From nobody Mon Apr 29 04:26:59 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1513193116895545.7559678798091;
 Wed, 13 Dec 2017 11:25:16 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id AF09691FC8;
	Wed, 13 Dec 2017 19:25:15 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 830BE784DD;
	Wed, 13 Dec 2017 19:25:15 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 45F7B180474A;
	Wed, 13 Dec 2017 19:25:15 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id vBDJOAGd025554 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 13 Dec 2017 14:24:10 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id A288C7BFF6; Wed, 13 Dec 2017 19:24:10 +0000 (UTC)
Received: from vhost2.laine.org (ovpn-117-202.phx2.redhat.com [10.3.117.202])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 3C0127BFFF;
	Wed, 13 Dec 2017 19:24:10 +0000 (UTC)
From: Laine Stump <laine@laine.org>
To: libvir-list@redhat.com
Date: Wed, 13 Dec 2017 14:24:02 -0500
Message-Id: <20171213192403.19967-2-laine@laine.org>
In-Reply-To: <20171213192403.19967-1-laine@laine.org>
References: <20171213192403.19967-1-laine@laine.org>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
Cc: Michal Privoznik <mprivozn@redhat.com>
Subject: [libvirt] [PATCH 1/2] qemu: delete exist bandwidth restrictions
	when they are removed from config
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]);
 Wed, 13 Dec 2017 19:25:16 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

When the <bandwidth> of an interface is changed with update-device,
the old settings are cleared with tc, then new settings added with
tc. But if the <bandwidth has been removed, the old settings weren't
being removed, so the bandwidth restrictions would still be active on
the interface although the interface status in libvirt showed that
they had been removed.

This patch fixes it by calling virNetDevBandwidthClear() if the
"modification" to the interface bandwidth was to completely clear
it.

An alternative could have been to modify virNetDevBandwidthSet() to
always clear existing bandwith settings at the beginning of the
function (currently it short circuits in that case, doing nothing),
but that would have led to cases where virNetDevBandwidthClear() was
now being called in cases where it previously wasn't, and while many
of those cases would be NOPs, there could be cases where it would
cause an error. The way this patch works, the ...Clear() function is
only called in cases where the ...Set() function had previously been
called successfully, so the risk of regression is minimized.

  Resolves: https://bugzilla.redhat.com/1454709
---

I'm currently unable to test this fix because
https://bugzilla.redhat.com/1514963 (filed against the iproute
package) is unresolved in the version of Fedora running on my host.

 src/qemu/qemu_hotplug.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 24631cb8f..3658fc20a 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -3318,11 +3318,19 @@ qemuDomainChangeNet(virQEMUDriverPtr driver,
     }
=20
     if (needBandwidthSet) {
-        if (virNetDevBandwidthSet(newdev->ifname,
-                                  virDomainNetGetActualBandwidth(newdev),
-                                  false,
-                                  !virDomainNetTypeSharesHostView(newdev))=
 < 0)
-            goto cleanup;
+        virNetDevBandwidthPtr newb =3D virDomainNetGetActualBandwidth(newd=
ev);
+
+        if (newb) {
+            if (virNetDevBandwidthSet(newdev->ifname, newb, false,
+                                      !virDomainNetTypeSharesHostView(newd=
ev)) < 0)
+                goto cleanup;
+        } else {
+            /*
+             * virNetDevBandwidthSet() doesn't clear any existing
+             * setting unless something new is being set.
+             */
+            virNetDevBandwidthClear(newdev->ifname);
+        }
         needReplaceDevDef =3D true;
     }
=20
--=20
2.13.6

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Mon Apr 29 04:26:59 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1513193191422318.44658674795403;
 Wed, 13 Dec 2017 11:26:31 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 1C51479706;
	Wed, 13 Dec 2017 19:26:30 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id E36257D92C;
	Wed, 13 Dec 2017 19:26:29 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 967984BB79;
	Wed, 13 Dec 2017 19:26:29 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id vBDJOBcB025559 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 13 Dec 2017 14:24:11 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 18A987BFF6; Wed, 13 Dec 2017 19:24:11 +0000 (UTC)
Received: from vhost2.laine.org (ovpn-117-202.phx2.redhat.com [10.3.117.202])
	by smtp.corp.redhat.com (Postfix) with ESMTP id CD2AD7BA39
	for <libvir-list@redhat.com>; Wed, 13 Dec 2017 19:24:10 +0000 (UTC)
From: Laine Stump <laine@laine.org>
To: libvir-list@redhat.com
Date: Wed, 13 Dec 2017 14:24:03 -0500
Message-Id: <20171213192403.19967-3-laine@laine.org>
In-Reply-To: <20171213192403.19967-1-laine@laine.org>
References: <20171213192403.19967-1-laine@laine.org>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 2/2] qemu: log error on attempts to set filterref
	on an OVS-connected interface
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]);
 Wed, 13 Dec 2017 19:26:30 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

ebtables/iptables processing is skipped for any interface connected to
Open vSwitch (they have their own packet filtering), likewise for
midonet (according to
http://blog.midokura.com/2016/04/midonet-rule-chains), but libvirt
would allow adding a <filterref> to interfaces connected in these
ways, so the user might mistakenly believe they were being protected.

This patch checks for a non-NULL <virtualport> element for an
interface (or its network) and logs an error if <virtualport> and
<filterref> are both present. This could cause some previously working
domains to no longer start, but that's really the whole point of this
patch - to warn people that their filterref isn't protecting them as
they might have thought.

I don't bother checking this during post-parse validation, because
such a check would be incomplete - it's possible that a network would
have a <virtualport> that would be applied to an interface, and you
can't know that until the domain is started.

Resolves: https://bugzilla.redhat.com/1502754
---
 src/qemu/qemu_command.c | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 2dd50a214..4d0c141e5 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -8545,15 +8545,25 @@ qemuBuildInterfaceCommandLine(virQEMUDriverPtr driv=
er,
     }
=20
     /* and only TAP devices support nwfilter rules */
-    if (net->filter &&
-        !(actualType =3D=3D VIR_DOMAIN_NET_TYPE_NETWORK ||
-          actualType =3D=3D VIR_DOMAIN_NET_TYPE_BRIDGE ||
-          actualType =3D=3D VIR_DOMAIN_NET_TYPE_ETHERNET)) {
-        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                       _("filterref is not supported for "
-                         "network interfaces of type %s"),
-                       virDomainNetTypeToString(actualType));
-        return -1;
+    if (net->filter) {
+        virNetDevVPortProfilePtr vport =3D virDomainNetGetActualVirtPortPr=
ofile(net);
+        if (!(actualType =3D=3D VIR_DOMAIN_NET_TYPE_NETWORK ||
+              actualType =3D=3D VIR_DOMAIN_NET_TYPE_BRIDGE ||
+              actualType =3D=3D VIR_DOMAIN_NET_TYPE_ETHERNET)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("filterref is not supported for "
+                             "network interfaces of type %s"),
+                           virDomainNetTypeToString(actualType));
+            return -1;
+        }
+        if (vport && vport->virtPortType !=3D VIR_NETDEV_VPORT_PROFILE_NON=
E) {
+            /* currently none of the defined virtualport types support ipt=
ables */
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("filterref is not supported for "
+                             "network interfaces with virtualport type %s"=
),
+                           virNetDevVPortTypeToString(vport->virtPortType)=
);
+            return -1;
+        }
     }
=20
     if (net->backend.tap &&
--=20
2.13.6

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list