[PATCH 0/4] improve device-update for network interface devices
These patches are in response to a bug report filed a few years ago where I said "I can look at it next week" and then promptly forgot about it :-/ https://bugzilla.redhat.com/1949432 I was reminded of it when a bunch of old bugs were migrated from bugzilla.redhat.com to issues.redhat.com and Yalan Zhang added the comment that the bug was still reproducible on libvirt 10.4.0. https://issues.redhat.com/browse/RHEL-7036 This got it back onto my todo list (where it should have been the entire time!) and I've finally gotten to it. Two similar-but-differen failures had been reported (one when using a network of "direct" (macvtap) devices, and one when using an openvswitch bridge, and it turned out that two different (but related) fixes were needed - the direct problem is fixed *mostly* in patch 1, with the other patches fixing the ovs problem (and the remainder of the direct problem). Laine Stump (4): qemu: prevent unnecessarily failing live interface update util: don't return early from virNetDevTapReattachBridge() if "force" is true qemu: replace open-coded remove/attach bridge with virNetDevTapReattachBridge() qemu: rework needBridgeChange/needReconnect decisions in qemuDomainChangeNet() src/conf/domain_conf.c | 2 +- src/qemu/qemu_hotplug.c | 263 +++++++++++++++++++++++++--------------- src/util/virnetdevtap.c | 8 +- src/util/virnetdevtap.h | 3 +- 4 files changed, 172 insertions(+), 104 deletions(-) -- 2.46.0
Attempts to use update-device to modify just the link state of a guest interface were failing due to a supposed attempt to modify something in the interface that can't be modified live (even though the only thing that was changing was the link state, which *can* be modified live). It turned out that this failure happened because the guest interface in question was type='network', and the network in question was a 'direct' network that provides each guest interface with one device from a pool of network devices. As a part of qemuDomainChangeNet() we would always allocate a new port from the network driver for the updated interface definition (by way of calling virDomainNetAllocateActualDevice(newdev)), and this new port (ie the ActualNetDef in newdev) would of course be allocated a new host device from the pool (which would of course be different from the one currently in use by the guest interface (in olddev)). Because direct interfaces don't support changing the host device in a live update, this would cause the update to fail. The solution to this is to realize that as long as the interface doesn't get switched to a different network as a part of the update, the network port information (ie the ActualNetDef) will not change as a part of updating the guest interface itself. So for sake of comparison we can just point the newdev at the ActualNetDef of olddev, and then clear out one or the other when we're done (to avoid a double free or, more likely, attempt to reference freed memory). (If, on the other hand, the name of the network has changed, or if the interface type has changed to type='network' from something else, then we *do* need to allocate a new port (actual device) from the network driver (as we used to do in all cases when the new type was 'network'), and also indicate that we'll need to replace olddev in the domain with newdev (because either of these changes is major enough that we shouldn't just try to fix up olddev) Resolves: https://issues.redhat.com/browse/RHEL-7036 Signed-off-by: Laine Stump <laine@redhat.com> --- src/qemu/qemu_hotplug.c | 92 +++++++++++++++++++++++++++++++++++------ 1 file changed, 80 insertions(+), 12 deletions(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 75b97cf736..a187466c5b 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -3675,6 +3675,7 @@ qemuDomainChangeNet(virQEMUDriver *driver, virDomainNetDef **devslot = NULL; virDomainNetDef *olddev; virDomainNetType oldType, newType; + bool actualSame = false; bool needReconnect = false; bool needBridgeChange = false; bool needFilterChange = false; @@ -3895,15 +3896,49 @@ qemuDomainChangeNet(virQEMUDriver *driver, * free it if we fail for any reason */ if (newdev->type == VIR_DOMAIN_NET_TYPE_NETWORK) { - if (!(conn = virGetConnectNetwork())) - goto cleanup; - if (virDomainNetAllocateActualDevice(conn, vm->def, newdev) < 0) - goto cleanup; - } + if (olddev->type == VIR_DOMAIN_NET_TYPE_NETWORK + && STREQ(olddev->data.network.name, newdev->data.network.name)) { + /* old and new are type='network', and the network name + * hasn't changed. In this case we *don't* want to get a + * new port ("actual device") from the network because we + * can use the old one (since it hasn't changed). + * + * So instead we just duplicate *the pointer to* the + * actualNetDef from olddev to newdev so that comparisons + * of actualNetDef will show no change. If the update is + * successful, we will clear the actualNetDef pointer from + * olddev before destroying it (or if the update fails, + * then we need to clear the pointer from newdev before + * destroying it) + */ + newdev->data.network.actual = olddev->data.network.actual; + memcpy(newdev->data.network.portid, olddev->data.network.portid, + sizeof(newdev->data.network.portid)); + actualSame = true; /* old and new actual are pointing to same object */ + } else { + /* either the olddev wasn't type='network', or else the + * name of the network changed. In this case we *do* want + * to get a new port from the new network (because we know + * that it *will* change), and then if the update is + * successful, we will release the port ("actual device") + * in olddev. Or if the update is a failure, we will + * release this new port + */ + if (!(conn = virGetConnectNetwork()) + || virDomainNetAllocateActualDevice(conn, vm->def, newdev) < 0) { + goto cleanup; + } - /* final validation now that we have full info on the type */ - if (qemuDomainValidateActualNetDef(newdev, priv->qemuCaps) < 0) - goto cleanup; + /* final validation now that we have full info on the type */ + if (qemuDomainValidateActualNetDef(newdev, priv->qemuCaps) < 0) + goto cleanup; + + /* since there is a new actual, we definitely will want to + * replace olddev with newdev in the domain + */ + needReplaceDevDef = true; + } + } newType = virDomainNetGetActualType(newdev); @@ -4169,7 +4204,21 @@ qemuDomainChangeNet(virQEMUDriver *driver, /* this function doesn't work with HOSTDEV networks yet, thus * no need to change the pointer in the hostdev structure */ - if (olddev->type == VIR_DOMAIN_NET_TYPE_NETWORK) { + if (actualSame) { + /* olddev and newdev have both been pointing at the + * same actual device object. Now that we know we're + * going to use newdev and dispose of olddev, we clear + * olddev->...actual so it doesn't get freed by upcoming + * virDomainNetDefFree(olddev) (which would be + * catastrophic because it is still being used by + * newdev) + */ + olddev->data.network.actual = NULL; + + } else if (olddev->type == VIR_DOMAIN_NET_TYPE_NETWORK) { + /* olddev had a port (actual device) and we aren't + * reusing it in newdev, so we need to release it + */ if (conn || (conn = virGetConnectNetwork())) virDomainNetReleaseActualDevice(conn, olddev); else @@ -4211,10 +4260,29 @@ qemuDomainChangeNet(virQEMUDriver *driver, * that the changes were minor enough that we didn't need to * replace the entire device object. */ - if (newdev && newdev->type == VIR_DOMAIN_NET_TYPE_NETWORK && conn) - virDomainNetReleaseActualDevice(conn, newdev); - virErrorRestore(&save_err); + if (newdev) { + if (actualSame) { + /* newdev->...actual was previously pointing to the + * olddev->...actual, but we've decided to free newdev and + * continue using olddev. So we need to clear + * newdev->...actual to avoid freeing the actualNetDef while + * olddev is still using it. + */ + newdev->data.network.actual = NULL; + } else if (newdev->type == VIR_DOMAIN_NET_TYPE_NETWORK) { + /* we had allocated a new port (actual device) for newdev, + * but now we're not going to use it, so release it back to + * the network + */ + if (conn || (conn = virGetConnectNetwork())) + virDomainNetReleaseActualDevice(conn, newdev); + else + VIR_WARN("Unable to release network device '%s'", NULLSTR(newdev->ifname)); + } + } + + virErrorRestore(&save_err); return ret; } -- 2.46.0
On 9/18/24 17:26, Laine Stump wrote:
Attempts to use update-device to modify just the link state of a guest interface were failing due to a supposed attempt to modify something in the interface that can't be modified live (even though the only thing that was changing was the link state, which *can* be modified live).
It turned out that this failure happened because the guest interface in question was type='network', and the network in question was a 'direct' network that provides each guest interface with one device from a pool of network devices. As a part of qemuDomainChangeNet() we would always allocate a new port from the network driver for the updated interface definition (by way of calling virDomainNetAllocateActualDevice(newdev)), and this new port (ie the ActualNetDef in newdev) would of course be allocated a new host device from the pool (which would of course be different from the one currently in use by the guest interface (in olddev)). Because direct interfaces don't support changing the host device in a live update, this would cause the update to fail.
The solution to this is to realize that as long as the interface doesn't get switched to a different network as a part of the update, the network port information (ie the ActualNetDef) will not change as a part of updating the guest interface itself. So for sake of comparison we can just point the newdev at the ActualNetDef of olddev, and then clear out one or the other when we're done (to avoid a double free or, more likely, attempt to reference freed memory).
(If, on the other hand, the name of the network has changed, or if the interface type has changed to type='network' from something else, then we *do* need to allocate a new port (actual device) from the network driver (as we used to do in all cases when the new type was 'network'), and also indicate that we'll need to replace olddev in the domain with newdev (because either of these changes is major enough that we shouldn't just try to fix up olddev)
Resolves: https://issues.redhat.com/browse/RHEL-7036 Signed-off-by: Laine Stump <laine@redhat.com> --- src/qemu/qemu_hotplug.c | 92 +++++++++++++++++++++++++++++++++++------ 1 file changed, 80 insertions(+), 12 deletions(-)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 75b97cf736..a187466c5b 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -3675,6 +3675,7 @@ qemuDomainChangeNet(virQEMUDriver *driver, virDomainNetDef **devslot = NULL; virDomainNetDef *olddev; virDomainNetType oldType, newType; + bool actualSame = false; bool needReconnect = false; bool needBridgeChange = false; bool needFilterChange = false; @@ -3895,15 +3896,49 @@ qemuDomainChangeNet(virQEMUDriver *driver, * free it if we fail for any reason */ if (newdev->type == VIR_DOMAIN_NET_TYPE_NETWORK) { - if (!(conn = virGetConnectNetwork())) - goto cleanup; - if (virDomainNetAllocateActualDevice(conn, vm->def, newdev) < 0) - goto cleanup; - } + if (olddev->type == VIR_DOMAIN_NET_TYPE_NETWORK + && STREQ(olddev->data.network.name, newdev->data.network.name)) { + /* old and new are type='network', and the network name + * hasn't changed. In this case we *don't* want to get a + * new port ("actual device") from the network because we + * can use the old one (since it hasn't changed). + * + * So instead we just duplicate *the pointer to* the + * actualNetDef from olddev to newdev so that comparisons + * of actualNetDef will show no change. If the update is + * successful, we will clear the actualNetDef pointer from + * olddev before destroying it (or if the update fails, + * then we need to clear the pointer from newdev before + * destroying it) + */ + newdev->data.network.actual = olddev->data.network.actual; + memcpy(newdev->data.network.portid, olddev->data.network.portid, + sizeof(newdev->data.network.portid));
I thought we had a function that copies over .actual, but apparently I remembered it wrong.
+ actualSame = true; /* old and new actual are pointing to same object */ + } else { + /* either the olddev wasn't type='network', or else the + * name of the network changed. In this case we *do* want + * to get a new port from the new network (because we know + * that it *will* change), and then if the update is + * successful, we will release the port ("actual device") + * in olddev. Or if the update is a failure, we will + * release this new port + */ + if (!(conn = virGetConnectNetwork()) + || virDomainNetAllocateActualDevice(conn, vm->def, newdev) < 0) {
nitpick, The or operator should go onto the previous line.
+ goto cleanup; + }
Michal
It can be useful to force an interface to be detached/reattached from its bridge even if it's the same bridge - possibly something like the virtualport profileID has changed, and a detach/attach cycle will get it connected with the new profileID. The one and only current use of virNetDevTapReattachBridge() sets force to false, to preserve current behavior. An upcoming patch will use it with force set to true. Signed-off-by: Laine Stump <laine@redhat.com> --- src/conf/domain_conf.c | 2 +- src/util/virnetdevtap.c | 8 ++++++-- src/util/virnetdevtap.h | 3 ++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index cf4b1b2aef..963322f2f6 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -30630,7 +30630,7 @@ virDomainNetNotifyActualDevice(virConnectPtr conn, virDomainNetGetActualVirtPortProfile(iface), virDomainNetGetActualVlan(iface), virDomainNetGetActualPortOptionsIsolated(iface), - iface->mtu, NULL)); + iface->mtu, NULL, false)); } } diff --git a/src/util/virnetdevtap.c b/src/util/virnetdevtap.c index 3d7f680599..2701ba6dfc 100644 --- a/src/util/virnetdevtap.c +++ b/src/util/virnetdevtap.c @@ -510,6 +510,9 @@ virNetDevTapAttachBridge(const char *tapname, * @virtVlan: vlan tag info * @mtu: requested MTU for port (or 0 for "default") * @actualMTU: MTU actually set for port (after accounting for bridge's MTU) + * @force: set true to force detach/reattach even if the bridge name is unchanged + * (this can be useful if, for example, the profileid of the + * <virtualport> changes) * * Ensures that the tap device (@tapname) is connected to the bridge * (@brname), potentially removing it from any existing bridge that @@ -526,7 +529,8 @@ virNetDevTapReattachBridge(const char *tapname, const virNetDevVlan *virtVlan, virTristateBool isolatedPort, unsigned int mtu, - unsigned int *actualMTU) + unsigned int *actualMTU, + bool force) { bool useOVS = false; g_autofree char *master = NULL; @@ -542,7 +546,7 @@ virNetDevTapReattachBridge(const char *tapname, } /* Nothing more todo if we're on the right bridge already */ - if (STREQ_NULLABLE(brname, master)) + if (STREQ_NULLABLE(brname, master) && !force) return 0; /* disconnect from current (incorrect) bridge, if any */ diff --git a/src/util/virnetdevtap.h b/src/util/virnetdevtap.h index c9d29c0384..9ebe0ee9ed 100644 --- a/src/util/virnetdevtap.h +++ b/src/util/virnetdevtap.h @@ -82,7 +82,8 @@ virNetDevTapReattachBridge(const char *tapname, const virNetDevVlan *virtVlan, virTristateBool isolatedPort, unsigned int mtu, - unsigned int *actualMTU) + unsigned int *actualMTU, + bool force) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3) G_GNUC_WARN_UNUSED_RESULT; -- 2.46.0
The new function does what the old qemuDomainChangeNetbridge() did manually, except that: 1) the new function supports changing from a bridge of one type to another, e.g. from a Linux host bridge to an OVS bridge. (previously that wasn't handled) 2) the new function doesn't emit audit log messages. This is actually a good thing, because the old code would just log a "detach" followed immediately by "attach" for the same MAC address, so it's essentially a NOP. (the audit logs don't have any more detailed info about the connection - just the VM name and MAC address, so it makes no sense to log the detach/attach pair as it's not providing any information). Signed-off-by: Laine Stump <laine@redhat.com> --- src/qemu/qemu_hotplug.c | 55 ++++++++++------------------------------- 1 file changed, 13 insertions(+), 42 deletions(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index a187466c5b..4291feba29 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -55,6 +55,7 @@ #include "virnetdevbridge.h" #include "virnetdevopenvswitch.h" #include "virnetdevmidonet.h" +#include "virnetdevtap.h" #include "device_conf.h" #include "storage_source.h" #include "storage_source_conf.h" @@ -3484,7 +3485,6 @@ qemuDomainChangeNetBridge(virDomainObj *vm, virDomainNetDef *olddev, virDomainNetDef *newdev) { - int ret = -1; const char *oldbridge = virDomainNetGetActualBridgeName(olddev); const char *newbridge = virDomainNetGetActualBridgeName(newdev); @@ -3498,50 +3498,21 @@ qemuDomainChangeNetBridge(virDomainObj *vm, if (virNetDevExists(newbridge) != 1) { virReportError(VIR_ERR_OPERATION_FAILED, - _("bridge %1$s doesn't exist"), newbridge); + _("cannot add domain %1$s device %2$s to nonexistent bridge %3$s"), + vm->def->name, newdev->ifname, newbridge); return -1; } - ret = virNetDevBridgeRemovePort(oldbridge, olddev->ifname); - virDomainAuditNet(vm, olddev, NULL, "detach", ret == 0); - if (ret < 0) { - /* warn but continue - possibly the old network - * had been destroyed and reconstructed, leaving the - * tap device orphaned. - */ - VIR_WARN("Unable to detach device %s from bridge %s", - olddev->ifname, oldbridge); - } - - ret = virNetDevBridgeAddPort(newbridge, olddev->ifname); - if (ret == 0 && - virDomainNetGetActualPortOptionsIsolated(newdev) == VIR_TRISTATE_BOOL_YES) { - - ret = virNetDevBridgePortSetIsolated(newbridge, olddev->ifname, true); - if (ret < 0) { - virErrorPtr err; - - virErrorPreserveLast(&err); - ignore_value(virNetDevBridgeRemovePort(newbridge, olddev->ifname)); - virErrorRestore(&err); - } - } - virDomainAuditNet(vm, NULL, newdev, "attach", ret == 0); - if (ret < 0) { - virErrorPtr err; - - virErrorPreserveLast(&err); - ret = virNetDevBridgeAddPort(oldbridge, olddev->ifname); - if (ret == 0 && - virDomainNetGetActualPortOptionsIsolated(olddev) == VIR_TRISTATE_BOOL_YES) { - ignore_value(virNetDevBridgePortSetIsolated(newbridge, olddev->ifname, true)); - } - virDomainAuditNet(vm, NULL, olddev, "attach", ret == 0); - virErrorRestore(&err); - return -1; - } - /* caller will replace entire olddev with newdev in domain nets list */ - return 0; + /* force the detach/reattach (final arg) to make sure we pick up virtualport changes + * even if the bridge name hasn't changed + */ + return virNetDevTapReattachBridge(newdev->ifname, + virDomainNetGetActualBridgeName(newdev), + &newdev->mac, vm->def->uuid, + virDomainNetGetActualVirtPortProfile(newdev), + virDomainNetGetActualVlan(newdev), + virDomainNetGetActualPortOptionsIsolated(newdev), + newdev->mtu, NULL, true); } static int -- 2.46.0
This patch simplifies (?) the of qemuDomainChangeNet() code while fixing some incorrect decisions about exactly when it's necessary to re-attach an interface's bridge device, or to fail the device update (needReconnect[*]) because the type of connection has changed (or within bridge and direct (macvtap) type because some attribute of the connection has changed that can't actually be modified after the tap/macvtap device of the interface is created). Example 1: it's pointless to require the bridge device to be reattached just because the interface has been switched to a different network (i.e. the name of the network is different), since the new network could be using the same bridge as the old network (very uncommon, but technically possible). Instead we should only care if the name of the *bridge device* changes (or if something in <virtualport> changes - see Example 3). Example 2: wrt changing the "type" of the interface, a change should be allowed if old and new type both used a bridge device (whether or not the name of the bridge changes), or if old and new type are both "direct" *and* the device being linked and macvtap mode remain the same. Any other change in interface type cannot be accommodated and should be a failure (i.e. needReconnect). Example 3: there is no valid reason to fail just because the interface has a <virtualport> element - the <virtualport> could just say "type='openvswitch'" in both the before and after cases (in which case it isn't a change by itself, and so is completely acceptable), and even if the interfaceid changes, or the <virtualport> disappears completely, that can still be reconciled by simply re-attaching the bridge device. (If, on the other hand, the modified <virtualport> is for a type='direct' interface, we can't domodify that, and so must fail (needReconnect).) (I tried splitting this into multiple patches, but they were so intertwined that the intermediate patches made no sense.) [*] "needReconnect" was a flag added to this function way back in 2012, when I still believed that QEMU might someday support connecting a new & different device backend (the way the virtual device connects to the host) to an already existing guest netdev (the virtual device as it appears to the guest). Sadly that has never happened, so for the purposes of qemuDOmainChangeNet() "needReconnect" is equivalent to "fail". Signed-off-by: Laine Stump <laine@redhat.com> --- src/qemu/qemu_hotplug.c | 116 ++++++++++++++++++++++++---------------- 1 file changed, 70 insertions(+), 46 deletions(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 4291feba29..74ca704927 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -3646,6 +3646,8 @@ qemuDomainChangeNet(virQEMUDriver *driver, virDomainNetDef **devslot = NULL; virDomainNetDef *olddev; virDomainNetType oldType, newType; + const char *oldBridgeName = NULL; + const char *newBridgeName = NULL; bool actualSame = false; bool needReconnect = false; bool needBridgeChange = false; @@ -3913,6 +3915,9 @@ qemuDomainChangeNet(virQEMUDriver *driver, newType = virDomainNetGetActualType(newdev); + oldBridgeName = virDomainNetGetActualBridgeName(olddev); + newBridgeName = virDomainNetGetActualBridgeName(newdev); + if (newType == VIR_DOMAIN_NET_TYPE_HOSTDEV || newType == VIR_DOMAIN_NET_TYPE_VDPA) { /* can't turn it into a type='hostdev' or type='vdpa' interface */ @@ -3944,13 +3949,6 @@ qemuDomainChangeNet(virQEMUDriver *driver, break; case VIR_DOMAIN_NET_TYPE_NETWORK: - if (STRNEQ(olddev->data.network.name, newdev->data.network.name)) { - if (virDomainNetGetActualVirtPortProfile(newdev)) - needReconnect = true; - else - needBridgeChange = true; - } - if (STRNEQ_NULLABLE(olddev->data.network.portgroup, newdev->data.network.portgroup)) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", @@ -3991,59 +3989,85 @@ qemuDomainChangeNet(virQEMUDriver *driver, goto cleanup; } } else { - /* interface type has changed. There are a few special cases - * where this can only require a minor (or even no) change, - * but in most cases we need to do a full reconnection. + /* The interface type has changed. The only times when this + * wouldn't *always* require completely recreating the backend + * of the netdev (aka needReconnect, which QEMU doesn't + * support anyway) are: + * + * 1) if oldType and newType are both either _NETWORK or + * _BRIDGE (because both of those end up connecting the tap + * device to a bridge, and that is something that *can* be + * redone without recreating the backend (and will be + * handled below where needBridgeChange is set). * - * As long as both the new and old types use a tap device - * connected to a host bridge (ie VIR_DOMAIN_NET_TYPE_NETWORK - * or VIR_DOMAIN_NET_TYPE_BRIDGE), we just need to connect to - * the new bridge. + * (NB: if either of these is _NETWORK or _BRIDGE, the + * corresponding oldBridgeName/newBridgeName will be + * non-null - this is simpler to check for than checking + * each for both _NETWORK and _BRIDGE) + * + * 2) if oldType and newType are both _DIRECT (and presumably + * will end up specifying the same link device, which is + * checked further down where ActualDirectDev is checked) + * + * These two cases we'll allow through (for further checks + * below)... */ - if ((oldType == VIR_DOMAIN_NET_TYPE_NETWORK || - oldType == VIR_DOMAIN_NET_TYPE_BRIDGE) && - (newType == VIR_DOMAIN_NET_TYPE_NETWORK || - newType == VIR_DOMAIN_NET_TYPE_BRIDGE)) { - - needBridgeChange = true; + if (!((oldBridgeName && newBridgeName) + || (oldType == VIR_DOMAIN_NET_TYPE_DIRECT && + newType == VIR_DOMAIN_NET_TYPE_DIRECT))) { + + /* ...for all other combinations, we need a full reconnect + * (which currently isn't, and perhaps probably never will + * be, supported by QEMU, so needReconnect is effectively + * "NOT SUPPORTED") + */ + needReconnect = true; + } - } else if (oldType == VIR_DOMAIN_NET_TYPE_DIRECT && - newType == VIR_DOMAIN_NET_TYPE_DIRECT) { + /* whatever else is done, when the interface type has changed, + * we need to replace olddev with newdev + */ + needReplaceDevDef = true; + } - /* this is the case of switching from type='direct' to - * type='network' for a network that itself uses direct - * (macvtap) devices. If the physical device and mode are - * the same, this doesn't require any actual setup - * change. If the physical device or mode *does* change, - * that will be caught in the common section below */ + /* tests that need to be done whether or not type or actualType changes */ - } else { + /* if both new and old use a bridge device */ + if (newBridgeName) { - /* for all other combinations, we'll need a full reconnect */ - needReconnect = true; + if (STRNEQ_NULLABLE(oldBridgeName, newBridgeName)) + needBridgeChange = true; + /* A change in virtportprofile also indicates we probably need + * to re-attach the bridge, e.g. if the profileid or type + * changed. + */ + if (!virNetDevVPortProfileEqual(virDomainNetGetActualVirtPortProfile(olddev), + virDomainNetGetActualVirtPortProfile(newdev))) { + needBridgeChange = true; } } - /* now several things that are in multiple (but not all) - * different types, and can be safely compared even for those - * cases where they don't apply to a particular type. + /* if the newType is DIRECT then we've already set needReconnect + * if oldType was anything other than DIRECT. We also need to set + * it if the direct mode or anything in the virtportprofile has + * changed. */ - if (STRNEQ_NULLABLE(virDomainNetGetActualBridgeName(olddev), - virDomainNetGetActualBridgeName(newdev))) { - if (virDomainNetGetActualVirtPortProfile(newdev)) + if (newType == VIR_DOMAIN_NET_TYPE_DIRECT) { + if (STRNEQ_NULLABLE(virDomainNetGetActualDirectDev(olddev), + virDomainNetGetActualDirectDev(newdev)) || + virDomainNetGetActualDirectMode(olddev) != virDomainNetGetActualDirectMode(newdev) || + !virNetDevVPortProfileEqual(virDomainNetGetActualVirtPortProfile(olddev), + virDomainNetGetActualVirtPortProfile(newdev))) { + /* you really can't change much about a macvtap device once it's been created */ needReconnect = true; - else - needBridgeChange = true; + } } - if (STRNEQ_NULLABLE(virDomainNetGetActualDirectDev(olddev), - virDomainNetGetActualDirectDev(newdev)) || - virDomainNetGetActualDirectMode(olddev) != virDomainNetGetActualDirectMode(newdev) || - !virNetDevVPortProfileEqual(virDomainNetGetActualVirtPortProfile(olddev), - virDomainNetGetActualVirtPortProfile(newdev))) { - needReconnect = true; - } + /* now several things that are in multiple (but not all) different + * types, and can be safely compared even for those cases where + * they don't apply to a particular type. + */ if (!virNetDevVlanEqual(virDomainNetGetActualVlan(olddev), virDomainNetGetActualVlan(newdev))) { -- 2.46.0
On 9/18/24 17:26, Laine Stump wrote:
These patches are in response to a bug report filed a few years ago where I said "I can look at it next week" and then promptly forgot about it :-/
https://bugzilla.redhat.com/1949432
I was reminded of it when a bunch of old bugs were migrated from bugzilla.redhat.com to issues.redhat.com and Yalan Zhang added the comment that the bug was still reproducible on libvirt 10.4.0.
https://issues.redhat.com/browse/RHEL-7036
This got it back onto my todo list (where it should have been the entire time!) and I've finally gotten to it. Two similar-but-differen failures had been reported (one when using a network of "direct" (macvtap) devices, and one when using an openvswitch bridge, and it turned out that two different (but related) fixes were needed - the direct problem is fixed *mostly* in patch 1, with the other patches fixing the ovs problem (and the remainder of the direct problem).
Laine Stump (4): qemu: prevent unnecessarily failing live interface update util: don't return early from virNetDevTapReattachBridge() if "force" is true qemu: replace open-coded remove/attach bridge with virNetDevTapReattachBridge() qemu: rework needBridgeChange/needReconnect decisions in qemuDomainChangeNet()
src/conf/domain_conf.c | 2 +- src/qemu/qemu_hotplug.c | 263 +++++++++++++++++++++++++--------------- src/util/virnetdevtap.c | 8 +- src/util/virnetdevtap.h | 3 +- 4 files changed, 172 insertions(+), 104 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal`
participants (2)
-
Laine Stump -
Michal Prívozník