| Summary: | libvirt should forbid to define or start 'hostdev' network which contains PF pci addresses | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | hongming <honzhang> |
| Component: | libvirt | Assignee: | Laine Stump <laine> |
| Status: | CLOSED ERRATA | QA Contact: | Jingjing Shao <jishao> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.0 | CC: | adevolder, ajia, dyuan, mzhan, rbalakri, Robert.Hu, xuzhang, yalzhang |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-3.2.0-1.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1004629 | Environment: | |
| Last Closed: | 2017-08-01 17:06:41 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 1004629 | ||
| Bug Blocks: | 1401400 | ||
|
Description
hongming
2013-09-05 08:08:05 UTC
This patch handles the bad config detailed here, as well as several other cases: https://www.redhat.com/archives/libvir-list/2017-March/msg01235.html *** Bug 1311464 has been marked as a duplicate of this bug. *** Fix pushed upstream:
commit 5c8d622f5d7fefd43e31a7aa6bdc4fe07d26bf73
Author: Laine Stump <laine>
Date: Sat Mar 25 14:00:13 2017 -0400
network: better validation of devices in hostdev network pool
# lspci | grep 82599
86:00.0 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)
86:00.1 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)
86:10.0 Ethernet controller: Intel Corporation 82599 Ethernet Controller Virtual Function (rev 01)
86:10.1 Ethernet controller: Intel Corporation 82599 Ethernet Controller Virtual Function (rev 01)
86:10.2 Ethernet controller: Intel Corporation 82599 Ethernet Controller Virtual Function (rev 01)
(1)Check the"devices must be listed by PCI address, not by netdev name"
# cat hostnet.xml
<network>
<name>hostnet</name>
<uuid>6b49be3c-bb91-c16d-b475-2929678720f4</uuid>
<forward mode='hostdev' managed='yes'>
<pf dev='ens2f1'/>
</forward>
</network>
# virsh net-define hostnet.xml
Network hostnet defined from hostnet.xml
# virsh net-dumpxml hostnet
<network>
<name>hostnet</name>
<uuid>6b49be3c-bb91-c16d-b475-2929678720f4</uuid>
<forward mode='hostdev' managed='yes'>
<pf dev='ens2f1'/>
</forward>
</network>
# virsh net-start hostnet
Network hostnet started
# virsh net-list --all
Name State Autostart Persistent
----------------------------------------------------------
hostnet active no yes
# virsh net-dumpxml hostnet
<network>
<name>hostnet</name>
<uuid>6b49be3c-bb91-c16d-b475-2929678720f4</uuid>
<forward mode='hostdev' managed='yes'>
<pf dev='ens2f1'/>
<address type='pci' domain='0x0000' bus='0x86' slot='0x10' function='0x1'/>
<address type='pci' domain='0x0000' bus='0x86' slot='0x10' function='0x3'/>
<address type='pci' domain='0x0000' bus='0x86' slot='0x10' function='0x5'/>
<address type='pci' domain='0x0000' bus='0x86' slot='0x10' function='0x7'/>
</forward>
</network>
# virsh net-destroy hostnet
Network hostnet destroyed
# virsh net-dumpxml hostnet
<network>
<name>hostnet</name>
<uuid>6b49be3c-bb91-c16d-b475-2929678720f4</uuid>
<forward mode='hostdev' managed='yes'>
<pf dev='ens2f1'/>
</forward>
</network>
(2) Check "listing a device by PCI address is valid only for hostdev networks, not for other types of network (e.g. macvtap passthrough)."
# cat macvtap.xml
<network>
<name>macvtap</name>
<uuid>a53c4f33-58ea-4b2e-80b4-f9d103b7b0a3</uuid>
<forward dev='ens2f1' mode='passthrough'>
<interface dev='ens2f1'/>
</forward>
</network>
# virsh net-define macvtap.xml
Network macvtap defined from macvtap.xml
# virsh net-dumpxml macvtap
<network>
<name>macvtap</name>
<uuid>a53c4f33-58ea-4b2e-80b4-f9d103b7b0a3</uuid>
<forward dev='ens2f1' mode='passthrough'>
<interface dev='ens2f1'/>
</forward>
</network>
# virsh net-start macvtap
Network macvtap started
# virsh net-dumpxml macvtap
<network>
<name>macvtap</name>
<uuid>a53c4f33-58ea-4b2e-80b4-f9d103b7b0a3</uuid>
<forward dev='ens2f1' mode='passthrough'>
<interface dev='ens2f1'/>
</forward>
</network>
# virsh net-destroy macvtap
Network macvtap destroyed
(3)Check "each device in a hostdev pool must be an SR-IOV VF "
# cat hostnet.xml
<network>
<name>hostnet</name>
<uuid>6b49be3c-bb91-c16d-b475-2929678720f4</uuid>
<forward mode='hostdev' managed='yes'>
<address type='pci' domain='0x0000' bus='0x86' slot='0x00' function='0x1'/>
</forward>
</network>
# virsh net-list --all
Name State Autostart Persistent
----------------------------------------------------------
# virsh net-define hostnet.xml
error: Failed to define network from hostnet.xml
error: unsupported configuration: device '/sys/bus/pci/devices/0000:86:00.1' in network 'hostnet' is not an SR-IOV Virtual Function
According to the testing above, change the status to verified
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1846 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1846 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1846 |