[ovs-git] [openvswitch/ovs] 8ab62f: Initial cut for IPv6 tunnels, netdev changes and o...
Alin Gabriel Serdean
noreply at github.com
Thu Nov 19 09:45:22 UTC 2020
Branch: refs/heads/branch-2.12-cloudbase
Home: https://github.com/openvswitch/ovs
Commit: 8ab62fbe6a76d2e3e7e655748dc6761b35825ffa
https://github.com/openvswitch/ovs/commit/8ab62fbe6a76d2e3e7e655748dc6761b35825ffa
Author: Alin Gabriel Serdean <aserdean at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M datapath-windows/include/OvsDpInterfaceExt.h
M datapath-windows/ovsext/Actions.c
M datapath-windows/ovsext/Actions.h
M datapath-windows/ovsext/DpInternal.h
M datapath-windows/ovsext/Flow.c
M datapath-windows/ovsext/Flow.h
M datapath-windows/ovsext/Geneve.c
M datapath-windows/ovsext/Geneve.h
M datapath-windows/ovsext/Gre.c
M datapath-windows/ovsext/Gre.h
M datapath-windows/ovsext/IpHelper.c
M datapath-windows/ovsext/IpHelper.h
M datapath-windows/ovsext/Netlink/Netlink.c
M datapath-windows/ovsext/Netlink/Netlink.h
M datapath-windows/ovsext/Offload.c
M datapath-windows/ovsext/Offload.h
M datapath-windows/ovsext/Oid.c
M datapath-windows/ovsext/Stt.c
M datapath-windows/ovsext/Stt.h
M datapath-windows/ovsext/Switch.c
M datapath-windows/ovsext/Switch.h
M datapath-windows/ovsext/Tunnel.c
M datapath-windows/ovsext/User.c
M datapath-windows/ovsext/Util.h
M datapath-windows/ovsext/Vport.c
M datapath-windows/ovsext/Vport.h
M datapath-windows/ovsext/Vxlan.c
M datapath-windows/ovsext/Vxlan.h
M lib/automake.mk
A lib/if-notifier-win.c
M lib/netdev-windows.c
A lib/rtwin.c
A lib/rtwin.h
M lib/wmi.c
M manpages.mk
Log Message:
-----------
Initial cut for IPv6 tunnels, netdev changes and other fixes.
Signed-off-by: Alin Gabriel Serdean <aserdean at ovn.org>
Commit: 640383e91ec55322c434069720d9897dc8625ad6
https://github.com/openvswitch/ovs/commit/640383e91ec55322c434069720d9897dc8625ad6
Author: Alin Gabriel Serdean <aserdean at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
A datapath-windows/misc/HNSHelper.psm1
M datapath-windows/misc/OVS.psm1
M windows/automake.mk
M windows/ovs-windows-installer/Product.wxs
Log Message:
-----------
Add powershell modules needed by the HNS integration
We need new ways to interact with HNS API w/o the Hyper-V integration.
Although not pretty and very slow this will provide a way to add/delete
and query the new APIs accross different versions.
Signed-off-by: Alin Gabriel Serdean <aserdean at ovn.org>
Commit: ab7fdcb3965ccc2b50dd7fc0d650e8368786507a
https://github.com/openvswitch/ovs/commit/ab7fdcb3965ccc2b50dd7fc0d650e8368786507a
Author: Alin Gabriel Serdean <aserdean at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M datapath-windows/misc/HNSHelper.psm1
Log Message:
-----------
Update HNSHelper
Signed-off-by: Alin Gabriel Serdean <aserdean at ovn.org>
Commit: 10bc131c88891e0deaeb69feaf872b6c8162e7fd
https://github.com/openvswitch/ovs/commit/10bc131c88891e0deaeb69feaf872b6c8162e7fd
Author: Alin Gabriel Serdean <aserdean at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M datapath-windows/automake.mk
Log Message:
-----------
Add HNSHelper.psm1 as an extra dist file
Signed-off-by: Alin Gabriel Serdean <aserdean at ovn.org>
Commit: b7a22edbee753fe3b36848a2db9f0196b089cbbd
https://github.com/openvswitch/ovs/commit/b7a22edbee753fe3b36848a2db9f0196b089cbbd
Author: Alin Gabriel Serdean <aserdean at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M datapath-windows/ovsext/Conntrack-icmp.c
M datapath-windows/ovsext/Conntrack.c
M datapath-windows/ovsext/Conntrack.h
M datapath-windows/ovsext/DpInternal.h
M datapath-windows/ovsext/Flow.c
M datapath-windows/ovsext/NetProto.h
M datapath-windows/ovsext/Netlink/Netlink.c
M datapath-windows/ovsext/PacketParser.h
M datapath-windows/ovsext/Types.h
M include/windows/windefs.h
Log Message:
-----------
Add conntrack IPv6 support
Signed-off-by: Alin Gabriel Serdean <aserdean at ovn.org>
Commit: 56f98947efa9c581ea67b07229e0624c707598cf
https://github.com/openvswitch/ovs/commit/56f98947efa9c581ea67b07229e0624c707598cf
Author: Alin Gabriel Serdean <aserdean at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M datapath-windows/ovsext/Driver.c
M datapath-windows/ovsext/TunnelFilter.c
M datapath-windows/ovsext/ovsext.inf
M datapath-windows/ovsext/ovsext.rc
M lib/wmi.c
Log Message:
-----------
windows: Adds Cloudbase logo
Signed-off-by: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Commit: cf45a56915dd02d0bc44869d7841f427aac14ea6
https://github.com/openvswitch/ovs/commit/cf45a56915dd02d0bc44869d7841f427aac14ea6
Author: Alin Gabriel Serdean <aserdean at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M datapath-windows/ovsext/Actions.c
Log Message:
-----------
Remove Debug assert on ipv6 tunnel
Signed-off-by: Alin Gabriel Serdean <aserdean at ovn.org>
Commit: 96c025eeb65272ad86505986667cdfa9d2ac55e6
https://github.com/openvswitch/ovs/commit/96c025eeb65272ad86505986667cdfa9d2ac55e6
Author: Alin Gabriel Serdean <aserdean at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M datapath-windows/ovsext/Vport.c
M lib/netdev-windows.c
Log Message:
-----------
Compensate for external devices
Signed-off-by: Alin Gabriel Serdean <aserdean at ovn.org>
Commit: 99a86cac46dc0f57f3bc0feecabff6ac87a9063c
https://github.com/openvswitch/ovs/commit/99a86cac46dc0f57f3bc0feecabff6ac87a9063c
Author: Ilya Maximets <i.maximets at samsung.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/dpif-netlink.c
Log Message:
-----------
dpif-netlink: Allow offloading of flows with dl_type 0x1234.
'dpif_probe_feature()' always has DPIF_FP_PROBE flag set. Other probing
code uses dpif_execute() with DPIF_OP_EXECUTE, hence never calls
parse_flow_put().
Thus, this 'if' statement is wrong and should be removed as it only
forbids offloading of the real legitimate flows with dl_type 0x1234.
Dummy flows never reach this code.
CC: Paul Blakey <paulb at mellanox.com>
Fixes: 8b668ee3f0cc ("dpif-netlink: Use netdev flow put api to insert a flow")
Reported-by: Eli Britstein <elibr at mellanox.com>
Acked-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Ilya Maximets <i.maximets at samsung.com>
Commit: 9207d1bf9f7866c39fce50db7224efebc08fc672
https://github.com/openvswitch/ovs/commit/9207d1bf9f7866c39fce50db7224efebc08fc672
Author: Numan Siddique <nusiddiq at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M NEWS
M include/ovn/actions.h
M ovn/controller/binding.c
M ovn/controller/pinctrl.c
M ovn/lib/actions.c
M ovn/lib/ovn-util.c
M ovn/northd/ovn-northd.8.xml
M ovn/northd/ovn-northd.c
M ovn/ovn-nb.xml
M ovn/ovn-sb.ovsschema
M ovn/ovn-sb.xml
M ovn/utilities/ovn-trace.c
M tests/ovn.at
M tests/test-ovn.c
Log Message:
-----------
ovn: Add a new logical switch port type - 'virtual'
This new type is added for the following reasons:
- When a load balancer is created in an OpenStack deployment with Octavia
service, it creates a logical port 'VIP' for the virtual ip.
- This logical port is not bound to any VIF.
- Octavia service creates a service VM (with another logical port 'P' which
belongs to the same logical switch)
- The virtual ip 'VIP' is configured on this service VM.
- This service VM provides the load balancing for the VIP with the configured
backend IPs.
- Octavia service can be configured to create few service VMs with active-standby mode
with the active VM configured with the VIP. The VIP can move between
these service nodes.
Presently there are few problems:
- When a floating ip (externally reachable IP) is associated to the VIP and if
the compute nodes have external connectivity then the external traffic cannot
reach the VIP using the floating ip as the VIP logical port would be down.
dnat_and_snat entry in NAT table for this vip will have 'external_mac' and
'logical_port' configured.
- The only way to make it work is to clear the 'external_mac' entry so that
the gateway chassis does the DNAT for the VIP.
To solve these problems, this patch proposes a new logical port type - virtual.
CMS when creating the logical port for the VIP, should
- set the type as 'virtual'
- configure the VIP in the options - Logical_Switch_Port.options:virtual-ip
- And set the virtual parents in the options
Logical_Switch_Port.options:virtual-parents.
These virtual parents are the one which can be configured with the VIP.
If suppose the virtual_ip is configured to 10.0.0.10 on a virtual logical port 'sw0-vip'
and the virtual_parents are set to - [sw0-p1, sw0-p2] then below logical flows are added in the
lsp_in_arp_rsp logical switch pipeline
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p1" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
- table=11(ls_in_arp_rsp), priority=100,
match=(inport == "sw0-p2" && !is_chassis_resident("sw0-vip") &&
((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) ||
(arp.op == 2 && arp.spa == 10.0.0.10))),
action=(bind_vport("sw0-vip", inport); next;)
The action bind_vport will claim the logical port - sw0-vip on the chassis where this action
is executed. Since the port - sw0-vip is claimed by a chassis, the dnat_and_snat rule for
the VIP will be handled by the compute node.
Co-authored-by: Ben Pfaff <blp at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Acked-by: Gurucharan Shetty <guru at ovn.org>
Acked-by: Mark Michelson <mmichels at redhat.com>
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
(cherry picked from ovn commit 054f4c85c413e20d893e10ba053ec52ac15db49c)
Signed-off-by: Gurucharan Shetty <guru at ovn.org>
Commit: 95c6cf3c506f369dd5e0458e3cfe9c1680e034db
https://github.com/openvswitch/ovs/commit/95c6cf3c506f369dd5e0458e3cfe9c1680e034db
Author: Eelco Chaudron <echaudro at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/netdev-afxdp.c
Log Message:
-----------
netdev-afxdp: fix corner case where umem entries were not released
If for some reason the last element in the batch was already pushed on
the stack, none of the elements where pushed. This was leading to
buffer starvation.
Signed-off-by: Eelco Chaudron <echaudro at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at samsung.com>
Commit: 5c4cd7ea4aba41d34c081eb5561b9278732572a0
https://github.com/openvswitch/ovs/commit/5c4cd7ea4aba41d34c081eb5561b9278732572a0
Author: Numan Siddique <nusiddiq at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/controller/chassis.c
M tests/ovn-controller.at
Log Message:
-----------
ovn-controller: Fix the chassis row recreation issue
Before the commit [1], ovn-controller would always recreate its
chassis row if deleted externally. After this commit, it no longer
recreates it. This is regression and needs to be fixed.
[1] - 242f1799fc22("ovn-controller: Refactor chassis.c to abstract the string parsing")
Fixes: 242f1799fc22("ovn-controller: Refactor chassis.c to abstract the string parsing")
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Justin Pettit <jpettit at ovn.org>
(cherry picked from ovn repo commit b114775978a501dabd08bb15192940e574d45420)
Commit: 0e3cae320de1559c32d0e1f82e7e238c46230580
https://github.com/openvswitch/ovs/commit/0e3cae320de1559c32d0e1f82e7e238c46230580
Author: Numan Siddique <nusiddiq at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/northd/ovn-northd.8.xml
M ovn/northd/ovn-northd.c
M tests/ovn-northd.at
Log Message:
-----------
ovn-northd: Add the option to pause and resume
This patch adds 3 unixctl socket comments - pause, resume and is-paused.
Usage: ovs-appctl -t ovn-northd pause/resume/is-paused
This feature will be useful if the CMS wants to
- deploy OVN DB servers in active/passive mode and
- run ovn-northd on all these nodes and use unix ctl sockets to
connect to the local OVN DB servers.
On the nodes where OVN Db ovsdb-servers are in passive mode, the local ovn-northds
will process the DB changes and compute logical flows to be thrown out later,
because write transactions are not allowed by these ovsdb-servers. It results in
unncessary CPU usage.
With these commands, CMS can pause ovn-northd on these node. A node
which becomes master, can resume the ovn-northd.
One use case is to use this feature in ovn-kubernetes with the above deployment model.
Acked-by: Mark Michelson <mmichels at redhat.com>
Acked-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Justin Pettit <jpettit at ovn.org>
(cherry picked from ovn commit 03894e3e2374069c06ae97dafb24fb4fcb8c8e61)
Commit: c7e95fbcd4970952eb4d5fc984ca476f6e0c10cc
https://github.com/openvswitch/ovs/commit/c7e95fbcd4970952eb4d5fc984ca476f6e0c10cc
Author: Daniel Alvarez <dalvarez at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/northd/ovn-northd.c
Log Message:
-----------
OVN: Don't emit ICMP need to frag on LRP with no IPv4 address
Prior to this patch, when a LRP has only IPv6 addresses, ovn-northd
will crash (SIGSEV) because the current code injects a flow to
emit the ICMP need-to-frag from its IPv4 address which does not
exist.
This patch is adding a check to skip the flow installation in case
the port does not have any IPv4 address.
Signed-off-by: Daniel Alvarez <dalvarez at redhat.com>
Signed-off-by: Justin Pettit <jpettit at ovn.org>
(cherry picked from ovn repo commit 7c311c9956650fedd6cb5b38ae836766444721f3)
Commit: 09933db0f72dfab67e90f512b229335724162ac6
https://github.com/openvswitch/ovs/commit/09933db0f72dfab67e90f512b229335724162ac6
Author: Han Zhou <hzhou8 at ebay.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/controller/ofctrl.c
M ovn/controller/ofctrl.h
M ovn/controller/ovn-controller.c
M ovn/lib/inc-proc-eng.c
M ovn/lib/inc-proc-eng.h
Log Message:
-----------
ovn-controller: Fix flow installation latency caused by recompute.
When there are in-flight flow-installations pending to ovs-vswitchd,
current incremental processing logic prioritizes new change handling.
However, in scenarios where frequent recomputes are triggered, the
later recompute would block the flow-installation for previously
computed flows because recompute usually takes long time, especially
when there are large number of flows. This results in worse latency
than the version without incremental processing in specific scale
test scenarios.
While we can simply fix the problem by prioritizing flow installation
rather than new change handling, it can cause the incremental
processing to degrade to always recompute in certain scenarios when
there are some changes triggering recomputes, followed by a lot of
continously coming changes that can be handled incrementally. Because
OVSDB change tracker cannot preserve changes across iterations, once
the recompute is triggered and resulted in a lot of pending messages
to ovs-vswitchd, and if we choose to skip the engine_run()
in the next iteration when a incrementally processible change comes,
we miss the opportunity to handle that tracked change and will have
to trigger recompute again in the next next iteration, and so on, if
such changes come continously.
This patch solves the problem by introducing engine_set_abort_recompute(),
so that we can prioritize new change handling if the change can be
incrementally processed, but if the change triggers recompute, we
abort there without spending CPU on the recompute to avoid blocking
the previous computed flow installation.
Reported-by: Daniel Alvarez Sanchez <dalvarez at redhat.com>
Reported-by: Numan Siddique <nusiddiq at redhat.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2019-June/048822.html
Tested-by: Numan Siddique <nusiddiq at redhat.com>
Acked-by: Numan Siddique <nusiddiq at redhat.com>
Acked-by: Mark Michelson <mmichels at redhat.com>
Signed-off-by: Han Zhou <hzhou8 at ebay.com>
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Justin Pettit <jpettit at ovn.org>
(cherry picked from ovn repo commit a6b7d9f4f04799ad90c2de4480baaf92ecabb947)
Commit: 9547c0089bb9f3bc169c21e151a134abd99ce7ed
https://github.com/openvswitch/ovs/commit/9547c0089bb9f3bc169c21e151a134abd99ce7ed
Author: Dumitru Ceara <dceara at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/controller/ovn-controller.c
Log Message:
-----------
ovn-controller: Fix IP engine run with in-flight messages
When trying to incrementally process changes even if there are in-flight
messages we were incorrectly setting the engine_aborted variable to the
value returned by engine_run. However, engine_run returns true if the
run was completed.
This was causing discrepancies between logical flows and openflow flows
due to the fact that the rerun wasn't happening after an aborted run.
In order to avoid confusion the engine_aborted variable is now renamed to
engine_run_done thus avoiding the negated logic.
CC: Han Zhou <hzhou8 at ebay.com>
Fixes: a6b7d9f4f047 ("ovn-controller: Fix flow installation latency caused by
recompute.")
Acked-by: Han Zhou <hzhou8 at ebay.com>
Acked-by: Mark Michelson <mmichels at redhat.com>
Tested-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Justin Pettit <jpettit at ovn.org>
(cherry picked from ovn repo commit fc1e1640cd47f255c68488b0ec36052b0af58fd2)
Commit: a1fd657aee31911c9ac1dca2aa63294c2cfd1f1f
https://github.com/openvswitch/ovs/commit/a1fd657aee31911c9ac1dca2aa63294c2cfd1f1f
Author: Han Zhou <zhouhan at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/controller/ovn-controller.c
M tests/ovn.at
Log Message:
-----------
ovn-controller: Fix inject-pkt command error response.
When using unixctl command inject-packet, it always respond with
failure "server not ready", although the command was actually executed
successfully.
Fixes: 0bd4d85c36ef ("ovn-controller: Initial use of incremental engine - quiet mode.")
Signed-off-by: Han Zhou <hzhou8 at ebay.com>
Acked-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Justin Pettit <jpettit at ovn.org>
(cherry picked from ovn repo commit 870a6b7ca1549a3195eaad9accc9e65aa8b11668)
Commit: bc06e03803f0678f7f2dbcbbf8c243fba0eb5a6c
https://github.com/openvswitch/ovs/commit/bc06e03803f0678f7f2dbcbbf8c243fba0eb5a6c
Author: Numan Siddique <nusiddiq at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/controller/pinctrl.c
M ovn/lib/actions.c
M tests/ovn.at
Log Message:
-----------
ovn-controller: Encode the virtual port key in vport_bind action in network byte order
The commit [1] encoded the vport key using uint32_t and the test case
"action parsing" is failing for s380 arch.
This patch fixes this issue by encoding the vport key in the network byte
order.
[1] - 054f4c85c413("Add a new logical switch port type - 'virtual'")
Fixes: 054f4c85c413("Add a new logical switch port type - 'virtual'")
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Acked-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Mark Michelson <mmichels at redhat.com>
Signed-off-by: Justin Pettit <jpettit at ovn.org>
(cherry-picked from ovn commit - 3c39d74444e21f6c24acfc9f934ee01263fa0dc3)
Commit: 614ea5c97d0c20d6c742ccd8287f33a440916812
https://github.com/openvswitch/ovs/commit/614ea5c97d0c20d6c742ccd8287f33a440916812
Author: Damijan Skvarc <damjan.skvarc at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/northd/ovn-northd.c
Log Message:
-----------
ovn-northd: fixed memory leak in ovn_port_update_sbrec()
Memory leak happens because of redundand memory allocation for array
of single pointer. Issue was solved by removing this redundand allocation
and using address of pointer to created chassis sb_ha_entity instead.
Signed-off-by: Damijan Skvarc <damjan.skvarc at gmail.com>
Acked-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Justin Pettit <jpettit at ovn.org>
(cherry-picked from ovn commit 800c4f338411c41d4d15d76073b8472f98f5a044)
Commit: 641ed3b68e42099e7e302d126edf4b30937755a7
https://github.com/openvswitch/ovs/commit/641ed3b68e42099e7e302d126edf4b30937755a7
Author: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/utilities/ovn-nbctl.c
M tests/ovn-nbctl.at
Log Message:
-----------
OVN: fix default L4 default proto reported by ovn-nbctl
If no protcol is specified defining a load balancing rule TCP is
selected as default but ovn-nbctl lb-list reports 'tcp/udp' in this
case. Fix it reporting tcp in this case
Fixes: e2bfcad6cbb0 ("ovn-nbctl: Add LB commands")
Acked-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
Signed-off-by: Justin Pettit <jpettit at ovn.org>
(cherry picked from ovn repo commit 04e10d14529732dd4b94ce7f5c6a07bfdd8da3c2)
Commit: c215f84ef9f089817d702fe5f355222e1ff722ea
https://github.com/openvswitch/ovs/commit/c215f84ef9f089817d702fe5f355222e1ff722ea
Author: Damijan Skvarc <damjan.skvarc at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/northd/ovn-northd.c
Log Message:
-----------
ovn-northd: fix memory leak in add_distributed_nat_routes() function
Within this function actions & match dynamic strings are used as helper
variables for adding entries into logical flow table. Variables are
used several times in order to optimize number of memory allocations,
however at the end memory was forgotten to be deallocated.
Signed-off-by: Damijan Skvarc <damjan.skvarc at gmail.com>
Signed-off-by: Justin Pettit <jpettit at ovn.org>
(cherry picked from ovn repo commit c1ba3f68a78af3b852aa5709a0d96f001b63b243)
Commit: d00c2a954dc0fa23e972746791c2f8f00defd67a
https://github.com/openvswitch/ovs/commit/d00c2a954dc0fa23e972746791c2f8f00defd67a
Author: Han Zhou <hzhou8 at ebay.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/northd/ovn-northd.c
Log Message:
-----------
ovn-northd: Fix ARP respond flows flapping.
>From ovn-controller debug log it is seen that when creating a lsp
in NB, a lflow for ARP respond is added and then deleted in SB
by northd (the flow will be added again when the port is bound
to a chassis). This causes unnecessary handling from ovn-controller.
The root cause is lsp_is_up() returns true when the column is not
set, when the lsp is just created. So northd adds the ARP respond
flow in SB lflow table. At the same time it will create port-binding
in SB without chassis binding. Then in the next iteration northd
will process that port-binding change and notice that there is no
chassis binding for this lsp, so it will set the "up" to false,
which causes northd to delete the ARP respond flow.
The fix is to make sure when "up" is not set, it is regarded as
false by default.
Signed-off-by: Han Zhou <hzhou8 at ebay.com>
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Justin Pettit <jpettit at ovn.org>
Backported from OVN branch patch f91b123d33fc.
Commit: 16c675e732aaec8d5189b96f2abc08ebabd0b91b
https://github.com/openvswitch/ovs/commit/16c675e732aaec8d5189b96f2abc08ebabd0b91b
Author: Damijan Skvarc <damjan.skvarc at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/controller/physical.c
Log Message:
-----------
Fixed memory leak in ovn-controller while handling port binding changes.
Signed-off-by: Damijan Skvarc <damjan.skvarc at gmail.com>
Acked-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Justin Pettit <jpettit at ovn.org>
Backported from OVN branch patch 926271b52f5.
Commit: 34d1a227a5ef8804c93611f2ede49f42178d9c98
https://github.com/openvswitch/ovs/commit/34d1a227a5ef8804c93611f2ede49f42178d9c98
Author: Justin Pettit <jpettit at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/northd/ovn-northd.c
M ovn/ovn-nb.xml
Log Message:
-----------
ovn-northd: Clarify lsp's 'enabled' and 'up' column handling.
Signed-off-by: Justin Pettit <jpettit at ovn.org>
Acked-by: Numan Siddique <nusiddiq at redhat.com>
Backported from OVN branch patch 7984c60f4ab2.
Commit: 93baf3467bf56f990bdf25cdd02ec9c3a4a90050
https://github.com/openvswitch/ovs/commit/93baf3467bf56f990bdf25cdd02ec9c3a4a90050
Author: Alin Gabriel Serdean <aserdean at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/wmi.c
Log Message:
-----------
Switch from internal port to all ports defined
This patch changes the way we try to figure out if a port is defined on a given switch.
Instead of looking only in the internal ports defined switch to all ports defined.
This caused issues when trying to add a Hyper-V container port to a given OVS bridge.
Reported-by: Danting Liu <dantingl at vmware.com>
Signed-off-by: Alin Gabriel Serdean <aserdean at ovn.org>
Acked-by: Anand Kumar <kumaranand at vmware.com>
Commit: c96fc8ab28468adca543ba4d88c5c0065680a324
https://github.com/openvswitch/ovs/commit/c96fc8ab28468adca543ba4d88c5c0065680a324
Author: Anand Kumar <kumaranand at vmware.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M datapath-windows/ovsext/Conntrack.c
Log Message:
-----------
datapath-windows: Fix updating ct label when mask is specified
When an existing label needs to be changed by specifing bits to be
updated using mask, instead of updating only the masked bits,
new label was getting overridden. This patch fixes this issue.
Signed-off-by: Anand Kumar <kumaranand at vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean at ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean at ovn.org>
Commit: 5c1e2867315b5f336feb81802a573f61f4b12b6a
https://github.com/openvswitch/ovs/commit/5c1e2867315b5f336feb81802a573f61f4b12b6a
Author: Aliasgar Ginwala <amginwal at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M utilities/ovs-lib.in
Log Message:
-----------
ovs-lib: Fix standalone db migration to raft
Current code of create-cluster from standalone db takes backup of existing
standalone db and then generates a new clustered dbs from backup dbs. Hence,
during migration if nb and sb dbs are still present, create-cluster will fail
saying file exists and will not really convert dbs to clustered dbs. This
patch fixes the same.
e.g message that pops up while migration from standalone to raft cluster:
* Backing up database to /etc/openvswitch/ovnnb_db.db.backup5.13.0-1278623084
ovsdb-tool: I/O error: /etc/openvswitch/ovnnb_db.db: create failed (File exists)
* Creating cluster database /etc/openvswitch/ovnnb_db.db from existing one
Signed-off-by: aginwala <aginwala at ebay.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: be414db3105c2dbe984015dabca0657c68215f94
https://github.com/openvswitch/ovs/commit/be414db3105c2dbe984015dabca0657c68215f94
Author: Ben Pfaff <blp at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/sat-math.h
Log Message:
-----------
sat-math: Do not use __builtin_s*_overflow() with sparse.
Some versions of sparse do not understand __builtin_saddll_overflow() and
related GCC builtins for calculations with overflow detection. This patch
avoids using them when sparse is in use.
Reported-by: Justin Pettit <jpettit at ovn.org>
Tested-by: Justin Pettit <jpettit at ovn.org>
Acked-by: Justin Pettit <jpettit at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 04ffb1591ca5fa0d36601120627bff4023b3e1e8
https://github.com/openvswitch/ovs/commit/04ffb1591ca5fa0d36601120627bff4023b3e1e8
Author: Han Zhou <hzhou8 at ebay.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/raft.c
Log Message:
-----------
raft: Move raft_reset_ping_timer() out of the loop.
Fixes: commit 5a9b53a5 ("ovsdb raft: Fix duplicated transaction execution when leader failover.")
Signed-off-by: Han Zhou <hzhou8 at ebay.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 86431a3e2dd45ece96d64bd4a07cc5a156d4c653
https://github.com/openvswitch/ovs/commit/86431a3e2dd45ece96d64bd4a07cc5a156d4c653
Author: Han Zhou <hzhou8 at ebay.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/ovsdb-idl.c
M tests/ovsdb-cluster.at
M tests/test-ovsdb.c
Log Message:
-----------
ovsdb-idl.c: Allows retry even when using a single remote.
When clustered mode is used, the client needs to retry connecting
to new servers when certain failures happen. Today it is allowed to
retry new connection only if multiple remotes are used, which prevents
using LB VIP with clustered nodes. This patch makes sure the retry
logic works when using LB VIP: although same IP is used for retrying,
the LB can actually redirect the connection to a new node.
Signed-off-by: Han Zhou <hzhou8 at ebay.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: b43e3546a0860f19c303b64ae6b23d010fcd008c
https://github.com/openvswitch/ovs/commit/b43e3546a0860f19c303b64ae6b23d010fcd008c
Author: Han Zhou <hzhou8 at ebay.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/raft-private.h
M ovsdb/raft.c
M tests/ovsdb-cluster.at
Log Message:
-----------
raft.c: Stale leader should disconnect from cluster.
As mentioned in RAFT paper, section 6.2:
Leaders: A server might be in the leader state, but if it isn’t the current
leader, it could be needlessly delaying client requests. For example, suppose a
leader is partitioned from the rest of the cluster, but it can still
communicate with a particular client. Without additional mechanism, it could
delay a request from that client forever, being unable to replicate a log entry
to any other servers. Meanwhile, there might be another leader of a newer term
that is able to communicate with a majority of the cluster and would be able to
commit the client’s request. Thus, a leader in Raft steps down if an election
timeout elapses without a successful round of heartbeats to a majority of its
cluster; this allows clients to retry their requests with another server.
Reported-by: Aliasgar Ginwala <aginwala at ebay.com>
Tested-by: Aliasgar Ginwala <aginwala at ebay.com>
Signed-off-by: Han Zhou <hzhou8 at ebay.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 94256c98aa31193e21b9d7f3aa23c3f9560770a6
https://github.com/openvswitch/ovs/commit/94256c98aa31193e21b9d7f3aa23c3f9560770a6
Author: Han Zhou <hzhou8 at ebay.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/raft.c
M tests/ovsdb-cluster.at
Log Message:
-----------
raft.c: Set candidate_retrying if no leader elected since last election.
candiate_retrying is used to determine if the current node is disconnected
from the cluster when the node is in candiate role. However, a node
can flap between candidate and follower role before a leader is elected
when majority of the cluster is down, so is_connected() will flap, too, which
confuses clients.
This patch avoids the flapping with the help of a new member had_leader,
so that if no leader was elected since last election, we know we are
still retrying, and keep as disconnected from the cluster.
Signed-off-by: Han Zhou <hzhou8 at ebay.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 6a7dc1f5cebc085ea0ef54c87cbd4140a95ad682
https://github.com/openvswitch/ovs/commit/6a7dc1f5cebc085ea0ef54c87cbd4140a95ad682
Author: Han Zhou <hzhou8 at ebay.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M Documentation/ref/ovsdb.5.rst
M ovsdb/ovsdb-server.1.in
M ovsdb/raft-private.c
M ovsdb/raft-private.h
M ovsdb/raft-rpc.h
M ovsdb/raft.c
M tests/ovsdb-cluster.at
Log Message:
-----------
ovsdb raft: Support leader election time change online.
A new unixctl command cluster/change-election-timer is implemented to
change leader election timeout base value according to the scale needs.
The change takes effect upon consensus of the cluster, implemented through
the append-request RPC. A new field "election-timer" is added to raft log
entry for this purpose.
Signed-off-by: Han Zhou <hzhou8 at ebay.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: d561031720fe8c643c4ab7208d670b88b2d3e56a
https://github.com/openvswitch/ovs/commit/d561031720fe8c643c4ab7208d670b88b2d3e56a
Author: Han Zhou <hzhou8 at ebay.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/ovsdb-server.c
M ovsdb/transaction.c
M ovsdb/transaction.h
M tests/ovsdb-monitor.at
Log Message:
-----------
ovsdb monitor: Fix crash when using non-zero last-id with standalone DB.
When a client uses monitor-cond-since with a non-zero last-id but the
server is not in cluster mode for the DB being monitored, it leads to
segmentation fault because the txn_history list is not initialized in
this case.
Program terminated with signal SIGSEGV, Segmentation fault.
1536 struct ovsdb_txn *txn = h_node->txn;
(gdb) bt
0 ovsdb_monitor_get_changes_after (txn_uuid=txn_uuid at entry=0x7ffe8605b7e0, dbmon=0x17c1b40, p_mcs=p_mcs at entry=0x17c4900) at ovsdb/monitor.c:1536
1 0x000000000040da2d in ovsdb_jsonrpc_monitor_create (request_id=0x1804630, version=<optimized out>, params=0x17ad330, db=0x18015b0, s=<optimized out>) at ovsdb/jsonrpc-server.c:1469
2 ovsdb_jsonrpc_session_got_request (request=0x17ad520, s=<optimized out>) at ovsdb/jsonrpc-server.c:1002
3 ovsdb_jsonrpc_session_run (s=<optimized out>) at ovsdb/jsonrpc-server.c:556
...
Although it doesn't happen in normal use cases, no one can prevent a
client to send this on purpose or in a corner case when a client firstly
connected to a clustered DB but later the server restarted with a
non-clustered DB.
This patch fixes it by always initialize the txn_history list to avoid
the undefined behavior in this case. It adds a test case to cover it, too.
Fixes: 695e815 ("ovsdb-server: Transaction history tracking.")
Reported-by: Aliasgar Ginwala <aginwala at ebay.com>
Signed-off-by: Han Zhou <hzhou8 at ebay.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 4b2a92a2e03e3791f25f39976bf7be965ec79a3d
https://github.com/openvswitch/ovs/commit/4b2a92a2e03e3791f25f39976bf7be965ec79a3d
Author: Dumitru Ceara <dceara at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/controller/pinctrl.c
Log Message:
-----------
pinctrl: Fix DNS packet parsing
Due to the use of a uint8_t to index inside the DNS payload we could end
up in an infinite loop when specific (invalid) DNS packets were
processed by ovn-controller. In the infinite loop we keep increasing the
query_name dynamic string until running out of memory.
One way to replicate the issue is to configure DNS on the logical switch
and then inject a manually crafted DNS-like packet. For example, with
Scapy:
>>> p = IP(dst='10.0.0.2',src='10.0.0.3')/UDP(dport=53)/('a'*364)
>>> send(p)
Also add a sanity check on minimum L4 size of packets.
Cherry-picked from ovn commit - 7fbdeaade826da299c20c05050627ebea65fe8c2.
CC: Numan Siddique <nusiddiq at redhat.com>
Fixes: 16cb4fb8ca49 ("ovn-controller: Add 'dns_lookup' action")
Reported-at: https://bugzilla.redhat.com/1740335
Reported-by: Priscila <pveiga at redhat.com>
Signed-off-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: e53d3cfabdbf55659704635c814649ce9064aa88
https://github.com/openvswitch/ovs/commit/e53d3cfabdbf55659704635c814649ce9064aa88
Author: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M tests/system-ovn.at
Log Message:
-----------
OVN: fix DNAT/SNAT system-ovn unit tests
Fix conntrack checks in the following tests in tests/system-ovn.at:
- ovn -- DNAT and SNAT on distributed router - N/S
- ovn -- DNAT and SNAT on distributed router - E/W
Fixes: a6ee09882283 ("OVN: run local logical flows first in S_ROUTER_OUT_SNAT table")
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: a5c84544926005236f87a64ce9b8bf461c770029
https://github.com/openvswitch/ovs/commit/a5c84544926005236f87a64ce9b8bf461c770029
Author: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M tests/system-kmod-macros.at
M tests/system-userspace-macros.at
Log Message:
-----------
test: do not require python2 for CHECK_CONNTRACK macro
Do not strictly require python2 for CHECK_CONNTRACK macro definitions in
system-{kmod,userspace}-macros.at
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 0ee6bd9a94a1e9f5260656d3a99ecb63fc93c2a6
https://github.com/openvswitch/ovs/commit/0ee6bd9a94a1e9f5260656d3a99ecb63fc93c2a6
Author: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/controller/pinctrl.c
Log Message:
-----------
Remove ageing check in run_put_mac_binding
Remove ageing check in run_put_mac_binding routine on mac-binding info
since if ovn-controller main thread is heavy loaded the info will be
discarded and the mac_binding table will not never be updated
Acked-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
Commit: 4619015cca128de7e5d42813fadfdb872ef761a7
https://github.com/openvswitch/ovs/commit/4619015cca128de7e5d42813fadfdb872ef761a7
Author: Ilya Maximets <i.maximets at samsung.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ofproto/ofproto-dpif-upcall.c
M ofproto/ofproto-dpif-xlate.c
Log Message:
-----------
ofproto-dpif: Fix using uninitialised memory in user_action_cookie.
Designated initializers are not suitable for initializing non-packed
structures and unions which are subjects for comparison by memcmp().
Whole memory for 'struct user_action_cookie' must be explicitly cleared
before using because it will be copied with memcpy and later compared
by memcmp in ofpbuf_equal().
Few issues found be valgrind:
Thread 13 revalidator11:
Conditional jump or move depends on uninitialised value(s)
at 0x4C35D96: __memcmp_sse4_1 (in vgpreload_memcheck.so)
by 0x9D4404: ofpbuf_equal (ofpbuf.h:273)
by 0x9D4404: revalidate_ukey__ (ofproto-dpif-upcall.c:2219)
by 0x9D4404: revalidate_ukey (ofproto-dpif-upcall.c:2286)
by 0x9D62AC: revalidate (ofproto-dpif-upcall.c:2685)
by 0x9D62AC: udpif_revalidator (ofproto-dpif-upcall.c:942)
by 0xA9C732: ovsthread_wrapper (ovs-thread.c:383)
by 0x5FF86DA: start_thread (pthread_create.c:463)
by 0x6AF488E: clone (clone.S:95)
Uninitialised value was created by a stack allocation
at 0x9D4450: compose_slow_path (ofproto-dpif-upcall.c:1062)
Thread 11 revalidator16:
Conditional jump or move depends on uninitialised value(s)
at 0x4C35D96: __memcmp_sse4_1 (in vgpreload_memcheck.so)
by 0x9D4404: ofpbuf_equal (ofpbuf.h:273)
by 0x9D4404: revalidate_ukey__ (ofproto-dpif-upcall.c:2220)
by 0x9D4404: revalidate_ukey (ofproto-dpif-upcall.c:2287)
by 0x9D62BC: revalidate (ofproto-dpif-upcall.c:2686)
by 0x9D62BC: udpif_revalidator (ofproto-dpif-upcall.c:942)
by 0xA9C6D2: ovsthread_wrapper (ovs-thread.c:383)
by 0x5FF86DA: start_thread (pthread_create.c:463)
by 0x6AF488E: clone (clone.S:95)
Uninitialised value was created by a stack allocation
at 0x9DC4E0: compose_sflow_action (ofproto-dpif-xlate.c:3211)
The struct was never marked as 'packed', however it was manually
adjusted to be so in practice.
Old IPFIX related commit first made the structure non-contiguous.
Commit 8de6ff3ea864 ("ofproto-dpif: Use a fixed size userspace cookie.")
added uninitialized parts of the additional union space and the next
one introduced new holes between structure fields for all cases.
CC: Justin Pettit <jpettit at ovn.org>
Fixes: 8b7ea2d48033 ("Extend OVS IPFIX exporter to export tunnel headers")
Fixes: 8de6ff3ea864 ("ofproto-dpif: Use a fixed size userspace cookie.")
Fixes: fcb9579be3c7 ("ofproto: Add 'ofproto_uuid' and 'ofp_in_port' to user action cookie.")
Signed-off-by: Ilya Maximets <i.maximets at samsung.com>
Acked-by: Ben Pfaff <blp at ovn.org>
Commit: 984d1dd93385d985605c86191d381e8b68c49c34
https://github.com/openvswitch/ovs/commit/984d1dd93385d985605c86191d381e8b68c49c34
Author: Han Zhou <hzhou8 at ebay.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/raft.c
Log Message:
-----------
raft.c: Election timer initial reset with value from log.
After election timer is changed through cluster/change-election-timer
command, if a server restarts, it firstly initializes with the default
value and use it to reset the timer. Although it reads the latest
timer value later from the log, the first timeout may be much shorter
than expected by other servers that use latest timeout, and it would
start election before it receives the first heartbeat from the leader.
This patch fixes it by changing the order of reading log and resetting
timer so that the latest value is read from the log before the initial
resetting of the timer.
Fixes: commit 8e35461 ("ovsdb raft: Support leader election time change online.")
Signed-off-by: Han Zhou <hzhou8 at ebay.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 304ded5fac439ba7b028d540f0ff3518a49e37da
https://github.com/openvswitch/ovs/commit/304ded5fac439ba7b028d540f0ff3518a49e37da
Author: Han Zhou <hzhou8 at ebay.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M Documentation/ref/ovsdb.5.rst
M ovsdb/raft-private.c
Log Message:
-----------
raft: Save and read new election timer in header snapshot.
This patch store the latest election timer in snapshot during log
compression, and when server restarts it reads the value from the log.
Without this, any previous changes to election timer will be lost
in the log, and if server restarts, it will use the default value
instead of the changed value.
Fixes: commit 8e35461 ("ovsdb raft: Support leader election time change online.")
Signed-off-by: Han Zhou <hzhou8 at ebay.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 2a6ebc7ecdb95eb26ce13a8a5ff6fdd0e8dfe173
https://github.com/openvswitch/ovs/commit/2a6ebc7ecdb95eb26ce13a8a5ff6fdd0e8dfe173
Author: Han Zhou <hzhou8 at ebay.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M Documentation/ref/ovsdb.5.rst
Log Message:
-----------
ovsdb.5.rst: Fix minor format problem.
Signed-off-by: Han Zhou <hzhou8 at ebay.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 8ac0e85162e24654e9aad2523733e37ec7f3f5d3
https://github.com/openvswitch/ovs/commit/8ac0e85162e24654e9aad2523733e37ec7f3f5d3
Author: William Tu <u9012063 at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M utilities/ovs-lib.in
Log Message:
-----------
ovs-lib: Add timeout at ovs-check-dead-ifs.
At SUSE12 SP3, we hit a case where ovs-check-dead-ifs tries to read
an entry in /proc/<pid>/fd/<some fd> but hangs forever. The pid is
a qemu-system-x86_64 process and we suspect it's an issue related to
qemu, not ovs. As a result, force-reload-kmod hangs and OVS bridge
never gets restarted. This patch adds a timeout of 5-seconds to
ovs-check-dead-ifs.
VMware-BZ: #2408059
Signed-off-by: William Tu <u9012063 at gmail.com>
Cc: Ashish Varma <ashishvarma.ovs at gmail.com>
Cc: Gurucharan Shetty <guru at ovn.org>
Signed-off-by: Gurucharan Shetty <guru at ovn.org>
Commit: 5905fc64f484e1efdcae6df6d0926ef251835b02
https://github.com/openvswitch/ovs/commit/5905fc64f484e1efdcae6df6d0926ef251835b02
Author: Greg Rose <gvrose8192 at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M rhel/usr_share_openvswitch_scripts_ovs-kmod-manage.sh
Log Message:
-----------
rhel: Add case for RHEL 7.5 major version to kmod manage script
A Centos 7.5 kernel with an unencountered set of minor build numbers
caused an upgrade bug. Adding the case for the rhel 7.5 kmod management
script fixes the problem.
Signed-off-by: Greg Rose <gvrose8192 at gmail.com>
Reviewed-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Gurucharan Shetty <guru at ovn.org>
Commit: 11703f61b510363c9118023e8cb3adf965771d48
https://github.com/openvswitch/ovs/commit/11703f61b510363c9118023e8cb3adf965771d48
Author: Flavio Leitner <fbl at sysclose.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ofproto/ofproto-dpif-xlate.c
M tests/tunnel.at
Log Message:
-----------
tnl-neigh: Use outgoing ofproto version.
When a packet needs to be encapsulated in userspace, the endpoint
address needs to be resolved to fill in the headers. If it is not,
then currently OvS sends either a Neighbor Solicitation (IPv6)
or an ARP Query (IPv4) to resolve it.
The problem is that the NS/ARP packet will go through the flow
rules in the new bridge, but inheriting the ofproto table version
from the original packet to be encapsulated. When those versions
don't match, the result is unexpected because no flow rules might
be visible, which would cause the default table rule to be used
to drop the packet. Or only part of the flow rules would be visible
and so on.
Since the NS/ARP packet is created by OvS and will be injected in
the outgoing bridge, use the corresponding ofproto version instead.
Reviewed-by: David Marchand <david.marchand at redhat.com>
Acked-By: Vasu Dasari <vdasari at gmail.com>
Signed-off-by: Flavio Leitner <fbl at sysclose.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 2fc2be3777f0653dca9e1280f37af7defc9464e4
https://github.com/openvswitch/ovs/commit/2fc2be3777f0653dca9e1280f37af7defc9464e4
Author: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/northd/ovn-northd.c
Log Message:
-----------
OVN: fix memory leak in build_pre_lb
Fix memory leak of ip_address string in build_pre_lb routine if we
install logical flows for empty_lb controller event
Fixes: f49b17a6cbe3 ("OVN: use trigger_event action to report 'empty_lb_rule' events")
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 5e96803b50d0868d155e4c34a5ddfa6311a592eb
https://github.com/openvswitch/ovs/commit/5e96803b50d0868d155e4c34a5ddfa6311a592eb
Author: Mark Michelson <mmichels at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/lib/actions.c
Log Message:
-----------
OVN: Repair memory leak for OVN controller events.
Controller event action is leaking its genopts. This corrects the error.
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: a6c9156cffb34a264c241f98189155feebd56104
https://github.com/openvswitch/ovs/commit/a6c9156cffb34a264c241f98189155feebd56104
Author: Greg Rose <gvrose8192 at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M datapath/conntrack.c
M datapath/flow.c
M datapath/flow.h
Log Message:
-----------
datapath: Properly set L4 keys on "later" IP fragments
Upstream commit:
commit ad06a566e118e57b852cab5933dbbbaebb141de3
Author: Greg Rose <gvrose8192 at gmail.com>
Date: Tue Aug 27 07:58:09 2019 -0700
openvswitch: Properly set L4 keys on "later" IP fragments
When IP fragments are reassembled before being sent to conntrack, the
key from the last fragment is used. Unless there are reordering
issues, the last fragment received will not contain the L4 ports, so the
key for the reassembled datagram won't contain them. This patch updates
the key once we have a reassembled datagram.
The handle_fragments() function works on L3 headers so we pull the L3/L4
flow key update code from key_extract into a new function
'key_extract_l3l4'. Then we add a another new function
ovs_flow_key_update_l3l4() and export it so that it is accessible by
handle_fragments() for conntrack packet reassembly.
Co-authored-by: Justin Pettit <jpettit at ovn.org>
Signed-off-by: Greg Rose <gvrose8192 at gmail.com>
Acked-by: Pravin B Shelar <pshelar at ovn.org>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Rose <gvrose8192 at gmail.com>
Signed-off-by: Justin Pettit <jpettit at ovn.org>
Commit: ac9cc09c36ec756507f3e90d15722a7fadc06cae
https://github.com/openvswitch/ovs/commit/ac9cc09c36ec756507f3e90d15722a7fadc06cae
Author: Justin Pettit <jpettit at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M datapath/flow.c
Log Message:
-----------
datapath: Clear the L4 portion of the key for "later" fragments
Upstream commit:
commit 0754b4e8cdf3eec6e4122e79af26ed9bab20f8f8
Author: Justin Pettit <jpettit at ovn.org>
Date: Tue Aug 27 07:58:10 2019 -0700
openvswitch: Clear the L4 portion of the key for "later" fragments.
Only the first fragment in a datagram contains the L4 headers. When the
Open vSwitch module parses a packet, it always sets the IP protocol
field in the key, but can only set the L4 fields on the first fragment.
The original behavior would not clear the L4 portion of the key, so
garbage values would be sent in the key for "later" fragments. This
patch clears the L4 fields in that circumstance to prevent sending those
garbage values as part of the upcall.
Signed-off-by: Justin Pettit <jpettit at ovn.org>
Acked-by: Pravin B Shelar <pshelar at ovn.org>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Rose <gvrose8192 at gmail.com>
Signed-off-by: Justin Pettit <jpettit at ovn.org>
Commit: 52bacd46898f6d09b2a5d3b2f511a0cf9279e497
https://github.com/openvswitch/ovs/commit/52bacd46898f6d09b2a5d3b2f511a0cf9279e497
Author: Darrell Ball <dlu998 at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/conntrack.c
M lib/packets.h
Log Message:
-----------
conntrack: Fix ICMPv4 error data L4 length check.
The ICMPv4 error data L4 length check was found to be too strict for TCP,
expecting a minimum of 20 rather than 8 bytes. This worked by
hapenstance for other inner protocols. The approach is to explicitly
handle the ICMPv4 error data L4 length check and to do this for all
supported inner protocols in the same way. Making the code common
between protocols also allows the existing ICMPv4 related UDP tests to
cover TCP and ICMP inner protocol cases.
Note that ICMPv6 does not have an 8 byte limit for error L4 data.
Fixes: a489b16854b5 ("conntrack: New userspace connection tracker.")
CC: Daniele Di Proietto <diproiettod at ovn.org>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2019-August/361949.html
Reported-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
Signed-off-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
Co-authored-by: Vishal Deep Ajmera <vishal.deep.ajmera at ericsson.com>
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 28707186fcc10598d3e71c5c13c773153347698b
https://github.com/openvswitch/ovs/commit/28707186fcc10598d3e71c5c13c773153347698b
Author: Michele Baldessari <michele at acksyn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M utilities/ovs-lib.in
Log Message:
-----------
Make pid_exists() more robust against empty pid argument
In some of our destructive testing of ovn-dbs inside containers managed
by pacemaker we reached a situation where /var/run/openvswitch had
empty .pid files. The current code does not deal well with them
and pidfile_is_running() returns true in such a case and this confuses
the OCF resource agent.
- Before this change:
Inside a container run:
killall ovsdb-server;
echo -n '' > /var/run/openvswitch/ovnnb_db.pid; echo -n '' > /var/run/openvswitch/ovnsb_db.pid
We will observe that the cluster is unable to ever recover because
it believes the ovn processes to be running when they really aren't and
eventually just fails:
podman container set: ovn-dbs-bundle [192.168.24.1:8787/rhosp15/openstack-ovn-northd:pcmklatest]
ovn-dbs-bundle-0 (ocf::ovn:ovndb-servers): Master controller-0
ovn-dbs-bundle-1 (ocf::ovn:ovndb-servers): Stopped controller-1
ovn-dbs-bundle-2 (ocf::ovn:ovndb-servers): Slave controller-2
Let's make sure pid_exists() returns false when the pid is an empty
string.
- After this change the cluster is able to recover from this state and
correctly start the resource:
podman container set: ovn-dbs-bundle [192.168.24.1:8787/rhosp15/openstack-ovn-northd:pcmklatest]
ovn-dbs-bundle-0 (ocf::ovn:ovndb-servers): Master controller-0
ovn-dbs-bundle-1 (ocf::ovn:ovndb-servers): Slave controller-1
ovn-dbs-bundle-2 (ocf::ovn:ovndb-servers): Slave controller-2
Fixes: 3028ce2595c8 ("ovs-lib: Allow "status" command to work as non-root.")
Signed-off-by: Michele Baldessari <michele at acksyn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 3913c8e2e7935bd86e9e1a21773c17d9d982bb9e
https://github.com/openvswitch/ovs/commit/3913c8e2e7935bd86e9e1a21773c17d9d982bb9e
Author: Ilya Maximets <i.maximets at samsung.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/dpif-netdev.c
Log Message:
-----------
dpif-netdev: Fail port addition if reconfiguration failed.
If the port was destroyed during the initial reconfiguration, we should
report an error to the upper layers. Otherwise, successful addition of
the port will be logged and upper layers will continue to configure
this port. For example, the 'dpif' layer will try to initilaize flow
API for this device.
Fix that by checking for port existence after reconfiguration. We can't
get the real error code here, so let's assume EINVAL. 'ovs-vsctl' will
tell the user to check the logs for a real reason anyway.
Fixes: e32971b8ddb4 ("dpif-netdev: Centralized threads and queues handling code.")
Signed-off-by: Ilya Maximets <i.maximets at samsung.com>
Acked-by: Ian Stokes <ian.stokes at intel.com>
Commit: 5932f295a6a9d60caea55799228f987dcb8e18d4
https://github.com/openvswitch/ovs/commit/5932f295a6a9d60caea55799228f987dcb8e18d4
Author: Nitin Katiyar <nitin.katiyar at ericsson.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/packets.c
Log Message:
-----------
packets: Fix using outdated RSS hash after MPLS decapsulation.
When a packet is received, the RSS hash is calculated if it is not
already available. The Exact Match Cache (EMC) entry is then looked up
using this RSS hash.
When a MPLS encapsulated packet is received, the MPLS header is popped
and the packet is recirculated. Since the RSS hash has not been
invalidated here, the EMC lookup for all decapsulated packets will hit
the same entry even though these packets will have different tuple
values. This degrades performance severely as different inner packets
from the same MPLS tunnel would hit the same EMC entry.
This patch invalidates RSS hash (by resetting offload flags) after MPLS
header is popped.
Signed-off-by: Nitin Katiyar <nitin.katiyar at ericsson.com>
Signed-off-by: Ilya Maximets <i.maximets at samsung.com>
Commit: d639b794ee2c51decb867519165c524a3ee5855f
https://github.com/openvswitch/ovs/commit/d639b794ee2c51decb867519165c524a3ee5855f
Author: Greg Rose <gvrose8192 at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M rhel/usr_share_openvswitch_scripts_ovs-kmod-manage.sh
Log Message:
-----------
rhel: Fix ovs-kmod-manage.sh to work with RHEL 7.3
Add case for RHEL 7.3. This also fixes commit 22abff2 where I forgot to
update the comp_ver variable for RHEL 7.5 and while I was in there I
updated comp_ver for the RHEL 7.4 case as well.
Fixes: 22abff2 ("rhel: Add case for RHEL 7.5 major version to...")
Reviewed-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Greg Rose <gvrose8192 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 466263a3930e87a50717be3cfc2fddbe27e54eee
https://github.com/openvswitch/ovs/commit/466263a3930e87a50717be3cfc2fddbe27e54eee
Author: Greg Rose <gvrose8192 at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M rhel/usr_share_openvswitch_scripts_ovs-kmod-manage.sh
Log Message:
-----------
rhel: Revert RHEL 7.4 comp_ver change
I looked at the wrong list of kernels when I changed the value for the
RHEL 7.4 comp_ver variable. Revert that part of commit e64c2c1
("rhel: Fix ovs-kmod-manage.sh to work with RHEL 7.3").
Fixes: e64c2c1 ("rhel: Fix ovs-kmod-manage.sh to work with RHEL 7.3")
Signed-off-by: Greg Rose <gvrose8192 at gmail.com>
Signed-off-by: Gurucharan Shetty <guru at ovn.org>
Commit: bbe25a59806beecf05e7d11b3cb3c4a343802557
https://github.com/openvswitch/ovs/commit/bbe25a59806beecf05e7d11b3cb3c4a343802557
Author: Justin Pettit <jpettit at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M NEWS
M debian/changelog
Log Message:
-----------
Set release date for 2.12.0.
Signed-off-by: Justin Pettit <jpettit at ovn.org>
Acked-by: Flavio Leitner <fbl at sysclose.org>
Commit: e20da6946a7a7e5e9297b9b2dca0b6dc99c89294
https://github.com/openvswitch/ovs/commit/e20da6946a7a7e5e9297b9b2dca0b6dc99c89294
Author: Justin Pettit <jpettit at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M NEWS
M configure.ac
M debian/changelog
Log Message:
-----------
Prepare for 2.12.1.
Signed-off-by: Justin Pettit <jpettit at ovn.org>
Acked-by: Flavio Leitner <fbl at sysclose.org>
Commit: cd277998810ecdf0e010c35592ab37529cc280f5
https://github.com/openvswitch/ovs/commit/cd277998810ecdf0e010c35592ab37529cc280f5
Author: Justin Pettit <jpettit at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M Documentation/faq/releases.rst
Log Message:
-----------
faq: Update list of kernels supported by 2.12.
Signed-off-by: Justin Pettit <jpettit at ovn.org>
Reviewed-by: Yifeng Sun <pkusunyifeng at gmail.com>
Commit: 802a4a346bd538bd682fc001cb64dc2ddd3b9073
https://github.com/openvswitch/ovs/commit/802a4a346bd538bd682fc001cb64dc2ddd3b9073
Author: Yifeng Sun <pkusunyifeng at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/raft.c
Log Message:
-----------
raft: Free leaked json data
Valgrind reported:
1924: compacting online - cluster
==29312== 2,886 (240 direct, 2,646 indirect) bytes in 6 blocks are definitely lost in loss record 406 of 413
==29312== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==29312== by 0x44A5F4: xmalloc (util.c:138)
==29312== by 0x4308EA: json_create (json.c:1451)
==29312== by 0x4308EA: json_object_create (json.c:254)
==29312== by 0x430ED0: json_parser_push_object (json.c:1273)
==29312== by 0x430ED0: json_parser_input (json.c:1371)
==29312== by 0x431CF1: json_lex_input (json.c:991)
==29312== by 0x43233B: json_parser_feed (json.c:1149)
==29312== by 0x41D87F: parse_body.isra.0 (log.c:411)
==29312== by 0x41E141: ovsdb_log_read (log.c:476)
==29312== by 0x42646D: raft_read_log (raft.c:866)
==29312== by 0x42646D: raft_open (raft.c:951)
==29312== by 0x4151AF: ovsdb_storage_open__ (storage.c:81)
==29312== by 0x408FFC: open_db (ovsdb-server.c:642)
==29312== by 0x40657F: main (ovsdb-server.c:358)
This patch fixes it.
Acked-by: William Tu <u9012063 at gmail.com>
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: f487ece65b1df88f9f7d5500bc4934ffae1a888b
https://github.com/openvswitch/ovs/commit/f487ece65b1df88f9f7d5500bc4934ffae1a888b
Author: Yifeng Sun <pkusunyifeng at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ofproto/ofproto-dpif.c
Log Message:
-----------
ofproto-dpif: Uninitialize 'xlate_cache' to free resources
Valgrind reported:
1210: ofproto-dpif - continuation after clone
==32205== 4,392 (1,440 direct, 2,952 indirect) bytes in 12 blocks are definitely lost in loss record 359 of 362
==32205== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==32205== by 0x532574: xmalloc (util.c:138)
==32205== by 0x4F98CA: ofpbuf_init (ofpbuf.c:123)
==32205== by 0x42C07B: nxt_resume (ofproto-dpif.c:5110)
==32205== by 0x41796F: handle_nxt_resume (ofproto.c:3677)
==32205== by 0x424583: handle_single_part_openflow (ofproto.c:8473)
==32205== by 0x424583: handle_openflow (ofproto.c:8606)
==32205== by 0x4579E2: ofconn_run (connmgr.c:1318)
==32205== by 0x4579E2: connmgr_run (connmgr.c:355)
==32205== by 0x41E0F5: ofproto_run (ofproto.c:1845)
==32205== by 0x40BA63: bridge_run__ (bridge.c:2971)
==32205== by 0x410CF3: bridge_run (bridge.c:3029)
==32205== by 0x407614: main (ovs-vswitchd.c:127)
This is because 'xcache' was not destroyed properly. This patch fixes it.
Acked-by: William Tu <u9012063 at gmail.com>
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 496229a18217ffe5bb51ff7609f39d8f6c03c153
https://github.com/openvswitch/ovs/commit/496229a18217ffe5bb51ff7609f39d8f6c03c153
Author: Yifeng Sun <pkusunyifeng at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/dpif-netdev.c
Log Message:
-----------
dpif-netdev: Handle uninitialized value error for 'match.wc'
Valgrind reported that match.wc was not initialized, as below:
1176: ofproto-dpif - fragment handling - actions
==21214== Conditional jump or move depends on uninitialised value(s)
==21214== at 0x4B77C1: odp_flow_key_from_flow__ (odp-util.c:6143)
==21214== by 0x46DB58: dp_netdev_upcall (dpif-netdev.c:6239)
==21214== by 0x4774A7: handle_packet_upcall (dpif-netdev.c:6608)
==21214== by 0x4774A7: fast_path_processing (dpif-netdev.c:6726)
==21214== by 0x47933C: dp_netdev_input__ (dpif-netdev.c:6814)
==21214== by 0x479AB8: dp_netdev_input (dpif-netdev.c:6852)
==21214== by 0x479AB8: dp_netdev_process_rxq_port (dpif-netdev.c:4287)
==21214== by 0x47A6A9: dpif_netdev_run (dpif-netdev.c:5264)
==21214== by 0x4324E7: type_run (ofproto-dpif.c:342)
==21214== by 0x41C5FE: ofproto_type_run (ofproto.c:1734)
==21214== by 0x40BAAC: bridge_run__ (bridge.c:2965)
==21214== by 0x410CF3: bridge_run (bridge.c:3029)
==21214== by 0x407614: main (ovs-vswitchd.c:127)
==21214== Uninitialised value was created by a stack allocation
==21214== at 0x4769C3: fast_path_processing (dpif-netdev.c:6672)
'match' is allocated on stack but its 'wc' is accessed in
odp_flow_key_from_flow__ without proper initialization.
This patch fixes it.
Acked-by: William Tu <u9012063 at gmail.com>
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: d1eb4f123225c5f910368415ee55b6ed8ed6c695
https://github.com/openvswitch/ovs/commit/d1eb4f123225c5f910368415ee55b6ed8ed6c695
Author: Yifeng Sun <pkusunyifeng at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M utilities/ovs-ofctl.c
Log Message:
-----------
ovs-ofctl: Free leaked minimatch
Valgrind reported:
1056: ofproto - bundle with multiple flow mods (OpenFlow 1.4)
==19220== 160 bytes in 2 blocks are definitely lost in loss record 24 of 34
==19220== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19220== by 0x4979A4: xmalloc (util.c:138)
==19220== by 0x42407D: miniflow_alloc (flow.c:3340)
==19220== by 0x4296CF: minimatch_init (match.c:1758)
==19220== by 0x46273D: parse_ofp_str__ (ofp-flow.c:1759)
==19220== by 0x465B9E: parse_ofp_str (ofp-flow.c:1790)
==19220== by 0x465CE0: parse_ofp_flow_mod_str (ofp-flow.c:1817)
==19220== by 0x465DF6: parse_ofp_flow_mod_file (ofp-flow.c:1876)
==19220== by 0x410BA3: ofctl_flow_mod_file.isra.19 (ovs-ofctl.c:1773)
==19220== by 0x417933: ovs_cmdl_run_command__ (command-line.c:223)
==19220== by 0x406F68: main (ovs-ofctl.c:179)
This patch fixes it.
Acked-by: William Tu <u9012063 at gmail.com>
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: ea1437a189f103dca17c424749072d2392d18e60
https://github.com/openvswitch/ovs/commit/ea1437a189f103dca17c424749072d2392d18e60
Author: Yifeng Sun <pkusunyifeng at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/trigger.c
Log Message:
-----------
trigger: Free leaked ovsdb_schema
Valgrind reported:
1925: schema conversion online - standalone
==10884== 689 (56 direct, 633 indirect) bytes in 1 blocks are definitely lost in loss record 384 of 420
==10884== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10884== by 0x44A592: xcalloc (util.c:121)
==10884== by 0x40E2EC: ovsdb_schema_create (ovsdb.c:41)
==10884== by 0x40E688: ovsdb_schema_from_json (ovsdb.c:217)
==10884== by 0x416C6F: ovsdb_trigger_try (trigger.c:246)
==10884== by 0x40D4DE: ovsdb_jsonrpc_trigger_create (jsonrpc-server.c:1119)
==10884== by 0x40D4DE: ovsdb_jsonrpc_session_got_request (jsonrpc-server.c:986)
==10884== by 0x40D4DE: ovsdb_jsonrpc_session_run (jsonrpc-server.c:556)
==10884== by 0x40D4DE: ovsdb_jsonrpc_session_run_all (jsonrpc-server.c:586)
==10884== by 0x40D4DE: ovsdb_jsonrpc_server_run (jsonrpc-server.c:401)
==10884== by 0x406A6E: main_loop (ovsdb-server.c:209)
==10884== by 0x406A6E: main (ovsdb-server.c:460)
'new_schema' should also be freed when there is no error.
This patch fixes it.
Acked-by: William Tu <u9012063 at gmail.com>
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: ab0efc497a9d6ce86c54412a87667d81e7032028
https://github.com/openvswitch/ovs/commit/ab0efc497a9d6ce86c54412a87667d81e7032028
Author: Yifeng Sun <pkusunyifeng at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/ovsdb-client.c
Log Message:
-----------
ovsdb-client: Free ovsdb_schema
Valgrind reported:
1925: schema conversion online - standalone
==10727== 689 (56 direct, 633 indirect) bytes in 1 blocks are definitely lost in loss record 64 of 66
==10727== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10727== by 0x449D42: xcalloc (util.c:121)
==10727== by 0x40F45C: ovsdb_schema_create (ovsdb.c:41)
==10727== by 0x40F7F8: ovsdb_schema_from_json (ovsdb.c:217)
==10727== by 0x40FB4E: ovsdb_schema_from_file (ovsdb.c:101)
==10727== by 0x40B156: do_convert (ovsdb-client.c:1639)
==10727== by 0x4061C6: main (ovsdb-client.c:282)
This patch fixes it.
Acked-by: William Tu <u9012063 at gmail.com>
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: a43a029c163b26f082f7d4db5bd1c2944ba0d058
https://github.com/openvswitch/ovs/commit/a43a029c163b26f082f7d4db5bd1c2944ba0d058
Author: Yifeng Sun <pkusunyifeng at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/dns-resolve.c
Log Message:
-----------
dns-resolve: Free 'struct ub_result' when callback returns error results
Valgrind reported:
1074: ofproto - flush flows, groups, and meters for controller change
==5499== 695 (288 direct, 407 indirect) bytes in 3 blocks are definitely lost in loss record 344 of 355
==5499== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5499== by 0x5E7F145: ??? (in /usr/lib/x86_64-linux-gnu/libunbound.so.2.4.0)
==5499== by 0x5E6EBDE: ub_resolve_async (in /usr/lib/x86_64-linux-gnu/libunbound.so.2.4.0)
==5499== by 0x55C739: resolve_async__.part.5 (dns-resolve.c:233)
==5499== by 0x55C85C: resolve_async__ (dns-resolve.c:261)
==5499== by 0x55C85C: resolve_callback__ (dns-resolve.c:262)
==5499== by 0x5E6FEF1: ub_process (in /usr/lib/x86_64-linux-gnu/libunbound.so.2.4.0)
==5499== by 0x55CAF3: dns_resolve (dns-resolve.c:153)
==5499== by 0x523864: parse_sockaddr_components_dns (socket-util.c:438)
==5499== by 0x523864: parse_sockaddr_components (socket-util.c:504)
==5499== by 0x524468: inet_parse_active (socket-util.c:541)
==5499== by 0x524564: inet_open_active (socket-util.c:579)
==5499== by 0x5959F9: tcp_open (stream-tcp.c:56)
==5499== by 0x529192: stream_open (stream.c:228)
==5499== by 0x529910: stream_open_with_default_port (stream.c:724)
==5499== by 0x595FAE: vconn_stream_open (vconn-stream.c:81)
==5499== by 0x535C9B: vconn_open (vconn.c:250)
==5499== by 0x517C59: reconnect (rconn.c:467)
==5499== by 0x5184C7: run_BACKOFF (rconn.c:492)
==5499== by 0x5184C7: rconn_run (rconn.c:660)
==5499== by 0x457FE8: ofservice_run (connmgr.c:1992)
==5499== by 0x457FE8: connmgr_run (connmgr.c:367)
==5499== by 0x41E0F5: ofproto_run (ofproto.c:1845)
==5499== by 0x40BA63: bridge_run__ (bridge.c:2971)
In ub_resolve_async's callback function, 'struct ub_result' should be
finally freed even if there is a resolving error. This patch fixes it.
Acked-by: William Tu <u9012063 at gmail.com>
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 12200128442f18eb6340a4a864a5489afd94b888
https://github.com/openvswitch/ovs/commit/12200128442f18eb6340a4a864a5489afd94b888
Author: Yifeng Sun <pkusunyifeng at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ofproto/ofproto-dpif.c
Log Message:
-----------
ofproto-dpif: Free leaked 'webster'
Valgrind reported:
1122: ofproto-dpif - select group with explicit dp_hash selection method
==16884== 64 bytes in 1 blocks are definitely lost in loss record 320 of 346
==16884== at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16884== by 0x532512: xcalloc (util.c:121)
==16884== by 0x4262B9: group_setup_dp_hash_table (ofproto-dpif.c:4846)
==16884== by 0x4267CB: group_set_selection_method (ofproto-dpif.c:4938)
==16884== by 0x4267CB: group_construct (ofproto-dpif.c:4984)
==16884== by 0x417250: init_group (ofproto.c:7286)
==16884== by 0x41B4FC: add_group_start (ofproto.c:7316)
==16884== by 0x42247A: ofproto_group_mod_start (ofproto.c:7589)
==16884== by 0x4250EC: handle_group_mod (ofproto.c:7744)
==16884== by 0x4250EC: handle_single_part_openflow (ofproto.c:8428)
==16884== by 0x4250EC: handle_openflow (ofproto.c:8606)
==16884== by 0x4579E2: ofconn_run (connmgr.c:1318)
==16884== by 0x4579E2: connmgr_run (connmgr.c:355)
==16884== by 0x41E0F5: ofproto_run (ofproto.c:1845)
==16884== by 0x40BA63: bridge_run__ (bridge.c:2971)
==16884== by 0x410CF3: bridge_run (bridge.c:3029)
==16884== by 0x407614: main (ovs-vswitchd.c:127)
This patch fixes it.
Acked-by: William Tu <u9012063 at gmail.com>
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 193b0e88d5c64e119fd92ee45d6cb03d9ee48cec
https://github.com/openvswitch/ovs/commit/193b0e88d5c64e119fd92ee45d6cb03d9ee48cec
Author: Yifeng Sun <pkusunyifeng at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/db-ctl-base.c
Log Message:
-----------
db-ctl-base: Free leaked ovsdb_datum
Valgrind reported:
2491: database commands -- negative checks
==19245== 36 (32 direct, 4 indirect) bytes in 1 blocks are definitely lost in loss record 36 of 53
==19245== at 0x4C2FD5F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19245== by 0x431AB4: xrealloc (util.c:149)
==19245== by 0x41656D: ovsdb_datum_reallocate (ovsdb-data.c:1883)
==19245== by 0x41656D: ovsdb_datum_union (ovsdb-data.c:1961)
==19245== by 0x4107B2: cmd_add (db-ctl-base.c:1494)
==19245== by 0x406E2E: do_vsctl (ovs-vsctl.c:2626)
==19245== by 0x406E2E: main (ovs-vsctl.c:183)
==19252== 16 bytes in 1 blocks are definitely lost in loss record 9 of 52
==19252== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19252== by 0x430F74: xmalloc (util.c:138)
==19252== by 0x414D07: clone_atoms (ovsdb-data.c:990)
==19252== by 0x4153F6: ovsdb_datum_clone (ovsdb-data.c:1012)
==19252== by 0x4104D3: cmd_remove (db-ctl-base.c:1564)
==19252== by 0x406E2E: do_vsctl (ovs-vsctl.c:2626)
==19252== by 0x406E2E: main (ovs-vsctl.c:183)
This patch fixes them.
Acked-by: William Tu <u9012063 at gmail.com>
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: e9218bb67a22a726c3dc4f9828e76d6bb31b9e3e
https://github.com/openvswitch/ovs/commit/e9218bb67a22a726c3dc4f9828e76d6bb31b9e3e
Author: Yifeng Sun <pkusunyifeng at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/conntrack.c
Log Message:
-----------
conntrack: Validate accessing of conntrack data in pkt_metadata
Valgrind reported:
1305: ofproto-dpif - conntrack - ipv6
==26942== Conditional jump or move depends on uninitialised value(s)
==26942== at 0x587C00: check_orig_tuple (conntrack.c:1006)
==26942== by 0x587C00: process_one (conntrack.c:1141)
==26942== by 0x587C00: conntrack_execute (conntrack.c:1220)
==26942== by 0x47B00F: dp_execute_cb (dpif-netdev.c:7305)
==26942== by 0x4AF756: odp_execute_actions (odp-execute.c:794)
==26942== by 0x477532: dp_netdev_execute_actions (dpif-netdev.c:7349)
==26942== by 0x477532: handle_packet_upcall (dpif-netdev.c:6630)
==26942== by 0x477532: fast_path_processing (dpif-netdev.c:6726)
==26942== by 0x47933C: dp_netdev_input__ (dpif-netdev.c:6814)
==26942== by 0x479AB8: dp_netdev_input (dpif-netdev.c:6852)
==26942== by 0x479AB8: dp_netdev_process_rxq_port (dpif-netdev.c:4287)
==26942== by 0x47A6A9: dpif_netdev_run (dpif-netdev.c:5264)
==26942== by 0x4324E7: type_run (ofproto-dpif.c:342)
==26942== by 0x41C5FE: ofproto_type_run (ofproto.c:1734)
==26942== by 0x40BAAC: bridge_run__ (bridge.c:2965)
==26942== by 0x410CF3: bridge_run (bridge.c:3029)
==26942== by 0x407614: main (ovs-vswitchd.c:127)
==26942== Uninitialised value was created by a heap allocation
==26942== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==26942== by 0x532574: xmalloc (util.c:138)
==26942== by 0x46CD62: dp_packet_new (dp-packet.c:153)
==26942== by 0x4A0431: eth_from_flow_str (netdev-dummy.c:1644)
==26942== by 0x4A0431: netdev_dummy_receive (netdev-dummy.c:1783)
==26942== by 0x531990: process_command (unixctl.c:308)
==26942== by 0x531990: run_connection (unixctl.c:342)
==26942== by 0x531990: unixctl_server_run (unixctl.c:393)
==26942== by 0x40761E: main (ovs-vswitchd.c:128)
1316: ofproto-dpif - conntrack - tcp port reuse
==24039== Conditional jump or move depends on uninitialised value(s)
==24039== at 0x587BF5: check_orig_tuple (conntrack.c:1004)
==24039== by 0x587BF5: process_one (conntrack.c:1141)
==24039== by 0x587BF5: conntrack_execute (conntrack.c:1220)
==24039== by 0x47B02F: dp_execute_cb (dpif-netdev.c:7306)
==24039== by 0x4AF7A6: odp_execute_actions (odp-execute.c:794)
==24039== by 0x47755B: dp_netdev_execute_actions (dpif-netdev.c:7350)
==24039== by 0x47755B: handle_packet_upcall (dpif-netdev.c:6631)
==24039== by 0x47755B: fast_path_processing (dpif-netdev.c:6727)
==24039== by 0x47935C: dp_netdev_input__ (dpif-netdev.c:6815)
==24039== by 0x479AD8: dp_netdev_input (dpif-netdev.c:6853)
==24039== by 0x479AD8: dp_netdev_process_rxq_port
(dpif-netdev.c:4287)
==24039== by 0x47A6C9: dpif_netdev_run (dpif-netdev.c:5264)
==24039== by 0x4324F7: type_run (ofproto-dpif.c:342)
==24039== by 0x41C5FE: ofproto_type_run (ofproto.c:1734)
==24039== by 0x40BAAC: bridge_run__ (bridge.c:2965)
==24039== by 0x410CF3: bridge_run (bridge.c:3029)
==24039== by 0x407614: main (ovs-vswitchd.c:127)
==24039== Uninitialised value was created by a heap allocation
==24039== at 0x4C2DB8F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24039== by 0x5325C4: xmalloc (util.c:138)
==24039== by 0x46D144: dp_packet_new (dp-packet.c:153)
==24039== by 0x46D144: dp_packet_new_with_headroom (dp-packet.c:163)
==24039== by 0x51191E: eth_from_hex (packets.c:498)
==24039== by 0x4A03B9: eth_from_packet (netdev-dummy.c:1609)
==24039== by 0x4A03B9: netdev_dummy_receive (netdev-dummy.c:1765)
==24039== by 0x5319E0: process_command (unixctl.c:308)
==24039== by 0x5319E0: run_connection (unixctl.c:342)
==24039== by 0x5319E0: unixctl_server_run (unixctl.c:393)
==24039== by 0x40761E: main (ovs-vswitchd.c:128)
According to comments in pkt_metadata_init(), conntrack data is valid
only if pkt_metadata.ct_state != 0. This patch prevents
check_orig_tuple() get called when conntrack data is uninitialized.
Acked-by: William Tu <u9012063 at gmail.com>
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 8624f1e22a6cc42f0b3fd40f26b27c4bd9983c7f
https://github.com/openvswitch/ovs/commit/8624f1e22a6cc42f0b3fd40f26b27c4bd9983c7f
Author: Kevin Traynor <ktraynor at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M Documentation/faq/releases.rst
Log Message:
-----------
faq: Update OVS/DPDK version table for OVS 2.12.
Indicate that OVS 2.12 uses DPDK 18.11.2.
Signed-off-by: Kevin Traynor <ktraynor at redhat.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 99ce12da489fcb42763c9841e931fdf21ff182a4
https://github.com/openvswitch/ovs/commit/99ce12da489fcb42763c9841e931fdf21ff182a4
Author: Yifeng Sun <pkusunyifeng at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M acinclude.m4
M datapath/linux/Modules.mk
A datapath/linux/compat/include/linux/rbtree.h
M datapath/linux/compat/include/net/netfilter/nf_conntrack_count.h
M datapath/linux/compat/nf_conncount.c
Log Message:
-----------
datapath: compat: Backports bugfixes for nf_conncount
This patch backports several critical bug fixes related to
locking and data consistency in nf_conncount code.
This backport is based on the following upstream net-next upstream commits.
a007232 ("netfilter: nf_conncount: fix argument order to find_next_bit")
c80f10b ("netfilter: nf_conncount: speculative garbage collection on empty lists")
2f971a8 ("netfilter: nf_conncount: move all list iterations under spinlock")
df4a902 ("netfilter: nf_conncount: merge lookup and add functions")
e8cfb37 ("netfilter: nf_conncount: restart search when nodes have been erased")
f7fcc98 ("netfilter: nf_conncount: split gc in two phases")
4cd273b ("netfilter: nf_conncount: don't skip eviction when age is negative")
c78e781 ("netfilter: nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS")
d4e7df1 ("netfilter: nf_conncount: use rb_link_node_rcu() instead of rb_link_node()")
53ca0f2 ("netfilter: nf_conncount: remove wrong condition check routine")
3c5cdb1 ("netfilter: nf_conncount: fix unexpected permanent node of list.")
31568ec ("netfilter: nf_conncount: fix list_del corruption in conn_free")
fd3e71a ("netfilter: nf_conncount: use spin_lock_bh instead of spin_lock")
This patch adds additional compat code so that it can build on
all supported kernel versions.
In addition, this patch helps OVS datapath to always choose bug-fixed
nf_conncount code. If kernel already has these fixes, then kernel's
nf_conncount is being used. Otherwise, OVS falls back to use compat
nf_conncount functions.
Travis tests are at
https://travis-ci.org/yifsun/ovs-travis/builds/569056850
On latest RHEL kernel, 'make check-kmod' runs good.
VMware-BZ: #2396471
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 5494d0b6e09a71592f9239efef7dcc3309a96349
https://github.com/openvswitch/ovs/commit/5494d0b6e09a71592f9239efef7dcc3309a96349
Author: Damijan Skvarc <damjan.skvarc at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/stream-ssl.c
Log Message:
-----------
stream_ssl: fix important memory leak in ssl_connect() function
While checking valgrind reports after running "make check-valgrind" I have noticed
reports for several tests similar to the following:
....
==5345== Memcheck, a memory error detector
==5345== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==5345== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==5345== Command: ovsdb-client --private-key=/home/damijan.skvarc/doma/ovs/tests/testpki-privkey.pem --certificate=/home/damijan.skvarc/doma/ovs/tests/testpki-cert.pem --ca-cert=/home/damijan.skvarc/doma/ovs/tests/testpki-cacert.pem transact ssl:127.0.0.1:40111 \ \ \ ["ordinals",
==5345== \ \ \ \ \ \ {"op":\ "update",
==5345== \ \ \ \ \ \ \ "table":\ "ordinals",
==5345== \ \ \ \ \ \ \ "where":\ [["number",\ "==",\ 1]],
==5345== \ \ \ \ \ \ \ "row":\ {"number":\ 2,\ "name":\ "old\ two"}},
==5345== \ \ \ \ \ \ {"op":\ "update",
==5345== \ \ \ \ \ \ \ "table":\ "ordinals",
==5345== \ \ \ \ \ \ \ "where":\ [["name",\ "==",\ "two"]],
==5345== \ \ \ \ \ \ \ "row":\ {"number":\ 1,\ "name":\ "old\ one"}}]
==5345== Parent PID: 5344
==5345==
==5345==
==5345== HEAP SUMMARY:
==5345== in use at exit: 116,551 bytes in 3,341 blocks
==5345== total heap usage: 5,134 allocs, 1,793 frees, 412,290 bytes allocated
==5345==
==5345== 6,221 (184 direct, 6,037 indirect) bytes in 1 blocks are definitely lost in loss record 498 of 500
==5345== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5345== by 0x5105E77: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==5345== by 0x51E1D23: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==5345== by 0x51E4861: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==5345== by 0x51E5414: ASN1_item_ex_d2i (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==5345== by 0x51E546A: ASN1_item_d2i (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==5345== by 0x4E56B27: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==5345== by 0x4E5BA11: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==5345== by 0x4E65145: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==5345== by 0x4522DF: ssl_connect (stream-ssl.c:530)
==5345== by 0x443D38: scs_connecting (stream.c:315)
==5345== by 0x443D38: stream_connect (stream.c:338)
==5345== by 0x443FA1: stream_open_block (stream.c:266)
==5345== by 0x40AB79: open_jsonrpc (ovsdb-client.c:507)
==5345== by 0x40AB79: open_rpc (ovsdb-client.c:143)
==5345== by 0x40B06B: do_transact__ (ovsdb-client.c:871)
==5345== by 0x40B245: do_transact (ovsdb-client.c:893)
==5345== by 0x405F76: main (ovsdb-client.c:282)
==5345==
==5345== LEAK SUMMARY:
==5345== definitely lost: 184 bytes in 1 blocks
==5345== indirectly lost: 6,037 bytes in 117 blocks
==5345== possibly lost: 0 bytes in 0 blocks
==5345== still reachable: 110,330 bytes in 3,223 blocks
==5345== suppressed: 0 bytes in 0 blocks
==5345== Reachable blocks (those to which a pointer was found) are not shown.
==5345== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==5345==
==5345== For counts of detected and suppressed errors, rerun with: -v
==5345== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
....
This report was extracted from "index uniqueness checking" test and complains about
leaking memory in ovsdb-client application. The problem is not huge, since ovsdb-client
is CLI tool which is constantly reinvoked/restarted, thus leaked memory is not accumulated.
More problematic issue is that for the same test valgrind reports the similar problem also for
ovsdb-server:
....
==5290== Memcheck, a memory error detector
==5290== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==5290== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==5290== Command: ovsdb-server --log-file --detach --no-chdir --pidfile --private-key=/home/damijan.skvarc/doma/ovs/tests/testpki-privkey2.pem --certificate=/home/damijan.skvarc/doma/ovs/tests/testpki-cert2.pem --ca-cert=/home/damijan.skvarc/doma/ovs/tests/testpki-cacert.pem --remote=pssl:0:127.0.0.1 db
==5290== Parent PID: 5289
==5290==
==5292== Warning: noted but unhandled ioctl 0x2403 with no size/direction hints.
==5292== This could cause spurious value errors to appear.
==5292== See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper.
==5292== Warning: noted but unhandled ioctl 0x2400 with no size/direction hints.
==5292== This could cause spurious value errors to appear.
==5292== See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper.
==5290==
==5290== HEAP SUMMARY:
==5290== in use at exit: 2,066 bytes in 48 blocks
==5290== total heap usage: 87 allocs, 39 frees, 14,152 bytes allocated
==5290==
==5290== LEAK SUMMARY:
==5290== definitely lost: 0 bytes in 0 blocks
==5290== indirectly lost: 0 bytes in 0 blocks
==5290== possibly lost: 0 bytes in 0 blocks
==5290== still reachable: 2,066 bytes in 48 blocks
==5290== suppressed: 0 bytes in 0 blocks
==5290== Reachable blocks (those to which a pointer was found) are not shown.
==5290== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==5290==
==5290== For counts of detected and suppressed errors, rerun with: -v
==5290== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 1 from 1)
==5292== Warning: noted but unhandled ioctl 0x2401 with no size/direction hints.
==5292== This could cause spurious value errors to appear.
==5292== See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper.
==5292==
==5292== HEAP SUMMARY:
==5292== in use at exit: 164,018 bytes in 4,252 blocks
==5292== total heap usage: 17,910 allocs, 13,658 frees, 1,907,468 bytes allocated
==5292==
==5292== 49,720 (1,472 direct, 48,248 indirect) bytes in 8 blocks are definitely lost in loss record 580 of 580
==5292== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5292== by 0x5105E77: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==5292== by 0x51E1D23: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==5292== by 0x51E4861: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==5292== by 0x51E5414: ASN1_item_ex_d2i (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==5292== by 0x51E546A: ASN1_item_d2i (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==5292== by 0x4E53E00: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==5292== by 0x4E55727: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0)
==5292== by 0x452C4B: ssl_connect (stream-ssl.c:530)
==5292== by 0x445B18: scs_connecting (stream.c:315)
==5292== by 0x445B18: stream_connect (stream.c:338)
==5292== by 0x445B91: stream_recv (stream.c:369)
==5292== by 0x432A9C: jsonrpc_recv.part.7 (jsonrpc.c:310)
==5292== by 0x433977: jsonrpc_recv (jsonrpc.c:1139)
==5292== by 0x433977: jsonrpc_session_recv (jsonrpc.c:1112)
==5292== by 0x40CCE3: ovsdb_jsonrpc_session_run (jsonrpc-server.c:553)
==5292== by 0x40CCE3: ovsdb_jsonrpc_session_run_all (jsonrpc-server.c:586)
==5292== by 0x40CCE3: ovsdb_jsonrpc_server_run (jsonrpc-server.c:401)
==5292== by 0x40682E: main_loop (ovsdb-server.c:209)
==5292== by 0x40682E: main (ovsdb-server.c:460)
==5292==
==5292== LEAK SUMMARY:
==5292== definitely lost: 1,472 bytes in 8 blocks
==5292== indirectly lost: 48,248 bytes in 936 blocks
==5292== possibly lost: 0 bytes in 0 blocks
==5292== still reachable: 114,298 bytes in 3,308 blocks
==5292== suppressed: 0 bytes in 0 blocks
==5292== Reachable blocks (those to which a pointer was found) are not shown.
==5292== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==5292==
==5292== For counts of detected and suppressed errors, rerun with: -v
==5292== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 1 from 1)
....
In this case ovsdb-server is running as daemon process (--detach option) and leaking memory is
accumulated whenever ovsdb-client is reconnected. Within observed test ovsdb-client CLI tool
connects 8 times to ovsdb-server. Leaked memory in ovsdb-client (for each invocation) is approx.
6K bytes, while leaked memory in ovsdb-server is aprox. 48Kbytes what is actually 8*6K. Thus per
each connection both ovsdb-client and ovsdb-server leak approx. 6K bytes.
I have done a small manual test to check if ovsdb-server is indeed accumulating leaked memory
by dumping ovsdb-server in a loop:
console1:
ovsdb-server \
--log-file \
--detach --no-chdir --pidfile \
--private-key=testpki-privkey2.pem \
--certificate=testpki-cert2.pem \
--ca-cert=testpki-cacert.pem \
--remote=pssl:0:127.0.0.1 \
db
while (true); do \
ovsdb-client \
--private-key=testpki-privkey.pem \
--certificate=testpki-cert.pem \
--ca-cert=testpki-cacert.pem \
dump ssl:127.0.0.1:42067; \
done
console2:
watch -n 0.5 'cat /proc/$(pidof ovsdb-server)/status | grep VmSize'
In console2 it was evidently seen ovsdb-server is constantly leaking memory. After a while
(i.e. after a certain number of reconnections) the OOM killer jumps out and kills ovsdb-server.
Very similar situation was already noticed and described in
https://github.com/openvswitch/ovs-issues/issues/168. There, the problem pops up while connecting
controller to ovs-vswitchd daemon.
Valgrind reports point to a problem in openssl library, however after studying openssl code for
a while I have found out the problem is actually in ovs. When connection through SSL channel is
taken place openssl library allocates memory for keeping track of certificate. Reference to this
memory works very similar as std::shared_ptr pointer in recent C++ dialects. i.e. when allocated
memory is referenced its reference counter is incremented and decremented after the memory is
derefered. When reference counter becomes zero allocated memory is automatically deallocated.
In openssl library environment certificate is retrieved by calling SSL_get_peer_certificate()
where its reference counter is incremented. After retrieved certificate is not used any more its
reference counter must be decremented by calling X509_free(). If not, allocated memory is never
freed despite the ssl connection is properly closed.
The problem was caused in stream-ssl.c in function ssl_connect(), which retrieves common peer name
by calling SSL_get_peer_certificate() function and without calling X509_free() function afterwards.
Signed-off-by: Damijan Skvarc <damjan.skvarc at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: e6618fd54d47543db3d809b561b1437e1adbd196
https://github.com/openvswitch/ovs/commit/e6618fd54d47543db3d809b561b1437e1adbd196
Author: Ben Pfaff <blp at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M Documentation/internals/mailing-lists.rst
Log Message:
-----------
Documentation: Fix security mailing list address.
We don't own ovs.org, and I doubt Ojai Valley School would enjoy
receiving our email.
Reviewed-by: Greg Rose <gvrose8192 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: aa0a1956115f2f74c9bf06d5fac5ab940aaf7a97
https://github.com/openvswitch/ovs/commit/aa0a1956115f2f74c9bf06d5fac5ab940aaf7a97
Author: Darrell Ball <dlu998 at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/conntrack.c
Log Message:
-----------
conntrack: Fix 'check_orig_tuple()' Valgrind false positive.
Valgrind reported that 'pkt->md.ct_orig_tuple.ipv4.ipv4_proto' is
uninitialized in 'check_orig_tuple()', if 'ct_state' is zero. Although
this is true, the check is superceded, as even if it succeeds the check
for natted packets based on 'ct_state' is an ORed condition and is intended
to catch this case.
The check is '!(pkt->md.ct_state & (CS_SRC_NAT | CS_DST_NAT))' which
filters out all packets excepted natted ones. Move this check up to
prevent the Valgrind complaint, which also helps performance and also remove
recenlty added redundant check adding extra cycles.
Fixes: f44733c527da ("conntrack: Validate accessing of conntrack data in pkt_metadata.")
CC: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: aa7971017d45d3013a42959994d761d590a29349
https://github.com/openvswitch/ovs/commit/aa7971017d45d3013a42959994d761d590a29349
Author: Darrell Ball <dlu998 at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/conntrack.c
Log Message:
-----------
conntrack: Fix 'reverse_nat_packet()' variable datatype.
The datatype 'pad' in the function 'reverse_nat_packet()' was incorrectly
declared as 'char' instead of 'uint8_t'. This can affect reverse natting
of icmpX packets with padding > 127 bytes. At the same time, add some
comments regarding 'extract_l3_ipvX' usage in this function. Found by
inspection.
Fixes: edd1bef468c0 ("dpdk: Add more ICMP Related NAT support.")
Signed-off-by: Darrell Ball <dlu998 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 9787e5e13dbd2c7a978c97ad6475d6e06c7730fc
https://github.com/openvswitch/ovs/commit/9787e5e13dbd2c7a978c97ad6475d6e06c7730fc
Author: Numan Siddique <nusiddiq at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/lib/expr.c
M tests/ovn.at
Log Message:
-----------
ovn: Exclude inport and outport symbol tables from conjunction
If there are multiple ACLs associated with a port group and they
match on a range of some field, then ovn-controller doesn't install
the flows properly and this results in broken ACL functionality.
For example, if there is a port group - pg1 with logical ports - [p1, p2]
and if there are below ACLs (only match condition is shown)
1 - outport == @pg1 && ip4 && tcp.dst >= 500 && tcp.dst <= 501
2 - outport == @pg1 && ip4 && tcp.dst >= 600 && tcp.dst <= 601
The first ACL will result in the below OF flows
1. conj_id=1,tcp
2. tcp,reg15=0x11: conjunction(1, 1/2)
3. tcp,reg15=0x12: conjunction(1, 1/2)
5. tcp,tp_dst=500: conjunction(1, 2/2)
6. tcp,tp_dst=501: conjunction(1, 2/2)
The second ACL will result in the below OF flows
7. conj_id=2,tcp
8. tcp,reg15=0x11: conjunction(2, 1/2)
9. tcp,reg15=0x12: conjunction(2, 1/2)
11. tcp,tp_dst=600: conjunction(2, 2/2)
12. tcp,tp_dst=601: conjunction(2, 3/2)
The OF flows (2) and (8) have the exact match but with different action.
This results in only one of the flows getting installed. The same goes
for the flows (3) and (9). And this completely breaks the ACL functionality
for such scenarios.
In order to fix this issue, this patch excludes the 'inport' and 'outport' symbols
from conjunction. With this patch we will have the below flows.
tcp,reg15=0x11,tp_dst=500
tcp,reg15=0x11,tp_dst=501
tcp,reg15=0x12,tp_dst=500
tcp,reg15=0x12,tp_dst=501
tcp,reg15=0x13,tp_dst=500
tcp,reg15=0x13,tp_dst=501
tcp,reg15=0x11,tp_dst=600
tcp,reg15=0x11,tp_dst=601
tcp,reg15=0x12,tp_dst=600
tcp,reg15=0x12,tp_dst=601
tcp,reg15=0x13,tp_dst=600
tcp,reg15=0x13,tp_dst=601
Acked-by: Mark Michelson <mmichels at redhat.com>
Acked-by: Daniel Alvarez <dalvarez at redhat.com>
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
(cherry-picked from ovn commit 298701dbc99645700be41680a43d049cb061847a)
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 08d86500cfcff687bd17a3e926608e131f758617
https://github.com/openvswitch/ovs/commit/08d86500cfcff687bd17a3e926608e131f758617
Author: Yanqin Wei <Yanqin.Wei at arm.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/flow.c
Log Message:
-----------
flow: fix incorrect padding length checking in ipv6_sanity_check
The padding length is (packet size - ipv6 header length - ipv6 plen). This
patch fixes incorrect padding size checking in ipv6_sanity_check.
Acked-by: William Tu <u9012063 at gmail.com>
Reviewed-by: Gavin Hu <Gavin.Hu at arm.com>
Signed-off-by: Yanqin Wei <Yanqin.Wei at arm.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 0018ac37ea8271fcc03c4bf7d8eff6de4356cd6b
https://github.com/openvswitch/ovs/commit/0018ac37ea8271fcc03c4bf7d8eff6de4356cd6b
Author: Kevin Traynor <ktraynor at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/netdev-dpdk.c
Log Message:
-----------
netdev-dpdk: Fix padding info comment.
The comment was incorrectly updated. Fix it to the
correct value of 36 pad bytes.
/* --- cacheline 5 boundary (320 bytes) --- */
union {
struct {
struct netdev_stats stats; /* 320 336 */
/* --- cacheline 5 boundary (320 bytes) was 16 bytes ago --- */
uint64_t tx_retries; /* 656 8 */
rte_spinlock_t stats_lock; /* 664 4 */
}; /* 352 */
uint8_t pad52[384]; /* 384 */
}; /* 320 384 */
Fixes: c161357d5d96 ("netdev-dpdk: Add custom stat for vhost tx retries.")
Reported-by: Ilya Maximets <i.maximets at samsung.com>
Signed-off-by: Kevin Traynor <ktraynor at redhat.com>
Signed-off-by: Ian Stokes <ian.stokes at intel.com>
Commit: aba0b2ce7a4ad63ff457a870217fd29d8ffc4ba1
https://github.com/openvswitch/ovs/commit/aba0b2ce7a4ad63ff457a870217fd29d8ffc4ba1
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M .travis/linux-prepare.sh
Log Message:
-----------
travis: Drop -MD related workaround for sparse.
The issue was fixed in upstream sparse by the following commit:
d90c0838c101 ("cgcc: fix wrong processing of -MD & -MMD")
This patch is required to fix our travis build.
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Ian Stokes <ian.stokes at intel.com>
Commit: 3884d90462d88231d09efa6ff07336cc25f4b1db
https://github.com/openvswitch/ovs/commit/3884d90462d88231d09efa6ff07336cc25f4b1db
Author: David Marchand <david.marchand at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M Documentation/topics/dpdk/vhost-user.rst
Log Message:
-----------
doc: Fix incorrect reference for dpdk-testpmd.
Move back the dpdk-testpmd reference to the right section of this
document so that the link in howto/dpdk does not point to
"vhost-user-client tx retries config".
Fixes: 080f080c3bc1 ("netdev-dpdk: Enable tx-retries-max config.")
Signed-off-by: David Marchand <david.marchand at redhat.com>
Acked-by: Kevin Traynor <ktraynor at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: faf7ec511775d92936ee667fcc8a1238ea72345b
https://github.com/openvswitch/ovs/commit/faf7ec511775d92936ee667fcc8a1238ea72345b
Author: Martin Zhang <martinbj2008 at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ofproto/ofproto-dpif-sflow.c
Log Message:
-----------
ofproto: fix a typo for ttl in dpif_sflow_actions
Signed-off-by: Martin Zhang <martinbj2008 at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 2496ec9c8ec61953ae5efa33b69ca61de83bbb99
https://github.com/openvswitch/ovs/commit/2496ec9c8ec61953ae5efa33b69ca61de83bbb99
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/conntrack.c
M lib/flow.c
M lib/packets.h
M ovn/controller/pinctrl.c
Log Message:
-----------
flow: Fix using pointer to member of packed struct icmp6_hdr.
OVS has no structure definition for ICMPv6 header with additional
data. More precisely, it has, but this structure named as
'icmp6_error_header' and only suitable to store error related
extended information. 'flow_compose_l4' stores additional
information in reserved bits by using system defined structure
'icmp6_hdr', which is marked as 'packed' and this leads to
build failure with gcc >= 9:
lib/flow.c:3041:34: error:
taking address of packed member of 'struct icmp6_hdr' may result
in an unaligned pointer value [-Werror=address-of-packed-member]
uint32_t *reserved = &icmp->icmp6_dataun.icmp6_un_data32[0];
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fix that by renaming 'icmp6_error_header' to 'icmp6_data_header'
and allowing it to store not only errors, but any type of additional
information by analogue with 'struct icmp6_hdr'.
All the usages of 'struct icmp6_hdr' replaced with this new structure.
Removed redundant conversions between network and host representations.
Now fields are always in be.
This also, probably, makes flow_compose_l4 more robust by avoiding
possible unaligned accesses to 32 bit value.
Fixes: 9b2b84973db7 ("Support for match & set ICMPv6 reserved and options type fields")
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: William Tu <u9012063 at gmail.com>
Acked-by: Ben Pfaff <blp at ovn.org>
Commit: d8c868999ddb0e953bf46d7e46db2aa7d1d8b976
https://github.com/openvswitch/ovs/commit/d8c868999ddb0e953bf46d7e46db2aa7d1d8b976
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/netdev-afxdp.c
Log Message:
-----------
netdev-afxdp: Fix umem creation failure due to uninitialized config.
Later version of 'struct xsk_umem_config' contains additional field
'flags'. OVS doesn't use that field passing uninitialized stack
memory to the 'xsk_umem__create()' call that could fail with
'Invalid argument' if 'flags' are non-zero or, even worse, create
umem with unexpected properties.
We need to clear the whole structure explicitly to avoid this kind
of issues.
Fixes: 0de1b425962d ("netdev-afxdp: add new netdev type for AF_XDP.")
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Signed-off-by: William Tu <u9012063 at gmail.com>
Commit: 5eefdd2151f61e752e1def4636b54705be2530f5
https://github.com/openvswitch/ovs/commit/5eefdd2151f61e752e1def4636b54705be2530f5
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/netdev-afxdp.c
Log Message:
-----------
netdev-afxdp: Update memory locking limits unconditionally.
Any type of AF_XDP socket in all modes implies creation of BPF map of
type BPF_MAP_TYPE_XSKMAP. This leads to BPF_MAP_CREATE syscall and
subsequently 'xsk_map_alloc()' function that will charge required
memory from the memlock limit and fail with EPERM if we're trying
to allocate more.
On my system with 64K bytes of max locked memory by default, OVS
frequently starts to fail after addition of 3rd afxdp port in SKB
mode:
netdev_afxdp|ERR|xsk_socket__create failed (Operation not permitted)
mode: SKB qid: 0
Fixes: 0de1b425962d ("netdev-afxdp: add new netdev type for AF_XDP.")
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Signed-off-by: William Tu <u9012063 at gmail.com>
Commit: e1c212d4abcade87a33e50467dbfaec88043421f
https://github.com/openvswitch/ovs/commit/e1c212d4abcade87a33e50467dbfaec88043421f
Author: Yifeng Sun <pkusunyifeng at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/dpif-netlink.c
Log Message:
-----------
dpif-netlink: Free leaked nl_sock
Valgrind reports:
20 bytes in 1 blocks are definitely lost in loss record 94 of 353
by 0x532594: xmalloc (util.c:138)
by 0x553EAD: nl_sock_create (netlink-socket.c:146)
by 0x54331D: create_nl_sock (dpif-netlink.c:255)
by 0x54331D: dpif_netlink_port_add__ (dpif-netlink.c:756)
by 0x5435F6: dpif_netlink_port_add_compat (dpif-netlink.c:876)
by 0x5435F6: dpif_netlink_port_add (dpif-netlink.c:922)
by 0x47EC1D: dpif_port_add (dpif.c:584)
by 0x42B35F: port_add (ofproto-dpif.c:3721)
by 0x41E64A: ofproto_port_add (ofproto.c:2032)
by 0x40B3FE: iface_do_create (bridge.c:1817)
by 0x40B3FE: iface_create (bridge.c:1855)
by 0x40B3FE: bridge_add_ports__ (bridge.c:943)
by 0x40D14A: bridge_add_ports (bridge.c:959)
by 0x40D14A: bridge_reconfigure (bridge.c:673)
by 0x410D75: bridge_run (bridge.c:3050)
by 0x407614: main (ovs-vswitchd.c:127)
This leak is because when vport_add_channel() returns 0, it is expected
to take the ownership of 'socksp'. This patch fixes this issue.
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: edec52b3f9703e62fa2ddcaefda6a95c064e514f
https://github.com/openvswitch/ovs/commit/edec52b3f9703e62fa2ddcaefda6a95c064e514f
Author: Numan Siddique <nusiddiq at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/jsonrpc-server.c
Log Message:
-----------
ovsdb-server: Don't drop all connections on read/write status change.
The commit [1] force drops all connections when the db read/write status changes.
Prior to the commit [1], when there was read/write status change, the existing
jsonrpc sessions with 'db_change_aware' set to true, were not updated with the
changed 'read_only' value. If the db status was changed to 'standby', the existing
clients could still write to the db.
In the case of pacemaker OVN HA, OVN OCF script 'start' action starts the
ovsdb-servers in read-only state and later, it sets to read-write in the
'promote' action. We have observed that if some ovn-controllers connect to
the SB ovsdb-server (in read-only state) just before the 'promote' action,
the connection is not reset all the times and these ovn-controllers remain connected
to the SB ovsdb-server in read-only state all the time. Even though
the commit [1] calls 'ovsdb_jsonrpc_server_reconnect()' with 'forced' flag
set to true when the db read/write status changes, somehow the FSM misses resetting
the connections of these ovn-controllers.
I think this needs to be addressed in the FSM. This patch doesn't address
this FSM issue. Instead it changes the behavior of 'ovsdb_jsonrpc_server_set_read_only()'
by setting the 'read_only' flag of all the jsonrpc sessions instead of forcefully
resetting the connection.
I think there is no need to reset the connection. In large scale production
deployements with OVN, this results in unnecessary waste of CPU cycles as ovn-controllers
will have to connect twice - once during 'start' action and again during 'promote'.
[1] - 2a9679e3b2c6("ovsdb-server: drop all connections on read/write status change")
Acked-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: c4d390340d1cc99c4eb0093fde9219a71cd796cd
https://github.com/openvswitch/ovs/commit/c4d390340d1cc99c4eb0093fde9219a71cd796cd
Author: Chris Mi <chrism at mellanox.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/netdev-offload-tc.c
M lib/tc.c
M lib/tc.h
Log Message:
-----------
tc: Limit the max action number to 16
Currently, ovs supports to offload max TCA_ACT_MAX_PRIO(32) actions.
But net sched api has a limit of 4K message size which is not enough
for 32 actions when echo flag is set.
After a lot of testing, we find that 16 actions is a reasonable number.
So in this commit, we introduced a new define to limit the max actions.
Fixes: 0c70132cd288("tc: Make the actions order consistent")
Signed-off-by: Chris Mi <chrism at mellanox.com>
Reviewed-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>
Commit: 8adb095339731a5d3bf5c240a9788562423e8288
https://github.com/openvswitch/ovs/commit/8adb095339731a5d3bf5c240a9788562423e8288
Author: Surya Rudra <rudrasurya.r at altencalsoftlabs.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ofproto/ofproto-dpif.c
M ofproto/ofproto.c
Log Message:
-----------
lldp: Fix for OVS crashes when a LLDP-enabled port is deleted
Issue:
When LLDP is enabled on a port, a structure to hold LLDP related state
is created and that structure has a reference to the port. The ofproto
monitor thread accesses the LLDP structure to periodically send packets
over the associated port. When the port is deleted, the LLDP structure
is not cleaned up and it continues to refer to the deleted port.
When the monitor thread attempts to access the deleted port OVS crashes.
Crash can happen with bridge delete and bond delete also.
Fix:
Remove all references to the LLDP structure and free it when
the port is deleted.
Signed-off-by: Surya Rudra <rudrasurya.r at altencalsoftlabs.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: dc47c85d434961bb2ccee6a8d5b1d6296914a8f0
https://github.com/openvswitch/ovs/commit/dc47c85d434961bb2ccee6a8d5b1d6296914a8f0
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M tests/system-userspace-packet-type-aware.at
Log Message:
-----------
tests: Fix indentation in userspace packet type aware test.
CC: Ben Pfaff <blp at ovn.org>
Fixes: 7be29a47576d ("ofproto-dpif: Remove tabs from output.")
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Ben Pfaff <blp at ovn.org>
Commit: a0f0049bd86a6cfdba1adc8b22c20c3c23112ba3
https://github.com/openvswitch/ovs/commit/a0f0049bd86a6cfdba1adc8b22c20c3c23112ba3
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/flow.c
M lib/flow.h
M tests/dpif-netdev.at
Log Message:
-----------
flow: Fix crash on vlan packets with partial offloading.
parse_tcp_flags() does not care about vlan tags in a packet thus
not able to parse them. As a result, if partial offloading is
enabled in userspace datapath vlan packets are not parsed, i.e.
has no initialized offsets. This causes OVS crash on any attempt
to access/modify packet header fields.
For example, having the flow with following actions:
in_port=1,ip,actions=mod_nw_src:192.168.0.7,output:IN_PORT
will lead to OVS crash on vlan packet handling:
Process terminating with default action of signal 11 (SIGSEGV)
Invalid read of size 4
at 0x785657: get_16aligned_be32 (unaligned.h:249)
by 0x785657: odp_set_ipv4 (odp-execute.c:82)
by 0x785657: odp_execute_masked_set_action (odp-execute.c:527)
by 0x785657: odp_execute_actions (odp-execute.c:894)
by 0x74CDA9: dp_netdev_execute_actions (dpif-netdev.c:7355)
by 0x74CDA9: packet_batch_per_flow_execute (dpif-netdev.c:6339)
by 0x74CDA9: dp_netdev_input__ (dpif-netdev.c:6845)
by 0x74DB6E: dp_netdev_input (dpif-netdev.c:6854)
by 0x74DB6E: dp_netdev_process_rxq_port (dpif-netdev.c:4287)
by 0x74E863: dpif_netdev_run (dpif-netdev.c:5264)
by 0x703F57: type_run (ofproto-dpif.c:370)
by 0x6EC8B8: ofproto_type_run (ofproto.c:1760)
by 0x6DA52B: bridge_run__ (bridge.c:3188)
by 0x6E083F: bridge_run (bridge.c:3252)
by 0x1642E4: main (ovs-vswitchd.c:127)
Address 0xc is not stack'd, malloc'd or (recently) free'd
Fix that by properly parsing vlan tags first. Function 'parse_dl_type'
transformed for that purpose as it had no users anyway.
Added unit test for packet modification with partial offloading that
triggers above crash.
Fixes: aab96ec4d81e ("dpif-netdev: retrieve flow directly from the flow mark")
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Ben Pfaff <blp at ovn.org>
Commit: 0804832b11ea5239940c26c1e35ee09d574fd3d6
https://github.com/openvswitch/ovs/commit/0804832b11ea5239940c26c1e35ee09d574fd3d6
Author: Damijan Skvarc <damjan.skvarc at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/file.c
Log Message:
-----------
ovsdb-server: fix memory leak while converting database
Memory leak happens while converting existing database into new
database according to the specified schema (ovsdb-client convert
new-schema). Memory leak was detected by valgrind while executing
functional test "schema conversion online - clustered"
==16202== 96 bytes in 6 blocks are definitely lost in loss record 326 of 399
==16202== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16202== by 0x44A5D4: xmalloc (util.c:138)
==16202== by 0x4377A6: alloc_default_atoms (ovsdb-data.c:315)
==16202== by 0x437F18: ovsdb_datum_init_default (ovsdb-data.c:918)
==16202== by 0x413D82: ovsdb_row_create (row.c:59)
==16202== by 0x40AA53: ovsdb_convert_table (file.c:220)
==16202== by 0x40AA53: ovsdb_convert (file.c:275)
==16202== by 0x416BE1: ovsdb_trigger_try (trigger.c:255)
==16202== by 0x40D29E: ovsdb_jsonrpc_trigger_create (jsonrpc-server.c:1119)
==16202== by 0x40D29E: ovsdb_jsonrpc_session_got_request (jsonrpc-server.c:986)
==16202== by 0x40D29E: ovsdb_jsonrpc_session_run (jsonrpc-server.c:556)
==16202== by 0x40D29E: ovsdb_jsonrpc_session_run_all (jsonrpc-server.c:586)
==16202== by 0x40D29E: ovsdb_jsonrpc_server_run (jsonrpc-server.c:401)
==16202== by 0x40682E: main_loop (ovsdb-server.c:209)
==16202== by 0x40682E: main (ovsdb-server.c:460)
The problem was in ovsdb_datum_convert() function, which overrides
pointers to datum memory allocated in ovsdb_row_create() function.
Fix was done by freeing this memory before ovsdb_datum_convert()
is called.
Signed-off-by: Damijan Skvarc <damjan.skvarc at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 1094e842947cd0512bdb28605551b0bda5aa3107
https://github.com/openvswitch/ovs/commit/1094e842947cd0512bdb28605551b0bda5aa3107
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/dpif-netdev.c
Log Message:
-----------
dpif-netdev: Do not mix recirculation depth into RSS hash itself.
Mixing of RSS hash with recirculation depth is useful for flow lookup
because same packet after recirculation should match with different
datapath rule. Setting of the mixed value back to the packet is
completely unnecessary because recirculation depth is different on
each recirculation, i.e. we will have different packet hash for
flow lookup anyway.
This should fix the issue that packets from the same flow could be
directed to different buckets based on a dp_hash or different ports of
a balanced bonding in case they were recirculated different number of
times (e.g. due to conntrack rules).
With this change, the original RSS hash will remain the same making
it possible to calculate equal dp_hash values for such packets.
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2019-September/363127.html
Fixes: 048963aa8507 ("dpif-netdev: Reset RSS hash when recirculating.")
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Jan Scheurich <jan.scheurich at ericsson.com>
Commit: adafa16f8da640cecd5a0f0063a88915508b78d4
https://github.com/openvswitch/ovs/commit/adafa16f8da640cecd5a0f0063a88915508b78d4
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/dpif-netdev.c
Log Message:
-----------
dpif-netdev: Fix time delta overflow in case of race for meter lock.
There is a race window between getting the time and getting the meter
lock. This could lead to situation where the thread with larger
current time (this thread called time_{um}sec() later than others)
will acquire meter lock first and update meter->used to the large
value. Next threads will try to calculate time delta by subtracting
the large meter->used from their lower time getting the negative value
which will be converted to a big unsigned delta.
Fix that by assuming that all these threads received packets in the
same time in this case, i.e. dropping negative delta to 0.
CC: Jarno Rajahalme <jarno at ovn.org>
Fixes: 4b27db644a8c ("dpif-netdev: Simple DROP meter implementation.")
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2019-September/363126.html
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: William Tu <u9012063 at gmail.com>
Commit: bdedd6b9655de3cf430e115205de227a168e85ad
https://github.com/openvswitch/ovs/commit/bdedd6b9655de3cf430e115205de227a168e85ad
Author: Roi Dayan <roid at mellanox.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M rhel/openvswitch-fedora.spec.in
Log Message:
-----------
rhel: openvswitch-fedora.spec.in: Fix output redirect to null device
Add missing slash.
Fixes: 0447019df7c6 ("fedora-spec: added systemd post/postun/pre/preun sections")
Signed-off-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>
Commit: b52b04005bb2564e6bf40c759810e50517e14af2
https://github.com/openvswitch/ovs/commit/b52b04005bb2564e6bf40c759810e50517e14af2
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/controller/lflow.c
M ovn/controller/lflow.h
Log Message:
-----------
lflow.c: Fix memory leak of lflow_ref_list_node->ref_name.
The ref_name is copied in lflow_resource_add(), but forgot to free in
lflow_resource_destroy_lflow(). It can be fixed by freeing it in
lflow_resource_destroy_lflow(). However, this field is never really
used, so just delete it from lflow_ref_list_node, together with the
"type" field.
Fixes: 43e6900a7991 ("ovn-controller: Maintain resource references for logical flows.")
Acked-by: Numan Siddique <numans at ovn.org>
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 65c763ca15c06088525a43d8786779f4496ca9c5
https://github.com/openvswitch/ovs/commit/65c763ca15c06088525a43d8786779f4496ca9c5
Author: Ben Pfaff <blp at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/netdev-dummy.c
M lib/netdev-offload-dpdk.c
M lib/netdev-offload-tc.c
Log Message:
-----------
Avoid indeterminate statistics in offload implementations.
A lot of the offload implementations didn't bother to initialize the
statistics they were supposed to return. I don't know whether any of
the callers actually use them, but it looked wrong.
Found by inspection.
Acked-by: Ilya Maximets <i.maximets at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: ff9c4a72377286400ecd71fd1a83f3d7bd7815cf
https://github.com/openvswitch/ovs/commit/ff9c4a72377286400ecd71fd1a83f3d7bd7815cf
Author: Dmytro Linkin <dmitrolin at mellanox.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/netdev-offload-tc.c
Log Message:
-----------
lib/tc: Fix flow dump for tunnel id equal zero
Tunnel id 0 is not printed unless tunnel flag FLOW_TNL_F_KEY is set.
Fix that by always setting FLOW_TNL_F_KEY when tunnel id is valid.
Fixes: 0227bf092ee6 ("lib/tc: Support optional tunnel id")
Signed-off-by: Dmytro Linkin <dmitrolin at mellanox.com>
Reviewed-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>
Commit: dd9626a2d6c3ca80bdd7869410482259ca7776c5
https://github.com/openvswitch/ovs/commit/dd9626a2d6c3ca80bdd7869410482259ca7776c5
Author: Tomasz Konieczny <tomaszx.konieczny at intel.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/netdev-dpdk.c
Log Message:
-----------
netdev-dpdk: Fix flow control not configuring.
Currently OVS is unable to change flow control configuration in DPDK
because new settings are being overwritten by current settings with
rte_eth_dev_flow_ctrl_get(). The fix restores correct order of
operations and at the same time does not trigger error on devices
without flow control support when flow control not requested.
Fixes: 7e1de65e8dfb ("netdev-dpdk: Fix failure to configure flow control at netdev-init.")
Signed-off-by: Tomasz Konieczny <tomaszx.konieczny at intel.com>
Co-authored-by: Ilya Maximets <i.maximets at ovn.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: 19d1055164cd2261fb68741b2f34abe8cd251d7b
https://github.com/openvswitch/ovs/commit/19d1055164cd2261fb68741b2f34abe8cd251d7b
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M vswitchd/vswitch.xml
Log Message:
-----------
vswitch.xml: Fix column for xdpmode.
'xdpmode' is part of 'options', not the 'other_config'.
CC: William Tu <u9012063 at gmail.com>
Fixes: 0de1b425962d ("netdev-afxdp: add new netdev type for AF_XDP.")
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Ben Pfaff <blp at ovn.org>
Signed-off-by: William Tu <u9012063 at gmail.com>
Commit: 1fce4cad8824076da76bf94c8c2b628b7a8e3177
https://github.com/openvswitch/ovs/commit/1fce4cad8824076da76bf94c8c2b628b7a8e3177
Author: Roi Dayan <roid at mellanox.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M acinclude.m4
M include/linux/pkt_cls.h
Log Message:
-----------
compat: Add compat fix for old kernels
In kernels older than 4.8, struct tcf_t didn't have the firstuse.
If openvswitch is compiled with the compat pkt_cls.h then there is
a struct size mismatch between openvswitch and the kernel which cause
parsing netlink actions to fail.
After this commit parsing the netlink actions pass even if compiled with
the compat pkt_cls.h.
Signed-off-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>
Commit: 9f9d8b2161b5140d07c004c7e054f31edf0c635b
https://github.com/openvswitch/ovs/commit/9f9d8b2161b5140d07c004c7e054f31edf0c635b
Author: Yifeng Sun <pkusunyifeng at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M rhel/usr_share_openvswitch_scripts_ovs-kmod-manage.sh
Log Message:
-----------
rhel: Fix ovs-kmod-manage.sh that may create invalid soft links
Current code iterates every kernel under '/lib/modules' for a matched
version. As a result, this script may create invalid soft links if the
matched kernel doesn't have openvswitch-kmod RPM installed.
This patch fixes it.
VMWare-BZ: #2257534
Fixes: c3570519 ("rhel: add 4.4 kernel in kmod build with mulitple versions, fedora")
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Acked-by: Yi-Hung Wei <yihung.wei at gmail.com>
Signed-off-by: William Tu <u9012063 at gmail.com>
Commit: e483d8cdddbab202236806eacea97c781c788ffd
https://github.com/openvswitch/ovs/commit/e483d8cdddbab202236806eacea97c781c788ffd
Author: Damijan Skvarc <damjan.skvarc at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/mutation.c
Log Message:
-----------
ovsdb-server: fix memory leak while deleting zone
memory leak was detected by valgrind during execution
of "database commands -- positive checks" test.
leaked memory was allocated in ovsdb_execute_mutate() function
while parsing mutations from the apparent json entity:
==19563== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19563== by 0x4652D0: xmalloc (util.c:138)
==19563== by 0x46539E: xmemdup0 (util.c:168)
==19563== by 0x4653F7: xstrdup (util.c:177)
==19563== by 0x450379: ovsdb_base_type_clone (ovsdb-types.c:208)
==19563== by 0x450F8D: ovsdb_type_clone (ovsdb-types.c:550)
==19563== by 0x428C3F: ovsdb_mutation_from_json (mutation.c:108)
==19563== by 0x428F6B: ovsdb_mutation_set_from_json (mutation.c:187)
==19563== by 0x42578D: ovsdb_execute_mutate (execution.c:573)
==19563== by 0x4246B0: ovsdb_execute_compose (execution.c:171)
==19563== by 0x41CDE5: ovsdb_trigger_try (trigger.c:204)
==19563== by 0x41C8DF: ovsdb_trigger_init (trigger.c:61)
==19563== by 0x40E93C: ovsdb_jsonrpc_trigger_create (jsonrpc-server.c:1135)
==19563== by 0x40E20C: ovsdb_jsonrpc_session_got_request (jsonrpc-server.c:1002)
==19563== by 0x40D1C2: ovsdb_jsonrpc_session_run (jsonrpc-server.c:561)
==19563== by 0x40D31E: ovsdb_jsonrpc_session_run_all (jsonrpc-server.c:591)
==19563== by 0x40CD6E: ovsdb_jsonrpc_server_run (jsonrpc-server.c:406)
==19563== by 0x40627E: main_loop (ovsdb-server.c:209)
==19563== by 0x406E66: main (ovsdb-server.c:460)
This memory is usually freed at the end of ovsdb_execute_mutate()
however in the aforementioned test case this does not happen. Namely
in case of delete mutator and in case of error while calling ovsdb_datum_from_json()
apparent mutation was marked as invalid, what prevents freeing problematic memory.
Memory leak can be reproduced quickly with the following command sequence:
ovs-vsctl --no-wait -vreconnect:emer add-zone-tp netdev zone=1 icmp_first=1 icmp_reply=2
ovs-vsctl --no-wait -vreconnect:emer del-zone-tp netdev zone=1
Signed-off-by: Damijan Skvarc <damjan.skvarc at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 365986121c6eba0148b46b9990f0f42bd2db3ea2
https://github.com/openvswitch/ovs/commit/365986121c6eba0148b46b9990f0f42bd2db3ea2
Author: Mark Michelson <mmichels at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/northd/ovn-northd.c
Log Message:
-----------
ovn: Prevent erroneous duplicate IP address messages.
This is a backport to OVS 2.12 of OVN master commit 21c29d5b0c.
When using dynamic address assignment for logical switches, OVN reserves
the first address in the subnet for the attached router port to use.
In commit 488d153ee87841c042af05bc0eb8b5481aaa98cf, the IPAM code was
modified to add assigned router port addresses to IPAM. The use case for
this was when a switch was joined to multiple routers, and all router
addresses were dynamically assigned.
However, that commit also made it so that when a router rightly claimed
the first address in the subnet, ovn-northd would issue a warning about
a duplicate IP address being set. This change fixes the issue by adding
a special case so that we don't add the router's IP address to IPAM if
it is the first address in the subnet. This prevents the warning message
from appearing.
Signed-off-by: Mark Michelson <mmichels at redhat.com>
Acked-by: Numan Siddique <nusiddiq at redhat.com>
Acked-by: Han ZHou <hzhou8 at ebay.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 4a7d52632b17cfca33c80a3bf2b3f230749de934
https://github.com/openvswitch/ovs/commit/4a7d52632b17cfca33c80a3bf2b3f230749de934
Author: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/jsonrpc.c
Log Message:
-----------
jsonrpc: increase input buffer size from 512 to 4096
Increase jsonrpc input buffer size from 512 to 4096 bytes in order to
reduce the syscall overhead when downloading huge db size
Acked-by: Mark Michelson <mmichels at redhat.com>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 691d1dc9893952499fdfab2fda9c4c40a7c373d4
https://github.com/openvswitch/ovs/commit/691d1dc9893952499fdfab2fda9c4c40a7c373d4
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/raft-rpc.c
M ovsdb/raft.c
M tests/ovsdb-cluster.at
Log Message:
-----------
ovsdb raft: Fix election timer parsing in snapshot RPC.
Commit a76ba825 took care of saving and restoring election timer in
file header snapshot, but it didn't handle the parsing of election
timer in install_snapshot_request/reply RPC, which results in problems,
e.g. when election timer change log is compacted in snapshot and then a
new node join the cluster, the new node will use the default timer
instead of the new value. This patch fixed it by parsing election
timer in snapshot RPC.
At the same time the patch updates the test case to cover the DB compact and
join senario. The test reveals another 2 problems related to clustered DB
compact, as commented in the test case's XXX, which need to be addressed
separately.
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 2f40b7cdd805b6f0260b68ea69ad5c81e1dcacdf
https://github.com/openvswitch/ovs/commit/2f40b7cdd805b6f0260b68ea69ad5c81e1dcacdf
Author: Li RongQing <lirongqing at baidu.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/ipf.c
Log Message:
-----------
ipf: bail out when ipf state is COMPLETED
it is easy to crash ovs when a packet with same id
hits a list that already reassembled completedly
but have not been sent out yet, and this packet is
not duplicate with this hit ipf list due to bigger
offset
1 0x00007f9fef0ae2d9 in __GI_abort () at abort.c:89
2 0x0000000000464042 in ipf_list_state_transition at lib/ipf.c:545
Fixes: 4ea96698f667 ("Userspace datapath: Add fragmentation handling.")
Co-authored-by: Wang Li <wangli39 at baidu.com>
Signed-off-by: Wang Li <wangli39 at baidu.com>
Signed-off-by: Li RongQing <lirongqing at baidu.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 095509163cd1c9ddc5530f6df130cf7094b1c5d3
https://github.com/openvswitch/ovs/commit/095509163cd1c9ddc5530f6df130cf7094b1c5d3
Author: Flavio Leitner <fbl at sysclose.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/odp-util.c
M lib/odp-util.h
M ofproto/ofproto-dpif.c
M tests/test-odp.c
Log Message:
-----------
ofproto-dpif: Allow IPv6 ND Extensions only if supported
The IPv6 ND Extensions is only implemented in userspace datapath,
but nothing prevents that to be used with other datapaths.
This patch probes the datapath and only allows if the support
is available.
Fixes: 9b2b84973 ("Support for match & set ICMPv6 reserved and options type fields")
Acked-by: Eelco Chaudron <echaudro at redhat.com>
Acked-by: Aaron Conole <aconole at redhat.com>
Signed-off-by: Flavio Leitner <fbl at sysclose.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 61e43becafccbfa53df959c86a95cfd6d637af8b
https://github.com/openvswitch/ovs/commit/61e43becafccbfa53df959c86a95cfd6d637af8b
Author: Zhike Wang <wangzk320 at 163.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/flow.c
Log Message:
-----------
flow: Fix IPv6 header parser with partial offloading.
Set nw_proto before it is used in parse_ipv6_ext_hdrs__().
Signed-off-by: Zhike Wang <wangzk320 at 163.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: a78c4af161cc9edc0f9e215c20e65ac403d51ab4
https://github.com/openvswitch/ovs/commit/a78c4af161cc9edc0f9e215c20e65ac403d51ab4
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ofproto/ofproto-dpif.c
M ofproto/ofproto-provider.h
M ofproto/ofproto.c
Log Message:
-----------
ofproto: Fix crash on PACKET_OUT due to recursive locking after upcall.
Handling of OpenFlow PACKET_OUT implies pushing the packet through
the datapath and packet processing inside the datapath could trigger
an upcall. In case of system datapath, 'dpif_execute()' sends packet
to the kernel module and returns. If any, upcall will be triggered
inside the kernel and handled by a separate thread in userspace.
But in case of userspace datapath full processing of the packet happens
inside the 'dpif_execute()' in the same thread that handled PACKET_OUT.
This causes an issue if upcall will lead to modification of flow rules.
For example, it could happen while processing of 'learn' actions.
Since whole handling of PACKET_OUT is protected by 'ofproto_mutex',
OVS will assert on attempt to take it recursively while processing
'learn' actions:
0 __GI_raise (sig=sig at entry=6)
1 __GI_abort ()
2 ovs_abort_valist ()
3 ovs_abort ()
4 ovs_mutex_lock_at (where=where at entry=0xad4199 "ofproto/ofproto.c:5391")
<Trying to acquire ofproto_mutex again>
5 ofproto_flow_mod_learn () at ofproto/ofproto.c:5391
<Trying to modify flows according to 'learn' action>
6 xlate_learn_action () at ofproto/ofproto-dpif-xlate.c:5378
<'learn' action found>
7 do_xlate_actions () at ofproto/ofproto-dpif-xlate.c:6893
8 xlate_recursively () at ofproto/ofproto-dpif-xlate.c:4233
9 xlate_table_action () at ofproto/ofproto-dpif-xlate.c:4361
10 in xlate_ofpact_resubmit () at ofproto/ofproto-dpif-xlate.c:4672
11 do_xlate_actions () at ofproto/ofproto-dpif-xlate.c:6773
12 xlate_actions () at ofproto/ofproto-dpif-xlate.c:7570
<Translating actions>
13 upcall_xlate () at ofproto/ofproto-dpif-upcall.c:1197
14 process_upcall () at ofproto/ofproto-dpif-upcall.c:1413
15 upcall_cb () at ofproto/ofproto-dpif-upcall.c:1315
16 dp_netdev_upcall (DPIF_UC_MISS) at lib/dpif-netdev.c:6236
<Flow cache miss. Making upcall>
17 handle_packet_upcall () at lib/dpif-netdev.c:6591
18 fast_path_processing () at lib/dpif-netdev.c:6709
19 dp_netdev_input__ () at lib/dpif-netdev.c:6797
20 dp_netdev_recirculate () at lib/dpif-netdev.c:6842
21 dp_execute_cb () at lib/dpif-netdev.c:7158
22 odp_execute_actions () at lib/odp-execute.c:794
23 dp_netdev_execute_actions () at lib/dpif-netdev.c:7332
24 dpif_netdev_execute () at lib/dpif-netdev.c:3725
25 dpif_netdev_operate () at lib/dpif-netdev.c:3756
<Packet pushed to userspace datapath for processing>
26 dpif_operate () at lib/dpif.c:1367
27 dpif_execute () at lib/dpif.c:1321
28 packet_execute () at ofproto/ofproto-dpif.c:4760
29 ofproto_packet_out_finish () at ofproto/ofproto.c:3594
<Taking ofproto_mutex>
30 handle_packet_out () at ofproto/ofproto.c:3635
31 handle_single_part_openflow (OFPTYPE_PACKET_OUT) at ofproto/ofproto.c:8400
32 handle_openflow () at ofproto/ofproto.c:8587
33 ofconn_run ()
34 connmgr_run ()
35 ofproto_run ()
36 bridge_run__ ()
37 bridge_run ()
38 main ()
Fix that by splitting the 'ofproto_packet_out_finish()' in two parts.
First one that translates side-effects and requires holding 'ofproto_mutex'
and the second that only pushes packet to datapath. The second part moved
out of 'ofproto_mutex' because 'ofproto_mutex' is not required and actually
should not be taken in order to avoid recursive locking.
Reported-by: Anil Kumar Koli <anilkumar.k at altencalsoftlabs.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2019-April/048494.html
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Ben Pfaff <blp at ovn.org>
Commit: de3aef9eaa0e748a354732c4524ca88a11092dcb
https://github.com/openvswitch/ovs/commit/de3aef9eaa0e748a354732c4524ca88a11092dcb
Author: Ian Stokes <ian.stokes at intel.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M .travis/linux-build.sh
M Documentation/faq/releases.rst
M Documentation/intro/install/dpdk.rst
M Documentation/topics/dpdk/vhost-user.rst
M NEWS
Log Message:
-----------
dpdk: Use DPDK 18.11.5 release.
Modify travis linux build script to use the latest DPDK stable release
18.11.5. Update docs for latest DPDK stable releases.
Signed-off-by: Ian Stokes <ian.stokes at intel.com>
Acked-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Kevin Traynor <ktraynor at redhat.com>
Commit: e33616b7df8f90612afd9cf0dfd18c1ce5722f65
https://github.com/openvswitch/ovs/commit/e33616b7df8f90612afd9cf0dfd18c1ce5722f65
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/dp-packet.c
M lib/dp-packet.h
Log Message:
-----------
dp-packet: Fix clearing/copying of memory layout flags.
'ol_flags' of DPDK mbuf could contain bits responsible for external
or indirect buffers which are not actually offload flags in a common
sense. Clearing/copying of these flags could lead to memory leaks of
external memory chunks and crashes due to access to wrong memory.
OVS should not clear these flags while resetting offloads and also
should not copy them to the newly allocated packets.
This change is required to support DPDK 19.11, as some drivers may
return mbufs with these flags set. However, it might be good to do
the same for DPDK 18.11, because these flags are present and should
be taken into account.
Fixes: 03f3f9c0faf8 ("dpdk: Update to use DPDK 18.11.")
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Reviewed-by: David Marchand <david.marchand at redhat.com>
Acked-by: Ben Pfaff <blp at ovn.org>
Acked-by: Kevin Traynor <ktraynor at redhat.com>
Commit: d4a5710e72c1860ccf896a97af6c37e3a1dfcbbf
https://github.com/openvswitch/ovs/commit/d4a5710e72c1860ccf896a97af6c37e3a1dfcbbf
Author: Yifeng Sun <pkusunyifeng at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M rhel/openvswitch-kmod-fedora.spec.in
M rhel/usr_share_openvswitch_scripts_ovs-kmod-manage.sh
Log Message:
-----------
rhel: Support RHEL7.7 build and packaging
This patch provides essential fixes for OVS to support
RHEL7.7's new kernel.
make rpm-fedora-kmod \
RPMBUILD_OPT='-D "kversion 3.10.0-1062.1.2.el7.x86_64"'
Tested-by: Greg Rose <gvrose8192 at gmail.com>
Reviewed-by: Greg Rose <gvrose8192 at gmail.com>
Signed-off-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: ae15413897c7cc04c7895ae69ea0939acb9810f1
https://github.com/openvswitch/ovs/commit/ae15413897c7cc04c7895ae69ea0939acb9810f1
Author: Linhaifeng <haifeng.lin at huawei.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ofproto/ofproto-dpif-upcall.c
Log Message:
-----------
ofproto: fix stack-buffer-overflow
Should use flow->actions not &flow->actions.
here is ASAN report:
=================================================================
==57189==ERROR: AddressSanitizer: stack-buffer-overflow on address 0xffff428fa0e8 at pc 0xffff7f61a520 bp 0xffff428f9420 sp 0xffff428f9498 READ of size 196 at 0xffff428fa0e8 thread T150 (revalidator22)
#0 0xffff7f61a51f in __interceptor_memcpy (/lib64/libasan.so.4+0xa251f)
#1 0xaaaad26a3b2b in ofpbuf_put lib/ofpbuf.c:426
#2 0xaaaad26a30cb in ofpbuf_clone_data_with_headroom lib/ofpbuf.c:248
#3 0xaaaad26a2e77 in ofpbuf_clone_with_headroom lib/ofpbuf.c:218
#4 0xaaaad26a2dc3 in ofpbuf_clone lib/ofpbuf.c:208
#5 0xaaaad23e3993 in ukey_set_actions ofproto/ofproto-dpif-upcall.c:1640
#6 0xaaaad23e3f03 in ukey_create__ ofproto/ofproto-dpif-upcall.c:1696
#7 0xaaaad23e553f in ukey_create_from_dpif_flow ofproto/ofproto-dpif-upcall.c:1806
#8 0xaaaad23e65fb in ukey_acquire ofproto/ofproto-dpif-upcall.c:1984
#9 0xaaaad23eb583 in revalidate ofproto/ofproto-dpif-upcall.c:2625
#10 0xaaaad23dee5f in udpif_revalidator ofproto/ofproto-dpif-upcall.c:1076
#11 0xaaaad26b84ef in ovsthread_wrapper lib/ovs-thread.c:708
#12 0xffff7e74a8bb in start_thread (/lib64/libpthread.so.0+0x78bb)
#13 0xffff7e0665cb in thread_start (/lib64/libc.so.6+0xd55cb)
Address 0xffff428fa0e8 is located in stack of thread T150 (revalidator22) at offset 328 in frame
#0 0xaaaad23e4cab in ukey_create_from_dpif_flow ofproto/ofproto-dpif-upcall.c:1762
This frame has 4 object(s):
[32, 96) 'actions'
[128, 192) 'buf'
[224, 328) 'full_flow'
[384, 2432) 'stub' <== Memory access at offset 328 partially underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported) Thread T150 (revalidator22) created by T0 here:
#0 0xffff7f5b0f7f in __interceptor_pthread_create (/lib64/libasan.so.4+0x38f7f)
#1 0xaaaad26b891f in ovs_thread_create lib/ovs-thread.c:792
#2 0xaaaad23dc62f in udpif_start_threads ofproto/ofproto-dpif-upcall.c:639
#3 0xaaaad23daf87 in ofproto_set_flow_table ofproto/ofproto-dpif-upcall.c:446
#4 0xaaaad230ff7f in dpdk_evs_cfg_set vswitchd/bridge.c:1134
#5 0xaaaad2310097 in bridge_reconfigure vswitchd/bridge.c:1148
#6 0xaaaad23279d7 in bridge_run vswitchd/bridge.c:3944
#7 0xaaaad23365a3 in main vswitchd/ovs-vswitchd.c:240
#8 0xffff7dfb1adf in __libc_start_main (/lib64/libc.so.6+0x20adf)
#9 0xaaaad230a3d3 (/usr/sbin/ovs-vswitchd-2.7.0-1.1.RC5.001.asan+0x26f3d3)
SUMMARY: AddressSanitizer: stack-buffer-overflow (/lib64/libasan.so.4+0xa251f) in __interceptor_memcpy Shadow bytes around the buggy address:
0x200fe851f3c0: 00 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 00 00 00 00
0x200fe851f3d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200fe851f3e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200fe851f3f0: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00
0x200fe851f400: f2 f2 f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 f2 f2 f2 f2
=>0x200fe851f410: 00 00 00 00 00 00 00 00 00 00 00 00 00[f2]f2 f2
0x200fe851f420: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00
0x200fe851f430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200fe851f440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200fe851f450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x200fe851f460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==57189==ABORTING
Acked-by: Numan Siddique <numans at ovn.org>
Signed-off-by: Linhaifeng <haifeng.lin at huawei.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: f2b0070eb42b8578b04f933e606bf5ce91e4915e
https://github.com/openvswitch/ovs/commit/f2b0070eb42b8578b04f933e606bf5ce91e4915e
Author: David Marchand <david.marchand at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M include/sparse/automake.mk
R include/sparse/rte_flow.h
Log Message:
-----------
sparse: Get rid of obsolete rte_flow header.
This header had been copied to cope with issues on the dpdk side.
Now that the problems have been fixed [1], let's drop this file as it is
now out of sync with dpdk.
1: https://git.dpdk.org/dpdk/commit/?id=fbb25a3878cc
Signed-off-by: David Marchand <david.marchand at redhat.com>
Signed-off-by: Ian Stokes <ian.stokes at intel.com>
Commit: e065a1db95602ae081ec4a3bcc078ac809c212e2
https://github.com/openvswitch/ovs/commit/e065a1db95602ae081ec4a3bcc078ac809c212e2
Author: Ben Pfaff <blp at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ofproto/ofproto-dpif-xlate.c
Log Message:
-----------
ofproto-dpif-xlate: Restore table ID on error in xlate_table_action().
Found by inspection.
Acked-by: Yi-Hung Wei <yihung.wei at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 72cd9170ddede438934b721e941d87243b55a40a
https://github.com/openvswitch/ovs/commit/72cd9170ddede438934b721e941d87243b55a40a
Author: Dumitru Ceara <dceara at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M include/ovn/expr.h
M ovn/controller/lflow.c
M ovn/lib/actions.c
M ovn/lib/expr.c
M ovn/utilities/ovn-trace.c
M tests/test-ovn.c
Log Message:
-----------
ovn-controller: Add missing port group lflow references.
The commit that adds incremental processing for port-group changes
doesn't store logical flow references for port groups. If a port group
is updated (e.g., a port is added) no logical flow recalculation will be
performed.
To fix this, when parsing the flow expression also store the referenced
port groups and bind them to the logical flows that depend on them. If
the port group is updated then the logical flows referring them will
also be reinstalled.
(cherry picked from ovn commit bbcac48d443e98cbe47d3941f7e192c9c3443cb5)
Reported-by: Daniel Alvarez <dalvarez at redhat.com>
Reported-at: https://bugzilla.redhat.com/1778164
CC: Han Zhou <hzhou at ovn.org>
Fixes: 978f5e90af0a ("ovn-controller: Incremental processing for port-group changes.")
Tested-By: Daniel Alvarez <dalvarez at redhat.com>
Signed-off-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 9f7557c93d8a6c6b8e99ae340ddfc90b1ecfd671
https://github.com/openvswitch/ovs/commit/9f7557c93d8a6c6b8e99ae340ddfc90b1ecfd671
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M .cirrus.yml
Log Message:
-----------
cirrus: Use latest stable FreeBSD images.
CirrusCI recently introduced [1] new feature to use image families
instead of bare image names for gCloud based instances.
This allows us to use most recent stable builds. All the stable builds
are in the same image family in gCloud and it will run instances using
the most recent one.
This also allows us to simply use 11.3 image instead of 11.2. There
was no such ability previously, because base freebsd-11-3-release-amd64
image has issues[2] that doesn't allow CirrusCI to use it. However,
later stable 11.3 images from freebsd-11-3-snap family works fine.
[1] https://github.com/cirruslabs/cirrus-ci-docs/issues/422
[2] https://github.com/cirruslabs/cirrus-ci-docs/issues/359
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Aaron Conole <aconole at redhat.com>
Commit: 2934ebf903ab7fbc660cde00acab4ec5e91674d7
https://github.com/openvswitch/ovs/commit/2934ebf903ab7fbc660cde00acab4ec5e91674d7
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M .cirrus.yml
Log Message:
-----------
cirrus: Use FreeBSD 12.1 stable release.
freebsd-12-0-snap image family suddenly removed from the gCloud,
so can not be used anymore. Updating to more recent 12.1 releases.
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Ben Pfaff <blp at ovn.org>
Commit: 41872ac75ad4a7b4fceb75780458480cadbefa5c
https://github.com/openvswitch/ovs/commit/41872ac75ad4a7b4fceb75780458480cadbefa5c
Author: Yi-Hung Wei <yihung.wei at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M rhel/openvswitch-kmod-fedora.spec.in
M rhel/usr_share_openvswitch_scripts_ovs-kmod-manage.sh
Log Message:
-----------
rhel: Support RHEL 7.8 kernel module rpm build
This patch supports RHEL 7.8 kernel module rpm package building.
$ make rpm-fedora-kmod \
RPMBUILD_OPT='-D "kversion 3.10.0-1101.el7.x86_64"'
Signed-off-by: Yi-Hung Wei <yihung.wei at gmail.com>
Reviewed-by: Yifeng Sun <pkusunyifeng at gmail.com>
Signed-off-by: William Tu <u9012063 at gmail.com>
Commit: 5b7867f3ee07a8a60ed28d5277586637f2281305
https://github.com/openvswitch/ovs/commit/5b7867f3ee07a8a60ed28d5277586637f2281305
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/dpif-netdev.c
Log Message:
-----------
dpif-netdev: Avoid infinite re-addition of misconfigured ports.
Infinite re-addition of failed ports happens if the device in userspace
datapath has a linux network interface and it's not able to be
configured. For example, if the first reconfiguration fails because of
misconfiguration or bad initial device state.
In current code victims are afxdp ports and the Mellanox NIC ports
opened by the DPDK due to their bifurcated drivers (It's unlikely for
usual netdev-linux ports to fail).
The root cause: Every change in the state of the network interface
of a linux kernel device generates if-notifier event and if-notifier
event triggers the OVS code to re-apply the configuration of ports,
i.e. add broken ports back. The most obvious part is that dpif-netdev
changes the device flags before trying to configure it:
1. add_port()
2. set_flags() --> if-notifier event
3. reconfigure() --> port removal from the datapath due to
misconfiguration or any other issue in
the underlying device.
4. setting flags back --> another if-notifier event.
5. There was new if-notifier event?
yes --> re-apply all settings. --> goto step 1.
Easy way to reproduce is to add afxdp port with n_rxq=N, where N is
bigger than device supports.
This patch fixes the most obvious case for this issue by moving
enabling of a promisc mode later to the place where we already know
that device could be added to datapath without errors, i.e. after
its first successful reconfiguration.
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2019-September/363038.html
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: William Tu <u9012063 at gmail.com>
Commit: 88109ead880decb0fa590fb1079f04e7302d6272
https://github.com/openvswitch/ovs/commit/88109ead880decb0fa590fb1079f04e7302d6272
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/netdev-afxdp.c
Log Message:
-----------
netdev-afxdp: Avoid removing of XDP program if not loaded.
'bpf_set_link_xdp_fd' generates netlink event regardless of actual
changes it does, so if-notifier will receive link update even if
there was no XDP program previously loaded on the interface.
OVS tries to remove XDP program if device configuration was not
successful triggering if-notifier that triggers bridge reconfiguration
and another attempt to add failed port. And so on in the infinite
loop.
This patch avoids the issue by not removing XDP program if it wasn't
loaded. Since loading of the XDP program is one of the last steps
of port configuration, this should help to avoid infinite re-addition
for most types of misconfiguration.
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: William Tu <u9012063 at gmail.com>
Commit: 795e1434879a9e217b5162c29a13826c878cb105
https://github.com/openvswitch/ovs/commit/795e1434879a9e217b5162c29a13826c878cb105
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M tests/automake.mk
M tests/system-afxdp-testsuite.at
A tests/system-afxdp.at
Log Message:
-----------
system-afxdp.at: Add test for infinite re-addition of failed ports.
New file created for AF_XDP specific tests.
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: William Tu <u9012063 at gmail.com>
Commit: 9a731d0788289c7b91f221b814d1309f40c1bb7b
https://github.com/openvswitch/ovs/commit/9a731d0788289c7b91f221b814d1309f40c1bb7b
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M tests/ovsdb-cluster.at
Log Message:
-----------
ovsdb-cluster.at: Wait until leader is elected before DB compact.
In test case "election timer change", before testing DB compact,
we had to insert some data. Otherwise, inserting data after DB
compact will cause busy loop as mentioned in the XXX comment.
The root cause of the busy loop is still not clear, but the test
itself didn't wait until the leader election finish before initiating
DB compact. This patch adds the wait to make sure the test continue
after leader is elected so that the following tests are based on
a clean state. While this wait is added, the busy loop problem is
gone even without inserting the data, so the additional data insertion
is also removed by this patch.
A separate patch will address the busy loop problem in the scenario:
1. Restart cluster
2. DB compact before the cluster is ready
3. Insert data
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 9faa86b8b156c3f9d50867604cd82c9edfbd2faa
https://github.com/openvswitch/ovs/commit/9faa86b8b156c3f9d50867604cd82c9edfbd2faa
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/raft.c
M tests/ovsdb-cluster.at
Log Message:
-----------
ovsdb raft: Fix the problem when cluster restarted after DB compaction.
Cluster doesn't work after all nodes restarted after DB compaction,
unless there is any transaction after DB compaction before the restart.
Error log is like:
raft|ERR|internal error: deferred vote_request message completed but not ready
to send because message index 9 is past last synced index 0: s2 vote_request:
term=6 last_log_index=9 last_log_term=4
The root cause is that the log_synced member is not initialized when
reading the raft header. This patch fixes it and remove the XXX
from the test case.
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: cd9f98673db28d093ceedcb19913128580efae71
https://github.com/openvswitch/ovs/commit/cd9f98673db28d093ceedcb19913128580efae71
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/controller/ovn-controller.c
Log Message:
-----------
ovn-controller.c: Refactor meter-table-list and meter-group-list commands.
Remove redundant code.
Acked-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: bce51dfdf32bab70f1c6e18614c978a75908a773
https://github.com/openvswitch/ovs/commit/bce51dfdf32bab70f1c6e18614c978a75908a773
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/controller/ovn-controller.c
M tests/ovn.at
Log Message:
-----------
ovn-controller: Fix meter-table-list and group-table-list commands.
These commands are supposed to print existing items of the tables,
but they actually print only items that is in existing table but not
in desired table, which is useless because this would print nothing
in normal conditions. The patch fixes it so that they behave as
what the document says.
Acked-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 2b86f82260aa725fea53cf377b95081e47c0cbed
https://github.com/openvswitch/ovs/commit/2b86f82260aa725fea53cf377b95081e47c0cbed
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/lib/extend-table.c
Log Message:
-----------
extend-table.c: Refactor code.
Reuse xxx_clear() function in xxx_destroy() and remove redundant code.
Acked-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 8f93edd71672c46b6afec1f75ec74dd628aa197c
https://github.com/openvswitch/ovs/commit/8f93edd71672c46b6afec1f75ec74dd628aa197c
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/lib/extend-table.c
M ovn/lib/extend-table.h
M tests/ovn.at
Log Message:
-----------
extend-table: Fix reusing group/meter by multiple logical flows.
A meter/group can be used by multiple logical flows. However, current
code didn't handle this properly. Each table_info item has a lflow_uuid
field, which can keep track of only a single lflow.
In most cases this doesn't create problems because multiple table_info
entries are created even for same "name".
However, when multiple lflows are added in the same main loop iteration
using the same "name" (i.e. when the new_table_id == true), the function
ovn_extend_table_assign_id() will return the old id without creating a
new entry, and the reference by the second lflow is untracked. Later
with incremental processing, if the old lflow is deleted, the table_info
will be deleted, which results in the deletion of group/meter in OVS,
even when it is still used by the second lflow.
This patch fixes the problem by adding a hmap in each desired table_info
item to keep track of multiple lflow references. A test case is added.
The test case would fail without this fix.
At the same time, this patch adds an index that maps from lflow_uuid to
a list of desired table_info items used by the lflow, so that the
ovn_extend_table_remove_desired() is more efficient, without having
to do a O(N) iteration every time.
Fixes: ca278d98a4f5 ("ovn-controller: Initial use of incremental engine - quiet mode.")
Acked-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: a2744ab84021aef777ff427e348e610edf7bc643
https://github.com/openvswitch/ovs/commit/a2744ab84021aef777ff427e348e610edf7bc643
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M .cirrus.yml
Log Message:
-----------
cirrus: Use python 3.7 packages on FreeBSD.
Python 3.6 versions of these packages are no longer available in
FreeBSD ports.
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Ben Pfaff <blp at ovn.org>
Commit: db0240f879b31b829b7f41036fa179706d0061f2
https://github.com/openvswitch/ovs/commit/db0240f879b31b829b7f41036fa179706d0061f2
Author: Greg Rose <gvrose8192 at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M acinclude.m4
M datapath/linux/compat/ip6_gre.c
M datapath/linux/compat/ip_tunnel.c
Log Message:
-----------
compat: Include confirm_neigh parameter if needed
A change backported to the Linux 4.14.162 LTS kernel requires
a boolean parameter. Check for the presence of the parameter
and adjust the caller in that case.
Passes check-kmod test with no regressions.
Passes Travis build here:
https://travis-ci.org/gvrose8192/ovs-experimental/builds/633461320
Signed-off-by: Greg Rose <gvrose8192 at gmail.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>
Commit: 609831bd3ac1f81ddf77548d2ed2f9804070f362
https://github.com/openvswitch/ovs/commit/609831bd3ac1f81ddf77548d2ed2f9804070f362
Author: Aaron Conole <aconole at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/netdev-dpdk.c
Log Message:
-----------
netdev-dpdk: Avoid undefined behavior processing devargs
In "Use of library functions" in the C standard, the following statement
is written to apply to all library functions:
If an argument to a function has an invalid value (such as ... a
null pointer ... the behavior is undefined.
Later, under the "String handling" section, "Comparison functions" no
exception is listed for strcmp, which means NULL is invalid. It may
be possible for the smap_get to return NULL.
Given the above, we must check that new_devargs is not null. The check
against NULL for new_devargs later in the function is still valid.
Fixes: 55e075e65ef9 ("netdev-dpdk: Arbitrary 'dpdk' port naming")
Signed-off-by: Aaron Conole <aconole at redhat.com>
Acked-by: Ciara Loftus <ciara.loftus at intel.com>
Signed-off-by: Ian Stokes <ian.stokes at intel.com>
Commit: 4f889134c238bd4e3d14fffc15f95941c70fda49
https://github.com/openvswitch/ovs/commit/4f889134c238bd4e3d14fffc15f95941c70fda49
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/odp-util.c
Log Message:
-----------
odp-util: Fix passing uninitialized bytes in OVS_KEY_ATTR_CT_ORIG_TUPLE_IPV*.
Both ovs_key_ct_tuple_ipv* structures contains padding at the end
that mast be cleared before passing attributes to kernel:
Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
at 0x566A607: sendmsg (sendmsg.c:28)
by 0xFC95CE: nl_sock_transact_multiple__ (netlink-socket.c:858)
by 0xFC8580: nl_sock_transact_multiple (netlink-socket.c:1079)
by 0xFC83FF: nl_transact_multiple (netlink-socket.c:1839)
by 0xFA8648: dpif_netlink_operate__ (dpif-netlink.c:1926)
by 0xFA789F: dpif_netlink_operate_chunks (dpif-netlink.c:2219)
by 0xFA25CB: dpif_netlink_operate (dpif-netlink.c:2278)
by 0xE5BB4C: dpif_operate (dpif.c:1377)
by 0xE5B7F6: dpif_flow_put (dpif.c:1048)
by 0xE5B49A: dpif_probe_feature (dpif.c:965)
by 0xDD6BF5: check_ct_orig_tuple (ofproto-dpif.c:1557)
by 0xDD41EC: check_support (ofproto-dpif.c:1590)
by 0xDD3BF3: open_dpif_backer (ofproto-dpif.c:818)
by 0xDC8467: construct (ofproto-dpif.c:1605)
by 0xDAD6BB: ofproto_create (ofproto.c:549)
by 0xD96A19: bridge_reconfigure (bridge.c:877)
by 0xD9625D: bridge_run (bridge.c:3324)
by 0xDA5829: main (ovs-vswitchd.c:127)
Address 0x1ffefe36a5 is on thread 1's stack
in frame #4, created by dpif_netlink_operate__ (dpif-netlink.c:1839)
Uninitialised value was created by a stack allocation
at 0xEB87D0: odp_flow_key_from_flow__ (odp-util.c:5996)
Fixes: daf4d3c18da4 ("odp: Support conntrack orig tuple key.")
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Ben Pfaff <blp at ovn.org>
Commit: a08575753ea4cafc7041732bb3bcb81273a602b0
https://github.com/openvswitch/ovs/commit/a08575753ea4cafc7041732bb3bcb81273a602b0
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/netdev-offload-tc.c
Log Message:
-----------
netdev-offload-tc: Fix crash if offloading is not configured on outdev.
If output device is not yet added to netdev-offload, netdev_ports_get()
will not find it leading to NULL pointer dereference inside
netdev_get_ifindex().
Fixes: 8f283af89298 ("netdev-tc-offloads: Implement netdev flow put using tc interface")
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Ben Pfaff <blp at ovn.org>
Commit: 7dec0d93134f2e0abd5a7746414db0a6453a50f8
https://github.com/openvswitch/ovs/commit/7dec0d93134f2e0abd5a7746414db0a6453a50f8
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/controller/ovn-controller.c
Log Message:
-----------
ovn-controller.c: Fix possible NULL pointer dereference.
In function update_sb_db(), it tries to access cfg->external_ids
outside of the "if (cfg)" block. This patch fixes it.
Acked-by: Numan Siddique <numans at ovn.org>
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 9fc1f5d85ca70d1c9a1d908970f4b7964b21de9e
https://github.com/openvswitch/ovs/commit/9fc1f5d85ca70d1c9a1d908970f4b7964b21de9e
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/controller/ovn-controller.c
Log Message:
-----------
ovn-controller.c: Move the position of handling OVN-SB related settings.
Move the logic of handling OVN-SB related setting in external-ids
after the ovs_idl_loop run, so that any change in the external-ids
settings can take effect in the same iteration, without waiting for
the next one.
Reported-by: Lars Kellogg-Stedman <lars at redhat.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2020-January/049695.html
Tested-by: Flavio Fernandes <flavio at flaviof.com>
Acked-by: Numan Siddique <numans at ovn.org>
Acked-by: Mark Michelson <mmichels at redhat.com>
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: d7823eab5cb22c43dfbe858fe2e504d6d773ad05
https://github.com/openvswitch/ovs/commit/d7823eab5cb22c43dfbe858fe2e504d6d773ad05
Author: John Hurley <john.hurley at netronome.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/netdev-offload-tc.c
Log Message:
-----------
tc: handle packet mark of zero
Openstack may set an skb mark of 0 in tunnel rules. This is considered to
be an unused/unset value. However, it prevents the rule from being
offloaded.
Check if the key value of the skb mark is 0 when it is in use (mask is
set to all ones). If it is then ignore the field and continue with TC offload.
Only the exact-match case is covered by this patch as it addresses the
Openstack use-case and seems most robust against feature evolution: f.e. in
future there may exist hardware offload scenarios where an operation, such
as a BPF offload, sets the SKB mark before proceeding tho the in-HW OVS.
datapath.
Signed-off-by: John Hurley <john.hurley at netronome.com>
Co-Authored-by: Simon Horman <simon.horman at netronome.com>
Signed-off-by: Simon Horman <simon.horman at netronome.com>
Acked-by: Aaron Conole <aconole at redhat.com>
Commit: 72101f55b2c2cb751859fd9adc33fda8172755d0
https://github.com/openvswitch/ovs/commit/72101f55b2c2cb751859fd9adc33fda8172755d0
Author: Eli Britstein <elibr at mellanox.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/flow.c
Log Message:
-----------
flow: Fix parsing l3_ofs with partial offloading
l3_ofs should be set all Ethernet packets, not just IPv4/IPv6 ones.
For example for ARP over VLAN tagged packets, it may cause wrong
processing like in changing the VLAN ID action. Fix it.
Fixes: aab96ec4d81e ("dpif-netdev: retrieve flow directly from the flow mark")
Signed-off-by: Eli Britstein <elibr at mellanox.com>
Reviewed-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 7bc7ce8953c356427c332c07e17d2701c65660c5
https://github.com/openvswitch/ovs/commit/7bc7ce8953c356427c332c07e17d2701c65660c5
Author: Dumitru Ceara <dceara at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/lib/extend-table.c
Log Message:
-----------
extend-table: Fix use after free in ovn_extend_table_clear.
(cherry picked from ovn commit 22d9a6f35551e3078394d5f8849055f43638e0d1)
CC: Han Zhou <hzhou at ovn.org>
Fixes: d5001334f0f6 ("extend-table: Fix reusing group/meter by multiple logical flows.")
Reported-by: Ben Pfaff <blp at ovn.org>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2020-February/367647.html
Signed-off-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: eb67e0e86178a50710ad916c7be537729e823dbd
https://github.com/openvswitch/ovs/commit/eb67e0e86178a50710ad916c7be537729e823dbd
Author: Tomasz Konieczny <tomaszx.konieczny at intel.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M .travis/linux-build.sh
M Documentation/faq/releases.rst
M Documentation/intro/install/dpdk.rst
M Documentation/topics/dpdk/vhost-user.rst
M NEWS
Log Message:
-----------
dpdk: Use DPDK 18.11.6 release
Modify travis linux build script to use the latest DPDK stable release
18.11.6. Update docs for latest DPDK stable releases.
Signed-off-by: Tomasz Konieczny <tomaszx.konieczny at intel.com>
Acked-by: Flavio Leitner <fbl at sysclose.org>
Acked-by: Kevin Traynor <ktraynor at redhat.com>
Signed-off-by: Ian Stokes <ian.stokes at intel.com>
Commit: 750fc98c2c330104f1327511679c0848eca2da75
https://github.com/openvswitch/ovs/commit/750fc98c2c330104f1327511679c0848eca2da75
Author: Yanqin Wei <Yanqin.Wei at arm.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M tests/dpif-netdev.at
Log Message:
-----------
dpif-netdev.at: Fix partial offloading test cases failure.
Some partial offloading test cases are failing inconsistently. The root
cause is that dummy netdev is assigned with "linux_tc" offloading API.
dpif-netdev - partial hw offload - dummy
dpif-netdev - partial hw offload - dummy-pmd
dpif-netdev - partial hw offload with packet modifications - dummy
dpif-netdev - partial hw offload with packet modifications - dummy-pmd
This patch fixes this issue by changing 'options:ifindex=1' to some big
value. It is a workaround to make "linux_tc" init flow api failure. All
above cases can pass consistently after applying this patch.
Suggested-by: Ilya Maximets <i.maximets at ovn.org>
Reviewed-by: Gavin Hu <Gavin.Hu at arm.com>
Reviewed-by: Lijian Zhang <Lijian.Zhang at arm.com>
Signed-off-by: Yanqin Wei <Yanqin.Wei at arm.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: 72eebc797c8c72a6055f65182dd3b8eebcd35983
https://github.com/openvswitch/ovs/commit/72eebc797c8c72a6055f65182dd3b8eebcd35983
Author: Mark Michelson <mmichels at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/controller/lflow.c
M ovn/controller/ofctrl.c
M ovn/controller/ofctrl.h
M tests/ovn.at
Log Message:
-----------
OVN: Combine conjunctions with identical matches into one flow.
This is a backport of commit e659bab31a916d540411c93ca7125011b2e82b5c
from OVN master.
Conjunctive matches have an issue where it is possible to install
multiple flows that have identical matches. This results in ambiguity,
and can lead to features (such as ACLs) not functioning properly.
This change fixes the problem by combining conjunctions with identical
matches into a single flow. As an example, in the past we may have had
something like:
nw_dst=10.0.0.1 actions=conjunction(2,1/2)
nw_dst=10.0.0.1 actions=conjunction(3,1/2)
This commit changes this into
nw_dst=10.0.0.1 actions=conjunction(2,1/2),conjunction(3,1/2)
This way, there is only a single flow with the proscribed match, and
there is no ambiguity.
Signed-off-by: Mark Michelson <mmichels at redhat.com>
Acked-by: Numan Siddique <nusiddiq at redhat.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 4a7655564341258d5ad61edef7ba1e4e9f9a6ff7
https://github.com/openvswitch/ovs/commit/4a7655564341258d5ad61edef7ba1e4e9f9a6ff7
Author: Dumitru Ceara <dceara at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/northd/ovn-northd.c
M tests/ovn.at
Log Message:
-----------
ovn-northd: Fix IP local multicast flooding.
Skip IGMP entries learned for local multicast groups when generating
logical flows. We still allow ovn-controller to learn them as
it might be useful information for administrators to see that hosts
register for the groups even though they are not expected to send JOIN
messages for this range.
Note: The upstream OVN master patch doesn't apply cleanly because OVN
2.12 doesn't support MLD. The conflict is however easy to solve and
involves removing the IPv6 specific code.
Fixes: ddc64665b678 ("OVN: Add ovn-northd IGMP support")
Reported-by: Lucas Alvares Gomes <lmartins at redhat.com>
Reported-at: https://bugzilla.redhat.com/1803008
Signed-off-by: Dumitru Ceara <dceara at redhat.com>
Acked-by: Mark Michelson <mmichels at redhat.com>
(cherry picked from OVN commit 755ffada2a66416173d5f1e09672909d40f87fd1)
Conflicts:
ovn/northd/ovn-northd.c
tests/ovn.at
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 49bebf7fd62ae444ec0bd3d22d15cba64ba1b78c
https://github.com/openvswitch/ovs/commit/49bebf7fd62ae444ec0bd3d22d15cba64ba1b78c
Author: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovn/controller/ovn-controller.c
Log Message:
-----------
controller: grant cap_net_admin to ovn-controller
ovn-controller is currently running as non-root so it is not allowed to
configure system networking breaking ovn QoS support. Fix the issue
granting CAP_NET_ADMIN capability to ovn-controller process
Tested-by: Ying Xu <yinxu at redhat.com>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
Signed-off-by: Mark Michelson <mmichels at redhat.com>
Commit: d65750b5781d5cec14b9dd803c14ec8b399fc8a3
https://github.com/openvswitch/ovs/commit/d65750b5781d5cec14b9dd803c14ec8b399fc8a3
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/raft-rpc.c
Log Message:
-----------
raft-rpc: Fix message format.
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 4dc1eaaf50862200d76a56024dd7ac7396646532
https://github.com/openvswitch/ovs/commit/4dc1eaaf50862200d76a56024dd7ac7396646532
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/ovsdb-server.c
M tests/ovsdb-cluster.at
Log Message:
-----------
ovsdb-server: Don't disconnect clients after raft install_snapshot.
When "schema" field is found in read_db(), there can be two cases:
1. There is a schema change in clustered DB and the "schema" is the new one.
2. There is a install_snapshot RPC happened, which caused log compaction on the
server and the next log is just the snapshot, which always constains "schema"
field, even though the schema hasn't been changed.
The current implementation doesn't handle case 2), and always assume the schema
is changed hence disconnect all clients of the server. It can cause stability
problem when there are big number of clients connected when this happens in
a large scale environment.
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: be7cdb34ae8c4ce5f6460cab06c603766d5d66b4
https://github.com/openvswitch/ovs/commit/be7cdb34ae8c4ce5f6460cab06c603766d5d66b4
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/raft.c
M tests/ovsdb-cluster.at
Log Message:
-----------
raft: Fix raft_is_connected() when there is no leader yet.
If there is never a leader known by the current server, it's status
should be "disconnected" to the cluster. Without this patch, when
a server in cluster is restarted, before it successfully connecting
back to the cluster it will appear as connected, which is wrong.
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: f323d25f474ddbbd1925fcbdfee1225714a0f376
https://github.com/openvswitch/ovs/commit/f323d25f474ddbbd1925fcbdfee1225714a0f376
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/ovsdb.c
M ovsdb/ovsdb.h
M ovsdb/transaction.c
M ovsdb/trigger.c
Log Message:
-----------
raft: Avoid busy loop during leader election.
When a server doesn't see a leader yet, e.g. during leader re-election,
if a transaction comes from a client, it will cause 100% CPU busy loop.
With debug log enabled it is like:
2020-02-28T04:04:35.631Z|00059|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164
2020-02-28T04:04:35.631Z|00062|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164
2020-02-28T04:04:35.631Z|00065|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164
2020-02-28T04:04:35.631Z|00068|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164
2020-02-28T04:04:35.631Z|00071|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164
2020-02-28T04:04:35.631Z|00074|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164
2020-02-28T04:04:35.631Z|00077|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164
...
The problem is that in ovsdb_trigger_try(), all cluster errors are treated
as temporary error and retry immediately. This patch fixes it by introducing
'run_triggers_now', which tells if a retry is needed immediately. When the
cluster error is with detail 'not leader', we don't immediately retry, but
will wait for the next poll event to trigger the retry. When 'not leader'
status changes, there must be a event, i.e. raft RPC that changes the
status, so the trigger is guaranteed to be triggered, without busy loop.
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 452ae89fb0e5b195fae8774c63d80ed601f704c7
https://github.com/openvswitch/ovs/commit/452ae89fb0e5b195fae8774c63d80ed601f704c7
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/raft.c
Log Message:
-----------
raft: Fix next_index in install_snapshot reply handling.
When a leader handles install_snapshot reply, the next_index for
the follower should be log_start instead of log_end, because there
can be new entries added in leader's log after initiating the
install_snapshot procedure. Also, it should send all the accumulated
entries to follower in the following append-request message, instead
of sending 0 entries, to speed up the converge.
Without this fix, there is no functional problem, but it takes
uncessary extra rounds of append-requests responsed with "inconsistency"
by follower, although finally will be converged.
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 9714b45bf79474d5b8185cf4c14535120e682c19
https://github.com/openvswitch/ovs/commit/9714b45bf79474d5b8185cf4c14535120e682c19
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/raft.c
M tests/ovsdb-cluster.at
Log Message:
-----------
raft: Fix the problem of stuck in candidate role forever.
Sometimes a server can stay in candidate role forever, even if the server
already see the new leader and handles append-requests normally. However,
because of the wrong role, it appears as disconnected from cluster and
so the clients are disconnected.
This problem happens when 2 servers become candidates in the same
term, and one of them is elected as leader in that term. It can be
reproduced by the test cases added in this patch.
The root cause is that the current implementation only changes role to
follower when a bigger term is observed (in raft_receive_term__()).
According to the RAFT paper, if another candidate becomes leader with
the same term, the candidate should change to follower.
This patch fixes it by changing the role to follower when leader
is being updated in raft_update_leader().
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: eca8254d563a15e4b295c70fc902955f818bffc2
https://github.com/openvswitch/ovs/commit/eca8254d563a15e4b295c70fc902955f818bffc2
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M .travis/linux-prepare.sh
Log Message:
-----------
travis: Disable sindex build in sparse.
Sparse introduced a new utility 'sindex' for semantic search,
but unfortunately it fails to build in Travis environment.
Disabling it explicitly as we don't need it anyway.
Acked-by: Numan Siddique <numans at ovn.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: 021ab5a26c10e0c48c8ea4f6c175332b313d21c3
https://github.com/openvswitch/ovs/commit/021ab5a26c10e0c48c8ea4f6c175332b313d21c3
Author: Yanqin Wei <Yanqin.Wei at arm.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/pvector.c
M lib/pvector.h
Log Message:
-----------
pvector: Use acquire-release semantics for size.
Read/write concurrency of pvector library is implemented by a temp vector
and RCU protection. Considering performance reason, insertion does not
follow this scheme.
In insertion function, a thread fence ensures size increment is done
after new entry is stored. But there is no barrier in the iteration
fuction(pvector_cursor_init). Entry point access may be reordered before
loading vector size, so the invalid entry point may be loaded when vector
iteration.
This patch fixes it by acquire-release pair. It can guarantee new size is
observed by reader after new entry stored by writer. And this is
implemented by one-way barrier instead of two-way memory fence.
Fixes: fe7cfa5c3f19 ("lib/pvector: Non-intrusive RCU priority vector.")
Reviewed-by: Gavin Hu <Gavin.Hu at arm.com>
Reviewed-by: Lijian Zhang <Lijian.Zhang at arm.com>
Signed-off-by: Yanqin Wei <Yanqin.Wei at arm.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: 6d0a9a3b5b6a59e8e745b67311fa16cfbe689af7
https://github.com/openvswitch/ovs/commit/6d0a9a3b5b6a59e8e745b67311fa16cfbe689af7
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/dpif-netdev.c
Log Message:
-----------
dpif-netdev: Enter quiescent state after each offloading operation.
If the offloading queue is big and filled continuously, offloading
thread may have no chance to quiesce blocking rcu callbacks and
other threads waiting for synchronization.
Fix that by entering momentary quiescent state after each operation
since we're not holding any rcu-protected memory here.
Fixes: 02bb2824e51d ("dpif-netdev: do hw flow offload in a thread")
Reported-by: Eli Britstein <elibr at mellanox.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2020-February/049768.html
Acked-by: Eli Britstein <elibr at mellanox.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: 8046e28202a5c5aacad183fdfaaffbda8ccce4af
https://github.com/openvswitch/ovs/commit/8046e28202a5c5aacad183fdfaaffbda8ccce4af
Author: Damijan Skvarc <damjan.skvarc at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/ovsdb-tool.c
Log Message:
-----------
ovsdb-tool: fix memory leak while running "db-is-standalone" command
problem is reported by valgrind while running functional tests:
==21043== 160 (88 direct, 72 indirect) bytes in 1 blocks are definitely lost in loss record 7 of 8
==21043== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==21043== by 0x45EE2E: xmalloc (util.c:138)
==21043== by 0x40CB81: ovsdb_log_open (log.c:270)
==21043== by 0x406B4F: do_db_has_magic.isra.9 (ovsdb-tool.c:563)
==21043== by 0x438670: ovs_cmdl_run_command__ (command-line.c:223)
==21043== by 0x438720: ovs_cmdl_run_command (command-line.c:254)
==21043== by 0x405A4C: main (ovsdb-tool.c:79)
problem was in do_db_has_magic() which opens log file which is never closed.
Signed-off-by: Damijan Skvarc <damjan.skvarc at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 16e6c27d0ab7eef6343b69d5602bffb85966fe33
https://github.com/openvswitch/ovs/commit/16e6c27d0ab7eef6343b69d5602bffb85966fe33
Author: Aliasgar Ginwala <aginwala at ebay.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M Documentation/ref/ovsdb.7.rst
M NEWS
M ovsdb/ovsdb-tool.1.in
M ovsdb/ovsdb-tool.c
M tests/ovsdb-tool.at
Log Message:
-----------
ovsdb-tool: Convert clustered db to standalone db.
Add support in ovsdb-tool for migrating clustered dbs to standalone dbs.
E.g. usage to migrate nb/sb db to standalone db from raft:
ovsdb-tool cluster-to-standalone ovnnb_db.db ovnnb_db_cluster.db
Acked-by: Han Zhou <hzhou8 at ebay.com>
Signed-off-by: Aliasgar Ginwala <aginwala at ebay.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 76167bf38b319c30285fc8807c83df1979b8d455
https://github.com/openvswitch/ovs/commit/76167bf38b319c30285fc8807c83df1979b8d455
Author: Damijan Skvarc <damjan.skvarc at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/ovsdb-tool.c
Log Message:
-----------
ovsdb-tool: fix memory leak while converting cluster into standalone database
memory leak is reported by valgrind while executing functional test
"ovsdb-tool convert-to-standalone"
==13842== 2,850 (280 direct, 2,570 indirect) bytes in 7 blocks are definitely lost in loss record 20 of 20
==13842== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==13842== by 0x45EE2E: xmalloc (util.c:138)
==13842== by 0x43E386: json_create (json.c:1451)
==13842== by 0x43BDD2: json_object_create (json.c:254)
==13842== by 0x43DEE3: json_parser_push_object (json.c:1273)
==13842== by 0x43E167: json_parser_input (json.c:1371)
==13842== by 0x43D6EA: json_lex_input (json.c:991)
==13842== by 0x43DAC1: json_parser_feed (json.c:1149)
==13842== by 0x40D108: parse_body (log.c:411)
==13842== by 0x40D386: ovsdb_log_read (log.c:476)
==13842== by 0x406A0B: do_convert_to_standalone (ovsdb-tool.c:1571)
==13842== by 0x406A0B: do_cluster_standalone (ovsdb-tool.c:1606)
==13842== by 0x438670: ovs_cmdl_run_command__ (command-line.c:223)
==13842== by 0x438720: ovs_cmdl_run_command (command-line.c:254)
==13842== by 0x405A4C: main (ovsdb-tool.c:79)
The problem was in do_convert_to_standalone() function which while reading log file
allocate json object which was not deallocated at the end.
Signed-off-by: Damijan Skvarc <damjan.skvarc at gmail.com>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 3a9a8e1c8d69e24051f671cbff73973b1b6ed8c5
https://github.com/openvswitch/ovs/commit/3a9a8e1c8d69e24051f671cbff73973b1b6ed8c5
Author: William Tu <u9012063 at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/conntrack.c
Log Message:
-----------
conntrack: Fix NULL pointer dereference.
Coverity CID 279957 reports NULL pointer derefence when
'conn' is NULL and calling ct_print_conn_info.
Cc: Usman Ansari <uansari at vmware.com>
Signed-off-by: William Tu <u9012063 at gmail.com>
Acked-by: Dumitru Ceara <dceara at redhat.com>
Commit: fd33092caae0afad774cbfe16e825908fde994c6
https://github.com/openvswitch/ovs/commit/fd33092caae0afad774cbfe16e825908fde994c6
Author: Dumitru Ceara <dceara at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/conntrack.c
Log Message:
-----------
conntrack: Reset ct_state when entering a new zone.
When a new conntrack zone is entered, the ct_state field is zeroed in
order to avoid using state information from different zones.
One such scenario is when a packet is double NATed. Assuming two zones
and 3 flows performing the following actions in order on the packet:
1. ct(zone=5,nat), recirc
2. ct(zone=1), recirc
3. ct(zone=1,nat)
If at step #1 the packet matches an existing NAT entry, it will get
translated and pkt->md.ct_state is set to CS_DST_NAT or CS_SRC_NAT.
At step #2 the new tuple might match an existing connection and
pkt->md.ct_zone is set to 1.
If at step #3 the packet matches an existing NAT entry in zone 1,
handle_nat() will be called to perform the translation but it will
return early because the packet's zone matches the conntrack zone and
the ct_state field still contains CS_DST_NAT or CS_SRC_NAT from the
translations in zone 5.
In order to reliably detect when a packet enters a new conntrack zone
we also need to make sure that the pkt->md.ct_zone is properly
initialized if pkt->md.ct_state is non-zero. This already happens for
most cases. The only exception is when matched conntrack connection is
of type CT_CONN_TYPE_UN_NAT and the master connection is missing. To
cover this path we now call write_ct_md() in that case too. Remove
setting the CS_TRACKED flag as in this case as it will be done by the
new call to write_ct_md().
CC: Darrell Ball <dlu998 at gmail.com>
Fixes: 286de2729955 ("dpdk: Userspace Datapath: Introduce NAT Support.")
Acked-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Aaron Conole <aconole at redhat.com>
Signed-off-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: 5f57d5ddace726858914b2922b92baf9207896ec
https://github.com/openvswitch/ovs/commit/5f57d5ddace726858914b2922b92baf9207896ec
Author: wenxu <wenxu at ucloud.cn>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/dpif-netlink.c
M lib/netdev-offload-tc.c
M lib/netdev-offload.h
Log Message:
-----------
dpif-netlink: avoid netlink modify flow put op failed after tc modify flow put op failed.
The tc modify flow put always delete the original flow first and
then add the new flow. If the modfiy flow put operation failed,
the flow put operation will change from modify to create if success
to delete the original flow in tc (which will be always failed with
ENOENT, the flow is already be deleted before add the new flow in tc).
Finally, the modify flow put will failed to add in kernel datapath.
Signed-off-by: wenxu <wenxu at ucloud.cn>
Signed-off-by: Simon Horman <simon.horman at netronome.com>
Commit: 00cfc3fd32b8119d8ad01656d0880226fb817f10
https://github.com/openvswitch/ovs/commit/00cfc3fd32b8119d8ad01656d0880226fb817f10
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/dpif-netdev.c
Log Message:
-----------
dpif-netdev: Force port reconfiguration to change dynamic_txqs.
In case number of polling threads goes from exact number of Tx queues
in port to higher value while set_tx_multiq() not implemented or not
requesting reconfiguration, port will not be reconfigured and datapath
will continue using static Tx queue ids leading to crash.
Ex.:
Assuming that port p0 supports up to 4 Tx queues and doesn't support
set_tx_multiq() method. For example, netdev-afxdp could be the case,
because it could have multiple Tx queues, but doesn't have
set_tx_multiq() implementation because number of Tx queues always
equals to number of Rx queues.
1. Configuring pmd-cpu-mask to have 3 pmd threads.
2. Adding port p0 to OVS.
At this point wanted_txqs = 4 (3 for pmd threads + 1 for non-pmd).
Port reconfigured to have 4 Tx queues successfully.
dynamic_txqs = (4 < 4) = false;
3. Configuring pmd-cpu-mask to have 10 pmd threads.
At this point wanted_txqs = 11 (10 for pmd threads + 1 for non-pmd).
Since set_tx_multiq() is not implemented, netdev doesn't request
reconfiguration and 'dynamic_txqs' remains in 'false' state.
4. Since 'dynamic_txqs == false', dpif-netdev uses static Tx queue
ids that are in range [0, 10] while device only supports 4 leading
to unwanted behavior and crashes.
Fix that by marking for reconfiguration all the ports that will likely
change their 'dynamic_txqs' value.
It looks like the issue could be reproduced only with afxdp ports,
because all other non-dpdk ports ignores Tx queue ids and dpdk ports
requests for reconfiguration on set_tx_multiq().
Reported-by: William Tu <u9012063 at gmail.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2020-March/368364.html
Fixes: e32971b8ddb4 ("dpif-netdev: Centralized threads and queues handling code.")
Acked-by: Kevin Traynor <ktraynor at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Signed-off-by: William Tu <u9012063 at gmail.com>
Commit: 94bc5a941f230ec22a57aa5bb7956071fb932d46
https://github.com/openvswitch/ovs/commit/94bc5a941f230ec22a57aa5bb7956071fb932d46
Author: Dumitru Ceara <dceara at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/ovsdb-idl.c
Log Message:
-----------
Revert "ovsdb-idl: Avoid sending redundant conditional monitoring updates"
This reverts commit 5351980b047f4dd40be7a59a1e4b910df21eca0a.
If the ovsdb-server reply to "monitor_cond_since" requests has
"found" == false then ovsdb_idl_db_parse_monitor_reply() calls
ovsdb_idl_db_clear() which iterates through all tables and
unconditionally sets table->cond_changed to false.
However, if the client had already set a new condition for some of the
tables, this new condition request will never be sent to ovsdb-server
until the condition is reset to a different value. This is due to the
check in ovsdb_idl_db_set_condition().
One way to replicate the issue is described in the bugzilla reporting
the bug, when ovn-controller is configured to use "ovn-monitor-all":
https://bugzilla.redhat.com/show_bug.cgi?id=1808125#c6
Commit 5351980b047f tried to optimize sending redundant conditional
monitoring updates but the chances that this scenario happens with the
latest code is quite low since commit 403a6a0cb003 ("ovsdb-idl: Fast
resync from server when connection reset.") changed the behavior of
ovsdb_idl_db_parse_monitor_reply() to avoid calling ovsdb_idl_db_clear()
in most cases.
Reported-by: Dan Williams <dcbw at redhat.com>
Reported-at: https://bugzilla.redhat.com/1808125
CC: Andy Zhou <azhou at ovn.org>
Fixes: 5351980b047f ("ovsdb-idl: Avoid sending redundant conditional monitoring updates")
Acked-by: Han Zhou <hzhou at ovn.org>
Acked-by: Ilya Maximets <i.maximets at ovn.org>
Signed-off-by: Dumitru Ceara <dceara at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: 3d98565192b52a15ad7420e51afdbb172817ba87
https://github.com/openvswitch/ovs/commit/3d98565192b52a15ad7420e51afdbb172817ba87
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M .cirrus.yml
Log Message:
-----------
cirrus: Force pkg update on FreeBSD.
Seems like FreeBSD ports/images are not well maintained and frequently
causes package installation failures like this:
[1/40] Fetching automake-1.16.1_2.txz: .......... done
pkg: cached package automake-1.16.1_2: size mismatch, fetching from remote
[2/40] Fetching automake-1.16.1_2.txz: .......... done
pkg: cached package automake-1.16.1_2: size mismatch, cannot continue
Consider running 'pkg update -f'
Forced update doesn't increase build time significantly, but helps
to solve at least this one kind of issues.
Acked-by: William Tu <u9012063 at gmail.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: cd7864bb6e11f02b622d92b09ede7b98d7c9ca0d
https://github.com/openvswitch/ovs/commit/cd7864bb6e11f02b622d92b09ede7b98d7c9ca0d
Author: Yi-Hung Wei <yihung.wei at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M acinclude.m4
M datapath/linux/compat/geneve.c
M datapath/linux/compat/vxlan.c
Log Message:
-----------
compat: Fix ipv6_dst_lookup build error
The geneve/vxlan compat code base invokes ipv6_dst_lookup() which is
recently replaced by ipv6_dst_lookup_flow() in the stable kernel tree.
This causes travis build failure:
* https://travis-ci.org/github/openvswitch/ovs/builds/681084038
This patch updates the backport logic to invoke the right function.
Related patch in
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
b9f3e457098e ("net: ipv6_stub: use ip6_dst_lookup_flow instead of
ip6_dst_lookup")
Signed-off-by: Yi-Hung Wei <yihung.wei at gmail.com>
Signed-off-by: William Tu <u9012063 at gmail.com>
Commit: 3f9a4a46a8b742b8ebd696ef8c07e3537bb471ce
https://github.com/openvswitch/ovs/commit/3f9a4a46a8b742b8ebd696ef8c07e3537bb471ce
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/raft.c
Log Message:
-----------
raft: Fix leak of the incomplete command.
Function raft_command_initiate() returns correctly referenced command
instance. 'n_ref' equals 1 for complete commands and 2 for incomplete
commands because one more reference is in raft->commands list.
raft_handle_execute_command_request__() leaks the reference by not
returning pointer anywhere and not unreferencing incomplete commands.
792 bytes in 11 blocks are definitely lost in loss record 258 of 262
at 0x483BB1A: calloc (vg_replace_malloc.c:762)
by 0x44BA32: xcalloc (util.c:121)
by 0x422E5F: raft_command_create_incomplete (raft.c:2038)
by 0x422E5F: raft_command_initiate (raft.c:2061)
by 0x428651: raft_handle_execute_command_request__ (raft.c:4161)
by 0x428651: raft_handle_execute_command_request (raft.c:4177)
by 0x428651: raft_handle_rpc (raft.c:4230)
by 0x428651: raft_conn_run (raft.c:1445)
by 0x428DEA: raft_run (raft.c:1803)
by 0x407392: main_loop (ovsdb-server.c:226)
by 0x407392: main (ovsdb-server.c:469)
Fixes: 1b1d2e6daa56 ("ovsdb: Introduce experimental support for clustered databases.")
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: William Tu <u9012063 at gmail.com>
Commit: 2bca302bd6eed179c4ec4e394856740d557376d4
https://github.com/openvswitch/ovs/commit/2bca302bd6eed179c4ec4e394856740d557376d4
Author: Zhen Wang <zhewang at nvidia.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/raft.c
Log Message:
-----------
raft: Disable RAFT jsonrpc inactivity probe.
With the scale test of 640 nodes k8s cluster, raft DB nodes' jsonrpc
session got closed due to the timeout of default 5 seconds probe.
It will cause disturbance of the raft cluster. Since we already have
the heartbeat for RAFT, just disable the probe between the servers
to avoid the unnecessary jsonrpc inactivity probe.
Acked-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Zhen Wang <zhewang at nvidia.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: a6912dea3a32db9da2a244a54db923e8965506c6
https://github.com/openvswitch/ovs/commit/a6912dea3a32db9da2a244a54db923e8965506c6
Author: Yi-Hung Wei <yihung.wei at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/meta-flow.c
M tests/ofproto-dpif.at
Log Message:
-----------
metaflow: Fix maskable conntrack orig tuple fields
>From man ovs-fields(7), the conntrack origin tuple fields
ct_nw_src/dst, ct_ipv6_src/dst, and ct_tp_src/dst are supposed
to be bitwise maskable, but they are not. This patch enables
those fields to be maskable, and adds a regression test.
Fixes: daf4d3c18da4 ("odp: Support conntrack orig tuple key.")
Reported-by: Wenying Dong <wenyingd at vmware.com>
Signed-off-by: Yi-Hung Wei <yihung.wei at gmail.com>
Signed-off-by: William Tu <u9012063 at gmail.com>
Commit: 3354864797d2aa9b7ec6000b420deba74999e8a2
https://github.com/openvswitch/ovs/commit/3354864797d2aa9b7ec6000b420deba74999e8a2
Author: Aaron Conole <aconole at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/netdev-linux.c
Log Message:
-----------
netdev-linux: Update LAG in all cases.
In some cases, when processing a netlink change event, it's possible for
an alternate part of OvS (like the IPv6 endpoint processing) to hold an
active netdev interface. This creates a race-condition, where sometimes
the OvS change processing will take the normal path. This doesn't work
because the netdev device object won't actually be enslaved to the
ovs-system (for instance, a linux bond) and ingress qdisc entries will
be missing.
To address this, we update the LAG information in ALL cases where
LAG information could come in.
Fixes: d22f8927c3c9 ("netdev-linux: monitor and offload LAG slaves to TC")
Cc: Marcelo Leitner <mleitner at redhat.com>
Cc: John Hurley <john.hurley at netronome.com>
Acked-by: Roi Dayan <roid at mellanox.com>
Signed-off-by: Aaron Conole <aconole at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: dd83c5d0eadd699fcdef331c29468033caf60d80
https://github.com/openvswitch/ovs/commit/dd83c5d0eadd699fcdef331c29468033caf60d80
Author: Greg Rose <gvrose8192 at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M acinclude.m4
M datapath/linux/compat/geneve.c
M datapath/linux/compat/vxlan.c
Log Message:
-----------
compat: Backport ipv6_stub change
A patch backported to the Linux stable 4.14 tree and present in the
latest stable 4.14.181 kernel breaks ipv6_stub usage.
The commit is
8ab8786f78c3 ("net ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup").
Create the compat layer define to check for it and fixup usage in vxlan
and geneve modules.
Passes Travis here:
https://travis-ci.org/github/gvrose8192/ovs-experimental/builds/689798733
Signed-off-by: Greg Rose <gvrose8192 at gmail.com>
Signed-off-by: William Tu <u9012063 at gmail.com>
Commit: 39532fd57d99dda67a8e806d5576a869c4ea1324
https://github.com/openvswitch/ovs/commit/39532fd57d99dda67a8e806d5576a869c4ea1324
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/ovsdb-server.c
Log Message:
-----------
ovsdb-server: Fix schema leak while reading db.
parse_txn() function doesn't always take ownership of the 'schema'
passed. So, if the schema of the clustered db has same version as the
one that already in use, parse_txn() will not use it, resulting with a
memory leak:
7,827 (56 direct, 7,771 indirect) bytes in 1 blocks are definitely lost
at 0x483BB1A: calloc (vg_replace_malloc.c:762)
by 0x44AD02: xcalloc (util.c:121)
by 0x40E70E: ovsdb_schema_create (ovsdb.c:41)
by 0x40EA6D: ovsdb_schema_from_json (ovsdb.c:217)
by 0x415EDD: ovsdb_storage_read (storage.c:280)
by 0x408968: read_db (ovsdb-server.c:607)
by 0x40733D: main_loop (ovsdb-server.c:227)
by 0x40733D: main (ovsdb-server.c:469)
While we could put ovsdb_schema_destroy() in a few places inside
'parse_txn()', from the users' point of view it seems better to have a
constant argument and just clone the 'schema' if needed. The caller
will be responsible for destroying the 'schema' it owns.
Fixes: 1b1d2e6daa56 ("ovsdb: Introduce experimental support for clustered databases.")
Acked-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: 7418b7d1e1c85054acd2020cbe7a4580dc8db7c7
https://github.com/openvswitch/ovs/commit/7418b7d1e1c85054acd2020cbe7a4580dc8db7c7
Author: Eiichi Tsukata <eiichi.tsukata at nutanix.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/classifier.c
M lib/classifier.h
M tests/test-classifier.c
Log Message:
-----------
classifier: Prevent tries vs n_tries race leading to NULL dereference.
Currently classifier tries and n_tries can be updated not atomically,
there is a race condition which can lead to NULL dereference.
The race can happen when main thread updates a classifier tries and
n_tries in classifier_set_prefix_fields() and at the same time revalidator
or handler thread try to lookup them in classifier_lookup__(). Such race
can be triggered when user changes prefixes of flow_table.
Race(user changes flow_table prefixes: ip_dst,ip_src => none):
[main thread] [revalidator/handler thread]
===========================================================
/* cls->n_tries == 2 */
for (int i = 0; i < cls->n_tries; i++) {
trie_init(cls, i, NULL);
/* n_tries == 0 */
cls->n_tries = n_tries;
/* cls->tries[i]->feild is NULL */
trie_ctx_init(&trie_ctx[i],&cls->tries[i]);
/* trie->field is NULL */
ctx->be32ofs = trie->field->flow_be32ofs;
To prevent the race, instead of re-introducing internal mutex
implemented in the commit fccd7c092e09 ("classifier: Remove internal
mutex."), this patch makes trie field RCU protected and checks it after
read.
Fixes: fccd7c092e09 ("classifier: Remove internal mutex.")
Signed-off-by: Eiichi Tsukata <eiichi.tsukata at nutanix.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: 69bf82c6b372d50cf54b1b784b39c4b5c5db482f
https://github.com/openvswitch/ovs/commit/69bf82c6b372d50cf54b1b784b39c4b5c5db482f
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M .cirrus.yml
Log Message:
-----------
cirrus: Don't install py27 packages.
py27 packages are no longer available on FreeBSD.
Removing these packages along with python2 itself to avoid CI failures:
pkg: No packages available to install matching 'py27-sphinx' have
been found in the repositories
Exit status: 70
Acked-by: Aaron Conole <aconole at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: e28ca70f17bfedc50db337d2abb09e5664c4b511
https://github.com/openvswitch/ovs/commit/e28ca70f17bfedc50db337d2abb09e5664c4b511
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/execution.c
Log Message:
-----------
ovsdb: Fix timeout type for wait operation.
According to RFC 7047, 'timeout' is an integer field:
5.2.6. Wait
The "wait" object contains the following members:
"op": "wait" required
"timeout": <integer> optional
...
For some reason initial implementation treated it as a real number.
This causes a build issue with clang that complains that LLONG_MAX
could not be represented as double:
ovsdb/execution.c:733:32: error: implicit conversion from 'long long'
to 'double' changes value from
9223372036854775807 to 9223372036854775808
timeout_msec = MIN(LLONG_MAX, json_real(timeout));
~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/sys/limits.h:69:19: note: expanded from macro 'LLONG_MAX'
#define LLONG_MAX __LLONG_MAX /* max for a long long */
^~~~~~~~~~~
/usr/include/x86/_limits.h:74:21: note: expanded from macro '__LLONG_MAX'
#define __LLONG_MAX 0x7fffffffffffffffLL /* max value for a long long */
^~~~~~~~~~~~~~~~~~~~
./lib/util.h:90:21: note: expanded from macro 'MIN'
#define MIN(X, Y) ((X) < (Y) ? (X) : (Y))
^ ~
Fix that by changing parser to treat 'timeout' as integer.
Fixes clang build on FreeBSD 12.1 in CirrusCI.
Fixes: f85f8ebbfac9 ("Initial implementation of OVSDB.")
Acked-by: Han Zhou <hzhou at ovn.org>
Acked-by: Numan Siddique <numans at ovn.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: 490333c7a59deb83afff71c1ed7295eadb74a68c
https://github.com/openvswitch/ovs/commit/490333c7a59deb83afff71c1ed7295eadb74a68c
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M AUTHORS.rst
M lib/ovs-rcu.c
Log Message:
-----------
ovs-rcu: Avoid flushing callbacks during postponing.
ovsrcu_flush_cbset() call during ovsrcu_postpone() could cause
use after free in case the caller sets new pointer only after
postponing free for the old one:
------------------ ------------------ -------------------
Thread 1 Thread 2 RCU Thread
------------------ ------------------ -------------------
pointer = A
ovsrcu_quiesce():
thread->seqno = 30
global_seqno = 31
quiesced
read pointer A
postpone(free(A)):
flush cbset
pop flushed_cbsets
ovsrcu_synchronize:
target_seqno = 31
ovsrcu_quiesce():
thread->seqno = 31
global_seqno = 32
quiesced
read pointer A
use pointer A
ovsrcu_quiesce():
thread->seqno = 32
global_seqno = 33
quiesced
read pointer A
pointer = B
ovsrcu_quiesce():
thread->seqno = 33
global_seqno = 34
quiesced
target_seqno exceeded
by all threads
call cbs to free A
use pointer A
(use after free)
-----------------------------------------------------------
Fix that by using dynamically re-allocated array without flushing
to the global flushed_cbsets until writer enters quiescent state.
Fixes: 0f2ea84841e1 ("ovs-rcu: New library.")
Reported-by: Linhaifeng <haifeng.lin at huawei.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2020-June/371265.html
Acked-by: Ben Pfaff <blp at ovn.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: 10a7bdd1c21bf14126c44d462f68cfc90e9f1625
https://github.com/openvswitch/ovs/commit/10a7bdd1c21bf14126c44d462f68cfc90e9f1625
Author: Dumitru Ceara <dceara at redhat.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/ovsdb-idl-provider.h
M lib/ovsdb-idl.c
M tests/ovsdb-idl.at
Log Message:
-----------
ovsdb-idl: Avoid inconsistent IDL state with OVSDB_MONITOR_V3.
Assuming an ovsdb client connected to a database using OVSDB_MONITOR_V3
(i.e., "monitor_cond_since" method) with the initial monitor condition
MC1.
Assuming the following two transactions are executed on the
ovsdb-server:
TXN1: "insert record R1 in table T1"
TXN2: "insert record R2 in table T2"
If the client's monitor condition MC1 for table T2 matches R2 then the
client will receive the following update3 message:
method="update3", "insert record R2 in table T2", last-txn-id=TXN2
At this point, if the presence of the new record R2 in the IDL triggers
the client to update its monitor condition to MC2 and add a clause for
table T1 which matches R1, a monitor_cond_change message is sent to the
server:
method="monitor_cond_change", "clauses from MC2"
In normal operation the ovsdb-server will reply with a new update3
message of the form:
method="update3", "insert record R1 in table T1", last-txn-id=TXN2
However, if the connection drops in the meantime, this last update might
get lost.
It might happen that during the reconnect a new transaction happens
that modifies the original record R1:
TXN3: "modify record R1 in table T1"
When the client reconnects, it will try to perform a fast resync by
sending:
method="monitor_cond_since", "clauses from MC2", last-txn-id=TXN2
Because TXN2 is still in the ovsdb-server transaction history, the
server replies with the changes from the most recent transactions only,
i.e., TXN3:
result="true", last-txbb-id=TXN3, "modify record R1 in table T1"
This causes the IDL on the client in to end up in an inconsistent
state because it has never seen the update that created R1.
Such a scenario is described in:
https://bugzilla.redhat.com/show_bug.cgi?id=1808580#c22
To avoid this issue, the IDL will now maintain (up to) 3 different
types of conditions for each DB table:
- new_cond: condition that has been set by the IDL client but has
not yet been sent to the server through monitor_cond_change.
- req_cond: condition that has been sent to the server but the reply
acknowledging the change hasn't been received yet.
- ack_cond: condition that has been acknowledged by the server.
Whenever the IDL FSM is restarted (e.g., voluntary or involuntary
disconnect):
- if there is a known last_id txn-id the code ensures that new_cond
will contain the most recent condition set by the IDL client
(either req_cond if there was a request in flight, or new_cond
if the IDL client set a condition while the IDL was disconnected)
- if there is no known last_id txn-id the code ensures that ack_cond will
contain the most recent conditions set by the IDL client regardless
whether they were acked by the server or not.
When monitor_cond_since/monitor_cond requests are sent they will
always include ack_cond and if new_cond is not NULL a follow up
monitor_cond_change will be generated afterwards.
On the other hand ovsdb_idl_db_set_condition() will always modify new_cond.
This ensures that updates of type "insert" that happened before the last
transaction known by the IDL but didn't match old monitor conditions are
sent upon reconnect if the monitor condition has changed to include them
in the meantime.
Fixes: 403a6a0cb003 ("ovsdb-idl: Fast resync from server when connection reset.")
Signed-off-by: Dumitru Ceara <dceara at redhat.com>
Acked-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: 5f32ced51ad576f4236498d54ade60e0a0d90d61
https://github.com/openvswitch/ovs/commit/5f32ced51ad576f4236498d54ade60e0a0d90d61
Author: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M ovsdb/ovsdb-idlc.in
Log Message:
-----------
Merge remote-tracking branch 'upstream/branch-2.12'
Newer version of python complain about:
'RuntimeError: dictionary keys changed during iteration'
# Conflicts:
# NEWS
# configure.ac
# debian/changelog
Commit: 86a07ce86930a451872d70337a2b85e0516e8b02
https://github.com/openvswitch/ovs/commit/86a07ce86930a451872d70337a2b85e0516e8b02
Author: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/netdev-windows.c
Log Message:
-----------
netdev-windows: Disable set MTU, MAC, In4 functionality
This patch disables the ability to set the MTU, MAC and IPv4 address on
a given port.
This is causing issues when testing on 2016.
Signed-off-by: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Commit: 4170a9e7bc5ccf638dd4000c41574a1311237d0a
https://github.com/openvswitch/ovs/commit/4170a9e7bc5ccf638dd4000c41574a1311237d0a
Author: Han Zhou <hzhou at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/odp-util.c
Log Message:
-----------
odp-util.c: Fix dp_hash execution with slowpath actions.
When dp_hash is executed with slowpath actions, it results in endless
recirc loop in kernel datapath, and finally drops the packet, with
kernel logs:
openvswitch: ovs-system: deferred action limit reached, drop recirc action
The root cause is that the dp_hash value calculated by slowpath is not
passed to datapath when executing the recirc action, thus when the recirced
packet miss upcall comes to userspace again, it generates the dp_hash
and recirc action again, with same recirc_id, which in turn generates
a megaflow with recirc action with the recird_id same as the recirc_id in
its match condition, which causes a loop in datapath.
For example, this can be reproduced with below setup of OVN environment:
LS1 LS2
| |
|------R1------|
VIF--LS0---R0-----| |------R3
|------R2------|
Assume there is a route from the VIF to R3: R0 -> R1 -> R3, and there are two
routes (ECMP) from R3 to the VIF:
R3 -> R1 -> R0
R3 -> R2 -> R0
Now if we ping from the VIF to R3, the OVS flow execution on the HV of the VIF
will hit the R3's datapath which has flows that responds to the ICMP packet
by setting ICMP fields, which requires slowpath actions, and in later flow
tables it will hit the "group" action that selects between the ECMP routes.
By default OVN uses "dp_hash" method for the "group" action.
For the first miss upcall packet, dp_hash value is empty, so the group action
will be translated to "dp_hash" and "recirc".
During action execution, because of the previous actions that sets ICMP fields,
the whole execution requires slowpath, so it tries to execute all actions in
userspace in odp_execute_actions(), including dp_hash action, except the
recirc action, which can only be executed in datapath. So the dp_hash value
is calculated in userspace, and then the packet is injected to datapath for
recirc action execution.
However, the dp_hash calculated by the userspace is not passed to datapath.
Because of this, the packet recirc in datapath doesn't have dp_hash value,
and the miss upcall for the recirced packet hits the same flow tables and
triggers same "dp_hash" and "recirc" action again, with exactly same recirc_id!
This time, the new upcall doesn't require any slowpath execution, so both
the dp_hash and recirc actions are executed in datapath, after creating a
datapath megaflow like:
recirc_id(XYZ),..., actions:hash(l4(0)),recirc(XYZ)
with match recirc_id equals the recirc id in the action, thus creating a loop.
This patch fixes the problem by passing the calculated dp_hash value to
datapath in odp_key_from_dp_packet().
Fixes: 572f732ab078 ("dpif-netdev: user space datapath recirculation")
Signed-off-by: Han Zhou <hzhou at ovn.org>
Signed-off-by: Ben Pfaff <blp at ovn.org>
Commit: 7c8303554f0dd96616bbd29fd7b2d605700ca4c9
https://github.com/openvswitch/ovs/commit/7c8303554f0dd96616bbd29fd7b2d605700ca4c9
Author: Ilya Maximets <i.maximets at ovn.org>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/odp-execute.c
Log Message:
-----------
odp-execute: Fix length checking while executing check_pkt_len action.
If dp-packet contains l2 padding or cutlen was applied to it, size will
be larger than the actual size of a payload and action will work
incorrectly.
Ex. Padding could be added during miniflow_extract() if detected.
Fixes: 5b34f8fc3b38 ("Add a new OVS action check_pkt_larger")
Reported-by: Miroslav Kubiczek <miroslav.kubiczek at adaptivemobile.com>
Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2020-May/050157.html
Acked-by: Dumitru Ceara <dceara at redhat.com>
Acked-by: Flavio Leitner <fbl at sysclose.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: 84840ff5715aa6dada9d6f1193f4174695646211
https://github.com/openvswitch/ovs/commit/84840ff5715aa6dada9d6f1193f4174695646211
Author: Eli Britstein <elibr at mellanox.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/dpif-netdev.c
M tests/dpif-netdev.at
Log Message:
-----------
dpif-netdev: Don't use zero flow mark.
Zero flow mark is used to indicate the HW to remove the mark. A packet
marked with zero mark is received in SW without a mark at all, so it
cannot be used as a valid mark. Change the pool range to fix it.
Fixes: 241bad15d99a ("dpif-netdev: associate flow with a mark id")
Signed-off-by: Eli Britstein <elibr at mellanox.com>
Reviewed-by: Roni Bar Yanai <roniba at mellanox.com>
Acked-by: Sriharsha Basavapatna <sriharsha.basavapatna at broadcom.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: 2e1d9871b0f5b23b4cd4d9c7a34eba5934ba4db2
https://github.com/openvswitch/ovs/commit/2e1d9871b0f5b23b4cd4d9c7a34eba5934ba4db2
Author: Eli Britstein <elibr at mellanox.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/netdev-offload-dpdk.c
Log Message:
-----------
netdev-offload-dpdk: Fix Ethernet matching for type only.
For OVS rule of the form "eth type is 0x1234 / end", rule is offloaded
in the form of "eth / end", which is incorrect. Fix it.
Fixes: e8a2b5bf92bb ("netdev-dpdk: implement flow offload with rte flow")
Signed-off-by: Eli Britstein <elibr at mellanox.com>
Reviewed-by: Roni Bar Yanai <roniba at mellanox.com>
Acked-by: Sriharsha Basavapatna <sriharsha.basavapatna at broadcom.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: abbf40f70062cd26b334fd8620f6067928fbeccd
https://github.com/openvswitch/ovs/commit/abbf40f70062cd26b334fd8620f6067928fbeccd
Author: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/dpif-netdev.c
Log Message:
-----------
dpif-netdev: Add check mark to avoid ovs-vswitchd crash.
When changing the pmd interfaces attribute, ovs-vswitchd will
reload pmd and flush offload flows. reload_affected_pmds may
be invoked twice or more. In that case, the flows may been
queued to "dp_netdev_flow_offload" thread again.
For example:
$ ovs-vsctl -- set interface <Interface> options:dpdk-lsc-interrupt=true
ovs-vswitchd main flow-offload thread
append F to queue ...
...
append F to queue
... del F
... del F (crash [1])
[1]:
ovs_assert_failure lib/cmap.c:922
cmap_replace lib/cmap.c:921
cmap_remove lib/cmap.h:295
mark_to_flow_disassociate lib/dpif-netdev.c:2269
dp_netdev_flow_offload_del lib/dpif-netdev.c:2369
dp_netdev_flow_offload_main lib/dpif-netdev.c:2492
Fixes: 02bb2824e51d ("dpif-netdev: do hw flow offload in a thread")
Signed-off-by: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: e6118dfc035a4347f53954d93789f81e6d7a640d
https://github.com/openvswitch/ovs/commit/e6118dfc035a4347f53954d93789f81e6d7a640d
Author: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M lib/dpif-netdev.c
Log Message:
-----------
dpif-netdev: Return error code when no mark available.
The max number of mark is (UINT32_MAX - 1), that is
enough to be used. But theoretically, if there are no
mark available, the later different flows will shared
the mark INVALID_FLOW_MARK, that may break the function.
If there are no available mark to be used, return error
code.
Fixes: 02bb2824e51d ("dpif-netdev: do hw flow offload in a thread")
Signed-off-by: Tonghao Zhang <xiangxia.m.yue at gmail.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Commit: 0049b3cc3463634395ab7466f25a85a9dd520726
https://github.com/openvswitch/ovs/commit/0049b3cc3463634395ab7466f25a85a9dd520726
Author: Ian Stokes <ian.stokes at intel.com>
Date: 2020-07-16 (Thu, 16 Jul 2020)
Changed paths:
M .travis/linux-build.sh
M Documentation/faq/releases.rst
M Documentation/intro/install/dpdk.rst
M Documentation/topics/dpdk/vhost-user.rst
M NEWS
Log Message:
-----------
dpdk: Use DPDK 18.11.9 release.
Modify travis linux build script to use the latest DPDK stable release.
Update docs for latest DPDK stable releases. Update release faq to
reference latest validated DPDK release for each branch.
Signed-off-by: Ian Stokes <ian.stokes at intel.com>
Acked-by: Kevin Traynor <ktraynor at redhat.com>
Commit: 996c1dd46676fefa11d24c9460ebe84a92a3976a
https://github.com/openvswitch/ovs/commit/996c1dd46676fefa11d24c9460ebe84a92a3976a
Author: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Date: 2020-07-26 (Sun, 26 Jul 2020)
Changed paths:
M datapath-windows/ovsext/Actions.c
Log Message:
-----------
actions: fix forwarding information
This patch fixes sending out the packet on the wrong forwarding port.
Signed-off-by: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Commit: 4c067da8de3a46ce6acebcf192067437fd8ee717
https://github.com/openvswitch/ovs/commit/4c067da8de3a46ce6acebcf192067437fd8ee717
Author: Jinjun Gao <jinjung at vmware.com>
Date: 2020-08-04 (Tue, 04 Aug 2020)
Changed paths:
M datapath-windows/ovsext/Actions.c
M datapath-windows/ovsext/Actions.h
Log Message:
-----------
datapath-windows: Update flow key in SET action
The flow key is not updated when process OVS_ACTION_ATTR_SET action.
It will impact follow-up actions, such as, conntrack module cannot
find created conntrack entry if passing old flow key to it.
Reported-by: Rui Cao <rcao at vmware.com>
Signed-off-by: Jinjun Gao <jinjung at vmware.com>
Signed-off-by: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Commit: 1e097d3e73cdb317923b2c7e7ef71d7fe17147a7
https://github.com/openvswitch/ovs/commit/1e097d3e73cdb317923b2c7e7ef71d7fe17147a7
Author: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Date: 2020-08-05 (Wed, 05 Aug 2020)
Changed paths:
M datapath-windows/ovsext/Actions.c
M datapath-windows/ovsext/Offload.c
M datapath-windows/ovsext/Vxlan.c
Log Message:
-----------
datapath-windows: Allow tunnel packets with invalid IP checksum
Packets which come from userspace may have invalid IP checksums.
Allow the packet to continue the pipeline.
This patch also modifies the way offsets are used in offload and vxlan.
We will use actual layer information instead of predefined offsets.
This issue was found while testing over a VLAN enabled tunnel.
Signed-off-by: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Commit: 13f8f4932b414d19b71bea51f9b490ea2d8dd33a
https://github.com/openvswitch/ovs/commit/13f8f4932b414d19b71bea51f9b490ea2d8dd33a
Author: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Date: 2020-08-15 (Sat, 15 Aug 2020)
Changed paths:
M datapath-windows/ovsext/Actions.c
Log Message:
-----------
actions: Fix packet completion when sending or receiving packets via tunnels
We cannot change the SourcePortId and SourceNicIndex before marking the net
buffer list for completion.
In addition we cannot change the SourcePortId and SourceNicIndex of the
NET_BUFFER_LIST_SWITCH_FORWARDING_DETAIL without creating and allocating
a new net buffer list and its forwarding context (1).
(1) https://docs.microsoft.com/en-us/windows-hardware/drivers/network/originating-packet-traffic
Signed-off-by: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Commit: d9cc5603e5205aa85f6646eb0c95f19f8cd26695
https://github.com/openvswitch/ovs/commit/d9cc5603e5205aa85f6646eb0c95f19f8cd26695
Author: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Date: 2020-08-30 (Sun, 30 Aug 2020)
Changed paths:
M datapath-windows/ovsext/BufferMgmt.c
M datapath-windows/ovsext/BufferMgmt.h
M datapath-windows/ovsext/DpInternal.h
Log Message:
-----------
datapath-windows: Fix issues around NBL context
This patch increases the size of the NET_BUFFER_LIST_CONTEXT allocated
by OVS.
When trying to complete a NBL we need to check if it is at least our allocated
NET_BUFFER_LIST_CONTEXT size and check if it corresponds to our thumbprint.
Signed-off-by: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Commit: d532e64ff6d9dd97ac37590056682df08592daca
https://github.com/openvswitch/ovs/commit/d532e64ff6d9dd97ac37590056682df08592daca
Author: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Date: 2020-08-30 (Sun, 30 Aug 2020)
Changed paths:
M datapath-windows/ovsext/Actions.c
M datapath-windows/ovsext/Flow.c
Log Message:
-----------
datapath-windows: Fix issues around conntrack
After SET action with the attribute OVS_KEY_ATTR_TUNNEL we need to update
the flow key to accommodate for new offsets which should be used.
Re-extract the flow key before sending it to the conntracking module.
Increase size of the tunnel key attributes.
Signed-off-by: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Commit: 6c45b678520ccbde25607831120e408d19cb65df
https://github.com/openvswitch/ovs/commit/6c45b678520ccbde25607831120e408d19cb65df
Author: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Date: 2020-08-30 (Sun, 30 Aug 2020)
Changed paths:
M datapath-windows/ovsext/Conntrack.h
Log Message:
-----------
datapath-windows: Conntrack, Add check for TCP header extraction
Add an additional check before trying to look at the TCP header.
Signed-off-by: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Commit: c93d9c451c72e2ceeadd981f0436a405ae330dae
https://github.com/openvswitch/ovs/commit/c93d9c451c72e2ceeadd981f0436a405ae330dae
Author: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Date: 2020-08-30 (Sun, 30 Aug 2020)
Changed paths:
M datapath-windows/ovsext/PacketIO.c
Log Message:
-----------
datapath-windows: Add check for OVS context in OvsSendNBLIngress
Signed-off-by: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Commit: c7dae4bfff26ad0479245b5dd3e20110c04d769a
https://github.com/openvswitch/ovs/commit/c7dae4bfff26ad0479245b5dd3e20110c04d769a
Author: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Date: 2020-08-30 (Sun, 30 Aug 2020)
Changed paths:
M datapath-windows/ovsext/Actions.c
M datapath-windows/ovsext/Flow.c
M datapath-windows/ovsext/Tunnel.c
M datapath-windows/ovsext/User.c
M datapath-windows/ovsext/User.h
Log Message:
-----------
datapath-windows: Append tunnel info to upcall for correct template
Formerly, there is no tunnel information appended in the upcall’s
packet data, which is expected by IPFIX in userspace to calculate
the template for exporting the sampled flow record of on egress
tunnel port.
To fix this, during performing OvsOutputUserspaceAction(), we
would check whether it is initiated by the sampling on egress
tunnel which would be indicated by the attribute as
OVS_USERSPACE_ATTR_EGRESS_TUN_PORT in the nested attribute
list. If so, we would append the tunKey in OvsForwardingContext
indexed by OVS_PACKET_ATTR_EGRESS_TUN_KEY to the upcall.
Besides, at this point, the source transport port and source ip
address are not available in the structure, so we have to fill it in the
way how the packet would be capsulated during performing
OvsEncapGeneve(), which is following the
OvsOutputUserspaceAction() unfortunately.
I have tested the IPFIX functionality with the change, we could see the
template is correct and the expected tunnel information could be
packed in the IPFIX packet finally. The traffic for test is generated by
PING utility.
Signed-off-by: Amber Hu <qhu at vmware.com>
Acked-by: Alin Gabriel Serdean <aserdean at ovn.org>
Signed-off-by: Alin Gabriel Serdean <aserdean at ovn.org>
# Conflicts:
# datapath-windows/ovsext/User.c
Commit: b8e4858bb718d22dd9e4a3c051f7459de7de47e1
https://github.com/openvswitch/ovs/commit/b8e4858bb718d22dd9e4a3c051f7459de7de47e1
Author: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Date: 2020-08-31 (Mon, 31 Aug 2020)
Changed paths:
M configure.ac
Log Message:
-----------
Bump to 2.12.1.1 version
Bump the binary version
Signed-off-by: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Commit: 0360d3345791ecb23a7c61e78e7df1ee2eb00631
https://github.com/openvswitch/ovs/commit/0360d3345791ecb23a7c61e78e7df1ee2eb00631
Author: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Date: 2020-11-19 (Thu, 19 Nov 2020)
Changed paths:
M datapath-windows/ovsext/Debug.c
Log Message:
-----------
WiP: test w/o logging
Signed-off-by: Alin Gabriel Serdean <aserdean at cloudbasesolutions.com>
Compare: https://github.com/openvswitch/ovs/compare/8ab62fbe6a76%5E...0360d3345791
More information about the git
mailing list