From 09a8a8b654c6b428c55f3bddb9b7807e2d8f482a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Wed, 25 Oct 2023 08:50:05 +0200 Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 libvma revision a5d461f9ce6f836a388839d124cffe2c --- .gitattributes | 23 ++++ _service | 16 +++ harden_vma.service.patch | 24 ++++ libvma-9.8.40.0.ae7f37cbdd4f.tar.gz | 3 + libvma.changes | 193 ++++++++++++++++++++++++++++ libvma.spec | 137 ++++++++++++++++++++ vma.service | 31 +++++ 7 files changed, 427 insertions(+) create mode 100644 .gitattributes create mode 100644 _service create mode 100644 harden_vma.service.patch create mode 100644 libvma-9.8.40.0.ae7f37cbdd4f.tar.gz create mode 100644 libvma.changes create mode 100644 libvma.spec create mode 100644 vma.service diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/_service b/_service new file mode 100644 index 0000000..82af802 --- /dev/null +++ b/_service @@ -0,0 +1,16 @@ + + + git + https://github.com/Mellanox/libvma.git + no + .git + libvma + @PARENT_TAG@.@TAG_OFFSET@.%h + ae7f37cbdd4fae4b56fb5523bab8fbdb7dbc4177 + + + libvma*.tar + gz + + + diff --git a/harden_vma.service.patch b/harden_vma.service.patch new file mode 100644 index 0000000..4ad2d79 --- /dev/null +++ b/harden_vma.service.patch @@ -0,0 +1,24 @@ +Index: libvma-9.3.1.0.47396f1a5eaa/contrib/scripts/vma.service.in +=================================================================== +--- libvma-9.3.1.0.47396f1a5eaa.orig/contrib/scripts/vma.service.in ++++ libvma-9.3.1.0.47396f1a5eaa/contrib/scripts/vma.service.in +@@ -3,6 +3,19 @@ Description=VMA Daemon + After=network.target + + [Service] ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectSystem=full ++ProtectHome=true ++PrivateDevices=true ++ProtectHostname=true ++ProtectClock=true ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectKernelLogs=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions + Type=forking + Restart=on-failure + ExecStart=@prefix@/sbin/vmad diff --git a/libvma-9.8.40.0.ae7f37cbdd4f.tar.gz b/libvma-9.8.40.0.ae7f37cbdd4f.tar.gz new file mode 100644 index 0000000..1d1800a --- /dev/null +++ b/libvma-9.8.40.0.ae7f37cbdd4f.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f8b57663ad829d4c8cd7176ac111e98ddcfeed3b1492a09b1bfd02919a2ca9fc +size 1133187 diff --git a/libvma.changes b/libvma.changes new file mode 100644 index 0000000..552a6da --- /dev/null +++ b/libvma.changes @@ -0,0 +1,193 @@ +------------------------------------------------------------------- +Mon Oct 2 08:10:03 UTC 2023 - Nicolas Morey + +- Update to v9.8.40 + - RM #3593939 DPCP dependency + - RM #3591039 Wrong lwip seqno wrap around condition + - RM #3591039 Type overflow during trimming TCP seg + - RM #3591039 Ref count for mem_buf chains + - RM #3591039 GRO retransmitted TCP stream + - RM #3591039 Incorrect pbuf chain split + - RM #3604175 Fixing stuck empty rx ring cleanup + - RM #3525812 Socketxtreme buffer reclaim leak + - RM #3420360 Support for ConnectX-7 + - RM #3373882 Fix compilation issue for gcc 13.0.1 + - RM #3321730 Update the copyright statement to 2023 + - RM #3249310 Support only systemctl for vma service setup/removal + - RM #321712 Prevent failure of debian postinst script +- Drop patch fixed upstream: + - issue-3373882-Fix-compilation-issue-for-gcc-13.0.1.patch + +------------------------------------------------------------------- +Wed Mar 29 08:41:11 UTC 2023 - Nicolas Morey + +- Add issue-3373882-Fix-compilation-issue-for-gcc-13.0.1.patch for GCC13 support + +------------------------------------------------------------------- +Fri Sep 30 13:13:43 UTC 2022 - Nicolas Morey-Chaisemartin + +- Update to v9.7.0 (jsc#PED-913) + - Fixing the handling of null elements in iov tx vector + - Updating coverity version to 2021.12 + - Fixing coverity 2021.12 findings + - Fixing pcb resources leak for failed blocking connect + - Fix no SYN rexmits for blocking connect + - Fix blocking socket connect timer race + - Use VMA_HANDLE_SIGINTR for signal() API + - Fix segfault when IPoIB is used along with extra logging + - Fix no traffic during disabled sriov (azure) + - Update Copyright + - Fix stats output logic + - Fix debian/copyright file + - Fix hypervisor check under x86_64 + - Fix gcc12 compilation issue + - Fix VMA_UDP_3T_RULES logic for UDP UC + - Add C++11 Support requirement to a compiler + - Export symbols from socket api only + - Fix gcc12 compilation issue + - Fix fc35 issues + - Add support for fortified glibc functions + - Fix issue in vma_recvfrom_zcopy() + - Fix data corruption in shrink operation + - Workaround for segfault on IBV_EVENT_DEVICE_FATAL +- Drop patches fixed upstream: + - issue-2485156-Fix-fc35-issues.patch + - issue-2945718-Fix-gcc12-compilation-issue.patch + +------------------------------------------------------------------- +Mon Jun 13 06:47:26 UTC 2022 - Nicolas Morey-Chaisemartin + +- Add issue-2945718-Fix-gcc12-compilation-issue.patch to fix + compilation issues with GCC12 + +------------------------------------------------------------------- +Tue Oct 5 09:08:03 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_vma.service.patch + Modified: + * vma.service + +------------------------------------------------------------------- +Sun Sep 26 11:11:24 UTC 2021 - Nicolas Morey-Chaisemartin + +- Add issue-2485156-Fix-fc35-issues.patch from upstream to fix + compilation with newer glibc (deprecated pthread_yield) + +------------------------------------------------------------------- +Mon Jun 28 12:54:15 UTC 2021 - Nicolas Morey-Chaisemartin + +- Update to 9.3.1 + - Remove multi packets (MP-RQ) depracated code + - Several bug fixes + - See CHANGES for a complete list + +------------------------------------------------------------------- +Wed Apr 28 08:13:07 UTC 2021 - Nicolas Morey-Chaisemartin + +- Update to 9.2.2 + - Support Bonding over rdma-core + - Several bug fixes + - See journal.txt for a complete list +- Enable PIE + +------------------------------------------------------------------- +Wed Sep 23 07:47:30 UTC 2020 - Nicolas Morey-Chaisemartin + +- Update to 9.1.2 (jsc#SLE-15165) + * No short release notes available. + See journal.txt for a complete list + +------------------------------------------------------------------- +Thu Jun 4 08:17:05 UTC 2020 - Nicolas Morey-Chaisemartin + +- Update to version 9.1.0 + * No short release notes available. + See journal.txt for a complete list + +------------------------------------------------------------------- +Thu Sep 26 11:05:35 UTC 2019 - Nicolas Morey-Chaisemartin + +- Update to version 8.9.4 + * No short release notes available. + See journal.txt for a complete list + +------------------------------------------------------------------- +Fri Sep 6 08:08:47 UTC 2019 - Nicolas Morey-Chaisemartin + +- Update to version 8.9.2 + * No short release notes available. + See journal.txt for a complete list + +------------------------------------------------------------------- +Wed May 15 06:19:54 UTC 2019 - Nicolas Morey-Chaisemartin + +- Update to version 8.8.2 + * No short release notes available. + See journal.txt for a complete list + +------------------------------------------------------------------- +Mon Oct 15 07:58:57 UTC 2018 - nmoreychaisemartin@suse.com + +- Update to version 8.7.1 (fate#325994) + * No short release notes available. + See journal.txt for a complete list +- Removed issue-1417243-Fix-gcc8-build-warnings.patch as it + was fixed upstream. + +------------------------------------------------------------------- +Mon Jun 18 06:09:14 UTC 2018 - nmoreychaisemartin@suse.com + +- Update to version 8.6.7 + - No short release notes available +- Added issue-1417243-Fix-gcc8-build-warnings.patch to + fix compilation issue with GCC8 + +------------------------------------------------------------------- +Wed Jan 24 08:23:57 UTC 2018 - nmoreychaisemartin@suse.com + +- Update to version 8.4.11 + - Added: + - RM #1214451 Add systemd support for daemon + - RM #1214453 Improve selection of filesystem monitor method + - RM #1207424 Send quickack depending on the payload size + - RM #1179641 Add MTU find logic to ring + - RM #1190606 VMA stats - Remove timewait interval in last cycle + - RM #1179641 Override MTU from route over interface MTU + - RM #1179641 Add parsing route table metrics + - RM #1190054 Rename VMA_SPEC parameter 6973 to 7750 + - RM #1176937 Add VMA_TCP_QUICKACK environment variable + - RM #1176937 Add TCP_QUICKACK option support + - RM #1176937 Add delayed ack control into LWIP + - RM #1151606 Modify valgrind suppression file + - RM #1182826 Check if the module parameters exists + - RM #847360 Add Coverity badge to README.md + - RM #1172255 Disable parser warning coverity checker + - Fixed: + - RM #1247358 Fix crash when VMA could not resolve neighbor + - RM #1258245 Fix SYN messages are sent to invalid peer + - RM #1250147 Reorder netlink event registration at startup + - RM #1214453 Fix daemon for powerpc + - RM #1214453 Fix issue in inotify processing + - RM #1222660 Correct warning check for flow steering + - RM #1192017 Fix ibv_destroy_cq() failure while VMA_TCP_3T_RULES=1 + - RM #1213984 Use dst_enty to find the route MTU + - RM #1175479 Inherit missing properties from the parent + - RM #1175657 Fix ring statistics are not updated was flowtag is enabled + - RM #1201040 Fix VMA_BUFFER_BATCHING_MODE is ignored while set from spec + - RM #1182981 Fix TCP zero-window probe message sequence number + - RM #1181379 Fix TCP zero window probe when there is data in-flight + - RM #1185978 Fix compilation for --enable-opt-log=high + - RM #1164732 Fix possible deadlock during connect + - RM #1185372 Fix traffic is not offloaded for high VMA_RX_WRE values +- Update vma.service to match upstream + +------------------------------------------------------------------- +Tue Nov 14 13:40:52 UTC 2017 - nmoreychaisemartin@suse.com + +- Install COPYING file + +------------------------------------------------------------------- +Wed Nov 8 09:24:55 UTC 2017 - nmoreychaisemartin@suse.com + +- Initial packaging of version 8.4.8 diff --git a/libvma.spec b/libvma.spec new file mode 100644 index 0000000..060e7d6 --- /dev/null +++ b/libvma.spec @@ -0,0 +1,137 @@ +# +# spec file for package libvma +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +# +%define git_ver .0.ae7f37cbdd4f +%define lib_major 9 + +Name: libvma +Summary: A library for boosting TCP and UDP traffic (over RDMA hardware) +License: BSD-2-Clause OR GPL-2.0-only +Group: Development/Libraries/C and C++ +Version: 9.8.40 +Release: 0 +Source0: %{name}-%{version}%{git_ver}.tar.gz +Source1: vma.service +Patch3: harden_vma.service.patch +URL: https://github.com/Mellanox/libvma +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: gcc +BuildRequires: gcc-c++ +BuildRequires: libibverbs-devel +BuildRequires: librdmacm-devel +BuildRequires: libtool +BuildRequires: pkg-config +BuildRequires: systemd-rpm-macros +BuildRequires: pkgconfig(libnl-3.0) +Requires: libvma%{lib_major} = %{version} +ExclusiveArch: x86_64 aarch64 ppc64le + +%description +VMA library is a performance booster of TCP and UDP traffic +Part of Mellanox enhanced services +Allows application written over standard socket API +To run over Infiniband/Ethernet from userspace with full network stack bypass +and get better throughput, latency and packets/sec rate + +%package -n libvma%{lib_major} +Summary: Libvma runtime libary +Group: System/Libraries + +%description -n libvma%{lib_major} +VMA library is a performance booster of TCP and UDP traffic +Part of Mellanox enhanced services +Allows application written over standard socket API +To run over Infiniband/Ethernet from userspace with full network stack bypass +and get better throughput, latency and packets/sec rate + +%package devel +Summary: Header files and link required to develop with Libvma +Group: Development/Libraries/C and C++ +Requires: libvma%{lib_major} = %{version} + +%description devel +Headers and symbolink link required to compile and link with the Libvma library. + +%prep +%setup -q -n %{name}-%{version}%{git_ver} +%patch3 -p1 + +%build +./autogen.sh +export CXXFLAGS="%optflags -Wno-address-of-packed-member -fPIE" +export CFLAGS="%optflags -fPIE" +export LDFLAGS="-pie" +%configure --docdir=%{_docdir}/%{name} +make %{?_smp_mflags} V=1 + +%install +make DESTDIR=%{buildroot} install +rm -f %{buildroot}%{_libdir}/*.la +rm -f %{buildroot}/etc/init.d/vma +rm -f %{buildroot}/etc/systemd/system/vma.service + +install -D -m 755 tests/vma_perf_envelope/vma_perf_envelope.sh %{buildroot}/%{_datadir}/%{name}/vma_perf_envelope.sh +install -m 644 src/vma/vma_extra.h %{buildroot}/%{_includedir}/mellanox/vma_extra.h +install -m 644 src/vma/util/libvma.conf %{buildroot}/%{_sysconfdir}/ +install -s -m 755 src/stats/vma_stats %{buildroot}/%{_bindir}/vma_stats +install -s -m 755 tools/daemon/vmad %{buildroot}/%{_sbindir}/vmad +install -D -m 644 %{S:1} %{buildroot}%{_unitdir}/vma.service + +for service in vma; do ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc${service}; done + +%post -n libvma%{lib_major} -p /sbin/ldconfig +%postun -n libvma%{lib_major} -p /sbin/ldconfig + +%pre +%service_add_pre vma.service + +%post +%service_add_post vma.service + +%preun +%service_del_preun vma.service + +%postun +%service_del_postun vma.service + +%files +%defattr(-,root,root,-) +%dir %{_datadir}/%{name} +%dir %{_docdir}/%{name} +%{_docdir}/%{name}/README +%{_docdir}/%{name}/CHANGES +%config(noreplace) %{_sysconfdir}/libvma.conf +%{_sbindir}/vmad +%{_sbindir}/rcvma +%{_unitdir}/vma.service +%{_bindir}/vma_stats +%{_datadir}/%{name}/vma_perf_envelope.sh +%{_mandir}/man*/* +%license LICENSE + +%files -n libvma%{lib_major} +%{_libdir}/%{name}*.so.* + +%files devel +%defattr(-,root,root,-) +%{_includedir}/mellanox +%{_libdir}/%{name}.so + +%changelog diff --git a/vma.service b/vma.service new file mode 100644 index 0000000..4a6474f --- /dev/null +++ b/vma.service @@ -0,0 +1,31 @@ +[Unit] +Description=VMA Monitoring Daemon +StopWhenUnneeded=no +DefaultDependencies=no +# Ensure required kernel modules are loaded before starting +Wants=rdma-load-modules@rdma.service +After=rdma-load-modules@rdma.service +# After basic RDMA hw setup. +After=rdma-hw.target + +[Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions +Type=simple +Restart=on-failure +ExecStart=/usr/sbin/vmad + +[Install] +WantedBy=multi-user.target +