diff --git a/SOURCES/openvswitch-2.11.3.patch b/SOURCES/openvswitch-2.11.3.patch index 491494f..a890e9c 100644 --- a/SOURCES/openvswitch-2.11.3.patch +++ b/SOURCES/openvswitch-2.11.3.patch @@ -18034,6 +18034,19 @@ index 28382e0123..02a9235d51 100644 prop_len = sizeof(*pnmt); break; } +diff --git a/lib/ofp-group.c b/lib/ofp-group.c +index 6857164f01..9c1b5b6cc3 100644 +--- a/lib/ofp-group.c ++++ b/lib/ofp-group.c +@@ -64,7 +64,7 @@ ofputil_group_from_string(const char *s, uint32_t *group_idp) + void + ofputil_format_group(uint32_t group_id, struct ds *s) + { +- char name[MAX_GROUP_NAME_LEN]; ++ char name[MAX_GROUP_NAME_LEN + 1]; + + ofputil_group_to_string(group_id, name, sizeof name); + ds_put_cstr(s, name); diff --git a/lib/ofp-packet.c b/lib/ofp-packet.c index aa3417c9b0..4638d8192c 100644 --- a/lib/ofp-packet.c diff --git a/SPECS/openvswitch2.11.spec b/SPECS/openvswitch2.11.spec index 310917e..e0547d5 100644 --- a/SPECS/openvswitch2.11.spec +++ b/SPECS/openvswitch2.11.spec @@ -66,7 +66,7 @@ Summary: Open vSwitch Group: System Environment/Daemons daemon/database/utilities URL: http://www.openvswitch.org/ Version: 2.11.3 -Release: 87%{?dist} +Release: 89%{?dist} # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL @@ -745,353 +745,1482 @@ exit 0 %changelog +* Mon May 10 2021 Open vSwitch CI - 2.11.3-89 +- Merging upstream branch-2.11 [RH gerrit: 1d6f0bd658] + Commit list: + 75907f8a11 ofp-group: Use big-enough buffer in ofputil_format_group(). + + +* Wed Apr 07 2021 Michael Santana - 2.11.3-88 +- Make changelog in spec file more informative [RH gerrit: 99ad8d96f6] + This is done by adding the body of the commit message to the changelong. + The body is indented and has extra spacing separating each entry in the + changelog to make each one more discernible since now they could be + longer + + Signed-off-by: Michael Santana + + * Wed Mar 17 2021 Open vSwitch CI - 2.11.3-87 -- Merging upstream branch-2.11 - [560df0228cb3c4cdc19c5d670e6708fe28f09f11] +- Merging upstream branch-2.11 [RH gerrit: 560df0228c] + Commit list: + 8710c3e5ce python: Send notifications after the transaction ends. + bf3ef6a869 Handle refTable values with setkey() + * Tue Mar 16 2021 Open vSwitch CI - 2.11.3-86 -- Merging upstream branch-2.11 - [67070c0625be3ba1bb178a4003512da416076a84] +- Merging upstream branch-2.11 [RH gerrit: 67070c0625] + Commit list: + e9ad1da4f4 Prepare for 2.11.8. + bbc2705315 Set release date for 2.11.7. + 0f475a5cd4 ovsdb-client: Fix needs-conversion when SERVER is explicitly specified. + 46299c1c72 dpdk: Use DPDK 18.11.11 release. + 65c61b0c23 ofp-actions: Fix use-after-free while decoding RAW_ENCAP. + * Wed Feb 10 2021 Open vSwitch CI - 2.11.3-85 -- Merging upstream branch-2.11 - [4351a9b51261d2079765dac654466202a4bd6a16] +- Merging upstream branch-2.11 [RH gerrit: 4351a9b512] + Commit list: + 9b0307cf7d Prepare for 2.11.7. + 5d07b5da2e Set release date for 2.11.6. + 018d35b7d9 cirrus: Use FreeBSD 12.2. + abd7a45765 flow: Support extra padding length. + * Fri Feb 05 2021 Open vSwitch CI - 2.11.3-84 -- Merging upstream branch-2.11 - [a4f1272cee605e664aaea91ae28daff5a24857d6] +- Merging upstream branch-2.11 [RH gerrit: a4f1272cee] + Commit list: + 5a62ed8002 dist-docs: Include manpages generated from rST. + * Thu Feb 04 2021 Timothy Redaelli - 2.11.3-83 -- flow: Support extra padding length. - [35a473f35c7227fcf9db3a338c52bc6f8bd4fa97] +- flow: Support extra padding length. [RH gerrit: 35a473f35c] + Although not required, padding can be optionally added until + the packet length is MTU bytes. A packet with extra padding + currently fails sanity checks. + + Fixes: fa8d9001a624 ("miniflow_extract: Properly handle small IP packets.") + Reported-by: Joakim Hindersson + Acked-by: Ilya Maximets + Signed-off-by: Flavio Leitner + * Wed Feb 03 2021 Open vSwitch CI - 2.11.3-82 -- Merging upstream branch-2.11 - [2e04729b438263639f321cdebb0191e0de668fd9] +- Merging upstream branch-2.11 [RH gerrit: 2e04729b43] + Commit list: + 1faf6f507c tc: Fix mpls bottom of stack bit mask reporting. + * Tue Feb 02 2021 Open vSwitch CI - 2.11.3-81 -- Merging upstream branch-2.11 - [a6fede58cbbb901bfa9fae88d59f088b005368b5] +- Merging upstream branch-2.11 [RH gerrit: a6fede58cb] + Commit list: + 6747878b7a python: Add 'six' to list of install requirements. + * Thu Jan 21 2021 Open vSwitch CI - 2.11.3-80 -- Merging upstream branch-2.11 - [b8354bd06233b96923cc18f7b8d769f0164d89c3] +- Merging upstream branch-2.11 [RH gerrit: b8354bd062] + Commit list: + cd0f896c01 github: Fix Ubuntu package installation. + 5804c31209 odp-util: Fix abort while formatting nsh actions. + * Thu Jan 14 2021 Open vSwitch CI - 2.11.3-79 -- Merging upstream branch-2.11 - [f41ec7e05b34518090771eafc1ca17f297c5f520] +- Merging upstream branch-2.11 [RH gerrit: f41ec7e05b] + Commit list: + d9e429cc49 Prepare for 2.11.6. + 634e6e41cd Set release date for 2.11.5. + * Wed Jan 13 2021 Open vSwitch CI - 2.11.3-78 -- Merging upstream branch-2.11 - [68170d878c052468321f0a6a15b44c1f531abb4f] +- Merging upstream branch-2.11 [RH gerrit: 68170d878c] + Commit list: + dc222c3cf1 lldp: do not leak memory on multiple instances of TLVs + 569595898b ofproto-dpif: Uninitialize 'xlate_cache' to free resources + * Thu Jan 07 2021 Open vSwitch CI - 2.11.3-77 -- Merging upstream branch-2.11 - [10478e38029da25e549bf899dde41a6eb948d523] +- Merging upstream branch-2.11 [RH gerrit: 10478e3802] + Commit list: + 008414b6f0 ovs-monitor-ipsec: Fix active connection regex. + * Thu Dec 24 2020 Open vSwitch CI - 2.11.3-76 -- Merging upstream branch-2.11 - [aa80d76b094b7eea8cd651a62ce251f77f179c25] +- Merging upstream branch-2.11 [RH gerrit: aa80d76b09] + Commit list: + 026339bc76 odp-util: Fix netlink message overflow with userdata. + 29077624db ovsdb-tool: Fix datum leak in the show-log command. + 041d001019 ofproto-dpif-xlate: Stop forwarding MLD reports to group ports. + * Wed Dec 02 2020 Open vSwitch CI - 2.11.3-75 -- Merging upstream branch-2.11 - [838f461d65b104b814f1f6857710c0221f50ca3f] +- Merging upstream branch-2.11 [RH gerrit: 838f461d65] + Commit list: + abe75f4938 datapath: ovs_ct_exit to be done under ovs_lock + 884800683f compat: rcu: Add support for consolidated-RCU reader checking + 090c694ac7 tests: Add overflow test for the sha1 library. + 7bcf93452e travis: Remove support for Travis CI. + a29cda9b26 github: Add GitHub Actions workflow. + a9748802e0 ovsdb-cluster.at: Fix infinite loop in torture tests. + * Tue Nov 17 2020 Open vSwitch CI - 2.11.3-74 -- Merging upstream branch-2.11 - [757d6ce62c7f7fe77533f6d632f515db847c4145] +- Merging upstream branch-2.11 [RH gerrit: 757d6ce62c] + Commit list: + 1dae577d74 ovsdb-idl: Fix *_is_new() IDL functions. + 709b548549 compat: Fix compile warning. + 8bd0dadd04 compat: Remove stale code. + 9414a66816 tests: Add parse-flow tests for MPLS fields. + 00ec8e5cb9 ofp-actions: Fix userspace support for mpls_ttl. + 655e9aa784 python: Don't raise an Exception on failure to connect via SSL. + 1cf4245ace lldp: correctly increase discarded count + 330d64d036 lldp: increase statsTLVsUnrecognizedTotal on unknown TLV + c00a829e45 lldp: fix a buffer overflow when handling management address TLV + 9aed58b5f1 lldp: Fix size of PEEK_DISCARD_UINT32() + 2c0bbbacf3 lldp: validate a bit more received LLDP frames + 72aa3deacf sha1: Fix algorithm for data bigger than 512 megabytes. + 7d52af2228 odp-util: Fix overflow of nested netlink attributes. + * Mon Nov 02 2020 Timothy Redaelli - 2.11.3-73 -- redhat: Explicitly define __python - [045337a5c881dae4f3b0b4f581eea4dfc32df256] +- redhat: Explicitly define __python [RH gerrit: 045337a5c8] + See https://fedoraproject.org/wiki/Changes/PythonMacroError + * Tue Oct 27 2020 Open vSwitch CI - 2.11.3-72 -- Merging upstream branch-2.11 - [e835b37ab382f04c6b3fa2fec4b7cd0d93cdaec6] +- Merging upstream branch-2.11 [RH gerrit: e835b37ab3] + Commit list: + 684e43b4d8 raft: Fix error leak on failure while saving snapshot. + * Thu Oct 22 2020 Open vSwitch CI - 2.11.3-71 -- Merging upstream branch-2.11 - [a11c3da9f778089b46183f3b21c33cbd48f43cc3] +- Merging upstream branch-2.11 [RH gerrit: a11c3da9f7] + Commit list: + cc81b50a60 ofp-ed-props: Fix using uninitialized padding for NSH encap actions. + * Fri Oct 09 2020 Open vSwitch CI - 2.11.3-70 -- Merging upstream branch-2.11 - [2a26d61978f7ddfd63a957142ae87512db9a6c68] +- Merging upstream branch-2.11 [RH gerrit: 2a26d61978] + Commit list: + 3cc79bbc13 system-userspace-packet-type-aware.at: Wait for ip address updates. + 2deed05096 netdev-dpdk: Don't set rx mq mode for net_virtio. + * Tue Oct 06 2020 Open vSwitch CI - 2.11.3-69 -- Merging upstream branch-2.11 - [e31b9384beb303ae722faf6fbaaac931a0a491c7] +- Merging upstream branch-2.11 [RH gerrit: e31b9384be] + Commit list: + 5ceafdc389 docs: Add flow control on i40e issue + * Wed Sep 16 2020 Open vSwitch CI - 2.11.3-68 -- Merging upstream branch-2.11 - [a43432762b2e12773cf207bb659b2e181dc269ed] +- Merging upstream branch-2.11 [RH gerrit: a43432762b] + Commit list: + dfcebfcc2f cirrus: Use FreeBSD 11.4. + 9e53a8a76b classifier: Fix use of uninitialized value. + 30387b61ac rhel: Fix logrotate group when dpdk is enabled. + * Thu Aug 27 2020 Open vSwitch CI - 2.11.3-67 -- Merging upstream branch-2.11 - [dd4802fb0c2e82bda1feee39ad3a64199fe5a57d] +- Merging upstream branch-2.11 [RH gerrit: dd4802fb0c] + Commit list: + 1b842af7ad ovs-dpctl-top: Skip "eth()" element. + 9ff2a5a115 meta-flow: fix a typo in "MPLS Bottom of Stack Field" paragraph. + * Tue Aug 18 2020 Flavio Leitner - 2.11.3-66 -- pkgtool: Use git-branch to retrieve the name. - [7240e67479909550e28239a8aa26c3ee0cf517f6] +- pkgtool: Use git-branch to retrieve the name. [RH gerrit: 7240e67479] + The name-rev can return any symbolic name for ref, whether + it is a branch or a tag. + + Use git branch --show-current instead. + * Mon Aug 17 2020 Open vSwitch CI - 2.11.3-65 -- Merging upstream branch-2.11 - [b16596dda3aa9773812e46a4c17f8089a0a89f78] +- Merging upstream branch-2.11 [RH gerrit: b16596dda3] + Commit list: + 05bbdfceb7 netdev-offload-dpdk: Fix for broken ethernet matching HWOL for XL710NIC. + * Wed Aug 12 2020 Open vSwitch CI - 2.11.3-64 -- Merging upstream branch-2.11 - [7b48e669229bc1db642607c41c26e8c59be5989b] +- Merging upstream branch-2.11 [RH gerrit: 7b48e66922] + Commit list: + e38b412dcb acinclude: Fix build with kernels with prandom* moved to prandom.h. + * Tue Aug 11 2020 Open vSwitch CI - 2.11.3-63 -- Merging upstream branch-2.11 - [9ae7cb0a10cda8a48cc856d4ff0cf585a5bfdf33] +- Merging upstream branch-2.11 [RH gerrit: 9ae7cb0a10] + Commit list: + 218ab4f731 Prepare for 2.11.5. + adf1b5c390 Set release date for 2.11.4. + 1210688623 datapath-windows: Update flow key in SET action + d04e409f39 dpctl: Fix memory leak in dpctl_dump_flows() + 5d7a08db86 ovs-router: Fix flushing of local routes. + * Sun Aug 09 2020 Flavio Leitner - 2.11.3-62 -- redhat: Add support to custom RPM releases. - [570434c6c20efc6a6b027c6f05a2f68d3bd1af83] +- redhat: Add support to custom RPM releases. [RH gerrit: 570434c6c2] + This commit allows the developer to specify a custom release + string to be appended to package NVR. + + If the custom release is 'bz123456', the final release would + look like -Y.bz123456.X where Y is the number of changes + until the branch was created, and X is the number of changes + after that. + * Sun Aug 09 2020 Flavio Leitner - 2.11.3-61 -- pkgtool: Use OVS static version in package NVR. - [2ed240a84c35f4906a0fd806a5ac1ca678b24603] +- pkgtool: Use OVS static version in package NVR. [RH gerrit: 2ed240a84c] + The package NVR must coincide with the tarball version. + * Fri Jul 17 2020 Flavio Leitner - 2.11.3-60 -- Merge branch 'fast-datapath-rhel-7' into fast-datapath-rhel-8 - [a2d9792f8cea55348a9f263c4f891298ffcb2462] +- Merge branch 'fast-datapath-rhel-7' into fast-datapath-rhel-8 [RH gerrit: a2d9792f8c] + * Thu Jul 16 2020 Flavio Leitner - 2.11.3-59 -- Merge branch 'fast-datapath-rhel-7' into fast-datapath-rhel-8 - [c9f7a9e2d37b09a1f154fe30b50260255cce4595] +- Merge branch 'fast-datapath-rhel-7' into fast-datapath-rhel-8 [RH gerrit: c9f7a9e2d3] + * Wed Jul 15 2020 Flavio Leitner - 2.11.3-58 -- spec: Fix configure to use dpdkdir without version. - [583acc91dd782f1e73cc20a27b7cbd8bb5a7bc98] +- spec: Fix configure to use dpdkdir without version. [RH gerrit: 583acc91dd] + * Mon Jul 13 2020 Flavio Leitner - 2.11.3-57 -- redhat: Rename OVSCI job name. - [cbcaa831188b77f253f718203dc743904538464a] +- redhat: Rename OVSCI job name. [RH gerrit: cbcaa83118] + The OVSCI job's name has been renamed to follow a standard. + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-56 -- This is fast-datapath-rhel-8 - [98f312f126a245f2609a8dcea9604e09832181f0] +- This is fast-datapath-rhel-8 [RH gerrit: 98f312f126] + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-55 -- bus/pci: fix VF memory access (#1851170) - [fa4d90db57191665037114e4098f3d1f6b6ea9c7] +- bus/pci: fix VF memory access (#1851170) [RH gerrit: fa4d90db57] + To fix CVE-2020-12888, the linux vfio-pci module will invalidate mmaps + and block MMIO access on disabled memory, it will send a SIGBUS to the + application: + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abafbc551fdd + + When the application opens the vfio PCI device, the vfio-pci module will + enable the bus memory space through PCI read/write access. According to + the PCIe specification, the 'Memory Space Enable' is always zero for VF: + + Table 9-13 Command Register Changes + + Bit Location | PF and VF Register Differences | PF | VF + | From Base | Attributes | Attributes + -------------+--------------------------------+------------+----------- + | Memory Space Enable - Does not | | + | apply to VFs. Must be hardwired| Base | 0b + 1 | to 0b for VFs. VF Memory Space | | + | is controlled by the VF MSE bit| | + | in the VF Control register. | | + -------------+--------------------------------+------------+----------- + + Afterwards the vfio-pci will initialize its own virtual PCI config space + data ('vconfig') by reading the VF's physical PCI config space, then the + 'Memory Space Enable' bit in vconfig will always be 0b value. This will + make the vfio-pci treat the BAR memory space as disabled, and the SIGBUS + will be triggered if access these BARs. + + By investigation, the VF PCI device *passthrough* into the Guest OS by + QEMU has the 'Memory Space Enable' with 1b value. That's because every + PCI driver will start to enable the memory space, and this action will + be hooked by vfio-pci virtual PCI read/write to set the 'Memory Space + Enable' in vconfig space to 1b. So VF runs in guest OS has 'Mem+', but + VF runs in host OS has 'Mem-'. + + Align with PCI working mode in Guest/QEMU/Host, in DPDK, enable the PCI + bus memory space explicitly to avoid access on disabled memory. + + Fixes: 33604c31354a ("vfio: refactor PCI BAR mapping") + Cc: stable@dpdk.org + + Signed-off-by: Haiyue Wang + Acked-by: Anatoly Burakov + Tested-by: Harman Kalra + Tested-by: David Marchand + Tested-by: Thierry Martin + (cherry picked from commit 54f3fb127d9c265a5724d193e5c7c6db29fb4150) + + Resolves: #1851170 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-54 -- vhost: fix vring index check (#1831391) - [8e33084d85d80cea72d02de0abf36c142dcefa2a] +- vhost: fix vring index check (#1831391) [RH gerrit: 8e33084d85] + vhost_user_check_and_alloc_queue_pair() is used to extract + a vring index from a payload. This function validates the + index and is called early on in when performing message + handling. Most message handlers depend on it correctly + validating the vring index. + + Depending on the message type the vring index is in + different parts of the payload. The function contains a + switch/case for each type and copies the index. This is + stored in a uint16. This index is then validated. Depending + on the message, the source index is an unsigned int. If + integer truncation occurs (uint->uint16) the top 16 bits + of the index are never validated. + + When they are used later on (e.g. in + vhost_user_set_vring_num() or vhost_user_set_vring_addr()) + it can lead to out of bound indexing. The out of bound + indexed data gets written to, and hence this can cause + memory corruption. + + This patch fixes this vulnerability by declaring vring + index as an unsigned int in + vhost_user_check_and_alloc_queue_pair(). + + Fixes: 160cbc815b41 ("vhost: remove a hack on queue allocation") + Cc: stable@dpdk.org + + This issue has been assigned CVE-2020-10723 + + Reported-by: Ilja Van Sprundel + Signed-off-by: Maxime Coquelin + Reviewed-by: Xiaolong Ye + Reviewed-by: Ilja Van Sprundel + (cherry picked from commit c78d94189dced04def987a17f16097fcb197a186) + + Resolves: #1831391 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-53 -- vhost: check log mmap offset and size overflow (#1831391) - [753ae0cf66553e8fd71b8e76642900d9fb62c406] +- vhost: check log mmap offset and size overflow (#1831391) [RH gerrit: 753ae0cf66] + vhost_user_set_log_base() is a message handler that is + called to handle the VHOST_USER_SET_LOG_BASE message. + Its payload contains a 64 bit size and offset. Both are + added up and used as a size when calling mmap(). + + There is no integer overflow check. If an integer overflow + occurs a smaller memory map would be created than + requested. Since the returned mapping is mapped as writable + and used for logging, a memory corruption could occur. + + Fixes: fbc4d248b198 ("vhost: fix offset while mmaping log base address") + + This issue has been assigned CVE-2020-10722 + + Reported-by: Ilja Van Sprundel + Signed-off-by: Maxime Coquelin + Reviewed-by: Xiaolong Ye + Reviewed-by: Ilja Van Sprundel + (cherry picked from commit 338f5eae5de73a91ba42951bfe7d1fba898e1aab) + + Resolves: #1831391 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-52 -- vhost: add device op when notification to guest is sent (#1726579) - [92715cf99cbebdb6d13e223872cdd44f822a4ebe] +- vhost: add device op when notification to guest is sent (#1726579) [RH gerrit: 92715cf99c] + This patch adds an operation callback which gets called every time + the library is waking up the guest trough an eventfd_write() call. + + This can be used by 3rd party application, like OVS, to track the + number of times interrupts where generated. This might be of + interest to find out system-call were called in the fast path. + + Signed-off-by: Eelco Chaudron + Reviewed-by: Maxime Coquelin + (cherry picked from commit 039253166a57ee660dd2fbe92ca77fa65154751c) + + Resolves: #1726579 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-51 -- net/i40e: re-program promiscuous mode on VF interface (#1733402) - [0fe1f42b5f3bc0b714f063d57cc79215459d28dc] +- net/i40e: re-program promiscuous mode on VF interface (#1733402) [RH gerrit: 0fe1f42b5f] + During a kernel PF reset, this event is propagated to the VF. + The DPDK VF PMD will execute the reset task before the PF is done + with his. This results in the admin queue message not being responded + to leaving the port in "promiscuous" mode. + + This patch makes sure the promiscuous mode is configured independently + of the current admin state. + + Signed-off-by: Eelco Chaudron + Reviewed-by: Xiao Zhang + (cherry picked from commit ddc7cb0d9453e0c0601a01eab1f388eae4c1fb65) + + Resolves: #1733402 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-50 -- bus/pci: always check IOMMU capabilities (#1711739) - [0815c39d39c0b34dd7456bde23077e1f25250dec] +- bus/pci: always check IOMMU capabilities (#1711739) [RH gerrit: 0815c39d39] + IOMMU capabilities won't change and must be checked even if no PCI device + seem to be supported yet when EAL initialised. + + This is to accommodate with SPDK that registers its drivers after + rte_eal_init(), especially on PPC platform where the IOMMU does not + support VA. + + Fixes: 703458e19c16 ("bus/pci: consider only usable devices for IOVA mode") + + Signed-off-by: David Marchand + Reviewed-by: David Christensen + Acked-by: Jerin Jacob + Tested-by: Jerin Jacob + Tested-by: Takeshi Yoshimura + + (cherry picked from commit 66d3724b2c87e6fcdf3851ca191683696a91b901) + Signed-off-by: David Marchand + + Resolves: #1711739 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-49 -- eal: fix IOVA mode selection as VA for PCI drivers (#1711739) - [11fbef3c85f71b257dc37dd9b570025ad4a24dfa] +- eal: fix IOVA mode selection as VA for PCI drivers (#1711739) [RH gerrit: 11fbef3c85] + The incriminated commit broke the use of RTE_PCI_DRV_IOVA_AS_VA which + was intended to mean "driver only supports VA" but had been understood + as "driver supports both PA and VA" by most net drivers and used to let + dpdk processes to run as non root (which do not have access to physical + addresses on recent kernels). + + The check on physical addresses actually closed the gap for those + drivers. We don't need to mark them with RTE_PCI_DRV_IOVA_AS_VA and this + flag can retain its intended meaning. + Document explicitly its meaning. + + We can check that a driver requirement wrt to IOVA mode is fulfilled + before trying to probe a device. + + Finally, document the heuristic used to select the IOVA mode and hope + that we won't break it again. + + Fixes: 703458e19c16 ("bus/pci: consider only usable devices for IOVA mode") + + Signed-off-by: David Marchand + Reviewed-by: Jerin Jacob + Tested-by: Jerin Jacob + Acked-by: Anatoly Burakov + + (cherry picked from commit b76fafb174d2cd5247c3573bb3d49444e195e760) + Signed-off-by: David Marchand + + Conflicts: + drivers/net/avf/avf_ethdev.c + drivers/net/ice/ice_ethdev.c + drivers/net/mlx4/mlx4.c + drivers/net/mlx5/mlx5.c + drivers/net/octeontx2/otx2_ethdev.c + drivers/raw/ioat/ioat_rawdev.c + + Resolves: #1711739 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-48 -- bus/pci: consider only usable devices for IOVA mode (#1711739) - [69f5cb4c56c59505c76d4599cb0117b9fd6bfc11] +- bus/pci: consider only usable devices for IOVA mode (#1711739) [RH gerrit: 69f5cb4c56] + When selecting the preferred IOVA mode of the pci bus, the current + heuristic ("are devices bound?", "are devices bound to UIO?", "are pmd + drivers supporting IOVA as VA?" etc..) should honor the device + white/blacklist so that an unwanted device does not impact the decision. + + There is no reason to consider a device which has no driver available. + + This applies to all OS, so implements this in common code then call a + OS specific callback. + + On Linux side: + - the VFIO special considerations should be evaluated only if VFIO + support is built, + - there is no strong requirement on using VA rather than PA if a driver + supports VA, so defaulting to DC in such a case. + + Signed-off-by: Ben Walker + Signed-off-by: David Marchand + Reviewed-by: Anatoly Burakov + + (cherry picked from commit 703458e19c16135143b3f30089e1af66100c82dc) + Signed-off-by: David Marchand + + Conflicts: + drivers/bus/pci/linux/pci.c + drivers/bus/pci/pci_common.c + + Resolves: #1711739 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-47 -- eal: compute IOVA mode based on PA availability (#1711739) - [d5e1d2fa507875898bae71762c84c4f1d63ed972] +- eal: compute IOVA mode based on PA availability (#1711739) [RH gerrit: d5e1d2fa50] + Currently, if the bus selects IOVA as PA, the memory init can fail when + lacking access to physical addresses. + This can be quite hard for normal users to understand what is wrong + since this is the default behavior. + + Catch this situation earlier in eal init by validating physical addresses + availability, or select IOVA when no clear preferrence had been expressed. + + The bus code is changed so that it reports when it does not care about + the IOVA mode and let the eal init decide. + + In Linux implementation, rework rte_eal_using_phys_addrs() so that it can + be called earlier but still avoid a circular dependency with + rte_mem_virt2phys(). + In FreeBSD implementation, rte_eal_using_phys_addrs() always returns + false, so the detection part is left as is. + + If librte_kni is compiled in and the KNI kmod is loaded, + - if the buses requested VA, force to PA if physical addresses are + available as it was done before, + - else, keep iova as VA, KNI init will fail later. + + Signed-off-by: Ben Walker + Signed-off-by: David Marchand + Acked-by: Anatoly Burakov + + (cherry picked from commit c2361bab70c56f64e50f07946b1b20bf688d782a) + Signed-off-by: David Marchand + + Resolves: #1711739 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-46 -- netdev-linux: Update LAG in all cases. (#1812892) - [276351180996d21a96b6539671e4eed4e636f65d] +- netdev-linux: Update LAG in all cases. (#1812892) [RH gerrit: 2763511809] + In some cases, when processing a netlink change event, it's possible for + an alternate part of OvS (like the IPv6 endpoint processing) to hold an + active netdev interface. This creates a race-condition, where sometimes + the OvS change processing will take the normal path. This doesn't work + because the netdev device object won't actually be enslaved to the + ovs-system (for instance, a linux bond) and ingress qdisc entries will + be missing. + + To address this, we update the LAG information in ALL cases where + LAG information could come in. + + Fixes: d22f8927c3c9 ("netdev-linux: monitor and offload LAG slaves to TC") + Cc: Marcelo Leitner + Cc: John Hurley + Acked-by: Roi Dayan + Signed-off-by: Aaron Conole + Signed-off-by: Ilya Maximets + (cherry picked from commit 7a076a53716394742d0ae44652451501ae17335d) + + Resolves: #1812892 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-45 -- netdev-offload-tc: Re-fetch block ID after probing. (#1812892) - [83cebd3221538df693d7170c3a17ed9a381911c6] +- netdev-offload-tc: Re-fetch block ID after probing. (#1812892) [RH gerrit: 83cebd3221] + It's possible that block_id could changes after the probe for block + support. Therefore, fetch the block_id again after the probe. + + Fixes: edc2055a2bf7 ("netdev-offload-tc: Flush rules on ingress block when init tc flow api") + Cc: Dmytro Linkin + Acked-by: Roi Dayan + Co-authored-by: Marcelo Leitner + Signed-off-by: Marcelo Leitner + Signed-off-by: Aaron Conole + Signed-off-by: Ilya Maximets + (cherry picked from commit 8508a57228560e154963c542823d36d8098e6610) + + Resolves: #1812892 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-44 -- netdev-offload-tc: Flush rules on ingress block when init tc flow api (#1812892) - [e5d7d5ec243b68d65383ca5075d7128f13e8aebc] +- netdev-offload-tc: Flush rules on ingress block when init tc flow api (#1812892) [RH gerrit: e5d7d5ec24] + OVS can fail to attach ingress block on iface when init tc flow api, + if block already exist with rules on it and is shared with other iface. + Fix by flush all existing rules on the ingress block prior to deleting + it. + + Fixes: 093c9458fb02 ("tc: allow offloading of block ids") + Signed-off-by: Dmytro Linkin + Acked-by: Raed Salem + Acked-by: Roi Dayan + Signed-off-by: Simon Horman + (cherry picked from commit edc2055a2bf73258d5731a8f8853397190348b04) + + Resolves: #1812892 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-43 -- netdev-vport: Use the dst_port in tunnel netdev name (#1727599) - [f4a6fb757441ee0ba5bf808a18cd8bf7a65a9124] +- netdev-vport: Use the dst_port in tunnel netdev name (#1727599) [RH gerrit: f4a6fb7574] + If tunnel device dst_port is not the default one, "ovs-dpctl dump-flows" + will fail. The error message for vxlan is: + + netdev_linux|INFO|ioctl(SIOCGIFINDEX) on vxlan_sys_4789 device failed: No such device + + That's because when calling netdev_vport_construct() for netdev + vxlan_sys_xxxx, the default dst_port is used. Actually, the dst_port + value is in the netdev name. Use it to avoid the error. + + Signed-off-by: Chris Mi + Reviewed-by: Roi Dayan + Signed-off-by: Ben Pfaff + (cherry picked from commit 6998788197e23c409a6b6cecaa30867ff6d40928) + + Resolves: #1727599 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-42 -- lib/tc: Fix flow dump for tunnel id equal zero (#1732305) - [765ba1d1c0898446d3c05d9c7d3e92134647787a] +- lib/tc: Fix flow dump for tunnel id equal zero (#1732305) [RH gerrit: 765ba1d1c0] + Tunnel id 0 is not printed unless tunnel flag FLOW_TNL_F_KEY is set. + Fix that by always setting FLOW_TNL_F_KEY when tunnel id is valid. + + Fixes: 0227bf092ee6 ("lib/tc: Support optional tunnel id") + Signed-off-by: Dmytro Linkin + Reviewed-by: Roi Dayan + Signed-off-by: Simon Horman + (cherry picked from commit 36e50679a6517ee1ec6ed9e4cc83293279a5fffc) + + Resolves: #1732305 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-41 -- lib/tc: Support optional tunnel id (#1732305) - [42f09fe96f8664a4165261c935d0a4117f0675d1] +- lib/tc: Support optional tunnel id (#1732305) [RH gerrit: 42f09fe96f] + Currently the TC tunnel_key action is always + initialized with the given tunnel id value. However, + some tunneling protocols define the tunnel id as an optional field. + + This patch initializes the id field of tunnel_key:set and tunnel_key:unset + only if a value is provided. + + In the case that a tunnel key value is not provided by the user + the key flag will not be set. + + Signed-off-by: Adi Nissim + Acked-by: Paul Blakey + Signed-off-by: Simon Horman + (cherry picked from commit 0227bf092ee6b5d18e2b79493d44769cb37ecc98) + + Resolves: #1732305 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-40 -- tc: Set 'no_percpu' flag for compatible actions (#1780690) - [42f07f6bd81f65f52b84bb7a0011c5bb21af71ce] +- tc: Set 'no_percpu' flag for compatible actions (#1780690) [RH gerrit: 42f07f6bd8] + Recent changes in Linux kernel TC action subsystem introduced new + TCA_ACT_FLAGS_NO_PERCPU_STATS flag. The purpose of the flag is to request + action implementation to skip allocating action stats with expensive percpu + allocator and use regular built-in action stats instead. Such approach + significantly improves rule insertion rate and reduce memory usage for + hardware-offloaded rules that don't need benefits provided by percpu + allocated stats (improved software TC fast-path performance). Set the flag + for all compatible actions. + + Modify acinclude.m4 to use OVS-internal pkt_cls.h implementation when + TCA_ACT_FLAGS is not defined by kernel headers and to manually define + struct nla_bitfield32 in netlink.h (new file) when it is not defined by + kernel headers. + + Signed-off-by: Vlad Buslov + Reviewed-by: Roi Dayan + Signed-off-by: Simon Horman + (cherry picked from commit 292d5bd9bb344527e0da19433cf3e51f8a24058c) + + Resolves: #1780690 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-39 -- rhel: let *-ctl handle runtime directory (#1785586) - [c3763ec916aef757d113a73fb402cf89753e92a7] +- rhel: let *-ctl handle runtime directory (#1785586) [RH gerrit: c3763ec916] + Recent versions of systemd restores RuntimeDirectory ownership to the + unit's User in between execution of *Exec directives (see [1]). Using + ExecStartPre to reset RuntimeDirectory ownership to OVS_USER no longer + works as expected. + + The ctl scripts already handle creation of the runtime directory with + correct ownership and permissions so we can basically remove + RuntimeDirectory from systemd unit file. There is still need to handle + ownsership to cover some upgrade scenarios, but success of that will be + optional as the directory itself wont exist at first time run. + + [1] https://github.com/systemd/systemd/issues/12713 + + Signed-off-by: Jaime Caamaño Ruiz + Signed-off-by: Ben Pfaff + (cherry picked from commit 7a65e5a9252ac06df62707a571931f501747ecfc) + + Resolves: #1785586 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-38 -- rhel: set useropts optional for ovsdb-server (#1785586) - [77bed8f0e4c0a3b7396a219d4680d585e88caf95] +- rhel: set useropts optional for ovsdb-server (#1785586) [RH gerrit: 77bed8f0e4] + systemd assesses the presssence of all EnvironmentFile before execution + of Exec* directives, thus useropts needs to be optional even though it + will always be created at ExecStartPre. + + Fixes: 94e1e8be3187 ("rhel: run ovn with the same user as ovs") + Signed-off-by: Jaime Caamaño Ruiz + Signed-off-by: Ben Pfaff + (cherry picked from commit 0186c3807cc4500c5699fcf034df3a995c34885c) + + Resolves: #1785586 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-37 -- rhel: run ovn with the same user as ovs (#1785586) - [8f5f39b4afcfcfc8f29e79db138629630909352a] +- rhel: run ovn with the same user as ovs (#1785586) [RH gerrit: 8f5f39b4af] + Both ovn and ovs share the same log and run directories which are owned + by the user running ovs so it makes sense that ovn runs under that user + too to diminish security concerns and possible problems with log rotation. + + Signed-off-by: Jaime Caamaño Ruiz + Signed-off-by: Ben Pfaff + (cherry picked from commit 94e1e8be3187a4824ac27ed843396dde5cc02d13) + + Resolves: #1785586 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-36 -- rhel: secure openvswitch useropts (#1785586) - [71154ad26f1c22aacc60ab0a1ea335b7b2a6588a] +- rhel: secure openvswitch useropts (#1785586) [RH gerrit: 71154ad26f] + The openvswitch useropts file is being stored in a directory where the + openvswitch user has write permissions. The openvswitch user can then + manipulate the file to change the user under which switchd daemon runs. + + This patch changes the file to /var/openvswitch.useropts preventing any + manipulation. + + Signed-off-by: Jaime Caamaño Ruiz + Signed-off-by: Ben Pfaff + (cherry picked from commit 27e25e18c1f4cdd789d5670ab9e01dcf02a86b6f) + + Resolves: #1785586 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-35 -- userspace: Improved packet drop statistics. (#1726568) - [a6b7a37be86d9fe990e4511f56b99d23d14f763d] +- userspace: Improved packet drop statistics. (#1726568) [RH gerrit: a6b7a37be8] + Currently OVS maintains explicit packet drop/error counters only on port + level. Packets that are dropped as part of normal OpenFlow processing + are counted in flow stats of “drop” flows or as table misses in table + stats. These can only be interpreted by controllers that know the + semantics of the configured OpenFlow pipeline. Without that knowledge, + it is impossible for an OVS user to obtain e.g. the total number of + packets dropped due to OpenFlow rules. + + Furthermore, there are numerous other reasons for which packets can be + dropped by OVS slow path that are not related to the OpenFlow pipeline. + The generated datapath flow entries include a drop action to avoid + further expensive upcalls to the slow path, but subsequent packets + dropped by the datapath are not accounted anywhere. + + Finally, the datapath itself drops packets in certain error situations. + Also, these drops are today not accounted for.This makes it difficult + for OVS users to monitor packet drop in an OVS instance and to alert a + management system in case of a unexpected increase of such drops. + Also OVS trouble-shooters face difficulties in analysing packet drops. + + With this patch we implement following changes to address the issues + mentioned above. + + 1. Identify and account all the silent packet drop scenarios + 2. Display these drops in ovs-appctl coverage/show + + Co-authored-by: Rohith Basavaraja + Co-authored-by: Keshav Gupta + Signed-off-by: Anju Thomas + Signed-off-by: Rohith Basavaraja + Signed-off-by: Keshav Gupta + Acked-by: Eelco Chaudron + Signed-off-by: Ilya Maximets + (cherry picked from commit a13a0209750c424556189796061c40d08c689467) + + Resolves: #1726568 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-34 -- netdev-dpdk: Fix sw stats perf drop. (#1790841) - [54f4571750280654fa05705b2d4657823dffbf64] +- netdev-dpdk: Fix sw stats perf drop. (#1790841) [RH gerrit: 54f4571750] + Accessing the sw stats in the vhost datapath of a PVP test + can incur a performance drop of ~2%. + + Most of the time these stats will just be getting zero added + to them. By checking if there is a non-zero update first, we + can avoid accessing them when they won't be updated and avoid + the performance drop. + + Fixes: 2f862c712e52 ("netdev-dpdk: Detailed packet drop statistics.") + Signed-off-by: Kevin Traynor + Acked-by: Eelco Chaudron + Signed-off-by: Ilya Maximets + (cherry picked from commit 6d77abf4f7ea5596ba8c4a7a27768e83e80a7e46) + + Resolves: #1790841 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-33 -- netdev-dpdk: Detailed packet drop statistics. (#1790841) - [1e1b33541a3a832e32d7515b660f2939b251718a] +- netdev-dpdk: Detailed packet drop statistics. (#1790841) [RH gerrit: 1e1b33541a] + OVS may be unable to transmit packets for multiple reasons on + the userspace datapath and today there is a single counter to + track packets dropped due to any of those reasons. This patch + adds custom software stats for the different reasons packets + may be dropped during tx/rx on the userspace datapath in OVS. + + - MTU drops : drops that occur due to a too large packet size + - Qos drops : drops that occur due to egress/ingress QOS + - Tx failures: drops as returned by the DPDK PMD send function + + Note that the reason for tx failures is not specified in OVS. + In practice for vhost ports it is most common that tx failures + are because there are not enough available descriptors, + which is usually caused by misconfiguration of the guest queues + and/or because the guest is not consuming packets fast enough + from the queues. + + These counters are displayed along with other stats in + "ovs-vsctl get interface statistics" command and are + available for dpdk and vhostuser/vhostuserclient ports. + + Also the existing "tx_retries" counter for vhost ports has been + renamed to "ovs_tx_retries", so that all the custom statistics + that OVS accumulates itself will have the prefix "ovs_". This + will prevent any custom stats names overlapping with + driver/HW stats. + + Acked-by: Kevin Traynor + Signed-off-by: Sriram Vatala + Signed-off-by: Ilya Maximets + (cherry picked from commit 2f862c712e52fe524e441ab58bb042dcb20214ee) + + Resolves: #1790841 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-32 -- netdev-dpdk: Reuse vhost function for dpdk ETH custom stats. (#1790841) - [e0d00f70c5154535a86295ea58f6ef726e478fc8] +- netdev-dpdk: Reuse vhost function for dpdk ETH custom stats. (#1790841) [RH gerrit: e0d00f70c5] + This is yet another refactoring for upcoming detailed drop stats. + It allows to use single function for all the software calculated + statistics in netdev-dpdk for both vhost and ETH ports. + + UINT64_MAX used as a marker for non-supported statistics in a + same way as it's done in bridge.c for common netdev stats. + + Co-authored-by: Sriram Vatala + Signed-off-by: Ilya Maximets + Signed-off-by: Sriram Vatala + Acked-by: Kevin Traynor + (cherry picked from commit b99ab8aaaf9f6057ddbc332c76ab774dbfd4ccc3) + + Resolves: #1790841 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-31 -- netdev-dpdk: Refactor vhost custom stats for extensibility. (#1790841) - [b084d7a5c2644ac5e6ec667c80ae9c39b3f22350] +- netdev-dpdk: Refactor vhost custom stats for extensibility. (#1790841) [RH gerrit: b084d7a5c2] + vHost interfaces currently has only one custom statistic, but there + might be others in the near future. This refactoring makes the code + work in the same way as it done for dpdk and afxdp stats to keep the + common style over the different code places and makes it easily + extensible for the new stats addition. + + Signed-off-by: Ilya Maximets + Reviewed-by: David Marchand + Acked-by: Kevin Traynor + (cherry picked from commit 5c7ba90d8189ee7b35a1723d5a76dc205720af50) + + Resolves: #1790841 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-30 -- netdev-dpdk: Fix not reporting rx_oversize_errors in stats. (#1790841) - [26017f85c82ba01a1e884a031605095b4f64ee69] +- netdev-dpdk: Fix not reporting rx_oversize_errors in stats. (#1790841) [RH gerrit: 26017f85c8] + There is a big code duplication issue with DPDK xstats that led to + missed "rx_oversize_errors" statistics. It's defined but not used. + Fix that by actually using this stat along with code refactoring that + will allow us to not make same mistakes in the future. + Macro definitions are perfectly suitable to automate code generation + in such cases and already used in a couple of places in OVS for similar + purposes. + + Signed-off-by: Ilya Maximets + Reviewed-by: David Marchand + Acked-by: Kevin Traynor + Acked-by: Ian Stokes + (cherry picked from commit 18366d165162051463fd28e9f46d1c2cbe355eb3) + + Resolves: #1790841 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-29 -- ovsdb replication: Provide option to configure probe interval. (#1788800) - [e8a669ead72973ced8bb15d9a18e25b323f05ab0] +- ovsdb replication: Provide option to configure probe interval. (#1788800) [RH gerrit: e8a669ead7] + When ovsdb-server is in backup mode and connects to the active + ovsdb-server for replication, and if takes more than 5 seconds to + get the dump of the whole database, it will drop the connection + soon after as the default probe interval is 5 seconds. This + results in a snowball effect of reconnections to the active + ovsdb-server. + + This patch handles or mitigates this issue by setting the + default probe interval value to 60 seconds and provide the option to + configure this value from the unixctl command. + + Other option could be increase the value of 'RECONNECT_DEFAULT_PROBE_INTERVAL' + to a higher value. + + Acked-by: Mark Michelson + Acked-by: Dumitru Ceara + Signed-off-by: Numan Siddique + Signed-off-by: Ben Pfaff + (cherry-picked from commit e988b8abeec9d4be94b519c5d4ed4586ff71fde0) + + Resolves: #1788800 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-28 -- netdev-dpdk: Add coverage counter to count vhost IRQs. (#1726579) - [3c3997eb0aa9693f89a6a3083b6fa12772d522dd] +- netdev-dpdk: Add coverage counter to count vhost IRQs. (#1726579) [RH gerrit: 3c3997eb0a] + When the dpdk vhost library executes an eventfd_write() call, + i.e. waking up the guest, a new callback will be called. + + This patch adds the callback to count the number of + interrupts sent to the VM to track the number of times + interrupts where generated. + + This might be of interest to find out system-calls were + called in the DPDK fast path. + + The coverage counter is called "vhost_notification" and + can be read with: + + $ ovs-appctl coverage/read-counter vhost_notification + 13238319 + + Signed-off-by: Eelco Chaudron + Signed-off-by: Ilya Maximets + + (cherry picked from commit 3d56e4ac445d17e69484a95b319ac578e3580b65) + Signed-off-by: David Marchand + + Conflicts: + lib/netdev-dpdk.c + + Resolves: #1726579 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-27 -- netdev-dpdk: add support for the RTE_ETH_EVENT_INTR_RESET event. (#1719644) - [ca1a1a8e1c6ec2b44744876b26630448022b95e9] +- netdev-dpdk: add support for the RTE_ETH_EVENT_INTR_RESET event. (#1719644) [RH gerrit: ca1a1a8e1c] + Currently, OVS does not register and therefore not handle the + interface reset event from the DPDK framework. This would cause a + problem in cases where a VF is used as an interface, and its + configuration changes. + + As an example in the following scenario the MAC change is not + detected/acted upon until OVS is restarted without the patch applied: + + $ echo 1 > /sys/bus/pci/devices/0000:05:00.1/sriov_numvfs + $ ovs-vsctl add-port ovs_pvp_br0 dpdk0 -- \ + set Interface dpdk0 type=dpdk -- \ + set Interface dpdk0 options:dpdk-devargs=0000:05:0a.0 + + $ ip link set p5p2 vf 0 mac 52:54:00:92:d3:33 + + Signed-off-by: Eelco Chaudron + Signed-off-by: Ilya Maximets + (cherry picked from commit 988fd46391495e1ff92fa0d81204ae712e89ef9d) + + Resolves: #1719644 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-26 -- bridge: Allow manual notifications about interfaces' updates. (#1719644) - [f58b68088819d4ec8b7bd3a1821929f5fea3170d] +- bridge: Allow manual notifications about interfaces' updates. (#1719644) [RH gerrit: f58b680888] + Sometimes interface updates could happen in a way ifnotifier is not + able to catch. For example some heavy operations (device reset) in + netdev-dpdk could require re-applying of the bridge configuration. + + For this purpose new manual notifier introduced. Its function + 'if_notifier_manual_report()' could be called directly by the code + that aware about changes. This new notifier is thread-safe. + + Signed-off-by: Ilya Maximets + Acked-by: Eelco Chaudron + + (cherry picked from commit db54e9672052db9c45f84d89454104eb2fedfb02) + Signed-off-by: David Marchand + + Conflicts: + lib/automake.mk + vswitchd/bridge.c + + Resolves: #1719644 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-25 -- Shutdown SSL connection before closing socket (#1780745) - [aa97017175536816f70d111647b5dc9bedd824ff] +- Shutdown SSL connection before closing socket (#1780745) [RH gerrit: aa97017175] + Without shutting down the SSL connection, log messages like: + + stream_ssl|WARN|SSL_read: unexpected SSL connection close + jsonrpc|WARN|ssl:127.0.0.1:47052: receive error: Protocol error + reconnect|WARN|ssl:127.0.0.1:47052: connection dropped (Protocol error) + + would occur whenever the socket is closed. This just adds an + SSLStream.close() that calls shutdown() and ignores SSL errors, the + same way that lib/stream-ssl.c does in ssl_close(). + + Signed-off-by: Terry Wilson + Signed-off-by: Ben Pfaff + (cherry picked from commit 5fe179987d14ff38cce345dbbe57ef1ffe7853cc) + + Resolves: #1780745 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-24 -- flake8: also check the ovs-check-dead-ifs script (#1751161) - [ecd3a1b407816c629c17f410f95eab868ab68257] +- flake8: also check the ovs-check-dead-ifs script (#1751161) [RH gerrit: ecd3a1b407] + Acked-by: William Tu + Signed-off-by: Aaron Conole + Signed-off-by: Ben Pfaff + (cherry picked from commit bc6f73c951af472d221985965085544e60248b03) + + Resolves: #1751161 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-23 -- ovs-check-dead-ifs: unshadow pid variable (#1751161) - [a086e7618191f0efc75746c1fe6d4481a397f2ac] +- ovs-check-dead-ifs: unshadow pid variable (#1751161) [RH gerrit: a086e76181] + The pid variable is being shadowed by the list comprehension in the + os.execvp() call. This can generate flakes / warnings in some environments + so fix it. + + Acked-by: William Tu + Signed-off-by: Aaron Conole + Signed-off-by: Ben Pfaff + (cherry picked from commit 78e2a56927b5ba7e6f8808e3cf967171a2708a57) + + Resolves: #1751161 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-22 -- ovs-check-dead-ifs: python3 print format (#1751161) - [d61553f744b42dc05186910be30171ed1f8425e3] +- ovs-check-dead-ifs: python3 print format (#1751161) [RH gerrit: d61553f744] + The print call changed in python3, so update it. + + Acked-by: William Tu + Signed-off-by: Aaron Conole + Signed-off-by: Ben Pfaff + (cherry picked from commit c864b82d889dc47fb88d5cdde8caeca962776871) + + Resolves: #1751161 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-21 -- ovs-tcpundump: exit when getting version (#1764127) - [ea9923af222ed5bf398846b553d7b7fe54e10bd6] +- ovs-tcpundump: exit when getting version (#1764127) [RH gerrit: ea9923af22] + Running 'ovs-tcpundump -V' will cause ovs-tcpundump to start processing on + stdin. Instead, print the version and exit. + + Signed-off-by: Aaron Conole + Signed-off-by: Ben Pfaff + (cherry picked from commit c691cffb03ba3a7595f364c2766fdd2ace8c3842) + + Resolves: #1764127 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-20 -- ovs-tcpundump: allow multiple packet lengths (#1764125) - [ac3b7794054e2b15b22855930b23ede24b5d5835] +- ovs-tcpundump: allow multiple packet lengths (#1764125) [RH gerrit: ac3b779405] + The tcpundump tool expects all packets to be a length which aligns to + exactly a 4-nibble boundary. This means packets like DNS requests will be + stripped before being correctly processed. Fix this by allowing at least + two nibbles (or one byte) alignment. + + Signed-off-by: Aaron Conole + Signed-off-by: Ben Pfaff + (cherry picked from commit 1051576cf2b8a6ffddf849d984c250a8456e6144) + + Resolves: #1764125 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-19 -- jsonrpc: increase input buffer size from 512 to 4096 (#1776883) - [9c93db837390817b3bae8b2104bec5becbd946cf] +- jsonrpc: increase input buffer size from 512 to 4096 (#1776883) [RH gerrit: 9c93db8373] + Increase jsonrpc input buffer size from 512 to 4096 bytes in order to + reduce the syscall overhead when downloading huge db size + + Acked-by: Mark Michelson + Signed-off-by: Lorenzo Bianconi + Signed-off-by: Ben Pfaff + (cherry picked from commit ea5c1ba0e3b899b8b6684f23a44bbfd4331815ee) + + Resolves: #1776883 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-18 -- netdev-dpdk: Track vhost tx contention. (#1740144) - [31112a95027735528554c91953de89175f94e191] +- netdev-dpdk: Track vhost tx contention. (#1740144) [RH gerrit: 31112a9502] + Add a coverage counter to help diagnose contention on the vhost txqs. + This is seen as dropped packets on the physical ports for rates that + are usually handled fine by OVS. + + Acked-by: Eelco Chaudron + Signed-off-by: David Marchand + Signed-off-by: Ilya Maximets + (cherry picked from commit 9ff24b9c9323652f9dc80ff7928148c4af12da9c) + + Resolves: #1740144 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-17 -- ovsdb-server: Allow replication from older schema version servers. (#1766586) - [cb53fe2282c1c260cb7cc98c9d21e0573b304283] +- ovsdb-server: Allow replication from older schema version servers. (#1766586) [RH gerrit: cb53fe2282] + Presently, replication is not allowed if there is a schema version mismatch between + the schema returned by the active ovsdb-server and the local db schema. This is + causing failures in OVN DB HA deployments during uprades. + + In the case of OpenStack tripleo deployment with OVN, OVN DB ovsdb-servers are + deployed on a multi node controller cluster in active/standby mode. During + minor updates or major upgrades, the cluster is updated one at a time. If + a node A is running active OVN DB ovsdb-servers and when it is updated, another + node B becomes active. After the update when OVN DB ovsdb-servers in A are started, + these ovsdb-servers fail to replicate from the active if there is a schema + version mismatch. + + This patch addresses this issue by allowing replication even if there is a + schema version mismatch only if all the active db schema tables and its colums are + present in the local db schema. + + This should not result in any data loss. + + Signed-off-by: Numan Siddique + Signed-off-by: Ben Pfaff + (cherry picked from commit cec7005bde4bc81de7b94a3dc4b4160800c98be7) + + Resolves: #1766586 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-16 -- ovsdb-server: Don't drop all connections on read/write status change. (#1761572) - [5a0a77328bcab168ad04fba006158f2c2884befb] +- ovsdb-server: Don't drop all connections on read/write status change. (#1761572) [RH gerrit: 5a0a77328b] + The commit [1] force drops all connections when the db read/write status changes. + Prior to the commit [1], when there was read/write status change, the existing + jsonrpc sessions with 'db_change_aware' set to true, were not updated with the + changed 'read_only' value. If the db status was changed to 'standby', the existing + clients could still write to the db. + + In the case of pacemaker OVN HA, OVN OCF script 'start' action starts the + ovsdb-servers in read-only state and later, it sets to read-write in the + 'promote' action. We have observed that if some ovn-controllers connect to + the SB ovsdb-server (in read-only state) just before the 'promote' action, + the connection is not reset all the times and these ovn-controllers remain connected + to the SB ovsdb-server in read-only state all the time. Even though + the commit [1] calls 'ovsdb_jsonrpc_server_reconnect()' with 'forced' flag + set to true when the db read/write status changes, somehow the FSM misses resetting + the connections of these ovn-controllers. + + I think this needs to be addressed in the FSM. This patch doesn't address + this FSM issue. Instead it changes the behavior of 'ovsdb_jsonrpc_server_set_read_only()' + by setting the 'read_only' flag of all the jsonrpc sessions instead of forcefully + resetting the connection. + + I think there is no need to reset the connection. In large scale production + deployements with OVN, this results in unnecessary waste of CPU cycles as ovn-controllers + will have to connect twice - once during 'start' action and again during 'promote'. + + [1] - 2a9679e3b2c6("ovsdb-server: drop all connections on read/write status change") + + Acked-by: Dumitru Ceara + Signed-off-by: Numan Siddique + Signed-off-by: Ben Pfaff + (cherry picked from commit a5ff4874ba4bb60ced7bda6ad97d0be38e8172eb) + + Resolves: #1761572 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-15 -- ofproto-dpif: Fix continuation with patch port (#1761461) - [069d4bd4378e02bd61121f32fb2bc18ac316f358] +- ofproto-dpif: Fix continuation with patch port (#1761461) [RH gerrit: 069d4bd437] + This patch fixes the ofp_port to odp_port translation issue on patch + port with nxt_resume. When OVS resumes processing a packet from + nxt_resume, OVS does not translate the ofp in_port to odp in_port + correctly if the packet is originally received from a patch port. + Currently,OVS sets the odp in_port for this resume pakcet as ODPP_NONE + and push the resume packet back to the datapath. Later on, if the packet + goes through a recirc, OVS will generate the following message since it + can not translate odp in_port (ODPP_NONE) back to ofp in_port during upcall, + and push down a datapath rule to drop the packet. + + ofproto_dpif_upcall(handler16)|INFO|received packet on unassociated + datapath port 4294967295 + + When OVS revalidates the drop datapath flow with ODPP_NONE in_port, we + will see the following warning. + ofproto_dpif_upcall(revalidator18)|WARN|Failed to acquire udpif_key + corresponding to unexpected flow (Invalid argument): ufid:.... + + This patch resolves this issue by storing the odp in_port in the + continuation messages, and restores the odp in_port before push the + packet back to the datapath. + + VMWare-BZ: 2364696 + Signed-off-by: Yi-Hung Wei + Signed-off-by: Ben Pfaff + (cherry picked from commit 88d2ac50aa4e3383e185b698a1b3a44a6f7b4f80) + + Resolves: #1761461 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-14 -- vswitch: ratelimit the device add log (#1737146) - [052e541d4580fe49d3461c3045755374a0726dd5] +- vswitch: ratelimit the device add log (#1737146) [RH gerrit: 052e541d45] + It's possible that a port added to the system with certain kinds + of invalid parameters will cause the 'could not add' log to be + triggered. When this happens, the vswitch run loop can continually + re-attempt adding the port. While the parameters remain invalid + the vswitch run loop will re-trigger the warning, flooding the + syslog. + + This patch adds a simple rate limit to the log. + + Acked-by: William Tu + Signed-off-by: Aaron Conole + Signed-off-by: Ben Pfaff + (cherry picked from commit 45bd8c563273fb914ff1960a53cfdcfddb0a5588) + + Resolves: #1737146 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-13 -- netdev-dpdk: Enable tx-retries-max config. (#1747531) - [734086f5d4608b7cdf03a5d0a182245354e1f6eb] +- netdev-dpdk: Enable tx-retries-max config. (#1747531) [RH gerrit: 734086f5d4] + vhost tx retries can provide some mitigation against + dropped packets due to a temporarily slow guest/limited queue + size for an interface, but on the other hand when a system + is fully loaded those extra cycles retrying could mean + packets are dropped elsewhere. + + Up to now max vhost tx retries have been hardcoded, which meant + no tuning and no way to disable for debugging to see if extra + cycles spent retrying resulted in rx drops on some other + interface. + + Add an option to change the max retries, with a value of + 0 effectively disabling vhost tx retries. + + Signed-off-by: Kevin Traynor + Acked-by: Eelco Chaudron + Acked-by: Flavio Leitner + Acked-by: Ilya Maximets + Signed-off-by: Ian Stokes + (cherry picked from commit 080f080c3bc1e87da4affdce28a01b1a87a60364) + + Resolves: #1747531 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-12 -- netdev-dpdk: Add custom stat for vhost tx retries. (#1747531) - [0c238ac414e750fad80ec810ff42395df6c2e540] +- netdev-dpdk: Add custom stat for vhost tx retries. (#1747531) [RH gerrit: 0c238ac414] + vhost tx retries may occur, and it can be a sign that + the guest is not optimally configured. + + Add a custom stat so a user will know if vhost tx retries are + occurring and hence give a hint that guest config should be + examined. + + Signed-off-by: Kevin Traynor + Signed-off-by: Ian Stokes + (cherry picked from commit c161357d5d96f32144f4b63ee6b06049c0cc0a09) + + Resolves: #1747531 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-11 -- doc: Move vhost tx retry info to separate section. (#1747531) - [91d9e4d92b9efe06dccbf22f42faf1ae183a96e9] +- doc: Move vhost tx retry info to separate section. (#1747531) [RH gerrit: 91d9e4d92b] + vhost tx retry is applicable to vhost-user and vhost-user-client, + but was in the section that compares them. Also, moved further + down the doc as prefer to have more fundamental info about vhost + nearer the top. + + Fixes: 6d6513bfc657 ("doc: Add info on vhost tx retries.") + Reported-by: David Marchand + Signed-off-by: Kevin Traynor + Reviewed-by: David Marchand + Signed-off-by: Ian Stokes + (cherry picked from commit 4e6c16db31806dfcf84d6ebdb0d708cfa39bd08f) + + Resolves: #1747531 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-10 -- netdev-vport: Make ip6gre netdev type to use TC rules (#1725623) - [d3315b8035a875e9e3b425d72a97191fbcb7e065] +- netdev-vport: Make ip6gre netdev type to use TC rules (#1725623) [RH gerrit: d3315b8035] + The offload api functions already assigned to every tunnel class. + For ip6gre tunnel class only need to also assign the get_ifindex + function, similarly as done in commit 5e63eaa969a3 ("netdev-vport: Make + gre netdev type to use TC rules"). + + Signed-off-by: Eli Britstein + Reviewed-by: Roi Dayan + Signed-off-by: Ben Pfaff + (cherry picked from commit 8732450c2ee76410c7fbebaebe5f9cf27252208f) + + Resolves: #1725623 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-9 -- tunnel: Add layer 2 IPv6 GRE encapsulation support. (#1725623) - [0c20e7e83ddb50dbb6e0c37f986216e3953ea12e] +- tunnel: Add layer 2 IPv6 GRE encapsulation support. (#1725623) [RH gerrit: 0c20e7e83d] + The patch adds ip6gre support. Tunnel type 'ip6gre' with packet_type= + legacy_l2 is a layer 2 GRE tunnel over IPv6, carrying inner ethernet packets + and encap with GRE header with outer IPv6 header. Encapsulation of layer 3 + packet over IPv6 GRE, ip6gre, is not supported yet. I tested it by running: + # make check-kernel TESTSUITEFLAGS='-k ip6gre' + under kernel 5.2 and for userspace: + # make check TESTSUITEFLAGS='-k ip6gre' + + Tested-by: Greg Rose + Tested-at: https://travis-ci.org/gvrose8192/ovs-experimental/builds/552977116 + Reviewed-by: Greg Rose + Reviewed-by: Eli Britstein + Signed-off-by: William Tu + Signed-off-by: Ben Pfaff + (cherry picked from commit a3173ee1476840aaa6d90640169bd276568ff4c1) + + Resolves: #1725623 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-8 -- ovsdb-server: drop all connections on read/write status change (#1720947) - [0f0be40ee08c15a114029a5c0e046dc58d38fb09] +- ovsdb-server: drop all connections on read/write status change (#1720947) [RH gerrit: 0f0be40ee0] + Prior to this patch, only db change aware connections were dropped + on a read/write status change. However, current schema in OVN does + not allow clients to monitor whether a particular DB changes this + status. In order to accomplish this, we'd need to change the schema + and adapting ovsdb-server and existing clients. + + Before tackling that, this patch is changing ovsdb-server to drop + *all* the existing connections upon a read/write status change. This + will force clients to reconnect and honor the change. + + Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2019-July/048981.html + Signed-off-by: Daniel Alvarez + Signed-off-by: Ben Pfaff + (cherry picked from commit 2a9679e3b2c6fde74ddae362d88ba16db7fbfc38) + + Resolves: #1720947 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-7 -- netdev-tc-offloads: Support match on priority tags (#1725623) - [895735b3827e2afdd7c968d965e9f4fd9b0e1278] +- netdev-tc-offloads: Support match on priority tags (#1725623) [RH gerrit: 895735b382] + The logic by which a TC rule has a VLAN match is by the VLAN TCI field, + either the VID, PCP or CFI are non-zero. For priority-tag packets + there is a VLAN tag header with a zero VLAN TCI. Match on existence of + VLAN header (TPID) regardless of TCI matching. + + Signed-off-by: Eli Britstein + Reviewed-by: Roi Dayan + Signed-off-by: Simon Horman + (cherry picked from commit 0b0a84783cd6048ca3d35af0f5b4652cecd34358) + + Resolves: #1725623 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-6 -- rhel: limit stack size to 2M. (#1720315) - [79c6209e71801b94396ce4833cff99a2c0969e30] +- rhel: limit stack size to 2M. (#1720315) [RH gerrit: 79c6209e71] + The default stack size in Fedora/RHEL is 8M, which means when ovs-vswitchd + daemon starts and uses --mlockall (default), it will dirty all memory + regions for all threads which is proportionally to the number of CPUs. + + On a big host this increases memory usage to many hundreds of megabytes + while OVS actually requires much less. + + This patch relies on systemd to limit to 2M/thread. That is much more + than the minimum documented at function ovs_thread_create(): + + /* Some small systems use a default stack size as small as 80 kB, but OVS + * requires approximately 384 kB according to the following analysis: + * https://mail.openvswitch.org/pipermail/ovs-dev/2016-January/308592.html + * + * We use 512 kB to give us some margin of error. */ + + Acked-By: Timothy Redaelli + Tested-By: Timothy Redaelli + Signed-off-by: Flavio Leitner + Signed-off-by: Ben Pfaff + (cherry picked from commit b82a90e266e1246fe2973db97c95df22558174ea) + + Resolves: #1720315 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-5 -- Add a new OVS action check_pkt_larger (#1702564) - [c899ac57880e4446a00d83a590a5eb60fc081fdc] +- Add a new OVS action check_pkt_larger (#1702564) [RH gerrit: c899ac5788] + This patch adds a new action 'check_pkt_larger' which checks if the + packet is larger than the given size and stores the result in the + destination register. + + Usage: check_pkt_larger(len)->REGISTER + Eg. match=...,actions=check_pkt_larger(1442)->NXM_NX_REG0[0],next; + + This patch makes use of the new datapath action - 'check_pkt_len' + which was recently added in the commit [1]. + At the start of ovs-vswitchd, datapath is probed for this action. + If the datapath action is present, then 'check_pkt_larger' + makes use of this datapath action. + + Datapath action 'check_pkt_len' takes these nlattrs + * OVS_CHECK_PKT_LEN_ATTR_PKT_LEN - 'pkt_len' to check for + * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_GREATER (optional) - Nested actions + to apply if the packet length is greater than the specified 'pkt_len' + * OVS_CHECK_PKT_LEN_ATTR_ACTIONS_IF_LESS_EQUAL (optional) - Nested + actions to apply if the packet length is lesser or equal to the + specified 'pkt_len'. + + Let's say we have these flows added to an OVS bridge br-int + + table=0, priority=100 in_port=1,ip,actions=check_pkt_larger:100->NXM_NX_REG0[0],resubmit(,1) + table=1, priority=200,in_port=1,ip,reg0=0x1/0x1 actions=output:3 + table=1, priority=100,in_port=1,ip,actions=output:4 + + Then the action 'check_pkt_larger' will be translated as + - check_pkt_len(size=100,gt(3),le(4)) + + datapath will check the packet length and if the packet length is greater than 100, + it will output to port 3, else it will output to port 4. + + In case, datapath doesn't support 'check_pkt_len' action, the OVS action + 'check_pkt_larger' sets SLOW_ACTION so that datapath flow is not added. + + This OVS action is intended to be used by OVN to check the packet length + and generate an ICMP packet with type 3, code 4 and next hop mtu + in the logical router pipeline if the MTU of the physical interface + is lesser than the packet length. More information can be found here [2] + + [1] - https://kernel.googlesource.com/pub/scm/linux/kernel/git/davem/net-next/+/4d5ec89fc8d14dcdab7214a0c13a1c7321dc6ea9 + [2] - https://mail.openvswitch.org/pipermail/ovs-discuss/2018-July/047039.html + + Reported-at: + https://mail.openvswitch.org/pipermail/ovs-discuss/2018-July/047039.html + Suggested-by: Ben Pfaff + Signed-off-by: Numan Siddique + CC: Ben Pfaff + CC: Gregory Rose + Acked-by: Mark Michelson + Signed-off-by: Ben Pfaff + (cherry picked from commit 5b34f8fc3b38b430c05ee39a0c84f8e9da24cd3a) + + Conflicts: + NEWS + tests/ofprot-dpif.at +L10571 - Not really a conflict. Had to fix the test case because we + don't have the commit - dbf4a92800d0365cc3ec3c0e99df56e2ba676cb7 + + Resolves: #1702564 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-4 -- netlink linux: account for the netnsid netlink attr. (#1692812) - [ce14b518b702c2401a9a291a0afd654de5cd44a5] +- netlink linux: account for the netnsid netlink attr. (#1692812) [RH gerrit: ce14b518b7] + The buffer needs to be reallocated and data copied when + the netnsid netlink attribute is included, so avoid that + by accounting the attribute when the buffer is initially + allocated. + + Fixes: 756819ddd788 ("netdev-linux: use netlink to update netdev.") + Acked-by: Aaron Conole + Signed-off-by: Flavio Leitner + Signed-off-by: Ben Pfaff + (cherry picked from commit b43762a5ad3343d28e61ed518c97802c5bd8f380) + + Resolves: #1692812 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-3 -- rhel: Add an example to specify custom options (#1687775) - [a7dd6b6eb5e2dfe15d9387f83b614c8661b18bdd] +- rhel: Add an example to specify custom options (#1687775) [RH gerrit: a7dd6b6eb5] + Add an example to specify custom options of ovs-vswitchd and + ovsdb-server. + In the example, the log level for file and console destinations is set to dbg. + + Signed-off-by: Timothy Redaelli + Signed-off-by: Ben Pfaff + (cherry picked from commit 175b9a6401da76994bac955ebc9f440634e63d55) + + Resolves: #1687775 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-2 -- ovs-ctl: Permit to specify additional options (#1687775) - [b8a874b82e423a87965503da2384c45e84b6509a] +- ovs-ctl: Permit to specify additional options (#1687775) [RH gerrit: b8a874b82e] + Currently using ovs-ctl is not possible to specify additional options + for ovs-vswitchd and ovsdb-server (for example to specify a different + loglevel during daemon startup). + + This patch adds --ovs-vswitchd-options and --ovsdb-server-options + options to ovs-ctl in order to specify the additional options. + + Due to word splitting it may not be possible to specify an option that + includes whitespaces. + + Reported-at: https://bugzilla.redhat.com/1664794 + Reported-by: Matt Flusche + Signed-off-by: Timothy Redaelli + Signed-off-by: Ben Pfaff + (cherry picked from commit fce20b8b73b1c08bc0f51a04a2109d80e4bc8b51) + + Resolves: #1687775 + * Fri Jul 10 2020 Timothy Redaelli - 2.11.3-1 -- Merge commit 'a4efc599e0244e43fd417b2fb38b7f120eb1ebd4' into fast-datapath-rhel-7 - [8da1428afe7a47d5fe02d396ede18d7ecfb60128] +- Merge commit 'a4efc599e0244e43fd417b2fb38b7f120eb1ebd4' into fast-datapath-rhel-7 [RH gerrit: 8da1428afe] + * Thu Jun 25 2020 Timothy Redaelli - 2.11.0-56.20200327gita4efc59 - Backport "bus/pci: fix VF memory access" (#1851170)