From: "Michael S. Tsirkin" <mst@redhat.com>
To: Jason Wang <jasowang@redhat.com>
Cc: eduardo@habkost.net, marcel.apfelbaum@gmail.com,
philmd@linaro.org, wangyanan55@huawei.com, zhao1.liu@intel.com,
qemu-devel@nongnu.org, peterx@redhat.com, farosas@suse.de,
jinpu.wang@ionos.com, thuth@redhat.com, berrange@redhat.com
Subject: Re: [RFC PATCH] virtio-net: introduce strict peer feature check
Date: Thu, 13 Nov 2025 11:09:32 -0500 [thread overview]
Message-ID: <20251113110004-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <20251107020149.3223-1-jasowang@redhat.com>
On Fri, Nov 07, 2025 at 10:01:49AM +0800, Jason Wang wrote:
> We used to clear features silently in virtio_net_get_features() even
> if it is required. This complicates the live migration compatibility
> as the management layer may think the feature is enabled but in fact
> not.
>
> Let's add a strict feature check to make sure if there's a mismatch
> between the required feature and peer, fail the get_features()
> immediately instead of waiting until the migration to fail. This
> offload the migration compatibility completely to the management
> layer.
>
> Signed-off-by: Jason Wang <jasowang@redhat.com>
This is not really useful - how do users know how to tweak their
command lines?
We discussed this many times.
To try and solve this you need a tool that will tell you how to start
VM on X to make it migrateable to Y or Z.
More importantly,
migration is a niche thing and breaking booting perfectly good VMs
just for that seems wrong.
If you want to keep this off by default, and have management
enable this if it knows what it's doing, then I don't really
care.
> ---
> hw/core/machine.c | 1 +
> hw/net/virtio-net.c | 153 +++++++++++++++++++++++++--------
> include/hw/virtio/virtio-net.h | 1 +
> 3 files changed, 119 insertions(+), 36 deletions(-)
>
> diff --git a/hw/core/machine.c b/hw/core/machine.c
> index 681adbb7ac..a9e43c4990 100644
> --- a/hw/core/machine.c
> +++ b/hw/core/machine.c
> @@ -40,6 +40,7 @@
>
> GlobalProperty hw_compat_10_1[] = {
> { TYPE_ACPI_GED, "x-has-hest-addr", "false" },
> + { TYPE_VIRTIO_NET, "strict-peer-feature-check", "false"},
> };
> const size_t hw_compat_10_1_len = G_N_ELEMENTS(hw_compat_10_1);
>
> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> index 33116712eb..3acc5ed4a6 100644
> --- a/hw/net/virtio-net.c
> +++ b/hw/net/virtio-net.c
> @@ -3090,53 +3090,120 @@ static void virtio_net_get_features(VirtIODevice *vdev, uint64_t *features,
> virtio_add_feature_ex(features, VIRTIO_NET_F_MAC);
>
> if (!peer_has_vnet_hdr(n)) {
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_CSUM);
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_HOST_TSO4);
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_HOST_TSO6);
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_HOST_ECN);
> -
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_CSUM);
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_TSO4);
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_TSO6);
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_ECN);
> -
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_HOST_USO);
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_USO4);
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_USO6);
> -
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO);
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_HOST_UDP_TUNNEL_GSO);
> - virtio_clear_feature_ex(features,
> - VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO_CSUM);
> - virtio_clear_feature_ex(features,
> - VIRTIO_NET_F_HOST_UDP_TUNNEL_GSO_CSUM);
> + if (n->strict_peer_feature_check) {
> + if (virtio_has_feature_ex(features, VIRTIO_NET_F_CSUM) |
> + virtio_has_feature_ex(features, VIRTIO_NET_F_HOST_TSO4) |
> + virtio_has_feature_ex(features, VIRTIO_NET_F_HOST_TSO6) |
> + virtio_has_feature_ex(features, VIRTIO_NET_F_HOST_ECN) |
> + virtio_has_feature_ex(features, VIRTIO_NET_F_GUEST_CSUM) |
> + virtio_has_feature_ex(features, VIRTIO_NET_F_GUEST_TSO4) |
> + virtio_has_feature_ex(features, VIRTIO_NET_F_GUEST_TSO6) |
> + virtio_has_feature_ex(features, VIRTIO_NET_F_GUEST_ECN) |
> + virtio_has_feature_ex(features, VIRTIO_NET_F_HOST_USO) |
> + virtio_has_feature_ex(features, VIRTIO_NET_F_GUEST_USO4) |
> + virtio_has_feature_ex(features, VIRTIO_NET_F_GUEST_USO6) |
> + virtio_has_feature_ex(features,
> + VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO) |
> + virtio_has_feature_ex(features,
> + VIRTIO_NET_F_HOST_UDP_TUNNEL_GSO) |
> + virtio_has_feature_ex(features,
> + VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO_CSUM) |
> + virtio_has_feature_ex(features,
> + VIRTIO_NET_F_HOST_UDP_TUNNEL_GSO_CSUM) |
> + virtio_has_feature_ex(features,
> + VIRTIO_NET_F_HASH_REPORT)) {
> + error_setg(errp, "virtio_net: peer doesn't support vnet hdr");
> + return;
> + }
> + } else {
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_CSUM);
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_HOST_TSO4);
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_HOST_TSO6);
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_HOST_ECN);
> +
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_CSUM);
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_TSO4);
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_TSO6);
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_ECN);
> +
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_HOST_USO);
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_USO4);
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_USO6);
> +
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO);
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_HOST_UDP_TUNNEL_GSO);
> + virtio_clear_feature_ex(features,
> + VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO_CSUM);
> + virtio_clear_feature_ex(features,
> + VIRTIO_NET_F_HOST_UDP_TUNNEL_GSO_CSUM);
>
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_HASH_REPORT);
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_HASH_REPORT);
> + }
> }
>
> if (!peer_has_vnet_hdr(n) || !peer_has_ufo(n)) {
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_UFO);
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_HOST_UFO);
> + if (n->strict_peer_feature_check) {
> + if (virtio_has_feature_ex(features, VIRTIO_NET_F_GUEST_UFO) |
> + virtio_has_feature_ex(features, VIRTIO_NET_F_HOST_UFO)) {
> + error_setg(errp, "virtio_net: peer doesn't support UFO");
> + return;
> + }
> + } else {
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_UFO);
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_HOST_UFO);
> + }
> }
> if (!peer_has_uso(n)) {
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_HOST_USO);
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_USO4);
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_USO6);
> + if (n->strict_peer_feature_check) {
> + if (virtio_has_feature_ex(features, VIRTIO_NET_F_HOST_USO) |
> + virtio_has_feature_ex(features, VIRTIO_NET_F_GUEST_USO4) |
> + virtio_has_feature_ex(features, VIRTIO_NET_F_GUEST_USO6)) {
> + error_setg(errp, "virtio_net: peer doesn't support USO");
> + return;
> + }
> + } else {
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_HOST_USO);
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_USO4);
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_USO6);
> + }
> }
>
> if (!peer_has_tunnel(n)) {
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO);
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_HOST_UDP_TUNNEL_GSO);
> - virtio_clear_feature_ex(features,
> - VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO_CSUM);
> - virtio_clear_feature_ex(features,
> - VIRTIO_NET_F_HOST_UDP_TUNNEL_GSO_CSUM);
> + if (n->strict_peer_feature_check) {
> + if (virtio_has_feature_ex(features,
> + VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO) |
> + virtio_has_feature_ex(features,
> + VIRTIO_NET_F_HOST_UDP_TUNNEL_GSO) |
> + virtio_has_feature_ex(features,
> + VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO_CSUM) |
> + virtio_has_feature_ex(features,
> + VIRTIO_NET_F_HOST_UDP_TUNNEL_GSO_CSUM)) {
> + error_setg(errp, "virtio_net: peer doesn't support tunnel GSO");
> + return;
> + }
> + } else {
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO);
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_HOST_UDP_TUNNEL_GSO);
> + virtio_clear_feature_ex(features,
> + VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO_CSUM);
> + virtio_clear_feature_ex(features,
> + VIRTIO_NET_F_HOST_UDP_TUNNEL_GSO_CSUM);
> + }
> }
>
> if (!get_vhost_net(nc->peer)) {
> if (!use_own_hash) {
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_HASH_REPORT);
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_RSS);
> + if (n->strict_peer_feature_check) {
> + if (virtio_has_feature_ex(features, VIRTIO_NET_F_HASH_REPORT) |
> + virtio_has_feature_ex(features, VIRTIO_NET_F_RSS)) {
> + error_setg(errp,
> + "virtio_net: peer doesn't support RSS/HASH_REPORT");
> + return;
> + }
> + } else {
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_HASH_REPORT);
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_RSS);
> + }
> } else if (virtio_has_feature_ex(features, VIRTIO_NET_F_RSS)) {
> virtio_net_load_ebpf(n, errp);
> }
> @@ -3145,14 +3212,26 @@ static void virtio_net_get_features(VirtIODevice *vdev, uint64_t *features,
> }
>
> if (!use_peer_hash) {
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_HASH_REPORT);
> + if (n->strict_peer_feature_check &&
> + virtio_has_feature_ex(features, VIRTIO_NET_F_HASH_REPORT)) {
> + error_setg(errp, "virtio_net: peer doesn't HASH_REPORT");
> + return;
> + } else {
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_HASH_REPORT);
> + }
>
> if (!use_own_hash || !virtio_net_attach_ebpf_to_backend(n->nic, -1)) {
> if (!virtio_net_load_ebpf(n, errp)) {
> return;
> }
>
> - virtio_clear_feature_ex(features, VIRTIO_NET_F_RSS);
> + if (n->strict_peer_feature_check &&
> + virtio_has_feature_ex(features, VIRTIO_NET_F_RSS)) {
> + error_setg(errp, "virtio_net: fail to attach eBPF for RSS");
> + return;
> + } else {
> + virtio_clear_feature_ex(features, VIRTIO_NET_F_RSS);
> + }
> }
> }
>
> @@ -4313,6 +4392,8 @@ static const Property virtio_net_properties[] = {
> host_features_ex,
> VIRTIO_NET_F_GUEST_UDP_TUNNEL_GSO_CSUM,
> false),
> + DEFINE_PROP_BOOL("strict-peer-feature-check", VirtIONet,
> + strict_peer_feature_check, true),
> };
>
> static void virtio_net_class_init(ObjectClass *klass, const void *data)
> diff --git a/include/hw/virtio/virtio-net.h b/include/hw/virtio/virtio-net.h
> index 5b8ab7bda7..abd4ca4bb0 100644
> --- a/include/hw/virtio/virtio-net.h
> +++ b/include/hw/virtio/virtio-net.h
> @@ -222,6 +222,7 @@ struct VirtIONet {
> /* primary failover device is hidden*/
> bool failover_primary_hidden;
> bool failover;
> + bool strict_peer_feature_check;
> DeviceListener primary_listener;
> QDict *primary_opts;
> bool primary_opts_from_json;
> --
> 2.34.1
next prev parent reply other threads:[~2025-11-13 16:10 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-07 2:01 [RFC PATCH] virtio-net: introduce strict peer feature check Jason Wang
2025-11-12 21:55 ` Peter Xu
2025-11-13 0:31 ` Jason Wang
2025-11-13 15:51 ` Peter Xu
2025-11-13 8:53 ` Daniel P. Berrangé
2025-11-13 15:58 ` Peter Xu
2025-11-13 16:09 ` Michael S. Tsirkin [this message]
2025-11-13 16:37 ` Peter Xu
2025-11-13 16:47 ` Michael S. Tsirkin
2025-11-13 17:12 ` Peter Xu
2025-11-13 17:46 ` Michael S. Tsirkin
2025-11-13 19:32 ` Peter Xu
2025-11-14 1:51 ` Jason Wang
2025-11-16 6:45 ` Michael S. Tsirkin
2025-11-19 2:06 ` Jason Wang
2025-11-19 6:31 ` Michael S. Tsirkin
2025-11-14 5:48 ` Thomas Huth
2025-11-14 9:53 ` Jinpu Wang
2025-11-14 15:47 ` Peter Xu
2025-11-14 1:32 ` Jason Wang
2025-11-16 6:52 ` Michael S. Tsirkin
2025-11-17 4:31 ` Jason Wang
2025-11-17 8:57 ` Michael S. Tsirkin
2025-11-19 2:49 ` Jason Wang
2025-11-19 8:07 ` Michael S. Tsirkin
2025-11-20 1:45 ` Jason Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251113110004-mutt-send-email-mst@kernel.org \
--to=mst@redhat.com \
--cc=berrange@redhat.com \
--cc=eduardo@habkost.net \
--cc=farosas@suse.de \
--cc=jasowang@redhat.com \
--cc=jinpu.wang@ionos.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=peterx@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
--cc=wangyanan55@huawei.com \
--cc=zhao1.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).