2:03 a.m.
We've been running Debian 11 for a while, using sr-iov:
<network>
<name>sr-iov-intel-10G-1</name>
<uuid>6bdaa4c8-e720-4ea0-9a50-91cb7f2c83b1</uuid>
<forward mode='hostdev' managed='yes'>
<pf dev='eth2'/>
</forward>
</network>
and allocating vf's from the pool:
<interface type='network' trustGuestRxFilters='yes'>
<mac address='52:54:00:08:da:5b'/>
<source network='sr-iov-intel-10G-1'/>
<vlan>
<tag id='50'/>
</vlan>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00'
slot='0x03' function='0x0'/>
</interface>
After upgrading to Debian 12, when I try to start any vm which uses the
trustGuestRxFilters option, it fails to start with the message:
error: internal error: unable to execute QEMU command 'query-rx-filter':
invalid net client name: hostdev0
If I remove the option, it starts fine (but of course is broken
functionality wise as the option wasn't there just for fun :) ).
Any thoughts on what's going on here? The Debian 12 versions are:
libvirt-daemon/stable,now 9.0.0-4
qemu-system-x86/stable,now 1:7.2+dfsg-7+deb12u3
I see Debian 12 backports has version 8.1.2+ds-1~bpo12+1 of qemu, but no
newer versions of libvirt. I haven't tried the backports version to
see if that resolves the problem.
Thanks much...
12:55 a.m.
Hi Paul,
May I know the purpose of "trustGuestRxFilters='yes'" setting in your
configuration?
Refer to [1], currently this "trustGuestRxFilters" parameter is only
supported for the virtio device model and for macvtap connections on the
host.
The hostdev type interface may not support it.
Thank you.
[1]https://libvirt.org/formatdomain.html#network-interfaces
BR,
Yalan
On Sat, Jan 20, 2024 at 4:04 PM Paul B. Henson <henson(a)acm.org> wrote:
We've been running Debian 11 for a while, using sr-iov:
<network>
<name>sr-iov-intel-10G-1</name>
<uuid>6bdaa4c8-e720-4ea0-9a50-91cb7f2c83b1</uuid>
<forward mode='hostdev' managed='yes'>
<pf dev='eth2'/>
</forward>
</network>
and allocating vf's from the pool:
<interface type='network' trustGuestRxFilters='yes'>
<mac address='52:54:00:08:da:5b'/>
<source network='sr-iov-intel-10G-1'/>
<vlan>
<tag id='50'/>
</vlan>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00'
slot='0x03'
function='0x0'/>
</interface>
After upgrading to Debian 12, when I try to start any vm which uses the
trustGuestRxFilters option, it fails to start with the message:
error: internal error: unable to execute QEMU command 'query-rx-filter':
invalid net client name: hostdev0
If I remove the option, it starts fine (but of course is broken
functionality wise as the option wasn't there just for fun :) ).
Any thoughts on what's going on here? The Debian 12 versions are:
libvirt-daemon/stable,now 9.0.0-4
qemu-system-x86/stable,now 1:7.2+dfsg-7+deb12u3
I see Debian 12 backports has version 8.1.2+ds-1~bpo12+1 of qemu, but no
newer versions of libvirt. I haven't tried the backports version to
see if that resolves the problem.
Thanks much...
_______________________________________________
Users mailing list -- users(a)lists.libvirt.org
To unsubscribe send an email to users-leave(a)lists.libvirt.org
11:44 a.m.
On 1/22/24 1:55 AM, Yalan Zhang wrote:
Hi Paul,
May I know the purpose of "trustGuestRxFilters='yes'" setting in your
configuration?
Refer to [1], currently this "trustGuestRxFilters" parameter is only
supported for the virtio device model and for macvtap connections on
the host.
The hostdev type interface may not support it.
You are correct, trustGuestRxFilters is only for virtio emulated
devices. It does nothing for hostdev network interfaces (or even for
other non-virtio emulated network devices, afaik).
My guess is that either qemu previously ignored the "query-rx-filter"
command when it was received for a hostdev device and now it is
(correctly) returning an error, or that libvirt previously just ignored
that setting for <interface> when it resolved to a hostdev (similar to
how it ignores <model name='blah'/> if the interface resolves to a
hostdev), and now due to refactoring it is mistakenly issuing the
query-rx-filter command.
At any rate, whatever functionality you think you are getting from
trustGuestRxFilters, you aren't actually getting it. libvirt should
ignore that setting (it can't prohibit it, because at the time the guest
is configured it doesn't know that the interface might end up being a
hostdev), but in the meantime you can solve the problem by removing
trustGuestRxFilters from your config.
Thank you.
[1]https://libvirt.org/formatdomain.html#network-interfaces
BR,
Yalan
On Sat, Jan 20, 2024 at 4:04 PM Paul B. Henson <henson(a)acm.org> wrote:
We've been running Debian 11 for a while, using sr-iov:
<network>
<name>sr-iov-intel-10G-1</name>
<uuid>6bdaa4c8-e720-4ea0-9a50-91cb7f2c83b1</uuid>
<forward mode='hostdev' managed='yes'>
<pf dev='eth2'/>
</forward>
</network>
and allocating vf's from the pool:
<interface type='network' trustGuestRxFilters='yes'>
<mac address='52:54:00:08:da:5b'/>
<source network='sr-iov-intel-10G-1'/>
<vlan>
<tag id='50'/>
</vlan>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00'
slot='0x03'
function='0x0'/>
</interface>
After upgrading to Debian 12, when I try to start any vm which
uses the
trustGuestRxFilters option, it fails to start with the message:
error: internal error: unable to execute QEMU command
'query-rx-filter':
invalid net client name: hostdev0
If I remove the option, it starts fine (but of course is broken
functionality wise as the option wasn't there just for fun :) ).
Any thoughts on what's going on here? The Debian 12 versions are:
libvirt-daemon/stable,now 9.0.0-4
qemu-system-x86/stable,now 1:7.2+dfsg-7+deb12u3
I see Debian 12 backports has version 8.1.2+ds-1~bpo12+1 of qemu,
but no
newer versions of libvirt. I haven't tried the backports version to
see if that resolves the problem.
Thanks much...
_______________________________________________
Users mailing list -- users(a)lists.libvirt.org
To unsubscribe send an email to users-leave(a)lists.libvirt.org
_______________________________________________
Users mailing list --users(a)lists.libvirt.org
To unsubscribe send an email tousers-leave(a)lists.libvirt.org
1:39 p.m.
On 1/22/2024 9:44 AM, Laine Stump wrote:
You are correct, trustGuestRxFilters is only for virtio emulated
devices. It does nothing for hostdev network interfaces (or even for
other non-virtio emulated network devices, afaik).
Huh. The vm in question used to run on a server without sr-iov, and that
setting was required to allow it to join multicast groups. When it was
migrated to a newer server using sr-iov, we left the configuration
option in assuming it was still needed, and everything continued to work
fine.
After this latest update, when the vm would not start, I am embarrassed
to admit I didn't actually confirm whether or not the underlying vm was
broken when I started it without it 8-/.
As you say, it does run fine without that option, which was presumably a
no-op previously.
Thank you both for the quick reply and clarification…
9:17 a.m.
On 1/20/24 09:03, Paul B. Henson wrote:
We've been running Debian 11 for a while, using sr-iov:
<network>
<name>sr-iov-intel-10G-1</name>
<uuid>6bdaa4c8-e720-4ea0-9a50-91cb7f2c83b1</uuid>
<forward mode='hostdev' managed='yes'>
<pf dev='eth2'/>
</forward>
</network>
and allocating vf's from the pool:
<interface type='network' trustGuestRxFilters='yes'>
<mac address='52:54:00:08:da:5b'/>
<source network='sr-iov-intel-10G-1'/>
<vlan>
<tag id='50'/>
</vlan>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00'
slot='0x03' function='0x0'/>
</interface>
After upgrading to Debian 12, when I try to start any vm which uses the
trustGuestRxFilters option, it fails to start with the message:
error: internal error: unable to execute QEMU command 'query-rx-filter':
invalid net client name: hostdev0
I think it may be a regression caused by the following commit:
https://gitlab.com/libvirt/libvirt/-/commit/060d4c83ef436cf56abfad51a4d64...
(contained in libvirt-8.9.0)
In two functions (qemuProcessRefreshState() and qemuProcessReconnect())
there's a call to qemuProcessRefreshRxFilters() added. And since you
have trustGuestRxFilters='yes' it then proceeds and queries QEMU on the
monitor for MAC address.
Let me see if I can cook up a patch, since I'm the one who broke it.
Michal
3:43 a.m.
On 1/23/24 16:17, Michal Prívozník wrote:
On 1/20/24 09:03, Paul B. Henson wrote:
> We've been running Debian 11 for a while, using sr-iov:
>
> <network>
> <name>sr-iov-intel-10G-1</name>
> <uuid>6bdaa4c8-e720-4ea0-9a50-91cb7f2c83b1</uuid>
> <forward mode='hostdev' managed='yes'>
> <pf dev='eth2'/>
> </forward>
> </network>
>
> and allocating vf's from the pool:
>
> <interface type='network' trustGuestRxFilters='yes'>
> <mac address='52:54:00:08:da:5b'/>
> <source network='sr-iov-intel-10G-1'/>
> <vlan>
> <tag id='50'/>
> </vlan>
> <model type='virtio'/>
> <address type='pci' domain='0x0000' bus='0x00'
slot='0x03' function='0x0'/>
> </interface>
>
> After upgrading to Debian 12, when I try to start any vm which uses the
> trustGuestRxFilters option, it fails to start with the message:
>
> error: internal error: unable to execute QEMU command 'query-rx-filter':
> invalid net client name: hostdev0
>
I think it may be a regression caused by the following commit:
https://gitlab.com/libvirt/libvirt/-/commit/060d4c83ef436cf56abfad51a4d64...
(contained in libvirt-8.9.0)
In two functions (qemuProcessRefreshState() and qemuProcessReconnect())
there's a call to qemuProcessRefreshRxFilters() added. And since you
have trustGuestRxFilters='yes' it then proceeds and queries QEMU on the
monitor for MAC address.
Let me see if I can cook up a patch, since I'm the one who broke it.
In fact, there's an easy reproducer without any SRIOV involved: just try
to start a domain with <interface type='direct'
trustGuestRxFilters='yes'/>
and !virtio model (say rtl8139).
Patch posted here:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/AV...
Michal
9:07 a.m.
On 1/25/24 10:43, Michal Prívozník wrote:
Patch posted here:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/AV...
This is now fixed. Andrea, can you backport it please?
Michal
7:37 p.m.
On Thu, Jan 25, 2024 at 04:07:12PM +0100, Michal Prívozník wrote:
On 1/25/24 10:43, Michal Prívozník wrote:
>
> Patch posted here:
>
>
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/AV...
This is now fixed. Andrea, can you backport it please?
Apologies for the embarrassing delay. This has now been backported
and will be part of the upcoming Debian 12.8 stable update, due in a
week or so.
https://tracker.debian.org/news/1581461/accepted-libvirt-900-4deb12u2-sou...
--
Andrea Bolognani / Red Hat / Virtualization
21
days inactive
307
days old
7 comments
5 participants
participants (5)
-
Andrea Bolognani -
Laine Stump -
Michal Prívozník -
Paul B. Henson -
Yalan Zhang