From nobody Wed Apr 15 07:00:18 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 38.145.34.151 as permitted sender) client-ip=38.145.34.151; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 38.145.34.151 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1775650702; cv=none; d=zohomail.com; s=zohoarc; b=D5H5EEkvOrhIjfpEmMRug5BfcOt17nmUUFc6B6oz+gsVRGd4KBSXR1I8hyYqsGwu+4fdKEC43VPk7oP1rf/llTWxE5ZbMalNFSgoFZ/AX/vbBI7uQagZyoiWnEzSR90sB3NmnO/ZE1AbnupRT0ldwSbkRFH6uD/pop1KPPpmYQA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1775650702; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=zrZ76BgSi0iWcEwAKb+VQ9jwhz0eujLDhiaFHeA2k3U=; b=k9MkDKxiwhSa32kEPxscblDfHOZdeVAerrlDTkRqrUVFKplpIZ5OgieeHIrIeGXgNxZTHCtshzP9fdFWuGz/CZSq9b8aCrPTawAjY+6F8Ylasz7Z+ya+R+6WerBJcwko7k9D+nFU7nSkE9AB1Xndi2FmDAmIkIoZOwCNv89pIp0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 38.145.34.151 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [38.145.34.151]) by mx.zohomail.com with SMTPS id 1775650702386479.8927152167846; Wed, 8 Apr 2026 05:18:22 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 993) id C36C4418D2; Wed, 8 Apr 2026 08:18:20 -0400 (EDT) Received: from [172.19.199.3] (unknown [10.16.107.18]) by lists.libvirt.org (Postfix) with ESMTP id D271C41858; Wed, 8 Apr 2026 08:16:33 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 2C7D33F2F4; Wed, 8 Apr 2026 08:16:20 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id B5BDB3F2F4 for ; Wed, 8 Apr 2026 08:16:18 -0400 (EDT) Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-355-d8ZL_T9bOaucM_iqfTP3ZA-1; Wed, 08 Apr 2026 08:16:17 -0400 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 8B58619560B1 for ; Wed, 8 Apr 2026 12:16:15 +0000 (UTC) Received: from moe (unknown [10.43.3.236]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id D60321800767 for ; Wed, 8 Apr 2026 12:16:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_PASS autolearn=no autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1775650578; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zrZ76BgSi0iWcEwAKb+VQ9jwhz0eujLDhiaFHeA2k3U=; b=Lx3kcgGXmZc/RJCCJFQCGJntIgYMskgGYHkvgD4qKD8O+9uvQjmGKtB8fIvid0kPcRlkWb Ol6vdMdE5IcgxFnUQER0PIZMF5puwkCfV5ktPwDudT43qECTPhPIlK2VgxOEt1V3e91dZ5 8UpSeZdSjTVwUgMYRuHcw27lo+vUiZg= X-MC-Unique: d8ZL_T9bOaucM_iqfTP3ZA-1 X-Mimecast-MFC-AGG-ID: d8ZL_T9bOaucM_iqfTP3ZA_1775650576 To: devel@lists.libvirt.org Subject: [PATCH 1/2] util: Wait for udev to settle after creating vNIC Date: Wed, 8 Apr 2026 14:16:09 +0200 Message-ID: <24ae7a39a94868f81112f491b1dc969106cd337e.1775650516.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: hCzFolHnx-rEeaXep7w-ozQ_n5cYMt0mDV0b6VW317I_1775650576 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: SNSABDY2S7J6JUBBUKNXCSWA4OS5FAWQ X-Message-ID-Hash: SNSABDY2S7J6JUBBUKNXCSWA4OS5FAWQ X-MailFrom: mprivozn@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Michal Privoznik via Devel Reply-To: Michal Privoznik X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1775650703296154100 Content-Type: text/plain; charset="utf-8"; x-default="true" From: Michal Privoznik There are several types of virtual network interfaces that libvirt creates (TUN, TAP, MACVLAN, MACVTAP, VETH). After these are created (e.g. on domain startup or device hotplug), libvirt often opens their /dev/XXX representation (e.g. /dev/tapNN) in order to pass FDs to the hypervisor. Well, if creation an open() happen in very quick succession, then host's udev might not have had enough time and depending on system's SELinux even we might see open() fail, with AVC message logged. Signs of us trying to mitigate this problem are still to be found in virNetDevMacVLanTapOpen() where upon failed open() a very short g_usleep() is called. Alternatively, in linked gitlab issue, the user reports seeing the following message: type=3DAVC msg=3Daudit(1774535384.365:1238): avc: denied { open } for = pid=3D6765 comm=3D"rpc-virtqemud" path=3D"/dev/tap33" dev=3D"devtmpfs" ino=3D805 scontext=3Dsystem_u:system_r:virtqemud_t:s0 tcontext=3Dsystem_u:object_r:device_t:s0 tclass=3Dchr_file permissive=3D1 (For full reasoning why /dev/tap33 is of device_t type see linked issue). Long story short, /dev/tapNN devices are created initially with device_t SELinux type and udev later changes that to tun_tap_device_t. This device_t type is viewed as generic type that only an yet unlabelled device has. Hence missing rule in SELinux policy for virtqemud to open it. Therefore, to avoid this problem, wait for udev to settle by calling virWaitForDevices() (which under the hood spawns "udevadm settle". This may be a bit too heavy hammer though because the function is called basically once per (almost) each . If we find that to be a performance drawback then we need to redesign how tun/tap/... devices are created (well, opened). Resolves: https://gitlab.com/libvirt/libvirt/-/work_items/866 Signed-off-by: Michal Privoznik --- src/util/virnetdevmacvlan.c | 4 ++++ src/util/virnetdevtap.c | 6 ++++++ src/util/virnetdevveth.c | 4 ++++ 3 files changed, 14 insertions(+) diff --git a/src/util/virnetdevmacvlan.c b/src/util/virnetdevmacvlan.c index cde9d70eef..347148542d 100644 --- a/src/util/virnetdevmacvlan.c +++ b/src/util/virnetdevmacvlan.c @@ -24,6 +24,7 @@ #include "virnetdevmacvlan.h" #include "virmacaddr.h" #include "virerror.h" +#include "virutil.h" =20 #define VIR_FROM_THIS VIR_FROM_NET =20 @@ -119,6 +120,9 @@ virNetDevMacVLanCreate(const char *ifname, return -1; } =20 + /* Allow udev to process newly created mactap/macvlan. */ + virWaitForDevices(); + VIR_INFO("created device: '%s'", ifname); return 0; } diff --git a/src/util/virnetdevtap.c b/src/util/virnetdevtap.c index e3a6209642..38f50e959e 100644 --- a/src/util/virnetdevtap.c +++ b/src/util/virnetdevtap.c @@ -29,6 +29,7 @@ #include "viralloc.h" #include "virlog.h" #include "virstring.h" +#include "virutil.h" =20 #include #include @@ -265,6 +266,9 @@ int virNetDevTapCreate(char **ifname, tapfd[i] =3D fd; } =20 + /* Allow udev to process newly created TUN/TAP. */ + virWaitForDevices(); + VIR_INFO("created device: '%s'", *ifname); ret =3D 0; =20 @@ -375,6 +379,8 @@ int virNetDevTapCreate(char **ifname, if (virNetDevSetName(ifr.ifr_name, *ifname) =3D=3D -1) goto cleanup; =20 + /* Allow udev to process newly created TUN/TAP. */ + virWaitForDevices(); =20 ret =3D 0; cleanup: diff --git a/src/util/virnetdevveth.c b/src/util/virnetdevveth.c index 4365345664..77b017427a 100644 --- a/src/util/virnetdevveth.c +++ b/src/util/virnetdevveth.c @@ -26,6 +26,7 @@ #include "virerror.h" #include "virnetdev.h" #include "virnetlink.h" +#include "virutil.h" =20 #define VIR_FROM_THIS VIR_FROM_NONE =20 @@ -127,6 +128,9 @@ int virNetDevVethCreate(char **veth1, char **veth2) if (virNetDevVethCreateInternal(*veth1, *veth2) < 0) goto cleanup; =20 + /* Allow udev to process newly created veth. */ + virWaitForDevices(); + VIR_DEBUG("Create Host: %s guest: %s", *veth1, *veth2); return 0; =20 --=20 2.52.0 From nobody Wed Apr 15 07:00:18 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 38.145.34.151 as permitted sender) client-ip=38.145.34.151; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 38.145.34.151 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1775650767; cv=none; d=zohomail.com; s=zohoarc; b=Y0Kak6fVQimB0XCLuv9EDoiR51zfsp2blqqSe1vkeE9pm+QzHtHyu4QLe6A6Kn4andQ9RFSMSVYlncFg0vhukGQaU+nFN/Lu40N+5n9vEbngwAP1BcUC5ZRURiB839l8K3uvY9cUd29gx+7EpBCF+mGIxLR4XJndwV0Ed1BiLOw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1775650767; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=/cqGLWHzDDfcDz54M3kfdIt2qXoUUAoU0EmxIJNm14g=; b=e/VspPi+pUvzIOZcSSkvB8Frj8YbG6ohk5IUWltohDviDE0QYb4oAAUqaktion0QgFbyY6kH4T8nz3qCNuKPVMaZl9y/MT01ZEhbKVf0mFXMR6g+TtoQ/mG91qJB7s1QOShd4wtocpaPu7QpjNcCrSRAOiEBb30O81FjSOD1dPo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 38.145.34.151 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [38.145.34.151]) by mx.zohomail.com with SMTPS id 1775650767006536.3000926985873; Wed, 8 Apr 2026 05:19:27 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 4D6BF4181A; Wed, 8 Apr 2026 08:19:26 -0400 (EDT) Received: from [172.19.199.3] (unknown [10.16.107.18]) by lists.libvirt.org (Postfix) with ESMTP id 63EAF41A0A; Wed, 8 Apr 2026 08:16:39 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 950A13F2FA; Wed, 8 Apr 2026 08:16:20 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 86CF2417DE for ; Wed, 8 Apr 2026 08:16:19 -0400 (EDT) Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-262-FKJ0jYp6NcGdgmdr7KK1wQ-1; Wed, 08 Apr 2026 08:16:17 -0400 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 8DC791955DC5 for ; Wed, 8 Apr 2026 12:16:16 +0000 (UTC) Received: from moe (unknown [10.43.3.236]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id EA0BE180058C for ; Wed, 8 Apr 2026 12:16:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, RCVD_IN_SBL_CSS,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_PASS autolearn=no autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1775650579; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/cqGLWHzDDfcDz54M3kfdIt2qXoUUAoU0EmxIJNm14g=; b=YgLF8GTRwOOHfye7q9wmwl8F+9mlkktFY/32vpOU+C8lcEw5SirSnMsWi7xVyTXfzKIX37 2HBHhfXTuG0cKYH4p0Vd7kb8Gc5WSBbutBRM0RAPXY6LmniaeVEoq5HmWhEFuLePfVDGyX C2h6HOLwSDJLAhGGGb9rVKQZzA0wim8= X-MC-Unique: FKJ0jYp6NcGdgmdr7KK1wQ-1 X-Mimecast-MFC-AGG-ID: FKJ0jYp6NcGdgmdr7KK1wQ_1775650577 To: devel@lists.libvirt.org Subject: [PATCH 2/2] virnetdevmacvlan: Drop udev busy loop from virNetDevMacVLanTapOpen() Date: Wed, 8 Apr 2026 14:16:10 +0200 Message-ID: <644e53b5924b1c1ce6351fecc93b6eae3e18e190.1775650516.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: G19oBM2nZtDod_SMgQCBjWeiu7pOBuuWonS1CFvpBL4_1775650577 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: GZDW3CNPHIHJSQAJ7KFBXQOPJNRRWZHH X-Message-ID-Hash: GZDW3CNPHIHJSQAJ7KFBXQOPJNRRWZHH X-MailFrom: mprivozn@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Michal Privoznik via Devel Reply-To: Michal Privoznik X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1775650768434154100 Content-Type: text/plain; charset="utf-8"; x-default="true" From: Michal Privoznik Now that after previous commit the wait for udev to settle down is done right after device creation, there's no need to have additional wait in virNetDevMacVLanTapOpen(). It's effectively a dead code. Remove it. Signed-off-by: Michal Privoznik Reviewed-by: Laine Stump --- src/util/virnetdevmacvlan.c | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/src/util/virnetdevmacvlan.c b/src/util/virnetdevmacvlan.c index 347148542d..bbc943cc7d 100644 --- a/src/util/virnetdevmacvlan.c +++ b/src/util/virnetdevmacvlan.c @@ -158,7 +158,6 @@ virNetDevMacVLanTapOpen(const char *ifname, int *tapfd, size_t tapfdSize) { - int retries =3D 10; int ret =3D -1; int ifindex; size_t i =3D 0; @@ -172,20 +171,13 @@ virNetDevMacVLanTapOpen(const char *ifname, for (i =3D 0; i < tapfdSize; i++) { int fd =3D -1; =20 - while (fd < 0) { - if ((fd =3D open(tapname, O_RDWR)) >=3D 0) { - tapfd[i] =3D fd; - } else if (retries-- > 0) { - /* may need to wait for udev to be done */ - g_usleep(20000); - } else { - /* However, if haven't succeeded, quit. */ - virReportSystemError(errno, - _("cannot open macvtap tap device %1$= s"), - tapname); - goto cleanup; - } + if ((fd =3D open(tapname, O_RDWR)) < 0) { + virReportSystemError(errno, + _("cannot open macvtap tap device %1$s"), + tapname); + goto cleanup; } + tapfd[i] =3D fd; } =20 ret =3D 0; --=20 2.52.0