api: disallow virConnect*HypervisorCPU on read-only connections

These APIs can be used to execute arbitrary emulators.
Forbid them on read-only connections.

Fixes: CVE-2019-10168
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit bf6c2830b6)
Signed-off-by: Ján Tomko <jtomko@redhat.com>

docs/formatsnapshot.html.in

@@ -33,7 +33,7 @@
         resume in a consistent state; but if the disks are modified
         externally in the meantime, this is likely to lead to data
         corruption.</dd>
-      <dt>system checkpoint</dt>
+      <dt>full system</dt>
       <dd>A combination of disk snapshots for all disks as well as VM
         memory state, which can be used to resume the guest from where it
         left off with symptoms similar to hibernation (that is, TCP
@@ -55,11 +55,12 @@
       as <code>virDomainSaveImageGetXMLDesc()</code> to work with
       those files.
     </p>
-    <p>System checkpoints are created
-      by <code>virDomainSnapshotCreateXML()</code> with no flags, and
+    <p>Full system snapshots are created
+      by <code>virDomainSnapshotCreateXML()</code> with no flags, while
       disk snapshots are created by the same function with
-      the <code>VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY</code> flag; in
-      both cases, they are restored by
+      the <code>VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY</code>
+      flag. Regardless of the flags provided, restoration of the
+      snapshot is handled by
       the <code>virDomainRevertToSnapshot()</code> function.  For
       these types of snapshots, libvirt tracks each snapshot as a
       separate <code>virDomainSnapshotPtr</code> object, and maintains
@@ -128,13 +129,10 @@
         what file name is created in an external snapshot.  On output,
         this is fully populated to show the state of each disk in the
         snapshot, including any properties that were generated by the
-        hypervisor defaults.  For system checkpoints, this field is
-        ignored on input and omitted on output (a system checkpoint
-        implies that all disks participate in the snapshot process,
-        and since the current implementation only does internal system
-        checkpoints, there are no extra details to add); a future
-        release may allow the use of <code>disks</code> with a system
-        checkpoint.  This element has a list of <code>disk</code>
+        hypervisor defaults.  For full system snapshots, this field is
+        ignored on input and omitted on output (a full system snapshot
+        implies that all disks participate in the snapshot process).
+        This element has a list of <code>disk</code>
         sub-elements, describing anywhere from zero to all of the
         disks associated with the domain.  <span class="since">Since
         0.9.5</span>
@@ -206,11 +204,12 @@
       </dd>
       <dt><code>state</code></dt>
       <dd>The state of the domain at the time this snapshot was taken.
-        If the snapshot was created as a system checkpoint, then this
-        is the state of the domain at that time; when the domain is
+        If a full system snapshot was created, then this
+        is the state of the domain at that time. When the domain is
         reverted to this snapshot, the domain's state will default to
-        whatever is in this field unless additional flags are passed
-        to <code>virDomainRevertToSnapshot()</code>.  Additionally,
+        this state, unless overridden
+        by <code>virDomainRevertToSnapshot()</code> flags to revert to
+        a running or paused state. Additionally,
         this field can be the value "disk-snapshot"
         (<span class="since">since 0.9.5</span>) when it represents
         only a disk snapshot (no VM memory state), and reverting to this

docs/news.xml

@@ -33,7 +33,7 @@
      -->
 
 <libvirt>
-  <release version="v5.1.0" date="unreleased">
+  <release version="v5.1.0" date="2019-03-04">
     <section title="New features">
       <change>
         <summary>
@@ -48,7 +48,7 @@
       </change>
       <change>
         <summary>
-          network: support setting a firewalld "zone" for virtual network bridges
+          network: Support setting a firewalld "zone" for virtual network bridges
         </summary>
         <description>
           All libvirt virtual networks with bridges managed by libvirt
@@ -61,7 +61,7 @@
       </change>
       <change>
         <summary>
-          bhyve: support for ignoring unknown MSRs reads and writes
+          bhyve: Support for ignoring unknown MSRs reads and writes
         </summary>
         <description>
           A new &lt;features&gt; element &lt;msrs unknown='ignore'/&gt; was
@@ -69,8 +69,105 @@
           Model Specific Registers (MSRs) reads and writes.
         </description>
       </change>
+      <change>
+        <summary>
+          qemu: Add support for encrypted VNC TLS keys
+        </summary>
+        <description>
+          Use the password stored in the secret driver under the uuid
+          specified by the <code>vnc_tls_x509_secret_uuid</code> option
+          in qemu.conf.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Add storage pool namespace options
+        </summary>
+        <description>
+          Allow for adjustment of RBD configuration options via Storage
+          Pool XML Namespace adjustments.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Add support for setting post-copy migration bandwidth
+        </summary>
+        <description>
+          Users can now limit the bandwidth of post-copy migration, e.g.
+          via <code>virsh migrate --postcopy-bandwidth</code>.
+        </description>
+      </change>
     </section>
     <section title="Improvements">
+      <change>
+        <summary>
+          Create private chains for virtual network firewall rules
+        </summary>
+        <description>
+          Historically firewall rules for virtual networks were added
+          straight into the base chains. This works but has a number of
+          bugs and design limitations. To address them, libvirt now puts
+          firewall rules into its own chains.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Detect CEPH and GPFS as shared FS
+        </summary>
+        <description>
+          When starting a migration libvirt performs some sanity checks
+          to make sure domain will be able to run on the destination.
+          One of the requirements is that the disk has to either be
+          migrated too or be accessible from a network filesystem. CEPH
+          and GPFS weren't detected as a network filesystem.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Advertise network MTU via DHCP when specified
+        </summary>
+        <description>
+          If network MTU is set and the network has DHCP enabled,
+          advertise the MTU in DHCP transaction too so that clients can
+          adjust their link accordingly.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Allocate memory at the configured NUMA nodes from start
+        </summary>
+        <description>
+          Libvirt used to just start QEMU, let it allocate memory for
+          the guest, and then use CGroups to move the memory to
+          configured NUMA nodes. This is suboptimal as huge chunks of
+          memory have to be moved. Moreover, this relies on ability to
+          move memory later which is not always true. A change was made
+          to set process affinity correctly from the start so that memory
+          is allocated on the configured nodes from the beginning.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Support for newer Wireshark
+        </summary>
+        <description>
+          Adapt libvirt to use the more recent release requiring a
+          source build configuration of libvirt
+          <code>--with-wireshark</code> to upgrade to the more recent
+          version.
+        </description>
+      </change>
+      <change>
+        <summary>
+          Batch mode virsh and virt-admin parsing improvements
+        </summary>
+        <description>
+          When parsing a single-argument command_string in batch mode,
+          virsh and virt-admin now permit newlines in addition to
+          semicolons for splitting commands, and backslash-newline for
+          splitting long lines, to be more like shell parsing.
+        </description>
+      </change>
     </section>
     <section title="Bug fixes">
       <change>
@@ -108,7 +205,7 @@
       </change>
       <change>
         <summary>
-          network: fix virtual networks on systems using firewalld+nftables
+          network: Fix virtual networks on systems using firewalld+nftables
         </summary>
         <description>
           Because of the transitional state of firewalld's new support
@@ -133,6 +230,112 @@
           attribute of the network bridge element).
         </description>
       </change>
+      <change>
+        <summary>
+          qemu: Fix i6300esb watchdog hotplug on Q35
+        </summary>
+        <description>
+          Ensure that libvirt allocates a PCI address for the device so
+          that QEMU did not default to an address that would not allow
+          for device hotplug.
+        </description>
+      </change>
+      <change>
+        <summary>
+          lxc: Don't reboot host on virDomainReboot
+        </summary>
+        <description>
+          If the container is really a simple one (init is just bash and
+          the whole root is passed through) then virDomainReboot and
+          virDomainShutdown would reboot or shutdown the host. The
+          solution is to use different method to reboot or shutdown the
+          container in that case (e.g. signal).
+        </description>
+      </change>
+      <change>
+        <summary>
+          rpc: Various stream fixes
+        </summary>
+        <description>
+          One particular race was fixed, one locking problem and error
+          reporting from streams was made better.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Fix guestfwd hotplug/hotunplug
+        </summary>
+        <description>
+          Fixed the generation of the guestfwd hotplug/unplug command
+          sent to QEMU to match the syntax used when creating the
+          initial command line.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Forbid CDROMs on virtio bus
+        </summary>
+        <description>
+          Attempting to create an empty virtio-blk drive or attempting
+          to eject it results into an error.  Forbid configurations
+          where users would attempt to use CDROMs in virtio bus.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Use 'raw' for 'volume' disks without format
+        </summary>
+        <description>
+          Storage pools might want to specify format of the image when
+          translating the volume thus libvirt can't add any default
+          format when parsing the XML. Add an explicit format when
+          starting the VM and format is not present neither by user
+          specifying it nor by the storage pool translation function.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Assume 'raw' default storage format also for network storage
+        </summary>
+        <description>
+          Post parse callback adds the 'raw' type only for local files.
+          Remote files can also have backing store (even local) so we
+          should do this also for network backed storage.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Fix block job progress reporting and advocate for READY event
+        </summary>
+        <description>
+          In some cases QEMU can get to 100% and still not reach the
+          synchronised phase. Initiating a pivot in that case will fail.
+          Therefore it is strongly advised to wait for
+          <code>VIR_DOMAIN_BLOCK_JOB_READY</code> event which does not
+          suffer from this problem.
+        </description>
+      </change>
+      <change>
+        <summary>
+          qemu: Don't format image properties for empty drive
+        </summary>
+        <description>
+          If a <code>-drive</code> has no image, then formatting
+          attributes such as cache, readonly, etc. would cause errors to
+          be reported from QEMU. This was fixed by not supplying the
+          attributes for devices without an image.
+        </description>
+      </change>
+      <change>
+        <summary>
+          External snapshot metadata redefinition is fixed
+        </summary>
+        <description>
+          Attempting to use VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE to
+          reinstate the metadata describing an external snapshot
+          created earlier for an offline domain no longer fails.
+        </description>
+      </change>
     </section>
   </release>
   <release version="v5.0.0" date="2019-01-15">

include/libvirt/libvirt-domain-snapshot.h

@@ -59,7 +59,7 @@ typedef enum {
     VIR_DOMAIN_SNAPSHOT_CREATE_HALT        = (1 << 3), /* Stop running guest
                                                           after snapshot */
     VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY   = (1 << 4), /* disk snapshot, not
-                                                          system checkpoint */
+                                                          full system */
     VIR_DOMAIN_SNAPSHOT_CREATE_REUSE_EXT   = (1 << 5), /* reuse any existing
                                                           external files */
     VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE     = (1 << 6), /* use guest agent to

m4/virt-storage-rbd.m4

@@ -33,6 +33,7 @@ AC_DEFUN([LIBVIRT_STORAGE_CHECK_RBD], [
       old_LIBS="$LIBS"
       LIBS="$LIBS $LIBRBD_LIBS"
       AC_CHECK_FUNCS([rbd_get_features],[],[LIBRBD_FOUND=no])
+      AC_CHECK_FUNCS([rbd_list2])
       LIBS="$old_LIBS"
     fi
 

src/admin/admin_server_dispatch.c

@@ -64,6 +64,28 @@ remoteAdmClientNew(virNetServerClientPtr client ATTRIBUTE_UNUSED,
                    void *opaque)
 {
     struct daemonAdmClientPrivate *priv;
+    uid_t clientuid;
+    gid_t clientgid;
+    pid_t clientpid;
+    unsigned long long timestamp;
+
+    if (virNetServerClientGetUNIXIdentity(client,
+                                          &clientuid,
+                                          &clientgid,
+                                          &clientpid,
+                                          &timestamp) < 0)
+        return NULL;
+
+    VIR_DEBUG("New client pid %lld uid %lld",
+              (long long)clientpid,
+              (long long)clientuid);
+
+    if (geteuid() != clientuid) {
+        virReportRestrictedError(_("Disallowing client %lld with uid %lld"),
+                                 (long long)clientpid,
+                                 (long long)clientuid);
+        return NULL;
+    }
 
     if (VIR_ALLOC(priv) < 0)
         return NULL;

src/conf/snapshot_conf.c

@@ -1225,6 +1225,8 @@ virDomainSnapshotRedefinePrep(virDomainPtr domain,
     int align_location = VIR_DOMAIN_SNAPSHOT_LOCATION_INTERNAL;
     bool align_match = true;
     virDomainSnapshotObjPtr other;
+    bool external = def->state == VIR_DOMAIN_DISK_SNAPSHOT ||
+        virDomainSnapshotDefIsExternal(def);
 
     /* Prevent circular chains */
     if (def->parent) {
@@ -1259,14 +1261,12 @@ virDomainSnapshotRedefinePrep(virDomainPtr domain,
     }
 
     /* Check that any replacement is compatible */
-    if ((flags & VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY) &&
-        def->state != VIR_DOMAIN_DISK_SNAPSHOT) {
+    if ((flags & VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY) && !external) {
         virReportError(VIR_ERR_INVALID_ARG,
                        _("disk-only flag for snapshot %s requires "
                          "disk-snapshot state"),
                        def->name);
         goto cleanup;
-
     }
 
     if (def->dom &&
@@ -1296,8 +1296,8 @@ virDomainSnapshotRedefinePrep(virDomainPtr domain,
         if ((other->def->state == VIR_DOMAIN_DISK_SNAPSHOT) !=
             (def->state == VIR_DOMAIN_DISK_SNAPSHOT)) {
             virReportError(VIR_ERR_INVALID_ARG,
-                           _("cannot change between disk snapshot and "
-                             "system checkpoint in snapshot %s"),
+                           _("cannot change between disk only and "
+                             "full system in snapshot %s"),
                            def->name);
             goto cleanup;
         }
@@ -1315,8 +1315,7 @@ virDomainSnapshotRedefinePrep(virDomainPtr domain,
         }
 
         if (def->dom) {
-            if (def->state == VIR_DOMAIN_DISK_SNAPSHOT ||
-                virDomainSnapshotDefIsExternal(def)) {
+            if (external) {
                 align_location = VIR_DOMAIN_SNAPSHOT_LOCATION_EXTERNAL;
                 align_match = false;
             }
@@ -1346,8 +1345,7 @@ virDomainSnapshotRedefinePrep(virDomainPtr domain,
         *snap = other;
     } else {
         if (def->dom) {
-            if (def->state == VIR_DOMAIN_DISK_SNAPSHOT ||
-                def->memory == VIR_DOMAIN_SNAPSHOT_LOCATION_EXTERNAL) {
+            if (external) {
                 align_location = VIR_DOMAIN_SNAPSHOT_LOCATION_EXTERNAL;
                 align_match = false;
             }

src/cpu/cpu_x86.c

@@ -165,7 +165,6 @@ struct _virCPUx86Map {
 };
 
 static virCPUx86MapPtr cpuMap;
-static unsigned int microcodeVersion;
 
 int virCPUx86DriverOnceInit(void);
 VIR_ONCE_GLOBAL_INIT(virCPUx86Driver);
@@ -1332,8 +1331,6 @@ virCPUx86DriverOnceInit(void)
     if (!(cpuMap = virCPUx86LoadMap()))
         return -1;
 
-    microcodeVersion = virHostCPUGetMicrocodeVersion();
-
     return 0;
 }
 
@@ -2373,7 +2370,7 @@ virCPUx86GetHost(virCPUDefPtr cpu,
         goto cleanup;
 
     ret = x86DecodeCPUData(cpu, cpuData, models);
-    cpu->microcodeVersion = microcodeVersion;
+    cpu->microcodeVersion = virHostCPUGetMicrocodeVersion();
 
  cleanup:
     virCPUx86DataFree(cpuData);

src/cpu_map/x86_features.xml

@@ -317,6 +317,9 @@
   <feature name='avx512-4fmaps'>
     <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
   </feature>
+  <feature name='md-clear'> <!-- md_clear -->
+    <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/>
+  </feature>
   <feature name='pconfig'>
     <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00040000'/>
   </feature>

src/libvirt-domain-snapshot.c

@@ -105,8 +105,9 @@ virDomainSnapshotGetConnect(virDomainSnapshotPtr snapshot)
  * contained in xmlDesc.
  *
  * If @flags is 0, the domain can be active, in which case the
- * snapshot will be a system checkpoint (both disk state and runtime
- * VM state such as RAM contents), where reverting to the snapshot is
+ * snapshot will be a full system snapshot (capturing both disk state,
+ * and runtime VM state such as RAM contents), where reverting to the
+ * snapshot is
  * the same as resuming from hibernation (TCP connections may have
  * timed out, but everything else picks up where it left off); or
  * the domain can be inactive, in which case the snapshot includes
@@ -149,7 +150,7 @@ virDomainSnapshotGetConnect(virDomainSnapshotPtr snapshot)
  * is not paused while creating the snapshot. This increases the size
  * of the memory dump file, but reduces downtime of the guest while
  * taking the snapshot. Some hypervisors only support this flag during
- * external checkpoints.
+ * external snapshots.
  *
  * If @flags includes VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY, then the
  * snapshot will be limited to the disks described in @xmlDesc, and no

src/libvirt-domain.c

@@ -1073,8 +1073,7 @@ virDomainRestoreFlags(virConnectPtr conn, const char *from, const char *dxml,
  * previously by virDomainSave() or virDomainSaveFlags().
  *
  * No security-sensitive data will be included unless @flags contains
- * VIR_DOMAIN_SAVE_IMAGE_XML_SECURE; this flag is rejected on read-only
- * connections.
+ * VIR_DOMAIN_SAVE_IMAGE_XML_SECURE.
  *
  * Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of
  * error.  The caller must free() the returned value.
@@ -1090,13 +1089,7 @@ virDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *file,
 
     virCheckConnectReturn(conn, NULL);
     virCheckNonNullArgGoto(file, error);
-
-    if ((conn->flags & VIR_CONNECT_RO) &&
-        (flags & VIR_DOMAIN_SAVE_IMAGE_XML_SECURE)) {
-        virReportError(VIR_ERR_OPERATION_DENIED, "%s",
-                       _("virDomainSaveImageGetXMLDesc with secure flag"));
-        goto error;
-    }
+    virCheckReadOnlyGoto(conn->flags, error);
 
     if (conn->driver->domainSaveImageGetXMLDesc) {
         char *ret;
@@ -2561,6 +2554,15 @@ virDomainGetControlInfo(virDomainPtr domain,
  * describing CPU capabilities is modified to match actual
  * capabilities of the host.
  *
+ * If @flags contains VIR_DOMAIN_XML_MIGRATABLE, the XML is altered to
+ * assist in migrations, since the source and destination may be
+ * running different libvirt versions.  This may include trimming
+ * redundant or default information that might confuse an older
+ * recipient, or exposing internal details that aid a newer recipient;
+ * this flag is rejected on read-only connections, and the resulting
+ * XML might not validate against the schema, so it is mainly for
+ * internal use.
+ *
  * Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of error.
  *         the caller must free() the returned value.
  */
@@ -9563,6 +9565,7 @@ virDomainManagedSaveDefineXML(virDomainPtr domain, const char *dxml,
 
     virCheckDomainReturn(domain, -1);
     conn = domain->conn;
+    virCheckReadOnlyGoto(conn->flags, error);
 
     if (conn->driver->domainManagedSaveDefineXML) {
         int ret;
@@ -11357,6 +11360,7 @@ virConnectGetDomainCapabilities(virConnectPtr conn,
     virResetLastError();
 
     virCheckConnectReturn(conn, NULL);
+    virCheckReadOnlyGoto(conn->flags, error);
 
     if (conn->driver->connectGetDomainCapabilities) {
         char *ret;

src/libvirt-host.c

@@ -1041,6 +1041,7 @@ virConnectCompareHypervisorCPU(virConnectPtr conn,
 
     virCheckConnectReturn(conn, VIR_CPU_COMPARE_ERROR);
     virCheckNonNullArgGoto(xmlCPU, error);
+    virCheckReadOnlyGoto(conn->flags, error);
 
     if (conn->driver->connectCompareHypervisorCPU) {
         int ret;
@@ -1234,6 +1235,7 @@ virConnectBaselineHypervisorCPU(virConnectPtr conn,
 
     virCheckConnectReturn(conn, NULL);
     virCheckNonNullArgGoto(xmlCPUs, error);
+    virCheckReadOnlyGoto(conn->flags, error);
 
     if (conn->driver->connectBaselineHypervisorCPU) {
         char *cpu;

src/locking/virtlockd-admin.socket.in

@@ -5,6 +5,7 @@ Before=libvirtd.service
 [Socket]
 ListenStream=@localstatedir@/run/libvirt/virtlockd-admin-sock
 Service=virtlockd.service
+SocketMode=0600
 
 [Install]
 WantedBy=sockets.target

src/locking/virtlockd.socket.in

@@ -4,6 +4,7 @@ Before=libvirtd.service
 
 [Socket]
 ListenStream=@localstatedir@/run/libvirt/virtlockd-sock
+SocketMode=0600
 
 [Install]
 WantedBy=sockets.target

src/logging/virtlogd-admin.socket.in

@@ -5,6 +5,7 @@ Before=libvirtd.service
 [Socket]
 ListenStream=@localstatedir@/run/libvirt/virtlogd-admin-sock
 Service=virtlogd.service
+SocketMode=0600
 
 [Install]
 WantedBy=sockets.target

src/logging/virtlogd.socket.in

@@ -4,6 +4,7 @@ Before=libvirtd.service
 
 [Socket]
 ListenStream=@localstatedir@/run/libvirt/virtlogd-sock
+SocketMode=0600
 
 [Install]
 WantedBy=sockets.target

src/network/bridge_driver.c

@@ -2108,8 +2108,11 @@ static void
 networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup)
 {
     VIR_INFO("Reloading iptables rules");
-    if (networkPreReloadFirewallRules(startup) < 0)
+    /* Ideally we'd not even register the driver when unprivilegd
+     * but until we untangle the virt driver that's not viable */
+    if (!driver->privileged)
         return;
+    networkPreReloadFirewallRules(startup);
     virNetworkObjListForEach(driver->networks,
                              networkReloadFirewallRulesHelper,
                              NULL);

src/network/bridge_driver_linux.c

@@ -35,11 +35,37 @@ VIR_LOG_INIT("network.bridge_driver_linux");
 
 #define PROC_NET_ROUTE "/proc/net/route"
 
-int networkPreReloadFirewallRules(bool startup)
+static virErrorPtr errInitV4;
+static virErrorPtr errInitV6;
+
+void networkPreReloadFirewallRules(bool startup)
 {
-    int ret = iptablesSetupPrivateChains();
-    if (ret < 0)
-        return -1;
+    bool created = false;
+    int rc;
+
+    /* We create global rules upfront as we don't want
+     * the perf hit of conditionally figuring out whether
+     * to create them each time a network is started.
+     *
+     * Any errors here are saved to be reported at time
+     * of starting the network though as that makes them
+     * more likely to be seen by a human
+     */
+    rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV4);
+    if (rc < 0) {
+        errInitV4 = virSaveLastError();
+        virResetLastError();
+    }
+    if (rc)
+        created = true;
+
+    rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV6);
+    if (rc < 0) {
+        errInitV6 = virSaveLastError();
+        virResetLastError();
+    }
+    if (rc)
+        created = true;
 
     /*
      * If this is initial startup, and we just created the
@@ -54,10 +80,8 @@ int networkPreReloadFirewallRules(bool startup)
      * rules will be present. Thus we can safely just tell it
      * to always delete from the builin chain
      */
-    if (startup && ret == 1)
+    if (startup && created)
         iptablesSetDeletePrivate(false);
-
-    return 0;
 }
 
 
@@ -671,6 +695,21 @@ int networkAddFirewallRules(virNetworkDefPtr def)
     virFirewallPtr fw = NULL;
     int ret = -1;
 
+    if (errInitV4 &&
+        (virNetworkDefGetIPByIndex(def, AF_INET, 0) ||
+         virNetworkDefGetRouteByIndex(def, AF_INET, 0))) {
+        virSetError(errInitV4);
+        return -1;
+    }
+
+    if (errInitV6 &&
+        (virNetworkDefGetIPByIndex(def, AF_INET6, 0) ||
+         virNetworkDefGetRouteByIndex(def, AF_INET6, 0) ||
+         def->ipv6nogw)) {
+        virSetError(errInitV6);
+        return -1;
+    }
+
     if (def->bridgeZone) {
 
         /* if a firewalld zone has been specified, fail/log an error

src/network/bridge_driver_nop.c

@@ -19,9 +19,8 @@
 
 #include <config.h>
 
-int networkPreReloadFirewallRules(bool startup ATTRIBUTE_UNUSED)
+void networkPreReloadFirewallRules(bool startup ATTRIBUTE_UNUSED)
 {
-    return 0;
 }
 
 

src/network/bridge_driver_platform.h

@@ -58,7 +58,7 @@ struct _virNetworkDriverState {
 typedef struct _virNetworkDriverState virNetworkDriverState;
 typedef virNetworkDriverState *virNetworkDriverStatePtr;
 
-int networkPreReloadFirewallRules(bool startup);
+void networkPreReloadFirewallRules(bool startup);
 void networkPostReloadFirewallRules(bool startup);
 
 int networkCheckRouteCollision(virNetworkDefPtr def);

src/qemu/qemu_capabilities.c

@@ -4487,7 +4487,7 @@ virQEMUCapsNewData(const char *binary,
                                            priv->libDir,
                                            priv->runUid,
                                            priv->runGid,
-                                           priv->microcodeVersion,
+                                           virHostCPUGetMicrocodeVersion(),
                                            priv->kernelVersion);
 }
 
@@ -4570,8 +4570,7 @@ virFileCachePtr
 virQEMUCapsCacheNew(const char *libDir,
                     const char *cacheDir,
                     uid_t runUid,
-                    gid_t runGid,
-                    unsigned int microcodeVersion)
+                    gid_t runGid)
 {
     char *capsCacheDir = NULL;
     virFileCachePtr cache = NULL;
@@ -4595,7 +4594,6 @@ virQEMUCapsCacheNew(const char *libDir,
 
     priv->runUid = runUid;
     priv->runGid = runGid;
-    priv->microcodeVersion = microcodeVersion;
     priv->kvmUsable = VIR_TRISTATE_BOOL_ABSENT;
 
     if (uname(&uts) == 0 &&
@@ -4617,8 +4615,11 @@ virQEMUCapsPtr
 virQEMUCapsCacheLookup(virFileCachePtr cache,
                        const char *binary)
 {
+    virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache);
     virQEMUCapsPtr ret = NULL;
 
+    priv->microcodeVersion = virHostCPUGetMicrocodeVersion();
+
     ret = virFileCacheLookup(cache, binary);
 
     VIR_DEBUG("Returning caps %p for %s", ret, binary);
@@ -4672,6 +4673,7 @@ virQEMUCapsPtr
 virQEMUCapsCacheLookupByArch(virFileCachePtr cache,
                              virArch arch)
 {
+    virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache);
     virQEMUCapsPtr ret = NULL;
     const char *binaryFilters[] = {
         "qemu-system-",
@@ -4684,6 +4686,8 @@ virQEMUCapsCacheLookupByArch(virFileCachePtr cache,
     size_t i;
     size_t j;
 
+    priv->microcodeVersion = virHostCPUGetMicrocodeVersion();
+
     for (i = 0; i < ARRAY_CARDINALITY(binaryFilters); i++) {
         for (j = 0; j < ARRAY_CARDINALITY(archs); j++) {
             struct virQEMUCapsSearchData data = {

src/qemu/qemu_capabilities.h

@@ -587,8 +587,7 @@ void virQEMUCapsFilterByMachineType(virQEMUCapsPtr qemuCaps,
 virFileCachePtr virQEMUCapsCacheNew(const char *libDir,
                                     const char *cacheDir,
                                     uid_t uid,
-                                    gid_t gid,
-                                    unsigned int microcodeVersion);
+                                    gid_t gid);
 virQEMUCapsPtr virQEMUCapsCacheLookup(virFileCachePtr cache,
                                       const char *binary);
 virQEMUCapsPtr virQEMUCapsCacheLookupCopy(virFileCachePtr cache,

src/qemu/qemu_domain.c

@@ -10700,7 +10700,7 @@ qemuDomainRefreshVcpuInfo(virQEMUDriverPtr driver,
         }
 
         for (j = 0; j < i; j++) {
-            if (info[i].tid == info[j].tid) {
+            if (info[i].tid != 0 && info[i].tid == info[j].tid) {
                 VIR_DEBUG("vCPU[%zu] PID %llu duplicates vCPU[%zu]",
                           i, (unsigned long long)info[i].tid, j);
                 validTIDs = false;

src/qemu/qemu_driver.c

@@ -585,8 +585,6 @@ qemuStateInitialize(bool privileged,
     char *hugepagePath = NULL;
     char *memoryBackingPath = NULL;
     size_t i;
-    virCPUDefPtr hostCPU = NULL;
-    unsigned int microcodeVersion = 0;
 
     if (VIR_ALLOC(qemu_driver) < 0)
         return -1;
@@ -809,15 +807,10 @@ qemuStateInitialize(bool privileged,
         run_gid = cfg->group;
     }
 
-    if ((hostCPU = virCPUProbeHost(virArchFromHost())))
-        microcodeVersion = hostCPU->microcodeVersion;
-    virCPUDefFree(hostCPU);
-
     qemu_driver->qemuCapsCache = virQEMUCapsCacheNew(cfg->libDir,
                                                      cfg->cacheDir,
                                                      run_uid,
-                                                     run_gid,
-                                                     microcodeVersion);
+                                                     run_gid);
     if (!qemu_driver->qemuCapsCache)
         goto error;
 
@@ -2148,7 +2141,7 @@ qemuDomainReset(virDomainPtr dom, unsigned int flags)
 }
 
 
-/* Count how many snapshots in a set are external snapshots or checkpoints.  */
+/* Count how many snapshots in a set are external snapshots.  */
 static int
 qemuDomainSnapshotCountExternal(void *payload,
                                 const void *name ATTRIBUTE_UNUSED,
@@ -7090,7 +7083,7 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path,
     if (fd < 0)
         goto cleanup;
 
-    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0)
+    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
         goto cleanup;
 
     ret = qemuDomainDefFormatXML(driver, def, flags);
@@ -15093,7 +15086,7 @@ qemuDomainSnapshotPrepare(virDomainObjPtr vm,
     if ((def->memory == VIR_DOMAIN_SNAPSHOT_LOCATION_INTERNAL && !found_internal) ||
         (found_internal && forbid_internal)) {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                       _("internal snapshots and checkpoints require all "
+                       _("internal and full system snapshots require all "
                          "disks to be selected for snapshot"));
         goto cleanup;
     }
@@ -15543,7 +15536,7 @@ qemuDomainSnapshotCreateActiveExternal(virQEMUDriverPtr driver,
     if (virDomainObjGetState(vm, NULL) == VIR_DOMAIN_PMSUSPENDED) {
         pmsuspended = true;
     } else if (virDomainObjGetState(vm, NULL) == VIR_DOMAIN_RUNNING) {
-        /* For external checkpoints (those with memory), the guest
+        /* For full system external snapshots (those with memory), the guest
          * must pause (either by libvirt up front, or by qemu after
          * _LIVE converges). */
         if (memory)
@@ -15693,6 +15686,7 @@ qemuDomainSnapshotCreateXML(virDomainPtr domain,
     virQEMUDriverConfigPtr cfg = NULL;
     virCapsPtr caps = NULL;
     qemuDomainObjPrivatePtr priv;
+    virDomainState state;
 
     virCheckFlags(VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE |
                   VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT |
@@ -15771,12 +15765,16 @@ qemuDomainSnapshotCreateXML(virDomainPtr domain,
          redefine)) {
         virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
                        _("live snapshot creation is supported only "
-                         "with external checkpoints"));
+                         "during full system snapshots"));
         goto cleanup;
     }
 
     /* allow snapshots only in certain states */
-    switch ((virDomainState) vm->state.state) {
+    state = vm->state.state;
+    if (redefine)
+        state = def->state == VIR_DOMAIN_DISK_SNAPSHOT ? VIR_DOMAIN_SHUTOFF :
+            def->state;
+    switch (state) {
         /* valid states */
     case VIR_DOMAIN_RUNNING:
     case VIR_DOMAIN_PAUSED:
@@ -15796,7 +15794,7 @@ qemuDomainSnapshotCreateXML(virDomainPtr domain,
     case VIR_DOMAIN_BLOCKED: /* invalid state, unused in qemu */
     case VIR_DOMAIN_LAST:
         virReportError(VIR_ERR_INTERNAL_ERROR, _("Invalid domain state %s"),
-                       virDomainStateTypeToString(vm->state.state));
+                       virDomainStateTypeToString(state));
         goto cleanup;
     }
 
@@ -15891,12 +15889,12 @@ qemuDomainSnapshotCreateXML(virDomainPtr domain,
     } else if (virDomainObjIsActive(vm)) {
         if (flags & VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY ||
             snap->def->memory == VIR_DOMAIN_SNAPSHOT_LOCATION_EXTERNAL) {
-            /* external checkpoint or disk snapshot */
+            /* external full system or disk snapshot */
             if (qemuDomainSnapshotCreateActiveExternal(driver,
                                                        vm, snap, flags) < 0)
                 goto endjob;
         } else {
-            /* internal checkpoint */
+            /* internal full system */
             if (qemuDomainSnapshotCreateActiveInternal(driver,
                                                        vm, snap, flags) < 0)
                 goto endjob;

src/remote/remote_protocol.x

@@ -5234,8 +5234,7 @@ enum remote_procedure {
     /**
      * @generate: both
      * @priority: high
-     * @acl: domain:read
-     * @acl: domain:read_secure:VIR_DOMAIN_SAVE_IMAGE_XML_SECURE
+     * @acl: domain:write
      */
     REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
 

src/storage/storage_backend_iscsi_direct.c

@@ -245,7 +245,7 @@ static int
 virISCSIDirectGetVolumeCapacity(struct iscsi_context *iscsi,
                                 int lun,
                                 uint32_t *block_size,
-                                uint32_t *nb_block)
+                                uint64_t *nb_block)
 {
     struct scsi_task *task = NULL;
     struct scsi_inquiry_standard *inq = NULL;
@@ -267,12 +267,12 @@ virISCSIDirectGetVolumeCapacity(struct iscsi_context *iscsi,
     }
 
     if (inq->device_type == SCSI_INQUIRY_PERIPHERAL_DEVICE_TYPE_DIRECT_ACCESS) {
-        struct scsi_readcapacity10 *rc10 = NULL;
+        struct scsi_readcapacity16 *rc16 = NULL;
 
         scsi_free_scsi_task(task);
         task = NULL;
 
-        if (!(task = iscsi_readcapacity10_sync(iscsi, lun, 0, 0)) ||
+        if (!(task = iscsi_readcapacity16_sync(iscsi, lun)) ||
             task->status != SCSI_STATUS_GOOD) {
             virReportError(VIR_ERR_INTERNAL_ERROR,
                            _("Failed to get capacity of lun: %s"),
@@ -280,15 +280,15 @@ virISCSIDirectGetVolumeCapacity(struct iscsi_context *iscsi,
             goto cleanup;
         }
 
-        if (!(rc10 = scsi_datain_unmarshall(task))) {
+        if (!(rc16 = scsi_datain_unmarshall(task))) {
             virReportError(VIR_ERR_INTERNAL_ERROR,
                            _("Failed to unmarshall reply: %s"),
                            iscsi_get_error(iscsi));
             goto cleanup;
         }
 
-        *block_size  = rc10->block_size;
-        *nb_block = rc10->lba;
+        *block_size  = rc16->block_length;
+        *nb_block = rc16->returned_lba;
 
     }
 
@@ -306,10 +306,9 @@ virISCSIDirectRefreshVol(virStoragePoolObjPtr pool,
 {
     virStoragePoolDefPtr def = virStoragePoolObjGetDef(pool);
     uint32_t block_size;
-    uint32_t nb_block;
+    uint64_t nb_block;
     VIR_AUTOPTR(virStorageVolDef) vol = NULL;
 
-    virStoragePoolObjClearVols(pool);
     if (virISCSIDirectTestUnitReady(iscsi, lun) < 0)
         return -1;
 
@@ -341,6 +340,7 @@ virISCSIDirectReportLuns(virStoragePoolObjPtr pool,
                          struct iscsi_context *iscsi,
                          char *portal)
 {
+    virStoragePoolDefPtr def = virStoragePoolObjGetDef(pool);
     struct scsi_task *task = NULL;
     struct scsi_reportluns_list *list = NULL;
     int full_size;
@@ -373,6 +373,9 @@ virISCSIDirectReportLuns(virStoragePoolObjPtr pool,
         goto cleanup;
     }
 
+    def->capacity = 0;
+    def->allocation = 0;
+    virStoragePoolObjClearVols(pool);
     for (i = 0; i < list->num; i++) {
         if (virISCSIDirectRefreshVol(pool, iscsi, list->luns[i], portal) < 0)
             goto cleanup;
@@ -624,9 +627,9 @@ static int
 virStorageBackendISCSIDirectVolWipeZero(virStorageVolDefPtr vol,
                                         struct iscsi_context *iscsi)
 {
-    uint32_t lba = 0;
+    uint64_t lba = 0;
     uint32_t block_size;
-    uint32_t nb_block;
+    uint64_t nb_block;
     struct scsi_task *task = NULL;
     int lun = 0;
     int ret = -1;
@@ -644,14 +647,14 @@ virStorageBackendISCSIDirectVolWipeZero(virStorageVolDefPtr vol,
     while (lba < nb_block) {
         if (nb_block - lba > block_size * BLOCK_PER_PACKET) {
 
-            if (!(task = iscsi_write10_sync(iscsi, lun, lba, data,
+            if (!(task = iscsi_write16_sync(iscsi, lun, lba, data,
                                             block_size * BLOCK_PER_PACKET,
                                             block_size, 0, 0, 0, 0, 0)))
                 return -1;
             scsi_free_scsi_task(task);
             lba += BLOCK_PER_PACKET;
         } else {
-            if (!(task = iscsi_write10_sync(iscsi, lun, lba, data, block_size,
+            if (!(task = iscsi_write16_sync(iscsi, lun, lba, data, block_size,
                                         block_size, 0, 0, 0, 0, 0)))
                 return -1;
             scsi_free_scsi_task(task);

src/storage/storage_backend_rbd.c

@@ -565,19 +565,111 @@ volStorageBackendRBDRefreshVolInfo(virStorageVolDefPtr vol,
     return ret;
 }
 
+
+#ifdef HAVE_RBD_LIST2
+static char **
+virStorageBackendRBDGetVolNames(virStorageBackendRBDStatePtr ptr)
+{
+    char **names = NULL;
+    size_t nnames = 0;
+    int rc;
+    rbd_image_spec_t *images = NULL;
+    size_t nimages = 16;
+    size_t i;
+
+    while (true) {
+        if (VIR_ALLOC_N(images, nimages) < 0)
+            goto error;
+
+        rc = rbd_list2(ptr->ioctx, images, &nimages);
+        if (rc >= 0)
+            break;
+        if (rc != -ERANGE) {
+            virReportSystemError(-rc, "%s", _("Unable to list RBD images"));
+            goto error;
+        }
+    }
+
+    if (VIR_ALLOC_N(names, nimages + 1) < 0)
+        goto error;
+    nnames = nimages;
+
+    for (i = 0; i < nimages; i++)
+        VIR_STEAL_PTR(names[i], images->name);
+
+    return names;
+
+ error:
+    virStringListFreeCount(names, nnames);
+    rbd_image_spec_list_cleanup(images, nimages);
+    VIR_FREE(images);
+    return NULL;
+}
+
+#else /* ! HAVE_RBD_LIST2 */
+
+static char **
+virStorageBackendRBDGetVolNames(virStorageBackendRBDStatePtr ptr)
+{
+    char **names = NULL;
+    size_t nnames = 0;
+    int rc;
+    size_t max_size = 1024;
+    VIR_AUTOFREE(char *) namebuf = NULL;
+    const char *name;
+
+    while (true) {
+        if (VIR_ALLOC_N(namebuf, max_size) < 0)
+            goto error;
+
+        rc = rbd_list(ptr->ioctx, namebuf, &max_size);
+        if (rc >= 0)
+            break;
+        if (rc != -ERANGE) {
+            virReportSystemError(-rc, "%s", _("Unable to list RBD images"));
+            goto error;
+        }
+        VIR_FREE(namebuf);
+    }
+
+    for (name = namebuf; name < namebuf + max_size;) {
+        VIR_AUTOFREE(char *) namedup = NULL;
+
+        if (STREQ(name, ""))
+            break;
+
+        if (VIR_STRDUP(namedup, name) < 0)
+            goto error;
+
+        if (VIR_APPEND_ELEMENT(names, nnames, namedup) < 0)
+            goto error;
+
+        name += strlen(name) + 1;
+    }
+
+    if (VIR_EXPAND_N(names, nnames, 1) < 0)
+        goto error;
+
+    return names;
+
+ error:
+    virStringListFreeCount(names, nnames);
+    return NULL;
+}
+#endif /* ! HAVE_RBD_LIST2 */
+
+
 static int
 virStorageBackendRBDRefreshPool(virStoragePoolObjPtr pool)
 {
-    size_t max_size = 1024;
     int ret = -1;
-    int len = -1;
     int r = 0;
-    char *name;
     virStoragePoolDefPtr def = virStoragePoolObjGetDef(pool);
     virStorageBackendRBDStatePtr ptr = NULL;
     struct rados_cluster_stat_t clusterstat;
     struct rados_pool_stat_t poolstat;
-    VIR_AUTOFREE(char *) names = NULL;
+    char **names = NULL;
+    size_t i;
 
     if (!(ptr = virStorageBackendRBDNewState(pool)))
         goto cleanup;
@@ -602,33 +694,16 @@ virStorageBackendRBDRefreshPool(virStoragePoolObjPtr pool)
               def->source.name, clusterstat.kb, clusterstat.kb_avail,
               poolstat.num_bytes);
 
-    while (true) {
-        if (VIR_ALLOC_N(names, max_size) < 0)
-            goto cleanup;
+    if (!(names = virStorageBackendRBDGetVolNames(ptr)))
+        goto cleanup;
 
-        len = rbd_list(ptr->ioctx, names, &max_size);
-        if (len >= 0)
-            break;
-        if (len != -ERANGE) {
-            VIR_WARN("%s", "A problem occurred while listing RBD images");
-            goto cleanup;
-        }
-        VIR_FREE(names);
-    }
-
-    for (name = names; name < names + max_size;) {
+    for (i = 0; names[i] != NULL; i++) {
         VIR_AUTOPTR(virStorageVolDef) vol = NULL;
 
-        if (STREQ(name, ""))
-            break;
-
         if (VIR_ALLOC(vol) < 0)
             goto cleanup;
 
-        if (VIR_STRDUP(vol->name, name) < 0)
-            goto cleanup;
-
-        name += strlen(name) + 1;
+        VIR_STEAL_PTR(vol->name, names[i]);
 
         r = volStorageBackendRBDRefreshVolInfo(vol, pool, ptr);
 
@@ -661,6 +736,7 @@ virStorageBackendRBDRefreshPool(virStoragePoolObjPtr pool)
     ret = 0;
 
  cleanup:
+    virStringListFree(names);
     virStorageBackendRBDFreeState(&ptr);
     return ret;
 }

src/util/virerror.c

@@ -1122,8 +1122,8 @@ const virErrorMsgTuple virErrorMsgStrings[VIR_ERR_NUMBER_LAST] = {
         N_("Hook script execution failed"),
         N_("Hook script execution failed: %s") },
     [VIR_ERR_INVALID_DOMAIN_SNAPSHOT] = {
-        N_("Invalid snapshot"),
-        N_("Invalid snapshot: %s") },
+        N_("Invalid domain snapshot"),
+        N_("Invalid domain snapshot: %s") },
     [VIR_ERR_NO_DOMAIN_SNAPSHOT] = {
         N_("Domain snapshot not found"),
         N_("Domain snapshot not found: %s") },

src/util/virfile.c

@@ -3478,6 +3478,9 @@ int virFilePrintf(FILE *fp, const char *msg, ...)
 # ifndef CEPH_SUPER_MAGIC
 #  define CEPH_SUPER_MAGIC 0x00C36400
 # endif
+# ifndef GPFS_SUPER_MAGIC
+#  define GPFS_SUPER_MAGIC 0x47504653
+# endif
 
 # define PROC_MOUNTS "/proc/mounts"
 
@@ -3623,6 +3626,9 @@ virFileIsSharedFSType(const char *path,
     if ((fstypes & VIR_FILE_SHFS_CEPH) &&
         (f_type == CEPH_SUPER_MAGIC))
         return 1;
+    if ((fstypes & VIR_FILE_SHFS_GPFS) &&
+        (f_type == GPFS_SUPER_MAGIC))
+        return 1;
 
     return 0;
 }
@@ -3786,7 +3792,8 @@ int virFileIsSharedFS(const char *path)
                                  VIR_FILE_SHFS_AFS |
                                  VIR_FILE_SHFS_SMB |
                                  VIR_FILE_SHFS_CIFS |
-                                 VIR_FILE_SHFS_CEPH);
+                                 VIR_FILE_SHFS_CEPH |
+                                 VIR_FILE_SHFS_GPFS);
 }
 
 

src/util/virfile.h

@@ -221,6 +221,7 @@ enum {
     VIR_FILE_SHFS_SMB = (1 << 4),
     VIR_FILE_SHFS_CIFS = (1 << 5),
     VIR_FILE_SHFS_CEPH = (1 << 6),
+    VIR_FILE_SHFS_GPFS = (1 << 7),
 };
 
 int virFileIsSharedFSType(const char *path, int fstypes) ATTRIBUTE_NONNULL(1);

src/util/viriptables.c

@@ -127,7 +127,7 @@ iptablesPrivateChainCreate(virFirewallPtr fw,
 
 
 int
-iptablesSetupPrivateChains(void)
+iptablesSetupPrivateChains(virFirewallLayer layer)
 {
     virFirewallPtr fw = NULL;
     int ret = -1;
@@ -143,17 +143,11 @@ iptablesSetupPrivateChains(void)
     };
     bool changed = false;
     iptablesGlobalChainData data[] = {
-        { VIR_FIREWALL_LAYER_IPV4, "filter",
+        { layer, "filter",
           filter_chains, ARRAY_CARDINALITY(filter_chains), &changed },
-        { VIR_FIREWALL_LAYER_IPV4, "nat",
+        { layer, "nat",
           natmangle_chains, ARRAY_CARDINALITY(natmangle_chains), &changed },
-        { VIR_FIREWALL_LAYER_IPV4, "mangle",
-          natmangle_chains, ARRAY_CARDINALITY(natmangle_chains), &changed },
-        { VIR_FIREWALL_LAYER_IPV6, "filter",
-          filter_chains, ARRAY_CARDINALITY(filter_chains), &changed },
-        { VIR_FIREWALL_LAYER_IPV6, "nat",
-          natmangle_chains, ARRAY_CARDINALITY(natmangle_chains), &changed },
-        { VIR_FIREWALL_LAYER_IPV6, "mangle",
+        { layer, "mangle",
           natmangle_chains, ARRAY_CARDINALITY(natmangle_chains), &changed },
     };
     size_t i;

src/util/viriptables.h

@@ -24,7 +24,7 @@
 # include "virsocketaddr.h"
 # include "virfirewall.h"
 
-int              iptablesSetupPrivateChains      (void);
+int              iptablesSetupPrivateChains      (virFirewallLayer layer);
 
 void             iptablesSetDeletePrivate        (bool pvt);
 

tests/cputest.c

@@ -1184,6 +1184,7 @@ mymain(void)
     DO_TEST_CPUID(VIR_ARCH_X86_64, "Phenom-B95", JSON_HOST);
     DO_TEST_CPUID(VIR_ARCH_X86_64, "Ryzen-7-1800X-Eight-Core", JSON_HOST);
     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-5110", JSON_NONE);
+    DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1225-v5", JSON_MODELS);
     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1245-v5", JSON_MODELS);
     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2609-v3", JSON_MODELS);
     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2623-v4", JSON_MODELS);

tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml

@@ -0,0 +1,7 @@
+<!-- Features disabled by QEMU -->
+<cpudata arch='x86'>
+  <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x0800c1fc' edx='0xb0600000'/>
+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x02000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
+</cpudata>

tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml

@@ -0,0 +1,8 @@
+<!-- Features enabled by QEMU -->
+<cpudata arch='x86'>
+  <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
+  <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000400'/>
+  <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
+</cpudata>

tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml

@@ -0,0 +1,29 @@
+<cpu mode='custom' match='exact'>
+  <model fallback='forbid'>Skylake-Client-IBRS</model>
+  <vendor>Intel</vendor>
+  <feature policy='require' name='ds'/>
+  <feature policy='require' name='acpi'/>
+  <feature policy='require' name='ss'/>
+  <feature policy='require' name='ht'/>
+  <feature policy='require' name='tm'/>
+  <feature policy='require' name='pbe'/>
+  <feature policy='require' name='dtes64'/>
+  <feature policy='require' name='monitor'/>
+  <feature policy='require' name='ds_cpl'/>
+  <feature policy='require' name='vmx'/>
+  <feature policy='require' name='smx'/>
+  <feature policy='require' name='est'/>
+  <feature policy='require' name='tm2'/>
+  <feature policy='require' name='xtpr'/>
+  <feature policy='require' name='pdcm'/>
+  <feature policy='require' name='osxsave'/>
+  <feature policy='require' name='tsc_adjust'/>
+  <feature policy='require' name='clflushopt'/>
+  <feature policy='require' name='intel-pt'/>
+  <feature policy='require' name='md-clear'/>
+  <feature policy='require' name='stibp'/>
+  <feature policy='require' name='ssbd'/>
+  <feature policy='require' name='xsaves'/>
+  <feature policy='require' name='pdpe1gb'/>
+  <feature policy='require' name='invtsc'/>
+</cpu>

tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml

@@ -0,0 +1,30 @@
+<cpu>
+  <arch>x86_64</arch>
+  <model>Skylake-Client-IBRS</model>
+  <vendor>Intel</vendor>
+  <feature name='ds'/>
+  <feature name='acpi'/>
+  <feature name='ss'/>
+  <feature name='ht'/>
+  <feature name='tm'/>
+  <feature name='pbe'/>
+  <feature name='dtes64'/>
+  <feature name='monitor'/>
+  <feature name='ds_cpl'/>
+  <feature name='vmx'/>
+  <feature name='smx'/>
+  <feature name='est'/>
+  <feature name='tm2'/>
+  <feature name='xtpr'/>
+  <feature name='pdcm'/>
+  <feature name='osxsave'/>
+  <feature name='tsc_adjust'/>
+  <feature name='clflushopt'/>
+  <feature name='intel-pt'/>
+  <feature name='md-clear'/>
+  <feature name='stibp'/>
+  <feature name='ssbd'/>
+  <feature name='xsaves'/>
+  <feature name='pdpe1gb'/>
+  <feature name='invtsc'/>
+</cpu>

tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml

@@ -0,0 +1,12 @@
+<cpu mode='custom' match='exact'>
+  <model fallback='forbid'>Skylake-Client-IBRS</model>
+  <vendor>Intel</vendor>
+  <feature policy='require' name='ss'/>
+  <feature policy='require' name='hypervisor'/>
+  <feature policy='require' name='tsc_adjust'/>
+  <feature policy='require' name='clflushopt'/>
+  <feature policy='require' name='md-clear'/>
+  <feature policy='require' name='stibp'/>
+  <feature policy='require' name='ssbd'/>
+  <feature policy='require' name='pdpe1gb'/>
+</cpu>

tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json

@@ -0,0 +1,652 @@
+{
+  "return": {
+    "model": {
+      "name": "base",
+      "props": {
+        "phys-bits": 0,
+        "core-id": -1,
+        "xlevel": 2147483656,
+        "cmov": true,
+        "ia64": false,
+        "aes": true,
+        "mmx": true,
+        "rdpid": false,
+        "arat": true,
+        "gfni": false,
+        "pause-filter": false,
+        "xsavec": true,
+        "intel-pt": false,
+        "osxsave": false,
+        "hv-frequencies": false,
+        "tsc-frequency": 0,
+        "xd": true,
+        "hv-vendor-id": "",
+        "kvm-asyncpf": true,
+        "kvm_asyncpf": true,
+        "perfctr_core": false,
+        "perfctr-core": false,
+        "mpx": true,
+        "pbe": false,
+        "decodeassists": false,
+        "avx512cd": false,
+        "sse4_1": true,
+        "sse4.1": true,
+        "sse4-1": true,
+        "family": 6,
+        "legacy-cache": true,
+        "vmware-cpuid-freq": true,
+        "avx512f": false,
+        "msr": true,
+        "mce": true,
+        "mca": true,
+        "hv-runtime": false,
+        "xcrypt": false,
+        "thread-id": -1,
+        "min-level": 13,
+        "xgetbv1": true,
+        "cid": false,
+        "hv-relaxed": false,
+        "hv-crash": false,
+        "ds": false,
+        "fxsr": true,
+        "xsaveopt": true,
+        "xtpr": false,
+        "avx512vl": false,
+        "avx512-vpopcntdq": false,
+        "phe": false,
+        "extapic": false,
+        "3dnowprefetch": true,
+        "avx512vbmi2": false,
+        "cr8legacy": false,
+        "stibp": true,
+        "cpuid-0xb": true,
+        "xcrypt-en": false,
+        "kvm_pv_eoi": true,
+        "apic-id": 4294967295,
+        "pn": false,
+        "dca": false,
+        "vendor": "GenuineIntel",
+        "pku": false,
+        "smx": false,
+        "cmp_legacy": false,
+        "cmp-legacy": false,
+        "node-id": -1,
+        "avx512-4fmaps": false,
+        "vmcb_clean": false,
+        "vmcb-clean": false,
+        "3dnowext": false,
+        "hle": true,
+        "npt": false,
+        "memory": "/machine/unattached/system[0]",
+        "clwb": false,
+        "lbrv": false,
+        "adx": true,
+        "ss": true,
+        "pni": true,
+        "svm_lock": false,
+        "svm-lock": false,
+        "pfthreshold": false,
+        "smep": true,
+        "smap": true,
+        "x2apic": true,
+        "avx512vbmi": false,
+        "avx512vnni": false,
+        "hv-stimer": false,
+        "i64": true,
+        "flushbyasid": false,
+        "f16c": true,
+        "ace2-en": false,
+        "pat": true,
+        "pae": true,
+        "sse": true,
+        "phe-en": false,
+        "kvm_nopiodelay": true,
+        "kvm-nopiodelay": true,
+        "tm": false,
+        "kvmclock-stable-bit": true,
+        "hypervisor": true,
+        "socket-id": -1,
+        "pcommit": false,
+        "syscall": true,
+        "level": 13,
+        "avx512dq": false,
+        "svm": false,
+        "full-cpuid-auto-level": true,
+        "hv-reset": false,
+        "invtsc": false,
+        "sse3": true,
+        "sse2": true,
+        "ssbd": true,
+        "est": false,
+        "avx512ifma": false,
+        "tm2": false,
+        "kvm-pv-eoi": true,
+        "cx8": true,
+        "kvm_mmu": false,
+        "kvm-mmu": false,
+        "sse4_2": true,
+        "sse4.2": true,
+        "sse4-2": true,
+        "pge": true,
+        "fill-mtrr-mask": true,
+        "avx512bitalg": false,
+        "nodeid_msr": false,
+        "pdcm": false,
+        "movbe": true,
+        "model": 94,
+        "nrip_save": false,
+        "nrip-save": false,
+        "kvm_pv_unhalt": true,
+        "ssse3": true,
+        "sse4a": false,
+        "invpcid": true,
+        "pdpe1gb": true,
+        "tsc-deadline": true,
+        "fma": true,
+        "cx16": true,
+        "de": true,
+        "enforce": false,
+        "stepping": 3,
+        "xsave": true,
+        "clflush": true,
+        "skinit": false,
+        "tsc": true,
+        "tce": false,
+        "fpu": true,
+        "ibs": false,
+        "ds_cpl": false,
+        "ds-cpl": false,
+        "host-phys-bits": true,
+        "fma4": false,
+        "la57": false,
+        "osvw": false,
+        "check": true,
+        "hv-spinlocks": -1,
+        "pmu": false,
+        "pmm": false,
+        "apic": true,
+        "spec-ctrl": true,
+        "min-xlevel2": 0,
+        "tsc-adjust": true,
+        "tsc_adjust": true,
+        "kvm-steal-time": true,
+        "kvm_steal_time": true,
+        "kvmclock": true,
+        "l3-cache": true,
+        "lwp": false,
+        "ibpb": false,
+        "xop": false,
+        "avx": true,
+        "ospke": false,
+        "ace2": false,
+        "avx512bw": false,
+        "acpi": false,
+        "hv-vapic": false,
+        "fsgsbase": true,
+        "ht": false,
+        "nx": true,
+        "pclmulqdq": true,
+        "mmxext": false,
+        "vaes": false,
+        "popcnt": true,
+        "xsaves": false,
+        "tcg-cpuid": true,
+        "lm": true,
+        "umip": false,
+        "pse": true,
+        "avx2": true,
+        "sep": true,
+        "pclmuldq": true,
+        "virt-ssbd": false,
+        "x-hv-max-vps": -1,
+        "nodeid-msr": false,
+        "md-clear": true,
+        "kvm": true,
+        "misalignsse": false,
+        "min-xlevel": 2147483656,
+        "kvm-pv-unhalt": true,
+        "bmi2": true,
+        "bmi1": true,
+        "realized": false,
+        "tsc_scale": false,
+        "tsc-scale": false,
+        "topoext": false,
+        "hv-vpindex": false,
+        "xlevel2": 0,
+        "clflushopt": true,
+        "kvm-no-smi-migration": false,
+        "monitor": false,
+        "avx512er": false,
+        "pmm-en": false,
+        "pcid": true,
+        "3dnow": false,
+        "erms": true,
+        "lahf-lm": true,
+        "lahf_lm": true,
+        "vpclmulqdq": false,
+        "fxsr-opt": false,
+        "hv-synic": false,
+        "xstore": false,
+        "fxsr_opt": false,
+        "kvm-hint-dedicated": false,
+        "rtm": true,
+        "lmce": true,
+        "hv-time": false,
+        "perfctr-nb": false,
+        "perfctr_nb": false,
+        "ffxsr": false,
+        "rdrand": true,
+        "rdseed": true,
+        "avx512-4vnniw": false,
+        "vmx": false,
+        "vme": true,
+        "dtes64": false,
+        "mtrr": true,
+        "rdtscp": true,
+        "pse36": true,
+        "kvm-pv-tlb-flush": false,
+        "tbm": false,
+        "wdt": false,
+        "pause_filter": false,
+        "sha-ni": false,
+        "model-id": "Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz",
+        "abm": true,
+        "avx512pf": false,
+        "xstore-en": false
+      }
+    }
+  },
+  "id": "model-expansion"
+}
+
+{
+  "return": [
+    {
+      "name": "max",
+      "typename": "max-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": false
+    },
+    {
+      "name": "host",
+      "typename": "host-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": false
+    },
+    {
+      "name": "base",
+      "typename": "base-x86_64-cpu",
+      "unavailable-features": [],
+      "static": true,
+      "migration-safe": true
+    },
+    {
+      "name": "qemu64",
+      "typename": "qemu64-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "qemu32",
+      "typename": "qemu32-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "phenom",
+      "typename": "phenom-x86_64-cpu",
+      "unavailable-features": [
+        "mmxext",
+        "fxsr-opt",
+        "3dnowext",
+        "3dnow",
+        "sse4a",
+        "npt"
+      ],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "pentium3",
+      "typename": "pentium3-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "pentium2",
+      "typename": "pentium2-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "pentium",
+      "typename": "pentium-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "n270",
+      "typename": "n270-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "kvm64",
+      "typename": "kvm64-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "kvm32",
+      "typename": "kvm32-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "cpu64-rhel6",
+      "typename": "cpu64-rhel6-x86_64-cpu",
+      "unavailable-features": [
+        "sse4a"
+      ],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "coreduo",
+      "typename": "coreduo-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "core2duo",
+      "typename": "core2duo-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "athlon",
+      "typename": "athlon-x86_64-cpu",
+      "unavailable-features": [
+        "mmxext",
+        "3dnowext",
+        "3dnow"
+      ],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Westmere",
+      "typename": "Westmere-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Westmere-IBRS",
+      "typename": "Westmere-IBRS-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Skylake-Server",
+      "typename": "Skylake-Server-x86_64-cpu",
+      "unavailable-features": [
+        "avx512f",
+        "avx512dq",
+        "clwb",
+        "avx512cd",
+        "avx512bw",
+        "avx512vl",
+        "avx512f",
+        "avx512f",
+        "avx512f"
+      ],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Skylake-Server-IBRS",
+      "typename": "Skylake-Server-IBRS-x86_64-cpu",
+      "unavailable-features": [
+        "avx512f",
+        "avx512dq",
+        "clwb",
+        "avx512cd",
+        "avx512bw",
+        "avx512vl",
+        "avx512f",
+        "avx512f",
+        "avx512f"
+      ],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Skylake-Client",
+      "typename": "Skylake-Client-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Skylake-Client-IBRS",
+      "typename": "Skylake-Client-IBRS-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "SandyBridge",
+      "typename": "SandyBridge-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "SandyBridge-IBRS",
+      "typename": "SandyBridge-IBRS-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Penryn",
+      "typename": "Penryn-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Opteron_G5",
+      "typename": "Opteron_G5-x86_64-cpu",
+      "unavailable-features": [
+        "sse4a",
+        "misalignsse",
+        "xop",
+        "fma4",
+        "tbm"
+      ],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Opteron_G4",
+      "typename": "Opteron_G4-x86_64-cpu",
+      "unavailable-features": [
+        "sse4a",
+        "misalignsse",
+        "xop",
+        "fma4"
+      ],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Opteron_G3",
+      "typename": "Opteron_G3-x86_64-cpu",
+      "unavailable-features": [
+        "sse4a",
+        "misalignsse"
+      ],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Opteron_G2",
+      "typename": "Opteron_G2-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Opteron_G1",
+      "typename": "Opteron_G1-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Nehalem",
+      "typename": "Nehalem-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Nehalem-IBRS",
+      "typename": "Nehalem-IBRS-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "IvyBridge",
+      "typename": "IvyBridge-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "IvyBridge-IBRS",
+      "typename": "IvyBridge-IBRS-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Haswell",
+      "typename": "Haswell-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Haswell-noTSX",
+      "typename": "Haswell-noTSX-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Haswell-noTSX-IBRS",
+      "typename": "Haswell-noTSX-IBRS-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Haswell-IBRS",
+      "typename": "Haswell-IBRS-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "EPYC",
+      "typename": "EPYC-x86_64-cpu",
+      "unavailable-features": [
+        "sha-ni",
+        "mmxext",
+        "fxsr-opt",
+        "cr8legacy",
+        "sse4a",
+        "misalignsse",
+        "osvw"
+      ],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "EPYC-IBPB",
+      "typename": "EPYC-IBPB-x86_64-cpu",
+      "unavailable-features": [
+        "sha-ni",
+        "mmxext",
+        "fxsr-opt",
+        "cr8legacy",
+        "sse4a",
+        "misalignsse",
+        "osvw",
+        "ibpb"
+      ],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Conroe",
+      "typename": "Conroe-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Broadwell",
+      "typename": "Broadwell-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Broadwell-noTSX",
+      "typename": "Broadwell-noTSX-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Broadwell-noTSX-IBRS",
+      "typename": "Broadwell-noTSX-IBRS-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "Broadwell-IBRS",
+      "typename": "Broadwell-IBRS-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    },
+    {
+      "name": "486",
+      "typename": "486-x86_64-cpu",
+      "unavailable-features": [],
+      "static": false,
+      "migration-safe": true
+    }
+  ],
+  "id": "definitions"
+}

tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig

@@ -0,0 +1,4 @@
+0506e3
+family:     6 (0x06)
+model:     94 (0x5e)
+stepping:   3 (0x03)

tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml

@@ -0,0 +1,47 @@
+<!-- Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz -->
+<cpudata arch='x86'>
+  <cpuid eax_in='0x00000000' ecx_in='0x00' eax='0x00000016' ebx='0x756e6547' ecx='0x6c65746e' edx='0x49656e69'/>
+  <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x000506e3' ebx='0x06100800' ecx='0x7ffafbff' edx='0xbfebfbff'/>
+  <cpuid eax_in='0x00000002' ecx_in='0x00' eax='0x76036301' ebx='0x00f0b6ff' ecx='0x00000000' edx='0x00c30000'/>
+  <cpuid eax_in='0x00000003' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x00000004' ecx_in='0x00' eax='0x1c004121' ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/>
+  <cpuid eax_in='0x00000004' ecx_in='0x01' eax='0x1c004122' ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/>
+  <cpuid eax_in='0x00000004' ecx_in='0x02' eax='0x1c004143' ebx='0x00c0003f' ecx='0x000003ff' edx='0x00000000'/>
+  <cpuid eax_in='0x00000004' ecx_in='0x03' eax='0x1c03c163' ebx='0x03c0003f' ecx='0x00001fff' edx='0x00000006'/>
+  <cpuid eax_in='0x00000005' ecx_in='0x00' eax='0x00000040' ebx='0x00000040' ecx='0x00000003' edx='0x00142120'/>
+  <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x000027f7' ebx='0x00000002' ecx='0x00000009' edx='0x00000000'/>
+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x029c6fbf' ecx='0x00000000' edx='0x9c002400'/>
+  <cpuid eax_in='0x00000008' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x00000009' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x0000000a' ecx_in='0x00' eax='0x07300804' ebx='0x00000000' ecx='0x00000000' edx='0x00000603'/>
+  <cpuid eax_in='0x0000000b' ecx_in='0x00' eax='0x00000001' ebx='0x00000001' ecx='0x00000100' edx='0x00000006'/>
+  <cpuid eax_in='0x0000000b' ecx_in='0x01' eax='0x00000004' ebx='0x00000004' ecx='0x00000201' edx='0x00000006'/>
+  <cpuid eax_in='0x0000000c' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x0000000d' ecx_in='0x00' eax='0x0000001f' ebx='0x00000440' ecx='0x00000440' edx='0x00000000'/>
+  <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x0000000f' ebx='0x000003c0' ecx='0x00000100' edx='0x00000000'/>
+  <cpuid eax_in='0x0000000d' ecx_in='0x02' eax='0x00000100' ebx='0x00000240' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x0000000d' ecx_in='0x03' eax='0x00000040' ebx='0x000003c0' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x0000000d' ecx_in='0x04' eax='0x00000040' ebx='0x00000400' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x0000000d' ecx_in='0x08' eax='0x00000080' ebx='0x00000000' ecx='0x00000001' edx='0x00000000'/>
+  <cpuid eax_in='0x0000000e' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x0000000f' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x00000010' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x00000011' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x00000012' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x00000013' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x00000014' ecx_in='0x00' eax='0x00000001' ebx='0x0000000f' ecx='0x00000007' edx='0x00000000'/>
+  <cpuid eax_in='0x00000014' ecx_in='0x01' eax='0x02490002' ebx='0x003f3fff' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x00000015' ecx_in='0x00' eax='0x00000002' ebx='0x00000114' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x00000016' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
+  <cpuid eax_in='0x80000000' ecx_in='0x00' eax='0x80000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
+  <cpuid eax_in='0x80000002' ecx_in='0x00' eax='0x65746e49' ebx='0x2952286c' ecx='0x6f655820' edx='0x2952286e'/>
+  <cpuid eax_in='0x80000003' ecx_in='0x00' eax='0x55504320' ebx='0x2d334520' ecx='0x35323231' edx='0x20357620'/>
+  <cpuid eax_in='0x80000004' ecx_in='0x00' eax='0x2e332040' ebx='0x48473033' ecx='0x0000007a' edx='0x00000000'/>
+  <cpuid eax_in='0x80000005' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x80000006' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x01006040' edx='0x00000000'/>
+  <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
+  <cpuid eax_in='0x80000008' ecx_in='0x00' eax='0x00003027' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
+  <cpuid eax_in='0x80860000' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
+  <cpuid eax_in='0xc0000000' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
+</cpudata>

tests/testutilsqemu.c

@@ -740,7 +740,7 @@ int qemuTestDriverInit(virQEMUDriver *driver)
 
     /* Using /dev/null for libDir and cacheDir automatically produces errors
      * upon attempt to use any of them */
-    driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0, 0);
+    driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0);
     if (!driver->qemuCapsCache)
         goto error;
 

tests/virfiledata/mounts3.txt

@@ -35,3 +35,4 @@ host:/gv0 /gluster fuse.glusterfs rw 0 0
 root@host:/tmp/mkdir /gluster/sshfs fuse.sshfs rw 0 0
 192.168.0.1:/ceph/data /ceph ceph rw,noatime,name=cephfs,secret=<hidden>,acl,wsize=16777216 0 0
 192.168.0.1,192.168.0.2,192.168.0.3:/ceph/data2 /ceph/multi ceph rw,noatime,name=cephfs,secret=<hidden>,acl,wsize=16777216 0 0
+gpfs_data /gpfs/data gpfs rw,relatime 0 0

tests/virfilemock.c

@@ -89,6 +89,9 @@ setmntent(const char *filename, const char *type)
 #ifndef CEPH_SUPER_MAGIC
 # define CEPH_SUPER_MAGIC 0x00c36400
 #endif
+#ifndef GPFS_SUPER_MAGIC
+# define GPFS_SUPER_MAGIC 0x47504653
+#endif
 
 
 static int
@@ -137,6 +140,8 @@ statfs_mock(const char *mtab,
             ftype = FUSE_SUPER_MAGIC;
         } else if (STRPREFIX(mb.mnt_type, "ceph")) {
             ftype = CEPH_SUPER_MAGIC;
+        } else if (STRPREFIX(mb.mnt_type, "gpfs")) {
+            ftype = GPFS_SUPER_MAGIC;
         } else {
             /* Everything else is EXT4. We don't care really for other paths. */
             ftype = EXT4_SUPER_MAGIC;

tests/virfiletest.c

@@ -457,6 +457,7 @@ mymain(void)
     DO_TEST_FILE_IS_SHARED_FS_TYPE("mounts3.txt", "/some/symlink/file", true);
     DO_TEST_FILE_IS_SHARED_FS_TYPE("mounts3.txt", "/ceph/file", true);
     DO_TEST_FILE_IS_SHARED_FS_TYPE("mounts3.txt", "/ceph/multi/file", true);
+    DO_TEST_FILE_IS_SHARED_FS_TYPE("mounts3.txt", "/gpfs/data", true);
 
     return ret != 0 ? EXIT_FAILURE : EXIT_SUCCESS;
 }

tests/virshtest.c

@@ -411,6 +411,13 @@ mymain(void)
     DO_TEST(34, "hello\n", "echo --str hello");
     DO_TEST(35, "hello\n", "echo --hi");
 
+    /* Tests of multiple commands.  */
+    DO_TEST(36, "a\nb\n", " echo a; echo b;");
+    DO_TEST(37, "a\nb\n", "\necho a\n echo b\n");
+    DO_TEST(38, "a\nb\n", "ec\\\nho a\n echo \\\n b;");
+    DO_TEST(39, "a\n b\n", "\"ec\\\nho\" a\n echo \"\\\n b\";");
+    DO_TEST(40, "a\n\\\n b\n", "ec\\\nho a\n echo '\\\n b';");
+
 # undef DO_TEST
 
     VIR_FREE(custom_uri);

tools/virsh-snapshot.c

@@ -1421,7 +1421,7 @@ static const vshCmdOptDef opts_snapshot_list[] = {
     },
     {.name = "active",
      .type = VSH_OT_BOOL,
-     .help = N_("filter by snapshots taken while active (system checkpoints)")
+     .help = N_("filter by snapshots taken while active (full system snapshots)")
     },
     {.name = "disk-only",
      .type = VSH_OT_BOOL,

tools/virsh.pod

@@ -40,8 +40,9 @@ as a name.
 The B<virsh> program can be used either to run one I<COMMAND> by giving the
 command and its arguments on the shell command line, or a I<COMMAND_STRING>
 which is a single shell argument consisting of multiple I<COMMAND> actions
-and their arguments joined with whitespace, and separated by semicolons
-between commands.  Within I<COMMAND_STRING>, virsh understands the
+and their arguments joined with whitespace and separated by semicolons or
+newlines between commands, where unquoted backslash-newline pairs are
+elided.  Within I<COMMAND_STRING>, virsh understands the
 same single, double, and backslash escapes as the shell, although you must
 add another layer of shell escaping in creating the single shell argument.
 If no command is given in the command line, B<virsh> will then start a minimal
@@ -4559,8 +4560,8 @@ If I<--halt> is specified, the domain will be left in an inactive state
 after the snapshot is created.
 
 If I<--disk-only> is specified, the snapshot will only include disk
-state rather than the usual system checkpoint with vm state.  Disk
-snapshots are faster than full system checkpoints, but reverting to a
+content rather than the usual full system snapshot with vm state.  Disk
+snapshots are captured faster than full system snapshots, but reverting to a
 disk snapshot may require fsck or journal replays, since it is like
 the disk state at the point when the power cord is abruptly pulled;
 and mixing I<--halt> and I<--disk-only> loses any data that was not
@@ -4599,10 +4600,10 @@ this.  If this flag is not specified, then some hypervisors may fail
 after partially performing the action, and B<dumpxml> must be used to
 see whether any partial changes occurred.
 
-If I<--live> is specified, libvirt takes the snapshot (checkpoint) while
+If I<--live> is specified, libvirt takes the snapshot while
 the guest is running. Both disk snapshot and domain memory snapshot are
 taken. This increases the size of the memory image of the external
-checkpoint. This is currently supported only for external checkpoints.
+snapshot. This is currently supported only for full system external snapshots.
 
 Existence of snapshot metadata will prevent attempts to B<undefine>
 a persistent domain.  However, for transient domains, snapshot
@@ -4622,7 +4623,7 @@ Otherwise, if I<--halt> is specified, the domain will be left in an
 inactive state after the snapshot is created, and if I<--disk-only>
 is specified, the snapshot will not include vm state.
 
-The I<--memspec> option can be used to control whether a checkpoint
+The I<--memspec> option can be used to control whether a full system snapshot
 is internal or external.  The I<--memspec> flag is mandatory, followed
 by a B<memspec> of the form B<[file=]name[,snapshot=type]>, where
 type can be B<no>, B<internal>, or B<external>.  To include a literal
@@ -4630,7 +4631,7 @@ comma in B<file=name>, escape it with a second comma. I<--memspec> cannot
 be used together with I<--disk-only>.
 
 The I<--diskspec> option can be used to control how I<--disk-only> and
-external checkpoints create external files.  This option can occur
+external full system snapshots create external files.  This option can occur
 multiple times, according to the number of <disk> elements in the domain
 xml.  Each <diskspec> is in the
 form B<disk[,snapshot=type][,driver=type][,file=name]>.  A I<diskspec>
@@ -4670,7 +4671,7 @@ see whether any partial changes occurred.
 
 If I<--live> is specified, libvirt takes the snapshot while the guest is
 running. This increases the size of the memory image of the external
-checkpoint. This is currently supported only for external checkpoints.
+snapshot. This is currently supported only for external full system snapshots.
 
 =item B<snapshot-current> I<domain> {[I<--name>] | [I<--security-info>]
 | [I<snapshotname>]}

tools/virt-admin.pod

@@ -23,8 +23,9 @@ Where I<command> is one of the commands listed below.
 The B<virt-admin> program can be used either to run one I<COMMAND> by giving the
 command and its arguments on the shell command line, or a I<COMMAND_STRING>
 which is a single shell argument consisting of multiple I<COMMAND> actions
-and their arguments joined with whitespace, and separated by semicolons
-between commands.  Within I<COMMAND_STRING>, virt-admin understands the
+and their arguments joined with whitespace and separated by semicolons or
+newlines between commands, where unquoted backslash-newline pairs are
+elided.  Within I<COMMAND_STRING>, virt-admin understands the
 same single, double, and backslash escapes as the shell, although you must
 add another layer of shell escaping in creating the single shell argument.
 If no command is given in the command line, B<virt-admin> will then start a minimal

tools/vsh.c

@@ -1659,12 +1659,12 @@ vshCommandStringGetArg(vshControl *ctl, vshCommandParser *parser, char **res,
 
     *res = q;
 
-    while (*p && (*p == ' ' || *p == '\t'))
-        p++;
+    while (*p == ' ' || *p == '\t' || (*p == '\\' && p[1] == '\n'))
+        p += 1 + (*p == '\\');
 
     if (*p == '\0')
         return VSH_TK_END;
-    if (*p == ';') {
+    if (*p == ';' || *p == '\n') {
         parser->pos = ++p;             /* = \0 or begin of next command */
         return VSH_TK_SUBCMD_END;
     }
@@ -1672,7 +1672,7 @@ vshCommandStringGetArg(vshControl *ctl, vshCommandParser *parser, char **res,
     while (*p) {
         /* end of token is blank space or ';' */
         if (!double_quote && !single_quote &&
-            (*p == ' ' || *p == '\t' || *p == ';'))
+            (*p == ' ' || *p == '\t' || *p == ';' || *p == '\n'))
             break;
 
         if (!double_quote && *p == '\'') { /* single quote */
@@ -1681,7 +1681,7 @@ vshCommandStringGetArg(vshControl *ctl, vshCommandParser *parser, char **res,
             continue;
         } else if (!single_quote && *p == '\\') { /* escape */
             /*
-             * The same as the bash, a \ in "" is an escaper,
+             * The same as in shell, a \ in "" is an escaper,
              * but a \ in '' is not an escaper.
              */
             p++;
@@ -1689,6 +1689,10 @@ vshCommandStringGetArg(vshControl *ctl, vshCommandParser *parser, char **res,
                 if (report)
                     vshError(ctl, "%s", _("dangling \\"));
                 return VSH_TK_ERROR;
+            } else if (*p == '\n') {
+                /* Elide backslash-newline entirely */
+                p++;
+                continue;
             }
         } else if (!single_quote && *p == '"') { /* double quote */
             double_quote = !double_quote;