_DEBUG_2): ...new macro.

	virsh: add list --managed-save
	Knowing whether 'virsh start' will resume a saved image or do
	a fresh boot is useful enough to expose via 'virsh list'.
	Also, translate the state column.
	* tools/virsh.c (cmdList): add --managed-save flag
	* tools/virsh.pod (list): Document it.
	Based on a suggestion by Miklos Vajna.

2011-08-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Use $(PYTHON) instead of the shebang to run the generator

2011-08-24  Osier Yang  <jyang@redhat.com>

	qemu: Report error if qemu monitor command not found for BlockJob
	* src/qemu/qemu_monitor_json.c: Handle error "CommandNotFound" and
	  report the error.
	* src/qemu/qemu_monitor_text.c: If a sub info command is not found,
	  it prints the output of "help info", for other commands,
	  "unknown command" is printed.
	Without this patch, libvirt always report:
	  An error occurred, but the cause is unknown
	This patch was adapted from a patch by Osier Yang <jyang@redhat.com> to
	break out detection of unrecognized text monitor commands into a separate
	function.

2011-08-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Refactor a repeated string in the generator

2011-08-24  Eric Blake  <eblake@redhat.com>

	maint: fix comment typos
	* src/qemu/qemu_driver.c (qemuDomainSaveInternal): Fix typo.
	* src/conf/domain_event.c (virDomainEventDispatchMatchCallback):
	Likewise.
	* daemon/libvirtd.c (daemonRunStateInit): Likewise.
	* src/lxc/lxc_container.c (lxcContainerChildMountSort): Likewise.
	* src/util/virterror.c (virCopyError, virRaiseErrorFull): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxprSound): Likewise.

2011-08-23  Osier Yang  <jyang@redhat.com>

	virsh: Substitute goto label out with cleanup
	Introduced by 241cbc13a, pushed under urgent rule.

	virsh: Do not try to free domain if it is NULL
	Without these patch, there will be error like below if domain
	is NULL.
	error: invalid domain pointer in virDomainFree
	Which is useless.

	xen: Cleanup improper VIR_ERR_NO_SUPPORT use

	test: Cleanup improper VIR_ERR_NO_SUPPORT use

	storage: Cleanup improper VIR_ERR_NO_SUPPORT use

	remote: Cleanup improper VIR_ERR_NO_SUPPORT use

	qemu: Cleanup improper VIR_ERR_NO_SUPPORT use
	* src/qemu/qemu_command.c: s/VIR_ERR_NO_SUPPORT/VIR_ERR_CONFIG_UNSUPPORTED/
	* src/qemu/qemu_driver.c: s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_INVALID/
	* src/qemu/qemu_process.c: s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_INVALID/

	nodeinfo: Cleanup improper VIR_ERR_NO_SUPPORT use

	lxc: Cleanup improper VIR_ERR_NO_SUPPORT use
	s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_INVALID/
	Special case is changes on lxcDomainInterfaceStats, if it's not
	implemented on the platform, prints error like:
	    lxcError(VIR_ERR_OPERATION_INVALID, "%s",
	             _("interface stats not implemented on this platform"));
	As the function is supported by driver actually, error like
	VIR_ERR_NO_SUPPORT is confused.

	conf: Cleanup improper use of VIR_ERR_NO_SUPPORT in node_device_conf

	qemu: Substitute VIR_ERR_NO_SUPPORT with VIR_ERR_OPERATION_INVALID
	* src/qemu/qemu_monitor_text.c: Error like "this function is not
	supported by the connection driver" is confused obviously.

	virsh: Print error if specified bandwidth is invalid for blockjob
	It's strange that the command fails but without any error if one
	specifies as not a number.

2011-08-22  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	send-key: fix scan keycode map
	Now, bad key-code in send-key can cause segmentation fault in libvirt.
	(example)
	 % virsh send-key --codeset win32 12
	   error: End of file while reading data: Input/output error
	This is caused by overrun at scanning keycode array.
	Fix it.

2011-08-22  Eric Blake  <eblake@redhat.com>

	build: work around older systemtap header
	Systemtap 1.2 <sys/sdt.h> tried to expand STAP_PROBE3 into an
	initialization:
	  volatile __typeof__(arg) foo = arg;
	but that fails if arg was declared as 'char arg[100]'.
	Rather than make all callers to PROBE deal with the stupidity
	of <sys/sdt.h>, we instead make PROBE cast away the problem.
	Some of this preprocessor abuse copies ideas in src/libvirt.c.
	* daemon/libvirtd.h (PROBE): Add casts to all arguments, using...
	(VIR_ADD_CASTS, VIR_ADD_CAST, VIR_ADD_CAST2, VIR_ADD_CAST3)
	(VIR_ADD_CAST_EXPAND, VIR_ADD_CAST_PASTE, VIR_COUNT_ARGS)
	(VIR_ARG5, PROBE_EXPAND): New macros.
	Reported by Wen Congyang.

2011-08-19  Eric Blake  <eblake@redhat.com>

	virsh: properly interleave shared stdout and stderr
	Without this patch, invoking 'virsh >file 2>&1' results in
	error messages appearing before normal output, even if they
	occurred later in time than the normal output (since stderr
	is unbuffered, but stdout waits until a full buffer).
	* tools/virsh.c (print_job_progress, vshError): Flush between
	stream transitions.
	* tests/undefine: Test it.

	maint: simplify lots of libxml2 clients
	Repetitive patterns should be factored.  The sign of a good
	factorization is a change that kills 5x more lines than it adds :)
	* src/conf/domain_conf.c (virDomainDeviceDefParse)
	(virDomainSnapshotDefParseString): Use new convenience macros.
	* src/conf/storage_conf.c (virStoragePoolDefParseSourceString):
	Likewise.
	* src/cpu/cpu.c (cpuCompareXML, cpuBaselineXML): Likewise.
	* src/esx/esx_vi.c (esxVI_Context_Execute): Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationCookieXMLParseStr):
	Likewise.
	* src/security/virt-aa-helper.c (caps_mockup): Likewise.
	* src/test/test_driver.c (testOpenFromFile): Likewise.
	* tests/cputest.c (cpuTestLoadXML, cpuTestLoadMultiXML):
	Likewise.
	* tools/virsh.c (cmdFreecell, makeCloneXML, cmdVNCDisplay)
	(cmdTTYConsole, cmdDetachInterface, cmdDetachDisk)
	(cmdSnapshotCreate, cmdSnapshotCreateAs, cmdSnapshotCurrent)
	(cmdSnapshotList, cmdSnapshotParent): Likewise.

	xml: add another convenience function
	Often, we want to use XPath functions on the just-parsed document;
	fold this into the parser function for convenience.
	* src/util/xml.h (virXMLParseHelper): Add argument.
	(virXMLParseStrHelper, virXMLParseFileHelper): Delete.
	(virXMLParseCtxt, virXMLParseStringCtxt, virXMLParseFileCtxt): New
	macros.
	* src/libvirt_private.syms (xml.h): Remove deleted functions.
	* src/util/xml.c (virXMLParseHelper): Add argument.
	(virXMLParseStrHelper, virXMLParseFileHelper): Delete.

	maint: treat more libxml2 functions as free-like
	* cfg.mk (useless_free_options): Add xmlFreeDoc, xmlBufferFree.
	* src/esx/esx_vi.c (ESX_VI__TEMPLATE__FREE): Fix offenders.
	* tools/virsh.c (cmdFreecell, cmdVNCDisplay, cmdTTYConsole)
	(cmdDetachInterface, cmdDetachDisk, cmdSnapshotCreate)
	(cmdSnapshotCreateAs, cmdSnapshotList, cmdSnapshotParent):
	Likewise.

	test: rewrite test to match change in behavior
	Test failure exposed in commit 7d3390f.
	* tests/undefine: Fix to match updated test driver semantics.

	build: fix typo in recent test patch
	* src/test/test_driver.c (testDomainUndefineFlags): Use right
	variable name.

	Revert "xen: Allow to undefine a running domain (xm_internal)"
	ACK was given too soon.  According to the code, the xm driver is
	only used for inactive domains, and has no notion of an active
	domain, thus, it cannot support undefine of a running domain.
	The real fix for xen needs to be in the unified driver and/or
	the xend level.
	This reverts commit 49186deda62161599877b0de6f7f4345c50d842a.

2011-08-19  Osier Yang  <jyang@redhat.com>

	xen: Allow to undefine a running domain (xm_internal)

	vmware: Allow to undefine a running domain

	uml: Allow to undefine a running domain

	test: Allow to undefine a running domain

	qemu: Allow to undefine a running domain

	openvz: Allow to undefine a running domain

	lxc: Allow to undefine a running domain

	libxl: Allow to undefine a running domain.
	Undefining a running domain will convert it to trasient, but keep
	the domain still running.

	qemu: Get memory balloon info correctly for text monitor
	* src/qemu/qemu_monitor_text.c: BALLOON_PREFIX was defined as
	"balloon: actual=", which cause "actual=" is stripped early before
	the real parsing. This patch changes BALLOON_PREFIX into "balloon: ",
	and modifies related functions, also renames
	"qemuMonitorParseExtraBalloonInfo" to "qemuMonitorParseBalloonInfo",
	as after the changing, it parses all the info returned by "info balloon".

2011-08-19  Eric Blake  <eblake@redhat.com>

	build: fix compilation on mingw64
	* .gnulib: Update to latest, for getcwd fixes.
	* bootstrap: Resync to gnulib.

2011-08-19  Michal Privoznik  <mprivozn@redhat.com>

	storage: Flush host cache after write
	Although we are flushing cache after some critical writes (e.g.
	volume creation), after some others we do not (e.g. volume cloning).
	This patch fix this issue. That is for volume cloning, writing
	header of logical volume, and storage wipe.

	daemon: initialize GnuTLS
	When spice_tls is set but listen_tls is not, we don't initialize
	GnuTLS library. So any later gnutls call (e.g. during migration,
	where we initialize a certificate) will access uninitialized GnuTLS
	internal structs and throws an error.
	Although, we might now initialize GnuTLS twice, it is safe according
	to the documentation:
	    This function can be called many times,
	    but will only do something the first time.
	This patch creates 2 functions: virNetTLSInit and virNetTLSDeinit
	with respect to written above.

2011-08-19  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	schedinfo: add missing documentation
	This patch adds the missing documentation about the scheduler parameter
	"vcpu_period" and "vcpu_quota".

2011-08-19  Eric Blake  <eblake@redhat.com>

	maint: ignore generated file
	I did 'git add .' while in the middle of 'make syntax-check', and
	it picked up a temporary file that should not be committed.
	* .gitignore: Ignore sc_* from syntax check.

2011-08-18  Eric Blake  <eblake@redhat.com>

	build: fix virnetsocket on mingw
	Regression introduced in commit 5d30db0.
	* src/rpc/virnetsocket.c (virNetSocketNewListenUNIX) [WIN32]: Use
	correct signature.

	build: fix virpidfile on mingw
	Regression introduced in commit b7e5ca4.
	Mingw lacks kill(), but we were only using it for a sanity check;
	so we can go with one less check.
	Also, on OOM error, this function should outright fail rather than
	claim that the pid file was successfully read.
	* src/util/virpidfile.c (virPidFileReadPathIfAlive): Skip kill
	call where unsupported, and report error on OOM.

2011-08-18  Daniel P. Berrange  <berrange@redhat.com>

	Ensure async packets never get marked for sync replies
	If a client had initiated a stream abort, it will have a call
	waiting for a reply in the queue. If more data continues to
	arrive on the stream, the abort command could mistakenly get
	signalled as complete. Remove the code from async data processing
	that looked for waiting calls. Add a sanity check to ensure no
	async call can ever be marked as needing a reply
	* src/rpc/virnetclient.c: Ensure async data packets can't
	  trigger a reply

	Don't attempt to read from a stream if it is closed
	The I/O event callback processes incoming packets first, and then
	does outgoing packets. If the incoming packet caused the stream to
	close, then the attempt to process outgoing data resulted in an
	error. This caused libvirt to then send an error back to the client,
	but the stream had already been stopped. This confused the client
	since it sees 2 error events.
	* daemon/stream.c: Don't attempt read if stream is closed

2011-08-17  Tom Vijlbrief  <tom.vijlbrief@xs4all.nl>

	qemu: disk migration verbose progress
	A virsh command like:
	migrate --live --copy-storage-all Guest qemu+ssh://user@host/system
	--persistent --verbose
	shows
	Migration: [  0 %]
	during the storage copy and does not start counting
	until the ram transfer starts
	Fix this by scraping optional disk transfer status, and adding it
	into the progress meter.

2011-08-17  Eric Blake  <eblake@redhat.com>

	virsh: concatenate qemu-monitor-command arguments
	Call me lazy, but:
	virsh qemu-monitor-command dom --hmp info status
	is nicer than:
	virsh qemu-monitor-command dom --hmp 'info status'
	* tools/virsh.c (cmdQemuMonitorCommand): Allow multiple arguments,
	for convenience.

2011-08-17  Osier Yang  <jyang@redhat.com>

	qemu: Init reattaching related members of pciDevice before reattach
	Otherwise the device will still be bound to pci-stub driver even
	it's set as "managed=yes" when do detaching. Of course, it won't
	triger any driver reprobing too.

2011-08-17  Eric Blake  <eblake@redhat.com>

	virsh: tweak misleading wording
	Fixes confusing docs introduced in commit 98369d3.
	* tools/virsh.c (cmdSnapshotParent): Operates on named snapshot,
	not current.

2011-08-17  Daniel P. Berrange  <berrange@redhat.com>

	Tweak debugging message in RPC client code
	Make it clearer that a log message is for an outgoing message

	Fix race condition in abort of stream
	If a stream gets a server initiated abort, the client may still
	send an abort request before it receives the server side abort.
	This causes the server to send back another abort for the
	stream. Since the protocol defines that abort is the last thing
	to be sent, the client gets confused by this second abort from
	the server. If the stream is already shutdown, just drop any
	client requested abort, rather than sending back another message.
	This fixes the regression from previous versions.
	Tested as follows
	In one virsh session
	  virsh # start foo
	  virsh # console foo
	In other virsh session
	  virsh # destroy foo
	The first virsh session should be able to continue issuing
	commands without error. Prior to this patch it saw
	  virsh # list
	  error: Failed to list active domains
	  error: An error occurred, but the cause is unknown
	  virsh # list
	  error: Failed to list active domains
	  error: no call waiting for reply with prog 536903814 vers 1 serial 9
	* src/rpc/virnetserverprogram.c: Drop abort requests
	  for streams which no longer exist

	Ensure client streams are closed when marking a client for close
	Every active stream results in a reference being held on the
	virNetServerClientPtr object. This meant that if a client quit
	with any streams active, although all I/O was stopped the
	virNetServerClientPtr object would leak. This causes libvirtd
	to leak any file handles associated with open streams when a
	client quit
	To fix this, when we call virNetServerClientClose there is a
	callback invoked which lets the daemon release the streams
	and thus the extra references
	* daemon/remote.c: Add a hook to close all streams
	* daemon/stream.c, daemon/stream.h: Add API for releasing
	  all streams
	* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h:
	  Allow registration of a hook to trigger when closing client

	Ensure stream is aborted when exiting console
	After running 'virsh console' in interactive mode, there was a
	missing call to virStreamAbort, which meant the server kept the
	stream resources open
	* tools/console.c: Abort stream when exiting

2011-08-17  Stefan Berger  <stefanb@us.ibm.com>

	maint: fix some compilation issues on non-linux platforms (part 2)
	Get rid of the #if __linux__ check in virPidFileReadPathIfAlive that
	was preventing a check of a symbolic link in /proc/<pid>/exe on
	non-linux platforms against an expected executable. Replace
	this with a run-time check testing whether the /proc/<pid>/exe is a
	symbolic link and if so call the function doing the comparison
	against the expected file the link is supposed to point to.

	maint: fix some compilation issues on non-linux platforms
	This patch fixes *some* compilation issues on non-Linux platforms (cygwin).

2011-08-17  Peter Krempa  <pkrempa@redhat.com>

	daemon: Add early libvirtd start verbose errors.
	Early errors during start of libvirtd didn't have
	an error reporting mechanism and caused libvirtd
	to exit silently (only the return value indicated
	an error).
	Libvirt logging is initialized very early using
	enviroment variables and the internal error reporting
	API is used to report early errors.
	 v2 changes:
	 - print errors unconditionaly before logging starts
	 - fix message to US spelling
	 v2.5 changes:
	 - initialize logging from enviroment
	 - log all early errors using VIR_ERROR
	 v3 changes:
	 - move virSetLogFromEnv() after virInitialize()
	fixes: https://bugzilla.redhat.com/show_bug.cgi?id=728654

2011-08-17  Stefan Berger  <stefanb@us.ibm.com>

	maint: add missing symbols
	Add missing symbols to libvirt_private.syms.

2011-08-16  Roopa Prabhu  <roprabhu@cisco.com>

	macvtap: Fix getPhysfn to get the PF of a direct attach network interface
	This patch renames getPhysfn to getPhysfnDev and adds code to get the
	Physical function and Virtual Function index of the direct attach linkdev (if
	the direct attach interface is a SRIOV VF). The idea is to send the port
	profile message to a PF if the direct attach interface is a SRIOV VF.

	interface: Add functions to get sriov PF/VF relationship of a net interface
	This patch adds the following functions to get PF/VF relationship of an SRIOV
	network interface:
	ifaceIsVirtualFunction: Function to check if a network interface is a SRIOV VF
	ifaceGetVirtualFunctionIndex: Function to get VF index if a network interface is a SRIOV VF
	ifaceGetPhysicalFunction: Function to get the PF net interface name of a SRIOV VF net interface

	pci: Add helper functions for sriov devices
	This patch adds the following helper functions:
	pciDeviceIsVirtualFunction: Function to check if a pci device is a sriov VF
	pciGetVirtualFunctionIndex: Function to get the VF index of a sriov VF
	pciDeviceNetName: Function to get the network device name of a pci device
	pciConfigAddressCompare: Function to compare pci config addresses

	pci: Move some pci sriov helper code out of node device driver to util/pci
	This patch moves some of the sriov related pci code from node_device driver
	to src/util/pci.[ch]. Some functions had to go thru name and argument list
	change to accommodate the move.

2011-08-16  Eric Blake  <eblake@redhat.com>

	maint: ignore generated file
	* .gitignore: Ignore qemu-sanlock.conf.

2011-08-15  Laine Stump  <laine@laine.org>

	qemu: support event_idx parameter for virtio disk and net devices
	In some versions of qemu, both virtio-blk-pci and virtio-net-pci
	devices can have an event_idx setting that determines some details of
	event processing. When it is enabled, it "reduces the number of
	interrupts and exits for the guest". qemu will automatically enable
	this feature when it is available, but there may be cases where this
	new feature could actually make performance worse (NB: no such case
	has been found so far).
	As a safety switch in case such a situation is encountered in the
	field, this patch adds a new attribute "event_idx" to the <driver>
	element of both disk and interface devices. event_idx can be set to
	"on" (to force event_idx on in case qemu has it disabled by default)
	or "off" (for force event_idx off). In the case that event_idx support
	isn't present in qemu, the attribute is ignored (this on the advice of
	the qemu developer).
	docs/formatdomain.html.in: document the new flag (marking it as
	   "don't mess with this!"
	docs/schemas/domain.rng: add event_idx in appropriate places
	src/conf/domain_conf.[ch]: add event_idx to parser and formatter
	src/libvirt_private.syms: export
	   virDomainVirtioEventIdx(From|To)String
	src/qemu/qemu_capabilities.[ch]: detect and report event_idx in
	   disk/net
	src/qemu/qemu_command.c: add event_idx parameter to qemu commandline
	    when appropriate.
	tests/qemuxml2argvdata/qemuxml2argv-event_idx.args,
	tests/qemuxml2argvdata/qemuxml2argv-event_idx.xml,
	tests/qemuxml2argvtest.c,
	tests/qemuxml2xmltest.c: test cases for event_idx.

2011-08-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: error message should show uri instead of (null)
	Fix pointer for error message uri if domain migration fails.
	BZ# 730244

2011-08-15  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use fd: protocol for migration
	By opening a connection to remote qemu process ourselves and passing the
	socket to qemu we get much better errors than just "migration failed"
	when the connection is opened by qemu.

	qemu: Use virNetSocket for tunneled migration

	qemu: Refactor do{Tunnel,Native}Migrate functions
	The core of these two functions is very similar and most of it is even
	exactly the same. Factor out the core functionality into a separate
	function to remove code duplication and make further changes easier.

	Support changing UNIX socket owner in virNetSocketNewListenUNIX
	This patch allows owner's UID to be changed as well.

	Add backlog parameter to virNetSocketListen
	So that callers can change the default value.

2011-08-15  Daniel P. Berrange  <berrange@redhat.com>

	Add API for duplicating a socket/client file descriptor
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add
	  virNetSocketDupFD()
	* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Add
	  virNetClientDupFD() and virNetClientGetFD()

2011-08-15  Douglas Schilling Landgraf  <dougsland@redhat.com>

	libvirtd.init.in: stop/restart() - wrong return value in case of failure
	The function stop() was always returning 0 (OK) from killproc() even
	in case of error.

2011-08-15  Osier Yang  <jyang@redhat.com>

	daemon: Fix regression of libvirtd reloading support
	This is introduced by commit df0b57a95a, which forgot to
	add signal handler for SIGHUP.
	A simple reproduce method:
	1) Create a domain XML under /etc/libvirt/qemu
	2) % kill -SIGHUP $(pidof libvirtd)
	3) % virsh list --all (the new created domain XML is not listed)

2011-08-13  Eric Blake  <eblake@redhat.com>

	maint: let emacs avoid tabs in rng files
	* .dir-locals.el: Add nxml-mode preferences.

2011-08-13  Philipp Hahn  <hahn@univention.de>

	Swap virDomain / virFomainSnapshot declaration
	In preparation for storing the domain description with the snapshot,
	swap the order of declaration.

2011-08-13  Eric Blake  <eblake@redhat.com>

	build: fix recent build failures
	With gcc 4.5.1:
	util/virpidfile.c: In function 'virPidFileAcquirePath':
	util/virpidfile.c:308:66: error: nested extern declaration of '_gl_verify_function2' [-Wnested-externs]
	Then in tests/commandtest.c, the new virPidFile APIs need to be used.
	* src/util/virpidfile.c (virPidFileAcquirePath): Move verify to
	top level.
	* tests/commandtest.c: Use new pid APIs.

2011-08-13  Daniel P. Berrange  <berrange@redhat.com>

	Convert libvirtd to use crash-safe pidfile APIs
	Remove the current libvirtd pidfile handling code, in favour of
	calling out to the new APIs. This ensures libvirtd's pidfile
	handling is crashsafe
	This also means that the non-root libvirtd instances (for handling
	qemu:///session URIs) can now safely use pidfiles without racing
	* daemon/libvirtd.c: Switch to use virPidFileAcquire and
	  virPidFileRelease

	Add some APIs which use locking for crashsafe pidfile handling
	In daemons using pidfiles to protect against concurrent
	execution there is a possibility that a crash may leave a stale
	pidfile on disk, which then prevents later restart of the daemon.
	To avoid this problem, introduce a pair of APIs which make
	use of virFileLock to ensure crash-safe & race condition-safe
	pidfile acquisition & releae
	* src/libvirt_private.syms, src/util/virpidfile.c,
	  src/util/virpidfile.h: Add virPidFileAcquire and virPidFileRelease

	Introduce functions for checking whether a pidfile is valid
	In some cases the caller of virPidFileRead might like extra checks
	to determine whether the pid just read is really the one they are
	expecting. This adds virPidFileReadIfAlive which will check whether
	the pid is still alive with kill(0, -1), and (on linux only) will
	look at /proc/$PID/path
	* libvirt_private.syms, util/virpidfile.c, util/virpidfile.h: Add
	  virPidFileReadIfValid and virPidFileReadPathIfValid
	* network/bridge_driver.c: Use new APIs to check PID validity

	Move pidfile functions into util/virpidfile.{c,h}
	The functions for manipulating pidfiles are in util/util.{c,h}.
	We will shortly be adding some further pidfile related functions.
	To avoid further growing util.c, this moves the pidfile related
	functions into a dedicated virpidfile.{c,h}. The functions are
	also all renamed to have 'virPidFile' as their name prefix
	* util/util.h, util/util.c: Remove all pidfile code
	* util/virpidfile.c, util/virpidfile.h: Add new APIs for pidfile
	  handling.
	* lxc/lxc_controller.c, lxc/lxc_driver.c, network/bridge_driver.c,
	  qemu/qemu_process.c: Add virpidfile.h include and adapt for API
	  renames

	Add virFileLock and virFileUnlock APIs
	Add some simple wrappers around the fcntl() discretionary file
	locking capability.
	* src/util/util.c, src/util/util.h, src/libvirt_private.syms: Add
	  virFileLock and virFileUnlock APIs

2011-08-13  Eric Blake  <eblake@redhat.com>

	virsh: fix dead store
	Two copy-and-paste bugs in a row.  :(
	* tools/virsh.c (cmdUndefine): Also avoid dead store.

	virsh: fix logic bug
	Bug introduced in commit 9a0ec36.
	* tools/virsh.c (cmdUndefine): Add missing line.

2011-08-12  Eric Blake  <eblake@redhat.com>

	vbox, xenapi: add virDomainUndefineFlags
	We forgot to add virDomainUndefineFlags for a couple of hypervisors.
	This wires up trivial versions (since neither hypervisor supports
	managed save yet, they do not need to support any flags).
	* src/vbox/vbox_tmpl.c (vboxDomainCreateXML): Update caller.
	(vboxDomainUndefine): Move guts...
	(vboxDomainUndefineFlags): ...to new function.
	* src/xenapi/xenapi_driver.c (xenapiDomainUndefine)
	(xenapiDomainUndefineFlags): Likewise.

	virsh: don't reject undefine on active domain
	The public API documents that undefine may be used to transition a
	running persistent domain into a transient one.  Many drivers still
	do not support this usage, but virsh shouldn't be getting in the
	way of those that do support it.
	This also drops a redundant conditional; vshCommandOptString
	guaranteed that name was non-NULL.
	* tools/virsh.c (cmdUndefine): Allow undefine on active domains;
	the drivers may still reject it, but it is a valid API usage.
	* tests/undefine (error): Fix the test to match.

2011-08-12  Philipp Hahn  <hahn@univention.de>

	Improve tokenizing of linkable terms
	Currently only tabs and blanks are used for tokenizing the description,
	which breaks when a term is at the end of a line or has () appended to
	it.
	1. Use also other white space characters such as new-lines and carriage
	   return for splitting.
	2. Remove some common non-word characters from the token before lookup.

2011-08-12  Daniel P. Berrange  <berrange@redhat.com>

	Add some docs about the RPC protocol and APIs
	* remote.html.in: Remove obsolete notes about internals of the
	  RPC protocol
	* internals/rpc.html.in: Extensive docs on RPC protocol/API
	* sitemap.html.in: Add new page

2011-08-12  Philipp Hahn  <hahn@univention.de>

	Align table cells on top
	When the description of an entry is too long and needs multiple lines,
	all other table cells of the same row are currently vertically aligned
	on center. Without row borders or different background colors for
	alternating rows this is hard to read.
	Change the style-sheet to align the table cells of a row on top.

2011-08-12  Peter Krempa  <pkrempa@redhat.com>

	virsh: Add dir type for listing volumes with vol-list
	Fix of output of detailed volume list. BZ #727088

	storage: Directory shouldn't be listed as type 'file'
	Fix internals of libvirt for new storage volume type.
	Libvirt reported an invalid type of the volume.
	BZ #727088

2011-08-12  Eric Blake  <eblake@redhat.com>

	virsh: add snapshot-parent
	Down the road, I want to add virDomainSnapshotGetParent, and use
	the new API rather than xml scraping; but this virsh command can
	be implemented even without the new API.
	* tools/virsh.c (cmdSnapshotParent): New command.
	* tools/virsh.pod (snapshot-parent): Document it.

	qemu: silence clang false positive
	Our logic throws off analyzer tools:
	ptr var = NULL;
	if (flags == 0) flags = live ? _LIVE : _CONFIG;
	if (flags & _LIVE) do stuff
	if (flags & _CONFIG) var = non-null;
	if (flags & _LIVE) do more stuff
	else if (flags & _CONFIG) use var
	the tools keep thinking that var can still be NULL in the last
	if clause, adding the hint shuts them up.
	* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Add a
	static analysis hint.

2011-08-12  Laine Stump  <laine@laine.org>

	network: eliminate potential memory leak on parse failure
	While the first encountered dns host record is being parsed, it's
	possible for virNetworkDef::hosts to point to memory that has been
	allocated, but virNetworkDef::nhosts to still be 0. If there is a
	failure during that time, virNetworkDef::hosts will be leaked.
	Although this isn't currently the case for virNetworkDef::txtrecords,
	it could become that way through future re-factoring, and it hurts
	nothing to restructure the freeing of txtrecord data to match that of
	hosts data.

2011-08-11  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: tolerate disappearing interfaces while instantiating filter
	When instantiating a filter, a VM may disappear and remove its tap interfaces. Tolerate this case and don't report an error.

2011-08-11  Cole Robinson  <crobinso@redhat.com>

	qemu: Fix -chardev udp if parameters are omitted
	The following XML:
	    <serial type='udp'>
	      <source mode='connect' service='9999'/>
	    </serial>
	is accepted by domain_conf.c but maps to the qemu command line:
	-chardev udp,host=127.0.0.1,port=2222,localaddr=(null),localport=(null)
	qemu can cope with everything omitting except the connection port, which
	seems to also be the intent of domain_conf validation, so let's not
	generate bogus command lines for that case.
	The defaults are empty strings for addresses and 0 for the localport
	Additionally, tweak the qemu cli parsing to handle omitted host
	parameters
	for -serial udp

2011-08-11  Laine Stump  <laine@laine.org>

	docs: use IPv6 addresses in range reserved for documentation
	Someone in an IRC channel or an email pointed out a few days ago that
	the examples of IPv6 addresses in the libvirt documentation were not
	in the officially reserved "documentation" range. This addresses their
	concern.

2011-08-11  Eric Blake  <eblake@redhat.com>

	virsh: add virsh snapshot-current --name
	Sometimes, full XML is too much; since most snapshot commands
	operate on a snapshot name, there should be an easy way to get
	at the current snapshot's name.  For example:
	virsh snapshot-revert dom `virsh snapshot-current dom --name`
	* tools/virsh.c (cmdSnapshotCurrent): Add an option.
	* tools/virsh.pod (snapshot-current): Document it.

	virsh: fix snapshot-create-as to handle arbitrary names
	Found this working on the next patch to use xpath to parse
	arbitrary names back out.
	* tools/virsh.c (cmdSnapshotCreateAs): Escape user input.

	managedsave: prohibit use on transient domains
	Transient domains reject attempts to set autostart, and using
	virDomainCreate to restart a domain only works on persistent
	domains.  Therefore, managed save makes no sense on transient
	domains, and should be rejected up front rather than creating
	an otherwise unrecoverable managed save file.
	Besides, transient domains imply that a lot more management is
	being done by the upper layer; this includes the assumption
	that the upper layer is okay managing the saved state file
	created by virDomainSave, and does not need to use managed save.
	* src/libvirt.c: Document that transient domains are incompatible
	with managed save.
	* src/qemu/qemu_driver.c (qemuDomainManagedSave): Enforce it.
	* src/libxl/libxl_driver.c (libxlDomainManagedSave): Likewise.

2011-08-11  Laine Stump  <laine@laine.org>

	docs: describe new virtual switch configuration in network XML docs
	This should have been done with the rest of the patch for virtual
	switch / network device abstraction. If documents the new elements
	(and new usage of existing elements) in the <network> XML to support
	libvirt networks that use existing host bridges and macvtap direct
	connections, as well as the new <portgroup> element.

2011-08-10  Juerg Haefliger  <juerg.haefliger@hp.com>

	Bugfix: Check stdoutWatch before removing the handler.

2011-08-10  Eric Blake  <eblake@redhat.com>

	qemu: minor formatting cleanup
	I noticed some inconsistent use of 'else'.
	* src/qemu/qemu_driver.c (qemuCPUCompare)
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
	(qemuDomainSnapshotDiscard): Match coding conventions.

2011-08-10  Philipp Hahn  <hahn@univention.de>

	Fix memory leak while scanning snapshots
	If a snapshot with the name already exists, virDomainSnapshotAssignDef()
	just returns NULL, in which case the snapshot definition is leaked.
	Currently this leak is not a big problem, since qemuDomainSnapshotLoad()
	is only called once during initial startup of libvirtd.

2011-08-08  Eric Blake  <eblake@redhat.com>

	build: fix regression in large file support
	* .gnulib: Update to latest, for largefile fix.

2011-08-08  Daniel P. Berrange  <berrange@redhat.com>

	Allow use of file images for LXC container filesystems
	A previous commit gave the LXC driver the ability to mount
	block devices for the container filesystem. Through use of
	the loopback device functionality, we can build on this to
	support use of plain file images for LXC filesytems.
	By setting the LO_FLAGS_AUTOCLEAR flag we can ensure that
	the loop device automatically disappears when the container
	dies / shuts down
	* src/lxc/lxc_container.c: Raise error if we see a file
	  based filesystem, since it should have been turned into
	  a loopback device already
	* src/lxc/lxc_controller.c: Rewrite any filesystems of
	  type=file, into type=block, by binding the file image
	  to a free loop device

	Fix typo in LXC cgroups setup error message
	* src/lxc/lxc_controller.c: s/PYT/PTY/

	Allow use of block devices for guest filesystem
	Currently the LXC driver can only populate filesystems from
	host filesystems, using bind mounts. This patch allows host
	block devices to be mounted. It autodetects the filesystem
	format at mount time, and adds the block device to the cgroups
	ACL. Example usage is
	    <filesystem type='block' accessmode='passthrough'>
	      <source dev='/dev/sda1'/>
	      <target dir='/home'/>
	    </filesystem>
	* src/lxc/lxc_container.c: Mount block device filesystems
	* src/lxc/lxc_controller.c: Add block device filesystems
	  to cgroups ACL

	Don't mount /dev for application containers
	An application container shouldn't get a private /dev. Fix
	the regression from 6d37888e6a35a37e6faf7c0a1b1b4d9a5dee1285
	* src/lxc/lxc_container.c: Don't mount /dev for app containers

2011-08-06  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid overwriting errors from virGetHostname

2011-08-05  Eric Blake  <eblake@redhat.com>

	qemu: avoid crash on process attach
	Detected by ccc-analyzer, reported by Alex Jia.
	qemuProcessStart always calls qemuProcessWaitForMonitor with a
	non-negative position, but qemuProcessAttach always calls with -1.
	In the latter case, there is no log file we can scrape, so we
	also should not be trying to scrape the logs if the qemu process
	died at the very end.
	* src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Don't try
	to read from log in qemuProcessAttach case.

2011-08-05  Laine Stump  <laine@laine.org>

	network: eliminate lag in updating dnsmasq hosts files
	This addresses https://bugzilla.redhat.com/show_bug.cgi?id=713728
	When "defining" a new network (or one that exists but isn't currently
	active) the new definition is stored in network->def, but for a
	network that already exists and is active, the new definition is
	stored in network->newDef, and then moved over to network->def as soon
	as the network is destroyed.
	However, the code that writes the dhcp and dns hosts files used by
	dnsmasq was always using network->def for its information, even when
	the new data was actually in network->newDef, so the hosts files
	always lagged one edit behind the definition.
	This patch changes the code to keep the pointer to the new definition
	after it's been assigned into the network, and use it directly
	(regardless of whether it's stored in network->newDef or network->def)
	to construct the hosts files.

2011-08-04  Alex Jia  <ajia@redhat.com>

	qemu: avoid dead store in qemuMonitorTextBlockJob
	Value stored to 'ret' is never read, so remove this dead assignment.
	* src/qemu/qemu_monitor_text.c: kill dead assignment.

	qemu: avoid dead store in qemuProcessStart
	Value stored to 'ret' is never read, in fact, 'cleanup' section will
	directly return -1 when function is fail, so remove this dead assignment.
	* src/qemu/qemu_process.c: kill dead assignment.

2011-08-04  Guannan Ren  <gren@redhat.com>

	rpc:fix sasl session relocking intead of unlocking it
	When trying to use any SASL authentication for TCP sockets by
	setting auth_tls = "sasl" in libvirtd.conf on server side, the
	client will hang because of the sasl session relocking other than
	dropping the lock when exiting virNetSASLSessionExtKeySize()
	* src/rpc/virnetsaslcontext.c: virNetSASLSessionExtKeySize drop the
	  lock on exit

2011-08-04  Osier Yang  <jyang@redhat.com>

	daemon: Unlink unix socket paths on shutdown
	This patch introduces a internal RPC API "virNetServerClose", which
	is standalone with "virNetServerFree".  it closes all the socket fds,
	and unlinks the unix socket paths, regardless of whether the socket
	is still referenced or not.
	This is to address regression bug:
	https://bugzilla.redhat.com/show_bug.cgi?id=725702

2011-08-04  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	I noticed that with 0.9.4, gnulib ended up replacing pthread_sigmask
	on glibc, even though glibc's works perfectly fine.  It turns out
	to have been an upstream gnulib bug.
	* .gnulib: Update to latest, for pthread_sigmask fix.

2011-08-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix detection of GnuTLS 1.x.y
	Detection based on gnutls_session doesn't work because GnuTLS 2.x.y
	comes with a compat.h that defines gnutls_session to gnutls_session_t.
	Instead detect this based on LIBGNUTLS_VERSION_MAJOR. Move this from
	configure/config.h to gnutls_1_0_compat.h and make sure that all users
	include gnutls_1_0_compat.h properly.
	Also fix header guard in gnutls_1_0_compat.h.

2011-08-03  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.4
	* configure.ac docs/news.html.in libvirt.spec.in: updates for new
	  release
	* po/*.po*: pulled translations from the transifex teams and regenerated
	  localizations

2011-08-03  Eric Blake  <eblake@redhat.com>

	qemu: silence coverity false positives
	Coverity gets confused by our logic.  Add some hints to silence
	false positives.
	* src/qemu/qemu_driver.c (qemudDomainGetVcpuPinInfo): Add hint.
	(qemuDomainGetMemoryParameters): Likewise.

	util: plug memory leak
	Leak detected by Coverity; only possible on unlikely ptsname_r
	failure.  Additionally, the man page for ptsname_r states that
	failure is merely non-zero, not necessarily -1.
	* src/util/util.c (virFileOpenTtyAt): Avoid leak on ptsname_r
	failure.

	interface: drop dead code
	Coverity detected that ifaceGetNthParent had already dereferenced
	'nth' prior to the conditional; all callers already complied with
	passing a non-NULL pointer so make this part of the contract.
	* src/util/interface.h (ifaceGetNthParent): Add annotations.
	* src/util/interface.c (ifaceGetNthParent): Drop useless null check.

	rpc: silence coverity false positives
	In virNetServerNew, Coverity didn't realize that srv->mdsnGroupName
	can only be non-NULL if mdsnGroupName was non-NULL.
	In virNetServerRun, Coverity didn't realize that the array is non-NULL
	if the array count is non-zero.
	* src/rpc/virnetserver.c (virNetServerNew): Use alternate pointer.
	(virNetServerRun): Give coverity a hint.

	rpc: avoid null deref
	Detected by Coverity.
	* src/rpc/virnetserverclient.c (virNetServerClientDispatchRead):
	Avoid null deref on OOM.

	build: silence coverity false positives
	Coverity complained that 395 out of 409 virAsprintf calls are
	checked, and therefore assumed that the remaining cases are bugs
	waiting to happen.  But in each of these cases, a failed virAsprintf
	will properly set the target string to NULL, and pass on that
	failure to the caller, without wasting efforts to check the call.
	Adding the ignore_value silences Coverity.
	* src/conf/domain_audit.c (virDomainAuditGetRdev): Ignore
	virAsprintf return value, when it behaves like we need.
	* src/network/bridge_driver.c (networkDnsmasqLeaseFileNameDefault)
	(networkRadvdConfigFileName, networkBridgeDummyNicName)
	(networkRadvdPidfileBasename): Likewise.
	* src/util/storage_file.c (absolutePathFromBaseFile): Likewise.
	* src/openvz/openvz_driver.c (openvzGenerateContainerVethName):
	Likewise.
	* src/util/command.c (virCommandTranslateStatus): Likewise.

	qemu: avoid memory leaks
	Quite a few leaks detected by coverity.  For chr, the leaks were
	close enough to the allocations to plug in place; for disk, the
	leaks were separated from the allocation by enough other lines with
	intermediate failure cases that I refactored the cleanup instead.
	* src/qemu/qemu_command.c (qemuParseCommandLine): Plug leaks.

	qemu: plug child process leak on domain core dump
	Detected by Coverity.  Leak introduced by typo in commit 58e668d2.
	* src/qemu/qemu_driver.c (doCoreDump): Use correct function.

	qemu: remove dead code
	Warning detected by Coverity.  No need for the NULL check, and
	removing it silences the warning without any semantic change.
	* src/qemu/qemu_migration.c (qemuMigrationFinish): All entries to
	endjob had non-NULL vm.

	conf: avoid memory leak on disk operations
	Detected by Coverity.  Leak on meta introduced in commit 85aa40e.
	* src/conf/domain_conf.c (virDomainDiskDefForeachPath): Plug leak.

	rpc: avoid crash on error
	Detected by Coverity.  Freeing the wrong variable results in both
	a memory leak and the likelihood of the caller dereferencing through
	a freed pointer.
	* src/rpc/virnettlscontext.c (virNetTLSSessionNew): Free correct
	variable.

	qemu: avoid null deref on block pull error
	Coverity detected that 5 of 6 callers of virJSONValueArrayGet checked
	for a NULL return; and that by not checking we risk a null deref
	during an error.  The error is unlikely since the prior call to
	virJSONValueArraySize would probably have already caught any botched
	JSON array parse, but better safe than sorry.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockJobInfo):
	Check for NULL.
	(qemuMonitorJSONExtractPtyPaths): Fix typo.

	rpc: correctly process sasl whitelist globs
	Detected by Coverity.  We want to compare the result of fnmatch 'rv',
	not our pre-set return value 'ret'.
	* src/rpc/virnetsaslcontext.c (virNetSASLContextCheckIdentity):
	Check correct variable.

	build: allow caching the input to STATIC_ANALYSIS
	Right now, every re-run of configure re-evaluates whether a
	static analysis tool is in use.  But if you run configure under
	coverity, make a tweak, and then do an incremental rebuild with
	gcc but not coverity to test the tweak, then rerun a build under
	coverity, then configure does not get rerun, and static analysis
	ends up with lots of false positives.
	This patch caches the static analysis result, and also makes it
	easier to force static analysis even if the existing checks are
	insufficient to detect newer versions of the static analyzer tools.
	* configure.ac (lv_cv_static_analysis): New cache variable.

	fdstream: drop delete argument
	Revert 6a1f5f568f8.  Now that libvirt_iohelper takes fds by
	inheritance rather than by open() (commit 1eb66479), there is
	no longer a race where the parent can unlink() a file prior to
	the iohelper open()ing the same file.  From there, it makes
	more sense to have the callers both create and unlink, rather
	than the caller create and the stream unlink, since the latter
	was only needed when iohelper had to do the unlink.
	* src/fdstream.h (virFDStreamOpenFile, virFDStreamCreateFile):
	Callers are responsible for deletion.
	* src/fdstream.c (virFDStreamOpenFileInternal): Don't leak created
	file on failure.
	(virFDStreamOpenFile, virFDStreamCreateFile): Drop parameter.
	* src/lxc/lxc_driver.c (lxcDomainOpenConsole): Update callers.
	* src/qemu/qemu_driver.c (qemuDomainScreenshot)
	(qemuDomainOpenConsole): Likewise.
	* src/storage/storage_driver.c (storageVolumeDownload)
	(storageVolumeUpload): Likewise.
	* src/uml/uml_driver.c (umlDomainOpenConsole): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainOpenConsole): Likewise.

	screenshot: don't unlink bogus file
	The previous qemu patch could end up calling unlink(tmp) before
	tmp was the name of a valid file (unlinking a fileXXXXXX template
	instead), or calling unlink(tmp) twice on success (once here,
	and once at the end of the stream).  Meanwhile, vbox also suffered
	from the same leaked tmp file bug.
	* src/qemu/qemu_driver.c (qemuDomainScreenshot): Don't unlink on
	success, or on invalid name.
	* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Don't leak temp file.

	python: avoid unlikely sign extension bug
	Detected by Coverity; same analysis as for commit f73198df.
	* python/libvirt-override.c (libvirt_virDomainGetVcpuPinInfo): Use
	correct type.

	rpc: avoid uninitialized memory use
	Spotted by Coverity.  Gnutls documents that buffer must be NULL
	if gnutls_x509_crt_get_key_purpose_oid is to be used to determine
	the correct size needed for allocating a buffer.
	* src/rpc/virnettlscontext.c
	(virNetTLSContextCheckCertKeyPurpose): Initialize buffer.

	rpc: avoid double close on error
	Spotted by coverity.  If pipe2 fails, then we attempt to close
	uninitialized fds, which may result in a double-close.
	* src/rpc/virnetserver.c (virNetServerSignalSetup): Initialize fds.

2011-08-03  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Unlink temporary file on failure
	Although virFDStreamOpenFile will unlink it once opened, when we hit
	error path, we must unlink it by hand.

2011-08-03  Eric Blake  <eblake@redhat.com>

	doc: fix confusing statement about required privileges
	src/libvirt.c: "may requires" is confusing; the s was extra.

2011-08-02  Eric Blake  <eblake@redhat.com>

	rpc: avoid libvirtd crash on unexpected client close
	Steps to reproduce this problem (vm1 is not running):
	for i in `seq 50`; do virsh managedsave vm1& done; killall virsh
	Pre-patch, virNetServerClientClose could end up setting client->sock
	to NULL prior to other cleanup functions trying to use client->sock.
	This fixes things by checking for NULL in more places, and by deferring
	the cleanup until after all queued messages have been served.
	* src/rpc/virnetserverclient.c (virNetServerClientRegisterEvent)
	(virNetServerClientGetFD, virNetServerClientIsSecure)
	(virNetServerClientLocalAddrString)
	(virNetServerClientRemoteAddrString): Check for closed socket.
	(virNetServerClientClose): Rearrange close sequence.
	Analysis from Wen Congyang.

2011-08-02  Alex Jia  <ajia@redhat.com>

	virsh: fix memory leak in cmdNetworkInfo
	* tools/virsh.c: avoid memory leak in cmdNetworkInfo.
	* how to reproduce?
	  % valgrind -v --leak-check=yes virsh net-info default
	  https://bugzilla.redhat.com/show_bug.cgi?id=722806

	doc: fix incorrect option in blockjob
	* tools/virsh.pod: change 'live' to 'abort' based on actual option

2011-08-02  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	openvz: detect when a domain was shut down from the inside
	This patch adds an internal function openvzGetVEStatus to
	get the real state of the domain. This function is used in
	various places in the driver, in particular to detect when
	the domain has been shut down by the user with the "halt"
	command.

2011-08-01  Eric Blake  <eblake@redhat.com>

	qemu: fix crash when mixing sync and async monitor jobs
	Currently, we attempt to run sync job and async job at the same time. It
	means that the monitor commands for two jobs can be run in any order.
	In the function qemuDomainObjEnterMonitorInternal():
	    if (priv->job.active == QEMU_JOB_NONE && priv->job.asyncJob) {
	        if (qemuDomainObjBeginNestedJob(driver, obj) < 0)
	We check whether the caller is an async job by priv->job.active and
	priv->job.asynJob. But when an async job is running, and a sync job is
	also running at the time of the check, then priv->job.active is not
	QEMU_JOB_NONE. So we cannot check whether the caller is an async job
	in the function qemuDomainObjEnterMonitorInternal(), and must instead
	put the burden on the caller to tell us when an async command wants
	to do a nested job.
	Once the burden is on the caller, then only async monitor enters need
	to worry about whether the VM is still running; for sync monitor enter,
	the internal return is always 0, so lots of ignore_value can be dropped.
	* src/qemu/THREADS.txt: Reflect new rules.
	* src/qemu/qemu_domain.h (qemuDomainObjEnterMonitorAsync): New
	prototype.
	* src/qemu/qemu_process.h (qemuProcessStartCPUs)
	(qemuProcessStopCPUs): Add parameter.
	* src/qemu/qemu_migration.h (qemuMigrationToFile): Likewise.
	(qemuMigrationWaitForCompletion): Make static.
	* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitorInternal): Add
	parameter.
	(qemuDomainObjEnterMonitorAsync): New function.
	(qemuDomainObjEnterMonitor, qemuDomainObjEnterMonitorWithDriver):
	Update callers.
	* src/qemu/qemu_driver.c (qemuDomainSaveInternal)
	(qemudDomainCoreDump, doCoreDump, processWatchdogEvent)
	(qemudDomainSuspend, qemudDomainResume, qemuDomainSaveImageStartVM)
	(qemuDomainSnapshotCreateActive, qemuDomainRevertToSnapshot):
	Likewise.
	* src/qemu/qemu_process.c (qemuProcessStopCPUs)
	(qemuProcessFakeReboot, qemuProcessRecoverMigration)
	(qemuProcessRecoverJob, qemuProcessStart): Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationToFile)
	(qemuMigrationWaitForCompletion, qemuMigrationUpdateJobStatus)
	(qemuMigrationJobStart, qemuDomainMigrateGraphicsRelocate)
	(doNativeMigrate, doTunnelMigrate, qemuMigrationPerformJob)
	(qemuMigrationPerformPhase, qemuMigrationFinish)
	(qemuMigrationConfirm): Likewise.
	* src/qemu/qemu_hotplug.c: Drop unneeded ignore_value.

2011-08-01  Alex Jia  <ajia@redhat.com>

	qemu: fix return value issue
	whether or not previous return value is -1, the following codes will be
	executed for a inactive guest in src/qemu/qemu_driver.c:
	ret = virDomainSaveConfig(driver->configDir, persistentDef);
	and if everything is okay, 'ret' is assigned to 0, the previous 'ret'
	will be overwritten, this patch will fix this issue.
	* src/qemu/qemu_driver.c: avoid return value is overwritten when give a argument
	  in out of blkio weight range for a inactive guest.
	* how to reproduce?
	  % virsh blkiotune ${guestname} --weight 10
	  % echo $?
	  Note: guest must be inactive, argument 10 in out of blkio weight range,
	  and can get a error information by checking libvirtd.log, however,
	  virsh hasn't raised any error information, and return value is 0.
	  https://bugzilla.redhat.com/show_bug.cgi?id=726304

	qemu: fix return value issue in qemuDomainSetMemoryParameters
	whether or not previous return value is -1, the following codes will be
	executed for a inactive guest in qemuDomainSetMemoryParameters:
	ret = virDomainSaveConfig(driver->configDir, persistentDef);
	and if everything is okay, 'ret' is assigned to 0, the previous 'ret'
	will be overwritten, this patch will fix this issue.
	* src/qemu/qemu_driver.c: avoid return value is overwritten when set
	  min_guarante value to a inactive guest.
	* how to reproduce?
	  % virsh memtune ${guestname} --min_guarante 1024
	  % echo $?
	  Note: guest must be inactive, in fact, 'min_guarante' hasn't been implemented
	  in memory tunable, and I can get the error when check actual libvirtd.log,
	  however, virsh hasn't raised any error information, and return value is 0.

2011-08-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	virsh: Fix vol-name and vol-pool commands
	This commands don't have a --pool option, so don't tell
	vshCommandOptVolBy that there could be one. This made
	vshCommandOptString for pooloptname fail and an "missing option"
	error was reported.
	Make pooloptname optional for vshCommandOptVolBy.

2011-08-01  Guannan Ren  <gren@redhat.com>

	Correct the default value of lock_manager in qemu.conf
	* src/qemu/qemu.conf: switch back the comment for the default lock
	  manager to sanlock

2011-08-01  Osier Yang  <jyang@redhat.com>

	qemu: Fix a regression of domjobabort
	Introduced by f9a837da73a11ef, the condition is not changed after
	the else clause is removed. So now it quit with "domain is not
	running" when the domain is running. However, when the domain is
	not running, it reports "no job is active".
	How to reproduce:
	1)
	% virsh start $domain
	% virsh domjobabort $domain
	error: Requested operation is not valid: domain is not running
	2)
	% virsh destroy $domain
	% virsh domjobabort $domain
	error: Requested operation is not valid: no job is active on the domain
	3)
	% virsh save $domain /tmp/$domain.save
	Before above commands finished, try to abort job in another terminal
	% virsh domabortjob $domain
	error: Requested operation is not valid: domain is not running

2011-08-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	conf: Don't leak the virtual port profile in virNetworkDefFree
	Reported by Alex Jia.

2011-07-30  Eric Blake  <eblake@redhat.com>

	save: generate idempotent inactive xml for running domain
	Originally noticed by comparing the xml generated by virDomainSave
	with the xml produced by reparsing and redumping that xml, but I
	also did an audit of every last use of VIR_DOMAIN_XML_INACTIVE in
	domain_conf.c to ensure that no other discrepancies exist.
	* src/conf/domain_conf.c (virDomainDeviceInfoIsSet): Add
	parameter, and update all callers.  Make static.
	(virDomainNetDefFormat): Skip generated ifname.
	(virDomainDefFormatInternal): Skip default <seclabel>.
	(virDomainChrSourceDefParseXML): Skip generated pty path, and add
	parameter.  Update callers.
	* src/conf/domain_conf.h (virDomainDeviceInfoIsSet): Delete.
	* src/libvirt_private.syms (domain_conf.h): Update.

	conf: make 'vnet' prefix a macro
	Using a macro ensures that all the code is looking for the same
	prefix.
	* src/conf/domain_conf.h (VIR_NET_GENERATED_PREFIX): New macro.
	* src/conf/domain_conf.c (virDomainNetDefParseXML): Use it.
	* src/uml/uml_conf.c (umlConnectTapDevice): Likewise.
	* src/qemu/qemu_command.c (qemuNetworkIfaceConnect): Likewise.
	Suggested by Laine Stump.

2011-07-30  Laine Stump  <laine@laine.org>

	network: don't forward DNS requests from isolated networks
	This is in response to:
	  https://bugzilla.redhat.com/show_bug.cgi?id=723862
	which points out that a guest on an "isolated" network could
	potentially exploit the DNS forwarding provided by dnsmasq to create a
	communication channel to the outside.
	This patch eliminates that possibility by adding the "--no-resolv"
	argument to the dnsmasq commandline, which tells dnsmasq to not
	forward on any requests that it can't resolve itself (by looking at
	its own static hosts files and runtime list of dhcp clients), but to
	instead return a failure for those requests.
	This shouldn't cause any undesirable change from current
	behavior, even in the case where a guest is currently configured with
	multiple interfaces, one of them being connected to an isolated
	network, and another to a network that does have connectivity to the
	outside. If the isolated network's DNS server is queried for a name
	it doesn't know, it will return "Refused" rather than "Unknown", which
	indicates to the guest that it should query other servers, so it then
	queries the connected DNS server, and gets the desired response.

2011-07-30  Eric Blake  <eblake@redhat.com>

	build: fix include path for cygwin
	Without this, cygwin failed to compile:
	In file included from ../src/rpc/virnetmessage.h:24,
	                 from ../src/rpc/virnetclient.h:27,
	                 from remote/remote_driver.c:31:
	../src/rpc/virnetprotocol.h:9:21: error: rpc/rpc.h: No such file or directory
	With that fixed, compilation warned:
	rpc/virnetsocket.c: In function 'virNetSocketNewListenUNIX':
	rpc/virnetsocket.c:347: warning: format '%d' expects type 'int', but argument 8 has type 'gid_t' [-Wformat]
	rpc/virnetsocket.c: In function 'virNetSocketGetLocalIdentity':
	rpc/virnetsocket.c:743: warning: pointer targets in passing argument 5 of 'getsockopt' differ in signedness
	* src/Makefile.am (libvirt_driver_remote_la_CFLAGS)
	(libvirt_net_rpc_client_la_CFLAGS)
	(libvirt_net_rpc_server_la_CFLAGS): Include XDR_CFLAGS, for rpc
	headers on cygwin.
	* src/rpc/virnetsocket.c (virNetSocketNewListenUNIX)
	(virNetSocketGetLocalIdentity): Avoid compiler warnings.

	build: avoid non-portable shell in test setup
	POSIX states that 'a=1; a=2 b=$a command' has unspecified results
	for the value of $b visible within command.  In particular, on
	BSD, this resulted in PATH not picking up the in-test ssh.
	* tests/Makefile.am (lv_abs_top_builddir): New macro.
	(path_add, TESTS_ENVIRONMENT): Use it to avoid referring to an
	environment variable set previously within the same command line.
	Reported by Matthias Bolte.

2011-07-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Don't use bash if we don't have to
	This tested failed on FreeBSD because it was using bash, that might
	not be installed.

2011-07-29  Osier Yang  <jyang@redhat.com>

	utils: More useful error message for hook script failure
	Commit 3709a386 ported hooks codes to new command execution API,
	together with the useful error message removed. Though we can't
	get "errbuf" from the new command execution API anymore, still
	we can give a more useful error.
	https://bugzilla.redhat.com/show_bug.cgi?id=726398

2011-07-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	freebsd: Fix build problem due to picking up the wrong libvirt.h
	Gettext annoyingly modifies CPPFLAGS in-place, putting
	-I/usr/local/include into the search patch if libintl headers
	must be used from that location.  But since we must support
	automake 1.9.6 which lacks AM_CPPFLAGS, and since CPPFLAGS is used
	prior to INCLUDES, this means that the build picks up the _old_
	installed libvirt.h in priority to the in-tree version, leading
	to all sorts of weird build failures on FreeBSD.
	Fix this by teaching configure to undo gettext's actions, but
	to keep any changes required by gettext at the end of INCLUDES
	after all in-tree locations are used first.  Also requires
	adding a wrapper Makefile.am and making gnulib-tool create
	just gnulib.mk files during the bootstrap process.

	freebsd: Avoid /bin/true in commandtest
	Rely on PATH and use just true, because on FreeBSD it's /usr/bin/true.

	tests: Unify style of test skipping code
	Prefer 'return EXIT_AM_SKIP' over 'exit(EXIT_AM_SKIP)'.
	Prefer 'int main(void)' over 'int main(int argc, char **argv)'.
	Fix mymain signature in commandtest and nodeinfotest.

2011-07-29  Eric Blake  <eblake@redhat.com>

	save: let qemu driver manipulate save files
	The goal here is that save-image-dumpxml fed back to
	save-image-define should not change the save file; anywhere that
	this is not the case is probably a bug in domain_conf.c.
	* src/qemu/qemu_driver.c (qemuDomainSaveImageGetXMLDesc)
	(qemuDomainSaveImageDefineXML): New functions.
	(qemuDomainSaveImageOpen): Add parameter.
	(qemuDomainRestoreFlags, qemuDomainObjRestore): Adjust clients.

	save: support qemu modifying xml on domain save/restore
	With this, it is possible to update the path to a disk backing
	image on either the save or restore action, without having to
	binary edit the XML embedded in the state file.
	This also modifies virDomainSave to output a smaller xml (only
	the inactive xml, which is all the more virDomainRestore parses),
	while still guaranteeing padding for most typical abi-compatible
	xml replacements, necessary so that the next patch for
	virDomainSaveImageDefineXML will not cause unnecessary
	modifications to the save image file.
	* src/qemu/qemu_driver.c (qemuDomainSaveInternal): Add parameter,
	only use inactive state, and guarantee padding.
	(qemuDomainSaveImageOpen): Add parameter.
	(qemuDomainSaveFlags, qemuDomainManagedSave)
	(qemuDomainRestoreFlags, qemuDomainObjRestore): Update callers.

	maint: add missing copyright notices
	I went with the shorter license notice used by src/libvirt.c,
	rather than spelling out the full LGPLv2+ clause into each of
	these files.
	* configure.ac: Declare copyright.
	* all Makefile.am: Likewise.

	xen: drop unused callbacks
	Found by:
	for f in $(sed -n 's/.*Drv[^ ]* \([^;]*\);.*/\1/p' src/xen/xen_driver.h)
	do
	  git grep "\(\.\|->\)$f\b" src/xen
	done | cat
	and looking through the resulting list to see which callback struct
	members are still necessary.
	* src/xen/xen_driver.h (xenUnifiedDriver): Drop all callbacks that
	are only used directly.
	* src/xen/xen_hypervisor.c (xenHypervisorDriver): Shrink list.
	* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
	* src/xen/xend_internal.c (xenDaemonDriver): Likewise.
	* src/xen/xm_internal.c (xenXMDriver): Likewise.
	* src/xen/xs_internal.c (xenStoreDriver): Likewise.

	xen: make direct call when there is only one subdriver
	No need to use a for loop if we know there is exactly one client.
	Found by:
	for f in $(sed -n 's/.*Drv[^ ]* \([^;]*\);.*/\1/p' src/xen/xen_driver.h)
	do
	  git grep "\(\.\|->\)$f\b" src/xen
	done | cat
	and looking through the resulting list to see which callback struct
	members are used exactly once.  The next patch will ensure that we
	don't reintroduce uses of these callbacks.
	* src/xen/xen_driver.c (xenUnifiedClose): Call close
	unconditionally, to match xenUnifiedOpen.
	(xenUnifiedNodeGetInfo, xenUnifiedDomainCreateXML)
	(xenUnifiedDomainSave, xenUnifiedDomainRestore)
	(xenUnifiedDomainCoreDump, xenUnifiedDomainUpdateDeviceFlags):
	Make direct call to lone implementation.
	* src/xen/xend_internal.h (xenDaemonDomainCoreDump)
	(xenDaemonUpdateDeviceFlags, xenDaemonCreateXML): Add prototypes.
	* src/xen/xend_internal.c (xenDaemonDomainCoreDump)
	(xenDaemonUpdateDeviceFlags, xenDaemonCreateXML): Export.

	xen: reduce callback special cases
	The callback struct is great when iterating through several
	possibilities, but when calling a known callback, it's just
	overhead.  We can make the direct call in those cases.
	* src/xen/xen_driver.c (xenUnifiedOpen, xenUnifiedDomainSuspend)
	(xenUnifiedDomainResume, xenUnifiedDomainDestroyFlags): Make
	direct calls instead of going through callback.

	xen: cleanup callback struct
	Using C99 initializers and xen-specific prefixes will make it
	so that future patches are less likely to add callback members
	to the xenUnifiedDriver struct, since the goal is to get rid
	of the callback struct in the first place.
	* src/xen/xen_driver.h (xenUnifiedDriver): Rename all struct
	members, to make it obvious which ones are still in use.
	* src/xen/xen_driver.c: Update all callers.
	* src/xen/xen_hypervisor.c (xenHypervisorDriver): Rewrite with C99
	initializers.
	* src/xen/xend_internal.c (xenDaemonDriver): Likewise.
	* src/xen/xs_internal.c (xenStoreDriver): Likewise.
	* src/xen/xm_internal.c (xenXMDriver): Likewise.
	* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.

2011-07-29  Laine Stump  <laine@laine.org>

	libxl: fix build failure due to change in virDomainGraphicsDef
	This failure was introduced by commit dacee3d, which removed
	listenAddr from the unions in virDomainGraphicsDef in favor of putting
	it in the address attribute of virDomainGraphicsListenDef.

	qemu: support type=network in domain graphics <listen>
	The domain XML now understands the <listen> subelement of its
	<graphics> element (including when listen type='network'), and the
	network driver has an internal API that will turn a network name into
	an IP address, so the final logical step is to put the glue into the
	qemu driver so that when it is starting up a domain, if it finds
	<listen type='network' network='xyz'/> in the XML, it will call the
	network driver to get an IPv4 address associated with network xyz, and
	tell qemu to listen for vnc (or spice) on that address rather than the
	default address (localhost).
	The motivation for this is that a large installation may want the
	guests' VNC servers listening on physical interfaces rather than
	localhost, so that users can connect directly from the outside; this
	requires sending qemu the appropriate IP address to listen on. But
	this address will of course be different for each host, and if a guest
	might be migrated around from one host to another, it's important that
	the guest's config not have any information embedded in it that is
	specific to one particular host. <listen type='network.../> can solve
	this problem in the following manner:
	  1) on each host, define a libvirt network of the same name,
	     associated with the interface on that host that should be used
	     for listening (for example, a simple macvtap network: <forward
	     mode='bridge' dev='eth0'/>, or host bridge network: <forward
	     mode='bridge'/> <bridge name='br0'/>
	  2) in the <graphics> element of each guest's domain xml, tell vnc to
	     listen on the network name used in step 1:
	     <graphics type='vnc' port='5922'>
	       <listen type='network'network='example-net'/>
	     </graphics>
	(all the above also applies for graphics type='spice').

	conf: add <listen> subelement to domain <graphics> element
	Once it's plugged in, the <listen> element will be an optional
	replacement for the "listen" attribute that graphics elements already
	have. If the <listen> element is type='address', it will have an
	attribute called 'address' which will contain an IP address or dns
	name that the guest's display server should listen on. If, however,
	type='network', the <listen> element should have an attribute called
	'network' that will be set to the name of a network configuration to
	get the IP address from.
	* docs/schemas/domain.rng: updated to allow the <listen> element
	* docs/formatdomain.html.in: document the <listen> element and its
	  attributes.
	* src/conf/domain_conf.[hc]:
	  1) The domain parser, formatter, and data structure are modified to
	     support 0 or more <listen> subelements to each <graphics>
	     element. The old style "legacy" listen attribute is also still
	     accepted, and will be stored internally just as if it were a
	     separate <listen> element. On output (i.e. format), the address
	     attribute of the first <listen> element of type 'address' will be
	     duplicated in the legacy "listen" attribute of the <graphic>
	     element.
	  2) The "listenAddr" attribute has been removed from the unions in
	     virDomainGRaphicsDef for graphics types vnc, rdp, and spice.
	     This attribute is now in the <listen> subelement (aka
	     virDomainGraphicsListenDef)
	  3) Helper functions were written to provide simple access
	     (both Get and Set) to the listen elements and their attributes.
	* src/libvirt_private.syms: export the listen helper functions
	* src/qemu/qemu_command.c, src/qemu/qemu_hotplug.c,
	  src/qemu/qemu_migration.c, src/vbox/vbox_tmpl.c,
	  src/vmx/vmx.c, src/xenxs/xen_sxpr.c, src/xenxs/xen_xm.c
	  Modify all these files to use the listen helper functions rather
	  than directly referencing the (now missing) listenAddr
	  attribute. There can be multiple <listen> elements to a single
	  <graphics>, but the drivers all currently only support one, so all
	  replacements of direct access with a helper function indicate index
	  "0".
	* tests/* - only 3 of these are new files added explicitly to test the
	  new <listen> element. All the others have been modified to reflect
	  the fact that any legacy "listen" attributes passed in to the domain
	  parse will be saved in a <listen> element (i.e. one of the
	  virDomainGraphicsListenDefs), and during the domain format function,
	  both the <listen> element as well as the legacy attributes will be
	  output.

2011-07-28  Alex Jia  <ajia@redhat.com>

	virsh: avoid missing zero value judgement in cmdBlkiotune
	* tools/virsh.c: fix missing zero value judgement in cmdBlkiotune and correct
	  vshError information.
	  when weight is equal to 0, the cmdBlkiotune will not raise any error information
	  when judge weight value first time, and execute else branch to judge weight
	  value again, strncpy(temp->field, VIR_DOMAIN_BLKIO_WEIGHT, sizeof(temp->field))
	  will be not executed for ever. However, if and only if param->field is equal
	  to VIR_DOMAIN_BLKIO_WEIGHT, underlying qemuDomainSetBlkioParameters function
	  will check whether weight value is in range [100, 1000].
	* how to reproduce?
	  % virsh blkiotune ${guestname} --weight 0

2011-07-28  Eric Blake  <eblake@redhat.com>

	build: avoid type-punning compiler warning
	On RHEL 5, with gcc 4.1.2:
	rpc/virnetsaslcontext.c: In function 'virNetSASLSessionUpdateBufSize':
	rpc/virnetsaslcontext.c:396: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
	* src/rpc/virnetsaslcontext.c (virNetSASLSessionUpdateBufSize):
	Use a union to work around gcc warning.

	qemu: fix nested job with driver lock held
	qemuMigrationUpdateJobStatus (called in a loop by migration
	and save tasks) uses qemuDomainObjEnterMonitorWithDriver;
	however, that function ended up starting a nested job without
	releasing the driver.
	Since no one else is making nested calls, we can inline the
	internal functions to properly track driver_locked.
	* src/qemu/qemu_domain.h (qemuDomainObjBeginNestedJob)
	(qemuDomainObjBeginNestedJobWithDriver)
	(qemuDomainObjEndNestedJob): Drop unused prototypes.
	* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitorInternal):
	Reflect driver lock to nested job.
	(qemuDomainObjBeginNestedJob)
	(qemuDomainObjBeginNestedJobWithDriver)
	(qemuDomainObjEndNestedJob): Drop unused functions.

2011-07-28  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Fix memory leak on metadata fetching
	As written in virStorageFileGetMetadataFromFD decription, caller
	must free metadata after use. Qemu driver miss this and therefore
	leak metadata which can grow to huge mem leak if somebody query
	for blockInfo a lot.

2011-07-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	freebsd: Add gnulib environ module for the commandtest

2011-07-28  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.c: Update outdated description of flags
	Because we do support flags for virDomainSetBlkioParameters and
	virDomainGetBlkioParameters, update appropriate description as well.

2011-07-28  Hu Tao  <hutao@cn.fujitsu.com>

	python: add python binding for virDomainSetMemoryParameters

	python: add python binding for virDomainGetMemoryParameters

	python: add python binding for virDomainSetBlkioParameters

	python: add python binding for virDomainGetBlkioParameters

2011-07-28  Alex Jia  <ajia@redhat.com>

	virsh: fix memory leak in cmdVolPath code
	* tools/virsh.c: avoid memory leak in cmdVolPath.
	* src/libvirt.c: Add doc for virStorageVolGetPath to tell one
	  must free() the returned path after use.
	* how to reproduce?
	% dd if=/dev/zero of=/var/lib/libvirt/images/foo.img count=1 bs=10M
	% virsh pool-refresh default
	% valgrind -v --leak-check=full virsh vol-path --vol \
	/var/lib/libvirt/images/foo.img
	* actual results:
	Detected in valgrind run:
	==16436== 32 bytes in 1 blocks are definitely lost in loss record 7 of 22
	==16436==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==16436==    by 0x386A314B3D: xdr_string (in /lib64/libc-2.12.so)
	==16436==    by 0x3DF8CD770D: xdr_remote_nonnull_string (remote_protocol.c:3
	==16436==    by 0x3DF8CD7EC8: xdr_remote_storage_vol_get_path_ret
	% virsh pool-refresh default
	% valgrind -v --leak-check=full virsh vol-path --vol \
	/var/lib/libvirt/images/foo.img

2011-07-28  Osier Yang  <jyang@redhat.com>

	qemu: Improve docs for virsh dump format
	The error in getCompressionType will never be reported, change
	the errors codes into warning (VIR_WARN("%s", _(foo)); doesn't break
	syntax-check rule), and also improve the docs in qemu.conf to tell
	user the truth.

2011-07-28  Eric Blake  <eblake@redhat.com>

	qemu: improve thread documentation
	* src/qemu/THREADS.txt: Fix problems with typos, grammar, and
	outdated examples.

	virsh: expose change-protection during migration
	* tools/virsh.c (doMigrate): Add --change-protection flag.
	* tools/virsh.pod (migrate): Document it.

2011-07-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	rpc: Fix memory leak in remoteDomainSet*Parameters functions
	Add a new helper remoteFreeTypedParameters and teach the generator
	to add it to the cleanup section.
	https://bugzilla.redhat.com/show_bug.cgi?id=725322

2011-07-28  Lai Jiangshan  <laijs@cn.fujitsu.com>

	send-key: Implement Python API

2011-07-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Remove special case for virDomainAbortJob
	This doesn't abort migration job in any phase, yet.

	qemu: Remove special case for virDomainSuspend

	qemu: Remove special case for virDomainMigrateSetMaxDowntime
	Call qemu monitor command directly within a special job that is only
	allowed during outgoing migration.

	qemu: Remove special case for virDomainMigrateSetMaxSpeed
	Call qemu monitor command directly within a special job that is only
	allowed during outgoing migration.

	qemu: Remove special case for virDomainBlockStats
	Like other query commands, this can now be called directly during
	migration.

	qemu: Remove special case for virDomainGetBlockInfo
	Like other query commands, this can now be called directly during
	migration.

	qemu: Recover from interrupted migration

	qemu: Migration job on source daemon
	Make MIGRATION_OUT use the new helper methods.
	This also introduces new protection to migration v3 process: the
	migration job is held from Begin to Confirm to avoid changes to a domain
	during migration (esp. between Begin and Perform phases). This change is
	automatically applied to p2p and tunneled migrations. For normal
	migration, this requires support from a client. In other words, if an
	old (pre 0.9.4) client starts normal migration of a domain, the domain
	will not be protected against changes between Begin and Perform steps.

	qemu: Migration job on destination daemon
	Make MIGRATION_IN use the new helper methods.

	qemu: Implement migration job phases
	This patch introduces several helper methods to deal with jobs and
	phases during migration in a simpler manner.

2011-07-27  Eric Blake  <eblake@redhat.com>

	build: support warnings on RHEL 5
	Without this, a configure built by autoconf 2.59 was broken when
	trying to detect which compiler warning flags were supported.
	* .gnulib: Update to latest, for warnings.m4 fix.
	* bootstrap.conf: Add fclose explicitly, to match recent gnulib
	implicit dependency changes.
	* src/qemu/qemu_conf.c (includes): Drop unused include.
	* src/uml/uml_conf.c (include): Likewise.
	Reported by Daniel P. Berrange.

2011-07-27  Michal Privoznik  <mprivozn@redhat.com>

	bandwidth: Integrate bandwidth into portgroups
	Every DomainNetDef has a bandwidth, as does every portgroup.
	Whenever a DomainNetDef of type NETWORK is about to be used, a call is
	made to networkAllocateActualDevice(). This function chooses the "best"
	bandwidth object and places it in the DomainActualNetDef.
	From that point on, whenever some code needs to use the bandwidth data
	for the interface, it's retrieved with virDomainNetGetActualBandwidth(),
	which will always return the "best" info as determined in the
	previous step.

2011-07-27  Osier Yang  <jyang@redhat.com>

	doc: Add doc for blockpull and blockjob commands
	Commit b31abc6f0 introduce commands blockpull and blockjob, but
	forgot to add the docs meanwhile.

2011-07-27  Cole Robinson  <crobinso@redhat.com>

	python: Properly report errors if virStreamRecv fails
	We only want to raise the special value -2. -1 should return None
	which tells the bindings to throw an exception.

2011-07-26  Alex Jia  <ajia@redhat.com>

	tools: format percent strings of nodecpustats
	* tools/virsh.c: format strings display for virsh nodecpustats --percent.
	* how to reproduce?
	% virsh nodecpustats --percent
	usage:            2.0%
	    user  :       1.0%
	    system:       1.0%
	idle  :          98.0%
	iowait:           0.0%
	* after format strings
	% virsh nodecpustats --percent
	usage:            2.0%
	user:             1.0%
	system:           1.0%
	idle:            98.0%
	iowait:           0.0%

2011-07-26  Stefan Berger  <stefanb@us.ibm.com>

	Build: fix build if HAVE_AVAHI is not defined
	Fix the build if HAVE_AVAHI is not defined.

2011-07-26  Dave Allan  <dallan@redhat.com>

	Fix incorrect implication about list options
	The description of the list command seemed to suggest that it could
	take a set of domains as an argument, which is not correct in the
	current HEAD.  If virsh list is intended to take a list of domains,
	then this patch should be NAK'd and a bug opened against virsh list.
	Reported by hachi on #virt
	v2:
	Change language to include transient domains
	Osier pointed out that transient domains are not defined, so what I
	had originally proposed wasn't quite correct.

2011-07-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix race in ref counting when handling RPC jobs
	When an incoming RPC message is ready for processing,
	  virNetServerClientDispatchRead()
	will invoke the 'dispatchFunc' callback. This is set to
	  virNetServerDispatchNewMessage
	This function puts the message + client in a queue for processing by the thread
	pool. The thread pool worker function is
	  virNetServerHandleJob
	The first thing this does is acquire an extra reference on the 'client'.
	Unfortunately, between the time the message+client are put on the thread pool
	queue, and the time the worker runs, the client object may have had its last
	reference removed.
	We clearly need to add the reference to the client object before putting the
	client on the processing queue
	* src/rpc/virnetserverclient.c: Add a reference to the client when
	  invoking the dispatch function
	* src/rpc/virnetserver.c: Don't acquire a reference to the client
	  when in the worker thread

2011-07-26  Wen Congyang  <wency@cn.fujitsu.com>

	set cpu bandwidth for the vm
	The cpu bandwidth is applied at the vcpu group level. We should apply it
	at the vm group level too, because the vm may do heavy I/O, and it will affect
	the other vm.
	We apply cpu bandwidth at the vcpu and the vm group level, so we must ensure
	that max(child_quota) <= parent_quota when we modify cpu bandwidth.

2011-07-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix build with gnutls 1.0.x branch

	Fix typos in virsh.pod file
	* tools/virsh.pod: Fix missing > tag in docs

2011-07-26  Osier Yang  <jyang@redhat.com>

	network: Fix typo
	Introduced by commit 239322cb, reported by Ruben Kerkhof.

2011-07-26  Daniel P. Berrange  <berrange@redhat.com>

	Add libtasn1-devel as a BuildRequires for libvirt.spec
	* libvirt.spec.in: Add libtasn1-devel

	Add mutex protection to SASL and TLS modules
	The virNetSASLContext, virNetSASLSession, virNetTLSContext and
	virNetTLSSession classes previously relied in their owners
	(virNetClient / virNetServer / virNetServerClient) to provide
	locking protection for concurrent usage. When virNetSocket
	gained its own locking code, this invalidated the implicit
	safety the SASL/TLS modules relied on. Thus we need to give
	them all explicit locking of their own via new mutexes.
	* src/rpc/virnetsaslcontext.c, src/rpc/virnettlscontext.c: Add
	  a mutex per object

	Report error if unable to bind to any socket
	When setting up a server socket, we must skip EADDRINUSE errors
	from bind, since the IPv6 socket bind may have already bound to
	the IPv4 socket too. If we don't manage to bind to any sockets
	at all though, we should then report the EADDRINUSE error as
	normal.
	This fixes the case where libvirtd would not exit if some other
	program was listening on its TCP/TLS ports.
	* src/rpc/virnetsocket.c: Report EADDRINUSE

	Fix leak of mDNS object in virNetServer
	* src/rpc/virnetserver.c: Free mDNS object

	Fix memory leaks in MDNS code
	* src/rpc/virnetservermdns.c: Fix leaks

2011-07-26  Eric Blake  <eblake@redhat.com>

	virsh: use faster bit search
	Now that gnulib gives us ffs, we might as well use it.
	* tools/virsh.c (vshCmddefGetData): Use ffs rather than
	count_one_bits.

	virsh: make vcpucount use --current consistently
	Rename the existing --current flag to the new name --active,
	while adding a new flag --current to expose the new
	VIR_DOMAIN_AFFECT_CURRENT flag of virDomainGetVcpusFlags.
	For backwards compability, the output does not change (even
	though the label "current" no longer matches the spelling of
	the option that would trigger that number in isolation), and
	we accept "--current --live" as an undocumented synonym for
	"--active --live" to avoid breaking any existing clients.
	* tools/virsh.c (cmdVcpucount): Add --active flag, and rearrange
	existing flag handling to expose VIR_DOMAIN_AFFECT_CURRENT support.
	* tools/virsh.pod (vcpucount): Document this.

	vcpu: teach getVcpusFlags about current
	Now that virDomainSetVcpusFlags knows about VIR_DOMAIN_AFFECT_CURRENT,
	so should virDomainGetVcpusFlags.
	Unfortunately, the virsh counterpart 'virsh vcpucount' has already
	commandeered --current for a different meaning, so teaching virsh
	to expose this in the next patch will require a bit of care.
	* src/libvirt.c (virDomainGetVcpusFlags): Allow
	VIR_DOMAIN_AFFECT_CURRENT.
	* src/libxl/libxl_driver.c (libxlDomainGetVcpusFlags): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainGetVcpusFlags): Likewise.
	* src/test/test_driver.c (testDomainGetVcpusFlags): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainGetVcpusFlags): Likewise.

2011-07-26  Cole Robinson  <crobinso@redhat.com>

	python: Handle embedded NUL in stream.send data
	Otherwise things like volume upload are only useful with text data.

2011-07-26  Laine Stump  <laine@laine.org>

	util: change virFile*Pid functions to return < 0 on failure
	Although most functions in libvirt return 0 on success and < 0 on
	failure, there are a few functions lingering around that return errno
	(a positive value) on failure, and sometimes code calling those
	functions incorrectly assumes the <0 standard. I noticed one of these
	the other day when auditing networkStartDhcpDaemon after Guido Gunther
	found a place where success was improperly returned on failure (that
	patch has been acked and is pending a push). The problem was that it
	expected the return value from virFileReadPid to be < 0 on failure,
	but it was actually positive (it was also neglected to set the return
	code in this case, similar to the bug found by Guido).
	This all led to the fact that *all* of the virFile*Pid functions in
	util.c are returning errno on failure. This patch remedies that
	problem by changing them all to return -errno on failure, and makes
	any necessary changes to callers of the functions. (In the meantime, I
	also properly set the return code on failure of virFileReadPid in
	networkStartDhcpDaemon).

2011-07-26  Guido Günther  <agx@sigxcpu.org>

	Catch dnsmasq start failures
	While we checked the return value we didn't maks sure ret != 0 which
	resulted in dnsmasq errors being ignored.

2011-07-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix import of private key with older gnutls
	With older GNUTLS the gnutls_x509_privkey_import function is
	unable to import our private key. Instead we must use the
	alternative gnutls_x509_privkey_import_pkcs8() (as certtool
	does).
	* virnettlscontexttest.c: Fix import of private key with
	  older gnutls. Also add missing newlines to key

2011-07-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix TLS context tests with expired certs
	commit 5283ea9b1d8a4b0f2fd6796bf60615aca7b6c3e6 changed the
	semantics of the 'expire_offset' field in the test case struct
	so that instead of being an absolute timestamp, it was a delta
	relative to the current time. This broke the test cases which
	were testing expiry of certificates, by putting the expiry
	time into the future, instead of in the past.
	Fix this by changing the expiry values to be negative, so that
	the delta goes into the past again.
	* virnettlscontexttest.c: Fix expiry tests

2011-07-25  Wen Congyang  <wency@cn.fujitsu.com>

	rename cfs_* to vcpu_*
	In the XML file we now have
	  <cputune>
	    <shares>1024</shares>
	    <period>90000</period>
	    <quota>0</quota>
	  </cputune>
	But the schedinfo parameter are being named
	 cpu_shares: 1024
	 cfs_period: 90000
	 cfs_quota: 0
	The period/quota is per-vcpu value, so these new tunables should be named
	'vcpu_period' and 'vcpu_quota'.

2011-07-25  Cole Robinson  <crobinso@redhat.com>

	docs: Break up 'Basic Resources' XML section
	We had a bit too many elements crammed in there. Separate it into different
	headings:
	- CPU Allocation (<vcpus>)
	- CPU Tuning (<cputune>)
	- Memory allocation (<memory> and <currentMemory>)
	- Memory backing (<memoryBacking>)
	- Memory tuning (<memtune>)
	- Numa tuning (<numatune>)
	- Block I/O tuning (<blkiotune>)

2011-07-25  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	python: add Python binding for virDomainGetVcpuPinInfo API
	This patch adds the Python bindings for virDomainGetVcpuPinInfo API.
	* python/generator.py: add it to generator skip list
	* python/libvirt-override-api.xml: provide an override description
	* python/libvirt-override.c: provide an override binding implementation

	python: add Python binding for virDomainPinVcpusFlags API
	This patch adds the Python bindings for virDomainPinVcpuFlags API.
	* python/generator.py: add it to the generator skip list
	* python/libvirt-override-api.xml: provide override description
	* python/libvirt-override.c: provide override bindings implementation

	python: add Python binding for virDomainGetSchedulerParametersFlags API
	This patch adds the Python bindings for
	virDomainGetSchedulerParametersFlags API.

	python: add Python binding for virDomainGetSchedulerParametersFlags API
	This patch adds the Python bindings for
	virDomainGetSchedulerParametersFlags API.
	* python/libvirt-override-api.xml: provide and override description
	* python/libvirt-override.c: implement the bindings

2011-07-25  Eric Blake  <eblake@redhat.com>

	tests: detect gnutls errors
	* tests/virnettlscontexttest.c (testTLSLoadKey): Report errors.

2011-07-25  Wieland Hoffmann  <themineo@googlemail.com>

	driver.h: Fix two driver documentation mistakes

2011-07-25  Michal Privoznik  <mprivozn@redhat.com>

	bandwidth: Add domain schema and xml2xml tests

	bandwidth: Add test cases for network

	bandwidth: Implement functions to enable and disable QoS
	These function executes 'tc' with appropriate arguments to set
	desired QoS setting on interface or bridge during its creation.

	bandwidth: Create format functions

	bandwidth: Add parsing and free functions
	These functions parse given XML node and return pointer to the
	output. Unknown elements are silently ignored. Attributes must
	be integer and must fit in unsigned long long.
	Free function frees elements of virBandwidth structure.

	bandwidth: Declare internal structures

	bandwidth: Define schema and create documentation
	Define new 'bandwidth' element with possible child element 'inbound'
	and 'outbound' addressing incoming and outgoing traffic respectively:
	<bandwidth>
	  <inbound average='1000' peak='2000' burst='5120'/>
	  <outbound average='500'/>
	</bandwidth>
	Leaving any element out means not to shape traffic in that
	direction.
	The units for average and peak (rate) are in kilobytes per second,
	for burst (size) are just in kilobytes.
	This element can be inserted into domain's 'interface' and
	'network'.

2011-07-25  Laine Stump  <laine@laine.org>

	network: provide internal API to return IP of a network
	The new listenNetwork attribute needs to learn an IP address based on a
	named network. This patch provides a function networkGetNetworkAddress
	which provides that.
	Some networks have an IP address explicitly in their configuration
	(ie, those with a forward type of "none", "route", or "nat"). For
	those, we can just return the IP address from the config.
	The rest will have a physical device associated with them (either via
	<bridge name='...'/>, <forward ... dev='...'/>, or possibly via a pool
	of interfaces inside the network's <forward> element) and we will need
	to ask the kernel for a current IP address of that device (via the
	newly added ifaceGetIPAddress)
	If networkGetNetworkAddress encounters an error while trying to learn
	the address for a network, it will return -1. In the case that libvirt
	has been compiled without the network driver, the call is a macro
	which reduces to -2. This allows differentiating between a failure of
	the network driver, and its complete absence.

	util: add an ifaceGetIPAddress to the interface utilities
	This function uses ioctl(SIOCGIFADDR), which limits it to returning
	the first IPv4 address of an interface, but that's what we want right
	now (the place we're going to use the address only accepts one).

2011-07-25  Eric Blake  <eblake@redhat.com>

	tests: fix compilation failures
	Even though gnutls is a hard-req for libvirt, and gnutls depends
	on libtasn1, that does not mean that you have to have the libtasn1
	development files installed.  Skip the test rather than failing
	compilation in that case.
	With newer gcc, the test consumed too much stack space.  Move
	things to static storage to fix that.
	* configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h.
	(HAVE_LIBTASN1): New automake conditional.
	* tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES)
	(virnettlscontexttest_LDADD): Allow compilation without libtasn1.
	* tests/virnettlscontexttest.c: Skip test if headers not present.
	(struct testTLSCertReq): Alter time members.
	(testTLSGenerateCert): Reflect the change.
	(mymain): Reduce stack usage.

2011-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Pre-create /var/lib/libvirt/sanlock directory
	The sanlock plugin for libvirt expects the directory
	/var/lib/libvirt/sanlock to exist. Create this and add
	it to the RPM
	* libvirt.spec.in: Add /var/lib/libvirt/sanlock
	* src/Makefile.am: Create /var/lib/libvirt/sanlock

	Honour filesystem readonly flag & make special FS readonly
	A container should not be allowed to modify stuff in /sys
	or /proc/sys so make them readonly. Make /selinux readonly
	so that containers think that selinux is disabled.
	Honour the readonly flag when mounting container filesystems
	from the guest XML config
	* src/lxc/lxc_container.c: Support readonly mounts

	Refactor mounting of special filesystems
	Even in non-virtual root filesystem mode we should be mounting
	more than just a new /proc. Refactor lxcContainerMountBasicFS
	so that it does everything except for /dev and /dev/pts moving
	that into lxcContainerMountDevFS. Pass in a source prefix
	to lxcContainerMountBasicFS() so it can be used in both shared
	root and private root modes.
	* src/lxc/lxc_container.c: Unify mounting code for special
	  filesystems

	Pull code for doing a bind mount into separate method
	The bind mount setup is about to get more complicated.
	To avoid having to deal with several copies, pull it
	out into a separate lxcContainerMountFSBind method.
	Also pull out the iteration over container filesystems,
	so that it will be easier to drop in support for non-bind
	mount filesystems
	* src/lxc/lxc_container.c: Pull bind mount code out into
	  lxcContainerMountFSBind

	Fix typos in daemon config file from previous commit

	Add a test case for certificate validation
	This test case checks certification validation rules for
	 - Basic constraints
	 - Key purpose
	 - Key usage
	 - Start/expiry times
	It checks initial context creation sanity checks, and live
	session validation

	Allow certificate sanity checking to be disabled
	When libvirtd starts it it will sanity check its own certs,
	and before libvirt clients connect to a remote server they
	will sanity check their own certs. This patch allows such
	sanity checking to be skipped. There is no strong reason to
	need to do this, other than to bypass possible libvirt bugs
	in sanity checking, or for testing purposes.
	libvirt.conf gains tls_no_sanity_certificate parameter to
	go along with tls_no_verify_certificate. The remote driver
	client URIs gain a no_sanity URI parameter
	* daemon/test_libvirtd.aug, daemon/libvirtd.conf,
	  daemon/libvirtd.c, daemon/libvirtd.aug: Add parameter to
	  allow cert sanity checks to be skipped
	* src/remote/remote_driver.c: Add no_sanity parameter to
	  skip cert checks
	* src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h:
	  Add new parameter for skipping sanity checks independantly
	  of skipping session cert validation checks

2011-07-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	build: Use $(PYTHON) instead of python for the keycode map generator
	Also prepend $(AM_V_GEN) to the command line, mark virkeycode-mapgen.py
	as executable and switch the shebang line from /bin/python to the
	commonly use /usr/bin/python.

	xenapi: Fix double-freeing the session in xenapiClose
	xen_session_logout already frees the whole session object.
	Don't call xenSessionFree on a freed session object.
	Reported by Sharmila Radhakrishnan.

2011-07-22  Oskari Saarenmaa  <os@ohmu.fi>

	remote/ssh: optional "keyfile" parameter.
	New optional parameter "keyfile" for ssh transport allows the user to select
	the private key to be used to authenticate to the remote host.

2011-07-22  Laine Stump  <laine@laine.org>

	util: make interface.c functions consistently return < 0 on error
	All of the functions in util/interface.c were returning 0 on success,
	but some returned -1 on error, and some returned a positive value
	(usually the value of errno, but sometimes just 1). Libvirt's standard
	is to return < 0 on error (in the case of functions that need to
	return errno, -errno is returned.
	This patch modifies all functions in interface.c to consistently
	return < 0 on error, and makes changes to callers of those functions
	where necessary.

2011-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Refactor the certification validation code
	There is some commonality between the code for sanity checking
	certs when initializing libvirt and the code for validating
	certs during a live TLS session handshake. This patchset splits
	up the sanity checking function into several smaller functions
	each doing a specific type of check. The cert validation code
	is then updated to also call into these functions
	* src/rpc/virnettlscontext.c: Refactor cert validation code

	Remove call to deprecated gnutls_certificate_type_set_priority (again)
	The gnutls_certificate_type_set_priority method is deprecated.
	Since we already set the default gnutls priority, it was not
	serving any useful purpose and can be removed
	* src/rpc/virnettlscontext.c: Remove gnutls_certificate_type_set_priority
	  call

	Ensure that libvirtd shuts down if initialization fails
	If the virStateInitialize call fails we must shutdown libvirtd
	since drivers will not be available. Just free'ing the virNetServer
	is not sufficient, we must send a SIGTERM to ourselves so that
	we interrupt the event loop and trigger a orderly shutdown
	* daemon/libvirtd.c: Kill ourselves if state init fails
	* src/rpc/virnetserver.c: Add some debugging to event loop

2011-07-22  Adam Litke  <agl@us.ibm.com>

	Asynchronous event for BlockJob completion
	When an operation started by virDomainBlockPull completes (either with
	success or with failure), raise an event to indicate the final status.
	This API allow users to avoid polling on virDomainGetBlockJobInfo if
	they would prefer to use an event mechanism.
	* daemon/remote.c: Dispatch events to client
	* include/libvirt/libvirt.h.in: Define event ID and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle the new event
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for block_stream completion and emit a libvirt block pull event
	* src/remote/remote_driver.c: Receive and dispatch events to application
	* src/remote/remote_protocol.x: Wire protocol definition for the event
	* src/remote_protocol-structs: structure definitions for protocol verification
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for BLOCK_STREAM_COMPLETED event
	  from QEMU monitor

	Enable virDomainBlockPull in the python API
	virDomainGetBlockJobInfo requires manual override since it returns a
	custom type.
	* python/generator.py: reenable bindings for this entry point
	* python/libvirt-override-api.xml python/libvirt-override.c:
	  manual overrides

	Enable the virDomainBlockPull API in virsh
	Define two new virsh commands:
	 * blockpull: Initiate a blockPull for the given disk
	 * blockjob: Retrieve progress info, modify speed, and cancel active block jobs
	Share print_job_progress() with the migration code.
	* tools/virsh.c: implement the new commands

	Implement virDomainBlockPull for the qemu driver
	The virDomainBlockPull* family of commands are enabled by the
	following HMP/QMP commands: 'block_stream', 'block_job_cancel',
	 'info block-jobs' / 'query-block-jobs', and 'block_job_set_speed'.
	* src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement disk
	  streaming by using the proper qemu monitor commands.
	* src/qemu/qemu_monitor_json.[ch]: implement commands using the qmp monitor

	Add virDomainBlockPull support to the remote driver
	The generator can handle everything except virDomainGetBlockJobInfo().
	* src/remote/remote_protocol.x: provide defines for the new entry points
	* src/remote/remote_driver.c daemon/remote.c: implement the client and
	  server side for virDomainGetBlockJobInfo.
	* src/remote_protocol-structs: structure definitions for protocol verification
	* src/rpc/gendispatch.pl: Permit some unsigned long parameters

	virDomainBlockPull: Implement the main entry points
	* src/libvirt.c: implement the main entry points

	Add new API virDomainBlockPull* to headers
	Set up the types for the block pull functions and insert them into the
	virDriver structure definition.  Symbols are exported in this patch to
	prevent
	documentation compile failures.
	* include/libvirt/libvirt.h.in: new API
	* src/driver.h: add the new entry to the driver structure
	* python/generator.py: fix compiler errors, the actual python bindings
	* are
	  implemented later
	* src/libvirt_public.syms: export symbols
	* docs/apibuild.py: Extend 'unsigned long' parameter exception to this
	* API

2011-07-22  Eric Blake  <eblake@redhat.com>

	save: add virsh commands for manipulating save files
	Now you can edit a saved state file even if you forgot to grab
	a dumpxml file prior to saving a domain.  Plus, in-place editing
	feels so much nicer.
	* tools/virsh.c (cmdSaveImageDumpxml, cmdSaveImageDefine)
	(cmdSaveImageEdit): New commands.
	* tools/virsh.pod (save-image-dumpxml, save-image-define)
	(save-image-edit): Document them.

	save: wire up remote protocol
	* src/remote/remote_driver.c (remote_driver): Add new callbacks.
	* src/remote/remote_protocol.x (remote_procedure): New RPCs.
	(remote_domain_save_image_get_xml_desc_args)
	(remote_domain_save_image_get_xml_desc_ret)
	(remote_domain_save_image_define_xml_args): New structs.
	* src/remote_protocol-structs: Update.

	save: new API to manipulate save file images
	Modifying the xml on either save or restore only gets you so
	far - you have to remember to 'virsh dumpxml dom' just prior
	to the 'virsh save' in order to have an xml file worth modifying
	that won't be rejected due to abi breaks.  To make this more
	powerful, we need a way to grab the xml embedded within a state
	file, and from there, it's not much harder to also support
	modifying a state file in-place.
	Also, virDomainGetXMLDesc didn't document its flags.
	* include/libvirt/libvirt.h.in (virDomainSaveImageGetXMLDesc)
	(virDomainSaveImageDefineXML): New prototypes.
	* src/libvirt.c (virDomainSaveImageGetXMLDesc)
	(virDomainSaveImageDefineXML): New API.
	* src/libvirt_public.syms: Export them.
	* src/driver.h (virDrvDomainSaveImageGetXMLDesc)
	(virDrvDomainSaveImgeDefineXML): New driver callbacks.

	save: support bypass-cache flag in libvirt-guests init script
	libvirt-guests is a perfect use case for bypassing the file system
	cache - lots of filesystem traffic done at system shutdown, where
	caching is pointless, and startup, where reading large files only
	once just gets in the way.  Make this a configurable option in the
	init script, but defaulting to existing behavior.
	* tools/libvirt-guests.sysconf (BYPASS_CACHE): New variable.
	* tools/libvirt-guests.init.sh (start, suspend_guest): Use it.

	save: support bypass-cache flag in qemu.conf
	When auto-dumping a domain on crash events, or autostarting a domain
	with managed save state, let the user configure whether to imply
	the bypass cache flag.
	* src/qemu/qemu.conf (auto_dump_bypass_cache, auto_start_bypass_cache):
	Document new variables.
	* src/qemu/libvirtd_qemu.aug (vnc_entry): Let augeas parse them.
	* src/qemu/qemu_conf.h (qemud_driver): Store new preferences.
	* src/qemu/qemu_conf.c (qemudLoadDriverConfig): Parse them.
	* src/qemu/qemu_driver.c (processWatchdogEvent, qemuAutostartDomain):
	Honor them.

	save: support BYPASS_CACHE during qemu save/restore
	Wire together the previous patches to support file system cache
	bypass during API save/restore requests in qemu.
	* src/qemu/qemu_driver.c (qemuDomainSaveInternal, doCoreDump)
	(qemudDomainObjStart, qemuDomainSaveImageOpen, qemuDomainObjRestore)
	(qemuDomainObjStart): Add parameter.
	(qemuDomainSaveFlags, qemuDomainManagedSave, qemudDomainCoreDump)
	(processWatchdogEvent, qemudDomainStartWithFlags, qemuAutostartDomain)
	(qemuDomainRestoreFlags): Update callers.

	save: add virFileDirectFd wrapper type
	O_DIRECT has stringent requirements.  Rather than make lots of changes
	at each site that wants to use O_DIRECT, it is easier to offload
	the work through a helper process that mirrors the I/O between a
	pipe and the actual direct fd, so that the other end of the pipe
	no longer has to worry about constraints.
	Plus, if the kernel ever gains better posix_fadvise support, then we
	only have to touch a single file to let all callers benefit from a
	more efficient way to avoid file system caching.
	* src/util/virfile.h (virFileDirectFdFlag, virFileDirectFdNew)
	(virFileDirectFdClose, virFileDirectFdFree): New prototypes.
	* src/util/virdirect.c: Implement new wrapper object.
	* src/libvirt_private.syms (virfile.h): Export new symbols.
	* cfg.mk (useless_free_options): Add to list.
	* po/POTFILES.in: Add new translations.

	save: let iohelper work on O_DIRECT fds
	Required for a coming patch where iohelper will operate on O_DIRECT
	fds.  There, the user-space memory must be aligned to file system
	boundaries (at least 512, but using page-aligned works better, and
	some file systems prefer 64k).  Made tougher by the fact that
	VIR_ALLOC won't work on void *, but posix_memalign won't work on
	char * and isn't available everywhere.
	This patch makes some simplifying assumptions - namely, output
	to an O_DIRECT fd will only be attempted on an empty seekable
	file (hence, no need to worry about preserving existing data
	on a partial block, and ftruncate will work to undo the effects
	of having to round up the size of the last block written), and
	input from an O_DIRECT fd will only be attempted on a complete
	seekable file with the only possible short read at EOF.
	* configure.ac (AC_CHECK_FUNCS_ONCE): Check for posix_memalign.
	* src/util/iohelper.c (runIO): Use aligned memory, and handle
	quirks of O_DIRECT on last write.

	save: let iohelper handle inherited fd
	Rather than making the iohelper subject to a race in reopening
	the file, it is nicer to pass an already-open fd by inheritance.
	The old synopsis form must continue to work - if someone updates
	their libvirt package and installs a new libvirt_iohelper but
	without restarting the old libvirtd daemon, then the daemon can
	still make calls using the old syntax but the new iohelper.
	* src/util/iohelper.c (runIO): Split code for open...
	(prepare): ...to new function.
	(usage): Update synopsis.
	(main): Allow alternate calling form.
	* src/fdstream.c (virFDStreamOpenFileInternal): Use alternate form.

	save: support --xml to virsh save/restore
	Also, migrate was missing documentation for the --xml option
	added in commit ec5301cb.
	* tools/virsh.c (cmdSave, cmdRestore): Add xml argument.
	* tools/virsh.pod (save, restore, migrate): Document it.

	save: add --bypass-cache flag to virsh save/restore operations
	Wire up the new flag to several virsh commands.  Also, the
	'dump' command had undocumented flags.
	* tools/virsh.c (cmdSave, cmdManagedSave, cmdDump, cmdStart)
	(cmdRestore): Add new flag.
	* tools/virsh.pod (save, managedsave, dump, start, restore):
	Document flags.

	save: wire up trivial save/restore flags implementations
	For all hypervisors that support save and restore, the new API
	now performs the same functions as the old.
	VBox is excluded from this list, because its existing domainsave
	is broken (there is no corresponding domainrestore, and there
	is no control over the filename used in the save).  A later
	patch should change vbox to use its implementation for
	managedsave, and teach start to use managedsave results.
	* src/libxl/libxl_driver.c (libxlDomainSave): Move guts...
	(libxlDomainSaveFlags): ...to new function.
	(libxlDomainRestore): Move guts...
	(libxlDomainRestoreFlags): ...to new function.
	* src/test/test_driver.c (testDomainSave, testDomainSaveFlags)
	(testDomainRestore, testDomainRestoreFlags): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainSave)
	(xenUnifiedDomainSaveFlags, xenUnifiedDomainRestore)
	(xenUnifiedDomainRestoreFlags): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainSave, qemudDomainRestore):
	Rename and move guts.
	(qemuDomainSave, qemuDomainSaveFlags, qemuDomainRestore)
	(qemuDomainRestoreFlags): ...here.
	(qemudDomainSaveFlag): Rename...
	(qemuDomainSaveInternal): ...to this, and update callers.

	error: add new error type for reflecting partial API support
	VIR_ERR_INVALID_ARG implies that an argument cannot possibly
	be correct, given the current state of the API.
	VIR_ERR_CONFIG_UNSUPPORTED implies that a configuration is
	wrong, but arguments aren't configuration.
	VIR_ERR_NO_SUPPORT implies that a function is completely
	unimplemented.
	But in the case of a function that is partially implemented,
	yet the full power of the API is not available for that
	driver, none of the above messages make sense.  Hence a new
	error message, implying that the argument is known to comply
	with the current state of the API, and that while the driver
	supports aspects of the function, it does not support that
	particular use of the argument.
	A good use case for this is a driver that supports
	virDomainSaveFlags, but not the dxml argument of that API.
	It might be feasible to also use this new error for all functions
	that check flags, and which accept fewer flags than what is possible
	in the public API.  But doing so would get complicated, since
	neither libvirt.c nor the remote driver may do flag filtering,
	and every other driver would have to do a two-part check, first
	using virCheckFlags on all public flags (which gives
	VIR_ERR_INVALID_ARG for an impossible flag), followed by a
	particular mask check for VIR_ERR_ARGUMENT_UNSUPPORTED (for a
	possible public flag but unsupported by this driver).
	* include/libvirt/virterror.h (VIR_ERR_ARGUMENT_UNSUPPORTED): New
	error.
	* src/util/virterror.c (virErrorMsg): Give it a message.
	Suggested by Daniel P. Berrange.

	build: fix bugs with destroyFlags patches
	Build failure on xenapi_driver from compiler warnings (flags was unused).
	Build failure on xen (incorrect number of arguments).  And in fixing
	that, I obeyed the comments of struct xenUnifiedDriver that state
	that we want to minimize the number of callback functions in that
	struct, not add to it.
	* src/xen/xen_driver.c (xenUnifiedDomainDestroyFlags): Use correct
	arguments.
	(xenUnifiedDomainDestroy): Simplify.
	* src/xen/xen_driver.h (xenUnifiedDriver): Remove unused callback.
	* src/xen/xen_hypervisor.c (xenHypervisorDestroyDomain): Likewise.
	* src/xen/xend_internal.c (xenDaemonDomainDestroy): Likewise.
	* src/xen/xend_internal.h (xenDaemonDomainDestroyFlags): Likewise.
	* src/xen/xm_internal.c (xenXMDriver): Likewise.
	* src/xen/xs_internal.c (xenStoreDriver): Likewise.
	* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainDestroyFlags): Reject
	unknown flags.

2011-07-22  Michal Privoznik  <mprivozn@redhat.com>

	remote: Fix forgotten comma
	during conflict resolving

2011-07-22  Laine Stump  <laine@laine.org>

	network: internal API functions to manage assignment of physdev to guest
	The network driver needs to assign physical devices for use by modes
	that use macvtap, keeping track of which physical devices are in use
	(and how many instances, when the devices can be shared). Three calls
	are added:
	networkAllocateActualDevice - finds a physical device for use by the
	domain, and sets up the virDomainActualNetDef accordingly.
	networkNotifyActualDevice - assumes that the domain was already
	running, but libvirtd was restarted, and needs to be notified by each
	already-running domain about what interfaces they are using.
	networkReleaseActualDevice - decrements the usage count of the
	allocated physical device, and frees the virDomainActualNetDef to
	avoid later accidentally using the device.
	bridge_driver.[hc] - the new APIs. When WITH_NETWORK is false, these
	functions are all #defined to be "0" in the .h file (effectively
	becoming a NOP) to prevent link errors.
	qemu_(command|driver|hotplug|process).c - add calls to the above APIs
	    in the appropriate places.
	tests/Makefile.am - we need to include libvirt_driver_network.la
	    whenever libvirt_driver_qemu.la is linked, to avoid unreferenced
	    symbols (in functions that are never called by the test
	    programs...)

	qemu: use virDomainNetGetActual*() in qemuDomainXMLToNative
	This is the one function outside of domain_conf.c that plays around
	with (even modifying) the internals of the virDomainNetDef, and thus
	can't be fixed up simply by replacing direct accesses to the fields of
	the struct with the GetActual*() access functions.
	In this case, we need to check if the defined type is "network", and
	if it is *then* check the actual type; if the actual type is "bridge",
	then we can at least put the bridgename in a place where it can be
	used; otherwise (if type isn't "bridge"), we behave exactly as we used
	to - just null out *everything*.

	qemu: use virDomainNetGetActual*() functions where appropriate
	The qemu driver accesses fields in the virDomainNetDef directly, but
	with the advent of the virDomainActualNetDef, some pieces of
	information may be found in a different place (the ActualNetDef) if
	the network connection is of type='network' and that network is of
	forward type='bridge|private|vepa|passthrough'. The previous patch
	added functions to mask this difference from callers - they hide the
	decision making process and just pick the value from the proper place.
	This patch uses those functions in the qemu driver as a first step in
	making qemu work with the new network types. At this point, the
	virDomainActualNetDef is guaranteed always NULL, so the GetActualX()
	function will return exactly what the def->X that's being replaced
	would have returned (ie bisecting is not compromised).
	There is one place (in qemu_driver.c) where the internal details of
	the NetDef are directly manipulated by the code, so the GetActual
	functions cannot be used there without extra additional code; that
	file will be treated in a separate patch.

	network: separate Start/Shutdown functions for new network types
	Previously all networks were composed of bridge devices created and
	managed by libvirt, and the same operations needed to be done for all
	of them when they were started and stopped (create and start the
	bridge device, configure its MAC address and IP address, add iptables
	rules). The new network types are (for now at least) managed outside
	of libvirt, and the network object is used only to contain information
	about the network, which is then used as each individual guest
	connects itself.
	This means that when starting/stopping one of these new networks, we
	really want to do nothing, aside from marking the network as
	active/inactive.
	This has been setup as toplevel Start/Shutdown functions that do the
	small bit of common stuff, then have a switch statement to execute
	network type-specific start/shutdown code, then do a bit more common
	code. The type-specific functions called for the new host bridge and
	macvtap based types are currently empty.
	In the future these functions may actually do something, and we will
	surely add more functions that are similarly patterned. Once
	everything has settled, we can make a table of "sub-driver" function
	pointers for each network type, and store a pointer to that table in
	the network object, then we can replace the switch statements with
	calls to functions in the table.
	The final step in this will be to add a new table (and corresponding
	new functions) for new network types as they are added.

	conf: support abstracted interface info in network XML
	The network XML is updated in the following ways:
	1) The <forward> element can now contain a list of forward interfaces:
	     <forward .... >
	       <interface dev='eth10'/>
	       <interface dev='eth11'/>
	       <interface dev='eth12'/>
	       <interface dev='eth13'/>
	     </forward>
	   The first of these takes the place of the dev attribute that is
	   normally in <forward> - when defining a network you can specify
	   either one, and on output both will be present. If you specify
	   both on input, they must match.
	2) In addition to forward modes of 'nat' and 'route', these new modes
	   are supported:
	     private, passthrough, vepa - when this network is referenced by a
	     domain's interface, it will have the same effect as if the
	     interface had been defined as type='direct', e.g.:
	        <interface type='direct'>
	          <source mode='${mode}' dev='${dev}>
	          ...
	        </interface>
	     where ${mode} is one of the three new modes, and ${dev} is an interface
	     selected from the list given in <forward>.
	     bridge - if a <forward> dev (or multiple devs) is defined, and
	     forward mode is 'bridge' this is just like the modes 'private',
	     'passthrough', and 'vepa' above. If there is no forward dev
	     specified but a bridge name is given (e.g. "<bridge
	     name='br0'/>"), then guest interfaces using this network will use
	     libvirt's "host bridge" mode, equivalent to this:
	       <interface type='bridge'>
	          <source bridge='${bridge-name}'/>
	          ...
	       </interface>
	3) A network can have multiple <portgroup> elements, which may be
	   selected by the guest interface definition (by adding
	   "portgroup='${name}'" in the <source> element along with the
	   network name). Currently a portgroup can only contain a
	   virtportprofile, but the intent is that other configuration items
	   may be put there int the future (e.g. bandwidth config). When
	   building a guest's interface, if the <interface> XML itself has no
	   virtportprofile, and if the requested network has a portgroup with
	   a name matching the name given in the <interface> (or if one of the
	   network's portgroups is marked with the "default='yes'" attribute),
	   the virtportprofile from that portgroup will be used by the
	   interface.
	4) A network can have a virtportprofile defined at the top level,
	   which will be used by a guest interface when connecting in one of
	   the 'direct' modes if the guest interface XML itself hasn't
	   specified any virtportprofile, and if there are also no matching
	   portgroups on the network.

	conf: support abstracted interface info in domain interface XML
	the domain XML <interface> element is updated in the following ways:
	1) <virtualportprofile> can be specified when source type='network'
	(previously it was only valid for source type='direct')
	2) A new attribute "portgroup" has been added to the <source>
	element. When source type='network' (the only time portgroup is
	recognized), extra configuration information will be taken from the
	<portgroup> element of the given name in the network definition.
	3) Each virDomainNetDef now also potentially has a
	virDomainActualNetDef which is a private object (never
	exported/imported via the public API, and not defined in the RNG) that
	is used to maintain information about the physical device that was
	actually used for a NetDef of type VIR_DOMAIN_NET_TYPE_NETWORK.
	The virDomainActualNetDef will only be parsed/formatted if the
	parse/format function is called with the
	VIR_DOMAIN_XML_INTERNAL_ACTUAL_NET flag set (which is only needed when
	saving/loading a running domain's state info to the stateDir).

	conf: virDomainNetDef points to (rather than contains) virtPortProfile
	The virtPortProfile in the domain interface struct is now a separately
	allocated object *pointed to by* (rather than contained in) the main
	virDomainNetDef object. This is done to make it easier to figure out
	when a virtualPortProfile has/hasn't been specified in a particular
	config.

	conf: put virtPortProfile struct / functions in a common location
	virtPortProfiles are currently only used in the domain XML, but will
	soon also be used in the network XML. To prepare for that change, this
	patch moves the structure definition into util/network.h and the parse
	and format functions into util/network.c (I decided that this was a
	better choice than macvtap.h/c for something that needed to always be
	available on all platforms).

	util: define MAX
	If util.h is going to have a MIN, it may as well also have MAX.

2011-07-22  Michal Privoznik  <mprivozn@redhat.com>

	destroy: Implement internal API for xenapi driver

	destroy: Implement internal API for xen driver

	destroy: Implement internal API for vmware driver

	destroy: Implement internal API for vbox driver

	destroy: Implement internal API for uml driver

	destroy: Implement internal API for phyp driver

	destroy: Implement internal API for openvz driver

	destroy: Implement internal API for lxc driver

	destroy: Implement internal API for libxl driver

	destroy: Implement internal API for ESX driver

	destroy: Implement internal API for qemu driver

	destroy: Wire up the remote protocol

	destroy: Define new public API virDomainDestroyFlags
	This introduces new API virDomainDestroyFlags to allow
	domain destroying with flags, as the existing API virDomainDestroy
	misses flags.
	The set of flags is defined in virDomainDestroyFlagsValues enum,
	which is currently commented, because it is empty.
	Calling this API with no flags set (@flags == 0) is equivalent calling
	virDomainDestroy.

2011-07-22  Eric Blake  <eblake@redhat.com>

	save: wire up remote protocol
	* src/remote/remote_driver.c (remote_driver): Add new callbacks.
	* src/remote/remote_protocol.x (remote_procedure): New RPCs.
	(remote_domain_save_flags_args, remote_domain_restore_flags_args):
	New structs.
	* src/remote_protocol-structs: Update.

	save: new public API to bypass file system cache on save/restore
	In order to choose whether to use O_DIRECT when saving a domain image
	to a file, we need a new flag.  But virDomainSave was implemented
	before our policy of all new APIs having a flag argument.  Likewise
	for virDomainRestore when restoring from a file.
	The new flag name is chosen as CACHE_BYPASS so as not to preclude
	a future solution that uses posix_fadvise once the Linux kernel has
	a smarter implementation of that interface.
	* include/libvirt/libvirt.h.in (virDomainCreateFlags)
	(virDomainCoreDumpFlags): Add a flag.
	(virDomainSaveFlags, virDomainRestoreFlags): New prototypes.
	* src/libvirt.c (virDomainSaveFlags, virDomainRestoreFlags): New API.
	* src/libvirt_public.syms: Export them.
	* src/driver.h (virDrvDomainSaveFlags, virDrvDomainRestoreFlags):
	New driver callbacks.

	qemu: fix error message with migrate2 xml
	Otherwise, an ABI mismatch gives error messages attributing the target
	xml string as current, and the current domain state as the new xml.
	* src/qemu/qemu_migration.c (qemuMigrationBegin): Use correct
	argument order.

	build: rename files.h to virfile.h
	In preparation for a future patch adding new virFile APIs.
	* src/util/files.h, src/util/files.c: Move...
	* src/util/virfile.h, src/util/virfile.c: ...here, and rename
	functions to virFile prefix.  Macro names are intentionally
	left alone.
	* *.c: All '#include "files.h"' uses changed.
	* src/Makefile.am (UTIL_SOURCES): Reflect rename.
	* cfg.mk (exclude_file_name_regexp--sc_prohibit_close): Likewise.
	* src/libvirt_private.syms: Likewise.
	* docs/hacking.html.in: Likewise.
	* HACKING: Regenerate.

	command: avoid leaking fds across fork
	Since libvirt is multi-threaded, we should use FD_CLOEXEC as much
	as possible in the parent, and only relax fds to inherited after
	forking, to avoid leaking an fd created in one thread to a fork
	run in another thread.  This gets us closer to that ideal, by
	making virCommand automatically clear FD_CLOEXEC on fds intended
	for the child, as well as avoiding a window of time with non-cloexec
	pipes created for capturing output.
	* src/util/command.c (virExecWithHook): Use CLOEXEC in parent.  In
	child, guarantee that all fds to pass to child are inheritable.
	(getDevNull): Use CLOEXEC.
	(prepareStdFd): New helper function.
	(virCommandRun, virCommandRequireHandshake): Use pipe2.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Simplify caller.

	command: move all docs into .c file
	We already have a precedent of function documentation in C files,
	where it is closer to the implementation (witness libvirt.h vs.
	libvirt.c); maintaining docs in both files risks docs going stale.
	While I was at it, I used consistent doxygen style on all comments.
	* src/util/command.h: Remove duplicate docs, and move unique
	documentation...
	* src/util/command.c: ...here.
	Suggested by Matthias Bolte.

2011-07-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	rpc: Make the dispatch generator handle 'void name(void)' style procedures
	The only 'void name(void)' style procedure in the protocol is 'close' that
	is handled special, but also programming errors like a missing _args or
	_ret suffix on the structs in the .x files can create such a situation by
	accident. Making the generator aware of this avoids bogus errors from the
	generator such as:
	  Use of uninitialized value in exists at ./rpc/gendispatch.pl line 967.
	Also this allows to get rid of the -c option and the special case code for
	the 'close' procedure, as the generator handles it now correctly.
	Reported by Michal Privoznik

2011-07-21  Eric Blake  <eblake@redhat.com>

	error: preserve errno when saving last error
	It is common to see the sequence:
	virErrorPtr save_err = virSaveLastError();
	// do cleanup
	virSetError(save_err);
	virFreeError(save_err);
	on cleanup paths.  But for functions where it is desirable to
	return the errno that caused failure, this sequence can clobber
	that errno.  virFreeError was already safe; this makes the other
	two functions in the sequence safe as well, assuming all goes
	well (on OOM, errno will be clobbered, but then again, save_err
	won't reflect the real error that happened, so you are no longer
	preserving the real situation - that's life with OOM).
	* src/util/virterror.c (virSaveLastError, virSetError): Preserve
	errno.

2011-07-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	python: Fix makefile rule for code generation
	Commit 8665f85523f0451c changed generated.stamp to $(GENERATE).stamp,
	but missed one instance in the CLEANFILES list. This can break the
	build in case the generated code is deleted but the .stamp file stays
	around and therefore the code isn't regenerated.

2011-07-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix uninitialized variable in QEMU CPU bandwidth code
	* src/qemu/qemu_driver.c: Fix uninitialized variable

2011-07-21  Wen Congyang  <wency@cn.fujitsu.com>

	fix make syntax-check error

	doc: Add documentation for new cputune elements period and quota
	We have added element period and quota. Document them in formatdomain.html.in.

	qemu: Implement cfs_period and cfs_quota's modification
	This patch implements cfs_period and cfs_quota's modification.
	We can use the command 'virsh schedinfo' to query or modify cfs_period and
	cfs_quota.
	If you query period or quota from config file, the value 0 means it does not set
	in the config file.
	If you set period or quota to config file, the value 0 means that delete current
	setting from config file.
	If you modify period or quota while vm is running, the value 0 means that use
	current value.

	qemu: Implement period and quota tunable XML configuration and parsing
	This patch implements period and quota tunable XML configuration and parsing.
	A quota or period of zero will be simply ignored.

	Update XML Schema for new entries
	Define the element cputune's child elements 'period' and 'quota':
	<cputune>
	  <period>100000</period>
	  <quota>50000</quota>
	</cputune>

	cgroup: Implement cpu.cfs_period_us and cpu.cfs_quota_us tuning API
	This patch provides 4 APIs to get and set cpu.cfs_period_us and cpu.cfs_quota_us.

	Introduce the function virCgroupForVcpu
	Introduce the function virCgroupForVcpu() to create sub directory for each vcpu.

2011-07-21  Lai Jiangshan  <laijs@cn.fujitsu.com>

	qemu: send-key: Implement the driver methods
	qemu driver just accept xt_kbd codeset's keycode, so the lib virtkey
	is used for translating keycodes from other codesets

	send-key: Expose the new API in virsh
	Also support string names for the linux keycode(auto detect)
	* tools/virsh.c: add new command "send-key"
	* tools/virsh.pod: documents the new command

	util: add virtkeycode module
	Add virtkey lib for usage-improvment and keycode translating.
	Add 4 internal API for the aim
	const char *virKeycodeSetTypeToString(int codeset);
	int virKeycodeSetTypeFromString(const char *name);
	int virKeycodeValueFromString(virKeycodeSet codeset, const char *keyname);
	int virKeycodeValueTranslate(virKeycodeSet from_codeset,
	                             virKeycodeSet to_offset,
	                             int key_value);
	* include/libvirt/libvirt.h.in: extend virKeycodeSet enum
	* src/Makefile.am: add new virtkeycode module and rule to generate
	  virkeymaps.h
	* src/util/virkeycode.c src/util/virkeycode.h: new module
	* src/util/virkeycode-mapgen.py: python generator for virkeymaps.h
	  out of keymaps.csv
	* src/libvirt_private.syms: extend private symbols for new module
	* .gitignore: add generated virkeymaps.h

	util: Add keymaps.csv
	Should keep it as the same as:
	http://git.gnome.org/browse/gtk-vnc/commit/src/keymaps.csv
	All master  keymaps are defined in a CSV file. THis covers
	Linux keycodes, OSX keycodes, AT set1, 2 & 3, XT keycodes,
	the XT encoding used by the Linux KBD driver, USB keycodes,
	Win32 keycodes, the XT encoding used by Xorg on Cygwin,
	the XT encoding used by Xorg on Linux with kbd driver.
	* src/Makefile.am: added to EXTRA_DIST
	* src/util/keymaps.csv: new file

2011-07-21  Eric Blake  <eblake@redhat.com>

	maint: fix typos on guaranteed
	* src/conf/domain_event.c (virDomainEventDispatch): Fix typo.
	* src/internal.h (ATTRIBUTE_FMT_PRINTF): Likewise.
	* src/libvirt.c (virStreamEventUpdateCallback): Likewise.
	* src/remote/remote_driver.c (doRemoteOpen): Likewise.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.
	* src/util/virterror.c (virConnCopyLastError, virCopyLastError):
	Likewise.
	* src/xen/xend_internal.h (xend_wait_for_devices): Likewise.

2011-07-21  Cole Robinson  <crobinso@redhat.com>

	rpc: Pass through DISPLAY so ssh can launch askpass
	Though we prefer users to have SSH keys setup, virt-manager users still
	depend on remote SSH connections to launch a password dialog. This fixes
	launch ssh-askpass
	Fix suggested by danpb

2011-07-20  Michal Privoznik  <mprivozn@redhat.com>

	sysinfo: Don't try to run dmidecode on archs missing it
	DMI table is Intel & Intel-compatible specific. Therefore other
	architectures miss dmidecode command. So we always fail in searching
	for that command on non-Intel architectures.

2011-07-20  Guannan Ren  <gren@redhat.com>

	Don't try to close a NULL virNetClientPtr
	* src/rpc/virnetclient.c: Skip close attempt if virNetClientPtr
	  is NULL

2011-07-20  Daniel P. Berrange  <berrange@redhat.com>

	Honour key usage/purpose criticality flag
	If a key purpose or usage field is marked as non-critical in the
	certificate, then a data mismatch is not (ordinarily) a cause for
	rejecting the connection
	* src/rpc/virnettlscontext.c: Honour key usage/purpose criticality

	Fix checking of key usage/purpose data
	If key usage or purpose data is not present in the cert, the
	RFC recommends that access be allowed. Also fix checking of
	key usage to include requirements for client/server certs,
	and fix key purpose checking to treat data as a list of bits

	Fix mixed up error messages when reporting TLS certificate problems
	* src/rpc/virnettlscontext.c: Fix mixed up error messages

2011-07-20  Michal Privoznik  <mprivozn@redhat.com>

	udev: Don't try to dump DMI on non-intel archs
	DMI is Intel & Intel-compatible specific. Don't try to dump information
	on non-compatible architectures, which results only in error message in
	logs.

2011-07-20  Eric Blake  <eblake@redhat.com>

	build: fix broken build
	* src/libxl/libxl_driver.c (libxlDomainUndefineFlags): Use correct
	enum value.
	* src/remote_protocol-structs (remote_procedure): Likewise.

2011-07-20  Osier Yang  <jyang@redhat.com>

	undefine: Extend virsh undefine to support the new flag
	If the domain has managed save image, and --managed-save is
	not specified, then it fails with an error telling the user
	that a managed save image still exists.
	If the domain has managed save image, and --managed-save is
	specified, it invokes virDomainUndefineFlags. If
	virDomainUndefineFlags fails, then it tries to remove the managed
	save image using virDomainManagedSaveRemove first, with
	invoking virDomainUndefine following. (For compatibility between
	new virsh with this patch and older libvirt without this patch).
	Similarly if the domain has no managed save image. See the codes for
	detail.
	NOTE: Have not removing the codes checking if the domain is running
	in function "cmdUndefine", it will go along with qemu driver's fix
	(allow to undefine a running domain).

	undefine: Implement undefineFlags for all other drivers

	undefine: Implement internal API for libxl driver
	* src/libxl/libxl_driver.c: New callback for libxl_driver,
	new function libxlDomainUndefineFlags, and changes libxlDomainUndefine
	as a wrapper of libxlDomainUndefineFlags.

	undefine: Implement internal API for qemu driver
	* src/qemu/qemu_driver.c: New call back for qemu_driver,
	New function qemudDomainUndefineFlags, and changes on
	qemudDomainUndefine.

	undefine: Wire up the remote protocol

	undefine: Define the new API
	This introduces a new API virDomainUndefineFlags to control the
	domain undefine process, as the existing API virDomainUndefine
	doesn't support flags.
	Currently only flag VIR_DOMAIN_UNDEFINE_MANAGED_SAVE is supported.
	If the domain has a managed save image, including
	VIR_DOMAIN_UNDEFINE_MANAGED_SAVE in @flags will also remove that
	file, and omitting the flag will cause undefine process to fail.
	This patch also changes the behavior of virDomainUndefine, if the
	domain has a managed save image, the undefine will be refused.

2011-07-20  Eric Blake  <eblake@redhat.com>

	maint: fix spelling of Red Hat
	* cfg.mk (sc_copyright_format): Add to rule.
	* src/util/files.h: Fix offenders.
	* src/util/files.c: Likewise.

2011-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Add sanity checking of basic constraints, key purpose & key usage
	Gnutls requires that certificates have basic constraints present
	to be used as a CA certificate. OpenSSL doesn't add this data
	by default, so add a sanity check to catch this situation. Also
	validate that the key usage and key purpose constraints contain
	correct data
	* src/rpc/virnettlscontext.c: Add sanity checking of certificate
	  constraints

	Add some basic sanity checking of certificates before use
	If the libvirt daemon or libvirt client is configured with bogus
	certificates, it is very unhelpful to only find out about this
	when a TLS connection is actually attempted. Not least because
	the error messages you get back for failures are incredibly
	obscure.
	This adds some basic sanity checking of certificates at the
	time the virNetTLSContext object is created. This is at libvirt
	startup, or when creating a virNetClient instance.
	This checks that the certificate expiry/start dates are valid
	and that the certificate is actually signed by the CA that is
	loaded.
	* src/rpc/virnettlscontext.c: Add certificate sanity checks

	Fix reporting of errors for p2p migration
	Starting/ending jobs when closing the connection may reset any
	error which was reported earlier in p2p migration. We must
	save the original error before doing so. This means we can also
	just call virConnectClose as normal, instead of virUnrefConnect
	* src/qemu/qemu_migration.c: Preserve errors in p2p migration

	Add an explicit virNetClientClose method
	Since the I/O callback registered against virNetSocket will
	hold a reference on the virNetClient, we can't rely on the
	virNetClientFree to be able to close the network connection.
	The last reference will only go away when the event callback
	fires (likely due to EOF from the server).
	This is sub-optimal and can potentially cause a leak of the
	virNetClient object if the server were to not explicitly
	close the socket itself
	* src/remote/remote_driver.c: Explicitly close the client
	  object when disconnecting
	* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Add a
	  virNetClientClose method

	Use a virFreeCallback on virNetSocket to ensure safe release
	When unregistering an I/O callback from a virNetSocket object,
	there is still a chance that an event may come in on the callback.
	In this case it is possible that the virNetSocket might have been
	freed already. Make use of a virFreeCallback when registering
	the I/O callbacks and hold a reference for the entire time the
	callback is set.
	* src/rpc/virnetsocket.c: Register a free function for the
	  file handle watch
	* src/rpc/virnetsocket.h, src/rpc/virnetserverservice.c,
	  src/rpc/virnetserverclient.c, src/rpc/virnetclient.c: Add
	  a free function for the socket I/O watches

	Add mutex locking and reference counting to virNetSocket
	Remove the need for a virNetSocket object to be protected by
	locks from the object using it, by introducing its own native
	locking and reference counting
	* src/rpc/virnetsocket.c: Add locking & reference counting

	Add some debugging for virNetClient reference counting
	* src/rpc/virnetclient.c: Add debugging of ref counts

2011-07-19  Eric Blake  <eblake@redhat.com>

	build: detect doc generation failure
	Commit 8665f85 introduced a slight regression in doc generation,
	since make only quits a rule on the first failed command ending
	with a newline rather than a semicolon.
	* docs/Makefile.am (html/index.html): Don't use xmllint unless
	xsltproc succeeded.
	* .gitignore: Ignore recently updated stamp file name.

2011-07-19  Alex Jia  <ajia@redhat.com>

	util: avoid fds leak when virEventPollAddHandle fail
	* src/util/event_poll.c: avoid file descriptors leak when
	  virEventPollAddHandle fail on virEventPollInit function.

2011-07-19  Eric Blake  <eblake@redhat.com>

	Revert "virsh: make migrate --tunnelled imply --p2p"
	This reverts commit 40143fb697c3cb042197632c0286e7dadf40afd4.
	The patch prevents future compatibility if migration ever learns
	how to do tunnelled without p2p.

2011-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Unregister event callback if a fatal error occurs during dispatch
	If we get an I/O error in the async event callback for an RPC
	client, we might not have consumed all pending data off the
	wire. This could result in the callback being immediately
	invoked again. At which point the same I/O might occur. And
	we're invoked again. And again...And again...
	Unregistering the async event callback if an error occurs is
	a good safety net. The real error will be seen when the next
	RPC method is invoked
	* src/rpc/virnetclient.c: Unregister event callback on error

	Quieten build & ensure API build scripts exit with non-zero status
	The current API build scripts will continue and exit with a zero
	status even if they find problems. This has been the cause of many
	build problems, or hidden build errors, in the past. Change the
	scripts so they always exit with a non-zero status for any problems
	they do not understand. Also turn off all debug output by default
	so they respect $(AM_V_GEN)
	* docs/Makefile.am: Use $(AM_V_GEN) for API/HTML scripts
	* docs/apibuild.py, python/generator.py: Exit with non-zero status
	  if problems are found. Also be silent, not outputting any debug
	  messages.
	* src/Makefile.am: Use $(AM_V_GEN) for ESX generator
	* python/Makefile.am: Tweak rule

2011-07-19  Osier Yang  <jyang@redhat.com>

	tests: Fix virshtest failure after dominfo changed
	Caused by the new changed "dominfo" command.

	virsh: Extend virsh dominfo to display if managed save image exists
	* tools/virsh.c: new column "Managed save" for "cmdDominfo".
	* tools/virsh.pod: Update document of "managedsave" to tell one can
	  use "dominfo" to query whether a domain has any managed save image.

	doc: Correct documents for iface commands
	The problems:
	    * Duplicate documents for "iface-name"
	    * Lacks of document for "iface-mac"
	    * Inconsistent option names with virsh help strings.

2011-07-19  Eric Blake  <eblake@redhat.com>

	virsh: make migrate --tunnelled imply --p2p
	We can make the virsh migrate UI friendlier by supplying the
	missing bit automatically instead of erroring out when requesting
	--tunnelled without --p2p.
	* tools/virsh.c (doMigrate): Make --p2p optional when using
	--tunnelled.
	* tools/virsh.pod (migrate): Tweak wording accordingly.

	libvirt: do not mix internal flags into public API
	There were two API in driver.c that were silently masking flags
	bits prior to calling out to the drivers, and several others
	that were explicitly masking flags bits.  This is not
	forward-compatible - if we ever have that many flags in the
	future, then talking to an old server that masks out the
	flags would be indistinguishable from talking to a new server
	that can honor the flag.  In general, libvirt.c should forward
	_all_ flags on to drivers, and only the drivers should reject
	unknown flags.
	In the case of virDrvSecretGetValue, the solution is to separate
	the internal driver callback function to have two parameters
	instead of one, with only one parameter affected by the public
	API.  In the case of virDomainGetXMLDesc, it turns out that
	no one was ever mixing VIR_DOMAIN_XML_INTERNAL_STATUS with
	the dumpxml path in the first place; that internal flag was
	only used in saving and restoring state files, which happened
	to be in functions internal to a single file, so there is no
	mixing of the internal flag with a public flags argument.
	Additionally, virDomainMemoryStats passed a flags argument
	over RPC, but not to the driver.
	* src/driver.h (VIR_DOMAIN_XML_FLAGS_MASK)
	(VIR_SECRET_GET_VALUE_FLAGS_MASK): Delete.
	(virDrvSecretGetValue): Separate out internal flags.
	(virDrvDomainMemoryStats): Provide missing flags argument.
	* src/driver.c (verify): Drop unused check.
	* src/conf/domain_conf.h (virDomainObjParseFile): Delete
	declaration.
	(virDomainXMLInternalFlags): Move...
	* src/conf/domain_conf.c: ...here.  Delete redundant include.
	(virDomainObjParseFile): Make static.
	* src/libvirt.c (virDomainGetXMLDesc, virSecretGetValue): Update
	clients.
	(virDomainMemoryPeek, virInterfaceGetXMLDesc)
	(virDomainMemoryStats, virDomainBlockPeek, virNetworkGetXMLDesc)
	(virStoragePoolGetXMLDesc, virStorageVolGetXMLDesc)
	(virNodeNumOfDevices, virNodeListDevices, virNWFilterGetXMLDesc):
	Don't mask unknown flags.
	* src/interface/netcf_driver.c (interfaceGetXMLDesc): Reject
	unknown flags.
	* src/secret/secret_driver.c (secretGetValue): Update clients.
	* src/remote/remote_driver.c (remoteSecretGetValue)
	(remoteDomainMemoryStats): Likewise.
	* src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase):
	Likewise.
	* src/qemu/qemu_driver.c (qemudDomainMemoryStats): Likewise.
	* daemon/remote.c (remoteDispatchDomainMemoryStats): Likewise.

2011-07-19  Alex Jia  <ajia@redhat.com>

	virsh: avoid double free of domain
	* tools/virsh.c: avoid double free of domain, when weight value of blkiotune
	  less than 0, codes will free domain and jump to cleanup section, however,
	  cleanup will free domain again.
	Detected in valgrind run:
	==21297== ERROR SUMMARY: 20 errors from 20 contexts (suppressed: 69 from 8)
	==21297==
	==21297== 1 errors in context 1 of 20:
	==21297== Invalid read of size 4
	==21297==    at 0x40E209B: virDomainFree (libvirt.c:2096)
	==21297==    by 0x8065274: cmdBlkiotune (virsh.c:3695)
	==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
	==21297==    by 0x806B967: main (virsh.c:14487)
	==21297==  Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
	==21297==    at 0x4005B0A: free (vg_replace_malloc.c:325)
	==21297==    by 0x406814D: virFree (memory.c:310)
	==21297==    by 0x40D6635: virReleaseDomain (datatypes.c:243)
	==21297==    by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
	==21297==    by 0x40E20B9: virDomainFree (libvirt.c:2101)
	==21297==    by 0x8065297: cmdBlkiotune (virsh.c:3613)
	==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
	==21297==    by 0x806B967: main (virsh.c:14487)
	==21297==
	==21297==
	==21297== 1 errors in context 2 of 20:
	==21297== Invalid read of size 4
	==21297==    at 0x40E1FE6: virDomainFree (libvirt.c:2092)
	==21297==    by 0x8065274: cmdBlkiotune (virsh.c:3695)
	==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
	==21297==    by 0x806B967: main (virsh.c:14487)
	==21297==  Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
	==21297==    at 0x4005B0A: free (vg_replace_malloc.c:325)
	==21297==    by 0x406814D: virFree (memory.c:310)
	==21297==    by 0x40D6635: virReleaseDomain (datatypes.c:243)
	==21297==    by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
	==21297==    by 0x40E20B9: virDomainFree (libvirt.c:2101)
	==21297==    by 0x8065297: cmdBlkiotune (virsh.c:3613)
	==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
	==21297==    by 0x806B967: main (virsh.c:14487)
	* how to reproduce?
	  % valgrind -v --leak-check=full virsh blkiotune guestname --weight -1

2011-07-19  Eric Blake  <eblake@redhat.com>

	docs: improve virsh man page synopses
	"optional" is not a very good meta-syntactic construct in our man
	page.  I scrubbed this, and additionally improved some documentation
	on mutually exclusive options.  For example,
	[[--live] [--config] | [--current]]
	implies a set of optional flags, where within the set you can have
	either --current or a choice of 0, 1, or both --live and --config.
	* tools/virsh.pod: Use "[name]" rather than "optional name" for
	optional arguments.

2011-07-19  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix protocol-structs check in VPATH build
	$@ already included $(srcdir)

2011-07-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix now dead cleanup of VMs on libvirtd restart
	When libvirtd restarts it will attempt to reconnect to existing
	LXC containers. If it loads a XML state file for the container
	the container will appear running. If we fail to read the PID
	file, or fail to connect to the LXC monitor, we should be killing
	off the guest, but if the VMs cgroup does not exist any more,
	cleanup will get skipped. Reading the PID file is also pointless
	since the PID is in the XML statefile
	In lxcReconnectVM we do not need to read the PID file. If part
	of the reconnect process fails we need to run the VM terminate
	code as a safety net.
	In lxcVMTerminate, if we can't obtain the VM cgroup, we know
	the process has died, but we must still run lxcVMCleanup to
	clear out the virDomainObjPtr live state
	* src/lxc/lxc_driver.c: Fix cleanup of dead VMs on restart

2011-07-18  Michal Privoznik  <mprivozn@redhat.com>

	docs: Fix spice documentation typo
	We missed ending tag for paragraph element

2011-07-17  Osier Yang  <jyang@redhat.com>

	rpc: Fix typos in rpc generator scripts
	These typos are introduced by file renaming in commit b17b4afaf.
	src/remote/qemu_protocol.x \
	src/remote/remote_protocol.x \
	src/rpc/gendispatch.pl:
	    s/remote_generator/gendispatch/
	src/rpc/genprotocol.pl:
	    s/remote\/remote_protocol/remote_protocol/

2011-07-16  Osier Yang  <jyang@redhat.com>

	qemu: Fix a regression of attaching device
	The regression is introduced by Commit da1eba6b, the new
	codes with this commit doesn't reset "ret" to "-1" when
	it fails on parsing the device XML (live device attachment)
	This patch changes the codes to reset the "ret" and "-1",
	and also changes the codes so that it don't modify "ret"
	for condition checking.
	How to reproduce:
	% cat test.xml
	<disk type='oops' device='disk'>
	  <driver name='qemu' type='raw'/>
	  <source file='/var/lib/libvirt/images/test.img'/>
	  <target dev='vda' bus='virtio'/>
	</disk>
	% virsh attach-device $domain test.xml
	Device attached successfully
	The device attachment failed actually with error "unknown disk type 'oops'",
	however, it reports success.

2011-07-16  Eric Blake  <eblake@redhat.com>

	build: also track RPC on-wire enum values
	As long as we guarantee RPC struct layout stability, we might as
	well also guarantee RPC enum value constancy.
	* src/Makefile.am (r1, r2, PDWTAGS): Adjust rule to pick up named
	and anonymous enums.
	* src/remote_protocol-structs: Add enum values.
	* src/qemu_protocol-structs: Likewise.
	* src/virnetprotocol-structs: Likewise.

	docs: document dxml argument to migrate2
	Commit 135554166 introduced a nice feature without documenting it.
	* src/libvirt.c (virDomainMigrate2): Add paragraph.

	build: add syntax check for proper flags use
	Enforce the recent flags cleanups - we want to use 'unsigned int flags'
	in any of our APIs (except where backwards compatibility is important,
	in the public migration APIs), and that all flags are checked for
	validity (except when there are stub functions that completely
	ignore the flags argument).
	There are a few minor tweaks done here to avoid false positives:
	signed arguments passed to open() are renamed oflags, and flags
	arguments that are legitimately ignored are renamed flags_unused.
	* cfg.mk (sc_flags_usage): New rule.
	(exclude_file_name_regexp--sc_flags_usage): And a few exemptions.
	(sc_flags_debug): Tweak wording.
	* src/util/iohelper.c (runIO, main): Rename variable.
	* src/util/util.c (virSetInherit): Likewise.
	* src/fdstream.h (virFDStreamOpenFile, virFDStreamCreateFile):
	Likewise.
	* src/fdstream.c (virFDStreamOpenFileInternal)
	(virFDStreamOpenFile, virFDStreamCreateFile): Likewise.
	* src/util/command.c (virExecWithHook) [WIN32]: Likewise.
	* src/util/util.c (virFileOpenAs, virDirCreate) [WIN32]: Likewise.
	* src/locking/lock_manager.c (virLockManagerPluginNew)
	[!HAVE_DLFCN_H]: Likewise.
	* src/locking/lock_driver_nop.c (virLockManagerNopNew)
	(virLockManagerNopAddResource, virLockManagerNopAcquire)
	(virLockManagerNopRelease, virLockManagerNopInquire): Likewise.

	xen: reject unknown flags
	Also fix a logic bug in xenXMDomain{Attach,Detach}DeviceFlags,
	where (flags & VIR_DOMAIN_DEVICE_MODIFY_CURRENT) is always false.
	* src/xen/xen_driver.c (xenUnifiedDomainXMLFromNative)
	(xenUnifiedDomainXMLToNative, xenUnifiedDomainBlockPeek): Reject
	unknown flags.
	* src/xen/xen_hypervisor.c (xenHypervisorOpen)
	(xenHypervisorGetDomainState): Likewise.
	* src/xen/xen_inotify.c (xenInotifyOpen): Likewise.
	* src/xen/xs_internal.c (xenStoreOpen, xenStoreDomainGetState)
	(xenStoreDomainReboot): Likewise.
	* src/xen/xend_internal.c (xenDaemonOpen, xenDaemonDomainReboot)
	(xenDaemonDomainCoreDump, xenDaemonDomainGetState)
	(xenDaemonDomainMigratePrepare, xenDaemonDomainSetVcpusFlags,
	xenDaemonDomainGetVcpusFlags, xenDaemonAttachDeviceFlags,
	xenDaemonDetachDeviceFlags): Likewise.
	(xenDaemonDomainGetXMLDesc): Prefer unsigned flags.
	* src/xen/xend_internal.h (xenDaemonDomainGetXMLDesc): Likewise.
	* src/xen/xm_internal.h (xenXMDomainGetXMLDesc): Likewise.
	* src/xen/xm_internal.c (xenXMDomainGetXMLDesc): Likewise.
	(xenXMOpen, xenXMDomainGetState, xenXMDomainSetVcpusFlags)
	(xenXMDomainGetVcpusFlags): Reject unknown flags.
	(xenXMDomainAttachDeviceFlags, xenXMDomainDetachDeviceFlags):
	Likewise, and avoid always-false conditional.
	* src/xen/xen_driver.h (XEN_MIGRATION_FLAGS): New define.

	esx: reject unknown flags
	Silently ignored flags get in the way of new features that
	use those flags.
	Regarding ESX migration flags - right now, ESX silently enforces
	VIR_MIGRATE_PERSIST_DEST, VIR_MIGRATE_UNDEFINE_SOURCE, and
	VIR_MIGRATE_LIVE, even if those flags were not supplied; it ignored
	other flags.  This patch does not change the implied bits (it permits
	but does not require them), but enforces only the supported bits.
	If further cleanup is needed to be more particular about migration
	flags, that should be a separate patch.
	* src/esx/esx_device_monitor.c (esxDeviceOpen): Reject unknown
	flags.
	* src/esx/esx_driver.c (esxOpen, esxDomainReboot)
	(esxDomainXMLFromNative, esxDomainXMLToNative)
	(esxDomainMigratePrepare, esxDomainMigratePerform)
	(esxDomainMigrateFinish): Likewise.
	* src/esx/esx_interface_driver.c (esxInterfaceOpen): Likewise.
	* src/esx/esx_network_driver.c (esxNetworkOpen): Likewise.
	* src/esx/esx_nwfilter_driver.c (esxNWFilterOpen): Likewise.
	* src/esx/esx_secret_driver.c (esxSecretOpen): Likewise.
	* src/esx/esx_storage_driver.c (esxStorageOpen): Likewise.

	virsh: improve option handling
	The documentation for vshCommandOptString claims that it returns
	-1 on a missing required argument, but in reality, that error
	message was unreachable (it was buried inside an if clause that
	is true only if the argument was present).  The code was so hairy
	that I decided a rewrite would make it easier to understand,
	and actually return the error values we want.
	Meanwhile, our construction guarantees that all vshCmdOpt have
	a non-null def member, so there are some redundant checks that
	can be trimmed.
	* tools/virsh.c (vshCommandOpt): Alter signature.
	(vshCommandOptInt, vshCommandOptUInt, vshCommandOptUL)
	(vshCommandOptString, vshCommandOptLongLong)
	(vshCommandOptULongLong, vshCommandOptBool): Adjust all callers.
	(vshCommandOptArgv): Remove dead condition.

	flags: fix domain_conf migration regression
	Commit 461e0f1a broke migration, because there was a code path
	that tried to enable an internal flag while still going through
	the public function.  Split the internal flag into a separate
	callback, and validate that flags do not overlap.
	* src/conf/domain_conf.c (virDomainDefFormat): Split...
	(virDomainDefFormatInternal): ...to separate the flag check.
	(virDomainObjFormat): Adjust caller.

2011-07-16  Dave Allan  <dallan@redhat.com>

	website: Point main page links to libvirt driver pages
	The "libvirt supports:" section on the main page of libvirt.org
	contains a list of hypervisors with links that point to the sites of
	the underlying virt technologies.  The entry for KVM points to
	http://www.linux-kvm.org/, for example.  People coming to libvirt.org
	for the first time are likely to know about those sites, and they're
	probably interested in how libvirt manages those technologies.  This
	patch points those links to the libvirt driver pages instead.  It also
	consolidates KVM and QEMU as there is only one libvirt driver page for
	them.  Finally, it adds a line about networking support.
	v2: incorporate Eric's feedback adding project links to driver pages.
	website: Add project links to KVM/QEMU driver page
	website: Add project links to Xen driver page
	website: Add project links to LXC driver page
	website: Add project links to OpenVZ driver page
	website: Add project links to UML driver page
	website: Add project links to Virtualbox driver page
	website: Add project links to ESX driver page
	website: Add project links to VMware driver page

2011-07-16  Eric Blake  <eblake@redhat.com>

	flags: fix qemu migration regression
	Commit f548480b broke migration v3 on qemu, because the driver
	passed flags on through to qemu_migration even though
	qemu_migration wasn't using those flags.
	* src/qemu/qemu_migration.h (QEMU_MIGRATION_FLAGS): New define.
	* src/qemu/qemu_driver.c: Simplify all migration callbacks.
	* src/qemu/qemu_migration.c (qemuMigrationConfirm): Fix regression.

	flags: use common dumpxml flags check
	The previous patches only cleaned up ATTRIBUTE_UNUSED flags cases;
	auditing the drivers found other places where flags was being used
	but not validated.  In particular, domainGetXMLDesc had issues with
	clients accepting a different set of flags than the common
	virDomainDefFormat helper function.
	* src/conf/domain_conf.c (virDomainDefFormat): Add common flag check.
	* src/uml/uml_driver.c (umlDomainAttachDeviceFlags)
	(umlDomainDetachDeviceFlags): Reject unknown
	flags.
	* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc)
	(vboxDomainAttachDeviceFlags)
	(vboxDomainDetachDeviceFlags): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Likewise.
	(qemuDomainGetXMLDesc): Document common flag handling.
	* src/libxl/libxl_driver.c (libxlDomainGetXMLDesc): Likewise.
	* src/lxc/lxc_driver.c (lxcDomainGetXMLDesc): Likewise.
	* src/openvz/openvz_driver.c (openvzDomainGetXMLDesc): Likewise.
	* src/phyp/phyp_driver.c (phypDomainGetXMLDesc): Likewise.
	* src/test/test_driver.c (testDomainGetXMLDesc): Likewise.
	* src/vmware/vmware_driver.c (vmwareDomainGetXMLDesc): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainGetXMLDesc): Likewise.

	maint: fix typos
	Our XML prefers "shareable" over "sharable".
	* docs/internals/locking.html.in: s/sharable/shareable/
	* src/locking/lock_driver_sanlock.c
	(virLockManagerSanlockAddResource): Likewise.

2011-07-16  Hu Tao  <hutao@cn.fujitsu.com>

	add --cache, --serial, --shareable and --address to attach-disk
	This adds four options for virsh command attach-disk.
	--cache option allows user to specify cache mode of disk device
	from virsh command line when attaching a disk device.
	--serial option allows user to specify serial string of disk device
	from virsh command line when attaching a disk device.
	--shareable option allows user to specify whether the disk device is
	shareable between domains when attaching a disk device from virsh
	command line.
	--address option allows user to specify address of disk device when
	attaching a disk device.

2011-07-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix error message for missing TLS write function
	* src/rpc/virnettlscontext.c: s/read/write/

	Fix reporting of cert validation failures
	If the server succesfully validates the client cert, it will send
	back a single byte, under TLS. If it fails, it will close the
	connection. In this case, we were just reporting the standard
	I/O error. The original RPC code had a special case hack for the
	GNUTLS_E_UNEXPECTED_PACKET_LENGTH error code to make us report
	a more useful error message
	* src/rpc/virnetclient.c: Return ENOMSG if we get
	  GNUTLS_E_UNEXPECTED_PACKET_LENGTH
	* src/rpc/virnettlscontext.c: Report cert failure if we
	  see ENOMSG

2011-07-15  Dave Allan  <dallan@redhat.com>

	Fix error code for storage operations
	Many volume operations will fail if the volume in question is being
	allocated.  These operations were returning VIR_ERR_INTERNAL_ERROR
	when they should be returning VIR_ERR_OPERATION_INVALID.

2011-07-15  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setvcpus: add "--current" option to "virsh setvcpus"
	This patch adds the --current option to "virsh setvcpus"
	command. Currently "virsh setvcpus" command supports
	"--live" and "--config" , but "--current" option.
	From view of consistency, it's reasonable to support
	"--current" option too.
	When --current is specified, it affects a "current"
	domain.

	setvcpus: extend qemuDomainSetVcpusFlags() to support current flag
	This patch extends qemudDomainSetVcpusFlags() function to support
	VIR_DOMAIN_AFFECT_CURRENT flag.

	setvcpus: extend virDomainSetVcpusFlags API to support current flag
	This patch extends virDomainSetVcpusFlags API to support
	VIR_DOMAIN_AFFECT_CURRENT flag.
	Now because most APIs accept VIR_DOMAIN_AFFECT_CURRENT flags,
	virDomainSetVcpusFlags API should also do.

2011-07-15  Daniel P. Berrange  <berrange@redhat.com>

	Add domain events support to UML driver
	* src/uml_conf.h: Add queue for dispatch of domain events
	* src/uml_driver.c: Trigger domain events upon important lifecycle transitions

2011-07-15  Eric Blake  <eblake@redhat.com>

	docs: mention EMOTIVE as a libvirt-using app
	* docs/apps.html.in: Add EMOTIVE.
	Reported by Alex Vaqué Brull <memfis@gmail.com>.

	virnetsocket: use new API for uniform child cleanup
	Rather than trying to clean up the ssh child ourselves, and risk
	subtle differences from the socket creation error path, we can
	just use the new APIs.
	* src/rpc/virnetsocket.c (virNetSocketFree): Use new function.

	fdstream: avoid child process leak on error
	By requesting the pid in virCommandRunAsync, fdstream was claiming
	that it would manually wait for the process.  But on the failure
	path, the child process was being leaked.
	* src/fdstream.c (virFDStreamOpenFileInternal): Auto-reap child.

	command: introduce virPidWait, virPidAbort
	When using virCommandRunAsync and saving the pid for later, it
	is useful to be able to reap that pid in the same way that it
	would have been auto-reaped by virCommand if we had passed
	NULL for the pid argument in the first place.
	* src/util/command.c (virPidWait, virPidAbort): New functions,
	created from...
	(virCommandWait, virCommandAbort): ...bodies of these.
	(includes): Drop duplicate <stdlib.h>.  Ensure that our pid_t
	assumptions hold.
	(virCommandRunAsync): Improve documentation.
	* src/util/command.h (virPidWait, virPidAbort): New prototypes.
	* src/libvirt_private.syms: Export them.
	* docs/internals/command.html.in: Document them.

2011-07-15  Jamie Strandboge  <jamie@canonical.com>

	update apparmor security driver for new udev paths
	In the Ubuntu development release we recently got a new udev that
	moves /var/run to /run, /var/lock to /run/lock and /dev/shm to /run/shm.
	This change in udev requires updating the apparmor security driver in
	libvirt[1].
	Attached is a patch that:
	 * adjusts src/security/virt-aa-helper.c to allow both
	LOCALSTATEDIR/run/libvirt/**/%s.pid and /run/libvirt/**/%s.pid. While
	the profile is not as precise, LOCALSTATEDIR/run/ is typically a symlink
	to /run/ anyway, so there is no additional access (remember that
	apparmor resolves symlinks, which is why this is still required even
	if /var/run points to /run).
	 * adjusts example/apparmor/libvirt-qemu paths for /dev/shm
	[1]https://launchpad.net/bugs/810270
	--
	Jamie Strandboge             | http://www.canonical.com

2011-07-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	xenapi: Improve error reporting in xenapiOpen
	Use better suited error code and avoid NULL in error messsage
	as *privP->session->error_description can be NULL.

2011-07-14  Eric Blake  <eblake@redhat.com>

	build: fix VPATH build of todo
	Without this patch, the make rule in a VPATH build was trying to
	invoke ../../docs/../../docs/todo.pl, which didn't exist.
	* docs/Makefile.am (todo.html.in): Using $< already implies
	$(srcdir) in GNU make VPATH situations.

	build: check for virnetprotocol on-the-wire stability
	Similar to the recent qemu_protocol-structs addition.
	* src/virnetprotocol-structs: New file.
	* src/Makefile.am (%_protocol-structs): Factor body...
	(PDWTAGS): ...into new helper macro.
	(virnetprotocol-structs): New rule.
	(PROTOCOL_STRUCTS): Add virnetprotocol-structs.

2011-07-14  Wen Congyang  <wency@cn.fujitsu.com>

	build: disable some drivers when building without libvirt daemon
	We disable some drivers when building without libvirtd in configure,
	but we do not do the same thing in libvirt.spec. It may break rpm
	building without libvirtd.

2011-07-14  Michal Privoznik  <mprivozn@redhat.com>

	storage: Avoid memory leak on metadata fetching
	Getting metadata on storage allocates a memory (path) which need to
	be freed after use otherwise it gets leaked. This means after use of
	virStorageFileGetMetadataFromFD or virStorageFileGetMetadata one
	must call virStorageFileFreeMetadata to free it. This function frees
	structure internals and structure itself.

2011-07-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't overwrite errors by closefd in error paths
	When qemuMonitorCloseFileHandle is called in error path, we need to
	preserve the original error since a possible further error when running
	closefd monitor command is not very useful to users.

	qemu: Save domain status ASAP after creating qemu process
	When creating new qemu process we saved domain status XML only after the
	process was fully setup and running. In case libvirtd was killed before
	the whole process finished, once libvirtd started again it didn't know
	anything about the new process and we end up with an orphaned qemu
	process. Let's save the domain status XML as soon as we know the PID so
	that libvirtd can kill the process on restart.

2011-07-14  Eric Blake  <eblake@redhat.com>

	build: avoid ATTRIBUTE_UNUSED in headers
	The compiler might optimize based on our declaration that something
	is unused.  Putting that declaration in the header risks getting
	out of sync with the actual implementation, so it belongs better
	only in the .c files.  We were mostly compliant, and a new syntax
	check will help us in the future.
	* cfg.mk (sc_avoid_attribute_unused_in_header): New syntax check.
	* src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Delete
	attribute already present in .c file.
	* src/qemu/qemu_domain.h (qemuDomainEventFlush): Likewise.
	* src/util/virterror_internal.h (virReportErrorHelper): Parameters
	are actually used by .c file.
	* src/xenxs/xen_sxpr.h (xenFormatSxprDisk): Adjust prototype.
	* src/xenxs/xen_sxpr.c (xenFormatSxprDisk): Delete unused argument.
	(xenFormatSxpr): Adjust caller.
	* src/xen/xend_internal.c (xenDaemonAttachDeviceFlags)
	(xenDaemonUpdateDeviceFlags): Likewise.
	Suggested by Daniel Veillard.

	remote: prefer unsigned flags
	* src/remote/remote_driver.c (call, remoteOpenSecondaryDriver):
	Prefer unsigned flags.

	conf: delete unused flags arguments
	For static functions not used as callbacks, there's no need to
	keep an unused parameter.
	* src/conf/domain_conf.c (virDomainChrDefParseTargetXML)
	(virDomainTimerDefParseXML, virDomainHostdevSubsysUsbDefParseXML)
	(virDomainVcpuPinDefParseXML): Drop unused parameter.
	(virDomainChrDefParseXML, virDomainDefParseXML)
	(virDomainHostdevDefParseXML): Update callers.
	(virDomainNetDefParseXML): Mark flags used.

2011-07-14  Supriya Kannery  <supriyak@linux.vnet.ibm.com>

	virsh: Update virsh man page
	Valid loglevel range for virsh  is 0-4. Update virsh man page
	accordingly. Also explain virsh ENV variables and values.

2011-07-14  Jiri Denemark  <jdenemar@redhat.com>

	virsh: fix previous patch
	The last patch breaks make check for two reasons. First, it reverses the
	condition but leaves default level unchanged, so instead of not printing
	anything but errors before the patch it now prints all debug messages by
	default. Second, you forgot to change -d5 option passed to virsh in
	tests/virsh-optparse to -d0; the script wants to see all debug messages.

2011-07-14  Supriya Kannery  <supriyak@linux.vnet.ibm.com>

	virsh: Make "DEBUG" loglevel the superset
	Aligning loglevel values of virsh to that of libvirt.
	"DEBUG"=0 loglevel, when specified through commandline or
	env variable, should log all the messages. "ERROR=4"
	should log only error messages.

	virsh: Avoid using magic numbers for logging
	Replace magic numbers with loglevel variables.

2011-07-14  Jiri Denemark  <jdenemar@redhat.com>

	util: Avoid duplicating virFileOpenAsNoFork in virFileOpenAs
	In 2f4d2496a88055a8343b3efca618522da8715d92 I didn't notice that one
	part of virFileOpenAs doesn't actually call to virFileOpenAsNoFork but
	rather includes a copy of the code from there.

2011-07-14  Eric Blake  <eblake@redhat.com>

	build: don't hand-roll cloexec code
	No need to repeat common code.
	* bootstrap.conf (gnulib_modules): Import calloc-posix.
	* src/util/bridge.c (brInit): Use virSetCloseExec.
	(brSetInterfaceUp): Adjust flags name.
	* src/uml/uml_driver.c (umlSetCloseExec): Delete.
	(umlStartVMDaemon): Use util version instead.

	conf: prefer unsigned flags
	* src/conf/cpu_conf.h (virCPUDefFormat, virCPUDefFormatBuf):
	Change flags type.
	* src/conf/cpu_conf.c (virCPUDefFormat, virCPUDefFormatBuf):
	Likewise.
	* src/conf/storage_conf.c (_virStoragePoolOptions): Likewise.
	* src/datatypes.h (_virConnect, _virStream): Likewise.

	python: prefer unsigned flags
	* python/libvirt-override.c (libvirt_virConnectOpenAuth)
	(libvirt_virDomainSnapshotListNames)
	(libvirt_virDomainRevertToSnapshot): Change flags type.

	node_device: avoid implicit int
	'unsigned a' and 'unsigned int a' are synonyms, but we generally
	always spell out the 'int' in that case.  Fixing this will avoid
	a false positive in the next syntax-check commit.
	* src/conf/node_device_conf.h (pci_config_address)
	(_virNodeDevCapsDef): Prefer 'unsigned int' over 'unsigned'.

	virsh, daemon: prefer unsigned flags
	* tools/virsh.c (vshCmdDef): Change flags type.
	* daemon/remote.c (remoteDispatchOpen): Likewise.

	xenapi: reject unknown flags
	* src/xenapi/xenapi_driver.c (xenapiOpen, xenapiDomainReboot):
	Reject unknown flags.
	(xenapiDomainGetXMLDesc): Likewise, and pass known flags through
	to XML generation.

	vmware: reject unknown flags
	* src/vmware/vmware_driver.c (vmwareOpen, vmwareDomainReboot)
	(vmwareDomainCreateXML, vmwareDomainCreateWithFlags): Reject
	unknown flags.

	vbox: reject unknown flags
	* src/vbox/vbox_driver.c (vboxOpenDummy): Reject unknown flags.
	* src/vbox/vbox_tmpl.c (vboxOpen, vboxDomainReboot)
	(vboxNetworkOpen, vboxNetworkGetXMLDesc, vboxStorageOpen)
	(vboxStorageVolCreateXML, vboxStorageVolDelete)
	(vboxStorageVolGetXMLDesc, vboxDomainScreenshot): Likewise.

	uml: reject unknown flags
	* src/uml/uml_driver.c (umlOpen, umlDomainGetXMLDesc)
	(umlDomainBlockPeek): Reject unknown flags.

	test: reject unknown flags
	* src/test/test_driver.c (testOpen, testDomainCoreDump)
	(testOpenNetwork, testNetworkGetXMLDesc, testOpenInterface)
	(testInterfaceChangeBegin, testInterfaceChangeCommit)
	(testInterfaceChangeRollback, testInterfaceGetXMLDesc)
	(testInterfaceDefineXML, testInterfaceCreate)
	(testInterfaceDestroy, testStorageOpen, testStoragePoolStart)
	(testStorageFindPoolSources, testStoragePoolCreate)
	(testStoragePoolDefine, testStoragePoolBuild)
	(testStoragePoolDelete, testStoragePoolRefresh)
	(testStoragePoolGetXMLDesc, testStorageVolumeCreateXML)
	(testStorageVolumeCreateXMLFrom, testStorageVolumeDelete)
	(testStorageVolumeGetXMLDesc, testDevMonOpen)
	(testNodeNumOfDevices, testNodeListDevices)
	(testNodeDeviceGetXMLDesc, testNodeDeviceCreateXML)
	(testSecretOpen, testNWFilterOpen): Reject unknown flags.

	qemu: reject unknown flags
	* src/qemu/qemu_driver.c (qemudOpen, qemuDomainScreenshot)
	(qemuDomainXMLFromNative, qemuDomainXMLToNative)
	(qemudDomainBlockPeek, qemuCPUCompare, qemuCPUBaseline): Reject
	unknown flags.
	* src/qemu/qemu_migration.c (qemuMigrationConfirm): Likewise.
	(_qemuMigrationCookie, qemuMigrationCookieXMLParse)
	(qemuMigrationCookieXMLParseStr, qemuMigrationBakeCookie)
	(qemuMigrationEatCookie): Make flags unsigned.
	* src/qemu/qemu_domain.h: (qemuDomainDefFormatXML)
	(qemuDomainFormatXML): Prefer unsigned flags.
	* src/qemu/qemu_domain.c (qemuDomainDefFormatXML)
	(qemuDomainFormatXML): Likewise.
	(qemuDomainOpenLogHelper, qemuDomainCreateLog): Rename variable.

	phyp: reject unknown flags
	* src/phyp/phyp_driver.c (phypOpen, phypDomainReboot)
	(phypVIOSDriverOpen): Reject unknown flags.

	openvz: reject unknown flags
	* src/openvz/openvz_driver.c (openvzDomainReboot, openvzOpen):
	Reject unknown flags.

	lxc: reject unknown flags
	* src/lxc/lxc_driver.c (lxcOpen, lxcDomainSetMemoryParameters)
	(lxcDomainGetMemoryParameters): Reject unknown flags.
	* src/lxc/lxc_container.c (lxcContainerStart): Rename flags to
	cflags to reflect that it is not tied to libvirt.

	libxl: reject unknown flags
	* src/libxl/libxl_driver.c (libxlOpen, libxlDomainReboot)
	(libxlDomainXMLFromNative, libxlDomainXMLToNative)
	(libxlDomainCreateWithFlags): Reject unknown flags.

2011-07-14  Nan Zhang  <nzhang@redhat.com>

	virsh: fix missing prompt message for 'snapshot-delete' command
	Make the command 'virsh snapshot-delete' has the appropriate prompt
	message when executing sucessful or failed.

2011-07-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: build failed due to unused variables
	While compiling on F15 build crashed (probably because of new GCC).

2011-07-13  Eric Blake  <eblake@redhat.com>

	storage: reject unknown flags
	* src/storage/storage_backend.c (virStorageBackendCreateBlockFrom)
	(virStorageBackendCreateQemuImg)
	(virStorageBackendCreateQcowCreate): Reject unknown flags.
	* src/storage/storage_backend_disk.c (virStorageBackendDiskBuildPool)
	(virStorageBackendDiskDeleteVol): Likewise.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemNetFindPoolSources)
	(virStorageBackendFileSystemBuild)
	(virStorageBackendFileSystemDelete, createFileDir)
	(virStorageBackendFileSystemVolBuildFrom)
	(virStorageBackendFileSystemVolDelete): Likewise.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIFindPoolSources): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalFindPoolSources)
	(virStorageBackendLogicalBuildPool)
	(virStorageBackendLogicalDeletePool)
	(virStorageBackendLogicalDeleteVol): Likewise.
	* src/storage/storage_driver.c (storageOpen, storagePoolCreate)
	(storagePoolDefine, storagePoolRefresh, storagePoolGetXMLDesc)
	(storageVolumeCreateXML, storageVolumeCreateXMLFrom)
	(storageVolumeGetXMLDesc): Likewise.

	node_device: reject unknown flags
	* src/node_device/node_device_driver.c (nodeNumOfDevices)
	(nodeListDevices, nodeDeviceGetXMLDesc, nodeDeviceCreateXML):
	Reject unknown flags.
	* src/node_device/node_device_hal.c (halNodeDrvOpen): Likewise.
	* src/node_device/node_device_udev.c (udevNodeDrvOpen): Likewise.

	util: reject unknown flags, and prefer unsigned flags
	Silently ignored flags get in the way of new features that
	use those flags.  Also, an upcoming syntax check will favor
	unsigned flags.
	* src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Drop
	unused attribute.
	* src/interface/netcf_driver.c (interfaceOpenInterface)
	(interfaceDefineXML, interfaceCreate, interfaceDestroy): Reject
	unknown flags.
	* src/network/bridge_driver.c (networkOpenNetwork)
	(networkGetXMLDesc): Likewise.
	* src/nwfilter/nwfilter_driver.c (nwfilterOpen): Likewise.
	* src/secret/secret_driver.c (secretOpen, secretDefineXML)
	(secretGetXMLDesc, secretSetValue): Likewise.
	* src/util/logging.c (virLogDefineFilter, virLogDefineOutput)
	(virLogMessage): Likewise; also use unsigned flags.
	* src/util/logging.h (virLogDefineFilter, virLogDefineOutput)
	(virLogMessage): Change signature.
	* src/util/command.c (virExecWithHook): Likewise.

	libvirt-qemu: use unsigned flags
	Like commit 1740c381, but for libvirt-qemu.
	* src/remote/qemu_protocol.x (qemu_monitor_command_args): Adjust
	type to match API.
	* src/qemu_protocol-structs: Update accordingly.

	maint: print flags in hex during debug
	Continuation of commit 313ac7fd, and enforce things with a syntax
	check.
	Technically, virNetServerClientCalculateHandleMode is not printing
	a mode_t, but rather a collection of VIR_EVENT_HANDLE_* bits;
	however, these bits are < 8, so there is no different in the
	output, and that was the easiest way to silence the new syntax check.
	* cfg.mk (sc_flags_debug): New syntax check.
	(exclude_file_name_regexp--sc_flags_debug): Add exemptions.
	* src/fdstream.c (virFDStreamOpenFileInternal): Print flags in
	hex, mode_t in octal.
	* src/libvirt-qemu.c (virDomainQemuMonitorCommand)
	(virDomainQemuAttach): Likewise.
	* src/locking/lock_driver_nop.c (virLockManagerNopInit): Likewise.
	* src/locking/lock_driver_sanlock.c (virLockManagerSanlockInit):
	Likewise.
	* src/locking/lock_manager.c: Likewise.
	* src/qemu/qemu_migration.c: Likewise.
	* src/qemu/qemu_monitor.c: Likewise.
	* src/rpc/virnetserverclient.c
	(virNetServerClientCalculateHandleMode): Print mode with %o.

	maint: exclude more files from syntax check
	* cfg.mk (VC_LIST_ALWAYS_EXCLUDE_REGEX): Exempt
	docs/api_extension/*.patch.
	(exclude_file_name_regexp--sc_prohibit_always_true_header_tests)
	(exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF)
	(exclude_file_name_regexp--sc_prohibit_fork_wrappers)
	(exclude_file_name_regexp--sc_trailing_blank): Simplify.
	(exclude_file_name_regexp--sc_prohibit_gettext_noop): Delete.
	(exclude_file_name_regexp--sc_prohibit_close)
	(exclude_file_name_regexp--sc_prohibit_nonreentrant)
	(exclude_file_name_regexp--sc_prohibit_sprintf): Tighten.

	util: honor anchored names when searching for executables
	I got bit in a debugging session on an uninstalled libvirtd; the
	code tried to call out to the installed $LIBEXECDIR/libvirt_iohelper
	instead of my just-built version.  So I set a breakpoint and altered
	the binary name to be "./src/libvirt_iohelper", and it still failed
	because I don't have "." on my PATH.
	According to POSIX, execvp only searches PATH if the name does
	not contain a slash.  Since we are trying to mimic that behavior,
	an anchored name should be relative to the current working dir.
	This tightens existing behavior, but most callers already pass
	an absolute name or a name with no slashes, so it probably won't
	be noticeable.
	* src/util/util.c (virFindFileInPath): Anchored relative names do
	not invoke a PATH search.

2011-07-13  Daniel P. Berrange  <berrange@redhat.com>

	Ensure signal handler propagates fatal signals to default handler
	When replacing the default SEGV/ABORT/BUS signal handlers you
	can't rely on the process being terminated after your custom
	handler runs. It is neccessary to manually restore the default
	handler and then re-raise the signal
	* src/rpc/virnetserver.c: Restore default handler and raise
	  signal

	Remove unused virNetServerProgramErrorHander typedef
	* src/rpc/virnetserverprogram.h: Remove unused typedef for
	  virNetServerProgramErrorHander function callback
	* daemon/remote.h: Remove decl for non-existant variables

2011-07-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix monitor unlocking in some error paths
	When monitor is entered with qemuDomainObjEnterMonitorWithDriver, the
	correct method for leaving and unlocking the monitor is
	qemuDomainObjExitMonitorWithDriver.

	qemu: Consolidate qemuMigrationPrepare{Direct,Tunnel}
	Most of the code in these two functions is supposed to be identical but
	currently it isn't (which is natural since the code is duplicated).
	Let's move common parts of these functions into qemuMigrationPrepareAny.
	This also fixes qemuMigrationPrepareTunnel which didn't store received
	lockState in the domain object.

	qemu: Add support for job phase
	Asynchronous jobs may take long time to finish and may consist of
	several phases which we need to now about to help with recovery/rollback
	after libvirtd restarts.

	qemu: Recover from interrupted jobs
	Detect and react on situations when libvirtd was restarted or killed
	when a job was active.

	qemu: Save job type in domain status XML
	If libvirtd is restarted when a job is running, the new libvirtd process
	needs to know about that to be able to recover and rollback the
	operation.

	qemu: Allow all query commands to be run during long jobs
	Query commands are safe to be called during long running jobs (such as
	migration). This patch makes them all work without the need to
	special-case every single one of them.
	The patch introduces new job.asyncCond condition and associated
	job.asyncJob which are dedicated to asynchronous (from qemu monitor
	point of view) jobs that can take arbitrarily long time to finish while
	qemu monitor is still usable for other commands.
	The existing job.active (and job.cond condition) is used all other
	synchronous jobs (including the commands run during async job).
	Locking schema is changed to use these two conditions. While asyncJob is
	active, only allowed set of synchronous jobs is allowed (the set can be
	different according to a particular asyncJob) so any method that
	communicates to qemu monitor needs to check if it is allowed to be
	executed during current asyncJob (if any). Once the check passes, the
	method needs to normally acquire job.cond to ensure no other command is
	running. Since domain object lock is released during that time, asyncJob
	could have been started in the meantime so the method needs to recheck
	the first condition. Then, normal jobs set job.active and asynchronous
	jobs set job.asyncJob and optionally change the list of allowed job
	groups.
	Since asynchronous jobs only set job.asyncJob, other allowed commands
	can still be run when domain object is unlocked (when communicating to
	remote libvirtd or sleeping). To protect its own internal synchronous
	commands, the asynchronous job needs to start a special nested job
	before entering qemu monitor. The nested job doesn't check asyncJob, it
	only acquires job.cond and sets job.active to block other jobs.

	qemu: Consolidate {Enter,Exit}Monitor{,WithDriver}
	EnterMonitor and ExitMonitor methods are very similar to their
	*WithDriver variants; consolidate them into EnterMonitorInternal and
	ExitMonitorInternal to avoid (mainly future) code duplication.

	qemu: Consolidate BeginJob{,WithDriver} into a single method
	This avoids code duplication and also avoids relying on good luck that
	ignore_value(virDomainObjUnref(obj)) doesn't set errno.

	qemu: Separate job related data into a new object

2011-07-13  Eric Blake  <eblake@redhat.com>

	maint: avoid incremental 'make syntax-check' failure
	Incrementally running 'make syntax-check' on a tree previously
	built after commit 62dee6f but before 44036460 fails sc_po_check
	(because the generated qemu_dispatch.h gained translatable strings).
	This is a followup to commit addaa537 for that scenario.
	* cfg.mk (sc_po_check): Add another prereq.
	($(srcdir)/daemon/qemu_dispatch.h): Add rule.

2011-07-13  Daniel P. Berrange  <berrange@redhat.com>

	Skip bugs which are CLOSED in todo list
	* docs/todo.pl: Skip closed bugs

	Add missing cleanup for transient guests in UML driver
	The UML inotify handler would kill off guests when certain
	conditions arise, but it forgot to remove transient guests
	from the list of domains
	* src/uml/uml_driver.c: Cleanup transient guests

	Add auditing to the UML driver
	* src/uml/uml_driver.c: Add audit hooks

	Add auditing to the LXC driver
	* src/lxc/lxc_driver.c: Add auditing hooks

	Add virtualization type in audit messages
	Since a host can run several different virtualization types at
	the same time, audit messages should allow domains to be identified.
	Add a 'virt={qemu,kvm,uml,lxc,...}' key to domain audit messages
	* src/conf/domain_audit.c: Identify virt type of guest

	Add auditing of filesystems
	When passing through filesystems from the host to a guest, the
	host filesystem passed must be audited
	* src/conf/domain_audit.{c,h}: Add virDomainAuditFS

	Move qemu_audit.h helpers into shared code
	The LXC and UML drivers can both make use of auditing. Move
	the qemu_audit.{c,h} files to src/conf/domain_audit.{c,h}
	* src/conf/domain_audit.c: Rename from src/qemu/qemu_audit.c
	* src/conf/domain_audit.h: Rename from src/qemu/qemu_audit.h
	* src/Makefile.am: Remove qemu_audit.{c,h}, add domain_audit.{c,h}
	* src/qemu/qemu_audit.h, src/qemu/qemu_cgroup.c,
	  src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
	  src/qemu/qemu_hotplug.c, src/qemu/qemu_migration.c,
	  src/qemu/qemu_process.c: Update for changed audit API names

2011-07-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Initialize all instances of esxVMX_Data to zero
	To avoid using or freeing uninitialized memory or pointers.

	rpc: Fix compile error due to potentially unused parameter
	connectDBus is only used if HAVE_DBUS is set. Therefore mark
	it as potentially unused.

2011-07-12  Jim Fehlig  <jfehlig@novell.com>

	Fix build when using polkit0
	V2: Remove policy kit references from virNetServer and use DBus APIs
	    directly, if available.

2011-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Implement code to attach to external QEMU instances.
	Given a PID, the QEMU driver reads /proc/$PID/cmdline and
	/proc/$PID/environ to get the configuration. This is fed
	into the ARGV->XML convertor to build an XML configuration
	for the process.
	/proc/$PID/exe is resolved to identify the full command
	binary path
	After checking for name/uuid uniqueness, an attempt is
	made to connect to the monitor socket. If successful
	then 'info status' and 'info kvm' are issued to determine
	whether the CPUs are running and if KVM is enabled.
	* src/qemu/qemu_driver.c: Implement virDomainQemuAttach
	* src/qemu/qemu_process.h, src/qemu/qemu_process.c: Add
	  qemuProcessAttach to connect to the monitor of an
	  existing QEMU process

	Add monitor API for checking whether KVM is enabled
	When attaching to an external QEMU process, it is neccessary
	to check if the process is using KVM or not. This can be done
	using a monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  API for checking if KVM is enabled

	Add a method for extracting QEMU argv from /proc
	To enable attaching to externally launched QEMU, we need
	to be able to reverse engineer a guest XML config based
	on the argv for a PID in /proc
	* src/qemu/qemu_command.c, src/qemu/qemu_command.h: Add
	  qemuParseCommandLinePid which extracts QEMU config from
	  argv in /proc, given a PID number

	Change extract pidfile & monitor config from QEMU command line
	When converting QEMU argv into a virDomainDefPtr, also extract
	the pidfile, monitor character device config and the monitor
	mode.
	* src/qemu/qemu_command.c, src/qemu/qemu_command.h: Extract
	  pidfile & monitor config from QEMU argv
	* src/qemu/qemu_driver.c, tests/qemuargv2xmltest.c: Add extra
	  params when calling qemuParseCommandLineString

	Keep pidfile path in qemuDomainObjPrivate struct
	Avoid re-formatting the pidfile path everytime we need it. Create
	it once when starting the guest, and preserve it until the guest
	is shutdown.
	* src/libvirt_private.syms, src/util/util.c,
	  src/util/util.h: Add virFileReadPidPath
	* src/qemu/qemu_domain.h: Add pidfile field
	* src/qemu/qemu_process.c: Store pidfile path in qemuDomainObjPrivate

	Add a new 'virsh qemu-attach' command.
	This command allows libvirt to attach to an existing QEMU
	instance.
	 $ qemu-kvm -cdrom ~/demo.iso \
	     -monitor unix:/tmp/demo,server,nowait \
	     -name foo \
	     -uuid cece4f9f-dff0-575d-0e8e-01fe380f12ea  &
	 $ QEMUPID=$!
	 $ virsh qemu-attach $QEMUPID

	Define remote wire protocol & impls for virDomainQemuAttach
	This tweaks the RPC generator to cope with some naming
	conventions used for the QEMU specific APIs
	* daemon/remote.c: Server side dispatcher
	* src/remote/remote_driver.c: Client side dispatcher
	* src/remote/qemu_protocol.x: Wire protocol definition
	* src/rpc/gendispatch.pl: Use '$structprefix' in method
	  names, fix QEMU flags and fix dispatcher method names

	Define a QEMU specific API to attach to a running QEMU process
	Introduce a new API in libvirt-qemu.so
	 virDomainPtr virDomainQemuAttach(virConnectPtr domain,
	                                  unsigned long long pid,
	                                  unsigned int flags);
	This allows libvirtd to attach to an existing, externally
	launched QEMU process. This is useful for QEMU developers who
	prefer to launch QEMU themselves for debugging/devel reasons,
	but still want the benefit of libvirt based tools like
	virt-top, virt-viewer, etc
	* include/libvirt/libvirt-qemu.h: Define virDomainQemuAttach
	* src/driver.h, src/libvirt-qemu.c, src/libvirt_qemu.syms:
	  Driver glue for virDomainQemuAttach

2011-07-12  Alex Jia  <ajia@redhat.com>

	qemu: update configuration file
	* src/qemu/qemu.conf: Add blkio controller into qemu.conf.

2011-07-12  Eric Blake  <eblake@redhat.com>

	qemu: avoid fd leak on core dump failure
	* src/qemu/qemu_driver.c (doCoreDump): Guarantee fd is closed.

	maint: rename virtaudit to match file contents
	* src/util/virtaudit.[ch]: Rename...
	* src/util/viraudit.[ch]: ...to match virAudit* API.
	* src/Makefile.am (UTIL_SOURCES): Reflect rename.
	* daemon/libvirtd.c: Likewise.
	* po/POTFILES.in: Likewise.
	* src/libvirt_private.syms: Likewise.
	* src/qemu/qemu_audit.c: Likewise.

2011-07-12  Oskari Saarenmaa  <os@ohmu.fi>

	remote/ssh: support for no_verify.
	Set StrictHostKeyChecking=no to auto-accept new ssh host keys if the
	no_verify extra parameter was specified.  This won't disable host key
	checking for already known hosts.  Includes a test and documentation.

2011-07-12  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	Fix virsh inject-nmi man page
	* tools/virsh.pod: move the description which was misplaced

2011-07-12  Michal Privoznik  <mprivozn@redhat.com>

	domain_conf: Free temporary variable
	* src/conf/domain_conf.c: caller must free returned value of
	  virXPathString in useserial

2011-07-12  Osier Yang  <jyang@redhat.com>

	esx: Fix a potential crash
	Initialize ptr data.datastorePathWithoutFileName as NULL, otherwise
	it might cause crash when trying to free it in cleanup.

2011-07-12  Eric Blake  <eblake@redhat.com>

	build: also check qemu_protocol for on-the-wire stability
	Since we are going to add some libvirt-qemu.so entry points in
	0.9.4, we might as well start checking for RPC stability, just
	as for libvirt.so.
	* src/Makefile.am (PROTOCOL_STRUCTS): New variable.
	(remote_protocol-structs): Rename...
	(%_protocol-structs): ...and make more generic.
	* src/qemu_protocol-structs: New file.

	build: avoid requiring -lm
	log2() is heavy when ffs() can do the same thing.  But ffs()
	requires gnulib support for mingw.
	This patch solves this linker error on Fedora 14.
	/usr/bin/ld: libvirt_lxc-domain_conf.o: undefined reference to symbol 'log2@@GLIBC_2.2.5'
	/usr/bin/ld: note: 'log2@@GLIBC_2.2.5' is defined in DSO /lib64/libm.so.6 so try adding it to the linker command line
	/lib64/libm.so.6: could not read symbols: Invalid operation
	collect2: ld returned 1 exit status
	* .gnulib: Update to latest, for ffs.
	* bootstrap.conf (gnulib_modules): Import ffs.
	* src/conf/domain_conf.c (virDomainDefParseXML): Use ffs instead
	of log2.
	Reported by Dave Allan.

2011-07-12  Jim Fehlig  <jfehlig@novell.com>

	Remove code no longer used after commit df0b57a9

2011-07-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add domain type checking
	The drivers were accepting domain configs without checking if those
	were actually meant for them. For example the LXC driver happily
	accepts configs with type QEMU.
	Add a check for the expected domain types to the virDomainDefParse*
	functions.

2011-07-11  Alex Jia  <ajia@redhat.com>

	remote: Fix memory leak
	Detected in valgrind run:
	==9184== 1 bytes in 1 blocks are definitely lost in loss record 1 of 19
	==9184==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==9184==    by 0x3073715F78: xdr_array (xdr_array.c:97)
	==9184==    by 0x4CF97C9: xdr_remote_domain_get_security_label_ret (remote_protocol.c:1696)
	==9184==    by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
	==9184==    by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
	==9184==    by 0x4CE3887: call (remote_driver.c:3933)
	==9184==    by 0x4CF71C6: remoteDomainGetSecurityLabel (remote_driver.c:1580)
	==9184==    by 0x4CCA480: virDomainGetSecurityLabel (libvirt.c:7340)
	==9184==    by 0x41993A: cmdDominfo (virsh.c:2414)
	==9184==    by 0x411E92: vshCommandRun (virsh.c:12730)
	==9184==    by 0x4211ED: main (virsh.c:14076)
	==9184==
	==9184== 2 bytes in 1 blocks are definitely lost in loss record 2 of 19
	==9184==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==9184==    by 0x3073715F78: xdr_array (xdr_array.c:97)
	==9184==    by 0x4CF974F: xdr_remote_node_get_security_model_ret (remote_protocol.c:1713)
	==9184==    by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
	==9184==    by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
	==9184==    by 0x4CE3887: call (remote_driver.c:3933)
	==9184==    by 0x4CF6F96: remoteNodeGetSecurityModel (remote_driver.c:1648)
	==9184==    by 0x4CBF799: virNodeGetSecurityModel (libvirt.c:7382)
	==9184==    by 0x4197D7: cmdDominfo (virsh.c:2394)
	==9184==    by 0x411E92: vshCommandRun (virsh.c:12730)
	==9184==    by 0x4211ED: main (virsh.c:14076)
	==9184==
	==9184== 8 bytes in 1 blocks are definitely lost in loss record 3 of 19
	==9184==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==9184==    by 0x3073715F78: xdr_array (xdr_array.c:97)
	==9184==    by 0x4CF9729: xdr_remote_node_get_security_model_ret (remote_protocol.c:1710)
	==9184==    by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
	==9184==    by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
	==9184==    by 0x4CE3887: call (remote_driver.c:3933)
	==9184==    by 0x4CF6F96: remoteNodeGetSecurityModel (remote_driver.c:1648)
	==9184==    by 0x4CBF799: virNodeGetSecurityModel (libvirt.c:7382)
	==9184==    by 0x4197D7: cmdDominfo (virsh.c:2394)
	==9184==    by 0x411E92: vshCommandRun (virsh.c:12730)
	==9184==    by 0x4211ED: main (virsh.c:14076)
	==9184==
	==9184== LEAK SUMMARY:
	==9184==    definitely lost: 11 bytes in 3 blocks
	* src/remote/remote_driver.c: Avoid leak on remoteDomainGetSecurityLabel
	  and remoteNodeGetSecurityModel.

2011-07-11  Eric Blake  <eblake@redhat.com>

	tests: simplify formatting
	The shell version would output 40 extra spaces for a test with
	a multiple of 40 sub-tests, and the C version can use the same
	printf optimization for avoiding a loop over single space output
	as the shell version.
	* tests/testutils.c (virtTestMain): Avoid loop for alignment.
	* tests/test-lib.sh: Fix formatting when counter is multiple of 40.

2011-07-11  Jim Fehlig  <jfehlig@novell.com>

	Do not drop kernel cmdline for xen pv domains
	Kernel cmdline args can be passed to xen pv domains even when a
	bootloader is specified.  The current config-to-sxpr mapping
	ignores cmdline when bootloader is present.
	Since the xend sub-driver is used with many xen toolstack versions,
	this patch takes conservative approach of adding an else block to
	existing !def->os.bootloader, and only appends sxpr if def->os.cmdline
	is non-NULL.
	V2: Fix existing testcase broken by this patch and add new testcases

2011-07-11  Wen Congyang  <wency@cn.fujitsu.com>

	kill vm if saving config failed in v3 protocol
	If virDomainSaveConfig() failed, we will return NULL to source,
	and the vm is still available to restart during confirm() step in
	v3 protocol. So we should kill it off in qemuMigrationFinish().
	In v2 protocol, we should not set vm to NULL, because we hold
	a reference of vm and should unrefernce it.

	RPC: fix argument's name

	fix typo error

2011-07-11  Michal Privoznik  <mprivozn@redhat.com>

	bios: Add support for SGA
	This patch creates new <bios> element which, at this time has only the
	attribute useserial='yes|no'. This attribute allow users to use
	Serial Graphics Adapter and see BIOS messages from the very first moment
	domain boots up. Therefore, users can choose boot medium, set PXE, etc.

2011-07-11  Daniel Veillard  <veillard@redhat.com>

	Fix rpm build with sanlock and without QEmu
	The qemu-sanlock.conf file is not installed in this case

2011-07-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Fix logic in storage driver open function
	If the main driver is the vbox driver, then the open function
	has to return an error if the private data is invalid.

	tests: Improve output of tests that decide to skip at runtime
	Don't print OK/FAIL for tests that decide to be skipped after
	calling virtTestMain. Delay printing of the indentation before
	the first test until we know that the test didn't decide to be
	skipped.
	Also make the reconnect test use VIRT_TEST_MAIN.

	tests: Fix compressed test output padding logic
	The current logic tries to count from 1 to 40 and ignores paddings
	of 0 and 1 to 40. This doesn't work for counter + 1 mod 40 == 0
	like here for counter value 159
	TEST: virsh-all
	      ........................................ 40
	      ........................................ 80
	      ........................................ 120
	      ....................................... 159 OK
	PASS: virsh-all
	Also seq isn't portable. Therefore, calculate the correct padding
	length directly and use printf to output it at once.

	tests: Use EXIT_AM_SKIP instead of 77 directly

	rpc: Fix whitespace problem in generated code
	Add missing line break and fix indention level.
	Reported by Cole Robinson.

2011-07-09  Federico Simoncelli  <fsimonce@redhat.com>

	sanlock: avoid lockspace setup when auto_disk_lease is off
	When auto_disk_lease is off we should avoid the automatic lockspace
	creation.

2011-07-09  Eric Blake  <eblake@redhat.com>

	libvirtd: diagnose explicitly requested but missing conf file
	Fixes test regression introduced in commit 8e2e4780.
	* daemon/libvirtd.c (daemonConfigLoad): Add argument.
	(main): Update caller.

2011-07-08  Michael Santos  <michael.santos@gmail.com>

	qemu: clean up OOM checks

2011-07-08  Daniel P. Berrange  <berrange@redhat.com>

	Don't exit if the libvirtd config does not exist
	It is common for the $HOME/.libvirt/libvirtd.conf file to not
	exist. Treat this situation as non-fatal since we can carry
	on with our default settings just fine.
	* daemon/libvirtd.c: Treat ENOENT as non-fatal when loading
	  config

	Fix sending of reply to final RPC message
	The dispatch for the CLOSE RPC call was invoking the method
	virNetServerClientClose(). This caused the client connection
	to be immediately terminated. This meant the reply to the
	final RPC message was never sent. Prior to the RPC rewrite
	we merely flagged the connection for closing, and actually
	closed it when the next RPC call dispatch had completed.
	* daemon/remote.c: Flag connection for a delayed close
	* daemon/stream.c: Update to use new API for closing
	  failed connection
	* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h:
	  Add support for a delayed connection close. Rename the
	  virNetServerClientMarkClose method to virNetServerClientImmediateClose
	  to clarify its semantics

	Fix leak of remote driver if final 'CLOSE' RPC call fails
	When closing a remote connection we issue a (fairly pointless)
	'CLOSE' RPC call to the daemon. If this fails we skip all the
	cleanup of private data, but the virConnectPtr object still
	gets released as normal. This causes a memory leak. Since the
	CLOSE RPC call is pretty pointless, just carry on freeing the
	remote driver if it fails.
	* src/remote/remote_driver.c: Ignore failure to issue CLOSE
	  RPC call

	Fix release of outgoing stream confirmation/abort message
	When sending back the final OK or ERROR message on completion
	of a stream, we were not decrementing the 'nrequests' tracker
	on the client. With the default requests limit of '5', this
	meant once a client had created 5 streams, they are unable to
	process any further RPC calls.  There was also a bug when
	handling an error from decoding a message length header, which
	meant a client connection would not immediately be closed.
	* src/rpc/virnetserverclient.c: Fix release of request after
	  stream completion & mark client for close on error

	Fix leak of 'msg' object in client stream code
	In one exit path we forgot to free the virNetMessage object causing
	a large memory leak for streams which send a lot of data. Some other
	paths were calling VIR_FREE directly instead of virNetMessageFree
	although this was (currently) harmless.
	* src/rpc/virnetclientstream.c: Fix leak of msg object
	* src/rpc/virnetclientprogram.c: Call virNetMessageFree instead
	  of VIR_FREE

	Fix potential crash in libvirtd with active streams
	If a client disconnects while it has a stream active, there is
	a race condition which could see libvirtd crash. This is because
	the client struct may be freed before the last stream event has
	triggered. This is trivially solved by holding an extra reference
	on the client for the stream callbak
	* daemon/stream.c: Acquire reference on client when adding the
	  stream callback

	Fix mistaken order of server cert/key parameters in constructor
	The virNetTLSContextNew was being passed key/cert parameters in
	the wrong order. This wasn't immediately visible because if
	virNetTLSContextNewPath was used, a second bug reversed the order
	of those parameters again.
	Only if the paths were manually specified in /etc/libvirt/libvirtd.conf
	did the bug appear
	* src/rpc/virnettlscontext.c: Fix order of params passed to
	  virNetTLSContextNew

2011-07-08  Michal Privoznik  <mprivozn@redhat.com>

	graphics: add support for action_if_connected in qemu
	This option accepts 3 values:
	-keep, to keep current client connected (Spice+VNC)
	-disconnect, to disconnect client (Spice)
	-fail, to fail setting password if there is a client connected (Spice)

2011-07-08  Jiri Denemark  <jdenemar@redhat.com>

	util: Don't try to fchown files opened as non-root
	When virFileOpenAs is called with VIR_FILE_OPEN_AS_UID flag and uid/gid
	different from root/root while libvirtd is running as root, we fork a
	new child, change its effective UID/GID to uid/gid and run
	virFileOpenAsNoFork. It doesn't make any sense to fchown() the opened
	file in this case since we already know that uid/gid can access the file
	when open succeeds and one of the following situations may happen:
	- the file is already owned by uid/gid and we skip fchown even before
	  this patch
	- the file is owned by uid but not gid because it was created in a
	  directory with SETGID set, in which case it is desirable not to change
	  the group
	- the file may be owned by a completely different user and/or group
	  because it was created on a root-squashed or even all-squashed NFS
	  filesystem, in which case fchown would most likely fail anyway

2011-07-08  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't chown files on NFS share if dynamic_ownership is off
	When dynamic ownership is disabled we don't want to chown any files,
	not just local.

2011-07-08  John Williams  <john.williams@petalogix.com>

	microblaze: Add architecture support
	Add libvirt support for MicroBlaze architecture as a QEMU target.  Based on mips/mipsel pattern.

2011-07-08  Jim Fehlig  <jfehlig@novell.com>

	Skip some xen tests if xend is not running
	Currently, the xen statstest and reconnect tests are only compiled
	if xend is running.  Compile them unconditionally if xen headers
	are present, but skip the tests at runtime if xend is not running.
	This is in response to Eric's suggestion here
	https://www.redhat.com/archives/libvir-list/2011-July/msg00367.html

2011-07-08  Eric Blake  <eblake@redhat.com>

	util: drop unused safezero argument
	No caller was using the flags argument, and this function is internal
	only, so we might as well skip it.
	* src/util/util.h (safezero): Update signature.
	* src/util/util.c (safezero): Update function.
	* src/locking/lock_driver_sanlock.c
	(virLockManagerSanlockSetupLockspace)
	(virLockManagerSanlockCreateLease): Update all callers.
	* src/storage/storage_backend.c (createRawFile): Likewise.

	conf: prefer unsigned int for flags
	* src/conf/domain_conf.c (virDomainGraphicsDefParseXML)
	(virDomainDeviceInfoFormat, virDomainDeviceInfoParseXML)
	(virDomainDiskDefParseXML, virDomainControllerDefParseXML)
	(virDomainFSDefParseXML, virDomainNetDefParseXML)
	(virDomainChrDefParseTargetXML, virDomainChrDefParseXML)
	(virDomainSmartcardDefParseXML, virDomainInputDefParseXML)
	(virDomainTimerDefParseXML, virDomainSoundDefParseXML)
	(virDomainWatchdogDefParseXML, virDomainMemballoonDefParseXML)
	(virDomainVideoDefParseXML)
	(virDomainHostdevSubsysUsbDefParseXML)
	(virDomainHostdevSubsysPciDefParseXML)
	(virDomainHostdevDefParseXML, virSecurityLabelDefParseXML)
	(virDomainVcpuPinDefParseXML, virDomainDefParseXML)
	(virDomainDefParse, virDomainDiskDefFormat)
	(virDomainControllerDefFormat, virDomainFSDefFormat)
	(virDomainNetDefFormat, virDomainChrSourceDefFormat)
	(virDomainChrDefFormat, virDomainSmartcardDefFormat)
	(virDomainSoundDefFormat, virDomainMemballoonDefFormat)
	(virDomainWatchdogDefFormat, virDomainVideoDefFormat)
	(virDomainInputDefFormat, virDomainGraphicsDefFormat)
	(virDomainHostdevDefFormat, virDomainObjFormat): Switch signature.
	(virDomainObjTaint, virDomainSaveStatus): Use unsigned flags.

	drivers: prefer unsigned int for flags
	Now that the public APIs always use unsigned flags, the internal
	driver callbacks might as well do likewise.
	* src/driver.h (vrDrvOpen, virDrvDomainCoreDump)
	(virDrvDomainGetXMLDesc, virDrvNetworkGetXMLDesc)
	(virDrvNWFilterGetXMLDesc): Update type.
	* src/remote/remote_protocol.x (remote_open_args)
	(remote_domain_core_dump_args, remote_domain_get_xml_desc_args)
	(remote_network_get_xml_desc_args)
	(remote_nwfilter_get_xml_desc_args): Likewise.
	* src/test/test_driver.c: Update clients.
	* src/remote/remote_driver.c: Likewise.
	* src/xen/xen_hypervisor.c: Likewise.
	* src/xen/xen_hypervisor.h: Likewise.
	* src/xen/xen_driver.c: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* src/xen/xend_internal.h: Likewise.
	* src/xen/xm_internal.c: Likewise.
	* src/xen/xm_internal.h: Likewise.
	* src/xen/xs_internal.c: Likewise.
	* src/xen/xs_internal.h: Likewise.
	* src/xen/xen_inotify.c: Likewise.
	* src/xen/xen_inotify.h: Likewise.
	* src/phyp/phyp_driver.c: Likewise.
	* src/openvz/openvz_driver.c: Likewise.
	* src/vmware/vmware_driver.c: Likewise.
	* src/vbox/vbox_driver.c: Likewise.
	* src/vbox/vbox_tmpl.c: Likewise.
	* src/xenapi/xenapi_driver.c: Likewise.
	* src/esx/esx_driver.c: Likewise.
	* src/esx/esx_interface_driver.c: Likewise.
	* src/esx/esx_network_driver.c: Likewise.
	* src/esx/esx_storage_driver.c: Likewise.
	* src/esx/esx_device_monitor.c: Likewise.
	* src/esx/esx_secret_driver.c: Likewise.
	* src/esx/esx_nwfilter_driver.c: Likewise.
	* src/interface/netcf_driver.c: Likewise.
	* src/nwfilter/nwfilter_driver.c: Likewise.
	* src/libxl/libxl_driver.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/lxc/lxc_driver.c: Likewise.
	* src/uml/uml_driver.c: Likewise.
	* src/network/bridge_driver.c: Likewise.
	* src/secret/secret_driver.c: Likewise.
	* src/storage/storage_driver.c: Likewise.
	* src/node_device/node_device_hal.c: Likewise.
	* src/node_device/node_device_udev.c: Likewise.
	* src/remote_protocol-structs: Likewise.

	public API: prefer unsigned int for flags
	Most APIs use 'unsigned int flags'; but a few stragglers were using
	a signed value.  In particular, the vir*GetXMLDesc APIs were
	split-brain, with inconsistent choice of types.  Although it is
	an API break to use 'int' instead of 'unsigned int', it is ABI
	compatible (pre-compiled apps will have no difference in behavior),
	and generally apps can be recompiled without any issue (only rare
	apps that compiled with extremely high warning levels, or which
	pass libvirt API around as typed function pointers, would have to
	make any code changes to deal with the change).
	The migrate APIs use 'unsigned long flags', which can't be changed,
	due to ABI constraints.
	This patch intentionally touches only the public API, to prove the
	claim that most existing code (including driver callbacks and virsh)
	still compiles just fine in spite of the type change.
	* include/libvirt/libvirt.h.in (virConnectOpenAuth)
	(virDomainCoreDump, virDomainGetXMLDesc, virNetworkGetXMLDesc)
	(virNWFilterGetXMLDesc): Use unsigned int for flags.
	(virDomainHasCurrentSnapshot): Use consistent spelling.
	* src/libvirt.c (virConnectOpenAuth, virDomainCoreDump)
	(virDomainGetXMLDesc, virNetworkGetXMLDesc)
	(virNWFilterGetXMLDesc, do_open): Update accordingly.

	maint: print flags in hex during debug
	Debugging decimal flags is a pain.
	* src/libvirt.c: Always print flags in hex.

	virsh: make destroy sound less scary
	Destroy has a rather negative English connotation.  Try to reduce
	the impact, so newbies aren't as scared to use it.
	* tools/virsh.c: Tweak all destroy documentation.
	* tools/virsh.pod: Likewise.

	build: use gnulib pthread_sigmask
	Gnulib finally learned how to do pthread_sigmask on mingw.
	* .gnulib: Update to latest, for pthread_sigmask.
	* bootstrap.conf (gnulib_modules): Add pthread_sigmask.
	* configure.ac (AC_CHECK_FUNCS): Drop redundant check.
	* src/rpc/virnetclient.c (virNetClientSetTLSSession)
	(virNetClientIOEventLoop): Make code unconditional.
	* src/util/command.c (virFork): Likewise.
	* tools/virsh.c (doMigrate, cmdMigrate): Likewise.

	build: fix virBufferVasprintf on mingw
	Gnulib documents that mingw vsnprintf is broken (it returns -1
	on out-of-space, instead of the count of what would have been
	printed); but while we were using the snprintf wrapper, we had
	not yet been using the vsnprintf wrapper.
	Meanwhile, mingw (but not mingw64) has a replacement snprintf
	that fixes return values, but still lacks %1$s support; so in
	that case, gnulib didn't replace snprintf, but libintl then
	went ahead and installed a version that supported %1$s but not
	return values.  Gnulib has since been fixed to guarantee that
	the snprintf module will always guarantee the constraints needed
	by libintl.
	Also, we want to guarantee that strdup sets errno on failure.
	* .gnulib: Update to latest, for vsnprintf fix.
	* bootstrap.conf (gnulib_modules): Add vsnprintf, strdup-posix.
	Reported by Matthias Bolte.

2011-07-08  Jim Fehlig  <jfehlig@novell.com>

	Fix compilation of statstest.c during make check

2011-07-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	python: Fix bogus label placement

2011-07-07  Laine Stump  <laine@laine.org>

	util: close the ioctl socket at the end of if(Get|Set)MacAddress
	Otherwise this will leak an fd each time one of these functions is
	called.

	util: rename err_exit to cleanup in interface.c
	This brings it in line with the recommendations in HACKING.

2011-07-07  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	sysinfo: delete unnecessary white space of sysinfo.
	  * Trim each element and delete null entry of sysinfo by
	  virSkipSpacesBackwards().

2011-07-07  Eric Blake  <eblake@redhat.com>

	util: add virTrimSpaces
	The next patch wants to adjust an end pointer to trim trailing
	spaces but without modifying the underlying string, but a more
	generally useful ability to trim trailing spaces in place is
	also worth providing.
	* src/util/util.h (virTrimSpaces, virSkipSpacesBackwards): New
	prototypes.
	* src/util/util.c (virTrimSpaces, virSkipSpacesBackwards): New
	functions.
	* src/libvirt_private.syms (util.h): Export new functions.
	Inspired by a patch by Minoru Usui.

	util: fix virSkipSpaces
	Most clients of virSkipSpaces don't want to omit backslashes.
	Also, open-coding the list of spaces is not as nice as using
	c_isspace.
	* src/util/util.c (virSkipSpaces): Use c_isspace.
	(virSkipSpacesAndBackslash): New function.
	* src/util/util.h (virSkipSpacesAndBackslash): New prototype.
	* src/xen/xend_internal.c (sexpr_to_xend_topology): Update caller.
	* src/libvirt_private.syms (util.h): Export new function.

	docs: minor whitespace cleanups
	No change in wording.  One spacing change in a <pre>, noticed because
	of odd XML formatting online; the rest is in free-flowing text to
	make it easier to see nesting levels in the document.
	* docs/formatdomain.html.in: Adjust spacing.  Break long lines.

2011-07-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	Reduce code duplication in virFileMakePath(Helper)
	Move stat and mkdir to virFileMakePathHelper.
	Also use the stat result to detect whether the existing path
	is a directory and set errno accordingly if it's not.

	apparmor: Finish incomplete renaming of relabel to norelabel
	Commit 693eac388f1759d was incomplete here.

2011-07-06  Daniel P. Berrange  <berrange@redhat.com>

	Fix default value of security label 'relabel' attribute
	When no <seclabel> is present in the XML, the virDomainSeclabelDef
	struct is left as all zeros. Unfortunately, this means it gets setup
	as type=dynamic, with relabel=no, which is an illegal combination.
	Change the 'bool relabel' attribute in virDomainSeclabelDef to
	the inverse 'bool norelabel' so that the default initialization
	is sensible
	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/security/security_apparmor.c, src/security/security_selinux.c:
	  Replace 'relabel' with 'norelabel'

2011-07-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix return value semantic of virFileMakePath
	Some callers expected virFileMakePath to set errno, some expected
	it to return an errno value. Unify this to return 0 on success and
	-1 on error. Set errno to report detailed error information.
	Also optimize virFileMakePath if stat fails with an errno different
	from ENOENT.

	nodedev: Let check_fc_host_linux report errors to the caller

2011-07-06  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Fix compilation error when SASL support is disabled
	This patch adds #if HAVE_SASL where needed in libvirtd.h

2011-07-06  Guannan Ren  <gren@redhat.com>

	pci: initialize state values on reattach
	add a new API pciDeviceReAttachInit() in pci.c to initialize state values for nodedev reattach
	Initialize three state value of device driver to 1. This is just for a new call to
	qemudNodeDeviceReAttach()

2011-07-06  Laine Stump  <laine@laine.org>

	xml: create an RNG file for common types and move some definitions there
	domain.rng, network.rng, and interface.rng already use a few of the
	same types (or in some cases *should* but don't), and an upcoming code
	change will have them sharing even more. To prepare for that, this
	patch takes those common data type definitions and moves them into
	basictypes.rng.
	This may break some rule about the need to RNG files to be autonomous
	or something, but I saw that storageencryption.rng is used in this
	way, so I figured it must not be completely against the law...

	docs: sort the file list in the schemas Makefile

	qemu: check flags in qemuDomainGetXMLDesc
	Although most functions with flags check to verify no application is
	passing in flag bits that are currently undefined, for some reason
	this function wasn't.

	conf: fix domain parse flags
	* Change all flags args from int to unsigned int
	* Allow passing flags in virDomainObjParseFile (and propogate those
	  flags all the way down the call chain). Previously the flags were
	  hardcoded (to VIR_DOMAIN_XML_INTERNAL_STATUS) several layers down
	  the chain. Pass that value in at the one place that is currently
	  calling virDomainObjParseFile.

2011-07-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Disable networkxml2argvtest when configured without network
	Reported by Ruben Kerkhof.

	qemu: Fix virFileMakePath error handling in snapshot creation
	virFileMakePath returns an errno value on error, that will never
	be negative. An virFileMakePath error would have been ignored here,
	instead of being reported correctly.

	conf: Fix declaration of virNetworkDNS(Hosts)Def struct
	The struct A {} A; construct triggers a linker error on OSX about
	duplicate symbols. This also differs from the common struct style.
	Switch to common style to fix this.
	Reported by Justin Clift.

2011-07-04  Daniel P. Berrange  <berrange@redhat.com>

	Add documentation for the seclabel XML element
	The domain XML documentation is missing information about the
	<seclabel> element used by security drivers
	* formatdomain.html.in: Document <seclabel>

	Allow for resource relabelling with static labels
	Add a new attribute to the <seclabel> XML to allow resource
	relabelling to be enabled with static label usage.
	  <seclabel model='selinux' type='static' relabel='yes'>
	    <label>system_u:system_r:svirt_t:s0:c392,c662</label>
	  </seclabel>
	* docs/schemas/domain.rng: Add relabel attribute
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Parse
	  the 'relabel' attribute
	* src/qemu/qemu_process.c: Unconditionally clear out the
	  'imagelabel' attribute
	* src/security/security_apparmor.c: Skip based on 'relabel'
	  attribute instead of label type
	* src/security/security_selinux.c: Skip based on 'relabel'
	  attribute instead of label type and fill in <imagelabel>
	  attribute if relabel is enabled.

	Allow a base label to be specified in dynamic labelling mode
	Normally the dynamic labelling mode will always use a base
	label of 'svirt_t' for VMs. Introduce a <baselabel> field
	in the <seclabel> XML to allow this base label to be changed
	eg
	   <seclabel type='dynamic' model='selinux'>
	     <baselabel>system_u:object_r:virt_t:s0</baselabel>
	   </seclabel>
	* docs/schemas/domain.rng: Add <baselabel>
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
	  of base label
	* src/qemu/qemu_process.c: Don't reset 'model' attribute if
	  a base label is specified
	* src/security/security_apparmor.c: Refuse to support base label
	* src/security/security_selinux.c: Use 'baselabel' when generating
	  label, if available

2011-07-04  Osier Yang  <jyang@redhat.com>

	storage: Do not override the exact error of createRawFile
	virStorageBackendCreateRaw: createRawFile already reported the
	exact error.
	Before the fix:
	error: Failed to create vol vol-create.img
	error: cannot create path '/var/lib/libvirt/images/vol-create.img': Unknown error 18446744073709551597
	After the fix:
	error: Failed to create vol vol-create.img
	error: cannot fill file '/var/lib/libvirt/images/vol-create.img': No space left on device

2011-07-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.3
	* configure.ac docs/news.html.in libvirt.spec.in: update for the
	  new release
	* po/*.po*: updated and regenerated localizations

2011-07-04  Wen Congyang  <wency@cn.fujitsu.com>

	initialize pointer to NULL
	cmd is not initialized to NULL, but we try to freed it if we
	meet some error.

2011-07-04  Eric Blake  <eblake@redhat.com>

	storage: avoid crash on parse error
	Coverity detected that we could crash on bogus input.  Meanwhile,
	strtok_r is rather heavy compared to strchr.
	* src/storage/storage_backend_iscsi.c (virStorageBackendIQNFound):
	  Check for parse failure, and use lighter-weight functions.

	vmware: avoid null deref on failed lookup
	* src/vmware/vmware_driver.c (vmwareDomainReboot): Check error
	  before dereferencing memory.

	qemu: avoid null deref on low memory
	Detected by Coverity.  qemuDomainEventQueue requires a non-NULL
	pointer; most callers silently drop the event if we encountered
	and OOM situation trying to create the event.
	* src/qemu/qemu_migration.c (qemuMigrationFinish): Check for OOM.

	cgroup: silence coverity warning
	Coverity noted that most clients reacted to failure to hash; but in
	a best-effort kill loop, we can ignore failure.
	* src/util/cgroup.c (virCgroupKillInternal): Ignore hash failure.

	rpc: silence coverity warning
	Coverity noted that 4 out of 5 calls to virNetClientStreamRaiseError
	checked the return value.  This case expects a particular value, so
	warn if our expectations went wrong due to some bug elsewhere.
	* src/rpc/virnetclient.c (virNetClientCallDispatchStream): Warn on
	  unexpected scenario.

	qemu: silence coverity warnings
	Coverity warns if the majority of callers check a function for
	errors, but a few don't; but in qemu_audit and qemu_domain, the
	choice to not check for failures was safe.  In qemu_command, the
	failure to generate a uuid can only occur on a bad pointer.
	* src/qemu/qemu_audit.c (qemuAuditCgroup): Ignore failure to get
	  cgroup controller.
	* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitor)
	  (qemuDomainObjEnterMonitorWithDriver): Ignore failure to get
	  timestamp.
	* src/qemu/qemu_command.c (qemuParseCommandLine): Check for error.

	rpc: avoid memory leak on error
	Detected by Coverity.  The leak is on an error path, but I'm not
	sure whether that path is likely to be triggered in practice.
	* src/rpc/virnetserverservice.c (virNetServerServiceAccept): Plug leak.

	rpc: fix logic bug
	Spotted by Coverity.  If we don't update tmp each time through
	the loop, then if the filter being removed was not the head of
	the list, we accidentally lose all filters prior to the one we
	wanted to remove.
	* src/rpc/virnetserverclient.c (virNetServerClientRemoveFilter):
	    Don't lose unrelated filters.

2011-07-02  Eric Blake  <eblake@redhat.com>

	pci: avoid memory leak on error
	Detected by Coverity.  Some, but not all, error paths were clean;
	but they were repetitive so I refactored them.
	* src/util/pci.c (pciGetDevice): Plug leak.

	interface: avoid memory leak on parse error
	Detected by Coverity.  Unlikely to hit unless the file contents
	were corrupted.
	* src/util/interface.c (ifaceRestoreMacAddress): Plug leak.

	libvirtd: avoid memory leak on OOM
	Detected by Coverity; only strikes on OOM so not serious.
	* daemon/libvirtd.c (daemonPidFilePath): Plug leak.

	build: avoid 'make syntax-check' failure
	* tests/utiltest.c (DO_TEST): Fix indentation for cppi.

2011-07-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Add a general util test
	Move non-esx specific tests from esxutilstest there and add a
	test for virParseVersionString.

2011-07-02  Eric Blake  <eblake@redhat.com>

	util: choose whether to require micro in version strings
	To avoid regressions, we let callers specify whether to require a
	minor and micro version.  Callers that were parsing uname() output
	benefit from defaulting to 0, whereas callers that were parsing
	version strings from other sources should not change in behavior.
	* src/util/util.c (virParseVersionString): Allow caller to choose
	whether to fail if minor or micro is missing.
	* src/util/util.h (virParseVersionString): Update signature.
	* src/esx/esx_driver.c (esxGetVersion): Update callers.
	* src/lxc/lxc_driver.c (lxcVersion): Likewise.
	* src/openvz/openvz_conf.c (openvzExtractVersionInfo): Likewise.
	* src/uml/uml_driver.c (umlGetVersion): Likewise.
	* src/vbox/vbox_MSCOMGlue.c (vboxLookupVersionInRegistry):
	Likewise.
	* src/vbox/vbox_tmpl.c (vboxExtractVersion): Likewise.
	* src/vmware/vmware_conf.c (vmwareExtractVersion): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiGetVersion): Likewise.
	Reported by Matthias Bolte.

	build: consistently use CFLAGS
	According to the automake manual, CPPFLAGS (aka INCLUDES, as spelled
	in automake 1.9.6) should only include -I, -D, and -U directives; more
	generic directives like -Wall belong in CFLAGS since they affect more
	phases of the build process.  Therefore, we should be sticking CFLAGS
	additions into a CFLAGS container, not a CPPFLAGS container.
	* src/Makefile.am (libvirt_driver_vmware_la_CFLAGS): Use AM_CFLAGS.
	(INCLUDES): Move CFLAGS items...
	(AM_CFLAGS): ...to their proper location.
	* python/Makefile.am (INCLUDES, AM_CFLAGS): Likewise.
	* tests/Makefile.am (INCLUDES, AM_CFLAGS): Likewise.
	(commandtest_CFLAGS, commandhelper_CFLAGS)
	(virnetmessagetest_CFLAGS, virnetsockettest_CFLAGS): Use AM_CFLAGS.

2011-07-01  Daniel Veillard  <veillard@redhat.com>

	Explicitely invoke python for API doc generator
	This fixes the problem of not finding python in /usr/bin
	which broke build on FreeBSD

2011-07-01  Scott Moser  <smoser@ubuntu.com>

	fix virParseVersionString with linux 3.0
	linux 3.0 has no micro version number, and that is causing problems
	for virParseVersionString.  The patch below should allow for:
	  major
	  major.minor
	  major.minor.micro
	If major or minor are not present they just default to zero.
	We found this in Ubuntu (https://bugs.launchpad.net/bugs/802977)

2011-07-01  Eric Blake  <eblake@redhat.com>

	build: remove dead variables
	Detected by Coverity.  No real harm in leaving these, but fixing
	them cuts down on the noise for future analysis.
	* src/rpc/virnetserver.c (virNetServerAddService): Delete unused
	entry.
	* src/util/sysinfo.c (virSysinfoRead): Delete dead assignment to
	base.

2011-07-01  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus jsondata.h file reference which does not exist
	* tests/Makefile.am: Remove jsondata.h

2011-07-01  Eric Blake  <eblake@redhat.com>

	build: simplify sanlock distribution
	EXTRA_DIST files should unconditionally be part of the tarball,
	rather than depending on the presence of sanlock-devel.
	Meanwhile, parallel builds could fail if we don't use mkdir -p.
	* src/Makefile.am (EXTRA_DIST): Always ship sanlock .aug and
	template .conf files.
	(%-sanlock.conf): Use MKDIR_P.

	build: allow 'make syntax-check' on fresh checkout
	For good or for bad, I did a fresh checkout, ./autogen.sh, then
	'configure', then 'make syntax-check', and was surprised that it
	failed.  Running 'make' before 'make syntax-check' cleaned up the
	issue, but this patch makes it work up front.
	* cfg.mk (sc_po_check): Add prerequisites.

	build: ignore generated file
	* .gitignore: Exempt jsontest binary.

2011-07-01  Daniel P. Berrange  <berrange@redhat.com>

	Add conditionals to allow build without SASL
	* daemon/libvirtd.c, daemon/remote.c: Add #if HAVE_SASL and
	  suitable function stubs to allow build without SASL

2011-07-01  Eric Blake  <eblake@redhat.com>

	build: avoid double-close bug with pipe2
	Based on Coverity's finding on the previous patch, I audited
	gnulib's pipe2 code and found that we had the potential for
	a subtle double-close bug, unless gnulib guarantees that the
	contents of the fd array are unchanged on pipe2() failure.
	* .gnulib: Update to latest, for pipe2 fix.

	rpc: avoid freeing uninitialized variable
	Detected by Coverity.  Both are instances of bad things happening
	if pipe2 fails; the virNetClientNew failure could free garbage,
	and virNetSocketNewConnectCommand could close random fds.
	Note: POSIX doesn't guarantee the contents of fd[0] and fd[1]
	after pipe failure: http://austingroupbugs.net/view.php?id=467
	We may need to introduce a virPipe2 wrapper that guarantees
	that on pipe failure, the fds are explicitly set to -1, rather
	than our current state of assuming the fds are unchanged from
	their value prior to the failed pipe call.
	* src/rpc/virnetclient.c (virNetClientNew): Initialize variable.
	* src/rpc/virnetsocket.c (virNetSocketNewConnectCommand):
	Likewise.

	virsh: avoid uninitialized variable
	Detected by Coverity; neither vshCmddefHelp nor vshCmdOptParse
	was initializing opts_required.
	* tools/virsh.c (vshCmddefOptParse): Always initialize bitmaps.

	virsh: avoid integer overflow
	Detected by Coverity.  info.nrVirtCpu is unsigned short, but if
	cpumaplen is int, then the product of the two in vshMalloc risks
	unintended sign extension.  cmdVcpuinfo had already solved this
	by using size_t cpumaplen.
	* tools/virsh.c (cmdVcpuPin): Use correct type.

2011-07-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix stream procedure number for virDomainMigratePrepareTunnel3
	The virDomainMigratePrepareTunnel3 impl in the remote driver
	was using the procedure number for the virDomainMigratePrepareTunnel
	method. This doesn't work out so well, because it makes the server
	ignore & drop all stream packets
	* src/remote/remote_driver.c: Fix procedure for PrepareTunnel3

	Send back an error if we get unexpected stream control message
	We ignore any stream data packets which come in for streams which
	are not registered, since these packets are async and do not have
	a reply. If we get a stream control packet though we must send back
	an actual error, otherwise a (broken) client may hang forever
	making it hard to diagnose the client bug.
	* src/rpc/virnetserverprogram.c: Send back error for unexpected
	  stream control messages

	Fix release of virNetMessagePtr instances in streams processing
	If a message packet for a invalid stream is received it is just
	free'd. This is not good because it doesn't let the client RPC
	request counter decrement. If a stream is shutdown with pending
	packets the message also isn't released properly because of an
	incorrect header type
	* daemon/stream.c: Fix message header type
	* src/rpc/virnetserverprogram.c: Send dummy reply instead of
	  free'ing ignored stream message

	Add missing include of signal.h in virnetsocket.c
	virNetSocketFree uses kill(SIGTERM) so we must include
	signal.h for the definitions
	* src/rpc/virnetsocket.c: Include signal.h

	Add test case for parsing JSON docs
	While investigating some memory leaks it was unclear whether the
	JSON code correctly free'd all memory during parsing. Add a test
	case which can be run under valgrind to clearly demonstrate that
	the parser is leak free.
	* tests/Makefile.am: Add 'jsontest'
	* tests/jsontest.c: A few simple JSON parsing tests

	Fix potential crash when saving guests
	The qemudDomainSaveFlag method will call EndJob on the 'vm'
	object it is passed in. This can result in the 'vm' object
	being free'd if the last reference is removed. Thus no caller
	of 'qemudDomainSaveFlag' must *ever* reference 'vm' again
	upon return.
	Unfortunately qemudDomainSave and qemuDomainManagedSave
	both call 'virDomainObjUnlock', which can result in a
	crash. This is non-deterministic since it involves a race
	with the monitor I/O thread.
	Fix this by making qemudDomainSaveFlag responsible for
	calling virDomainObjUnlock instead.
	* src/qemu/qemu_driver.c: Fix potential use after free
	  when saving guests

	Fix uninitialized value in QEMU monitor FD sending code
	The 'char control[CMSG_SPACE(sizeof(int))];' was not being
	wiped, so could potentially contain uninitialized bytes.
	While this was harmless in this case, it caused complaints
	from valgrind
	* src/qemu/qemu_monitor.c: memset 'control' variable
	  in qemuMonitorIOWriteWithFD

	Fix leak of JSON object for events
	The event handler functions do not free the virJSONValuePtr
	object. Every event received from a VM thus caused a memory
	leak
	* src/qemu/qemu_monitor_json.c: Fix leak of event object

	Remove bogus warning message in JSON code
	* src/util/json.c: Remove warning message

	Fix use of uninitialized memory when releasing PCI slots
	The 'function' field in the PCI address was not correctly
	initialized, so it was building the wrong address address
	string and so not removing all functions from the in use
	list.
	* src/qemu/qemu_command.c: Fix initialization of PCI function

	Fix leak of virStreamPtr object with callback added in fdstream impl
	When adding a callback to an FD stream, we take an extra reference
	on the virStreamPtr instance. We forgot to registered a free function
	with the callback, so when the callback was removed, the extra
	reference held on virStreamPtr was not released.
	* src/fdstream.c: Use a free callback to release reference on
	  virStreamPtr when removing callback

	Fix leak of mdnsGroupName in virNetServer object
	* src/rpc/virnetserver.c: Free mdnsGroupName

	Fix release of filtered stream messages
	The stream code was reusing a stream message object before
	it was removed from the linked list of filtered messages.
	This caused any later queued messages to be completely lost.
	* daemon/stream.c: Delay reuse of stream message until
	  after it is removed from the queue

	Ensure RPC message is cleared before being reused
	To save on memory reallocation, virNetMessage instances that
	have been transmitted, may be reused for a subsequent incoming
	message. We forgot to clear out the old data of the message
	fully, which caused later confusion upon read.
	* src/rpc/virnetserverclient.c: memset entire message before
	  reusing it

	Fix hardcoded limit on client requests in RPC code
	The virNetServerClient object had a hardcoded limit of 10 requests
	per client. Extend constructor to allow it to be passed in as a
	configurable variable. Wire this up to the 'max_client_requests'
	config parameter in libvirtd
	* daemon/libvirtd.c: Pass max_client_requests into services
	* src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h: Pass
	  nrequests_client_max to clients
	* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h: Allow
	  configurable request limit

2011-06-30  Osier Yang  <jyang@redhat.com>

	tests: Add valgrind.supp into EXTRA_DIST

	virsh: Fix a problem of buildPoolXML
	It doesn't generate "<name>" and "<format>" nodes for "<source>"
	even if they are explicitly specified. This patch fixes it.

2011-06-30  Wen Congyang  <wency@cn.fujitsu.com>

	lock qemu_driver early in qemuGetSchedulerParametersFlags()
	If we pass VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG to
	qemuGetSchedulerParametersFlags() or *nparams is less than 1,
	we will unlock qemu_driver without locking it. It's very dangerous.
	We should lock qemu_driver after calling virCheckFlags().

	save domain status after modifing vcpupin
	We should save domain status after modifing vcpupin. If not,
	we will get wrong vcpupin information after rebooting libvirtd.

	Fix memory leak in virDomainVcpuPinDel()
	virDomainVcpuPinDefFree() does not free def->cputune.vcpupin if nvcpupin
	is 0, and does not set def->cputune.vcpupin to NULL.
	If we set nvcpupin to 0 but do not free vcpupin, vcpupin will not be freed
	when vm->def is freed.
	Use VIR_FREE() instead of virDomainVcpuPinDefFree() to free the memory
	and set def->cputune.vcpupint to NULL.

2011-06-29  Eric Blake  <eblake@redhat.com>

	build: avoid pod2man on tarball
	virt-sanlock-cleanup.8 has static contents (no dependency on
	configure), but is generated by pod2man (a perl dependency that
	maintainers must have, but which ordinary tarball users need
	not have).  Therefore, ensure that it is always part of the
	tarball, even though it is only conditionally installed.
	This is similar to commit 6db98a2d4b, but made simpler by the fact
	that the .8 page is static content.
	* tools/Makefile.am (EXTRA_DIST): Add virt-sanlock-cleanup.8.

2011-06-29  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	sysinfo: fix illegal NULL return
	If virSysinfoParse{BIOS,System,Processor,Memory}()
	can't find newline('\n'), these return NULL.
	This patch fixes this.

2011-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Ensure that EOF is dispatched to the stream callback
	When the remote client receives end of file on the stream
	it never invokes the stream callback. Applications relying
	on async event driven I/O will thus never see the EOF
	condition on the stream
	* src/rpc/virnetclient.c, src/rpc/virnetclientstream.c:
	  Ensure EOF is dispatched

	Fix locking wrt virNetClientStreamPtr object
	The client stream object can be used independently of the
	virNetClientPtr object, so must have full locking of its
	own and not rely on any caller.
	* src/remote/remote_driver.c: Remove locking around stream
	  callback
	* src/rpc/virnetclientstream.c: Add locking to all APIs
	  and callbacks

	Avoid referencing NULL pointer when copying stream error
	* src/rpc/virnetclientstream.c: Avoid referencing NULL

	Avoid free'ing a filtered RPC message in the server
	When a filter steals an RPC message, that message must
	not be freed, except by the filter code itself
	* src/rpc/virnetserverclient.c: Don't free stolen RPC
	  messages

	Improve two log messages in virNetMessage
	Improve log messages issued when encountering a bogus
	message length to include the actual length and the
	limit violated
	* src/rpc/virnetmessage.c: Improve log messages

	Ensure empty payload is written upon stream completion
	On stream completion it is neccessary to send back a
	message with an empty payload. The message header was
	not being filled out correctly, since we were not writing
	any payload. Add a method for encoding an empty payload
	which updates the message headers correctly.
	* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h: Add
	  a virNetMessageEncodePayloadEmpty method
	* src/rpc/virnetserverprogram.c: Write empty payload on
	  stream completion

	Lower logging level when failing to register socket watch
	The RPC client treats failure to register a socket watch
	as non-fatal, since we do not mandate that a libvirt client
	application provide an event loop implementation. It is
	thus inappropriate to a log a message at VIR_LOG_WARN
	* src/rpc/virnetsocket.c: Lower logging level

	Fix propagation of RPC errors from streams
	If a streams error is raised, virNetClientIOEventLoop
	returns 0, but an error is set. Check for this and
	propagate it if present
	* src/rpc/virnetclient.c: Propagate streams error

	Fix crash when aborting a stream from a I/O callback
	If a callback being invoked from a stream issues a virStreamAbort
	operation, the stream data will be free'd but the callback will
	then still try to use this. Delay free'ing of the stream data when
	a callback is dispatching
	* src/fdstream.c: Delay stream free when callback is active

2011-06-29  Michal Privoznik  <mprivozn@redhat.com>

	screenshot: Set access rights to temporary file
	Although we create a temporary file, it is owned by root:root and have
	rights 0600. In case qemu does not run under root, it is unable to write
	to that file and thus we transfer 0B sized file.

2011-06-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	dnsmasq: Fix errno handling and don't unlink non-existing files
	addnhostsSave and hostsfileSave expect < 0 return value on error from
	addnhostsWrite and hostsfileWrite but then pass err instead of -err
	to virReportSystemError that expects an errno value.
	Also addnhostsWrite returns -ENOMEM and errno, change this to -errno.
	addnhostsWrite and hostsfileWrite tried to unlink the tempfile after
	renaming it, making both fail on the final step. Remove the unnecessary
	unlink calls.

2011-06-29  Eric Blake  <eblake@redhat.com>

	maint: improve makefile whitespace
	None of these instances cause any semantic differences, but
	consistency is nice.
	* src/Makefile.am: Replace leading spaces with tabs.

2011-06-29  Osier Yang  <jyang@redhat.com>

	tests: Fix memory leak in virnetmessagetest
	Detected when playing with "make -C tests valgrind".

	conf: Fix memory leak in virNetworkDNSDefFormat

2011-06-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	network: Don't ignore errors in dnsmasq config file creation

	network: Fix dnsmasq hostsfile creation logic and related tests
	networkSaveDnsmasqHostsfile was added in 8fa9c2214247 (Apr 2010).
	It has a force flag. If the dnsmasq hostsfile already exists force
	needs to be true to overwrite it. networkBuildDnsmasqArgv sets force
	to false, networkDefine sets it to true. This results in the
	hostsfile being written only in networkDefine in the common case.
	If no error occurred networkSaveDnsmasqHostsfile returns true and
	networkBuildDnsmasqArgv adds the --dhcp-hostsfile to the dnsmasq
	command line.
	networkSaveDnsmasqHostsfile was changed in 89ae9849f744 (24 Jun 2011)
	to return a new dnsmasqContext instead of reusing one. This change broke
	the logic of the force flag as now networkSaveDnsmasqHostsfile returns
	NULL on error, but the early return -- if force was not set and the
	hostsfile exists -- returns 0. This turned the early return in an error
	case and networkBuildDnsmasqArgv didn't add the --dhcp-hostsfile option
	anymore if the hostsfile already exists. It did because networkDefine
	created the hostsfile already.
	Then 9d4e2845d498 fixed the return 0 case in networkSaveDnsmasqHostsfile
	but didn't apply the force option correctly to the new addnhosts file.
	Now force doesn't control an early return anymore, but influences the
	handling of the hostsfile context creation and dnsmasqSave is always
	called now. This commit also added test cases that reveal several
	problems. First, the tests now calls functions that try to write the
	dnsmasq config files to disk. If someone runs this tests as root this
	might overwrite actively used dnsmasq config files, this is a no-go. Also
	the tests depend on configure --localstatedir, this needs to be fixed as
	well, because it makes the tests fail when localstatedir is different
	from /var.
	This patch does several things to fix this:
	1) Move dnsmasqContext creation and saving out of networkBuildDnsmasqArgv
	to the caller to separate the command line generation from the config
	file writing. This makes the command line generation testable without the
	risk of interfering with system files, because the tests just don't call
	dnsmasqSave.
	2) This refactoring of networkSaveDnsmasqHostsfile makes the force flag
	useless as the saving happens somewhere else now. This fixes the wrong
	usage of the force flag in combination with then newly added addnhosts
	file by removing the force flag.
	3) Adapt the wrong test cases to the correct behavior, by adding the
	missing --dhcp-hostsfile option. Both affected tests contain DHCP host
	elements but missed the necessary --dhcp-hostsfile option.
	4) Rename networkSaveDnsmasqHostsfile to networkBuildDnsmasqHostsfile,
	because it doesn't save the dnsmasqContext anymore.
	5) Move all directory creations in dnsmasq context handling code from
	the *New functions to dnsmasqSave to avoid directory creations in system
	paths in the test cases.
	6) Now that networkBuildDnsmasqArgv doesn't create the dnsmasqContext
	anymore the test case can create one with the localstatedir that is
	expected by the tests instead of the configure --localstatedir given one.

	Fix compilation with systemtap 1.3
	Version 1.3 of <sys/sdt.h> uses this macro
	  #define STAP_CAST(t) (size_t)t
	that breaks like this if t is a function
	  remote.c:1775: error: cast from function call of type 'const char *'
	  to non-matching type 'long unsigned int' [-Wbad-function-cast]
	For that to work it should probably look like this
	  #define STAP_CAST(t) ((size_t)(t))
	In systemtap 1.4 this was completely rewritten.
	Anyway, before commit df0b57a95a767c t was always a variable, but now
	also a function is used here, namely virNetSASLSessionGetIdentity.
	Use an intermediate variable to avoid this problem.

2011-06-29  Eric Blake  <eblake@redhat.com>

	build: fix mingw build
	./autobuild.sh died on several messages resembling:
	../../src/rpc/virnetsocket.c: In function 'virNetSocketNewListenTCP':
	../../src/rpc/virnetsocket.c:231:9: error: implicit declaration of function 'bind_used_without_requesting_gnulib_module_bind' [-Wimplicit-function-declaration]
	../../src/rpc/virnetsocket.c:231:9: error: nested extern declaration of 'bind_used_without_requesting_gnulib_module_bind' [-Wnested-externs]
	Basically, gnulib socket fds are not safe to pass to mingw socket
	functions unless we pull in those gnulib modules.
	* bootstrap.conf (gnulib_modules): Add modules to handle socket
	functions on mingw.

	sysinfo: fix parsing regression
	Detected by gcc -O2, introduced in commit 532ce9c2.  If dmidecode
	outputs a field unrecognized by the parsers, then the code would
	dereference an uninitialized eol variable.
	* src/util/sysinfo.c (virSysinfoParseBIOS)
	(virSysinfoParseSystem, virSysinfoParseProcessor)
	(virSysinfoParseMemory): Avoid uninitialized variable.

	build: update translated files
	The last patch was incomplete.  The translated strings merely
	moved between generated file names, rather than disappearing.
	* cfg.mk (generated_files): Update generated file names.
	* po/POTFILES.in: Add remote_dispatch.h

2011-06-29  Jiri Denemark  <jdenemar@redhat.com>

	build: Don't expect translatable strings in a dead file
	daemon/remote_dispatch_bodies.h is no longer with us and shouldn't be
	searched for translatable strings.

	daemon: Fix build without polkit

2011-06-29  Eric Blake  <eblake@redhat.com>

	remote: fix uninitialized variable
	Detected by gcc -O2:
	remote/remote_driver.c: In function 'doRemoteOpen':
	remote/remote_driver.c:2753:26: error: 'sasl' may be used uninitialized in this function [-Werror=uninitialized]
	* src/remote/remote_driver.c (remoteAuthSASL): Initialize sasl.

	build: fix 'make check' when pdwtags is available
	Problem introduced in commit 6818cf86.
	* src/remote_protocol-structs: Delete unused struct.

	build: sanlock-devel is not in F15 yet
	* libvirt.spec.in (with_sanlock): Only default on in rawhide.
	Reported by Gerhard Stenzel.

2011-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Add documentation for configuration lock managers
	Add a page which documents how to configure lock managers,
	focusing on use of sanlock with the QEMU/KVM driver
	* docs/locking.html.in: Docs about lock managers
	* docs/sitemap.html.in: Add lock manager config to
	  the deployment section

	Support automatic creation of leases for disks in sanlock
	The current sanlock plugin requires a central management
	application to manually add <lease> elements to each guest,
	to protect resources that are assigned to it (eg writable
	disks). This makes the sanlock plugin useless for usage
	in more ad hoc deployment environments where there is no
	central authority to associate disks with leases.
	This patch adds a mode where the sanlock plugin will
	automatically create leases for each assigned read-write
	disk, using a md5 checksum of the fully qualified disk
	path. This can work pretty well if guests are using
	stable disk paths for block devices eg /dev/disk/by-path/XXXX
	symlinks, or if all hosts have NFS volumes mounted in
	a consistent pattern.
	The plugin will create one lockspace for managing disks
	with filename /var/lib/libvirt/sanlock/__LIBVIRT__DISKS__.
	For each VM disks, there will be another file to hold
	a lease /var/lib/libvirt/sanlock/5903e5d25e087e60a20fe4566fab41fd
	Each VM disk lease is usually 1 MB in size. The script
	virt-sanlock-cleanup should be run periodically to remove
	unused lease files from the lockspace directory.
	To make use of this capability the admin will need to do
	several tasks:
	 - Mount an NFS volume (or other shared filesystem)
	   on /var/lib/libvirt/sanlock
	 - Configure 'host_id' in /etc/libvirt/qemu-sanlock.conf
	   with a unique value for each host with the same NFS
	   mount
	 - Toggle the 'auto_disk_leases' parameter in qemu-sanlock.conf
	Technically the first step can be skipped, in which case
	sanlock will only protect against 2 vms on the same host
	using the same disk (or the same VM being started twice
	due to error by libvirt).
	* src/locking/libvirt_sanlock.aug,
	  src/locking/sanlock.conf,
	  src/locking/test_libvirt_sanlock.aug: Add config params
	  for configuring auto lease setup
	* libvirt.spec.in: Add virt-sanlock-cleanup program, man
	  page
	* tools/virt-sanlock-cleanup.in: Script to purge unused
	  disk resource lease files

	Support loading a configuration file for sanlock plugin
	Introduce a configuration file with a single parameter
	'require_lease_for_disks', which is used to decide whether
	it is allowed to start a guest which has read/write disks,
	but without any leases.
	* libvirt.spec.in: Add sanlock config file and augeas
	  lens
	* src/Makefile.am: Install sanlock config file and
	  augeas lens
	* src/locking/libvirt_sanlock.aug: Augeas master lens
	* src/locking/test_libvirt_sanlock.aug: Augeas test file
	* src/locking/sanlock.conf: Example sanlock config
	* src/locking/lock_driver_sanlock.c: Wire up loading
	  of configuration file

	Allow per-driver config file for lock manager plugins
	Allow a 'configFile' parameter to be passed into the lock
	drivers to provide configuration. Wire up the QEMU driver
	to pass in file names '/etc/libvirt/qemu-$NAME.conf
	eg qemu-sanlock.conf
	* src/locking/lock_driver.h, src/locking/lock_driver_nop.c,
	  src/locking/lock_driver_sanlock.c, src/locking/lock_manager.c,
	  src/locking/lock_manager.h: Add configFile parameter
	* src/qemu/qemu_conf.c: Pass in configuration file path to
	  lock driver plugins

2011-06-29  Laine Stump  <laine@laine.org>

	network: add domain to unqualified names defined with <host>
	If a domain name is defined for a network, add the --expand-hosts
	option to the dnsmasq commandline. This results in the domain being
	added to any hostname that is defined in a dns <host> element and
	contains no '.' characters (i.e. it is an "unqualified"
	hostname). Since PTR records are automatically created for any name
	defined in <host>, the result of a PTR request will change from the
	unqualified name to the qualified name.
	This also has the same effect on any hostnames that dnsmasq reads
	from the host's /etc/hosts file.
	(In the case of guest hostnames that were learned by dnsmasq via DHCP
	requests, they were already getting the domain name added on, even
	without --expand-hosts).

2011-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Cleanup remote protocol definitions
	The standard remote protocol for libvirtd no longer needs to
	include definitions of the generic message header/error structs
	or status codes. This is all defined in the generic RPC protocol
	* src/remote/remote_protocol.x: Remove all RPC message definitions
	* src/remote/remote_protocol.h, src/remote/remote_protocol.c:
	  Re-generate
	* daemon/remote_generate_stubs.pl: Delete obsolete script

	Remove obsolete libvirtd mdns code
	libvirtd now uses the generic RPC code for MDNS, so its
	custom mdns APIs are no longer required
	* daemon/mdns.c, daemon/mdns.h: Removed obsolete files

	Convert libvirtd over to the new RPC handling APIs
	This guts the libvirtd daemon, removing all its networking and
	RPC handling code. Instead it calls out to the new virServerPtr
	APIs for all its RPC & networking work
	As a fallout all libvirtd daemon error reporting now takes place
	via the normal internal error reporting APIs. There is no need
	to call separate error reporting APIs in RPC code, nor should
	code use VIR_WARN/VIR_ERROR for reporting fatal problems anymore.
	* daemon/qemu_dispatch_*.h, daemon/remote_dispatch_*.h: Remove
	  old generated dispatcher code
	* daemon/qemu_dispatch.h, daemon/remote_dispatch.h: New dispatch
	  code
	* daemon/dispatch.c, daemon/dispatch.h: Remove obsoleted code
	* daemon/remote.c, daemon/remote.h: Rewrite for new dispatch
	  APIs
	* daemon/libvirtd.c, daemon/libvirtd.h: Remove all networking
	  code
	* daemon/stream.c, daemon/stream.h: Update for new APIs
	* daemon/Makefile.am: Link to libvirt-net-rpc-server.la

	Convert the remote driver to new RPC client APIs
	This guts the current remote driver, removing all its networking
	handling code. Instead it calls out to the new virClientPtr and
	virClientProgramPtr APIs for all RPC & networking work.
	* src/Makefile.am: Link remote driver with generic RPC code
	* src/remote/remote_driver.c: Gut code, replacing with RPC
	  API calls
	* src/rpc/gendispatch.pl: Update for changes in the way
	  streams are handled

	Add XDR_CFLAGS to libvirt-net-rpc.la library
	* src/Makefile.am: Add XDR_CFLAGS

2011-06-28  Daniel P. Berrange  <berrange@redhat.com>

	Ensure sanlock socket is labelled with the VM process label
	The libvirt sanlock plugin is intentionally leaking a file
	descriptor to QEMU. To enable QEMU to use this FD under
	SELinux, it must be labelled correctly. We dont want to use
	the svirt_image_t for this, since QEMU must not be allowed
	to actually use the FD. So instead we label it with svirt_t
	using virSecurityManagerSetProcessFDLabel
	* src/locking/domain_lock.c, src/locking/domain_lock.h,
	  src/locking/lock_driver.h, src/locking/lock_driver_nop.c,
	  src/locking/lock_driver_sanlock.c, src/locking/lock_manager.c,
	  src/locking/lock_manager.h: Optionally pass an FD back to
	  the hypervisor for security driver labelling
	* src/qemu/qemu_process.c: label the lock manager plugin
	  FD with the process label

	Add a virSecurityManagerSetProcessFDLabel
	Add a new security driver method for labelling an FD with
	the process label, rather than the image label
	* src/libvirt_private.syms, src/security/security_apparmor.c,
	  src/security/security_dac.c, src/security/security_driver.h,
	  src/security/security_manager.c, src/security/security_manager.h,
	  src/security/security_selinux.c, src/security/security_stack.c:
	  Add virSecurityManagerSetProcessFDLabel & impl

	Rename virSecurityManagerSetFDLabel method
	The virSecurityManagerSetFDLabel method is used to label
	file descriptors associated with disk images. There will
	shortly be a need to label other file descriptors in a
	different way. So the current name is ambiguous. Rename
	the method to virSecurityManagerSetImageFDLabel to clarify
	its purpose
	* src/libvirt_private.syms,
	  src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
	  src/security/security_apparmor.c, src/security/security_dac.c,
	  src/security/security_driver.h, src/security/security_manager.c,
	  src/security/security_manager.h, src/security/security_selinux.c,
	  src/security/security_stack.c: s/FDLabel/ImageFDLabel/

2011-06-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add node prefix to virNodeGet(CPU|Memory)Stats structs and defines

2011-06-28  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix update device for CURRENT + FORCE flags
	When CURRENT and FORCE flags were used together, UpdateDeviceFlags did
	nothing because it failed to transform CURRENT into either LIVE or
	CONFIG.

2011-06-28  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Return error message about unresolvable variables
	This is in response to bugzilla 664629
	https://bugzilla.redhat.com/show_bug.cgi?id=664629
	The patch below returns an appropriate error message if the chain of
	nwfilters is found to contain unresolvable variables and therefore
	cannot be instantiated.
	Example: The following XMl added to a domain:
	    <interface type='bridge'>
	      <mac address='52:54:00:9f:80:45'/>
	      <source bridge='virbr0'/>
	      <model type='virtio'/>
	      <filterref filter='test'/>
	    </interface>
	that references the following filter
	<filter name='test' chain='root'>
	  <filterref filter='clean-traffic'/>
	  <filterref filter='allow-dhcp-server'/>
	</filter>
	now displays upon 'virsh start mydomain'
	error: Failed to start domain mydomain
	error: internal error Cannot instantiate filter due to unresolvable variable: DHCPSERVER
	'DHPCSERVER' is contained in allow-dhcp-server.

2011-06-27  Eric Blake  <eblake@redhat.com>

	build: rename Vcpupin to VcpuPin
	We already have a public virDomainPinVcpu, which implies that
	Pin and Vcpu are treated as separate words.  Unreleased commit
	e261987c introduced virDomainGetVcpupinInfo as the first public
	API that used Vcpupin, although we had prior internal uses of
	that spelling.  For consistency, change the spelling to be two
	words everywhere, regardless of whether pin comes first or last.
	* daemon/remote.c: Treat vcpu and pin as separate words.
	* include/libvirt/libvirt.h.in: Likewise.
	* src/conf/domain_conf.c: Likewise.
	* src/conf/domain_conf.h: Likewise.
	* src/driver.h: Likewise.
	* src/libvirt.c: Likewise.
	* src/libvirt_private.syms: Likewise.
	* src/libvirt_public.syms: Likewise.
	* src/libxl/libxl_driver.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/remote/remote_driver.c: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* tools/virsh.c: Likewise.
	* src/remote/remote_protocol.x: Likewise.
	* src/remote_protocol-structs: Likewise.
	Suggested by Matthias Bolte.

2011-06-27  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	sysinfo: cleanup function/struct names.
	Fix lack of 'virSysinfo' prefix of functions/structs in src/util/sysinfo.[ch]

	sysinfo: fix lack of error check in virSysinfoFormat().
	Fix lack of error check in virSysinfoFormat().

2011-06-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Partly fix networkxml2argvtest being configure result dependent
	Convert networkDnsmasqLeaseFileName to a replaceable function pointer
	that allow the testsuite to use a version of that function that is not
	depending on configure --localstatedir.
	This fixes 5 of 6 test failures, when configure --localstatedir isn't
	set to /var.

2011-06-27  Osier Yang  <jyang@redhat.com>

	qemu: Remove bogus error codes for NUMA memory tuning
	This is no code between virSaveLastError and virGetLastError will
	set an error, remove the bogus codes.

2011-06-27  Laine Stump  <laine@laine.org>

	network: fix indentation in networkBuildDnsmasqArgv
	This block was inadvertently added with the wrong indentation.

2011-06-27  Ruben Kerkhof  <ruben@rubenkerkhof.com>

	Only include parthelper if built with storage_disk
	Parthelper is only compiled if both --with-libvirtd
	and --with-storage-disk are set.

2011-06-25  Eric Blake  <eblake@redhat.com>

	build: avoid uninitialized variable
	Caught by gcc -O2, during autobuild.sh.
	* src/qemu/qemu_driver.c (qemudDomainGetVcpupinInfo): Initialize vm.

	build: fix VPATH builds
	The build currently fails when trying to create virnetprotocol.c
	into $(builddir)/rpc, which doesn't exist.  But since the file
	is part of the tarball, it should be generated into $(srcdir).
	Caught by autobuild.sh.
	* src/Makefile.am (VIR_NET_RPC_GENERATED): Generate into srcdir.

2011-06-25  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpupin: add query option to virsh vcpupin command
	This patch teaches "virsh vcpupin" command to query if no list
	is given. Its feature is to show CPU affinity information in more
	reader-friendly way.
	 # virsh vcpupin VM --config
	 VCPU: CPU Affinity
	 ----------------------------------
	    0: 1-6,9-20
	    1: 10
	    2: 5,9-11,15-20
	    3: 1,3,5,7,9,11,13,15
	When cpulist is omitted, vcpu number is optional. When vcpu number is
	provided, information of only specified vcpu is displayed.

	vcpuinfo: add the code to fallback to try new API
	The "virsh vcpuinfo" command results in failure when the target domain
	is inactive on KVM. This patch improves this behavior by adding the
	fallback to invoke virDomainGetVcpupinInfo API in case of
	virDomainGetVcpus API returns error and the target domain is inactive.

	vcpupin: implement the remote protocol to address the new API
	This patch implements the remote protocol to address the new API
	(virDomainGetVcpupinInfo).

	vcpupin: implement the code to support new API for the qemu driver
	This patch implements the code to address the new API (virDomainGetVcpupinInfo)
	in the qemu driver.

	vcpupin: introduce the new libvirt API (virDomainGetVcpupinInfo)
	This patch introduces a new libvirt API (virDomainGetVcpupinInfo),
	as a counterpart to virDomainPinVcpuFlags.
	We can use virDomainGetVcpus API to retrieve CPU affinity information,
	but can't use this API against inactive domains (at least in case of KVM),
	as it lacks a flags parameter.
	The usual thing is to add a new virDomainGetVcpusFlags, but that API name
	is already occupied by the counterpart to virDomainGetMaxVcpus, which
	has a completely different signature.
	The virDomainGetVcpupinInfo is the new API to retrieve CPU affinity
	information of active and inactive domains.  While the usual convention
	is to list an array before its length, this API violates that rule
	in order to be more like virDomainGetVcpus (where maxinfo was doing
	double-duty as the length of two different arrays).

2011-06-25  Laine Stump  <laine@laine.org>

	docs: fix indentation of sub-elements of <ip> in network XML
	The sub-elements of <ip> had been placed at the same level of
	indentation as ip itself, implying that they were really elements of
	<network>. Within that, sub-elements of ip/dhcp were also at that same
	level. These have been double-indented.
	At the same time, I realized that the documentation for the new <dns>
	element had been placed right in the middle of the description of the
	sub-elements of <ip>. I moved it up out of the way.

2011-06-25  Eric Blake  <eblake@redhat.com>

	buf: protect against integer overflow
	It's unlikely that we'll ever want to escape a string as long as
	INT_MAX/6, but adding this check can't hurt.
	* src/util/buf.c (virBufferEscapeSexpr, virBufferEscapeString):
	Check for (unlikely) overflow.

	remote: protect against integer overflow
	Integer overflow and remote code are never a nice mix.
	This has existed since commit 56cd414.
	* src/libvirt.c (virDomainGetVcpus): Reject overflow up front.
	* src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow
	on sending rpc.
	* daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on
	receiving rpc.

	build: update gnulib for intprops
	Done as a separate commit to make backporting the next patch easier.
	We are already using "intprops.h", but this makes it explicit.
	* .gnulib: Update, for syntax-check fix.
	* bootstrap.conf (gnulib_modules): Make intprops use explicit.
	* src/locking/domain_lock.c (includes): Drop unused header.
	* src/nwfilter/nwfilter_learnipaddr.c (includes): Use "", not <>,
	for gnulib.

	build: avoid long line tests
	'make syntax-check' regression introduced in commit 60b9c69.
	* tests/networkxml2argvdata/*.argv: Break long lines.

2011-06-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	Rename iface(G|S)etMacaddr to iface(G|S)etMacAddress for consistency

	Fix typo in libvirt_private.syms
	Triggered a linker error on MinGW.

2011-06-25  Michal Novotny  <minovotn@redhat.com>

	Network: Add support for DNS hosts definition to the network XML
	This commit introduces names definition for the DNS hosts file using
	the following syntax:
	  <dns>
	    <host ip="192.168.1.1">
	      <name>alias1</name>
	      <name>alias2</name>
	    </host>
	  </dns>
	Some of the improvements and fixes were done by Laine Stump so
	I'm putting him into the SOB clause again ;-)

	Network: Add additional hosts internal infrastructure

	Network: Add regression tests for the command-line arguments
	The regression testing done by comparison of command-line
	generated from the network XML file and the expected
	command-line arguments (read from file).

	Network: modify dnsmasq commandline build function to allow testing
	The dnsmasq commandline was being built as a part of running
	dnsmasq. This patch puts the commandline build into a separate
	function (and exports it as a private API) making it possible to build
	a dnsmasq commandline without executing it, so that we can write a
	test program to verify that the proper commandlines are being created.

	Add TXT record support for virtual DNS service
	This commit introduces the <dns> element and <txt> record for the
	virtual DNS network. The DNS TXT record can be defined using following
	syntax in the network XML file:
	  <dns>
	    <txt name="example" value="example value" />
	  </dns>
	Also, the Relax-NG scheme has been altered to allow the texts without
	spaces only for the name element and some nitpicks about memory
	free'ing have been fixed by Laine so therefore I'm adding Laine to the
	SOB clause ;-)

2011-06-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	python: Don't declare Py_ssize_t for Python 2.6
	Commit cd48c3f4e95597 added a Py_ssize_t typedef for Python < 2.7.
	But Py_ssize_t was added in Python 2.5. This makes the build fail
	for Python 2.6.
	Adjust the check to match Python < 2.5 to fix this.

	tests: Improve IPv6 detection for virNetSocket tests
	getifaddrs can return an IPv6 address, but getaddrinfo can fail
	for an IPv6 address. Cover this combination.

2011-06-25  Jamie Strandboge  <jamie@canonical.com>

	Move load of AppArmor profile to GenLabel()
	Commit 12317957ecd6c37a2fb16275dcdeeacfe25c517 introduced an incompatible
	architectural change for the AppArmor security driver. Specifically,
	virSecurityManagerSetAllLabel() is now called much later in
	src/qemu/qemu_process.c:qemuProcessStart(). Previously, SetAllLabel() was
	called immediately after GenLabel() such that after the dynamic label (profile
	name) was generated, SetAllLabel() would be called to create and load the
	AppArmor profile into the kernel before qemuProcessHook() was executed. With
	12317957ecd6c37a2fb16275dcdeeacfe25c517, qemuProcessHook() is now called
	before SetAllLabel(), such that aa_change_profile() ends up being called
	before the AppArmor profile is loaded into the kernel (via ProcessLabel() in
	qemuProcessHook()).
	This patch addresses the change by making GenLabel() load the AppArmor
	profile into the kernel after the label (profile name) is generated.
	SetAllLabel() is then adjusted to only reload_profile() and append stdin_fn to
	the profile when it is specified. This also makes the AppArmor driver work
	like its SELinux counterpart with regard to SetAllLabel() and stdin_fn.
	Bug-Ubuntu: https://launchpad.net/bugs/801569

2011-06-24  Eric Blake  <eblake@redhat.com>

	docs: document correct flag name
	When adding virDomainGetVcpusFlags in commit ea3f5c6, I did
	enough rebasing that the doc comments in libvirt.c no longer
	matched the final chosen enum names in libvirt.h.
	And now we've gone ahead and deprecated the names
	VIR_DOMAIN_VCPU_{LIVE,CONFIG}.
	* src/libvirt.c (virDomainGetVcpusFlags): Fix comment.

	Revert "Add new API virDomainBlockPull* to headers"
	This reverts commit 7d56a16d036d9aa7292e10e884c129742036f8a7.
	Conflicts:
		python/generator.py
		src/libvirt_public.syms

	Revert "virDomainBlockPull: Implement the main entry points"
	This reverts commit 6419f596e114ee9f372136cc2b9eb19f1cbb7a77.

	Revert "Add virDomainBlockPull support to the remote driver"
	This reverts commit d1693bb160ea78954592c45a40eb856190c619c8.
	Conflicts:
		daemon/remote.c
		src/remote/remote_driver.c
		src/remote/remote_protocol.x

	Revert "Implement virDomainBlockPull for the qemu driver"
	This reverts commit 784ee08d2220d2a77424d5fc756b6eebe8efd5fa.

	Revert "Enable the virDomainBlockPull API in virsh"
	This reverts commit 3e2493ce28b7e20416e916fdf893a9569c267925.

	Revert "Enable virDomainBlockPull in the python API."
	This reverts commit d74b86f5d6ecae3d18a391f90a918fcac75914db.
	Conflicts:
		python/generator.py

	Revert "Asynchronous event for BlockPull completion"
	This reverts commit 12cd77a0c58a80179182f7d09e8e73f9f66b4677.
	Conflicts:
		python/libvirt-override-virConnect.py
		python/libvirt-override.c
		src/remote/remote_protocol.x

	build: avoid python 2.4 build failure
	I'm not sure when Py_ssize_t was introduced; but Fedora 14 Python 2.7
	has it, while RHEL 5 Python 2.4 lacks it.  It should be easy enough
	to adjust if someone runs into problems.
	* python/typewrappers.h (Py_ssize_t): Define for older python.

	build: fix NUMA build on RHEL 5
	Use NUMA's older nodemask_t (fixed-size map) rather than the newer
	'struct bitmask' (variable-size) in order to still compile on RHEL 5,
	with its numactl-devel-0.9.8.
	* src/qemu/qemu_process.c [HAVE_NUMA]: Prefer back-compat mode.
	(qemuProcessInitNumaMemoryPolicy): Use older nodemask_t.

2011-06-24  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	Add Memory Device Information to virSysinfoRead() from dmidecode type 17
	* src/util/sysinfo.[ch]: also parse and save all the SMBIOS informations
	  about memory modules

	Add Processor Information to virSysinfoRead() from dmidecode type 4
	* src/util/sysinfo.c: add parsing and formatting of processor
	  information data

	Cleanup virSysinfoRead()
	* src/util/sysinfo.c: Separate BIOSInfo and SystemInfo part from
	                      virSysinfoRead()

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Make sure virnetprotocol.[ch] are in BUILT_SOURCES
	To ensure virnetprotocol.[ch] are generated before any other
	files, add them to BUILT_SOURCES and MAINTAINERCLEANFILES.
	At the same time, move ESX_DRIVER_GENERATED out of DISTCLEAN
	and into MAINTAINERCLEANFILES, since they are included in
	EXTRA_DIST
	* src/Makefile.am: Add virnetprotocol.[ch] to BUILT_SOURCES

2011-06-24  Eric Blake  <eblake@redhat.com>

	maint: typo fixes
	* src/xenxs/xen_sxpr.c (xenParseSxprPCI): Comment fix.
	* tests/object-locking.ml (driverTables): Likewise.
	* tests/testutils.c (virtTestDifferenceBin): Likewise.

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix some bugs in RPC protocol make rules
	The Makefile.am rules for generating RPC protocol had a couple
	of bugs
	 - A instance of remote/rpcgen_fix.pl  was not changed
	   to rpc/genprotocol.pl
	 - A dep from rpc/virnetmessage.h on the generated
	   rpc/virnetprotocol.h was missing
	 - The generated rpc/virnetprotocol.[ch] were not listed
	   in MAINTAINERCLEANFILES
	* Makefile.am: Fix RPC protocol generation

	Add missing translation of error message from QEMU reboot patch
	* src/qemu/qemu_process.c: Add missing _(...)

	Fix job type set in qemuMigrationPrepareDirect/PrepareTunnel
	The qemuMigrationPrepareDirect/PrepareTunnel methods accidentally
	set the domain job to  QEMU_JOB_MIGRATION_OUT when it should have
	been  QEMU_JOB_MIGRATION_IN. This didn't have any ill-effect, but
	it is none-the-less wrong.
	* src/qemu/qemu_migration.c: Fix job type

	Avoid high privileges taint warning for QEMU session driver
	The code emitting taint warnings was mistakenly thinking
	that guests run from the QEMU session driver were tainted
	for having high privileges. This is of course nonsense
	since the session driver is always unprivileged
	* src/qemu/qemu_domain.c: Don't warn for high privileges in
	  non-privileged QEMU

	Allow automatic kill of guests when a connection is closed
	If an application is using libvirt + KVM as a piece of its
	internal infrastructure to perform a specific task, it can
	be desirable to guarentee the VM dies when the virConnectPtr
	disconnects from libvirtd. This ensures the app can't leak
	any VMs it was using. Adding VIR_DOMAIN_START_AUTOKILL as
	a flag when starting guests enables this to be done.
	* include/libvirt/libvirt.h.in: All VIR_DOMAIN_START_AUTOKILL
	* src/qemu/qemu_driver.c: Support automatic killing of guests
	  upon connection close
	* tools/virsh.c: Add --autokill flag to 'start' and 'create'
	  commands

	Automatically kill target QEMU if migration aborts abnormally
	Migration is a multi-step process
	  1. Begin(src)
	  2. Prepare(dst)
	  3. Perform(src)
	  4. Finish(dst)
	  5. Confirm(src)
	At step 2, a QEMU process is lauched in the destination to
	accept the incoming migration. Occasionally the process
	that is controlling the migration workflow aborts, and fails
	to call step 4, Finish. This leaves a QEMU process running
	on the target (albeit with paused CPUs). Unfortunately because
	step 2 actives a job on the QEMU process, it is unkillable by
	normal means.
	By registering the VM for autokill against the src virConnectPtr
	in step 2, we can ensure that the guest is forcefully killed off
	if the connection is closed without step 4 being invoked
	* src/qemu/qemu_migration.c: Register autokill in PrepareDirect
	  and PrepareTunnel. Unregister autokill on successful run
	  of Finish
	* src/qemu/qemu_process.c: Unregister autokill when stopping a
	  process

	Add infrastructure to automatically destroy guests when a connection closes
	Sometimes it is useful to be able to automatically destroy a guest when
	a connection is closed. For example, kill an incoming migration if
	the client managing the migration dies. This introduces a map between
	guest 'uuid' strings and virConnectPtr objects. When a connection is
	closed, any associated guests are killed off.
	* src/qemu/qemu_conf.h: Add autokill hash table to qemu driver
	* src/qemu/qemu_process.c, src/qemu/qemu_process.h: Add APIs
	  for performing autokill of guests associated with a connection
	* src/qemu/qemu_driver.c: Initialize autodestroy map

	Support reboots with the QEMU driver
	For controlled shutdown we issue a 'system_powerdown' command
	to the QEMU monitor. This triggers an ACPI event which (most)
	guest OS wire up to a controlled shutdown. There is no equiv
	ACPI event to trigger a controlled reboot. This patch attempts
	to fake a reboot.
	 - In qemuDomainObjPrivatePtr we have a bool fakeReboot
	   flag.
	 - The virDomainReboot method sets this flag and then
	   triggers a normal 'system_powerdown'.
	 - The QEMU process is started with '-no-shutdown'
	   so that the guest CPUs pause when it powers off the
	   guest
	 - When we receive the 'POWEROFF' event from QEMU JSON
	   monitor if fakeReboot is not set we invoke the
	   qemuProcessKill command and shutdown continues
	   normally
	 - If fakeReboot was set, we spawn a background thread
	   which issues 'system_reset' to perform a warm reboot
	   of the guest hardware. Then it issues 'cont' to
	   start the CPUs again
	* src/qemu/qemu_command.c: Add -no-shutdown flag if
	  we have JSON support
	* src/qemu/qemu_domain.h: Add 'fakeReboot' flag to
	  qemuDomainObjPrivate struct
	* src/qemu/qemu_driver.c: Fake reboot using the
	  system_powerdown command if JSON support is available
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  binding for system_reset command
	* src/qemu/qemu_process.c: Reset the guest & start CPUs if
	  fakeReboot is set

	Move the RPC generator scripts into src/rpc
	Move the daemon/remote_generator.pl to src/rpc/gendispatch.pl
	and move the src/remote/rpcgen_fix.pl to src/rpc/genprotocol.pl
	* daemon/Makefile.am: Update for new name/location of generator
	* src/Makefile.am: Update for new name/location of generator

	Introduce generic RPC client objects
	To facilitate creation of new clients using XDR RPC services,
	pull alot of the remote driver code into a set of reusable
	objects.
	 - virNetClient: Encapsulates a socket connection to a
	   remote RPC server. Handles all the network I/O for
	   reading/writing RPC messages. Delegates RPC encoding
	   and decoding to the registered programs
	 - virNetClientProgram: Handles processing and dispatch
	   of RPC messages for a single RPC (program,version).
	   A program can register to receive async events
	   from a client
	 - virNetClientStream: Handles generic I/O stream
	   integration to RPC layer
	Each new client program now merely needs to define the list of
	RPC procedures & events it wants and their handlers. It does
	not need to deal with any of the network I/O functionality at
	all.

	Introduce generic RPC module for advertising via MDNS
	Allow RPC servers to advertise themselves using MDNS,
	via Avahi
	* src/rpc/virnetserver.c, src/rpc/virnetserver.h: Allow
	  registration of MDNS services via avahi
	* src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h: Add
	  API to fetch the listen port number
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add API to
	  fetch the local port number
	* src/rpc/virnetservermdns.c, src/rpc/virnetservermdns.h: Represent
	  an MDNS advertisement

	Introduce generic RPC server objects
	To facilitate creation of new daemons providing XDR RPC services,
	pull a lot of the libvirtd daemon code into a set of reusable
	objects.
	 * virNetServer: A server contains one or more services which
	   accept incoming clients. It maintains the list of active
	   clients. It has a list of RPC programs which can be used
	   by clients. When clients produce a complete RPC message,
	   the server passes this onto the corresponding program for
	   handling, and queues any response back with the client.
	 * virNetServerClient: Encapsulates a single client connection.
	   All I/O for the client is handled, reading & writing RPC
	   messages.
	 * virNetServerProgram: Handles processing and dispatch of
	   RPC method calls for a single RPC (program,version).
	   Multiple programs can be registered with the server.
	 * virNetServerService: Encapsulates socket(s) listening for
	   new connections. Each service listens on a single host/port,
	   but may have multiple sockets if on a dual IPv4/6 host.
	Each new daemon now merely has to define the list of RPC procedures
	& their handlers. It does not need to deal with any network related
	functionality at all.

	Integrate TLS/SASL directly into the socket APIs
	This extends the basic virNetSocket APIs to allow them to have
	a handle to the TLS/SASL session objects, once established.
	This ensures that any data reads/writes are automagically
	passed through the TLS/SASL encryption layers if required.
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Wire up
	  SASL/TLS encryption

	Generic module for handling SASL authentication & encryption
	This provides two modules for handling SASL
	 * virNetSASLContext provides the process-wide state, currently
	   just a whitelist of usernames on the server and a one time
	   library init call
	 * virNetTLSSession provides the per-connection state, ie the
	   SASL session itself. This also include APIs for providing
	   data encryption/decryption once the session is established
	* src/Makefile.am: Add to libvirt-net-rpc.la
	* src/rpc/virnetsaslcontext.c, src/rpc/virnetsaslcontext.h: Generic
	  SASL handling code

	Generic module for handling TLS encryption and x509 certs
	This provides two modules for handling TLS
	 * virNetTLSContext provides the process-wide state, in particular
	   all the x509 credentials, DH params and x509 whitelists
	 * virNetTLSSession provides the per-connection state, ie the
	   TLS session itself.
	The virNetTLSContext provides APIs for validating a TLS session's
	x509 credentials. The virNetTLSSession includes APIs for performing
	the initial TLS handshake and sending/recving encrypted data
	* src/Makefile.am: Add to libvirt-net-rpc.la
	* src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h: Generic
	  TLS handling code

	Introduce a generic object for using network sockets
	Introduces a simple wrapper around the raw POSIX sockets APIs
	and name resolution APIs. Allows for easy creation of client
	and server sockets with correct usage of name resolution APIs
	for protocol agnostic socket setup.
	It can listen for UNIX and TCP stream sockets.
	It can connect to UNIX, TCP streams directly, or indirectly
	to UNIX sockets via an SSH tunnel or external command
	* src/Makefile.am: Add to libvirt-net-rpc.la
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Generic
	  sockets APIs
	* tests/Makefile.am: Add socket test
	* tests/virnetsockettest.c: New test case
	* tests/testutils.c: Avoid overriding LIBVIRT_DEBUG settings
	* tests/ssh.c: Dumb helper program for SSH tunnelling tests

	Provide a simple object for encoding/decoding RPC messages
	This provides a new struct that contains a buffer for the RPC
	message header+payload, as well as a decoded copy of the message
	header. There is an API for applying a XDR encoding & decoding
	of the message headers and payloads. There are also APIs for
	maintaining a simple FIFO queue of message instances.
	Expected usage scenarios are:
	To send a message
	   msg = virNetMessageNew()
	   ...fill in msg->header fields..
	   virNetMessageEncodeHeader(msg)
	   ...loook at msg->header fields to determine payload filter
	   virNetMessageEncodePayload(msg, xdrfilter, data)
	   ...send msg->bufferLength worth of data from buffer
	To receive a message
	   msg = virNetMessageNew()
	   ...read VIR_NET_MESSAGE_LEN_MAX of data into buffer
	   virNetMessageDecodeLength(msg)
	   ...read msg->bufferLength-msg->bufferOffset of data into buffer
	   virNetMessageDecodeHeader(msg)
	   ...look at msg->header fields to determine payload filter
	   virNetMessageDecodePayload(msg, xdrfilter, data)
	   ...run payload processor
	* src/Makefile.am: Add to libvirt-net-rpc.la
	* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h: Internal
	  message handling API.
	* testutils.c, testutils.h: Helper for printing binary differences
	* virnetmessagetest.c: Validate all XDR encoding/decoding

	Defines the basics of a generic RPC protocol in XDR
	This patch defines the basics of a generic RPC protocol in XDR.
	This is wire ABI compatible with the original remote_protocol.x.
	It takes everything except for the RPC calls / events from that
	protocol
	 - The basic header virNetMessageHeader (aka remote_message_header)
	 - The error object virNetMessageError  (aka remote_error)
	 - Two dummy objects virNetMessageDomain & virNetMessageNetwork
	   sadly needed to keep virNetMessageError ABI compatible with
	   the old remote_error
	The RPC protocol supports method calls, async events and
	bidirectional data streams as before
	* src/Makefile.am: Add rules for generating RPC code from
	  protocol & define a new libvirt-net-rpc.la helper library
	* src/rpc/virnetprotocol.x: New generic RPC protocol

2011-06-24  Eric Blake  <eblake@redhat.com>

	build: avoid python 2.4 build failure
	On RHEL 5, I got:
	/usr/bin/python ./generator.py /usr/bin/python
	  File "./generator.py", line 427
	    "virStreamFree", # Needed in custom virStream __del__, but free shouldn't
	                   ^
	SyntaxError: invalid syntax
	* python/generator.py (function_skip_python_impl): Use same syntax
	as other skip lists.

	build: avoid compiler failure
	GCC complained about a C99 for-loop declaration outside of C99 mode
	when compiling on RHEL 5.
	* src/qemu/qemu_driver.c (qemudDomainPinVcpuFlags): Avoid C99 for
	loop, since gcc 4.1.2 hates it.

2011-06-24  David S. Wang  <dwang2@cisco.com>

	documenting the 802.1Qbh parameters of a 'direct' interface
	This patch adds documentation about the 802.1Qbh related parameters
	of the virtualport element for 'direct' interfaces.

2011-06-24  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	Gnulib has been busy, with 397 commits; it's easier to update now
	even without any known libvirt issue to be fixed, rather than
	having to analyze an even larger changeset later on.
	* .gnulib: Update to latest, for lots of changes.
	* bootstrap: Synchronize to upstream.

2011-06-23  Stefan Berger  <stefanb@us.ibm.com>

	build: fix compilation on systems missing libnl and new includes
	This patch fixes the compilation of netlink.c and interface.c on those
	systems missing either libnl or that have an older linux/if_link.h
	include file not supporting macvtap or VF_PORTS.
	WITH_MACVTAP is '1' if newer include files were detected, '0' otherwise.
	IFLA_PORT_MAX is defined in linux/if_link.h if yet more functionality is
	supported.

2011-06-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	configure: Make libnl optional unless macvtap is required
	If macvtap is required then libnl has to be available, otherwise
	libnl is optional.

2011-06-23  Cole Robinson  <crobinso@redhat.com>

	python: Generate virStreamFree but don't expose in bindings
	Turns out I was right in removing this the first time :) This is
	needed in our custom __del__ function, but the C code wasn't
	being generated. Add new infrastructure to do what we want

2011-06-23  Eric Blake  <eblake@redhat.com>

	maint: avoid future setgid problems
	* cfg.mk (sc_prohibit_setuid)
	(exclude_file_name_regexp--sc_prohibit_setuid): New rule.
	(VC_LIST_ALWAYS_EXCLUDE_REGEX): Always exempt po files.
	(exclude_file_name_regexp--sc_prohibit_asprintf): Simplify.
	(exclude_file_name_regexp--sc_prohibit_can_not): Drop.
	(exclude_file_name_regexp--sc_prohibit_doubled_word): Likewise.

2011-06-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Make virConnectClose comply to apibuild.py expectations
	apibuild.py expects a sentence that starts with "Returns"
	describing the return value of a function.

2011-06-23  Osier Yang  <jyang@redhat.com>

	util: Fix memory leak in virJSONParserHandleStartMap

	qemu: Fix memory leak in qemuProcessWaitForMonitor
	Move "VIR_FREE(buf) into label "closelog", so that "buf" could be
	freed before returning.

2011-06-23  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Only check for NUMA availability if required
	We only care about NUMA availability if NUMA configuration is requested
	in domain XML.

2011-06-23  Matthew Booth  <mbooth@redhat.com>

	storage: fix volDelete return when volume still being allocated
	volDelete used to return VIR_ERR_INTERNAL_ERROR when attempting to
	delete a volume which was still being allocated. It should return
	VIR_ERR_OPERATION_INVALID.
	* src/storage/storage_driver.c: Fix return of volDelete.

2011-06-23  Eric Blake  <eblake@redhat.com>

	util: avoid PATH_MAX-sized array
	See previous patch for why this is good...
	* src/util/pci.c (struct _pciDevice, pciGetDevice, pciFreeDevice):
	Manage path dynamically.  Report snprintf overflow.
	* src/util/hostusb.c (struct _usbDevice, usbGetDevice)
	(usbFreeDevice): Likewise.

	xen: avoid PATH_MAX-sized array
	See previous patch for why this is good...
	* src/xen/xen_driver.h (xenXMConfCache): Manage filename
	dynamically.
	* src/xen/xm_internal.c (xenXMConfigCacheAddFile)
	(xenXMConfigFree, xenXMDomainDefineXML): Likewise.

	tests: avoid PATH_MAX-sized array
	See previous patch for why this is good...
	* src/test/test_driver.c (struct _testConn, testOpenFromFile)
	(testClose): Manage path dynamically.

	virStorageVol: avoid PATH_MAX-sized array
	POSIX allows implementations where PATH_MAX is undefined, leading
	to compilation error.  Not to mention that even if it is defined,
	it is often wasteful in relation to the amount of data being stored.
	All clients of vol->key were audited, and found not to care about
	whether key is static or dynamic, except for these offenders:
	* src/datatypes.h (struct _virStorageVol): Manage key dynamically.
	* src/datatypes.c (virReleaseStorageVol): Free key.
	(virGetStorageVol): Copy key.

	maint: add omitted copyright header
	Bug introduced in commit 6a597883.
	* src/util/netlink.h: Add boilerplate.

	docs: fix docs to match behavior of virConnectClose
	* src/libvirt.c (virConnectClose): Mention reference count return.
	Reported by Michal Novotny, analyzed by Matthias Bolte.

2011-06-23  Stefan Berger  <stefanb@us.ibm.com>

	cleanup: make several interface functions commonly available
	In a second cleanup step this patch makes several interface functions from macvtap.c commonly available by moving them into interface.c and prefixing their names with 'iface'. Those functions taking Linux-specific structures as parameters are only visible on Linux.
	ifaceRestoreMacAddress returns the return code from the ifaceSetMacAddr call and display an error message if setting the MAC address did not work. The caller is unchanged and still ignores the return code (which is ok).

	cleanup: make nlComm commonly available
	In a first cleanup step, make nlComm from macvtap.c commonly available
	for other code to use. Since nlComm uses Linux-specific structures as
	parameters it's prototype is only visible on Linux.

2011-06-23  Eric Blake  <eblake@redhat.com>

	maint: remove syntax-check exception
	We weren't using the @FOO@ notation for a Makefile substitution,
	but instead for a sed rule, so using [@]FOO@ instead avoids the
	need to exempt this syntax check.
	* cfg.mk (_makefile_at_at_check_exceptions): Delete.
	* tools/Makefile.am (virt-xml-validate, virt-pki-validate): Avoid
	tripping syntax-check.
	Reported by Daniel P. Berrange.

2011-06-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix use-after-free in handling domain taint flags
	* src/conf/domain_conf.c: Fix use after free

	Remove macvtap dependency on domain configuration
	Files under src/util must not depend on src/conf
	Solve the macvtap problem by moving the definition
	of macvtap modes from domain_conf.h into macvtap.h
	* src/util/macvtap.c, src/util/macvtap.h: Add enum
	  for macvtap modes
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Remove
	  enum for macvtap modes

2011-06-22  Osier Yang  <jyang@redhat.com>

	util: Correct the error prompt string
	virCommandProcessIO: It's reading from stdout or stderr of child,
	but not writing.

	qemu: Fix one memory leak
	* src/qemu/qemu_domain.c: (qemuDomainAppendLog)
	  Free "message" in "cleanup".

2011-06-22  Daniel Veillard  <veillard@redhat.com>

	Fix to python API extractor and API doc generation
	This fixes a number of issues most of them raised by Eric Blake on the
	generated documentation output:
	   - parsing of "long long int" and similar
	   - add parsing of unions within a struct
	   - remove spurious " * " fron comments on structure fields and enums
	   - fix concatenation of base type and name in arrays
	   - extend XSLT to cope with union in structs
	* docs/apibuild.py: fix and extend API extraction tool
	* docs/newapi.xsl: extend the stylesheets to cope with union in
	  public structures

2011-06-22  Michal Privoznik  <mprivozn@redhat.com>

	qemu: domain I/O asynchronous handling
	For virtio disks and interfaces, qemu allows users to enable or disable
	ioeventfd feature. This means, qemu can execute domain code, while
	another thread waits for I/O event. Basically, in some cases it is win,
	in some loss. This feature is available via 'ioeventfd' attribute in disk
	and interface <driver> element. It accepts 'on' and 'off'. Leaving this
	attribute out defaults to hypervisor decision.

2011-06-22  Eric Blake  <eblake@redhat.com>

	build: require newer netcf when it is available
	When building rpms for newer Fedora or RHEL, take advantage of the
	newer netcf packaging to guarantee interface snapshot support.
	* libvirt.spec.in (BuildRequires): Bump minimum version on
	platforms that support netcf 0.1.8.

	virsh: avoid bogus description
	https://bugzilla.redhat.com/show_bug.cgi?id=682121
	Gettext reserves the empty string for internal use, and it must
	not be passed through _().  We were violating this for commands
	that (for whatever reason) used "" for their description.
	* tools/virsh.c (vshCmddefHelp): Don't translate empty string.
	Reported by Tatsuo Kawasaki.

2011-06-21  Dirk Herrendoerfer  <d.herrendoerfer@herrendoerfer.name>

	set and restore MAC address of a NIC when using PASSTHROUGH mode
	The following patch addresses the problem that when a PASSTHROUGH
	mode DIRECT NIC connection is made the MAC address of the NIC is
	not automatically set and reset to the configured VM MAC and
	back again.
	The attached patch fixes this problem by setting and resetting the MAC
	while remembering the previous setting while the VM is running.
	This also works if libvirtd is restarted while the VM is running.
	the patch passes make syntax-check

2011-06-21  Cole Robinson  <crobinso@redhat.com>

	python: Mark event callback wrappers as private
	These functions aren't intended to be called directly by users, so mark
	them as private.
	While we're at it, remove unneeded exception handling, and break some
	long lines.

	python: events: Fix C->Python handle callback prototype
	If registering our own event loop implementation written in python,
	any handles or timeouts callbacks registered by libvirt C code must
	be wrapped in a python function. There is some argument trickery that
	makes this all work, by wrapping the user passed opaque value in
	a tuple, along with the callback function.
	Problem is, the current setup requires the user's event loop to know
	about this trickery, rather than just treating the opaque value
	as truly opaque.
	Fix this in a backwards compatible manner, and adjust the example
	python event loop to do things the proper way.

	python: Add bindings for virEvent*Handle/Timeout

	events: Correct virEventAddTimeout docs

	Promote virEvent*Handle/Timeout to public API
	Since we virEventRegisterDefaultImpl is now a public API, callers need
	a way to invoke the default registered Handle and Timeout functions. We
	already have general functions for these internally, so promote
	them to the public API.
	v2:
	    Actually add APIs to libvirt.h

	python: Implement virStreamSend/RecvAll helpers
	Pure python implementation. The handler callbacks have been altered
	a bit compared to the C API: RecvAll doesn't pass length of the data read
	since that can be trivially obtained from python string objects, and SendAll
	requires the handler to return the string data to send rather than
	store the data in a string pointer.

	python: Implement virStreamSend/Recv
	The return values for the python version are different that the C version
	of virStreamSend: on success we return a string, an error raises an exception,
	and if the stream would block we return int(-2). We need to do this
	since strings aren't passed by reference in python.

2011-06-21  Osier Yang  <jyang@redhat.com>

	conf: Make full use of goto label
	* virDomainDefParse: There is a goto label "no_memory", which
	reports OOM error, and then fallthrough label "error". This
	patch changes things like following:
	    virReportOOMError();
	    goto error;
	into:
	    goto no_memory;

	conf: Fix one memory leak
	Free def->numatune.memory.nodemask in virDomainDefFree.

2011-06-21  Cole Robinson  <crobinso@redhat.com>

	python: Implement bindings for virStreamEventAddCallback
	v2:
	    Don't generate virStreamFree

	python: generator: Don't print warning if nothing to warn about

	python: libvirt-override: use simpler debug
	In a couple instances we have to mark a debug variable as ATTRIBUTE_UNUSED
	to avoid warnings.
	v2:
	    Use #if 0 to comment out debug define

2011-06-21  Eric Blake  <eblake@redhat.com>

	virsh: enhance snapshot-create-as
	Similar to pool-create-as.
	* tools/virsh.c (cmdSnapshotCreateAs): Add --print-xml.
	* tools/virsh.pod: Document it.

	virsh: add snapshot-create-as command
	Producing an xml file just for name and description fields is
	overkill; this makes life easier from virsh.
	* tools/virsh.c (cmdSnapshotCreateAs): New command.
	(snapshotCmds): Install it.
	* tools/virsh.pod: Document it.

	virsh: clarify snapshot vs. save
	* tools/virsh.c (info_snapshot_create, info_save): Clarify
	description.
	* tools/virsh.pod (save): Likewise.

2011-06-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix compile warnings in virsh vcpupin
	The 'char *cur' variable was being assigned from a
	'const char *' string, thus discarding constness.
	As well as causing a compile warning, it masked a
	piece of code which attempts to assign to the
	previously const string.
	* tools/virsh.c: Fix const-ness of 'cur' variable in vcpupin

2011-06-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Allow to annotate arrays with typecasts
	Removes special case code from the generator and handle additional
	methods.
	The generated version of remoteDispatchDomainPinVcpu(Flags) has no
	length check, but this check was useless anyway as it was applied to
	data that was already deserialized from its XDR form.

	remote: Handle functions that return optional strings

	remote: Generate virDomainGetBlockPullInfo
	It was already generatable but skipped.

2011-06-20  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpupin: add vcpupin resetting feature to qemu driver
	Pinning to all physical cpus means resetting, hence it is preferable to
	delete vcpupin setting of XML.
	This patch changes qemu driver to delete vcpupin setting by invoking
	virDomainVcpupinDel API when pinning the specified virtual cpu to
	all host physical cpus.

	vcpupin: add virDomainVcpupinDel function
	This patch add the private API (virDomainVcpupinDel).
	This API can delete the vcpupin setting of a specified virtual cpu.

	vcpupin: add reset option to virsh vcpupin command
	When resetting vcpupin setting, we have to specify all host physical
	cpus as a cpulist parameter of virsh vcpupin command. It's a little
	tedious.
	This patch changes to allow to receive the special keyword 'r' as a cpulist
	parameter of virsh vcpupin command when resetting vcpupin setting.
	If you set the following:
	 # virsh vcpupin VM 0 r
	the vcpu0 will be pinned to all physical cpus.

	vcpupin: improve vcpupin definition of virsh vcpupin
	When using vcpupin command, we have to speficy comma-separated list as cpulist,
	but this is tedious in case the number of phsycal cpus is large.
	This patch improves this by introducing special markup "-" and "^" which are
	similar to XML schema of "cpuset" attribute.
	The example:
	 # virsh vcpupin Guest 0 0-15,^8
	 is identical to
	 # virsh vcpupin Guest 0 0,1,2,3,4,5,6,7,9,10,11,12,13,14,15
	NOTE: The expression is sequentially evaluated, so "0-15,^8" is not identical
	to "^8,0-15".

2011-06-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix preprocessor indentation in nodeinfo.c

	Move XenAPI driver to correct spec file section
	The XenAPI driver works like the ESX and PHyp driver by using its
	own HTTPS based remote protocol.

2011-06-20  Osier Yang  <jyang@redhat.com>

	numatune: Add tests for numatune XML
	Only add tests for qemuxmlargvtest.c, as there is no qemu command line
	for numatune XML, just want to make sure the XML could be validated
	well.

	numatune: Support NUMA memory tuning in qemu driver
	Implemented as setting NUMA policy between fork and exec as a hook,
	using libnuma. Only support memory tuning on domain process currently.
	For the nodemask out of range, will report soft warning instead of
	hard error in libvirt layer. (Kernel will be silent as long as one
	of set bit in the nodemask is valid on the host. E.g. For a host
	has two NUMA nodes, kernel will be silent for nodemask "01010101").
	So, soft warning is the only thing libvirt can do, as one might want
	to specify the numa policy prior to a node that doesn't exist yet,
	however, it may come as hotplug soon.

	numatune: Support persistent XML for numatune
	* src/conf/domain_conf.h: Introduce one new struct for representing
	NUMA tuning related stuffs.
	* src/conf/domain_conf.c: Parse and format numatune XML.

	numatune: Add doc for new numatune XML

	numatune: Define XML schema
	Example XML:
	<numatune>
	  <memory mode="strict" nodeset="0-10,^4"/>
	</numatune>
	Please enter the commit message for your changes. Lines starting

2011-06-20  Hu Tao  <hutao@cn.fujitsu.com>

	Update qemuDomainSetBlkioParameters to use flags

	update qemuDomainGetBlkioParameters to use flags

	Add new parameters for blkiotune
	Add --config, --live and --current for command blkiotune

2011-06-20  Wen Congyang  <wency@cn.fujitsu.com>

	build: fix building error when building without libvirtd
	When building libvirt without libvirtd, we will receive the following error
	message:
	make[3]: Entering directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.2/tools'
	  CC     virsh-virsh.o
	  CC     virsh-console.o
	  GEN    virt-xml-validate
	  GEN    virt-pki-validate
	  CCLD   virsh
	./src/.libs/libvirt.so: undefined reference to `numa_available'
	./src/.libs/libvirt.so: undefined reference to `numa_max_node'
	collect2: ld returned 1 exit status
	The reason is that: we check numactl only when building qemu driver, and qemu
	driver will not be built when bulding without libvirtd. So with_numactl's
	value is check and we will not link libnuma.so.
	In the other function, we call numa_available() and numa_max_node() only
	when HAVE_NUMACTL is 1. We should do the same check in the function nodeGetMemoryStats().

2011-06-20  Jamie Strandboge  <jamie@canonical.com>

	apparmor: implement AppArmorSetFDLabel()
	During a savevm operation, libvirt will now use fd migration if qemu
	supports it. When the AppArmor driver is enabled, AppArmorSetFDLabel()
	is used but since this function simply returns '0', the dynamic AppArmor
	profile is not updated and AppArmor blocks access to the save file. This
	patch implements AppArmorSetFDLabel() to get the pathname of the file by
	resolving the fd symlink in /proc, and then gives that pathname to
	reload_profile(), which fixes 'virsh save' when AppArmor is enabled.
	Reference: https://launchpad.net/bugs/795800

2011-06-17  Daniel P. Berrange  <berrange@redhat.com>

	Add missing checks for NULL in domain lock manager
	The domain lock manager forgot to include a bunch of checks
	for NULL which could occur on OOM
	* src/locking/domain_lock.c: Add checks for NULL

	Fix errno return in safezero()
	Most of the safezero() implementations return -1 on error,
	setting errno. The safezero() impl using posix_fallocate()
	though returned a positive errno value on error (due to
	the unusual API contract of posix_fallocate() compared to
	most syscall APIs).
	* src/util/util.c: Ensure safezero() returns -1 and sets
	  errno on error.
	* src/storage/storage_backend.c: Change safezero != 0 to
	  < 0 for detecting errors

	Add missing error reporting when loading mac filter config for QEMU
	If the 'mac_filter' configuration parameter is enabled, and there
	is a failure to enable filtering, no error is reported back to
	the caller. Also fix some bogus whitespace indentation for
	hugetlbfs_mount
	* src/qemu/qemu_conf.c: Add missing error reporting

2011-06-17  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Add support for virDomainGetControlInfo

	qemu: Implement virDomainGetControlInfo

	Wire protocol and remote driver for virDomainGetControlInfo

	Introduce virDomainGetControlInfo API
	The API can be used to query current state of an interface to VMM used
	to control a domain. In QEMU world this translates into monitor
	connection.

2011-06-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix documentation of virStreamRecv
	virStreamRecv is for reading.
	Also add some missing punctuation to virStreamSend's documentation.

2011-06-16  Eric Blake  <eblake@redhat.com>

	sendkey: use consistent API convention
	Even though rpc uses 'unsigned int' for the _len parameter that
	passes the length of item<length>, the public libvirt APIs all
	use 'int' and filter out lengths < 0, except for virDomainSendKey.
	* include/libvirt/libvirt.h.in (virDomainSendKey): All other APIs
	use int for array length.
	* src/libvirt.c (virDomainSendKey): Adjust.
	* src/driver.h (virDrvDomainSendKey): Likewise.
	* daemon/remote_generator.pl: Likewise.

	build: export correct function names
	Detected by autobuild.sh, when targetting mingw.
	Introduced in commit 98bfdff.
	* src/libvirt_private.syms: Fix typos.

	build: avoid compiler warning on non-Linux
	Detected by autobuild.sh when cross-building for mingw.
	Introduced in commits ce76e85 and af35cec.
	* src/nodeinfo.c (nodeGetCPUStats, nodeGetMemoryStats): Mark
	parameters as potentially unused.

2011-06-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Handle struct returning functions better (part 2)
	Commit 64000eabedf2 is part 1, that only covered the daemon side by
	accident. Part 2 covers the client side too.

	Fix apibuild.py warnings about missing comment headers
	Also improve wording of some comments.

	remote generator: Handle struct returning functions better
	The position of the struct parameter in the function signature
	differs. Instead of hardcoding the handling for this add an annotation
	to the .x file to define the position.

2011-06-15  Daniel Gollub  <gollub@b1-systems.de>

	support for Xen HVM Viridian (Hyper-V) enlightenment interface
	Introduce libvirt support for Xen HVM Viridian (Hyper-V) enlightenment
	interface guest feature.
	 src/conf/domain_conf.c     |    3 ++-
	 src/conf/domain_conf.h     |    1 +
	 src/xen/xen_hypervisor.c   |   11 +++++++++++
	 src/xenapi/xenapi_driver.c |    2 ++
	 src/xenapi/xenapi_utils.c  |    2 ++
	 src/xenxs/xen_sxpr.c       |    4 ++++
	 src/xenxs/xen_xm.c         |   12 +++++++++++-
	 7 files changed, 33 insertions(+), 2 deletions(-)

2011-06-15  Eric Blake  <eblake@redhat.com>

	virsh: reduce complexity in argv iteration
	This reduces things from O(n^2) to O(n).
	* tools/virsh.c (vshCommandOptArgv): Change signature.
	(cmdEcho): Update caller.
	Based on a patch by Lai Jiangshan.

2011-06-15  Daniel P. Berrange  <berrange@redhat.com>

	Add support for network filter code in LXC driver
	The LXC driver networking uses veth device pairs. These can
	be easily hooked into the network filtering code.
	* src/lxc/lxc_driver.c: Add calls to setup/teardown nwfilter

	Fix allocation of veth's to not skip an index
	The algorithm for autoassigning vethXXX devices, was always
	skipping over the starting dev index when finding a free
	name for the guest device. This should only be done if the host
	device was autoallocated.
	* src/lxc/veth.c: Don't skip over veth indexes

2011-06-15  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Translate boot config into bootindex if possible
	Prefer bootindex=N option for -device over the old way -boot ORDER
	possibly accompanied with boot=on option for -drive. This gives us full
	control over which device will actually be used for booting guest OS.
	Moreover, if qemu doesn't support boot=on, this is the only way to boot
	of certain disks in some configurations (such as virtio disks when used
	together IDE disks) without transforming domain XML to use per device
	boot elements.

2011-06-15  Adam Litke  <agl@us.ibm.com>

	Asynchronous event for BlockPull completion
	When an operation started by virDomainBlockPullAll completes (either with
	success or with failure), raise an event to indicate the final status.  This
	allows an API user to avoid polling on virDomainBlockPullInfo if they would
	prefer to use the event mechanism.
	* daemon/remote.c: Dispatch events to client
	* include/libvirt/libvirt.h.in: Define event ID and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle the new event
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for block_stream completion and emit a libvirt block pull event
	* src/remote/remote_driver.c: Receive and dispatch events to application
	* src/remote/remote_protocol.x: Wire protocol definition for the event
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for BLOCK_STREAM_COMPLETED event
	  from QEMU monitor

	Enable virDomainBlockPull in the python API.
	virDomainBlockPullAll and virDomainBlockPullAbort are handled automatically.
	virDomainBlockPull and virDomainBlockPullInfo require manual overrides since
	they return a custom type.
	* python/generator.py: reenable bindings for this entry point
	* python/libvirt-override-api.xml python/libvirt-override.c:
	  manual overrides
	Acked-by: Daniel P. Berrange <berrange@redhat.com>

	Enable the virDomainBlockPull API in virsh
	Define two new virsh commands:
	 * blockpull: Perform block pull operations (incremental plus start
	              and stop continuous streams)
	 * blockpullinfo: Retrieve progress info for continuous block pull
	Share print_job_progress() with the migration code.
	* tools/virsh.c: implement the new commands

	Implement virDomainBlockPull for the qemu driver
	The virDomainBlockPull* family of commands are enabled by the
	'block_stream' and 'info block_stream' qemu monitor commands.
	* src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement disk
	  streaming by using the stream and info stream text monitor commands
	* src/qemu/qemu_monitor_json.[ch]: implement commands using the qmp monitor
	Acked-by: Daniel P. Berrange <berrange@redhat.com>

	Add virDomainBlockPull support to the remote driver
	The generator can handle DomainBlockPullAll and DomainBlockPullAbort.
	DomainBlockPull and DomainBlockPullInfo must be written by hand.
	* src/remote/remote_protocol.x: provide defines for the new entry points
	* src/remote/remote_driver.c daemon/remote.c: implement the client and
	  server side
	* src/remote_protocol-structs: structure definitions for protocol verification

	virDomainBlockPull: Implement the main entry points
	* src/libvirt.c: implement the main entry points
	Acked-by: Daniel P. Berrange <berrange@redhat.com>

	Add new API virDomainBlockPull* to headers
	Set up the types for the block pull functions and insert them into the
	virDriver structure definition.  Symbols are exported in this patch to prevent
	documentation compile failures.
	* include/libvirt/libvirt.h.in: new API
	* src/driver.h: add the new entry to the driver structure
	* python/generator.py: fix compiler errors, the actual python bindings are
	  implemented later
	* src/libvirt_public.syms: export symbols

2011-06-15  Marc-André Lureau  <marcandre.lureau@gmail.com>

	spice: add <clipboard copypaste='yes|no'> option
	From a security pov copy and paste between the guest and the client is not
	always desirable. So we need to be able to enable/disable this. The best place
	to do this from an administration pov is on the hypervisor, so the qemu cmdline
	is getting a spice disable-copy-paste option, see bug 693645. Example qemu
	invocation:
	qemu -spice port=5932,disable-ticketing,disable-copy-paste
	https://bugzilla.redhat.com/show_bug.cgi?id=693661

2011-06-15  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	virNodeGetMemoryStats: Implement linux support

	virNodeGetMemoryStats: Implement virsh support

	virNodeGetMemoryStats: Implement remote protocol

	virNodeGetMemoryStats: Implement public API

	virNodeGetMemoryStats: Define internal driver API

	virNodeGetMemoryStats: Expose new API

	virNodeGetCPUStats: Implement linux support

	virNodeGetCPUStats: Implement virsh support

	virNodeGetCPUStats: Implement remote protocol

	virNodeGetCPUTime: Implement public API

	virNodeGetCPUStats: Define internal driver API

	virNodeGetCPUStats: Expose new API

2011-06-15  Guido Günther  <agx@sigxcpu.org>

	Skip nodeinfo test on non intel architectures
	since the testfiles assume a /proc/cpuinfo specific to this
	architecture. We e.g. can't parse the number of cores on other
	architectures.

2011-06-15  Michael Chapman  <mike@very.puzzling.org>

	Fix autostart flag when loading running domains
	Drivers load running persistent and transient domain configs before
	inactive persistent domain configs, however only the latter would set a
	domain's autostart flag. This mismatch between the loaded and on-disk
	state could later cause problems with "virsh autostart":
	  # virsh autostart example
	  error: Failed to mark domain example as autostarted
	  error: Failed to create symlink '/etc/libvirt/qemu/autostart/example.xml to '/etc/libvirt/qemu/example.xml': File exists
	This patch ensures the autostart flag is set correctly even when the
	domain is already defined.
	Fixes:
	  https://bugzilla.redhat.com/show_bug.cgi?id=632100
	  https://bugzilla.redhat.com/show_bug.cgi?id=675319

2011-06-15  Lai Jiangshan  <laijs@cn.fujitsu.com>

	send-key: Implementing the remote protocol

	send-key: Implementing the public API

	send-key: Defining the internal API

	send-key: Defining the public API
	Add public virDomainSendKey() and enum libvirt_keycode_set
	for the @codeset.
	Python version of virDomainSendKey() has not been implemented yet,
	it will be done soon.

	remote generator: Handle (unsigned) int arrays

	add VSH_OFLAG_REQ_OPT options
	A VSH_OFLAG_REQ_OPT option means --optionname is required when used.
	It will kill any ambiguity, even a !VSH_OFLAG_REQ option listed before
	a VSH_OFLAG_REQ option, if the !VSH_OFLAG_REQ option is a
	VSH_OFLAG_REQ_OPT option.
	It will help us use optional argument with VSH_OT_ARGV argument.

	allow name for VSH_OT_ARGV options
	A name will improve the usege, example
	# virsh help echo
	  NAME
	    echo - echo arguments
	  SYNOPSIS
	    echo [--shell] [--xml] [<string>]...
	  DESCRIPTION
	    Echo back arguments, possibly with quoting.
	  OPTIONS
	    --shell          escape for shell use
	    --xml            escape for XML use
	    <string>         arguments to echo
	"[<string>]..." is added to SYNOPSIS.
	"<string>         arguments to echo" is added to OPTIONS.

2011-06-15  Ohad Levy  <ohadlevy@gmail.com>

	docs: updated list of applications using libvirt.
	Added:
	* Virt ruby bindings
	* Foreman for provisioning and webui.

2011-06-14  Eric Blake  <eblake@redhat.com>

	storage: avoid an intermediate malloc
	Suggested here:
	https://www.redhat.com/archives/libvir-list/2011-May/msg00594.html
	* src/storage/storage_backend.c (virStorageBackendCreateQemuImg):
	Generate size inline.

	command: avoid double close
	Previously, the parent process opened 'null' to /dev/null, then
	the child process closes 'null' as well as 'childout'.  But if
	childout was set to be null, then this is a double close.  At
	least the double close was confined to the child process after a
	fork, and therefore there is no risk of another thread opening
	an fd of the same value to be bitten by the double close, but it
	is always better to avoid double-close to begin with.
	Additionally, if all three fds were specified, then opening
	'null' was wasted.
	This patch fixes things to lazily open null on the first use,
	then guarantees it gets closed exactly once.
	* src/util/command.c (getDevNull): New helper function.
	(virExecWithHook): Use it to avoid spurious opens and double close.

	command: reduce duplicated debug messages
	This also reduces malloc pressure for invoking a child when
	VIR_DEBUG is enabled.
	* src/util/command.c (virExecWithHook): Drop debug, since the only
	caller (virCommandRunAsync) also prints debug info.

	docs: improve VIR_DOMAIN_AFFECT_CURRENT description
	* include/libvirt/libvirt.h.in (virDomainModificationImpact): Reword.

2011-06-14  Cole Robinson  <crobinso@redhat.com>

	qemu: Fix parsing 'info chardev'
	If qemu supports -chardev, our char frontend aliases are ex. 'charserial0'
	not just 'serial0'. Typically we don't use this code path because the
	pty's are scraped from stdout.

	qemu: Scrape stdout for virtio console pty
	Currently we forget to do this and have to fallback to info chardev (which
	also fails, see following patch)

2011-06-14  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Add daemon version reporting
	'virsh version' might report against which version of libvirtd is
	running.

2011-06-14  Guido Günther  <agx@sigxcpu.org>

	nodeinfo: remove superflous braces
	that break compilation on non intel architectures:
	mips:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=mips&ver=0.9.2-1&stamp=1307570195
	powerpc:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=powerpc&ver=0.9.2-1&stamp=1307550913
	s390:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=s390&ver=0.9.2-1&stamp=1307641748
	sparc:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=sparc&ver=0.9.2-1&stamp=1307552926

2011-06-14  Osier Yang  <jyang@redhat.com>

	util: Cleanup indention problem in virterror.c
	Push under trivial rule.

	qemu: Parse current balloon value returned by query_balloon
	Qemu once supported following memory stats which will returned by
	"query_balloon":
	    stat_put(dict, "actual", actual);
	    stat_put(dict, "mem_swapped_in", dev->stats[VIRTIO_BALLOON_S_SWAP_IN]);
	    stat_put(dict, "mem_swapped_out", dev->stats[VIRTIO_BALLOON_S_SWAP_OUT]);
	    stat_put(dict, "major_page_faults", dev->stats[VIRTIO_BALLOON_S_MAJFLT]);
	    stat_put(dict, "minor_page_faults", dev->stats[VIRTIO_BALLOON_S_MINFLT]);
	    stat_put(dict, "free_mem", dev->stats[VIRTIO_BALLOON_S_MEMFREE]);
	    stat_put(dict, "total_mem", dev->stats[VIRTIO_BALLOON_S_MEMTOT]);
	But it later disabled all the stats except "actual" by commit
	07b0403dfc2b2ac179ae5b48105096cc2d03375a.
	libvirt doesn't parse "actual", so user will always see a empty result
	with "virsh dommemstat $domain". Even qemu haven't disabled the stats,
	we should support parsing "actual".

2011-06-14  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpupin: Fix cpu affinity setting bug of qemu driver
	There is the case where cpu affinites for vcpu of qemu doesn't work
	correctly. For example, if only one vcpupin setting entry is provided
	and its setting is not for vcpu0, it doesn't work.
	   # virsh dumpxml VM
	   ...
	   <vcpu>4</vcpu>
	   <cputune>
	     <vcpupin vcpu='3' cpuset='9-11'/>
	   </cputune>
	   ...
	   # virsh start VM
	   Domain VM started
	   # virsh vcpuinfo VM
	   VCPU:           0
	   CPU:            31
	   State:          running
	   CPU time:       2.5s
	   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
	   VCPU:           1
	   CPU:            12
	   State:          running
	   CPU time:       0.9s
	   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
	   VCPU:           2
	   CPU:            30
	   State:          running
	   CPU time:       1.5s
	   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
	   VCPU:           3
	   CPU:            13
	   State:          running
	   CPU time:       1.7s
	   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
	This patch fixes this problem.

2011-06-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix dlopen dependency
	Since the addition of the lock manager framework in 6a943419c528fdd7
	dlopen is always required, but the checks in configure wasn't changed
	to reflect that. This didn't show up directly because the VirtualBox
	driver linking dlopen in covered it. But disabling the VirtualBox
	driver makes the build fail due to missing dlopen.
	Change the dlopen check in configure to pick up dlopen when available.
	Reported by Ruben Kerkhof.

2011-06-14  Hu Tao  <hutao@cn.fujitsu.com>

	Deprecate several CURRENT/LIVE/CONFIG enums
	This patch deprecates following enums:
	VIR_DOMAIN_MEM_CURRENT
	VIR_DOMAIN_MEM_LIVE
	VIR_DOMAIN_MEM_CONFIG
	VIR_DOMAIN_VCPU_LIVE
	VIR_DOMAIN_VCPU_CONFIG
	VIR_DOMAIN_DEVICE_MODIFY_CURRENT
	VIR_DOMAIN_DEVICE_MODIFY_LIVE
	VIR_DOMAIN_DEVICE_MODIFY_CONFIG
	And modify internal codes to use virDomainModificationImpact.

2011-06-14  Stefan Berger  <stefanb@us.ibm.com>

	qemu: Faster response time to qemu startup errors
	The below patch decreases the response time of libvirt to errors reported by Qemu upon startup by checking whether the qemu process is still alive while polling for the local socket to show up.
	This patch also introduces a special handling of signal for the Win32 part of virKillProcess.

2011-06-14  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	* .gnulib: Update to latest, for more strerror_r fixes.

2011-06-13  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpupin: add the new option to "virsh vcpupin" command
	This patch adds the new option (--live, --config and --current) to
	"virsh vcpupin" command. The behavior of above aption is the same as
	that of "virsh setmem", "virsh setvcpus", and whatnot.
	When the --config option is specified, the command affects a persistent
	domain, while --live option is specified, it affects a running (live) domain.
	The --current option cannot be used with --config or --live at the same
	time, and when --current is specified, it affects a "current" domain.

	vcpupin: implement the remote protocol to address the new API
	This patch implements the remote protocol for the new API
	(virDomainPinVcpuFlags).

	vcpupin: implement the code to address the new API in the qemu driver
	This patch implements the new API (virDomainPinVcpuFlags) in the qemu
	driver.

	vcpupin: introduce a new libvirt API (virDomainPinVcpuFlags)
	This patch introduces a new libvirt API virDomainPinVcpuFlags,
	a direct extension from the existing virDomainPinVcpu

2011-06-13  Jiri Denemark  <jdenemar@redhat.com>

	Use virTimeMs when appropriate

	Introduce virTimeMs for getting current time in ms

	test: Remove unused timeval

2011-06-13  Wen Congyang  <wency@cn.fujitsu.com>

	tests: add a test for multi function PCI device

	support multifunction PCI device
	If qemu supports multi function PCI device, the format of the PCI address passed
	to qemu is "bus=pci.0,multifunction=on,addr=slot.function".
	If qemu does not support multi function PCI device, the format of the PCI address
	passed to qemu is "bus=pci.0,addr=slot".

	the hotplugged PCI device should use the whole slot
	Hot pluging/unpluging multi PCI device is not supported now. So the function
	of hotplugged PCI device must be 0. When we hot unplug it, we should set release
	all functions in the slot.

	assign the whole slot to the PCI device that has no address
	If user does not specify the PCI address, we should auto assign an unused slot.

	Reimplement qemuDomainPCIAddressReserveSlot(): reserve all functions in the slot
	We will support multi function PCI device. So we should reserve all functions in
	the slot if we want to reserve a slot.

	the key of hash table should include the function value
	We save all used PCI address in the hash table. The key is generated by domain,
	bus and slot now. We will support multi function PCI device, so the key should
	be generated by domain, bus, slot and function.

	prevent hot unplugging multi function PCI device
	We do not support to hot unplug multi function PCI device now. If the device is
	one function of multi function PCI device, we shoul not allow to hot unplugg
	it.

	check whether qemu supports multi function PCI device
	qemu supports multi function PCI device at least version 0.13.0.

2011-06-10  Matthew Booth  <mbooth@redhat.com>

	xenapi: Improve error message on session failure
	XenAPI session login can fail for a number of reasons, but currently no
	specific
	reason is displayed to the user, e.g.:
	virsh -c XenAPI://citrix-xen.example.com/
	Enter username for citrix-xen.example.com: root
	Enter root's password for citrix-xen.example.com:
	error: authentication failed: (null)
	error: failed to connect to the hypervisor
	This patch displays the session error description on failure.

2011-06-10  Osier Yang  <jyang@redhat.com>

	qemu: Fix one type in the error prompt string
	s/hostdevwork/hostdev/

2011-06-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	Move VMware Workstation/Player driver to correct spec file section
	The VMware driver works like the OpenVZ driver by using a commandline
	tool for management. It dosen't use it's own remote protocol.

2011-06-08  Eric Blake  <eblake@redhat.com>

	virt-aa-helper: add missing include
	Regression introduced in commit 02e8691.
	* src/security/virt-aa-helper.c (includes): Reflect move of virRun.

	daemon: plug memory leak
	Detected by Coverity.  Commit ef21beda was incomplete; it solved
	a leak one one path, but not on the other.
	* daemon/libvirtd.c (qemudSetLogging): Avoid leak on success.

	build: break some long lines
	As long as I was already touching the function...
	* src/qemu/qemu_hotplug.c (qemuDomainChangeGraphics): Line wrap.

	qemu: add missing break statement
	Detected by Coverity.  Bug introduced in commit 9d73efd (v0.8.8).
	* src/qemu/qemu_hotplug.c (qemuDomainChangeGraphics): Don't report
	error on success.

	build: silence coverity false positives
	Coverity complained about these intentional fallthrough cases, but
	not about other cases that were explicitly marked with nice comments.
	For some reason, Coverity doesn't seem smart enough to parse the
	up-front English comment in virsh about intentional fallthrough :)
	* tools/virsh.c (cmdVolSize): Mark fallthrough in a more typical
	fashion.
	* src/conf/nwfilter_conf.c (virNWFilterRuleDefDetailsFormat)
	(virNWFilterRuleDetailsParse): Mark explicit fallthrough.

	esx: avoid dead code
	Detected by Coverity.  The beginning of the function already filtered
	out NULL objectContentList as invalid.  Further investigation shows:
	esxVI_RetrieveProperties is generated and returns a list of objects
	that match the given propertyFilterSpec.
	esxVI_LookupObjectContentByType then tests whether the result
	corresponds to the expected occurrence and reports an error otherwise.
	This simplifies the callers of  esxVI_LookupObjectContentByType, but
	due to the missing dereference the check was never performed because
	the code thought that at least one item was obtained. NULL represents
	an empty list. This is a potential segfault fix because callers of
	esxVI_LookupObjectContentByType that specified "required" occurrence
	assume *objectContentList to be non-NULL when
	esxVI_LookupObjectContentByType succeeds.
	* src/esx/esx_vi.c (esxVI_LookupObjectContentByType): Check
	correct pointer.

	secret: drop dead code
	Detected by Coverity.  The only ways to get to the cleanup label
	were by an early abort (list still unassigned) or after successfully
	transferring list to dest, so there is no list to clean up.
	* src/secret/secret_driver.c (loadSecrets): Kill dead code.

	qemu: reorder checks for safety
	Detected by Coverity.  All existing callers happen to be in
	range, so this isn't too serious.
	* src/qemu/qemu_cgroup.c (qemuCgroupControllerActive): Check
	bounds before dereference.

	uuid: annotate non-null requirements
	Coverity already saw through a NULL dereference without these
	annotations, and gcc is still too puny to do good NULL analysis.
	But clang still benefits (and is easier to run than coverity),
	not to mention that adding this bit of documentation to the code
	may help future developers remember the constraints.
	* src/util/uuid.h (virGetHostUUID, virUUIDFormat): Document
	restrictions, for improved static analysis.

	debug: avoid null dereference on uuid lookup api
	Detected by Coverity.  Commit a98d8f0d tried to make uuid debugging
	more robust, but missed some APIs.  And on the APIs that it visited,
	the mere act of preparing the debug message ends up dereferencing
	uuid prior to the null check.  Which means the APIs which are supposed
	to gracefully reject NULL arguments now end up with SIGSEGV.
	* src/libvirt.c (VIR_UUID_DEBUG): New macro.
	(virDomainLookupByUUID, virDomainLookupByUUIDString)
	(virNetworkLookupByUUID, virNetworkLookupByUUIDString)
	(virStoragePoolLookupByUUID, virStoragePoolLookupByUUIDString)
	(virSecretLookupByUUID, virSecretLookupByUUIDString)
	(virNWFilterLookupByUUID, virNWFilterLookupByUUIDString): Avoid
	null dereference.

	python: avoid unlikely sign extension bug
	Detected by Coverity.  cpumap was allocated with a value of
	(unsigned short)*(int), which is an int computation, and then
	promotes to size_t.  On a 64-bit platform, this fails if bit
	32 of the product is set (because of sign extension giving
	a HUGE value to malloc), even though a naive programmer would
	assume that since the first value is unsigned, the product
	is also unsigned and at most 4GB would be allocated.
	Won't bite in practice (the product should never be that large),
	but worth using the right types to begin with, so that we are
	now computing (unsigned short)*(size_t).
	* python/libvirt-override.c (libvirt_virDomainGetVcpus): Use
	correct type.

	build: silence coverity false positive
	Similar in nature to commit fd21ecfd, which shut up valgrind.
	sigaction is apparently a nasty interface for analyzer tools,
	at least for how many false positives it generates.
	* src/util/command.c (virExecWithHook): Initialize entire var, since
	coverity gripes about the (unused and non-standard) sa_restorer.

	storage: avoid mishandling backing store > 2GB
	Detected by Coverity.  The code was doing math on shifted unsigned
	char (which promotes to int), then promoting that to unsigned long
	during assignment to size.  On 64-bit platforms, this risks sign
	extending values of size > 2GiB.  Bug present since commit
	489fd3 (v0.6.0).
	I'm not sure if a specially-crafted bogus qcow2 image could
	exploit this, although it's probably not possible, since we
	were already checking for the computed results being within
	range of our fixed-size buffer.
	* src/util/storage_file.c (qcowXGetBackingStore): Avoid sign
	extension.

	build: detect Coverity 5.3.0
	Coverity 5.3.0 still outputs lots of COVERITY_* variables, but no
	longer modifies COVERITY_BUILD_COMMAND in the environment.  Pick
	one that seems likely to stay around.
	* configure.ac (STATIC_ANALYSIS): Detect newer Coverity.

2011-06-08  Osier Yang  <jyang@redhat.com>

	build: Fix typos in configure.ac

	virsh: Expose virDomainMigrateSetMaxSpeed API to virsh
	API virDomainMigrateSetMaxSpeed was introduced since 0.9.0, but
	no command in virsh yet.

2011-06-08  Cole Robinson  <crobinso@redhat.com>

	lxc: Ensure container <init> actually exists
	Since we can't really get useful error reporting from virCommandExec since
	it needs to be the last thing we do.

	lxc: Verify root fs exists before mounting
	Otherwise the following virFileMakePath will create the directory for
	us and fail further ahead, which probably isn't intended.

	lxc: controller: Improve container error reporting
	Add a handshake with the cloned container process to try and detect
	if it fails to start.

	lxc: Improve guest startup error reporting
	Add a simple handshake with the lxc_controller process so we can detect
	process startup failures. We do this by adding a new --handshake cli arg
	to lxc_controller for passing a file descriptor. If the process fails to
	launch, we scrape all output from the logfile and report it to the user.

	lxc: Refactor controller command building
	Arranges things similar to the qemu driver. Will allow us to more easily
	report command error output.

	lxc: Don't report error in Wait/SendContinue
	We will reuse these shortly, and each use should have a different error
	message.

	lxc: Drop container stdio as late as possible
	Makes it more likely we get useful error output in the logs

	Move virRun, virExec*, virFork to util/command
	Seems reasonable to have all command wrappers in the same place
	v2:
	    Dont move SetInherit
	v3:
	    Comment spelling fix
	    Adjust WARN0 comment
	    Remove spurious #include movement
	    Don't include sys/types.h
	    Combine virExec enums

2011-06-07  Cole Robinson  <crobinso@redhat.com>

	util: Implement virRun as a wrapper around virCommand
	v2:
	    Simplify command building
	    Handle command building failure
	v3:
	    Remove unneeded NULL check

	util: Remove unused virExec wrapper
	v3:
	    Remove obsolete comment

	qemu: Convert virExec usage to virCommand
	v2:
	    Have virCommand cleanup intermediate process for us
	v3:
	    Preserve original FD closing behavior

2011-06-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Remove duplicated invalid-argument checks
	Those checks are already performed at the public API level.

2011-06-07  Osier Yang  <jyang@redhat.com>

	docs: Add doc for video element
	For backwards compatibility, if no <video> is set but there is a
	<graphics> tag, then we add a default <video> according to the
	guest type. Add docs to tell the user about this to not make
	them confused. Especially if they remove the video (such as via
	"virsh edit"), it will be surprised for them to see the video
	element is still in domain XML.

	Use VIR_USE_CPU instead of new wheel

2011-06-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	Avoid virGetVersion failure on specific driver support configurations
	virGetVersion itself doesn't take a virConnectPtr, but in order to obtain
	the hypervisor version against which libvirt was compiled it is used in
	combination with virConnectGetType like this:
	hvType = virConnectGetType(conn)
	virGetVersion(&libVer, hvType, &typeVer)
	When virConnectGetType is called on a remote connection then the remote
	driver returns the type of the underlying driver on the server side, for
	example QEMU. Then virGetVersion compares hvType to a set of strings that
	depend on configure options and returns LIBVIR_VERSION_NUMBER in most
	cases. Now this fails in case libvirt on the client side is just compiled
	with the remote driver enabled only and the server side has the actual
	driver such as the QEMU driver. It just happens to work when the actual
	driver is enabled on client and server side. But that's not always true.
	I noticed this on FreeBSD:
	freebsd# virsh -c qemu+tcp://192.168.178.22/system version
	Compiled against library: libvir 0.9.2
	error: failed to get the library version
	error: this function is not supported by the connection driver: virGetVersion
	This is not FreeBSD specific, happens on Windows as well due to the
	similar driver support configuration. The problem is that virConnectGetType
	returns QEMU, but virGetVersion on the client side only accepts Remote
	as hvType due to all other drivers being disabled on the client side.
	Daniel P. Berrange suggested to get rid of all the conditional code in
	virGetVersion, ignoring the hvType and always setting typeVer to
	LIBVIR_VERSION_NUMBER. virConnectGetVersion is supposed to be used to
	obtain the hypervisor version.

2011-06-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Make hvsupport.pl pick up the host device drivers
	Annotate the ESX device driver dummy.
	Refactor the udev and hal device driver strcuts to match the
	common annotation pattern.

2011-06-06  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.2
	* configure.ac docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: updated translations and regenerated

2011-06-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix driver method version annotations
	Change the driver comments for proper extraction and values by
	the scripts used for documentation

2011-06-06  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU p2p v2 migration when run from a v3 client
	When peer-2-peer migration was invoked by a client supporting
	v3, but where the target server only supported v2, we'd not
	correctly shutdown the guest.
	* src/qemu/qemu_migration.c: Ensure guest is shutdown in
	  v2 peer 2 peer migration

2011-06-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Fix typo in error message

2011-06-04  Daniel P. Berrange  <berrange@redhat.com>

	Don't raise an error if the migration cookie is NULL
	The v2 migration protocol doesn't use cookies, so we should not
	be raising an error if the cookie parameters are NULL.
	* src/qemu/qemu_migration.c: Don't raise error if cookie is NULL

	Fix check of virKillProcess return status
	The error code for virKillProcess is returned in the errno variable
	not the return value. THis mistake caused the logs to be filled with
	errors when shutting down QEMU processes
	* src/qemu/qemu_process.c: Fix process kill check.

2011-06-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Fix version extraction on Windows for newer VirtualBox versions
	VirtualBox 4.0.8 changed the registry key layout. Before the version
	number was in a Version key. Now the Version key contains %VER% and
	the actual version number is in VersionExt now.
	Move value lookup code into its own function: vboxLookupRegistryValue.

2011-06-04  Eric Blake  <eblake@redhat.com>

	API: consolidate common unreleased enums
	This commit is safe precisely because there has been no release
	for any of the enum values being deleted (they were added post-0.9.1).
	After the 0.9.2 release, we can then take advantage of
	virDomainModificationImpact in more places.
	* include/libvirt/libvirt.h.in (virDomainModificationImpact): New
	enum.
	(virDomainSchedParameterFlags, virMemoryParamFlags): Delete, since
	these were never released, and the new enum works fine here.
	* src/libvirt.c	(virDomainGetMemoryParameters)
	(virDomainSetMemoryParameters)
	(virDomainGetSchedulerParametersFlags)
	(virDomainSetSchedulerParametersFlags): Update documentation.
	* src/qemu/qemu_driver.c (qemuDomainSetMemoryParameters)
	(qemuDomainGetMemoryParameters, qemuSetSchedulerParametersFlags)
	(qemuSetSchedulerParameters, qemuGetSchedulerParametersFlags)
	(qemuGetSchedulerParameters): Adjust clients.
	* tools/virsh.c (cmdSchedinfo, cmdMemtune): Likewise.
	Based on ideas by Daniel Veillard and Hu Tao.

2011-06-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid use after free in qemuCaps parsing

	virsh: Document nodeinfo output

2011-06-04  Laine Stump  <laine@laine.org>

	security driver: ignore EINVAL when chowning an image file
	This fixes:
	  https://bugzilla.redhat.com/show_bug.cgi?id=702044
	  https://bugzilla.redhat.com/show_bug.cgi?id=709454
	Both of these complain of a failure to use an image file that resides
	on a read-only NFS volume. The function in the DAC security driver
	that chowns image files to the qemu user:group before using them
	already has special cases to ignore failure of chown on read-only file
	systems, and in a few other cases, but it hadn't been checking for
	EINVAL, which is what is returned if the qemu user doesn't even exist
	on the NFS server.
	Since the explanation of EINVAL in the chown man page almost exactly
	matches the log message already present for the case of EOPNOTSUPP,
	I've just added EINVAL to that same conditional.

2011-06-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	Make dlopen usage in lock manager conditional
	This fixes a build failure on MinGW, due to MinGW not supporting dlopen.

2011-06-03  Neil Wilson  <neil@aldur.co.uk>

	Correct 'cputune' documentation example.

2011-06-03  Eric Blake  <eblake@redhat.com>

	build: silence coverity false positive
	Coverity couldn't see that priv is NULL on failure.  But on failure,
	we might as well guarantee that callers don't try to free uninitialized
	memory.
	* src/remote/remote_driver.c (remoteGenericOpen): Even on failure,
	pass priv back to caller.

	build: silence coverity false positive
	Coverity complained that infd could be -1 at the point where it is
	passed to write, when in reality, this code can only be reached if
	infd is non-negative.
	* src/util/command.c (virCommandProcessIO): Help out coverity.

	migrate: detect xml incompatibility
	Detected by Coverity.  Bug introduced in 08106e2044 (unreleased).
	* src/conf/domain_conf.c (virDomainChannelDefCheckABIStability):
	Use correct sizeof operand.

	event: avoid memory leak on cleanup
	Detected by Coverity.  Introduced in commit aaf2b70, and turned into
	a regression in the next few commits through 4e6e6672 (unreleased).
	* src/conf/domain_event.c (virDomainEventStateFree): Free object,
	per documentation.

	qemu: avoid memory leak on vcpupin
	Detected by Coverity.  This leaked a cpumap on every iteration
	of the loop.  Leak introduced in commit 1cc4d02 (v0.9.0).
	* src/qemu/qemu_process.c (qemuProcessSetVcpuAffinites): Plug
	leak, and hoist allocation outside loop.

	remote: avoid leak on failure
	Detected by Coverity.  Only possible in OOM situations.
	* daemon/remote.c (remoteDispatchDomainScreenshot): Plug leak.

	lock: avoid leak on failure
	Detected by Coverity.  Only possible on OOM situations.
	* src/locking/lock_manager.c (virLockManagerPluginNew): Plug leak.

	storage: avoid memory leak on stat failure
	Spotted by coverity.  Triggers on failed stat, although I'm not sure
	how easy that condition is, so I'm not sure if this is a runtime
	memory hog.  Regression introduced in commit 8077d64 (unreleased).
	* src/util/storage_file.c (virStorageFileGetMetadataFromFD):
	Reduce need for malloc, avoiding a leak.

	storage: avoid memory leak
	Coverity detected that options was being set by strdup but never
	freed.  But why even bother with an options variable?  The options
	parameter never changes!  Leak present since commit 44948f5b (0.7.0).
	This function could probably be rewritten to take better advantage
	of virCommand, but that is more invasive.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemMount): Avoid wasted strdup, and
	guarantee proper cleanup on all paths.

	libvirtd: avoid leak on failure
	Spotted by Coverity.  Only possible on an OOM condition, so
	unlikely to bite in the wild.
	* daemon/libvirtd.c (qemudSetLogging): Don't leak memory.

	command: avoid leak on failure
	Detected by Coverity.  While it is possible on OOM condition, as
	well as with bad code that passes binary == NULL, it is unlikely
	to be encountered in the wild.
	* src/util/command.c (virCommandNewArgList): Don't leak memory.

2011-06-03  Daniel P. Berrange  <berrange@redhat.com>

	Explicitly set VM state to paused after migration completes
	In v3 migration, once migration is completed, the VM needs
	to be left in a paused state until after Finish3 has been
	executed on the target. Only then will the VM be killed
	off. When using non-JSON QEMU monitor though, we don't
	receive any 'STOP' event from QEMU, so we need to manually
	set our state offline & thus release lock manager leases.
	It doesn't hurt to run this on the JSON case too, just in
	case the event gets lost somehow
	* src/qemu/qemu_migration.c: Explicitly set VM state to
	  paused when migration completes

	Fix regressions BlockStats/Info APIs in QEMU driver
	The change 18c2a592064d69499f70428e498f4a3cb5161cda caused
	some regressions in behaviour of virDomainBlockStats
	and virDomainBlockInfo in the QEMU driver.
	The virDomainBlockInfo API stopped working for inactive
	guests if querying a block device.
	The virDomainBlockStats API did not promptly report
	an error if the guest was not running in some cases.
	* src/qemu/qemu_driver.c: Fix inactive guest handling
	  in BlockStats/Info APIs

2011-06-03  Jim Fehlig  <jfehlig@novell.com>

	Fix minor issues in libxenlight managed save
	There were a few minor issues in commit 5b6c961e
	- leak managed save path
	- leak managed save fd
	- functions that open an fd should also close it

2011-06-03  Heath Petersen  <HeathPetersen@Kandre.com>

	uml: correct command line networking parameters
	I have been finding that some UML command line networking parameters are
	being generated incorrectly.
	For more information, see
	https://bugzilla.redhat.com/show_bug.cgi?id=706295 .

2011-06-03  Eric Blake  <eblake@redhat.com>

	docs: document iface-* commands
	I intentionally set things up so 'virsh help interface' lists
	commands in alphabetical order, but 'man virsh' lists them in
	topical order; this matches our practice on some other commands.
	* tools/virsh.pod: Document all iface commands.
	* tools/virsh.c (ifaceCmds): Sort.

2011-06-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix auditing of disk hotunplug operations
	The qemuAuditDisk calls in disk hotunplug operations were being
	passed 'ret >= 0', but the code which sets ret to 0 was not yet
	executed, and the error path had already jumped to the 'cleanup'
	label. This meant hotunplug failures were never audited, and
	hotunplug success was audited as a failure
	* src/qemu/qemu_hotplug.c: Fix auditing of hotunplug

	Avoid crash on NULL pointer in lock driver impls during hotplug
	When virLockDriverAcquire is invoked during hotplug the state
	parameter will be left as NULL.
	* src/locking/lock_driver_nop.c,
	  src/locking/lock_driver_sanlock.c: Don't reference NULL state
	  parameter

	Fix return value in lock manager hotplug methods
	Refactoring of the lock manager hotplug methods lost the
	ret = 0 assignment for successful return path
	* src/locking/domain_lock.c: Add missing ret = 0 assignments

	Make sure virDomainSave/virDomainManagedSave reset id to -1
	After successfull virDomainSave/virDomainManagedSave calls
	the guest will no longer be active, so the domain ID must
	be reset to -1
	* daemon/remote_generator.pl: Special case virDomainSave &
	  virDomainManagedSave for same reason as virDomainDestroy

	Fix handling of VIR_EVENT_HANDLE_ERROR in QEMU monitor
	Commit 4454a9efc728b91e791b1f14c26ea23a19d57f48 introduced bad
	behaviour on the VIR_EVENT_HANDLE_ERROR condition. This condition
	is only hit when an invalid FD is used in poll() (typically due
	to a double-close bug). The QEMU monitor code was treating this
	condition as non-fatal, and thus libvirt would poll() in a fast
	loop forever burning 100% CPU. VIR_EVENT_HANDLE_ERROR must be
	handled in the same way as VIR_EVENT_HANDLE_HANGUP, killing the
	QEMU instance.
	* src/qemu/qemu_monitor.c: Treat VIR_EVENT_HANDLE_ERROR as EOF

	Add call to sanlock_restrict() in QEMU lock driver
	In between fork and exec, a connection to sanlock is acquired
	and the socket file descriptor is intionally leaked to the
	child process. sanlock watches this FD for POLL_HANGUP to
	detect when QEMU has exited. We don't want a rogus/compromised
	QEMU from issuing sanlock RPC calls on the leaked FD though,
	since that could be used to DOS other guests. By calling
	sanlock_restrict() on the socket before exec() we can lock
	it down.
	* configure.ac: Check for sanlock_restrict API
	* src/locking/domain_lock.c: Restrict lock acquired in
	  process startup phase
	* src/locking/lock_driver.h: Add VIR_LOCK_MANAGER_ACQUIRE_RESTRICT
	* src/locking/lock_driver_sanlock.c: Add call to sanlock_restrict
	  when requested by VIR_LOCK_MANAGER_ACQUIRE_RESTRICT flag

2011-06-02  Eric Blake  <eblake@redhat.com>

	build: fix VPATH build break from previous patch
	Partial revert of commit c3c30d4de9d.
	* docs/Makefile.am (internals/%.html.tmp): Restore MKDIR_P; it is
	needed for intermediate file after all.
	Reported by Daniel P. Berrange.

2011-06-02  Michal Privoznik  <mprivozn@redhat.com>

	screenshot: Expose the new API in virsh
	* tools/virsh.c: Add screenshot command
	* tools/virsh.pod: Document new command
	* src/libvirt.c: Fix off-be-one error

2011-06-02  Daniel Veillard  <veillard@redhat.com>

	libxl : fix the version for the managed save APIs

2011-06-02  Markus Groß  <gross@univention.de>

	libxl: adds managed save and restore support
	Based on the equivalent qemu driver code
	* src/libxl/libxl_driver.c: refactor the Start save and restore
	  routines of the driver and adds the new entry points for
	  managed saves handling

	libxl: get maximum memory of running domain
	* src/libxl/libxl_driver.c: fix the libxlDomainGetInfo to return the
	  maximum memory for running domain

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Add a plugin for the 'sanlock' project
	Sanlock is a project that implements a disk-paxos locking
	algorithm. This is suitable for cluster deployments with
	shared storage.
	* src/Makefile.am: Add dlopen plugin for sanlock
	* src/locking/lock_driver_sanlock.c: Sanlock driver
	* configure.ac: Check for sanlock
	* libvirt.spec.in: Add a libvirt-lock-sanlock RPM

	Allow leases to be hotpluged with QEMU guests
	* src/conf/domain_conf.c, src/conf/domain_conf.h: APIs for
	  inserting/finding/removing virDomainLeaseDefPtr instances
	* src/qemu/qemu_driver.c: Wire up hotplug/unplug for leases
	* src/qemu/qemu_hotplug.h, src/qemu/qemu_hotplug.c: Support
	  for hotplug and unplug of leases

	Support passing QEMU lock state to dest during migration
	Some lock managers associate state with leases, allowing a process
	to temporarily release its leases, and re-acquire them later, safe
	in the knowledge that no other process has acquired + released the
	leases in between.
	This is already used between suspend/resume operations, and must
	also be used across migration. This passes the lockstate in the
	migration cookie. If the lock manager uses lockstate, then it
	becomes compulsory to use the migration v3 protocol to get the
	cookie support.
	* src/qemu/qemu_driver.c: Validate that migration v2 protocol is
	  not used if lock manager needs state transfer
	* src/qemu/qemu_migration.c: Transfer lock state in migration
	  cookie XML

	Integrate the QEMU driver with the lock manager infrastructure
	The QEMU integrates with the lock manager instructure in a number
	of key places
	 * During startup, a lock is acquired in between the fork & exec
	 * During startup, the libvirtd process acquires a lock before
	   setting file labelling
	 * During shutdown, the libvirtd process acquires a lock
	   before restoring file labelling
	 * During hotplug, unplug & media change the libvirtd process
	   holds a lock while setting/restoring labels
	The main content lock is only ever held by the QEMU child process,
	or libvirtd during VM shutdown. The rest of the operations only
	require libvirtd to hold the metadata locks, relying on the active
	QEMU still holding the content lock.
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h,
	  src/qemu/libvirtd_qemu.aug, src/qemu/test_libvirtd_qemu.aug:
	  Add config parameter for configuring lock managers
	* src/qemu/qemu_driver.c: Add calls to the lock manager

	Add initial docs about the lock managers

	Add higher level lock API for domain objects
	To facilitate use of the locking plugins from hypervisor drivers,
	introduce a higher level API for locking virDomainObjPtr instances.
	In includes APIs targetted to VM startup, and hotplug/unplug
	* src/Makefile.am: Add domain lock API
	* src/locking/domain_lock.c, src/locking/domain_lock.h: High
	  level API for domain locking

	Add a 'nop' lock driver implementation.
	To allow hypervisor drivers to assume that a lock driver impl
	will be guaranteed to exist, provide a 'nop' impl that is
	compiled into the library
	* src/Makefile.am: Add nop driver
	* src/locking/lock_driver_nop.c, src/locking/lock_driver_nop.h:
	  Nop lock driver implementation
	* src/locking/lock_manager.c: Enable direct access of 'nop'
	  driver, instead of dlopen()ing it.

	Basic framework for lock manager plugins
	Define the basic framework lock manager plugins. The
	basic plugin API for 3rd parties to implemented is
	defined in
	  src/locking/lock_driver.h
	This allows dlopen()able modules for alternative locking
	schemes, however, we do not install the header. This
	requires lock plugins to be in-tree allowing changing of
	the lock manager plugin API in future.
	The libvirt code for loading & calling into plugins
	is in
	  src/locking/lock_manager.{c,h}
	* include/libvirt/virterror.h, src/util/virterror.c: Add
	  VIR_FROM_LOCKING
	* src/locking/lock_driver.h: API for lock driver plugins
	  to implement
	* src/locking/lock_manager.c, src/locking/lock_manager.h:
	  Internal API for managing locking
	* src/Makefile.am: Add locking code

	Support leases in guest XML and lock manager
	A lock manager may operate in various modes. The direct mode of
	operation is to obtain locks based on the resources associated
	with devices in the XML. The indirect mode is where the app
	creating the domain provides explicit leases for each resource
	that needs to be locked. This XML extension allows for listing
	resources in the XML
	  <devices>
	     ...
	     <lease>
	       <lockspace>somearea</lockspace>
	       <key>thequickbrownfoxjumpsoverthelazydog</key>
	       <target path='/some/lease/path' offset='23432'/>
	     </lease>
	     ...
	  </devices>
	The 'lockspace' is a unique identifier for the lockspace which
	the lease is associated
	The 'key' is a unique identifier for the resource associated
	with the lease.
	The 'target' is the file on disk where the leases are held.
	* docs/schemas/domain.rng: Add lease schema
	* src/conf/domain_conf.c, src/conf/domain_conf.h: parsing and
	  formatting for leases
	* tests/qemuxml2argvdata/qemuxml2argv-lease.args,
	  tests/qemuxml2argvdata/qemuxml2argv-lease.xml,
	  tests/qemuxml2xmltest.c: Test XML handling for leases

	Allow handshake with child process during startup
	Allow the parent process to perform a bi-directional handshake
	with the child process during fork/exec. The child process
	will fork and do its initial setup. Immediately prior to the
	exec(), it will stop & wait for a handshake from the parent
	process. The parent process will spawn the child and wait
	until the child reaches the handshake point. It will do
	whatever extra setup work is required, before signalling the
	child to continue.
	The implementation of this is done using two pairs of blocking
	pipes. The first pair is used to block the parent, until the
	child writes a single byte. Then the second pair pair is used
	to block the child, until the parent confirms with another
	single byte.
	* src/util/command.c, src/util/command.h,
	  src/libvirt_private.syms: Add APIs to perform a handshake

2011-06-02  Eric Blake  <eblake@redhat.com>

	security: plug regression introduced in disk probe logic
	Regression introduced in commit d6623003 (v0.8.8) - using the
	wrong sizeof operand meant that security manager private data
	was overlaying the allowDiskFormatProbing member of struct
	_virSecurityManager.  This reopens disk probing, which was
	supposed to be prevented by the solution to CVE-2010-2238.
	* src/security/security_manager.c
	(virSecurityManagerGetPrivateData): Use correct offset.

	tests: really fix QEMU XML-2-ARGV graphics-spice-timeout test
	Alas, /usr/bin/kvm is also not directly supported by testutilsqemu.c.
	In fact, _any_ test that uses <cpu match=...> has to use our faked
	qemu.sh in order to properly answer the 'qemu -cpu ?' probe done
	during qemu command line building.
	* tests/qemuxml2argvdata/*graphics-spice-timeout*: Switch emulator, again.

	build: avoid corrupting / in RHEL 5
	I noticed this while building from libvirt.git on RHEL 5.6:
	Generating internals/command.html.tmp
	mkdir: cannot create directory `/internals': Permission denied
	If I had been building as root instead, this pollutes /.
	Older autoconf lacks $(builddir), but it is rigorously equal to '.'
	in newer autoconf, so we could use '$(MKDIR_P) internals' instead.
	However, since internals/command.html is part of the tarball, we
	_already_ build it in $(srcdir), not $(builddir) during VPATH
	builds, so the mkdir is wasted effort!
	* docs/Makefile.am (internals/%.html.tmp): Drop unused mkdir.

2011-06-02  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add a test for correct disk device ordering

	Fix order of disks and controllers
	Commit 2d6adabd53c8f1858191d521dc9b4948d1205955 replaced qsorting disk
	and controller devices with inserting them at the right position. That
	was to fix unnecessary reordering of devices. However, when parsing
	domain XML devices are just taken in the order in which they appear in
	the XML since. Use the correct insertion algorithm to honor device
	target.

2011-06-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix QEMU XML-2-ARGV graphics-spice-timeout test
	The test used an emulator that is not supported in testutilsqemu.c.
	Switch from qemu-kvm to kvm to fix this.

2011-06-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Handle some virTypedParameterPtr using functions
	This doesn't cover the getters that allow to query nparams yet.

	apibuild: Restrict long usage to existing functions and structs
	New APIs have to use long long instead of long.
	Also make apibuild errors fatal.

	remote generator: Legacy support for hyper to long mappings
	Remove some special case code that took care of mapping hyper to the
	correct C types.
	As the list of procedures that is allowed to map hyper to long is fixed
	put it in the generator instead annotations in the .x files. This
	results in simpler .x file parsing code.
	Use macros for hyper to long assignments that perform overflow checks
	when long is smaller than hyper. Map hyper to long long by default.
	Suggested by Eric Blake.

2011-06-01  Daniel P. Berrange  <berrange@redhat.com>

	Remove call to deprecated gnutls_certificate_type_set_priority
	The gnutls_certificate_type_set_priority method is deprecated.
	Since we already set the default gnutls priority, and do not
	support OpenGPG credentials in any case, it was not serving
	any useful purpose and can be removed
	* src/remote/remote_driver.c: Remove src/remote/remote_driver.c
	  call

2011-06-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Use common parameter order for remote(De)SerializeTypedParameters
	We commonly use "value, length" order, let's stick to this.

	openvz: Add simple test for openvzReadNetworkConf
	Convert openvzLocateConfFile to a replaceable function pointer to
	allow testing the config file parsing without rewriting the whole
	OpenVZ config parsing to a more testable structure.

	openvz: Set virtType to openvz in openvzLoadDomains
	Otherwise virsh dumpxml will report <domain type='qemu'> instead
	of the expected <domain type='openvz'>.

2011-06-01  Osier Yang  <jyang@redhat.com>

	util: Fix incorrect error in PCI functions
	Substitute VIR_ERR_NO_SUPPORT with VIR_ERR_INTERNAL_ERROR. Error
	like following is not what user want to see.
	error : pciDeviceIsAssignable:1487 : this function is not supported
	by the connection driver: Device 0000:07:10.0 is behind a switch
	lacking ACS and cannot be assigned

2011-06-01  Eric Blake  <eblake@redhat.com>

	maint: use consistent file name for threading notes
	* daemon/THREADING.txt: Rename...
	* daemon/THREADS.txt: ...to match qemu thread notes.
	* daemon/Makefile.am (EXTRA_DIST): Reflect rename.

2011-06-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	openvz: Restore original EOF handling in openvzGetProcessInfo
	This function is also affected by getline conversion. But this
	didn't result in a regression in general, because the difference
	would only affect the behavior of the function when the line in
	/proc/vz/vestat for the given vpsid wasn't found. Under normal
	conditions this should not happen.

	openvz: Handle getline failures in openvzReadConfigParam properly
	The regression fix in 3aab7f2d6b068f0 altered the error handling.
	getline returns -1 on failure to read a line (including EOF). The
	original openvzReadConfigParam function using openvz_readline only
	treated EOF as not-found. The current getline version treats all
	getline failures as not-found.
	This patch fixes this and distinguishes EOF from other getline
	failures.

2011-06-01  Eric Blake  <eblake@redhat.com>

	* .gitignore: Exempt a new test binary.

2011-06-01  Cole Robinson  <crobinso@redhat.com>

	storage: List directory volumes for dir/fs/netfs pools
	Since directories can be used for <filesystem> passthrough, they are
	basically storage volumes.
	v2:
	    Skip ., .., lost+found dirs
	v3:
	    Use gnulib last_component
	v4:
	    Use gnulib "dirname.h", not system <dirname.h>
	    Don't skip lost+found

2011-05-31  Michal Privoznik  <mprivozn@redhat.com>

	tests: Add more complex domain scheme test data

	tests: Test for SPICE compression options
	and check regression

2011-05-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	Ignore backward compatibility macros in apibuild.py
	This fixes this three warnings from the parser by allowing the parser
	to ignore some macros in the same way as it can ignore functions.
	Parsing ./../include/libvirt/libvirt.h
	Misformatted macro comment for _virSchedParameter
	 Expecting '* _virSchedParameter:' got '* virSchedParameter:'
	Misformatted macro comment for _virBlkioParameter
	 Expecting '* _virBlkioParameter:' got '* virBlkioParameter:'
	Misformatted macro comment for _virMemoryParameter
	 Expecting '* _virMemoryParameter:' got '* virMemoryParameter:'

2011-05-31  Michal Privoznik  <mprivozn@redhat.com>

	conf: Fix incorrect spice graphic XML format on compression options
	If spice graphics has no <channel> elements, the output graphics XML
	is messed up. To prevent this, we need to end the <graphics> element
	just before adding any compression selecting elements.

2011-05-31  Daniel P. Berrange  <berrange@redhat.com>

	Fix sysinfo/virsh build problems on Win32
	The virSysinfoIsEqual method was mistakenly inside a #ifndef WIN32
	conditional.
	The existing virSysinfoFormat is also stubbed out on Win32, even
	though the code works without any trouble. This breaks XML output
	on Win32, so the stub is removed.
	virsh migrate mistakenly had some variables inside the conditional
	* src/util/sysinfo.c: Build virSysinfoIsEqual on Win32 and remove
	  Win32 stub for virSysinfoFormat
	* tools/virsh.c: Fix variable declaration on Win32

2011-05-31  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	openvz: fix bridge devices parsing in openvzReadNetworkConf()
	strchrnul() was called on the wrong string so it returned
	the same result for each iteration.

2011-05-31  Daniel P. Berrange  <berrange@redhat.com>

	Ensure hvsupport.html.in is built before HTML validation
	In a parallel make, HTML validation tries to run before
	hvsupport.html.in has been built.
	* docs/Makefile.am: List hvsupport.html.in as a built source

	Allow custom XML to be passed in during migration
	Update the qemuDomainMigrateBegin method so that it accepts
	an optional incoming XML document. This will be validated
	for ABI compatibility against the current domain config,
	and if this check passes, will be passed back out for use
	by the qemuDomainMigratePrepare method on the target
	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h,
	  src/qemu/qemu_migration.c: Allow custom XML to be passed

	Allow virsh to pass in a custom XML document for migration
	Switch virsh migrate over to use virDomainMigrate2 and
	virDomainMigrateToURI2. This is still compatible with
	older libvirts, because these methods dynamically choose
	whether to perform v1, v2 or v3 migration based on declared
	RPC support from the libvirtd instances
	Add a --xml arg which allows the user to pass in a custom
	XML document. This XML document must be ABI compatible
	with the current *live* XML document for the running guest
	on the source host. ABI compatibility will be enforced by
	any driver supporting this function
	* tools/virsh.c: Add '--xml' arg to migrate command

	Add an API for comparing the ABI of two guest configurations
	To allow a client app to pass in custom XML during migration
	of a guest it is neccessary to ensure the guest ABI remains
	unchanged. The virDomainDefCheckABIStablity method accepts
	two virDomainDefPtr structs and compares everything in them
	that could impact the guest machine ABI
	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/libvirt_private.syms: Add virDomainDefCheckABIStablity
	* src/conf/cpu_conf.c, src/conf/cpu_conf.h: Add virCPUDefIsEqual
	* src/util/sysinfo.c, src/util/sysinfo.h: Add virSysinfoIsEqual

	Remove unused 'target' field in virDomainHostdevDef
	The virDomainHostdevDef struct contains a 'char *target'
	field. This is set to 'NULL' when parsing XML and never
	used / set anywhere else. Clearly it is bogus & unused
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Remove
	  target from virDomainHostdevDef

2011-05-31  Osier Yang  <jyang@redhat.com>

	lxc: Seperate domain config loading
	This patch seperate the domain config loading just as qemu driver
	does, first loading config of running or trasient domains, then
	of persistent inactive domains. And only try to reconnect the
	monitor of running domains, so that it won't always throws errors
	saying can't connect to domain monitor.
	And as "virDomainLoadConfig->virDomainAssignDef->virDomainObjAssignDef",
	already do things like "vm->newDef = def", removed the codes
	in "lxcReconnectVM" that does the same work.

2011-05-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix virTypedParameter alias comments
	Remove the Domain prefix from the comments.

	openvz: Automatically disable on non-Linux systems
	As OpenVZ is Linux specific.

2011-05-31  Markus Groß  <gross@univention.de>

	Support maximum and current memory flags in libxl driver
	Add support to set the maximum memory of the domain.
	Also add support to change the memory of the current
	state of the domain, which translates to a running
	domain or the config of the domain.
	Based on the code from the qemu driver.

	Add domainSave/Restore to libxl driver
	v3:
	* initialize xml pointer to avoid segfault
	* throw error message if domain is paused as
	  libxenlight itself will pause it
	v2:
	* header is now padded and has a version field
	* the correct restore function from libxl is used
	* only create the restore event once in libxlVmStart

	Add domainCoreDump to libxl driver
	v2:
	* incorporated Jim Fehlig's review

	Populate domid field of devices for libxenlight
	This patch fixes the population of the
	libxenlight data structures. Now the devices
	should be removed correctly from the xenstore
	if they are detached.

2011-05-29  Daniel P. Berrange  <berrange@redhat.com>

	Issue full error messages when processing QEMU monitor I/O
	Currently the QEMU monitor I/O handler code uses errno values
	to report errors. This results in a sub-optimal error messages
	on certain conditions, in particular when parsing JSON strings
	malformed data simply results in 'EINVAL'.
	This changes the code to use the standard libvirt error reporting
	APIs. The virError is stored against the qemuMonitorPtr struct,
	and when a monitor API is run, any existing stored error is copied
	into that thread's error local
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Use
	  virError APIs for all monitor I/O handling code

	Don't kill QEMU process when a monitor I/O parsing error occurs
	Currently whenever there is any failure with parsing the monitor,
	this is treated in the same was as end-of-file (ie QEMU quit).
	The domain is terminated, if not already dead.
	With this change, failures in parsing the monitor stream do not
	result in the death of QEMU. The guest continues running unchanged,
	but all further use of the monitor will be disabled.
	The VMM_FAILURE event will be emitted, and the mgmt application
	can decide when to kill/restart the guest to re-gain control
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Run a
	  different callback for monitor EOF vs error conditions.
	* src/qemu/qemu_process.c: Emit VMM_FAILURE event when monitor
	  fails

	Introduce a new event emitted when a virtualization failure occurs
	This introduces a new domain
	  VIR_DOMAIN_EVENT_ID_CONTROL_ERROR
	Which uses the existing generic callback
	typedef void (*virConnectDomainEventGenericCallback)(virConnectPtr conn,
	                                                     virDomainPtr dom,
	                                                     void *opaque);
	This event is intended to be emitted when there is a failure in
	some part of the domain virtualization system. Whether the domain
	continues to run/exist after the failure is an implementation
	detail specific to the hypervisor.
	The idea is that with some types of failure, hypervisors may
	prefer to leave the domain running in a "degraded" mode of
	operation. For example, if something goes wrong with the QEMU
	monitor, it is possible to leave the guest OS running quite
	happily. The mgmt app will simply loose the ability todo various
	tasks. The mgmt app can then choose how/when to deal with the
	failure that occured.
	* daemon/remote.c: Dispatch of new event
	* examples/domain-events/events-c/event-test.c: Demo catch
	  of event
	* include/libvirt/libvirt.h.in: Define event ID and callback
	* src/conf/domain_event.c, src/conf/domain_event.h: Internal
	  event handling
	* src/remote/remote_driver.c: Receipt of new event from daemon
	* src/remote/remote_protocol.x: Wire protocol for new event
	* src/remote_protocol-structs: add new event for checks

2011-05-29  Eric Blake  <eblake@redhat.com>

	sched: provide new API shims for remaining drivers
	Well, the remaining drivers that already had the get/set
	scheduler parameter functionality to begin with.
	For now, this blindly treats VIR_DOMAIN_SCHEDINFO_CURRENT as
	the only supported operation for these 5 domains; it will
	take domain-specific patches if more specific behavior is
	preferred.
	* src/esx/esx_driver.c (esxDomainGetSchedulerParameters)
	(esxDomainSetSchedulerParameters): Move guts...
	(esxDomainGetSchedulerParametersFlags)
	(esxDomainSetSchedulerParametersFlags): ...to new functions.
	* src/libxl/libxl_driver.c (libxlDomainGetSchedulerParameters)
	(libxlDomainSetSchedulerParameters)
	(libxlDomainGetSchedulerParametersFlags)
	(libxlDomainSetSchedulerParametersFlags): Likewise.
	* src/lxc/lxc_driver.c (lxcGetSchedulerParameters)
	(lxcSetSchedulerParameters, lxcGetSchedulerParametersFlags)
	(lxcSetSchedulerParametersFlags): Likewise.
	* src/test/test_driver.c (testDomainGetSchedulerParams)
	(testDomainSetSchedulerParams, testDomainGetSchedulerParamsFlags)
	(testDomainSetSchedulerParamsFlags): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainGetSchedulerParameters)
	(xenUnifiedDomainSetSchedulerParameters)
	(xenUnifiedDomainGetSchedulerParametersFlags)
	(xenUnifiedDomainSetSchedulerParametersFlags): Likewise.

	virsh: improve schedinfo querying ability
	Since we can now set just --live or --config, we also need to be
	able to query that back.
	In the case of setting both --live and --config, it shouldn't matter
	which value we read back; otherwise, since querying treats the two
	flags as mutually exclusive, so does this patch.
	* tools/virsh.c (cmdSchedinfo): Use new API where appropriate.

	remote: introduce remoteGetSchedulerParametersFlags
	* daemon/remote.c (remoteDispatchDomainGetSchedulerParameters):
	New function.
	* src/remote/remote_driver.c (remoteDomainGetSchedulerParameters):
	Likewise.
	* src/remote/remote_protocol.x
	(remote_domain_get_scheduler_parameters_flags_args)
	(remote_domain_get_scheduler_parameters_flags_ret): New types.
	(remote_procedure): New RPC.
	* src/remote_protocol-structs: Likewise.

	qemu: introduce qemuGetSchedulerParametersFlags
	* src/qemu/qemu_driver.c (qemuGetSchedulerParameters): Move
	guts...
	(qemuGetSchedulerParametersFlags): ...to new callback, and honor
	flags more accurately.

	sched: introduce virDomainGetSchedulerParametersFlags
	If we can choose live or config when setting, then we need to
	be able to choose which one we are querying.
	Also, make the documentation clear that set must use a non-empty
	subset (some of the hypervisors fail if params is NULL).
	* include/libvirt/libvirt.h.in
	(virDomainGetSchedulerParametersFlags): New prototype.
	* src/libvirt.c (virDomainGetSchedulerParametersFlags): Implement
	it.
	* src/libvirt_public.syms: Export it.
	* python/generator.py (skip_impl): Don't auto-generate.
	* src/driver.h (virDrvDomainGetSchedulerParametersFlags): New
	callback.

	remote: consolidate typed parameter handling
	* src/remote/remote_protocol.x (remote_typed_param_value)
	(remote_typed_param):  New types.
	(remote_sched_param_value, remote_sched_param)
	(remote_blkio_param_value, remote_blkio_param)
	(remote_memory_param_value, remote_memory_param): Delete.
	(remote_domain_get_scheduler_parameters_ret)
	(remote_domain_set_scheduler_parameters_args)
	(remote_domain_set_scheduler_parameters_flags_args)
	(remote_domain_set_blkio_parameters_args)
	(remote_domain_get_blkio_parameters_ret)
	(remote_domain_set_memory_parameters_args)
	(remote_domain_get_memory_parameters_ret): Update clients.
	* src/remote_protocol-structs: Likewise.
	* src/remote/remote_driver.c (remoteSerializeTypedParameters)
	(remoteDeserializeTypedParameters): New functions.
	(remoteDomainSetMemoryParameters)
	(remoteDomainGetMemoryParameters, remoteDomainSetBlkioParameters)
	(remoteDomainGetBlkioParameters)
	(remoteDomainGetSchedulerParameters)
	(remoteDomainSetSchedulerParameters)
	(remoteDomainSetSchedulerParametersFlags): Update clients.
	* daemon/remote.c (remoteSerializeTypedParameters)
	(remoteDeserializeTypedParameters): New functions.
	(remoteDispatchDomainGetSchedulerParameters)
	(remoteDispatchDomainSetSchedulerParameters)
	(remoteDispatchDomainSetSchedulerParametersFlags)
	(remoteDispatchDomainSetMemoryParameters)
	(remoteDispatchDomainGetMemoryParameters)
	(remoteDispatchDomainSetBlkioParameters)
	(remoteDispatchDomainGetBlkioParameters): Update clients.

	maint: prefer newer API names internally
	Rather mechanical in nature.
	* src/driver.h: Use newer virTypedParameter API names.
	* src/libvirt.c: Likewise.
	* daemon/remote.c: Likewise.
	* src/esx/esx_driver.c: Likewise.
	* src/libxl/libxl_driver.c: Likewise.
	* src/lxc/lxc_driver.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/remote/remote_driver.c: Likewise.
	* src/test/test_driver.c: Likewise.
	* src/xen/xen_driver.c: Likewise.
	* src/xen/xen_hypervisor.c: Likewise.
	* src/xen/xen_hypervisor.h: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* tools/virsh.c: Likewise.

	libvirt.h: avoid regression, and document preferred name
	Commit 824dcaff was a regression (thankfully unreleased) for any
	client code that used 'struct _virSchedParameter' directly rather
	than the preferred virSchedParameter typedef.  Adding a #define
	avoids even that API change, while rearranging the file makes it
	clear what the old vs. new API is.
	* include/libvirt/libvirt.h.in: Rearrange older names to the
	bottom and improve documentation on preferred names.
	(virDomainGetSchedulerParameters, virDomainSetSchedulerParameters)
	(virDomainSetSchedulerParametersFlags)
	(virDomainSetBlkioParameters, virDomainGetBlkioParameters)
	(virDomainSetMemoryParameters, virDomainGetMemoryParameters):
	Use newer type names.
	* python/libvirt-override.c: Adjust code generation to cope.
	Suggested by Daniel P. Berrange.

2011-05-29  Daniel Veillard  <veillard@redhat.com>

	Fix a make check error
	Apparently introdunced in commit 376e1d9420b
	the generator produces u_int flags not unsigned int flags.
	* src/remote_protocol-structs: fix to the actual expected type and
	  alignment

2011-05-29  Richard Laager  <rlaager@wiktel.com>

	Fix virExecWithHook Prototype
	This was necessary to get libvirt to build on Solaris 11 Express and
	seems correct (as it makes this match the definition in util.c):

2011-05-28  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: reorder locks
	This patch reorders the locks for the nwfilter updates and the access
	the nwfilter objects. In the case that the IP address learning thread
	was instantiating filters while an update happened, the previous order
	lead to a deadlock.

2011-05-28  Laine Stump  <laine@laine.org>

	interface: reformat error logs
	It was suggested during review of a different patch that the libvirt
	interface driver API's should have "netcf:" in their log
	messages. This patch eliminates that from all interface driver API
	functions, and also eliminates the extra " - " in the case that netcf
	returns no details in its error info (which *never* happens at
	present, but could happen sometime in the future.

2011-05-28  Michal Privoznik  <mprivozn@redhat.com>

	interface: implement a test driver for network config transaction API.

	interface: Implement driver methods for network config transaction API
	This is the functionality at the end of the libvirt part of the call
	chain - for each function, the corresponding netcf API is called.

	interface: expose network config transaction API to virsh
	This implements the commands iface-begin, iface-commit, and iface-rollback,
	which simply call the corresponding functions in the libvirt API.

	interface: implement remote protocol for network config transaction API

	interface: implement public APIs for libvirt transactional network changes

	interface: define internal driver API for network config transactions

	interface: new public API for network config change transactions
	This is the API agreed on in:
	  https://www.redhat.com/archives/libvir-list/2011-May/msg00026.html
	(with a slight name change to use "...begin" rather than
	"...start"). This implements transactional changes to the host network
	config. When a transaction is begun with ncf_change_begin(), all other
	netcf APIs will continue to work as they always have, but a snapshot
	of the existing config will be taken, allowing reversion (rollback,
	using ncf_change_rollback()) to the exact state of config at the time
	ncf_change_begin() was called. Alternately, if it's determined that
	the new changes are acceptable, ncf_change_commit() can be called,
	which will eliminate the snapshot and make the changes permanent.
	As a failsafe measure, if neither ncf_change_commit() or
	ncf_change_rollback() is called by the next time the system reboots,
	the netcf-transaction initscript will be automatically called to
	rollback the changes.

2011-05-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	openvz: Fix regression in openvzGetVPSUUID
	Commit f044376530f313a replaced openvz_readline with getline and
	changed EOF-handling in the openvzGetVPSUUID.
	This patch restores original EOF-handling.
	Reported by Jean-Baptiste Rouault.

	Add sexpr.c to the list of file with translatable messages
	This should have been in the last commit.

	sexpr: Improve serialization error reporting

	Fix build with --with-driver-modules enabled
	Export a bunch of missing symbols and link the remote driver to gnulib.

2011-05-27  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: implement the new flags for setting memory parameters
	* src/qemu/qemu_driver.c: update qemuDomainSetMemoryParameters to
	  look at the flag parameter and depending on it save the config
	  or the live amount

	qemu: implement the new flags for getting memory parameters
	* src/qemu/qemu_driver.c: update qemuDomainGetMemoryParameters to
	  look at the flag parameter and depending on it read the config
	  or the live amount

	Add new flags for setting memory parameters
	The new flags allow to pick current state, config or the live
	parameter, with current being the existing API default (0).
	This also hooks this to --config, --live, --current parameters for
	the memtune virsh command
	* include/libvirt/libvirt.h.in: defines the new flags
	* tools/virsh.c: adds support at virsh level
	* tools/virsh.pod: updates virsh documentation

2011-05-27  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	qemu : support persistent add/delete network interface
	This patch allows to modify interfaces of domain(qemu)
	* src/conf/domain_conf.c src/conf/domain_conf.h src/libvirt_private.syms:
	  (virDomainNetInsert)     : Insert a network device to domain definition.
	  (virDomainNetIndexByMac) : Returns an index of net device in array.
	  (virDomainNetRemoveByMac): Remove a NIC of passed MAC address.
	* src/qemu/qemu_driver.c
	  (qemuDomainAttachDeviceConfig): add codes for NIC.
	  (qemuDomainDetachDeviceConfig): add codes for NIC.

2011-05-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix regression in absolute file name handling
	Before commit 145d6cb05c45f4 (in August 2010) absolute file names
	in VMX and domain XML configs were handled correctly. But this got
	lost during the refactoring. The test cases didn't highlight this
	problem because they have their own set of file name handling
	functions. The actual ones require a real connection to an ESX
	server. Also the test case functions always worked correctly.
	Fix the regression and add a new in-the-wild VMX file that contains
	such a problematic absolute path. Even though this test case won't
	protect against new regressions.
	Reported by lofic (IRC nick)

	openvz: Add simple testcase for config file parsing function
	This testcase passes before the regression is added in f0443765, fails
	after that commit and passes again after the regression was fixed.

2011-05-27  Hu Tao  <hutao@cn.fujitsu.com>

	don't check flags in virDomainSetSchedulerParametersFlags
	drivers implementing domainSetSchedulerParametersFlags should check
	flags themselves.

2011-05-27  Taisuke Yamada  <tai@rakugaki.org>

	openvz: Fix regression in config file parsing
	As reported by Diego Blanco in
	  https://bugzilla.redhat.com/show_bug.cgi?id=702602
	commit f0443765 which replaced openvz_readline to getline(3)
	broke OpenVZ driver as it changed semantics of EOF-handling
	when parsing OpenVZ configuration.
	There're several other issues reported with current OpenVZ driver:
	 #1: unclear error message when parsing "CPUS=" line
	 #2: openvz driver goes into crashing loop
	 #3: "NETIF=" line in configuration is not parsed correctly
	 #4: aborts even when optional parameter is missing
	 #5: there's a potential memory leak
	This updated patch to fix #[145]. This patch does not fix #[23]
	as I haven't verified these yet, but this at least got me to run
	OpenVZ on libvirt once again.

2011-05-27  Eric Blake  <eblake@redhat.com>

	audit: fix minor off-by-one
	Coverity spotted this off-by-one.  Thankfully, no one in libvirt
	was ever calling virAuditSend with an argument of 3.
	* src/util/virtaudit.c (virAuditSend): Use correct comparison.

2011-05-27  Federico Simoncelli  <fsimonce@redhat.com>

	qemu: allow blkstat/blkinfo calls during migration
	Originally most of libvirt domain-specific calls were blocking
	during a migration.
	A new mechanism to allow specific calls (blkstat/blkinfo) to be
	executed in such condition has been implemented.
	In the long term it'd be desirable to get a more general
	solution to mark further APIs as migration safe, without needing
	special case code.
	 * src/qemu/qemu_migration.c: add some additional job signal
	   flags for doing blkstat/blkinfo during a migration
	 * src/qemu/qemu_domain.c: add a condition variable that can be
	   used to efficiently wait for the migration code to clear the
	   signal flag
	 * src/qemu/qemu_driver.c: execute blkstat/blkinfo using the
	   job signal flags during migration

2011-05-26  Markus Groß  <gross@univention.de>

	Add disk attach/detach support to libxl driver
	Based on the device attach/detach code from the QEMU driver,
	but using the new functions to create the structures associated.
	* src/libxl/libxl_driver.c: implements domainAttachDevice,
	  domainAttachDeviceFlags, domainDetachDevice, domainDetachDeviceFlags
	  and domainUpdateDeviceFlags

	Fix libxl vm def handling on domU cleanup
	* src/libxl/libxl_driver.c: in libxlVmCleanup, free up the
	  newDef definition if present overwise it would be leaked.

	Refactored libxl datastructure instantiation
	Create 3 new function refactored from previous list ones and
	exports them internally to the driver
	* src/libxl/libxl_conf.c src/libxl/libxl_conf.h: create libxlMakeDisk,
	  libxlMakeNic libxlMakeVfb out of the exsting static List functions
	  and exports them

	Fix modifying disk devices in qemu driver
	When modifying the disk devices of a live domain and the domain
	configuration, the function qemuDomainAttachDeviceConfig
	first sets dev->data->disk to NULL. Later qemuDomainAttachDeviceLive
	accesses dev->data.disk and causes a segfault.
	* src/qemu/qemu_driver.c: fix qemuDomainModifyDeviceFlags() accordingly

2011-05-26  Michal Privoznik  <mprivozn@redhat.com>

	schema: Add graphics element passwdValidTo attribute to schema
	We support this in code, but forgot to add this to RNG schema as well.
	According to documentation, the value match the dateTime type.

2011-05-26  Eric Blake  <eblake@redhat.com>

	build: fix 'make dist' for ./configure --without-remote
	Anything generated that must end up in the tarball must either
	have unconditional rules for generation (remote_protocol.c) or
	must live in libvirt.git for the case where the person running
	'make dist' has disabled the configure options that control the
	rebuild of the generated file (remote_protocol-structs).
	* src/Makefile.am (remote_protocol-structs): Add a dependency and
	document why it must live in git.
	($(srcdir)/remote/%_protocol.c, $(srcdir)/remote/%_protocol.c):
	Unconditionally generate.

2011-05-26  Richard W.M. Jones  <rjones@redhat.com>

	json: Avoid passing large positive 64 bit integers to QMP.
	http://lists.gnu.org/archive/html/qemu-devel/2011-05/threads.html#02162
	Currently, qemu silently clips any JSON integer in the range
	0x8000000000000000 - 0xffffffffffffffff (all numbers in this range
	will be clipped to 0x7fffffffffffffff == LLONG_MAX).
	To avoid this, pass these as signed 64 bit integers in the QMP
	request.

2011-05-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix sign mismatches between public API, driver API and XDR protocol
	In most cases this affects flags parameters that are unsigned in the
	public and driver API but signed in the XDR protocol. Switch the
	XDR protocol to unsigned for those.
	A counterexample is virNWFilterGetXMLDesc. Its flags parameter is signed
	in the public API and XDR protocol, but unsigned in the driver API.

	remote generator: Fix XDR sign mismatch for virNodeGet(Cells)FreeMemory
	virNodeGetFreeMemory used unsigned long long in the public API but
	signed hyper in the XDR protocol. Convert the XDR protocol to use
	unsigned hyper.
	As explained by Eric before, this doesn't affect the on-the-wire protocol.

	remote generator: Handle stream-using functions
	Extend procedure annotation in the .x file for stream handling.
	Adds a missing remoteStreamRelease call to remoteDomainScreenshot
	error path.

	remote generator: Make call-by-reference handling stricter
	Several functions return values by reference parameters. This is realized
	by passing the members of remote_CALL_ret by reference to the called
	function.
	The position of this parameters in the function signature follows some
	patterns with some exceptions. This patterns and exceptions are hardcoded
	in the generator.
	Add an insert@<offset> annotation to the remote_CALL_ret struct members
	for functions that return lists to remove some of the hardcoded patterns
	and exceptions.

	remote generator: Rename virNodeGetCellsFreeMemory parameters to common pattern
	This allows to remove some special case code from the generator.

	remote generator: Handle virDomainCreateWithFlags
	Add special case code for updating a given domain object instead of
	returning a new one.

	virsh: time_t is not a long on FreeBSD
	localtime_r expects time_t.

	time_t is not a long on FreeBSD, switch internal type to long long

	Allow to explicitly disable the secrets a directory storage driver

2011-05-26  Eric Blake  <eblake@redhat.com>

	build: avoid strerror_r pitfalls
	In particular, this guarantees that virStrerror always gives a
	useful result.
	* .gnulib: Update to latest, for (lots of) strerror_r fixes.

2011-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix the signature of virDomainMigrateFinish3 for error reporting
	The current virDomainMigrateFinish3 method signature attempts to
	distinguish two types of errors, by allowing return with ret== 0,
	but ddomain == NULL, to indicate a failure to start the guest.
	This is flawed, because when ret == 0, there is no way for the
	virErrorPtr details to be sent back to the client.
	Change the signature of virDomainMigrateFinish3 so it simply
	returns a virDomainPtr, in the same way as virDomainMigrateFinish2
	The disk locking code will protect against the only possible
	failure mode this doesn't account for (loosing conenctivity to
	libvirtd after Finish3 starts the CPUs, but before the client
	sees the reply for Finish3).
	* src/driver.h, src/libvirt.c, src/libvirt_internal.h: Change
	  virDomainMigrateFinish3 to return a virDomainPtr instead of int
	* src/remote/remote_driver.c, src/remote/remote_protocol.x,
	  daemon/remote.c, src/qemu/qemu_driver.c, src/qemu/qemu_migration.c:
	  Update for API change

	Fix preservation of errors across migration steps
	When doing migration, if an error occurs in Perform, it must not
	be overwritten during Finish/Confirm steps. If an error occurs
	in Finish, it must not be overwritten in Confirm.
	Previous commit a9d12c2444e43a0d3e5135eb15b4b62a7c011427 added
	code to qemudDomainMigrateFinish2 to preserve the error. This
	is not the right place, because it is not applicable in non-p2p
	migration. The src/libvirt.c virDomainMigrateV2/3 methods need
	code to preserve errors for non-p2p migration, while the
	doPeer2PeerMigrate2 and doPeer2PeerMigrate3 methods contain
	code to preverse errors for p2p migration.
	Remove the bogus error preservation from qemudDomainMigrateFinish2
	and qemudDomainMigrateFinish3.
	Fix virDomainMigrateV3 and doPeer2PeerMigrate3 so that they
	preserve any error hit during the Finish3 step, before invoking
	Confirm3.
	Finally if qemuMigrationFinish fails to resume the CPUs, it must
	preserve the error before tearing down the VM, so that VM cleanup
	doesn't overwrite it.
	* src/libvirt.c: Preserve error before invoking Confirm3
	* src/qemu/qemu_driver.c: Remove bogus error preservation
	  code in qemudDomainMigrateFinish2/qemudDomainMigrateFinish3
	* src/qemu/qemu_migration.c: Preserve error before invoking Confirm3
	  and after resume fails in qemuMigrationFinish.

	Improve debug logging of migration APIs
	* src/libvirt.c: Add further debug lines in helper APIs for
	  migration
	* src/qemu/qemu_migration.c: Add debug lines for all internal
	  migration API parameters

	Fix error propagation in finish method for v3 migration
	Even when failing to start CPUs, the finish method was returning
	a success result. Fix this so that the QEMU process is killed
	off when finish fails under v3 protocol. Also rename the
	killOnFinish boolean to 'v3proto' to make it clearer that this
	is a tunable based on the migration protocol version
	* src/qemu/qemu_driver.c: Update for API change
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Kill
	  VM in qemuMigrationFinish if failing to start CPUs

	Fix SPICE seamless migration hostname
	The SPICE seamless migration process requires data to be passed
	back from the target host, to the source host via a cookie.
	The cookie includes the target host's hostname, but this was not
	stored, merely validated. This patch explicitly records the
	remote hostname after parsing the cookie, and uses it when
	initiating the SPICE migration
	* qemu/qemu_migration.c: Fix SPICE seamless migration hostname

	Fix resume on destination when doing non-live tunnelled migration
	Before running perform in peer-2-peer migration, the current
	guest state must be recorded, so that non-live migration can
	currently unpause a running guest on completion.
	* src/qemu/qemu_migration.c: Move check for offline guest
	  to fix non-live migration

	Introduce two method migration APIs
	There are two pieces of information which are desirable for
	migration, which cannot be supplied by applications
	 - The explicit QEMU migration URI, while using Peer2Peer
	   migration
	 - An override for the target VM XML
	This introduces two new public APIs to support these extra
	parameters. There is no need for extra wire protocool changes,
	since this is supported by the v3 migration enhancements
	* include/libvirt/libvirt.h.in,
	  src/libvirt.c, src/libvirt_public.syms: Add virDomainMigrate2
	  and virDomainMigrateToURI2

	Add a second URI parameter to virDomainMigratePerform3 method
	The virDomainMigratePerform3 currently has a single URI parameter
	whose meaning varies. It is either
	 - A QEMU migration URI (normal migration)
	 - A libvirtd connection URI (peer2peer migration)
	Unfortunately when using peer2peer migration, without also
	using tunnelled migration, it is possible that both URIs are
	required.
	This adds a second URI parameter to the virDomainMigratePerform3
	method, to cope with this scenario. Each parameter how has a fixed
	meaning.
	NB, there is no way to actually take advantage of this yet,
	since virDomainMigrate/virDomainMigrateToURI do not have any
	way to provide the 2 separate URIs
	* daemon/remote.c, src/remote/remote_driver.c,
	  src/remote/remote_protocol.x, src/remote_protocol-structs: Add
	  the second URI parameter to perform3 message
	* src/driver.h, src/libvirt.c, src/libvirt_internal.h: Add
	  the second URI parameter to Perform3 method
	* src/libvirt_internal.h, src/qemu/qemu_migration.c,
	  src/qemu/qemu_migration.h: Update to handle URIs correctly

	Extend v3 migration protocol to allow app supplied XML for target
	This extends the v3 migration protocol such that the
	virDomainMigrateBegin3 and virDomainMigratePerform3
	methods accept an application supplied XML config for
	the target VM.
	If the 'xmlin' parameter is NULL, then Begin3 uses the
	current guest XML as normal. A driver implementing the
	Begin3 method should either reject all non-NULL 'xmlin'
	parameters, or strictly validate that the app supplied
	XML does not change guest ABI.
	The Perform3 method also needed the xmlin parameter to
	cope with the Peer2Peer migration sequence.
	NB it is not yet possible to use this capability since
	neither of the public virDomainMigrate/virDomainMigrateToURI
	methods have a way to pass in XML.
	* daemon/remote.c, src/remote/remote_driver.c,
	  src/remote/remote_protocol.x, src/remote_protocol-structs:
	  Add 'remote_string xmlin' parameter to begin3/perform3
	  RPC messages
	* src/libvirt.c, src/driver.h, src/libvirt_internal.h: Add
	  'const char *xmlin' parameter to Begin3/Perform3 methods
	* src/qemu/qemu_driver.c, src/qemu/qemu_migration.c,
	  src/qemu/qemu_migration.h: Pass xmlin parameter around
	  migration methods

2011-05-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Report an error when auth pointer is missing instead of declining
	Otherwise an attempt to use virConnectOpen or virConnectOpenAuth without
	auth pointer results in the driver declining the URI and libvirt falling
	back to the remote driver for an esx:// URI.

2011-05-25  Jim Fehlig  <jfehlig@novell.com>

	Fix initialization of current vcpus in libxl driver
	The cur_vcpus member of struct libxl_domain_build_info was incorrectly
	initialized to the number of vcpus, when it should have been interpreted
	as a bitmap, where bit X corresponds to online/offline status of vcpuX.
	To complicate matters, cur_vcpus is an int, so only 32 vcpus can be
	set online.  Add a check to ensure vcpus does not exceed this limit.
	V2: Eric Blake noted a compilation pitfal when '1 << 32' on an int.
	    Account for vcpus == 32.

2011-05-25  Eric Blake  <eblake@redhat.com>

	build: fix VIR_DEBUG on mingw
	We don't use the gnulib vsnprintf replacement, which means that
	on mingw, vsnprintf doesn't support %zn or %lln.
	And as it turns out, VIR_GET_VAR_STR was a rather inefficient
	reimplementation of virVasprintf logic.
	* src/util/logging.c (VIR_GET_VAR_STR): Drop.
	(virLogMessage): Inline a simpler version here.
	* src/util/virterror.c (VIR_GET_VAR_STR, virRaiseErrorFull):
	Likewise.
	Reported by Matthias Bolte.

2011-05-24  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't change ownership of file when appending to it
	Saving domain to previously created file changes also its ownership.
	This is certainly not what users want if some conditions are met:
	it is a regular, local file and dynamic_ownership is off.

2011-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix accidental revert of .gnulib update
	Change f88af9dc16cf891f88bb925885bdf5e328cf44df accidentally
	reverted the .gnulib update from f3cfc99e794bd77479878fc224c6581b61d57dbd
	* .gnulib: Update to 2c25c9ebe8db1415bfde25f0a451767332c8cf59

2011-05-24  Laine Stump  <laine@laine.org>

	qemu: fix typo in name - should be VHOST_NET, not VNET_HOST
	NB: the enum that uses the string vnet-host (now changed to vhost-net)
	is used in XML, but fortunately that hasn't been in an official
	release yet, so it can still be fixed.

2011-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU -vnc arg generation with raw IPv6 addresses
	Since -vnc uses ':' to separate the address from the port, raw
	IPv6 addresses need to be escaped like [addr]:port
	* src/qemu/qemu_command.c: Escape raw IPv6 addresses with []
	* tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc.args,
	  tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc.xml: Tweak
	  to test Ipv6 escaping
	* docs/schemas/domain.rng: Allow Ipv6 addresses, or hostnames
	  in <graphics> listen attributes

	Fix peer2peer migration with transient VMs
	The qemuMigrationConfirm method shouldn't deal with final VM
	cleanup, since it can be called from the peer2peer migration,
	which expects to still use the 'vm' object afterwards.
	Push the cleanup code out of qemuMigrationConfirm, into its
	caller, qemuDomainMigrateConfirm3
	* src/qemu/qemu_driver.c: Add VM cleanup code to
	  qemuDomainMigrateConfirm3
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Remove
	  job handling cleanup from qemuMigrationConfirm

	Perform feature flag compat checking in QEMU migration cookies
	To allow new mandatory migration cookie data to be introduced,
	add support for checking supported feature flags when parsing
	migration cookie.
	* src/qemu/qemu_migration.c: Feature flag checking in migration
	  cookie parsing

2011-05-24  Jiri Denemark  <jdenemar@redhat.com>

	Replace all remaining setgid/setuid calls with virSetUIDGID
	Two additional places need initgroups call to properly work in an
	environment where the UID is allowed to open/create stuff through its
	supplementary groups.

	util: Keep errno set to the root error after when returning from virSetUIDGID

2011-05-24  Michal Privoznik  <mprivozn@redhat.com>

	python: Don't free must-not-free variables
	py_str() function call PyString_AsString(). As written in documentation,
	the caller must not free the returned value, because it points to some
	internal structures.

	storage: Add comment to picking return value of qemu-img
	Commit d7b2679253504d6defa9fc7159b572cfd6a25a95 introduced
	a return value picking of qemu-img on '-h', but without any comment.

2011-05-24  Alon Levy  <alevy@redhat.com>

	spice: support streaming-video parameter
	This adds a streaming-video=filter|all|off attribute. It is used to change
	the behavior of video stream detection in spice, the default is filter (the
	default for libvirt is not to specify it - the actual default is defined in
	libspice-server.so).
	Usage:
	    <graphics type='spice' autoport='yes'>
	      <streaming mode='off'/>
	    </graphics>
	Tested with the above and with tests/qemuxml2argvtest.

2011-05-24  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: enable filtering of gratuitous ARP packets
	This patch enables filtering of gratuitous ARP packets using the following XML:
	<rule action='accept' direction='in' priority='425'>
	<arp gratuitous='true'/>
	</rule>

2011-05-24  Laine Stump  <laine@laine.org>

	qemu: don't require is_kvm for vhost-net support
	This was discussed in:
	  https://www.redhat.com/archives/libvir-list/2011-May/msg01370.html
	The capabilities code only sets the flag to allow use of vhost-net if
	kvm is detected (set if the help string contains "(qemu-kvm-" or
	"(kvm-"), but actually vhost-net is available in some qemu builds that
	don't have kvm in their name, so just checking for ",vhost=" is enough.

2011-05-24  Doug Goldstein  <cardoe@cardoe.com>

	Use per-user TLS certificates when possible
	When using TLS authentication and operating as the non-root user,
	initially attempt to use that specific user's TLS certificates before
	attempting to use the system wide TLS certificates.

2011-05-23  Michal Privoznik  <mprivozn@redhat.com>

	python: Fix typo in bindings
	This typo caused a bug in which we wanted to free() invalid pointer.

	storage: pick return value of qemu-img
	qemu-img returns non-zero status on -h. Therefore we need to
	provide virCommandRun() a non-NULL exit status pointer.

2011-05-22  Wen Congyang  <wency@cn.fujitsu.com>

	build: generate files when building without libvirtd
	Steps to reproduce this problem:
	1. # ./autogen.sh --without-libvirtd
	2. # make dist
	   ...
	   make[1]: Entering directory `/home/wency/source/libvirt-nodaemon/daemon'
	   make[1]: *** No rule to make target `remote_dispatch_prototypes.h', needed by `distdir'.  Stop.
	   make[1]: Leaving directory `/home/wency/source/libvirt-nodaemon/daemon'
	   make: *** [distdir] Error 1

2011-05-21  Osier Yang  <jyang@redhat.com>

	docs: Fix error syntax of vcpupin example XML
	Lacks of "/", push this directly in trivial rule.

2011-05-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Add special case for virConnectGetType

2011-05-20  Richard W.M. Jones  <rjones@redhat.com>

	libvirt.spec: /var/cache/libvirt should be 0711.
	This allows qemu to create files in /var/cache/libvirt/qemu/, and
	specifically is required to fix virDomainMemoryPeek.

	remote: remove bogus virDomainFree.

	qemudDomainMemoryPeek: change ownership/selinux label on temporary file.
	Otherwise qemu is unable to write to it, with the error:
	libvir: QEMU error : internal error unable to execute QEMU command 'memsave': Could not open '/var/cache/libvirt/qemu/qemu.mem.RRNvLv'

2011-05-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Don't rely on $_ being stable over a large function
	Replace $calls{$_} with $call in the dispatch bodies generator function.
	No functional change included.

2011-05-20  Eric Blake  <eblake@redhat.com>

	build: require newer gettext
	Now that RHEL 5.6 ships with gettext 0.17, we can get out of the
	stone age and use the newer gettext capabilities and improved
	macros for certain configure tests.
	* configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.17.
	(MKINSTALLDIRS): Delete hack that is no longer needed.
	* bootstrap.conf (buildreq): Check for minimum gettext version.
	Based on a report by Wen Congyang.

2011-05-20  Supriya Kannery  <supriyak@in.ibm.com>

	virsh: Use Env variables for debug level and logfile
	Use variables VIRSH_DEBUG and VIRSH_LOG_FILE for controlling virsh logging.

2011-05-19  Daniel P. Berrange  <berrange@redhat.com>

	Don't generate cookies with v2 migration protocol.
	The v2 migration protocol had a limit on cookie length that was
	too small to be useful for QEMU. Avoid generating cookies with
	v2 protocol, so that old libvirtd can still reliably migrate a
	guest to new libvirtd uses v2 protocol.
	* src/qemu/qemu_driver.c: Avoid migration cookies with v2
	  migration

	Fix QEMU migration cookie crash for guests with no graphics
	When generating a cookie for a guest with no data, the
	QEMU_MIGRATION_COOKIE_GRAPHICS flag was set even if no
	graphics data was added. Avoid setting the flag unless
	it was needed, also add a safety check for mig->graphics
	being non-NULL
	* src/qemu/qemu_migration.c: Avoid cookie crash for guest
	  with no graphics

	Ensure p2p and direct migration use the new v3 protocol if available
	The internal virDomainMigratePeer2Peer and virDomainMigrateDirect
	helper methods were not checking whether the target supports the
	v3 migration protocol.
	* src/libvirt.c: Use v3 migration protocol for p2p/direct
	  migration if available.

	Blank out the 'listenAddr' parameter if empty string
	Some bogus apps are generating a VNC/SPICE/RFB listen attribute
	with no content. This then causes a failure with the graphics
	migration cookie parsing. Blank out the 'listenAddr' parameter
	after parsing domain XML if it is the empty string, so the host
	default takes over
	* src/qemu/qemu_migration.c: Blank out listenAddr parameter
	  if empty

2011-05-19  Eric Blake  <eblake@redhat.com>

	remote: remove special case for getting version
	The on-the-wire protocol is identical; XDR guarantees that
	both 'hyper' and 'unsigned hyper' are transmitted as 8 bytes.
	* src/remote/remote_protocol.x (remote_get_version_ret)
	(remote_get_lib_version_ret): Match public API.
	* daemon/remote_generator.pl: Drop special case.
	* src/remote_protocol-structs: Reflect updated type.

	build: silence clang false positive
	Clang couldn't quite see that the same condition of
	(flags & VIR_DOMAIN_MEM_CONFIG) is used twice, such that
	the second block is guaranteed that def was assigned in
	the first block.
	* src/libxl/libxl_driver.c (libxlDomainSetMemoryFlags): Add a hint
	for clang.

	virsh: optimize creation of default connection
	Ramon de Carvalho Valle reported a problem with:
	virsh connect qemu:///system
	as a non-root user.  The real root problem appears to be a regression
	in libvirtd being auto-started on the default qemu:///session URI;
	however, the symptom points to an independent flaw in virsh - we
	shouldn't be wasting efforts on making a connection if we aren't going
	to be using that connection.  Fixing virsh avoids Ramon's issue, while
	I work in the meantime to fix the real libvirtd regression.
	This patch looks big, but that's because 'gcc -Wmissing-field-initializers'
	gets triggered by './autobuild.sh --enable-compile-warnings=error', so I
	had to add 0 initialization to everyone (rather than my preference of
	just adding the non-zero flags to virshCmds and to cmdConnect).
	Meanwhile, if you use 'virsh -c URI', the connection must succeed; this
	patch _only_ optimizes the default connection to be deferred to a later
	point where we know if a particular command to be run needs a connection.
	* tools/virsh.c (VSH_CMD_FLAG_NOCONNECT): New flag.
	(vshCmdDef): Add new flags field.
	(vshCommandRun): Honor new flag.
	(domManagementCmds, domMonitoringCmds, storagePoolCmds)
	(storageVolCmds, networkCmds, nodedevCmds, ifaceCmds)
	(nwfilterCmds, secretCmds, virshCmds, snapshotCmds)
	(hostAndHypervisorCmds): Populate new field.
	(vshReconnect): Don't warn on initial connection.

2011-05-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	Improve invalid argument checks for the public API

	Clarify that virDomainGet(Memory|Blkio)Parameters doesn't support subsets
	Improve invalid argument checks in the size query case. The drivers already
	relied on this unchecked behavior.
	Relax the implementation of virDomainGet(Memory|Blkio)MemoryParameters
	in the drivers and allow to pass more memory than necessary for all
	parameters.

	Clarify that virDomainSet(Memory|Blkio)Parameters can take parameter subsets

	Clarify that virDomainSetSchedulerParameters(Flags) can take subsets
	Add invalid argument checks for params and nparams to the public API
	and remove them from the drivers (e.g. xend).
	Add subset handling to libxl and test drivers.

	Clarify the semantic of virDomainGetSchedulerParameters arguments
	params and nparams are essential and cannot be NULL. Check this in
	libvirt.c and remove redundant checks from the drivers (e.g. xend).
	Instead of enforcing that nparams must point to exact same value as
	returned by virDomainGetSchedulerType relax this to a lower bound
	check. This is what some drivers (e.g. xen hypervisor and esx)
	already did. Other drivers (e.g. xend) didn't check nparams at all
	and assumed that there is enough space in params.
	Unify the behavior in all drivers to a lower bound check and update
	nparams to the number of valid values in params on success.

	Clarify semantic of nparams argument of virDomainGetSchedulerType
	Some drivers assumed it can be NULL (e.g. qemu and lxc) and check it
	before assigning to it, other drivers assumed it must be non-NULL
	(e.g. test and esx) and just assigned to it.
	Unify this to nparams being optional and document it.

2011-05-18  Cole Robinson  <crobinso@redhat.com>

	Fix messages using VIR_ERR_XML_ERROR
	This error code has existed since the dawn of time, yet the messages it
	generates are almost universally busted. Here's a small sampling:
	src/conf/domain_conf.c:4889 : XML description for missing root element is not well formed or invalid
	src/conf/domain_conf.c:4951 : XML description for unknown device type is not well formed or invalid
	src/conf/domain_conf.c:5460 : XML description for maximum vcpus must be an integer is not well formed or invalid
	src/conf/domain_conf.c:5468 : XML description for invalid maxvcpus %(count)lu is not well formed or invalid
	Fix up the error code to instead be
	XML error: <msg>
	Adjust the few locations that were using the original correctly (or shouldn't
	have been using the error code at all).
	v2:
	    Fix wording of error code without a passed argument

2011-05-18  Eric Blake  <eblake@redhat.com>

	libvirt.h: consolidate typed parameter handling
	The new type is identical to the three old types that it replaces,
	and by creating a common type, this allows future patches to share
	common code that manipulates typed parameters.
	This change is backwards-compatible in API (recompilation works
	without any edits) and ABI (an older client that has not been
	recompiled uses the same layout) for code using only public
	names; only code using private names (those beginning with _)
	will have to adapt.
	* include/libvirt/libvirt.h.in (virTypedParameterType)
	(VIR_TYPED_PARAM_FIELD_LENGTH, _virTypedParameter): New enum,
	macro, and type.
	(virSchedParameter, virBlkioParameter, virMemoryParameter):
	Rewrite in terms of a common type, while keeping all old public
	names for backwards compatibility.
	(struct _virSchedParameter, struct _virBlkioParameter)
	(struct _virMemoryParameter): Delete - these are private names.
	* python/generator.py (enum): Cope with the refactoring.

	build: update to latest gnulib
	* .gnulib: Update, for bootstrap and other fixes.
	* bootstrap: Resynchronize with gnulib.

2011-05-18  Dirk Herrendorefer  <d.herrendoerfer@herrendoerfer.name>

	Add support for 'passthru' mode for direct network interfaces
	starting with kernel 2.6.38 macvtap supports a 'passthru' mode for
	attaching virtual functions of a SRIOV capable network card directly to a VM.
	This patch adds the capability to configure such a device.

2011-05-18  Michal Privoznik  <mprivozn@redhat.com>

	qemu: fix typo in spice migration code
	This typo caused XPath returning improper value and thus not
	working spice after migration.

2011-05-18  Hu Tao  <hutao@cn.fujitsu.com>

	virsh: add parameters --live, --config and --current to cmd schedinfo
	This enables user to modify cpu.shares even when domain is inactive.

	remote: introduce remoteSetSchedulerParametersFlags
	support for virDomainSetSchedulerParametersFlags of remote driver.

	qemu: introduce qemuSetSchedulerParametersFlags
	Support for virDomainSetSchedulerParametersFlags of qemu driver.

2011-05-18  Eric Blake  <eblake@redhat.com>

	sched: adjust parameter values to make current = 0
	See virDomainMemoryModFlags for precedent.
	* include/libvirt/libvirt.h.in (virDomainSchedParameterFlags): Set
	CURRENT as a synonym to 0.

2011-05-17  Hu Tao  <hutao@cn.fujitsu.com>

	introduce virDomainSetSchedulerParametersFlags
	This new function allows aditional flags to be passed into from
	the virsh command line.

2011-05-17  Eric Blake  <eblake@redhat.com>

	build: drop unused <sys/syslimits.h> header
	<sys/syslimits.h> is not standardized, so portable programs should
	not need to rely on it.  If there really is something that we need
	where <sys/syslimits.h> provided the limit but <limits.h> did not,
	then that would be a candidate for fixing in gnulib.  But this patch
	did not turn up any compilation failures on Linux.
	* src/internal.h (includes): Drop unused header.
	* daemon/libvirtd.h (includes): Likewise.
	* configure.ac (AC_CHECK_HEADERS): Likewise.
	Based on a report by Matthias Bolte.

2011-05-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix prototype of virRun for Win32 targets
	* src/util/util.c: Fix virRun prototype

2011-05-17  Eric Blake  <eblake@redhat.com>

	build: tolerate unlimited group size
	POSIX allows sysconf(_SC_GETPW_R_SIZE_MAX) to return -1 if there
	is no fixed limit, and requires ERANGE errors to track real size.
	Model our behavior after the example in POSIX itself:
	http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid_r.html
	Also, on error for get*_r functions, errno is undefined, and the
	real error was the return value.
	* src/util/util.c (virGetUserEnt, virGetUserID, virGetGroupID)
	(virSetUIDGID):  Cope with sysconf failure or too small buffer.
	Reported by Matthias Bolte.

	openvz: fix logic bug in previous patch
	We want to free names on failure, not on success.
	* src/openvz/openvz_driver.c (openvzListDefinedDomains): Use
	correct condition.

2011-05-17  Cole Robinson  <crobinso@redhat.com>

	storage_backend: Convert virRunWithHook usage to virCommand
	virRunWithHook is now unused, so we can drop it. Tested w/ raw + qcow2
	volume creation and copying.
	v2:
	    Use opaque data to skip hook second time around
	    Simply command building
	v3:
	    Drop explicit FindFileInPath

	storage_backend: Fix error reporting with regex helper
	Some clients overwrite the error from the regex helper, or do half-baked
	error reporting with the exitstatus.

	storage: Covert regex helpers to virCommand
	v2:
	    Simplify command creation
	    Add a missing virCommandFree
	    Use virCommand auto-cleanup for async process

	openvz: Convert virExec usage to virCommand
	v2:
	    Use virCommand's autocleanup
	v3:
	    Don't free 'names' on success

	storage: iscsi: Convert virExec to virCommand
	v2:
	    Use virCommand auto-cleanup

2011-05-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix error reporting in stream creation code
	virStreamNew needs to dispatch the error that virGetStream reports
	on failure.
	remoteCreateClientStream can fail due to virStreamNew or due to
	VIR_ALLOC. Report OOM error for VIR_ALLOC failure to report errors
	in all error cases.
	Remove OOM error reporting from remoteCreateClientStream callers.

	remote generator, client: Add more special case handling
	For virDomainDestroy and virDrvSupportsFeature.

	remote generator, client: Handle functions that return an optional string

	esx: Simplify some esxVI_Boolean to bool

	esx: Convert autoAnswer from esxVI_Boolean to a simple bool
	Just true/false is good enough for it. Also use it directly from the
	parsed URI instead of caching it in esxPrivate.

	esx: Fix race condition in esxVI_EnsureSession
	When the session has expired then multiple threads can race while
	reestablishing it.
	This race condition is not that critical as it requires a special usage
	pattern to be triggered. It can only happen when an application doesn't
	do API calls for quite some time (the session expires after 30 min
	inactivity) and then multiple threads doing simultaneous API calls and
	end up doing simultaneous calls to esxVI_EnsureSession.

2011-05-17  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Correctly initialize libvirt
	virsh didn't call virInitialize(), which (among other things)
	initializes virLastErr thread local variable. As a result of that, virsh
	could just segfault in virEventRegisterDefaultImpl() since that is the
	first call that touches (resets) virLastErr.
	I have no idea what lucky coincidence made this bug visible but I was
	able to reproduce it in 100% cases but only in one specific environment
	which included building in sandbox.

2011-05-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Whitespace cleanup in the generator
	Break long lines and change spacing of keyword arguments to match
	Python style standards better.
	No functional change included.

2011-05-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of mime type string in screenshot dispatcher
	* daemon/remote.c: Free mime string

	Remove obsolete remoteDispatchOOMError method
	No new code should be using remoteDispatchOOMError()
	* daemon/dispatch.c, daemon/dispatch.h: Remove remoteDispatchOOMError

2011-05-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Change some alignments in the input file
	No functional change included.

	esx: Change generated method parameter autobinding
	Instead of specifying the type of the managed object directly specify
	the ServiceContent member name. This way the mapping dictionary can be
	removed.

2011-05-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix remote dispatcher for screenshot command
	* daemon/remote.c: Update screenshot dispatcher to follow
	  standard practice

2011-05-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	virsh: Report an error when virGetUserDirectory fails
	Otherwise virsh shows the interactive greeting and then silently exists
	instead of entering interactive mode.

2011-05-17  Eric Blake  <eblake@redhat.com>

	maint: mark more perl scripts executable
	* src/remote/rpcgen_fix.pl: Add executable bit.
	* tests/oomtrace.pl: Likewise.

	maint: mark perl script executable
	* docs/hvsupport.pl: Add execute bit.

2011-05-16  Eric Blake  <eblake@redhat.com>

	maint: ignore generated file
	* .gitignore: Ignore recently added file.

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Add missing initialization to 'ret' in qemu migration
	* src/qemu/qemu_migration.c: Add missing 'ret' initializer
	  in qemuMigrationCookieXMLParseStr

	Disable virCommandExec on Win32
	Mingw execve() has a broken signature. Disable this
	function until gnulib fixes the signature, since we
	don't really need this on Win32 anyway.
	* src/util/command.c: Disable virCommandExec on Win32

	Improve error message when XDR marshalling fails
	When failing to marshall an XDR message, include the
	full program/version/status/proc/type info, to allow
	easier debugging & diagnosis of the problem.
	* src/remote/remote_driver.c: Improve error when marshalling
	  fails

	Run tunnelled migration IO in separate thread
	By running the doTunnelSendAll code in a separate thread, the
	main thread can do qemuMigrationWaitForCompletion as with
	normal migration. This in turn ensures that job signals work
	correctly and that progress monitoring can be done
	* src/qemu/qemu_migration.c: Run tunnelled migration in
	  separate thread

	Don't overwrite error when stream send fails
	virStreamSend already sets an error message, so don't
	overwrite it
	* src/qemu/qemu_migration.c: Remove bogus error report

	Close all sockets before cancelling QEMU migration
	Cancelling the QEMU migration may cause QEMU to flush pending
	data on the migration socket. This may in turn block QEMU if
	nothing reads from the other end of the socket. Closing the
	socket before cancelling QEMU migration avoids this possible
	deadlock.
	* src/qemu/qemu_migration.c: Close sockets before cancelling
	  migration on failure

	Ensure we always read a full buffer in tunnelled migration
	The 'nbytes' variable was not re-initialized to the
	buffer size on each iteration of the tunnelled migration
	loop. While saferead() will ensure a full read, except
	on EOF, it is clearer to use the real buffer size
	* src/qemu/qemu_migration.c: Always read full buffer of data

	Make tunnelled migration honour resource restriction
	The doTunnelMigrate method forgot to set the bandwidth
	resource restriction
	* src/qemu/qemu_migration.c: Set resource restriction

	Refactor migration completion loop to allow code reuse
	The qemuMigrationWaitForCompletion method contains a loop which
	repeatedly queries QEMU to check migration progress, and also
	processes job signals (pause, setspeed, setbandwidth, cancel).
	The tunnelled migration loop does not currently support this
	functionality, but should. Refactor the code to allow it to
	be used with tunnelled migration.

	Implement migration v3 protocol in QEMU driver
	Implement the v3 migration protocol, which has two extra
	steps, 'begin' on the source host and 'confirm' on the
	source host. All other methods also gain both input and
	output cookies to allow bi-directional data passing at
	all stages.
	The QEMU peer2peer migration method gains another impl
	to provide the v3 migration. This finally allows migration
	cookies to work with tunnelled migration, which is required
	for Spice seamless migration & the lock manager transfer
	* src/qemu/qemu_driver.c: Wire up migrate v3 APIs
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Add
	  begin & confirm methods, and peer2peer impl of v3

	Merge tunnel & non-tunnel migration impl into one
	Merge the doNonTunnelMigrate2 and doTunnelMigrate2 methods
	into one doPeer2PeerMigrate2 method, since they are substantially
	the same. With the introduction of v3 migration, this will be
	even more important, to avoid massive code duplication.
	* src/qemu/qemu_migration.c: Merge tunnel & non-tunnel migration

	Fix VM teardown if prepare returns invalid URI in v2 migration
	The v2 migration protocol was accidentally missing out the
	finish step, when prepare succeeded, but returned an invalid
	URI
	* src/libvirt.c: Teardown VM if prepare returns invalid URI

	Refactor tunnelled migration methods
	To facilitate the introduction of the v3 migration protocol,
	the doTunnelMigrate method is refactored into two pieces. One
	piece is intended to mirror the flow of virDomainMigrateVersion2,
	while the other is the helper for setting up sockets and processing
	the data.
	Previously socket setup would be done before the 'prepare' step,
	so errors could be dealt with immediately, avoiding need to shut
	off the destination QEMU. In the new split, socket setup is done
	after the 'prepare' step. This is not a serious problem, since
	the control flow already requires calling 'finish' to tear down
	the destination QEMU upon several errors.
	* src/qemu/qemu_migration.c:

	Wire up SPICE client relocation with QEMU migration
	Use the graphics information from the QEMU migration cookie to
	issue a 'client_migrate_info' monitor command to QEMU. This causes
	the SPICE client to automatically reconnect to the target host
	when migration completes
	* src/qemu/qemu_migration.c: Set data for SPICE client relocation
	  before starting migration on src
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  new qemuMonitorGraphicsRelocate() command

	Pass graphics setup from dst back to src via migration cookies
	Extend the QEMU migration cookie structure to allow information
	about the destination host graphics setup to be passed by to
	the source host. This will enable seamless migration of any
	connected graphics clients
	* src/qemu/qemu_migration.c: Add graphics info to migration
	  cookies
	* daemon/libvirtd.c: Always initialize gnutls to enable
	  x509 cert parsing in QEMU

	Introduce migration cookies to QEMU driver
	The migration protocol has support for a 'cookie' parameter which
	is an opaque array of bytes as far as libvirt is concerned. Drivers
	may use this for passing around arbitrary extra data they might
	need during migration. The QEMU driver needs to do a few things:
	 - Pass hostname/uuid to allow strict protection against localhost
	   migration attempts
	 - Pass SPICE/VNC server port from the target back to the source to
	   allow seamless relocation of client sessions
	 - Pass lock driver state from source to destination
	This patch introduces the basic glue for handling cookies
	but only includes the host/guest UUID & name.
	* src/libvirt_private.syms: Export virXMLParseStrHelper
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Parsing
	  and formatting of migration cookies
	* src/qemu/qemu_driver.c: Pass in cookie parameters where possible
	* src/remote/remote_protocol.h, src/remote/remote_protocol.x: Change
	  cookie max length to 16384 bytes

	Fix locking with qemuMigrationPrepareTunnel method
	The qemuMigrationPrepareTunnel method should not unlock the
	qemu driver, since that is the caller's job.
	* src/qemu/qemu_migration.c: Fix qemuMigrationPrepareTunnel
	  unlocking of QEMU driver

	Remote driver implementation of new migration API
	* src/remote/remote_protocol.x: Define wire protocol for migration
	  protocol v3
	* daemon/remote.c: Server side dispatch
	* src/remote/remote_driver.c: Client side serialization
	* src/remote/remote_protocol.c, src/remote/remote_protocol.h,
	  daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_ret.h, daemon/remote_dispatch_table.h:
	  Re-generate files
	* src/remote_protocol-structs: Declare new ABIs

	Introduce yet another migration version in API.
	Migration just seems to go from bad to worse. We already had to
	introduce a second migration protocol when adding the QEMU driver,
	since the one from Xen was insufficiently flexible to cope with
	passing the data the QEMU driver required.
	It turns out that this protocol still has some flaws that we
	need to address. The current sequence is
	 *  Src: DumpXML
	          - Generate XML to pass to dst
	 *  Dst: Prepare
	          - Get ready to accept incoming VM
	          - Generate optional cookie to pass to src
	 *  Src: Perform
	          - Start migration and wait for send completion
	          - Kill off VM if successful, resume if failed
	 *  Dst: Finish
	          - Wait for recv completion and check status
	          - Kill off VM if unsuccessful
	The problems with this are:
	 - Since the first step is a generic 'DumpXML' call, we can't
	   add in other migration specific data. eg, we can't include
	   any VM lease data from lock manager plugins
	 - Since the first step is a generic 'DumpXML' call, we can't
	   emit any 'migration begin' event on the source, or have
	   any hook that runs right at the start of the process
	 - Since there is no final step on the source, if the Finish
	   method fails to receive all migration data & has to kill
	   the VM, then there's no way to resume the original VM
	   on the source
	This patch attempts to introduce a version 3 that uses the
	improved 5 step sequence
	 *  Src: Begin
	          - Generate XML to pass to dst
	          - Generate optional cookie to pass to dst
	 *  Dst: Prepare
	          - Get ready to accept incoming VM
	          - Generate optional cookie to pass to src
	 *  Src: Perform
	          - Start migration and wait for send completion
	          - Generate optional cookie to pass to dst
	 *  Dst: Finish
	          - Wait for recv completion and check status
	          - Kill off VM if failed, resume if success
	          - Generate optional cookie to pass to src
	 *  Src: Confirm
	          - Kill off VM if success, resume if failed
	The API is designed to allow both input and output cookies
	in all methods where applicable. This lets us pass around
	arbitrary extra driver specific data between src & dst during
	migration. Combined with the extra 'Begin' method this lets
	us pass lease information from source to dst at the start of
	migration
	Moving the killing of the source VM out of Perform and
	into Confirm, means we can now recover if the dst host
	can't successfully Finish receiving migration data.

	Automatically generate the hvsupport.html.in file from source files
	The hvsupport.html.in file is forever out of date. By annotating
	the driver struct tables in each driver with version information,
	we can auto-generate the hvsupport.html.in file. Annotating the
	drivers will be mandatory for new patches, ensuring hvsupport.html.in
	is never out of date again.
	* docs/hvsupport.html.in: Delete
	* hvsupport.pl: Script to generate hvsupport.html.in
	* Makefile.am: Autogenerate hvsupport.html.in

	Add many version number annotations to drivers
	Add many version number annotations to the internal driver
	tables, to allow hvsupport.html to display more accurate
	information

	Convert all driver struct intializers to C99 style
	Change all the driver struct initializers to use the
	C99 style, leaving out unused fields. This will make
	it possible to add new APIs without changing every
	driver. eg change:
	    qemudDomainResume, /* domainResume */
	    qemudDomainShutdown, /* domainShutdown */
	    NULL, /* domainReboot */
	    qemudDomainDestroy, /* domainDestroy */
	to
	    .domainResume = qemudDomainResume,
	    .domainShutdown = qemudDomainShutdown,
	    .domainDestroy = qemudDomainDestroy,
	And get rid of any existing C99 style initializersr which
	set NULL, eg change
	     .listPools          = vboxStorageListPools,
	     .numOfDefinedPools  = NULL,
	     .listDefinedPools   = NULL,
	     .findPoolSources    = NULL,
	     .poolLookupByName   = vboxStoragePoolLookupByName,
	to
	     .listPools          = vboxStorageListPools,
	     .poolLookupByName   = vboxStoragePoolLookupByName,

	Tweak driver naming for consistency with public API
	Fix some driver names:
	  s/virDrvCPUCompare/virDrvCompareCPU/
	  s/virDrvCPUBaseline/virDrvBaselineCPU/
	  s/virDrvQemuDomainMonitorCommand/virDrvDomainQemuMonitorCommand/
	  s/virDrvSecretNumOfSecrets/virDrvNumOfSecrets/
	  s/virDrvSecretListSecrets/virDrvListSecrets/
	And some driver struct field names:
	  s/getFreeMemory/nodeGetFreeMemory/

2011-05-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Update domain state when reconnecting monitor
	A qemu domain can get paused when libvirtd is stopped (e.g., because of
	I/O error) so we should check its current state when reconnecting to it.

	Implement domain state reason
	Only in drivers which use virDomainObj, drivers that query hypervisor
	for domain status need to be updated separately in case their hypervisor
	supports this functionality.
	The reason is also saved into domain state XML so if a domain is not
	running (i.e., no state XML exists) the reason will be lost by libvirtd
	restart. I think this is an acceptable limitation.

	Implement basic virDomainGetState in all drivers
	Reason is currently always set to 0 (i.e., *_UNKNOWN).

	virsh: Prefer virDomainGetState over virDomainGetInfo

	Wire protocol format and remote driver for virDomainGetState

	virDomainGetState public API implementation

	Internal driver API for virDomainGetState

	virDomainGetState public API
	This API is supposed to replace virDomainGetInfo when the only purpose
	of calling it is getting current domain status.

2011-05-14  Eric Blake  <eblake@redhat.com>

	phyp: avoid a crash
	This has been present since the introduction of phypAttachDevice
	in commit 444fd07a.
	* src/phyp/phyp_driver.c (phypAttachDevice): Don't dereference
	NULL.

	stream: avoid use-after-free
	virFDStreamClose used a mutex after it was freed, and failed
	to destroy that mutex on its last use.
	* src/fdstream.c (virFDStreamFree): Inline into sole caller...
	(virFDStreamClose): ...to avoid use-after-free and leak.
	Reported by Matthias Bolte.

2011-05-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Refactor common code in the generator
	Move common code from Property and Parameter into new Member class.
	Rename the other base class to Type.

	esx: Improve dynamic cast detection in the generator
	Detect it based on usage as parameter, return type and member of other
	object types.

	esx: Improve list usage detection in the generator
	Detect it based on usage as parameter and return type too.

	esx: Remove 1000 lines of generated but unused code
	Don't make all object and enum types (de)serializable by default.
	Detect this from the input file instead.

	esx: Generate implicit _this macros
	Several vSphere API methods are called on global objects like the
	FileManager, the PerformanceManager or the SearchIndex. The generator
	input file allows to mark such methods and the generator generates
	such method in a way that automatically handles marked parameter. This
	is done by some special macros. Those were manually written and this
	patch moves them to the generator.

	esx: Move the Event type from the VI generator to manually written code
	Accept all types on deserialization in order to accept all Event subtypes.
	This will be used for the upcoming domain event support.

2011-05-14  Wen Congyang  <wency@cn.fujitsu.com>

	test: all test_scripts should be part of tarball when building without libvirtd
	Steps to reproduce this problem:
	1. # ./autogen.sh --without-libvirtd
	2. # make dist
	3. # rpmbuild --nodeps --define "_sourcedir `pwd`" -ba libvirt.spec
	   ...
	   make  check-TESTS
	   make[1]: Entering directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.1/tests'
	   make[1]: *** No rule to make target `test_conf.sh', needed by `check-TESTS'.  Stop.
	   make[1]: Leaving directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.1/tests'
	   make: *** [check-am] Error 2
	   error: Bad exit status from /var/tmp/rpm-tmp.7Rb9PV (%check)

	build: probes.d and libvirtd.stp should be part of tarball
	Steps to reproduce this problem:
	1. # ./autogen.sh --without-libvirtd
	2. # make dist
	3. # rpmbuild --nodeps --define "_sourcedir `pwd`" -ba libvirt.spec
	   ...
	   make[2]: Entering directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.1/daemon'
	   make[2]: *** No rule to make target `probes.d', needed by `probes.h'.  Stop.
	   make[2]: Leaving directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.1/daemon'
	   make[1]: *** [all-recursive] Error 1
	   make[1]: Leaving directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.1'
	   make: *** [all] Error 2
	   error: Bad exit status from /var/tmp/rpm-tmp.WkAD7a (%build)

2011-05-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	command: Fix compilation on FreeBSD
	kill, SIGTERM and SIGKILL require additional header.

	virsh: Fix uninitialized variable warning
	Reported on FreeBSD only.

	apparmor: Fix compilation by removing remains from virCommand conversion
	Commit aaf20355b87d3bfda7579a7f6a4a978e848635c3 was incomplete here and
	missed to remove some parts.

	configure: Fix mpath check on non-Linux systems

2011-05-14  Cole Robinson  <crobinso@redhat.com>

	remote: Convert SSH tunnel to virCommand

	storage: Convert qemu-img -help parsing to virCommand

	apparmor: Convert virExec usage to virCommand
	Untested

	util: Combine __virExec and virExecWithHook
	All callers were expecting argv logging, so the split is unneeded.
	v2:
	    Reindent new virExecWithHook call

	remote_driver: Convert virExecDaemonize usage to virCommand
	And drop the now unused virExecDaemonize

2011-05-14  Eric Blake  <eblake@redhat.com>

	remote: keep 'make check' happy
	* src/remote_protocol-structs (remote_domain_screenshot_args): Use
	spelling preferred by dwarves.

	libxl: fix typos in previous patch
	* src/libxl/libxl_driver.c (libxlDomainEventFlush, libxlShutdown)
	(libxlStartup): Fix typos.

2011-05-13  Cole Robinson  <crobinso@redhat.com>

	remote: Use virDomainEventState helpers
	One functionality change here is that we no longer force enable the event
	timeout for every queued event, only enable it for the first event after
	the queue has been flushed. This is how other drivers have already done it,
	and I haven't encountered problems in practice.
	v3:
	    Adjust for new virDomainEventStateNew argument

	libxl: Convert to virDomainEventState

	test: Use virDomainEventState helpers
	v3:
	    Adjust for new virDomainEventStateNew argument

	lxc: Use virDomainEventState helpers
	v3:
	    Adjust for new virDomainEventStateNew argument

	qemu: Use virDomainEventState helpers
	v2:
	    Drop libvirt_private.syms changes
	v3:
	    Adjust for new virDomainEventStateNew argument

	domain_event: Add common domain event queue/flush helpers
	The same code for queueing, flushing, and deregistering events exists
	in multiple drivers, which will soon use these common functions.
	v2:
	    Adjust libvirt_private.syms
	    isDispatching bool fixes
	    NONNULL tagging
	v3:
	    Add requireTimer parameter to virDomainEventStateNew

	domain_event: Add virDomainEventState structure
	This structure will be used to unify lots of duplicated event handling code
	across the state drivers.
	v2:
	    Check for state == NULL in StateFree
	    Add NONNULL tagging
	    Use bool for isDispatching

	xml: Use virXMLParse* helpers everywhere
	virt-aa-helper isn't even compile tested since I don't have the setup for
	it.
	v2:
	    virt-aa-helper fixes from Eric

	domain: Require <init> for container guests
	Use capabilities to allow a driver to register a default <init> if none
	is specified in the XML. Openvz was already open-coding this to be /sbin/init
	LXC currently falls over if no init is specified, so an explicit error is
	an improvement IMO.
	(Side note: I don't think we can set a default value for LXC. If we use
	/sbin/init but the user doesn't specify a separate root FS for their guest,
	the container will rerun the host's init which can be traumatic :). For
	virt-install I'm thinking of defaulting to /sbin/init if a root FS has
	been specified, otherwise require the user to manually specify <init>)

	xml: Make sure virXpathNodeSet always sets an error
	And update callers to actually respect the error

2011-05-13  Michal Privoznik  <mprivozn@redhat.com>

	vbox: Implement the driver methods
	* src/vbox/vbox_tmpl.c: New vboxDomainScreenshot() function

	qemu: Implement the driver methods
	* src/qemu/qemu_driver.c: new qemuDomainScreenshot() function
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Monitor command

	virFDStream: Add option for delete file after it's opening
	This is needed if we want to transfer a temporary file. If the
	transfer is done with iohelper, we might run into a race condition,
	where we unlink() file before iohelper is executed.
	* src/fdstream.c, src/fdstream.h,
	  src/util/iohelper.c: Add new option
	* src/lxc/lxc_driver.c, src/qemu/qemu_driver.c,
	  src/storage/storage_driver.c, src/uml/uml_driver.c,
	  src/xen/xen_driver.c: Expand existing function calls

	screenshot: Implementing the remote protocol
	* src/remote/remote_protocol.x: Wire protocol definition
	* daemon/remote.c: Daemon part
	* src/remote/remote_driver.c: Client part
	* src/remote_protocol-structs: Add structures

	screenshot: Implementing the public API
	* src/libvirt.c: new function virDomainScreenshot

	screenshot: Defining the internal API
	* src/driver.h: Stub code for new API
	* src/esx/esx_driver.c, src/libxl/libxl_driver.c,
	  src/lxc/lxc_driver.c, src/openvz/openvz_driver.c,
	  src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
	  rc/remote/remote_driver.c, rc/test/test_driver.c,
	  src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/vmware/vmware_driver.c, src/xen/xen_driver.c,
	  src/xen/xen_driver.h, src/xen/xen_hypervisor.c,
	  src/xen/xen_inotify.c, src/xen/xend_internal.c,
	  src/xen/xm_internal.c, src/xen/xs_internal.c,
	  src/xenapi/xenapi_driver.c: Add dummy entries in driver
	  table for new APIs

	screenshot: Defining the public API
	Add public API for taking screenshots of current domain console.
	* include/libvirt/libvirt.h.in: add virDomainScreenshot
	* src/libvirt_public.syms: Export new symbol

2011-05-12  Wen Congyang  <wency@cn.fujitsu.com>

	build: avoid compiler warning during configure
	There is no need to redefine _GNU_SOURCE in tests that occur after
	gl_INIT, since that macro already AC_DEFINE'd it for us.

2011-05-12  Osier Yang  <jyang@redhat.com>

	docs: Fix documentation for cputune parameters
	This re-adds the example section originally written by Osier Yang,
	and indicates the version in which the cputune parameters became
	available in libvirt.

2011-05-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Add skipgen/autogen flags to .x files
	Make procedure parsing more robust, by allowing arbitrary
	amounts of whitespaces.
	Also make some error messages more verbose.

2011-05-12  Eric Blake  <eblake@redhat.com>

	nwfilter: drop unused flag argument
	The public API and RPC over-the-wire format have no flags argument,
	so neither should the internal callback API.  This simplifies the
	RPC generator.
	* src/driver.h (virDrvNWFilterDefineXML): Drop argument that does
	not match public API.
	* src/nwfilter/nwfilter_driver.c (nwfilterDefine): Likewise.
	* src/libvirt.c (virNWFilterDefineXML): Likewise.
	* daemon/remote_generator.pl: Drop special case.

	maint: omit translation for all VIR_INFO
	We were 31/73 on whether to translate; since less than 50% translated
	and since VIR_INFO is less than VIR_WARN which also doesn't translate,
	this makes sense.
	* cfg.mk (sc_prohibit_gettext_markup): Add VIR_INFO, since it
	falls between WARN and DEBUG.
	* daemon/libvirtd.c (qemudDispatchSignalEvent, remoteCheckAccess)
	(qemudDispatchServer): Adjust offenders.
	* daemon/remote.c (remoteDispatchAuthPolkit): Likewise.
	* src/network/bridge_driver.c (networkReloadIptablesRules)
	(networkStartNetworkDaemon, networkShutdownNetworkDaemon)
	(networkCreate, networkDefine, networkUndefine): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainDefine)
	(qemudDomainUndefine): Likewise.
	* src/storage/storage_driver.c (storagePoolCreate)
	(storagePoolDefine, storagePoolUndefine, storagePoolStart)
	(storagePoolDestroy, storagePoolDelete, storageVolumeCreateXML)
	(storageVolumeCreateXMLFrom, storageVolumeDelete): Likewise.
	* src/util/bridge.c (brProbeVnetHdr): Likewise.
	* po/POTFILES.in: Drop src/util/bridge.c.

	build: wrap macro body in one-shot do-while loop
	* src/libvirt.c (VIR_DOMAIN_DEBUG_1): Convert to single statement.
	Suggested by Jiri Denemark.

	build: drop need for VIR_DOMAIN_DEBUG0()
	This one's tricker than the VIR_DEBUG0() removal, but the end
	result is still C99 compliant, and reasonable with enough comments.
	* src/libvirt.c (VIR_ARG10, VIR_HAS_COMMA)
	(VIR_DOMAIN_DEBUG_EXPAND, VIR_DOMAIN_DEBUG_PASTE): New macros.
	(VIR_DOMAIN_DEBUG): Rewrite to handle one argument, moving
	multi-argument guts to...
	(VIR_DOMAIN_DEBUG_1): New macro.
	(VIR_DOMAIN_DEBUG0): Rename to VIR_DOMAIN_DEBUG_0.

2011-05-12  Christophe Fergeau  <cfergeau@redhat.com>

	fix xdr detection and use with recent glibc
	glibc 2.13.90 has obsoleted its rpc implementation in favour of
	the one provided by the TI-RPC library:
	> * The RPC implementation in libc is obsoleted.  Old programs keep working
	>   but new programs cannot be linked with the routines in libc anymore.
	>   Programs in need of RPC functionality must be linked against TI-RPC.
	>   The TI-RPC implemtation is IPv6 enabled and there are other benefits.
	>
	>   Visible changes of this change include (obviously) the inability to
	>   link
	>   programs using RPC functions without referencing the TI-RPC library,
	>   the
	>   removal of the RPC headers from the glibc headers, and the lack of
	>   symbols defined in <rpc/netdb.h> when <netdb.h> is installed.
	>   Implemented by Ulrich Drepper.
	(from glibc NEWS)
	Thus with recent glibc, we need to try linking with -ltirpc when looking
	for the XDR functions. The daemon also needs to use XDR_CFLAGS to be able
	to find the XDR headers stored in /usr/include/tirpc.
	When using TI-RPC, there are some warnings about redundant declarations, but
	the fix probably belongs in other modules:
	/usr/include/tirpc/rpc/rpcent.h:68:13: warning: redundant redeclaration of
	'setrpcent' [-Wredundant-decls]
	/usr/include/rpc/netdb.h:53:13: note: previous declaration of 'setrpcent'
	was here
	/usr/include/tirpc/rpc/rpcent.h:69:13: warning: redundant redeclaration of
	'endrpcent' [-Wredundant-decls]
	/usr/include/rpc/netdb.h:54:13: note: previous declaration of 'endrpcent'
	was here
	/usr/include/tirpc/rpc/rpc.h:84:12: warning: redundant redeclaration of
	'bindresvport' [-Wredundant-decls]
	/usr/include/netinet/in.h:440:12: note: previous declaration of
	'bindresvport' was here

2011-05-12  Eric Blake  <eblake@redhat.com>

	build: avoid gcc preprocessor extensions
	Use of ',##__VA_ARGS__' is a gcc extension not guaranteed by
	C99; thankfully, we can avoid it by lumping the format argument
	into the var-args set.
	* src/util/logging.h (VIR_DEBUG_INT, VIR_INFO_INT, VIR_WARN_INT)
	(VIR_ERROR_INT, VIR_DEBUG, VIR_INFO, VIR_WARN, VIR_ERROR): Stick
	to C99 var-arg macro syntax.
	* examples/domain-events/events-c/event-test.c (VIR_DEBUG):
	Simplify.

2011-05-12  Lai Jiangshan  <laijs@cn.fujitsu.com>

	libvirt,logging: cleanup VIR_XXX0()
	These VIR_XXXX0 APIs make us confused, use the non-0-suffix APIs instead.
	How do these coversions works? The magic is using the gcc extension of ##.
	When __VA_ARGS__ is empty, "##" will swallow the "," in "fmt," to
	avoid compile error.
	example: origin				after CPP
		high_level_api("%d", a_int)	low_level_api("%d", a_int)
		high_level_api("a  string")	low_level_api("a  string")
	About 400 conversions.
	8 special conversions:
	VIR_XXXX0("") -> VIR_XXXX("msg") (avoid empty format) 2 conversions
	VIR_XXXX0(string_literal_with_%) -> VIR_XXXX(%->%%) 0 conversions
	VIR_XXXX0(non_string_literal) -> VIR_XXXX("%s", non_string_literal)
	  (for security) 6 conversions

2011-05-12  Eric Blake  <eblake@redhat.com>

	maint: avoid a couple of gnulib regressions
	Double-close regression in upstream gnulib fclose was introduced
	to libvirt in commit 9d8e01a1d.
	Meanwhile, adding rpcgen as a bootstrap prerequisite in commit
	fb1e8d9c prevented RHEL 5 from running bootstrap.
	* .gnulib: Update to latest, for fclose and bootstrap fixes.
	* bootstrap: Synchronize from upstream.

	node_device: avoid null dereference on error
	If we plow on after udev_device_get_syspath fails, we will hit a NULL
	dereference.  Clang found one due to strdup later in udevSetParent,
	but in fact we hit a NULL dereference sooner because of the use of
	STREQ within virNodeDeviceFindBySysfsPath.
	* src/conf/node_device_conf.h (virNodeDeviceFindBySysfsPath): Mark
	path argument non-null.
	* src/node_device/node_device_udev.c (udevSetParent): Avoid null
	dereference.

	build: remove some dead assignments
	No syntactic effect; this merely silences some clang warnings.
	* src/libxl/libxl_driver.c (libxlDomainSetVcpusFlags): Drop
	redundant ret=0 statement.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextDriveDel):
	Likewise.

2011-05-11  Eric Blake  <eblake@redhat.com>

	tests: avoid crash when run under gcov
	Running ./autobuild.sh failed when gcov is installed, because
	commandtest ended up crashing during gcov's getenv() call after
	exit() had already started.  I traced this nasty bug back to
	a scoping issue present since the test introduction.
	* tests/commandtest.c (mymain): Move newenv...
	(newenv): ...to a scope that is still useful during exit().

	build: fix VPATH build with distributed generated files
	* daemon/Makefile.am (DAEMON_GENERATED, remote_dispatch_*.h)
	(qemu_dispatch_*.h): Update to live in srcdir, since they are
	distributed.
	Detected by Daniel P. Berrange's autobuilder.

	docs: avoid double 'the'
	* docs/testsuites.html.in: Keep 'make syntax-check' happy.

2011-05-11  Daniel Veillard  <veillard@redhat.com>

	Add documentation about test suites
	Create a new top level entry, add a new page listing the 3
	test suites, and then one page for the TCK and one page for
	libvirt-test-API

2011-05-11  Daniel P. Berrange  <berrange@redhat.com>

	Allow destroying QEMU VM even if a job is active
	Introduce a virProcessKill function that can be safely called
	even when the job mutex is held. This allows virDomainDestroy
	to kill any VM even if it is asleep in a monitor job. The PID
	will die and the thread asleep on the monitor will then wake
	up releasing the job mutex.
	* src/qemu/qemu_driver.c: Kill process before using qemuProcessStop
	  to ensure job is released
	* src/qemu/qemu_process.c: Add virProcessKill for killing off
	  QEMU processes

	Add support for YAJL version 2 API/ABI
	Version 2.0.0 or yajl changed API. It is fairly trivial for us to
	cope with both APIs in libvirt, so adapt.
	* configure.ac: Probe for yajl2 API
	* src/util/json.c: Conditional support for yajl2 API

2011-05-11  Paolo Bonzini  <pbonzini@redhat.com>

	libxl: support enabling the HPET
	libxl accepts hpet configuration in its domain info struct.  Parse the
	domain definition's <clock> element in order to set the value.
	Apologies from Eric Blake, for mistakenly committing the broken
	intermediate version.

	libxl: support enabling the HPET
	libxl accepts hpet configuration in its domain info struct.  Parse the
	domain definition's <clock> element in order to set the value.

	xen: parse and generate hpet item in sxpr
	Recent versions of Xen disable the virtual HPET by default.  This is
	usually more precise because tick policies are not implemented for
	the HPET in Xen.  However, there may be several reasons to control
	the HPET manually: 1) to test the emulation; 2) because distros may
	provide the knob while leaving the default to "enabled" for compatibility
	reasons.
	This patch provides support for the hpet item in both sexpr and xm
	formats, and translates it to a <timer> element.

2011-05-11  Doug Goldstein  <cardoe@gentoo.org>

	docs: updates to CA cert and client cert/key info
	Update the documentation to mention that the CA certificate and the
	client cert/key pair can come from the user's location or the global
	location independent of each other.

	virsh: flexibility in CA cert and user cert/key
	Allow the CA certificate to come from the user's home directory or from
	the global location independently of the client certificate/key pair.
	Mostly for the case when each user on a system has their own cert/key
	pair but the system as a whole shares the same CA.

2011-05-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Make parsing stricter
	Anchor matches at the beginning of a line.
	Specialize some general matches.
	Add some comments to special cases.

	remote generator: Unify unsigned int notation in .x files
	Rename u_int and unsigned to unsigned int. This gets rid of some special
	case code in the generator.

	remote generator: Fix comment ignoring regex

	Rename internal DumpXML functions to GetXMLDesc
	This matches the public API and helps to get rid of some special
	case code in the remote generator.
	Rename driver API functions and XDR protocol structs.
	No functional change included outside of the remote generator.

2011-05-11  Lai Jiangshan  <laijs@cn.fujitsu.com>

	qemu,inject-nmi: Implement the driver methods

	inject-nmi: Expose the new API in virsh

	inject-nmi: Implementing the remote protocol

	inject-nmi: Implementing the public API

	inject-nmi: Defining the internal API

	inject-nmi: Defining the public API

2011-05-11  Cole Robinson  <crobinso@redhat.com>

	lxc: container: Build init cmd before we close stdout
	That way we can log the 'init' argv for debugging.

	lxc: container: Convert <init> exec to virCommand

	command: Add virCommandExec helper
	Actually execs the argv/env we've generated, replacing the current process.
	Kind of has a limited usage, but allows us to use virCommand in LXC
	driver to launch the 'init' process

	lxc: driver: Improve logging when launching emulator
	Log the full command line and a timestamp like we do for QEMU

	lxc: driver: Convert emulator launching to virCommand
	v2:
	    Shorten a few virCommand calls
	    s/remain/retain/

	command: Add virCommandEnvAddFormat
	Similar to virCommandArgAddFormat. We will use this shortly.
	v2:
	    Convert virCommandEnvAddPair to use the new function

2011-05-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix two uninitialized variable warnings
	gcc only reports them when compiling with -O3.

	apparmor: Fix uninitalized variable warning in virt-aa-helper

2011-05-10  Eric Blake  <eblake@redhat.com>

	build: translate generated strings
	Make sure that xgettext scans generated files for translatable
	strings, rather than just files stored in libvirt.git.
	* .gnulib: Update, for bootstrap and syntax-check fixes.
	* bootstrap: Resynchronize with gnulib.
	* cfg.mk (generated_files): Define.
	* po/POTFILES.in: Add more files with _().

2011-05-10  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus assert() from migration code
	assert() is forbidden in libvirt code, and these two cases would
	in fact never execute due to earlier error checks.
	* src/libvirt.c: Remove assert() usage

2011-05-09  Daniel P. Berrange  <berrange@redhat.com>

	Pull in gnulib fnmatch module
	The libvirtd daemon uses fnmatch. Although we don't yet build
	it on Win32, we should use gnulib's fnmatch module to ensure
	portability to all platforms.
	* bootstrap.conf: Add fnmatch

2011-05-09  Jiri Denemark  <jdenemar@redhat.com>

	json: Fix *GetBoolean functions
	They were not used anywhere so far so nobody noticed they are broken.

2011-05-09  Eric Blake  <eblake@redhat.com>

	build: rebuild generated files after rpcgen_fix.pl tweak
	Noticed this while trying to run rpcgen on cygwin.
	* src/Makefile.am ($(srcdir)/remote/%_protocol.h)
	($(srcdir)/remote/%_protocol.c): Add a dependency.

	build: fix VPATH builds
	* src/Makefile.am (REMOTE_DRIVER_GENERATED): Generated files
	should live in $(srcdir). Update rules to reflect this.

2011-05-09  Daniel Veillard  <veillard@redhat.com>

	Re-add libvirt.spec to tarball to allwo "make rpm"
	Commit e6972165 broke "make rpm" and rpmbuild -ta tarball

2011-05-07  Daniel P. Berrange  <berrange@redhat.com>

	build: Remove all generated RPC files from GIT
	Stop storing the generated files for the remote protocol client
	and server in source control. The generated files will still be
	included in the result of 'make dist' to avoid end-users needing
	to generate the files
	Unfortunately, this means that the strings marked for translation
	in generated files are not picked up by gnulib's syntax-check,
	I'm working on fixing that in gnulib.
	* .gitignore, cfg.mk, po/POTFILES.in: Reflect deletion.

	build: refactor generated RPC files
	Always generate the rpc files, and require rpcgen during bootstrap.
	* daemon/Makefile.am: Removed generated files with
	  maintainer-clean target
	* src/Makefile.am: Removed generated files with
	  maintainer-clean target. Always run 'rpcgen' if
	  generated files are missing

2011-05-07  Eric Blake  <eblake@redhat.com>

	build: rename generated files to .h, for automake's sake
	In preparation for removing generated files, it is necessary
	to tell automake that the generated files must be distributed
	but not directly compiled (since they are included into the
	body of a larger .c file that is compiled).  Hence, even though
	these files are code and not headers in the strict sense of
	the word, it is easier to rename them to .h for automake's sake.
	* daemon/remote_client_bodies.c: Rename to .h.
	* daemon/qemu_client_bodies.c: Likewise.
	* src/remote/remote_client_bodies.c: Likewise.
	* src/remote/qemu_client_bodies.c: Likewise.
	* daemon/Makefile.am (remote_dispatch_bodies.c)
	(qemu_dispatch_bodies.c): Rename to .h.
	(remote.c, EXTRA_DIST): Reflect rename.
	* daemon/remote.c: Likewise.
	* daemon/remote_generator.pl: Likewise.
	* src/Makefile.am (remote/remote_driver.c): Likewise.
	* src/remote/remote_driver.c: Likewise.
	* po/POTFILES.in: Likewise.
	* cfg.mk (exclude_file_name_regexp--sc_require_config_h)
	(exclude_file_name_regexp--sc_require_config_h_first)
	(exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF):
	Likewise.

2011-05-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator, client: Handle arguments with limited length
	This adds length checks to all affected functions.

	remote generator, client: Handle functions that return lists

	remote: Refactor remote*Open and remote*Close functions
	Add generic versions of the open and close functions and call them.

	remote generator, client: Handle functions with optional return values

	remote generator, client: Handle functions with multiple return values

	remote generator, client: Handle functions with wrapped return values

	remote generator, client: Handle functions with simple return values

	remote generator, client: Handle simple remote driver functions
	Rename remoteSecretListSecrets to remoteListSecrets to match the normal
	naming pattern.

	remote generator: Reorder into prepare and print section

	remote generator, daemon: Handle functions with multiple return values
	Once again rename members in the XDR definitions to avoid special case
	code in the generator.

	remote generator, daemon: Combine multiple ifs in the generated code

	remote generator, daemon: Handle the CPU functions
	They require additional special cases.

	remote generator: Refactor duplicate code

	remote generator, daemon: Handle functions that return lists

	remote: Rename 'nameslen' to the common 'maxnames'
	Avoids special case handling in the remote generator.

	remote generator, daemon: Handle functions with optional arguments

	remote generator, daemon: Handle more functions
	This covers functions that return single wrapped objects and don't
	involve complexer code in the body.

	remote generator, daemon: Handle simple-return-value functions

	remote generator, daemon: Change capitalization of some words
	Again this will simplify the generator, due to less special case handling.

	remote: Replace 'domain' with 'dom' in the XDR protocol
	This simplifies the remote protocol code generator.
	Also rename 'ret' to 'result' to resolve a naming conflict in the
	generator.

	remote generator, daemon: Output function bodies too
	This patch just covers the simple functions without explicit return
	values. There is more to be handled.
	The generator collects the members of the XDR argument structs and uses
	this information to generate the function bodies.
	Exclude the generated files from offending syntax-checks.
	Suggested by Richard W.M. Jones

	remote generator: Replace tabs with spaces and rename file
	No functional change included, just a whitespace change.

2011-05-07  Markus Groß  <gross@univention.de>

	Balloon dom0 in libxl driver
	Creating a domU on a freshly booted dom0 does not work,
	because the libxl driver does not allocate memory for the domU.
	After creating a domain with xl libvirt is able to create domains too.
	This patch reserves enough memory for the domU first.

2011-05-07  Eric Blake  <eblake@redhat.com>

	build: drop files generated by config.status from tarball
	The rule of thumb is that any file generated by config.status
	is a) reproducible by any user, b) dependent on configure options.
	Therefore, it is inappropriate to include such generated files
	in the tarball (for proof, Makefile is generated from Makefile.in;
	the former is not in the tarball while the latter is).
	* Makefile.am (EXTRA_DIST): Remove files covered by AC_OUTPUT.

2011-05-07  Doug Goldstein  <cardoe@gentoo.org>

	remote: check actual access to the cert
	Instead of calling stat(), check that we'll actually be able to access
	and read the file.

2011-05-07  Eric Blake  <eblake@redhat.com>

	maint: avoid comparisons to bool constants
	HACKING already mentions that comparisons against literal 'true'
	are unsafe; for consistency, also shorten comparisons against 'false'.
	* src/conf/domain_conf.c (virDomainNetDefParseXML): Simplify.
	* src/nwfilter/nwfilter_gentech_driver.c
	(virNWFilterDomainFWUpdateCB): Likewise.
	* tools/virsh.c (cmdVolDownload, vshCommandRun, vshPrintExtra):
	Likewise.

2011-05-06  Michal Privoznik  <mprivozn@redhat.com>

	Add warning message to XML definition files stored on disk
	Users often edit XML file stored in configuration directory
	thinking of modifying a domain/network/pool/etc. Thus it is wise
	to let them know they are using the wrong way and give them hint.

2011-05-06  Daniel P. Berrange  <berrange@redhat.com>

	Fix security driver handling of FIFOs with QEMU
	When setting up a FIFO for QEMU, it allows either a pair
	of fifos used unidirectionally, or a single fifo used
	bidirectionally. Look for the bidirectional fifo first
	when labelling since that is more useful
	* src/security/security_dac.c,
	  src/security/security_selinux.c: Fix fifo handling

	Make taint warnings also go into the domain logfile
	As well as taint warnings going to the main libvirt log,
	add taint warnings to the per-domain logfile
	  Domain id=3 is tainted: high-privileges
	  Domain id=3 is tainted: disk-probing
	  Domain id=3 is tainted: shell-scripts
	  Domain id=3 is tainted: custom-monitor
	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Enhance
	  qemuDomainTaint to also log to the domain logfile
	* src/qemu/qemu_driver.c: Pass -1 for logFD to taint methods to
	  auto-append to logfile
	* src/qemu/qemu_process.c: Pass open logFD at startup for taint
	  methods

	Add a qemuDomainAppendLog method for writing to the domain logfile
	The qemuDomainAppendLog method allows writing a formatted string
	to the end of the domain logfile, optionally opening it if needed.
	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add
	  qemuDomainAppendLog

	Move qemuProcessLogReadFD and qemuProcessLogFD methods
	Move the qemuProcessLogReadFD and qemuProcessLogFD methods
	into qemu_domain.c, renaming them to qemuDomainCreateLog
	and qemuDomainOpenLog.
	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add
	  qemuDomainCreateLog and qemuDomainOpenLog.
	* src/qemu/qemu_process.c: Remove qemuProcessLogFD
	  and qemuProcessLogReadFD

	Log taint warnings in QEMU driver
	Wire up logging of VM tainting to the QEMU driver
	 - If running QEMU as root user/group or without capabilities
	   being cleared
	 - If passing custom QEMU command line args
	 - If issuing custom QEMU monitor commands
	 - If using a network interface config with an associated
	   shell script
	 - If using a disk config relying on format probing
	The warnings, per-VM appear in the main libvirtd logs
	  11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2' uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: high-privileges
	  11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2' uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: disk-probing
	The taint flags are reset when the VM is stopped.
	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Helper APIs
	  for logging taint warnings
	* src/qemu/qemu_driver.c: Log tainting with custom QEMU monitor
	  commands and disk/net hotplug with unsupported configs
	* src/qemu/qemu_process.c: Log tainting at startup based on
	  unsupported configs

	Add field to virDomainObjPtr to track "tainting"
	Some configuration setups for guests are allowed, but strongly
	discouraged and unsupportable in production systems. Introduce
	a concept of 'tainting' to virDomainObjPtr to allow such setups
	to be identified. Drivers can then log warnings at suitable
	times
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Declare taint
	  flags and add parsing/formatting of domain status XML

2011-05-06  Doug Goldstein  <cardoe@gentoo.org>

	virsh: improve TLS certificate error messages
	Print the name of the CA cert, certificate, and key file that resulted
	in the failure so that the user has an idea what to troubleshoot.

2011-05-06  Eric Blake  <eblake@redhat.com>

	virsh: use new method for easier log to file
	Easier to maintain, and no longer an arbitrary line length limit.
	* tools/virsh.c (vshOutputLogFile): Replace snprintf with
	virBuffer.

	buf: add virBufferVasprintf
	Match the fact that we have virAsprintf and virVasprintf.
	* src/util/buf.h (virBufferVasprintf): New prototype.
	* src/util/buf.c (virBufferAsprintf): Move guts...
	(virBufferVasprintf): ...to new function.
	* src/libvirt_private.syms (buf.h): Export it.
	* bootstrap.conf (gnulib_modules): Add stdarg, for va_copy.

	maint: rename virBufferVSprintf to virBufferAsprintf
	We already have virAsprintf, so picking a similar name helps for
	seeing a similar purpose.  Furthermore, the prefix V before printf
	generally implies 'va_list', even though this variant was '...', and
	the old name got in the way of adding a new va_list version.
	global rename performed with:
	$ git grep -l virBufferVSprintf \
	  | xargs -L1 sed -i 's/virBufferVSprintf/virBufferAsprintf/g'
	then revert the changes in ChangeLog-old.

2011-05-06  Cole Robinson  <crobinso@redhat.com>

	docs: <filesystem> attr is 'accessmode', not 'mode'

2011-05-05  Daniel P. Berrange  <berrange@redhat.com>

	Fix qemuMigrationToFile nonull annotation
	The qemuMigrationToFile method was accidentally annotated for
	the 'compressor' parameter to be non-null, instead of the
	'path' parameter. Thus GCC with -O2, unhelpfully deleted the
	entire 'if (compressor == NULL)' block of code during
	optimization. Thus NULL was passed to virCommandNew() with
	predictably bad results.
	* src/qemu/qemu_migration.h: Fix non-null annotation to be
	  against path instead of compressor

	Make QEMU migration use cached qemu capabilities data
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Remove
	  qemuCaps parameters & use cached data
	* src/qemu/qemu_driver.c: Don't create & pass qemuCaps to
	  migration methods

	Make QEMU hotplug use cached qemu capabilities data
	* src/qemu/qemu_hotplug.h, src/qemu/qemu_hotplug.c: Remove
	  qemuCaps parameters from all methods
	* src/qemu/qemu_driver.c: Don't create & pass qemuCaps to
	  hotplug methods

	Persist qemu capabilities in the domain status file
	To cope with the QEMU binary being changed while a VM is running,
	it is neccessary to persist the original qemu capabilities at the
	time the VM is booted.
	* src/qemu/qemu_capabilities.c, src/qemu/qemu_capabilities.h: Add
	  an enum for a string rep of every capability
	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Support for
	  storing capabilities in the domain status XML
	* src/qemu/qemu_process.c: Populate & free QEMU capabilities at
	  domain startup

2011-05-05  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.1
	* configure.ac libvirt.spec.in docs/news.html.in: update and document
	  the release
	* po/*.po*: update localizations for german, polish, spanish, ukrainian
	  and vietnamese coming from transifex, regenerate

2011-05-05  Eric Blake  <eblake@redhat.com>

	maint: detect clang 2.9
	In Fedora 15, with clang 2.8, 'scan-build env' shows:
	CCC_ANALYZER_ANALYSIS=-analyzer-check-objc-mem -analyzer-check-security-syntactic -analyzer-check-dead-stores -analyzer-check-objc-unused-ivars -analyzer-check-objc-methodsigs
	But in rawhide, with clang 2.9, the same variable is set but
	empty, implying the default set of analysis.  We still want
	sa_assert defined in that case, to stop clang from hitting
	false positives.
	* configure.ac (STATIC_ANALYSIS): Detect clang even when the set
	of analyses is the default.

	storage: avoid null deref and leak on failure
	Detected by clang.  NULL deref added in commit 343a27a (Mar 11),
	but leak of voldef present since commit 2cd9b2d (Apr 09).
	* src/storage/storage_driver.c (storageVolumeCreateXML): Don't
	leak voldef or dereference null volobj.

2011-05-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Disable performance counter queries in esxDomainGetInfo
	The queried values aren't used yet.

	esx: Avoid null dereference on error in esxDomainGetInfo
	Add missing early exits and convert error logging to proper API level
	error reporting.
	Centralize cleanup code for the PerfQuerySpec object.
	Reported by Eric Blake, detected by clang.

2011-05-05  Eric Blake  <eblake@redhat.com>

	remote: avoid null dereference on error
	Clang found three instances of uninitialized use of nparams in
	the cleanup path.  Unfortunately, one is a false positive: clang
	couldn't see that ret->params.params_val is guaranteed to be
	NULL unless allocated within a function, and that nparams is
	guaranteed to be assigned prior to the allocation; hoisting the
	assignment to nparams to be earlier in the function shuts up
	that false positive.  But two of the reports also happened to
	highlight a real bug - the error path can dereference NULL.
	Regression introduced in commit 158ba873.
	* daemon/remote.c (remoteDispatchDomainGetMemoryParameters)
	(remoteDispatchDomainGetBlkioParameters): Don't clear fields if
	array was not allocated.
	(remoteDispatchDomainGetSchedulerParameters): Initialize nparams
	earlier.

2011-05-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Remove dead store in esxUtil_ParseDatastorePath
	The ++ on preliminaryFileName was a left over from a previous version
	of this function that explicitly returned the filename and did a strdup
	on preliminaryFileName afterwards.
	As the filename isn't returned explicitly anymore remove the preliminary
	variable for it and reuse the tmp variable instead.
	Reported by Eric Blake, detected by clang.

2011-05-04  Eric Blake  <eblake@redhat.com>

	qemu: update qemuCgroupControllerActive signature
	Clang warned about a dead assignment.  In the process, I noticed
	that we are only using the function for a bool value.  I audited
	all other callers in qemu_{migration,cgroup,driver,hotplug), and
	all were making the call in a bool context.
	Also, do bounds checking on the argument.
	* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Delete dead
	assignment.
	(qemuCgroupControllerActive): Change return type to bool.
	* src/qemu/qemu_cgroup.h (qemuCgroupControllerActive): Likewise.

	util: remove dead assignment
	Clang complained about this, and it was easy enough to fix.
	* src/util/util.c (virFileOpenAs): Drop dead assignment.

	lxc: report correct error
	Clang noticed a dead assignment, which turned out to be the use
	of the wrong variable.  rc starts life as -1, and is only ever
	assigned to 0 just before a successful cleanup.
	* src/lxc/lxc_driver.c (lxcSetupInterfaces): Don't call
	virReportSystemError(-1).

	libxl: avoid compiler warning
	Detected by gcc:
	libxl/libxl_driver.c: In function 'libxlDomainDestroy':
	libxl/libxl_drier.c:1351:30: error: variable 'priv' set but not used [-Werror=unused-but-set-variable]
	* src/libxl/libxl_driver.c (libxlDomainDestroy): Delete unused
	variable.

	qemu: remove dead assignment
	Detected by clang.
	* src/qemu/qemu_migration.c (qemuMigrationToFile): Nothing later
	uses is_reg.

	storage: use virCommand to avoid compiler warning
	clang didn't like the last increment to nargs.  But why even
	track nargs ourselves, when virCommand does it for us?
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIConnection): Switch to virCommand to avoid
	a dead-store warning on nargs.

	cgroup: avoid leaking a file
	Clang detected a dead store to rc.  It turns out that in fixing this,
	I also found a FILE* leak.
	This is a subtle change in behavior, although unlikely to hit.  The
	pidfile is a kernel file, so we've probably got more serious problems
	under foot if we fail to parse one.  However, the previous behavior
	was that even if one pid file failed to parse, we tried others,
	whereas now we give up on the first failure.  Either way, though,
	the function returns -1, so the caller will know that something is
	going wrong, and that not all pids were necessarily reaped.  Besides,
	there were other instances already in the code where failure in the
	inner loop aborted the outer loop.
	* src/util/cgroup.c (virCgroupKillInternal): Abort rather than
	resuming loop on fscanf failure, and cleanup file on error.

	qemu: silence clang false positives
	Clang 2.8 wasn't quite able to follow that persistentDef was
	assigned earlier if (flags & VIR_DOMAIN_MEM_CONFIG) is true.
	Silence this false positive, to make clang analysis easier to use.
	* src/qemu/qemu_driver.c (qemudDomainSetMemoryFlags): Add an
	annotation to silence clang's claim of a NULL dereference.

	virsh: avoid null pointer dereference
	Clang detected that vol-download will call unlink(NULL) if there
	is a parse error during option parsing.  Also, mingw doesn't like
	unlinking an open file.
	* tools/virsh.c (cmdVolDownload): Only unlink file if created.

	pci: fix null pointer dereference
	Clang detected a null-pointer dereference regression, introduced
	in commit 4e8969eb.  Without this patch, a device with
	unbind_from_stub set to false would eventually try to call
	virFileExists on uncomputed drvdir.
	* src/util/pci.c (pciUnbindDeviceFromStub): Ensure drvdir is set
	before use.

	qemu: avoid null pointer dereference
	This code has had problems historically.  As originally
	written, in commit 6bcf2501 (Jun 08), it could call unlink
	on a random string, nuking an unrelated file.
	Then commit 182a80b9 (Sep 09), the code was rewritten to
	allocate tmp, with both a use-after-free bug and a chance to
	call unlink(NULL).
	Commit e206946 (Mar 11) fixed the use-after-free, but not the
	NULL dereference.  Thanks to clang for catching this!
	* src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Don't call
	unlink on NULL.

	tests: avoid null pointer dereference
	Unlikely to hit in real life, but clang noticed it.
	* tests/commandtest.c (checkoutput, test4, test18): Avoid
	unlink(NULL) on OOM.

	Revert "lxc: Do not try to reconnect inactive domain when do lxcStartup"
	This reverts commit 0e7f7f8566f3e7fcf5bce395555fa1b5cf1e136b.
	From the mailing list:
	> So, AFAICT, this patch means we will never reconnect to any LXC
	> VMs now.
	>
	> The correct solution, is to refactor LXC driver startup to work
	> the same way as the QEMU driver startup.
	>
	>   - Load all the live state XML files (to pick up running VMs)
	>   - Reconnect to all VMs
	>   - Load all the persistent config XML files (to pick up any additional
	>     inactive guets)
	But that solution is invasive enough to be post-0.9.1.

2011-05-03  Eric Blake  <eblake@redhat.com>

	tests: suppress more valgrind situations
	* tests/.valgrind.supp: Consolidate bash suppressions.  Ignore
	more libnl issues.

2011-05-03  Michal Privoznik  <mprivozn@redhat.com>

	Fix disability to run on systems with no PCI bus
	The patch which moved libpciaccess initialization to one place caused
	regression - we were not able to run on system with no PCI bus, like
	s390(x).

2011-05-03  Osier Yang  <jyang@redhat.com>

	lxc: Do not try to reconnect inactive domain when do lxcStartup
	Otherwise if there are inactive lxc domains, lxcStartup will
	try to reconnect to sockets of these domains, which results in
	errors in libvirtd log.

2011-05-03  Eric Blake  <eblake@redhat.com>

	tests: avoid compiler warning
	../../tests/xmconfigtest.c: In function 'testCompareParseXML':
	../../tests/xmconfigtest.c:49:19: error: 'conn' may be used uninitialized in this function [-Wuninitialized]
	* tests/xmconfigtest.c (testCompareParseXML): Initialize variable.

2011-05-02  Christophe Fergeau  <cfergeau@redhat.com>

	qemu: fix uninitialized variable warning
	This commit fixes
	qemu/qemu_driver.c: In function 'qemuDomainModifyDeviceFlags':
	qemu/qemu_driver.c:4041:8: warning: 'ret' may be used uninitialized in this
	function [-Wuninitialized]
	qemu/qemu_driver.c:4013:9: note: 'ret' was declared here
	The variable is set to -1 so that the error paths are taken when the code
	to set it didn't get a chance to run. Without initializing it, we could
	return some an undefined value from this function.
	While I was at it, I made a trivial whitespace change in the same function
	to improve readability.

2011-05-02  Gerhard Stenzel  <gstenzel@linux.vnet.ibm.com>

	fix missing VLAN id for Qbg example
	For IEEE 802.1Qbg, it is necessary to use a VLAN interface.
	vepa itself does not require a VLAN interface.

2011-05-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Lower stack usage below 4096 bytes
	Make virtTestLoadFile allocate the buffer to read the file into.
	Fix logic error in virtTestLoadFile, stop reading on the first empty line.
	Use virFileReadLimFD in virtTestCaptureProgramOutput to avoid manual
	buffer handling.

	tests: Update valgrind suppressions file

2011-05-01  Supriya Kannery  <supriyak@in.ibm.com>

	virsh: fix regression in log to file
	Commit 36deff04 introduced a regression due to which virsh is not able
	to log to a file - msg_buf was changed from an array to a pointer
	without corresponding change to usage of "sizeof()".
	Fix regression in virsh logging

2011-04-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	nwfilter: Fix memory leak in the ebtables subdriver
	Call shutdown functions for all subcomponents in nwfilterDriverShutdown.
	Make sure that this shutdown functions can safely be called multiple times
	and independent from the actual subcomponents state.

	qemu: Fix qemuDomainModifyDeviceFlags leaking the caps bitmap

	Fix memory leak in __virExec
	Commit e0d014f2379dd made binary potentially allocated on the heap.
	It was freed in the parent in the error path, but not in the success path
	that doesn't goto the cleanup label.
	Found by 'make -C tests valgrind'.

2011-04-30  Eric Blake  <eblake@redhat.com>

	hash: fix memory leak regression
	Commit 1671d1d introduced a memory leak in virHashFree, and
	wholesale table corruption in virHashRemoveSet (elements not
	requested to be freed are lost).
	* src/util/hash.c (virHashFree): Free bucket array.
	(virHashRemoveSet): Don't lose elements.
	* tests/hashtest.c (testHashCheckForEachCount): New method.
	(testHashCheckCount): Expose the bug.

2011-04-30  Cole Robinson  <crobinso@redhat.com>

	docs: Document <filesystem> device
	Tried to dredge through old changelogs and commits to come up with it, so
	may not be completely accurate.
	v2:
	Drop ambiguous 'containers'
	Use same mail archive for all links

2011-04-30  Eric Blake  <eblake@redhat.com>

	build: fix getcwd portability problems
	* bootstrap.conf (gnulib_modules): Add getcwd-lgpl.
	* tests/commandtest.c (checkoutput): Drop unused cwd.
	* tests/commandhelper.c (main): Let getcwd malloc.
	* tests/testutils.c (virTestMain): Likewise.
	* tools/virsh.c (cmdPwd): Likewise.
	(virshCmds): Expose cmdPwd and cmdCd on mingw.

	tests: simplify common setup
	A few of the tests were missing basic sanity checks, while most
	of them were doing copy-and-paste initialization (in fact, some
	of them pasted the argc > 1 check more than once!).  It's much
	nicer to do things in one common place, and minimizes the size of
	the next patch that fixes getcwd usage.
	* tests/testutils.h (EXIT_AM_HARDFAIL): New define.
	(progname, abs_srcdir): Define for all tests.
	(VIRT_TEST_MAIN): Change callback signature.
	* tests/testutils.c (virtTestMain): Do more common init.
	* tests/commandtest.c (mymain): Simplify.
	* tests/cputest.c (mymain): Likewise.
	* tests/esxutilstest.c (mymain): Likewise.
	* tests/eventtest.c (mymain): Likewise.
	* tests/hashtest.c (mymain): Likewise.
	* tests/networkxml2xmltest.c (mymain): Likewise.
	* tests/nodedevxml2xmltest.c (myname): Likewise.
	* tests/nodeinfotest.c (mymain): Likewise.
	* tests/nwfilterxml2xmltest.c (mymain): Likewise.
	* tests/qemuargv2xmltest.c (mymain): Likewise.
	* tests/qemuhelptest.c (mymain): Likewise.
	* tests/qemuxml2argvtest.c (mymain): Likewise.
	* tests/qemuxml2xmltest.c (mymain): Likewise.
	* tests/qparamtest.c (mymain): Likewise.
	* tests/sexpr2xmltest.c (mymain): Likewise.
	* tests/sockettest.c (mymain): Likewise.
	* tests/statstest.c (mymain): Likewise.
	* tests/storagepoolxml2xmltest.c (mymain): Likewise.
	* tests/storagevolxml2xmltest.c (mymain): Likewise.
	* tests/virbuftest.c (mymain): Likewise.
	* tests/virshtest.c (mymain): Likewise.
	* tests/vmx2xmltest.c (mymain): Likewise.
	* tests/xencapstest.c (mymain): Likewise.
	* tests/xmconfigtest.c (mymain): Likewise.
	* tests/xml2sexprtest.c (mymain): Likewise.
	* tests/xml2vmxtest.c (mymain): Likewise.

2011-04-29  Eric Blake  <eblake@redhat.com>

	build: avoid test warnings on mingw
	* .gnulib: Update to latest, for getaddrinfo fixes.
	Reported by Matthias Bolte.

	virsh: avoid compiler warning on mingw
	We don't use gnulib's sanitizations for vfprintf, but vshDebug
	was used with %zu, which means that it would fail on mingw.
	Thank goodness the compiler indirectly caught this for us :)
	virsh.c: In function 'vshDebug':
	virsh.c:12105:5: warning: function might be possible candidate for
	'ms_printf' format attribute [-Wmissing-format-attribute]
	since mingw <stdio.h> hasn't yet added gcc attributes to vfprintf.
	* tools/virsh.c (vshDebug): Avoid vfprintf.
	(vshPrintExtra): Use lighter-weight fputs.
	Reported by Matthias Bolte.

2011-04-29  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	libvirt/qemu - support persistent update of disks
	Support update of disks by MODIFY_CONFIG
	This patch includes changes for qemu's disk to support
	virDomainUpdateDeviceFlags() with VIR_DOMAIN_DEVICE_MODIFY_CONFIG.
	This patch adds support for CDROM/foppy disk types.
	* src/qemu/qemu_driver.c
	(qemuDomainUpdateDeviceConfig): support cdrom/floppy.

2011-04-29  Jim Fehlig  <jfehlig@novell.com>

	Xen: Do not generate net ifname if domain is inactive
	V2: Use virAsprintf instead of snprintf/strdup
	The xend driver will generate a virDomainNetDef ifname if one is not
	specified in xend sexpr, even if domain is inactive.  The result is
	network interface XML containing 'vif-1.Y' on dev attribute of target
	element, e.g.
	  <interface type='bridge'>
	    <target dev='vif-1.0'/>
	    ...
	This patch changes the behavior to only generate the ifname if not
	specified in xend sexpr *and* domain is not inactive (id != -1).

2011-04-29  Yufang Zhang  <yuzhang@redhat.com>

	xen: check if device is assigned to guest before reattaching
	Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=664059
	Reattaching pci device back to host without destroying guest or
	detaching device from guest would cause host to crash. This patch adds
	a check before doing device reattach. If the device is being assigned
	to guest, libvirt refuses to reattach device to host. The patch only
	works for Xen, for it just checks xenstore to get pci device
	information.

2011-04-28  Laine Stump  <laine@laine.org>

	network: fix return value of hostsFileWrite
	The lone caller to hostsFileWrite (and the callers for at least 3
	levels up the return stack) assume that the return value will be < 0
	on failure. However, hostsFileWrite returns 0 on success, and a
	positive errno on failure. This patch changes hostsFileWrite to return
	-errno on failure.

2011-04-28  Eric Blake  <eblake@redhat.com>

	maint: fix comment typos
	* src/esx/esx_driver.c: Fix spelling of 'relative'.
	* src/util/util.c: Likewise.

2011-04-28  Jiri Denemark  <jdenemar@redhat.com>

	build: Use pkg-config for libssh2 check
	Currently the build fails if /usr/local/include does not exist since
	its use is hardcoded in configure.ac

	build: Ignore old audit library
	Check for audit_encode_nv_string in libaudit so that ancient audit
	library is ignored rather than trying to compile with libaudit support
	and failing.

2011-04-28  Osier Yang  <jyang@redhat.com>

	util: Initialize hooks at daemon shutdown if no hooks defined
	We support to initialize the hooks at daemon reload if there is no
	hooks script is defined, we should also support initialize the hooks
	at daemon shutdown if no hooks is defined.
	To address bz: https://bugzilla.redhat.com/show_bug.cgi?id=688859

2011-04-28  Wen Congyang  <wency@cn.fujitsu.com>

	fix virsh's regression
	This patch does the following things:
	1. The return value of cmdSchedInfoUpdate() can be -1, 0 and 1. So the
	   type of return value should be int not bool.(This function is not a
	   entry of a virsh command, but the name of this function likes cmdXXX)
	2. The type of cmdSchedinfo()'s, cmdFreecell()'s, cmdPoolList()'s and
	   cmdVolList()'s return value is bool not int, so change the type of
	   variable ret_val, func_ret and functionReturn.
	3. Add a variable functionReturn for cmdMigrate(), cmdAttachInterface(),
	   cmdDetachInterface(), cmdAttachDisk() and cmdDetachDisk() to save the
	   return value.
	4. Change the type of variable ret in the function cmdAttachDevice(),
	   cmdDetachDevice(), cmdUpdateDevice(), cmdAttachInterface(),
	   cmdDetachInterface(), cmdAttachDisk() and cmdDetachDisk() to int, as
	   we use it to save the return value of virXXX() and the type of virXXX()'s
	   return value is int not bool.
	5. Do some cleanup when virBuff.error is 1.
	The bug 1-4 were introduced by commit b56fa5bb.

2011-04-28  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	libvirt/qemu - support persistent attach/detach disks
	Support changes of disks by MODIFY_CONFIG for qemu.
	This patch includes patches for qemu's disk to support
	virDomainAt(De)tachDeviceFlags with VIR_DOMAIN_DEVICE_MODIFY_CONFIG.
	Other devices can be added incrementally.
	* /src/conf/domain_conf.c
	(virDomainDiskIndexByName): returns array index of disk in vmdef.
	(virDomainDiskRemoveByName): removes a disk which has the name in vmdef.
	* src/qemu/qemu_driver.c
	(qemuDomainAttachDeviceConfig): add support for Disks.
	(qemuDomainDetachDeviceConfig): add support for Disks.

	libvirt/qemu - support persistent modification of devices
	This patch adds functions for modify domain's persistent definition.
	To do error recovery in easy way, we use a copy of vmdef and update it.
	The whole sequence will be:
	  make a copy of domain definition.
	  if (flags & MODIFY_CONFIG)
	      update copied domain definition
	  if (flags & MODIF_LIVE)
	      do hotplug.
	  if (no error)
	      save copied one to the file and update cached definition.
	  else
	      discard copied definition.
	This patch is mixuture of Eric Blake's work and mine.
	From: Eric Blake <eblake@redhat.com>
	(virDomainObjCopyPersistentDef): make a copy of persistent vm definition
	(qemuDomainAttach/Detach/UpdateDeviceConfig) : callbacks. now empty
	(qemuDomainModifyDeviceFlags): add support for MODIFY_CONFIG and MODIFY_CURRENT

2011-04-28  Eric Blake  <eblake@redhat.com>

	build: fix 32-bit test failure
	Same fix as commit 1fc288e1e25.
	* tests/hashtest.c (testHashRemoveForEach): Use correct format.

2011-04-27  Jiri Denemark  <jdenemar@redhat.com>

	util: Simplify hash implementation
	So far first entries for each hash key are stored directly in the hash
	table while other entries mapped to the same key are linked through
	pointers. As a result of that, the code is cluttered with special
	handling for the first items.
	This patch makes all entries (even the first ones) linked through
	pointers, which significantly simplifies the code and makes it more
	maintainable.

	tests: More unit tests for internal hash APIs
	This adds several tests for remaining hash APIs (custom
	hasher/comparator functions are not covered yet, though).
	All tests pass both before and after the "Simplify hash implementation".

2011-04-27  Osier Yang  <jyang@redhat.com>

	build: Fix problem of building Python bindings
	If one specify "--with-python=yes" but no python-devel package
	is installed, we ignore it with just a notice message, which
	doesn't give clear guide to user.

2011-04-27  Wen Congyang  <wency@cn.fujitsu.com>

	release PCI address only when we have ensured it successfully
	Steps to reproduce this bug:
	1. # cat net.xml # 00:03.0 has been used
	    <interface type='network'>
	      <mac address='52:54:00:04:72:f3'/>
	      <source network='default'/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
	    </interface>
	2. # virsh attach-device vm1 net.xml
	   error: Failed to attach device from net.xml
	   error: internal error unable to reserve PCI address 0:0:3
	3. # virsh attach-device vm1 net.xml
	   error: Failed to attach device from net.xml
	   error: internal error unable to execute QEMU command 'device_add': Device 'rtl8139' could not be initialized
	The reason of this bug is that: we can not reserve PCI address 0:0:3 because it has
	been used, but we release PCI address when we reserve it failed.

2011-04-27  Hu Tao  <hutao@cn.fujitsu.com>

	free memory properly in cleanup patch
	virsh schedinfo inactive-domain will trigger the problem.

2011-04-27  Wen Congyang  <wency@cn.fujitsu.com>

	free buf->content when vsnprintf() failed
	When buf->error is 1, we do not return buf->content in the function
	virBufferContentAndReset(). So we should free buf->content when
	vsnprintf() failed.

2011-04-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix dynamic dispatch for CastFromAnyType functions
	This was broken by the refactoring in ac1e6586ec75. It resulted in a
	segfault for 'virsh vol-dumpxml' and related volume functions.
	Before the refactoring all users of the ESX_VI__TEMPLATE__DISPATCH
	macro dispatched on the item type, as the item is the input to all those
	functions.
	Commit ac1e6586ec75 made the dynamically dispatched CastFromAnyType
	functions use this macro too, but this functions dispatched on the
	actual type of the AnyType object. The item is the output of the
	CastFromAnyType functions.
	This difference was missed in the refactoring, making CastFromAnyType
	functions dereferencing the item pointer that is NULL at the time of
	the dispatch.

	Move call to virReportOOMError into virFileBuildPath
	Suggested by Daniel P. Berrange

2011-04-27  Eric Blake  <eblake@redhat.com>

	build: use gnulib passfd for simpler SCM_RIGHTS code
	* .gnulib: Update to latest for passfd fixes.
	* bootstrap.conf (gnulib_modules): Add passfd.
	* src/util/util.c (virFileOpenAs): Simplify.

2011-04-26  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add flags checking in DomainCoreDump

2011-04-26  Mark Wu  <dwu@redhat.com>

	Make crash and live flags mutually exclusive in virDomainCoreDump
	They don't make any sense when used together.

2011-04-26  Guido Günther  <agx@sigxcpu.org>

	Make sure DNSMASQ_STATE_DIR exists
	otherwise the directory returned by networkDnsmasqLeaseFileName will not
	be created if ipdef->nhosts == 0 in networkBuildDnsmasqArgv.

2011-04-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix small memory leaks in config parsing related functions
	Found by 'make -C tests valgrind'.
	xen_xm.c: Dummy allocation via virDomainChrDefNew is directly
	overwritten and lost. Free 'script' in success path too.
	vmx.c: Free virtualDev_string in success path too.
	domain_conf.c: Free compression in success path too.

	Add virDomainEventRebootNew
	This will be used in the ESX driver event handling.

2011-04-26  Eric Blake  <eblake@redhat.com>

	build: make VIR_FREE do some type checking
	We can exploit the fact that gcc warns about int-to-pointer conversion
	in ternary cond?(void*):(int) in order to prevent future mistakes of
	calling VIR_FREE on a scalar lvalue.  For example, between commits
	158ba873 and 802e2df, we would have had this warning:
	cc1: warnings being treated as errors
	remote.c: In function 'remoteDispatchListNetworks':
	remote.c:3684:70: error: pointer/integer type mismatch in conditional expression
	There are still a number of places that malloc into a const char*;
	while it would probably be worth scrubbing them to use char*
	instead, that is a separate patch, so we have to cast away const
	in VIR_FREE for now.
	* src/util/memory.h (VIR_FREE): Make gcc warn about integers.
	Iteratively developed from a patch by Christophe Fergeau.

2011-04-25  Eric Blake  <eblake@redhat.com>

	threads: add one-time initialization support
	mingw lacks the counterpart to PTHREAD_MUTEX_INITIALIZER, so the
	best we can do is portably expose once-only runtime initialization.
	* src/util/threads.h (virOnceControlPtr): New opaque type.
	(virOnceFunc): New callback type.
	(virOnce): New prototype.
	* src/util/threads-pthread.h (virOnceControl): Declare.
	(VIR_ONCE_CONTROL_INITIALIZER): Define.
	* src/util/threads-win32.h (virOnceControl)
	(VIR_ONCE_CONTROL_INITIALIZER): Likewise.
	* src/util/threads-pthread.c (virOnce): Implement in pthreads.
	* src/util/threads-win32.c (virOnce): Implement in WIN32.
	* src/libvirt_private.syms: Export it.

2011-04-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add a wrapper for shared CURL handles
	To be used to share a CURL handle between multiple threads in the
	upcoming domain event support.

	esx: Move CURL handling code to it's own type

2011-04-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	daemon: Don't try to free an unsigned int in error paths

	daemon: Honor error variable name change in the generator
	Commit 36b652138be renamed err to rerr, do the same in the generator.

2011-04-22  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	libvirt/qemu - clean up UpdateDevice for consolidation.
	This patch strips reusable part of qemuDomainUpdateDeviceFlags()
	and consolidate it to qemuDomainModifyDeviceFlags().
	No functional changes.
	* src/qemu/qemu_driver.c
	(qemuDomainChangeDiskMediaLive) : pulled out code for updating disks.
	(qemuDomainUpdateDeviceLive) : core of UpdateDevice, extracted from
	UpdateDeviceFlags()
	(qemuDomainModifyDeviceFlags): add support for updating device in live domain.
	(qemuDomainUpdateDeviceFlags): reworked as a wrapper function of
	qemuDomainModifyDeviceFlags()

	libvirt/qemu - clean up At(De)tachDeviceFlags() for consolidation.
	clean up At(De)tachDeviceFlags() for consolidation.
	qemuDomainAttachDeviceFlags()/qemuDomainDetachFlags()/
	qemuDomainUpdateDeviceFlags() has similar logics and copied codes.
	This patch series tries to unify them to use shared code when it can.
	At first, clean up At(De)tachDeviceFlags() and devide it into functions.
	By this, this patch pulls out shared components between functions.
	Based on patch series by Eric Blake, I added some modification as
	switch-case with QEMU_DEVICE_ATTACH, QEMU_DEVICE_DETACH, QEMU_DEVICE_UPDATE
	* src/qemu/qemu_driver.c
	(qemuDomainAt(De)tachDeviceFlags) : pulled out to qemuDomainModifyDeviceFlags()
	(qemuDomainModifyDeviceFlags) : implements generic code for modifying domain.
	(qemuDomainAt(De)tachDeviceFlagsLive) : code for at(de)taching devices to
	domain in line. no changes in logic from old code.
	(qemuDomainAt(De)tachDeviceDiskLive) : for at(de)taching Disks.
	(qemuDomainAt(De)tachDeviceControllerLive) : for at(de)taching Controllers

	libvirt/qemu - Centralize device modification in the more flexible APIs
	Centralize device modification in the more flexible APIs, to allow future
	honoring of additional flags.  Explicitly reject the
	VIR_DOMAIN_DEVICE_MODIFY_FORCE flag on attach/detach.
	Based on Eric Blake<eblake@redhat.com>'s work.
	* src/qemu/qemu_driver.c
	(qemudDomainAttachDevice)(qemudDomainAttachDeviceFlags): Swap bodies,rename...
	(qemudDomainDetachDevice, qemudDomainDetachDeviceFlags): Likewise.

2011-04-22  Michal Privoznik  <mprivozn@redhat.com>

	Add support for s390(x) cpu options parsing
	Up to now we missed parser for cpuinfo on x390(x) machines. Those machines
	have only 1 thread, core, socket. What is missing is information about
	CPU frequency.

2011-04-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU tunnelled migration FD handling
	The two ends of the pipe used for feeding QEMU tunnelled
	migration data were interchanged, so QEMU got given the
	"write" end instead of the "read" end.
	The qemuMigrationPrepareTunnel method was also immediately
	closing the "write" end of the pipe, so the stream failed
	to actually write anything.
	* src/qemu/qemu_migration.c: Swap tunnelled migration
	  pipe FDs & don't close pipe given to stream

2011-04-21  Eric Blake  <eblake@redhat.com>

	build: fix 32-bit test failure
	ARRAY_CARDINALITY is typed as size_t, not long; this matters on 32-bit
	platforms:
	hashtest.c: In function 'testHashRemoveForEach':
	hashtest.c:114: error: format '%lu' expects type 'long unsigned int', but argument 4 has type 'unsigned int' [-Wformat]
	* tests/hashtest.c (testHashRemoveForEach): Use correct format.

2011-04-21  Jiri Denemark  <jdenemar@redhat.com>

	Remove artificial minimum limit for guest memory
	Remove the artificial minimum of 4096 KB for guest memory. It's drivers'
	job to set the limit if needed.

2011-04-21  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	PHYP: Adding reboot domain function
	Adding reboot <domain> function for pHyp driver.

2011-04-21  Eric Blake  <eblake@redhat.com>

	build: fix syntax-check failure
	* .mailmap: Add an alias for last commit.

2011-04-20  Wen Congyang  <wency cn fujitsu com>

	fix tunnelled migration's regression
	If the migrateFrom is "stdio" not "stdin", qemuBuildCommandLine()
	will convert it to exec:cat or fd:n.

2011-04-20  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: no support for direct type of interface
	Ebtables filtering doesn't work on macvtap device. Remove support for direct type of interface.

2011-04-19  Eric Blake  <eblake@redhat.com>

	virsh: nuke use of TRUE and FALSE
	Gnulib already guarantees <stdbool.h>, so it is easier to just
	use the standardized spellings.
	* tools/virsh.c (vshCmdDef): Change callback to return real bool.
	(__vshControl): Change several fields to bool.
	(vshCommandOptBool): Change return type.
	All callers updated.
	* tools/Makefile.am (virsh-net-edit.c, virsh-pool-edit.c):
	Likewise.

2011-04-19  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: fix the check of virDomainObjUnref()'s return value
	If vm is unlocked in virDomainObjUnref(), the return value is 0, not less
	than 0.

2011-04-19  Markus Groß  <gross@univention.de>

	Add cputune support to libxl driver
	Here is a new version of this patch:
	https://www.redhat.com/archives/libvir-list/2011-April/msg00337.html
	v2:
	  - store the cputune info for the whole runtime of the domain
	  - remove cputune info when domain is destroyed
	The nodeGetInfo code had to be moved into a helper
	function to reuse it without a virConnectPtr.

2011-04-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	Update and sort msg_gen_function list and mark unmarked messages
	Inspired by Eric Blake

2011-04-19  Eric Blake  <eblake@redhat.com>

	phyp: another simplification
	Rather than copying and pasting lots of code, factor it into a
	single helper function.
	This commit adds a warning if tighter integer parsing would fail
	due to any stray bytes after the number, but should not change
	any behavior other than the bug fix for phypNumDomainsGeneric
	looking only at numeric lines.
	* src/phyp/phyp_driver.c (phypExecInt): New function.
	(phypGetVIOSPartitionID, phypNumDomainsGeneric, phypGetLparID)
	(phypGetLparMem, phypGetLparCPUGeneric, phypGetRemoteSlot)
	(phypGetVIOSNextSlotNumber, phypAttachDevice)
	(phypGetStoragePoolSize, phypStoragePoolNumOfVolumes)
	(phypNumOfStoragePools, phypInterfaceDestroy)
	(phypInterfaceDefineXML, phypInterfaceLookupByName)
	(phypInterfaceIsActive, phypNumOfInterfaces): Use it.
	(phypNumDomainsGeneric): Correctly find numeric line.

2011-04-18  Eric Blake  <eblake@redhat.com>

	maint: ignore built file
	* .gitignore: Add exemption for hashtest.

2011-04-18  Daniel P. Berrange  <berrange@redhat.com>

	build: fix qemu build failure in previous patch
	This last minute addition caused a build failure
	cc1: warnings being treated as errors
	qemu/qemu_process.c: In function 'qemuProcessHandleWatchdog':
	qemu/qemu_process.c:436:34: error: ignoring return value of 'virDomainObjUnref', declared with attribute warn_unused_result [-Wunused-result]
	make[3]: *** [libvirt_driver_qemu_la-qemu_process.lo] Error 1

	Change some variable names to follow standard in daemon dispatcher
	Replace some occurrances of
	  virDomainPtr domain;
	  virNetworkPtr network;
	With
	  virDomainPtr dom;
	  virNetworkPtr net;
	* daemon/remote.c: Fix variable naming to follow standard

	Write error check conditionals in more compact form for dispatcher
	Replace cases of
	     type = virConnectGetType(conn);
	     if (type == NULL)
	         goto cleanup;
	With
	     if (!(type = virConnectGetType(conn)))
	         goto cleanup;
	* daemon/remote.c: Write error checks in compat form

	Remove curly braces on all single-line conditional jumps in dispatcher
	Replace all occurrances of
	   if (....) {
	      goto cleanup;
	   }
	With
	   if (.....)
	      goto cleanup;
	to save one line of code
	* daemon/remote.c: Remove curly braces on single line conditionals

	Fix checking of return codes in dispatcher
	The libvirt APIs reserve any negative value for indicating an
	error. Thus checks
	    if (virXXXX() == -1)
	Should instead be
	    if (virXXXX() < 0)
	* daemon/remote.c: s/ == -1/ < 0/

	Merge all returns paths from dispatcher into single path
	The dispatcher functions have numerous places where they
	return to the caller. This leads to duplicated cleanup
	code, often resulting in memory leaks. It makes it harder
	to ensure that errors are dispatched before freeing objects,
	which may overwrite the original error.
	The standard pattern is now
	    remoteDispatchXXX(...) {
	        int rv = -1;
	        ....
	        if (XXX < 0)
	          goto cleanup;
	        ...
	        if (XXXX < 0)
	          goto cleanup;
	        ...
	        rv = 0;
	    cleanup:
	        if (rv < 0)
	           remoteDispatchError(rerr);
	        ...free all other stuff..
	        return rv;
	    }
	* daemon/remote.c: Centralize all cleanup paths
	* daemon/stream.c: s/remoteDispatchConnError/remoteDispatchError/
	* daemon/dispatch.c, daemon/dispatch.h: Replace
	  remoteDispatchConnError with remoteDispatchError
	  removing unused virConnectPtr

2011-04-18  Alan Pevec  <apevec@redhat.com>

	Experimental libvirtd upstart job
	To install it, disable libvirtd sysv initscript:
	    chkconfig libvirtd off
	    service libvirtd stop
	and enable libvirtd upstart job:
	    cp  /usr/share/doc/libvirt-*/libvirtd.upstart \
	        /etc/init/libvirtd.conf
	    initctl reload-configuration
	    initctl start libvirtd
	Test:
	    initctl status libvirtd
	libvirtd start/running, process 3929
	    killall -9 libvirtd
	    initctl status libvirtd
	libvirtd start/running, process 4047
	I looked into the possibility to use the upstart script from Ubuntu or
	at least getting inspiration from it but that's not possible. "expect
	daemon" is a nice thing but it only works if the process is defined with
	exec stanza instead of script ... no script. Unfortunately, with exec
	stanza environment variables can only be set within upstart script
	(i.e., configuration in /etc/sysconfig/libvirtd can't work). Hence, we
	need to use script stanza, source sysconfig, and execute libvirtd
	without --daemon. For similar reasons we can't use limit stanza and need
	to handle DAEMON_COREFILE_LIMIT in job's script.

2011-04-18  Wen Congyang  <wency@cn.fujitsu.com>

	enhance processWatchdogEvent()
	This patch does the following two things:
	1. hold an extra reference while handling watchdog event
	   If the domain is not persistent, and qemu quits unexpectedly before
	   calling processWatchdogEvent(), vm will be freed and the function
	   processWatchdogEvent() will be dangerous.
	2. unlock qemu driver and vm before returning from processWatchdogEvent()
	   When the function processWatchdogEvent() failed, we only free wdEvent,
	   but forget to unlock qemu driver and vm, free dumpfile.

	qemu: avoid qemu_driver being unlocked twice when virThreadPoolNew() failed
	We do not lock qemu_driver when calling virThreadPoolNew(). If it failed,
	we will unlock qemu_driver. It is dangerous.
	We may use this pool during auto starting domains. So we must create it before
	calling qemuAutostartDomains(). Otherwise, libvirtd will crash.

2011-04-17  Richard Laager  <rlaager@wiktel.com>

	Fix two out-of-date comments in LVM backend

2011-04-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	xen: Replace statsErrorFunc with a macro
	Also mark error messages in block_stats.c for translation, add the
	new macro to the msg_gen functions in cfg.mk and add block_stats.c
	to po/POTFILES.in

	Remove virConnectPtr from virRaiseErrorFull
	And from all related macros and functions.

2011-04-16  Jiri Denemark  <jdenemar@redhat.com>

	tests: Unit tests for internal hash APIs
	This is a basic set of tests for testing removals of hash entries during
	iteration.

2011-04-16  Wen Congyang  <wency@cn.fujitsu.com>

	build: include esx_vi.generated.* into dist file
	commit d4601696 introduces two more generated files: esx_vi.generated.h
	and esx_vi.generated.h. But we do not include them into dist file.
	It will break building if using dist file to build.

2011-04-16  Eric Blake  <eblake@redhat.com>

	tests: test recent virsh option parsing changes
	* tests/virsh-optparse: New file.
	* tests/Makefile.am (test_scripts): Use it.

	virsh: fix regression in parsing optional integer
	Regression introduced in 0.8.5, commit c1564268.  The command
	'virsh freecell 0' quit working when it changed from an optional
	string to an optional integer.
	This patch introduces a slight change that specifying an option
	twice is now detected as an error.  It also changes things so
	that a command that has more than 1 required option will not
	complain about missing options if one but not all of the options
	were given in long format, as in 'virsh vol-create --pool p file',
	as well as making positional parsing work for all optional
	options (each positional argument is associated with the earliest
	option that has not yet been seen by name).
	Optional boolean options can appear before required argument
	options, because they don't affect positional argument parsing,
	and obviously a required boolean option makes no sense.
	Technically, this patch renders VSH_OT_STRING and VSH_OT_DATA
	redundant; but cleaning that up can be a separate patch.
	No command should ever need more than 32 options, right? :)
	* tools/virsh.c (vshCmddefGetData, vshCmddefGetOption)
	(vshCommandCheckOpts): Alter parameters to use bitmaps.
	(vshCmddefOptParse): New function.
	(vshCommandParse): Update for better handling of positional
	arguments.
	(vshCmddefHelp): Allow unit tests to validate options.

	virsh: list required options first
	The current state of virsh parsing is that:
	$ virsh vol-info /path/to/image
	$ virsh vol-info --pool default /path/to/image
	$ virsh vol-info --pool default --vol /path/to/image
	all lookup the volume by path (technically, the last two also attempt
	a name lookup within a pool, whereas the first skips that step, but
	the end result is the same); meanwhile:
	$ virsh vol-info default /path/to/image
	complains about unexpected data.  Why?  Because the --pool option is
	optional, so default was parsed as the --vol argument, and
	/path/to/image.img doesn't match up with any remaining options that
	require an argument.  For proof, note that:
	$ virsh vol-info default --vol /path/to/image
	complains about looking up 'default' - the parser mis-associated both
	arguments with --vol.  Given the above, the only way to specify pool
	is with an explicit "--pool" argument (you can't specify it
	positionally).  However, named arguments can appear in any order, so:
	$ virsh vol-info /path/to/image --pool default
	$ virsh vol-info --vol /path/to/image --pool default
	have also always worked.  Therefore, this patch has no functional
	change on vol-info option parsing, but only on 'virsh help vol-info'
	synopsis layout.  However, it also allows the next patch to 1) enforce
	that required options are always first (without this patch, the next
	patch would fail the testsuite), and 2) allow the user to omit the
	"--pool" argument.  That is, the next patch makes it possible to do:
	$ virsh vol-info /path/to/image default
	which to date was not possible.
	* tools/virsh.c (opts_vol_create_from, opts_vol_clone)
	(opts_vol_upload, opts_vol_download, opts_vol_delete)
	(opts_vol_wipe, opts_vol_info, opts_vol_dumpxml, opts_vol_key)
	(opts_vol_path): List optional pool parameter after required
	arguments.

	phyp: avoid memory leaks in command values
	* src/phyp/phyp_driver.c (phypExecBuffer): New function. Use it
	throughout file for less code, and for plugging a few leaks.

	phyp: use consistent return string handling
	Use the name 'ret' for all phypExec results, to make it easier
	to wrap phypExec.  Don't allow a possibly NULL ret through printf.
	* src/phyp/phyp_driver.c (phypBuildVolume, phypDestroyStoragePool)
	(phypBuildStoragePool, phypBuildLpar): Avoid NULL dereference.
	(phypInterfaceDestroy): Avoid redundant free.
	(phypVolumeLookupByPath, phypVolumeGetPath): Use consistent
	naming.

	phyp: prefer memcpy over memmove when legal
	* src/phyp/phyp_driver.c (phypUUIDTable_AddLpar)
	(phypGetLparUUID, phypGetStoragePoolUUID, phypVolumeGetXMLDesc)
	(phypGetStoragePoolXMLDesc): Use faster method.

	phyp: use consistent style for labels
	* src/phyp/phyp_driver.c: Match label style of rest of project.
	(phypExec, phypUUIDTable_Pull): Drop an extra label.

	phyp: more return handling cleanup
	* src/phyp/phyp_driver.c (phypInterfaceDestroy)
	(phypInterfaceDefineXML, phypInterfaceLookupByName)
	(phypInterfaceIsActive, phypListInterfaces, phypNumOfInterfaces):
	Clean up return handling of recent additions.

	phyp: avoid memory leak on failure
	* src/phyp/phyp_driver.c (phypUUIDTable_Init): Avoid memory leak
	on error.

	phyp: avoid a logic bug
	Ever since commit ebc46f, the destroy function built two command
	variants but only used one.  I went with the variant that matches
	the idiom used in the counterpart of phypBuildStoragePool.
	* src/phyp/phyp_driver.c (phypDestroyStoragePool): Avoid
	clobbering cmd.  Fix error message typo.

	maint: use lighter-weight function for straight appends
	It costs quite a few processor cycles to go through printf parsing
	just to determine that we only meant to append.
	* src/xen/xend_internal.c (xend_op_ext): Consolidate multiple
	printfs into one.
	* src/qemu/qemu_command.c (qemuBuildWatchdogDevStr)
	(qemuBuildUSBInputDevStr, qemuBuildSoundDevStr)
	(qemuBuildSoundCodecStr, qemuBuildVideoDevStr): Likewise.
	(qemuBuildCpuArgStr, qemuBuildCommandLine): Prefer virBufferAdd
	over virBufferVsprintf for trivial appends.
	* src/phyp/phyp_driver.c (phypExec, phypUUIDTable_Push)
	(phypUUIDTable_Pull): Likewise.
	* src/conf/nwfilter_conf.c (macProtocolIDFormatter)
	(arpOpcodeFormatter, formatIPProtocolID, printStringItems)
	(virNWFilterPrintStateMatchFlags, virNWIPAddressFormat)
	(virNWFilterDefFormat): Likewise.
	* src/security/virt-aa-helper.c (main): Likewise.
	* src/util/sexpr.c (sexpr2string): Likewise.
	* src/xenxs/xen_sxpr.c (xenFormatSxprChr): Likewise.
	* src/xenxs/xen_xm.c (xenFormatXMDisk): Likewise.

2011-04-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix gcc 4.6 warning about initialized but unused variables
	This warnings come from partly generated code. Therefore, the best
	solution is to mark them as potentially being unused using the
	ATTRIBUTE_UNUSED macro. This is suggested by the gcc documentation.
	Reported by Christophe Fergeau

2011-04-16  Alexander Todorov  <atodorov@otb.bg>

	libvirt-guests: implement START_DELAY
	Allow libvirt-guests to stage a delay between guest startups,
	to avoid system load caused by back-to-back startup.

2011-04-15  Eric Blake  <eblake@redhat.com>

	maint: silence cppi warnings
	* src/nodeinfo.c (linuxNodeInfoCPUPopulate): Fix indentation of
	last patch.

2011-04-15  Laine Stump  <laine@laine.org>

	network: truncate bridges' dummy tap device names to IFNAMSIZ (15) chars
	This patch addresses:
	   https://bugzilla.redhat.com/show_bug.cgi?id=694382
	In order to give each libvirt-created bridge a fixed MAC address,
	commit 5754dbd56d4738112a86776c09e810e32f7c3224, added code to create
	a dummy tap device with guaranteed lowest MAC address and attach it to
	the bridge. This tap device was given the name "${bridgename}-nic".
	However, an interface device name must be IFNAMSIZ (15) characters or
	less, so a valid ${bridgename} such as "verylongname123" (15
	characters) would lead to an invalid tap device name
	("verylongname123-nic" - 19 characters), and that in turn led to a
	failure to bring up the network.
	The solution is to shorten the part of the original name used to
	generate the tap device name. However, simply truncating it is
	insufficient, because the last few characters of an interface name are
	often a number used to indicate one of a list of several similar
	devices (for example, "verylongname123", "verylongname124", etc) and
	simple truncation would lead to duplicate names (eg "verlongnam-nic"
	and "verylongnam-nic"). So instead we take the first 8 characters of
	$bridgename ("verylong" in the example), add on the final 3 bytes
	("123"), then add "-nic" (so "verylong123-nic").  Not pretty, but it
	is much more likely to generate a unique name, and is reproducible
	(unlike, say, a random number).

2011-04-15  Stefan Berger  <stefanb@us.ibm.com>

	ppc: Enable starting of Qemu VMs on ppc host
	Due to differences in /proc/cpuinfo the parsing of the cpu data is
	different between architectures. On PPC /proc/cpuinfo looks like this:
	[original formatting with tabs]
	processor    : 0
	cpu          : PPC970MP, altivec supported
	clock        : 2297.700000MHz
	revision     : 1.1 (pvr 0044 0101)
	processor    : 1
	cpu          : PPC970MP, altivec supported
	clock        : 2297.700000MHz
	revision     : 1.1 (pvr 0044 0101)
	[..]
	timebase     : 14318000
	platform     : pSeries
	model        : IBM,8844-AC1
	machine      : CHRP IBM,8844-AC1
	The patch adapts the parsing of the data found in /proc/cpuinfo.
	/sys/devices/system/cpu/cpuX/topology/physical_package_id also
	always returns -1. Check for it on ppc and make it '0' if found negative.

	Migrate VMs between different-endianess hosts
	This patch enables the migration of Qemu VMs between hosts of different endianess. I tested this by migrating a i686 VM between a x86 and ppc64 host.
	I am converting the 'int's in the VM's state header to uint32_t assuming this doesn't break compatibility with existing deployments other than Linux.

2011-04-15  Christophe Fergeau  <cfergeau@redhat.com>

	Fix gcc 4.6 warnings in vbox_tmpl.c

	Fix gcc 4.6 warnings
	gcc 4.6 warns when a variable is initialized but isn't used afterwards:
	vmware/vmware_driver.c:449:18: warning: variable 'vmxPath' set but not used [-Wunused-but-set-variable]
	This patch fixes these warnings. There are still 2 offending files:
	- vbox_tmpl.c: the variable is used inside an #ifdef and is assigned several
	  times outside of #ifdef. Fixing the warning would have required wrapping
	  all the assignment inside #ifdef which hurts readability.
	vbox/vbox_tmpl.c: In function 'vboxAttachDrives':
	vbox/vbox_tmpl.c:3918:22: warning: variable 'accessMode' set but not used [-Wunused-but-set-variable]
	- esx_vi_types.generated.c: the name implies it's generated code and I
	  didn't want to dive into the code generator
	esx/esx_vi_types.generated.c: In function 'esxVI_FileQueryFlags_Free':
	esx/esx_vi_types.generated.c:1203:3: warning: variable 'item' set but not used [-Wunused-but-set-variable]

2011-04-15  Michal Novotny  <minovotn@redhat.com>

	Introduce virDomainChrDefNew()
	Make: passed
	Make check: passed
	Make syntax-check: passed
	this is the commit to introduce the function to create new character
	device definition for the domain as advised by Cole Robinson
	<crobinso@redhat.com>.
	The function is used on the relevant places and also new tests has
	been added.

2011-04-15  Michal Privoznik  <mprivozn@redhat.com>

	Spice: support audio, images and stream compression
	This extends the SPICE XML to allow variable compression settings for audio,
	images and streaming:
	    <graphics type='spice' port='5901' tlsPort='-1' autoport='yes'>
	        <image compression='auto_glz'/>
	        <jpeg compression='auto'/>
	        <zlib compression='auto'/>
	        <playback compression='on'/>
	    </graphics>
	All new elements are optional.

2011-04-14  Hu Tao  <hutao@cn.fujitsu.com>

	free cpumask of vcpupinDef
	cpumask doesn't get freed when vcpupinDef being freed, this leaks
	memory.

2011-04-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Make the parsed URI part of the private connection data
	This will be used to make esxVI_Context clonable.
	Also move cleanup code for esxPrivate to esxFreePrivate().

	esx: Mark error message in macros for translation

	esx: Extend VI generator to cover managed object types
	Generate lookup functions for managed object types.

	esx: Cleanup and refactor CastFromAnyType macros
	Add CastFromAnyType functions for the String type.

	esx: Cleanup VI generator code

2011-04-14  Michal Privoznik  <mprivozn@redhat.com>

	network: Fix NULL dereference during error recovery
	This fixes: https://bugzilla.redhat.com/show_bug.cgi?id=696660
	While starting a network, if brSetForwardDelay() fails, we go to err1
	where we want to access macTapIfName variable which was just
	VIR_FREE'd a few lines above. Instead, keep macTapIfName until we are
	certain of success.

2011-04-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Serial and parallel device target ports actually start from 0
	Reported by Igor Galić

2011-04-14  Daniel P. Berrange  <berrange@redhat.com>

	Add missing checks for QEMU domain state in tunables APIs
	The methods qemuDomain{Get,Set}{Memory,Blkio,Scheduler}Parameters
	all forgot to do a check on virDomainIsActive(), resulting in bogus
	error messages from later parts of their impl
	* src/qemu/qemu_driver.c: Add missing checks on virDomainIsActive()

2011-04-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Fix too small buffer allocation in phypAttachDevice
	sizeof(domain->name) is the wrong thing. Instead of using strdup here
	rewrite escape_specialcharacters to allocate the buffer itself.
	Add a contains_specialcharacters to be used in phypOpen, as phypOpen is
	not interested in the escaped version.

	phyp: Don't overwrite error from virDomainDeviceDefParse by OOM error

	phyp: Don't try to use a string from a failed virAsprintf

	phyp: Reduce code duplication in error and success paths
	Also fix memory leaks along the way in phypCreateServerSCSIAdapter and
	phypAttachDevice.

	phyp: Remove stack allocating a 4kb volume key and fix related memory leaks
	Don't pre-allocate 4kb per key, make phypVolumeGetKey allocate the memory.
	Make phypBuildVolume return the volume key instead of using pre-allocated
	memory to store it.
	Also fix a memory leak in phypVolumeLookupByName when phypVolumeGetKey
	fails. Fix another memory leak in phypVolumeLookupByPath in the success
	path. Fix phypVolumeGetXMLDesc leaking voldef.key.

2011-04-14  Daniel P. Berrange  <berrange@redhat.com>

	Remove C99 variable declare in PHYP network driver
	Move the virInterfacePtr declaration to the top of the
	function to avoid jump uninitialized variable warnings
	* src/phyp/phyp_driver.c: Fix var declaration

	Replace REMOTE_DEBUG with VIR_DEBUG in daemon dispatcher
	The daemon dispatcher code had an obsolete macro
	  #define REMOTE_DEBUG(fmt, ...) VIR_DEBUG(fmt, __VA_ARGS__)
	This can be trivially removed
	* daemon/remote.c: s/REMOTE_DEBUG/VIR_DEBUG/

	Add missing checks for whether the connection is open in dispatcher
	Many functions did not check for whether a connection was
	open. Replace the macro which obscures control flow, with
	explicit checks, and ensure all dispatcher code has checks.
	* daemon/remote.c: Add connection checks

	Standard on error variable name in libvirtd dispatcher
	Some dispatcher methods have a parameter
	            remote_error *err,
	Instead of the more normal
	            remote_error *rerr,
	* daemon/remote.c: s/err/rerr/

	Remove all whitespace before function brackets in daemon dispatcher
	A lot of code in libvirtd's dispatcher used the style
	    dom = get_nonnull_domain (conn, args->dom);
	Instead of the normal libvirt style
	    dom = get_nonnull_domain(conn, args->dom);
	* daemon/remote.c: Remove all whitelist before function brackets

2011-04-14  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	PHYP: Adding network interface
	This is the implementation of the previous patch now using virInterface*
	API. Ended up this patch got much more simpler, smaller and easier to
	review. Here is some details:
	  * MAC size and interface name are fixed due to specifications on HMC,
	    both are created automatically and CAN'T be specified from user. They
	    have the following format:
	     * MAC: 122980003002
	     * Interface name: U9124.720.067BE8B-V3-C0
	  * I did replaced all the |grep|sed following the comments Eric Blake
	    did on the last patch.
	  * According to my last email, It's not possible to create a network
	    interface without assigning it to a specific lpar. Then, I am using
	    this very minimalistic XML file for testing:
	     <interface type='ethernet' name='LPAR01'>
	     </interface>
	    In this file I am using "name" as the lpar name which I am going to
	    assign the new network interface. I couldn't find a better way to
	    refer to it. Comments are welcome.
	  * Regarding the fact I am sleeping one second waiting for the HMC to
	    complete creation of the interface, I don't have means to check
	    if the whole process is done. All I do is execute a command, wait
	    until is complete (which is not enough in this case) check
	    the return and the exit status. The process of actually creating
	    a networking interface seems to take a little longer than just the
	    return of the ssh control.

2011-04-13  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: fix a dead-lock problem
	In qemuDomainObjBeginJobWithDriver, when virCondWaitUntil timeouts,
	the function tries to call qemuDriverLock with virDomainObj locked,
	this causes the dead-lock problem. This patch fixes this.

2011-04-13  Jiri Denemark  <jdenemar@redhat.com>

	util: Fix crash when removing entries during hash iteration
	Commit 9677cd33eea4c65d78ba463b46b8b45ed2da1709 made it possible to
	remove current entry when iterating through all hash entries. However,
	it didn't properly handle a special case of removing first entry
	assigned to a given key which contains several entries in its collision
	list.

2011-04-12  Michal Privoznik  <mprivozn@redhat.com>

	Fix possible infinite loop in remote driver
	When we take out completed calls from queue we might end up
	in circular pointer. We don't want pointer to previous item
	point to element taken out.

2011-04-12  Eric Blake  <eblake@redhat.com>

	maint: fix grammar errors
	Jim Meyering recently improved gnulib to catch various grammar
	errors during 'make syntax-check'.
	* .gnulib: Update to latest, for syntax-check improvements.
	* include/libvirt/libvirt.h.in (virConnectAuthCallbackPtr): Use
	cannot rather than two words.
	* src/driver.c: Likewise.
	* src/driver.h (VIR_SECRET_GET_VALUE_INTERNAL_CALL): Likewise.
	* src/remote/remote_driver.c (initialize_gnutls): Likewise.
	* src/util/pci.c (pciBindDeviceToStub): Likewise.
	* src/storage/storage_backend.c (virStorageBackendCreateQemuImg):
	Likewise.
	(virStorageBackendUpdateVolTargetInfoFD): Avoid doubled word.
	* docs/formatdomain.html.in: Likewise.
	* src/qemu/qemu_process.c (qemuProcessStart): Likewise.
	* cfg.mk (exclude_file_name_regexp--sc_prohibit_can_not)
	(exclude_file_name_regexp--sc_prohibit_doubled_word): Exclude
	existing translation problems.

2011-04-11  Eric Blake  <eblake@redhat.com>

	docs: document freecell --all
	Based on a smaller patch developed by Moritoshi Oshiro:
	https://bugzilla.redhat.com/show_bug.cgi?id=693963
	* tools/virsh.pod (freecell): Mention all, and clarify that
	optional cellno requires --cellno.

2011-04-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	xen: Remove PATH_MAX sized stack allocation from block stats code

2011-04-09  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setmaxmem: add the new options to "virsh setmaxmem" command
	This patch adds the new options (--live, --config, and --current) to
	"virsh setmaxmem" command. The behavior of above options is the same
	as that of "virsh setmem".  When the --config option is specified, a
	modification is effective for the persistent domain, while the --live
	option is specified, a modification is effective for an active
	domain. The --current option is specified, it affects a current
	domain.

	maxmem: implement virDomainSetMaxMemory API of the qemu driver
	This patch implements the code to support virDomainSetMaxMemory API,
	and to support VIR_DOMAIN_MEM_MAXIMUM flag in qemudDomainSetMemoryFlags function.
	As a result, we can change the maximum memory size of inactive QEMU guests.

	maxmem: introduces VIR_DOMAIN_MEM_MAXIMUM flag
	This patch introduces VIR_DOMAIN_MEM_MAXIMUM flag.

2011-04-09  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	docs: remove "returns" word from beginning of lines
	Move "returns" keyword from beginning of API doc lines
	when it does not describe return values.
	Maybe the API doc extractor could be changed to look for
	"returns: " to avoid such confusion.

2011-04-09  Eric Blake  <eblake@redhat.com>

	build: really fix mingw startup
	Aargh; commit 8ae5dfd still didn't fix the mingw problem, because
	gnulib defined O_NONBLOCK to 0 for just mingw.  I've now fixed
	that in gnulib, but we need the latest pipe2 for libvirt to work.
	* .gnulib: Update to latest, for pipe2 fixes.

2011-04-08  Eric Blake  <eblake@redhat.com>

	build: fix mingw build
	Commit 02c39a2 introduced a mingw build regression, due to a
	regression in gnulib's areadlink module:
	../../../gnulib/lib/careadlinkat.c: In function 'careadlinkat':
	../../../gnulib/lib/careadlinkat.c:143:39: error: 'const struct allocator' has no member named 'malloc'
	* .gnulib: Update to latest, for careadlinkat fix.

	docs: tweak virsh restore warning
	* tools/virsh.pod: Fix grammar, and clarify wording.
	* src/qemu/qemu_driver.c (qemudDomainObjStart): Drop redundant
	condition.

2011-04-08  Wen Congyang  <wency@cn.fujitsu.com>

	do not build libvirt_iohelper when building without libvirtd
	The libexec program libvirt_iohelper is only for libvirtd. If we build rpm
	without libvirtd, we will receive the following messages:
	Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/wency/rpmbuild/BUILDROOT/libvirt-0.9.0-1.el6.x86_64
	error: Installed (but unpackaged) file(s) found:
	   /usr/libexec/libvirt_iohelper

2011-04-08  Stefan Berger  <stefanb@us.ibm.com>

	nwfilters: support for TCP flags evaluation
	This patch adds support for the evaluation of TCP flags in nwfilters.
	It adds documentation to the web page and extends the tests as well.
	Also, the nwfilter schema is extended.
	The following are some example for rules using the tcp flags:
	<rule action='accept' direction='in'>
	    <tcp state='NONE' flags='SYN/ALL' dsptportstart='80'/>
	</rule>
	<rule action='drop' direction='in'>
	    <tcp state='NONE' flags='SYN/ALL'/>
	</rule>

2011-04-08  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setmem: add --current option to virsh setmem command
	This patch adds the new option (--current) to the "virsh setmem" command.
	When --current option is specified, it affects a "current" domain.
	The word "current" denotes that if a domain is running, it affects
	a running domain only; otherwise it affects a persistent domain.

	setmem: add VIR_DOMAIN_MEM_CURRENT support to qemu
	This patch adds virDomainSetMemoryFlags(,,VIR_DOMAIN_MEM_CURRENT) support
	code to qemu driver.
	Also, change virDomainObjIsActive to return bool, given its usage.

	setmem: introduce VIR_DOMAIN_MEM_CURRENT flag
	This patch introduces VIR_DOMAIN_MEM_CURRENT flag and
	modifies virDomainSetMemoryFlags function to support it.

2011-04-08  Jim Fehlig  <jfehlig@novell.com>

	build: Install libxenlight log dir
	Add $localstatedir/log/libvirt/libxl when building libxenlight driver

2011-04-08  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setmaxmem: remove the code to invoke virDomainSetMemory in cmdSetmaxmem
	When the new maximum memory size becomes less than the current memory size,
	I think it is not the libvirt client but the each driver that decides the behavior
	(reject the operation or shrink the current memory size).

2011-04-08  Eric Blake  <eblake@redhat.com>

	virsh: fix mingw startup
	* .gnulib: Update to latest, for pipe2.
	* bootstrap.conf (gnulib_modules): Add pipe2.
	* src/util/event_poll.c (virEventPollInit): Use it, to avoid
	problematic virSetCloseExec on mingw.

	build: fix gitignore sorting
	Make it so we don't have to 'git add -f' particular files like
	po/POTFILES.in all the time (tested by fixing one of our
	special-case files as part of the patch).
	* .gnulib: Update to latest.
	* bootstrap: Resync from coreutils.
	* .gitignore: Sort whitelist entries correctly, including ignoring
	files rather than directories.
	* m4/virt-compile-warnings.m4: Convert tabs to space.

2011-04-08  Laine Stump  <laine@laine.org>

	docs: add an IPv6 address to network XML examples
	It was just pointed out that, although I added documentation for the
	IPv6 additions to the network XML, I neglected to use those additions
	in the examples. This patch adds an IPv6 address to each of the
	examples except for the "default" network, since that is a faithful
	reproduction of the default network config that's automatically
	installed, which doesn't include any IPv6 address (for good reason -
	because there is no such thing as IPv6 NAT, there is no one IPv6
	address that would work for all installations).

2011-04-08  Markus Groß  <gross@univention.de>

	Add domainSet/GetSchedulerParameters to libxl driver
	Libxenlight currently only supports the credit scheduler.
	Therefore setting or getting a parameter of other
	schedulers raise an error (for now).

2011-04-07  Osier Yang  <jyang@redhat.com>

	qemu: Remove the managed state file only if restoring succeeded
	1) Both "qemuDomainStartWithFlags" and "qemuAutostartDomain" try to
	restore the domain from managedsave'ed image if it exists (by
	invoking "qemuDomainObjRestore"), but it unlinks the image even
	if restoring fails, which causes data loss. (This problem exists
	for "virsh managedsave dom; virsh start dom").
	The fix for is to unlink the managed state file only if restoring
	succeeded.
	2) For "virsh save dom; virsh restore dom;", it can cause data
	corruption if one reuse the saved state file for restoring. Add
	doc to tell user about it.
	3) In "qemuDomainObjStart", if "managed_save" is NULL, we shouldn't
	fallback to start the domain, skipping it to cleanup as a incidental
	fix. Discovered by Eric.

2011-04-07  Wen Congyang  <wency@cn.fujitsu.com>

	reattach pci devices when qemuPrepareHostdevPCIDevices() failed
	Reattach all pci devices that we detached when qemuPrepareHostdevPCIDevices()
	failed.

	reattach pci device when pciBindDeviceToStub() failed
	We should bind pci device to original driver when pciBindDeviceToStub() failed.
	If the pci device is not bound to any driver before calling pciBindDeviceToStub(),
	we should only unbind it from pci-stub. If it is bound to pci-stub, we should not
	unbind it from pci-stub.

	rename pciUnBindDeviceFromStub() to pciUnbindDeviceFromStub() and float it up
	This patch do the following things:
	1. rename the function as 'Unbind' is better than 'UnBind'.
	2. pciUnbindDeviceFromStub() will be used in the function pciBindDeviceToStub() in
	   next patch. Float it up, instead of having to have a forward declaration

	remove devices from driver->activePciHostdevs when qemuPrepareHostdevPCIDevices() failed
	We should not mark pci devices as active when qemuPrepareHostdevPCIDevices()
	failed.

	pci: avoid invalid free, init path to NULL
	This bug was introduce by commit 57162db8, and it will cause libvirtd crashed.

2011-04-07  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning on cygwin
	In file included from util/threads.c:31:
	util/threads-pthread.c: In function 'virThreadSelfID':
	util/threads-pthread.c:214: warning: cast from function call of type 'pthread_t' to non-matching type 'int' [-Wbad-function-cast]
	* src/util/threads-pthread.c (virThreadSelfID) [!SYS_gettid]:
	Add intermediate cast to silence gcc.

2011-04-07  Markus Groß  <gross@univention.de>

	Add domainIsUpdated to libxl driver

2011-04-07  Jim Fehlig  <jfehlig@novell.com>

	Fix build for older gcc
	With gcc 4.3.4 I'm seeing the following warning failure
	cc1: warnings being treated as errors
	cc1: error: -funit-at-a-time is required for inlining of functions
	that are only called once [-Wdisabled-optimization]
	Add -funit-at-a-time to WARN_CFLAGS.

2011-04-07  Serge Hallyn  <serge.hallyn@canonical.com>

	Change locking for udev monitor and callbacks
	We're seeing bugs apparently resulting from thread unsafety of
	libpciaccess, such as
	https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/726099
	To prevent those, as suggested by danpb on irc, move the
	nodeDeviceLock(driverState) higher into the callers.  In
	particular:
	  udevDeviceMonitorStartup should hold the lock while calling
	  udevEnumerateDevices(), and udevEventHandleCallback should hold it
	  over its entire execution.
	It's not clear to me whether it is ok to hold the
	nodeDeviceLock while taking the virNodeDeviceObjLock(dev) on a
	device.  If not, then the lock will need to be dropped around
	the calling of udevSetupSystemDev(), and udevAddOneDevice()
	may not actually be safe to call from higher layers with the
	driverstate lock held.
	libvirt 0.8.8 with this patch on it seems to work fine for me.
	Assuming it looks ok and I haven't done anything obviously dumb,
	I'll ask the bug submitters to try this patch.

2011-04-07  Eric Blake  <eblake@redhat.com>

	tests: fix recent test failures
	* tests/qemuxml2argvdata/qemuxml2argv-*.args: Reflect reserved VGA
	port change.

2011-04-06  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Support for overriding NPROC limit
	This patch adds max_processes option to qemu.conf which can be used to
	override system default limit on number of processes that are allowed to
	be running for qemu user.

2011-04-06  Osier Yang  <jyang@redhat.com>

	qemu: Always reserves slot 0x02 for primary VGA.
	To address https://bugzilla.redhat.com/show_bug.cgi?id=692355
	This fix is to reserve slot 0x02 for primary VGA even if there
	is no "video" specified in domain XML to avoid the problem.

2011-04-06  Eric Blake  <eblake@redhat.com>

	libxl: avoid compiler warning
	cc1: warnings being treated as errors
	libxl/libxl_driver.c: In function 'libxlDomainSetVcpusFlags':
	libxl/libxl_driver.c:1570:14: error: cast from function call of type 'double' to non-matching type 'unsigned int' [-Wbad-function-cast]
	libxl/libxl_driver.c:1578:15: error: cast from function call of type 'double' to non-matching type 'unsigned int' [-Wbad-function-cast]
	This was the only use of floor() and ceil(), and floating-point
	is overkill for power-of-two manipulations.
	* src/libxl/libxl_driver.c (libxlDomainSetVcpusFlags): Avoid -lm
	for trivial computations.

2011-04-06  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in systemtap tapset directory name
	The systemtap directory for tapsets is called
	  /usr/share/systemtap/tapset
	Not
	 /usr/share/systemtap/tapsets
	* daemon/Makefile.am,libvirt.spec.in: s/tapsets/tapset/

	Don't try to enable stack protector on Win32
	The GCC Win32 compiler will claim to support -fstack-protector,
	but if it actually gets triggered by a suitable code pattern,
	linking will fail. Other non-Linux OS likely suffer the same
	way with gcc.
	* m4/virt-compile-warnings.m4: Only use stack protector when
	  the build target is Linux.

	Avoid compiler warnings about int -> void * casts
	GCC is a little confused about the cast of beginthread/beginthreadex
	from unsigned long -> void *. Go via an intermediate variable avoids
	the bogus warning, and makes the code a little cleaner
	* src/util/threads-win32.c: Avoid compiler warning in cast

2011-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Improve SCSI volume key generation
	The SCSI volumes get a better 'key' field based on the fully
	qualified volume path. All SCSI volumes have a unique serial
	available in hardware which can be obtained by sending a
	suitable SCSI command. Call out to udev's 'scsi_id' command
	to fetch this value
	* src/storage/storage_backend_scsi.c: Improve volume key
	  field value stability and uniqueness

2011-04-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Ignore unusable binaries
	When initializing qemu guest capabilities, we should ignore qemu
	binaries that we are not able to extract version/help info from since
	they will be unusable for creating domains anyway. Ignoring them is also
	much better than letting initialization of qemu driver fail.

	qemu: Rewrite LOOKUP_PTYS macro into a function
	The macro is huge and gives us nothing but headache when maintaining it.

2011-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Enable use of -Wold-style-definition compiler flag
	A couple of functions were declared using the old style foo()
	for no-parameters, instead of foo(void)
	* src/xen/xen_hypervisor.c, tests/testutils.c: Replace () with (void)
	  in some function declarations
	* m4/virt-compile-warnings.m4: Enable -Wold-style-definition

	Enable use of -Wmissing-noreturn
	* src/internal.h: Define a ATTRIBUTE_NO_RETURN annotation
	* src/lxc/lxc_container.c: Annotate lxcContainerDummyChild
	  with ATTRIBUTE_NO_RETURN
	* tests/eventtest.c: Mark async thread as ATTRIBUTE_NO_RETURN
	* m4/virt-compile-warnings.m4: Enable -Wmissing-noreturn

	Enable -Wmissing-format-attribute warning
	Add a couple of missing ATTRIBUTE_FMT_PRINTF annotations
	* tools/virsh.c, tests/testutils.c: Add printf format attribute
	* m4/virt-compile-warnings.m4: Enable -Wmissing-format-attribute

	Remove acinclude.m4 file
	Split the bit acinclude.m4 file into smaller pieces named
	as m4/virt-XXXXX.m4
	* .gitignore: Ignore gettext related files
	* acinclude.m4: Delete
	* m4/virt-compile-warnings.m4: Checks for GCC compiler flags
	* m4/virt-pkgconfig-back-compat.m4: Backcompat check for
	  pkgconfig program

	Use gnulib's manywarnings & warnings modules
	Remove custom code for checking compiler warnings, using
	gl_WARN_ADD instead. Don't list all flags ourselves, use
	gnulib's gl_MANYWARN_ALL_GCC to get all possible GCC flags,
	then turn off the ones we don't want yet.
	* acinclude.m4: Rewrite to use gl_WARN_ADD and gl_MANYWARN_ALL_GCC
	* bootstrap.conf: Add warnings & manywarnings
	* configure.ac: Switch to gl_WARN_ADD
	* m4/compiler-flags.m4: Obsoleted by gl_WARN_ADD

	Remove possible uninitialized variable in openvz driver
	* src/openvz/openvz_driver.c: Initialize saveptr variable

2011-04-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	Use virBufferPtr for sexpr2string instead of manual buffer handling
	Removes 4kb stack allocation in the XenD subdriver.

	xend: Remove 4kb stack allocation

	uml: Remove PATH_MAX sized stack allocation from /proc parsing code

	storage: Remove PATH_MAX sized stack allocation from iSCSI backend

	qemu: Remove PATH_MAX sized stack allocation used in commandline building

	Remove PATH_MAX sized stack allocation from virFileOpenTtyAt

	openvz: Remove several larger stack allocations
	Replace openvz_readline with getline in several places to get rid of stack
	allocated buffers to hold lines.
	openvzReadConfigParam allocates memory for return values instead of
	expecting a preexisting buffer.

	daemon: Remove 4kb stack allocation of security label

	virsh: Remove two 4kb stack allocations

	Use virFileAbsPath instead of manually creating the absolute path
	Removes multiple 4kb stack allocations.
	Removes TODO comments as suggested by Daniel P. Berrange.

	xenxs: Remove PATH_MAX sized stack allocation in XM script parsing

	sasl: Remove stack allocated 8kb temporary buffers
	Move the buffers to the heap allocated client/private data structs.

	qemu: Use heap allocated memory to read the monitor greeting
	Removing a 4kb stack allocation.
	Reduce stack buffer for virStrerror to the common 1kb instead of 4kb.

	phyp: Remove 16kb stack allocation
	Allocate on the heap instead.

	virt-aa-helper: Remove PATH_MAX sized stack allocations

	ebtables: Remove PATH_MAX sized stack allocation

	pci: Remove PATH_MAX sized stack allocations
	Use virAsprintf instead of snprintf.

	Remove PATH_MAX sized stack allocations related to virFileBuildPath
	Make virFileBuildPath operate on the heap instead of the stack. It
	allocates a buffer instead of expecting a preexisting buffer.

	vmx: Use case-insensitive compare functions for all content

	vmx: Support persistent CPU shares

2011-04-05  Markus Groß  <gross@univention.de>

	Add autostart support to libxl driver
	The domainSetAutostart function is nearly identical to the one from qemu.

2011-04-05  Jesse Cook  <code.crashenx@gmail.com>

	Allow relative path for qemu backing file
	This patch enables the relative backing file path support provided by
	qemu-img create.
	If a relative path is specified for the backing file, it is converted
	to an absolute path using the storage pool path. The absolute path is
	used to verify that the backing file exists. If the backing file exists,
	the relative path is allowed and will be provided to qemu-img create.

2011-04-05  Eric Blake  <eblake@redhat.com>

	build: detect potentential uninitialized variables
	Even with -Wuninitialized (which is part of autobuild.sh
	--enable-compile-warnings=error), gcc does NOT catch this
	use of an uninitialized variable:
	{
	  if (cond)
	    goto error;
	  int a = 1;
	error:
	  printf("%d", a);
	}
	which prints 0 (supposing the stack started life wiped) if
	cond was true.  Clang will catch it, but we don't use clang
	as often.  Using gcc -Wjump-misses-init catches it, but also
	gives false positives:
	{
	  if (cond)
	    goto error;
	  int a = 1;
	  return a;
	error:
	  return 0;
	}
	Here, a was never used in the scope of the error block, so
	declaring it after goto is technically fine (and clang agrees).
	However, given that our HACKING already documents a preference
	to C89 decl-before-statement, the false positive warning is
	enough of a prod to comply with HACKING.
	[Personally, I'd _really_ rather use C99 decl-after-statement
	to minimize scope, but until gcc can efficiently and reliably
	catch scoping and uninitialized usage bugs, I'll settle with
	the compromise of enforcing a coding standard that happens to
	reject false positives if it can also detect real bugs.]
	* acinclude.m4 (LIBVIRT_COMPILE_WARNINGS): Add -Wjump-misses-init.
	* src/util/util.c (__virExec): Adjust offenders.
	* src/conf/domain_conf.c (virDomainTimerDefParseXML): Likewise.
	* src/remote/remote_driver.c (doRemoteOpen): Likewise.
	* src/phyp/phyp_driver.c (phypGetLparNAME, phypGetLparProfile)
	(phypGetVIOSFreeSCSIAdapter, phypVolumeGetKey)
	(phypGetStoragePoolDevice)
	(phypVolumeGetPhysicalVolumeByStoragePool)
	(phypVolumeGetPath): Likewise.
	* src/vbox/vbox_tmpl.c (vboxNetworkUndefineDestroy)
	(vboxNetworkCreate, vboxNetworkDumpXML)
	(vboxNetworkDefineCreateXML): Likewise.
	* src/xenapi/xenapi_driver.c (getCapsObject)
	(xenapiDomainDumpXML): Likewise.
	* src/xenapi/xenapi_utils.c (createVMRecordFromXml): Likewise.
	* src/security/security_selinux.c (SELinuxGenNewContext):
	Likewise.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia):
	Likewise.
	* src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Likewise.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetPtyPaths):
	Likewise.
	* src/qemu/qemu_driver.c (qemudDomainShutdown)
	(qemudDomainBlockStats, qemudDomainMemoryPeek): Likewise.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendCreateIfaceIQN): Likewise.
	* src/node_device/node_device_udev.c (udevProcessPCI): Likewise.

2011-04-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.0
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: update polish translation and regenerate

2011-04-03  Wen Congyang  <wency@cn.fujitsu.com>

	fix memory leak in qemuProcessHandleGraphics()
	If strdup("x509dname") or strdup("saslUsername") success, but
	strdup(x509dname) or strdup(saslUsername) failed, subject->nidentity
	is not the num elements of subject->identities, and we will leak some
	memory.

	do not lock vm while allocating memory
	There is no need to lock vm while allocating memory. If allocating
	memory failed, we forgot to unlock vm.

2011-04-02  Eric Blake  <eblake@redhat.com>

	docs: fix typo
	* docs/formatdomain.html.in: Fix KVM name.

	docs: correct invalid xml
	* docs/internals.html.in: Fix xml errors.
	* docs/formatstorageencryption.html.in: Likewise.
	* docs/drvesx.html.in: Likewise.
	* docs/archnetwork.html.in: Likewise.
	* docs/logging.html.in: Likewise.
	* docs/drvvmware.html.in: Likewise.
	* docs/api.html.in: Likewise.
	* docs/formatnwfilter.html.in: Likewise.
	* docs/formatdomain.html.in: Likewise.
	* docs/windows.html.in: Likewise.

2011-04-01  Eric Blake  <eblake@redhat.com>

	virsh: fix mingw failure on creating nonblocking pipe
	* .gnulib: Update to latest, for nonblocking module.
	* bootstrap.conf (gnulib_modules): Add nonblocking.
	* src/util/util.c (virSetBlocking): Defer to gnulib.

2011-04-01  Daniel Veillard  <veillard@redhat.com>

	Fix libxl driver startup
	  When you happen to have a libvirtd binary compiled with the
	libxenlight driver (say you have installed xen-4.1 libraries)
	but not running a xen enabled system, then libvirtd fails to start.
	The cause is that libxlStartup() returns -1 when failing to initialize
	the library, and this propagates to virStateInitialize() which consider
	this a failure. We should only exit libxlStartup with an error code
	if something like an allocation error occurs, not if the driver failed
	to initialize.
	* src/libxl/libxl_driver.c: fix libxlStartup() to not return -1
	  when failing to initialize the libxenlight library

2011-04-01  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Fix documentation for memtune command
	Commit 78ba748ef14c520ff1c4af2b5b0a44586ac49c8c claims to fix
	documentation for swap_hard_limit virsh memtune option but it only fixes
	documentation in formatdomain.html and libvirt.h. This patch completes
	the task by fixing "virsh help memtune" output and memtune section of
	virsh man page.

2011-04-01  Guido Günther  <agx@sigxcpu.org>

	Make check_fc_host() and check_vport_capable() usable as rvalues
	as needed on non linux ports using HAL.

2011-04-01  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Ignore libvirt debug messages in qemu log
	qemu driver uses a 4K buffer for reading qemu log file. This is enough
	when only qemu's output is present in the log file. However, when
	debugging messages are turned on, intermediate libvirt process fills the
	log with a bunch of debugging messages before it executes qemu binary.
	In such a case the buffer may become too small. However, we are not
	really interested in libvirt messages so they can be filtered out from
	the buffer.

2011-04-01  Osier Yang  <jyang@redhat.com>

	qemu: Fix improper logic of qemuCgroupSetup
	It throws errors as long as the cgroup controller is not available,
	regardless of whether we really want to use it to do setup or not,
	which is not what we want, fixing it with throwing error when need
	to use the controller.
	And change "VIR_WARN" to "qemuReportError" for memory controller
	incidentally.

2011-04-01  Wen Congyang  <wency@cn.fujitsu.com>

	free tmp after unlinking it
	We create a temporary file to save memory, and we will remove it after reading
	memory to buffer. But we free the variable that contains the temporary filename
	before we remove it. So we should free tmp after unlinking it.

2011-04-01  Michal Privoznik  <mprivozn@redhat.com>

	Fix several formatting mistakes in doc

2011-04-01  Daniel P. Berrange  <berrange@redhat.com>

	Remove iohelper on Win32 since it is not required
	The iohelper binary is not required on Win32, although it compiles
	without trouble. Simply remove it from the RPM.
	* mingw32-libvirt.spec.in: Remove iohelper

2011-03-31  Daniel P. Berrange  <berrange@redhat.com>

	Fix domain events C example on Win32
	printf on Win32 does not necessarily support %lld and we don't
	have GNULIBs wrapper for printf(). Switch to use asprintf() for
	which we do have a gnulib wrapper with %lld support
	* examples/domain-events/events-c/event-test.c: Fix formatting
	  of %lld on Win32
	* cfg.mk: Don't require use of virAsprintf since this is an
	  example app for out of tree users to follow

2011-03-31  Eric Blake  <eblake@redhat.com>

	maint: avoid locale-sensitivity in string case comparisons
	strcase{cmp/str} have the drawback of being sensitive to the global
	locale; this is unacceptable in a library setting.  Prefer a
	hard-coded C locale alternative for all but virsh, which is user
	facing and where the global locale isn't changing externally.
	* .gnulib: Update to latest, for c-strcasestr change.
	* bootstrap.conf (gnulib_modules): Drop strcasestr, add c-strcase
	and c-strcasestr.
	* cfg.mk (sc_avoid_strcase): New rule.
	(exclude_file_name_regexp--sc_avoid_strcase): New exception.
	* src/internal.h (STRCASEEQ, STRCASENEQ, STRCASEEQLEN)
	(STRCASENEQLEN): Adjust offenders.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextEjectMedia):
	Likewise.
	* tools/virsh.c (namesorter): Document exception.

	docs: mention C89 syntax preferences
	* docs/hacking.html.in (Code formatting): Document that // comment
	and declaration-after-statement are discouraged.
	* HACKING: Regenerate.

2011-03-31  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix media eject with qemu-0.12.*
	In qemu-0.12.* "device '...' is locked" message was changed to "Device
	..." so libvirt was no longer detecting this as an error.

2011-03-30  Daniel Veillard  <veillard@redhat.com>

	The next release is 0.9.0 not 0.8.9
	Fix this which went into documentation

2011-03-30  Wen Congyang  <wency@cn.fujitsu.com>

	check whether qemuMonitorJSONHMP() failed
	If qemu quited unexpectedly when we call qemuMonitorJSONHMP(),
	libvirt will crash.
	Steps to reproduce this bug:
	1. use gdb to attach libvirtd, and set a breakpoint in the function
	   qemuMonitorSetCapabilities()
	2. start a vm
	3. let the libvirtd to run until qemuMonitorJSONSetCapabilities() returns.
	4. kill the qemu process
	5. continue running libvirtd

	do not send monitor command after monitor meet error
	If the monitor met a error, and we will call qemuProcessHandleMonitorEOF().
	But we may try to send monitor command after qemuProcessHandleMonitorEOF()
	returned. Then libvirtd will be blocked in qemuMonitorSend().
	Steps to reproduce this bug:
	1. use gdb to attach libvirtd, and set a breakpoint in the function
	   qemuConnectMonitor()
	2. start a vm
	3. let the libvirtd to run until qemuMonitorOpen() returns.
	4. kill the qemu process
	5. continue running libvirtd

2011-03-30  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: unlock qemu driver before return from domain save
	qemuDriverUnlock() wasn't called on 2 exit paths
	* src/qemu/qemu_driver.c: fix qemudDomainSave() to always unlock
	  the driver before exiting on error

2011-03-30  Naoya Horiguchi  <n-horiguchi@ah.jp.nec.com>

	extend logging to record configuration-related changes
	Currently libvirt's default logging is limited and it is difficult to
	determine what was happening when a proglem occurred (especially on a
	machines where one don't know the detail.)  This patch helps to do that
	by making additional logging available for the following events:
	  creating/defining/undefining domains
	  creating/defining/undefining/starting/stopping networks
	  creating/defining/undefining/starting/stopping storage pools
	  creating/defining/undefining/starting/stopping storage volumes.
	* AUTHORS: add Naoya Horiguchi
	* src/network/bridge_driver.c src/qemu/qemu_driver.c
	  src/storage/storage_driver.c: provide more VIR_INFO logging

2011-03-30  Daniel Veillard  <veillard@redhat.com>

	Add libvirt_iohelper to spec file
	The new iohelper binary was missing from the packaging spec

2011-03-29  Osier Yang  <jyang@redhat.com>

	cputune: New tests for cputune XML
	v1 - v2:
	  * Add missed tests/qemuxml2argvdata/qemuxml2argv-cputune.args

	cputune: Support cputune for xend driver
	Not sure if it's the correct way to add cputune xml for xend driver,
	and besides, seems "xm driver" and "xen hypervisor" also support
	vcpu affinity, do we need to add support for them too?

	cputune: Support cputune for lxc driver
	LXC driver doesn't support vcpu affinity yet, so just need
	to modify it to support cpu shares.

	cputune: Support cputune for qemu driver
	When domain startup, setting cpu affinity and cpu shares according
	to the cputune xml specified in domain xml.
	Modify "qemudDomainPinVcpu" to update domain config for vcpupin,
	and modify "qemuSetSchedulerParameters" to update domain config
	for cpu shares.
	v1 - v2:
	   * Use "VIR_ALLOC_N" instead of "VIR_ALLOC_VAR"
	   * But keep raising error when it fails on adding vcpupin xml
	     entry, as I still don't have a better idea yet.

	cputune: Implementations of parsing and formating cputune xml
	Implementations of following functions:
	  virDomainVcpupinIsDuplicate
	  virDomainVcpupinFindByVcpu
	  virDomainVcpupinAdd
	Update "virDomainDefParseXML" to parse, and "virDomainDefFormatXML"
	to build cputune xml, also implementations of new internal helper
	functions.
	v1 - v2:
	  * Resolve potential crash bug of "virDomainVcpupinAdd"

	cputune: Add data structures presenting cputune XML
	Also related new functions' declaration, and expose the new introduced
	functions in libvirt_private.syms.
	v1 - v2:
	  Don't expose "virAllocVar" in libvirt_private.syms

	cputune: Add document for cputune XML
	v1 - v3:
	  * More clear document for "cpu shares", adopted suggestions from
	    Matthias Bottle and Daniel Veillard.

	cputune: Add XML schema for cputune xml
	v1 - v2:
	  * Remove upper limit of cpu shares. (Suggested by Matthias Bottle)

2011-03-29  Eric Blake  <eblake@redhat.com>

	qemu: fix regression with fd labeling on migration
	My earlier testing for commit 34fa0de0 was done while starting
	just-built libvirt from an unconfined_t shell, where the fds happened
	to work when transferring to qemu.  But when installed and run under
	virtd_t, failure to label the raw file (with no compression) or the
	pipe (with compression) triggers SELinux failures when passing fds
	over SCM_RIGHTS to svirt_t qemu.
	* src/qemu/qemu_migration.c (qemuMigrationToFile): When passing
	FDs, make sure they are labeled.

	qemu: improve error message on failed fd transfer
	First fallout of fd: migration - it looks like SELinux enforcing
	_does_ require fd labeling (running uninstalled libvirtd from an
	unconstrained shell had no problems, but once faked out by doing
	 chcon `stat -c %C /usr/sbin/libvirtd` daemon/libvirtd
	 run_init $PWD/daemon/libvirtd
	to run it with the same context as an init script service, and with
	SELinux enforcing, I got a rather confusing failure:
	error: Failed to save domain fedora_12 to fed12.img
	error: internal error unable to send TAP file handle: No file descriptor supplied via SCM_RIGHTS
	This fixes the error message, then I need to figure out a subsequent
	patch that does the fsetfilecon() necessary to keep things happy.
	It also appears that libvirtd hangs on a failed fd transfer; I don't
	know if that needs an independent fix.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextSendFileHandle):
	Improve message, since TAP is no longer only client.

	maint: ignore new built file
	* .gitignore: Exclude libvirt_iohelper.

2011-03-29  Markus Groß  <gross@univention.de>

	Add domainSuspend/Resume to libxl driver
	* src/libxl/libxl_driver.c: implements libxlDomainSuspend and
	  libxlDomainResume

	Add domainGetOSType to libxl driver
	* src/libxl/libxl_driver.c: implements libxlDomainGetOSType

	Add domainGetSchedulerType to libxl driver
	* src/libxl/libxl_driver.c: implements libxlDomainGetSchedulerType

	Implements domainXMLTo/FromNative in libxl driver
	* src/Makefile.am src/libvirt_private.syms configure.ac: share and
	  reuse the sexpr routines from sexpr.h of the old xen driver
	* src/libxl/libxl_driver.c: implements libxlDomainXMLFromNative and
	  libxlDomainXMLToNative

	Add vcpu functions to libxl driver
	Hook the virtual cpu functions to their libxenlight counterparts
	* src/libxl/libxl_driver.c: implements libxlDomainSetVcpus,
	  libxlDomainGetVcpus, libxlDomainSetVcpusFlags,
	  libxlDomainGetVcpusFlags and libxlDomainPinVcpu

	List authors in copyright headers
	* src/libxl/libxl_conf.[ch] src/libxl/libxl_driver.[ch]: add authors
	  after the licence template

	Add event callbacks to libxl driver
	* src/libxl/libxl_conf.h: add the necessary fields to the driver
	  private structure
	* src/libxl/libxl_driver.c: add lifecycle event support and entry
	  points for event(de)register(any)

	Ignore return value of virDomainObjUnref
	* src/libxl/libxl_driver.c: use ignore_value() in libxlDomainObjUnref
	  and libxlCreateDomEvents

2011-03-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix infinite loop in daemon if client quits with multiple streams open
	The daemon loops over the linked list of streams when a client
	quits, closing any that the client hadn't already closed. Except
	it didn't ever move to the next element in the list!
	* daemon/stream.c: Fix loop over linked list of streams

	Remote protocol support for storage vol upload/download APIs
	* daemon/remote.c, src/remote/remote_driver.c: Implementation
	  of storage vol upload/download APIs
	* src/remote/remote_protocol.x: Wire protocol definition for
	  upload/download
	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_table.h, src/remote/remote_protocol.h,
	  src/remote/remote_protocol.c: Re-generate

	Support volume data upload/download APIs in storage driver
	Use generic FD streams to allow data upload/download to/from
	any storage volume
	* src/storage/storage_driver.c: Wire up upload/download APIs

	Add vol-upload and vol-download commands to virsh
	The new commands vol-upload and vol-download, allow a local file
	to be transferred to/from a storage volume.
	* tools/virsh.c: Add vol-upload and vol-download commands
	* tools/virsh.pod: Document new commands

	Add public APIs for storage volume upload/download
	New APIs are added allowing streaming of content to/from
	storage volumes.
	* include/libvirt/libvirt.h.in: Add virStorageVolUpload and
	  virStorageVolDownload APIs
	* src/driver.h, src/libvirt.c, src/libvirt_public.syms: Stub
	  code for new APIs
	* src/storage/storage_driver.c, src/esx/esx_storage_driver.c:
	  Add dummy entries in driver table for new APIs

	Enhance the streams helper to support plain file I/O
	The O_NONBLOCK flag doesn't work as desired on plain files
	or block devices. Introduce an I/O helper program that does
	the blocking I/O operations, communicating over a pipe that
	can support O_NONBLOCK
	* src/fdstream.c, src/fdstream.h: Add non-blocking I/O
	  on plain files/block devices
	* src/Makefile.am, src/util/iohelper.c: I/O helper program
	* src/qemu/qemu_driver.c, src/lxc/lxc_driver.c,
	  src/uml/uml_driver.c, src/xen/xen_driver.c: Update for
	  streams API change

	Update event loop example programs to demonstrate best practice
	The example C event loop code is a nasty hack and not compliant
	with the require API semantics. Delete this, so that developers
	don't mistakenly copy it. Instead call the new public event loop
	APIs.
	Update the python event loop example, so that it can optionally
	use the public event APIs, as an alternative to the pure python
	code. The pure python event code is a good working example, so
	don't delete it.
	Also make the python example use a read only connection to avoid
	authentication prompts
	* examples/domain-events/events-c/event-test.c: Replace event
	  loop code with use of public APIs
	* examples/domain-events/events-python/event-test.py: Allow
	  optional use of new public event APIs

2011-03-29  Eric Blake  <eblake@redhat.com>

	qemu: fix regression that hangs on save failure
	Regression introduced in commit 6034ddd55.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Jump to correct
	label.

	build: fix compilation on mingw
	* src/util/command.c (virCommandAbort) [WIN32]: Provide stub.
	Reported by Daniel P. Berrange's autobuilder.

	qemu: support fd: migration with compression
	Spawn the compressor ourselves, instead of requiring the shell.
	* src/qemu/qemu_migration.c (qemuMigrationToFile): Spawn
	compression helper process when needed.

	qemu: skip granting access during fd migration
	SELinux labeling and cgroup ACLs aren't required if we hand a
	pre-opened fd to qemu.  All the more reason to love fd: migration.
	* src/qemu/qemu_migration.c (qemuMigrationToFile): Skip steps
	that are irrelevant in fd migration.

	qemu: consolidate migration to file code
	This points out that core dumps (still) don't work for root-squash
	NFS, since the fd is not opened correctly.  This patch should not
	introduce any functionality change, it is just a refactoring to
	avoid duplicated code.
	* src/qemu/qemu_migration.h (qemuMigrationToFile): New prototype.
	* src/qemu/qemu_migration.c (qemuMigrationToFile): New function.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag, doCoreDump): Use
	it.

	qemu: use common API for reading difficult files
	Direct access to an open file is so much simpler than passing
	everything through a pipe!
	* src/qemu/qemu_driver.c (qemudOpenAsUID)
	(qemudDomainSaveImageClose): Delete.
	(qemudDomainSaveImageOpen): Rename...
	(qemuDomainSaveImageOpen): ...and drop read_pid argument.  Use
	virFileOpenAs instead of qemudOpenAsUID.
	(qemudDomainSaveImageStartVM, qemudDomainRestore)
	(qemudDomainObjRestore): Rename...
	(qemuDomainSaveImageStartVM, qemuDomainRestore)
	(qemDomainObjRestore): ...and simplify accordingly.
	(qemudDomainObjStart, qemuDriver): Update callers.

	qemu, storage: improve type safety
	* src/storage/storage_backend.c (createRawFileOpHook): Change
	signature.
	(struct createRawFileOpHookData): Delete unused struct.
	(virStorageBackendCreateRaw): Adjust caller.
	* src/qemu/qemu_driver.c (struct fileOpHookData): Delete unused
	struct.
	(qemudDomainSaveFileOpHook): Rename...
	(qemuDomainSaveFileOpHook): ...and change signature.
	(qemudDomainSaveFlag): Adjust caller.

	util: adjust indentation in previous patch
	Separating the indentation from the real patch made review easier.
	* src/util/util.c (virFileOpenAs): Whitespace changes.

	util: rename virFileOperation to virFileOpenAs
	This patch intentionally doesn't change indentation, in order to
	make it easier to review the real changes.
	* src/util/util.h (VIR_FILE_OP_RETURN_FD, virFileOperationHook):
	Delete.
	(virFileOperation): Rename...
	(virFileOpenAs): ...and reduce parameters.
	* src/util/util.c (virFileOperationNoFork, virFileOperation):
	Rename and simplify.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Adjust caller.
	* src/storage/storage_backend.c (virStorageBackendCreateRaw):
	Likewise.
	* src/libvirt_private.syms: Reflect rename.

	storage: simplify fd handling
	* src/storage/storage_backend.c (virStorageBackendCreateRaw): Use
	new virFileOperation flag.

	qemu: simplify domain save fd handling
	This makes root-squash NFS saves more efficient.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Use new
	virFileOperation flag to open fd only once.

	util: use SCM_RIGHTS in virFileOperation when needed
	Currently, the hook function in virFileOperation is extremely limited:
	it must be async-signal-safe, and cannot modify any memory in the
	parent process.  It is much handier to return a valid fd and operate
	on it in the parent than to deal with hook restrictions.
	* src/util/util.h (VIR_FILE_OP_RETURN_FD): New flag.
	* src/util/util.c (virFileOperationNoFork, virFileOperation):
	Honor new flag.

	qemu: allow simple domain save to use fd: protocol
	This allows direct saves (no compression, no root-squash NFS) to use
	the more efficient fd: migration, which in turn avoids a race where
	qemu exec: migration can sometimes fail because qemu does a generic
	waitpid() that conflicts with the pclose() used by exec:.  Further
	patches will solve compression and root-squash NFS.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Use new function
	when there is no compression.

	qemu: fix restoring a compressed save image
	Latent bug introduced in commit 2d6a581960 (Aug 2009), but not exposed
	until commit 1859939a (Jan 2011).  Basically, when virExec creates a
	pipe, it always marks libvirt's side as cloexec.  If libvirt then
	wants to hand that pipe to another child process, things work great if
	the fd is dup2()'d onto stdin or stdout (as with stdin: or exec:
	migration), but if the pipe is instead used as-is (such as with fd:
	migration) then qemu sees EBADF because the fd was closed at exec().
	This is a minimal fix for the problem at hand; it is slightly racy,
	but no more racy than the rest of libvirt fd handling, including the
	case of uncompressed save images.  A more invasive fix, but ultimately
	safer at avoiding leaking unintended fds, would be to _always and
	atomically_ open all fds as cloexec in libvirt (thanks to primitives
	like open(O_CLOEXEC), pipe2(), accept4(), ...), then teach virExec to
	clear that bit for all fds explicitly marked to be handed to the child
	only after forking.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Clear cloexec
	flag.
	* tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Tweak test.

	util: allow clearing cloexec bit
	* src/util/util.h (virSetInherit): New prototype.
	* src/util/util.c (virSetCloseExec): Move guts...
	(virSetInherit): ...to new function, and allow clearing.
	* src/libvirt_private.syms (util.h): Export it.

	logging: always NUL-terminate circular buffer
	* src/util/logging.c (virLogStartup, virLogSetBufferSize):
	Over-allocate, so that a debugger can just print the circular
	buffer.  Suggested by Daniel Veillard.

	maint: use space, not tab, in remote_protocol-structs
	* src/Makefile.am (remote_protocol-structs): Flatten tabs.
	* src/remote_protocol-structs: Likewise.  Also add a hint to emacs
	to make it easier to keep spaces in the file.

2011-03-28  Eric Blake  <eblake@redhat.com>

	tests: don't alter state in $HOME
	Diego reported a bug where virsh tries to initialize a readline
	history directory during 'make check' run as root, but fails
	because /root was read-only.
	It turns out that I could reproduce this as non-root, by using:
	mv ~/.virsh{,.bak}
	chmod a-w ~
	make check -C tests TESTS=int-overflow
	chmod u+w ~
	mv ~/.virsh{.bak,}
	* tests/int-overflow: Don't trigger interactive mode.
	Reported by Diego Elio Pettenò.

	docs: document recent hook additions
	* src/qemu/qemu_process.c (qemuProcessStart, qemuProcessStop): Fix
	typos.
	* docs/hooks.html.in: Document 'prepare' and 'release' hooks.

	qemu: don't restore state label twice
	Otherwise, if something like doStopVcpus fails after the first
	restore, a second restore is attempted and throws a useless
	warning.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Avoid second
	restore of state label.

2011-03-28  Daniel P. Berrange  <berrange@redhat.com>

	Remove the Open Nebula driver
	The Open Nebula driver has been unmaintained since it was first
	introduced. The only commits have been for tree-wide cleanups.
	It also has a major design flaw, in that it only knows about guests
	that it has created itself, which makes it of very limited use.
	Discussions wrt evolution of the VMWare ESX driver, concluded that
	it should limit itself to single-node ESX operation and not try to
	manage the multi-node architecture of VirtualCenter. Open Nebula
	is a cluster like Virtual Center, not a single node system, so
	the same reasoning applies.
	The DeltaCloud project includes an Open Nebula driver and is a much
	better fit architecturally, since it is explicitly targetting the
	distributed multihost cluster scenario.
	Thus this patch deletes the libvirt Open Nebula driver with the
	recommendation that people use DeltaCloud for managing it instead.
	* configure.ac: Remove probe for xmlrpc & --with-one arg
	* daemon/Makefile.am, daemon/libvirtd.c, src/Makefile.am: Remove
	  ONE driver build
	* src/opennebula/one_client.c, src/opennebula/one_client.h,
	  src/opennebula/one_conf.c, src/opennebula/one_conf.h,
	  src/opennebula/one_driver.c, src/opennebula/one_driver.c: Delete
	  files
	* autobuild.sh, libvirt.spec.in, mingw32-libvirt.spec.in: Remove
	  build rules for Open Nebula
	* docs/drivers.html.in, docs/sitemap.html.in: Remove reference
	  to OpenNebula
	* docs/drvone.html.in: Delete file

2011-03-28  Osier Yang  <jyang@redhat.com>

	Fix syntax error in configure.ac
	Which will lead "./configure --with-audit=yes" breaks.

2011-03-28  Daniel Veillard  <veillard@redhat.com>

	Update of localisations, switch to transifex
	Last pull from i18n CVS, then push to transifex.net which is now
	our localization upstream:
	http://www.transifex.net/projects/p/libvirt/resource/strings/

	Update on the goal page
	Some things to note in this patch:
	   - we do extend libvirt scope beyond purely managing domains, there is
	     already a number of blocks which are here as helpr functions to
	     manage the resources on the host.
	   - we are expanding in the direction of libvirt being sufficient to do
	     most of the management on the Host (but within the limits of the need
	     for virtualization, e.g. managing users on the host is out of scope)
	   - we don't require anymore APIs to be supported by multiple
	     hypervisors to get in, it's already the case in practice, but we
	     should still make sure the semantic of those APIs are clear. We
	     added quite a bit for QEmu, but for example I saw on IRC that VBox
	     could emulate a network unplug/replug on a domain interface, and
	     that would be a good addition even if a priori no other hypervisor
	     supports it.
	   - Make clear that all libvirt APIs are available remotely, which is
	     key to use libvirt for building management tools.
	   - link the goal page from the project main page
	As for libvirt project directions, I think it just reflects the natural
	evolution in the last couple of years. We are less hypervisor agnostic
	and extending in the Host management. Clearly there is interest in
	making sure libvirt is complete in term of features for the hypervisors
	supported, especially the ones like KVM or LXC which don't really have
	integrated management library.
	* docs/goals.html.in: update the goals page
	* docs/index.html.in: link it from the top page

2011-03-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote: Don't leak gnutls session on negotiation error

2011-03-26  Eric Blake  <eblake@redhat.com>

	hooks: fix regression in previous patch
	* src/util/hooks.c (virHookCheck): Missing hooks should just be
	debug, not warn.

2011-03-25  Philipp Hahn  <hahn@univention.de>

	Add missing { for qemudDomainInterfaceStats
	Add missing open curly brace between function declaration of non-linux
	variant of qemudDomainInterfaceStats() and its body.

2011-03-25  Eric Blake  <eblake@redhat.com>

	build: shorten libxenlight summary for consistent alignment
	* configure.ac: Use xenlight: rather than libxenlight: in summary.
	Suggested by Daniel Veillard.

2011-03-25  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Avoid resetting errors before they are reported
	Commit f44bfb7 was supposed to make sure no additional libvirt API (esp.
	*Free) is called before remoteDispatchConnError() is called on error.
	However, the patch missed two instances.

2011-03-25  Eric Blake  <eblake@redhat.com>

	command: add virCommandAbort for cleanup paths
	Sometimes, an asynchronous helper is started (such as a compressor
	or iohelper program), but a later error means that we want to
	abort that child.  Make this easier.
	Note that since daemons and virCommandRunAsync can't mix, the only
	time virCommandFree can reap a process is if someone did
	virCommandRunAsync for a non-daemon and didn't stash the pid.
	* src/util/command.h (virCommandAbort): New prototype.
	* src/util/command.c (_virCommand): Add new field.
	(virCommandRunAsync, virCommandWait): Track whether pid was used.
	(virCommandFree): Reap child if caller did not request pid.
	(virCommandAbort): New function.
	* src/libvirt_private.syms (command.h): Export it.
	* tests/commandtest.c (test19): New test.

	command: don't mix RunAsync and daemons
	It doesn't make sense to run a daemon without synchronously
	waiting for the child process to reply whether the daemon has
	been kicked off and pidfile written yet.
	* src/util/command.c (VIR_EXEC_RUN_SYNC): New constant.
	(virCommandRun): Set temporary flag.
	(virCommandRunAsync): Use it to prevent async runs of intermediate
	child when spawning asynchronous daemon grandchild.

	command: properly diagnose process exit via signal
	Child processes don't always reach _exit(); if they die from a
	signal, then any messages should still be accurate.  Most users
	either expect a 0 status (thankfully, if status==0, then
	WIFEXITED(status) is true and WEXITSTATUS(status)==0 for all
	known platforms) or were filtering on WIFEXITED before printing
	a status, but a few were missing this check.  Additionally,
	nwfilter_ebiptables_driver was making an assumption that works
	on Linux (where WEXITSTATUS shifts and WTERMSIG just masks)
	but fails on other platforms (where WEXITSTATUS just masks and
	WTERMSIG shifts).
	* src/util/command.h (virCommandTranslateStatus): New helper.
	* src/libvirt_private.syms (command.h): Export it.
	* src/util/command.c (virCommandTranslateStatus): New function.
	(virCommandWait): Use it to also diagnose status from signals.
	* src/security/security_apparmor.c (load_profile): Likewise.
	* src/storage/storage_backend.c
	(virStorageBackendQEMUImgBackingFormat): Likewise.
	* src/util/util.c (virExecDaemonize, virRunWithHook)
	(virFileOperation, virDirCreate): Likewise.
	* daemon/remote.c (remoteDispatchAuthPolkit): Likewise.
	* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesExecCLI):
	Likewise.

2011-03-25  Markus Groß  <gross@univention.de>

	Add memory functions to libxl driver

2011-03-25  Wen Congyang  <wency@cn.fujitsu.com>

	fix the check of the output of monitor command 'device_add'
	Hotpluging host usb device by text mode will fail, because the monitor
	command 'device_add' outputs 'husb: using...' if it succeeds, but we
	think the command should not output anything.

2011-03-25  Eric Blake  <eblake@redhat.com>

	build: enforce reference count checking
	Add the compiler attribute to ensure we don't introduce any more
	ref bugs like were just patched in commit 9741f34, then explicitly
	mark the remaining places in code that are safe.
	* src/qemu/qemu_monitor.h (qemuMonitorUnref): Mark
	ATTRIBUTE_RETURN_CHECK.
	* src/conf/domain_conf.h (virDomainObjUnref): Likewise.
	* src/conf/domain_conf.c (virDomainObjParseXML)
	(virDomainLoadStatus): Fix offenders.
	* src/openvz/openvz_conf.c (openvzLoadDomains): Likewise.
	* src/vmware/vmware_conf.c (vmwareLoadDomains): Likewise.
	* src/qemu/qemu_domain.c (qemuDomainObjBeginJob)
	(qemuDomainObjBeginJobWithDriver)
	(qemuDomainObjExitRemoteWithDriver): Likewise.
	* src/qemu/qemu_monitor.c (QEMU_MONITOR_CALLBACK): Likewise.
	Suggested by Daniel P. Berrange.

	maint: prohibit access(,X_OK)
	This simplifies several callers that were repeating checks already
	guaranteed by util.c, and makes other callers more robust to now
	reject directories.  remote_driver.c was over-strict - access(,R_OK)
	is only needed to execute a script file; a binary only needs
	access(,X_OK) (besides, it's unusual to see a file with x but not
	r permissions, whether script or binary).
	* cfg.mk (sc_prohibit_access_xok): New syntax-check rule.
	(exclude_file_name_regexp--sc_prohibit_access_xok): Exempt one use.
	* src/network/bridge_driver.c (networkStartRadvd): Fix offenders.
	* src/qemu/qemu_capabilities.c (qemuCapsProbeMachineTypes)
	(qemuCapsInitGuest, qemuCapsInit, qemuCapsExtractVersionInfo):
	Likewise.
	* src/remote/remote_driver.c (remoteFindDaemonPath): Likewise.
	* src/uml/uml_driver.c (umlStartVMDaemon): Likewise.
	* src/util/hooks.c (virHookCheck): Likewise.

2011-03-25  Markus Groß  <gross@univention.de>

	Get cpu time and current memory balloon from libxl

2011-03-24  Jiri Denemark  <jdenemar@redhat.com>

	Make error reporting in libvirtd thread safe
	Bug https://bugzilla.redhat.com/show_bug.cgi?id=689374 reported libvirtd
	crash during error dispatch.
	The reason is that libvirtd uses remoteDispatchConnError() with non-NULL
	conn parameter which means that virConnGetLastError() is used instead of
	its thread safe replacement virGetLastError().
	So when several libvirtd threads are reporting errors at the same time,
	the errors can get mixed or corrupted or in case of bad luck libvirtd
	itself crashes.
	Since Daniel B. is going to rewrite this code from scratch on top of his
	RPC infrastructure, I tried to come up with a minimal fix. Thus,
	remoteDispatchConnError() now just ignores its conn argument and always
	calls virGetLastError(). However, several callers had to be touched as
	well, since no libvirt API is allowed to be called before dispatching
	the error. Doing so would reset the error and we would have nothing to
	dispatch. As a result of that, the code is not very nice but that
	doesn't really make daemon/remote.c worse than it is now :-) And it will
	all die soon, which is good.
	The bug report also contains a reproducer in C which detects both mixed
	up error messages and libvirtd crash. Before this patch, I was able to
	crash libvirtd in about 20 seconds up to 3 minutes depending on number
	of CPU cores (more is better) and luck.

2011-03-24  Wen Congyang  <wency@cn.fujitsu.com>

	update domain status forcibly even if attach a device failed
	Steps to reproduce this bug:
	1. virsh attach-disk domain --source diskimage --target sdb --sourcetype file --driver qemu --subdriver qcow2
	   error: Failed to attach disk
	   error: operation failed: adding scsi-disk,bus=scsi0.0,scsi-id=1,drive=drive-scsi0-0-1,id=scsi0-0-1 device failed: Property 'scsi-disk.drive' can't find value 'drive-scsi0-0-1'
	2. service libvirtd restart
	   Stopping libvirtd daemon:                                  [  OK  ]
	   Starting libvirtd daemon:                                  [  OK  ]
	3. virsh attach-disk domain --source diskimage --target sdb --sourcetype file --driver qemu --subdriver raw
	   error: Failed to attach disk
	   error: operation failed: adding lsi,id=scsi0,bus=pci.0,addr=0x6 device failed: Duplicate ID 'scsi0' for device
	The reason is that we create a new scsi controller but we do not update
	/var/run/libvirt/qemu/domain.xml.

2011-03-24  Eric Blake  <eblake@redhat.com>

	build: nuke all .x-sc* files, and fix VPATH syntax-check
	Not every day you see a patch that nukes 27 files!
	* .gnulib: Update to latest, for maint.mk improvements
	* bootstrap: Resync to gnulib.
	* bootstrap.conf (ACLOCAL): Swap the secondary aclocal include
	directory, now that bootstrap picks up gnulib/m4 instead of m4.
	* Makefile.am (syntax_check_exceptions, EXTRA_DIST): No longer
	worry about nuked files.
	* cfg.mk (sc_x_sc_dist_check): Delete dead rule.
	(VC_LIST_ALWAYS_EXCLUDE_REGEX): Add HACKING.
	(exclude_file_name_regexp--sc_*): Inline and simplify contents...
	* .x-sc_*: ...from here, then delete the files.

	command: reject pidfile on non-daemon
	* src/util/command.c (virCommandRunAsync): Since virExec only
	creates pidfiles for daemon, enforce this in virCommand.

	domain_conf: drop unused ref-count in snapshot object
	The ref count was assigned to 1 at creation, then never modified again
	until it was decremented just before freeing the object.
	* src/conf/domain_conf.h (_virDomainSnapshotObj): Delete unused
	field.
	(virDomainSnapshotObjUnref): Delete unused prototype.
	* src/libvirt_private.syms: Likewise.
	* src/conf/domain_conf.c (virDomainSnapshotObjNew)
	(virDomainSnapshotObjListDataFree): Update users.
	(virDomainSnapshotObjUnref): Delete.

	rpm: add missing dependencies
	Among others, the missing radvd dependency showed up as:
	error: Failed to start network ipv6net
	error: Cannot find radvd - Possibly the package isn't installed: No such file
	or directory
	even when radvd was installed, because the RADVD preprocessor
	symbol was missing at configure time.
	* libvirt.spec.in (with_network): Add BuildRequires for radvd,
	iptables, and ip6tables.
	(BuildRequires): Add libxslt and augeas for docs and test.
	(with_libvirtd): Add module-init-tools for modprobe.
	(with_nwfilter): Add BuildRequires for ebtables.
	(with_esx): Fix esx build on RHEL 5, thanks to curl-devel rename.

	rpm: separate runtime and build requirements
	* libvirt.spec.in (Requires): Reorganize requirements a bit; no
	functional change.

2011-03-23  Osier Yang  <jyang@redhat.com>

	util: Fix return value for virJSONValueFromString if it fails
	Problem:
	  "parser.head" is not NULL even if it's free'ed by "virJSONValueFree",
	returning "parser.head" when "virJSONValueFromString" fails will cause
	unexpected errors (libvirtd will crash sometimes), e.g.
	  In function "qemuMonitorJSONArbitraryCommand":
	        if (!(cmd = virJSONValueFromString(cmd_str)))
	            goto cleanup;
	        if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
	            goto cleanup;
	        ......
	     cleanup:
	        virJSONValueFree(cmd);
	  It will continues to send command to monitor even if "virJSONValueFromString"
	is failed, and more worse, it trys to free "cmd" again.
	  Crash example:
	{"error":{"class":"QMPBadInputObject","desc":"Expected 'execute' in QMP input","data":{"expected":"execute"}}}
	{"error":{"class":"QMPBadInputObject","desc":"Expected 'execute' in QMP input","data":{"expected":"execute"}}}
	error: server closed connection:
	error: unable to connect to '/var/run/libvirt/libvirt-sock', libvirtd may need to be started: Connection refused
	error: failed to connect to the hypervisor
	  This fix is to:
	    1) return NULL for failure of "virJSONValueFromString",
	    2) and it seems "virJSONValueFree" uses incorrect loop index for type
	       of "VIR_JSON_TYPE_OBJECT", fix it together.
	* src/util/json.c

2011-03-23  Wen Congyang  <wency@cn.fujitsu.com>

	Initialization error of qemuCgroupData in Qemu host usb hotplug
	Steps to reproduce this bug:
	# cat usb.xml
	<hostdev mode='subsystem' type='usb'>
	  <source>
	    <address bus='0x001' device='0x003'/>
	  </source>
	</hostdev>
	# virsh attach-device vm1 usb.xml
	error: Failed to attach device from usb.xml
	error: server closed connection:
	The reason of this bug is that we set data.cgroup to NULL, and this will cause
	libvirtd crashed.

2011-03-23  Eric Blake  <eblake@redhat.com>

	qemu: simplify monitor callbacks
	A future patch will change reference counting idioms; consolidating
	this pattern now makes the next patch smaller (touch only the new
	macro rather than every caller).
	* src/qemu/qemu_monitor.c (QEMU_MONITOR_CALLBACK): New helper.
	(qemuMonitorGetDiskSecret, qemuMonitorEmitShutdown)
	(qemuMonitorEmitReset, qemuMonitorEmitPowerdown)
	(qemuMonitorEmitStop, qemuMonitorEmitRTCChange)
	(qemuMonitorEmitWatchdog, qemuMonitorEmitIOError)
	(qemuMonitorEmitGraphics): Use it to reduce duplication.

	build: fix missing initializer
	Commit cb4aba9b6 forgot xenapi.
	* src/xenapi/xenapi_driver.c (xenapiDriver): Adjust to recent API.

2011-03-23  Roopa Prabhu  <roprabhu@cisco.com>

	8021Qbh: use preassociate-rr during the migration prepare stage
	This patch introduces PREASSOCIATE-RR during incoming VM migration on the
	destination host. This is similar to the usage of PREASSOCIATE during
	migration in 8021qbg libvirt code today. PREASSOCIATE-RR is a VDP operation.
	With the latest at IEEE, 8021qbh will need to support VDP operations.
	A corresponding enic driver patch to support PREASSOCIATE-RR for 8021qbh
	will be posted for net-next-2.6 inclusion soon.

2011-03-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix uninitialized variable & error reporting in LXC veth setup
	THe veth setup in LXC had a couple of flaws, first brInit did
	not report any error when it failed. Second vethCreate() did
	not correctly initialize the variable containing the return
	code, so could report failure even when it succeeded.
	* src/lxc/lxc_driver.c: Report error when brInit fails
	* src/lxc/veth.c: Fix uninitialized variable

	Wire up virDomainMigrateSetSpeed into QEMU driver
	Enhance the QEMU migration monitoring loop, so that it can get
	a signal to change migration speed on the fly
	* src/qemu/qemu_domain.h: Add signal for changing speed on the fly
	* src/qemu/qemu_driver.c: Wire up virDomainMigrateSetSpeed driver
	* src/qemu/qemu_migration.c: Support signal for changing speed

	Wire up virDomainMigrateSetSpeed for the remote RPC driver
	* src/remote/remote_protocol.x: Define wire protocol
	* daemon/remote.c, src/remote/remote_driver.c: Add new
	  functions for virDomainMigrateSetSpeed API
	* src/remote/remote_protocol.c, src/remote/remote_protocol.h,
	  daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_table.h: Re-generate files

	Add public API for setting migration speed on the fly
	It is possible to set a migration speed limit when starting
	migration. This new API allows the speed limit to be changed
	on the fly to adjust to changing conditions
	* src/driver.h, src/libvirt.c, src/libvirt_public.syms,
	  include/libvirt/libvirt.h.in: Add virDomainMigrateSetMaxSpeed
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c,
	  src/opennebula/one_driver.c, src/openvz/openvz_driver.c,
	  src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
	  src/remote/remote_driver.c, src/test/test_driver.c,
	  src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/vmware/vmware_driver.c, src/xen/xen_driver.c,
	  src/libxl/libxl_driver.c: Stub new API

2011-03-22  Eric Blake  <eblake@redhat.com>

	maint: update authors
	* AUTHORS: Update, to satisfy 'make syntax-check'.

2011-03-22  Daniel P. Berrange  <berrange@redhat.com>

	Disable libxl build in RPM on Fedora < 16
	The xen RPM in Fedora isn't new enough to support libxl builds
	yet. Disable it until Fedora 16
	* libvirt.spec.in: Disable libxl on Fedora < 16

2011-03-22  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: fallback to HMP drive_add/drive_del
	fallback to HMP drive_add/drive_del commands if not found in QMP

2011-03-22  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Only use HMP passthrough if it is supported
	Avoids calling text monitor methods when it is know they will not
	succeed and also results in nicer error messages.

	qemu: Detect support for HMP passthrough

2011-03-22  Thibault Vincent  <thibault.vincent@smartjog.com>

	qemu: add two hook script events "prepare" and "release"
	Fix for bug https://bugzilla.redhat.com/show_bug.cgi?id=618970
	The "prepare" hook is called very early in the VM statup process
	before device labeling, so that it can allocate ressources not
	managed by libvirt, such as DRBD, or for instance create missing
	bridges and vlan interfaces.
	* src/util/hooks.c src/util/hooks.h: add definitions for new hooks
	  VIR_HOOK_QEMU_OP_PREPARE and VIR_HOOK_QEMU_OP_RELEASE
	* src/qemu/qemu_process.c: use them in qemuProcessStart and
	  qemuProcessStop()

2011-03-22  Daniel Veillard  <veillard@redhat.com>

	Update the set of maintainers for the project
	Wen Congyang gained commiter access
	Created a new section of previous commiters to the project
	but not involved much anymore: Karel Zak, Atsushi SAKAI,
	Dave Leskovec and Dan Smith

2011-03-22  Eric Blake  <eblake@redhat.com>

	qemu: simplify interface fd handling in monitor
	With only a single caller to these two monitor commands, I
	didn't need to wrap a new WithFds version, but just change
	the command itself.
	* src/qemu/qemu_monitor.h (qemuMonitorAddNetdev)
	(qemuMonitorAddHostNetwork): Add parameters.
	* src/qemu/qemu_monitor.c (qemuMonitorAddNetdev)
	(qemuMonitorAddHostNetwork): Add support for fd passing.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Use it to
	simplify code.

	qemu: simplify PCI configfd handling in monitor
	This is also a bug fix - on the error path, qemu_hotplug would
	leave the configfd file leaked into qemu.  At least the next
	attempt to hotplug a PCI device would reuse the same fdname,
	and when the qemu getfd monitor command gets a new fd by the
	same name as an earlier one, it closes the earlier one, so there
	is no risk of qemu running out of fds.
	* src/qemu/qemu_monitor.h (qemuMonitorAddDeviceWithFd): New
	prototype.
	* src/qemu/qemu_monitor.c (qemuMonitorAddDevice): Move guts...
	(qemuMonitorAddDeviceWithFd): ...to new function, and add support
	for fd passing.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachHostPciDevice): Use it
	to simplify code.
	Suggested by Daniel P. Berrange.

	qemu: simplify monitor fd error handling
	qemu_monitor was already returning -1 and setting errno to EINVAL
	on any attempt to send an fd without a unix socket, but this was
	a silent failure in the case of qemuDomainAttachHostPciDevice.
	Meanwhile, qemuDomainAttachNetDevice was doing some sanity checking
	for a better error message; it's better to consolidate that to a
	central point in the API.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Move sanity
	checking...
	* src/qemu/qemu_monitor.c (qemuMonitorSendFileHandle): ...into
	central location.
	Suggested by Chris Wright.

	udev: fix regression with qemu:///session
	https://bugzilla.redhat.com/show_bug.cgi?id=684655 points out
	a regression introduced in commit 2215050edd - non-root users
	can't connect to qemu:///session because libvirtd dies when
	it can't use pciaccess initialization.
	* src/node_device/node_device_udev.c (udevDeviceMonitorStartup):
	Don't abort udev driver (and libvirtd overall) if non-root user
	can't use pciaccess.

2011-03-21  Eric Blake  <eblake@redhat.com>

	logging: fix off-by-one bug
	Valgrind caught that our log wrap-around was going 1 past the end.
	Regression introduced in commit b16f47a; previously the
	buffer was static and size+1 bytes, but now it is dynamic and
	exactly size bytes.
	* src/util/logging.c (virLogStr): Don't write past end of log.

2011-03-21  Wen Congyang  <wency@cn.fujitsu.com>

	do not report OOM error when prepareCall() failed
	We have reported error in the function prepareCall(), and
	the error is not only OOM error. So we should not report
	OOM error in the function call() when prepareCall() failed.

2011-03-21  Eric Blake  <eblake@redhat.com>

	util: guarantee sane errno in virFileIsExecutable
	If virFileIsExecutable is to replace access(file,X_OK), then
	errno must be usable on failure.
	* src/util/util.c (virFileIsExecutable): Set errno on failure.

2011-03-21  Cole Robinson  <crobinso@redhat.com>

	docs: Document first release with spice and qxl

2011-03-21  Osier Yang  <jyang@redhat.com>

	doc: Add schema definition for imagelabel
	<imagelable> is not generated by running domain, actually we parse
	it in src/conf/domain_conf.c, this patch is to fix it, otherwise any
	validation (virt-xml-validate) on the domain xml dumped from shutoff
	domain containing <imagelable> will fail.
	* docs/schemas/domain.rng

2011-03-19  Tiziano Mueller  <dev-zero@gentoo.org>

	update virGetVersion description
	The current description suggests that you always have to provide
	a valid typeVer pointer. But if you want only the libvirt version
	it's also possible to set type and typeVer to NULL to skip the
	hypervisor part.

2011-03-19  Hu Tao  <hutao@cn.fujitsu.com>

	Don't return an error on failure to create blkio controller
	This patch enables cgroup controllers as much as possible by skipping
	the creation of blkio controller when running with old kernels that
	doesn't support multi-level directory for blkio controller.

2011-03-19  Jim Fehlig  <jfehlig@novell.com>

	Don't build libxenlight driver for Xen 4.0
	The libxenlight driver does not build against the tech preview
	version of libxenlight in Xen 4.0.  Only enable building the
	driver against more complete libxenlight found in Xen 4.1.

2011-03-19  Eric Blake  <eblake@redhat.com>

	qemu: respect locking rules
	THREADS.txt states that the contents of vm should not be read or
	modified while the vm lock is not held, but that the lock must not
	be held while performing a monitor command.  This fixes all the
	offenders that I could find.
	* src/qemu/qemu_process.c (qemuProcessStartCPUs)
	(qemuProcessInitPasswords, qemuProcessStart): Don't modify or
	refer to vm state outside lock.
	* src/qemu/qemu_driver.c (qemudDomainHotplugVcpus): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainChangeGraphicsPasswords):
	Likewise.

2011-03-19  Laine Stump  <laine@laine.org>

	network driver: log error and abort network startup when radvd isn't found
	This is detailed in:
	  https://bugzilla.redhat.com/show_bug.cgi?id=688957
	Since radvd is executed by daemonizing it, the attempt to exec the
	radvd binary doesn't happen until after libvirtd has already received
	an exit code from the intermediate forked process, so no error is
	detected or logged by __virExec().
	We can't require radvd as a prerequisite for the libvirt package (many
	installations don't use IPv6, so they don't need it), so instead we
	add in a check to verify there is an executable radvd binary prior to
	trying to exec it.

2011-03-19  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	openvz: fix a simple bug in openvzListDefinedDomains()
	This patch adds missing curly brackets to an if
	statement in openvzListDefinedDomains()

2011-03-19  Eric Blake  <eblake@redhat.com>

	build: translate changes in previous patch
	* po/POTFILES.in: Add src/util/hash.c for 'make syntax-check'.

2011-03-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix delayed event delivery when SASL is active
	When SASL is active, it was possible that we read and decoded
	more data off the wire than we initially wanted. The loop
	processing this data terminated after only one message to
	avoid delaying the calling thread, but this could delay
	event delivery. As long as there is decoded SASL data in
	memory, we must process it, before returning to the poll()
	event loop.
	This is a counterpart to the same kind of issue solved in
	  commit 68d2c3482fa16801f8e6ca5c42698319bb87f385
	in a different area of the code
	* src/remote/remote_driver.c: Process all pending SASL data

	Ensure binary is resolved wrt $PATH in virExec
	virExec would only resolved the binary to $PATH if no env
	variables were being set. Since there is no execvep() API
	in POSIX, we use virFindFileInPath to manually resolve
	the binary and then use execv() instead of execvp().

2011-03-18  Jim Fehlig  <jfehlig@novell.com>

	Add libxenlight driver
	Add a new xen driver based on libxenlight [1], which is the primary
	toolstack starting with Xen 4.1.0.  The driver is stateful and runs
	privileged only.
	Like the existing xen-unified driver, the libxenlight driver is
	accessed with xen:// URI.  Driver selection is based on the status
	of xend.  If xend is running, the libxenlight driver will not load
	and xen:// connections are handled by xen-unified.  If xend is not
	running *and* the libxenlight driver is available, xen://
	connections are deferred to the libxenlight driver.
	V6:
	 - Address several code style issues noted by Daniel Veillard
	 - Make drive work with xen:/// URI
	 - Hold domain object reference while domain is injected in
	   libvirt event loop.  Race found and fixed by Markus Groß.
	V5:
	 - Ensure events are unregistered when domain private data
	   is destroyed.  Discovered and fixed by Markus Groß.
	V4:
	 - Handle restart of libvirtd, reconnecting to previously
	   started domains
	 - Rebased to current master
	 - Tested against Xen 4.1 RC7-pre (c/s 22961:c5d121fd35c0)
	V3:
	  - Reserve vnc port within driver when autoport=yes
	V2:
	  - Update to Xen 4.1 RC6-pre (c/s 22940:5a4710640f81)
	  - Rebased to current master
	  - Plug memory leaks found by Stefano Stabellini and valgrind
	  - Handle SHUTDOWN_crash domain death event
	[1] http://lists.xensource.com/archives/html/xen-devel/2009-11/msg00436.html

2011-03-18  Jiri Denemark  <jdenemar@redhat.com>

	util: Forbid calling hash APIs from iterator callback
	Calling most hash APIs is not safe from inside of an iterator callback.
	Exceptions are APIs that do not modify the hash table and removing
	current hash entry from virHashFroEach callback.
	This patch make all APIs which are not safe fail instead of just relying
	on the callback being nice not calling any unsafe APIs.

	qemu: Fix copy&paste error messages in text monitor

2011-03-18  Wen Congyang  <wency@cn.fujitsu.com>

	do not unref obj in qemuDomainObjExitMonitor*
	Steps to reproduce this bug:
	# cat test.sh
	  #! /bin/bash -x
	  virsh start domain
	  sleep 5
	  virsh qemu-monitor-command domain 'cpu_set 2 online' --hmp
	# while true; do ./test.sh ; done
	Then libvirtd will crash.
	The reason is that:
	we add a reference of obj when we open the monitor. We will reduce this
	reference when we free the monitor.
	If the reference of monitor is 0, we will free monitor automatically and
	the reference of obj is reduced.
	But in the function qemuDomainObjExitMonitorWithDriver(), we reduce this
	reference again when the reference of monitor is 0.
	It will cause the obj be freed in the function qemuDomainObjEndJob().
	Then we start the domain again, and libvirtd will crash in the function
	virDomainObjListSearchName(), because we pass a null pointer(obj->def->name)
	to strcmp().

	qemu: check driver name while attaching disk
	This bug was reported by Shi Jin(jinzishuai@gmail.com):
	=============
	# virsh attach-disk RHEL6RC /var/lib/libvirt/images/test3.img vdb \
	        --driver file --subdriver qcow2
	Disk attached successfully
	# virsh save RHEL6RC /var/lib/libvirt/images/memory.save
	Domain RHEL6RC saved to /var/lib/libvirt/images/memory.save
	# virsh restore /var/lib/libvirt/images/memory.save
	error: Failed to restore domain from /var/lib/libvirt/images/memory.save
	error: internal error unsupported driver name 'file'
	       for disk '/var/lib/libvirt/images/test3.img'
	=============
	We check the driver name when we start or restore VM, but we do
	not check it while attaching a disk. This adds the same check on disk
	driverName used in qemuBuildCommandLine to qemudDomainAttachDevice.

2011-03-18  Daniel Veillard  <veillard@redhat.com>

	Improve logging documentation including the debug buffer
	* docs/logging.html.in: document the fact that starting from
	  0.9.0 the server logs goes to libvirtd.log instead of syslog
	  by default, describe the debug buffer, restructure the page
	  and add a couple more examples

	Avoid taking lock in libvirt debug dump
	As pointed out, locking the buffer from the signal handler
	cannot been guaranteed to be safe, so to avoid any hazard
	we prefer the trade off of dumping logs possibly messed up
	by concurrent logging activity rather than risk a daemon
	crash.
	* src/util/logging.c: change virLogEmergencyDumpAll() to not
	  take any lock on the log buffer but reset buffer content variables
	  to an empty set before starting the actual dump.

2011-03-18  Wen Congyang  <wency@cn.fujitsu.com>

	unlock the monitor when unwatching the monitor
	Steps to reproduce this bug:
	# virsh qemu-monitor-command domain 'cpu_set 2 online' --hmp
	The domain has 2 cpus, and we try to set the third cpu online.
	The qemu crashes, and this command will hang.
	The reason is that the refs is not 1 when we unwatch the monitor.
	We lock the monitor, but we do not unlock it. So virCondWait()
	will be blocked.

2011-03-18  Hu Tao  <hutao@cn.fujitsu.com>

	Add vim configuration that makes vim auto-indent code

	Make virDomainObjParseNode() static
	Make virDomainObjParseNode() static since it is called only
	in one file.

2011-03-18  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	virsh: fix memtune's help message for swap_hard_limit
	* Correct the documentation for cgroup: the swap_hard_limit indicates
	  mem+swap_hard_limit.
	* Change cgroup private apis to: virCgroupGet/SetMemSwapHardLimit

2011-03-18  Alex Williamson  <alex.williamson@redhat.com>

	Add PCI sysfs reset access
	I'm proposing we make use of $PCIDIR/reset in qemu-kvm to reset
	devices on VM reset.  We need to add it to libvirt's list of
	files that get ownership for device assignment.

2011-03-18  Jim Fehlig  <jfehlig@novell.com>

	Support Xen sysctl v8, domctl v7
	xen-unstable c/s 21118:28e5409e3fb3 bumped sysctl version to 8.
	xen-unstable c/s 21212:de94884a669c introduced CPU pools feature,
	adding another member to xen_domctl_getdomaininfo struct.  Add a
	corresponding domctl v7 struct in xen hypervisor sub-driver and
	detect sysctl v8 during initialization.

2011-03-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote: Add missing virCondDestroy calls
	The virCond of the remote_thread_call struct was leaked in some
	places. This results in leaking the underlying mutex. Which in turn
	leaks a handle on Windows.
	Reported by Aliaksandr Chabatar and Ihar Smertsin.

2011-03-17  Eric Blake  <eblake@redhat.com>

	build: improve rpm generation for distro backports
	When building for an older distro, it's convenient to just
	tell rpmbuild to define dist (for example, to .el6_0), rather
	than also remembering to define rhel to 6.
	* libvirt.spec.in: Guess %{rhel} based on %{dist}.
	Based on an idea by Jiri Denemark.

2011-03-17  Laine Stump  <laine@laine.org>

	macvtap: log an error if on failure to connect to netlink socket
	A bug in libnl (see https://bugzilla.redhat.com/show_bug.cgi?id=677724
	and https://bugzilla.redhat.com/show_bug.cgi?id=677725) makes it very
	easy to create a failure to connect to the netlink socket when trying
	to open a macvtap network device ("type='direct'" in domain interface
	XML). When that error occurred (during a call to libnl's nl_connect()
	from libvirt's nlComm(), there was no log message, leading virsh (for
	example) to report "unknown error".
	There were two other cases in nlComm where an error in a libnl
	function might return with failure but no error reported. In all three
	cases, this patch logs a message which will hopefully be more useful.
	Note that more detailed information about the failure might be
	available from libnl's nl_geterror() function, but it calls
	strerror(), which is not threadsafe, so we can't use it.

2011-03-16  Osier Yang  <jyang@redhat.com>

	storage: Fix a problem which will cause libvirtd crashed
	If pool xml has no definition for "port", then "Segmentation fault"
	happens when jumping to "cleanup:" to do "VIR_FREE(port)", as "port"
	was not initialized in this situation.
	* src/conf/storage_conf.c

2011-03-16  Eric Blake  <eblake@redhat.com>

	qemu: support migration to fd
	* src/qemu/qemu_monitor.h (qemuMonitorMigrateToFd): New
	prototype.
	* src/qemu/qemu_monitor.c (qemuMonitorMigrateToFd): New function.

	qemu: improve efficiency of dd during snapshots
	POSIX states about dd:
	If the bs=expr operand is specified and no conversions other than
	sync, noerror, or notrunc are requested, the data returned from each
	input block shall be written as a separate output block; if the read
	returns less than a full block and the sync conversion is not
	specified, the resulting output block shall be the same size as the
	input block. If the bs=expr operand is not specified, or a conversion
	other than sync, noerror, or notrunc is requested, the input shall be
	processed and collected into full-sized output blocks until the end of
	the input is reached.
	Since we aren't using conv=sync, there is no zero-padding, but our
	use of bs= means that a short read results in a short write.  If
	instead we use ibs= and obs=, then short reads are collected and dd
	only has to do a single write, which can make dd more efficient.
	* src/qemu/qemu_monitor.c (qemuMonitorMigrateToFile):
	Avoid 'dd bs=', since it can cause short writes.

	virsh: allow empty string arguments
	"virsh connect ''" should try to connect to the default connection,
	but the previous patch made it issue a warning about an invalid URI.
	* tools/virsh.c (VSH_OFLAG_EMPTY_OK): New option flag.
	(vshCommandOptString): Per the declaration, value is required to
	be non-NULL.  Honor new flag.
	(opts_connect): Allow empty string connection.

2011-03-15  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: Fallback to HMP when cpu_set QMP command is not found

2011-03-15  Daniel P. Berrange  <berrange@redhat.com>

	Change message for VIR_FROM_RPC error domain
	The VIR_FROM_RPC error domain is used generically for any RPC
	problem, not simply XML-RPC problems.
	* src/util/virterror.c: s/XML-RPC/RPC/

	Add compat function for geteuid()
	* configure.ac: Check for geteuid()
	* src/util/util.h: Compat for geteuid()

	Fix misc bugs in virCommandPtr
	The virCommandNewArgs() method would free the virCommandPtr
	if it failed to add the args. This meant errors reported in
	virCommandAddArgSet() were lost. Simply removing the check
	for errors from the constructor means they can be reported
	correctly later
	The virCommandAddEnvPassCommon() method failed to check for
	errors before reallocating the cmd->env array, causing a
	potential SEGV if cmd was NULL
	The virCommandAddArgSet() method needs to validate that at
	least 1 element in 'val's parameter is non-NULL, otherwise
	code like
	    cmd = virCommandNew(binary)
	    virCommandAddAtg(cmd, "foo")
	Would end up trying todo  execve("foo"), if binary was
	NULL.

	Add virSetBlocking() to allow O_NONBLOCK to be toggle on or off
	The virSetNonBlock() API only allows enabling non-blocking
	operations. It doesn't allow turning blocking back on. Add
	a new API to allow arbitrary toggling.
	* src/libvirt_private.syms, src/util/util.h
	  src/util/util.c: Add virSetBlocking

2011-03-15  Eric Blake  <eblake@redhat.com>

	qemu: use more appropriate error
	Fixes bug in commit acacced
	* src/qemu/qemu_command.c (qemuBuildCommandLine):
	s/INVALID_ARG/CONFIG_UNSUPPORTED/.
	Reported by Daniel P. Berrange.

2011-03-15  Justin Clift  <jclift@redhat.com>

	docs: update windows page for initial libvirt 0.8.8 installer

2011-03-15  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	libvirt: fix a simple bug in virDomainSetMemoryFlags()
	This patch fix a simple bug in virDomainSetMemoryFlags function.
	The patch sent before lacks the consideration of the case
	where the driver doesn't support virDomainSetMemoryFlags API.

2011-03-15  Daniel P. Berrange  <berrange@redhat.com>

	Make LXC container startup/shutdown/I/O more robust
	The current LXC I/O controller looks for HUP to detect
	when a guest has quit. This isn't reliable as during
	initial bootup it is possible that 'init' will close
	the console and let mingetty re-open it. The shutdown
	of containers was also flakey because it only killed
	the libvirt I/O controller and expected container
	processes to gracefully follow.
	Change the I/O controller such that when it see HUP
	or an I/O error, it uses kill($PID, 0) to see if the
	process has really quit.
	Change the container shutdown sequence to use the
	virCgroupKillPainfully function to ensure every
	really goes away
	This change makes the use of the 'cpu', 'devices'
	and 'memory' cgroups controllers compulsory with
	LXC
	* docs/drvlxc.html.in: Document that certain cgroups
	  controllers are now mandatory
	* src/lxc/lxc_controller.c: Check if PID is still
	  alive before quitting on I/O error/HUP
	* src/lxc/lxc_driver.c: Use virCgroupKillPainfully

2011-03-15  Daniel Veillard  <veillard@redhat.com>

	Allow to dynamically set the size of the debug buffer
	This is the part allowing to dynamically resize the debug log
	buffer from it's default 64kB size. The buffer is now dynamically
	allocated.
	It adds a new API virLogSetBufferSize() which resizes the buffer
	If passed a zero size, the buffer is deallocated and we do the small
	optimization of not formatting messages which are not output anymore.
	On the daemon side, it just adds a new option log_buffer_size to
	libvirtd.conf and call virLogSetBufferSize() if needed
	* src/util/logging.h src/util/logging.c src/libvirt_private.syms:
	  make buffer dynamic and add virLogSetBufferSize() internal API
	* daemon/libvirtd.conf: document the new log_buffer_size option
	* daemon/libvirtd.c: read and use the new log_buffer_size option

2011-03-15  Eric Blake  <eblake@redhat.com>

	qemu: consolidate duplicated monitor migration code
	* src/qemu/qemu_monitor_text.h (qemuMonitorTextMigrate): Declare
	in place of individual monitor commands.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONMigrate): Likewise.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrateToHost)
	(qemuMonitorTextMigrateToCommand, qemuMonitorTextMigrateToFile)
	(qemuMonitorTextMigrateToUnix): Delete.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMigrateToHost)
	(qemuMonitorJSONMigrateToCommand, qemuMonitorJSONMigrateToFile)
	(qemuMonitorJSONMigrateToUnix): Delete.
	* src/qemu/qemu_monitor.c (qemuMonitorMigrateToHost)
	(qemuMonitorMigrateToCommand, qemuMonitorMigrateToFile)
	(qemuMonitorMigrateToUnix): Consolidate shared code.

	qemu: use lighter-weight fd:n on incoming tunneled migration
	Outgoing migration still uses a Unix socket and or exec netcat until
	the next patch.
	* src/qemu/qemu_migration.c (qemuMigrationPrepareTunnel):
	Replace Unix socket with simpler pipe.
	Suggested by Paolo Bonzini.

	maint: make spacing in .sh files easier
	Commit 7f193757 renamed libvirt-guests.init from .in to .sh, which
	made it slip past sc_TAB_in_indentation.  I nearly reintroduced a
	tab, so I'm pushing this to prevent that from happening.
	* cfg.mk (sc_TAB_in_indentation): Update rule to include .sh files.
	* .dir-locals.el: List spacing preference for .sh files.

2011-03-15  Osier Yang  <jyang@redhat.com>

	qemu: Check the unsigned integer overflow
	As perhaps other hypervisor drivers use different capacity units,
	do the checking in qemu driver instead of in conf/domain_conf.c.

2011-03-15  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	Fix performance problem of virStorageVolCreateXMLFrom()
	This patch changes zerobuf variable from array to VIR_ALLOC_N().

2011-03-15  Eric Blake  <eblake@redhat.com>

	libvirt-guests: avoid globbing when splitting $URIS
	* tools/libvirt-guests.init.sh (start, stop, gueststatus): Avoid
	shell globbing, since valid URIs can contain '?'.

2011-03-15  Philipp Hahn  <hahn@univention.de>

	libvirt-guest.init: quoting variables
	At least protect the $uri variable against further expansion by properly
	quoting it. While doing that, also quote all other variables to protect
	against shell meta characters.

	docs/formatdomain.html.in: Fix spelling PIC->PCI
	Not "Programmable Interrupt Controller" but "Peripheral Component
	Interconnect".

2011-03-15  Laine Stump  <laine@laine.org>

	audit: eliminate potential null pointer deref when auditing macvtap devices
	The newly added call to qemuAuditNetDevice in qemuPhysIfaceConnect was
	assuming that res_ifname (the name of the macvtap device) was always
	valid, but this isn't the case. If openMacvtapTap fails, it always
	returns NULL, which would result in a segv.
	Since the audit log only needs a record of devices that are actually
	sent to qemu, and a failure to open the macvtap device means that no
	device will be sent to qemu, we can solve this problem by only doing
	the audit if openMacvtapTap is successful (in which case res_ifname is
	guaranteed valid).

2011-03-14  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Insert error messages to avoid a quiet abortion of commands
	in case of incorrect option parsing.

2011-03-14  Laine Stump  <laine@laine.org>

	network driver: don't send default route to clients on isolated networks
	Normally dnsmasq will send a default route (the address of the host in
	the network definition) to any client requesting an address via
	DHCP. On an isolated network this makes no sense, as we have iptables
	to prevent any traffic going out via that interface, so anything sent
	that way would be dropped anyway.
	This extra/unusable default route becomes problematic if you have
	setup a guest with multiple network interfaces, with one connected to
	an isolated network and another that provides connectivity to the
	outside (example - one interface directly connecting to a physical
	interface via macvtap, with a second connected to an isolated network
	so that the host and guest can communicate (macvtap doesn't support
	guest<->host communication without an external switch that supports
	vepa, or reflecting all traffic back)). In this case, if the guest
	chooses the default route of the isolated network, the guest will not
	be able to get network traffic beyond the host.
	To prevent dnsmasq from sending a default route, you can tell it to
	send 0 bytes of data for the default route option (option number 3)
	with --dhcp-option=3 (normally the data to send for the option would
	follow the option number; no extra data means "don't send this option").
	I have checked on RHEL5 (a good representative of the oldest supported
	libvirt platforms) and its version of dnsmasq (2.45) does support
	--dhcp-option, so this shouldn't create any compatibility problems.

2011-03-14  Jiri Denemark  <jdenemar@redhat.com>

	python: Use hardcoded python path in libvirt.py
	This partially reverts (and fixes that part in a different way) commit
	e4384459c93e3e786aa483c7f077d1d22148f689, which replaced
	``/usr/bin/python'' with ``/usr/bin/env python'' in all examples or
	scripts used during build to generate other files.
	However, python bindings module is compiled and linked against a
	specific python discovered or explicitly provided in configure phase.
	Thus libvirt.py, which is generated and installed into the system,
	should use the same python binary for which the module has been built.
	The hunk in Makefile.am replaces $(srcdir) with $(PYTHON), which might
	seem wrong but it is not. generator.py didn't use any of its command
	line arguments so passing $(srcdir) to it was redundant.

	virsh: Allow starting domains by UUID

2011-03-14  Osier Yang  <jyang@redhat.com>

	virsh: Free stream when shutdown console
	Otherwise connection of hypervisor driver will be leaked when
	one shutdown the guest in console. e.g.
	[root@localhost]# init 0
	......
	init: Re-executing /sbin/init
	Halting system...
	Power down.
	error: Failed to disconnect from the hypervisor, 1 leaked reference(s)

2011-03-14  Guido Günther  <agx@sigxcpu.org>

	Add missing checks for read only connections
	As pointed on CVE-2011-1146, some API forgot to check the read-only
	status of the connection for entry point which modify the state
	of the system or may lead to a remote execution using user data.
	The entry points concerned are:
	  - virConnectDomainXMLToNative
	  - virNodeDeviceDettach
	  - virNodeDeviceReAttach
	  - virNodeDeviceReset
	  - virDomainRevertToSnapshot
	  - virDomainSnapshotDelete
	* src/libvirt.c: fix the above set of entry points to error on read-only
	                 connections

2011-03-12  Laine Stump  <laine@laine.org>

	network driver: Use a separate dhcp leases file for each network
	By default, all dnsmasq processes share the same leases file. libvirt
	also uses the --dhcp-lease-max option to control the maximum number of
	leases allowed. The problem is that libvirt puts in a number equal to
	the number of addresses in the range for the one network handled by a
	single instance of dnsmasq, but dnsmasq checks the total number of
	leases in the file (which could potentially contain many more).
	The solution is to tell each instance of dnsmasq to create and use its
	own leases file. (/var/lib/libvirt/network/<net-name>.leases).
	This file is created by dnsmasq when it starts, but not deleted when
	it exists. This is fine when the network is just being stopped, but if
	the leases file was left around when a network was undefined, we could
	end up with an ever-increasing number of dead files - instead, we
	explicitly unlink the leases file when a network is undefined.
	Note that Ubuntu carries a patch against an older version of libvirt for this:
	hhttps://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/713071
	ttp://bazaar.launchpad.net/~serge-hallyn/ubuntu/maverick/libvirt/bugall/revision/109
	I was certain I'd also seen discussion of this on libvir-list or
	libvirt-users, but couldn't find it.

	network driver: Fix indentation from previous commit
	The previous commit put a large portion of networkBuildDnsmasqArgv
	inside an if { } block. This readjusts the indentation.

	network driver: Start dnsmasq even if no dhcp ranges/hosts are specified.
	This fixes a regression introduced in commit ad48df, and reported on
	the libvirt-users list:
	  https://www.redhat.com/archives/libvirt-users/2011-March/msg00018.html
	The problem in that commit was that we began searching a list of ip
	address definitions (rather than just having one) to look for a dhcp
	range or static host; when we didn't find any, our pointer (ipdef) was
	left at NULL, and when ipdef was NULL, we returned without starting up
	dnsmasq.
	Previously dnsmasq was started even without any dhcp ranges or static
	entries, because it's still useful for DNS services.
	Another problem I noticed while investigating was that, if there are
	IPv6 addresses, but no IPv4 addresses of any kind, we would jump out
	at an ever higher level in the call chain.
	This patch does the following:
	1) networkBuildDnsmasqArgv() = all uses of ipdef are protected from
	   NULL dereference. (this patch doesn't change indentation, to make
	   review easier. The next patch will change just the
	   indentation). ipdef is intended to point to the first IPv4 address
	   with DHCP info (or the first IPv4 address if none of them have any
	   dhcp info).
	2) networkStartDhcpDaemon() = if the loop looking for an ipdef with
	   DHCP info comes up empty, we then grab the first IPv4 def from the
	   list. Also, instead of returning if there are no IPv4 defs, we just
	   return if there are no IP defs at all (either v4 or v6). This way a
	   network that is IPv6-only will still get dnsmasq listening for DNS
	   queries.
	3) in networkStartNetworkDaemon() - we will startup dhcp not just if there
	   are any IPv4 addresses, but also if there are any IPv6 addresses.

2011-03-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	Don't use INT64_MAX in libvirt.h because it requires stdint.h
	VIR_DOMAIN_MEMORY_PARAM_UNLIMITED uses INT64_MAX but stdint.h
	was not and should not be included. Therefore, libvirt.h was
	not self-contained.
	Instead of including stdint.h specify the value directly.

2011-03-12  Philipp Hahn  <hahn@univention.de>

	libvirt-guest.init: handle domain name with spaces
	awk splits the line on consecutive spaces, which breaks getting the name
	of a domain whose name contains spaces. Use sed instead to strip the
	"Name:" prefix from the line

	domain.rng vs. formatdomain.html#elementsUSB
	The Relax-NG schema for domains regarding <hostdev> doesn't match what's
	implemented in src/conf/domain_conf.c#virDomainHostdevDefFormat(): The
	implementation only requires @type, but the schema currently either
	required none or all three attributes (@mode, @type, and @managed) to be
	defined together, because they are declared in the same
	<optional)-section. (@managed is currently even undocumented on
	<http://libvirt.org/formatdomain.html#elementsUSB>).
	Thus the following minimal <hostdev>-example fails to validate:
	<domain type='test'>
	        <name>N</name>
	        <memory>4096</memory>
	        <bootloader>/bin/false</bootloader>
	        <os>
	                <type arch='x86_64' machine='xenpv'>linux</type>
	        </os>
	        <devices>
	                <hostdev type='pci'>
	                        <source>
	                                <address bus='0x06' slot='0x00' function='0x0'/>
	                        </source>
	                </hostdev>
	        </devices>
	</domain>
	The schema is changed to match the current implementation:
	1. @mode is optional (which defaults to 'subsystem')
	2. @type is required
	3. @managed is optional (which defaults to 'no')
	The documentation is updated to mention @managed.

2011-03-12  Eric Blake  <eblake@redhat.com>

	qemu: fix -global argument usage
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Pass two
	separate arguments, and fix indentation.

	docs: fix missing </p>
	* docs/formatdomain.html.in: Fix typo in last patch.
	Reported by Matthias Bolte.

2011-03-12  Philipp Hahn  <hahn@univention.de>

	Ignore backing file errors in FS storage pool
	Currently a single storage volume with a broken backing file will disable the
	whole storage pool. This can happen when the backing file is on some
	unavailable network storage or if the backing volume is deleted, while the
	storage volumes using it remain.
	Since the storage pool can not be re-activated, re-creating the missing
	or deleting the now useless volumes using libvirt only is not possible.
	Fixing this is a little bit tricky:
	1. virStorageBackendProbeTarget() only detects the missing backing file,
	   if the backing file format is not explicitly specified. If the
	   backing file is created using
		   kvm-img create -f qcow2 -o backing_fmt=qcow2,backing_file=... ...
	   no error is detected at this stage.
	   The new return code -3 signals that the backing file could not be
	   opened.
	2. The backingStore.format must be >= 0, since values < 0 would break
	   virStorageVolTargetDefFormat() when dumping the XML data such as
	       <format type='...'/>
	   Because of this the format is faked as VIR_STORAGE_FILE_RAW.
	3. virStorageBackendUpdateVolTargetInfo() always opens the backing file
	   and thus always detects a missing backing file.
	   Since it "only" updates the capacity, allocation, owner, group, mode
	   and SELinux label, just ignore errors at this stage, print an error
	   message and continue.
	4. Using vol-dump on a broken volume still doesn't work, but at least
	   vol-destroy and pool-refresh do work now.
	To reproduce:
	  dir=$(mktemp -d)
	  virsh pool-create-as tmp dir '' '' '' '' "$dir"
	  virsh vol-create-as --format qcow2 tmp back 1G
	  virsh vol-create-as --format qcow2 --backing-vol-format qcow2 --backing-vol back tmp cow 1G
	  virsh vol-delete --pool tmp back
	  virsh pool-refresh tmp
	After the last step, the pool will be gone (because it was not persistent). As
	long as the now broken image stays in the directory, you will not be able to
	re-create or re-start the pool.

2011-03-12  Gerhard Stenzel  <gstenzel@linux.vnet.ibm.com>

	documenting the 802.1Qbg parameters of a 'direct' interface
	This patchs adds documentation about the 802.1Qbg related parameters
	of the virtualport element in a 'direct' interface definition.

2011-03-11  Gui Jianfeng  <guijianfeng@cn.fujitsu.com>

	remote-protocol: implement new BlkioParameters API
	Remote protocol implementation of virDomainSetBlkioParameters and virDomainGetBlkioParameters.

	virsh: Adding blkiotune command to virsh tool
	Adding blkiotune command to virsh tool

	qemu: implement new BlkioParameters API
	Implement domainSetBlkioParameters and domainGetBlkioParameters for QEmu

	libvirt: implements virDomain{Get,Set}BlkioParameters
	Implements virDomainSetBlkioParameters and virDomainGetBlkioParameters and initialization

	libvirt: add virDomain{Get,Set}BlkioParameters
	Add virDomainSetBlkioParameters virDomainGetBlkioParameters

2011-03-11  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setmem: add the new options to "virsh setmem" command
	This patch adds the new options (--live and --config)  to "virsh setmem" command.
	The behavior of above options is the same as that of "virsh setvcpus" and so on.
	That is, when the --config option is specified, a modification is effective for
	the persistent domain. Moreover we can modify the memory size of inactive domains
	as well as that of active domains.

	setmem: implement the remote protocol to address the new API
	This patch implements the remote protocol to address the new API.

	setmem: implement the code to address the new API in the qemu driver
	This patch implements the code to address the new API
	in the qemu driver.

	setmem: introduce a new libvirt API (virDomainSetMemoryFlags)
	This patch introduces a new libvirt API (virDomainSetMemoryFlags) and
	a flag (virDomainMemoryModFlags).

2011-03-11  Guido Günther  <agx@sigxcpu.org>

	Make sure we reset the umask on the error path

2011-03-10  Eric Blake  <eblake@redhat.com>

	audit: audit use of /dev/net/tun, /dev/tapN, /dev/vhost-net
	Opening raw network devices with the intent of passing those fds to
	qemu is worth an audit point.  This makes a multi-part audit: first,
	we audit the device(s) that libvirt opens on behalf of the MAC address
	of a to-be-created interface (which can independently succeed or
	fail), then we audit whether qemu actually started the network device
	with the same MAC (so searching backwards for successful audits with
	the same MAC will show which fd(s) qemu is actually using).  Note that
	it is possible for the fd to be successfully opened but no attempt
	made to pass the fd to qemu (for example, because intermediate
	nwfilter operations failed) - no interface start audit will occur in
	that case; so the audit for a successful opened fd does not imply
	rights given to qemu unless there is a followup audit about the
	attempt to start a new interface.
	Likewise, when a network device is hot-unplugged, there is only one
	audit message about the MAC being discontinued; again, searching back
	to the earlier device open audits will show which fds that qemu quits
	using (and yes, I checked via /proc/<qemu-pid>/fd that qemu _does_
	close out the fds associated with an interface on hot-unplug).  The
	code would require much more refactoring to be able to definitively
	state which device(s) were discontinued at that point, since we
	currently don't record anywhere in the XML whether /dev/vhost-net was
	opened for a given interface.
	* src/qemu/qemu_audit.h (qemuAuditNetDevice): New prototype.
	* src/qemu/qemu_audit.c (qemuAuditNetDevice): New function.
	* src/qemu/qemu_command.h (qemuNetworkIfaceConnect)
	(qemuPhysIfaceConnect, qemuOpenVhostNet): Adjust prototype.
	* src/qemu/qemu_command.c (qemuNetworkIfaceConnect)
	(qemuPhysIfaceConnect, qemuOpenVhostNet): Add audit points and
	adjust parameters.
	(qemuBuildCommandLine): Adjust caller.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.

	qemu: don't request cgroup ACL access for /dev/net/tun
	Since libvirt always passes /dev/net/tun to qemu via fd, we should
	never trigger the cases where qemu tries to directly open the
	device.  Therefore, it is safer to deny the cgroup device ACL.
	* src/qemu/qemu_cgroup.c (defaultDeviceACL): Remove /dev/net/tun.
	* src/qemu/qemu.conf (cgroup_device_acl): Reflect this change.

	qemu: support vhost in attach-interface
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Honor vhost
	designations, similar to qemu_command code paths.
	* src/qemu/qemu_command.h (qemuOpenVhostNet): New prototype.
	* src/qemu/qemu_command.c (qemuOpenVhostNet): Export.

2011-03-10  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Stop guest CPUs before creating a snapshot

	qemu: Refactor qemuDomainSnapshotCreateXML

	qemu: Escape snapshot name passed to {save,load,del}vm

	qemu: Fallback to HMP for snapshot commands
	qemu driver in libvirt gained support for creating domain snapshots
	almost a year ago in libvirt 0.8.0. Since then we enabled QMP support
	for qemu >= 0.13.0 but QMP equivalents of {save,load,del}vm commands are
	not implemented in current qemu (0.14.0) so the domain snapshot support
	is not very useful.
	This patch detects when the appropriate QMP command is not implemented
	and tries to use human-monitor-command (aka HMP passthrough) to run
	it's HMP equivalent.

	qemu: Rename qemuMonitorCommandWithHandler as qemuMonitorText*
	To make it more obvious that it is only used for text monitor. The
	naming also matches the style of qemuMonitorTextCommandWithFd.

	qemu: Rename qemuMonitorCommand{,WithFd} as qemuMonitorHMP*
	So that it's obvious that they are supposed to be used with HMP commands.

	qemu: Setup infrastructure for HMP passthrough
	JSON monitor command implementation can now just directly call text
	monitor implementation and it will be automatically encapsulated into
	QMP's human-monitor-command.

	qemu: Fix warnings in event handlers
	Some qemu monitor event handlers were issuing inadequate warning when
	virDomainSaveStatus() failed. They copied the message from I/O error
	handler without customizing it to provide better information on why
	virDomainSaveStatus() was called.

2011-03-10  Osier Yang  <jyang@redhat.com>

	storage: Update qemu-img flag checking
	For newer qemu-img, the help string for "backing file format" is
	"[-F backing_fmt]".
	Fix the wrong logic error by commit e997c268.
	* src/storage/storage_backend.c

	qemu: Replace deprecated option of qemu-img
	qemu-img silently disable "-e", so we can't use it for volume
	encryption anymore, change it into "-o encryption=on" if qemu
	supports "-o" option.

2011-03-10  Eric Blake  <eblake@redhat.com>

	audit: also audit cgroup ACL permissions
	* src/qemu/qemu_audit.h (qemuAuditCgroupMajor)
	(qemuAuditCgroupPath): Add parameter.
	* src/qemu/qemu_audit.c (qemuAuditCgroupMajor)
	(qemuAuditCgroupPath): Add 'acl=rwm' to cgroup audit entries.
	* src/qemu/qemu_cgroup.c: Update clients.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Likewise.

	cgroup: allow fine-tuning of device ACL permissions
	Adding audit points showed that we were granting too much privilege
	to qemu; it should not need any mknod rights to recreate any
	devices.  On the other hand, lxc should have all device privileges.
	The solution is adding a flag parameter.
	This also lets us restrict write access to read-only disks.
	* src/util/cgroup.h (virCgroup*Device*): Adjust prototypes.
	* src/util/cgroup.c (virCgroupAllowDevice)
	(virCgroupAllowDeviceMajor, virCgroupAllowDevicePath)
	(virCgroupDenyDevice, virCgroupDenyDeviceMajor)
	(virCgroupDenyDevicePath): Add parameter.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update clients.
	* src/lxc/lxc_controller.c (lxcSetContainerResources): Likewise.
	* src/qemu/qemu_cgroup.c: Likewise.
	(qemuSetupDiskPathAllow): Also, honor read-only disks.

	audit: rename remaining qemu audit functions
	Also add ATTRIBUTE_NONNULL markers.
	* src/qemu/qemu_audit.h: The pattern qemuDomainXXXAudit is
	inconsistent; prefer qemuAuditXXX instead.
	* src/qemu/qemu_audit.c: Reflect the renames.
	* src/qemu/qemu_driver.c: Likewise.
	* src/qemu/qemu_hotplug.c: Likewise.
	* src/qemu/qemu_migration.c: Likewise.
	* src/qemu/qemu_process.c: Likewise.

	audit: also audit cgroup controller path
	Although the cgroup device ACL controller path can be worked out
	by researching the code, it is more efficient to include that
	information directly in the audit message.
	* src/util/cgroup.h (virCgroupPathOfController): New prototype.
	* src/util/cgroup.c (virCgroupPathOfController): Export.
	* src/libvirt_private.syms: Likewise.
	* src/qemu/qemu_audit.c (qemuAuditCgroup): Use it.

	audit: split cgroup audit types to allow more information
	Device names can be manipulated, so it is better to also log
	the major/minor device number corresponding to the cgroup ACL
	changes that libvirt made.  This required some refactoring
	of the relatively new qemu cgroup audit code.
	Also, qemuSetupChardevCgroup was only auditing on failure, not success.
	* src/qemu/qemu_audit.h (qemuDomainCgroupAudit): Delete.
	(qemuAuditCgroup, qemuAuditCgroupMajor, qemuAuditCgroupPath): New
	prototypes.
	* src/qemu/qemu_audit.c (qemuDomainCgroupAudit): Rename...
	(qemuAuditCgroup): ...and drop a parameter.
	(qemuAuditCgroupMajor, qemuAuditCgroupPath): New functions, to
	allow listing device major/minor in audit.
	(qemuAuditGetRdev): New helper function.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Adjust callers.
	* src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow)
	(qemuSetupHostUsbDeviceCgroup, qemuSetupCgroup)
	(qemuTeardownDiskPathDeny): Likewise.
	(qemuSetupChardevCgroup): Likewise, fixing missing audit.

2011-03-09  Eric Blake  <eblake@redhat.com>

	audit: tweak audit messages to match conventions
	* src/qemu/qemu_audit.c (qemuDomainHostdevAudit): Avoid use of
	"type", which has a pre-defined meaning.
	(qemuDomainCgroupAudit): Likewise, as well as "item".

	docs: silence warnings about generated API docs
	I noticed these while testing 'make dist'.
	Parsing ./../src/util/event.c
	Function comment for virEventRegisterDefaultImpl lacks description of return value
	Function comment for virEventRunDefaultImpl lacks description of return value
	Parsing ./../src/util/virterror.c
	Missing comment for function virSetErrorLogPriorityFunc
	* src/util/event.c (virEventRegisterDefaultImpl)
	(virEventRunDefaultImpl): Document return types.
	* src/util/virterror.c (virSetErrorLogPriorityFunc): Provide docs.

	docs: document <driver name='vhost'/> for interfaces
	* docs/formatdomain.html.in: Document virtio backend selection.

2011-03-09  Guido Günther  <agx@sigxcpu.org>

	Make sure the rundir is accessible by the user
	otherwise the user might not have enough permissions to access the
	socket if root's umask is 077.
	http://bugs.debian.org/614210

2011-03-09  Cole Robinson  <crobinso@redhat.com>

	Don't overwrite virRun error messages
	virRun gives pretty useful error output, let's not overwrite it unless there
	is a good reason. Some places were providing more information about what
	the commands were _attempting_ to do, however that's usually less useful from
	a debugging POV than what actually happened.

2011-03-09  Guido Günther  <agx@sigxcpu.org>

	libvirtd: Remove indirect linking
	as described at
	http://wiki.debian.org/ToolChain/DSOLinking
	https://fedoraproject.org/wiki/UnderstandingDSOLinkChange
	otherwise the build fails on current Debian unstable with:
	CCLD   libvirtd
	/usr/bin/ld: ../src/.libs/libvirt_driver_lxc.a(libvirt_driver_lxc_la-lxc_container.o): undefined reference to symbol 'capng_apply'
	/usr/bin/ld: note: 'capng_apply' is defined in DSO //usr/lib/libcap-ng.so.0 so try adding it to the linker command line
	CCLD   libvirtd
	/usr/bin/ld: ../src/.libs/libvirt_driver_storage.a(libvirt_driver_storage_la-storage_backend.o): undefined reference to symbol 'fgetfilecon'
	/usr/bin/ld: note: 'fgetfilecon' is defined in DSO //lib/libselinux.so.1 so try adding it to the linker command line
	//lib/libselinux.so.1: could not read symbols: Invalid operation
	and similar errors.

2011-03-09  Hu Tao  <hutao@cn.fujitsu.com>

	Fix a wrong error message thrown to user
	* src/qemu/qemu_driver.c: qemuDomainUpdateDeviceFlags() is not disk
	  specific as the message suggests

2011-03-09  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning on cygwin
	On cygwin:
	  CC       libvirt_driver_security_la-security_dac.lo
	security/security_dac.c: In function 'virSecurityDACSetProcessLabel':
	security/security_dac.c:618: warning: format '%d' expects type 'int', but argument 7 has type 'uid_t' [-Wformat]
	We've done this before (see src/util/util.c).
	* src/security/security_dac.c (virSecurityDACSetProcessLabel): On
	cygwin, uid_t is a 32-bit long.

	build: fix build on cygwin
	On cygwin:
	  CC        libvirt_util_la-cgroup.lo
	util/cgroup.c: In function 'virCgroupKillRecursiveInternal':
	util/cgroup.c:1458: warning: implicit declaration of function 'virCgroupNew' [-Wimplicit-function-declaration]
	* src/util/cgroup.c (virCgroupKill): Don't build on platforms
	where virCgroupNew is unsupported.

2011-03-09  Wen Congyang  <wency@cn.fujitsu.com>

	build: fix building error when building without libvirtd
	When building libvirt without libvirtd, I receive the following errors:
	make[1]: Leaving directory `/home/wency/source/test/libvirt/src'
	 (cd daemon && make  top_distdir=../libvirt-0.8.8 distdir=../libvirt-0.8.8/daemon \
	     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)
	make[1]: Entering directory `/home/wency/source/test/libvirt/daemon'
	make[1]: *** No rule to make target `libvirtd.8.in', needed by `distdir'.  Stop.
	This bug was caused by commit 6db98a2d.

2011-03-09  Eric Blake  <eblake@redhat.com>

	docs: correct range of default NAT subnet
	* docs/formatdomain.html.in: Fix typo.

2011-03-09  Guido Günther  <agx@sigxcpu.org>

	virsh: Remove indirect link against libxml2
	as described at
	http://wiki.debian.org/ToolChain/DSOLinking
	https://fedoraproject.org/wiki/UnderstandingDSOLinkChange
	otherwise the build fails on current Debian unstable with:
	CCLD   virsh
	/usr/bin/ld: virsh-virsh.o: undefined reference to symbol 'xmlSaveTree@@LIBXML2_2.6.8'
	/usr/bin/ld: note: 'xmlSaveTree@@LIBXML2_2.6.8' is defined in DSO //usr/lib/libxml2.so.2 so try adding it to the linker command line
	//usr/lib/libxml2.so.2: could not read symbols: Invalid operation

2011-03-09  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Change option parsing functions to return tri-state information
	This is needed to detect situations when optional argument was
	specified with non-integer value: '--int-opt foo'. To keep functions
	uniform vshCommandOptString function was also changed, because it
	returns tri-state value as well. Given result pointer is updated only
	in case of success. If parsing fails, result is not updated at all.

	virsh: change vshCommandOptString return type and fix const-correctness
	This function should return pointer to const, because we don't want
	to change command option value. Therefore we can ensure const-correctness.

2011-03-09  Cole Robinson  <crobinso@redhat.com>

	docs/formatdomain: Add release info for disk <driver> attributes

2011-03-08  Daniel Veillard  <veillard@redhat.com>

	Fix build on cygwin
	Apparently some signals found on Unix are not exposed, this led
	to a compilation failure
	* src/util/logging.c: make code related to each signal dependant
	  upon the definition of that signal

2011-03-08  Wen Congyang  <wency@cn.fujitsu.com>

	support to detach USB disk

	rename qemuDomainDetachSCSIDiskDevice to qemuDomainDetachDiskDevice
	The way to detach a USB disk is the same as that to detach a SCSI
	disk. Rename this function and we can use it to detach a USB disk.

2011-03-08  Cole Robinson  <crobinso@redhat.com>

	qemu_hotplug: Reword error if spice password change not available
	Currently it sounds like spice is completely unsupported, which is
	confusing.

2011-03-08  Wen Congyang  <wency@cn.fujitsu.com>

	unlock eventLoop before calling callback function
	When I use newest libvirt to save a domain, libvirtd will be deadlock.
	Here is the output of gdb:
	(gdb) thread 3
	[Switching to thread 3 (Thread 0x7f972a1fc710 (LWP 30265))]#0  0x000000351fe0e034 in __lll_lock_wait () from /lib64/libpthread.so.0
	(gdb) bt
	    at qemu/qemu_driver.c:2074
	    ret=0x7f972a1fbbe0) at remote.c:2273
	(gdb) thread 7
	[Switching to thread 7 (Thread 0x7f9730bcd710 (LWP 30261))]#0  0x000000351fe0e034 in __lll_lock_wait () from /lib64/libpthread.so.0
	(gdb) bt
	(gdb) p *(virMutexPtr)0x6fdd60
	$2 = {lock = {__data = {__lock = 2, __count = 0, __owner = 30261, __nusers = 1, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}},
	    __size = "\002\000\000\000\000\000\000\000\065v\000\000\001", '\000' <repeats 26 times>, __align = 2}}
	(gdb) p *(virMutexPtr)0x1a63ac0
	$3 = {lock = {__data = {__lock = 2, __count = 0, __owner = 30265, __nusers = 1, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}},
	    __size = "\002\000\000\000\000\000\000\000\071v\000\000\001", '\000' <repeats 26 times>, __align = 2}}
	(gdb) info threads
	  7 Thread 0x7f9730bcd710 (LWP 30261)  0x000000351fe0e034 in __lll_lock_wait () from /lib64/libpthread.so.0
	  6 Thread 0x7f972bfff710 (LWP 30262)  0x000000351fe0b43c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
	  5 Thread 0x7f972b5fe710 (LWP 30263)  0x000000351fe0b43c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
	  4 Thread 0x7f972abfd710 (LWP 30264)  0x000000351fe0b43c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
	* 3 Thread 0x7f972a1fc710 (LWP 30265)  0x000000351fe0e034 in __lll_lock_wait () from /lib64/libpthread.so.0
	  2 Thread 0x7f97297fb710 (LWP 30266)  0x000000351fe0b43c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
	  1 Thread 0x7f9737aac800 (LWP 30260)  0x000000351fe0803d in pthread_join () from /lib64/libpthread.so.0
	The reason is that we will try to lock some object in callback function, and we may call event API with locking the same object.
	In the function virEventDispatchHandles(), we unlock eventLoop before calling callback function. I think we should
	do the same thing in the function virEventCleanupTimeouts() and virEventCleanupHandles().

2011-03-07  Daniel P. Berrange  <berrange@redhat.com>

	Expose event loop implementation as a public API
	Not all applications have an existing event loop they need
	to integrate with. Forcing them to implement the libvirt
	event loop integration APIs is an undue burden. This just
	exposes our simple poll() based implementation for apps
	to use. So instead of calling
	   virEventRegister(....callbacks...)
	The app would call
	   virEventRegisterDefaultImpl()
	And then have a thread somewhere calling
	    static bool quit = false;
	    ....
	    while (!quit)
	      virEventRunDefaultImpl()
	* daemon/libvirtd.c, tools/console.c,
	  tools/virsh.c: Convert to public event loop APIs
	* include/libvirt/libvirt.h.in, src/libvirt_private.syms: Add
	  virEventRegisterDefaultImpl and virEventRunDefaultImpl
	* src/util/event.c: Implement virEventRegisterDefaultImpl
	  and virEventRunDefaultImpl using poll() event loop
	* src/util/event_poll.c: Add full error reporting
	* src/util/virterror.c, include/libvirt/virterror.h: Add
	  VIR_FROM_EVENTS

	Move event code out of the daemon/ into src/util/
	The event loop implementation is used by more than just the
	daemon, so move it into the shared area.
	* daemon/event.c, src/util/event_poll.c: Renamed
	* daemon/event.h, src/util/event_poll.h: Renamed
	* tools/Makefile.am, tools/console.c, tools/virsh.c: Update
	  to use new virEventPoll APIs
	* daemon/mdns.c, daemon/mdns.c, daemon/Makefile.am: Update
	  to use new virEventPoll APIs

	Convert daemon/virsh over to use primary event APIs, rather than impl
	The daemon code calls virEventAddHandleImpl directly instead
	of calling the wrapper virEventAddHandle.
	* tools/console.c, daemon/libvirtd.c, daemon/mdns.c: Convert to
	  use primary event APIs

2011-03-07  Daniel Veillard  <veillard@redhat.com>

	Cleaning up some of the logging code
	* src/util/logging.c: fix virLogDumpAllFD() to avoid snprintf, simplify
	  the code and provide more useful signal descriptions. Also remove an
	  unused variable.

2011-03-06  Osier Yang  <jyang@redhat.com>

	qemu: Support vram for video of qxl type
	For qemu names the primary vga as "qxl-vga":
	  1) if vram is specified for 2nd qxl device:
	    -vga qxl -global qxl-vga.vram_size=$SIZE \
	    -device qxl,id=video1,vram_size=$SIZE,...
	  2) if vram is not specified for 2nd qxl device, (use the default
	     set by global):
	    -vga qxl -global qxl-vga.vram_size=$SIZE \
	    -device qxl,id=video1,...
	For qemu names all qxl devices as "qxl":
	  1) if vram is specified for 2nd qxl device:
	    -vga qxl -global qxl.vram_size=$SIZE \
	    -device qxl,id=video1,vram_size=$SIZE ...
	  2) if vram is not specified for 2nd qxl device:
	    -vga qxl -global qxl-vga.vram_size=$SIZE \
	    -device qxl,id=video1,...
	"-global" is the only way to define vram_size for the primary qxl
	device, regardless of how qemu names it, (It's not good a good
	way, as original idea of "-global" is to set a global default for
	a driver property, but to specify vram for first qxl device, we
	have to use it).
	For other qxl devices, as they are represented by "-device", could
	specify it directly and seperately for each, and it overrides the
	default set by "-global" if specified.
	v1 - v2:
	  * modify "virDomainVideoDefaultRAM" so that it returns 16M as the
	    default vram_size for qxl device.
	  * vram_size * 1024 (qemu accepts bytes for vram_size).
	  * apply default vram_size for qxl device for which vram_size is
	    not specified.
	  * modify "graphics-spice" tests (more sensiable vram_size)
	  * Add an argument of virDomainDefPtr type for qemuBuildVideoDevStr,
	    to use virDomainVideoDefaultRAM in qemuBuildVideoDevStr).
	v2 - v3:
	  * Modify default video memory size for qxl device from 16M to 24M
	  * Update codes to be consistent with changes on qemu_capabilities.*

2011-03-05  Phil Petty  <phpetty@cisco.com>

	fixes for several memory leaks

2011-03-04  Daniel Veillard  <veillard@redhat.com>

	Dump the debug buffer to libvirtd.log on fatal signal
	In case of imminent crash or upon request (signal USR2),
	dump the logging buffer to the libvirtd.log file for
	post-mortem analysis
	* daemon/libvirtd.c: create a sig_fatal() handler connected to
	  SIGFPE SIGSEGV SIGILL SIGABRT SIGBUS and SIGUSR2, just dumping
	  the log buffer using virLogEmergencyDumpAll

	Add an an internal API for emergency dump of debug buffer
	virLogEmergencyDumpAll() allows to dump the content of the
	debug buffer from within a signal handler. It saves to all
	log file or stderr if none is found
	* src/util/logging.h src/util/logging.c: add the new API
	  and cleanup the old virLogDump code
	* src/libvirt_private.syms: exports it as a private symbol

	Fix a counter bug in the log buffer
	* src/util/logging.c: the start pointer need to wrap around too

	Add logrotate support for libvirtd.log
	As the file may grow quite a bit especially with debug turned on.
	* daemon/libvirtd.logrotate.in daemon/Makefile.am libvirt.spec.in:
	  add new logrotate file for the daemon log

	Change default log policy to libvirtd.log instead of syslog
	Syslog is not the best place to go search for libvirt error
	logs, change it to a default file output libvirtd.log, but
	still keep standard error if not run as a daemon.
	Depending on whether it's run as root or user, the log is saved
	in the local state dir or in $HOME/.libvirt.
	* daemon/libvirtd.c: change default logging to go to libvirtd.log

	Force all logs to go to the round robbin memory buffer
	Initially only the log actually written out by libvirt were
	saved on the memory buffer, this patch forces all informations
	including info and debug to be saved in memory too. This is
	useful to get full data in case of crash.

2011-03-04  Laine Stump  <laine@laine.org>

	qemu: avoid corruption of domain hashtable and misuse of freed domains
	This was also found while investigating
	   https://bugzilla.redhat.com/show_bug.cgi?id=670848
	An EOF on a domain's monitor socket results in an event being queued
	to handle the EOF. The handler calls qemuProcessHandleMonitorEOF. If
	it is a transient domain, this leads to a call to
	virDomainRemoveInactive, which removes the domain from the driver's
	hashtable and unref's it. Nowhere in this code is the qemu driver lock
	acquired.
	However, all modifications to the driver's domain hashtable *must* be
	done while holding the driver lock, otherwise the hashtable can become
	corrupt, and (even more likely) another thread could call a different
	hashtable function and acquire a pointer to the domain that is in the
	process of being destroyed.
	To prevent such a disaster, qemuProcessHandleMonitorEOF must get the
	qemu driver lock *before* it gets the DomainObj's lock, and hold it
	until it is finished with the DomainObj. This guarantees that nobody
	else modifies the hashtable at the same time, and that anyone who had
	already gotten the DomainObj from the hashtable prior to this call has
	finished with it before we remove/destroy it.

	qemu: Add missing lock of virDomainObj before calling virDomainUnref
	This was found while researching the root cause of:
	https://bugzilla.redhat.com/show_bug.cgi?id=670848
	virDomainUnref should only be called with the lock held for the
	virDomainObj in question. However, when a transient qemu domain gets
	EOF on its monitor socket, it queues an event which frees the monitor,
	which unref's the virDomainObj without first locking it. If another
	thread has already locked the virDomainObj, the modification of the
	refcount could potentially be corrupted. In an extreme case, it could
	also be potentially unlocked by virDomainObjFree, thus left open to
	modification by anyone else who would have otherwise waited for the
	lock (not to mention the fact that they would be accessing freed
	data!).
	The solution is to have qemuMonitorFree lock the domain object right
	before unrefing it. Since the caller to qemuMonitorFree doesn't expect
	this lock to be held, if the refcount doesn't go all the way to 0,
	qemuMonitorFree must unlock it after the unref.

2011-03-04  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	AUTHORS: adjust to preferred spelling
	maybe sounds strange but I've used this signature for years.
	see http://en.wikipedia.org/wiki/Family_name

2011-03-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Escape password for XML
	Passwords are allowed to contain <, >, &, ', " characters.
	Those need to be replaced by the corresponding entities.
	Reported by Hereward Cooper.

2011-03-03  Eric Blake  <eblake@redhat.com>

	util: correct retry path in virFileOperation
	In virFileOperation, the parent does a fallback to a non-fork
	attempt if it detects that the child returned EACCES.  However,
	the child was calling _exit(-EACCES), which does _not_ appear
	as EACCES in the parent.
	* src/util/util.c (virFileOperation): Correctly pass EACCES from
	child to parent.

2011-03-03  Soren Hansen  <soren@linux2go.dk>

	Pass virSecurityManagerPtr to virSecurityDAC{Set, Restore}ChardevCallback
	virSecurityDAC{Set,Restore}ChardevCallback expect virSecurityManagerPtr,
	but are passed virDomainObjPtr instead. This makes
	virSecurityDACSetChardevLabel set a wrong uid/gid on chardevs. This
	patch fixes this behaviour.

2011-03-03  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	* .gnulib: Update to latest, for syntax-check improvement.
	* .x-sc_prohibit_empty_lines_at_EOF: Add more exemptions.

	maint: avoid long lines in more tests
	* tests/xml2sexprdata/*.sexpr: Add backslash-newlines.
	* tests/sexpr2xmldata/*.sexpr: Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-aio.args: Likewise.

2011-03-03  Jiri Denemark  <jdenemar@redhat.com>

	util: Allow removing hash entries in virHashForEach
	This fixes a possible crash of libvirtd during its startup. When qemu
	driver reconnects to running domains, it iterates over all domain
	objects in a hash. When reconnecting to an associated qemu monitor
	fails and the domain is transient, it's immediately removed from the
	hash. Despite the fact that it's explicitly forbidden to do so. If
	libvirtd is lucky enough, virHashForEach will access random memory when
	the callback finishes and the deamon will crash.
	Since it's trivial to fix virHashForEach to allow removal of hash
	entries while iterating through them, I went this way instead of fixing
	qemuReconnectDomain callback (and possibly others) to avoid deleting the
	entries.

2011-03-03  Daniel P. Berrange  <berrange@redhat.com>

	Attempt to improve an error message
	Replace the 'Unknown failure' error message with something a
	little bit more descriptive.
	* src/util/virterror.c: Improve error message

2011-03-02  Eric Blake  <eblake@redhat.com>

	qemu: avoid double close on domain restore
	qemudDomainSaveImageStartVM was evil - it closed the incoming fd
	argument on some, but not all, code paths, without informing the
	caller about that action.  No wonder that this resulted in
	double-closes: https://bugzilla.redhat.com/show_bug.cgi?id=672725
	* src/qemu/qemu_driver.c (qemudDomainSaveImageStartVM): Alter
	signature, to avoid double-close.
	(qemudDomainRestore, qemudDomainObjRestore): Update callers.

2011-03-02  Daniel P. Berrange  <berrange@redhat.com>

	add additional event debug points
	Followup to commit 2222bd24

2011-03-01  Eric Blake  <eblake@redhat.com>

	qemu: only request sound cgroup ACL when required
	When a SPICE or VNC graphics controller is present, and sound is
	piggybacked over a channel to the graphics device rather than
	directly accessing host hardware, then there is no need to grant
	host hardware access to that qemu process.
	* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Prevent sound with
	spice, and with vnc when vnc_allow_host_audio is 0.
	Reported by Daniel Berrange.

2011-02-28  Daniel P. Berrange  <berrange@redhat.com>

	Add check for kill() to fix build of cgroups on win32
	The kill() function doesn't exist on Win32, so it needs to be
	checked for at build time & code disabled in cgroups
	* configure.ac: Check for kill()
	* src/util/cgroup.c: Stub out virCGroupKill* functions
	  when kill() isn't available

2011-02-26  Michal Novotny  <minovotn@redhat.com>

	Add support for multiple serial ports into the Xen driver
	this is the patch to add support for multiple serial ports to the
	libvirt Xen driver. It support both old style (serial = "pty") and
	new style (serial = [ "/dev/ttyS0", "/dev/ttyS1" ]) definition and
	tests for xml2sexpr, sexpr2xml and xmconfig have been added as well.
	Written and tested on RHEL-5 Xen dom0 and working as designed but
	the Xen version have to have patch for RHBZ #614004 but this patch
	is for upstream version of libvirt.
	Also, this patch is addressing issue described in RHBZ #670789.

	Fix port value parsing for serial and parallel ports
	this is the patch to fix the virDomainChrDefParseTargetXML() functionality
	to parse the target port from XML if available. This is necessary for
	multiple serial port support which is the second part of this patch.

2011-02-25  Daniel P. Berrange  <berrange@redhat.com>

	Add APIs for killing off processes inside a cgroup
	The virCgroupKill method kills all PIDs found in a cgroup
	The virCgroupKillRecursively method does this recursively
	for child cgroups.
	The virCgroupKillPainfully method does a recursive kill
	several times in a row until everything has really died

	Allow hash tables to use generic pointers as keys
	Relax the restriction that the hash table key must be a string
	by allowing an arbitrary hash code generator + comparison func
	to be provided
	* util/hash.c, util/hash.h: Allow any pointer as a key
	* internal.h: Include stdbool.h as standard.
	* conf/domain_conf.c, conf/domain_conf.c,
	  conf/nwfilter_params.c, nwfilter/nwfilter_gentech_driver.c,
	  nwfilter/nwfilter_gentech_driver.h, nwfilter/nwfilter_learnipaddr.c,
	  qemu/qemu_command.c, qemu/qemu_driver.c,
	  qemu/qemu_process.c, uml/uml_driver.c,
	  xen/xm_internal.c: s/char */void */ in hash callbacks

	Remove deallocator parameter from hash functions
	Since the deallocator is passed into the constructor of
	a hash table it is not desirable to pass it into each
	function again. Remove it from all functions, but provide
	a virHashSteal to allow a item to be removed from a hash
	table without deleteing it.
	* src/util/hash.c, src/util/hash.h: Remove deallocator
	  param from all functions. Add virHashSteal
	* src/libvirt_private.syms: Add virHashSteal
	* src/conf/domain_conf.c, src/conf/nwfilter_params.c,
	  src/nwfilter/nwfilter_learnipaddr.c,
	  src/qemu/qemu_command.c, src/xen/xm_internal.c: Update
	  for changed hash API

	Make commandtest more robust wrt its execution environment
	When executed from cron, commandtest would fail to correctly
	identify daemon processes. Set session ID and process group
	IDs at startup to ensure we have a consistent environment to
	run in.
	* tests/commandtest.c: Call setsid() and setpgid()

2011-02-25  Philipp Hahn  <hahn@univention.de>

	Fix spelling mistake: seek
	Replace wrong "set" by correct "seek" in error message.

2011-02-25  Eric Blake  <eblake@redhat.com>

	audit: audit qemu pci and usb device passthrough
	* src/qemu/qemu_audit.h (qemuDomainHostdevAudit): New prototype.
	* src/qemu/qemu_audit.c (qemuDomainHostdevAudit): New function.
	(qemuDomainStartAudit): Call as appropriate.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachHostPciDevice)
	(qemuDomainAttachHostUsbDevice, qemuDomainDetachHostPciDevice)
	(qemuDomainDetachHostUsbDevice): Likewise.

	audit: audit qemu memory and vcpu adjusments
	* src/qemu/qemu_audit.h (qemuDomainMemoryAudit)
	(qemuDomainVcpuAudit): New prototypes.
	* src/qemu/qemu_audit.c (qemuDomainResourceAudit)
	(qemuDomainMemoryAudit, qemuDomainVcpuAudit): New functions.
	(qemuDomainStartAudit): Call as appropriate.
	* src/qemu/qemu_driver.c (qemudDomainSetMemory)
	(qemudDomainHotplugVcpus): Likewise.

	audit: add qemu hooks for auditing cgroup events
	* src/qemu/qemu_audit.h (qemuDomainCgroupAudit): New prototype.
	* src/qemu/qemu_audit.c (qemuDomainCgroupAudit): Implement it.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Add audit.
	* src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow)
	(qemuSetupChardevCgroup, qemuSetupHostUsbDeviceCgroup)
	(qemuSetupCgroup, qemuTeardownDiskPathDeny): Likewise.

	audit: prepare qemu for listing vm in cgroup audits
	* src/qemu/qemu_cgroup.h (struct qemuCgroupData): New helper type.
	(qemuSetupDiskPathAllow, qemuSetupChardevCgroup)
	(qemuTeardownDiskPathDeny): Drop unneeded prototypes.
	(qemuSetupDiskCgroup, qemuTeardownDiskCgroup): Adjust prototype.
	* src/qemu/qemu_cgroup.c
	(qemuSetupDiskPathAllow, qemuSetupChardevCgroup)
	(qemuTeardownDiskPathDeny): Mark static and use new type.
	(qemuSetupHostUsbDeviceCgroup): Use new type.
	(qemuSetupDiskCgroup): Alter signature.
	(qemuSetupCgroup): Adjust caller.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachHostUsbDevice)
	(qemuDomainDetachPciDiskDevice, qemuDomainDetachSCSIDiskDevice):
	Likewise.
	* src/qemu/qemu_driver.c (qemudDomainAttachDevice)
	(qemuDomainUpdateDeviceFlags): Likewise.

	cgroup: determine when skipping non-devices
	* src/util/cgroup.c (virCgroupAllowDevicePath)
	(virCgroupDenyDevicePath): Don't fail with EINVAL for
	non-devices.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update caller.
	* src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow)
	(qemuSetupChardevCgroup, qemuSetupHostUsbDeviceCgroup)
	(qemuSetupCgroup, qemuTeardownDiskPathDeny): Likewise.

	virExec: avoid uninitialized memory usage
	valgrind warns:
	==21079== Syscall param rt_sigaction(act->sa_mask) points to uninitialised byte(s)
	==21079==    at 0x329840F63E: __libc_sigaction (sigaction.c:67)
	==21079==    by 0x4E5A8E7: __virExec (util.c:661)
	Regression introduced in commit ab07533e.  Technically, sa_mask
	shouldn't affect operation if sa_flags selects sa_handler, and
	sa_handler selects SIG_IGN, but better safe than sorry.
	* src/util/util.c (__virExec): Supply missing sigemptyset.

2011-02-24  Daniel P. Berrange  <berrange@redhat.com>

	Allow 32-on-64 execution for LXC guests
	Using the 'personality(2)' system call, we can make a container
	on an x86_64 host appear to be i686. Likewise for most other
	Linux 64bit arches.
	* src/lxc/lxc_conf.c: Fill in 32bit capabilities for x86_64 hosts
	* src/lxc/lxc_container.h, src/lxc/lxc_container.c: Add API to
	  check if an arch has a 32bit alternative
	* src/lxc/lxc_controller.c: Set the process personality when
	  starting guest

	Put <stdbool.h> into internal.h so it is available everywhere
	Remove the <stdbool.h> header from all source files / headers
	and just put it into internal.h
	* src/internal.h: Add <stdbool.h>

2011-02-24  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Switch over command line capabilities to virBitmap
	This is done for two reasons:
	- we are getting very close to 64 flags which is the maximum we can use
	  with unsigned long long
	- by using LL constants in enum we already violates C99 constraint that
	  enum values have to fit into int

	qemu: Rename qemud\?CmdFlags to qemuCaps
	The new name complies more with the fact that it contains a set of
	qemuCapsFlags.

	qemu: Use helper functions for handling cmd line capabilities
	Three new functions (qemuCapsSet, qemuCapsClear, and qemuCapsGet) were
	introduced replacing direct bit operations.

	qemu: Rename QEMUD_CMD_FLAG_* to QEMU_CAPS_*
	The new names comply more with the fact that they are all members of
	enum qemuCapsFlags.

	util: Add API for converting virBitmap into printable string

	util: Use unsigned long as a base type for virBitmap

2011-02-23  Daniel P. Berrange  <berrange@redhat.com>

	Expose name + UUID to LXC containers via env variables
	When spawning 'init' in the container, set
	  LIBVIRT_LXC_UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
	  LIBVIRT_LXC_NAME=YYYYYYYYYYYY
	to allow guest software to detect & identify that they
	are in a container
	* src/lxc/lxc_container.c: Set LIBVIRT_LXC_UUID and
	  LIBVIRT_LXC_NAME env vars

	Fix discard of expected errors
	In a couple of commands virsh catches & ignores errors, but fails
	to reset last_error. Thus the error is ignored, but still reported
	to the user.
	* tools/virsh.c: Reset last_error if ignoring an error

	Fix off-by-1 in virFileAbsPath.
	The virFileAbsPath was not taking into account the '/' directory
	separator when allocating memory for combining cwd + path. Convert
	to use virAsprintf to avoid this type of bug completely.
	* src/util/util.c: Convert virFileAbsPath to use virAsprintf

	Fix group/mode for /dev/pts inside LXC container
	Normal practice for /dev/pts is to have it mode=620,gid=5
	but LXC was leaving mode=000,gid=0 preventing unprivilegd
	users in the guest use of PTYs
	* src/lxc/lxc_controller.c: Fix /dev/pts setup

2011-02-23  Eric Blake  <eblake@redhat.com>

	security: avoid memory leak
	Leak introduced in commit d6623003.
	* src/qemu/qemu_driver.c (qemuSecurityInit): Avoid leak on failure.
	* src/security/security_stack.c (virSecurityStackClose): Avoid
	leaking component drivers.

2011-02-22  Roopa Prabhu  <roprabhu@cisco.com>

	802.1Qbh: Delay IFF_UP'ing interface until migration final stage
	Current code does an IFF_UP on a 8021Qbh interface immediately after a port
	profile set. This is ok in most cases except when its the migration prepare
	stage. During migration we want to postpone IFF_UP'ing the interface on the
	destination host until the source host has disassociated the interface.
	This patch moves IFF_UP of the interface to the final stage of migration.
	The motivation for this change is to postpone any addr registrations on the
	destination host until the source host has done the addr deregistrations.
	While at it, for symmetry with associate move ifDown of a 8021Qbh interface
	to before disassociate

2011-02-22  Osier Yang  <jyang@redhat.com>

	storage: make debug log more useful
	"__func__" is useless there, as VIR_DEBUG will print the function
	name.
	* src/storage/storage_backend_mpath.c

	virsh: replace vshPrint with vshPrintExtra for snapshot list Otherwise extra information will be printed even if "--quiet" is specified.
	* tools/virsh.c

2011-02-22  Wen Congyang  <wency@cn.fujitsu.com>

	check device-mapper when building with mpath or disk storage driver
	Currently, we need virIsDevMapperDevice() when we build libvirt with
	disk or mpath storage drivers.  So we should check device-mapper-devel
	when we build with disk storage driver but without mpath storage
	driver.

2011-02-22  Eric Blake  <eblake@redhat.com>

	build: add dependency on gnutls-utils
	* libvirt.spec.in (Requires): Add gnutls-utils, for virt-pki-validate.
	Suggested by Daniel P. Berrange.

2011-02-22  Markus Groß  <gross@univention.de>

	Renamed functions in xenxs

	Moved XM formatting functions to xenxs

	Moved XM parsing functions to xenxs

	Moved SEXPR formatting functions to xenxs

	Moved SEXPR parsing functions to xenxs

	Moved some SEXPR functions from xen-unified

	Moved SEXPR unit to utils

2011-02-22  Wen Congyang  <wency@cn.fujitsu.com>

	protect the scsi controller to be deleted when it is in use
	Steps to reproduce this bug:
	1. virsh attach-disk domain --source imagefile --target sdb --sourcetype file --driver qemu --subdriver raw
	2. virsh detach-device controller.xml # remove scsi controller 0
	3. virsh detach-disk domain sdb
	   error: Failed to detach disk
	   error: operation failed: detaching scsi0-0-1 device failed: Device 'scsi0-0-1' not found
	I think we should not detach a controller when it is used by some other device.

2011-02-22  Eric Blake  <eblake@redhat.com>

	maint: fix grammar in error message
	* python/tests/create.py: Use correct wording.

2011-02-22  Dan Kenigsberg  <danken@redhat.com>

	virt-*-validate.in: quote all variable references
	Alas, the shell is not a real programming language.
	Patch generated by manual confirmation of vim's
	s/[^"]\@<=\$\S\+\s\@=/"&"/gc
	and
	s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches.
	This patch generate a lot of noise and carries little benefits, as
	I do not really expect $PKI to contain spaces or backticks. I'm just
	fuming, and would not really mind if this patch is ignored

	virt-pki-validate: behave when CERTTOOL is missing

2011-02-22  Eric Blake  <eblake@redhat.com>

	autobuild.sh: use VPATH build
	Try to avoid future regressions on the VPATH front.
	* autobuild.sh: Uncomment VPATH use.
	* .gitignore: Exclude build directory.

	maint: fix 'make dist' in VPATH build
	A diff of 'make dist' from in-tree vs. a VPATH build showed
	that we were missing docs/api_extension/*.patch files, but
	shipping other files that we didn't need.
	* bootstrap.conf (gnulib_extra_files): Don't distribute files we
	don't care about.
	* docs/Makefile.am (patches): Perform wildcard correctly.

	build: don't require pod2man for tarball builds
	Right now, 'man libvirtd' includes information that depends on
	configure results, so it must be generated on the fly and live
	in $(builddir); however, requiring pod2man on all end user
	machines is overkill.  Meanwhile, 'man virsh' doesn't mention
	any configure results, so it can be built at 'make dist' time.
	If that situation changes in the future, we can generate virsh.1
	in the same way that we generate libvirtd.8.
	* daemon/Makefile.am (libvirtd.8.in): New rule, to run pod2man in
	advance of distribution.
	(libvirtd.8): Use only sed from tarball.
	(EXTRA_DIST): Ship new file.
	(libvirtd.pod): Delete unused rule.
	(man8_MANS): Let automake know which section to use.
	(CLEANFILES, MAINTAINERCLEANFILES): Adjust to new files.
	* tools/Makefile.am (dist_man1_MANS): Distribute pre-built man
	pages, fine since they don't require any substitution.
	(virt-xml-validate.1, virt-pki-validate.1): Change input source.
	(virsh.1): Build into srcdir.
	(CLEANFILES, MAINTAINERCLEANFILES): Adjust to new build style.
	* daemon/.gitignore: Update.
	Reported by Diego Elio Pettenò.

2011-02-21  Eric Blake  <eblake@redhat.com>

	maint: kill all remaining uses of old DEBUG macro
	Done mechanically with:
	$ git grep -l '\bDEBUG0\? *(' | xargs -L1 sed -i 's/\bDEBUG0\? *(/VIR_&/'
	followed by manual deletion of qemudDebug in daemon/libvirtd.c, along
	with a single 'make syntax-check' fallout in the same file, and the
	actual deletion in src/util/logging.h.
	* src/util/logging.h (DEBUG, DEBUG0): Delete.
	* daemon/libvirtd.h (qemudDebug): Likewise.
	* global: Change remaining clients over to VIR_DEBUG counterpart.

	hash: make virHashFree more free-like
	Two-argument free functions are uncommon; match the style elsewhere
	by caching the callback at creation.
	* src/util/hash.h (virHashCreate, virHashFree): Move deallocator
	argument to creation.
	* cfg.mk (useless_free_options): Add virHashFree.
	* src/util/hash.c (_virHashTable): Track deallocator.
	(virHashCreate, virHashFree): Update to new signature.
	* src/conf/domain_conf.c (virDomainObjListDeinit)
	(virDomainObjListInit, virDomainDiskDefForeachPath)
	(virDomainSnapshotObjListDeinit, virDomainSnapshotObjListInit):
	Update callers.
	* src/conf/nwfilter_params.c (virNWFilterHashTableFree)
	(virNWFilterHashTableCreate): Likewise.
	* src/conf/nwfilter_conf.c (virNWFilterTriggerVMFilterRebuild):
	Likewise.
	* src/cpu/cpu_generic.c (genericHashFeatures, genericBaseline):
	Likewise.
	* src/xen/xm_internal.c (xenXMOpen, xenXMClose): Likewise.
	* src/nwfilter/nwfilter_learnipaddr.c (virNWFilterLearnInit)
	(virNWFilterLearnShutdown): Likewise.
	* src/qemu/qemu_command.c (qemuDomainPCIAddressSetCreate)
	(qemuDomainPCIAddressSetFree): Likewise.
	* src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Likewise.

2011-02-21  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix API docs generation in VPATH build
	XSLT allows for two ways of generating the output of transformation.
	Either implicit, which xsltproc prints to stdout and can be redirected
	to a file using -o file. Or explicit, which means the stylesheet
	contains <xsl:document> element which specifies where the output should
	be saved. This can be used for generating more files by a single run of
	xsltproc and -o directory/ can change the directory where the output
	files will be stored.
	devhelp.xsl is special in that it combines both options in one
	stylesheet, which doesn't work well with -o:
	xsltproc --nonet -o ./devhelp/ ./devhelp/devhelp.xsl ./libvirt-api.xml
	Outputs 4 *.html files into ./devhelp but then tries to write to
	./devhelp/ as a file (hence the I/O error) rather than writing output to
	the fifth file devhelp/libvirt.devhelp.
	This patch modifies devhelp.xsl so that all files are generated using
	<xsl:document> element and -o directory/ can be used to override output
	directory where those files are saved.

2011-02-21  Daniel P. Berrange  <berrange@redhat.com>

	Remove all object hashtable caches from virConnectPtr
	The virConnectPtr struct will cache instances of all other
	objects. APIs like virDomainLookupByUUID will return a
	cached object, so if you do virDomainLookupByUUID twice in
	a row, you'll get the same exact virDomainPtr instance.
	This does not have any performance benefit, since the actual
	logic in virDomainLookupByUUID (and other APIs returning
	virDomainPtr, etc instances) is not short-circuited. All
	it does is to ensure there is only one single virDomainPtr
	in existance for any given UUID.
	The caching has a number of downsides though, all relating
	to stale data. If APIs aren't careful to always overwrite
	the 'id' field in virDomainPtr it may become out of data.
	Likewise for the name field, if a guest is renamed, or if
	a guest is deleted, and then a new one created with the
	same UUID but different name.
	This has been an ongoing, endless source of bugs for all
	applications using libvirt from languages with garbage
	collection, causing them to get virDomainPtr instances
	from long ago with stale data.
	The caching is also a waste of memory resources, since
	both applications, and language bindings often maintain
	their own hashtable caches of object instances.
	This patch removes all the hash table caching, so all
	APIs return brand new virDomainPtr (etc) object instances.
	* src/datatypes.h: Delete all hash tables.
	* src/datatypes.c: Remove all object caching code

2011-02-19  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: enable rejection of packets
	This patch adds the possibility to not just drop packets, but to also have them rejected where iptables at least sends an ICMP msg back to the originator. On ebtables this again maps into dropping packets since rejecting is not supported.
	I am adding 'since 0.8.9' to the docs assuming this will be the next version of libvirt.

2011-02-19  Guido Günther  <agx@sigxcpu.org>

	Drop empty argument from dnsmasq call
	since dnsmasq >= 2.56 now bails out with empty arguments. See
	    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613944
	for the Debian bug and
	    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589885
	for the upstream reasoning.

2011-02-19  Eric Blake  <eblake@redhat.com>

	build: fix broken mingw cross-compilation
	Two regressions:
	Commit df1011ca broke builds for systems that lack devmapper
	(non-Linux, as well as Linux with ./autogen.sh --without-libvirtd
	and without the libraries present).
	Commit ce6fd650 broke cross-compilation, due to a gnulib bug.
	* .gnulib: Update to latest, for cross-compilation fix.
	* src/util/util.c (virIsDevMapperDevice): Provide stub for
	platforms not using storage driver.
	* configure.ac (devmapper): Arrange to define HAVE_LIBDEVMAPPER_H.
	devmapper issue reported by Wen Congyang.

2011-02-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Ignore malformed host UUID from BIOS
	Etienne Gosset reported that libvirt fails to connect to his ESX
	server because it failed to parse its malformed host UUID, that
	contains an additional space and lacks one hexdigit in the last
	group:
	xxxxxxxx-xxxx-xxxx-xxxx- xxxxxxxxxxx
	Don't treat this as a fatal error, just ignore it.

2011-02-19  Michal Privoznik  <mprivozn@redhat.com>

	virsh: freecell --all getting wrong NUMA nodes count
	Virsh freecell --all was not only getting wrong NUMA nodes count, but
	even the NUMA nodes IDs. They doesn't have to be continuous, as I've
	found out during testing this. Therefore a modification of
	nodeGetCellsFreeMemory() error message.

2011-02-19  Eric Blake  <eblake@redhat.com>

	build: speed up non-maintainer builds
	* configure.ac (gl_ASSERT_NO_GNULIB_POSIXCHECK): Use to reduce
	time spent in configure.

2011-02-18  Eric Blake  <eblake@redhat.com>

	build: recompute symbols after changing configure options
	$ ./configure
	...
	$ make
	...
	  GEN    libvirt.syms
	...
	$ ./configure --with-driver-modules
	...
	$ make
	...
	libvirt.syms doesn't get regenerated but it should as it should
	contain virDriverLoadModule now.
	* src/Makefile.am (libvirt.syms): Depend on configure changes.
	Reported by Matthias Bolte.

2011-02-18  Jiri Denemark  <jdenemar@redhat.com>

	maint: Expand tabs in python code
	Also cfg.mk is tweaked to force this for all future changes to *.py
	files.

2011-02-18  Osier Yang  <jyang@redhat.com>

	Requires gettext for client package
	libvirt-guests invokes functions in gettext.sh, so we need to
	require gettext package in spec file.
	Demo with the fix:
	% rpm -q gettext
	package gettext is not installed
	% rpm -ivh libvirt-client-0.8.8-1.fc14.x86_64.rpm
	error: Failed dependencies:
		gettext is needed by libvirt-client-0.8.8-1.fc14.x86_64
	* libvirt.spec.in

2011-02-18  Jim Fehlig  <jfehlig@novell.com>

	Do not add drive 'boot=on' param when a kernel is specified
	libvirt-tck was failing several domain tests [1] with qemu 0.14, which
	is now less tolerable of specifying 2 bootroms with the same boot index [2].
	Drop the 'boot=on' param if kernel has been specfied.
	[1] https://www.redhat.com/archives/libvir-list/2011-February/msg00559.html
	[2] http://lists.nongnu.org/archive/html/qemu-devel/2011-02/msg01892.html

2011-02-18  Christophe Fergeau  <teuf@gnome.org>

	remove duplicated call to reportOOMError

	remove space between function name and (
	There were several occurrences of an extra space inserted between
	a function name and the ( opening the argument list in
	datatypes.c. This is not consistent with the coding style used in
	the rest of this file so removing this extra space makes the
	code slightly more readable.

	don't check for NULL before calling virHashFree
	virHashFree follows the convention described in HACKING that
	XXXFree() functions can be called with a NULL argument.

	remove no longer needed calls to virReportOOMError
	Now that the virHash handling functions call virReportOOMError by
	themselves when needed, users of the virHash API no longer need to
	do it by themselves. Since users of the virHash API were not
	consistently calling virReportOOMError after memory failures from
	the virHash code, this has the added benefit of making OOM
	reporting from this code more consistent and reliable.

	factor common code in virHashAddEntry and virHashUpdateEntry
	The only difference between these 2 functions is that one errors
	out when the entry is already present while the other modifies
	the existing entry. Add an helper function with a boolean argument
	indicating whether existing entries should be updated or not, and
	use this helper in both functions.

	add hash table rebalancing in virHashUpdateEntry
	The code in virHashUpdateEntry and virHashAddEntry is really
	similar. However, the latter rebalances the hash table when
	one of its buckets contains too many elements while the former
	does not. Fix this discrepancy.

2011-02-18  Eric Blake  <eblake@redhat.com>

	hash: modernize debug code
	* src/util/hash.c (virHashGrow) [DEBUG_GROW]: Use modern logging.
	Reported by Christophe Fergeau.

	build: improve 'make install' for VPATH builds
	This still doesn't fix {html,devhelp}/libvirt-{libvirt-virterror}.html,
	but it's progress in the right direction.
	* docs/Makefile.am (%.html): Build into srcdir.

2011-02-18  Wen Congyang  <wency@cn.fujitsu.com>

	check more error info about whether drive_add failed
	When we attach a disk, but we specify a wrong format of disk image,
	qemu monitor command drive_add will fail, but libvirt does not detect
	this error.

2011-02-18  Eric Blake  <eblake@redhat.com>

	logging: make VIR_ERROR and friends preserve errno
	Followup to commit 17e19add, and would have prevented the bug
	independently fixed in commit 76c57a7c.
	* src/util/logging.c (virLogMessage): Preserve errno, since
	logging should be as unintrusive as possible.

	maint: avoid 'make syntax-check' from tarball
	* .gnulib: update to latest gnulib for maint.mk fixes

2011-02-18  Laine Stump  <laine@laine.org>

	Give each virtual network bridge its own fixed MAC address
	This fixes https://bugzilla.redhat.com/show_bug.cgi?id=609463
	The problem was that, since a bridge always acquires the MAC address
	of the connected interface with the numerically lowest MAC, as guests
	are started and stopped, it was possible for the MAC address to change
	over time, and this change in the network was being detected by
	Windows 7 (it sees the MAC of the default route change), so on each
	reboot it would bring up a dialog box asking about this "new network".
	The solution is to create a dummy tap interface with a MAC guaranteed
	to be lower than any guest interface's MAC, and attach that tap to the
	bridge as soon as it's created. Since all guest MAC addresses start
	with 0xFE, we can just generate a MAC with the standard "0x52, 0x54,
	0" prefix, and it's guaranteed to always win (physical interfaces are
	never connected to these bridges, so we don't need to worry about
	competing numerically with them).
	Note that the dummy tap is never set to IFF_UP state - that's not
	necessary in order for the bridge to take its MAC, and not setting it
	to UP eliminates the clutter of having an (eg) "virbr0-nic" displayed
	in the output of the ifconfig command.
	I chose to not auto-generate the MAC address in the network XML
	parser, as there are likely to be consumers of that API that don't
	need or want to have a MAC address associated with the
	bridge.
	Instead, in bridge_driver.c when the network is being defined, if
	there is no MAC, one is generated. To account for virtual network
	configs that already exist when upgrading from an older version of
	libvirt, I've added a %post script to the specfile that searches for
	all network definitions in both the config directory
	(/etc/libvirt/qemu/networks) and the state directory
	(/var/lib/libvirt/network) that are missing a mac address, generates a
	random address, and adds it to the config (and a matching address to
	the state file, if there is one).
	docs/formatnetwork.html.in: document <mac address.../>
	docs/schemas/network.rng: add nac address to schema
	libvirt.spec.in: %post script to update existing networks
	src/conf/network_conf.[ch]: parse and format <mac address.../>
	src/libvirt_private.syms: export a couple private symbols we need
	src/network/bridge_driver.c:
	    auto-generate mac address when needed,
	    create dummy interface if mac address is present.
	tests/networkxml2xmlin/isolated-network.xml
	tests/networkxml2xmlin/routed-network.xml
	tests/networkxml2xmlout/isolated-network.xml
	tests/networkxml2xmlout/routed-network.xml: add mac address to some tests

	Allow brAddTap to create a tap device that is down
	An upcoming patch has a use for a tap device to be created that
	doesn't need to be actually put into the "up" state, and keeping it
	"down" keeps the output of ifconfig from being unnecessarily cluttered
	(ifconfig won't show down interfaces unless you add "-a").
	bridge.[ch]: add "up" as an arg to brAddTap()
	uml_conf.c, qemu_command.c: add "up" (set to "true") to brAddTap() call.

	Add txmode attribute to interface XML for virtio backend
	This is in response to:
	   https://bugzilla.redhat.com/show_bug.cgi?id=629662
	Explanation
	qemu's virtio-net-pci driver allows setting the algorithm used for tx
	packets to either "bh" or "timer". This is done by adding ",tx=bh" or
	",tx=timer" to the "-device virtio-net-pci" commandline option.
	'bh' stands for 'bottom half'; when this is set, packet tx is all done
	in an iothread in the bottom half of the driver. (In libvirt, this
	option is called the more descriptive "iothread".)
	'timer' means that tx work is done in qemu, and if there is more tx
	data than can be sent at the present time, a timer is set before qemu
	moves on to do other things; when the timer fires, another attempt is
	made to send more data. (libvirt retains the name "timer" for this
	option.)
	The resulting difference, according to the qemu developer who added
	the option is:
	    bh makes tx more asynchronous and reduces latency, but potentially
	    causes more processor bandwidth contention since the cpu doing the
	    tx isn't necessarily the cpu where the guest generated the
	    packets.
	Solution
	This patch provides a libvirt domain xml knob to change the option on
	the qemu commandline, by adding a new attribute "txmode" to the
	<driver> element that can be placed inside any <interface> element in
	a domain definition. It's use would be something like this:
	    <interface ...>
	      ...
	      <model type='virtio'/>
	      <driver txmode='iothread'/>
	      ...
	    </interface>
	I chose to put this setting as an attribute to <driver> rather than as
	a sub-element to <tune> because it is specific to the virtio-net
	driver, not something that is generally usable by all network drivers.
	(note that this is the same placement as the "driver name=..."
	attribute used to choose kernel vs. userland backend for the
	virtio-net driver.)
	Actually adding the tx=xxx option to the qemu commandline is only done
	if the version of qemu being used advertises it in the output of
	    qemu -device virtio-net-pci,?
	If a particular txmode is requested in the XML, and the option isn't
	listed in that help output, an UNSUPPORTED_CONFIG error is logged, and
	the domain fails to start.

	Restructure domain struct interface "driver" data for easier expansion
	When the <driver> element (and its "name" attribute) was added to the
	domain XML's interface element, a "backend" enum was simply added to
	the toplevel of the virDomainNetDef struct.
	Ignoring the naming inconsistency ("name" vs. "backend"), this is fine
	when there's only a single item contained in the driver element of the
	XML, but doesn't scale well as we add more attributes that apply to
	the backend of the virtio-net driver, or add attributes applicable to
	other drivers.
	This patch changes virDomainNetDef in two ways:
	1) Rename the item in the struct from "backend" to "name", so that
	   it's the same in the XML and in the struct, hopefully avoiding
	   confusion for someone unfamiliar with the function of the
	   attribute.
	2) Create a "driver" union within virDomainNetDef, and a "virtio"
	   struct in that struct, which contains the "name" enum value.
	3) Move around the virDomainNetParse and virDomainNetFormat functions
	   to allow for simple plugin of new attributes without disturbing
	   existing code. (you'll note that this results in a seemingly
	   redundant if() in the format function, but that will no longer be
	   the case as soon as a 2nd attribute is added).
	In the future, new attributes for the virtio driver backend can be
	added to the "virtio" struct, and any other network device backend that
	needs an attribute will have its own struct added to the "driver"
	union.

2011-02-17  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix VPATH build
	Even VPATH make dist succeeds now

2011-02-17  Daniel P. Berrange  <berrange@redhat.com>

	Move all the QEMU migration code to a new file
	The introduction of the v3 migration protocol, along with
	support for migration cookies, will significantly expand
	the size of the migration code. Move it all to a separate
	file to make it more manageable
	The functions are not moved 100%. The API entry points
	remain in the main QEMU driver, but once the public
	virDomainPtr is resolved to the internal virDomainObjPtr,
	all following code is moved.
	This will allow the new v3 API entry points to call into the
	same shared internal migration functions
	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add
	  qemuDomainFormatXML helper method
	* src/qemu/qemu_driver.c: Remove all migration code
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Add
	  all migration code.

	Split all QEMU process mangement code into separate file
	Move the qemudStartVMDaemon and qemudShutdownVMDaemon
	methods into a separate file, renaming them to
	qemuProcessStart, qemuProcessStop. All helper methods
	called by these are also moved & renamed to match
	* src/Makefile.am: Add qemu_process.c/.h
	* src/qemu/qemu_command.c: Add qemuDomainAssignPCIAddresses
	* src/qemu/qemu_command.h: Add VNC port min/max
	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add
	  domain event queue helpers
	* src/qemu/qemu_driver.c, src/qemu/qemu_driver.h: Remove
	  all QEMU process startup/shutdown functions
	* src/qemu/qemu_process.c, src/qemu/qemu_process.h: Add
	  all QEMU process startup/shutdown functions

2011-02-17  Osier Yang  <jyang@redhat.com>

	storage: Allow to delete device mapper disk partition
	The name convention of device mapper disk is different, and 'parted'
	can't be used to delete a device mapper disk partition. e.g.
	Name                 Path
	-----------------------------------------
	3600a0b80005ad1d7000093604cae912fp1 /dev/mapper/3600a0b80005ad1d7000093604cae912fp1
	Error: Expecting a partition number.
	This patch introduces 'dmsetup' to fix it.
	Changes:
	  - New function "virIsDevMapperDevice" in "src/utils/utils.c"
	  - remove "is_dm_device" in "src/storage/parthelper.c", use
	    "virIsDevMapperDevice" instead.
	  - Requires "device-mapper" for 'with-storage-disk" in "libvirt.spec.in"
	  - Check "dmsetup" in 'configure.ac' for "with-storage-disk"
	  - Changes on "src/Makefile.am" to link against libdevmapper
	  - New entry for "virIsDevMapperDevice" in "src/libvirt_private.syms"
	Changes from v1 to v3:
	  - s/virIsDeviceMapperDevice/virIsDevMapperDevice/g
	  - replace "virRun" with "virCommand"
	  - sort the list of util functions in "libvirt_private.syms"
	  - ATTRIBUTE_NONNULL(1) for virIsDevMapperDevice declaration.
	e.g.
	Name                 Path
	-----------------------------------------
	3600a0b80005ad1d7000093604cae912fp1 /dev/mapper/3600a0b80005ad1d7000093604cae912fp1
	Vol /dev/mapper/3600a0b80005ad1d7000093604cae912fp1 deleted
	Name                 Path
	-----------------------------------------

2011-02-17  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.8
	* configure.ac docs/news.html.in libvirt.spec.in: bump version and add docs
	* po/*.po*: updated Gujarati, Polish and Dutch localisations and regenerated

2011-02-17  Osier Yang  <jyang@redhat.com>

	qemu: Error prompt when saving a shutoff domain
	"qemudDomainSaveFlag" goto wrong label "endjob", which will cause
	error when security manager trying to restore label (regression).
	As it's more reasonable to check if vm is shutoff immediately, and
	return right away if it is, remove the checking in "qemudDomainSaveFlag",
	and add checking in "qemudDomainSave".
	* src/qemu/qemu_driver.c

2011-02-17  Eric Blake  <eblake@redhat.com>

	maint: delete unused 'make install' step
	Libxml2-Logo-90x34.gif was removed from the repository in Sep 2009
	(commit d6d528c) because our docs no longer reference it.
	* docs/Makefile.am (install-data-local): Don't install missing file.

2011-02-16  Eric Blake  <eblake@redhat.com>

	cgroup: preserve correct errno on failure
	* src/util/cgroup.c (virCgroupSetValueStr, virCgroupGetValueStr)
	(virCgroupRemoveRecursively): VIR_DEBUG can clobber errno.
	(virCgroupRemove): Use VIR_DEBUG rather than DEBUG.

2011-02-16  Zdenek Styblik  <stybla@turnovfree.net>

	Update czech localization

2011-02-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix command line generation with faked host CPU
	The code expected that host CPU architecture matches the architecture on
	which libvirt runs. This is normally true but not in tests, where host
	CPU is faked to produce consistent results.

	tests: Fake host capabilities properly
	Since we fake host CPU we should also fake host arch instead of taking
	the real architecture tests are running on.

2011-02-16  Eric Blake  <eblake@redhat.com>

	docs: fix typos
	* docs/drvopenvz.html.in: Spell administrator correctly.
	* docs/drvuml.html.in: Likewise.
	* src/qemu/qemu.conf: Likewise.  Fix other typos, too.

2011-02-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	Avoid empty strings when --with-packager(-version) is not specified
	Make with_packager and with_packager_version default to "no". This way
	--without-packager-version (as shorthand for --with-packager(-version)=no)
	works correctly too.
	Prior to this patch libvirt outputs a line like this when
	--with-packager(-version) was not specified
	# ./daemon/libvirtd
	14:11:15.018: 31796: info : libvirt version: 0.8.8, package:  ()
	Now the unspecified parts are correctly omitted.
	Reported by Osier Yang.

2011-02-16  Eric Blake  <eblake@redhat.com>

	build: address clang reports about virCommand
	clang had 5 reports against virCommand; three were false positives
	(a NULL deref in ProcessIO solved by sa_assert, and two uninitialized
	memory operations solved by adding an initializer), but two were real.
	* src/util/command.c (virCommandProcessIO): Fix real bug of
	possible NULL dereference.  Teach clang that buf is never NULL.
	(virCommandRun): Teach clang that infd is only ever accessed when
	initialized.

	build: silence some clang warnings
	* tools/virsh.c (cmdHelp): Kill dead variables.

	qemu: don't mask real error with oom report
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Don't report oom
	after qemuBuildControllerDevStr, which reported its own errors.

	qemu: avoid NULL derefs
	The processWatchdogEvent fix is real, although it can only trigger
	on OOM, since bad things happen if doCoreDump is called with a NULL
	pathname argument.  The other fixes silence clang, but aren't a real
	bug because virReportErrorHelper tolerates a NULL format string even
	though *printf does not.
	* src/qemu/qemu_driver.c (processWatchdogEvent): Exit on OOM.
	(qemuDomainIsActive, qemuDomainIsPersistent, qemuDomainIsUpdated):
	Provide valid message.

	virDomainMemoryStats: avoid null dereference
	* src/libvirt.c (virDomainMemoryStats): Check domain before flags.

2011-02-15  Justin Clift  <jclift@redhat.com>

	docs: added link for nimbus to apps page

2011-02-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of mutex attributes in POSIX threads impl
	* src/util/threads-pthread.c: Fix mutex leak

	Fix leak in SCSI storage backend
	The SCSI storage backend leaks a string containing the pathname
	for each block device it discovers
	* src/storage/storage_backend_scsi.c: Free the device name

2011-02-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Output commandline on status != 0 in virCommandWait
	This helps identifying which command exited with status != 0.

2011-02-15  Christophe Fergeau  <teuf@gnome.org>

	add missing error handling to virGetDomain
	When creating the virDomain::snapshots hash table, virGetDomain
	wasn't checking if the creation was successful. This would then
	lead to failures in the vir*DomainSnapshot functions. Better to
	report this error early and make virGetDomain fail if the
	snapshots hash couldn't be created.
	* src/datatypes.c: report failure to make a hash table

	call virReportOOMError when appropriate in hash.c
	A couple of allocation were not calling virReportOOMError on allocation
	errors
	* src/util/hash.c: add the needed call in virHashCreate and
	  virHashAddOrUpdateEntry

2011-02-15  Osier Yang  <jyang@redhat.com>

	storage: Create enough volumes for mpath pool
	"virStorageBackendCreateVols":
	  "names->next" serves as condition expression for "do...while",
	however, "names" was shifted before, it then results in one less
	loop, and thus, one less volume will be created for mpath pool,
	the patch is to fix it.
	* src/storage/storage_backend_mpath.c

2011-02-15  Eric Blake  <eblake@redhat.com>

	maint: kill dead assignments
	* src/network/bridge_driver.c (networkStartNetworkDaemon): Delete
	unused assignments.

	qemu: avoid NULL deref on error
	* src/qemu/qemu_command.c (qemuParseCommandLineDisk): Report error
	before cleaning def.

	build: silence false positive clang report
	clang complained that STREQ(group->controllers[i].mountPoint,...)  was
	a NULL dereference when i==VIR_CGROUP_CONTROLLER_CPUSET, because it
	assumes the worst about virCgroupPathOfController.  Marking the
	argument const doesn't yet have an effect, per this clang bug:
	http://llvm.org/bugs/show_bug.cgi?id=7758
	So, we use sa_assert, which was designed to shut up false positives
	from tools like clang.
	* src/util/cgroup.c (virCgroupMakeGroup): Teach clang that there
	is no NULL dereference.

	qemu: ignore failure of qemu -M ? on older qemu
	https://bugzilla.redhat.com/show_bug.cgi?id=676563
	Regression introduced in commit 2211518.
	* src/qemu/qemu_capabilities.c (qemuCapsProbeMachineTypes): Allow
	non-zero exit status.

	xml: avoid compiler warning
	Detected by clang.
	* src/util/xml.c (virXPathStringLimit): Use %zd, not obsolete %Zd.

2011-02-15  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: reorder match extensions relative to state match
	This patch reorders the connlimit and comment match extensions relative to the state match (-m state); connlimit being most useful if found after a -m state --state NEW and not before it.

2011-02-15  Jiri Denemark  <jdenemar@redhat.com>

	conf: Fix XML generation for smartcards
	When formatting XML for smartcard device with mode=host, libvirt
	generates invalid XML if the device has address info associated:
	<smartcard mode='host' <address type='ccid' controller='0' slot='1'/>

2011-02-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix cleanup on VM state after failed QEMU startup
	Commit 9962e406c664ed5521f5aca500c860a331cb3979 introduced a
	problem where if the VM failed to startup, it would not be
	correctly cleaned up. Amongst other things the SELinux
	security label would not be removed, which prevents the VM
	from ever starting again.
	The virDomainIsActive() check at the start of qemudShutdownVMDaemon
	checks for vm->def->id not being -1. By moving the assignment of the
	VM id to the start of qemudStartVMDaemon, we can ensure cleanup will
	occur on failure
	* src/qemu/qemu_driver.c: Move initialization of 'vm->def->id'
	  so that qemudShutdownVMDaemon() will process the shutdown

2011-02-14  Jiri Denemark  <jdenemar@redhat.com>

	libvirt-qemu: Fix enum type declaration

2011-02-14  Christophe Fergeau  <teuf@gnome.org>

	fix OOM handling in hash routines
	* src/util/hash.c: virHashAddEntry and virHashUpdateEntry were missing NULL
	  checks on strdup
	* AUTHORS: add Christophe Fergeau

2011-02-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	Update src/README
	Add missing subdirectories.

2011-02-12  Eric Blake  <eblake@redhat.com>

	virsh: avoid mingw compiler warnings
	Compilation on mingw was warning about %lld use in fprintf, and
	in the gnulib strptime module about dead labels.
	* tools/virsh.c (vshPrint): Change redirect.
	(vshPrintExtra): Allow use within vshPrint.  Avoid fprintf on
	arbitrary formats, since we aren't using gnulib module; instead,
	use virVasprintf to pre-format.
	(vshError): Likewise.
	* .gnulib: Update to latest, for mingw strptime warning fix.
	Reported by Matthias Bolte.

	build: avoid problems with autogen.sh runs from tarball
	Introduced by commit fac97c65c distributing cfg.mk, which
	previously could blindly assume it was in a git checkout.
	* cfg.mk (_update_required): Also check for .git.
	* autogen.sh: Don't run bootstrap from a tarball.
	Reported by Daniel Veillard.

2011-02-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Distribute XSLT files to generate HACKING

	qemu: Report a more informative error for missing cgroup controllers
	Also use VIR_ERR_OPERATION_INVALID instead of VIR_ERR_NO_SUPPORT, as
	the operation could succeed when the cgroup controller was mounted.

2011-02-12  Osier Yang  <jyang@redhat.com>

	xen: Prevent updating device when attaching a device
	When attaching a device that already exists, xend driver updates
	the device with "device_configure", it causes problems (e.g. for
	disk device, 'device_configure' only can be used to update device
	like CDROM), on the other hand, we provide additional API
	(virDomainUpdateDevice) to update device, this fix is to raise up
	errors instead of updating the existed device which is not CDROM
	device.
	Changes from v1 to v2:
	  - allow to update CDROM
	* src/xen/xend_internal.c

2011-02-12  Eric Blake  <eblake@redhat.com>

	build: fix cygwin strerror_r failure
	Building the 0.8.8 release candidate on cygwin produced this compiler
	warning, which is indicative of catastrophic failure on any attempt to
	print an error message with errno turned to a string:
	  CC       strerror_r.lo
	strerror_r.c: In function 'rpl_strerror_r':
	strerror_r.c:67: warning: assignment makes integer from pointer without a cast
	This has been fixed in gnulib.
	* .gnulib: Update to latest, for strerror_r fix.
	* src/util/memory.c (includes): Satisfy 'make syntax-check'.

2011-02-12  Philipp Hahn  <hahn@univention.de>

	qemu: Fix escape_monitor(escape_shell(command))
	Suspending a VM which contains shell meta characters doesn't work with
	libvirt-0.8.7:
	/var/log/libvirt/qemu/andreas_231-ne\ doch\ nicht.log:
	  sh: -c: line 0: syntax error near unexpected token `doch'
	  sh: -c: line 0: `cat | { dd bs=4096 seek=1 if=/dev/null && dd bs=1048576; }
	Although target="andreas_231-ne doch nicht" contains shell meta
	characters (here: blanks), they are not properly escaped by
	src/qemu/qemu_monitor_{json,text}.c#qemuMonitor{JSON,Text}MigrateToFile()
	First, the filename needs to be properly escaped for the shell, than
	this command line has to be properly escaped for qemu again.
	For this to work, remove the old qemuMonitorEscapeArg() wrapper, rename
	qemuMonitorEscape() to it removing the handling for shell=TRUE, and
	implement a new qemuMonitorEscapeShell() returning strings using single
	quotes.
	Using double quotes or escaping special shell characters with backslashes
	would also be possible, but the set of special characters heavily
	depends on the concrete shell (dsh, bash, zsh) and its setting (history
	expansion, interactive use, ...)

2011-02-11  Daniel P. Berrange  <berrange@redhat.com>

	Imprint all logs with version + package build information
	The logging functions are enhanced so that immediately prior to
	the first log message being printed to any output channel, the
	libvirt package version will be printed.
	eg
	 $ LIBVIRT_DEBUG=1 virsh
	 18:13:28.013: 17536: info : libvirt version: 0.8.7
	 18:13:28.013: 17536: debug : virInitialize:361 : register drivers
	 ...
	The 'configure' script gains two new arguments which can be
	used as
	   --with-packager="Fedora Project, x86-01.phx2.fedoraproject.org, 01-27-2011-18:00:10"
	   --with-packager-version="1.fc14"
	to allow distros to append a custom string with package specific
	data.
	The RPM specfile is modified so that it appends the RPM version,
	the build host, the build date and the packager name.
	eg
	 $ LIBVIRT_DEBUG=1 virsh
	 18:14:52.086: 17551: info : libvirt version: 0.8.7, package: 1.fc13 (Fedora Project, x86-01.phx2.fedoraproject.org, 01-27-2011-18:00:10)
	 18:14:52.086: 17551: debug : virInitialize:361 : register drivers
	Thus when distro packagers receive bug reports they can clearly
	see what version was in use, even if the bug reporter mistakenly
	or intentionally lies about version/builds
	* src/util/logging.c: Output version data prior to first log message
	* libvirt.spec.in: Include RPM release, date, hostname & packager
	* configure.ac: Add --with-packager & --with-packager-version args

2011-02-11  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: fix attach-interface regression
	QEMUD_CMD_FLAG_PCI_MULTIBUS should be set in the function
	qemuCapsExtractVersionInfo()
	The flag QEMUD_CMD_FLAG_PCI_MULTIBUS is used in the function
	qemuBuildDeviceAddressStr(). All callers get qemuCmdFlags
	by the function qemuCapsExtractVersionInfo() except that
	testCompareXMLToArgvFiles() in qemuxml2argvtest.c.
	So we should set QEMUD_CMD_FLAG_PCI_MULTIBUS in the function
	qemuCapsExtractVersionInfo() instead of qemuBuildCommandLine()
	because the function qemuBuildCommandLine() does not be called
	when we attach a pci device.
	tests: set QEMUD_CMD_FLAG_PCI_MULTIBUS in testCompareXMLToArgvFiles()
	set QEMUD_CMD_FLAG_PCI_MULTIBUS before calling qemuBuildCommandLine()
	as the flags is not set by qemuCapsExtractVersionInfo().

2011-02-10  Daniel P. Berrange  <berrange@redhat.com>

	Avoid pthread_sigmask on Win32 platforms
	Win32 doesn't have a concept of signal masks so disable that
	code. It is unclear how SIGINT is delivered (if at all) on
	Win32, so this might further work to provide an alternative
	to pthread_sigmask
	* tools/virsh.c: Avoid pthread_sigmask on Win32

	Reduce log level when cgroups aren't mounted
	Quite a few hosts don't have cgroups mounted and so see warnings
	from libvirt logged, which then cause bug reports, etc. Reduce
	the log level to INFO so they're not visible by default
	* src/qemu/qemu_driver.c: Reduce log level for cgroups

	Avoid warnings from nwfilter driver when run non-root
	When run non-root the nwfilter driver logs error messages about
	being unable to find iptables/ebtables commands (they are in
	/sbin which isn't in $PATH). The nwfilter driver can't ever work
	as non-root, so simply skip it entirely thus avoiding the error
	messages
	* src/conf/nwfilter_conf.h, src/nwfilter/nwfilter_driver.c,
	  src/nwfilter/nwfilter_gentech_driver.c,
	  src/nwfilter/nwfilter_gentech_driver.h: Pass 'bool privileged'
	  flag down to final driver impl
	* src/nwfilter/nwfilter_ebiptables_driver.c: Skip initialization
	  if not privileged

2011-02-10  Michal Privoznik  <mprivozn@redhat.com>

	Fix typo in parsing of spice 'auth' data
	A typo s/spice/vnc/ caused parsing of the spice 'auth' data
	to write into the wrong part of the struct, blowing away
	other unrelated data.
	* src/conf/domain_conf.c: s/vnc/spice/ in parsing spice auth

2011-02-10  Eric Blake  <eblake@redhat.com>

	build: distribute 'make syntax-check' tweaks
	* Makefile.am (EXTRA_DIST): Distribute cfg.mk.

2011-02-10  Michal Novotny  <minovotn@redhat.com>

	docs: Add information about libvirt-php new location

2011-02-10  Eric Blake  <eblake@redhat.com>

	maint: whitespace cleanup
	* .dir-locals.el (html-mode): Let emacs help out.
	* cfg.mk (sc_TAB_in_indentation): Check more files.
	* docs/internals/command.html.in: Fix offenders.
	* docs/formatdomain.html.in: Likewise.
	* docs/internals.html.in: Likewise.
	Reported by Jiri Denemark.

2011-02-10  Daniel P. Berrange  <berrange@redhat.com>

	Adjust some log levels in udev driver
	Most of te VIR_INFO calls in the udev driver are only relevant
	to developers so can switch to VIR_DEBUG. Failure to initialize
	libpciaccess though is a fatal error
	* src/node_device/node_device_udev.c: Adjust log levels

	Add check for binary existing in machine type probe
	When probing machine types if the QEMU binary does not exist
	we get a hard to diagnose error, due to the execve() in the
	child failing
	error: internal error Child process exited with status 1.
	Add an explicit check so that we get
	error: Cannot find QEMU binary /usr/libexec/qem3u-kvm: No such file or directory
	* src/qemu/qemu_capabilities.c: Check for QEMU binary

	Add a little more debugging for async events
	To make it easier to investigate problems with async event
	delivery, add two more debugging lines
	* daemon/remote.c: Debug when an event is queued for dispatch
	* src/remote/remote_driver.c: Debug when an event is received
	  for processing

	Move connection driver modules directory
	When built as modules, the connection drivers live
	in $LIBDIR/libvirt/drivers. Now we add lock manager
	drivers, we need to distinguish. So move the existing
	modules to 'connection-driver'
	* src/Makefile.am: Move module install dir
	* src/driver.c: Move module search dir

	Reset logging filter function when forking
	To ensure child processes will log all error messages, reset
	the logging filter function when forking
	* src/util/util.c: Reset log filter in fork

	Block SIGPIPE around virExec hook functions
	Some functionality run in virExec hooks may do I/O which
	can trigger SIGPIPE. Renable SIGPIPE blocking around the
	hook function
	* src/util/util.c: Block SIGPIPE around hooks

	Support SCSI RAID type & lower log level for unknown types
	The Linux kernel headers don't have a value for SCSI type 12,
	but HAL source code shows this to be a 'raid'. Add workaround
	for this type. Lower log level for unknown types since
	this is not a fatal error condition. Include the device sysfs
	path in the log output to allow identification of which device
	has problems.
	* src/node_device/node_device_udev.c: Add SCSI RAID type

	Only initialize/cleanup libpciaccess once
	libpciaccess has many bugs in its pci_system_init/cleanup
	functions that makes calling them multiple times unwise.
	eg it will double close() FDs, and leak other FDs.
	* src/node_device/node_device_udev.c: Only initialize
	  libpciaccess once

2011-02-09  Serge E. Hallyn  <serge.hallyn@canonical.com>

	Don't use CLONE_NEWUSER for now
	Until now, user namespaces have not done much, but (for that
	reason) have been innocuous to glob in with other CLONE_
	flags.  Upcoming userns development, however, will make tasks
	cloned with CLONE_NEWUSER far more restricted.  In particular,
	for some time they will be unable to access files with anything
	other than the world access perms.
	This patch assumes that noone really needs the user namespaces
	to be enabled.  If that is wrong, then we can try a more
	baroque patch where we create a file owned by a test userid with
	700 perms and, if we can't access it after setuid'ing to that
	userid, then return 0.  Otherwise, assume we are using an
	older, 'harmless' user namespace implementation.
	Comments appreciated.  Is it ok to do this?

2011-02-09  Eric Blake  <eblake@redhat.com>

	sysinfo: implement qemu support
	* src/qemu/qemu_driver.c (qemuGetSysinfo): New function.
	(qemuDriver): Install it.

	sysinfo: refactor xml formatting
	* src/util/sysinfo.h (virSysinfoFormat): New prototype.
	* src/conf/domain_conf.c (virDomainSysinfoDefFormat): Move guts...
	* src/util/sysinfo.c (virSysinfoFormat): ...into new function.
	* src/libvirt_private.syms: Export it.

	sysinfo: implement virsh support
	* tools/virsh.c (cmdSysinfo): New function.
	(hostAndHypervisorCmds): Add it.
	* tools/virsh.pod: Document it.

	sysinfo: implement the remote protocol
	Done by editing the first three files, then running
	'make -C src rpcgen', then editing src/remote_protocol-structs
	to match.
	* daemon/remote.c (remoteDispatchGetSysinfo): New function.
	* src/remote/remote_driver.c (remoteGetSysinfo, remote_driver):
	Client side serialization.
	* src/remote/remote_protocol.x (remote_get_sysinfo_args)
	(remote_get_sysinfo_ret): New types.
	(REMOTE_PROC_GET_SYSINFO): New enum value.
	* daemon/remote_dispatch_args.h: Regenerate.
	* daemon/remote_dispatch_prototypes.h: Likewise.
	* daemon/remote_dispatch_ret.h: Likewise.
	* daemon/remote_dispatch_table.h: Likewise.
	* src/remote/remote_protocol.c: Likewise.
	* src/remote/remote_protocol.h: Likewise.
	* src/remote_protocol-structs: Likewise.

	sysinfo: implement the public API
	* src/libvirt.c (virConnectGetSysinfo): New function.
	* docs/formatdomain.html.in: Mention it.

	sysinfo: define internal driver API
	* src/driver.h (virDrvGetSysinfo): New typedef.
	(_virDriver): New callback member.
	* src/esx/esx_driver.c (esxDriver): Add stub for driver.
	* src/lxc/lxc_driver.c (lxcDriver): Likewise.
	* src/opennebula/one_driver.c (oneDriver): Likewise.
	* src/openvz/openvz_driver.c (openvzDriver): Likewise.
	* src/phyp/phyp_driver.c (phypDriver): Likewise.
	* src/qemu/qemu_driver.c (qemuDriver): Likewise.
	* src/remote/remote_driver.c (remote_driver): Likewise.
	* src/test/test_driver.c (testDriver): Likewise.
	* src/uml/uml_driver.c (umlDriver): Likewise.
	* src/vbox/vbox_tmpl.c (Driver): Likewise.
	* src/vmware/vmware_driver.c (vmwareDriver): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDriver): Likewise.

	sysinfo: expose new API
	The new virConnectGetSysinfo() API allows one to get the system
	information associated to a connection host, providing the same
	data as a guest that uses <os><smbios mode='host'/></os>, and in
	a format that can be pasted into the guest and edited when using
	<os><smbios mode='sysinfo'/></os>.
	* include/libvirt/libvirt.h.in (virConnectGetSysinfo): Declare.
	* src/libvirt_public.syms: Export new symbol.

2011-02-09  Daniel Veillard  <veillard@redhat.com>

	Adding Michal Novotny for previous patch

2011-02-09  Michal Novotny  <minovotn@redhat.com>

	Add libvirt-php information page
	This adds a ibvirt-php information page with some
	basic information on libvirt-php project compilation, contribution
	and other useful information.

2011-02-09  Gui Jianfeng  <guijianfeng@cn.fujitsu.com>

	cgroup: Add documentation for blkiotune elements.
	Add documentation for blkiotune elements.

	LXC: LXC Blkio weight configuration support.
	LXC Blkio weight configuration support.
	Reviewed-by: "Nikunj A. Dadhania" <nikunj@linux.vnet.ibm.com>

	qemu: Implement blkio tunable XML configuration and parsing.
	Implement blkio tunable XML configuration and parsing.
	Reviewed-by: "Nikunj A. Dadhania" <nikunj@linux.vnet.ibm.com>

	cgroup: Update XML Schema for new entries.
	Update XML Schema for new entries.

	cgroup: Implement blkio.weight tuning API.
	Implement blkio.weight tuning API.
	Acked-by: Daniel P. Berrange <berrange@redhat.com>

	cgroup: Enable cgroup hierarchy for blkio cgroup
	Enable cgroup hierarchy for blkio cgroup
	Acked-by: Daniel P. Berrange <berrange@redhat.com>

2011-02-09  Eric Blake  <eblake@redhat.com>

	maint: update AUTHORS
	* AUTHORS: Adjust for recent commits.

2011-02-08  Daniel Veillard  <veillard@redhat.com>

	Update Dutch and Polish localizations

	Revert "Czech translation updates"
	This reverts commit 9169c0eeb4b68a0001b57d35d11e41f9c1bc6148.
	The patch didn't applied cleanly and completely broke po regeneration

2011-02-08  Zdenek Styblik  <stybla@turnovfree.net>

	Czech translation updates

2011-02-08  Hero Phương  <herophuong93@gmail.com>

	Vietnamese translations for libvirt

2011-02-08  Niels de Vos  <ndevos@redhat.com>

	docs/index.html.in: update KVM url

2011-02-05  Eric Blake  <eblake@redhat.com>

	spicevmc: support older -device spicevmc of qemu 0.13.0
	qemu 0.13.0 (at least as built for Fedora 14, and also backported to
	RHEL 6.0 qemu) supported an older syntax for a spicevmc channel; it's
	not as flexible (it has an implicit name and hides the chardev
	aspect), but now that we support spicevmc, we might as well target
	both variants.
	* src/qemu/qemu_capabilities.h (QEMUD_CMD_FLAG_DEVICE_SPICEVMC):
	New flag.
	* src/qemu/qemu_capabilities.c (qemuCapsParseDeviceStr): Set it
	correctly.
	* src/qemu/qemu_command.h (qemuBuildVirtioSerialPortDevStr): Drop
	declaration.
	* src/qemu/qemu_command.c (qemuBuildVirtioSerialPortDevStr): Alter
	signature, check flag.
	(qemuBuildCommandLine): Adjust caller and check flag.
	* tests/qemuhelptest.c (mymain): Update test.
	* tests/qemuxml2argvtest.c (mymain): New test.
	* tests/qemuxml2argvdata/qemuxml2argv-channel-spicevmc-old.xml:
	New file.
	* tests/qemuxml2argvdata/qemuxml2argv-channel-spicevmc-old.args:
	Likewise.

	smartcard: add spicevmc support
	Adds <smartcard mode='passthrough' type='spicevmc'/>, which uses the
	new <channel name='smartcard'/> of <graphics type='spice'>.
	* docs/schemas/domain.rng: Support new XML.
	* docs/formatdomain.html.in: Document it.
	* src/conf/domain_conf.h (virDomainGraphicsSpiceChannelName): New
	enum value.
	(virDomainChrSpicevmcName): New enum.
	(virDomainChrSourceDef): Distinguish spicevmc types.
	* src/conf/domain_conf.c (virDomainGraphicsSpiceChannelName): Add
	smartcard.
	(virDomainSmartcardDefParseXML): Parse it.
	(virDomainChrDefParseXML, virDomainSmartcardDefParseXML): Set
	spicevmc name.
	(virDomainChrSpicevmc): New enum conversion functions.
	* src/libvirt_private.syms: Export new functions.
	* src/qemu/qemu_command.c (qemuBuildChrChardevStr): Conditionalize
	name.
	* tests/qemuxml2argvtest.c (domain): New test.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-spicevmc.args:
	New file.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-spicevmc.xml:
	Likewise.

2011-02-04  Daniel P. Berrange  <berrange@redhat.com>

	spicevmc: support new qemu chardev
	Inspired by https://bugzilla.redhat.com/show_bug.cgi?id=615757
	Add a new character device backend for virtio serial channels that
	activates the QEMU spice agent on the main channel using the vdagent
	spicevmc connection.  The <target> must be type='virtio', and supports
	an optional name that specifies how the guest will see the channel
	(for now, name must be com.redhat.spice.0).
	<channel type='spicevmc'>
	  <target type='virtio'/>
	  <address type='virtio-serial' controller='1' bus='0' port='3'/>
	</channel>
	* docs/schemas/domain.rng: Support new XML.
	* docs/formatdomain.html.in: Document it.
	* src/conf/domain_conf.h (virDomainChrType): New enum value.
	* src/conf/domain_conf.c (virDomainChr): Add spicevmc.
	(virDomainChrDefParseXML, virDomainChrSourceDefParseXML)
	(virDomainChrDefParseTargetXML): Parse and enforce proper use.
	(virDomainChrSourceDefFormat, virDomainChrDefFormat): Format.
	* src/qemu/qemu_command.c (qemuBuildChrChardevStr)
	(qemuBuildCommandLine): Add qemu support.
	* tests/qemuxml2argvtest.c (domain): New test.
	* tests/qemuxml2argvdata/qemuxml2argv-channel-spicevmc.xml: New
	file.
	* tests/qemuxml2argvdata/qemuxml2argv-channel-spicevmc.args:
	Likewise.

2011-02-04  Eric Blake  <eblake@redhat.com>

	smartcard: turn on qemu support
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Emit smartcard
	options.
	(qemuAssignDeviceAliases): Assign an alias for smartcards.
	(qemuBuildControllerDevStr): Manage the usb-ccid controller.
	* tests/qemuxml2argvtest.c (mymain): Add new tests.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host.args: New
	file.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.args:
	Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough.args:
	Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-controller.args:
	Likewise.

	smartcard: enable SELinux support
	* src/security/security_selinux.c
	(SELinuxRestoreSecuritySmartcardCallback)
	(SELinuxSetSecuritySmartcardCallback): New helper functions.
	(SELinuxRestoreSecurityAllLabel, SELinuxSetSecurityAllLabel): Use
	them.

	smartcard: check for qemu capability
	Qemu smartcard/spicevmc support exists on branches (such as
	http://cgit.freedesktop.org/~alon/qemu/commit/?h=usb_ccid.v15&id=024a37b)
	but is not yet upstream.  The added -help output matches a scratch build
	that will be close to the RHEL 6.1 qemu-kvm.
	* src/qemu/qemu_capabilities.h (QEMUD_CMD_FLAG_CCID_EMULATED)
	(QEMUD_CMD_FLAG_CCID_PASSTHRU, QEMUD_CMD_FLAG_CHARDEV_SPICEVMC):
	New flags.
	* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags)
	(qemuCapsParseDeviceStr): Check for smartcard capabilities.
	(qemuCapsExtractVersionInfo): Tweak comment.
	* tests/qemuhelptest.c (mymain): New test.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel61: New file.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel61-device: Likewise.

	smartcard: add domain conf support
	* src/conf/domain_conf.h (virDomainSmartcardType): New enum.
	(virDomainSmartcardDef, virDomainDeviceCcidAddress): New structs.
	(virDomainDef): Include smartcards.
	(virDomainSmartcardDefIterator): New typedef.
	(virDomainSmartcardDefFree, virDomainSmartcardDefForeach): New
	prototypes.
	(virDomainControllerType, virDomainDeviceAddressType): Add ccid
	enum values.
	(virDomainDeviceInfo): Add ccid address type.
	* src/conf/domain_conf.c (virDomainSmartcard): Convert between
	enum and string.
	(virDomainSmartcardDefParseXML, virDomainSmartcardDefFormat)
	(virDomainSmartcardDefFree, virDomainDeviceCcidAddressParseXML)
	(virDomainDefMaybeAddSmartcardController): New functions.
	(virDomainDefParseXML): Parse the new XML.
	(virDomainDefFormat): Convert back to XML.
	(virDomainDefFree): Clean up.
	(virDomainDeviceInfoIterate): Iterate over passthrough aliases.
	(virDomainController, virDomainDeviceAddress)
	(virDomainDeviceInfoParseXML, virDomainDeviceInfoFormat)
	(virDomainDefAddImplicitControllers): Support new values.
	* src/libvirt_private.syms (domain_conf.h): New exports.
	* cfg.mk (useless_free_options): List new function.

	smartcard: add XML support for <smartcard> device
	Assuming a hypervisor that supports multiple smartcard devices in the
	guest, this would be a valid XML description:
	<devices>
	  <smartcard mode='host'/>
	  <smartcard mode='host-certificates'>
	    <certificate>/path/to/cert1</certificate>
	    <certificate>/path/to/cert2</certificate>
	    <certificate>/path/to/cert3</certificate>
	  </smartcard>
	  <smartcard mode='passthrough' type='tcp'>
	    <source mode='bind' host='127.0.0.1' service='2001'/>
	    <protocol type='raw'/>
	  </smartcard>
	</devices>
	(As of this commit, the qemu hypervisor will be the first
	implementation, but it only supports one smartcard.)
	* docs/formatdomain.html.in (Smartcard devices): New section.
	* docs/schemas/domain.rng (smartcard): New define, used in
	devices.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host.xml: New file
	to test schema.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.xml:
	Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-tcp.xml:
	Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-controller.xml:
	Likewise.

2011-02-04  Alon Levy  <alevy@redhat.com>

	docs/index.html.in: update QEMU url

2011-02-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Support booting from hostdev PCI devices

	Support booting from hostdev devices

	qemu: Add shortcut for HMP pass through
	Currently users who want to use virDomainQemuMonitorCommand() API or
	it's virsh equivalent has to use the same protocol as libvirt uses for
	communication to qemu. Since the protocol is QMP with current qemu and
	HMP much more usable for humans, one ends up typing something like the
	following:
	    virsh qemu-monitor-command DOM \
	'{"execute":"human-monitor-command","arguments":{"command-line":"info kvm"}}'
	which is not a very convenient way of debugging qemu.
	This patch introduces --hmp option to qemu-monitor-command, which says
	that the provided command is in HMP. If libvirt uses QMP to talk with
	qemu, the command will automatically be converted into QMP. So the
	example above is simplified to just
	    virsh qemu-monitor-command --hmp DOM "info kvm"
	Also the result is converted from
	    {"return":"kvm support: enabled\r\n"}
	to just plain HMP:
	    kvm support: enabled
	If libvirt talks to qemu in HMP, --hmp flag is obviously a noop.

2011-02-04  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: fix 2 nla_put expressions (non-serious bug)
	This patch fixes 2 occurrences of nla_put expression with a '!' in
	front of them that basically prevented the detection that the buffer
	is too small. However, code further below would then detect that the
	buffer is too small when further parts are added to the netlink message.

2011-02-04  Eric Blake  <eblake@redhat.com>

	qemu: avoid double shutdown
	* src/qemu/qemu_driver.c (qemudShutdownVMDaemon): Check that vm is
	still active.
	Reported by Wen Congyang as follows:
	Steps to reproduce this bug:
	1. use gdb to debug libvirtd, and set breakpoint in the function
	   qemuConnectMonitor()
	2. start a vm, and the libvirtd will be stopped in qemuConnectMonitor()
	3. kill -STOP $(cat /var/run/libvirt/qemu/<domain>.pid)
	4. continue to run libvirtd in gdb, and libvirtd will be blocked in the
	   function qemuMonitorSetCapabilities()
	5. kill -9 $(cat /var/run/libvirt/qemu/<domain>.pid)
	Here is log of the qemu:
	=========
	LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin ...
	char device redirected to /dev/pts/3
	2011-01-27 09:38:48.101: shutting down
	2011-01-27 09:41:26.401: shutting down
	=========
	The vm is shut down twice. I do not know whether this behavior has
	side effect, but I think we should shutdown the vm only once.

2011-02-03  Davidlohr Bueso  <dave@gnu.org>

	Fix conflicts with glibc globals
	When compiling libvirt with GCC 3.4.6 the following warning is being triggered quite a lot:
	util/memory.h:60: warning: declaration of 'remove' shadows a global declaration
	/usr/include/stdio.h:175: warning: shadowed declaration is here
	Fix this by renaming the parameter to 'toremove'.

2011-02-03  Daniel Veillard  <veillard@redhat.com>

	Fix compilation when building without sasl
	Use of saslDecoded field need to be guarded by #if HAVE_SASL/endif
	* src/remote/remote_driver.c: fix remoteIOEventLoop accordingly

2011-02-03  Eric Blake  <eblake@redhat.com>

	docs: more on qemu locking patterns
	* src/qemu/THREADS.txt: Improve documentation.

2011-02-03  Niels de Vos  <ndevos@redhat.com>

	qemuBuildDeviceAddressStr() checks for QEMUD_CMD_FLAG_PCI_MULTIBUS
	Depending if the qemu binary supports multiple pci-busses, the device
	options will contain "bus=pci" or "bus=pci.0".
	Only x86_64 and i686 seem to have support for multiple PCI-busses. When
	a guest of these architectures is started, set the
	QEMUD_CMD_FLAG_PCI_MULTIBUS flag.

2011-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Don't sleep in poll() if there is existing SASL decoded data
	In the SASL codepath we typically read far more data off the
	wire than we immediately need. When using a connection from a
	single thread this isn't a problem, since only our reply will
	be pending (or an event we can handle directly). When using a
	connection from multiple threads though, we may read the data
	from replies from other threads. If those replies occur after
	our own reply, they'll not be processed. The other thread will
	then go into poll() and wait for its reply which has already
	been received and decoded. The solution is to set poll() timeout
	to 0 if there is pending SASL data.
	* src/remote/remote_driver.c: Don't sleep in poll() if SASL
	  data exists

2011-02-02  Justin Clift  <jclift@redhat.com>

	docs: renamed hudson project link to jenkins, matching project rename

2011-02-02  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: fix variable in debugging output
	This patch fixes a variable in the debugging output.

2011-02-02  Eric Blake  <eblake@redhat.com>

	build: fix parted detection at configure time
	* configure.ac (PARTED_FOUND): Issue configure error if
	--with-storage-disk=yes but no parted is found.

2011-02-01  Osier Yang  <jyang@redhat.com>

	docs: Update docs for cpu_shares setting
	* tools/virsh.pod

	qemu: Build command line for incoming tunneled	migration
	Command line building for incoming tunneled migration is missed,
	as a result, all the tunneled migration will fail with "unknown
	migration protocol".
	* src/qemu/qemu_command.c

2011-02-01  Paweł Krześniak  <pawel.krzesniak@gmail.com>

	bridge_driver: handle DNS over IPv6
	* dnsmasq listens on all defined IPv[46] addresses for network
	* Add ip6tables rules to allow DNS traffic to host

2011-02-01  Juerg Haefliger  <juerg.haefliger@hp.com>

	tests: handle backspace-newline pairs in test input files
	This patch teaches testutil how to read multi-line input files with
	backspace-newline line continuation markers.
	The patch also breaks up all the single-line arguments test input files into
	multi-line files with lines shorter than 80 characters.

2011-01-31  Osier Yang  <jyang@redhat.com>

	qemu: More clear error parsing domain def failure of tunneled migration
	* src/qemu/qemu_driver.c

2011-01-31  Wen Congyang  <wency@cn.fujitsu.com>

	Initialization error of controller in QEmu SCSI hotplug
	Bug manifests itself by:
	1. # virsh attach-disk --target sdb ...
	2. # virsh attach-disk --target sdh ...
	   error: Failed to attach disk
	   error: operation failed: target scsi:0 already exists
	sdh uses scsi:1, rather than scsi:0.
	* src/qemu/qemu_hotplug.c: properly set controller idx in
	  qemuDomainFindOrCreateSCSIDiskController()

2011-01-31  Daniel Veillard  <veillard@redhat.com>

	Osier get commit rights

2011-01-30  Eric Blake  <eblake@redhat.com>

	maint: reject raw close, popen in 'make syntax-check'
	commit f1fe9671e was supposed to make sure we use files.h
	macros to avoid double close, but it didn't work.
	Meanwhile, virCommand is vastly superior to system(), fork(),
	and popen() (also to virExec, but we haven't completed that
	conversion), so enforce that, too.
	* cfg.mk (sc_prohibit_close): Fix typo that excluded close, and
	add pclose.
	(sc_prohibit_fork_wrappers): New rule, for fork, system, and popen.
	* .x-sc_prohibit_close: More exemptions.
	* .x-sc_prohibit_fork_wrappers: New file.
	* Makefile.am (syntax_check_exceptions): Ship new file.
	* src/datatypes.c (virReleaseConnect): Tweak comment to avoid
	false positive.
	* src/util/files.h (VIR_CLOSE): Likewise.

	build: avoid close, system
	* src/fdstream.c (virFDStreamOpenFile, virFDStreamCreateFile):
	Use VIR_FORCE_CLOSE instead of close.
	* tests/commandtest.c (mymain): Likewise.
	* tools/virsh.c (editFile): Use virCommand instead of system.
	* src/util/util.c (__virExec): Special case preservation of std
	file descriptors to child.

2011-01-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	Prefer C style comments over C++ ones
	Pure cosmetic change.

	esx: Ensure max-memory has 4 megabyte granularity

	Add VIR_DIV_UP to divide memory or storage request sizes with round up
	Use it in all places where a memory or storage request size is converted
	to a larger granularity. This avoids requesting too small memory or storage
	sizes that could result from the truncation done by a simple division.
	This extends the round up fix in 6002e0406c338668ea0ecbfeb6c1ef20a8b67efe
	to the whole codebase.
	Instead of reporting errors for odd values in the VMX code round them up.
	Update the QEMU Argv tests accordingly as the original memory size 219200
	isn't a even multiple of 1024 and is rounded up to 215 megabyte now. Change
	it to 219100 and 219136. Use two different values intentionally to make
	sure that rounding up works.
	Update virsh.pod accordingly, as rounding down and rejecting are replaced
	by rounding up.

2011-01-29  Eric Blake  <eblake@redhat.com>

	qemu: fix augeas support for vnc_auto_unix_socket
	Fixes test failure that was overlooked after commit 1e1f7a8950.
	* daemon/Makefile.am (check-local): Let 'make check' fail on error.
	* daemon/test_libvirtd.aug: Move qemu-specific option...
	* src/qemu/test_libvirtd_qemu.aug: ...into correct test.
	* src/qemu/libvirtd_qemu.aug: Parse new option.

2011-01-29  Michal Privoznik  <mprivozn@redhat.com>

	virsh: added --all flag to freecell command
	This will iterate over all NUMA nodes, showing
	free memory for each and sum at the end.
	Existing default behavior is not changed.

2011-01-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Don't try to change max-memory of an active domain
	Report an VIR_ERR_OPERATION_INVALID error in that case instead of letting
	the SOAP call fail with an VIR_ERR_INTERNAL_ERROR error.

2011-01-29  Eric Blake  <eblake@redhat.com>

	qemu aio: enable support
	qemu allows the user to choose what io storage api should be used,
	either the default (threads) or native (linux aio) which in the latter
	case can result in better performance.
	Based on a patch originally by Matthias Dahl.
	Red Hat Bugzilla #591703

2011-01-29  Matthias Dahl  <mdvirt@designassembly.de>

	qemu aio: parse aio support from qemu -help

	qemu aio: add XML parsing
	Allows io={threads|native} as an optional attribute to <driver>.

2011-01-28  Juerg Haefliger  <juerg.haefliger@hp.com>

	docs: replace CRLF with LF

2011-01-28  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus log warning lines when launching QEMU
	The refactoring of QEMU command startup was comitted with
	a couple of VIR_WARN lines left in from debugging.
	* src/qemu/qemu_driver.c: Remove log warning lines

	Remove double close of qemu monitor
	When qemuMonitorSetCapabilities() fails, there is no need to
	call qemuMonitorClose(), because the caller will already see
	the error code and tear down the entire VM. The extra call to
	qemuMonitorClose resulted in a double-free due to it removing
	a ref count prematurely.
	* src/qemu/qemu_driver.c: Remove premature close of monitor

	Prevent overfilling of self-pipe in python event loop
	If the event loop takes a very long time todo something, it is
	possible for the 'self pipe' buffer to become full at which
	point the entire event loop + remote driver deadlock. Use a
	boolean flag to ensure we have strict one-in, one-out behaviour
	on writes/reads of the 'self pipe'

2011-01-28  Osier Yang  <jyang@redhat.com>

	docs: Add docs for new extra parameter pkipath
	* docs/remote.html.in

2011-01-28  Eric Blake  <eblake@redhat.com>

	qemu: fix error messages
	Regression in commit caa805ea let a lot of bad messages slip in.
	* cfg.mk (msg_gen_function): Fix function name.
	* src/qemu/qemu_cgroup.c (qemuRemoveCgroup): Fix fallout from
	'make syntax-check'.
	* src/qemu/qemu_driver.c (qemudDomainGetInfo)
	(qemuDomainWaitForMigrationComplete, qemudStartVMDaemon)
	(qemudDomainSaveFlag, qemudDomainAttachDevice)
	(qemuDomainUpdateDeviceFlags): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachHostUsbDevice)
	(qemuDomainDetachPciDiskDevice, qemuDomainDetachSCSIDiskDevice):
	Likewise.

2011-01-28  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: Report more accurate error on failure to attach device.
	When attaching device from a xml file and the device is mis-configured,
	virsh gives mis-leading message "out of memory". This patch fixes this.

2011-01-28  Wen Congyang  <wency@cn.fujitsu.com>

	Force guest suspend at timeout
	If the memory of guest OS is changed constantly, the live migration
	can not be ended ever for ever.
	We can use the command 'virsh migrate-setmaxdowntime' to control the
	live migration. But the value of maxdowntime is diffcult to calculate
	because it depends on the transfer speed of network and constantly
	changing memroy size. We need a easy way to control the live migration.
	This patch adds the support of forcing guest to suspend at timeout.
	With this patch, when we migrate the guest OS, we can specify a
	timeout. If the live migration timeouts, auto-suspend the guest OS,
	where the migration will complete offline.

	Show migration progress.
	Show migration progress if `migrate --verbose'.

2011-01-28  Hu Tao  <hutao@cn.fujitsu.com>

	Cancel migration if user presses Ctrl-C when migration is in progress
	While migration is in progress and virsh is waiting for its
	completion, user may want to terminate the progress by pressing
	Ctrl-C. But virsh just exits on user's Ctrl-C leaving migration
	in background that user isn't even aware of. It's not reasonable.
	This patch changes the behaviour for migration. For other
	commands Ctrl-C still terminates virsh itself.

2011-01-28  Eric Blake  <eblake@redhat.com>

	qemu: use separate alias for chardev and associated device
	* src/qemu/qemu_command.c (qemuBuildChrChardevStr): Alter the
	chardev alias.
	(qemuBuildCommandLine): Output an id for the chardev counterpart.
	* tests/qemuxml2argvdata/*: Update tests to match.
	Reported by Daniel P. Berrange.

2011-01-28  Wen Congyang  <wency@cn.fujitsu.com>

	avoid vm to be deleted if qemuConnectMonitor failed
	Steps to reproduce this bug:
	1. service libvirtd start
	2. virsh start <domain>
	3. kill -STOP $(cat /var/run/libvirt/qemu/<domain>.pid)
	4. service libvirtd restart
	5. kill -9 $(cat /var/run/libvirt/qemu/<domain>.pid)
	Then libvirtd will core dump or be in deadlock state.
	Make sure that json is built into libvirt and the version
	of qemu is newer than 0.13.0.
	The reason of libvirtd cores dump is that:
	We add vm->refs when we alloc the memory, and decrease it
	in the function qemuHandleMonitorEOF() in other thread.
	We add vm->refs in the function qemuConnectMonitor() and
	decrease it when the vm is inactive.
	The libvirtd will block in the function qemuMonitorSetCapabilities()
	because the vm is stopped by signal SIGSTOP. Now the vm->refs is 2.
	Then we kill the vm by signal SIGKILL. The function
	qemuMonitorSetCapabilities() failed, and then we will decrease vm->refs
	in the function qemuMonitorClose().
	In another thread, mon->fd is broken and the function
	qemuHandleMonitorEOF() is called.
	If qemuHandleMonitorEOF() decreases vm->refs before qemuConnectMonitor()
	returns, vm->refs will be decrease to 0 and the memory is freed.
	We will call qemudShutdownVMDaemon() as qemuConnectMonitor() failed.
	The memory has been freed, so qemudShutdownVMDaemon() is too dangerous.
	We will reference NULL pointer in the function virDomainConfVMNWFilterTeardown():
	=============
	void
	virDomainConfVMNWFilterTeardown(virDomainObjPtr vm) {
	    int i;
	    if (nwfilterDriver != NULL) {
	        for (i = 0; i < vm->def->nnets; i++)
	            virDomainConfNWFilterTeardown(vm->def->nets[i]);
	    }
	}
	============
	vm->def->nnets is not 0 but vm->def->nets is NULL(We don't set vm->def->nnets
	to 0 when we free vm).
	We should add an extra reference of vm to avoid vm to be deleted if
	qemuConnectMonitor() failed.

2011-01-28  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix virtio channel tests
	As noticed by Eric, commit 8e28c5d40200b4c5d483bd585d237b9d870372e5,
	which fixed generation of virtio-serial port numbers, forgot to adjust
	test files which resulted in make check failure.

2011-01-28  Justin Clift  <jclift@redhat.com>

	docs: expand the man page text for virsh setmaxmem
	Addresses BZ # 622534:
	  https://bugzilla.redhat.com/show_bug.cgi?id=622534

2011-01-28  Eric Blake  <eblake@redhat.com>

	event: fix event-handling allocation crash
	Regression introduced in commit e6b68d7 (Nov 2010).
	Prior to that point, handlesAlloc was always a multiple of
	EVENT_ALLOC_EXTENT (10), and was an int (so even if the subtraction
	had been able to wrap, a negative value would be less than the count
	not try to free the handles array).  But after that point,
	VIR_RESIZE_N made handlesAlloc grow geometrically (with a pattern of
	10, 20, 30, 45 for the handles array) but still freed in multiples of
	EVENT_ALLOC_EXTENT; and the count changed to size_t.  Which means that
	after 31 handles have been created, then 30 handles destroyed,
	handlesAlloc is 5 while handlesCount is 1, and since (size_t)(1 - 5)
	is indeed greater than 1, this then tried to free 10 elements, which
	had the awful effect of nuking the handles array while there were
	still live handles.
	Nuking live handles puts libvirtd in an inconsistent state, and was
	easily reproducible by starting and then stopping 60 faqemu guests.
	* daemon/event.c (virEventCleanupTimeouts, virEventCleanupHandles):
	Avoid integer wrap-around causing us to delete the entire array
	while entries are still active.
	* tests/eventtest.c (mymain): Expose the bug.

2011-01-27  Justin Clift  <jclift@redhat.com>

	docs: fix incorrect XML element mentioned by setmem text

2011-01-27  Osier Yang  <jyang@redhat.com>

	remote: Add extra parameter pkipath for URI
	This new parameter allows user specifies where the client
	cerficate, client key, CA certificate of x509 is, instead of
	hardcoding it. If 'pkipath' is not specified, and the user
	is not root, try to find files in $HOME/.pki/libvirt, as long
	as one of client cerficate, client key, CA certificate can
	not be found, use default global location (LIBVIRT_CACERT,
	LIBVIRT_CLIENTCERT, LIBVIRT_CLIENTKEY, see
	src/remote/remote_driver.h)
	Example of use:
	[root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
	error: Cannot access CA certificate '/tmp/pki/client/cacert.pem': No such file
	or directory
	error: failed to connect to the hypervisor
	[root@Osier client]# ls -l
	total 24
	-rwxrwxr-x. 1 root root 6424 Jan 24 21:35 a.out
	-rw-r--r--. 1 root root 1245 Jan 23 19:04 clientcert.pem
	-rw-r--r--. 1 root root  132 Jan 23 19:04 client.info
	-rw-r--r--. 1 root root 1679 Jan 23 19:04 clientkey.pem
	[root@Osier client]# cp /tmp/cacert.pem .
	[root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
	Welcome to virsh, the virtualization interactive terminal.
	Type:  'help' for help with commands
	'quit' to quit
	virsh #
	* src/remote/remote_driver.c: adds support for the new pkipath URI parameter

	storage: Round up capacity for LVM volume creation
	If vol->capacity is odd, the capacity will be rounded down
	by devision, this patch is to round it up instead of rounding
	down, to be safer in case of one writes to the volume with the
	size he used to create.
	- src/storage/storage_backend_logical.c: make sure size is not rounded down

2011-01-27  Daniel Veillard  <veillard@redhat.com>

	Update localization files from Fedora i10n

2011-01-27  David Allan  <dallan@redhat.com>

	Do not use virtio-serial port 0 for generic ports
	Per the discussion in:
	https://bugzilla.redhat.com/show_bug.cgi?id=670394
	The port numbering should start from 1, not 0.  We assign maxport + 1,
	so start maxport at 0.

2011-01-26  Laine Stump  <laine@laine.org>

	Manually kill gzip if restore fails before starting qemu
	If a guest image is saved in compressed format, and the restore fails
	in some way after the intermediate process used to uncompress the
	image has been started, but before qemu has been started to hook up to
	the uncompressor, libvirt will endlessly wait for the uncompressor to
	finish, but it never will because it's still waiting to have something
	hooked up to drain its output.
	The solution is to close the pipes on both sides of the uncompressor,
	then send a SIGTERM before calling waitpid on it (only if the restore
	has failed, of course).

2011-01-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix setup of lib directory with autogen.sh --system
	On x86_64 hosts, /usr/lib64 must be used instead of /usr/lib
	Rather than attempt to whitelist architectures, just check
	for existance of /usr/lib64
	* autogen.sh: Fix to use /usr/lib64 if it exists

	Add check for poll error events in monitor
	Handle poll errors in the same way as hangup event
	* src/qemu/qemu_monitor.c: Handle error events

	Filter out certain expected error messages from libvirtd
	Add a hook to the error reporting APIs to allow specific
	error messages to be filtered out. Wire up libvirtd to
	remove VIR_ERR_NO_DOMAIN & similar error codes from the
	logs. They are still logged at DEBUG level.
	* daemon/libvirtd.c: Filter VIR_ERR_NO_DOMAIN and friends
	* src/libvirt_private.syms, src/util/virterror.c,
	  src/util/virterror_internal.h: Hook for changing error
	  reporting level

	Revert all previous error log priority hacks
	This reverts the additions in commit
	  abff683f78ffd01df5005fb7a457c0b38b8eb6e1
	taking us back to state where all errors are fully logged
	in both libvirtd and normal clients.
	THe intent was to stop VIR_ERR_NO_DOMAIN (No such domain
	with UUID XXXX) messages from client apps polluting syslog
	The change affected all error codes, but more seriously,
	it also impacted errors from internal libvirtd infrastructure
	For example guest autostart no longer logged errors. The
	libvirtd network code no longer logged some errors. This
	makes debugging incredibly hard
	* daemon/libvirtd.c: Remove error log priority filter
	* src/util/virterror.c, src/util/virterror_internal.h: Remove
	  callback for overriding log priority

	Cleanup code style in logging APIs
	Remove use of brackets around following return statement.
	Fix indentation of two switch statements

2011-01-26  Laine Stump  <laine@laine.org>

	Set SELinux context label of pipes used for qemu migration
	This patch is a partial resolution to the following bug:
	   https://bugzilla.redhat.com/show_bug.cgi?id=667756
	(to complete the fix, an updated selinux-policy package is required,
	to add the policy that allows libvirt to set the context of a fifo,
	which was previously not allowed).
	Explanation : When an incoming migration is over a pipe (for example,
	if the image was compressed and is being fed through gzip, or was on a
	root-squash nfs server, so needed to be opened by a child process
	running as a different uid), qemu cannot read it unless the selinux
	context label for the pipe has been set properly.
	The solution is to check the fd used as the source of the migration
	just before passing it to qemu; if it's a fifo (implying that it's a
	pipe), we call the newly added virSecurityManagerSetFDLabel() function
	to set the context properly.

	Add a function to the security driver API that sets the label of an open fd.
	A need was found to set the SELinux context label on an open fd (a
	pipe, as a matter of fact). This patch adds a function to the security
	driver API that will set the label on an open fd to secdef.label. For
	all drivers other than the SELinux driver, it's a NOP. For the SElinux
	driver, it calls fsetfilecon().
	If the return is a failure, it only returns error up to the caller if
	1) the desired label is different from the existing label, 2) the
	destination fd is of a type that supports setting the selinux context,
	and 3) selinux is in enforcing mode. Otherwise it will return
	success. This follows the pattern of the existing function
	SELinuxSetFilecon().

2011-01-26  Justin Clift  <jclift@redhat.com>

	docs: add a link to the bindings page under the downloads menu item
	So people looking to download the language bindings, but don't know
	they're under the "Docs" area.

2011-01-26  Michal Privoznik  <mprivozn@redhat.com>

	virsh: require --mac to avoid detach-interface ambiguity
	bugfix for https://bugzilla.redhat.com/show_bug.cgi?id=671050
	virsh simply refutes to detach-interface in case when multiple
	interfaces are attached and --mac is not specified.

2011-01-26  Wen Congyang  <wency@cn.fujitsu.com>

	dispatch error before return

2011-01-26  Osier Yang  <jyang@redhat.com>

	qemu: Error prompt when managed save a shutoff domain
	The problem was introduced by commit 4303c91, which removed the checking
	of domain state, this patch is to fix it.
	Otherwise, improper error will be thrown, e.g.
	error: Failed to save domain rhel6 state
	error: cannot resolve symlink /var/lib/libvirt/qemu/save/rhel6.save: No such
	file or directory

2011-01-25  Eric Blake  <eblake@redhat.com>

	build: avoid corrupted gnulib/tests/Makefile
	Running 'make check' can sometimes fail in the gnulib/tests
	subdirectory, when doing an incremental build, because
	./bootstrap generates a Makefile.am that tries to refer to
	../../.. instead of ../.., and gets lost.
	This may be an upstream gnulib bug, where a more elegant
	solution will present itself in the future:
	http://thread.gmane.org/gmane.comp.lib.gnulib.bugs/24898
	But in the meantime, I was able to reproduce both the issue,
	and this solution to work around it.
	* bootstrap.conf (bootstrap_epilogue): Ensure that no stray
	../../.. components remain in gnulib/tests/Makefile.in.
	Reported by Serge Hallyn.

2011-01-25  Cole Robinson  <crobinso@redhat.com>

	qemu: sound: Support intel 'ich6' model
	In QEMU, the card itself is a PCI device, but it requires a codec
	(either -device hda-output or -device hda-duplex) to actually output
	sound. Specifying <sound model='ich6'/> gives us -device intel-hda
	-device hda-duplex I think it's important that a simple <sound model='ich6'/>
	sets up a useful codec, to have consistent behavior with all other sound cards.
	This is basically Dan's proposal of
	    <sound model='ich6'>
	        <codec type='output' slot='0'/>
	        <codec type='duplex' slot='3'/>
	    </sound>
	without the codec bits implemented.
	The important thing is to keep a consistent API here, we don't want some
	<sound> devs require tweaking codecs but not others. Steps I see to
	accomplishing this:
	    - every <sound> device has a <codec type='default'/> (unless codecs are
	        manually specified)
	    - <codec type='none'/> is required to specify 'no codecs'
	    - new audio settings like mic=on|off could then be exposed in
	        <sound> or <codec> in a consistent manner for all sound models
	v2:
	    Use model='ich6'
	v3:
	    Use feature detection, from eblake
	    Set codec id, bus, and cad values
	v4:
	    intel-hda isn't supported if -device isn't available
	v5:
	    Comment spelling fixes

2011-01-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	vmx: Use VIR_ERR_CONFIG_UNSUPPORTED when appropriated

2011-01-22  Eric Blake  <eblake@redhat.com>

	event: fix event-handling data race
	This bug has been present since before the time that commit
	f8a519 (Dec 2008) tried to make the dispatch loop re-entrant.
	Dereferencing eventLoop.handles outside the lock risks crashing, since
	any other thread could have reallocated the array in the meantime.
	It's a narrow race window, however, and one that would have most
	likely resulted in passing bogus data to the callback rather than
	actually causing a segv, which is probably why it has gone undetected
	this long.
	* daemon/event.c (virEventDispatchHandles): Cache data while
	inside the lock, as the array might be reallocated once outside.

	build: fix 'make check' with older git
	* .gnulib: Update to latest, for maintainer-makefile fix.
	Reported by Matthias Bolte.

2011-01-22  Cole Robinson  <crobinso@redhat.com>

	Push unapplied fixups for previous patch
	- Add augeas tests
	- Clarify vnc_auto_unix_socket precedence in qemu.conf

	qemu: Add conf option to auto setup VNC unix sockets
	If vnc_auto_unix_socket is enabled, any VNC devices without a hardcoded
	listen or socket value will be setup to serve over a unix socket in
	/var/lib/libvirt/qemu/$vmname.vnc.
	We store the generated socket path in the transient VM definition at
	CLI build time.

	qemu: Allow serving VNC over a unix domain socket
	QEMU supports serving VNC over a unix domain socket rather than traditional
	TCP host/port. This is specified with:
	<graphics type='vnc' socket='/foo/bar/baz'/>
	This provides better security access control than VNC listening on
	127.0.0.1, but will cause issues with tools that rely on the lax security
	(virt-manager in fedora runs as regular user by default, and wouldn't be
	able to access a socket owned by 'qemu' or 'root').
	Also not currently supported by any clients, though I have patches for
	virt-manager, and virt-viewer should be simple to update.
	v2:
	    schema: Make listen vs. socket a <choice>

	qemu: Set domain def transient at beginning of startup process
	This will allow us to record transient runtime state in vm->def, like
	default VNC parameters. Accomplish this by adding an extra 'live' parameter
	to SetDefTransient, with similar semantics to the 'live' flag for
	AssignDef.

2011-01-22  Eric Blake  <eblake@redhat.com>

	maint: support --no-git option during autogen.sh
	https://bugzilla.redhat.com/show_bug.cgi?id=562743
	Also, fixes gnulib bug in dealing with strerror_r from glibc 2.13.
	* .gnulib: Update to latest, for improved bootstrap.
	* bootstrap: Resync from gnulib.
	* autogen.sh (bootstrap): Add --bootstrap-sync, to make it easier
	to keep bootstrap up-to-date.  Pass optional --no-git through.
	Reported by Aleksey Avdeev.

2011-01-22  Jim Fehlig  <jfehlig@novell.com>

	[v2] qemu: Retry JSON monitor cont cmd on MigrationExpected error
	When restoring a saved qemu instance via JSON monitor, the vm is
	left in a paused state.  Turns out the 'cont' cmd was failing with
	"MigrationExpected" error class and "An incoming migration is
	expected before this command can be executed" error description
	due to migration (restore) not yet complete.
	Detect if 'cont' cmd fails with "MigrationExpecte" error class and
	retry 'cont' cmd.
	V2: Fix potential double-free noted by Laine Stump

2011-01-22  Osier Yang  <jyang@redhat.com>

	qemu: report more proper error for unsupported graphics
	Report VIR_ERR_CONFIG_UNSUPPORTED instead of VIR_ERR_INTERNAL_ERROR,
	as it's valid in our domain schema, just unsupported by hypervisor
	here.
	* src/qemu/qemu_command.c

2011-01-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix startup with VNC password expiry on old QEMU
	The code which set VNC passwords correctly had fallback for
	the set_password command, but was lacking it for the
	expire_password command. This made it impossible to start
	a guest. It also failed to check whether QEMU was still
	running after the initial 'set_password' command completed
	* src/qemu/qemu_hotplug.c: Fix error handling when
	  password expiry fails
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Fix
	  return code for missing expire_password command

	Fix error reporting when machine type probe fails
	Avoid overwriting the real error message with a generic
	OOM failure message, when machine type probe fails
	* src/qemu/qemu_driver.c: Don't overwrite error

	Avoid crash in security driver if model is NULL
	If the XML security model is NULL, it is assumed that the current
	model will be used with dynamic labelling. The verify step is
	meaningless and potentially crashes if dereferencing NULL
	* src/security/security_manager.c: Skip NULL model on verify

2011-01-21  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: Fix a possible deadlock in p2p migration
	The function virUnrefConnect() may call virReleaseConnect() to release
	the dest connection, and the function virReleaseConnect() will call
	conn->driver->close().
	So the function virUnrefConnect() should be surrounded by
	qemuDomainObjEnterRemoteWithDriver() and
	qemuDomainObjExitRemoteWithDriver() to prevent possible deadlock between
	two communicating libvirt daemons.
	See commit f0c8e1cb3774d6f09e2681ca1988bf235a343007 for further details.

2011-01-20  Eric Blake  <eblake@redhat.com>

	docs: document <controller> element
	* docs/formatdomain.html.in: Talk about <controller> and <address>
	throughout.

2011-01-20  Justin Clift  <jclift@redhat.com>

	docs: move the apps page to the top level as its good promo

	docs: added new entries to apps page, plus adjusted a few existing
	Added new entries for Hudson, LCFG, Tivoli Provisioning Manager,
	virt-what, and Zenoss.  Adjusted the existing entries for BuildBot
	and vmware2libvirt.

2011-01-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid sending STOPPED event twice
	In some circumstances, libvirtd would issue two STOPPED events after it
	stopped a domain. This was because an EOF event can arrive after a qemu
	process is killed but before qemuMonitorClose() is called.
	qemuHandleMonitorEOF() should ignore EOF when the domain is not running.
	I wasn't able to reproduce this bug directly, only after adding an
	artificial sleep() into qemudShutdownVMDaemon().

	qemu: Fail if per-device boot is used but deviceboot is not supported

	spec: Start libvirt-guests only if it's on in current runlevel

2011-01-19  Daniel P. Berrange  <berrange@redhat.com>

	Remove redundant brackets around return values
	A large number of return values used 'return (0)' instead
	of simply 'return 0'. Remove all these redundant brackets
	so the style is consistent throughout the file
	* src/libvirt.c: Remove redundant brackets

	Increase size of driver table to make UML work again
	The driver table only has 10 slots, but there are potentially
	11 drivers that need activating. Improve the error message
	when driver registration fails
	* src/libvirt.c: Increase driver table size & improve errors

	Turn libvirt.c error reporting functions into macros
	The virLibConnError() function (and related ones) do not correctly
	report line number info. Turn them all into macros so line numbers
	are reported correctly. Drop the connection object in all of them
	since it is no longer used.
	Also from the virLibConnWarning() equivalents completely. Now
	that the Xen driver is running 100% inside libvirtd, those
	codepaths for secondary drivers cannot be reached.
	* src/libvirt.c: Replace error functions with macros

2011-01-19  Eric Blake  <eblake@redhat.com>

	docs: document <sysinfo> and <smbios> elements
	* docs/formatdomain.html.in: Talk about <sysinfo> throughout.

	build: use more gnulib modules for simpler code
	* .gnulib: Update to latest, for sigpipe and sigaction modules.
	* bootstrap.conf (gnulib_modules): Add siaction, sigpipe, strerror_r.
	* tools/virsh.c (vshSetupSignals) [!SIGPIPE]: Delete, now that
	gnulib guarantees it.
	(SA_SIGINFO): Define for mingw fallback.
	* src/util/virterror.c (virStrerror): Simplify, now that gnulib
	guarantees the POSIX interface.
	* configure.ac (AC_CHECK_FUNCS_ONCE): Drop redundant check.
	(AM_PROG_CC_STDC): Move earlier, to keep autoconf happy.

2011-01-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	Remove two unused PATH_MAX-sized char arrays from the stack

	Use VIR_ERR_OPERATION_INVALID when appropriated
	VIR_ERR_OPERATION_INVALID means that the operation is not valid
	for the current state of the involved object.

	Fix misuse of VIR_ERR_INVALID_* error code
	VIR_ERR_INVALID_* is meant for invalid pointers only.

	Simplify "NWFilterPool" to "NWFilter"
	The public object is called NWFilter but the corresponding private
	object is called NWFilterPool. I don't see compelling reasons for this
	Pool suffix. One might argue that an NWFilter is a "pool" of rules, etc.
	Remove the Pool suffix from NWFilterPool. No functional change included.

	datatypes: Fix outdated function names in the documentation

	Add documentation for VIR_DOMAIN_MEMORY_PARAM_UNLIMITED
	Otherwise apibuild.py complains about it.

	datatypes: Get virSecretFreeName in sync with the other free functions

	docs: Move the "Network Filtering" page one level up in the hierarchy
	"Network Filtering" is not directly related to "Networks".
	Suggested by Daniel P. Berrange.

2011-01-19  Justin Clift  <jclift@redhat.com>

	docs: add buildbot to the apps page

2011-01-19  Eric Blake  <eblake@redhat.com>

	qemu: don't fail capabilities check on 0.12.x
	Fixes regression introduced in commit 2211518, where all qemu 0.12.x
	fails to start, as does qemu 0.13.x lacking the pci-assign device.
	Prior to 2211518, the code was just ignoring a non-zero exit status
	from the qemu child, but the virCommand code checked this to avoid
	masking any other issues, which means the real bug of provoking
	non-zero exit status has been latent for a longer time.
	* src/qemu/qemu_capabilities.c (qemuCapsExtractVersionInfo): Check
	for -device driver,? support.
	(qemuCapsExtractDeviceStr): Avoid failure if all probed devices
	are unsupported.
	Reported by Ken Congyang.

2011-01-19  Justin Clift  <jclift@redhat.com>

	docs: add new conversion heading to the apps listing

	docs: updated windows page for new 0.8.7 installer

2011-01-18  Eric Blake  <eblake@redhat.com>

	qemu: use -incoming fd:n to avoid qemu holding fd indefinitely
	https://bugzilla.redhat.com/show_bug.cgi?id=620363
	When using -incoming stdio or -incoming exec:, qemu keeps the
	stdin fd open long after the migration is complete.  Not to
	mention that exec:cat is horribly inefficient, by doubling the
	I/O and going through a popen interface in qemu.
	The new -incoming fd: of qemu 0.12.0 closes the fd after using
	it, and allows us to bypass an intermediary cat process for
	less I/O.
	* src/qemu/qemu_command.h (qemuBuildCommandLine): Add parameter.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Support
	migration via fd: when possible.  Consolidate migration handling
	into one spot, now that it is more complex.
	* src/qemu/qemu_driver.c (qemudStartVMDaemon): Update caller.
	* tests/qemuxml2argvtest.c (mymain): Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-restore-v2-fd.args: New file.
	* tests/qemuxml2argvdata/qemuxml2argv-restore-v2-fd.xml: Likewise.

2011-01-18  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add tests for per-device boot elements

	qemu: Support per-device boot ordering
	Support for this is included in qemu and seabios from upstream git.

	Introduce per-device boot element
	Currently, boot order can be specified per device class but there is no
	way to specify exact disk/NIC device to boot from.
	This patch adds <boot order='N'/> element which can be used inside
	<disk/> and <interface/>. This is incompatible with the older os/boot
	element. Since not all hypervisors support per-device boot
	specification, new deviceboot flag is included in capabilities XML for
	hypervisors which understand the new boot element. Presence of the flag
	allows (but doesn't require) users to use the new style boot order
	specification.

	conf: Move boot parsing into a separate function

2011-01-17  Eric Blake  <eblake@redhat.com>

	build: let xgettext see strings in libvirt-guests
	* tools/libvirt-guests.init.in: Rename...
	* tools/libvirt-guests.init.sh: ...so that xgettext's language
	detection via suffix will work.
	* po/POTFILES.in: Update all references.
	* tools/Makefile.am (EXTRA_DIST, libvirt-guests.init): Likewise.

2011-01-17  Laurent Léonard  <laurent@open-minds.org>

	libvirt-guests: remove bashisms
	* tools/libvirt-guests.init.sh: Use only POSIX shell features, which
	includes using gettext.sh for translation rather than $"".
	* tools/Makefile.am (libvirt-guests.init): Supply a few more substitutions.
	* po/POTFILES.in: Mark that libvirt-guests.init needs translation.

2011-01-17  Daniel Veillard  <veillard@redhat.com>

	A couple of fixes for the search PHP code

2011-01-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Remove obsolete secaatest
	Before the security driver was refactored in d6623003 seclabeltest and
	secaatest were basically the same. seclabeltest was meant for SELinux
	and secaatest for AppArmor. Both tests exited early when the specific
	security driver backend wasn't enabled.
	With the new security manager trying to initialize a disabled security
	driver backend is an error that can't be distinguished from other errors
	anymore. Therefore, the updated seclabeltest just asks for the first
	available backend as this will always work even with SELinux and AppArmor
	backend being disabled due to the new Nop backend.
	Remove the obsolete secaatest and compile and run the seclabeltest
	unconditional.
	This fixes make check on systems that support AppArmor.

	virsh: Use WITH_SECDRIVER_APPARMOR to detect AppArmor support
	There is no ENABLE_SECDRIVER_APPARMOR.

2011-01-15  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	memtune: Let virsh know the unlimited value for memory tunables
	Display or set unlimited values for memory parameters. Unlimited is
	represented by INT64_MAX in memory cgroup.
	Reported-by: Justin Clift <jclift@redhat.com>

2011-01-15  Eric Blake  <eblake@redhat.com>

	maint: improve sc_prohibit_strncmp syntax check
	* .gnulib: Update, for sc_prohibit_strcmp fix.
	* cfg.mk: Adjust copyright; the only FSF portions come from when
	this file was copied from coreutils.
	(sc_prohibit_strncmp): Copy bug-fixes from sc_prohibit_strcmp.
	* .x-sc_prohibit_strcmp: Delete, now that rule is smarter.
	* .x-sc_prohibit_strncmp: Likewise.
	* Makefile.am (syntax_check_exceptions): Track deletion.

	datatypes: avoid redundant __FUNCTION__
	virLibConnError already includes __FUNCTION__ in its output, so we
	were redundant.  Furthermore, clang warns that __FUNCTION__ is not
	a string literal (at least __FUNCTION__ will never contain %, so
	it was not a security risk).
	* src/datatypes.c: Replace __FUNCTION__ with a descriptive string.

2011-01-15  Laine Stump  <laine@laine.org>

	Enable tuning of qemu network tap device "sndbuf" size
	This is in response to a request in:
	   https://bugzilla.redhat.com/show_bug.cgi?id=665293
	In short, under heavy load, it's possible for qemu's networking to
	lock up due to the tap device's default 1MB sndbuf being
	inadequate. adding "sndbuf=0" to the qemu commandline -netdevice
	option will alleviate this problem (sndbuf=0 actually sets it to
	0xffffffff).
	Because we must be able to explicitly specify "0" as a value, the
	standard practice of "0 means not specified" won't work here. Instead,
	virDomainNetDef also has a sndbuf_specified, which defaults to 0, but
	is set to 1 if some value was given.
	The sndbuf value is put inside a <tune> element of each <interface> in
	the domain. The intent is that further tunable settings will also be
	placed inside this element.
	     <interface type='network'>
	       ...
	       <tune>
	         <sndbuf>0</sndbuf>
	       ...
	       </tune>
	     </interface>

	Add XML config switch to enable/disable vhost-net support
	This patch is in response to
	  https://bugzilla.redhat.com/show_bug.cgi?id=643050
	The existing libvirt support for the vhost-net backend to the virtio
	network driver happens automatically - if the vhost-net device is
	available, it is always enabled, otherwise the standard userland
	virtio backend is used.
	This patch makes it possible to force whether or not vhost-net is used
	with a bit of XML. Adding a <driver> element to the interface XML, eg:
	     <interface type="network">
	       <model type="virtio"/>
	       <driver name="vhost"/>
	will force use of vhost-net (if it's not available, the domain will
	fail to start). if driver name="qemu", vhost-net will not be used even
	if it is available.
	If there is no <driver name='xxx'/> in the config, libvirt will revert
	to the pre-existing automatic behavior - use vhost-net if it's
	available, and userland backend if vhost-net isn't available.

2011-01-15  Marc-André Lureau  <marcandre.lureau@redhat.com>

	Use the new set_password monitor command to set password.
	We try to use that command first when setting a VNC/SPICE password. If
	that doesn't work we fallback to the legacy VNC only password
	Allow an expiry time to be set, if that doesn't work, throw an error
	if they try to use SPICE.
	Change since v1:
	- moved qemuInitGraphicsPasswords to qemu_hotplug, renamed
	  to qemuDomainChangeGraphicsPasswords.
	- updated what looks like a typo (that appears to work anyway) in
	  initial patch from Daniel:
	    - ret = qemuInitGraphicsPasswords(driver, vm,
	    -                                 VIR_DOMAIN_GRAPHICS_TYPE_SPICE,
	    -                                 &vm->def->graphics[0]->data.vnc.auth,
	    -                                 driver->vncPassword);
	    + ret = qemuInitGraphicsPasswords(driver, vm,
	    +                                 VIR_DOMAIN_GRAPHICS_TYPE_SPICE,
	    +                                 &vm->def->graphics[0]->data.spice.auth,
	    +                                 driver->spicePassword);
	Based on patch by Daniel P. Berrange <berrange@redhat.com>.

	qemu: add set_password and expire_password monitor commands

2011-01-15  Jim Fehlig  <jfehlig@novell.com>

	Fix 'make check' after commit 04197350
	I broke 'make check' with commit 04197350 by unconditionally
	emitting 'hap=' in xen xm driver.  Only emit 'hap=' if
	xendConfigVersion >= 3.  I've tested sending 'hap=' to a Xen 3.2
	machine without support for hap setting and verified that xend
	silently drops the unrecognized setting.

2011-01-15  Eric Blake  <eblake@redhat.com>

	qemu: move monitor device out of domain_conf common code
	* src/conf/domain_conf.h (virDomainChrDeviceType): Drop monitor.
	* src/conf/domain_conf.c (virDomainChrDevice)
	(virDomainChrDefParseTargetXML, virDomainChrDefFormat): Drop
	monitor support.
	* src/qemu/qemu_command.h (qemuBuildCommandLine): Alter signature.
	* src/qemu/qemu_monitor.h (qemuMonitorOpen): Likewise.
	* src/qemu/qemu_domain.h (_qemuDomainObjPrivate): Change type of
	monConfig.
	* src/qemu/qemu_domain.c (qemuDomainObjPrivateFree)
	(qemuDomainObjPrivateXMLFormat, qemuDomainObjPrivateXMLParse):
	Adjust to type change.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Likewise.
	* src/qemu/qemu_driver.c (qemuPrepareMonitorChr)
	(qemudStartVMDaemon, qemuDomainXMLToNative, qemuConnectMonitor)
	(qemudShutdownVMDaemon): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorOpen): Likewise.
	* tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Likewise.

	domain_conf: split source data out from ChrDef
	This opens up the possibility of reusing the smaller ChrSourceDef
	for both qemu monitor and a passthrough smartcard device.
	* src/conf/domain_conf.h (_virDomainChrDef): Factor host
	details...
	(_virDomainChrSourceDef): ...into new struct.
	(virDomainChrSourceDefFree): New prototype.
	* src/conf/domain_conf.c (virDomainChrDefFree)
	(virDomainChrDefParseXML, virDomainChrDefFormat): Split...
	(virDomainChrSourceDefClear, virDomainChrSourceDefFree)
	(virDomainChrSourceDefParseXML, virDomainChrSourceDefFormat):
	...into new functions.
	(virDomainChrDefParseTargetXML): Update clients to reflect type
	split.
	* src/vmx/vmx.c (virVMXParseSerial, virVMXParseParallel)
	(virVMXFormatSerial, virVMXFormatParallel): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainOpenConsole): Likewise.
	* src/xen/xend_internal.c (xenDaemonParseSxprChar)
	(xenDaemonFormatSxprChr): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainDumpXML, vboxAttachSerial)
	(vboxAttachParallel): Likewise.
	* src/security/security_dac.c (virSecurityDACSetChardevLabel)
	(virSecurityDACSetChardevCallback)
	(virSecurityDACRestoreChardevLabel)
	(virSecurityDACRestoreChardevCallback): Likewise.
	* src/security/security_selinux.c (SELinuxSetSecurityChardevLabel)
	(SELinuxSetSecurityChardevCallback)
	(SELinuxRestoreSecurityChardevLabel)
	(SELinuxSetSecurityChardevCallback): Likewise.
	* src/security/virt-aa-helper.c (get_files): Likewise.
	* src/lxc/lxc_driver.c (lxcVmStart, lxcDomainOpenConsole):
	Likewise.
	* src/uml/uml_conf.c (umlBuildCommandLineChr): Likewise.
	* src/uml/uml_driver.c (umlIdentifyOneChrPTY, umlIdentifyChrPTY)
	(umlDomainOpenConsole): Likewise.
	* src/qemu/qemu_command.c (qemuBuildChrChardevStr)
	(qemuBuildChrArgStr, qemuBuildCommandLine)
	(qemuParseCommandLineChr): Likewise.
	* src/qemu/qemu_domain.c (qemuDomainObjPrivateXMLFormat)
	(qemuDomainObjPrivateXMLParse): Likewise.
	* src/qemu/qemu_cgroup.c (qemuSetupChardevCgroup): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
	* src/qemu/qemu_driver.c (qemudFindCharDevicePTYsMonitor)
	(qemudFindCharDevicePTYs, qemuPrepareChardevDevice)
	(qemuPrepareMonitorChr, qemudShutdownVMDaemon)
	(qemuDomainOpenConsole): Likewise.
	* src/qemu/qemu_command.h (qemuBuildChrChardevStr)
	(qemuBuildChrArgStr): Delete, now that they are static.
	* src/libvirt_private.syms (domain_conf.h): New exports.
	* cfg.mk (useless_free_options): Update list.
	* tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Update
	tests.

2011-01-15  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Add support for Westmere CPU model

2011-01-14  Eric Blake  <eblake@redhat.com>

	qemu: improve device flag parsing
	* src/qemu/qemu_capabilities.h (qemuCapsParseDeviceStr): New
	prototype.
	* src/qemu/qemu_capabilities.c (qemuCapsParsePCIDeviceStrs)
	Rename and split...
	(qemuCapsExtractDeviceStr, qemuCapsParseDeviceStr): ...to make it
	easier to add and test device-specific checks.
	(qemuCapsExtractVersionInfo): Update caller.
	* tests/qemuhelptest.c (testHelpStrParsing): Also test parsing of
	device-related flags.
	(mymain): Update expected flags.
	* tests/qemuhelpdata/qemu-0.12.1-device: New file.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel60-device: New file.
	* tests/qemuhelpdata/qemu-kvm-0.12.3-device: New file.
	* tests/qemuhelpdata/qemu-kvm-0.13.0-device: New file.

	util: add missing string->integer conversion functions
	It was awkward having only int conversion in the virStrToLong family,
	but only long conversion in the virXPath family.  Make both families
	support both types.
	* src/util/util.h (virStrToLong_l, virStrToLong_ul): New
	prototypes.
	* src/util/xml.h (virXPathInt, virXPathUInt): Likewise.
	* src/util/util.c (virStrToLong_l, virStrToLong_ul): New
	functions.
	* src/util/xml.c (virXPathInt, virXPathUInt): Likewise.
	* src/libvirt_private.syms (util.h, xml.h): Export them.

2011-01-14  Justin Clift  <jclift@redhat.com>

	docs: clarify virsh setvcpus and setmem usage with active domains
	Addresses BZ # 622534:
	  https://bugzilla.redhat.com/show_bug.cgi?id=622534

2011-01-14  Eric Blake  <eblake@redhat.com>

	qemu: convert capabilities to use virCommand
	* src/qemu/qemu_capabilities.c (qemuCapsProbeMachineTypes)
	(qemuCapsProbeCPUModels, qemuCapsParsePCIDeviceStrs)
	(qemuCapsExtractVersionInfo): Use virCommand rather than virExec.

2011-01-14  Justin Clift  <jclift@redhat.com>

	virsh: ensure --maximum flag used only with --config for setvcpus

2011-01-14  Jim Fehlig  <jfehlig@novell.com>

	Document HAP domain feature
	Add HAP feature to schema and documentation.

	Add HAP to xen hypervisor capabilities
	xen-unstable c/s 16931 introduced a per-domain setting for hvm
	guests to enable/disable hardware assisted paging.  If disabled,
	software techniques such as shadow page tables are used.  If enabled,
	and the feature exists in underlying hardware, hardware support for
	paging is used.
	Xen does not provide a mechanism to discover the HAP capability, so
	we advertise its availability for hvm guests on Xen >= 3.3.

	Add support for HAP feature to xen drivers
	xen-unstable c/s 16931 introduced a per-domain setting for hvm
	guests to enable/disable hardware assisted paging.  If disabled,
	software techniques such as shadow page tables are used.  If enabled,
	and the feature exists in underlying hardware, hardware support for
	paging is used.
	This provides implementation for mapping HAP setting to/from
	domxml/native formats in xen drivers.

	Add HAP to virDomainFeature enum
	Extend the virDomainFeature enumeration to include HAP (hardware
	assisted paging) feature.
	Hardware features such as Extended Page Table and Nested Page
	Table augment hypervisor software techniques such as shadow
	page table.  Adding HAP to the virDomainFeature enumeration
	allows users to select between hardware and software memory
	management mechanisms for their guests.

2011-01-13  Eric Blake  <eblake@redhat.com>

	tests: virsh is no longer in builddir/src
	Commit 870dba0 (Mar 2008) added builddir/src to PATH to pick
	up virsh.  Later, virsh was moved to tools; commit db68d6b
	(Oct 2009) noticed this, but only added the new location rather
	than deleting the old location.
	* tests/Makefile.am (path_add): Drop now-useless directory.
	Suggested by Daniel P. Berrange.

	virFindFileInPath: only find executable non-directory
	Without this patch, at least tests/daemon-conf (which sticks
	$builddir/src in the PATH) tries to execute the directory
	$builddir/src/qemu rather than a real qemu binary.
	* src/util/util.h (virFileExists): Adjust prototype.
	(virFileIsExecutable): New prototype.
	* src/util/util.c (virFindFileInPath): Reject non-executables and
	directories.  Avoid huge stack allocation.
	(virFileExists): Use lighter-weight syscall.
	(virFileIsExecutable): New function.
	* src/libvirt_private.syms (util.h): Export new function.

2011-01-13  Daniel Veillard  <veillard@redhat.com>

	Fix old PHP syntax in the search online form

2011-01-13  Eric Blake  <eblake@redhat.com>

	build: restore mingw build
	* bootstrap.conf (gnulib_modules): Add chown.

2011-01-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix memory leak in HostSystem managed object free function

2011-01-13  Justin Clift  <jclift@redhat.com>

	docs: fix trivial typos in currentMemory description

2011-01-13  Wen Congyang  <wency@cn.fujitsu.com>

	doc: improve the documentation of desturi

	report error when specifying wrong desturi
	When we do peer2peer migration, the dest uri is an address of the
	target host as seen from the source machine. So we must specify
	the ip or hostname of target host in dest uri. If we do not specify
	it, report an error to the user.

2011-01-13  Osier Yang  <jyang@redhat.com>

	qemu: Reject SDL graphic if it's not supported by qemu
	If the emulator doesn't support SDL graphic, we should reject
	the use of SDL graphic xml with error messages, but not ignore
	it silently, and pretend things are fine.
	"-sdl" flag was exposed explicitly by qemu since 0.10.0, more detail:
	http://www.redhat.com/archives/libvir-list/2011-January/msg00442.html
	And we already have capability flag "QEMUD_CMD_FLAG_0_10", which
	could be used to prevent the patch affecting the older versions
	of QEMU.
	* src/qemu/qemu_command.c

2011-01-12  Justin Clift  <jclift@redhat.com>

	docs: reorder apps page alphabetically, plus add libguestfs entries

	docs: add entry for archipel to the apps page

	docs: use xml entity encoding for extended character last name

2011-01-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Silently ignore missing registry key on Windows
	Don't report an error when the VirtualBox registry key is missing,
	as this just indicates that VirtualBox is not installed in general.
	This matches the behavior of the XPCOM glue that silently ignores
	a missing VBoxXPCOMC.so.

2011-01-11  Richard W.M. Jones  <rjones@redhat.com>

	qemu: Watchdog IB700 is not a PCI device (RHBZ#667091).
	Skip IB700 when assigning PCI slots.
	Note: the I6300ESB watchdog _is_ a PCI device.
	To test this: I applied this patch to libvirt-0.8.3-2.fc14 (rebasing
	it slightly: qemu_command.c didn't exist in that version) and
	installed this on my machine, then tested that I could successfully
	add an ib700 watchdog device to a guest, start the guest, and the
	ib700 was available to the guest.  I also added an i6300esb (PCI)
	watchdog to another guest, and verified that libvirt assigned a PCI
	device to it, that the guest could be started, and that i6300esb was
	present in the guest.
	Note that if you previously had a domain with a ib700 watchdog, it
	would have had an <address type='pci' .../> clause added to it in the
	libvirt configuration.  This patch does not attempt to remove this.
	You cannot start such a domain -- qemu gives an error if you try.
	With this patch you are able to remove the bogus address element
	without libvirt adding it back.

2011-01-11  Eric Blake  <eblake@redhat.com>

	cpu: plug memory leak
	* src/cpu/cpu_x86.c (x86ModelLoad): Free data before overwriting.

	network: plug memory leak
	* src/conf/network_conf.c (virNetworkDefParseXML): Release ipNodes.

	network: plug unininitialized read found by valgrind
	* src/util/network.c (virSocketAddrMask): Zero out port, so that
	iptables can initialize just the netmask then call
	virSocketFormatAddr without an uninitialized read in getnameinfo.

2011-01-11  Justin Clift  <jclift@redhat.com>

	docs: updated memtune info again in virsh command reference

2011-01-11  Cole Robinson  <crobinso@redhat.com>

	python: Use PyCapsule API if available
	On Fedore 14, virt-manager spews a bunch of warnings to the console:
	/usr/lib64/python2.7/site-packages/libvirt.py:1781: PendingDeprecationWarning: The CObject type is marked Pending Deprecation in Python 2.7.  Please use capsule objects instead.
	Have libvirt use the capsule API if available. I've verified this compiles
	fine on older python (2.6 in RHEL6 which doesn't have capsules), and
	virt-manager seems to function fine.

	event-test: Simplify debug on/off
	Make it easy to change debugging if being used by a client program.

	remote: Don't lose track of events when callbacks are slow
	After the remote driver runs an event callback, it unconditionally disables the
	loop timer, thinking it just flushed every queued event. This doesn't work
	correctly though if an event is queued while a callback is running.
	The events actually aren't being lost, it's just that the event loop didn't
	think there was anything that needed to be dispatched. So all those 'lost
	events' should actually get re-triggered if you manually kick the loop by
	generating a new event (like creating a new guest).
	The solution is to disable the dispatch timer _before_ we invoke any event
	callbacks. Events queued while a callback is running will properly reenable the
	timer.
	More info at https://bugzilla.redhat.com/show_bug.cgi?id=624252

2011-01-11  Daniel P. Berrange  <berrange@redhat.com>

	Refactor the security drivers to simplify usage
	The current security driver usage requires horrible code like
	    if (driver->securityDriver &&
	        driver->securityDriver->domainSetSecurityHostdevLabel &&
	        driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver,
	                                                              vm, hostdev) < 0)
	This pair of checks for NULL clutters up the code, making the driver
	calls 2 lines longer than they really need to be. The goal of the
	patchset is to change the calling convention to simply
	  if (virSecurityManagerSetHostdevLabel(driver->securityDriver,
	                                        vm, hostdev) < 0)
	The first check for 'driver->securityDriver' being NULL is removed
	by introducing a 'no op' security driver that will always be present
	if no real driver is enabled. This guarentees driver->securityDriver
	!= NULL.
	The second check for 'driver->securityDriver->domainSetSecurityHostdevLabel'
	being non-NULL is hidden in a new abstraction called virSecurityManager.
	This separates the driver callbacks, from main internal API. The addition
	of a virSecurityManager object, that is separate from the virSecurityDriver
	struct also allows for security drivers to carry state / configuration
	information directly. Thus the DAC/Stack drivers from src/qemu which
	used to pull config from 'struct qemud_driver' can now be moved into
	the 'src/security' directory and store their config directly.
	* src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update to
	  use new virSecurityManager APIs
	* src/qemu/qemu_security_dac.c,  src/qemu/qemu_security_dac.h
	  src/qemu/qemu_security_stacked.c, src/qemu/qemu_security_stacked.h:
	  Move into src/security directory
	* src/security/security_stack.c, src/security/security_stack.h,
	  src/security/security_dac.c, src/security/security_dac.h: Generic
	  versions of previous QEMU specific drivers
	* src/security/security_apparmor.c, src/security/security_apparmor.h,
	  src/security/security_driver.c, src/security/security_driver.h,
	  src/security/security_selinux.c, src/security/security_selinux.h:
	  Update to take virSecurityManagerPtr object as the first param
	  in all callbacks
	* src/security/security_nop.c, src/security/security_nop.h: Stub
	  implementation of all security driver APIs.
	* src/security/security_manager.h, src/security/security_manager.c:
	  New internal API for invoking security drivers
	* src/libvirt.c: Add missing debug for security APIs

2011-01-11  Osier Yang  <jyang@redhat.com>

	conf: Report error if invalid type specified for character device
	If invalid type is specified, e.g.
	<serial type='foo'>
	    <target port='0'/>
	</serial>
	We replace 'foo' with "null" type implicitly, without reporting an
	error message to tell the user, and "start" or "edit" the domain
	will be success.
	It's not good to guess what the user wants, This patch is to fix
	the problem.
	* src/conf/domain_conf.c

2011-01-10  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Fix core dumps if unix_sock_group is set
	Setting unix_sock_group to something else than default "root" in
	/etc/libvirt/libvirtd.conf prevents system libvirtd from dumping core on
	crash. This is because we used setgid(unix_sock_group) before binding to
	/var/run/libvirt/libvirt-sock* and setgid() back to original group.
	However, if a process changes its effective or filesystem group ID, it
	will be forbidden from leaving core dumps unless fs.suid_dumpable sysctl
	is set to something else then 0 (and it is 0 by default).
	Changing socket's group ownership after bind works better. And we can do
	so without introducing a race condition since we loosen access rights by
	changing the group from root to something else.

2011-01-08  Guido Günther  <agx@sigxcpu.org>

	Add AM_MAINTAINER_MODE
	and keep it enabled by default. This allows downstreams to turn it off
	via:
	./configure --disable-maintainer-mode
	as discussed in
	https://www.redhat.com/archives/virt-tools-list/2010-October/msg00049.html

2011-01-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Move occurrence check into esxVI_LookupObjectContentByType
	This simplifies the callers of esxVI_LookupObjectContentByType.

2011-01-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add domain autostart support

2011-01-07  Diego Elio Pettenò  <flameeyes@gmail.com>

	commandtest: avoid printing loader-control variables from commandhelper
	This avoids throwing the tests off if LD_LIBRARY_PATH or LD_PRELOAD or
	other variables are set.

2011-01-07  Justin Clift  <jclift@redhat.com>

	docs: updated release of virsh cmd reference, with memtune info

2011-01-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	vmx: Add support for video device VRAM size
	Update test suite accordingly.

	vbox: Use correct VRAM size unit
	VirtualBox uses megabyte, libvirt uses kilobyte.

2011-01-07  Osier Yang  <jyang@redhat.com>

	API: Improve log for domain related APIs
	Add VM name/UUID in log for domain related APIs.
	Format: "dom=%p, (VM: name=%s, uuid=%s), param0=%s, param1=%s
	*src/libvirt.c (introduce two macros: VIR_DOMAIN_DEBUG, and
	VIR_DOMAIN_DEBUG0)

2011-01-06  Eric Blake  <eblake@redhat.com>

	schema: tighten <serial><protocol type=...> relaxNG
	* docs/schemas/domain.rng (qemucdevSrcDef): Restrict list of
	supported <protocol type=> values.

2011-01-06  Kay Schubert  <kayegypt@web.de>

	bridge: Fix generation of dnsmasq's --dhcp-hostsfile option
	I added a host definition to a network definition:
	<network>
	  <name>Lokal</name>
	  <uuid>2074f379-b82c-423f-9ada-305d8088daaa</uuid>
	  <bridge name='virbr1' stp='on' delay='0' />
	  <ip address='192.168.180.1' netmask='255.255.255.0'>
	    <dhcp>
	      <range start='192.168.180.128' end='192.168.180.254' />
	      <host mac='23:74:00:03:42:02' name='somevm' ip='192.168.180.10' />
	    </dhcp>
	  </ip>
	</network>
	But due to the wrong if-statement the argument --dhcp-hostsfile doesn't get
	added to the dnsmasq command. The patch below fixes it for me.

2011-01-06  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix bogus warning about uninitialized saveptr
	The warning is bogus since strtok_r doesn't use the value when it's
	first called and initializes it for the following calls.

2011-01-06  Laine Stump  <laine@laine.org>

	Don't chown qemu saved image back to root after save if dynamic_ownership=0
	When dynamic_ownership=0, saved images must be owned by the same uid
	as is used to run the qemu process, otherwise restore won't work. To
	accomplish this, qemuSecurityDACRestoreSavedStateLabel() needs to
	simply return when it's called.
	This fix is in response to:
	  https://bugzilla.redhat.com/show_bug.cgi?id=661720

2011-01-06  Eric Blake  <eblake@redhat.com>

	maint: document dislike of mismatched if/else bracing
	* docs/hacking.html.in (Curly braces): Tighten recommendations to
	disallow if (cond) one-line; else { block; }.
	* HACKING: Regenerate.
	Suggested by Daniel P. Berrange.

2011-01-06  Laine Stump  <laine@laine.org>

	Log an error on attempts to add a NAT rule for non-IPv4 addresses
	Although the upper-layer code protected against it, it was possible to
	call iptablesForwardMasquerade() with an IPv6 address and have it
	attempt to add a rule to the MASQUERADE chain of ip6tables (which
	doesn't exist).
	This patch changes that function to check the protocol of the given
	address, generate an error log if it's not IPv4 (AF_INET), and finally
	hardcodes all the family parameters sent down to lower-level functions.

	Improve error reporting when parsing dhcp info for virtual networks
	This is partially in response to
	  https://bugzilla.redhat.com/show_bug.cgi?id=653300
	The crash in that report was coincidentally fixed when we switched
	from using inet_pton() to using virSocketParseAddr(), but the absence
	of an ip address in a dhcp static host definition was still silently
	ignored (and that entry discarded from the saved XML). This patch
	turns that into a logged failure; likewise if the entry has neither a
	mac address nor a name attribute (the entry is useless without at
	least one of those, plus an ip address).
	Since the network name is now pulled into this function in order for
	those error logs to be more informative, the other error messages in
	the function have also been changed to take advantage.

2011-01-05  Justin Clift  <jclift@redhat.com>

	docs: added libvirt-announce to contact page
	Also added explicit links to the subscription and
	archive pages for the user and developer mailing
	lists.

2011-01-05  Stefan Berger  <stefanb@us.ibm.com>

	qemu driver: fix positioning to end of log file
	While doing some testing with Qemu and creating huge logfiles I encountered the case where the VM could not start anymore due to the lseek() to the end of the Qemu VM's log file failing. The patch below fixes the problem by replacing the previously used 'int' with 'off_t'.
	To reproduce this error, you could do the following:
	dd if=/dev/zero of=/var/log/libvirt/qemu/<name of VM>.log bs=1024 count=$((1024*2048))
	and you should get an error like this:
	error: Failed to start domain <name of VM>
	error: Unable to seek to -2147482651 in /var/log/libvirt/qemu/<name of VM>.log: Success

2011-01-05  Eric Blake  <eblake@redhat.com>

	build: satisfy 'make syntax-check' regarding year change
	* .gnulib: Update to latest, to pick up 2011 copyrights.

2011-01-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.7
	* configure.ac libvirt.spec.in docs/news.html.in: bump version and add
	  documentation
	* po/*po*: regenerate po and pot files

2011-01-04  Eric Blake  <eblake@redhat.com>

	build: avoid compilation warnings
	Detected on cygwin:
	util/util.c: In function 'virSetUIDGID':
	util/util.c:2824: warning: format '%d' expects type 'int', but argument 7 has type 'gid_t' [-Wformat]
	(and three other lines)
	* src/util/util.c (virSetUIDGID): Cast, as is done elsewhere in
	this file, to avoid printf type mismatch warnings.

2011-01-04  Hu Tao  <hutao@cn.fujitsu.com>

	threadpool: allow NULL jobdata
	Don't require non-null jobdata to virThreadPoolSendJob().

2011-01-04  Chris Wright  <chrisw@redhat.com>

	node_device: udev driver does not handle SR-IOV devices
	The udev driver does not update a PCI device with its SR-IOV capabilities,
	when applicable, the way the hal driver does.  As a result, dumping the
	device's XML will not include the relevant physical or virtual function
	information.
	With this patch, the XML is correct:
	# virsh nodedev-dumpxml pci_0000_09_00_0
	<device>
	  <name>pci_0000_09_00_0</name>
	  <parent>pci_0000_00_1c_0</parent>
	  <driver>
	    <name>vxge</name>
	  </driver>
	  <capability type='pci'>
	    <domain>0</domain>
	    <bus>9</bus>
	    <slot>0</slot>
	    <function>0</function>
	    <product id='0x5833'>X3100 Series 10 Gigabit Ethernet PCIe</product>
	    <vendor id='0x17d5'>Neterion Inc.</vendor>
	    <capability type='virt_functions'>
	      <address domain='0x0000' bus='0x0a' slot='0x00' function='0x1'/>
	      <address domain='0x0000' bus='0x0a' slot='0x00' function='0x2'/>
	      <address domain='0x0000' bus='0x0a' slot='0x00' function='0x3'/>
	    </capability>
	  </capability>
	</device>
	# virsh nodedev-dumpxml pci_0000_0a_00_1
	<device>
	  <name>pci_0000_0a_00_1</name>
	  <parent>pci_0000_00_1c_0</parent>
	  <driver>
	    <name>vxge</name>
	  </driver>
	  <capability type='pci'>
	    <domain>0</domain>
	    <bus>10</bus>
	    <slot>0</slot>
	    <function>1</function>
	    <product id='0x5833'>X3100 Series 10 Gigabit Ethernet PCIe</product>
	    <vendor id='0x17d5'>Neterion Inc.</vendor>
	    <capability type='phys_function'>
	      <address domain='0x0000' bus='0x09' slot='0x00' function='0x0'/>
	    </capability>
	  </capability>
	</device>
	Cc: Dave Allan <dallan@redhat.com>

2011-01-01  Eric Blake  <eblake@redhat.com>

	virExec: fix logic bug
	As pointed out in https://bugzilla.redhat.com/show_bug.cgi?id=659855#c9,
	commit c3568ec2 introduced a regression where we no longer close any
	fd's beyond FD_SETSIZE.
	* src/util/util.c (__virExec): Continue to close fd's beyond
	keepfd range.
	Reported by Stefan Praszalowicz.

2011-01-01  Laine Stump  <laine@laine.org>

	Improve virSocketAddrMask[ByPrefix] API
	The original version of these functions would modify the address sent
	in, meaning that the caller would usually need to copy the address
	first. This change makes the original a const, and puts the resulting
	masked address into a new arg (which could point to the same
	virSocketAddr as the original, if the caller really wants to modify
	it).
	This also makes the API consistent with virSocketAddrBroadcast[ByPrefix].

	Set broadcast address for IPv4 addresses on virtual network bridges
	Previously we used ioctl() to set the IP address and netmask of the
	bridges used for virtual networks, and apparently the SIOCSIFNETMASK
	ioctl implicitly set the broadcast address for the interface. The new
	method of using the "ip" command requires broadcast address to be
	explicitly specified though.

	Utility functions to produce an IPv4 broadcast address
	These functions work only for IPv4, becasue IPv6 doesn't have the same
	concept of "broadcast address" as IPv4. They merely OR the inverse of
	the netmask with the given host address, thus turning on all the host
	bits.

2010-12-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix "occurence" typo (again)
	Also include some whitespace changes. No functional change included.

2010-12-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Add support for VirtualBox 4.0
	Add vboxArrayGetWithUintArg to handle new signature variations. Also
	refactor vboxArrayGet* implementation to use a common helper function.
	Deal with the incompatible changes in the VirtualBox 4.0 API. This
	includes major changes in virtual machine and storage medium lookup,
	in RDP server property handling, in session/lock handling and other
	minor areas.
	VirtualBox 4.0 also dropped the old event API and replaced it with a
	completely new one. This is not fixed yet and will be addressed in
	another patch. Therefore, currently the domain events are supported
	for VirtualBox 3.x only.
	Based on initial work from Jean-Baptiste Rouault.

	Fix misuse of VIR_ERR_INVALID_DOMAIN
	VIR_ERR_INVALID_DOMAIN is meant for invalid domain pointers.
	VIR_ERR_NO_DOMAIN is meant for non-existing domains.

	vbox: Handle different IID representation in Version 2.2 on Windows
	On Windows IID's are represented as GUID by value, instead of nsID
	by reference on non-Windows platforms.
	Patch the vbox_CAPI_v2_2.h header to deal with this difference.
	Rewrite vboxIID abstraction that deals with the different IID
	representations. Add support for the GUID representation. Also unify
	the four context dependent free functions for vboxIIDs
	  vboxIIDUnalloc, vboxIIDFree, vboxIIDUtf8Free, vboxIIDUtf16Free
	into vboxIIDUnalloc that is now safe to be called (even multiple
	times) on a vboxIID independent of the source and context of the
	vboxIID.
	The new vboxIID is designed to be used as a stack allocated variable.
	It has a value member that represents the actual IID value.

2010-12-24  MORITA Kazutaka  <morita.kazutaka@lab.ntt.co.jp>

	update docs for network disks

2010-12-24  Wen Congyang  <wency@cn.fujitsu.com>

	build: fix building error when building without libvirtd
	When I build libvirt without libvirtd, I receive some errors:
	cp: cannot stat `/home/wency/rpmbuild/BUILDROOT/libvirt-0.8.6-1.el6.x86_64/etc/libvirt/qemu/networks/default.xml': No such file or directory
	My build step:
	# ./autogen.sh --without-libvirtd
	# make dist
	# rpmbuild --nodeps --define "_sourcedir `pwd`" --define "_without_libvirtd 1" -ba libvirt.spec
	The reason is we disable network when we do not build libvirt daemon in configure.ac.
	After fixing this bug, I build libvirt without libvirtd, I receive other errors:
	RPM build errors:
	    Installed (but unpackaged) file(s) found:
	   /usr/share/doc/libvirt-0.8.6/html/32favicon.png
	   /usr/share/doc/libvirt-0.8.6/html/api.html
	..

2010-12-24  Eric Blake  <eblake@redhat.com>

	qemu: add -incoming fd:n capability checking
	* src/qemu/qemu_capabilities.h (QEMUD_CMD_FLAG_MIGRATE_QEMU_FD):
	New enum value.
	* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Populate
	flags according to qemu version.
	* tests/qemuhelptest.c (mymain): Adjust test.

2010-12-24  Jiri Denemark  <jdenemar@redhat.com>

	spec: Enable ESX driver on RHEL

2010-12-24  Daniel P. Berrange  <berrange@redhat.com>

	spec: Automatically turn on cgconfig service
	A number of the libvirt APIs require the use of cgroups. This is not
	enabled by default on a RHEL6 install. After discussion with cgroups
	team, it was decided that upon installation of the libvirt RPM, we
	should automatically turn on the cgroups service. This will activate a
	default configuration that turns on all cgroups controllers libvirt
	requires for full operation.

2010-12-24  Jiri Denemark  <jdenemar@redhat.com>

	bridge: Fix uninitialized variable

2010-12-24  Laine Stump  <laine@laine.org>

	Replace setuid/setgid/initgroups with virSetUIDGID()
	This patch fixes https://bugzilla.redhat.com/show_bug.cgi?id=664406
	If qemu is run as a different uid, it has been unable to access mode
	0660 files that are owned by a different user, but with a group that
	the qemu is a member of (aside from the one group listed in the passwd
	file), because initgroups() is not being called prior to the
	exec. initgroups will change the group membership of the process (and
	its children) to match the new uid.
	To make this happen, the setregid()/setreuid() code in
	qemuSecurityDACSetProcessLabel has been replaced with a call to
	virSetUIDGID(), which does both of those, plus calls initgroups.
	Similar, but not identical, code in qemudOpenAsUID() has been replaced
	with virSetUIDGID(). This not only consolidates the functionality to a
	single location, but also potentially fixes some as-yet unreported
	bugs.

	new virSetUIDGID() utility function
	virSetUIDGID() sets both the real and effective group and user of the
	process, and additionally calls initgroups() to assure that the
	process joins all the auxiliary groups that the given uid is a member
	of.

	Preserve errno across calls to error reporting functions & VIR_FREE
	There are cases when we want log an error message, and possibly free
	some memory as part of the cleanup, while still preserving errno for a
	caller, but the functions that log errors, and virFree (VIR_FREE) make
	system calls that will clear errno. This patch preserves errno during
	those most basic functions (corresponding to virReportSystemError(),
	virReportOOMError(), networkReportError(), etc, as well as
	virStrError()). It does *not preserve errno across calls to higher
	level items such as virDispatchError(), as it's assumed the caller is
	all finished with any need for errno by the time it dispatches the
	error.

	Run radvd for virtual networks with IPv6 addresses
	Running an instance of the router advertisement daemon (radvd) allows
	guests using the virtual network to automatically acquire an IPv6
	address and default route. Note that acquiring an address only works
	for networks with a prefix length of exactly 64 - radvd is still run
	in other circumstances, and still advertises routes, but autoconf will
	not work because it requires exactly 64 bits of address info from the
	network prefix.
	This patch avoids a race condition with the pidfile by manually
	daemonizing radvd rather than allowing it to daemonize itself, then
	creating our own pidfile (in addition to radvd's own file, which is
	unnecessary, but there is no way to tell radvd to not create it). This
	is accomplished by exec'ing it with "--debug 1" in the commandline,
	and using virCommand's features to fork, create a pidfile, and detach
	from the newly forked process.

	Turn on IPv6 support in the bridge_driver.c virtual network driver
	At this point everything is already in place to make IPv6 happen, we just
	need to add a few rules, remove some checks for IPv4-only, and document
	the changes to the XML on the website.

	Update iptables.c to also support ip6tables.
	All of the iptables functions eventually call down to a single
	bottom-level function, and fortunately, ip6tables syntax (for all the
	args that we use) is identical to iptables format (except the
	addresses), so all we need to do is:
	1) Get an address family down to the lowest level function in each
	   case, either implied through an address, or explicitly when no
	   address is in the parameter list, and
	2) At the lowest level, just decide whether to call "iptables" or
	   "ip6tables" based on the family.
	The location of the ip6tables binary is determined at build time by
	autoconf. If a particular target system happens to not have ip6tables
	installed, any attempts to run it will generate an error, but that
	won't happen unless someone tries to define an IPv6 address for a
	network. This is identical behavior to IPv4 addresses and iptables.

	Support multiple IP addresses on one network in bridge_driver.c
	This patch reorganizes the code in bridge_driver.c to account for the
	concept of a single network with multiple IP addresses, without adding
	in the extra variable of IPv6. A small bit of code has been
	temporarily added that checks all given addresses to verify they are
	IPv4 - this will be removed when full IPv6 support is turned on.

	Change virtual network XML parsing/formatting to support IPv6
	This commit adds support for IPv6 parsing and formatting to the
	virtual network XML parser, including moving around data definitions
	to allow for multiple <ip> elements on a single network, but only
	changes the consumers of this API to accommodate for the changes in
	API/structure, not to add any actual IPv6 functionality. That will
	come in a later patch - this patch attempts to maintain the same final
	functionality in both drivers that use the network XML parser - vbox
	and "bridge" (the Linux bridge-based driver used by the qemu
	hypervisor driver).
	* src/libvirt_private.syms: Add new private API functions.
	* src/conf/network_conf.[ch]: Change C data structure and
	  parsing/formatting.
	* src/network/bridge_driver.c: Update to use new parser/formatter.
	* src/vbox/vbox_tmpl.c: update to use new parser/formatter
	* docs/schemas/network.rng: changes to the schema -
	  * there can now be more than one <ip> element.
	  * ip address is now an ip-addr (ipv4 or ipv6) rather than ipv4-addr
	  * new optional "prefix" attribute that can be used in place of "netmask"
	  * new optional "family" attribute - "ipv4" or "ipv6"
	    (will default to ipv4)
	  * define data types for the above
	* tests/networkxml2xml(in|out)/nat-network.xml: add multiple <ip> elements
	  (including IPv6) to a single network definition to verify they are being
	  correctly parsed and formatted.

	make the <dhcp> element optional in network.rng
	In practice this has always been optional, but the RNG has shown it as
	mandatory, and since all the examples for make check had it, it was
	never noticed. One of the existing test cases has been changed to
	check for this.
	I also noticed that the dhcp/host/ip was still defined as <text/>,
	but should really be <ref name='ipv4-addr'/>

	Replace brSetInetAddress/brSetInetNetmask with brAddInetAddress
	brSetInetAddress can only set a single IP address on the bridge, and
	uses a method (ioctl(SIOCSETIFADDR)) that only works for IPv4. Replace
	it and brSetInetNetmask with a single function that uses the external
	"ip addr add" command to add an address/prefix to the interface - this
	supports IPv6, and allows adding multiple addresses to the interface.
	Although it isn't currently used in the code, we also add a
	brDelInetAddress for completeness' sake.
	Also, while we're modifying bridge.c, we change brSetForwardDelay and
	brSetEnableSTP to use the new virCommand API rather than the
	deprecated virRun, and also log an error message in bridge_driver.c if
	either of those fail (previously the failure would be completely
	silent).

	Make virtual network netmasks optional
	When a netmask isn't specified for an IPv4 address, one can be implied
	based on what network class range the address is in. The
	virNetworkDefPrefix function does this for us, so netmask isn't
	required.

	Pass prefix rather than netmask into iptables functions
	IPv6 will use prefix exclusively, and IPv4 will also optionally be
	able to use it, and the iptables functions really need a prefix
	anyway, so use the new virNetworkDefPrefix() function to send prefixes
	into iptables functions instead of netmasks.
	Also, in a couple places where a netmask is actually needed, use the
	new private API function for it rather than getting it directly. This
	will allow for cases where no netmask or prefix is specified (it
	returns the default for the current class of network.)

	Consistently return 0 on success, -1 on failure in bridge_driver.c
	Some functions in this file were returning 1 on success and 0 on
	failure, and others were returning 0 on success and -1 on
	failure. Switch them all to return the libvirt-preferred 0/-1.

	Fix logging of failed iptables commands
	The functions in iptables.c all return -1 on failure, but all their
	callers (which all happen to be in bridge_driver.c) assume that they
	are returning an errno, and the logging is done accordingly. This
	patch fixes all the error checking and logging to assume < 0 is an
	error, and nothing else.

	New virNetworkDef utility functions
	Later patches will add the possibility to define a network's netmask
	as a prefix (0-32, or 0-128 in the case of IPv6). To make it easier to
	deal with definition of both kinds (prefix or netmask), add two new
	functions:
	virNetworkDefNetmask: return a copy of the netmask into a
	virSocketAddr. If no netmask was specified in the XML, create a
	default netmask based on the network class of the virNetworkDef's IP
	address.
	virNetworkDefPrefix: return the netmask as numeric prefix (or the
	default prefix for the network class of the virNetworkDef's IP
	address, if no netmask was specified in the XML)

	New virSocketAddr utility functions
	virSocketPrefixToNetmask: Given a 'prefix', which is the number of 1
	bits in a netmask, fill in a virSocketAddr object with a netmask as an
	IP address (IPv6 or IPv4).
	virSocketAddrMask: Mask off the host bits in one virSocketAddr
	according to the netmask in another virSocketAddr.
	virSocketAddrMaskByPrefix, Mask off the host bits in a virSocketAddr
	according to a prefix (number of 1 bits in netmask).
	VIR_SOCKET_FAMILY: return the family of a virSocketAddr

2010-12-24  Wen Congyang  <wency@cn.fujitsu.com>

	fix syntax error in configure.ac
	When I run configure, I receive some syntax error.
	.....
	checking where to find <rpc/rpc.h>... none
	checking for library containing dlopen... -ldl
	/configure: line 52500: test: =: unary operator expected
	/configure: line 52766: test: =: unary operator expected
	checking linux/kvm.h usability... yes
	checking linux/kvm.h presence... yes
	.....

2010-12-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Make VMware Workstation / Player page appear in the menu
	By adding it to sitemap.html.in. Also <ul> can't be nested in <p>.

2010-12-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Reparent children when deleting a snapshot
	Shorten qemuDomainSnapshotWriteSnapshotMetadata function name
	and make it take a snapshot pointer instead of dealing with
	the current snapshot. Update other functions accordingly.
	Add a qemuDomainSnapshotReparentChildren hash iterator to
	reparent the children of a snapshot that is being deleted. Use
	qemuDomainSnapshotWriteMetadata to write updated metadata
	to disk.
	This fixes a problem where outdated parent information breaks
	the snapshot tree and hinders the deletion of child snapshots.
	Reported by Philipp Hahn.

2010-12-23  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Add info about VMware driver to the libvirt website

2010-12-23  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Add --force option to update-device

2010-12-23  Jim Fehlig  <jfehlig@novell.com>

	Set bitmap size when allocating a bitmap
	I began noticing a race when reserving VNC ports as described here
	https://www.redhat.com/archives/libvir-list/2010-November/msg00379.html
	Turns out that we were not initializing the size field of bitmap
	struct when allocating the bitmap.  This subsequently caused
	virBitmapSetBit() to fail since bitmap->size is 0, hence we never
	actually reserved the port.

2010-12-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add support for storage volume wiping

	esx: Add support for storage volume deletion

2010-12-23  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Return SPICE ports on domain shutdown
	Commit ed0d9f6c0cdd56f38ce31b8d9b5293162addaa23 added support for
	automatic port allocation for SPICE but forgot to mark such ports as
	unused when they are not used anymore.

2010-12-23  Eric Blake  <eblake@redhat.com>

	virterror: avoid API breakage with vmware
	Fix glitch in commit cddd2a06 (thankfully post-0.8.6, so no
	released version has the glitch).
	Document and try to workaround glitch in commit 46e9b0f (in 0.8.0),
	which invalidated 6 virErrorNumber values dating as far back as 0.7.1.
	My audit did not find any other glitches until pre-0.1.0 days.  I'm
	not sure how to add a syntax-check off the top of my head, but
	hopefully the explicit numbering will make people think twice about
	renumbering in the future.
	* include/libvirt/virterror.h (virErrorDomain): Avoid inserting
	new values in the middle, and add explicit numbering to help avoid
	this in the future.
	(virErrorNumber): Add explicit numbering, and document the snafu.
	* src/remote/remote_driver.c (remoteIO): Compensate for the snafu.

2010-12-22  Hu Tao  <hutao@cn.fujitsu.com>

	Fix memory leak in virsh

2010-12-22  Justin Clift  <jclift@redhat.com>

	docs: fixed typo, added table of contents

2010-12-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	Distribute libvirt_vmx.syms
	This fixes the build from a tarball and makes autobuild.sh
	work again.
	This should actually have been part of this earlier commit:
	  esx: Move VMX handling code out of the driver directory
	  42b2f35d36a9e33f03e973130267c19cff910f2e
	Reported by Eric Blake.

	vmware: Fix undefine symbol with loadable drivers enabled
	All other drivers are explicitly linked to gnulib. The VMware
	driver lacked this, resulting in mdir_name being an undefine
	symbol.
	Explicitly link the VMware driver to gnulib to fix this.

	esx: Move VMX handling code out of the driver directory
	Now the VMware driver doesn't depend on the ESX driver anymore.
	Add a WITH_VMX option that depends on WITH_ESX and WITH_VMWARE.
	Also add a libvirt_vmx.syms file.
	Move some escaping functions from esx_util.c to vmx.c.
	Adapt the test suite, ESX and VMware driver to the new code layout.

	esx: Fix cluster resource lookup when connecting to a vCenter
	Connecting to a ESX(i) server that is part of a cluster failed
	when the connection also involved a vCenter.
	Accept ClusterComputeResource type in addition to ComputeResource
	type in the object lookup function.
	Reported by Guillaume Le Louët.

2010-12-22  Eric Blake  <eblake@redhat.com>

	maint: avoid space-tab
	* daemon/Makefile.am: Avoid spurious space before tabs.
	* src/Makefile.am: Likewise.
	* examples/dominfo/Makefile.am: Likewise.
	* examples/domsuspend/Makefile.am: Likewise.
	* tools/Makefile.am: Likewise.
	* src/datatypes.h (VIR_CONNECT_MAGIC): Likewise.
	* src/internal.h (TODO): Likewise.
	* src/qemu/qemu_monitor.h (QEMU_MONITOR_MIGRATE): Likewise.
	* src/xen/xen_hypervisor.c (XEN_V2_OP_GETAVAILHEAP): Likewise.
	* src/xen/xs_internal.h: Likewise.

	command: avoid hanging on daemon processes
	* src/util/command.c (virCommandRun): Don't capture output on
	daemons.
	* tests/commandtest.c (test18): Expose the bug.
	Reported by Laine Stump.

	build: skip vmware driver when building for RHEL
	* libvirt.spec.in: Provide vmware conditionals.

2010-12-21  Osier Yang  <jyang@redhat.com>

	storage: Ignore dangling symbolic link for filesystem pool
	If there is a dangling symbolic link in filesystem pool, the pool
	will fail to start or refresh, this patch is to fix it by ignoring
	it with a warning log.

2010-12-21  Josh Durgin  <joshd@hq.newdream.net>

	Skip file-based security checks for network disks
	Network disks are accessed by qemu directly, and have no
	associated file on the host, so checking for file ownership etc.
	is unnecessary.

2010-12-21  Justin Clift  <jclift@redhat.com>

	docs: added compiling page and significantly expanded windows page
	Also added an additional menu placement for the windows page, in
	order to attract further potential testers.

2010-12-21  Eric Blake  <eblake@redhat.com>

	build: make building on cygwin easier
	* configure.ac (dlopen): Cygwin dlopen is in libc; avoid spurious
	failure.
	(XDR_CFLAGS): Define when needed.
	* src/Makefile.am (libvirt_driver_remote_la_CFLAGS): Use it.

	qemu: use virAsprintf instead of PATH_MAX
	* src/qemu/qemu_driver.c (qemudLogFD, qemudLogReadFD)
	(qemudStartup, qemudGetProcessInfo): Use heap instead of stack.

	tests: avoid spurious failure of nodeinfotest
	When running 'make check' under a multi-cpu Dom0 xen machine,
	nodeinfotest had a spurious failure it was reading from
	/sys/devices/system/cpu, but xen has no notion of topology.  The test
	was intended to be isolated from reading any real system files; the
	regression was introduced in Mar 2010 with commit aa2f6f96dd.
	Fix things by allowing an early exit for the testsuite.
	* src/nodeinfo.c (linuxNodeInfoCPUPopulate): Add parameter.
	(nodeGetInfo): Adjust caller.
	* tests/nodeinfotest.c (linuxTestCompareFiles): Likewise.

	tests: avoid data race
	I got some spurious failures when commandhelper won the race and
	ran to the point of parent detection prior to the intermediate
	daemonizing process getting a chance to exit.  This fixes it.
	* tests/commandhelper.c (main): Checking for re-parenting to
	init(1) is racy; instead check that we belong to a new session.

	build: improve testsuite results with older automake
	* tests/Makefile.am (TESTS_ENVIRONMENT, commandtest_CFLAGS)
	(commandhelper_CFLAGS): Avoid $(builddir) and $(abs_builddir) in
	automake 1.9.6; fixes spurious failures of commandtest.

	build: allow older libselinux again
	* configure.ac (with_selinux): Check for <selinux/label.h>.
	* src/security/security_selinux.c (getContext): New function.
	(SELinuxRestoreSecurityFileLabel): Use it to restore compilation
	when using older libselinux.

	build: allow autoconf 2.59 again
	Autoconf 2.59 doesn't define ${localedir}, so libvirt was failing
	to compile due to a missing LOCALEDIR until today's configmake fix.
	* .gnulib: Update to latest for configmake fix.
	* configure.ac (libpcap): Avoid AS_CASE.

2010-12-21  Wen Congyang  <wency@cn.fujitsu.com>

	build: fix typo that broke 'make dist'
	* src/Makefile.am (VMWARE_DRIVER_SOURCES): Fix vmware_driver.h.

2010-12-20  Eric Blake  <eblake@redhat.com>

	libvirt-guests: avoid sourcing failure
	* tools/libvirt-guests.init.in (libvirtd): Skip function library
	if it is not present.
	Suggested by Guido Günther.

2010-12-20  Paweł Krześniak  <pawel.krzesniak@gmail.com>

	bridge_driver: avoid double call to VIR_FREE
	While not technically a double free (since VIR_FREE NULLs the
	pointer), this is unnecessary extra code.
	This crept in when the function was converted from virRun to virCommand.
	The AUTHORS file has also been updated.

2010-12-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Add additional indentation to level 3 menu items
	formatnetwork.html has a menu item at level 3. libvirt.css
	doesn't have a explicit rule for level 3 and level 3 and
	level 2 items end up at the same indentation level.
	Add an additional 1em indentation to level 3 menu items.

	vbox: Don't leak domain names in vboxListDefinedDomains

	vbox: Don't leak arrays from XPCOM
	XPCOM returns an array as a pointer to an array of pointers to the
	actual items. When the array isn't needed anymore the items are
	released, but the actual array containing the pointers to the items
	was not freed and leaked.
	Free the actual array using ComUnallocMem.
	This doesn't affect MSCOM as SafeArrayDestroy releases all items
	and frees the array.

	vbox: Handle different array representations of XPCOM and MSCOM
	Add a vboxArray to hide the details from the general driver code.

	vbox: Add glue layer for MSCOM on Windows
	Don't require dlopen, but link to ole32 and oleaut32 on Windows.
	Don't expose g_pVBoxFuncs anymore. It was only used to get the
	version of the API. Make VBoxCGlueInit return the version instead.
	This simplifies the implementation of the MSCOM glue layer.
	Get the VirtualBox version from the registry.
	Add a dummy implementation of the nsIEventQueue to the MSCOM glue
	as there seems to be no direct equivalent with MSCOM. It might be
	implemented using the normal window message loop. This requires
	additional investigation.

	vbox: Match struct layout of the MSCOM implementation on Windows

	vbox: Use stdcall convention for all COM methods on Windows
	MSCOM requires stdcall convention.

2010-12-18  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Add VMware Workstation and Player driver

2010-12-18  Eric Blake  <eblake@redhat.com>

	maint: improve tests distribution
	* tests/Makefile.am (EXTRA_DIST): Sort, and add directories.
	(SUBDIRS): Drop automake recursion into subdirs.
	* tests/commanddata/Makefile.am: Delete.
	* tests/confdata/Makefile.am: Likewise.
	* tests/sexpr2xmldata/Makefile.am: Likewise.
	* tests/xencapsdata/Makefile.am: Likewise.
	* tests/xmconfigdata/Makefile.am: Likewise.
	* tests/xml2sexprdata/Makefile.am: Likewise.

	build: fix typo that broke 'make dist'
	* src/Makefile.am (QEMU_DRIVER_SOURCES): Ship qemu_cgroup.h.

2010-12-18  Daniel P. Berrange  <dan@berrange.com>

	Update QEMU test cases for new file locations & API renames
	* qemuargv2xmltest.c, qemuhelptest.c,
	  qemuxml2argvtest.c, testutilsqemu.c: Update includes and
	  cope with API renames

2010-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Move QEMU hotplug helper code out of the QEMU driver
	The QEMU driver file is far too large. Move all the hotplug
	helper code out into a separate file. No functional change.
	* src/qemu/qemu_hotplug.c, src/qemu/qemu_hotplug.h,
	  src/Makefile.am: Add hotplug helper file
	* src/qemu/qemu_driver.c: Delete hotplug code

	Move QEMU domain lock / job helper code to separate file
	To allow the APIs to be used from separate files, move the domain
	lock / job helper code into qemu_domain.c
	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add domain lock
	  / job code
	* src/qemu/qemu_driver.c: Remove domain lock / job code

	Move QEMU driver lock helpers to a separate file
	To allow their use from other source files, move qemuDriverLock
	and qemuDriverUnlock to qemu_conf.h and make them non-static
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Add qemuDriverLock
	  qemuDriverUnlock
	* src/qemu/qemu_driver.c: Remove qemuDriverLock and qemuDriverUnlock

	Move QEMU hostdev helper code out of the QEMU driver
	The QEMU driver file is far too large. Move all the hostdev
	helper code out into a separate file. No functional change.
	* src/qemu/qemu_hostdev.c, src/qemu/qemu_hostdev.h,
	  src/Makefile.am: Add hostdev helper file
	* src/qemu/qemu_driver.c: Delete hostdev code

	Move QEMU cgroup helper code out of the QEMU driver
	The QEMU driver file is far too large. Move all the cgroup
	helper code out into a separate file. No functional change.
	* src/qemu/qemu_cgroup.c, src/qemu/qemu_cgroup.h,
	  src/Makefile.am: Add cgroup helper file
	* src/qemu/qemu_driver.c: Delete cgroup code

	Move QEMU audit helper code out of the QEMU driver
	The QEMU driver file is far too large. Move all the audit
	helper code out into a separate file. No functional change.
	* src/qemu/qemu_audit.c, src/qemu/qemu_audit.h,
	  src/Makefile.am: Add audit helper file
	* src/qemu/qemu_driver.c: Delete audit code

	Move QEMU private data & namespace code into separate file
	Move the code for handling the QEMU virDomainObjPtr private
	data, and custom XML namespace into a separate file
	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: New file
	  for private data & namespace code
	* src/qemu/qemu_driver.c, src/qemu/qemu_driver.h: Remove
	  private data & namespace code
	* src/qemu/qemu_driver.h, src/qemu/qemu_command.h: Update
	  includes
	* src/Makefile.am: Add src/qemu/qemu_domain.c

	Move QEMU command line management into a separate file
	The qemu_conf.c code is doing three jobs, driver config file
	loading, QEMU capabilities management and QEMU command line
	management. Move the command line code into its own file
	* src/qemu/qemu_command.c, src/qemu/qemu_command.h: New
	  command line management code
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Delete command
	  line code
	* src/qemu/qemu_conf.h, src/qemu_conf.c: Adapt for API renames
	* src/Makefile.am: add src/qemu/qemu_command.c
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Add
	  import of qemu_command.h

	Move QEMU capabilities management into a separate file
	The qemu_conf.c code is doing three jobs, driver config file
	loading, QEMU capabilities management and QEMU command line
	management. Move the capabilities code into its own file
	* src/qemu/qemu_capabilities.c, src/qemu/qemu_capabilities.h: New
	  capabilities management code
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Delete capabilities
	  code
	* src/qemu/qemu_conf.h: Adapt for API renames
	* src/Makefile.am: add src/qemu/qemu_capabilities.c

2010-12-17  Eric Blake  <eblake@redhat.com>

	maint: doc fix
	* src/libvirt.c: Avoid duplicate word.

2010-12-14  Hu Tao  <hutao@cn.fujitsu.com>

	Add a new function doStartCPUs

	Add a new function doStopCPUs

	Add a macro timeval_to_ms to compute micro seconds from timeval

2010-12-14  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Unify CPUID data structures
	So far, CPUID data were stored in two different data structures. First
	of them was a structure allowing direct access for CPUID data according
	to function number and the second was a plain array of struct
	cpuX86cpuid. This was a silly design which resulted in converting data
	from one type to the other and back again or implementing similar
	functionality for both data structures.
	The patch leaves only the direct access structure. This makes the code
	both smaller and more maintainable since operations on different objects
	can use common low-level operations.
	All 57 tests for cpu subsystem still pass after this rewrite.

	util: Fix logical error in virReportSystemErrorFull

	util: Fix error message in __virExec
	Remove superfluous ": %s" suffix from the error message.

	daemon: Change CWD to / before daemonizing
	We were doing so for child processes but not for libvirtd itself.

2010-12-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add support for storage volume cloning

2010-12-14  Eric Blake  <eblake@redhat.com>

	selinux: avoid memory overhead of matchpathcon
	https://bugzilla.redhat.com/show_bug.cgi?id=658657
	* src/security/security_selinux.c
	(SELinuxRestoreSecurityFileLabel): Use selabel_lookup instead of
	matchpathcon.
	Suggested by Daniel Walsh.

	daemon, threads: plug a memory leak
	* daemon/libvirtd.c (qemudStartWorker, qemudStartEventLoop): Avoid
	leaking pthread_attr resources.
	* src/util/threads-pthread.c (virThreadCreate): Likewise.

	tests: test Fedora 14 qemu-kvm -help parsing
	* tests/qemuhelpdata/qemu-kvm-0.13.0: New file.
	* tests/qemuhelptest.c (mymain): New test from Fedora 14 qemu-kvm,
	which covers some options (like -fstype passthrough) not tested elsewhere.

	tests: test RHEL 6.0 qemu-kvm -help parsing
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel60: New file.
	* tests/qemuhelptest.c (mymain): New test from RHEL 6.0 qemu-kvm,
	which covers some options (like -vga=qxl) not tested elsewhere.
	* .x-sc_prohibit_empty_lines_at_EOF: Exempt qemu help output.

	sysinfo: convert to virCommand
	* src/util/sysinfo.c (virSysinfoRead): Use virCommand instead of
	virExec.

	sysinfo: formatting cleanups
	* src/util/sysinfo.c: Indentation and () fixups.

	build: allow mingw compilation with virCommand
	Allows compilation, but no creation of child processes yet.  Take it
	one step at a time.
	* src/util/util.c (virExecWithHook) [WIN32]: New dummy function.
	* src/libvirt_private.syms: Export it.

	build: update gnulib for pipe on mingw
	* .gnulib: Update to latest.
	* bootstrap.conf (gnulib_modules): Import pipe-posix and waitpid
	for mingw.
	* src/remote/remote_driver.c (pipe) [WIN32]: Drop dead macro.
	* daemon/event.c (pipe) [WIN32]: Drop dead function.

	test: fix commandtest under autobuild.sh
	* tests/commandtest.c (mymain): Kill off any leaked-in fds.
	* autobuild.sh: Don't leak fds.

2010-12-14  Diego Elio Pettenò  <flameeyes@gmail.com>

	build: quote AC_LANG_PROGRAM to avoid warnings with autoconf 2.68

	build: properly handle ./configure --with-libpcap
	Without this fix, ./configure --with-libpcap will cause --with-libpcap=yes
	to be implicitly passed down, which cause yes/bin/pcap-config to be
	searched for rather than /usr/bin/pcap-config.
	Also output pcap: no when pcap is not found or disabled.

2010-12-14  Osier Yang  <jyang@redhat.com>

	qemu: Introduce two new job types
	Currently, all of domain "save/dump/managed save/migration"
	use the same function "qemudDomainWaitForMigrationComplete"
	to wait the job finished, but the error messages are all
	about "migration", e.g. when a domain saving job is canceled
	by user, "migration was cancled by client" will be throwed as
	an error message, which will be confused for user.
	As a solution, intoduce two new job types(QEMU_JOB_SAVE,
	QEMU_JOB_DUMP), and set "priv->jobActive" to "QEMU_JOB_SAVE"
	before saving, to "QEMU_JOB_DUMP" before dumping, so that we
	could get the real job type in
	"qemudDomainWaitForMigrationComplete", and give more clear
	message further.
	And as It's not important to figure out what's the exact job
	is in the DEBUG and WARN log, also we don't need translated
	string in logs, simply repace "migration" with "job" in some
	statements.
	* src/qemu/qemu_driver.c

2010-12-14  Laurent Léonard  <laurent@open-minds.org>

	Missing "Default-Stop" field in LSB comment in libvirt-guests
	The "Default-Stop" field in LSB comment in libvirt-guests is missing and should
	be added. I also suggests to add runlevel 2 to the "Default-Start" field.
	--
	Laurent Léonard

2010-12-14  Eric Blake  <eblake@redhat.com>

	daemon: plug a memory leak
	* daemon/libvirtd.c (qemudFreeClient): Avoid a leak.
	(qemudDispatchServer): Avoid null dereference.

2010-12-14  Roopa Prabhu  <roprabhu@cisco.com>

	802.1Qbh: Add support for IFLA_VF_MAC
	Current code does not pass VM mac address to a 802.1Qbh direct attach
	interface using IFLA_VF_MAC.  This patch adds support in macvtap code to
	send IFLA_VF_MAC netlink request during port profile association on a
	802.1Qbh interface.
	Stefan Cc'ed for comments because this patch changes a condition for
	802.1Qbg
	802.1Qbh support for IFLA_VF_MAC in enic driver has been posted and is
	pending acceptance at http://marc.info/?l=linux-netdev&m=129185244410557&w=2

2010-12-11  Eric Blake  <eblake@redhat.com>

	command: ease use with virBuffer, and fix qemu leak
	* src/util/command.h (virCommandAddArgBuffer)
	(virCommandAddEnvBuffer): New prototypes.
	* src/util/command.c (virCommandAddArgBuffer)
	(virCommandAddEnvBuffer): Implement them.
	* src/libvirt_private.syms (command.h): Export them.
	* src/qemu/qemu_conf.c (qemudBuildCommandLine): Use them, plugging
	a memory leak on rbd_hosts in the process.

	conf: plug memory leaks
	* src/conf/domain_conf.c (virDomainGraphicsDefParseXML)
	(virDomainDeviceVirtioSerialAddressParseXML)
	(virDomainDiskDefFree): Free various leaks.

	tests: plug memory leaks
	* tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Don't
	allocate, since we don't use virDomainChrDefFree.

	virExec: avoid undefined behavior
	* src/util/util.c (__virExec): Don't use FD_ISSET on out-of-bounds fd.

2010-12-11  Laine Stump  <laine@laine.org>

	Convert dhcpStartDhcpDaemon from virRun to virCommand
	This is pretty straightforward - even though dnsmasq gets daemonized
	and uses a pid file, those things are both handled by the dnsmasq
	binary itself. And libvirt doesn't need any of the output of the
	dnsmasq command either, so we just setup the args and call
	virRun(). Mainly it was just a (mostly) mechanical job of replacing
	the APPEND_ARG() macro (and some other *printfs()) with
	virCommandAddArg*().

2010-12-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Refactor storage pool type lookup into a function

	esx: Improve error reporting for failed tasks
	Instead of just reporting that a task failed get the
	localized message from the TaskInfo error and include
	it in the reported error message.
	Implement minimal deserialization support for the
	MethodFault type in order to obtain the actual fault
	type.
	For example, this changes the reported error message
	when trying to create a volume with zero size from
	  Could not create volume
	to
	  Could not create volume: InvalidArgument - A specified parameter was not correct.
	Not perfect yet, but better than before.

2010-12-10  Eric Blake  <eblake@redhat.com>

	command: plug memory leak
	* src/util/command.c (virCommandFree): Free data from
	virCommandSetInputBuffer.

	build: distribute commandtest files
	* tests/Makefile.am (SUBDIRS): Add commanddata.
	* tests/commandtest.c (checkoutput): Delete correct file.
	(test4): Delete pid file.
	(mymain): Delete unused variable.
	* tests/commanddata/Makefile.am: New file.
	* configure.ac (AC_OUTPUT): Build new makefile.
	Reported by Dominik Klein.

2010-12-10  Hu Tao  <hutao@cn.fujitsu.com>

	Update documentation of watchdog dump option and add test data for it
	The xml watchdog dump option is converted to qemu watchdog pause arg
	but it is not reasonable to convert it back from qemu watchdog pause
	arg since there already is a xml watchdog pause option, so a test for
	the dump option to convert it from arg to xml is not added.

2010-12-10  Dan Kenigsberg  <danken@redhat.com>

	spec: do not start libvirt-guests if that service is off
	starting a service during rpm installation is impolite. It is even worse if done
	during upgrade, for a service that was explicitly turned off.

2010-12-10  Josh Durgin  <joshd@hq.newdream.net>

	tests: Add tests for network disks

	qemu: Add RBD support and some network disk fixes
	Changes common to all network disks:
	-Make source name optional in the domain schema, since NBD doesn't use it
	-Add a hostName type to the domain schema, and use it instead of genericName, which doesn't include .
	-Don't leak host names or ports
	-Set the source protocol in qemuParseCommandline

2010-12-10  MORITA Kazutaka  <morita.kazutaka@lab.ntt.co.jp>

	add network disk support
	This patch adds network disk support to libvirt/QEMU.  The currently
	supported protocols are nbd, rbd, and sheepdog.  The XML syntax is like
	this:
	    <disk type="network" device="disk">
	      <driver name="qemu" type="raw" />
	      <source protocol='rbd|sheepdog|nbd' name="...some image identifier...">
	        <host name="mon1.example.org" port="6000">
	        <host name="mon2.example.org" port="6000">
	        <host name="mon3.example.org" port="6000">
	      </source>
	      <target dev="vda" bus="virtio" />
	    </disk>

2010-12-10  Wen Congyang  <wency@cn.fujitsu.com>

	correct the signal's name
	The signal's name is wrong...

2010-12-10  Hu Tao  <hutao@cn.fujitsu.com>

	Add a watchdog action `dump'
	`dump' watchdog action lets libvirtd to dump the guest when receives a
	watchdog event (which probably means a guest crash)
	Currently only qemu is supported.

	Add a new function doCoreDump
	This patch prepares for the next patch.

	threadpool impl
	* src/util/threadpool.c, src/util/threadpool.h: Thread pool
	  implementation
	* src/Makefile.am: Build thread pool
	* src/libvirt_private.syms: Export public functions

2010-12-10  Eric Blake  <eblake@redhat.com>

	command: avoid memory leak
	* src/util/command.c (virCommandRun): Fix yesterday's regression
	on logging, and avoid leaking log-only output captures.
	Reported by Hu Tao.

2010-12-09  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Distinguish between domain shutdown and crash
	When we get an EOF event on monitor connection, it may be a result of
	either crash or graceful shutdown. QEMU which supports async events
	(i.e., we are talking to it using JSON monitor) emits SHUTDOWN event on
	graceful shutdown. In case we don't get this event by the time monitor
	connection is closed, we assume the associated domain crashed.

2010-12-09  Ryan Harper  <ryanh@us.ibm.com>

	qemu: call drive_del in DetachPciDiskDevice
	Currently libvirt doesn't confirm whether the guest has responded to the
	disk removal request.  In some cases this can leave the guest with
	continued access to the device while the mgmt layer believes that it has
	been removed.  With a recent qemu monitor command[1] we can
	deterministically revoke a guests access to the disk (on the QEMU side)
	to ensure no futher access is permitted.
	This patch adds support for the drive_del() command and introduces it
	in the disk removal paths.  If the guest is running in a QEMU without this
	command we currently explicitly check for unknown command/CommandNotFound
	and log the issue.
	If QEMU supports the command we issue the drive_del command after we attempt
	to remove the device.  The guest may respond and remove the block device
	before we get to attempt to call drive_del.  In that case, we explicitly check
	for 'Device not found' from the monitor indicating that the target drive
	was auto-deleted upon guest responds to the device removal notification.
	1. http://thread.gmane.org/gmane.comp.emulators.qemu/84745

	qemu: call drive_unplug in DetachPciDiskDevice
	Currently libvirt doesn't confirm whether the guest has responded to the
	disk removal request.  In some cases this can leave the guest with
	continued access to the device while the mgmt layer believes that it has
	been removed.  With a recent qemu monitor command[1] we can
	deterministically revoke a guests access to the disk (on the QEMU side)
	to ensure no futher access is permitted.
	This patch adds support for the drive_unplug() command and introduces it
	in the disk removal paths.  There is some discussion to be had about how
	to handle the case where the guest is running in a QEMU without this
	command (and the fact that we currently don't have a way of detecting
	what monitor commands are available).
	Changes since v2:
	 - use VIR_ERROR to report when unplug command not found
	Changes since v1:
	 - return > 0 when command isn't present, < 0 on command failure
	 - detect when drive_unplug command isn't present and log error
	   instead of failing entire command

2010-12-09  Anthony Liguori  <aliguori@us.ibm.com>

	qemud: fix memory leak in io error events
	The extra data isn't being free()'d for IO error events that have a reason.

2010-12-08  Osier Yang  <jyang@redhat.com>

	qemu: Only build devstr when needs (attach PCI controller)
	- qemudDomainAttachPciControllerDevice: Don't build "devstr"
	  if "-device" of qemu is not available, as "devstr" will only
	  be used by "qemuMonitorAddDevice", which depends on "-device"
	  argument of qemu is supported.
	- "qemudDomainSaveImageOpen": Fix indent problem.
	* src/qemu/qemu_driver.c

2010-12-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Enable disabled debug messages

	qemu: Use -vga none only if it is supported
	Commit febc591683cf51e4551f8bcf3ce279a776056e1c introduced -vga none in
	case no video card is included in domain XML. However, old qemu
	versions do not support this and such domain cannot be successfully
	started.

2010-12-08  Justin Clift  <jclift@redhat.com>

	virsh: fix a typo in the memtune help description

	docs: updated virsh command reference download links to new version
	The new version lists every virsh command, its description, and
	the version of libvirt where it became available.

	configure: improve misleading libnl missing error message
	This fixes a misleading error message saying the libnl package
	needs to be installed, when it's really the libnl-devel package
	needing to be installed.

2010-12-08  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	* .gnulib: Update to latest, for at least a stdint.h fix
	* src/storage/storage_driver.c (storageVolumeZeroSparseFile)
	(storageWipeExtent): Use better type, although it still triggers
	spurious -Wformat warning on MacOS's gcc.

2010-12-08  Justin Clift  <jclift@redhat.com>

	Moved the nodeinfo command to the 'host' help keyword group

2010-12-08  Eric Blake  <eblake@redhat.com>

	openvz: avoid potential buffer overflow
	* src/openvz/openvz_conf.c (openvzLoadDomains): Replace unsafe
	sscanf with safe direct parsing.
	(openvzGetVEID): Avoid lost integer overflow detection.
	(openvzAssignUUIDs): Likewise, and detect readdir failure.

	openvz: convert popen to virCommand
	popen must be matched with pclose (not fclose), or it will leak
	resources.  Furthermore, it is a lousy interface when it comes to
	signal handling.  We're much better off using our decent command
	wrapper.  Note that virCommand guarantees that VIR_FREE(outbuf) is
	both required and safe to call, whether virCommandRun succeeded or
	failed.
	* src/openvz/openvz_conf.c (openvzLoadDomains, openvzGetVEID):
	Replace popen with virCommand usage.

	command: improve behavior on no output
	Guarantee that outbuf/errbuf are allocated on success, even if to the
	empty string.  Caller always has to free the result, and empty output
	check requires checking if *outbuf=='\0'.  Makes the API easier to use
	safely.  Failure is best effort allocation (some paths, like
	out-of-memory, cannot allocate a buffer, but most do), so caller must
	free buffer on failure.
	* docs/internals/command.html.in: Update documentation.
	* src/util/command.c (virCommandSetOutputBuffer)
	(virCommandSetErrorBuffer, virCommandProcessIO) Guarantee empty
	string on no output.
	* tests/commandtest.c (test17): New test.

	command: enforce fd vs. buffer considerations
	* docs/internals/command.html.in: Better documentation of buffer
	vs. fd considerations.
	* src/util/command.c (virCommandRunAsync): Reject raw execution
	with string io.
	(virCommandRun): Reject execution with user-specified fds not
	visiting a regular file.

2010-12-08  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix commandtest in VPATH build

2010-12-08  Eric Blake  <eblake@redhat.com>

	tests: fix leaks in commandtest
	Most leaks could only occur on error cleanup paths.

	command: improve allocation failure reporting
	* src/util/command.c (virCommandAddEnvString): Remove duplicate
	code.
	(virCommandToString, virCommandRun, virCommandRunAsync)
	(virCommandWait): Report NULL command as ENOMEM, not invalid
	usage.
	Reported by Jiri Denemark.

2010-12-08  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix detection of expected error

	tests: Fix code formating in commandtest

2010-12-07  Eric Blake  <eblake@redhat.com>

	uuid: require smbios uuid and domain uuid to match
	* src/conf/domain_conf.c (virDomainDefParseXML): Prefer sysinfo
	uuid over generating one, and if both uuids are present, require
	them to be identical.
	* src/qemu/qemu_conf.c (qemuBuildSmbiosSystemStr): Allow skipping
	the uuid.
	(qemudBuildCommandLine): Adjust caller; <smbios mode=host/> must
	not use host uuid in place of guest uuid.

	smbios: allow () in smbios strings
	* docs/schemas/domain.rng (sysinf-value): Expand pattern.
	* tests/qemuxml2argvdata/qemuxml2argv-smbios.xml: Prefer '' over
	"" for attribute values.  Copy real hardware values.
	* tests/qemuxml2argvdata/qemuxml2argv-smbios.args: Likewise.

	smbios: support system family
	* docs/schemas/domain.rng (sysinfo-system-name): Also allow
	family.
	* src/util/sysinfo.h (struct _virSysinfoDef): Add system_family.
	* src/conf/domain_conf.c (virSysinfoParseXML)
	(virDomainSysinfoDefFormat): Support it.
	* src/util/sysinfo.c (virSysinfoDefFree, virSysinfoRead): Likewise.
	* src/qemu/qemu_conf.c (qemuBuildSmbiosSystemStr): Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smbios.xml: Adjust test.
	* tests/qemuxml2argvdata/qemuxml2argv-smbios.args: Likewise.

	qemu: avoid adding "" in smbios arguments
	The log lists things like -smbios type=1,vendor="Red Hat", which
	is great for shell parsing, but not so great when you realize that
	execve() then passes those literal "" on as part of the command
	line argument, such that qemu sets SMBIOS with extra literal quotes.
	The eventual addition of virCommand is needed before we have the API
	to shell-quote a string representation of a command line, so that the
	log can still be pasted into a shell, but without inserting extra
	bytes into the execve() arguments.
	* src/qemu/qemu_conf.c (qemuBuildSmbiosBiosStr)
	(qemuBuildSmbiosSystemStr): Qemu doesn't like quotes around uuid
	arguments, and the remaining quotes are passed literally to
	smbios, making <smbios mode='host'/> inaccurate.  Removing the
	quotes makes the log harder to parse, but that can be fixed later
	with virCommand improvements.
	* tests/qemuxml2argvdata/qemuxml2argv-smbios.args: 'Fix' test; it
	will need fixing again once virCommand learns how to shell-quote a
	potential command line.

2010-12-07  Osier Yang  <jyang@redhat.com>

	virsh: Remove redundant commands in group domain
	"echo" is already in group "virsh", "freecell" and "hostname" are
	already in group "host", so remove them from group "domain"
	* tools/virsh.c

2010-12-07  Dan Kenigsberg  <danken@redhat.com>

	Fix funny off-by-one error in clock-variable
	Humans consider January as month #1, while gmtime_r(3) calls it month #0.
	While fixing it, render qemu's rtc parameter with leading zeros, as is more
	commonplace.
	Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=660194

2010-12-07  Laurent Léonard  <laurent@open-minds.org>

	syntax error "Bad fd number" when stopping libvirt-guests
	When libvirt-guests is being stopped, I get the following message:
	$Running guests on default URI: test-vm
	$Suspending guests on default URI...
	$Suspending test-vm: /etc/init.d/libvirt-guests: 340: Syntax error: Bad fd
	number

2010-12-07  Eric Blake  <eblake@redhat.com>

	threads: add virThreadID for debugging use
	* src/util/threads.h (virThreadID): New prototype.
	* src/util/threads-pthread.c (virThreadID): New function.
	* src/util/threads-win32.c (virThreadID): Likewise.
	* src/libvirt_private.syms (threads.h): Export it.
	* daemon/event.c (virEventInterruptLocked): Use it to avoid
	warning on BSD systems.

2010-12-07  Osier Yang  <jyang@redhat.com>

	util: Fix bug which will cause libvirtd crash
	"virCommandRun": if "cmd->outbuf" or "cmd->errbuf" is NULL,
	libvirtd will be crashed when trying to start a qemu domain
	(which invokes "virCommandRun"), it caused by we try to use
	"*cmd->outbuf" and "*cmd->errbuf" regardless of cmd->outbuf
	or cmd->errbuf is NULL.
	* src/util/command.c (virCommandRun)

2010-12-06  Jiri Denemark  <jdenemar@redhat.com>

	tests: Don't ignore return value of getcwd()

	build: Fix internal docs generation in VPATH builds

	qemu: Fix a possible deadlock in p2p migration
	Two more calls to remote libvirtd have to be surrounded by
	qemuDomainObjEnterRemoteWithDriver() and
	qemuDomainObjExitRemoteWithDriver() to prevent possible deadlock between
	two communicating libvirt daemons.
	See commit f0c8e1cb3774d6f09e2681ca1988bf235a343007 for further details.

	Change return value of VIR_DRV_SUPPORTS_FEATURE to bool
	virDrvSupportsFeature API is allowed to return -1 on error while all but
	one uses of VIR_DRV_SUPPORTS_FEATURE only check for (non)zero return
	value. Let's make this macro return zero on error, which is what
	everyone expects anyway.

2010-12-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Don't try to set input FD to -1

2010-12-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	Implement virVMOperationType{To|From}String independent from WITH_MACVTAP
	As this symbols are exported independent from WITH_MACVTAP.

2010-12-03  Eric Blake  <eblake@redhat.com>

	build: avoid shadowing devname() on BSD systems
	* tools/virsh.c (cmdRunConsole, cmdConsole): Rename problematic
	symbol.
	Reported by Justin Clift.

2010-12-03  Osier Yang  <jyang@redhat.com>

	virsh: Remove redundant optional option for cmdHelp
	Remove the optional option "group", as cmdHelp should accepts
	only one option ("virsh help" supports both command and command
	group now, and user rarely uses the options, so it doesn't matter
	much for it being longer, :-)
	* tools/virsh.c

2010-12-03  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Create file in virFileWriteStr() if it doesn't exist
	This patch adds a mode_t parameter to virFileWriteStr().
	If mode is different from 0, virFileWriteStr() will try
	to create the file if it doesn't exist.
	* src/util/util.h (virFileWriteStr): Alter signature.
	* src/util/util.c (virFileWriteStr): Allow file creation.
	* src/network/bridge_driver.c (networkEnableIpForwarding)
	(networkDisableIPV6): Adjust clients.
	* src/node_device/node_device_driver.c
	(nodeDeviceVportCreateDelete): Likewise.
	* src/util/cgroup.c (virCgroupSetValueStr): Likewise.
	* src/util/pci.c (pciBindDeviceToStub, pciUnBindDeviceFromStub):
	Likewise.

2010-12-03  Justin Clift  <jclift@redhat.com>

	man pages: update the description for the virsh help command
	Now includes information on keyword usage, and provides examples.

2010-12-03  Osier Yang  <jyang@redhat.com>

	virsh: move two commands from domain group to storage pool group
	* tools/virsh.c (find-storage-pool-sources-as and find-storage-pool-sources
	should't be in command group "Domain Management", move them to group
	"Storage Pool".

2010-12-03  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus includes

	uml: convert to virCommand
	* src/uml/uml_conf.c (umlBuildCommandLineChr)
	(umlBuildCommandLine): Rewrite with virCommand.
	* src/uml/uml_conf.h (umlBuildCommandLine): Update signature.
	* src/uml/uml_driver.c (umlStartVMDaemon): Adjust caller.

2010-12-03  Eric Blake  <eblake@redhat.com>

	qemu: convert to virCommand
	* src/qemu/qemu_conf.c (qemudExtractVersionInfo): Check for file
	before executing it here, rather than in callers.
	(qemudBuildCommandLine): Rewrite with virCommand.
	* src/qemu/qemu_conf.h (qemudBuildCommandLine): Update signature.
	* src/qemu/qemu_driver.c (qemuAssignPCIAddresses)
	(qemudStartVMDaemon, qemuDomainXMLToNative): Adjust callers.

2010-12-03  Daniel P. Berrange  <berrange@redhat.com>

	Port hooks and iptables code to new command execution APIs
	This proof of concept shows how two existing uses of virExec
	and virRun can be ported to the new virCommand APIs, and how
	much simpler the code becomes

	virCommand: docs for usage of new command APIs
	* docs/internals/command.html.in: New file.
	* docs/Makefile.am: Build new docs.
	* docs/subsite.xsl: New glue file.
	* docs/internals.html.in, docs/sitemap.html.in: Update glue.

	Introduce new APIs for spawning processes
	This introduces a new set of APIs in src/util/command.h
	to use for invoking commands. This is intended to replace
	all current usage of virRun and virExec variants, with a
	more flexible and less error prone API.
	* src/util/command.c: New file.
	* src/util/command.h: New header.
	* src/Makefile.am (UTIL_SOURCES): Build it.
	* src/libvirt_private.syms: Export symbols internally.
	* tests/commandtest.c: New test.
	* tests/Makefile.am (check_PROGRAMS): Run it.
	* tests/commandhelper.c: Auxiliary program.
	* tests/commanddata/test2.log - test15.log: New expected outputs.
	* cfg.mk (useless_free_options): Add virCommandFree.
	(msg_gen_function): Add virCommandError.
	* po/POTFILES.in: New translation.
	* .x-sc_avoid_write: Add exemption.
	* tests/.gitignore: Ignore new built file.

2010-12-03  Eric Blake  <eblake@redhat.com>

	util: add virVasprintf
	* src/util/util.h (virVasprintf): New declaration.
	* src/util/util.c (virVasprintf): New function.
	(virAsprintf): Use it.
	* src/util/virtaudit.c (virAuditSend): Likewise.
	* src/libvirt_private.syms: Export it.
	* cfg.mk (sc_prohibit_asprintf): Also prohibit vasprintf.
	* .x-sc_prohibit_asprintf: Add exemption.

	util: fix saferead type
	* src/util/util.c (saferead): Fix return type.
	(safewrite): Fix indentation.

2010-12-02  Daniel P. Berrange  <berrange@redhat.com>

	Tweak daemon event debug to include errno
	* daemon/event.c: Include errno in debug info upon poll() failure

	Fix memory leak in logging setup
	The logging setup requires const char * strings, but the
	virLogSetFromEnv() strdup's the env variables, thus causing
	a memory leak
	* src/util/logging.c: Avoid strdup'ing env variables

2010-12-02  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add tests for CPU selection in qemu driver

	tests: Support for faking emulator in qemuxml2argv
	This patch allows for using custom scripts instead of /usr/bin/qemu
	emulator in domain XML. To do so, one would specify relative path to the
	custom script in <emulator/>. The path needs to be relative to
	qemuxml2argvdata directory and it will be transparently made absolute in
	runtime. The expected command line needs to contain the exact relative
	path as was used in domain XML.
	The problem is RelaxNG schema for domain XML only allows for absolute
	path within <emulator/>. To workaround it, an extra '/' must be added at
	the beginning of the path. That is, instead of "./qemu.sh" or
	"../emulator/qemu.sh" one would use "/./qemu.sh" or
	"/../emulator/qemu.sh". The extra slash is removed before further
	processing. I don't like this workaround, it's very ugly but it's the
	best option I was able to come up with. Relaxing domain XML schema is
	not an option IMO.

	schemas: Fix cpu element schema
	Both vendor and topology elements are optional.

2010-12-02  Osier Yang  <jyang@redhat.com>

	virsh: Remove using phy as default disk driver in cmdAttachDisk
	* tools/virsh.c (virsh shouldn't use 'phy' as the disk driver if
	user doesn't specify "--driver", it causes bugs, as not all of
	hypervisor driver supports 'phy', and actually hypervisor should
	known the correct default disk driver and subdriver, so remove it)

2010-12-02  Eric Blake  <eblake@redhat.com>

	maint: update .gitignore
	* .gitignore: Ignore recent built file, sort.

2010-12-02  Guido Günther  <agx@sigxcpu.org>

	OpenVZ: drop fd leackage
	Drop unused (and unclosed) errfd and close outfd on exit. Otherwise
	polling the running domains with virt-manager let's us quickly run out
	of fds.

2010-12-02  Osier Yang  <jyang@redhat.com>

	qemu: Use macro for max and min vnc port instead of number
	* src/qemu/qemu_driver.c (though MACROS QEMU_VNC_PORT_MAX, and
	QEMU_VNC_PORT_MIN are defined at the beginning, numbers (65535, 5900)
	are still used, replace them)

	qemu: Fix typo in qemuTeardownDiskPathDeny
	typo in error message, it should be by copy-a-paste
	from "qemuSetupDiskPathAllow".
	* src/qemu/qemu_driver.c (qemuTeardownDiskPathDeny)

2010-12-02  Eric Blake  <eblake@redhat.com>

	qemu: plug memory leak
	* src/qemu/qemu_driver.c (qemudShutdown): Free all strings and the
	ebtables structure.
	* src/libvirt_private.syms (ebtablesContextFree): Export missing
	symbol.
	* src/util/ebtables.c (ebtablesContextFree): Allow early exit.

	libvirtd: avoid memory leak on shutdown
	* daemon/libvirtd.c (qemudRunLoop): Free any remaining client data.

2010-12-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix flaw in thread creation APIs
	The arguments passed to the thread function must be allocated on
	the heap, rather than the stack, since it is possible for the
	spawning thread to continue before the new thread runs at all.
	In such a case, it is possible that the area of stack where the
	thread args were stored is overwritten.
	* src/util/threads-pthread.c, src/util/threads-win32.c: Allocate
	  thread arguments on the heap

2010-12-02  Osier Yang  <jyang@redhat.com>

	virsh: update help for "virsh help help"
	As virsh help supports both command and command group now,
	update "cmdHelp" to print consite help, (this patch is
	increment of "7829052757953023b0826e0293ffe18ed4ab89e9").
	And also remove redundant empty line in "vshUsage".
	* tools/virsh.c

2010-12-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix undefined symbol errors when macvtap support is disabled
	Use macvtap specific functions depending on WITH_MACVTAP.
	Use #if instead of #ifdef to check for WITH_MACVTAP, because
	WITH_MACVTAP is always defined with value 0 or 1.
	Also export virVMOperationType{To|From}String unconditional,
	because they are used unconditional in the domain config code.

2010-12-01  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Fix warning when macvtap support is disabled

2010-12-01  Justin Clift  <jclift@redhat.com>

	virsh: remove a badly placed line break in virsh -h output
	The output was previously:
	    -c | --connect <uri>    hypervisor connection URI
	    -r | --readonly         connect readonly
	    -d | --debug <num>      debug level [0-5]
	    -h | --help             this help
	    -q | --quiet            quiet mode
	    -t | --timing           print timing information
	    -l | --log <file>       output logging to file
	    -v | --version[=short]  program version
	    -V | --version=long     version and full options
	(note the blank line between the --version types)
	This patch removes the extra blank line.

2010-12-01  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add unit tests for internal CPU APIs

	cpu: Add support for overriding path to CPU map XML file

2010-12-01  Hu Tao  <hutao@cn.fujitsu.com>

	Fall back to QEMUD_SAVE_FORMAT_RAW if compression method fails.
	When dumping a domain, it's reasonable to save dump-file in raw format
	if dump format is misconfigured or the corresponding compress program
	is not available rather then fail dumping.

2010-12-01  Osier Yang  <jyang@redhat.com>

	virsh: Categorize commands into groups for virsh help
	Change the virsh help out. The new output of "virsh help" and
	"virsh --help" will be like:
	 Secret (help keyword 'secret'):
	    secret-define                  define or modify a secret from an XML file
	    secret-dumpxml                 secret attributes in XML
	    secret-set-value               set a secret value
	    secret-get-value               Output a secret value
	    secret-undefine                undefine a secret
	    secret-list                    list secrets
	 Snapshot (help keyword 'snapshot'):
	    snapshot-create                Create a snapshot
	    snapshot-current               Get the current snapshot
	    snapshot-delete                Delete a domain snapshot
	    snapshot-dumpxml               Dump XML for a domain snapshot
	    snapshot-list                  List snapshots for a domain
	    snapshot-revert                Revert a domain to a snapshot
	Also support output help information of specified command group, e.g.
	% ./tools/virsh help "Network Filter"
	 Network Filter (help keyword 'filter'):
	    nwfilter-define                define or update a network filter from an XML file
	    nwfilter-undefine              undefine a network filter
	    nwfilter-dumpxml               network filter information in XML
	    nwfilter-list                  list network filters
	    nwfilter-edit                  edit XML configuration for a network filter
	Each group has a help keyword, e.g.
	% ./tools/virsh help filter
	 Network Filter (help keyword 'filter'):
	    nwfilter-define                define or update a network filter from an XML file
	    nwfilter-undefine              undefine a network filter
	    nwfilter-dumpxml               network filter information in XML
	    nwfilter-list                  list network filters
	    nwfilter-edit                  edit XML configuration for a network filter
	* tools/virsh.c:
	  - introduce new struct "vshCmdGrp" and macros to define the groups.
	  - split previous array "commands" into small arrays which are orgnized
	    by group
	  - changed some functions, e.g. "vshCmdDefSearch"
	  - Added new functions, e.g. "vshCmdGrpSearch"
	  - commands of each group are in "alphabetical order" now.
	  - command groups are in "alphabetical order" now.
	  - the commands are categorized with reference of
	    http://wiki.libvirt.org/page/VirshHelpV2 (by Justin)
	  - the modifications doesn't affect tests
	* TODO:
	  - doc

2010-12-01  Eric Blake  <eblake@redhat.com>

	maint: allow 'make syntax-check' to run again
	* cfg.mk (VC_LIST_ALWAYS_EXCLUDE_REGEX): Permanently exempt
	docs/news.html.in from all future syntax checks.

2010-12-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt 0.8.6
	- configure.ac libvirt.spec.in: bump version, add a missing systemtap
	  build requirement
	- docs/news.html.in: add informations about the release
	- po/*: updated Polish and Dutch localizations, and regenerated
	- tests/qemuxml2argvtest.c: Fix build problem

2010-12-01  Stefan Berger  <stefanb@us.ibm.com>

	802.1Qbg: use pre-associate state at beginning of inc. migr
	This patch introduces the usage of the pre-associate state of the IEEE 802.1Qbg standard on incoming VM migration on the target host. It is in response to bugzilla entry 632750.
	https://bugzilla.redhat.com/show_bug.cgi?id=632750
	For being able to differentiate the exact reason as to why a macvtap device is being created, either due to a VM creation or an incoming VM migration, I needed to pass that reason as a parameter from wherever qemudStartVMDaemon is being called in order to determine whether to send an ASSOCIATE (VM creation) or a PRE-ASSOCIATE (incoming VM migration) towards lldpad.
	I am also fixing a problem with the virsh domainxml-to-native call on the way.
	Gerhard successfully tested the patch with a recent blade network 802.1Qbg-compliant switch.
	The patch should not have any side-effects on the 802.1Qbh support in libvirt, but Roopa (cc'ed) may want to verify this.

2010-12-01  Guido Günther  <agx@sigxcpu.org>

	Ignore files generated by "make tags"

	OpenVZ: Fix some overwritten error codes
	Don't overwrite errors during domain creation/definition to ease
	tracking down problems.

	OpenVZ: take veid from vmdef->name when defining new domains
	We currently use the next free veid although there's one given in the
	domain xml. This currently breaks defining new domains since vmdef->name
	and veid don't match leading to the following error later on:
	    error: Failed to define domain from 110.xml
	    error: internal error Could not set UUID
	Since silently ignoring vmdef->name is not nice respect it instead. We
	avoid veid collisions in the upper levels already.

2010-11-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	Log client errors in libvirtd at debug priority
	This reverts commit
	 Log all errors at level INFO to stop polluting syslog
	 04bd0360f32ec628ecf7943b3fd1468d6eb2dde5.
	and makes virRaiseErrorFull() log errors at debug priority
	when called from inside libvirtd. This stops libvirtd from
	polluting it's own log with client errors at error priority
	that'll be reported and logged on the client side anyway.

2010-11-30  Wen Congyang  <wency@cn.fujitsu.com>

	correct the arguments of migrate_speed
	When we set migrate_speed by json, we receive the following
	error message:
	libvirtError: internal error unable to execute QEMU command
	'migrate_set_speed': Invalid parameter type, expected: number
	The reason is that: the arguments of migrate_set_speed
	by json is json number, not json string.

2010-11-29  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix detection of expected errors

2010-11-29  Justin Clift  <jclift@redhat.com>

	docs: updated c# bindings with arnauds latest changes

2010-11-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix memory leaks in audit & VirtualBox code
	* src/util/virtaudit.c: Free audit string
	* src/vbox/vbox_XPCOMCGlue.c: Free library name

	Remove bogus check for Xen in example program
	The dominfo.py example script has a bogus check for /proc/xen
	existing. The default connection cannot be assumed to be Xen
	any more
	* examples/python/dominfo.py: Remove check for Xen

2010-11-26  Jiri Denemark  <jdenemar@redhat.com>

	doc: Fix spelling of virBufferVSprintf

2010-11-25  Jiri Denemark  <jdenemar@redhat.com>

	Fix host CPU counting on unusual NUMA topologies
	The nodeinfo structure includes
	    nodes   : the number of NUMA cell, 1 for uniform mem access
	    sockets : number of CPU socket per node
	    cores   : number of core per socket
	    threads : number of threads per core
	which does not work well for NUMA topologies where each node does not
	consist of integral number of CPU sockets.
	We also have VIR_NODEINFO_MAXCPUS macro in public libvirt.h which
	computes maximum number of CPUs as (nodes * sockets * cores * threads).
	As a result, we can't just change sockets to report total number of
	sockets instead of sockets per node. This would probably be the easiest
	since I doubt anyone is using the field directly. But because of the
	macro, some apps might be using sockets indirectly.
	This patch leaves sockets to be the number of CPU sockets per node (and
	fixes qemu driver to comply with this) on machines where sockets can be
	divided by nodes. If we can't divide sockets by nodes, we behave as if
	there was just one NUMA node containing all sockets. Apps interested in
	NUMA should consult capabilities XML, which is what they probably do
	anyway.
	This way, the only case in which apps that care about NUMA may break is
	on machines with funky NUMA topology. And there is a chance libvirt
	wasn't able to start any guests on those machines anyway (although it
	depends on the topology, total number of CPUs and kernel version).
	Nothing changes at all for apps that don't care about NUMA.

2010-11-25  Philipp Hahn  <hahn@univention.de>

	Fix broken XML entity for '>'
	Add missing 'g' to '&gt;' of '<product />' source-element.

2010-11-25  Eric Blake  <eblake@redhat.com>

	security, storage: plug memory leaks for security_context_t
	security_context_t happens to be a typedef for char*, and happens to
	begin with a string usable as a raw context string.  But in reality,
	it is an opaque type that may or may not have additional information
	after the first NUL byte, where that additional information can
	include pointers that can only be freed via freecon().
	Proof is from this valgrind run of daemon/libvirtd:
	==6028== 839,169 (40 direct, 839,129 indirect) bytes in 1 blocks are definitely lost in loss record 274 of 274
	==6028==    at 0x4A0515D: malloc (vg_replace_malloc.c:195)
	==6028==    by 0x3022E0D48C: selabel_open (label.c:165)
	==6028==    by 0x3022E11646: matchpathcon_init_prefix (matchpathcon.c:296)
	==6028==    by 0x3022E1190D: matchpathcon (matchpathcon.c:317)
	==6028==    by 0x4F9D842: SELinuxRestoreSecurityFileLabel (security_selinux.c:382)
	800k is a lot of memory to be leaking.
	* src/storage/storage_backend.c
	(virStorageBackendUpdateVolTargetInfoFD): Avoid leak on error.
	* src/security/security_selinux.c
	(SELinuxReserveSecurityLabel, SELinuxGetSecurityProcessLabel)
	(SELinuxRestoreSecurityFileLabel): Use correct function to free
	security_context_t.

	network: plug memory leak
	* src/conf/network_conf.c (virNetworkDHCPRangeDefParseXML): Free
	xml strings when no longer referenced.

	maint: prohibit most uses of xmlGetProp
	Making this change makes it easier to spot the memory leaks
	that will be fixed in the next patch.
	* cfg.mk (sc_prohibit_xmlGetProp): New rule.
	* .x-sc_prohibit_xmlGetProp: New exception.
	* Makefile.am (EXTRA_DIST): Ship exception file.
	* tools/virsh.c (cmdDetachInterface, cmdDetachDisk): Adjust
	offenders.
	* src/conf/storage_conf.c (virStoragePoolDefParseSource):
	Likewise.
	* src/conf/network_conf.c (virNetworkDHCPRangeDefParseXML)
	(virNetworkIPParseXML): Likewise.

	qemu: plug memory leak
	https://bugzilla.redhat.com/show_bug.cgi?id=656795
	* src/qemu/qemu_monitor.c (qemuMonitorFree): Also free the buffer.

	maint: ensure syntax check exceptions are distributed
	* Makefile.am (EXTRA_DIST): Factor exceptions files...
	(syntax_check_excpetions): into new list.  Include recently added
	exceptions.
	* cfg.mk (sc_x_sc_dist_check): New check, copied from coreutils.

	build: enforce files.h usage
	* cfg.mk (sc_prohibit_close): New syntax-check rule.
	* src/util/pci.c (pciWaitForDeviceCleanup): Fix violation.
	* .x-sc_prohibit_close: New exceptions.
	* Makefile.am (EXTRA_DIST): Distribute new file.

2010-11-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	Always close drivers when a virConnectPtr is released
	virConnectClose calls virUnrefConnect which in turn closes
	all open drivers when the refcount of that connection dropped
	to zero. This works fine when you free all other objects that
	hold a ref to the connection before you close it, because in
	this case virUnrefConnect is the one that removes the last
	ref to the connection.
	But it doesn't work when you close the connection first before
	freeing the other objects. This is because the other virUnref*
	functions call virReleaseConnect when they detect that the
	connection's refcount dropped to zero. In this case another
	virUnref* function (different from virUnrefConnect) removes the
	last ref to the connection. This results in not closing the
	open drivers and leaking things that should have been cleaned
	up in the driver close functions.
	To fix this move the driver close calls to virReleaseConnect.

2010-11-25  Osier Yang  <jyang@redhat.com>

	Implementations of virDomainIsUpdated for drivers except qemu
	Except LXC and UML driver, implementations of all other drivers
	simply return 0, because these drivers doesn't have config both
	in memory and on disk, no need to track if the domain of these
	drivers updated or not.
	Rename "xenUnifiedDomainisPersistent" to "xenUnifiedDomainIsPersistent"
	* esx/esx_driver.c
	* lxc/lxc_driver.c
	* opennebula/one_driver.c
	* openvz/openvz_driver.c
	* phyp/phyp_driver.c
	* test/test_driver.c
	* uml/uml_driver.c
	* vbox/vbox_tmpl.c
	* xen/xen_driver.c
	* xenapi/xenapi_driver.c

2010-11-24  Osier Yang  <jyang@redhat.com>

	implement callback function for qemu driver
	* src/qemu/qemu_driver.c (add function qemuDomainIsUpdated)

	implement the remote protocol
	* daemon/remote.c
	* daemon/remote_dispatch_args.h
	* daemon/remote_dispatch_prototypes.h
	* daemon/remote_dispatch_ret.h
	* daemon/remote_dispatch_table.h
	* src/remote/remote_driver.c
	* src/remote/remote_protocol.c
	* src/remote/remote_protocol.h
	* src/remote/remote_protocol.x
	* src/remote_protocol-structs

	implement public API virDomainIsUpdated
	* src/libvirt.c

	define internal driver API
	* src/driver.h (new typedef, new callback member for "_virDriver")
	* src/esx/esx_driver.c
	* src/lxc/lxc_driver.c
	* src/opennebula/one_driver.c
	* src/openvz/openvz_driver.c
	* src/phyp/phyp_driver.c
	* src/qemu/qemu_driver.c
	* src/remote/remote_driver.c
	* src/test/test_driver.c
	* src/uml/uml_driver.c
	* src/vbox/vbox_tmpl.c
	* src/xen/xen_driver.c
	* src/xenapi/xenapi_driver.c

	virDomainIsUpdated: define the new public API
	introduce new public API "virDomainIsUpdated"
	* src/conf/domain_conf.h (new member "updated" for "virDomainObj")
	* src/libvirt_public.syms
	* include/libvirt/libvirt.h.in

2010-11-24  Eric Blake  <eblake@redhat.com>

	maint: sort exports
	* src/libvirt_private.syms (buf.h): Sort.

2010-11-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote: Fix TLS transport on Windows
	gnulib wraps Windows' SOCKET handle based send() and recv() functions
	into file descriptor based ones that are used in libvirt.
	Even though GnuTLS is using gnulib too, it explicitly doesn't use
	gnulib's replacement functions on Windows. By default GnuTLS uses the
	SOCKET handle based send() and recv(). This makes gnutls_handshake()
	fail internally with a WSAENOTSOCK error because libvirt passes a
	file descriptor; GnuTLS needs the SOCKET handle.
	To avoid this mismatch make sure that GnuTLS uses gnulib's replacment
	functions, by setting custom pull() and push() functions for GnuTLS.

2010-11-24  Cole Robinson  <crobinso@redhat.com>

	tests: Fix dispatching internal error reports
	Without this fix, the test suite doesn't print error messages when a libvirt
	function fails. Additionally, only print error reports if DEBUG or VERBOSE
	requested.

2010-11-23  Eric Blake  <eblake@redhat.com>

	libvirtd: fix bug when shrinking number of clients
	* daemon/libvirtd.c (qemudRunLoop): Pass allocation size, not
	current count, to VIR_SHRINK_N.
	* docs/hacking.html.in: Update doc example.
	* HACKING: Regenerate.

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Rename 'remove' param to 'toremove' to avoid clash with stdio.h
	The stdio.h header has a function called 'remove' declared. This
	clashes with the 'remove' parameter in virShrinkN
	* src/util/memory.c: Rename 'remove' to 'toremove'

	Fix 32-bit int truncation in QED header check
	* src/util/memory.c: Avoid 32-bit truncation extracting a 64bit int

	Fix error handling in virsh when listing storage volumes
	virsh was not checking for a error code when listing storage
	volumes. So when listing volumes in a pool that was shutoff,
	no output was displayed
	* tools/virsh.c: Fix error handling when listing volumes

	Improve SCSI volume name generation
	The SCSI volumes currently get a name like '17:0:0:1' based
	on $host:$bus:$target:$lun. The names are intended to be unique
	per pool and stable across pool restarts. The inclusion of the
	$host component breaks this, because the $host number for iSCSI
	pools is dynamically allocated by the kernel at time of login.
	This changes the name to be 'unit:0:0:1', ie removes the leading
	host component. The 'unit:' prefix is just to ensure the volume
	name doesn't start with a number and make it clearer when seen
	out of context.
	* src/storage/storage_backend_scsi.c: Improve volume name
	  field value stability and uniqueness

	Fix error codes returned when a storage pool is inactive
	Many operations are not valid on inactive storage pools. The
	storage driver is currently returning VIR_ERR_INTERNAL_ERROR
	in these cases, rather than the more suitable error code
	VIR_ERR_OPERATION_INVALID
	* src/storage/storage_driver.c: Fix error code when pool
	  is not active

	Check whether pools are already active upon libvirtd startup
	When libvirt starts up all storage pools default to the inactive
	state, even if the underlying storage is already active on the
	host. This introduces a new API into the internal storage backend
	drivers that checks whether a storage pool is already active. If
	the pool is active at libvirtd startup, the volume list will be
	immediately populated.
	* src/storage/storage_backend.h: New internal API for checking
	  storage pool state
	* src/storage/storage_driver.c: Check whether a pool is active
	  upon driver startup
	* src/storage/storage_backend_fs.c, src/storage/storage_backend_iscsi.c,
	  src/storage/storage_backend_logical.c, src/storage/storage_backend_mpath.c,
	  src/storage/storage_backend_scsi.c: Add checks for pool state

	Remove bogus port handling code in virsh
	The "find-storage-pool-sources-as" command takes two arguments,
	a hostname and a port number. For some reason the code would
	also then look for a port number appended to the hostname
	string by searching for ':'. This totally breaks if the user
	gives an IPv6 address, and is redundant, since you can already
	provide a port as a separate argument
	* tools/virsh.c: Remove bogus port number handling code

	Allow iSCSI IQN to be set with find-storage-pool-sources-as command
	Allow an iSCSI initiator IQN to be set with the XML for the
	find-storage-pool-sources-as virsh command
	* tools/virsh.c: Add iSCSI IQN support

	Switch the virsh XML generation to use virBuffer instead of virAsprintf
	The code generating XML for storage pool source discovery is
	hardcoded to only allow a hostname and optional port number.
	Refactor this code to make it easier to add support for extra
	parameters.
	* tools/virsh.c: Refactor XML generator

	Add support for iSCSI target auto-discovery
	Since the previous patch added support for parsing the output of
	the 'sendtargets' command, it is now trivial to support the
	storage pool discovery API.
	Given a hostname and optional portnumber and initiator IQN,
	the code can return a full list of storage pool source docs,
	each one representing a iSCSI target.
	* src/storage/storage_backend_iscsi.c: Wire up target
	  auto-discovery

	Stop iSCSI targets automatically logging back in after logout
	The Linux iSCSI initiator toolchain has the dubious feature that
	if you ever run the 'sendtargets' command to merely query what
	targets are available from a server, the results will be recorded
	in /var/lib/iscsi. Any time the '/etc/init.d/iscsi' script runs
	in the future, it will then automatically login to all those
	targets. /etc/init.d/iscsi is automatically run whenever a NIC
	comes online.
	So from the moment you ask a server what targets are available,
	your client will forever more automatically try to login to all
	targets without ever asking if you actually want it todo this.
	To stop this stupid behaviour, we need to run
	  iscsiadm --portal $PORTAL --target $TARGET
	   --op update --name node.startup --value manual
	For every target on the server.
	* src/storage/storage_backend_iscsi.c: Disable automatic login
	  for targets found as a result of a 'sendtargets' command

	Refactor iSCSI driver code to facilitate future changes
	The following series of patches are adding significant
	extra functionality to the iSCSI driver. THe current
	internal helper methods are not sufficiently flexible
	to cope with these changes. This patch refactors the
	code to avoid needing to have a virStoragePoolObjPtr
	instance as a parameter, instead passing individual
	target, portal and initiatoriqn parameters.
	It also removes hardcoding of port 3260 in the portal
	address, instead using the XML value if any.
	* src/storage/storage_backend_iscsi.c: Refactor internal
	  helper methods

	Fix parsing of port attribute in storage XML configuration
	The XML docs describe a 'port' attribute for the
	storage source <host> element, but the parser never
	handled it.
	* docs/schemas/storagepool.rng: Define port attribute
	* src/conf/storage_conf.c: Add missing parsing/formatting
	  of host port number
	* src/conf/storage_conf.h: Remove bogus/unused 'protocol' field

	Don't catch SIGCHLD in libvirtd
	libvirtd no longer deals with SIGCHLD in its signal handler
	since the QEMU driver switched to always daemonize processes.
	Thus remove the sigaction for it, to avoid warning log
	messages
	* daemon/libvirtd.c: Don't catch SIGCHLD

	Ensure logfile isn't truncated by shutdown message.
	When running non-root, the QEMU log file is usually opened with
	truncation, since there is no logrotate for non-root usage.
	This means that when libvirt logs the shutdown timestamp, the
	log is accidentally truncated
	* src/qemu/qemu_driver.c: Never truncate log file with shutdown
	  message

	Remove trailing ':' from timestamp
	The QEMU logger appends a ':' to the timestamp when it deems
	it neccessary, so the virTimestamp API should not duplicate
	this
	* src/util/util.c: Remove trailing ':' from timestamp

	Log all errors at level INFO to stop polluting syslog
	Everytime a public API returns an error, libvirtd pollutes
	syslog with that error message. Reduce the error logging
	level to INFO so these don't appear by default.
	* src/util/virterror.c: Log all errors at INFO

	Ensure virExec preserves logging environment
	The virFork call resets all logging handlers that may have been
	set. Re-enable them after fork in virExec, so that env variables
	fir LIBVIRT_LOG_OUTPUTS and LIBVIRT_LOG_FILTERS take effect
	until the execve()
	* src/util/util.c: Preserve logging in child in virExec

	Include a thread identifier in log messages
	To allow messages from different threads to be untangled,
	include an integer thread identifier in log messages.
	* src/util/logging.c: Include thread ID
	* src/util/threads.h, src/util/threads.h, src/util/threads-pthread.c:
	  Add new virThreadSelfID() function
	* configure.ac: Check for sys/syscall.h

2010-11-23  Cole Robinson  <crobinso@redhat.com>

	qemu: setvcpus: Save config changes to disk
	Currently changes to the persistent config aren't flushed to disk, meaning
	they are lost if the domain is redefined or libvirtd is restarted.

	qemu: setvcpus: Simplify altering the persistent config
	Do this by adding a helper function to get the persistent domain config. This
	should be useful for other functions that may eventually want to alter
	the persistent domain config (attach/detach device). Also make similar changes
	to the test drivers setvcpus command.
	A caveat is that the function will return the running config for a transient
	domain, rather than error. This simplifies callers, as long as they use
	other methods to ensure the guest is persistent.

	qemu: setvcpus: Fix maxvcpus check
	Doing 'virsh setvcpus $vm --config 10' doesn't check the value against the
	domains maxvcpus value. A larger value for example will prevent the guest
	from starting.
	Also make a similar change to the test driver.

	conf: domain: Improve vcpus validation reporting

	Make state driver device hotplug/update actually transient
	The current semantics of non-persistent hotplug/update are confusing: the
	changes will persist as long as the in memory domain definition isn't
	overwritten. This means hotplug changes stay around until the domain is
	redefined or libvirtd is restarted.
	Call virDomainObjSetDefTransient at VM startup, so that we properly discard
	hotplug changes when the VM is shutdown.

	domain_conf: Add virDomainObjSetDefTransient
	This function sets the running domain definition as transient, by reparsing
	the persistent config and assigning it to newDef. This ensures that any
	changes made to the running definition and not the persistent config are
	discarded when the VM is shutdown.

	xend: Escape reserved sexpr characters
	If we don't escape ' or \ xend can't parse the generated sexpr. This
	might over apply the EscapeSexpr routine, but it shouldn't hurt.

	buf: Simplify virBufferEscapeString
	We are about to copy this function, so clean it up before we do.

	xend: urlencode: Properly escape '&'
	Since we send the sexpr to xend via HTTP, we need to properly escape
	'&'

	conf: Fix parsing python style triple quotes
	An incorrect check broke matching the closing set of quotes. Update
	tests to cover this case for XM config files.

	conf: Convert ParseString to use STRPREFIX

	schemas: domain: Add more valid file path chars
	Also, standardize path usage on 'filePath' and 'absFilePath'

2010-11-23  Adam Litke  <agl@us.ibm.com>

	qed: Minor updates to QED support patches
	This patch makes two corrections to the newly-added QED support patch series:
	 - Correct the QED header field offsets
	 - Remove XML parsing for VIR_STORAGE_FILE_AUTO_SAFE

2010-11-22  Justin Clift  <jclift@redhat.com>

	docs: removed outdated reference to virt-mem
	The virt-mem program is no longer shipped, but was still being
	referenced at the bottom of the virsh and libvirtd man pages.
	This patch removes it from those man pages, addressing
	BZ# 639603:
	  https://bugzilla.redhat.com/show_bug.cgi?id=639603

2010-11-20  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: re-order lock grabbed by IP addr. learn thread
	The IP address learning thread was causing a deadlock when it instantiated a filter while a filter update/change was ongoing. The reason for this was the ordering of locks due to the following calls
	virNWFilterUnlockFilterUpdates()
	virNWFilterPoolObjFindByName()
	The below patch now puts the order of the locks in the above shown order when instantiating the filter from the IP address learning thread.

2010-11-20  Adam Litke  <agl@us.ibm.com>

	Support for probing qed image metadata
	Implement getBackingStore() for QED images.  The header format is defined in
	the QED spec: http://wiki.qemu.org/Features/QED .
	Cc: Stefan Hajnoczi <stefan.hajnoczi@uk.ibm.com>
	Cc: Anthony Liguori <aliguori@linux.vnet.ibm.com>

	storage_file: Add a new flag to mark backing files that are safe to probe

	QED: Basic support for QED images
	Add an entry in fileTypeInfo for QED image files.
	Cc: Stefan Hajnoczi <stefan.hajnoczi@uk.ibm.com>
	Cc: Anthony Liguori <aliguori@linux.vnet.ibm.com>

	Allow probing of image formats without version information
	Disk image formats that wish to opt-out of version validation are supposed to
	set versionOffset to -1 in their fileTypeInfo entry.
	By unconditionally returning False for these formats,
	virStorageFileMatchesVersion() incorrectly reports a version mismatch when the
	test was actually skipped.  The correct behavior is to return True so these
	formats can be successfully probed using the magic bytes alone.

2010-11-19  Eric Blake  <eblake@redhat.com>

	maint: tighten strncmp syntax check
	Using 'int ret = strcmp(a, b)' in a qsort function is a valid use of
	str[n]cmp that should _not_ be turned to STREQ, but it was falling
	foul of our specific syntax-check.  Meanwhile, gnulib's maint.mk
	already has a tighter bound for strcmp, so we can copy that regex and
	just check for strncmp, which results in fewer false positives that
	require exceptions.
	* cfg.mk (sc_prohibit_strcmp_and_strncmp): Rename...
	(sc_prohibit_strncmp): ...to this, and tighten, to mirror
	maint.mk's sc_prohibit_strcmp's better regex.
	* Makefile.am (syntax_check_exceptions): Update exception rule.
	* .x-sc_prohibit_strcmp_and_strncmp: Rename...
	* .x-sc_prohibit_strncmp: ...and trim.

2010-11-19  Daniel P. Berrange  <berrange@redhat.com>

	virExec: fix bug in setting up child stderr/out with /dev/null

2010-11-19  Eric Blake  <eblake@redhat.com>

	capabilities, cpu: use new array API
	* src/conf/capabilities.h (_virCaps, _virCapsHost, _virCapsGuest)
	(_virCapsGuestArch): Add additional fields.
	* src/conf/cpu_conf.h (_virCPUDef): Likewise.
	* src/conf/capabilities.c (virCapabilitiesFormatXML): Reflect
	updated type.
	(virCapabilitiesAddGuest, virCapabilitiesAddHostFeature)
	(virCapabilitiesAddHostMigrateTransport)
	(virCapabilitiesAddHostNUMACell, virCapabilitiesAddGuestFeature)
	(virCapabilitiesAddGuestDomain): Use new array APIs.
	* src/conf/cpu_conf.c (virCPUDefAddFeature, virCPUDefCopy)
	(virCPUDefParseXML): Likewise.
	* tests/testutilsqemu.c (testQemuCapsInit): Adjust test.

	daemon: use safer memory growth macros
	* daemon/libvirtd.h (qemud_server): Change types of members
	tracking array sizes, and add allocation trackers.
	* daemon/event.c (virEventLoop): Likewise.
	(virEventAddHandleImpl, virEventAddTimeoutImpl)
	(virEventCleanupTimeouts, virEventCleanupHandles): Use
	VIR_RESIZE_N instead of VIR_REALLOC_N.  Tweak debug messages to
	match type changes.
	* daemon/libvirtd.c (qemudDispatchServer, qemudRunLoop): Likewise.

	memory: make it easier to avoid quadratic scaling of arrays
	* src/util/memory.h (VIR_RESIZE_N): New macro.
	* src/util/memory.c (virResizeN): New function.
	* src/libvirt_private.syms: Export new helper.
	* docs/hacking.html.in: Document it.
	* HACKING: Regenerate.

	memory: make it safer to expand arrays
	* src/util/memory.h (VIR_REALLOC_N): Update docs.
	(VIR_EXPAND_N, VIR_SHRINK_N): New macros.
	(virAlloc, virAllocN, virReallocN, virAllocVar, virFree): Add some
	gcc attributes.
	* src/util/memory.c (virExpandN, virShrinkN): New functions.
	(virReallocN): Update docs.
	* src/libvirt_private.syms: Export new helpers.
	* docs/hacking.html.in: Prefer newer interfaces over
	VIR_REALLOC_N, since uninitialized memory can bite us.
	* HACKING: Regenerate.

2010-11-19  Osier Yang  <jyang@redhat.com>

	doc: Add doc for missed options of migrate
	* tools/virsh.pod (add doc for options like "--p2p", "--direct",
	"--copy-storage-all", "dname", etc.)

	doc: add doc for missed parameters of attach-disk
	* tools/virsh.pod (add docs for --persistent and --sourcetype
	of attach-disk, break the long lines in the meantime)

2010-11-19  Daniel Veillard  <veillard@redhat.com>

	Fix a failure to restore SELinux label for character devices
	The code in SELinuxRestoreSecurityChardevLabel() was trying to
	use SELinuxSetFilecon directly for devices or file types while
	it should really use SELinuxRestoreSecurityFileLabel encapsulating
	routine, which avoid various problems like resolving symlinks,
	making sure he file exists and work around NFS problems

2010-11-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	virt-aa-helper: Fix several compile errors
	Include locale.h for setlocale().
	Revert the usage string back to it's original form.
	Use puts() instead of fputs(), as fputs() expects a FILE*.
	Add closing parenthesis to some vah_error() calls.
	Use argv[0] instead of an undefined argv0.

2010-11-18  Eric Blake  <eblake@redhat.com>

	build: fix autobuild failures on gcov upgrade
	Last time I ran ./autobuild.sh was on F13; and upgrading to F14
	exposed these leftovers due to a newer gcov than what was in the stale
	files, in the form of spurious messages that break 'make check':
	+profiling:/home/remote/eblake/libvirt-tmp/tools/virsh-console.gcda:Version mismatch - expected 405R got 404R
	and concluding with a bug in the autobuild.sh script itself:
	./autobuild.sh: line 44: test: =: unary operator expected
	* autobuild.sh: avoid syntax error on failed test
	* tools/Makefile.am (CLEANFILES): Clean coverage files.

2010-11-18  Osier Yang  <jyang@redhat.com>

	doc: update virsh manual
	* tools/virsh.pod (change things like "edit domain.xml" into
	  "vi domain.xml", so that it's more clear for user)

2010-11-18  Eric Blake  <eblake@redhat.com>

	maint: avoid remaining sprintf uses
	* cfg.mk (sc_prohibit_sprintf): New rule.
	(sc_prohibit_asprintf): Avoid false positives.
	* docs/hacking.html.in (Printf-style functions): Document the
	policy.
	* HACKING: Regenerate.
	* .x-sc_prohibit_sprintf: New exemptions.
	* Makefile.am (syntax_check_exceptions): Ship new file.
	* src/vbox/vbox_tmpl.c (vboxStartMachine, vboxAttachUSB): Use
	virAsprintf instead.
	* src/uml/uml_driver.c (umlOpenMonitor): Use snprintf instead.
	* tools/virsh.c (cmdDetachInterface): Likewise.
	* src/security/security_selinux.c (SELinuxGenSecurityLabel):
	Likewise.
	* src/openvz/openvz_driver.c (openvzDomainDefineCmd): Likewise,
	and ensure large enough buffer.

	virt-aa-helper: translate error messages
	These messages are visible to the user, so they should be
	consistently translated.
	* cfg.mk (msg_gen_function): Add vah_error, vah_warning.
	* src/security/virt-aa-helper.c: Translate messages.
	(catchXMLError): Fix capitalization.

	maint: update to latest gnulib
	Allows bootstrap to work on FreeBSD, where gzip doesn't have a '.'
	in its version; and silences false positives in the new
	'make syntax-check' rule.
	* .gnulib: Update to latest.
	* bootstrap: Synchronize to upstream.
	* .x-sc_bindtextdomain: New exemptions.
	* Makefile.am (syntax_check_exceptions): Ship new file.
	* .gitignore: Regenerate per latest bootstrap, anchor entries that
	are only in the root directory, and consolidate entries from other
	generated .gitignore files.
	* build-aux/.gitignore, m4/.gitignore, po/.gitignore: Remove from
	version control, since bootstrap generates them.

	maint: improve i18n on non-Linux
	Per the gettext developer:
	http://lists.gnu.org/archive/html/bug-gnu-utils/2010-10/msg00019.html
	http://lists.gnu.org/archive/html/bug-gnu-utils/2010-10/msg00021.html
	gettext() doesn't work correctly on all platforms unless you have
	called setlocale().  Furthermore, gnulib's gettext.h has provisions
	for setting up a default locale, which is the preferred method for
	libraries to use gettext without having to call textdomain() and
	override the main program's default domain (virInitialize already
	calls bindtextdomain(), but this is insufficient without the
	setlocale() added in this patch; and a redundant bindtextdomain()
	in this patch doesn't hurt, but serves as a good example for other
	packages that need to bind a second translation domain).
	This patch is needed to silence a new gnulib 'make syntax-check'
	rule in the next patch.
	* daemon/libvirtd.c (main): Setup locale and gettext.
	* src/lxc/lxc_controller.c (main): Likewise.
	* src/security/virt-aa-helper.c (main): Likewise.
	* src/storage/parthelper.c (main): Likewise.
	* tools/virsh.c (main): Fix exit status.
	* src/internal.h (DEFAULT_TEXT_DOMAIN): Define, for gettext.h.
	(_): Simplify definition accordingly.
	* po/POTFILES.in: Add src/storage/parthelper.c.

2010-11-17  Eric Blake  <eblake@redhat.com>

	maint: use gnulib configmake rather than open-coding things
	* bootstrap.conf (gnulib_modules): Add configmake.
	* daemon/Makefile.am (libvirtd_CFLAGS): Drop defines provided by
	gnulib.
	* src/Makefile.am (INCLUDES): Likewise.
	* tests/Makefile.am (INCLUDES): Likewise.
	* tools/Makefile.am (virsh_CFLAGS): Likewise.
	* daemon/libvirtd.c (qemudInitPaths, usage, main): Update
	clients.
	* src/cpu/cpu_map.c (CPUMAPFILE): Likewise.
	* src/driver.c (DEFAULT_DRIVER_DIR): Likewise.
	* src/internal.h (_): Likewise.
	* src/libvirt.c (virInitialize): Likewise.
	* src/lxc/lxc_conf.h (LXC_CONFIG_DIR, LXC_STATE_DIR, LXC_LOG_DIR):
	Likewise.
	* src/lxc/lxc_conf.c (lxcCapsInit, lxcLoadDriverConfig):
	Likewise.
	* src/network/bridge_driver.c (NETWORK_PID_DIR)
	(NETWORK_STATE_DIR, DNSMASQ_STATE_DIR, networkStartup): Likewise.
	* src/nwfilter/nwfilter_driver.c (nwfilterDriverStartup):
	Likewise.
	* src/qemu/qemu_conf.c (qemudLoadDriverConfig): Likewise.
	* src/qemu/qemu_driver.c (qemudStartup): Likewise.
	* src/remote/remote_driver.h (LIBVIRTD_PRIV_UNIX_SOCKET)
	(LIBVIRTD_PRIV_UNIX_SOCKET_RO, LIBVIRTD_CONFIGURATION_FILE)
	(LIBVIRT_PKI_DIR): Likewise.
	* src/secret/secret_driver.c (secretDriverStartup): Likewise.
	* src/security/security_apparmor.c (VIRT_AA_HELPER): Likewise.
	* src/security/virt-aa-helper.c (main): Likewise.
	* src/storage/storage_backend_disk.c (PARTHELPER): Likewise.
	* src/storage/storage_driver.c (storageDriverStartup): Likewise.
	* src/uml/uml_driver.c (TEMPDIR, umlStartup): Likewise.
	* src/util/hooks.c (LIBVIRT_HOOK_DIR): Likewise.
	* tools/virsh.c (main): Likewise.
	* docs/hooks.html.in: Likewise.

2010-11-17  Stefan Berger  <stefanb@us.ibm.com>

	replace last instances of close()
	I am replacing the last instances of close() I found with VIR_CLOSE() / VIR_FORCE_CLOSE respectively.
	The first part patches virsh, which I missed out on previously.
	The 2nd patch I had left out intentionally to look at it more carefully:
	The 'closed' variable could be easily removed since it wasn't used anywhere else. The possible race condition that could result from the filedescriptor being closed and not set to -1 (and possibly let us write into 'something' totally different if the fd was allocated by another thread) seems to be prevented by the qemuMonitorLock() already placed around the code that reads from or writes to the fd. So the change of this code as shown in the patch should not have any side-effects.

	nwfilter: also purge ip(6)tables rules before detecting IP address
	Rather than only cleaning any remaining ebtables rules, also clean those applied to iptables and ip6tables when detecting the IP address of an interface. Previous applied iptables rules may hinder DHCP packets.

	deprecate fclose() and introduce VIR_{FORCE_}FCLOSE()
	Similarly to deprecating close(), I am now deprecating fclose() and
	introduce VIR_FORCE_FCLOSE() and VIR_FCLOSE(). Also, fdopen() is replaced with
	VIR_FDOPEN().
	Most of the files are opened in read-only mode, so usage of
	VIR_FORCE_CLOSE() seemed appropriate. Others that are opened in write
	mode already had the fclose()<  0 check and I converted those to
	VIR_FCLOSE()<  0.
	I did not find occurrences of possible double-closed files on the way.

2010-11-17  Osier Yang  <jyang@redhat.com>

	daemon: fix indention problem in daemon/libvirt.c
	* daemon/libvirtd.c

	qemu: fix typos in qemu_monitor_text.c
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextChangeMedia)

	qemu: record timestamp in qemu domain log
	Currently only support domain start and shutdown, for domain start,
	record timestamp before the qemu command line, and for domain shutdown,
	just say it's shutting down with timestamp.
	* src/qemu/qemu_driver.c (qemudStartVMDaemon, qemudShutdownVMDaemon
	  introduced two macros - START_POSTFIX, SHUTDOWN_POSTFIX)

	virsh: add net-info command
	To list basic information about the network.
	* tools/virsh.c
	* tools/virsh.pod

2010-11-16  Eric Blake  <eblake@redhat.com>

	nwfilter: use /bin/sh rather than requiring bash
	* src/nwfilter/nwfilter_ebiptables_driver.c (CMD_EXEC): Fix syntax
	error in previous patch.
	Reported by Stefan Berger.

	nwfilter: use /bin/sh rather than requiring bash
	* src/nwfilter/nwfilter_ebiptables_driver.c
	(ebiptablesWriteToTempFile): Use /bin/sh.
	(bash_cmd_path): Delete.
	(ebiptablesDriverInit, ebiptablesDriverShutdown): No need to
	search for bash.
	(CMD_EXEC): Prefer $() over ``, since we can assume POSIX.
	(iptablesSetupVirtInPost): Use portable 'test' syntax.
	(iptablesLinkIPTablesBaseChain): Use POSIX $(()) syntax.

2010-11-16  Laine Stump  <laine@laine.org>

	interface.rng: Make miimon and arpmon optional for bond interfaces
	This has been optional in netcf for awhile, but the change hadn't been
	propogated to the libvirt copy of the RNG.

2010-11-16  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: convert send / recv function to use libnl
	In a second step I am converting the netlink send/receive functions to
	use libnl.
	I tested this with 802.1Qbg profiles and my test server and did not see
	a regression.
	Caveat: The online documentation of libnl talks about nl_socket_alloc()
	but the header file provides nl_handle_alloc() -- this could be a hint
	to a possible problem between libnl versions...
	http://www.infradead.org/~tgr/libnl/doc/group__socket.html
	versus
	http://libnl.sourcearchive.com/documentation/1.1/group__socket_gf903c9ea089735b1ba8e40dae801c47d.html

2010-11-16  Laine Stump  <laine@laine.org>

	Fix ipv4-addr definition in interface.rng
	Eric Blake pointed out a deficiency in this regex when it was
	copy-pasted into network.rng. This is just propogating the fix back to
	its origin.

2010-11-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Use python discovered through env instead of hardcoding a path
	This is more flexible regarding the location of the python binary
	but doesn't allow to pass the -u flag. The -i flag can be passed
	from inside the script using the PYTHONINSPECT env variable.
	This fixes a problem with the esx_vi_generator.py on FreeBSD.

	esx: Avoid warnings about breaking strict-aliasing rules on FreeBSD

	Make sure struct sockaddr_in is defined on FreeBSD

	configure: Disable FS storage driver if mntent.h is not available
	This is the case on FreeBSD.

	daemon: Include stdlib.h in dispatch.c
	Otherwise GCC complains about malloc being unknown on FreeBSD.

2010-11-13  Justin Clift  <jclift@redhat.com>

	docs: updated virsh command reference with libvirt.org links

2010-11-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	configure: Remove bashism and replace 'test ==' with 'test ='
	This also fixes configure problems on FreeBSD, as test doesn't
	understand '==' there.

	virsh: Fix compile error in VPATH build
	tools/console.c depends on daemon/event.h.

	Generate HACKING from docs/hacking.html.in

	docs: Prepare hacking.html.in to generate HACKING from it
	Tweak pre tags to achieve proper indentation of their
	plaintext representation. Also use more b/i/code tags.

2010-11-13  Justin Clift  <jclift@redhat.com>

	docs: updated csharp pages with latest info

	docs: trivial typo fix

	docs: added virsh command reference page.
	Using temporary location links for the moment, until we get a
	proper place to store the files on the libvirt.org server.

2010-11-12  Cole Robinson  <crobinso@redhat.com>

	rpm: Fix summary wording

2010-11-12  John Morrissey  <jwm@horde.net>

	qemu: Remove unnecessary quoting from the process name argument

2010-11-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Don't do a flags check in the storage driver
	This makes the storage driver fail when the connection is
	opened with the VIR_CONNECT_RO flag, resulting in a read-only
	connection with no storage driver.

	qemu: Add qemu-system-s390x to the emulators list

2010-11-12  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: convert nl msg construction to use libnl
	In a first step I am converting the netlink message construction in
	macvtap code to use libnl. It's pretty much a 1:1 conversion except that
	now the message needs to be allocated and deallocated.

2010-11-12  Laine Stump  <laine@laine.org>

	Do a better job of validating IP and MAC addresses in network.rng
	IP addresses and MAC addresses had been defined in the RNG simply as
	<text/> meaning that, according to the RNG, any string could go in
	there. Of course the C parsing code does a much better job of
	validating, but we may as well have this describing the contents
	accurately (even though it's currently only used during "make check").

	re-indent network.rng following structural change
	This commit is whitespace changes only, do avoid obscuring actual code
	changes.

	Put network.rng contents inside <grammar> for uniformity with other RNGs
	All the other RNG files in libvirt are enclosed within <grammar>. This
	commit makes the syntactical changes necessary to make network.rng fit
	that pattern. (This is the first step in adding some data type
	definitions to network.rng for more exact validation of IP and MAC
	addresses).
	Formatting changes (indentation) will be done in a subsequent commit,
	so that actual changes to the code won't be obscured by whitespace.

2010-11-12  Jamie Strandboge  <jamie@canonical.com>

	virt-aa-helper should require <uuid> in XML
	When <uuid> is not in the XML, a virUUIDGenerate() ends up being called which
	is unnecessary and can lead to crashes if /dev/urandom isn't available
	because virRandomInitialize() is not called within virt-aa-helper. This patch
	adds verify_xpath_context() and updates caps_mockup() to use it.
	Bug-Ubuntu: https://launchpad.net/bugs/672943

2010-11-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Support SMBIOS host mode

2010-11-12  Laine Stump  <laine@laine.org>

	remote_driver.c: fix non-literal format strings w/o args

	ignore SELinuxSetFilecon error in SELinuxSetSecurityFileLabel if on nfs
	If virDomainAttachDevice() was called with an image that was located
	on a root-squashed NFS server, and in a directory that was unreadable
	by root on the machine running libvirtd, the attach would fail due to
	an attempt to change the selinux label of the image with EACCES (which
	isn't covered as an ignore case in SELinuxSetFilecon())
	NFS doesn't support SELinux labelling anyway, so we mimic the failure
	handling of commit 93a18bbafaf11729d3ca1241e11bee133d77fa77, which
	just ignores the errors if the target is on an NFS filesystem (in
	SELinuxSetSecurityAllLabel() only, though.)
	This can be seen as a follow-on to commit
	347d266c51705f4987fa5ce2a0ecb314ed8745ce, which ignores file open
	failures of files on NFS that occur directly in
	virDomainDiskDefForeachPath() (also necessary), but does not ignore
	failures in functions that are called from there (eg
	SELinuxSetSecurityFileLabel()).

2010-11-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix reference counting bug in virsh console
	The event watches need to be removed before the event loop
	terminates, otherwise they cause a dangling reference to
	be held on the virStreamPtr, which in turns holds a reference
	on virConnectPtr, which in turn causes errors like
	  "Failed to disconnect from the hypervisor"
	* tools/console.c: Remove watches before event loop quits
	* tools/virsh.c: Print out dangling reference count

	Wire up virDomainOpenConsole for LXC, Xen and UML
	Introduce implementations of the virDomainOpenConsole() API
	for LXC, Xen and UML drivers.
	* src/lxc/lxc_driver.c, src/lxc/lxc_driver.c,
	  src/xen/xen_driver.c: Wire up virDomainOpenConsole

	Fix busy-wait loop on closed file descriptor
	When closing open streams after a client quits, the event
	callback was not removed. This mean that poll() was using
	a closed FD and returning POLLNVAL in a busy-wait loop.
	* daemon/stream.c: Disconnect stream callbacks

	Re-write virsh console to use streams
	This re-writes the 'virsh console' command so that it uses
	the new streams API. This lets it run remotely and/or as a
	non-root user. This requires that virsh be linked against
	the simple event loop from libvirtd in daemon/event.c
	As an added bonus, it can now connect to any console device,
	not just the first one.
	* tools/Makefile.am: Link to event.c
	* tools/console.c, tools/console.h: Rewrite to use the
	  virDomainOpenConsole() APIs with streams
	* tools/virsh.c: Support choosing the console name
	  via --devname $NAME

	Convert daemon/events.c to use virMutex and virThread
	The code currently uses pthreads APIs directly. This is not
	portable to Win32 threads. Switch it over to use the portability
	APIs. Also add a wrapper for pipe() which is subtely different
	on Win32
	* daemon/event.c: Switch to use virMutex & virThread.

	Introduce portability APIs for creating threads
	The util/threads.c/h code already has APIs for mutexes,
	condition variables and thread locals. This commit adds
	in code for actually creating threads.
	* src/libvirt_private.syms: Export new symbols
	* src/util/threads.h: Define APIs virThreadCreate, virThreadSelf,
	  virThreadIsSelf and virThreadJoin
	* src/util/threads-win32.c, src/util/threads-win32.h: Win32
	  impl of threads
	* src/util/threads-pthread.c, src/util/threads-pthread.h: POSIX
	  impl of threads

	Support virDomainOpenConsole with QEMU
	This provides an implementation of the virDomainOpenConsole
	API with the QEMU driver. For the streams code, this reuses
	most of the code previously added for the tunnelled migration
	streams since it is generic.
	* src/qemu/qemu_driver.c: Support virDomainOpenConsole

	Add a generic internal API for handling any FD based stream
	To avoid the need for duplicating implementations of virStream
	drivers, provide a generic implementation that can handle any
	FD based stream. This code is copied from the existing impl
	in the QEMU driver, with the locking moved into the stream
	impl, and addition of a read callback
	The FD stream code will refuse to operate on regular files or
	block devices, since those can't report EAGAIN properly when
	they would block on I/O
	* include/libvirt/virterror.h, include/libvirt/virterror.h: Add
	  VIR_FROM_STREAM error domain
	* src/qemu/qemu_driver.c: Remove code obsoleted by the new
	  generic streams driver.
	* src/fdstream.h, src/fdstream.c, src/fdstream.c,
	  src/libvirt_private.syms: Generic reusable FD based streams

	Lower logging level in remote driver streams
	Now that bi-directional, non-blocking streams are supported
	in the remote driver, some of the VIR_WARN statements need
	to be reduced to VIR_DEBUG.
	* src/remote/remote_driver.c: Lower logging level

	Remote driver client and server for virDomainOpenConsole
	This provides an implementation of the virDomainOpenConsole
	API for the remote driver client and server.
	* daemon/remote.c: Server side impl
	* src/remote/remote_driver.c: Client impl
	* src/remote/remote_protocol.x: Wire definition

	Introduce a virDomainOpenConsole API
	To enable virsh console (or equivalent) to be used remotely
	it is necessary to provide remote access to the /dev/pts/XXX
	pseudo-TTY associated with the console/serial/parallel device
	in the guest. The virStream API provide a bi-directional I/O
	stream capability that can be used for this purpose. This
	patch thus introduces a virDomainOpenConsole API that uses
	the stream APIs.
	* src/libvirt.c, src/libvirt_public.syms,
	  include/libvirt/libvirt.h.in, src/driver.h: Define the
	  new virDomainOpenConsole API
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c,
	  src/opennebula/one_driver.c, src/openvz/openvz_driver.c,
	  src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
	  src/remote/remote_driver.c, src/test/test_driver.c,
	  src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c, src/xenapi/xenapi_driver.c: Stub
	  API entry point

	Support callbacks on virStream APIs in remote driver client
	The current remote driver code for streams only supports
	blocking I/O mode. This is fine for the usage with migration
	but is a problem for more general use cases, in particular
	bi-directional streams.
	This adds supported for the stream callbacks and non-blocking
	I/O. with the minor caveat is that it doesn't actually do
	non-blocking I/O for sending stream data, only receiving it.
	A future patch will try to do non-blocking sends, but this is
	quite tricky to get right.
	* src/remote/remote_driver.c: Allow non-blocking I/O for
	  streams and support callbacks

2010-11-11  Daniel P. Berrange  <dan@berrange.com>

	Fix LXC container console device setup
	The /dev/console device inside the container must NOT map
	to the real /dev/console device node, since this allows the
	container control over the current host console. A fun side
	effect of this is that starting a container containing a
	real Fedora OS will kill off your X server.
	Remove the /dev/console node, and replace it with a symlink
	to the primary console TTY
	* src/lxc/lxc_container.c: Replace /dev/console with a
	  symlink to /dev/pty/0
	* src/lxc/lxc_controller.c: Remove /dev/console from cgroups
	  ACL

2010-11-11  Eric Blake  <eblake@redhat.com>

	virsh: supply long option for -V
	* tools/virsh.c (vshParseArgv): Use NULL instead of 0 for pointer,
	and symbolic names for has_arg.  Give --version an optional arg.
	(vshUsage): Document this.
	* tools/virsh.pod: Likewise.

2010-11-11  Cole Robinson  <crobinso@redhat.com>

	qemu: Add flag to force a CDROM eject
	QEMU allows forcing a CDROM eject even if the guest has locked the device.
	Expose this via a new UpdateDevice flag, VIR_DOMAIN_DEVICE_MODIFY_FORCE.
	This has been requested for RHEV:
	https://bugzilla.redhat.com/show_bug.cgi?id=626305
	v2: Change flag name, bool cleanups

2010-11-11  Eric Blake  <eblake@redhat.com>

	rpm: fix /var/lib/libvirt permissions
	https://bugzilla.redhat.com/show_bug.cgi?id=649511
	Regression of forcing 0700 permissions (which breaks guest startup
	because the qemu user can't see /var/lib/libvirt/*.monitor) was
	introduced in commit 66823690e, as part of libvirt 0.8.2.
	* libvirt.spec.in (%files): Drop %{_localstatedir}/lib/libvirt,
	since libvirt depends on libvirt-client.
	(%files client): Guarantee 755 permissions on
	%(_localstatedir}/lib/libvirt, since the qemu user must be able to
	do pathname resolution to a subdirectory.

2010-11-10  Daniel Veillard  <veillard@redhat.com>

	Augment bug reporting documentation
	With some instruction on how to attach useful gdb backtraces

2010-11-10  Adam Litke  <agl@us.ibm.com>

	Allow non-file disk backingStores
	I am trying to use a qcow image with libvirt where the backing 'file' is a
	qemu-nbd server.  Unfortunately virDomainDiskDefForeachPath() assumes that
	backingStore is always a real file so something like 'nbd:0:3333' is rejected
	because a file with that name cannot be accessed.  Note that I am not worried
	about directly using nbd images.  That would require a new disk type with XML
	markup, etc.  I only want it to be permitted as a backingStore
	The following patch implements danpb's suggestion:
	> I think I'm inclined to push the logic for skipping NBD one stage higher.
	> I'd rather expect virStorageFileGetMetadata() to return all backing
	> stores, even if not files. The virDomainDiskDefForeachPath() method
	> should definitely ignore non-file backing stores though.
	>
	> So what I'm thinking is to extend the virStorageFileMetadata struct and
	> just add a 'bool isFile' field to it. Default this field to true, unless
	> you see the prefix of nbd: in which case set it to false. The
	> virDomainDiskDefForeachPath() method can then skip over any backing
	> store with isFile == false
	Cc: Daniel P. Berrange <berrange@redhat.com>

2010-11-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	xencapstest: Don't fail when Xen is installed
	xencapstest calls xenHypervisorMakeCapabilitiesInternal with conn == NULL
	which calls xenDaemonNodeGetTopology with conn == NULL when a recent
	enough Xen was detected (sys_interface_version >= SYS_IFACE_MIN_VERS_NUMA).
	But xenDaemonNodeGetTopology insists in having conn != NULL and fails,
	because it expects to be able to talk to an actual xend.
	We cannot do that in a 'make check' test. Therefore, only call the xend
	subdriver function when conn isn't NULL.
	Reported by Andy Howell and Jim Fehlig.

2010-11-10  Laine Stump  <laine@laine.org>

	virsh: fix non-literal string format
	These are in the newly added -V output.

2010-11-10  Stefan Berger  <stefanb@us.ibm.com>

	bye to close(), welcome to VIR_(FORCE_)CLOSE()
	Using automated replacement with sed and editing I have now replaced all
	occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of
	course. Some replacements were straight forward, others I needed to pay
	attention. I hope I payed attention in all the right places... Please
	have a look. This should have at least solved one more double-close
	error.

2010-11-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix syntax-check error in domain.rng
	Replace tab with spaces.

	esx: Add support for memtune/min_guarantee
	Also add a test case for the VMX handling of it.

2010-11-09  Jiri Denemark  <jdenemar@redhat.com>

	schema: Move timer element inside clock
	Both conf/domain_conf.c and domain XML documentation have <timer>
	elements inside /domain/clock. Change domain.rng schema to be consistent
	with them.

2010-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Misc test case fixes for SPICE
	* docs/schemas/domain.rng: Fix merge error which left SPICE channel
	  elements under VNC schema.
	* tests/qemuhelptest.c: Add SPICE flag to kvm-83 test
	* tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml: Add
	  <memballoon> element

2010-11-09  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Add .xml suffix to tmp files used in *edit commands
	This helps editors with detecting the temporary files as XML since the
	temporary files do not contain <?xml ...?> declaration.
	Requested by https://bugzilla.redhat.com/show_bug.cgi?id=602277

2010-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Support SPICE channel security options
	This extends the SPICE XML to allow channel security options
	    <graphics type='spice' port='-1' tlsPort='-1' autoport='yes'>
	      <channel name='main' mode='secure'/>
	      <channel name='record' mode='insecure'/>
	    </graphics>
	Any non-specified channel uses the default, which allows both
	secure & insecure usage
	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/libvirt_private.syms: Add XML syntax for specifying per
	  channel security options for spice.
	* src/qemu/qemu_conf.c: Configure channel security with spice

	Support multiple QXL video cards
	QEMU crashes & burns if you try multiple Cirrus video cards, but
	QXL copes fine. Adapt QEMU config code to allow multiple QXL
	video cards
	* src/qemu/qemu_conf.c: Support multiple QXL video cards

	Define XML syntax for password expiry
	This extends the XML syntax for <graphics> to allow a password
	expiry time to be set
	eg
	  <graphics type='vnc' port='5900' autoport='yes' keymap='en-us' passwd='12345' passwdValidTo='2010-04-09T15:51:00'/>
	The timestamp is in UTC.
	* src/conf/domain_conf.h: Pull passwd out into separate struct
	  virDomainGraphicsAuthDef to allow sharing between VNC & SPICE
	* src/conf/domain_conf.c: Add parsing/formatting of new passwdValidTo
	  argument
	* src/opennebula/one_conf.c, src/qemu/qemu_conf.c, src/qemu/qemu_driver.c,
	  src/xen/xend_internal.c, src/xen/xm_internal.c: Update for changed
	  struct containing VNC password

	Add SPICE support for QEMU driver configuration file
	In common with VNC, the QEMU driver configuration file is used
	specify the host level TLS certificate location and a default
	password / listen address
	* src/qemu/qemu.conf: Add spice_listen, spice_tls,
	  spice_tls_x509_cert_dir & spice_password config params
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Parsing of
	  spice config parameters and updating -spice arg generation
	  to use them
	* tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-rhel6.args,
	  tests/qemuxml2argvtest.c: Expand test case to cover driver
	  level configuration

	Support automatic port number allocation for SPICE
	* src/qemu/qemu_driver.c: Allocate the TCP ports for SPICE
	  before starting guest

	Implement QEMU/KVM support for SPICE graphics
	This supports the -spice argument posted for review against
	the latest upstream QEMU/KVM. This supports the bare minimum
	config with port, TLS port & listen address. The x509 bits are
	added in a later patch.
	* src/qemu_conf.c, src/qemu_conf.h: Add SPICE flag. Check for
	  -spice availability. Format -spice arg for command line
	* qemuhelptest.c: Add SPICE flag
	* qemuxml2argvdata/qemuxml2argv-graphics-spice.args: Add <graphics>
	  for spice
	* qemuxml2argvdata/qemuxml2argv-graphics-spice.xml: Add -spice arg
	* qemuxml2argvtest.c: Add SPICE flag

	Implement QEMU/KVM QXL video card support in QEMU driver
	This supports the '-vga qxl' parameter in upstream QEMU/KVM
	which has SPICE support added. This isn't particularly useful
	until you get the next patch for -spice support. Also note that
	while the libvirt XML supports multiple video devices, this
	patch only supports a single one. A later patch can add support
	for 2nd, 3rd, etc PCI devices for QXL
	* src/qemu/qemu_conf.h: Flag for QXL support
	* src/qemu/qemu_conf.c: Probe for '-vga qxl' support and implement it
	* tests/qemuxml2argvtest.c, tests/qemuxml2xmltest.c,
	  tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args,
	  tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml: Test
	  case for generating spice args with RHEL6 kvm

	Add a <graphics> type for SPICE protocol
	This adds an element
	 <graphics type='spice' port='5903' tlsPort='5904' autoport='yes' listen='127.0.0.1'/>
	This is the bare minimum that should be exposed in the guest
	config for SPICE. Other parameters are better handled as per
	host level configuration tunables
	* docs/schemas/domain.rng: Define the SPICE <graphics> schema
	* src/domain_conf.h, src/domain_conf.c: Add parsing and formatting
	  for SPICE graphics config
	* src/qemu_conf.c: Complain about unsupported graphics types

	Add a QXL graphics card type to domain XML schema
	* src/qemu_conf.c: Add dummy entry in enumeration
	* docs/schemas/domain.rng: Add 'qxl' as a type for the <video> tag
	* src/domain_conf.c, src/domain_conf.h: Add QXL to video type
	  enumerations

2010-11-09  Daniel Veillard  <veillard@redhat.com>

	Show compiled in options in virsh -V
	  To ease debugging this trivial patch allows to find what was compiled
	in in the local version of libvirt, this doesn't work for remote access
	but that's probably sufficient. With the patch I get on my machine:
	paphio:~/libvirt/tools -> ./virsh -V
	Virsh command line tool of libvirt 0.8.4
	See web site at http://libvirt.org/
	Compiled with support for:
	 Hypervisors: Xen QEmu/KVM UML OpenVZ LXC ESX PHYP Test
	 Networking: Remote Daemon Network Bridging Netcf Nwfilter
	 Storage: Dir Disk Filesystem SCSI Multipath iSCSI LVM
	 Miscellaneous: SELinux Secrets Debug Readline
	paphio:~/libvirt/tools ->
	* tools/virsh.c: add -V option
	* tools/virsh.pod: document the extension

2010-11-09  Jiri Denemark  <jdenemar@redhat.com>

	maint: Commit .gitignore sorting done by bootstrap

	qemu: Fix non-literal format string

2010-11-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	xen-proxy: Remove it entirely and use libvirtd instead
	Suggested by danpb, as it's not up-to-date anymore and
	lacks many functions that were added to libvirtd.

	lxc: Exit on first error in lxcDomainGetMemoryParameters
	There is no point in trying to fill params beyond the first error,
	because when lxcDomainGetMemoryParameters returns -1 then the caller
	cannot detect which values in params are valid.

	Allow virDomainGetMemoryParameters on read-only connections
	Also fix a typo in the documentation of the function.

2010-11-08  Justin Clift  <jclift@redhat.com>

	virsh: fix incorrect help text mentioning non-existent network 'id'

2010-11-08  Daniel Veillard  <veillard@redhat.com>

	Add a new test for sysinfo and smbios handling

	Add sysinfo/smbios support to the QEmu driver
	The patch is based on the possiblity in the QEmu command line to
	add -smbios options allowing to override the default values picked
	by QEmu. We need to detect this first from QEmu help output.
	If the domain is defined with smbios to be inherited from host
	then we pass the values coming from the Host own SMBIOS, but
	if the domain is defined with smbios to come from sysinfo, we
	use the ones coming from the domain definition.
	* src/qemu/qemu_conf.h: add the QEMUD_CMD_FLAG_SMBIOS_TYPE enum
	  value
	* src/qemu/qemu_conf.c: scan the help output for the smbios support,
	  and if available add support based on the domain definitions,
	  and host data
	* tests/qemuhelptest.c: add the new enum in the outputs

	Read the host sysinfo for the QEmu driver
	Read and store the data when initializing the driver.

	Add a sysinfo util module and read host info API
	Move existing routines about virSysinfoDef to an util module,
	add a new entry point virSysinfoRead() to read the host values
	with dmidecode
	* src/conf/domain_conf.c src/conf/domain_conf.h src/util/sysinfo.c
	  src/util/sysinfo.h: move to a new module, add virSysinfoRead()
	* src/Makefile.am: handle the new module build
	* src/libvirt_private.syms: new internal symbols
	* include/libvirt/virterror.h src/util/virterror.c: defined a new
	  error code for that module
	* po/POTFILES.in: add new file for translations

	Add smbios element to schema and configuration to HVM os
	the element has a mode attribute allowing only 3 values:
	  - emulate: use the smbios emulation from the hypervisor
	  - host: try to use the smbios values from the node
	  - sysinfo: grab the values from the <sysinfo> fields
	* docs/schemas/domain.rng: extend the schemas
	* src/conf/domain_conf.h: add the flag to the domain config
	* src/conf/domain_conf.h: parse and serialize the smbios if present

	Sysinfo parsing and saving to/from configuration files
	* src/conf/domain_conf.h: defines a new internal type added to the
	  domain structure
	* src/conf/domain_conf.c: parsing and serialization of that new type

	Sysinfo extension to relax-ng schemas
	Currently includes a subset of the SMBIOS strings set

2010-11-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Remove redundant slash in save directory path

2010-11-06  Chris Lalancette  <clalance@redhat.com>

	Implement virsh qemu-monitor-command.
	Now that the virsh parsing has been revamped, we can
	implement qemu-monitor-command.  This is basically the same
	as it was in previous iterations, but has now been tested to
	work both with the plain text monitor and the QMP monitor.

2010-11-05  Daniel P. Berrange  <dan@berrange.com>

	Fix off-by-1 in todo page generator
	The todo.pl script had an off-by-1 which meant any category
	with only a single bug would not appear
	* docs/todo.pl: Fix off-by-1

2010-11-03  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: libvirtd forgot macvtap dev name when restarted
	During a shutdown/restart cycle libvirtd forgot the macvtap device name that it had created on behalf of a VM so that a stale macvtap device remained on the host when the VM terminated. Libvirtd has to actively tear down a macvtap device and it uses its name for identifying which device to tear down.
	The solution is to not blank out the <target dev='...'/> completely, but only blank it out on VMs that are not active. So, if a VM is active, the device name makes it into the XML and is also being parsed. If a VM is not active, the device name is discarded.

2010-11-03  Osier Yang  <jyang@redhat.com>

	tests: fix daemon-conf testing failure
	libvirtd.conf uses "libvirt" as the value of "unix_sock_group",
	however, group "libvirt" may not exist on the system, in this case
	the case will always fail.
	As a solution, replace "libvirt" with "$USER" in "tmp.conf".

2010-11-03  Daniel Veillard  <veillard@redhat.com>

	Fix virPipeReadUntilEOF on more than 1024 bytes of data
	virPipeReadUntilEOF is used to read the stdout of exec'ed
	and this could fail to capture the full output and read only
	1024 bytes.
	  The problem is that this is based on a poll loop, and in the
	loop we read at most 1024 bytes per file descriptor, but we also
	note in the loop if poll indicates that the process won't output
	more than that on that fd by setting finished[i] = 1.
	  The simplest way is that if we read a full buffer make sure
	finished[i] is still 0 because we will need another pass in the
	loop.

2010-11-03  Eric Blake  <eblake@redhat.com>

	virterror: supply missing spaces
	* src/util/virterror.c (virErrorDomainName): Always supply
	trailing space if category was present.

	xen: work with xen 4.0.1 headers
	* src/xen/xen_driver.h (includes): Include main xen headers
	here...
	* src/xen/xs_internal.c (includes): ...rather than in just one of
	the sub-drivers.

2010-11-03  Jim Fehlig  <jfehlig@novell.com>

	Fix build with polkit 0
	Commit e8066d53 broke the build with polkit0:
	remote.c: In function 'remoteDispatchAuthPolkit':
	remote.c:4177: error: 'rv' undeclared (first use in this function)
	Add missing identifier.

2010-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Change calling conventions in remote driver client internals
	The remoteIO() method has wierd calling conventions, where
	it is passed a pre-allocated 'struct remote_call *' but
	then free()s it itself, instead of letting the caller free().
	This fixes those weird semantics
	* src/remote/remote_driver.c: Sanitize semantics of remoteIO
	  method wrt to memory release

	Fix comment for <video> tag in domain RNG schema
	The comment for the <video> tag was a cut+paste error duplicating
	info about the <graphics> tag
	* docs/schemas/domain.rng: Fix comment for <video> tag

	Misc error handling fixes in text mode monitor commands
	A couple of places in the text monitor were overwriting the
	'ret' variable with a >= 0 value before success was actually
	determined. So later error paths would not correctly return
	the -1 value. The drive_add code was not checking for errors
	like missing command
	* src/qemu/qemu_monitor_text.c: Misc error handling fixes

	Ignore open failures when relabelling disk images
	NFS in root squash mode may prevent opening disk images to
	determine backing store. Ignore errors in this scenario.
	* src/security/security_selinux.c: Ignore open failures on disk
	  images

	Treat failure to relabel stdin_path as non-fatal on NFS
	NFS does not support file labelling, so ignore this error
	for stdin_path when on NFS.
	* src/security/security_selinux.c: Ignore failures on labelling
	  stdin_path on NFS
	* src/util/storage_file.c, src/util/storage_file.h: Refine
	  virStorageFileIsSharedFS() to allow it to check for a
	  specific FS type.

	Revert commit 06f81c63ebc19cb0e51f9b397991f6d6ae56d090
	Commit 06f81c63ebc19cb0e51f9b397991f6d6ae56d090 attempted to make
	QEMU driver ignore the failure to relabel 'stdin_path' if it was
	on NFS. The actual result was that it ignores *all* failures to
	label any aspect of the VM, unless stdin_path is non-NULL and
	is not on NFS.
	* src/qemu/qemu_driver.c: Treat all relabel failures as terminal

2010-11-02  Jiri Denemark  <jdenemar@redhat.com>

	Fix several warnings about a non-literal format string
	They only popped up during --disable-nls build. Without this configure
	option, gcc wasn't able to detect them.

2010-11-02  Osier Yang  <jyang@redhat.com>

	util: Add helper function to build timestamp string
	* src/util/util.h
	* src/util/util.c
	* src/libvirt_private.syms

2010-11-02  Eric Blake  <eblake@redhat.com>

	docs: fix typo
	* docs/drvqemu.html.in (qemu): Fix typo.

	build: avoid compiler warning in xen code
	* src/xen/xend_internal.c (xenDaemonFormatSxpr): Hoist verify
	outside of function to avoid a -Wnested-externs warning.
	* src/xen/xm_internal.c (xenXMDomainConfigFormat): Likewise.
	Reported by Daniel P. Berrange.

2010-11-02  Diego Elio Pettenò  <flameeyes@gmail.com>

	misc: encode the Emacs suggstions from HACKING into a .dir-locals.el file
	With this file in place, opening any source file in libvirt will set up
	Emacs for proper indentation.

	qemu: add the USB devices to the cgroup whitelist
	Make sure that the QEmu process within the cgroup can access the device
	file for the USB device that has to be connected to the virtual domain.

2010-11-01  Eric Blake  <eblake@redhat.com>

	xen: work with ia64 MAX_VIRT_CPUS of 64
	* src/xen/xen_hypervisor.c (MAX_VIRT_CPUS): Move...
	* src/xen/xen_driver.h (MAX_VIRT_CPUS): ...so all xen code can see
	same value.
	* src/xen/xend_internal.c (sexpr_to_xend_domain_info)
	(xenDaemonDomainGetVcpusFlags, xenDaemonParseSxpr)
	(xenDaemonFormatSxpr): Work if MAX_VIRT_CPUS is 64 on a platform
	where long is 64-bits.
	* src/xen/xm_internal.c (xenXMDomainConfigParse)
	(xenXMDomainConfigFormat): Likewise.

2010-10-30  Diego Elio Pettenò  <flameeyes@gmail.com>

	build: cleanup declaration of xen tests.
	Only build statstest and reconnect if they should be used, so add them
	behind the ENABLE_XEN_TESTS conditional.

2010-10-30  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	qemu: check compression program availability of virsh save and dump

	add compression support for "virsh dump"
	Add dump_image_format[] to qemu.conf and support compressed dump
	at virsh dump. coredump compression is important for saving disk space
	in an environment where multiple guests run.
	In general, "disk space for dump" is specially allocated and will be
	a dead space in the system. It's used only at emergency. So, it's better
	to have both of save_image_format and dump_image_format. "save" is done
	in scheduled manner with enough calculated disk space for it.
	This code reuses some of save_image_format[] and supports the same format.
	Changelog:
	 - modified libvirtd_qemu.aug
	 - modified test_libvirtd_qemu.aug
	 - fixed error handling of qemudSaveCompressionTypeFromString()

2010-10-29  Lai Jiangshan  <laijs@cn.fujitsu.com>

	qemu_driver: add virCgroupMounted
	When we mount any cgroup without "-o devices", we will fail to start vms:
	error: Failed to start domain vm1
	error: Unable to deny all devices for vm1: No such file or directory
	When we mount any cgroup without "-o cpu", we will fail to get schedinfo:
	Scheduler      : posix
	error: unable to get cpu shares tunable: No such file or directory
	We should only use the cgroup controllers which are mounted on host.
	So I add virCgroupMounted() for qemuCgroupControllerActive()

2010-10-29  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.5
	* configure.ac libvirt.spec.in: new version
	* docs/news.html.in: update news page and improve format
	* po/*.po*: Update po again

	Updating localization and regenerating before release

2010-10-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Don't warn when the linker search path doesn't contain VBoxXPCOMC.so
	This is actually a workaround, to unbreak make check on systems
	without VirtualBox.

	vbox: Stop hardcoding a single path for VBoxXPCOMC.so
	This partly reverts df90ca7661b0a789bd790ccf8258a4527c13eb8d.
	Don't disable the VirtualBox driver when configure can't find
	VBoxXPCOMC.so, rely on detection at runtime again instead.
	Keep --with-vbox=/path/to/virtualbox intact, added to for:
	https://bugzilla.redhat.com/show_bug.cgi?id=609185
	Detection order for VBoxXPCOMC.so:
	1. VBOX_APP_HOME environment variable
	2. configure provided location
	3. hardcoded list of known locations
	4. dynamic linker search path
	Also cleanup the glue code and improve error reporting.

2010-10-29  Justin Clift  <jclift@redhat.com>

	virsh: improve the help description for managedsave and start
	Updated the descriptions for managedsave and start in virsh and
	the virsh man page, and also for managedsave-remove in the virsh
	man page.

2010-10-29  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	audit: printf warning fix
	fix warning
	  CC     libvirt_util_la-virtaudit.lo
	cc1: warnings being treated as errors
	util/virtaudit.c: In function 'virAuditEncode':
	util/virtaudit.c:146: error: implicit declaration of function 'virAsprintf' [-Wimplicit-function-declaration]
	util/virtaudit.c:146: error: nested extern declaration of 'virAsprintf' [-Wnested-externs]

2010-10-28  Stefan Berger  <stefanb@us.ibm.com>

	eliminate possibility of a double-closed file descriptor
	The 2nd and 3rd hunk show the only double-closed file descriptor code part that I found while trying to clean up close(). The first hunk seems a harmless cleanup in that same file.

2010-10-28  Eric Blake  <eblake@redhat.com>

	qemu: check for vm after starting a job
	https://bugzilla.redhat.com/show_bug.cgi?id=638285 - when migrating
	a guest, it was very easy to provoke a race where an application
	could query block information on a VM that had just been migrated
	away.  Any time qemu code obtains a job lock, it must also check
	that the VM was not taken down in the time where it was waiting
	for the lock.
	* src/qemu/qemu_driver.c (qemudDomainSetMemory)
	(qemudDomainGetInfo, qemuDomainGetBlockInfo): Check that vm still
	exists after obtaining job lock, before starting monitor action.

2010-10-28  Laine Stump  <laine@laine.org>

	Only attempt removal of the rule allowing tftp if it was added
	During virtual network startup, the iptables rule that allows tftp
	traffic is only added if network->def->tftproot is non-empty, but when
	the virtual network is destroyed, we had been unconditionally trying
	to delete the rule. This was harmless, except that it created a bogus
	error message.
	This patch conditionalizes the delete command in the same manner that
	the insert command is already conditionalized.

2010-10-28  Justin Clift  <jclift@redhat.com>

	docs: updated the C# bindings page with arnauds latest changes

	docs: update ruby bindings maintainer to chris lalancette

2010-10-28  Eric Blake  <eblake@redhat.com>

	build: use shorter file names for 'make dist'
	* docs/api_extension/{0013,0014}*.patch: Rename to shorter files.
	* docs/api_extension.html.in: Reflect rename.

2010-10-28  Justin Clift  <jclift@redhat.com>

	docs: reworded and reordered the bindings page, plus minor tweaks
	Reordered the bindings into alphabetical order, added a link to
	the php-libvirt source on Github, plus gave the direct package
	names needed for Python usage on RHEL/Fedora, and Ubuntu.

2010-10-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	mingw: Add body for virFork and remove double virDriverLoadModule export
	Commit 9bd3cce0d2d54e6ab893bb8137218b83d9294714 added virFork and
	virDriverLoadModule to libvirt_private.syms, but virFork didn't have
	a body on Win32 and virDriverLoadModule was already correctly
	exported conditional via libvirt_driver_modules.syms.

2010-10-28  Daniel P. Berrange  <berrange@redhat.com>

	Add disk/net resource auditing to QEMU driver
	Add auditing of all initial disk/net assignments to QEMU guests
	at startup. Add auditing for all hotplug & unplug events and
	disk media changes.
	* src/qemu/qemu_driver.c: Add disk/net resource auditing

	Add auditing of security label in QEMU driver
	Add auditing of the allocated security label in the QEMU driver
	VM startup code
	* src/qemu/qemu_driver.c: Audit security label

	Add auditing of start/stop events to the QEMU driver
	Add audit hooks to report all start and stop events on QEMU
	guest domains.
	* src/qemu/qemu_driver.c: Audit start/stop events

	Add printf format attribute annotation to virAuditSend method
	* src/util/virtaudit.h: Add printf format attribute annotation

	Add audit helper for escaping log message strings
	Add a helper API for ecscaping the value in audit log
	messages
	* src/util/virtaudit.h, src/util/virtaudit.c,
	  src/libvirt_private.syms: Add virAuditEncode

	Remove audit hooks from the selinux security driver code
	This reverts commit b8e2de8899594edcd78b3a7cb1b39b89bbed2891
	The hooks will be re-added in the QEMU driver itself.
	* src/security/security_selinux.c: Remove audit hooks

	Remove all auditing hooks from libvirtd dispatch code
	Revert most of commit a8b5f9bd27d65c2ced064b9267ca31dee7ad9c86.
	The audit hooks will be re-added directly in the QEMU driver code
	in a future commit
	* daemon/remote.c: Remove all audit logging hooks
	* src/qemu/qemu_driver.c: Remove all audit logging hooks

2010-10-27  Philipp Hahn  <hahn@univention.de>

	Fix xen API documentation
	*src/xen/xend_internal.c: fix a couple of comments in function descriptions

2010-10-27  Justin Clift  <jclift@redhat.com>

	docs: added a table of contents to the first 11 docs files
	There are a 58 docs files, so adding an autogenerated Table Of
	Contents to them all will take some time.  This is the first
	piece of the work done.

	docs: reformated the bindings page html markup to match other pages

2010-10-27  Eric Blake  <eblake@redhat.com>

	virsh: use - not _ in memtune option names
	* tools/virsh.c (opts_memtune): All other options in virsh use -
	for separating words.

	build: fix shell detection bug
	A missing shell was noisy, and the use of command to decipher a
	shell's absolute path requires "" rather than ''.
	* configure.ac (lv_cv_wrapper_shell): Fix logic errors if candidate
	shell is not available.
	* .gitignore: Ignore file created when /bin/sh is old dash.
	Reported by Matthias Bolte.

	maint: fix syntax-check failure of previous patch
	* cfg.mk (sc_prohibit_trailing_blank_lines): Delete; this is
	adequately covered by maint.mk's sc_prohibit_empty_lines_at_EOF.
	* .x-sc_prohibit_empty_lines_at_EOF: New file, to exempt raw
	patches.
	* Makefile.am (EXTRA_DIST): Include new exemption.

	docs: revamp api_extension example, using vcpu patch series
	* docs/api_extension/*: Replace example files.
	* docs/api_extension.html.in: Rewrite to match new example files.

2010-10-27  Diego Elio Pettenò  <flameeyes@gmail.com>

	qemu: don't use %.3d format for bus/addr of USB devices
	When using 0-prefixed numbers, QEmu will interpret them as octal numbers
	(as C convention says); this means that if you attach a device that has
	addr > 10 (decimal) you're going to attach a different device.

2010-10-26  Eric Blake  <eblake@redhat.com>

	virsh: fix range of memtune command
	* tools/virsh.c (cmdMemtune): Use long long for memory
	sizes. Simplify allocation, and plug memory leak.

	virsh: improve help text where integers are expected
	* tools/virsh.c (opts_freecell, opts_memtune, opts_vcpupin)
	(opts_setvcpus, opts_setmaxmem, opts_setmem)
	(opts_migrate_setmaxdowntime): Use VSH_OT_INT when only an integer
	is expected.
	(vshCmddefHelp, vshCmddefGetData): Allow mandatory VSH_OT_INT
	arguments.

	qemu: work around dash 0.5.5 bug in managed save
	Older dash mistakenly truncates regular files when using <> redirection;
	this kills our use of double dd to reduce storage overhead when
	saving qemu images.  But qemu insists on running a command through
	/bin/sh, so we work around it by having qemu run $sh -c 'real command'
	when we have a replacement $sh in mind.
	* configure.ac (VIR_WRAPPER_SHELL): Define to a replacement shell,
	if /bin/sh is broken on <> redirection.
	* src/qemu/qemu_monitor.h (VIR_WRAPPER_SHELL_PREFIX)
	(VIR_WRAPPER_SHELL_SUFFIX): New macros.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrateToFile): Use
	them.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMigrateToFile):
	Likewise.

2010-10-26  Justin Clift  <jclift@redhat.com>

	docs: make the location of the xml catalog file a configure option
	The default location for the XML catalog file, /etc/xml/catalog,
	used when validating the generated html docs, isn't correct for
	MacOS X.
	This commit adds an option to the configure script, allowing the
	default to be overridden:
	  --with-xml-catalog-file=/path/to/xml/catalog/file

2010-10-26  Daniel P. Berrange  <berrange@redhat.com>

	Avoid squashing errors during network startup cleanup path
	When failing to start a virtual network, we have to cleanup,
	tearing down any iptables rules. If the iptables rules were
	not present yet though, this raises an error, which squashes
	the original error we were handling.
	* src/network/bridge_driver.c: When failing to start a virtual
	  network, don't squash the original error in cleanup

2010-10-26  Justin Clift  <jclift@redhat.com>

	docs: install the generated html files when make install is run
	Previously, only the API docs were installed, rather than the
	complete documentation set.  This commit ensures the complete
	documentation set is installed.

2010-10-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix build for SystemTap 1.0
	With SystemTap 1.0 a part of the generated macros in probes.h
	expands to:
	volatile __typeof__(((name))) arg2 = (name);
	GCC reports an 'invalid initialize' error when name has type
	char[]. Therfore, add casts to char* to avoid this.

2010-10-26  Jiri Denemark  <jdenemar@redhat.com>

	xen: Fix domain dump
	Remove redundant 'live' parameter which caused an error from xend:
	    "xend.err 'Too many values for live'"

2010-10-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix formatting of network address in iptables helpers
	The network address was being set to 192.168.122.0 instead
	of 192.168.122.0/24. Fix this by removing the unneccessary
	'network' field from virNetworkDef and just pass the
	network address and netmask into the iptables APIs directly.
	* src/conf/network_conf.h, src/conf/network_conf.c: Remove
	  the 'network' field from virNEtworkDef.
	* src/network/bridge_driver.c: Update for iptables API changes
	* src/util/iptables.c, src/util/iptables.h: Require the
	  network address + netmask pair to be passed in

2010-10-26  Osier Yang  <jyang@redhat.com>

	virsh: Add option 'model' for attach-interface
	* tools/virsh.c: add missing option from the CLI to allows setting
	  up the NIC model type when attaching an interface
	* tools/virsh.pod: extend documentation
	* AUTHORS: add Osier Yang to the list

2010-10-26  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix detection of drive readonly option
	So far, readonly=on option is used when qemu supports -device. However,
	there are qemu versions which support readonly option with -drive
	although they don't have support for -device.

2010-10-26  Philipp Hahn  <hahn@univention.de>

	Fix documentation for virEventAddTimeout()
	* src/util/event.h: Fix copy&paste error from virEventAddHandle()

2010-10-26  Eric Blake  <eblake@redhat.com>

	maint: ignore new test executable
	* tests/.gitignore: Sort, and add sockettest.

2010-10-23  Justin Clift  <jclift@redhat.com>

	daemon: updates previous 1 line patch for correctness
	The previous commit, 880da47a05b9fb8381e79b03ead5dd2d8a6a937a,
	worked on my system, but wasn't actually correct.  This follow
	up patch corrects it properly.

	daemon: exclude requirement for probes.h on systems without systemtap
	This 1-liner was actually written by Eric Blake, over IRC. It
	addresses a compilation failure in make dist and make rpm for
	systems without the dtrace/systemtap development libraries
	installed.

2010-10-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add documentation about certificates and connection problems

2010-10-23  Jiri Denemark  <jdenemar@redhat.com>

	tests: Silence qemuxml2argv test

2010-10-23  Eric Blake  <eblake@redhat.com>

	dnsmasq: avoid potential crash
	* src/util/dnsmasq.c (hostsfileAdd): Don't free uninitialized
	memory on allocation failure.

2010-10-22  Justin Clift  <jclift@redhat.com>

	docs: added a table of contents to the new c sharp bindings page

	docs: removed old changelog file, as it is no longer relevant
	We instead point to the live git log URL for the few links still
	needing to point to something.

2010-10-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Fix compile errors due to the virSocketAddr series

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Don't try to parse a NULL ip address for boot server
	The boot server IP address is optional, so it needs to be
	checked before attempting to parse it.
	* src/conf/network_conf.c: Don't parse NULL ip address for
	  boot server

	Convert virNetwork to use virSocketAddr everywhere
	Instead of storing the IP address string in virNetwork related
	structs, store the parsed virSocketAddr. This will make it
	easier to add IPv6 support in the future, by letting driver
	code directly check what address family is present
	* src/conf/network_conf.c, src/conf/network_conf.h,
	  src/network/bridge_driver.c: Convert to use virSocketAddr
	  in virNetwork, instead of char *.
	* src/util/bridge.c, src/util/bridge.h,
	  src/util/dnsmasq.c, src/util/dnsmasq.h,
	  src/util/iptables.c, src/util/iptables.h: Convert to
	  take a virSocketAddr instead of char * for any IP
	  address parameters
	* src/util/network.h: Add macros to determine if an address
	  is set, and what address family is set.

	Include socket address in client probe data
	It is useful to know where the client is connecting from,
	so include the socket address in probe data.
	* daemon/libvirtd.h: Use virSocketAddr for storing client
	  address and keep printable address handy for logging
	* daemon/libvirtd.c: Include socket address in client
	  connect/disconnect probes
	* daemon/probes.d: Add socket address to probes
	* examples/systemtap/client.stp: Print socket address
	* src/util/network.h: Add sockaddr_un to virSocketAddr union

	Add dtrace static probes in libvirtd
	Adds initial support for dtrace static probes in libvirtd
	daemon, assuming use of systemtap dtrace compat shim on
	Linux. The probes are inserted for network client connect,
	disconnect, TLS handshake states and authentication protocol
	states.
	This can be tested by running the xample program and then
	attempting to connect with any libvirt client (virsh,
	virt-manager, etc).
	 # stap examples/systemtap/client.stp
	  Client fd=44 connected readonly=0
	  Client fd=44 auth polkit deny pid:24997,uid:500
	  Client fd=44 disconnected
	  Client fd=46 connected readonly=1
	  Client fd=46 auth sasl allow test
	  Client fd=46 disconnected
	The libvirtd.stp file should also really not be required,
	since it is duplicated info that is already available in
	the main probes.d definition file. A script to autogenerate
	the .stp file is needed, either in libvirtd tree, or better
	as part of systemtap itself.
	* Makefile.am: Add examples/systemtap subdir
	* autobuild.sh: Disable dtrace for mingw32
	* configure.ac: Add check for dtrace
	* daemon/.gitignore: Ignore generated dtrace probe file
	* daemon/Makefile.am: Build dtrace probe header & object
	  files
	* daemon/libvirtd.stp: SystemTAP convenience probeset
	* daemon/libvirtd.c: Add connect/disconnect & TLS probes
	* daemon/remote.c: Add SASL and PolicyKit auth probes
	* daemon/probes.d: Master probe definition
	* daemon/libvirtd.h: Add convenience macro for probes
	  so that compilation is a no-op when dtrace is not available
	* examples/systemtap/Makefile.am, examples/systemtap/client.stp
	  Example systemtap script using dtrace probe markers
	* libvirt.spec.in: Enable dtrace on F13/RHEL6
	* mingw32-libvirt.spec.in: Force disable dtrace

	Add test suite for virSocket APIs
	Add a test suite for check parsing, formatting, range calculation
	and netmask checking APIs in virSocketAddr.
	* tests/sockettest.c, tests/Makefile.am: Add new test case

	Ban use of all inet_* functions
	All the inet_* functions can be replaced with calls to the
	virSocket APIs. Since many of the inet_* funtions are unsafe,
	and the remainder are obsolete, forbid all future use of them
	in libvirt.
	* Makefile.nonreentrant: Ban use of inet_*

	Remove all use of inet_pton and inet_ntop
	The  inet_pton and inet_ntop functions are obsolete, replaced
	by getaddrinfo+getnameinfo with the AI_NUMERICHOST flag set.
	These can be accessed via the virSocket APIs.
	The bridge.c code had methods for fetching the IP address of
	a bridge which used inet_ntop. Aside from the use of inet_ntop
	these methods are broken, because a NIC can have multiple
	addresses and this only returns one address. Since the methods
	are never used, just remove them.
	* src/conf/network_conf.c, src/nwfilter/nwfilter_learnipaddr.c:
	  Replace inet_pton and inet_ntop with virSocket APIs
	* src/util/bridge.c, src/util/bridge.h: Remove unused methods
	  which called inet_ntop.

	Remove both addrToString methods
	The addrToString functionality is now available via the
	virSocketFormatAddrFull method.
	* daemon/remote.c, src/remote/remote_driver.c: Remove
	  addrToString methods

	Fix error reporting for virSocketParse
	The virSocketParse method was not doing any error reporting
	which meant the true cause of the problem was lost. Remove
	all error reporting from callers, and push it into virSocketParse
	* src/util/network.c: Add error reporting to virSocketParse
	* src/conf/domain_conf.c, src/conf/network_conf.c,
	  src/network/bridge_driver.c: Remove error reporting in
	  callers of virSocketParse

	Expand virSocketFormat to be more flexible
	The getnameinfo() function is more flexible than inet_ntop()
	avoiding the need to if/else the code based on socket family.
	Also make it support UNIX socket addrs and allow inclusion
	of a port (service) address. Finally do proper error reporting
	via normal APIs.
	* src/conf/domain_conf.c, src/nwfilter/nwfilter_ebiptables_driver.c,
	  src/qemu/qemu_conf.c: Fix error handling with virSocketFormat
	* src/util/network.c: Rewrite virSocketFormat to use getnameinfo
	  and cope with UNIX socket addrs.

	Remove pointless nwIPAddress struct & void *casts
	The nwIPAddress was simply a wrapper about virSocketAddr.
	Just use the latter directly, removing all the extra field
	de-references from code & helper APIs for parsing/formatting.
	Also remove all the redundant casts from strong types to
	void * and then immediately back to strong types.
	* src/conf/nwfilter_conf.h: Remove nwIPAddress
	* src/conf/nwfilter_conf.c, src/nwfilter/nwfilter_ebiptables_driver.c:
	  Update to use virSocketAddr and remove void * casts.

	Fix netmask checks for IPv6 in virSocketCheckNetmask
	There was a typo in the IPv6 path of virSocketCheckNetmask which
	caused it to never execute.
	* src/util/network.c: s/AF_INET/AF_INET6/ in virSocketCheckNetmask

	Fix passing of address family to virSocketParseAddr
	The virSocketParseAddr function was accepting any AF_* constant
	and using that to set the ai_flags field in struct addrinfo.
	This is invalid, since address families must go in the ai_family
	field of the struct.
	* src/util/network.c: Fix handling of address family
	* src/conf/network_conf.c, src/network/bridge_driver.c: Pass
	  AF_UNSPEC instead of relying on it being 0.

	Include length with virSocketAddr data
	Some operations on socket addresses need to know the length of
	the sockaddr struct for the particular address family. This
	info was being discarded when passing around virSocketAddr
	instances. Turn it from a union into a struct containing
	union+socklen_t fields, so length is always kept around.
	* src/util/network.h: Add socklen_t field to virSocketAddr
	* src/util/network.c, src/network/bridge_driver.c,
	  src/conf/domain_conf.c: Update to take account of new
	  struct definition.

	Remove useless code in error path of getnameinfo()
	If getnameinfo() with NI_NUMERICHOST set fails, there are no
	grounds to expect inet_ntop to succeed, since these calls
	are functionally equivalent. Remove useless inet_ntop code
	in the getnameinfo() error path.
	* daemon/remote.c, src/remote/remote_driver.c: Remove
	  calls to inet_ntop

2010-10-21  Eric Blake  <eblake@redhat.com>

	maint: sort private sym lists
	* src/libvirt_private.syms: Sort by header name, then within
	header, and drop duplicate virNetworkDefParseNode,
	virFileLinkPointsTo and virXPathBoolean.

2010-10-21  Daniel P. Berrange  <berrange@redhat.com>

	Enable JSON and netdev features in QEMU >= 0.13
	The QEMU 0.13 release is finally out and from testing in RHEL-6
	we know that its JSON and netdev features are now good enough
	for us to use by default.
	* src/qemu/qemu_conf.c: Enable JSON + netdev for QEMU >= 0.13

2010-10-21  Eric Blake  <eblake@redhat.com>

	audit: simplify declaration
	* src/util/virtaudit.c (virAuditSend): one less ifdef, since gcc
	does not care if an ATTRIBUTE_UNUSED var gets used in some paths.

2010-10-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Exit on first error in qemuDomainGetMemoryParameters
	There is no point in trying to fill params beyond the first error,
	because when qemuDomainGetMemoryParameters returns -1 then the caller
	cannot detect which values in params are valid.

	virsh: Don't read nparams when virDomainGetMemoryParameters fails
	Also exit early when nparams is 0.

	Rename VIR_DOMAIN_SWAP_HARD_LIMIT to VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT
	To get them under the common VIR_DOMAIN_MEMORY_* prefix.

	Fix formatting of the memtune XML element
	Also output the min_guarantee element when set.

2010-10-20  Jiri Denemark  <jdenemar@redhat.com>

	Fix make check on RHEL-5
	The test for <vcpu> element is unrelated to vnc so the easiest fix is to
	remove related configuration.

2010-10-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	Don't let daemon-conf test fail when auditing is disabled

2010-10-20  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	Update comments for the memory tunables macros
	* include/libvirt/libvirt.h.in: Update comment with actual description

2010-10-20  Daniel Veillard  <veillard@redhat.com>

	Add John Morrissey to AUTHORS

2010-10-20  John Morrissey  <jwm@horde.net>

	Add process= support for 'qemu-kvm -name'
	This sets the process name to the same value as the Windows title,
	but since the name is limited to 16 chars only this is kept as a
	configuration option and turned off by default
	* src/qemu/qemu.conf src/qemu/qemu_conf.[ch]: hceck for support in the
	  QEmu help output, add the option in qemu conf file and augment
	  qemudBuildCommandLine to add it if switched on
	* src/qemu/libvirtd_qemu.aug src/qemu/test_libvirtd_qemu.aug: augment
	  the augeas lenses accordingly
	* tests/qemuhelptest.c: cope with the extra flag being detected now

2010-10-20  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: avoid dir. enforcement for certain types of rules
	 Avoid the enforcement of direction if
	- icmp rules specify the type/code information
	- the 'skipMatch' variable is set to 'true'

2010-10-20  Justin Clift  <jclift@redhat.com>

	docs: added initial page for c# binding, with links to it
	Adds a new page for the C# language bindings being developed by Arnaud
	Champion.

2010-10-20  Guido Günther  <agx@sigxcpu.org>

	Don't fail lxc domain start when memory controller support is missing
	Debian stock kernel has CONFIG_CGROUP_MEM_RES_CTLR disabled due to the
	overhead [1]. Allow to start containers if the corresponding files in
	the cgroup filesystem are missing. This fixes Debian bug #566180 [2].
	[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534964
	[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566180

2010-10-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compile errors in remote.c and newly added audit code

2010-10-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix symbol exports & remove duplicated libvirt_util.la linkage
	The libvirt_util.la library was mistakenly linked into libvirtd
	directly. Since libvirt_util.la is already linked to libvirt.so,
	this resulted in libvirtd getting two copies of the code and
	more critically 2 copies of static global variables.
	Testing in turn exposed a issue with loadable modules. The
	gnulib replacement functions are not exported to loadable
	modules. Rather than trying to figure out the name sof all
	gnulib functions & export them, just linkage all loadable
	modules against libgnu.la statically.
	* daemon/Makefile.am: Remove linkage of libvirt_util.la
	  and libvirt_driver.la
	* src/Makefile.am: Link driver modules against libgnu.la
	* src/libvirt.c: Don't try to load modules which were
	  compiled out
	* src/libvirt_private.syms: Export all other internal
	  symbols that are required  by drivers

2010-10-20  Miloslav Trmač  <mitr@redhat.com>

	Audit SELinux label assignment.
	A more natural auditing point would perhaps be
	SELinuxSetSecurityProcessLabel, but this happens in the child after root
	permissions are dropped, so the kernel would refuse the audit record.

	Audit VM start/stop/suspend/resume
	Most operations are audited at the libvirtd level; auditing in
	src/libvirt.c would result in two audit entries per operation (one in
	the client, one in libvirtd).
	The only exception is a domain stopping of its own will (e.g. because
	the user clicks on "shutdown" inside the interface).  There can often be
	no client connected at the time the domain stops, so libvirtd does not
	have any virConnectPtr object on which to attach an event watch.  This
	patch therefore adds auditing directly inside the qemu driver (other
	drivers are not supported).

2010-10-20  Daniel P. Berrange  <berrange@redhat.com>

	Basic framework for auditing integration
	Integrate with libaudit.so for auditing of important operations.
	libvirtd gains a couple of config entries for auditing. By
	default it will enable auditing, if its enabled on the host.
	It can be configured to force exit if auditing is disabled
	on the host. It will can also send audit messages via libvirt
	internal logging API
	Places requiring audit reporting can use the VIR_AUDIT
	macro to report data. This is a no-op unless auditing is
	enabled
	* autobuild.sh, mingw32-libvirt.spec.in: Disable audit
	  on mingw
	* configure.ac: Add check for libaudit
	* daemon/libvirtd.aug, daemon/libvirtd.conf,
	  daemon/test_libvirtd.aug, daemon/libvirtd.c: Add config
	  options to enable auditing
	* include/libvirt/virterror.h, src/util/virterror.c: Add
	  VIR_FROM_AUDIT source
	* libvirt.spec.in: Enable audit
	* src/util/virtaudit.h, src/util/virtaudit.c: Simple internal
	  API for auditing messages

	Fix statstest when driver modules are enabled
	The statstest is xen specific. Instead of filling the code with
	a huge number of #ifdef WITH_XEN, just make its entire compilation
	conditional in the Makefile.am. Also ensure it links to the Xen
	driver so that it builds when driver modules are enabled
	* tests/Makefile.am: Make statstest xen conditional. Link to
	  xen driver
	* tests/Makefile.am: Remove all conditionals

2010-10-20  Eric Blake  <eblake@redhat.com>

	virsh: consolidate memtune docs
	* tools/virsh.pod (memtune): Drop second copy, fill to 80 columns,
	enhance wording.

	vcpu: remove dead xen code
	* src/xen/xen_driver.h (xenUnifiedDriver): Remove now-unused
	domainGetMaxVcpus, domainSetVcpus.
	* src/xen/proxy_internal.c (xenProxyDriver): Likewise.
	* src/xen/xen_hypervisor.c (xenHypervisorDriver): Likewise.
	* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
	* src/xen/xend_internal.c (xenDaemonDriver)
	(xenDaemonDomainSetVcpus): Likewise.
	* src/xen/xm_internal.c (xenXMDriver, xenXMDomainSetVcpus):
	Likewise.
	* src/xen/xs_internal.c (xenStoreDriver): Likewise.

	vcpu: improve support for setting xen vcpu counts
	Tested with RHEL 5.6 (xendConfigVersion 2, where xend_internal
	controls live domains and xm_internal controls inactive domains).
	Hopefully this works with xendConfigVersion 3 (where xend_internal
	controls everything).
	* src/xen/xen_driver.c (xenUnifiedDomainSetVcpusFlags): Support
	more flags.
	(xenUnifiedGetMaxVcpus): Export.
	* src/xen/xm_internal.h (xenXMDomainSetVcpusFlags): New prototype.
	* src/xen/xend_internal.h (xenDaemonDomainSetVcpusFlags): Likewise.
	* src/xen/xen_driver.h (xenUnifiedGetMaxVcpus): Likewise.
	* src/xen/xm_internal.c (xenXMDomainSetVcpusFlags): New function.
	* src/xen/xend_internal.c (xenDaemonDomainSetVcpusFlags): Likewise.

	vcpu: improve support for getting xen vcpu counts
	* src/xen/xen_driver.c (xenUnifiedDomainGetVcpusFlags): Support
	more flags.
	* src/xen/xend_internal.h (xenDaemonDomainGetVcpusFlags): New
	prototype.
	* src/xen/xm_internal.h (xenXMDomainGetVcpusFlags): Likewise.
	* src/xen/xend_internal.c (virDomainGetVcpusFlags): New function.
	* src/xen/xm_internal.c (xenXMDomainGetVcpusFlags): Likewise.

	vcpu: improve vcpu support in xen command line
	This patch series focuses on xendConfigVersion 2 (xm_internal) and 3
	(xend_internal), but leaves out changes for xenapi drivers.
	See this link for more details about vcpu_avail for xm usage.
	http://lists.xensource.com/archives/html/xen-devel/2009-11/msg01061.html
	This relies on the fact that def->maxvcpus can be at most 32 with xen.
	* src/xen/xend_internal.c (xenDaemonParseSxpr)
	(sexpr_to_xend_domain_info, xenDaemonFormatSxpr): Use vcpu_avail
	when current vcpus is less than maximum.
	* src/xen/xm_internal.c (xenXMDomainConfigParse)
	(xenXMDomainConfigFormat): Likewise.
	* tests/xml2sexprdata/xml2sexpr-pv-vcpus.sexpr: New file.
	* tests/sexpr2xmldata/sexpr2xml-pv-vcpus.sexpr: Likewise.
	* tests/sexpr2xmldata/sexpr2xml-pv-vcpus.xml: Likewise.
	* tests/xmconfigdata/test-paravirt-vcpu.cfg: Likewise.
	* tests/xmconfigdata/test-paravirt-vcpu.xml: Likewise.
	* tests/xml2sexprtest.c (mymain): New test.
	* tests/sexpr2xmltest.c (mymain): Likewise.
	* tests/xmconfigtest.c (mymain): Likewise.

	vcpu: complete vcpu support in qemu driver
	* src/qemu/qemu_driver.c (qemudDomainSetVcpusFlags)
	(qemudDomainGetVcpusFlags): Support all feasible flag
	combinations.

	vcpu: improve vcpu support in qemu command line
	* src/qemu/qemu_conf.c (qemuParseCommandLineSmp): Distinguish
	between vcpus and maxvcpus, for new enough qemu.
	* tests/qemuargv2xmltest.c (mymain): Add new test.
	* tests/qemuxml2argvtest.c (mymain): Likewise.
	* tests/qemuxml2xmltest.c (mymain): Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smp.args: New file.

	vcpu: support all flags in test driver
	* src/test/test_driver.c (testDomainGetVcpusFlags)
	(testDomainSetVcpusFlags): Support all flags.
	(testDomainUpdateVCPUs): Update cpu count here.

	vcpu: add virsh support
	* tools/virsh.c (cmdSetvcpus): Add new flags.  Let invalid
	commands through to driver, to ease testing of hypervisor argument
	validation.
	(cmdMaxvcpus, cmdVcpucount): New commands.
	(commands): Add new commands.
	* tools/virsh.pod (setvcpus, vcpucount, maxvcpus): Document new
	behavior.

	vcpu: support maxvcpu in domain_conf
	Although this patch adds a distinction between maximum vcpus and
	current vcpus in the XML, the values should be identical for all
	drivers at this point.  Only in subsequent per-driver patches will
	a distinction be made.
	In general, virDomainGetInfo should prefer the current vcpus.
	* src/conf/domain_conf.h (_virDomainDef): Adjust vcpus to unsigned
	short, to match virDomainGetInfo limit.  Add maxvcpus member.
	* src/conf/domain_conf.c (virDomainDefParseXML)
	(virDomainDefFormat): parse and print out vcpu details.
	* src/xen/xend_internal.c (xenDaemonParseSxpr)
	(xenDaemonFormatSxpr): Manage both vcpu numbers, and require them
	to be equal for now.
	* src/xen/xm_internal.c (xenXMDomainConfigParse)
	(xenXMDomainConfigFormat): Likewise.
	* src/phyp/phyp_driver.c (phypDomainDumpXML): Likewise.
	* src/openvz/openvz_conf.c (openvzLoadDomains): Likewise.
	* src/openvz/openvz_driver.c (openvzDomainDefineXML)
	(openvzDomainCreateXML, openvzDomainSetVcpusInternal): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainDumpXML, vboxDomainDefineXML):
	Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainDumpXML): Likewise.
	* src/xenapi/xenapi_utils.c (createVMRecordFromXml): Likewise.
	* src/esx/esx_vmx.c (esxVMX_ParseConfig, esxVMX_FormatConfig):
	Likewise.
	* src/qemu/qemu_conf.c (qemuBuildSmpArgStr)
	(qemuParseCommandLineSmp, qemuParseCommandLine): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainHotplugVcpus): Likewise.
	* src/opennebula/one_conf.c (xmlOneTemplate): Likewise.

	vcpu: make old API trivially wrap to new API
	Note - this wrapping is completely mechanical; the old API will
	function identically, since the new API validates that the exact
	same flags are provided by the old API.  On a per-driver basis,
	it may make sense to have the old API pass a different set of flags,
	but that should be done in the per-driver patch that implements
	the full range of flag support in the new API.
	* src/esx/esx_driver.c (esxDomainSetVcpus, escDomainGetMaxVpcus):
	Move guts...
	(esxDomainSetVcpusFlags, esxDomainGetVcpusFlags): ...to new
	functions.
	(esxDriver): Trivially support the new API.
	* src/openvz/openvz_driver.c (openvzDomainSetVcpus)
	(openvzDomainSetVcpusFlags, openvzDomainGetMaxVcpus)
	(openvzDomainGetVcpusFlags, openvzDriver): Likewise.
	* src/phyp/phyp_driver.c (phypDomainSetCPU)
	(phypDomainSetVcpusFlags, phypGetLparCPUMAX)
	(phypDomainGetVcpusFlags, phypDriver): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainSetVcpus)
	(qemudDomainSetVcpusFlags, qemudDomainGetMaxVcpus)
	(qemudDomainGetVcpusFlags, qemuDriver): Likewise.
	* src/test/test_driver.c (testSetVcpus, testDomainSetVcpusFlags)
	(testDomainGetMaxVcpus, testDomainGetVcpusFlags, testDriver):
	Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainSetVcpus)
	(vboxDomainSetVcpusFlags, virDomainGetMaxVcpus)
	(virDomainGetVcpusFlags, virDriver): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainSetVcpus)
	(xenUnifiedDomainSetVcpusFlags, xenUnifiedDomainGetMaxVcpus)
	(xenUnifiedDomainGetVcpusFlags, xenUnifiedDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainSetVcpus)
	(xenapiDomainSetVcpusFlags, xenapiDomainGetMaxVcpus)
	(xenapiDomainGetVcpusFlags, xenapiDriver): Likewise.
	(xenapiError): New helper macro.

	vcpu: implement the remote protocol
	Done by editing the first three files, then running
	'make -C src rpcgen', then editing src/remote_protocol-structs
	to match.
	* daemon/remote.c (remoteDispatchDomainSetVcpusFlags)
	(remoteDispatchDomainGetVcpusFlags): New functions.
	* src/remote/remote_driver.c (remoteDomainSetVcpusFlags)
	(remoteDomainGetVcpusFlags, remote_driver): Client side
	serialization.
	* src/remote/remote_protocol.x
	(remote_domain_set_vcpus_flags_args)
	(remote_domain_get_vcpus_flags_args)
	(remote_domain_get_vcpus_flags_ret)
	(REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS)
	(REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS): Define wire format.
	* daemon/remote_dispatch_args.h: Regenerate.
	* daemon/remote_dispatch_prototypes.h: Likewise.
	* daemon/remote_dispatch_table.h: Likewise.
	* src/remote/remote_protocol.c: Likewise.
	* src/remote/remote_protocol.h: Likewise.
	* src/remote_protocol-structs: Likewise.

	vcpu: implement the public APIs
	Factors common checks (such as nonzero vcpu count) up front, but
	drivers will still need to do additional flag checks.
	* src/libvirt.c (virDomainSetVcpusFlags, virDomainGetVcpusFlags):
	New functions.
	(virDomainSetVcpus, virDomainGetMaxVcpus): Refer to new API.

	vcpu: define internal driver API
	* src/driver.h (virDrvDomainSetVcpusFlags)
	(virDrvDomainGetVcpusFlags): New typedefs.
	(_virDriver): New callback members.
	* src/esx/esx_driver.c (esxDriver): Add stub for driver.
	* src/lxc/lxc_driver.c (lxcDriver): Likewise.
	* src/opennebula/one_driver.c (oneDriver): Likewise.
	* src/openvz/openvz_driver.c (openvzDriver): Likewise.
	* src/phyp/phyp_driver.c (phypDriver): Likewise.
	* src/qemu/qemu_driver.c (qemuDriver): Likewise.
	* src/remote/remote_driver.c (remote_driver): Likewise.
	* src/test/test_driver.c (testDriver): Likewise.
	* src/uml/uml_driver.c (umlDriver): Likewise.
	* src/vbox/vbox_tmpl.c (Driver): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDriver): Likewise.

	vcpu: add new public API
	API agreed on in
	https://www.redhat.com/archives/libvir-list/2010-September/msg00456.html,
	but modified for enum names to be consistent with virDomainDeviceModifyFlags.
	* include/libvirt/libvirt.h.in (virDomainVcpuFlags)
	(virDomainSetVcpusFlags, virDomainGetVcpusFlags): New
	declarations.
	* src/libvirt_public.syms: Export new symbols.

2010-10-19  Eric Blake  <eblake@redhat.com>

	vcpu: add current attribute to <vcpu> element
	Syntax agreed on in
	https://www.redhat.com/archives/libvir-list/2010-September/msg00476.html
	<domain ...>
	  <vcpu current='x'>y</vcpu>
	...
	can now be used to specify 1 <= x <= y current vcpus, in relation
	to the boot-time max of y vcpus.  If current is omitted, then
	current and max are assumed to be the same value.
	* docs/schemas/domain.rng: Add new attribute.
	* docs/formatdomain.html.in: Document it.
	* tests/qemuxml2argvdata/qemuxml2argv-smp.xml: Add to
	domainschematest.
	* tests/xml2sexprdata/xml2sexpr-pv-vcpus.xml: Likewise.

2010-10-19  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: changes to rules in VM->host table
	In the table built for traffic coming from the VM going to the host make the following changes:
	- don't ACCEPT the packets but do a 'RETURN' and let the host-specific firewall rules in subsequent rules evaluate whether the traffic is allowed to enter
	- use the '-m state' in the rules as everywhere else

2010-10-19  Eric Blake  <eblake@redhat.com>

	build: avoid false positive syntax-check failure
	* .x-sc_po_check: Exclude docs directory.

2010-10-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	proxy: Fix undefined reference to virClose
	Add src/util/files.c to libvirt_proxy_SOURCES.

	esx: Handle non-UTF-8 encoded VMX files
	ESX(i) uses UTF-8, but a Windows based GSX server writes
	Windows-1252 encoded VMX files.
	Add a test case to ensure that libxml2 provides Windows-1252
	to UTF-8 conversion.

2010-10-19  Stefan Berger  <stefanb@us.ibm.com>

	Introduce VIR_CLOSE to be used rather than close()
	Since bugs due to double-closed file descriptors are difficult to track down in a multi-threaded system, I am introducing the VIR_CLOSE(fd) macro to help avoid mistakes here.
	There are lots of places where close() is being used. In this patch I am only cleaning up usage of close() in src/conf where the problems were.
	I also dare to declare close() as being deprecated in libvirt code base (HACKING).

2010-10-19  Dan Kenigsberg  <danken@redhat.com>

	root_squash: virFileOperation may fail with EPERM too
	Over root-squashing nfs, when virFileOperation() is called as uid==0,
	it may fail with EACCES, but also with EPERM, due to
	virFileOperationNoFork()'s failed attemp to chown a writable file.
	qemudDomainSaveFlag() should expect this case, too.

	Run initgroups() in qemudOpenAsUID()
	qemudOpenAsUID is intended to open a file with the credentials of a
	specified uid. Current implementation fails if the file is accessible to
	one of uid's groups but not owned by uid.
	This patch replaces the supplementary group list that the child process
	inherited from libvirtd with the default group list of uid.

2010-10-19  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	memtune: Add min_guarantee to the virsh memtune command
	* tools/virsh.c: Add new memory tunable "min_guarantee", currently only
	  ESX can use this
	* tools/virsh.pod: Update the manpage

	Update docs for memory parameters and memtune command
	* docs/formatdomain.html.in: Add memtune element details, added min_guarantee
	* src/libvirt.c: Update virDomainGetMemoryParameters api description, make
	  it more clear that the user first needs to call the api to get the number
	  of parameters supported and then call again to get the values.
	* tools/virsh.pod: Add usage of new command memtune in virsh manpage

2010-10-19  Dan Kenigsberg  <danken@redhat.com>

	qemu: let qemu group look below /var/lib/libvirt/qemu/
	Vdsm needs to communicate with its guest agent via unix domain socket,
	which qemu creates due to the following domain xml device:
	    <channel type='unix'>
	      <target type='virtio' name='com.redhat.rhevm.vdsm'/>
	      <source mode='bind' path='/var/lib/libvirt/qemu/channels/fcp-xp-1.com.redhat.rhevm.vdsm'/>
	    </channel>
	The location of the socket below /var/lib/libvirt/qemu/channels makes
	sense, to humans and selinux policy alike. However, that socket should
	be accessible to vdsm, too.
	Due to other (storage) reasons, vdsm is to join the "qemu" group. With
	this patch, vdsm can look below /var/lib/libvirt/qemu and connect to the
	socket.
	The socket itself should be chmod'ed to allow qemu group read/write, but
	that's for another project.
	BZ#643407

2010-10-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix check in esxDomainGetInfo's perf metric handling

2010-10-16  Eric Blake  <eblake@redhat.com>

	build: use latest gnulib, for ignore-value fix
	* .gnulib: Update to latest.

	virsh: add tests for recent cli improvements
	* tests/virshtest.c (mymain): Add tests of command parsing and
	echo command.

	virsh: new echo command
	* tools/virsh.c (cmdEcho): New command.
	(commands): Add it.
	* tools/virsh.pod (echo): Document it.

	virsh: add support for accepting arbitrary argv
	* tools/virsh.c (vshCmdOptType): Add VSH_OT_ARGV.  Delete
	unused VSH_OT_NONE.
	(vshCmddefGetData): Special case new opt flag.
	(vshCmddefHelp): Display help for argv.
	(vshCommandOptArgv): New function.

	docs: document how to disable memballoon
	https://bugzilla.redhat.com/show_bug.cgi?id=623903 documents a qemu
	bug that causes libvirt to hang if virt-manager happens to be
	querying balloon info when a guest is paused.  Until the qemu bug
	is fixed, people need to know how to avoid the issue.
	* docs/formatdomain.html.in (Memory balloon device): Mention
	model='none'.

2010-10-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Explictly declare VMX file content as UTF-8

2010-10-15  Laine Stump  <laine@laine.org>

	Fix warning about a non-literal format string in qemu_driver.c

2010-10-15  Eric Blake  <eblake@redhat.com>

	build: skip xenapi driver when building for RHEL
	https://bugzilla.redhat.com/show_bug.cgi?id=643118
	* libvirt.spec.in: Provide xenapi conditionals.

2010-10-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Handle name escaping properly
	VMware uses a mix of percent-, pipe- and base64-encoding in
	different combinations in different places.
	Add a testcase for this.

2010-10-14  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: prevent filters with different name but same UUID
	Patch to prevent multiple nwfilters with different name but same UUID.

2010-10-14  Eric Blake  <eblake@redhat.com>

	maint: add recent author
	* AUTHORS: List Harsh Prateek Bora, for 'make syntax-check'.

	build: fix accidental submodule reversion
	* .gnulib: Undo change in previous commit.

2010-10-14  Harsh Prateek Bora  <harsh@linux.vnet.ibm.com>

	new attribute accessmode to filesystem element
	This introduces new attribute to filesystem element
	to support customizable access mode for mount type.
	Valid accessmode are: passthrough, mapped and squash.
	Usage:
	        <filesystem type='mount' accessmode='passthrough'>
	          <source dir='/export/to/guest'/>
	          <target dir='mount_tag'/>
	        </filesystem>
	passthrough is the default model if not specified, that's
	also the current behaviour.

2010-10-14  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: cut off connections after changing filters
	The following filter transition from a filter allowing incoming TCP connections
	  <rule action='accept' direction='in' priority='401'>
	    <tcp/>
	  </rule>
	  <rule action='accept' direction='out' priority='500'>
	    <tcp/>
	  </rule>
	to one that does not allow them
	  <rule action='drop' direction='in' priority='401'>
	    <tcp/>
	  </rule>
	  <rule action='accept' direction='out' priority='500'>
	    <tcp/>
	  </rule>
	did previously not cut off existing (ssh) connections but only prevented newly initiated ones. The attached patch allows to cut off existing connections as well, thus enforcing what the filter is showing.
	I had only tested with a configuration where the physical interface is connected to the bridge where the filters are applied. This patch now also solves a filtering problem where the physical interface is not connected to the bridge, but the bridge is given an IP address and the host routes between bridge and physical interface. Here the filters drop non-allowed traffic on the outgoing side on the host.

2010-10-14  Eric Blake  <eblake@redhat.com>

	build: provide URL in 'configure --help'
	* configure.ac (AC_INIT): Provide email and URL.

	build: fix mingw build
	* .gnulib: Update to latest, for termios fix.
	* configure.ac (AC_CHECK_HEADERS): Drop redundent check.
	* bootstrap: Synchronize from upstream.
	Reported by Daniel P. Berrange.

2010-10-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Prohibit migration of guests with host devices
	Explicitly raising a nice error in the case user tries to migrate a
	guest with assigned host devices is much better than waiting for a
	mysterious error with no clue for the reason.

	tests: Honor LIBVIRT_{DEBUG,LOG_*} variables

	tests: Do not override LIBVIRT_DEBUG variable

	cpu: Use vendor in baseline CPU only if all hosts use it
	When only some host CPUs given to cpuBaseline contain <vendor> element,
	baseline CPU should not contain it. Otherwise the result would not be
	compatible with the host CPUs without vendor. CPU vendors are still
	taken into account when computing baseline CPU, it's just removed from
	the result.

	cpu: Fix vendor for recent CPU models
	Recent CPU models were specified using invalid vendor element
	<vendor>NAME</vendor>, which was silently ignored due to a bug in the
	code which was parsing it.

2010-10-14  Stefan Berger  <stefanb@us.ibm.com>

	test: silence nwfilter test
	 This patch silences the nwfilter test case.

2010-10-14  Eric Blake  <eblake@redhat.com>

	tests: fix spurious test failure
	Failure introduced in commit 3a092f389.
	* tests/xml2sexprdata/xml2sexpr-boot-grub.sexpr: Fix typo.

	memory: fix remote protocol compilation
	'make -C src rpcgen' is supposed to be idempotent.  But commit
	f928f43b7b mistakently manually edited a generated file rather
	than fixing the upstream file.
	* src/remote/remote_protocol.x (remote_memory_param_value): Use
	correct spelling of enum values.
	* src/remote/remote_protocol.c: Regenerate.

2010-10-13  Daniel P. Berrange  <berrange@redhat.com>

	Enable support for nested SVM
	This enables support for nested SVM using the regular CPU
	model/features block. If the CPU model or features include
	'svm', then the '-enable-nesting' flag will be added to the
	QEMU command line. Latest out of tree patches for nested
	'vmx', no longer require the '-enable-nesting' flag. They
	instead just look at the cpu features. Several of the models
	already include svm support, but QEMU was just masking out
	the svm bit silently. So this will enable SVM on such
	models
	* src/qemu/qemu_conf.h: flag for -enable-nesting
	* src/qemu/qemu_conf.c: Use -enable-nesting if VMX or SVM are in
	  the CPUID
	* src/cpu/cpu.h, src/cpu/cpu.c: API to check for a named feature
	* src/cpu/cpu_x86.c: x86 impl of feature check
	* src/libvirt_private.syms: Add cpuHasFeature
	* src/qemuhelptest.c: Add nesting flag where required

	Improve error reporting in test suites
	Before running each test case clear the thread local error
	indicator. After running each test case, dispatch any error
	that was reported
	* tests/testutils.c: Fix error reporting in test suites

	Update todo list file to point at bugzilla/website
	The TODO list changes frequently so cannot be well maintained
	under GIT. Update the TODO file to point people at bugzilla
	and the libvirt website
	* TODO: Point at bugzilla/website

	Fix Xen SEXPR generation to properly quote strings containing ()
	* src/xen/sexpr.c: Ensure () are escaped in sexpr2string
	* tests/sexpr2xmldata/sexpr2xml-boot-grub.sexpr,
	  tests/sexpr2xmldata/sexpr2xml-boot-grub.xml,
	  tests/xml2sexprdata/xml2sexpr-boot-grub.sexpr,
	  tests/xml2sexprdata/xml2sexpr-boot-grub.xml: Data files to
	  check escaping
	* tests/sexpr2xmltest.c, tests/xml2sexprtest.c: Add boot-grub
	  escaping test case

2010-10-13  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: resolve deadlock between VM ops and filter update
	 This is from a bug report and conversation on IRC where Soren reported that while a filter update is occurring on one or more VMs (due to a rule having been edited for example), a deadlock can occur when a VM referencing a filter is started.
	The problem is caused by the two locking sequences of
	qemu driver, qemu domain, filter             # for the VM start operation
	filter, qemu_driver, qemu_domain            # for the filter update operation
	that obviously don't lock in the same order. The problem is the 2nd lock sequence. Here the qemu_driver lock is being grabbed in qemu_driver:qemudVMFilterRebuild()
	The following solution is based on the idea of trying to re-arrange the 2nd sequence of locks as follows:
	qemu_driver, filter, qemu_driver, qemu_domain
	and making the qemu driver recursively lockable so that a second lock can occur, this would then lead to the following net-locking sequence
	qemu_driver, filter, qemu_domain
	where the 2nd qemu_driver lock has been ( logically ) eliminated.
	The 2nd part of the idea is that the sequence of locks (filter, qemu_domain) and (qemu_domain, filter) becomes interchangeable if all code paths where filter AND qemu_domain are locked have a preceding qemu_domain lock that basically blocks their concurrent execution
	So, the following code paths exist towards qemu_driver:qemudVMFilterRebuild where we now want to put a qemu_driver lock in front of the filter lock.
	-> nwfilterUndefine()   [ locks the filter ]
	    -> virNWFilterTestUnassignDef()
	        -> virNWFilterTriggerVMFilterRebuild()
	            -> qemudVMFilterRebuild()
	-> nwfilterDefine()
	    -> virNWFilterPoolAssignDef() [ locks the filter ]
	        -> virNWFilterTriggerVMFilterRebuild()
	            -> qemudVMFilterRebuild()
	-> nwfilterDriverReload()
	    -> virNWFilterPoolLoadAllConfigs()
	        ->virNWFilterPoolObjLoad()
	            -> virNWFilterPoolAssignDef() [ locks the filter ]
	                -> virNWFilterTriggerVMFilterRebuild()
	                    -> qemudVMFilterRebuild()
	-> nwfilterDriverStartup()
	    -> virNWFilterPoolLoadAllConfigs()
	        ->virNWFilterPoolObjLoad()
	            -> virNWFilterPoolAssignDef() [ locks the filter ]
	                -> virNWFilterTriggerVMFilterRebuild()
	                    -> qemudVMFilterRebuild()
	Qemu is not the only driver using the nwfilter driver, but also the UML driver calls into it. Therefore qemuVMFilterRebuild() can be exchanged with umlVMFilterRebuild() along with the driver lock of qemu_driver that can now be a uml_driver. Further, since UML and Qemu domains can be running on the same machine, the triggering of a rebuild of the filter can touch both types of drivers and their domains.
	In the patch below I am now extending each nwfilter callback driver with functions for locking and unlocking the (VM) driver (UML, QEMU) and introduce new functions for locking all registered callback drivers and unlocking them. Then I am distributing the lock-all-cbdrivers/unlock-all-cbdrivers call into the above call paths. The last shown callpath starting with nwfilterDriverStart() is problematic since it is initialize before the Qemu and UML drives are and thus a lock in the path would result in a NULL pointer attempted to be locked -- the call to virNWFilterTriggerVMFilterRebuild() is never called, so we never lock either the qemu_driver or the uml_driver in that path. Therefore, only the first 3 paths now receive calls to lock and unlock all callback drivers. Now that the locks are distributed where it matters I can remove the qemu_driver and uml_driver lock from qemudVMFilterRebuild() and umlVMFilterRebuild() and not requiring the recursive locks.
	For now I want to put this out as an RFC patch. I have tested it by 'stretching' the critical section after the define/undefine functions each lock the filter so I can (easily) concurrently execute another VM operation (suspend,start). That code is in this patch and if you want you can de-activate it. It seems to work ok and operations are being blocked while the update is being done.
	I still also want to verify the other assumption above that locking filter and qemu_domain always has a preceding qemu_driver lock.

2010-10-13  Eric Blake  <eblake@redhat.com>

	virsh: update comment about parsing
	* tools/virsh.c: Update comments to match patch series.

	virsh: move code into topological order
	* tools/virsh.c (vshCommandParse): Float up, to avoid the need for
	a forward declaration.

	virsh: simplify top-level option parsing
	This makes 'virsh --conn test:///default help help' work right;
	previously, the abbreviation confused our hand-rolled option parsing.
	* tools/virsh.c (vshParseArgv): Use getopt_long feature, rather
	than (incorrectly) reparsing options ourselves.

2010-10-13  Lai Jiangshan  <laijs@cn.fujitsu.com>

	virsh: add -- support
	"--" means no option at the following arguments.

	virsh: support single quote
	Some users may type command like this at the virsh shell:
	virsh # somecmd 'some arg'
	because they often use single quote in linux shell.

	virsh: add escaper \ for command string parsing
	add escaper \ for command string parsing, example:
	virsh # cd /path/which/have/a/double\"quote

2010-10-13  Eric Blake  <eblake@redhat.com>

	virsh: document options in man page
	* tools/virsh.pod: Document top-level options.

2010-10-13  Lai Jiangshan  <laijs@cn.fujitsu.com>

	virsh: rework command parsing
	Old virsh command parsing mashes all the args back into a string and
	miss the quotes, this patches fix it. It is also needed for introducing
	qemu-monitor-command which is very useful.
	This patches uses the new vshCommandParser abstraction and adds
	vshCommandArgvParse() for arguments vector, so we don't need
	to mash arguments vector into a command sting.
	And the usage was changed:
	old:
	virsh [options] [commands]
	new:
	virsh [options]... [<command_string>]
	virsh [options]... <command> [args...]
	So we still support commands like:
	"define D.xml; dumpxml D" was parsed as a commands-string.
	and support commands like:
	we will not mash them into a string, we use new argv parser for it.
	But we don't support the command like:
	"define D.xml; dumpxml" was parsed as a command-name, but we have no such command-name.

	virsh: add vshCommandParser abstraction
	add vshCommandParser and make vshCommandParse() accept different
	parsers.
	the current code for parse command string is integrated as
	vshCommandStringParse().

	virsh: better handling the boolean option
	in old code the following commands are equivalent:
	     virsh # dumpxml --update-cpu=vm1
	     virsh # dumpxml --update-cpu vm1
	because the old code split the option argument into 2 parts:
	--update-cpu=vm1 is split into update-cpu and vm1,
	and update-cpu is a boolean option, so the parser takes vm1 as another
	argument, very strange.
	after this patch applied, the first one will become illegal.
	To achieve this, we don't parse/check options when parsing command sting,
	but check options when parsing a command argument. And the argument is
	not split when parsing command sting.

	virsh: allow zero length arguments
	the following command is allowed at shell, we also make it allowed at virsh shell.

2010-10-13  Eric Blake  <eblake@redhat.com>

	virsh: poison raw allocation routines
	* tools/virsh.c (malloc, calloc, realloc, strdup): Enforce that
	within this file, we use the safe vsh wrappers instead.
	(cmdNodeListDevices, cmdSnapshotCreate, main): Fix violations of
	this policy.

2010-10-13  Lai Jiangshan  <laijs@cn.fujitsu.com>

	virsh: better support double quote
	In origin code, double quote is only allowed at the begin or end
	"complicated argument"
	--some_opt="complicated string"  (we split this argument into 2 parts,
	option and data, the data is "complicated string").
	This patch makes it allow double quote at any position of
	an argument:
	complicated" argument"
	complicated" "argument
	--"some opt=complicated string"
	This patch is also needed for the following patches,
	the following patches will not split option argument into 2 parts,
	so we have to allow double quote at any position of an argument.

2010-10-13  Guido Günther  <agx@sigxcpu.org>

	Don't fail on missing D-Bus
	We don't fail when we can't contact HAL so we shouldn't fail if we can't
	contact D-Bus either.

2010-10-13  Daniel Veillard  <veillard@redhat.com>

	Fixes for documentation extraction
	* include/libvirt/libvirt.h.in: some of the function type description
	  were broken so they could not be automatically documented
	* src/util/event.c docs/apibuild.py: event.c exports one public API
	  so it needs to be scanned too, avoid a few warnings

2010-10-13  Daniel P. Berrange  <berrange@redhat.com>

	Implement support for virtio plan9fs filesystem passthrough in QEMU
	Make use of the existing <filesystem> element to support plan9fs
	filesystem passthrough in the QEMU driver
	    <filesystem type='mount'>
	      <source dir='/export/to/guest'/>
	      <target dir='/import/from/host'/>
	    </filesystem>
	NB, the target is not actually a directory, it is merely a arbitrary
	string tag that is exported to the guest as a hint for where to mount
	it.

	Add todo.pl and config example to EXTRA_DIST
	* docs/Makefile.am: Add todo.pl and todo.cfg-example to EXTRA_DIST

2010-10-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix several minor problems introduced by the memtune series
	Add proper documentation to the new VIR_DOMAIN_MEMORY_* macros in
	libvirt.h.in to placate apibuild.py.
	Mark args as unused in for libvirt_virDomain{Get,Set}MemoryParameters
	in the Python bindings and add both to the libvirtMethods array.
	Update remote_protocol-structs to placate make syntax-check.
	Undo unintended modifications in vboxDomainGetInfo.
	Update the function table of the VirtualBox and XenAPI drivers.

2010-10-13  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	Remote protocol implementation of virDomainSet/GetMemoryParameters

	Adding memtune command to virsh tool
	The command helps to control the memory/swap parameters for the system, for
	eg. hard_limit (max memory the vm can use), soft_limit (limit during memory
	contention), swap_hard_limit(max swap the vm can use)

2010-10-13  Daniel Veillard  <veillard@redhat.com>

	Avoid checking against strncpy in virsh.c
	since the replacement function virStrcpy is not available

2010-10-13  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	Implement domainGetMemoryParamters for LXC
	Driver interface for getting memory parameters, eg. hard_limit,
	soft_limit and swap_hard_limit.

	Implement domainSetMemoryParamters for LXC
	Add support in the lxc driver for various memory controllable parameters

	Adding memtunables to libvirt-lxc command
	libvirt-lxc now configures the hardlimit, softlimit and swaplimit, if
	specified in the domain xml file or picks up the defaults.

	Adding memtunables to qemuSetupCgroup
	QEmu startup will pick up the memory tunables specified in the domain
	configuration file

	Implement domainGetMemoryParamters for QEmu
	Driver interface for getting memory parameters, eg. hard_limit,
	soft_limit and swap_hard_limit based on cgroup support

	Implement domainSetMemoryParamters for QEmu
	Driver interface for setting memory hard_limit, soft_limit and swap
	hard_limit based on cgroup support

	Implement cgroup memory controller tunables
	Provides interfaces for setting/getting memory tunables like hard_limit,
	soft_limit and swap_hard_limit

	XML parsing for memory tunables
	Adding parsing code for memory tunables in the domain xml file
	also change the internal define structures used for domain memory
	informations
	Adds a new specific test

2010-10-13  Daniel Veillard  <veillard@redhat.com>

	Cleanup some tabs issues

2010-10-13  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	Adds xml entries for memory tunables in domain schema
	The patch adds xml entries to the domain.rng file.
	v2:
	+ Fix typo min_guarantee

	Adding virDomainSetMemoryParameters and virDomainGetMemoryParameters API
	Public api to set/get memory tunables supported by the hypervisors.
	dv:
	* some cleanups in libvirt.c
	* adding extra checks in libvirt.c new entry points
	v4:
	* Move exporting public API to this patch
	* Add unsigned int flags to the public api for future extensions
	v3:
	* Add domainGetMemoryParamters and NULL in all the driver interface
	v2:
	* Initialize domainSetMemoryParameters to NULL in all the driver
	  interface structure.

	Adding structure and defines for virDomainSet/GetMemoryParameters
	This patch adds a structure virMemoryParameter, it contains the name of
	the
	parameter and the type of the parameter along with a union.
	dv:
	+ rename enums to VIR_DOMAIN_MEMORY_PARAM_*
	+ remove some extraneous tabs
	v4:
	+ Add unsigned int flags to the public api for future extensions
	v3:
	+ Protoype for virDomainGetMemoryParameters and dummy python binding.
	v2:
	+ Includes dummy python bindings for the library to build cleanly.
	+ Define string constants like "hard_limit", etc.
	+ re-order this patch.

2010-10-12  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Remove redundant features
	Some features provided by the recently added CPU models were mentioned
	twice for each model. This was a result of automatic generation of the
	XML from qemu's CPU configuration file without noticing this redundancy.

2010-10-12  Eric Blake  <eblake@redhat.com>

	util: add missing export
	Commit 1fe2927a3 forgot to export a symbol.
	* src/libvirt_private.syms (virHexToBin): Add.
	* src/.gitignore: Ignore temporary file.

2010-10-12  Daniel P. Berrange  <berrange@redhat.com>

	Set sensible defaults for cpu match and feature policy
	To enable the CPU XML from the capabilities to be pasted directly
	into the guest XML with no editing, pick a sensible default for
	match and feature policy. The CPU match will be exact and the
	feature policy will be require. This should ensure safety for
	migration and give DWIM semantics for users
	* src/conf/cpu_conf.c: Default to exact match and require policy
	* docs/formatdomain.html.in: Document new defaults

	Add automatic generation of a todo item page
	This adds a script to generate the todo item page from
	bugzilla. This requires a valid username+password for
	bugzilla, so it is intended that this only be run on
	the libvirt.org website via cron. Normal usage will just
	generate an empty stub page.
	* docs/todo.pl: Script to extract todo items from bugzilla
	* docs/todo.cfg-example: Example config file
	* docs/sitemap.html.in: Add todo page
	* docs/Makefile.am: Generation rules for todo items

2010-10-12  Jiri Denemark  <jdenemar@redhat.com>

	xen: Fix virDomain{At,De}tachDevice
	According to API documentation virDomain{At,De}tachDevice calls are
	supposed to only work on active guests for device hotplug. For anything
	beyond that, their *Flags variants have to be used.
	Despite the variant which was acked on libvirt mailing list
	(https://www.redhat.com/archives/libvir-list/2010-January/msg00385.html)
	commit ed9c14a7ef86d7a45a6d57cbfee5410fca428633 (by Jim Fehlig)
	introduced automagic behavior of these API calls for xen driver. Since
	January, these calls always change persistent configuration of a guest
	and if the guest is currently active, they also hot(un)plug the device.
	That change didn't follow API documentation and also broke device
	hot(un)plug for older xend implementations which do not support changing
	persistent configuration of a guest and hot(un)plugging in one step.
	This patch should not break anything for active guests. On the other
	hand, changing inactive guests is not supported any more.

	xen: xenXMDomain*DeviceFlags should obey all flags
	xenXMDomain*DeviceFlags() silently ignores requests to modify live
	configuration of an active guest while still touching its persistent
	configuration.

	xen: Fix logic bug in xenDaemon*DeviceFlags

	xen: Make xenDaemon*DeviceFlags errors less confusing
	When a user calls to virDomain{Attach,Detach,Update}DeviceFlags() with
	flags == VIR_DOMAIN_DEVICE_MODIFY_LIVE on an inactive guest running on
	an old Xen hypervisor (such as RHEL-5) xend_internal driver reports:
	    Xend version does not support modifying persistent config
	which is pretty confusing since no-one requested to modify persistent
	config.

2010-10-12  Guido Günther  <agx@sigxcpu.org>

	Return a suitable error message if we can't find a matching emulator

2010-10-09  Guido Günther  <agx@sigxcpu.org>

	Pass -n to ip(6)tables
	to avoid long timeouts waiting for DNS servers

2010-10-07  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Add 2nd example to the html docs
	This patch adds another example to the nwfilter html page and provides 2 solutions for how to write a filter meeting the given requirements using newly added features.

	nwfilter: Extend docs with info about the state attribute
	I am adding a row with information about the newly supported state
	attribute to each of the tables describing supported attributes of protocols.

	nwfilter: Extend schema to accept state attribute
	Extend the nwfilter.rng schema to accept state attribute.

	nwfilter: Add test case for testing the state attribute
	This patch adds a test case for testing the XML parser's and instantiator's
	support of the state attribute. The other test case tests existing
	capabilities. Both test cases will be used in TCK again.

	nwfilter: Instantiate state match in ip(6)tables rules
	In this patch I am extending the rule instantiator to create the state
	match according to the state attribute in the XML. Only one iptables
	rule in the incoming or outgoing direction will be created for a rule
	in direction 'in' or 'out' respectively. A rule in direction 'inout' does
	get iptables rules in both directions.

	nwfilter: Extend XML parser and gen. to support state attr.
	The patch below extends the XML parser and generator so that every l3 protocol
	now can have a state attribute.

2010-10-06  Eric Blake  <eblake@redhat.com>

	build: require pkg-config for bootstrap
	* .gnulib: Update to latest, for bootstrap fixes.
	* bootstrap: Synchronize with upstream.
	* bootstrap.conf: Add pkg-config pre-requisite.
	* autogen.sh: Tweak wording message.
	Reported by Justin Clift, and with feedback from Bruno Haible.

2010-10-06  Jiri Denemark  <jdenemar@redhat.com>

	xen: Fix bogus error when attaching a device
	The xm internal xen driver only supports disk and network devices to be
	added to a guest. On an attempt to attach any other device the xm driver
	used VIR_ERR_XML_ERROR which resulted in a completely bogus error
	message:
	error: Failed to attach device from pci.xml
	error: XML description for unknown device is not well formed or invalid

2010-10-05  Justin Clift  <jclift@redhat.com>

	configure: disable network and storage-fs drivers on mac os x
	Disabling these two drivers on MacOS X, where they are known to
	not work, allows libvirt (including the daemon) to compile without
	any further changes.

2010-10-04  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: fix memory leaks
	Fixing memory leak shown by valgrind and freeing buffer in two more places.

2010-10-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add support for virtual serial device network backing
	Since version 4.1 ESX(i) can expose virtual serial devices over TCP.
	Add support in the VMX handling code for this, add test cases to cover
	it and add links to some documentation.
	ESX supports two additional protocols: TELNETS and TLS. Add them to
	the list of serial-over-TCP protocols.

2010-10-02  Eric Blake  <eblake@redhat.com>

	vcpu: improve cpuset attribute
	The <vcpu cpuset=...> attribute has been available since commit
	e193b5dd, but without documentation or RNG validation.
	* docs/schemas/domain.rng (vcpu): Further validate cpuset.
	* docs/formatdomain.html.in: Document it.
	* src/conf/domain_conf.c: Fix typos.

2010-10-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Verify that domain XML contains at least one disk element
	phypBuildLpar expects that at least one disk element is provided.

2010-10-01  Jamie Strandboge  <jamie@canonical.com>

	virt-aa-helper-test cleanups
	Don't cat | sed, just sed.  Suggested by Eric Blake.

	implement usb and pci hot attach in AppArmor driver
	Description: Implement AppArmorSetSecurityHostdevLabel() and
	AppArmorRestoreSecurityHostdevLabel() for hostdev and pcidev attach.
	virt-aa-helper also has to be adjusted because *FileIterate() is used for pci
	and usb devices and the corresponding XML for hot attached hostdev and pcidev
	is not in the XML passed to virt-aa-helper. The new '-F filename' option is
	added to append a rule to the profile as opposed to the existing '-f
	filename', which rewrites the libvirt-<uuid>.files file anew. This new '-F'
	option will append a rule to an existing libvirt-<uuid>.files if it exists,
	otherwise it acts the same as '-f'.
	load_profile() and reload_profile() have been adjusted to add an 'append'
	argument, which when true will use '-F' instead of '-f' when executing
	virt-aa-helper.
	All existing calls to load_profile() and reload_profile() have been adjusted
	to use the old behavior (ie append==false) except AppArmorSetSavedStateLabel()
	where it made sense to use the new behavior.
	This patch also adds tests for '-F'.
	Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/640993

2010-10-01  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Add a test case for testing the comment attribute
	This patch adds a test case for testing the XML parser's and instantiator's
	support of the comment attribute.

	nwfilter: Extend docs with information about comment attr.
	I am adding a row with information about the newly supported comment
	attribute to each of the tables describing supported attributes of protocols.

	nwfilter: Extend nwfilter schema to accept comment attrib.
	Extend the nwfilter.rng schema to accept comment attributes for all protocol
	types.

	nwfilter: Instantiate comments in ip(6)tables rules
	In this patch I am extending the rule instantiator to create the comment
	node where supported, which is the case for iptables and ip6tables.
	Since commands are written in the format
	cmd='iptables ...-m comment --comment \"\" '
	certain characters ('`) in the comment need to be escaped to
	prevent comments from becoming commands themselves or cause other
	forms of (bash) substitutions. I have tested this with various input and in
	my tests the input made it straight into the comment. A test case for TCK
	will be provided separately that tests this.

	nwfilter: Extend XML parser and generator w/ comment attribute
	The patch below extends the XML parser and generator so that every protocol
	now can have a comment node. Comments are limited to 256 characters.

2010-10-01  Eric Blake  <eblake@redhat.com>

	build: fix example build on MacOS X
	Partial reversion of commit 76d87a59, now that bootstrap is smarter.
	* .gnulib: Update to latest, for poll and bootstrap fixes.
	* bootstrap: Resync from gnulib.
	* autogen.sh: Drop redundant tool checks; bootstrap does them
	better, by honoring environment variables.
	* examples/domain-events/events-c/Makefile.am (INCLUDES)
	(event_test_LDADD): Use gnulib library during build.
	* bootstrap.conf (gnulib_tool_option_extras): Revert --libtool
	addition, now that updated bootstrap does it for us.
	Reported by Justin Clift.

2010-09-29  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: Checking for NULL values when building new guest
	When creating a new gust, the function phypBuildLpar() was not
	checking for NULL values
	src/phyp/phyp_driver.c: check the definition arguments to avoid a segmentation
	  fault in phypBuildLpar()

2010-09-29  Justin Clift  <jclift@redhat.com>

	configure: tweak logic flow of virtport check
	This fixes a small logic bug, where passing --without-macvtap
	on the configure line, or otherwise indicating a lack of
	support for macvtap, causes configure to bail.

	mpath: disable devmapper-multipath checking on non-linux
	The configure script was breaking on MacOS X unless passed:
	  --without-storage-mpath
	This patch leverages Stefan Bergers earlier work for nwfilter,
	so non-linux systems don't even attempt to build multipath.

2010-09-29  Stefan Berger  <stefanb@us.ibm.com>

	Rework configure logic for virtualport support
	In this patch I am reworking the logic around detecting virtual port support and requiring the libnl dependency.
	- It requires --with-macvtap and displays an error in case of --without-macvtap --with-virtualport.
	- It tests for availability of certain data in include files and displays an error in case the include file is not at the correct level and --with-virtualport was chosen
	- displays 'checking' messages for macvtap and virtualport support and results
	- libnl support is required when macvtap is found or requested; if libnl is not there, please supply without-macvtap

2010-09-29  Justin Clift  <jclift@redhat.com>

	mac os x: use awk selected by build system rather than first in path
	Prior to this patch, the ChangeLog generation was hard coded to use
	"awk", when it should have been using the AWK variable set by our
	build system.
	This breaks compilation on a newly installed OS X system, where the
	default path has the Mac (non GNU) awk in the default search PATH
	before any installed GNU awk (gawk).

2010-09-28  Justin Clift  <jclift@redhat.com>

	nwfilter: remove recently added workaround define for macos x
	This reverses commit 04c3704, which added a define to nwfilter to
	allow libvirtd compilation on Mac OS X.  Stefan Bergers commit, 2e7294d,
	is the proper solution, removing the requirement for nwfilter on non-Linux.

	virtualbox: fix a typo in the expected location on mac os x
	Mac OS X provides an "/Applications" folder, not an "/Application" folder,
	so installed VirtualBox wasn't being detected by default.
	This 1 character patch fixes this.

2010-09-28  Dan Kenigsberg  <danken@redhat.com>

	python: drop unnecessary conn assignment
	Since 554d82a200289938d5639a782a9f12e3e2e968f0, conn is unused. Let's
	drop it - but keep the signature of the constructor for backward
	compatibility.

2010-09-28  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Don't compile nwfilter driver on other systems than Linux
	Don't compile the nwfilter driver (instantiating the rules) on other systems than Linux.

2010-09-27  Justin Clift  <jclift@redhat.com>

	nwfilter: add a missing define, so libvirtd builds on macos x
	The nwfilter code uses ETH_ALEN, which isn't defined on MacOS X.
	This is a simple workaround, to add it when missing.

2010-09-25  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: report if ip(6)tables rules would not be active
	The patch below reports a warning in the log if the generated ip(6)tables rules would not be effective due to the proc filesystem entries
	    /proc/sys/net/bridge/bridge-nf-call-iptables
	    /proc/sys/net/bridge/bridge-nf-call-ip6tables
	containing a '0'. The warning tells the user what to do. I am rate-limiting the warning message to appear only every 10 seconds.

2010-09-24  Jamie Strandboge  <jamie@canonical.com>

	app-armor: add 'rw' for appropriate devices
	Description: Check for VIR_DOMAIN_CHR_TYPE in serial ports and add 'rw' for
	defined serial ports, parallel ports and channels
	Bug-Ubuntu: LP: #578527, LP: #609055

	add extra tests to virt-aa-helper-test for new '-p' option

2010-09-24  Eric Blake  <eblake@redhat.com>

	docs: grammar cleanups on logging examples
	* docs/logging.html.in: Fix spelling and grammar.

2010-09-23  Philipp Hahn  <hahn@univention.de>

	Fix spelling of Xen in comments

2010-09-23  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	* .gnulib: Update to latest.
	* bootstrap.conf (gnulib_modules): Add new termios module.
	(gnulib_tool_option_extras): Make libtool usage explicit.
	* src/util/util.c (includes): Gnulib now guarantees termios.h.
	* bootstrap: Resync from gnulib.

2010-09-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Allow '-' in VMX entry names
	Add a test for this.
	Reported by Frank Dirks.

2010-09-23  Chris Wright  <chrisw@redhat.com>

	pciFindStubDriver should return NULL on error
	pciFindStubDriver currently returns 0 in one of the error cases.
	While it's correct...NULL is more readable.

2010-09-23  Jiri Denemark  <jdenemar@redhat.com>

	libvirt-guests: start late and stop early
	libvirt-guests init script should be started as late as possible during
	host startup and stopped as early as possible during host shutdown to
	make sure required services are already/still up and running at the time
	libvirt-guests runs.

2010-09-23  Daniel P. Berrange  <berrange@redhat.com>

	Make SASL work over UNIX domain sockets
	The addrToString methods were not coping with UNIX domain sockets
	which have no normal host+port address. Hardcode special handling
	for these so that SASL routines can work over UNIX sockets. Also
	fix up SSF logic in remote client so that it presumes that a UNIX
	socket is secure
	* daemon/remote.c: Fix addrToString for UNIX sockets.
	* src/remote/remote_driver.c: Fix addrToString for UNIX sockets
	  and fix SSF logic to work for TLS + UNIX sockets in the same
	  manner

	Refactor some daemon code to facilitate introduction of static probes
	Refactor some daemon code to facilitate the introductioin of static
	probes, sanitizing function exit paths in many places
	* daemon/libvirtd.c: Pass the dname string into remoteCheckDN
	  to let caller deal with failure paths. Add separate exit paths
	  to remoteCheckCertificate for auth failure vs denial. Merge
	  all exit paths in qemudDispatchServer to one cleanup block
	* daemon/remote.c: Add separate exit paths to SASL & PolicyKit
	  functions for auth failure vs denial

2010-09-22  Eric Blake  <eblake@redhat.com>

	nodeinfo: work when hot-plugging is disabled
	Fixes https://bugzilla.redhat.com/show_bug.cgi?id=635857.
	* src/nodeinfo.c (cpu_online): Allow missing directory for all
	CPUs, not just cpu0.

2010-09-22  Stefan Berger  <stefanb@us.ibm.com>

	This patch fixes a bug appearing on big endian machines where the returned XML is not the one that is expected (see test/nwfilterxml2xmltest). The problem is due to for example the casting of pointers to unsigned integers to void * and then back to 16 bit integers.

2010-09-17  Eric Blake  <eblake@redhat.com>

	tests: silence qemuargv2xmltest noise
	Before this patch, the testsuite was noisy:
	TEST: qemuargv2xmltest
	      ........................................ 40
	      ................20:41:28.046: warning : qemuParseCommandLine:6565 : unknown QEMU argument '-unknown', adding to the qemu namespace
	20:41:28.046: warning : qemuParseCommandLine:6565 : unknown QEMU argument 'parameter', adding to the qemu namespace
	.                        57  OK
	PASS: qemuargv2xmltest
	It's not a real failure (which is why the test was completing
	successfully), so much as an intentional warning to the user that use
	of the qemu namespace has the potential for undefined effects that
	leaked through the default logging behavior.  After this patch series,
	all tests can access any logged data, and this particular test can
	explicitly check for the presence or absence of the warning, such that
	the test output becomes:
	TEST: qemuargv2xmltest
	      ........................................ 40
	      .................                        57  OK
	PASS: qemuargv2xmltest
	* tests/testutils.h (virtTestLogContentAndReset): New prototype.
	* tests/testutils.c (struct virtTestLogData): New struct.
	(virtTestLogOutput, virtTestLogClose, virtTestLogContentAndReset):
	New functions.
	(virtTestMain): Always capture log data emitted during tests.
	* tests/qemuargv2xmltest.c (testCompareXMLToArgvHelper, mymain):
	Use flag to mark which tests expect noisy stderr.
	(testCompareXMLToArgvFiles): Add parameter to test whether stderr
	was appropriately silent.

	tests: clean up qemuargv2xmltest
	Since commit 107a7bd06bc, the extraFlags argument was unused.
	* tests/qemuargv2xmltest.c (DO_TEST): Drop extraFlags argument.
	Adjust all callers.

2010-09-16  Justin Clift  <jclift@redhat.com>

	docs: reworked the policykit patch submitted by Patrick Dignan
	Tweaked the PolicyKit documentation improvement patch submitted
	by Patrick Dignan.
	Additionally, removed the reference to PolicyKit.conf, which is
	no longer used by PolicyKit, plus added a link to the expanded
	PolicyKit example page on the wiki.

	docs: fix the xml validity errors regarding name and id
	Got sick of seeing the "validity error : ID Objects already defined"
	errors, which this patch addresses.

2010-09-16  Eric Blake  <eblake@redhat.com>

	build: avoid non-portable IPv6 struct member, for MacOS X
	* src/util/network.c (getIPv6Addr): Manually join s6_addr bytes,
	instead of assuming s6_addr16 shorts.
	Reported by Justin Clifton; solution suggested by Bruno Haible.

2010-09-16  Justin Clift  <jclift@redhat.com>

	virsh: change wexitstatus order to allow compilation on mac osx
	This is the simple fix Daniel Veillard suggested last year:
	  http://www.redhat.com/archives/libvir-list/2009-May/msg00459.html

	libvirtd: improve the error message displayed on tls client auth failure
	This address BZ # 556599:
	  https://bugzilla.redhat.com/show_bug.cgi?id=556599

2010-09-14  Eric Blake  <eblake@redhat.com>

	maint: silence warning from libtool
	I got tired of seeing this.
	config.status: executing libtool commands
	/bin/rm: cannot remove `libtoolT': No such file or directory
	config.status: executing po-directories commands
	While I was at it, there were a couple other unused variables.
	* configure.ac (RM, MV, TAR): Drop; nothing in libvirt directly uses
	this, and assigning RM interferes with libtool.

2010-09-14  Soren Hansen  <soren@linux2go.dk>

	Rebuild network filter for UML guests on updates
	When nwfilter support was added to UML, I didn't realise the UML driver
	needed instrumentation to make updating nwfilters on the fly work. This
	patch adds this bit of glue.

2010-09-14  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Use virBuffer for generating XML
	cmdAttachInterface and cmdAttachDisk still used vshRealloc and sprintf
	for generating XML, which is hardly maintainable. Let's get rid of this
	old code.

2010-09-14  Eric Blake  <eblake@redhat.com>

	build: use portable sed expressions
	* src/Makefile.am (libvirt.def, libvirt_qemu.def): '\}' and '\t'
	are not required by POSIX.  Use '}' and literal tab instead.
	(install-data-local): Avoid sed -i.
	* tests/read-bufsiz: Likewise.
	Reported by Mitchell Hashimoto.

2010-09-14  Justin Clift  <jclift@redhat.com>

	docs: improve wording for the dev guide
	Wording tweak suggested by David Jorm, author of the libvirt App Dev Guide.

2010-09-13  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix preprocessor indentation

2010-09-10  Justin Clift  <jclift@redhat.com>

	docs: add the app dev guide
	Added a workable initial page for the libvirt Application
	Development Guide, giving the online viewable options +
	the available download ones (pdf, epub, srpm).
	Added a link to the PDF to the main Downloads page, plus
	neatened the html tags throughout the page as they
	were a bit of a mess.
	Added --enable-compile-warnings=error to the autogen line,
	as suggested by Eric Blake.

2010-09-10  Daniel Veillard  <veillard@redhat.com>

	Libvirt release 0.8.4
	update news, spec and french localizaton

2010-09-10  Cole Robinson  <crobinso@redhat.com>

	buf: Fix possible infinite loop in EscapeString, VSnprintf
	The current code will go into an infinite loop if the printf generated
	string is >= 1000, AND exactly 1 character smaller than the amount of free
	space in the buffer. When this happens, we are dropped into the loop body,
	but nothing will actually change, because count == (buf->size - buf->use - 1),
	and virBufferGrow returns unchanged if count < (buf->size - buf->use)
	Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
	the NULL byte for us anyways, so we shouldn't need to manually accommodate
	for it.
	Here's a bug where we are actually hitting this issue:
	https://bugzilla.redhat.com/show_bug.cgi?id=602772
	v2: Eric's improvements: while -> if (), remove extra va_list variable,
	    make sure we report buffer error if snprintf fails
	v3: Add tests/virbuftest which reproduces the infinite loop before this
	    patch, works correctly after

2010-09-10  Guido Günther  <agx@sigxcpu.org>

	Fix block statistics with newer versions of Xen
	Apparently the xen block device statistics moved from
	"/sys/devices/xen-backend/vbd-%d-%d/statistics/%s"
	to
	"/sys/bus/xen-backend/devices/vbd-%d-%d/statistics/%s"
	* src/xen/block_stats.c: try the extra path in case of failure to
	  find the statistics in /sys

2010-09-10  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Option for overriding disk type in attach-disk
	Unless --driver tap|file option was given to attach-disk, virsh would
	generate <disk type='block'> XML which might be fine for Xen but not for
	other hypervisors. This patch introduces a new option --sourcetype which
	can be used to explicitly set the type of disk source. The option
	accepts either "file" or "block" types.

2010-09-10  Daniel P. Berrange  <berrange@redhat.com>

	Fix dependancies for remote generated files
	Very occasionally during a parallel make, dispatch.c would
	be compiled before the generated remote headers had been
	fully written. This would cause it to compile an empty
	union, and result in really wierd runtime bugs that are
	near impossible to diagnose.
	* daemon/Makefile.am: Fix remote build deps

	Ensure remote daemon unions are always non-zero length
	If the remote daemon args/ret unions ever become zero length
	(due to a build / Makefile bug) then bad stuff happens at
	runtime. Add a compile time assertion to check for this kind
	of problem
	* daemon/remote.h: Ensure non-zero length unions

	Fix off-by-1 in QEMU boot arg array handling
	A QEMU guest can have upto VIR_DOMAIN_BOOT_LAST boot entries
	defined. When building the QEMU arg, each entry takes a
	single byte. This means the array must be declared to be
	VIR_DOMAIN_BOOT_LAST+1 bytes in length to allow for the
	trailing null
	* src/qemu/qemu_conf.c: Fix off-by-1 boot arg array size

2010-09-10  Jiri Denemark  <jdenemar@redhat.com>

	bridge: Fix static-only DHCP configuration
	For static-only DHCP, i.e. with no <range> but at least one <host>
	element within <dhcp> element, we have to add "--dhcp-range IP,static"
	option to dnsmasq to actually enable the service. Without this option,
	dnsmasq will not respond to DHCP requests.

2010-09-10  Luiz Capitulino  <lcapitulino@redhat.com>

	qemu: qemuMonitorJSONEjectMedia(): Fix arguments' type
	QMP in QEMU 0.13 has been fixed to enforce type correctness,
	this means that boolean types must be true or false, not
	integers.

	qemu: qemuMonitorJSONMigrate(): Fix arguments' type
	QMP in QEMU 0.13 has been fixed to enforce type correctness,
	this means that boolean types must be true or false, not
	integers.

2010-09-10  Soren Hansen  <soren@linux2go.dk>

	Add nwfilter support to UML driver
	Extend user-mode-linux driver to support nwfilter.

2010-09-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	test: Don't overwrite storage volume target path and key
	Only generate target path and key when they are not defined
	in the XML config.

2010-09-09  Daniel Veillard  <veillard@redhat.com>

	Remove hack to get static binaries in DV environment

2010-09-08  Justin Clift  <jclift@redhat.com>

	Moved my name up to the primary list, as I have commit rights now.
	As recommended by Eric. :)

2010-09-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Use SessionIsActive when available
	Before this commit SessionIsActive was not used because ESX(i)
	doesn't implement it. vCenter supports SessionIsActive, so use
	it here, but keep the fall back mechanism for ESX(i) and GSX.

	esx: Fall back to path as key when QueryVirtualDiskUuid isn't available
	QueryVirtualDiskUuid is only available on an ESX(i) server. vCenter
	returns an NotImplemented fault and a GSX server is missing the
	VirtualDiskManager completely. Therefore only use QueryVirtualDiskUuid
	with an ESX(i) server and fall back to path as storage volume key for
	vCenter and GSX server.

2010-09-08  Eric Blake  <eblake@redhat.com>

	mingw: match recent changes in spec file
	* libvirt.spec.in (%file): List new installed files.
	* configure.ac (with_init_script): Assume default of none when
	cross-compiling.

2010-09-07  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix permissions of sysconfig files

2010-09-05  Daniel Veillard  <veillard@redhat.com>

	Update of localization files
	- Updated dutch, spanish and russian, regenerated the po/pot files

2010-09-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Use the VirtualDisk UUID as storage volume key
	VirtualDisks are .vmdk file based. Other files in a datastore
	like .iso or .flp files don't have a UUID attached, fall back
	to the path as key for them.

	esx: Add .vmdk storage volume creation

2010-09-04  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	OpenVZ: add ethernet interface type support
	This patch adds support for ethernet interface type to OpenVZ domains
	as stated in this previous message: http://www.redhat.com/archives/libvir-
	list/2010-July/msg00658.html

2010-09-03  Eric Blake  <eblake@redhat.com>

	build: avoid uninitialized variable warning
	* src/vbox/vbox_tmpl.c (vboxAttachDrives): Capture return value.

2010-09-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Rework datastore path parsing and handling
	Instead of splitting the path part of a datastore path into
	directory and file name, keep this in one piece. An example:
	  "[datastore] directory/file"
	was split into this before:
	  datastoreName = "datastore"
	  directoryName = "directory"
	  fileName = "file"
	Now it's split into this:
	  datastoreName = "datastore"
	  directoryName = "directory"
	  directoryAndFileName = "directory/file"
	This simplifies code using esxUtil_ParseDatastorePath, because
	directoryAndFileName is used more often than fileName. Also the
	old approach expected the datastore path to reference an actual
	file, but this isn't always correct, especially when listing
	volumes. In that case esxUtil_ParseDatastorePath is used to parse
	a path that references a directory. This fails for a vpx://
	connection because the vCenter returns directory paths with a
	trailing '/'. The new approach is robust against this and the
	actual decision if the datastore path should reference a file or
	a directory is up to the caller of esxUtil_ParseDatastorePath.
	Update the tests accordingly.

2010-09-03  Eric Blake  <eblake@redhat.com>

	vbox: factor a large function
	* src/vbox/vbox_tmpl.c (vboxDomainDefineXML): Split...
	(vboxSetBootDeviceOrder, vboxAttachDrives, vboxAttachSound)
	(vboxAttachNetwork, vboxAttachSerial, vboxAttachParallel)
	(vboxAttachVideo, vboxAttachDisplay, vboxAttachUSB): ...into new
	helper functions.

	lxc: avoid large stacks with veth creation
	* src/lxc/veth.h (vethCreate): Change prototype.
	* src/lxc/veth.c (vethCreate): Always malloc veth2, and allocate
	veth1 if needed.
	(getFreeVethName): Adjust signature, and use virAsprintf.
	* src/lxc/lxc_driver.c (lxcSetupInterfaces): Adjust caller.

2010-09-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix generator for string return values
	Distinguish between strings as parameters (const char *)
	and strings as return values (char **).

2010-09-02  Eric Blake  <eblake@redhat.com>

	openvz: use virAsprintf to avoid large stacks
	* src/openvz/openvz_conf.c (openvzLocateConfFile): Alter
	signature.
	(openvzGetVPSUUID, openvzSetDefinedUUID)
	(openvzWriteVPSConfigParam, openvzReadVPSConfigParam)
	(openvzCopyDefaultConfig): Adjust callers.

	openvz: formatting cleanups
	* src/openvz/openvz_conf.c: Whitespace fixes.
	* src/openvz/openvz_driver.c: Likewise.

	network: use virAsprintf when appropriate
	* src/conf/network_conf.c (virNetworkAllocateBridge): Avoid
	limited buffer from snprintf.

	build: add some modules
	snprintf is currently implicitly picked up by getaddrinfo, but we
	might as well make it explicit so that mingw doesn't break if
	getaddrinfo changes to drop the dependency.
	func doesn't matter for gcc compilation, but may help other compilers
	cope with our use of __func__.
	* bootstrap.conf (gnulib_modules): Add snprintf and func.

2010-09-01  Ryan Harper  <ryanh@us.ibm.com>

	virsh: remove driver check from attach-disk command
	Virsh shouldn't check for driver support but rather let the backend handled this.
	After removing the check, I can successfully attach file-based images to a qemu
	VM with attach-disk.
	% virsh attach-disk vm2 /images/test02.img vdc --driver qemu --type disk --subdriver raw
	Disk attached successfully
	This command generates the following XML:
	<disk type='block' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source dev='/images/test02.img'/>
	      <target dev='vdc' bus='virtio'/>
	      <alias name='virtio-disk2'/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
	</disk>

2010-09-01  Soren Hansen  <soren@linux2go.dk>

	Use global directory as UML's monitorDir for privileged connections
	For privileged UML connections (uml:///system), we shouldn't use root's
	home dir, but rather somewhere in /var/run/libvirt/uml-guest.
	https://bugzilla.redhat.com/show_bug.cgi?id=499536

	Explicitly pass uml_dir argument to user-mode-linux
	uml_dir overrides user-mode-linux's default of ~/.uml. This is needed
	for a couple of different reasons:
	libvirt expects this to default to virGetUserDirectory(geteuid()) +
	'/.uml'. However, user-mode-linux actually uses the HOME environment
	variable to determine where to look for the uml sockets, but if running
	libvirtd under sudo (which I routinely do during development), $HOME is
	pointing at my user's homedir, while my euid is 0, so libvirt looks in
	/root.
	Also (and this was my actual motivation for this patch), if HOME isn't
	set at all, user-mode-linux utterly fails. Looking at the code, it seems
	it's meant to emit a warning, but alas, it doesn't for some reason.
	If running libvirtd from upstart, HOME is not set, so any system using
	upstart will need this change.

2010-09-01  Eric Blake  <eblake@redhat.com>

	maint: track moved file
	* daemon/.gitignore: Move libvirt-guests.init...
	* tools/.gitignore: ...to its new location.

2010-08-31  Jim Fehlig  <jfehlig@novell.com>

	Add tests for Xen's blktap2 implementation
	xml2sexpr and sexpr2xml tests for blktap2

	Add blktap2 support to xend driver
	Xen4.0 includes a new blktap2 implementation, which is specified
	with 'tap2' prefix.  AFAICT it's configuration syntax is identical
	to blktap, with exception of 'tap2' vs 'tap' prefix.  This patch
	takes the simple approach of accepting and generating sexp
	containing 'tap2' prefix.

2010-08-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Map the .vmx annotation to the domain XML description
	Take care of escaping '"' and '|' (the escape character).
	Add tests for this.

	Move hextobin as virHexToBin to util.c
	virHexToBin will be used in the .vmx handling code.

2010-08-27  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	PHYP: Bad comparison when checking for existing domain name
	When creating a new domain from XML, the check for an existing
	domain name should compare the return of the function to a valid
	LPAR ID (!= -1) and not to error (== -1).

2010-08-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix esxVI_BuildSelectSet's invalid argument check
	The check was altered in 8c48743b9737ad4d246ab6043fd299316f9a2091
	and got too strict, I've no clue how that snuck in. This check
	makes every try to open a connection using the ESX driver fail
	with an invalid argument error.
	Revert the change to the check and add a comment to prevent future
	mistakes with this check.

	esx: Add read-only storage volume access
	This allows to list existing volumes and to retrieve information
	about them.

2010-08-25  Jiri Denemark  <jdenemar@redhat.com>

	Move libvirt-guests init script and config to tools
	Since libvirt-guests init script and its configuration do not require
	libvirtd to be running/installed, it was a bad idea to put them into
	daemon directory. libvirt.spec even includes these files in
	libvirt-client subpackage, which may result in build failure for
	client-only builds when the whole daemon directory is just skipped.

	spec: Fix undefined with_libnl
	When building libvirt RPM without macvtap, with_libnl would be
	undefined.

2010-08-25  Soren Hansen  <soren@linux2go.dk>

	Support virDomainAttachDevice and virDomainDetachDevice for disks in UML
	UML supports hot plugging and unplugging of various devices. This patch
	exposes this functionality for disks.

	Rename qemudShrinkDisks to virDomainDiskRemove and move to domain_conf.c
	Other drivers will need this same functionality, so move it to up to
	conf/domain_conf.c and give it a more general name.

2010-08-25  Serge Hallyn  <serge.hallyn@canonical.com>

	docs: fix lxc examples
	* docs/drvlxc.html.in: Use correct VM name, and mention that
	libvirt_lxc might be in an alternate location.

2010-08-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of sparse NUMA topologies
	When finding a sparse NUMA topology, libnuma will return ENOENT
	the first time it is invoked. On subsequent invocations it
	will return success, but with an all-1's CPU mask. Check for
	this, to avoid polluting the capabilities XML with 4096 bogus
	CPUs
	* src/nodeinfo.c: Check for all-1s CPU mask

	Log return value for virConnectGetCapabilities
	Enabling debug doesn't show the capabilities XML for a connection.
	Add an extra debug statement for the return value
	* src/libvirt.c: Enable debug logging of capabilities XML

	Try harder to send RPC error message back to client
	When failing to serialize the normal RPC reply, try harder to
	send a error message back to the client, instead of immediately
	closing the connection.
	* daemon/dispatch.c: Improve error messages when RPC reply
	  can not be sent

	Add explicit warning messages when failing to serialize to XDR
	When libvirtd fails to serialize a message to XDR the client
	connection is terminated immediately. To enable this to be
	diagnosed, log the message which caused the problem on the
	server
	* daemon/dispatch.c: Log XDR serialization failures

2010-08-24  Soren Hansen  <soren@linux2go.dk>

	Allow chardev of type 'file' for UML domains.
	Like the comment suggested, we just open the file and pass the file
	descriptor to uml. The input "stream" is set to "null", since I couldn't
	find any useful way to actually use a file for input for a chardev and
	this also mimics what e.g. QEmu does internally.

2010-08-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Improve object-by-type lookup performance
	Instead of using one big traversal spec for lookup use a set of
	more fine grained traversal specs that are selected based on the
	actual needs of the lookup.
	This gives up to 20% speedup for certain operations like domain
	listing due to less HTTP(S) traffic.

2010-08-24  Jiri Denemark  <jdenemar@redhat.com>

	xen tests: Fix PV-VFB tests with RHEL-5 API
	RHEL-5 Xen doesn't support the old style vnc configuration. In sexpr, we
	can't really check it with rhel5-api turned on. However, for XM
	configuration files it's sufficient to use cfg version 1 instead of 2.

	xml2sexprtest: Remove graphics from unrelated tests
	This caused unnecessary make check failures when libvirt is configured
	--with-rhel5-api

	xen tests: Fix missing "type ioemu" with rhel5-api
	The most common cause of errors with rhel5-api turn on was missing
	"(type ioemu)" in sexpr or its equivalent in XM configuration file. This
	happens because the presence of that part in sexpr (or cfg) depends on
	xen version the host is running. Let's avoid it by explicitly specifying
	interface model which ensures "type ioemu" will always be emitted.
	This patch adds
	    <model type='e1000'/>
	withing the interface element in all affected xml files. And
	    (model 'e1000')
	to all corresponding sexpr files with similar fix to cfg files. Such
	configuration works regardless on Xen version.

	nodeinfotest: Print libvirt error on failure
	If linuxNodeInfoCPUPopulate() fails, the test would just print "FAILED"
	which is not very informative. It's better to print the real error.

2010-08-24  Eric Blake  <eblake@redhat.com>

	xenapi: support xenapi 5.6.0 headers
	* src/xenapi/xenapi_driver.c (xenapiDomainGetInfo): Avoid using
	XEN_VM_POWER_STATE_UNKNOWN, which disappeared in newer xenapi.
	* src/xenapi/xenapi_utils.c (mapPowerState): Likewise.

2010-08-23  Daniel P. Berrange  <berrange@redhat.com>

	Add support for -enable-kqemu flag
	Previously QEMU enabled KQEMU by default and had -no-kqemu.
	0.11.x switched to requiring -enable-kqemu. 0.12.x dropped
	kqemu entirely. This patch adds support for -enable-kqemu
	so 0.11.x works. It replaces a huge set of if() with a
	switch() to make the code a bit more readable.
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Support
	  -enable-kqemu

2010-08-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Use MD5 sum of mount path as storage pool UUID
	With the previous storage pool UUID source not all storage pools
	had a proper UUID, especially GSX storage pools. The mount path
	is unique per host and cannot change during the lifetime of the
	datastore. Therefore, it's MD5 sum can be used as UUID.
	Use gnulib's crypto/md5 module to generate the MD5 sum.

	esx: Make sure dumpxml outputs proper ID for active domains

	xenapi: Fix compile error in previous commit

2010-08-21  Jim Fehlig  <jfehlig@novell.com>

	Add actions to virDomainLifecycle enum
	Xen supports on_crash actions coredump-{destroy,restart}.  libvirt
	cannot parse config returned by xend that contains either of these
	actions
	xen52 # xm li -l test | grep on_crash
	    (on_crash coredump-restart)
	xen52 # virsh dumpxml test
	error: internal error unknown lifecycle type coredump-restart
	This patch adds a new virDomainLifecycleCrash enum and appends
	the new options to existing destroy, restart, preserve, and
	rename-restart options.

2010-08-20  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Remove code duplication
	We already filled the PCI address structure when we checked whether it's
	free or not, so let's just use the structure here instead of filling it
	again.

	qemu: Check for errors when converting PCI address to string

	qemu: Fix JSON migrate_set_downtime command

2010-08-20  Eric Blake  <eblake@redhat.com>

	vbox: factor a large function
	* src/vbox/vbox_tmpl.c (vboxDomainCreateWithFlags): Split...
	(vboxStartMachine): ...into new helper.

	vbox: add location used in rpmfusion release
	* configure.ac (vbox_xpcomc_dir): Add another potential dir.

	xenapi: avoid sprintf
	* src/xenapi/xenapi_utils.h (createVifNetwork): Delete prototype.
	* src/xenapi/xenapi_utils.c (createVifNetwork): Change signature,
	and use virAsprintf.  Detect allocation failure.
	(createVMRecordFromXml): Adjust caller.

	storage: avoid s[n]printf
	* src/storage/storage_backend.c (virStorageBackendCreateQemuImg)
	(virStorageBackendCreateQcowCreate): Use virAsprintf instead.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskCreateVol, virStorageBackendDiskPartFormat):
	Likewise.

	maint: whitespace cleanups
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskPartFormat): Fix spacing.

	build: delete dead comments
	* src/qemu/qemu_driver.c (qemudGetProcessInfo): Clean up.
	* src/uml/uml_driver.c (umlGetProcessInfo): Likewise.
	* src/xen/sexpr.c (_string2sexpr): Likewise.

2010-08-20  Patrick Dignan  <pat_dignan@dell.com>

	storage: add support for Vendor and Model in XML
	I wrote a patch to add support for listing the Vendor and Model of a
	storage pool in the storage pool XML.  This would allow vendor
	extensions of specific devices.  The patch includes a test for the new
	attributes as well.
	Patrick Dignan

2010-08-20  Eric Blake  <eblake@redhat.com>

	uml: fix logic bug in checking reply length
	* src/uml/uml_driver.c (umlMonitorCommand): Validate that enough
	bytes were read to dereference both res.length, and that many
	bytes from res.data.
	Reported by Soren Hansen.

	nwfilter: use consistent OOM reporting
	* src/nwfilter/nwfilter_driver.c (nwfilterLog): Delete.
	(nwfilterDriverStartup): Use virReportOOMError instead.

2010-08-19  Eric Blake  <eblake@redhat.com>

	build: fix compiler warning
	node_device/node_device_driver.c: In function 'nodeDeviceVportCreateDelete':
	node_device/node_device_driver.c:423: error: implicit declaration of function 'stat' [-Wimplicit-function-declaration]
	* src/node_device/node_device_driver.c (includes): Add <sys/stat.h>.

2010-08-18  Daniel Veillard  <veillard@redhat.com>

	xen: Fix scheduler setting problems
	Doing `virsh schedinfo rhel5u3 --cap 65535' the hypervisor does the
	call, but does not change the value nor raise an error. Best is just to
	consider it's not in the allowed values. The problem is that the error
	won't be output since the xend driver will then be called and raise an
	error
	    error: this function is not supported by the hypervisor: unsupported
	    in xendConfigVersion < 4
	which will override the useful information from
	xenUnifiedDomainSetSchedulerParameters(). So best is to also invert the
	order in which the xen sub-drivers are called.
	* src/xen/xen_hypervisor.c: mark 65535 cap value as out of bound
	* src/xen/xen_hypervisor.c: reverse the order of the calls to the xen
	  sub drivers to get the error message if needed

2010-08-18  Jiri Denemark  <jdenemar@redhat.com>

	nodedev: Free the right pointers when getting WWNs fails

2010-08-18  Dave Allan  <dallan@redhat.com>

	nodedev: Fix sysfs paths for vport operations
	Some kernels, such as the one used in RHEL-5, have vport_create and
	vport_delete operation files in /sys/class/scsi_host/hostN directory
	instead of /sys/class/fc_host/hostN. Let's check both paths for
	compatibility reasons.
	This also removes unnecessary '/' characters from sysfs paths containing
	LINUX_SYSFS_FC_HOST_PREFIX.

2010-08-18  Daniel Berrange  <berrange@redhat.com>

	xen: Fix device count on detach

	remote: Fix incorrect use of private data field
	NodeDeviceCreateXML and NodeDeviceDestroy methods added for NPIV were
	using the wrong privateData field for the remote driver. This doesn't
	impact KVM, since the remote driver handles everything, thus
	privateData == devMonPrivateData. It does impact Xen though, because
	the remote driver only handles a subset of methods and thus
	privateData != devMonPrivateData.

2010-08-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix memory leak when looking up an non-existing domain by name
	In case an optional object cannot be found the lookup function is
	left early and the cleanup code is not executed.
	This pattern occurs in some other functions too.

2010-08-18  Chris Lalancette  <clalance@redhat.com>

	Fix up qemu domain save/managed save locking.
	The current version of the qemu managed save implementation
	is subject to a race where the domain shuts down between
	the time that we start the command and the time that we
	actually try to do the save.  Close this race by making
	qemuDomainSaveFlags() expect both the driver and the passed-in
	vm object to be locked before executing.

2010-08-17  Eric Blake  <eblake@redhat.com>

	docs: mention domain <clock> improvements
	Add documentation for features added a while ago.
	* docs/formatdomain.html.in (Time keeping): Update documentation
	of <clock> element to match 0.8.0 addition.

2010-08-17  Stefan Berger  <stefanb@us.ibm.com>

	cygwin: build fix
	Fixing a problem in the build on cygwin due to missing #define's.

2010-08-17  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix copy&paste error in warning message
	This also makes the message consistent with the message used in error
	path of qemudDomainAttachHostPciDevice.

	qemu: Release PCI slot when detaching disk and net devices

	qemu: Re-reserve all PCI addresses on libvirtd restart
	When reconnecting to existing VMs, we re-reserved only those PCI
	addresses which were explicitly mentioned in domain XML. Since some
	addresses are always reserved (e.g., 0:0:0 and 0:0:1), we need to handle
	those too.
	Also all this should only be done if device flag is supported by qemu.

2010-08-17  Jamie Strandboge  <jamie@canonical.com>

	build: fix AppArmor compilation
	* src/security/virt-aa-helper.c: Add missing include.

2010-08-17  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: extend nwfilter reload support
	In this patch I am extending and fixing the nwfilter module's reload support to stop all ongoing threads (for learning IP addresses of interfaces) and rebuild the filtering rules of all interfaces of all VMs when libvirt is started. Now libvirtd rebuilds the filters upon the SIGHUP signal and libvirtd restart.
	About the patch: The nwfilter functions require a virConnectPtr. Therefore I am opening a connection in qemudStartup, which later on needs to be closed outside where the driver lock is held since otherwise it ends up in a deadlock due to virConnectClose() trying to lock the driver as well.
	I have tested this now for a while with several machines running and needing the IP address learner thread(s). The rebuilding of the firewall rules seems to work fine following libvirtd restart or a SIGHUP. Also the termination of libvirtd worked fine.

2010-08-15  Eric Blake  <eblake@redhat.com>

	build: allow mingw VPATH build
	* .gnulib: Update to latest.
	Reported by Matthias Bolte.

2010-08-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Explicitly disable unused floppy devices
	floppy0.present defaults to true. Therefore, it needs to be
	explicitly set to false when the XML config doesn't specify the
	corresponding floppy device.
	Also update tests accordingly.

	Generate libvirt_qemu.def from libvirt_qemu.syms for MinGW builds

2010-08-15  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	PHYP: Add rudimentary network driver
	I changed virStorage[Open|Close] to virVIOSDriver[Open|Close] so
	the network driver can use it - since the network driver deals
	with Open/Close in the same way.

2010-08-15  Soren Hansen  <soren@linux2go.dk>

	Make umlConnectTapDevice ask brAddTap for a persistent tap device.
	This patch does two things:
	 * It makes umlConnectTapDevice ask brAddTap for a persistent tap by
	   passing it a NULL tapfd argument.
	 * Stops umlConnectTapDevice from immediately dismantling the bridge
	   it just set up.

	Close fd's of persistent tap devices
	When passing a NULL tapfd argument to brAddTap, we need to close the fd
	of the tap device. If we don't, libvirt will keep the fd open
	indefinitely and renders the the guest unable to configure its side of
	the tap device.

	Make sure all command line arguments get passed to UML
	If umlBuildCommandLineChr fails (e.g. due to an unsupported chardev
	type), it returns NULL. umlBuildCommandLine does not check for this and
	sets this as an argument on the comand line, effectively ending the
	argument list. This patch checks for this case and sets the chardev to
	"none".

2010-08-14  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Discard class D,E IP addresses when sniffing pkts
	When sniffing the network traffic, discard class D and E IP addresses when sniffing traffic. This was a reason why filters were not correctly rebuilt on VMs on the local 192.* network when libvirt was restarted and those VMs did not use a DHCP request to get its IP address.

	nwfilter: serialize execution of scripts with ebtables cmds
	While testing the SIGHUP handling and reloading of the nwfilter driver, I found that when the filters are rebuilt and mutlipe threads handled the individual interfaces, concurrently running multiple external bash scripts causes strange failures even though the executed ebtables commands are working on different tables for different interfaces. I cannot say for sure where the concurrency problems are caused, but introducing this lock definitely helps.

2010-08-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	Only require XDR when building libvirtd or the remote driver

2010-08-13  Chris Lalancette  <clalance@redhat.com>

	Move the tunnelled migration unix socket to /var/lib/libvirt/qemu
	Since the qemu process is running as qemu:qemu, it can't actually
	look at the unix socket in /var/run/libvirt/qemu which is owned by
	root and has permission 700.  Move the unix socket to
	/var/lib/libvirt/qemu, which is already owned by qemu:qemu.
	Thanks to Justin Clift for test this out for me.

	Fix tunnelled migration with qemu running as qemu:qemu.
	The problem is that on the source of the migration, libvirtd
	is responsible for creating the unix socket over which the data
	will flow.  Since libvirtd is running as root, this file will
	be created as root.  When the qemu process running as qemu:qemu
	goes to access the unix file to write data to it, it will get
	permission denied and fail.  Make sure to change the owner
	of the unix file to qemu:qemu.
	Thanks to Justin Clift for testing this patch out for me.

2010-08-13  Stefan Berger  <stefanb@us.ibm.com>

	Fix valgrind complaints when using kill -SIGHUP on libvirtd
	This patch fixes a couple of complaints from valgrind when tickling libvirtd with SIGHUP.
	The first two files contain fixes for memory leaks. The 3rd one initializes an uninitialized variable. The 4th one is another memory leak.

2010-08-13  Daniel Veillard  <veillard@redhat.com>

	qemu: avoid calling the balloon info command if disabled
	 Basically a followup of the previous patch about balloon desactivation
	if desactivated, to not ask for balloon information to qemu as we will
	just get an error back.
	 This can make a huge difference in the time needed for domain
	information or list when a machine is loaded, and balloon has been
	desactivated in the guests.
	* src/qemu/qemu_driver.c: do not get the balloon info if the balloon
	  suppor is disabled

2010-08-12  Jiri Denemark  <jdenemar@redhat.com>

	bridge: Add --dhcp-no-override option to dnsmasq
	--dhcp-no-override description from dnsmasq man page:
	      Disable  re-use  of  the  DHCP servername and filename fields as
	      extra option space. If it can, dnsmasq moves the boot server and
	      filename  information  (from  dhcp-boot)  out of their dedicated
	      fields into DHCP options. This make extra space available in the
	      DHCP  packet  for options but can, rarely, confuse old or broken
	      clients. This flag forces "simple and safe" behaviour  to  avoid
	      problems in such a case.
	It seems some virtual network card ROMs are this old/buggy so let's add
	--dhcp-no-override as a workaround for them. We don't use extra DHCP
	options so this should be safe. The option was added in dnsmasq-2.41,
	which becomes the minimum required version.

2010-08-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Improve VMX file name parsing and formatting
	For parsing try to match by datastore mount path first, if that
	fails fallback to /vmfs/volumes/<datastore>/<path> parsing. This
	also fixes problems with GSX on Windows. Because GSX on Windows
	doesn't use /vmfs/volumes/ style file names.
	For formatting use the datastore mount path too, instead of using
	/vmfs/volumes/<datastore>/<path> as fixed format.

2010-08-12  Jiri Denemark  <jdenemar@redhat.com>

	bridge: Fix potential segfault when preparing dnsmasq arguments
	We add --dhcp-lease-max=xxx argument when network->def->nranges > 0 but
	we only allocate space for in the opposite case :-) I guess we are lucky
	enough to miscount somewhere else so that we actually allocate more
	space than we need since no-one has hit this bug so far.

2010-08-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Split VMX code into a general and an ESX specific part
	Introduce esxVMX_Context containing functions pointers to
	glue both parts together in a generic way.
	Move the ESX specific part to esx_driver.c.
	This is a step towards making the VMX code reusable in a
	potential VMware Workstation and VMware Player driver.

2010-08-11  Daniel Veillard  <veillard@redhat.com>

	allow memballoon type of none to desactivate it
	  The balloon device is automatically added to qemu guests if supported,
	but it may be useful to desactivate it. The simplest to not change the
	existing behaviour is to allow
	  <memballoon type="none"/>
	as an extra option to desactivate it (it is automatically added if the
	memballoon construct is missing for the domain).
	The following simple patch just adds the extra option and does not
	change the default behaviour but avoid creating a balloon device if
	type="none" is used.
	* docs/schemas/domain.rng: add the extra type attribute value
	* src/conf/domain_conf.c src/conf/domain_conf.h: add the extra enum
	  value
	* src/qemu/qemu_conf.c: if enum is NONE, don't activate the device,
	  i.e. don't pass the args to qemu/kvm

2010-08-11  Jiri Denemark  <jdenemar@redhat.com>

	Avoid unnecessary bootstrap runs in VPATH builds

2010-08-11  Doug Goldstein  <cardoe@gentoo.org>

	Add a detailed message when tap device add fails
	Added a more detailed error message when adding a tap devices fails and
	the kernel is missing tun support.

	Fix return value usage
	Fix the error checking to use the return value from brAddTap() instead
	of checking the current errno value which might have been changed by
	clean up calls inside of brAddTap().

2010-08-11  Eric Blake  <eblake@redhat.com>

	nodeinfo: skip offline CPUs
	https://bugzilla.redhat.com/622515 - When hot-unplugging CPUs,
	libvirt failed to start a guest that had been pinned to CPUs that
	were still online.
	Tested on a dual-core laptop, where I also discovered that, per
	http://www.cyberciti.biz/files/linux-kernel/Documentation/cpu-hotplug.txt,
	/sys/devices/system/cpu/cpu0/online does not exist on systems where it
	cannot be hot-unplugged.
	* src/nodeinfo.c (linuxNodeInfoCPUPopulate): Ignore CPUs that are
	currently offline.  Detect readdir failure.
	(parse_socket): Move guts...
	(get_cpu_value): ...to new function, shared with...
	(cpu_online): New function.

2010-08-10  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Hack around asynchronous device_del
	device_del command is not synchronous for PCI devices, it merely asks
	the guest to release the device and returns. If the host wants to use
	that device before the guest actually releases it, we are in big
	trouble. To avoid this, we already added a loop which waits up to 10
	seconds until the device is actually released before we do anything else
	with that device. But we only added this loop for managed PCI devices
	before we try reattach them back to the host.
	However, we need to wait even for non-managed devices. We don't reattach
	them automatically, but we still want to prevent the host from using it.
	This was revealed thanks to sVirt: when we relabel sysfs files
	corresponding to the PCI device before the guest finished releasing the
	device, qemu is no longer allowed to access those files and if it wants
	(as a result of guest's request) to write anything to them, it just
	exits, which kills the guest.
	This is not a proper fix and needs some further work both on libvirt and
	qemu side in the future.

2010-08-10  Eric Blake  <eblake@redhat.com>

	maint: update an email address preference
	* AUTHORS (Soren Hansen): Update address.
	* .mailmap: Alias other addresses to new preference.

2010-08-10  Diego Elio Pettenò  <flameeyes@gmail.com>

	build-sys: only build the test programs during the check phase.
	This avoids building the tests when testing libvirt is not the aim.

2010-08-10  Soren Hansen  <soren@linux2go.dk>

	Add "ubd" to the list of disk prefixes
	virDiskNameToIndex has a list of disk name prefixes that it uses in the
	process of finding the disk's index. This list is missing "ubd" which
	is the disk prefix used for UML domains.

2010-08-10  Daniel Veillard  <veillard@redhat.com>

	Extend virSocketParseAddr() to allow a NULL result pointer
	That way it can be used to verify a numeric address without storing
	the details
	* src/util/network.c: change virSocketParseAddr to allow a null @addr
	  parameter

2010-08-10  Philipp Hahn  <hahn@univention.de>

	bootloader_args is named bootargs in xen-xm
	According to <xen-3.4.3/tools/python/xen/xm/create.py:158>
		gopts.var('bootargs', val='NAME',
				  fn=set_value, default=None,
				  use="Arguments to pass to boot loader")
	the "bootloader_args" parameter needs to be translated into "bootargs"
	when using "virsh domxml-to-native xen-xm".
	The reverse direction (domxml-from-native) is already okay.
	This patch fixes domxml-to-native and adds two test files to catch this
	problem.

2010-08-06  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: refactor phypListDomainsGeneric to eliminate buffer overflow
	src/phyp/phyp_driver.c:phypListDomainsGeneric was crashing due to a buffer
	overflow if any line returned from virRun wasn't <=10 characters.
	Since virStrToLong_i recognizes any non-numeric as a terminator (not
	just NULL), there actually is no need to copy the number into a
	separate string anyway, so this patch eliminates that copy, the fixed
	length buffer, and therefore the potential to overflow.
	This change also provided the oppurtunity to eliminate the character
	counting loop, instead using the return from virStrToLong_i to point
	past the end of the number, then simply skip the \n to get to the
	next.

2010-08-06  Justin Clift  <jclift@redhat.com>

	docs: fix an incorrect keyword in updated hooks page

2010-08-06  Diego Elio Pettenò  <flameeyes@gmail.com>

	build-sys: fix build when daemon is disabled by not installing libvirtd.8
	Since the rule to build libvirtd.8 is within the WITH_LIBVIRTD conditional,
	so declare the man page in there as well. Without this change, build
	without daemon will fail.

2010-08-06  Justin Clift  <jclift@redhat.com>

	docs: significant expansion of custom hook script information

2010-08-06  Doug Goldstein  <cardoe@gentoo.org>

	Fix return value usage
	Fix the error checking to use the return value from brAddTap() instead
	of checking the current errno value which might have been changed by
	clean up calls inside of brAddTap().

	qemu: improve error if tun device is missing
	Added a more detailed error message when adding a tap devices fails and
	the kernel is missing tun support.

2010-08-05  Eric Blake  <eblake@redhat.com>

	build: rerun bootstrap if po/Makevars got nuked
	There has been a frequent complaint of:
	make[2]: Entering directory `/home/remote/eblake/libvirt/po'
	make[2]: *** No rule to make target `/config.status', needed by `Makefile'.  Stop.
	It happens after nuking and regenerating the po directory,
	which is a common action after running anything like
	'make dist' or 'make rpm' that dirties all the .po files.
	Teach autogen.sh that it must regenerate po/Makevars to avoid
	the missing variable declaration, and teach cfg.mk to recognize
	that a nuked po directory is cause to rerun autogen.sh.
	* cfg.mk (_update_required): Check for po/Makevars.
	* autogen.sh (bootstrap): Run bootstrap if it got lost.
	Diagnosed by Justin Clift.

2010-08-05  Daniel Veillard  <veillard@redhat.com>

	Do not use boot=on on IDE device
	the followup on the boot=on problem, basically it's not needed to
	specify it when booting out of IDE devices when using KVM
	* src/qemu/qemu_conf.c: do not use boot=on for IDE devices
	* tests/qemuxml2argvdata/qemuxml2argv*.args: this changes the output
	  for 5 of the tests

2010-08-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.3
	* configure.ac docs/news.html.in libvirt.spec.in: updates
	* po/*.po*: update and regenerated

2010-08-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix PCI address allocation
	Patch version revamped by Eric Blake <eblake@redhat.com> of Jiri
	Denemark <jdenemar@redhat.com> original patch
	When attaching a PCI device which doesn't explicitly set its PCI
	address, libvirt allocates the address automatically. The problem is
	that when checking which PCI address is unused, we only check for those
	with slot number higher than the highest slot number ever used.
	Thus attaching/detaching such device several times in a row (31 is the
	theoretical limit, less then 30 tries are enough in practise) makes any
	further device attachment fail. Furthermore, attaching a device with
	predefined PCI address to 0:0:31 immediately forbids attachment of any
	PCI device without explicit address.
	This patch changes the logic so that we always check all PCI addresses
	before we say there is no PCI address available.
	Modifications from v1: revert back to remembering the last slot
	reserved, but allow wraparound to not be limited by the end.
	In this way, slots are still assigned in the same order as
	before the patch, rather than filling in the gaps closest to
	0 and risking making windows guests mad.
	* src/qemu/qemu_conf.c: fix pci reservation code to do a round-robbin
	  check of all available PCI splot availability before failing.

2010-08-04  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	OpenVZ: implement suspend/resume driver APIs
	* src/openvz/openvz_driver.c: implements openvzDomainSuspend and
	  openvzDomainResume

2010-08-03  Laine Stump  <laine@laine.org>

	Don't leak delay string when freeing virInterfaceBridgeDefs

	Fix build error in virsh.c
	Another gettext string with no format args sent to printf as a format string.

2010-08-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Set storage pool target path to host.mountInfo.path
	Now all storage pool types expose the target path.

	esx: Make storage pool lookup by name and UUID more robust
	Don't rely on summary.url anymore, because its value is different
	between an esx:// and vpx:// connection. Use host.mountInfo.path
	instead.
	Don't fallback to lookup by UUID (actually lookup by absolute path)
	in esxVI_LookupDatastoreByName when lookup by name fails. Add a
	seperate function for this: esxVI_LookupDatastoreByAbsolutePath

	esx: Restrict vpx:// to handle a single host in a vCenter
	Now a vpx:// connection has an explicitly specified host. This
	allows to enabled several functions for a vpx:// connection
	again, like host UUID, hostname, general node info, max vCPU
	count, free memory, migration and defining new domains.
	Lookup datacenter, compute resource, resource pool and host
	system once and cache them. This simplifies the rest of the
	code and reduces overall HTTP(S) traffic a bit.
	esx:// and vpx:// can be mixed freely for a migration.
	Ensure that migration source and destination refer to the
	same vCenter. Also directly encode the resource pool and
	host system object IDs into the migration URI in the prepare
	function. Then directly build managed object references in
	the perform function instead of re-looking up already known
	information.

	esx: Map some managed object types
	Datacenter, ComputeResource and HostSystem will be used for
	simplified handling and caching.

	esx: Parse the path of the URI
	The path will be used to specify the datacenter, compute resource
	and host system to be used with a vpx:// connection.

2010-08-03  Eric Blake  <eblake@redhat.com>

	qemu: don't lose error on setting monitor capabilities
	Spotted by clang.  Regression introduced in commit e72cc3c11d.
	* src/qemu/qemu_driver.c (qemuConnectMonitor): Don't lose error status.

	build: avoid compiler warning, for real this time
	* tools/virsh.c (vshParseArgv): Drop spurious argument to printf.

	Fix virsh error message when -d arg is not numeric

2010-08-03  Daniel Veillard  <veillard@redhat.com>

	Add Aurelien to AUTHORS

2010-08-03  Aurelien ROUGEMONT  <beorn@binaries.fr>

	Fix a couple of typo in iSCSI backend
	- a pure typo error and a wrong command referenced in an error message.

2010-08-03  Daniel Veillard  <veillard@redhat.com>

	Make virsh -d check its input
	it was using atoi direct without checking leading to confusion
	in case of flag error for example with -c
	* tools/virsh.c: vshParseArgv() use virStrToLong_i and remove the
	  unchecked atoi used to parse teh parameter

2010-08-02  Laine Stump  <laine@redhat.com>

	Add iptables rule to fixup DHCP response checksum.
	This patch attempts to take advantage of a newly added netfilter
	module to correct for a problem with some guest DHCP client
	implementations when used in conjunction with a DHCP server run on the
	host systems with packet checksum offloading enabled.
	The problem is that, when the guest uses a RAW socket to read the DHCP
	response packets, the checksum hasn't yet been fixed by the IP stack,
	so it is incorrect.
	The fix implemented here is to add a rule to the POSTROUTING chain of
	the mangle table in iptables that fixes up the checksum for packets on
	the virtual network's bridge that are destined for the bootpc port (ie
	"dhcpc", ie port 68) port on the guest.
	Only very new versions of iptables will have this support (it will be
	in the next upstream release), so a failure to add this rule only
	results in a warning message. The iptables patch is here:
	  http://patchwork.ozlabs.org/patch/58525/
	A corresponding kernel module patch is also required (the backend of
	the iptables patch) and that will be in the next release of the
	kernel.

2010-08-02  Chris Lalancette  <clalance@redhat.com>

	Fix the ACS checking in the PCI code.
	When trying to assign a PCI device to a guest, we have
	to check that all bridges upstream of that device support
	ACS.  That means that we have to find the parent bridge of
	the current device, check for ACS, then find the parent bridge
	of that device, check for ACS, etc.  As it currently stands,
	the code to do this iterates through all PCI devices on the
	system, looking for a device that has a range of busses that
	included the current device's bus.
	That check is not restrictive enough, though.  Depending on
	how we iterated through the list of PCI devices, we could first
	find the *topmost* bridge in the system; since it necessarily had
	a range of busses including the current device's bus, we
	would only ever check the topmost bridge, and not check
	any of the intermediate bridges.
	Note that this also caused a fairly serious bug in the
	secondary bus reset code, where we could erroneously
	find and reset the topmost bus instead of the inner bus.
	This patch changes pciGetParentDevice() so that it first
	checks if a bridge device's secondary bus exactly matches
	the bus of the device we are looking for.  If it does, we've
	found the correct parent bridge and we are done.  If it does not,
	then we check to see if this bridge device's busses *include* the
	bus of the device we care about.  If so, we mark this bridge device
	as best, and go on.  If we later find another bridge device whose
	busses include this device, but is more restrictive, then we
	free up the previous best and mark the new one as best.  This
	algorithm ensures that in the normal case we find the direct
	parent, but in the case that the parent bridge secondary bus
	is not exactly the same as the device, we still find the
	correct bridge.
	This patch was tested by me on a 4-port NIC with a
	bridge without ACS (where assignment failed), a 4-port
	NIC with a bridge with ACS (where assignment succeeded),
	and a 2-port NIC with no bridges (where assignment
	succeeded).

	Free up memballoon def.
	Forgetting to do this was causing a memory leak.

	Don't put a semicolon on the end of a VIR_ENUM_IMPL.

	Fix a bogus warning when parsing <hostdev>
	When parsing hostdev, the following message would be emitted:
	10:17:19.052: error : virDomainHostdevDefParseXML:3748 : internal error unknown node alias
	However, alias is appropriately parsed in
	virDomainDeviceInfoParseXML anyway.  Disable the error message
	in the initial XML parsing loop.

2010-08-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Remove duplicate </p> from downloads.html.in

2010-07-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	Update ID after stopping a domain

2010-07-31  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	openvzDomainCreateWithFlags: set domain id to the correct value
	When an openvz domain is defined with virDomainDefineXML,
	domain id is set to -1. A call to virDomainGetInfo after
	starting the domain would then fail because this invalid
	id is passed to openvzGetProcessInfo.

2010-07-31  Eric Blake  <eblake@redhat.com>

	storage: kill dead stores
	Found by clang.  Clang complained that virStorageBackendProbeTarget
	could dereference NULL if backingStoreFormat was NULL, but since all
	callers passed a valid pointer, I added attributes instead of null
	checks.
	* src/storage/storage_backend.c
	(virStorageBackendQEMUImgBackingFormat): Kill dead store.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.  Skip null checks, by adding attributes.

	qemu: kill some dead stores
	Spotted by clang.
	* src/qemu/qemu_monitor.c (qemuMonitorClose): Kill dead store.
	* src/qemu/qemu_driver.c (qemudDomainSaveImageStartVM): Likewise.

	network: kill dead store
	* src/network/bridge_driver.c (networkDefine): Kill dead store.

2010-07-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	xenapi: Update ID after starting a domain

	esx: Update ID after starting a domain

2010-07-30  Chris Lalancette  <clalance@redhat.com>

	Fix DMI uuid parsing.
	valgrind was complaining that virUUIDParse was depending on
	an uninitialized value.  Indeed it was; virSetHostUUIDStr()
	didn't initialize the dmiuuid buffer to 0's, meaning that
	anything after the string read from /sys was uninitialized.
	Clear out the dmiuuid buffer before use, and make sure to
	always leave a \0 at the end.

2010-07-30  Daniel Veillard  <veillard@redhat.com>

	Do not activate boot=on on devices when not using KVM
	  Basically the 'boot=on' boot selection device is something present in
	KVM but not in upstream QEmu, as a result if we boot a QEmu domain
	without KVM acceleration we must disable boot=on ... even if the front
	end kvm binary expose that capability in the help page.
	* src/qemu/qemu_conf.c: in qemudBuildCommandLine if -no-kvm
	  is passed, then deactivate QEMUD_CMD_FLAG_DRIVE_BOOT

2010-07-30  Chris Lalancette  <clalance@redhat.com>

	Fix a memory leak in the qemudBuildCommandLine.
	ADD_ARG_LIT should only be used for literal arguments,
	since it duplicates the memory.  Since virBufferContentAndReset
	is already allocating memory, we should only use ADD_ARG.

2010-07-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix freeing of heterogeneous lists
	Always call the free function of the base type. The base type
	function then dynamically dispatches the call to the free function
	for the actual type.

	esx: Switch from name to number checks in the subdrivers

	esx: Improve blocked task detection and fix race condition
	esxVI_WaitForTaskCompletion can take a UUID to lookup the
	corresponding domain and check if the current task for it
	is blocked by a question. It calls another function to do
	this: esxVI_LookupAndHandleVirtualMachineQuestion looks up
	the VirtualMachine and checks for a question. If there is
	a question it calls esxVI_HandleVirtualMachineQuestion to
	handle it.
	If there was no question or it has been answered the call
	to esxVI_LookupAndHandleVirtualMachineQuestion returns 0.
	If any error occurred during the lookup and answering
	process -1 is returned. The problem with this is, that -1
	is also returned when there was no error but the question
	could not be answered. So esxVI_WaitForTaskCompletion cannot
	distinguish between this two situations and reports that a
	question is blocking the task even when there was actually
	another problem.
	This inherent problem didn't surface until vSphere 4.1 when
	you try to define a new domain. The driver tries to lookup
	the domain that is just in the process of being registered.
	There seems to be some kind of race condition and the driver
	manages to issue a lookup command before the ESX server was
	able to register the domain. This used to work before.
	Due to the return value problem described above the driver
	reported a false error message in that case.
	To solve this esxVI_WaitForTaskCompletion now takes an
	additional occurrence parameter that describes whether or
	not to expect the domain to be existent. Also add a new
	parameter to esxVI_LookupAndHandleVirtualMachineQuestion
	that allows to distinguish if the call returned -1 because
	of an actual error or because the question could not be
	answered.

2010-07-30  Eric Blake  <eblake@redhat.com>

	esx: silence spurious compiler warning
	* src/esx/esx_vi_types.c (_DESERIALIZE_NUMBER)
	(ESX_VI__TEMPLATE__DESERIALIZE_NUMBER): Add range check to shut up
	gcc 4.5.0 regarding long long.

	build: distribute libvirt_qemu.syms
	* src/Makefile.am (EXTRA_DIST): Ensure 'make distcheck' and
	'rpmbuild' can reproduce a build.
	* daemon/Makefile.am (DAEMON_SOURCES): Likewise.

	build: restore operation of bit-rotted 'make cov'
	'./autobuild.sh' with lcov installed discovered that our
	coverage support has been bit-rotting for a while.  This
	restores it back to a successful state, although I have
	not yet spent any time looking through the resulting files to
	look for low-hanging fruit in the unit test coverage front.
	* configure.ac: Clear COMPILER_FLAGS at right place.
	* Makefile.am (cov): Newer genhtml no longer likes plain -s.
	* m4/compiler-flags.m4 (gl_COMPILER_FLAGS): Don't AC_SUBST
	COMPILER_FLAGS; it is a shell variable for use in configure only.
	* src/Makefile.am (AM_CFLAGS, AM_LDFLAGS): New variables, to make
	it easier to provide global flag additions.  Use throughout, to
	uniformly apply coverage flags.
	* .gitignore: Globally ignore gcov output.
	* daemon/.gitignore: Simplify.
	* src/.gitignore: Likewise.
	* tests/.gitignore: Likewise.

	xen: fix logic bug
	The recent switch to enable -Wlogical-op paid off again.
	gcc 4.5.0 (rawhide) is smarter than 4.4.4 (Fedora 13).
	* src/xen/xend_internal.c (xenDaemonAttachDeviceFlags)
	(xenDaemonUpdateDeviceFlags, xenDaemonDetachDeviceFlags): Use
	correct operator.

	build: fix 'make syntax-check' failure
	src/lxc/veth.c:150:        VIR_DEBUG(_("Failed to delete '%s' (%d)"),
	src/lxc/veth.c:188:            VIR_DEBUG(_("Failed to disable '%s' (%d)"),
	maint.mk: do not mark these strings for translation
	* src/lxc/veth.c (vethDelete, vethInterfaceUpOrDown): Don't
	translate VIR_DEBUG.

2010-07-30  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: Fix return values of veth.c functions
	Previously, the functions in src/lxc/veth.c could sometimes return
	positive values on failure rather than -1. This made accurate error
	reporting difficult, and led to one failure to catch an error in a
	calling function.
	This patch makes all the functions in veth.c consistently return 0 on
	success, and -1 on failure. It also fixes up the callers to the veth.c
	functions where necessary.
	Note that this patch may be related to the bug:
	  https://bugzilla.redhat.com/show_bug.cgi?id=607496.
	It will not fix the bug, but should unveil what happens.
	* po/POTFILES.in - add veth.c, which previously had no translatable strings
	* src/lxc/lxc_controller.c
	* src/lxc/lxc_container.c
	* src/lxc/lxc_driver.c    - fixup callers to veth.c, and remove error logs,
	                            as they are now done in veth.c
	* src/lxc/veth.c - make all functions consistently return -1 on error.
	* src/lxc/veth.h - use ATTRIBUTE_NONNULL to protect against NULL args.

2010-07-30  Laine Stump  <laine@redhat.com>

	Eliminate memory leak in xenUnifiedDomainInfoListFree
	This fixes a leak described in
	   https://bugzilla.redhat.com/show_bug.cgi?id=590073
	xenUnifiedDomainInfoList has a pointer to a list of pointers to
	xenUnifiedDomain. We were freeing up all the domains, but neglecting
	to free the list.
	This was found by Paolo Bonzini <pbonzini@redhat.com>.

2010-07-29  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: Fix 'autostart' doesn't take effect actually
	lxcStartup forgot to call lxcAutostartConfigs. Fix it.
	This patch should fix https://bugzilla.redhat.com/show_bug.cgi?id=589863 .

2010-07-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix --with-xen-proxy related compile error
	Move virDomainChrTargetTypeToString out of the #ifndef PROXY
	block, because it's used outside of it.

2010-07-29  Chris Lalancette  <clalance@redhat.com>

	Fix a potential race in pciInitDevice.
	If detecting the FLR flag of a pci device fails, then we
	could run into the situation of trying to close a file
	descriptor twice, once in pciInitDevice() and once in pciFreeDevice().
	Fix that by removing the pciCloseConfig() in pciInitDevice() and
	just letting pciFreeDevice() handle it.
	Thanks to Chris Wright for pointing out this problem.
	While we are at it, fix an error check.  While it would actually
	work as-is (since success returns 0), it's still more clear to
	check for < 0 (as the rest of the code does).

2010-07-29  Cole Robinson  <crobinso@redhat.com>

	qemu: virtio console support
	Enable specifying a virtio console device with:
	<console type='pty'>
	  <target type='virtio'/>
	</console>

	domain conf: Track <console> target type
	All <console> devices now export a <target> type attribute. QEMU defaults
	to 'serial', UML defaults to 'uml, xen can be either 'serial' or 'xen'
	depending on fullvirt. Understandably there is lots of test fallout.
	This will be used to differentiate between a serial vs. virtio console for
	QEMU.

	domain conf: char: Add an explicit targetType field
	targetType only tracks the actual <target> format we are parsing. Currently
	we only fill abide this value for channel devices.

	domain conf: Rename character prop targetType -> deviceType
	There is actually a difference between the character device type (serial,
	parallel, channel, ...) and the target type (virtio, guestfwd). Currently
	they are awkwardly conflated.
	Start to pull them apart by renaming targetType -> deviceType. This is
	an entirely mechanical change.

	docs: domain: Document virtio <channel>

	tests: Test qemuxml2xml when expected xml changes
	Add tests for auto memballon, implicit IDE, SCSI, virtio channel
	controllers, and console/serial back compat.
	Additionally, an explicit qemuxml2argvtest for scsi disks is added.

2010-07-28  Gerhard Stenzel  <gerhard.stenzel@de.ibm.com>

	fix handling of PORT_PROFILE_RESPONSE_INPROGRESS netlink message
	During function test of the 802.1Qbg implementation in lldpad we came
	across a small problem in the handling of the netlink message
	corresponding to PORT_PROFILE_RESPONSE_INPROGRESS. This should not
	result in returning the default rc=1.
	- src/util/macvtap.c: fix getPortProfileStatus() to return 0 in that
	  case and also fix an indentation problem

2010-07-28  Eric Blake  <eblake@redhat.com>

	maint: fix comment typos
	* src/network/bridge_driver.c
	(networkAddMasqueradingIptablesRules): Fix spelling and grammar.

2010-07-28  Chris Lalancette  <clalance@redhat.com>

	Fix up confusing indentation in qemudDomainAttachHostPciDevice.

2010-07-28  Eric Blake  <eblake@redhat.com>

	maint: turn on gcc logical-op checking
	This would have detected the bug in commit 38ad33931 (Aug 09), which
	we missed until commit f828ca35 (Jul 10); over 11 months later.
	However, on Fedora 13, it also triggers LOTS of warnings from
	the libcurl-devel header for two files:
	esx/esx_vi.c: In function 'esxVI_CURL_Perform':
	esx/esx_vi.c:232: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	esx/esx_vi.c:232: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	esx/esx_vi.c:232: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	...
	xenapi/xenapi_driver.c: In function 'call_func':
	xenapi/xenapi_driver.c:1872: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	xenapi/xenapi_driver.c:1872: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	xenapi/xenapi_driver.c:1872: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	...
	libcurl allows to disable the type-checking code that triggers those
	warnings, along with the reduction in type-safety of calls to some
	libcurl functions. I figure this is worth the improved compiler
	checking throughout the rest of libvirt.
	* acinclude.m4 (--enable-compile-warnings=error): Add -Wlogical-op.
	* configure.ac: Add -DCURL_DISABLE_TYPECHECK to LIBCURL_CFLAGS to
	avoid compilation warning.
	Suggested by Daniel P. Berrange.
	Tweaked by Matthias Bolte.

	libvirt-guests: add reload, condrestart
	Optional per LSB, but required by Fedora:
	https://fedoraproject.org/wiki/Packaging/SysVInitScript
	* daemon/libvirt-guests.init.in (main): Add more required
	commands.

	libvirt-guests: enhance status
	LSB and https://fedoraproject.org/wiki/Packaging/SysVInitScript
	require status to output something useful, rather than just use
	the exit code.
	* daemon/libvirt-guests.init.in (rh_status): Break into new routine,
	and provide output.
	(usage): Document status.

	libvirt-guests: detect invalid arguments
	Reject extra arguments.
	Return the correct status for unknown arguments, as mandated by
	https://fedoraproject.org/wiki/Packaging/SysVInitScript
	Add --help, as a permitted extension.
	* daemon/libvirt-guests.init.in (usage): New function.  Use it in
	more places, and return correct value.

2010-07-28  Daniel P. Berrange  <berrange@redhat.com>

	Invert logic for checking for QEMU disk cache options
	QEMU has had two different syntax for disk cache options
	 Old: on|off
	 New: writeback|writethrough|none
	QEMU recently added another 'unsafe' option which broke the
	libvirt check. We can avoid this & future breakage, if we
	do a negative check for the old syntax, instead of a positive
	check for the new syntax
	* src/qemu/qemu_conf.c: Invert cache option check

2010-07-28  Cole Robinson  <crobinso@redhat.com>

	qemu: Allow setting boot menu on/off
	Add a new element to the <os> block:
	  <bootmenu enable="yes|no"/>
	Which maps to -boot,menu=on|off on the QEMU command line.
	I decided to use an explicit 'enable' attribute rather than just make the
	bootmenu element boolean. This allows us to treat lack of a bootmenu element
	as 'use hypervisor default'.

	docs: Link wiki FAQ to main page
	Since DV recommended keeping the build instructions distributed with the
	source, move them from the old FAQ to the downloads page.

	qemu: Error on unsupported graphics config
	Throw an explicit error if multiple graphics devices are specified, or
	an unsupported type is specified (rdp).

2010-07-27  Jiri Denemark  <jdenemar@redhat.com>

	libvirt-guests: Don't throw errors if libvirtd is not installed
	When only client parts of libvirt are installed (i.e., no libvirtd
	daemon), libvirt-guests init script in its default configuration would
	throw seriously looking errors during host shutdown:
	Running guests on default URI: error: unable to connect to
	'/var/run/libvirt/libvirt-sock', libvirtd may need to be started: No
	such file or directory
	error: failed to connect to the hypervisor
	This patch changes the script to print rather harmless message in that
	situation:
	Running guests on default URI: libvirtd not installed; skipping this
	URI.

2010-07-27  Chris Lalancette  <clalance@redhat.com>

	Force FLR on for buggy SR-IOV devices.
	Some buggy PCI devices actually support FLR, but
	forget to advertise that fact in their PCI config space.
	However, Virtual Functions on SR-IOV devices are
	*required* to support FLR by the spec, so force has_flr
	on if this is a virtual function.

2010-07-27  Eric Blake  <eblake@redhat.com>

	build: fix VPATH builds
	After the recent libvirt-qemu library addition, VPATH builds fail with:
	  CC     libvirt_qemu_la-libvirt-qemu.lo
	In file included from ../../src/libvirt-qemu.c:29:
	../../include/libvirt/libvirt-qemu.h:17:22: error: libvirt.h: No such file or directory
	...
	  CCLD   libvirt-qmeu.la
	/usr/bin/ld: cannot open linker script file libvirt_qemu.syms: No such file or directory
	This fixes both issues (there are still some documentation VPATH issues,
	but those don't show up with 'make check').
	* configure.ac (LIBVIRT_QEMU_SYMBOL_FILE): While libvirt.syms is
	generated and lives in $(builddir), libvirt_qemu.syms is static
	and lives in $(srcdir).
	* include/libvirt/libvirt-qemu.h (includes): Pull in libvirt.h via
	the public location, since this is a public header.

2010-07-27  Chris Wright  <chrisw@redhat.com>

	pciResetDevice: use inactive devices to determine safe reset
	When doing a PCI secondary bus reset, we must be sure that there are no
	active devices on the same bus segment.  The active device tracking is
	designed to only track host devices that are active in use by guests.
	This ignores host devices that are actively in use by the host.  So the
	current logic will reset host devices.
	Switch this logic around and allow sbus reset when we are assigning all
	devices behind a bridge to the same guest at guest startup or as a result
	of a single attach-device command.
	* src/util/pci.h: change signature of pciResetDevice to add an
	  inactive devices list
	* src/qemu/qemu_driver.c src/xen/xen_driver.c: use (or not) the new
	  functionality of pciResetDevice() depending on the place of use
	* src/util/pci.c: implement the interface and logic changes

	qemudDomainAttachHostPciDevice refactor to use new helpers
	- src/qemu/qemu_driver.c: Eliminate code duplication by using the new
	  helpers qemuPrepareHostdevPCIDevices and qemuDomainReAttachHostdevDevices.
	  This reduces the number of open coded calls to pciResetDevice.

	Add helpers qemuPrepareHostdevPCIDevice and qemuDomainReAttachHostdevDevices
	- src/qemu/qemu_driver.c: These new helpers take hostdev list and count
	  directly rather than getting them indirectly from domain definition.
	  This will allow reuse for the attach-device case.

	qemuGetPciHostDeviceList take hostdev list directly
	- src/qemu/qemu_driver.c: Update qemuGetPciHostDeviceList to take a
	  hostdev list and count directly, rather than getting this indirectly
	  from domain definition. This will allow reuse for the attach-device case.

2010-07-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Support vSphere 4.1
	Also accept version > 4.1, but output a warning.

	esx: Add vpx:// scheme to allow direct connection to a vCenter
	Add a pointer to the primary context of a connection and use it in all
	driver functions that don't dependent on the context type. This includes
	almost all functions that deal with a virDomianPtr. Therefore, using
	a vpx:// connection allows you to perform all the usual domain related
	actions like start, destroy, suspend, resume, dumpxml etc.
	Some functions that require an explicitly specified ESX server don't work
	yet. This includes the host UUID, the hostname, the general node info, the
	max vCPU count and the free memory. Also not working yet are migration and
	defining new domains.

2010-07-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Don't ignore the vcenter query parameter
	Since 070f61002f47b602c15d1e4950a122ac9edefe1b the vcenter query
	parameter has been ignored, because the refactoring to use
	esxUtil_ParseQuery was incomplete. This effectively broke migration,
	because the vcenter query parameter is essential for a migration.

	esx: Add autodetection for the SCSI controller model
	This works for file-backed SCSI disk device with a datastore
	related source path.

	esx: Allow 'vmpvscsi' as SCSI controller model

	secaatest: Fix compilation
	Since 68719c4bddb85fbcc931a5b7d99ac7c8a0af09b0 virSecurityDriverStartup
	takes and additional parameter to control disk format probing.
	Pass false as third parameter.

	virt-aa-helper-test: Fix failure due to the new disk format probing option
	Commit 68719c4bddb85fbcc931a5b7d99ac7c8a0af09b0 added the disk format
	probing option. This makes virt-aa-helper-test fail because the domain
	config didn't specifiy the disk format and it didn't pass '-p 1' to
	virt-aa-helper to allow disk format probing.
	Specify the disk format in the domain config. Pass the '-p 1' option
	to virt-aa-helper for the test case with two disks. This way this test
	also covers this new option.

	virt-aa-helper: Make getopt accept the p option
	Commit 68719c4bddb85fbcc931a5b7d99ac7c8a0af09b0 added the
	p option to control disk format probing, but it wasn't added
	to the getopt_long optstring parameter.
	Add the p option to the getopt_long optstring parameter.

	virt-aa-helper: Fix return value of add_file_path
	Commit a8853344994a7c6aaca882a5e949ab5536821ab5 added this
	function and wrapped vah_add_file in it. vah_add_file may
	return -1, 0, 1. It returns 1 in case the call to valid_path
	detects a restricted file. The original code treated a return
	value != 0 as error. The refactored code treats a return
	value < 0 as error. This triggers segfault in virt-aa-helper
	and breaks virt-aa-helper-test for the restricted file tests.
	Make sure that add_file_path returns -1 on error.

	virt-aa-helper: Ignore open errors again
	virt-aa-helper used to ignore errors when opening files.
	Commit a8853344994a7c6aaca882a5e949ab5536821ab5 refactored
	the related code and changed this behavior. virt-aa-helper
	didn't ignore open errors anymore and virt-aa-helper-test
	fails.
	Make sure that virt-aa-helper ignores open errors again.

2010-07-24  Eric Blake  <eblake@redhat.com>

	qemu-api: avoid build failure
	* src/remote_protocol-structs: Tweak to match intentional type
	change (with no ABI change) in remote protocol.

2010-07-24  Chris Lalancette  <clalance@redhat.com>

	Add tests for the new Qemu namespace XML.
	Thanks to DV for knocking together the Relax-NG changes
	quickly for me.
	Changes since v1:
	 - Change the domain.rng to correspond to the new schema
	 - Don't allocate caps->ns in testQemuCapsInit since it is a static table
	Changes since v2:
	 - Change domain.rng to add restrictions on allowed environment names
	Changes since v3:
	 - Remove a bogus comment in the tests

	Qemu remote protocol.
	Since we are adding a new "per-hypervisor" protocol, we
	make it so that the qemu remote protocol uses a new
	PROTOCOL and PROGRAM number.  This allows us to easily
	distinguish it from the normal REMOTE protocol.
	This necessitates changing the proc in remote_message_header
	from a "remote_procedure" to an "unsigned", which should
	be the same size (and thus preserve the on-wire protocol).
	Changes since v1:
	 - Fixed up a couple of script problems in remote_generate_stubs.pl
	 - Switch an int flag to a bool in dispatch.c
	Changes since v2:
	 - None
	Changes since v3:
	 - Change unsigned proc to signed proc, to conform to spec

	Qemu arbitrary monitor commands.
	Implement the qemu driver's virDomainQemuMonitorCommand
	and hook it into the API entry point.
	Changes since v1:
	 - Rename the (external) qemuMonitorCommand to qemuDomainMonitorCommand
	 - Add virCheckFlags to qemuDomainMonitorCommand
	Changes since v2:
	 - Drop ATTRIBUTE_UNUSED from the flags
	Changes since v3:
	 - Add a flag to priv so we only print out monitor command warning once.  Note
	   that this has not been plumbed into qemuDomainObjPrivateXMLFormat or
	   qemuDomainObjPrivateXMLParse, which means that if you run a monitor command,
	   restart libvirtd, and then run another monitor command, you may get an
	   an erroneous VIR_INFO.  It's a pretty minor matter, and I didn't think it
	   warranted the additional code.
	 - Add BeginJob/EndJob calls around EnterMonitor/ExitMonitor

	Qemu Monitor API entry point.
	Add the library entry point for the new virDomainQemuMonitorCommand()
	entry point.  Because this is not part of the "normal" libvirt API,
	it gets its own header file, library file, and will eventually
	get its own over-the-wire protocol later in the series.
	Changes since v1:
	 - Go back to using the virDriver table for qemuDomainMonitorCommand, due to
	   linking issues
	 - Added versioning information to the libvirt-qemu.so
	Changes since v2:
	 - None
	Changes since v3:
	 - Add LGPL header to libvirt-qemu.c
	 - Make virLibConnError and virLibDomainError macros instead of function calls
	Changes since v4:
	 - Move exported symbols to libvirt_qemu.syms

	Handle arbitrary qemu command-lines in qemuParseCommandLine.
	Now that we have the ability to specify arbitrary qemu
	command-line parameters in the XML, use it to handle unknown
	command-line parameters when doing a native-to-xml conversion.
	Changes since v1:
	 - Rename num_extra to num_args
	 - Fix up a memory leak on an error path
	Changes since v2:
	 - Add a VIR_WARN when adding the argument via qemu:arg
	Changes since v3:
	 - None

	Qemu arbitrary command-line arguments.
	Implement the qemu hooks for XML namespace data.  This
	allows us to specify a qemu XML namespace, and then
	specify:
	<qemu:commandline>
	 <qemu:arg value='arg'/>
	 <qemu:env name='name' value='value'/>
	</qemu:commandline>
	In the domain XML.
	Changes since v1:
	 - Change the <qemu:arg>arg</qemu:arg> XML to <qemu:arg value='arg'/> XML
	 - Fix up some memory leaks in qemuDomainDefNamespaceParse
	 - Rename num_extra and extra to num_args and args, respectively
	 - Fixed up some error messages
	 - Make sure to escape user-provided data in qemuDomainDefNamespaceFormatXML
	Changes since v2:
	 - Add checking to ensure environment variable names are valid
	 - Invert the logic in qemuDomainDefNamespaceFormatXML to return early
	Changes since v3:
	 - Change strspn() to c_isalpha() check of first letter of environment variable

	Add namespace callback hooks to domain_conf.
	This patch adds namespace XML parsers to be hooked into
	the main domain parser.  This allows for individual hypervisor
	drivers to add per-namespace XML into the main domain XML.
	Changes since v1:
	 - Use a statically declared table for caps->ns, removing the need to
	   allocate/free it.
	Changes since v2:
	 - None
	Changes since v3:
	 - None

2010-07-24  Philipp Hahn  <hahn@univention.de>

	Fix SEGV on exit after domainEventDeregister()
	When the last callback is removed using domainEventDeregister(), the
	events dispatcher is deregistered from the C-library, but
	domainEventsCallbacks is still an empty list.
	On shutdown __del__() deregisters the dispatacher again, which SEGVs
		# You need the event-loop implementation from the Python examples;
		# give the file a name which is importable by Python.
		ln examples/domain-events/events-python/event-test.py eloop.py
		python -c 'from eloop import *
		import sys
		def dump(*args): print " ".join(map(str, args))
		virEventLoopPureStart()
		c = libvirt.open("xen:///")
		c.domainEventRegister(dump, None)
		c.domainEventDeregister(dump)
		sys.exit(0)'
	domainEventDeregister() needs to delete domainEventCallbacks so subsequent
	calls to __del__() and domainEventRegister() choose the right code paths.
	Setting it to None is not enough, since calling domainEventRegiser() again
	would trigger an TypeError.

2010-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix .mailmap after accidental wrong committer address

2010-07-23  Chris Wright  <chrisw@redhat.com>

	pciSharesBusWithActive fails to find multiple devices on bus
	The first conditional is always true which means the iterator will
	never find another device on the same bus.
	    if (dev->domain != check->domain ||
	        dev->bus != check->bus ||
	  ----> (check->slot == check->slot &&
	         check->function == check->function)) <-----
	The goal of that check is to verify that the device is either:
	  in a different pci domain
	  on a different bus
	  is the same identical device
	This means libvirt may issue a secondary bus reset when there are
	devices
	on that bus that actively in use by the host or another guest.
	* src/util/pci.c: fix a bogus test in pciSharesBusWithActive()

2010-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix incorrect use of private data in remote driver
	The remote driver is using the wrong privateData field in
	a couple of functions. THis is harmless for stateful
	drivers like QEMU/UML/LXC, but will crash with Xen
	* src/remote/remote_driver.c: Fix use of privateData field

	Set a stable & high MAC addr for guest TAP devices on host
	A Linux software bridge will assume the MAC address of the enslaved
	interface with the numerically lowest MAC addr. When the bridge
	changes MAC address there is a period of network blackout, so a
	change should be avoided. The kernel gives TAP devices a completely
	random MAC address. Occassionally the random TAP device MAC is lower
	than that of the physical interface (eth0, eth1etc) that is enslaved,
	causing the bridge to change its MAC.
	This change sets an explicit MAC address for all TAP devices created
	using the configured MAC from the XML, but with the high byte set
	to 0xFE. This should ensure TAP device MACs are higher than any
	physical interface MAC.
	* src/qemu/qemu_conf.c, src/uml/uml_conf.c: Pass in a MAC addr
	  for the TAP device with high byte set to 0xFE
	* src/util/bridge.c, src/util/bridge.h: Set a MAC when creating
	  the TAP device to override random MAC

	Fix PCI address assignment if no IDE controller is present
	The PCI slot 1 must be reserved at all times, since PIIX3 is
	always present, even if no IDE device is in use for guest disks
	* src/qemu/qemu_conf.c: Always reserve slot 1 for PIIX3

2010-07-23  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: force kill of init process by sending SIGKILL if needed
	Init process may remain after sending SIGTERM for some reason.
	For example, if original init program is used, it is definitely
	not killed by SIGTERM.
	* src/lxc/lxc_controller.c: kill with SIGKILL if SIGTERM wasn't
	  sufficient

2010-07-22  Laine Stump  <laine@laine.org>

	Remove erroneous setting of return value to errno.
	One error exit in virStorageBackendCreateBlockFrom was setting the
	return value to errno. The convention for volume build functions is to
	return 0 on success or -1 on failure. Not only was it not necessary to
	set the return value (it defaults to -1, and is set to 0 when
	everything has been successfully completed), in the case that some
	caller were checking for < 0 rather than != 0, they would incorrectly
	believe that it completed successfully.

	Change virDirCreate to return -errno on failure.
	virDirCreate also previously returned 0 on success and errno on
	failure. This makes it fit the recommended convention of returning 0
	on success, -errno (ie a negative number) on failure.

	Make virStorageBackendCopyToFD return -errno.
	Previously virStorageBackendCopyToFD would simply return -1 on
	error. This made the error return from one of its callers inconsistent
	(createRawFileOpHook is supposed to return -errno, but if
	virStorageBackendCopyToFD failed, createRawFileOpHook would just
	return -1). Since there is a useful errno in every case of error
	return from virStorageBackendCopyToFD, and since the other uses of
	that function ignore the return code (beyond simply checking to see if
	it is < 0), this is a safe change.

	Change virFileOperation to return -errno (ie < 0) on error.
	virFileOperation previously returned 0 on success, or the value of
	errno on failure. Although there are other functions in libvirt that
	use this convention, the preferred (and more common) convention is to
	return 0 on success and -errno (or simply -1 in some cases) on
	failure. This way the check for failure is always (ret < 0).
	* src/util/util.c - change virFileOperation and virFileOperationNoFork to
	                    return -errno on failure.
	* src/storage/storage_backend.c, src/qemu/qemu_driver.c
	  - change the hook functions passed to virFileOperation to return
	    -errno on failure.

2010-07-21  Daniel P. Berrange  <berrange@redhat.com>

	Document the memory balloon device
	* formatdomain.html.in: Document <memballoon> element

	Re-arrange PCI device address assignment to match QEMU's default
	To try and ensure that people upgrading from old QEMU get guests
	with the same PCI device ordering, change the way we assign addrs
	to match QEMU's default order. This should make Windows less
	annoyed.
	* src/qemu/qemu_conf.c: Follow QEMU's default PCI ordering
	  logic when assigning addresses
	* tests/*.args: Update for changed PCI addresses

2010-07-21  Daniel P. Berrange  <dan@berrange.com>

	Explicitly represent balloon device in XML and handle PCI address
	To allow compatibility with older QEMU PCI device slot assignment
	it is necessary to explicitly track the balloon device in the
	XML. This introduces a new device
	   <memballoon model='virtio|xen'/>
	It can also have a PCI address, auto-assigned if necessary.
	The memballoon will be automatically added to all Xen and QEMU
	guests by default.
	* docs/schemas/domain.rng: Add <memballoon> element
	* src/conf/domain_conf.c, src/conf/domain_conf.h: parsing
	  and formatting for memballoon device. Always add a memory
	  balloon device to Xen/QEMU if none exists in XML
	* src/libvirt_private.syms: Export memballoon model APIs
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Honour the
	  PCI device address in memory balloon device
	* tests/*: Update to test new functionality

	Rearrange VGA/IDE controller address reservation
	The first VGA and IDE devices need to have fixed PCI address
	reservations. Currently this is handled inline with the other
	non-primary VGA/IDE devices. The fixed virtio balloon device
	at slot 3, ensures auto-assignment skips the slots 1/2. The
	virtio address will shortly become configurable though. This
	means the reservation of fixed slots needs to be done upfront
	to ensure that they don't get re-used for other devices.
	This is more or less reverting the previous changeset:
	  commit 83acdeaf173b2a1206b755c1ab317cac36facd90
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Wed Feb 3 16:11:29 2010 +0000
	  Fix restore of QEMU guests with PCI device reservation
	The difference is that this time, instead of unconditionally
	reserving the address, we only reserve the address if it was
	initially type=none. Addresses of type=pci were handled
	earlier in process by qemuDomainPCIAddressSetCreate(). This
	ensures restore step doesn't have problems
	* src/qemu/qemu_conf.c: Reserve first VGA + IDE address
	  upfront

	Remove inappropriate use of VIR_ERR_NO_SUPPORT
	The VIR_ERR_NO_SUPPORT refers to an API which is not implemented.
	There is a separate VIR_ERR_CONFIG_UNSUPPORTED for XML config
	options that are not available with the current hypervisor.
	* src/qemu/qemu_conf.c, src/qemu/qemu_driver.c: Remove
	  many VIR_ERR_NO_SUPPORT replace with VIR_ERR_CONFIG_UNSUPPORTED

2010-07-21  Chris Lalancette  <clalance@redhat.com>

	Fix a NULL dereference in the case that the arg in question didn't exist.

2010-07-21  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus free of static strings
	Remove bogus free of statically allocated strings introduced
	in 03ca42046a54c5cfadb2e69194896abf06f6a10f
	* src/conf/capabilities.c: Don't free static strings for
	  default disk driver type/name

2010-07-20  Chris Lalancette  <clalance@redhat.com>

	Fix a deadlock in bi-directional p2p concurrent migration.
	If you try to execute two concurrent migrations p2p
	from A->B and B->A, the two libvirtd's will deadlock
	trying to perform the migrations.  The reason for this is
	that in p2p migration, the libvirtd's are responsible for
	making the RPC Prepare, Migrate, and Finish calls.  However,
	they are currently holding the driver lock while doing so,
	which basically guarantees deadlock in this scenario.
	This patch fixes the situation by adding
	qemuDomainObjEnterRemoteWithDriver and
	qemuDomainObjExitRemoteWithDriver helper methods.  The Enter
	take an additional object reference, then drops both the
	domain object lock and the driver lock.  The Exit takes
	both the driver and domain object lock, then drops the
	reference.  Adding calls to these Enter and Exit helpers
	around remote calls in the various migration methods
	seems to fix the problem for me in testing.
	This should make the situation safe. The additional domain
	object reference ensures that the domain object won't disappear
	while this operation is happening.  The BeginJob that is called
	inside of qemudDomainMigratePerform ensures that we can't execute a
	second migrate (or shutdown, or save, etc) job while the
	migration is active.  Finally, the additional check on the state
	of the vm after we reacquire the locks ensures that we can't
	be surprised by an external event (domain crash, etc).

	Make virsh setmaxmem balloon only when successful.
	After playing around with virsh setmaxmem for a bit,
	I ran into some surprising behavior; if a hypervisor does
	not support the virDomainSetMaxMemory() API, but the value
	specified for setmaxmem is less than the current amount
	of memory in the domain, the domain would be ballooned
	down *before* an error was reported.
	To make this more consistent, run virDomainSetMaxMemory()
	before trying to shrink; that way, if an error is thrown,
	no changes to the running domain are made.

	Use unsigned long in cmdSetmem.
	The virsh command "setmem" takes as input a number that
	should represent an unsigned long number of kilobytes.  Fix
	cmdSetmem to properly parse this as an unsigned long instead
	of an int.

2010-07-20  Laine Stump  <laine@laine.org>

	fsync new storage volumes even if new volume was copied.
	Originally the storage volume files were opened with O_DSYNC to make
	sure they were flushed to disk immediately. It turned out that this
	was extremely slow in some cases, so the O_DSYNC was removed in favor
	of just calling fsync() after all the data had been written. However,
	this call to fsync was inside the block that is executed to zero-fill
	the end of the volume file. In cases where the new volume is copied
	from an old volume, and they are the same length, this fsync would
	never take place.
	Now the fsync is *always* done, unless there is an error (in which
	case it isn't important, and is most likely inappropriate.

	Don't skip zero'ing end of volume file when inputvol is shorter than newvol
	A missing set of braces around an error condition caused us to skip
	zero'ing out the remainder of a new volume file if the new volume was
	longer than the original (the goto was supposed to be taken only in
	the case of error, but was always being taken).

2010-07-20  Chris Lalancette  <clalance@redhat.com>

	Always clear out the last_error in virshReportError.
	Otherwise you can get bogus "unknown error" printouts on
	subsequent commands.

	Fix up inconsistent virsh option error reporting.
	The virsh option error reporting was not being used
	consistently; some commands would spit out errors on
	missing required options while others would just silently fail.
	However, vshCommandOptString knows which ones are required
	and which ones aren't, so make it spit out an error where
	appropriate.  The rest of the patch is just cleaning up
	the uses of vshCommandOptString to deal with the new error
	reporting.

2010-07-20  Daniel P. Berrange  <berrange@redhat.com>

	Use the extract backing store format in storage volume lookup
	The storage volume lookup code was probing for the backing store
	format, instead of using the format extracted from the file
	itself. This meant it could report in accurate information. If
	a format is included in the file, then use that in preference,
	with probing as a fallback.
	* src/storage/storage_backend_fs.c: Use extracted backing store
	  format

	Rewrite qemu-img backing store format handling
	When creating qcow2 files with a backing store, it is important
	to set an explicit format to prevent QEMU probing. The storage
	backend was only doing this if it found a 'kvm-img' binary. This
	is wrong because plenty of kvm-img binaries don't support an
	explicit format, and plenty of 'qemu-img' binaries do support
	a format. The result was that most qcow2 files were not getting
	a backing store format.
	This patch runs 'qemu-img -h' to check for the two support
	argument formats
	  '-o backing_format=raw'
	  '-F raw'
	and use whichever option it finds
	* src/storage/storage_backend.c: Query binary to determine
	  how to set the backing store format

	Add ability to set a default driver name/type when parsing disks
	Record a default driver name/type in capabilities struct. Use this
	when parsing disks if value is not set in XML config.
	* src/conf/capabilities.h: Record default driver name/type for disks
	* src/conf/domain_conf.c: Fallback to default driver name/type
	  when parsing disks
	* src/qemu/qemu_driver.c: Set default driver name/type to raw

	Disable all disk probing in QEMU driver & add config option to re-enable
	Disk format probing is now disabled by default. A new config
	option in /etc/qemu/qemu.conf will re-enable it for existing
	deployments where this causes trouble

	Pass security driver object into all security driver callbacks
	The implementation of security driver callbacks often needs
	to access the security driver object. Currently only a handful
	of callbacks include the driver object as a parameter. Later
	patches require this is many more places.
	* src/qemu/qemu_driver.c: Pass in the security driver object
	  to all callbacks
	* src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c,
	  src/security/security_apparmor.c, src/security/security_driver.h,
	  src/security/security_selinux.c: Add a virSecurityDriverPtr
	  param to all security callbacks

	Convert all disk backing store loops to shared helper API
	Update the QEMU cgroups code, QEMU DAC security driver, SELinux
	and AppArmour security drivers over to use the shared helper API
	virDomainDiskDefForeachPath().
	* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
	  src/security/security_selinux.c, src/security/virt-aa-helper.c:
	  Convert over to use virDomainDiskDefForeachPath()

	Add an API for iterating over disk paths
	There is duplicated code which iterates over disk backing stores
	performing some action. Provide a convenient helper for doing
	this to eliminate duplication & risk of mistakes with disk format
	probing
	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/libvirt_private.syms: Add virDomainDiskDefForeachPath()

	Require format to be passed into virStorageFileGetMetadata
	Require the disk image to be passed into virStorageFileGetMetadata.
	If this is set to VIR_STORAGE_FILE_AUTO, then the format will be
	resolved using probing. This makes it easier to control when
	probing will be used
	* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
	  src/security/security_selinux.c, src/security/virt-aa-helper.c:
	  Set VIR_STORAGE_FILE_AUTO when calling virStorageFileGetMetadata.
	* src/storage/storage_backend_fs.c: Probe for disk format before
	  calling virStorageFileGetMetadata.
	* src/util/storage_file.h, src/util/storage_file.c: Remove format
	  from virStorageFileMeta struct & require it to be passed into
	  method.

2010-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Refactor virStorageFileGetMetadataFromFD to separate functionality
	The virStorageFileGetMetadataFromFD did two jobs in one. First
	it probed for storage type, then it extracted metadata for the
	type. It is desirable to be able to separate these jobs, allowing
	probing without querying metadata, and querying metadata without
	probing.
	To prepare for this, split out probing code into a new pair of
	methods
	  virStorageFileProbeFormatFromFD
	  virStorageFileProbeFormat
	* src/util/storage_file.c, src/util/storage_file.h,
	  src/libvirt_private.syms: Introduce virStorageFileProbeFormat
	  and virStorageFileProbeFormatFromFD

	Remove 'type' field from FileTypeInfo struct
	Instead of including a field in FileTypeInfo struct for the
	disk format, rely on the array index matching the format.
	Use verify() to assert the correct number of elements in the
	array.
	* src/util/storage_file.c: remove type field from FileTypeInfo

	Extract the backing store format as well as name, if available
	When QEMU opens a backing store for a QCow2 file, it will
	normally auto-probe for the format of the backing store,
	rather than assuming it has the same format as the referencing
	file. There is a QCow2 extension that allows an explicit format
	for the backing store to be embedded in the referencing file.
	This closes the auto-probing security hole in QEMU.
	This backing store format can be useful for libvirt users
	of virStorageFileGetMetadata, so extract this data and report
	it.
	QEMU does not require disk image backing store files to be in
	the same format the file linkee. It will auto-probe the disk
	format for the backing store when opening it. If the backing
	store was intended to be a raw file this could be a security
	hole, because a guest may have written data into its disk that
	then makes the backing store look like a qcow2 file. If it can
	trick QEMU into thinking the raw file is a qcow2 file, it can
	access arbitrary files on the host by adding further backing
	store links.
	To address this, callers of virStorageFileGetMeta need to be
	told of the backing store format. If no format is declared,
	they can make a decision whether to allow format probing or
	not.

	CVE-2010-2242 Apply a source port mapping to virtual network masquerading
	IPtables will seek to preserve the source port unchanged when
	doing masquerading, if possible. NFS has a pseudo-security
	option where it checks for the source port <= 1023 before
	allowing a mount request. If an admin has used this to make the
	host OS trusted for mounts, the default iptables behaviour will
	potentially allow NAT'd guests access too. This needs to be
	stopped.
	With this change, the iptables -t nat -L -n -v rules for the
	default network will be
	Chain POSTROUTING (policy ACCEPT 95 packets, 9163 bytes)
	 pkts bytes target     prot opt in     out     source               destination
	   14   840 MASQUERADE  tcp  --  *      *       192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
	   75  5752 MASQUERADE  udp  --  *      *       192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
	    0     0 MASQUERADE  all  --  *      *       192.168.122.0/24    !192.168.122.0/24
	* src/network/bridge_driver.c: Add masquerade rules for TCP
	  and UDP protocols
	* src/util/iptables.c, src/util/iptables.c: Add source port
	  mappings for TCP & UDP protocols when masquerading.

2010-07-17  Justin Clift  <jclift@redhat.com>

	man pages: update authors and copyright notice for libvirtd and virsh
	This patch removes the individual author names from the libvirtd and virsh
	man pages, instead referring to the main AUTHORS file distributed with
	libvirt.  This approach is needed, as we can't guarantee unicode support
	across all versions of pod2man used with libvirt.
	Additionally, this patch includes the libvirtd man page in the spec file
	used with "make rpm".  Without this patch "make rpm" is broken.

2010-07-16  Chris Lalancette  <clalance@redhat.com>

	Fix compile on i686.
	When printing out size_t, we need to use %zu to make sure it
	will continue to compile on both 32-bit and 64-bit platforms.

	Remove unused and bitrotting vshCommandOptStringList

	Remove error checking after using vshMalloc.
	vshMalloc and friends always exit() on allocation failure,
	so there is no reason to do checking for NULL in the code
	that uses it.

	Remove the "showerror" parameter from vshConnectionUsability.
	Nobody was using it anyway.

2010-07-16  David Allan  <dallan@redhat.com>

	RFC: Canonicalize block device paths
	There are many naming conventions for partitions associated with a
	block device.  Some of the major ones are:
	/dev/foo -> /dev/foo1
	/dev/foo1 -> /dev/foo1p1
	/dev/mapper/foo -> /dev/mapper/foop1
	/dev/disk/by-path/foo -> /dev/disk/by-path/foo-part1
	The universe of possible conventions isn't clear.  Rather than trying
	to understand all possible conventions, this patch divides devices
	into two groups, device mapper devices and everything else.  Device
	mapper devices seem always to follow the convention of device ->
	devicep1; everything else is canonicalized.

2010-07-15  Ryota Ozaki  <ozaki.ryota@gmail.com>

	daemon: dispatch.c should include stdio.h (and stdarg.h)
	dispatch.c requires stdio.h (and stdarg.h), however, currently
	dispatch.c implicitly relys on rpc/xdr.h to include stdio.h.
	If rpc/xdr.h unxpectedly does not include stdio.h, the compilation
	of dispatch.c fails.
	This can happen, for example, when portablexdr is installed
	under /usr/local; because portablexdr's rpc/xdr.h does not
	include stdio.h and gcc looks up it not /usr/include/rpc/xdr.h.
	Note that stdarg.h is also included according to man va_start,
	although stdio.h seems including it anyway.

2010-07-15  Jim Meyering  <meyering@redhat.com>

	uml_driver: correct logic error in umlMonitorCommand
	* src/uml/uml_driver.c (umlMonitorCommand): Correct flaw that would
	cause unconditional "incomplete reply ..." failure, since "nbytes"
	was always 0 or 1.

	qemuConnectMonitor: fix a bug that would have masked SELinux failure
	* src/qemu/qemu_driver.c (qemuConnectMonitor): Correct erroneous
	parenthesization in two expressions.  Without this fix, failure
	to set or clear SELinux security context in the monitor would go
	undiagnosed.  Also correct a diagnostic and split some long lines.

2010-07-14  Cole Robinson  <crobinso@redhat.com>

	python: Fix IOErrorReasonCallback bindings
	A copy and paste error was causing us to dispatch the incorrect
	routine. Spotted by Dan Kenigsberg.

	.gitignore: Ignore generated libvirtd docs

2010-07-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Make esxVI_*_Deserialize dynamically dispatched
	This will be used to deserialize the response from a call
	to esxVI_SearchDatastore_Task properly.

2010-07-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add openauth example to demonstrate a custom auth callback

2010-07-13  Laine Stump  <laine@redhat.com>

	Eliminate compiler warning due to gettext string with no format args

2010-07-13  Justin Clift  <jclift@redhat.com>

	docs: fix so generated .html files are removed with make clean

2010-07-13  Jiri Denemark  <jdenemar@redhat.com>

	cpuCompare: Fix crash on unexpected CPU XML
	When comparing a CPU without <model> element, such as
	    <cpu>
	        <topology sockets='1' cores='1' threads='1'/>
	    </cpu>
	libvirt would happily crash without warning.

	cpu: Fail when CPU type cannot be detected from XML
	When autodetecting whether XML describes guest or host CPU, the presence
	of <arch> element is checked. If it's present, we treat the XML as host
	CPU definition. Which is right, since guest CPU definitions do not
	contain <arch> element. However, if at the same time the root <cpu>
	element contains `match' attribute, we would silently ignore it and
	still treat the XML as host CPU. We should rather refuse such invalid
	XML.

	cpuCompare: Fix comparison of two host CPUs
	When a CPU to be compared with host CPU describes a host CPU instead of
	a guest CPU, the result is incorrect. This is because instead of
	treating additional features in host CPU description as required, they
	were treated as if they were mentioned with all possible policies at the
	same time.

	qemu: Use -nodefconfig when probing for CPU models
	In case qemu supports -nodefconfig, libvirt adds uses it when launching
	new guests. Since this option may affect CPU models supported by qemu,
	we need to use it when probing for available models.

	virsh: Fix man page syntax
	pod2man prints the following warning when generating virsh.1:
	    tools/virsh.pod:890: Unmatched =back

2010-07-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix potential crash in QEMU monitor JSON impl
	An indentation mistake meant that a check for return status
	was not properly performed in all cases. This could result
	in a crash on NULL pointer in a following line.
	* src/qemu/qemu_monitor_json.c: Fix check for return status
	  when processing JSON for blockstats

2010-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix build by removing unknown pod2man flag
	Some versions of pod2man do not support the -u flag, so this
	can't be used
	* daemon/Makefile.am: Remove -u flag from pod2man

	Ensure we return the callback ID in python events binding
	A missing return statement in the python binding meant that
	the callers could not get the callback ID, and thus not be
	able to unregister event callbacks
	* python/libvirt-override-virConnect.py: Add missing return
	  statement

2010-07-10  Justin Clift  <jclift@redhat.com>

	html docs: added firewall explanation page by daniel berrange

2010-07-09  Justin Clift  <jclift@redhat.com>

	libvirtd: add man page for libvirtd
	With gracious thanks to Chris Lalancette for helping knock the
	description section into shape.
	This addresses BZ #595350
	  https://bugzilla.redhat.com/show_bug.cgi?id=595350

2010-07-09  Justin Clift  <justin@salasaga.org>

	virsh: add new --details option to vol-list
	This patch adds a new --details option to the virsh vol-list
	command, making its output more useful when many luns are
	present.
	Addresses BZ # 605543
	  https://bugzilla.redhat.com/show_bug.cgi?id=605543

2010-07-09  Justin Clift  <jclift@redhat.com>

	authors: update my authors details

2010-07-08  Chris Lalancette  <clalance@redhat.com>

	Fix a compile error in the previous commit.

	Implement virsh managedsave-remove command.

2010-07-07  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Add new models from qemu's target-x86_64.conf

	cpu: Add support for CPU vendor
	By specifying <vendor> element in CPU requirements a guest can be
	restricted to run only on CPUs by a given vendor. Host CPU vendor is
	also specified in capabilities XML.
	The vendor is checked when migrating a guest but it's not forced, i.e.,
	guests configured without <vendor> element can be freely migrated.

	cpuBaseline: Detect empty set of common features
	In case the set of CPUs has no features in common, report incompatible
	CPUs instead of returning the simplest CPU model with all features
	disabled.

	cpuBaseline: Don't mess with the CPU returned by arch driver
	All features in the baseline CPU definition were always created with
	policy='require' even though an arch driver returned them with different
	policy settings.

	Make html docs in non-srcdir build

2010-07-05  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.2
	- configure.ac docs/news.html.in libvirt.spec.in: updated
	- po/*/o* : updated or.po and regenerated

2010-07-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Let configure detect/set the XPCOMC directory
	This allows the user to give an explicit path to configure
	  ./configure --with-vbox=/path/to/virtualbox
	instead of having the VirtualBox driver probe a set of possible
	paths at runtime. If no explicit path is specified then configure
	probes the set of "known" paths.
	https://bugzilla.redhat.com/show_bug.cgi?id=609185

2010-07-02  Cole Robinson  <crobinso@redhat.com>

	udev: Parse PCI devices even if libpciaccess fails
	We only use libpciaccess for resolving device product/vendor. If
	initializing the library fails (say if using qemu:///session), don't
	warn so loudly, and carry on as usual.

	qemu: Improve some qemu.conf error reporting
	Log some info if we can't find a config file. Make parse failures
	fatal, and actually raise an error message.

	util: virExec: Dispatch all errors raised after fork
	Any error message raised after the process has forked needs
	to be followed by virDispatchError, otherwise we have no chance of
	ever seeing it. This was selectively done for hook functions in the past,
	but really applies to all post-fork errors.

2010-06-30  Ryota Ozaki  <ozaki.ryota@gmail.com>

	cgroup: Fix compilation broken on MinGW due to dirent->d_type
	As pointed out by Eric Blake, using dirent->d_type breaks
	compilation on MinGW. This patch addresses this by using
	'#if defined' as same as doing for virCgroupForDriver.

2010-06-30  Justin Clift  <justin@salasaga.org>

	html docs: add link to PHP bindings by Radek Hladik

2010-06-30  Eric Blake  <eblake@redhat.com>

	virsh: tweak help output for VSH_OT_DATA
	https://bugzilla.redhat.com/show_bug.cgi?id=609044 complained
	that 'virsh help pool-create-as' didn't document the shortcut
	that you can do 'virsh pool-create-as $name $type --target $target'
	rather than having to supply the four optional source- arguments
	in order to fill out the necessary positional arguments.
	This one-liner changes the help output to hopefully make this more obvious:
	  NAME
	    pool-create-as - create a pool from a set of args
	  SYNOPSIS
	    pool-create-as <name> [--print-xml] <type> [<source-host>] [<source-path>] [<source-dev>] [<source-name>] [<target>] [--source-format <string>]
	  DESCRIPTION
	    Create a pool.
	  OPTIONS
	    [--name] <string>  name of the pool
	    --print-xml      print XML document, but don't define/create
	    [--type] <string>  type of the pool
	    [--source-host] <string>  source-host for underlying storage
	    [--source-path] <string>  source path for underlying storage
	    [--source-dev] <string>  source device for underlying storage
	    [--source-name] <string>  source name for underlying storage
	    [--target] <string>  target for underlying storage
	    --source-format <string>  format for underlying storage
	* tools/virsh.c (vshCmddefHelp): Make it more obvious that data
	arguments may, but not must, be specified by option leaders.

2010-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Avoid invoking the qemu monitor destroy callback if the constructor fails
	Some, but not all, codepaths in the qemuMonitorOpen() method
	would trigger the destroy callback. The caller does not expect
	this to be invoked if construction fails, only during normal
	release of the monitor. This resulted in a possible double-unref
	of the virDomainObjPtr, because the caller explicitly unrefs
	the virDomainObjPtr  if qemuMonitorOpen() fails
	* src/qemu/qemu_monitor.c: Don't invoke destroy callback from
	  qemuMonitorOpen() failure paths

2010-06-30  Ryota Ozaki  <ozaki.ryota@gmail.com>

	cgroup: Add missing errno == ENOENT check in virCgroupRemoveRecursively
	ENOENT happens normally when a subsystem is enabled with any other
	subsystems and the directory of the target group has already removed
	in a prior loop. In that case, the function should just return without
	leaving an error message.
	NB this is the same behavior as before introducing virCgroupRemoveRecursively.

2010-06-29  Chris Lalancette  <clalance@redhat.com>

	Fix crash when detaching devices from qemu domains.
	Make sure to *not* call qemuDomainPCIAddressReleaseAddr if
	QEMUD_CMD_FLAG_DEVICE is *not* set (for older qemu).  This
	prevents a crash when trying to do device detachment from
	a qemu guest.

	Check for active PCI devices when doing nodedevice operations.
	In the current libvirt PCI code, there is no checking whether
	a PCI device is in use by a guest when doing node device
	detach or reattach.  This causes problems when a device is
	assigned to a guest, and the administrator starts issuing
	nodedevice commands.  Make it so that we check the list
	of active devices when trying to detach/reattach, and only
	allow the operation if the device is not assigned to a guest.

2010-06-29  Justin Clift  <justin@salasaga.org>

	virsh: add new --details option to pool-list
	This patch adds a new --details option to the virsh pool-list
	command, making its output more useful to people who use virsh
	for significant lengths of time.
	Addresses BZ # 605543
	  https://bugzilla.redhat.com/show_bug.cgi?id=605543

2010-06-29  Eric Blake  <eblake@redhat.com>

	virFileResolveLink: guarantee an absolute path
	https://bugzilla.redhat.com/show_bug.cgi?id=608092
	* src/util/util.c (virFileResolveLink): Use
	canonicalize_file_name, rather than areadlink.

	phyp: don't steal storage management from other drivers
	Fix regression introduced in commit a4a287242 - basically, the
	phyp storage driver should only accept the same URIs that the
	main phyp driver is willing to accept.  Blindly accepting all
	URIs meant that the phyp storage driver was being consulted for
	'virsh -c qemu:///session pool-list --all', rather than the
	qemu storage driver, then since the URI was not for phyp, attempts
	to then use the phyp driver crashed because it was not initialized.
	* src/phyp/phyp_driver.c (phypStorageOpen): Only accept connections
	already open to a phyp driver.

2010-06-29  Laine Stump  <laine@redhat.com>

	Avoid calling virStorageFileIsSharedFS with NULL
	This code was just recently added (by me) and didn't account for the
	fact that stdin_path is sometimes NULL. If it's NULL, and
	SetSecurityAllLabel fails, a segfault would result.

2010-06-29  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: Fix virsh console doesn't work after restarting libvirtd
	Because tty path is unexpectedly not saved in the live configuration
	file of a domain, libvirtd cannot get the console of the domain back
	after restarting.
	The reason why the tty path isn't saved is that, to save the tty path,
	the save function, virDomainSaveConfig, requires that the target domain
	is running (pid != -1), however, lxc driver calls the function before
	starting the domain to pass the configuration to controller.
	To ensure to save the tty path, the patch lets lxc driver call the save
	function again after starting the domain.

	lxc: Fix error handlings in lxcContainerRenameAndEnableInterfaces
	The function is expected to return negative value on failure,
	however, it returns positive value when either setInterfaceName
	or vethInterfaceUpOrDown fails. Because the function returns
	the return value of either as is, however, the two functions
	may return positive value on failure.
	The patch fixes the defects and add error messages.

	lxc: Change VIR_ERROR to VIR_DEBUG for just a debugging message
	The message is actually not of error but of debugging.
	02:22:56.091: error : lxcControllerMain:316 : monitor=3 client=4 appPty=19 contPty=7

2010-06-28  Laine Stump  <laine@laine.org>

	Selectively ignore domainSetSecurityAllLabel failure in domain restore
	When the saved domain image is on an NFS share, at least some part of
	domainSetSecurityAllLabel will fail (for example, selinux labels can't
	be modified). To allow domain restore to still work in this case, just
	ignore the errors.

	use virStorageFileIsSharedFS utility function in qemudDomainSaveFlag
	Previously, this function had it's own bit of code performing the same
	function. Since there's now an equivalent utility function, let's use it.

	Enhance virStorageFileIsSharedFS
	virStorageFileIsSharedFS would previously only work if the entire path
	in question was stat'able by the uid of the libvirtd process. This
	patch changes it to crawl backwards up the path retrying the statfs
	call until it gets to a partial path that *can* be stat'ed.
	This is necessary to use the function to learn the fstype for files
	stored as a different user (and readable only by that user) on a
	root-squashed remote filesystem.

	Set proper selinux label on image file during qemu domain restore
	Also restore the label to its original value after qemu is finished
	with the file.
	Prior to this patch, qemu domain restore did not function properly if
	selinux was set to enforce.

2010-06-26  Eric Blake  <eblake@redhat.com>

	build: fix regression with libvirt-api.xml generation
	(EXTRA_DIST): Remove redundant listing of xml files.
	(html/%-%.html, html/%-virterror.html, %-api.xml, %-refs.xml):
	Rewrite with...
	(python_generated_files): ...new macro, since make didn't see
	through the dependency chain correctly otherwise.

2010-06-26  Chris Lalancette  <clalance@redhat.com>

	Fix a reference leak for node devices.
	There were some major, and some minor bugs having to do with
	the reference counting of node devices in daemon/remote.c.
	Some functions were completely failing to unreference node devices;
	this would lead to many open file descriptors, which would eventually
	fail.
	The minor bugs were along the same lines, but were in rarely
	used error paths.

2010-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Don't squash file permissions when migration fails
	If an active migration operation fails, or is cancelled by the
	admin, the QEMU on the destination is shutdown and the one on
	the source continues running. It is important in shutting down
	the QEMU on the destination, the security drivers don't reset
	the file labelling/permissions.
	* src/qemu/qemu_driver.c: Don't reset labelling/permissions
	  on migration abort

2010-06-25  Eric Blake  <eblake@redhat.com>

	phyp: optimize use of sed
	Minor speedups by using the full power of sed.
	* src/phyp/phyp_driver.c (phypGetVIOSFreeSCSIAdapter)
	(phypDiskType, phypListDefinedDomains): Use fewer processes, by
	folding other work into sed.
	(phypGetVIOSPartitionID): Likewise.  Also avoid non-portable use
	of 'sed -s'.

2010-06-25  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: add storage management driver
	Add the storage management driver to the Power Hypervisor driver.
	This is a big but simple patch, it's just a new set of functions.
	This patch includes:
	 * Storage driver: The set of pool-* and vol-* functions.
	 * attach-disk function.
	 * Support for IVM on the new functions.

	phyp: add rudimentary storage driver
	* src/phyp/phyp_driver.c (phypStorageDriver): New driver.
	(phypStorageOpen, phypStorageClose): New functions.
	(phypRegister): Register it.

2010-06-25  Eric Blake  <eblake@redhat.com>

	phyp: reduce scope of driver functions
	Several phyp functions are not namespace clean, and had no reason
	to be exported since no one outside the phyp driver needed to use
	them.  Rather than do lots of forward declarations, I was able
	to topologically sort the file.  So, this patch looks huge, but
	is really just a matter of marking things static and dealing with
	the compiler fallout.
	* src/phyp/phyp_driver.h (PHYP_DRIVER_H): Add include guard.
	(phypCheckSPFreeSapce): Delete unused declaration.
	(phypGetSystemType, phypGetVIOSPartitionID, phypCapsInit)
	(phypBuildLpar, phypUUIDTable_WriteFile, phypUUIDTable_ReadFile)
	(phypUUIDTable_AddLpar, phypUUIDTable_RemLpar, phypUUIDTable_Pull)
	(phypUUIDTable_Push, phypUUIDTable_Init, phypUUIDTable_Free)
	(escape_specialcharacters, waitsocket, phypGetLparUUID)
	(phypGetLparMem, phypGetLparCPU, phypGetLparCPUGeneric)
	(phypGetRemoteSlot, phypGetBackingDevice, phypDiskType)
	(openSSHSession): Move declarations to phyp_driver.c and make static.
	* src/phyp/phyp_driver.c: Rearrange file contents to provide
	topological sorting of newly-static funtions (no semantic changes
	other than reduced scope).
	(phypGetBackingDevice, phypDiskType): Mark unused, for now.

	maint: add gnulib gettimeofday module
	* bootstrap.conf (gnulib_modules): Add gettimeofday.

2010-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix test case failure due to missing -nodefconfig
	The previous change which split -nodefconfig probing off
	from -device broke the test case because it missed adding
	the QEMUD_CMD_FLAG_NODEFCONFIG to the test
	* src/util/bridge.c: Set QEMUD_CMD_FLAG_NODEFCONFIG for all
	  configs with QEMUD_CMD_FLAG_DEVICE set

	Fix migration in text mode and shared storage migration in json mode
	The patches for shared storage migration were not correctly written
	for json mode. Thus the 'blk' and 'inc' parameters were never being
	set. In addition they didn't set the QEMU_MONITOR_MIGRATE_BACKGROUND
	so migration was synchronous. Due to multiple bugs in QEMU's JSON
	impl this wasn't noticed because it treated the sync migration requst
	as asynchronous anyway. Finally 'background' parameter was converted
	to take arbitrary flags but not renamed, and not all uses were changed
	to unsigned int.
	* src/qemu/qemu_driver.c: Set QEMU_MONITOR_MIGRATE_BACKGROUND in
	  doNativeMigrate
	* src/qemu/qemu_monitor_json.c: Process QEMU_MONITOR_MIGRATE_NON_SHARED_DISK
	  and QEMU_MONITOR_MIGRATE_NON_SHARED_INC flags
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.h, src/qemu/qemu_monitor_text.c,
	  src/qemu/qemu_monitor_text.h: change 'int background' to
	  'unsigned int flags' in migration APIs. Add logging of flags
	  parameter

	Avoid blocking all APIs during incoming migration
	During incoming migration the QEMU monitor is not able to be
	used. The incoming migration code did not keep hold of the
	job lock because migration is split across multiple API calls.
	This meant that further monitor commands on the guest would
	hang until migration finished with no timeout.
	In this change the qemuDomainMigratePrepare method sets the
	job flag just before it returns. The qemuDomainMigrateFinish
	method checks for this job flag & clears it once done. This
	prevents any use of the monitor between prepare+finish steps.
	The qemuDomainGetJobInfo method is also updated to refresh
	the job elapsed time. This means that virsh domjobinfo can
	return time data during incoming migration
	* src/qemu/qemu_driver.c: Keep a job active during incoming
	  migration. Refresh job elapsed time when returning job info

	Set labelling for character devices in security drivers
	When configuring serial, parallel, console or channel devices
	with a file, dev or pipe backend type, it is necessary to label
	the file path in the security drivers. For char devices of type
	file, it is neccessary to pre-create (touch) the file if it does
	not already exist since QEMU won't be allowed todo so itself.
	dev/pipe configs already require the admin to pre-create before
	starting the guest.
	* src/qemu/qemu_security_dac.c: set file ownership for character
	  devices
	* src/security/security_selinux.c: Set file labeling for character
	  devices
	* src/qemu/qemu_driver.c: Add character devices to cgroup ACL

	Add API for iterating over all character devices
	The parallel, serial, console and channel devices are all just
	character devices. A lot of code needs todo the same thing to
	all these devices. This provides an convenient API for iterating
	over all of them.
	* src/conf/domain_conf.c, src/conf/domain_conf.c,
	  src/libvirt_private.syms: Add virDomainChrDefForeach

	Add missing parameter in python Disk IO error callback
	The IO error callback was forgetting to pass the action
	parameter, causing a stack trace when IO errors arrive
	* python/libvirt-override-virConnect.py: Add missing action
	  parameter in IO error callback

2010-06-25  Laine Stump  <laine@laine.org>

	Check for presence of qemu -nodefconfig option before using it
	We previously assumed that if the -device option existed in qemu, that
	-nodefconfig would also exist. It turns out that isn't the case, as
	demonstrated by qemu-kvm-0.12.3 in Fedora 13.
	*/src/qemu/qemu_conf.[hc] - add a new QEMUD_CMD_FLAG, set it via the
	                            help output, and check it before adding
	                            -nodefconfig to the qemu commandline.

2010-06-25  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	Adding Storage Management driver (style and indentation)
	This is just the indentation, style  and cleanup patch.

2010-06-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Use bool instead of int where appropriated

	esx: Add support for the controller element
	Also don't abuse the disk driver name to specify the SCSI controller
	model anymore:
	  <driver name='buslogic'/>
	Use the newly added model attribute of the controller element for this:
	  <controller type='scsi' index='0' model='buslogic'/>
	The disk driver name approach is deprecated now, but still works for
	backward compatibility reasons.
	Update the documentation and tests accordingly.
	Fix usage of the words controller and id in the VMX handling code. Use
	controller, bus and unit properly.

	Add optional model attribute to the controller element
	This is a step towards controller support for the ESX driver.

	Add wide SCSI bus disk address generation support
	The domain XML parsing code autogenerates disk address and
	controller elements when they are not explicitly specified.
	The code assumes a narrow SCSI bus (7 units per bus). ESX
	uses a wide SCSI bus (16 units per bus).
	This is a step towards controller support for the ESX driver.

	Cleanup some LIBADD and CFLAGS
	Move libnl to libvirt_util.la, because macvtap.c requires it.
	Add GnuTLS to libvirt_driver.la, because libvirt.c calls gcrypt functions.
	When built without loadable driver modules, then the remote driver pulls
	in GnuTLS.
	Move libgnu.la from libvirt_parthelper_CFLAGS to libvirt_parthelper_LDADD.

2010-06-24  Ryota Ozaki  <ozaki.ryota@gmail.com>

	cgroup: Enable memory.use_hierarchy of cgroup for domain
	Through conversation with Kumar L Srikanth-B22348, I found
	that the function of getting memory usage (e.g., virsh dominfo)
	doesn't work for lxc with ns subsystem of cgroup enabled.
	This is because of features of ns and memory subsystems.
	Ns creates child cgroup on every process fork and as a result
	processes in a container are not assigned in a cgroup for
	domain (e.g., libvirt/lxc/test1/). For example, libvirt_lxc
	and init (or somewhat specified in XML) are assigned into
	libvirt/lxc/test1/8839/ and libvirt/lxc/test1/8839/8849/,
	respectively. On the other hand, memory subsystem accounts
	memory usage within a group of processes by default, i.e.,
	it does not take any child (and descendant) groups into
	account. With the two features, virsh dominfo which just
	checks memory usage of a cgroup for domain always returns
	zero because the cgroup has no process.
	Setting memory.use_hierarchy of a group allows to account
	(and limit) memory usage of every descendant groups of the group.
	By setting it of a cgroup for domain, we can get proper memory
	usage of lxc with ns subsystem enabled. (To be exact, the
	setting is required only when memory and ns subsystems are
	enabled at the same time, e.g., mount -t cgroup none /cgroup.)

	cgroup: Change virCgroupRemove to remove all descendant groups at first
	As same as normal directories, a cgroup cannot be removed if it
	contains sub groups. This patch changes virCgroupRemove to remove
	all descendant groups (subdirectories) of a target group before
	removing the target group.
	The handling is required when we run lxc with ns subsystem of cgroup.
	Ns subsystem automatically creates child cgroups on every process
	forks, but unfortunately the groups are not removed on process exits,
	so we have to remove them by ourselves.
	With this patch, such child (and descendant) groups are surely removed
	at lxc shutdown, i.e., lxcVmCleanup which calls virCgroupRemove.

2010-06-23  Eric Blake  <eblake@redhat.com>

	virsh: document attach-disk better
	http://bugzilla.redhat.com/601143, part 1 - document existing
	behavior.  Ever since Mar 2010 (commit ced154cb), the use of
	'attach-disk' or 'attach-device' to change cdrom/floppy media has been
	documented but deprecated, but the replacement to use 'update-device'
	was not documented.
	* tools/virsh.c (cmdAttachInterface, cmdAttachDisk): Fix bad error
	message.
	* tools/virsh.pod (attach-device, attach-disk): Refer to
	update-device for cdrom and floppy behavior.
	(update-device): Add documentation.

2010-06-23  Alan Pevec  <apevec@redhat.com>

	network: allow tftp port if tftp is defined
	add iptables rules to allow TFTP from the virtual network if <tftp>
	element is defined in the network definition.
	Fedora bz#580215
	* src/network/bridge_driver.c: open UDP port 69 for TFTP traffic if
	  tftproot is defined

	bridge_driver.c: fix file description

2010-06-23  Daniel P. Berrange  <berrange@redhat.com>

	Add '-nodefconfig' command line arg to QEMU
	We already use the '-nodefaults' command line arg with QEMU to stop
	it adding any default devices to guests. Unfortunately, QEMU will
	load global config files from /etc/qemu that may also add default
	devices. These aren't blocked by '-nodefaults', so we need to also
	add the '-nodefconfig' arg to prevent that.
	Unfortunately these global config files are also used to define
	custom CPU models. So in blocking global hardware device addition
	we also block definitions of new CPU models. Libvirt doesn't know
	about these custom CPU models though, so it would never make use
	of them anyway. Thus blocking them via -nodefconfig isn't a show
	stopping problem. We would need to expand libvirt's own CPU model
	XML database to support these instead.
	* src/qemu/qemu_conf.c: Add '-nodefconfig' if available
	* tests/qemuxml2argvdata/: Add '-nodefconfig' to all data files which
	  have '-nodefaults' present

	Fix reference handling leak on qemuMonitor
	The current code pattern requires that callers of qemuMonitorClose
	check for the return value == 0, and if so, set priv->mon = NULL
	and release the reference held on the associated virDomainObjPtr
	The change d84bb6d6a3bd2fdd530184cc9743249ebddbee71 violated that
	requirement, meaning that priv->mon never gets set to NULL, and
	a reference count is leaked on virDomainObjPtr.
	This design was a bad one, so remove the need to check the return
	valueof qemuMonitorClose(). Instead allow registration of a
	callback that's invoked just when the last reference on qemuMonitorPtr
	is released.
	Finally there was a potential reference leak in qemuConnectMonitor
	in the failure path.
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add a destroy
	  callback invoked from qemuMonitorFree
	* src/qemu/qemu_driver.c: Use the destroy callback to release the
	  reference on virDomainObjPtr when the monitor is freed. Fix other
	  potential reference count leak in connecting to monitor

	Make checks for inactive QEMU guest more robust
	Before issuing monitor commands it is neccessary to check whether
	the guest is still running. Most places use virDomainIsActive()
	correctly, but a few relied on 'priv->mon != NULL'. In theory
	these should be equivalent, but the release of the last reference
	count on priv->mon can be delayed a small amount of time until
	the event handler is finally deregistered. A further ref counting
	bug also means that priv->mon might be never released. In such a
	case, code could mistakenly issue a monitor command and wait for
	a response that will never arrive, effectively leaving the QEMU
	driver waiting on virCondWait() forever..
	To protect against these possibilities, make sure all code uses
	virDomainIsActive(), not 'priv->mon != NULL'
	* src/qemu/qemu_driver.c: Replace 'priv->mon != NULL' with
	  calls to 'priv->mon != NULL'()

	Improve some error messages about unsupported APIs/URIs
	If there is no driver for a URI we report
	  "no hypervisor driver available"
	This is bad because not all virt drivers are hypervisors (ie container
	based virt).
	If there is no driver support for an API we report
	  "this function is not supported by the hypervisor"
	This is bad for the same reason, and additionally because it is
	also used for the network, interface & storage drivers.
	* src/util/virterror.c: Improve error messages

2010-06-22  Jiri Denemark  <jdenemar@redhat.com>

	Don't leak open fd to virsh in libvirt-guests init script
	Running virsh while having /var/lib/libvirt/libvirt-guests file open
	makes SELinux emit messages about preventing virsh from reading that
	file. Since virsh doesn't really want to read anything, it's better to
	run it with /dev/null on stdin to prevent those messages.

2010-06-22  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: fix loadable module support
	Following Daniel Berrange's multiple helpful suggestions for improving
	this patch and introducing another driver interface, I now wrote the
	below patch where the nwfilter driver registers the functions to
	instantiate and teardown the nwfilters with a function in
	conf/domain_nwfilter.c called virDomainConfNWFilterRegister. Previous
	helper functions that were called from qemu_driver.c and qemu_conf.c
	were move into conf/domain_nwfilter.h with slight renaming done for
	consistency. Those functions now call the function expored by
	domain_nwfilter.c, which in turn call the functions of the new driver
	interface, if available.

2010-06-21  Justin Clift  <justin@salasaga.org>

	virsh: remove a doubled up include for errno.h

2010-06-21  Jiri Denemark  <jdenemar@redhat.com>

	Misc cleanups
	- Fix documentation for virGetStorageVol: it has 'key' argument instead
	  of 'uuid'.
	- Remove TODO comment from virReleaseStorageVol: we use volume key as an
	  identifier instead of UUID.
	- Print human-readable UUID string in debug message in virReleaseSecret.

	Do not free static buffer with UUID
	As anywhere else, uuid is defined as a fixed size array inside
	_virSecret structure; we shouldn't try to free it.

	Remove unnecessary check for non-NULL uuid
	The first thing we do in all these functions is to check uuid != NULL
	and fail if it isn't.

	Index hashes by UUID instead of name
	Per-connection hashes for domains, networks, storage pools and network
	filter pools were indexed by names which was not the best choice. UUIDs
	are better identifiers, so lets use them.

2010-06-21  Philipp Hahn  <hahn@univention.de>

	Allow one-or-more <boot dev="..."/> entries
	According to docs/formatdomain.html.in, "The boot element can be
	repeated multiple times to setup a priority list of boot devices to try
	in turn." The Relax-NG schema required / allowed exactly one entry.

2010-06-19  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: extensions of docs with
	As requested, here a couple of paragraphs about the recently added statematch attribute and some advanced (and tricky) traffic filtering topics.

2010-06-18  Cole Robinson  <crobinso@redhat.com>

	Add ACK'd v2 changes for previous commit

	qemu: Fix crash on failed VM startup
	If VM startup fails early enough (can't find a referenced USB device),
	libvirtd will crash trying to clear the VNC port bit, since port = 0,
	which overflows us out of the bitmap bounds.
	Fix this by being more defensive in the bitmap operations, and only
	clearing a previously set VNC port.

2010-06-18  Philipp Hahn  <hahn@univention.de>

	Fix description of virStorageVolGetInfo()
	Probably a copy-paste-bug in python/libvirt-override-api.xml:
	virStorageVolGetInfo() extracts information about a "storage volume",
	not the "storage pool" as virStoragePoolGetInfo() does.

2010-06-18  Justin Clift  <justin@salasaga.org>

	virsh: add --uuid option to vol-pool
	Adds an optional switch, --uuid, for telling the virsh vol-pool command
	to return the pool UUID rather than pool name.

2010-06-18  Eric Blake  <eblake@redhat.com>

	qemu: reduce file padding requirements
	Followup to https://bugzilla.redhat.com/show_bug.cgi?id=599091,
	commit 20206a4b, to reduce disk waste in padding.
	* src/qemu/qemu_monitor.h (QEMU_MONITOR_MIGRATE_TO_FILE_BS): Drop
	back to 4k.
	(QEMU_MONITOR_MIGRATE_TO_FILE_TRANSFER_SIZE): New macro.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update comment.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrateToFile): Use
	two invocations of dd to output non-aligned large blocks.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMigrateToFile):
	Likewise.

2010-06-18  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: add XML attribute to control iptables state match
	This patch adds an optional XML attribute to a nwfilter rule to give the user control over whether the rule is supposed to be using the iptables state match or not. A rule may now look like shown in the XML below with the statematch attribute either having value '0' or 'false' (case-insensitive).
	[...]
	<rule action='accept' direction='in' statematch='false'>
	<tcp srcmacaddr='1:2:3:4:5:6'
	           srcipaddr='10.1.2.3' srcipmask='32'
	           dscp='33'
	           srcportstart='20' srcportend='21'
	           dstportstart='100' dstportend='1111'/>
	</rule>
	[...]
	I am also extending the nwfilter schema and add this attribute to a test case.

2010-06-18  Justin Clift  <justin@salasaga.org>

	virsh: ensure persistence and autostart are shown for dominfo and pool-info
	This patch adds the persistence status (yes/no) to the output of the virsh
	dominfo and pool-info commands.  This patch also adds the autostart status
	to the output of the virsh pool-info command.
	Red Hat BZ for this:
	  https://bugzilla.redhat.com/show_bug.cgi?id=603696

2010-06-18  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: adding support for IVM
	Use virBuffer* API to conditionally keep the portion of the command
	line specific to HMC, so that IVM can work.

2010-06-17  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: use match target on incoming traffic
	The following patch enables the iptables match target to be used by
	default for incoming traffic. So far it has only be used for outgoing
	traffic.

	macvtap: work-around for 2.6.32 and older kernels
	This patch works around a recent extension of the netlink driver I had made use of when building the netlink messages. Unfortunately older kernels don't accept IFLA_IFNAME + name of interface as a replacement for the interface's index, so this patch now gets the interface index ifindex if it's not provided (ifindex <= 0).

2010-06-17  Justin Clift  <justin@salasaga.org>

	virsh: change printf() calls to vshPrint()
	Trivial fix changing printf() calls to vshPrint() where the ctl
	variable is available.

	virsh: improve help text for vol query commands
	Improves the help text for vol-path, vol-name, and vol-key, which
	previously referred to volume UUIDs.
	Addresses BZ # 598365.

	virsh: add pool support to vol-key command
	Presently the vol-key command only supports being provided with
	a volume path.
	This patch adds support for providing it with a pool and volume
	identifier pair as well.
	    virsh # vol-key --pool <pool-name-or-uuid> <vol-name-or-path>

2010-06-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add several missing vir*Free calls in libvirtd's remote code
	Justin Clift reported a problem with adding virStoragePoolIsPersistent
	to virsh's pool-info command, resulting in a strange problem. Here's
	an example:
	    virsh # pool-create-as images_dir3 dir - - - - "/home/images2"
	    Pool images_dir3 created
	    virsh # pool-info images_dir3
	    Name:           images_dir3
	    UUID:           90301885-94eb-4ca7-14c2-f30b25a29a36
	    State:          running
	    Capacity:       395.20 GB
	    Allocation:     30.88 GB
	    Available:      364.33 GB
	    virsh # pool-destroy images_dir3
	    Pool images_dir3 destroyed
	At this point the images_dir3 pool should be gone (because it was
	transient) and we should be able to create a new pool with the same name:
	    virsh # pool-create-as images_dir3 dir - - - - "/home/images2"
	    Pool images_dir3 created
	    virsh # pool-info images_dir3
	    Name:           images_dir3
	    UUID:           90301885-94eb-4ca7-14c2-f30b25a29a36
	    error: Storage pool not found
	The new pool got the same UUID as the first one, but we didn't specify
	one. libvirt should have picked a random UUID, but it didn't.
	It turned out that virStoragePoolIsPersistent leaks a reference to the
	storage pool object (actually remoteDispatchStoragePoolIsPersistent does).
	As a result, pool-destroy doesn't remove the virStoragePool for the
	"images_dir3" pool from the virConnectPtr's storagePools hash on libvirtd's
	side. Then the second pool-create-as get's the stale virStoragePool object
	associated with the "images_dir3" name. But this object has the old UUID.
	This commit ensures that all get_nonnull_* and make_nonnull_* calls for
	libvirt objects are matched properly with vir*Free calls. This fixes the
	reference leaks and the reported problem.
	All remoteDispatch*IsActive and remoteDispatch*IsPersistent functions were
	affected. But also remoteDispatchDomainMigrateFinish2 was affected in the
	success path. I wonder why that didn't surface earlier. Probably because
	domainMigrateFinish2 is executed on the destination host and in the common
	case this connection is opened especially for the migration and gets closed
	after the migration is done. So there was no chance to run into a problem
	because of the leaked reference.

	esx: Update case insensitive .vmx tests
	Commit b9efc7dc3b97ef667ab99cee884b8485ebcb2f91 made virFileHasSuffix
	case insensitive. Honor this in the tests by switching vmdk to VMDK.

	esx: Accept 'disk' as harddisk device type in .vmx files

2010-06-17  Eric Blake  <eblake@redhat.com>

	phyp: sed cleanups
	* src/phyp/phyp_driver.c (phypNumDomainsGeneric): Avoid glob
	collision by quoting sed argument.
	(phypDomainSetCPU): Avoid non-portable \+ in sed.
	(phypGetVIOSPartitionID, phypDiskType, phypListDomainsGeneric)
	(phypListDefinedDomains): Micro-optimize anchored substitutions.

2010-06-16  Justin Clift  <justin@salasaga.org>

	virsh: mark autostart answers for translation
	This is a trivial fix for several autostart yes/no strings that
	weren't correctly marked for translation.

2010-06-15  Eric Blake  <eblake@redhat.com>

	virsh: add start --paused support
	Make 'start --paused' mirror 'create --paused'.
	* tools/virsh.c (cmdStart): Use new virDomainCreateWithFlags API
	when needed.
	* tools/virsh.pod (start): Document --paused.

	qemu: support starting persistent domain paused
	Match earlier change for qemu pause support with virDomainCreateXML.
	* src/qemu/qemu_driver.c (qemudDomainObjStart): Add parameter; all
	callers changed.
	(qemudDomainStartWithFlags): Implement flag support.

	drivers: add virDomainCreateWithFlags if virDomainCreate exists
	* src/esx/esx_driver.c (esxDomainCreate): Move guts...
	(esxDomainCreateWithFlags): ...to new function.
	(esxDriver): Trivially support the new API.
	* src/lxc/lxc_driver.c (lxcDomainStart, lxcDomainStartWithFlags)
	(lxcDriver): Likewise.
	* src/opennebula/one_driver.c (oneDomainStart)
	(oneDomainStartWithFlags, oneDriver): Likewise.
	* src/openvz/openvz_driver.c (openvzDomainCreate)
	(openvzDomainCreateWithFlags, openvzDriver): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainStart)
	(qemudDomainStartWithFlags, qemuDriver): Likewise.
	* src/test/test_driver.c (testDomainCreate)
	(testDomainCreateWithFlags, testDriver): Likewise.
	* src/uml/uml_driver.c (umlDomainStart, umlDomainStartWithFlags)
	(umlDriver): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainCreate)
	(vboxDomainCreateWithFlags, Driver): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainCreate)
	(xenUnifiedDomainCreateWithFlags, xenUnifiedDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainCreate)
	(xenapiDomainCreateWithFlags, xenapiDriver): Likewise.

	remote: protocol implementation for virDomainCreateWithFlags
	Define the wire format for the new virDomainCreateWithFlags
	API, and implement client and server side of marshaling code.
	* daemon/remote.c (remoteDispatchDomainCreateWithFlags): Add
	server side dispatch for virDomainCreateWithFlags.
	* src/remote/remote_driver.c (remoteDomainCreateWithFlags)
	(remote_driver): Client side serialization.
	* src/remote/remote_protocol.x
	(remote_domain_create_with_flags_args)
	(remote_domain_create_with_flags_ret)
	(REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS): Define wire format.
	* daemon/remote_dispatch_args.h: Regenerate.
	* daemon/remote_dispatch_prototypes.h: Likewise.
	* daemon/remote_dispatch_table.h: Likewise.
	* src/remote/remote_protocol.c: Likewise.
	* src/remote/remote_protocol.h: Likewise.
	* src/remote_protocol-structs: Likewise.

	libvirt: introduce domainCreateWithFlags API
	Persistent domain creation needs the same features as transient
	domains, but virDomainCreate lacks the flags argument present in
	virDomainCreateXML.  virDomainCreateFlags is already claimed as
	a public enum, so we have to break convention and expose
	virDomainCreateWithFlags.
	* include/libvirt/libvirt.h.in (virDomainCreateWithFlags): Add.
	* src/driver.h (virDrvDomainCreateWithFlags): Internal API.
	* src/libvirt.c (virDomainCreateWithFlags): Glue public API to
	driver API.
	* src/libvirt_public.syms (LIBVIRT_0.8.2): Expose public API.
	* src/esx/esx_driver.c (esxDriver): Add stub for driver.
	* src/lxc/lxc_driver.c (lxcDriver): Likewise.
	* src/opennebula/one_driver.c (oneDriver): Likewise.
	* src/openvz/openvz_driver.c (openvzDriver): Likewise.
	* src/phyp/phyp_driver.c (phypDriver): Likewise.
	* src/qemu/qemu_driver.c (qemuDriver): Likewise.
	* src/remote/remote_driver.c (remote_driver): Likewise.
	* src/test/test_driver.c (testDriver): Likewise.
	* src/uml/uml_driver.c (umlDriver): Likewise.
	* src/vbox/vbox_tmpl.c (Driver): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDriver): Likewise.

	maint: simplify some ignore files
	* .hgignore: Delete, no longer used.
	* examples/python/.gitignore: Delete, covered globally.
	* include/.gitignore: Likewise.
	* python/tests/.gitignore: Likewise.
	* docs/schemas/.gitignore: Likewise.
	* tests/xml2sexprdata/.gitignore: Likewise.
	* tests/sexpr2xmldata/.gitignore: Likewise.
	* tests/confdata/.gitignore: Likewise.
	* tests/xencapsdata/.gitignore: Likewise.
	* tests/xmconfigdata/.gitignore: Likewise.
	* tests/xml2sexprdata/.gitignore: Likewise.

	parthelper: fix compilation without optimization
	Daniel's patch works with gcc and CFLAGS containing -O (the
	autoconf default), but fails with non-gcc or with other
	CFLAGS (such as -g), since c-ctype.h declares c_isdigit as
	a macro only for certain compilation settings.
	* src/Makefile.am (libvirt_parthelper_LDFLAGS): Add gnulib
	library, for when c_isdigit is not a macro.
	* src/storage/parthelper.c (main): Avoid out-of-bounds
	dereference, noticed by Jim Meyering.

2010-06-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix enumeration of partitions in disks with a trailing digit in path
	Disks with a trailing digit in their path (eg /dev/loop0 or
	/dev/dm0) have an extra 'p' appended before the partition
	number (eg, to form /dev/loop0p1 not /dev/loop01). Fix the
	partition lookup to append this extra 'p' when required
	* src/storage/parthelper.c: Add a 'p' before partition
	  number if required

2010-06-12  Eric Blake  <eblake@redhat.com>

	uml: sanity check external data before using it
	Otherwise, a malicious packet could cause a DoS via spurious
	out-of-memory failure.
	* src/uml/uml_driver.c (umlMonitorCommand): Validate that incoming
	data is reliable before using it to allocate/dereference memory.
	Don't report bogus errno on short read.
	Reported by Jim Meyering.

2010-06-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	Improve error message for disabled client-side drivers
	Report that libvirt was built without that driver instead of
	trying to connect to a libvirtd, when we know that this is
	going to fail.

2010-06-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: check getenv("DISPLAY") for NULL in vboxDomainDumpXML
	Otherwise this will segfault if DISPLAY is not defined.

	Check getenv("PATH") for NULL in virFindFileInPath
	Otherwise this will segfault if PATH is not defined.
	Reported by Emre Erenoglu

2010-06-11  Justin Clift  <justin@salasaga.org>

	virsh: add snapshot backing store support to vol-create-as
	This patch adds two new parameters to the vol-create-as command:
	 --backing-vol <volume-name-or-key-or-path>
	 --backing-vol-format <format-of-backing-vol>
	  virsh # vol-create-as guest_images_lvm snapvol1 5G --backing-vol \
	              rhel6vm1lun1
	  Vol snapvol1 created
	  virsh # vol-create-as image_dir qcow2snap2 5G --format qcow2 \
	              --backing-vol imagevol1.qcow2 \
	              --backing-vol-format qcow2
	  Vol qcow2snap2 created
	Additionally, the virsh man page update fixes incorrect snapshot
	parameters that were included in my prior bulk volume command patch.

2010-06-10  Eric Blake  <eblake@redhat.com>

	build: fix some mingw issues
	On Fedora 13 with sufficient mingw32-* packages installed, running
	./autobuild.sh failed to cross-compile to mingw because
	mingw32-pthreads installed a broken <pthread.h>.  With that
	issue fixed, the build still failed due to use of O_SYNC.
	Meanwhile, recent .spec.in changes got out of sync.
	* bootstrap.conf (gnulib_modules): Add fcntl-h, for O_SYNC.
	* .gnulib: Update to latest, to work around buggy pthreads-win32
	library.
	* bootstrap: Import latest from gnulib.
	* mingw32-libvirt.spec.in: Distribute new file.

	build: avoid pthreads-win32 on mingw
	* src/util/threads.c (includes) [WIN32]: On mingw, favor native
	threading over pthreads-win32 library.
	* src/util/thread.h [WIN32] Likewise.
	Suggested by Daniel P. Berrange.

2010-06-09  Daniel P. Berrange  <berrange@redhat.com>

	Fix cgroup setup code to cope with root squashing NFS
	When a disk is on a root squashed NFS server, it may not be
	possible to stat() the disk file in virCgroupAllowDevice.
	The virStorageFileGetMeta method may also fail to extract
	the parent backing store. Both of these errors have to be
	ignored to avoid breaking NFS deployments
	* src/qemu/qemu_driver.c: Ignore errors in cgroup setup to
	   keep root squash NFS happy

2010-06-09  Justin Clift  <justin@salasaga.org>

	virsh: fixed trivial comment and debug message in vshCommandOptVolBy function

	virsh: remove xen reference in header comment
	With libvirt and virsh now being used for much more than Xen, this
	patch removes the outdated reference to Xen in the file header.

2010-06-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add proxy query parameter
	Allow to specify a proxy to be used by libcurl.

	esx: Refactor esxUtil_ParseQuery's parameter handling
	Pass a struct containing the parameters instead of passing each
	one individually. This make future extensions a bit simpler.

2010-06-09  Justin Clift  <justin@salasaga.org>

	virsh: add the volume commands to the virsh man page
	This patch also includes the new vol-pool command.

	virsh: add new vol-pool command
	This patch adds a new "vol-pool" command to virsh, to round out the
	identifier conversion functions for volumes in virsh.  Now it is
	possible to work with volumes when starting from just a volume key
	or volume path.

2010-06-09  Eric Blake  <eblake@redhat.com>

	virsh: add --paused option to create
	* tools/virsh.c (opts_create): Add --paused option.
	(cmdCreate): Pass appropriate flag.
	* tools/virsh.pod: Document it.

	qemu: allow creation of a paused domain
	https://bugzilla.redhat.com/show_bug.cgi?id=589465
	Some guests (eg with badly configured grub, or Windows' installation cd)
	require quick response from the console user. That's why we have a
	"launchPaused" option in vdsm.
	To implement it via libvirt, we need to ask libvirt not to call
	qemuMonitorStartCPUs() after starting qemu.  Calling virDomainStop
	immediately after the domain is up is inherently raceful.
	* src/qemu/qemu_driver.c (qemudStartVMDaemon): Add new parameter;
	all callers adjusted.
	(qemudDomainCreate): Implement support for new flag.

	virDomainCreateXML: support new flag
	* include/libvirt/libvirt.h.in (virDomainCreateFlags): Add
	VIR_DOMAIN_START_PAUSED.
	* src/libvirt.c (virDomainCreateXML): Update documentation.
	* src/lxc/lxc_driver.c (lxcDomainCreateAndStart): Reject new flag
	as unimplemented.
	* src/opennebula/one_driver.c (oneDomainCreateAndStart):
	Likewise.
	* src/openvz/openvz_driver.c (openvzDomainCreateXML): Likewise.
	* src/phyp/phyp_driver.c (phypDomainCreateAndStart): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainCreate): Likewise.
	* src/test/test_driver.c (testDomainCreateXML): Likewise.
	* src/uml/uml_driver.c (umlDomainCreate): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainCreateXML): Likewise.
	* src/xen/xend_internal.c (xenDaemonCreateXML): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainCreateXML): Likewise.

2010-06-09  David Allan  <dallan@redhat.com>

	Fix leaks in udev device add/remove v3
	* This patch is a modification of a patch submitted by Nigel Jones.
	  It fixes several memory leaks on device addition/removal:
	1. Free the virNodeDeviceDefPtr in udevAddOneDevice if the return
	   value is non-zero
	2. Always release the node device reference after the device has been
	   processed.
	* Refactored for better readability per the suggestion of clalance

	Add multiIQN tests
	* Fix broken rng schema
	* Add test input & output files

	Add multiiqn XML dump
	* Use virBufferEscapeString() per Dan B.

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix test breakage from virtio serial changes
	The virtio serial changes broke the test suite because they forgot
	to add the new address attribute to the domain XML schema. The
	xml2xml test also broke because the XML no longer roundtrips. This
	is due to testing of auto-addition of <controller> elements. Split
	that test case off into a separate XML file to avoid breakage
	* docs/schemas/domain.rng: Allow port number for virtio serial addresses
	* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args,
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: Revert to
	  a simple config to avoid breaking xml2xml test
	* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-auto.xml,
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-auto.args: Add
	  complex test case for auto-controller addition for xml2argv test
	* tests/qemuxml2argvtest.c: Add channel-virtio-auto test

	Enable probing of VPC disk format type
	A look at the QEMU source revealed the missing bits of info about
	the VPC file format, so we can enable this now
	* src/util/storage_file.c: Enable VPC format, providing version
	  and disk size offset fields

	Ensure that PCI device is reattached to host if hotadd fails
	When an attempt to hotplug a PCI device to a guest fails,
	the device was left attached to pci-stub. It is neccessary
	to reset the device and then attach it to the host driver
	again.
	* src/qemu/qemu_driver.c: Reattach PCI device to host if
	  hotadd fails

	Don't raise errors in the selinux restore code
	The restore code is done in places where errors cannot be
	raised, since they will overwrite over pre-existing errors.
	* src/security/security_selinux.c: Only warn about failures
	  in label restore, don't report errors

	Fix check for errors in device_add command in QEMU text monitor
	Any output at all from device_add indicates an error in the
	command execution. Thus it needs to check for reply != ""
	* src/qemu/qemu_monitor_text.c: Fix reply check for errors
	  to treat any output as an error

	Prefer UDEV to HAL drivers if both a compiled
	HAL is deprecated and UDEV is the future. Thus if both
	options are compiled, we should prefer use of UDEV over
	HAL
	* src/node_device/node_device_driver.c: Switch init
	  order to try UDEV first, then HAL

2010-06-08  Daniel J Walsh  <dwalsh@redhat.com>

	Add support for setting socket MLS level in SELinux driver
	When SELinux is running in MLS mode, libvirtd will have a
	different security level to the VMs. For libvirtd to be
	able to connect to the monitor console, the client end of
	the UNIX domain socket needs a different label. This adds
	infrastructure to set the socket label via the security
	driver framework
	* src/qemu/qemu_driver.c: Call out to socket label APIs in
	  security driver
	* src/qemu/qemu_security_stacked.c: Wire up socket label
	  drivers
	* src/security/security_driver.h: Define security driver
	  entry points for socket labelling
	* src/security/security_selinux.c: Set socket label based on
	  VM label

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Network duplicate UUID/name checking
	The network driver is not doing correct checking for
	duplicate UUID/name values. This introduces a new method
	virNetworkObjIsDuplicate, based on the previously
	written virDomainObjIsDuplicate.
	* src/conf/network_conf.c, src/conf/network_conf.c,
	  src/libvirt_private.syms: Add virNetworkObjIsDuplicate,
	* src/network/bridge_driver.c: Call virNetworkObjIsDuplicate
	  for checking uniqueness of uuid/names

	Fix error codes for missing storage pools
	The storage pool driver is mistakenly using the error code
	VIR_ERR_INVALID_STORAGE_POOL which is for diagnosing invalid
	pointers. This patch switches it to use VIR_ERR_NO_STORAGE_POOL
	which is the correct code for cases where the storage pool does
	not exist
	* src/storage/storage_driver.c: Replace VIR_ERR_INVALID_STORAGE_POOL
	  with VIR_ERR_NO_STORAGE_POOL

	Storage pool duplicate UUID/name checking
	The storage pool driver is not doing correct checking for
	duplicate UUID/name values. This introduces a new method
	virStoragePoolObjIsDuplicate, based on the previously
	written virDomainObjIsDuplicate.
	* src/conf/storage_conf.c, src/conf/storage_conf.c,
	  src/libvirt_private.syms: Add virStoragePoolObjIsDuplicate,
	* src/storage/storage_driver.c: Call virStoragePoolObjIsDuplicate
	  for checking uniqueness of uuid/names

	Fix auto-adding of virtio serial controllers
	The domain parsing code would auto-add a virtio serial controller
	if it saw any virtio serial channel defined. Unfortunately it
	always added a controller with index=0, even if the channel address
	specified an index != 0. It only added one controller, even if
	multiple controllers were referenced by channels. Finally, it let
	the ports+vectors parameters initialize to zero instead of -1, which
	prevented the controllers accepting any ports.
	* src/conf/domain_conf.c: Initialize ports+vectors when adding
	  virtio serial controllers. Add all neccessary virtio serial
	  controllers, instead of hardcoding controller 0
	* qemuxml2argvdata/qemuxml2argv-channel-virtio.args,
	  qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: Expand to
	  test controller auto-add behaviour

	Include port number with virtio serial devices
	To ensure that the device addressing scheme is stable across
	hotplug/unplug, all virtio serial channels needs to have an
	associated port number in their address. This is then specified
	to QEMU using the nr=NNN parameter
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
	  for port number in vioserial address types.
	* src/qemu/qemu_conf.c: Set 'nr=NNN' parameter with virtio
	  serial port number
	* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args,
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: Expand
	  data set to ensure coverage of port addressing

	Disable use of 'reason' field in block IO event in QEMU
	QEMU upstream decided against adding a 'reason' field to
	the block IO event in QMP. Disable this code to remove a
	annoying warning message. It will be renabled when the
	error string reason is re-introduced in QEMU

	Ensure UNIX domain sockets are removed on daemon shutdown
	When libvirtd exits it is leaving UNIX domain sockets on
	the filesystem. These need to be removed.
	The qemudInitPaths() method has signficant code churn to
	switch from using a pre-allocated buffer on the stack, to
	dynamically allocating on the heap.
	* daemon/libvirtd.c, daemon/libvirtd.h: Store a reference
	  to the UNIX domain socket path and unlink it on shutdown

2010-06-08  Justin Clift  <justin@salasaga.org>

	virsh: fix minor virsh man page typos and formatting problems

2010-06-08  Jamie Strandboge  <jamie@ubuntu.com>

	Fix AppArmor save/restore.Add stdin_path to qemudStartVMDaemon() args.
	Refactor to update AppArmor security driver to adjust profile for
	save/restore. This addresses the following bugs:
	 https://bugzilla.redhat.com/show_bug.cgi?id=529363
	 https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/457716

	Add stdin_path to qemudStartVMDaemon() args.
	Adjust args to qemudStartVMDaemon() to also specify path to stdin_fd,
	so this can be passed to the AppArmor driver via SetSecurityAllLabel().
	This updates all calls to qemudStartVMDaemon() as well as setting up
	the non-AppArmor security driver *SetSecurityAllLabel() declarations
	for the above. This is required for the following
	"apparmor-fix-save-restore" patch since AppArmor resolves the passed
	file descriptor to the pathname given to open().

2010-06-06  Jim Meyering  <meyering@redhat.com>

	avoid syntax-check failure
	* .mailmap: Map a stray commit-author email address to the canonical one.
	Reported by Justin Clift.

2010-06-05  Laine Stump  <laine@laine.org>

	Adjust block size used by dd to speed QEMU domain save operations.
	See https://bugzilla.redhat.com/show_bug.cgi?id=599091
	Saving a paused 512MB domain took 3m47s with the old block size of 512
	bytes. Changing the block size to 1024*1024 decreased the time to 56
	seconds. (Doubling again to 2048*1024 yielded 0 improvement; lowering
	to 512k increased the save time to 1m10s, about 20%)

	Fix dereference of potentially freed pointer in qemudDomainSaveFlags
	The pointer to the xml describing the domain is saved into an object
	prior to calling VIR_REALLOC_N() to make the size of the memory it
	points to a multiple of QEMU_MONITOR_MIGRATE_TO_FILE_BS. If that
	operation needs to allocate new memory, the pointer that was saved is
	no longer valid.
	To avoid this situation, adjust the size *before* saving the pointer.
	(This showed up when experimenting with very large values of
	QEMU_MONITOR_MIGRATE_TO_FILE_BS).

2010-06-05  Jim Fehlig  <jfehlig@linux-ypgk.site>

	Fixes for commit 211dd1e9
	Fixes for issues in commit 211dd1e9 noted by by Jim Meyering.
	1. Allocate content buffer of size content_length + 1 to ensure
	   NUL-termination.
	2. Limit content buffer size to 64k
	3. Fix whitespace issue
	V2:
	  - Add comment to clarify allocation of content buffer
	  - Add ATTRIBUTE_NONNULL where appropriate
	  - User NULLSTR macro

2010-06-05  Eric Blake  <eblake@redhat.com>

	autobuild.sh: avoid bashism
	* autobuild.sh: Replace 'set -o pipefail' with POSIX alternative.
	Reported by Matthias Bolte.

2010-06-04  Jim Fehlig  <jfehlig@novell.com>

	Allocate buffer to hold xend response
	There are cases when a response from xend can exceed 4096 bytes, in
	which case anything beyond 4096 is ignored. This patch changes the
	current fixed-size, stack-allocated buffer to a dynamically allocated
	buffer based on Content-Length in HTTP header.

2010-06-03  David Allan  <dallan@redhat.com>

	Update nodedev scsi_host data before use
	* It appears that the udev event for HBA creation arrives before the
	  associated sysfs data is fully populated, resulting in bogus data
	  for the nodedev entry until the entry is refreshed.  This problem is
	  particularly troublesome when creating NPIV vHBAs because it results
	  in libvirt failing to find the newly created adapter and waiting for
	  the full timeout period before erroneously failing the create
	  operation.  This patch forces an update before any attempt to use
	  any scsi_host nodedev entry.

	Fix device destroy return value
	* Set return value in error cases
	* Clarify error message when parent device is not vport capable

2010-06-03  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: Strict check when listing domains

2010-06-03  Stefan Berger  <stefanb@us.ibm.com>

	add 802.1Qbh and 802.1Qbg handling
	This patch that adds support for configuring 802.1Qbg and 802.1Qbh
	switches. The 802.1Qbh part has been successfully tested with real
	hardware. The 802.1Qbg part has only been tested with a (dummy)
	server that 'behaves' similarly to how we expect lldpad to 'behave'.
	The following changes were made during the development of this patch:
	 - Merging Scott's v13-pre1 patch
	 - Fixing endptr related bug while using virStrToLong_ui() pointed out
	   by Jim Meyering
	 - Addressing Jim Meyering's comments to v11
	 - requiring mac address to the vpDisassociateProfileId() function to
	   pass it further to the 802.1Qbg disassociate part (802.1Qbh untouched)
	 - determining pid of lldpad daemon by reading it from /var/run/libvirt.pid
	   (hardcode as is hardcode alson in lldpad sources)
	 - merging netlink send code for kernel target and user space target
	   (lldpad) using one function nlComm() to send the messages
	 - adding a select() after the sending and before the reading of the
	   netlink response in case lldpad doesn't respond and so we don't hang
	 - when reading the port status, in case of 802.1Qbg, no status may be
	   received while things are 'in progress' and only at the end a status
	   will be there.
	 - when reading the port status, use the given instanceId and vf to pick
	   the right IFLA_VF_PORT among those nested under IFLA_VF_PORTS.
	 - never sending nor parsing IFLA_PORT_SELF type of messages in the
	   802.1Qbg case
	 - iterating over the elements in a IFLA_VF_PORTS to pick the right
	   IFLA_VF_PORT by either IFLA_PORT_PROFILE and given profileId
	   (802.1Qbh) or IFLA_PORT_INSTANCE_UUID and given instanceId (802.1Qbg)
	   and reading the current status in IFLA_PORT_RESPONSE.
	 - recycling a previous patch that adds functionality to interface.c to
	   - get the vlan identifier on an interface
	   - get the flags of an interface and some convenience function to
	     check whether an interface is 'up' or not (not currently used here)
	 - adding function to determine the root physical interface of an
	   interface. For example if a macvtap is linked to eth0.100, it will
	   find eth0. Also adding a function that finds the vlan on the 'way to
	   the root physical interface'
	 - conveying the root physical interface name and index in case of 802.1Qbg
	 - conveying mac address of macvlan device and vlan identifier in
	   IFLA_VFINFO_LIST[ IFLA_VF_INFO[ IFLA_VF_MAC(mac), IFLA_VF_VLAN(vlan) ] ]
	   to (future) lldpad via netlink
	  - To enable build with --without-macvtap rename the
	    [dis|]associatePortProfileId functions, prepend 'vp' before their
	    name and make them non-static functions.
	  - Renaming variable multicast to nltarget_kernel and inverting
	    the logic
	  - Addressing Jim Meyering's comments; this also touches existing
	    code for example for correcting indentation of break statements or
	    simplification of switch statements.
	  - Renamed occurrencvirVirtualPortProfileDef to virVirtualPortProfileParamses
	  - 802.1Qbg part prepared for sending a RTM_SETLINK and getting
	    processing status back plus a subsequent RTM_GETLINK to
	    get IFLA_PORT_RESPONSE.
	    Note: This interface for 802.1Qbg may still change
	  - [David Allan] move getPhysfn inside IFLA_VF_PORT_MAX to avoid
	compiler
	    warning when latest if_link.h isn't available
	  - move from Stefan's 802.1Qb{g|h} XML v8 to v9
	  - move hostuuid and vf index calcs to inside doPortProfileOp8021Qbh
	  - remove debug fprintfs
	  - use virGetHostUUID (thanks Stefan!)
	  - fix compile issue when latest if_link.h isn't available
	  - change poll timeout to 10s, at 1/8 intervals
	     - if polling times out, log msg and return -ETIMEDOUT
	  - Add Stefan's code for getPortProfileStatus
	  - Poll for up to 2 secs for port-profile status, at 1/8 sec intervals:
	     - if status indicates error, abort openMacvtapTap
	     - if status indicates success, exit polling
	     - if status is "in-progress" after 2 secs of polling, exit
	       polling loop silently, without error
	My patch finishes out the 802.1Qbh parts, which Stefan had mostly complete.
	I've tested using the recent kernel updates for VF_PORT netlink msgs and
	enic for Cisco's 10G Ethernet NIC.  I tested many VMs, each with several
	direct interfaces, each configured with a port-profile per the XML.  VM-to-VM,
	and VM-to-external work as expected.  VM-to-VM on same host (using same NIC)
	works same as VM-to-VM where VMs are on diff hosts.  I'm able to change
	settings on the port-profile while the VM is running to change the virtual
	port behaviour.  For example, adjusting a QoS setting like rate limit.  All
	VMs with interfaces using that port-profile immediatly see the effect of the
	change to the port-profile.
	I don't have a SR-IOV device to test so source dev is a non-SR-IOV device,
	but most of the code paths include support for specifing the source dev and
	VF index.  We'll need to complete this by discovering the PF given the VF
	linkdev.  Once we have the PF, we'll also have the VF index.  All this info-
	mation is available from sysfs.

2010-06-02  Eric Blake  <eblake@redhat.com>

	bitmap: reject zero-size bitmap
	* src/util/bitmap.c (virBitmapAlloc): Tighten sanity check.

2010-06-02  Cole Robinson  <crobinso@redhat.com>

	hostusb: Properly handle 'usbX' sysfs files
	Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=598272
	Some files under /sys/bus/usb/devices/ have the format 'usbX', where
	X is the USB bus number. Use STRPREFIX to correctly parse the bus numbers.

2010-06-02  Justin Clift  <justin@salasaga.org>

	Add --source-format argument to virsh pool-define-as and pool-create-as
	This is the corresponding patch for the virsh man page (virsh.pod).

	Add --source-format argument to virsh pool-define-as and pool-create-as
	When creating pools from dedicated disks, the existing pool-define-as
	and pool-create-as commands are a bit non-optimal.
	Ideally, a person would be able to specify all of the required options
	directly on the command line instead of having to edit the XML.
	At the moment, there is no way to specify the format type (ie gpt) so it
	gets included in the XML the pool is constructed with.
	Please find attached a simple (tested) patch to add an optional
	"--source-format 'type'" to virsh.  This is patched against current git
	master and will apply cleanly.
	Also created a Red Hat BZ ticket for this (#597790) for tracking.

	Trivial virsh.pod additions --all for "list" command and similar
	This is just a trivial patch to virsh.pod (from git master). It adds the
	following pieces to the virsh man page:
	  + Shows the --inactive and --all optional parameters for the list
	    command.
	    Closes Bugzilla #575512, reported by Renich Bon Ciric
	    https://bugzilla.redhat.com/show_bug.cgi?id=575512
	  + Corrects the existing description of the list command, to now say
	    that only running domains are listed if no domains are specified.
	    The man page up until this point has said all domains are listed if
	    no domains are specified, which is incorrect.
	  + Adds the "shut off" state to the list of states for the list
	    command.
	  + Adds a missing =back around line 755, that pod2man was complaining
	    was missing.

2010-06-02  Eric Blake  <eblake@redhat.com>

	build: fix VPATH 'make syntax-check'
	* cfg.mk (sc_check_author_list): Look in correct location.

	build: depend on correct file
	Otherwise, VPATH builds fail with:
	make[1]: *** No rule to make target `libvirt-guests.init', needed by `all'.
	Regression introduced in commit 482e08a9.
	* daemon/Makefile.am (%.init): Look in correct place for
	config.status.

2010-06-02  Cole Robinson  <crobinso@redhat.com>

	qemu: Add a qemu.conf option for clearing capabilities
	Currently there is no way to opt out of libvirt dropping POSIX
	capabilities for qemu. This at least is a useful debugging tool, but
	is also wanted by users (and distributors):
	https://bugzilla.redhat.com/show_bug.cgi?id=559154
	https://bugzilla.redhat.com/show_bug.cgi?id=573850
	v2: Clarify qemu.conf comment, warn about security implications
	v3: Add .aug changes

2010-05-29  Jim Meyering  <meyering@redhat.com>

	build: make cpp indentation conform
	* src/storage/storage_backend.h (VIR_STORAGE_VOL_OPEN_DEFAULT):
	Adjust s/#define/# define/, and align continued lines.

2010-05-29  Cole Robinson  <crobinso@redhat.com>

	storage: Check for invalid storage mode before opening
	If a directory pool contains pipes or sockets, a pool start can fail or hang:
	https://bugzilla.redhat.com/show_bug.cgi?id=589577
	We already try to avoid these special files, but only attempt after
	opening the path, which is where the problems lie. Unify volume opening
	into helper functions, which use the proper open() flags to avoid error,
	followed by fstat to validate storage mode.
	Previously, virStorageBackendUpdateVolTargetInfoFD attempted to enforce the
	storage mode check, but allowed callers to detect this case and silently
	continue. In practice, only the FS backend was using this feature, the rest
	were treating unknown mode as an error condition. Unfortunately the InfoFD
	function wasn't raising an error message here, so error reporting was
	busted.
	This patch adds 2 functions: virStorageBackendVolOpen, and
	virStorageBackendVolOpenModeSkip. The latter retains the original opt out
	semantics, the former now throws an explicit error.
	This patch maintains the previous volume mode checks: allowing specific
	modes for specific pool types requires a bit of surgery, since VolOpen
	is called through several different helper functions.
	v2: Use ATTRIBUTE_NONNULL. Drop stat check, just open with
	    O_NONBLOCK|O_NOCTTY.
	v3: Move mode check logic back to VolOpen. Use 2 VolOpen functions with
	    different error semantics.
	v4: Make second VolOpen function more extensible. Didn't opt to change
	    FS backend defaults, this can just be to fix the original bug.
	v5: Prefix default flags with VIR_, use ATTRIBUTE_RETURN_CHECK

2010-05-29  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: cannot support target device name
	Since the macvtap device needs active tear-down and the teardown logic
	is based on the interface name, it can happen that if for example 1 out
	of 3 interfaces was successfully created, that during the failure path
	the macvtap's target device name is used to tear down an interface that
	is doesn't own (owned by another VM).
	So, in this patch, the target interface name is reset so that there is
	no target interface name and the interface name is always cleared after
	a tear down.

2010-05-29  David Allan  <dallan@redhat.com>

	Improve nodedev parent/child relationships
	* If a nodedev has a parent that we don't want to display, we should
	  continue walking up the udev device tree to see if any of its
	  earlier ancestors are devices that we display.  It makes the tree
	  much nicer looking than having a whole lot of devices hanging off
	  the root node.

2010-05-29  Jiri Denemark  <jdenemar@redhat.com>

	Fix libvirt-guests init script
	Firstly, the init script has to touch its file under /var/lock/subsys
	when started, otherwise the system would think it's not running and
	won't stop it during shutdown.
	Secondly, for some reason there is a policy to automatically enable
	init scripts when they are installed, so let the specfile do this. We
	also need to start the init script to ensure it will be stopped during
	the first shutdown after installing the package.
	Also $LISTFILE should be enclosed by quotes everywhere as suggested by
	Eric.

2010-05-28  Jim Meyering  <meyering@redhat.com>

	maint: new syntax-check rule to ensure that AUTHORS stays in sync
	* cfg.mk (sc_check_AUTHOR_list): New rule.
	* .mailmap: New file, to tell git log how to map email addresses.

2010-05-28  Paolo Smiraglia  <paolo.smiraglia@gmail.com>

	hooks: fix typo
	* src/util/hooks.c (virHookLxcOp): Use correct bound.

2010-05-28  Eric Blake  <eblake@redhat.com>

	build: silence cppi warning, clarify vbox headers
	These files are borrowed from upstream release versions, and should
	not need further edits in the context of libvirt (instead, a new
	upstream vbox release would entail adding a new header file).  We do
	not re-generate these files as part of libvirt, nor do we want to lose
	our minor edits (such as cppi cleanups).
	* src/vbox/vbox_CAPI_v2_2.h: Clarify file origins.
	* src/vbox/vbox_CAPI_v3_0.h: Likewise.
	* src/vbox/vbox_CAPI_v3_1.h: Likewise.
	* src/vbox/vbox_CAPI_v3_2.h: Likewise.  Reindent with cppi.

2010-05-28  Cole Robinson  <crobinso@redhat.com>

	network: bridge: Don't start network if it collides with host routing
	Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=235961
	If using the default virtual network, an easy way to lose guest network
	connectivity is to install libvirt inside the VM. The autostarted
	default network inside the guest collides with host virtual network
	routing. This is a long standing issue that has caused users quite a
	bit of pain and confusion.
	On network startup, parse /proc/net/route and compare the requested
	IP+netmask against host routing destinations: if any matches are found,
	refuse to start the network.
	v2: Drop sscanf, fix a comment typo, comment that function could use
	    libnl instead of /proc
	v3: Consider route netmask. Compare binary data rather than convert to
	    string.
	v4: Return to using sscanf, drop inet functions in favor of virSocket,
	    parsing safety checks. Don't make parse failures fatal, in case
	    expected format changes.
	v5: Try and continue if we receive unexpected. Delimit parsed lines to
	    prevent scanning past newline

2010-05-28  Eric Blake  <eblake@redhat.com>

	maint: update AUTHORS with recent contributors
	git shortlog $(git log -1 --format=%H AUTHORS).. | grep -v "^ "
	then add missing entries to AUTHORS.
	* AUTHORS: Update.

2010-05-28  Cole Robinson  <crobinso@redhat.com>

	xen: Fix chardev listen sexpr formatting
	'listen' isn't a valid qemu-dm option, as reported a long time ago here:
	https://bugzilla.redhat.com/show_bug.cgi?id=492958
	Matches the near identical logic in qemu_conf.c
	v2: When parsing sexpr, only match on ",server", rather than
	    full ',server,nowait'.

	xen: Remove unused function

2010-05-28  David Allan  <dallan@redhat.com>

	v2 of Cole's wlan support
	* Incorporated Jim's feedback (v1 & v2)
	* Moved case of DEVTYPE == "wlan" up as it's definitive that we have a network interface.
	* Made comment more detailed about the wired case to explain better
	  how it differentiates between wired network interfaces and USB
	  devices.

2010-05-27  Марк Коренберг  <socketpair gmail com>

	Add docs on drive <serial> element
	* docs/formatdomain.html.in: Document <serial> element within
	  <disk> and fix typo on <driver/> element

2010-05-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Simplify goto usage
	Eliminate almost all backward jumps by replacing this common pattern:
	int
	some_random_function(void)
	{
	    int result = 0;
	    ...
	  cleanup:
	    <unconditional cleanup code>
	    return result;
	  failure:
	    <cleanup code in case of an error>
	    result = -1;
	    goto cleanup
	}
	with this simpler pattern:
	int
	some_random_function(void)
	{
	    int result = -1;
	    ...
	    result = 0;
	  cleanup:
	    if (result < 0) {
	        <cleanup code in case of an error>
	    }
	    <unconditional cleanup code>
	    return result;
	}
	Add a bool success variable in functions that don't have a int result
	that can be used for the new pattern.
	Also remove some unnecessary memsets in error paths.

2010-05-27  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Support for VirtualBox version 3.2

2010-05-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	Use printf instead of echo -e in libvirt.spec.in
	make rpm created dummy tests containing '-e #!/bin/sh' for me.

	Install, distribute and package domainsnapshot.rng

2010-05-27  Eric Blake  <eblake@redhat.com>

	build: support 'make check' in pristine tree
	Otherwise, 'make check' in the python dir tries to reference a file in
	docs that is built by 'make' but not by 'make check'.
	* docs/Makefile.am (check-local): New rule.
	Reported by Matthias Bolte.

2010-05-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Expose host UUID in the capabilities XML
	Parse the BIOS UUID. This information may not be available, in that
	case no host UUID is exposed in the capabilities XML.

2010-05-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix integer overflow in hotplug methods
	The hotplug methods still had the qemuCmdFlags variable declared
	as an int, instead of unsigned long long. This caused flag checks
	to be incorrect for flags > 31
	* src/qemu/qemu_driver.c: Fix integer overflow in hotplug

2010-05-27  Alex Williamson  <alex.williamson@redhat.com>

	Pass pre-opened PCI device sysfs config file to QEMU
	This allows libvirt to open the PCI device sysfs config file prior
	to dropping privileges so qemu can access the full config space.
	Without this, a de-privileged qemu can only access the first 64
	bytes of config space.
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Detect support
	  for pci-assign.configfd option. Use this option when formatting
	  PCI device string if possible
	* src/qemu/qemu_driver.c: Pre-open PCI sysfs config file and pass
	  to QEMU

2010-05-26  Cole Robinson  <crobinso@redhat.com>

	daemon: sysconf: Update comment about VNC audio

2010-05-26  Chris Lalancette  <clalance@redhat.com>

	Fix failing virGetHostname.
	We've been running into a lot of situations where
	virGetHostname() is returning "localhost", where a plain
	gethostname() would have returned the correct thing.  This
	is because virGetHostname() is *always* trying to canonicalize
	the name returned from gethostname(), even when it doesn't
	have to.
	This patch changes virGetHostname so that if the value returned
	from gethostname() is already FQDN or localhost, it returns
	that string directly.  If the value returned from gethostname()
	is a shortened hostname, then we try to canonicalize it.  If
	that succeeds, we returned the canonicalized hostname.  If
	that fails, and/or returns "localhost", then we just return
	the original string we got from gethostname() and hope for
	the best.
	Note that after this patch it is up to clients to check whether
	"localhost" is an allowed return value.  The only place
	where it's currently not is in qemu migration.

2010-05-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	xen-proxy build broken
	The virVirtualPortProfileFormat just went below the
	virVirtualPortProfileParamsParseXML function and got inside the
	The attached patch moves virVirtualPortProfileFormat below the #ifndef
	PROXY block.

	esx: Add read-only storage pool access
	Allows listing existing pools and requesting information about them.
	Alter the esxVI_ProductVersion enum in a way that allows to check for
	product type by masking.

2010-05-26  Eric Blake  <eblake@redhat.com>

	build: fix HTML errors in nwfilter docs
	A build on Ubuntu reported:
	|| Generating formatnwfilter.html.tmp
	/dados/develop/libvirt/docs/formatnwfilter.html.in|390| HTML parser error : Unexpected end tag : p
	||     </p>
	||         ^
	/dados/develop/libvirt/docs/formatnwfilter.html.in|705| HTML parser error : Unexpected end tag : code
	||          <td>End of range of valid source ports</code></td>
	||                                                       ^
	/dados/develop/libvirt/docs/formatnwfilter.html.in|710| HTML parser error : Unexpected end tag : code
	||          <td>Start of range of valid destination ports</code></td>
	||                                                              ^
	* docs/formatnwfilter.html.in: Fix invalid HTML constructs.
	Reported by Eduardo Otubo.

	build: fix compilation without macvtap
	* src/util/macvtap.c: (associatePortProfileId)
	(disassociatePortProfileId): Move inside HAVE_MACVTAP
	conditional.
	Reported by Eduardo Otubo.

2010-05-26  Jim Meyering  <jim@meyering.net>

	tests: avoid new failure of the daemon-conf test
	* tests/daemon-conf: Accommodate the fact that out template,
	daemon/libvirtd.conf now contains an invalid host_uuid.
	Convert it to a valid one before the final libvirtd-running
	test that must terminate normally.

	libvirtd: diagnose invalid host UUID
	* daemon/libvirtd.c (remoteReadConfigFile): Diagnose an invalid
	host UUID rather than silently exiting with status 7.

2010-05-26  Stefan Berger  <stefanb@us.ibm.com>

	vepa: parsing for 802.1Qb{g|h} XML
	This patch parses the following two XML descriptions, one for
	802.1Qbg and one for 802.1Qbh, and stores the data internally.
	The actual triggering of the switch setup protocol has not been
	implemented here but the relevant code to do that should go into
	the functions associatePortProfileId() and disassociatePortProfileId().
	   <interface type='direct'>
	      <source dev='eth0.100' mode='vepa'/>
	      <model type='virtio'/>
	      <virtualport type='802.1Qbg'>
	        <parameters managerid='12' typeid='0x123456' typeidversion='1'
	         instanceid='fa9b7fff-b0a0-4893-8e0e-beef4ff18f8f'/>
	      </virtualport>
	      <filterref filter='clean-traffic'/>
	    </interface>
	    <interface type='direct'>
	      <source dev='eth0.100' mode='vepa'/>
	      <model type='virtio'/>
	      <virtualport type='802.1Qbh'>
	        <parameters profileid='my_profile'/>
	      </virtualport>
	    </interface>
	I'd suggest to use this patch as a base for triggering the setup
	protocol with the 802.1Qb{g|h} switch.
	Several rounds of changes were made to this patch. The
	following is a list of these changes.
	- Renamed structure virVirtualPortProfileDef to virVirtualPortProfileParams
	  as per Daniel Berrange's request
	- Addressing Daniel Berrange's comments:
	 - removing macvtap.h's dependency on domain_conf.h by
	   moving the virVirtualPortProfileDef structure into macvtap.h
	   and not passing virtDomainNetDefPtr to any functions in
	   macvtap.c
	- Addressed most of Chris Wright's comments:
	  - indicating error in case virtualport XML node cannot be parsed
	    properly
	  - parsing hex and decimal numbers using virStrToLong_ui() with
	    parameter '0' for base
	  - tgifname (target interface name) variable wasn't necessary
	    to pass to openMacvtapTap function anymore
	- assigning the virtual port data structure to the virDomainNetDef
	  only if it was previously parsed
	- make sure that the error code returned by openMacvtapTap() is a negative n
	  in case the associatePortProfileId() function failed.
	- renaming vsi in the XML to virtualport
	- replace all occurrences of vsi in the source as well
	- removing mode and MAC address parameters from the functions that
	  will communicate with the hareware diretctly or indirectly
	- moving the associate and disassociate functions to the end of the
	  file for subsequent patches to easier make them generally available
	  for export
	- passing the macvtap interface name rather than the link device since
	  this otherwise gives funny side effects when using netlink messages
	  where IFLA_IFNAME and IFLA_ADDRESS are specified and the link dev
	  all of a sudden gets the MAC address of the macvtap interface.
	- Removing rc = -1 error indications in the case of 802.1Qbg|h setup in case
	  we wanted to use hook scripts for the setup and so the setup doesn't fail
	  here.
	- if instance ID UUID is not supplied it will automatically be generated
	  - adapted schema to make instance ID UUID optional
	  - added test case
	- parser and XML generator have been separated into their own
	  functions so they can be re-used elsewhere (passthrough case
	  for example)
	- Adapted XML parser and generator support the above shown type
	  (802.1Qbg, 802.1Qbh).
	- Adapted schema to above XML
	- Adapted test XML to above XML
	- Passing through the VM's UUID which seems to be necessary for
	  802.1Qbh -- sorry no host UUID
	- adding virtual function ID to association function, in case it's
	  necessary to use (for SR-IOV)

	vepa+vsi: Introduce dependency on libnl
	This patch introduces a dependency on libnl, which subsequent patches
	will then use.
	Changes from V1 to V2:
	- added diffstats
	- following changes in tree

2010-05-26  Cole Robinson  <crobinso@redhat.com>

	storage: Sanitize pool target paths
	Spurious / in a pool target path makes life difficult for apps using the
	GetVolByPath, and doing other path based comparisons with pools. This
	has caused a few issues for virt-manager users:
	https://bugzilla.redhat.com/show_bug.cgi?id=494005
	https://bugzilla.redhat.com/show_bug.cgi?id=593565
	Add a new util API which removes spurious /, virFileSanitizePath. Sanitize
	target paths when parsing pool XML, and for paths passed to GetVolByPath.
	v2: Leading // must be preserved, properly sanitize path=/, sanitize
	    away /./ -> /
	v3: Properly handle starting ./ and ending /.
	v4: Drop all '.' handling, just sanitize / for now.

2010-05-26  Daniel P. Berrange  <berrange@redhat.com>

	Expose a host UUID in the capabilities XML
	Allow for a host UUID in the capabilities XML. Local drivers
	will initialize this from the SMBIOS data. If a sanity check
	shows SMBIOS uuid is invalid, allow an override from the
	libvirtd.conf configuration file
	* daemon/libvirtd.c, daemon/libvirtd.conf: Support a host_uuid
	  configuration option
	* docs/schemas/capability.rng: Add optional host uuid field
	* src/conf/capabilities.c, src/conf/capabilities.h: Include
	  host UUID in XML
	* src/libvirt_private.syms: Export new uuid.h functions
	* src/lxc/lxc_conf.c, src/qemu/qemu_driver.c,
	  src/uml/uml_conf.c: Set host UUID in capabilities
	* src/util/uuid.c, src/util/uuid.h: Support for host UUIDs
	* src/node_device/node_device_udev.c: Use the host UUID functions
	* tests/confdata/libvirtd.conf, tests/confdata/libvirtd.out: Add
	  new host_uuid config option to test

2010-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of disk backing stores with cgroups
	The cgroups ACL code was only allowing the primary disk image.
	It is possible to chain images together, so we need to search
	for backing stores and add them to the ACL too. Since the ACL
	only handles block devices, we ignore the EINVAL we get from
	plain files. In addition it was missing code to teardown the
	cgroup when hot-unplugging a disk
	* src/qemu/qemu_driver.c: Allow backing stores in cgroup ACLs
	  and add missing teardown code in unplug path

2010-05-25  Chris Lalancette  <clalance@redhat.com>

	Fix up basic migration.
	Basic live migration was broken by the commit that added
	non-shared block support in two ways:
	1)  It added a virCheckFlags() to doNativeMigrate().  Besides
	the fact that typical usage of virCheckFlags() is in driver
	entry points, and doNativeMigrate() is not an entry point,
	it was missing important flags like VIR_MIGRATE_LIVE.  Move
	the virCheckFlags to the top-level qemuDomainMigratePrepare2
	and friends.
	2)  It also added a memory leak in qemuMonitorTextMigrate()
	by not freeing the memory used by virBufferContentAndReset().
	This is fixed by storing the pointer in a temporary variable
	and freeing it at the end.
	With this patch in place, normal live migration works again.
	v3: Instead of the churn for virCheckFlagsUI and UL, instead
	always promote flags to an unsigned long and always use %lx
	for the fprintf.
	v2: Add back flags check, which required adding virCheckFlagsUI
	and virCheckFlagsUL

2010-05-25  Cole Robinson  <crobinso@redhat.com>

	qemu: Allow using regular audio backends with VNC
	Currently all host audio backends are disabled if a VM is using VNC, in
	favor of the QEMU VNC audio extension. Unfortunately no released VNC
	client supports this extension, so users have no way of getting audio
	to work if using VNC.
	Add a new config option in qemu.conf which allows changing libvirt's
	behavior, but keep the default intact.
	v2: Fix doc typos, change name to vnc_allow_host_audio

	storage: mpath: Fix incorrect VIR_ERROR use

2010-05-25  Chris Lalancette  <clalance@redhat.com>

	Allow nwfilter functions to be compiled with C++
	Unfortunately the NWFilter functions were outside of the
	"extern C { ... }" declaration in include/libvirt/libvirt.h.in,
	which means that they couldn't be properly used with C++.  Move
	them inside of the braces, which should fix the problem.

2010-05-25  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: documentation
	This patch adds documentation of the nwfilter subsystem of libvirt to
	the existing (web) docs.

2010-05-25  Eric Blake  <eblake@redhat.com>

	maint: update AUTHORS with recent contributors
	git shortlog $(git log -1 --format=%H AUTHORS).. | grep -v "^ "
	then add missing entries to AUTHORS.
	* AUTHORS: Update.

2010-05-25  Alex Williamson  <alex.williamson@redhat.com>

	qemu: Release bus address on PCI host device remove

	qemu: avoid corrupting guest info struct on host device PCI hot add
	The device path doesn't make use of guestAddr, so the memcpy corrupts
	the guest info struct.

2010-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Query block allocation extent from QEMU monitor
	The virDomainGetBlockInfo API allows query physical block
	extent and allocated block extent. These are normally the
	same value unless storing a special format like qcow2
	inside a block device. In this scenario we can query QEMU
	to get the actual allocated extent.
	Since last time:
	 - Return fatal error in text monitor
	 - Only invoke monitor command for block devices
	 - Fix error handling JSON code
	* src/qemu/qemu_driver.c: Fill in block aloction extent when VM
	  is running
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  API to query the highest block extent via info blockstats

2010-05-25  Jim Meyering  <jim@meyering.net>

	lxcSetSchedulerParameters: reverse order of tests; diagnose a failure
	* src/lxc/lxc_driver.c (lxcSetSchedulerParameters): Ensure that
	"->field" is "cpu_shares" before possibly giving a diagnostic about
	a type for a "cpu_shares" value.
	Also, virCgroupSetCpuShares could fail without evoking a diagnostic.
	Add one.

2010-05-25  Chris Lalancette  <clalance@redhat.com>

	Don't overwrite virDomainAssignDef errors.

2010-05-24  Cole Robinson  <crobinso@redhat.com>

	storage: Combine some duplicate code
	Volume detection in the scsi backend was duplicating code already
	present in storage_backend.c. Let's drop the duplicate code.
	Also, change the shared function name to be less generic, and remove
	some error squashing in the other call site.

	storage: mpath: Clean up some error handling
	We were squashing error messages in a few cases. Recode to follow common
	ret = -1 convention.
	v2: Handle more error squashing issues further up in MakeNewVol and
	    CreateVols. Use ret = -1 convention in MakeVols.

2010-05-24  Jiri Denemark  <jdenemar@redhat.com>

	Remove dead code after refactoring qemudDomainStart
	The event is already generated and sent by qemudDomainObjStart, no need
	to do anything about here.

2010-05-23  Jim Meyering  <meyering@redhat.com>

	libvirtd: start each diagnostic with "argv0: "
	Some diagnostics had a hard-coded "libvirtd: " prefix, some used
	"error: " and some used "argv[0]: ".  Always use "argv[0]: ".
	* daemon/libvirtd.c (argv0): New global.
	(main): Set it.
	(version, usage): Remove argv0 parameter.  Use global; update callers.
	(daemonForkIntoBackground): Use argv0:, not error:.
	(qemudWritePidFile): Start each diagnostic with argv0:.
	Suggested by Eric Blake.

	libvirtd: mark strings for translation, including --help output
	* daemon/libvirtd.c (daemonForkIntoBackground, main): Mark strings
	for translation.
	(usage): Rework --help so that it is translatable, replacing
	each embedded, configuration-dependent, macro with an `%s'.
	libvirtd: don't ignore virInitialize failure
	* daemon/libvirtd.c (main): Diagnose virInitialize failure
	and exit nonzero.

2010-05-22  Eric Blake  <eblake@redhat.com>

	build: fix cppi warnings
	* src/util/bitmap.h (includes): Placate cppi.

	build: force init scripts to rebuild on changed --prefix
	Otherwise, './configure --prefix=/foo && make &&
	 ./configure --prefix=/bar && make' leaves the wrong files
	in libvirtd.init (/foo instead of /bar).
	* daemon/Makefile.am (libvirtd.init): Add dependency on
	config.status.  Reported by Cole Robinson.

2010-05-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	build: Distribute the whole tests/qemuhelpdata directory
	Instead of distributing the individual files.
	Now it's less error prone and consistent with the rest of
	the data directories in the tests directory.

2010-05-22  Cole Robinson  <crobinso@redhat.com>

	.gitignore: Add libvirt-guests.init

2010-05-22  Jim Fehlig  <jfehlig@novell.com>

	Fix race in finding available vnc port
	The qemu driver contains a subtle race in the logic to find next
	available vnc port.  Currently it iterates through all available ports
	and returns the first for which bind(2) succeeds.  However it is possible
	that a previously issued port has not yet been bound by qemu, resulting
	in the same port used for a subsequent domain.
	This patch addresses the race by using a simple bitmap to "reserve" the
	ports allocated by libvirt.
	V2:
	  - Put port bitmap in struct qemud_driver
	  - Initialize bitmap in qemudStartup
	V3:
	  - Check for failure of virBitmapGetBit
	  - Additional check for port != -1 before calling virbitmapClearBit
	V4:
	  - Check for failure of virBitmap{Set,Clear}Bit

	Add defines for QEMU_VNC_PORT_{MIN,MAX} and use them

	Add simple bitmap operations to utils
	V2:
	  - Move bitmap impl to src/util/bitmap.[ch]
	  - Use CHAR_BIT instead of explicit '8'
	  - Use size_t instead of unsigned int
	  - Fix calculation of bitmap size in virBitmapAlloc
	  - Ensure bit is within range of map in the set, clear, and get
	    operations
	  - Use bool in virBitmapGetBit
	  - Add virBitmapFree to free-like funcs in cfg.mk
	V3:
	  - Check for overflow in virBitmapAlloc
	  - Fix copy and paste bug in virBitmapAlloc
	  - Use size_t in prototypes
	  - Add ATTRIBUTE_NONNULL in prototypes where appropriate
	    and remove NULL check from impl
	V4:
	  - Add ATTRIBUTE_RETURN_CHECK in prototypes where appropriate.

2010-05-22  Cole Robinson  <crobinso@redhat.com>

	daemon: Export SDL audio environment variables
	/etc/sysconfig/libvirtd has a few environment variables for configuring
	libvirt SDL audio. The libvirtd process doesn't see these, however, because
	they are never exported. Let's export the variables after sourcing the
	sysconfig script.
	There is another problem here that the commented out values in the
	sysconfig script are not neccessarily the actual defaults, we are qemus
	mercy here. Not sure how to solve that.

2010-05-21  Chris Lalancette  <clalance@redhat.com>

	Remove isValidIfname.
	We shouldn't be checking validity in domain_conf, since
	it can be used by multiple different hosts and hypervisors.
	Remove the check completely.

2010-05-21  Jiri Denemark  <jdenemar@redhat.com>

	Init script for handling guests on shutdown/boot
	Example output during shutdown:
	Running guests on default URI: console, rhel6-1, rhel5-64
	Running guests on lxc:/// URI: lxc-shell
	Running guests on xen:/// URI: error: no hypervisor driver available for xen:///
	error: failed to connect to the hypervisor
	Running guests on vbox+tcp://orkuz/system URI: no running guests.
	Suspending guests on default URI...
	Suspending console: done
	Suspending rhel6-1: done
	Suspending rhel5-64: done
	Suspending guests on lxc:/// URI...
	Suspending lxc-shell: error: Failed to save domain 9cba8bfb-56f4-6589-2d12-8a58c886dd3b state
	error: this function is not supported by the hypervisor: virDomainManagedSave
	Note, the "Suspending $guest: " shows progress during the suspend phase
	if domjobinfo gives meaningful output.
	Example output during boot:
	Resuming guests on default URI...
	Resuming guest rhel6-1: done
	Resuming guest rhel5-64: done
	Resuming guest console: done
	Resuming guests on lxc:/// URI...
	Resuming guest lxc-shell: already active
	Configuration used for generating the examples above:
	URIS='default lxc:/// xen:/// vbox+tcp://orkuz/system'
	The script uses /var/lib/libvirt/libvirt-guests files to note all active
	guest it should try to resume on next boot. It's content looks like:
	default 7f8b9d93-30e1-f0b9-47a7-cb408482654b 085b4c95-5da2-e8e1-712f-6ea6a4156af2 fb4d8360-5305-df3a-2da1-07d682891b8c
	lxc:/// 9cba8bfb-56f4-6589-2d12-8a58c886dd3b

	Autostart domains using virDomainObjStart

	Refactor qemudDomainStart
	We need a common internal function for starting managed domains to be
	used during autostart. This patch factors out relevant code from
	qemudDomainStart into qemudDomainObjStart and makes it use the
	refactored code for domain restore instead of calling qemudDomainRestore
	API directly.

	Factor out def assignment to existing domain from virDomainAssignDef
	We need to be able to assign new def to an existing virDomainObj which
	is already locked. This patch factors out the relevant code from
	virDomainAssignDef into virDomainObjAssignDef.

	Refactor qemudDomainRestore
	We need to be able to restore a domain which we already locked and
	started a job for it without undoing these steps. This patch factors
	out internals of qemudDomainRestore into separate functions which work
	for locked objects.

2010-05-21  Jim Meyering  <meyering@redhat.com>

	maint: update po/POTFILES.in
	* po/POTFILES.in: Add 3 files.

	maint: enforce policy wrt VIR_DEBUG and VIR_DEBUG0
	* cfg.mk (sc_prohibit_gettext_markup): Just like VIR_WARN*.

	maint: don't mark VIR_DEBUG or VIR_DEBUG0 diagnostics for translation
	Run this command:
	  git grep -l VIR_DEBUG|xargs perl -pi -e \
	    's/(VIR_DEBUG0?)\s*\(_\((".*?")\)/$1($2/'

	maint: enforce policy wrt VIR_ERROR and VIR_ERROR0
	* cfg.mk (msg_gen_function): Add VIR_ERROR and VIR_ERROR0,
	so that sc_libvirt_unmarked_diagnostics will check them, too.

	maint: change "" in err ? err->message : "" to _("unknown error"), ...
	These changes avoid false-positive syntax-check failure,
	and also make the resulting diagnostics more comprehensible.

	maint: more of same, but manual: convert VIR_ERROR("%s" to VIR_ERROR0(

	maint: VIR_ERROR/VIR_ERROR0: mark up the remaining ones manually
	Handle concatenated strings manually.

	maint: mark translatable string args of VIR_ERROR
	Run this:
	  git grep -l 'VIR_ERROR\s*("'|xargs perl -pi -e \
	    's/(VIR_ERROR)\s*\((".*?"),/$1(_($2),/'

	maint: mark translatable string args of VIR_ERROR0
	Run this:
	  git grep -l 'VIR_ERROR0\s*("'|xargs perl -pi -e \
	    's/(VIR_ERROR0)\s*\((".*?")\)/$1(_($2))/'

	maint: use VIR_ERROR0 rather than VIR_ERROR with a bare "%s"
	Change VIR_ERROR("%s", "..."
	to     VIR_ERROR0("..."
	and
	Change VIR_ERROR("%s", _("...")
	to     VIR_ERROR0(_("...")
	Use this command:
	  git grep -E -l 'VIR_ERROR\("%s", (_\()?"'|xargs perl -pi -e \
	  's/VIR_ERROR\("%s", (_\()?"/VIR_ERROR0($1"/'

2010-05-21  Chris Wright  <chrisw@redhat.com>

	qemu driver: fix version check typos
	* src/qemu/qemu_conf.c (qemudParseHelpStr): Fix errors that made
	it impossible to diagnose invalid minor and micro version number
	components.

2010-05-21  Cole Robinson  <crobinso@redhat.com>

	daemon: A few initscript corrections
	Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=565238
	- Avahi service is called 'avahi-daemon'
	- chkconfig descriptions must use \ for line continuations

	qemu: Use ShutdownVMDaemon for all startup cleanup paths
	The current cleanup: in StartVMDaemon path is a poor duplication.
	qemuShutdownVMDaemon can handle teardown for inactive VMs, so let's use it.
	v2: Remove old abort: label, only use cleanup:

2010-05-21  Chris Lalancette  <clalance@redhat.com>

	Domain snapshot RNG and tests.

	Fix up the python bindings for snapshotting.
	This involved a few fixes.  To start with,
	an virDomainSnapshot object is really tied to a
	domain, not a connection, so we have to generate
	a slightly different object so that we can get
	at self._dom for the object.
	Next, we had to "dummy" up an override piece of
	XML with a bogus argument that the function doesn't
	actually take.  That's so that the generator places
	virDomainRevertToSnapshot underneath the correct
	class (namely, the virDomain class).
	Finally, we had to hand-implement the
	virDomainRevertToSnapshot implementation, ignoring the
	bogus pointer we are being passed.
	With all of this in place, I was able to successfully
	take a snapshot and revert to it using only the
	Python bindings.

2010-05-21  Jim Meyering  <meyering@redhat.com>

	qemu_conf.c: also recognize new first line of qemu -help output
	* src/qemu/qemu_conf.c (QEMU_VERSION_STR_1, QEMU_VERSION_STR_2):
	Define these instead of...
	(QEMU_VERSION_STR): ... this.  Remove definition.
	(qemudParseHelpStr): Check first for the new, shorter prefix,
	"QEMU emulator version", and then for the old one,
	"QEMU PC emulator version" when trying to parse the version number.
	Based on a patch by Chris Wright.

	lxc_controller.c: don't ignore failed "accept"
	* src/lxc/lxc_controller.c (ignorable_epoll_accept_errno): New function.
	(lxcControllerMain): Handle a failed accept carefully:
	most errno values indicate legitimate failure and must be fatal.
	However, ignore a special case: that in which an incoming client quits
	between the poll() indicating its presence, and our accept() which
	is trying to process it.

2010-05-20  Cole Robinson  <crobinso@redhat.com>

	qemu: Don't deny ShutdownVMDaemon for non-running VMs
	Clients that require this already seem to do so. Calling this function
	with pid < 1 also should not cause problems.

	qemu: Remove explicit VNC XML cleanup
	This only exists for a certain cleanup path in StartVMDaemon, but is
	unneeded since domain_conf.c handles this for us automatically.

	qemu: Properly cleanup in security startup error path
	Everything after hostdev setup needs to jump to cleanup on error.

2010-05-20  Jim Meyering  <meyering@redhat.com>

	libvirtd: don't ignore virInitialize failure
	* daemon/libvirtd.c (main): Diagnose virInitialize failure
	and exit nonzero.

2010-05-20  Alex Williamson  <alex.williamson@redhat.com>

	Rename qemuBuildCommandLine tapfds -> vmfds.
	There doesn't seem to be anything specific to tap devices for this
	array of file descriptors which need to stay open of the guest to use.
	Rename then for others to make use of.

2010-05-20  Jim Meyering  <meyering@redhat.com>

	maint: prohibit newline at end of diagnostic
	* cfg.mk (sc_prohibit_newline_at_end_of_diagnostic): New rule.
	Idea proposed by Jiri Denemark.

	maint: remove unwanted newline at end of diagnostic
	* src/xen/xend_internal.c (xenDaemonDomainDefineXML): Remove \n.
	* src/network/bridge_driver.c (networkAddMasqueradingIptablesRules):
	Likewise.

	qemudDomainMigrateFinish2: handle a case of virDomainSaveStatus failure
	* src/qemu/qemu_driver.c (qemudDomainMigrateFinish2): Don't ignore
	virDomainSaveStatus failure.
	* src/conf/domain_conf.h (virDomainSaveStatus): Use
	ATTRIBUTE_RETURN_CHECK, so this doesn't happen again.

2010-05-20  Eric Blake  <eblake@redhat.com>

	docs: distribute more coding convention documentation
	These files may be useful for anyone making modifications to
	source files in a tarball distribution.
	* src/Makefile.am (EXTRA_DIST): Add THREADS.txt.
	* daemon/Makefile.am (EXTRA_DIST): Add THREADING.txt.

	build: distribute missing file
	Commit f30ccb2458829 was incomplete.
	* .gitignore: Ignore intermediate directory during failed 'make
	distcheck'.
	* tests/Makefile.am (qemuhelpdata): Distribute new file.

2010-05-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Make esxVI_*_CastFromAnyType dynamically dispatched
	This will be used in the ESX storage driver in order to handle
	the DatastoreInfo type and inheriting types properly.

	esx: Allow esxVI_X_DynamicCast to be called successfully on X objects
	This semantic will be used in the ESX storage driver.

2010-05-20  Jim Meyering  <meyering@redhat.com>

	tests: the remote_protocol check also accommodates older pdwtags
	This test was failing on systems using pdwtags from dwarves-1.3.
	Reported by Matthias Bolte.
	Two-pronged fix:
	  - use --verbose to work also with dwarves-1.3; adapt regular
	    expressions to handle now-varying separators
	  - require a minimum number of post-split clauses, in order to
	    skip upon any future format change.
	    Currently there are 318; if there are 300 or fewer,
	    give a warning similar to when pdwtags is missing.
	* src/Makefile.am (remote_protocol-structs): Use pdwtags' --verbose
	option to make 1.3 emit member sizes and offsets.
	Consistently output WARNING messages to stderr.

2010-05-19  Jim Meyering  <meyering@redhat.com>

	initialize "meta" in virStorageFileGetMetadata, not in each caller
	Do not require each caller of virStorageFileGetMetadata and
	virStorageFileGetMetadataFromFD to first clear the storage of the
	"meta" buffer.  Instead, initialize that storage in
	virStorageFileGetMetadataFromFD.
	* src/util/storage_file.c (virStorageFileGetMetadataFromFD): Clear
	"meta" here, not before each of the following callers.
	* src/qemu/qemu_driver.c (qemuSetupDiskCgroup): Don't clear "meta" here.
	(qemuTeardownDiskCgroup): Likewise.
	* src/qemu/qemu_security_dac.c (qemuSecurityDACSetSecurityImageLabel):
	Likewise.
	* src/security/security_selinux.c (SELinuxSetSecurityImageLabel):
	Likewise.
	* src/security/virt-aa-helper.c (get_files): Likewise.

	(qemu*DiskCgroup): avoid dead code
	* src/qemu/qemu_driver.c (qemuTeardownDiskCgroup): Remove
	bogus empty-body while-loop.
	(qemuSetupDiskCgroup): Likewise.

	maint: more VIR_WARN corrections: now manually
	* po/POTFILES.in: Remove src/util/logging.c and src/util/uuid.c.
	* src/phyp/phyp_driver.c (phypUUIDTable_ReadFile): Correct more
	VIR_WARN uses, now manually.
	(phypUUIDTable_Init, phypUUIDTable_Pull): Likewise.

	maint: use VIR_WARN0("...") rather than VIR_WARN("%s", "...")
	Run this command:
	  git grep -l 'VIR_WARN("%s", "'|xargs perl -pi -e \
	    's/VIR_WARN\("%s", "/VIR_WARN0("/'
	* src/phyp/phyp_driver.c (phypDomainGetInfo): Perform the above.
	(phypDomainCreateAndStart, phypUUIDTable_ReadFile): Likewise.

	maint: enforce no-markup policy wrt VIR_WARN-like macros
	* cfg.mk (sc_prohibit_gettext_markup): New rule, to enforce
	this policy.  Contrary to most diagnostic-emitting functions,
	where we require _(...) markup, here, we require that _() *not*
	be used for certain functions (or function-like macros).

	maint: remove _(...) from VIR_WARN arg manually
	* src/util/uuid.c (virUUIDGenerate): Remove _(...) manually.

	maint: don't mark VIR_WARN or VIR_WARN0 diagnostics for translation
	Approximately 60 messages were marked.  Since these diagnostics are
	intended solely for developers and maintainers, encouraging translation
	is deemed to be counterproductive:
	http://thread.gmane.org/gmane.comp.emulators.libvirt/25050/focus=25052
	Run this command:
	  git grep -l VIR_WARN|xargs perl -pi -e \
	    's/(VIR_WARN0?)\s*\(_\((".*?")\)/$1($2/'

	note a typo: VIR_MIGRATE_TUNNELLED should be VIR_MIGRATE_TUNNELED,
	so that searches for properly spelled "TUNNELED" turn up
	the surprising spelling of this public symbol.
	* include/libvirt/libvirt.h.in: Add a comment.

2010-05-19  Jiri Denemark  <jdenemar@redhat.com>

	Add support for SSE4.1 and SSE4.2 CPU features

	Fix potential NULL dereference in remoteDomainMigratePrepare2

2010-05-19  Jim Meyering  <meyering@redhat.com>

	do not ignore qemuMonitorAddDrive failure; make uses identical
	There were three very similar uses of qemuMonitorAddDrive.
	This change makes the three 17-line sequences identical.
	* src/qemu/qemu_driver.c (qemudDomainAttachPciDiskDevice): Detect
	failure.  Add VIR_WARN and braces.
	(qemudDomainAttachSCSIDisk): Add VIR_WARN and braces.
	(qemudDomainAttachUsbMassstorageDevice): Likewise.

	ebtablesAddRemoveRule, iptablesAddRemoveRule: don't skip va_end
	* src/util/ebtables.c (ebtablesAddRemoveRule): Don't skip
	va_end(args) on an error path.
	* src/util/iptables.c (iptablesAddRemoveRule): Identical change.

	qemudDomainRestore: handle a case of virDomainSaveStatus failure
	* src/qemu/qemu_driver.c (qemudDomainRestore): Don't ignore
	virDomainSaveStatus failure.

	python: don't ignore virInitialize failure in module initialization
	* python/libvirt-override.c (initlibvirtmod): Upon virInitialize
	failure, skip the Py_InitModule call.

	tests: do not ignore virInitialize failure
	* tests/nodeinfotest.c (mymain): Do not ignore virInitialize failure.
	Most other callers of virInitialize test for failure.

	qemuMonitorTextMigrate: avoid leak on OOM-error path
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrate): Also
	free "safedest" buffer when failing.

	virNWFilterDefParseXML: avoid leak on error paths
	* src/conf/nwfilter_conf.c (virNWFilterDefParseXML): Also free "ret"
	via cleanup.

	linuxNodeInfoCPUPopulate: avoid used-uninitialized via a test
	* tests/nodeinfotest.c (linuxTestCompareFiles): Don't use
	nodeinfo->member uninitialized.  linuxNodeInfoCPUPopulate requires
	that some of its nodeinfo members (including threads) be initialized
	upon input.  The nodeinfotest.c program lacked the initialization,
	while the only other use (nodeGetInfo) did perform it.
	It's not trivial to move the initialization into the function,
	since nodeGetInfo sets at least one member after clearing the
	buffer but before calling linuxNodeInfoCPUPopulate.

	virDomainNetDefParseXML: avoid leak upon multiple "filterref"
	* src/conf/domain_conf.c (virDomainNetDefParseXML): Don't leak
	memory when parsing two or more "filterref" elements.

2010-05-18  Jim Meyering  <meyering@redhat.com>

	ebiptablesWriteToTempFile: don't close a negative file descriptor
	* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesWriteToTempFile):
	Skip the close if "fd" is negative.

2010-05-18  Daniel P. Berrange  <berrange@redhat.com>

	Protect against NULL pointer flaws in monitor usage
	History has shown that there are frequent bugs in the QEMU driver
	code leading to the monitor being invoked with a NULL pointer.
	Although the QEMU driver code should always report an error in
	this case before invoking the monitor, as a safety net put in a
	generic check in the monitor code entry points.
	* src/qemu/qemu_monitor.c: Safety net to check for NULL monitor
	  object

	Fix multiple potential NULL pointer references in monitor usage
	Any method which intends to invoke a monitor command must have
	a check for virDomainObjIsActive() before using the monitor to
	ensure that priv->mon != NULL.
	There is one subtle edge case in this though. If a method invokes
	multiple monitor commands, and calls qemuDomainObjExitMonitor()
	in between two of these commands then there is no guarentee that
	priv->mon != NULL anymore. This is because the QEMU process may
	exit or die at any time, and because qemuDomainObjEnterMonitor()
	releases the lock on virDomainObj, it is possible for the background
	thread to close the monitor handle and thus qemuDomainObjExitMonitor
	will release the last reference allowing priv->mon to become NULL.
	This affects several methods, most notably migration but also some
	hotplug methods. This patch takes a variety of approaches to solve
	the problem, depending on the particular usage scenario. Generally
	though it suffices to add an extra virDomainObjIsActive() check
	if qemuDomainObjExitMonitor() was called during the method.
	* src/qemu/qemu_driver.c: Fix multiple potential NULL pointer flaws
	  in usage of the monitor

2010-05-18  Jim Meyering  <meyering@redhat.com>

	maint: add more free-like functions to the list and deal with fallout
	* cfg.mk (useless_free_options): Add many vir*Free* function names,
	and then remove the useless if-before-free tests exposed by running
	make syntax-check.
	* src/conf/interface_conf.c (virInterfaceDefFree): Remove useless "if".
	(virInterfaceAssignDef): Likewise.
	* src/conf/network_conf.c (virNetworkAssignDef): Likewise.
	* src/conf/storage_conf.c (virStoragePoolObjAssignDef): Likewise.
	* src/node_device/node_device_hal.c (dev_create): Likewise.
	* src/security/virt-aa-helper.c (vahDeinit): Likewise.
	* src/test/test_driver.c (testNodeDeviceCreateXML): Likewise.
	* src/util/conf.c (virConfSetValue): Likewise.

	maint: add virCgroupFree to the list of free-like functions
	This makes the useless-if-before-free test in maint.mk spot
	uses of virCgroupFree just like it does for free and the other
	listed functions.
	* cfg.mk (useless_free_options): Add virCgroupFree.
	Prompted by suggestion from Eric Blake.

	qemudDomainSetVcpus: avoid NULL-deref on failed uuid look-up
	* src/qemu/qemu_driver.c (qemudDomainSetVcpus): Upon look-up failure,
	i.e., vm==NULL, goto cleanup, rather than to "endjob", superficially
	since the latter would dereference vm, but more fundamentally because
	we certainly don't want to call qemuDomainObjEndJob before we've
	even attempted qemuDomainObjBeginJob.

	lxcFreezeContainer: avoid test-after-deref of never-NULL pointer
	* src/lxc/lxc_driver.c (lxcFreezeContainer): Remove test-after-deref.
	Correct indentation in expression.

2010-05-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add CIFS to the list of network file systems
	ESX supports NFS and CIFS. The ESX storage driver will reflect this.

	Add VIR_STORAGE_POOL_INACCESSIBLE to denote inaccessible storage pools
	This status will be used by the ESX storage driver.
	For example a running NFS pool is inaccessible when the NFS server is
	currently unreachable.

2010-05-18  Eric Blake  <eblake@redhat.com>

	qemu_conf: fix flag value
	(gdb) p/x QEMUD_CMD_FLAG_VNET_HOST
	$7 = 0xffffffff80000000
	Oops - that meant we were incorrectly setting QEMU_CMD_FLAG_RTC_TD_HACK
	for qemu-kvm-0.12.3 (and probably botching a few other settings as well).
	Fixes Red Hat BZ#592070
	* src/qemu/qemu_conf.h (QEMUD_CMD_FLAG_VNET_HOST): Avoid sign
	extension.
	* tests/qemuhelpdata/qemu-kvm-0.12.3: New file.
	* tests/qemuhelptest.c (mymain): Add another case.

2010-05-18  Cole Robinson  <crobinso@redhat.com>

	qemu: Clarify a couple error messages
	A fedora translator filed:
	https://bugzilla.redhat.com/show_bug.cgi?id=580816
	Pointing out these two error messages as unclear: "write save" sounds
	like a typo without context, and lack of a colon made the second message
	difficult to parse.

2010-05-18  Eric Blake  <eblake@redhat.com>

	virFileResolveLink: fix return value
	virFileResolveLink was returning a positive value on error,
	thus confusing callers that assumed failure was < 0.  The
	confusion is further evidenced by callers that would have
	ended up calling virReportSystemError with a negative value
	instead of a valid errno.
	Fixes Red Hat BZ #591363.
	* src/util/util.c (virFileResolveLink): Live up to documentation.
	* src/qemu/qemu_security_dac.c
	(qemuSecurityDACRestoreSecurityFileLabel): Adjust callers.
	* src/security/security_selinux.c
	(SELinuxRestoreSecurityFileLabel): Likewise.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskDeleteVol): Likewise.

2010-05-18  Cole Robinson  <crobinso@redhat.com>

	tests: Skip daemon-conf test if dir exceeds UNIX_PATH_MAX
	The max path length for unix sockets is pretty small (108, see man 7 unix).
	If 'make check' is run from a directory that exceeds this, one of the tests
	will fail, and in such a way that requires manually editting the test to
	determine why.
	There are certainly other ways to handle this, but I've chosen just to skip
	the offending test if we will exceed the length limitation.
	v2: Drop bashism, use test infrastructure to warn and skip

	pci: Give an explicit error if device not found
	v2: Use intended F_OK. Drop devdir param, just check dev->path for device
	existence.
	v3: Use virReportSystemError, include dev->path in error message.

2010-05-18  Eric Blake  <eblake@redhat.com>

	build: fix cygwin build, correctly this time
	Fix the cygwin regression introduced in commit 48445ccff, but
	without repeating the fresh build regression of commit
	2d550542e.
	* src/Makefile.am (libvirt_test_la_LIBADD): Split out subset of
	locally-built libraries...
	(libvirt_test_la_BUILT_LIBADD): ...into new variable.
	(libvirt_test_la_DEPENDENCIES): Depend only on the subset that
	automake would have given us for free if we didn't have to add our
	own extra file.

2010-05-18  Jim Meyering  <meyering@redhat.com>

	umlAutostartDomain: avoid NULL-deref upon virGetLastError failure
	* src/uml/uml_driver.c (umlAutostartDomain): Handle a NULL return
	from virGetLastError.

2010-05-17  Eric Blake  <eblake@redhat.com>

	build: fix up some compiler flags
	Matthias noted that the line:
	virt_aa_helper_LDFLAGS = $(WARN_CFLAGS)
	looks inconsistent, so I did an audit.
	Currently, the set of compiler warning flags passed to gcc as $CC are
	equally permitted as the set of linker flags passed to gcc as $LD, so
	there was no problem with that usage.  But if we ever get in a
	situation where $CC and $LD treat particular flags differently, using
	the right variable form will make it easier.
	In the process, I spotted a couple of typos that were omitting useful
	flags, as well as specifying a -l under the wrong variable.
	* acinclude.m4 (LIBVIRT_COMPILE_WARNINGS): Define WARN_LDFLAGS as
	an alias for WARN_CFLAGS.
	* tools/Makefile.am (virsh_LDFLAGS): Use more canonical spelling.
	* proxy/Makefile.am (libvirt_proxy_LDFLAGS): Likewise. Move
	library...
	(libvirt_proxy_LDADD): ...here.
	* src/Makefile.am (virt_aa_helper_LDFLAGS): Use more canonical
	spelling of WARN_LDFLAGS.
	(libvirt_parthelper_LDFLAGS, libvirt_lxc_LDFLAGS): Likewise.  Use
	correct spelling of COVERAGE_LDFLAGS.
	Reported by Matthias Bolte.

2010-05-17  Jim Meyering  <meyering@redhat.com>

	build: avoid compile failure on linux kernels older than 2.6.19
	* configure.ac: Check for <linux/magic.h>.
	* src/util/storage_file.c: Include <linux/magic.h> only if present.
	Linux kernels prior to 2.6.19 lacked it.
	[__linux__] (NFS_SUPER_MAGIC): Define if not already defined.

	x86ModelHasFeature: avoid NULL-dereference for unmatched CPU "feature"
	* src/cpu/cpu_x86.c (x86ModelHasFeature): Do not dereference the pointer
	returned by x86cpuidFind without first ensuring it is non-NULL.

2010-05-17  Cole Robinson  <crobinso@redhat.com>

	qemu: Report cmdline output if VM dies early
	qemuReadLogOutput early VM death detection is racy and won't always work.
	Startup then errors when connecting to the VM monitor. This won't report
	the emulator cmdline output which is typically the most useful diagnostic.
	Check if the VM has died at the very end of the monitor connection step,
	and if so, report the cmdline output.
	See also: https://bugzilla.redhat.com/show_bug.cgi?id=581381

	qemu: Fix previous commit, use comparision in if()

2010-05-17  Jim Meyering  <meyering@redhat.com>

	qemu_driver: avoid NULL dereference
	* src/qemu/qemu_driver.c (qemudDomainStart): After setting vm to NULL,
	goto cleanup, rather than dereferencing the NULL pointer.

2010-05-17  Daniel P. Berrange  <berrange@redhat.com>

	Remove debugging fprintf() calls
	* src/qemu/qemu_driver.c: Remove debugging fprintf() calls
	  accidentally left in code

2010-05-15  Jim Meyering  <meyering@redhat.com>

	qemudDomainSetVcpus: avoid NULL-deref
	* src/qemu/qemu_driver.c (qemudDomainSetVcpus): Avoid NULL-deref
	upon unknown UUID.  Call qemuDomainObjBeginJob(vm) only after
	ensuring that vm != NULL, not before.  This potential NULL-deref
	was introduced by commit 2c555d87b0041e0d1ec4742386d2161d1b2f0600.

2010-05-15  Eric Blake  <eblake@redhat.com>

	Revert "build: fix cygwin build"
	This reverts commit 2d550542ee729c1d9a4d92de344892650817b213.
	The patch worked for incremental builds, but broke fresh
	builds, because it interfered with automake's automatic
	dependency generation.  Until I figure out how to make
	automake do what we want, I'd rather leave cygwin broken
	but fresh Linux builds working.

	build: fix cygwin build
	make[3]: *** No rule to make target `-lxml2', needed by `libvirt.la'.  Stop.
	Due to treating the wrong string as a dependency.
	* src/Makefile.am (libvirt_la_DEPENDENCIES): Depend only on
	locally-built file, not on strings that might resolve as '-lxml2'.

2010-05-15  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Add missing driver lock in qemu driver
	This adds a missing driver lock in the qemu driver to protect
	the list of domains.

2010-05-15  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Fix a misuse of virAsprintf in qemudDomainMemoryPeek
	The code specifies driver->cacheDir as the format string,
	but it usually doesn't contain '%s', so the subsequent
	argument, "/qemu.mem.XXXXXX", is always ignored.
	The patch fixes the misuse.

2010-05-14  Daniel P. Berrange  <berrange@redhat.com>

	Make domain save work when dynamic_ownership=0
	Setting dynamic_ownership=0 in /etc/libvirt/qemu.conf prevents
	libvirt's DAC security driver from setting uid/gid on disk
	files when starting/stopping QEMU, allowing the admin to manage
	this manually. As a side effect it also stopped setting of
	uid/gid when saving guests to a file, which completely breaks
	save when QEMU is running non-root. Thus saved state labelling
	code must ignore the dynamic_ownership parameter
	* src/qemu/qemu_security_dac.c: Ignore dynamic_ownership=0 when
	  doing save/restore image labelling

	Don't reset user/group/security label on shared filesystems during migrate
	When QEMU runs with its disk on NFS, and as a non-root user, the
	disk is chownd to that non-root user. When migration completes
	the last step is shutting down the QEMU on the source host. THis
	normally resets user/group/security label. This is bad when the
	VM was just migrated because the file is still in use on the dest
	host. It is thus neccessary to skip the reset step for any files
	found to be on a shared filesystem
	* src/libvirt_private.syms: Export virStorageFileIsSharedFS
	* src/util/storage_file.c, src/util/storage_file.h: Add a new
	  method virStorageFileIsSharedFS() to determine if a file is
	  on a shared filesystem (NFS, GFS, OCFS2, etc)
	* src/qemu/qemu_driver.c: Tell security driver not to reset
	  disk labels on migration completion
	* src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c,
	  src/security/security_selinux.c, src/security/security_driver.h,
	  src/security/security_apparmor.c: Add ability to skip disk
	  restore step for files on shared filesystems.

	Fix handling of disk backing stores with cgroups
	The cgroups ACL code was only allowing the primary disk image.
	It is possible to chain images together, so we need to search
	for backing stores and add them to the ACL too. Since the ACL
	only handles block devices, we ignore the EINVAL we get from
	plain files. In addition it was missing code to teardown the
	cgroup when hot-unplugging a disk
	* src/qemu/qemu_driver.c: Allow backing stores in cgroup ACLs
	  and add missing teardown code in unplug path

	Fix possible crash in handling IO Error event
	If the IO error event does not include a reason, then there
	is a possible crash dispatching the event
	* src/conf/domain_event.c: Missing check for a NULL reason before
	  strduping allows for a crash

	Add support for NIC hotplug using netdev_add in QEMU
	QEMU is gaining a new monitor command netdev_add for hotplugging
	NICs using the netdev backend code. We already support this on
	the command this, though it is disabled. This adds support for
	hotplug too, also to remain disabled until 0.13 QEMU is released
	* src/qemu/qemu_driver.c: Support netdev hotplug for NICs
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  support for netdev_add and netdev_remove commands

2010-05-13  Eric Blake  <eblake@redhat.com>

	datatypes: fix comment typo
	* src/datatypes.c: Use correct word.

2010-05-12  Jiri Denemark  <jdenemar@redhat.com>

	Fix monitor ref counting when adding event handle
	When closing a monitor using qemuMonitorClose(), we are aware of
	the possibility the monitor is still being used somewhere:
	    /* NB: ordinarily one might immediately set mon->watch to -1
	     * and mon->fd to -1, but there may be a callback active
	     * that is still relying on these fields being valid. So
	     * we merely close them, but not clear their values and
	     * use this explicit 'closed' flag to track this state */
	but since we call virEventAddHandle() on that monitor without increasing
	its ref counter, the monitor is still freed which makes possible users
	of it quite unhappy. The unhappiness can lead to a hang if qemuMonitorIO
	tries to lock mutex which no longer exists.

	Remove watches before calling REMOTE_PROC_CLOSE
	First calling REMOTE_PROC_CLOSE and then removing watches might lead to
	a hang as HANGUP event can be triggered before the watches are actually
	removed but after virConnectPtr is already freed. As a result of that
	remoteDomainEventFired() would try to lock uninitialized mutex, which
	would hang for ever.

2010-05-12  Jim Meyering  <meyering@redhat.com>

	tests: use GPLv2+, not GPLv3
	* tests/cpuset: Change from GPLv3 to GPLv2+
	* tests/read-bufsiz: Likewise.
	* tests/read-non-seekable: Likewise.
	* tests/start: Likewise.
	* tests/undefine: Likewise.
	* tests/vcpupin: Likewise.
	* tests/virsh-all: Likewise.
	* tests/virsh-schedinfo: Likewise.
	* tests/virsh-synopsis: Likewise.

2010-05-12  Eric Blake  <eblake@redhat.com>

	libvirt_proxy: link with -lpthread if needed
	Continuation of earlier patches to fix LIB_PTHREAD, only
	triggered by ./configure --with-xen-proxy (a la autobuild.sh).
	* proxy/Makefile.am (libvirt_proxy_LDADD): Add LIB_PTHREAD.

2010-05-12  Cole Robinson  <crobinso@redhat.com>

	node_device: udev: Fix PCI product/vendor swappage
	Product and vendor values were swapped in the XML, which made virt-manager
	PCI device listing kinda useless.

2010-05-12  Eric Blake  <eblake@redhat.com>

	build: update gnulib
	* .gnulib: Update to latest.
	* bootstrap.conf (gnulib_modules): Import netdb.
	* src/esx/esx_util.c (AI_ADDRCONFIG): Rely on gnulib.
	* src/remote/remote_driver.c (AI_ADDRCONFIG): Likewise.
	* tools/virsh.c (WEXITSTATUS, O_SYNC): Likewise.

	build: allow older gettext
	* bootstrap.conf (gnulib_modules): Use gettext-h, not gettext,
	since the latter drags in a depedency on gettext 0.18.
	Suggested by Bruno Haible.

2010-05-12  Jim Meyering  <meyering@redhat.com>

	tests: correct PATH in new test, for when running manually
	* tests/virsh-schedinfo: This test sets PATH internally, just in
	case you're running it manually.  Normally, the PATH setting from
	tests/Makefile.am's TESTS_ENVIRONMENT is sufficient.  Prepend the
	correct directory, and take advantage of the PATH setting in one
	more case.

2010-05-11  Daniel P. Berrange  <berrange@redhat.com>

	Add env variable for debugging gnutls usage
	Allow debugging of GNUTLS interactions by setting
	  LIBVIRT_GNUTLS_DEBUG=10 LIBVIRT_DEBUG=1 virsh
	* src/remote/remote_driver.c: Use LIBVIRT_GNUTLS_DEBUG to
	  enable gnutls debugging

2010-05-11  Jim Meyering  <meyering@redhat.com>

	tests: adjust copyrights on scripts: s/FSF/Red Hat/
	* tests/cpuset: Change copyright holder from FSF to Red Hat, Inc.
	* tests/read-bufsiz: Likewise.
	* tests/read-non-seekable: Likewise.
	* tests/start: Likewise.
	* tests/undefine: Likewise.
	* tests/vcpupin: Likewise.
	* tests/virsh-all: Likewise.
	* tests/virsh-synopsis: Likewise.

	virsh: schedinfo --set invalid=value would simply ignore the option
	For example, virsh -c test:///default schedinfo 1 --set P=k would
	mistakenly exit successfully, giving no indication that it had failed
	to set the scheduling parameter "P".
	* tools/virsh.c (cmdSchedinfo): Diagnose an invalid --set j=k option,
	rather than silently ignoring it.
	* tests/virsh-schedinfo: New test for the above.
	* tests/Makefile.am (test_scripts): Add it.
	Reported by Jintao Yang in http://bugzilla.redhat.com/586632

	virsh: fix a typo in a diagnostic
	* tools/virsh.c (cmdSchedInfoUpdate): Fix typo in a diagnostic:
	s/an long long/a long long/.  One in a comment, too.

2010-05-11  Eric Blake  <eblake@redhat.com>

	delMacvtap: typo fix
	* src/util/macvtap.c (delMacvtap): Fix documentation.

	maint: allow VPATH use of remote_protocol-structs
	* src/Makefile.am (remote_protocol-structs): Ensure file lives in srcdir.

	docs/Makefile.am: remove unnecessary subshells
	* docs/Makefile.am (ChangeLog.html.in, %.html.tmp, %.html)
	(html/index.html, $(devhelphtml)): Avoid spurious subshells.

	maint: avoid spurious output if program not present
	Some shells warn about missing programs before redirection;
	the idiomatic way to silence them is to run the program check
	inside a subshell, with the redirections outside the subshell.
	But a subshell is only needed in places where it is reasonable
	to expect the use of such a noisy shell in the first place.
	* src/Makefile.am (remote_protocol-structs): Use subshell, for
	FreeBSD 8.0 /bin/sh.
	* cfg.mk (sc_preprocessor_indentation): Avoid subshell, since the
	only users running cfg.mk can be assumed to have decent tools.

	storage_encryption: silence clang warning
	For printf("%*s",foo,bar), clang complains if foo is not int:
	warning: field width should have type 'int', but argument has
	type 'unsigned int' [-Wformat]
	* src/conf/storage_encryption_conf.c
	(virStorageEncryptionSecretFormat, virStorageEncryptionFormat):
	Use correct type.
	* src/conf/storage_encryption_conf.h (virStorageEncryptionFormat):
	Likewise.

2010-05-08  Jim Meyering  <meyering@redhat.com>

	help avoid accidental remote_protocol.x changes
	Now, if you update remote_protocol.x without also updating
	remote_protocol-structs to match, then "make check" will fail.
	* src/Makefile.am (remote_protocol-structs): Extract list of
	structs and member names from remote_protocol.o.
	(check-local): Depend on it.
	* src/remote_protocol-structs: New file.

2010-05-08  Eric Blake  <eblake@redhat.com>

	mingw32-libvirt.spec: bring up to date
	Right now, mingw32-portablexdr is not available in Fedora, but is
	present in fedora-mingw.git.  With that package, plus
	redhat-rpm-config and this patch, it is once again possible to build
	mingw32-libvirt from a Fedora 12 host.
	* mingw32-libvirt.spec.in (__debug_install_post): Override.
	(%files): Mention recent additions.

2010-05-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	Manually revert "Fix pthread related link error for virt-aa-helper"
	This reverts commit b5b8a6db69ba16a8225962bf7659b6ff6756bc18.
	That commit was not necessary. The problem is fixed by commit
	0e9b3a269be9ce821615aba4aece87c4451d43ac, but I didn't rebuild
	it properly after pulling in the commit and didn't notice it.

2010-05-08  Ersek Laszlo  <lacos@caesar.elte.hu>

	Fix a typo in docs

2010-05-08  Eric Blake  <eblake@redhat.com>

	build: use LIBADD, not LDFLAGS, for adding libraries
	Per automake, LDFLAGS is used early in the line, and LIBADD
	(libraries) or LDADD (programs) is used late.  On platforms like
	cygwin, without lazy linking, this order matters.  Therefore, libtool
	commands, -L, and similar should be in LDFLAGS, but -l should be in
	L*ADD.
	* src/Makefile.am (*_LDFLAGS): Move libraries...
	(*_LIBADD): ...to their LIBADD counterpart.

	maint: whitespace cleanups
	* src/Makefile.am: Fix some space-tab issues.

2010-05-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix pthread related link error for virt-aa-helper
	Link virt-aa-helper explicitly with pthread. This is at least
	required on Ubuntu 10.04.

	qemu: Fix warning about a non-literal format string

2010-05-07  Jim Meyering  <meyering@redhat.com>

	avoid link error in tests using libvirt_util; due to pthread_sigmask
	* src/Makefile.am (libvirt_util_la_LDFLAGS): Add $(LIB_PTHREAD),
	required, now that we're using gnulib's pthread module.

2010-05-07  Matthew Booth  <mbooth@redhat.com>

	Remove unused nwfilter field from struct remote_error
	Change 965466c1 added a new field to struct remote_error, which broke
	the RPC protocol. Fortunately the new field is unused, so this change
	simply removes it again.
	* src/remote/remote_protocol.(c|h|x): Remove remote_nwfilter from struct
	  remote_error

2010-05-07  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Implement SCSI disk unplugging
	With the introduction of the generic qemu device model, unplugging
	SCSI disks works like a charm, so support it in libvirt.
	* src/qemu/qemu_driver.c: Add qemudDomainDetachSCSIDiskDevice() to do the
	  unplugging, extend qemudDomainDetachDeviceAdd().

2010-05-07  Eric Blake  <eblake@redhat.com>

	qemu: use better types
	* src/qemu/qemu_driver.c (qemudFindDisk): Mark parameter const.
	(qemudShrinkDisks): Mark parameter unsigned.

2010-05-07  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Refactor disk unplugging
	We can reuse some of the code for other purposes.

2010-05-07  Eric Blake  <eblake@redhat.com>

	build: simplify checks for sched.h
	* configure.ac: Remove redundant checks.

	build: update gnulib
	81 patches to gnulib, picks up several new syntax checks.
	* .gnulib: Update to latest.
	* .x-sc_prohibit_always_true_header_tests: New file.
	* bootstrap.conf (gnulib_modules): Add sched.
	* src/util/processinfo.c (includes): <sched.h> is now guaranteed.
	* src/network/bridge_driver.c (includes): Drop useless
	<strings.h>.
	* src/openvz/openvz_conf.c (includes): Likewise.
	* src/openvz/openvz_driver.c (includes): Likewise.
	* src/phyp/phyp_driver.c (includes): Likewise.
	* src/qemu/qemu_driver.c (includes): Likewise.
	* src/uml/uml_driver.c (includes): Likewise.

	build: drop more redundant configure checks
	* configure.ac (AC_CHECK_FUNCS_ONCE, AC_SYS_LARGEFILE): Rely on
	gnulib for strtok_r and large file support.
	(AC_OBJEXT): Drop call now done by AC_PROG_CC.
	(m4_foreach_w): Drop macro guaranteed by gnulib.
	(AC_C_CONST): Drop call declared obsolete by autoconf.

	build: use gnulib's sys/wait.h
	* configure.ac: Drop sys/wait.h check.
	* src/libvirt.c (includes): Use header unconditionally.
	* src/remote/remote_driver.c (includes): Likewise.
	* src/storage/storage_backend.c (includes): Likewise.
	* src/util/ebtables.c (includes): Likewise.
	* src/util/hooks.c (includes): Likewise.
	* src/util/iptables.c (includes): Likewise.
	* src/util/util.c (includes): Likewise.

	build: use gnulib's uname
	* bootstrap.conf (gnulib_modules): Add uname.
	* configure.ac: Drop uname and sys/utsname.h checks.
	* src/nodeinfo.c (nodeGetInfo): Use uname unconditionally.

	build: rely on gnulib's pthread module
	Gnulib can guarantee that pthread.h exists, but for now, it is a dummy
	header with no support for most pthread_* functions.  Modify our
	use of pthread to use function checks, rather than header checks,
	to determine how much pthread support is present.
	* bootstrap.conf (gnulib_modules): Add pthread.
	* configure.ac: Drop all pthread.h checks.  Optimize function
	checks.  Add check for pthread functions.
	* src/Makefile.am (libvirt_lxc_LDADD): Ensure proper link.
	* src/remote/remote_driver.c (remoteIOEventLoop): Depend on
	pthread_sigmask, now that gnulib guarantees pthread.h.
	* src/util/util.c (virFork): Likewise.
	* src/util/threads.c (threads-pthread.c): Depend on
	pthread_mutexattr_init, as a witness of full pthread support.
	* src/util/threads.h (threads-pthread.h): Likewise.

2010-05-06  Eric Blake  <eblake@redhat.com>

	build: silence a clang false positive
	* src/qemu/qemu_monitor.c (qemuMonitorIOWriteWithFD): Work around
	recent clang shortcoming in analysis.

2010-05-06  Stefan Berger  <stefanb@us.ibm.com>

	rpmbuild: add ebtables & ip(6)tables dependency for rpm
	Add ebtables,iptables & iptables-ipv6 dependency to rpm.
	Changes from V1 to V2:
	  -passing --without-libpcap to configure script, if libpcap is not to be used

2010-05-05  Eric Blake  <eblake@redhat.com>

	util: fix va_start usage bug
	Detected by clang.  POSIX requires that the second argument to
	va_start be the name of the last variable; and in some implementations,
	passing *path instead of path would dereference bogus memory instead
	of pulling arguments off the stack.
	* src/util/util.c (virBuildPathInternal): Use correct argument to
	va_start.

2010-05-05  Kenneth Nagin  <NAGIN@il.ibm.com>

	qemu: live migration with non-shared storage for kvm
	Support for live migration between hosts that do not share storage was
	added to qemu-kvm release 0.12.1.
	It supports two flags:
	-b migration without shared storage with full disk copy
	-i migration without shared storage with incremental copy (same base image
	shared between source and destination).
	I tested the live migration without shared storage (both flags) for native
	and p2p with and without tunnelling.  I also verified that the fix doesn't
	affect normal migration with shared storage.

2010-05-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	configure.ac: Avoid uname, which breaks cross-compilation
	When cross-compiling on Linux, configure will misdetect the target as
	Linux because it uses uname instead of relying on the $host variable.
	This results in including libvirt_linux.syms into libvirt.syms and
	therefore trying to export undefined symbols.
	Replace uname checks with $host checks to fix this.

2010-05-04  Jiri Denemark  <jdenemar@redhat.com>

	Don't wipe generated iface target in active domains
	Wipe generated interface target only when reading configuration of
	inactive domains.

2010-05-04  Daniel Veillard  <veillard@redhat.com>

	Various fixes for the spec file
	This includes various things:
	 - fix the Requires: libvirt-client to use %{name} to allow easy
	   renaming
	 - when building ESX support one need libcurl-devel
	 - remove Makefile[.in] from xml/nwfilter in the docs, as this breaks
	   parallel install ation of i686 and x86_64 packages
	 - don't include nwfilter config files if not building with the daemon
	all relatively trivial which is why I packed them together
	* libvirt.spec.in: fix various small bugs

2010-05-04  Jim Meyering  <meyering@redhat.com>

	docs: hacking: explain why using curly braces well is important
	* docs/hacking.html.in: Use the "curly braces" section from coreutils'
	HACKING, adapting for libvirt's different formatting style.
	* HACKING: Sync from the above, still mostly manually.

2010-05-04  Jiri Denemark  <jdenemar@redhat.com>

	lxc: Check domain is active/inactive as required by operation
	Report VIR_ERR_OPERATION_INVALID when operation which requires running
	domain is called on inactive domain and vice versa.

	lxc: Make SetMemory work for active domains only

	lxc: Use virDomainFindByUUID for domain lookup
	Consistently use virDomainFindByUUID instead of virDomainFindByID and
	virDomainFindByName and report VIR_ERR_NO_DOMAIN when domain cannot be
	found.

2010-05-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	mingw: Fix two undefined symbols
	Add an empty body for virCondWaitUntil and move virPipeReadUntilEOF
	out of the '#ifndef WIN32' block, because it compiles fine with MinGW
	in combination with gnulib.

2010-05-04  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning
	Necessary on cygwin, where uid_t and gid_t are 4-byte long rather
	than int, causing gcc -Wformat warnings.
	* src/util/util.c (virFileOperationNoFork, virDirCreateNoFork)
	(virFileOperation, virDirCreate, virGetUserEnt): Cast uid_t and
	gid_t before passing to printf.
	* .gitignore: Ignore Windows executables.

2010-05-04  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: skip some interfaces on filter update
	When a filter is updated, only those interfaces must have their old
	rules cleared that either reference the filter directly or indirectly
	through another filter. Remember between the different steps of the
	instantiation of the filters which interfaces must be skipped. I am
	using a hash map to remember the names of the interfaces and store a
	bogus pointer to ~0 into it that need not be freed.

	pass info where request stems from to have rules applied
	For the decision on whether to instantiate the rules, the check for a
	pending IP address learn request is not sufficient since then only the
	thread could instantiate the rules. So, a boolean needs to be passed
	when the thread instantiates the filter rules late and the IP address
	learn request is still pending in order to override the check for the
	pending learn request. If the rules are to be updated while the thread
	is active, this will not be done immediately but the thread will do that
	later on.

2010-05-04  Eric Blake  <eblake@redhat.com>

	build: prefer WIN32 over __MINGW32__ checks
	WIN32 is always defined when __MINGW32__ is defined, but the
	converse is not true.  WIN32 is more generic, if someone were
	to ever attempt porting to a microsoft compiler.  This does
	not affect Cygwin, which intentionally does not define WIN32.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Use more
	generic flag macro.
	* src/storage/storage_backend.c
	(virStorageBackendUpdateVolTargetInfoFD)
	(virStorageBackendRunProgRegex): Likewise.
	* tools/console.h (vshRunConsole): Likewise.

2010-05-04  Ryota Ozaki  <ozaki.ryota@gmail.com>

	cgroup: Fix possible memory leak in virCgroupMakeGroup
	* src/util/cgroup.c: free temporal path string before breaking loop

2010-05-04  Eric Blake  <eblake@redhat.com>

	dnsmasqReload: avoid mingw link failure
	* src/util/dnsmasq.c (dnsmasqReload): Mingw lacks kill, but is not
	running a dnsmasq daemon either.

2010-05-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	mingw: Fix symbol export
	In commit 98fb83ce25f46e0236706fa6e0943032d921935f I changed the
	version script handling. But it seems that I didn't test this properly
	and broke it. The .def file is passed to the compiler directly, but it
	should get passed to the linker instead.
	Set VERSION_SCRIPT_FLAGS to -Wl, to pass the .def file correctly to
	the linker.
	This fixes the undefined symbol errors while linking virsh.

	dnsmasq.c: Fix OOM error reporting
	Also do some indentation clean up.

2010-05-03  Laine Stump  <laine@laine.org>

	Fix memory leaks in cmdInterfaceEdit and cmdNWFilterEdit.
	This applies a fix to thos functions similar to that made to cmdEdit
	in 270895063d1cf86ab42fa220a8d090c24d58dbc0, thus fnixing a memory
	leak - if tmp is unlinked and NULLed early in the function, the memory
	used by tmp is never freed. Since we will always unlink tmp prior to
	freeing its memory at the end of the function, just remove the earlier
	code and let cleanup: do the cleanup.

2010-05-03  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: Fix failure on starting a domain with multiple interfaces
	[Error message]
	error: Failed to start domain lxc_test1
	error: internal error Failed to create veth device pair: 512
	The reason of the failure is that lxc driver unexpectedly re-uses
	an auto-assigned veth name and tries to create the created veth
	again. The failure will happen when a domain has multiple network
	interfaces and the names of those are not specified in XML.
	The patch fixes the problem by resetting buffers of veth names
	in every iteration of creating veth.
	* src/lxc/lxc_driver.c: prevent re-using auto-assigned veth name
	  Reported by Kumar L Srikanth-B22348.

2010-05-01  Eric Blake  <eblake@redhat.com>

	autobuild.sh: provide default prefix
	Without this patch and with a clean environment, ./autobuild.sh
	tried to use ./configure --prefix=/, and fails.
	* autobuild.sh (AUTOBUILD_INSTALL_ROOT): Provide sensible
	default.  Suggested by Daniel P. Berrange.

2010-05-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.1
	* configure.ac docs/news.html.in libvirt.spec.in: updates for release
	* po/*.po*: updated localizations and regenerated

2010-05-01  Cole Robinson  <crobinso@redhat.com>

	domain: Fix PCI address decimal parsing regression
	<hostdev> address parsing previously attempted to detect the number
	base: currently it is hardcoded to base 16, which can break PCI
	assignment via virt-manager. Revert to the previous behavior.
	* src/conf/domain_conf.c: virDomainDevicePCIAddressParseXML, switch to
	  virStrToLong_ui(bus, NULL, 0, ...) to autodetect base

2010-04-30  Daniel P. Berrange  <berrange@redhat.com>

	Add support for another explicit IO error event
	This introduces a new event type
	   VIR_DOMAIN_EVENT_ID_IO_ERROR_REASON
	This event is the same as the previous VIR_DOMAIN_ID_IO_ERROR
	event, but also includes a string describing the cause of
	the event.
	Thus there is a new callback definition for this event type
	typedef void (*virConnectDomainEventIOErrorReasonCallback)(virConnectPtr conn,
	                                                           virDomainPtr dom,
	                                                           const char *srcPath,
	                                                           const char *devAlias,
	                                                           int action,
	                                                           const char *reason,
	                                                           void *opaque);
	This is currently wired up to the QEMU block IO error events
	* daemon/remote.c: Dispatch IO error events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  IO error events
	* include/libvirt/libvirt.h.in: Define new IO error event ID
	  and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle IO error events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for block IO errors and emit a libvirt IO error event
	* src/remote/remote_driver.c: Receive and dispatch IO error
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  IO error events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for BLOCK_IO_ERROR event
	  from QEMU monitor

2010-04-30  Jiri Denemark  <jdenemar@redhat.com>

	Report all errors in SELinuxRestoreSecurityFileLabel

2010-04-30  Stefan Berger  <stefanb@us.ibm.com>

	Prevent updates while IP address learn thread is running
	Prevent updating and tearing down of filter while the IP
	address learning thread is running and has its own filtering
	rules applied.

	Syncronize the teardown of rules with the thread
	Introduce a function to notify the IP address learning
	thread to terminate and thus release the lock on the interface.
	Notify the thread before grabbing the lock on the interface
	and tearing down the rules. This prevents a 'virsh destroy' to
	tear down the rules that the IP address learning thread has
	applied.

	Clean all tables before applying 'basic' rules
	The functions invoked by the IP address learning thread
	that apply some basic filtering rules did not clean up
	any previous filtering rules that may still be there
	(due to a libvirt restart for example). With the
	patch below all the rules are cleaned up first.
	Also, I am introducing a function to drop all traffic
	in case the IP address learning thread could not apply
	the rules.

2010-04-30  Daniel Veillard  <veillard@redhat.com>

	MAke virFileHasSuffix case insensitive
	* src/util/util.c: as it's used for checking things like .iso suffixes

2010-04-30  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Also pick IP address from a DHCP ACK message
	The local DHCP server on virtbr0 sends DHCP ACK messages when a VM is
	started and requests an IP address while the initial DHCP lease on the
	VM's MAC address hasn't expired. So, also pick the IP address of the VM
	if that type of message is seen.
	Thanks to Gerhard Stenzel for providing a test case for this.
	Changes from V1 to V2:
	- cleanup: replacing DHCP option numbers through constants

2010-04-30  Dustin Kirkland  <kirkland@canonical.com>

	Fix virt-pki-validate's determination of CN
	Ubuntu's gntls package generates an Issuer line that looks like this:
	        Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster@example.com
	While Red Hat's looks like this
	Issuer: CN=Red Hat Emerging Technologies
	Note the leading whitespace, and the additional fields in the former.
	This patch updates the regular expression to:
	 * trim leading characters before "Issuer:"
	 * trim anything between Issuer: and CN=
	 * trim anything after the next ,
	I've tested this against the certool output of both RH and Ubuntu
	generated certs.

2010-04-30  Jim Meyering  <meyering@redhat.com>

	qemudDomainSaveFlag: remove dead store
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Remove dead store to "rc".

2010-04-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix detection of disk in IO events
	When using -device syntax, the IO event will have a different
	prefix, 'drive-' that needs to be skipped over before matching
	against the libvirt disk alias
	* src/qemu/qemu_driver.c: Skip QEMU_DRIVE_HOST_PREFIX in IO event

	Implement python binding for virDomainGetBlockInfo
	This binds the virDomainGetBlockInfo API to python's blockInfo
	method on the domain object
	>>> c = libvirt.openReadOnly('qemu:///session')
	>>> d = c.lookupByName('demo')
	>>> f = d.blockInfo("/dev/loop0", 0)
	>>> print f
	[1048576000L, 104857600L, 104857600L]
	* python/libvirt-override-api.xml: Define override signature
	* python/generator.py: Skip C impl generator for virDomainGetBlockInfo
	* python/libvirt-override.c: Manual impl of virDomainGetBlockInfo

	Add new domblkinfo command to virsh
	  virsh # domblkinfo demoguest /dev/hda2
	  Capacity:       1048576000
	  Allocation:     104857600
	  Physical:       104857600
	* tools/virsh.c: Implement domblkinfo command mapping to the
	  new virDomainGetBlockInfo API

	Implement virDomainGetBlockInfo in QEMU driver
	* src/qemu/qemu_driver.c: Implementation of virDomainGetBlockInfo
	* src/util/storage_file.h: Add DEV_BSIZE
	* src/storage/storage_backend.c: Remove DEV_BSIZE

	Remote protocol impl for virDomainGetBlockInfo
	* daemon/remote.c: Server side dispatcher
	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_ret.h, daemon/remote_dispatch_table.h: Update
	  with new API
	* src/remote/remote_driver.c: Client side dispatcher
	* src/remote/remote_protocol.c, src/remote/remote_protocol.h: Update
	* src/remote/remote_protocol.x: Define new wire protocol

	Internal driver API infrastructure for virDomainGetBlockInfo
	This defines the internal driver API and stubs out each driver
	* src/driver.h: Define virDrvDomainGetBlockInfo signature
	* src/libvirt.c, src/libvirt_public.syms: Glue public API to drivers
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c, src/xenapi/xenapi_driver.c: Stub out driver

	Add virDomainGetBlockInfo API to query disk sizing
	Some applications need to be able to query a guest's disk info,
	even for paths not managed by the storage pool APIs. This adds
	a very simple API to get this information, modelled on the
	virStorageVolGetInfo API, but with an extra field 'physical'.
	Normally 'physical' and 'allocation' will be identical, but
	in the case of a qcow2-like file stored inside a block device
	'physical' will give the block device size, while 'allocation'
	will give the qcow2 image size
	* include/libvirt/libvirt.h.in: Define virDomainGetBlockInfo

2010-04-29  Chris Lalancette  <clalance@redhat.com>

	Fix a virsh edit memory leak
	When running virsh edit, we are unlinking and setting
	the tmp variable to NULL before going to the end of the
	function, meaning that we never free tmp.  Since the
	exit to the function will always unlink and free tmp,
	just remove this bit of code and let it get done at the
	end.

	Fix a qemuDomainPCIAddressSetFree memory leak
	qemuDomainPCIAddressSetFree was freeing up the hash
	table for the pci addresses, but not freeing up the addr
	structure.  Looking over the callers of this function, it
	seems like they expect it to also free up the structure,
	so do that here.

	Fix a memory leak in the node_device_udev code
	We were over-writing a pointer without freeing it in
	case of a disk device, leading to a memory leak.

	Fix build on Ubuntu.
	When building on Ubuntu with make -j3 (or more), it would always
	fail when trying to build virt-aa-helper.  I'm not an expert in
	automake by any means, but I think the entry for virt-aa-helper
	is mis-using LDADD; it shouldn't be putting direct paths to
	libvirt_conf.la and libvirt_util.la, but instead referencing those
	names.  With this patch in place, I'm able to successfully build
	on Ubuntu 9.04 with make -j3.

	Report better error if qemuSnapshotIsAllowed failed.

2010-04-29  Daniel P. Berrange  <berrange@redhat.com>

	Remove unused goto label from qemudDomainCreate
	The previous commit changes a goto from 'endjob' to 'cleanup',
	leaving the endjob label unused. Remove it to avoid compile
	warning.
	* src/qemu/qemu_driver.c: Remove 'endjob' label

2010-04-29  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: python bindings for nwfilter
	I have primarily followed the pattern of the 'secret' driver to provide
	support for the missing python bindings for the network filter API.

2010-04-29  Jim Meyering  <meyering@redhat.com>

	qemuDomainSnapshotCreateXML: avoid NULL dereferences
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): When setting
	"vm" to NULL, jump over vm-dereferencing code to "cleanup".
	(qemuDomainRevertToSnapshot): Likewise.

	qemudDomainCreate: correct a slightly misdirected goto
	* src/qemu/qemu_driver.c (qemudDomainCreate): Goto cleanup,
	not "endjob", since we know "vm" is already NULL.  No semantic change.

2010-04-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	cygwin/mingw: Fix version script handling
	Let configure detect ld instead of hardcoding /usr/bin/ld, because
	MinGW may have ld in /bin.
	Only use a .def file to export symbols on MinGW. Cygwin's ld supports
	the normal .syms file used on Linux.

2010-04-28  Eric Blake  <eblake@redhat.com>

	build: fix autogen rule for VPATH build
	* cfg.mk (gnulib_srcdir): Override maint.mk default.
	(_update_required): Run in correct directory.

2010-04-28  Daniel Veillard  <veillard@redhat.com>

	Move dnsmasq host file to a separate directory
	use /var/lib/libvirt/dnsmasq since /var/lib/libvirt/network is
	unreadable by the dnsmasq binary
	* src/network/bridge_driver.c: update DNSMASQ_STATE_DIR
	* src/Makefile.am: create it on make install
	* libvirt.spec.in: take the new directory into account

2010-04-28  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: allow to mix filterrefs and rules in the schema
	So far the references to other filters needed to appear before filtering
	rules. With the below patch they can now appear in any order.
	Also I forgot to add a couple of 'rarp's.

2010-04-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of security driver restore failures in QEMU domain save
	In cases where the security driver failed to restore a label after a
	guest has saved, we mistakenly jumped to the error cleanup paths.
	This is not good, because the operation has in fact completed and
	cannot be rolled back completely. Label restore is non-critical, so
	just log the problem instead. Also add a missing restore call in
	the error cleanup path
	* src/qemu/qemu_driver.c: Fix handling of security driver
	  restore failures in QEMU domain save

	Fix QEMU domain save to block devices with cgroups enabled
	When cgroups is enabled, access to block devices is likely to be
	restricted to a whitelist. Prior to saving a guest to a block device,
	it is necessary to add the block device to the whitelist. This is
	not required upon restore, since QEMU reads from stdin
	* src/qemu/qemu_driver.c: Add block device to cgroups whitelist
	  if neccessary during domain save.

	Fix QEMU save/restore with block devices
	The save process was relying on use of the shell >> append
	operator to ensure the save data was placed after the libvirt
	header + XML. This doesn't work for block devices though.
	Replace this code with use of 'dd' and its 'seek' parameter.
	This means that we need to pad the header + XML out to a
	multiple of dd block size (in this case we choose 512).
	The qemuMonitorMigateToCommand() monitor API is used for both
	save/coredump, and migration via UNIX socket. We can't simply
	switch this to use 'dd' since this causes problems with the
	migration usage. Thus, create a dedicated qemuMonitorMigateToFile
	which can accept an filename + offset, and remove the filename
	from the current qemuMonitorMigateToCommand() API
	* src/qemu/qemu_driver.c: Switch to qemuMonitorMigateToFile
	  for save and core dump
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Create
	  a new qemuMonitorMigateToFile, separate from the existing
	  qemuMonitorMigateToCommand to allow handling file offsets

	Avoid create/unlink with block devs used for QEMU save
	It is possible to use block devices with domain save/restore. Upon
	failure QEMU unlinks the path being saved to. This isn't good when
	it is a block device !
	* src/qemu/qemu_driver.c: Don't unlink block devices if save fails

	Fix crash when cleaning up from failed save attempt
	If a transient QEMU crashes during save attempt, then the virDomainPtr
	object may be freed. If a persistent QEMU crashes during save, then
	the 'priv->mon' field is no longer valid since it will be inactive.
	* src/qemu/qemu_driver.c: Fix two crashes when QEMU exits
	  during a save attempt

2010-04-28  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: let qemu's after-migration packet pass
	Qemu currently sends an Ethernet packet with protocol id 0x835 once a VM
	was successfully migrated. The content of the packet looks like a
	gratuitous RARP, just with the wrong protocol ID, which should be
	0x8035. I wrote some filters to let either one of the packets pass and
	am adapting the clean-traffic sample filter to use it. I am also
	doing some changes on the existing ARP filter which was lacking a
	test for source MAC address.

2010-04-28  Chris Lalancette  <clalance@redhat.com>

	Fix up the error message if we can't parse the snapshot XML.

2010-04-28  Klaus Ethgen  <Klaus@Ethgen.de>

	The base used for conversion of USB values should be 16 not 10.

2010-04-27  Chris Lalancette  <clalance@redhat.com>

	Fix up the locking in the snapshot code.
	In particular I was forgetting to take the qemuMonitorPrivatePtr
	lock (via qemuDomainObjBeginJob), which would cause problems
	if two users tried to access the same domain at the same time.
	This patch also fixes a problem where I was forgetting to remove
	a transient domain from the list of domains.
	Thanks to Stephen Shaw for pointing out the problem and testing
	out the initial patch.

2010-04-27  Daniel Veillard  <veillard@redhat.com>

	cleanup the download section of the documentation
	Just removing reverences to the deprecated CVS server and the old git
	on et.redhat.com

2010-04-27  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: add support for RAPR protocol
	This patch adds support for the RARP protocol. This may be needed due to
	qemu sending out a RARP packet (at least that's what it seems to want to
	do even though the protocol id is wrong) when migration finishes and
	we'd need a rule to let the packets pass.
	Unfortunately my installation of ebtables does not understand -p RARP
	and also seems to otherwise depend on strings in /etc/ethertype
	translated to protocol identifiers. Therefore I need to pass -p 0x8035
	for RARP. To generally get rid of the dependency of that file I switch
	all so far supported protocols to use their protocol identifier in the
	-p parameter rather than the string.
	I am also extending the schema and added a test case.
	changes from v1 to v2:
	- added test case into patch

2010-04-27  Jiri Denemark  <jdenemar@redhat.com>

	Ignore qemu STOP event when stopping CPUs
	With JSON qemu monitor, we get a STOP event from qemu whenever qemu
	stops guests CPUs. The downside of it is that vm->state is changed to
	PAUSED and a new generic paused event is send to applications. However,
	when we ask qemu to stop the CPUs we are not really interested in qemu
	event and we usually want to issue a more specific event.
	By setting vm->status to PAUSED before actually sending the request to
	qemu (and resetting it back if the request fails) we can ignore the
	event since the event handler does nothing when the guest is already
	paused. This solution is quite hacky but unfortunately it's the best
	solution which I was able to come up with and it doesn't introduce a
	race condition.

	Fix build with DEBUG_RAW_IO=1

2010-04-27  David Allan  <dallan@redhat.com>

	Fix indentation for storage conf XML
	* virStorageEncryptionFormat is called from both
	  virDomainDiskDefFormat and virStorageVolTargetDefFormat.  The proper
	  indentation in the generated XML depends on the caller.  My earlier
	  patch to fix the incorrect indentation for the domain XML broke the
	  indentation for the storage XML.  This patch adopts Laine's
	  suggestion of requring the caller of virStorageEncryptionFormat to
	  provide an unsigned int with the number of spaces the output should
	  be indented.  The patch modifies both callers to provide the
	  additional argument.
	* Add a regression test for the domain XML
	* src/conf/domain_conf.c src/conf/storage_conf.c
	  src/conf/storage_encryption_conf.c src/conf/storage_encryption_conf.h:
	  change the indentation code
	* tests/qemuxml2xmltest.c
	  tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk.args
	  tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk.xml: add a regression test

2010-04-27  Daniel Veillard  <veillard@redhat.com>

	Don't try to build qemu and lxc on non-Linux platforms
	as their drivers requires linux only headers

2010-04-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	cygwin: Handle differences in the XDR implementation
	Cygwin's XDR implementation defines xdr_u_int64_t instead of
	xdr_uint64_t and lacks IXDR_PUT_INT32/IXDR_GET_INT32.
	Alter the IXDR_GET_LONG regex in rpcgen_fix.pl so it doesn't destroy
	the #define IXDR_GET_INT32 IXDR_GET_LONG in remote_protocol.x.
	Also fix the remote_protocol.h regex in rpcgen_fix.pl.

	Cygwin's GCC doesn't like this .sa_handler initialization for some reason

	linux/if.h header is not available on non-Linux platforms

2010-04-27  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: enable hex number inputs in filter XML
	With this patch I want to enable hex number inputs in the filter XML. A
	number that was entered as hex is also printed as hex unless a string
	representing the meaning can be found.
	I am also extending the schema and adding a test case. A problem with
	the DSCP value is fixed on the way as well.
	Changes from V1 to V2:
	- using asHex boolean in all printf type of functions to select the
	output format in hex or decimal format

2010-04-26  Satoru SATOH  <satoru.satoh@gmail.com>

	Starts dnsmasq from libvirtd with --dhcp-hostsfile option
	This patch makes libvirtd start the dnsmasq daemon with a
	--dhcp-hostsfile option instead of --dhcp-host options for each
	'//ip/dhcp/host' entries defined in network xml file.
	the dnsmasq host file is stored into /var/lib/libvirt/network
	* src/network/bridge_driver.c: define the directory for the hostfiles
	  and save/delete them to be used by dnsmasq

	Add build support for dnsmasq module
	* po/POTFILES.in: the new module contains translatable strings
	* src/Makefile.am: include the files in the utils set
	* src/libvirt_private.syms: exports the symbols internally

	Add dnsmasq module files
	It implements an idea to save dhcp hosts' macaddr vs. ipaddr mappings to
	static file and make dnsmasq loading it with "--dhcp-hostsfile" option,
	originally suggested by Dan, and can address the problem that too
	many "--dhcp-host" args hitting ARG_MAX limit
	* src/util/dnsmasq.h src/util/dnsmasq.c: adds the 2 new files

2010-04-26  Daniel Veillard  <veillard@redhat.com>

	Fix make dist missing ESX generated files
	new method generated files are missing from dist tarball.

2010-04-24  Chris Lalancette  <clalance@redhat.com>

	Fix memory leak in virsh snapshot-list.
	We were forgetting to release the memory allocated by
	virDomainSnapshotListNames.  Free the memory properly.

	Fix printing of pathnames on error in qemuDomainSnapshotLoad.
	While doing some testing of the snapshot code I noticed that
	if qemuDomainSnapshotLoad failed, it would print a NULL as
	part of the error.  That's not desirable, so leave the
	full_path variable around until after we are done printing
	errors.

	Fix virDomainSnapshotObjFree memory leak.
	We were freeing the virDomainSnapshotDefPtr, but not
	the virDomainSnapshotObjPtr in virDomainSnapshotObjFree.

	Make virDomainSnapshotObjListDeinit static.

	Fix a memory leak in the snapshot code in libvirtd.
	While running libvirtd under valgrind and doing some
	snapshot testing I noticed that we would always leak a
	connection reference.  The problem was actually that we
	were leaking a domain reference in the libvirtd remote
	snapshot code, which was in turn causing a leaked
	connection reference.  Fix the situation by explicitly
	taking and dropping a domain reference where we need it.

2010-04-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	cygwin: Check explicitly for getmntent_r
	Cygwin has mntent.h but lacks getmntent_r. Update preprocessor
	checks to catch this combination.

	Some NWFilter symbols are conditional and have to be exported conditional

	xen: Fix inside_daemon beeing unused when libvirtd is disabled
	The defined __sun is there, because inside_daemon is used in xenUnifiedOpen
	if __sun is defined.

	Disable stateful OpenNebula driver if libvirtd is disabled
	Also move the equivalent checks for LXC and UML before their header
	checks. This way configure doesn't check for the headers when the driver
	gets disabled anyway.

	Improve configure error message about missing Linux headers

2010-04-24  Eric Blake  <eblake@redhat.com>

	build: fix typo in previous commit
	* configure.ac: Avoid syntax error.

	build: don't include winsock2.h on cygwin
	Under cygwin, winsock2.h is intentionally incompatible with,
	<sys/socket.h>, and checking for existence is wrong.
	Under mingw, HAVE_WINSOCK2_H is defined on our behalf by
	gnulib, in a way that does not interfere with cygwin.
	* configure.ac: Drop unnecessary header check.
	Reported by Matthias Bolte.

2010-04-24  Luiz Capitulino  <lcapitulino@redhat.com>

	QEmu JSON drop timestamp from command object
	It's not needed and is currently ignored, but this is a bug.
	It will get fixed soon and QMP will return an error for keys
	it doesn't know about, this will break libvirt.
	* src/qemu/qemu_monitor_json.c: remove qemuMonitorJSONCommandAddTimestamp()
	  and the place where it's invoked in qemuMonitorJSONMakeCommand()

2010-04-23  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: extend schema + add testcase w/ connlimit-above
	I am extending the schema with the recently added connlimit-above
	attribute and adding a test case for it to the test suite.

2010-04-23  Marco Bozzolan  <redshift@gmx.com>

	maint: update AUTHORS
	* AUTHORS: Use preferred name.

2010-04-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash in nwfilter driver check
	The nwfilterDriverActive() could de-reference a NULL pointer
	if it hadn't be started at the point it was called. It was
	also not thread safe, since it lacked locking around data
	accesses.
	* src/nwfilter/nwfilter_driver.c: Fix locking & NULL checks
	  in nwfilterDriverActive()

2010-04-23  Eric Blake  <eblake@redhat.com>

	addrToString: give better error message
	The user probably doesn't care what the gai error numbers are, as
	much as what the failed conversion IP address was.
	* src/remote/remote_driver.c (addrToString): Mention which address
	could not be converted.
	* daemon/remote.c (addrToString): Likewise.

	maint: update AUTHORS with recent contributors
	git shortlog $(git log -1 --format=%H AUTHORS).. | grep -v "^ "
	then add missing entries to AUTHORS.
	* AUTHORS: Update.

2010-04-23  Spencer Shimko  <sshimko@tresys.com>

	qemu: fix security context references in DAC code
	* The error messages coming from qemu's DAC support contain strings
	  from the original SELinux security driver code.  This just removes
	  references to "security context" and other SELinux-isms from the DAC
	  code.

2010-04-23  Stefan Berger  <stefanb@us.ibm.com>

	Changes from V1 to V2:  - using INT_BUFSIZE_BOUND() to determine the length of the buffersize for printing and integer into
	 - not explicitly initializing static var threadsTerminate to false
	anymore, since that's done automatically
	Changes after V2:
	  - removed while looks in case of OOM error
	  - removed on ifaceDown() call
	  - preceding one ifaceDown() call with an ifaceCheck() call
	Since the name of an interface can be the same between stops and starts
	of different VMs I have to switch the IP address learning thread to use
	the index of the interface to determine whether an interface is still
	available or not - in the case of macvtap the thread needs to listen for
	traffic on the physical interface, thus having to time out periodically
	to check whether the VM's macvtap device is still there as an indication
	that the VM is still alive. Previously the following sequence of 2 VMs
	with macvtap device
	virsh start testvm1; virsh destroy testvm1 ; virsh start testvm2
	would not terminate the thread upon testvm1's destroy since the name of
	the interface on the host could be the same (i.e, macvtap0) on testvm1
	and testvm2, thus it was easily race-able. The thread would then
	determine the IP address parameter for testvm2 but apply the rule set
	for testvm1. :-(
	I am also introducing a lock for the interface (by name) that the thread
	must hold while it listens for the traffic and releases when it
	terminates upon VM termination or 0.5 second thereafter. Thus, the new
	thread for a newly started VM with the same interface name will not
	start while the old one still holds the lock. The only other code that I
	see that also needs to grab the lock to serialize operation is the one
	that tears down the firewall that were established on behalf of an
	interface.
	I am moving the code applying the 'basic' firewall rules during the IP
	address learning phase inside the thread but won't start the thread
	unless it is ensured that the firewall driver has the ability to apply
	the 'basic' firewall rules.

2010-04-23  David Allan  <dallan@redhat.com>

	Properly indent encryption tags
	* Fix for the bug reported at:
	https://bugzilla.redhat.com/show_bug.cgi?id=573908

2010-04-23  Jiri Denemark  <jdenemar@redhat.com>

	Fix locking in qemudDomainCoreDump
	The hang fix in d376b7d63ec1ef24ba4c812d58b9a414ddb561f8 was incomplete
	since it left quite a few {Enter,Exit}Monitor calls which require driver
	to be unlocked. Since the driver is locked throughout the whole
	function, {Enter,Exit}MonitorWithDriver need to be used instead to
	ensure driver is not locked when issuing monitor commands.

	Poll for migration end every 50ms instead of 50us
	The comment in qemuDomainWaitForMigrationComplete says we are polling
	every 50ms but the code sleeps only for 50us. This was already discussed
	during review but apparently forgotten when the series was pushed.

2010-04-23  Spencer Shimko  <sshimko@tresys.com>

	configure.ac SELinux fixes
	* Fix a logic error in configure.ac that prevented --with-selinux=no
	  from being used with --with-secdriver-selinux=no.
	* Fix some strings to clarify the difference between --with-selinux
	  and --with-secdriver-selinux.

2010-04-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU text monitor command error checking
	The text monitor code was checking for a '\n' prefix on several
	places. Previously this would work, but since the monitor code
	re-write the '\n' is already stripped off, so mustn't be checked
	for.
	* src/qemu/qemu_monitor_text.c: Fix monitor error checking

	Fix CPU hotplug command names
	Probably as a result of a merge error, the CPU hotplug command
	names were completely wrong.
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Fix
	  the CPU hotplug command names

	Fix printing of event detail in python events demo program
	The events demo program is slightly misleading printing
	  myDomainEventCallback1 EVENT: Domain f14i686(-1) Added
	which is not distinguishing Add vs Update events. It should have
	been doing
	  myDomainEventCallback1 EVENT: Domain f14i686(-1) Defined Updated
	* examples/domain-events/events-python/event-test.py: Fully print
	  event detail info string

2010-04-22  Dustin Kirkland  <kirkland@canonical.com>

	portability fixes to tools/virt-pki-validate.in
	A few fixes will help make tools/virt-pki-validate.in useful on Debian
	and Ubuntu.  And one fix should be useful to everyone (see #3).
	 1) note our gnutls-bin package (in addition to your gnutls-utils
	package) in the no-certtool error text
	 2) fix a bashism, == should be = in the case where /bin/sh is a symlink
	to dash
	 3) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR
	variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR
	everywhere
	Bug report:
	 * https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266

2010-04-22  Eric Blake  <eblake@redhat.com>

	maint: enforce whitespace on shell scripts
	Noticed because virt-pki-validate was very inconsistent on
	using tabs vs. 8 spaces, sometimes mixing both paradigms on
	a single line.
	'git diff -b' shows significant changes only in cfg.mk.
	* cfg.mk (sc_TAB_in_indentation): Add a few files.
	* daemon/libvirtd.init.in: Avoid tabs.
	* tools/virt-pki-validate.in: Likewise.

	testutilsqemu: avoid uninitialized variable
	* tests/testutilsqemu.c (testQemuCapsInit): Initialize variables.

2010-04-22  Jiri Denemark  <jdenemar@redhat.com>

	Fake host CPU for qemu tests

	Use configured CPU model if possible
	Adds ability to provide a preferred CPU model for CPUID data decoding.
	Such model would be considered as the best possible model (if it's
	supported by hypervisor) regardless on number of features which have to
	be added or removed for describing required CPU.

	Support removing features when converting data to CPU
	So far, when CPUID data were converted into CPU model and features, the
	features can only be added to the model. As a result, when a guest asked
	for something like "qemu64,-svm" it would get a qemu32 plus a bunch of
	additional features instead.
	This patch adds support for removing feature from the base model.
	Selection algorithm remains the same: the best CPU model is the model
	which requires lowest number of features to be added/removed from it.

	Move MIN macro to util.h so that others can use it

	Deal with CPU models in []
	Qemu committed a patch which list some CPU names in [] when asked for
	supported CPUs (qemu -cpu ?). Yet, it needs such CPUs to be passed
	without those square braces. When probing for supported CPU models, we
	can just strip the square braces and pretend we have never seen them.

	Fix initial VCPU pinning in qemu driver
	First, inital VCPU pinning is set correctly but then it is reset by
	assigning qemu process to a new cgroup (which contains all CPUs). It's
	easily fixed by swapping these two actions.

2010-04-22  Eric Blake  <eblake@redhat.com>

	maint: ignore 'make syntax-check' failure files
	* .gitignore: Add exemption.
	* cfg.mk (local-checks-to-skip): Ignore a test to silence a skip
	warning.

2010-04-22  Chris Lalancette  <clalance@redhat.com>

	Make avahi startup more robust.
	If the hostname of the current virtualization machine
	could not be resolved, then libvirtd would fail to
	start.  However, for disconnected operation (on a laptop,
	for instance) the hostname may very legitimately not
	be resolvable.  This patch makes it so that if we can't
	resolve the hostname, avahi doesn't fail, it just uses
	a less useful MDNS string.

2010-04-22  Guido Günther  <agx@sigxcpu.org>

	Ignore empty type attribute in driver element of virtual disks
	Fixes http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578347

2010-04-22  Eric Blake  <eblake@redhat.com>

	build: fix preprocessor indentation
	* src/esx/esx_vi.h: Placate cppi.

2010-04-21  Chris Wong  <wongc-redhat@hoku.net>

	esx: Don't treat an empty root snapshot list as error
	An empty root snapshot list was considered as error condition. Creating a
	new snapshot would fail if the domain didn't have snapshots yet, because
	the snapshot-create function tries to lookup the list of existing snapshots
	in order to verify that the snapshot name is unique. This fails if the
	domain doesn't have snapshots yet.
	Removing the NULL check from esxVI_LookupRootSnapshotTreeList fixes this.

2010-04-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Gather some XML generation macros in esx_vi.h

	esx: Fix FindByIp response handling
	FindByIp may return nothing if there is no host or virtual machine
	with the given IP address. Handle that case properly.

	esx: Fix virtualHW.version generation
	The supported virtualHW.version doesn't depend on the API version,
	but on the product version.

2010-04-21  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: add support for connlimit match
	This patch adds support for the connlimit match in iptables that is used
	to limit the number of outgoing directions.

	Extend fwall-drv interface and call functions via interface
	I am moving some of the eb/iptables related functions into the interface
	of the firewall driver and am making them only accessible via the driver's
	interface. Otherwise exsiting code is adapted where needed. I am adding one
	new function to the interface that checks whether the 'basic' rules can be
	applied,  which will then be used by a subsequent patch.

2010-04-21  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning
	According to GCC, ATTRIBUTE_UNUSED means that an attribute _might_
	be unused, not _must_ be unused.  Therefore, it is easier to
	blindly mark a variable, than to try and do preprocessor limiting
	of when we know it is unused.
	* src/remote/remote_driver.c (remoteAuthenticate): Mark attribute
	as potentially unused.
	Reported by Gustovo Morozowski.

2010-04-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	Explicitly set virStoragePoolTypeInfo FS and NETFS defaults
	No semantic change, the now explicitly set default are all zero and
	that's what GCC sets unspecified struct members to.

	esx: Add support for the VMXNET 2 (Enhanced) NIC model
	Add a test case and document it.

	Mark in_open parameter of remoteAuthenticate as unused when it's unused
	Otherwise compiling with -Werror will fail.

2010-04-20  Philipp Hahn  <hahn@univention.de>

	Install nwfilter xml files from source directory.
	During an out-of-tree build, the current working directory is the build
	directory. Since the FILTERS are static and not modified or
	auto-generated during the build process, they need to be explicitly
	fetched from the source directory during install.
	Prefix the files with $(srcdir), which gets expanded to the absolute or
	relative path to the source directory, even when duing out-of-tree
	builds.

	Don't ship generated python/libvirt.? files.
	libvirt.c and libvirt.h are auto-generated files. Mentioning their names
	in *_SOURCES includes them in the distribution. During an out-of-tree
	build these shipped files are included instead of the auto-generated
	version, potentially breaking the build (as it happend in 0.8.0, because
	the shipped libvirt.h was missing the declaration for
	'libvirt_virDomainUpdateDeviceFlags')
	Use the nodist_*_SOURCES automake variable instead.

2010-04-20  Daniel P. Berrange  <berrange@redhat.com>

	Fixup python binding for virDomainSnapshot APIs
	The generator code was totally wrong for the virDomainSnapshot
	APIs, not generating the wrapper class, and giving methods the
	wrong names
	* generator.py: Set metadata for virDomainSnapshot type & APIs
	* libvirt-override-api.xml, libvirt-override.c: Hand-code the
	  virDomainSnapshotListNames glue layer

2010-04-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix network hotplug to use device_add in QEMU
	The initial boot of VMs uses -device for NICs where available. The
	corresponding monitor command is device_add, but the network hotplug
	code was still using device_del by mistake.
	* src/qemu/qemu_driver.c: Use device_add for NIC hotplug where
	  available

	Fix error reporting for getfd + host_net_add in QEMU
	If either of the getfd or host_net_add monitor commands return
	any text, this indicates an error condition. Don't ignore this!
	* src/qemu/qemu_monitor_text.c: Report errors for getfd and
	  host_net_add

	Fix device_del in JSON mode for QEMU
	The 'device_del' command expects a parameter called 'id' but we
	were passing 'config'.
	* src/qemu/qemu_monitor_json.c: Fix device_del command parameter

2010-04-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	nwfilter: Free nwfilter hash of virConnectPtr
	And close the driver on connection close.

2010-04-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	Replace printf with logging macros

2010-04-17  Jiri Denemark  <jdenemar@redhat.com>

	Mark internal.h for translation

2010-04-16  Jiri Denemark  <jdenemar@redhat.com>

	Use virCheckFlags for APIs added in 0.8.0

	Introduce virCheckFlags for consistent flags checking
	The idea is that every API implementation in driver which has flags
	parameter should first call virCheckFlags() macro to check the function
	was called with supported flags:
	    virCheckFlags(VIR_SUPPORTED_FLAG_1 |
	                  VIR_SUPPORTED_FLAG_2 |
	                  VIR_ANOTHER_SUPPORTED_FLAG, -1);
	The error massage which is printed when unsupported flags are passed
	looks like:
	    invalid argument in virFooBar: unsupported flags (0x2)
	Where the unsupported flags part only prints those flags which were
	passed but are not supported rather than all flags passed.

2010-04-16  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Clear all state tracking from a drop rule
	Don't use state-matching in a drop rule.

2010-04-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Replace scanf with STRSKIP and strtok_r
	This also fixes a portability problem with the %a format modifier.
	%a is not portable and made esxDomainDumpXML fail at runtime in
	MinGW builds.

	Update to latest gnulib to get strtok_r relaxed to LGPLv2+
	strtok_r will be used in the ESX driver to replace scanf-based code.
	MinGW lacks strtok_r, so we need gnulib to provide it, but until now
	strtok_r was licensed LGPL3.

	esx: Add nwfilter driver stub
	This stops libvirt trying to connect to a non-existing libvirtd on the
	ESX server in order to find a nwfilter driver.

2010-04-16  Eric Blake  <eblake@redhat.com>

	remote: react to failures on wakeupFD
	* src/remote/remote_driver.c (remoteIO, remoteIOEventLoop): Report
	failures on pipe used for wakeup.
	Reported by Chris Lalancette.

	util: ensure safe{read,write,zero} return is checked
	Based on a warning from coverity.  The safe* functions
	guarantee complete transactions on success, but don't guarantee
	freedom from failure.
	* src/util/util.h (saferead, safewrite, safezero): Add
	ATTRIBUTE_RETURN_CHECK.
	* src/remote/remote_driver.c (remoteIO, remoteIOEventLoop): Ignore
	some failures.
	(remoteIOReadBuffer): Adjust error messages on read failure.
	* daemon/event.c (virEventHandleWakeup): Ignore read failure.

	maint: another preprocessor fix
	Regression introduced in commit 62170b995.
	* src/util/memory.h: Placate cppi, and fit 80 columns.

2010-04-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix CDROM media change for QEMU when using -device syntax
	Disk devices in QEMU have two parts, the guest device and the host
	backend driver. Historically these two parts have had the same
	"unique" name. With the switch to using -device though, they now
	have separate names. Thus when changing CDROM media, for guests
	using -device syntax, we need to prepend the QEMU_DRIVE_HOST_PREFIX
	constant
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Add helper function
	  qemuDeviceDriveHostAlias() for building a host backend alias
	* src/qemu/qemu_driver.c: Use qemuDeviceDriveHostAlias() to determine
	  the host backend alias for performing eject/change commands in the
	  monitor

	Update QEMU device_add command in JSON mode
	The device_add command was added in JSON mode in a way I didn't
	expect. Instead of passing the normal device string to the JSON
	command:
	    { "execute": "device_add", "arguments": { "device": "ne2k_pci,id=nic.1,netdev=net.1" } }
	We need to split up the device string into a full JSON object
	    { "execute": "device_add", "arguments": { "driver": "ne2k_pci", "id": "nic.1", "netdev": "net.1" } }
	* src/qemu/qemu_conf.h, src/qemu/qemu_conf.c: Rename the
	  qemuCommandLineParseKeywords method to qemuParseKeywords
	  and export it to monitor
	* src/qemu/qemu_monitor_json.c: Split up device string into
	  a JSON object for device_add command

	Rename parameter in qemuMonitorDeviceDel
	The parameter for the qemuMonitorDeviceDel() is a device alias,
	not a device config string. Rename the parameter reflect this
	and avoid confusion to readers.
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Rename devicestr to devalias in qemuMonitorDeviceDel()

	Remove code from JSON monitor for commands that won't be ported
	The QEMU developers have stated that they will not be porting
	the commands 'pci_add', 'pci_del', 'usb_add', 'usb_del' to the
	JSON mode monitor, since they're obsoleted by 'device_add'
	and 'device_del'. libvirt has (untested) code that would have
	supported those commands in theory, but since we already use
	device_add/del where available, there's no need to keep the
	legacy stuff anymore.
	The text mode monitor keeps support for all commands for sake
	of historical compatability.
	* src/qemu/qemu_monitor_json.c: Remove 'pci_add', 'pci_del',
	  'usb_add', 'usb_del' commands

	Run test suite as part of RPM build process
	To ensure that patches in the RPM don't break any functionality
	it is neccessary to run the test suites during build. It currently
	has 3 tests disabled
	 - daemon-conf: this is totally broken, since it relies on
	   being able to resolve the 'libvirt' group & being able to
	   resolve hostnames at daemon startup. This isn't possible
	   in a mock build root
	 - seclabeltest: fails to initialize selinux in the mock
	   build root. Possibly fixable
	 - nodeinfotest: broken on s390 + ppc - this is a real bug
	* libvirt.spec.in: Add a %check section, with 3 tests
	   temporarily disabled

	Fix QEMU memory stats JSON mode
	The QEMU driver is mistakenly calling directly into the text
	mode monitor for the domain memory stats query.
	* src/qemu/qemu_driver.c: Replace qemuMonitorTextGetMemoryStats with
	  qemuMonitorGetMemoryStats
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add the new
	  wrapper for qemuMonitorGetMemoryStats
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h: Add
	  qemuMonitorJSONGetMemoryStats implementation

	Fix QEMU command building errors to reflect unsupported configuration
	Instead of reporting VIR_ERR_INTERNAL_ERROR use the more specific
	VIR_ERR_CONFIG_UNSUPPORTED
	* src/qemu/qemu_conf.c: Report VIR_ERR_CONFIG_UNSUPPORTED for
	  unsupported video adapters

2010-04-15  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: fix tear down order and consolidate functions
	To avoid race-conditions, the tear down of a filter has to happen before
	the tap interface disappears and another tap interface with the same
	name can re-appear. This patch tries to fix this. In one place, where
	communication with the qemu monitor may fail, I am only tearing the
	filters down after knowing that the function did not fail.
	I am also moving the tear down functions into an include file for other
	drivers to reuse.

	Trivial fix: Add braces to for statement to avoid crashes
	I am adding braces around the for statement that are now needed to due the
	new sa_assert immediately following the for statement.

2010-04-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix close_used_without_including_unistd_h error
	Triggered by gnulib when compiling with MinGW.

	Fix apibuild.py warnings about missing ':'

2010-04-14  David Allan  <dallan@redhat.com>

	Implement variable length structure allocator
	* This patch implements a memory allocator to obtain memory for
	  structures whose last member is a variable length array.  C99 refers
	  to these variable length objects as structs containing flexible
	  array members.
	* Fixed macro parentheses per Eric Blake

2010-04-15  Jim Meyering  <meyering@redhat.com>

	qemudDomainAttachSCSIDisk: avoid FP NULL-ptr-deref from clang
	* src/util/conf.c (virConfParseValue): Add an sa_assert.

	xend_internal.c: assure clang that we do not dereference NULL
	* src/xen/xend_internal.c (xend_parse_sexp_desc_char): Add three
	uses of sa_assert, each preceding a strchr(value,... to assure
	clang that "value" is non-NULL.

	qemudDomainAttachSCSIDisk: avoid FP NULL-ptr-deref from clang
	* src/qemu/qemu_driver.c (qemudDomainAttachSCSIDisk):
	Initialize "cont" to NULL, so clang knows it's set.
	Add an sa_assert so it knows it's non-NULL when dereferenced.

	virGetHostnameLocalhost: avoid FP NULL-ptr-deref from clang
	* src/util/util.c (virGetHostnameLocalhost): Add an sa_assert
	to tell clang it's ok to dereference "info" after a non-failing
	getaddrinfo call.

	nwfilter_ebiptables_driver.c: avoid NULL dereference
	* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesApplyNewRules):
	Don't dereference a NULL or uninitialized pointer when given
	an empty list of rules.  Add an sa_assert(inst) in each loop to
	tell clang that the uses of "inst[i]" are valid.

	build: set STATIC_ANALYSIS when running via clang or coverity
	* configure.ac (STATIC_ANALYSIS): Define when run via clang's
	scan-build or coverity-prevent's cov-build.
	Use the CLANG_CC and COVERITY_BUILD_COMMAND envvars as witnesses.

	sa_assert: assert-like macro, enabled only for use with static analyzers
	Among some here, there is a strong aversion to the use of "assert", yet
	some others think it is essential (when applied judiciously) even --
	perhaps "especially" -- at the heart of libraries and core hypervisor-
	related code.
	Here is a compromise that lets us make assertions about the code (e.g.,
	to tell static analyzers about invariants) without even a hint of risk
	of an abort.
	* src/internal.h [STATIC_ANALYSIS]: Include <assert.h>.
	(sa_assert): Define.  A no-op most of the time, but equivalent
	to classical assert when STATIC_ANALYSIS is nonzero.

2010-04-15  Eric Blake  <eblake@redhat.com>

	build: fix recent 'make syntax-check' failure
	* src/esx/esx_vi_methods.h: Placate cppi.

	virt-aa-helper-test: avoid non-portable echo -n
	* tests/virt-aa-helper-test (testme): Use printf instead.

2010-04-14  Jim Meyering  <meyering@redhat.com>

	schematestutils.sh: improve shell portability: avoid "echo -e"
	* tests/schematestutils.sh: Use printf rather than echo -e.

	virStorageBackendFileSystemMount: prefer strdup over virAsprintf
	* src/storage/storage_backend_fs.c (virStorageBackendFileSystemMount):
	Use virAsprintf only when needed.  In this case, strdup works fine.

	virStorageBackendFileSystemMount: placate clang
	* src/storage/storage_backend_fs.c (virStorageBackendFileSystemMount):
	Clang was not smart enough, and mistakenly reported that "options"
	could be used uninitialized.  Initialize it.

2010-04-14  Laine Stump  <laine@laine.org>

	Implement forgotten backend of virInterfaceIsActive()
	Somehow the backend of this function was never implemented in
	libvirt's netcf driver, and nobody noticed until now. (The required
	netcf function was already in place, so nothing needs to change
	there.)
	* src/interface/netcf_driver.c: add in the backend function, and point
	                                to it from the table of driver functions.

2010-04-14  Jim Meyering  <meyering@redhat.com>

	openvzGetProcessInfo: address clang-detected low-probability flaw
	* src/openvz/openvz_driver.c (openvzGetProcessInfo): Reorganize
	so that unexpected /proc/vz/vestat content cannot make us use
	uninitialized variables.  Without this change, an input line with
	a matching "readvps", but fewer than 4 numbers would result in our
	using at least "systime" uninitialized.

	vshCommandRun: avoid used-uninitialized timing-related report from clang
	* tools/virsh.c (vshCommandRun): Test only the initial value of
	ctl->timing, so that static analyzers don't have to consider that
	it might be changed by cmd->def->handler.

2010-04-14  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: use virFindFileInPath for needed CLI tools
	I am getting rid of determining the path to necessary CLI tools at
	compile time. Instead, now the firewall driver has an initialization
	function that uses virFindFileInPath() to determine the path to
	necessary CLI tools and a shutdown function to free allocated memory.
	The rest of the patch mostly deals with availability of the CLI tools
	and to not call certain code blocks if a tool is not available and that
	strings now have to be built slightly differently.

2010-04-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Extend esx_vi_generator.py to cover methods too
	Generate almost all SOAP method mapping code.
	Update the driver code to use the complete paramater list of some methods
	that had parameters skipped before.
	Improve the ESX_VI__METHOD marco to do automatic output deserialization
	based on output occurrence. Also incorporate automatic _this binding and
	output pointer check.

2010-04-14  Jim Meyering  <meyering@redhat.com>

	esxVMX_GatherSCSIControllers: avoid NULL dereference
	* src/esx/esx_vmx.c (esxVMX_GatherSCSIControllers): Do not dereference
	a NULL disk->driverName.  We already detect this condition in another
	case.  Check for it here, too.

2010-04-14  Chris Lalancette  <clalance@redhat.com>

	Fix build of openvz on RHEL-5.
	When building libvirt on RHEL-5, I saw this error:
	cc1: warnings being treated as errors
	openvz/openvz_conf.c: In function 'openvzGetVPSUUID':
	openvz/openvz_conf.c:835: warning: 'saveptr' may be used uninitialized in this function
	make[3]: *** [libvirt_driver_openvz_la-openvz_conf.lo] Error 1
	gcc in RHEL-5 gets upset about this usage of strtok_r (even though
	it is perfectly valid).  Just set *saveptr to NULL at the
	start to quiet it down.

	Fix up formatting of remote protocol stuff.

	Fix messsage -> message.

	Fix up a debug typo.

	Remove some debugging leftovers.

2010-04-13  Stefan Berger  <stefanb@us.ibm.com>

	Consolidate interface related functions in interface.c
	Changes from v1 to v2:
	- changed function name prefixes to 'iface' from previous 'Iface'
	- Further to make make syntax-check pass:
	 - indentation fix in interface.h
	 - added entry to POTFILES.in
	I am consolidating network interface related functions used in nwfilter
	and macvtap code in utils/interface.c. All function names are prefixed
	with 'Iface'. The following functions are now available through
	interface.h:
	int ifaceCtrl(const char *name, bool up);
	int ifaceUp(const char *name);
	int ifaceDown(const char *name);
	int ifaceCheck(bool reportError, const char *ifname,
	               const unsigned char *macaddr, int ifindex);
	int ifaceGetIndex(bool reportError, const char *ifname, int *ifindex);
	I added 'int ifindex' as parameter to ifaceCheck to the original
	function and modified the code accordingly.

2010-04-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix nodeinfotest on NUMA machines
	The nodeinfotest was reliant on the host NUMA topology, but all
	the test data files assumed 1 single NUMA node. This test thus
	failed on any NUMA machine with > 1 node
	* tests/nodeinfotest.c: Hardcode 1 single numa node

2010-04-13  Eric Blake  <eblake@redhat.com>

	build: include usleep gnulib module
	Without this module, attempts to sleep for 1 or more seconds
	on mingw instead become a no-delay no-op.
	* bootstrap.conf (gnulib_modules): Add usleep.

2010-04-13  Daniel Berteaud  <daniel@firewall-services.com>

	Fix spec file for builds without lxc
	* libvirt.spec.in: fix a cut and paste error

2010-04-13  Eric Blake  <eblake@redhat.com>

	build: fix syntax-check problems
	* .x-sc_prohibit_gettext_noop: Add new exemption.
	* .x-sc_prohibit_test_minus_ao: Likewise.
	* Makefile.am (EXTRA_DIST): Distribute new files.
	* .gitignore: Ignore built file.

2010-04-13  Stefan Berger  <stefanb@us.ibm.com>

	add nwfilter functions to virsh man page
	With Eric Blake's spelling corrections applied.
	Unfortunately after the 0.8.0 release, but here's a beginning of the
	documentation of the nwfilter functionality.

2010-04-13  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.0
	* configure.ac docs/news.html.in libvirt.spec.in src/libvirt_public.syms:
	  updates for release of 0.8.0
	* po/*.po po/libvirt.pot: updated a lar set of localizations, and merge
	  the messages

	Add documentation for synchronous hooks
	* docs/sitemap.html.in: add in navigation under
	  Documentation/Deployment/Hooks
	* docs/hooks.html.in: new doc describing current support for 0.8.0

2010-04-12  Chris Lalancette  <clalance@redhat.com>

	Rename virsh "revert-to-snapshot" to "snapshot-revert"

2010-04-12  Luiz Capitulino  <lcapitulino@redhat.com>

	Small fixes to virsh man page
	* tools/virsh.pod: add two missing 's' and section about 'dominfo' is
	  duplicated

2010-04-12  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Fix memory leak on daemon init and shutdown
	This patch fixes a memory leak on daemon init and shutdown. The module
	was initialized twice and not shut down.

2010-04-10  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Process DHCP option to determine whether packet is a DHCP_OFFER
	I mistakenly took the op field in the DHCP message as the DHCP_OFFER
	type. Rather than basing the decision to read the VM's IP address on
	that field, process the appended DHCP options where option 53 indicates
	the actual type of the packet. I am also reading the broadcast address
	of the VM, but don't use it so far.

2010-04-09  David Allan  <dallan@redhat.com>

	Add enospace option to qemu disk error policy
	* Dan Kenigsberg requested explicit support for the qemu default disk error policy which is enospace

2010-04-09  Daniel P. Berrange  <berrange@redhat.com>

	More event callback fixes
	In a couple of cases typos meant we were firing the wrong type
	of event. In the python code my previous commit accidentally
	missed some chunks of the code.
	* python/libvirt-override-virConnect.py: Add missing python glue
	  accidentally left out of previous commit
	* src/conf/domain_event.c, src/qemu/qemu_monitor_json.c: Fix typos
	  in event name / method name to invoke

2010-04-09  Stefan Berger  <stefanb@us.ibm.com>

	Undoing 2nd application of the patch...

	Fix error in nwfilter test driver
	Trivial fix for the c&p error in the nwfilter test driver.

	Fix error in nwfilter test driver
	Trivial fix for the c&p error in the nwfilter test driver.

2010-04-09  Daniel Veillard  <veillard@redhat.com>

	Fix some cppi prepocessor indentation issues
	* src/conf/nwfilter_conf.c src/util/hooks.c: added spaces to avoid
	  "make syntax-check" failures

2010-04-09  Ryan Harper  <ryanh@us.ibm.com>

	qemu: catch cdrom change error
	Currently when we attempt to change the cdrom in a qemu VM the monitor
	doesn't generate an error if the target filename doesn't exist.  I've
	submitted a patch[1] for this.  This patch is the libvirt qemu-driver
	side which catches the error message from the monitor and reportes the
	error to libvirt.  This means that virsh attach-disk cdrom commands
	won't appear to succeed when qemu change command actually failed.
	* src/qemu/qemu_monitor_text.c: in qemuMonitorTextChangeMedia() look
	  for failure to access the new data

2010-04-09  redshift  <redshift@gmx.com>

	Avoid using multicast addresses for Ethernet MAC examples
	* docs/formatdomain.html.in: use '00:11:22:33:44:55' instead of
	  '11:22:33:44:55:66'

2010-04-09  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: More XML parser test cases
	This patch adds a couple more nwfilter test cases for the XML parser tests.

2010-04-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	Cleanup the msg_gen_function list in cfg.mk
	Remove symbols that don't exist anymore (e.g. ERROR0) or aren't
	message generating functions (e.g. VIR_FREE) or are now reported
	as unmarked because the grep command is different, but that should
	not be marked at all (e.g. DEBUG0).
	Also don't restrict one of the grep lines in the
	libvirt_unmarked_diagnostics rule to match exactly one space
	between function name and opening parenthesis.

	remote: Replace some virRaiseError with remoteError

	remote: Remove virConnectPtr from error/errorf
	Also unify error/errorf to remoteError and update cfg.mk accordingly.

	Remove undefined symbols from symbols file

	esx: Add domain snapshot support
	Fix invalid code generating in esx_vi_generator.py regarding deep copy
	types that contain enum properties.
	Add strptime and timegm to bootstrap.conf. Both are used to convert a
	xsd:dateTime to calendar time.
	Add a testcase of the xsd:dateTime conversion.

	Generate libvirt.def from libvirt.syms
	The MinGW linker needs the libvirt.def file.

2010-04-08  Jiri Denemark  <jdenemar@redhat.com>

	Fix unterminated B<...> in virsh man page

2010-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix up python bindings for new event callbacks
	The generator was disabled for the new event callbacks, since they
	need to be hand written. This patch  adds the C and python glue to
	expose the new APIs in the python binding. The python example
	program is extended to demonstrate of the code
	* python/libvirt-override.c: Registration and dispatch of events
	   at the C layer
	* python/libvirt-override-virConnect.py: Python glue for events
	* examples/domain-events/events-python/event-test.py: Demo use
	  of new event callbacks

	Add missing nwfilter_learnipaddr.c to POTFILES.in
	* po/POTFILES.in: Add src/nwfilter/nwfilter_learnipaddr.c

	Fix Win32 portability problems
	The network filter / snapshot / hooks code introduced some
	non-portable pices that broke the win32 build
	* configure.ac: Check for net/ethernet.h required by nwfile config
	   parsing code
	* src/conf/nwfilter_conf.c: Define ethernet protocol  constants
	  if net/ethernet.h is missing
	* src/util/hooks.c: Disable hooks build on Win32 since it lacks
	  fork/exec/pipe
	* src/util/threads-win32.c: Fix unchecked return value
	* tools/virsh.c: Disable SIGPIPE on Win32 since it doesn't exist.
	  Fix non-portable strftime() formats

2010-04-08  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: fix for directionality of ICMP traffic
	Changes from V1 to V2 of this patch
	- I had reversed the logic thinking that icmp type 0 is a echo
	request,but it's reply -- needed to reverse the logic
	- Found that ebtables takes the --ip-tos argument only as a hex number
	This patch enables the skipping of some of the ICMP traffic rules on the
	iptables level under certain circumstances so that the following filter
	properly enables unidirectional pings:
	<filter name='testcase'>
	    <uuid>d6b1a2af-def6-2898-9f8d-4a74e3c39558</uuid>
	    <!-- allow incoming ICMP Echo Request -->
	    <rule action='accept' direction='in' priority='500'>
	        <icmp type='8'/>
	    </rule>
	    <!-- allow outgoing ICMP Echo Reply -->
	    <rule action='accept' direction='out' priority='500'>
	        <icmp type='0'/>
	    </rule>
	    <!-- drop all other ICMP traffic -->
	    <rule action='drop' direction='inout' priority='600'>
	        <icmp/>
	    </rule>
	</filter>

2010-04-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Allow 'lsisas1068' as SCSI controller type
	Extend tests to cover all SCSI controller types and document the
	new type.
	The lsisas1068 SCSI controller type was added in ESX 4.0. The VMX
	parser reports an error when this controller type is present. This
	makes virsh dumpxml fail for every domain that uses this controller
	type.
	This patch fixes this and adds lsisas1068 to the list of accepted
	SCSI controller types.
	Reported by Jonathan Kelley.

	esx: Report an error for invalid arguments in esxList(Defined)Domains

2010-04-08  Diego Elio Pettenò  <flameeyes@gmail.com>

	Avoid searching for windres when not building for Windows
	Just checking for a windres tool might hit even on Linux systems when
	building for Linux (e.g.: when using Gentoo and having built binutils
	with multitarget support), and will then fail to link properly at the
	end of the build.
	* configure.ac: Avoid searching for windres on non windows target

2010-04-08  Stefan Berger  <stefanb@us.ibm.com>

	Executable does not belong into repository.
	Removing the tests/nwfilterxml2xmltest executable that got in with a previous patch.

	nwfilter: Support for learning a VM's IP address
	This patch implements support for learning a VM's IP address. It uses
	the pcap library to listen on the VM's backend network interface (tap)
	or the physical ethernet device (macvtap) and tries to capture packets
	with source or destination MAC address of the VM and learn from DHCP
	Offers, ARP traffic, or first-sent IPv4 packet what the IP address of
	the VM's interface is. This then allows to instantiate the network
	traffic filtering rules without the user having to provide the IP
	parameter somewhere in the filter description or in the interface
	description as a parameter. This only supports to detect the parameter
	IP, which is for the assumed single IPv4 address of a VM. There is not
	support for interfaces that may have multiple  IP addresses (IP
	aliasing) or IPv6 that may then require more than one valid IP address
	to be detected. A VM can have multiple independent interfaces that each
	uses a different IP address and in that case it will be attempted to
	detect each one of the address independently.
	So, when for example an interface description in the domain XML has
	looked like this up to now:
	    <interface type='bridge'>
	      <source bridge='mybridge'/>
	      <model type='virtio'/>
	      <filterref filter='clean-traffic'>
	        <parameter name='IP' value='10.2.3.4'/>
	      </filterref>
	    </interface>
	you may omit the IP parameter:
	    <interface type='bridge'>
	      <source bridge='mybridge'/>
	      <model type='virtio'/>
	      <filterref filter='clean-traffic'/>
	    </interface>
	Internally I am walking the 'tree' of a VM's referenced network filters
	and determine with the given variables which variables are missing. Now,
	the above IP parameter may be missing and this causes a libvirt-internal
	thread to be started that uses the pcap library's API to listen to the
	backend interface  (in case of macvtap to the physical interface) in an
	attempt to determine the missing IP parameter. If the backend interface
	disappears the thread terminates assuming the VM was brought down. In
	case of a macvtap device a timeout is being used to wait for packets
	from the given VM (filtering by VM's interface MAC address). If the VM's
	macvtap device disappeared the thread also terminates. In all other
	cases it tries to determine the IP address of the VM and will then apply
	the rules late on the given interface, which would have happened
	immediately if the IP parameter had been explicitly given. In case an
	error happens while the firewall rules are applied, the VM's backend
	interface is 'down'ed preventing it to communicate. Reasons for failure
	for applying the network firewall rules may that an ebtables/iptables
	command failes or OOM errors. Essentially the same failure reasons may
	occur as when the firewall rules are applied immediately on VM start,
	except that due to the late application of the filtering rules the VM
	now is already running and cannot be hindered anymore from starting.
	Bringing down the whole VM would probably be considered too drastic.
	While a VM's IP address is attempted to be determined only limited
	updates to network filters are allowed. In particular it is prevented
	that filters are modified in such a way that they would introduce new
	variables.
	A caveat: The algorithm does not know which one is the appropriate IP
	address of a VM. If the VM spoofs an IP address in its first ARP traffic
	or IPv4 packets its filtering rules will be instantiated for this IP
	address, thus 'locking' it to the found IP address. So, it's still
	'safer' to explicitly provide the IP address of a VM's interface in the
	filter description if it is known beforehand.
	* configure.ac: detect libpcap
	* libvirt.spec.in: require libpcap[-devel] if qemu is built
	* src/internal.h: add the new ATTRIBUTE_PACKED define
	* src/Makefile.am src/libvirt_private.syms: add the new modules and symbols
	* src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added
	* src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch]
	  src/nwfilter/nwfilter_ebiptables_driver.[ch]
	  src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in
	* tests/nwfilterxml2xmltest: extend testing

2010-04-08  Jim Meyering  <meyering@redhat.com>

	xenXMDomainDefineXML: remove dead store and useless/leaky virGetDomain
	* src/xen/xm_internal.c (xenXMDomainDefineXML): Remove useless and
	leak-inducing call to virGetDomain, as well as decl of now-unused local.

	createRawFileOpHook: avoid dead stores
	* src/storage/storage_backend.c (createRawFileOpHook): Remove dead
	stores and declaration of each stored-to variable.

	qemudDomainGetSecurityLabel: avoid dead store to "type"
	* src/qemu/qemu_driver.c (qemudDomainGetSecurityLabel): Remove store
	and declaration.

2010-04-08  Jiri Denemark  <jdenemar@redhat.com>

	Fix CPU comparison for x86 arch
	When comparing a CPU to host CPU, the result would be
	VIR_CPU_COMPARE_SUPERSET (or even VIR_CPU_COMPARE_INCOMPATIBLE if strict
	match was required) even though the two CPUs were identical.

	Cleanup x86Compute()
	No change in semantics.

	Properly advertise cpuselection guest capability
	There's no sense in advertising cpuselection capability when host CPU
	is not properly detected and advertised in host capabilities.

	Don't ignore guest CPU selection when unsupported by HV
	When qemu libvirt driver doesn't support guest CPU selection with given
	qemu binary, guests requiring specific CPU should fail to start instead
	of being silently supplied with a default CPU.

	Document all options of virsh dumpxml

2010-04-08  Jim Meyering  <meyering@redhat.com>

	qemuDomainSnapshotLoad: avoid dead store
	* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Remove dead store
	into "snap", as well as its declaration.

2010-04-07  Eric Blake  <eblake@redhat.com>

	maint: s/initialis/initializ/
	git grep found 12 of the former but 100 of the latter in src/.
	* src/remote/remote_driver.c (initialise_gnutls): Rename...
	(initialize_gnutls): ...to this.
	(doRemoteOpen): Adjust caller.
	* src/xen/xen_driver.c (xenUnifiedOpen): Adjust output string.
	* src/util/network.c: Adjust comments.
	Suggested by Matthias Bolte.

2010-04-07  Jim Meyering  <meyering@redhat.com>

	domain_event.c: don't deref NULL on an OOM error path
	* src/conf/domain_event.c (virDomainEventGraphicsNewFromDom):
	Return NULL when handling out-of-memory error, rather than
	falling through with ev=NULL and then assigning to ev->member.
	(virDomainEventGraphicsNewFromObj): Likewise.

2010-04-07  Stefan Berger  <stefanb@us.ibm.com>

	nwfiler: fix due to non-symmetric src mac address match in iptables
	The attached patch fixes a problem due to the mac match in iptables only
	supporting --mac-source and no --mac-destination, thus it not being
	symmetric. Therefore a rule like this one
	<rule action='drop' direction='out'>
	  <all match='no' srcmacaddr='$MAC'/>
	</rule>
	should only have the MAC match on traffic leaving the VM and not test
	for the same source MAC address on traffic that the VM receives.

2010-04-07  Jim Meyering  <meyering@redhat.com>

	qemu_driver.c: don't close an arbitrary file descriptor
	* src/qemu/qemu_driver.c (qemudStartVMDaemon): Initialize "logfile"
	to ensure that we don't use it uninitialized -- thus closing an
	arbitrary file descriptor -- in the cleanup block.

2010-04-07  Daniel Veillard  <veillard@redhat.com>

	Fix a typo in comment

2010-04-07  Jamie Strandboge  <jamie@ubuntu.com>

	Update of the apparmore regression tests
	* tests/virt-aa-helper-test: test augmented with hostdev and sdl display
	  checks

	Improve the apparmor example
	* examples/apparmor/libvirt-qemu examples/apparmor/usr.sbin.libvirtd
	  examples/apparmor/usr.lib.libvirt.virt-aa-helper: Update the examples

	Improve virt-aa-helper to handle SDL graphics and cleanups
	* src/security/virt-aa-helper.c: add support for SDL devices and 3
	  code cleanups

	Adjust virt-aa-helper to handle pci devices
	* src/security/virt-aa-helper.c: adjust virt-aa-helper to handle pci
	  devices. Update valid_path() to have an override array to check against,
	  and add "/sys/devices/pci" to it. Then rename file_iterate_cb() to
	  file_iterate_hostdev_cb() and create file_iterate_pci_cb() based on it

	Add backingstore support to apparmor
	adjust virt-aa-helper to handle backing store
	* src/security/virt-aa-helper.c: look for backing store metadata
	  for disk definitions.

	Add VIR_DOMAIN_XML_INACTIVE flag when parsing domain XML
	To avoid an error when hitting the <seclabel...> definition
	* src/security/virt-aa-helper.c: add VIR_DOMAIN_XML_INACTIVE flag
	  to virDomainDefParseString

	virt-aa-helper should not fail if profile was removed
	Don't exit with error if the user unloaded the profile outside of
	 libvirt
	* src/security/virt-aa-helper.c: check the exit error from apparmor_parser
	  before exiting with a failure

	Do nor clear caps when invoking virt-aa-helper
	The calls to virExec() in security_apparmor.c when
	invoking virt-aa-helper use VIR_EXEC_CLEAR_CAPS. When compiled without
	libcap-ng, this is not a problem (it's effectively a no-op) but with
	libcap-ng this causes MAC_ADMIN to be cleared. MAC_ADMIN is needed by
	virt-aa-helper to manipulate apparmor profiles and without it VMs will
	not start[1]. This patch calls virExec with the default VIR_EXEC_NONE
	instead.
	* src/security/security_apparmor.c: fallback to VIR_EXEC_NONE flags for
	  virExec of virt_aa_helper

2010-04-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix 'avialable' typo
	Reported by Paul Jenner

2010-04-07  Eric Blake  <eblake@redhat.com>

	build: avoid autogen on 'make clean'
	Tested by running 'git submodule foreach git pull origin master' and
	'git add .gnulib', then seeing that 'make clean' skips autogen
	although 'make' properly runs it.
	* cfg.mk (_clean_requested): New check, to speed up 'make clean'
	even if gnulib submodule is outdated.
	Suggested by Daniel P. Berrange.

2010-04-07  Stefan Berger  <stefanb@us.ibm.com>

	Fix for nwfilter: Add filter schema for nwfilter XML, extend domain XML schema
	Fixing the regular expressions for variables where the first letter must be a $.

2010-04-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	macvtap: Remove virConnectPtr from ReportError
	Also rename ReportError to macvtapError.

	phyp: Remove virConnectPtr from PHYP_ERROR

2010-04-07  Jim Meyering  <meyering@redhat.com>

	virterror.c: avoid erroneous case "fall-through"
	* src/util/virterror.c (virErrorMsg): Insert missing "break;"

2010-04-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Mark error messages for translation
	Also define ESX_ERROR and ESX_VI_ERROR in a central place, instead of
	defining them in each source file.
	Add ESX_ERROR and ESX_VI_ERROR to the msg_gen_function list in cfg.mk.
	Update po/POTFILES.in accordingly.

	vbox: Mark all error messages for translation
	Add vboxError to the msg_gen_function list in cfg.mk.

2010-04-06  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Add filter schema for nwfilter XML, extend domain XML schema
	This patch adds a relaxng nwfilter schema along with a test that
	verifies all the test output XML against the schema. The input XMLs
	contain a lot of intentional out-of-range values that make them fail the
	schema verification, so I am not verifying against those.

	nwfilter: Fix instantiated layer 2 rules for 'inout' direction
	With Eric Blake's suggestions applied.
	The following rule for direction 'in'
	<rule direction='in' action='drop'>
	  <mac srcmacaddr='1:2:3:4:5:6'/>
	</rule>
	drops all traffic from the given mac address.
	The following rule for direction 'out'
	<rule direction='out' action='drop'>
	  <mac dstmacaddr='1:2:3:4:5:6'/>
	</rule>
	drops all traffic to the given mac address.
	The following rule in direction 'inout'
	<rule direction='inout' action='drop'>
	  <mac srcmacaddr='1:2:3:4:5:6'/>
	</rule>
	now drops all traffic from and to the given MAC address.
	So far it would have dropped traffic from the given MAC address
	and outgoing traffic with the given source MAC address, which is not useful
	since the packets will always have the VM's MAC address as source
	MAC address. The attached patch fixes this.
	This is the last bug I currently know of and want to fix.

2010-04-06  Eric Blake  <eblake@redhat.com>

	virsh: improve documentation
	Document several missing commands.  There's more work that could be
	done, but incremental improvements is better than no patch at all.
	* tools/virsh.pod (autostart, connect): Improve grammar.
	(create): Improve example.
	(domjobabort, domjobinfo, domxml-from-native, domxml-to-native):
	Document.
	(storage pool commands): New section.

2010-04-06  Chris Lalancette  <clalance@redhat.com>

	Clarify an error message in setmem.

	Fix up comments for isEncrypted, isSecure, domainIsActive, and domainIsPersistent.

	Document snapshot virsh commands in the man page.

	Better error reporting in virsh.
	When hitting failures in virsh, a common idiom is
	to jump to a cleanup label, free some resources, and
	then return a FALSE error code to vshCommandRun.
	In theory, vshCommandRun is then supposed to print
	out the last error.  The problem is that many of
	the cleanup paths have library calls to free resources,
	and all of those library calls clear out the last error.
	This is leading to situations where no error is being
	reported at all.
	This patch remedies the situation somewhat by
	printing out the errors inside the command methods
	themselves when we know it will go through a cleanup
	path that will lose the error.

	Website documentation for the snapshot XML.

	Increase the number of available VNC ports.
	When starting up qemu VNC autoport guests, we were
	only looking through ports 5900 to 6000, meaning we
	were limited to 100 total clients.  Increase that
	limit to 65535 (the last available port), so we can
	have up to 59635 VNC autoport guests.

2010-04-06  Stefan Berger  <stefanb@us.ibm.com>

	This patch fixes some compilation issues for the RHEL5 build. I am also removing the IPV6 constant where it appears in the wrong place.

2010-04-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compiler warning about unused conn parameter
	This only affects builds without NUMA support.

	openvz: Remove virConnectPtr from openvzError
	Also remove unused enum values OPENVZ_WARN and OPENVZ_ERR.

	one: Remove virConnectPtr from oneError

	uml: Remove virConnectPtr from umlReportError

	Remove virConnectPtr from eventReportError

	Remove virConnectPtr from virLibConnError

	xen: Remove virConnectPtr from xenUnifiedError

	Remove virConnectPtr from nodeReportError

	netcf: Remove virConnectPtr from interfaceReportError

	xen: Remove virConnectPtr from virXenInotifyError

	xen: Remove virConnectPtr from virXenStoreError

	xen: Remove virConnectPtr from virXenError/virXenErrorFunc

	xen: Remove virConnectPtr from virXMError

	xen: Remove virConnectPtr from virXendError

	proxy: Remove virConnectPtr from virProxyError

	vbox: Remove virConnectPtr from vboxError

	test: Remove virConnectPtr from testError

	Remove unnecessary trailing \n in log messages

	Fix compiler warning about non-literal format string

2010-04-06  Stefan Berger  <stefanb@us.ibm.com>

	This patch removes the virConnectPtr parameter from all functions where it's not necessary starting out with removing it as a parameter to the error reporting function.

2010-04-05  Chris Lalancette  <clalance@redhat.com>

	Snapshot virsh implementation.

2010-04-05  Jiri Denemark  <jdenemar@redhat.com>

	Snapshots for VBox

2010-04-05  Chris Lalancette  <clalance@redhat.com>

	Snapshot QEMU driver.

	Only assign newDef when we have a new def.
	While playing around with def/newDef with the qemu code,
	I noticed that newDef was *always* getting set to a value,
	even when I didn't redefine the domain.  I think the problem
	is the virDomainLoadConfig is always doing virDomainAssignDef
	regardless of whether the domain already exists in the hashtable.
	In turn, virDomainAssignDef is assigning the definition (which
	is actually a duplicate) to newDef.  Fix this so that newDef stays
	NULL until we actually have a new def.

	Snapshot internal methods.

	Snapshot API framework.

2010-04-05  David Allan  <dallan@redhat.com>

	Clarified error message
	* Since the file pattern matches RNG schemas as well as C sources, the error message should mention both.

2010-04-05  Laine Stump  <laine@laine.org>

	Eliminate compiler warning about non-const format string

2010-04-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	xenapi: Add managedsave entries to the driver struct
	Commit 15c647a91e8c5bcfcb02ac4e755160c5c99a2a1e added the new
	managedsave entries to all driver structs except the XenAPI one.

2010-04-04  Stefan Berger  <stefanb@us.ibm.com>

	Get rid of the regular expressions when evaluating variable names and values. Rather use the strspn() function. Along with this cleanup the initialization function for the code that used the regular expression can also be removed.

2010-04-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	nwfilter: Fix random index in virNWFilterRuleDefDetailsFormat
	An uninitialized int value was used to index an array. This can
	result in a segfault in nwfilterxml2xmltest.

	xenapi: Fix uninitialized variable warning

2010-04-04  Daniel Veillard  <veillard@redhat.com>

	Add a managedsave command to virsh
	This command implements the managed save operation
	* tools/virsh.c: new command
	* tools/virsh.pod: documentation

	Implement managed save operations for qemu driver
	The images are saved in /var/lib/libvirt/qemu/save/
	and named $domainname.save . The directory is created appropriately
	at daemon startup. When a domain is started while a saved image is
	available, libvirt will try to load this saved image, and start the
	domain as usual in case of failure. In any case the saved image is
	discarded once the domain is created.
	* src/qemu/qemu_conf.h: adds an extra save path to the driver config
	* src/qemu/qemu_driver.c: implement the 3 new operations and handling
	  of the image directory

	Implement remote protocol for managed save
	* src/remote/remote_protocol.x src/remote/remote_protocol.h
	  src/remote/remote_protocol.c src/remote/remote_driver.c: add the entry
	  points in the remote driver
	* daemon/remote.c daemon/remote_dispatch_args.h
	  daemon/remote_dispatch_prototypes.h daemon/remote_dispatch_table.h:
	  and implement the daemon counterpart

	Add managed save API entry points
	virDomainManagedSave() is to be run on a running domain. Once the call
	complete, as in virDomainSave() the domain is stopped upon completion,
	but there is no restore counterpart as any order to start the domain
	from the API would load the state from the managed file, similary if
	the domain is autostarted when libvirtd starts.
	Once a domain has restarted his managed save image is destroyed,
	basically managed save image can only exist for a stopped domain,
	for a running domain that would be by definition outdated data.
	* include/libvirt/libvirt.h.in src/libvirt.c src/libvirt_public.syms:
	  adds the new entry points virDomainManagedSave(),
	  virDomainHasManagedSaveImage() and virDomainManagedSaveRemove()
	* src/driver.h src/esx/esx_driver.c src/lxc/lxc_driver.c
	  src/opennebula/one_driver.c  src/openvz/openvz_driver.c
	  src/phyp/phyp_driver.c src/qemu/qemu_driver.c src/vbox/vbox_tmpl.c
	  src/remote/remote_driver.c src/test/test_driver.c src/uml/uml_driver.c
	  src/xen/xen_driver.c: add corresponding new internal drivers entry
	  points

2010-04-03  Eric Blake  <eblake@redhat.com>

	build: improve check for out-of-date .gnulib submodule
	git reset --hard 96e5a2d4d5b13bf2cc887562dc11d146b78d5950
	./autogen.sh
	make -s
	git pull
	make -s    <-- expecting auto-bootstrap here, doesn't happen
	Use git diff to expose whether the submodule has untracked changes,
	which are typical on an incremental pull if .gnulib was updated but
	the user did not manually run 'git submodule update'.
	After this patch is applied, I encountered a new problem when
	following the reproducing pattern.  Basically, the change to .gnulib
	between libvirt's commit 96e5a2d4 and this patch introduced a change
	to sys_ioctl.in.h, but gnulib (intentionally) does not make the
	replacement headers depend on Makefile changes.  Therefore, I ended up
	with the generated replacement header being broken:
	gnulib/lib/sys/ioctl.h complained about a use of @.  But that seems
	like something that should be fixed upstream in gnulib's bootstrap
	script (that is, when doing a gnulib update, all files created from
	.in.h file should probably be deleted).  Without the benefit of that
	proposed gnulib fix, I worked around the problem by manually removing
	the stale gnulib/lib/sys/ioctl.h.
	* autogen.sh (t): Also run bootstrap if the gnulib submodule needs
	to be updated.
	* cfg.mk (_autogen): Likewise.
	Reported by Matthias Bolte.

2010-04-03  Stefan Berger  <stefanb@us.ibm.com>

	Use the virStrToLong_ui() function rather than the virStrToLong_i() where possible.

	The attached patch optimizes the validation of the name of an interface.

	This patch adds a couple of test cases for the XML parsing test suite covering various filterable protocols. For each test case an input XML and an output XML is provided checking the input XML after parsing and converting back into XML against the exepcted output XML.

	The following issues are fixed in the patch below:
	- ebtables requires that some of the command line parameters are passed as hex numbers; so have those attributes call a function that prints 16 and 8 bit integers as hex nunbers.
	- ip6tables requires '--icmpv6-type' rather than '--icmp-type'
	- ebtables complains about protocol identifiers lower than 0x600, so already discard anything lower than 0x600 in the parser
	- make the protocol entry types more readable using a #define for its entries
	- continue parsing a filtering rule even if a faulty entry is encountered; return an error value at the end and let the caller decide what to do with the rule's object
	- fix an error message

2010-04-03  Eric Blake  <eblake@redhat.com>

	build: import latest gnulib
	A lot of syntax check rules have to be rewritten, but the
	result is easier to maintain.  I tested each syntax rule
	by intentionally introducing a temporary violation of the rule.
	Additionally, some false positives for unmarked_diagnostics
	crept in, and an improved copyright_format test caught some bugs.
	* .gnulib: Update to latest.
	* cfg.mk (sc_prohibit_test_minus_ao): Delete, it was moved into
	gnulib's maint.mk.
	(sc_avoid_write, sc_prohibit_strcmp_and_strncmp)
	(sc_prohibit_asprintf, sc_prohibit_strncpy, sc_prohibit_readlink)
	(sc_prohibit_gethostname, sc_prohibit_gettext_noop)
	(sc_prohibit_VIR_ERR_NO_MEMORY, sc_prohibit_nonreentrant)
	(sc_prohibit_ctype_h, sc_TAB_in_indentation)
	(sc_avoid_ctype_macros)
	(sc_prohibit_virBufferAdd_with_string_literal)
	(sc_prohibit_gethostby, sc_copyright_format): Rewrite in terms of
	new maint.mk macros.
	(sc_libvirt_unmarked_diagnostics): Fix whitespace.
	* .x-sc_unmarked_diagnostics: New file.
	* tests/object-locking.ml: Fix copyright.
	* tools/virt-pki-validate.in: Likewise.
	* tools/virt-xml-validate.in: Likewise.

2010-04-02  Chris Lalancette  <clalance@redhat.com>

	Add a missing break statement to nwfilter errors.

	Make virDomainLoadConfig static.

2010-04-02  Jiri Denemark  <jdenemar@redhat.com>

	VBox: Fix use of uninitialized value

2010-04-02  Laine Stump  <laine@laine.org>

	Changes to clock timer XML to match final design.
	The clock timer XML is being updated in the following ways (based on
	further off-list discussion that was missed during the initial
	implementation):
	1) 'wallclock' is changed to 'track', and the possible values are 'boot'
	 (corresponds to old 'host'), 'guest', and 'wall'.
	2) 'mode' has an additional value 'smpsafe'
	3) when tickpolicy='catchup', there can be an optional sub-element of
	   timer called 'catchup':
	   <catchup threshold=123 slew=120 limit=10000/>
	Those three values are all longs, always optional, and if they are present,
	they are positive. Internally, 0 indicates "unspecified".
	* docs/schemas/domain.rng: updated RNG definition to account for changes
	* src/conf/domain_conf.h: change the C struct and enums to match changes.
	* src/conf/domain_conf.c: timer parse and format functions changed to
	                          handle the new selections and new element.
	* src/libvirt_private.syms: *TimerWallclock* changes to *TimerTrack*
	* src/qemu/qemu_conf.c: again, account for Wallclock --> Track change.

	Allow domain disk images on root-squash NFS to coexist with security driver.
	(suggested by Daniel Berrange, tested by Dan Kenigsberg)
	virStorageFileGetMetadata will fail for disk images that are stored on
	a root-squash NFS share that isn't world-readable.
	SELinuxSetSecurityImageLabel is called during the startup of every
	domain (as long as security_driver != "none"), and it will propogate
	the error from virStorageFileGetMetadata, causing the domain startup
	to fail. This is, however, a common scenario when qemu is run as a
	non-root user and the disk image is stored on NFS.
	Ignoring this failure (which doesn't matter in this case, since the
	next thing done by SELinuxSetSecurityImageLabel - setting the file
	context - will also fail (and that function already ignores failures
	due to root-squash NFS) will allow us to continue bringing up the
	domain. The result is that we don't need to disable the entire
	security driver just because a domain's disk image is stored on
	root-squashed NFS.

	Eliminate compile warnings in nwfilter error log calls

2010-04-02  Chris Lalancette  <clalance@redhat.com>

	Don't use virFileReadLimFD in qemuDomainRestore.
	virFileReadLimFD is a poor fit for reading the header
	of the restore file.  The problem is that virFileReadLimFD
	returns an error when there is more data after the amount
	you ask to read, but that is *expected* in this case.
	This patch is essentially a revert of
	1a4d5c9543641c444dccd682f6256ee3faf22a80, but I don't think
	that commit does what it says anyway.  It purports to prevent
	an unwarranted OOM error, but since virFileReadLimFD will
	allocate memory up to the maximum anyway, the upper limit
	on the total amount of memory allocated is the same for either
	the old version or the new version.  Since the old saferead
	actually works and virFileReadLimFD does not, revert to
	using saferead.

2010-04-01  Jim Fehlig  <jfehlig@novell.com>

	Only parse 'CPU XML' in virCPUDefParseXML()
	Received report of user crashing libvirtd with
	virsh capabilities > capabilities.xml
	virsh cpu-compare capabilities.xml
	While user has been informed about proper usage of cpu-compare,
	segfaulting libvirt should be avoided.
	Do not parse CPU definition in virCPUDefParseXML() if XML is not
	a 'cpu' node.

2010-04-01  Daniel P. Berrange  <berrange@redhat.com>

	Keep build quiet for generated file
	Adds $(AM_V_GEN) to many more manual makefile.am rules that
	were generating files

	Keep track of guest paused state after disk IO / watchdog events
	When a watchdog/IO error occurs, one of the possible actions that
	QEMU might take is to pause the guest. In this scenario libvirt
	needs to update its internal state for the VM, and emit a
	lifecycle event:
	  VIR_DOMAIN_EVENT_SUSPENDED
	with a detail being one of:
	  VIR_DOMAIN_EVENT_SUSPENDED_IOERROR
	  VIR_DOMAIN_EVENT_SUSPENDED_WATCHDOG
	To future proof against possible QEMU support for multiple monitor
	consoles, this patch also hooks into the 'STOPPED' event in QEMU
	and emits a generic VIR_DOMAIN_EVENT_SUSPENDED_PAUSED event
	* include/libvirt/libvirt.h.in: Add VIR_DOMAIN_EVENT_SUSPENDED_IOERROR
	* src/qemu/qemu_driver.c: Update VM state to paused when IO error
	  or watchdog events occurrs
	* src/qemu/qemu_monitor_json.c: Fix typo in disk IO event name

2010-04-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Replace sscanf in PCI device address parsing
	This also fixes a problem with MinGW's GCC on Windows. GCC complains
	about the L modifier being unknown.
	Parsing in pciIterDevices is stricter now and doesn't accept trailing
	characters after the actual <domain>:<bus>:<slot>.<function> sequence
	anymore.
	Parsing in pciWaitForDeviceCleanup is also stricter now and expects
	the <start>-<end> : <domain>:<bus>:<slot>.<function> sequence to be
	terminated by \n.
	Change domain from unsigned long long to unsigned int in
	pciWaitForDeviceCleanup, because everywhere else domain is handled as
	unsigned int too.

	xen: Use virStrToLong_i instead of sscanf for XenD port parsing
	Parsing is stricter now and doesn't accept trailing characters
	after the actual value anymore.

	xenapi: Use virStrToLong_i instead of sscanf for CPU map parsing
	Parsing is stricter now and doesn't accept trailing characters
	after the actual value anymore.

	openvz: Use strtok_r instead of sscanf for VPS UUID parsing
	Also free 2k stack space.

	xen: Use virParseMacAddr instead of sscanf
	This also fixes a bug in xenXMDomainConfigParse where uninitialized
	memory would be used as MAC address if sscanf fails.

	vbox: Replace atoi with virStrToLong_i
	Parsing is stricter now and doesn't accept trailing characters
	after the actual value or non-number strings anymore. atoi just
	returns 0 in case it cannot parse a number from the given string.
	Now an error is reported for such a string.

	cgroup: Replace sscanf with virStrToLong_ll
	The switch from %lli to %lld in virCgroupGetValueI64 is intended,
	as virCgroupGetValueU64 uses base 10 too, and virCgroupSetValueI64
	uses %lld to format the number to string.
	Parsing is stricter now and doesn't accept trailing characters
	after the actual value anymore.

	Refactor major.minor.micro version parsing into a function
	virParseVersionString uses virStrToLong_ui instead of sscanf.
	This also fixes a bug in the UML driver, that always returned 0
	as version number.
	Introduce STRSKIP to check if a string has a certain prefix and
	to skip this prefix.

	Replace sscanf in nwfilter rule parsing
	Parsing is stricter now and doesn't accept trailing characters
	after the actual value anymore.

	Replace sscanf in legacy device address parsing
	Parsing is stricter now and doesn't accept trailing characters
	after the actual <domain>:<bus>:<slot> sequence anymore.

2010-04-01  Stefan Berger  <stefanb@us.ibm.com>

	While writing a couple of test cases for the nwfilter's XML parser I found some cases where the output ended up not looking as expected. So the following changes are in the patch below:
	- if the protocol ID in the MAC header is an integer, just write it into
	the datastructure without trying to find a corresponding string for it
	and if none is found failing
	- when writing the protocol ID as string, simply write it as integer if
	no corresponding string can be found
	- same changes for arpOpcode parsing and printing
	- same changes for protocol ID in an IP packet
	- DSCP value needs to be written into the data structure
	- IP protocol version number is redundant at this level, so remove it
	- parse the protocol ID found inside an IP packet not only as string but
	also as uint8
	- arrange the display of the src and destination masks to be shown after
	the src and destination ip address respectively in the XML
	- the existing libvirt IP address parser accepts for example '25' as an
	IP address. I want this to be parsed as a CIDR type netmask. So try to
	parse it as an integer first (CIDR netmask) and if that doesn't work as
	a dotted IP address style netmask.
	- instantiation of rules with MAC masks didn't work because they weren't
	printed into a buffer, yet.

	ESX test case needs '/' in interface name
	To fix an ESX test case, valid interface names need '/' as valid letter.

2010-04-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix linker errors in proxy
	domain_conf.c:494: undefined reference to 'virNWFilterHashTableFree'
	domain_conf.c:5107: undefined reference to 'virNWFilterFormatParamAttributes'
	Add missing source to the proxy and disable XML parsing code in
	nwfilter_params.c for a proxy build.

2010-04-01  Eric Blake  <eblake@redhat.com>

	build: more fallout from test -a
	* cfg.mk (sc_prohibit_test_minus_ao): Also check for [.
	* docs/Makefile.am (%.html, html/index.html): Avoid non-portable
	test usage.
	* libvirt.spec.in (%post): Likewise.
	* tools/virt-pki-validate.in (servercert.pem): Likewise.
	* configure.ac (LOGNAME): Use test, not [, in files processed by
	autoconf.
	Detected by Matthias Bolte.

2010-04-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix apibuild.py warning about virNWFilterLookupByUUIDString
	The function name was written with capital I in the Filter part.

	website: Add archive link for libvirt-users list

2010-03-31  Eric Blake  <eblake@redhat.com>

	maint: remove redundant tests after virStrToLong
	virStrToLong* guarantees (via strtol) that the end pointer will be set
	to the point at which parsing stopped (even on failure, this point is
	the start of the input string).
	* src/esx/esx_driver.c (esxGetVersion): Remove pointless
	conditional.
	* src/qemu/qemu_conf.c (qemuParseCommandLinePCI)
	(qemuParseCommandLineUSB, qemuParseCommandLineSmp): Likewise.
	* src/qemu/qemu_monitor_text.c
	(qemuMonitorTextGetMigrationStatus): Likewise.

	maint: update AUTHORS
	* AUTHORS: Add recent contributors.

2010-03-31  Paolo Smiraglia  <paolo.smiraglia@gmail.com>

	virConnectGetLibVersion: Avoid error message on success.
	* src/libvirt.c (virConnectGetLibVersion): Don't emit error on
	success.

2010-03-31  Eric Blake  <eblake@redhat.com>

	virsh: add 'exit' as an alias for 'quit'
	Call me lazy: some shells use exit (e.g. sh), others use quit (e.g. ftp),
	but I never remember which.  So it's faster to write a patch to make
	virsh take both than it is to take a 50-50 guess, and get it wrong
	in half of my attempts.
	* tools/virsh.c (commands): Add 'exit'.
	* tools/virsh.pod: Document it.

2010-03-31  Jim Meyering  <meyering@redhat.com>

	maint: fix cpp indentation syntax-check failure
	* src/esx/esx_vi_types.h: Filter through cppi.

	maint: mark xenapiSessionErrorHandler messages for translation
	* cfg.mk (msg_gen_function): Add xenapiSessionErrorHandler.
	* po/POTFILES.in: Add src/xenapi/xenapi_driver.c
	* src/xenapi/xenapi_driver.c: Mark strings for translation.
	* src/xenapi/xenapi_utils.c (xenapiUtil_ParseQuery):

2010-03-31  Stefan Berger  <stefanb@us.ibm.com>

	Blank out invalid interface names with escaped letters etc.
	Check that interface names only contain valid characters. Blank them out
	otherwise.
	Valid characters in this code are currently a-z,A-Z,0-9, '-' and '_'.

2010-03-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add virt-aa-helper and secaatest to .gitignore

	esx: Remove redundant semicolons

	esx: Generate most SOAP mapping and improve inheritance handling
	The Python script generates the mappings based on the type descriptions
	in the esx_vi_generator.input file.
	This also improves the inheritance handling and allows to get rid of the
	ugly, inflexible, and error prone _base/_super approach. Now every struct
	that represents a SOAP type contains a _type member, that allows to
	recreate C++-like dynamic dispatch for "method" calls in C.

2010-03-31  Daniel Veillard  <veillard@redhat.com>

	Distribute nwfilter xml files and add them to rpm
	* examples/xml/nwfilter/Makefile.am: add all xml to the distribution
	* libvirt.spec.in: reference them from the rpm spec file to have them
	  available in the main libvirt package

	Make sure nwfilter headers are part of distribution
	* src/Makefile.am: adds a few missing header files in the associated
	  file variables, it's needed otherwise the missing headers breaks
	  compilation from a distribution tarball

2010-03-31  Eric Blake  <eblake@redhat.com>

	maint: show which compiler warning triggered
	* acinclude.m4 (LIBVIRT_COMPILE_WARNINGS): Add
	-fdiagnostics-show-option.

	build: automate the rerun of autogen.sh
	Automate the reuse of autogen.sh, rather than just erroring out.
	* cfg.mk (_update_required): Run autogen.sh, rather than just
	warning about it.
	(_autogen): New target.

2010-03-30  Stefan Berger  <stefanb@us.ibm.com>

	A cosmetic change that makes the entries in the int-2-string maps look more readable. Add some missing entries: ipv6 and icmpv6.

	Use libvirt's existing ipv6/ipv4 parser/printer rather than self-written ones
	This patch changes the network filtering code to use libvirt's existing
	IPv4 and IPv6 address parsers/printers rather than my self-written ones.
	I am introducing a new function in network.c that counts the number of
	bits in a netmask and ensures that the given address is indeed a netmask,
	return -1 on error or values of 0-32 for IPv4 addresses and 0-128 for
	IPv6 addresses. I then based the function checking for valid netmask
	on invoking this function.

	Add ip6tables support for IPv6 filtering
	This patch adds IPv6 filtering support for the following protocols:
	- tcp-ipv6
	- udp-ipv6
	- udplite-ipv6
	- esp-ipv6
	- ah-ipv6
	- sctp-ipv6
	- all-ipv6
	- icmpv6
	Many of the IPv4 data structure could be re-used for IPv6 support.
	Since ip6tables also supports pretty much the same command line parameters
	as iptables does, also much of the code could be re-used and now
	command lines are invoked with the ip(6)tables tool parameter passed
	through the functions as a parameter.

	Remove driver dependency from nwfilter_conf.c
	This patch removes the driver dependency from nwfilter_conf.c and moves
	a callback function calling into the driver into
	nwfilter_gentech_driver.c and passes a pointer to that callback function
	upon initialization of nwfilter_conf.c.

	Add support for so-far missing protocols for iptables filtering
	This patch adds filtering support for the so-far missing protocols 'ah',
	'esp' and 'udplite'.

2010-03-30  Daniel Veillard  <veillard@redhat.com>

	Fix daemon hook script initialization
	* daemon/libvirtd.c: we should error out only if virHookInitialize()
	  return value is negative

2010-03-30  Laine Stump  <laine@laine.org>

	Implement the qemu-kvm backend of clock timer elements
	Since the timers are defined to cover all possible config cases for
	several different hypervisors, many of these possibilities generate an
	error on qemu. Here is what is currently supported:
	RTC: If the -rtc commandline option is available, allow setting
	"clock=host"
	     or "clock=vm" based on the rtc timer clock='host|guest' value. Also
	     add "driftfix=slew" if the tickpolicy is 'catchup', or add nothing
	if
	     tickpolicy is 'delay'. (Other tickpolicies will raise an error).
	     If -rtc isn't available, but -rtc-td-hack is, add that option
	     if the tickpolicy is 'catchup', add -rtc-td-hack, if it is 'delay'
	     add nothing, and if it's anything else, raise an error.
	PIT: If -no-kvm-pit-reinjection is available, and tickpolicy is
	     'delay', add that option. if tickpolicy is 'catchup', do
	     nothing. Anything else --> raise an error.
	     If -no-kvm-pit-reinjection *isn't* available, but -tdf is, when
	     tickpolicy is 'catchup' add -tdf. If it's 'delay', do
	     nothing. Anything else --> raise an error.
	     If neither of those commandline options is available, and
	     tickpolicy is anything other than 'delay' (or unspecified), raise
	     an error.
	HPET: If -no-hpet flag is available and present='no', add -no-hpet.
	      If -no-hpet is not available, and present='yes', raise an error.
	      If present is unspecified, the default is to do whatever this
	      particular qemu does by default, so don't raise an error.
	All other timer types are unsupported by QEMU, so they will raise an
	error.
	* src/qemu/qemu_conf.c: extend qemuBuildClockArgStr() to generate the
	  command line arguments for the new options

	Add flags to indicate presence of timekeeping-related qemu options
	* src/qemu/qemu_conf.h: define 4 new flags
	* src/qemu/qemu_conf.c: check the help text of qemu for presence of
	                        features indicated by each flag.
	* tests/qemuhelptest.c: add appropriate flags into the masks for each test

	Add timer element to domain schema
	timers are sub-elements of clocks. A clock can have zero or more
	instances of timer. Within the timer, only the name attribute is
	required; all other attributes are optional.
	A simpler representation of a timer element is:
	  <timer name='platform|pit|rtc|hpet|tsc'
	         wallclock='host|guest'
	         tickpolicy='delay|catchup|merge|discard'
	         frequency='123'
	         mode='auto|native|emulate|paravirt'
	         present='yes|no'/>
	frequency is a ulong. All other attributes are simple enums.

	Implement XML parser/formatter for "timer" subelement of domain clock
	This extension is described in
	http://www.redhat.com/archives/libvir-list/2010-March/msg00304.html
	Currently all attributes are optional, except name.
	* src/conf/domain_conf.h: add data definition for virDomainTimerDef
	  and add a list of them to virDomainClockDef
	* src/conf/domain_conf.c: XML parser and formatter for a timer inside a clock
	* src/libvirt_private.syms: add new Timer enum helper functions to symbols

2010-03-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU cpu affinity at startup to include all threads
	The QEMU cpu affinity is used in NUMA scenarios to ensure that
	guest memory is allocated from a specific node. Normally memory
	is allocate on demand in vCPU threads, but when using hugepages
	the initial thread leader allocates memory upfront. libvirt was
	not setting affinity of the thread leader, or I/O threads. This
	patch changes the code to set the process affinity in between
	the fork()/exec() of QEMU. This ensures that every single QEMU
	thread gets the affinity
	* src/qemu/qemu_driver.c: Set affinity on entire QEMU process
	  at startup

2010-03-30  Daniel Veillard  <veillard@redhat.com>

	Updating the commiters list
	Laine Stump, Stefan Berger, Eric Blake now have commit rights !

2010-03-30  Eric Blake  <eblake@redhat.com>

	virsh: support VISUAL, and allow metacharacters in EDITOR
	Common Unix practice is to prefer VISUAL over EDITOR, particularly if
	the editor of choice spawns a new window.  Thus, it is also common to
	see settings like EDITOR='emacs -nw', with the expectation that the
	shell will parse this as an argument to 'emacs' and not try to invoke
	a file containing a space.
	If a user puts junk in EDITOR, they deserve what they get (much more
	than virsh will misbehave); furthermore, sudo scrubs EDITOR by
	default.  So the blind use of metacharacters in EDITOR should not be
	considered too much of a security issue.
	* tools/virsh.c (editFile): Prefer VISUAL over EDITOR.  Don't
	reject shell metacharacters in EDITOR.
	* tools/virsh.pod (edit, net-edit, ENVIRONMENT): Document VISUAL.
	Fixes https://bugzilla.redhat.com/show_bug.cgi?id=487738.

	virsh: improve man page
	* tools/virsh.pod: (DESCRIPTION): Improve grammar.  Mention other drivers.
	(ENVIRONMENT): Document EDITOR.
	(COPYRIGHT): Bump.

2010-03-30  Stefan Berger  <stefanb@us.ibm.com>

	Add dummy nwfilter driver to test driver
	This patch adds a dummy nwfilter driver to the test driver so that the
	int-overflow test passes without modifications.

	Fix "make check" run requesting authentication
	This patch fixes the 'make check' runs for me which, under certain
	circumstances and login configurations, did invoke popups requesting
	authentication. I removed the parameter conn from being passed into the
	error reporting function.
	* src/conf/nwfilter_conf.h src/conf/nwfilter_conf.c: remove conn from
	  error reporting parameters.

2010-03-30  Daniel Veillard  <veillard@redhat.com>

	Fix a merge error leftover

	Add script hook support to the LXC driver
	Right now this implements only 2 basic hooks:
	- before the lxc control process is being launched
	- after the lxc control process is terminated
	the XML description of the domain is passed to the hook script stdin
	/etc/libvirt/hook/lxc
	* src/lxc/lxc_driver.c: implement synchronous script hooks for LXC
	  at domain startup and end

	Add script hook support to the QEmu driver
	Right now this implements only 2 basic hooks:
	- before the qemu process is being launched
	- after the qemu process is terminated
	the XML description of the domain is passed to the hook script stdin
	/etc/libvirt/hook/qemu
	* src/qemu/qemu_driver.c: implement synchronous script hooks for QEmu
	  at domain startup and end

	Add the script hook support to the libvirt daemon
	It supports 3 kind of probing times, at daemon startup, when the
	daemon reloads its drivers on SIGHUP and when the daemon exits
	* daemon/libvirtd.c: daemon hooks for startup, reload and exit

	Add hook utilities
	This exports 3 basic routines:
	  - virHookInitialize() initializing the hook support by looking for
	    scripts availability
	  - virHookPresent() used to test if there is a hook for a given driver
	  - virHookCall() which actually calls a synchronous script hook with
	    the needed parameters
	Note that this doesn't expose any public API except for the locations
	and arguments passed to the scripts
	* src/Makefile.am: add the 2 new files
	* src/util/hooks.h src/util/hooks.c: implements the 3 functions
	* src/libvirt_private.syms: export the 3 symbols internally
	* po/POTFILES.in: add src/util/hooks.c to translatables modules

	Add an error module and message for the hooks subsystem
	* include/libvirt/virterror.h: add VIR_FROM_HOOK and VIR_ERR_HOOK_SCRIPT_FAILED
	* src/util/virterror.c: associated strings

	Export virPipeReadUntilEOF internally
	used to read the data from virExec stdout/err file descriptors
	* src/util/util.c src/util/util.h: not static anymore and export it
	* src/libvirt_private.syms: allow access internally

2010-03-27  Jiri Denemark  <jdenemar@redhat.com>

	Introduce UPDATE_CPU flag for virDomainGetXMLDesc
	This flag is used in migration prepare step to send updated XML
	definition of a guest.
	Also ``virsh dumpxml --update-cpu [--inactive] guest'' command can be
	used to see the updated CPU requirements.

	Helper function for making a copy of virCPUDefPtr

	cpuUpdate() for updating guest CPU according to host CPU
	Useful mainly for migration. cpuUpdate changes guest CPU requirements in
	the following way:
	- match == "strict" || match == "exact"
	    - optional features which are supported by host CPU are changed into
	      required features
	    - optional features which are not supported by host CPU are disabled
	    - all other features remain untouched
	- match == "minimum"
	    - match is changed into "exact"
	    - optional features and all features not mentioned in guest CPU
	      specification which are supported by host CPU become required
	      features
	    - other optional features are disabled
	    - all other features remain untouched
	This ensures that no feature will suddenly disappear from the guest
	after migration.

	Don't replace persistent domain config with migrated config
	When a domain is defined on host1, migrated to host2 and then migrated
	back to host1, its current configuration would overwrite the libvirtd's
	in-memory copy of persistent configuration of that domain. This is not
	desired as we want to preserve the persistent configuration untouched.
	This patch introduces new 'live' parameter to virDomainAssignDef.
	Passing 'true' for 'live' means the configuration passed to
	virDomainAssignDef describes a configuration of live instance of the
	domain. This applies for saved domains which are being restored or for
	incoming domains during migration.
	All callers have been changed to pass the appropriate value.

2010-03-27  Jim Meyering  <meyering@redhat.com>

	filter new files through cppi, so syntax-check passes once again
	* src/conf/nwfilter_conf.h: Indent cpp directives.
	* src/conf/nwfilter_params.h: Likewise.
	* src/datatypes.h: Likewise.
	* src/nwfilter/nwfilter_driver.h: Likewise.
	* src/nwfilter/nwfilter_ebiptables_driver.h: Likewise.
	* src/nwfilter/nwfilter_gentech_driver.h: Likewise.

2010-03-27  David Allan  <dallan@redhat.com>

	Add disk error policy to domain XML
	* Fixes per feedback from Dan and Daniel
	* Added test datafiles
	* Re-disabled JSON flags
	* Added code to print the error policy attribute when generating XML
	* Re-add empty tag

2010-03-27  Eric Blake  <eblake@redhat.com>

	build: don't lose prior configure args on autogen.sh
	My prior patch forced an autogen.sh run, and I was surprised that the
	suggested './autogen.sh' lost the fact that I had previously used
	'./autogen.sh -C' for speed.
	* autogen.sh: Use config.status, if present and there were no arguments.

	build: update gnulib
	Picks up fixes for gethostname compilation problems on mingw.
	* .gnulib: Update to latest.
	* build-aux/.gitignore: Regenerate.
	* cfg.mk (local-checks-to-skip): Avoid new test not relevent to
	libvirt.

2010-03-27  Stefan Berger  <stefanb@us.ibm.com>

	Add some examples filters
	This patch adds some example filters to libvirt. They are automatically
	installed into the proper directory for libvirt to pick them up.

	Extensions for iptables rules
	This patch adds support for L3/L4 filtering using iptables. This adds
	support for 'tcp', 'udp', 'icmp', 'igmp', 'sctp' etc. filtering.
	As mentioned in the introduction, a .c file provided by this patch
	is #include'd into a .c file. This will need work, but should be alright
	for review.

	Add IPv6 support for the ebtables layer
	This patch adds IPv6 support for the ebtables layer. Since the parser
	etc. are all parameterized, it was fairly easy to add this...

	Add qemu support
	Add support for Qemu to have firewall rules applied and removed on VM
	startup and shutdown respectively. This  patch also provides support for
	the updating of a filter that causes all VMs that reference the filter
	to have their ebtables/iptables rules updated.

	Core driver implementation with ebtables support
	This patch implements the core driver and provides
	- management functionality for managing the filter XMLs
	- compiling the internal filter representation into ebtables rules
	- applying ebtables rules on a network (tap,macvtap) interface
	- tearing down ebtables rules that were applied on behalf of an
	interface
	- updating of filters while VMs are running and causing the firewalls to
	be rebuilt
	- other bits and pieces

	Add XML parser extensions for network filtering
	This patch adds XML processing for the network filter schema
	and extends the domain XML processing to parse the top level
	referenced filter along with potentially provided parameters

	Add virsh support for new CLI commands
	This patch adds virsh support for the five new CLI commands to manage
	network filters.

	Definition of the wire format, RPC client & server
	This patch adds the definition of the wire format for RPC calls
	and implementation of the RPC client & server code

	Implementation of the public API
	This patch adds the implementation of the public API for the network
	filtering (ACL) extensions to libvirt.c .

	Add internal API
	This patch adds the internal API extensions for network filtering (ACL) support.

	Add public API
	This patch adds extensions to libvirt's public API necessary for
	controlling the new functionality from remote for example.

	Add recursive locks
	This patch adds recursive locks necessary due to the processing of
	network filter XML that can reference other network filters, including
	references that cause looks. Loops in the XML are prevented but their
	detection requires recursive locks.

2010-03-27  David Allan  <dallan@redhat.com>

	Fix build break
	* Add types to switch; the switch is only exectuted for known types because of a preceding conditional, so this fix is merely to placate the compiler.

2010-03-27  Stefan Berger  <stefanb@us.ibm.com>

	Use enum of virDomainNetType
	To find out where the net type 'direct' needs to be handled I introduced
	the 'enum virDomainNetType' in the virDomainNetDef structure and let the
	compiler tell me where the case statement is missing. Then I added the
	unhandled device statement to the UML driver.
	* src/conf/domain_conf.h: change _virDomainNetDef type from int to
	  virDomainNetType enum
	* src/conf/domain_conf.c src/lxc/lxc_driver.c src/qemu/qemu_conf.c
	  src/uml/uml_conf.c: make sure all enum cases are properly handled
	  in switches

2010-03-27  Daniel Veillard  <veillard@redhat.com>

	Silence cppi syntax-check warning

2010-03-26  Stefan Berger  <stefanb@us.ibm.com>

	Mention direct device support since 0.7.7 in docs
	In the documentation mention that the direct device support is there
	since libvirt 0.7.7. A Linux kernel 2.6.34 is required for macvtap to be
	available as standard device.

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Implement VNC password change in QEMU
	Use the new virDomainUpdateDeviceFlags API to allow the VNC password
	to be changed on the fly
	* src/internal.h: Define STREQ_NULLABLE() which is like STREQ()
	  but does not crash if either argument is NULL, and treats two
	  NULLs as equal.
	* src/libvirt_private.syms: Export virDomainGraphicsTypeToString
	* src/qemu/qemu_driver.c: Support VNC password change on a live
	  machine
	* src/qemu/qemu_monitor.c: Disable crazy debugging info. Treat a
	  NULL password as "" (empty string), allowing passwords to be
	  disabled in the monitor

	Allow parsing <graphics> in device XML
	Expand the parser for the standalone <device> XML format to
	allow inclusion of the <graphics> device type
	* src/conf/domain_conf.h: Add virDomainGraphicsDef to
	  the virDomainDeviceDef struct
	* src/conf/domain_conf.c: Wire up parser for virDomainGraphicsDef
	  to virDomainDeviceDefParse method

	Introduce a update-device command in virsh
	Support the new virDomainUpdateDeviceFlags API in virsh by adding
	a new 'update-device' command. In the future this should be augmented
	with an explicit 'change-disk' command for media change to make it
	end user discoverable, as attach-disk is.
	* tools/virsh.c: Add 'update-device' command

	Implement virDomainUpdateDeviceFlags API in all drivers with media change
	To allow the new virDomainUpdateDeviceFlags() API to be universally
	used with all drivers, this patch adds an impl to all the current
	drivers which support CDROM or Floppy disk media change via the
	current virDomainAttachDeviceFlags API
	* src/qemu/qemu_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/proxy_internal.c, src/xen/xen_driver.c,
	  src/xen/xend_internal.c: Implement media change via the
	  virDomainUpdateDeviceFlags API
	* src/xen/xen_driver.h, src/xen/xen_hypervisor.c,
	  src/xen/xen_inotify.c, src/xen/xm_internal.c,
	  src/xen/xs_internal.c: Stubs for Xen driver entry points

	Remote protocol impl for virDomainUpdateDeviceFlags
	This defines the wire format for the new virDomainUpdateDeviceFlags()
	API, and implements the server & client side of the marshalling code.
	* daemon/remote.c: Server side dispatch for virDomainUpdateDeviceFlags
	* src/remote/remote_driver.c: Client side serialization for
	  virDomainUpdateDeviceFlags
	* src/remote/remote_protocol.x: Define wire format for
	  virDomainUpdateDeviceFlags
	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_table.h, src/remote/remote_protocol.c,
	  src/remote/remote_protocol.h: Re-generate code

	Introduce a new virDomainUpdateDeviceFlags public API
	The current virDomainAttachDevice API can be (ab)used to change
	the media of an existing CDROM/Floppy device. Going forward there
	will be more devices that can be configured on the fly and overloading
	virDomainAttachDevice for this is not too pleasant. This patch adds
	a new virDomainUpdateDeviceFlags() explicitly just for modifying
	existing devices.
	* include/libvirt/libvirt.h.in: Add virDomainUpdateDeviceFlags
	* src/driver.h: Internal API for virDomainUpdateDeviceFlags
	* src/libvirt.c, src/libvirt_public.syms: Glue public API to
	  driver API
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
	  src/remote/remote_driver.c, src/test/test_driver.c, src/uml/uml_driver.c,
	  src/vbox/vbox_tmpl.c, src/xen/xen_driver.c, src/xenapi/xenapi_driver.c: Add
	  stubs for new driver entry point

	Add domain events for graphics network clients
	This introduces a new event type
	   VIR_DOMAIN_EVENT_ID_GRAPHICS
	The same event can be emitted in 3 scenarios
	  typedef enum {
	      VIR_DOMAIN_EVENT_GRAPHICS_CONNECT = 0,
	      VIR_DOMAIN_EVENT_GRAPHICS_INITIALIZE,
	      VIR_DOMAIN_EVENT_GRAPHICS_DISCONNECT,
	  } virDomainEventGraphicsPhase;
	Connect/disconnect are triggered at socket accept/close.
	The initialize phase is immediately after the protocol
	setup and authentication has completed. ie when the
	client is authorized and about to start interacting with
	the graphical desktop
	This event comes with *a lot* of potential information
	 - IP address, port & address family of client
	 - IP address, port & address family of server
	 - Authentication scheme (arbitrary string)
	 - Authenticated subject identity. A subject may have
	   multiple identities with some authentication schemes.
	   For example, vencrypt+sasl results in a x509dname
	   and saslUsername identities.
	This results in a very complicated callback :-(
	   typedef enum {
	      VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV4,
	      VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV6,
	   } virDomainEventGraphicsAddressType;
	   struct _virDomainEventGraphicsAddress {
	       int family;
	       const char *node;
	       const char *service;
	   };
	   typedef struct _virDomainEventGraphicsAddress virDomainEventGraphicsAddress;
	   typedef virDomainEventGraphicsAddress *virDomainEventGraphicsAddressPtr;
	   struct _virDomainEventGraphicsSubject {
	      int nidentity;
	      struct {
	          const char *type;
	          const char *name;
	      } *identities;
	   };
	   typedef struct _virDomainEventGraphicsSubject virDomainEventGraphicsSubject;
	   typedef virDomainEventGraphicsSubject *virDomainEventGraphicsSubjectPtr;
	   typedef void (*virConnectDomainEventGraphicsCallback)(virConnectPtr conn,
	                                                         virDomainPtr dom,
	                                                         int phase,
	                                                         virDomainEventGraphicsAddressPtr local,
	                                                         virDomainEventGraphicsAddressPtr remote,
	                                                         const char *authScheme,
	                                                         virDomainEventGraphicsSubjectPtr subject,
	                                                         void *opaque);
	The wire protocol is similarly complex
	   struct remote_domain_event_graphics_address {
	     int family;
	     remote_nonnull_string node;
	     remote_nonnull_string service;
	   };
	   const REMOTE_DOMAIN_EVENT_GRAPHICS_IDENTITY_MAX = 20;
	   struct remote_domain_event_graphics_identity {
	     remote_nonnull_string type;
	     remote_nonnull_string name;
	   };
	   struct remote_domain_event_graphics_msg {
	     remote_nonnull_domain dom;
	     int phase;
	     remote_domain_event_graphics_address local;
	     remote_domain_event_graphics_address remote;
	     remote_nonnull_string authScheme;
	     remote_domain_event_graphics_identity subject<REMOTE_DOMAIN_EVENT_GRAPHICS_IDENTITY_MAX>;
	   };
	This is currently implemented in QEMU for the VNC graphics
	protocol, but designed to be usable with SPICE graphics in
	the future too.
	* daemon/remote.c: Dispatch graphics events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  graphics events
	* include/libvirt/libvirt.h.in: Define new graphics event ID
	  and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle graphics events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for VNC events and emit a libvirt graphics event
	* src/remote/remote_driver.c: Receive and dispatch graphics
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  graphics events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for VNC_CONNECTED,
	  VNC_INITIALIZED & VNC_DISCONNETED events from QEMU monitor

	Add support for an explicit IO error event
	This introduces a new event type
	   VIR_DOMAIN_EVENT_ID_IO_ERROR
	This event includes the action that is about to be taken
	as a result of the watchdog triggering
	  typedef enum {
	     VIR_DOMAIN_EVENT_IO_ERROR_NONE = 0,
	     VIR_DOMAIN_EVENT_IO_ERROR_PAUSE,
	     VIR_DOMAIN_EVENT_IO_ERROR_REPORT,
	  } virDomainEventIOErrorAction;
	In addition it has the source path of the disk that had the
	error and its unique device alias. It does not include the
	target device name (/dev/sda), since this would preclude
	triggering IO errors from other file backed devices (eg
	serial ports connected to a file)
	Thus there is a new callback definition for this event type
	typedef void (*virConnectDomainEventIOErrorCallback)(virConnectPtr conn,
	                                                     virDomainPtr dom,
	                                                     const char *srcPath,
	                                                     const char *devAlias,
	                                                     int action,
	                                                     void *opaque);
	This is currently wired up to the QEMU block IO error events
	* daemon/remote.c: Dispatch IO error events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  IO error events
	* include/libvirt/libvirt.h.in: Define new IO error event ID
	  and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle IO error events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for block IO errors and emit a libvirt IO error event
	* src/remote/remote_driver.c: Receive and dispatch IO error
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  IO error events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for BLOCK_IO_ERROR event
	  from QEMU monitor

	Add support for an explicit watchdog event
	This introduces a new event type
	   VIR_DOMAIN_EVENT_ID_WATCHDOG
	This event includes the action that is about to be taken
	as a result of the watchdog triggering
	 typedef enum {
	     VIR_DOMAIN_EVENT_WATCHDOG_NONE = 0,
	     VIR_DOMAIN_EVENT_WATCHDOG_PAUSE,
	     VIR_DOMAIN_EVENT_WATCHDOG_RESET,
	     VIR_DOMAIN_EVENT_WATCHDOG_POWEROFF,
	     VIR_DOMAIN_EVENT_WATCHDOG_SHUTDOWN,
	     VIR_DOMAIN_EVENT_WATCHDOG_DEBUG,
	 } virDomainEventWatchdogAction;
	Thus there is a new callback definition for this event type
	 typedef void (*virConnectDomainEventWatchdogCallback)(virConnectPtr conn,
	                                                       virDomainPtr dom,
	                                                       int action,
	                                                       void *opaque);
	* daemon/remote.c: Dispatch watchdog events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  watchdog events
	* include/libvirt/libvirt.h.in: Define new watchdg event ID
	  and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle watchdog events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for watchdogs and emit a libvirt watchdog event
	* src/remote/remote_driver.c: Receive and dispatch watchdog
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  watchdog events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for WATCHDOG event
	  from QEMU monitor

	Add support for an explicit  RTC change event
	This introduces a new event type
	   VIR_DOMAIN_EVENT_ID_RTC_CHANGE
	This event includes the new UTC offset measured in seconds.
	Thus there is a new callback definition for this event type
	 typedef void (*virConnectDomainEventRTCChangeCallback)(virConnectPtr conn,
	                                                        virDomainPtr dom,
	                                                        long long utcoffset,
	                                                        void *opaque);
	If the guest XML configuration for the <clock> is set to
	offset='variable', then the XML will automatically be
	updated with the new UTC offset value. This ensures that
	during migration/save/restore the new offset is preserved.
	* daemon/remote.c: Dispatch RTC change events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  RTC change events
	* include/libvirt/libvirt.h.in: Define new RTC change event ID
	  and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle RTC change events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for RTC changes and emit a libvirt RTC change event
	* src/remote/remote_driver.c: Receive and dispatch RTC change
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  RTC change events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for RTC_CHANGE event
	  from QEMU monitor

	Add support for an explicit guest reboot event
	The reboot event is not a normal lifecycle event, since the
	virtual machine on the host does not change state. Rather the
	guest OS is resetting the virtual CPUs. ie, the QEMU process
	does not restart. Thus, this does not belong in the current
	lifecycle events callback.
	This introduces a new event type
	    VIR_DOMAIN_EVENT_ID_REBOOT
	It takes no parameters, besides the virDomainPtr, so it can
	use the generic callback signature.
	* daemon/remote.c: Dispatch reboot events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  reboot events
	* include/libvirt/libvirt.h.in: Define new reboot event ID
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle reboot events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for reboots and emit a libvirt reboot event
	* src/remote/remote_driver.c: Receive and dispatch reboot
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  reboot events

	Rename domain lifecycle event message
	To avoid confusion, rename the current REMOTE_PROC_DOMAIN_EVENT
	message to REMOTE_PROC_DOMAIN_EVENT_LIFECYCLE. This does not
	cause ABI problems, since the names are only relevant at the source
	code level. On the wire they encoding is a plain integer whose
	value does not change
	* src/remote/remote_protocol.x: Rename REMOTE_PROC_DOMAIN_EVENT
	  to REMOTE_PROC_DOMAIN_EVENT_LIFECYCLE.
	* daemon/remote.c, src/remote/remote_driver.c: Update code for
	  renamed event

	Convert domain events example to new API
	Convert the domain events example program to use the new
	events APIs for one of its callback registrations to demo the
	new API and interoperability with the old API.
	* examples/domain-events/events-c/event-test.c: Convert to
	  new events API

	Remote driver & daemon impl of new event API
	This wires up the remote driver to handle the new events APIs.
	The public API allows an application to request a callback filters
	events to a specific domain object, and register multiple callbacks
	for the same event type. On the wire there are two strategies for
	this
	 - Register multiple callbacks with the remote daemon, each
	   with filtering as needed
	 - Register only one callback per event type, with no filtering
	Both approaches have potential inefficiency. In the first scheme,
	the same event gets sent over the wire many times if multiple
	callbacks are registered. With the second scheme, unneccessary
	events get sent over the wire if a per-domain filter is set on
	the client. The second scheme is far easier to implement though,
	so this patch takes that approach.
	* daemon/dispatch.h: Don't export remoteRelayDomainEvent since it
	  is no longer needed for unregistering callbacks, instead the
	  unique callback ID is used
	* daemon/libvirtd.c, daemon/libvirtd.h: Track and unregister
	  callbacks based on callback ID, instead of function pointer
	* daemon/remote.c: Switch over to using virConnectDomainEventRegisterAny
	  instead of legacy virConnectDomainEventRegister function. Refactor
	  remoteDispatchDomainEventSend() to cope with arbitrary event types
	* src/driver.h, src/driver.c: Move verify() call into source file
	  instead of header, to avoid polluting the global namespace with
	  the verify function name
	* src/remote/remote_driver.c: Implement new APIs for event
	  registration. Refactor processCallDispatchMessage() to cope
	  with arbitrary incoming event types. Merge remoteDomainQueueEvent()
	  into processCallDispatchMessage() to avoid duplication of code.
	  Rename remoteDomainReadEvent() to remoteDomainReadEventLifecycle()
	* src/remote/remote_protocol.x: Define wire format for the new
	  virConnectDomainEventRegisterAny and virConnectDomainEventDeregisterAny
	  functions

	Support new event register/deregister APis in all drivers except remote
	The libvirtd daemon impl will need to switch over to using the
	new event APIs. To make this simpler, ensure all drivers currently
	providing events support both the new APIs and old APIs.
	* src/lxc/lxc_driver.c, src/qemu/qemu_driver.c, src/test/test_driver.c,
	  src/vbox/vbox_tmpl.c, src/xen/xen_driver.c: Implement the new
	  virConnectDomainEvent(Dereg|Reg)isterAny driver entry points

	Add new internal domain events APIs for handling other event types
	The current internal domain events API tracks callbacks based on
	the function pointer, and only supports lifecycle events. This
	adds new internal APIs for registering callbacks for other event
	types. These new APIs are postfixed with the word 'ID' to indicate
	that they operated based on event ID, instead of hardcoded to
	lifecycle events
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Add new APIs for handling callbacks
	  for non-lifecycle events

	Refactor domain events to handle multiple event types
	The internal domain events APIs are designed to handle the lifecycle
	events. This needs to be refactored to allow arbitrary new event
	types to be handled.
	 * The signature of virDomainEventDispatchFunc changes to use
	   virConnectDomainEventGenericCallback instead of the lifecycle
	   event specific virConnectDomainEventCallback
	 * Every registered callback gains a unique ID to allow its
	   removal based on ID, instead of function pointer
	 * Every registered callback gains an 'eventID' to allow callbacks
	   for different types of events to be distinguished
	 * virDomainEventDispatch is adapted to filter out callbacks
	   whose eventID does not match the eventID of the event being
	   dispatched
	 * virDomainEventDispatch is adapted to filter based on the
	   domain name and uuid, if this filter is set for a callback.
	 * virDomainEvent type/detail fields are moved into a union to
	   allow different data fields for other types of events to be
	   added later
	* src/conf/domain_event.h, src/conf/domain_event.c: Refactor
	  to allow handling of different types of events
	* src/lxc/lxc_driver.c, src/qemu/qemu_driver.c,
	  src/remote/remote_driver.c, src/test/test_driver.c,
	  src/xen/xen_driver.c: Change dispatch function signature
	  to use virConnectDomainEventGenericCallback

	Make internal domain events struct definitions private
	The virtual box driver was directly accesing the domain events
	structs instead of using the APIs provided. To prevent this kind
	of abuse, make the struct definitions private, forcing use of the
	internal APIs. This requires adding one extra internal API.
	* src/conf/domain_event.h, src/conf/domain_event.c: Move
	  virDomainEventCallback and virDomainEvent structs into
	  the source file instead of header
	* src/vbox/vbox_tmpl.c: Use official APIs for dispatching domain
	  events instead of accessing structs directly.

	Introduce a new public API for domain events
	The current API for domain events has a number of problems
	 - Only allows for domain lifecycle change events
	 - Does not allow the same callback to be registered multiple times
	 - Does not allow filtering of events to a specific domain
	This introduces a new more general purpose domain events API
	  typedef enum {
	     VIR_DOMAIN_EVENT_ID_LIFECYCLE = 0,       /* virConnectDomainEventCallback */
	      ...more events later..
	  }
	  int virConnectDomainEventRegisterAny(virConnectPtr conn,
	                                       virDomainPtr dom, /* Optional, to filter */
	                                       int eventID,
	                                       virConnectDomainEventGenericCallback cb,
	                                       void *opaque,
	                                       virFreeCallback freecb);
	  int virConnectDomainEventDeregisterAny(virConnectPtr conn,
	                                         int callbackID);
	Since different event types can received different data in the callback,
	the API is defined with a generic callback. Specific events will each
	have a custom signature for their callback. Thus when registering an
	event it is neccessary to cast the callback to the generic signature
	eg
	  int myDomainEventCallback(virConnectPtr conn,
	                            virDomainPtr dom,
	                            int event,
	                            int detail,
	                            void *opaque)
	  {
	    ...
	  }
	  virConnectDomainEventRegisterAny(conn, NULL,
	                                   VIR_DOMAIN_EVENT_ID_LIFECYCLE,
	                                   VIR_DOMAIN_EVENT_CALLBACK(myDomainEventCallback)
	                                   NULL, NULL);
	The VIR_DOMAIN_EVENT_CALLBACK() macro simply does a "bad" cast
	to the generic signature
	* include/libvirt/libvirt.h.in: Define new APIs for registering
	  domain events
	* src/driver.h: Internal driver entry points for new events APIs
	* src/libvirt.c: Wire up public API to driver API for events APIs
	* src/libvirt_public.syms: Export new APIs
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c,
	  src/vbox/vbox_tmpl.c, src/xen/xen_driver.c,
	  src/xenapi/xenapi_driver.c: Stub out new API entries

2010-03-26  Eric Blake  <eblake@redhat.com>

	maint: update syntax-check rule to also catch test's -o operator
	* cfg.mk (sc_prohibit_test_minus_a): Rename...
	(sc_prohibit_test_minus_ao): ...and flag '-o', too.

2010-03-26  Jim Meyering  <meyering@redhat.com>

	tests: teach syntax-check that virDomainDefFree has free-like semantics
	* cfg.mk (useless_free_options): Add virDomainDefFree to the list
	of free-like functions.
	* src/test/test_driver.c (testDomainCreateXML): Remove useless-if-
	before-virDomainDefFree.
	* src/conf/domain_conf.c (virDomainAssignDef): Likewise

2010-03-25  Jiri Denemark  <jdenemar@redhat.com>

	Add entry point logging for cpu functions

2010-03-25  Eric Blake  <eblake@redhat.com>

	build: don't use "test cond1 -o cond2": it's not portable
	* configure.ac: Use "test cond1 || test cond2" instead.
	* m4/compiler-flags.m4 (gl_COMPILER_FLAGS): Likewise.
	* tests/test-lib.sh (verbose): Likewise.

2010-03-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Make the conf parser compare names case insensitive in VMX mode
	The keys of entries in a VMX file are case insensitive. Both scsi0:1.fileName
	and scsi0:1.filename are valid. Therefore, make the conf parser compare names
	case insensitive in VMX mode to accept every capitalization variation.
	Also add test cases for this.

	vbox: Fix segfault on empty device source
	<source file=''/> results in def->disks[i]->src == NULL. But
	vboxDomainDefineXML and vboxDomainAttachDevice didn't check
	def->disks[i]->src for NULL and expected it to be a valid string.
	Add checks for def->disks[i]->src != NULL to fix the segfault.

2010-03-24  Philipp Hahn  <hahn@univention.de>

	python example: poll(-0.001) does not sleep forever
	The conversion from seconds to milliseconds should only be done for
	actual delays >= 0, not for the magic -1 value used for infinite
	timeouts.

2010-03-24  Jim Meyering  <meyering@redhat.com>

	build: suppress distracting build output
	* src/Makefile.am (augeas-check): New target, just to give the existing
	rule a name.  At the same time, prefix the commands with $(AM_V_GEN),
	to avoid unexpected build output with V=0 which is the default.

	maint: add syntax-check rule to prohibit use of test's -a operator
	* cfg.mk (sc_prohibit_test_minus_a): New rule.

	build: don't use "test cond1 -a cond2" in configure: it's not portable
	* configure.ac: Use "test cond1 && test cond2" instead.

	tests: shell script portability and clean-up
	* tests/test-lib.sh: "echo -n" is not portable.  Use printf instead.
	Remove unnecessary uses of "eval-in-subshell" (subshell is sufficient).
	Remove uses of tests' -a operator; it is not portable.
	Instead, use "test cond && test cond2".
	* tests/schematestutils.sh: Replace use of test's -a.

2010-03-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Don't add extra padding if counter mod 40 is 0
	This change only affects the output of tests that have an exact
	multiple of 40 test cases. For example the domainschematest currently:
	TEST: domainschematest
	      ........................................ 40
	      ........................................ 80
	      ........................................ 120
	      ........................................ 160
	      ........................................                                         200 OK
	PASS: domainschematest
	It outputs additional 40 spaces on the last line.
	The domainschematest output is fixed by the change in test-lib.sh. The
	change in testutils.c fixes this for tests written in C. Currently no
	C test has an exact multiple of 40 test cases, but I checked it and
	the same problem exists there.
	This patch stops that in both cases.

2010-03-23  Jiri Denemark  <jdenemar@redhat.com>

	Fix error reporting when parsing CPU XML strings

	Use common XML parsing functions

	Introduce XML parsing utility functions

2010-03-23  Jim Meyering  <meyering@redhat.com>

	virDomainDiskDefAssignAddress: return int, not void
	Before, this function would blindly accept an invalid def->dst
	and then abuse the idx=-1 it would get from virDiskNameToIndex,
	when passing it invalid strings like "xvda:disk" and "sda1".
	Now, this function returns -1 upon failure.
	* src/conf/domain_conf.c (virDomainDiskDefAssignAddress): as above.
	Update callers.
	* src/conf/domain_conf.h: Update prototype.
	* src/qemu/qemu_conf.c: Update callers.

	tests: do not use the ":disk" suffix in sample xml input
	* tests/xml2sexprdata/xml2sexpr-curmem.xml: Remove ":disk" suffix from
	"<target dev=" value.
	* tests/xml2sexprdata/xml2sexpr-pv-localtime.xml: Likewise.
	* tests/xml2sexprdata/xml2sexpr-curmem.sexpr: Update expected output
	to match.
	* tests/xml2sexprdata/xml2sexpr-pv-localtime.sexpr: Likewise.

	virDiskNameToIndex: ignore trailing digits
	* src/util/util.c (virDiskNameToIndex): Accept sda1, and map it to "sda".
	I.e., accept and ignore any string of trailing digits.

2010-03-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	util: Add stubs for some functions on Windows
	virSetCloseExec and virExecDaemonize were missing a body on Windows.

	Add HAVE_PTHREAD_H guard for pthread_sigmask
	Correctly disable pthread related code if pthread is not avialable,
	in order to get it compile with MinGW on Windows.

	bootstrap: Enable copy-mode for MinGW builds
	MSYS' ln doesn't work well in the way bootstrap uses it with relative paths.

	util: Handle lack of (f)chmod and (f)chown on Windows
	Even if gnulib can provide stubs, it won't help that much. So just
	replace affected util functions (virFileOperation and virDirCreate)
	with stubs on Windows. Both functions aren't used on libvirt's
	client side, so this is fine for MinGW builds.

	bootstrap: Remove rsync from buildreq list
	rsync is used to download .po files, but SKIP_PO=true is set and
	downloading .po files is skipped.
	This also fixes a problem with MinGW builds, because rsync is not
	available for MinGW.

	util: Make some conditional symbols unconditional
	Add dummy bodies for HAVE_GETPWUID_R and HAVE_MNTENT_H dependent
	functions for MinGW builds.

	Make sure virtTestCaptureProgramOutput has a body on Windows
	Now the virsh tests compile at least.

	Fix export of virConnectAuthPtrDefault for MinGW builds
	Use the __declspec(dllexport/dllimport) stuff to export the symbol,
	otherwise accessing virConnectAuthPtrDefault triggers a segfault.

	Remove interfaceRegister from libvirt_private.syms
	This symbol is conditional, it would need to be exported conditional to
	work properly with MinGW. So just remove it, as no other driver register
	function is listed in the symbols files.

	Export conditional state driver symbols only when they are defined
	This is necessary for MinGW builds.

	Make sure uid_t and gid_t are available

	esx: Add esxVI_LookupVirtualMachineByName
	Used in esxDomainLookupByName and to be used in esxDomainDefineXML later.

	esx: Fix potential memory leak in esxVI_BuildFullTraversalSpecItem
	If esxVI_String_DeepCopyValue or esxVI_SelectionSpec_AppendToList fail
	then selectionSpec would leak. Add a free call in the failure path to
	fix the leak.

	esx: Cleanup file header comments
	Replace 'method' with 'function' and get the filename's suffix right.

	esx: Generate method mappings via macros
	This is actually a consequence of the reworked required parameter
	checking: Unify the required parameter check into a Validate function
	instead of doing it separately im the (de)serialization part.
	The required parameter checking for the mapped methods parameter was
	done in the (de)serialize functions before. Now it's explicitly done
	in the mapped method itself.

2010-03-22  Jim Fehlig  <jfehlig@novell.com>

	Avoid libvirtd crash when cgroups is not configured on host
	Invoking virDomainSetMemory() on lxc driver results in libvirtd
	segfault when cgroups has not been configured on the host.
	Ensure driver->cgroup is non-null before invoking
	virCgroupForDomain().  To prevent similar segfaults in the future,
	ensure driver parameter to virCgroupForDomain() is non-null before
	dereferencing.

2010-03-22  Cole Robinson  <crobinso@redhat.com>

	security: selinux: Fix crash when releasing non-existent label
	This can be triggered by the qemuStartVMDaemon cleanup path if a
	VM references a non-existent USB device (by product) in the XML.

2010-03-22  Guido Günther  <agx@sigxcpu.org>

	Don't crash without a security driver
	"virsh dominfo <vm>" crashes if there's no primary security driver set
	since we only intialize the secmodel.model and secmodel.doi if we have
	one. Attached patch checks for securityPrimaryDriver instead of
	securityDriver since the later is always set in qemudSecurityInit().
	Closes: http://bugs.debian.org/574359

2010-03-20  Jiri Denemark  <jdenemar@redhat.com>

	Add migrate-setmaxdowntime command to virsh

	Implement virDomainMigrateSetMaxDowntime in qemu driver

	Implement virDomainMigrateSetMaxDowntime in remote driver

	Wire protocol and dispatcher for virDomainMigrateSetMaxDowntime

	Public virDomainMigrateSetMaxDowntime API

	Internal driver API for virDomainMigrateSetMaxDowntime

2010-03-20  David Allan  <dallan@redhat.com>

	Virsh support for vol wiping

	Simplified version of volume wiping based on feedback from the list.

	Implement remote bits for vol wiping

	Implement the public API for vol wiping

	Define the internal driver API for vol wiping
	Also add vol wiping to ESX storage driver struct

	Add public API for volume wiping

2010-03-19  Laine Stump  <laine@laine.org>

	Support vhost-net mode at qemu startup for virtio network devices
	Attempt to turn on vhost-net mode for devices of type NETWORK, BRIDGE,
	and DIRECT (macvtap).
	* src/qemu/qemu_conf.h: add vhostfd to qemuBuildHostNetStr prototype
	  add qemudOpenVhostNet prototype new flag to set when :,vhost=" found in
	  qemu help
	* src/qemu/qemu_conf.c: * set QEMUD_CMD_FLAG_VNET_HOST is ",vhost=" found
	  in qemu help
	   - qemudOpenVhostNet - opens /dev/vhost-net to pass to qemu if everything
	     is in place to use it.
	   - qemuBuildHostNetStr - add vhostfd to commandline if it's not empty
	     (higher levels decide whether or not to fill it in)
	   - qemudBuildCommandLine - if /dev/vhost-net is successfully opened, add
	     its fd to tapfds array so it isn't closed on qemu exec, and populate
	     vhostfd_name to be passed in to commandline builder.
	* src/qemu/qemu_driver.c: add filler 0 for new arg to qemuBuildHostNetStr,
	  along with a note that this must be implemented in order for hot-plug of
	  vhost-net virtio devices to work properly (once qemu "netdev_add" monitor
	  command is implemented).

2010-03-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Fix FD leak in qemudStartVMDaemon
	The logfile FD is dup2'ed in __virExec in the child. The FD needs to
	be closed in the parent, otherwise it leaks.

2010-03-19  Eric Blake  <eblake@redhat.com>

	util: ensure virMutexInit is not recursive
	POSIX states that creation of a mutex with default attributes
	is unspecified whether the mutex is recursive or non-recursive.
	We specifically want non-recursive (deadlock is desirable in
	flushing out coding bugs that used our mutex incorrectly).
	* src/util/threads-pthread.c (virMutexInit): Specifically request
	non-recursive mutex, rather than relying on unspecified default.

	maint: enforce recent copyright style
	* cfg.mk (sc_copyright_format): New rule.

2010-03-18  Eric Blake  <eblake@redhat.com>

	maint: make Red Hat copyright notices consistent
	Spell out 'Red Hat, Inc.':
	 git grep -i 'Copyright.*Red Hat' | grep -v Inc
	Include (C) consistently:
	 git grep -i 'Copyright [^(].*Red Hat'
	* src/lxc/lxc_container.c: Update copyright formatting.
	* src/node_device/node_device_udev.c: Likewise.
	* src/node_device/node_device_udev.h: Likewise.
	* src/xen/xend_internal.h: Likewise.
	* src/xen/xm_internal.c: Likewise.
	* src/xen/xm_internal.h: Likewise.
	* tests/xmconfigtest.c: Likewise.
	* tests/object-locking.ml: Likewise.
	* tools/virt-pki-validate.in: Likewise.
	* tools/virt-xml-validate.in: Likewise.

	maint: fix typo
	* cfg.mk (sc_prohibit_gettext_noop): Fix typo

	maint: enforce recent N_ usage
	* cfg.mk (sc_prohibit_gettext_noop): New rule applied in "make syntax-check"

2010-03-18  Daniel Veillard  <veillard@redhat.com>

	Fix logroate rpm build breakage
	related to fix of bug https://bugzilla.redhat.com/show_bug.cgi?id=547514

	Fix LSB compliance of init script
	https://bugzilla.redhat.com/show_bug.cgi?id=538701
	* daemon/libvirtd.init.in: daemon/libvirtd.init.in were not mentionned
	  in the usage message and if a missing or wrong argument is given it
	  should return 2, not 1

2010-03-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: <pre> cannot be nested in <p>
	xsltproc complained about this.

2010-03-18  Philip Hahn  <hahn@univention.de>

	python: Fix networkLookupByUUID
	According to:
	http://libvirt.org/html/libvirt-libvirt.html#virNetworkLookupByUUID
	virNetworkLookupByUUID() expects a virConnectPtr as its first argument,
	thus making it a method of the virConnect Python class.
	Currently it's a method of libvirt.virNetwork.
	@@ -805,13 +805,6 @@ class virNetwork:
	         if ret == -1: raise libvirtError ('virNetworkGetAutostart() failed', net=self)
	         return ret
	-    def networkLookupByUUID(self, uuid):
	-        """Try to lookup a network on the given hypervisor based on its UUID. """
	-        ret = libvirtmod.virNetworkLookupByUUID(self._o, uuid)
	-        if ret is None:raise libvirtError('virNetworkLookupByUUID() failed', net=self)
	-        __tmp = virNetwork(self, _obj=ret)
	-        return __tmp
	-
	 class virInterface:
	     def __init__(self, conn, _obj=None):
	         self._conn = conn
	@@ -1689,6 +1682,13 @@ class virConnect:
	         __tmp = virDomain(self,_obj=ret)
	         return __tmp
	+    def networkLookupByUUID(self, uuid):
	+        """Try to lookup a network on the given hypervisor based on its UUID. """
	+        ret = libvirtmod.virNetworkLookupByUUID(self._o, uuid)
	+        if ret is None:raise libvirtError('virNetworkLookupByUUID() failed', conn=self)
	+        __tmp = virNetwork(self, _obj=ret)
	+        return __tmp
	+

2010-03-18  Cole Robinson  <crobinso@redhat.com>

	.gitignore: Ignore generated daemon/libvirtd.logrotate

	Fix make dist with XenAPI changes

2010-03-17  Jiri Denemark  <jdenemar@redhat.com>

	Allow suspend during live migration
	Currently no command can be sent to a qemu process while another job is
	active. This patch adds support for signaling long-running jobs (such as
	migration) so that other threads may request predefined operations to be
	done during such jobs. Two signals are defined so far:
	    - QEMU_JOB_SIGNAL_CANCEL
	    - QEMU_JOB_SIGNAL_SUSPEND
	The first one is used by qemuDomainAbortJob.
	The second one is used by qemudDomainSuspend for suspending a domain
	during migration, which allows for changing live migration into offline
	migration. However, there is a small issue in the way qemudDomainSuspend
	is currently implemented for migrating domains. The API calls returns
	immediately after signaling migration job which means it is asynchronous
	in this specific case.

2010-03-17  Jim Meyering  <meyering@redhat.com>

	do not require two ./autogen.sh runs to permit "make"
	* autogen.sh (bootstrap_hash): New function.
	Running bootstrap may update the gnulib SHA1, yet we were computing
	t=$(git submodule status ...) *prior* to running bootstrap, and
	then recording that sometimes-stale value in the stamp file upon
	a successful bootstrap run.  That would require two (lengthy!)
	bootstrap runs to update the stamp file.

2010-03-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Use virRequestUsername and virRequestPassword

	xenapi: Don't leak url and caps in case of error

	xenapi: Check for NULL before accessing the scheme

	xenapi: Request a username if there is non in the URI
	Use virRequestUsername and virRequestPassword.

	xenapi: Check for valid private data in xenapiSessionErrorHandle

	esx: Move username and password helper functions to authhelper.c

2010-03-17  Jim Meyering  <meyering@redhat.com>

	fix two "make syntax check" failures
	* src/xenapi/xenapi_driver.c (xenapiOpen): Remove useless-if-before-free.
	* po/POTFILES.in: Add src/xenapi/xenapi_utils.c.

2010-03-16  Jiri Denemark  <jdenemar@redhat.com>

	Use WARN_CFLAGS when compiling virsh.c

	Use fsync() at the end of file allocation instead of O_DSYNC
	Instead of opening storage file with O_DSYNC, make sure data are written
	to a disk only before we claim allocation has finished.

2010-03-16  Jim Meyering  <meyering@redhat.com>

	Revert f5a6ce44ce8368d4183b69a31b77f67688d9af43
	* src/qemu/qemu_driver.c (qemudDomainAttachSCSIDisk): The ".controller"
	member is an index, and *may* be 0.  As such, the commit that we're
	reverting broke SCSI disk hot-plug on controller 0.
	Reported by Wolfgang Mauerer.

2010-03-16  Cole Robinson  <crobinso@redhat.com>

	security: Set permissions for kernel/initrd
	Fixes URL installs when running virt-install as root on Fedora.

	qemu: Fix USB by product with security enabled
	We need to call PrepareHostdevs to determine the USB device path before
	any security calls. PrepareHostUSBDevices was also incorrectly skipping
	all USB devices.

	qemu: Add some debugging at domain startup

2010-03-16  Daniel Veillard  <veillard@redhat.com>

	qemu: pass the information when disks are read-only
	* src/qemu/qemu_conf.c: add the ",readonly=on" for read-only disks
	  and also parse it back in qemuParseCommandLineDisk()
	* tests/qemuxml2argvtest.c
	  tests/qemuxml2argvdata/qemuxml2argv-disk-drive-readonly-disk.args
	  tests/qemuxml2argvdata/qemuxml2argv-disk-drive-readonly-disk.xml:
	  add a specific regression test

2010-03-15  Jiri Denemark  <jdenemar@redhat.com>

	Fix syntax-check errors

	Fix error messages in qemu text monitor

2010-03-15  Sharadha Prabhakar  <sharadha.prabhakar@citrix.com>

	xenapi: Initial commit of the new driver

2010-03-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Improve documentation about remote URIs

	macvtap: Only export symbols if support is enabled

2010-03-13  Chris Lalancette  <clalance@redhat.com>

	Only use the numa functions when they are available.

2010-03-12  Chris Lalancette  <clalance@redhat.com>

	Make nodeGetInfo report the correct number of NUMA nodes.
	The nodeGetInfo code was always assuming that machine had a
	single NUMA node, which is not correct.  The good news is that
	libnuma gives us this information pretty easily, so let's
	properly report it.
	NOTE: With recent hardware starting to support CPU hot-add
	and hot-remove, both this code and the nodeCapsInitNUMA()
	code are quickly going to become obsolete.  We'll have to
	think of a more dynamic solution for dealing with NUMA
	nodes and CPUs that can come and go at will.

	Fix crash in virsh after bogus command
	If you ran virsh in interactive mode and ran a command
	that virsh could not parse, it would then SEGV
	on subsequent commands.  The problem is that we are
	freeing the vshCmd structure in the syntaxError label
	at the end of vshCommandParse, but forgetting to
	set ctl->cmd to NULL.  This means that on the next command,
	we would try to free the same structure again, leading
	to badness.
	* tools/virsh.c: Make sure to set ctl->cmd to NULL after
	  freeing it in vshCommandParse()

	Fix virsh command 'cd'
	* tools/virsh.c: cmdCd was returning a 0 on success and -1 on error,
	  when the rest of the code expected a TRUE on success and a
	  FALSE on error.

2010-03-12  Laine Stump  <laine@laine.org>

	Fix compiler warnings in virsh.c
	No functional change. These all generated compiler warnings which, for
	some reason weren't converted to errors by
	--enable-compiler-warnings=error.
	* tools/virsh.c:
	  - change return type from int to void on two functions that don't
	    return a value.
	  - remove unused variables/labels from two functions
	  - eliminate non-literal format strings
	  - typecast char* into xmlChar* when calling
	  - xmlParseBalancedChunkMemory

	Silence compiler complaints about non-literal format strings
	* src/util/macvtap.c: replace _("....") with "%s", _("...") in two places

2010-03-12  Daniel Veillard  <veillard@redhat.com>

	Update commiters list

2010-03-12  Chris Lalancette  <clalance@redhat.com>

	Fix hang in qemudDomainCoreDump.
	Currently if you dump the core of a qemu guest with
	qemudDomainCoreDump, subsequent commands will hang
	up libvirtd.  This is because qemudDomainCoreDump
	uses qemuDomainWaitForMigrationComplete, which expects
	the qemuDriverLock to be held when it's called.  This
	patch does the simple thing and moves the qemuDriveUnlock
	to the end of the qemudDomainCoreDump so that the driver
	lock is held for the entirety of the call (as it is done
	in qemudDomainSave).  We will probably want to make the
	lock more fine-grained than that in the future, but
	we can fix both qemudDomainCoreDump and qemudDomainSave
	at the same time.

	Make sure qemudDomainSetVcpus doesn't hang.
	The code to add job support into libvirtd caused a problem
	in qemudDomainSetVcpus.  In particular, a qemuDomainObjEndJob()
	call was added at the end of the function, but a
	corresponding qemuDomainObjBeginJob() was not.  Additionally,
	a call to qemuDomainObj{Enter,Exit}Monitor() was also missed
	in qemudDomainHotplugVcpus().  These missing calls conspired to
	cause a hang in the libvirtd process after the command was
	finished.  Fix this by adding the missing calls.

2010-03-11  Chris Lalancette  <clalance@redhat.com>

	Remove qemudDomainSetMaxMemory.
	As previously discussed[1], this patch removes the
	qemudDomainSetMaxMemory() function, since it doesn't
	work.  This means that instead of getting somewhat
	cryptic errors, you will now get:
	error: Unable to change MaxMemorySize
	error: this function is not supported by the hypervisor: virDomainSetMaxMemory
	Which describes the situation perfectly.
	[1] https://www.redhat.com/archives/libvir-list/2010-February/msg00928.html

	Fix a JSON CPU information bug.
	When using the JSON monitor, qemuMonitorJSONExtractCPUInfo
	was returning 0 on success.  Unfortunately, higher levels of
	the cpuinfo code expect that it returns the number of CPUs
	it found on success.  This one-line patch fixes it so that
	it returns the correct number.  This makes "virsh vcpuinfo <domain>"
	work when using the JSON monitor.

2010-03-11  Ed Swierk  <eswierk@aristanetworks.com>

	Allow devices without a parent
	* Allow devices without parent links to be created and set their parent to the root "computer" node

2010-03-11  Eric Blake  <eblake@redhat.com>

	build: change to gnulib module list should rerun bootstrap
	* autogen.sh (curr_status): Also include hash of bootstrap.conf
	when checking for changes that require bootstrap rerun.
	* cfg.mk (_update_required): Likewise.

	build: enforce preprocessor indentation
	Since cppi is not part of Fedora Core 12, the check is conditional:
	without cppi, running 'make syntax-check' merely warns:
	$ make sc_preprocessor_indentation
	preprocessor_indentation
	maint.mk: skipping test sc_preprocessor_indentation: cppi not installed
	* cfg.mk (sc_preprocessor_indentation): New syntax-check rule.
	(preprocessor_exempt): New macro, with first exemption.

2010-03-11  Jim Meyering  <meyering@redhat.com>

	build: update gnulib submodule to newer (but not latest)
	This is a stop-gap measure to make autogen.sh rerun ./bootstrap,
	(required due to recent bootstrap.conf addition) while we prepare
	the fix to automatically detect the case of an updated modules list.

2010-03-11  David Allan  <dallan@redhat.com>

	Free resources on error in udev startup
	* The udev driver didn't properly free resources that it allocates when setting up the 'computer' device in the error case.

2010-03-11  Daniel Veillard  <veillard@redhat.com>

	Make virsh reconnect when losing connection
	When the daemon libvirtd restarts, a connected virsh gets a SIGPIPE
	and dies. This change the behaviour to try to reconnect if the
	signal was received or command error indicated a connection or RPC
	failure. Note that the failing command is not restarted.
	* tools/virsh.c: catch SIGPIPE signals as well as connection related
	  failures, add some automatic reconnection code and appropriate error
	  messages.

2010-03-10  Chris Lalancette  <clalance@redhat.com>

	Fix up nodeinfo parsing code.
	As pointed out by eblake, I made a real hash of the
	nodeinfo code with commit
	aa2f6f96ddd7a57011c3d25586d588100651feb2.  This patch
	cleans it up:
	1)  Do more work at compile time instead of runtime (minor)
	2)  Properly handle the hex digits that come from
	/sys/devices/system/cpu/cpu*/topology/thread_siblings
	3)  Fix up some error paths that could cause SEGV
	4)  Used unsigned's for the cpu numbers (cpu -1 doesn't
	make any sense)
	Along with the recent patch from jdenemar to zero out
	the nodeinfo structure, I've re-tested this on the
	machines having the problems, and it seems to be good.

2010-03-10  Daniel Veillard  <veillard@redhat.com>

	Change logrotate to be per-hypervisor logs
	Having a single logrotate configuration file for all hypervisors
	did not work as logrotate would get confused if an hypervisor not
	supported on that platform was still listed. Simplest is to split
	the logrotate as separate per hypervisor files and change the
	spec file to only install the ones compiled in.
	* daemon/libvirtd.lxc.logrotate.in daemon/libvirtd.qemu.logrotate.in
	  daemon/libvirtd.uml.logrotate.in: copy and split the original
	  daemon/libvirtd.logrotate.in file
	* daemon/Makefile.am: update to support the different files and
	  cleanup in sed suggested by Eric Blake
	* libvirt.spec.in: only install the relevant logrotate configs
	* daemon/.gitignore: update logrotate generated list

2010-03-10  Eric Blake  <eblake@redhat.com>

	build: consistently indent preprocessor directives
	* global: patch created by running:
	for f in $(git ls-files '*.[ch]') ; do
	    cppi $f > $f.t && mv $f.t $f
	done

	virsh: use N_ rather than gettext_noop
	With N_() in place, we can use it for a smaller file.
	* doc/api-extension/0008-Step-8-of-8-Add-virsh-support.patch:
	Replace all uses of gettext_noop with N_.
	* tools/virsh.c: Likewise, throughout the file.

	virsh: fix existing N_ uses
	It is a bad idea to call gettext on an already-translated
	string.  In cases where a string must be translated separately
	from where it is exposed to xgettext, the gettext manual
	recommends the idiom of N_() wrapping gettext_noop for
	marking the string.
	* src/internal.h (N_): Fix definition to match gettext manual.
	* tools/virsh.c: (cmdHelp, cmdList, cmdDomstate, cmdDominfo)
	(cmdVcpuinfo, vshUsage): Replace incorrect use of N_ with _.
	(vshCmddefHelp): Likewise.  Mark C format strings appropriately.

2010-03-10  Jim Meyering  <meyering@redhat.com>

	doc: fix typos in hacking.html.in; mark HACKING as read-only
	* HACKING: Mark as read-only.  Soon we'll generate it from...
	* docs/hacking.html.in: ... this file.  More typo fixes.

2010-03-10  Jiri Denemark  <jdenemar@redhat.com>

	Fix copy&paste typos in virProcessInfoGetAffinity

	Wipe nodeinfo structure before filling it
	The nodeinfo structure wasn't initialized in qemu driver and with the
	recent change in CPU topology parsing, old value of nodeinfo->sockets
	could be used and incremented giving totally bogus results.
	Let's just wipe the structure completely.

2010-03-10  Jim Meyering  <meyering@redhat.com>

	doc: fix more typos in HACKING
	* HACKING: More spelling/typo fixes.

2010-03-10  Eric Blake  <eblake@redhat.com>

	AUTHORS: add recent contributors

	hacking: add a section on preprocessor conventions
	* doc/hacking.html.in (preprocessor): New section to document
	recently-discussed style issues.

	hacking: fix typos
	* docs/hacking.html.in (committers): Fix spelling and grammar.

2010-03-09  Laine Stump  <laine@laine.org>

	Fix format string warnings
	A few more non-literal format strings in error log messages have crept
	in. Fix them in the standard way - turn the format string into "%s"
	with the original string as the arg.

2010-03-09  Stefan Berger  <stefanb@us.ibm.com>

	macvtap build detection fix
	* configure.ac: fix the header test used for macvtap availability
	  detection

2010-03-09  Soren Hansen  <soren@ubuntu.com>

	Fix virDomainGetXMLDesc cache settings output
	If a special cache strategy for a disk has been specified in a domain
	definition, but no driverName has been set, virDomainGetXMLDesc would not
	include the <driver> tag at all.
	* src/conf/domain_conf.c: make sure any <driver> tag setting is
	  serialized if set.

2010-03-08  David Allan  <dallan@redhat.com>

	Update hacking.html.in
	* Added section on use of goto
	* Added missing content from HACKING document

2010-03-08  Chris Lalancette  <clalance@redhat.com>

	Get thread and socket information in virsh nodeinfo.
	The current code for "nodeinfo" is pretty naive
	about socket and thread information.  To determine the
	sockets, it just takes the number of cpus and divides
	by the number of cores.  For the thread count, it always
	sets it to 1.  With more recent Intel machines, however,
	hyperthreading is again an option, meaning that these
	heuristics no longer work and give bogus numbers.  This
	patch goes through /sys to get the additional
	information so we properly report it.
	Note that I had to edit the tests not to report on
	socket and thread counts, since these are determined
	dynamically now.
	v2: As pointed out by Eric Blake, gnulib provides
	    count-one-bits (which is LGPLv2+).  Use it instead
	    of a hand-coded popcnt.

2010-03-08  Adam Litke  <agl@us.ibm.com>

	Fix locking in qemudDomainMemoryStats
	When adding domainMemoryStats API support for the qemu driver, I didn't
	follow the locking rules exactly.  The job condition must be held when
	executing monitor commands.  This corrects the segfaults I was seeing
	when calling domainMemoryStats in a multi-threaded environment.
	* src/qemu/qemu_driver.c: in qemudDomainMemoryStats() add missing
	  calls to qemuDomainObjBeginJob/qemuDomainObjEndJob

2010-03-08  Laine Stump  <laine@laine.org>

	Eliminate large stack buffer in doTunnelSendAll
	doTunnelSendAll function (used by QEMU migration) uses a 64k buffer on
	the stack, which could be problematic. This patch replaces that with a
	buffer from the heap.
	While in the neighborhood, this patch also improves error reporting in
	the case that saferead fails - previously, virStreamAbort() was called
	(resetting errno) before reporting the error. It's been changed to
	report the error first.
	* src/qemu/qemu_driver.c: fix doTunnelSendAll() to use a malloc'ed
	  buffer

2010-03-08  Eric Blake  <eblake@redhat.com>

	build: consistently use C99 varargs macros
	Prior to this patch, there was an inconsistent mix between GNU and C99.
	For consistency, and potential portability to other compilers, stick
	with the C99 vararg macro syntax.
	* src/conf/cpu_conf.c (virCPUReportError): Use C99 rather than GNU
	  vararg macro syntax.
	* src/conf/domain_conf.c (virDomainReportError): Likewise.
	* src/conf/domain_event.c (eventReportError): Likewise.
	* src/conf/interface_conf.c (virInterfaceReportError): Likewise.
	* src/conf/network_conf.c (virNetworkReportError): Likewise.
	* src/conf/node_device_conf.h (virNodeDeviceReportError): Likewise.
	* src/conf/secret_conf.h (virSecretReportError): Likewise.
	* src/conf/storage_conf.h (virStorageReportError): Likewise.
	* src/esx/esx_device_monitor.c (ESX_ERROR): Use C99 rather than
	  GNU vararg macro syntax.
	* src/esx/esx_driver.c (ESX_ERROR): Likewise.
	* src/esx/esx_interface_driver.c (ESX_ERROR): Likewise.
	* src/esx/esx_network_driver.c (ESX_ERROR): Likewise.
	* src/esx/esx_secret_driver.c (ESX_ERROR): Likewise.
	* src/esx/esx_storage_driver.c (ESX_ERROR): Likewise.
	* src/esx/esx_util.c (ESX_ERROR): Likewise.
	* src/esx/esx_vi.c (ESX_VI_ERROR): Likewise.
	* src/esx/esx_vi_methods.c (ESX_VI_ERROR): Likewise.
	* src/esx/esx_vi_types.c (ESX_VI_ERROR): Likewise.
	* src/esx/esx_vmx.c (ESX_ERROR): Likewise.
	* src/util/hostusb.c (usbReportError): Use C99 rather than GNU
	  vararg macro syntax.
	* src/util/json.c (virJSONError): Likewise.
	* src/util/macvtap.c (ReportError): Likewise.
	* src/util/pci.c (pciReportError): Likewise.
	* src/util/stats_linux.c (virStatsError): Likewise.
	* src/util/util.c (virUtilError): Likewise.
	* src/util/xml.c (virXMLError): Likewise.
	* src/xen/proxy_internal.c (virProxyError): Use C99 rather than
	  GNU vararg macro syntax.
	* src/xen/sexpr.c (virSexprError): Likewise.
	* src/xen/xen_driver.c (xenUnifiedError): Likewise.
	* src/xen/xen_hypervisor.c (virXenError): Likewise.
	* src/xen/xen_inotify.c (virXenInotifyError): Likewise.
	* src/xen/xend_internal.c (virXendError): Likewise.
	* src/xen/xm_internal.c (xenXMError): Likewise.
	* src/xen/xs_internal.c (virXenStoreError): Likewise.
	* src/cpu/cpu.h (virCPUReportError): Use C99 rather than GNU
	  vararg macro syntax.
	* src/datatypes.c (virLibConnError): Likewise.
	* src/interface/netcf_driver.c (interfaceReportError): Likewise.
	* src/libvirt.c (virLibStreamError): Likewise.
	* src/lxc/lxc_conf.h (lxcError): Likewise.
	* src/network/bridge_driver.c (networkReportError): Likewise.
	* src/nodeinfo.c (nodeReportError): Likewise.
	* src/opennebula/one_conf.h (oneError): Likewise.
	* src/openvz/openvz_conf.h (openvzError): Likewise.
	* src/phyp/phyp_driver.c (PHYP_ERROR): Likewise.
	* src/qemu/qemu_conf.h (qemuReportError): Likewise.
	* src/remote/remote_driver.c (errorf): Likewise.
	* src/security/security_driver.h (virSecurityReportError): Likewise.
	* src/test/test_driver.c (testError): Likewise.
	* src/uml/uml_conf.h (umlReportError): Likewise.
	* src/vbox/vbox_driver.c (vboxError): Likewise.
	* src/vbox/vbox_tmpl.c (vboxError): Likewise.

2010-03-06  Jim Meyering  <meyering@redhat.com>

	ebtablesAddRemoveRule: avoid dead store
	* src/util/ebtables.c (ebtablesAddRemoveRule): Avoid dead store
	to local, "s".

	virInterfaceDefParseBond: avoid dead stores
	* src/conf/interface_conf.c (virInterfaceDefParseBond): Avoid dead stores
	to local, "node".  Remove declaration, too.

	xenXMDomainConfigParse: avoid dead store
	* src/xen/xm_internal.c (xenXMDomainConfigParse): Avoid dead store
	to local, "data".  Remove declaration, too.

	qemudDomainAttachSCSIDisk: handle empty controller list
	* src/qemu/qemu_driver.c (qemudDomainAttachSCSIDisk): Handle
	the (theoretical) case of an empty controller list, so that
	clang does not think the subsequent dereference of "cont"
	would dereference an undefined variable (due to preceding
	loop not iterating even once).

	qemu restore: don't let corrupt input provoke unwarranted OOM
	* src/qemu/qemu_driver.c (qemudDomainRestore): A corrupt save file
	(in particular, a too-large header.xml_len value) would cause an
	unwarranted out-of-memory error.  Do not trust the just-read
	header.xml_len.  Instead, merely use that as a hint, and
	read/allocate up to that number of bytes from the file.
	Also verify that header.xml_len is positive; if it were negative,
	passing it to virFileReadLimFD could cause trouble.

	virFileReadLimFD: diagnose maxlen <= 0, rather than passing it on...
	to saferead_lim, which interprets it as a size_t.
	* src/util/util.c (virFileReadLimFD): Do not malfunction when
	maxlen < -1.  Return -1,EINVAL in that case.  Handle maxlen==0
	in the same manner.

	xen: don't let bogus packets trigger over-allocation and segfault
	* src/xen/proxy_internal.c (xenProxyDomainDumpXML): An invalid packet
	could include a too-large "ans.len" value, which would make us allocate
	too much memory and then copy data from beyond the end of "ans",
	possibly evoking a segfault.  Ensure that the value we use is no
	larger than the remaining portion of "ans".
	Also, change unnecessary memmove to memcpy (src and dest obviously
	do not overlap, so no need to use memmove).
	(xenProxyDomainGetOSType): Likewise.
	(xenProxyGetCapabilities): Likewise.

	qemuMonitorTextGetMemoryStats: decrease risk of false positive in parsing
	The code erroneously searched the entire "reply" for a comma, when
	its intent was to search only that portion after "balloon: actual="
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetMemoryStats):
	Search for "," only starting *after* the BALLOON_PREFIX string.
	Otherwise, we'd be more prone to false positives.

2010-03-06  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.7.7
	* configure.ac libvirt.spec.in: update with new version
	* docs/news.html.in: add list of changes in 0.7.7
	* po/*po*: updated spanish and russian localisations, rebuilt

2010-03-05  Daniel P. Berrange  <berrange@redhat.com>

	Fix USB passthrough based on product/vendor
	Changeset
	  commit 5073aa994af460e775cb3e548528e28d7660fcc8
	  Author: Cole Robinson <crobinso@redhat.com>
	  Date:   Mon Jan 11 11:40:46 2010 -0500
	Added support for product/vendor based passthrough, but it only
	worked at the security driver layer. The main guest XML config
	was not updated with the resolved bus/device ID. When the QEMU
	argv refactoring removed use of product/vendor, this then broke
	launching guests.
	THe solution is to move the product/vendor resolution up a layer
	into the QEMU driver. So the first thing QEMU does is resolve
	the product/vendor to a bus/device and updates the XML config
	with this info. The rest of the code, including security drivers
	and QEMU argv generated can now rely on bus/device always being
	set.
	* src/util/hostusb.c, src/util/hostusb.h: Split vendor/product
	  resolution code out of usbGetDevice and into usbFindDevice.
	  Add accessors for bus/device ID
	* src/security/virt-aa-helper.c, src/security/security_selinux.c,
	  src/qemu/qemu_security_dac.c: Remove vendor/product from the
	  usbGetDevice() calls
	* src/qemu/qemu_driver.c: Use usbFindDevice to resolve vendor/product
	  into a bus/device ID

	Convert QEMU driver all hotunplug code from pci_del to device_del
	The pci_del command is not being ported to QMP. Convert all the
	QEMU hotplug code over to use device_del whenever it is available
	to avoid the pci_del problem
	* src/qemu/qemu_driver.c: Convert unplug code to device_del

	Support hot-unplug for USB devices in QEMU
	Previously hot-unplug could not be supported for USB devices
	in QEMU, since usb_del required the guest visible address
	which libvirt never knows. With 'device_del' command we can
	now unplug based on device alias, so support that.
	* src/qemu/qemu_driver.c: Use device_del to remove USB devices

	Tweak container initialization to make upstart/init happier
	Upstart crashes & burns in a heap if $TERM environment variable
	is missing. Presumably the kernel always sets this when booting
	init on a real machine, so libvirt should set it for containers
	too.
	To make a typical inittab / mingetty setup happier, we need to
	symlink the primary console /dev/pts/0 to /dev/tty1.
	Improve logging in certain scenarios to make troubleshooting
	easier
	* src/lxc/lxc_container.c: Create /dev/tty1 and set $TERM

	Misc fixes for LXC cgroups setup
	When using the 'ns' cgroup controller, the moment a process calls
	'unshare(CLONE_NEWNS)', it will be given a private cgroup tree
	under its current location. This really messages up the LXC
	controller process, because it ends up creating the containers'
	cgroup in the wrong place. The fix is fairly easy, just move
	the cgroup setup before the code which calls unshare(). The
	'ns' controller will still create extra undesired cgroups, but
	they at least won't break libvirt's setup now.
	The patch also adds a missing cgroups allow rule for /dev/tty
	device node

	Avoid creating top level cgroups if just querying for existance
	When getting the driver/domain cgroup it is possible to specify
	whether it should be auto created. If auto-creation was turned
	off, libvirt still mistakenly created its own top level cgroup
	* src/util/cgroup.c: Honour autocreate flag for top level cgroup

2010-03-05  Stefan Berger  <stefanb@us.ibm.com>

	web docs -- macvtap mode explanation
	This adds more information about the different macvtap device modes,
	spells out VEPA and adds a link to a pdf at the ieee site.

2010-03-05  Laine Stump  <laine@laine.org>

	Change default for storage uid/gid from getuid()/getgid() to -1/-1
	This allows the config to have a setting that means "leave it alone",
	eg when building a pool where the directory already exists the user
	may want the current uid/gid of the directory left intact. This
	actually gets us back to older behavior - before recent changes to the
	pool building code, we weren't as insistent about honoring the uid/gid
	settings in the XML, and virt-manager was taking advantage of this
	behavior.
	As a side benefit, removing calls to getuid/getgid from the XML
	parsing functions also seems like a good idea. And having a default
	that is different from a common/useful value (0 == root) is a good
	thing in general, as it removes ambiguity from decisions (at least one
	place in the code was checking for (perms.uid == 0) to see if a
	special uid was requested).
	Note that this will only affect newly created pools and volumes. Due
	to the way that the XML is parsed, then formatted for newly created
	volumes, all existing pools/volumes already have an explicit uid and
	gid set.
	src/conf/storage_conf.c: Remove calls to setuid/setgid for default values
	                         of uid/gid, and set them to -1 instead
	src/storage/storage_backend.c:
	src/storage/storage_backend_fs.c:
	        Make account for the new default values of perms.uid
	        and perms.gid.

2010-03-05  Diego Elio Pettenò  <flameeyes@gmail.com>

	build: vbox: avoid build failure when linking with --no-add-needed
	With the recent changes to the linking defaults in Fedora 13 (namely
	enabling --no-add-needed behaviour by default), we have to pass the
	dlopen()-providing libraries directly at the link of the module; use the
	same AC_SEARCH_LIBS function as used before to look for it and add it to
	the Makefile.

	build: avoid dlopen-related link failure on rawhide/F13
	Instead of using AC_CHECK_LIB and hardcoding -ldl, search for the library
	needed to get dlopen() and then use the cached value.

2010-03-04  Daniel P. Berrange  <berrange@redhat.com>

	Support VCPU hotplug in QEMU guests
	QEMU has a monitor command 'set_cpu' which allows a specific
	CPU to be toggled between online& offline state. libvirt CPU
	hotplug does not work in terms of individual indexes CPUs.
	Thus to support this, we iteratively toggle the online state
	when the total number of vCPUs is adjusted via libvirt
	NB, currently untested since QEMU segvs when running this!
	* src/qemu/qemu_driver.c: Toggle online state for CPUs when
	  doing hotplug
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  monitor API for toggling a CPU's online status via 'set_cpu

	Fix parser checking of storage pool device
	The storage backend implementations all presume that the XML parser
	is validating correctness of the source specification. The check for
	a source device was lost at some point. This allowed for a potential
	crash in the disk backend. Re-introduce the sanity check
	* src/conf/storage_conf.c: Re-add check for source device

	Fix mis-leading error message in pool delete API
	When trying to delete a pool the error message claimed the volume
	could not be deleted.
	* src/storage/storage_driver.c: Error message referred to
	  volumes instead of pools

	Fix typo in QEMU migration command name
	The QMP code was running query-migration instead of query-migrate.
	This doesn't work so well
	* src/qemu/qemu_monitor_json.c: s/query-migration/query-migrate/

	Don't raise error message from cgroups if QEMU fails to start
	The code to remove the cgroup after QEMU failed to startup could
	be obscuring a real error from earlier on. It is not neccessary
	to raise an error in this case, so tell cgroups to keep quiet
	* src/qemu/qemu_driver.c: Don't raise cgroups error in QEMU start
	  cleanup code.

	Add missing device type check in QEMU PCI hotunplug
	The QEMU hotunplug code for PCI devices was looking at host
	devices in the guest config without first filtering non
	PCI devices. This means it was reading garbage
	* src/qemu/qemu_driver.c: Filter out non-PCI devices

2010-03-04  Chris Lalancette  <clalance@redhat.com>

	Add a define for NFS_SUPER_MAGIC
	Commit 3c12a67b766cce51b47861ccde2be41de369f832 added
	a dependency on the NFS_SUPER_MAGIC macro, which is
	defined in linux/magic.h.  Unfortunately linux/magic.h
	is not available in RHEL-5, and causes a compile error.
	Just define it locally, since this is something that
	can't change.

2010-03-04  Laine Stump  <laine@laine.org>

	Make domain save work on root-squash NFS
	Move *all* file operations related to creation and writing of libvirt
	header to the domain save file into a hook function that is called by
	virFileOperation. First try to call virFileOperation as root. If that
	fails with EACCESS, and (in the case of Linux) statfs says that we're
	trying to save the file on an NFS share, rerun virFileOperation,
	telling it to fork a child process and setuid to the qemu user. This
	is the only way we can successfully create a file on a root-squashed
	NFS server.
	This patch (along with setting dynamic_ownership=0 in qemu.conf)
	makes qemudDomainSave work on root-squashed NFS.
	* src/qemu/qemu_driver.c: provide new qemudDomainSaveFileOpHook()
	  utility, use it in qemudDomainSave() if normal creation of the
	  file as root failed, and after checking the filesystem type for
	  the storage is NFS. In that case we also bypass the security
	  driver, as this would fail on NFS.

2010-03-03  Laine Stump  <laine@laine.org>

	Fix domain restore for files on root-squash NFS
	If qemudDomainRestore fails to open the domain save file, create a
	pipe, then fork a process that does setuid(qemu_user) and opens the
	file, then reads this file and stuffs it into the pipe. the parent
	libvirtd process will use the other end of the pipe as its fd, then
	reap the child process after it's done reading.
	This makes domain restore work on a root-squash NFS share that is only
	visible to the qemu user.
	* src/qemu/qemu_driver.c: add new qemudOpenAsUID() helper function,
	  and use it in qemudDomainRestore() if reading as root directly failed.

2010-03-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix USB/PCI device address aliases in QEMU hotplug driver
	The USB/PCI device hotplug code for the QEMU driver was forgetting
	to allocate a unique device alias.
	* src/qemu/qemu_driver.c: Fill in device alias for USB/PCI devices

	Fix detection of errors in QEMU device_add command
	The code assumed that 'device_add' returned an empty string upon
	success. This is not true, it sometimes prints random debug info.
	THus we need to check for an explicit fail string
	* src/qemu/qemu_monitor_text.c: Fix error checking of the device_add
	  monitor command

2010-03-03  Eric Blake  <eblake@redhat.com>

	esx: don't ignore failure on close
	Another warning caught by coverity.  Continue to perform best-effort
	closing and resource release, but warn the caller about the failure.
	* src/esx/esx_driver.c (esxClose): Return an error on failure to close.

	uml: avoid crash on partial read
	Coverity detected a potential dereference of uninitialized memory
	if recvfrom got cut short.
	* src/uml/uml_driver.c (umlMonitorCommand): Validate complete read
	prior to dereferencing res.

	virsh: silence compiler warning
	gcc warns:
	virsh.c:1879: warning: '0' flag ignored with '-' flag in gnu_printf format
	* tools/virsh.c (cmdDomjobinfo): Delete useless flag.

2010-03-03  Jiri Denemark  <jdenemar@redhat.com>

	Fix safezero()
	Various safezero() implementations used either -1, errno or -errno
	return values. This patch fixes them all to return -1 and set errno
	appropriately.
	There was also a bug in size parameter passed to safewrite() which could
	result in an attempt to write gigabytes out of a megabyte buffer.

2010-03-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU domain state after a save attempt fails
	When a VM save attempt failed, the VM would be left in a paused
	state. It is neccessary to resume CPU execution upon failure
	if it was running originally
	* src/qemu/qemu_driver.c: Resume CPUs upon save failure

	Support job cancellation in QEMU driver
	This supports cancellation of jobs for the QEMU driver against
	the virDomainMigrate, virDomainSave and virDomainCoreDump APIs.
	It is not yet supported for the virDomainRestore API, although
	it is desirable.
	* src/qemu/qemu_driver.c: Issue 'migrate_cancel' command if
	  virDomainAbortJob is issued during a migration operation
	* tools/virsh.c: Add a domjobabort command

	Remote driver implementation for the virDomainAbortJob APi
	This defines the wire protocol for the new API
	* src/remote/remote_protocol.x: Wire protocol definition
	* src/remote/remote_driver.c,daemon/remote.c: Client and server
	  side implementation
	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_table.h, src/remote/remote_protocol.c,
	  src/remote/remote_protocol.h: Re-generate from remote_protocol.x

	Wire up internal entry points for virDomainAbortJob API
	This provides the internal glue for the driver API
	* src/driver.h: Internal API contract
	* src/libvirt.c, src/libvirt_public.syms: Connect public API
	  to driver API
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/test/test_driver.c src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c: Stub out entry points

	Introduce public API for cancelling async domain jobs
	The new virDomainAbortJob() method provides a way for a second
	thread to abort an ongoing job run by another thread. This
	extends to any API with  which the virDomainGetJobInfo() API
	is intended to work. Cancellation is not guarenteed, rather best
	effort on part of the hypervisor and not required to be implmented.
	* include/libvirt/libvirt.h.in: Define virDomainAbortJob()

	Add QEMU driver support for job info on migration ops
	Introduce support for  virDomainGetJobInfo in the QEMU driver. This
	allows for monitoring of any API that uses the 'info migrate' monitor
	command. ie virDomainMigrate, virDomainSave and virDomainCoreDump
	Unfortunately QEMU does not provide a way to monitor incoming migration
	so we can't wire up virDomainRestore yet.
	The virsh tool gets a new command 'domjobinfo' to query status
	* src/qemu/qemu_driver.c: Record virDomainJobInfo and start time
	  in qemuDomainObjPrivatePtr objects. Add generic shared handler
	  for calling 'info migrate' with all migration based APIs.
	* src/qemu/qemu_monitor_text.c: Fix parsing of 'info migration' reply
	* tools/virsh.c: add new 'domjobinfo' command to query progress

	Remote driver implmentation of job info API
	* src/remote/remote_protocol.x: Define wire protocol format
	  for virDomainGetJobInfo API
	* src/remote/remote_driver.c, daemon/remote.c: Implement client
	  and server marshalling code for virDomainGetJobInfo()
	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h
	  daemon/remote_dispatch_ret.h, daemon/remote_dispatch_table.h,
	  src/remote/remote_protocol.c, src/remote/remote_protocol.h: Rebuild
	  files from src/remote/remote_protocol.x

	Stub out internal driver entry points for job processing
	The internal glue layer for the new pubic API
	* src/driver.h: Define internal driver API contract
	* src/libvirt.c, src/libvirt_public.syms: Wire up public
	  API to internal driver API
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c: Stub new entry point

	Introduce public API for domain async job handling
	Introduce a new public API that provides a way to get progress
	info on currently running jobs on a virDomainpPtr. APIs that
	are initially within scope of this idea are
	 virDomainMigrate
	 virDomainMigrateToURI
	 virDomainSave
	 virDomainRestore
	 virDomainCoreDump
	These all take a potentially long time and benefit from monitoring.
	The virDomainJobInfo struct allows for various pieces of information
	to be reported
	 - Percentage completion
	 - Time
	 - Overall data
	 - Guest memory data
	 - Guest disk/file data
	* include/libvirt/libvirt.h.in: Add virDomainGetJobInfo
	* python/generator.py, python/libvirt-override-api.xml,
	  python/libvirt-override.c: Override for virDomainGetJobInfo API
	* python/typewrappers.c, python/typewrappers.h: Introduce wrapper
	  for unsigned long long type

2010-03-02  Eric Blake  <eblake@redhat.com>

	build: silence coverity warning in node_device
	All other uses of get_str_prop in this file that ignored
	failure explicitly cast to void.
	* src/node_device/node_device_hal.c (dev_create): Silence coverity
	warning.

2010-03-02  Rolf Eike Beer  <eike@sf-mail.de>

	Fix error messages when parsing USB devices in QEMU
	A number of the error messages raised when parsing USB devices
	refered to PCI devices by mistake
	* src/qemu/qemu_conf.c: s/PCI/USB/ in qemuParseCommandLineUSB()

	Fix USB hotplug device string in QEMU driver
	The USB hotplug method was mistakenly generating a PCI address
	string
	* src/qemu/qemu_driver.c: Fix USB hotplug device string

2010-03-02  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Use device_del to remove SCSI controllers
	when the underlying qemu supports the drive/device model and the
	controller has been added this way.
	* src/qemu/qemu_driver.c: use qemuMonitorDelDevice() when detaching
	  PCI controller and if supported
	* src/qemu/qemu_monitor.[ch]: add new qemuMonitorDelDevice() function
	* src/qemu/qemu_monitor_json.[ch]: JSON backend for DelDevice command
	* src/qemu/qemu_monitor_text.[ch]: Text backend for DelDevice command

	Fix PCI address handling when controllers are deleted
	* src/qemu/qemu_driver.c: in qemudDomainDetachPciControllerDevice()
	  when a controller is not present in the system anymore, the PCI
	  address must be deleted from libvirt's hashtable because it can
	  be re-used for other purposes.

	Fix data structure handling when controllers are attached
	* src/qemu/qemu_driver.c: in qemudDomainAttachDevice(), one must not
	  delete the data part when the operation succeeds because it is
	  required later on. The correct pattern to handlethe parsed
	  representation of the device information on success
	  is dev->data.controller = NULL; virDomainDeviceDefFree(dev);,
	  which leaves the structure pointed at by data in memory.

	Tiny spelling fix

2010-03-02  Eric Blake  <eblake@redhat.com>

	libvirtd: avoid false-positive NULL-deref warning from clang
	* daemon/libvirtd.c (qemudWorker): Rewrite loop to silence a
	warning.

2010-03-02  Jim Meyering  <meyering@redhat.com>

	x86Decode: avoid NULL-dereference upon questionable input
	* src/cpu/cpu_x86.c (x86Decode): Don't dereference NULL when passed
	a NULL "models" pointer, or when passed a nonzero "nmodels" value
	and a corresponding NULL models[i].

	phypUUIDTable_Push: do not corrupt output stream upon partial write
	* src/phyp/phyp_driver.c (phypUUIDTable_Push): Move incr/decr
	of ptr/nread into the loop where those variables are used.
	Also, remove "exit" label and just-preceding "goto".

	openvzDomainDefineCmd: remove useless increment
	* src/openvz/openvz_driver.c (openvzDomainDefineCmd): Remove
	useless increment of "max_veid".

	maint: disallow TAB-in-indentation also in *.rng files
	* cfg.mk (sc_TAB_in_indentation): Also check .rng files.

	maint: convert leading TABs in *.rng files to equivalent spaces
	* docs/schemas/capability.rng: Likewise.
	* docs/schemas/network.rng: Likewise.
	* docs/schemas/nodedev.rng: Likewise.
	* docs/schemas/storagepool.rng: Likewise.
	* docs/schemas/storagevol.rng: Likewise.
	Use these commands:
	t=$'\t'
	git ls-files | grep '\.rng$' | xargs grep -lE "^ *$t" \
	  | xargs perl -MText::Tabs -ni -le \
	    '$m=/^( *\t[ \t]*)(.*)/; print $m ? expand($1) . $2 : $_'

2010-03-02  Daniel P. Berrange  <berrange@redhat.com>

	Expand docs about clock modes
	* formatdomain.html.in: Document new clock options

	Allow configurable timezones with QEMU
	Allow an arbitrary timezone with QEMU by setting the $TZ environment
	variable when launching QEMU
	* src/qemu/qemu_conf.c: Set TZ environment variable if a timezone
	  is requested
	* tests/qemuxml2argvtest.c: Add test case for timezones
	* tests/qemuxml2argvdata/qemuxml2argv-clock-france.xml,
	  tests/qemuxml2argvdata/qemuxml2argv-clock-france.args: Data
	  for timezone tests

	Allow a timezone to be specified instead of sync to host timezone
	This extends the XML to allow for
	  <clock offset='timezone' timezone='Europe/Paris'/>
	This is useful if the admin has not configured any timezone on the
	host OS, but still wants to synchronize a guest to a specific one.
	* src/conf/domain_conf.h, src/conf/domain_conf.c: Support extra
	  'timezone' attribute on clock configuration
	* docs/schemas/domain.rng: Add 'timezone' attribute
	* src/xen/xend_internal.c, src/xen/xm_internal.c: Reject configs
	  with a configurable timezone

	Support variable clock offset mode in QEMU
	This allows QEMU guests to be started with an arbitrary clock
	offset
	The test case can't actually be enabled, since QEMU argv expects
	an absolute timestring, and this will obviously change every
	time the test runs :-( Hopefully QEMU will allow a relative
	time offset in the future.
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Use the -rtc arg
	  if available to support variable clock offset mode
	* tests/qemuhelptest.c: Add QEMUD_CMD_FLAG_RTC for qemu 0.12.1
	* qemuxml2argvdata/qemuxml2argv-clock-variable.args,
	  qemuxml2argvdata/qemuxml2argv-clock-variable.xml,
	  qemuxml2argvtest.c: Test case, except we can't actually enable
	  it yet.

	Add new clock mode allowing variable adjustments
	This introduces a third option for clock offset synchronization,
	that allows an arbitrary / variable adjustment to be set. In
	essence the XML contains the time delta in seconds, relative to
	UTC.
	  <clock offset='variable' adjustment='123465'/>
	The difference from 'utc' mode, is that management apps should
	track adjustments and preserve them at next reboot.
	* docs/schemas/domain.rng: Schema for new clock mode
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Parse
	  new clock time delta
	* src/libvirt_private.syms, src/util/xml.c, src/util/xml.h: Add
	  virXPathLongLong() method

	Change the internal domain conf representation of localtime/utc
	The XML will soon be extended to allow more than just a simple
	localtime/utc boolean flag. This change replaces the plain
	'int localtime' with a separate struct to prepare for future
	extension
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Add a new
	  virDomainClockDef structure
	* src/libvirt_private.syms: Export virDomainClockOffsetTypeToString
	  and virDomainClockOffsetTypeFromString
	* src/qemu/qemu_conf.c, src/vbox/vbox_tmpl.c, src/xen/xend_internal.c,
	  src/xen/xm_internal.c: Updated to use new structure for localtime

2010-03-01  Jim Meyering  <meyering@redhat.com>

	udevEnumerateDevices: remove dead code
	* src/node_device/node_device_udev.c (udevEnumerateDevices): Remove
	unnecessary call to udev_list_entry_get_name.

	qemudNetworkIfaceConnect: remove dead store
	* src/qemu/qemu_conf.c (qemudNetworkIfaceConnect): Remove extraneous
	virSaveLastError call, whose result was unused.

	cmdPoolDiscoverSources: initialize earlier to avoid FP from clang
	* tools/virsh.c (cmdPoolDiscoverSources): Always initialize srcSpec.
	Otherwise, clang would report that srcSpec could be used uninitialized
	in the call to virConnectFindStoragePoolSources.

2010-03-01  Eric Blake  <eblake@redhat.com>

	qemu: avoid null dereference on failed migration
	* src/qemu/qemu_monitor_text.c: qemuMonitorTextGetMigrationStatus: Check for
	  failed strchr, to silence a coverity warning.

2010-03-01  Stefan Berger  <stefanb@us.ibm.com>

	Free the macvtap mode string
	* src/conf/domain_conf.c: forgot to free the attribute value in
	  virDomainNetDefParseXML()

2010-03-01  Daniel Veillard  <veillard@redhat.com>

	Update of indian, spanish and russian translations
	and regeneration of the po/pot files

2010-02-26  David Allan  <dallan@redhat.com>

	Revert fs pool formatting
	* We are reverting this patch pending a discussion of the right way to implement.

2010-02-27  Jim Meyering  <meyering@redhat.com>

	build: update gnulib submodule to latest
	* .gnulib: Update to latest.
	Commit 89bdf84bcd9c6032e37 inadvertently rewound the .gnulib
	submodule by 51 commits.  This corrects it.
	Spotted by Eric Blake.

	build: avoid warning about return-with-value in void function
	* tools/virsh.c: Just "return;", not "return NULL;".

	libvirtd: do not ignore failure to set group ID in privileged mode
	* daemon/libvirtd.c (qemudListenUnix): Diagnose and fail upon
	failure to set or restore group-ID.

2010-02-26  Chris Lalancette  <clalance@redhat.com>

	Only build virDomainObjFormat if not building proxy.
	While building under RHEL-5, I got a compile warning because
	virDomainObjFormat was defined but not used.  That came about
	because in RHEL-5 we build with "#define PROXY", and
	virDomainObjFormat is only used with !PROXY.  Move the
	define.

2010-02-26  Jim Meyering  <meyering@redhat.com>

	openvzGetVEID: don't leak (memory + file descriptor)
	* src/openvz/openvz_conf.c (openvzGetVEID): Always call fclose.
	Diagnose parse failure also when vzlist output is empty.
	If somehow we read a -1, diagnose that (albeit as a parse failure).

2010-02-26  Cole Robinson  <crobinso@redhat.com>

	Use standard spacing for user/pass prompt
	Kind of minor, but it annoys me that the default auth callback
	doesn't put a space between the prompt and the input, like a typical
	terminal, ssh, etc. This patch changes the current prompt:
	Please enter your authentication name:myuser
	to
	Please enter your authentication name: myuser

	libvirtd: Better initscript error reporting
	From time to time I bork my install, and hate it when the initscript
	returns no info. This patch removes the sanity check, which lets
	the shell give us 'command not found' or 'permission denied' errors.

	qemu: Report binary path if error parsing -help

	remote: Improve daemon startup error reporting
	If I toggle enable_tcp in libvirtd.conf and add --listen in
	/etc/init.d/libvirtd, I get the unhelpful error:
	Starting libvirtd daemon: error: Unable to initialize network sockets.
	Running without --daemon provides much more useful info:
	sudo libvirtd --listen
	11:29:26.117: error : remoteCheckCertFile:270 : Cannot access CA certificate '/etc/pki/CA/cacert.pem': No such file or directory
	The daemon architecture makes it difficult to report this useful
	info if daemonized, so point users to /var/log/messages and
	dropping the --daemon flag if they want more info.

	virsh: Show errors reported by nonAPI functions
	Only API calls trigger the error callback, which is required for
	proper virsh error reporting. Since we use non API functions from
	util/, make sure we properly report these errors.
	Fixes lack of error message from 'virsh create idontexit.xml'

	remote: Improve error message when libvirtd isn't running
	While this could lead people in the wrong direction, people most commonly
	hit this error when libvirtd isn't running, so let's mention a possible
	fix.

2010-02-25  Jim Meyering  <meyering@redhat.com>

	build: avoid warning about unused variables
	* tools/virsh.c (cmdCPUBaseline): Remove declarations of unused
	variables, p and cur.

	build: avoid "make rpm" failure in docs/
	Add missing rule to build html/libvirt-libvirt.html.
	Use a GNU Make pattern rule to avoid running apibuild.py once
	for each out-of-date target, in a parallel build.
	* docs/Makefile.am

	build: teach apibuild.py to work in a non-srcdir build
	* docs/Makefile.am (libvirt-api.xml libvirt-refs.xml): Generalize
	apibuild.py to work in a non-srcdir build.  Pass "srcdir" to it.
	* docs/apibuild.py (rebuild): Honor the $srcdir envvar.

	build: avoid non-srcdir "make distcheck" failures (CLEANFILES)
	* docs/Makefile.am (MAINTAINERCLEANFILES): Use this variable
	for generated-and-distributed files, not "CLEANFILES".
	Besides, "make clean" and "make distclean" should not delete
	distributed files.

	build: make git submodule checking more reliable
	* cfg.mk (_curr_status): Accommodate leading "+" or "-" in the output
	of git submodule status.
	* autogen.sh: Likewise.

	build: avoid non-srcdir "make distcheck" failures (srcdir vs wildcard)
	* tests/xencapsdata/Makefile.am: Use $(wildcard in $(srcdir)-aware manner
	* tests/xmconfigdata/Makefile.am: Likewise.
	* tests/xml2sexprdata/Makefile.am: Likewise.
	* tests/sexpr2xmldata/Makefile.am (EXTRA_DIST): Likewise.
	* Makefile.am (XML_EXAMPLES): Use $(wildcard in $(srcdir)-aware manner.

	build: avoid non-srcdir "make distcheck" failure (test_conf.sh)
	* tests/confdata/Makefile.am (EXTRA_DIST): Apply $(wildcard... to
	$(srcdir)/..., and then remove the prefix.

	build: avoid non-srcdir installation failure (sitemap.html.in)
	* docs/Makefile.am (EXTRA_DIST): Add sitemap.html.in.

	build: avoid non-srcdir installation failure (apibuild.py)
	* docs/Makefile.am (libvirt-api.xml): Insert missing "$(srcdir)/".
	Also, remove unnecessary sub-shell.

	build: fix typos in makefile variable names
	* configure.ac: Fix typos:
	s/DRIVER_MODULES_CFLAGS/DRIVER_MODULE_CFLAGS/
	s/DRIVER_MODULES_LIBS/DRIVER_MODULE_LIBS/

	build: ensure that MKINSTALLDIRS is AC_SUBST-defined
	since we're using gettext-0.14.1, which uses that now-obsolete
	automake symbol.  Otherwise, make distcheck would fails like this:
	    make[2]: Entering directory `/t/libvirt-0.7.6/_build/po'
	    /bin/sh @MKINSTALLDIRS@ /t/libvirt-0.7.6/_inst/share
	    /bin/sh: @MKINSTALLDIRS@: No such file or directory
	    make[2]: *** [install-data-yes] Error 127
	* configure.ac (MKINSTALLDIRS): Define.
	For reference, we're currently hamstrung by our desire
	to support RHEL5, which still uses gettext-0.14:
	http://bugzilla.redhat.com/523713

2010-02-25  Eric Blake  <eblake@redhat.com>

	maint: relax git minimum version
	Requiring git 1.6.4, just for the optional GNULIB_SRCDIR support,
	was too harsh.  Resynchronize from gnulib.
	* .gnulib: Import from latest gnulib.
	* bootstrap: Re-synchronize from .gnulib/build-aux.
	* bootstrap.conf: Drop git to 1.5.5.
	* README-hacking: Document use of GNULIB_SRCDIR.

2010-02-25  Richard Jones  <rjones@redhat.com>

	Ignore SIGWINCH in remote client call to poll(2) (RHBZ#567931).
	In bug 567931 we found that virt-top would exit occasionally
	when the terminal window was resized.  Tracking this down it
	turned out that SIGWINCH was being delivered to the process at
	exactly the point where the libvirt remote driver was calling
	poll(2) waiting for a reply from libvirtd.
	This caused the poll(2) call to be interrupted (returning errno
	EINTR).  However handling EINTR the same way as EAGAIN was not
	the solution to this problem since we found previously that this
	would break Ctrl-C handling (commit 47fec8eac2bb3).
	The correct solution is to mask out SIGWINCH for the duration
	of the poll(2) system call.  The per-thread mask is changed and
	restored immediately after the call.  Since we are using
	pthread_sigmask, this should not affect other threads, and
	since we restore the signal mask immediately afterwards it should
	not affect the current thread visibly either.  Other possibly
	problematic signals are SIGCHLD and SIGPIPE and these are
	masked too.
	Note use of ignore_value: It's not fatal if we cannot mask out
	SIGWINCH, and in any case pthread_sigmask never fails on Linux
	as long as you supply the correct arguments.
	I tested this patch and it cures the original problem with
	virt-top.

2010-02-24  Stefan Berger  <stefanb@us.ibm.com>

	Add descriptions for macvtap direct type interfaces
	This adds a description about the 'direct' type of interface recently
	added for macvtap device type support on the host.

2010-02-24  Dave Allan  <dallan@redhat.com>

	Format FS pools on creation
	Create the filesystem on the partition used by the pool
	* configure.ac: check for mkfs availability
	* libvirt.spec.in: add extra require on util-linux for mkfs
	* src/storage/storage_backend_fs.c: run mkfs with the expected
	  fs type when creating a filesystem pool

2010-02-24  Eric Blake  <eblake@redhat.com>

	maint: sort .gitignore
	Fallout from the new bootstrap.
	* .gitignore: Commit sorting done by bootstrap.
	* build-aux/.gitignore: Likewise.
	* po/.gitignore: Likewise.

	maint: import modern bootstrap
	Copy the latest gnulib bootstrap, which runs autoreconf and
	generates po/Makevars for us.  Other improvements include some
	improved prerequisite tool checking.
	This also fixes a bug in the .pot files, regarding the copyright holder.
	* bootstrap: Update to version in .gnulib/build-aux.
	* bootstrap.conf (MSGID_BUGS_ADDRESS, COPYRIGHT_HOLDER, SKIP_PO)
	(gnulib_mk, ACLOCAL, bootstrap_epilogue): Provide overrides.
	* autogen.sh (autoreconf): Avoid redundant autoreconf if bootstrap
	was run.
	* po/Makevars: Delete, now that bootstrap creates it.
	* po/.gitignore: Update.

	maint: start factoring bootstrap
	Borrow ideas from gnulib/build-aux/bootstrap, in order to factor the
	specifics of libvirt into bootstrap.conf, while allowing future
	upgrades of bootstrap to happen with less effort.
	* bootstrap (gnulib_tool): Update invocation to be closer to
	gnulib's version.  Move libvirt specifics...
	* bootstrap.conf: ...into new file.

	maint: fix quoting in autogen.sh
	* autogen.sh (srcdir, THEDIR, OBJ_DIR): Use proper quoting.
	(.git-module-status): Abort if bootstrap fails.

2010-02-24  Jim Meyering  <meyering@redhat.com>

	build: update gnulib submodule to latest
	* cfg.mk (local-checks-to-skip): Disable sc_prohibit_hash_without_use
	for now, since it fails with a false-positive match.

	virFork: placate static analyzers: ignore pthread_sigmask return value
	* src/util/util.c: Include "ignore-value.h".
	(virFork): We really do want to ignore pthread_sigmask failure.

2010-02-23  Cole Robinson  <crobinso@redhat.com>

	docs: Fix syntax warnings from recent changes.

	docs: network: Document <domain> element

	docs: network: Document STP and delay attributes

	docs: domain: Document <description> element

	docs: storage: Document multipath pools

	docs: storage: Document SCSI pools

	docs: storage: Fix backingStore <format> docs

	docs: storage: <volume><key> is always generated.

	docs: storage: Document capacity/alloc 'unit'

	storage: conf: Correctly calculate exabyte unit
	We were using 'Y' to mean exabyte, when the correct abbreviation would be
	'E' ('Y' is yettabyte, which is exabyte * 1024 * 1024). While it isn't
	strictly backwards compatible, I highly doubt anyone was actually using
	this broken behavior, so I don't see any harm in in dropping 'Y' handling.

2010-02-23  Jiri Denemark  <jdenemar@redhat.com>

	virsh.c: avoid all leaks in OOM path in cmdCPUBaseline

2010-02-22  Jiri Denemark  <jdenemar@redhat.com>

	Create raw storage files with O_DSYNC (again)
	Recently we introduced O_DSYNC flag when creating raw storage files to
	avoid filling all disk cache with dirty pages. However, the patch got
	lost when virStorageBackendCreateRaw was reworked using
	virFileOperation. Let's use O_DSYNC again.

2010-02-21  David Allan  <dallan@redhat.com>

	Fixed reference count in virsh pool-build command
	* tools/virsh.c: call virStoragePoolFree() in the main path too

2010-02-21  Dan Kenigsberg  <danken@redhat.com>

	docs: add 3 missing spaces

2010-02-20  David Allan  <dallan@redhat.com>

	Fix daemon-conf invalid failures
	The daemon-conf test would fail on my system if there was a system libvirtd
	running.  In the course of troubleshooting that problem, I discovered that the
	daemon-conf script would always fail if run by itself because it found the line:
	\# that each "PARAMETER = VALUE" line in this file have the parameter
	which it mistook for a line containing a parameter.  I have changed the test to
	avoid mistaking a line containing \"PARAMETER = VALUE\" for a parameter line.
	The corrupted config tests turned out to be failing because the test daemon was
	discovering the pid file from the running daemon and exiting before it processed
	the test config file.  Specifying the pid file for the corrupt config tests in
	the same way as for the valid config test solved that problem.

2010-02-20  Jim Meyering  <meyering@redhat.com>

	virsh.c: avoid leak on OOM error path
	* tools/virsh.c (cmdCPUBaseline): Also free "buffer" and "list" upon OOM.

	virBufferVSprintf: do not omit va_end(argptr) call
	* src/util/buf.c (virBufferVSprintf): Do not omit va_end(argptr).
	Improved-by: Daniel Veillard.

	xend_internal.c: don't dereference NULL for unexpected input
	* src/xen/xend_internal.c (xenDaemonDomainSetAutostart): Avoid a NULL
	dereference upon non-SEXPR_VALUE'd on_xend_start.  This bug was
	introduced by commit 37ce5600c0bb1aed9e2f2888922388de4340ebd3.

2010-02-20  Laine Stump  <laine@laine.org>

	Use virFileOperation hook function in virStorageBackendFileSystemVolBuild
	There were a few operations on the storage volume file that were still
	being done as root, which will fail if the file is on a root-squashed
	NFS share. The result was that attempts to create a storage volume of
	type "raw" on a root-squashed NFS share would fail.
	This patch uses the newly introduced "hook" function in
	virFileOperation to execute all those file operations in the child
	process that's run under the uid that owns the file (and, presumably,
	has permission to write to the NFS share)
	* src/storage/storage_backend.c: use virFileOperation() in
	  virStorageBackendCreateRaw, turning virStorageBackendCreateRaw()
	  into a new createRawFileOpHook() hook

	Rename virFileCreate to virFileOperation, add hook function
	It turns out it is also useful to be able to perform other operations
	on a file created while running as a different uid (eg, write things
	to that file), and possibly to do this to a file that already
	exists. This patch adds an optional hook function to the renamed (for
	more accuracy of purpose) virFileOperation; the hook will be called
	after the file has been opened (possibly created) and gid/mode
	checked/set, before closing it.
	As with the other operations on the file, if the VIR_FILE_OP_AS_UID
	flag is set, this hook function will be called in the context of a
	child process forked from the process that called virFileOperation.
	The implication here is that, while all data in memory is available to
	this hook function, any modification to that data will not be seen by
	the caller - the only indication in memory of what happened in the
	hook will be the return value (which the hook should set to 0 on
	success, or one of the standard errno values on failure).
	Another piece of making the function more flexible was to add an
	"openflags" argument. This arg should contain exactly the flags to be
	passed to open(2), eg O_RDWR | O_EXCL, etc.
	In the process of adding the hook to virFileOperation, I also realized
	that the bits to fix up file owner/group/mode settings after creation
	were being done in the parent process, which could fail, so I moved
	them to the child process where they should be.
	* src/util/util.[ch]: rename and rework virFileCreate-->virFileOperation,
	  and redo flags in virDirCreate
	* storage/storage_backend.c, storage/storage_backend_fs.c: update the
	  calls to virFileOperation/virDirCreate to reflect changes in the API,
	  but don't yet take advantage of the hook.

2010-02-19  Dustin Xiong  <x_k_123@hotmail.com>

	qemu: Check for IA64 kvm
	ACPI feature bit dropped: I asked internally if the -no-acpi option
	had any meaning for IA64, and was told 'probably not'.

2010-02-19  Cole Robinson  <crobinso@redhat.com>

	remote: Print ssh stderr on connection failure

2010-02-19  Yuji NISHIDA  <nishidy@nict.go.jp>

	fix multiple veth problem for OpenVZ
	Fix multiple veth problem.
	NETIF setting was overwritten after first CT because any CT could not be
	found by name.
	* src/openvz/openvz_conf.c src/openvz/openvz_conf.h: add the
	  openvzGetVEID lookup function
	* src/openvz/openvz_driver.c: use it in openvzDomainSetNetwork()

2010-02-19  Chris Lalancette  <clalance@redhat.com>

	Better error reporting for failed migration
	If the hostname as returned by "gethostname" resolves
	to "localhost" (as it does with the broken Fedora-12
	installer), then live migration will fail because the
	source will try to migrate to itself.  Detect this
	situation up-front and abort the live migration before
	we do any real work.
	* src/util/util.h src/util/util.c: add a new virGetHostnameLocalhost
	  with an optional localhost check, and rewire virGetHostname() to use
	  it
	* src/libvirt_private.syms: expose the new function
	* src/qemu/qemu_driver.c: use it in qemudDomainMigratePrepare2()

	Make virDomainObjFormat static
	* src/conf/domain_conf.c: make function static
	* src/conf/domain_conf.h: remove it from header

	Make an error message in PCI util code clearer
	* src/util/pci.c: update 2 message on pciRead errors

2010-02-19  Stefan Berger  <stefanb@us.ibm.com>

	macvtap mac_filter support
	This patch adds the mac_filter support to the macvtap device.

2010-02-19  Jim Meyering  <meyering@redhat.com>

	virsh: be careful to return "FALSE" upon OOM
	* tools/virsh.c (cmdCPUBaseline): Add an explicit "return" statement
	after the "no_memory:" label.

	virBufferStrcat: do not skip va_end
	* src/util/buf.c (virBufferStrcat): Do not skip va_end due to
	an early return.

	qparams.c: do not skip va_end, twice
	* src/util/qparams.c (new_qparam_set, append_qparams): Do not skip
	va_end due to an early return.

	xenDaemonDomainSetAutostart: avoid appearance of impropriety
	* src/xen/xend_internal.c (xenDaemonDomainSetAutostart): Rewrite to
	avoid dereferencing the result of sexpr_lookup.  While in this
	particular case, it was guaranteed never to be NULL, due to the
	preceding "if sexpr_node(...)" guard, it's cleaner to skip the
	sexpr_node call altogether, and also saves a lookup.

2010-02-19  Stefan Berger  <stefanb@us.ibm.com>

	macvtap IFF_VNET_HDR configuration
	This patch sets or unsets the IFF_VNET_HDR flag depending on what device
	is used in the VM. The manipulation of the flag is done in the open
	function and is only fatal if the IFF_VNET_HDR flag could not be cleared
	although it has to be (or if an ioctl generally fails). In that case the
	macvtap tap is closed again and the macvtap interface torn.
	* src/qemu/qemu_conf.c src/qemu/qemu_conf.h: pass qemuCmdFlags to
	  qemudPhysIfaceConnect()
	* src/util/macvtap.c src/util/macvtap.h: add vnet_hdr boolean to
	  openMacvtapTap(), and private function configMacvtapTap()
	* src/qemu/qemu_driver.c: add extra qemuCmdFlags when calling
	  qemudPhysIfaceConnect()

2010-02-19  Laine Stump  <laine@laine.org>

	Use virFork() in __virExec(), virFileCreate() and virDirCreate()
	For __virExec() this is a semantic NOP except for when fork()
	fails. __virExec() would previously forget to restore the signal mask
	in this case; virFork() corrects this behavior.
	virFileCreate() and virDirCreate() gain the code to reset the logging
	and properly deal with the signal handling race condition.
	This also removes a log message that had a typo ("cannot fork o create
	file '%s'") - this error is now logged in a more generic manner in
	virFork() (more generic, but really just as informative, since the
	fact that it's forking to create a file is immaterial to the fact that
	it simply can't fork)
	* src/util/util.c: use the generic virFork() in the 3 functions

	Add virFork() function to utils
	virFork() contains bookkeeping that must be done any time a process
	forks. Currently this includes:
	1) Call virLogLock() prior to fork() and virLogUnlock() just after,
	   to avoid a deadlock if some other thread happens to hold that lock
	   during the fork.
	2) Reset the logging hooks and send all child process log messages to
	   stderr.
	3) Block all signals prior to fork(), then either a) reset the signal
	   mask for the parent process, or b) clear the signal mask for the
	   child process.
	Note that the signal mask handling in __virExec erroneously fails to
	restore the signal mask when fork() fails. virFork() fixes this
	problem.
	Other than this, it attempts to behave as closely to fork() as
	possible (including preserving errno for the caller), with a couple
	exceptions:
	1) The return value is 0 (success) or -1 (failure), while the pid is
	   returned via the pid_t* argument. Like fork(), if pid < 0 there is
	   no child process, otherwise both the child and the parent will
	   return to the caller, and both should look at the return value,
	   which will indicate if some of the extra processing outlined above
	   encountered an error.
	2) If virFork() returns with pid < 0 or with a return value < 0
	   indicating an error condition, the error has already been
	   reported. You can log an additional message if you like, but it
	   isn't necessary, and may be awkwardly extraneous.
	Note that virFork()'s child process will *never* call _exit() - if a
	child process is created, it will return to the caller.
	* util.c util.h: add virFork() function, based on what is currently
	                 done in __virExec().

2010-02-19  Matthew Booth  <mbooth@redhat.com>

	Add QEMU support for virtio channel
	Support virtio-serial controller and virtio channel in QEMU backend.
	Will output
	the following for virtio-serial controller:
	-device
	virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x4,max_ports=16,vectors=4
	and the following for a virtio channel:
	-chardev pty,id=channel0 \
	-device
	virtserialport,bus=virtio-serial0.0,chardev=channel0,name=org.linux-kvm.port.0
	* src/qemu/qemu_conf.c: Add argument output for virtio
	* tests/qemuxml2argvtest.c
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args: Add test for
	  QEMU command line generation

	Add domain support for virtio channel
	Add support for virtio-serial by defining a new 'virtio' channel target type
	and a virtio-serial controller. Allows the following to be specified in a
	domain:
	<controller type='virtio-serial' index='0' ports='16' vectors='4'/>
	<channel type='pty'>
	  <target type='virtio' name='org.linux-kvm.port.0'/>
	  <address type='virtio-serial' controller='0' bus='0'/>
	</channel>
	* docs/schemas/domain.rng: Add virtio-serial controller and virtio
	  channel type.
	* src/conf/domain_conf.[ch]: Domain parsing/serialization for
	  virtio-serial controller and virtio channel.
	* tests/qemuxml2xmltest.c
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: add domain xml
	  parsing test
	* src/libvirt_private.syms src/qemu/qemu_conf.c:
	  virDomainDefAddDiskControllers() renamed to
	  virDomainDefAddImplicitControllers()

2010-02-18  Matthew Booth  <mbooth@redhat.com>

	Remove unused functions from domain_conf
	Remove virDomainDevicePCIAddressEqual and virDomainDeviceDriveAddressEqual,
	which are defined but not used anywhere.
	* src/conf/domain_conf.[ch] src/libvirt_private.syms: Remove
	  virDomainDevicePCIAddressEqual and virDomainDeviceDriveAddressEqual.

	Fix typo in comment
	* src/qemu/qemu_driver.c: qemudStartVMDaemon() fix typo in comment

2010-02-18  Jim Meyering  <meyering@redhat.com>

	get_virtual_functions_linux: would mistakenly always return zero
	* src/node_device/node_device_linux_sysfs.c(get_virtual_functions_linux):
	Return "ret", rather than always returning 0.

2010-02-18  Cole Robinson  <crobinso@redhat.com>

	qemu: Explicitly error if guest virtual network is inactive
	Currently we just error with ex. 'virbr0: No such device'.
	Since we are using public API calls here, we need to ensure that any
	raised error is properly saved and restored, since API entry points
	always reset messages.

	network: bridge: Fix IsActive, IsPersistent
	We were accessing the wrong private data structure, which would
	cause a segfault.

	virterror: Make SetError work if no previous error was set
	virGetLastError returns NULL if no error has been set, not on
	allocation error like virSetError assumed. Use virLastErrorObject
	instead. This fixes virSetError when no error is currently stored.

	libvirt: Update docs for hotplug only commands
	The commands updated are SetMem, SetMaxMem, SetVcpus, and PinVcpu.

2010-02-18  Stefan Berger  <stefanb@us.ibm.com>

	macvtap teardown rework
	Rework and simplification of teardown of the macvtap device.
	Basically all devices with the same MAC address and link device are kept
	alive and not attempted to be torn down. If a macvtap device linked to a
	physical interface with a certain MAC address 'M' is to be created it
	will automatically fail if the interface is 'up'ed and another macvtap
	with the same properties (MAC addr 'M', link dev) happens to be 'up'.
	This will prevent the VM from starting or the device from being attached
	to a running VM. Stale interfaces are assumed to be there for some
	reason and not stem from libvirt.
	In the VM shutdown path, it's assuming that an interface name is always
	available so that if the device type is DIRECT it can be torn down
	using its name.
	* src/util/macvtap.h src/libvirt_macvtap.syms: change of deleting routine
	* src/util/macvtap.c: cleanups and change of deleting routine
	* src/qemu/qemu_driver.c: change cleanup on shutdown
	* src/qemu/qemu_conf.c: don't delete Macvtap in qemudPhysIfaceConnect()

2010-02-18  Matthew Booth  <mbooth@redhat.com>

	Fix whitespace in domain.rng
	* src/schemas/domain.rng: Replace tabs with 8 spaces

2010-02-18  Daniel P. Berrange  <berrange@redhat.com>

	Update QEMU JSON balloon command handling
	The QEMU JSON monitor changed balloon commands to return/accept
	bytes instead of kilobytes. Update libvirt to cope with this
	* src/qemu/qemu_monitor_json.c: Expect/use bytes for ballooning

2010-02-18  Jim Meyering  <meyering@redhat.com>

	openvzLoadDomains: don't ignore failing virUUIDFormat
	* src/openvz/openvz_conf.c (openvzLoadDomains): Diagnose failure of
	virUUIDFormat.

2010-02-18  Cole Robinson  <crobinso@redhat.com>

	python: Actually add virConnectGetVersion to generated bindings
	The recent commit to implement a python version of this function
	didn't drop an explicit 'ignore' check in the generator, so this
	never ended up in the bindings.

2010-02-17  Eric Blake  <ebb9@byu.net>

	build: inform libtool of m4 directory
	Silence a libtoolize warning.
	*  configure.ac (AC_CONFIG_MACRO_DIR): Add.

2010-02-17  Jiri Denemark  <jdenemar@redhat.com>

	Adds a cpu-baseline command for virsh
	* tools/virsh.c: add a command to compute a CPU baseline based on
	  multiple CPU definitions in an XML chunk
	* tools/virsh.pod: add it to the man page

2010-02-17  Jim Meyering  <meyering@redhat.com>

	vshCommandParse: placate coverity
	There is no real leak here, but Coverity-Prevent thinks there is.
	It does not see that while there are four ways to return from
	vshCommandGetToken with VSH_TK_END, none of them results in allocation
	of a result.
	* tools/virsh.c (vshCommandParse): Add a (currently) useless VIR_FREE,
	to ensure that we never leak when vshCommandGetToken returns VSH_TK_END.

	qemuMonitorTextAddUSBDisk: avoid unconditional leak
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextAddUSBDisk): Free
	command output buffer.

	tests: avoid NULL deref upon OOM failure
	* tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Handle malloc
	failure.

	qemuInitPasswords: avoid unconditional leak
	* src/qemu/qemu_driver.c (qemuInitPasswords): Free pass-phrase buffer.

	qemuMonitorTextAddDevice: avoid unconditional leak
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextAddDevice): Free the
	device name buffer.

	libvirt-override.c: avoid a leak upon call with invalid argument
	* python/libvirt-override.c (libvirt_virConnectBaselineCPU): Don't leak
	the xmlcpus buffer upon encountering a non-string list element.

	vboxDomainDumpXML: avoid a leak on OOM error path
	* src/vbox/vbox_tmpl.c (vboxDomainDumpXML): Free vboxCallback buffer
	upon OOM.

	virNodeDevCapScsiHostParseXML: avoid an unconditional leak
	* src/conf/node_device_conf.c (virNodeDevCapScsiHostParseXML):
	Free the "nodes" buffer allocated by virXPathNodeSet.

	uml_driver.c: avoid leak upon failure
	* src/uml/uml_driver.c (umlMonitorCommand): This function would
	sometimes return -1, yet fail to free the "reply" it had allocated.
	Hence, no caller would know to free the corresponding argument.
	When returning -1, be sure to free all allocated resources.

	vbox_tmpl.c: avoid an unconditional leak
	* src/vbox/vbox_tmpl.c (vboxDomainDumpXML): Free def.
	Improved by Matthias Bolte.

	openvz (openvzFreeDriver): avoid leaks
	* src/openvz/openvz_conf.c (openvzFreeDriver): Also free driver buffer.
	Based on a suggestion from Matthias Bolte.

	virStorageBackendIsMultipath: avoid dead store
	* src/storage/storage_backend_mpath.c (virStorageBackendIsMultipath):
	The result of dm_get_next_target was never used (and isn't needed),
	so don't store it.

2010-02-17  Cole Robinson  <crobinso@redhat.com>

	qemu: Make SetVcpu command hotplug only
	Similar to the Set*Mem commands, this implementation was bogus and
	misleading. Make it clear this is a hotplug only operation, and that the
	hotplug piece isn't even implemented.
	Also drop the overkill maxvcpus validation: we don't perform this check
	at XML define time so clearly no one is missing it, and there is
	always the risk that our info will be out of date, possibly preventing
	legitimate CPU values.

	qemu: Make Set*Mem commands hotplug only
	SetMem and SetMaxMem are hotplug only APIs, any persistent config
	changes are supposed to go via XML definition. The original implementation
	of these calls were incorrect and had the nasty side effect of making
	a psuedo persistent change that would be lost after libvirtd restart
	(I didn't know any better).
	Fix these APIs to rightly reject non running domains.

2010-02-16  Daniel P. Berrange  <berrange@redhat.com>

	Treat missing QEMU 'thread_id' as non-fatal in JSON monitor
	The plain QEMU tree does not include 'thread_id' in the JSON
	output. Thus we need to treat it as non-fatal if missing.
	* src/qemu/qemu_monitor_json.c: Treat missing thread_id as non-fatal

	Fix check for primary IDE controller in QEMU PCI slot assignment
	A typo in the check for the primary IDE controller could cause
	a crash on restore depending on the exact guest config.
	* src/qemu/qemu_conf.c: Fix s/video/controller/ typo & slot
	  number typo

	Make error reporting for QEMU JSON mode more friendly
	Current error reporting for JSON mode returns the full JSON
	command string and full JSON error string. This is not very
	user friendly, so this change makes the error report only
	contain the basic command name, and friendly error message
	description string. The full JSON data is logged instead.
	* src/qemu/qemu_monitor_json.c: Always return the 'desc' field from
	  the JSON error message to users.

	Run 'qmp_capabilities' command at QEMU monitor startup
	When in JSON mode, QEMU requires that 'qmp_capabilities' is run as
	the first command in the monitor. This is a no-op when run in the
	text mode monitor
	* src/qemu/qemu_driver.c: Run capabilities negotiation when
	  connecting to the monitor
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h: Add
	  support for the 'qmp_capabilities' command, no-op in text mode.

2010-02-16  Stefan Berger  <stefanb@us.ibm.com>

	macvtap support for libvirt -- schema extensions
	* docs/schemas/domain.rng: extends the domain xml schema to support the
	  new interface type 'direct'

	macvtap support for libvirt -- qemu support
	This part adds support for qemu making a macvtap tap device available
	via file descriptor passed to qemu command line. This also attempts to
	tear down the macvtap device when a VM terminates. This includes support
	for attachment and detachment to/from running VM.
	* src/qemu/qemu_conf.[ch] src/qemu/qemu_driver.c: add support in the
	  QEmu driver

	macvtap support for libvirt -- helper code
	This part adds the helper code to setup and tear down macvtap devices
	using direct communication with the device driver via netlink sockets.
	The rather short messages received from the netlink layer are now
	written into a dynamically allocated buffer
	* src/util/macvtap.h src/util/macvtap.c: provides the new module
	* po/POTFILES.in: the module contains translated strings

	macvtap support for libvirt -- parse new interface XML
	This part adds support to domain_conf.{c|h} for parsing the new
	interface XML of type 'direct'. The parsed mode is now stored as
	an int.
	* src/conf/domain_conf.c src/conf/domain_conf.h: extend parsing code
	* src/util/macvtap.h: empty header to not break compilation

	macvtap support for libvirt -- build support
	This patch adds build support for libvirt checking for certain contents
	of /usr/include/linux/if_link.h to see whether macvtap support is
	compilable on that system. One can disable macvtap support in libvirt
	via --without-macvtap passed to configure.
	* configure.ac src/Makefile.am: new build support
	* src/libvirt_macvtap.syms: list of exported symbols
	* src/util/macvtap.c: empty module to not break compilation

2010-02-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	interface: Use proper return codes in the open function
	The open function returned -1 in case of an error, but -1 maps
	to VIR_DRV_OPEN_DECLINED instead of VIR_DRV_OPEN_ERROR.

	Convert virSecurityReportError into a macro
	The virRaiseError macro inside of virSecurityReportError expands to
	virRaiseErrorFull and includes the __FILE__, __FUNCTION__ and __LINE__
	information. But this three values are always the same for every call
	to virSecurityReportError and do not reflect the actual error context.
	Converting virSecurityReportError into a macro results in getting the
	correct __FILE__, __FUNCTION__ and __LINE__ information.

2010-02-13  Daniel P. Berrange  <berrange@redhat.com>

	Add persistence of PCI addresses to QEMU
	Current PCI addresses are allocated at time of VM startup.
	To make them truely persistent, it is neccessary to do this
	at time of virDomainDefine/virDomainCreate. The code in
	qemuStartVMDaemon still remains in order to cope with upgrades
	from older libvirt releases
	* src/qemu/qemu_driver.c: Rename existing qemuAssignPCIAddresses
	  to qemuDetectPCIAddresses. Add new qemuAssignPCIAddresses which
	  does auto-allocation upfront. Call qemuAssignPCIAddresses from
	  qemuDomainDefine and qemuDomainCreate to assign PCI addresses that
	  can then be persisted. Don't clear PCI addresses at shutdown if
	  they are intended to be persistent

	Fix crash in LXC driver open method when URI has no path
	If giving a lxc://  URI instead of lxc:/// the open method
	would crash ona NULL pointer
	* src/lxc/lxc_driver.c: Cope with a NULL URI path

	Fix USB device path formatting mixup
	* src/util/hostusb.c: The device path for a USB device wants the
	  bus/device IDs in decimal not octal

	Support 'block_passwd' command for QEMU disk encryption
	The old text mode monitor prompts for a password when disks are
	encrypted. This interactive approach doesn't work for JSON mode
	monitor. Thus there is a new 'block_passwd' command that can be
	used.
	* src/qemu/qemu_driver.c: Split out code for looking up a disk
	  secret from findVolumeQcowPassphrase, into a new method
	  getVolumeQcowPassphrase. Enhance qemuInitPasswords() to also
	  set the disk encryption password via the monitor
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  support for the 'block_passwd' monitor command.

2010-02-12  Jiri Denemark  <jdenemar@redhat.com>

	Implement cpuBaseline in remote and qemu drivers

	Wire protocol format and dispatcher for virConnectBaselineCPU

	virConnectBaselineCPU public API implementation

	Internal driver API for virConnectBaselineCPU

	virConnectBaselineCPU public API

	Implement cpuArchBaseline in x86 CPU driver

	Implement cpuArchBaseline in generic CPU driver

	Functions for computing baseline CPU from a set of host CPUs
	Baseline CPU is the best CPU which can be used for a guest on any of the
	hosts.

2010-02-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compliation of AppArmor related code
	Broken by the latest commits to remove the virConnectPtr parameter
	from internal functions.

2010-02-12  Jim Meyering  <meyering@redhat.com>

	qemu_driver.c: honor dname parameter once again
	Since c26cb9234f4b9fa46d7caa3385ae36704167c53f, the dname
	parameter has been ignored by these two functions.  Use it.
	* src/qemu/qemu_driver.c (qemudDomainMigratePrepareTunnel): Honor dname
	parameter once again.
	(qemudDomainMigratePrepare2): Likewise.

	plug four virStoragePoolSourceFree-related leaks
	* src/conf/storage_conf.c (virStoragePoolDefParseSourceString):
	* src/storage/storage_backend_fs.c:
	(virStorageBackendFileSystemNetFindPoolSourcesFunc):
	(virStorageBackendFileSystemNetFindPoolSources):
	* src/test/test_driver.c (testStorageFindPoolSources):

2010-02-11  Jim Meyering  <meyering@redhat.com>

	remote_driver.c: avoid leak on OOM error path
	* src/remote/remote_driver.c (doRemoteOpen): Don't leak a qparam_set
	buffer upon OOM error.

2010-02-11  Jiri Denemark  <jdenemar@redhat.com>

	Mark all error messages for translation

	Add cpu_generic.c to the list of translated files

	Swap position of nmodels and models parameters in cpuDecode()
	All other libvirt functions use array first and then number of elements
	in that array. Let's make cpuDecode follow this rule.

	Fix <cpu> element in domain XML schema
	The current schema is more permissive than the XML parsing code in
	libvirt. Precisely, 'match' attribute is optional in schema while in
	reality its use is bound to <model> element:
	- <cpu> element without 'match' attribute is allowed only if <topology>
	  element is the only child element of <cpu>
	- <cpu> element with 'match' attribute requires <model> element to be
	  present; <topology> and <feature> elements are optional

2010-02-11  Chris Lalancette  <clalance@redhat.com>

	Fix up a misspelled comment.

2010-02-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix disk stats retrieval with QEMU >= 0.12
	With QEMU >= 0.12 the host and guest side of disks no longer have
	the same naming convention. Specifically the host side will now
	get a 'drive-' prefix added to its name. The 'info blockstats'
	monitor command returns the host side name, so it is neccessary
	to strip this off when looking up stats since libvirt stores the
	guest side name !
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Move 'drive-' prefix
	  string to a defined constant
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Strip
	  off 'drive-' prefix (if found) when looking up disk stats

2010-02-10  Cole Robinson  <crobinso@redhat.com>

	qemu: Increase guest startup timeout to 30 seconds
	Currently the timeout for reading startup output is 3 seconds. If the
	host is under any sort of load, we can easily trigger this. Lets bump
	it to 30 seconds.
	Since the polling loop checks to see if the process has died, we shouldn't
	erroneously hit this timeout if qemu bombs (only if it is stuck in some
	infinite loop).

	qemu: Properly report a startup timeout error
	The timeout errors were unconditionally being overwritten by the less
	helpful 'unable to start guest' error.

	test: Fake security driver support in capabilities
	Having some value in capabilities helps testing this stuff in
	virt-manager.

2010-02-10  Daniel P. Berrange  <berrange@redhat.com>

	Annotate some virConnectPtr as mandatory non-null
	Use the ATTRIBUTE_NONNULL annotation to mark some virConnectPtr
	args as mandatory non-null so the compiler can warn of mistakes
	* src/conf/domain_event.h: All virConnectPtr args must be non-null
	* src/qemu/qemu_conf.h: qemudBuildCommandLine and
	  qemudNetworkIfaceConnect() must be given non-null connection
	* tests/qemuxml2argvtest.c: Provide a non-null (dummy) connection to
	  qemudBuildCommandLine()

	Remove virConnectPtr from secret XML APIs
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in secret_conf.{h,c} and update all callers to
	match

	Remove virConnectPtr from interface XML APIs
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in interface_conf.{h,c} and update all callers to
	match

	Remove virConnectPtr from CPU XML APIs
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in cpu_conf.{h,c} and update all callers to
	match

	Remove virConnectPtr from storage APIs & driver
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in storage_conf.{h,c} and storage_encryption_conf.{h,c}
	and update all callers to match

	Remove virConnectPtr from all node device XML APIs
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in node_device_conf.{h,c} and update all callers to
	match

	Remove virConnectPtr from network XML APis
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in network_conf.{h,c} and update all callers to
	match

	Remove virConnectPtr from USB/PCI device iterators
	All callers now pass a NULL virConnectPtr into the USB/PCi device
	iterator functions. Therefore the virConnectPtr arg can now be
	removed from these functions
	* src/util/hostusb.h, src/util/hostusb.c: Remove virConnectPtr
	  from usbDeviceFileIterate
	* src/util/pci.c, src/util/pci.h: Remove virConnectPtr arg from
	  pciDeviceFileIterate
	* src/qemu/qemu_security_dac.c, src/security/security_selinux.c: Update
	  to drop redundant virConnectPtr arg

	Fix generation of floppy disk arg for QEMU's -global arg
	* src/qemu/qemu_conf.c: Fix ',' vs '.' typo in floppy disk arg

	Fix compile error in Xen proxy from virConnectPtr changes
	* proxy/libvirt_proxy.c: Remove 'conn' arg to virDomainDefFormat

	Convert qemu command line flags to 64-bit int
	The QEMU flags are commonly stored as a signed or unsigned int,
	allowing only 31 flags. This limit is rather close, so to aid
	future patches, change it to a 64-bit int
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h, src/qemu/qemu_driver.c,
	  tests/qemuargv2xmltest.c, tests/qemuhelptest.c, tests/qemuxml2argvtest.c:
	  Use 'unsigned long long' for QEMU flags

	Remove use of virConnectPtr from security driver APIs
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in security_driver.{h,c} and update all callers to
	match

	Remove virConnectPtr from all domain XML parsing/formatting APIs

	Remove virConnectPtr from LXC driver

	Remove passing of virConnectPtr throughout QEMU driver

	Fix security driver configuration
	The security driver was mistakenly initialized before the QEMU
	config file was loaded. This prevents it being turned off again.
	The capabilities XML was also getting the wrong security driver
	name, due to the stacked driver arrangement.
	* src/qemu/qemu_driver.c: Fix initialization order and capabilities
	  model name

2010-02-10  Jim Meyering  <meyering@redhat.com>

	virAsprintf: remove its warn_unused_result attribute
	* src/util/util.h (virAsprintf): Remove ATTRIBUTE_RETURN_CHECK, since
	it is perfectly fine to ignore the return value, now that the pointer
	is guaranteed to be set to NULL upon failure.
	* src/util/storage_file.c (absolutePathFromBaseFile): Remove now-
	unnecessary use of ignore_value.

	absolutePathFromBaseFile: avoid an unnecessary use of assert
	* src/util/storage_file.c (absolutePathFromBaseFile): While this use
	of virAsprintf is slightly cleaner than using stpncpy(stpcpy(...,
	it does impose an artificial limitation on the length of the base_file
	name.  Rather than asserting that it does not exceed INT_MAX, return
	NULL when it does.

2010-02-10  Daniel Veillard  <veillard@redhat.com>

	Escape strings serialized in XML
	* src/conf/node_device_conf.c: string saved into XML should be escaped
	  with the use of virBufferEscapeString()

2010-02-09  Jiri Denemark  <jdenemar@redhat.com>

	Create raw storage files with O_DSYNC
	When creating preallocated large raw files opening them with O_DSYNC
	prevents long delays in reading because cache pages can be immediately
	reused without writing them on a disk first.

2010-02-09  Daniel P. Berrange  <berrange@redhat.com>

	Re-generate remote protocol files for new APIs
	Re-generate remote protocol files for changes in commit
	daeb6f6b40432f74150c96fa99ef12df31344fbb
	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_table.h, src/remote/remote_protocol.c,
	  src/remote/remote_protocol.h: Re-generate files

2010-02-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	Remove conn parameter from USB functions
	It was used for error reporting only.

	Remove conn parameter from JSON error macro

	Remove conn parameter from PCI functions
	It was used for error reporting only.

	Remove conn parameter from Linux stats functions
	It was used for error reporting only.

	Remove conn parameter from storage file functions
	It was used for error reporting only.

	Remove conn parameter from util functions
	It was used for error reporting only.

	Remove conn parameter from virXPath* functions
	It was used for error reporting only.

	Remove conn parameter from virReportSystemError

	Remove conn parameter from virReportOOMError

2010-02-09  Jim Fehlig  <jfehlig@novell.com>

	Modify virsh commands
	Change all virsh commands that invoke virDomain{Attach,Detach}Device()
	to use virDomain{Attach,Detach}DeviceFlags() instead.
	Add a "--persistent" flag to these virsh commands, allowing user to
	specify that the domain persisted config be modified as well.
	V2: Only invoke virDomain{Attach,Detach}DeviceFlags() if
	"--persistent" flag is specified.  Otherwise invoke
	virDomain{Attach,Detach}Device() to retain current behavior.

	domain{Attach,Detach}DeviceFlags handler for drivers
	Implementation of domain{Attach,Detach}DeviceFlags handlers
	in the drivers.

	Server side dispatcher
	Server side dispatcher for Domain{Attach,Detach}DeviceFlags.

	Remote driver
	Implementation of Domain{Attach,Detach}DeviceFlags in remote driver.

	Wire protocol format
	Definition of wire protocol format for
	virDomain{Attach,Detach}DeviceFlags.

	Public API Implementation
	Implementation of public API for virDomain{Attach,Detach}DeviceFlags.
	V2: Don't break remote compatibility with older libvirtd

	Internal API
	Definition of internal API for virDomain{Attach,Detach}DeviceFlags.

	Public API
	Definition of public API for virDomain{Attach,Detach}DeviceFlags.
	V2: Adjust libvrt_public.syms to anticipated 0.7.7 release.

	doc: restrict virDomain{Attach,Detach}Device to active domains
	virDomain{Attach,Detach}Device is now only permitted on active
	domains.  Explicitly state this restriction in the API
	documentation.
	V2: Only change doc, dropping the hunk that forced the restriction
	    in libvirt frontend.

2010-02-06  Jim Meyering  <meyering@redhat.com>

	build: update gnulib submodule to latest
	* .gnulib: This fixes a warning in test-gettimeofday.c,
	seen via "make check".  Reported by Daniel Veillard.

2010-02-05  Jim Meyering  <meyering@redhat.com>

	(absolutePathFromBaseFile): fix up preceding commit
	When configured with --enable-gcc-warnings, it didn't even compile.
	* src/util/storage_file.c: Include <assert.h>.
	(absolutePathFromBaseFile): Assert that converting size_t to int is valid.
	Reverse length/string args to match "%.*s".
	Explicitly ignore the return value of virAsprintf.

	absolutePathFromBaseFile: don't leak when first arg contains no "/"
	* src/util/storage_file.c: Include "dirname.h".
	(absolutePathFromBaseFile): Rewrite not to leak, and to require
	fewer allocations.
	* bootstrap (modules): Add dirname-lgpl.
	* .gnulib: Update submodule to the latest.

	sexpr_string: avoid leak on OOM error path
	* src/xen/sexpr.c (sexpr_string): Free sexpr buffer upon allocation
	failure.

	virDomainChrDefParseXML: don't leak upon invalid input
	* src/conf/domain_conf.c (virDomainChrDefParseXML): Don't leak a
	virDomainChrDef buffer upon "unknown target type for char device" error.

	virExecWithHook: avoid leak on OOM error path
	* src/util/util.c (virExecWithHook): Free argv_str string before
	returning upon failure to allocate space for environment.

	cgroup.c: don't leak mem+FD upon OOM
	* src/util/cgroup.c (virCgroupDetectPlacement): Close the mapping
	FILE* also upon error.

	cgroup.c: avoid unconditional leaks
	* src/util/cgroup.c (virCgroupCpuSetInherit) [HAVE_MNTENT_H]:
	Don't leak CPU-set inheritance value strings.

2010-02-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	website: Add a 1em right margin
	This stops the text and pre-boxes from touching the right border.

	storage: Replace storageLog with VIR_ERROR

	opennebula: Remove unnecessary casts

	esx: Remove unnecessary casts

	cpu conf: Use virBufferFreeAndReset instead of virBufferContentAndReset and VIR_FREE

	docs: Refer to virReportOOMError in the HACKING file
	Instead of refering to __virRaiseError(VIR_ERROR_NO_MEMORY).

	esx: Cleanup preprocessing structure in esxVI_EnsureSession

	docs: Emphasize that devices have to be inside the <devices> element
	Also cleanup indentation of domain XML examples.

2010-02-04  Doug Goldstein  <cardoe@gentoo.org>

	virt-pki-validate contains unexpanded SYSCONFDIR variable
	* tools/virt-pki-validate.in: use an automake variable instead of a
	  shell variable so the resulting shell actually work

2010-02-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.7.6
	* configure.ac docs/news.html.in libvirt.spec.in: version bump and doc
	  updates
	* po/*.po*: updated and regenerated the localizations

2010-02-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix restore of QEMU guests with PCI device reservation
	When restoring from a saved guest image, the XML would already
	contain the PCI slot ID of the IDE controller & video card.
	The attempt to explicitly reserve this upfront would thus fail
	everytime.
	* src/qemu/qemu_conf.c: Reserve IDE controller / video card
	  slot at time of need, rather than upfront

2010-02-04  Laine Stump  <laine@laine.org>

	Another fork() log locking cleanup in file creation
	Similar fix as previous one but for fork() usage when creating
	a file or directory
	* src/util/util.c: virLogLock() and virLogUnlock() around fork()
	  in virFileCreate() and virDirCreateSimple()

2010-02-04  Cole Robinson  <crobinso@redhat.com>

	Fix log locking problem when using fork() in the library
	Ad pointed out by Dan Berrange:
	So if some thread in libvirtd is currently executing a logging call,
	while another thread calls virExec(), that other thread no longer
	exists in the child, but its lock is never released. So when the
	child then does virLogReset() it deadlocks.
	The only way I see to address this, is for the parent process to call
	virLogLock(), immediately before fork(), and then virLogUnlock()
	afterwards in both parent & child. This will ensure that no other
	thread
	can be holding the lock across fork().
	* src/util/logging.[ch] src/libvirt_private.syms: export virLogLock() and
	  virLogUnlock()
	* src/util/util.c: lock just before forking and unlock just after - in
	  both parent and child.

2010-02-03  David Allan  <dallan@redhat.com>

	Fix locking for udev device add/remove
	The original udev node device backend neglected to lock the driverState
	struct containing the device list when adding and removing devices
	* src/node_device/node_device_udev.c: add necessary locks in
	  udevRemoveOneDevice() and udevAddOneDevice()

2010-02-03  Jim Meyering  <meyering@redhat.com>

	interface_conf.c: don't use a negative value as allocation size
	* src/conf/interface_conf.c (virInterfaceDefParseProtoIPv4): If
	virXPathNodeSet returns -1, indicate failure by returning -1 right away.
	(virInterfaceDefParseProtoIPv6): Likewise.

	virStoragePoolSourceListNewSource: avoid unconditional leak
	* src/conf/storage_conf.c (virStoragePoolSourceListNewSource):
	Remove an unused (and leaked) allocation.

	xs_internal.c: don't use a negative value as allocation size
	* src/xen/xs_internal.c (xenStoreDomainIntroduced): Don't use -1
	as an allocation size upon xenStoreNumOfDomains failure.
	(xenStoreDomainReleased): Likewise.

2010-02-03  Daniel P. Berrange  <berrange@redhat.com>

	Ensure QEMU DAC security driver is activated at all times
	If the primary security driver (SELinux/AppArmour) was disabled
	then the secondary QEMU DAC security driver was also disabled.
	This is mistaken, because the latter must be active at all times
	* src/qemu/qemu_driver.c: Ensure DAC driver is always active

2010-02-03  Jim Meyering  <meyering@redhat.com>

	xen_hypervisor.c: remove all "domain == NULL" tests, ...
	* src/xen/xen_hypervisor.c: Remove all "domain == NULL" tests.
	* src/xen/xen_hypervisor.h: Instead, use ATTRIBUTE_NONNULL to
	mark each "domain" parameter as "known always to be non-NULL".

	xen_hypervisor.c: avoid NULL deref for NULL domain argument
	* src/xen/xen_hypervisor.c (xenHypervisorGetVcpus): Don't attempt
	to diagnose an unlikely NULL-domain or NULL-domain->conn error.

2010-02-03  Daniel P. Berrange  <berrange@redhat.com>

	Tweak USB hostdevice XML handling
	When attaching a USB host device based on vendor/product, libvirt
	will resolve the vendor/product into a device/bus pair. This means
	that when printing XML we should allow device/bus info to be printed
	at any time if present
	* src/conf/domain_conf.c, docs/schemas/domain.rng: Allow USB device
	  bus info alongside vendor/product

	Fix QEMU hotplug device alias assignment
	To allow devices to be hot(un-)plugged it is neccessary to ensure
	they all have a unique device aliases. This fixes the hotplug
	methods to assign device aliases before invoking the monitor
	commands which need them
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Expose methods
	  for assigning device aliases for disks, host devices and
	  controllers
	* src/qemu/qemu_driver.c: Assign device aliases when hotplugging
	  all types of device
	* tests/qemuxml2argvdata/qemuxml2argv-hostdev-pci-address-device.args,
	  tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address-device.args:
	  Update for changed hostdev naming scheme

	Disable QEMU monitor IO debugging by default

	Re-arrange QEMU device alias assignment code
	This patch re-arranges the QEMU device alias assignment code to
	make it easier to call into the same codeblock when performing
	device hotplug. The new code has the ability to skip over already
	assigned names to facilitate hotplug
	* src/qemu/qemu_driver.c: Call qemuAssignDeviceNetAlias()
	  instead of qemuAssignNetNames
	* src/qemu/qemu_conf.h: Export qemuAssignDeviceNetAlias()
	  instead of qemuAssignNetNames
	* src/qemu/qemu_driver.c: Merge the legacy disk/network alias
	  assignment code into the main methods

	Remove direct storage of hostnet_name & vlan
	The current way of assigning names to the host network backend and
	NIC device in QEMU was over complicated, by varying naming scheme
	based on the NIC model and backend type. This simplifies the naming
	to simply be 'net0' and 'hostnet0', allowing code to easily determine
	the host network name and vlan based off the primary device alias
	name 'net0'. This in turn allows removal of alot of QEMU specific
	code from the XML parser, and makes it easier to assign new unique
	names for NICs that are hotplugged
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Remove hostnet_name
	  and vlan fields from virNetworkDefPtr
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h, src/qemu/qemu_driver.c:
	  Use a single network alias naming scheme regardless of NIC type
	  or backend type. Determine VLANs from the alias name.
	* tests/qemuxml2argvdata/qemuxml2argv-net-eth-names.args,
	  tests/qemuxml2argvdata/qemuxml2argv-net-virtio-device.args,
	  tests/qemuxml2argvdata/qemuxml2argv-net-virtio-netdev.args: Update
	  for new simpler naming scheme

	Remove use of -netdev arg with QEMU
	The QEMU 0.12.x tree has the -netdev command line argument, but not
	corresponding monitor command. We can't enable the former, without
	the latter since it will break hotplug/unplug.
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Disable -netdev usage
	  until 0.13 at earliest
	* tests/qemuxml2argvtest.c: Add test for -netdev syntax
	* tests/qemuxml2argvdata/qemuxml2argv-net-virtio-netdev.args,
	  tests/qemuxml2argvdata/qemuxml2argv-net-virtio-netdev.xml: Test
	  data files for -netdev syntax

	Assign PCI addresses before hotplugging devices
	PCI disk, disk controllers, net devices and host devices need to
	have PCI addresses assigned before they are hot-plugged
	* src/qemu/qemu_conf.c: Add APIs for ensuring a device has an
	  address and releasing unused addresses
	* src/qemu/qemu_driver.c: Ensure all devices have addresses
	  when hotplugging.

	Rewrite way QEMU PCI addresses are allocated
	The current QEMU code allocates PCI addresses incrementally starting
	at 4. This is not satisfactory because the user may have given some
	addresses in their XML config, which need to be skipped over when
	allocating addresses to remaining devices.
	It is thus neccessary to maintain a list of already allocated PCI
	addresses and then only allocate ones that remain unused. This is
	also required for domain device hotplug to work properly later.
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Add APIs for creating
	  list of existing PCI addresses, and allocating new addresses.
	  Refactor address assignment to use this code
	* src/qemu/qemu_driver.c: Pull PCI address assignment up into the
	  qemuStartVMDaemon() method, as a prelude to moving it into the
	  'define' method. Update list of allocated addresses when connecting
	  to a running VM at daemon startup.
	* tests/qemuxml2argvtest.c, tests/qemuargv2xmltest.c,
	  tests/qemuxml2xmltest.c: Remove USB product test since all
	  passthrough is done based on address
	* tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-product.args,
	  tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-product.xml: Kil
	  unused data files

	Introduce generic virDomainDeviceInfo iterator function
	The virDomainDeviceInfoIterate() function will provide a
	convenient way to iterate over all devices in a domain.
	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/libvirt_private.syms: Add virDomainDeviceInfoIterate()
	  function.

	Make hotplug use new device_add where possible
	Since QEMU startup uses the new -device argument, the hotplug
	code needs todo the same. This converts disk, network and
	host device hotplug to use the device_add command
	* src/qemu/qemu_driver.c: Use new device_add monitor APIs
	  whereever possible

	Introduce internal QEMU monitor APIs for drive + device hotadd
	The way QEMU is started has been changed to use '-device' and
	the new style '-drive' syntax. This needs to be mirrored in
	the hotplug code, requiring addition of two new APIs.
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Define APIs
	  qemuMonitorAddDevice() and qemuMonitorAddDrive()
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Implement the new monitor APIs

2010-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Split out QEMU code for building PCI/USB hostdev arg values
	To allow for better code reuse from hotplug methods, the code for
	generating PCI/USB hostdev arg values is split out into separate
	methods
	* qemu/qemu_conf.h, qemu/qemu_conf.c: Introduce new APis for
	  qemuBuildPCIHostdevPCIDevStr, qemuBuildUSBHostdevUsbDevStr
	  and qemuBuildUSBHostdevDevStr

	Standard internal API syntax for building QEMU command line arguments
	All the helper functions for building command line arguments
	now return a 'char *', instead of acepting a 'char **' or
	virBufferPtr argument
	* qemu/qemu_conf.c: Standardize syntax for building args
	* qemu/qemu_conf.h: Export all functions for building args
	* qemu/qemu_driver.c: Update for changed syntax for building
	  NIC/hostnet args

2010-02-02  Jim Meyering  <meyering@redhat.com>

	libvirtd.c: avoid closing a negative socket file descriptor
	* daemon/libvirtd.c (qemudListenUnix): Close socket only if non-negative.

	storage_backend.c: avoid closing a negative file descriptor
	* src/storage/storage_backend.c (virStorageBackendRunProgRegex):
	Don't close a negative (read-only) file descriptor.

	avoid a probable EINVAL from lseek
	* src/qemu/qemu_driver.c (qemudLogReadFD): Don't pass a negative
	offset (from a preceding failed attempt to seek to EOF) to this use
	of lseek.

2010-02-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	udev: Don't let strtoul parse USB busnum and devnum as octal
	udevGetUintProperty was called with base set to 0 for busnum and devnum.
	With base 0 strtoul parses the number as octal if it start with a 0. But
	busnum and devnum are decimal and udev returns them padded with leading
	zeros. So strtoul parses them as octal. This works for certain decimal
	values like 001-007, but fails for values like 008.
	Change udevProcessUSBDevice to use base 10 for busnum and devnum.

2010-02-02  Jim Meyering  <meyering@redhat.com>

	util.c (two more): don't use a negative value as allocation size
	* src/util/util.c (virGetUserID, virGetGroupID): In the unlikely event
	that sysconf(_SC_GETPW_R_SIZE_MAX) fails, don't use -1 as the size in
	the subsequent allocation.

	json.c: avoid an unconditional leak from most qemuMonitorJSON* functions
	* src/util/json.c (virJSONValueFree): Free the "value" pointer, too.

	avoid format-related warnings
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetAllPCIAddresses):
	Use %s.
	* src/storage/storage_backend_iscsi.c (virStorageBackendCreateIfaceIQN):
	Likewise.
	* tools/virsh.c (cmdSecretSetValue): Likewise.

2010-02-02  Eric Blake  <ebb9@byu.net>

	maint: avoid excess parens in STREQ
	* src/internal.h (STREQ, STRCASEEQ, STRNEQ, STRCASENEQ, STREQLEN)
	(STRCASEEQLEN, STRNEQLEN, STRCASENEQLEN, STRPREFIX): Avoid
	redundant parenthesis.
	* examples/domain-events/events-c/event-test.c (STREQ): Likewise.
	* src/storage/parthelper.c (STREQ): Likewise.

2010-02-02  Jiri Denemark  <jdenemar@redhat.com>

	Move models/nmodels mismatch checking one level up

2010-02-01  Jiri Denemark  <jdenemar@redhat.com>

	Log flags in virConnectCompareCPU
	* src/libvirt.c: extend the debug statement to log flags too

2010-02-01  Chris Lalancette  <clalance@redhat.com>

	Fix PCI host reattach on domain detach.
	Similar to the race fixed by
	be34c3c7efbb1ea8999530f98b99c5dde3793f84, make sure
	to wait around for KVM to release the resources from
	a hot-detached PCI device before attempting to
	rebind that device to the host driver.

2010-02-01  Matthew Booth  <mbooth@redhat.com>

	Clarify controllers -device string in QEMU driver
	The QEMU driver contained code to generate a -device string for piix4-ide, but
	wasn't using it. This change removes this string generation. It also adds a
	comment explaining why IDE and FDC controllers don't generate -device strings.
	The change also generates an error if a sata controller is specified for a QEMU
	domain, as this isn't supported.
	* src/qemu/qemu_conf.c: Remove VIR_DOMAIN_CONTROLLER_TYPE_IDE handler in
	  qemuBuildControllerDevStr(). Ignore IDE and FDC controllers. Error if
	  SATA controller is discovered. Add comments.

2010-02-01  Chris Lalancette  <clalance@redhat.com>

	Fix up a comment in virHashUpdateEntry

	Look in /usr/libexec for the qemu-kvm binary.
	On RHEL-5 the qemu-kvm binary is located in /usr/libexec.
	To reduce confusion for people trying to run upstream libvirt
	on RHEL-5 machines, make the qemu driver look in /usr/libexec
	for the qemu-kvm binary.
	To make this work, I modified virFindFileInPath to handle an
	absolute path correctly.  I also ran into an issue where
	NULL was sometimes being passed for the file parameter
	to virFindFileInPath; it didn't crash prior to this patch
	since it was building paths like /usr/bin/(null).  This
	is non-standard behavior, though, so I added a NULL
	check at the beginning.

2010-01-30  Eric Blake  <ebb9@byu.net>

	maint: fix spelling error in hacking
	* HACKING: STRCASEEQ is case insensitive.
	* docs/hacking.html.in: Likewise.

2010-01-30  Jim Meyering  <meyering@redhat.com>

	util.c (virGetUserEnt): don't use a negative value as allocation size
	* src/util/util.c (virGetUserEnt): In the unlikely event that
	sysconf(_SC_GETPW_R_SIZE_MAX) fails, don't use -1 as the size in
	the subsequent allocation.

2010-01-28  Jim Fehlig  <jfehlig@novell.com>

	Support Xen 4.0 sysctl version 7
	xen-unstable c/s 20762 bumped XEN_SYSCTL_INTERFACE_VERSION to 7.  The
	interface change does not affect libvirt, other than xenHypervisorInit()
	failing since version 7 is not tried.
	The attached patch accommodates the upcoming Xen 4.0 release by checking
	for XEN_SYSCTL_INTERFACE_VERSION 7.  If found, it sets
	XEN_DOMCTL_INTERFACE_VERSION to 6, which is also new to Xen 4.0.

2010-01-27  Matthew Booth  <mbooth@redhat.com>

	Add missing sata controller type to domain.rng
	* docs/schemas/domain.rng: Add sata controller type

2010-01-27  Jim Meyering  <meyering@redhat.com>

	cpu_x86.c: avoid NULL-deref for invalid arguments
	* src/cpu/cpu_x86.c (x86Decode): Do not dereference NULL
	when "models" is NULL and nmodels is 1 or greater.

	portability to non-glibc: don't use realpath(..., NULL)
	it causes a NULL-dereference on some systems like Solaris 10.
	* src/node_device/node_device_linux_sysfs.c. Include <stdlib.h>.
	(get_sriov_function): Use canonicalize_file_name, not realpath.
	* bootstrap (modules): Add canonicalize-lgpl.

	pci.c: correct an erroneous expression
	* src/util/pci.c (pciDeviceDownstreamLacksACS): Fix a typo
	that rendered a subexpression always false.

2010-01-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	udev: Set the state driver name

	Remove undefined symbols from libvirt_private.syms

	udev: Remove event handle on shutdown
	This fixes a segfault when the event handler is called after shutdown
	when the global driver state is NULL again.
	Also fix a locking issue in an error path.

	Don't call disabled timer callbacks in event-test.c
	This fixes a segfault in the remote driver that occurs for example when
	the event-test is run inside a domain-0 and libvirtd is also running.

	esx: Output error details from libcurl

	Add missing function parameter documentation

2010-01-26  Jim Meyering  <meyering@redhat.com>

	hostusb: closedir only if non-NULL; rename labels: s/error/cleanup/
	* src/util/hostusb.c (usbSysReadFile): Rename labels s/error/cleanup/
	(usbFindBusByVendor): Likewise.  And closedir only if non-NULL.

2010-01-26  Laine Stump  <laine@laine.org>

	Cleanup of large buffer on stack in virFileMakePath
	virFileMakePath is a recursive function that was creates a buffer
	PATH_MAX bytes long for each recursion (one recursion for each element
	in the path). This changes it to have no buffers on the stack, and to
	allocate just one buffer total, no matter how many elements are in the
	path. Because the modified algorithm requires a char* to be passed in
	rather than const char *, it is now 2 functions - a toplevel API
	function that remains identical in function, and a 2nd helper function
	called for the recursions, which 1) doesn't allocate anything, and 2)
	takes a char* arg, so it can modify the contents.
	* src/util/util.c: rewrite virFileMakePath

2010-01-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Stop passing around virConnectPtr for error reporting

2010-01-26  Chris Lalancette  <clalance@redhat.com>

	Revert "Fix libvirtd restart for domains with PCI passthrough devices"
	This reverts commit cdc42d0a4865199a941d330dbb6ca1ef426323ae.
	As DanB pointed out, this patch is actually wrong.  The real
	bug that was causing me to see this problem is a bug
	introduced in a RHEL-5 libvirt snapshot, and I'm going to
	fix the real bug there.

	Fix a crash when restarting libvirtd.
	If you shutdown libvirtd while a domain with PCI
	devices is running, then try to restart libvirtd,
	libvirtd will crash.
	This happens because qemuUpdateActivePciHostdevs() is calling
	pciDeviceListSteal() with a dev of 0x0 (NULL), and then trying
	to dereference it.  This patch fixes it up so that
	qemuUpdateActivePciHostdevs() steals the devices after first
	Get()'ting them, avoiding the crash.

	Fix two instances of misspelled 'pseudo'

2010-01-26  Jim Meyering  <meyering@redhat.com>

	qemuMonitorTextAttachDrive: avoid two leaks
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextAttachDrive): Most other
	failures in this function would "goto cleanup", but one mistakenly
	returned directly, skipping the cleanup and resulting in a leak.
	In addition, iterating the "try_command" loop would clobber, and
	thus leak, the "cmd" allocated on the first iteration,
	so be careful to free it in addition to "reply" beforehand.

2010-01-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Search binaries in PATH instead of hardcoding /usr/bin

2010-01-26  Daniel P. Berrange  <berrange@redhat.com>

	Implement QMP support for extracting CPU thread ID
	The KVM build of QEMU includs the thread ID of each vCPU in the
	'query-cpus' output. This is required for pinning guests to
	particular host CPUs
	* src/qemu/qemu_monitor_json.c: Extract 'thread_id' from CPU info

	Misc fixes to QMP monitor support for QEMU
	* src/util/json.c, src/util/json.h: Declare returned strings
	  to be const
	* src/qemu/qemu_monitor.c: Wire up JSON mode for qemuMonitorGetPtyPaths
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h: Fix
	  const correctness. Add missing error message in the function
	  qemuMonitorJSONGetAllPCIAddresses. Add implementation of the
	  qemuMonitorGetPtyPaths function calling 'query-chardev'.

	Add some missing include files which break build in certain platforms
	Two files were using functions from <sys/stat.h> but not including
	in. Most of the time they got this automatically via another header,
	but certain build flag combinations can reveal the problem
	* src/lxc/lxc_container.c, src/node_device/node_device_linux_sysfs.c:
	  Add <sys/stat.h>

	Fix setup of compatability serial devices from console device
	The <console> tag is supposed to result in addition of a single
	<serial> device for HVM guests. The 'targetType' attribute was
	missing though causing the compatibility code to add a second
	<console> device
	* src/conf/domain_conf.c: Set targetType for serial device

2010-01-26  Jim Meyering  <meyering@redhat.com>

	usbGetDevice: don't leak a "usbDevice" buffer on failure path
	* src/util/hostusb.c (usbGetDevice): Free "dev" when returning NULL.

	qemuMonitorTextGetMemoryStats: plug a leak on an error path
	* src/qemu/qemu_monitor_text.c (qemuMonitorCommandWithHandler):
	Always free *reply, upon failure.

2010-01-25  Jim Meyering  <meyering@redhat.com>

	usbFindBusByVendor: don't leak a DIR buffer and FD
	* src/util/hostusb.c (usbFindBusByVendor): Don't leak a DIR buffer
	and file descriptor.

2010-01-25  Eric Blake  <ebb9@byu.net>

	Start modernizing configure
	* configure.ac: reanmed configura.in, use AC_CONFIG_HEADERS instead of
	  AM_CONFIG_HEADER

2010-01-23  Chris Lalancette  <clalance@redhat.com>

	Fix libvirtd restart for domains with PCI passthrough devices
	When libvirtd shuts down, it places a <state/> tag in the XML
	state file it writes out for guests with PCI passthrough
	devices.  For devices that are attached at bootup time, the
	state tag is empty.  However, at libvirtd startup time, it
	ignores anything with a <state/> tag in the XML, effectively
	hiding the guest.
	This patch remove the check for VIR_DOMAIN_XML_INTERNAL_STATUS
	when parsing the XML.
	* src/conf/domain_conf.c: remove VIR_DOMAIN_XML_INTERNAL_STATUS
	  flag check in virDomainHostdevSubsysPciDefParseXML()

	qemu: Fix race between device rebind and kvm cleanup
	Certain hypervisors (like qemu/kvm) map the PCI bar(s) on
	the host when doing device passthrough.  This can lead to a race
	condition where the hypervisor is still cleaning up the device while
	libvirt is trying to re-attach it to the host device driver.  To avoid
	this situation, we look through /proc/iomem, and if the hypervisor is
	still holding onto the bar (denoted by the string in the matcher variable),
	then we can wait around a bit for that to clear up.
	v2: Thanks to review by DV, make sure we wait the full timeout per-device

2010-01-22  Chris Lalancette  <clalance@redhat.com>

	Fix device assignment with root devices
	The patches to add ACS checking to PCI device passthrough
	introduced a bug.  With the current code, if you try to
	passthrough a device on the root bus (i.e. bus 0), then
	it denies the passthrough.  This is because the code in
	pciDeviceIsBehindSwitchLackingACS() to check for a parent
	device doesn't take into account the possibility of the
	root bus.  If we are on the root bus, it means we
	legitimately can't find a parent, and it also means that
	we don't have to worry about whether ACS is enabled.
	Therefore return 0 (indicating we don't lack ACS) from
	pciDeviceIsBehindSwitchLackingACS().

	Add a rule to check for uses of readlink.

	Use virFileResolveLink instead of readlink in AppArmor

	Fix a compile warning in parthelper.c

2010-01-22  Taizo ITO  <taizo.ito@hde.co.jp>

	Add virConnectGetVersion Python API
	adds a new python API call for retrieving the running
	hypervisor version used by a connection: virConnectGetVersion
	* python/generator.py: skip virConnectGetVersion from autogenerated
	* python/libvirt-override-api.xml python/libvirt-override.c: define
	  direct native bindings

2010-01-22  Jamie Strandboge  <jamie@canonical.com>

	Remove AppArmor compile warnings
	* src/security/security_apparmor.c: unused variable in
	  AppArmorSetSecurityAllLabel and unused parameter in
	  AppArmorReleaseSecurityLabel

2010-01-22  Chris Lalancette  <clalance@redhat.com>

	Remove unused PROC_MOUNT_BUF_LEN #define

2010-01-22  Daniel Veillard  <veillard@redhat.com>

	Update polish translation and regenerate localizations

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Add docs about new mailing list
	* docs/contact.html.in: Document new users mailing list

2010-01-21  Adam Litke  <agl@us.ibm.com>

	domMemoryStats / qemu: Fix parsing of unknown stats
	Fix a small problem with the qemu memory stats parsing algorithm.  If qemu
	reports a stat that libvirt does not recognize, skip past it so parsing can
	continue.  This corrects a potential infinite loop in the parsing code that can
	only be triggered if new statistics are added to qemu.
	* src/qemu/qemu_monitor_text.c: qemuMonitorParseExtraBalloonInfo add a
	  skip for extra ','

2010-01-21  David Allan  <dallan@redhat.com>

	Corrected log level of WWN path message
	* src/node_device/node_device_linux_sysfs.c: open_wwn_file() the
	  VIR_ERROR resllay should be just a VIR_DEBUG

2010-01-21  Daniel Veillard  <veillard@redhat.com>

	Fix an error when looking for devices in syspath
	* src/node_device/node_device_udev.c: udevSetupSystemDev() only print the
	  error message if lookup failed in both DMI_DEVPATH and DMI_DEVPATH_FALLBACK

2010-01-21  Dan Kenigsberg  <danken@redhat.com>

	Allow surrounding whitespace in uuid
	* src/util/uuid.c: extend virUUIDParse to allow leading and trailing
	  spaces in UUIDs

2010-01-21  Jim Meyering  <meyering@redhat.com>

	fix "make distcheck" failure
	* tests/Makefile.am (qemuhelpdata): Add qemu-0.12.1.

	avoid more format-related warnings
	* src/qemu/qemu_conf.c (qemuBuildDriveStr): Use "%s".
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetGuestPCIAddress):
	(qemuMonitorJSONGetGuestDriveAddress): Likewise.

	avoid format-related warnings
	* src/conf/domain_conf.c (virDomainDeviceInfoParseXML): Use "%s".

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix off-by-1 in SCSI drive hotplug
	The loop looking for the controller associated with a SCI drive had
	an off by one, causing it to miss the last controller.
	* src/qemu/qemu_driver.c: Fix off-by-1 in searching for SCSI
	  drive hotplug

	Fix leak in hotplug code in QEMU driver
	The hotplug code in QEMU was leaking memory because although the
	inner device object was being moved into the main virDomainDefPtr
	config object, the outer container virDomainDeviceDefPtr was not.
	 * src/qemu/qemu_driver.c: Clarify code to show that the inner
	   device object is owned by the main domain config upon
	   successfull attach.

	Add configuration option to turn off dynamic permissions management
	Add the ability to turn off dynamic management of file permissions
	for libvirt guests.
	* qemu/libvirtd_qemu.aug: Support 'dynamic_ownership' flag
	* qemu/qemu.conf: Document 'dynamic_ownership' flag.
	* qemu/qemu_conf.c: Load 'dynamic_ownership' flag
	* qemu/test_libvirtd_qemu.aug: Test 'dynamic_ownership' flag

	Fix security driver calls in hotplug cleanup paths
	The hotplug code was not correctly invoking the security driver
	in error paths. If a hotplug attempt failed, the device would
	be left with VM permissions applied, rather than restored to the
	original permissions. Also, a CDROM media that is ejected was
	not restored to original permissions. Finally there was a bogus
	call to set hostdev permissions in the hostdev unplug code
	* qemu/qemu_driver.c: Fix security driver usage in hotplug/unplug

	Add missing call to re-attach host devices if VM startup fails
	If there is a problem with VM startup, PCI devices may be left
	assigned to pci-stub / pci-back. Adding a call to reattach
	host devices in the cleanup path is required.
	* qemu/qemu_driver.c: qemuDomainReAttachHostDevices() when
	  VM startup fails

	Switch QEMU driver over to use the DAC security driver
	Remove all the QEMU driver calls for setting file ownership and
	process uid/gid. Instead wire in the QEMU DAC security driver,
	stacking it ontop of the primary SELinux/AppArmour driver.
	* qemu/qemu_driver.c: Switch over to new DAC security driver

	Introduce a new DAC security driver for QEMU
	This new security driver is responsible for managing UID/GID changes
	to the QEMU process, and any files/disks/devices assigned to it.
	* qemu/qemu_conf.h: Add flag for disabling automatic file permission
	  changes
	* qemu/qemu_security_dac.h, qemu/qemu_security_dac.c: New DAC driver
	  for QEMU guests
	* Makefile.am: Add new files

	Introduce a stacked security driver impl for QEMU
	* qemu/qemu_conf.h: Add securityPrimaryDriver and
	  securitySecondaryDriver fields to 'struct qemud_driver'
	* Makefile.am: Add new files
	* qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A
	  simple stacked security driver

	Pull initial disk labelling out into libvirtd instead of exec hook
	Pulling the disk labelling code out of the exec hook, and into
	libvirtd will allow it to access shared state in the daemon. It
	will also make debugging & error reporting easier / more reliable.
	* qemu/qemu_driver.c: Move initial disk labelling calls up into
	  libvirtd. Add cleanup of disk labels upon failure

	Fix leak of allocated security label
	If a VM fails to start, we can't simply free the security label
	strings, we must call the domainReleaseSecurityLabel() method
	otherwise the reserved 'mcs' level will be leaked in SElinux
	* src/qemu/qemu_driver.c: Invoke domainReleaseSecurityLabel()
	  when domain fails to start

	Refactor setup & cleanup of security labels in security driver
	The current security driver architecture has the following
	split of logic
	 * domainGenSecurityLabel
	    Allocate the unique label for the domain about to be started
	 * domainGetSecurityLabel
	    Retrieve the current live security label for a process
	 * domainSetSecurityLabel
	    Apply the previously allocated label to the current process
	    Setup all disk image / device labelling
	 * domainRestoreSecurityLabel
	    Restore the original disk image / device labelling.
	    Release the unique label for the domain
	The 'domainSetSecurityLabel' method is special because it runs
	in the context of the child process between the fork + exec.
	This is require in order to set the process label. It is not
	required in order to label disks/devices though. Having the
	disk labelling code run in the child process limits what it
	can do.
	In particularly libvirtd would like to remember the current
	disk image label, and only change shared image labels for the
	first VM to start. This requires use & update of global state
	in the libvirtd daemon, and thus cannot run in the child
	process context.
	The solution is to split domainSetSecurityLabel into two parts,
	one applies process label, and the other handles disk image
	labelling. At the same time domainRestoreSecurityLabel is
	similarly split, just so that it matches the style. Thus the
	previous 4 methods are replaced by the following 6 new methods
	 * domainGenSecurityLabel
	    Allocate the unique label for the domain about to be started
	    No actual change here.
	 * domainReleaseSecurityLabel
	   Release the unique label for the domain
	 * domainGetSecurityProcessLabel
	   Retrieve the current live security label for a process
	   Merely renamed for clarity.
	 * domainSetSecurityProcessLabel
	   Apply the previously allocated label to the current process
	 * domainRestoreSecurityAllLabel
	    Restore the original disk image / device labelling.
	 * domainSetSecurityAllLabel
	    Setup all disk image / device labelling
	The SELinux and AppArmour drivers are then updated to comply with
	this new spec. Notice that the AppArmour driver was actually a
	little different. It was creating its profile for the disk image
	and device labels in the 'domainGenSecurityLabel' method, where as
	the SELinux driver did it in 'domainSetSecurityLabel'. With the
	new method split, we can have consistency, with both drivers doing
	that in the domainSetSecurityAllLabel method.
	NB, the AppArmour changes here haven't been compiled so may not
	build.

	Make security drivers responsible for checking dynamic vs static labelling
	The QEMU driver is doing 90% of the calls to check for static vs
	dynamic labelling. Except it is forgetting todo so in many places,
	in particular hotplug is mistakenly assigning disk labels. Move
	all this logic into the security drivers themselves, so the HV
	drivers don't have to think about it.
	* src/security/security_driver.h: Add virDomainObjPtr parameter
	  to virSecurityDomainRestoreHostdevLabel and to
	  virSecurityDomainRestoreSavedStateLabel
	* src/security/security_selinux.c, src/security/security_apparmor.c:
	  Add explicit checks for VIR_DOMAIN_SECLABEL_STATIC and skip all
	  chcon() code in those cases
	* src/qemu/qemu_driver.c: Remove all checks for VIR_DOMAIN_SECLABEL_STATIC
	  or VIR_DOMAIN_SECLABEL_DYNAMIC. Add missing checks for possibly NULL
	  driver entry points.

2010-01-21  David Allan  <dallan@redhat.com>

	Implement support for multi IQN
	Allows the initiator to use a variety of IQNs rather than just the
	system IQN when creating iSCSI pools.
	* docs/schemas/storagepool.rng: extends the syntax with <iqn name="..."/>
	* src/conf/storage_conf.[ch]: read and stores the iqn name
	* src/storage/storage_backend_iscsi.[ch]: implement the IQN selection
	  when detected

2010-01-21  Jiri Denemark  <jdenemar@redhat.com>

	Let make fail when XHTML validation fails

2010-01-21  Laine Stump  <laine@laine.org>

	Fix uses of virFileMakePath
	* src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c
	  src/network/bridge_driver.c src/qemu/qemu_driver.c
	  src/uml/uml_driver.c: virFileMakePath returns 0 for success, or the
	  value of errno on failure, so error checking should be to test
	  if non-zero, not if lower than 0

	Create storage pool directories with proper uid/gid/mode
	Previously the uid/gid/mode in the xml was ignored when creating new
	storage pool directories. This commit attempts to honor the requested
	permissions, and spits out an error if it can't.
	Note that when creating the directory, the rest of the path leading up
	to the final element is created using current uid/gid/mode, and the
	final element gets the settings from xml. It is NOT an error for the
	directory to already exist; in this case, the perms for the existing
	directory are just set (if necessary).
	* src/storage/storage_backend_fs.c: update the virStorageBackendFileSystemBuild
	  function to check the directory hierarchy separately then create the
	  leaf directory with the right attributes

	Create storage volumes directly with desired uid/gid
	In order to avoid problems trying to chown files that were created by
	root on a root-squashing nfs server, fork a new process that setuid's
	to the desired uid before creating the file. (It's only done this way
	if the pool containing the new volume is of type 'netfs', otherwise
	the old method of creating the file followed by chown() is used.)
	This changes the semantics of the "create_func" slightly - previously
	it was assumed that this function just created the file, then the
	caller would chown it to the desired uid. Now, create_func does both
	operations.
	There are multiple functions that can take on the role of create_func:
	createFileDir - previously called mkdir(), now calls virDirCreate().
	virStorageBackendCreateRaw - previously called open(),
	                             now calls virFileCreate().
	virStorageBackendCreateQemuImg - use virRunWithHook() to setuid/gid.
	virStorageBackendCreateQcowCreate - same.
	virStorageBackendCreateBlockFrom - preserve old behavior (but attempt
	                                   chown when necessary even if not root)
	* src/storage/storage_backend.[ch] src/storage/storage_backend_disk.c
	  src/storage/storage_backend_fs.c src/storage/storage_backend_logical.c
	  src/storage/storage_driver.c: change the create_func implementations,
	  also propagate the pool information to be able to detect NETFS ones.

	New utility functions virFileCreate and virDirCreate
	These functions create a new file or directory with the given
	uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
	forking a new process, calling setuid/setgid in the new process, and
	then creating the file. This is better than simply calling open then
	fchown, because in the latter case, a root-squashing nfs server would
	create the new file as user nobody, then refuse to allow fchown.
	If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
	creating the file/dir, then chowning is is used. This gives better
	results in cases where the parent directory isn't on a root-squashing
	NFS server, but doesn't give permission for the specified uid/gid to
	create files. (Note that if the fork/setuid method fails to create the
	file due to access privileges, the parent process will make a second
	attempt using this simpler method.)
	If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
	existing file/directory will not cause an error; in this case, the
	function will simply set the permissions of the file/directory to
	those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
	existing file/directory is considered (and reported as) an error.
	Return from both of these functions is 0 on success, or the value of
	errno if there was a failure.
	* src/util/util.[ch]: add the 2 new util functions

	Add virRunWithHook util function
	* src/util/util.[ch]: similar to virExecWithHook, but waits for child to
	  exit. Useful for doing things like setuid after the fork but before the
	  exec.

2010-01-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	Unset copied environment variables in qemuxml2argvtest
	The test expected all environment variables copied in qemudBuildCommandLine
	to have known values. So all of them have to be either set to a known value
	or be unset. SDL_VIDEODRIVER and QEMU_AUDIO_DRV are not handled at all but
	should be handled. Unset both, otherwise the test will fail if they are set
	in the testing environment.
	* src/qemu/qemu_conf.c: add a comment about copied environment variables
	  and qemuxml2argvtest
	* tests/qemuxml2argvtest.c: unset SDL_VIDEODRIVER and QEMU_AUDIO_DRV

	qemu: Don't allocate zero bytes

2010-01-21  Jim Meyering  <meyering@redhat.com>

	clean-up: remove unnecessary closedir call
	* src/node_device/node_device_linux_sysfs.c (get_virtual_functions_linux):
	Remove unnecessary closedir.  Spotted by Dave Allan.

	node_device_linux_sysfs.c: avoid opendir/fd leak on error path
	* src/node_device/node_device_linux_sysfs.c(get_virtual_functions_linux):
	Don't leak a DIR buffer and file descriptor on error path.

	domain_conf.c: avoid a leak and the need for "cleanup:" block
	* src/conf/domain_conf.c (virDomainChrDefFormat): Plug a leak on
	an error path, and at the same time, eliminate the need for a
	"cleanup:" block.  Before, the "return -1" after the switch
	would leak an "addr" string.  Now, by reversing the port,addr-
	getting blocks we can free "addr" immediately and skip the goto.

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Make all bitfields unsigned ints to avoid unexpected values in casts
	The 'int virInterfaceIsActive()' method was directly returning the
	value of the 'int active:1' bitfield in virIntefaceDefPtr. A bitfield
	with a signed integer, will hold the values 0 and -1, not 0 and +1
	as might be expected. This meant that virInterfaceIsActive() was
	always returning -1 when the interface was active, not +1 & thus all
	callers thought an error had occurred. To protect against this kind
	of mistake again, change all bitfields to be unsigned ints
	* daemon/libvirtd.h, src/conf/domain_conf.h, src/conf/interface_conf.h,
	  src/conf/network_conf.h: Change bitfields to unsigned int.

	Fix QEMU driver custom domain status XML extensions
	Invoking the virConnectGetCapabilities() method causes the QEMU
	driver to rebuild its internal capabilities object. Unfortunately
	it was forgetting to register the custom domain status XML hooks
	again.
	To avoid this kind of error in the future, the code which builds
	capabilities is refactored into one single method, which can be
	called from all locations, ensuring reliable rebuilds.
	* src/qemu/qemu_driver.c: Fix rebuilding of capabilities XML and
	  guarentee it is always consistent

2010-01-20  Jiri Denemark  <jdenemar@redhat.com>

	Document cpu-compare command in virsh man page

	Document <cpu> elements in capabilities and domain XML

2010-01-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Remove outdated information about remote limitations

2010-01-20  Jim Meyering  <meyering@redhat.com>

	logging: confirm that we want to ignore a write error
	* src/util/logging.c (virLogMessage): Include "ignore-value.h".
	Use it to ignore the return value of safewrite.
	Use STDERR_FILENO, rather than "2".
	* bootstrap (modules): Add ignore-value.
	* gnulib: Update to latest, for ignore-value that is now LGPLv2+.

	xen_driver: don't leak a parsed-config buffer
	* src/xen/xen_driver.c (xenUnifiedDomainXMLFromNative): Also
	free "conf" before returning.

2010-01-20  Laine Stump  <laine@laine.org>

	Update interface.rng and xml test files to match netcf 0.1.5
	The RNG now supports IPv6 and bonds attached to bridges, along with
	some other minor tweaks. All test files from netcf have been copied to
	the test directory and added to the xml2xml and schema tests (and they
	all pass, of course ;-)

	Support bond interfaces attached to bridges in interface xml.
	This was accomplished in xml parsing by doing away with the
	stripped-down virInterfaceBareDef object, and just always using
	virInterfaceDef, but with restrictions in certain places (eg, the type
	of subordinate interface allowed in parsing depends on the parent
	interface).
	xml formatting was similarly adjusted. In addition, the formatting
	functions keep track of the level of interface nesting, and insert
	extra leading spaces on each line accordingly (using %*s).
	The only change in formatted xml from previous (aside frmo supporting
	new combinations of interface types) is that the subordinate ethernet
	interfaces take up 2 lines rather than one, eg:
	   <interface type='ethernet' name='eth0'>
	   </interface>
	instead of:
	   <interface type='ethernet' name='eth0'/>

	Allow empty bridges in interface xml.

	Support delay property in interface bridge xml.

2010-01-20  Jim Meyering  <meyering@redhat.com>

	storage_conf: plug a leak on OOM error path
	* src/conf/storage_conf.c (virStoragePoolSourceListNewSource):
	Free just-allocated "source" upon VIR_REALLOC_N failure.

2010-01-20  Jiri Denemark  <jdenemar@redhat.com>

	Remove superfluous new lines from messages
	I noticed some debug messages are printed with an empty lines after
	them. This patch removes these empty lines from all invocations of the
	following macros:
	    VIR_DEBUG
	    VIR_DEBUG0
	    VIR_ERROR
	    VIR_ERROR0
	    VIR_INFO
	    VIR_WARN
	    VIR_WARN0

	Use pciDeviceIsAssignable in qemu driver

	Tests for ACS in PCIe switches
	New pciDeviceIsAssignable() function for checking whether a given PCI
	device can be assigned to a guest was added. Currently it only checks
	for ACS being enabled on all PCIe switches between root and the PCI
	device. In the future, it could be the right place to check whether a
	device is unbound or bound to a stub driver.

2010-01-19  Daniel Veillard  <veillard@redhat.com>

	Add Jiri Denemark <jdenemar@redhat.com> to commiters

2010-01-19  Jiri Denemark  <jdenemar@redhat.com>

	Allow for CPU topology specification without model
	Currently CPU topology may only be specified together with CPU model:
	    <cpu match='exact'>
	        <model>name</model>
	        <topology sockets='1' cores='2' threads='3'/>
	    </cpu>
	This patch allows for CPU topology specification without the need for
	also specifying CPU model:
	    <cpu>
	        <topology sockets='1' cores='2' threads='3'/>
	    </cpu>
	'match' attribute and 'model' element are made optional with the
	restriction that 'match' attribute has to be set when 'model' is
	present.

	Add debug messages for CPU incompatibility
	When comparing incompatible CPUs, the reason for this incompatibility is
	logged as a debug message.

	Take disabled/forced CPU features into account
	When comparing x86 CPUs, features with 'disabled' policy were mistakenly
	required to be supported by the host CPU.
	Likewise, features with 'force' policy which were supported by host CPU
	would make CPUs incompatible if 'strict' match was used by guest CPU.
	This patch fixes both issues.

	Implement CPU topology support for QEMU driver
	QEMU's command line equivalent for the following domain XML fragment
	    <vcpus>2</vcpus>
	    <cpu ...>
	        ...
	        <topology sockets='1' cores='2', threads='1'/>
	    </cpu>
	is
	    -smp 2,sockets=1,cores=2,threads=1
	This syntax was introduced in QEMU-0.12.
	Version 2 changes:
	- -smp argument build split into a separate function
	- always add ",sockets=S,cores=C,threads=T" to -smp if qemu supports it
	- use qemuParseCommandLineKeywords for command line parsing
	Version 3 changes:
	- ADD_ARG_LIT => ADD_ARG and line reordering in qemudBuildCommandLine
	- rebased

	Enhance qemuParseCommandLineKeywords
	Current version expects name=value,... list and when an incorrect string
	such as "a,b,c=d" would be parsed as "a,b,c" keyword with "d" value
	without reporting any error, which is probably not the expected
	behavior.
	This patch adds an extra argument called allowEmptyValue, which if
	non-zero will permit keywords with no value; "a,b=c,,d=" will be parsed
	as follows:
	    keyword value
	    "a"     NULL
	    "b"     "c"
	    ""      NULL
	    "d"     ""
	In case allowEmptyValue is zero, the string is required to contain
	name=value pairs only; retvalues is guaranteed to contain non-NULL
	pointers. Now, "a,b,c=d" will result in an error.

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Convert VirtIO balloon over to -device syntax
	Replace
	   -balloon virtio
	With
	   -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
	This allows it to get correct assigned PCI address as declared in
	previous patch
	 * src/qemu/qemu_conf.c: Convert Virtio ballon to -device and
	   give it an explicit PCI address
	 * tests/qemuxml2argvdata/qemuxml2argv-*args: Add in virtio balloon
	   where appropriate

	Auto-assign PCI addresses
	Instead of relying on QEMU to assign PCI addresses and then querying
	them with 'info pci', manually assign all PCI addresses before starting
	the guest.  These addresses are not stable across reboots. That will
	come in a later patch
	NB, the PIIX3 (IDE, FDC, ISA-Bridge) will always have slot 1 and
	VGA will always have slot 2. We declare the Virtio Balloon gets
	slot 3, and then all remaining slots are for configured devices.
	* src/qemu/qemu_conf.c: If -device is supported, then assign all PCI
	  addresses when building the command line
	* src/qemu/qemu_driver.c: Don't query monitor for PCI addresses if
	  they have already been assigned
	* tests/qemuxml2argvdata/qemuxml2argv-hostdev-pci-address-device.args,
	  tests/qemuxml2argvdata/qemuxml2argv-net-virtio-device.args,
	  tests/qemuxml2argvdata/qemuxml2argv-sound-device.args,
	  tests/qemuxml2argvdata/qemuxml2argv-watchdog-device.args: Update
	  to include PCI slot/bus information

	Pass -vga none if no video card specified
	QEMU always configures a VGA card. If no video card is included in
	the libvirt XML, it is neccessary to explicitly turn off the default
	using -vga none
	* src/qemu/qemu_conf.c: Pass -vga none if no video card is configured
	* tests/qemuargv2xmltest.c, tests/qemuxml2argvtest.c: Test for
	  handling -vga none.
	* tests/qemuxml2argvdata/qemuxml2argv-nographics-vga.args,
	  tests/qemuxml2argvdata/qemuxml2argv-nographics-vga.xml: Test
	  data files

	Add support for explicit -sdl flag to QEMU
	Not all QEMU builds default to SDL graphics for their display.
	Newer QEMU now has an explicit -sdl flag, which we can use to
	explicitly request SDL intead of relying on the default. This
	protects libvirt against unexpected changes in graphics default
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Probe for -sdl
	  flag and use it if it is found
	* tests/qemuhelptest.c: Add SDL flag to tests

	Convert guestfwd to -device, and add -sdl explicit args
	The old syntax was
	   -chardev SOMECONFIG
	   -nic user,guestfwd=tcp:IP:PORT-chardev:CHARDEV
	The new syntax is
	   -chardev SOMECONFIG
	   -netdev user,guestfwd=tcp:IP:PORT,chardev=ID,id=user-ID

	Convert PCI device assignment over to -device
	The old syntax is
	  -pcidevice host=BUS:SLOT:FUNCTION
	The new syntax is
	  -device pci-assign,host=BUS:SLOT:FUNCTION,addr=<PCI SLOT>,id=host0

	Convert USB input devices to -device

	Convert USB hostdevices over to -device
	The old syntax was
	   -usbdevice host:PRODUCT:VENDOR
	Or
	   -usbdevice host:BUS.DEV
	The new syntax is
	   -device usb-host,product=PRODUCT,vendor=VENDOR
	Or
	   -device usb-host,hostbus=BUS,hostaddr=DEV

	Convert USB disks over to -device
	The previous syntax was severely limited in its options
	  -usbdevice disk:/home/berrange/output.img
	The new syntax is the same as for other disk types
	  -drive file=/home/berrange/output.img,if=none,id=usb-1,index=1
	  -device usb-storage,drive=usb-1
	Again, the index= arg is wrong here, and will be removed in a
	later merge

	Convert NICs over to use -device & -netdev where possible
	The current syntax uses a pair of args
	   -net nic,macaddr=52:54:00:56:6c:55,vlan=3,model=pcnet,name=pcnet.0
	   -net user,vlan=3,name=user.0
	The new syntax does not  need the vlan craziness anymore, and
	so has a simplified pair of args
	   -netdev user,id=user.0
	   -device pcnet,netdev=user.0,id=pcnet.0,mac=52:54:00:56:6c:55,addr=<PCI SLOT>

	Convert disk drive over to use -device where available
	The current preferred syntax for disk drives uses
	  -drive file=/vms/plain.qcow,if=virtio,index=0,boot=on,format=qcow
	The new syntax splits this up into a pair of linked args
	  -drive file=/vms/plain.qcow,if=none,id=drive-virtio-0,format=qcow2
	  -device virtio-blk-pci,drive=drive-virtio-0,id=virtio-0,addr=<PCI SLOT>
	SCSI/IDE devices also get a bus property linking them to the
	controller
	  -device scsi-disk,drive=drive-scsi0-0-0,id=scsi0-0-0,bus=scsi0.0,scsi-id=0
	  -device ide-drive,drive=drive-ide0-0-0,id=ide0-0-0,bus=ide0,unit=0

	Convert audio devices over to -device syntax
	The current syntax for audio devices is a horrible multiplexed
	arg
	    -soundhw sb16,pcspk,ac97
	The new syntax is
	    -device sb16,id=sound0
	or
	    -device AC97,id=sound1,addr=<PCI SLOT>
	NB, pcspk still uses the old -soundhw syntax

	Convert watchdog to -device
	The current syntax for watchdogs is
	    -watchdog i6300esb
	The new syntax will now be
	    -device i6300esb,id=watchdogNN,addr=<PCI-SLOT>

	Convert character devices over to use -device
	The current character device syntax uses either
	  -serial tty,path=/dev/ttyS2
	Or
	  -chardev tty,id=serial0,path=/dev/ttyS2 -serial chardev:serial0
	With the new -device support, we now prefer
	  -chardev file,id=serial0,path=/tmp/serial.log -device isa-serial,chardev=serial0
	This patch changes the existing -chardev syntax to use this new
	scheme, and fallbacks to the old plain -serial syntax for old
	QEMU.
	The monitor device changes to
	  -chardev socket,id=monitor,path=/tmp/test-monitor,server,nowait -mon chardev=monitor
	In addition, this patch adds --nodefaults, which kills off the
	default serial, parallel, vga and nic devices. THis avoids the
	need for us to explicitly turn each off

	Assign device aliases for all devices at startup
	When starting a guest, give every device a unique alias. This will
	be used for the 'id' parameter in -device args in later patches.
	It can also be used to uniquely identify devices in the monitor
	For old QEMU without -device, assign disk names based on QEMU's
	historical naming scheme.
	* src/qemu/qemu_conf.c: Assign unique device aliases
	* src/qemu/qemu_driver.c: Remove obsolete qemudDiskDeviceName
	  and use the device alias in eject & blockstats commands

2010-01-18  Jim Meyering  <meyering@redhat.com>

	storage_backend_fs.c: do not ignore probe failure
	* src/storage/storage_backend_fs.c (virStorageBackendFileSystemRefresh):
	Correct parentheses.  The documented intent is to ignore non-regular
	files, yet due to a parenthesization error all errors were handled
	that way.

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Probe for -device and use -nodefaults
	Probe for the new -device flag and if available set the -nodefaults
	flag, instead of using -net none, -serial none or -parallel none.
	Other device types will be converted to use -device in later patches.
	The -nodefaults flag will help avoid unwelcome surprises from future
	QEMU releases
	* src/qemu/qemu_conf.c: Probe for -device. Add -nodefaults flag.
	  Remove -net none, -serial none or -parallel none
	* src/qemu/qemu_conf.h: Define QEMU_CMD_FLAG_DEVICE
	* tests/qemuhelpdata/qemu-0.12.1: New data file for 0.12.1 QEMU
	* tests/qemuhelptest.c: Test feature extraction from 0.12.1 QEMU

	Add device info to serial, parallel, channel, input & fs devices
	Although the serial, parallel, chanel, input & fs devices do
	not have PCI address info, they can all have device aliases.
	Thus it neccessary to associate the virDomainDeviceInfo data
	with them all.
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Add hooks for
	  parsing / formatting device info for serial, parallel, channel
	  input and fs devices.
	* docs/schemas/domain.rng: Associate device info with character
	  devices, input & fs device

	Introduce device aliases
	This patch introduces the support for giving all devices a short,
	unique name, henceforth known as a 'device alias'.  These aliases
	are not set by the end user, instead being assigned by the hypervisor
	if it decides it want to support this concept.
	The QEMU driver sets them whenever using the -device arg syntax
	and uses them for improved hotplug/hotunplug. it is the intent
	that other APIs (block / interface stats & device hotplug) be
	able to accept device alias names in the future.
	The XML syntax is
	   <alias name="video0"/>
	This may appear in any type of device that supports device info.
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Add a 'alias'
	  field to virDomainDeviceInfo struct & parse/format it in XML
	* src/libvirt_private.syms: Export virDomainDefClearDeviceAliases
	* src/qemu/qemu_conf.c: Replace use of "nic_name" field with the
	  standard device alias
	* src/qemu/qemu_driver.c: Clear device aliases at shutdown

	Clear assigned PCI devices at shutdown
	The PCI device addresses are only valid while the VM is running,
	since they are auto-assigned by QEMU. After shutdown they must
	all be cleared. Future QEMU driver enhancement will allow for
	persistent PCI address assignment
	* src/conf/domain_conf.h, src/conf/domain_conf.c, src/libvirt_private.syms
	  Add virDomainDefClearPCIAddresses() method for wiping out auto assigned
	  PCI addresses
	* src/qemu/qemu_driver.c: Clear PCI addresses at VM shutdown

	Auto-add disk controllers based on defined disks
	Existing applications using libvirt are not aware of the disk
	controller concept. Thus, after parsing the <disk> definitions
	in the XML, it is neccessary to create <controller> elements
	to satisfy all requested disks, as per their defined drive
	addresses
	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/libvirt_private.syms: Add virDomainDefAddDiskControllers()
	  method for populating disk controllers, and call it after
	  parsing disk definitions.
	* src/qemu/qemu_conf.c: Call virDomainDefAddDiskControllers()
	  when doing ARGV -> XML conversion
	* tests/qemuxml2argvdata/qemuxml2argv*.xml: Add disk controller
	  data to all data files which don't have it already

	Avoid free'ing a constant string in chardev lookup code
	 * src/qemu/qemu_monitor_text.c: Don't free const string in
	   qemuMonitorTextGetPtyPaths()

	Remove restriction on duplicated sound devices in parser
	It is perfectly acceptable to have multiple sound devices of
	same type in guest configuration. If the underlying hypervisor
	does not like this, it is its job to complain, not the XML
	parser's
	* src/conf/domain_conf.c: Remove hack which deleted duplicated
	  sound device models.
	* tests/xml2sexprdata/xml2sexpr-fv-sound.xml: Remove duplicate
	  models

	Detect PCI addresses at QEMU startup
	Hotunplug of devices requires that we know their PCI address. Even
	hotplug of SCSI drives, required that we know the PCI address of
	the SCSI controller to attach the drive to. We can find this out
	by running 'info pci' and then correlating the vendor/product IDs
	with the devices we booted with.
	Although this approach is somewhat fragile, it is the only viable
	option with QEMU < 0.12, since there is no way for libvirto set
	explicit PCI addresses when creating devices in the first place.
	For QEMU > 0.12, this code will not be used.
	* src/qemu/qemu_driver.c: Assign all dynamic PCI addresses on
	  startup of QEMU VM, matching vendor/product IDs
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  API for fetching PCI device address mapping

	Properly support SCSI drive hotplug
	The current SCSI hotplug support attaches a brand new SCSI controller
	for every disk. This is broken because the semantics differ from those
	used when starting the VM initially. In the latter case, each SCSI
	controller is filled before a new one is added.
	If the user specifies an high drive index (sdazz) then at initial
	startup, many intermediate SCSI controllers may be added with no
	drives.
	This patch changes SCSI hotplug so that it exactly matches the
	behaviour of initial startup. First the SCSI controller number is
	determined for the drive to be hotplugged. If any controller upto
	and including that controller number is not yet present, it is
	attached. Then finally the drive is attached to the last controller.
	NB, this breaks SCSI hotunplug, because there is no 'drive_del'
	command in current QEMU. Previous SCSI hotunplug was broken in
	any case because it was unplugging the entire controller, not
	just the drive in question.
	A future QEMU will allow proper SCSI hotunplug of a drive.
	This patch is derived from work done by Wolfgang Mauerer on disk
	controllers.
	* src/qemu/qemu_driver.c: Fix SCSI hotplug to add a drive to
	 the correct controller, instead of just attaching a new
	  controller.
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  support for 'drive_add' command

2010-01-18  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Implement SCSI controller hotplug/unplug for QEMU
	This patch allows for explicit hotplug/unplug of SCSI controllers.
	Ordinarily this is not required, since QEMU/libvirt will attach
	a new SCSI controller whenever one is required. Allowing explicit
	hotplug of controllers though, enables the caller to specify a
	static PCI address, instead of auto-assigning the next available
	PCI slot. Or it will when we have static PCI addressing.
	This patch is derived from Wolfgang Mauerer's disk controller
	patch series.
	* src/qemu/qemu_driver.c: Support hotplug & unplug of SCSI
	  controllers
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  new API for attaching PCI SCSI controllers

2010-01-18  Jim Meyering  <meyering@redhat.com>

	vbox_tmpl.c: remove useless array-is-non-NULL comparisons
	* src/vbox/vbox_tmpl.c (vboxStorageVolDelete): Remove always-true
	array-is-non-NULL test.  git grep 'key\[.*\];'|grep -F .h
	src/datatypes.h:    char key[PATH_MAX];
	(vboxStorageVolGetInfo): Likewise.
	(vboxStorageVolGetXMLDesc): Likewise.
	(vboxStorageVolGetPath): Likewise.
	(vboxDomainDefineXML): Likewise. (but now with "mac[]")

	lxc_driver: remove useless comparison
	* src/lxc/lxc_driver.c (lxcSetupInterfaces): Remove always-true
	array-is-non-NULL test.  git grep 'mac\[.*\];'|grep -F .h
	src/conf/domain_conf.h:    unsigned char mac[VIR_MAC_BUFLEN];

	build: update gnulib submodule to latest

	gnulib added a new syntax-check test: use $(VAR), not @VAR@
	The latter is not officially "wrong", but *is* terribly anachronistic.
	I think automake documentation or comments call that syntax obsolescent.
	* cfg.mk (_makefile_at_at_check_exceptions): Exempt @SCHEMADIR@
	and @SYSCONFDIR@ uses -- there are no Makefile variables for those.
	* docs/Makefile.am: Use $(INSTALL), not @INSTALL@.
	* examples/dominfo/Makefile.am: Similar.
	* examples/domsuspend/Makefile.am: Similar.
	* proxy/Makefile.am: Similar.
	* python/Makefile.am: Similar.
	* python/tests/Makefile.am: Similar.
	* src/Makefile.am: Similar.
	* tests/Makefile.am: Similar.

	storage_backend.h: include required headers
	* src/storage/storage_backend.h: Include <stdint.h>.

	esx_vi_types.c: include required headers
	* src/esx/esx_vi_types.c: Include <stdint.h>.

	vbox: include required headers
	* src/vbox/vbox_driver.c: Include <stdint.h> <unistd.h> <sys/types.h>.

	cpu_x86_data.h: include required header
	* src/cpu/cpu_x86_data.h: Include <stdint.h>.

	util.c: include required header, no longer masked by gnulib
	Until recently, some gnulib-generated replacement headers
	included *other* headers that were not strictly necessary,
	thus masking the need in this file for an explicit <stdlib.h>.
	* src/util/util.c: Include <stdlib.h> for declarations of e.g.,
	strtol, random_r, getenv, etc.

2010-01-18  Jiri Denemark  <jdenemar@redhat.com>

	Use closest CPU model when decoding from CPUID
	Current implementation of x86Decode() used for CPUID -> model+features
	translation does not always select the closest CPU model. When walking
	through all models from cpu_map.xml the function considers a new
	candidate as a better choice than a previously selected candidate only
	if the new one is a superset of the old one. In case the new candidate
	is closer to host CPU but lacks some feature comparing to the old
	candidate, the function does not choose well.
	This patch changes the algorithm so that the closest model is always
	selected. That is, the model which requires the lowest number of
	additional features to describe host CPU.

2010-01-18  Diego Elio Pettenò  <flameeyes@gmail.com>

	Change detection of xen so that it's actually automatic rather than forced.
	This ensures that ./configure will work fine if xen development packages
	are not around, rather than fail. When passing ./configure --with-xen, the
	lack of xen development packages become fatal.

	Standardise ./configure --help options reporting.
	Always use AC_HELP_STRING for the help text for options at ./configure,
	so that the output is properly aligned.
	Use proper quadrigraphs for outputting the brackets.
	Always use autoconf-style [default=$foo] output to state the default, both
	where it was stated before and where it wasn't.
	This time, include Matthias Bolte notes regarding defaults, and removing
	PFX specification from phyp.

2010-01-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Use log output for pty assignment if 'info chardev' is unavailable
	qemudFindCharDevicePTYsMonitor reports an error if 'info chardev' didn't
	provide information for a requested device, even if the log output parsing
	had found the pty path for that device. This makes pty assignment fail for
	older QEMU/KVM versions. For example KVM 72 on Debian doesn't support
	'info chardev', so qemuMonitorTextGetPtyPaths cannot parse any useful
	information and the hash for device-id-to-pty-path mapping stays empty.
	Make qemudFindCharDevicePTYsMonitor report an error only if the log output
	parsing and the 'info chardev' parsing failed to provide the pty path.

	esx: Add VNC support
	* src/conf/domain_conf.c: add defaults for the video device
	* src/esx/esx_vmx.[ch]: add VNC support to the VMX handling
	* tests/vmx2xmltest.c, tests/xml2vmxtest.c: add tests for the VNC support

	esx: Make the domain part of the hostname optional
	Before the driver assumed that there is always a domain part. That's
	not true. Now the domain part is handled as optional.

	esx: Add stubs for secondary driver types
	This stops libvirt from probing for a libvirtd on the ESX server and
	sets the base for the implementation of the secondary drivers.

2010-01-18  David Jorm  <dfj@dfj.bne.redhat.com>

	BZs 528709 548485

2010-01-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix validation of news.html

2010-01-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix build of Xen proxy daemon
	* src/conf/domain_conf.c: Allow virDomainDeviceInfoIsSet,
	  virDomainDeviceInfoClear & virDomainDeviceInfoFormat when
	  building Xen proxy

	Remove obsolete comment in QEMU JSON code
	* src/qemu/qemu_monitor_json.c: We fill in the PCI function number
	   now, so remove obsolete XXX comment

	Specify bus/unit instead of index for disks with QEMU
	The current code for using -drive simply sets the -drive 'index'
	parameter. QEMU internally converts this to bus/unit depending
	on the type of drive. This does not give us precise control over
	the bus/unit assignment though. This change switches over to make
	libvirt explicitly calculate the bus/unit number.
	In addition bus/unit/index are actually irrelevant for VirtIO
	disks, since each virtio disk is a separate PCI device. No disk
	controller is involved.
	Doing the conversion to bus/unit in libvirt allows us to correctly
	attach SCSI controllers when required.
	* src/qemu/qemu_conf.c: Specify bus/unit instead of index for
	  disks
	* tests/qemuxml2argvdata/qemuxml2argv-disk*.args: Switch over from
	  using index=NNNN, to bus=NN, unit=NN for SCSI/IDE/Floppy disks

	Split code for building QEMU -drive arg in separate method
	To enable it to be called from multiple locations, split out
	the code for building the -drive arg string. This will be needed
	by later patches which do drive hotplug, the conversion to use
	-device, and the conversion to controller/bus/unit addressing
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Add qemuBuildDriveStr
	  for building -drive arg string

	Convert monitor over to use virDomainDeviceAddress
	Convert the QEMU monitor APIs over to use virDomainDeviceAddress
	structs for passing addresses in/out, instead of individual bits.
	This makes the number of parameters smaller & easier to deal with.
	No functional change
	* src/qemu/qemu_driver.c, src/qemu/qemu_monitor.c,
	  src/qemu/qemu_monitor.h, src/qemu/qemu_monitor_text.c,
	  src/qemu/qemu_monitor_text.h: Change monitor hotplug APIs to
	  take an explicit address ptr for all host/guest addresses

2010-01-16  Jim Fehlig  <jfehlig@novell.com>

	Minor fixes for API extension doc
	Update the API Extensions doc to reflect new source directory layout.

2010-01-16  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Add new domain device: "controller"
	This augments virDomainDevice with a <controller> element
	that is used to represent disk controllers (e.g., scsi
	controllers). The XML format is given by
	  <controller type="scsi" index="<num>">
	     <address type="pci" domain="0xNUM" bus="0xNUM" slot="0xNUM"/>
	  </controller>
	where type denotes the disk interface (scsi, ide,...), index
	is an integer that identifies the controller for association
	with disks, and the <address> element specifies the controller
	address on the PCI bus as described in previous commits
	The address element can be omitted; in this case, an address
	will be assigned automatically.
	Most of the code in this patch is from Wolfgang Mauerer's
	previous disk controller series
	 * docs/schemas/domain.rng: Define syntax for <controller>
	   XML element
	 * src/conf/domain_conf.c, src/conf/domain_conf.h: Define
	   virDomainControllerDef struct, and routines for parsing
	   and formatting XML
	* src/libvirt_private.syms: Add virDomainControllerInsert
	   and virDomainControllerDefFree

2010-01-16  Daniel P. Berrange  <berrange@redhat.com>

	Set default disk controller/bus/unit props
	When parsing the <disk> element specification, if no <address>
	is provided for the disk, then automatically assign one based on
	the <target dev='sdXX'/> device name. This provides for backwards
	compatability with existing applications using libvirt, while also
	allowing new apps to have complete fine grained control.
	* src/conf/domain_conf.h, src/conf/domain_conf.c,
	  src/libvirt_private.syms: Add virDomainDiskDefAssignAddress()
	  for assigning a controller/bus/unit address based on disk target
	* src/qemu/qemu_conf.c: Call virDomainDiskDefAssignAddress() after
	  generating XML from ARGV
	* tests/qemuxml2argvdata/*.xml: Add in drive address information
	  to all XML files

	Add address info to sound, video and watchdog devices
	Add the virDomainDeviceAddress information to the sound, video
	and watchdog devices. This means all of them gain the new XML
	element
	  <address .... />
	This brings them upto par with disk/net/hostdev devices which
	already have address info
	* src/conf/domain_conf.h: Add virDomainDeviceAddress to sound,
	  video & watchdog device struts.
	* src/conf/domain_conf.c: Hook up parsing/formatting for
	  virDomainDeviceAddress in sound, video & watchdog devices
	* docs/schemas/domain.rng: Associate device address info
	  with sound, video & watchdog

	Extend the virDomainDeviceAddress struture to allow disk controller addresses
	Introduce a new structure
	      struct _virDomainDeviceDriveAddress {
	        unsigned int controller;
	        unsigned int bus;
	        unsigned int unit;
	      };
	and plug that into virDomainDeviceAddress and generates XML that
	looks like
	  <address type='drive' controller='1' bus='0' unit='5'/>
	This syntax will be used by the QEMU driver to explicitly control
	how drives are attached to the bus
	* src/conf/domain_conf.h, src/conf/domain_conf.c: Parsing and
	  formatting of drive addresses
	* docs/schemas/domain.rng: Define new address format for drives

	Introduce a standardized data structure for device addresses
	All guest devices now use a common device address structure
	summarized by:
	  enum virDomainDeviceAddressType {
	    VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE,
	    VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI,
	  };
	  struct _virDomainDevicePCIAddress {
	    unsigned int domain;
	    unsigned int bus;
	    unsigned int slot;
	    unsigned int function;
	  };
	  struct _virDomainDeviceInfo {
	    int type;
	    union {
	        virDomainDevicePCIAddress pci;
	    } addr;
	  };
	This replaces the anonymous structs in Disk/Net/Hostdev data
	structures. Where available, the address is *always* printed
	in the XML file, instead of being hidden in the internal state
	file.
	  <address type='pci' domain='0x0000' bus='0x1e' slot='0x07' function='0x0'/>
	The structure definition is based on Wolfgang Mauerer's disk
	controller patch series.
	* docs/schemas/domain.rng: Define the <address> syntax and
	  associate it with disk/net/hostdev devices
	* src/conf/domain_conf.h, src/conf/domain_conf.c,
	  src/libvirt_private.syms: APIs for parsing/formatting address
	  information. Also remove the QEMU specific 'pci_addr' attributes
	* src/qemu/qemu_driver.c: Replace use of 'pci_addr' attrs with
	  new standardized format.

	Make test suite output less verbose
	Only print out '.' for each test case, full test output can be
	re-enabled with VIR_TEST_VERBOSE=1, or VIR_TEST_DEBUG=XXXX
	Sample output now looks like
	  TEST: statstest
	        ........................................ 40
	        ...................................      75  OK
	  PASS: statstest
	  TEST: qparamtest
	        ................................         32  OK
	  PASS: qparamtest
	  TEST:
	        ............                             12  OK

2010-01-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compilation of virt-aa-helper.c
	Commit 5073aa994af460e775cb3e548528e28d7660fcc8 added an additional
	'}' to a case block that messed up the block structure of the get_files
	function.

2010-01-15  Jim Meyering  <meyering@redhat.com>

	xen: do not report a write-to-Xen-daemon failure as a read failure
	* src/xen/xend_internal.c (wr_sync): Correct the diagnostic.

2010-01-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix linkage of virt-aa-helper to libgnu.a

2010-01-14  Cole Robinson  <crobinso@redhat.com>

	util: Make sure virExec hook failures are raised
	With the introduction virDispatchError, hook function errors are
	never sent through the error callback, so users will never see
	these messages.
	Fix this by calling virDispatchError after hook failure.

	Implement path lookup for USB by vendor:product
	Based off how QEMU does it, look through /sys/bus/usb/devices/* for
	matching vendor:product info, and if found, use info from the surrounding
	files to build the device's /dev/bus/usb path.
	This fixes USB device assignment by vendor:product when running qemu
	as non-root (well, it should, but for some reason I couldn't reproduce
	the failure people are seeing in [1], but it appears to work properly)
	[1] https://bugzilla.redhat.com/show_bug.cgi?id=542450

	daemon: Don't blindly unregister domain events
	The daemon will attempt to unregister domain events on client disconnect,
	even if no events were ever registered. This raises an unneeded error.
	Track in the qemu_client structure if events have been registered, and
	check this when performing cleanup.

	daemon: Fix various error reporting issues
	Many node device calls weren't properly relaying error messages, and
	domain event registeration was not checking for error.

	events: Report errors on failure

2010-01-13  Cole Robinson  <crobinso@redhat.com>

	node_device: udev: Fix memory leak
	We are setting the same property two different ways without
	free'ing in between. Just drop the second assignment.

	node_device: udev: Enumerate floppy devices
	There are quite a few differences between how udev exposes legacy
	and USB floppy devs, but this patch takes care of both variants.

	node_device: udev: Use base 16 for product/vendor
	udev doesn't prefix USB product/vendor info with '0x', so the
	strtol conversions were wrong for the product field (vendor already
	set the correct base). Make the change for PCI product/vendor as
	well to be safe.
	This fixes USB device assignment via virt-manager.

	util: Remove logging handlers in virExec
	This allows debug statements and raised errors in hook functions to
	actually be logged somewhere (stderr). Users can enable debugging in the
	daemon and now see more info in /var/log/libvirt/...

2010-01-13  Jim Fehlig  <jfehlig@novell.com>

	Fix migration in xend driver
	Upstream xen has changed parameters to the migration operation
	several times over the past 18 months.  Changeset 17553 removed
	the resouce parameter,  Changesets 17709, 17753, and 20326 added
	ssl, node, and change_home_server parameters respectively.
	Fortunately, testing has revealed that xend will fail the
	operation if a parameter is missing but happily honor it if
	unknown parameters are provided.  Thus all currently supported
	parameters can be provided, satisfying current xend but not
	regressing older versions.

2010-01-13  Cole Robinson  <crobinso@redhat.com>

	Commit bootstrap .gitignore additions

2010-01-12  Cole Robinson  <crobinso@redhat.com>

	qemu: Disable errors in qemudShutdownVMDaemon

	libvirt.c: Preserve MigratePerform failure

	qemu: migrate: Save MigratePerform error in MigrateFinish.
	This way we won't squash the original error report in
	MigratePerform, as is done for P2P and Tunneled migration.

	virterror: Add virSetError
	Can be used to re-set an old error, which may have been squashed by
	other functions (like cleanup routines). Will be used in subsequent patches

2010-01-12  Daniel P. Berrange  <berrange@redhat.com>

	Ensure error handling callback functions are called from safe context
	The virRaiseErrorFull() may invoke the error handler callback
	functions an application has registered. This is not good
	because the connection object may not be available at this
	point, and the caller may be holding locks. This creates a
	problem if the error handler calls back into libvirt.
	The solutuon is to move invocation of the handler into the
	final cleanup code in the public API entry points, where it
	is guarenteed to have safe state.
	* src/libvirt.c: Invoke virDispatchError() in all error paths
	* src/util/virterror.c: Remove virSetConnError/virSetGlobalError,
	  replacing with virDispatchError(). Move invocation of the
	  error callbacks into virDispatchError() instead of the
	  virRaiseErrorFull function which is not in a safe context

	Revert 7aee22939f7f67a60e24472e5acc40b3b5b9d152
	Revert commit 7aee22939f7f67a60e24472e5acc40b3b5b9d152 since it
	is mistakenly adding an extra parameter to virsh that does not
	belong there.

2010-01-12  David Jorm  <dfj@dfj.bne.redhat.com>

	cpu_shares parameter limit documented

2010-01-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	Document the domain XML cache attribute for disk devices

	qemu: Fix a memory leak in qemudExtractTTYPath
	qemudWaitForMonitor calls qemudReadLogOutput with qemudFindCharDevicePTYs
	as callback. qemudFindCharDevicePTYs calls qemudExtractTTYPath to assign
	a string to chr->data.file.path. Afterwards qemudWaitForMonitor may call
	qemudFindCharDevicePTYsMonitor that overwrites chr->data.file.path without
	freeing the old value. This results in leaking the memory allocated by
	qemudExtractTTYPath.
	Report an OOM error if the strdup in qemudFindCharDevicePTYsMonitor fails.

2010-01-11  Guido Günther  <agx@sigxcpu.org>

	Also look for dmi information in /sys/class
	older kernels such as 2.6.26 have it there.

2010-01-11  Laine Stump  <laine@laine.org>

	Fix UUID random generator to use /dev/random
	Only use pseudo-random generator for uuid if using /dev/random fails.
	* src/util/uuid.c: The original code. would only print the warning
	  message if using /dev/random failed, but would still go ahead and call
	  virUUIDGeneratePseudoRandomBytes in all cases anyway.

2010-01-09  Jim Meyering  <meyering@redhat.com>

	avoid another "make distcheck" failure
	* docs/Makefile.am (uninstall-local): Separate $$f from preceding
	dir name with a "/" and use $$(basename $$f) rather than $$f, since
	some values of $$f are prefixed with devhelp/.

	avoid newly-introduced test failure
	* tests/qemuxml2argvdata/qemuxml2argv-hugepages.args: Update
	expected output to match, now that we use -mem-prealloc.

	proxy_internal.c: mark "request" parameter as nonnull
	* src/xen/proxy_internal.c (xenProxyCommand): Mark "request"
	as an always-non-NULL parameter.

	don't test "res == NULL" after we've already dereferenced "res"
	* src/xen/proxy_internal.c (xenProxyCommand): "res" is known to be
	non-NULL at that point, so remove the "res == NULL" guard.

	fix 7 "make check" test failures in non-srcdir build
	* tests/capabilityschematest: Define and use $srcdir.
	* tests/domainschematest: Likewise.
	* tests/interfaceschematest: Likewise.
	* tests/networkschematest: Likewise.
	* tests/nodedevschematest: Likewise.
	* tests/storagepoolschematest: Likewise.
	* tests/storagevolschematest: Likewise.

2010-01-09  Jim Meyering  <jim@meyering.net>

	let "configure --disable-shared" work once again
	Without this change, ./autogen.sh --disable-shared && make would
	evoke a "can not build a shared library" failure for libvirtmod.la
	due to the new use of libtool's -shared link option in
	python/Makefile.am.  Now, --disable-shared also
	disables building python.
	* configure.in: Make --disable-shared imply --without-python and
	silently override --with-python.
	Improved by: Diego Elio Pettenò <flameeyes@gmail.com>

2010-01-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Dump the raw response in case of an SOAP fault
	Currently only the faultcode and faultstring are deserialized, the
	detail part is ignored. The implementation of many new SOAP types
	would be necessary to deserialize the detail part correctly. As an
	intermediate solution the raw response is dumped to the debug log.

	esx: Warn if the ESX server is in maintenance mode

	Replace old CVS references with GIT

2010-01-08  Daniel Veillard  <veillard@redhat.com>

	Qemu: ask for memory preallocation with large pages
	The -mem-prealloc flag should be used when using large pages
	This ensures qemu tries to allocate all required memory immediately,
	rather than when first used. The latter mode will crash qemu
	if hugepages aren't available when accessed, while the former
	should gracefully fallback to non-hugepages.
	* src/qemu/qemu_conf.c: add -mem-prealloc flag to qemu command line
	  when using large pages

2010-01-08  Jim Fehlig  <jfehlig@novell.com>

	xen hypervisor: xen domctl version 6
	xen-unstable c/s 20685 changed the domctl interface, adding a field to
	xen_domctl_getdomaininfo structure.  This additional field causes stack
	corruption in libvirt.  xen-unstable c/s 20711 rightly bumped the domctl
	interface version so it is at least possible to handle the new field.
	This change accounts for shr_pages field added to xen_domctl_getdomaininfo
	structure.

2010-01-07  Jim Meyering  <meyering@redhat.com>

	network/bridge_driver.c: avoid potential NULL-dereference
	* src/network/bridge_driver.c (networkBuildDnsmasqArgv): Correct
	test for NULL *argv.

2010-01-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	virsh: Use VIR_FREE instead of free
	virsh uses other parts of the internal API already, so use VIR_FREE also.

	virsh: Add persistent history using libreadline

	esx: Fix 'vpx' MAC address range and allow arbitrary MAC addresses
	The MAC addresses with 00:50:56 prefix are split into several ranges:
	  00:50:56:00:00:00 - 00:50:56:3f:ff:ff  'static' range (manually assigned)
	  00:50:56:80:00:00 - 00:50:56:bf:ff:ff  'vpx' range (assigned by a VI Client)
	Erroneously the 'vpx' range was assumed to be larger and to occupy the
	remaining addresses of the 00:50:56 prefix that are not part of the 'static'
	range.
	00:50:56 was used as prefix for generated MAC addresses, this is not possible
	anymore, because there are gaps in the allowed ranges. Therefore, change the
	prefix to 00:0c:29 which is the prefix for auto generated MAC addresses anyway.
	Allow arbitrary MAC addresses to be used and set the checkMACAddress VMX option
	to false in case the MAC address doesn't fall into any predefined range.
	* docs/drvesx.html.in: update website accordingly
	* src/esx/esx_driver.c: set the auto generation prefix to 00:0c:29
	* src/esx/esx_vmx.c: fix MAC address range handling and allow arbitrary MAC
	  addresses
	* tests/vmx2xml*, tests/xml2vmx*: add some basic MAC address range tests

	esx: Fix deserialization for VI API calls CancelTask and UnregisterVM

	esx: Fix and improve the libcurl debug callback
	The data passed to the callback is not guaranteed to be zero terminated,
	take care of that by coping the data and adding a zero terminator.
	Also dump the data for other types than CURLINFO_TEXT.
	Set CURLOPT_VERBOSE to 1 so the debug callback is called when enabled.

	esx: Don't warn about an empty URI path

	esx: Also allow virtualHW version 4 for ESX 4.0
	A domain with virtualHW version 4 is allowed on an ESX 4.0 server.
	If a domain is migrated from an ESX 3.5 server to an ESX 4.0 server
	then the virtualHW version stays the same. So a ESX 4.0 server can
	host domains with virtualHW version 4.

	Don't free an uninitalized pointer in update_driver_name()
	This invalid free results in heap corruption. Some symptoms I saw
	because of this were libvirtd crashing and virt-manager hanging
	while trying to enumerate devices.

2010-01-07  Jim Meyering  <meyering@redhat.com>

	xend_internal: don't let invalid input provoke NULL dereference
	* src/xen/xend_internal.c (xenDaemonOpen_unix): Do not dereference
	a NULL "conn".  Move first deref to follow the "conn == NULL" test.

2010-01-07  Adam Litke  <agl@us.ibm.com>

	qemu: Always enable the virtio balloon driver
	The behavior for the qemu balloon device has changed.  Formerly, a virtio
	balloon device was provided by default.  Now, '-balloon virtio' must be
	specified on the command line to enable it.  This patch causes libvirt to
	add '-balloon virtio' to the command line whenever the -balloon option is
	available.
	* src/qemu/qemu_conf.c src/qemu/qemu_conf.h: check for the new flag and
	  add "-baloon vitio" to qemu command when needed
	* tests/qemuhelptest.c: add the new flag for detection

2010-01-07  David Allan  <dallan@redhat.com>

	Don't update vol details after build
	This patch removes the call to vol update after the volume build completes.
	The update call is currently meaningless anyway because the vol build is passed
	a copy of the definition, so the update result is thrown away.  More
	importantly, if the user specified a selinux label for the volume, the update
	call results in a double free of the label
	* src/storage/storage_backend_fs.c: remove the update call

2010-01-07  Diego Elio Pettenò  <flameeyes@gmail.com>

	Disable building of static Python module
	* python/Makefile.am: python modules are loaded at runtime so the static
	  version is not needed, avoid building it

2010-01-07  Matthew Booth  <mbooth@redhat.com>

	Fix parsing of 'info chardev' line endings
	This change makes the 'info chardev' parser ignore any trailing
	whitespace on a line. This fixes a specific problem handling a '\r\n'
	line ending.
	* src/qemu/qemu_monitor_text.c: Ignore trailing whitespace in
	  'info chardev' output.

2010-01-06  Jim Meyering  <meyering@redhat.com>

	vbox_tmpl.c: don't leak a domain pointer upon failure to create
	* src/vbox/vbox_tmpl.c (vboxDomainCreateXML): "Unref" the domain
	upon failure.  Patch by Matthias Bolte.

	vbox_tmpl.c: avoid NULL deref upon vboxDomainCreateXML failure
	* src/vbox/vbox_tmpl.c (vboxDomainCreateXML): Don't call
	vboxDomainUndefine on a NULL "dom".

	qemu_driver.c: remove useless, warning-provoking test
	* src/qemu/qemu_driver.c (qemudDomainMigratePrepare2): Remove useless
	test of always-non-NULL uri_out parameter.  Use ATTRIBUTE_NONNULL to
	inform tools.

	qemu_driver.c: avoid NULL dereference upon disk-op failure
	* src/qemu/qemu_driver.c (qemudDomainAttachDevice): Call
	virCgroupDenyDevicePath only if cgroup is non-NULL.

2010-01-05  Jim Meyering  <meyering@redhat.com>

	openvz_conf.c: don't dereference NULL upon failure
	* src/openvz/openvz_conf.c (openvzLoadDomains): Avoid NULL deref
	of "dom".

2009-12-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	Distribute vmx2xml and xml2vmx test data files

2009-12-24  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.7.5

2009-12-23  Daniel Veillard  <veillard@redhat.com>

	Update and regenerate localizations
	upate of as.po bn_IN.po de.po es.po gu.po hi.po kn.po ml.po mr.po or.po
	pa.po pl.po ru.po ta.po te.po zh_CN.po and regeneration

2009-12-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	The secret driver is stateful, link it directly to libvirtd
	All other stateful drivers are linked directly to libvirtd
	instead of libvirt.so. Link the secret driver to libvirtd too.
	* daemon/Makefile.am: link the secret driver to libvirtd
	* daemon/libvirtd.c: add #ifdef WITH_SECRETS blocks
	* src/Makefile.am: don't link the secret driver to libvirt.so
	* src/libvirt_private.syms: remove the secretRegister symbol

	Remove undefined symbols from libvirt_private.syms
	MinGW's ld gives an error when trying to export undefined symbols.

	boolean shadows a typedef in rpcndr.h when compiled with MinGW
	Alter the offending variable names to fix this.

2009-12-23  Jiri Denemark  <jdenemar@redhat.com>

	Rename DATADIR to PKGDATADIR to fix win32 build
	* src/Makefile.am src/cpu/cpu_map.c: rename in Makefile and in the
	  cpu map loading code

	Move cpu_map.xml to -client RPM
	All the cpu code is part of libvirt library and it might be used by
	drivers which do not require libvirtd to be running.

2009-12-23  Daniel Veillard  <veillard@redhat.com>

	convert missing server entry points into unsupported errors
	If using a remote access, sometimes an RPC entry point is not
	available, and currently we just end up with a raw:
	    error: unknown procedure: xxx
	error, while this should be more cleanly reported as an unsupported
	entry point like for local access
	* src/remote/remote_driver.c: convert missing remote entry points into
	  the unsupported feature error

2009-12-22  Olivier Fourdan  <ofourdan@redhat.com>

	fix some error report when on remote access
	When querying about a domain from 0.3.3 (or RHEL 5.3) domain located
	on a 0.6.3 (RHEL-5) machine, the errors are not properly reported.
	This patch from Olivier Fourdan <ofourdan@redhat.com> , slightly
	modified to not change the semantic when the domain os details cannot
	be provided
	* src/xen/proxy_internal.c src/xen/xen_hypervisor.c: add some missing
	  error reports

2009-12-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix undefined reference to 'close_used_without_including_unistd_h'
	Found while trying to cross-compile libvirt on Fedora 12 for Windows.
	gnulib redefines 'close' to 'close_used_without_including_unistd_h'
	in sys/socket.h if winsock2.h is present and unistd.h has not been
	included before sys/socket.h. Reorder some includes to fix this.

	Fix argument type of virProcessInfoSetAffinity dummy function

	Define ATTRIBUTE_SENTINEL for GCC < 4.0 too
	ATTRIBUTE_SENTINEL was defined for GCC >= 4.0 only, resulting in
	compile errors when using GCC < 4.0.

	Fix compilation  with configure --disable-nls

	cpu: Fix memory leaks in x86FeatureLoad and x86ModelLoad
	Also backup and restore the original ctxt->node value in x86FeatureLoad.

	Fix configure check for SASL
	The option --with-sasl defaults to 'check', but an inverted test logic
	lets the SASL check fail with an error instead of disabling SASL.
	Fix the test logic so SASL support gets disabled if SASL is missing and
	--with-sasl is set to check.

	Fix GnuTLS pkg-config check
	The testlogic for $PKG_CONFIG was inverted, checking for an empty string
	before using PKG_CHECK_MODULES. Use -x instead of -z and add an else branch
	to the if checking for $GNUTLS_FOUND = no to add -lgcrypt in case the
	GnuTLS libraries are detected by pkg-config.

	Report an error if no XDR library can be found

2009-12-22  Daniel P. Berrange  <berrange@redhat.com>

	Disable JSON mode monitor until QEMU is more mature
	* src/qemu/qemu_conf.h: Remove QEMU_CMD_FLAG_0_12 and just leave
	  the lone JSON flag
	* src/qemu/qemu_conf.c: Enable JSON on QEMU 0.13 or later, but
	  leave it disabled for now

2009-12-22  Jiri Denemark  <jdenemar@redhat.com>

	Only probe for CPU models if required
	* src/qemu/qemu_conf.c: CPU models should be probed only if the
	  a guest's XML contains CPU model, not each time a qemu command line
	  is generated.

2009-12-22  Daniel Veillard  <veillard@redhat.com>

	Add some people missing from the AUTHORS list

2009-12-22  Jiri Denemark  <jdenemar@redhat.com>

	Add cpu_map.xml to libvirt.spec
	* libvirt.spec.in: embbed it in the main libvirt binary rpm

	Install cpu_map.xml
	* src/Makefile.am: install it in $(pkgdatadir) i.e. /usr/share/libvirt/
	  usually

2009-12-22  Chris Lalancette  <clalance@redhat.com>

	Make Xen VT-d PCI attach/detach work
	The Xen code for making HVM VT-d PCI passthrough attach and detach
	wasn't working properly:
	1)  In xenDaemonAttachDevice(), we were always trying to reconfigure
	a PCI passthrough device, even the first time we added it.  This was
	because the code in virDomainXMLDevID() was not checking xenstore for
	the existence of the device, and always returning 0 (meaning that
	the device already existed).
	2)  In xenDaemonDetachDevice(), we were trying to use "device_destroy"
	to detach a PCI device.  While you would think that is the right
	method to call, it's actually wrong for PCI devices.  In particular,
	in upstream Xen (and soon in RHEL-5 Xen), device_configure is actually
	used to destroy a PCI device.
	To fix the attach
	problem I add a lookup into xenstore to see if the device we are
	trying to attach already exists.  To fix the detach problem I change
	it so that for PCI detach (only), we use device_configure with the
	appropriate sxpr to do the detachment.
	* src/xen/xend_internal.c: don't use device_destroy for PCI devices
	  and fix the other issues.
	* src/xen/xs_internal.c src/xen/xs_internal.h: add
	  xenStoreDomainGetPCIID()

2009-12-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix detection of JSON when restarting libvirtd
	The XML XPath for detecting JSON in the running VM statefile was
	wrong causing all VMs to get JSON mode enabled at libvirtd restart.
	In addition if a VM was running a JSON enabled QEMU once, and then
	altered to point to a non-JSON enabled QEMU later the 'monJSON'
	flag would not get reset to 0.
	* src/qemu/qemu_driver.c: Fix setting/detection of JSON mode

2009-12-21  Adam Litke  <agl@us.ibm.com>

	Document the dommemstat command in the virsh man page
	* tools/virsh.pod: Provide a basic mention of the dommemstat command in
	  the virsh man page.

2009-12-21  Daniel Veillard  <veillard@redhat.com>

	Change virsh dommemstats command to dommemstat
	As Paul Jenner pointed out all other statistics commands use the
	singular form
	* tools/virsh.c: rename dommemstats to dommemstat as well as function
	  name and associated structures

2009-12-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix reporting of TLS connection errors
	The code for connecting to a server tries each socket in turn
	until it finds one that connects. Unfortunately for TLS sockets
	if it connected, but failed TLS handshake it would treat that
	as a failure to connect, and try the next socket. This is bad,
	it should have reported the TLS failure immediately.
	$ virsh -c qemu://somehost.com/system
	error: unable to connect to libvirtd at 'somehost.com': Invalid argument
	error: failed to connect to the hypervisor
	$ ./tools/virsh -c qemu://somehost.com/system
	error: server certificate failed validation: The certificate hasn't got a known issuer.
	error: failed to connect to the hypervisor
	 * src/remote/remote_driver.c: Stop trying to connect if the
	   TLS handshake fails

2009-12-21  Daniel Veillard  <veillard@redhat.com>

	Fix typo in qemudDomainAttachHostPciDevice()
	* src/qemu/qemu_driver.c: The 'if' statement is supposed to check return
	  value of pci = pciGetDevice(conn, ...); , but check uses if (!dev),
	  fix it

2009-12-20  Adam Litke  <agl@us.ibm.com>

	python: Add python bindings for virDomainMemoryStats
	Enable virDomainMemoryStats in the python API.  dom.memoryStats() will return a
	dictionary containing the supported statistics.  A dictionary is required
	because the meaining of each quantity cannot be inferred from its index in a
	list.
	* python/generator.py: reenable bindings for this entry point
	* python/libvirt-override-api.xml python/libvirt-override.c: the
	  generator can't handle this new function, add the new binding,
	  and the XML description

	Add a new command dommemstats for virDomainMemoryStats
	Define a new command 'dommemstats' to report domain memory statistics.  The
	output format is inspired by 'domblkstat' and 'domifstat' and consists of
	tag/value pairs, one per line.  The command can complete successfully and
	print no output if virDomainMemoryStats is supported by the driver, but not
	the guest operating system.
	Sample output:
	swap_in 0
	swap_out 0
	major_fault 54
	minor_fault 58259
	unused 487680
	available 502472
	All stats referring to a quantity of memory (eg. all above except major and
	minor faults) represent the quantity in KBytes.
	* tools/virsh.c: implements the new command

	Add domainMemoryStats support to remote driver
	Use a dynamically sized xdr_array to pass memory stats on the wire.  This
	supports the addition of future memory stats and reduces the message size
	since only supported statistics are returned.
	* src/remote/remote_protocol.x: provide defines for the new entry point
	* src/remote/remote_driver.c daemon/remote.c: implement the client and
	  server side
	* daemon/remote_dispatch_args.h daemon/remote_dispatch_prototypes.h
	  daemon/remote_dispatch_ret.h daemon/remote_dispatch_table.h
	  src/remote/remote_protocol.c src/remote/remote_protocol.h: generated
	  stubs

	Implements domainMemStats in the qemu driver
	Support for memory statistics reporting is accepted for qemu inclusion.
	Statistics are reported via the monitor command 'info balloon' as a comma
	seprated list:
	(qemu) info balloon
	balloon: actual=1024,mem_swapped_in=0,mem_swapped_out=0,major_page_faults=88,minor_page_faults=105535,free_mem=1017065472,total_mem=1045229568
	Libvirt, qemu, and the guest operating system may support a subset of the
	statistics defined by the virtio spec.  Thus, only statistics recognized by
	components will be reported.
	* src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement the
	  new entry point by using info balloon monitor command

	domMemoryStats: Add public symbol to libvirt API
	* src/libvirt.c: implement the main entry point
	* src/libvirt_public.syms: add it to the exported symbols

	Add new API virDomainMemoryStats to header and drivers
	Set up the types for the domainMemoryStats function and insert it into the
	virDriver structure definition.  Because of static initializers, update
	every driver and set the new field to NULL.
	* include/libvirt/libvirt.h.in: new API
	* src/driver.h src/*/*_driver.c src/vbox/vbox_tmpl.c: add the new
	  entry to the driver structure
	* python/generator.py: fix compiler errors, the actual python binding is
	  implemented later

2009-12-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add more links to external documentation

	esx: Destroy virtual machine on a vCenter if available
	If a virtual machine is destroyed on a ESX server then immediately
	undefining this virtual machine on a vCenter may fail, because the
	vCenter has not been informed about the status change yet. Therefore,
	destroy a virtual machine on a vCenter if available, so the vCenter
	is up-to-date when the virtual machine should be undefined.

	esx: Undefine virtual machine on a vCenter if available
	Undefining a virtual machine on an ESX server leaves a orphan on the
	vCenter behind. So undefine a virtual machine on a vCenter if available
	to fix this problem.

	esx: Don't warn about '/' paths

	esx: Use occurrence enum to specify expected result of a SOAP call
	Also move XPath expression composition into esxVI_Context_Execute().

	esx: Fix occurence typo

	esx: Extend documentation about 'vcenter' and add some about 'auto_answer'

	esx: Extend vCenter query parameter
	If an ESX host is managed by a vCenter, it knows the IP address of the
	vCenter. Setting the vCenter query parameter to * allows to connect to the
	vCenter known to an ESX host without the need to specify its IP address
	or hostname explicitly.

	esx: Removed unused inttypes.h include

	esx: Replace libxml1 'xmlChildrenNode' with libxml2 'children'

	esx: Use more suitable error code in esxVI_LookupVirtualMachineByUuid()

	esx: Improve domain lookup by UUID
	esxDomainLookupByUUID() and esxDomainIsActive() lookup a domain by asking
	ESX for all known domains and searching manually for the one with the
	matching UUID. This is inefficient. The VI API allows to lookup by UUID
	directly: FindByUuid().
	* src/esx/esx_driver.c: change esxDomainLookupByUUID() and esxDomainIsActive()
	  to use esxVI_LookupVirtualMachineByUuid(), also reorder some functions to
	  keep them in sync with the driver struct

	esx: Add automatic question handling
	Questions can block tasks, to handle them automatically the driver can answers
	them with the default answer. The auto_answer query parameter allows to enable
	this automatic question handling.
	* src/esx/README: add a detailed explanation for automatic question handling
	* src/esx/esx_driver.c: add automatic question handling for all task related
	  driver functions
	* src/esx/esx_util.[ch]: add handling for the auto_answer query parameter
	* src/esx/esx_vi.[ch], src/esx/esx_vi_methods.[ch], src/esx/esx_vi_types.[ch]:
	  add new VI API methods and types and additional helper functions for
	  automatic question handling

	Fix compilation with gcrypt < 1.4.2
	Commit 33a198c1f6a4a1bc7f34d50a31032e03bec10fee increased the gcrypt
	version requirement to 1.4.2 because the GCRY_THREAD_OPTION_VERSION
	define was added in this version.
	The configure script doesn't check for the gcrypt version. To support
	gcrypt versions < 1.4.2 change the virTLSThreadImpl initialization
	to use GCRY_THREAD_OPTION_VERSION only if it's defined.

2009-12-19  Diego Elio Pettenò  <flameeyes@gmail.com>

	Don't mix LDFLAGS and LIBS in the configure script
	* configure.in: If you pass libraries in the LDFLAGS variable, and then
	  try AC_CHECK_FUNCS to find whether a function is present or not,
	  it'll fail badly when using the --as-needed linker flag. Instead,
	  pass the libraries through the LIBS library, so that they are passed
	  after the conftest.c source file and the tests are done properly.

	Don't make it possible to define HAVE_HAL but not enable it in automake
	* configure.in: With the previous logic, if libhal_get_all_devices
	  function was not found, HAVE_HAL would be defined for the preprocessor
	  but it wouldn't be enabled in automake conditionals, causing the final
	  link to fail with missing references to HAL entries.

2009-12-18  Jiri Denemark  <jdenemar@redhat.com>

	Implement virsh command 'cpu-compare'
	* tools/virsh.c: provide a way to us teh new API with virsh

	Implement CPU selection in QEMU driver
	* src/qemu/qemu_conf.c src/qemu/qemu_conf.h src/qemu/qemu_driver.c:
	  add the new entry point, extend capabilities and code to interract
	  with qemu

	Adds CPU map for models and features
	* src/cpu/cpu_map.xml: newdescription file
	* src/Makefile.am: include it in dist

	Adds CPU selection infrastructure
	Each driver supporting CPU selection must fill in host CPU capabilities.
	When filling them, drivers for hypervisors running on the same node as
	libvirtd can use cpuNodeData() to obtain raw CPU data. Other drivers,
	such as VMware, need to implement their own way of getting such data.
	Raw data can be decoded into virCPUDefPtr using cpuDecode() function.
	When implementing virConnectCompareCPU(), a hypervisor driver can just
	call cpuCompareXML() function with host CPU capabilities.
	For each guest for which a driver supports selecting CPU models, it must
	set the appropriate feature in guest's capabilities:
	    virCapabilitiesAddGuestFeature(guest, "cpuselection", 1, 0)
	Actions needed when a domain is being created depend on whether the
	hypervisor understands raw CPU data (currently CPUID for i686, x86_64
	architectures) or symbolic names has to be used.
	Typical use by hypervisors which prefer CPUID (such as VMware and Xen):
	- convert guest CPU configuration from domain's XML into a set of raw
	  data structures each representing one of the feature policies:
	    cpuEncode(conn, architecture, guest_cpu_config,
	              &forced_data, &required_data, &optional_data,
	              &disabled_data, &forbidden_data)
	- create a mask or whatever the hypervisor expects to see and pass it
	  to the hypervisor
	Typical use by hypervisors with symbolic model names (such as QEMU):
	- get raw CPU data for a computed guest CPU:
	    cpuGuestData(conn, host_cpu, guest_cpu_config, &data)
	- decode raw data into virCPUDefPtr with a possible restriction on
	  allowed model names:
	    cpuDecode(conn, guest, data, n_allowed_models, allowed_models)
	- pass guest->model and guest->features to the hypervisor
	* src/cpu/cpu.c src/cpu/cpu.h src/cpu/cpu_generic.c
	  src/cpu/cpu_generic.h src/cpu/cpu_map.c src/cpu/cpu_map.h
	  src/cpu/cpu_x86.c src/cpu/cpu_x86.h src/cpu/cpu_x86_data.h
	* configure.in: check for CPUID instruction
	* src/Makefile.am: glue the new files in
	* src/libvirt_private.syms: add new private symbols
	* po/POTFILES.in: add new cpu files containing translatable strings

	Remote driver CPU flags support
	* src/remote/remote_driver.c: add the new entry point

	CPU flags wire protocol format and server side
	* src/remote/remote_protocol.x: update with new entry point
	* daemon/remote.c: add the new server dispatcher
	* daemon/remote_dispatch_args.h daemon/remote_dispatch_prototypes.h
	  daemon/remote_dispatch_ret.h daemon/remote_dispatch_table.h
	  src/remote/remote_protocol.c src/remote/remote_protocol.h: regenerated

	Public API implementation
	* src/libvirt.c: adds the public entry point virConnectCompareCPU()

	Adds the internal driver API
	* src/driver.h: add an extra entry point in the structure
	* src/esx/esx_driver.c src/lxc/lxc_driver.c src/opennebula/one_driver.c
	  src/openvz/openvz_driver.c src/phyp/phyp_driver.c src/qemu/qemu_driver.c
	  src/remote/remote_driver.c src/test/test_driver.c src/uml/uml_driver.c
	  src/vbox/vbox_tmpl.c src/xen/xen_driver.c: add NULL entry points for
	  all drivers

	New public API definition virConnectCompareCPU()
	* include/libvirt/libvirt.h.in: add it in the public API as
	  well as the new flags
	* src/libvirt_public.syms: export it

2009-12-18  Daniel Veillard  <veillard@redhat.com>

	Fixes syntax-check with previous commit
	* po/POTFILES.in: adds src/conf/cpu_conf.c in teh set of files with
	  translatable content
	* src/conf/cpu_conf.c: remove an unused include

2009-12-18  Jiri Denemark  <jdenemar@redhat.com>

	XML parsing/formating code for CPU flags
	* include/libvirt/virterror.h src/util/virterror.c: add new domain
	  VIR_FROM_CPU for errors
	* src/conf/cpu_conf.c src/conf/cpu_conf.h: new parsing module
	* src/Makefile.am proxy/Makefile.am: include new files
	* src/conf/capabilities.[ch] src/conf/domain_conf.[ch]: reference
	  new code
	* src/libvirt_private.syms: private export of new entry points

	XML schema for CPU flags
	XML schema for CPU flags
	Firstly, CPU topology and model with optional features have to be
	advertised in host capabilities:
	    <host>
	        <cpu>
	            <arch>ARCHITECTURE</arch>
	            <features>
	                <!-- old-style features are here -->
	            </features>
	            <model>NAME</model>
	            <topology sockets="S" cores="C" threads="T"/>
	            <feature name="NAME"/>
	        </cpu>
	        ...
	    </host>
	Secondly, drivers which support detailed CPU specification have to
	advertise
	it in guest capabilities:
	    <guest>
	    ...
	    <features>
	            <cpuselection/>
	        </features>
	    </guest>
	And finally, CPU may be configured in domain XML configuration:
	<domain>
	    ...
	    <cpu match="MATCH">
	        <model>NAME</model>
	        <topology sockets="S" cores="C" threads="T"/>
	        <feature policy="POLICY" name="NAME"/>
	    </cpu>
	</domain>
	Where MATCH can be one of:
	    - 'minimum'     specified CPU is the minimum requested CPU
	    - 'exact'       disable all additional features provided by host CPU
	    - 'strict'      fail if host CPU doesn't exactly match
	POLICY can be one of:
	    - 'force'       turn on the feature, even if host doesn't have it
	    - 'require'     fail if host doesn't have the feature
	    - 'optional'    match host
	    - 'disable'     turn off the feature, even if host has it
	    - 'forbid'      fail if host has the feature
	'force' and 'disable' policies turn on/off the feature regardless of its
	availability on host. 'force' is unlikely to be used but its there for
	completeness since Xen and VMWare allow it.
	'require' and 'forbid' policies prevent a guest from being started on a host
	which doesn't/does have the feature. 'forbid' is for cases where you disable
	the feature but a guest may still try to access it anyway and you don't want
	it to succeed.
	'optional' policy sets the feature according to its availability on host.
	When a guest is booted on a host that has the feature and then migrated to
	another host, the policy changes to 'require' as we can't take the feature
	away from a running guest.
	Default policy for features provided by host CPU but not specified in domain
	configuration is set using match attribute of cpu tag. If 'minimum' match is
	requested, additional features will be treated as if they were specified
	with 'optional' policy. 'exact' match implies 'disable' policy and 'strict'
	match stands for 'forbid' policy.
	* docs/schemas/capability.rng docs/schemas/domain.rng: extend the
	  RelaxNG schemas to add CPU flags support

2009-12-18  Daniel P. Berrange  <berrange@redhat.com>

	Initialize gcrypt threading
	GNUTLS uses gcrypt for its crypto functions. gcrypt requires
	that the app/library initializes threading before using it.
	We don't want to force apps using libvirt to know about
	gcrypt, so we make virInitialize init threading on their
	behalf. This location also ensures libvirtd has initialized
	it correctly. This initialization is required even if libvirt
	itself were only using one thread, since another non-libvirt
	library (eg GTK-VNC) could also be using gcrypt from another
	thread
	* src/libvirt.c: Register thread functions for gcrypt
	* configure.in: Add -lgcrypt to linker flags

	Fix bug in storage driver accessing wrong private data
	* src/storage/storage_driver.c: Fix IsPersistent() and IsActivE()
	  methods on storage pools to use 'storagePrivateData' instead
	  of 'privateData'. Also fix naming convention of objects

2009-12-16  Jim Meyering  <meyering@redhat.com>

	esx_vi.c: do not call through NULL function pointer
	* src/esx/esx_vi.c (esxVI_List_CastFromAnyType): For invalid
	inputs, fail right away.  Do not "goto failure" where a NULL
	input pointer would be dereferenced.

	esx_util.c: avoid NULL deref for invalid inputs
	* src/esx/esx_util.c (esxUtil_ParseDatastoreRelatedPath): Return
	right away for invalid inputs, rather than using them (which would
	dereference NULL pointers) in clean-up code.

2009-12-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Don't goto failure for invalid arguments in VMX code
	This also fixes a NULL-deref of virtualDev in esxVMX_ParseSCSIController
	found by Jim Meyering.

	Fix memory leak in qemudBuildCommandLine

2009-12-16  Jim Meyering  <meyering@redhat.com>

	avoid calling exit with a constant; use EXIT_* instead
	This appeases a new gnulib-provided "syntax-check".
	* daemon/libvirtd.c (main): Use EXIT_FAILURE, not 1.
	* proxy/libvirt_proxy.c (main): Likewise, and EXIT_SUCCESS, not 0.
	* tests/conftest.c (main): Likewise.
	* tests/reconnect.c (main): Likewise.
	* tests/testutils.h (EXIT_AM_SKIP): Define.
	* tests/nodeinfotest.c (mymain): Use EXIT_AM_SKIP, not 77.
	* tests/qemuargv2xmltest.c: Likewise.
	* tests/qemuxml2xmltest.c: Likewise.
	* tests/virshtest.c (mymain): Likewise.

	maint: remove from VC two gnulib-provided files
	* build-aux/link-warning.h: Remove file from version control.
	* build-aux/mktempd: Likewise.
	* build-aux/.gitignore: Adjust.

	avoid malfunction when virFileResolveLink is applied to non-POSIX FS
	The virFileResolveLink utility function relied on the POSIX guarantee
	that stat.st_size of a symlink is the length of the value.  However,
	on some types of file systems, it is invalid, so do not rely on it.
	Use gnulib's areadlink module instead.
	* bootstrap (modules): Add areadlink.
	* src/util/util.c: Include "areadlink.h".
	Let areadlink perform the readlink and malloc.
	* configure.in (AC_CHECK_FUNCS): Remove readlink.  No need,
	since it's presence is guaranteed by gnulib.

	build: update gnulib submodule to latest

	xm_internal.c: remove misleading dead code
	* src/xen/xm_internal.c (xenXMConfigGetULong): Remove useless and
	misleading test (always false) for val->str == NULL before code that
	always dereferences val->str.  "val" comes from virConfGetValue, and
	at that point, val->str is guaranteed to be non-NULL.
	(xenXMConfigGetBool): Likewise.
	* src/util/conf.c (virConfSetValue): Ensure that vir->str is never NULL,
	not even if someone tries to set such a value via virConfSetValue.

	libvirt.c: don't let a NULL "cpumaps" argument provoke a NULL-deref
	* src/libvirt.c (virDomainGetVcpus): Describe new, stronger
	requirement on "maplen"s relationship to "cpumaps".

2009-12-15  Jim Meyering  <meyering@redhat.com>

	qemu migration: avoid NULL-deref given an invalid input
	* src/qemu/qemu_driver.c (doNonTunnelMigrate): Don't let a
	NULL "uri_out" provoke a NULL-dereference in doNativeMigrate:
	supply omitted goto-after-qemudReportError.

	qemu_driver.c: don't unlink(NULL) on OOM error path
	* src/qemu/qemu_driver.c (qemudDomainMigratePrepareTunnel): Upon an
	out of memory error, we would end up with unixfile==NULL and attempt
	to unlink(NULL).  Skip the unlink when it's NULL.

	remote_driver.c: also zero out ->saslDecodedOffset member
	* src/remote/remote_driver.c (remoteIOReadMessage): ...rather than
	zeroing out priv->saslDecodedLength twice.

	qemu_driver.c: avoid double free on error path
	* src/qemu/qemu_driver.c (qemudDomainMigrateFinish2): Set
	"event" to NULL after qemuDomainEventQueue frees it, so a
	subsequent free (after endjob label) upon qemuMonitorStartCPUs
	failure does not cause a double free.

	libvirtd: avoid a NULL dereference on error path
	* daemon/libvirtd.c (qemudDispatchServer): Since "client" may be
	NULL in the "cleanup:" block, free client->rx only when it's not.

2009-12-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix and improve domain xml video element description
	The description mismatched the actual structure since the video element
	was introduced. The nvram attribute is actually called vram. Specify the
	unit of the vram attribute.

	Fix install location for Python bindings
	Commit 66137344feb488ea87b0d92f3c03844d9a7a7786 changed the Python detection
	mechanism in configure to use AM_PATH_PYTHON. This results in a changed
	install location for the Python bindings, at least on Fedora 12 64bit systems.
	Before this commit libvirt.py and libvirtmod.so were installed to
	  /usr/lib64/python2.6/site-packages
	After this commit they are installed to
	  /usr/lib/python2.6/site-packages
	Mixed Python packages (containing *.py and *.so files) should be installed to
	the pyexecdir directory detected by AM_PATH_PYTHON.
	This restores the install location from before the AM_PATH_PYTHON commit.
	* configure.in: remove unnecessary pythondir export
	* python/Makefile.am: switch from pythondir to pyexecdir

2009-12-14  Daniel Veillard  <veillard@redhat.com>

	Relax the allowed values for machine type in schema
	* docs/schemas/domain.rng: don't try to validate based on a list, open
	  up the machine type to a regexp allowing a-z A-Z 0-9 _ - and .

2009-12-14  Jim Meyering  <meyering@redhat.com>

	virsh: avoid double-free
	* tools/virsh.c (vshCommandParse): Avoid double-free of "tkdata".
	Set it to NULL immediately after free in the (cmd == NULL) case,
	just as in the other case, in case the final free(tkdata) is
	triggered by a syntax error.

	node_device_driver.c: don't write beyond EOB for 4K-byte symlink
	* src/node_device/node_device_driver.c (update_driver_name): The
	previous code would write one byte beyond the end of the 4KiB
	stack buffer when presented with a symlink value of exactly that
	length (very unlikely).  Remove the automatic buffer and use
	virFileResolveLink in place of readlink.  Suggested by Daniel Veillard.

2009-12-14  Matthew Booth  <mbooth@redhat.com>

	Fix owner and group in example volume XML
	The owner and group in the documentation examples were confusingly given as
	'0744'. They should be numeric uid and gid. Changed the examples to use the
	default uid and gid assigned to qemu in F12.
	* docs/formatstorage.html.in: Change example owner and group in volume XML

2009-12-14  Daniel Veillard  <veillard@redhat.com>

	add missing doc for device <shareable/> option

2009-12-14  Laine Stump  <laine@laine.org>

	Eliminate failure to delete empty storage pools
	* src/storage/storage_backend_fs.c: virStorageBackendFileSystemDelete
	  was incorrectly calling unlink() in an attempt to remove a directory.
	  It should be calling rmdir() instead.

2009-12-14  Jiri Denemark  <jdenemar@redhat.com>

	Fix use of virEventAddHandleImpl()
	src/node_device/node_device_udev.c was using a function available only
	on the daemon code, fix this and use the function available globally
	* src/node_device/node_device_udev.c: replace use of virEventAddHandleImpl
	  by virEventAddHandle

2009-12-14  Matthew Booth  <mbooth@redhat.com>

	Cleanup temporary #define after use
	* src/qemu/qemu_driver.c: #undef LOOKUP_PTYS after use in
	  qemudFindCharDevicePTYsMonitor()

2009-12-14  Dave Allan  <dallan@redhat.com>

	Implement --pool option for virsh vol-path
	This patch fixes the problem reported in:
	https://bugzilla.redhat.com/show_bug.cgi?id=509306
	The bug reporter says that vol-delete does not support the --pool
	option, but that's not the case in the current head.  This patch makes
	vol-path behave the same way as vol-delete
	* tools/virsh.c: Modified vol-path to use the same logic as vol-delete,
	  allowing the syntax: virsh vol-path --pool testdirpool testvol0

2009-12-14  Cole Robinson  <crobinso@redhat.com>

	nodedev: Add removable storage 'media_label' prop
	Provides the CDROM label for current media. Only implemented for the
	udev backend.

2009-12-14  Dave Allan  <dallan@redhat.com>

	expose SR IOV physical/virtual function relationships
	exposes the relationships between physical
	and virtual functions on SR IOV capable devices.

2009-12-14  Paolo Bonzini  <pbonzini@redhat.com>

	Fix possible NULL pointer dereference
	If there are no references remaining to the object, vm is set to NULL
	and vm->persistent cannot be accessed.  Fixed by this trivial patch.
	* src/qemu/qemu_driver.c (qemudDomainCoreDump): Avoid possible
	  NULL pointer dereference on --crash dump.

2009-12-14  Jamie Strandboge  <jamie@canonical.com>

	add AppArmor test and examples to dist
	tests/virt-aa-helper-test and examples/apparmor are not included in
	official tarballs, but should be. Attached is a patch to fix that
	which works when apparmor is and is not available.

2009-12-14  Paolo Bonzini  <pbonzini@redhat.com>

	add --live support to "virsh dump"
	This is trivial for QEMU since you just have to not stop the vm before
	starting the dump.  And for Xen, you just pass the flag down to xend.
	* include/libvirt/libvirt.h.in (virDomainCoreDumpFlags): Add VIR_DUMP_LIVE.
	* src/qemu/qemu_driver.c (qemudDomainCoreDump): Support live dumping.
	* src/xen/xend_internal.c (xenDaemonDomainCoreDump): Support live dumping.
	* tools/virsh.c (opts_dump): Add --live. (cmdDump): Map it to VIR_DUMP_LIVE.

	add --crash support to "virsh dump"
	This patch adds the --crash option (already present in "xm dump-core")
	to "virsh dump".  virDomainCoreDump already has a flags argument, so
	the API/ABI is untouched.
	* include/libvirt/libvirt.h.in (virDomainCoreDumpFlags): New flag for
	  CoreDump
	* src/test/test_driver.c (testDomainCoreDump): Do not crash
	  after dump unless VIR_DUMP_CRASH is given.
	* src/qemu/qemu_driver.c (qemudDomainCoreDump): Shutdown the domain
	  instead of restarting it if --crash is passed.
	* src/xen/xend_internal.c (xenDaemonDomainCoreDump): Support --crash.
	* tools/virsh.c (opts_dump): Add --crash.
	  (cmdDump): Map it to flags for virDomainCoreDump and pass them.

	fix various breakages in qemu Dump command
	1) qemuMigrateToCommand uses ">>" so we have to truncate the file
	before starting the migration;
	2) the command wasn't updated to chown the driver and set/restore
	the security lavels;
	3) the VM does not have to be resumed if migration fails;
	4) the file is not removed when migration fails.
	* src/qemu/qemu_driver.c (qemuDomainCoreDump): Truncate file before
	  dumping, set/restore ownership and security labels for the file.

2009-12-14  Daniel Veillard  <veillard@redhat.com>

	Fix a couple of problems in last patch
	Those were pointed by DanB in his review but not yet fixed
	* src/qemu/qemu_driver.c: qemudWaitForMonitor() use EnterMonitorWithDriver()
	  and ExitMonitorWithDriver() there
	* src/qemu/qemu_monitor_text.c: checking fro strdu failure and hash
	  table add error in qemuMonitorTextGetPtyPaths()

2009-12-14  Matthew Booth  <mbooth@redhat.com>

	Get QEMU pty paths from the monitor
	This change makes the QEMU driver get pty paths from the output of the
	monitor 'info chardev' command. This output is structured, and contains
	both the name of the device and the path on the same line. This is
	considerably more reliable than parsing the startup log output, which
	requires the parsing code to know which order QEMU will print pty
	information in.
	Note that we still need to parse the log output as the monitor itself
	may be on a pty. This should be rare, however, and the new code will
	replace all pty paths parsed by the log output method once the monitor
	is available.
	* src/qemu/qemu_monitor.(c|h) src/qemu_monitor_text.(c|h): Implement
	  qemuMonitorGetPtyPaths().
	* src/qemu/qemu_driver.c: Get pty path information using
	  qemuMonitorGetPtyPaths().

	Extract the assigned pty device for QEmu channels
	* src/qemu/qemu_driver.c: Parse pty devices for channels

	Make QEMU driver use -chardev everywhere if available
	Change -monitor, -serial and -parallel output to use -chardev if it is
	available.
	* src/qemu/qemu_conf.c: Update qemudBuildCommandLine to use -chardev where
	  available.
	* tests/qemuxml2argvtest.c tests/qemuxml2argvdata/: Add -chardev equivalents
	  for all current serial and parallel tests.

2009-12-14  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Suppress cgroup error message on sucess startup
	Even if qemudStartVMDaemon suceeds, an error was logged such as
	'qemuRemoveCgroup:1778 : internal error Unable to find cgroup for'.
	This is because qemudStartVMDaemon calls qemuRemoveCgroup to
	ensure that old cgroup does not remain. This workaround makes
	sense but leaving an error message may confuse users.
	* src/qemu/qemu_driver.c: a an option to the function to suppress the
	  error being logged

2009-12-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix reference leak in remoteDispatchStorageVolCreateXmlFrom

	Fix memory leak in virStorageBackendCopyToFD

2009-12-11  Daniel Veillard  <veillard@redhat.com>

	Fix 'make syntax-check' after iptables.c cleanup

2009-12-11  Paolo Bonzini  <pbonzini@redhat.com>

	retrieve paused/running state at migration start
	This patch fixes the bug where paused/running state is not
	transmitted during migration.  As a result, in the QEMU driver
	for example the machine was always started on the destination
	end.
	In order to do so, just read the state and if it is appropriate and
	set the VIR_MIGRATE_PAUSED flag.
	* src/libvirt.c (virDomainMigrateVersion1, virDomainMigrateVersion2):
	  Automatically add VIR_MIGRATE_PAUSED when appropriate.
	* src/xen/xend_internal.c (xenDaemonDomainMigratePerform): Give a nicer
	  error message when migration of paused domains is attempted.

	add virsh --suspend arg to migrate command
	This adds a new flag, VIR_MIGRATE_PAUSED, that mandates pausing
	the migrated VM before starting it.
	* include/libvirt/libvirt.h.in (virDomainMigrateFlags): Add VIR_MIGRATE_PAUSED.
	* src/qemu/qemu_driver.c (qemudDomainMigrateFinish2): Handle VIR_MIGRATE_PAUSED.
	* tools/virsh.c (opts_migrate): Add --suspend. (cmdMigrate): Handle it.
	* tools/virsh.pod (migrate): Document it.

	fix migration of paused vms upon failure
	This makes a small change on the failed-migration path.  Up to now,
	all VMs that failed non-live migration after the "stop" command
	were restarted.  This must not be done when the VM was paused in
	the first place.
	* src/qemu/qemu_driver.c (qemudDomainMigratePerform): Do not restart
	  a paused VM that fails migration.  Set paused state after "stop",
	  reset it after failure.

2009-12-11  Diego Elio Pettenò  <flameeyes@gmail.com>

	Small change of RNG syntax for domain
	* docs/schemas/domain.rng: As trang seems to bug with <optional><oneOrMore>
	  replace it with <zeroOrMore>

2009-12-11  Richard Jones  <rjones@redhat.com>

	qemu driver: Fix segfault in libvirt/libvirtd when uri->path is NULL.
	See also:
	https://bugzilla.redhat.com/show_bug.cgi?id=545400#c1

2009-12-11  Diego Elio Pettenò  <flameeyes@gmail.com>

	Fix a wellformedness problem in secret.rng
	* docs/schemas/secret.rng: ref tag for usagevolume wasn't closed

2009-12-10  Mark McLoughlin  <markmc@redhat.com>

	remove iptablesReloadRules() and related code
	We don't use this method of reloading rules anymore, so we can just
	kill the code.
	This simplifies things a lot because we no longer need to keep a
	table of the rules we've added.
	* src/util/iptables.c: kill iptablesReloadRules()

	remove all traces of lokkit support
	Long ago we tried to use Fedora's lokkit utility in order to register
	our iptables rules so that 'service iptables restart' would
	automatically load our rules.
	There was one fatal flaw - if the user had configured iptables without
	lokkit, then we would clobber that configuration by running lokkit.
	We quickly disabled lokkit support, but never removed it. Let's do
	that now.
	The 'my virtual network stops working when I restart iptables' still
	remains. For all the background on this saga, see:
	  https://bugzilla.redhat.com/227011
	* src/util/iptables.c: remove lokkit support
	* configure.in: remove --enable-lokkit
	* libvirt.spec.in: remove the dirs used only for saving rules for lokkit
	* src/Makefile.am: ditto
	* src/libvirt_private.syms, src/network/bridge_driver.c,
	  src/util/iptables.h: remove references to iptablesSaveRules

	reload iptables rules on libvirtd restart
	This is the expected behaviour, I think - reloading libvirtd should
	be a subset of restarting it.
	Note, we reload the rules after we've determined which networks
	are active (because we only add the rules for active networks)
	and before we start autostart networks (to avoid re-adding the
	rules).
	* src/network/bridge_driver.c: reload iptables rules on startup

	reload iptables rules simply by re-adding them
	Currently, when we add iptables rules, we keep them on a list so that
	we can easily reload them on e.g. 'service libvirtd reload'.
	However, we don't save this list to disk, so if libvirtd is restarted
	we lose the ability to reload the rules.
	The fix is simple - just re-add the damn things on reload.
	Note, we delete the rules before re-adding them, just like the current
	behaviour of iptRulesReload().
	* src/network/bridge_driver.c: re-add the iptables rules on reload.

2009-12-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add virBufferFreeAndReset() and replace free()
	Replace free(virBufferContentAndReset()) with virBufferFreeAndReset().
	Update documentation and replace all remaining calls to free() with
	calls to VIR_FREE(). Also add missing calls to virBufferFreeAndReset()
	and virReportOOMError() in OOM error cases.

2009-12-09  Jim Fehlig  <jfehlig@novell.com>

	Plumb domain description tag in xend backend
	xen-unstable changesets 20321 and 20521 added support for
	description in xend domain config.  This patch extends that
	support in xend backend.
	* src/xen/xend_internal.c: add parse and output of domain description

2009-12-09  Richard Jones  <rjones@redhat.com>

	Update location of C# bindings.

2009-12-09  Daniel P. Berrange  <berrange@redhat.com>

	Make QEMU text monitor parsing more robust
	The QEMU 0.10.0 release (and possibly other 0.10.x) has a bug where
	it sometimes/often forgets to display the initial monitor greeting
	line, soley printing a (qemu).  This in turn confuses the text
	console parsing because it has a '(qemu)' it is not expecting. The
	confusion results in a negative malloc. Bad things follow.
	This re-writes the text console handling to be more robust. The key
	idea is that it should only look for a (qemu), once it has seen the
	original command echo'd back. This ensures it'll skip the bogus stray
	(qemu) with broken QEMUs.
	* src/qemu/qemu_monitor.c: Add some (disabled) debug code
	* src/qemu/qemu_monitor_text.c: Re-write way command replies
	  are detected

	Fix virDomainObj ref handling in QEMU driver
	Since the monitor I/O is processed out of band from the main
	thread(s) invoking monitor  commands, the virDomainObj may be
	deleted by the I/O thread. The qemuDomainObjBeginJob takes an
	extra reference to protect against final deletion, but this
	reference is released by the corresponding EndJob call. THus
	after the EndJob call it may not be valid to reference the
	virDomainObj any more. To allow callers to detect this, the
	EndJob call is changed to return the remaining reference count.
	* src/conf/domain_conf.c: Make virDomainObjUnref return the
	  remaining reference count
	* src/qemu/qemu_driver.c: Avoid referencing virDomainObjPtr
	  after qemuDomainObjEndJob if it has been deleted.

2009-12-09  Daniel Veillard  <veillard@redhat.com>

	Fix the news file non-ascii characters
	by adding an explicit HTML encoding meta description

2009-12-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	Use AM_PATH_PYTHON and python-config to detect Python configuration
	Using AM_PATH_PYTHON solves the site-packages directory problem. At least
	in Ubuntu with Python 2.6 and later site-packages is renamed to dist-packages
	and site-packages is not part of sys.path anymore. So installing the libvirt
	Python bindings to site-packages renders them unusable, because they can be
	imported from there without manually including site-packages into sys.path.
	AM_PATH_PYTHON detects the correct site-packages/dist-packages directory.
	python-config --includes gives the correct include path for the Python header
	files. The old probing code stays there as fallback mechanism.
	* configure.in: use AM_PATH_PYTHON and python-config
	* python/Makefile.am: remove -I because PYTHON_INCLUDES contains it now

	Add missing commas to the 0.7.4 news section

2009-12-08  Daniel Veillard  <veillard@redhat.com>

	Change generated HTML to UTF-8 encoding
	* docs/ChangeLog.xsl docs/newapi.xsl docs/site.xsl: change all
	  stylesheets to output UTF-8 HTML instead of ISO Latin 1 which was
	  breaking on some people names.

	Avoid an type-punned pointer aliasing pbm
	Fix this warning, there is no need to use an intermediate,
	different array pointer.
	network.c: In function 'getIPv6Addr':
	network.c:50: warning: dereferencing type-punned pointer will break strict-aliasing rules
	* src/util/network.c: avoid an intermediary pointer cast

2009-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Hook up JSON monitor to emit basic lifecycle events
	* src/qemu/qemu_monitor_json.c: Hook up reset, shutdown,
	  poweroff and stop events

	Add QEMU monitor callbacks for basic lifecycle events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add callbacks
	  for reset, shutdown, poweroff and stop events. Add convenience
	  methods for emiting those events

	Switch over to passing a callback table to QEMU monitor
	With addition of events there will be alot of callbacks.
	To avoid having to add many APIs to register callbacks,
	provide them all at once in a big table
	* src/qemu/qemu_driver.c: Pass in a callback table to QEMU
	  monitor code
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h Replace
	  the EOF and disk secret callbacks with a callback table

	Support for JSON mode monitor
	Initial support for the new QEMU monitor protocol  using JSON
	as the data encoding format instead of plain text
	* po/POTFILES.in: Add src/qemu/qemu_monitor_json.c
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Hack to turn on QMP
	  mode. Replace with a version number check on >= 0.12 later
	* src/qemu/qemu_monitor.c: Delegate to json monitor if enabled
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h: Add
	  impl of QMP protocol
	* src/Makefile.am: Add src/qemu/qemu_monitor_json.{c,h}

	Introduce callbacks for serializing domain object private data to XML
	Now that drivers are using a private domain object state blob,
	the virDomainObjFormat/Parse methods are no longer able to
	directly serialize all neccessary state to/from XML. It is
	thus neccessary to introduce a pair of callbacks fo serializing
	private state.
	The code for serializing vCPU PIDs and the monitor device
	config can now move out of domain_conf.c and into the
	qemu_driver.c where they belong.
	* src/conf/capabilities.h: Add callbacks for serializing private
	  state to/from XML
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Remove the
	  monitor, monitor_chr, monitorWatch, nvcpupids and vcpupids
	  fields from virDomainObjPtr. Remove code that serialized
	  those fields
	* src/libvirt_private.syms: Export virXPathBoolean
	* src/qemu/qemu_driver.c: Add callbacks for serializing monitor
	  and vcpupid data to/from XML
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Pass monitor
	  char device config into qemuMonitorOpen directly.

	Switch LXC driver to use a private data blob for virDomainObj state
	* src/lxc/lxc_driver.c: Introduce lxcDomainObjPrivate for storing
	  monitor device state

	Switch UML driver to use a private data blob for virDomainObj state
	* src/uml/uml_driver.c: Introduce umlDomainObjPrivateData for storing
	  monitor device state. Remove unneccessary VIR_FREE on vcpupids

	Pull code to start CPUs executing out of qemudInitCpuAffinity()
	The code to start CPUs executing has nothing todo with CPU
	affinity masks, so pull it out of the qemudInitCpuAffinity()
	method and up into qemudStartVMDaemon()
	* src/qemu/qemu_driver.c: Pull code to start CPUs executing out
	  of qemudInitCpuAffinity()

	Add a 'format' arg to qemuMonitorChangeMedia() since JSON will support it
	The current QEMU disk media change does not support setting the
	disk format. The new JSON monitor will support this, so add an
	extra parameter to pass this info in
	* src/qemu/qemu_driver.c: Pass in disk format when changing media
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Add a 'format' arg to qemuMonitorChangeMedia()

	Fix migration cancellation for QEMU
	* src/qemu/qemu_monitor_text.c: Add missing underscore in the
	  migrate_cancel monitor command impl

	Move qemuMonitorEscape + migrate status enum into shared monitor code
	The qemuMonitorEscape() method, and the VIR_ENUM for migration
	status will be needed by the JSON monitor too, so move that code
	into the shared qemu_monitor.c file instead of qemu_monitor_text.c
	* src/qemu/qemu_monitor.h: Declare qemuMonitorMigrationStatus enum
	  and qemuMonitorEscapeArg and qemuMonitorEscapeShell methods
	* src/qemu/qemu_monitor.c: Implement qemuMonitorMigrationStatus enum
	  and qemuMonitorEscapeArg and qemuMonitorEscapeShell methods
	* src/qemu/qemu_monitor_text.c: Remove above methods/enum

	Fix crash when deleting monitor while a command is in progress
	If QEMU shuts down while we're in the middle of processing a
	monitor command, the monitor will be freed, and upon cleaning
	up we attempt to do  qemuMonitorUnlock(priv->mon) when priv->mon
	is NULL.
	To address this we introduce proper reference counting into
	the qemuMonitorPtr object, and hold an extra reference whenever
	executing a command.
	* src/qemu/qemu_driver.c: Hold a reference on the monitor while
	  executing commands, and only NULL-ify the priv->mon field when
	  the last reference is released
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add reference
	  counting to handle safe deletion of monitor objects

2009-12-08  Guido Günther  <agx@sigxcpu.org>

	udev_device_get_devpath might return NULL
	Fix crash on strdup in that case.

2009-12-08  Daniel Veillard  <veillard@redhat.com>

	Fix a compilation failure if yajl not avail
	configure:     yajl: no
	CC     libvirt_util_la-json.lo
	util/json.c:32:27: error: yajl/yajl_gen.h: No such file or directory
	util/json.c:33:29: error: yajl/yajl_parse.h: No such file or directory
	* src/util/json.c: remove the includes if yajl not configured in

2009-12-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compilation for configure --disable-nls

	vbox: Update IIDs from version 3.1-beta2 to 3.1-final
	This solves the 'nsIEventQueue object is null' error when trying
	to connect to a VirtualBox 3.1 hypervisor instance.

2009-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix ReprotError vs ReportError typo in JSON code
	* src/util/json.c: Fix ReprotError typo when YAJL is not available

	Fix inverted conditional test in configure.ac check for yajl
	* configure.in: Fix inverted conditional test when yajl is not
	  found

2009-12-07  Daniel P. Berrange  <berrange@redhat.com>

	Introduce a simple API for handling JSON data
	This introduces simple API for handling JSON data. There is
	an internal data structure 'virJSONValuePtr' which stores a
	arbitrary nested JSON value (number, string, array, object,
	nul, etc).  There are APIs for constructing/querying objects
	and APIs for parsing/formatting string formatted JSON data.
	This uses the YAJL library for parsing/formatting from
	 http://lloyd.github.com/yajl/
	* src/util/json.h, src/util/json.c: Data structures and APIs
	  for representing JSON data, and parsing/formatting it
	* configure.in: Add check for yajl library
	* libvirt.spec.in: Add build requires for yajl
	* src/Makefile.am: Add json.c/h
	* src/libvirt_private.syms: Export JSON symbols to drivers

	Add --system flag to autogen.sh to make it easy to build with right prefix
	Add a --system flag to autogen.sh which gets turned into the args
	--prefix=/usr --sysconfdir=/etc --localstatedir=/var to make it
	easy to build with settings that match an RPM build
	* autogen.sh: Add --system flag

2009-12-05  Jiri Denemark  <jdenemar@redhat.com>

	Export all symbols from xml.h for internal use
	Some of the very useful calls for XML parsing provided by util/xml.[ch]
	were not exported as private symbols. This patch fixes this.

2009-12-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Use virIndexToDiskName() in vboxGenerateMediumName()

2009-12-05  Jiri Denemark  <jdenemar@redhat.com>

	Tests for interface type/model configuration
	add a set of tests for Xen interface type and model configurations

2009-12-04  Jiri Denemark  <jdenemar@redhat.com>

	Support for interface model='netfront'
	Xen HVM guests with PV drivers end up with two network interfaces for
	each configured interface. One of them being emulated by qemu and the
	other one paravirtual. As this might not be desirable, the attached
	patch provides a way for users to specify that only paravirtual network
	interface should be presented to the guest.
	The configuration was inspired by qemu/kvm driver, for which users can
	specify model='virtio' to use paravirtual network interface.
	The patch adds support for model='netfront' which results in
	type=netfront instead of type=ioemu (or nothing for newer xen versions)
	in guests native configuration. Xen's qemu ignores interfaces with
	type != ioemu and only paravirtual network device will be seen in the
	guest.
	Four possible configuration scenarios follow:
	- no model specified in domain's XML
	    - libvirt will behave like before this change; it will set
	      type=ioemu for HVM guests on xen host which is not newer than
	      XEND_CONFIG_MAX_VERS_NET_TYPE_IOEMU
	    - covered by existing tests
	- PV guest, any model
	    - no functional change, model is passed as is (and ignored by the
	      hypervisor)
	    - covered by existing tests (e.g., *-net-e1000.*)
	- HVM guest, model=netfront
	    - type is set to "netfront", model is not specified
	    - covered by new *-net-netfront.* tests
	- HVM guest, model != netfront
	    - type is set to "ioemu", model is passed as is
	    - covered by new *-net-ioemu.* tests
	The fourth scenario feels like a regression for xen newer than
	XEND_CONFIG_MAX_VERS_NET_TYPE_IOEMU as users who had a model specified
	in their guest's configuration won't see a paravirtual interface in
	their guests any more. On the other hand, the reason for specifying a
	model is most likely the fact that they want to use such model which
	implies emulated interface. Users of older xen won't be affected at all
	as their xen provides paravirtual interface regardless of the type used.
	- src/xen/xend_internal.c: add netfront support for the xend backend
	- src/xen/xm_internal.c: add netfront support for the XM serialization too

2009-12-04  Pritesh Kothari  <pritesh.kothari@sun.com>

	vbox: Add support for version 3.1
	Also fixed serial port configuration which was broken due to recent
	change in virDomainChrDef where targetType was newly added.
	* src/Makefile.am: add new files
	* src/vbox/vbox_driver.c: add case for version 3.1
	* src/vbox/vbox_tmpl.c: refactor common patterns into macros, support for
	  version 3.1, serial port configuration fix
	* src/vbox/vbox_CAPI_v3_1.h, src/vbox/vbox_V3_1.c: generated code

2009-12-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add virIndexToDiskName and fix mapping gap
	esxVMX_IndexToDiskName handles indices up to 701. This limit comes
	from a mapping gap in virDiskNameToIndex:
	  sdzy -> 700
	  sdzz -> 701
	  sdaaa -> 728
	  sdaab -> 729
	This line in virDiskNameToIndex causes this gap:
	  idx = (idx + i) * 26;
	Fixing it by altering this line to:
	  idx = (idx + (i < 1 ? 0 : 1)) * 26;
	Also add a new version of virIndexToDiskName that handles the inverse
	mapping for arbitrary indices.
	* src/esx/esx_vmx.[ch]: remove esxVMX_IndexToDiskName
	* src/util/util.[ch]: add virIndexToDiskName and fix mapping gap
	* tests/esxutilstest.c: update test to verify that the gap is fixed

	Fix some locking issues
	* src/conf/domain_conf.c: don't call virDomainObjUnlock twice
	* src/qemu/qemu_driver.c: relock driver lock if an error occurs in
	  qemuDomainObjBeginJobWithDriver, enter/exit monitor with driver
	  in qemudDomainSave

2009-12-03  Daniel Veillard  <veillard@redhat.com>

	Fix missing background color

2009-12-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix event test timer checks on kernels with HZ=100
	On kernels with HZ=100, the resolution of sleeps in poll() is
	quite bad. Doing a precise check on the expiry time vs the
	current time will thus often thing the timer has not expired
	even though we're within 10ms of the expected expiry time. This
	then causes another pointless sleep in poll() for <10ms. Timers
	do not need to have such precise expiration, so we treat a timer
	as expired if it is within 20ms of the expected expiry time. This
	also fixes the eventtest.c test suite on kernels with HZ=100
	* daemon/event.c: Add 20ms fuzz when checking for timer expiry

2009-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in QEMU driver webpage
	* docs/drvqemu.html.in: Fix typo describing URI driver protocol

2009-11-30  Paolo Bonzini  <pbonzini@redhat.com>

	Add another SENTINEL attribute
	* src/xen/xend_internal.c (xend_op): Add ATTRIBUTE_SENTINEL.

2009-11-27  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Clarify documentation for private symbols
	The instruction "See Makefile.am" in libvirt.private_syms
	always makes me think that this file is autogenerated
	and should not be touched manually. This patch spares
	every reader of libvirt.private_syms the hassle of
	reading Makefile.am before augmenting libvirt.private_syms.

	Fix help message
	The configuration file setting is overriden by -f or --config, but
	not with -c

2009-11-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix threading problems in python bindings
	* libvirt-override.c: Add many missing calls to allow threading
	  when entering C code, otherwise python blocks & then deadlocks
	  when we have an async event to dispatch back into python code.
	  Fix return value check for virDomainPinVcpu binding.

	Supress annoying libcap-ng errors from valgrind
	* tests/.valgrind.supp: Ignore capng problems

	Fix two leaks in test driver
	* src/test/test_driver.c: Fix leak of vcpu info, and nodedevice
	  info

	Free cgroup device ACL list on driver shutdown
	* src/qemu/qemu_driver.c: Free cgroup ACLs

2009-11-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	xen: Fix unconditional freeing in xenDaemonListDefinedDomains()
	Commit 790f0b3057787bb64da8c46c111ff8d3eff7b2af causes the contents of
	the names array to be freed even on success, resulting in no listing of
	defined but inactive Xen domains.
	Spotted by Jim Fehlig

2009-11-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix default disk type when parsing QEMU argv
	* src/qemu/qemu_conf.c: Fix default disk type to be 'FILE'
	  again, after previous commit accidentally changed it

2009-11-24  Gerhard Stenzel  <gerhard.stenzel@de.ibm.com>

	remove port filter when network device is detached
	* src/qemu/qemu_driver.c: remove the port filter if the network device
	  is detached via virDomainDetachDevice.

2009-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Support QEMU's virtual FAT block device driver
	Introduce a new type="dir"  mode for <disks> that allows use of
	QEMU's  virtual FAT block device driver. eg
	    <disk type='dir' device='floppy'>
	      <source dir='/tmp/test'/>
	      <target dev='fda' bus='fdc'/>
	      <readonly/>
	    </disk>
	gets turned into
	  -drive file=fat:floppy:/tmp/test,if=floppy,index=0
	Only read-only disks are supported with virtual FAT mode
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Add type="dir"
	* docs/schemas/domain.rng: Document new disk type
	* src/xen/xend_internal.c, src/xen/xm_internal.c: Raise error for
	  unsupported disk types
	* tests/qemuxml2argvdata/qemuxml2argv-disk-cdrom-empty.args: Fix
	  empty disk file handling
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-fat.args,
	  tests/qemuxml2argvdata/qemuxml2argv-disk-drive-fat.xml,
	  tests/qemuxml2argvdata/qemuxml2argv-floppy-drive-fat.args,
	  tests/qemuxml2argvdata/qemuxml2argv-floppy-drive-fat.xml
	  tests/qemuxml2argvtest.c: Test QEMU vitual FAT driver
	* src/qemu/qemu_conf.c: Support generating fat:/some/dir type
	  disk args
	* src/security/security_selinux.c: Temporarily skip labelling
	  of directory based disks

	Alternate CPU affinity impl to cope with NR_CPUS > 1024
	The cpu_set_t type can only cope with NR_CPUS <= 1024, beyond this
	it is neccessary to use alternate CPU_SET maps with a dynamically
	allocated CPU map
	* src/util/processinfo.c: Support new unlimited size CPU set type

	Pull schedular affinity code out into a separate module
	* src/Makefile.am: Add processinfo.h/processinfo.c
	* src/util/processinfo.c, src/util/processinfo.h: Module providing
	  APIs for getting/setting process CPU affinity
	* src/qemu/qemu_driver.c: Switch over to new APIs for schedular
	  affinity
	* src/libvirt_private.syms: Export virProcessInfoSetAffinity
	  and virProcessInfoGetAffinity to internal drivers

	Ignore docs/ directory for strcmp() syntax check
	* .x-sc_prohibit_strcmp_and_strncmp: Ignore docs/

2009-11-23  Dan Kenigsberg  <danken@redhat.com>

	Fix news.html validation

2009-11-21  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.7.4
	0.7.3 was broken
	* configure.in docs/news.html.in: release of 0.7.4
	* configure.in libvirt.spec.in: require netcf >= 0.1.4
	* src/Makefile.am: node_device/node_device_udev.h was missing from
	  NODE_DEVICE_DRIVER_UDEV_SOURCES breaking compilation on platforms with
	  udev

	Release of libvirt-0.7.3
	* configure.in docs/news.html.in libvirt.spec.in: describe new release
	* po/*.po*: regenerate

2009-11-20  Daniel P. Berrange  <berrange@redhat.com>

	Enable udev instead of hal on F12 / RHEL-6 or later
	HAL has been deprecated since F12 and RHEL-6, so if building on
	these platforms, switch on the udev driver instead
	* libvirt.spec.in: Activate udev on F12/RHEL6

2009-11-20  Cole Robinson  <crobinso@redhat.com>

	Document overriding domain interface target
	* docs/formatdomain.html.in: document that vnet and vif are reserved
	  names and will be ignored if manually specified.

	python: Actually implement list*Interfaces bindings
	* python/generator.py python/libvirt-override-api.xml
	  python/libvirt-override.c: implement the bindings for
	  virConnectListInterfaces() and virConnectListDefinedInterfaces()

2009-11-20  Daniel Veillard  <veillard@redhat.com>

	514532 Fix man page, most operation are synchronous
	* tools/virsh.pod: the man page was stating that most operations
	  are asynchronous while in fact most of them are synchronous except
	  domain shutdown, setvcpus and setmem.

	504262 Check for duplicated UUID in XM Xen defines
	* src/xen/xm_internal.c: the XM driver was not checking for previously
	  defined UUID on new defines. Similar to virDomainObjIsDuplicate()
	  behaviour.

	512069 fix domain XML schemas for backward compatibility
	For backward compatibility we used to add the tty path as
	a tty attribute on console of type pty, duplicating the value
	now found in source/@path, but the Relax-NG grammar wasn't
	extended for this
	    <console type='pty' tty='/dev/pts/8'>
	      <source path='/dev/pts/8'/>
	      <target port='0'/>
	    </console>
	* docs/schemas/domain.rng: allow an optional tty attribute
	  containing a devicePath

2009-11-20  Steve Yarmie  <steve.yarmie@gmail.com>

	qemu-kvm needs -enable-kvm flag for VT optimization
	Recent qemu releases require command option '-enable-qemu' in order
	for the kvm functionality be activated. Libvirt needs to pass this flag
	to qemu when starting a domain. Note that without the option,
	even if both the kernel and qemu support KVM, KVM will not be activated
	and VMs will be very slow.
	* src/qemu/qemu_conf.h src/qemu/qemu_conf.c: parse the extra command
	  line option from help and add it when running kvm
	* tests/qemuhelptest.c: this modified the flags output for qemu-0.10.5
	  and qemu-kvm-0.11.0-rc2 regression tests

	fix deprecated iptables command syntax
	* src/util/iptables.c: `--option !  this` is deprecated in favor of
	  `! --option this` syntax, change the output command accordingly

2009-11-19  Dave Allan  <dallan@redhat.com>

	remove sysfs_path and parent_sysfs_path from XML
	Erroneously included the sysfs_path and parent_sysfs_path elements in
	the node device xml, they were not supposed to show up there
	* src/conf/node_device_conf.c: remove the output of the 2 fields

	Removing devicePath member from dev struct
	I realized that I inadvertently added a member to the def struct to
	contain each device's sysfs path when there was an existing member in the
	dev struct for "OS specific path to device metadat, eg sysfs"  Since the
	udev backend needs to record the sysfs path while it's in the process of
	creating the device, before the dev struct gets allocated, I chose to
	remove the member from the dev struct.
	* src/conf/node_device_conf.c src/conf/node_device_conf.h
	  src/node_device/node_device_driver.c src/node_device/node_device_hal.c
	  src/node_device/node_device_udev.c: remove devicePath from the
	  structure and use def->sysfs_path instead

	report OOM in two places in node_device_driver.c
	* src/node_device/node_device_driver.c: two places where not calling
	  virReportOOMError after strdup failure

2009-11-19  Daniel P. Berrange  <berrange@redhat.com>

	Ensure driver lock is released when entering QEMU monitor
	The qemudStartVMDaemon() and several functions it calls use
	the QEMU monitor. The QEMU driver is locked while this function
	is executing, so it is rquired to release the driver lock and
	reacquire it either side of issuing a monitor command. It
	failed todo so, leading to deadlock
	* qemu/qemu_driver.c: Release driver when in qemudStartVMDaemon
	  and things it calls

2009-11-17  Daniel Veillard  <veillard@redhat.com>

	Updated localization and regenerated the pos
	updated el.po es.po or.po pl.po ta.po te.po
	ran make update-po

2009-11-17  Matthew Booth  <mbooth@redhat.com>

	Fix typo in error message

2009-11-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	Whitespace cleanup for pre-tags on the website

2009-11-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix type in configure output summary
	* configure.in: Fix typo in PCIACCESS_LIBS

2009-11-17  Daniel Veillard  <veillard@redhat.com>

	Remove a compilation warning on uninitialized var

2009-11-16  Guido Günther  <agx@sigxcpu.org>

	only remove masquerade roles for VIR_NETWORK_FORWARD_NAT
	Fixes http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549949

2009-11-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix CPU clock Hz to MHz conversion

	esx: Fix memory leak in esxVI_HostCpuIdInfo_Free()

	esx: Fix MAC address formatting
	VMware uses two MAC address prefixes: 00:0c:29 and 00:50:56. The 00:0c:29
	prefix is used for ESX server generated addresses. The 00:50:56 prefix is
	split into two parts. MAC addresses above 00:50:56:3f:ff:ff are generated
	by a vCenter. The rest of the 00:50:56 prefix can be assigned manually.
	Any MAC address within the 00:0c:29 and 00:50:56 prefix can be specified
	in a domain XML config and the driver will handle the details internally.
	* src/esx/esx_vmx.c: fix MAC address formatting
	* tests/xml2vmxdata/*: update test files accordingly

	esx: Handle 'vmxnet3' in esxVMX_FormatEthernet()
	In commit 3c80fac2588cbc9e5ee7e7069e1ca4468f2359d3 'vmxnet3' handling
	was added to esxVMX_ParseEthernet(), but not to the inverse function
	esxVMX_FormatEthernet().

	esx: Add documentation to the website
	* docs/drivers.html.in: list the ESX driver
	* docs/drvesx.html.in: the new ESX driver documentation
	* docs/hvsupport.html.in: add the ESX driver to the matrix
	* docs/index.html.in, docs/sitemap.html.in: list the ESX driver
	* src/esx/esx_driver.c: fix and cleanup some comments

	Change DTD references to use public instead of system identifier
	Debian's /etc/xml/catalog doesn't contain system identifiers, so use
	public identifiers instead.
	* docs/Makefile.am: use public instead of system identifier
	* docs/site.xsl: use matching public identifier

2009-11-15  Jim Fehlig  <jfehlig@novell.com>

	Fix compilation of libvirt against xen-unstable
	* src/xen/xen_hypervisor.c: xen-unstable changeset 19788 removed
	  MAX_VIRT_CPUS from public headers, breaking compilation of libvirt
	  on -unstable.  Its semanitc was retained with XEN_LEGACY_MAX_VCPUS.
	  Ensure MAX_VIRT_CPUS is defined accordingly.

2009-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix probing for libpciaccess
	If 'with_udev=check' then missing pciaccess should not be a fatal
	error. It should merely disable the udev driver.
	* configure.in: Fix pciaccess check to be non-fatal

	Remove obsolte devicekit checks
	Device kit support was removed, but the configure.ac checks were
	left in place. A number of the XXX_REQUIRED=X.Y.Z variables were
	not declared in the correct location (ie top of the file)
	* configure.in: Remove device kit checks & move mis-placed variables
	  to correct location

	Fix incorrect reference counting logic in qemu monitor open
	The QEMU monitor open method would not take a reference on
	the virDomainObjPtr until it had successfully opened the
	monitor. The cleanup code upon failure to open though would
	call qemuMonitorClose() which would in turn decrement the
	reference count. This caused the virDoaminObjPtr to be mistakenly
	freed and then the whole driver crashes
	* src/qemu/qemu_monitor.c: Fix reference counting in
	  qemuMonitorOpen

	Don't return fatal error in HAL driver init if HAL isn't running
	The HAL driver returns a fatal error code in the case where HAL
	is not running. This causes the entire libvirtd daemon to quit
	which isn't desirable. Instead it should simply disable the HAL
	driver
	* src/node_device/node_device_hal.c: Quietly disable HAL if it is
	  not running

	Fix cleanup when state driver init fails
	* daemon/libvirtd.c: Fix incorrect goto label causing cleanup to
	  be missed when state driver init fails

2009-11-13  Matthew Booth  <mbooth@redhat.com>

	Small guestfwd code cleanup
	* src/qemu/qemu_conf.c: Remove and inline qemudBuildCommandLineChrDevTargetStr

	Small indentation cleanup of domain schema

2009-11-13  Jamie Strandboge  <jamie@canonical.com>

	AppArmor code cleanups
	* src/security/security_apparmor.c: a few code cleanups following a
	  review on the list

	AppArmor handling of accesses to readonly files
	Fixes https://launchpad.net/bugs/453335
	* src/security/virt-aa-helper.c: suppress confusing and misleading
	  apparmor denied message when kvm/qemu tries to open a libvirt specified
	  readonly file (such as a cdrom) with write permissions. libvirt uses
	  the readonly attribute for the security driver only, and has no way
	  of telling kvm/qemu that the device should be opened readonly

	AppArmor require absolute paths
	Fixes https://launchpad.net/bugs/460271
	* src/security/virt-aa-helper.c: require absolute path for dynamic added
	  files. This is required by AppArmor and conveniently prevents adding
	  tcp consoles to the profile

	AppArmor updates of examples
	* examples/apparmor/libvirt-qemu: adds pulseaudio, alsa and preliminary
	  save/restore to the example apparmor abstraction
	* examples/apparmor/usr.sbin.libvirtd: allows libvirtd access to inet
	  dgram, inet6 dgram, inet6 stream and /usr/lib/libvirt/*

2009-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Check that domain is running when starting console
	The 'virsh console' command did not check if the domain was
	already running before attempting to fetch the XML and extract
	the console PTY path. This caused a slightly unhelpful / misleading
	error message for the user. The explicit check ensures the user
	gets an explicit 'domain is not running' message.
	* tools/virsh.c: Validate that state != VIR_DOMAIN_SHUTOFF in
	  virsh console command

	Fix incorrect variable passed to LXC event callback
	The wrong variable was being passed in with the LXC event callback
	resulting in a later deadlock or crash
	* src/lxc/lxc_driver.c: Pass 'vm' instead of 'driver' to event
	  callback

	Fix check for existance of cgroups at creation
	In the scenario where the cgroups were mounted but the
	particular group did not exist, and the caller had not
	requested auto-creation, the code would fail to return
	an error condition. This caused the lxc_controller to
	think the cgroup existed, and it then later failed when
	attempting to use it
	* src/util/cgroup.c: Raise an error if the cgroup path does not
	  exist

	Fix race condition in HAL driver startup
	There is a race condition in HAL driver startup where the callback
	can get triggered before we have finished startup. This then causes
	a deadlock in the driver.
	* src/node_device/node_device_hal.c: RElease driver lock before
	  registering DBus callbacks

	Fix formatting of XML for an inactive guest
	If the virDomainDefPtr object has an 'id' of -1, then forcably
	set the VIR_DOMAIN_XML_INACTIVE flag to ensure generated XML
	does not include any cruft from the previously running guest
	such as console PTY path, or VNC port.
	* src/conf/domain_conf.c: Set VIR_DOMAIN_XML_INACTIVE if
	  def->id is -1. Replace checks for def->id == -1 with
	  check against flags & VIR_DOMAIN_XML_INACTIVE.

	Remove capng_lock() call when spawning LXC container init process
	The capng_lock() call sets the SECURE_NO_SETUID_FIXUP and SECURE_NOROOT
	bits on the process. This prevents the kernel granting capabilities to
	processes with an effective UID of 0, or with setuid programs. This is
	not actually what we want in the container init process. It should be
	allowed to run setuid processes & keep capabilities when root. All that
	is required is masking a handful of dangerous capabilities from the
	bounding set.
	* src/lxc/lxc_container.c: Remove bogus capng_lock() call.

	Fix initscript to check daemon pidfile
	The libvirtd initscript could get confused between the system and
	session instances of the daemon. To avoid this it is neccessary
	to check the pidfile explicitly.
	* daemon/libvirtd.init.in: Always check the pidfile of the system
	  daemon to avoid confusion with the session daemons

2009-11-13  Jamie Strandboge  <jamie@canonical.com>

	Fix virt-aa-helper when host and os.type arch differ
	* src/security/virt-aa-helper.c: get_definition() now calls the new
	  caps_mockup() function which will parse the XML for os.type,
	  os.type.arch and then sets the wordsize.  These attributes are needed
	  only to get a valid virCapsPtr for virDomainDefParseString(). The -H
	  and -b options are now removed from virt-aa-helper (they weren't used
	  yet anyway).
	* tests/virt-aa-helper-test: extend and fixes tests, chmod'ed 755

2009-11-13  David Allan  <dallan@redhat.com>

	Add translation of PCI vendor and product IDs
	uses libpciaccess to provide human readable names for PCI vendor and
	device IDs
	* configure.in: add a requirement for libpciaccess >= 0.10.0
	* src/Makefile.am: add the associated compilation flags and link
	* src/node_device/node_device_udev.c: lookup the libpciaccess for
	  vendor name and product name based on their ids

	Remove DevKit node device backend
	* configure.in src/Makefile.am: remove the configuration check and
	  build instructions
	* src/node_device/node_device_devkit.c: removed the module
	* src/node_device/node_device_driver.c src/node_device/node_device_driver.h:
	  removed references to the old backend

	Add scsi_target device type
	* src/conf/node_device_conf.h src/conf/node_device_conf.c: add specific
	  support for SCSI target in node device capabilities
	* src/node_device/node_device_udev.c: add some extra detection code
	  when handling udev output

	Implement a node device backend using libudev
	* configure.in: add new --with-udev, disabled by default, and requiring
	  libudev > 145
	* src/node_device/node_device_udev.c src/node_device/node_device_udev.h:
	  the new node device backend
	* src/node_device/node_device_linux_sysfs.c: moved node_device_hal_linux.c
	  to a better file name
	* src/conf/node_device_conf.c src/conf/node_device_conf.h: add a couple
	  of fields in node device definitions, and an API to look them up,
	  remove a couple of unused fields from previous patch.
	* src/node_device/node_device_driver.c src/node_device/node_device_driver.h:
	  plug the new driver
	* po/POTFILES.in src/Makefile.am src/libvirt_private.syms: add the new
	  files and symbols
	* src/util/util.h src/util/util.c: add a new convenience macro
	  virBuildPath and virBuildPathInternal() function

	Add several fields to node device capabilities
	* src/conf/node_device_conf.h src/conf/node_device_conf.c: add the new
	  fields in the structure as well as parsing and serialization

2009-11-12  Cole Robinson  <crobinso@redhat.com>

	Add virConnectGetLibvirtVersion API
	There is currently no way to determine the libvirt version of a remote
	libvirtd we are connected to. This is a useful piece of data to enable
	feature detection.

2009-11-12  Maximilian Wilhelm  <max@rfc2324.org>

	Implement finer grained migration control for Xen
	* src/xen/xen_driver.c: Add support for VIR_MIGRATE_PERSIST_DEST flag
	* src/xen/xend_internal.c: Add support for VIR_MIGRATE_UNDEFINE_SOURCE flag
	* include/libvirt/virterror.h, src/util/virterror.c: Add new errorcode
	  VIR_ERR_MIGRATE_PERSIST_FAILED

2009-11-12  pritesh  <Pritesh.Kothari@Sun.COM>

	Support for SATA Disks in virDomainDiskBus
	* src/conf/domain_conf.h src/conf/domain_conf.c: add the new entry in
	  the enum and lists of virDomainDiskBus
	* src/qemu/qemu_conf.c: same for virDomainDiskQEMUBus

2009-11-12  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC implement missing DomainInterfaceStats API
	* src/lxc/lxc_driver.c: add lxcDomainInterfaceStats implementing
	  virDomainInterfaceStats()

2009-11-12  Daniel P. Berrange  <berrange@redhat.com>

	Filter out stale domains from xenstore listing
	The xenstore database sometimes has stale domain IDs which are not
	present in the hypervisor anymore. Filter these out to avoid causing
	confusion
	* src/xen/xs_internal.c: Filter domain IDs against HV's list
	* src/xen/xen_hypervisor.h, src/xen/xen_hypervisor.c: Add new
	  xenHypervisorHasDomain() method for checking ID validity

2009-11-12  Jonas Eriksson  <jonas.j.eriksson@ericsson.com>

	Fix logic in xenUnifiedNumOfDomains to match xenUnifiedListDomains
	The xenUnifiedNumOfDomains and xenUnifiedListDomains methods work
	together as a pair, so it is critical they both apply the same
	logic. With the current mis-matched logic it is possible to sometimes
	get into a state when you miss certain active guests.
	* src/xen/xen_driver.c: Change xenUnifiedNumOfDomains ordering to
	  match xenUnifiedListDomains.

2009-11-12  Daniel P. Berrange  <berrange@redhat.com>

	Disable IPv6 socket auto-binding to IPv4 socket
	Sometimes getaddrinfo returns IPv4 addresses before IPv6 addresses.
	IPv6 sockets default to attempting to bind to IPv4 addresses too.
	So if the IPv4 address is activated first, then binding to IPv6
	will unneccessarily fail.
	* daemon/libvirtd.c: Bind to IPv6 and IPv4 addresses separately

	Exclude numactl on s390[x]
	The numactl package is not applicable for s390[x] arches, so do
	not enable it as a build dep.
	* libvirt.spec.in: Exclude numactl on s390[x]

2009-11-12  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Fix error handling in qemuMonitorOpen
	* src/qemu/qemu_monitor.c: add error check for qemuMonitorOpenXXX
	  returned file descriptor

2009-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix save and restore with non-privileged guests and SELinux
	When running qemu:///system instance, libvirtd runs as root,
	but QEMU may optionally be configured to run non-root. When
	then saving a guest to a state file, the file is initially
	created as root, and thus QEMU cannot write to it. It is also
	missing labelling required to allow access via SELinux.
	* src/qemu/qemu_driver.c: Set ownership on save image before
	  running migrate command in virDomainSave impl. Call out to
	  security driver to set save image labelling
	* src/security/security_driver.h: Add driver APIs for setting
	  and restoring saved state file labelling
	* src/security/security_selinux.c: Implement saved state file
	  labelling for SELinux

2009-11-11  Gerhard Stenzel  <gstenzel@linux.vnet.ibm.com>

	disable mac_filter config switch by default
	* src/qemu/qemu.conf:  disables the mac_filter config switch by default
	  to match existing convention, also document the option

2009-11-11  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Prevent initializing ebtables if disabled in qemu.conf
	* src/qemu/qemu_conf.c: don't initialize ebtables if
	  disabled

2009-11-11  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: too much timeout when polling socket
	* src/phyp/phyp_driver.c: a 10s timeout on socket availability was way
	  too long, reduced to 1ms

2009-11-11  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Fix warning on make due to missing cast (int)
	* src/qemu/qemu_monitor.c src/qemu/qemu_monitor_text.c: cast size_t to
	  int when passing to '%d'

2009-11-11  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: Reorder keyboard_interactive label in openSSHSession()
	Finish changes intended to be part of commit
	6c70802374d1cb9316769fea750a6c2c198901ff

2009-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Implmentation of new APIs to checking state/persistence of objects
	This implements the virConnectIsSecure, virConnectIsEncrypted,
	virDomainIsPersistent, virDomainIsActive, virNetworkIsActive,
	virNetworkIsPersistent, virStoragePoolIsActive,
	virStoragePoolIsPersistent, virInterfaceIsActive APIs in
	(nearly) all drivers. Exceptions are:
	 phyp: missing domainIsActive/Persistent
	 esx: missing domainIsPersistent
	 opennebula: missing domainIsActive/Persistent
	* src/remote/remote_protocol.x: Define remote wire ABI for newly
	  added APIs.
	* daemon/remote_dispatch*.h: Re-generated from remote_protocol.x
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/opennebula/one_driver.c, src/openvz/openvz_conf.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
	  src/remote/remote_driver.c, src/storage/storage_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c, src/xen/xen_driver.h, src/xen/xen_inotify.c,
	  src/xen/xen_inotify.h: Implement all the new APIs where possible

	New APIs for checking some object properties
	Introduce a number of new APIs to  expose some boolean properties
	of objects, which cannot otherwise reliably determined, nor are
	aspects of the XML configuration.
	 * virDomainIsActive: Checking virDomainGetID is not reliable
	   since it is not possible to distinguish between error condition
	   and inactive domain for ID of -1.
	 * virDomainIsPersistent: Check whether a persistent config exists
	   for the domain
	 * virNetworkIsActive: Check whether the network is active
	 * virNetworkIsPersistent: Check whether a persistent config exists
	   for the network
	 * virStoragePoolIsActive: Check whether the storage pool is active
	 * virStoragePoolIsPersistent: Check whether a persistent config exists
	   for the storage pool
	 * virInterfaceIsActive: Check whether the host interface is active
	 * virConnectIsSecure: whether the communication channel to the
	   hypervisor is secure
	 * virConnectIsEncrypted: whether any network based commnunication
	   channels are encrypted
	NB, a channel can be secure, even if not encrypted, eg if it does
	not involve the network, like a UNIX socket, or pipe.
	 * include/libvirt/libvirt.h.in: Define public API
	 * src/driver.h: Define internal driver API
	 * src/libvirt.c: Implement public API entry point
	 * src/libvirt_public.syms: Export API symbols
	 * src/esx/esx_driver.c, src/lxc/lxc_driver.c,
	   src/interface/netcf_driver.c, src/network/bridge_driver.c,
	   src/opennebula/one_driver.c, src/openvz/openvz_driver.c,
	   src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
	   src/remote/remote_driver.c, src/test/test_driver.c,
	   src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	   src/xen/xen_driver.c: Stub out driver tables

2009-11-11  Daniel Veillard  <veillard@redhat.com>

	Various fixes following a code review part 2
	* daemon/libvirtd.c tools/virsh.c: Steve Grubb <sgrubb@redhat.com> found
	  a few more issues

	Various fixes following a code review
	* src/libvirt.c src/lxc/lxc_conf.c src/lxc/lxc_container.c
	  src/lxc/lxc_controller.c src/node_device/node_device_hal.c
	  src/openvz/openvz_conf.c src/qemu/qemu_driver.c
	  src/qemu/qemu_monitor_text.c src/remote/remote_driver.c
	  src/storage/storage_backend_disk.c src/storage/storage_driver.c
	  src/util/logging.c src/xen/sexpr.c src/xen/xend_internal.c
	  src/xen/xm_internal.c: Steve Grubb <sgrubb@redhat.com> sent a code
	  review and those are the fixes correcting the problems

2009-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Allow timeouts waiting for QEMU job lock
	Some monitor commands may take a very long time to complete. It is
	not desirable to block other incoming API calls forever. With this
	change, if an existing API call is holding the job lock, additional
	API calls will not wait forever. They will time out after a short
	period of time, allowing application to retry later.
	* include/libvirt/virterror.h, src/util/virterror.c: Add new
	  VIR_ERR_OPERATION_TIMEOUT error code
	* src/qemu/qemu_driver.c: Change to a timed condition variable
	  wait for acquiring the monitor job lock

	Release driver and domain lock when running monitor commands
	QEMU monitor commands may sleep for a prolonged period of time.
	If the virDomainObjPtr or qemu driver lock is held this will
	needlessly block execution of many other API calls. it also
	prevents asynchronous monitor events from being dispatched
	while a monitor command is executing, because deadlock will
	ensure.
	To resolve this, it is neccessary to release all locks while
	executing a monitor command. This change introduces a flag
	indicating that a monitor job is active, and a condition
	variable to synchronize access to this flag. This ensures that
	only a single thread can be making a state change or executing
	a monitor command at a time, while still allowing other API
	calls to be completed without blocking
	* src/qemu/qemu_driver.c: Release driver and domain lock when
	  running monitor commands. Re-add locking to disk passphrase
	  callback
	* src/qemu/THREADS.txt: Document threading rules

	Fully asynchronous monitor I/O processing
	Change the QEMU monitor file handle watch to poll for both
	read & write events, as well as EOF. All I/O to/from the
	QEMU monitor FD is now done in the event callback thread.
	When the QEMU driver needs to send a command, it puts the
	data to be sent into a qemuMonitorMessagePtr object instance,
	queues it for dispatch, and then goes to sleep on a condition
	variable. The event thread sends all the data, and then waits
	for the reply to arrive, putting the response / error data
	back into the qemuMonitorMessagePtr and notifying the condition
	variable.
	There is a temporary hack in the disk passphrase callback to
	avoid acquiring the domain lock.  This avoids a deadlock in
	the command processing, since the domain lock is still held
	when running monitor commands. The next commit will remove
	the locking when running commands & thus allow re-introduction
	of locking the disk passphrase callback
	* src/qemu/qemu_driver.c: Temporarily don't acquire lock in
	  disk passphrase callback. To be reverted in next commit
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Remove
	  raw I/O functions, and a generic qemuMonitorSend() for
	  invoking a command
	* src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Remove all low level I/O, and use the new qemuMonitorSend()
	  API. Provide a qemuMonitorTextIOProcess() method for detecting
	  command/reply/prompt boundaries in the monitor data stream

2009-11-10  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: ssh authentication with public key fixed
	Use ssh keyfiles from the current user's home directory instead of trying
	to use keyfiles from a hardcoded /home/user directory. Fallback to
	username/password authentication if keyfiles are not available or keyfile
	authentication failed.

2009-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Add reference counting on virDomainObjPtr objects
	Add reference counting on the virDomainObjPtr objects. With the
	forthcoming asynchronous QEMU monitor, it will be neccessary to
	release the lock on virDomainObjPtr while waiting for a monitor
	command response. It is neccessary to ensure one thread can't
	delete a virDomainObjPtr while another is waiting. By introducing
	reference counting threads can make sure objects they are using
	are not accidentally deleted while unlocked.
	* src/conf/domain_conf.h, src/conf/domain_conf.c: Add
	  virDomainObjRef/Unref APIs, remove virDomainObjFree
	* src/openvz/openvz_conf.c: replace call to virDomainObjFree
	  with virDomainObjUnref

	Locking of the qemuMonitorPtr object
	In preparation of the monitor I/O process becoming fully asynchronous,
	it is neccessary to ensure all access to internals of the qemuMonitorPtr
	object is protected by a mutex lock.
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add mutex for locking
	  monitor.
	* src/qemu/qemu_driver.c: Add locking around all monitor commands

	Wrap text mode monitor APIs, pass qemuMonitorPtr directly to APIs
	Change the QEMU driver to not directly invoke the text mode monitor
	APIs. Instead add a generic wrapper layer, which will eventually
	invoke either the text or JSON protocol code as needed. Pass an
	qemuMonitorPtr object into the monitor APIs instead of virDomainObjPtr
	to complete the de-coupling of the monitor impl from virDomainObj
	data structures
	* src/qemu/qemu_conf.h: Remove qemuDomainObjPrivate definition
	* src/qemu/qemu_driver.c: Add qemuDomainObjPrivate definition.
	  Pass qemuMonitorPtr into all monitor APIs instead of the
	  virDomainObjPtr instance.
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add thin
	  wrappers for all qemuMonitorXXX command APIs, calling into
	  qemu_monitor_text.c/h
	* src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Rename qemuMonitor -> qemuMonitorText & update to accept
	  qemuMonitorPtr instead of virDomainObjPtr

	Move encryption lookup back into qemu driver file
	Decouple the monitor code from the virDomainDefPtr structure
	by moving the disk encryption lookup code back into the
	qemu_driver.c file. Instead provide a function callback to
	the monitor code which can be invoked to retrieve encryption
	data as required.
	* src/qemu/qemu_driver.c: Add findDomainDiskEncryption,
	  and findVolumeQcowPassphrase. Pass address of the method
	  findVolumeQcowPassphrase into qemuMonitorOpen()
	* src/qemu/qemu_monitor.c: Associate a disk
	  encryption function callback with the qemuMonitorPtr
	  object.
	* src/qemu/qemu_monitor_text.c: Remove findDomainDiskEncryption
	  and findVolumeQcowPassphrase.

	Make use of private data structure for monitor state
	Introduce a new qemuDomainObjPrivate object which is used to store
	the private QEMU specific data associated with each virDomainObjPtr
	instance. This contains a single member, an instance of the new
	qemuMonitorPtr object which encapsulates the QEMU monitor state.
	The internals of the latter are private to the qemu_monitor* files,
	not to be shown to qemu_driver.c
	* src/qemu/qemu_conf.h: Definition of qemuDomainObjPrivate.
	* src/qemu/qemu_driver.c: Register a functions for creating
	  and freeing qemuDomainObjPrivate instances with the domain
	  capabilities. Remove the qemudDispatchVMEvent() watch since
	  I/O watches are now handled by the monitor code itself. Pass
	  a new qemuHandleMonitorEOF() callback into qemuMonitorOpen
	  to allow notification when the monitor quits.
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Introduce
	  the 'qemuMonitor' object. Temporarily add new APIs
	  qemuMonitorWrite, qemuMonitorRead, qemuMonitorWaitForInput
	  to allow text based monitor impl to perform I/O.
	* src/qemu/qemu_monitor_text.c: Call APIs for reading/writing
	  to monitor instead of accessing the file handle directly.

	Move code for low level QEMU monitor interaction into separate file
	The qemu_driver.c code should not contain any code that interacts
	with the QEMU monitor at a low level. A previous commit moved all
	the command invocations out. This change moves out the code which
	actually opens the monitor device.
	* src/qemu/qemu_driver.c: Remove qemudOpenMonitor & methods called
	  from it.
	* src/Makefile.am: Add qemu_monitor.{c,h}
	* src/qemu/qemu_monitor.h: Add qemuMonitorOpen()
	* src/qemu/qemu_monitor.c: All code for opening the monitor

	Add a new timed condition variable wait API
	* src/util/threads.h, src/util/threads-pthread.c,
	  src/libvirt_private.syms: Add virCondWaitUntil()

	Fix errno handling for pthreads wrappers
	* src/util/threads-pthread.c: pthreads APIs do not set errno, instead
	  the return value is the positive errno. Set errno based on the return
	  value in the wrappers

	Make pciDeviceList struct opaque
	* src/util/pci.c, src/util/pci.h: Make the pciDeviceList struct
	  opaque to callers of the API. Add accessor methods for managing
	  devices in the list
	* src/qemu/qemu_driver.c: Update to use APIs instead of directly
	  accessing pciDeviceList fields

2009-11-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add missing OOM error checks, reports and cleanups

2009-11-09  Matthew Booth  <mbooth@redhat.com>

	Add documentation for <channel> domain element
	* src/formatdomain.html.in: Add <channel> element documentation

	Separate character device doc guest and host parts
	* docs/formatdomain.html.in: refactors the existing character device
	  documentation to make it explicit which directives configure the guest
	  interface, and which configure the host interface.

2009-11-09  Gerhard Stenzel  <gerhard.stenzel@de.ibm.com>

	Removes the ebtablesSaveRules() function
	As it was basically unimplemented and more confusing than useful
	at the moment.
	* src/libvirt_private.syms: remove from internal symbols list
	* src/qemu/qemu_bridge_filter.c src/util/ebtables.c: remove code and
	  one use of the unimplemented function

2009-11-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	opennebula: Fix potential memory/mutex leak in state driver startup
	In case of an error the domains hash and the driver mutex may leak.
	* src/opennebula/one_driver.c: free/destroy domains hash and driver
	  mutex in error cases

	Add a Python example that lists active ESX domains
	It also demonstrates how to use the libvirt.openAuth() method.
	* examples/python/Makefile.am: add esxlist.py to EXTRA_DIST
	* examples/python/README: add some notes about esxlist.py
	* examples/python/esxlist.py: the new example

2009-11-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Use actual error code instead of 0

	phyp: Don't use VIR_ALLOC if a stack variable is good enough

	phyp: Fix several UUID table related problems
	- Make reading ID from file working for IDs > 127
	- Fix inverse error check for writing ID to file
	- Use feof() to distinguish EOF from real error of fread()
	- Don't interpret libssh2 error codes as number of bytes

	phyp: Check for exit_status < 0 before parsing the result

	phyp: memcpy/memmove/memset can't fail, so don't check for error
	Also reset UUID to all 0 instead of all 48 (== '0') in phypUUIDTable_RemLpar()

	phyp: Make generic domain listing functions return -1 in case of error
	phypNumDomainsGeneric() and phypListDomainsGeneric() return 0 in case
	of an error. This makes it impossible to distinguish between an actual
	error and no domains being defined on the hypervisor. It also turn the
	no domains situation into an error. Return -1 in case of an error to
	fix this problem.

	phyp: Break potential infinite loops

	phyp: Fix memory/session leaks and potential invalid frees

	Fix configure check for libssh2
	* configure.in: add -L$libssh2_path to LIBS for the AC_TRY_LINK check

2009-11-07  Daniel Veillard  <veillard@redhat.com>

	524280 pass max lease option to dnsmasq
	* src/network/bridge_driver.c: when exec'ing dnsmaq, if there are
	  DHCP ranges defined, then compute and pass the --dhcp-lease-max
	  deriving the maximum number of leases

	Store the range size when adding a DHCP range
	* src/conf/network_conf.h: extend the structure to store the range
	* src/conf/network_conf.c: before adding a range parse the IP addresses
	  do some checking and keep the size

	Repair getIPv4Addr after the ntohl conversion
	* src/util/network.c: getIPv4Addr() got broken when the input
	  network address value got converted from network to host byte order

2009-11-06  Cole Robinson  <crobinso@redhat.com>

	qemu: Allow cpu pinning for all logical CPUs, not just physical
	This is what virsh already expects when printing output, and what
	'man cpuset' claims to support.

	qemu: Use same create/define overwrite logic for migration prepare.

	qemu: Break out function to check if we can create/define/restore
	Use this function in the qemu, uml, lxc, and test drivers.

2009-11-06  Matthew Booth  <mbooth@redhat.com>

	Cleanup whitespace in docs
	This patch is the result of running the following command in the docs
	directory: sed -i 's/\t/        /g; s/\s*$//' *.html.in
	* docs/*.html.in:convert tabs into 8 spaces and remove trailing whitespace

	Use virBuffer when building QEMU char dev command line
	* src/qemu/qemu_conf.c: Update qemudBuildCommandLineChrDevStr to use a
	  virBuffer

	Cleanup virBuffer usage in qemdBuildCommandLine
	* src/qemu_qemu_conf.c: Cleanup usage of virBuffer in qemudBuildCommandLine

2009-11-06  Paolo Bonzini  <pbonzini@redhat.com>

	Add sentinel attribute for NULL terminated arg lists
	* src/internal.h (ATTRIBUTE_SENTINEL): New, it's a ggc feature and
	  protected as such
	* src/util/buf.c (virBufferStrcat): Use it.
	* src/util/ebtables.c (ebtablesAddRemoveRule): Use it.
	* src/util/iptables.c (iptableAddRemoveRule: Use it.
	* src/util/qparams.h (new_qparam_set, append_qparams): Use it.
	* docs/apibuild.py: avoid breaking the API generator with that new
	  internal keyword macro

2009-11-06  Cole Robinson  <crobinso@redhat.com>

	test: Update inactive guest config on shutdown
	This matches the expected behavior of state drivers such as QEMU.

	test: Add testDomainShutdownState helper
	Performs changes needed when stopping a VM (which are currently duplicated
	in several places, and forgotten in others).

2009-11-06  Paolo Bonzini  <pbonzini@redhat.com>

	Fix some cut-and-paste error in migration code
	* src/qemu/qemu_driver.c: in qemudDomainMigratePerform call
	  doPeer2PeerMigrate for VIR_MIGRATE_PEER2PEER.

2009-11-06  Matthew Booth  <mbooth@redhat.com>

	Properly convert port numbers to/from network byte order
	* src/util/network.c: Add htons and ntohs in virSocket(Get|Set)Port

2009-11-06  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	POWER add create() and destroy() support
	* src/phyp/phyp_driver.[ch]: add new entry points and a number of
	  cleanups

2009-11-05  Matthew Booth  <mbooth@redhat.com>

	Ensure guestfwd address is IPv4 and various cleanups
	* include/libvirt/virterror.h src/util/virterror.c: add a new error
	  VIR_ERR_CONFIG_UNSUPPORTED for valid but unsupported configuration options
	* src/conf/domain_conf.c: Throw an error if guestfwd address isn't IPv4
	  and cleanup a number of parsing return error values.

2009-11-05  Daniel Veillard  <veillard@redhat.com>

	Forgot test case on previous commit

2009-11-05  Matthew Booth  <mbooth@redhat.com>

	Support for <channel> in domain and QEmu backend
	allows the following to be specified in a domain:
	<channel type='pipe'>
	  <source path='/tmp/guestfwd'/>
	  <target type='guestfwd' address='10.0.2.1' port='4600'/>
	</channel>
	* proxy/Makefile.am: add network.c as dep of domain_conf.c
	* docs/schemas/domain.rng src/conf/domain_conf.[ch]: extend the domain
	  schemas and the parsing/serialization side for the new construct
	QEmu support will add the following on the qemu command line:
	 -chardev pipe,id=channel0,path=/tmp/guestfwd
	 -net user,guestfwd=tcp:10.0.2.1:4600-chardev:channel0
	* src/qemu/qemu_conf.c: Add argument output for channel
	* tests/qemuxml2(argv|xml)test.c: Add test for <channel> domain syntax

	Detect availability of QEMU -chardev CLI option
	* src/qemu/qemu_conf.h: defines a new QEMUD_CMD_FLAG_CHARDEV flag
	* src/qemu/qemu_conf.c: parse the output for -chardev and set flag
	  appropriately

	Allow character devices to have different target types
	A character device's target (it's interface in the guest) had only a
	single property: port. This patch is in preparation for adding targets
	which require other properties.
	Since this changes the conf type for character devices this affects
	a number of drivers:
	* src/conf/domain_conf.[ch] src/esx/esx_vmx.c src/qemu/qemu_conf.c
	  src/qemu/qemu_driver.c src/uml/uml_conf.c src/uml/uml_driver.c
	  src/vbox/vbox_tmpl.c src/xen/xend_internal.c src/xen/xm_internal.c:
	  target properties are moved into a union in virDomainChrDef, and a
	  targetType field is added to identify which union member should be
	  used. All current code which touches a virDomainChrDef is updated both
	  to use the new union field, and to populate targetType if necessary.

2009-11-05  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC allow container to have ethN interfaces
	Current implementation of lxc driver creates vethN named
	interface(s) in the host and passes as it is to a container.
	The reason why it doesn't use ethN is due to the limitation
	that one namespace cannot have multiple iterfaces that have
	an identical name so that we give up creating ethN named
	interface in the host for the container.
	However, we should be able to allow the container to have
	ethN by changing the name after clone(CLONE_NEWNET).
	* src/lxc/lxc_container.c src/lxc/veth.c src/lxc/veth.h: do the clone
	  and then renames interfaces eth0 ... ethN to keep the interface names
	  familiar in the domain

	LXC cleanup deep indentation in lxcDomainSetAutostart
	* src/lxc/lxc_driver.c: refactor lxcDomainSetAutostart() to avoid deep
	  indentation of the code

	LXC messages cleanup and fix lxcError
	* src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c
	  src/lxc/veth.c: most of cleanups are just capitalizing their messages
	  though, some fixes wrong error messages and awkward indentations, and
	  improves error messages.

	LXC fix wrong or out-of-date function descriptions
	* src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c
	  src/lxc/veth.c: fix broken function comments

2009-11-05  Cole Robinson  <crobinso@redhat.com>

	docs: <clock> property is 'offset', not 'sync'

2009-11-04  Gerhard Stenzel  <gstenzel@linux.vnet.ibm.com>

	add MAC address based port filtering to qemu
	* src/qemu/qemu.conf src/qemu/qemu_conf.c src/qemu/qemu_conf.h: there is
	  a new config type option for mac filtering
	* src/qemu/qemu_bridge_filter.[ch]: new module for the ebtable entry points
	* src/qemu/qemu_driver.c: plug the MAC filtering at the right places
	  in the domain life cycle
	* src/Makefile.am po/POTFILES.in: add the new module

	New ebtables module wrapper
	* configure.in: look for ebtables binary location if present
	* src/Makefile.am: add the new module
	* src/util/ebtables.[ch]: new module and internal APIs around
	  the ebtables binary
	* src/libvirt_private.syms: export the symbols only internally

2009-11-04  Cole Robinson  <crobinso@redhat.com>

	test: Implement virDomainPinVcpu

	test: Implement virDomainGetVcpus

	test: Update vcpu runtime info in SetVcpus

	test: Use privateData to track running VM vcpu state

	test: Break out wrapper for setting up started domain state.
	This should be a no op for now, but we will use this function to set up
	transient state in the future.

	test: Fixes for SetVcpus
	- Implement DomainGetMaxVCPUs
	- Use GetMaxVCPUs to validate requested CPU amount
	- Deny the 'hotplug' for a running domain.

	qemu: Remove compiled out localhost migration support
	Pretty sure this would deadlock now that we have proper locking, so
	remove the code.

	storage: conf: Fix memory leak in encryption parsing

	Various error reporting fixes
	- Don't duplicate SystemError
	- Use proper error code in domain_conf
	- Fix a broken error call in qemu_conf
	- Don't use VIR_ERR_ERROR in security driver (isn't a valid code in this case)

	Improve error reporting for virConnectGetHostname calls
	All drivers have copy + pasted inadequate error reporting which wraps
	util.c:virGetHostname. Move all error reporting to this function, and improve
	what we report.
	Changes from v1:
	  Drop the driver wrappers around virGetHostname. This means we still need
	  to keep the new conn argument to virGetHostname, but I think it's worth
	  it.

2009-11-04  Laine Stump  <laine@laine.org>

	Fix improper error return in virInterfaceDefParseProtoIPvX
	* src/conf/interface_conf.c: the code was erronously returning -1
	  in the two functions if <dhcp> is not provided

	Make monitor type (miimon/arpmon) optional in bond xml
	* src/conf/interface_conf.c: lack of one of these in the live xml output
	  was causing the parse in virInterfaceDefParseBond() to fail

	Fix virInterfaceIpDefPtr leak during virInterfaceIpDefFree
	* src/conf/interface_conf.c: forgot to free the structure itself

	Support for IPv6 / multiple addresses per interfaces
	This patch updates the xml parsing and formatting, and the associated
	virInterfaceDef data structure to support IPv6, along the way adding
	support for multiple protocols per interface, and multiple IP
	addresses per protocol.
	* src/conf/interface_conf.[ch]: update the structures, code for parsing
	  and serialization

	Support reporting live interface IP/netmask
	This patch adds the flag VIR_INTERFACE_XML_INACTIVE to
	virInterfaceGetXMLDesc's flags. When it is*not* set (the default), the
	live interface info will be returned in the XML (in particular, the IP
	address(es) and netmask(s) will be retrieved by querying the interface
	directly, rather than  reporting what's in the config file). The
	backend of this is in netcf's ncf_if_xml_state() function.
	* configure.in libvirt.spec.in: requires netcf >= 0.1.3
	* include/libvirt/libvirt.h.in: adds flag VIR_INTERFACE_XML_INACTIVE
	* src/conf/interface_conf.c src/interface/netcf_driver.c src/libvirt.c:
	  update the parsing and backend routines accordingly
	* tools/virsh.c: change interface edit to inactive definition and
	  adds the inactive flag for interface dump

	Make startmode optional in toplevel interface definition
	The minimal XML returned from ncf_if_xml_state() doesn't contain this
	attribute (which makes no sense in the case of reporting current
	status of the interface), and it was preventing it from passing
	through the parse/format step.
	* src/conf/interface_conf.[ch]: add a new virInterfaceStartMode value
	  and modify loading/saving accordingly

2009-11-04  Daniel P. Berrange  <berrange@redhat.com>

	Move libvirtd event loop into background thread
	The virStateInitialize() call for starting up stateful drivers
	may require that the event loop is running already. This it is
	neccessary to start the event loop before this call. At the
	same time, network clients must not be processed until afte
	virStateInitialize has completed.
	The qemudListenUnix() and remoteListenTCP() methods must
	therefore not register file handle watches, merely open the
	network sockets & listen() on them. This means clients can
	connected and are queued, pending completion of initialization
	The qemudRunLoop() method is moved into a background thread
	that is started early to allow access to the event loop during
	driver initialization. The main process thread leader pretty
	much does nothing once the daemon is running, merely waits
	for the event loop thread to quit
	* daemon/libvirtd.c, daemon/libvirtd.h: Move event loop into
	  a background thread
	* daemon/THREADING.txt: Rewrite docs to better reflect reality

2009-11-04  Dan Kenigsberg  <danken@redhat.com>

	give up python interpreter lock before calling cb
	suggested by danpb on irc, patch by danken fixed for proper C syntax
	* python/libvirt-override.c: on event callback release the python
	  interpreter lock and take it again when coming back so that the
	  callback can reinvoke libvirt.

2009-11-03  Laine Stump  <laine@laine.org>

	Allow NULL mac address in virGetInterface
	There are places where an interface will not have a mac address, and netcf
	returns this as a NULL pointer rather than a pointer to an empty string.
	Rather than checking for this all over the place in libvirt, just save it
	in the virInterface object as an empty string.
	* src/datatypes.c: allow NULL mac in virGetInterface()

2009-11-03  Daniel Veillard  <veillard@redhat.com>

	Fix compilation problems
	introduced on commit 9231aa7d9563745c64e4f69afabca65d28bfae25
	* src/qemu/qemu_driver.c: in qemudRemoveDomainStatus fix a reference
	  to an undefined variable buf and free up an allocated string

2009-11-03  Chris Lalancette  <clalance@redhat.com>

	Fix up NLS warnings.
	When building with --disable-nls, I got a few messages like this:
	storage/storage_backend.c: In function 'virStorageBackendCreateQemuImg':
	storage/storage_backend.c:571: warning: format not a string literal and no format arguments
	Fix these up.

	Remove redundant virFileDeletePID() call
	qemudShutdownVMDaemon() calls qemudRemoveDomainStatus(), which
	then calls virFileDeletePID().  qemudShutdownVMDaemon() then
	unnecessarily calls virFileDeletePID() again.  Remove this second
	usage of it, and also slightly refactor qemudRemoveDomainStatus()
	to VIR_WARN appropriate error messages.

2009-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix return value in virStateInitialize impl for LXC
	The LXC driver was mistakenly returning -1 for lxcStartup()
	in scenarios that are not an error. This caused the libvirtd
	to quit for unprivileged users. This fixes the return code
	of LXC driver, and also adds a "name" field to the virStateDriver
	struct and logging to make it easier to find these problems
	in the future
	* src/driver.h: Add a 'name' field to state driver to allow
	  easy identification during failures
	* src/libvirt.c: Log name of failed driver for virStateInit
	  failures
	* src/lxc/lxc_driver.c: Don't return a failure code for
	  lxcStartup() if LXC is not available on this host, simply
	  disable the driver.
	* src/network/bridge_driver.c, src/node_device/node_device_devkit.c,
	  src/node_device/node_device_hal.c, src/opennebula/one_driver.c,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/secret/secret_driver.c, src/storage/storage_driver.c,
	  src/uml/uml_driver.c, src/xen/xen_driver.c: Fill in name
	  field in virStateDriver struct

2009-11-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX: Fix memory leak in list handling functions.
	If an error occurs between the allocation of an item and appending it
	to the list, the item leaks. Free such orphaned items in error cases.
	* src/esx/esx_vi.c: free orphaned items in error cases

	ESX: Don't automatically follow redirects.
	The default transport for the VI API is HTTPS. If the server redirects
	from HTTPS to HTTP the driver would silently follow that redirection.
	The user assumes to communicate with the server over a secure transport
	but isn't.
	This patch disables automatical redirection following. The driver reports
	an error if the server tries to redirect.
	* src/esx/esx_vi.c: refactor the call to curl_easy_perform() into a
	  function and do error handling there, disable automatical redirection
	  following for curl
	* src/esx/esx_vi.h: change the type of responseCode to int

	ESX: Unify naming of VI API utility and convenience functions.
	Unified function naming scheme:
	- 'lookup' functions query the ESX or vCenter for information
	- 'get' functions return information from a local object
	* src/esx/esx_driver.c, src/esx/esx_vi.[ch]: unify function naming

	ESX: Change disk selection for datastore detection.
	In order to register a new virtual machine the ESX driver needs to upload
	a VMX file to a datastore. Try to put this file beside the main VMDK file
	of the virtual machine. Change the disk selection for datastore detection
	to choose the first file-based harddisk instead of just the first disk.
	The first disk may be a CDROM disk and ISO images are normaly not located
	in the virtual machine's directory.
	* src/esx/esx_driver.c: change disk selection for datastore detection

	ESX: Fallback to the preliminary name if the datastore cannot be found.
	This allows to use domain-xml-from-native with VMX files that reference
	unavailable datastores.
	* src/esx/esx_vmx.c: fallback to the preliminary name if the datastore
	  cannot be found

2009-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Rename internal APis
	Rename virDomainIsActive to virDomainObjIsActive, and
	virInterfaceIsActive to virInterfaceObjIsActive and finally
	virNetworkIsActive to virNetworkObjIsActive.
	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/conf/interface_conf.h, src/conf/network_conf.c,
	  src/conf/network_conf.h, src/lxc/lxc_driver.c,
	  src/network/bridge_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/qemu/qemu_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c: Update for
	  renamed APIs.

2009-11-03  Matthew Booth  <mbooth@redhat.com>

	Fix --with-init-script configure option
	* configure.in daemon/Makefile.am: the --with-init-script configure
	  option was broken, and always defaulted based on the existence of
	  /etc/redhat-release. This was a systematic typo based on
	  mixed use of init-script and init-scripts.

2009-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Don't let parent of daemon exit until basic initialization is done
	The daemonizing code lets the parent exit almost immediately. This
	means that it may think it has successfully started even when
	important failures occur like not being able to acquire the PID
	file. It also means network sockets are not yet open.
	To address this when daemonizing the parent passes an open pipe
	file descriptor to the child. The child does its basic initialization
	and then writes a status code to the pipe indicating either success,
	or failure. This ensures that when daemonizing, the parent does not
	exit until the pidfile is acquired & basic network sockets are open.
	Initialization of the libvirt drivers is still done asynchronously
	since this may take a very long time.
	* daemon/libvirtd.c: Force parent to stay around until basic config
	  file, pidfile & network socket init is completed

	Pull signal setup code out into separate method
	* daemon/libvirtd.c: Introduce a daemonSetupSignals() method
	  and put all signal handling code there
	* daemon/libvirtd.h: Add sigread/sigwrite to qemud_server type

2009-11-03  Yuji NISHIDA  <nishidy@nict.go.jp>

	Set KMEMSIZE for OpenVZ domains being defined
	* src/openvz/openvz_driver.c: add a new openvzDomainSetMemoryInternal()
	  function, used to initialize the KMEMSIZE parameter of a container.

2009-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix duplicating logging of errors in libvirtd
	The libvirt default error handling callback will print all errors
	to stderr. The libvirtd default logging callback will do the same.
	Set a no-op error handling callback in libvirtd to prevent this
	duplication
	* daemon/libvirtd.c: Register a no-op error handling function

	Fix initialization order bugs
	virInitialize must be the first libvirt function called to ensure
	threads, error handling & random number generator are all setup.
	Move UNIX socket directory permissions change to place of use

	Misc cleanup to network socket init
	* daemon/libvirtd.c: Change qemudNetworkInit() so that it doesn't try
	to free its argument, leaving the caller todo cleanup as is normal
	practice. Add missing policykit cleanup to qemudCleanup, and remove
	server watch if set. Remove duplicated call to listen() on TCP sockets

	Annotate many methods with ATTRIBUTE_RETURN_CHECK & fix problems
	Nearly all of the methods in src/util/util.h have error codes that
	must be checked by the caller to correct detect & report failure.
	Add ATTRIBUTE_RETURN_CHECK to ensure compile time validation of
	this
	* daemon/libvirtd.c: Add explicit check on return value of virAsprintf
	* src/conf/domain_conf.c: Add missing check on virParseMacAddr return
	  value status & report error
	* src/network/bridge_driver.c: Add missing OOM check on virAsprintf
	  and report error
	* src/qemu/qemu_conf.c: Add missing check on virParseMacAddr return
	  value status & report error
	* src/security/security_selinux.c: Remove call to virRandomInitialize
	  that's done in libvirt.c already
	* src/storage/storage_backend_logical.c: Add check & log on virRun
	  return status
	* src/util/util.c: Add missing checks on virAsprintf/Run status
	* src/util/util.h: Annotate all methods with ATTRIBUTE_RETURN_CHECK
	  if they return an error status code
	* src/vbox/vbox_tmpl.c: Add missing check on virParseMacAddr
	* src/xen/xm_internal.c: Add missing checks on virAsprintf
	* tests/qemuargv2xmltest.c: Remove bogus call to virRandomInitialize()

	Allow for a driver specific private data blob in virDomainObjPtr
	The virDomainObjPtr object stores state about a running domain.
	This object is shared across all drivers so it is not appropriate
	to include driver specific state here. This patch adds the ability
	to request a blob of private data per domain object instance. The
	driver must provide a allocator & deallocator for this purpose
	THis patch abuses the virCapabilitiesPtr structure for storing the
	allocator/deallocator callbacks, since it is already being abused
	for other internal things relating to parsing. This should be moved
	out into a separate object at some point.
	* src/conf/capabilities.h: Add privateDataAllocFunc and
	  privateDataFreeFunc fields
	* src/conf/domain_conf.c: Invoke the driver allocators / deallocators
	  when creating/freeing virDomainObjPtr instances.
	* src/conf/domain_conf.h: Pass virCapsPtr into virDomainAssignDef
	  to allow access to the driver specific allocator function
	* src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/qemu/qemu_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c: Update for
	  change in virDomainAssignDef contract

2009-11-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	Don't use private struct member names of in6_addr
	__in6_u.__u6_addr16 is the private name for this struct member,
	s6_addr16 is the public one
	* src/util/network.c: dont use the private field, but the public one.

2009-11-02  Matthew Booth  <mbooth@redhat.com>

	More network utility functions
	* src/util/network.[ch] Add functions for address->text and get/set
	  port number
	* src/libvirt_private.syms: add new entry points

2009-10-30  Matthew Booth  <mbooth@redhat.com>

	Fix typo in network.c function comments
	* src/util/network.c: fix a few typo

2009-10-30  Daniel Veillard  <veillard@redhat.com>

	Add symbols from new network.h module
	* src/libvirt_private.syms: keep all symbols from network.h private

	Set of new network related utilities
	* src/util/network.h src/util/network.c: utilities to parse network
	  addresses, check netmask and compute ranges

2009-10-30  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Fix configure detection of device mapper
	* configure.in: the PKG_CHECK_MODULES() for it would not work on
	  Ubuntu and SuSE, so add a direct check fallback

2009-10-30  Daniel Veillard  <veillard@redhat.com>

	Remote code caught EINTR making it ininterruptable
	John Levon raised the issue that remoteIOEventLoop() poll call was
	reissued after EINTR was caught making it uninterruptible.
	* src/remote/remote_driver.c: catch EAGAIN instead as suggested by
	  Richard Jones

2009-10-29  Daniel P. Berrange  <berrange@redhat.com>

	Convert virDomainObjListPtr to use a hash of domain objects
	The current virDomainObjListPtr object stores domain objects in
	an array. This means that to find a particular objects requires
	O(n) time, and more critically acquiring O(n) mutex locks.
	The new impl replaces the array with a virHashTable, keyed off
	UUID. Finding a object based on UUID is now O(1) time, and only
	requires a single mutex lock. Finding by name/id is unchanged
	in complexity.
	In changing this, all code which iterates over the array had
	to be updated to use a hash table iterator function callback.
	Several of the functions which were identically duplicating
	across all drivers were pulled into domain_conf.c
	* src/conf/domain_conf.h, src/conf/domain_conf.c: Change
	  virDomainObjListPtr to use virHashTable. Add a initializer
	  method virDomainObjListInit, and rename virDomainObjListFree
	  to virDomainObjListDeinit, since its not actually freeing
	  the container, only its contents. Also add some convenient
	  methods virDomainObjListGetInactiveNames,
	  virDomainObjListGetActiveIDs and virDomainObjListNumOfDomains
	  which can be used to implement the correspondingly named
	  public API entry points in drivers
	* src/libvirt_private.syms: Export new methods from domain_conf.h
	* src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_conf.c, src/openvz/openvz_driver.c,
	  src/qemu/qemu_driver.c, src/test/test_driver.c,
	  src/uml/uml_driver.c, src/vbox/vbox_tmpl.c: Update all code
	  to deal with hash tables instead of arrays for domains

2009-10-29  Mark McLoughlin  <markmc@redhat.com>

	libvirt-devel should only require libvirt-client
	There's a long known issue where if you install libvirt in a guest,
	the default virtual network will conflict with the default virtual
	network in the host.
	That's one of the reasons we have the libvirt-client RPM - it allows
	you to install the client library without having the host side
	installed.
	Rich Jones points out that if you install libvirt-devel in a guest,
	then you get libvirtd installed and the network conflict:
	  https://bugzilla.redhat.com/531200
	libvirt-devel should only require libvirt-client - e.g. nothing in
	the devel package pertains to anything in the libvirt RPM. The Fedora
	packaging guidelines say:
	  https://fedoraproject.org/wiki/Packaging/Guidelines#Devel_Packages
	  Devel packages must require the base package using a fully versioned
	  dependency ...
	But for all intents and purposes, libvirt-client is our base RPM.
	* libvirt.spec.in: make libvirt-devel require libvirt-client

2009-10-28  Cole Robinson  <crobinso@redhat.com>

	virterror: Add a missing 'break' for VIR_ERR_INVALID_SECRET

	qemu: migrate: Don't require manual URI to specify a port
	The xen driver will generate a migration port if only a hostname is passed
	in the optional migrate URI, so let's do the same in qemu.

	Fix p2p migration without a passed uri.

	qemu: Fix an error message in GetVcpus

	test: Support virStorageFindPoolSources
	The results are hardcoded into the test driver, no option to read from a
	testfile is implemented at this time.

	storage: Add ParseSourceString function for use with FindPoolSources.
	This will simplify adding FindPoolSources support to more pool backends in
	the future (as well as the test driver).

	storage: Break out function to add pool source to a SourceList.
	Similar in theory to *AssignDef type functions, this duplicate functionality
	will be used by an future FindPoolSources implementations.

	storage: Break out pool source parsing to a separate function.
	We need to parse a source XML block for FindPoolSources, so this is a step
	in sharing the parsing. The new storage pool XML 2 XML tests cover this area
	pretty well to ensure we aren't causing regressions.

2009-10-28  Chris Lalancette  <clalance@redhat.com>

	Update the documentation for virDomainMigrateToURI

2009-10-28  Paolo Bonzini  <pbonzini@redhat.com>

	Add support for an external TFTP boot server
	This patch adds an optional attribute to the <bootp> tag, that
	allows to specify a TFTP server address other than the address of
	the DHCP server itself.
	This can be used to forward the BOOTP settings of the host down to the
	guest.  This is something that configurations such as Xen's default
	network achieve naturally, but must be done manually for NAT.
	* docs/formatnetwork.html.in: Document new attribute.
	* docs/schemas/network.rng: Add it to schema.
	* src/conf/network_conf.h: Add it to struct.
	* src/conf/network_conf.c: Add it to parser and pretty printer.
	* src/network/bridge_driver.c: Put it in the dnsmasq command line.
	* tests/networkxml2xmlin/netboot-proxy-network.xml
	  tests/networkxml2xmlout/netboot-proxy-network.xml
	  tests/networkxml2xmltest.c: add new tests

2009-10-27  Cole Robinson  <crobinso@redhat.com>

	test: Support virNodeDeviceCreate and virNodeDeviceDestroy

2009-10-27  Dan Kenigsberg  <danken@redhat.com>

	Fix some typos in comments

2009-10-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix problems in the Xen inotify driver.
	In xenInotifyXendDomainsDirLookup() the wrong UUID variable is used
	to search in the config info list.
	In xenInotifyEvent() the event is dispatched if it's NULL.
	Both were introduced in bc898df2c74fe3c8efedfbbd430737bac950e65e.

	Fix error message in qemudLoadDriverConfig()
	* src/qemu/qemu_conf.c: change the error message to refer to
	  'cgroup_controllers' instead of 'cgroup_device_acl'

2009-10-26  Chris Lalancette  <clalance@redhat.com>

	Add a new syntax-check rule for gethostname.
	We should always be using virGetHostname in place of
	gethostname; thus add in a new syntax-check rule to make
	sure no new uses creep in.

	Various syntax-check fixes.
	Make a pass over the syntax-check files, tightening up regex's,
	un-ignoring certain files, and cleaning things up.

	Tighten up nonreentrant syntax-check.
	We can slightly tighten up the regex's used to detect the use of
	nonreentrant functions.  We can also check src/util/virterror.c
	by modifying a comment; I think it's worth it to get the additional
	coverage.

	Replace a gethostname by virGetHostname in libvirtd.c

	Replace two strcmp() by STREQ() in qemu_driver.c

	Replace gethostname by virGetHostname in xend_internal.c

	Remove a completely bogus reference increment in the Xen driver.
	xenUnifiedDomainEventRegister() calls out to
	virDomainEventCallbackListAdd(), which increments the reference
	count on the connection.  That is fine, but then
	xenUnifiedDomainEventRegister() increments the usage count again,
	leading to a usage count leak.  Remove the increment in the xen
	register, and the UnrefConnect in the xen unregister.

	Add a default log_level to qemudSetLogging to remove a build warning.
	(original patch from Charles Duffy)

	Better error message when libvirtd fails to start.

2009-10-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix potential false-positive OOM error reporting.
	If no matching device was found (cap == NULL) then no strdup() call
	was made and *wwnn and *wwpn are untouched. Checking them for NULL
	in this situation may result in reporting an false-positive OOM error
	because *wwnn and *wwpn may be initialized to NULL by the caller.
	Only check *wwnn and *wwpn for NULL if a matching device was found
	(cap != NULL) and thus strdup() was called.
	* src/conf/node_device_conf.c: only report an OOM error if there
	  really is one

2009-10-22  Daniel Veillard  <veillard@redhat.com>

	Consolidate virXPathNodeSet()
	virXPathNodeSet() could return -1 when doing an evaluation failure
	due to xmlXPathEval() from libxml2 behaviour.
	* src/util/xml.c: make sure we always return 0 unless the returned
	  XPath type is of the wrong type (meaning the query passed didn't
	  evaluate to a node set and code must be fixed)

2009-10-21  Richard Jones  <rjones@redhat.com>

	Support QEMU watchdog device.
	This adds simple support for configuring a guest with a QEMU/KVM
	virtual hardware watchdog device.

2009-10-21  Dan Kenigsberg  <danken@redhat.com>

	Do not log rotate very small logs
	Without this, after few weeks without use, each defined domain grows a
	tail of empty gzipped logs, instead of keeping just the last log of
	interest.
	* daemon/libvirtd.logrotate.in: only rotate when the log is over 100 KBytes

2009-10-21  Daniel Veillard  <veillard@redhat.com>

	528575 avoid libvirtd crash on LCX domain autostart
	https://bugzilla.redhat.com/show_bug.cgi?id=528575
	virsh -c lxc:/// autostart vm1
	was crashing the daemon
	* src/lxc/lxc_conf.h src/lxc/lxc_conf.c: initialize the driver
	  autostartDir to avoid a NULL reference and implement autostart for LXC

2009-10-21  Jim Fehlig  <jfehlig@novell.com>

	Fix virsh.c compilation warning
	* tools/virsh.c: call to vshError() containing 'doexit' parameter
	  sneaked in after said parameter was removed

	Fix SELinux linking issues
	* src/Makefile.am: add selinux CFLAGS and linker flags to security driver

2009-10-21  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC implement missing macaddr assignment feature
	Currently MAC address configuration of container veth is just ignored.
	This patch implements the missing feature.
	* src/lxc/veth.c, src/lxc/veth.h: add setMacAddr
	* src/lxc/lxc_driver.c: set macaddr of container veth if specified

2009-10-21  Daniel Veillard  <veillard@redhat.com>

	Fix a make dist error due to wrong EXTRA_DIST paths
	* tests/Makefile.am: networkpoolxml2xmlout and networkpoolxml2xmlin are
	  really networkxml2xmlout and networkxml2xmlin

2009-10-21  Cole Robinson  <crobinso@redhat.com>

	node device: Break out get_wwns and get_parent_node helpers
	These will be used by the test driver, so move them to a shareable space.

	node device: Fix locking issue in virNodeDeviceDestroy
	Certain error paths won't unlock the node device object.

	tests: Centralize VIR_TEST_DEBUG lookup, and document it
	Provide a simple interface for other tests to lookup the testDebug variable.
	Also remove a redundant error message in interface tests.
	If anyone feels inclined to change this env variable to match the existing
	LIBVIRT_* format, it should now be easier to do so.

	tests: Initialize virRandom in for test suite.
	Otherwise any virRandom calls will result in a segfault.

2009-10-19  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus const annotations to hash iterator
	Most of the hash iterators need to modify either payload of
	data args. The const annotation prevents this.
	* src/util/hash.h, src/util/hash.c: Remove const-ness from
	  virHashForEach/Iterator
	* src/xen/xm_internal.c: Remove bogus casts

2009-10-19  Dan Kenigsberg  <danken@redhat.com>

	fix virDomainMigrateToURI doc
	* src/libvirt.c: remove reverences to non existent dconn parameter
	  when using that entry point.

2009-10-19  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC fix virCgroupGetValueStr problem with \n
	A cgroup file returns integer value terminated with '\n' and remaining
	it has sometimes harmful effects, for example it leads virStrToLong_ull
	to fail.
	* src/util/cgroup.c: strip out terminating \n when reading a value

2009-10-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	Remove bashisms from schema tests.
	Introduced in commit 39a7be470cc5477a96a4d53194291bf4c7b07185.
	* tests/*schematest: replace 'source' with '.'
	* tests/schematestutils.sh: remove 'function' keyword and add '()'

2009-10-16  Cole Robinson  <crobinso@redhat.com>

	tests: Add storage volume XML 2 XML tests.

	tests: Add network XML to XML tests.

	schema: Update network schema.
	Make things a bit more readable, and properly handle forward mode 'route'.

	tests: Add XML 2 XML tests for storage pools.
	Move existing schema data to an input directory. Add extra files for more
	thorough XML testing.

	tests: Break out duplicate schema verification functionality.
	All schema tests have identical functionality, so avoid the duplication.

	tests: Fix text output for interface XML 2 XML

2009-10-15  Mark McLoughlin  <markmc@redhat.com>

	Don't copy old machines from a domain which has none
	If the the qemu and kvm binaries are the same, we don't include machine
	types in the kvm domain info.
	However, the code which refreshes the machine types info from the
	previous capabilities structure first looks at the kvm domain's info,
	finds it matches and then copies the empty machine types list over
	for the top-level qemu domain.
	That doesn't make sense, we shouldn't copy an empty machin types list.
	* src/qemu/qemu_conf.c: qemudGetOldMachinesFromInfo(): don't copy an
	  empty machine types list.

2009-10-15  Laine Stump  <laine@laine.org>

	Avoid crash in virBufferEscapeString
	* src/util/buf.c: if virBufferEscapeString was called on a buffer that
	  had 0 bytes of space, a size of -1 will be passed to snprintf, resulting
	  in a segmentation fault, this preallocate some space.

2009-10-14  Jim Fehlig  <jfehlig@novell.com>

	Add ocfs2 to list of fs pool types
	* src/conf/storage_conf.c src/conf/storage_conf.h: extend the enums
	  and values
	* docs/schemas/storagepool.rng: add to the list of storage pool type
	  formats

2009-10-14  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC complement PATH environment variable
	* src/lxc/lxc_driver.c: without PATH, the controller will definitely
	  fail to call ip command

2009-10-14  Chris Lalancette  <clalance@redhat.com>

	Finer grained migration control
	Normally, when you migrate a domain from host A to host B,
	the domain on host A remains defined but shutoff and the domain
	on host B remains running but is a "transient".  Add a new
	flag to virDomainMigrate() to allow the original domain to be
	undefined on source host A, and a new flag to virDomainMigrate() to
	allow the new domain to be persisted on the destination host B.

2009-10-14  Daniel Veillard  <veillard@redhat.com>

	Release of 0.7.2

	Fixing ca.po

	Updated and regenerated localizations
	* de.po ja.po it.po hi.po gu.po or.po mr.po ml.po kn.po ru.po pl.po
	  pa.po te.po ta.po: many updates

2009-10-13  Cole Robinson  <crobinso@redhat.com>

	network: Fix printing XML 'delay' attribute
	When specifying bridge delay via network XML define, we were looking for
	the 'delay' attribute, but would dump the value as 'forwardDelay'. Have
	the output match the expected input (and schema).

2009-10-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix virFileReadLimFD/virFileReadAll to handle EINTR
	The fread_file_lim() function uses fread() but never handles
	EINTR results, causing unexpected failures when reading QEMU
	help arg info. It was unneccessarily using FILE * instead
	of plain UNIX file handles, which prevented use of saferead()
	* src/util/util.c: Switch fread_file_lim over to use saferead
	  instead of fread, remove FILE * use, and rename

2009-10-13  Cole Robinson  <crobinso@redhat.com>

	storage: Fix generating iscsi 'auth' xml
	We were missing a closing tag, so the XML wasn't proper.

	schema: Update storage pool schema.
	- mpath pools weren't listed
	- scsi pools were missing an adapter section
	- iscsi pools were missing an auth section
	- Logical pools do not require a source name to be specified

	remote: Don't print a warning every time a remote call fails
	$ sudo virsh pool-start idontexist
	10:58:18.716: warning : processCallDispatchReply:7612 : Method call error
	error: failed to get pool 'idontexist'
	error: Storage pool not found: no pool with matching name 'idontexist'
	That warning doesn't server much purpose being printed via a virsh call. So
	remove the message.

	storage: Report errors in FindPoolSources

	test: Activate interfaces specified through driver config file.
	This matches the behavior of domains, storage, etc. Also, fix up some
	whitespace issues in the area.

2009-10-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU restore from file in raw format
	The logic for running the decompression programs was broken in
	commit f238709304f9f6c57204cdd943e542cbae38fa5f, so that for
	non-raw formats the decompression program was never run, and
	for raw formats, it tried to exec an argv[] with initial NULL
	in the program name.
	* src/qemu/qemu_driver.c: Fix logic in runing decompression program

2009-10-13  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC fix return code handling in lxcVmStart
	In lxcVmStart we first should not reuse rc for another purpose
	than the return value.
	* src/lxc/lxc_driver.c: don't reuse rc for local procedure calls

2009-10-13  Daniel Veillard  <veillard@redhat.com>

	Add a target for libvirt.devhelp
	* docs/Makefile.am: the lack of a target for devhelp/libvirt.devhelp
	  broke 'make dist'

	Fix a missing % on endif in spec file
	* libvirt.spec.in: missing % broke 'make rpm'

2009-10-12  Mark McLoughlin  <markmc@redhat.com>

	Take domain type into account when looking up default machine
	If one has e.g.
	  <guest>
	    <os_type>hvm</os_type>
	    <arch name='x86_64'>
	      <wordsize>64</wordsize>
	      <emulator>/usr/bin/qemu-system-x86_64</emulator>
	      <machine>pc-0.11</machine>
	      <machine canonical='pc-0.11'>pc</machine>
	      <machine>pc-0.10</machine>
	      <machine>isapc</machine>
	      <domain type='qemu'>
	      </domain>
	      <domain type='kvm'>
	        <emulator>/usr/bin/kvm</emulator>
	        <machine>pc</machine>
	        <machine>isapc</machine>
	      </domain>
	    </arch>
	  </guest>
	and start a guest with:
	  <domain type='kvm'>
	    ...
	    <os>
	      <type arch='x86_64'>hvm</type>
	      ...
	    </os>
	  </domain>
	then the default machine type should be 'pc' and not 'pc-0.11'
	Issue was reported by Anton Protopopov.
	* src/capabilities.[ch]: pass the domain type to
	  virCapabilitiesDefaultGuestArch() and use it to look up the default
	  machine type from a specific guest domain if needed.
	* src/conf/domain_conf.c, src/xen/xm_internal.c: update
	* tests/qemuxml2argvdata/qemuxml2argv-machine-aliases2.xml: update
	  the domain type to 'kvm' and remove the machine type to check
	  that the default gets looked up correctly

	Fix schema to allow missing machine type
	The domain/os/type element may have an arch specified without having
	a machine variant specified. In fact, this is what python-virtinst
	does when defining a guest.
	* docs/schemas/domain.rng: allow missing machine type

2009-10-09  Daniel P. Berrange  <berrange@redhat.com>

	Rewrite example domain events programm for python
	The existing python demo for domain events does not fully
	implement the event loop contract. This makes the code useless
	for real world applications. This change re-writes the demo so
	that it has a full event loop implementation which is suitable
	for application usage & better demonstrates integration
	* examples/domain-events/events-python/event-test.py: Rewrite
	  to include a real world usable event loop implementation

	Remove some auto-generated files
	Removes some auto-generated files still under version control.
	It also moves the rule for generating NEWS into the Makefile.am
	that's in the same directory as the output file to avoid confusion
	* docs/libvirt-api.xml, docs/libvirt-refs.xml, NEWS: Remove
	  auto-generated files from source control
	* Makefile.am: Add rule for generating NEWS file
	* docs/Makefile.am: Remove rule for generating NEWS file

	Support a new peer-to-peer migration mode & public API
	Introduces several new public API options for migration
	 - VIR_MIGRATE_PEER2PEER: With this flag the client only
	   invokes the virDomainMigratePerform method, expecting
	   the source host driver to do whatever is required to
	   complete the entire migration process.
	 - VIR_MIGRATE_TUNNELLED: With this flag the actual data
	   for migration will be tunnelled over the libvirtd RPC
	   channel. This requires that VIR_MIGRATE_PEER2PEER is
	   also set.
	 - virDomainMigrateToURI: This is variant of the existing
	   virDomainMigrate method which does not require any
	   virConnectPtr for the destination host. Given suitable
	   driver support, this allows for all the same modes as
	   virDomainMigrate()
	The URI for VIR_MIGRATE_PEER2PEER must be a valid libvirt
	URI. For non-p2p migration a hypervisor specific migration
	URI is used.
	virDomainMigrateToURI without a PEER2PEER flag is only
	support for Xen currently, and it involves XenD talking
	directly to XenD, no libvirtd involved at all.
	* include/libvirt/libvirt.h.in: Add VIR_MIGRATE_PEER2PEER
	  flag for migration
	* src/libvirt_internal.h: Add feature flags for peer to
	  peer migration (VIR_FEATURE_MIGRATE_P2P) and direct
	  migration (VIR_MIGRATE_PEER2PEER mode)
	* src/libvirt.c: Implement support for VIR_MIGRATE_PEER2PEER
	  and virDomainMigrateToURI APIs.
	* src/xen/xen_driver.c: Advertise support for DIRECT migration
	* src/xen/xend_internal.c: Add TODO item for p2p migration
	* src/libvirt_public.syms: Export virDomainMigrateToURI
	  method
	* src/qemu/qemu_driver.c: Add support for PEER2PEER and
	  migration, and adapt TUNNELLED migration.
	* tools/virsh.c: Add --p2p and --direct args and use the
	  new virDomainMigrateToURI method where possible.

	Re-arrange doTunnelMigrate to simplify cleanup code
	Re-arrange the doTunnelMigrate method putting all non-QEMU local
	state setup steps first. This maximises chances of success before
	then starting destination QEMU for receiving incoming migration.
	Altogether this can reduce the number of goto cleanup labels to
	something more managable.
	* qemu/qemu_driver.c: Re-order steps in doTunnelMigrate

	Separate out code for sending tunnelled data
	Simplify the doTunnelMigrate code by pulling out the code for
	sending all tunnelled data into separate helper
	* qemu/qemu_driver.c: introduce doTunnelSendAll() method

	Pull connection handling code out of doTunnelMigrate
	Simplify the doTunnelMigrate() method by pulling out the code
	which opens/closes the virConnectPtr  object into a parent
	method
	* qemu/qemu_driver.c: Add doPeer2PeerMigrate which then calls
	  doTunnelMigrate with dconn & dom_xml

	Fix stream abort upon I/O failure during migration
	virStreamAbort is needed when the caller wishes to terminate
	the stream early, not when virStreamSend fails.
	* qemu/qemu_driver.c: Fix calling of virStreamAbort during
	  tunnelled migration

	Refactor native QEMU migration code
	The code for tunnelled migration was added in a dedicated method,
	but the native migration code is still inline in the top level
	qemudDomainMigratePerform() API. Move the native code out into
	a dedicated method too to make things more maintainable.
	* src/qemu/qemu_driver.c: Pull code for performing a native
	  QEMU migration out into separate method

	Don't force dconn to be NULL in virDomainMigrate
	The code for tunnelled migration wierdly required the app to pass
	a  NULL 'dconn' parameter, only to have to use virConnectOpen
	itself shortly thereafter to get a 'dconn' object. Remove this
	bogus check & require the app to always pas 'dconn' as before
	* src/libvirt.c: Require 'dconn' for virDomainMigrate calls again
	  and remove call to virConnectOpen

	Remove unneccessary uri_in parameter from virMigratePrepareTunnel
	Since virMigratePrepareTunnel() is used for migration over the
	native libvirt connection, there is never any need to pass the
	target URI to this method.
	* daemon/remote.c, src/driver.h, src/libvirt.c, src/libvirt_internal.h,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/remote/remote_protocol.c, src/remote/remote_protocol.h,
	  src/remote/remote_protocol.x: Remove 'uri_in' parameter from
	  virMigratePrepareTunnel() method

	Move the VIR_DRV_FEATURE* constants
	Move the VIR_DRV_FEATURE* constants into libvirt_internal.h
	since these flags are indicating whether  APIs in the
	libvirt_internal.h file are supported by a driver
	* src/driver.h: Remove VIR_DRV_FEATURE* constants
	* src/libvirt_internal.h: Add VIR_DRV_FEATURE* constants, using
	  an enum instead of #define
	* src/internal.h: pull in libvirt_internal.h

	Fix configure.ac message vertical alignment
	* configure.in: Align messages in configuration summary

2009-10-09  Amy Griffis  <amy.griffis@hp.com>

	LXC add augeas support for config file
	* src/lxc/libvirtd_lxc.aug src/lxc/test_libvirtd_lxc.aug: augeas schemas
	  for lxc.conf
	* src/Makefile.am libvirt.spec.in: glue the new augeas files in

2009-10-08  Amy Griffis  <amy.griffis@hp.com>

	LXC add driver config file lxc.conf
	* src/lxc/lxc.conf: new configuration file, there is currently one
	  tunable "log_with_libvirtd" that controls whether an lxc controller will
	  log only to the container log file, or whether it will honor libvirtd's
	  log output configuration. This provides a way to have libvirtd and its
	  children log to a single file.  The default is to log to the container
	  log file.
	* src/Makefile.am libvirt.spec.in: add the new file
	* src/lxc/lxc_conf.[ch] src/lxc/lxc_driver.c: read the new log value
	  from the configuration file and pass the log informations when
	  starting up a container.

	LXC do not truncate container log files on restart
	* src/lxc/lxc_driver.c: use O_APPEND instead of O_TRUNC when opening
	  the log file on lxcVmStart()

	LXC initialize logging configuration
	* src/lxc/lxc_driver.c src/lxc/lxc_controller.c: before launching the
	  lxc controller, have the lxc driver query the log settings and setup
	  envp[]. This provides the advantage of honoring the actual log
	  configuration instead of only what had been set in the environment.
	  The lxc controller now simply has to call virLogSetFromEnv().

	Add debug for envp[] in virExecWithHook()
	* src/util/util.c: output some debug if caller of virExecWithHook have
	  set envp[]

	Add accessors for logging filters and outputs
	When configuring logging settings, keep more information about the
	output destination. Add accessors to retrieve the filter and output
	settings in the original string form; this to be used to set up
	environment for a child process that also logs.
	* src/util/logging.[ch]: add virLogGetFilters and virLogGetOutputs
	  accessors and modify the internals (including virLogDefineOutput())
	  to save the data needed for the accessors

	Add virFileAbsPath() utility
	* src/util/util.[ch]: Add virFileAbsPath() function to ensure an
	  absolute path for a potentially realtive path.
	* src/libvirt_private.syms: add it in libvirt private symbols

2009-10-08  Jamie Strandboge  <jamie@canonical.com>

	Documentation and examples for SVirt Apparmor driver
	* docs/drvqemu.html.in: include documentation for AppArmor sVirt
	  confinement
	* examples/apparmor/TEMPLATE examples/apparmor/libvirt-qemu
	  examples/apparmor/usr.lib.libvirt.virt-aa-helper
	  examples/apparmor/usr.sbin.libvirtd: example templates and
	  configuration files for SVirt Apparmor when using KVM/QEmu

	sVirt AppArmor security driver
	* configure.in: look for AppArmor and devel
	* src/security/security_apparmor.[ch] src/security/security_driver.c
	  src/Makefile.am: add and plug the new driver
	* src/security/virt-aa-helper.c: new binary which is used exclusively by
	  the AppArmor security driver to manipulate AppArmor.
	* po/POTFILES.in: registers the new files
	* tests/Makefile.am tests/secaatest.c tests/virt-aa-helper-test:
	  tests for virt-aa-helper and the security driver, secaatest.c is
	  identical to seclabeltest.c except it initializes the 'apparmor'
	  driver instead of 'selinux'

2009-10-08  Cole Robinson  <crobinso@redhat.com>

	cgroup: Fix -Werror breakage

2009-10-08  Daniel P. Berrange  <berrange@redhat.com>

	Misc win32 build fixes
	* daemon/Makefile.am: Fix missing sasl rule
	* src/datatypes.c: Add unistd.h to avoid gnulib bug
	* src/util/cgroup.c: Disable mntent if not available

2009-10-07  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Fix handling return value of qemuMonitorSetBalloon
	* src/qemu/qemu_driver.c: The positive return value of
	  qemuMonitorSetBalloon should be handled as a success

	LXC implement memory control APIs
	The patch implements the missing memory control APIs for lxc, i.e.,
	domainGetMaxMemory, domainSetMaxMemory, domainSetMemory, and improves
	domainGetInfo to return proper amount of used memory via cgroup.
	* src/libvirt_private.syms: Export virCgroupGetMemoryUsage
	  and add missing virCgroupSetMemory
	* src/lxc/lxc_driver.c: Implement missing memory functions
	* src/util/cgroup.c, src/util/cgroup.h: Add the function
	  to get used memory

2009-10-07  Jamie Strandboge  <jamie@canonical.com>

	Add a domain argument to SVirt *RestoreImageLabel
	When James Morris originally submitted his sVirt patches (as seen in
	libvirt 0.6.1), he did not require on disk labelling for
	virSecurityDomainRestoreImageLabel. A later commit[2] changed this
	behavior to assume on disk labelling, which halts implementations for
	path-based MAC systems such as AppArmor and TOMOYO where
	vm->def->seclabel is required to obtain the label.
	* src/security/security_driver.h src/qemu/qemu_driver.c
	  src/security/security_selinux.c: adds the 'virDomainObjPtr vm'
	  argument back to *RestoreImageLabel

2009-10-07  Chris Lalancette  <clalance@redhat.com>

	Fix up "make check"
	While running make check, I noticed that it was actually using
	the virsh binary from my system, in /usr/bin/virsh, and not the
	one that was just compiled.  This is actually caused by a bug
	in Makefile.am, where we didn't update the PATH to include tools.
	While here, I also updated all of the scripts to properly define
	the srcdir, abs_top_srcdir, and abs_top_builddir environment
	variables.  This is required if you want to be able to run the
	tests standalone (i.e. ./test instead of from make check).  I've
	tested this on both RHEL-5 and Fedora-10 machines, and make check
	works on both, as does running the individual tests by hand.

2009-10-06  Mark McLoughlin  <markmc@redhat.com>

	Create /var/log/libvirt/{lxc,uml} dirs
	Otherwise logrotate barfs:
	  error: error accessing /var/log/libvirt/uml: No such file or directory
	  error: libvirtd:1 glob failed for /var/log/libvirt/uml/*.log
	  error: found error in /var/log/libvirt/qemu/*.log /var/log/libvirt/uml/*.log /var/log/libvirt/lxc/*.log , skipping
	* qemud/Makefile.am: always create /var/log/libvirt/{lxc,uml} when
	  installing the logrotate conf; not ideal, but easier than making
	  the logrotate conf depend on which drivers are enabled

2009-10-06  Daniel P. Berrange  <berrange@redhat.com>

	Fix rebuilding of devhelp files
	The devhelp/ directory files depend on libvirt-api.xml being
	uptodate, but automake always processes SUBDIRS before the
	current directory. So devhelp would be built and then the
	libvirt-api.xml re-build, invalidating the devhelp data again.
	To fix this all the rules for devhelp are moved directly
	into the docs/Makefile.am allowing make to see the global
	dependancy chain and thus build things in the correct order
	* docs/Makefile.am: Add rules for devhelp rebuild
	* docs/devhelp/Makefile.am: Remove devhelp rebuild
	* configure.in: Remove docs/devhelp/Makefile.am

	Fix ordering of <exports> in API description file
	* docs/apibuild.py: Make uniq() function sort keys before returning
	  them to ensure consitent ordering of <exports> in XML file

2009-10-06  Cole Robinson  <crobinso@redhat.com>

	test: Support loading node device info from file/XML
	Also add some XML examples.

	node conf: Make parsing routines consistent with other drivers
	Add virNodeDeviceParseFile, and make virNodeDeviceParseNode non-static. These
	will be used by the test driver.

	test: Implement node device driver.
	Add a simple 'computer' device for the default driver. Only implement
	the basic calls, no creation or destroy happening.

	nodedev: Break out virNodeDeviceHasCap to node_conf
	Will be used by test driver node device implementation.

	nodedev: Add locking in nodeNumOfDevices

	test: Throw a proper error in GetBridgeName
	Throw error in GetBridgeName if net has no bridge.

	python: Add a newline after custom classes
	In the generated bindings, custom classes are squashed against the following
	class, which hurts readability.

	python: Fix generated virInterface method names
	A mistake in the generator was causing virInterface methods to be generated
	with unpredicatable names ('ceUndefine', instead of just 'undefine'). This
	fixes the method names to match existing convention.
	Does anyone care if we are breaking API compat? My guess is that no one is
	using the python interface bindings yet.

	python: Use a pure python implementation of 'vir*GetConnect'
	The API docs explictly warn that we shouldn't use the C vir*GetConnect calls
	in bindings: doing so can close the internal connection pointer and cause
	things to get screwy. Implement these calls in python.

	python: Don't generate bindings for vir*Ref
	They are only for use in implementing the bindings, so shouldn't be
	exposed to regular API users.

	python: Don't generate conflicting conn.createXML functions.
	A special case in the generator wasn't doing its job, and duplicate
	conn.createXML functions were being generated. The bindings diff is:
	@@ -1079,14 +1079,6 @@ class virConnect:
	         return __tmp
	     def createXML(self, xmlDesc, flags):
	-        """Create a new device on the VM host machine, for example,
	-           virtual HBAs created using vport_create. """
	-        ret = libvirtmod.virNodeDeviceCreateXML(self._o, xmlDesc, flags)
	-        if ret is None:raise libvirtError('virNodeDeviceCreateXML() failed', conn=self)
	-        __tmp = virNodeDevice(self, _obj=ret)
	-        return __tmp
	-
	-    def createXML(self, xmlDesc, flags):
	         """Launch a new guest domain, based on an XML description
	           similar to the one returned by virDomainGetXMLDesc() This
	           function may requires privileged access to the hypervisor.
	@@ -1327,6 +1319,14 @@ class virConnect:
	         __tmp = virNetwork(self, _obj=ret)
	         return __tmp
	+    def nodeDeviceCreateXML(self, xmlDesc, flags):
	+        """Create a new device on the VM host machine, for example,
	+           virtual HBAs created using vport_create. """
	+        ret = libvirtmod.virNodeDeviceCreateXML(self._o, xmlDesc, flags)
	+        if ret is None:raise libvirtError('virNodeDeviceCreateXML() failed', conn=self)
	+        __tmp = virNodeDevice(self, _obj=ret)
	+        return __tmp
	+
	     def nodeDeviceLookupByName(self, name):
	         """Lookup a node device by its name. """
	         ret = libvirtmod.virNodeDeviceLookupByName(self._o, name)

	python: Remove use of xmllib in generator.py
	xmllib has been deprecated since python 2.0, and running the generator throws
	a warning. Move to using xml.sax

	python: Remove FastParser from generator.
	FastParser uses sgmlop, a non-standard python module meant as a replacement
	for xmllib (which is deprecated since python 2.0). Fedora doesn't even carry
	this module, and the generator doesn't have high performance requirements, so
	just rip the code out.

	configure: Add explict --with-python option.
	--with-python currently already works for enabling/disabling the python
	bindings, but doesn't show up in the help output.

2009-10-05  Daniel Veillard  <veillard@redhat.com>

	526769 change logrotate config default to weekly
	* daemon/libvirtd.logrotate.in: change to weekly rotation of logs,
	  keep a month worth of data and also extend to cover LXC and UML
	  domain logs

2009-10-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in Makefile.am breaking NEWS file generation
	* docs/Makefile.am: Fix syntax error in NEWS rule, '$' should be '$$'
	  to escape correctly

	Fix emission of domain events messages
	The code which updated the message length after writing the
	payload wrote the updated length word in the wrong place since
	the XDR object was given a buffer pointing to the start of the
	header payload, rather than message start.
	* daemon/remote.c: Fix updating of event message length so that
	  we actually send the payload, not just the header

2009-10-02  Paolo Bonzini  <pbonzini@redhat.com>

	unbreak `make rpcgen'
	Fix "make rpcgen", broken by the directory reorganization.
	* src/Makefile.am (rpcgen): Fix path to rpcgen_fix.pl.

	unbreak migration
	Fix migration, broken in two different ways by the QEMU monitor
	abstraction.  Note that the QEMU console emits a "\r\n" as the
	line-ending.
	* src/qemu/qemu_monitor_text.c (qemuMonitorGetMigrationStatus):
	Fix "info migrate" command and its output's parsing.

2009-10-02  Chris Lalancette  <clalance@redhat.com>

	Tunnelled migration.
	Implementation of tunnelled migration, using a Unix Domain Socket
	on the qemu backend.  Note that this requires very new versions of
	qemu (0.10.7 at least) in order to get the appropriate bugfixes.

2009-10-01  Jiri Denemark  <jdenemar@redhat.com>

	Fix build in separate build directory
	* cfg.mk: use $(srcdir)/ prefix for Makefile.nonreentrant include
	* examples/domain-events/events-c/Makefile.am tools/Makefile.am
	  examples/hellolibvirt/Makefile.am: extend the include paths to
	  use $(top_srcdir)/include too.

2009-10-01  Paolo Bonzini  <pbonzini@redhat.com>

	Fix documentation and comment typos
	Fix a few mispellings :-) of "successfully" and regenerate
	docs/libvirt-*.xml.
	* src/libvirt.c: Fix typos.
	* src/secret/secret_driver.c: Fix typos.
	* docs/libvirt-api.xml: Regenerate.
	* docs/libvirt-refs.xml: Regenerate.

2009-10-01  Chris Lalancette  <clalance@redhat.com>

	Various monitor improvements for migration.
	The upcoming tunnelled migration needs to be able to set
	a migration in progress in the background, as well as
	be able to cancel a migration when a problem has happened.
	This patch allows for both of these to properly work.

2009-10-01  Mark McLoughlin  <markmc@redhat.com>

	Fix USB device re-labelling
	A simple misplaced break out of a switch results in:
	  libvir: error : Failed to open file '/sys/bus/pci/devices/0000:00:54c./vendor': No such file or directory
	  libvir: error : Failed to open file '/sys/bus/pci/devices/0000:00:54c./device': No such file or directory
	  libvir: error : this function is not supported by the hypervisor: Failed to read product/vendor ID for 0000:00:54c.
	when trying to passthrough a USB host device to qemu.
	* src/security_selinux.c: fix a switch/break thinko

2009-10-01  Daniel Veillard  <veillard@redhat.com>

	Avoid a libvirtd crash on broken input 523418
	* src/conf/domain_conf.c: a simple typo in an XML domain file could lead
	  to a crash, because we called STRPREFIX() on the looked up value without
	  checking it was non-null.

2009-10-01  Florian Vichot  <florian.vichot@diateam.net>

	Incorrect error message in virDomainNetDefParseXML
	* src/conf/domain_conf.c: when declaring a <interface type="bridge">
	  tag, <source> needs a "bridge" attribute, but the parser complains
	  about a missing "dev" attribute.

2009-09-30  Daniel Veillard  <veillard@redhat.com>

	Fix a few 'make rpm' breakages
	* Makefile.am: examples/domain-events/events-python should be added
	  to dist tarball
	* libvirt.spec.in: there is no makefile in domain-events but in
	  domain-events/events-c and python/libvirtclass.txt has vanished

	523639 Allows a <description> tag for domains
	* docs/schemas/domain.rng: allow one <description> tag in the top level
	  of the <domain> to store user information as text
	* src/conf/domain_conf.c src/conf/domain_conf.h: extend the structure
	  to store this text, grab it at parse time and save it back when
	  present after <uuid>

2009-09-30  Chris Lalancette  <clalance@redhat.com>

	Add src/util/storage_file.c to the POTFILES.in.

	Add a qemu feature flag for unix socket migration.

	Pass remote_message_header to the dispatch functions.
	This is necessary for the dispatch functions to be able to use
	streams in the future.

	Let remoteClientStream only do RX if requested.
	Right now, the stream stuff assumes that a stream is always
	going to be used for transmit.  This is not the case, and in
	fact doesn't work with the tunnelled migration stuff.  Add
	a flag to remoteClientStream() to allow it to do RX only.

	Fix up a few typos in the tree.

	Fix up some warnings from stream DEBUG statements.

2009-09-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix apibuild.py warnings
	Function comments for virStreamEvent{Add,Update,Remove}Callback() are
	missing a trailing ':'. Therefore apibuild.py fails to parse the comment
	and warns about the missing ':'.
	* docs/libvirt-api.xml, docs/libvirt-refs.xml: updated by apibuild.py
	* src/libvirt.c: add missing ':' in function comments

	Change signature of remoteSendStreamData() to fix compile warning
	The actual type of size_t is architecture dependent. Because the len
	parameter is used as unsigned int in remoteSendStreamData(), change its
	type to unsigned int.
	* daemon/dispatch.[ch]: change size_t to unsigned int for
	  remoteSendStreamData()

2009-09-30  Mark McLoughlin  <markmc@redhat.com>

	Re-label image file backing stores
	Use virStorageFileGetMetadata() to find any backing stores for images
	and re-label them
	Without this, qemu cannot access qcow2 backing files, see:
	  https://bugzilla.redhat.com/497131
	* src/security/security_selinux.c: re-label backing store files in
	  SELinuxSetSecurityImageLabel()

	Add virStorageFileGetMetadata() helper
	* src/util/storage_file.c: add virStorageFileGetMetadata() so that
	  the caller does not need to open the file

	Move virStorageGetMetadataFromFD() to libvirt_util
	Finally, we get to the point of all this.
	Move virStorageGetMetadataFromFD() to virStorageFileGetMetadataFromFD()
	and move to src/util/storage_file.[ch]
	There's no functional changes in this patch, just code movement
	* src/storage/storage_backend_fs.c: move code from here ...
	* src/util/storage_file.[ch]: ... to here
	* src/libvirt_private.syms: export virStorageFileGetMetadataFromFD()

	Introduce virStorageFileMetadata structure
	Introduce a metadata structure and make virStorageGetMetadataFromFD()
	fill it in.
	* src/util/storage_file.h: add virStorageFileMetadata
	* src/backend/storage_backend_fs.c: virStorageGetMetadataFromFD() now
	  fills in the virStorageFileMetadata structure

	Split virStorageGetMetadataFromFD() from virStorageBackendProbeTarget()
	Prepare the code probing a file's format and associated metadata for
	moving into libvirt_util.
	* src/storage/storage_backend_fs.c: re-factor the format and metadata
	  probing code in preparation for moving it

	Move file format enum to libvirt_util
	Rename virStorageVolFormatFileSystem to virStorageFileFormat and
	move to src/util/storage_file.[ch]
	* src/Makefile.am: add src/util/storage_file.[ch]
	* src/conf/storage_conf.[ch]: move enum from here ...
	* src/util/storage_file.[ch]: .. to here
	* src/libvirt_private.syms: update To/FromString exports
	* src/storage/storage_backend.c, src/storage/storage_backend_fs.c,
	  src/vbox/vbox_tmpl.c: update for above changes

2009-09-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix memory leaks in libvirtd's message processing
	Commit 47cab734995fa9521b1df05d37e9978eedd8d3a2 changed the way how
	qemud_client_message objects were reused. Before this commit
	remoteDispatchClientRequest() reused the received message for normal responses
	and to report non-fatal errors. If a fatal error occurred qemudWorker() frees
	the message. After this commit non-fatal errors are reported by
	remoteSerializeReplyError() using a new qemud_client_message object and the
	original message leaks.
	To fix this leak the original message has to be freed if
	remoteSerializeReplyError() succeeds. If remoteSerializeReplyError()
	fails the original message is freed in qemudWorker().
	* daemon/dispatch.c: free qemud_client_message objects that will not be reused
	  and would leak otherwise, also free the allocated qemud_client_message object
	  in remoteSerializeError() if an error occurs

2009-09-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU test suite with new VNC env variable
	* qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args,
	  qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args,
	  qemuxml2argvdata/qemuxml2argv-graphics-vnc.args,
	  qemuxml2argvdata/qemuxml2argv-input-xen.args: Add in
	  QEMU_AUDIO_DRV=none env variable

2009-09-29  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox vboxDomainDestroy forgot to wait for completion
	* src/vbox/vbox_tmpl.c: the vboxDomainDestroy forgot to wait for
	  completion of the PowerDown command

2009-09-29  Daniel P. Berrange  <berrange@redhat.com>

	Remove hand-crafted UUID parsers
	* src/libvirt.c: Remove hand-crafted UUID parsers in favour of
	  calling virParseUUID

	Allow control over QEMU audio backend
	When using VNC for graphics + keyboard + mouse, we shouldn't
	then use the host OS for audio. Audio should go back over
	VNC.
	When using SDL for graphics, we should use the host OS for
	audio since that's where the display is. We need to allow
	certain QEMU env variables to be passed through to guest
	too to allow choice of QEMU audio backend.
	* qemud/libvirtd.sysconf: Mention QEMU/SDL audio env vars
	* src/qemu_conf.c: Passthrough QEMU/SDL audio env for SDL display,
	  disable host audio for VNC display

	Handle data streams in remote client
	* src/remote_internal.c: Add helper APIs for processing data streams

	Handle outgoing data streams in libvirtd
	* daemon/dispatch.c: Set streamTX flag on outgoing data packets
	* daemon/qemud.h: Add streamTX flag to track outgoing data
	* daemon/qemud.c: Re-enable further TX when outgoing data packet
	  has been fully sent.
	* daemon/stream.h, daemon/stream.c: Add method for enabling TX.
	  Support reading from streams and transmitting data out to client

	Handle incoming data streams in libvirtd
	* daemon/stream.c: Handle incoming stream data packets, queuing until
	  stream becomes writable. Handle stream completion handshake
	* po/POTFILES.in: Add daemon/stream.c

	Helper functions for processing data streams in libvirtd
	Defines the extensions to the remote protocol for generic
	data streams. Adds a bunch of helper code to the libvirtd
	daemon for working with data streams.
	* daemon/Makefile.am: Add stream.c/stream.h to build
	* daemon/stream.c, qemud/stream.h: Generic helper functions for
	  creating new streams, associating streams with clients, finding
	  existing streams for a client and removing/deleting streams.
	* src/remote/remote_protocol.x: Add a new 'REMOTE_STREAM' constant
	  for the 'enum remote_message_type' for encoding stream data
	  in wire messages. Add a new 'REMOTE_CONTINUE' constant to
	  'enum remote_message_status' to indicate further data stream
	  messsages are expected to follow.  Document how the
	  remote_message_header is used to encode data streams
	* src/remote/remote_protocol.h: Regenerate
	* daemon/dispatch.c: Remove assumption that a error message
	  sent to client is always type=REMOTE_REPLY. It may now
	  also be type=REMOTE_STREAM. Add convenient method for
	  sending outgoing stream data packets. Log and ignore
	  non-filtered incoming stream packets. Add a method for
	  serializing a stream error message
	* daemon/dispatch.h:  Add API for serializing stream errors
	  and sending stream data packets
	* daemon/qemud.h: Add struct qemud_client_stream for tracking
	  active data streams for clients. Tweak filter function
	  operation so that it accepts a client object too.
	* daemon/qemud.c: Refactor code for free'ing message objects
	  which have been fully transmitted into separate method.
	  Release all active streams when client shuts down. Change
	  filter function to be responsible for queueing the message

	Add public API definition for data stream handling
	* include/libvirt/libvirt.h.in: Public API contract for
	  virStreamPtr object
	* src/libvirt_public.syms: Export data stream APIs
	* src/libvirt_private.syms: Export internal helper APIs
	* src/libvirt.c: Data stream API driver dispatch
	* src/datatypes.h, src/datatypes.c: Internal helpers for virStreamPtr
	  object
	* src/driver.h: Define internal driver API for streams
	* .x-sc_avoid_write: Ignore src/libvirt.c because it trips
	  up on comments including write()
	* python/Makefile.am: Add libvirt-override-virStream.py
	* python/generator.py: Add rules for virStreamPtr class
	* python/typewrappers.h, python/typewrappers.c: Wrapper
	  for virStreamPtr
	* docs/libvirt-api.xml, docs/libvirt-refs.xml: Regenerate
	  with new APIs

2009-09-29  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Vbox call OpenHardDisk with "" instead of NULL
	* src/vbox/vbox_tmpl.c: UTF-16 fixed version of Florian Vichot initial
	  patch

2009-09-29  Jim Fehlig  <jfehlig@novell.com>

	Avoid double free in errors in virsh
	* tools/virsh.c: it was possible to get vshDeinit to call itself back
	  via vshError, remove the doexit parameter of vshError to avoid the
	  possibility and make sure to exit directly after in those case.

2009-09-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash in device hotplug cleanup code
	* src/qemu/qemu_driver.c: Fix crash in scenario where XML
	  parsing of hotplugged device failed & thus 'dev' is NULL

	Standardize debugging messages in QEMU monitor code
	* src/qemu/qemu_monitor_text.c: Always print command and reply
	  in qemuMonitorCommandWithHandler. Print all args in each monitor
	  command API & remove redundant relpy printing

	Remove low level monitor APIs from header file
	* src/qemu/qemu_monitor_text.h: Remove qemudMonitorCommand,
	  qemudMonitorCommandWithFd, qemudMonitorCommandWithHandler,
	  qemudMonitorCommandExtra low level APIs
	* src/qemu/qemu_monitor_text.c: Replace s/qemud/qemuMonitor/

	Add API for issuing 'host_net_remove' monitor command
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add new
	  qemuMonitorRemoveHostNetwork() command for removing host
	  networks
	* src/qemu/qemu_driver.c: Convert NIC hotplug methods over
	  to use qemuMonitorRemoveHostNetwork()

	Add API for issuing 'host_net_add' monitor command
	* src/qemu/qemu_conf.h, src/qemu/qemu_conf.c: Remove prefix arg
	  from qemuBuildHostNetStr which is no longer required
	* src/qemu/qemu_driver.c: Refactor to use qemuMonitorAddHostNetwork()
	  API for adding host network
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorAddHostNetwork() method for adding host networks

	Add API for issuing 'pci_add nic' monitor command
	* src/qemu/qemu_conf.c: Remove separator from qemuBuildNicStr()
	  args, and remove hardcoded 'nic' prefix. Leave it upto callers
	  instead
	* src/qemu/qemu_driver.c: Switch over to using the new
	  qemuMonitorAddPCINetwork() method for NIC hotplug
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorAddPCINetwork API for PCI network device hotplug

	Add API for issuing 'getfd' and 'closefd' monitor commands
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorCloseFileHandle and qemuMonitorSendFileHandle
	  APIs for processing file handles
	* src/qemu/qemu_driver.c: Convert NIC hotplug method over to
	  use   qemuMonitorCloseFileHandle and qemuMonitorSendFileHandle

	Add API for issuing 'pci_add storage' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  API qemuMonitorAddPCIDisk()
	* src/qemu/qemu_driver.c: Convert over to using the new
	  qemuMonitorAddPCIDisk() method, and remove now obsolete
	  qemudEscape() method

	Add API for issuing 'pci_del' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new API
	  qemuMonitorRemovePCIDevice() for removing PCI device
	* src/qemu/qemu_driver.c: Convert all places removing PCI devices
	  over to new qemuMonitorRemovePCIDevice() API

	Add API for issuing 'pci_add host' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  API qemuMonitorAddPCIHostDevice()
	* src/qemu/qemu_driver.c: Switch to using qemuMonitorAddPCIHostDevice()
	  for PCI host device hotplug

	Add APIs for sending 'usb_add' command for host devices
	One API adds an exact device based on bus+dev, the other adds
	any device matching vendor+product
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorAddUSBDeviceExact() and qemuMonitorAddUSBDeviceMatch()
	  commands.
	* src/qemu/qemu_driver.c: Switch over to using the new
	    qemuMonitorAddUSBDeviceExact() and qemuMonitorAddUSBDeviceMatch()

	Add API for using 'usb_add' for disk devices
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorAddUSBDisk() API
	* src/qemu/qemu_driver.c: Switch USB disk hotplug to the new
	  src/qemu/qemu_driver.c API.

	Add API for issuing 'migrate' command with exec protocol
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorMigrateToCommand() API
	* src/qemu/qemu_driver.c: Switch over to using the
	  qemuMonitorMigrateToCommand() API for core dumps and save
	  to file APIs

	Add API for issuing a 'migrate' monitor command for TCP
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new API
	  qemuMonitorMigrateToHost() for doing TCP migration
	* src/qemu/qemu_driver.c: Convert to use qemuMonitorMigrateToHost().
	  Also handle proper URIs (tcp:// as well as tcp:)

	Add API for running 'info migration' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorGetMigrationStatus() command.
	* src/qemu/qemu_driver.c: Use new qemuMonitorGetMigrationStatus()
	  command to check completion status.

	Add API for issuing the 'migrate_set_speed' monitor command
	* src/qemu/qemu_driver.c: Use new qemuMonitorSetMigrationSpeed()
	  API during migration
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add new
	  qemuMonitorSetMigrationSpeed() API

	Add API for issuing 'info blockstats' command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add a new
	  qemuMonitorGetBlockStatsInfo() command
	* src/qemu/qemu_driver.c: Remove directly use of blockstats in
	  favour of calling qemuMonitorGetBlockStatsInfo()

	Add APIs for issuing 'memsave' and 'pmemsave' monitor commands
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add new APIs
	  qemuMonitorSaveVirtualMemory() and qemuMonitorSavePhysicalMemory()
	* src/qemu/qemu_driver.c: Use the new qemuMonitorSaveVirtualMemory()
	  and qemuMonitorSavePhysicalMemory() APIs

	Add APIs for issuing 'eject' and 'change dev' monitor commands
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new APis
	  qemuMonitorChangeMedia and qemuMonitorEjectMedia. Pull in code
	  for qemudEscape
	* src/qemu/qemu_driver.c: Remove code that directly issues 'eject'
	  and 'change' commands in favour of API calls.

	Add API for issuing 'balloon' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorSetBalloon() based on existing code in
	  qemudDomainSetMemoryBalloon
	* src/qemu/qemu_driver.c: Remove use of qemudDomainSetMemoryBalloon()
	  in favour of qemuMonitorSetBalloon(). Fix error code when balloon
	  is not supported

	Add API for running 'info balloon' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Pull old
	  qemudDomainGetMemoryBalloon() code into a new method called
	  qemuMonitorGetBalloonInfo()
	* src/qemu/qemu_driver.c: Update to call qemuMonitorGetBalloonInfo()
	  and remove qemudDomainGetMemoryBalloon().

	Add API for the 'system_powerdown' monitor command
	* src/qemu/qemu_driver.c: Remove use of 'system_powerdown'
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add a new
	  qemuMonitorSystemPowerdown() api call

	Add API for 'stop' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add a new
	  qemuMonitorStopCPUs() API
	* src/qemu/qemu_driver.c: Replace direct monitor commands for 'stop'
	  with qemuMonitorStopCPUs()

	Rename qemudMonitorSendCont to qemuMonitorStartCPUs
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Rename
	  Rename qemudMonitorSendCont to qemuMonitorStartCPUs
	* src/qemu/qemu_driver.c: Update callers for new name

	Add API for 'change vnc password' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add a
	  new qemuMonitorSetVNCPassword() API
	* src/qemu/qemu_driver.c: Refactor qemudInitPasswords to
	  call qemuMonitorSetVNCPassword()

	Add API for 'info cpus' monitor command
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add a new
	  qemuMonitorGetCPUInfo() command
	* src/qemu/qemu_driver.c: Refactor qemudDetectVcpuPIDs to
	  use qemuMonitorGetCPUInfo()

	Pull QEMU monitor interaction out to separate file
	Pull out all the QEMU monitor interaction code to a separate
	file. This will make life easier when we need to drop in a
	new implementation for the forthcoming QMP machine friendly
	monitor support.
	Next step is to add formal APIs for each monitor command,
	and remove direct commands for sending/receiving generic
	data.
	* src/Makefile.am: Add qemu_monitor.c to build
	* src/qemu/qemu_driver.c: Remove code for monitor interaction
	* src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: New
	  file for monitor interaction
	* po/POTFILES.in: Add src/qemu/qemu_monitor_text.c

2009-09-29  Laine Stump  <laine@laine.org>

	Maintain value of ctxt->node in virInterfaceDefParseDhcp
	* src/conf/interface_conf.c: This was causing subsequent calls to
	  virXPathxxx() to fail, since ctxt->node was left pointing at the
	  dhcp node, rather than the protocol node.

2009-09-29  Daniel Veillard  <veillard@redhat.com>

	Fix some XPath relative node resets
	* src/util/xml.c: The virXPath... function take extra care to preserve
	  the XPath context node (ctxt->node) but in the case of virXPathString
	  and virXPathBoolean they forgot to do this on the error path. This
	  patch fixes this and move all ctxt->node = relnode instuctions just
	  after the xmlXPathEval() to make sure this doesn't happen if this code
	  is modified.

2009-09-29  Mark McLoughlin  <markmc@redhat.com>

	util.h needs libvirt.h for virConnectPtr
	Seems standard to include internal.h in order to pull in libvirt.h
	* src/util/util.h: include internal.h

2009-09-28  Daniel P. Berrange  <berrange@redhat.com>

	Don't require full daemon install for libvirt python bindings
	* libvirt.spec.in: libvirt-python only needs to depend on
	  libvirt-clients

	Fix API doc extractor to stop munging comment formatting
	The python method help docs are copied across from the C
	funtion comments, but in the process all line breaks and
	indentation was being lost. This made the resulting text
	and code examples completely unreadable. Both the API
	doc extractor and the python generator were destroying
	whitespace & this fixes them to preserve it exactly.
	* docs/apibuild.py: Preserve all whitespace when extracting
	  function comments. Print function comment inside a <![CDATA[
	  section to fully preserve all whitespace. Look for the
	  word 'returns' to describe return values, instead of 'return'
	  to avoid getting confused with code examples including the
	  C 'return' statement.
	* python/generator.py: Preserve all whitespace when printing
	  function help docs
	* src/libvirt.c: Change any return parameter indicated by
	  'return' to be 'returns', to avoid confusing the API extractor
	* docs/libvirt-api.xml: Re-build for fixed descriptions

2009-09-24  Mark McLoughlin  <markmc@redhat.com>

	Fix cdub's surname spelling

2009-09-24  Daniel Veillard  <veillard@redhat.com>

	Added Matthias Bolte as commiter

2009-09-24  Charles Duffy  <charles@dyfis.net>

	Fix secret_driver compile warning, bug.
	Set def to NULL in secretLoad(), otherwise we can access a
	random pointer on error.

	Fix unitialized variable in qemudDomainDetachHostPciDevice()
	* src/qemu/qemu_driver.c: initialize detach var

2009-09-24  Mark McLoughlin  <markmc@redhat.com>

	Fix a typo in virNetHasValidPciAddr() too
	* src/conf/domain_conf.h: check domain/bus/slot, not domain/domain/slot

2009-09-24  Jiri Denemark  <jdenemar@redhat.com>

	Fix a typo in virDiskHasValidPciAddr()

2009-09-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX: Check if a datastore is accessible first
	An inaccessible datastore has no valid URL property so don't
	access its URI property.
	* src/esx/esx_vi.c: esxVI_LookupDatastoreByName(): check if datastore is
	  accessible before accessing its URL property
	* src/esx/esx_vmx.c: update to changed datastore properties

	ESX remove phantom mode
	* src/esx/esx_driver.c: remove phantom mode

	ESX replace esxUtil_EqualSuffix() with virFileHasSuffix()
	* src/esx/esx_util.[ch]: remove esxUtil_EqualSuffix()
	* src/esx/esx_driver.c, src/esx/esx_vmx.c: replace esxUtil_EqualSuffix()
	  with virFileHasSuffix()

	ESX add esxDomainDefineXML()
	A given domain XML gets converted to a VMX config, uploaded to the host
	and registered as new virtual machine.
	* src/esx/esx_driver.c: refactor datastore related path parsing into
	  esxUtil_ParseDatastoreRelatedPath()
	* src/esx/esx_util.[ch]: add esxUtil_ParseDatastoreRelatedPath()
	* src/esx/esx_vi.[ch]: add esxVI_Context_UploadFile(), add datastores to
	  the traversal in esxVI_BuildFullTraversalSpecList(), add
	  esxVI_LookupDatastoreByName()
	* src/esx/esx_vi_methods.[ch]: add esxVI_RegisterVM_Task()
	* src/esx/esx_vi_types.c: make some error message more verbose
	* src/esx/esx_vmx.[ch]: add esxVMX_AbsolutePathToDatastoreRelatedPath()
	  to convert a path into a datastore related path, add esxVMX_ParseFileName()
	  to convert from VMX path format to domain XML path format, extend the other
	  parsing function to be datastore aware, add esxVMX_FormatFileName() to
	  convert from domain XML path format to VMX path format, fix VMX ethernet
	  entry formating
	* tests/esxutilstest.c: add test for esxUtil_ParseDatastoreRelatedPath()
	* tests/vmx2xmldata/*: update domain XML files to use datastore related paths
	* tests/xml2vmxdata/*: update domain XML files to use datastore related paths,
	  update VMX files to use absolute paths

	ESX add esxVI_Occurence enum to for occurences
	Add esxVI_Occurence enum to describe expected occurence of items
	* src/esx/esx_driver.c: update the use of esxVI_LookupVirtualMachineByUuid()
	* src/esx/esx_vi.c: add an esxVI_Occurence parameter to
	  esxVI_LookupVirtualMachineByUuid() and take care if esxVI_FindByUuid()
	  can't find anything for a given uuid
	* src/esx/esx_vi.h: add esxVI_Occurence enum
	* src/esx/esx_vi_methods.c: expect null or more items to be returned
	  from esxVI_FindByUuid()

	ESX Whitespace cleanup

	ESX add x86_64 detection based on the CPUID
	* src/esx/esx_driver.c: add esxSupportsLongMode() and update esxCapsInit()
	* src/esx/esx_vi.[ch]: Add AnyType handling for lists
	* src/esx/esx_vi_types.c: bind VI type HostCpuIdInfo

	ESX add tests for the VMX to/from domain XML mapping
	* tests/.gitignore: ignore new test binaries
	* tests/Makefile.am: add new tests
	* tests/esxutilstest.c: test esxVMX_IndexToDiskName()
	* tests/vmx2xmldata/*: config files for the VMX to domain XML test
	* tests/vmx2xmltest.c: test the VMX to domain XML mapping
	* tests/xml2vmxdata/*: config files for the domain XML to VMX test
	* tests/xml2vmxtest.c: test the domain XML to VMX mapping

	ESX Add esxDomainXMLToNative()
	Extend and cleanup the VMX to domain XML mapping. Add the domain XML to
	VMX mapping functions.
	* src/esx/esx_driver.c: add esxDomainXMLToNative()
	* src/esx/esx_vmx.[ch]: add esxVMX_SCSIDiskNameToControllerAndID(),
	  esxVMX_IDEDiskNameToControllerAndID(), esxVMX_FloppyDiskNameToController(),
	  esxVMX_GatherSCSIControllers(), add basic handling for the VMX guestOS entry
	  to distinguish between i686 and x86_64, make SCSI virtualDev VMX entry
	  optional as it should be, map the VMX networkName entry to the domain XML
	  interface bridge name, add basic mapping for serial devices in pipe mode,
	  add several esxVMX_Format*() functions

	ESX Set challenge for auth callback to hostname
	This enables the auth callback to automatically distinguish between
	requests for ESX host and vCenter credentials.
	* src/esx/esx_util.[ch]: set challenge for auth callback to hostname

	ESX Add esxNodeGetFreeMemory()
	* src/esx/esx_driver.c: add esxNodeGetFreeMemory(), cache IP address
	* src/esx/esx_vi.[ch]: refactor resource pool query into esxVI_GetResourcePool()
	* src/esx/esx_vi_types.[ch]: bind VI type ResourcePoolResourceUsage

2009-09-23  Chris Lalancette  <clalance@redhat.com>

	Fix up "make syntax-check" after the tree restructuring.

2009-09-23  Paolo Bonzini  <pbonzini@redhat.com>

	network: add 'bootp' and 'tftp' config
	Currently, libvirtd will start a dnsmasq process for the virtual
	network, but (aside from killing the dnsmasq process and replacing it),
	there's no way to define tftp boot options.
	This change introduces the appropriate tags to the dhcp configuration:
	 <network>
	   <name>default</name>
	   <bridge name="virbr%d" />
	   <forward/>
	   <ip address="192.168.122.1" netmask="255.255.255.0">
	     <tftp root="/var/lib/tftproot" />
	     <dhcp>
	       <range start="192.168.122.2" end="192.168.122.254" />
	       <bootp file="pxeboot.img"/>
	     </dhcp>
	   </ip>
	 </network>
	When the attributes are present, these are passed to the
	arguments to dnsmasq:
	 dnsmasq [...] --enable-tftp --tftp-root /srv/tftp --dhcp-boot pxeboot.img
	               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^
	                      from <tftp />                     from <bootp />
	At present, only local tftp servers are supported (ie, dnsmasq runs as
	the tftp server), but we could improve this in future by adding a
	server= attribute.
	2009-09-21  Paolo Bonzini  <pbonzini@redhat.com>
	            Jeremy Kerr  <jk@ozlabs.org>
		* docs/formatnetwork.html.in: Document new tags.
		* docs/formatnetwork.html: Regenerate.
		* docs/schemas/network.rng: Update.
		* src/network_conf.c (virNetworkDefFree): Free new fields.
		(virNetworkDHCPRangeDefParseXML): Parse <bootp>.
		(virNetworkIPParseXML): New, parsing <dhcp> and <tftp>.
		(virNetworkDefParseXML): Use virNetworkIPParseXML instead of
		virNetworkDHCPRangeDefParseXML.
		(virNetworkDefFormat): Pretty print new fields.
		* src/network_conf.h (struct _virNetworkDef): Add netboot fields.
		* src/network_driver.c (networkBuildDnsmasqArgv): Add
		TFTP and BOOTP arguments.
		* tests/Makefile.am (EXTRA_DIST): Add networkschemadata.
		* tests/networkschematest: Look in networkschemadata.
		* tests/networkschemadata/netboot-network.xml: New.

2009-09-23  Chris Lalancette  <clalance@redhat.com>

	Introduce virStrncpy.
	Add the virStrncpy function, which takes a dst string, source string,
	the number of bytes to copy and the number of bytes available in the
	dest string.  If the source string is too large to fit into the
	destination string, including the \0 byte, then no data is copied and
	the function returns NULL.  Otherwise, this function copies n bytes
	from source into dst, including the \0, and returns a pointer to the
	dst string.  This function is intended to replace all unsafe uses
	of strncpy in the code base, since strncpy does *not* guarantee that
	the buffer terminates with a \0.

2009-09-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of Xen(ner) detection
	Latest upstream QEMU can be built with Xen support, which introduces
	a -xen-domid argument. This was  mistakenly detected as -domid due
	to old Xenner support. Adapt to cope with both syntax. Also only
	set domid if the virt type is xen, or the guest type is xen
	* src/qemu_conf.c, src/qemu_conf.h: Detect new -xen-domid flag in
	  preference to -domid.
	* tests/qemuxml2argvdata/qemuxml2argv-bootloader.args,
	  tests/qemuxml2argvdata/qemuxml2argv-input-xen.args: Add missing
	  -domid param
	* tests/qemuxml2argvdata/qemuxml2argv-misc-uuid.args: Remove bogus
	  -boot param.
	* tests/qemuxml2argvtest.c: Add missing QEMUD_CMD_FLAG_DOMID params

	Ignore auto-generated header file
	* include/libvirt/.gitignore: Ignore libvirt.h

2009-09-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix xen driver refcounting.
	The commit cb51aa48a777ddae6997faa9f28350cb62655ffd "Fix up connection
	reference counting." changed the driver closing and virConnectPtr
	unref-logic in virConnectClose().
	Before this commit virConnectClose() closed all drivers of the given
	virConnectPtr and virUnrefConnect()'ed it afterwards. After this
	commit the driver-closing is done in virUnrefConnect() if and only if
	the ref-count of the virConnectPtr dropped to zero.
	This change in execution order leads to a virConnectPtr leak, at least
	for connections to Xen.
	The relevant call sequences:
	virConnectOpen() -> xenUnifiedOpen() ...
	... xenInotifyOpen() -> virConnectRef(conn)
	... xenStoreOpen() -> xenStoreAddWatch() -> conn->refs++
	virConnectClose() -> xenUnifiedClose() ...
	... xenInotifyClose() -> virUnrefConnect(conn)
	... xenStoreClose() -> xenStoreRemoveWatch() -> virUnrefConnect(conn)
	Before the commit this additional virConnectRef/virUnrefConnect calls
	where no problem, because virConnectClose() closed the drivers
	explicitly and the additional refs added by the Xen subdrivers were
	removed properly. After the commit this additional refs result in a
	virConnectPtr leak (including a leak of the hypercall file handle;
	that's how I noticed this problem), because now the drivers are only
	close if and only if the ref-count drops to zero, but this cannot
	happen anymore, because the additional refs from the Xen subdrivers
	would only be removed if the drivers get closed, but that doesn't
	happen because the ref-count cannot drop to zero.
	The fix for this problem is simple: remove the
	virConnectRef/virUnrefConnect calls from the Xen subdrivers (see
	attached patch). Maybe someone could explain why the Xen Inotify and
	Xen Store driver do this extra ref-counting, but none of the other Xen
	subdrivers. It seems unnecessary to me and can be removed without
	problems.

2009-09-22  Dan Kenigsberg  <danken@redhat.com>

	Fix a number of small typos

2009-09-22  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: suspend/resume support
	* src/conf/domain_conf.c: Don't assume all virDomainObjPtr have
	  a non-NULL monitor_chr field in virDomainObjFormat.
	* src/lxc/lxc_driver.c: Implement suspend/resume driver APis
	* src/util/cgroup.c, src/util/cgroup.h: Support the 'freezer'
	  cgroup controller
	* src/libvirt_private.syms: Export virCgroupSetFreezerState
	  and virCgroupGetFreezerState

2009-09-22  Yuji NISHIDA  <nishidy@nict.go.jp>

	OpenVZ Fix a restriction about domain names
	* src/openvz/openvz_driver.c: try to autogenerate a non-conflicting
	  id for the domain and use the name field as the name not as id.

2009-09-22  Florian Vichot  <florian.vichot@diateam.net>

	add doc for graphic and video elements
	* docs/formatdomain.html.in: explain the new syntax of the video and
	  graphic elements in the domain XML

2009-09-22  Charles Duffy  <charles@dyfis.net>

	prevent attempt to call cat -c during virDomainSave to raw
	This was prevent virDomainSave from working properly by default,
	which is a bad thing.

2009-09-22  Chris Lalancette  <clalance@redhat.com>

	Fix up 'neccessary -> necessary' in a comment.

	Don't do virSetConnError when virDrvSupportsFeature is successful.

	Fix a double-free in qemudRunLoop()

	Fix up comments for domainXML{To,From}Native.

	Simple fix of a comment in qemuStringToArgvEnv.

	Remove an unnecessary variable from remoteIOReadMessage().

2009-09-21  Daniel P. Berrange  <berrange@redhat.com>

	Remove auto-generated header file from repo
	* include/libvirt/libvirt.h: Delete auto-generated file

	Tweak specfile to fix RHEL6 rules & ESX/PHYP enablement
	* libvirt.spec.in: ESX/PHYP drivers do not require libvirtd.
	  RHEL-6 should include LXC on all arches

	Move example XML files into examples/xml
	* docs/storage/: Move to examples/xml/storage/
	* docs/test*.xml: Move to examples/xml/test/
	* docs/Makefile.am: Remove example XML files from dist
	* Makefile.am: Add examples/xml to EXTRA_DIST
	* tests/virshtest.c: Update for moved test XML
	* libvirt.spec.in: Include example XML files as docs
	* tests/int-overflow: UPdate for moved XML

	Remove all generated docs from source control
	* docs/*.html, docs/devhelp/*.html, docs/html/*.html: Delete
	* docs/.gitignore, docs/devhelp/.gitignore, docs/html/.gitignore:
	  Ignore generated docs files
	* docs/Makefile.am: Rebuild all HTML docs for 'all' target
	  and include them in EXTRA_DIST and CLEANFILES
	* docs/devhelp/Makefile.am: Include HTML in CLEANFILES

	Fix missing data file in qemuhelpdata
	* tests/Makefile.am: Add missing data file to extra dist

	Misc syntax-check fixes

	Move remote protocol definition into src/remote/
	When making changes to the remote protocol, src/ is always built
	first, so rpcgen should live there, to avoid having to run make
	in the 'daemon/' directory before building src/
	* src/Makefile.am: Add rules for rpcgen, and drop -I../daemon from
	  remote client build
	* daemon/Makefile.am: Add -I../src/remote/ to libvirtd build
	  and remove rpcgen rules
	* daemon/libvirtd.c: Adapt include of remote_driver.h taking
	  into account new -I flag
	* daemon/remote_protocol.c, daemon/remote_protocol.h,
	  daemon/remote_protocol.x: Move to src/remote/
	* daemon/rpcgen_fix.pl: Move to src/remote/rpcgen_fix.pl

	Add a README file to src/ explaining the directory structure
	* src/README: New file

	Move all shared utility files to src/util/
	* src/bridge.c, src/bridge.h, src/buf.c, src/buf.h, src/cgroup.c,
	  src/cgroup.h, src/conf.c, src/conf.h, src/event.c, src/event.h,
	  src/hash.c, src/hash.h, src/hostusb.c, src/hostusb.h,
	  src/iptables.c, src/iptables.h, src/logging.c, src/logging.h,
	  src/memory.c, src/memory.h, src/pci.c, src/pci.h, src/qparams.c,
	  src/qparams.h, src/stats_linux.c, src/stats_linux.h,
	  src/threads-pthread.c, src/threads-pthread.h, src/threads-win32.c,
	  src/threads-win32.h, src/threads.c, src/threads.h, src/util.c,
	  src/util.h, src/uuid.c, src/uuid.h, src/virterror.c,
	  src/virterror_internal.h, src/xml.c, src/xml.h: Move all files
	  into src/util/
	* daemon/Makefile.am: Add -Isrc/util/ to build flags
	* src/Makefile.am: Add -Isrc/util/ to build flags and update for
	  moved files
	* src/libvirt_private.syms: Export cgroup APIs since they're now
	  in util rather than linking directly to drivers
	* src/xen/xs_internal.c: Disable bogus virEventRemoveHandle call
	  when built under PROXY
	* proxy/Makefile.am: Update for changed file locations. Remove
	  bogus build of event.c
	* tools/Makefile.am, tests/Makefile.am: Add -Isrc/util/ to build flags

	Move all XML configuration handling to src/conf/
	* src/capabilities.c, src/capabilities.h, src/domain_conf.c,
	  src/domain_conf.h, src/domain_event.c, src/domain_event.h,
	  src/interface_conf.c, src/interface_conf.h,
	  src/network_conf.c, src/network_conf.h, src/node_device_conf.c,
	  src/node_device_conf.h, src/secret_conf.c, src/secret_conf.h,
	  src/storage_conf.c, src/storage_conf.h, src/storage_encryption_conf.c,
	  src/storage_encryption_conf.h: Move to src/conf/
	* src/Makefile.am: Add -Isrc/conf to the individual build targets
	  which need to use XML config APIs. Remove LIBXML_CFLAGS, LIBSSH2_CFLAGS
	  and SELINUX_CFLAGS from global INCLUDES and only have them in build
	  targets which actually need them.  Create a libvirt_conf.la
	  convenience library for all config parsers
	* src/hostusb.h: Remove bogus include of domain_conf.h
	* tests/Makefile.am: Add -Isrc/conf. Remove bogus -I$builddir/src
	  since it never has any generated header files
	* daemon/Makefile.am: Add -Isrc/conf
	* proxy/Makefile.am: Add -Isrc/conf and cope with renamed files
	* src/hash.c: Remove bogus include of libxml/threads.h

	Make pki_check.sh into an installed & supported tool
	* docs/pki_check.sh: Move to tool/virt-pki-validate.in and add
	  in POD man page documentation
	* tools/.gitignore: Ignore generated virt-pki-validate file
	* tools/Makefile.am: Install & build virt-pki-validate and
	  virt-pki-validate.1
	* docs/remote.html, docs/remote.html.in: Refer to new tool
	  name virt-pki-validate
	* libvirt.spec.in, mingw32-libvirt.spec.in: Add virt-pki-validate
	  and virt-pki-validate.1 to files list

	Re-arrange python generator to make it clear what's auto-generated
	* README: New file describing what each file is used for
	* livvirt-override.c, libvirt-override.py, libvirt-override-api.xml,
	  libvirt-override-virConnect.py: Manually written code overriding
	  the generator
	* typewrappers.c, typewrappers.h: Data type wrappers
	* generator.py: Automatically pre-prend contents of libvirt-override.py
	  to generated libvirt.py. Output into libvirt.py directly instead of
	  libvirtclass.py. Don't generate libvirtclass.txt at all. Write C
	  files into libvirt.c/.h directly
	* Makefile.am: Remove rule for creating libvirt.py from libvirt-override.py
	  and libvirtclass.py, since generator.py does it directly

	Remove obsolete files
	* docs/Goals, RENAMES, mylibtool: Removed

	Move docs/examples into examples/
	* Makefile.am: Add examples/dominfo examples/domsuspend examples/python
	  as SUBDIRS
	* configure.in: Update AC_OUTPUT for new/old Makefiles
	* docs/Makefile.am: Remove examples from SUBDIRS
	* docs/examples/info1.c: Move to examples/dominfo/info1.c
	* docs/examples/suspend.c: Move to examples/domsuspend/suspend.c
	* docs/examples: Remove all remaining files
	* docs/examples/python: Moved to examples/python/
	* examples/dominfo/Makefile.am, examples/domsuspend/Makefile.am: New
	  build files
	* libvirt.spec.in: Update to take account of moved examples

	Remove unused images from docs/ directory
	* 16favicon.png, Libxml2-Logo-90x34.gif, libvirHeader.png,
	  libvirLogo.png, windows-cygwin-1.png, windows-cygwin-2.png,
	  windows-cygwin-3.png: Remove unreferenced files
	* Makefile.am: Remove deleted files from EXTRA_DIST

	Rename daemon main code
	* daemon/qemud.c: Rename to daemon/libvirtd.c
	* daemon/qemud.h: Rename to daemon/libvirtd.h
	* daemon/Makefile.am, daemon/dispatch.h, daemon/mdns.c,
	  daemon/remote.h: Update for renamed libvirtd.h file

	Move config files to align with driver sources
	* daemon/default-network.xml: Move to src/network/default.xml
	* daemon/libvirtd_qemu.aug, daemon/test_libvirtd_qemu.aug: Move
	  to src/qemu/
	* src/qemu.conf: Move to src/qemu/qemu.conf
	* daemon/Makefile.am: Remove rules for default-nmetwork.xml and
	  libvirtd_qemu.aug and test_libvirtd_qemu.aug. Fix typo in
	  uninstall-local that would install polkit again.
	* src/Makefile.am: Add rules for installing network/default.xml
	  and the qemu/*.aug files. Add test case for QEMU augeas files.
	  Add uninstall-local rule for files/directories created during
	  install. Rename install-exec-local to install-data-local.
	  Only install qemu.conf if WITH_QEMU is set.
	* tests/networkschematest: Update for XML location move

	Move virsh into tools/ directory
	Move the virsh tool and its man page into the tools directory
	* Makefile.am: Remove rules for virsh.1 man page
	* virsh.1: Remove auto-generated file
	* docs/Makefile.am: Remove rules for virsh.pod man page
	* docs/virsh.pod: Move to tools/ directory
	* src/Makefile.am, src/.gitignore: Remove rules for virsh
	* src/console.c, src/console.h, src/*.ico, src/virsh_win_icon.rc,
	  src/virsh.c: Move into tools/ directory
	* tools/Makefile.am: Add rules for building virsh
	* tools/.gitignore: Ignore virsh built files
	* tests/virshtest.c, tests/int-overflow: Update for new
	  virsh location

	Move security drivers to src/security/
	* src/Makefile.am, src/qemu/qemu_conf.h, src/qemu/qemu_driver.c,
	  tests/seclabeltest.c: Adapt for changed paths
	* src/security.c: Rename to src/security/security_driver.c
	* src/security.h: Rename to src/security/security_driver.h
	* src/security_selinux.c, src/security_selinux.h: Move to src/security/

	Move secret driver into src/secret/
	* daemon/qemud.c, src/Makefile.am: Adapt for changed paths
	* src/secret_driver.c, src/secret_driver.h: Move to src/secret/

	Move netcf interface driver into src/interface/
	* daemon/qemud.c, src/Makefile.am: Adapt for changed paths
	* src/interface_driver.c: Rename to src/interface/netcf_driver.c
	* src/interface_driver.h: Rename to src/interface/netcf_driver.h

	Move network driver into src/network
	* daemon/qemud.c, src/Makefile.am: Adapt for changed paths
	* src/network_driver.c: Rename to src/network/bridge_driver.c
	* src/network_driver.h: Rename to src/network/bridge_driver.h

	Move remote driver to src/remote/
	* daemon/mdns.c: Remove bogus include
	* daemon/qemud.c, src/Makefile.am, src/libvirt.c: Adapt for
	  changed paths
	* src/remote_internal.c: Rename to src/remote/remote_driver.c
	* src/remote_internal.h: Rename to src/remote/remote_driver.h

	Move test driver into src/test/
	* src/Makefile.am, src/libvirt.c: Adjust for changed paths
	* src/test.c: Rename to src/test/test_driver.c,
	* src/test.h: Rename to src/test/test_driver.h

	Move node device drivers to src/node_device/
	* daemon/qemud.c, src/Makefile.am: Update for changed paths
	* src/node_device*.{h,c}: Move to src/node_device/
	* src/storage/storage_backend.c: Remove bogus import of node_device.c

	Move storage drivers into src/storage/
	* daemon/qemud.c, src/Makefile.am: Adapt for changed paths
	* src/storage*.c, src/storage/*.h, src/parthelpre.c: Move
	  to src/storage/

	Move OpenVZ driver to src/openvz/
	* src/openvz_conf.c, src/openvz_conf.h, src/openvz_driver.c,
	  src/openvz_driver.h: Move to src/openvz/
	* src/Makefile.am, src/libvirt.c: Adjust for changed paths

	Move UML driver to src/uml/
	* src/uml_conf.c, src/uml_conf.h, src/uml_driver.c,
	  src/uml_driver.h: Move to src/uml/
	* daemon/qemud.c, src/Makefile.am: Adjust for changed paths

	Move QEMU driver to src/qemu/
	* src/qemu_conf.c, src/qemu_conf.h, src/qemu_driver.c,
	  src/qemu_driver.h: Move to src/qemu/
	* daemon/qemud.c, src/Makefile.am, tests/qemuargv2xmltest.c,
	  tests/qemuhelptest.c, tests/qemuxml2argvtest.c,
	  tests/qemuxml2xmltest.c: Adapt for changed paths

	Move LXC driver into src/lxc/
	* src/lxc_conf.c, src/lxc_conf.h, src/lxc_container.c,
	  src/lxc_container.h, src/lxc_controller.c, src/lxc_driver.c,
	  src/lxc_driver.h, src/veth.c, src/veth.h: Move to src/lxc/
	* src/opennebula/one_driver.c: Remove bogus veth.h include
	* src/Makefile.am: Adjust for lxc paths
	* daemon/qemud.c: Adjust include for lxc

	Move xen driver code into src/xen/ directory
	* src/Makefile.am, src/proxy_internal.c, src/proxy_internal.h
	  src/sexpr.c, src/sexpr.h, src/xen_unified.c, src/xen_unified.h,
	  src/xen_internal.c, src/xen_internal.h, src/xen_inotify.c,
	  src/xen_inotify.h, src/xend_internal.c, src/xend_internal.h,
	  src/xm_internal.c, src/xm_internal.h, src/xs_internal.c,
	  src/xs_internal.h: Move to src/xen/ directory
	* proxy/Makefile.am, proxy/libvirt_proxy.c, src/Makefile.am,
	  src/libvirt.c, tests/sexpr2xmltest.c, tests/statstest.c,
	  tests/xencapstest.c, tests/xmconfigtest.c, tests/xml2sexprtest.c:
	  Adapt to changed xen location
	* src/stats_linux.h, src/stats_linux.c: Remove xen specific block
	  stats APIs
	* src/qemu_driver.c, src/uml_driver.c: Add missing sys/un.h include
	  uncovered after change to stats_linux.h
	* src/xen/block_stats.h, src/xen/block_stats.c: Add xen specific
	  block stats APIs

	Rename qemud/ directory to daemon/
	* qemud/: Rename to daemon/
	* Makefile.am, configure.in, src/Makefile.am, src/remote_internal.c,
	  tests/Makefile.am, tests/eventtest.c: s/qemud/daemon/ where needed

	Refactor libvirt.spec to allow client-only builds
	Some architectures in certain RHEL versions do not include any
	hypervisors. Update the specfile to allow those to easily build
	a remote client only version of libvirt. ie no libvirtd related
	bits at all.
	* qemud/Makefile.am: Always instal SASL config since its needed
	  by client too
	* libvirt.spec.in: Re-factor specfile conditionals to allow entire
	  server side build to be disabled easily, eg a remote client only
	  build. Make RHEL-5 do client only build for s390/ppc. Make RHEL-6
	  do a client only build for all non-x86_64 archs. Enable LXC on
	  RHEL-6. Enable all Fedora >= 6 features on RHEL-6 too. Add some
	  more conditionals around dnsmasq/iptables/hal Requires tags.
	  Add missing e2fsprogs-devel BR for RHEL-5 as workaround for broken
	  parted. Fix the device mapper BR for RHEL-5. Add conditional rules
	  for ESX build. Add conditional rules for SELinux + HAL builds.
	  Fix a mistaken %{with_qemu} to be %{with_network} when setting
	  up default network XML

2009-09-21  Mark McLoughlin  <markmc@redhat.com>

	Fix leak in PCI hostdev hot-unplug
	* src/qemu_driver.c: sync the hostdev hot-unplug code with the disk/net
	  code.

2009-09-17  Mark McLoughlin  <markmc@redhat.com>

	Fix net/disk hot-unplug segfault
	When we hot-unplug the last device, we're currently double-freeing
	the device definition.
	Reported by Martin Banas here:
	  https://bugzilla.redhat.com/523953
	* src/qemu_driver.c: fix double free

2009-09-16  Shahar Klein  <shaharklein@yahoo.com>

	ESX add support for vmxnet3 virtual device
	* src/esx/esx_vmx.c: add it to the list of accepted devices when
	  parsing the Ethernet section.

2009-09-15  Jim Meyering  <meyering@redhat.com>

	doc: don't emit trailing blanks into generated and VC'd NEWS file
	* docs/Makefile.am ($(top_builddir)/NEWS): Filter out trailing
	white space.

2009-09-15  Daniel Veillard  <veillard@redhat.com>

	More whitespace problems

	Fix some last minute whitespace problems.

	Release of libvirt 0.7.1
	* configure.in docs/news.html.in libvirt.spec.in src/libvirt_public.syms:
	  updates to new release
	* NEWS docs/devhelp/libvirt-libvirt.html docs/html/libvirt-libvirt.html
	  docs/libvirt-api.xml docs/libvirt-refs.xml docs/news.html
	  include/libvirt/libvirt.h: regenerated

	Update a number of localizations and regenerate
	* as.po bn_IN.po de.po gu.po hi.po kn.po ko.po ml.po mr.po or.po pa.po
	  pl.po ta.po te.po zh_CN.po got updated

2009-09-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix dlopen of secrets driver
	* src/Makefile.am: Add gnulib.la for base64 functions
	* src/libvirt_private.syms: Export virFileNameMatchesSuffix

	Add UUID definition required by storage encryption import
	* docs/schemas/storagevol.rng: storage encryption rules require
	  that UUID type be defined

	Remove accidentally added UUID re-definition in storage schema
	* docs/schemas/storageencryption.rng: Remove UUID definition
	  since its provided by the domain.rng/storagevol.rng schemas
	  that import this

	Rebuild API docs

	Make secrets RNG more strict
	* docs/schemas/secret.rng: Require volume element to be an absolute
	  path. Fix whitespace indentation

	Fill in secret UUID for qcow encryption
	* src/storage_backend_fs.c: Lookup & fill in secret passphrase UUID
	  for storage volumes using encryption

	Add usage type/id as a public API property of virSecret
	* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
	  virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
	* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
	  as not throwing exceptions
	* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
	* qemud/remote_protocol.x: Add usage type & ID as attributes of
	  remote_nonnull_secret. Add RPC calls for new public APIs
	* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
	  qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
	  qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
	* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
	  properties of virSecretPtr
	* src/driver.h: Add virLookupSecretByUsage driver entry point
	* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
	  and virLookupSecretByUsage
	* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
	  and virLookupSecretByUsage
	* src/remote_internal.c: Implement virLookupSecretByUsage entry
	* src/secret_conf.c, src/secret_conf.h: Remove the
	  virSecretUsageType enum, now in public API. Make volume
	  path mandatory when parsing XML
	* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
	  Implement virSecretLookupByUsage api method
	* src/virsh.c: Include usage for secret-list command

	Fix UUID handling in secrets/storage encryption APIs
	Convert all the secret/storage encryption APIs / wire format to
	handle UUIDs in raw format instead of non-canonical printable
	format. Guarentees data format correctness.
	* docs/schemas/storageencryption.rng: Make UUID mandatory for a secret
	  and validate fully
	* docs/schemas/secret.rng: Fully validate UUID
	* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add
	  virSecretLookupByUUID and virSecretGetUUID. Make
	  virSecretGetUUIDString follow normal API design pattern
	* python/generator.py: Skip generation of virSecretGetUUID,
	  virSecretGetUUIDString and virSecretLookupByUUID
	* python/libvir.c, python/libvirt-python-api.xml: Manual impl
	  of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID
	* qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/
	  Fix get_nonnull_secret/make_nonnull_secret to use unsigned char
	* qemud/remote_protocol.x: Fix remote_nonnull_secret to use a
	  remote_uuid instead of remote_nonnull_string for UUID field.
	  Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to
	  REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an
	  remote_uuid  value
	* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
	  qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
	  qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
	* src/datatypes.h, src/datatypes.c: Store UUID in raw format instead
	  of printable. Change virGetSecret to use raw format UUID
	* src/driver.h: Rename virDrvSecretLookupByUUIDString to
	  virDrvSecretLookupByUUID and use raw format UUID
	* src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID
	  and re-implement virSecretLookupByUUIDString and
	  virSecretGetUUIDString in terms of those
	* src/libvirt_public.syms: Add virSecretLookupByUUID and
	  virSecretGetUUID
	* src/remote_internal.c: Rename remoteSecretLookupByUUIDString
	  to remoteSecretLookupByUUID. Fix typo in args for
	  remoteSecretDefineXML impl. Use raw UUID format for
	  get_nonnull_secret and make_nonnull_secret
	* src/storage_encryption_conf.c, src/storage_encryption_conf.h:
	  Storage UUID in raw format, and require it to be present in
	  XML. Use UUID parser to validate.
	* secret_conf.h, secret_conf.c: Generate a UUID if none is provided.
	  Storage UUID in raw format.
	* src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets
	  in a filed with printable UUID, instead of base64 UUID.
	* src/virsh.c: Adjust for changed public API contract of
	  virSecretGetUUIDString.
	* src/storage_Backend.c: DOn't undefine secret we just generated
	  upon successful volume creation. Fix to handle raw UUIDs. Generate
	  a non-clashing UUID
	* src/qemu_driver.c: Change to use lookupByUUID instead of
	  lookupByUUIDString

2009-09-14  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox bug when starting machine from old versions
	* src/vbox/vbox_tmpl.c: fix a bug where one can't start domains defined
	  with older builds or with empty "FRONTEND/Type" tag in their xml
	  files.

2009-09-14  Daniel P. Berrange  <berrange@redhat.com>

	Save vcpuinfo in status file
	* src/qemu_driver.c: Don't trust monitor for vcpu PID info on
	  restart
	* src/domain_conf.c: Save and load vCPU PID info from domain
	  status file

	Fix win32 platform build
	* configure.in: Only define WITH_SECRETS if libvirtd is present
	* src/Makefile.am: Only build secrets driver if WITH_SECRETS is
	  defined. Always add SECRET_DRIVER_SOURCES to EXTRA_DIST

	Restart libvirtd upon RPM upgrade
	* libvirt.spec.in: Restart libvirtd in %post

2009-09-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX cleanup of CPU model strings
	* src/esx/esx_driver.c: also strip (C) and (TM) from the CPU model
	  strings

	ESX avoid potential leaks
	* src/esx/esx_driver.c: reorder some function calls to avoid potential
	  virDomainPtr leaks

2009-09-14  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox 3.0.6 API change support
	* src/vbox/vbox_CAPI_v3_0.h: this includes minor API changes for VBox
	  3.0.6 released some days ago.

2009-09-11  Miloslav Trmač  <mitr@redhat.com>

	Add support for qcow encrypted volumes to qemu.
	Integrate with QEMU monitor to provide encryption passphrase when
	starting a guest using encrypted qcow volumes
	* src/qemu_driver.c (findDomainDiskEncryption,
	  findVolumeQcowPassphrase,
	  qemudMonitorSendVolumePassphrase, qemudMonitorSendCont): Send a volume
	  passphrase if qemu asks for it.

	Provide missing passphrase when creating a volume.
	If the <encryption format='qcow'> element does not specify a secret
	during volume creation, generate a suitable secret and add it to the
	<encryption> tag.  The caller can view the updated <encryption> tag
	using virStorageVolGetXMLDesc().
	Similarly, when <encryption format='default'/> is specified while
	creating a qcow or qcow2-formatted volume, change the format to "qcow"
	and generate a secret as described above.
	* src/storage_encryption_conf.h (VIR_STORAGE_QCOW_PASSPHRASE_SIZE,
	  virStorageGenerateQcowPasphrase),
	  src/storage_encryption_conf.c (virStorageGenerateQcowPasphrase),
	  src/libvirt_private.syms: Add virStorageGenerateQcowPasphrase().
	* src/storage_backend.c (virStoragegenerateQcowEncryption,
	  virStorageBackendCreateQemuImg): Generate a passphrase and
	  <encryption> when creating a qcow-formatted encrypted volume and the
	  user did not supply the information.

	Add virsh commands for secrets APIs
	* src/virsh.c: Add virsh commands.
	* docs/virsh.pod, virsh.1: Update documentation.

	Local file implementation of secret driver API
	This implementation stores the secrets in an unencrypted text file,
	for simplicity in implementation and debugging.
	(Symmetric encryption, e.g. using gpgme, will not be difficult to add.
	Because the TLS private key used by libvirtd is stored unencrypted,
	encrypting the secrets file does not currently provide much additional
	security.)
	* include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New
	  error number.
	* po/POTFILES.in, src/Makefile.am: Add secret_driver.
	* bootstrap: Use gnulib's base64 module.
	* src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms:
	  Add local secret driver.
	* qemud/qemud.c (qemudInitialize): Use the local secret driver.

	Add an internal <secret> XML handling API
	Add a <secret> XML handling API, separate from the local driver, to
	avoid manually generating XML in other parts of libvirt.
	* src/secret_conf.c, src/secret_conf.h: New files.
	* po/POTFILES.in, src/Makefile.am: Add secret_conf.

2009-09-10  Miloslav Trmač  <mitr@redhat.com>

	Mask out flags used internally for virSecretGetValue
	Add a VIR_SECRET_GET_VALUE_INTERNAL_CALL flag value, replacing the
	originally separate libvirt_internal_call parameter.  The flag is used
	to differentiate external virSecretGetValue() calls from internal calls
	by libvirt drivers that need to use the secret even if it is private.
	* src/libvirt_internal.h Remove VIR_DOMAIN_XML_FLAGS_MASK
	* src/driver.h Add VIR_SECRET_GET_VALUE_FLAGS_MASK constant and
	  VIR_SECRET_GET_VALUE_INTERNAL_CALL. Re-add the
	  VIR_DOMAIN_XML_FLAGS_MASK constant
	* src/libvirt.c (virSecretGetValue): Don't allow the user to specify
	  internal flags.

2009-09-10  Daniel P. Berrange  <berrange@redhat.com>

	Fix use of dlopen modules
	Remove the bogus dependancy between node_device.c & storage_backend.c
	by moving the virWaitForDevices into util.h where it can be shared
	safely
	* src/storage_backend_disk.c, src/storage_backend_logical.c,
	  src/storage_backend_mpath.c, src/storage_backend_scsi.c: Replace
	  virStorageBackendWaitForDevices with virFileWaitForDevices
	* src/storage_backend.c, src/storage_backend.h: Remove
	  virStorageBackendWaitForDevices, virWaitForDevices
	* src/util.h, src/util.c: Add virFileWaitForDevices
	* configure.in: Move xmlrpc check further down after pkgconfig
	  is detected
	* src/Makefile.am: Add missing XMLRPC_CFLAGS/LIBS to opennebula
	* src/libvirt_private.syms: Add many missing exports

2009-09-10  Miloslav Trmač  <mitr@redhat.com>

	Consolidate "cont" into qemudMonitorSendCont()
	The interface allows qemudMonitorSendCont() to report errors that are
	not overridden by its callers.
	Also fix a potential infinite loop in qemuDomainCoreDump() if sending
	cont repeatedly fails.
	* src/qemu_driver.c (qemudMonitorSendCont): New function.
	  (qemudAutostartConfigs): Reset error before each call to
	  qemudStartVMDaemon().
	  (qemudInitCpus, qemudDomainResume, qemudDomainCoreDump,
	  qemudDomainRestore, qemudDomainMigratePerform,
	  qemudDomainMigrateFinish2): Use qemudMonitorSendCont().

	Add <usage> to <secret> docs
	* docs/formatsecret.html.in, docs/formatsecret.html: Document <usage
	  type='volume'>, replacing stand-alone <volume>.
	* docs/schemas/secret.rng: Update schema to require <usage
	  type='volume'>

2009-09-10  Daniel P. Berrange  <berrange@redhat.com>

	Cleanup sec driver error reporting to use virReportSystemError
	* src/security_selinux.c: Use virReportSystemError whereever an
	  errno is involved
	* src/qemu_driver.c: Don't overwrite error message from the
	  security driver

	Support relabelling of USB and PCI devices
	* src/security.h: Driver API for relabelling host devices
	* src/security_selinux.c: Implement relabelling of PCI and USB
	  devices
	* src/qemu_driver.c: Relabel USB/PCI devices before hotplug

	Port QEMU driver to use USB/PCI device helpers
	* src/qemu_driver.c: Remove usbfs/sysfs iterator code and call
	  into generic helper APIs instead when setting device permissions

	Add helper APIs for iterating over PCI device resource files
	* src/pci.h, src/pci.c: Helper for iterating over PCI device
	  resource files
	* src/libvirt_private.syms: Export pciDeviceFileIterate

	Add helper module for dealing with USB host devices
	* src/Makefile.am: Add usb.h and usb.h to libvirt_util.la
	* src/libvirt_private.syms: Export symbols
	* src/usb.c, src/usb.h: Helper APIs for USB host devices

	Fix more OOM handling bugs
	* src/qemu_conf.c: Fix leak of values upon OOM
	* src/xend_internal.c: Fix missing check for OOM failure
	* tests/qemuargv2xmltest.c, tests/qemuxml2argvtest.c: Free
	  stateDir upon exit to avoid leak

	Fix logging buffer overrun read
	* src/logging.c: Fix buffer offset in logging read

	Fix misc thread locking bugs / bogus warnings
	Fix all thread locking bugs reported by object-locking test
	case.
	NB, some of the driver locking is getting too coarse. Driver
	mutexes really need to be turned into RW locks instead to
	significantly increase concurrency.
	* src/lxc_driver.c: Fix useof driver when unlocked in the methods
	  lxcDomainGetInfo, lxcSetSchedulerParameters, and
	  lxcGetSchedulerParameters
	* src/opennebula/one_driver.c: Fix missing unlock in oneDomainUndefine.
	  Fix use of driver when unlocked in oneDomainGetInfo,
	  oneGetOSType, oneDomainShutdown
	* src/qemu_driver.c: Fix use of driver when unlocked in
	  qemudDomainSavem, qemuGetSchedulerType, qemuSetSchedulerParameters
	  and qemuGetSchedulerParameters
	* src/storage_driver.c: Re-work storagePoolCreate to avoid bogus
	  lock checking warning. Re-work storageVolumeCreateXMLFrom to
	  remove a potential NULL de-reference & avoid bogus lock check
	  warnings
	* src/test.c: Remove testDomainAssignDef since it break lock chekc
	  warnings.
	* tests/object-locking.ml: Add oneDriverLock, oneDriverUnlock
	  and one_driver_t methods/types to allow lock checking on the
	   OpenNebula drivers

2009-09-10  Mark McLoughlin  <markmc@redhat.com>

	Test that domain-specific qemu machine types are used correctly
	* tests/testutilsqemu.c: add a machine types list for /usr/bin/kvm
	  which doesn't have any aliases, while the guest has aliases
	* tests/qemuxml2argvdata/qemuxml2argv-machine-aliases2.*,
	  tests/qemuxml2argvtest.c: add a test using /usr/bin/kvm and make
	  sure that 'pc' machine type doesn't get canonicalized using the
	  aliases in the guest machine type list

	Simplify and fix qemudCanonicalizeMachine()
	The algorithm is quite simple:
	  If the emulator matches a guest's domain:
	    if domain has machine type info:
	      check the domain's machine type info
	    else
	      check the guest's default machine type info
	  else if the emulator matches the guest's default emulator:
	     check the guest's default machine type info
	The previous implementation was incorrectly falling back to the default
	machine type info if the domain's machine type info didn't have an
	alias.
	* src/qemu_driver.c: simplify and fix qemudCanonicalizeMachine()

	Probe machine types from kvm binary too
	Currently we only probe the main qemu binary for machine types, but we
	should also probe the kvm binary.
	* src/qemu_conf.c: probe kvm binary machines in qemudCapsInitGuest()

	Look up machine types from all domains in qemudGetOldMachines()
	Rather than just looking at the default domain info, look at all
	domains
	* src/qemu_conf.c: look at all domains in qemudGetOldMachines()

	Split up qemudGetOldMachines()
	We need to look at all the domain infos in guest capabilities, not
	just the defaults.
	In order to allow that, split out a qemudGetOldMachinesFromInfo()
	from qemudGetOldMachines(). We'll make more use of it in the next
	patch.
	* src/qemu_conf.c: split out qemudGetOldMachinesFromInfo() from
	  qemudGetOldMachines()

	Test qemu machine aliases
	* tests/testutilsqemu.c: make 'pc' an alias for qemu-system-x86_64
	* tests/qemuxml2argvdata/qemuxml2argv-machine-aliases1.*,
	  tests/qemuxml2argvtest.c: add a test which uses qemu-system-x86_64
	  and make sure the machine type is canonicalized.

	Re-factor qemu test machine allocation code
	* test/testutilsqemu.c: split out code to testQemuAllocMachines()
	  and make use of the ARRAY_CARDINALITY macro

	Canonicalize the qemu machine type in qemuxml2argvtest
	This doesn't have any affect on the current tests because we don't have
	any machine aliases in the current test data.
	* src/qemu_conf.h, src/qemu_driver.c: expose qemudCanonicalizeMachine()
	  for the tests
	* tests/qemuxml2argvtest.c: canonicalize the machine type

	Dump qemu driver capabilities if test debugging enabled
	* src/testutils.[ch]: make testDebug externally available
	* src/testutilsqemu.c: if VIR_TEST_DEBUG is set, dump the qemu
	  driver capabilities to stderr

	Fix formatting of machine types in capabilities XML
	* src/capabilities.c: fix machine type formatting in
	  virCapabilitiesFormatXML()

	Add qemu -help test data for qemu-kvm-0.11.0-rc2
	* tests/qemuhelpdata/qemu-kvm-0.11.0-rc2: add data
	* tests/qemuhelptest.c: add expected output

	Add a more featureful qemu capabilities test data
	Things added include
	  - x86_64 host
	  - Migration features
	  - NUMA topology
	  - Security model
	  - Canonical machine types
	  - Domain machine types
	  - An arm guest
	  - More machine types for mips, mipsel, sparc and ppc
	  - An x86_64 xenner guest
	This file was generated on a Fedora 12 machine using latest libvirt
	and qemu-kvm-0.11.0-rc2
	* tests/capabilityschemadata/caps-qemu-kvm.xml: add more features
	  to test

	Add arm arch to capabilities schema
	* docs/schemas/capabilities.rng: add arm and sort arches

	Update capabilities schema to allow multiple machines per domain
	* docs/schemas/capabilities.rng: allow multiple machines per domain
	  just like they are allowed for guests

	Add esx and tcp migration uri transports to capabilities schema
	* docs/schemas/capabilities.rng: include esx and tcp uri_transport

2009-09-10  Chris Lalancette  <clalance@redhat.com>

	Fix regression from "Avoid polling on FDs with no events"
	After the mentioned patch was applied, I noticed that
	shutting down a kvm guest from inside (i.e. poweroff) caused
	the guest to shutdown, but not removed from the list of
	active guests.  DanB pointed out that the problem is that
	the virEventAddHandle() call in the qemu driver was asking
	to watch for 0 events, not HANGUP | ERROR as it should.  Add
	these events so that shutdown works again.

2009-09-10  Jim Meyering  <meyering@redhat.com>

	qemu_driver.c: factor out more duplication
	* src/qemu_driver.c (qemudDomainRestore): Use the new ...TypeToString
	function here, too.

2009-09-10  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Close logfile fd after spawning qemu
	* src/qemu_driver.c: avoid a leak of file descriptor when exec'ing qemu

2009-09-10  Charles Duffy  <charles@dyfis.net>

	Reintroduce support for lzop compression
	lzop was removed due to some confusion over whether it provided functional
	advantages distinct from xz. This has been addressed in the mailing list post
	archived at http://permalink.gmane.org/gmane.comp.emulators.libvirt/16487, and
	support for lzop is re-added here.
	* libvirt.spec.in: add dependancy on lzop
	* src/qemu.conf: update documentation of save_image_format
	* src/qemu_driver.c: re-add lzop compression option

2009-09-09  Daniel Veillard  <veillard@redhat.com>

	Deprecate lzma and lzop in favor of xz, add dep
	* src/qemu_driver.c: drop lzma and lzop images compression options
	  as they are deprecated by xz
	* libvirt.spec.in: add requires for xz/bzip2/gzip as they are needed
	  to implement the compression options

2009-09-09  Maximilian Wilhelm  <max@rfc2324.org>

	Check for libssh2 >= 1.0 for phy driver
	* configure.in: phyp driver uses libssh2_session_block_directions()
	  which is only available in libssh2 >= 1.0, so check for this symbol
	  too when configuring

2009-09-09  Jim Meyering  <meyering@redhat.com>

	qemu_driver.c: factor out duplication in compression-type handling
	* src/qemu_driver.c (QEMUD_SAVE_FORMAT_LAST): Define.
	(qemudSaveCompressionTypeFromString): Declare.
	(qemudSaveCompressionTypeToString): Declare.
	(qemudDomainSave): Use those functions rather than open-coding them.
	Use "cat >> '%s' ..." in place of equivalent
	"dd of='%s' oflag=append conv=notrunc ...".

	also allow use of XZ for Qemu image compression
	* src/qemu_driver.c (enum qemud_save_formats) [QEMUD_SAVE_FORMAT_XZ]:
	New member.
	[QEMUD_SAVE_FORMAT_LZMA]: Mark as deprecated.
	Use an explicit value for each member.
	(qemudDomainSave, qemudDomainRestore): Handle the new member.
	* src/qemu.conf: Mention xz, too.

	openvz_conf.c: remove dead store to "p"; use strchrnul
	* src/openvz_conf.c (openvzReadNetworkConf): Replace open-coded
	while loop with equivalent use of strchrnul.
	* bootstrap (modules): Add strchrnul.

	build: update gnulib submodule to latest

2009-09-08  Daniel Veillard  <veillard@redhat.com>

	Remove some tabs used for indent

2009-09-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	Avoid another leak in src/xend_internal.c
	* src/xend_internal.c: in xenDaemonLookupByID() if virGetDomain fails
	  free up the name

2009-09-08  Daniel Veillard  <veillard@redhat.com>

	Updated a number of localizations and regenerated

	Add flags and requires for Multipath storage
	* libvirt.spec.in: the new multipath module requires device-mapper
	  and device-mapper-devel for build

2009-09-08  Dave Allan  <dallan@redhat.com>

	Multipath storage support module
	* configure.in src/Makefile.am src/storage_backend.[ch]
	  src/storage_conf.[ch] src/storage_backend_mpath.[ch] po/POTFILES.in:
	  add a new module for storage multipath, it requires device-mapper

2009-09-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	Avoid a leak in xenDaemonLookupByID
	* src/xend_internal.c: free name in xenDaemonLookupByID() if
	  virGetDomain() fails

2009-09-08  Miloslav Trmač  <mitr@redhat.com>

	Add a missing comment
	* src/libvirt_private.syms: Add a missing comment for
	  storage_encryption_conf.h entries

	Fix a pasto in storage_encryption_conf.c
	* src/storage_encryption_conf.c: small typo fix in top comment

2009-09-08  Jim Meyering  <meyering@redhat.com>

	xm_internal.c: remove four useless comparisons after strchr
	* src/xm_internal.c (xenXMDomainConfigParse): After t=strchr...
	don't test *t; it's known.  This was *not* detected by clang,
	but I spotted it since once instance was in the vicinity of the
	dead increment of "data".

	xm_internal.c: remove dead increment of "data"
	* src/xm_internal.c (xenXMDomainConfigParse): Don't increment it.

	network_driver.c: remove dead store to "err"
	* src/network_driver.c (networkSetAutostart): ...and its decl.

	iptables.c: remove dead store to "s"
	* src/iptables.c (iptablesAddRemoveRule): Remove dead store.

	util.c: avoid dead store to "flag"
	* src/util.c (virExecDaemonize): Change flag |= VAR to "flag | VAR".

	domain_conf.c: remove two dead stores
	* src/domain_conf.c (virDomainSaveXML): Remove use and decl of "err".
	(virDomainDefParseXML): Likewise.

	xm_internal.c: remove two ret=... dead stores
	* src/xm_internal.c (xenXMDomainCreate): Remove dead stores.

	xm_internal.c: remove dead stores of local, "type"
	* src/xm_internal.c (xenXMDomainConfigParse): Remove declaration
	and useless containing if-block, too.

2009-09-07  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox fix minor bugs in display and added OOM checks
	* src/vbox/vbox_tmpl.c: minor bug in selecting the graphics type. if the
	  graphics type was desktop it was assumed that display is set for it,
	  and thus crashed on strdup. Also adds a number of missing OOM checks.

2009-09-07  Jim Meyering  <meyering@redhat.com>

	network_conf.c: remove dead store to "err"
	* src/network_conf.c (virNetworkDefParseXML): ...and its decl.

	openvz_driver.c: avoid dead store to "err"
	* src/openvz_driver.c (openvzGenerateContainerVethName): Remove use
	and decl of "err".

	xend_internal.c: Remove two dead stores to "ret"
	* src/xend_internal.c (xenDaemonCreateXML): Don't set "ret" after
	last use.

	storage_driver.c: remove two dead stores to "backend"
	* src/storage_driver.c (storagePoolGetInfo, storagePoolDefine):
	Remove variable, backend, since its value was never used.

2009-09-07  Daniel Veillard  <veillard@redhat.com>

	Merge branch 'tmp'

2009-09-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	Some close/fclose/closedir calls are missing
	* src/openvz_conf.c src/qemu_driver.c src/storage_backend_scsi.c
	  src/xen_inotify.c: closes various file descriptors leaks

2009-09-05  Jim Meyering  <meyering@redhat.com>

	lxc_container.c: avoid a leak on error paths
	* src/lxc_container.c (lxcContainerMountBasicFS): Don't leak upon failure.
	Add "cleanup:" label and change each post-allocation failure to
	use "goto cleanup" rather than returning immediately.

	qemu_conf.c: add a comment suggesting why we leave a dead-store
	* src/qemu_conf.c (qemuBuildHostNetStr): Do not remove the type_sep=','
	dead store, since not having it would be a problem if we ever add a
	new attribute=VAL option.

	hash.c: remove a dead store
	* src/hash.c (virHashFree): Remove useless assignment to inside_table.

	interface_conf.c: remove a dead-store and declaration
	* src/interface_conf.c (virInterfaceDefParseDhcp): Remove unused "old".

	eventtest.c: detect write failure and avoid dead stores
	* tests/eventtest.c (mymain): Exit nonzero upon write failure.
	This also avoids several dead stores of the form ret = safewrite...

	openvz_conf.c: Remove dead store to copy_fd
	* src/openvz_conf.c (openvz_copyfile): Remove unused assignment.

	storage_backend_logical.c: appease clang: remove useless increment
	* src/storage_backend_logical.c (virStorageBackendLogicalBuildPool):
	Don't increment "n" when we won't use the result.

2009-09-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX raise error if UUID parse failed
	* src/esx/esx_util.c: let esxUtil_GetConfigUUID() report an error if
	  virUUIDParse() fails

	ESX add domain undefine based on esxVI_UnregisterVM
	* src/esx/esx_driver.c: add esxDomainUndefine() based on
	  esxVI_UnregisterVM()
	* src/esx/esx_vi_methods.[ch]: add esxVI_UnregisterVM()

	ESX add esxGetCapabilities() with basic defaults
	* src/esx/esx_driver.c: add esxCapsInit() with default caps and add
	  esxGetCapabilities()

	ESX simplify SOAP request and response handling
	* src/esx/esx_vi.[ch]: convert esxVI_RemoteRequest_Execute() to a
	  simpler esxVI_Context_Execute() version, remove esxVI_RemoteRequest
	  and convert esxVI_RemoteResponse to esxVI_Response
	* src/esx/esx_vi_methods.c: update and simplify callers to use
	  esxVI_Context_Execute() instead of esxVI_RemoteRequest_Execute()

	ESX use virXPathNode*() to simplify XPath handling
	* src/esx/esx_vi.[ch]: use virXPathNode*() in
	  esxVI_RemoteRequest_Execute() and remove
	  esxVI_RemoteResponse_DeserializeXPathObject*()
	* src/esx/esx_vi_methods.c: update callers to use the new syntax of
	  esxVI_RemoteRequest_Execute()

	ESX: make esxVI_GetVirtualMachineIdentity() robust
	* src/esx/esx_driver.c: add configStatus to the requested properties
	  to check it in esxVI_GetVirtualMachineIdentity()
	* src/esx/esx_vi.[ch]: add esxVI_GetManagedEntityStatus()
	  and use it in esxVI_GetVirtualMachineIdentity()
	* src/esx/esx_vi_types.[ch]: add VI type esxVI_ManagedEntityStatus

2009-09-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX: Fix VMX path parsing and URL encoding
	* src/esx/esx_driver.c: handle spaces in VMX file path and use a
	  virBuffer to encode spaces correctly in the resulting URL
	* src/esx/esx_vi.c: include the URL in the error message in case
	  of a download error

2009-09-04  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox add Storage Volume support
	* src/vbox/vbox_driver.c src/vbox/vbox_tmpl.c: adds the driver for
	  storage volumes

2009-09-04  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Fix several memory leaks
	* src/domain_conf.c src/network_conf.c src/qemu_conf.c
	  src/storage_backend_fs.c: various problems spotted by valgrind
	  through libvirt code

2009-09-04  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox driver cleanups
	* src/vbox/vbox_tmpl.c: a bit of cleanup

2009-09-04  Laine Stump  <laine@laine.org>

	Minor comment changes
	* src/libvirt.c: fix some minor grammer (and one other) nits in comments
	  that end up in generated API reference documentation

	Fix a memory leak in virsh
	* src/virsh.c: cmdNodeDeviceDumpXML wasn't freeing
	  virNodeDeviceGetXMLDesc() return string

2009-09-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix ID field in virDomainPtr after starting Xen VM
	* src/xend_internal.c: Lookup guest after starting persistent
	  config in order to refresh the domain ID field

2009-09-04  Daniel Veillard  <veillard@redhat.com>

	PHYP driver cleanups
	* libvirt.spec.in: activate phyp and fix the BuildDep to libssh2-devel
	* src/phyp/phyp_driver.c: fix a debug macro to use the normal logging API

2009-09-04  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	Switch Power Hypervisor to libssh2
	* configure.in src/Makefile.am: change detection and flags
	* src/phyp/phyp_driver.c src/phyp/phyp_driver.h: connection now
	  need to be done as part of the driver code, cleaned up by DV

2009-09-04  Chris Lalancette  <clalance@redhat.com>

	Allow libvirtd to RPC to external libvirtd
	* src/remote_internal.c: in remoteOpen() allow the daemon itself to make
	  RPCs to an external libvirtd, but only if the URI is fully specified.

2009-09-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix memory leak of monitor character device
	* src/qemu_driver.c: Free the vm->monitor_chr field at VM shutdown.
	  Unlink the UNIX domain socket at VM shutdown to avoid littering
	  FS with old sockets

	Automatically set correct ownership of QEMU state directories
	* src/qemu_driver.c: Change ownership of /var/{lib,cache}/libvirt/qemu
	  to match user/group that QEMU VMs are configured to run as.

	Move QEMU monitor socket in /var/lib/libvirt/qemu
	Separate the guest created QEMU monitor socket location
	from the libvirtd create XML / PID data files, to improve
	security separation when running QEMU non-root
	* libvirt.spec.in: Leave /var/run/libvirt/qemu as root:root
	* src/qemu_conf.h: Add libDir and cacheDir directory paths
	* src/qemu_driver.c: Move QEMU monitor socket from
	  stateDir to libDir to avoid making security critical directory
	  accessible to QEMU guests.
	* src/util.c: Delay running hook till after damonizing to
	  ensure pidfile is still written before changing UID/GID

	Avoid polling on FDs with no events enabled
	If a file descriptor with events=0 was added to the libvirtd
	event loop, it would still be added to the poll() fds' array.
	While it wouldn't see any POLLIN/OUT events, it'd still get
	triggered for HANGUP/ERROR events which was not in compliance
	with the libvirt events API contract.
	* qemud/event.c: Don't poll on FDs with events=0
	* tests/eventtest.c: Add test case to validate fix to event.c

2009-09-04  Jim Meyering  <meyering@redhat.com>

	xen_internal.c: remove two unused local variables
	* src/xen_internal.c (xenHypervisorSetSchedulerParameters): Remove
	set-but-never-used local variables, cap_set and weight_set.

2009-09-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx_vi: return -1 upon failure, as intended
	* src/esx/esx_vi.c (esxVI_Enumeration_Deserialize): Fix
	reversed goto and result=-1 statements.

2009-09-04  Jim Meyering  <meyering@redhat.com>

	python: let libvirt_virConnectDomainEventCallback indicate success
	* python/libvir.c (libvirt_virConnectDomainEventCallback): Return 0
	when successful, rather than always returning -1.
	clang flagged this function for its dead-store of "ret=0".
	Once "ret" was set to 0, it was never used, and
	the function would always return -1.

	mdns.c: remove dead initialization
	* qemud/mdns.c (libvirtd_mdns_client_callback): Remove dead
	initialization.

	node_device_conf.c: remove dead initialization
	* src/node_device_conf.c (virNodeDeviceDefFormat): Remove dead
	initialization.

	openvz_conf.c: don't use undefined local, "net"
	* src/openvz_conf.c (openvzReadNetworkConf): Initialize "net".
	Otherwise, upon openvzRead... failure, we would "goto error;"
	where an uninitialized "net" could be dereferenced.

	test.c: don't use undefined local, "def"
	* src/test.c (testOpenVolumesForPool): Upon early virAsprintf or
	virXPathNodeSet failure, "goto error" would take us to
	virStorageVolDefFree(def), but with "def" not defined.
	Initialize it to NULL.

	uml_conf.c: don't return an uninitialized pointer
	* src/uml_conf.c (umlBuildCommandLineChr): Initialize "ret".

	storage_backend.c: assure clang that inputvol can't be NULL
	* src/storage_backend.c: Include "internal.h".
	(virStorageBackendCopyToFD): Mark inputvol parameter as "nonnull".
	Remove test for non-NULL inputvol.  Both callers ensure it's non-NULL.

	libvir.c: avoid NULL dereference in virStoragePoolSetAutostart
	* src/libvirt.c (virStoragePoolSetAutostart): Return -1 if the pool
	argument is invalid, rather than "goto error" where we could dereference
	that possibly-NULL "pool".
	(virConnectFindStoragePoolSources): Likewise.
	(virConnectNumOfDomains): Likewise.
	Daniel P. Berrange spotted that the two latter functions
	needed the same treatment.

	remote_internal.c: appease clang
	* src/remote_internal.c (remoteNetworkOpen): Mark "conn" parameter
	as non-NULL.  Remove now-unnecessary "conn == NULL" test.
	(remoteDevMonOpen): Likewise.
	(remoteSecretOpen): Likewise.
	(remoteStorageOpen): Likewise.
	(remoteInterfaceOpen): Likewise.

	infra: define ATTRIBUTE_NONNULL to mark non-NULL parameters
	* src/internal.h (ATTRIBUTE_NONNULL): Define.

	lxc: don't unlink(NULL) in main
	* src/lxc_controller.c (main): Unlink sockpath only if it's non-NULL.

	lxc: avoid NULL dereference upon getmntent failure
	* src/lxc_container.c (lxcContainerUnmountOldFS): Don't pass
	a NULL pointer to qsort.

	storage_conf.c: avoid overflow upon use of "z" or "Z" (zebi) suffix
	* src/storage_conf.c (virStorageSize): Don't try to compute 1024^7,
	since it's too large for a 64-bit type.

	storage_backend_fs: avoid NULL dereference on opendir failure
	* src/storage_backend_fs.c (virStorageBackendFileSystemRefresh):
	Don't call closedir on a NULL pointer.

2009-09-03  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox cleanup and update of networking shutdown
	* src/vbox/vbox_tmpl.c: merged vboxNetworkUndefine() and
	  vboxNetworkDestroy() and added code to handle multiple hostonly
	  interfaces.

	VBox cleanup and update of networking XML functions
	* src/vbox/vbox_tmpl.c: merged vboxNetworkCreateXML() and
	  vboxNetworkDefineXML() and added code to handle multiple hostonly
	  interfaces.

2009-09-03  Daniel P. Berrange  <berrange@redhat.com>

	Add support for setting disk drive serial numbers
	* docs/schemas/domain.rng: Add <serial> element to disks
	* src/domain_conf.h, src/domain_conf.c: XML parsing and
	  formatting for disk serial numbers
	* src/qemu_conf.c: Set serial number when launching guests
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-shared.args,
	  tests/qemuxml2argvdata/qemuxml2argv-disk-drive-shared.xml: Add
	  serial number to XML test

	Support configuration of huge pages in guests
	Add option to domain XML for
	     <memoryBacking>
	        <hugepages/>
	     </memoryBacking>
	* configure.in: Add check for mntent.h
	* qemud/libvirtd_qemu.aug, qemud/test_libvirtd_qemu.aug, src/qemu.conf
	  Add 'hugetlbfs_mount' config parameter
	* src/qemu_conf.c, src/qemu_conf.h: Check for -mem-path flag in QEMU,
	  and pass it when hugepages are requested.
	  Load hugetlbfs_mount config parameter, search for mount if not given.
	* src/qemu_driver.c: Free hugetlbfs_mount/path parameter in driver shutdown.
	  Create directory for QEMU hugepage usage, chowning if required.
	* docs/formatdomain.html.in: Document memoryBacking/hugepages elements
	* docs/schemas/domain.rng: Add memoryBacking/hugepages elements to schema
	* src/util.c, src/util.h, src/libvirt_private.syms: Add virFileFindMountPoint
	  helper API
	* tests/qemuhelptest.c: Add -mem-path constants
	* tests/qemuxml2argvtest.c, tests/qemuxml2xmltest.c: Add tests for hugepage
	  handling
	* tests/qemuxml2argvdata/qemuxml2argv-hugepages.xml,
	  tests/qemuxml2argvdata/qemuxml2argv-hugepages.args: Data files for
	  hugepage tests

	Fix misc OOM bugs
	* tests/testutils.c: Run test function twice, once to prime it for
	  static allocations, once to count the non-static allocations.
	* tests/testutilsqemu.c: Initialize variable correctl
	* src/capabilities.c: Don't free machines variable upon failure
	  since caller must do that
	* src/xm_internal.c: Add missing check for OOM in building VIF
	  config param

2009-09-03  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox support for defining/dumping video devices
	* src/vbox/vbox_tmpl.c: add setting of video and acceleration in
	  VBox driver, and the ability to save this back for serialization

	Generic parsing support for video acceleration
	* docs/schemas/domain.rng: augment the video model with an optional
	  acceleration element with optional accel2d and accel3d flags
	* src/domain_conf.c src/domain_conf.h: exten the virDomainVideoDef
	  structure with an optional accel field, virDomainVideoAccelDefParseXML
	  and virDomainVideoAccelDefFormat functions to parse and serialize
	  the structure.

2009-09-02  Chris Lalancette  <clalance@redhat.com>

	Fix bugs in virDomainMigrate v2 code.
	Paolo Bonzini points out that in my refactoring of the code for
	virDomainMigrate(), I added a check for the return value from
	virDomainMigratePerform().  The problem is that we don't want to
	exit if we fail, we actually want to go on and do
	virDomainMigrateFinish2() with a non-0 return code to clean things
	up.  Remove the check.
	While reproducing this issue, I also noticed that we wouldn't
	always properly propagate an error message.  In particular, I
	found that if you blocked off the migration ports (with iptables)
	and then tried the migration, it would actually fail but we would
	get no failure output from Qemu.  Therefore, we would think we
	succeeded, and leave a huge mess behind us.  Execute the monitor
	command "info migrate", and look for a failure string in there
	as well.

2009-09-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	VMware ESX: Don't warn on some query parameter
	* src/esx/esx_util.c: esxUtil_ParseQuery() warns if a known query
	  parameter should be ignored due to the corresponding char/int pointer
	  being NULL, instead of silently ignoring it. Fix the control flow.

	VMware ESX: Allow ethernet address type 'vpx'
	* src/esx/esx_vmx.c: add an extra type of addressType beside 'static'
	  and 'generated', 'vpx' indicates that the MAC address was generated
	  by a vCenter.

2009-09-02  Daniel P. Berrange  <berrange@redhat.com>

	Don't blindly reorder disk drives
	Calling qsort() on the disks array causes disk to be
	unneccessarily re-ordered, potentially breaking the
	ability to boot if the boot disk gets moved later in
	the list. The new algorithm will insert a new disk as
	far to the end of the list as possible, while being
	ordered correctly wrt other disks on the same bus.
	* src/domain_conf.c, src/domain_conf.h: Remove disk sorting
	  routines. Add API to insert a disk into existing list at
	  the optimal position, without resorting disks
	* src/libvirt_private.syms: Export virDomainDiskInsert
	* src/xend_internal.c, src/xm_internal.c: Remove calls to
	  qsort, use virDomainDiskInsert instead.
	* src/qemu_driver.c: Remove calls to qsort, use virDoaminDiskInsert
	  instead. Fix reordering bugs when hotunplugging disks and
	  networks. Fix memory leak in disk/net unplug

2009-09-02  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Support for getting/setting number of cpus in VBox
	* src/vbox/vbox_tmpl.c: adds support for getting/setting number of cpus

2009-09-02  Daniel P. Berrange  <berrange@redhat.com>

	Misc fixes to secrets API code
	* proxy/Makefile.am: Build storage_encryption_conf.c since its a
	  dependancy of domain_conf.c
	* src/storage_encryption_conf.c: Disable XML parsing APis when
	  build under proxy
	* src/test.c: Add a dummy no-op secrets driver for test suite

	Only add glusterfs dep for Fedora >= 11
	* libvirt.spec.in: Conditionalize glusterfs requires line for
	  Fedora >= 11, since other distros don't have it available

	Remove redundant base64 include file
	* src/storage_encryption_conf.c: Remove base64.h

	Add Miloslav Trmač to AUTHORS file

2009-09-02  Miloslav Trmač  <mitr@redhat.com>

	Make handling of monitor prompts more general.
	* src/qemu_driver.c: Support arbitrary callbacks for "secondary
	  prompts".  Reimplement qemudMonitorCommandExtra using such a
	  callback.

	Don't assume buffered output echoes the command.
	The if ((nlptr...)) implicitly assumes commptr != NULL (and that "buf"
	starts with "cmd").  Make the assumption explicit, it will be broken in
	a future patch.
	* src/qemu_driver.c: Don't assume buffered monitor output echoes the
	  command.

	Attach encryption information to virDomainDiskDef.
	The XML allows <encryption format='unencrypted'/>, this implementation
	canonicalizes the internal representation so that "disk->encryption" is
	non-NULL iff encryption information is available.
	A domain with partial encryption information can be defined,
	completeness of the information is not verified.  The domain won't
	start until the remaining information is added, of course.
	* docs/formatdomain.html, docs/formatdomain.html.in: Document
	  new encryption options for disks
	* docs/schemas/domain.rng: Pull in storage encryption schema
	  rules
	* src/domain_conf.h, src/domain_conf.c: Wire up storage encryption
	  XML parsing/formatting APIs

	Add support for encrypted (qcow) volume creation.
	Supports only virStorageVolCreateXML, not virStorageVolCreateXMLFrom.
	Curiously, qemu-img does not need the passphrase for anything to create
	an encrypted volume.  This implementation thus does not need to touch
	any secrets to work with cooperating clients.  More generic passphrase
	handling is added in the next patch.
	* src/storage_backend.c: Request encryption when creating qcow/qcow2
	  files
	* src/storage_backend_disk.c, src/storage_backend_fs.c,
	  src/storage_backend_logical.c: Refuse to create volumes with
	  encryption params set.

	Recognize encryption format of qcow volumes.
	(The implementation is not very generic, but that can be very
	easily rectified if/when new encryption formats appear.)
	* src/storage_backend_fs.c: Probe for qcow/qcow2 encryption
	  algorithm field

	Attach encryption information to virStorageVolDef.
	The XML allows <encryption format='unencrypted'/>, this implementation
	canonicalizes the internal representation so that "vol->encryption" is
	non-NULL iff the volume is encrypted.
	Note that partial encryption information (e.g. specifying an encryption
	format, but not the key/passphrase) is valid, libvirt will automatically
	choose value for the missing information during volume creation.  The
	user can read the volume XML, and use the unmodified <encryption> tag in
	future operations (without having to be able to understand) its contents.
	* docs/formatstorage.html, docs/formatstorage.html.in: Document
	  storage volume encryption options
	* src/storage_conf.c, src/storage_conf.h: Hook up storage
	  encryption XML handling
	* tests/storagevolschemadata/vol-qcow2.xml: Test case for encryption
	  schema changes

	Add volume encryption information handling.
	Define an <encryption> tag specifying volume encryption format and
	format-depenedent parameters (e.g. passphrase, cipher name, key
	length, key).
	Currently the only defined parameter is a reference to a "secret"
	(passphrase/key) managed using the virSecret* API.
	Only the qcow/qcow2 encryption format, and a "default" format used to
	let libvirt choose the format during volume creation, is currently
	supported.
	This patch does not add any users; the <encryption> tag is added in
	the following patches to both volumes (to support encrypted volume
	creation) and domains.
	* docs/*.html: Re-generate
	* docs/formatstorageencryption.html.in, docs/sitemap.html.in:
	  Add page describing storage encryption data format
	* docs/schemas/Makefile.am, docs/schemas/storageencryption.rng:
	  Add RNG schema for storage encryption format
	* po/POTFILES.in: Add src/storage_encryption_conf.c
	* src/libvirt_private.syms: Export virStorageEncryption* functions
	* src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal
	  helper APIs for dealing with storage encryption format
	* libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng
	  RNG schema

	Secret manipulation API docs refresh & wire up python generator
	Sample session:
	>>> import libvirt
	>>> c = libvirt.open('qemu:///session')
	>>> c.listSecrets()
	['12247729-47d2-a783-88ce-b329d4781cd3', 'reee', 'abc']
	>>> s = c.secretDefineXML("<secret ephemeral='no' private='no'>\n<description>Something for use</description>\n<volume>/foo/bar</volume>\n</secret>\n")
	>>> s.UUIDString()
	'340c2dfb-811b-eda8-da9e-25ccd7bfd650'
	>>> s.XMLDesc()
	"<secret ephemeral='no' private='no'>\n  <uuid>340c2dfb-811b-eda8-da9e-25ccd7bfd650</uuid>\n  <description>Something for use</description>\n  <volume>/foo/bar</volume>\n</secret>\n"
	>>> s.setValue('abc\0xx\xffx')
	0
	>>> s.value()
	'abc\x00xx\xffx'
	>>> s.undefine()
	0
	* python/generator.py: Add rules for virSecret APIs
	* python/libvir.c, python/libvirt-python-api.xml: Manual impl of
	  virSecretSetValue, virSecretGetValue$ and virConnectListSecrets APIs
	* python/libvirt_wrap.h, python/types.c: Wrapper for virSecret objects
	* docs/libvirt-api.xml, docs/libvirt-refs.xml,
	  docs/html/libvirt-virterror.html, docs/html/libvirt-libvirt.html,
	  docs/devhelp/libvirt-virterror.html, docs/devhelp/libvirt-libvirt.html:
	  Re-generate with 'make api'

	Secret manipulation remote client
	* src/remote_internal.c: Implement client binding for new secrets
	  APIs
	* src/datatypes.h: Add 'void *secretPrivateData' to virConnectPtr
	  struct

	Secret manipulation libvirtd wire protocol & remote dispatcher
	* qemud/remote_protocol.x: Define wire protocol for secrets public
	  APIs
	* qemud/remote_protocol.h, qemud/remote_protocol.c,
	  qemud/remote_dispatch_table.h, qemud/remote_dispatch_ret.h,
	  qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_args.h:
	  Re-generate from updated protocol definition
	* qemud/remote.c: Implement RPC dispatchers for new secrets APIs

	Secret manipulation public API implementation
	* include/libvirt/virterror.h, src/virterror.c: Add VIR_ERR_INVALID_SECRET
	  and VIR_FROM_SECRET
	* src/libvirt.c: Define stubs for every new public API

	Secret manipulation internal API
	* include/libvirt/virterror.h, src/virterror.c: Add VIR_WAR_NO_SECRET
	* src/libvirt_private.syms, src/datatypes.h, src/datatypes.c: Type
	  virSecret struct definition and helper APIs
	* src/driver.h: Sub-driver API definitions for secrets
	* src/libvirt.c: Define new sub-driver for secrets

	Secret manipulation public API
	This patch adds a "secret" as a separately managed object, using a
	special-purpose API to transfer the secret values between nodes and
	libvirt users.
	* docs/schemas/secret.rng, docs/schemas/Makefilem.am: Add new
	  schema for virSecret objects
	* docs/*html: Re-generated
	* docs/formatsecret.html.in, docs/sitemap.html.in: Add page
	  describing the virSecret XML schema
	* include/libvirt/libvirt.h.in: Define the new virSecret public
	  API
	* src/libvirt_public.syms: Export symbols for new public APIs
	* mingw32-libvirt.spec.in, libvirt.spec.in: Add secret.rng to
	  files list

2009-09-01  Daniel Veillard  <veillard@redhat.com>

	Update chinese, polish and spanish localizations
	* po/*: and update the po set

2009-09-01  Charles Duffy  <charles@dyfis.net>

	support lzop save compression for qemu
	Per prior discussion -- this was, indeed, trivial.
	I'm a little disappointed to be breaking the ordering characteristics of
	the enum (as it had been ordered by increasing time requirements and
	decreasing output size), but breaking any save files with the old
	constants in the headers would of course be worse.
	>From 2a9cdcfc88de091a8d34aa3fc3b1208d7681790e Mon Sep 17 00:00:00 2001
	From: Charles Duffy <Charles_Duffy@dell.com>
	Date: Fri, 28 Aug 2009 11:49:54 -0500
	Subject: [PATCH] support lzop save compression for qemu
	One of the larger disincentives towards use of compression for migrated-out save
	files is performance impact. This patch adds support for lzop; CPU time for
	compression is about 5x faster than gzip (the next most performant algorithm)
	and decompression is about 3x faster.

2009-09-01  Chris Lalancette  <clalance@redhat.com>

	OpenVZ: accept NULL as type for GetMaxVCPUs.
	All of the other drivers that support the getMaxVcpus callback
	also accept a NULL value for type.  Make openvz also accept a
	NULL value.

	Remove use of strncpy in qemudExtractMonitorPath.
	qemudExtractMonitorPath() was doing a VIR_ALLOC_N followed by a
	strncpy.  However, this isn't necessary; we can do the same thing
	using strndup, which is much safer.

	Fix up virNodeGetCellsFreeMemory
	The documentation for virNodeGetCellsFreeMemory claims the values
	returned are in kilobytes, but that's actually wrong; the value
	returned is actually in bytes.  Fix up the documentation to be
	correct.

2009-08-30  Jim Fehlig  <jfehlig@novell.com>

	Fix sexpr2string() to handle empty list.
	S-expression containing empty lists, e.g. (cpus (() () () ())),
	was not being handled properly in sexpr2string() serialization.
	Emit an empty list when encountering NIL sexpr kind.

2009-08-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix driver entry table for UML numa APIs
	* src/uml_driver.c: Fix numa API driver entries to avoid
	  infinite loop

2009-08-28  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Fix crash in virsh vol-key command
	* src/virsh.c: Pass in pool object to avoid crash in key lookup

2009-08-26  Daniel P. Berrange  <berrange@redhat.com>

	Refactor policycode auth code to avoid compiler warnings
	* src/remote_internal.c: Split remoteAuthPolkit into separate
	  impls for v0 and v1 to avoid compile warnings due to unused
	  variables/params
	* qemud/remote.c: Remove accidental tabs

2009-08-25  Daniel P. Berrange  <berrange@redhat.com>

	Support new PolicyKit 1.0 API
	* configure.in: Check for pkcheck which indicates new policykit
	* qemud/Makefile.am: Install different versions of policy
	* qemud/libvirtd.policy: Rename to libvirtd.policy-0
	* qemud/libvirtd.policy-1: new style policy
	* qemud/qemud.c, qemud/qemud.h, qemud/remote.c: Support new
	  policykit API via external pkcheck helper
	* src/remote_internal.c: Don't prompt for polkit auth with new
	  policykit API
	* libvirt.spec.in: deal with new policy install locations & deps

2009-08-21  Darryl L. Pierce  <dpierce@redhat.com>

	517157 fix selinux problem with images on NFS
	* src/security_selinux.c: ignores EOPNOTSUPP when attempting to access an
	  NFS share

2009-08-21  Mark McLoughlin  <markmc@redhat.com>

	spec file: add URL to Source tag
	See https://fedoraproject.org/wiki/Packaging:SourceURL

2009-08-20  Mattias Bolte  <matthias.bolte@googlemail.com>

	Fix phypOpen() escape_specialcharacters
	Matthias correctly points out that escape_specialcharaters() takes a
	length, and since we are now malloc()'ing string in phypOpen instead of
	making it a static array, we can't use sizeof(string) anymore.  Calculate
	the proper strlen and then use that both to allocate the string and also
	pass it to escape_specialcharacters().

	Power Hypervisor: fix potential segfault
	I came across this line in the phypOpen function:
	char string[strlen(conn->uri->path)];
	Here the path part of the given URI is used without checking it for
	NULL, this can cause a segfault as strlen expects a string != NULL.
	Beside that uuid_db and connection_data leak in case of an error.
	In this line
	conn->uri->path = string;
	the original path of the URI leaks. The patch adds a VIR_FREE call
	before setting the new path.
	The attached patch is compile-tested but I don't have a Power
	Hypervisor installation at hand to test it for real.
	Matthias

2009-08-20  Chris Lalancette  <clalance@redhat.com>

	Small fixes for qemu save compression.
	Fix up a small memory leak pointed out by DanB; I was forgetting
	to release memory allocated to driver->saveImageFormat.
	Also add the "save_image_format" and "security" entries to
	the augeas lens.

2009-08-20  Daniel P. Berrange  <berrange@redhat.com>

	Add test for recently fixed crash with latest XenD
	Test case for the fix applied in
	  commit 14435163a086c0bcdff04308077fa46a5fa08bb0
	  Author: Daniel Veillard <veillard@redhat.com>
	  Date:   Fri Jun 26 18:14:16 2009 +0000
	* tests/sexpr2xmldata/sexpr2xml-pv-vfb-type-crash.sexpr,
	  tests/sexpr2xmldata/sexpr2xml-pv-vfb-type-crash.xml: Data
	  files exhibiting the crash
	* tests/sexpr2xmltest.c: Process new data files

	Fix some typos & remove unhelpful acronyms in QEMU docs

2009-08-19  Daniel P. Berrange  <berrange@redhat.com>

	Add documentation about the QEMU driver security features
	* docs/drvqemu.html.in: Document DAC usage, SELinux integration,
	  Linux capabilities, and Cgroups device ACLs

2009-08-18  Mark McLoughlin  <markmc@redhat.com>

	Fix bridge/tap system error reporting
	* src/qemu_conf.c, src/uml_conf.c: use virReportSystemError() to report
	  system errors

	Don't expose 'vnet%d' to the user
	https://bugzilla.redhat.com/517371
	Matt Booth points out that if you use a non-existent bridge name when
	start a guest you get a weird error message:
	  Failed to add tap interface 'vnet%d' to bridge 'virbr0'
	and dev='vnet%d' appears in the dumpxml output.
	Fix that by not including 'vnet%d' in the error message and freeing the
	'vnet%d' string if adding the tap device to the bridge fails.
	* src/qemu_conf.c, src/uml_conf.c: fix qemudNetworkIfaceConnect()
	  and umlConnectTapDevice() to not expose 'vnet%d' to the user

	Maintain a list of active PCI hostdevs and use it in pciResetDevice()
	As we start/shutdown guests, or hotplug/hot-unplug devices, we can add
	or delete devices as appropriate from a list of active devices.
	Then, in pciReset(), we can use this to determine whether its safe to
	reset a device as a side effect of resetting another device.
	* src/qemu_conf.h: add activePciHostdevs to qemud_driver
	* src/qemu_driver.c: maintain the activePciHostdevs list, and pass it
	  to pciResetDevice()
	* src/pci.[ch]: pass the activeDevs list to pciResetDevice() and use
	  it to determine whether a Secondary Bus Reset is safe

	Simplify PCI hostdev prepare/re-attach using a pciDeviceList type
	The qemuPrepareHostDevices() and qemuDomainReAttachHostDevices()
	functions are clutter with a bunch of calls to pciGetDevice() and
	pciFreeDevice() obscuring the basic logic.
	Add a pciDeviceList type and add a qemuGetPciHostDeviceList() function
	to build a list from a domain definition. Use this in prepare/re-attach
	fto simplify things and eliminate the multiple pciGetDevice calls.
	This is especially useful because in the next patch we need to iterate
	the hostdevs list a third time and we also need a list type for keeping
	track of active devices.
	* src/pci.[ch]: add pciDeviceList type and also a per-device 'managed'
	  property
	* src/libvirt_private.syms: export the new functions
	* src/qemu_driver.c: add qemuGetPciHostDeviceList() and re-write
	  qemuPrepareHostDevices() and qemuDomainReAttachHostDevices() to use it

	Use pci_addr=auto with QEMU's pci_add monitor command
	Newer versions of QEMU accept 'pci_add auto', but older versions require
	'pci_add pci_addr=auto'
	* src/qemu_driver.c: use pci_addr= in qemudDomainAttachHostPciDevice()
	  for older versions of QEMU

	Fix thinko in PCI hostdev detach
	* src/qemu_driver.c: Add missing break statement in
	  qemudDomainDetachHostDevice()

	Reset PCI host devices after hot-unplug
	When we hot-unplug a PCI host device from a guest, we should reset it.
	Both managed and unmanaged devices should be reset, but only managed
	devices should be re-attached.
	* src/qemu_driver.c: reset devices in qemudDomainDetachHostPciDevice()

	Reset unmanaged PCI host devices before hotplug
	Right now we're only resetting managed devices before hotplug, but we
	should reset them irrespective of whether they are managed.
	* src/qemu_driver.c: reset all PCI hostdevs before hotplug

	Revert changes to allow pciResetDevice() reset multiple devices
	It turns out that the previous attempt at this doesn't work well
	in the case of hotplug. We need qemuCheckPciHostDevice() to
	disallow the reset affecting devices already attach to the guest,
	but we still need to avoid double locking the virDomainObjPtr.
	This is all getting messy, I've a better idea.
	This reverts commit 6318808270dd7679cd5dc082dcf2c7d85a432bd6 and
	c106c8a18c63d9e4f2547724a4a563706f8f6778.
	* src/qemu_driver.c, src/pci.[ch], src/xen_unified.c,
	  src/libvirt_private.syms: revert a bunch of stuff.

	Fix list updating after disk/network/hostdev hot-unplug
	The current code makes a poor effort at updating the device arrays after
	hot-unplug. Fix that and combine the two code paths into one.
	* src/qemu_driver.c: fix list updating in qemudDomainDetachNetDevice(),
	  qemudDomainDetachPciDiskDevice() and qemudDomainDetachHostPciDevice()

	Re-name remote_internal.c:driver to remote_driver
	Confused me when poking at another 'driver' variable in gdb which gcc
	had optimized away
	* src/remote_internal.c: rename driver to remote_driver

	Cosmetic change to 'virsh nodedev-list --tree' output
	Maybe it's just me, but I try to select an item from the tree using
	double-click and get annoyed when "+-" gets included in the selection.
	* src/virsh.c: add a space between "+-" and the node device name
	  in 'virsh nodedev-list --tree'

2009-08-18  Chris Lalancette  <clalance@redhat.com>

	Fix up connection reference counting.
	Currently the reference counting for connections is busted.  I
	first noticed it while trying to use virConnectRef; it would
	eventually cause a crash in the remote_internal driver, although
	that was really just a victim.  Really, we should only call the
	close callbacks on the methods when the references drop to 0.  To
	accomplish this, move all of the close callbacks into
	virUnrefConnect (since there are lots of internal users of that
	function), and arrange for virConnectClose to call that.
	V2: Make sure to drop the connection lock before we call the close
	    callbacks, otherwise we could deadlock the daemon
	V3: Fix up a crash when we got an error from one of the drivers

2009-08-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix LXC driver crash when kernel doesn't support clone
	* src/domain_conf.c: Make virDomainObjListFree a no-op if list
	  is NULL
	* src/domain_event.c: make virDomainEventCallbackListFree a no-op
	  if event list is NULL
	* src/lxc_driver.c: Log a message if LXC driver does not startup
	  due to lacking kernel support

2009-08-17  Chris Lalancette  <clalance@redhat.com>

	Compressed save image format for Qemu.
	Implement a compressed save image format for qemu.  While ideally
	we would have the choice between compressed/non-compressed
	available to the libvirt API, unfortunately there is no "flags"
	parameter to the virDomainSave() API.  Therefore, implement this
	as a qemu.conf option.  gzip, bzip2, and lzma are implemented, and
	it should be very easy to implement additional compression
	methods.
	One open question is if/how we should detect the compression
	binaries.  One way to do it is to do compile-time setting of the
	paths (via configure.in), but that doesn't seem like a great thing
	to do.  My preferred solution is not to detect at all;
	when we go to run the commands that need them, if they
	aren't available, or aren't available in one of the standard paths,
	then we'll fail.  That's also the solution implemented in this patch.
	In the future, we'll have a more robust (managed) save/restore API,
	at which time we can expose this functionality properly in the API.
	V2: get rid of redundant dd command and just use >> to append data.
	V3: Add back the missing pieces for the enum and bumping the save version.
	V4: Make the compressed field in the save_header an int.
	    Implement LZMA compression.

2009-08-14  Daniel P. Berrange  <berrange@redhat.com>

	Remove 'the the' typo in docs

2009-08-14  Mark McLoughlin  <markmc@redhat.com>

	Check active domain hostdevs before allowing PCI reset
	If a PCI device reset causes other devices to be reset, allow it so long
	as those other devices are note assigned to another active domain.
	Note, we need to take the driver lock qemudNodeDeviceReset() because the
	check function will iterate over the domain list.
	* src/qemu_conf.c: add qemuCheckPciHostDevice() to iterate over active
	  domains checking whether the affected device is assigned
	* src/pci.[ch]: add pciDeviceEquals() helper

	Allow pciResetDevice() to reset multiple devices
	When using a Secondary Bus Reset, all devices on the bus are reset.
	Extend the pciResetDevice() API so that a 'check' callback can be
	supplied which will verify that it is safe to reset the other devices
	on the bus.
	The virDomainObjPtr parameter is needed so that when the check function
	iterates over the domain list, it can avoid double locking.
	* src/pci.[ch]: add a 'check' callback to pciResetDevice(), re-work
	  pciIterDevices() to pass the check function to the iter functions,
	  use the check function in the bus iterator, return the first unsafe
	  device from pciBusCheckOtherDevices() and include its details in
	  the bus reset error message.
	* src/qemu_driver.c, src/xen_uninified.c: just pass NULL as the
	  check function for now

	Improve PCI host device reset error message
	Currently, if we are unable to reset a PCI device we return a fairly
	generic 'No PCI reset capability available' error message.
	Fix that by returning an error from the individual reset messages and
	using that error to construct the higher level error mesage.
	* src/pci.c: set errors in pciTryPowerManagementReset() and
	  pciTrySecondaryBusReset() on failure; use those error messages
	  in pciResetDevice(), or explain that no reset support is available

	Reset and re-attach PCI host devices on guest shutdown
	When the guest shuts down, we should attempt to restore all PCI host
	devices to a sane state.
	In the case of managed hostdevs, we should reset and re-attach the
	devices. In the case of unmanaged hostdevs, we should just reset them.
	Note, KVM will already reset assigned devices when the guest shuts
	down using whatever means it can, so we are only doing it to cover the
	cases the kernel can't handle.
	* src/qemu_driver.c: add qemuDomainReAttachHostDevices() and call
	  it from qemudShutdownVMDaemon()

	Allow PM reset on multi-function PCI devices
	It turns out that a PCI Power Management reset only affects individual
	functions, and not the whole device.
	The PCI Power Management spec talks about resetting the 'device' rather
	than the 'function', but Intel's Dexuan Cui informs me that it is
	actually a per-function reset.
	Also, Yu Zhao has added pci_pm_reset() to the kernel, and it doesn't
	reject multi-function devices, so it must be true! :-)
	(A side issue is that we could defer the PM reset to the kernel if we
	could detect that the kernel has PM reset support, but barring version
	number checks we don't have a way to detect that support)
	* src/pci.c: remove the pciDeviceContainsOtherFunctions() check from
	  pciTryPowerManagementReset() and prefer PM reset over bus reset
	  where both are available
	Cc: Cui, Dexuan <dexuan.cui@intel.com>
	Cc: Yu Zhao <yu.zhao@intel.com>

	Detect KVM's PCI device assignment support
	PCI device assignment is only supported in KVM's fork of qemu, so we
	should really detect its availability and give a nice error if its
	not supported.
	* src/qemu_conf.[ch]: introduce QEMUD_CMD_FLAG_PCIDEVICE indicating
	  that the -pcidevice command line option is available
	* tests/*: update the tests

	Add host PCI device hotplug support
	Attaching a host PCI device to a qemu guest is done with a
	straightforward 'pci_add auto host host=XX:XX.X' command.
	Like with NIC and disk hotplug, we need to retain the guest PCI address
	assigned by qemu so that we can use it for hot-unplug.
	Identifying a device for detach is done using the host PCI address.
	Managed mode is handled by detaching/resetting the device before
	attaching it to the guest and re-attaching it after detaching it from
	the guest.
	* src/qemu_driver.c: add qemudDomainAttachHostPciDevice() and
	  qemudDomainDetachHostPciDevice()
	* src/domain_conf.h: add somewhere to store the guest PCI address
	* src/domain_conf.c: handle formatting and parsing the guest PCI
	  address

	Re-factor hostdev hotplug
	Re-factor the hostdev hotplug code so that we can easily add PCI
	hostdev hotplug to qemudDomainAttachHostDevice().
	* src/qemu_driver.c: rename qemudDomainAttachHostDevice() to
	  qemudDomainAttachHostUsbDevice(); make qemudDomainAttachHostDevice()
	  handle all hostdev types
	* src/libvirt_private.syms: export a couple of hostdev related
	  ToString() functions

2009-08-13  Daniel P. Berrange  <berrange@redhat.com>

	Make LXC / UML drivers robust against NUMA topology brokenness
	Some kernel versions expose broken NUMA topology for some machines.
	This causes the LXC/UML drivers to fail to start. QEMU driver was
	already fixed for this problem
	* src/lxc_conf.c: Log and ignore failure to populate NUMA info
	* src/uml_conf.c: Log and ignore failure to populate NUMA info
	* src/capabilities.c: Reset nnumaCell to 0 after freeing

2009-08-11  Mark McLoughlin  <markmc@redhat.com>

	Fix some URLs in virsh manpage
	* docs/virsh.pod: don't reference format.html anymore, reference
	  the formatdomain.html etc. pages
	* virsh.1: re-generate

2009-08-11  Chris Lalancette  <clalance@redhat.com>

	Remove a duplicated assignment in Xen PCI parsing.

	Fix up a few minor indentation issues.

	Fix phyp escape_specialcharacters.
	A couple of minor fixes to phyp escape_specialcharacters.  Make it
	a static function (since it's only used in phyp/phyp_driver.c), and
	make it take a dstlen parameter.  This paves the way for removing
	strncpy in the future.

	Make openvzGetVPSUUID take a len.
	Minor fix to openvzGetVPSUUID to make it take a length parameter.
	This ensures that it doesn't make assumptions about the length
	of the UUID buffer, and paves the way for removal of strncpy in
	the future.

	Minor cleanup of error path for c_oneVmInfo.

	Fix up a whitespace in comments in src/console.c

	Fix up a stray whitespace in virHashGrow.

	Run 'cont' on successful migration finish.
	As of qemu 0.10.6, qemu now honors the -S flag on incoming migration.
	That means that when the migration completes, we have to issue a
	'cont' command to get the VM running again.  We do it unconditionally
	since it won't hurt on older qemu.

	Split virDomainMigrate into functions.
	Re-factor virDomainMigrate to split out the version 1 and version 2
	protocols into their own functions.  In reality, the two versions share
	very little in common, so forcing them together in the same function was
	just confusing.  This will also make adding tunnelled migration easier.

	Fix QEMU domain status after restore.
	When doing a restore, we were forgetting to update the state file
	for the VM.  That means that if you do a save/restore, then shut
	down libvirtd, then start it back up, you'll see the state of the
	guest as "paused", even though it is really running.  We were
	just forgetting a "virDomainSaveStatus" call in the restor path.

2009-08-10  Mark McLoughlin  <markmc@redhat.com>

	Handle kernels with no ipv6 support
	If the ipv6 kernel module is not loaded, then we get this when starting
	a virtual network:
	  libvir: Network Config error :
	  cannot enable /proc/sys/net/ipv6/conf/virbr0/disable_ipv6:
	  No such file or directory
	If disable_ipv6 is not present, we should just merrily continue on our
	way.
	* src/network_driver.c: make networkDisableIPV6() not fail if the kernel
	  has no ipv6 support

	Set perms on /var/lib/libvirt/boot to 0711
	Allow qemu user to open kernel/initrds in this dir, but still prevent
	others from listing it.
	* libvirt.spec.in: set /var/lib/libvirt/boot perms to 0711

	chown kernel/initrd before spawning qemu
	If we're running qemu unprivileged, we need to chown any supplied kernel
	or initrd before spawning it.
	* src/qemu_driver.c: rename qemuDomainSetDiskOwnership() to
	  qemuDomainSetFileOwnership(), pass it a path string instead of a disk
	  definition and use it for chowning the kernel/initrd in
	  qemuDomainSetAllDeviceOwnership()

2009-08-07  Daniel P. Berrange  <berrange@redhat.com>

	Add link to AbiCloud web management system

2009-08-07  Chris Lalancette  <clalance@redhat.com>

	Remove unsafe strncpy from esx_vmx.c
	While trying to remove uses of unsafe strncpy in the tree, I came
	across a couple of usages in the ESX driver.  To my eyes, the snprintf
	replacements do the same thing in less code, and are also safer.
	Tested-by: Mattias Bolte <matthias.bolte@googlemail.com>

2009-08-06  Amy Griffis  <amy.griffis@hp.com>

	Update logging documentation
	* docs/logging.html[.in] try to include a little more description about
	  the corner cases, things someone might get hung up on on.

	Consolidate code for parsing the logging env
	* src/logging.c src/logging.h src/libvirt_private.syms:
	  define new functions virLogSetFromEnv and virLogParseDefaultPriority
	* qemud/qemud.c src/libvirt.c tests/eventtest.c: cleanup to use the
	  unified functions

	Cleanup VIR_LOG_DEBUG parsing in eventtest
	* tests/eventtest.c: don't covert high priority levels to debug level.
	  Consider an invalid priority level setting a setup failure.

	Several fixes to libvirtd's log setup
	* qemud/qemud.c src/logging.[ch]: Similar as for general libvirt, don't
	  convert high priority levels to debug level. Ignore LIBVIRT_LOG_FILTERS
	  and LIBVIRT_LOG_OUTPUTS when they're set to the empty string, otherwise
	  they can override a valid setting from the config file. Send all
	  settings through the parser functions for validation, so that the
	  existence of a bad setting doesn't nullify a good setting that should
	  have applied -- particularly the default output. Keep the order of
	  precedence consistent for all variables between the environment and
	  the config file.  Warn when an invalid log level, filter, or output
	  is ignored.
	* src/libvirt_private.syms: export internally a few convenience functions

	Tighten libvirt's parsing of logging env
	* src/libvirt.c src/logging.c: Don't convert high priority levels to the
	  debug level. Don't parse LIBVIRT_LOG_FILTERS and LIBVIRT_LOG_OUTPUTS
	  when they're set to the empty string. Warn when the user specifies an
	  invalid value (empty string remains a noop).
	* po/POTFILES.in: src/logging.c now include translatable strings

2009-08-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	Cleanup structure name naming
	* src/esx/esx_driver.c src/esx/esx_util.[ch] src/esx/esx_vi.[ch]:
	  just a name change

	Fix memleak if esxOpen fails
	* src/esx/esx_driver.c: if esxOpen failed, priv->transport wasn't freed

	Add proper OOM reporting for esxDomainGetOSType
	* src/esx/esx_driver.c: catch an unchecked strdup in
	  esxDomainGetOSType()

2009-08-05  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.7.0
	* configure.in NEWS docs/* libvirt.spec.in include/libvirt/libvirt.h:
	  Release of 0.7.0
	* po/*.po*: updated and regenerated the localization pool

2009-08-05  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Add an allocation unit when calling qemu-img
	* src/storage_backend.c: as the absence of units can be interpreted
	  in diverging ways depending on the version

2009-08-05  Daniel P. Berrange  <berrange@redhat.com>

	Add uniqness checking for LXC define/create methods
	* src/lxc_driver.c: Check for name & UUID uniqueness when
	  defining or creating domains

	Fix removal of transient VMs when LXC aborts
	* src/lxc_driver.c: Remove transient VM after monitor triggered
	  shutdown

	Don't try to activate cgroups if not present for LXC
	* src/lxc_controller.c: Don't throw error in LXC startup if
	  the cgroups driver mount isn't available. Improve error
	  logging for resource setup

	Fix configure checks from previous commits
	* configure.in: Don't set AM_CONDITIIONAL until *after* making
	  the checks

	Avoid a warning if compiling without inotify
	* src/xm_internal.c: split the implementations of xenInotifyActive()

2009-08-05  Aron Griffis  <aron.griffis@hp.com>

	Typo and comment fixes
	* docs/schemas/*.rng: the comments were wrong
	* src/qemu_conf.c: typo in an error message

2009-08-05  Cole Robinson  <crobinso@redhat.com>

	Refresh /etc/xen if inotify wasn't
	* src/xm_internal.c: in case of multiple connections to the xen driver
	  and some clients were not using domain events, the whole /etc/xen
	  monitoring would break leading to disapearing domains.

	Don't loose id on xen domain redefine
	* src/xm_internal.c: bug when redefining a domain, if it was running
	  we would loose its id

2009-08-05  Daniel Veillard  <veillard@redhat.com>

	Remove a stray semicolon
	* src/xend_internal.c: extraneous ; in xenDaemonParseSxprGraphicsNew

2009-08-05  Maximilian Wilhelm  <max@rfc2324.org>

	Workaround for broken GCC in Debian Etch
	* src/storage_conf.c src/internal.h: move previous check in internal.h
	  and add a workaround for a GCC bug in Debian Etch on limit definitions

	Xen Inotify support needs sys/inotify.h
	* configure.in: to activate Xen Inotify checking we need to check for
	  sys/inotify.h availability

	LXC driver requires sched.h and unshare()
	* configure.in: make it check by default for both

	Configure UML support only if sys/inotify.h present
	* configure.in: UML support requires sys/inotify.h so make it check
	  by default.

	Fix libcurl automatic check and ESX status
	* configure.in: if libcurl is not present ESX should be desactivated
	  so default to check for esx

2009-08-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	Extend the ESX URL to habdle ports and GSX
	* src/esx/esx_driver.c src/esx/esx_vi.[ch] src/esx/esx_vmx.[ch]:
	  adds version checking for GSX 2.0, allows to pass a specific port
	  for the connection and also add a new specific gsx scheme for
	  easier connections to GSX hosts

2009-08-05  Daniel P. Berrange  <berrange@redhat.com>

	Fix escaping of 8-bit high characters
	Fix  https://bugzilla.redhat.com/show_bug.cgi?id=479517
	* src/buf.c: Cast to 'unsigned char' before doing compare to
	  avoid rejecting 8-bit high characters

2009-08-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix memory leak in openvz driver
	* src/openvz_driver.c: Remove unneccessary strdup() on hypervisor
	  type api call

2009-08-02  Chris Lalancette  <clalance@redhat.com>

	Remove ATTRIBUTE_UNUSED from flags to qemudDomainMigratePerform.

	Add a comment about setting errors after qemudStartVMDaemon().

	Fix an erroneous debug error to KVM; it should read QEMU/KVM.

	Remove a stray semicolon in qemudDomainMigratePrepare2.

	Convert a few stray users of free() in libvirt.c to VIR_FREE().

	Use virGetHostname instead of gethostname.
	Fix up qemudDomainMigratePrepare2 to use virGetHostname instead of
	gethostname.  Besides the fact that virGetHostname is far more clever,
	there was a latent bug in the handling that could cause a buffer overflow
	on a very long hostname.

	Fix up a minor indentation issue with virDomainMigratePrepare.

	Fix virCapabilitiesDefaultGuestMachine documentation.

	Fix up a silly typo in apibuild.py.

2009-08-01  Daniel P. Berrange  <berrange@redhat.com>

	Protected against potential crash scenarios
	* src/qemu_driver.c: Check that monitor device is not NULL
	  before runing a command to protect against bugs in caller

	Improve diagnostics when pidfile writing fails
	* src/util.c: Include path & pid when logging pidfile failure

	Fix crash when attempting to shutdown inactive QEMU vm
	* src/qemu_driver.c: Add check that QEMU is active before attemting
	  to shutdown. Fix error code for check in destroy method

2009-07-31  Daniel P. Berrange  <berrange@redhat.com>

	Enable ESX driver build on Mingw32
	* autobuild.sh, mingw32-libvirt.spec.in: Enable esx on mingw32
	* src/esx/esx_driver.c: Define AI_ADDRCONFIG if not set
	* src/esx/esx_util.c, src/esx/esx_vi_types.c: Always use
	  %lld & friends, since gnulib guarentees we have these
	  and not the target's own variants

	Disable IPv6 on virtual networks
	If the bridge device is configured to have IPv6 address and
	accept router advertisments, then a malicious guest can send
	out bogus advertisments and hijack/DOS host IPv6 connectivity
	* src/network_driver.c: Set accept_ra=0, disable_ipv6=1, autoconf=0
	  for IPv6 sysctl on virual network bridge devices

2009-07-31  Mark McLoughlin  <markmc@redhat.com>

	Fix PCIe FLR detection
	PCIe DevCap register is actually 32 bits, not 16 bits. Since FLR is
	bit 28, we clearly are failing to detect FLR support.
	Known to fix device reset with some SR-IOV devices.
	* src/pci.c: fix pciDetectFunctionLevelReset()

	Set perms on /var/lib/libvirt/images to 0711
	Allow qemu user to open images in this dir, but still prevent others
	from listing it.
	* libvirt.spec.in: set /var/lib/libvirt/images perms to 0711

2009-07-31  Daniel P. Berrange  <berrange@redhat.com>

	Fix problem writing QEMU pidfile
	* src/util.c: Don't drop capabilities until after the PID file has
	  been written. Kill off child if writing the PID file fails
	* src/qemu_driver.c: Remove bogus trailing '/' in state dir

	Allow dnsmasq to provide DNS without DHCP
	* src/network_driver.c: Always start dnsmasq to allow it to provide
	  DNS, even if no DHCP ranges are enabled

2009-07-30  Maximilian Wilhelm  <max@rfc2324.org>

	Avoid warning when compiling without IFF_VNET_HDR
	* src/bridge.c: avoid a couple of unused var/func warnings

2009-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix build on mingw32 by disabling netcf
	* autobuild.sh, mingw32-libvirt.spec.in: Set --without-netcf for
	  mingw32 builds

2009-07-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX Scheduler documentation and cleanup
	* esx/esx_driver.c: add some documentation about the CPU scheduler
	  parameters and remove some old, unnecessary compensation code, since
	  virsh uses the proposed parameter types now.

2009-07-30  Henrik Persson  <henrik.e.persson@ericsson.com>

	Fix vcpupin on Xen problem
	* src/xend_internal.c: the update on the cpu affinity map format
	  had na error and made the changes in the wrong buffer, fix those

2009-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix RPM upgrades from F11 to F12
	* libvirt.spec.in: Create qemu/kvm user/group in %pre script

2009-07-30  Aron Griffis  <aron.griffis@hp.com>

	Fix an initialization problem in previous patch
	* src/bridge.c: fix struct ifreq ifr init in brAddTap()

2009-07-30  Bryan Kearney  <bkearney@redhat.com>

	Update the java bindings page
	* docs/java.html[.in]: update the java bindings html page to reflect the
	  new repositories, JNA usage, and maven access

2009-07-30  Aron Griffis  <aron.griffis@hp.com>

	Remove MAX_TAP_ID and let kernel do numbering
	* src/bridge.c: no need to format the device string in brAddTap()
	  this can be delegated to the kernel and removes an arbitrary limit.

2009-07-29  Ron Yorston  <rmy@tigress.co.uk>

	Kernel command line support for UML
	* src/uml_conf.c: add support for additional kernel command line
	  arguments.

2009-07-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix deadlock in remote driver domain events
	* src/remote_internal.c: Release driver lock when dispatching events
	  to callbacks

2009-07-29  Ryota Ozaki  <ozaki.ryota@gmail.com>

	qemu: fix monitor socket reconnection
	* src/qemu_driver.c: fix qemudOpenMonitorUnix() to retry on ENOENT
	  instead of EACCES which is the error one receive when the socket
	  error hasn't shown up yet

2009-07-29  Mark McLoughlin  <markmc@redhat.com>

	Fix polkit/netcf disabling on older fedoras
	polkit was disabled by default for a reason - because we selectively
	enable it on newer fedoras rather than disable it on older fedoras
	Same fix needed for netcf

	Capilize libvirt-client summary
	Fixes:
	  W: summary-not-capitalized client side library and utilities of the libvirt library

	Move ldconfig calls to libvirt-client %post/%postun
	Now that the library has moved to libvirt-client

	Convert NEWS to UTF-8
	* docs/news.xsl: request UTF-8 as the output encoding
	* NEWS: re-generate with UTF-8 encoding

	Fix trailing whitespace in NEWS
	git wouldn't let me push without this

	No need to build require both python-devel and python
	Since python-devel requires python
	Pointed out by Itamar Reis Peixoto

	Remove executable perms from /etc/sysconfig/libvirtd
	Changed by Rich Jones for:
	  libvirt.x86_64: E: executable-marked-as-config-file /etc/sysconfig/libvirtd
	See:
	  https://bugzilla.redhat.com/226055

	Use a %postun -p for one line scriptlet
	Changed by Rich Jones, presumably for this:
	  libvirt.x86_64: W: one-line-command-in-%postun /sbin/ldconfig
	see:
	  https://bugzilla.redhat.com/226055

	Don't explicitly require libxml2
	Originally done by rjones as part of this package review:
	  https://bugzilla.redhat.com/226055

	Fix some unowned directories
	danpb's fix for:
	  https://bugzilla.redhat.com/483442

	Kill qemu BuildRequires
	It's not needed at build time
	Removed in Fedora by:
	  * Fri Jun  5 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-2.fc12
	  - Remove the qemu BuildRequires

	Enable netcf by default
	Disabled on < f12 for now until netcf is in Fedora updates
	BuildRequires netcf if enabled, pass --without-netcf if its disabled
	* libvirt.spec.in: enabled netcf by default

	Default to with_polkit
	Unless there's some reason we shouldn't

	Make vbox support configurable
	Added by DV with:
	  * Fri Apr 24 2009 Daniel Veillard <veillard@redhat.com> - 0.6.3-1.fc12
	  - release of 0.6.3
	  - VirtualBox driver

	Build with --without-capng if capng is disabled
	* libvirt.spec: pass --without-capng if appropriate

	BuildRequires libcap-ng-devel not capng-devel
	Fedora CVS changelog is "Fix libcap-ng-devel require, Daniel"

2009-07-28  Shahar Klein  <shaharklein@yahoo.com>

	Drop curl host check when using ESX without check
	* src/esx/esx_vi.c: drop host check if no_verify=1, but as Matthias
	  pointed out if no_verify=2 we should check the host is the right
	  one

2009-07-28  Mark McLoughlin  <markmc@redhat.com>

	Reduce glusterfs dependency to 2.0.1
	* libvirt.spec.in: require glusterfs-client >= 2.0.1

2009-07-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix crashes in Xen capabilities code
	* src/xen_internal.c: Don't free memory now owned by the virCapsPtr
	   structure
	* tests/testutilsxen.c: Fix up for change in internal API

	Fix typo in xen capabilities code

	Fill in vCPU <-> pCPU current mapping, and vCPU cpuTime for QEMU
	* src/qemu_driver.c: implement missing features in qemudDomainGetVcpus
	  for 'cpu' and 'cpuTime' fields

2009-07-27  Mark McLoughlin  <markmc@redhat.com>

	Add support for attaching network/bridge NICs in QEMU driver
	In order to hotplug a network/bridge backed NIC, we need to first create
	the tap file descriptor, add the tap interface to the bridge and then
	pass the file descriptor to the qemu process using the 'getfd' monitor
	command.
	Once the tapfd has been accepted, we create the network backend using
	host_net_add, supplying the name assigned to the tapfd. If this fails,
	we need to close the tapfd in qemu using the 'closefd' monitor command.
	If the version of qemu does not support the getfd/closefd monitor
	commands we detect "unknown command" in the getfd reply and fail the
	attach operation.
	* src/qemu_driver.c: add support for tapfd based hotplug in
	  qemudDomainAttachNetDevice()

	Add SCM_RIGHTS support to QEMU monitor code
	Add qemudMonitorCommandWithFd() which allows a file descriptor to be
	sent to qemu over a unix monitor socket using SCM_RIGHTS. See the
	unix(7) and cmsg(3) man pages.
	* src/qemu_conf.c: add a scm_fd param to qemudMonitorCommandExtra(),
	  add qemudMonitorCommandWithFd(), implement SCM_RIGHTS support in
	  qemudMonitorSendUnix()

	Use sendmsg() on QEMU monitor socket
	Switch from using write() to using sendmsg() on QEMU's monitor socket
	so that we can add support for SCM_RIGHTS.
	* src/qemu_driver.c: add sendmsg() based qemudMonitorSendUnix() and use
	  it when the monitor fd is a unix socket

	Factor qemudMonitorSend() out of qemudMonitorCommandExtra()
	Add a little helper function to write the monitor command followed by
	carriage return in a single write.
	This doesn't make any real difference, but allows us to more easily
	switch to using sendmsg() when using the monitor over a unix socket.
	* src/qemu_conf.c: split qemudMonitorSend() out

	Clean up error handling in qemudDomainAttachNetDevice()
	In subsequent patches we're going to have a file descriptor to close
	too, so centralize the error handling cleanups to make things easier.
	* src/qemu_conf.c: in qemudDomainAttachNetDevice() consolidate the
	  error handling cleanups together

	Make qemuBuildHostNetStr() take tapfd as a string
	With hotplug, we're going to want to pass a tapfd name rather than an
	actual file descriptor, so prepare the way by passing a string tapfd to
	qemuBuildHostNetStr().
	* src/qemu_conf.h: qemuBuildHostNetStr() takes a string tapfd now
	* src/qemu_conf.c: pass qemuBuildHostNetStr() a string rather than an
	  actual file descriptor
	* src/qemu_driver.c: update qemudDomainAttachNetDevice() for change

	Move vnet_hdr logic into qemudNetworkIfaceConnect() and export it
	* src/qemu_conf.h: export qemudNetworkIfaceConnect()
	* src/qemu_conf.c: move vnet_hdr logic into qemudNetworkIfaceConnect()
	  since we need it for hotplug too

	Only probe qemu for machine types when binary changes
	By probing for qemu machine types, we increased the time of a
	GetCapabilities call from 100us to a whopping 60ms.
	This patch takes the approach of only probing for machine types
	when the mtime of the emulator binary changed since the last time
	the capabilities were generated.
	* src/capabilities.h: cache the emulator binary mtime
	* src/qemu_conf.c: add qemudGetOldMachines() to copy the machine
	  types from the old caps struct if the mtime for the binary hasn't
	  changed
	* src/qemu_conf.h, src/qemu_driver.c: pass the old caps pointer to
	  qemudCapsInit()

	Add canonical machine name to capabilities output
	e.g. <machine canonical='pc'>pc-0.11</machine>
	* src/capabilities.c: output the canonical machine names in the
	  capabilities output, if available
	* docs/schemas/capabilities.rng: add the new attribute

	Probe QEMU directly for machine aliases if not found in capabilties
	Not all possible emulators are actually in the capabilities, so if we
	don't find the supplied emulator we should probe it directly for machine
	types.
	* src/qemu_driver.c: add qemudCanonicalizeMachineDirect() to directly
	  probe an emulator for the canonical machine type

	Canonicalize qemu machine types
	In qemu-0.11 there is a 'pc-0.10' machine type which allows you to run
	guests with a machine which is compatible with the pc machine in
	qemu-0.10 - e.g. using the original PCI class for virtio-blk and
	virtio-console and disabling MSI support in virtio-net. The idea here
	is that we don't want to suprise guests by changing the hardware when
	qemu is updated.
	I've just posted some patches for qemu-0.11 which allows libvirt to
	canonicalize the 'pc' machine alias to the latest machine version.
	This patches makes us use that so that when a guest is configured to
	use the 'pc' machine type, we resolve that to 'pc-0.11' machine and
	save that in the guest XML.
	See also:
	  https://fedoraproject.org/wiki/Features/KVM_Stable_Guest_ABI
	* src/qemu_conf.c: add qemudCanonicalizeMachine() to canonicalize
	  the machine type according to the machine aliases in capabilities
	* src/qemu_driver.c: parse aliases in qemudParseMachineTypesStr()

	Add virCapsGuestMachine structure
	A subsequent commit will add a "canonical" field to this structure,
	this patch basically just prepares the way for that.
	The new type is added, along with virCapabilitiesAlloc/FreeMachines()
	helpers and a whole bunch of code to make the transition.
	One quirk is that virCapabilitiesAddGuestDomain() and
	virCapabilitiesAddGuest() take ownership of the machine list rather
	than duping it. This makes sense to avoid needless copying.
	* src/capabilities.h: add the virCapsGuestMachine struct and use it
	  in virCapsGuestDomainInfo, add prototypes for new functions and
	  update the AddGuest() prototypes
	* src/capabilities.c: add code for allocating and freeing the new
	  type, change the machines parameter to AddGuest() etc.
	* src/libvirt_private.syms: export the new helpers
	* src/qemu_conf.c: update all the machine type code to use the new
	  struct
	* src/xen_internal.c: ditto
	* tests/testutilsqemu.c: ditto

	Probe for QEMU machine types
	Currently we hardcode the QEMU machine types. We should really just
	parse the output of 'qemu -M ?' so the lists don't get out of sync.
	xenner doesn't support '-M ?', so we still need to hardcode that.
	The horrible (const char *const *) is removed in a subsequent patch.
	* src/qemu_conf.c: kill the arch_info*machines tables, retain the
	  hardcoded xenner machine type, add qemudProbeMachineTypes() to
	  run and parse 'qemu -M ?' and use it in qemudCapsInitGuest()

	Cleanup qemu binary detection logic in qemudCapsInitGuest()
	There's no need for the hasbase/hasaltbase confusion, just store the
	first binary path found in a variable.
	* src/qemu_conf.c: kill hasbase/hasaltbase logic in qemudCapsInitGuest()

2009-07-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX driver accept VI API version 4.0
	* src/esx/esx_driver.c src/esx/esx_vi.c src/esx/esx_vi.h
	  src/esx/esx_vmx.c src/esx/esx_vmx.h: extend the VI API version checks
	  to accept version 4.0 and takes care of the virtualHW.version change
	  from 4 to 7.

	Allow leading dots in VMX config entry names
	* src/conf.c: the virConfParser must accept leading dot when in VMX mode

	Add no_verify query parameter to ESX URIs
	* src/esx/esx_driver.c src/esx/esx_util.c src/esx/esx_util.h
	  src/esx/esx_vi.c src/esx/esx_vi.h: adds a no_verify query parameter to
	  stop libcurl from verifying theserver certificate for the https
	  transport.

	Fix memory leaks in esxDomainDumpXML
	* src/esx/esx_driver.c: remove leaks in esxDomainDumpXML() and simplify
	  esxDomainXMLFromNative()

2009-07-27  Cole Robinson  <crobinso@redhat.com>

	Commit newly generated docs, after changes from commit 2348cf.

	Add phyp files to POTFILES, to make syntax-check happy.

	test: Implement BlockStats and InterfaceStats
	We fake stats values based on the current time, similar to how it's done
	for cpu time.

	test: Generate net interface names when assigning XML.
	We need interface names to implement InterfaceStats.

	Don't allow NULL paths for BlockStats and InterfaceStats
	Do the check in libvirt.c, to save drivers from the burden. This changes
	behavior slightly in the qemu driver: we no longer explictly error if
	passed an empty string. An error will still be thrown when the device
	lookup fails.

	python: Raise exceptions if virDomain*Stats fail.
	The generator couldn't tell that the stats return values were pointers.
	Stick a white list in the function which tries to make this distinction.

2009-07-25  Guido Günther  <agx@sigxcpu.org>

	document tcp listen and raw wire option

2009-07-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix misc build problems due to new drivers
	* autobuild.sh: Disable esx/phyp build on mingw32
	* configure.in: Fix handling of --without-phyp so it actually works
	* libvirt.spec.in: Add missing interface.rng
	* mingw32-libvirt.spec.in: Disable phyp/esx drivers
	* src/phyp/phyp_driver.c: Fix missing i18n of error messages

2009-07-25  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Add support for VBox 3 and event callbacks on vbox
	* src/vbox/vbox_driver.c: remove some old 2.5 switches and plug the
	  3.0 driver
	* src/vbox/vbox_V3_0.c src/vbox/vbox_CAPI_v3_0.h: the driver for
	  VirtualBox 3.0
	* src/vbox/vbox_tmpl.c: handle the new driver and add event support
	* src/Makefile.am: plug in the new module

2009-07-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix cgroup compile warnings
	* src/cgroup.c: Fix cast to uint64 from unsigned long long

2009-07-24  Daniel Veillard  <veillard@redhat.com>

	Desactivate phyp build and indicate libssh builreq

2009-07-24  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	First version of the Power Hypervisor driver
	Features supported:
	- Connects to HMC/VIOS or IVM systems.
	- Life cycle commands (resume and shutdown).
	- dumpxml
	- 'list' and 'list --all'
	What is being implemented:
	- better and centralized control for UUID
	- definexml
	- CPU management commands
	* src/domain_conf.c src/domain_conf.h: first version of the driver
	* configure.in src/Makefile.am include/libvirt/virterror.h
	  src/domain_conf.[ch] src/libvirt.c src/virterror.c: glue the driver
	  in the general framework

2009-07-24  Jim Meyering  <meyering@redhat.com>

	docs: say that the old repository is deprecated...
	* docs/downloads.html.in: but will remain for sake of old links.

2009-07-24  Daniel Veillard  <veillard@redhat.com>

	Added Matthias Bolte to AUTHORS list

2009-07-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	First version of the driver for VMWare ESX
	* src/esx/esx_*.[ch]: the driver, uses a remote minimal SOAP client
	  to talk to the VI services on ESX nodes.
	* configure.in include/libvirt/virterror.h src/Makefile.am src/driver.h
	  src/libvirt.c src/virterror.c: glue in the new driver

2009-07-24  Daniel P. Berrange  <berrange@redhat.com>

	Make QEMU cgroups use configurable
	 * qemud/libvirtd_qemu.aug, qemud/test_libvirtd_qemu.aug,
	   src/qemu.conf: Add 'cgroups_controllers' and 'cgroups_device_acl'
	   parameters
	 * src/qemu_conf.h, src/qemu_conf.c: Load & parse configuration params
	   for cgroups
	 * src/qemu_driver.c: Only use cgroups controllers that are activated,
	   and use configured device whitelist instead of default, if set.

	Use cgroups for block device whitelisting in QEMU guests
	* src/qemu_driver.c: Set a restrictive block device whitelist for
	  all QEMU guests. Update whitelist when hotplugging disks.
	* src/cgroup.h, src/cgroup.c: Add some more convenience methods
	  for dealing with block device whitelists.

	Implement schedular tunables API using cgroups
	* src/qemu_driver.c:  Add driver methods qemuGetSchedulerType,
	  qemuGetSchedulerParameters, qemuSetSchedulerParameters
	* src/lxc_driver.c: Fix to use unsigned long long consistently
	  for schedular parameters
	* src/cgroup.h, src/cgroup.c: Fix cpu_shares to take unsigned
	  long long
	* src/util.c, src/util.h, src/libvirt_private.syms: Add a
	  virStrToDouble helper
	* src/virsh.c: Fix handling of --set arg to schedinfo command
	  to honour the designated data type of each schedular tunable
	  as declared by the driver

	Place every QEMU guest in a private cgroup
	* src/qemu_driver.c: Place guest in cgroup upon startup. Remove
	  cgroup upon shutdown

	Refactor cgroups to allow a group per driver to be managed directly
	Allow the driver level cgroup to be managed explicitly by the
	hypervisor drivers, in order to detect whether to enable or
	disable cgroup support for domains. Provides better error
	reporting of failures. Also allow for creation of cgroups for
	unprivileged drivers if controller is accessible by the user.
	* src/cgroup.c, src/cgroup.h: Add an API to obtain a driver cgroup
	* src/lxc_conf.h, src/lxc_controller.c, src/lxc_driver.c:
	  Obtain a driver cgroup at startup and use that instead of
	  re-creating everytime.
	* src/util.c, src/util.h, src/libvirt_private.syms: Add a
	  virGetUserName() helper

	Make cgroups a little more efficient
	* src/cgroup.c: Detect the mount location of every controller at
	  time a virCgroupPtr is created. Detect current process' placement
	  within group to avoid assuming it is in the root. Pass controller
	  ID into SetValueStr/GetValueStr to enable much duplicated code to
	  be eliminated

2009-07-24  Laine Stump  <laine@laine.org>

	Add bare format string to printf-derivatives troubles
	* src/datatypes.c src/domain_conf.c src/interface_conf.c
	  src/lxc_driver.c src/qemu_driver.c src/storage_backend.c src/virsh.c:
	  add bare %s format string to printf-derivatives called with no format
	  string

2009-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Don't restore labels on shared/readonly disks
	* src/security_selinux.c: Skip relabelling of shared/readonly
	  disks upon shutdown, since this breaks other VMs still active
	  using those disks

	Use virFileReadAll/virFileWriteStr for key cgroup read/write helpers

	Use enums for cgroup controller types / labels

	Add domain autostart for LXC driver
	* src/lxc_driver.c: Implement support for domain autostart

	Add domain events support to LXC driver
	* src/lxc_conf.h: Add queue for dispatch of domain events
	* src/lxc_driver.c: Trigger domain events upon important lifecycle transitions

	Fix misc Win32 compile warnings
	GCC >= 4.4 assumes the 'printf' attribute refers to the native
	runtime libraries format specifiers. Thanks to gnulib, libvirt
	has GNU format specifiers everywhere.  This means we need to
	use 'gnu_printf' with GCC >= 4.4 to get correct compiler
	checking of printf format specifiers.
	* HACKING: Document new rules for ATTRIBUTE_FMT_PRINTF
	* autobuild.sh, mingw32-libvirt.spec.in: Disable OpenNebula
	  driver on mingw32 builds
	* qemud/dispatch.h, qemud/qemu.h, src/buf.h src/internal.h,
	  src/logging.h, src/security.h, src/sexpr.h, src/util.h,
	  src/virterror_internal.h, src/xend_internal.c: Change
	  over to ATTRIBUTE_FMT_PRINTF.
	* src/virsh.c: Disable 'cd' and 'pwd' commands on Win32
	  since they don't compile
	* src/threads-win32.c: Add missing return value check

2009-07-23  Jim Paris  <jim@jtan.com>

	Always add -no-kvm and -no-kqemu, for qemu domains
	If the qemu binary supports "-no-kvm" and/or "-no-kqemu", they should
	always be added for plain "qemu" domains.  Previously, we omitted them
	whenever the host and guest architectures implied that they would be
	disabled automatically, but that logic was flawed in some cases
	(such as i686 and x86_64).
	* src/qemu_conf.c: fix the conditions for adding "-no-kvm" and/or "-no-kqemu"

2009-07-23  Laine Stump  <laine@laine.org>

	Release conn lock before reporting errors (end)
	* src/datatypes.c: more cleanup, where lock must be released before
	  calling error handling which tries to get it.

	Rename variable for compilation in Mingw32 (end)
	* qemud/remote.c src/interface_conf.[ch] src/veth.[ch]: more renaming
	  from interface to iface

2009-07-22  Nguyen Anh Quynh  <aquynh@gmail.com>

	Add support for physical memory access for QEmu
	* include/libvirt/libvirt.h include/libvirt/libvirt.h.in: adds the new
	  flag VIR_MEMORY_PHYSICAL for virDomainMemoryPeek
	* src/libvirt.c: update the front-end checking
	* src/qemu_driver.c: extend the QEmu driver

2009-07-22  Jim Meyering  <meyering@redhat.com>

	avoid a make distcheck failure: distribute docs/schemas/interface.rng
	* docs/schemas/Makefile.am (schema_DATA): Add interface.rng.

	avoid a make distcheck failure: distribute tests/interfaceschemadata/
	* tests/Makefile.am (EXTRA_DIST): Add interfaceschemadata.

2009-07-22  Laine Stump  <laine@laine.org>

	Release conn lock before reporting interface errors
	* src/datatypes.c: fix a lock problem on error handling, as the
	  error report takes the lock, it must be released before, fixes
	  the problem but just for Interface objects

	Update modified mac address in place in virGetInterface
	* src/datatypes.c: handle the nasty case where an interface
	  mac address change, while it's already in use

	Fix multiple memory leaks in virsh
	* virsh.c: fix a number of leaks of virDomain, virStoragePool,
	  virNodeDevice, etc.

2009-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in storage cloning

2009-07-22  Mark McLoughlin  <markmc@redhat.com>

	Add support for network device detach
	qemu network devices are hot-unplugged in two stages - first the PCI NIC
	is removed using 'pci_del <pci_addr>' and then the backend is removed
	using 'host_net_remove <vlan> <name>'.
	In order to perform these operations we need to have retained the
	PCI address, backend name and vlan number.
	* src/qemu_driver.c: add qemudDomainDetachNetDevice()

	Retain PCI address from NIC attach
	When we pci_add a NIC, we need to retain the PCI address assigned by
	qemu for using during detach.
	* src/qemu_driver.c: use qemudParsePciAddReply() to pull the PCI
	  address from the pci_add reply
	* src/domain_conf.c: handle storing and parsing the PCI address in the
	  domain state XML file

	Re-factor pci_add reply parsing and parse domain/bus numbers
	The current code for parsing pci_add replies ignores the the domain and
	bus numbers. Re-write the code to rectify that.
	Also, since pci_add is used for NIC hotplug as well ask disk hotplug,
	re-factor the code into a separate function.
	* src/qemu_driver.c: add qemudParsePciAddReply() function which can
	  handle parsing domain and bus numbers

	Remove the network backend if NIC hotplug fails
	If we fail to pci_add a NIC, we should remove the network backend and
	leave things the way we found them. To do that, we pre-allocate a
	host_net_remove monitor command and issue that if the pci_add fails.
	If the remove fails, we just log a warning.
	We can only do this if we have a name for the network backend and
	we know the vlan number its associated with.
	* src/qemu_driver.c: host_net_remove the network backend if the
	  pci_add fails

	Basic qemu NIC hotplug support
	Implement basic NIC hotplug support using the 'host_net_add' and
	'pci_add' qemu monitor commands.
	For now, we don't support 'bridge' or 'network' types.
	Also, if pci_add fails, we currently fail to remove the backend
	which we added.
	Finally, NIC hot-unplug support is missing.
	* src/qemu_driver.c: add qemudDomainAttachNetDevice()
	* src/qemu_conf.[ch]: export qemuBuildNicStr(), qemuBuildHostNetStr()
	  and qemuAssignNames()
	* src/libvirt_private.syms: export virDomainNetTypeToString()

	Make qemuCmdFlags available in qemudDomainAttachDevice()
	qemudDomainChangeEjectableMedia() currently extracts the qemu command
	line flags, but other device attaching code might need it, so move
	the qemudExtractVersionInfo() call up a frame.
	* src/qemu_driver.c: move the qemudExtractVersionInfo() call from
	  qemudDomainChangeEjectableMedia() to qemudDomainAttachDevice()

	Store the interface vlan number in the domain state
	Currently, an interface's vlan number corresponds to its index in
	the table of network interfaces. That is no longer true when we
	allow devices to be removed.
	To fix this, we store the vlan number in the domain's state XML
	so that it survives libvirtd restarts.
	* src/domain_conf.h: add vlan number to virDomainNetDef
	* src/domain_conf.c: store it in XML as <state vlan='N'/>, defaulting
	  to -1 if this is state saved by a previous version of libvirt
	* src/qemu_conf.c: assign vlan numbers before starting qemu

	Add NIC and hostnet names to domain state XML
	The qemu driver needs to assign and keep track of identifiers for
	network devices so that it can remove them. We need to keep this state
	across libvirtd restarts, but it's not configuration that needs to
	be kept across guest restarts.
	* src/domain_conf.c: parse and format <state nic="foo" hostnet="bar"/>

	Assign names to qemu NICs and network backends
	We need these so that we can remove the devices via the monitor.
	* src/domain_conf.h: add nic_name and hostnet_name to virDomainNetDef
	* src/domain_conf.c: free nic_name and hostnet_name
	* src/qemu_conf.c: add qemuAssignNetNames(), use it if qemu has
	  support for the param and pass the names on the command line
	* tests/qemuxml2argv*: add a test for this

	Add checks for some NIC hotplug related features added in qemu-0.10.0
	Add QEMUD_CMD_FLAG_NET_NAME to indicate that '-net ...,name=foo' is
	supported and QEMUD_CMD_FLAG_HOST_NET_ADD to indicate that the
	'host_net_add' monitor command is available.
	Set both these flags if the qemu version is greater than 0.10.0.
	Checking via the '-help' output would not work for the monitor command
	and even for the command line arg, it would be quite fragile.
	* src/qemu_conf.h: add new flags as aliases of QEMUD_CMD_FLAG_0_10
	* src/qemu_conf.c: set QEMUD_CMD_FLAG_0_10 for versions >= 0.10.0
	* tests/qemuhelptest.c: set QEMUD_CMD_FLAG_0_10 for the appropriate
	  qemu versions

	Factor qemuBuildHostNetStr() out from qemuBuildCommandLine()
	Re-factor this code so that it can be used for NIC hotplug
	too. The awkward prefix and type_sep arguments are needed to
	allow us to do "host_net_add tap vlan=..."
	* src/qemu_conf.c: factor the net backend string formatting
	  code into its own function

	Factor qemuBuildNicStr() out from qemuBuildCommandLine()
	Re-factor this code so that it can be used for NIC hotplug
	too. The awkward arguments are needed to allow use to do
	"pci_add auto nic macaddr=..."
	* src/qemu_conf.c: factor the nic string formatting code into
	  its own function

	Retain disk PCI address across libvirtd restarts
	When we hot-plug a disk device into a qemu guest, we need to retain its
	PCI address so that it can be removed again later. Currently, we do
	retain the slot number, but not across libvirtd restarts.
	Add <state devaddr="xxxx:xx:xx"/> to the disk device XML config when the
	VIR_DOMAIN_XML_INTERNAL_STATUS flag is used. We still don't parse the
	domain and bus number, but the format allows us to do that in future.
	* src/domain_conf.h: replace slotnum with pci_addr struct, add helper
	  for testing whether the address is valid
	* src/domain_conf.c: handle formatting and parsing the address
	* src/qemu_driver.c: store the parsed slot number as a full PCI address,
	  and use this address with the pci_del monitor command
	* src/vbox/vbox_tmpl.c: we're debug printing slotnum here even though
	  it can never be set, just delete it

	Add internal XML parsing/formatting flag
	We need to store things like device names and PCI slot numbers in the
	qemu domain state file so that we don't lose that information on
	libvirtd restart. Add a flag to indicate that this information should
	be parsed or formatted.
	Make bit 16 and above of the flags bitmask for internal use only and
	consume the first bit for this new status flag.
	* include/libvirt/libvirt.h: add VIR_DOMAIN_XML_FLAGS_MASK
	* src/libvirt.c: reject private flags in virDomainGetXMLDesc()
	* src/domain_conf.h: add VIR_DOMAIN_XML_INTERNAL_STATUS
	* src/domain_conf.c: pass the flag from virDomainObjParseXML() and
	  virDomainSaveStatus

2009-07-22  Laine Stump  <laine@laine.org>

	Rename variable for compilation in Mingw32
	* src/virsh.c: rename interface into iface

2009-07-22  Thomas Treutner  <thomas@scripty.at>

	Fix documentation of virStoragePoolUndefine return
	* src/libvirt.c: the documented return was wrong

2009-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in check for glusterfs format pools
	* src/storage_backend_fs.c: Replace = with == for comparison

2009-07-21  Harshavardhana  <harsha@gluster.com>

	Set specific flags for glusterfs fs mounts
	* src/storage_backend_fs.c: due to Fuse O_DIRECT problem one need
	  to mount glusterfs with direct-IO mode, until fixed

2009-07-21  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Fix reconnect bug for VBox
	* src/vbox/vbox_tmpl.c: reconnecting to vbox:///session was failing

2009-07-21  Daniel Veillard  <veillard@redhat.com>

	Activate the interface drivers, and cleanups
	* src/libvirt.c: activate the interface drivers
	* po/POTFILES.in: add the netcf driver as a source of localization strings
	* src/interface_driver.c: NETCF_ENOMEM -> VIR_ERR_NO_MEMORY mapping was
	  breaking syntax checking

2009-07-21  Laine Stump  <laine@laine.org>

	Netcf based interface driver implementation
	* src/interface_driver.c src/interface_driver.h: the new driver
	* src/Makefile.am qemud/Makefile.am qemud/qemud.c: hook the new driver
	  in the build system and get ti activated by the daemon
	* src/libvirt_private.syms: export needed symbols internally

	Add a test interface driver
	* test.c: includes an interface driver to the test framework

2009-07-21  Daniel Veillard  <veillard@redhat.com>

	Remove trailing blank lines

2009-07-21  Laine Stump  <laine@laine.org>

	Add interface object list manipulation functions
	* interface_conf.c interface_conf.h: utilities function usful for
	  interface driver like the test interface driver

	virGetinterface matching of MAC and interface name
	MAC address of a particular interface may change over time, and the
	reduced virInterface object (which contains just name and mac) needs
	to reflect these changes. Since we can't modify the mac address of an
	existing virInterface (some other thread may currently be using it) we
	just create a new virInterface, and let the old one die a dignified
	death when its refct goes to 0.
	* src/datatypes.c: fix the matching and lifetime of virInterface object
	  accordingly

	Add an error code for conflicting mac addresses
	* include/libvirt/virterror.h src/virterror.c: if a driver's
	  virInterfaceLookupByMACString() function finds more than one interface
	  with the desired MAC Address, this new error is raised.

2009-07-21  Jun Koi  <junkoi2004@gmail.com>

	Fix an uninitialized variable in Unix socket open
	* src/qemu_driver.c: qemudOpenMonitorUnix() had an uninitialized loop
	  counter

2009-07-21  Daniel Veillard  <veillard@redhat.com>

	rpm spec cleanup and split off client only package
	* libvirt.spec.in: make a client rpm with shared libs, client binaries
	  and resources needed by those, and a small number of fixes and
	  cleanups in the spec file.

2009-07-17  Jim Meyering  <meyering@redhat.com>

	build: do not emit a trailing blank line into VC'd file, NEWS
	* docs/Makefile.am ($(top_builddir)/NEWS): Adjust rule to filter
	out any trailing blank lines when generating this file.
	* NEWS: Regenerate, so that it contains entries for 0.6.5.

2009-07-17  Daniel Veillard  <veillard@redhat.com>

	Remove some unused variables and cut long lines
	* src/virsh.c: a bit of cleanup on previous commit

2009-07-17  Laine Stump  <laine@laine.org>

	Add virsh commands for network interface management
	* src/virsh.c: add a number of interface related commands:
	  iface-list, iface-name, iface-mac, iface-dumpxml, iface-define,
	  iface-undefine, iface-edit, iface-start and iface-destroy

2009-07-17  Cole Robinson  <crobinso@redhat.com>

	Fix gitweb link on download page.

	qemu: Try multiple times to open unix monitor socket
	Unlike the pty monitor (which we know exists since we scrape its path from
	stdout), we have no way of knowing that the unix monitor socket should exist/
	be initialized. As a result, some of my KVM guests randomly fail to start on
	F10 host.
	Try to open the unix socket in a 3 second timeout loop. Ignore EACCES (path
	does not exist if a first time run) and ECONNREFUSED (leftover socket from
	a previous run hasn't been removed yet). Fixes things for me.

	storage: Implement CreateVolFrom for logical and disk backend.
	With the previous refactoring, this is a simple process, since the global
	'CreateBlockFrom' in storage_backend does all the work.

	storage: Don't try sparse detection if writing to block device.
	We don't gain any space savings, so skip the detection to speed up
	the cloning operation.

	storage: Implement 'CreateBlockFrom' helper.
	Add a 'CreateBlockFrom' in the global storage_backend, which sets up the
	destination block device: CopyFromFD does the rest of the cloning.

	storage: Break out actual raw cloning to separate function.
	The CreateRaw function has some 'file' only assumptions, so break the agnostic
	cloning bits to a separate function.

	storage: cleanup: do away with 'createFile'
	Have storage building functions be definitions of
	virStorageBackendBuildVolFrom: we will need to do this in the future anyways
	if we ever support the flags attribute.

	storage: Move most of the FS creation functions to common backend.
	These will be used by other pool cloning implementations.

	storage: Refactor FS backend 'create' function choosing.
	Break out separate functions for
	- Determining the supported '*-img' tool,
	- The tool's associated create function,
	- Desired function for cloning (CreateXMLFrom).
	This will be eventually used to unify cloning across all backends.

	storage: Fix deadlock when cloning across pools.
	We need to unlock the first pool before looking up the second, since the
	search locks every pool it checks.

	storage: disk: Use capacity, not allocation, when creating volume.
	There isn't any way to dictate allocation when creating disk volumes, so
	capacity is the only relevant value.

	storage: disk: Default to 'ext2' for new volumes.
	Currently, if no format is specified for a new disk volume, we pass the
	invalid value "none" as the FS type to 'parted mkpart'.
	There doesn't seem to be a way to have parted not format the drive, so
	just default to using 'ext2' in this case: this shouldn't cause any harm,
	since we are creating a new partition in the first place.

	storage: disk: Fix segfault creating volume without target path
	Remove unneeded target path duplication, which could carelessly dereference
	NULL. Make it clear where 'key' is actually filled in.

	storage: disk: Fix parthelper '-g' option handling.
	Typo was breaking 'parthelper -g', preventing disk pool definition.

2009-07-17  Jim Meyering  <meyering@redhat.com>

	build: submodule machinery now works also when no tag is reachable
	The code in cfg.mk to detect when the git submodule was out of date
	worked most of the time, but not when checked out in a certain way.
	* cfg.mk: Extract submodule hash from command output and file,
	and compare only that, since the format of the full line may vary.
	Reported by Mike Burns, with some diagnosis by Daniel P Berrange.

2009-07-17  Daniel P. Berrange  <berrange@redhat.com>

	Run QEMU guests as an unprivileged user
	* configure.in: Add --with-qemu-user and --with-qemu-group args
	* libvirt.spec.in: use 'qemu' for user/group for Fedora >= 12
	* qemud/libvirtd_qemu.arg, qemud/test_libvirtd_qemu.aug,
	  src/qemu.conf: Add 'user' and 'group' args for configuration
	* src/Makefile.am: Create %localstatedir/cache/libvirt/qemu
	* src/qemu_conf.c, src/qemu_conf.h: Load user/group from config
	* src/qemu_driver.c: Change user ID/group ID when launching QEMU
	  guests. Change user/group ownership on disks/usb/pci devs.
	  Put memory dumps in %localstatedir/cache/libvirt/qemu
	* src/util.c, src/util.h: Add convenient APIs for converting
	  username/groupname to user ID / group ID

2009-07-16  Laine Stump  <laine@laine.org>

	Implement the new virinterface functions
	* src/driver.h: add new driver functions virDrvNumOfDefinedInterfaces
	  and virDrvListDefinedInterfaces
	* src/libvirt.c: implements the entry points, calling new driver
	  functions
	* qemud/remote.c qemud/remote_dispatch_args.h qemud/remote_protocol.[chx]
	  qemud/remote_dispatch_prototypes.h qemud/remote_dispatch_ret.h
	  qemud/remote_dispatch_table.h src/remote_internal.c: implement the
	  client/server side of the RPC

	Public API for new virInterface functions
	* include/libvirt/libvirt.h[.in]: adds signatures for the new exported
	  functions virConnectNumOfDefinedInterfaces and
	  virConnectListDefinedInterfaces
	* src/libvirt_public.syms: export the new symbols

2009-07-16  Daniel Veillard  <veillard@redhat.com>

	Fix configure flags in spec file
	* libvirt.spec.in: we were still using deprecated configure switches

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Rename a bunch of internal methods to clarify their meaning
	This renames a lot of the methods in the remote driver client
	to more accurately reflect their responsibility of IO handling
	vs message handling.

	Simplify remote driver error reporting
	Remove redundant error reporting functions which obscured the
	filename/line number reporting. Removed code which created a
	virDomain/virNetwork object, since those are silently dropped
	in error reporting functions now
	* src/remote_internal.c: Remove error() and errorf() in favour of
	 macros, and remove server_error in favour of direct call

	Refactor message sending to allow code reuse for data streams
	Splits up the 'call' method moving generic IO code out into
	separate method to allow it to be easily reused for sending
	data streams
	* src/remote_internal.c: Split 'call' into two methods, the first
	  with same name serializes a set of method arguments into a
	  message, the second 'remoteIO' takes a pre-serialized messages,
	  sends it and awaits a reply

	Refactor incoming message handling to prepare for data stream support
	* src/remote_internal.c: Rename processCallRecvMsg to
	  processCallDispatch, and move code specific to method replies
	  into processCallDispatchReply, and rename processCallAsyncEvent
	  to processCallDispatchMessage

	Rename 'direction' to 'type' in remote_message_header
	The 'remote_message_header' struct has a mis-leadingly named
	field 'direction'. It is really a reflection of the type of
	message, and some types can be sent in either direction. Thus
	the field is more accurately named 'type'. No function change.
	* qemud/remote_protocol.x: Rename 'direction' to 'type' in
	  'remote_message_header. Write better docs describing the
	  message header field semantics & usage
	* qemud/remote_protocol.c, qemud/remote_protocol.h: Regenerate
	* qemud/remote.c, qemud/dispatch.c, src/remote_internal.c
	  Update to reflect rename of 'direction' to 'type'

	Define an API for registering incoming message dispatch filters
	All incoming messages currently get routed to the generic method
	remoteDispatchClientRequest() for processing. To allow incoming
	data stream messages to bypass this and be routed to a specific
	location, a concept of dispatch filters is introduced.
	* qemud/qemud.h: Add a qemud_client_filter struct and a callback
	  qemud_client_filter_func. Maintain a list of filters on every
	  struct qemud_client
	* qemud/qemud.c: Move remoteDecodeClientMessageHeader() out of
	  qemudWorker() into qemudDispatchClientRead(). Check registered
	  message filters in qemudDispatchClientRead() to decide where
	  to send incoming messages for dispatch.

	Split out code for handling incoming method call messages
	The remoteDispatchClientRequest() method is currently hardwired to
	assume there is only one type of incoming message, a method call.
	To allow for alternate types of incoming messags, the code that is
	specific to method calls is being split into a separate method
	remoteDispatchClientCall
	* qemud/dispatch.c: Move method call specific code out into
	  remoteDispatchClientCall. Add a helper remoteSerializeError
	  for returning error messages to client

	Change the way client event loop watches are managed
	The current qemudRegisterClientEvent() code is used both for
	registering the initial socket watch, and updating the already
	registered watch. This causes unneccessary complexity in alot
	of code which only cares about updating existing watches. The
	updating of a watch cannot ever fail, nor is a reference to the
	'qemud_server' object required.
	This introduces a new qemudUpdateClientEvent() method for that
	case, allowing the elimination of unneccessary error checking
	and removal of the server back-reference in struct qemud_client.
	* qemud/qemud.h: Remove 'server' field from struct qemud_client.
	  Add qemudUpdateClientEvent() method. Remove 'update' param
	  from qemudRegisterClientEvent method
	* qemud/dispatch.c, qemud/qemud.c, qemud/remote.c: Update alot
	  of code to use qemudUpdateClientEvent() instead of
	  qemudRegisterClientEvent(). Move more logic from remoteRelayDomainEvent
	  into remoteDispatchDomainEventSend.

	Move queuing of RPC replies into dispatch code
	This removes an assumption from qemudWorker() code that every
	incoming message will generate a reply.
	* qemud/dispatch.c: remoteDispatchClientRequest now has responsibility
	  for queuing the reply message to the RPC call
	* qemud/qemud.c: Do not queue the RPC call reply in qemudWorker(),
	  allowing remoteDispatchClientRequest() to take care of it

	Change code generator to give async event messages their own postfix
	The naming convention for structs used in the RPC layer is for
	incoming requests to be called XXXX_args, and the associated
	outgoing reply to be called XXXX_ret.  Asynchronously emitted
	messages (eg events) are re-using the XXXX_ret naming scheme.
	This patch changes that such that async messages are XXXX_msg,
	and stops adding entries for them in the dispatch table, avoiding
	the need for a dummy no-op implementation.
	* qemud/remote.c: Remove dummy remoteDispatchDomainEvent, no
	  longer required. Update to replace remote_domain_event_ret
	  with xdr_remote_domain_event_msg
	* qemud/remote_protocol.x: Rename remote_domain_event_ret to
	  remote_domain_event_msg
	* qemud/remote_generate_stubs.pl: Adding handling for new
	  XXX_msg structs.
	* src/remote_internal.c: Rename remote_domain_event_ret to
	  remote_domain_event_msg
	* qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h,
	  qemud/remote_dispatch_table.h, qemud/remote_protocol.h,
	  qemud/remote_protocol.c: auto-regenerate

	Separate code for encoding outgoing remote message headers
	Introduces an API for encoding the header field for outgoing messages
	allowing some duplicated code to be eliminated
	* qemud/dispatch.c, qemud/dispatch.h: add remoteEncodeClientMessageHeader
	  for encoding message header. Update remoteDispatchClientRequest to
	  use this method.
	* qemud/remote.c: Update remoteDispatchDomainEventSend to use the
	  generic remoteEncodeClientMessageHeader() for encoding event
	  message hedaders. Push some logic from remoteRelayDomainEvent
	  down into remoteDispatchDomainEventSend.

	Decode incoming request header before invoking dispatch code
	Separate the decoding of incoming request header out from the
	dispatch code. This will allow later code to making dispatcher
	routing decisions based on the header field data.
	* qemud/dispatch.c, qemud/dispatch.h: Add remoteDecodeClientMessageHeader
	  API for decoding the header of a client message. Update the
	  remoteDispatchClientRequest method to assume a pre-decoded
	  header.
	* qemud/qemud.h: Include a 'remote_message_header' field in
	  'struct qemud_client_message' for pre-decoded header data
	* qemud/qemud.c: Decode the incoming client message header before
	  invoking remoteDispatchClientRequest

	Split generic RPC message dispatch code out from remote protocol API handlers
	* po/POTFILES.in: Add qemud/dispatch.c
	* qemud/dispatch.c, qemud/dispatch.h: Generic code handling dispatch of
	  RPC messages.
	* qemud/Makefile.am: Add dispatch.c to build
	* qemud/qemud.c: Include dispatch.h
	* qemud/qemud.h: Remove remoteDispatchClientRequest, remoteRelayDomainEvent
	  now in dispatch.h
	* qemud/remote.c: Remove remoteDispatchClientRequest, remoteRelayDomainEvent
	  now in dispatch.c, and dispatch_args, dispatch_ret, dispatch_fn & dispatch_data
	  now in remote.h
	* qemud/remote.h: Add typedefs for dispatch_args, dispatch_ret,
	  dispatch_fn, dispath_data. Add remoteGetDispatchData() API

2009-07-16  Paolo Bonzini  <pbonzini@redhat.com>

	Implement qemu dump capabilities
	* src/qemu_driver.c (qemudDomainCoreDump): New
	  (qemuDriver): Add core dump function. The behaviour is similar
	  as the current Xen dump

	add cd and pwd commands to virsh
	* src/virsh.c: adds cd and pwd commands to virsh useful for save and
	  restore commands
	* docs/virsh.pod virsh.1: update the documentation
	* AUTHORS: add Paolo Bonzini

2009-07-16  Jim Meyering  <meyering@redhat.com>

	make "make syntax-check" consistent with "git diff --check"
	This makes "make syntax-check" fail when a version-controlled
	file contains a trailing blank line.
	* cfg.mk (sc_prohibit_trailing_blank_lines): New rule.

	remove all trailing blank lines
	by running this command:
	git ls-files -z | xargs -0 perl -pi -0777 -e 's/\n\n+$/\n/'
	This is in preparation for a more strict make syntax-check
	rule that will detect trailing blank lines.

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix free of unitialized data upon PCI open fail

	Fix SELinux denial during hotplug
	* src/qemu_driver.c: Relabel disk images *before* running QEMU
	hotplug monitor commands

	Fix PCI device hotplug/unplug with newer QEMU
	* src/qemu_driver.c: Try new monitor syntax for hotplug first. If
	  that fails fallback to old KVM specific syntax

	Fix problem with QEMU monitor welcome prompt confusing libvirt after a libvirtd daemon restart with active guests
	* src/qemu_driver: Read and dicard pending monitor data
	  before issuing new monitor commands.

	Ensure spawned children have a stderr/out set to /dev/null if requested

	Allow autostart of libvirtd to be disabled with LIBVIRT_AUTOSTART=0
	* src/remote_internal.c: Disable libvirtd autostart if the
	  LIBVIRT_AUTOSTART=0 env variable is set
	* src/libvirt.c: Document environment variables can impact
	  the virConnectOpen API

2009-07-16  Daniel Veillard  <veillard@redhat.com>

	netcf XML validation and input and output tests
	* tests/interfaceschematest: test all XML data against the interface
	  schemas
	* tests/interfacexml2xmltest.c: parse and reserialize all XML data
	  and check the output is identical
	* tests/Makefile.am: hook up the tests
	* tests/.gitignore: add ignore test

	Add netcf XML schemas and test data
	* docs/schemas/interface.rng: schemas for the interface XML files
	  directly imported from netcf-0.1.0
	* tests/interfaceschemadata/*.xml: set of test files from netcf-0.1.0
	  changed to use single quote instead of double quote

	add support for netcf XML import and export
	* src/interface_conf.c src/interface_conf.h: the import and export
	  routines and the internal APIs
	* src/Makefile.am: hook the new file in the makefiles
	* src/libvirt_private.syms: export a few private symbols internally
	* po/POTFILES.in: the new file contains translatable strings

2009-07-15  Daniel P. Berrange  <berrange@redhat.com>

	Ensure test:/// URIs get routed to the non-privileged libvirtd
	* src/remote_internal.c: Ensure that all test:/// URIs are dealt
	  with by the auto-started, per-user unprivileged libvirtd instances

	Fix error reporting for security driver over remote protocol
	* qemud/remote.c: Send back the actual libvirt connection error
	  rather than formatting a generic error for security driver
	  methods
	* src/libvirt.c: Fix virDomainGetSecurityLabel, and
	  virNodeGetSecurityModel to correctly set the error on
	  the virConnectPtr object, and raise a full error rather
	  than warning when not supported

2009-07-15  Garry Dolley  <gdolley@arpnetworks.com>

	Update the links for RHEL libvirt bugzillas

2009-07-13  Garry Dolley  <gdolley@ucla.edu>

	Update links to bugzilla
	* docs/bugs.html[.in]: general tickets are under the 'Virtualization
	  Tools' product category and Fedora specific tickets are under the
	  'Fedora' product category.

2009-07-11  Cole Robinson  <crobinso@redhat.com>

	Fix docs and code disagreements for character devices.
	The 'pipe' character type wasn't documented.
	TCP uses a <protocol> element, not <wire>
	We weren't doing strict validation for protocol and source mode values.

	qemu: Check driver is initialized up front, to avoid segfault.
	If the qemu_driver was not initialized (possibly due to an error on driver
	startup), we can segfault if attempting to connect to the URI.

2009-07-10  Jim Meyering  <meyering@redhat.com>

	build: automatically rerun ./bootstrap when needed
	When "git pull" (or any other operation) brings in a new version of the
	gnulib git submodule, you must rerun the autogen.sh script.  With this
	change, "make" now fails and tells you to run ./autogen.sh, when needed.
	* autogen.sh: Maintain a new file, .git-module-status, containing
	the current submodule status.  If it doesn't exist or its content
	is different from what "git submodule status" prints, then run
	./bootstrap
	* .gitignore: Add .git-module-status
	* cfg.mk: Diagnose out of date submodule and fail.
	* README-hacking: Update not to mention bootstrap.
	* Makefile.am (MAINTAINERCLEANFILES): Add .git-module-status,
	so that "make maintainerclean" will remove it.

	build: make autogen.sh use autoreconf -if
	* autogen.sh: Use "autoreconf -if" instead of open-coding it with
	manual and unconditional invocation of each separate tool.

2009-07-10  Mark McLoughlin  <markmc@redhat.com>

	Use virDomainChrTypeFromString() instead of open coding
	* src/domain_conf.c: replace open coded chr type parsing with
	  virDomainChrTypeFromString(), retaining the existing semantics
	  where unknown types are silently mapped to the "null" type and
	  "pty" is used if none is specified

	Switch to using a unix socket for the qemu monitor
	We keep support for the pty based monitor so that we can re-connect
	to VMs started by older versions of libvirtd.
	* src/domain_conf.c: handle formatting and parsing unix monitors
	* src/qemu_driver.c: add qemudOpenMonitorUnix(), remove the monitor
	  pty path searching from qemudFindCharDevicePTYs(), switch
	  qemudStartVMDaemon() and qemuDomainXMLToNative() to using a unix
	  monitor
	* tests/qemuxml2argvtest.c: switch to using a unix monitor
	* tests/qemuxml2argvdata/qemuxml2argv-*.args: update test data

	Add the monitor type to the domain state XML
	There are no functional changes in this patch apart from adding the
	monitor type to the state XML.
	The patch mostly consists of switching to use virDomainChrDef every
	where to describe the monitor.
	* src/domain_conf.h: replace monitorpath with monitor_chr
	* src/domain_conf.c: handle parsing the monitor type and initializing
	  monitor chr
	* src/qemu_conf.[ch]: make qemudBuildCommandLine take a
	  virDomainChrDefPtr and use that to build the -monitor parameter
	* src/qemu_driver.c: split pty specific and common code from
	  qemudOpenMonitor, have qemudStartVMDaemon() initialize monitor_chr
	* tests/qemuxml2argvtest.c: update for qemudBuildCommandLine() change

	Minor qemu monitor coding style fixes
	* src/qemu_driver.c: use a consistent coding style for function
	  definitions

	Don't leak vm->monitorpath on re-connect
	* src/qemu_driver.c: vm->monitorpath is already initialized in the case
	  of re-connect, so move the initialization for the normal startup case
	  out of the common code

2009-07-10  Jim Meyering  <meyering@redhat.com>

	build: update from gnulib, for latest maint.mk
	* gnulib: Update submodule to latest.
	This fixes the make syntax-check failure whereby sc_po_check
	would complain about cfg.mk.

	avoid a "make syntax-check" failure
	* .x-sc_avoid_if_before_free: Ignore *all* ChangeLog files,
	now, including ChangeLog-old.

2009-07-09  Daniel P. Berrange  <berrange@redhat.com>

	Fix wierd build problems due to autopoint overwriting gnulib m4
	* Makefile.am: List -I m4 first, in ACLOCAL_AMFLAGS
	* .gitignore: ignore gnulib/, ChangeLog, *rej, *orig, *#*# (emacs
	  temporary files)

2009-07-09  Jim Meyering  <meyering@redhat.com>

	doc: clone+build instructions
	* README-hacking: New file.
	* bootstrap: Remove obsolete comments.

	build: adjust aclocal's search patch to prefer gnulib's m4 files.
	* Makefile.am (ACLOCAL_AMFLAGS): Search gnulib/m4/ before m4/.

2009-07-08  Jim Meyering  <meyering@redhat.com>

	generate ChangeLog from git logs into distribution tarball
	No longer maintain a version-controlled ChangeLog file, but do
	continue to include a ChangeLog file in distribution tarball.
	* Makefile.am (gen-ChangeLog): New rule.
	(dist-hook): Depend on it.
	(EXTRA_DIST): Add ChangeLog-old.
	* bootstrap (modules): Add gitlog-to-changelog.
	* ChangeLog: Remove file.  Renamed to...
	* ChangeLog-old: ...this.  New file.
	* autogen.sh: Touch ChangeLog, to ensure it exists.  For automake.

	use gnumakefile and maintainer-makefile modules from gnulib
	* bootstrap (modules): Add gnumakefile and maintainer-makefile.
	* GNUmakefile: Remove file, now provided by gnulib.
	* Makefile.maint: Remove.  Replaced by maint.mk from gnulib.
	.gitignore: Add GNUmakefile and maint.mk.
	* cfg.mk (prev_version_file): Disable this feature.
	Setting this to /dev/null avoids an otherwise harmless diagnostic.

	remove all .cvsignore files

	make .gnulib a submodule
	This makes it so we record (via a git submodule)
	a snapshot of whatever version of gnulib we're using,
	and none of gnulib sources are in the libvirt repository.
	The result is that we have as much reproducibility as when
	we version-controlled imported copies of the gnulib sources,
	but without the hassle of the manual process we used when
	syncing with upstream.
	Note that when you clone libvirt, you get only the libvirt
	repository, but when you first run ./bootstrap, it clones
	gnulib (at the SHA1 recorded via the submodule), creating
	the .gnulib/ hierarchy.  Then, the bootstrap script runs
	gnulib-tool to populate gnulib/ with the files that make
	up the selected modules.
	Put the following in your ~/.gitconfig file.
	[alias]
	  syncsub = submodule foreach git pull origin master
	The update procedure is simple:
	  git syncsub
	  ...build & test...
	  git commit -m 'gnulib: sync submodule to latest' .gnulib
	* .gitmodules: New file.
	* .gnulib: Initialize.
	* bootstrap: Set up to use the new submodule.
	Stop using --no-vc-files.
	Don't remove .gitignore files.
	Don't use or create .cvsignore.
	Diagnose an invalid --gnulib-srcdir=DIR argument.
	* build-aux/vc-list-files: Delete file, now pulled from gnulib.
	* build-aux/useless-if-before-free: Likewise.
	* po/POTFILES.in: Remove gnulib/lib/gai_strerror.c, since
	it no longer contains translatable strings.
	* gnulib/*: Remove gnulib/ hierarchy.

	skip some of gnulib's new rules
	* cfg.mk (local-checks-to-skip): Add these: sc_error_message_uppercase,
	sc_program_name, sc_require_test_exit_idiom, sc_makefile_check.

	Prepare to use maint.mk from gnulib
	Since Makefile.maint will soon come from gnulib's maint.mk,
	sync Makefile.maint to have the same contents (modulo minor
	things).  In syncing it, we have to remove some libvirt-specific
	rules.  Since we want to keep them (of course), put those in cfg.mk.
	* Makefile.maint: Merge from gnulib's maint.mk.
	* cfg.mk (sc_avoid_write): New rule.  From Makefile.cfg.
	(sc_prohibit_strcmp_and_strncmp): Likewise, and rename.
	(sc_prohibit_asprintf, sc_prohibit_VIR_ERR_NO_MEMORY): Likewise.
	(sc_prohibit_nonreentrant): Likewise.
	(sc_prohibit_ctype_h): Likewise.
	(sc_TAB_in_indentation, sc_avoid_ctype_macros): Likewise.
	(sc_prohibit_virBufferAdd_with_string_literal): Likewise.
	(sc_prohibit_gethostby): Likewise.
	(sc_libvirt_unmarked_diagnostics): Likewise.  Also, rename the
	rule, inserting "_libvirt", since this rule is a specialization of
	the one in gnulib.
	* GNUmakefile: Include cfg.mk, not Makefile.cfg
	* .x-sc_prohibit_strcmp_and_strncmp: New file.
	* Makefile.am (EXTRA_DIST): Add .x-sc_prohibit_strcmp_and_strncmp

	* Makefile.cfg: Rename to...
	* cfg.mk: ...this.  New file.

2009-07-08  Jim Meyering  <jim@meyering.net>

	use automake-1.11's silent-rules option, when possible
	Don't use mylibtool, (subsumed by automake's silent rules)
	Its use was causing a non-srcdir build to fail.
	* Makefile.am (EXTRA_DIST): Remove mylibtool.
	* configure.in: Don't use mylibtool.
	* configure.in: Use AM_SILENT_RULES([yes]),
	but only if that m4 macro is defined.
	Thus, it works even on systems that lack automake-1.11.
	Daniel Berrange suggested adding the conditional, so that
	we don't have a hard requirement on 1.11, e.g., for RHEL5.

2009-07-08  Jim Meyering  <meyering@redhat.com>

	fix another failing "make distcheck" (qemuhelptest)
	It failed in a non-srcdir build because those 5 sample output
	files were not included in the distribution tarball.  Include them.
	* tests/Makefile.am (qemuhelpdata, EXTRA_DIST): Include these:
	kvm-74, kvm-86, qemu-0.10.5, qemu-0.9.1, qemu-kvm-0.10.5.

	fix failing "make distcheck"
	* docs/Makefile.am (xml): Distribute testpool.xml and testvol.xml,
	which are referenced from testnode.xml.

2009-07-08  Daniel P. Berrange  <berrange@redhat.com>

	Make it easier to debug tests running programs
		* tests/testutils.c: Don't discard stderr when running
		external programs during tests

	Support <video> element for QEMU guests
		* src/qemu_conf.c, src/qemu_conf.h: Use -vga or -std-vga
		when starting guests if video card is present
		* tests/qemuhelptest.c: Change to use constants instead
		of hardcoded hex numbers, and add VGA support
		* tests/qemuxml2argvdata/qemuxml2argv-graphics-sdl-fullscreen.xml,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-sdl.args,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-sdl.xml,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.xml,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.xml,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc.xml,
		tests/qemuxml2argvdata/qemuxml2argv-input-xen.xml: Add <video>
		element for testing graphics adapter
		* tests/qemuxml2argvtest.c: Add QEMUD_CMD_FLAG_VGA flag
		* tests/qemuxml2xmltest.c: Add missing graphics-vnc-sasl/tls tests

	Support <video> tag for defining VGA card properties
	 * docs/schemas/domain.rng: Define <video> element schema
	 * src/domain_conf.c, src/domain_conf.h, src/libvirt_private.syms:
	   Add parsing and formatting for <video> element

2009-07-08  Daniel Veillard  <veillard@redhat.com>

	Report the object name on lookup error
	* src/network_driver.c src/node_device.c src/storage_driver.c:
	  many places in the code reported 'No xxx with matching name" after
	  a Lookup error without reporting the name used by the failed lookup

2009-07-08  Harshavardhana  <harsha@gluster.com>

	Add new net filesystem glusterfs
	* src/storage_conf.c src/storage_conf.h: adds glusterfs to the list
	  of network storage
	* libvirt.spec.in: adds the dependency on glusterfs-client

2009-07-07  Paolo Bonzini  <pbonzini@redhat.com>

	Avoid raising an internal error
	* src/qemu_conf.c: when connecting an interface if it reference
	  an undefined network, then we used to raise an internal error.

2009-07-07  Daniel Veillard  <veillard@redhat.com>

	Fix informations about previous git server
	* docs/downloads.html[.in]: update the secton about
	the server on git.et.redhat.com based on the plans
	Jim posted.

2009-07-06  Dan Kenigsberg  <danken@redhat.com>

	Fix python examples to use read-write conn
	* docs/examples/python/domstart.py python/tests/create.py:
	The two example were broken as they needed full-access connection
	but only opened read-only connections

2009-07-06  Daniel Veillard  <veillard@redhat.com>

	update download informations after switch to git * docs/downloads.html docs/downloads.html.in: update download   informations after switch to git daniel
