diff --git a/SOURCES/openvswitch-2.13.0.patch b/SOURCES/openvswitch-2.13.0.patch
index fff50d5..33fdb34 100644
--- a/SOURCES/openvswitch-2.13.0.patch
+++ b/SOURCES/openvswitch-2.13.0.patch
@@ -81566,6 +81566,21 @@ index 4df8f7c8b7..31d3139845 100644
const struct flow *flow; /* Flow extracted from 'packet'. */
/* Input, but possibly modified as a side effect of execution. */
+diff --git a/lib/dynamic-string.c b/lib/dynamic-string.c
+index 6f7b610a99..fd0127ed17 100644
+--- a/lib/dynamic-string.c
++++ b/lib/dynamic-string.c
+@@ -460,6 +460,10 @@ ds_chomp(struct ds *ds, int c)
+ void
+ ds_clone(struct ds *dst, struct ds *source)
+ {
++ if (!source->allocated) {
++ ds_init(dst);
++ return;
++ }
+ dst->length = source->length;
+ dst->allocated = dst->length;
+ dst->string = xmalloc(dst->allocated + 1);
diff --git a/lib/flow.c b/lib/flow.c
index 45bb96b543..353d5cd3ed 100644
--- a/lib/flow.c
@@ -83006,6 +83021,19 @@ index f95b19af4d..8c44eee8e9 100644
}
return true;
+diff --git a/lib/netlink-socket.c b/lib/netlink-socket.c
+index 47077e9478..5cb96fa6ec 100644
+--- a/lib/netlink-socket.c
++++ b/lib/netlink-socket.c
+@@ -917,7 +917,7 @@ nl_sock_transact_multiple__(struct nl_sock *sock,
+ }
+ if (txn->error) {
+ VLOG_DBG_RL(&rl, "received NAK error=%d (%s)",
+- error, ovs_strerror(txn->error));
++ txn->error, ovs_strerror(txn->error));
+ }
+ } else {
+ txn->error = 0;
diff --git a/lib/netlink.c b/lib/netlink.c
index de3ebcd0e7..26ab20bb4b 100644
--- a/lib/netlink.c
@@ -84671,7 +84699,7 @@ index eda265dfc5..a635ff7689 100644
#define SHA1_FMT \
"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x" \
diff --git a/lib/tc.c b/lib/tc.c
-index 12af0192b6..65938d7bee 100644
+index 12af0192b6..1acca38218 100644
--- a/lib/tc.c
+++ b/lib/tc.c
@@ -60,12 +60,6 @@ VLOG_DEFINE_THIS_MODULE(tc);
@@ -84730,7 +84758,15 @@ index 12af0192b6..65938d7bee 100644
return 0;
}
-@@ -2645,6 +2643,7 @@ nl_msg_put_flower_options(struct ofpbuf *request, struct tc_flower *flower)
+@@ -2462,6 +2460,7 @@ nl_msg_put_flower_acts(struct ofpbuf *request, struct tc_flower *flower)
+ if (!released && flower->tunnel) {
+ act_offset = nl_msg_start_nested(request, act_index++);
+ nl_msg_put_act_tunnel_key_release(request);
++ nl_msg_put_act_flags(request);
+ nl_msg_end_nested(request, act_offset);
+ released = true;
+ }
+@@ -2645,6 +2644,7 @@ nl_msg_put_flower_options(struct ofpbuf *request, struct tc_flower *flower)
bool is_vlan = eth_type_vlan(flower->key.eth_type);
bool is_qinq = is_vlan && eth_type_vlan(flower->key.encap_eth_type[0]);
bool is_mpls = eth_type_mpls(flower->key.eth_type);
@@ -84738,7 +84774,7 @@ index 12af0192b6..65938d7bee 100644
int err;
/* need to parse acts first as some acts require changing the matching
-@@ -2762,7 +2761,11 @@ nl_msg_put_flower_options(struct ofpbuf *request, struct tc_flower *flower)
+@@ -2762,7 +2762,11 @@ nl_msg_put_flower_options(struct ofpbuf *request, struct tc_flower *flower)
}
}
diff --git a/SPECS/openvswitch2.13.spec b/SPECS/openvswitch2.13.spec
index 266565f..fbdb45f 100644
--- a/SPECS/openvswitch2.13.spec
+++ b/SPECS/openvswitch2.13.spec
@@ -59,7 +59,7 @@ Summary: Open vSwitch
Group: System Environment/Daemons daemon/database/utilities
URL: http://www.openvswitch.org/
Version: 2.13.0
-Release: 120%{?commit0:.%{date}git%{shortcommit0}}%{?commit1:dpdk%{shortcommit1}}%{?dist}
+Release: 122%{?commit0:.%{date}git%{shortcommit0}}%{?commit1:dpdk%{shortcommit1}}%{?dist}
# Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the
# lib/sflow*.[ch] files are SISSL
@@ -710,471 +710,1836 @@ exit 0
%endif
%changelog
+* Mon Aug 16 2021 Open vSwitch CI <ovs-ci@redhat.com> - 2.13.0-122
+- Merging upstream branch-2.13 [RH git: 775922244f]
+ Commit list:
+ f61f810fb3 tc: Set action flags for tunnel_key release.
+ 0dc609a260 netlink-socket: Replace error with txn->error when logging nacked transactions.
+ d3776e354c dynamic-string: Fix a crash in ds_clone().
+
+
+* Mon Aug 16 2021 Michael Santana <msantana@redhat.com> - 2.13.0-121
+- pkgtool: Make changelog in spec file more informative [RH git: 42174a9bc1]
+ This is done by adding the body of the commit message to the changelong.
+ The body is indented and has extra spacing separating each entry in the
+ changelog to make each one more discernible since now they could be
+ longer.
+
+ Also, make sure the bugzilla ID is at the end of the line
+
+ Signed-off-by: Michael Santana <msantana@redhat.com>
+
+
* Mon Aug 02 2021 Open vSwitch CI <ovs-ci@redhat.com> - 2.13.0-120
-- Merging upstream branch-2.13
- [eda2f50cf9764b167acbcaa4919f58d06b95f66d]
+- Merging upstream branch-2.13 [RH git: eda2f50cf9]
+ Commit list:
+ f7e3b47e09 dpif-netdev: Fix offloads of modified flows.
+ 350507b163 dpif-netdev: Fix flow modification after failure.
+
* Mon Jul 26 2021 Open vSwitch CI <ovs-ci@redhat.com> - 2.13.0-119
-- Merging upstream branch-2.13
- [c2e53c31505b228aaa405be2bc36c25de4d9faeb]
+- Merging upstream branch-2.13 [RH git: c2e53c3150]
+ Commit list:
+ f92ce92e53 daemon-unix: Fix leak of a fork error message.
+
* Wed Jul 21 2021 Open vSwitch CI <ovs-ci@redhat.com> - 2.13.0-118
-- Merging upstream branch-2.13
- [d613ce404a9f86e8ff209fe3b17c76a231258bdf]
+- Merging upstream branch-2.13 [RH git: d613ce404a]
+ Commit list:
+ d794934d01 datapath-windows:Correct checksum for DNAT action
+
* Sat Jul 17 2021 Open vSwitch CI <ovs-ci@redhat.com> - 2.13.0-117
-- Merging upstream branch-2.13
- [1dbd295283c1533e979c2d7694168a6737c8d645]
+- Merging upstream branch-2.13 [RH git: 1dbd295283]
+ Commit list:
+ 9b1c0df6ad dpif-netlink: Fix report_loss() message.
+ 17e98772cb conntrack: Document all-zero IP SNAT behavior and add a test case.
+ 305b944a2e ovsdb-server: Fix memleak when failing to read storage.
+ 1aa1f59142 netdev-linux: Ignore TSO packets when TSO is not enabled for userspace.
+ d127fa6d2b conntrack: Handle already natted packets.
+ c8ebe4434c python: Fix Idl.run change_seqno update.
+ 2762bf6895 Prepare for 2.13.5.
+ d72ccdfbda Set release date for 2.13.4.
+ 76fdda2b34 netlink: removed incorrect optimization
+ 9c386761f9 ovs-actions.xml: Add missing bracket.
+ be8c4af1ce netdev-offload-tc: Use nl_msg_put_flag for OVS_TUNNEL_KEY_ATTR_CSUM.
+
* Wed Jun 30 2021 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-116
-- Merging 15251f0e1d datapath-windows: Specify external include ..
- [f9d10a495b5d502d948a4c8e3c6301cfb942d6ac]
+- Merging 15251f0e1d datapath-windows: Specify external include .. [RH git: f9d10a495b]
+ Commit list:
+ 15251f0e1d datapath-windows: Specify external include paths
+ 9f05167b21 Remove Python 2 leftovers.
+ 64c3133c01 ipf: Fix a use-after-free error, and remove the 'do_not_steal' flag.
+ fe7bd42d6c ofproto: Fix potential NULL dereference in ofproto_ct_*_zone_timeout_policy().
+ fc23134227 ofproto: Fix potential NULL dereference in ofproto_get_datapath_cap().
+
* Thu May 27 2021 Open vSwitch CI <ovs-ci@redhat.com> - 2.13.0-115
-- Merging upstream branch-2.13
- [190762bf5ce2ebac4f08d1505bcee11520f7be38]
+- Merging upstream branch-2.13 [RH git: 190762bf5c]
+ Commit list:
+ 8be19f789b dpif-netlink: Fix send of uninitialized memory in ct limit requests.
+ 25dd08492d ofproto-dpif: Fix use of uninitialized attributes of timeout policy.
+ 95570b23c8 netdev-linux: Fix use of uninitialized LAG master name.
+
* Fri May 21 2021 Open vSwitch CI <ovs-ci@redhat.com> - 2.13.0-114
-- Merging upstream branch-2.13
- [63656e47fb7ec23d8c869a3779eb412806451b6a]
+- Merging upstream branch-2.13 [RH git: 63656e47fb]
+ Commit list:
+ 160bb80a32 ofp_actions: Fix set_mpls_tc formatting.
+
* Wed May 19 2021 Open vSwitch CI <ovs-ci@redhat.com> - 2.13.0-113
-- Merging upstream branch-2.13
- [43b0d45790ee550fdda3108c89510af6bf65fe7a]
+- Merging upstream branch-2.13 [RH git: 43b0d45790]
+ Commit list:
+ 32a197f845 dpif-netdev: Remove meter rate from the bucket size calculation.
+ 1b4d8fe1d9 ovsdb-idl: Consider all tables when computing expected cond seqno.
+
* Sat May 15 2021 Open vSwitch CI <ovs-ci@redhat.com> - 2.13.0-112
-- Merging upstream branch-2.13
- [3f4fc768f047a1072907df202826465863fb36e7]
+- Merging upstream branch-2.13 [RH git: 3f4fc768f0]
+ Commit list:
+ 9acbf2cff7 ovs-ofctl: Fix coredump when using "add-groups" command.
+
* Fri May 14 2021 Open vSwitch CI <ovs-ci@redhat.com> - 2.13.0-111
-- Merging upstream branch-2.13
- [5eca61ee5ecc569c1b4458826955523e4804647b]
+- Merging upstream branch-2.13 [RH git: 5eca61ee5e]
+ Commit list:
+ 058702e3dc raft: Transfer leadership before creating snapshots.
+
* Wed May 12 2021 Open vSwitch CI <ovs-ci@redhat.com> - 2.13.0-110
-- Merging upstream branch-2.13
- [6022570f3ffe9e519fde26fdd8d52c175962f253]
+- Merging upstream branch-2.13 [RH git: 6022570f3f]
+ Commit list:
+ 3bc41e2b6a dpdk: Use DPDK 19.11.8 release.
+
* Tue May 11 2021 Open vSwitch CI <ovs-ci@redhat.com> - 2.13.0-109
-- Merging upstream branch-2.13
- [132c26ba2023095d0b74cc5f63a808b10ddfbe65]
+- Merging upstream branch-2.13 [RH git: 132c26ba20]
+ Commit list:
+ fbebe7377d github: Fix up malformed /etc/hosts.
+ 2a3d1f4971 doc: automake: Add support for sphinx 4.0.
+ 4ab5524dbb cirrus: Look up existing versions of python dependencies.
+
* Mon May 10 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-108
-- Merging upstream branch-2.13
- [d2edacdddd238483f35fc29edac5b42ace8e94a8]
+- Merging upstream branch-2.13 [RH git: d2edacdddd]
+ Commit list:
+ ea98fe0743 ofp-group: Use big-enough buffer in ofputil_format_group().
+
* Wed Apr 21 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-107
-- Merging upstream branch-2.13
- [9a8a64930161e8b1721509c8ca3562fbd837be49]
+- Merging upstream branch-2.13 [RH git: 9a8a649301]
+ Commit list:
+ 798a40ffb6 ofproto/ofproto-dpif-sflow: Check sflow agent in case of race
+ 9984d61124 dpif: Fix use of uninitialized execute hash.
+ 43c2a10922 odp-util: Fix use of uninitialized erspan metadata.
+ 4f68040a5c dpif-netlink: Fix using uninitialized info.tc_modify_flow_deleted in out label.
+ 1c2a5f170f netdev-offload-tc: Probe for support for any of the ct_state flags.
+ a4730043a4 compat: Add ct_state flags definitions.
+ bbd62d7a44 tc: Use skip_hw flag when probing tc features.
+
* Tue Apr 20 2021 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-106
-- Fix typo in rh-mock-srpm
- [5641bf9d72c0bb4a56a4a84dfb9d673ef60b42ab]
+- Fix typo in rh-mock-srpm [RH git: 5641bf9d72]
+ Thanks fbl for reporting
+
* Wed Apr 14 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-105
-- Merging upstream branch-2.13
- [0aaf7c02b702ebd002e5936868dd117706c505b4]
+- Merging upstream branch-2.13 [RH git: 0aaf7c02b7]
+ Commit list:
+ 759da53f07 Add test cases for ingress_policing parameters
+ c901a563f4 netdev-linux: correct unit of burst parameter
+
* Fri Apr 09 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-104
-- Merging upstream branch-2.13
- [1334a398c9b34857cb1e2939b3aaa56277064d46]
+- Merging upstream branch-2.13 [RH git: 1334a398c9]
+ Commit list:
+ d47800bd66 ovsdb-idl: Mark arc sources as updated when destination is deleted.
+ 6cf6f9d0d3 ovsdb-idl: Preserve references for deleted rows.
+ e7d451ab8a ovsdb-idl.at: Make test outputs more predictable.
+ 7fca8a3c94 test-ovsdb: Log steps in idl test.
+ 4ca9dd87f6 test-stream: Silence memory leak report.
+
* Tue Apr 06 2021 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-103
-- Align DPDK config to 19.11.7
- [62cff1abf5fda881c4e5b130df38372701d31ba4]
+- Align DPDK config to 19.11.7 [RH git: 62cff1abf5]
+
* Tue Apr 06 2021 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-102
-- Merge tag 'c765f42e31c1baa8f4e7a9e01080f5474596ea98' into fast-datapath-rhel-8
- [4ef8ee2e1a5edb1c1406f275032bc3d06ba139ca]
+- Merge tag 'c765f42e31c1baa8f4e7a9e01080f5474596ea98' into fast-datapath-rhel-8 [RH git: 4ef8ee2e1a]
+ dpdk-19.11.7
+
* Fri Apr 02 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-101
-- Merging upstream branch-2.13
- [02b662f992b57ed2cc2274efb0033abae7bf2aa8]
+- Merging upstream branch-2.13 [RH git: 02b662f992]
+ Commit list:
+ 68086371c8 ipsec: Fix IPv6 default route support for Libreswan.
+
* Thu Apr 01 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-100
-- Merging upstream branch-2.13
- [7323d4b8e428cec0b48de457159861b8a1cdd410]
+- Merging upstream branch-2.13 [RH git: 7323d4b8e4]
+ Commit list:
+ 2cb952326e ovs-ofctl: Fix segfault due to bad meter n_bands.
+
* Tue Mar 30 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-99
-- Merging upstream branch-2.13
- [8e7dc3319c3b29a77620f75b1d42ff42fd174ecf]
+- Merging upstream branch-2.13 [RH git: 8e7dc3319c]
+ Commit list:
+ a112239ff5 dpif-netdev: Refactor and fix the buckets calculation.
+ d9d8ebfa00 dpif-netdev: Fix the meter buckets overflow.
+
* Mon Mar 22 2021 Kevin Traynor <ktraynor@redhat.com> - 2.13.0-98
-- dpif-netdev: Allow PMD auto load balance with cross-numa. (#1938162)
- [edeaca020b9d40fed8a0a474f35eeec5ed4e338f]
+- dpif-netdev: Allow PMD auto load balance with cross-numa. [RH git: edeaca020b] (#1938162)
+ commit ec68a877db5bbfba49ddeb9929479c033420ea6b
+ Author: Kevin Traynor <ktraynor@redhat.com>
+ Date: Thu Mar 18 11:34:04 2021 +0000
+
+ dpif-netdev: Allow PMD auto load balance with cross-numa.
+
+ Previously auto load balance did not trigger a reassignment when
+ there was any cross-numa polling as an rxq could be polled from a
+ different numa after reassign and it could impact estimates.
+
+ In the case where there is only one numa with pmds available, the
+ same numa will always poll before and after reassignment, so estimates
+ are valid. Allow PMD auto load balance to trigger a reassignment in
+ this case.
+
+ Acked-by: Eelco Chaudron <echaudro@redhat.com>
+ Acked-by: David Marchand <david.marchand@redhat.com>
+ Tested-by: Sunil Pai G <sunil.pai.g@intel.com>
+ Acked-by: Flavio Leitner <fbl@sysclose.org>
+ Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
+ Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
+
+ Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1938162
+ Conflicts: Commit backported from upstream master branch. Commit not
+ present on upstream branch-2.13. Removed NEWS file update as could cause
+ future merge conflicts.
+
* Fri Mar 19 2021 Kevin Traynor <ktraynor@redhat.com> - 2.13.0-97
-- redhat: Update docs for test builds
- [0322f225d315978939c35b96237ffe611fa4fd1d]
+- redhat: Update docs for test builds [RH git: 0322f225d3]
+
* Tue Mar 16 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-96
-- Merging upstream branch-2.13
- [bb107a7f7f27a7f3ad77cebc15049606e63568c2]
+- Merging upstream branch-2.13 [RH git: bb107a7f7f]
+ Commit list:
+ fc8444fb1d python: Send notifications after the transaction ends.
+ 712193ff1c ovs-ctl: Allow recording hostname separately.
+ 3665d7f805 dpif-netdev: Fix crash when add dp flow without in_port field.
+ 732e17d6b6 Documentation: Fix DPDK qos example.
+ 1dee0a67e5 raft: Report disconnected in cluster/status if candidate retries election.
+ e78d6ffba7 raft: Reintroduce jsonrpc inactivity probes.
+ aea5fefdac connmgr: Check nullptr inside ofmonitor_report().
+ 26fa38c332 ovsdb-client: Fix needs-conversion when SERVER is explicitly specified.
+ 65582c0bad dpdk: Use DPDK 19.11.6 release.
+ 967d4055e7 windows, tests: Modify service test.
+ ccdfc67b74 netdev-linux: Fix indentation.
+ 81e759618c ci: Use parallel build for distcheck.
+ 6d67310f4d ofp-actions: Fix use-after-free while decoding RAW_ENCAP.
+
* Mon Feb 15 2021 Eelco Chaudron <echaudro@redhat.com> - 2.13.0-95
-- conntrack: add generic IP protocol support
- [6b3ca4b0282bb6e728066004fca47a0936e4b8c3]
+- conntrack: add generic IP protocol support [RH git: 6b3ca4b028]
+ Currently, userspace conntrack only tracks TCP, UDP, and ICMP, and all
+ other IP protocols are discarded, and the +inv state is returned. This
+ is not in line with the kernel conntrack. Where if no L4 information can
+ be extracted it's treated as generic L3. The change below mimics the
+ behavior of the kernel.
+
+ Resolves: BZ1876459
+
+ Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
+ Acked-by: Flavio Leitner <fbl@sysclose.org>
+ Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
+ (cherry picked from commit a27d70a8984879bc0a66afc2d7c35149659be24d)
+
* Wed Feb 10 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-94
-- Merging upstream branch-2.13
- [8655a639ac7db93d02e3cd003cf5ae4f7acad10a]
+- Merging upstream branch-2.13 [RH git: 8655a639ac]
+ Commit list:
+ 2be25e3b00 Prepare for 2.13.4.
+ f25820bf55 Set release date for 2.13.3.
+ 9a5e78b5c7 cirrus: Use FreeBSD 12.2.
+ 3512fb512c flow: Support extra padding length.
+
* Fri Feb 05 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-93
-- Merging upstream branch-2.13
- [2100324b58f204f956a35e9827d2d72e4d20b7d9]
+- Merging upstream branch-2.13 [RH git: 2100324b58]
+ Commit list:
+ a6efca9628 netdev-offload-tc: Reject rules with unsupported ct_state flags.
+
* Thu Feb 04 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-92
-- Merging upstream branch-2.13
- [92b77d14894afeb17d2b139e75670aaa29853511]
+- Merging upstream branch-2.13 [RH git: 92b77d1489]
+ Commit list:
+ 9985c46501 dist-docs: Include manpages generated from rST.
+
* Wed Feb 03 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-91
-- Merging upstream branch-2.13
- [ea87c21ff21477eff945b07a755329f05d4466b7]
+- Merging upstream branch-2.13 [RH git: ea87c21ff2]
+ Commit list:
+ fcae3177d4 tc: Fix mpls bottom of stack bit mask reporting.
+
* Tue Feb 02 2021 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-90
-- dpif-netdev: Add PMD auto load balance status log.
- [4fd540d8efc8369c6af05e5e266bf418afade8d3]
+- dpif-netdev: Add PMD auto load balance status log. [RH git: 4fd540d8ef]
+ When any PMD auto load balance parameters change, it is useful
+ to also log if the feature is enabled or disabled.
+
+ |dpif_netdev|INFO|PMD auto load balance load threshold changed to 70%
+ |dpif_netdev|INFO|PMD auto load balance is disabled
+
+ Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
+ Acked-by: David Marchand <david.marchand@redhat.com>
+ Acked-by: Ian Stokes <ian.stokes@intel.com>
+ Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
+ (cherry picked from commit 30de75520277a39ac775d15d4fa1c9cc886ad5d2)
+
* Tue Feb 02 2021 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-89
-- dpif-netdev: Add parameters to configure PMD auto load balance.
- [5935f7a9d8754ff0b5fadbc835c65dea9cdf1434]
+- dpif-netdev: Add parameters to configure PMD auto load balance. [RH git: 5935f7a9d8]
+ Two important parts of how PMD auto load balance operates are how
+ loaded a core needs to be and how much improvement is estimated
+ before a PMD auto load balance can trigger.
+
+ Previously they were hardcoded to 95% loaded and 25% variance
+ improvement.
+
+ These default values may not be suitable for all use cases and
+ we may want to use a more (or less) aggressive rebalance, either
+ on the pmd load threshold or on the minimum variance improvement
+ threshold.
+
+ The defaults are not changed, but "pmd-auto-lb-load-threshold" and
+ "pmd-auto-lb-improvement-threshold" parameters are added to override
+ the defaults.
+
+ $ ovs-vsctl set open_vswitch . other_config:pmd-auto-lb-load-threshold="70"
+ $ ovs-vsctl set open_vswitch . other_config:pmd-auto-lb-improvement-threshold="20"
+
+ Signed-off-by: Christophe Fontaine <cfontain@redhat.com>
+ Co-Authored-by: Kevin Traynor <ktraynor@redhat.com>
+ Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
+ Acked-by: David Marchand <david.marchand@redhat.com>
+ Acked-by: Ian Stokes <ian.stokes@intel.com>
+ Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
+ (cherry picked from commit 62ab5594c20cc815592562af69abb5b8ebe85d55)
+
* Tue Feb 02 2021 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-88
-- dpif-netdev: Add log for PMD auto load balance interval parameter.
- [a8f4696c200ee9f1786b66fe6c7d7da4caa9924c]
+- dpif-netdev: Add log for PMD auto load balance interval parameter. [RH git: a8f4696c20]
+ Previously if the parameter for the PMD auto load balance minimum
+ interval was changed at runtime, it was not logged unless the
+ PMD auto load balance feature was also changed to enabled.
+
+ Log the parameter anytime it changes, and use minutes when it is
+ logged as that is the user input format.
+
+ Fixes: 5bf84282482a ("Adding support for PMD auto load balancing")
+ Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
+ Acked-by: David Marchand <david.marchand@redhat.com>
+ Acked-by: Ian Stokes <ian.stokes@intel.com>
+ Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
+ (cherry picked from commit e4db0b69e2d81d8d5ca1265fbfbd08a9b30a1a02)
+
* Mon Feb 01 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-87
-- Merging upstream branch-2.13
- [d303f53850951fa26f6a832ffb2f437fcd4cf9f1]
+- Merging upstream branch-2.13 [RH git: d303f53850]
+ Commit list:
+ a5e068f24b netdev-dpdk: Fix incorrect shinfo initialization.
+ 522d828ae6 github: Don't fail the job if 'apt update' failed.
+ 81026f0bad vswitchd.xml: Fix supported IPsec tunnels.
+
* Fri Jan 29 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-86
-- Merging upstream branch-2.13
- [2986e0866ea3d2c5e9a4b4fd43e81e1477c03686]
+- Merging upstream branch-2.13 [RH git: 2986e0866e]
+ Commit list:
+ 98723e351f ovsdb-doc: Add build dependency on dirs.py.
+
* Thu Jan 28 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-85
-- Merging upstream branch-2.13
- [f2f6b58dd9df37438da9c7ef902decd613c787d6]
+- Merging upstream branch-2.13 [RH git: f2f6b58dd9]
+ Commit list:
+ 484068b741 dpctl: Fix dpctl process command parameter error.
+
* Thu Jan 28 2021 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-84
-- redhat: Use a mock config based on the buildsystem target
- [b820a7b8946c64749284b88538399dd2f9b411fe]
+- redhat: Use a mock config based on the buildsystem target [RH git: b820a7b894]
+
* Thu Jan 28 2021 Flavio Leitner <fbl@redhat.com> - 2.13.0-83
-- Merging b37528cef7 conntrack: Fix the icmp conntrack new state.
- [dc913c7d4c23e792d4077c81bc65c025bc4c5f6c]
+- Merging b37528cef7 conntrack: Fix the icmp conntrack new state. [RH git: dc913c7d4c]
+ Commit list:
+ b37528cef7 conntrack: Fix the icmp conntrack new state.
+ c06328ae57 conntrack: Fix icmp conntrack state.
+ 8e0a1527d7 odp-util: Fix abort while formatting nsh actions.
+
* Thu Jan 28 2021 Flavio Leitner <fbl@redhat.com> - 2.13.0-82
-- Merging f383000ca6 acinclude: Strip out -mno-avx512f provided ..
- [304ba372e44e1f930d6a2134140db415d8d56922]
+- Merging f383000ca6 acinclude: Strip out -mno-avx512f provided .. [RH git: 304ba372e4]
+ Commit list:
+ f383000ca6 acinclude: Strip out -mno-avx512f provided by DPDK.
+ 63f2aa2b7d acinclude: Strip out -march provided by DPDK.
+
* Wed Jan 20 2021 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-81
-- Enable AVX512 support on binutils >= 2.30-79.el8
- [8b3f9929026f45837b5670fade0ffde616fde5bc]
+- Enable AVX512 support on binutils >= 2.30-79.el8 [RH git: 8b3f992902]
+
* Thu Jan 14 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-80
-- Merging upstream branch-2.13
- [b7a6e48410649f2d0029baaf499a5cf0619f4f34]
+- Merging upstream branch-2.13 [RH git: b7a6e48410]
+ Commit list:
+ 66fc41bfb2 Prepare for 2.13.3.
+ e8ca014102 Set release date for 2.13.2.
+ 9b00c9c047 lldp: do not leak memory on multiple instances of TLVs
+ 02e48ecf29 ipf: Avoid accessing to a freed rp.
+ 999bec82e1 rhel: Fix libunwind dev package.
+
* Wed Jan 06 2021 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-79
-- Merging upstream branch-2.13
- [86c9f9af773d8564a7d26e4e80fba389617fab17]
+- Merging upstream branch-2.13 [RH git: 86c9f9af77]
+ Commit list:
+ 6c3d1c9f6f ovs-monitor-ipsec: Add option to not restart IKE daemon.
+ d9edf71d17 ovs-monitor-ipsec: Allow exit of ipsec daemon maintaining state.
+ 7286dc4412 ovs-ctl: Use 'stop_daemon' to stop ovs-monitor-ipsec.
+ 60c6013b7b ovs-monitor-ipsec: Fix active connection regex.
+ d59ec5359d ovs-monitor-ipsec: set correct 'leftcert' and 'rightcert' name
+ 6e1f4ade25 ovs-monitor-ipsec: Add support for tunnel 'local_ip'.
+ 03ee7466ca ovs-monitor-ipsec: Suppress "unknown %d argument" warning.
+ d371c42bbb ovs-monitor-ipsec: Fix _nss_clear_database() parse error.
+ ff48c43a59 ovs-ctl: Don't overwrite external-id hostname.
+
* Wed Dec 23 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-78
-- Merging upstream branch-2.13
- [2cfb47639f7b1e375f9802ab0c8a03265eeb6b24]
+- Merging upstream branch-2.13 [RH git: 2cfb47639f]
+ Commit list:
+ 7312222306 odp-util: Fix netlink message overflow with userdata.
+ b3c09431ad NEWS: Move '--offload-stats' entry to correct release.
+ 7c24762d3e ovsdb-tool: Fix datum leak in the show-log command.
+ a47647c6ec ofproto-dpif-xlate: Stop forwarding MLD reports to group ports.
+ 82093f97c5 github: Fix Ubuntu package installation.
+ 56b81e3ee7 jsonrpc: Avoid disconnecting prematurely due to long poll intervals.
+
* Fri Dec 04 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-77
-- Merging upstream branch-2.13
- [350e017b667ea581716c2c2bc6157beeb1e7fdca]
+- Merging upstream branch-2.13 [RH git: 350e017b66]
+ Commit list:
+ aacf05c5b8 ovsdb-idl: Fix expected condition seqno when changes are pending.
+ db74cd6f4b ovsdb-cluster.at: Fix infinite loop in torture tests.
+
* Fri Dec 04 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-76
-- Merging upstream branch-2.13
- [ece49fb665132c11fe815ae13e2bf7ecd36d9c9d]
+- Merging upstream branch-2.13 [RH git: ece49fb665]
+ Commit list:
+ cdf4cf4966 lib/tc: fix parse act pedit for tos rewrite
+
* Thu Dec 03 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-75
-- Merging upstream branch-2.13
- [3e10785905d14d986f5721ede1c2235d1912ffba]
+- Merging upstream branch-2.13 [RH git: 3e10785905]
+ Commit list:
+ ac5c067937 ovsdb-idl: Fix use-after-free when deleting orphaned rows.
+ 60607ba779 ovsdb-idl: Fix memleak when deleting orphan rows.
+ 08c8a29bf4 ovsdb-idl: Fix memleak when reinserting tracked orphan rows.
+
* Wed Dec 02 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-74
-- Merging upstream branch-2.13
- [773fc1e75ba2b56c434caa43f9f78fda02d82f23]
+- Merging upstream branch-2.13 [RH git: 773fc1e75b]
+ Commit list:
+ d853716dcb python: Update build system to ensure dirs.py is created.
+ 9ada310291 python: set ovs.dirs variables with build system values
+ 9342d27a26 datapath: ovs_ct_exit to be done under ovs_lock
+ d93d9181f5 compat: rcu: Add support for consolidated-RCU reader checking
+ 505b916b03 ovsdb-idl: Fix iteration over tracked rows with no actual data.
+ 1eb6abd6fc Handle refTable values with setkey()
+ feec8e6888 tests: Add overflow test for the sha1 library.
+ b5a39a7d7f travis: Remove support for Travis CI.
+ db5e2bdd3b github: Add GitHub Actions workflow.
+ 3ff5e400bd ci: Don't use 'native' machine for DPDK cache.
+
* Thu Nov 19 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-73
-- Fix building OVS on ppc64le and armv7hl with Python 3.9
- [a6928f88b26288fe7f8716f1e326b09d2fe4423b]
+- Fix building OVS on ppc64le and armv7hl with Python 3.9 [RH git: a6928f88b2]
+ Python 3.9 changed the architecture naming in suffix used for binary
+ extensions.
+ Use python3-config --extension-suffix in order to figure out the correct
+ extension suffix used for binary extensions.
+
+ This is not, currently, an issue on RHEL8, but it'll be an issue on
+ RHEL9 and it's an issue on Fedora Rawhide.
+
* Tue Nov 17 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-72
-- redhat: Enable ipsec support (#1782141)
- [2c7306b51f559b492c2aed5baba63c41d06cf296]
+- redhat: Enable ipsec support [RH git: 2c7306b51f] (#1782141)
+ Resolves: #1782141
+
* Mon Nov 16 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-71
-- Merging upstream branch-2.13
- [2aae1815250d0236b6ee7f074f864bf4d2af5537]
+- Merging upstream branch-2.13 [RH git: 2aae181525]
+ Commit list:
+ abe7fe4486 ovsdb-idl: Return correct seqno from ovsdb_idl_db_set_condition().
+ 03c12fe076 ovsdb-idl: Fix *_is_new() IDL functions.
+ 1b73731eef ovsdb-idl.at: Return stream open_block python tests.
+ b876447179 compat: Fix compile warning.
+ cb874fa2f2 compat: Remove stale code.
+ 6c5cd45051 tests: Add parse-flow tests for MPLS fields.
+ fa59781826 ofp-actions: Fix userspace support for mpls_ttl.
+ cdf2cf98e3 python: Don't raise an Exception on failure to connect via SSL.
+ 032fd056fe lldp: correctly increase discarded count
+ f051229561 lldp: increase statsTLVsUnrecognizedTotal on unknown TLV
+ 12ffc6118e lldp: fix a buffer overflow when handling management address TLV
+ 46b5101de0 lldp: Fix size of PEEK_DISCARD_UINT32()
+ 364d371c58 lldp: validate a bit more received LLDP frames
+ 3a3c52b8a2 sha1: Fix algorithm for data bigger than 512 megabytes.
+ 8ea7e55eb6 odp-util: Fix overflow of nested netlink attributes.
+
* Wed Nov 11 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-70
-- redhat: Fix conf.db permissions in the spec.
- [46d36172986f80091292beb55e2124d1d7a80a6e]
+- redhat: Fix conf.db permissions in the spec. [RH git: 46d3617298]
+ Upstream has removed the read permission from the db file
+ because it may incur security concerns, for example, IPsec
+ Pre-shared keys are stored in the db.
+
+ Fixes: 3e581f43a9 ("ovsdb: Remove read permission of *.db from others.")
+ Signed-off-by: Flavio Leitner <fbl@redhat.com>
+
* Wed Nov 11 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-69
-- Merging d43d10e10c netdev-offload-dpdk: Preserve HW statistics..
- [a779495d0366223d2cdfd62ccd878ba68d6568df]
+- Merging d43d10e10c netdev-offload-dpdk: Preserve HW statistics.. [RH git: a779495d03]
+ Commit list:
+ d43d10e10c netdev-offload-dpdk: Preserve HW statistics for modified flows.
+ 3e581f43a9 ovsdb: Remove read permission of *.db from others.
+ 1440833435 raft: Make backlog thresholds configurable.
+ efc59be2ea raft: Set threshold on backlog for raft connections.
+
* Mon Nov 09 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-68
-- Merging dc5b4e8f69 ovs-bugtool: Fix crash when enable --ovs.
- [de7f5508d74813425812e10fe2bf59d1770e1f23]
+- Merging dc5b4e8f69 ovs-bugtool: Fix crash when enable --ovs. [RH git: de7f5508d7]
+ Commit list:
+ dc5b4e8f69 ovs-bugtool: Fix crash when enable --ovs.
+
* Thu Nov 05 2020 Ilya Maximets <i.maximets@redhat.com> - 2.13.0-67
-- Merging upstream branch-2.13
- [03753de14fe750a686db5eb0ce9a16df89e0d647]
+- Merging upstream branch-2.13 [RH git: 03753de14f]
+ Commit list:
+ 07049d5b66 bugtool: Fix for Python3.
+ 625a6f0f0e raft: Avoid having more than one snapshot in-flight.
+ fc7a644a73 ovsdb-server: Reclaim heap memory after compaction.
+ 49453540d9 raft: Add log length to the memory report.
+
* Wed Nov 04 2020 Ilya Maximets <i.maximets@redhat.com> - 2.13.0-66
-- Merging upstream branch-2.13
- [373b7e9f5192ac2d757e6750e9468746d2f6c52f]
+- Merging upstream branch-2.13 [RH git: 373b7e9f51]
+ Commit list:
+ fd29479f04 raft: Report jsonrpc backlog in kilobytes.
+ 7865bc49d3 ovsdb: Add raft memory usage to memory report.
+
* Tue Oct 27 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-65
-- Merging upstream branch-2.13
- [f9a054c1b5f25a501106bec2fb5b9cf1259ddca0]
+- Merging upstream branch-2.13 [RH git: f9a054c1b5]
+ Commit list:
+ 7a69ccf7e4 raft: Avoid annoying debug logs if raft is connected.
+ 3a8897322f raft: Fix error leak on failure while saving snapshot.
+
* Sat Oct 24 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-64
-- Merging upstream branch-2.13
- [73eb33dcf1bf45fb35c125e4573bf130bc181d16]
+- Merging upstream branch-2.13 [RH git: 73eb33dcf1]
+ Commit list:
+ 9bd5bf4c3a netdev-tc-offloads: Don't delete ufid mapping if fail to delete filter
+
* Wed Oct 21 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-63
-- Merging upstream branch-2.13
- [6f80f8c230dadd1c4c8a6830aab018271b79f66e]
+- Merging upstream branch-2.13 [RH git: 6f80f8c230]
+ Commit list:
+ df3ecbbb6b travis: Fix kernel download retry.
+ 1c9e73f922 Revert "travis: Disable check for array of flexible structures in sparse."
+ 1557ce2673 ofp-ed-props: Fix using uninitialized padding for NSH encap actions.
+
* Wed Oct 21 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-62
-- redhat: Add conflicts for older versioned packages (#1886836)
- [b1f563c73886c6bded2f4b076f52caa5b12cd026]
+- redhat: Add conflicts for older versioned packages [RH git: b1f563c738] (#1886836)
+ Resolves: #1886836
+
* Fri Oct 09 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-61
-- Merging upstream branch-2.13
- [fa57a21817ef306b17d45fe9e64dda8ad86a806f]
+- Merging upstream branch-2.13 [RH git: fa57a21817]
+ Commit list:
+ 75fbada49b travis: Disable check for array of flexible structures in sparse.
+ 12c43c2e64 ovsdb-idl.at: Queue for termination all OVSDB IDL pids.
+ 61e6f03cc3 system-userspace-packet-type-aware.at: Wait for ip address updates.
+ 6d30b86168 dpif-netdev: Fix typo in copyright header.
+ 9400845f88 docs: Add flow control on i40e issue
+
* Wed Sep 16 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-60
-- Merging upstream branch-2.13
- [38d21cf4eb02e273ef28b46e63bcf877d5a672ea]
+- Merging upstream branch-2.13 [RH git: 38d21cf4eb]
+ Commit list:
+ 3c2b1915d2 ipsec: Fix Strongswan configuration syntax.
+ 610dfdc63d cirrus: Use FreeBSD 11.4.
+ 0cb432954a selinux: Add missing permissions for ovs-kmod-ctl.
+ 9a6d26ea30 netdev-dpdk: Don't set rx mq mode for net_virtio.
+ 183be08223 rhel: Fix reload of OVS_USER_ID on startup.
+ 90443bc5c6 classifier: Fix use of uninitialized value.
+ c38ebe8164 userspace-tso: Document the minimum kernel version.
+ faf6651357 rhel: Fix logrotate group when dpdk is enabled.
+
* Thu Sep 10 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-59
-- Merging upstream branch-2.13
- [4fbcdeb187628b2eedc607f45b70fdff68f7ea26]
+- Merging upstream branch-2.13 [RH git: 4fbcdeb187]
+ Commit list:
+ 4d6846d4d8 ovsdb-idl.at: Wait all servers to join the cluster.
+
* Thu Aug 27 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-58
-- Merging upstream branch-2.13
- [d5817ddabf270b2fcfd9694746b382a0d040727c]
+- Merging upstream branch-2.13 [RH git: d5817ddabf]
+ Commit list:
+ ace73aa122 travis: Merge matrix entries.
+ 9eedff62fe ovs-dpctl-top: Skip "eth()" element.
+ 9903c42973 meta-flow: fix a typo in "MPLS Bottom of Stack Field" paragraph.
+ 7f1b52086b python: Fixup python shebangs to python3.
+ 5d1e1c161a test-conntrack: Fix conntrack benchmark by clearing conntrack metadata.
+
* Wed Aug 26 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-57
-- Merging upstream branch-2.13
- [2fe3a06bffcd907f8f6561ec0e56963de9766c97]
+- Merging upstream branch-2.13 [RH git: 2fe3a06bff]
+ Commit list:
+ 14c5912a7b travis: Test build of debian packages.
+ 823bea7797 debian: Fix broken build after some man pages became generated from RST
+ 895fc18393 debian: Add python3-sphinx to ovs build dependencies
+ b0e8532d01 debian: Fix package dependencies
+ 0427918d89 connmgr: Support changing openflow versions without restarting.
+ d02892966c ovs-monitor-ipsec: Convert Python2 code to Python3.
+ 8b3fcc65a0 netdev-offload-dpdk: Fix for broken ethernet matching HWOL for XL710NIC.
+
* Tue Aug 18 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-56
-- dpdk: Updated configs to 19.11.3
- [4e4acaf40ab114e958b299cdff55c11240bfd4da]
+- dpdk: Updated configs to 19.11.3 [RH git: 4e4acaf40a]
+
* Tue Aug 18 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-55
-- Merging 798524b5e3 version: 19.11.3 (#1868709)
- [64c883ec66425ad67a70599c549008442e3217cd]
+- Merging 798524b5e3 version: 19.11.3 [RH git: 64c883ec66] (#1868709)
+ Commit list:
+ 798524b5e3 version: 19.11.3
+ 1e5167d97f mem: mark pages as not accessed when freeing memory
+ 4153891ad2 net/mlx5: fix packet length assert in MPRQ
+ 8bec239cff buildtools: get static mlx dependencies for meson
+ 3196e264f7 net/mlx5: fix build with separate glue lib for dlopen
+ f9fde3f8a9 doc: fix reference in ABI guide
+ d455442cac Revert "common/qat: fix GEN3 marketing name"
+ d764b2cd1f test/crypto: fix statistics case
+ b965554c17 eal/ppc: fix bool type after altivec include
+ 9f090f7c97 net/hns3: replace memory barrier with data dependency order
+ 05f23c1a24 net/hns3: add free threshold in Rx
+ 22ae47b85b net/hns3: remove one IO barrier in Rx
+ 7669265b7f net/hns3: reduce judgements of free Tx ring space
+ 4341cd6f0c net/hns3: remove unnecessary assignments in Tx
+ 008d6625ed net/mlx5: fix RSS key copy to TIR context
+ 987ef3cd66 net/ena/base: fix testing for supported hash function
+ 5072ef83e7 net/hns3: fix MSI-X interrupt during initialization
+ 6fdabde3d9 net/hns3: fix Rx interrupt after reset
+ eb23edc7c2 net/hns3: fix Tx interrupt when enabling Rx interrupt
+ 3db4e6aabb net/hns3: fix RSS indirection table configuration
+ 7cfc979bc9 net/hns3: support different numbers of Rx and Tx queues
+ f16148907b net/hns3: support Rx interrupt
+ a4f8b13c12 doc: add NASM installation steps
+ 43e4f20638 doc: fix API index
+ 106dddaf87 doc: prefer https when pointing to dpdk.org
+ 130830b165 doc: fix typo in contributors guide
+ e9aeb99c93 doc: fix typo in contributors guide
+ 029c527ef4 examples/ip_pipeline: remove check of null response
+ 1b2d70662c examples/kni: fix crash during MTU set
+ d9da460ee3 net/ixgbe: check driver type in MACsec API
+ 33189eecd0 net/i40e: fix flow director enabling
+ a6c3bc7236 net/ice: fix setting L2TAG
+ a46186d063 net/iavf: fix setting L2TAG
+ b7a08ea7cd net/i40e: fix setting L2TAG
+ 696a40bd94 net/sfc/base: fix manual filter delete in EF10
+ bea8e15b59 net/hinic: fix TSO
+ c4d7293707 net/octeontx2: fix buffer size assignment
+ 586faf5a4f net/bnxt: fix Rx ring producer index
+ 1df20ac457 cryptodev: fix SHA-1 digest enum comment
+ 86809db310 doc: fix build with doxygen 1.8.18
+ 121f752786 examples/vm_power: drop Unix path limit redefinition
+ ba5df75ed5 examples/vm_power: fix build with -fno-common
+ 4d1fd43b3a net/mvpp2: fix build with gcc 10
+ 1c2eaf9a98 vhost: fix zero-copy server mode
+ 3ddb8f1d07 net/i40e: fix queue related exception handling
+ 69516f9e3f net/ice: fix RSS for GTPU
+ f956486556 net/i40e: fix wild pointer
+ 3af3834731 examples/kni: fix MTU change to setup Tx queue
+ 4b369799c7 fix same typo in multiple places
+ c85044909a mempool/dpaa2: install missing header with meson
+ fd2cc33835 kvargs: fix strcmp helper documentation
+ 0b45ef6e39 doc: fix typos in ABI policy
+ a7413810b9 pci: reject negative values in PCI id
+ c4d58cd40c pci: accept 32-bit domain numbers
+ 7b732e25df net/ice/base: update copyright
+ 0491724e4a common/iavf: update copyright
+ 75f2750b43 net/i40e/base: update copyright
+ 3c6d1a0269 net/ixgbe/base: update copyright
+ 7c36f2ea8b app/testpmd: fix DCB set
+ 070a7b832d common/mlx5: fix netlink buffer allocation from stack
+ 8fecf8ad1d net/mlx5: fix doorbell bitmap management offsets
+ fc047c800b net/i40e: fix queue region in RSS flow
+ 099b9e280c net/bnxt: fix storing MAC address twice
+ ba15f6288e net/bnxt: fix using RSS config struct
+ 2109b14aa9 net/bnxt: fix error log for command timeout
+ bbcbd194d8 net/qede: fix port reconfiguration
+ f9630f56a4 net/virtio: fix unexpected event after reconnect
+ c651ee6999 vhost: handle mbuf allocation failure
+ 1e2a3beb12 net/hinic: fix Tx mbuf length while copying
+ b191e32975 net/hinic: fix queues resource free
+ 733bc3f639 net/vmxnet3: handle bad host framing
+ a15ee3e4a7 net/mlx5: fix VLAN flow action with wildcard VLAN item
+ 4de7d8bc21 net/qede: fix link state configuration
+ f98d3de913 net/ixgbe: fix statistics in flow control mode
+ 22f701a5d4 common/mlx5: fix umem buffer alignment
+ 348a2c5a9a doc: fix multicast filter feature announcement
+ fc962b01c7 net/e1000: fix port hotplug for multi-process
+ 2e33e6b144 doc: fix build issue in ABI guide
+ da5586fcbe eal: fix C++17 compilation
+ 2d2ba1fb00 doc: fix default symbol binding in ABI guide
+ ef254d821e doc: fix LTO config option
+ f40d9a3cbb build: disable gcc 10 zero-length-bounds warning
+ b02c7838a0 crypto/caam_jr: fix IRQ functions return type
+ 199d2c49a6 crypto/caam_jr: fix check of file descriptors
+ 053c7ff9b5 app/eventdev: check Tx adapter service ID
+ a23ef1c188 event/dsw: fix enqueue burst return value
+ 32b5e80df1 crypto/qat: support plain SHA1..SHA512 hashes
+ 507cda6e23 examples: remove extra new line after link duplex
+ 83e7cafc27 app: remove extra new line after link duplex
+ 40a2233e78 net/mlx5: fix Tx queue release debug log timing
+ ead66a3fb9 net/mlx4: fix drop queue error handling
+ 46cd8f27b1 net/mlx5: fix meter color register consideration
+ 77ca941f9d net/mlx5: fix matching for UDP tunnels with Verbs
+ 23e2c36fa1 net/mlx5: fix match on empty VLAN item in DV mode
+ 425b3ccd2d net/ring: fix device pointer on allocation
+ 39abdde91a net/ice: fix variable initialization
+ 8ec53ab745 Revert "net/bnxt: fix number of TQM ring"
+ ee4518a2de Revert "net/bnxt: fix TQM ring context memory size"
+ 53038c4760 net/ixgbe: fix link state timing on fiber ports
+ 61706cf3f2 bus/fslmc: fix size of qman fq descriptor
+ eeaa4c42b3 net/dpaa2: fix congestion ID for multiple traffic classes
+ a71e30e6b0 net/dpaa2: fix 10G port negotiation
+ ef6d112d7d bus/fslmc: fix dereferencing null pointer
+ f83c2ba6ea app/testpmd: fix memory failure handling for i40e DDP
+ e428b51c18 net/bnxt: fix FW version query
+ dafdf58799 net/virtio: fix crash when device reconnecting
+ abe65fce86 net/bnxt: fix TQM ring context memory size
+ 426e8b5253 net/bnxt: fix number of TQM ring
+ 2befb2f470 net/tap: fix crash in flow destroy
+ 82e2269d01 net/ice: fix crash in switch filter
+ 2e1e12f6a8 net/ice: support mark only action for flow director
+ f05c433b44 net/ixgbe: fix link status synchronization on BSD
+ b639786c5f net/iavf: fix link speed
+ 6c8f2aef2f net/bnxt: fix possible stack smashing
+ 1a476dbabd net/netvsc: do not configure RSS if disabled
+ f815b93c27 net/netvsc: do RSS across Rx queue only
+ bb0fd68c99 bus/vmbus: fix comment spelling
+ 4fe11771a2 net/netvsc: fix comment spelling
+ 024a568578 app/testpmd: fix statistics after reset
+ 556ae6bd83 net/failsafe: fix fd leak
+ 47bd1f0ad2 ipsec: check SAD lookup error
+ 7b842acdfa drivers/crypto: disable gcc 10 no-common errors
+ b64337ffa3 examples/fips_validation: fix parsing of algorithms
+ b168483089 crypto/kasumi: fix extern declaration
+ 0665fb6e09 crypto/qat: fix cipher descriptor for ZUC and SNOW
+ de299dec14 app/crypto-perf: fix display of sample test vector
+ 9b91b991b6 crypto/ccp: fix fd leak on probe failure
+ 6e0bdc2ba1 bbdev: fix doxygen comments
+ abc111ae3d test/flow_classify: enable multi-sockets system
+ a009c7667f event/octeontx2: fix build for O1 optimization
+ 6fc3588de0 net/ena: fix build for O1 optimization
+ c6f6f3d8e1 mempool/octeontx2: fix build for gcc O1 optimization
+ 2cb0536157 examples/eventdev: fix crash on exit
+ fd554a1f8f mem: fix overflow on allocation
+ f0ac3aa2d2 examples/l2fwd-keepalive: fix mbuf pool size
+ deb055888f remove references to private PCI probe function
+ d8aeeb8cfb service: remove rte prefix from static functions
+ 99303c675d service: fix identification of service running on other lcore
+ c4bcf57075 service: fix race condition for MT unsafe service
+ c4c9531648 mk: fix static linkage of mlx dependency
+ d104eb2c03 common/octeontx: fix gcc 9.1 ABI break
+ 9022ffe003 event/dsw: avoid reusing previously recorded events
+ 85c1aae896 eventdev: fix probe and remove for secondary process
+ a309eafc89 event/octeontx2: fix queue removal from Rx adapter
+ 46b7943fda net/mlx5: fix gcc 10 enum-conversion warning
+ 7e01ad84bf net/mlx5: fix VLAN ID check
+ 4fdea813e5 net/mlx5: fix assert in modify converting
+ 831152d0d9 net/mlx5: fix RSS enablement
+ ea6b087b9b net/octeontx: fix dangling pointer on init failure
+ ee263a1371 net/hns3: fix return value when clearing statistics
+ 827eb6ca97 net/hns3: fix VLAN PVID when configuring device
+ 6686131671 net/softnic: fix resource leak for pipeline
+ 60dfeffc23 net/softnic: fix memory leak for thread
+ e399ff6427 net/sfc/base: fix build when EVB is enabled
+ 5862e3fe62 net/sfc/base: use simpler EF10 family run-time checks
+ 68409f9a6c net/sfc/base: use simpler EF10 family conditional check
+ ecd69bfb76 net/mlx5: fix actions validation on root table
+ 58ca518c24 net/mlx5: fix assert in dynamic metadata handling
+ a6ae060e39 vhost: prevent zero-copy with incompatible client mode
+ 5099fb8d59 vhost: fix peer close check
+ fd7ba64cb4 net/mlx5: fix assert in doorbell lookup
+ d6db84d0b1 net/i40e: fix flush of flow director filter
+ a42e979217 doc: add i40e limitation for flow director
+ 74095b0ca6 net/i40e: fix flow director for ARP packets
+ fe42bb4b74 net/bnxt: fix max ring count
+ a131ab7d0f eal/ppc: fix build with gcc 9.3
+ 2acc78a0a1 kvargs: fix invalid token parsing on FreeBSD
+ df17bcb43b eal/x86: ignore gcc 10 stringop-overflow warnings
+ 274dec7548 examples/ipsec-gw: fix gcc 10 maybe-uninitialized warning
+ ea0fb3e5a5 net/avp: fix gcc 10 maybe-uninitialized warning
+ daa2cd115f eal: fix typo in endian conversion macros
+ 9ef2246962 doc: fix log level example in Linux guide
+ aecc7782a6 app/testpmd: add parsing for QinQ VLAN headers
+ 26467e800b net/bnxt: fix VNIC Rx queue count on VNIC free
+ 61c8f03fd4 net/bnxt: fix memory leak during queue restart
+ e09bf2672d bus/pci: fix UIO resource access from secondary process
+ 35348ca71e usertools: check for pci.ids in /usr/share/misc
+ a8e6e27b00 app: fix usage help of options separated by dashes
+ 0d7e4fbf2d fix various typos found by Lintian
+ ccc676944f timer: protect initialization with lock
+ 6be8fba616 eal: fix comments spelling
+ 32688549a0 lpm6: fix comments spelling
+ eee7a4f089 lpm6: fix size of tbl8 group
+ 8426cebb49 mempool: remove inline functions from export list
+ 632fec749f security: fix crash at accessing non-implemented ops
+ 0407d17dae net/bnxt: fix VLAN add when port is stopped
+ a62880c4d4 net/bnxt: fix port start failure handling
+ 6cc939165f net/bnxt: use true/false for bool types
+ 886085974e net/bnxt: fix HWRM command during FW reset
+ c1b7cb6792 net/iavf: fix stats query error code
+ ca2ecc15f2 net/ixgbe: fix link status after port reset
+ 9a673fc544 net/ixgbe: fix resource leak after thread exits normally
+ 4c84ef15a7 net/mlx5: improve logging of MPRQ selection
+ f0a019c950 net/mlx5: set dynamic flow metadata in Rx queues
+ bf10f18c64 net/mlx5: fix header modify action validation
+ da5c4ff51b net/mlx5: fix crash when releasing meter table
+ a9018074d1 common/mlx5: fix build with rdma-core 21
+ 461a2ba67a net/i40e: fix flow director initialisation
+ ac051be918 net/tap: fix queues fd check before close
+ 4c587687f7 net/virtio-user: fix devargs parsing
+ 74a51ef091 vhost: fix shadowed descriptors not flushed
+ 2f48b05305 vhost: fix shadow update
+ d28299df0a net/tap: fix unexpected link handler
+ 8e90f78a02 net/tap: fix fd leak on creation failure
+ 2523e877dc net/tap: fix file close on remove
+ 2b74a885aa net/tap: fix check for mbuf number of segment
+ 2fe4af64f9 net/tap: fix mbuf and mem leak during queue release
+ 908866e6fc net/tap: fix mbuf double free when writev fails
+ ab9701159d net/mlx5: fix validation of push VLAN without full mask
+ d2f4d1ae3d net/mlx5: fix push VLAN action to use item info
+ 1603ade39c net/enic: fix flow action reordering
+ d3c99e41b1 net/mlx5: fix jump table leak
+ 652a21028a net/mlx5: fix meter suffix table leak
+ afca8bc661 net/mlx5: add multi-segment packets in MPRQ mode
+ bbdd1a9c79 net/mlx5: enable MPRQ multi-stride operations
+ a1b3dc84bc net/mlx5: add device parameter for MPRQ stride size
+ 31d1b373d5 net/i40e: relax barrier in Tx for NEON
+ 85897fd567 net/octeontx2: disable unnecessary error interrupts
+ 6075a1ee65 net/octeontx2: enable error and RAS interrupt in configure
+ fd2f1973f4 net/mlx5: use open/read/close for ib stats query
+ 624db5a0ab net/mlx4: fix build with -fno-common
+ b3e01cd3e4 common/mlx5: fix build with -fno-common
+ be0d36b087 net/hns3: fix VLAN filter when setting promisucous mode
+ c6f7d75949 net/hns3: fix default VLAN filter configuration for PF
+ 0bd1d3b49c net/hns3: fix RSS key length
+ c4e9d7e10c net/hns3: add RSS hash offload to capabilities
+ 50daf2acc9 net/hns3: clear residual flow rules on init
+ 1ff55a18be vhost: make IOTLB cache name unique among processes
+ c0c67a2dac vhost: remove unused variable
+ 871773f3ac net/virtio: fix outdated comment
+ 4f5f084c7f net/vhost: fix potential memory leak on close
+ b35cbd50b9 vhost: fix packed ring zero-copy
+ e624761604 vhost/crypto: add missing user protocol flag
+ 11d9847039 net/hinic/base: fix PF firmware hot-active problem
+ f662af80b1 net/null: remove redundant check
+ bfc5290bc8 net/null: fix secondary burst function selection
+ 670758fe8b net/pfe: fix double free of MAC address
+ 175f707d92 app/testpmd: fix PPPoE flow command
+ 03527bd393 net/mlx5: fix counter container usage
+ 2c0c0e4820 net/ena: set IO ring size to valid value
+ 59acd7de4c net/ena/base: fix indentation of multiple defines
+ 3c4bf79460 net/ena/base: fix indentation in CQ polling
+ 3c6ec30057 net/ena/base: fix documentation of functions
+ c6730185e0 net/ena/base: prevent allocation of zero sized memory
+ d5cfa58c05 net/ena/base: make allocation macros thread-safe
+ af84a4f278 net/ice/base: remove unused code in switch rule
+ 5cfef294de net/ice: fix RSS advanced rule
+ 46825a9e59 net/nfp: fix dangling pointer on probe failure
+ d027444df5 net/nfp: fix log format specifiers
+ 61347b53bb examples/vmdq: fix RSS configuration
+ 267e255ef4 ethdev: fix build when vtune profiling is on
+ c6f822199a net/memif: fix resource leak
+ 4f880a2089 net/netvsc: avoid possible live lock
+ 9f54fa3e2b net/netvsc: handle Tx completions based on burst size
+ 62ec946eec net/netvsc: remove process event optimization
+ 81441b4e4f net/netvsc: fix memory free on device close
+ 42916635b3 net/netvsc: split send buffers from Tx descriptors
+ 244193073d net/netvsc: handle Rx packets during multi-channel setup
+ cc1f006253 net/netvsc: propagate descriptor limits from VF
+ 39e690ab3b net/ice: fix input set of VLAN item
+ 175dc210ad net/ice: add action number check for switch
+ 1b23b24565 net/ice: change default tunnel type
+ 8e8fdd68f7 net/octeontx2: fix device configuration sequence
+ 272fcab063 net/octeontx: fix meson build for disabled drivers
+ d50174f38a net/tap: remove unused assert
+ f50974db04 net/ice/base: check memory pointer before copying
+ 3e51abed66 net/ice/base: fix binary order for GTPU filter
+ 7ba59c1fd4 net/mlx5: fix imissed counter overflow
+ e7c5383a09 net/thunderx: use dynamic log type
+ 3e0d3b1204 net/dpaa: use dynamic log type
+ 516f5f9136 net/bnxt: do not use PMD log type
+ 45284045c5 net/pfe: do not use PMD log type
+ 64ca12ff65 net/tap: do not use PMD log type
+ 0bf29e36c3 net/virtio: do not use PMD log type
+ 80e04ea6ae net/mvneta: do not use PMD log type
+ 1b70d8acd0 examples/vmdq: fix output of pools/queues
+ d9a7bf74e1 net/mlx5: fix zero value validation for metadata
+ 5e3859176e net/mlx5: fix call to modify action without init item
+ 24f6ab6d31 net/mlx5: update VLAN and encap actions validation
+ 2491443dce net/mlx5: fix metadata for compressed Rx CQEs
+ c469619b7a net/mlx5: fix validation of VXLAN/VXLAN-GPE specs
+ 4493efb719 net/ixgbe: fix link status inconsistencies
+ 117ecae920 net/ice/base: fix MAC write command
+ d57cbe48b2 net/ice/base: minor fixes
+ b97902938a net/ice/base: read PSM clock frequency from register
+ d1cd22be97 net/ice/base: fix uninitialized stack variables
+ 8081044a6f net/hns3: fix return value of setting VLAN offload
+ 2717e6ab25 net/hns3: fix mailbox opcode data type
+ 70b22c9ed2 net/hns3: fix configuring RSS hash when rules are flushed
+ 7953227c19 net/ipn3ke: use control thread to check link status
+ d57282791c net/hinic/base: fix port start during FW hot update
+ 4710da6ef5 net/hinic: fix LRO
+ 7caa43cc22 net/hns3: fix status after repeated resets
+ 3f9c9bdcb5 net/hns3: fix configuring illegal VLAN PVID
+ b6c05b0781 net/hns3: fix crash when flushing RSS flow rules with FLR
+ 1cd4ab6cf4 net/hns3: fix default error code of command interface
+ e9248b23b3 net/hns3: fix packets offload features flags in Rx
+ ebad6ac59a test: remove redundant macro
+ b54822ff2f security: fix session counter
+ 477f8e08d3 security: fix return types in documentation
+ 4fa404e280 security: fix verification of parameters
+ 48bb740ce1 crypto/openssl: fix out-of-place encryption
+ 8d5349e781 test/crypto: fix flag check
+ 9aa6caeb5a drivers/crypto: fix log type variables for -fno-common
+ 46a37b23ba cryptodev: add asymmetric session-less feature name
+ efd0dea9c8 drivers: fix log type variables for -fno-common
+ 2ef9870118 vfio: fix use after free with multiprocess
+ 5732151922 vfio: fix race condition with sysfs
+ 952892aa67 eal: fix PRNG init with HPET enabled
+ 8eefb8787a doc: fix matrix CSS for recent sphinx
+ da57576513 log: fix level picked with globbing on type register
+ bd5e2ef80a ipsec: fix build dependency on hash lib
+ c4d52beff8 doc: fix sphinx compatibility
+ b0843e5671 event/dsw: remove unnecessary read barrier
+ 09a714399a event/dsw: remove redundant control ring poll
+ b9b72b8815 crypto/nitrox: fix oversized device name
+ b878b432b7 crypto/nitrox: fix CSR register address generation
+ 3b841d16dc baseband/turbo_sw: fix exposed LLR decimals assumption
+ 2193048d87 test/ipsec: fix crash in session destroy
+ 152fadd540 common/qat: fix GEN3 marketing name
+ 196993b705 cryptodev: fix missing device id range checking
+ ca31f0aee2 fib: fix headers for C++ support
+ 1c51807a35 ci: fix telemetry dependency in Travis
+ 39adba3b55 bus/pci: fix devargs on probing again
+ c285902e7b kvargs: fix buffer overflow when parsing list
+ bbf0c2d983 test/kvargs: fix invalid cases check
+ bcdd4476cd test/kvargs: fix to consider empty elements as valid
+ 9aebba7e3d mem: preallocate VA space in no-huge mode
+ 46cd0c98bb eal/freebsd: fix queuing duplicate alarm callbacks
+ 7ad8cd364e test: skip some subtests in no-huge mode
+ 796af72c2d test: load drivers when required
+ 7c8ab0ae70 devtools: fix symbol map change check
+ 4710904861 contigmem: cleanup properly when load fails
+ 6e0c764098 net/mlx5: reduce Tx completion index memory loads
+ 307876a747 net/mlx5: fix CVLAN tag set in IP item translation
+ 7ad364893c net/hinic: allocate IO memory with socket id
+ 75457cff3f net/mlx5: fix zero metadata action
+ 8ea2ea8fe4 net/sfc/base: handle manual and auto filter clashes in EF10
+ c6ae74f068 net/sfc/base: refactor filter lookup loop in EF10
+ 9e496b76ab net/sfc/base: reject automatic filter creation by users
+ 0e4497208a net/sfc/base: reduce filter priorities to implemented only
+ c239286b98 net/sfc: set priority of created filters to manual
+ 8771074d95 net/sfc: fix promiscuous and allmulticast toggles errors
+ 6c1634ec93 ethdev: fix spelling
+ 7aa0060a2a net/hns3: fix promiscuous mode for PF
+ 32f349234b net/hinic: fix repeating cable log and length check
+ d16cceef30 net/hinic: fix snprintf length of cable info
+ d40bcdfb59 net/memif: fix init when already connected
+ ba2322fb9a build: support MinGW-w64 with Meson
+ 5cdff30419 net/mlx5: fix mask used for IPv6 item validation
+ 7ce629f7f2 net/ice: remove bulk alloc option
+ a42ef6f777 net/sfc: fix Rx queue start failure path
+ 251cb7e722 net/sfc: fix initialization error path
+ 5f0378bb2e net/vmxnet3: fix RSS setting on v4
+ 556cdccab2 net/sfc: fix reported promiscuous/multicast mode
+ 194ca60cde doc: fix number of failsafe sub-devices
+ adf15e37f2 net/ice: remove unnecessary variable
+ 2847184082 net/enetc: fix Rx lock-up
+ aec781c6b1 net/ice: fix hash flow crash
+ 2ce2096092 net/i40e: fix X722 performance
+ 64a38788d1 net/mlx5: fix VLAN PCP item calculation
+ 3e387d591e net/i40e: relax barrier in Tx
+ 2550666028 net/octeontx2: fix link information for loopback port
+ c2e90f337d build: fix linker warnings with clang on Windows
+ 3262e4181c pci: fix build on ppc
+ 5a99c0d994 pci: fix build on FreeBSD
+ 027e022a18 pci: remove unneeded includes in public header file
+ 9ca664d8be telemetry: fix port stats retrieval
+ c20055f471 service: fix crash on exit
+ d0e456e9b1 mem: mark pages as not accessed when reserving VA
+ bcf4069ff2 eal/arm64: fix precise TSC
+ 40a7c85881 eal: fix log message print for regex
+ 2a46dc5951 drivers/crypto: fix build with make 4.3
+ 3425ff8896 drivers: add crypto as dependency for event drivers
+ 25fe1c8b05 examples/qos_sched: fix build with gcc 10
+ 4de659fdc0 examples/eventdev: fix build with gcc 10
+ 84119ecce2 examples/vhost_blk: fix build with gcc 10
+ 5fb297ba3d app/pipeline: fix build with gcc 10
+ ef348e22a0 test: fix build with gcc 10
+ 295ba7d0c3 crypto/octeontx2: fix build with gcc 10
+
+ Resolves: #1868709
+
* Thu Aug 13 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-54
-- Merging upstream branch-2.13
- [5dddb2d4f863203ec3560fcfaf8f20844b053073]
+- Merging upstream branch-2.13 [RH git: 5dddb2d4f8]
+ Commit list:
+ 0047ca3a02 acinclude: Fix build with kernels with prandom* moved to prandom.h.
+ 8a72db60ad faq: Mention Linux kernel versions supported by 2.13.x.
+ 114ff63e3d Documentation: Fix kernel support matrix
+
* Mon Aug 10 2020 Open vSwitch CI <ovs-team@redhat.com> - 2.13.0-53
-- Merging upstream branch-2.13
- [bb436c2999218e59e06f089b42e19d3778869c63]
+- Merging upstream branch-2.13 [RH git: bb436c2999]
+ Commit list:
+ 184a58e8b8 ovsdb-server: Replace in-memory DB contents at raft install_snapshot.
+ 727bb3440d Prepare for 2.13.2.
+ 714caaf571 Set release date for 2.13.1.
+ ac51dcac87 odp-util: Clear padding in the nd_extension.
+ eeef00da2f datapath-windows: Update flow key in SET action
+ 37606fb5ca odp-util: Fix clearing match mask if set action is partially unnecessary.
+ 5ad46c9a4d debian: Fixed openvswitch-test package dependency.
+ b3a9dc6e5e dpctl: Fix memory leak in dpctl_dump_flows()
+ cce57c5e0e ovs-router: Fix flushing of local routes.
+ 8d0b409fcc acinclude: Remove libmnl for MLX5 PMD.
+ 217ac490ac dpif-netdev: Avoid deadlock with offloading during PMD thread deletion.
+
* Mon Aug 10 2020 Dumitru Ceara <dceara@redhat.com> - 2.13.0-52
-- ovsdb-server: Replace in-memory DB contents at raft install_snapshot. (#1867185)
- [9f646ec051fa2a2bf980843b7c1859479e87c228]
+- ovsdb-server: Replace in-memory DB contents at raft install_snapshot. [RH git: 9f646ec051] (#1867185)
+ Every time a follower has to install a snapshot received from the
+ leader, it should also replace the data in memory. Right now this only
+ happens when snapshots are installed that also change the schema.
+
+ This can lead to inconsistent DB data on follower nodes and the snapshot
+ may fail to get applied.
+
+ Fixes: bda1f6b60588 ("ovsdb-server: Don't disconnect clients after raft install_snapshot.")
+ Acked-by: Han Zhou <hzhou@ovn.org>
+ Signed-off-by: Dumitru Ceara <dceara@redhat.com>
+ Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
+ (cherry picked from commit 184a58e8b892231b44479b612bdfe2529bb04363)
+
+ Resolves: #1867185
+
* Sat Aug 08 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-51
-- redhat: Add support to custom RPM releases.
- [7eb5b56344c07f237b2883f655eeee9c1ea0535e]
+- redhat: Add support to custom RPM releases. [RH git: 7eb5b56344]
+ This commit allows the developer to specify a custom release
+ string to be appended to package NVR.
+
+ If the custom release is 'bz123456', the final release would
+ look like -Y.bz123456.X where Y is the number of changes
+ until the branch was created, and X is the number of changes
+ after that.
+
* Sat Aug 08 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-50
-- pkgtool: Use OVS static version in package NVR.
- [a0b572aaa173f2a4b4f57b8b396706777bf83395]
+- pkgtool: Use OVS static version in package NVR. [RH git: a0b572aaa1]
+ The package NVR must coincide with the tarball version.
+
* Thu Jul 30 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-49
-- odp-util: Fix clearing match mask if set action is partially unnecessary. (#1862153)
- [6d85fea8b4c7db954c051d0bad7bc9505c1fdf7c]
+- odp-util: Fix clearing match mask if set action is partially unnecessary. [RH git: 6d85fea8b4] (#1862153)
+ While committing set() actions, commit() could wildcard all the fields
+ that are same in match key and in the set action. This leads to
+ situation where mask after commit could actually contain less bits
+ than it was before. And if set action was partially committed, all
+ the fields that were the same will be cleared out from the matching key
+ resulting in the incorrect (too wide) flow.
+
+ For example, for the flow that matches on both src and dst mac
+ addresses, if the dst mac is the same and only src should be changed
+ by the set() action, destination address will be wildcarded in the
+ match key and will never be matched, i.e. flows with any destination
+ mac will match, which is not correct.
+
+ Setting OF rule:
+
+ in_port=1,dl_src=50:54:00:00:00:09 actions=mod_dl_dst(50:54:00:00:00:0a),output(2)
+
+ Sending following packets on port 1:
+
+ 1. eth(src=50:54:00:00:00:09,dst=50:54:00:00:00:0a),eth_type(0x0800)
+ 2. eth(src=50:54:00:00:00:09,dst=50:54:00:00:00:0c),eth_type(0x0800)
+ 3. eth(src=50:54:00:00:00:0b,dst=50:54:00:00:00:0c),eth_type(0x0800)
+
+ Resulted datapath flows:
+ eth(dst=50:54:00:00:00:0c),<...>, actions:set(eth(dst=50:54:00:00:00:0a)),2
+ eth(src=50:54:00:00:00:09,dst=50:54:00:00:00:0a),<...>, actions:2
+
+ The first flow doesn't have any match on source MAC address and the
+ third packet successfully matched on it while it must be dropped.
+
+ Fix that by updating the match mask with only the new bits set by
+ commit(), but keeping those that were cleared (OR operation).
+
+ With fix applied, resulted correct flows are:
+ eth(src=50:54:00:00:00:09,dst=50:54:00:00:00:0a),<...>, actions:2
+ eth(src=50:54:00:00:00:09,dst=50:54:00:00:00:0c),<...>,
+ actions:set(eth(dst=50:54:00:00:00:0a)),2
+ eth(src=50:54:00:00:00:0b),<...>, actions:drop
+
+ The code before commit dbf4a92800d0 was not able to reduce the mask,
+ it was only possible to expand it to exact match, so it was OK to
+ update original matching mask with the new value in all cases.
+
+ Fixes: dbf4a92800d0 ("odp-util: Do not rewrite fields with the same values as matched")
+ Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1854376
+ Acked-by: Eli Britstein <elibr@mellanox.com>
+ Tested-by: Adrián Moreno <amorenoz@redhat.com>
+ Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
+ (cherry picked from commit 37606fb5ca76aef478a51d407aaa06caf7fb9376)
+
+ Resolves: #1862153
+
* Thu Jul 16 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-48
-- redhat: Clean old changelog entries.
- [6cf8d909e81a715a302a2c401ef60abcc726fc78]
+- redhat: Clean old changelog entries. [RH git: 6cf8d909e8]
+ Fix the changelog shift caused by use of static references
+ and remove the old entries not relevant to the new tarball.
+
+ Fixes: 90ac9bd6aa ("redhat: Use static references.")
+
* Thu Jul 16 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-47
-- redhat: Update the documentation.
- [c9571d2dad6b1e47ba1d398350d8cd101a93e6a7]
+- redhat: Update the documentation. [RH git: c9571d2dad]
+
* Thu Jul 16 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-46
-- redhat: Add merge script.
- [752c59ba745c3c82bc7ca1e31caefbc4b6514b07]
+- redhat: Add merge script. [RH git: 752c59ba74]
+ This script helps to provide a standard commit log.
+
* Thu Jul 16 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-45
-- redhat: Use static references.
- [f1025c1515c00e9ec8e1fbc3a5337c412a3ce0c8]
+- redhat: Use static references. [RH git: f1025c1515]
+ Add static references because there could be patches after SHA_REF
+ not available in newer tarballs. Therefore, it is only possible to
+ update the references if all previous patches are applied in the new
+ references.
+
* Wed Jul 15 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-44
-- Update DPDK configs to v19.11.2.
- [98e6e9823b54d5f7f52aa531a5479289a4fc40d7]
+- Update DPDK configs to v19.11.2. [RH git: 98e6e9823b]
+
* Wed Jul 15 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-43
-- Merge DPDK tag 'v19.11.2' into fast-datapath-rhel-8
- [755e86c61ae905a1485850f9e44a3502a63f52fb]
+- Merge DPDK tag 'v19.11.2' into fast-datapath-rhel-8 [RH git: 755e86c61a]
+
* Wed Jul 15 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-42
-- Merging upstream branch-2.13 to fast-datapath-rhel-8
- [735b3f94c2655e930b0ee86556eb01191518f7e8]
+- Merging upstream branch-2.13 to fast-datapath-rhel-8 [RH git: 735b3f94c2]
+ Commit list:
+ bef407fa7f dpdk: Use DPDK 19.11.2 release.
+ 53e0568753 dpif-netdev: Return error code when no mark available.
+ 99a4564348 dpif-netdev: Add check mark to avoid ovs-vswitchd crash.
+ 22c6148a9a netdev-offload-dpdk: Fix Ethernet matching for type only.
+ 9747d5649b dpif-netdev: Don't use zero flow mark.
+ 39cc59dc91 netdev-linux: Fix broken build on Ubuntu 14.04
+ ac92cdbc4d odp-execute: Fix length checking while executing check_pkt_len action.
+ 08ad9f6483 odp-util.c: Fix dp_hash execution with slowpath actions.
+ 5351651d37 ctags: Include new annotations to ctags ignore list.
+ d5484cf697 lib/tc: only update the stats for non-empty counter
+ 998475d79f datapath-windows, conntrack: Fix conntrack new state
+ 6dbbf0771e bridge: Fix null dereference on ct_timeout_policy record
+ 3e5991a75e rhel: Fix syntax error when matching version.
+ 59cedd3b35 rhel: Support RHEL 7.8 kernel module rpm build.
+ 78ac2896d1 dpif-netlink: Fix Windows incompatibility when setting new feature
+ 51e9479da6 ovsdb-idl: Avoid inconsistent IDL state with OVSDB_MONITOR_V3.
+ 8ba057d345 ovs-rcu: Avoid flushing callbacks during postponing.
+ b24ff56441 raft: Avoid sending equal snapshots.
+ a33880c6e9 ovsdb: Fix timeout type for wait operation.
+ 7077328846 classifier: Prevent tries vs n_tries race leading to NULL dereference.
+ a29fe0d482 ovsdb-server: Fix schema leak while reading db.
+ 1bb5be5138 compat: Backport ipv6_stub change
+ 71acf83c33 netdev-offload-tc: Re-fetch block ID after probing.
+ 23e3ae7158 netdev-linux: Update LAG in all cases.
+ 85fe081852 ofproto: Fix statistics of removed flow.
+ 6bd9ddc829 metaflow: Fix maskable conntrack orig tuple fields
+ 1600e0040c raft: Disable RAFT jsonrpc inactivity probe.
+ 168beb87ca raft: Fix leak of the incomplete command.
+ da9dc791de compat: Fix ipv6_dst_lookup build error
+ a09e22dbdd system-traffic: Check frozen state handling with TLV map change
+ b267889057 tun_metadata: Fix coredump caused by use-after-free bug
+ d323c5398f cirrus: Force pkg update on FreeBSD.
+ 62cede43ee Revert "ovsdb-idl: Avoid sending redundant conditional monitoring updates"
+ b52877a483 dpif-netdev: Force port reconfiguration to change dynamic_txqs.
+ dc389fd319 netdev-offload-tc: Flush rules on ingress block when init tc flow api
+ e2f6393592 conntrack: Reset ct_state when entering a new zone.
+ 314bd235c1 ofp-actions: Fix memory leak.
+ 1f12a91cf9 ofproto-dpif-xlate: Fix recirculation when in_port is OFPP_CONTROLLER.
+ 8315f3cc98 conntrack: Fix NULL pointer dereference.
+ 89c85b997c dpif-netlink: avoid netlink modify flow put op failed after tc modify flow put op failed.
+ 49db27d213 dpif-netdev: Enter quiescent state after each offloading operation.
+ bf2dcbfe5c pvector: Use acquire-release semantics for size.
+ 443f8e2575 tc: Fix nat port range when offloading ct action
+ d69d4c0537 travis: Disable sindex build in sparse.
+ 25a7e5547f raft: Fix the problem of stuck in candidate role forever.
+ 877618fc83 raft: Fix next_index in install_snapshot reply handling.
+ 3ae90e1899 raft: Avoid busy loop during leader election.
+ adc64ab057 raft: Fix raft_is_connected() when there is no leader yet.
+ f0c8b44c58 ovsdb-server: Don't disconnect clients after raft install_snapshot.
+ 78c8011f58 raft-rpc: Fix message format.
+ f0de491257 ovs-dpctl-top: python3 compatibility
+ 00dd014519 dpif-netdev.at: Fix partial offloading test cases failure.
+ 6f86b10549 userspace TSO: SCTP checksum offload optional.
+ b837d1fdc4 userspace TSO: Include UDP checksum offload.
+ ad550ebc36 netdev-dpdk: vhost: disable unsupported offload features.
+ 3f83220418 docs: Update conntrack established state description
+ dd0293c8b5 conntrack: Fix TCP conntrack state
+ 0aefc0eb8e docs: Update DPDK version table
+ d33cc044f3 Prepare for 2.13.1.
+
* Sun Jul 12 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-41
-- redhat: Rename OVSCI job name.
- [a61f1d1095e58fb7c2ad38d37b86f3012f5aecfe]
+- redhat: Rename OVSCI job name. [RH git: a61f1d1095]
+ The OVSCI job's name has been renamed to follow a standard.
+
* Wed Jul 08 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-40
-- redhat: pkgtool: use diff instead of format-patch
- [da2129ac827efe85db1e0ceeff8996e5045a862b]
+- redhat: pkgtool: use diff instead of format-patch [RH git: da2129ac82]
+
* Thu Jun 25 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-39
-- bus/pci: fix VF memory access (#1851169)
- [2b22bcd9ad02d0180ad5c46a2cccf34a3afba600]
+- bus/pci: fix VF memory access [RH git: 2b22bcd9ad] (#1851169)
+ To fix CVE-2020-12888, the linux vfio-pci module will invalidate mmaps
+ and block MMIO access on disabled memory, it will send a SIGBUS to the
+ application:
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=abafbc551fdd
+
+ When the application opens the vfio PCI device, the vfio-pci module will
+ enable the bus memory space through PCI read/write access. According to
+ the PCIe specification, the 'Memory Space Enable' is always zero for VF:
+
+ Table 9-13 Command Register Changes
+
+ Bit Location | PF and VF Register Differences | PF | VF
+ | From Base | Attributes | Attributes
+ -------------+--------------------------------+------------+-----------
+ | Memory Space Enable - Does not | |
+ | apply to VFs. Must be hardwired| Base | 0b
+ 1 | to 0b for VFs. VF Memory Space | |
+ | is controlled by the VF MSE bit| |
+ | in the VF Control register. | |
+ -------------+--------------------------------+------------+-----------
+
+ Afterwards the vfio-pci will initialize its own virtual PCI config space
+ data ('vconfig') by reading the VF's physical PCI config space, then the
+ 'Memory Space Enable' bit in vconfig will always be 0b value. This will
+ make the vfio-pci treat the BAR memory space as disabled, and the SIGBUS
+ will be triggered if access these BARs.
+
+ By investigation, the VF PCI device *passthrough* into the Guest OS by
+ QEMU has the 'Memory Space Enable' with 1b value. That's because every
+ PCI driver will start to enable the memory space, and this action will
+ be hooked by vfio-pci virtual PCI read/write to set the 'Memory Space
+ Enable' in vconfig space to 1b. So VF runs in guest OS has 'Mem+', but
+ VF runs in host OS has 'Mem-'.
+
+ Align with PCI working mode in Guest/QEMU/Host, in DPDK, enable the PCI
+ bus memory space explicitly to avoid access on disabled memory.
+
+ Fixes: 33604c31354a ("vfio: refactor PCI BAR mapping")
+ Cc: stable@dpdk.org
+
+ Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
+ Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
+ Tested-by: Harman Kalra <hkalra@marvell.com>
+ Tested-by: David Marchand <david.marchand@redhat.com>
+ Tested-by: Thierry Martin <thierry.martin.public@gmail.com>
+ (cherry picked from commit 54f3fb127d9c265a5724d193e5c7c6db29fb4150)
+
+ Resolves: #1851169
+
* Fri Jun 05 2020 Ilya Maximets <i.maximets@redhat.com> - 2.13.0-38
-- raft: Avoid sending equal snapshots. (#1834838)
- [3168eba559cbce28937be4e785c3337030694455]
+- raft: Avoid sending equal snapshots. [RH git: 3168eba559] (#1834838)
+ [ upstream commit 8c2c503bdb0da1ce6044a53d462f905fd4f8acf5 ]
+
+ Snapshots are huge. In some cases we could receive several outdated
+ append replies from the remote server. This could happen in high
+ scale cases if the remote server is overloaded and not able to process
+ all the raft requests in time. As an action to each outdated append
+ reply we're sending full database snapshot. While remote server is
+ already overloaded those snapshots will stuck in jsonrpc backlog for
+ a long time making it grow up to few GB. Since remote server wasn't
+ able to timely process incoming messages it will likely not able to
+ process snapshots leading to the same situation with low chances to
+ recover. Remote server will likely stuck in 'candidate' state, other
+ servers will grow their memory consumption due to growing jsonrpc
+ backlogs:
+
+ jsonrpc|INFO|excessive sending backlog, jsonrpc: ssl:192.16.0.3:6644,
+ num of msgs: 3795, backlog: 8838994624.
+
+ This patch is trying to avoid that situation by avoiding sending of
+ equal snapshot install requests. This helps maintain reasonable memory
+ consumption and allows the cluster to recover on a larger scale.
+
+ Acked-by: Han Zhou <hzhou@ovn.org>
+ Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
+
+ Related: #1834838
+ Signed-off-by: Ilya Maximets <i.maximets@redhat.com>
+
* Fri Jun 05 2020 Ilya Maximets <i.maximets@redhat.com> - 2.13.0-37
-- ovsdb-server: Fix schema leak while reading db. (#1834838)
- [92a1e56c8a37927441fb1742e6054a9118654ef0]
+- ovsdb-server: Fix schema leak while reading db. [RH git: 92a1e56c8a] (#1834838)
+ [ upstream commit 16e3a80cf646f6c53d22ef98599d5aecb8310414 ]
+
+ parse_txn() function doesn't always take ownership of the 'schema'
+ passed. So, if the schema of the clustered db has same version as the
+ one that already in use, parse_txn() will not use it, resulting with a
+ memory leak:
+
+ 7,827 (56 direct, 7,771 indirect) bytes in 1 blocks are definitely lost
+ at 0x483BB1A: calloc (vg_replace_malloc.c:762)
+ by 0x44AD02: xcalloc (util.c:121)
+ by 0x40E70E: ovsdb_schema_create (ovsdb.c:41)
+ by 0x40EA6D: ovsdb_schema_from_json (ovsdb.c:217)
+ by 0x415EDD: ovsdb_storage_read (storage.c:280)
+ by 0x408968: read_db (ovsdb-server.c:607)
+ by 0x40733D: main_loop (ovsdb-server.c:227)
+ by 0x40733D: main (ovsdb-server.c:469)
+
+ While we could put ovsdb_schema_destroy() in a few places inside
+ 'parse_txn()', from the users' point of view it seems better to have a
+ constant argument and just clone the 'schema' if needed. The caller
+ will be responsible for destroying the 'schema' it owns.
+
+ Fixes: 1b1d2e6daa56 ("ovsdb: Introduce experimental support for clustered databases.")
+ Acked-by: Han Zhou <hzhou@ovn.org>
+ Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
+
+ Related: #1834838
+ Signed-off-by: Ilya Maximets <i.maximets@redhat.com>
+
* Fri Jun 05 2020 Ilya Maximets <i.maximets@redhat.com> - 2.13.0-36
-- ovsdb: Add raft memory usage to memory report. (#1834838)
- [fb32a78921e50b1ffa0c52f873167f68622e8723]
+- ovsdb: Add raft memory usage to memory report. [RH git: fb32a78921] (#1834838)
+ [ upstream commit 3423cd97f88fe6a8de8b649d79fe6ac83bce94d1 ]
+
+ Memory reports could be found in logs or by calling 'memory/show'
+ appctl command. For ovsdb-server it includes information about db
+ cells, monitor connections with their backlog size, etc. But it
+ doesn't contain any information about memory consumed by raft.
+ Backlogs of raft connections could be insanely large because of
+ snapshot installation requests that simply contains the whole database.
+ In not that healthy clusters where one of ovsdb servers is not able to
+ timely handle all the incoming raft traffic, backlog on a sender's side
+ could cause significant memory consumption issues.
+
+ Adding new 'raft-connections' and 'raft-backlog' counters to the
+ memory report to better track such conditions.
+
+ Acked-by: Han Zhou <hzhou@ovn.org>
+ Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
+
+ Related: #1834838
+ Signed-off-by: Ilya Maximets <i.maximets@redhat.com>
+
* Tue Jun 02 2020 Aaron Conole <aconole@redhat.com> - 2.13.0-35
-- netdev-offload-tc: Re-fetch block ID after probing.
- [d14e39f81bec29064a58df0177ce457765305f8b]
+- netdev-offload-tc: Re-fetch block ID after probing. [RH git: d14e39f81b]
+ It's possible that block_id could changes after the probe for block
+ support. Therefore, fetch the block_id again after the probe.
+
+ Fixes: edc2055a2bf7 ("netdev-offload-tc: Flush rules on ingress block when init tc flow api")
+ Cc: Dmytro Linkin <dmitrolin@mellanox.com>
+ Acked-by: Roi Dayan <roid@mellanox.com>
+ Co-authored-by: Marcelo Leitner <mleitner@redhat.com>
+ Signed-off-by: Marcelo Leitner <mleitner@redhat.com>
+ Signed-off-by: Aaron Conole <aconole@redhat.com>
+ Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
+
* Tue Jun 02 2020 Aaron Conole <aconole@redhat.com> - 2.13.0-34
-- netdev-linux: Update LAG in all cases.
- [8b155475749cdb7a1817810d447e4cf6598cb6fa]
+- netdev-linux: Update LAG in all cases. [RH git: 8b15547574]
+ In some cases, when processing a netlink change event, it's possible for
+ an alternate part of OvS (like the IPv6 endpoint processing) to hold an
+ active netdev interface. This creates a race-condition, where sometimes
+ the OvS change processing will take the normal path. This doesn't work
+ because the netdev device object won't actually be enslaved to the
+ ovs-system (for instance, a linux bond) and ingress qdisc entries will
+ be missing.
+
+ To address this, we update the LAG information in ALL cases where
+ LAG information could come in.
+
+ Fixes: d22f8927c3c9 ("netdev-linux: monitor and offload LAG slaves to TC")
+ Cc: Marcelo Leitner <mleitner@redhat.com>
+ Cc: John Hurley <john.hurley@netronome.com>
+ Acked-by: Roi Dayan <roid@mellanox.com>
+ Signed-off-by: Aaron Conole <aconole@redhat.com>
+ Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
+
* Wed May 20 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-33
-- vhost: fix potential fd leak
- [a9e6e358142634f1cd4d6555c5835f0062aa2a34]
+- vhost: fix potential fd leak [RH git: a9e6e35814]
+ Vhost will create temporary file when receiving VHOST_USER_GET_INFLIGHT_FD
+ message. Malicious guest can send endless this message to drain out the
+ resource of host.
+
+ When receiving VHOST_USER_GET_INFLIGHT_FD message repeatedly, closing the
+ file created during the last handling of this message.
+
+ Fixes: d87f1a1cb7b666550 ("vhost: support inflight info sharing")
+ Cc: stable@dpdk.org
+
+ This issue has been assigned CVE-2020-10726
+
+ Signed-off-by: Xuan Ding <xuan.ding@intel.com>
+ Signed-off-by: Xiaolong Ye <xiaolong.ye@intel.com>
+ Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
+
* Wed May 20 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-32
-- vhost: fix potential memory space leak
- [b39bac1377f5ece651b3ddb1485f6327036e7c38]
+- vhost: fix potential memory space leak [RH git: b39bac1377]
+ A malicious container which has direct access to the vhost-user socket
+ can keep sending VHOST_USER_GET_INFLIGHT_FD messages which may cause
+ leaking resources until resulting a DOS. Fix it by unmapping the
+ dev->inflight_info->addr before assigning new mapped addr to it.
+
+ Fixes: d87f1a1cb7b6 ("vhost: support inflight info sharing")
+ Cc: stable@dpdk.org
+
+ This issue has been assigned CVE-2020-10726
+
+ Signed-off-by: Xiaolong Ye <xiaolong.ye@intel.com>
+ Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
+
* Wed May 20 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-31
-- vhost: fix translated address not checked
- [7da906164278fc5142607d5c94d20bb2b6e3ca8f]
+- vhost: fix translated address not checked [RH git: 7da9061642]
+ Malicious guest can construct desc with invalid address and zero buffer
+ length. That will request vhost to check both translated address and
+ translated data length. This patch will add missed address check.
+
+ Fixes: 75ed51697820 ("vhost: add packed ring batch dequeue")
+ Fixes: ef861692c398 ("vhost: add packed ring batch enqueue")
+ Cc: stable@dpdk.org
+
+ This issue has been assigned CVE-2020-10725
+
+ Signed-off-by: Marvin Liu <yong.liu@intel.com>
+ Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
+
* Wed May 20 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-30
-- vhost: fix vring index check
- [7c4cfd12e3b2693b68ee995f65421577248c34d9]
+- vhost: fix vring index check [RH git: 7c4cfd12e3]
+ vhost_user_check_and_alloc_queue_pair() is used to extract
+ a vring index from a payload. This function validates the
+ index and is called early on in when performing message
+ handling. Most message handlers depend on it correctly
+ validating the vring index.
+
+ Depending on the message type the vring index is in
+ different parts of the payload. The function contains a
+ switch/case for each type and copies the index. This is
+ stored in a uint16. This index is then validated. Depending
+ on the message, the source index is an unsigned int. If
+ integer truncation occurs (uint->uint16) the top 16 bits
+ of the index are never validated.
+
+ When they are used later on (e.g. in
+ vhost_user_set_vring_num() or vhost_user_set_vring_addr())
+ it can lead to out of bound indexing. The out of bound
+ indexed data gets written to, and hence this can cause
+ memory corruption.
+
+ This patch fixes this vulnerability by declaring vring
+ index as an unsigned int in
+ vhost_user_check_and_alloc_queue_pair().
+
+ Fixes: 160cbc815b41 ("vhost: remove a hack on queue allocation")
+ Cc: stable@dpdk.org
+
+ This issue has been assigned CVE-2020-10723
+
+ Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+ Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
+ Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>
+ Reviewed-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+
* Wed May 20 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-29
-- vhost: check log mmap offset and size overflow
- [517d8488dcf0ca7bb7f7db2fe8167389141aff9d]
+- vhost: check log mmap offset and size overflow [RH git: 517d8488dc]
+ vhost_user_set_log_base() is a message handler that is
+ called to handle the VHOST_USER_SET_LOG_BASE message.
+ Its payload contains a 64 bit size and offset. Both are
+ added up and used as a size when calling mmap().
+
+ There is no integer overflow check. If an integer overflow
+ occurs a smaller memory map would be created than
+ requested. Since the returned mapping is mapped as writable
+ and used for logging, a memory corruption could occur.
+
+ Fixes: fbc4d248b198 ("vhost: fix offset while mmaping log base address")
+ Cc: stable@dpdk.org
+
+ This issue has been assigned CVE-2020-10722
+
+ Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+ Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
+ Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>
+ Reviewed-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+
* Fri May 15 2020 Dumitru Ceara <dceara@redhat.com> - 2.13.0-28
-- raft: Disable RAFT jsonrpc inactivity probe. (#1836308)
- [3d9b529afb098531190d57d6f35d1622bb4093cd]
+- raft: Disable RAFT jsonrpc inactivity probe. [RH git: 3d9b529afb] (#1836308)
+ [ upstream commit 1600e0040caded7eaa9b1f41926f9619d8e0ec8d ]
+
+ With the scale test of 640 nodes k8s cluster, raft DB nodes' jsonrpc
+ session got closed due to the timeout of default 5 seconds probe.
+ It will cause disturbance of the raft cluster. Since we already have
+ the heartbeat for RAFT, just disable the probe between the servers
+ to avoid the unnecessary jsonrpc inactivity probe.
+
+ Acked-by: Han Zhou <hzhou@ovn.org>
+ Signed-off-by: Zhen Wang <zhewang@nvidia.com>
+ Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
+
+ Resolves: #1836308
+ Signed-off-by: Dumitru Ceara <dceara@redhat.com>
+
* Fri May 15 2020 Dumitru Ceara <dceara@redhat.com> - 2.13.0-27
-- raft: Fix leak of the incomplete command. (#1836307)
- [5c38ccd52fb3925e82eda20f1897ec02abb390d9]
+- raft: Fix leak of the incomplete command. [RH git: 5c38ccd52f] (#1836307)
+ [ upstream commit 168beb87ca63056e8896b09a60031565b7b60728 ]
+
+ Function raft_command_initiate() returns correctly referenced command
+ instance. 'n_ref' equals 1 for complete commands and 2 for incomplete
+ commands because one more reference is in raft->commands list.
+ raft_handle_execute_command_request__() leaks the reference by not
+ returning pointer anywhere and not unreferencing incomplete commands.
+
+ 792 bytes in 11 blocks are definitely lost in loss record 258 of 262
+ at 0x483BB1A: calloc (vg_replace_malloc.c:762)
+ by 0x44BA32: xcalloc (util.c:121)
+ by 0x422E5F: raft_command_create_incomplete (raft.c:2038)
+ by 0x422E5F: raft_command_initiate (raft.c:2061)
+ by 0x428651: raft_handle_execute_command_request__ (raft.c:4161)
+ by 0x428651: raft_handle_execute_command_request (raft.c:4177)
+ by 0x428651: raft_handle_rpc (raft.c:4230)
+ by 0x428651: raft_conn_run (raft.c:1445)
+ by 0x428DEA: raft_run (raft.c:1803)
+ by 0x407392: main_loop (ovsdb-server.c:226)
+ by 0x407392: main (ovsdb-server.c:469)
+
+ Fixes: 1b1d2e6daa56 ("ovsdb: Introduce experimental support for clustered databases.")
+ Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
+ Acked-by: Han Zhou <hzhou@ovn.org>
+ Signed-off-by: William Tu <u9012063@gmail.com>
+
+ Resolves: #1836307
+ Signed-off-by: Dumitru Ceara <dceara@redhat.com>
+
* Fri May 15 2020 Dumitru Ceara <dceara@redhat.com> - 2.13.0-26
-- raft: Fix the problem of stuck in candidate role forever. (#1836305)
- [9c76350e271546eedfeb18720975e35b4e36e1f1]
+- raft: Fix the problem of stuck in candidate role forever. [RH git: 9c76350e27] (#1836305)
+ [ upstream commit 25a7e5547f1e107db0f032ad269f447c57401531 ]
+
+ Sometimes a server can stay in candidate role forever, even if the server
+ already see the new leader and handles append-requests normally. However,
+ because of the wrong role, it appears as disconnected from cluster and
+ so the clients are disconnected.
+
+ This problem happens when 2 servers become candidates in the same
+ term, and one of them is elected as leader in that term. It can be
+ reproduced by the test cases added in this patch.
+
+ The root cause is that the current implementation only changes role to
+ follower when a bigger term is observed (in raft_receive_term__()).
+ According to the RAFT paper, if another candidate becomes leader with
+ the same term, the candidate should change to follower.
+
+ This patch fixes it by changing the role to follower when leader
+ is being updated in raft_update_leader().
+
+ Signed-off-by: Han Zhou <hzhou@ovn.org>
+ Signed-off-by: Ben Pfaff <blp@ovn.org>
+
+ Resolves: #1836305
+ Signed-off-by: Dumitru Ceara <dceara@redhat.com>
+
* Fri May 15 2020 Dumitru Ceara <dceara@redhat.com> - 2.13.0-25
-- raft: Fix next_index in install_snapshot reply handling. (#1836305)
- [cc3d02699203e2fe9d9fd384d09e268ba614828d]
+- raft: Fix next_index in install_snapshot reply handling. [RH git: cc3d026992] (#1836305)
+ [ upstream commit 877618fc833273d1e29e012b5e925d51cba80ff5 ]
+
+ When a leader handles install_snapshot reply, the next_index for
+ the follower should be log_start instead of log_end, because there
+ can be new entries added in leader's log after initiating the
+ install_snapshot procedure. Also, it should send all the accumulated
+ entries to follower in the following append-request message, instead
+ of sending 0 entries, to speed up the converge.
+
+ Without this fix, there is no functional problem, but it takes
+ uncessary extra rounds of append-requests responsed with "inconsistency"
+ by follower, although finally will be converged.
+
+ Signed-off-by: Han Zhou <hzhou@ovn.org>
+ Signed-off-by: Ben Pfaff <blp@ovn.org>
+
+ Resolves: #1836305
+ Signed-off-by: Dumitru Ceara <dceara@redhat.com>
+
* Fri May 15 2020 Dumitru Ceara <dceara@redhat.com> - 2.13.0-24
-- raft: Avoid busy loop during leader election. (#1836305)
- [053b78c8d60ffb4d212fd7894f91be52027f291f]
+- raft: Avoid busy loop during leader election. [RH git: 053b78c8d6] (#1836305)
+ [ upstream commit 3ae90e1899c5a05148ea1870d9bb4ac3c05e3a19 ]
+
+ When a server doesn't see a leader yet, e.g. during leader re-election,
+ if a transaction comes from a client, it will cause 100% CPU busy loop.
+ With debug log enabled it is like:
+
+ 2020-02-28T04:04:35.631Z|00059|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164
+ 2020-02-28T04:04:35.631Z|00062|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164
+ 2020-02-28T04:04:35.631Z|00065|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164
+ 2020-02-28T04:04:35.631Z|00068|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164
+ 2020-02-28T04:04:35.631Z|00071|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164
+ 2020-02-28T04:04:35.631Z|00074|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164
+ 2020-02-28T04:04:35.631Z|00077|poll_loop|DBG|wakeup due to 0-ms timeout at ../ovsdb/trigger.c:164
+ ...
+
+ The problem is that in ovsdb_trigger_try(), all cluster errors are treated
+ as temporary error and retry immediately. This patch fixes it by introducing
+ 'run_triggers_now', which tells if a retry is needed immediately. When the
+ cluster error is with detail 'not leader', we don't immediately retry, but
+ will wait for the next poll event to trigger the retry. When 'not leader'
+ status changes, there must be a event, i.e. raft RPC that changes the
+ status, so the trigger is guaranteed to be triggered, without busy loop.
+
+ Signed-off-by: Han Zhou <hzhou@ovn.org>
+ Signed-off-by: Ben Pfaff <blp@ovn.org>
+
+ Resolves: #1836305
+ Signed-off-by: Dumitru Ceara <dceara@redhat.com>
+
* Fri May 15 2020 Dumitru Ceara <dceara@redhat.com> - 2.13.0-23
-- raft: Fix raft_is_connected() when there is no leader yet. (#1836305)
- [e732012d7be335650398ff03c2431c64b2c4aaba]
+- raft: Fix raft_is_connected() when there is no leader yet. [RH git: e732012d7b] (#1836305)
+ [ upstream commit adc64ab057345f7004c44bf92363b9adda862134 ]
+
+ If there is never a leader known by the current server, it's status
+ should be "disconnected" to the cluster. Without this patch, when
+ a server in cluster is restarted, before it successfully connecting
+ back to the cluster it will appear as connected, which is wrong.
+
+ Signed-off-by: Han Zhou <hzhou@ovn.org>
+ Signed-off-by: Ben Pfaff <blp@ovn.org>
+
+ Resolves: #1836305
+ Signed-off-by: Dumitru Ceara <dceara@redhat.com>
+
* Fri May 15 2020 Dumitru Ceara <dceara@redhat.com> - 2.13.0-22
-- ovsdb-server: Don't disconnect clients after raft install_snapshot. (#1836305)
- [8ff30dfee6cb075e36ed38b77695ff03321ce12b]
+- ovsdb-server: Don't disconnect clients after raft install_snapshot. [RH git: 8ff30dfee6] (#1836305)
+ [ upstream commit f0c8b44c5832c36989fad78927407fc14e64ce46 ]
+
+ When "schema" field is found in read_db(), there can be two cases:
+ 1. There is a schema change in clustered DB and the "schema" is the new one.
+ 2. There is a install_snapshot RPC happened, which caused log compaction on the
+ server and the next log is just the snapshot, which always constains "schema"
+ field, even though the schema hasn't been changed.
+
+ The current implementation doesn't handle case 2), and always assume the schema
+ is changed hence disconnect all clients of the server. It can cause stability
+ problem when there are big number of clients connected when this happens in
+ a large scale environment.
+
+ Signed-off-by: Han Zhou <hzhou@ovn.org>
+ Signed-off-by: Ben Pfaff <blp@ovn.org>
+
+ Resolves: #1836305
+ Signed-off-by: Dumitru Ceara <dceara@redhat.com>
+
* Fri May 15 2020 Dumitru Ceara <dceara@redhat.com> - 2.13.0-21
-- raft-rpc: Fix message format. (#1836305)
- [914d885061c9f7e7e6e5f921065301e08837e122]
+- raft-rpc: Fix message format. [RH git: 914d885061] (#1836305)
+ [ upstream commit 78c8011f58daec41ec97440f2e42795699322742 ]
+
+ Signed-off-by: Han Zhou <hzhou@ovn.org>
+ Signed-off-by: Ben Pfaff <blp@ovn.org>
+
+ Resolves: #1836305
+ Signed-off-by: Dumitru Ceara <dceara@redhat.com>
+
* Wed Apr 22 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-20
-- redhat: pkgtool: Use the oldest sha1
- [4c657a79de8221c769d4622ff4110b6aaccf938a]
+- redhat: pkgtool: Use the oldest sha1 [RH git: 4c657a79de]
+ Doing git merge from a branch to another branch the tag:C0FF3E commit is
+ repeated, but the correct one is the oldest one.
+
* Mon Apr 20 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-19
-- Fix building locally on Fedora 32+
- [d1c89e4d998507fcd18a1e94bc6459f016e6310e]
+- Fix building locally on Fedora 32+ [RH git: d1c89e4d99]
+
* Thu Apr 16 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-18
-- Set -fcommon in DPDK CFLAGS
- [f8a379e95e8617d9371cd87bfa559fa14e88fc33]
+- Set -fcommon in DPDK CFLAGS [RH git: f8a379e95e]
+ This is needed to build on Fedora 32+
+
* Thu Apr 16 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-17
-- Update DPDK config files for 19.11.1
- [d771330907cee39a6c08409f866c3abcb9d90351]
+- Update DPDK config files for 19.11.1 [RH git: d771330907]
+
* Thu Apr 16 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-16
-- Merge tag 'v19.11.1' into fast-datapath-rhel-8
- [0b3abfb0e63fc2838c15eb119a1876f9691fd70e]
+- Merge tag 'v19.11.1' into fast-datapath-rhel-8 [RH git: 0b3abfb0e6]
+ dpdk-19.11.1
+
* Tue Apr 14 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-15
-- bugtool: Fix for Python3. (#1809241)
- [71f25b7920093daa59827a0a4be4095309aec6ff]
+- bugtool: Fix for Python3. [RH git: 71f25b7920] (#1809241)
+ Currently ovs-bugtool tool doesn't start on Python 3.
+ This commit fixes ovs-bugtool to make it works on Python 3.
+
+ Replaced StringIO.StringIO with io.BytesIO since the script is
+ processing binary data.
+
+ Reported-at: https://bugzilla.redhat.com/1809241
+ Reported-by: Flavio Leitner <fbl@sysclose.org>
+ Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
+ Co-authored-by: William Tu <u9012063@gmail.com>
+ Signed-off-by: William Tu <u9012063@gmail.com>
+ (cherry picked from commit 9e6c00bca9af29031d0e160d33174b7ae99b9244)
+
* Tue Apr 07 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-14
-- redhat: Skip NVR check only if building rhel-8 on rhel-7.
- [2b9f32bef20febced3dbcd85b6cb986b8475d121]
+- redhat: Skip NVR check only if building rhel-8 on rhel-7. [RH git: 2b9f32bef2]
+
* Mon Apr 06 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-13
-- redhat: rh-dgit-brew: Skip NVR check in RHEL-7.
- [6280d8d29ff80c38b076bae005b3a19ec2375bc7]
+- redhat: rh-dgit-brew: Skip NVR check in RHEL-7. [RH git: 6280d8d29f]
+ The RPM in RHEL-7 can't parse Supplements tag in the SPEC to get
+ the package NVR. The NVR is used to check if brew is already done.
+
+ error: line 241: Unknown tag: Supplements: (openvswitch2.13 and network-scripts)
+ error: query of specfile openvswitch2.13.spec failed, can't parse
+
+ Use --skip-nvr-check to work around the issue.
+
* Mon Apr 06 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-12
-- redhat: pkgtool: Use BZ id from reported-at tag.
- [3ee7ec51b693eaf1715c0bbf8da2500405c7d8fe]
+- redhat: pkgtool: Use BZ id from reported-at tag. [RH git: 3ee7ec51b6]
+ Some upstream commits might contain the Reported-at tag
+ pointing to Red Hat bugzilla. In that case, use the BZ id
+ in the package's changelog.
+
+ Signed-off-by: Flavio Leitner <fbl@redhat.com>
+
* Fri Mar 27 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-11
-- redhat: ovsci: Schedule the CI job while brew is building.
- [1551e1e70e9ce98e61b9597f90c6c23b5dee6f1c]
+- redhat: ovsci: Schedule the CI job while brew is building. [RH git: 1551e1e70e]
+ The CI will wait for the brew build to complete and this helps
+ to have a single place to monitor and also to record in the
+ CI log the brew build.
+
* Tue Mar 24 2020 Flavio Leitner <fbl@redhat.com> - 2.13.0-10
-- redhat: ovsci: Use the correct job name and params.
- [220f32afb2a3ce5437b6a502937cda7f887e9304]
+- redhat: ovsci: Use the correct job name and params. [RH git: 220f32afb2]
+ Jenkins needs to support different use-cases so fix the
+ parameters to be uniform and the job name to allow multiple
+ triggers (formal and non-formal releases processes).
+
+ Signed-off-by: Flavio Leitner <fbl@redhat.com>
+
* Mon Mar 23 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-9
-- Add compatibility with RHEL7 git
- [34929957833d71263e072c24842eaba3d61ad235]
+- Add compatibility with RHEL7 git [RH git: 3492995783]
+
* Mon Mar 23 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-8
-- Use the date in UTC
- [b53bdb16b8575fd3fbb28af2b704abd1eccb27d8]
+- Use the date in UTC [RH git: b53bdb16b8]
+ In order to avoid changing date in changelog cast the date in UTC
+
* Mon Mar 23 2020 Numan Siddique <nusiddiq@redhat.com> - 2.13.0-7
-- ofproto-dpif-xlate: Fix recirculation when in_port is OFPP_CONTROLLER. (#1775160)
- [4ee0f6af9e601cbb5f69a486526d1011314bbfed]
+- ofproto-dpif-xlate: Fix recirculation when in_port is OFPP_CONTROLLER. [RH git: 4ee0f6af9e] (#1775160)
+ [ upstream commit c5a910dd92ecbad24f86b4c59b4ff8105b5149fd ]
+
+ Recirculation usually requires finding the pre-recirculation input port.
+ Packets sent by the controller, with in_port of OFPP_CONTROLLER or
+ OFPP_NONE, do not have a real input port data structure, only a port
+ number. The code in xlate_lookup_ofproto_() mishandled this case,
+ failing to return the ofproto data structure. This commit fixes the
+ problem and adds a test to guard against regression.
+
+ Reported-by: Numan Siddique <numans@ovn.org>
+ Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2020-March/368642.html
+ Tested-by: Numan Siddique <numans@ovn.org>
+ Acked-by: Numan Siddique <numans@ovn.org>
+ Signed-off-by: Ben Pfaff <blp@ovn.org>
+
+ Resolves: #1775160
+ Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
+
* Wed Mar 11 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-6
-- vhost: fix packed virtqueue ready condition (#1812620)
- [0b4e7827b873c8a420171d840bde5d3c77a67e60]
+- vhost: fix packed virtqueue ready condition [RH git: 0b4e7827b8] (#1812620)
+ [ upstream commit c5a910dd92ecbad24f86b4c59b4ff8105b5149fd ]
+
+ Consider a virtqueue ready when, apart from the descriptor area,
+ both event suppression areas have been mapped.
+
+ Fixes: 2d1541e2b6b3 ("vhost: add vring address setup for packed queues")
+
+ Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
+ Reviewed-by: Tiwei Bie <tiwei.bie@intel.com>
+
+ Resolves: #1812620
+
* Thu Feb 27 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-5
-- redhat: permit make to fail when pkgtool --gen{spec,patches} exist badly
- [61807f941ec5ddcbfb0cf1f4ba6a52d934c72f06]
+- redhat: permit make to fail when pkgtool --gen{spec,patches} exist badly [RH git: 61807f941e]
+
* Tue Feb 25 2020 Timothy Redaelli <tredaelli@redhat.com> - 2.13.0-4
-- vhost: protect log address translation in IOTLB update (#1806599)
- [0d4370404fa971cb07ca2bf9cb0cdf98ecc54d4b]
+- vhost: protect log address translation in IOTLB update [RH git: 0d4370404f] (#1806599)
+ [ upstream commit 4f37df14c405b754b5e971c75f4f67f4bb5bfdde ]
+
+ Currently, the log address translation only happens in the vhost-user's
+ translate_ring_addresses(). However, the IOTLB update handler is not
+ checking if it was mapped to re-trigger that translation.
+
+ Since the log address mapping could fail, check it on iotlb updates.
+ Also, check it on vring_translate() so we do not dirty pages if the
+ logging address is not yet ready.
+
+ Additionally, properly protect the accesses to the iotlb structures.
+
+ Fixes: fbda9f145927 ("vhost: translate incoming log address to GPA")
+
+ Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
+ Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
+
+ Resolves: #1806599
+ Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
+