Device role tagging doesn't work for SRIOV PF

Bug #1836389 reported by Artom Lifshitz on 2019-07-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Medium
Artom Lifshitz
Queens
Medium
Unassigned
Rocky
Medium
Unassigned
Stein
Medium
Unassigned
Train
Medium
Unassigned
Ussuri
Medium
Artom Lifshitz

Bug Description

Description
===========

Setting a device role tag on a PF interface has no effect on metadata - IOW, the PF and its tag doesn't appear in the device metadata at all.

Steps to reproduce
==================

1. Create a PF port:

  openstack port show 6dd3b82f-ce2f-44dd-acd0-62b922a7281a
  <snip>
  | binding_host_id | computeovsdpdk-0.localdomain
  | binding_profile | pci_slot='0000:86:00.0', pci_vendor_info='8086:1572', physical_network='east'
  <snip>

2. Boot a VM with that PF, with a device role tag:

   nova boot TRex --flavor vnfc --image testpmd \
     --nic net-id=8fe3eb35-4eb4-4a9a-9eaf-b97708fef451,tag=mgmt \
     --config-drive True --key-name undercloud \
     --nic port-id=6dd3b82f-ce2f-44dd-acd0-62b922a7281a,tag=east

3. SSH into the VM and look at the device metadata:

  [root@trex ~]# mount /dev/cdrom /mnt/
  mount: /dev/sr0 is write-protected, mounting read-only
  [root@trex ~]# cd /mnt/openstack/latest/
  [root@trex latest]# jq . meta_data.json

Expected result
===============

Both tagged network devices to appear in the metadata.

Actual result
=============

Only the "mgmt" NIC appears in the metadata, the "east" PF is missing:

  "devices": [
    {
      "bus": "pci",
      "mac": "fa:16:3e:21:8a:d7",
      "tags": [
        "mgmt"
      ],
      "type": "nic",
      "address": "0000:00:03.0"
    }
  ],

Environment
===========

Originally reported on OSP13/Queens [1].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1724999

Fix proposed to branch: master
Review: https://review.opendev.org/670593

Changed in nova:
assignee: nobody → Artom Lifshitz (notartom)
status: New → In Progress
Matt Riedemann (mriedem) on 2019-07-22
tags: added: libvirt
sean mooney (sean-k-mooney) wrote :

the current logic is incorrectly and expoing the host pci adress in the metadata not the vitual guest adress
while one might think this is a security issue it is not as the host adress is already exposed to the end user via the neutron port profile. as such this does not represent a new information disclosure however it defeats the purpose of the deivce role tagging feature as it is intended to allow user to easily map between the virtual devices and the tag they assigned to the logical neutron port.

i am traigeing this as medium as it is a valid issue an is already in progress.

Changed in nova:
importance: Undecided → Medium
tags: added: metadata neutron
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers