pool/dpdk
SHA256
6
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 1236877 from network

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1236877
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dpdk?expand=0&rev=68
This commit is contained in:
Ana Guerrero 2025-01-12 10:08:53 +00:00 committed by Git OBS Bridge
commit 82ff4e904a
3 changed files with 46 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
dpdk-CVE-2024-11614.patch Normal file
View File

@ -0,0 +1,35 @@
From fdf13ea6fede07538fbe5e2a46fa6d4b2368fa81 Mon Sep 17 00:00:00 2001
From: Olivier Matz <olivier.matz@6wind.com>
Date: Thu, 28 Nov 2024 12:09:56 +0100
Subject: net/virtio: fix Rx checksum calculation
If hdr->csum_start is larger than packet length, the len argument passed
to rte_raw_cksum_mbuf() overflows and causes a segmentation fault.
Ignore checksum computation in this case.
CVE-2024-11614
Fixes: ca7036b4af3a ("vhost: fix offload flags in Rx path")
Signed-off-by: Maxime Gouin <maxime.gouin@6wind.com>
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
lib/vhost/virtio_net.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
index d764d4bc6a..69901ab3b5 100644
--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
@@ -2823,6 +2823,9 @@ vhost_dequeue_offload(struct virtio_net *dev, struct virtio_net_hdr *hdr,
*/
uint16_t csum = 0, off;
+ if (hdr->csum_start >= rte_pktmbuf_pkt_len(m))
+ return;
+
if (rte_raw_cksum_mbuf(m, hdr->csum_start,
rte_pktmbuf_pkt_len(m) - hdr->csum_start, &csum) < 0)
return;

7
dpdk.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Jan 1 13:12:20 UTC 2025 - Duraisankar P <Duraisankar.pitchumani@suse.com>
- Fix CVE-2024-11614 [bsc#1234718] - Denial Of Service from malicious guest on hypervisors using DPDK Vhost library
- Added patch,
+ dpdk-CVE-2024-11614.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Sep 14 12:34:14 UTC 2024 - Dan Partelly <d.partelly@yahoo.com> Sat Sep 14 12:34:14 UTC 2024 - Dan Partelly <d.partelly@yahoo.com>

6
dpdk.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package dpdk # spec file
# #
# Copyright (c) 2024 SUSE LLC # Copyright (c) 2025 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -63,6 +63,8 @@ Source: https://fast.dpdk.org/rel/dpdk-%{version}.tar.xz
Patch0: 0001-fix-cpu-compatibility.patch Patch0: 0001-fix-cpu-compatibility.patch
# PATCH-FIX-UPSTREAM - https://bugs.dpdk.org/show_bug.cgi?id=1530 # PATCH-FIX-UPSTREAM - https://bugs.dpdk.org/show_bug.cgi?id=1530
Patch1: 0001-examples-vm_power_manager-add-missing-header.patch Patch1: 0001-examples-vm_power_manager-add-missing-header.patch
# PATCH-FIX-UPSTREAM - CVE-2024-11614 [bsc#1234718], net/virtio: Fix Denial Of Service from malicious guest on hypervisors using DPDK Vhost library
Patch2: dpdk-CVE-2024-11614.patch
BuildRequires: %{python_module Sphinx} BuildRequires: %{python_module Sphinx}
BuildRequires: %{python_module pyelftools >= 0.22} BuildRequires: %{python_module pyelftools >= 0.22}
BuildRequires: %{pythons} BuildRequires: %{pythons}