Bug 1002423 - Libvirt should forbid or remove the duplicate <interface>/<address> subelements in <forward> element of virtual network
Libvirt should forbid or remove the duplicate <interface>/<address> subelemen...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt (Show other bugs)
7.0
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Laine Stump
Virtualization Bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-29 03:41 EDT by hongming
Modified: 2016-11-03 14:06 EDT (History)
6 users (show)

See Also:
Fixed In Version: libvirt-1.3.4-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1002421
Environment:
Last Closed: 2016-11-03 14:06:31 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2577 normal SHIPPED_LIVE Moderate: libvirt security, bug fix, and enhancement update 2016-11-03 08:07:06 EDT

  None (edit)
Description hongming 2013-08-29 03:41:55 EDT
+++ This bug was initially created as a clone of Bug #1002421 +++

Description of problem:
libvirt should forbid to define or start 'hostdev' network which contains the same VFs


Version-Release number of selected component (if applicable):
libvirt-0.10.2-23.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
# lspci|grep 11:10
11:10.0 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.1 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.2 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.3 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.4 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.5 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.6 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.7 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)

# cat host-devnet1.xml
<network>
<name>hostdev-net1</name>
<forward mode='hostdev' managed='yes'>
<address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
<address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
<address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
<address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x1'/>
</forward>
</network>

# virsh net-define host-devnet1.xml
Network hostdev-net1 defined from host-devnet1.xml

# virsh net-dumpxml hostdev-net1
<network>
  <name>hostdev-net1</name>
  <uuid>a57d0acb-3182-28ad-5c47-aae471ca8084</uuid>
  <forward mode='hostdev' managed='yes'>
    <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
    <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
    <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
    <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x1'/>
  </forward>
</network>

# cat vfpool.xml
<interface type='network'>
   <source network='hostdev-net1'/>
</interface>

# virsh start r6
Domain r6 started

# virsh attach-device r6 vfpool.xml
Device attached successfully

# virsh attach-device r6 vfpool.xml
error: Failed to attach device from vfpool.xml
error: Requested operation is not valid: PCI device 0000:11:10.0 is in use by domain r6


Actual results:
libvirt can define or start the 'hostdev' network which contains some identical VFs 

Expected results:
libvirt should forbid to define or start 'hostdev' network which contains some identical VFs 

Additional info:
Comment 2 hongming 2013-08-29 03:49:37 EDT
The bug also can be reproduced in libvirt-1.1.1-2.el7.x86_64. So clone it to rhel7.0 to track the issue.
Comment 3 Hu Jianwei 2014-02-20 02:36:13 EST
I can reproduce it on other forward modes(passthrough/private/bridge). So, I suggest libvirt could do simply check(remove duplicate lines or forbid to edit/start virtual network) for duplicate <interface>/<address> subelements before net-edit/net-start, this will provide convenience for device assignment actions.

Versions:
libvirt-1.1.1-23.el7.x86_64
qemu-kvm-rhev-1.5.3-48.el7.x86_64
kernel-3.10.0-88.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
Define a virtual network with passthrough/private/bridge forward mode.

like:
[root@intel-e5530-8-2 ~]# virsh net-dumpxml hostnet
<network>
  <name>hostnet</name>
  <uuid>c1fb4ead-21b8-4d69-8ad9-669c55b3dfc7</uuid>
  <forward dev='enp7s6f0' mode='passthrough'>
    <interface dev='enp7s6f0'/>            
    <interface dev='enp7s6f1'/>
    <interface dev='enp7s6f0'/>
    <interface dev='enp7s6f2'/>
    <interface dev='enp7s6f3'/>
    <interface dev='enp7s6f0'/>
  </forward>
</network>

As shown above, the duplicate interfaces were added to the same virtual network pool, sometime this will case troublesome things, there is a simply example. After attaching several interfaces using "virsh attach-interface r7 network hostnet" :

[root@intel-e5530-8-2 ~]# virsh net-dumpxml hostnet
<network connections='3'>
  <name>hostnet</name>
  <uuid>c1fb4ead-21b8-4d69-8ad9-669c55b3dfc7</uuid>
  <forward dev='enp7s6f0' mode='passthrough'>
    <interface dev='enp7s6f0'/>                     <====this line will be confused, should append "connections='1'" at the rear of line.
    <interface dev='enp7s6f1' connections='1'/>
    <interface dev='enp7s6f0' connections='1'/>
    <interface dev='enp7s6f2' connections='1'/>
    <interface dev='enp7s6f3' connections='1'/>
    <interface dev='enp7s6f0' connections='1'/>
  </forward>
</network>
Comment 12 Laine Stump 2016-04-18 15:15:29 EDT
Patch sent upstream:

https://www.redhat.com/archives/libvir-list/2016-April/msg01155.html
Comment 13 Laine Stump 2016-04-19 12:44:03 EDT
Fix pushed upstream, will be in libvirt-1.3.4:

commit 3a773c43c8018a94d37ed3671702cc3863accf36
Author: Laine Stump <laine@laine.org>
Date:   Mon Apr 18 14:18:37 2016 -0400

    test: enable testing for expected parse errors in network XML
    
commit 3583e75d7e68ebf7757ac5b2e318ce47d25ae69c
Author: Laine Stump <laine@laine.org>
Date:   Mon Apr 18 15:07:26 2016 -0400

    network: prevent duplicate entries in network device pools
Comment 15 yalzhang@redhat.com 2016-05-05 09:24:13 EDT
Verified on libvirt-1.3.4-1.el7.x86_64, all the results is as expected.

1. hostdev network with duplicate pci address can not be defined or created.
# cat passthrough1.xml
<network>
<name>passthrough1</name>
 <forward mode='hostdev' managed='yes'>
    <driver name='vfio'/>
    <address type='pci' domain='0000' bus='03' slot='10' function='4'/>
    <address type='pci' domain='0000' bus='03' slot='10' function='5'/>
    <address type='pci' domain='0000' bus='03' slot='10' function='4'/>
    <address type='pci' domain='0000' bus='03' slot='10' function='6'/>
    <address type='pci' domain='0000' bus='03' slot='10' function='4'/>
  </forward>
</network>

# virsh net-define passthrough1.xml
error: Failed to define network from passthrough1.xml
error: XML error: PCI device '0000:03:0a.4' can only be listed once in network passthrough1

# virsh net-create passthrough1.xml
error: Failed to create network from passthrough1.xml
error: XML error: PCI device '0000:03:0a.4' can only be listed once in network passthrough1

2. net-edit will fail if add a duplicate vf in hostdev network.
# virsh net-dumpxml passthrough1
<network>
  <name>passthrough1</name>
  <uuid>57f2706c-fafc-4adb-88da-0e607606ddb3</uuid>
  <forward mode='hostdev' managed='yes'>
    <driver name='vfio'/>
    <address type='pci' domain='0x0000' bus='0x03' slot='0x0a' function='0x4'/>
    <address type='pci' domain='0x0000' bus='0x03' slot='0x0a' function='0x5'/>
    <address type='pci' domain='0x0000' bus='0x03' slot='0x0a' function='0x6'/>
  </forward>
</network>

# virsh net-edit passthrough1
error: XML error: PCI device '0000:03:0a.4' can only be listed once in network passthrough1
Failed. Try again? [y,n,f,?]: 


3. macvtap network with duplicate interface dev will not be defined or created.Try bridge/vepa/private/passthrough mode, all the results is as expected.
# cat macvtap.xml
 <network>
        <name>direct-macvtap</name>
        <forward mode="bridge">
          <interface dev="ens1f0"/>
          <interface dev="ens1f1"/>
          <interface dev="ens1f1"/>
          <interface dev="ens1f0"/>
        </forward>
      </network>

# virsh net-define macvtap.xml
error: Failed to define network from macvtap.xml
error: XML error: interface 'ens1f1' can only be listed once in network direct-macvtap

# virsh net-create macvtap.xml
error: Failed to create network from macvtap.xml
error: XML error: interface 'ens1f1' can only be listed once in network direct-macvtap

4. net-edit will fail if add an duplicate interface dev in macvtap network.
# virsh net-dumpxml direct-macvtap
<network>
  <name>direct-macvtap</name>
  <uuid>f5ad443b-96bf-492e-9126-61a47aa1f9ff</uuid>
  <forward dev='ens1f0' mode='passthrough'>
    <interface dev='ens1f0'/>
    <interface dev='ens1f1'/>
  </forward>
</network>
# virsh net-edit direct-macvtap
error: XML error: interface 'ens1f1' can only be listed once in network direct-macvtap
Failed. Try again? [y,n,f,?]:
Comment 16 yalzhang@redhat.com 2016-05-26 02:51:16 EDT
as the results in comments 15, move the bug to verified.
Comment 18 errata-xmlrpc 2016-11-03 14:06:31 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2577.html

Note You need to log in before you can comment on or make changes to this bug.