From nobody Mon Feb 2 09:26:04 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1768289939; cv=none; d=zohomail.com; s=zohoarc; b=kxNskG7ZStRaFsENwlcr7CT00U9t0H7TerzzbaMcn1rXJslVQUIJJGwQfcyPprAGWEeZWNunDk7SptZjHYfGYCi3aTL9NeclKhu+kZl/ID92SpezwFZLzfjcI7rK7qaHwxOh6fpg7NgjKSPUwnAHlvhRdbsLwis43AG8Cozhkis= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1768289939; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=hMONm2ytG91vmOA8v4hXa1c4C2r+X3zLyNzarkx5vuI=; b=lowWR6+o8taE5W1BzhuVp7hy3yVnJIuRbNl+7LTJxwOEeK9WnmWp5e2kcga5Y2JR8yde9i74BiqO4GQHd+dFSdRbwg+uj6Jaz2lJlQlM7NnjJh8WlyuLBgzPNLL7RemMy62HHfNwxogiDMCjdzUgLUTfAZ0stUf9clkC0WsTPGM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 17682899394431018.4666318085503; Mon, 12 Jan 2026 23:38:59 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id 9CE4D41896; Tue, 13 Jan 2026 02:38:58 -0500 (EST) Received: from [172.19.199.83] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 8877441B6B; Tue, 13 Jan 2026 02:35:42 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 00A8F41894; Tue, 13 Jan 2026 02:35:19 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 28DB7417CE for ; Tue, 13 Jan 2026 02:35:19 -0500 (EST) Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-530-LDT8SVozO0exPsupAviNiw-1; Tue, 13 Jan 2026 02:35:17 -0500 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 75D7D18003FC for ; Tue, 13 Jan 2026 07:35:16 +0000 (UTC) Received: from vhost3.router.laine.org (unknown [10.22.80.83]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 1DABB18007D2 for ; Tue, 13 Jan 2026 07:35:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1768289718; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hMONm2ytG91vmOA8v4hXa1c4C2r+X3zLyNzarkx5vuI=; b=bO5q3/wJTzNX1IZC3+xWgw/3z88WQt9NHvj0C6/CkW6o57cC8UIopWBN3W8qx6DfmWYVzT JWkazD8jWAhaE9wGIAdAnv/8THBQceBRr72c+V8awd2BFWu8tZNHbR8z+wAAZXOQE4RmzJ eE/O7MUT6ubak23gciLrdqcAulmNbc0= X-MC-Unique: LDT8SVozO0exPsupAviNiw-1 X-Mimecast-MFC-AGG-ID: LDT8SVozO0exPsupAviNiw_1768289716 To: devel@lists.libvirt.org Subject: [PATCH 3/3] qemu: forbid modifying network device portForwards with update-device Date: Tue, 13 Jan 2026 02:35:13 -0500 Message-ID: <20260113073513.189733-4-laine@redhat.com> In-Reply-To: <20260113073513.189733-1-laine@redhat.com> References: <20260113073513.189733-1-laine@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: iC1pR5-0cP5tQt1jLmJ6ge3vujW2QPDztXp0D4tb8ak_1768289716 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: M65G6WOETSF4CSOSHJISYZHP3AO44VOY X-Message-ID-Hash: M65G6WOETSF4CSOSHJISYZHP3AO44VOY X-MailFrom: laine@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Laine Stump via Devel Reply-To: Laine Stump X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1768289940675158500 Content-Type: text/plain; charset="utf-8"; x-default="true" Prior to this patch, a network device of a running domain could be updated to change the portForwards list, and libvirt wouldn't complain, but the change would be silently ignored. This list is only used by the passt backend, and passt can only change the list of portForwards by killing and re-running the passt process, which we don't want to do because that would destroy any open tcp session flows in passt (ie. it would disrupt guest network traffic); we don't want to do *that*, but we should at least let the user know that their requested change isn't possible. This patch checks if the portForwards list of the updated network device exactly matches the portForwards list of the current network device, and fails the update if they don't match. Resolves: https://issues.redhat.com/browse/RHEL-7338 Signed-off-by: Laine Stump --- src/qemu/qemu_hotplug.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index fccbef5d0c..cfc586e17d 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -3966,6 +3966,15 @@ qemuDomainChangeNet(virQEMUDriver *driver, goto cleanup; } =20 + if (olddev->nPortForwards !=3D newdev->nPortForwards || + !virDomainNetPortForwardsIsEqual(olddev->portForwards, + newdev->portForwards, + olddev->nPortForwards)) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("cannot modify network device portForward setting= s")); + goto cleanup; + } + /* allocate new actual device to compare to old - we will need to * free it if we fail for any reason */ --=20 2.52.0