Bug 1741121
| Summary: | vm should not start with direct type bridge mode interface with vlan tag | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | yalzhang <yalzhang> |
| Component: | libvirt | Assignee: | Laine Stump <laine> |
| Status: | CLOSED ERRATA | QA Contact: | Jing Qi <jinqi> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | 8.1 | CC: | jdenemar, jsuchane, knoel, laine, xuzhang |
| Target Milestone: | rc | Keywords: | Regression |
| Target Release: | 8.2 | Flags: | knoel:
mirror+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-5.10.0-1.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-05-05 09:47:43 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1585087, 1771318 | ||
The code that checks for this was previously in networkAllocateActualDevice(), and that was called for all <interface> elements, even if they weren't type='network'. When the network port APIs were added this was changed, so that now only <interface type='network'> is sent to the network driver, so the validation is no longer done. We will need to duplicate that validation (which is now in networkAllocatePort()) in the hypervisor drivers. Patches posted upstream: https://www.redhat.com/archives/libvir-list/2019-October/msg01571.html The prerequisite patches in this series also provide a convenient place for other runtime validation of network interfaces. Patches pushed upstream, will be in libvirt 5.10.0:
commit 1b029a929d09904485fba0c9778f6da9abf37158
Author: Laine Stump <laine>
Date: Fri Sep 27 11:47:21 2019 -0400
qemu: add mac address to error messages in qemuDomainValidateActualNetDef
Author: Laine Stump <laine>
Date: Tue Oct 1 12:25:47 2019 -0400
conf: make virDomainNetGetActualVlan arg/return val const
commit 583ac17f5da0c2154ec89b3585519d8a321941a1
Author: Laine Stump <laine>
Date: Tue Oct 1 12:52:03 2019 -0400
conf: make virDomainNetGetActualBandwidth arg/return value const
commit fdcd273be2d8249240ed2787e35ed9b825d11ad3
Author: Laine Stump <laine>
Date: Tue Oct 1 13:56:35 2019 -0400
conf: return a const from virDomainNetGetActualVirtPortProfile
commit 012624217e173e7cc9504cfc1930f9e753f215e7
Author: Laine Stump <laine>
Date: Tue Oct 1 13:06:24 2019 -0400
conf: change args/return values of remaining virDomainNetGetActual*() to const
commit b03d9e95932e978f0857582b1e5efc73f13132c1
Author: Laine Stump <laine>
Date: Fri Oct 18 15:48:13 2019 -0400
conf: add hypervisor agnostic, domain start-time, validation function for NetDef
commit 9d6920bd7de3f92be1894790adeb689060ab25eb
Author: Laine Stump <laine>
Date: Tue Oct 1 14:05:58 2019 -0400
net/qemu: move vlan/bandwidth validation out of network driver
Verified with
libvirt-5.10.0-1.scrmod+el8.2.0+5042+dcf7c81e.x86_64 & qemu-kvm-4.2.0-1.module+el8.2.0+4793+b09dd2fb.x86_64
Using below interface configuration to start domain
<interface type='direct'>
<mac address='20:04:0f:f3:25:84'/>
<source dev='eno1' mode='bridge'/>
<vlan>
<tag id='47'/>
</vlan>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</interface>
# virsh start avocado-vt-vm
error: Failed to start domain avocado-vt-vm
error: unsupported configuration: interface 20:04:0f:f3:25:84 - vlan tag not supported for this connection type
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2017 |
Description of problem: vm can start successfully with direct type bridge mode interface with vlan tag, but this is not a supported configuration. Version-Release number of selected component (if applicable): libvirt-5.6.0-1.virtcov.el8.x86_64 How reproducible: 100% Steps to Reproduce: 1. Prepare a vm with direct type interface with bridge mode: <interface type='direct'> <mac address='52:54:00:56:dd:f5'/> <source dev='eno27v3' mode='bridge'/> <vlan> <tag id='47'/> </vlan> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </interface> 2. Start the vm, it started successfully. But it should not start successfully as this vlan tag is not supported on such configuration. # virsh start rhel Domain rhel started Actual results: guest start successfully with unsupported configuration, same for bridge/vepa/private mode. Expected results: guest should fail to start and report error Additional info: On libvirt-5.0.0-12.module+el8.0.1+3755+6782b0ed.x86_64, it will report error with direct type bridge mode with vlan tag: # virsh start rhel error: Failed to start domain rhel error: unsupported configuration: an interface of type 'direct' is requesting a vlan tag, but that is not supported for this type of connection Refer to libvirtd.org: Network connections that support guest-transparent VLAN tagging include 1) type='bridge' interfaces connected to an Open vSwitch bridge Since 0.10.0, 2) SRIOV Virtual Functions (VF) used via type='hostdev' (direct device assignment) Since 0.10.0, and 3) SRIOV VFs used via type='direct' with mode='passthrough' (macvtap "passthru" mode) Since 1.3.5. All other connection types, including standard linux bridges and libvirt's own virtual networks, do not support it.