openvswitch/0001-Don-t-change-permissions-of-dev-hugepages.patch

From e54cce931bafa12176989a5d59e3839f1bcfdf0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
Date: Wed, 6 May 2020 16:32:28 +0200
Subject: [PATCH 1/2] Don't change permissions of /dev/hugepages

For SLES/openSUSE, don't change permissions of /dev/hugepages as that is
a system path. Sysadmin shoudl mount hugepages on a path and permission
of his choosing if OVS either manually or via hugeadm.

Updated 2023-02-26 for version 3.1.0

diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
index 6d021618b..71c49dc59 100644
--- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
+++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
@@ -16,10 +16,6 @@ EnvironmentFile=/etc/openvswitch/default.conf
 EnvironmentFile=-/etc/sysconfig/openvswitch
 EnvironmentFile=-/run/openvswitch.useropts
 LimitSTACK=2M
-@begin_dpdk@
-ExecStartPre=-/bin/sh -c '/usr/bin/chown :$${OVS_USER_ID##*:} /dev/hugepages'
-ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages
-@end_dpdk@
 ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
           --no-ovsdb-server --no-monitor --system-id=random \
           ${OVS_USER_OPT} \
Accepting request 802898 from home:jaicaa:branches:network - Update openvswitch to 2.13.0. * For a list of changes, check https://github.com/openvswitch/ovs/blob/v2.13.0/NEWS * This version drops python2 binding support. Only python3 bindings provided going forward. * Tool ovs-vlan-bug-workaround is no longer provided. - OVN was split to its own repo but is still built together with OVS and as such from this same source package. OVN initial version is 20.03. * For a list of changes, check https://github.com/ovn-org/ovn/blob/v20.03.0/NEWS * Packages openvswitch-ovn* are renamed to ovn. OVN now has its own sysconfig and log paths. - Add OVS patch to be proposed upstream: * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch - Patch instead of post-processing configuration files to set running credentials (bsc#1157338): * 0001-Run-openvswitch-as-openvswitch-openvswitch.patch * 0001-Run-ovn-as-openvswitch-openvswitch.patch - Will no longer change group ownership of /dev/hugepages to 'hugetlbfs' (bsc#1140835). System admin should mount hugepages on a path and permissions of his choosing for OVS. Add patch: * 0001-dont-change-permissions-of-dev-hugepages.patch - Will no longer install udev rule to change group ownership of vfio devices to 'hugetlbfs'. Group name does not make much sense in this case and ownership of vfio devices should be coordinated system wide or per device. - Will no longer run under group 'hugetlbfs' on new installs with DPDK enabled. OVS will now run under group 'openvswitch' whether compiled with DPDK support or not. - OVS persistent state is now saved on /var/lib/openvswitch instead of /etc/openvswitch for new installs. OBS-URL: https://build.opensuse.org/request/show/802898 OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=196 2020-05-20 09:45:43 +02:00			`From e54cce931bafa12176989a5d59e3839f1bcfdf0c Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>`
			`Date: Wed, 6 May 2020 16:32:28 +0200`
			`Subject: [PATCH 1/2] Don't change permissions of /dev/hugepages`

			`For SLES/openSUSE, don't change permissions of /dev/hugepages as that is`
			`a system path. Sysadmin shoudl mount hugepages on a path and permission`
			`of his choosing if OVS either manually or via hugeadm.`
Accepting request 1077608 from home:dpitchumani:branches:openSUSE:Factory Description: - Update OVS to version v3.1.0 and OVN to version v23.03.0 Actions: - submit home:dpitchumani:branches:openSUSE:Factory/openvswitch => netowkr/openvswitch Features: - ovs-vswitchd now detects changes in CPU affinity and adjusts the number of handler and revalidator threads if necessary. - AF_XDP: * Added support for building with libxdp and libbpf >= 0.7. * Support for AF_XDP is now enabled by default if all dependencies are available at the build time. Use --disable-afxdp to disable. Use --enable-afxdp to fail the build if dependencies are not present. - ovs-appctl: * "ovs-appctl ofproto/trace" command can now display port names with the "--names" option. - OVSDB-IDL: * Add the support to specify the persistent uuid for row insert in both C and Python IDLs. - Windows: * Conntrack IPv6 fragment support. - DPDK: * Add support for DPDK 22.11.1. - For the QoS max-rate and STP/RSTP path-cost configuration OVS now assumes 10 Gbps link speed by default in case the actual link speed cannot be determined. Previously it was 10 Mbps. Values can still be overridden by specifying 'max-rate' or '[r]stp-path-cost' accordingly. - OpenFlow: * New OpenFlow extension NXT_CT_FLUSH to flush connections matching the specified fields. - ovs-ctl: * New option '--dump-hugepages' to include hugepages in core dumps. This can assist with postmortem analysis involving DPDK, but may also produce significantly larger core dump files. - ovs-dpctl and 'ovs-appctl dpctl/' commands: * 'flush-conntrack' is now capable of handling partial 5-tuple, with additional optional parameter to specify the reply direction. - ovs-ofctl: * New command 'flush-conntrack' that accepts zone and 5-tuple (or partial 5-tuple) for both directions. - Support for travis-ci.org based continuous integration builds has been dropped. - Userspace datapath: * Add '-secs' argument to appctl 'dpif-netdev/pmd-rxq-show' to show the pmd usage of an Rx queue over a configurable time period. * Add new experimental PMD load based sleeping feature. PMD threads can request to sleep up to a user configured 'pmd-maxsleep' value under low load conditions. -For more details, check https://github.com/openvswitch/ovs/blob/v3.1.0/NEWS -Includes secrity fix for CVE-2022-4338 (bsc#1206580) and CVE-2022-4337 (bsc#1206581) - OVN package is not included as new version with API chnages are not yet released. - Removed upstreamed patches, * 0001-Replace-deprecated-var-run-with-run.patch * openvswitch-CVE-2021-36980.patch - Added ovsb tool install patch, * install-ovsdb-tools.patch OBS-URL: https://build.opensuse.org/request/show/1077608 OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=238 2023-04-06 11:47:29 +02:00
			`Updated 2023-02-26 for version 3.1.0`
Accepting request 802898 from home:jaicaa:branches:network - Update openvswitch to 2.13.0. * For a list of changes, check https://github.com/openvswitch/ovs/blob/v2.13.0/NEWS * This version drops python2 binding support. Only python3 bindings provided going forward. * Tool ovs-vlan-bug-workaround is no longer provided. - OVN was split to its own repo but is still built together with OVS and as such from this same source package. OVN initial version is 20.03. * For a list of changes, check https://github.com/ovn-org/ovn/blob/v20.03.0/NEWS * Packages openvswitch-ovn* are renamed to ovn. OVN now has its own sysconfig and log paths. - Add OVS patch to be proposed upstream: * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch - Patch instead of post-processing configuration files to set running credentials (bsc#1157338): * 0001-Run-openvswitch-as-openvswitch-openvswitch.patch * 0001-Run-ovn-as-openvswitch-openvswitch.patch - Will no longer change group ownership of /dev/hugepages to 'hugetlbfs' (bsc#1140835). System admin should mount hugepages on a path and permissions of his choosing for OVS. Add patch: * 0001-dont-change-permissions-of-dev-hugepages.patch - Will no longer install udev rule to change group ownership of vfio devices to 'hugetlbfs'. Group name does not make much sense in this case and ownership of vfio devices should be coordinated system wide or per device. - Will no longer run under group 'hugetlbfs' on new installs with DPDK enabled. OVS will now run under group 'openvswitch' whether compiled with DPDK support or not. - OVS persistent state is now saved on /var/lib/openvswitch instead of /etc/openvswitch for new installs. OBS-URL: https://build.opensuse.org/request/show/802898 OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=196 2020-05-20 09:45:43 +02:00
			`diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in`
Accepting request 1077608 from home:dpitchumani:branches:openSUSE:Factory Description: - Update OVS to version v3.1.0 and OVN to version v23.03.0 Actions: - submit home:dpitchumani:branches:openSUSE:Factory/openvswitch => netowkr/openvswitch Features: - ovs-vswitchd now detects changes in CPU affinity and adjusts the number of handler and revalidator threads if necessary. - AF_XDP: * Added support for building with libxdp and libbpf >= 0.7. * Support for AF_XDP is now enabled by default if all dependencies are available at the build time. Use --disable-afxdp to disable. Use --enable-afxdp to fail the build if dependencies are not present. - ovs-appctl: * "ovs-appctl ofproto/trace" command can now display port names with the "--names" option. - OVSDB-IDL: * Add the support to specify the persistent uuid for row insert in both C and Python IDLs. - Windows: * Conntrack IPv6 fragment support. - DPDK: * Add support for DPDK 22.11.1. - For the QoS max-rate and STP/RSTP path-cost configuration OVS now assumes 10 Gbps link speed by default in case the actual link speed cannot be determined. Previously it was 10 Mbps. Values can still be overridden by specifying 'max-rate' or '[r]stp-path-cost' accordingly. - OpenFlow: * New OpenFlow extension NXT_CT_FLUSH to flush connections matching the specified fields. - ovs-ctl: * New option '--dump-hugepages' to include hugepages in core dumps. This can assist with postmortem analysis involving DPDK, but may also produce significantly larger core dump files. - ovs-dpctl and 'ovs-appctl dpctl/' commands: * 'flush-conntrack' is now capable of handling partial 5-tuple, with additional optional parameter to specify the reply direction. - ovs-ofctl: * New command 'flush-conntrack' that accepts zone and 5-tuple (or partial 5-tuple) for both directions. - Support for travis-ci.org based continuous integration builds has been dropped. - Userspace datapath: * Add '-secs' argument to appctl 'dpif-netdev/pmd-rxq-show' to show the pmd usage of an Rx queue over a configurable time period. * Add new experimental PMD load based sleeping feature. PMD threads can request to sleep up to a user configured 'pmd-maxsleep' value under low load conditions. -For more details, check https://github.com/openvswitch/ovs/blob/v3.1.0/NEWS -Includes secrity fix for CVE-2022-4338 (bsc#1206580) and CVE-2022-4337 (bsc#1206581) - OVN package is not included as new version with API chnages are not yet released. - Removed upstreamed patches, * 0001-Replace-deprecated-var-run-with-run.patch * openvswitch-CVE-2021-36980.patch - Added ovsb tool install patch, * install-ovsdb-tools.patch OBS-URL: https://build.opensuse.org/request/show/1077608 OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=238 2023-04-06 11:47:29 +02:00			`index 6d021618b..71c49dc59 100644`
Accepting request 802898 from home:jaicaa:branches:network - Update openvswitch to 2.13.0. * For a list of changes, check https://github.com/openvswitch/ovs/blob/v2.13.0/NEWS * This version drops python2 binding support. Only python3 bindings provided going forward. * Tool ovs-vlan-bug-workaround is no longer provided. - OVN was split to its own repo but is still built together with OVS and as such from this same source package. OVN initial version is 20.03. * For a list of changes, check https://github.com/ovn-org/ovn/blob/v20.03.0/NEWS * Packages openvswitch-ovn* are renamed to ovn. OVN now has its own sysconfig and log paths. - Add OVS patch to be proposed upstream: * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch - Patch instead of post-processing configuration files to set running credentials (bsc#1157338): * 0001-Run-openvswitch-as-openvswitch-openvswitch.patch * 0001-Run-ovn-as-openvswitch-openvswitch.patch - Will no longer change group ownership of /dev/hugepages to 'hugetlbfs' (bsc#1140835). System admin should mount hugepages on a path and permissions of his choosing for OVS. Add patch: * 0001-dont-change-permissions-of-dev-hugepages.patch - Will no longer install udev rule to change group ownership of vfio devices to 'hugetlbfs'. Group name does not make much sense in this case and ownership of vfio devices should be coordinated system wide or per device. - Will no longer run under group 'hugetlbfs' on new installs with DPDK enabled. OVS will now run under group 'openvswitch' whether compiled with DPDK support or not. - OVS persistent state is now saved on /var/lib/openvswitch instead of /etc/openvswitch for new installs. OBS-URL: https://build.opensuse.org/request/show/802898 OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=196 2020-05-20 09:45:43 +02:00			`--- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in`
			`+++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in`
			`@@ -16,10 +16,6 @@ EnvironmentFile=/etc/openvswitch/default.conf`
			`EnvironmentFile=-/etc/sysconfig/openvswitch`
			`EnvironmentFile=-/run/openvswitch.useropts`
			`LimitSTACK=2M`
			`-@begin_dpdk@`
			`-ExecStartPre=-/bin/sh -c '/usr/bin/chown :$${OVS_USER_ID##*:} /dev/hugepages'`
			`-ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages`
			`-@end_dpdk@`
			`ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \`
			`--no-ovsdb-server --no-monitor --system-id=random \`
			`${OVS_USER_OPT} \`