Hello community, here is the log from the commit of package dpdk for openSUSE:Leap:15.2 checked in at 2020-06-06 15:48:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/dpdk (Old) and /work/SRC/openSUSE:Leap:15.2/.dpdk.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dpdk" Sat Jun 6 15:48:10 2020 rev:42 rq:811957 version:19.11.1 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/dpdk/dpdk.changes 2020-05-23 16:07:35.381074880 +0200 +++ /work/SRC/openSUSE:Leap:15.2/.dpdk.new.3606/dpdk.changes 2020-06-06 15:48:11.535997415 +0200 @@ -2 +2 @@ -Tue May 19 12:00:28 UTC 2020 - Jaime Caamaño Ruiz <[email protected]> +Tue May 19 11:41:34 UTC 2020 - Jaime Caamaño Ruiz <[email protected]> @@ -11,0 +12,16 @@ + * 0004-vhost-fix-translated-address-not-checked.patch + * 0005-vhost-fix-potential-memory-space-leak.patch + * 0006-vhost-fix-potential-fd-leak.patch + + +------------------------------------------------------------------- +Wed Apr 29 11:45:24 UTC 2020 - Jaime Caamaño Ruiz <[email protected]> + +- Update to v19.11.1. For a list of changes, check: + * https://doc.dpdk.org/guides/rel_notes/release_19_11.html#new-features +- Removed patches no longer applying to the code base: + * 0001-vhost-fix-possible-denial-of-service-on-SET_VRING_NU.patch + * 0002-vhost-fix-possible-denial-of-service-by-leaking-FDs.patch + * 0002-fix-cpu-compatibility.patch +- Rebased patches: + * 0001-fix-cpu-compatibility.patch @@ -19 +35 @@ -Tue Nov 19 13:16:27 UTC 2019 - Jaime Caamaño Ruiz <[email protected]> +Tue Nov 19 15:45:29 UTC 2019 - Jaime Caamaño Ruiz <[email protected]> @@ -33 +49 @@ -Mon Sep 30 16:20:37 UTC 2019 - <[email protected]> +Mon Sep 30 10:04:59 UTC 2019 - <[email protected]> @@ -36,2 +52,2 @@ -- Update to 18.11.2 (LTS). List of fixes can be found in: - * https://doc.dpdk.org/guides-18.11/rel_notes/release_18_11.html#fixes +- Added dpdk-fix-implicit-fallthrough-warning.patch to address build error with + recent kernels (bsc#1144704). @@ -40 +56 @@ -Wed Aug 14 08:04:17 UTC 2019 - Michal Suchanek <[email protected]> +Mon Jun 17 17:14:01 CEST 2019 - [email protected] @@ -42,2 +58,14 @@ -- Added dpdk-fix-implicit-fallthrough-warning.patch to address build error with - recent kernels (bsc#1144704). +- Minor Update to 18.11.2 + * List of fixes can be found in + https://doc.dpdk.org/guides-18.11/rel_notes/release_18_11.html#fixes + +------------------------------------------------------------------- +Mon Apr 29 17:14:01 CEST 2019 - [email protected] + +- Add missing libmnl-devel + +------------------------------------------------------------------- +Fri Mar 8 11:50:03 CET 2019 - [email protected] + +- remove -Wno-error=array-bounds as its no longer needed +- disable i586 build because lack of sse support @@ -46 +74 @@ -Wed Feb 20 13:39:21 UTC 2019 - Marco Varlese <[email protected]> +Fri Feb 22 10:57:13 CET 2019 - [email protected] @@ -48,2 +76,3 @@ -- Added 0002-fix-cpu-compatibility.patch to address issue with older - CPUs (bsc#1125961) +- Add 0002-fix-cpu-compatibility.patch to address issue with older + CPUs (bsc#1125961, bsc#1099474) + [+ 0002-fix-cpu-compatibility.patch] @@ -54 +83 @@ -- Update to 18.11; some of the changes are(fate#325916, fate#325951 fate#326025, fate#326992): +- Update to 18.11; some of the changes are(fate#325916, fate#325951 fate#326025, fate#326992, bsc#1134968, jira#SLE-4715) : @@ -74,2 +103,6 @@ - [- 0001-enic-fix-Type-punning-and-strict-aliasing-warning.patch, - - - 0002-fix-cpu-compatibility.patch] + [- 0001-enic-fix-Type-punning-and-strict-aliasing-warning.patch] + +------------------------------------------------------------------- +Thu Oct 25 15:26:53 CEST 2018 - [email protected] + +- Enable missed MLX PMDs for SLE12SP4 (bsc#1112307) @@ -78 +111 @@ -Mon Sep 24 12:07:57 UTC 2018 - Marco Varlese <[email protected]> +Mon Sep 24 11:52:08 UTC 2018 - Marco Varlese <[email protected]> @@ -87 +120 @@ -Mon Sep 3 07:14:42 UTC 2018 - [email protected] +Wed Aug 29 09:59:13 UTC 2018 - [email protected] @@ -89,22 +121,0 @@ -- Update to 17.11.4 stable release. Some of the fixes include: - * app/testpmd: fix buffer leak in TM command, fix DCB config, - fix VLAN TCI mask set error for FDIR - * bus/dpaa: fix buffer offset setting in FMAN, fix build, - fix phandle support for Linux 4.16 - * doc: fix bonding command in testpmd, update qede management - firmware guide - * eal: fix bitmap documentation, fix return codes on thread naming - failure, fix invalid syntax in interrupts, fix uninitialized value - * eventdev: add event buffer flush in Rx adapter, fix internal - port logic in Rx adapter, fix missing update to Rx adaper - WRR position, fix port in Rx adapter internal function, fix Rx SW - adapter stop - * hash: fix a multi-writer race condition, fix doxygen of return - values, fix key slot size accuracy, fix multiwriter lock memory - allocation - * kni:fix build with gcc 8.1, fix crash with null name - * vhost: fix missing increment of log cache count, flush IOTLB - cache on new mem table handling, improve dirty pages logging - performance, release locks on RARP packet failure, retranslate - vring addr when memory table changes - * PMD drivers: various fixes fro bnxt, dpaa2, mlx5 @@ -114,18 +125 @@ -Tue Jul 3 15:38:36 CEST 2018 - [email protected] - -- do proper cpu compatibility test(bsc#1099474) - [+ 0002-fix-cpu-compatibility.patch] -- change %doc to %license - -------------------------------------------------------------------- -Wed May 16 10:39:41 UTC 2018 - [email protected] - -- workaround kernelrelease error - -------------------------------------------------------------------- -Mon May 14 13:28:52 CEST 2018 - [email protected] - -- Sync dpdk for SLE15 with SLE12-SP4(fate#324872) - -------------------------------------------------------------------- -Fri May 11 14:05:40 CEST 2018 - [email protected] +Mon Jun 18 06:21:21 UTC 2018 - [email protected] @@ -133,2 +127,16 @@ -- use gcc-7 to remove EXTRA_CFLAGS hack that was required for gcc-6 - in the previous change(bsc#1090668) +- Update to 18.02.2; some of the changes are: + * Added function to allow releasing internal EAL resources on exit + * Added igb, ixgbe and i40e ethernet driver to support RSS with flow API + * Updated i40e driver to support PPPoE/PPPoL2TP + * Added MAC loopback support for i40e + * Added support of run time determination of number of queues per i40e VF + * Updated mlx4/mlx5 driver + * Added NVGRE and UDP tunnels support in Solarflare network PMD + * Added AVF (Adaptive Virtual Function) net PMD + * Added feature supports for live migration from vhost-net to vhost-user + * Updated the AESNI-MB PMD + * Updated the DPAA_SEC crypto driver to support rte_security + * Added New eventdev Ordered Packet Distribution Library (OPDL) PMD + * Added GRO support for VxLAN-tunneled packets +- Removed 0002-dpdk-eal-ppc-rte_smp_mb.patch since incorporated + upstream @@ -137,4 +145 @@ -Tue Apr 24 11:54:11 CEST 2018 - [email protected] - -- Remove fstack-clash-protection from EXTRA_CFLAGS as gcc-6 cant - recognize it(bsc#1090668) +Mon Apr 23 14:11:51 UTC 2018 - [email protected] @@ -142,5 +147,2 @@ -------------------------------------------------------------------- -Mon Apr 23 15:37:07 CEST 2018 - [email protected] - -- Update to 17.11.2 - restrict untrusted guest to misuse virtio to corrupt +- Update to 18.02.1 +- Restrict untrusted guest to misuse virtio to corrupt @@ -166,0 +169,34 @@ + +------------------------------------------------------------------- +Fri Apr 20 14:16:57 CEST 2018 - [email protected] + +- Enable MLX4/5 PMD only in Factory and >= SLES15 + It needs rdma-core >= v16. + +------------------------------------------------------------------- +Tue Mar 6 11:35:29 UTC 2018 - [email protected] + +- Removed 0002-kni-fix-build-on-SLE12-SP3.patch since no longer referenced in .spec files +- Added 0002-dpdk-eal-ppc-rte_smp_mb.patch to fix an issue on ppc64le platforms with v18.02 +- Updated to version 18.02; some of the changes include: + * Added function to allow releasing internal EAL resources on exit + * Added igb, ixgbe and i40e ethernet driver to support RSS with flow API + * Updated i40e driver to support PPPoE/PPPoL2TP + * Added MAC loopback support for i40e + * Added support of run time determination of number of queues per i40e VF + * Updated mlx5 driver + * Updated mlx4 driver + * Added NVGRE and UDP tunnels support in Solarflare network PMD + * Added AVF (Adaptive Virtual Function) net PMD + * Added feature supports for live migration from vhost-net to vhost-user + * Updated the AESNI-MB PMD + * Updated the DPAA_SEC crypto driver to support rte_security + * Added Wireless Base Band Device (bbdev) abstraction + * Added New eventdev Ordered Packet Distribution Library (OPDL) PMD + * Added new pipeline use case for dpdk-test-eventdev application + * Updated Eventdev sample application to support event devices based on capability + * Added Rawdev, a generic device support library + * Added new multi-process communication channel + * Added GRO support for VxLAN-tunneled packets + * Increased default Rx and Tx ring size in sample applications + * Added new DPDK build system using the tools “meson” and “ninja” [EXPERIMENTAL] Old: ---- 0001-vhost-fix-possible-denial-of-service-on-SET_VRING_NU.patch 0002-fix-cpu-compatibility.patch 0002-vhost-fix-possible-denial-of-service-by-leaking-FDs.patch dpdk-18.11.3.tar.xz New: ---- 0001-fix-cpu-compatibility.patch 0004-vhost-fix-translated-address-not-checked.patch 0005-vhost-fix-potential-memory-space-leak.patch 0006-vhost-fix-potential-fd-leak.patch dpdk-19.11.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dpdk.spec ++++++ --- /var/tmp/diff_new_pack.fTp1HR/_old 2020-06-06 15:48:12.211999809 +0200 +++ /var/tmp/diff_new_pack.fTp1HR/_new 2020-06-06 15:48:12.215999822 +0200 @@ -1,7 +1,7 @@ # # spec file for package dpdk # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,29 +18,22 @@ %define flavor @BUILD_FLAVOR@%{nil} - %define aarch64_machine2 armv8a -%define exclusive_arch aarch64 x86_64 %ix86 ppc64le +%define exclusive_arch aarch64 x86_64 ppc64le %define name_tag %{nil} %define summary_tag %{nil} - %if "%flavor" == "thunderx" %define name_tag -thunderx %define summary_tag (thunderx) %define aarch64_machine2 thunderx %define exclusive_arch aarch64 %endif - %define machine native %define machine2 default %ifarch x86_64 %define machine native %define target x86_64-%{machine}-linuxapp-gcc %endif -%ifarch %{ix86} -%define machine native -%define target i686-%{machine}-linuxapp-gcc -%endif %ifarch aarch64 %define machine2 %aarch64_machine2 %define target arm64-%{machine2}-linuxapp-gcc @@ -49,47 +42,46 @@ %define machine2 power8 %define target ppc_64-%{machine2}-linuxapp-gcc %endif +# This is in sync with <src>/ABI_VERSION +# TODO: automate this sync +%define maj 20 +%define min 0 +%define lname libdpdk-%{maj}_%{min} %bcond_without shared # Add option to build without examples %bcond_without examples # Add option to build without tools %bcond_without tools - -# The lname versioning is based solely on the MAJOR and MINOR -# as per DPDK CONFIG_RTE_MAJOR_ABI. -%define maj 18 -%define min 11 -%define lname libdpdk-%{maj}_%{min} - Name: dpdk%{name_tag} -Version: 18.11.3 +Version: 19.11.1 Release: 0 Summary: Set of libraries and drivers for fast packet processing License: BSD-3-Clause AND GPL-2.0-only AND LGPL-2.1-only Group: System/Libraries -Url: http://dpdk.org +URL: http://dpdk.org Source: http://fast.dpdk.org/rel/dpdk-%{version}.tar.xz Source1: preamble -Patch1: 0002-fix-cpu-compatibility.patch -Patch2: 0001-vhost-fix-possible-denial-of-service-on-SET_VRING_NU.patch -Patch3: 0002-vhost-fix-possible-denial-of-service-by-leaking-FDs.patch -Patch4: 0001-vhost-check-log-mmap-offset-and-size-overflow.patch -Patch5: 0002-vhost-fix-vring-index-check.patch -Patch6: 0003-vhost-crypto-validate-keys-lengths.patch +Patch1: 0001-fix-cpu-compatibility.patch +Patch2: 0001-vhost-check-log-mmap-offset-and-size-overflow.patch +Patch3: 0002-vhost-fix-vring-index-check.patch +Patch4: 0003-vhost-crypto-validate-keys-lengths.patch +Patch5: 0004-vhost-fix-translated-address-not-checked.patch +Patch6: 0005-vhost-fix-potential-memory-space-leak.patch +Patch7: 0006-vhost-fix-potential-fd-leak.patch BuildRequires: doxygen BuildRequires: fdupes BuildRequires: libelf-devel +BuildRequires: libmnl-devel BuildRequires: libnuma-devel BuildRequires: libpcap-devel BuildRequires: pesign-obs-integration -%if 0%{?sle_version} >= 150000 -BuildRequires: rdma-core-devel -BuildRequires: libmnl-devel -%endif BuildRequires: zlib-devel -ExclusiveArch: %exclusive_arch +Conflicts: dpdk-any Provides: dpdk-any = %{version} -Conflicts: otherproviders(dpdk-any) +ExclusiveArch: %exclusive_arch +%if 0%{?sle_version} >= 120400 +BuildRequires: rdma-core-devel +%endif %description The Data Plane Development Kit is a set of libraries and drivers for @@ -99,8 +91,8 @@ Summary: Data Plane Development Kit development files %{summary_tag} Group: Development/Libraries/C and C++ Requires: %{lname} = %{version} +Conflicts: dpdk-any-devel Provides: dpdk-any-devel = %{version} -Conflicts: otherproviders(dpdk-any-devel) %description devel This package contains the headers and other files needed for developing @@ -118,9 +110,9 @@ %package doc Summary: Data Plane Development Kit API documentation %{summary_tag} Group: System/Libraries -BuildArch: noarch +Conflicts: dpdk-any-doc Provides: dpdk-any-doc = %{version} -Conflicts: otherproviders(dpdk-any-doc) +BuildArch: noarch %description doc API programming documentation for the Data Plane Development Kit. @@ -134,8 +126,8 @@ Requires: iproute Requires: kmod Requires: pciutils +Conflicts: dpdk-any-tools Provides: dpdk-any-tools = %{version} -Conflicts: otherproviders(dpdk-any-tools) %description tools This package contains tools for setting up Data Plane Development Kit environment @@ -146,25 +138,23 @@ Summary: Data Plane Development Kit example applications %{summary_tag} Group: System/Libraries BuildRequires: libvirt-devel +Conflicts: dpdk-any-examples Provides: dpdk-any-examples = %{version} -Conflicts: otherproviders(dpdk-any-examples) %description examples Example applications utilizing the Data Plane Development Kit, such as L2 and L3 forwarding. %endif -%ifnarch %{ix86} %package kmp Summary: DPDK KNI kernel module %{summary_tag} Group: System/Kernel BuildRequires: %{kernel_module_package_buildreqs} -Conflicts: otherproviders(dpdk-any-kmp) +Conflicts: dpdk-any-kmp %suse_kernel_module_package -p %{_sourcedir}/preamble pae 64kb %description kmp The DPDK Kernel NIC Interface (KNI) allows userspace applications access to the Linux* control plane. -%endif %define sdkdir %{_datadir}/dpdk %define docdir %{_docdir}/dpdk @@ -180,11 +170,14 @@ %patch4 -p1 -z .init %patch5 -p1 -z .init %patch6 -p1 -z .init - +%patch7 -p1 -z .init # This fixes CROSS compilation (broken) in the mk file for ThunderX sed -i '/^CROSS /s/^/#/' mk/machine/thunderx/rte.vars.mk +# Verify ABI +[ "$(cat ABI_VERSION)" = "%{maj}.%{min}" ] || exit 1 + %build # set up a method for modifying the resulting .config file function setconf() { @@ -201,16 +194,17 @@ setconf CONFIG_RTE_LIBRTE_DPAA_BUS n $1 setconf CONFIG_RTE_LIBRTE_DPAA_MEMPOOL n $1 setconf CONFIG_RTE_LIBRTE_DPAA_PMD n $1 + setconf CONFIG_RTE_LIBRTE_PMD_CAAM_JR n $1 setconf CONFIG_RTE_LIBRTE_PMD_DPAA_SEC n $1 setconf CONFIG_RTE_LIBRTE_PMD_DPAA_EVENTDEV n $1 + %ifarch aarch64 + setconf CONFIG_RTE_LIBRTE_PFE_PMD n $1 + %endif setconf CONFIG_RTE_MACHINE '"%{machine2}"' $1 # Disable experimental features setconf CONFIG_RTE_NEXT_ABI n $1 - # SONAME equals to DPDK release version - setconf CONFIG_RTE_MAJOR_ABI %{maj}.%{min} $1 - # Enable automatic driver loading from this path setconf CONFIG_RTE_EAL_PMD_PATH '"%{pmddir}"' $1 @@ -218,7 +212,7 @@ setconf CONFIG_RTE_LIBRTE_BNX2X_MF_SUPPORT y $1 setconf CONFIG_RTE_LIBRTE_PMD_PCAP y $1 setconf CONFIG_RTE_LIBRTE_VHOST_NUMA y $1 -%if 0%{?sle_version} >= 150000 +%if 0%{?sle_version} >= 120400 setconf CONFIG_RTE_LIBRTE_MLX5_PMD y $1 setconf CONFIG_RTE_LIBRTE_MLX4_PMD y $1 %endif @@ -241,9 +235,7 @@ # In case dpdk-devel is installed, we should ignore its hints about the SDK directories unset RTE_SDK RTE_INCLUDE RTE_TARGET -# For the release, '-Wno-error=array-bounds' is done to prevent a spurious error -# generated by gcc 5.X against the 2.1 branch -export EXTRA_CFLAGS="%{optflags} -Wformat -fPIC -Wno-error=array-bounds" +export EXTRA_CFLAGS="%{optflags} -Wformat -fPIC -U_FORTIFY_SOURCE" # DPDK defaults to using builder-specific compiler flags. However, # the config has been changed by specifying CONFIG_RTE_MACHINE=default @@ -254,21 +246,17 @@ make V=1 O=%{target} T=%{target} %{?_smp_mflags} config setdefaultconf %{target} -%ifnarch %{ix86} export EXTRA_CFLAGS='-DVERSION=\"%{version}\"' for flavor in %{flavors_to_build}; do export RTE_KERNELDIR=%{_prefix}/src/linux-obj/%{_target_cpu}/$flavor make V=1 O=%{target}-$flavor T=%{target} %{?_smp_mflags} config setdefaultconf %{target}-$flavor - %ifnarch %{ix86} setconf CONFIG_RTE_EAL_IGB_UIO y %{target}-$flavor setconf CONFIG_RTE_KNI_KMOD y %{target}-$flavor - %endif cd %{target}-$flavor - make -k V=1 %{?_smp_mflags} + make V=1 %{?_smp_mflags} cd - done -%endif make V=1 O=%{target} %{?_smp_mflags} make V=1 O=%{target} %{?_smp_mflags} doc-api-html @@ -278,7 +266,6 @@ %endif %install -%ifnarch %{ix86} # export needed for kmp package export EXTRA_CFLAGS='-DVERSION=\"%{version}\"' export INSTALL_MOD_PATH=%{buildroot} @@ -288,14 +275,13 @@ for flavor in %{flavors_to_build}; do cd %{target}-$flavor export RTE_KERNELDIR=%{_prefix}/src/linux-obj/%{_target_cpu}/$flavor - dir=/usr/src/linux-obj/%{_target_cpu}/$flavor + dir=%{_prefix}/src/linux-obj/%{_target_cpu}/$flavor krel=$(make -s -C "$dir" kernelrelease) mkdir -p %{buildroot}/lib/modules/$krel/extra/dpdk/ #make install expects same kernel for build and target, lets copy it manually install -m644 ../%{target}-$flavor/kmod/*.ko %{buildroot}/lib/modules/$krel/extra/dpdk/ cd - done -%endif # In case dpdk-devel is installed unset RTE_SDK RTE_INCLUDE RTE_TARGET @@ -371,6 +357,7 @@ # BSD %{_bindir}/testpmd %{_bindir}/testbbdev +%{_bindir}/testsad %{_bindir}/dpdk-procinfo %{_bindir}/dpdk_proc_info %{_bindir}/dpdk-pdump @@ -413,6 +400,7 @@ %{_sbindir}/dpdk-devbind %{_sbindir}/dpdk_nic_bind %{_bindir}/dpdk-test-eventdev +%{_bindir}/dpdk-test-compress-perf %{_bindir}/dpdk-test-crypto-perf %endif ++++++ 0002-fix-cpu-compatibility.patch -> 0001-fix-cpu-compatibility.patch ++++++ --- /work/SRC/openSUSE:Leap:15.2/dpdk/0002-fix-cpu-compatibility.patch 2020-01-15 14:52:58.441507983 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.dpdk.new.3606/0001-fix-cpu-compatibility.patch 2020-06-06 15:48:10.703994469 +0200 @@ -1,9 +1,19 @@ -From: [email protected] +From e2950fec9cd9c235a7847ed97b6914174857bf93 Mon Sep 17 00:00:00 2001 +From: "[email protected]" <[email protected]> +Date: Wed, 29 Apr 2020 12:24:16 +0200 +Subject: [PATCH] fix cpu compatibility -diff -Nuar dpdk-18.11.old/drivers/bus/vdev/vdev.c dpdk-18.11/drivers/bus/vdev/vdev.c ---- dpdk-18.11.old/drivers/bus/vdev/vdev.c 2019-02-20 14:26:48.849061397 +0100 -+++ dpdk-18.11/drivers/bus/vdev/vdev.c 2019-02-20 14:33:12.638554838 +0100 -@@ -55,7 +55,11 @@ +--- + drivers/bus/vdev/vdev.c | 4 ++++ + lib/librte_eal/common/eal_common_bus.c | 5 ++++- + lib/librte_eal/common/include/rte_common.h | 14 +++++++++++++- + 3 files changed, 21 insertions(+), 2 deletions(-) + +diff --git a/drivers/bus/vdev/vdev.c b/drivers/bus/vdev/vdev.c +index a89ea2353..cf8e8dca6 100644 +--- a/drivers/bus/vdev/vdev.c ++++ b/drivers/bus/vdev/vdev.c +@@ -55,7 +55,11 @@ static struct vdev_custom_scans vdev_custom_scans = static rte_spinlock_t vdev_custom_scan_lock = RTE_SPINLOCK_INITIALIZER; /* register a driver */ @@ -15,10 +25,11 @@ rte_vdev_register(struct rte_vdev_driver *driver) { TAILQ_INSERT_TAIL(&vdev_driver_list, driver, next); -diff -Nuar dpdk-18.11.old/lib/librte_eal/common/eal_common_bus.c dpdk-18.11/lib/librte_eal/common/eal_common_bus.c ---- dpdk-18.11.old/lib/librte_eal/common/eal_common_bus.c 2019-02-20 14:26:48.801061210 +0100 -+++ dpdk-18.11/lib/librte_eal/common/eal_common_bus.c 2019-02-20 14:28:52.933544223 +0100 -@@ -43,8 +43,11 @@ +diff --git a/lib/librte_eal/common/eal_common_bus.c b/lib/librte_eal/common/eal_common_bus.c +index baa5b532a..58f3fdbaa 100644 +--- a/lib/librte_eal/common/eal_common_bus.c ++++ b/lib/librte_eal/common/eal_common_bus.c +@@ -15,8 +15,11 @@ static struct rte_bus_list rte_bus_list = TAILQ_HEAD_INITIALIZER(rte_bus_list); @@ -31,13 +42,14 @@ rte_bus_register(struct rte_bus *bus) { RTE_VERIFY(bus); -diff -Nuar dpdk-18.11.old/lib/librte_eal/common/include/rte_common.h dpdk-18.11/lib/librte_eal/common/include/rte_common.h ---- dpdk-18.11.old/lib/librte_eal/common/include/rte_common.h 2019-02-20 14:26:48.809061243 +0100 -+++ dpdk-18.11/lib/librte_eal/common/include/rte_common.h 2019-02-20 14:51:56.275496936 +0100 -@@ -103,8 +103,21 @@ - * Priority number must be above 100. +diff --git a/lib/librte_eal/common/include/rte_common.h b/lib/librte_eal/common/include/rte_common.h +index c35283807..8f4f98ed4 100644 +--- a/lib/librte_eal/common/include/rte_common.h ++++ b/lib/librte_eal/common/include/rte_common.h +@@ -107,8 +107,20 @@ typedef uint16_t unaligned_uint16_t; * Lowest number is the first to run. */ + #ifndef RTE_INIT_PRIO /* Allow to override from EAL */ +#if defined(__x86_64__) || defined(__i386__) #define RTE_INIT_PRIO(func, prio) \ -static void __attribute__((constructor(RTE_PRIO(prio)), used)) func(void) @@ -53,7 +65,9 @@ + __attribute__((constructor(RTE_PRIO(prio)), used)) \ + func(void) +#endif -+ + #endif /** - * Run function before main() with low priority. +-- +2.16.4 + ++++++ 0001-vhost-check-log-mmap-offset-and-size-overflow.patch ++++++ --- /var/tmp/diff_new_pack.fTp1HR/_old 2020-06-06 15:48:12.239999907 +0200 +++ /var/tmp/diff_new_pack.fTp1HR/_new 2020-06-06 15:48:12.239999907 +0200 @@ -1,7 +1,7 @@ -From 16b2a3114b0a70050f360c60b968ce867b43295a Mon Sep 17 00:00:00 2001 +From 342f6d57f417303b12f86d040b87f27448e4a0ae Mon Sep 17 00:00:00 2001 From: Maxime Coquelin <[email protected]> Date: Tue, 21 Apr 2020 11:16:56 +0200 -Subject: [PATCH 1/3] vhost: check log mmap offset and size overflow +Subject: [PATCH 1/6] vhost: check log mmap offset and size overflow vhost_user_set_log_base() is a message handler that is called to handle the VHOST_USER_SET_LOG_BASE message. @@ -27,10 +27,10 @@ 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c -index 2f4bbb342d..8d78c11b9b 100644 +index 40c4520c08..02962fcdbc 100644 --- a/lib/librte_vhost/vhost_user.c +++ b/lib/librte_vhost/vhost_user.c -@@ -1595,10 +1595,10 @@ vhost_user_set_log_base(struct virtio_net **pdev, struct VhostUserMsg *msg, +@@ -2059,10 +2059,10 @@ vhost_user_set_log_base(struct virtio_net **pdev, struct VhostUserMsg *msg, size = msg->payload.log.mmap_size; off = msg->payload.log.mmap_offset; @@ -42,7 +42,7 @@ - "log offset %#"PRIx64" exceeds log size %#"PRIx64"\n", + "log offset %#"PRIx64" and log size %#"PRIx64" overflow\n", off, size); - return VH_RESULT_ERR; + return RTE_VHOST_MSG_RESULT_ERR; } -- 2.25.2 ++++++ 0002-vhost-fix-vring-index-check.patch ++++++ --- /var/tmp/diff_new_pack.fTp1HR/_old 2020-06-06 15:48:12.247999936 +0200 +++ /var/tmp/diff_new_pack.fTp1HR/_new 2020-06-06 15:48:12.247999936 +0200 @@ -1,7 +1,7 @@ -From 54afbd7b8b0c03928b8aef95ec95c1e9baeecb79 Mon Sep 17 00:00:00 2001 +From 7e74c33644452051cc4193fd2516d97e1e4009e0 Mon Sep 17 00:00:00 2001 From: Maxime Coquelin <[email protected]> Date: Tue, 21 Apr 2020 18:17:43 +0200 -Subject: [PATCH 2/3] vhost: fix vring index check +Subject: [PATCH 2/6] vhost: fix vring index check vhost_user_check_and_alloc_queue_pair() is used to extract a vring index from a payload. This function validates the @@ -41,10 +41,10 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c -index 8d78c11b9b..e4f72ba876 100644 +index 02962fcdbc..d19614265b 100644 --- a/lib/librte_vhost/vhost_user.c +++ b/lib/librte_vhost/vhost_user.c -@@ -2062,7 +2062,7 @@ static int +@@ -2526,7 +2526,7 @@ static int vhost_user_check_and_alloc_queue_pair(struct virtio_net *dev, struct VhostUserMsg *msg) { ++++++ 0003-vhost-crypto-validate-keys-lengths.patch ++++++ --- /var/tmp/diff_new_pack.fTp1HR/_old 2020-06-06 15:48:12.255999964 +0200 +++ /var/tmp/diff_new_pack.fTp1HR/_new 2020-06-06 15:48:12.255999964 +0200 @@ -1,7 +1,7 @@ -From 9b4b29435b74b3e7c3230faef8fcd23e8b5fc93b Mon Sep 17 00:00:00 2001 +From 5216718e4837d4dcc6020cd5f6d5d629222bad8c Mon Sep 17 00:00:00 2001 From: Maxime Coquelin <[email protected]> Date: Tue, 21 Apr 2020 19:10:09 +0200 -Subject: [PATCH 3/3] vhost/crypto: validate keys lengths +Subject: [PATCH 3/6] vhost/crypto: validate keys lengths transform_cipher_param() and transform_chain_param() handle the payload data for the VHOST_USER_CRYPTO_CREATE_SESS @@ -31,10 +31,10 @@ 1 file changed, 17 insertions(+) diff --git a/lib/librte_vhost/vhost_crypto.c b/lib/librte_vhost/vhost_crypto.c -index cf01c7ebe3..8934365f2f 100644 +index 68911972b6..07a4115482 100644 --- a/lib/librte_vhost/vhost_crypto.c +++ b/lib/librte_vhost/vhost_crypto.c -@@ -236,6 +236,11 @@ transform_cipher_param(struct rte_crypto_sym_xform *xform, +@@ -237,6 +237,11 @@ transform_cipher_param(struct rte_crypto_sym_xform *xform, if (unlikely(ret < 0)) return ret; @@ -46,7 +46,7 @@ xform->type = RTE_CRYPTO_SYM_XFORM_CIPHER; xform->cipher.key.length = param->cipher_key_len; if (xform->cipher.key.length > 0) -@@ -286,6 +291,12 @@ transform_chain_param(struct rte_crypto_sym_xform *xforms, +@@ -287,6 +292,12 @@ transform_chain_param(struct rte_crypto_sym_xform *xforms, &xform_cipher->cipher.algo); if (unlikely(ret < 0)) return ret; @@ -59,7 +59,7 @@ xform_cipher->type = RTE_CRYPTO_SYM_XFORM_CIPHER; xform_cipher->cipher.key.length = param->cipher_key_len; xform_cipher->cipher.key.data = param->cipher_key_buf; -@@ -300,6 +311,12 @@ transform_chain_param(struct rte_crypto_sym_xform *xforms, +@@ -301,6 +312,12 @@ transform_chain_param(struct rte_crypto_sym_xform *xforms, ret = auth_algo_transform(param->hash_algo, &xform_auth->auth.algo); if (unlikely(ret < 0)) return ret; ++++++ 0004-vhost-fix-translated-address-not-checked.patch ++++++ >From c74f5a29dbb505bb31bec932a9bd77325e2ceea6 Mon Sep 17 00:00:00 2001 From: Marvin Liu <[email protected]> Date: Wed, 8 Apr 2020 17:13:55 +0800 Subject: [PATCH 4/6] vhost: fix translated address not checked Malicious guest can construct desc with invalid address and zero buffer length. That will request vhost to check both translated address and translated data length. This patch will add missed address check. Fixes: 75ed51697820 ("vhost: add packed ring batch dequeue") Fixes: ef861692c398 ("vhost: add packed ring batch enqueue") Cc: [email protected] This issue has been assigned CVE-2020-10725 Signed-off-by: Marvin Liu <[email protected]> Reviewed-by: Maxime Coquelin <[email protected]> --- lib/librte_vhost/virtio_net.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/librte_vhost/virtio_net.c b/lib/librte_vhost/virtio_net.c index ac2842b2d2..33f10258cf 100644 --- a/lib/librte_vhost/virtio_net.c +++ b/lib/librte_vhost/virtio_net.c @@ -1086,6 +1086,8 @@ virtio_dev_rx_batch_packed(struct virtio_net *dev, VHOST_ACCESS_RW); vhost_for_each_try_unroll(i, 0, PACKED_BATCH_SIZE) { + if (unlikely(!desc_addrs[i])) + return -1; if (unlikely(lens[i] != descs[avail_idx + i].len)) return -1; } @@ -1841,6 +1843,8 @@ vhost_reserve_avail_batch_packed(struct virtio_net *dev, } vhost_for_each_try_unroll(i, 0, PACKED_BATCH_SIZE) { + if (unlikely(!desc_addrs[i])) + return -1; if (unlikely((lens[i] != descs[avail_idx + i].len))) return -1; } -- 2.25.2 ++++++ 0005-vhost-fix-potential-memory-space-leak.patch ++++++ >From 9566391031723e854e818bb7d965e9e677784dc4 Mon Sep 17 00:00:00 2001 From: Xiaolong Ye <[email protected]> Date: Wed, 8 Apr 2020 15:31:35 +0800 Subject: [PATCH 5/6] vhost: fix potential memory space leak A malicious container which has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages which may cause leaking resources until resulting a DOS. Fix it by unmapping the dev->inflight_info->addr before assigning new mapped addr to it. Fixes: d87f1a1cb7b6 ("vhost: support inflight info sharing") Cc: [email protected] This issue has been assigned CVE-2020-10726 Signed-off-by: Xiaolong Ye <[email protected]> Reviewed-by: Maxime Coquelin <[email protected]> --- lib/librte_vhost/vhost_user.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c index d19614265b..2a4ba205cf 100644 --- a/lib/librte_vhost/vhost_user.c +++ b/lib/librte_vhost/vhost_user.c @@ -1433,6 +1433,11 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev, } memset(addr, 0, mmap_size); + if (dev->inflight_info->addr) { + munmap(dev->inflight_info->addr, dev->inflight_info->size); + dev->inflight_info->addr = NULL; + } + dev->inflight_info->addr = addr; dev->inflight_info->size = msg->payload.inflight.mmap_size = mmap_size; dev->inflight_info->fd = msg->fds[0] = fd; @@ -1517,8 +1522,10 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg, } } - if (dev->inflight_info->addr) + if (dev->inflight_info->addr) { munmap(dev->inflight_info->addr, dev->inflight_info->size); + dev->inflight_info->addr = NULL; + } addr = mmap(0, mmap_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, mmap_offset); -- 2.25.2 ++++++ 0006-vhost-fix-potential-fd-leak.patch ++++++ >From 1cb6dbef9c15e739da9b253c53b558e93906c6c5 Mon Sep 17 00:00:00 2001 From: Xuan Ding <[email protected]> Date: Wed, 8 Apr 2020 10:19:51 +0000 Subject: [PATCH 6/6] vhost: fix potential fd leak Vhost will create temporary file when receiving VHOST_USER_GET_INFLIGHT_FD message. Malicious guest can send endless this message to drain out the resource of host. When receiving VHOST_USER_GET_INFLIGHT_FD message repeatedly, closing the file created during the last handling of this message. Fixes: d87f1a1cb7b666550 ("vhost: support inflight info sharing") Cc: [email protected] This issue has been assigned CVE-2020-10726 Signed-off-by: Xuan Ding <[email protected]> Signed-off-by: Xiaolong Ye <[email protected]> Reviewed-by: Maxime Coquelin <[email protected]> --- lib/librte_vhost/vhost_user.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/librte_vhost/vhost_user.c b/lib/librte_vhost/vhost_user.c index 2a4ba205cf..8954f7930e 100644 --- a/lib/librte_vhost/vhost_user.c +++ b/lib/librte_vhost/vhost_user.c @@ -206,7 +206,7 @@ vhost_backend_cleanup(struct virtio_net *dev) dev->inflight_info->addr = NULL; } - if (dev->inflight_info->fd > 0) { + if (dev->inflight_info->fd >= 0) { close(dev->inflight_info->fd); dev->inflight_info->fd = -1; } @@ -1408,6 +1408,7 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev, "failed to alloc dev inflight area\n"); return RTE_VHOST_MSG_RESULT_ERR; } + dev->inflight_info->fd = -1; } num_queues = msg->payload.inflight.num_queues; @@ -1438,6 +1439,11 @@ vhost_user_get_inflight_fd(struct virtio_net **pdev, dev->inflight_info->addr = NULL; } + if (dev->inflight_info->fd >= 0) { + close(dev->inflight_info->fd); + dev->inflight_info->fd = -1; + } + dev->inflight_info->addr = addr; dev->inflight_info->size = msg->payload.inflight.mmap_size = mmap_size; dev->inflight_info->fd = msg->fds[0] = fd; @@ -1520,6 +1526,7 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg, "failed to alloc dev inflight area\n"); return RTE_VHOST_MSG_RESULT_ERR; } + dev->inflight_info->fd = -1; } if (dev->inflight_info->addr) { @@ -1534,8 +1541,10 @@ vhost_user_set_inflight_fd(struct virtio_net **pdev, VhostUserMsg *msg, return RTE_VHOST_MSG_RESULT_ERR; } - if (dev->inflight_info->fd) + if (dev->inflight_info->fd >= 0) { close(dev->inflight_info->fd); + dev->inflight_info->fd = -1; + } dev->inflight_info->fd = fd; dev->inflight_info->addr = addr; -- 2.25.2 ++++++ dpdk-18.11.3.tar.xz -> dpdk-19.11.1.tar.xz ++++++ /work/SRC/openSUSE:Leap:15.2/dpdk/dpdk-18.11.3.tar.xz /work/SRC/openSUSE:Leap:15.2/.dpdk.new.3606/dpdk-19.11.1.tar.xz differ: char 25, line 1
