diff --git a/SOURCES/1009-core-prevent-the-activation-of-unavailable-devices-rhel-78745.patch b/SOURCES/1009-core-prevent-the-activation-of-unavailable-devices-rhel-78745.patch new file mode 100644 index 0000000..e556257 --- /dev/null +++ b/SOURCES/1009-core-prevent-the-activation-of-unavailable-devices-rhel-78745.patch @@ -0,0 +1,120 @@ +From a12b1dfdb0393687ae0fc505c57c76de2907209c Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Mon, 10 Feb 2025 15:15:18 +0100 +Subject: [PATCH 1/2] core: cleanup nm_manager_get_best_device_for_connection() + +Rename "unavailable_devices" to "exclude_devices", as the +"unavailable" term has a specific, different meaning in NetworkManager +(i.e. the device is in the UNAVAILABLE state). Also, use +nm_g_hash_table_contains() when needed. + +(cherry picked from commit 6c1eb99d3258ac8cf969cb648a988565c205a205) +(cherry picked from commit da866c4cda996b14d5ea8c3540c8ba0d5d798e9a) +(cherry picked from commit 0045a0240cb64814126dc0f7adbcbaee9aca3b54) +--- + src/core/nm-manager.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c +index a673279712..cd79653078 100644 +--- a/src/core/nm-manager.c ++++ b/src/core/nm-manager.c +@@ -4536,7 +4536,7 @@ nm_manager_get_best_device_for_connection(NMManager *self, + NMSettingsConnection *sett_conn, + NMConnection *connection, + gboolean for_user_request, +- GHashTable *unavailable_devices, ++ GHashTable *exclude_devices, + GError **error) + { + NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE(self); +@@ -4619,7 +4619,7 @@ nm_manager_get_best_device_for_connection(NMManager *self, + + ac_device = nm_active_connection_get_device(ac); + if (ac_device +- && ((unavailable_devices && g_hash_table_contains(unavailable_devices, ac_device)) ++ && (nm_g_hash_table_contains(exclude_devices, ac_device) + || !nm_device_check_connection_available(ac_device, connection, flags, NULL, NULL))) + ac_device = NULL; + +@@ -4635,9 +4635,7 @@ nm_manager_get_best_device_for_connection(NMManager *self, + NMDevice *ac_device2 = nm_active_connection_get_device(ac2); + NMActiveConnectionState ac_state2; + +- if (!ac_device2 +- || (unavailable_devices +- && g_hash_table_contains(unavailable_devices, ac_device2)) ++ if (!ac_device2 || nm_g_hash_table_contains(exclude_devices, ac_device2) + || !nm_device_check_connection_available(ac_device2, + connection, + flags, +@@ -4698,7 +4696,7 @@ found_better: + GError *local = NULL; + DeviceActivationPrio prio; + +- if (unavailable_devices && g_hash_table_contains(unavailable_devices, device)) ++ if (nm_g_hash_table_contains(exclude_devices, device)) + continue; + + /* determine the priority of this device. Currently, this priority is independent +-- +2.48.1 + + +From 00a4e1cc0495e13ac72d0df82792654168e92781 Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani +Date: Mon, 10 Feb 2025 15:27:43 +0100 +Subject: [PATCH 2/2] core: prevent the activation of unavailable devices + +When autoconnecting ports of a controller, we look for all candidate +(device,connection) tuples through the following call trace: + + -> autoconnect_ports() + -> find_ports() + -> nm_manager_get_best_device_for_connection() + -> nm_device_check_connection_available() + -> _nm_device_check_connection_available() + +The last function checks that a specific device is available to be +activated with the given connection. For virtual devices, it only +checks that the device is compatible with the connection based on the +device type and characteristics, without considering any live network +information. + +For OVS interfaces, this doesn't work as expected. During startup, NM +performs a cleanup of the ovsdb to remove entries that were previously +added by NM. When the cleanup is terminated, NMOvsdb sets the "ready" +flag and is ready to start the activation of new OVS interfaces. With +the current mechanism, it is possible that a OVS-interface connection +gets activated via the autoconnect-ports mechanism without checking +the "ready" flag. + +Fix that by also checking that the device is available for activation. + +(cherry picked from commit 774badb1519a76fb3b7c0f60cf46ee5ea25bce69) +(cherry picked from commit f459c7fecce8445515d052b5b48f10d808e97fff) +(cherry picked from commit b495d6bd55f4068596d380ce81614eb3d86943a3) +--- + src/core/nm-manager.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c +index cd79653078..36b8bda0f5 100644 +--- a/src/core/nm-manager.c ++++ b/src/core/nm-manager.c +@@ -4699,6 +4699,12 @@ found_better: + if (nm_g_hash_table_contains(exclude_devices, device)) + continue; + ++ if (!nm_device_is_available(device, ++ for_user_request ++ ? NM_DEVICE_CHECK_DEV_AVAILABLE_FOR_USER_REQUEST ++ : NM_DEVICE_CHECK_DEV_AVAILABLE_NONE)) ++ continue; ++ + /* determine the priority of this device. Currently, this priority is independent + * of the profile (connection) and the device's details (aside the state). + * +-- +2.48.1 + diff --git a/SOURCES/1010-fix-nmtui-segfault-adding-veth-rhel-75763.patch b/SOURCES/1010-fix-nmtui-segfault-adding-veth-rhel-75763.patch new file mode 100644 index 0000000..00e47fa --- /dev/null +++ b/SOURCES/1010-fix-nmtui-segfault-adding-veth-rhel-75763.patch @@ -0,0 +1,242 @@ +From dd50a5199f1661c9d2226d8d5c01b0b485a9bc86 Mon Sep 17 00:00:00 2001 +From: Jan Vaclav +Date: Wed, 15 May 2024 12:57:41 +0200 +Subject: [PATCH 1/2] nmtui: add veth page + +https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1943 +(cherry picked from commit 187ff4c73b9ae1c3c020bd999633306b09eabead) +--- + Makefile.am | 2 + + src/nmtui/meson.build | 1 + + src/nmtui/nmt-editor.c | 3 ++ + src/nmtui/nmt-page-veth.c | 92 +++++++++++++++++++++++++++++++++++++++ + src/nmtui/nmt-page-veth.h | 32 ++++++++++++++ + 5 files changed, 130 insertions(+) + create mode 100644 src/nmtui/nmt-page-veth.c + create mode 100644 src/nmtui/nmt-page-veth.h + +diff --git a/Makefile.am b/Makefile.am +index a0daa95314..ee92a1de53 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -5304,6 +5304,8 @@ src_nmtui_nmtui_SOURCES = \ + src/nmtui/nmt-page-team-port.h \ + src/nmtui/nmt-page-team.c \ + src/nmtui/nmt-page-team.h \ ++ src/nmtui/nmt-page-veth.c \ ++ src/nmtui/nmt-page-veth.h \ + src/nmtui/nmt-page-vlan.c \ + src/nmtui/nmt-page-vlan.h \ + src/nmtui/nmt-page-wifi.c \ +diff --git a/src/nmtui/meson.build b/src/nmtui/meson.build +index 13aa864750..eecfaa9927 100644 +--- a/src/nmtui/meson.build ++++ b/src/nmtui/meson.build +@@ -32,6 +32,7 @@ executable( + 'nmt-page-ppp.c', + 'nmt-page-team.c', + 'nmt-page-team-port.c', ++ 'nmt-page-veth.c', + 'nmt-page-vlan.c', + 'nmt-page-wifi.c', + 'nmt-page-wireguard.c', +diff --git a/src/nmtui/nmt-editor.c b/src/nmtui/nmt-editor.c +index 6e502778d1..6205736a78 100644 +--- a/src/nmtui/nmt-editor.c ++++ b/src/nmtui/nmt-editor.c +@@ -39,6 +39,7 @@ + #include "nmt-page-ppp.h" + #include "nmt-page-team.h" + #include "nmt-page-team-port.h" ++#include "nmt-page-veth.h" + #include "nmt-page-vlan.h" + #include "nmt-page-wifi.h" + #include "nmt-page-wireguard.h" +@@ -369,6 +370,8 @@ nmt_editor_constructed(GObject *object) + page = nmt_page_dsl_new(priv->edit_connection, deventry); + else if (nm_connection_is_type(priv->edit_connection, NM_SETTING_TEAM_SETTING_NAME)) + page = nmt_page_team_new(priv->edit_connection, deventry); ++ else if (nm_connection_is_type(priv->edit_connection, NM_SETTING_VETH_SETTING_NAME)) ++ page = nmt_page_veth_new(priv->edit_connection, deventry); + else if (nm_connection_is_type(priv->edit_connection, NM_SETTING_VLAN_SETTING_NAME)) + page = nmt_page_vlan_new(priv->edit_connection, deventry); + else if (nm_connection_is_type(priv->edit_connection, NM_SETTING_WIRED_SETTING_NAME)) +diff --git a/src/nmtui/nmt-page-veth.c b/src/nmtui/nmt-page-veth.c +new file mode 100644 +index 0000000000..35d0d78d58 +--- /dev/null ++++ b/src/nmtui/nmt-page-veth.c +@@ -0,0 +1,92 @@ ++/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++/* ++ * Copyright (C) 2024 Red Hat, Inc. ++ */ ++/** ++ * SECTION:nmt-page-veth ++ * @short_description: The editor page for veth connections ++ */ ++ ++#include "libnm-client-aux-extern/nm-default-client.h" ++ ++#include ++ ++#include "nmt-page-veth.h" ++ ++#include "libnm-core-aux-intern/nm-libnm-core-utils.h" ++#include "nmt-device-entry.h" ++#include "nmt-mac-entry.h" ++#include "nmt-mtu-entry.h" ++ ++G_DEFINE_TYPE(NmtPageVeth, nmt_page_veth, NMT_TYPE_EDITOR_PAGE_DEVICE) ++ ++#define NMT_PAGE_VETH_GET_PRIVATE(o) _NM_GET_PRIVATE(self, NmtPageVeth, NMT_IS_PAGE_VETH) ++ ++static void ++nmt_page_veth_init(NmtPageVeth *veth) ++{} ++ ++NmtEditorPage * ++nmt_page_veth_new(NMConnection *conn, NmtDeviceEntry *deventry) ++{ ++ return g_object_new(NMT_TYPE_PAGE_VETH, "connection", conn, "device-entry", deventry, NULL); ++} ++ ++static void ++nmt_page_veth_constructed(GObject *object) ++{ ++ NmtPageVeth *veth = NMT_PAGE_VETH(object); ++ NmtEditorSection *section; ++ NmtEditorGrid *grid; ++ NMSettingVeth *s_veth; ++ NMSettingWired *s_wired; ++ NmtNewtWidget *widget; ++ NMConnection *conn; ++ ++ conn = nmt_editor_page_get_connection(NMT_EDITOR_PAGE(veth)); ++ s_veth = _nm_connection_ensure_setting(conn, NM_TYPE_SETTING_VETH); ++ s_wired = _nm_connection_ensure_setting(conn, NM_TYPE_SETTING_WIRED); ++ ++ section = nmt_editor_section_new(_("VETH"), NULL, TRUE); ++ grid = nmt_editor_section_get_body(section); ++ ++ widget = nmt_newt_entry_new(40, 0); ++ nmt_editor_grid_append(grid, _("Peer"), widget, NULL); ++ g_object_bind_property(s_veth, ++ NM_SETTING_VETH_PEER, ++ widget, ++ "text", ++ G_BINDING_SYNC_CREATE | G_BINDING_BIDIRECTIONAL); ++ ++ nmt_editor_page_add_section(NMT_EDITOR_PAGE(veth), section); ++ ++ section = nmt_editor_section_new(_("ETHERNET"), NULL, FALSE); ++ grid = nmt_editor_section_get_body(section); ++ ++ widget = nmt_mac_entry_new(40, ETH_ALEN, NMT_MAC_ENTRY_TYPE_CLONED_ETHERNET); ++ g_object_bind_property(s_wired, ++ NM_SETTING_WIRED_CLONED_MAC_ADDRESS, ++ widget, ++ "mac-address", ++ G_BINDING_BIDIRECTIONAL | G_BINDING_SYNC_CREATE); ++ nmt_editor_grid_append(grid, _("Cloned MAC address"), widget, NULL); ++ ++ widget = nmt_mtu_entry_new(); ++ g_object_bind_property(s_wired, ++ NM_SETTING_WIRED_MTU, ++ widget, ++ "mtu", ++ G_BINDING_BIDIRECTIONAL | G_BINDING_SYNC_CREATE); ++ nmt_editor_grid_append(grid, _("MTU"), widget, NULL); ++ ++ nmt_editor_page_add_section(NMT_EDITOR_PAGE(veth), section); ++ ++ G_OBJECT_CLASS(nmt_page_veth_parent_class)->constructed(object); ++} ++ ++static void ++nmt_page_veth_class_init(NmtPageVethClass *veth_class) ++{ ++ GObjectClass *object_class = G_OBJECT_CLASS(veth_class); ++ object_class->constructed = nmt_page_veth_constructed; ++} +diff --git a/src/nmtui/nmt-page-veth.h b/src/nmtui/nmt-page-veth.h +new file mode 100644 +index 0000000000..8822f3a27d +--- /dev/null ++++ b/src/nmtui/nmt-page-veth.h +@@ -0,0 +1,32 @@ ++/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++/* ++ * Copyright (C) 2024 Red Hat, Inc. ++ */ ++ ++#ifndef NMT_PAGE_VETH_H ++#define NMT_PAGE_VETH_H ++ ++#include "nmt-editor-page-device.h" ++ ++#define NMT_TYPE_PAGE_VETH (nmt_page_veth_get_type()) ++#define NMT_PAGE_VETH(obj) (_NM_G_TYPE_CHECK_INSTANCE_CAST((obj), NMT_TYPE_PAGE_VETH, NmtPageVeth)) ++#define NMT_PAGE_VETH_CLASS(klass) \ ++ (G_TYPE_CHECK_CLASS_CAST((klass), NMT_TYPE_PAGE_VETH, NmtPageVethClass)) ++#define NMT_IS_PAGE_VETH(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), NMT_TYPE_PAGE_VETH)) ++#define NMT_IS_PAGE_VETH_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), NMT_TYPE_PAGE_VETH)) ++#define NMT_PAGE_VETH_GET_CLASS(obj) \ ++ (G_TYPE_INSTANCE_GET_CLASS((obj), NMT_TYPE_PAGE_VETH, NmtPageVethClass)) ++ ++typedef struct { ++ NmtEditorPageDevice parent; ++} NmtPageVeth; ++ ++typedef struct { ++ NmtEditorPageDeviceClass parent; ++} NmtPageVethClass; ++ ++GType nmt_page_veth_get_type(void); ++ ++NmtEditorPage *nmt_page_veth_new(NMConnection *conn, NmtDeviceEntry *deventry); ++ ++#endif /* NMT_PAGE_VETH_H */ +-- +2.47.1 + + +From 7d9ed27897d90e6dbd97aef6e7bbb0a181c961df Mon Sep 17 00:00:00 2001 +From: Jan Vaclav +Date: Mon, 20 May 2024 14:04:18 +0200 +Subject: [PATCH 2/2] nmtui: include veth devices in activation dialog + +(cherry picked from commit e74f506b81595112893997f08cbad8482e7777aa) +--- + src/libnm-core-impl/nm-connection.c | 2 ++ + src/nmtui/nmt-connect-connection-list.c | 1 + + 2 files changed, 3 insertions(+) + +diff --git a/src/libnm-core-impl/nm-connection.c b/src/libnm-core-impl/nm-connection.c +index 95fe89a87c..6dace2b73c 100644 +--- a/src/libnm-core-impl/nm-connection.c ++++ b/src/libnm-core-impl/nm-connection.c +@@ -3258,6 +3258,8 @@ nm_connection_get_virtual_device_description(NMConnection *connection) + display_type = _("WireGuard"); + else if (nm_streq(type, NM_SETTING_TUN_SETTING_NAME)) + display_type = _("TUN/TAP"); ++ else if (nm_streq(type, NM_SETTING_VETH_SETTING_NAME)) ++ display_type = _("Veth"); + + if (!iface || !display_type) + return NULL; +diff --git a/src/nmtui/nmt-connect-connection-list.c b/src/nmtui/nmt-connect-connection-list.c +index 70264d3ec2..1fd44b2957 100644 +--- a/src/nmtui/nmt-connect-connection-list.c ++++ b/src/nmtui/nmt-connect-connection-list.c +@@ -96,6 +96,7 @@ static const char *device_sort_order[] = {"NMDeviceEthernet", + "NMDeviceInfiniband", + "NMDeviceWifi", + NM_SETTING_VLAN_SETTING_NAME, ++ NM_SETTING_VETH_SETTING_NAME, + NM_SETTING_BOND_SETTING_NAME, + NM_SETTING_TEAM_SETTING_NAME, + NM_SETTING_BRIDGE_SETTING_NAME, +-- +2.47.1 + diff --git a/SOURCES/1011-policy-always-reset-retries-when-unblocking-children-or-ports-rhel-78748.patch b/SOURCES/1011-policy-always-reset-retries-when-unblocking-children-or-ports-rhel-78748.patch new file mode 100644 index 0000000..99cff63 --- /dev/null +++ b/SOURCES/1011-policy-always-reset-retries-when-unblocking-children-or-ports-rhel-78748.patch @@ -0,0 +1,136 @@ +From d1545823e467aec816ed0073c4eec1bec669e98f Mon Sep 17 00:00:00 2001 +From: Fernando Fernandez Mancera +Date: Wed, 12 Feb 2025 10:58:39 +0100 +Subject: [PATCH] policy: always reset retries when unblocking children or + ports + +When calling activate_port_or_children_connections() we are unblocking +the ports and children but we are not resetting the number of retries if +it is an internal activation. + +This is wrong as even if it's an internal activation the number of +retries should be reset. It won't interferfe with other blocking reasons +like USER_REQUESTED or MISSING_SECRETS. + +(cherry picked from commit 7acc66699af9a1546c602082b6994b98cfea7c80) +(cherry picked from commit 2daeef668d7d1e31d6165b89ef4222ce51ddeb89) +(cherry picked from commit 52ed8567e2084a21727ac89c26dcd110be19c35a) +(cherry picked from commit b870c94a4c319d1927f01107e01590c6ccc8342a) +--- + src/core/nm-policy.c | 33 +++++++++------------------------ + 1 file changed, 9 insertions(+), 24 deletions(-) + +diff --git a/src/core/nm-policy.c b/src/core/nm-policy.c +index 93b52526a2..e01a13fb8b 100644 +--- a/src/core/nm-policy.c ++++ b/src/core/nm-policy.c +@@ -1873,8 +1873,7 @@ unblock_autoconnect_for_children(NMPolicy *self, + const char *parent_device, + const char *parent_uuid_settings, + const char *parent_uuid_applied, +- const char *parent_mac_addr, +- gboolean reset_devcon_autoconnect) ++ const char *parent_mac_addr) + { + NMPolicyPrivate *priv = NM_POLICY_GET_PRIVATE(self); + NMSettingsConnection *const *connections; +@@ -1915,10 +1914,8 @@ unblock_autoconnect_for_children(NMPolicy *self, + parent_mac_addr)) + continue; + +- if (reset_devcon_autoconnect) { +- if (nm_manager_devcon_autoconnect_retries_reset(priv->manager, NULL, sett_conn)) +- changed = TRUE; +- } ++ if (nm_manager_devcon_autoconnect_retries_reset(priv->manager, NULL, sett_conn)) ++ changed = TRUE; + + /* unblock the devices associated with that connection */ + if (nm_manager_devcon_autoconnect_blocked_reason_set( +@@ -1940,8 +1937,7 @@ static void + unblock_autoconnect_for_ports(NMPolicy *self, + const char *controller_device, + const char *controller_uuid_settings, +- const char *controller_uuid_applied, +- gboolean reset_devcon_autoconnect) ++ const char *controller_uuid_applied) + { + NMPolicyPrivate *priv = NM_POLICY_GET_PRIVATE(self); + NMSettingsConnection *const *connections; +@@ -1959,7 +1955,6 @@ unblock_autoconnect_for_ports(NMPolicy *self, + "\"", + "")); + +- changed = FALSE; + connections = nm_settings_get_connections(priv->settings, NULL); + for (i = 0; connections[i]; i++) { + NMSettingsConnection *sett_conn = connections[i]; +@@ -1977,10 +1972,8 @@ unblock_autoconnect_for_ports(NMPolicy *self, + controller_uuid_settings)) + continue; + +- if (reset_devcon_autoconnect) { +- if (nm_manager_devcon_autoconnect_retries_reset(priv->manager, NULL, sett_conn)) +- changed = TRUE; +- } ++ if (nm_manager_devcon_autoconnect_retries_reset(priv->manager, NULL, sett_conn)) ++ changed = TRUE; + + /* unblock the devices associated with that connection */ + if (nm_manager_devcon_autoconnect_blocked_reason_set( +@@ -2015,7 +2008,7 @@ unblock_autoconnect_for_ports_for_sett_conn(NMPolicy *self, NMSettingsConnection + controller_uuid_settings = nm_setting_connection_get_uuid(s_con); + controller_device = nm_setting_connection_get_interface_name(s_con); + +- unblock_autoconnect_for_ports(self, controller_device, controller_uuid_settings, NULL, TRUE); ++ unblock_autoconnect_for_ports(self, controller_device, controller_uuid_settings, NULL); + } + + static void +@@ -2028,7 +2021,6 @@ activate_port_or_children_connections(NMPolicy *self, + const char *controller_uuid_applied = NULL; + const char *parent_mac_addr = NULL; + NMActRequest *req; +- gboolean internal_activation = FALSE; + + controller_device = nm_device_get_iface(device); + nm_assert(controller_device); +@@ -2039,7 +2031,6 @@ activate_port_or_children_connections(NMPolicy *self, + if (req) { + NMConnection *connection; + NMSettingsConnection *sett_conn; +- NMAuthSubject *subject; + + sett_conn = nm_active_connection_get_settings_connection(NM_ACTIVE_CONNECTION(req)); + if (sett_conn) +@@ -2051,25 +2042,19 @@ activate_port_or_children_connections(NMPolicy *self, + + if (nm_streq0(controller_uuid_settings, controller_uuid_applied)) + controller_uuid_applied = NULL; +- +- subject = nm_active_connection_get_subject(NM_ACTIVE_CONNECTION(req)); +- internal_activation = +- subject && (nm_auth_subject_get_subject_type(subject) == NM_AUTH_SUBJECT_TYPE_INTERNAL); + } + + if (!activate_children_connections_only) { + unblock_autoconnect_for_ports(self, + controller_device, + controller_uuid_settings, +- controller_uuid_applied, +- !internal_activation); ++ controller_uuid_applied); + } + unblock_autoconnect_for_children(self, + controller_device, + controller_uuid_settings, + controller_uuid_applied, +- parent_mac_addr, +- !internal_activation); ++ parent_mac_addr); + } + + static gboolean +-- +2.48.1 + diff --git a/SOURCES/1012-core-prevent-the-activation-of-unavailable-ovs-interfaces-only-rhel-79995.patch b/SOURCES/1012-core-prevent-the-activation-of-unavailable-ovs-interfaces-only-rhel-79995.patch new file mode 100644 index 0000000..f730399 --- /dev/null +++ b/SOURCES/1012-core-prevent-the-activation-of-unavailable-ovs-interfaces-only-rhel-79995.patch @@ -0,0 +1,53 @@ +From 11d2ec5d62fe061bb25db2343a51d9aa4239fb53 Mon Sep 17 00:00:00 2001 +From: Fernando Fernandez Mancera +Date: Mon, 17 Feb 2025 23:10:53 +0100 +Subject: [PATCH] core: prevent the activation of unavailable OVS interfaces + only + +Preventing the activation of unavailable devices for all device types is +too aggresive and leads to race conditions, e.g when a non-virtual bond +port gets a carrier, preventing the device to be a good candidate for +the connection. + +Instead, enforce this check only on OVS interfaces as NetworkManager +just makes sure that ovsdb->ready is set to TRUE. + +https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2139 + +Fixes: 774badb1519a ('core: prevent the activation of unavailable devices') +(cherry picked from commit a1c05d2ce6f115c900ef21b69c3ee7e98ef4ddaf) +(cherry picked from commit b8ef2a551e505b5ffb02cc5d4e3ab29e78ea1fac) +(cherry picked from commit 8b39a79621435e0ea3c7b4caaa69640f268409ae) +(cherry picked from commit 67e71a9d7f110607838c5633db81eb2ed0ea6992) +--- + src/core/nm-manager.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/src/core/nm-manager.c b/src/core/nm-manager.c +index 36b8bda0f5..cae3dff613 100644 +--- a/src/core/nm-manager.c ++++ b/src/core/nm-manager.c +@@ -4699,10 +4699,16 @@ found_better: + if (nm_g_hash_table_contains(exclude_devices, device)) + continue; + +- if (!nm_device_is_available(device, +- for_user_request +- ? NM_DEVICE_CHECK_DEV_AVAILABLE_FOR_USER_REQUEST +- : NM_DEVICE_CHECK_DEV_AVAILABLE_NONE)) ++ /* During startup, NM performs a cleanup of the ovsdb to remove previous entries. ++ * Before the device is suitable for the connection, it must have ovsdb->ready set ++ * to TRUE. Performing this check in all kind of interfaces is too agressive and leads ++ * to race conditions, e.g when a non-virtual bond port gets a carrier, preventing the ++ * device to be a good candidate for the connection. */ ++ if (nm_device_get_device_type(device) == NM_DEVICE_TYPE_OVS_INTERFACE ++ && !nm_device_is_available(device, ++ for_user_request ++ ? NM_DEVICE_CHECK_DEV_AVAILABLE_FOR_USER_REQUEST ++ : NM_DEVICE_CHECK_DEV_AVAILABLE_NONE)) + continue; + + /* determine the priority of this device. Currently, this priority is independent +-- +2.48.1 + diff --git a/SPECS/NetworkManager.spec b/SPECS/NetworkManager.spec index 1b3996f..88f9674 100644 --- a/SPECS/NetworkManager.spec +++ b/SPECS/NetworkManager.spec @@ -6,7 +6,7 @@ %global epoch_version 1 %global real_version 1.48.10 %global rpm_version %{real_version} -%global release_version 5 +%global release_version 8 %global snapshot %{nil} %global git_sha %{nil} %global bcond_default_debug 0 @@ -219,6 +219,10 @@ Patch1005: 1005-fix-validation-of-ovs-dpdk-interface-name-rhel-60022.patch Patch1006: 1006-remove-routes-added-by-nm-on-reapply-rhel-73013.patch Patch1007: 1007-vpn-place-gateway-route-to-table-defined-in-ipvx-route-table-rhel-73166.patch Patch1008: 1008-vpn-support-routing-rules-in-vpn-conenctions-rhel-73167.patch +Patch1009: 1009-core-prevent-the-activation-of-unavailable-devices-rhel-78745.patch +Patch1010: 1010-fix-nmtui-segfault-adding-veth-rhel-75763.patch +Patch1011: 1011-policy-always-reset-retries-when-unblocking-children-or-ports-rhel-78748.patch +Patch1012: 1012-core-prevent-the-activation-of-unavailable-ovs-interfaces-only-rhel-79995.patch Requires(post): systemd %if 0%{?fedora} || 0%{?rhel} >= 8 @@ -1275,6 +1279,16 @@ fi %changelog +* Tue Feb 18 2025 Fernando Fernandez Mancera - 1:1.48.10-8 +- policy: always reset retries when unblocking children or ports (RHEL-78748) +- core: prevent the activation of unavailable OVS interfaces only (RHEL-79995) + +* Thu Feb 13 2025 Íñigo Huguet - 1:1.48.10-7 +- nmtui: fix segfault when adding veth interface (RHEL-75763) + +* Wed Feb 12 2025 Fernando Fernandez Mancera - 1:1.48.10-6 +- core: prevent the activation of unavailable devices (RHEL-77167) + * Thu Jan 09 2025 Wen Liang - 1:1.48.10-5 - vpn: Support routing rules in vpn conenctions (RHEL-73167) - vpn: Place gateway route to table defined in ipvx.route-table (RHEL-73166)