Because all the checks for VIR_DOMAIN_NET_TYPE_VDPA were inside an
else-if clause that was immediately followed by another else-if clause
that forbid setting guestIP.ips or guestIP.routes, we've been allowing
users to set guestIP.* for vdpa interfaces (but then not doing
validation of the attributes that should have been done if we *did*
support setting IPs for vdpa (but we don't anyway, so :shrug:.)
This can be fixed by turning the vdpa else-if clause into a top-level
if - this way vdpa interfaces will hit the "else if
(net->guestIP.nips)" clause and reject guest-side IP address setting.
Also, since there are currently *no* interface types for QEMU that
support adding guest-side routes, we put that check by itself (I think
it may be possible to set some guest routes for passt interfaces, but
we don't do that)
Signed-off-by: Laine Stump <laine@xxxxxxxxxx>
---
src/qemu/qemu_validate.c | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 76f2eafe49..06093bc42b 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1745,6 +1745,12 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
bool hasIPv6 = false;
size_t i;
+ if (net->guestIP.nroutes) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Invalid attempt to set network interface guest-side IP route, not supported by QEMU"));
+ return -1;
+ }
+
if (net->type == VIR_DOMAIN_NET_TYPE_USER) {
virDomainCapsDeviceNet netCaps = { };
@@ -1758,12 +1764,6 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
return -1;
}
- if (net->guestIP.nroutes) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("Invalid attempt to set network interface guest-side IP route, not supported by QEMU"));
- return -1;
- }
-
for (i = 0; i < net->guestIP.nips; i++) {
const virNetDevIPAddr *ip = net->guestIP.ips[i];
@@ -1811,7 +1811,13 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
}
}
}
- } else if (net->type == VIR_DOMAIN_NET_TYPE_VDPA) {
+ } else if (net->guestIP.nips) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Invalid attempt to set network interface guest-side IP address info, not supported by QEMU"));
+ return -1;
+ }
+
+ if (net->type == VIR_DOMAIN_NET_TYPE_VDPA) {
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_NETDEV_VHOST_VDPA)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("vDPA devices are not supported with this QEMU binary"));
@@ -1825,10 +1831,6 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
virDomainNetModelTypeToString(net->model));
return -1;
}
- } else if (net->guestIP.nroutes || net->guestIP.nips) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("Invalid attempt to set network interface guest-side IP route and/or address info, not supported by QEMU"));
- return -1;
}
if (virDomainNetIsVirtioModel(net)) {
--
2.47.1
