[PATCHv2 1/3] (repost) netdev: fail when setting up an SRIOV VF if PF is offline

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If an SRIOV PF is offline, the kernel won't complain if you set the
mac address and vlan tag for a VF via this PF, and it will even let
you assign the VF to a guest using PCI device assignment or macvtap
passthrough. But in this case (the PF isn't online), the device won't
be usable in the guest.

Silently setting the PF online would solve the connectivity problem,
but as pointed out by Dan Berrange, when an interface is set online
with no associated config, the kernel will by default turn on IPv6
autoconf, which could create unexpected security problems for the
host. For this reason, this patch instead logs an error and fails the
operation.

This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=893738

Originally filed against RHEL6, but present in every version of
libvirt until today.
---
 src/util/virnetdev.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c
index e14b401..98ce152 100644
--- a/src/util/virnetdev.c
+++ b/src/util/virnetdev.c
@@ -2258,6 +2258,28 @@ virNetDevReplaceVfConfig(const char *pflinkdev, int vf,
     char macstr[VIR_MAC_STRING_BUFLEN];
     char *fileData = NULL;
     int ifindex = -1;
+    bool pfIsOnline;
+
+    /* Assure that PF is online prior to twiddling with the VF.  It
+     * *should* be, but if the PF isn't online the changes made to the
+     * VF via the PF won't take effect, yet there will be no error
+     * reported. In the case that it isn't online, fail and report the
+     * error, since setting an unconfigured interface online
+     * automatically turns on IPv6 autoconfig, which may not be what
+     * the admin expects, so we want them to explicitly enable the PF
+     * in the host system network config.
+     */
+    if (virNetDevGetOnline(pflinkdev, &pfIsOnline) < 0)
+       goto cleanup;
+    if (!pfIsOnline) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Unable to configure VF %d of PF '%s' "
+                         "because the PF is not online. Please "
+                         "change host network config to put the "
+                         "PF online."),
+                       vf, pflinkdev);
+        goto cleanup;
+    }
 
     if (virNetDevGetVfConfig(pflinkdev, vf, &oldmac, &oldvlanid) < 0)
         goto cleanup;
-- 
2.1.0

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]