On Fri, May 15, 2015 at 03:04:14PM -0400, Laine Stump wrote:
If an SRIOV PF is offline, the kernel won't complain if you set the mac address and vlan tag for a VF via this PF, and it will even let you assign the VF to a guest using PCI device assignment or macvtap passthrough. But in this case (the PF isn't online), the device won't be usable in the guest. Silently setting the PF online would solve the connectivity problem, but as pointed out by Dan Berrange, when an interface is set online with no associated config, the kernel will by default turn on IPv6 autoconf, which could create unexpected security problems for the host. For this reason, this patch instead logs an error and fails the operation. This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=893738 Originally filed against RHEL6, but present in every version of libvirt until today. --- src/util/virnetdev.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
ACK
diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c index e14b401..d0580a0 100644 --- a/src/util/virnetdev.c +++ b/src/util/virnetdev.c @@ -2258,6 +2258,28 @@ virNetDevReplaceVfConfig(const char *pflinkdev, int vf, char macstr[VIR_MAC_STRING_BUFLEN]; char *fileData = NULL; int ifindex = -1; + bool pfIsOnline; + + /* Assure that PF is online prior to twiddling with the VF. It + * *should* be, but if the PF isn't online the changes made to the + * VF via the PF won't take effect, yet there will be no error + * reported. In the case that it isn't online, fail and report the + * error, since setting an unconfigured interface online + * automatically turns on IPv6 autoconfig, which may not be what + * the admin expects, so we want them to explicitly enable the PF + * in the host system network config. + */ + if (virNetDevGetOnline(pflinkdev, &pfIsOnline) < 0) + goto cleanup; + if (!pfIsOnline) { + virReportError(VIR_ERR_INTERNAL_ERROR, + "Unable to configure VF %d of PF '%s' " + "because the PF is not online. Please " + "change host network config to put the " + "PF online.", + vf, pflinkdev); + goto cleanup; + } if (virNetDevGetVfConfig(pflinkdev, vf, &oldmac, &oldvlanid) < 0) goto cleanup; -- 2.1.0 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
Attachment:
signature.asc
Description: PGP signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list