import NetworkManager-1.42.2-3.el9_2

i9c changed/i9c/NetworkManager-1.42.2-3.el9_2
MSVSphere Packaging Team 2 years ago
parent 83a37baa08
commit 66192bd073

@ -0,0 +1,138 @@
From 8848568653c686aec4b9edd2deaa630588533b49 Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Thu, 11 May 2023 13:32:13 +0200
Subject: [PATCH] ipv6ll: don't regenerate the address when it's removed
externally
Currently if the IPv6 link-local address is removed after it passed
DAD, NetworkManager tries to generate a new link-local address. If
this fails, which is always the case for EUI64, ipv6ll is considered
as failed and the connection can go down (depending on may-fail).
This is particularly bad for virtual interfaces because if somebody
removes the link-local address, the activation can fail and destroy
the interface, breaking all services that require it. Also, it's a
change in behavior introduced in 1.36.0.
It seems that a better approach here is to re-add the address that was
removed externally.
[bgalvani@redhat.com: since the branch is missing commit 7ca95cee15b3
('platform: always reconfigure IP routes even if removed externally'),
we need to set flag NM_L3CFG_CONFIG_FLAGS_FORCE_ONCE when committing
the address, otherwise it's not re-added]
Fixes: aa070fb82190 ('core: add NML3IPv6LL helper')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1622
(cherry picked from commit 53ba9f4701f30b12637df2c7215a0b7da845b34c)
(cherry picked from commit 2976e4c3b7fcee06051ce83c9a7fa911ad192dc4)
---
src/core/nm-l3-ipv6ll.c | 34 ++++++++++++++++++++++------------
1 file changed, 22 insertions(+), 12 deletions(-)
diff --git a/src/core/nm-l3-ipv6ll.c b/src/core/nm-l3-ipv6ll.c
index 2e2a6a0a5a..0133ebe6dd 100644
--- a/src/core/nm-l3-ipv6ll.c
+++ b/src/core/nm-l3-ipv6ll.c
@@ -391,7 +391,7 @@ _pladdr_find_ll(NML3IPv6LL *self, gboolean *out_cur_addr_failed)
/*****************************************************************************/
static void
-_lladdr_handle_changed(NML3IPv6LL *self)
+_lladdr_handle_changed(NML3IPv6LL *self, gboolean force_commit)
{
const NML3ConfigData *l3cd;
gboolean changed = FALSE;
@@ -420,7 +420,9 @@ _lladdr_handle_changed(NML3IPv6LL *self)
NM_DNS_PRIORITY_DEFAULT_NORMAL,
NM_L3_ACD_DEFEND_TYPE_ALWAYS,
0,
- NM_L3CFG_CONFIG_FLAGS_NONE,
+ /* Even if the address was removed from platform, it must
+ * be re-added, hence FORCE_ONCE. */
+ NM_L3CFG_CONFIG_FLAGS_FORCE_ONCE,
NM_L3_CONFIG_MERGE_FLAGS_NONE))
changed = TRUE;
} else {
@@ -434,7 +436,7 @@ _lladdr_handle_changed(NML3IPv6LL *self)
self->l3cfg_commit_handle,
"ipv6ll");
- if (changed)
+ if (changed || force_commit)
nm_l3cfg_commit_on_idle_schedule(self->l3cfg, NM_L3_CFG_COMMIT_TYPE_AUTO);
if (!self->emit_changed_idle_source) {
@@ -515,6 +517,7 @@ _check(NML3IPv6LL *self)
const NMPlatformIP6Address *pladdr;
char sbuf[INET6_ADDRSTRLEN];
gboolean cur_addr_failed;
+ gboolean restarted = FALSE;
struct in6_addr lladdr;
pladdr = _pladdr_find_ll(self, &cur_addr_failed);
@@ -526,14 +529,14 @@ _check(NML3IPv6LL *self)
if (_set_cur_lladdr_obj(self, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, pladdr)) {
_LOGT("changed: waiting for address %s to complete DAD",
nm_inet6_ntop(&self->cur_lladdr, sbuf));
- _lladdr_handle_changed(self);
+ _lladdr_handle_changed(self, FALSE);
}
return;
}
if (_set_cur_lladdr_obj(self, NM_L3_IPV6LL_STATE_READY, pladdr)) {
_LOGT("changed: address %s is ready", nm_inet6_ntop(&self->cur_lladdr, sbuf));
- _lladdr_handle_changed(self);
+ _lladdr_handle_changed(self, FALSE);
}
return;
}
@@ -543,11 +546,17 @@ _check(NML3IPv6LL *self)
* Prematurely abort DAD to generate a new address below. */
nm_assert(
NM_IN_SET(self->state, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, NM_L3_IPV6LL_STATE_READY));
- if (self->state == NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS)
- _LOGT("changed: address %s did not complete DAD",
- nm_inet6_ntop(&self->cur_lladdr, sbuf));
- else {
+
+ if (cur_addr_failed) {
+ /* On DAD failure, we always try to regenerate a new address. */
+ _LOGT("changed: address %s failed", nm_inet6_ntop(&self->cur_lladdr, sbuf));
+ } else {
_LOGT("changed: address %s is gone", nm_inet6_ntop(&self->cur_lladdr, sbuf));
+ /* When the address is removed, we always try to re-add it. */
+ nm_clear_g_source_inst(&self->wait_for_addr_source);
+ lladdr = self->cur_lladdr;
+ restarted = TRUE;
+ goto commit;
}
/* reset the state here, so that we are sure that the following
@@ -569,18 +578,19 @@ _check(NML3IPv6LL *self)
if (_set_cur_lladdr_bin(self, NM_L3_IPV6LL_STATE_DAD_FAILED, NULL)) {
_LOGW("changed: no IPv6 link local address to retry after Duplicate Address Detection "
"failures (back off)");
- _lladdr_handle_changed(self);
+ _lladdr_handle_changed(self, FALSE);
}
return;
}
+commit:
/* we give NML3Cfg 2 seconds to configure the address on the interface. We
* thus very soon expect to see this address configured (and kernel started DAD).
* If that does not happen within timeout, we assume that this address failed DAD. */
self->wait_for_addr_source = nm_g_timeout_add_source(2000, _wait_for_addr_timeout_cb, self);
- if (_set_cur_lladdr_bin(self, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, &lladdr)) {
+ if (_set_cur_lladdr_bin(self, NM_L3_IPV6LL_STATE_DAD_IN_PROGRESS, &lladdr) || restarted) {
_LOGT("changed: starting DAD for address %s", nm_inet6_ntop(&self->cur_lladdr, sbuf));
- _lladdr_handle_changed(self);
+ _lladdr_handle_changed(self, restarted);
}
return;
}
--
2.39.2

@ -0,0 +1,270 @@
From 0ad139d4f8c49ec1c0e511776fc62c415ec5910c Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 24 May 2023 09:44:59 +0200
Subject: [PATCH 1/2] Revert "infiniband: avoid normalizing the p-key when
reading from ifcfg"
Historically, initscripts' ifup-ib would set the highest bit of
PKEY_ID=. That changed and needs to be restored.
Note that it probably makes little sense to ever configure p-keys
without the highest bit set, because that flag indicates full membership
and kernel will automatically add it. At least, kernel will add the flag
for the p-key, but not for the automatically chosen interface name.
Meaning, writing 0x00f0 to create_child sysctl, results in an interface
"$parent.00f0", but `ip -d link` shows pkey 0x80f0.
As NetworkManager otherwise supports p-keys without the highest bit set,
and since that high bit is honored for the interface name, we cannot
just always add the high bit. NetworkManager always assuming the highest
bit is set, would change the interface names of existing configuration.
With this revert, when a user configures a small p-key and the profile
is stored in ifcfg-rh format, the settings backend will automatically
mangle the profile and set 0x8000. That is different from when the
profile is stored in keyfile format. Since using small p-keys is
probably an odd case, we don't try to workaround that any other way
(like that ifcfg format could represent the orignal value of the profile
and not doing such mangling, or to add the high bit throughout
NetworkManager to the p-key). It's an inconsistency, but given the
existing behaviors it seems best to stick (revert) to it.
This reverts commit a4fe16a426097eee263cb3ef831dcea468b1ca26.
Affected versions were 1.42.2+ and 1.40.2+.
See-also: https://src.fedoraproject.org/rpms/rdma/blob/05333c3602aa3c1d82a6363521bdd5a498eac6d0/f/rdma.ifup-ib#_75
https://bugzilla.redhat.com/show_bug.cgi?id=2209164
(cherry picked from commit f8e5e07355e23b6d59b1b1c9cd2387c6b40b214b)
(cherry picked from commit 76de1b7ec29729af901e7e246387af9fda56f6ac)
---
.../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 18 ++++++
.../plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 57 ++++++++++++++-----
2 files changed, 60 insertions(+), 15 deletions(-)
diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
index aa593331c5..c8150782ec 100644
--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
+++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
@@ -5406,6 +5406,24 @@ parse_infiniband_p_key(shvarFile *ifcfg, int *out_p_key, char **out_parent, GErr
return FALSE;
}
+ /* The highest bit 0x8000 indicates full membership, which kernel always
+ * automatically sets.
+ *
+ * NetworkManager supports p-keys without the high bit set. That affects
+ * the interface name (nmp_utils_new_infiniband_name()) and is what
+ * we write to "create_child"/"delete_child" sysctl. Kernel will honor
+ * such p-keys for the interface name, but for other purposes it adds the
+ * highest bit. That makes using p-keys without the highest bit odd.
+ *
+ * Historically, /etc/sysconfig/network-scripts/ifup-ib would always add "|=0x8000".
+ * The reader does that too.
+ *
+ * Note that this means ifcfg cannot handle p-keys without the highest bit set,
+ * and when trying to store that to ifcfg format, the profile will be mangled/modified
+ * by the ifcg plugin (unlike keyfile backend, which preserves the original p-key value).
+ */
+ id |= 0x8000;
+
*out_p_key = id;
*out_parent = g_steal_pointer(&physdev);
return TRUE;
diff --git a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
index 40ff7c670e..8714f19682 100644
--- a/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
+++ b/src/core/settings/plugins/ifcfg-rh/tests/test-ifcfg-rh.c
@@ -8409,21 +8409,21 @@ test_read_ipoib(void)
s_infiniband = nmtst_connection_assert_setting(connection, NM_TYPE_SETTING_INFINIBAND);
pkey = nm_setting_infiniband_get_p_key(s_infiniband);
- g_assert(pkey);
- g_assert_cmpint(pkey, ==, 12);
+ g_assert_cmpint(pkey, ==, 0x800c);
transport_mode = nm_setting_infiniband_get_transport_mode(s_infiniband);
- g_assert(transport_mode);
g_assert_cmpstr(transport_mode, ==, "connected");
}
static void
test_write_infiniband(gconstpointer test_data)
{
- const int TEST_IDX = GPOINTER_TO_INT(test_data);
- nmtst_auto_unlinkfile char *testfile = NULL;
- gs_unref_object NMConnection *connection = NULL;
- gs_unref_object NMConnection *reread = NULL;
+ const int TEST_IDX = GPOINTER_TO_INT(test_data);
+ nmtst_auto_unlinkfile char *testfile = NULL;
+ gs_unref_object NMConnection *connection = NULL;
+ gs_unref_object NMConnection *expected = NULL;
+ gs_unref_object NMConnection *reread = NULL;
+ gboolean reread_same = FALSE;
NMSettingConnection *s_con;
NMSettingInfiniband *s_infiniband;
NMSettingIPConfig *s_ip4;
@@ -8433,6 +8433,7 @@ test_write_infiniband(gconstpointer test_data)
NMIPAddress *addr;
GError *error = NULL;
const char *interface_name = NULL;
+ int p_key;
connection = nm_simple_connection_new();
@@ -8448,14 +8449,21 @@ test_write_infiniband(gconstpointer test_data)
NM_SETTING_INFINIBAND_SETTING_NAME,
NULL);
- if (NM_IN_SET(TEST_IDX, 1, 3))
- interface_name = "ib0.000c";
+ if (NM_IN_SET(TEST_IDX, 1, 2))
+ p_key = nmtst_get_rand_bool() ? 0x000c : 0x800c;
+ else
+ p_key = -1;
+
+ if (NM_IN_SET(TEST_IDX, 1, 3)) {
+ if (p_key >= 0x8000)
+ interface_name = "ib0.800c";
+ }
g_object_set(s_con, NM_SETTING_CONNECTION_INTERFACE_NAME, interface_name, NULL);
s_infiniband = _nm_connection_new_setting(connection, NM_TYPE_SETTING_INFINIBAND);
g_object_set(s_infiniband, NM_SETTING_INFINIBAND_TRANSPORT_MODE, "connected", NULL);
- if (NM_IN_SET(TEST_IDX, 1, 2)) {
+ if (p_key == -1) {
g_object_set(s_infiniband,
NM_SETTING_INFINIBAND_MAC_ADDRESS,
mac,
@@ -8465,7 +8473,7 @@ test_write_infiniband(gconstpointer test_data)
} else {
g_object_set(s_infiniband,
NM_SETTING_INFINIBAND_P_KEY,
- 12,
+ p_key,
NM_SETTING_INFINIBAND_PARENT,
"ib0",
NULL);
@@ -8494,13 +8502,32 @@ test_write_infiniband(gconstpointer test_data)
nmtst_assert_connection_verifies(connection);
- _writer_new_connection(connection, TEST_SCRATCH_DIR, &testfile);
-
- reread = _connection_from_file(testfile, NULL, TYPE_INFINIBAND, NULL);
+ if (p_key != -1 && p_key < 0x8000) {
+ expected = nm_simple_connection_new_clone(connection);
+ g_object_set(nm_connection_get_setting(expected, NM_TYPE_SETTING_INFINIBAND),
+ NM_SETTING_INFINIBAND_P_KEY,
+ (int) (p_key | 0x8000),
+ NULL);
+ } else
+ expected = g_object_ref(connection);
- nmtst_assert_connection_equals(connection, TRUE, reread, FALSE);
+ _writer_new_connection_reread(connection,
+ TEST_SCRATCH_DIR,
+ &testfile,
+ NO_EXPECTED,
+ &reread,
+ &reread_same);
+ _assert_reread_same(expected, reread);
+ if (p_key == -1 || p_key > 0x8000)
+ g_assert(reread_same);
+ else
+ g_assert(!reread_same);
g_assert_cmpstr(interface_name, ==, nm_connection_get_interface_name(reread));
+ g_assert_cmpint(nm_setting_infiniband_get_p_key(
+ _nm_connection_get_setting(reread, NM_TYPE_SETTING_INFINIBAND)),
+ ==,
+ p_key == -1 ? -1 : (p_key | 0x8000));
}
static void
--
2.38.1
From 13156501fb6f214eccf22fe6b7447dae9b052b8d Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 24 May 2023 10:44:58 +0200
Subject: [PATCH 2/2] libnm/docs: clarify behavior of infiniband.p-key property
(cherry picked from commit ea18e66ef657b55eca941dca3de4949b950e656b)
(cherry picked from commit 2945254e29c58839410127e695e0216763a3dd01)
---
src/libnm-core-impl/nm-setting-infiniband.c | 19 ++++++++++++++++---
src/libnmc-setting/settings-docs.h.in | 2 +-
.../gen-metadata-nm-settings-nmcli.xml.in | 2 +-
3 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/src/libnm-core-impl/nm-setting-infiniband.c b/src/libnm-core-impl/nm-setting-infiniband.c
index 410f1f0687..7ba5720619 100644
--- a/src/libnm-core-impl/nm-setting-infiniband.c
+++ b/src/libnm-core-impl/nm-setting-infiniband.c
@@ -449,9 +449,20 @@ nm_setting_infiniband_class_init(NMSettingInfinibandClass *klass)
* NMSettingInfiniband:p-key:
*
* The InfiniBand P_Key to use for this device. A value of -1 means to use
- * the default P_Key (aka "the P_Key at index 0"). Otherwise, it is a 16-bit
- * unsigned integer, whose high bit is set if it is a "full membership"
- * P_Key.
+ * the default P_Key (aka "the P_Key at index 0"). Otherwise, it is a
+ * 16-bit unsigned integer, whose high bit 0x8000 is set if it is a "full
+ * membership" P_Key. The values 0 and 0x8000 are not allowed.
+ *
+ * With the p-key set, the interface name is always "$parent.$p_key".
+ * Setting "connection.interface-name" to another name is not supported.
+ *
+ * Note that kernel will internally always set the full membership bit,
+ * although the interface name does not reflect that. Thus, not setting
+ * the high bit is probably not useful.
+ *
+ * If the profile is stored in ifcfg-rh format, then the full membership
+ * bit is automatically added. To get consistent behavior, it is
+ * best to only use p-key values with the full membership bit set.
**/
/* ---ifcfg-rh---
* property: p-key
@@ -460,6 +471,8 @@ nm_setting_infiniband_class_init(NMSettingInfinibandClass *klass)
* description: InfiniBand P_Key. The value can be a hex number prefixed with "0x"
* or a decimal number.
* When PKEY_ID is specified, PHYSDEV and DEVICE also must be specified.
+ * Note that ifcfg-rh format will always automatically set the full membership
+ * bit 0x8000. Other p-key cannot be stored.
* example: PKEY=yes PKEY_ID=2 PHYSDEV=mlx4_ib0 DEVICE=mlx4_ib0.8002
* ---end---
*/
diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in
index cd5b231bb9..00532df93c 100644
--- a/src/libnmc-setting/settings-docs.h.in
+++ b/src/libnmc-setting/settings-docs.h.in
@@ -153,7 +153,7 @@
#define DESCRIBE_DOC_NM_SETTING_GSM_USERNAME N_("The username used to authenticate with the network, if required. Many providers do not require a username, or accept any username. But if a username is required, it is specified here.")
#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_MAC_ADDRESS N_("If specified, this connection will only apply to the IPoIB device whose permanent MAC address matches. This property does not change the MAC address of the device (i.e. MAC spoofing).")
#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_MTU N_("If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple frames.")
-#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_P_KEY N_("The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka \"the P_Key at index 0\"). Otherwise, it is a 16-bit unsigned integer, whose high bit is set if it is a \"full membership\" P_Key.")
+#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_P_KEY N_("The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka \"the P_Key at index 0\"). Otherwise, it is a 16-bit unsigned integer, whose high bit 0x8000 is set if it is a \"full membership\" P_Key. The values 0 and 0x8000 are not allowed. With the p-key set, the interface name is always \"$parent.$p_key\". Setting \"connection.interface-name\" to another name is not supported. Note that kernel will internally always set the full membership bit, although the interface name does not reflect that. Thus, not setting the high bit is probably not useful. If the profile is stored in ifcfg-rh format, then the full membership bit is automatically added. To get consistent behavior, it is best to only use p-key values with the full membership bit set.")
#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_PARENT N_("The interface name of the parent device of this device. Normally NULL, but if the \"p_key\" property is set, then you must specify the base device by setting either this property or \"mac-address\".")
#define DESCRIBE_DOC_NM_SETTING_INFINIBAND_TRANSPORT_MODE N_("The IP-over-InfiniBand transport mode. Either \"datagram\" or \"connected\".")
#define DESCRIBE_DOC_NM_SETTING_IP4_CONFIG_ADDRESSES N_("A list of IPv4 addresses and their prefix length. Multiple addresses can be separated by comma. For example \"192.168.1.5/24, 10.1.0.5/24\". The addresses are listed in decreasing priority, meaning the first address will be the primary address.")
diff --git a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
index dfea3c3440..3d2bb5186b 100644
--- a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
+++ b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
@@ -611,7 +611,7 @@
description="The IP-over-InfiniBand transport mode. Either &quot;datagram&quot; or &quot;connected&quot;." />
<property name="p-key"
alias="p-key"
- description="The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka &quot;the P_Key at index 0&quot;). Otherwise, it is a 16-bit unsigned integer, whose high bit is set if it is a &quot;full membership&quot; P_Key." />
+ description="The InfiniBand P_Key to use for this device. A value of -1 means to use the default P_Key (aka &quot;the P_Key at index 0&quot;). Otherwise, it is a 16-bit unsigned integer, whose high bit 0x8000 is set if it is a &quot;full membership&quot; P_Key. The values 0 and 0x8000 are not allowed. With the p-key set, the interface name is always &quot;$parent.$p_key&quot;. Setting &quot;connection.interface-name&quot; to another name is not supported. Note that kernel will internally always set the full membership bit, although the interface name does not reflect that. Thus, not setting the high bit is probably not useful. If the profile is stored in ifcfg-rh format, then the full membership bit is automatically added. To get consistent behavior, it is best to only use p-key values with the full membership bit set." />
<property name="parent"
alias="parent"
description="The interface name of the parent device of this device. Normally NULL, but if the &quot;p_key&quot; property is set, then you must specify the base device by setting either this property or &quot;mac-address&quot;." />
--
2.38.1

@ -6,7 +6,7 @@
%global epoch_version 1
%global real_version 1.42.2
%global rpm_version %{real_version}
%global release_version 1
%global release_version 3
%global snapshot %{nil}
%global git_sha %{nil}
%global bcond_default_debug 0
@ -203,6 +203,8 @@ Source7: readme-ifcfg-rh.txt
# Bugfixes that are only relevant until next rebase of the package.
# Patch1001: 1001-some.patch
Patch1001: 1001-ipv6ll-don-t-regenerate-the-address-when-removed-rh2196441.patch
Patch1002: 1002-Revert-infiniband-avoid-normalizing-the-p-key-rh2209976.patch
Requires(post): systemd
%if 0%{?fedora} || 0%{?rhel} >= 8
@ -1251,6 +1253,12 @@ fi
%changelog
* Mon May 29 2023 Wen Liang <wenliang@redhat.com> - 1:1.42.2-3
- revert "infiniband: avoid normalizing the p-key when reading from ifcfg" (rh #2209976)
* Tue May 23 2023 Beniamino Galvani <bgalvani@redhat.com> - 1:1.42.2-2
- don't fail when the IPv6 link-local address is removed (rh #2196441)
* Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 1.40.0-1
- Rebuilt for MSVSphere 9.1.

Loading…
Cancel
Save