From 8e0101f6bffe4050e4eff1f7ae0551f15cc122f7966739656f13cf87a93c7f98 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Tue, 11 Aug 2020 06:57:44 +0000 Subject: [PATCH] - update to v19.11.3: app/crypto-perf: fix display of sample test vector app/eventdev: check Tx adapter service ID app: fix usage help of options separated by dashes app/pipeline: fix build with gcc 10 app: remove extra new line after link duplex app/testpmd: add parsing for QinQ VLAN headers app/testpmd: fix DCB set app/testpmd: fix memory failure handling for i40e DDP app/testpmd: fix PPPoE flow command app/testpmd: fix statistics after reset baseband/turbo_sw: fix exposed LLR decimals assumption bbdev: fix doxygen comments build: disable gcc 10 zero-length-bounds warning build: fix linker warnings with clang on Windows build: support MinGW-w64 with Meson buildtools: get static mlx dependencies for meson bus/fslmc: fix dereferencing null pointer bus/fslmc: fix size of qman fq descriptor bus/pci: fix devargs on probing again bus/pci: fix UIO resource access from secondary process bus/vmbus: fix comment spelling ci: fix telemetry dependency in Travis common/iavf: update copyright common/mlx5: fix build with -fno-common common/mlx5: fix build with rdma-core 21 common/mlx5: fix netlink buffer allocation from stack common/mlx5: fix umem buffer alignment common/octeontx: fix gcc 9.1 ABI break common/qat: fix GEN3 marketing name OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=117 --- ...ck-log-mmap-offset-and-size-overflow.patch | 49 --- 0002-vhost-fix-vring-index-check.patch | 58 --- 0003-vhost-crypto-validate-keys-lengths.patch | 77 ---- ...t-fix-translated-address-not-checked.patch | 46 -- ...host-fix-potential-memory-space-leak.patch | 52 --- 0006-vhost-fix-potential-fd-leak.patch | 80 ---- dpdk-19.11.1.tar.xz | 3 - dpdk-19.11.3.tar.xz | 3 + dpdk.changes | 393 +++++++++++++++++- dpdk.spec | 17 +- 10 files changed, 399 insertions(+), 379 deletions(-) delete mode 100644 0001-vhost-check-log-mmap-offset-and-size-overflow.patch delete mode 100644 0002-vhost-fix-vring-index-check.patch delete mode 100644 0003-vhost-crypto-validate-keys-lengths.patch delete mode 100644 0004-vhost-fix-translated-address-not-checked.patch delete mode 100644 0005-vhost-fix-potential-memory-space-leak.patch delete mode 100644 0006-vhost-fix-potential-fd-leak.patch delete mode 100644 dpdk-19.11.1.tar.xz create mode 100644 dpdk-19.11.3.tar.xz diff --git a/0001-vhost-check-log-mmap-offset-and-size-overflow.patch b/0001-vhost-check-log-mmap-offset-and-size-overflow.patch deleted file mode 100644 index 07b5665..0000000 --- a/0001-vhost-check-log-mmap-offset-and-size-overflow.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 342f6d57f417303b12f86d040b87f27448e4a0ae Mon Sep 17 00:00:00 2001 -From: Maxime Coquelin -Date: Tue, 21 Apr 2020 11:16:56 +0200 -Subject: [PATCH 1/6] vhost: check log mmap offset and size overflow - -vhost_user_set_log_base() is a message handler that is -called to handle the VHOST_USER_SET_LOG_BASE message. -Its payload contains a 64 bit size and offset. Both are -added up and used as a size when calling mmap(). - -There is no integer overflow check. If an integer overflow -occurs a smaller memory map would be created than -requested. Since the returned mapping is mapped as writable -and used for logging, a memory corruption could occur. - -Fixes: fbc4d248b198 ("vhost: fix offset while mmaping log base address") -Cc: stable@dpdk.org - -This issue has been assigned CVE-2020-10722 - -Reported-by: Ilja Van Sprundel -Signed-off-by: Maxime Coquelin -Reviewed-by: Xiaolong Ye -Reviewed-by: Ilja Van Sprundel ---- - lib/librte_vhost/vhost_user.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c -index 40c4520c08..02962fcdbc 100644 ---- a/lib/librte_vhost/vhost_user.c -+++ b/lib/librte_vhost/vhost_user.c -@@ -2059,10 +2059,10 @@ vhost_user_set_log_base(struct virtio_net **pdev, struct VhostUserMsg *msg, - size = msg->payload.log.mmap_size; - off = msg->payload.log.mmap_offset; - -- /* Don't allow mmap_offset to point outside the mmap region */ -- if (off > size) { -+ /* Check for mmap size and offset overflow. */ -+ if (off >= -size) { - RTE_LOG(ERR, VHOST_CONFIG, -- "log offset %#"PRIx64" exceeds log size %#"PRIx64"\n", -+ "log offset %#"PRIx64" and log size %#"PRIx64" overflow\n", - off, size); - return RTE_VHOST_MSG_RESULT_ERR; - } --- -2.25.2 - diff --git a/0002-vhost-fix-vring-index-check.patch b/0002-vhost-fix-vring-index-check.patch deleted file mode 100644 index 8368b31..0000000 --- a/0002-vhost-fix-vring-index-check.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 7e74c33644452051cc4193fd2516d97e1e4009e0 Mon Sep 17 00:00:00 2001 -From: Maxime Coquelin -Date: Tue, 21 Apr 2020 18:17:43 +0200 -Subject: [PATCH 2/6] vhost: fix vring index check - -vhost_user_check_and_alloc_queue_pair() is used to extract -a vring index from a payload. This function validates the -index and is called early on in when performing message -handling. Most message handlers depend on it correctly -validating the vring index. - -Depending on the message type the vring index is in -different parts of the payload. The function contains a -switch/case for each type and copies the index. This is -stored in a uint16. This index is then validated. Depending -on the message, the source index is an unsigned int. If -integer truncation occurs (uint->uint16) the top 16 bits -of the index are never validated. - -When they are used later on (e.g. in -vhost_user_set_vring_num() or vhost_user_set_vring_addr()) -it can lead to out of bound indexing. The out of bound -indexed data gets written to, and hence this can cause -memory corruption. - -This patch fixes this vulnerability by declaring vring -index as an unsigned int in -vhost_user_check_and_alloc_queue_pair(). - -Fixes: 160cbc815b41 ("vhost: remove a hack on queue allocation") -Cc: stable@dpdk.org - -This issue has been assigned CVE-2020-10723 - -Reported-by: Ilja Van Sprundel -Signed-off-by: Maxime Coquelin -Reviewed-by: Xiaolong Ye -Reviewed-by: Ilja Van Sprundel ---- - lib/librte_vhost/vhost_user.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c -index 02962fcdbc..d19614265b 100644 ---- a/lib/librte_vhost/vhost_user.c -+++ b/lib/librte_vhost/vhost_user.c -@@ -2526,7 +2526,7 @@ static int - vhost_user_check_and_alloc_queue_pair(struct virtio_net *dev, - struct VhostUserMsg *msg) - { -- uint16_t vring_idx; -+ uint32_t vring_idx; - - switch (msg->request.master) { - case VHOST_USER_SET_VRING_KICK: --- -2.25.2 - diff --git a/0003-vhost-crypto-validate-keys-lengths.patch b/0003-vhost-crypto-validate-keys-lengths.patch deleted file mode 100644 index 5412af3..0000000 --- a/0003-vhost-crypto-validate-keys-lengths.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 5216718e4837d4dcc6020cd5f6d5d629222bad8c Mon Sep 17 00:00:00 2001 -From: Maxime Coquelin -Date: Tue, 21 Apr 2020 19:10:09 +0200 -Subject: [PATCH 3/6] vhost/crypto: validate keys lengths - -transform_cipher_param() and transform_chain_param() handle -the payload data for the VHOST_USER_CRYPTO_CREATE_SESS -message. These payloads have to be validated, since it -could come from untrusted sources. - -Two buffers and their lenghts are defined in this payload, -one the the auth key and one for the cipher key. But above -functions do not validate the key length inputs, which could -lead to read out of bounds, as buffers have static sizes of -64 bytes for the cipher key and 512 bytes for the auth key. - -This patch adds necessary checks on the key length field -before being used. - -Fixes: e80a98708166 ("vhost/crypto: add session message handler") -Cc: stable@dpdk.org - -This issue has been assigned CVE-2020-10724 - -Reported-by: Ilja Van Sprundel -Signed-off-by: Maxime Coquelin -Reviewed-by: Xiaolong Ye -Reviewed-by: Ilja Van Sprundel ---- - lib/librte_vhost/vhost_crypto.c | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/lib/librte_vhost/vhost_crypto.c b/lib/librte_vhost/vhost_crypto.c -index 68911972b6..07a4115482 100644 ---- a/lib/librte_vhost/vhost_crypto.c -+++ b/lib/librte_vhost/vhost_crypto.c -@@ -237,6 +237,11 @@ transform_cipher_param(struct rte_crypto_sym_xform *xform, - if (unlikely(ret < 0)) - return ret; - -+ if (param->cipher_key_len > VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH) { -+ VC_LOG_DBG("Invalid cipher key length\n"); -+ return -VIRTIO_CRYPTO_BADMSG; -+ } -+ - xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER; - xform->cipher.key.length = param->cipher_key_len; - if (xform->cipher.key.length > 0) -@@ -287,6 +292,12 @@ transform_chain_param(struct rte_crypto_sym_xform *xforms, - &xform_cipher->cipher.algo); - if (unlikely(ret < 0)) - return ret; -+ -+ if (param->cipher_key_len > VHOST_USER_CRYPTO_MAX_CIPHER_KEY_LENGTH) { -+ VC_LOG_DBG("Invalid cipher key length\n"); -+ return -VIRTIO_CRYPTO_BADMSG; -+ } -+ - xform_cipher->type = RTE_CRYPTO_SYM_XFORM_CIPHER; - xform_cipher->cipher.key.length = param->cipher_key_len; - xform_cipher->cipher.key.data = param->cipher_key_buf; -@@ -301,6 +312,12 @@ transform_chain_param(struct rte_crypto_sym_xform *xforms, - ret = auth_algo_transform(param->hash_algo, &xform_auth->auth.algo); - if (unlikely(ret < 0)) - return ret; -+ -+ if (param->auth_key_len > VHOST_USER_CRYPTO_MAX_HMAC_KEY_LENGTH) { -+ VC_LOG_DBG("Invalid auth key length\n"); -+ return -VIRTIO_CRYPTO_BADMSG; -+ } -+ - xform_auth->auth.digest_length = param->digest_len; - xform_auth->auth.key.length = param->auth_key_len; - xform_auth->auth.key.data = param->auth_key_buf; --- -2.25.2 - diff --git a/0004-vhost-fix-translated-address-not-checked.patch b/0004-vhost-fix-translated-address-not-checked.patch deleted file mode 100644 index 6799fcd..0000000 --- a/0004-vhost-fix-translated-address-not-checked.patch +++ /dev/null @@ -1,46 +0,0 @@ -From c74f5a29dbb505bb31bec932a9bd77325e2ceea6 Mon Sep 17 00:00:00 2001 -From: Marvin Liu -Date: Wed, 8 Apr 2020 17:13:55 +0800 -Subject: [PATCH 4/6] vhost: fix translated address not checked - -Malicious guest can construct desc with invalid address and zero buffer -length. That will request vhost to check both translated address and -translated data length. This patch will add missed address check. - -Fixes: 75ed51697820 ("vhost: add packed ring batch dequeue") -Fixes: ef861692c398 ("vhost: add packed ring batch enqueue") -Cc: stable@dpdk.org - -This issue has been assigned CVE-2020-10725 - -Signed-off-by: Marvin Liu -Reviewed-by: Maxime Coquelin ---- - lib/librte_vhost/virtio_net.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c -index ac2842b2d2..33f10258cf 100644 ---- a/lib/librte_vhost/virtio_net.c -+++ b/lib/librte_vhost/virtio_net.c -@@ -1086,6 +1086,8 @@ virtio_dev_rx_batch_packed(struct virtio_net *dev, - VHOST_ACCESS_RW); - - vhost_for_each_try_unroll(i, 0, PACKED_BATCH_SIZE) { -+ if (unlikely(!desc_addrs[i])) -+ return -1; - if (unlikely(lens[i] != descs[avail_idx + i].len)) - return -1; - } -@@ -1841,6 +1843,8 @@ vhost_reserve_avail_batch_packed(struct virtio_net *dev, - } - - vhost_for_each_try_unroll(i, 0, PACKED_BATCH_SIZE) { -+ if (unlikely(!desc_addrs[i])) -+ return -1; - if (unlikely((lens[i] != descs[avail_idx + i].len))) - return -1; - } --- -2.25.2 - diff --git a/0005-vhost-fix-potential-memory-space-leak.patch b/0005-vhost-fix-potential-memory-space-leak.patch deleted file mode 100644 index 755918b..0000000 --- a/0005-vhost-fix-potential-memory-space-leak.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 9566391031723e854e818bb7d965e9e677784dc4 Mon Sep 17 00:00:00 2001 -From: Xiaolong Ye -Date: Wed, 8 Apr 2020 15:31:35 +0800 -Subject: [PATCH 5/6] vhost: fix potential memory space leak - -A malicious container which has direct access to the vhost-user socket -can keep sending VHOST_USER_GET_INFLIGHT_FD messages which may cause -leaking resources until resulting a DOS. Fix it by unmapping the -dev->inflight_info->addr before assigning new mapped addr to it. - -Fixes: d87f1a1cb7b6 ("vhost: support inflight info sharing") -Cc: stable@dpdk.org - -This issue has been assigned CVE-2020-10726 - -Signed-off-by: Xiaolong Ye -Reviewed-by: Maxime Coquelin ---- - lib/librte_vhost/vhost_user.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c -index d19614265b..2a4ba205cf 100644 ---- a/lib/librte_vhost/vhost_user.c -+++ b/lib/librte_vhost/vhost_user.c -@@ -1433,6 +1433,11 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev, - } - memset(addr, 0, mmap_size); - -+ if (dev->inflight_info->addr) { -+ munmap(dev->inflight_info->addr, dev->inflight_info->size); -+ dev->inflight_info->addr = NULL; -+ } -+ - dev->inflight_info->addr = addr; - dev->inflight_info->size = msg->payload.inflight.mmap_size = mmap_size; - dev->inflight_info->fd = msg->fds[0] = fd; -@@ -1517,8 +1522,10 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg, - } - } - -- if (dev->inflight_info->addr) -+ if (dev->inflight_info->addr) { - munmap(dev->inflight_info->addr, dev->inflight_info->size); -+ dev->inflight_info->addr = NULL; -+ } - - addr = mmap(0, mmap_size, PROT_READ | PROT_WRITE, MAP_SHARED, - fd, mmap_offset); --- -2.25.2 - diff --git a/0006-vhost-fix-potential-fd-leak.patch b/0006-vhost-fix-potential-fd-leak.patch deleted file mode 100644 index 8747444..0000000 --- a/0006-vhost-fix-potential-fd-leak.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 1cb6dbef9c15e739da9b253c53b558e93906c6c5 Mon Sep 17 00:00:00 2001 -From: Xuan Ding -Date: Wed, 8 Apr 2020 10:19:51 +0000 -Subject: [PATCH 6/6] vhost: fix potential fd leak - -Vhost will create temporary file when receiving VHOST_USER_GET_INFLIGHT_FD -message. Malicious guest can send endless this message to drain out the -resource of host. - -When receiving VHOST_USER_GET_INFLIGHT_FD message repeatedly, closing the -file created during the last handling of this message. - -Fixes: d87f1a1cb7b666550 ("vhost: support inflight info sharing") -Cc: stable@dpdk.org - -This issue has been assigned CVE-2020-10726 - -Signed-off-by: Xuan Ding -Signed-off-by: Xiaolong Ye -Reviewed-by: Maxime Coquelin ---- - lib/librte_vhost/vhost_user.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c -index 2a4ba205cf..8954f7930e 100644 ---- a/lib/librte_vhost/vhost_user.c -+++ b/lib/librte_vhost/vhost_user.c -@@ -206,7 +206,7 @@ vhost_backend_cleanup(struct virtio_net *dev) - dev->inflight_info->addr = NULL; - } - -- if (dev->inflight_info->fd > 0) { -+ if (dev->inflight_info->fd >= 0) { - close(dev->inflight_info->fd); - dev->inflight_info->fd = -1; - } -@@ -1408,6 +1408,7 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev, - "failed to alloc dev inflight area\n"); - return RTE_VHOST_MSG_RESULT_ERR; - } -+ dev->inflight_info->fd = -1; - } - - num_queues = msg->payload.inflight.num_queues; -@@ -1438,6 +1439,11 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev, - dev->inflight_info->addr = NULL; - } - -+ if (dev->inflight_info->fd >= 0) { -+ close(dev->inflight_info->fd); -+ dev->inflight_info->fd = -1; -+ } -+ - dev->inflight_info->addr = addr; - dev->inflight_info->size = msg->payload.inflight.mmap_size = mmap_size; - dev->inflight_info->fd = msg->fds[0] = fd; -@@ -1520,6 +1526,7 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg, - "failed to alloc dev inflight area\n"); - return RTE_VHOST_MSG_RESULT_ERR; - } -+ dev->inflight_info->fd = -1; - } - - if (dev->inflight_info->addr) { -@@ -1534,8 +1541,10 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg, - return RTE_VHOST_MSG_RESULT_ERR; - } - -- if (dev->inflight_info->fd) -+ if (dev->inflight_info->fd >= 0) { - close(dev->inflight_info->fd); -+ dev->inflight_info->fd = -1; -+ } - - dev->inflight_info->fd = fd; - dev->inflight_info->addr = addr; --- -2.25.2 - diff --git a/dpdk-19.11.1.tar.xz b/dpdk-19.11.1.tar.xz deleted file mode 100644 index 2aa5325..0000000 --- a/dpdk-19.11.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4d7f8e854d00f67297e8d22ae358d64528e9ad4b7c9a9b886453026b07f52e6e -size 12396260 diff --git a/dpdk-19.11.3.tar.xz b/dpdk-19.11.3.tar.xz new file mode 100644 index 0000000..91b8bba --- /dev/null +++ b/dpdk-19.11.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c0114e0293428d25a492b352236ebd8829fbee328ca63d799dfc272a0f63134d +size 12416036 diff --git a/dpdk.changes b/dpdk.changes index 3f8e5b2..e936b81 100644 --- a/dpdk.changes +++ b/dpdk.changes @@ -1,3 +1,395 @@ +------------------------------------------------------------------- +Tue Aug 11 06:56:10 UTC 2020 - Dirk Mueller + +- update to v19.11.3: + app/crypto-perf: fix display of sample test vector + app/eventdev: check Tx adapter service ID + app: fix usage help of options separated by dashes + app/pipeline: fix build with gcc 10 + app: remove extra new line after link duplex + app/testpmd: add parsing for QinQ VLAN headers + app/testpmd: fix DCB set + app/testpmd: fix memory failure handling for i40e DDP + app/testpmd: fix PPPoE flow command + app/testpmd: fix statistics after reset + baseband/turbo_sw: fix exposed LLR decimals assumption + bbdev: fix doxygen comments + build: disable gcc 10 zero-length-bounds warning + build: fix linker warnings with clang on Windows + build: support MinGW-w64 with Meson + buildtools: get static mlx dependencies for meson + bus/fslmc: fix dereferencing null pointer + bus/fslmc: fix size of qman fq descriptor + bus/pci: fix devargs on probing again + bus/pci: fix UIO resource access from secondary process + bus/vmbus: fix comment spelling + ci: fix telemetry dependency in Travis + common/iavf: update copyright + common/mlx5: fix build with -fno-common + common/mlx5: fix build with rdma-core 21 + common/mlx5: fix netlink buffer allocation from stack + common/mlx5: fix umem buffer alignment + common/octeontx: fix gcc 9.1 ABI break + common/qat: fix GEN3 marketing name + contigmem: cleanup properly when load fails + crypto/caam_jr: fix check of file descriptors + crypto/caam_jr: fix IRQ functions return type + crypto/ccp: fix fd leak on probe failure + cryptodev: add asymmetric session-less feature name + cryptodev: fix missing device id range checking + cryptodev: fix SHA-1 digest enum comment + crypto/kasumi: fix extern declaration + crypto/nitrox: fix CSR register address generation + crypto/nitrox: fix oversized device name + crypto/octeontx2: fix build with gcc 10 + crypto/openssl: fix out-of-place encryption + crypto/qat: fix cipher descriptor for ZUC and SNOW + crypto/qat: support plain SHA1..SHA512 hashes + devtools: fix symbol map change check + doc: add i40e limitation for flow director + doc: add NASM installation steps + doc: fix API index + doc: fix build issue in ABI guide + doc: fix build with doxygen 1.8.18 + doc: fix default symbol binding in ABI guide + doc: fix log level example in Linux guide + doc: fix LTO config option + doc: fix matrix CSS for recent sphinx + doc: fix multicast filter feature announcement + doc: fix number of failsafe sub-devices + doc: fix reference in ABI guide + doc: fix sphinx compatibility + doc: fix typo in contributors guide + doc: fix typo in contributors guide + doc: fix typos in ABI policy + doc: prefer https when pointing to dpdk.org + drivers: add crypto as dependency for event drivers + drivers/crypto: disable gcc 10 no-common errors + drivers/crypto: fix build with make 4.3 + drivers/crypto: fix log type variables for -fno-common + drivers: fix log type variables for -fno-common + eal/arm64: fix precise TSC + eal: fix C++17 compilation + eal: fix comments spelling + eal: fix log message print for regex + eal: fix PRNG init with HPET enabled + eal: fix typo in endian conversion macros + eal/freebsd: fix queuing duplicate alarm callbacks + eal/ppc: fix bool type after altivec include + eal/ppc: fix build with gcc 9.3 + eal/x86: ignore gcc 10 stringop-overflow warnings + ethdev: fix build when vtune profiling is on + ethdev: fix spelling + eventdev: fix probe and remove for secondary process + event/dsw: avoid reusing previously recorded events + event/dsw: fix enqueue burst return value + event/dsw: remove redundant control ring poll + event/dsw: remove unnecessary read barrier + event/octeontx2: fix build for O1 optimization + event/octeontx2: fix queue removal from Rx adapter + examples/eventdev: fix build with gcc 10 + examples/eventdev: fix crash on exit + examples/fips_validation: fix parsing of algorithms + examples/ip_pipeline: remove check of null response + examples/ipsec-gw: fix gcc 10 maybe-uninitialized warning + examples/kni: fix crash during MTU set + examples/kni: fix MTU change to setup Tx queue + examples/l2fwd-keepalive: fix mbuf pool size + examples/qos_sched: fix build with gcc 10 + examples: remove extra new line after link duplex + examples/vhost_blk: fix build with gcc 10 + examples/vmdq: fix output of pools/queues + examples/vmdq: fix RSS configuration + examples/vm_power: drop Unix path limit redefinition + examples/vm_power: fix build with -fno-common + fib: fix headers for C++ support + fix same typo in multiple places + fix various typos found by Lintian + ipsec: check SAD lookup error + ipsec: fix build dependency on hash lib + kvargs: fix buffer overflow when parsing list + kvargs: fix invalid token parsing on FreeBSD + kvargs: fix strcmp helper documentation + log: fix level picked with globbing on type register + lpm6: fix comments spelling + lpm6: fix size of tbl8 group + mem: fix overflow on allocation + mem: mark pages as not accessed when freeing memory + mem: mark pages as not accessed when reserving VA + mempool/dpaa2: install missing header with meson + mempool/octeontx2: fix build for gcc O1 optimization + mempool: remove inline functions from export list + mem: preallocate VA space in no-huge mode + mk: fix static linkage of mlx dependency + net/avp: fix gcc 10 maybe-uninitialized warning + net/bnxt: do not use PMD log type + net/bnxt: fix error log for command timeout + net/bnxt: fix FW version query + net/bnxt: fix HWRM command during FW reset + net/bnxt: fix max ring count + net/bnxt: fix memory leak during queue restart + net/bnxt: fix number of TQM ring + net/bnxt: fix port start failure handling + net/bnxt: fix possible stack smashing + net/bnxt: fix Rx ring producer index + net/bnxt: fix storing MAC address twice + net/bnxt: fix TQM ring context memory size + net/bnxt: fix using RSS config struct + net/bnxt: fix VLAN add when port is stopped + net/bnxt: fix VNIC Rx queue count on VNIC free + net/bnxt: use true/false for bool types + net/dpaa2: fix 10G port negotiation + net/dpaa2: fix congestion ID for multiple traffic classes + net/dpaa: use dynamic log type + net/e1000: fix port hotplug for multi-process + net/ena/base: fix documentation of functions + net/ena/base: fix indentation in CQ polling + net/ena/base: fix indentation of multiple defines + net/ena/base: fix testing for supported hash function + net/ena/base: make allocation macros thread-safe + net/ena/base: prevent allocation of zero sized memory + net/ena: fix build for O1 optimization + net/ena: set IO ring size to valid value + net/enetc: fix Rx lock-up + net/enic: fix flow action reordering + net/failsafe: fix fd leak + net/hinic: allocate IO memory with socket id + net/hinic/base: fix PF firmware hot-active problem + net/hinic/base: fix port start during FW hot update + net/hinic: fix LRO + net/hinic: fix queues resource free + net/hinic: fix repeating cable log and length check + net/hinic: fix snprintf length of cable info + net/hinic: fix TSO + net/hinic: fix Tx mbuf length while copying + net/hns3: add free threshold in Rx + net/hns3: add RSS hash offload to capabilities + net/hns3: clear residual flow rules on init + net/hns3: fix configuring illegal VLAN PVID + net/hns3: fix configuring RSS hash when rules are flushed + net/hns3: fix crash when flushing RSS flow rules with FLR + net/hns3: fix default error code of command interface + net/hns3: fix default VLAN filter configuration for PF + net/hns3: fix mailbox opcode data type + net/hns3: fix MSI-X interrupt during initialization + net/hns3: fix packets offload features flags in Rx + net/hns3: fix promiscuous mode for PF + net/hns3: fix return value of setting VLAN offload + net/hns3: fix return value when clearing statistics + net/hns3: fix RSS indirection table configuration + net/hns3: fix RSS key length + net/hns3: fix Rx interrupt after reset + net/hns3: fix status after repeated resets + net/hns3: fix Tx interrupt when enabling Rx interrupt + net/hns3: fix VLAN filter when setting promisucous mode + net/hns3: fix VLAN PVID when configuring device + net/hns3: reduce judgements of free Tx ring space + net/hns3: remove one IO barrier in Rx + net/hns3: remove unnecessary assignments in Tx + net/hns3: replace memory barrier with data dependency order + net/hns3: support different numbers of Rx and Tx queues + net/hns3: support Rx interrupt + net/i40e/base: update copyright + net/i40e: fix flow director enabling + net/i40e: fix flow director for ARP packets + net/i40e: fix flow director initialisation + net/i40e: fix flush of flow director filter + net/i40e: fix queue region in RSS flow + net/i40e: fix queue related exception handling + net/i40e: fix setting L2TAG + net/i40e: fix wild pointer + net/i40e: fix X722 performance + net/i40e: relax barrier in Tx + net/i40e: relax barrier in Tx for NEON + net/iavf: fix link speed + net/iavf: fix setting L2TAG + net/iavf: fix stats query error code + net/ice: add action number check for switch + net/ice/base: check memory pointer before copying + net/ice/base: fix binary order for GTPU filter + net/ice/base: fix MAC write command + net/ice/base: fix uninitialized stack variables + net/ice/base: minor fixes + net/ice/base: read PSM clock frequency from register + net/ice/base: remove unused code in switch rule + net/ice/base: update copyright + net/ice: change default tunnel type + net/ice: fix crash in switch filter + net/ice: fix hash flow crash + net/ice: fix input set of VLAN item + net/ice: fix RSS advanced rule + net/ice: fix RSS for GTPU + net/ice: fix setting L2TAG + net/ice: fix variable initialization + net/ice: remove bulk alloc option + net/ice: remove unnecessary variable + net/ice: support mark only action for flow director + net/ipn3ke: use control thread to check link status + net/ixgbe/base: update copyright + net/ixgbe: check driver type in MACsec API + net/ixgbe: fix link state timing on fiber ports + net/ixgbe: fix link status after port reset + net/ixgbe: fix link status inconsistencies + net/ixgbe: fix link status synchronization on BSD + net/ixgbe: fix resource leak after thread exits normally + net/ixgbe: fix statistics in flow control mode + net/memif: fix init when already connected + net/memif: fix resource leak + net/mlx4: fix build with -fno-common + net/mlx4: fix drop queue error handling + net/mlx5: add device parameter for MPRQ stride size + net/mlx5: add multi-segment packets in MPRQ mode + net/mlx5: enable MPRQ multi-stride operations + net/mlx5: fix actions validation on root table + net/mlx5: fix assert in doorbell lookup + net/mlx5: fix assert in dynamic metadata handling + net/mlx5: fix assert in modify converting + net/mlx5: fix build with separate glue lib for dlopen + net/mlx5: fix call to modify action without init item + net/mlx5: fix counter container usage + net/mlx5: fix crash when releasing meter table + net/mlx5: fix CVLAN tag set in IP item translation + net/mlx5: fix doorbell bitmap management offsets + net/mlx5: fix gcc 10 enum-conversion warning + net/mlx5: fix header modify action validation + net/mlx5: fix imissed counter overflow + net/mlx5: fix jump table leak + net/mlx5: fix mask used for IPv6 item validation + net/mlx5: fix matching for UDP tunnels with Verbs + net/mlx5: fix match on empty VLAN item in DV mode + net/mlx5: fix metadata for compressed Rx CQEs + net/mlx5: fix meter color register consideration + net/mlx5: fix meter suffix table leak + net/mlx5: fix packet length assert in MPRQ + net/mlx5: fix push VLAN action to use item info + net/mlx5: fix RSS enablement + net/mlx5: fix RSS key copy to TIR context + net/mlx5: fix Tx queue release debug log timing + net/mlx5: fix validation of push VLAN without full mask + net/mlx5: fix validation of VXLAN/VXLAN-GPE specs + net/mlx5: fix VLAN flow action with wildcard VLAN item + net/mlx5: fix VLAN ID check + net/mlx5: fix VLAN PCP item calculation + net/mlx5: fix zero metadata action + net/mlx5: fix zero value validation for metadata + net/mlx5: improve logging of MPRQ selection + net/mlx5: reduce Tx completion index memory loads + net/mlx5: set dynamic flow metadata in Rx queues + net/mlx5: update VLAN and encap actions validation + net/mlx5: use open/read/close for ib stats query + net/mvneta: do not use PMD log type + net/mvpp2: fix build with gcc 10 + net/netvsc: avoid possible live lock + net/netvsc: do not configure RSS if disabled + net/netvsc: do RSS across Rx queue only + net/netvsc: fix comment spelling + net/netvsc: fix memory free on device close + net/netvsc: handle Rx packets during multi-channel setup + net/netvsc: handle Tx completions based on burst size + net/netvsc: propagate descriptor limits from VF + net/netvsc: remove process event optimization + net/netvsc: split send buffers from Tx descriptors + net/nfp: fix dangling pointer on probe failure + net/nfp: fix log format specifiers + net/null: fix secondary burst function selection + net/null: remove redundant check + net/octeontx2: disable unnecessary error interrupts + net/octeontx2: enable error and RAS interrupt in configure + net/octeontx2: fix buffer size assignment + net/octeontx2: fix device configuration sequence + net/octeontx2: fix link information for loopback port + net/octeontx: fix dangling pointer on init failure + net/octeontx: fix meson build for disabled drivers + net/pfe: do not use PMD log type + net/pfe: fix double free of MAC address + net/qede: fix link state configuration + net/qede: fix port reconfiguration + net/ring: fix device pointer on allocation + net/sfc/base: fix build when EVB is enabled + net/sfc/base: fix manual filter delete in EF10 + net/sfc/base: handle manual and auto filter clashes in EF10 + net/sfc/base: reduce filter priorities to implemented only + net/sfc/base: refactor filter lookup loop in EF10 + net/sfc/base: reject automatic filter creation by users + net/sfc/base: use simpler EF10 family conditional check + net/sfc/base: use simpler EF10 family run-time checks + net/sfc: fix initialization error path + net/sfc: fix promiscuous and allmulticast toggles errors + net/sfc: fix reported promiscuous/multicast mode + net/sfc: fix Rx queue start failure path + net/sfc: set priority of created filters to manual + net/softnic: fix memory leak for thread + net/softnic: fix resource leak for pipeline + net/tap: do not use PMD log type + net/tap: fix check for mbuf number of segment + net/tap: fix crash in flow destroy + net/tap: fix fd leak on creation failure + net/tap: fix file close on remove + net/tap: fix mbuf and mem leak during queue release + net/tap: fix mbuf double free when writev fails + net/tap: fix queues fd check before close + net/tap: fix unexpected link handler + net/tap: remove unused assert + net/thunderx: use dynamic log type + net/vhost: fix potential memory leak on close + net/virtio: do not use PMD log type + net/virtio: fix crash when device reconnecting + net/virtio: fix outdated comment + net/virtio: fix unexpected event after reconnect + net/virtio-user: fix devargs parsing + net/vmxnet3: fix RSS setting on v4 + net/vmxnet3: handle bad host framing + pci: accept 32-bit domain numbers + pci: fix build on FreeBSD + pci: fix build on ppc + pci: reject negative values in PCI id + pci: remove unneeded includes in public header file + remove references to private PCI probe function + Revert “common/qat: fix GEN3 marketing name” + Revert “net/bnxt: fix number of TQM ring” + Revert “net/bnxt: fix TQM ring context memory size” + security: fix crash at accessing non-implemented ops + security: fix return types in documentation + security: fix session counter + security: fix verification of parameters + service: fix crash on exit + service: fix identification of service running on other lcore + service: fix race condition for MT unsafe service + service: remove rte prefix from static functions + telemetry: fix port stats retrieval + test/crypto: fix flag check + test/crypto: fix statistics case + test: fix build with gcc 10 + test/flow_classify: enable multi-sockets system + test/ipsec: fix crash in session destroy + test/kvargs: fix invalid cases check + test/kvargs: fix to consider empty elements as valid + test: load drivers when required + test: remove redundant macro + test: skip some subtests in no-huge mode + timer: protect initialization with lock + usertools: check for pci.ids in /usr/share/misc + vfio: fix race condition with sysfs + vfio: fix use after free with multiprocess + vhost/crypto: add missing user protocol flag + vhost: fix packed ring zero-copy + vhost: fix peer close check + vhost: fix shadowed descriptors not flushed + vhost: fix shadow update + vhost: fix zero-copy server mode + vhost: handle mbuf allocation failure + vhost: make IOTLB cache name unique among processes + vhost: prevent zero-copy with incompatible client mode + vhost: remove unused variable +- remove the security backport patches as they're already included + upstream: + * 0001-vhost-check-log-mmap-offset-and-size-overflow.patch + * 0002-vhost-fix-vring-index-check.patch + * 0003-vhost-crypto-validate-keys-lengths.patch + * 0004-vhost-fix-translated-address-not-checked.patch + * 0005-vhost-fix-potential-memory-space-leak.patch + * 0006-vhost-fix-potential-fd-leak.patch + ------------------------------------------------------------------- Tue May 19 11:41:34 UTC 2020 - Jaime Caamaño Ruiz @@ -13,7 +405,6 @@ Tue May 19 11:41:34 UTC 2020 - Jaime Caamaño Ruiz * 0005-vhost-fix-potential-memory-space-leak.patch * 0006-vhost-fix-potential-fd-leak.patch - ------------------------------------------------------------------- Wed Apr 29 11:45:24 UTC 2020 - Jaime Caamaño Ruiz diff --git a/dpdk.spec b/dpdk.spec index cb09fcc..9e79ac7 100644 --- a/dpdk.spec +++ b/dpdk.spec @@ -53,7 +53,7 @@ # Add option to build without tools %bcond_without tools Name: dpdk%{name_tag} -Version: 19.11.1 +Version: 19.11.3 Release: 0 Summary: Set of libraries and drivers for fast packet processing License: BSD-3-Clause AND GPL-2.0-only AND LGPL-2.1-only @@ -62,12 +62,6 @@ URL: http://dpdk.org Source: http://fast.dpdk.org/rel/dpdk-%{version}.tar.xz Source1: preamble Patch1: 0001-fix-cpu-compatibility.patch -Patch2: 0001-vhost-check-log-mmap-offset-and-size-overflow.patch -Patch3: 0002-vhost-fix-vring-index-check.patch -Patch4: 0003-vhost-crypto-validate-keys-lengths.patch -Patch5: 0004-vhost-fix-translated-address-not-checked.patch -Patch6: 0005-vhost-fix-potential-memory-space-leak.patch -Patch7: 0006-vhost-fix-potential-fd-leak.patch BuildRequires: doxygen BuildRequires: fdupes BuildRequires: libelf-devel @@ -165,12 +159,6 @@ The DPDK Kernel NIC Interface (KNI) allows userspace applications access to the # can't use %{name} because of dpdk-thunderx %setup -q -n dpdk-stable-%{version} %patch1 -p1 -z .init -%patch2 -p1 -z .init -%patch3 -p1 -z .init -%patch4 -p1 -z .init -%patch5 -p1 -z .init -%patch6 -p1 -z .init -%patch7 -p1 -z .init # This fixes CROSS compilation (broken) in the mk file for ThunderX sed -i '/^CROSS /s/^/#/' mk/machine/thunderx/rte.vars.mk @@ -179,6 +167,9 @@ sed -i '/^CROSS /s/^/#/' mk/machine/thunderx/rte.vars.mk [ "$(cat ABI_VERSION)" = "%{maj}.%{min}" ] || exit 1 %build + +cp mk/machine/armv8a/rte.vars.mk mk/machine/thunderx + # set up a method for modifying the resulting .config file function setconf() { if grep -q ^$1= $3/.config; then