OpenStack Compute (nova)

Nova should verify that devname in pci_passthrough_whitelist is not empty

Bug #1466451 reported by Itzik Brown
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Won't Fix
Low
Stephen Finucane

Bug Description

According to https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking:
"The devname can be a valid PCI device name. The only device names that are supported are those displayed by the Linux utility ifconfig -a and correspond to either a PF or a VF on a vNIC"

However it's possible to supply an empty string as devname
e.g. pci_passthrough_whitelist = {"devname": "", "physical_network":"physnet2"}

It's also possible to have an entry:
pci_passthrough_whitelist = {"physical_network":"physnet2"}
which shouldn't be valid.

Nova should verify that devname is not an empty string and that devname,address or product_id/vendor_id are supplied.

Version
======
python-nova-2015.1.0-4.el7ost.noarch

Expected result
=============
Nova compute should fail to start when specifying an empty string for devname when using physical_network or when not specifying devname,address or product_id/vendor_id

Markus Zoeller (markus_z) (mzoeller)
tags: added: compute config
Park (jianlonghei)
Changed in nova:
assignee: nobody → Park (jianlonghei)
Wenzhi Yu (yuywz)
Changed in nova:
assignee: Park (jianlonghei) → Wen Zhi Yu (yuywz)
Revision history for this message
Markus Zoeller (markus_z) (mzoeller) wrote :

@Wen Zhi Yu (yuywz):

Since you are set as assignee, I switch the status to "In Progress".

Changed in nova:
status: New → In Progress
Revision history for this message
Wenzhi Yu (yuywz) wrote :

Hi Itzik, sorry for delayed response.

According to your description, when using "physical_network", one or more options in list ["devname", "address", "vendor_id+product_id"] must be supplied. So there're 7 kind of valid configuration for "pci_passthrough_whitelist" as following:

1. Only "devname":

pci_passthrough_whitelist = {"devname":"eth0", "physical_network":"physnet1"}

2. Only "address":

pci_passthrough_whitelist = {"address":"*:0a:00.*", "physical_network":"physnet1"}

3. Only "vendor_id + product_id":

pci_passthrough_whitelist = {"vendor_id":"1137","product_id":"0071", "physical_network":"physnet1"}

4. "devname" and "address":

pci_passthrough_whitelist = {"devname":"eth0", "address":"*:0a:00.*", "physical_network":"physnet1"}

5. "devname" and "vendor_id+product_id'":

pci_passthrough_whitelist = {"devname":"eth0", "vendor_id":"1137","product_id":"0071", "physical_network":"physnet1"}

6. "address" and "vendor_id+product_id'":

pci_passthrough_whitelist = {"address":"*:0a:00.*", "vendor_id":"1137","product_id":"0071", "physical_network":"physnet1"}

7. All of them:

pci_passthrough_whitelist = {"devname":"eth0", "address":"*:0a:00.*", "vendor_id":"1137", "product_id":"0071", "physical_network":"physnet1"}

Am I right?

Revision history for this message
Itzik Brown (itzikb1) wrote :

Hi,
I'm not sure about 5-7.
For example 5 - I don't see a reason to specify both devname and verdor_id+product_id.

Revision history for this message
Park (jianlonghei) wrote :

according to https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking:
"Nova-compute needs to know which PCI devices are allowed to be passed through to the VMs. Also for SRIOV PCI devices it needs to know to which physical network the VF belongs. This is done through the pci_passthrough_whitelist parameter under the default section in /etc/nova/nova.conf."

so the whitelist is used to identify which physical card is the VFs belong to, I agree with itzik that 5~7 is a little redundant for identification.

Wenzhi Yu (yuywz)
Changed in nova:
assignee: Wen Zhi Yu (yuywz) → nobody
Wenzhi Yu (yuywz)
Changed in nova:
status: In Progress → New
Matt Riedemann (mriedem)
tags: added: pci
Sean Dague (sdague)
Changed in nova:
status: New → Confirmed
importance: Undecided → Low
Gage Hugo (gagehugo)
Changed in nova:
assignee: nobody → Gage Hugo (gh159m)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/300219

Changed in nova:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/306054

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on nova (master)

Change abandoned by Gage Hugo (<email address hidden>) on branch: master
Review: https://review.openstack.org/300219
Reason: New review: https://review.openstack.org/#/c/306054/

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Change abandoned by Gage Hugo (<email address hidden>) on branch: master
Review: https://review.openstack.org/306054

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/395710

Changed in nova:
assignee: Gage Hugo (gagehugo) → Stephen Finucane (stephenfinucane)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on nova (master)

Change abandoned by Stephen Finucane (<email address hidden>) on branch: master
Review: https://review.openstack.org/395710
Reason: I couldn't find documentation on this for the life of me

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to nova (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/396130

Revision history for this message
Stephen Finucane (stephenfinucane) wrote :

> According to https://wiki.openstack.org/wiki/SR-IOV-Passthrough-For-Networking:
> "The devname can be a valid PCI device name. The only device names that are supported are those displayed by the Linux utility ifconfig -a and correspond to either a PF or a VF on a vNIC"
>
> However it's possible to supply an empty string as devname
> e.g. pci_passthrough_whitelist = {"devname": "", "physical_network":"physnet2"}
>
> It's also possible to have an entry:
> pci_passthrough_whitelist = {"physical_network":"physnet2"}
> which shouldn't be valid.

I'm not sure why this isn't valid. IMO, this equates to a wildcard. We should test to validate this and perhaps update the docs.

> Nova should verify that devname is not an empty string and that devname,address or product_id/vendor_id are supplied.

Changed in nova:
status: In Progress → Invalid
assignee: Stephen Finucane (stephenfinucane) → nobody
Revision history for this message
Sean Dague (sdague) wrote :

Found open reviews for this bug in gerrit, setting to In Progress.

review: https://review.openstack.org/396130 in branch: master

Changed in nova:
status: Invalid → In Progress
assignee: nobody → Stephen Finucane (stephenfinucane)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to nova (master)

Reviewed: https://review.openstack.org/396130
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=faf25e71b74efbd9477317fceec992d505f7ae71
Submitter: Jenkins
Branch: master

commit faf25e71b74efbd9477317fceec992d505f7ae71
Author: Stephen Finucane <email address hidden>
Date: Thu Nov 10 11:38:06 2016 +0000

    pci: Validate behavior of empty devname

    Specifying an empty devname should equate to a wildcard. Validate this.

    Change-Id: If205014db1608b31755798d525185a3cf70d8126
    Related-bug: #1466451

Stephen Finucane (stephenfinucane)
Changed in nova:
status: In Progress → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.