Compare commits

..

No commits in common. "c8" and "c8-beta" have entirely different histories.
c8 ... c8-beta

5 changed files with 308 additions and 71 deletions

View File

@ -1,2 +1,2 @@
061198752d3d8b64d33113b7c8c1e272c973403d SOURCES/dpdk-23.11.tar.xz 17331a86759beba4b6635ed530ce23b0b73c0744 SOURCES/dpdk-21.11.tar.xz
3cc45b133677fbff08e89e65a2120be52ebb27a5 SOURCES/pyelftools-0.27.tar.gz 3cc45b133677fbff08e89e65a2120be52ebb27a5 SOURCES/pyelftools-0.27.tar.gz

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/dpdk-23.11.tar.xz SOURCES/dpdk-21.11.tar.xz
SOURCES/pyelftools-0.27.tar.gz SOURCES/pyelftools-0.27.tar.gz

View File

@ -0,0 +1,78 @@
From f167022606b5ccca27a627ae599538ce2348ef67 Mon Sep 17 00:00:00 2001
Message-Id: <f167022606b5ccca27a627ae599538ce2348ef67.1666780268.git.tredaelli@redhat.com>
From: Maxime Coquelin <maxime.coquelin@redhat.com>
Date: Thu, 16 Jun 2022 11:35:56 +0200
Subject: [PATCH 1/2] vhost: discard too small descriptor chains
[ upstream commit 71bd0cc536ad6d84188d947d6f24c17400d8f623 ]
This patch discards descriptor chains which are smaller
than the Virtio-net header size, and ones that are equal.
Indeed, such descriptor chains sizes mean there is no
packet data.
This patch also has the advantage of requesting the exact
packets sizes for the mbufs.
CVE-2022-2132
Fixes: 62250c1d0978 ("vhost: extract split ring handling from Rx and Tx functions")
Fixes: c3ff0ac70acb ("vhost: improve performance by supporting large buffer")
Fixes: 84d5204310d7 ("vhost: support async dequeue for split ring")
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Acked-by: Chenbo Xia <chenbo.xia@intel.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
---
lib/vhost/virtio_net.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
index 858187d1b0..991a7a2bd4 100644
--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
@@ -2334,10 +2334,10 @@ copy_desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq,
buf_addr = buf_vec[vec_idx].buf_addr;
buf_len = buf_vec[vec_idx].buf_len;
- if (unlikely(buf_len < dev->vhost_hlen && nr_vec <= 1)) {
- error = -1;
- goto out;
- }
+ /*
+ * The caller has checked the descriptors chain is larger than the
+ * header size.
+ */
if (virtio_net_with_host_offload(dev)) {
if (unlikely(buf_len < sizeof(struct virtio_net_hdr))) {
@@ -2568,6 +2568,14 @@ virtio_dev_tx_split(struct virtio_net *dev, struct vhost_virtqueue *vq,
update_shadow_used_ring_split(vq, head_idx, 0);
+ if (unlikely(buf_len <= dev->vhost_hlen)) {
+ dropped += 1;
+ i++;
+ break;
+ }
+
+ buf_len -= dev->vhost_hlen;
+
err = virtio_dev_pktmbuf_prep(dev, pkts[i], buf_len);
if (unlikely(err)) {
/*
@@ -2771,6 +2779,11 @@ vhost_dequeue_single_packed(struct virtio_net *dev,
VHOST_ACCESS_RO) < 0))
return -1;
+ if (unlikely(buf_len <= dev->vhost_hlen))
+ return -1;
+
+ buf_len -= dev->vhost_hlen;
+
if (unlikely(virtio_dev_pktmbuf_prep(dev, pkts, buf_len))) {
if (!allocerr_warned) {
VHOST_LOG_DATA(ERR,
--
2.37.3

View File

@ -0,0 +1,106 @@
From e12d415556994d0901c317f6338ed2961185465f Mon Sep 17 00:00:00 2001
Message-Id: <e12d415556994d0901c317f6338ed2961185465f.1666780268.git.tredaelli@redhat.com>
In-Reply-To: <f167022606b5ccca27a627ae599538ce2348ef67.1666780268.git.tredaelli@redhat.com>
References: <f167022606b5ccca27a627ae599538ce2348ef67.1666780268.git.tredaelli@redhat.com>
From: Maxime Coquelin <maxime.coquelin@redhat.com>
Date: Thu, 16 Jun 2022 14:25:07 +0200
Subject: [PATCH 2/2] vhost: fix header spanned across more than two
descriptors
[ upstream commit dc1516e260a0df272b218392faf6db3cbf45e717 ]
This patch aims at supporting the unlikely case where a
Virtio-net header is spanned across more than two
descriptors.
CVE-2022-2132
Fixes: fd68b4739d2c ("vhost: use buffer vectors in dequeue path")
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Acked-by: Chenbo Xia <chenbo.xia@intel.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
---
lib/vhost/virtio_net.c | 41 +++++++++++++----------------------------
1 file changed, 13 insertions(+), 28 deletions(-)
diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
index 991a7a2bd4..bf4d75b4bd 100644
--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
@@ -2322,25 +2322,22 @@ copy_desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq,
uint32_t buf_avail, buf_offset;
uint64_t buf_addr, buf_len;
uint32_t mbuf_avail, mbuf_offset;
+ uint32_t hdr_remain = dev->vhost_hlen;
uint32_t cpy_len;
struct rte_mbuf *cur = m, *prev = m;
struct virtio_net_hdr tmp_hdr;
struct virtio_net_hdr *hdr = NULL;
- /* A counter to avoid desc dead loop chain */
- uint16_t vec_idx = 0;
+ uint16_t vec_idx;
struct batch_copy_elem *batch_copy = vq->batch_copy_elems;
int error = 0;
- buf_addr = buf_vec[vec_idx].buf_addr;
- buf_len = buf_vec[vec_idx].buf_len;
-
/*
* The caller has checked the descriptors chain is larger than the
* header size.
*/
if (virtio_net_with_host_offload(dev)) {
- if (unlikely(buf_len < sizeof(struct virtio_net_hdr))) {
+ if (unlikely(buf_vec[0].buf_len < sizeof(struct virtio_net_hdr))) {
/*
* No luck, the virtio-net header doesn't fit
* in a contiguous virtual area.
@@ -2348,34 +2345,22 @@ copy_desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq,
copy_vnet_hdr_from_desc(&tmp_hdr, buf_vec);
hdr = &tmp_hdr;
} else {
- hdr = (struct virtio_net_hdr *)((uintptr_t)buf_addr);
+ hdr = (struct virtio_net_hdr *)((uintptr_t)buf_vec[0].buf_addr);
}
}
- /*
- * A virtio driver normally uses at least 2 desc buffers
- * for Tx: the first for storing the header, and others
- * for storing the data.
- */
- if (unlikely(buf_len < dev->vhost_hlen)) {
- buf_offset = dev->vhost_hlen - buf_len;
- vec_idx++;
- buf_addr = buf_vec[vec_idx].buf_addr;
- buf_len = buf_vec[vec_idx].buf_len;
- buf_avail = buf_len - buf_offset;
- } else if (buf_len == dev->vhost_hlen) {
- if (unlikely(++vec_idx >= nr_vec))
- goto out;
- buf_addr = buf_vec[vec_idx].buf_addr;
- buf_len = buf_vec[vec_idx].buf_len;
+ for (vec_idx = 0; vec_idx < nr_vec; vec_idx++) {
+ if (buf_vec[vec_idx].buf_len > hdr_remain)
+ break;
- buf_offset = 0;
- buf_avail = buf_len;
- } else {
- buf_offset = dev->vhost_hlen;
- buf_avail = buf_vec[vec_idx].buf_len - dev->vhost_hlen;
+ hdr_remain -= buf_vec[vec_idx].buf_len;
}
+ buf_addr = buf_vec[vec_idx].buf_addr;
+ buf_len = buf_vec[vec_idx].buf_len;
+ buf_offset = hdr_remain;
+ buf_avail = buf_vec[vec_idx].buf_len - hdr_remain;
+
PRINT_PACKET(dev,
(uintptr_t)(buf_addr + buf_offset),
(uint32_t)buf_avail, 0);
--
2.37.3

View File

@ -8,29 +8,28 @@
#% define date 20191128 #% define date 20191128
#% define shortcommit0 %(c=%{commit0}; echo ${c:0:7}) #% define shortcommit0 %(c=%{commit0}; echo ${c:0:7})
%define ver 23.11 %define ver 21.11
%define rel 1 %define rel 3
%define srcname dpdk%(awk -F. '{ if (NF > 2) print "-stable" }' <<<%{version}) %define srcname dpdk
%define pyelftoolsver 0.27
Name: dpdk Name: dpdk
Version: %{ver} Version: %{ver}
Release: %{rel}%{?commit0:.%{date}git%{shortcommit0}}%{?dist} Release: %{rel}%{?commit0:.%{date}git%{shortcommit0}}%{?dist}
%if 0%{?fedora} || 0%{?rhel} > 8
Epoch: 2
%endif
URL: http://dpdk.org URL: http://dpdk.org
%if 0%{?commit0:1} %if 0%{?commit0:1}
Source: https://dpdk.org/browse/dpdk/snapshot/dpdk-%{commit0}.tar.xz Source: http://dpdk.org/browse/dpdk/snapshot/dpdk-%{commit0}.tar.xz
%else %else
Source: https://fast.dpdk.org/rel/dpdk-%{ver}.tar.xz Source: http://fast.dpdk.org/rel/dpdk-%{ver}.tar.xz
%endif %endif
# Only needed for creating snapshot tarballs, not used in build itself # Only needed for creating snapshot tarballs, not used in build itself
Source100: dpdk-snapshot.sh Source100: dpdk-snapshot.sh
# CVE-2022-2132
Patch1: 0001-vhost-discard-too-small-descriptor-chains.patch
Patch2: 0002-vhost-fix-header-spanned-across-more-than-two-descri.patch
Summary: Set of libraries and drivers for fast packet processing Summary: Set of libraries and drivers for fast packet processing
# #
@ -58,23 +57,90 @@ Conflicts: dpdk-doc < 18.11-2
%endif %endif
BuildRequires: meson BuildRequires: meson
%if 0%{?rhel} && 0%{?rhel} < 9
%define pyelftoolsver 0.27
Source1: https://github.com/eliben/pyelftools/archive/refs/tags/v%{pyelftoolsver}.tar.gz#/pyelftools-%{pyelftoolsver}.tar.gz Source1: https://github.com/eliben/pyelftools/archive/refs/tags/v%{pyelftoolsver}.tar.gz#/pyelftools-%{pyelftoolsver}.tar.gz
%if 0%{?rhel} > 8 || 0%{?fedora} %else
BuildRequires: python3-pyelftools BuildRequires: python3-pyelftools
%endif %endif
BuildRequires: gcc, zlib-devel, numactl-devel, libarchive-devel BuildRequires: gcc, zlib-devel, numactl-devel
BuildRequires: doxygen, python3-sphinx BuildRequires: doxygen, python3-sphinx
%ifarch x86_64 %ifarch x86_64
BuildRequires: rdma-core-devel >= 15 BuildRequires: rdma-core-devel >= 15
%endif %endif
# Macros taked from ninja-build and meson packages and adapted to be defined here
# See /usr/lib/rpm/macros.d/macros.{ninja,meson}
%if 0%{?rhel} && 0%{?rhel} < 8
# RHEL-7 doesn't define _vpath_* macros yet
%if 0%{!?_vpath_srcdir:1}
%define _vpath_srcdir .
%endif
%if 0%{!?_vpath_builddir:1}
%define _vpath_builddir %_target_platform
%endif
%define __ninja %{venvdir}/bin/ninja
%define __ninja_common_opts -v %{?_smp_mflags}
%define ninja_build \
%{__ninja} %{__ninja_common_opts}
%define ninja_install \
DESTDIR=%{buildroot} %{__ninja} install %{__ninja_common_opts}
%define ninja_test \
%{__ninja} test %{__ninja_common_opts}
%define __meson %{venvdir}/bin/meson
%define __meson_wrap_mode nodownload
%define __meson_auto_features enabled
%define meson \
export CFLAGS="${CFLAGS:-%__global_cflags}" \
export CXXFLAGS="${CXXFLAGS:-%__global_cxxflags}" \
export FFLAGS="${FFLAGS:-%__global_fflags}" \
export FCFLAGS="${FCFLAGS:-%__global_fcflags}" \
export LDFLAGS="${LDFLAGS:-%__global_ldflags}" \
%{__meson} \\\
--buildtype=plain \\\
--prefix=%{_prefix} \\\
--libdir=%{_libdir} \\\
--libexecdir=%{_libexecdir} \\\
--bindir=%{_bindir} \\\
--sbindir=%{_sbindir} \\\
--includedir=%{_includedir} \\\
--datadir=%{_datadir} \\\
--mandir=%{_mandir} \\\
--infodir=%{_infodir} \\\
--localedir=%{_datadir}/locale \\\
--sysconfdir=%{_sysconfdir} \\\
--localstatedir=%{_localstatedir} \\\
--sharedstatedir=%{_sharedstatedir} \\\
--wrap-mode=%{__meson_wrap_mode} \\\
--auto-features=%{__meson_auto_features} \\\
%{_vpath_srcdir} %{_vpath_builddir} \\\
%{nil}
%define meson_build \
%ninja_build -C %{_vpath_builddir}
%define meson_install \
%ninja_install -C %{_vpath_builddir}
%define meson_test \
%ninja_test -C %{_vpath_builddir}
%endif
%description %description
The Data Plane Development Kit is a set of libraries and drivers for The Data Plane Development Kit is a set of libraries and drivers for
fast packet processing in the user space. fast packet processing in the user space.
%package devel %package devel
Summary: Data Plane Development Kit development files Summary: Data Plane Development Kit development files
Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release}
%ifarch x86_64 %ifarch x86_64
Requires: rdma-core-devel Requires: rdma-core-devel
%endif %endif
@ -93,7 +159,7 @@ API programming documentation for the Data Plane Development Kit.
%if %{with tools} %if %{with tools}
%package tools %package tools
Summary: Tools for setting up Data Plane Development Kit environment Summary: Tools for setting up Data Plane Development Kit environment
Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release} Requires: %{name} = %{version}-%{release}
Requires: kmod pciutils findutils iproute python3 Requires: kmod pciutils findutils iproute python3
%description tools %description tools
@ -123,15 +189,6 @@ as L2 and L3 forwarding.
export PYTHONPATH=$(pwd)/pyelftools-%{pyelftoolsver} export PYTHONPATH=$(pwd)/pyelftools-%{pyelftoolsver}
%endif %endif
ENABLED_APPS=(
test-pmd
test-bbdev
)
for app in "${ENABLED_APPS[@]}"; do
enable_apps="${enable_apps:+$enable_apps,}"$app
done
ENABLED_DRIVERS=( ENABLED_DRIVERS=(
bus/pci bus/pci
bus/vdev bus/vdev
@ -146,16 +203,15 @@ ENABLED_DRIVERS=(
%ifarch x86_64 %ifarch x86_64
ENABLED_DRIVERS+=( ENABLED_DRIVERS+=(
baseband/acc
bus/auxiliary bus/auxiliary
bus/vmbus bus/vmbus
common/iavf common/iavf
common/mlx5 common/mlx5
common/nfp
net/bnxt net/bnxt
net/enic net/enic
net/iavf net/iavf
net/ice net/ice
net/mlx4
net/mlx5 net/mlx5
net/netvsc net/netvsc
net/nfp net/nfp
@ -171,46 +227,41 @@ ENABLED_DRIVERS+=(
) )
%endif %endif
for driver in "${ENABLED_DRIVERS[@]}"; do for driver in ${ENABLED_DRIVERS[@]}; do
enable_drivers="${enable_drivers:+$enable_drivers,}"$driver enable_drivers="${enable_drivers:+$enable_drivers,}"$driver
done done
# As of 21.11-rc3, following libraries can be disabled:
# optional_libs = [
# 'bitratestats',
# 'gpudev',
# 'gro',
# 'gso',
# 'kni',
# 'jobstats',
# 'latencystats',
# 'metrics',
# 'pdump',
# 'power',
# 'vhost',
# ]
# If doing any updates, this must be aligned with: # If doing any updates, this must be aligned with:
# https://access.redhat.com/articles/3538141 # https://access.redhat.com/articles/3538141
ENABLED_LIBS=( DISABLED_LIBS=(
bbdev gpudev
bitratestats kni
bpf jobstats
cmdline power
cryptodev
dmadev
gro
gso
hash
ip_frag
latencystats
member
meter
metrics
pcapng
pdump
security
stack
vhost
) )
for lib in "${ENABLED_LIBS[@]}"; do for lib in "${DISABLED_LIBS[@]}"; do
enable_libs="${enable_libs:+$enable_libs,}"$lib disable_libs="${disable_libs:+$disable_libs,}"$lib
done done
ln -s /usr/bin/true mandb
export PATH=$(pwd):$PATH
%meson --includedir=include/dpdk \ %meson --includedir=include/dpdk \
--default-library=shared \ --default-library=shared \
-Ddeveloper_mode=disabled \ -Ddisable_libs="$disable_libs" \
-Denable_libs="$enable_libs" \
-Ddrivers_install_subdir=dpdk-pmds \ -Ddrivers_install_subdir=dpdk-pmds \
-Denable_apps="$enable_apps" \
-Denable_docs=true \ -Denable_docs=true \
-Denable_drivers="$enable_drivers" \ -Denable_drivers="$enable_drivers" \
-Dplatform=generic \ -Dplatform=generic \
@ -220,34 +271,40 @@ export PATH=$(pwd):$PATH
# Check drivers and libraries # Check drivers and libraries
for driver in "${ENABLED_DRIVERS[@]}"; do for driver in "${ENABLED_DRIVERS[@]}"; do
config_token="RTE_$(echo "$driver" | tr [a-z/] [A-Z_])" config_token=RTE_$(echo $driver | tr [a-z/] [A-Z_])
! grep -Fqw "$config_token" */rte_build_config.h || continue ! grep -q $config_token */rte_build_config.h || continue
echo "!!! Could not find $driver in rte_build_config.h, please check dependencies. !!!" echo "!!! Could not find $driver in rte_build_config.h, please check dependencies. !!!"
false false
done done
for lib in "${ENABLED_LIBS[@]}"; do for lib in "${DISABLED_LIBS[@]}"; do
config_token="RTE_LIB_$(echo "$lib" | tr [a-z/] [A-Z_])" config_token=RTE_LIB_$(echo $lib | tr [a-z/] [A-Z_])
! grep -Fqw "$config_token" */rte_build_config.h || continue grep -q $config_token */rte_build_config.h || continue
echo "!!! Could not find $lib in rte_build_config.h, please check dependencies. !!!" echo "!!! Found $lib in rte_build_config.h. !!!"
false false
done done
%meson_build %meson_build
%install %install
%if 0%{?rhel} && 0%{?rhel} < 8
export PATH="%{venvdir}/bin:$PATH"
%endif
%meson_install %meson_install
rm -f %{buildroot}%{_bindir}/dpdk-dumpcap
rm -f %{buildroot}%{_bindir}/dpdk-pdump
rm -f %{buildroot}%{_bindir}/dpdk-proc-info
rm -f %{buildroot}%{_bindir}/dpdk-test{,-acl,-bbdev,-cmdline,-compress-perf,-crypto-perf,-eventdev,-pipeline,-sad,-fib,-flow-perf,-regex}
rm -f %{buildroot}%{_libdir}/*.a rm -f %{buildroot}%{_libdir}/*.a
# Taken from debian/rules # Taked from debian/rules
rm -f %{buildroot}%{docdir}/html/.buildinfo rm -f %{docdir}/html/.buildinfo
rm -f %{buildroot}%{docdir}/html/objects.inv rm -f %{docdir}/html/objects.inv
rm -rf %{buildroot}%{docdir}/html/.doctrees rm -rf %{docdir}/html/.doctrees
find %{buildroot}%{_datadir}/man/ -type f -a ! -iname "*rte_*" -exec rm {} \;
%files %files
# BSD # BSD
%doc README MAINTAINERS %doc README MAINTAINERS
%{_bindir}/dpdk-testpmd %{_bindir}/dpdk-testpmd
%{_bindir}/dpdk-test-bbdev
%dir %{pmddir} %dir %{pmddir}
%{_libdir}/*.so.* %{_libdir}/*.so.*
%{pmddir}/*.so.* %{pmddir}/*.so.*
@ -272,7 +329,6 @@ find %{buildroot}%{_datadir}/man/ -type f -a ! -iname "*rte_*" -exec rm {} \;
%{pmddir}/*.so %{pmddir}/*.so
%{_libdir}/pkgconfig/libdpdk.pc %{_libdir}/pkgconfig/libdpdk.pc
%{_libdir}/pkgconfig/libdpdk-libs.pc %{_libdir}/pkgconfig/libdpdk-libs.pc
%{_datadir}/man
%if %{with examples} %if %{with examples}
%files examples %files examples
%{_bindir}/dpdk-* %{_bindir}/dpdk-*
@ -285,9 +341,6 @@ find %{buildroot}%{_datadir}/man/ -type f -a ! -iname "*rte_*" -exec rm {} \;
%endif %endif
%changelog %changelog
* Fri Dec 15 2023 David Marchand <david.marchand@redhat.com> - 23.11-1
- Rebase to 23.11 (RHEL-19584)
* Fri Dec 23 2022 Timothy Redaelli <tredaelli@redhat.com> - 21.11-3 * Fri Dec 23 2022 Timothy Redaelli <tredaelli@redhat.com> - 21.11-3
- Version bump just to be sure it's updated from dpdk-21.11-2.el8_7 - Version bump just to be sure it's updated from dpdk-21.11-2.el8_7