SLFO-pool/dpdk
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main dpdk revision 9d093a2ce8c67ee442456d153c3d131d

Browse Source
This commit is contained in:
Adrian Schröter 2025-01-10 17:22:03 +01:00
parent 0ab5392128
commit f30a000626
3 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
dpdk-CVE-2024-11614.patch Normal file
View File

@ -0,0 +1,35 @@
From fdf13ea6fede07538fbe5e2a46fa6d4b2368fa81 Mon Sep 17 00:00:00 2001
From: Olivier Matz <olivier.matz@6wind.com>
Date: Thu, 28 Nov 2024 12:09:56 +0100
Subject: net/virtio: fix Rx checksum calculation
If hdr->csum_start is larger than packet length, the len argument passed
to rte_raw_cksum_mbuf() overflows and causes a segmentation fault.
Ignore checksum computation in this case.
CVE-2024-11614
Fixes: ca7036b4af3a ("vhost: fix offload flags in Rx path")
Signed-off-by: Maxime Gouin <maxime.gouin@6wind.com>
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
lib/vhost/virtio_net.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
index d764d4bc6a..69901ab3b5 100644
--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
@@ -2823,6 +2823,9 @@ vhost_dequeue_offload(struct virtio_net *dev, struct virtio_net_hdr *hdr,
*/
uint16_t csum = 0, off;
+ if (hdr->csum_start >= rte_pktmbuf_pkt_len(m))
+ return;
+
if (rte_raw_cksum_mbuf(m, hdr->csum_start,
rte_pktmbuf_pkt_len(m) - hdr->csum_start, &csum) < 0)
return;

7
dpdk.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Jan 1 13:14:23 UTC 2025 - Duraisankar P <Duraisankar.pitchumani@suse.com>
- Fix CVE-2024-11614 [bsc#1234718] - Denial Of Service from malicious guest on hypervisors using DPDK Vhost library
- Added patch,
+ dpdk-CVE-2024-11614.patch
-------------------------------------------------------------------
Sat Sep 14 12:34:14 UTC 2024 - Dan Partelly <d.partelly@yahoo.com>

2
dpdk.spec
View File

@ -63,6 +63,8 @@ Source: https://fast.dpdk.org/rel/dpdk-%{version}.tar.xz
Patch0: 0001-fix-cpu-compatibility.patch
# PATCH-FIX-UPSTREAM - https://bugs.dpdk.org/show_bug.cgi?id=1530
Patch1: 0001-examples-vm_power_manager-add-missing-header.patch
# PATCH-FIX-UPSTREAM - CVE-2024-11614 [bsc#1234718], Fix Denial Of Service from malicious guest on hypervisors using DPDK Vhost library
Patch2: dpdk-CVE-2024-11614.patch
BuildRequires: %{python_module Sphinx}
BuildRequires: %{python_module pyelftools >= 0.22}
BuildRequires: %{pythons}