Red Hat Bugzilla – Bug 1002423
Libvirt should forbid or remove the duplicate <interface>/<address> subelements in <forward> element of virtual network
Last modified: 2016-11-03 14:06:31 EDT
+++ This bug was initially created as a clone of Bug #1002421 +++ Description of problem: libvirt should forbid to define or start 'hostdev' network which contains the same VFs Version-Release number of selected component (if applicable): libvirt-0.10.2-23.el6.x86_64 How reproducible: 100% Steps to Reproduce: # lspci|grep 11:10 11:10.0 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01) 11:10.1 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01) 11:10.2 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01) 11:10.3 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01) 11:10.4 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01) 11:10.5 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01) 11:10.6 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01) 11:10.7 Ethernet controller: Intel Corporation 82576 Virtual Function (rev 01) # cat host-devnet1.xml <network> <name>hostdev-net1</name> <forward mode='hostdev' managed='yes'> <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/> <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/> <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/> <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x1'/> </forward> </network> # virsh net-define host-devnet1.xml Network hostdev-net1 defined from host-devnet1.xml # virsh net-dumpxml hostdev-net1 <network> <name>hostdev-net1</name> <uuid>a57d0acb-3182-28ad-5c47-aae471ca8084</uuid> <forward mode='hostdev' managed='yes'> <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/> <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/> <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x0'/> <address type='pci' domain='0x0000' bus='0x11' slot='0x10' function='0x1'/> </forward> </network> # cat vfpool.xml <interface type='network'> <source network='hostdev-net1'/> </interface> # virsh start r6 Domain r6 started # virsh attach-device r6 vfpool.xml Device attached successfully # virsh attach-device r6 vfpool.xml error: Failed to attach device from vfpool.xml error: Requested operation is not valid: PCI device 0000:11:10.0 is in use by domain r6 Actual results: libvirt can define or start the 'hostdev' network which contains some identical VFs Expected results: libvirt should forbid to define or start 'hostdev' network which contains some identical VFs Additional info:
The bug also can be reproduced in libvirt-1.1.1-2.el7.x86_64. So clone it to rhel7.0 to track the issue.
I can reproduce it on other forward modes(passthrough/private/bridge). So, I suggest libvirt could do simply check(remove duplicate lines or forbid to edit/start virtual network) for duplicate <interface>/<address> subelements before net-edit/net-start, this will provide convenience for device assignment actions. Versions: libvirt-1.1.1-23.el7.x86_64 qemu-kvm-rhev-1.5.3-48.el7.x86_64 kernel-3.10.0-88.el7.x86_64 How reproducible: 100% Steps to Reproduce: Define a virtual network with passthrough/private/bridge forward mode. like: [root@intel-e5530-8-2 ~]# virsh net-dumpxml hostnet <network> <name>hostnet</name> <uuid>c1fb4ead-21b8-4d69-8ad9-669c55b3dfc7</uuid> <forward dev='enp7s6f0' mode='passthrough'> <interface dev='enp7s6f0'/> <interface dev='enp7s6f1'/> <interface dev='enp7s6f0'/> <interface dev='enp7s6f2'/> <interface dev='enp7s6f3'/> <interface dev='enp7s6f0'/> </forward> </network> As shown above, the duplicate interfaces were added to the same virtual network pool, sometime this will case troublesome things, there is a simply example. After attaching several interfaces using "virsh attach-interface r7 network hostnet" : [root@intel-e5530-8-2 ~]# virsh net-dumpxml hostnet <network connections='3'> <name>hostnet</name> <uuid>c1fb4ead-21b8-4d69-8ad9-669c55b3dfc7</uuid> <forward dev='enp7s6f0' mode='passthrough'> <interface dev='enp7s6f0'/> <====this line will be confused, should append "connections='1'" at the rear of line. <interface dev='enp7s6f1' connections='1'/> <interface dev='enp7s6f0' connections='1'/> <interface dev='enp7s6f2' connections='1'/> <interface dev='enp7s6f3' connections='1'/> <interface dev='enp7s6f0' connections='1'/> </forward> </network>
Patch sent upstream: https://www.redhat.com/archives/libvir-list/2016-April/msg01155.html
Fix pushed upstream, will be in libvirt-1.3.4: commit 3a773c43c8018a94d37ed3671702cc3863accf36 Author: Laine Stump <laine@laine.org> Date: Mon Apr 18 14:18:37 2016 -0400 test: enable testing for expected parse errors in network XML commit 3583e75d7e68ebf7757ac5b2e318ce47d25ae69c Author: Laine Stump <laine@laine.org> Date: Mon Apr 18 15:07:26 2016 -0400 network: prevent duplicate entries in network device pools
Verified on libvirt-1.3.4-1.el7.x86_64, all the results is as expected. 1. hostdev network with duplicate pci address can not be defined or created. # cat passthrough1.xml <network> <name>passthrough1</name> <forward mode='hostdev' managed='yes'> <driver name='vfio'/> <address type='pci' domain='0000' bus='03' slot='10' function='4'/> <address type='pci' domain='0000' bus='03' slot='10' function='5'/> <address type='pci' domain='0000' bus='03' slot='10' function='4'/> <address type='pci' domain='0000' bus='03' slot='10' function='6'/> <address type='pci' domain='0000' bus='03' slot='10' function='4'/> </forward> </network> # virsh net-define passthrough1.xml error: Failed to define network from passthrough1.xml error: XML error: PCI device '0000:03:0a.4' can only be listed once in network passthrough1 # virsh net-create passthrough1.xml error: Failed to create network from passthrough1.xml error: XML error: PCI device '0000:03:0a.4' can only be listed once in network passthrough1 2. net-edit will fail if add a duplicate vf in hostdev network. # virsh net-dumpxml passthrough1 <network> <name>passthrough1</name> <uuid>57f2706c-fafc-4adb-88da-0e607606ddb3</uuid> <forward mode='hostdev' managed='yes'> <driver name='vfio'/> <address type='pci' domain='0x0000' bus='0x03' slot='0x0a' function='0x4'/> <address type='pci' domain='0x0000' bus='0x03' slot='0x0a' function='0x5'/> <address type='pci' domain='0x0000' bus='0x03' slot='0x0a' function='0x6'/> </forward> </network> # virsh net-edit passthrough1 error: XML error: PCI device '0000:03:0a.4' can only be listed once in network passthrough1 Failed. Try again? [y,n,f,?]: 3. macvtap network with duplicate interface dev will not be defined or created.Try bridge/vepa/private/passthrough mode, all the results is as expected. # cat macvtap.xml <network> <name>direct-macvtap</name> <forward mode="bridge"> <interface dev="ens1f0"/> <interface dev="ens1f1"/> <interface dev="ens1f1"/> <interface dev="ens1f0"/> </forward> </network> # virsh net-define macvtap.xml error: Failed to define network from macvtap.xml error: XML error: interface 'ens1f1' can only be listed once in network direct-macvtap # virsh net-create macvtap.xml error: Failed to create network from macvtap.xml error: XML error: interface 'ens1f1' can only be listed once in network direct-macvtap 4. net-edit will fail if add an duplicate interface dev in macvtap network. # virsh net-dumpxml direct-macvtap <network> <name>direct-macvtap</name> <uuid>f5ad443b-96bf-492e-9126-61a47aa1f9ff</uuid> <forward dev='ens1f0' mode='passthrough'> <interface dev='ens1f0'/> <interface dev='ens1f1'/> </forward> </network> # virsh net-edit direct-macvtap error: XML error: interface 'ens1f1' can only be listed once in network direct-macvtap Failed. Try again? [y,n,f,?]:
as the results in comments 15, move the bug to verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-2577.html