Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2018-01-13 21:46:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openvswitch"
Sat Jan 13 21:46:42 2018 rev:20 rq:563300 version:2.8.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2017-12-14
10:54:47.339418558 +0100
+++ /work/SRC/openSUSE:Factory/.openvswitch.new/openvswitch.changes
2018-01-13 21:46:55.396100563 +0100
@@ -1,0 +2,22 @@
+Tue Jan 9 16:25:48 UTC 2018 - mchand...@suse.de
+
+- Add upstream patches to support DPDK 17.11 (fate#322609)
+ * 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch
+ * 0002-netdev-dpdk-DPDK-v17.11-upgrade.patch
+ * 0003-netdev-dpdk-vHost-IOMMU-support.patch
+
+-------------------------------------------------------------------
+Wed Dec 27 17:05:35 UTC 2017 - mchand...@suse.de
+
+- Python fixes and improvements
+ * Build Python3 subpackages for Open vSwitch python bindings
+ * Switch build architecture to 'noarch' for python bindings.
+ * Fix license for python subpackages
+ * Build and ship python bytecode files.
+- Do not mark files in /usr/share/* as configuration files
+- Replace version macro with actual version number of Obsoletes tags.
+ The DPDK packages have been merged with the regular OvS ones in the
+ 2.7.0 release so make it more explicit which ones we are obsoleting.
+- spec-cleaner fixes
+
+-------------------------------------------------------------------
New:
----
0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch
0002-netdev-dpdk-DPDK-v17.11-upgrade.patch
0003-netdev-dpdk-vHost-IOMMU-support.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openvswitch.spec ++++++
--- /var/tmp/diff_new_pack.SPHatU/_old 2018-01-13 21:46:56.236061406 +0100
+++ /var/tmp/diff_new_pack.SPHatU/_new 2018-01-13 21:46:56.240061219 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openvswitch
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,11 +17,11 @@
# needssslcertforbuild
+%{?!python_module:%define python_module() python-%{**} python3-%{**}}
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
- %define _fillupdir /var/adm/fillup-templates
+ %define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
-
%define lname libopenvswitch-2_8-0
%ifarch aarch64 x86_64 %{ix86}
# DPDK enabled by default
@@ -48,7 +48,17 @@
Source0: http://openvswitch.org/releases/openvswitch-%{version}.tar.gz
Source1: preamble
Source89: Module.supported.updates
+# PATCH-FIX-UPSTREAM: 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch
+Patch0: 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch
+# PATCH-FIX-UPSTREAM: 0002-netdev-dpdk-DPDK-v17.11-upgrade.patch
+Patch1: 0002-netdev-dpdk-DPDK-v17.11-upgrade.patch
+# PATCH-FIX-UPSTREAM: 0003-netdev-dpdk-vHost-IOMMU-support.patch
+Patch2: 0003-netdev-dpdk-vHost-IOMMU-support.patch
Patch99: 0001-utilities-Add-script-to-support-DPDK-option-migratio.patch
+BuildRequires: %{python_module devel}
+BuildRequires: %{python_module six}
+BuildRequires: %{python_module xml}
+BuildRequires: %{pythons}
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: fdupes
@@ -58,31 +68,27 @@
BuildRequires: libtool
BuildRequires: make
BuildRequires: pkgconfig
-BuildRequires: python-devel
-BuildRequires: python-six
-BuildRequires: python-xml
+BuildRequires: python-rpm-macros
BuildRequires: pkgconfig(openssl)
Requires: logrotate
Requires: modutils
-Requires: python
# ovs-ctl / ovs-pki use /usr/bin/uuidgen:
Requires: util-linux
Requires(post): %fillup_prereq
Suggests: logrotate
Provides: openvswitch-common = %{version}
-Obsoletes: openvswitch-common < %{version}
+Obsoletes: openvswitch-common < 2.7.0
Provides: openvswitch-controller = %{version}
-Obsoletes: openvswitch-controller < %{version}
+Obsoletes: openvswitch-controller < 2.7.0
# openvswitch-switch has been merged to the main package
# so we need to provide a migration path
Provides: %{name}-dpdk = %{version}
Provides: %{name}-dpdk-switch = %{version}
Provides: %{name}-switch = %{version}
-Obsoletes: %{name}-dpdk < %{version}
-Obsoletes: %{name}-dpdk-switch < %{version}
-Obsoletes: %{name}-switch < %{version}
+Obsoletes: %{name}-dpdk < 2.7.0
+Obsoletes: %{name}-dpdk-switch < 2.7.0
+Obsoletes: %{name}-switch < 2.7.0
%{?systemd_requires}
-%py_requires
%if %{with dpdk}
Requires(post): shadow
%endif
@@ -145,7 +151,7 @@
Group: Development/Libraries/C and C++
Requires: %{lname} = %{version}
Provides: %{name}-dpdk-devel = %{version}
-Obsoletes: %{name}-dpdk-devel < %{version}
+Obsoletes: %{name}-dpdk-devel < 2.7.0
%description devel
Devel libraries and headers for Open vSwitch.
@@ -200,8 +206,8 @@
# openvswitch-ovn has been split into
openvswitch-ovn-{central,common,docker,host,vtep}
Provides: %{name}-dpdk-ovn = %{version}
Provides: %{name}-ovn = %{version}
-Obsoletes: %{name}-dpdk-ovn < %{version}
-Obsoletes: %{name}-ovn < %{version}
+Obsoletes: %{name}-dpdk-ovn < 2.7.0
+Obsoletes: %{name}-ovn < 2.7.0
%description ovn-common
Utilities that are used to diagnose and manage the OVN components.
@@ -226,7 +232,7 @@
Group: Productivity/Networking/System
Requires: %{name} = %{version}
Provides: %{name}-dpdk-pki = %{version}
-Obsoletes: %{name}-dpdk-pki < %{version}
+Obsoletes: %{name}-dpdk-pki < 2.7.0
%description pki
openvswitch-pki provides PKI (public key infrastructure) support for
@@ -244,7 +250,7 @@
# Since openvswitch/scripts/ovs-vtep requires various ovs python modules.
Requires: python-openvswitch = %{version}
Provides: %{name}-dpdk-vtep = %{version}
-Obsoletes: %{name}-dpdk-vtep < %{version}
+Obsoletes: %{name}-dpdk-vtep < 2.7.0
%description vtep
A VTEP (VXLAN Tunnel EndPoint) emulator that uses Open vSwitch for
@@ -252,40 +258,68 @@
Open vSwitch is a full-featured software-based Ethernet switch.
-%package -n python-openvswitch
-Summary: Python bindings for Open vSwitch
-License: Python-2.0
+%package -n python2-openvswitch
+Summary: Python2 bindings for Open vSwitch
+License: Apache-2.0
Group: Productivity/Networking/System
Requires: openvswitch-common = %{version}
-Requires: python
-Requires: python-six
+Requires: python3
+Requires: python3-six
+Provides: python-openvswitch = %{version}
+Obsoletes: python-openvswitch < 2.8.1
+BuildArch: noarch
-%description -n python-openvswitch
-This package contains the Python bindings for Open vSwitch database.
+%description -n python2-openvswitch
+This package contains the Python2 bindings for Open vSwitch database.
-%package -n python-openvswitch-test
-Summary: Python bindings for Open vSwitch
-License: Python-2.0
+%package -n python2-openvswitch-test
+Summary: Python2 bindings for Open vSwitch
+License: Apache-2.0
Group: Productivity/Networking/System
Requires: openvswitch-common = %{version}
-Requires: python
-Requires: python-openvswitch = %{version}
-Requires: python-twisted
+Requires: python2
+Requires: python2-Twisted
+Requires: python2-openvswitch = %{version}
+Provides: python-openvswitch-test = %{version}
+Obsoletes: python-openvswitch-test < 2.8.1
+BuildArch: noarch
-%description -n python-openvswitch-test
+%description -n python2-openvswitch-test
This package contains the Python bindings for Open vSwitch database.
+%package -n python3-openvswitch
+Summary: Python3 bindings for Open vSwitch
+License: Apache-2.0
+Group: Productivity/Networking/System
+Requires: openvswitch-common = %{version}
+Requires: python3
+Requires: python3-six
+BuildArch: noarch
+
+%description -n python3-openvswitch
+This package contains the Python3 bindings for Open vSwitch database.
+
+%package -n python3-openvswitch-test
+Summary: Python3 bindings for Open vSwitch
+License: Apache-2.0
+Group: Productivity/Networking/System
+Requires: openvswitch-common = %{version}
+Requires: python3
+Requires: python3-Twisted
+Requires: python3-openvswitch = %{version}
+BuildArch: noarch
+
+%description -n python3-openvswitch-test
+This package contains the Python3 bindings for Open vSwitch database.
+
%package test
Summary: Open vSwitch test package
License: Apache-2.0
Group: Productivity/Networking/System
Requires: %{name} = %{version}
-Requires: python
-Requires: python-argparse
-Requires: python-openvswitch-test = %{version}
-Requires: python-twisted
+Requires: python3-openvswitch-test = %{version}
Provides: %{name}-dpdk-test = %{version}
-Obsoletes: %{name}-dpdk-test < %{version}
+Obsoletes: %{name}-dpdk-test < 2.7.0
%description test
Open vSwitch is a software-based Ethernet switch.
@@ -295,6 +329,9 @@
%prep
%setup -q -n openvswitch-%{version}
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
%patch99 -p1
%build
@@ -424,13 +461,23 @@
popd
-mkdir -p %{buildroot}%{py_sitedir}
-mv %{buildroot}%{_datadir}/openvswitch/python/* %{buildroot}%{py_sitedir}
-rmdir %{buildroot}%{_datadir}/openvswitch/python
+# python2
+mkdir -p %{buildroot}%{python2_sitelib}
+cp -a %{buildroot}%{_datadir}/openvswitch/python/*
%{buildroot}%{python2_sitelib}
+# Build the byte compiled files
+%py_compile %{buildroot}%{python2_sitelib}
+%fdupes %{buildroot}%{python2_sitelib}
+
+# python3
+mkdir -p %{buildroot}%{python3_sitelib}
+cp -a %{buildroot}%{_datadir}/openvswitch/python/*
%{buildroot}%{python3_sitelib}
+# Build the byte compiled files
+%py3_compile %{buildroot}%{python3_sitelib}
+%fdupes %{buildroot}%{python3_sitelib}
-find %{buildroot} -type f -name "*.la" -delete -print
+rm -rf %{buildroot}%{_datadir}/openvswitch/python
-%fdupes %{buildroot}%{py_sitedir}
+find %{buildroot} -type f -name "*.la" -delete -print
%post
/sbin/ldconfig
@@ -638,11 +685,17 @@
%{_datadir}/openvswitch/scripts/ovs-vtep
%{_datadir}/openvswitch/vtep.ovsschema
-%files -n python-openvswitch
-%{py_sitedir}/ovs/
+%files -n python2-openvswitch
+%{python2_sitelib}/ovs/
+
+%files -n python2-openvswitch-test
+%{python2_sitelib}/ovstest/
+
+%files -n python3-openvswitch
+%{python3_sitelib}/ovs/
-%files -n python-openvswitch-test
-%{py_sitedir}/ovstest/
+%files -n python3-openvswitch-test
+%{python3_sitelib}/ovstest/
%files ovn-docker
%{_bindir}/ovn-docker-overlay-driver
@@ -672,8 +725,8 @@
%dir %{_libexecdir}/firewalld/services
%{_bindir}/ovn-northd
%{_mandir}/man8/ovn-northd.8%{ext_man}
-%config %{_datadir}/openvswitch/ovn-nb.ovsschema
-%config %{_datadir}/openvswitch/ovn-sb.ovsschema
+%{_datadir}/openvswitch/ovn-nb.ovsschema
+%{_datadir}/openvswitch/ovn-sb.ovsschema
%{_unitdir}/ovn-northd.service
%{_sbindir}/rcovn-northd
%{_prefix}/lib/firewalld/services/ovn-central-firewall-service.xml
++++++ 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch ++++++
>From 9a20eb387a578575400dd266cf64bebc323a5e7a Mon Sep 17 00:00:00 2001
From: Mark Kavanagh <mark.b.kavan...@intel.com>
Date: Fri, 20 Oct 2017 13:37:00 +0100
Subject: [PATCH 1/3] netdev-dpdk: replace uint8_t with dpdk_port_t
netdev_dpdk_detach() declares a 'port_id' variable, of type uint8_t.
This variable should instead be of type dpdk_port_t.
Fixes: bb37956ac ("netdev-dpdk: Use uint8_t for port_id.")
CC: Ilya Maximets <i.maxim...@samsung.com>
Signed-off-by: Mark Kavanagh <mark.b.kavan...@intel.com>
Acked-by: Ilya Maximets <i.maxim...@samsung.com>
Signed-off-by: Ian Stokes <ian.sto...@intel.com>
Signed-off-by: Markos Chandras <mchand...@suse.de>
---
lib/netdev-dpdk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c
index 41acb5b62..dc96d7ce3 100644
--- a/lib/netdev-dpdk.c
+++ b/lib/netdev-dpdk.c
@@ -2521,7 +2521,7 @@ netdev_dpdk_detach(struct unixctl_conn *conn, int argc
OVS_UNUSED,
{
int ret;
char *response;
- uint8_t port_id;
+ dpdk_port_t port_id;
char devname[RTE_ETH_NAME_MAX_LEN];
struct netdev_dpdk *dev;
--
2.15.1
++++++ 0002-netdev-dpdk-DPDK-v17.11-upgrade.patch ++++++
>From 48d294a05d4c0723aba6d7bae2e8a7bb56921736 Mon Sep 17 00:00:00 2001
From: Markos Chandras <mchand...@suse.de>
Date: Tue, 9 Jan 2018 15:55:34 +0000
Subject: [PATCH 2/3] netdev-dpdk: DPDK v17.11 upgrade
API changes for DPDK v17.11 (taken from upstream commit
5e925ccc2a6f569f1b32365e3660671b8e7d36b3 "netdev-dpdk: DPDK v17.11
upgrade")
Signed-off-by: Markos Chandras <mchand...@suse.de>
---
lib/netdev-dpdk.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c
index dc96d7ce3..b93aa2354 100644
--- a/lib/netdev-dpdk.c
+++ b/lib/netdev-dpdk.c
@@ -26,6 +26,7 @@
#include <sys/socket.h>
#include <linux/if.h>
+#include <rte_bus_pci.h>
#include <rte_config.h>
#include <rte_cycles.h>
#include <rte_errno.h>
@@ -150,8 +151,8 @@ BUILD_ASSERT_DECL((MAX_NB_MBUF /
ROUND_DOWN_POW2(MAX_NB_MBUF/MIN_NB_MBUF))
#define DPDK_ETH_PORT_ID_INVALID RTE_MAX_ETHPORTS
-/* DPDK library uses uint8_t for port_id. */
-typedef uint8_t dpdk_port_t;
+/* DPDK library uses uint16_t for port_id. */
+typedef uint16_t dpdk_port_t;
#define VHOST_ENQ_RETRY_NUM 8
#define IF_NAME_SZ (PATH_MAX > IFNAMSIZ ? PATH_MAX : IFNAMSIZ)
--
2.15.1
++++++ 0003-netdev-dpdk-vHost-IOMMU-support.patch ++++++
>From 99aa592dd03c15e9857cfc9c93cc31a8a660af7e Mon Sep 17 00:00:00 2001
From: Mark Kavanagh <mark.b.kavan...@intel.com>
Date: Fri, 8 Dec 2017 10:53:47 +0000
Subject: [PATCH 3/3] netdev-dpdk: vHost IOMMU support
DPDK v17.11 introduces support for the vHost IOMMU feature.
This is a security feature, which restricts the vhost memory
that a virtio device may access.
This feature also enables the vhost REPLY_ACK protocol, the
implementation of which is known to work in newer versions of
QEMU (i.e. v2.10.0), but is buggy in older versions (v2.7.0 -
v2.9.0, inclusive). As such, the feature is disabled by default
in (and should remain so), for the aforementioned older QEMU
verions. Starting with QEMU v2.9.1, vhost-iommu-support can
safely be enabled, even without having an IOMMU device, with
no performance penalty.
This patch adds a new global config option, vhost-iommu-support,
that controls enablement of the vhost IOMMU feature:
ovs-vsctl set Open_vSwitch . other_config:vhost-iommu-support=true
This value defaults to false; to enable IOMMU support, this field
should be set to true when setting other global parameters on init
(such as "dpdk-socket-mem", for example). Changing the value at
runtime is not supported, and requires restarting the vswitch daemon.
Signed-off-by: Mark Kavanagh <mark.b.kavan...@intel.com>
Acked-by: Kevin Traynor <ktray...@redhat.com>
Signed-off-by: Ian Stokes <ian.sto...@intel.com>
---
Documentation/topics/dpdk/vhost-user.rst | 28 ++++++++++++++++++++++++++++
lib/dpdk-stub.c | 6 ++++++
lib/dpdk.c | 12 ++++++++++++
lib/dpdk.h | 3 +++
lib/netdev-dpdk.c | 14 ++++++++++----
vswitchd/vswitch.xml | 15 +++++++++++++++
6 files changed, 74 insertions(+), 4 deletions(-)
diff --git a/Documentation/topics/dpdk/vhost-user.rst
b/Documentation/topics/dpdk/vhost-user.rst
index d383a16e3..9286f8ac6 100644
--- a/Documentation/topics/dpdk/vhost-user.rst
+++ b/Documentation/topics/dpdk/vhost-user.rst
@@ -273,6 +273,34 @@ One benefit of using this mode is the ability for vHost
ports to 'reconnect' in
event of the switch crashing or being brought down. Once it is brought back up,
the vHost ports will reconnect automatically and normal service will resume.
+vhost-user-client IOMMU Support
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+vhost IOMMU is a feature which restricts the vhost memory that a virtio device
+can access, and as such is useful in deployments in which security is a
+concern.
+
+IOMMU support may be enabled via a global config value,
+```vhost-iommu-support```. Setting this to true enables vhost IOMMU support for
+all vhost ports when/where available::
+
+ $ ovs-vsctl set Open_vSwitch . other_config:vhost-iommu-support=true
+
+The default value is false.
+
+.. important::
+
+ Changing this value requires restarting the daemon.
+
+.. important::
+
+ Enabling the IOMMU feature also enables the vhost user reply-ack protocol;
+ this is known to work on QEMU v2.10.0, but is buggy on older versions
+ (2.7.0 - 2.9.0, inclusive). Consequently, the IOMMU feature is disabled by
+ default (and should remain so if using the aforementioned versions of
+ QEMU). Starting with QEMU v2.9.1, vhost-iommu-support can safely be
+ enabled, even without having an IOMMU device, with no performance penalty.
+
.. _dpdk-testpmd:
DPDK in the Guest
diff --git a/lib/dpdk-stub.c b/lib/dpdk-stub.c
index daef7291f..36021807c 100644
--- a/lib/dpdk-stub.c
+++ b/lib/dpdk-stub.c
@@ -48,3 +48,9 @@ dpdk_get_vhost_sock_dir(void)
{
return NULL;
}
+
+bool
+dpdk_vhost_iommu_enabled(void)
+{
+ return false;
+}
diff --git a/lib/dpdk.c b/lib/dpdk.c
index 8da6c3244..6710d10fc 100644
--- a/lib/dpdk.c
+++ b/lib/dpdk.c
@@ -41,6 +41,7 @@ VLOG_DEFINE_THIS_MODULE(dpdk);
static FILE *log_stream = NULL; /* Stream for DPDK log redirection */
static char *vhost_sock_dir = NULL; /* Location of vhost-user sockets */
+static bool vhost_iommu_enabled = false; /* Status of vHost IOMMU support */
static int
process_vhost_flags(char *flag, const char *default_val, int size,
@@ -345,6 +346,11 @@ dpdk_init__(const struct smap *ovs_other_config)
vhost_sock_dir = sock_dir_subcomponent;
}
+ vhost_iommu_enabled = smap_get_bool(ovs_other_config,
+ "vhost-iommu-support", false);
+ VLOG_INFO("IOMMU support for vhost-user-client %s.",
+ vhost_iommu_enabled ? "enabled" : "disabled");
+
argv = grow_argv(&argv, 0, 1);
argc = 1;
argv[0] = xstrdup(ovs_get_program_name());
@@ -482,6 +488,12 @@ dpdk_get_vhost_sock_dir(void)
return vhost_sock_dir;
}
+bool
+dpdk_vhost_iommu_enabled(void)
+{
+ return vhost_iommu_enabled;
+}
+
void
dpdk_set_lcore_id(unsigned cpu)
{
diff --git a/lib/dpdk.h b/lib/dpdk.h
index 673a1f17e..dc58d968a 100644
--- a/lib/dpdk.h
+++ b/lib/dpdk.h
@@ -17,6 +17,8 @@
#ifndef DPDK_H
#define DPDK_H
+#include <stdbool.h>
+
#ifdef DPDK_NETDEV
#include <rte_config.h>
@@ -35,5 +37,6 @@ struct smap;
void dpdk_init(const struct smap *ovs_other_config);
void dpdk_set_lcore_id(unsigned cpu);
const char *dpdk_get_vhost_sock_dir(void);
+bool dpdk_vhost_iommu_enabled(void);
#endif /* dpdk.h */
diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c
index b93aa2354..3082fd668 100644
--- a/lib/netdev-dpdk.c
+++ b/lib/netdev-dpdk.c
@@ -3259,6 +3259,7 @@ netdev_dpdk_vhost_client_reconfigure(struct netdev
*netdev)
{
struct netdev_dpdk *dev = netdev_dpdk_cast(netdev);
int err;
+ uint64_t vhost_flags = 0;
ovs_mutex_lock(&dev->mutex);
@@ -3269,16 +3270,21 @@ netdev_dpdk_vhost_client_reconfigure(struct netdev
*netdev)
*/
if (!(dev->vhost_driver_flags & RTE_VHOST_USER_CLIENT)
&& strlen(dev->vhost_id)) {
- /* Register client-mode device */
- err = rte_vhost_driver_register(dev->vhost_id,
- RTE_VHOST_USER_CLIENT);
+ /* Register client-mode device. */
+ vhost_flags |= RTE_VHOST_USER_CLIENT;
+
+ /* Enable IOMMU support, if explicitly requested. */
+ if (dpdk_vhost_iommu_enabled()) {
+ vhost_flags |= RTE_VHOST_USER_IOMMU_SUPPORT;
+ }
+ err = rte_vhost_driver_register(dev->vhost_id, vhost_flags);
if (err) {
VLOG_ERR("vhost-user device setup failure for device %s\n",
dev->vhost_id);
goto unlock;
} else {
/* Configuration successful */
- dev->vhost_driver_flags |= RTE_VHOST_USER_CLIENT;
+ dev->vhost_driver_flags |= vhost_flags;
VLOG_INFO("vHost User device '%s' created in 'client' mode, "
"using client socket '%s'",
dev->up.name, dev->vhost_id);
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index 074535b58..8f646059f 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -344,6 +344,21 @@
</p>
</column>
+ <column name="other_config" key="vhost-iommu-support"
+ type='{"type": "boolean"}'>
+ <p>
+ vHost IOMMU is a security feature, which restricts the vhost memory
+ that a virtio device may access. vHost IOMMU support is disabled by
+ default, due to a bug in QEMU implementations of the vhost REPLY_ACK
+ protocol, (on which vHost IOMMU relies) prior to v2.9.1. Setting this
+ value to <code>true</code> enables vHost IOMMU support for vHost User
+ Client ports in OvS-DPDK, starting from DPDK v17.11.
+ </p>
+ <p>
+ Changing this value requires restarting the daemon.
+ </p>
+ </column>
+
<column name="other_config" key="n-handler-threads"
type='{"type": "integer", "minInteger": 1}'>
<p>
--
2.15.1
