rpms/libvirt
6
0
Fork 1
Code Issues Pull Requests Releases Activity
3257a92f4c
libvirt/libvirt-qemu-fix-qemu-validation-to-forbid-guest-side-IP-address-for-type-vdpa.patch
Jiri Denemark 4a97ecd040 libvirt-10.10.0-7.el9 
- qemu_migration: Refactor qemuMigrationSrcRestoreDomainState (RHEL-79168)
- qemu_migration: Do not automatically resume domain after I/O error (RHEL-79168)
- qemucapabilitiestest: Add data for the qemu-10.0 dev cycle on x86_64 (RHEL-79095)
- qemucapabilitiestest: Update 'caps_10.0.0_x86_64' to 'v9.2.0-1636-gffaf7f0376' (RHEL-79095)
- qemu: capabilies: Introduce QEMU_CAPS_BLOCKDEV_SET_ACTIVE (RHEL-79095)
- qemu: monitor: Add monitor backend for 'blockdev-set-active' (RHEL-79095)
- qemu: migration: Reactivate block nodes after migration if VM is left paused (RHEL-79095)
- conf: change virDomainHostdevInsert() to return void (RHEL-69455)
- qemu: fix qemu validation to forbid guest-side IP address for type='vdpa' (RHEL-69455)
- qemu: validate that model is virtio for vhostuser and vdpa interfaces in the same place (RHEL-69455)
- qemu: automatically set model type='virtio' for interface type='vhostuser' (RHEL-69455)
- qemu: do all vhostuser attribute validation in qemu driver (RHEL-69455)
- conf/qemu: make <source> element *almost* optional for type=vhostuser (RHEL-69455)
- qemu: use switch instead of if in qemuProcessPrepareDomainNetwork() (RHEL-69455)
- qemu: make qemuPasstCreateSocketPath() public (RHEL-69455)
- qemu: complete vhostuser + passt support (RHEL-69455)
- qemu: fail validation if a domain def has vhostuser/passt but no shared mem (RHEL-69455)
- docs: improve type='user' docs to higlight differences between SLIRP and passt (RHEL-69455)
- docs: document using passt backend with <interface type='vhostuser'> (RHEL-69455)
- utils: Canonicalize paths before comparing them (RHEL-79166)

Resolves: RHEL-69455, RHEL-79095, RHEL-79166, RHEL-79168
2025-02-17 21:30:50 +01:00

95 lines
3.9 KiB
Diff
Raw Blame History

From 6c7d0cc41954ed8f57dbf10dcf98396576f98922 Mon Sep 17 00:00:00 2001
Message-ID: <6c7d0cc41954ed8f57dbf10dcf98396576f98922.1739824249.git.jdenemar@redhat.com>
From: Laine Stump <laine@redhat.com>
Date: Tue, 4 Feb 2025 16:06:18 -0500
Subject: [PATCH] qemu: fix qemu validation to forbid guest-side IP address for
type='vdpa'
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Because all the checks for VIR_DOMAIN_NET_TYPE_VDPA were inside an
else-if clause that was immediately followed by another else-if clause
that forbid setting guestIP.ips or guestIP.routes, we've been allowing
users to set guestIP.* for vdpa interfaces (but then not doing
validation of the attributes that should have been done if we *did*
support setting IPs for vdpa (but we don't anyway, so :shrug:.)
This can be fixed by turning the vdpa else-if clause into a top-level
if - this way vdpa interfaces will hit the "else if
(net->guestIP.nips)" clause and reject guest-side IP address setting.
Also, since there are currently *no* interface types for QEMU that
support adding guest-side routes, we put that check by itself (I think
it may be possible to set some guest routes for passt interfaces, but
we don't do that)
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 6345ee60d87a6490a51a58527dc9b47e4d0264f9)
https://issues.redhat.com/browse/RHEL-69455
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/qemu/qemu_validate.c | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index aaa056379e..9310457cb1 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1730,6 +1730,12 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
bool hasIPv6 = false;
size_t i;
+ if (net->guestIP.nroutes) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Invalid attempt to set network interface guest-side IP route, not supported by QEMU"));
+ return -1;
+ }
+
if (net->type == VIR_DOMAIN_NET_TYPE_USER) {
virDomainCapsDeviceNet netCaps = { };
@@ -1743,12 +1749,6 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
return -1;
}
- if (net->guestIP.nroutes) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("Invalid attempt to set network interface guest-side IP route, not supported by QEMU"));
- return -1;
- }
-
for (i = 0; i < net->guestIP.nips; i++) {
const virNetDevIPAddr *ip = net->guestIP.ips[i];
@@ -1796,7 +1796,13 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
}
}
}
- } else if (net->type == VIR_DOMAIN_NET_TYPE_VDPA) {
+ } else if (net->guestIP.nips) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Invalid attempt to set network interface guest-side IP address info, not supported by QEMU"));
+ return -1;
+ }
+
+ if (net->type == VIR_DOMAIN_NET_TYPE_VDPA) {
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_NETDEV_VHOST_VDPA)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("vDPA devices are not supported with this QEMU binary"));
@@ -1810,10 +1816,6 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
virDomainNetModelTypeToString(net->model));
return -1;
}
- } else if (net->guestIP.nroutes || net->guestIP.nips) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("Invalid attempt to set network interface guest-side IP route and/or address info, not supported by QEMU"));
- return -1;
}
if (virDomainNetIsVirtioModel(net)) {
--
2.48.1
Reference in New Issue View Git Blame Copy Permalink