diff --git a/SOURCES/openvswitch-2.13.0.patch b/SOURCES/openvswitch-2.13.0.patch index 6655281..f021065 100644 --- a/SOURCES/openvswitch-2.13.0.patch +++ b/SOURCES/openvswitch-2.13.0.patch @@ -1,6 +1,6 @@ diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh new file mode 100755 -index 0000000000..776148cfd5 +index 0000000000..c1db40519a --- /dev/null +++ b/.ci/linux-build.sh @@ -0,0 +1,242 @@ @@ -205,7 +205,7 @@ index 0000000000..776148cfd5 + # difference on 'configure' and 'make' stages. + export CC="$CC -m32" +else -+ OPTS="--enable-sparse" ++ EXTRA_OPTS="$EXTRA_OPTS --enable-sparse" + if [ "$AFXDP" ]; then + # netdev-afxdp uses memset for 64M for umem initialization. + SPARSE_FLAGS="${SPARSE_FLAGS} -Wno-memcpy-max-count" @@ -1434,13 +1434,21 @@ index b279303d18..b3b56cd50e 100644 boot.sh \ poc/builders/Vagrantfile \ diff --git a/NEWS b/NEWS -index dab94e924d..fe5743bb89 100644 +index dab94e924d..7e80b57dc5 100644 --- a/NEWS +++ b/NEWS -@@ -1,3 +1,108 @@ -+v2.13.10 - xx xxx xxxx +@@ -1,3 +1,116 @@ ++v2.13.11 - xx xxx xxxx +---------------------- + ++v2.13.10 - 20 Dec 2022 ++---------------------- ++ - Bug fixes ++ - Security: ++ * Fixed LLDP underflow issue while parsing malformed Auto Attach TLVs. ++ The original patch is available here: ++ https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html ++ +v2.13.9 - 07 Oct 2022 +--------------------- + - Bug fixes @@ -1546,7 +1554,7 @@ index dab94e924d..fe5743bb89 100644 v2.13.0 - 14 Feb 2020 --------------------- - OVN: -@@ -43,6 +148,9 @@ v2.13.0 - 14 Feb 2020 +@@ -43,6 +156,9 @@ v2.13.0 - 14 Feb 2020 - 'ovs-appctl dpctl/dump-flows' can now show offloaded=partial for partially offloaded flows, dp:dpdk for fully offloaded by dpdk, and type filter supports new filters: "dpdk" and "partially-offloaded". @@ -1556,7 +1564,7 @@ index dab94e924d..fe5743bb89 100644 v2.12.0 - 03 Sep 2019 --------------------- -@@ -117,9 +225,6 @@ v2.12.0 - 03 Sep 2019 +@@ -117,9 +233,6 @@ v2.12.0 - 03 Sep 2019 * Add support for conntrack zone-based timeout policy. - 'ovs-dpctl dump-flows' is no longer suitable for dumping offloaded flows. 'ovs-appctl dpctl/dump-flows' should be used instead. @@ -1730,7 +1738,7 @@ index f6b88ca2d0..9429702db9 100755 manpages=`cd $distdir && echo *` diff --git a/configure.ac b/configure.ac -index 92b52f6712..506b94ad45 100644 +index 92b52f6712..8f895b55c0 100644 --- a/configure.ac +++ b/configure.ac @@ -13,7 +13,7 @@ @@ -1738,7 +1746,7 @@ index 92b52f6712..506b94ad45 100644 AC_PREREQ(2.63) -AC_INIT(openvswitch, 2.13.0, bugs@openvswitch.org) -+AC_INIT(openvswitch, 2.13.10, bugs@openvswitch.org) ++AC_INIT(openvswitch, 2.13.11, bugs@openvswitch.org) AC_CONFIG_SRCDIR([datapath/datapath.c]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) @@ -2790,15 +2798,21 @@ index 23118e8b63..05ccfb9288 100644 *saddr = fl6.saddr; if (use_cache) diff --git a/debian/changelog b/debian/changelog -index 8e075bc98b..87231dcc6e 100644 +index 8e075bc98b..48c2273df1 100644 --- a/debian/changelog +++ b/debian/changelog -@@ -1,3 +1,63 @@ +@@ -1,3 +1,69 @@ ++openvswitch (2.13.11-1) unstable; urgency=low ++ [ Open vSwitch team ] ++ * New upstream version ++ ++ -- Open vSwitch team Tue, 20 Dec 2022 20:05:48 +0100 ++ +openvswitch (2.13.10-1) unstable; urgency=low + [ Open vSwitch team ] + * New upstream version + -+ -- Open vSwitch team Fri, 07 Oct 2022 13:11:43 +0200 ++ -- Open vSwitch team Tue, 20 Dec 2022 20:05:48 +0100 + +openvswitch (2.13.9-1) unstable; urgency=low + [ Open vSwitch team ] @@ -115959,6 +115973,97 @@ index 45bb96b543..f3f0358b36 100644 } } else if (OVS_LIKELY(nw_proto == IPPROTO_UDP)) { if (OVS_LIKELY(size >= UDP_HEADER_LEN)) { +diff --git a/lib/hash.c b/lib/hash.c +index 06f83395c1..c722f3c3cc 100644 +--- a/lib/hash.c ++++ b/lib/hash.c +@@ -61,13 +61,13 @@ hash_double(double x, uint32_t basis) + } + + uint32_t +-hash_words__(const uint32_t p[], size_t n_words, uint32_t basis) ++hash_words__(const uint32_t *p, size_t n_words, uint32_t basis) + { + return hash_words_inline(p, n_words, basis); + } + + uint32_t +-hash_words64__(const uint64_t p[], size_t n_words, uint32_t basis) ++hash_words64__(const uint64_t *p, size_t n_words, uint32_t basis) + { + return hash_words64_inline(p, n_words, basis); + } +diff --git a/lib/hash.h b/lib/hash.h +index eb3776500a..60a39a40b8 100644 +--- a/lib/hash.h ++++ b/lib/hash.h +@@ -235,7 +235,7 @@ hash_words_inline(const uint32_t p_[], size_t n_words, uint32_t basis) + /* A simpler version for 64-bit data. + * 'n_words' is the count of 64-bit words, basis is 64 bits. */ + static inline uint32_t +-hash_words64_inline(const uint64_t p[], size_t n_words, uint32_t basis) ++hash_words64_inline(const uint64_t *p, size_t n_words, uint32_t basis) + { + uint64_t hash1 = basis; + uint64_t hash2 = 0; +@@ -284,14 +284,14 @@ static inline uint32_t hash_pointer(const void *p, uint32_t basis) + } + #endif + +-uint32_t hash_words__(const uint32_t p[], size_t n_words, uint32_t basis); +-uint32_t hash_words64__(const uint64_t p[], size_t n_words, uint32_t basis); ++uint32_t hash_words__(const uint32_t *p, size_t n_words, uint32_t basis); ++uint32_t hash_words64__(const uint64_t *p, size_t n_words, uint32_t basis); + + /* Inline the larger hash functions only when 'n_words' is known to be + * compile-time constant. */ + #if __GNUC__ >= 4 + static inline uint32_t +-hash_words(const uint32_t p[], size_t n_words, uint32_t basis) ++hash_words(const uint32_t *p, size_t n_words, uint32_t basis) + { + if (__builtin_constant_p(n_words)) { + return hash_words_inline(p, n_words, basis); +@@ -301,7 +301,7 @@ hash_words(const uint32_t p[], size_t n_words, uint32_t basis) + } + + static inline uint32_t +-hash_words64(const uint64_t p[], size_t n_words, uint32_t basis) ++hash_words64(const uint64_t *p, size_t n_words, uint32_t basis) + { + if (__builtin_constant_p(n_words)) { + return hash_words64_inline(p, n_words, basis); +@@ -313,26 +313,26 @@ hash_words64(const uint64_t p[], size_t n_words, uint32_t basis) + #else + + static inline uint32_t +-hash_words(const uint32_t p[], size_t n_words, uint32_t basis) ++hash_words(const uint32_t *p, size_t n_words, uint32_t basis) + { + return hash_words__(p, n_words, basis); + } + + static inline uint32_t +-hash_words64(const uint64_t p[], size_t n_words, uint32_t basis) ++hash_words64(const uint64_t *p, size_t n_words, uint32_t basis) + { + return hash_words64__(p, n_words, basis); + } + #endif + + static inline uint32_t +-hash_bytes32(const uint32_t p[], size_t n_bytes, uint32_t basis) ++hash_bytes32(const uint32_t *p, size_t n_bytes, uint32_t basis) + { + return hash_words(p, n_bytes / 4, basis); + } + + static inline uint32_t +-hash_bytes64(const uint64_t p[], size_t n_bytes, uint32_t basis) ++hash_bytes64(const uint64_t *p, size_t n_bytes, uint32_t basis) + { + return hash_words64(p, n_bytes / 8, basis); + } diff --git a/lib/hindex.h b/lib/hindex.h index 876c5a9e39..f7a30d511a 100644 --- a/lib/hindex.h @@ -116474,7 +116579,7 @@ index e70a2b7048..34bb7e3d69 100644 -Cflags: -I${includedir}/openvswitch +Cflags: -I${includedir} diff --git a/lib/lldp/lldp.c b/lib/lldp/lldp.c -index 74f747fcdc..dfeb2a8002 100644 +index 74f747fcdc..6fdcfef569 100644 --- a/lib/lldp/lldp.c +++ b/lib/lldp/lldp.c @@ -59,7 +59,7 @@ VLOG_DEFINE_THIS_MODULE(lldp); @@ -116631,7 +116736,23 @@ index 74f747fcdc..dfeb2a8002 100644 PEEK_BYTES(orgid, sizeof orgid); tlv_subtype = PEEK_UINT8; if (memcmp(dot1, orgid, sizeof orgid) == 0) { -@@ -625,6 +684,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s, +@@ -524,6 +583,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s, + + switch(tlv_subtype) { + case LLDP_TLV_AA_ELEMENT_SUBTYPE: ++ CHECK_TLV_SIZE(50, "ELEMENT"); + PEEK_BYTES(&msg_auth_digest, sizeof msg_auth_digest); + + aa_element_dword = PEEK_UINT32; +@@ -570,6 +630,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s, + break; + + case LLDP_TLV_AA_ISID_VLAN_ASGNS_SUBTYPE: ++ CHECK_TLV_SIZE(36, "ISID_VLAN_ASGNS"); + PEEK_BYTES(&msg_auth_digest, sizeof msg_auth_digest); + + /* Subtract off tlv type and length (2Bytes) + OUI (3B) + +@@ -625,6 +686,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s, VLOG_WARN("unknown tlv (%d) received on %s", tlv_type, hardware->h_ifname); @@ -119957,10 +120078,10 @@ index b990ed9d59..0d3290dc37 100644 cursor.entry_idx = -1; diff --git a/lib/rculist.h b/lib/rculist.h -index 1072b87af2..9bb8cbf3eb 100644 +index 1072b87af2..6df963eb2b 100644 --- a/lib/rculist.h +++ b/lib/rculist.h -@@ -365,35 +365,57 @@ rculist_is_singleton_protected(const struct rculist *list) +@@ -365,35 +365,59 @@ rculist_is_singleton_protected(const struct rculist *list) return list_next == list->prev && list_next != list; } @@ -120007,12 +120128,14 @@ index 1072b87af2..9bb8cbf3eb 100644 + UPDATE_MULTIVAR(ITER, rculist_next(ITER_VAR(ITER)))) + +#define RCULIST_FOR_EACH_REVERSE_PROTECTED(ITER, MEMBER, RCULIST) \ -+ for (INIT_MULTIVAR(ITER, MEMBER, (RCULIST)->prev, struct rculist); \ ++ for (INIT_MULTIVAR(ITER, MEMBER, rculist_back_protected(RCULIST), \ ++ struct rculist); \ + CONDITION_MULTIVAR(ITER, MEMBER, ITER_VAR(ITER) != (RCULIST)); \ -+ UPDATE_MULTIVAR(ITER, ITER_VAR(ITER)->prev)) ++ UPDATE_MULTIVAR(ITER, rculist_back_protected(ITER_VAR(ITER)))) + +#define RCULIST_FOR_EACH_REVERSE_PROTECTED_CONTINUE(ITER, MEMBER, RCULIST) \ -+ for (INIT_MULTIVAR(ITER, MEMBER, (ITER)->MEMBER.prev, struct rculist); \ ++ for (INIT_MULTIVAR(ITER, MEMBER, rculist_back_protected(ITER->MEMBER), \ ++ struct rculist); \ + CONDITION_MULTIVAR(ITER, MEMBER, ITER_VAR(ITER) != (RCULIST)); \ + UPDATE_MULTIVAR(ITER, ITER_VAR(ITER)->prev)) + @@ -125840,10 +125963,36 @@ index 4893280a99..a0487341c9 100644 bad_action 'fin_timeout(foo=bar)' "invalid key 'foo' in 'fin_timeout' argument" diff --git a/tests/ofproto-dpif.at b/tests/ofproto-dpif.at -index ff1cc93707..c23f1ba891 100644 +index ff1cc93707..c308468177 100644 --- a/tests/ofproto-dpif.at +++ b/tests/ofproto-dpif.at -@@ -119,6 +119,22 @@ AT_CHECK([test `egrep 'in_port\(6\)' br1_flows.txt |wc -l` -gt 3]) +@@ -29,6 +29,25 @@ AT_CHECK([ovs-appctl revalidator/wait]) + OVS_VSWITCHD_STOP + AT_CLEANUP + ++AT_SETUP([ofproto-dpif - malformed lldp autoattach tlv]) ++OVS_VSWITCHD_START() ++add_of_ports br0 1 ++ ++dnl Enable lldp ++AT_CHECK([ovs-vsctl set interface p1 lldp:enable=true]) ++ ++dnl Send a malformed lldp packet ++packet="0180c200000ef6b426aa5f0088cc020704f6b426aa5f000403057632060200780c"dnl ++"5044454144424545464445414442454546444541444245454644454144424545464445414"dnl ++"4424545464445414442454546444541444245454644454144424545464445414442454546"dnl ++"4445414442454546fe0500040d0c010000" ++AT_CHECK([ovs-appctl netdev-dummy/receive p1 "$packet"], [0], [stdout]) ++ ++OVS_WAIT_UNTIL([grep -q "ISID_VLAN_ASGNS TLV too short" ovs-vswitchd.log]) ++ ++OVS_VSWITCHD_STOP(["/|WARN|ISID_VLAN_ASGNS TLV too short received on/d"]) ++AT_CLEANUP ++ + AT_SETUP([ofproto-dpif - active-backup bonding]) + # Create br0 with interfaces p1, p2 and p7, creating bond0 with p1 and p2 + # and br1 with interfaces p3, p4 and p8. +@@ -119,6 +138,22 @@ AT_CHECK([test `egrep 'in_port\(6\)' br1_flows.txt |wc -l` -gt 3]) OVS_VSWITCHD_STOP AT_CLEANUP @@ -125866,7 +126015,7 @@ index ff1cc93707..c23f1ba891 100644 AT_SETUP([ofproto-dpif - balance-tcp bonding]) # Create br0 with interfaces bond0(p1, p2, p3) and p7, # and br1 with interfaces bond1(p4, p5, p6) and p8. -@@ -171,6 +187,73 @@ AT_CHECK([test `grep in_port.6 br1_flows.txt |wc -l` -gt 24]) +@@ -171,6 +206,73 @@ AT_CHECK([test `grep in_port.6 br1_flows.txt |wc -l` -gt 24]) OVS_VSWITCHD_STOP() AT_CLEANUP @@ -125940,7 +126089,7 @@ index ff1cc93707..c23f1ba891 100644 # Makes sure recirculation does not change the way packet is handled. AT_SETUP([ofproto-dpif - balance-tcp bonding, different recirc flow ]) OVS_VSWITCHD_START( -@@ -4534,6 +4617,54 @@ recirc_id(0),in_port(90),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(proto=6,fr +@@ -4534,6 +4636,54 @@ recirc_id(0),in_port(90),packet_type(ns=0,id=0),eth_type(0x0800),ipv4(proto=6,fr OVS_VSWITCHD_STOP AT_CLEANUP @@ -125995,7 +126144,7 @@ index ff1cc93707..c23f1ba891 100644 AT_SETUP([ofproto-dpif - exit]) OVS_VSWITCHD_START add_of_ports br0 1 2 3 10 11 12 13 14 -@@ -5171,6 +5302,65 @@ AT_CHECK_UNQUOTED([tail -1 stdout], [0], [Datapath actions: 2 +@@ -5171,6 +5321,65 @@ AT_CHECK_UNQUOTED([tail -1 stdout], [0], [Datapath actions: 2 OVS_VSWITCHD_STOP AT_CLEANUP @@ -126061,7 +126210,7 @@ index ff1cc93707..c23f1ba891 100644 AT_SETUP([ofproto-dpif - debug_slow action]) OVS_VSWITCHD_START -@@ -7067,13 +7257,28 @@ dnl configure bridge IPFIX and ensure that sample action generation works at the +@@ -7067,13 +7276,28 @@ dnl configure bridge IPFIX and ensure that sample action generation works at the dnl datapath level. AT_SETUP([ofproto-dpif - Bridge IPFIX sanity check]) OVS_VSWITCHD_START @@ -126092,7 +126241,7 @@ index ff1cc93707..c23f1ba891 100644 dnl Send some packets that should be sampled. for i in `seq 1 3`; do AT_CHECK([ovs-appctl netdev-dummy/receive p1 'in_port(1),eth(src=50:54:00:00:00:09,dst=50:54:00:00:00:0a),eth_type(0x0800)']) -@@ -7083,6 +7288,28 @@ flow-dump from the main thread: +@@ -7083,6 +7307,28 @@ flow-dump from the main thread: packets:2, bytes:68, used:0.001s, actions:userspace(pid=0,ipfix(output_port=4294967295)) ]) @@ -126121,7 +126270,7 @@ index ff1cc93707..c23f1ba891 100644 AT_CHECK([ovs-appctl revalidator/purge]) dnl dnl Add a slowpath meter. The userspace action should be metered. -@@ -8134,6 +8361,34 @@ AT_CHECK([sed -n 's/=[[0-9]][[0-9]]\(\.[[0-9]][[0-9]]*\)\{0,1\}s/=?s/p' stdout], +@@ -8134,6 +8380,34 @@ AT_CHECK([sed -n 's/=[[0-9]][[0-9]]\(\.[[0-9]][[0-9]]*\)\{0,1\}s/=?s/p' stdout], OVS_VSWITCHD_STOP AT_CLEANUP @@ -126156,7 +126305,7 @@ index ff1cc93707..c23f1ba891 100644 dnl ---------------------------------------------------------------------- AT_BANNER([ofproto-dpif -- megaflows]) -@@ -8632,6 +8887,29 @@ recirc_id(0),in_port(1),packet_type(ns=0,id=0),eth(dst=50:54:00:00:00:0c),eth_ty +@@ -8632,6 +8906,29 @@ recirc_id(0),in_port(1),packet_type(ns=0,id=0),eth(dst=50:54:00:00:00:0c),eth_ty OVS_VSWITCHD_STOP AT_CLEANUP @@ -126186,7 +126335,7 @@ index ff1cc93707..c23f1ba891 100644 m4_define([OFPROTO_DPIF_MEGAFLOW_DISABLED], [AT_SETUP([ofproto-dpif megaflow - disabled$1]) OVS_VSWITCHD_START([], [], [], [m4_if([$1], [], [], [--dummy-numa="0,0,0,0,1,1,1,1"])]) -@@ -9215,6 +9493,26 @@ OFPST_TABLE reply (OF1.3) (xid=0x2): +@@ -9215,6 +9512,26 @@ OFPST_TABLE reply (OF1.3) (xid=0x2): OVS_VSWITCHD_STOP AT_CLEANUP @@ -126213,7 +126362,7 @@ index ff1cc93707..c23f1ba891 100644 AT_SETUP([ofproto-dpif - ICMPv6]) OVS_VSWITCHD_START add_of_ports br0 1 -@@ -10537,6 +10835,87 @@ dnl +@@ -10537,6 +10854,87 @@ dnl NXT_PACKET_IN (xid=0x0): table_id=1 cookie=0x0 total_len=106 in_port=2 (via action) data_len=106 (unbuffered) udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:0a,dl_dst=50:54:00:00:00:09,nw_src=10.1.1.2,nw_dst=10.1.1.1,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=2,tp_dst=1 udp_csum:553 ]) @@ -126301,7 +126450,7 @@ index ff1cc93707..c23f1ba891 100644 OVS_VSWITCHD_STOP AT_CLEANUP -@@ -10807,6 +11186,23 @@ Megaflow: recirc_id=0x3,eth,ip,in_port=1,nw_frag=no +@@ -10807,6 +11205,23 @@ Megaflow: recirc_id=0x3,eth,ip,in_port=1,nw_frag=no Datapath actions: 4 ]) diff --git a/SPECS/openvswitch2.13.spec b/SPECS/openvswitch2.13.spec index bccac16..61af5e9 100644 --- a/SPECS/openvswitch2.13.spec +++ b/SPECS/openvswitch2.13.spec @@ -59,7 +59,7 @@ Summary: Open vSwitch Group: System Environment/Daemons daemon/database/utilities URL: http://www.openvswitch.org/ Version: 2.13.0 -Release: 209%{?commit0:.%{date}git%{shortcommit0}}%{?commit1:dpdk%{shortcommit1}}%{?dist} +Release: 210%{?commit0:.%{date}git%{shortcommit0}}%{?commit1:dpdk%{shortcommit1}}%{?dist} # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL @@ -715,6 +715,17 @@ exit 0 %endif %changelog +* Wed Jan 04 2023 Open vSwitch CI - 2.13.0-210 +- Merging upstream branch-2.13 [RH git: 3202b9a8cf] + Commit list: + 57c76329ef ci: Fix overriding OPTS provided from the yml. + 27987cf63e Prepare for 2.13.11. + 00d74c0ff0 Set release date for 2.13.10. + 9075265056 hash: Fix compilation error on Fedora 34 with GCC 11 and -O0. + 919ac948ec lldp: Fix bugs when parsing malformed AutoAttach. + 23b2d94433 rculist: Use rculist_back_protected to access prev. + + * Thu Nov 24 2022 Open vSwitch CI - 2.13.0-209 - Merging upstream branch-2.13 [RH git: 1f57897476] Commit list: