Bug 1147195 - Libvirt should remove <backend> element on unsupported interface model in XML
Summary: Libvirt should remove <backend> element on unsupported interface model in XML
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt
Version: 7.1
Hardware: x86_64
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: Ján Tomko
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-09-28 03:30 UTC by Hu Jianwei
Modified: 2015-11-19 05:53 UTC (History)
4 users (show)

Fixed In Version: libvirt-1.2.13-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-19 05:53:29 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2202 0 normal SHIPPED_LIVE libvirt bug fix and enhancement update 2015-11-19 08:17:58 UTC

Description Hu Jianwei 2014-09-28 03:30:57 UTC 
Description of problem:
<backend>'s vhost attribute should only be supported by virtio network interface
<backend>'s tap attribute should not be supported by direct type which uses macvtap module.  

Version-Release number of selected component (if applicable):
libvirt-1.2.8-3.el7.x86_64
qemu-kvm-rhev-2.1.0-3.el7.x86_64
kernel-3.10.0-123.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Using tun module, but do not use vhost module, the vhost attribute should be removed.
[root@ibm-x3850x5-06 dev]# virsh dumpxml r7 | grep interface -b5
1307:    <interface type='network'>
1338-      <mac address='52:54:00:49:82:3a'/>
1379-      <source network='default1'/>
1414-      <model type='rtl8139'/>
1444-      <backend tap='/dev/net/tun' vhost='/dev/net-vhost'/>
1503-      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
1585:    </interface>

[root@ibm-x3850x5-06 dev]# ip -d link
62: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master virbr4 state UNKNOWN mode DEFAULT qlen 500
    link/ether fe:54:00:49:82:3a brd ff:ff:ff:ff:ff:ff promiscuity 1
    tun

2. Neither tap nor vhost module is in use, all <backend> should be removed
[root@ibm-x3850x5-06 dev]# virsh dumpxml r7 | grep interface -b5
1567:    <interface type='direct'>
1597-      <mac address='52:54:00:92:48:5f'/>
1638-      <source dev='eno1' mode='vepa'/>
1677-      <target dev='macvtap0'/>
1708-      <model type='rtl8139'/>
1738-      <backend tap='/dev/net/tun' vhost='/dev/net-vhost'/>
1797-      <alias name='net0'/>
1824-      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
1906:    </interface>

[root@ibm-x3850x5-06 dev]# ip -d link
64: macvtap0@eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 500
    link/ether 52:54:00:92:48:5f brd ff:ff:ff:ff:ff:ff promiscuity 0
    macvtap  mode vepa

Actual results:
As shown above steps, incorrect <backend> element on network interface in domain, it's not quite accurate.

Expected results:
Remove them properly from domain XML at least.

Additional info:
We can not add <driver name='vhost'/> element into non-virtio network interface.
Comment 2 Ján Tomko 2015-02-05 12:58:07 UTC 
Upstream patches:
https://www.redhat.com/archives/libvir-list/2015-February/msg00154.html

With these, the vhost element is only parsed for virtio interfaces.
For 'network' interfaces, the usability of the custom tap device depends on the type of the actual network, so it cannot be checked at definition.
The second patch checks it on domain startup.
Comment 3 Ján Tomko 2015-02-06 12:09:52 UTC 
Now pushed upstream:
commit 8e724e9f3eab08ff1bef96ce1b3319558a86176b
Author:     Ján Tomko <jtomko>
CommitDate: 2015-02-06 12:52:50 +0100

    Error out when custom tap device path makes no sense
    
    It is only usable for NETWORK and BRIDGE type interfaces.
    Error out when trying to start a domain where the custom
    tap device path is specified for interfaces of other types,
    or when the daemon is not privileged.
    
    Note that this cannot be checked at definition time, because
    the comparison is against actual type.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1147195

git describe: v1.2.12-84-g8e724e9

commit 84f741812f970f9ee9b857673c03433f7c2866a6
CommitDate: 2015-02-06 12:52:50 +0100

    Only parse custom vhost path for virtio interfaces
    
    It is only supported for virtio adapters.
    Silently drop it if it was specified for other models,
    as is done for other virtio attributes.
    
    Also mention this in the documentation.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1147195

git describe: v1.2.12-83-g84f7418
Comment 5 hongming 2015-04-10 08:23:52 UTC 
Verify it as follows. The result is expected. Move its status to VERIFIED.

# rpm -q libvirt
libvirt-1.2.14-1.el7.x86_64

# cat r7a.xml|grep /interface -B5
    <interface type='network'>
      <mac address='52:54:00:cc:6d:e8'/>
      <source network='default'/>
      <model type='rtl8139'/>
      <backend tap='/dev/net/tun' vhost='/dev/vhost-net'/>
    </interface>

# virsh define r7a.xml
Domain r7a defined from r7a.xml

# virsh start r7a
Domain r7a started

# virsh dumpxml r7a|grep /interface -B8
    <interface type='network'>
      <mac address='52:54:00:cc:6d:e8'/>
      <source network='default'/>
      <target dev='vnet1'/>
      <model type='rtl8139'/>
      <backend tap='/dev/net/tun'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
Comment 8 errata-xmlrpc 2015-11-19 05:53:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2202.html
Note You need to log in before you can comment on or make changes to this bug.