From 474523fa2c67566bb61807fd413e5efc5f3510cb Mon Sep 17 00:00:00 2001
From: Laine Stump <laine@laine.org>
Date: Tue, 5 May 2015 18:27:47 -0400
Subject: [PATCH] netdev: fail when setting up an SRIOV VF if PF is offline

If an SRIOV PF is offline, the kernel won't complain if you set the
mac address and vlan tag for a VF via this PF, and it will even let
you assign the VF to a guest using PCI device assignment or macvtap
passthrough. But in this case (the PF isn't online), the device won't
be usable in the guest.

Silently setting the PF online would solve the connectivity problem,
but as pointed out by Dan Berrange, when an interface is set online
with no associated config, the kernel will by default turn on IPv6
autoconf, which could create unexpected security problems for the
host. For this reason, this patch instead logs an error and fails the
operation.

This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=893738

Originally filed against RHEL6, but present in every version of
libvirt until today.
---
 src/util/virnetdev.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c
index e14b4015da..98ce152f4e 100644
--- a/src/util/virnetdev.c
+++ b/src/util/virnetdev.c
@@ -2258,6 +2258,28 @@ virNetDevReplaceVfConfig(const char *pflinkdev, int vf,
     char macstr[VIR_MAC_STRING_BUFLEN];
     char *fileData = NULL;
     int ifindex = -1;
+    bool pfIsOnline;
+
+    /* Assure that PF is online prior to twiddling with the VF.  It
+     * *should* be, but if the PF isn't online the changes made to the
+     * VF via the PF won't take effect, yet there will be no error
+     * reported. In the case that it isn't online, fail and report the
+     * error, since setting an unconfigured interface online
+     * automatically turns on IPv6 autoconfig, which may not be what
+     * the admin expects, so we want them to explicitly enable the PF
+     * in the host system network config.
+     */
+    if (virNetDevGetOnline(pflinkdev, &pfIsOnline) < 0)
+       goto cleanup;
+    if (!pfIsOnline) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Unable to configure VF %d of PF '%s' "
+                         "because the PF is not online. Please "
+                         "change host network config to put the "
+                         "PF online."),
+                       vf, pflinkdev);
+        goto cleanup;
+    }
 
     if (virNetDevGetVfConfig(pflinkdev, vf, &oldmac, &oldvlanid) < 0)
         goto cleanup;