Hide Forgot
Description of problem: <backend>'s vhost attribute should only be supported by virtio network interface <backend>'s tap attribute should not be supported by direct type which uses macvtap module. Version-Release number of selected component (if applicable): libvirt-1.2.8-3.el7.x86_64 qemu-kvm-rhev-2.1.0-3.el7.x86_64 kernel-3.10.0-123.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1. Using tun module, but do not use vhost module, the vhost attribute should be removed. [root@ibm-x3850x5-06 dev]# virsh dumpxml r7 | grep interface -b5 1307: <interface type='network'> 1338- <mac address='52:54:00:49:82:3a'/> 1379- <source network='default1'/> 1414- <model type='rtl8139'/> 1444- <backend tap='/dev/net/tun' vhost='/dev/net-vhost'/> 1503- <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> 1585: </interface> [root@ibm-x3850x5-06 dev]# ip -d link 62: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master virbr4 state UNKNOWN mode DEFAULT qlen 500 link/ether fe:54:00:49:82:3a brd ff:ff:ff:ff:ff:ff promiscuity 1 tun 2. Neither tap nor vhost module is in use, all <backend> should be removed [root@ibm-x3850x5-06 dev]# virsh dumpxml r7 | grep interface -b5 1567: <interface type='direct'> 1597- <mac address='52:54:00:92:48:5f'/> 1638- <source dev='eno1' mode='vepa'/> 1677- <target dev='macvtap0'/> 1708- <model type='rtl8139'/> 1738- <backend tap='/dev/net/tun' vhost='/dev/net-vhost'/> 1797- <alias name='net0'/> 1824- <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> 1906: </interface> [root@ibm-x3850x5-06 dev]# ip -d link 64: macvtap0@eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 500 link/ether 52:54:00:92:48:5f brd ff:ff:ff:ff:ff:ff promiscuity 0 macvtap mode vepa Actual results: As shown above steps, incorrect <backend> element on network interface in domain, it's not quite accurate. Expected results: Remove them properly from domain XML at least. Additional info: We can not add <driver name='vhost'/> element into non-virtio network interface.
Upstream patches: https://www.redhat.com/archives/libvir-list/2015-February/msg00154.html With these, the vhost element is only parsed for virtio interfaces. For 'network' interfaces, the usability of the custom tap device depends on the type of the actual network, so it cannot be checked at definition. The second patch checks it on domain startup.
Now pushed upstream: commit 8e724e9f3eab08ff1bef96ce1b3319558a86176b Author: Ján Tomko <jtomko@redhat.com> CommitDate: 2015-02-06 12:52:50 +0100 Error out when custom tap device path makes no sense It is only usable for NETWORK and BRIDGE type interfaces. Error out when trying to start a domain where the custom tap device path is specified for interfaces of other types, or when the daemon is not privileged. Note that this cannot be checked at definition time, because the comparison is against actual type. https://bugzilla.redhat.com/show_bug.cgi?id=1147195 git describe: v1.2.12-84-g8e724e9 commit 84f741812f970f9ee9b857673c03433f7c2866a6 CommitDate: 2015-02-06 12:52:50 +0100 Only parse custom vhost path for virtio interfaces It is only supported for virtio adapters. Silently drop it if it was specified for other models, as is done for other virtio attributes. Also mention this in the documentation. https://bugzilla.redhat.com/show_bug.cgi?id=1147195 git describe: v1.2.12-83-g84f7418
Verify it as follows. The result is expected. Move its status to VERIFIED. # rpm -q libvirt libvirt-1.2.14-1.el7.x86_64 # cat r7a.xml|grep /interface -B5 <interface type='network'> <mac address='52:54:00:cc:6d:e8'/> <source network='default'/> <model type='rtl8139'/> <backend tap='/dev/net/tun' vhost='/dev/vhost-net'/> </interface> # virsh define r7a.xml Domain r7a defined from r7a.xml # virsh start r7a Domain r7a started # virsh dumpxml r7a|grep /interface -B8 <interface type='network'> <mac address='52:54:00:cc:6d:e8'/> <source network='default'/> <target dev='vnet1'/> <model type='rtl8139'/> <backend tap='/dev/net/tun'/> <alias name='net0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2202.html