From d987f63a450bc5721c91bfd526ec03ccc4a6b640 Mon Sep 17 00:00:00 2001
From: Laine Stump <laine@laine.org>
Date: Tue, 21 Jun 2016 11:59:37 -0400
Subject: [PATCH] qemu: forbid setting guest-side IP address/route info of
 <interface>

libvirt's qemu driver doesn't have direct access to the config on the
guest side of a network interface, and currently doesn't have any
method in place to even inform the guest of the desired config. In the
future, an unenforceable attempt to set the guest-side IP info could
be made by adding a static host entry to the appropriate dnsmasq
configuration (or changing the default dhcp client address on the qemu
commandline for type='user' interfaces), or enhancing the guest agent
to allow setting an IP address, but for now it can't have any effect,
and we don't want to give the illusion that it does.

To prevent the "disappearance" of any existing configs with ip
address/route info (due to parser failure), this check is added in the
newly implemented qemuDomainDeviceDefValidate(), which is only called
when a domain is defined or started, *not* when it is reread from disk
at libvirtd startup.
---
 src/qemu/qemu_domain.c | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index da5bb79cc5..0c107aa6db 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -2190,6 +2190,38 @@ qemuDomainDefValidate(const virDomainDef *def,
 }
 
 
+static int
+qemuDomainDeviceDefValidate(const virDomainDeviceDef *dev,
+                            const virDomainDef *def ATTRIBUTE_UNUSED,
+                            void *opaque)
+{
+    virQEMUDriverPtr driver = opaque;
+    virQEMUCapsPtr qemuCaps = NULL;
+    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+    int ret = -1;
+
+    qemuCaps = virQEMUCapsCacheLookup(driver->qemuCapsCache, def->emulator);
+
+    if (dev->type == VIR_DOMAIN_DEVICE_NET) {
+        const virDomainNetDef *net = dev->data.net;
+
+        if (net->guestIP.nroutes || net->guestIP.nips) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("Invalid attempt to set network interface "
+                             "guest-side IP route and/or address info, "
+                             "not supported by QEMU"));
+            goto cleanup;
+        }
+    }
+
+    ret = 0;
+ cleanup:
+    virObjectUnref(qemuCaps);
+    virObjectUnref(cfg);
+    return ret;
+}
+
+
 static const char *
 qemuDomainDefaultNetModel(const virDomainDef *def,
                           virQEMUCapsPtr qemuCaps)
@@ -2442,6 +2474,8 @@ virDomainDefParserConfig virQEMUDriverDomainDefParserConfig = {
     .domainPostParseCallback = qemuDomainDefPostParse,
     .assignAddressesCallback = qemuDomainDefAssignAddresses,
     .domainValidateCallback = qemuDomainDefValidate,
+    .deviceValidateCallback = qemuDomainDeviceDefValidate,
+
     .features = VIR_DOMAIN_DEF_FEATURE_MEMORY_HOTPLUG |
                 VIR_DOMAIN_DEF_FEATURE_OFFLINE_VCPUPIN
 };