On Thu, Jan 25, 2024 at 10:42:13 +0100, Michal Privoznik wrote:
After guest is started, or we are reconnecting to already running
one (after daemon restart), qemuProcessRefreshRxFilters() is
called to refresh rx-filters (basically MAC addresses of guest
NICs) as they might have changed while we were not running (for
the case when reconnecting to an already running guest), or we
need to enable them by running a command (for freshly started
guest - see processNicRxFilterChangedEvent()).
Now, our XML parser allowed trustGuestRxFilters attribute for all
types and models of <interface/> while in reality, only virtio
model can see MAC address changes.
Fixes: 060d4c83ef436cf56abfad51a4d64c39448e199d
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_process.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 3563ad215c..a736846588 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7958,6 +7958,12 @@ qemuProcessRefreshRxFilters(virDomainObj *vm,
if (!virDomainNetGetActualTrustGuestRxFilters(def))
continue;
+ /* rx-filters are supported only for virtio macvtaps */
+ if (def->model != VIR_DOMAIN_NET_MODEL_VIRTIO ||
+ virDomainNetGetActualType(def) != VIR_DOMAIN_NET_TYPE_DIRECT) {
+ continue;
+ }
+
if (qemuDomainSyncRxFilter(vm, def, asyncJob) < 0)
return -1;
}
So how did this failure manifest itself? The commit message doesn't
mention that.
I'm trying to understand the reasoning to see if this check should be
inside qemuDomainSyncRxFilter, so that it doesn't get forgotten the next
time it will be used.