- Add patches to fix vulnerability where malicious guest can harm the host
using vhost crypto, this includes executing code in host (VM Escape),
reading host application memory space to guest and causing partially
denial of service in the host (bsc#1176590).
* 0001-vhost-crypto-fix-pool-allocation.patch
* 0002-vhost-crypto-fix-incorrect-descriptor-deduction.patch
* 0003-vhost-crypto-fix-missed-request-check-for-copy-mode.patch
* 0004-vhost-crypto-fix-incorrect-write-back-source.patch
* 0005-vhost-crypto-fix-data-length-check.patch
* 0006-vhost-crypto-fix-possible-TOCTOU-attack.patch
OBS-URL: https://build.opensuse.org/request/show/838479
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=121
- Update to v19.11.1. For a list of changes, check:
* https://doc.dpdk.org/guides/rel_notes/release_19_11.html#new-features
- Removed patches no longer applying to the code base:
* 0001-vhost-fix-possible-denial-of-service-on-SET_VRING_NU.patch
* 0002-vhost-fix-possible-denial-of-service-by-leaking-FDs.patch
* 0002-fix-cpu-compatibility.patch
- Rebased patches:
* 0001-fix-cpu-compatibility.patch
- Add patches to fix vulnerability where malicious guest/container can
cause resource leak resulting a Denial-of-Service, or memory corruption
and crash, or information leak in vhost-user backend application
(bsc#1171477, CVE-2020-10722, CVE-2020-10723, CVE-2020-10724,
CVE-2020-10725, CVE-2020-10726).
* 0001-vhost-check-log-mmap-offset-and-size-overflow.patch
* 0002-vhost-fix-vring-index-check.patch
* 0003-vhost-crypto-validate-keys-lengths.patch
* 0004-vhost-fix-translated-address-not-checked.patch
* 0005-vhost-fix-potential-memory-space-leak.patch
* 0006-vhost-fix-potential-fd-leak.patch
OBS-URL: https://build.opensuse.org/request/show/807340
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=115
- remove -Wno-error=array-bounds as its no longer needed
- Add -U_FORTIFY_SOURCE to fix gcc8 error:
"error: inlining failed in call to always_inline 'memcpy': target specific option mismatch"
- remove -Wno-error=array-bounds as its no longer needed
- Add -U_FORTIFY_SOURCE to fix gcc8 error:
"error: inlining failed in call to always_inline 'memcpy': target specific option mismatch"
OBS-URL: https://build.opensuse.org/request/show/683764
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=98
- Update to 18.11; some of the changes are:
* Added support for using externally allocated memory in DPDK.
* Added check for ensuring allocated memory is addressable by devices.
* Updated the C11 memory model version of the ring library.
* Added NXP CAAM JR PMD.
* Added support for GEN3 devices to Intel QAT driver.
* Added Distributed Software Eventdev PMD.
* Updated KNI kernel module, rte_kni library, and KNI sample application.
* Add a new sample application for vDPA.
* Updated mlx5 driver.
** Improved security of PMD to prevent the NIC from getting stuck when the application misbehaves.
** Reworked flow engine to supported e-switch flow rules (transfer attribute).
** Added support for header re-write(L2-L4), VXLAN encap/decap, count, match on TCP flags and multiple flow groups with e-switch flow rules.
** Added support for match on metadata, VXLAN and MPLS encap/decap with flow rules.
** Added support for RTE_ETH_DEV_CLOSE_REMOVE flag to provide better support for representors.
** Added support for meson build.
** Fixed build issue with PPC.
** Added support for BlueField VF.
** Added support for externally allocated static memory for DMA.
all the changes can be viwed in http://doc.dpdk.org/guides/rel_notes/release_18_11.html
[- 0001-enic-fix-Type-punning-and-strict-aliasing-warning.patch]
- Update to 18.11; some of the changes are:
* Added support for using externally allocated memory in DPDK.
* Added check for ensuring allocated memory is addressable by devices.
* Updated the C11 memory model version of the ring library.
* Added NXP CAAM JR PMD.
* Added support for GEN3 devices to Intel QAT driver.
* Added Distributed Software Eventdev PMD.
* Updated KNI kernel module, rte_kni library, and KNI sample application.
OBS-URL: https://build.opensuse.org/request/show/668322
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=93
- Fixed a problem with ABI compatibility; API/ABI compatibility is
guaranteed by DPDK upstream community across subsequent bug-fix
releases. However, the .spec file broke it by defining the wrong
version which included also the bug-fix release number.
- Fixed a problem with ABI compatibility; API/ABI compatibility is
guaranteed by DPDK upstream community across subsequent bug-fix
releases. However, the .spec file broke it by defining the wrong
version which included also the bug-fix release number.
OBS-URL: https://build.opensuse.org/request/show/637575
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=88
- Update to 18.0.2.2; some of the changes are:
* Added function to allow releasing internal EAL resources on exit
* Added igb, ixgbe and i40e ethernet driver to support RSS with flow API
* Updated i40e driver to support PPPoE/PPPoL2TP
* Added MAC loopback support for i40e
* Added support of run time determination of number of queues per i40e VF
* Updated mlx4/mlx5 driver
* Added NVGRE and UDP tunnels support in Solarflare network PMD
* Added AVF (Adaptive Virtual Function) net PMD
* Added feature supports for live migration from vhost-net to vhost-user
* Updated the AESNI-MB PMD
* Updated the DPAA_SEC crypto driver to support rte_security
* Added New eventdev Ordered Packet Distribution Library (OPDL) PMD
* Added GRO support for VxLAN-tunneled packets
- Removed 0002-dpdk-eal-ppc-rte_smp_mb.patch since incorporated
upstream
- Update to 18.0.2.2; some of the changes are:
* Added function to allow releasing internal EAL resources on exit
* Added igb, ixgbe and i40e ethernet driver to support RSS with flow API
* Updated i40e driver to support PPPoE/PPPoL2TP
* Added MAC loopback support for i40e
* Added support of run time determination of number of queues per i40e VF
* Updated mlx4/mlx5 driver
* Added NVGRE and UDP tunnels support in Solarflare network PMD
* Added AVF (Adaptive Virtual Function) net PMD
* Added feature supports for live migration from vhost-net to vhost-user
* Updated the AESNI-MB PMD
* Updated the DPAA_SEC crypto driver to support rte_security
* Added New eventdev Ordered Packet Distribution Library (OPDL) PMD
* Added GRO support for VxLAN-tunneled packets
- Removed 0002-dpdk-eal-ppc-rte_smp_mb.patch since incorporated
upstream
OBS-URL: https://build.opensuse.org/request/show/617394
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=82
- Update to 18.02.1
- Restrict untrusted guest to misuse virtio to corrupt
host application(ovs-dpdk) memory which can lead all VM to lose
connectivity(CVE-2018-1059,bsc#1089638).
Changes:
* Add deprecation notice for rte_vhost_gpa_to_vva()
* Patch vhost-net and vhost-scsi examples
* Fixes checkpatch warnings
* Take VIRTIO_RING_F_EVENT_IDX into account when ring size (Tiwei)
* Fix next chuncks translation access rights in Rx paths (Tiwei)
* vhost: fix indirect descriptors table translation size
* vhost: check all range is mapped when translating GPAs
* vhost: introduce safe API for GPA translation
* vhost: ensure all range is mapped when translating QVAs
* vhost: add support for non-contiguous indirect descs tables
* vhost: handle virtually non-contiguous buffers in Tx
* vhost: handle virtually non-contiguous buffers in Rx
* vhost: handle virtually non-contiguous buffers in Rx-mrg
* examples/vhost: move to safe GPA translation API
* examples/vhost_scsi: move to safe GPA translation API
* vhost/crypto: move to safe GPA translation API
* vhost: deprecate unsafe GPA translation API
- Update to 18.02.1
- Restrict untrusted guest to misuse virtio to corrupt
host application(ovs-dpdk) memory which can lead all VM to lose
connectivity(CVE-2018-1059,bsc#1089638).
Changes:
* Add deprecation notice for rte_vhost_gpa_to_vva()
* Patch vhost-net and vhost-scsi examples
OBS-URL: https://build.opensuse.org/request/show/600113
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=80
- Removed 0002-kni-fix-build-on-SLE12-SP3.patch since no longer referenced in .spec files
- Added 0002-dpdk-eal-ppc-rte_smp_mb.patch to fix an issue on ppc64le platforms with v18.02
- Updated to version 18.02; some of the changes include:
* Added function to allow releasing internal EAL resources on exit
* Added igb, ixgbe and i40e ethernet driver to support RSS with flow API
* Updated i40e driver to support PPPoE/PPPoL2TP
* Added MAC loopback support for i40e
* Added support of run time determination of number of queues per i40e VF
* Updated mlx5 driver
* Updated mlx4 driver
* Added NVGRE and UDP tunnels support in Solarflare network PMD
* Added AVF (Adaptive Virtual Function) net PMD
* Added feature supports for live migration from vhost-net to vhost-user
* Updated the AESNI-MB PMD
* Updated the DPAA_SEC crypto driver to support rte_security
* Added Wireless Base Band Device (bbdev) abstraction
* Added New eventdev Ordered Packet Distribution Library (OPDL) PMD
* Added new pipeline use case for dpdk-test-eventdev application
* Updated Eventdev sample application to support event devices based on capability
* Added Rawdev, a generic device support library
* Added new multi-process communication channel
* Added GRO support for VxLAN-tunneled packets
* Increased default Rx and Tx ring size in sample applications
* Added new DPDK build system using the tools “meson” and “ninja” [EXPERIMENTAL]
- Removed 0002-kni-fix-build-on-SLE12-SP3.patch since no longer referenced in .spec files
- Added 0002-dpdk-eal-ppc-rte_smp_mb.patch to fix an issue on ppc64le platforms with v18.02
- Updated to version 18.02; some of the changes include:
* Added function to allow releasing internal EAL resources on exit
* Added igb, ixgbe and i40e ethernet driver to support RSS with flow API
* Updated i40e driver to support PPPoE/PPPoL2TP
* Added MAC loopback support for i40e
* Added support of run time determination of number of queues per i40e VF
* Updated mlx5 driver
* Updated mlx4 driver
* Added NVGRE and UDP tunnels support in Solarflare network PMD
* Added AVF (Adaptive Virtual Function) net PMD
* Added feature supports for live migration from vhost-net to vhost-user
* Updated the AESNI-MB PMD
* Updated the DPAA_SEC crypto driver to support rte_security
* Added Wireless Base Band Device (bbdev) abstraction
* Added New eventdev Ordered Packet Distribution Library (OPDL) PMD
* Added new pipeline use case for dpdk-test-eventdev application
* Updated Eventdev sample application to support event devices based on capability
* Added Rawdev, a generic device support library
* Added new multi-process communication channel
* Added GRO support for VxLAN-tunneled packets
* Increased default Rx and Tx ring size in sample applications
* Added new DPDK build system using the tools “meson” and “ninja” [EXPERIMENTAL]
OBS-URL: https://build.opensuse.org/request/show/583318
OBS-URL: https://build.opensuse.org/package/show/network/dpdk?expand=0&rev=77
