trustGuestRxFilters broken after upgrade to Debian 12
We've been running Debian 11 for a while, using sr-iov: <network> <name>sr-iov-intel-10G-1</name> <uuid>6bdaa4c8-e720-4ea0-9a50-91cb7f2c83b1</uuid> <forward mode='hostdev' managed='yes'> <pf dev='eth2'/> </forward> </network> and allocating vf's from the pool: <interface type='network' trustGuestRxFilters='yes'> <mac address='52:54:00:08:da:5b'/> <source network='sr-iov-intel-10G-1'/> <vlan> <tag id='50'/> </vlan> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> After upgrading to Debian 12, when I try to start any vm which uses the trustGuestRxFilters option, it fails to start with the message: error: internal error: unable to execute QEMU command 'query-rx-filter': invalid net client name: hostdev0 If I remove the option, it starts fine (but of course is broken functionality wise as the option wasn't there just for fun :) ). Any thoughts on what's going on here? The Debian 12 versions are: libvirt-daemon/stable,now 9.0.0-4 qemu-system-x86/stable,now 1:7.2+dfsg-7+deb12u3 I see Debian 12 backports has version 8.1.2+ds-1~bpo12+1 of qemu, but no newer versions of libvirt. I haven't tried the backports version to see if that resolves the problem. Thanks much...
Hi Paul, May I know the purpose of "trustGuestRxFilters='yes'" setting in your configuration? Refer to [1], currently this "trustGuestRxFilters" parameter is only supported for the virtio device model and for macvtap connections on the host. The hostdev type interface may not support it. Thank you. [1]https://libvirt.org/formatdomain.html#network-interfaces BR, Yalan On Sat, Jan 20, 2024 at 4:04 PM Paul B. Henson <henson@acm.org> wrote:
We've been running Debian 11 for a while, using sr-iov:
<network> <name>sr-iov-intel-10G-1</name> <uuid>6bdaa4c8-e720-4ea0-9a50-91cb7f2c83b1</uuid> <forward mode='hostdev' managed='yes'> <pf dev='eth2'/> </forward> </network>
and allocating vf's from the pool:
<interface type='network' trustGuestRxFilters='yes'> <mac address='52:54:00:08:da:5b'/> <source network='sr-iov-intel-10G-1'/> <vlan> <tag id='50'/> </vlan> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface>
After upgrading to Debian 12, when I try to start any vm which uses the trustGuestRxFilters option, it fails to start with the message:
error: internal error: unable to execute QEMU command 'query-rx-filter': invalid net client name: hostdev0
If I remove the option, it starts fine (but of course is broken functionality wise as the option wasn't there just for fun :) ).
Any thoughts on what's going on here? The Debian 12 versions are:
libvirt-daemon/stable,now 9.0.0-4 qemu-system-x86/stable,now 1:7.2+dfsg-7+deb12u3
I see Debian 12 backports has version 8.1.2+ds-1~bpo12+1 of qemu, but no newer versions of libvirt. I haven't tried the backports version to see if that resolves the problem.
Thanks much... _______________________________________________ Users mailing list -- users@lists.libvirt.org To unsubscribe send an email to users-leave@lists.libvirt.org
On 1/22/24 1:55 AM, Yalan Zhang wrote:
Hi Paul,
May I know the purpose of "trustGuestRxFilters='yes'" setting in your configuration? Refer to [1], currently this "trustGuestRxFilters" parameter is only supported for the virtio device model and for macvtap connections on the host. The hostdev type interface may not support it.
You are correct, trustGuestRxFilters is only for virtio emulated devices. It does nothing for hostdev network interfaces (or even for other non-virtio emulated network devices, afaik). My guess is that either qemu previously ignored the "query-rx-filter" command when it was received for a hostdev device and now it is (correctly) returning an error, or that libvirt previously just ignored that setting for <interface> when it resolved to a hostdev (similar to how it ignores <model name='blah'/> if the interface resolves to a hostdev), and now due to refactoring it is mistakenly issuing the query-rx-filter command. At any rate, whatever functionality you think you are getting from trustGuestRxFilters, you aren't actually getting it. libvirt should ignore that setting (it can't prohibit it, because at the time the guest is configured it doesn't know that the interface might end up being a hostdev), but in the meantime you can solve the problem by removing trustGuestRxFilters from your config.
Thank you.
[1]https://libvirt.org/formatdomain.html#network-interfaces
BR, Yalan
On Sat, Jan 20, 2024 at 4:04 PM Paul B. Henson <henson@acm.org> wrote:
We've been running Debian 11 for a while, using sr-iov:
<network> <name>sr-iov-intel-10G-1</name> <uuid>6bdaa4c8-e720-4ea0-9a50-91cb7f2c83b1</uuid> <forward mode='hostdev' managed='yes'> <pf dev='eth2'/> </forward> </network>
and allocating vf's from the pool:
<interface type='network' trustGuestRxFilters='yes'> <mac address='52:54:00:08:da:5b'/> <source network='sr-iov-intel-10G-1'/> <vlan> <tag id='50'/> </vlan> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface>
After upgrading to Debian 12, when I try to start any vm which uses the trustGuestRxFilters option, it fails to start with the message:
error: internal error: unable to execute QEMU command 'query-rx-filter': invalid net client name: hostdev0
If I remove the option, it starts fine (but of course is broken functionality wise as the option wasn't there just for fun :) ).
Any thoughts on what's going on here? The Debian 12 versions are:
libvirt-daemon/stable,now 9.0.0-4 qemu-system-x86/stable,now 1:7.2+dfsg-7+deb12u3
I see Debian 12 backports has version 8.1.2+ds-1~bpo12+1 of qemu, but no newer versions of libvirt. I haven't tried the backports version to see if that resolves the problem.
Thanks much... _______________________________________________ Users mailing list -- users@lists.libvirt.org To unsubscribe send an email to users-leave@lists.libvirt.org
_______________________________________________ Users mailing list --users@lists.libvirt.org To unsubscribe send an email tousers-leave@lists.libvirt.org
On 1/22/2024 9:44 AM, Laine Stump wrote:
You are correct, trustGuestRxFilters is only for virtio emulated devices. It does nothing for hostdev network interfaces (or even for other non-virtio emulated network devices, afaik).
Huh. The vm in question used to run on a server without sr-iov, and that setting was required to allow it to join multicast groups. When it was migrated to a newer server using sr-iov, we left the configuration option in assuming it was still needed, and everything continued to work fine. After this latest update, when the vm would not start, I am embarrassed to admit I didn't actually confirm whether or not the underlying vm was broken when I started it without it 8-/. As you say, it does run fine without that option, which was presumably a no-op previously. Thank you both for the quick reply and clarification…
On 1/20/24 09:03, Paul B. Henson wrote:
We've been running Debian 11 for a while, using sr-iov:
<network> <name>sr-iov-intel-10G-1</name> <uuid>6bdaa4c8-e720-4ea0-9a50-91cb7f2c83b1</uuid> <forward mode='hostdev' managed='yes'> <pf dev='eth2'/> </forward> </network>
and allocating vf's from the pool:
<interface type='network' trustGuestRxFilters='yes'> <mac address='52:54:00:08:da:5b'/> <source network='sr-iov-intel-10G-1'/> <vlan> <tag id='50'/> </vlan> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface>
After upgrading to Debian 12, when I try to start any vm which uses the trustGuestRxFilters option, it fails to start with the message:
error: internal error: unable to execute QEMU command 'query-rx-filter': invalid net client name: hostdev0
I think it may be a regression caused by the following commit: https://gitlab.com/libvirt/libvirt/-/commit/060d4c83ef436cf56abfad51a4d64c39... (contained in libvirt-8.9.0) In two functions (qemuProcessRefreshState() and qemuProcessReconnect()) there's a call to qemuProcessRefreshRxFilters() added. And since you have trustGuestRxFilters='yes' it then proceeds and queries QEMU on the monitor for MAC address. Let me see if I can cook up a patch, since I'm the one who broke it. Michal
On 1/23/24 16:17, Michal Prívozník wrote:
On 1/20/24 09:03, Paul B. Henson wrote:
We've been running Debian 11 for a while, using sr-iov:
<network> <name>sr-iov-intel-10G-1</name> <uuid>6bdaa4c8-e720-4ea0-9a50-91cb7f2c83b1</uuid> <forward mode='hostdev' managed='yes'> <pf dev='eth2'/> </forward> </network>
and allocating vf's from the pool:
<interface type='network' trustGuestRxFilters='yes'> <mac address='52:54:00:08:da:5b'/> <source network='sr-iov-intel-10G-1'/> <vlan> <tag id='50'/> </vlan> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface>
After upgrading to Debian 12, when I try to start any vm which uses the trustGuestRxFilters option, it fails to start with the message:
error: internal error: unable to execute QEMU command 'query-rx-filter': invalid net client name: hostdev0
I think it may be a regression caused by the following commit:
https://gitlab.com/libvirt/libvirt/-/commit/060d4c83ef436cf56abfad51a4d64c39...
(contained in libvirt-8.9.0)
In two functions (qemuProcessRefreshState() and qemuProcessReconnect()) there's a call to qemuProcessRefreshRxFilters() added. And since you have trustGuestRxFilters='yes' it then proceeds and queries QEMU on the monitor for MAC address.
Let me see if I can cook up a patch, since I'm the one who broke it.
In fact, there's an easy reproducer without any SRIOV involved: just try to start a domain with <interface type='direct' trustGuestRxFilters='yes'/> and !virtio model (say rtl8139). Patch posted here: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/AVRYA... Michal
On 1/25/24 10:43, Michal Prívozník wrote:
Patch posted here:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/AVRYA...
This is now fixed. Andrea, can you backport it please? Michal
On Thu, Jan 25, 2024 at 04:07:12PM +0100, Michal Prívozník wrote:
On 1/25/24 10:43, Michal Prívozník wrote:
Patch posted here:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/AVRYA...
This is now fixed. Andrea, can you backport it please?
Apologies for the embarrassing delay. This has now been backported and will be part of the upcoming Debian 12.8 stable update, due in a week or so. https://tracker.debian.org/news/1581461/accepted-libvirt-900-4deb12u2-source... -- Andrea Bolognani / Red Hat / Virtualization
participants (5)
-
Andrea Bolognani -
Laine Stump -
Michal Prívozník -
Paul B. Henson -
Yalan Zhang