- Add patches to fix vulnerability where malicious guest can harm the host
using vhost crypto, this includes executing code in host (VM Escape),
reading host application memory space to guest and causing partially
denial of service in the host (bsc#1176590).
* 0001-vhost-crypto-fix-pool-allocation.patch
* 0002-vhost-crypto-fix-incorrect-descriptor-deduction.patch
* 0003-vhost-crypto-fix-missed-request-check-for-copy-mode.patch
* 0004-vhost-crypto-fix-incorrect-write-back-source.patch
* 0005-vhost-crypto-fix-data-length-check.patch
* 0006-vhost-crypto-fix-possible-TOCTOU-attack.patch
OBS-URL: https://build.opensuse.org/request/show/838479
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=121
- Update to v19.11.1. For a list of changes, check:
* https://doc.dpdk.org/guides/rel_notes/release_19_11.html#new-features
- Removed patches no longer applying to the code base:
* 0001-vhost-fix-possible-denial-of-service-on-SET_VRING_NU.patch
* 0002-vhost-fix-possible-denial-of-service-by-leaking-FDs.patch
* 0002-fix-cpu-compatibility.patch
- Rebased patches:
* 0001-fix-cpu-compatibility.patch
- Add patches to fix vulnerability where malicious guest/container can
cause resource leak resulting a Denial-of-Service, or memory corruption
and crash, or information leak in vhost-user backend application
(bsc#1171477, CVE-2020-10722, CVE-2020-10723, CVE-2020-10724,
CVE-2020-10725, CVE-2020-10726).
* 0001-vhost-check-log-mmap-offset-and-size-overflow.patch
* 0002-vhost-fix-vring-index-check.patch
* 0003-vhost-crypto-validate-keys-lengths.patch
* 0004-vhost-fix-translated-address-not-checked.patch
* 0005-vhost-fix-potential-memory-space-leak.patch
* 0006-vhost-fix-potential-fd-leak.patch
OBS-URL: https://build.opensuse.org/request/show/807340
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=115
- remove -Wno-error=array-bounds as its no longer needed
- Add -U_FORTIFY_SOURCE to fix gcc8 error:
"error: inlining failed in call to always_inline 'memcpy': target specific option mismatch"
- remove -Wno-error=array-bounds as its no longer needed
- Add -U_FORTIFY_SOURCE to fix gcc8 error:
"error: inlining failed in call to always_inline 'memcpy': target specific option mismatch"
OBS-URL: https://build.opensuse.org/request/show/683764
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=98
- Update to 18.11; some of the changes are:
* Added support for using externally allocated memory in DPDK.
* Added check for ensuring allocated memory is addressable by devices.
* Updated the C11 memory model version of the ring library.
* Added NXP CAAM JR PMD.
* Added support for GEN3 devices to Intel QAT driver.
* Added Distributed Software Eventdev PMD.
* Updated KNI kernel module, rte_kni library, and KNI sample application.
* Add a new sample application for vDPA.
* Updated mlx5 driver.
** Improved security of PMD to prevent the NIC from getting stuck when the application misbehaves.
** Reworked flow engine to supported e-switch flow rules (transfer attribute).
** Added support for header re-write(L2-L4), VXLAN encap/decap, count, match on TCP flags and multiple flow groups with e-switch flow rules.
** Added support for match on metadata, VXLAN and MPLS encap/decap with flow rules.
** Added support for RTE_ETH_DEV_CLOSE_REMOVE flag to provide better support for representors.
** Added support for meson build.
** Fixed build issue with PPC.
** Added support for BlueField VF.
** Added support for externally allocated static memory for DMA.
all the changes can be viwed in http://doc.dpdk.org/guides/rel_notes/release_18_11.html
[- 0001-enic-fix-Type-punning-and-strict-aliasing-warning.patch]
- Update to 18.11; some of the changes are:
* Added support for using externally allocated memory in DPDK.
* Added check for ensuring allocated memory is addressable by devices.
* Updated the C11 memory model version of the ring library.
* Added NXP CAAM JR PMD.
* Added support for GEN3 devices to Intel QAT driver.
* Added Distributed Software Eventdev PMD.
* Updated KNI kernel module, rte_kni library, and KNI sample application.
OBS-URL: https://build.opensuse.org/request/show/668322
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=93
- Fixed a problem with ABI compatibility; API/ABI compatibility is
guaranteed by DPDK upstream community across subsequent bug-fix
releases. However, the .spec file broke it by defining the wrong
version which included also the bug-fix release number.
- Fixed a problem with ABI compatibility; API/ABI compatibility is
guaranteed by DPDK upstream community across subsequent bug-fix
releases. However, the .spec file broke it by defining the wrong
version which included also the bug-fix release number.
OBS-URL: https://build.opensuse.org/request/show/637575
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=88
- Update to 18.0.2.2; some of the changes are:
* Added function to allow releasing internal EAL resources on exit
* Added igb, ixgbe and i40e ethernet driver to support RSS with flow API
* Updated i40e driver to support PPPoE/PPPoL2TP
* Added MAC loopback support for i40e
* Added support of run time determination of number of queues per i40e VF
* Updated mlx4/mlx5 driver
* Added NVGRE and UDP tunnels support in Solarflare network PMD
* Added AVF (Adaptive Virtual Function) net PMD
* Added feature supports for live migration from vhost-net to vhost-user
* Updated the AESNI-MB PMD
* Updated the DPAA_SEC crypto driver to support rte_security
* Added New eventdev Ordered Packet Distribution Library (OPDL) PMD
* Added GRO support for VxLAN-tunneled packets
- Removed 0002-dpdk-eal-ppc-rte_smp_mb.patch since incorporated
upstream
- Update to 18.0.2.2; some of the changes are:
* Added function to allow releasing internal EAL resources on exit
* Added igb, ixgbe and i40e ethernet driver to support RSS with flow API
* Updated i40e driver to support PPPoE/PPPoL2TP
* Added MAC loopback support for i40e
* Added support of run time determination of number of queues per i40e VF
* Updated mlx4/mlx5 driver
* Added NVGRE and UDP tunnels support in Solarflare network PMD
* Added AVF (Adaptive Virtual Function) net PMD
* Added feature supports for live migration from vhost-net to vhost-user
* Updated the AESNI-MB PMD
* Updated the DPAA_SEC crypto driver to support rte_security
* Added New eventdev Ordered Packet Distribution Library (OPDL) PMD
* Added GRO support for VxLAN-tunneled packets
- Removed 0002-dpdk-eal-ppc-rte_smp_mb.patch since incorporated
upstream
OBS-URL: https://build.opensuse.org/request/show/617394
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=82
- Update to 18.02.1
- Restrict untrusted guest to misuse virtio to corrupt
host application(ovs-dpdk) memory which can lead all VM to lose
connectivity(CVE-2018-1059,bsc#1089638).
Changes:
* Add deprecation notice for rte_vhost_gpa_to_vva()
* Patch vhost-net and vhost-scsi examples
* Fixes checkpatch warnings
* Take VIRTIO_RING_F_EVENT_IDX into account when ring size (Tiwei)
* Fix next chuncks translation access rights in Rx paths (Tiwei)
* vhost: fix indirect descriptors table translation size
* vhost: check all range is mapped when translating GPAs
* vhost: introduce safe API for GPA translation
* vhost: ensure all range is mapped when translating QVAs
* vhost: add support for non-contiguous indirect descs tables
* vhost: handle virtually non-contiguous buffers in Tx
* vhost: handle virtually non-contiguous buffers in Rx
* vhost: handle virtually non-contiguous buffers in Rx-mrg
* examples/vhost: move to safe GPA translation API
* examples/vhost_scsi: move to safe GPA translation API
* vhost/crypto: move to safe GPA translation API
* vhost: deprecate unsafe GPA translation API
- Update to 18.02.1
- Restrict untrusted guest to misuse virtio to corrupt
host application(ovs-dpdk) memory which can lead all VM to lose
connectivity(CVE-2018-1059,bsc#1089638).
Changes:
* Add deprecation notice for rte_vhost_gpa_to_vva()
* Patch vhost-net and vhost-scsi examples
OBS-URL: https://build.opensuse.org/request/show/600113
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=80
- Removed 0002-kni-fix-build-on-SLE12-SP3.patch since no longer referenced in .spec files
- Added 0002-dpdk-eal-ppc-rte_smp_mb.patch to fix an issue on ppc64le platforms with v18.02
- Updated to version 18.02; some of the changes include:
* Added function to allow releasing internal EAL resources on exit
* Added igb, ixgbe and i40e ethernet driver to support RSS with flow API
* Updated i40e driver to support PPPoE/PPPoL2TP
* Added MAC loopback support for i40e
* Added support of run time determination of number of queues per i40e VF
* Updated mlx5 driver
* Updated mlx4 driver
* Added NVGRE and UDP tunnels support in Solarflare network PMD
* Added AVF (Adaptive Virtual Function) net PMD
* Added feature supports for live migration from vhost-net to vhost-user
* Updated the AESNI-MB PMD
* Updated the DPAA_SEC crypto driver to support rte_security
* Added Wireless Base Band Device (bbdev) abstraction
* Added New eventdev Ordered Packet Distribution Library (OPDL) PMD
* Added new pipeline use case for dpdk-test-eventdev application
* Updated Eventdev sample application to support event devices based on capability
* Added Rawdev, a generic device support library
* Added new multi-process communication channel
* Added GRO support for VxLAN-tunneled packets
* Increased default Rx and Tx ring size in sample applications
* Added new DPDK build system using the tools “meson” and “ninja” [EXPERIMENTAL]
- Removed 0002-kni-fix-build-on-SLE12-SP3.patch since no longer referenced in .spec files
- Added 0002-dpdk-eal-ppc-rte_smp_mb.patch to fix an issue on ppc64le platforms with v18.02
- Updated to version 18.02; some of the changes include:
* Added function to allow releasing internal EAL resources on exit
* Added igb, ixgbe and i40e ethernet driver to support RSS with flow API
* Updated i40e driver to support PPPoE/PPPoL2TP
* Added MAC loopback support for i40e
* Added support of run time determination of number of queues per i40e VF
* Updated mlx5 driver
* Updated mlx4 driver
* Added NVGRE and UDP tunnels support in Solarflare network PMD
* Added AVF (Adaptive Virtual Function) net PMD
* Added feature supports for live migration from vhost-net to vhost-user
* Updated the AESNI-MB PMD
* Updated the DPAA_SEC crypto driver to support rte_security
* Added Wireless Base Band Device (bbdev) abstraction
* Added New eventdev Ordered Packet Distribution Library (OPDL) PMD
* Added new pipeline use case for dpdk-test-eventdev application
* Updated Eventdev sample application to support event devices based on capability
* Added Rawdev, a generic device support library
* Added new multi-process communication channel
* Added GRO support for VxLAN-tunneled packets
* Increased default Rx and Tx ring size in sample applications
* Added new DPDK build system using the tools “meson” and “ninja” [EXPERIMENTAL]
OBS-URL: https://build.opensuse.org/request/show/583318
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=77
- The vm_power example does not work for ppc64le since it uses the IXGBE PMD driver which is not available for that platform:
* Disable CONFIG_RTE_LIBRTE_POWER for the sample application;
* Disable CONFIG_RTE_LIBRTE_IXGBE_PMD for the actual PMD driver;
- The vm_power example does not work for ppc64le since it uses the IXGBE PMD driver which is not available for that platform:
* Disable CONFIG_RTE_LIBRTE_POWER for the sample application;
* Disable CONFIG_RTE_LIBRTE_IXGBE_PMD for the actual PMD driver;
OBS-URL: https://build.opensuse.org/request/show/580872
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=72
- Upgraded to latest stable release 17.11.1 (LTS): some of the fixes include:
* location changes of the GPL and LGPL licenses;
* net/mlx4:
- fix drop flow resources leak
* net/bnxt:
- double increment of idx during Tx ring alloc
- group info usage
- check for ether type
- size of Tx ring in HW
- number of pools for RSS
- return code in MAC address set
- link speed setting with autoneg off
* net/nfp:
- MTU settings
- jumbo settings
- CRC strip check behaviour
* net/sfc:
- multicast address list copy memory leak
- DMA memory leak after kvarg processing failure
- fix label name to be consistent
* net/i40e:
- VLAN offload setting issue
- FDIR input set conflict
- FDIR rule confiliction issue
- setting MAC address of VF
- flow director Rx resource defect
- warn when writing global registers
- multiple driver support
- interrupt conflict with multi-driver
- Rx interrupt
OBS-URL: https://build.opensuse.org/request/show/580648
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=71
- Upgraded to latest major 17.11; some of the fixes include:
* Extended port_id range from uint8_t to uint16_t
* Added a new driver for Marvell Armada 7k/8k devices
* Updated mlx4 driver
* Updated mlx5 driver
* Added SoftNIC PMD
* Added support for NXP DPAA Devices
* Updated support for Cavium OCTEONTX Device
* Added PF support to the Netronome NFP PMD
* Updated bnxt PMD
* Added bus agnostic functions to cryptodev for PMD initialization
* Updated QAT crypto PMD
* Updated the AESNI MB PMD
* Updated the OpenSSL PMD
* Added NXP DPAA SEC crypto PMD
* Add new benchmarking mode to dpdk-test-crypto-perf application
* Added IOMMU support to libvhost-user
* Added the Generic Segmentation Offload Library
* Added the Flow Classification Library
- Removed 0002-kni-fix-build-on-SLE12-SP3.patch since patch merged upstream and available in 17.11
- Upgraded to latest major 17.11; some of the fixes include:
* Extended port_id range from uint8_t to uint16_t
* Added a new driver for Marvell Armada 7k/8k devices
* Updated mlx4 driver
* Updated mlx5 driver
* Added SoftNIC PMD
* Added support for NXP DPAA Devices
* Updated support for Cavium OCTEONTX Device
* Added PF support to the Netronome NFP PMD
* Updated bnxt PMD
* Added bus agnostic functions to cryptodev for PMD initialization
* Updated QAT crypto PMD
* Updated the AESNI MB PMD
* Updated the OpenSSL PMD
* Added NXP DPAA SEC crypto PMD
* Add new benchmarking mode to dpdk-test-crypto-perf application
* Added IOMMU support to libvhost-user
* Added the Generic Segmentation Offload Library
* Added the Flow Classification Library
- Removed 0002-kni-fix-build-on-SLE12-SP3.patch since patch merged upstream and available in 17.11
OBS-URL: https://build.opensuse.org/request/show/562907
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=66
- Upgraded to latest stable 17.08.1; some of the fixes include:
* net/qede: disable per-VF Tx switching feature
* revert "net/virtio: flush Rx queues on start"
* various fixes for mlx5 PMD drivers
* various fixes for bnxt PMD drivers
* various fixes for i40e PMD drivers
* various fixes for crypto PMD drivers
* testpmd: fix for non-consecutive ports
* ethdev: fix ABI version
- Upgraded to latest stable 17.08.1; some of the fixes include:
* net/qede: disable per-VF Tx switching feature
* revert "net/virtio: flush Rx queues on start"
* various fixes for mlx5 PMD drivers
* various fixes for bnxt PMD drivers
* various fixes for i40e PMD drivers
* various fixes for crypto PMD drivers
* testpmd: fix for non-consecutive ports
* ethdev: fix ABI version
OBS-URL: https://build.opensuse.org/request/show/555936
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=62
- Updated to 17.08(bsc#1050250, bsc#1046598, fate#322913, fate#322608)
Some of the new features are listed below:
* Increase minimum x86 ISA version to SSE4.2
* Added Fail-Safe PMD
* Added support for generic flow API (rte_flow) on igb NICs
* Added support for generic flow API (rte_flow) on enic
* Added support for Chelsio T6 family of adapters
* Added latency and performance improvements for cxgbe
* Updated mlx5 driver
* Added NXP DPAA2 Eventdev PMD
* Added dpdk-test-eventdev test application
* from 17.05:
* Added mbuf raw free API
* Added free Tx mbuf on demand API
* Added VFIO hotplug support
* Added PowerPC support for i40e and its vector PMD
* Added VF max bandwidth setting in i40e
* Added LiquidIO network PMD
* Added support for NXP DPAA2 Network PMD
* Added support for NXP DPAA2 - FSLMC bus
* Added support for the Wind River Systems AVP PMD
* Added vmxnet3 version 3 support
* Added MTU feature support to Virtio and Vhost
* Added event driven programming model library (rte_eventdev)
* Added Software Eventdev PMD
* Added Cavium OCTEONTX Eventdev PMD
* Added NXP DPAA2 SEC crypto PMD
* from 17.02:
* Added generic EAL API for I/O device memory read/write operations
* Added VF Daemon (VFD) for i40e. - EXPERIMENTAL
OBS-URL: https://build.opensuse.org/request/show/520811
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=58
- Do not use obsolete pci_enable_msix for() kernel > 4.8
[+0006-kni-fix-ethtool-build-with-kernel-4.11.patch,
+0007-igb_uio-switch-to-new-irq-function-for-MSI-X.patch]
- Do not use obsolete pci_enable_msix for() kernel > 4.8
[+0006-kni-fix-ethtool-build-with-kernel-4.11.patch,
+0007-igb_uio-switch-to-new-irq-function-for-MSI-X.patch]
OBS-URL: https://build.opensuse.org/request/show/511193
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=54
