[ovs-git] [openvswitch/ovs] a04197: rhel: Fix logrotate group when dpdk is enabled.

Ilya Maximets noreply at github.com
Wed Sep 16 12:27:27 UTC 2020


  Branch: refs/heads/branch-2.14
  Home:   https://github.com/openvswitch/ovs
  Commit: a04197a9758d7e7f5059e266702e678b96d412cb
      https://github.com/openvswitch/ovs/commit/a04197a9758d7e7f5059e266702e678b96d412cb
  Author: Jaime Caamaño Ruiz <jcaamano at suse.com>
  Date:   2020-09-15 (Tue, 15 Sep 2020)

  Changed paths:
    M rhel/openvswitch-fedora.spec.in

  Log Message:
  -----------
  rhel: Fix logrotate group when dpdk is enabled.

Otherwise logrotate will fail to generate the rotated log files.

Signed-off-by: Jaime Caamaño Ruiz <jcaamano at suse.com>
Acked-by: Flavio Leitner <fbl at sysclose.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: 3e8257d906e2d603ff2afa3498f05aae9e3f9f89
      https://github.com/openvswitch/ovs/commit/3e8257d906e2d603ff2afa3498f05aae9e3f9f89
  Author: Flavio Leitner <fbl at sysclose.org>
  Date:   2020-09-15 (Tue, 15 Sep 2020)

  Changed paths:
    M Documentation/topics/userspace-tso.rst

  Log Message:
  -----------
  userspace-tso: Document the minimum kernel version.

The kernel needs to be at least 4.19-rc7 to include the commit
9d2f67e43b73 ("net/packet: fix packet drop as of virtio gso")
otherwise the TSO packets are dropped when using raw sockets.

Fixes: 29cf9c1b3b9c ("userspace: Add TCP Segmentation Offload support")
Reported-by: Yi Yang <yangyi01 at inspur.com>
Signed-off-by: Flavio Leitner <fbl at sysclose.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: 18aaff8410ffb1ecf73e152967a3db99e91b0e7d
      https://github.com/openvswitch/ovs/commit/18aaff8410ffb1ecf73e152967a3db99e91b0e7d
  Author: William Tu <u9012063 at gmail.com>
  Date:   2020-09-15 (Tue, 15 Sep 2020)

  Changed paths:
    M lib/classifier.c

  Log Message:
  -----------
  classifier: Fix use of uninitialized value.

Coverity reports use of uninitialized value of cursor.
This happens in cls_cursor_start(), when rule is false,
cursor.subtable is uninitialized. CID 279324.

Signed-off-by: William Tu <u9012063 at gmail.com>
Reviewed-by: Greg Rose <gvrose8192 at gmail.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: f680c9c946dc916fdd5b4121642eb3575a9aa073
      https://github.com/openvswitch/ovs/commit/f680c9c946dc916fdd5b4121642eb3575a9aa073
  Author: Jaime Caamaño Ruiz <jcaamano at suse.com>
  Date:   2020-09-15 (Tue, 15 Sep 2020)

  Changed paths:
    M rhel/usr_lib_systemd_system_ovsdb-server.service

  Log Message:
  -----------
  rhel: Fix reload of OVS_USER_ID on startup.

OVS_USER_ID was being picked up from a previously existing
openvswitch.useropts rendering innefective any configuration change
through sysconfig.

There is no ordering between Exec* and Environment* stanzas of systemd,
full Enviroment* is always loaded before each Exec*. We make
sure that openvswitch.useropts is removed in a first Exec so that a
fresh OVS_USER_ID can be picked up from config in successive Exec*.

Fixes: 94e1e8b ("rhel: run ovn with the same user as ovs")
Signed-off-by: Jaime Caamaño Ruiz <jcaamano at suse.com>
Acked-by: Greg Rose <gvrose8192 at gmail.com>
Acked-by: Aaron Conole <aconole at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: 115c2e8a75873d1a47deef6472b42d5824ac68e2
      https://github.com/openvswitch/ovs/commit/115c2e8a75873d1a47deef6472b42d5824ac68e2
  Author: Jaime Caamaño Ruiz <jcaamano at suse.com>
  Date:   2020-09-16 (Wed, 16 Sep 2020)

  Changed paths:
    M NEWS
    M lib/netdev-dpdk.c

  Log Message:
  -----------
  netdev-dpdk: Don't set rx mq mode for net_virtio.

Since DPDK 19.11 [1], it is not allowed to set any RX mq mode for virtio
driver.

[1] https://github.com/DPDK/dpdk/commit/13b3137f3b7c8f866947a9b34e06a8aec0d084f7

Signed-off-by: Jaime Caamaño Ruiz <jcaamano at suse.com>
Acked-by: Flavio Leitner <fbl at sysclose.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: 65c47314e6081fc5911db63cdf10d6bab5ab061d
      https://github.com/openvswitch/ovs/commit/65c47314e6081fc5911db63cdf10d6bab5ab061d
  Author: Yi-Hung Wei <yihung.wei at gmail.com>
  Date:   2020-09-16 (Wed, 16 Sep 2020)

  Changed paths:
    M selinux/openvswitch-custom.te.in

  Log Message:
  -----------
  selinux: Add missing permissions for ovs-kmod-ctl.

On RHEL 8,  a SELinux policy is missing when ovs-kmod-ctl use modprobe
to load kernel modules.  This patch adds the missing permissions based
on /var/log/audit/audit.log

Example log of the AVC violations:
  type=AVC msg=audit(1599075387.136:65): avc:  denied  { read } for
  pid=1472 comm="modprobe" name="modules.alias.bin" dev="dm-0" ino=586629
  scontext=system_u:system_r:openvswitch_load_module_t:s0
  tcontext=system_u:object_r:modules_dep_t:s0 tclass=file permissive=0

  type=AVC msg=audit(1599085253.148:45): avc:  denied  { open } for pid=1355
  comm="modprobe" path="/usr/lib/modules/4.18.0-193.el8.x86_64/modules.dep.bin"
  dev="dm-0" ino=624258 scontext=system_u:system_r:openvswitch_load_module_t:s0
  tcontext=unconfined_u:object_r:modules_dep_t:s0 tclass=file permissive=0

VMWare-BZ: #2633569
Signed-off-by: Yi-Hung Wei <yihung.wei at gmail.com>
Acked-by: Greg Rose <gvrose8192 at gmail.com>
Acked-by: Ansis Atteka <aatteka at ovn.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: 69805fd5d188b3e3a5eaae26d66b9b9220c7f986
      https://github.com/openvswitch/ovs/commit/69805fd5d188b3e3a5eaae26d66b9b9220c7f986
  Author: Ilya Maximets <i.maximets at ovn.org>
  Date:   2020-09-16 (Wed, 16 Sep 2020)

  Changed paths:
    M .cirrus.yml

  Log Message:
  -----------
  cirrus: Use FreeBSD 11.4.

Support cycle of 11.3 ends in the end of September 2020,
so we need to upgrade.

Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Aaron Conole <aconole at redhat.com>


  Commit: 31129346ec2dd3572dc6863a0c6049f6aa65b51d
      https://github.com/openvswitch/ovs/commit/31129346ec2dd3572dc6863a0c6049f6aa65b51d
  Author: Boleslaw Tokarski <boleslaw.tokarski at jollamobile.com>
  Date:   2020-09-16 (Wed, 16 Sep 2020)

  Changed paths:
    M NEWS
    M ipsec/ovs-monitor-ipsec.in

  Log Message:
  -----------
  ipsec: Fix Strongswan configuration syntax.

Strongswan seems to have .opt files in the source tree with the dotted
option syntax. It seems that up until version 5.6, the syntax was also
accepted by Strongswan.

However, the .opt files are converted to .conf files during Strongswan
build, and the dotted syntax is no longer accepted by Strongswan (tested
on 5.8.2).

The effect was that the ovs ipsec monitor fails to start Strongswan,
since that complains with:
/etc/strongswan.d/ovs.conf:4: syntax error, unexpected ., expecting : or '{' or '=' [.]

This commit fixes the configuration file provided to Strongswan to .conf
syntax.

Signed-off-by: Boleslaw Tokarski <boleslaw.tokarski at jollamobile.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


Compare: https://github.com/openvswitch/ovs/compare/d5dd52d6454c...31129346ec2d


More information about the git mailing list