Bug 1515533
| Summary: | Libvirt should report correct error info when prefix is set out of range | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Jingjing Shao <jishao> |
| Component: | libvirt | Assignee: | Michal Privoznik <mprivozn> |
| Status: | CLOSED ERRATA | QA Contact: | chhu |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.5 | CC: | dyuan, jdenemar, mprivozn, xuzhang, yalzhang |
| Target Milestone: | rc | Keywords: | Upstream |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-4.5.0-2.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-10-30 09:50:00 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Patch proposed on the upstream list: https://www.redhat.com/archives/libvir-list/2018-February/msg00266.html The patch is pushed upstream:
commit b62b8090b2ad4524a5bf9d40d0d1c17a9d57f5a0
Author: Michal Privoznik <mprivozn>
AuthorDate: Tue Feb 6 10:21:56 2018 +0100
Commit: Michal Privoznik <mprivozn>
CommitDate: Wed Feb 14 13:43:47 2018 +0100
qemu: Check for down limit of SLIRP prefix too
https://bugzilla.redhat.com/show_bug.cgi?id=1515533
We're already checking if IPv4 prefix isn't too long. But we are
not checking if it isn't too short. QEMU supports prefixes longer
than 4 (including). I haven't find anything similar related to
IPv6 in qemu sources.
Signed-off-by: Michal Privoznik <mprivozn>
Reviewed-by: John Ferlan <jferlan>
v4.0.0-230-gb62b8090b
Verified on packages:
libvirt-4.4.0-2.el7.x86_64
qemu-kvm-rhev-2.12.0-3.el7.x86_64
kernel-3.10.0-902.el7.x86_64
Test steps:
1. Prepare a guest with the xml as below:
<interface type='user'>
<mac address='00:11:22:33:44:55'/>
<ip address='172.17.2.0' family='ipv4' prefix='2'/>
<model type='rtl8139'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/>
</interface>
2. Try to define the guest, got error:
# virsh define r7.xml
error: Failed to define domain from r7.xml
error: XML error: invalid prefix, must be in range of 4-27
3. Change the prefix to '28', get the same error.
4. Change the prefix to '4', define and start the guest successfully,
login to the guest, ifcfg list the inteface:
ens11: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:11:22:33:44:55 txqueuelen 1000 (Ethernet)
RX packets 14 bytes 1344 (1.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
5. Destory the guest, use virsh edit, change the prefix to '-1','aa','28' will get error.
According to above steps, change the bug status to VERIFIED.
Hi, Michal
I did more testing and found that I can't define the guest without giving the prefix in xml now, the prefix is optionally before, more details are as below, would you like to do some modification here or modify the doc ? Thank you!
1. Tested on packages:
libvirt-4.4.0-2.virtcov.el7.x86_64
qemu-kvm-rhev-2.12.0-5.el7.x86_64
Test steps:
1. Try to define a guest with xml below, get error.
<interface type='user'>
<mac address='52:54:00:01:55:fe'/>
<ip address='100.100.100.20' family='ipv4'/>
<ip address='2001:db8:ac10:fd01::' family='ipv6'/>
<model type='rtl8139'/>
<alias name='net0'/>
</interface>
# virsh define r7.xml
error: Failed to define domain from r7.xml
error: XML error: invalid prefix, must be in range of 4-27
2. Test on rhel7.5 packages:
libvirt-3.9.0-14.el7_5.6.x86_64
We can define and start a guest without 'prefix' in xml.
# virsh define r7.xml
Domain r7 defined from r7.xml
# virsh start r7
Domain r7 started
# virsh dumpxml r7|grep interface -A 8
<interface type='user'>
<mac address='52:54:00:01:55:fe'/>
<ip address='100.100.100.20' family='ipv4'/>
<ip address='2001:db8:ac10:fd01::' family='ipv6'/>
<model type='rtl8139'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
3. Info in libvirt.org
https://libvirt.org/formatdomain.html#mtu
Provides a virtual LAN with NAT to the outside world. The virtual network has DHCP & DNS services and will give the guest VM addresses starting from 10.0.2.15. The default router will be 10.0.2.2 and the DNS server will be 10.0.2.3. This networking is the only option for unprivileged users who need their VMs to have outgoing access. Since 3.8.0 it is possible to override the default network address by including an ip element specifying an IPv4 address in its one mandatory attribute, address. Optionally, a second ip element with a family attribute set to "ipv6" can be specified to add an IPv6 address to the interface. address. Optionally, address prefix can be specified.
Regards,
chhu
(In reply to chhu from comment #6) > Hi, Michal > Oops, yes. I've posted a patch here: https://www.redhat.com/archives/libvir-list/2018-June/msg01860.html Michal Fixed upstream by
commit a6fbbce73e2965edde45ece7c034e4b39bb8405d
Refs: v4.5.0-12-ga6fbbce73e
Author: Michal Privoznik <mprivozn>
AuthorDate: Fri Jun 29 16:48:55 2018 +0200
Commit: Michal Privoznik <mprivozn>
CommitDate: Tue Jul 3 04:56:29 2018 +0200
qemuDomainDeviceDefValidateNetwork: Check for range only if IP prefix set
https://bugzilla.redhat.com/show_bug.cgi?id=1515533
The @prefix attribute to <ip/> element for interface type user is
optional. Therefore, if left out it has value of zero in which
case we should not check whether it falls into <4, 27> range.
Otherwise we fail parsing domain XML for no good reason.
Broken by commit b62b8090b2ad4524a5bf9d40d0d1c17a9d57f5a0.
Signed-off-by: Michal Privoznik <mprivozn>
Verified on packages:
libvirt-4.5.0-9.el7.x86_64
Test steps:
1. Prepare a guest with the xml as below:
<interface type='user'>
<mac address='00:11:22:33:44:55'/>
<ip address='172.17.2.0' family='ipv4' prefix='2'/>
<model type='rtl8139'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/>
</interface>
2. Try to define the guest, got error:
# virsh define r7.xml
error: Failed to define domain from r7.xml
error: XML error: invalid prefix, must be in range of 4-27
3. Change the prefix to '28', get the same error.
4. Change the prefix to '4', define and start the guest successfully,
login to the guest, ifcfg list the interface:
# ifconfig
ens11: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 160.0.2.15 netmask 240.0.0.0 broadcast 175.255.255.255
inet6 fec0::211:22ff:fe33:4455 prefixlen 64 scopeid 0x40<site>
inet6 fe80::211:22ff:fe33:4455 prefixlen 64 scopeid 0x20<link>
ether 00:11:22:33:44:55 txqueuelen 1000 (Ethernet)
RX packets 24 bytes 4013 (3.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 58 bytes 5600 (5.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
5. Destory the guest, use virsh edit, change the prefix to '-1','aa','28' will get error.
6. Virsh edit xml, without giving the prefix in xml, then start the guest successfully. login to the guest, check the interface:
# ifconfig
ens11: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.2.15 netmask 255.240.0.0 broadcast 172.31.255.255
inet6 fec0::211:22ff:fe33:4455 prefixlen 64 scopeid 0x40<site>
inet6 fe80::211:22ff:fe33:4455 prefixlen 64 scopeid 0x20<link>
ether 00:11:22:33:44:55 txqueuelen 1000 (Ethernet)
RX packets 23 bytes 4090 (3.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 58 bytes 5618 (5.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
7. Destroy, and undefine the guest, create guest without giving the prefix in xml successfully, login to the guest, check the interface is with ipaddress.
According to above test steps, set the bug status to "VERIFIED".
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:3113 |
Description: Libvirt should report currect error info when prefix is set out of range Versions: libvirt-3.9.0-2.virtcov.el7.x86_64 qemu-kvm-rhev-2.10.0-6.el7.x86_64 How reproducible: 100% Steps: 1.Prepare a guest with the xml info as below <interface type='user'> <mac address='00:11:22:33:44:55'/> <ip address='172.17.2.0' family='ipv4' prefix='2'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> 2.Start the guest and get the error as below "Invalid netmask provided (must be in range 4-32)" # virsh start rhel error: Failed to start domain rhel error: internal error: process exited while connecting to monitor: 2017-11-20T11:36:57.028599Z qemu-kvm: -chardev pty,id=charserial0: char device redirected to /dev/pts/2 (label charserial0) 2017-11-20T11:36:57.040856Z qemu-kvm: -netdev user,net=172.17.2.0/2,id=hostnet0: Invalid netmask provided (must be in range 4-32) 3.Change the prefix = 28 # virsh edit rhel error: XML error: prefix too long Expected result: The error info of prefix should be range 4-27 Description: Libvirt should report currect error info when prefix is set out of range Versions: libvirt-3.9.0-2.virtcov.el7.x86_64 qemu-kvm-rhev-2.10.0-6.el7.x86_64 How reproducible: 100% Steps: 1.Prepare a guest with the xml info as below <interface type='user'> <mac address='00:11:22:33:44:55'/> <ip address='172.17.2.0' family='ipv4' prefix='2'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> 2.Start the guest and get the error as below "Invalid netmask provided (must be in range 4-32)" # virsh start rhel error: Failed to start domain rhel error: internal error: process exited while connecting to monitor: 2017-11-20T11:36:57.028599Z qemu-kvm: -chardev pty,id=charserial0: char device redirected to /dev/pts/2 (label charserial0) 2017-11-20T11:36:57.040856Z qemu-kvm: -netdev user,net=172.17.2.0/2,id=hostnet0: Invalid netmask provided (must be in range 4-32) 3.Change the prefix = 28 # virsh edit rhel error: XML error: prefix too long Expected result: The error info of prefix should be range 4-27 or the prefix can support "4-32" Actual result: As the step2 shows Addtional info: Actual result: As the step2 shows Addtional info: