[PATCH v2 0/2] qemu: tighten some validation for vhostuser interfaces
details in logs Laine Stump (2): qemu: check for/require shared memory for *any* vhostuser interface qemu: forbid a few unsupported things for vhost-user/passt interfaces src/qemu/qemu_validate.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) -- 2.48.1
It has always been true that vhostuser interfaces require shared memory, but we've never had that check in the validation. Recently I added that check for the case of interface type='vhostuser' backend type='passt'. This patch generalizes that check to require shared memory for *any* vhostuser interface. (While it is true that we've been allowing interface type='vhostuser' without shared memory enabled for 11 years or so, so there might be some existing config (or config-generating script) that does that and would be broken by this new validation, it is also true that such a config could never have worked, so it was already broken (just failing at runtime rather than during parsing of the config)). Signed-off-by: Laine Stump <laine@redhat.com> --- new patch for V2 src/qemu/qemu_validate.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index f3ef1be660..2479596628 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -1820,9 +1820,8 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net, return -1; } - if (net->type == VIR_DOMAIN_NET_TYPE_VHOSTUSER && - net->backend.type == VIR_DOMAIN_NET_BACKEND_PASST) { - if (qemuValidateDomainDefVhostUserRequireSharedMemory(def, "interface type=\"vhostuser\" backend type=\"passt\"") < 0) + if (net->type == VIR_DOMAIN_NET_TYPE_VHOSTUSER) { + if (qemuValidateDomainDefVhostUserRequireSharedMemory(def, "vhostuser") < 0) return -1; } -- 2.48.1
On 2/21/25 20:05, Laine Stump wrote:
It has always been true that vhostuser interfaces require shared memory, but we've never had that check in the validation. Recently I added that check for the case of interface type='vhostuser' backend type='passt'. This patch generalizes that check to require shared memory for *any* vhostuser interface.
(While it is true that we've been allowing interface type='vhostuser' without shared memory enabled for 11 years or so, so there might be some existing config (or config-generating script) that does that and would be broken by this new validation, it is also true that such a config could never have worked, so it was already broken (just failing at runtime rather than during parsing of the config)).
Signed-off-by: Laine Stump <laine@redhat.com> --- new patch for V2
src/qemu/qemu_validate.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index f3ef1be660..2479596628 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -1820,9 +1820,8 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net, return -1; }
- if (net->type == VIR_DOMAIN_NET_TYPE_VHOSTUSER && - net->backend.type == VIR_DOMAIN_NET_BACKEND_PASST) { - if (qemuValidateDomainDefVhostUserRequireSharedMemory(def, "interface type=\"vhostuser\" backend type=\"passt\"") < 0) + if (net->type == VIR_DOMAIN_NET_TYPE_VHOSTUSER) { + if (qemuValidateDomainDefVhostUserRequireSharedMemory(def, "vhostuser") < 0) return -1; }
This relaxed check breaks some tests: Summary of Failures: 162/295 libvirt:bin / qemusecuritytest FAIL 1.78s exit status 1 261/295 libvirt:bin / qemuxmlconftest FAIL 10.24s exit status 1 Michal
On 2/24/25 7:27 AM, Michal Prívozník wrote:
On 2/21/25 20:05, Laine Stump wrote:
It has always been true that vhostuser interfaces require shared memory, but we've never had that check in the validation. Recently I added that check for the case of interface type='vhostuser' backend type='passt'. This patch generalizes that check to require shared memory for *any* vhostuser interface.
(While it is true that we've been allowing interface type='vhostuser' without shared memory enabled for 11 years or so, so there might be some existing config (or config-generating script) that does that and would be broken by this new validation, it is also true that such a config could never have worked, so it was already broken (just failing at runtime rather than during parsing of the config)).
Signed-off-by: Laine Stump <laine@redhat.com> --- new patch for V2
src/qemu/qemu_validate.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index f3ef1be660..2479596628 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -1820,9 +1820,8 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net, return -1; }
- if (net->type == VIR_DOMAIN_NET_TYPE_VHOSTUSER && - net->backend.type == VIR_DOMAIN_NET_BACKEND_PASST) { - if (qemuValidateDomainDefVhostUserRequireSharedMemory(def, "interface type=\"vhostuser\" backend type=\"passt\"") < 0) + if (net->type == VIR_DOMAIN_NET_TYPE_VHOSTUSER) { + if (qemuValidateDomainDefVhostUserRequireSharedMemory(def, "vhostuser") < 0) return -1; }
This relaxed check breaks some tests:
Summary of Failures:
162/295 libvirt:bin / qemusecuritytest FAIL 1.78s exit status 1 261/295 libvirt:bin / qemuxmlconftest FAIL 10.24s exit status 1
Oops, I remember thinking "this is going to break some test cases", and then later somehow tricked myself into believing that I'd run the tests and fixed them. I''l correct that now and re-send.
vhost-user with a passt backend doesn't support using multiple queues. The path of the socket is auto-generated by libvirt for vhost-user/passt; it can't be set by the user The passt end of a vhost-user socket is always the server, and the qemu end is always a client. Signed-off-by: Laine Stump <laine@redhat.com> --- Change since V1 - use single quotes instead of escaped double quotes src/qemu/qemu_validate.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 2479596628..9a91f92410 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -1823,6 +1823,24 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net, if (net->type == VIR_DOMAIN_NET_TYPE_VHOSTUSER) { if (qemuValidateDomainDefVhostUserRequireSharedMemory(def, "vhostuser") < 0) return -1; + + if (net->backend.type == VIR_DOMAIN_NET_BACKEND_PASST) { + if (net->driver.virtio.queues > 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("interface type='vhostuser' backend type='passt' does not support multiple queues")); + return -1; + } + if (net->data.vhostuser->data.nix.path) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("'path' attribute cannot be set for interface type='vhostuser' backend type='passt'")); + return -1; + } + if (net->data.vhostuser->data.nix.listen) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("mode='server' is not supported for interface type='vhostuser' backend type='passt'")); + return -1; + } + } } if (net->type == VIR_DOMAIN_NET_TYPE_VDPA) { -- 2.48.1
On 2/21/25 20:05, Laine Stump wrote:
vhost-user with a passt backend doesn't support using multiple queues.
The path of the socket is auto-generated by libvirt for vhost-user/passt; it can't be set by the user
The passt end of a vhost-user socket is always the server, and the qemu end is always a client.
Signed-off-by: Laine Stump <laine@redhat.com> --- Change since V1 - use single quotes instead of escaped double quotes
src/qemu/qemu_validate.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal
participants (3)
-
Laine Stump -
Laine Stump -
Michal Prívozník