7:49 a.m.
This was reported here:
https://lists.libvirt.org/archives/list/users@lists.libvirt.org/thread/QZ...
and v1 was posted here:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/AV...
diff to v1:
- Expanded commit message in 1/2
- Added NEWS entry
- Expanded list of vNIC types for which query-rx-filter is issued to
basically every TUN/TAP based type. Might be an overkill, but should
keep us covered for foreseeable future (e.g. when we decide to report
changed MAC address in domain XML).
Michal Prívozník (2):
qemu_process: Skip over non-virtio non-TAP NIC models when refreshing
rx-filter
NEWS: Document recent rx-filter bugfix
NEWS.rst | 9 +++++++++
src/qemu/qemu_process.c | 27 +++++++++++++++++++++++++++
2 files changed, 36 insertions(+)
--
2.43.0
7:49 a.m.
New subject: [PATCH v2 1/2] qemu_process: Skip over non-virtio non-TAP NIC models when refreshing rx-filter
After guest is started, or we are reconnecting to already running
one (after daemon restart), qemuProcessRefreshRxFilters() is
called to refresh rx-filters (basically MAC addresses of guest
NICs) as they might have changed while we were not running (for
the case when reconnecting to an already running guest), or we
need to enable them by running a command (for freshly started
guest - see processNicRxFilterChangedEvent()).
Now, our XML parser allowed trustGuestRxFilters attribute for all
types and models of <interface/> while in reality, only virtio
model AND TUN/TAP based types can see MAC address changes. For
other combinations, QEMU reports an error.
This all means that when the daemon is restarted and it
reconnects to a guest with, well invalid configuration, or when
such guest is restored from a saved image, or migrated then we
issue the monitor command, to which QEMU replies with an error
which is then propagated to users.
While on one hand users should fix their configuration (and after
v10.0.0-rc1~123 they can do that even on live domains), libvirt
can also has some logic built in that prevent issuing the command
in the first place (for obviously wrong cases).
Fixes: 060d4c83ef436cf56abfad51a4d64c39448e199d
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_process.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 3563ad215c..c1115b440f 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7958,6 +7958,33 @@ qemuProcessRefreshRxFilters(virDomainObj *vm,
if (!virDomainNetGetActualTrustGuestRxFilters(def))
continue;
+ /* rx-filters are supported only for virtio model and TUN/TAP based
+ * types. */
+ if (def->model != VIR_DOMAIN_NET_MODEL_VIRTIO)
+ continue;
+
+ switch (virDomainNetGetActualType(def)) {
+ case VIR_DOMAIN_NET_TYPE_ETHERNET:
+ case VIR_DOMAIN_NET_TYPE_NETWORK:
+ case VIR_DOMAIN_NET_TYPE_BRIDGE:
+ case VIR_DOMAIN_NET_TYPE_DIRECT:
+ break;
+ case VIR_DOMAIN_NET_TYPE_USER:
+ case VIR_DOMAIN_NET_TYPE_VHOSTUSER:
+ case VIR_DOMAIN_NET_TYPE_SERVER:
+ case VIR_DOMAIN_NET_TYPE_CLIENT:
+ case VIR_DOMAIN_NET_TYPE_MCAST:
+ case VIR_DOMAIN_NET_TYPE_INTERNAL:
+ case VIR_DOMAIN_NET_TYPE_HOSTDEV:
+ case VIR_DOMAIN_NET_TYPE_UDP:
+ case VIR_DOMAIN_NET_TYPE_VDPA:
+ case VIR_DOMAIN_NET_TYPE_NULL:
+ case VIR_DOMAIN_NET_TYPE_VDS:
+ case VIR_DOMAIN_NET_TYPE_LAST:
+ default:
+ continue;
+ }
+
if (qemuDomainSyncRxFilter(vm, def, asyncJob) < 0)
return -1;
}
--
2.43.0
7:49 a.m.
New subject: [PATCH v2 2/2] NEWS: Document recent rx-filter bugfix
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
NEWS.rst | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 4c799999fe..e2796fd8b2 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -27,6 +27,15 @@ v10.1.0 (unreleased)
* **Bug fixes**
+ * qemu_process: Skip over non-virtio non-TAP NIC models when refreshing rx-filter
+
+ If ``trustGuestRxFilters`` is enabled for a vNIC that doesn't support it,
+ libvirt may throw an error when such domain is being started, loaded from a
+ saved state, migrated, etc. These errors are now silenced, but make sure to
+ fix such configurations (after previous release it is even possible to
+ change ``trustGuestRxFilters`` value on live domains via
+ ``virDomainUpdateDeviceFlags()`` or ``virsh device-update``).
+
v10.0.0 (2024-01-15)
====================
--
2.43.0
8:14 a.m.
New subject: [PATCH v2 0/2] qemu_process: Skip over non-virtio non-TAP NIC
models when refreshing rx-filter
On Thu, Jan 25, 2024 at 14:49:47 +0100, Michal Privoznik wrote:
This was reported here:
https://lists.libvirt.org/archives/list/users@lists.libvirt.org/thread/QZ...
and v1 was posted here:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/AV...
diff to v1:
- Expanded commit message in 1/2
- Added NEWS entry
- Expanded list of vNIC types for which query-rx-filter is issued to
basically every TUN/TAP based type. Might be an overkill, but should
keep us covered for foreseeable future (e.g. when we decide to report
changed MAC address in domain XML).
Please add the exact verbatim copy of the error message the user gets if
they have the broken configuration both into the commit message and
into the news entry for anyone searching for that problem.
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
301
days inactive
301
days old
3 comments
2 participants
participants (2)
-
Michal Privoznik -
Peter Krempa