1002423 – Libvirt should forbid or remove the duplicate <interface>/<address> subelements in <forward> element of virtual network

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1002423 - Libvirt should forbid or remove the duplicate <interface>/<address> subelements in <forward> element of virtual network

Summary: Libvirt should forbid or remove the duplicate <interface>/<address> subelemen...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Laine Stump
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-08-29 07:41 UTC by hongming
Modified:	2016-11-03 18:06 UTC (History)
CC List:	6 users (show)
Fixed In Version:	libvirt-1.3.4-1.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1002421
Environment:
Last Closed:	2016-11-03 18:06:31 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:2577	0	normal	SHIPPED_LIVE	Moderate: libvirt security, bug fix, and enhancement update	2016-11-03 12:07:06 UTC

Description hongming 2013-08-29 07:41:55 UTC

+++ This bug was initially created as a clone of Bug #1002421 +++

Description of problem:
libvirt should forbid to define or start 'hostdev' network which contains the same VFs


Version-Release number of selected component (if applicable):
libvirt-0.10.2-23.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
# lspci|grep 11:10
11:10.0 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.1 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.2 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.3 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.4 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.5 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.6 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)
11:10.7 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01)

# cat host-devnet1.xml
<network>
<name>hostdev-net1</name>
<forward mode='hostdev' managed='yes'>
<address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
<address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
<address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
<address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x1'/>
</forward>
</network>

# virsh net-define host-devnet1.xml
Network hostdev-net1 defined from host-devnet1.xml

# virsh net-dumpxml hostdev-net1
<network>
  <name>hostdev-net1</name>
  <uuid>a57d0acb-3182-28ad-5c47-aae471ca8084</uuid>
  <forward mode='hostdev' managed='yes'>
    <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
    <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
    <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/>
    <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x1'/>
  </forward>
</network>

# cat vfpool.xml
<interface type='network'>
   <source network='hostdev-net1'/>
</interface>

# virsh start r6
Domain r6 started

# virsh attach-device r6 vfpool.xml
Device attached successfully

# virsh attach-device r6 vfpool.xml
error: Failed to attach device from vfpool.xml
error: Requested operation is not valid: PCI device 0000:11:10.0 is in use by domain r6


Actual results:
libvirt can define or start the 'hostdev' network which contains some identical VFs 

Expected results:
libvirt should forbid to define or start 'hostdev' network which contains some identical VFs 

Additional info:

Comment 2 hongming 2013-08-29 07:49:37 UTC

The bug also can be reproduced in libvirt-1.1.1-2.el7.x86_64. So clone it to rhel7.0 to track the issue.

Comment 3 Hu Jianwei 2014-02-20 07:36:13 UTC

I can reproduce it on other forward modes(passthrough/private/bridge). So, I suggest libvirt could do simply check(remove duplicate lines or forbid to edit/start virtual network) for duplicate <interface>/<address> subelements before net-edit/net-start, this will provide convenience for device assignment actions.

Versions:
libvirt-1.1.1-23.el7.x86_64
qemu-kvm-rhev-1.5.3-48.el7.x86_64
kernel-3.10.0-88.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
Define a virtual network with passthrough/private/bridge forward mode.

like:
[root@intel-e5530-8-2 ~]# virsh net-dumpxml hostnet
<network>
  <name>hostnet</name>
  <uuid>c1fb4ead-21b8-4d69-8ad9-669c55b3dfc7</uuid>
  <forward dev='enp7s6f0' mode='passthrough'>
    <interface dev='enp7s6f0'/>            
    <interface dev='enp7s6f1'/>
    <interface dev='enp7s6f0'/>
    <interface dev='enp7s6f2'/>
    <interface dev='enp7s6f3'/>
    <interface dev='enp7s6f0'/>
  </forward>
</network>

As shown above, the duplicate interfaces were added to the same virtual network pool, sometime this will case troublesome things, there is a simply example. After attaching several interfaces using "virsh attach-interface r7 network hostnet" :

[root@intel-e5530-8-2 ~]# virsh net-dumpxml hostnet
<network connections='3'>
  <name>hostnet</name>
  <uuid>c1fb4ead-21b8-4d69-8ad9-669c55b3dfc7</uuid>
  <forward dev='enp7s6f0' mode='passthrough'>
    <interface dev='enp7s6f0'/>                     <====this line will be confused, should append "connections='1'" at the rear of line.
    <interface dev='enp7s6f1' connections='1'/>
    <interface dev='enp7s6f0' connections='1'/>
    <interface dev='enp7s6f2' connections='1'/>
    <interface dev='enp7s6f3' connections='1'/>
    <interface dev='enp7s6f0' connections='1'/>
  </forward>
</network>

Comment 12 Laine Stump 2016-04-18 19:15:29 UTC

Patch sent upstream:

https://www.redhat.com/archives/libvir-list/2016-April/msg01155.html

Comment 13 Laine Stump 2016-04-19 16:44:03 UTC

Fix pushed upstream, will be in libvirt-1.3.4:

commit 3a773c43c8018a94d37ed3671702cc3863accf36
Author: Laine Stump <laine>
Date:   Mon Apr 18 14:18:37 2016 -0400

    test: enable testing for expected parse errors in network XML
    
commit 3583e75d7e68ebf7757ac5b2e318ce47d25ae69c
Author: Laine Stump <laine>
Date:   Mon Apr 18 15:07:26 2016 -0400

    network: prevent duplicate entries in network device pools

Comment 15 yalzhang@redhat.com 2016-05-05 13:24:13 UTC

Verified on libvirt-1.3.4-1.el7.x86_64, all the results is as expected.

1. hostdev network with duplicate pci address can not be defined or created.
# cat passthrough1.xml
<network>
<name>passthrough1</name>
 <forward mode='hostdev' managed='yes'>
    <driver name='vfio'/>
    <address type='pci' domain='0000' bus='03' slot='10' function='4'/>
    <address type='pci' domain='0000' bus='03' slot='10' function='5'/>
    <address type='pci' domain='0000' bus='03' slot='10' function='4'/>
    <address type='pci' domain='0000' bus='03' slot='10' function='6'/>
    <address type='pci' domain='0000' bus='03' slot='10' function='4'/>
  </forward>
</network>

# virsh net-define passthrough1.xml
error: Failed to define network from passthrough1.xml
error: XML error: PCI device '0000:03:0a.4' can only be listed once in network passthrough1

# virsh net-create passthrough1.xml
error: Failed to create network from passthrough1.xml
error: XML error: PCI device '0000:03:0a.4' can only be listed once in network passthrough1

2. net-edit will fail if add a duplicate vf in hostdev network.
# virsh net-dumpxml passthrough1
<network>
  <name>passthrough1</name>
  <uuid>57f2706c-fafc-4adb-88da-0e607606ddb3</uuid>
  <forward mode='hostdev' managed='yes'>
    <driver name='vfio'/>
    <address type='pci' domain='0x0000' bus='0x03' slot='0x0a' function='0x4'/>
    <address type='pci' domain='0x0000' bus='0x03' slot='0x0a' function='0x5'/>
    <address type='pci' domain='0x0000' bus='0x03' slot='0x0a' function='0x6'/>
  </forward>
</network>

# virsh net-edit passthrough1
error: XML error: PCI device '0000:03:0a.4' can only be listed once in network passthrough1
Failed. Try again? [y,n,f,?]: 


3. macvtap network with duplicate interface dev will not be defined or created.Try bridge/vepa/private/passthrough mode, all the results is as expected.
# cat macvtap.xml
 <network>
        <name>direct-macvtap</name>
        <forward mode="bridge">
          <interface dev="ens1f0"/>
          <interface dev="ens1f1"/>
          <interface dev="ens1f1"/>
          <interface dev="ens1f0"/>
        </forward>
      </network>

# virsh net-define macvtap.xml
error: Failed to define network from macvtap.xml
error: XML error: interface 'ens1f1' can only be listed once in network direct-macvtap

# virsh net-create macvtap.xml
error: Failed to create network from macvtap.xml
error: XML error: interface 'ens1f1' can only be listed once in network direct-macvtap

4. net-edit will fail if add an duplicate interface dev in macvtap network.
# virsh net-dumpxml direct-macvtap
<network>
  <name>direct-macvtap</name>
  <uuid>f5ad443b-96bf-492e-9126-61a47aa1f9ff</uuid>
  <forward dev='ens1f0' mode='passthrough'>
    <interface dev='ens1f0'/>
    <interface dev='ens1f1'/>
  </forward>
</network>
# virsh net-edit direct-macvtap
error: XML error: interface 'ens1f1' can only be listed once in network direct-macvtap
Failed. Try again? [y,n,f,?]:

Comment 16 yalzhang@redhat.com 2016-05-26 06:51:16 UTC

as the results in comments 15, move the bug to verified.

Comment 18 errata-xmlrpc 2016-11-03 18:06:31 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2577.html

Note You need to log in before you can comment on or make changes to this bug.