From a70cdeeb2a27f4c1423c074b26b87de39f67db69 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 13 Aug 2024 13:39:16 +0200
Subject: [PATCH] conf: Validate QoS values

Since we use 'tc' to set QoS, or we instruct OVS which then uses
'tc', we have to make sure values are within range acceptable to
'tc'.

Resolves: https://issues.redhat.com/browse/RHEL-45200
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/conf/domain_validate.c         | 9 +++++++++
 src/conf/schemas/networkcommon.rng | 3 ++-
 src/network/bridge_driver.c        | 4 ++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 39b8d67928..ab1caadc7a 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -22,6 +22,7 @@
 
 #include "domain_validate.h"
 #include "domain_conf.h"
+#include "netdev_bandwidth_conf.h"
 #include "vircgroup.h"
 #include "virconftypes.h"
 #include "virlog.h"
@@ -2068,6 +2069,10 @@ virDomainActualNetDefValidate(const virDomainNetDef *net)
         return -1;
     }
 
+    if (!virNetDevBandwidthValidate(bandwidth)) {
+        return -1;
+    }
+
     if (virDomainNetDefValidatePortOptions(macstr, actualType, vport,
                                            virDomainNetGetActualPortOptionsIsolated(net)) < 0) {
         return -1;
@@ -2143,6 +2148,10 @@ virDomainNetDefValidate(const virDomainNetDef *net)
         return -1;
     }
 
+    if (!virNetDevBandwidthValidate(net->bandwidth)) {
+        return -1;
+    }
+
     switch (net->type) {
     case VIR_DOMAIN_NET_TYPE_VHOSTUSER:
         if (!virDomainNetIsVirtioModel(net)) {
diff --git a/src/conf/schemas/networkcommon.rng b/src/conf/schemas/networkcommon.rng
index 6df6d43f54..28424f9abd 100644
--- a/src/conf/schemas/networkcommon.rng
+++ b/src/conf/schemas/networkcommon.rng
@@ -180,9 +180,10 @@
   </define>
 
   <define name="speed">
-    <data type="unsignedInt">
+    <data type="unsignedLong">
       <param name="pattern">[0-9]+</param>
       <param name="minInclusive">1</param>
+      <param name="maxInclusive">18014398509481984</param>
     </data>
   </define>
   <define name="BurstSize">
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 32572c755f..915211d1b5 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -2838,6 +2838,10 @@ networkValidate(virNetworkDriverState *driver,
         return -1;
     }
 
+    if (!virNetDevBandwidthValidate(def->bandwidth)) {
+        return -1;
+    }
+
     /* we support configs with a single PF defined:
      *   <pf dev='eth0'/>
      * or with a list of netdev names:
-- 
2.39.5