qemu: forbid setting guest-side IP address/route info of <interface>

libvirt's qemu driver doesn't have direct access to the config on the guest side of a network interface, and currently doesn't have any method in place to even inform the guest of the desired config. In the future, an unenforceable attempt to set the guest-side IP info could be made by adding a static host entry to the appropriate dnsmasq configuration (or changing the default dhcp client address on the qemu commandline for type='user' interfaces), or enhancing the guest agent to allow setting an IP address, but for now it can't have any effect, and we don't want to give the illusion that it does. To prevent the "disappearance" of any existing configs with ip address/route info (due to parser failure), this check is added in the newly implemented qemuDomainDeviceDefValidate(), which is only called when a domain is defined or started, *not* when it is reread from disk at libvirtd startup.
2024-07-31 05:57:16 +00:00 · 2016-06-21 11:59:37 -04:00 · 2016-06-21 11:59:37 -04:00 · d987f63a45
commit d987f63a45
parent fbc1843d2e
1 changed files with 34 additions and 0 deletions
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@ -2190,6 +2190,38 @@ qemuDomainDefValidate(const virDomainDef *def,
 }


+static int
+qemuDomainDeviceDefValidate(const virDomainDeviceDef *dev,
+                            const virDomainDef *def ATTRIBUTE_UNUSED,
+                            void *opaque)
+{
+    virQEMUDriverPtr driver = opaque;
+    virQEMUCapsPtr qemuCaps = NULL;
+    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+    int ret = -1;
+
+    qemuCaps = virQEMUCapsCacheLookup(driver->qemuCapsCache, def->emulator);
+
+    if (dev->type == VIR_DOMAIN_DEVICE_NET) {
+        const virDomainNetDef *net = dev->data.net;
+
+        if (net->guestIP.nroutes || net->guestIP.nips) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("Invalid attempt to set network interface "
+                             "guest-side IP route and/or address info, "
+                             "not supported by QEMU"));
+            goto cleanup;
+        }
+    }
+
+    ret = 0;
+ cleanup:
+    virObjectUnref(qemuCaps);
+    virObjectUnref(cfg);
+    return ret;
+}
+
+
 static const char *
 qemuDomainDefaultNetModel(const virDomainDef *def,
                          virQEMUCapsPtr qemuCaps)
@ -2442,6 +2474,8 @@ virDomainDefParserConfig virQEMUDriverDomainDefParserConfig = {
    .domainPostParseCallback = qemuDomainDefPostParse,
    .assignAddressesCallback = qemuDomainDefAssignAddresses,
    .domainValidateCallback = qemuDomainDefValidate,
+    .deviceValidateCallback = qemuDomainDeviceDefValidate,
+
    .features = VIR_DOMAIN_DEF_FEATURE_MEMORY_HOTPLUG |
                VIR_DOMAIN_DEF_FEATURE_OFFLINE_VCPUPIN
 };