Compare commits

..

No commits in common. "c8" and "c8-beta" have entirely different histories.
c8 ... c8-beta

6 changed files with 307 additions and 113 deletions

View File

@ -1,2 +1,2 @@
061198752d3d8b64d33113b7c8c1e272c973403d SOURCES/dpdk-23.11.tar.xz
17331a86759beba4b6635ed530ce23b0b73c0744 SOURCES/dpdk-21.11.tar.xz
3cc45b133677fbff08e89e65a2120be52ebb27a5 SOURCES/pyelftools-0.27.tar.gz

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/dpdk-23.11.tar.xz
SOURCES/dpdk-21.11.tar.xz
SOURCES/pyelftools-0.27.tar.gz

View File

@ -1,37 +0,0 @@
From 606fd08b1bfce6d81c9532a9ecbbbe88aa266793 Mon Sep 17 00:00:00 2001
From: Olivier Matz <olivier.matz@6wind.com>
Date: Thu, 28 Nov 2024 12:09:56 +0100
Subject: [PATCH] net/virtio: fix Rx checksum calculation
If hdr->csum_start is larger than packet length, the len argument passed
to rte_raw_cksum_mbuf() overflows and causes a segmentation fault.
Ignore checksum computation in this case.
CVE-2024-11614
Fixes: ca7036b4af3a ("vhost: fix offload flags in Rx path")
Signed-off-by: Maxime Gouin <maxime.gouin@6wind.com>
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
lib/vhost/virtio_net.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
index 6d53ff932d..e42aabf126 100644
--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
@@ -2831,6 +2831,9 @@ vhost_dequeue_offload(struct virtio_net *dev, struct virtio_net_hdr *hdr,
*/
uint16_t csum = 0, off;
+ if (hdr->csum_start >= rte_pktmbuf_pkt_len(m))
+ return;
+
if (rte_raw_cksum_mbuf(m, hdr->csum_start,
rte_pktmbuf_pkt_len(m) - hdr->csum_start, &csum) < 0)
return;
--
2.47.0

View File

@ -0,0 +1,78 @@
From f167022606b5ccca27a627ae599538ce2348ef67 Mon Sep 17 00:00:00 2001
Message-Id: <f167022606b5ccca27a627ae599538ce2348ef67.1666780268.git.tredaelli@redhat.com>
From: Maxime Coquelin <maxime.coquelin@redhat.com>
Date: Thu, 16 Jun 2022 11:35:56 +0200
Subject: [PATCH 1/2] vhost: discard too small descriptor chains
[ upstream commit 71bd0cc536ad6d84188d947d6f24c17400d8f623 ]
This patch discards descriptor chains which are smaller
than the Virtio-net header size, and ones that are equal.
Indeed, such descriptor chains sizes mean there is no
packet data.
This patch also has the advantage of requesting the exact
packets sizes for the mbufs.
CVE-2022-2132
Fixes: 62250c1d0978 ("vhost: extract split ring handling from Rx and Tx functions")
Fixes: c3ff0ac70acb ("vhost: improve performance by supporting large buffer")
Fixes: 84d5204310d7 ("vhost: support async dequeue for split ring")
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Acked-by: Chenbo Xia <chenbo.xia@intel.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
---
lib/vhost/virtio_net.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
index 858187d1b0..991a7a2bd4 100644
--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
@@ -2334,10 +2334,10 @@ copy_desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq,
buf_addr = buf_vec[vec_idx].buf_addr;
buf_len = buf_vec[vec_idx].buf_len;
- if (unlikely(buf_len < dev->vhost_hlen && nr_vec <= 1)) {
- error = -1;
- goto out;
- }
+ /*
+ * The caller has checked the descriptors chain is larger than the
+ * header size.
+ */
if (virtio_net_with_host_offload(dev)) {
if (unlikely(buf_len < sizeof(struct virtio_net_hdr))) {
@@ -2568,6 +2568,14 @@ virtio_dev_tx_split(struct virtio_net *dev, struct vhost_virtqueue *vq,
update_shadow_used_ring_split(vq, head_idx, 0);
+ if (unlikely(buf_len <= dev->vhost_hlen)) {
+ dropped += 1;
+ i++;
+ break;
+ }
+
+ buf_len -= dev->vhost_hlen;
+
err = virtio_dev_pktmbuf_prep(dev, pkts[i], buf_len);
if (unlikely(err)) {
/*
@@ -2771,6 +2779,11 @@ vhost_dequeue_single_packed(struct virtio_net *dev,
VHOST_ACCESS_RO) < 0))
return -1;
+ if (unlikely(buf_len <= dev->vhost_hlen))
+ return -1;
+
+ buf_len -= dev->vhost_hlen;
+
if (unlikely(virtio_dev_pktmbuf_prep(dev, pkts, buf_len))) {
if (!allocerr_warned) {
VHOST_LOG_DATA(ERR,
--
2.37.3

View File

@ -0,0 +1,106 @@
From e12d415556994d0901c317f6338ed2961185465f Mon Sep 17 00:00:00 2001
Message-Id: <e12d415556994d0901c317f6338ed2961185465f.1666780268.git.tredaelli@redhat.com>
In-Reply-To: <f167022606b5ccca27a627ae599538ce2348ef67.1666780268.git.tredaelli@redhat.com>
References: <f167022606b5ccca27a627ae599538ce2348ef67.1666780268.git.tredaelli@redhat.com>
From: Maxime Coquelin <maxime.coquelin@redhat.com>
Date: Thu, 16 Jun 2022 14:25:07 +0200
Subject: [PATCH 2/2] vhost: fix header spanned across more than two
descriptors
[ upstream commit dc1516e260a0df272b218392faf6db3cbf45e717 ]
This patch aims at supporting the unlikely case where a
Virtio-net header is spanned across more than two
descriptors.
CVE-2022-2132
Fixes: fd68b4739d2c ("vhost: use buffer vectors in dequeue path")
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Acked-by: Chenbo Xia <chenbo.xia@intel.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
---
lib/vhost/virtio_net.c | 41 +++++++++++++----------------------------
1 file changed, 13 insertions(+), 28 deletions(-)
diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
index 991a7a2bd4..bf4d75b4bd 100644
--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
@@ -2322,25 +2322,22 @@ copy_desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq,
uint32_t buf_avail, buf_offset;
uint64_t buf_addr, buf_len;
uint32_t mbuf_avail, mbuf_offset;
+ uint32_t hdr_remain = dev->vhost_hlen;
uint32_t cpy_len;
struct rte_mbuf *cur = m, *prev = m;
struct virtio_net_hdr tmp_hdr;
struct virtio_net_hdr *hdr = NULL;
- /* A counter to avoid desc dead loop chain */
- uint16_t vec_idx = 0;
+ uint16_t vec_idx;
struct batch_copy_elem *batch_copy = vq->batch_copy_elems;
int error = 0;
- buf_addr = buf_vec[vec_idx].buf_addr;
- buf_len = buf_vec[vec_idx].buf_len;
-
/*
* The caller has checked the descriptors chain is larger than the
* header size.
*/
if (virtio_net_with_host_offload(dev)) {
- if (unlikely(buf_len < sizeof(struct virtio_net_hdr))) {
+ if (unlikely(buf_vec[0].buf_len < sizeof(struct virtio_net_hdr))) {
/*
* No luck, the virtio-net header doesn't fit
* in a contiguous virtual area.
@@ -2348,34 +2345,22 @@ copy_desc_to_mbuf(struct virtio_net *dev, struct vhost_virtqueue *vq,
copy_vnet_hdr_from_desc(&tmp_hdr, buf_vec);
hdr = &tmp_hdr;
} else {
- hdr = (struct virtio_net_hdr *)((uintptr_t)buf_addr);
+ hdr = (struct virtio_net_hdr *)((uintptr_t)buf_vec[0].buf_addr);
}
}
- /*
- * A virtio driver normally uses at least 2 desc buffers
- * for Tx: the first for storing the header, and others
- * for storing the data.
- */
- if (unlikely(buf_len < dev->vhost_hlen)) {
- buf_offset = dev->vhost_hlen - buf_len;
- vec_idx++;
- buf_addr = buf_vec[vec_idx].buf_addr;
- buf_len = buf_vec[vec_idx].buf_len;
- buf_avail = buf_len - buf_offset;
- } else if (buf_len == dev->vhost_hlen) {
- if (unlikely(++vec_idx >= nr_vec))
- goto out;
- buf_addr = buf_vec[vec_idx].buf_addr;
- buf_len = buf_vec[vec_idx].buf_len;
+ for (vec_idx = 0; vec_idx < nr_vec; vec_idx++) {
+ if (buf_vec[vec_idx].buf_len > hdr_remain)
+ break;
- buf_offset = 0;
- buf_avail = buf_len;
- } else {
- buf_offset = dev->vhost_hlen;
- buf_avail = buf_vec[vec_idx].buf_len - dev->vhost_hlen;
+ hdr_remain -= buf_vec[vec_idx].buf_len;
}
+ buf_addr = buf_vec[vec_idx].buf_addr;
+ buf_len = buf_vec[vec_idx].buf_len;
+ buf_offset = hdr_remain;
+ buf_avail = buf_vec[vec_idx].buf_len - hdr_remain;
+
PRINT_PACKET(dev,
(uintptr_t)(buf_addr + buf_offset),
(uint32_t)buf_avail, 0);
--
2.37.3

View File

@ -8,31 +8,27 @@
#% define date 20191128
#% define shortcommit0 %(c=%{commit0}; echo ${c:0:7})
%define ver 23.11
%define rel 2
%define ver 21.11
%define rel 3
%define srcname dpdk%(awk -F. '{ if (NF > 2) print "-stable" }' <<<%{version})
%define pyelftoolsver 0.27
%define srcname dpdk
Name: dpdk
Version: %{ver}
Release: %{rel}%{?commit0:.%{date}git%{shortcommit0}}%{?dist}
%if 0%{?fedora} || 0%{?rhel} > 8
Epoch: 2
%endif
URL: http://dpdk.org
%if 0%{?commit0:1}
Source: https://dpdk.org/browse/dpdk/snapshot/dpdk-%{commit0}.tar.xz
Source: http://dpdk.org/browse/dpdk/snapshot/dpdk-%{commit0}.tar.xz
%else
Source: https://fast.dpdk.org/rel/dpdk-%{ver}.tar.xz
Source: http://fast.dpdk.org/rel/dpdk-%{ver}.tar.xz
%endif
# Only needed for creating snapshot tarballs, not used in build itself
Source100: dpdk-snapshot.sh
# CVE-2024-11614
Patch1: 0001-net-virtio-fix-Rx-checksum-calculation.patch
# CVE-2022-2132
Patch1: 0001-vhost-discard-too-small-descriptor-chains.patch
Patch2: 0002-vhost-fix-header-spanned-across-more-than-two-descri.patch
Summary: Set of libraries and drivers for fast packet processing
@ -61,23 +57,90 @@ Conflicts: dpdk-doc < 18.11-2
%endif
BuildRequires: meson
%if 0%{?rhel} && 0%{?rhel} < 9
%define pyelftoolsver 0.27
Source1: https://github.com/eliben/pyelftools/archive/refs/tags/v%{pyelftoolsver}.tar.gz#/pyelftools-%{pyelftoolsver}.tar.gz
%if 0%{?rhel} > 8 || 0%{?fedora}
%else
BuildRequires: python3-pyelftools
%endif
BuildRequires: gcc, zlib-devel, numactl-devel, libarchive-devel
BuildRequires: gcc, zlib-devel, numactl-devel
BuildRequires: doxygen, python3-sphinx
%ifarch x86_64
BuildRequires: rdma-core-devel >= 15
%endif
# Macros taked from ninja-build and meson packages and adapted to be defined here
# See /usr/lib/rpm/macros.d/macros.{ninja,meson}
%if 0%{?rhel} && 0%{?rhel} < 8
# RHEL-7 doesn't define _vpath_* macros yet
%if 0%{!?_vpath_srcdir:1}
%define _vpath_srcdir .
%endif
%if 0%{!?_vpath_builddir:1}
%define _vpath_builddir %_target_platform
%endif
%define __ninja %{venvdir}/bin/ninja
%define __ninja_common_opts -v %{?_smp_mflags}
%define ninja_build \
%{__ninja} %{__ninja_common_opts}
%define ninja_install \
DESTDIR=%{buildroot} %{__ninja} install %{__ninja_common_opts}
%define ninja_test \
%{__ninja} test %{__ninja_common_opts}
%define __meson %{venvdir}/bin/meson
%define __meson_wrap_mode nodownload
%define __meson_auto_features enabled
%define meson \
export CFLAGS="${CFLAGS:-%__global_cflags}" \
export CXXFLAGS="${CXXFLAGS:-%__global_cxxflags}" \
export FFLAGS="${FFLAGS:-%__global_fflags}" \
export FCFLAGS="${FCFLAGS:-%__global_fcflags}" \
export LDFLAGS="${LDFLAGS:-%__global_ldflags}" \
%{__meson} \\\
--buildtype=plain \\\
--prefix=%{_prefix} \\\
--libdir=%{_libdir} \\\
--libexecdir=%{_libexecdir} \\\
--bindir=%{_bindir} \\\
--sbindir=%{_sbindir} \\\
--includedir=%{_includedir} \\\
--datadir=%{_datadir} \\\
--mandir=%{_mandir} \\\
--infodir=%{_infodir} \\\
--localedir=%{_datadir}/locale \\\
--sysconfdir=%{_sysconfdir} \\\
--localstatedir=%{_localstatedir} \\\
--sharedstatedir=%{_sharedstatedir} \\\
--wrap-mode=%{__meson_wrap_mode} \\\
--auto-features=%{__meson_auto_features} \\\
%{_vpath_srcdir} %{_vpath_builddir} \\\
%{nil}
%define meson_build \
%ninja_build -C %{_vpath_builddir}
%define meson_install \
%ninja_install -C %{_vpath_builddir}
%define meson_test \
%ninja_test -C %{_vpath_builddir}
%endif
%description
The Data Plane Development Kit is a set of libraries and drivers for
fast packet processing in the user space.
%package devel
Summary: Data Plane Development Kit development files
Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: %{name}%{?_isa} = %{version}-%{release}
%ifarch x86_64
Requires: rdma-core-devel
%endif
@ -96,7 +159,7 @@ API programming documentation for the Data Plane Development Kit.
%if %{with tools}
%package tools
Summary: Tools for setting up Data Plane Development Kit environment
Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
Requires: %{name} = %{version}-%{release}
Requires: kmod pciutils findutils iproute python3
%description tools
@ -126,15 +189,6 @@ as L2 and L3 forwarding.
export PYTHONPATH=$(pwd)/pyelftools-%{pyelftoolsver}
%endif
ENABLED_APPS=(
test-pmd
test-bbdev
)
for app in "${ENABLED_APPS[@]}"; do
enable_apps="${enable_apps:+$enable_apps,}"$app
done
ENABLED_DRIVERS=(
bus/pci
bus/vdev
@ -149,16 +203,15 @@ ENABLED_DRIVERS=(
%ifarch x86_64
ENABLED_DRIVERS+=(
baseband/acc
bus/auxiliary
bus/vmbus
common/iavf
common/mlx5
common/nfp
net/bnxt
net/enic
net/iavf
net/ice
net/mlx4
net/mlx5
net/netvsc
net/nfp
@ -174,46 +227,41 @@ ENABLED_DRIVERS+=(
)
%endif
for driver in "${ENABLED_DRIVERS[@]}"; do
for driver in ${ENABLED_DRIVERS[@]}; do
enable_drivers="${enable_drivers:+$enable_drivers,}"$driver
done
# As of 21.11-rc3, following libraries can be disabled:
# optional_libs = [
# 'bitratestats',
# 'gpudev',
# 'gro',
# 'gso',
# 'kni',
# 'jobstats',
# 'latencystats',
# 'metrics',
# 'pdump',
# 'power',
# 'vhost',
# ]
# If doing any updates, this must be aligned with:
# https://access.redhat.com/articles/3538141
ENABLED_LIBS=(
bbdev
bitratestats
bpf
cmdline
cryptodev
dmadev
gro
gso
hash
ip_frag
latencystats
member
meter
metrics
pcapng
pdump
security
stack
vhost
DISABLED_LIBS=(
gpudev
kni
jobstats
power
)
for lib in "${ENABLED_LIBS[@]}"; do
enable_libs="${enable_libs:+$enable_libs,}"$lib
for lib in "${DISABLED_LIBS[@]}"; do
disable_libs="${disable_libs:+$disable_libs,}"$lib
done
ln -s /usr/bin/true mandb
export PATH=$(pwd):$PATH
%meson --includedir=include/dpdk \
--default-library=shared \
-Ddeveloper_mode=disabled \
-Denable_libs="$enable_libs" \
-Ddisable_libs="$disable_libs" \
-Ddrivers_install_subdir=dpdk-pmds \
-Denable_apps="$enable_apps" \
-Denable_docs=true \
-Denable_drivers="$enable_drivers" \
-Dplatform=generic \
@ -223,34 +271,40 @@ export PATH=$(pwd):$PATH
# Check drivers and libraries
for driver in "${ENABLED_DRIVERS[@]}"; do
config_token="RTE_$(echo "$driver" | tr [a-z/] [A-Z_])"
! grep -Fqw "$config_token" */rte_build_config.h || continue
config_token=RTE_$(echo $driver | tr [a-z/] [A-Z_])
! grep -q $config_token */rte_build_config.h || continue
echo "!!! Could not find $driver in rte_build_config.h, please check dependencies. !!!"
false
done
for lib in "${ENABLED_LIBS[@]}"; do
config_token="RTE_LIB_$(echo "$lib" | tr [a-z/] [A-Z_])"
! grep -Fqw "$config_token" */rte_build_config.h || continue
echo "!!! Could not find $lib in rte_build_config.h, please check dependencies. !!!"
for lib in "${DISABLED_LIBS[@]}"; do
config_token=RTE_LIB_$(echo $lib | tr [a-z/] [A-Z_])
grep -q $config_token */rte_build_config.h || continue
echo "!!! Found $lib in rte_build_config.h. !!!"
false
done
%meson_build
%install
%if 0%{?rhel} && 0%{?rhel} < 8
export PATH="%{venvdir}/bin:$PATH"
%endif
%meson_install
rm -f %{buildroot}%{_bindir}/dpdk-dumpcap
rm -f %{buildroot}%{_bindir}/dpdk-pdump
rm -f %{buildroot}%{_bindir}/dpdk-proc-info
rm -f %{buildroot}%{_bindir}/dpdk-test{,-acl,-bbdev,-cmdline,-compress-perf,-crypto-perf,-eventdev,-pipeline,-sad,-fib,-flow-perf,-regex}
rm -f %{buildroot}%{_libdir}/*.a
# Taken from debian/rules
rm -f %{buildroot}%{docdir}/html/.buildinfo
rm -f %{buildroot}%{docdir}/html/objects.inv
rm -rf %{buildroot}%{docdir}/html/.doctrees
find %{buildroot}%{_datadir}/man/ -type f -a ! -iname "*rte_*" -exec rm {} \;
# Taked from debian/rules
rm -f %{docdir}/html/.buildinfo
rm -f %{docdir}/html/objects.inv
rm -rf %{docdir}/html/.doctrees
%files
# BSD
%doc README MAINTAINERS
%{_bindir}/dpdk-testpmd
%{_bindir}/dpdk-test-bbdev
%dir %{pmddir}
%{_libdir}/*.so.*
%{pmddir}/*.so.*
@ -275,7 +329,6 @@ find %{buildroot}%{_datadir}/man/ -type f -a ! -iname "*rte_*" -exec rm {} \;
%{pmddir}/*.so
%{_libdir}/pkgconfig/libdpdk.pc
%{_libdir}/pkgconfig/libdpdk-libs.pc
%{_datadir}/man
%if %{with examples}
%files examples
%{_bindir}/dpdk-*
@ -288,12 +341,6 @@ find %{buildroot}%{_datadir}/man/ -type f -a ! -iname "*rte_*" -exec rm {} \;
%endif
%changelog
* Tue Dec 17 2024 Kevin Traynor <ktraynor@redhat.com> - 23.11-2
- Backport fixes for CVE-2024-11614 (RHEL-68600)
* Fri Dec 15 2023 David Marchand <david.marchand@redhat.com> - 23.11-1
- Rebase to 23.11 (RHEL-19584)
* Fri Dec 23 2022 Timothy Redaelli <tredaelli@redhat.com> - 21.11-3
- Version bump just to be sure it's updated from dpdk-21.11-2.el8_7