Bug 1002423

Summary: Libvirt should forbid or remove the duplicate <interface>/<address> subelements in <forward> element of virtual network
Product: Red Hat Enterprise Linux 7 Reporter: hongming <honzhang>
Component: libvirtAssignee: Laine Stump <laine>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: dyuan, jsuchane, mzhan, rbalakri, xuzhang, yalzhang
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-1.3.4-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1002421 Environment:
Last Closed: 2016-11-03 18:06:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description hongming 2013-08-29 07:41:55 UTC 
+++ This bug was initially created as a clone of Bug #1002421 +++

Description of problem:
libvirt should forbid to define or start 'hostdev' network which contains the same VFs


Version-Release number of selected component (if applicable):
libvirt-0.10.2-23.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
# lspci|grep 11:10
11:10.0 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.1 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.2 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.3 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.4 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.5 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.6 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.7 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)

# cat host-devnet1.xml
<network>
<name>hostdev-net1</name>
<forward mode='hostdev' managed='yes'>
<address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
<address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
<address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
<address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x1'/>
</forward>
</network>

# virsh net-define host-devnet1.xml
Network hostdev-net1 defined from host-devnet1.xml

# virsh net-dumpxml hostdev-net1
<network>
  <name>hostdev-net1</name>
  <uuid>a57d0acb-3182-28ad-5c47-aae471ca8084</uuid>
  <forward mode='hostdev' managed='yes'>
    <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
    <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
    <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
    <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x1'/>
  </forward>
</network>

# cat vfpool.xml
<interface type='network'>
   <source network='hostdev-net1'/>
</interface>

# virsh start r6
Domain r6 started

# virsh attach-device r6 vfpool.xml
Device attached successfully

# virsh attach-device r6 vfpool.xml
error: Failed to attach device from vfpool.xml
error: Requested operation is not valid: PCI device 0000:11:10.0 is in use by domain r6


Actual results:
libvirt can define or start the 'hostdev' network which contains some identical VFs 

Expected results:
libvirt should forbid to define or start 'hostdev' network which contains some identical VFs 

Additional info:
Comment 2 hongming 2013-08-29 07:49:37 UTC 
The bug also can be reproduced in libvirt-1.1.1-2.el7.x86_64. So clone it to rhel7.0 to track the issue.
Comment 3 Hu Jianwei 2014-02-20 07:36:13 UTC 
I can reproduce it on other forward modes(passthrough/private/bridge). So, I suggest libvirt could do simply check(remove duplicate lines or forbid to edit/start virtual network) for duplicate <interface>/<address> subelements before net-edit/net-start, this will provide convenience for device assignment actions.

Versions:
libvirt-1.1.1-23.el7.x86_64
qemu-kvm-rhev-1.5.3-48.el7.x86_64
kernel-3.10.0-88.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
Define a virtual network with passthrough/private/bridge forward mode.

like:
[root@intel-e5530-8-2 ~]# virsh net-dumpxml hostnet
<network>
  <name>hostnet</name>
  <uuid>c1fb4ead-21b8-4d69-8ad9-669c55b3dfc7</uuid>
  <forward dev='enp7s6f0' mode='passthrough'>
    <interface dev='enp7s6f0'/>            
    <interface dev='enp7s6f1'/>
    <interface dev='enp7s6f0'/>
    <interface dev='enp7s6f2'/>
    <interface dev='enp7s6f3'/>
    <interface dev='enp7s6f0'/>
  </forward>
</network>

As shown above, the duplicate interfaces were added to the same virtual network pool, sometime this will case troublesome things, there is a simply example. After attaching several interfaces using "virsh attach-interface r7 network hostnet" :

[root@intel-e5530-8-2 ~]# virsh net-dumpxml hostnet
<network connections='3'>
  <name>hostnet</name>
  <uuid>c1fb4ead-21b8-4d69-8ad9-669c55b3dfc7</uuid>
  <forward dev='enp7s6f0' mode='passthrough'>
    <interface dev='enp7s6f0'/>                     <====this line will be confused, should append "connections='1'" at the rear of line.
    <interface dev='enp7s6f1' connections='1'/>
    <interface dev='enp7s6f0' connections='1'/>
    <interface dev='enp7s6f2' connections='1'/>
    <interface dev='enp7s6f3' connections='1'/>
    <interface dev='enp7s6f0' connections='1'/>
  </forward>
</network>
Comment 12 Laine Stump 2016-04-18 19:15:29 UTC 
Patch sent upstream:

https://www.redhat.com/archives/libvir-list/2016-April/msg01155.html
Comment 13 Laine Stump 2016-04-19 16:44:03 UTC 
Fix pushed upstream, will be in libvirt-1.3.4:

commit 3a773c43c8018a94d37ed3671702cc3863accf36
Author: Laine Stump <laine>
Date:   Mon Apr 18 14:18:37 2016 -0400

    test: enable testing for expected parse errors in network XML
    
commit 3583e75d7e68ebf7757ac5b2e318ce47d25ae69c
Author: Laine Stump <laine>
Date:   Mon Apr 18 15:07:26 2016 -0400

    network: prevent duplicate entries in network device pools
Comment 15 yalzhang@redhat.com 2016-05-05 13:24:13 UTC 
Verified on libvirt-1.3.4-1.el7.x86_64, all the results is as expected.

1. hostdev network with duplicate pci address can not be defined or created.
# cat passthrough1.xml
<network>
<name>passthrough1</name>
 <forward mode='hostdev' managed='yes'>
    <driver name='vfio'/>
    <address type='pci' domain='0000' bus='03' slot='10' function='4'/>
    <address type='pci' domain='0000' bus='03' slot='10' function='5'/>
    <address type='pci' domain='0000' bus='03' slot='10' function='4'/>
    <address type='pci' domain='0000' bus='03' slot='10' function='6'/>
    <address type='pci' domain='0000' bus='03' slot='10' function='4'/>
  </forward>
</network>

# virsh net-define passthrough1.xml
error: Failed to define network from passthrough1.xml
error: XML error: PCI device '0000:03:0a.4' can only be listed once in network passthrough1

# virsh net-create passthrough1.xml
error: Failed to create network from passthrough1.xml
error: XML error: PCI device '0000:03:0a.4' can only be listed once in network passthrough1

2. net-edit will fail if add a duplicate vf in hostdev network.
# virsh net-dumpxml passthrough1
<network>
  <name>passthrough1</name>
  <uuid>57f2706c-fafc-4adb-88da-0e607606ddb3</uuid>
  <forward mode='hostdev' managed='yes'>
    <driver name='vfio'/>
    <address type='pci' domain='0x0000' bus='0x03' slot='0x0a' function='0x4'/>
    <address type='pci' domain='0x0000' bus='0x03' slot='0x0a' function='0x5'/>
    <address type='pci' domain='0x0000' bus='0x03' slot='0x0a' function='0x6'/>
  </forward>
</network>

# virsh net-edit passthrough1
error: XML error: PCI device '0000:03:0a.4' can only be listed once in network passthrough1
Failed. Try again? [y,n,f,?]: 


3. macvtap network with duplicate interface dev will not be defined or created.Try bridge/vepa/private/passthrough mode, all the results is as expected.
# cat macvtap.xml
 <network>
        <name>direct-macvtap</name>
        <forward mode="bridge">
          <interface dev="ens1f0"/>
          <interface dev="ens1f1"/>
          <interface dev="ens1f1"/>
          <interface dev="ens1f0"/>
        </forward>
      </network>

# virsh net-define macvtap.xml
error: Failed to define network from macvtap.xml
error: XML error: interface 'ens1f1' can only be listed once in network direct-macvtap

# virsh net-create macvtap.xml
error: Failed to create network from macvtap.xml
error: XML error: interface 'ens1f1' can only be listed once in network direct-macvtap

4. net-edit will fail if add an duplicate interface dev in macvtap network.
# virsh net-dumpxml direct-macvtap
<network>
  <name>direct-macvtap</name>
  <uuid>f5ad443b-96bf-492e-9126-61a47aa1f9ff</uuid>
  <forward dev='ens1f0' mode='passthrough'>
    <interface dev='ens1f0'/>
    <interface dev='ens1f1'/>
  </forward>
</network>
# virsh net-edit direct-macvtap
error: XML error: interface 'ens1f1' can only be listed once in network direct-macvtap
Failed. Try again? [y,n,f,?]:
Comment 16 yalzhang@redhat.com 2016-05-26 06:51:16 UTC 
as the results in comments 15, move the bug to verified.
Comment 18 errata-xmlrpc 2016-11-03 18:06:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2577.html