qemu: fix qemu validation to forbid guest-side IP address for type='vdpa'

Because all the checks for VIR_DOMAIN_NET_TYPE_VDPA were inside an else-if clause that was immediately followed by another else-if clause that forbid setting guestIP.ips or guestIP.routes, we've been allowing users to set guestIP.* for vdpa interfaces (but then not doing validation of the attributes that should have been done if we *did* support setting IPs for vdpa (but we don't anyway, so 🤷.) This can be fixed by turning the vdpa else-if clause into a top-level if - this way vdpa interfaces will hit the "else if (net->guestIP.nips)" clause and reject guest-side IP address setting. Also, since there are currently *no* interface types for QEMU that support adding guest-side routes, we put that check by itself (I think it may be possible to set some guest routes for passt interfaces, but we don't do that) Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
2025-03-20 06:50:22 +03:00 · 2025-02-04 16:06:18 -05:00 · 2025-02-04 16:06:18 -05:00 · 6345ee60d8
commit 6345ee60d8
parent 956c668411
1 changed files with 13 additions and 11 deletions
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@ -1745,6 +1745,12 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
    bool hasIPv6 = false;
    size_t i;

+    if (net->guestIP.nroutes) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("Invalid attempt to set network interface guest-side IP route, not supported by QEMU"));
+        return -1;
+    }
+
    if (net->type == VIR_DOMAIN_NET_TYPE_USER) {
        virDomainCapsDeviceNet netCaps = { };

@ -1758,12 +1764,6 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
            return -1;
        }

-        if (net->guestIP.nroutes) {
-            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                           _("Invalid attempt to set network interface guest-side IP route, not supported by QEMU"));
-            return -1;
-        }
-
        for (i = 0; i < net->guestIP.nips; i++) {
            const virNetDevIPAddr *ip = net->guestIP.ips[i];

@ -1811,7 +1811,13 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
                }
            }
        }
-    } else if (net->type == VIR_DOMAIN_NET_TYPE_VDPA) {
+    } else if (net->guestIP.nips) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("Invalid attempt to set network interface guest-side IP address info, not supported by QEMU"));
+        return -1;
+    }
+
+    if (net->type == VIR_DOMAIN_NET_TYPE_VDPA) {
        if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_NETDEV_VHOST_VDPA)) {
            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                           _("vDPA devices are not supported with this QEMU binary"));
@ -1825,10 +1831,6 @@ qemuValidateDomainDeviceDefNetwork(const virDomainNetDef *net,
                           virDomainNetModelTypeToString(net->model));
            return -1;
        }
-    } else if (net->guestIP.nroutes || net->guestIP.nips) {
-        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                       _("Invalid attempt to set network interface guest-side IP route and/or address info, not supported by QEMU"));
-        return -1;
    }

    if (virDomainNetIsVirtioModel(net)) {