Russell Bryant [Thu, 7 Apr 2016 15:26:21 +0000 (11:26 -0400)]
ovn-controller: Warn if system-id is missing.
If 'system-id' is missing from the Open_vSwitch database, ovn-controller
will not work. Log a warning if that happens to make it clear that
configuration is incomplete.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ryan Moats <rmoats@us.ibm.com> Acked-by: Ben Pfaff <blp@ovn.org>
Ben Warren [Tue, 5 Apr 2016 01:32:07 +0000 (21:32 -0400)]
Move lib/meta-flow.h to include/openvswitch directory
This commit also moves some bitmap macros into public header files and
adds some #include directives in soure files in order to make the
'meta-flow.h' move possible.
Signed-off-by: Ben Warren <ben@skyportsystems.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Enable support for Stateful Firewall in Hyper-V by adding a Connection
Tracking module. The module has been ported over from the userspace
implementation patch of a similar name.
The current version of the module supports ct - zone, mark and label for
TCP packets. Support for other packet formats will be added in subsequent
patches.
The conntrack-tcp module is adapted from FreeBSD's pf subsystem and hence
the BSD license. It has been ported over to match OVS Hyper-V coding
style.
Signed-off-by: Sairam Venugopal <vsairam@vmware.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Co-Authored-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Nithin Raju <nithin@vmware.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Pfaff [Wed, 13 Apr 2016 05:00:25 +0000 (22:00 -0700)]
ofp-actions: Make ofpact_finish() harder to misuse.
It's pretty easy to forget to update the pointer to an ofpact when
finishing it. This commit forces the caller to pass a pointer-to-pointer
instead, and uses that to automatically update the pointer. There still
could be cases that retain other pointers into the ofpbuf, but I imagine
that this is harder to misuse.
Suggested-by: Joe Stringer <joe@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Joe Stringer <joe@ovn.org>
Ben Pfaff [Tue, 12 Apr 2016 01:48:38 +0000 (18:48 -0700)]
ovn-controller: Introduce helpers for looking up datapaths.
The new helpers get_local_datapath() and get_patched_datapath() make code
a little shorter and easier to read. They also avoid a pitfall that was
present in at least a few of the instances: CONTAINER_OF is not safe on a
null pointer, because it does a raw pointer subtraction and will change
NULL to something else. This wasn't actually a problem in these particular
cases because the value it was subtracting was zero (although arguably it
is still undefined behavior because the compiler is allowed to assume that
a pointer on which arithmetic is performed is nonnull).
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Russell Bryant <russell@ovn.org>
Ben Pfaff [Tue, 12 Apr 2016 01:48:37 +0000 (18:48 -0700)]
physical: Add local vars to make physical_run() easier to understand.
'binding->datapath->tunnel_key' and 'binding->tunnel_key' were used
repeatedly and in my opinion having local variables for each of these
makes the code a little easier to understand.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Russell Bryant <russell@ovn.org>
Ben Pfaff [Sat, 2 Apr 2016 16:46:30 +0000 (09:46 -0700)]
ovsdb: Force columns that contain weak references to be immutable.
An immutable weak reference is a hole in the constraint system: if
referenced rows are deleted, then the weak reference needs to change.
Therefore, force columsn that contain weak references to be mutable.
Reported-by: "Elluru, Krishna Mohan" <elluru.kri.mohan@hpe.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Ryan Moats <rmoats@us.ibm.com>
The following command on ubuntu 12.04, 14.04 and CentOS 7.x
returns null:
expr "mtu 1500" : '.*mtu \([0-9]+\)'
But the following works correctly:
expr "mtu 1500" : '.*mtu \([0-9]\+\)'
I am not sure about the portability implications as there
seems to be very sparse documentation about this but
this fixes a bug in 2 of the most popular distributions.
Ben Pfaff [Fri, 1 Apr 2016 04:54:03 +0000 (21:54 -0700)]
SECURITY.md: Increase embargo period from 3-5 to 10-15 business days.
When we recently ran a genuine vulnerability through this process, we
discovered that 3-5 days was far too short. The business processes behind
releasing fixed versions of software at companies that use Open vSwitch
cannot cope with such rapid turnaround, due e.g. to QA and other processes.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Ryan Moats <rmoats@us.ibm.com> Acked-by: Flavio Leitner <fbl@redhat.com>
Hot add CPU is the ability to dynamically add CPUs to a running
system. Adding CPUs can occur physically by adding new hardware,
logically by online hardware partitioning, or virtually through
a virtualization layer.
This patch add support to reallocate any per-cpu resources, in
case a new processor is added.
Joe Stringer [Thu, 7 Apr 2016 17:49:15 +0000 (10:49 -0700)]
checkpatch: Don't enforce char limit on tests.
Although tests ideally also stick to shorter line lengths, it is very
common for fixed text blocks like flows or large packets to be specified
within tests. Checkpatch shouldn't complain about cases like these.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Russell Bryant <russell@ovn.org> Tested-by: Aaron Conole <aconole@redhat.com>
dpif-netdev: Proper error handling in do_add_port().
This fixes multiple error path mistakes in do_add_port, none of which
has been a problem in practice so far. This change will make it easier
for a following commit to return in case of error.
Also, this removes an unneeded special case for tunnel ports.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Tested-by: Ilya Maximets <i.maximets@samsung.com> Acked-by: Ilya Maximets <i.maximets@samsung.com> Acked-by: Mark Kavanagh <mark.b.kavanagh@intel.com>
Joe Stringer [Wed, 6 Apr 2016 22:07:49 +0000 (15:07 -0700)]
system-traffic: Fix packet-in format for tests.
Since continuations were introduced, the system-traffic tests which use
OpenFlow monitors to check the results of datapath execution have been
failing, because the new PACKET_IN2 format is used rather than
PACKET_IN. Switch the expected output over to PACKET_IN2.
Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
ovn-docker: Update overlay mode for new tcp ports.
There were changes made recently wherein 2 ovsdb-server is
started for northbound and southbound databases with tcp ports
6641 and 6642. This breaks Docker integration. This commit
fixes it.
Signed-off-by: Gurucharan Shetty <guru@ovn.org> Acked-by: Russell Bryant <russell@ovn.org>
William Tu [Wed, 6 Apr 2016 23:28:51 +0000 (16:28 -0700)]
dp-packet: Fix use of uninitialised value at emc_lookup.
Valgrind reports "Conditional jump or move depends on uninitialised value"
and "Use of uninitialised value" at case 2016 ovn -- 3 HVs, 1 LS, 3
lports/HV. It is caused by 1) assigning an uninitialized value to 'key->hash'
at emc_processing(). Due to uninit rss_hash_valid, dp_packet_rss_valid() might
return true and undefined hash value is returned, and 2) at emc_lookup, the
'current_entry->key.hash' could be uninitialized due to dp_packet_clone().
The patch fixes the two and as a result, a couple of calls to
dp_packet_rss_invalidate() become redundant and thus are removed.
Call stacks:
- Connditional jump or move depends on uninitialised value(s)
dpif_netdev_packet_get_rss_hash (dpif-netdev.c:3334)
emc_processing (dpif-netdev.c:3455)
dp_netdev_input__ (dpif-netdev.c:3639)
and,
- Use of uninitialised value of size 8
emc_lookup (dpif-netdev.c:1785)
emc_processing (dpif-netdev.c:3457)
dp_netdev_input__ (dpif-netdev.c:3639)
Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
dpif-netdev: report numa node number on pmd thread create failure
Since PMD threads are placed on the NUMA node of the port regardless
of a possible pmd-cpu-mask setting, this can lead to a somewhat
confusing "out of unpinned cores" message - there might be plenty
of available cores in the mask but they cannot be used if the port
is on different NUMA node than the cores. Report the NUMA node
number to help diagnosing the issue.
1. Currently, the ovn-nb man page says that the 'peer'
in a logical_router_port table should point to the name
of the peer's logical router port. But the schema had declared
this column as a uuid. This looks not to be the intention as peers
for logical switches connected to routers is a name (and not a uuid).
So this patch changes the schema to be name.
2. In the southbound database, in the port_binding table, for a
logical_router_port, the peer was pointing back to itself. This
was causing ovn-controller to create patch ports where the peer
was wrongly pointing back to the source itself. This clearly looks
to be an error. So this patch fixes the peer in southbound database
to correclty point to the real peer.
3. ovn-northd.c currently skips generating logical flows to transfer
packets between two peers with comment about needing 'ARP for
neighboring routers'. It looked to me that since the router peer
is a logical object that has to be created in OVN-NB database, we
always need to statically assign the mac address. So this patch
picks the mac address from the database.
Signed-off-by: Gurucharan Shetty <guru@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org> Acked-by: Ryan Moats <rmoats@us.ibm.com>
Fixes: 31491a53116a ("ovn-ctl: Rationalize arguments.") Signed-off-by: RYAN D. MOATS <rmoats@us.ibm.com> Signed-off-by: Russell Bryant <russell@ovn.org>
Ben Pfaff [Thu, 31 Mar 2016 20:01:31 +0000 (13:01 -0700)]
ovsdb: Use previous snapshot size as an additional factor for compaction.
Until now, the minimum database size before automatically compacting has
been 10 MB, regardless of the inherent size of the data in the database.
A couple of people have pointed out that this won't scale well to larger
databases. This commit changes this criterion to 4 times the previously
compacted size of the database, with 10 MB as a minimum.
The 4x factor is suggested by Diego Ongaro's thesis, "Consensus: Bridging
Theory and Practice", section 5.1.2 "When to snapshot".
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Justin Pettit <jpettit@ovn.org>
Ben Pfaff [Fri, 1 Apr 2016 04:18:24 +0000 (21:18 -0700)]
util: Remove va_copy() implementation.
This was here to help out older compilers that do not include va_copy(),
which was new in C99. All the compilers we care about these days (GCC,
Clang, MSVC) do support va_copy(), so remove it.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Russell Bryant <russell@ovn.org>
Sairam Venugopal [Thu, 31 Mar 2016 23:46:33 +0000 (16:46 -0700)]
datapath-windows: Update flow lookup to support RecircId and DpHash
Update the OvsLookupFlow to include RecircId and DpHash in its flow
comparison. Revert the keyLen related changes until they are aligned
appropriately.
Signed-off-by: Sairam Venugopal <vsairam@vmware.com> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Acked-by: Nithin Raju <nithin@vmware.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Sairam Venugopal [Wed, 30 Mar 2016 00:43:47 +0000 (17:43 -0700)]
datapath-windows: Update Recirculation to use portId instead of portNo
Fix OvsDoRecirc to use the right PortId when there is a flow miss. This is
used to determine if a packet is received or transmitted by comparing
against the virtualExternalPortId.
RYAN D. MOATS [Thu, 31 Mar 2016 13:52:28 +0000 (08:52 -0500)]
ovn-ctl: Rationalize arguments.
Define OVN_NB_ADDR and OVN_SB_ADDR to hold IP address rather
than overload OVN_NB_PORT and OVN_SB_PORT. Also define
OVN_NORTHD_LOGFILE to avoid overloading OVN_NORTHD_LOG.
Signed-off-by: RYAN D. MOATS <rmoats@us.ibm.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Aaron Conole [Thu, 31 Mar 2016 14:45:35 +0000 (10:45 -0400)]
checkpatch.py: A simple script for finding patch issues
Most projects have a checkpatch facility, which can be used as a pre-commit
sanity check. This introduces such a mechanism to the Open vSwitch project
to catch some of the more silly formatting mistakes which can occur. It is
not meant to replace good code review practices, but it can help eliminate
the silly code review issues which get added.
Suggested-by: Mauricio Vásquez <mauricio.vasquezbernal@studenti.polito.it> Signed-off-by: Aaron Conole <aconole@redhat.com>
[blp@ovn.org adjusted long line threshold and treatment of terminal] Signed-off-by: Ben Pfaff <blp@ovn.org>
Huang Lei [Thu, 31 Mar 2016 07:37:56 +0000 (15:37 +0800)]
ovn-controller: Optimize lex_token memory usage.
During our scalability test '2k HVs + 20k lports' we found that lexer is a
major user of heap memory:
- 5.22% ovn-controller libjemalloc.so.1 [.] free
- free
+ 27.46% lexer_get
+ 18.00% ofctrl_put
...
- 1.85% ovn-controller libjemalloc.so.1 [.] malloc
- malloc
- xmalloc
- 55.03% xmemdup0
- 90.58% lex_parse_id.isra.0
- lexer_get
...
So lex_token is modified to usage a 'buffer' defined in it for tokens smaller
than 256 bytes, and for tokens bigger than 256 bytes it turn to use heap
memory. This change makes our test case run at least 10% faster.
Tested with 'ovn -- lexer' case.
Signed-off-by: Huang Lei <lhuang8@ebay.com>
[blp@ovn.org tweaked many details] Signed-off-by: Ben Pfaff <blp@ovn.org>
Lance Richardson [Thu, 31 Mar 2016 13:52:22 +0000 (09:52 -0400)]
tests: Fix *bsd failure in OVS_APP_EXIT_AND_WAIT.
When using the default user shell in FreeBSD and NetBSD and executing
a test in which the app name parameter to OVS_APP_EXIT_AND_WAIT
contains backticks (e.g. "`pwd`/unixctl"), TMPPID expands to:
Ben Pfaff [Thu, 31 Mar 2016 03:11:44 +0000 (20:11 -0700)]
ovsdb: Improve error message from ovsdb_log_open() open failure.
Previously, error messages ended up looking like:
ovsdb-tool: I/O error: create: $DBFILE failed (File exists)
which is hard to understand. This commit changes them to:
ovsdb-tool: I/O error: $DBFILE: create failed (File exists)
which makes more sense.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Russell Bryant <russell@ovn.org>
Russell Bryant [Tue, 29 Mar 2016 23:47:58 +0000 (16:47 -0700)]
ovn: Minor refactoring.
This commit applies a minor restructuring of this code to put the
localnet port specific code in its own block. This is mostly to make a
future patch easier to read.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Add a external-id 'ovn-remote-probe-interval' for setting the activity probe
interval of the json session from ovn-controller to the OVN southbound database.
Signed-off-by: Huang Lei <lhuang8@ebay.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
netdev: Verify ifa_addr is not NULL when iterating over getifaddrs.
Some point-to-point devices like TUN devices will not have an address, and while
iterating over ifaddrs, its ifa_addr will be NULL. This patch fixes a crash when
starting ovs-vswitchd on a system with such a device.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@redhat.com> Fixes: a8704b502785 ("tunneling: Handle multiple ip address for given device.") Cc: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: Ben Pfaff <blp@ovn.org>
László Sürü [Thu, 24 Mar 2016 16:14:01 +0000 (16:14 +0000)]
ofp-util: Fix indirect group delete message with no buckets.
Using OpenFlow v1.3.5 and onwards OVS 2.5.0 returns OFPGMFC_INVALID_GROUP
error when an INDIRECT type of group deletion requested, although the
delete message is according to OpenFlow v1.3.5 standard.
The reason is the conflicting protocol check in Open vSwitch's OpenFlow
termination, that is the indirect group delete command is once checked not
to include any bucket - as described in standard, and secondly checked to
include exactly one bucket - as also mandatory for indirect groups.
This error is not seen in the OVS internal make time verification (make check),
as ovs-ofctl CLI tool does not accept group type as command argument.
Therefore indirect group delete works, although internally it is converted into
ALL group type.
The fix is simply to ignore the mandatory single bucket check in case of
indirect group delete. On the other hand the check is still executed in case
of group addition or modification.
Moreover to this it is planned to extend 'ovs-ofctl del-groups' arguments with
a group 'type' as well to for test purposes.
Signed-off-by: László Sűrű <laszlo.suru@ericsson.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Han Zhou [Tue, 29 Mar 2016 23:55:11 +0000 (16:55 -0700)]
ovn-controller: Loopback prevention flows for local ports only.
Currently in physical_run() we added per-port loopback prevention
flows for all lports. The flows are actually required only for
local ports on the chassis. This change greatly reduces number of
flows in table 34.
Signed-off-by: Han Zhou <zhouhan@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Han Zhou [Tue, 29 Mar 2016 19:26:18 +0000 (12:26 -0700)]
ovn-controller: Optimize processing for non-local datapath without patch ports.
For non-local datapaths, if there are no patch ports attached, it
means the lflows and port bindings would never be needed on the
Chassis. Since lflow_run() and physical_run() are the bottlenecks,
skipping the processing for such lflows and port bindings can save
significant amount of CPU, at the same time largely reduce the
number of rules in local openflow tables. This is specifically
useful when most of the lswitches are created for bridged networks,
where logical router is not used.
Test precondition:
2k hypervisors, 20k lports, 200 lswitches (each with a localnet
port).
Test case:
step1: add 50 hypervisors (simulated on 1 BM with 40 cores), and
wait for flow updates complete on all new hypervisors.
step2: create a lswitch and a localnet port, create and bind 100
lports evenly on these hypervisors. Repeat this 5 times.
Before the change:
Step1 took around 20 minutes.
Step2 took 936 seconds.
After the change:
Step1 took less than 1 minute: 20x faster.
Step2 took 464 seconds: 2x faster.
Signed-off-by: Han Zhou <zhouhan@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Ben Warren [Fri, 25 Mar 2016 21:10:20 +0000 (14:10 -0700)]
list: Move contents of lib/list.h to include/openvswitch directory.
Most of the list code is properly namespaced, so is OK to move to the
global export directory. Some "lib/util.h" code had to move to the
other directory as well, but I've tried to make that as small as
possible
Signed-off-by: Ben Warren <ben@skyportsystems.com> Acked-by: Ryan Moats <rmoats@us.ibm.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
INSTALL.md: Explain the effect of using different configure options.
Over the years, I have seen multiple users inadvertantly end up with 2 copies
of OVS executables in their filesystem. In all the cases, it was because of
using different configure options while installing a new version of
Open vSwitch.
Signed-off-by: Gurucharan Shetty <guru@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Joe Stringer [Mon, 7 Mar 2016 23:36:37 +0000 (15:36 -0800)]
ofp-actions: Fix use-after-free with ofpact_finish().
ofpact_finish() may now reallocate the buffer it is passed, but not all
callers updated their local pointers to the current action in the
buffer. This could potentially lead to several use-after-free bugs.
Update ofpact_finish() to return the new pointer to the ofpact which is
provided, and update the calling points to ensure that their local
pointers are pointing into the correct (potentially reallocated) buffer.
Fixes: 2bd318dec242 ("ofp-actions: Make composing actions harder to screw up.") Reported-by: William Tu <u9012063@gmail.com> Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org> Acked-by: Ryan Moats <rmoats@us.ibm.com>
Joe Stringer [Mon, 7 Mar 2016 19:31:02 +0000 (11:31 -0800)]
nx-match: Fix use-after-free parsing matches.
Address pointed by header_ptr might be free'd due to realloc
happened in ofpbuf_put_hex(). Reported by valgrind in the test
379: check TCP flags expression in OXM and NXM.
Invalid write of size 4
nx_match_from_string_raw (nx-match.c:1510)
nx_match_from_string (nx-match.c:1538)
ofctl_parse_nxm__ (ovs-ofctl.c:3325)
ovs_cmdl_run_command (command-line.c:121)
main (ovs-ofctl.c:137)
Address 0x7a2cc40 is 0 bytes inside a block of size 64 free'd
free (vg_replace_malloc.c:530)
ofpbuf_resize__ (ofpbuf.c:246)
ofpbuf_put (ofpbuf.c:386)
ofpbuf_put_hex (ofpbuf.c:414)
nx_match_from_string_raw (nx-match.c:1488)
nx_match_from_string (nx-match.c:1538)
ofctl_parse_nxm__ (ovs-ofctl.c:3325)
Reported-by: William Tu <u9012063@gmail.com> Signed-off-by: Joe Stringer <joe@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Ilya Maximets [Tue, 29 Mar 2016 06:20:41 +0000 (09:20 +0300)]
netdev-dpdk: vhost: Fix txq enabling in the absence of notifications.
According to QEMU documentation (docs/specs/vhost-user.txt) one queue
should be enabled initially. More queues are enabled dynamically, by
sending message VHOST_USER_SET_VRING_ENABLE.
Currently all queues in OVS disabled by default. This breaks above
specification. So, queue #0 should be enabled by default to support
QEMU versions less than 2.5 and fix probable issues if QEMU will not
send VHOST_USER_SET_VRING_ENABLE for queue #0 according to documentation.
Also this will fix currently broken vhost-cuse support in OVS.
Fixes: 585a5beaa2a4 ("netdev-dpdk: vhost-user: Fix sending packets to
queues not enabled by guest.") Reported-by: Mauricio Vasquez B <mauricio.vasquezbernal@studenti.polito.it> Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Acked-by: Flavio Leitner <fbl@sysclose.org> Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
Ilya Maximets [Fri, 4 Mar 2016 05:31:56 +0000 (08:31 +0300)]
system-traffic.at: Skip tests if namespaces or veths aren't supported.
This prevents failure of test scenarios 'make check-kernel'
and 'make check-system-userspace' if creation of veth pairs or
network namespaces is not supported by kernel (or module isn't loaded).
Signed-off-by: Ilya Maximets <i.maximets@samsung.com> Signed-off-by: Joe Stringer <joe@ovn.org>
Russell Bryant [Mon, 28 Mar 2016 19:10:21 +0000 (15:10 -0400)]
ovn: Add ovn-bridge-mappings to Chassis external_ids.
Publish ovn-controller's local bridge mappings configuration
in the external_ids column of the Chassis table. Having this
information available for reading is useful to applications
integrating with OVN.
Signed-off-by: Russell Bryant <russell@ovn.org> Acked-by: Ben Pfaff <blp@ovn.org>
Russell Bryant [Fri, 25 Mar 2016 00:03:01 +0000 (20:03 -0400)]
debian: Ship ovn-[ns]b man pages in ovn-common.
Move ovn-nb and ovn-sb man pages to ovn-common so that the man pages for
these DB schemas are always available with the corresponding command
line utilities, ovn-nbctl and ovn-sbctl.
Signed-off-by: Russell Bryant <russell@ovn.org> Tested-by: Simon Horman <simon.horman@netronome.com> Acked-by: Gurucharan Shetty <guru@ovn.org>
Ben Pfaff [Tue, 29 Mar 2016 02:40:53 +0000 (19:40 -0700)]
AUTHORS: Add Bhargava Shastry and Kashyap Thimmaraju.
Bhargava and Kashyap reported vulnerability CVE-2016-2074, which was
present only on the branches for 2.3 and 2.4 and thus did not require any
commits on master. They still deserve credit as bug reporters, so this
commit provides that.
Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Ryan Moats <rmoats@us.ibm.com>
ovs-thread: Do not always end quiescent state in ovs_thread_create().
A new thread must be started in a non quiescent state. There is a call
to ovsrcu_quiesce_end() in ovsthread_wrapper(), to enforce this.
ovs_thread_create(), instead, is executed in the parent thread. It must
call ovsrcu_quiesce_end() on its first invocation, to put the main
thread in a non quiescent state. On every other invocation, it doesn't
make sense to alter the calling thread state, so this commits wraps the
call to ovsrcu_quiesce_end() in an ovsthread_once construct.
This fixes a bug in ovs-rcu where the first call in the process to
ovsrcu_quiesce_start() will not be honored, because the calling thread
will need to create the 'urcu' thread (and creating a thread will
wrongly end its quiescent state).
ovsrcu_quiesce_start()
ovs_rcu_quiesced()
if (ovsthread_once_start(&once)) {
ovs_thread_create("urcu") /*This will end the quiescent state*/
}
This bug affects in particular ovs-vswitchd with DPDK.
In the DPDK case the first threads created are "vhost_thread" and
"dpdk_watchdog". If dpdk_watchdog is the first to call
ovsrcu_quiesce_start() (via xsleep()), the call is not honored and
the RCU grace period lasts at least for DPDK_PORT_WATCHDOG_INTERVAL
(5s on current master). If vhost_thread, on the other hand, is the
first to call ovsrcu_quiesce_start(), the call is not honored and the
RCU grace period lasts undefinitely, because no more calls to
ovsrcu_quiesce_start() are issued from vhost_thread.
For some reason (it's a race condition after all), on current master,
dpdk_watchdog will always be the first to call ovsrcu_quiesce_start(),
but with the upcoming DPDK database configuration changes, sometimes
vhost_thread will issue the first call to ovsrcu_quiesce_start().
Sample ovs-vswitchd.log:
2016-03-23T22:34:28.532Z|00004|ovs_rcu(urcu3)|WARN|blocked 8000 ms
waiting for vhost_thread2 to quiesce
2016-03-23T22:34:30.501Z|00118|ovs_rcu|WARN|blocked 8000 ms waiting for
vhost_thread2 to quiesce
2016-03-23T22:34:36.532Z|00005|ovs_rcu(urcu3)|WARN|blocked 16000 ms
waiting for vhost_thread2 to quiesce
2016-03-23T22:34:38.501Z|00119|ovs_rcu|WARN|blocked 16000 ms waiting for
vhost_thread2 to quiesce
The commit also adds a test for the ovs-rcu module to make sure that:
* A new thread is started in a non quiescent state.
* The first call to ovsrcu_quiesce_start() is honored.
* When a process becomes multithreaded the main thread is put in an
active state
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com> Acked-by: Ben Pfaff <blp@ovn.org>
Sorin Vinturis [Fri, 25 Mar 2016 15:56:01 +0000 (15:56 +0000)]
datapath-windows: Revert unrelated change to ovs-atomic.h
There was an unwanted change to ovs-atomic.h header made by the
recirculation patch, ee25964a60c6b2c6e60a4c5fbfc9e90cf304f970 commit.
This patch reverts that change.
Aaron Conole [Thu, 24 Mar 2016 17:42:29 +0000 (13:42 -0400)]
ovs-ctl: Allow selective start for db and switch
Currently, ``ovs-ctl start'' will attempt to start both the DB and
vswitchd. This is quite convenient when the database already has all of
the configuration values required, and when using a single services file
for systemd integration. The same goes for the ``ovs-ctl stop'' command.
However, there are some cases which are not easily covered. The case
where we want to set values in the database prior to starting the
forwarding path, as well as the case of supporting multiple service
files, one per daemon (which is how systemd expects services to look).
Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
Russell Bryant [Fri, 25 Mar 2016 00:38:07 +0000 (00:38 +0000)]
ovn: Get hostname from ovs external-ids.
A previous commit updated ovs-ctl to store the system's hostname as an
external-id in the Open_vSwitch table by default. Make ovn-controller
read this by default and fall back to gethostname() only if needed.
projects / mirror_ovs.git / log