Mirror of git.yoctoproject.org/meta-virtualization https://git.enea.com/cgit/linux/meta-virtualization.git/atom?h=hardknott-next 2021-10-01T02:49:18+00:00 2021-10-01T02:49:18+00:00 Xu, Yanfei yanfei.xu@windriver.com 2021-09-29T03:36:48+00:00 urn:sha1:8e36520924fdadda20d7a6d09d9884e65a5555c2 Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-36980 Patches from: format-patch from ovs v2.15.1 Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2021-03-12T03:33:29+00:00 Zqiang qiang.zhang@windriver.com 2021-03-11T08:50:50+00:00 urn:sha1:415fd5eb2c5556a3ff21993c7857e11bcec3f237 - OVSDB: * Changed format in which ovsdb transactions are stored in database files. Now each transaction contains diff of data instead of the whole new value of a column. New ovsdb-server process will be able to read old database format, but old processes will *fail* to read database created by the new one. For cluster and active-backup service models follow upgrade instructions in 'Upgrading from version 2.14 and earlier to 2.15 and later' section of ovsdb(7). * New unixctl command 'ovsdb-server/get-db-storage-status' to show the status of the storage that's backing a database. * New unixctl command 'ovsdb-server/memory-trim-on-compaction on|off'. If turned on, ovsdb-server will try to reclaim all the unused memory after every DB compaction back to OS. Disabled by default. * Maximum backlog on RAFT connections limited to 500 messages or 4GB. Once threshold reached, connection is dropped (and re-established). Use the 'cluster/set-backlog-threshold' command to change limits. - DPDK: * Removed support for vhost-user dequeue zero-copy. * Add support for DPDK 20.11. - Userspace datapath: * Add the 'pmd' option to "ovs-appctl dpctl/dump-flows", which restricts a flow dump to a single PMD thread if set. * New 'options:dpdk-vf-mac' field for DPDK interface of VF ports, that allows configuring the MAC address of a VF representor. * Add generic IP protocol support to conntrack. With this change, all none UDP, TCP, and ICMP traffic will be treated as general L3 traffic, i.e. using 3 tupples. * Add parameters 'pmd-auto-lb-load-threshold' and 'pmd-auto-lb-improvement-threshold' to configure PMD auto load balance behaviour. - The environment variable OVS_UNBOUND_CONF, if set, is now used as the DNS resolver's (unbound) configuration file. - Linux datapath: * Support for kernel versions up to 5.8.x. - Terminology: * The terms "master" and "slave" have been replaced by "primary" and "secondary", respectively, for OpenFlow connection roles. * The term "slave" has been replaced by "member", for bonds, LACP, and OpenFlow bundle actions. - Support for GitHub Actions based continuous integration builds has been added. - Bareudp Tunnel * Bareudp device support is present in linux kernel from version 5.7 * Kernel bareudp device is not backported to ovs tree. * Userspace datapath support is not added - ovs-dpctl and 'ovs-appctl dpctl/': * New commands '{add,mod,del}-flows' where added, which allow adding, deleting, or modifying flows based on information read from a file. - IPsec: * Add option '--no-cleanup' to allow ovs-monitor-ipsec to stop without tearing down IPsec tunnels. * Add option '--no-restart-ike-daemon' to allow ovs-monitor-ipsec to start without restarting ipsec daemon. - Building the Linux kernel module from the OVS source tree is deprecated * Support for the Linux kernel is capped at version 5.8 * Only bug fixes for the Linux OOT kernel module will be accepted. * The Linux kernel module will be fully removed from the OVS source tree in OVS branch 2.18 fix some do_patch error about local patch. Signed-off-by: Zqiang <qiang.zhang@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2020-10-28T03:24:47+00:00 Chen Qi Qi.Chen@windriver.com 2020-10-20T06:59:28+00:00 urn:sha1:28cca9a78e91adc800e079588797df4cf82a378b /var/run has been deprecated by systemd, so use /run instead, as suggested by systemd. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2020-02-20T17:43:14+00:00 Mark Asselstine mark.asselstine@windriver.com 2020-02-20T01:07:44+00:00 urn:sha1:b1b4fca4f04ba878d7c70c18817deb42eab3b712 Another straightforward uprev with one fairly large change in the changelog. The Open Virtual Network component has now been moved to its own repo (https://github.com/ovn-org/ovn.git). If you were using this functionality a new recipe will need to be created. The ptest results are similar to after the v2.12 uprev ERROR: 2206 tests were run, 28 failed unexpectedly. 62 tests were skipped. The failed tests were in the following areas: checkpatch.at (5) ovs-ofctl.at (1) tunnel.at(1) tunnel-push-pop.at(3) tunnel-push-pop-ipv6.at(3) dpif-netdev.at (1) pmd.at(1) ofproto-dpif.at (7) bridge.at (2) ovsdb-idl.at(1) mcast-snooping.at(1) packet-type-aware.at(2) None of these affect core functionality or usecases and are similar to the results we see with v1.12. If specific usecases are affected by these failures we should address them on a need to fix basis. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2019-09-15T03:51:16+00:00 Mark Asselstine mark.asselstine@windriver.com 2019-09-12T19:55:31+00:00 urn:sha1:ab382e2453d652181eb7a6fb4dcf201d4b33b94a openembedded-core commit fb064356af61 [Remove LSB support] dropped the 'lsb' recipe which caused openvswitch to throw a dependency fail for both sysvinit and systemd builds. LSB init functions for log_begin_msg, log_end_msg and others were being used. We now use the functions from ovs-lib which are part of OVS and supply the remaining ones directly. This allows us to regain the functionality and drop the dependency on 'lsb'. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2019-02-03T03:49:55+00:00 Hongzhi.Song hongzhi.song@windriver.com 2019-01-30T07:46:52+00:00 urn:sha1:f9acf9a26617fe3eb4aac5d648f488ad0023a6ff The v2.11 version fixed a bug as follow. Error info: ovs|00002|db_ctl_base|ERR|external-ids:hostname=: argument does not end in "=" followed by a value. The result of ptest between v2.11 and v2.10.1 is similar. v2.11: ERROR: 2765 tests were run, 317 failed (1 expected failure). 85 tests were skipped. v2.10.1: ERROR: 2662 tests were run, 311 failed (1 expected failure). 85 tests were skipped. I checked the detailed result. The failed tests were mostly related to python2 as the image only use python3. Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> 2018-09-04T20:14:18+00:00 Mark Asselstine mark.asselstine@windriver.com 2018-09-04T20:12:39+00:00 urn:sha1:e47cd6f12e91dfef4c874193b516869fbac4abda The current version (v2.9.3) started to fail to build due to changes in openssl. Upstream must have run into similar issues as this was identified and addressed in v2.10.0 by including a copy of 'dhparams.c' instead of relying on it being generated. (see commit "dhparams: Add pregenerated .c file to the repository.") Additionally v2.10.0 is better aligned for our kernel and dpdk versions: kernel === 2.10.x 3.10 to 4.17 dpdk === 2.10.x 17.11.3 The changes in this commit allow for the building of v2.10.0. A second commit will be necessary to deal with a few runtime changes which prevent ovsdb-server from starting correctly. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> 2018-06-04T03:26:54+00:00 Mark Asselstine mark.asselstine@windriver.com 2018-05-30T15:47:10+00:00 urn:sha1:1fd1ff3720140baa3680d795f6d97597e5113e90 This brings us up to date with the latest upstream release. I suspect there will be an upcoming release to add compatibility with DPDK v18.05 (the DPDK release is due out any day now) but getting this fairly large release bump out of the way first will facilitate any upcoming uprev. We are able to drop they python3 patches as they have been merged upstream. Some scripts which needed to be updated to use python3 disappeared, new ones appeared so the 'use python3' patches are updated accordingly. Beyond this the biggest change is related to the systemd unit files, the ovsdb-server has been updated upstream to be generated on the fly via the spec file, we mimic this in the install_prepend. We also add the various configuration files which the unit files source before launching the services. As usual this was tested against out typical usecases including usage in meta-overc. As well the ptests have been run and the results are no better or worse. Previous version: ERROR: 2332 tests were run, 21 failed unexpectedly. 3 tests were skipped. New version: ERROR: 2527 tests were run, 29 failed unexpectedly. 3 tests were skipped. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> 2018-04-16T11:25:10+00:00 Yi Zhao yi.zhao@windriver.com 2018-04-16T07:40:12+00:00 urn:sha1:500e5d2ad58f78d3aa5132081123955b6681bb8c Refresh patches with devtool command to fix do_patch warning. Drop CVE-2017-9263.patch since it had been fixed upstream. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> 2017-07-13T14:54:49+00:00 Mark Asselstine mark.asselstine@windriver.com 2017-07-12T21:02:41+00:00 urn:sha1:165ffabe8933d2e44074d67921ea465eab4d90cb Released at the end of June 2017 this is a bugfix release with no major functional changes. Surprisingly the patch for CVE-2017-9263 is still not applied upstream so we continue to carry this change. The remaining patches were audited and cleaned up as needed. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>