5 changed files with 95 additions and 55 deletions
--- a/.dpdk.metadata
+++ b/.dpdk.metadata
@ -1,2 +1,2 @@
-061198752d3d8b64d33113b7c8c1e272c973403d SOURCES/dpdk-23.11.tar.xz
+fe6fdabe7e50094219e5f8ef925c0e96ead5f062 SOURCES/dpdk-24.11.2.tar.xz
 3cc45b133677fbff08e89e65a2120be52ebb27a5 SOURCES/pyelftools-0.27.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/dpdk-23.11.tar.xz
+SOURCES/dpdk-24.11.2.tar.xz
 SOURCES/pyelftools-0.27.tar.gz
--- a/SOURCES/0001-net-mlx5-avoid-setting-kernel-MTU-if-not-needed.patch
+++ b/SOURCES/0001-net-mlx5-avoid-setting-kernel-MTU-if-not-needed.patch
@ -0,0 +1,43 @@
 From f1f9113a08b202d302ba9448d351c04da48ff46d Mon Sep 17 00:00:00 2001
 From: Maxime Coquelin <maxime.coquelin@redhat.com>
 Date: Wed, 28 May 2025 11:36:44 +0200
 Subject: [PATCH] net/mlx5: avoid setting kernel MTU if not needed
 This patch checks whether the Kernel MTU has the same value
 as the requested one at port configuration time, and skip
 setting it if it is the same.
 Doing this, we can avoid the application to require
 NET_ADMIN capability, as in v23.11.
 Fixes: 10859ecf09c4 ("net/mlx5: fix MTU configuration")
 Cc: stable@dpdk.org
 Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
 Acked-by: Dariusz Sosnowski <dsosnowski@nvidia.com>
 ---
 drivers/net/mlx5/mlx5_ethdev.c | 8 ++++++++
 1 file changed, 8 insertions(+)
 diff --git a/drivers/net/mlx5/mlx5_ethdev.c b/drivers/net/mlx5/mlx5_ethdev.c
 index a50320075c..b7df39ace9 100644
 --- a/drivers/net/mlx5/mlx5_ethdev.c
 +++ b/drivers/net/mlx5/mlx5_ethdev.c
@@ -678,6 +678,14 @@ mlx5_dev_set_mtu(struct rte_eth_dev *dev, uint16_t mtu)
 	ret = mlx5_get_mtu(dev, &kern_mtu);
 	if (ret)
 		return ret;
 +
 +	if (kern_mtu == mtu) {
 +		priv->mtu = mtu;
 +		DRV_LOG(DEBUG, "port %u adapter MTU was already set to %u",
 +			dev->data->port_id, mtu);
 +		return 0;
 +	}
 +
 	/* Set kernel interface MTU first. */
 	ret = mlx5_set_mtu(dev, mtu);
 	if (ret)
 -- 
 2.49.0
--- a/SOURCES/0001-net-virtio-fix-Rx-checksum-calculation.patch
+++ b/SOURCES/0001-net-virtio-fix-Rx-checksum-calculation.patch
@ -1,37 +0,0 @@
 From 606fd08b1bfce6d81c9532a9ecbbbe88aa266793 Mon Sep 17 00:00:00 2001
 From: Olivier Matz <olivier.matz@6wind.com>
 Date: Thu, 28 Nov 2024 12:09:56 +0100
 Subject: [PATCH] net/virtio: fix Rx checksum calculation
 If hdr->csum_start is larger than packet length, the len argument passed
 to rte_raw_cksum_mbuf() overflows and causes a segmentation fault.
 Ignore checksum computation in this case.
 CVE-2024-11614
 Fixes: ca7036b4af3a ("vhost: fix offload flags in Rx path")
 Signed-off-by: Maxime Gouin <maxime.gouin@6wind.com>
 Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
 Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
 ---
 lib/vhost/virtio_net.c | 3 +++
 1 file changed, 3 insertions(+)
 diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
 index 6d53ff932d..e42aabf126 100644
 --- a/lib/vhost/virtio_net.c
 +++ b/lib/vhost/virtio_net.c
@@ -2831,6 +2831,9 @@ vhost_dequeue_offload(struct virtio_net *dev, struct virtio_net_hdr *hdr,
 			 */
 			uint16_t csum = 0, off;
 +			if (hdr->csum_start >= rte_pktmbuf_pkt_len(m))
 +				return;
 +
 			if (rte_raw_cksum_mbuf(m, hdr->csum_start,
 					rte_pktmbuf_pkt_len(m) - hdr->csum_start, &csum) < 0)
 				return;
 -- 
 2.47.0
--- a/SPECS/dpdk.spec
+++ b/SPECS/dpdk.spec
@ -8,8 +8,8 @@
 #% define date 20191128
 #% define shortcommit0 %(c=%{commit0}; echo ${c:0:7})
-%define ver 23.11
+%define ver 24.11.2
-%define rel 2
+%define rel 3
 %define srcname dpdk%(awk -F. '{ if (NF > 2) print "-stable" }' <<<%{version})
@ -31,8 +31,7 @@ Source: https://fast.dpdk.org/rel/dpdk-%{ver}.tar.xz
 # Only needed for creating snapshot tarballs, not used in build itself
 Source100: dpdk-snapshot.sh
-# CVE-2024-11614
+Patch1: 0001-net-mlx5-avoid-setting-kernel-MTU-if-not-needed.patch
 Patch1: 0001-net-virtio-fix-Rx-checksum-calculation.patch
 Summary: Set of libraries and drivers for fast packet processing
@ -67,8 +66,8 @@ BuildRequires: python3-pyelftools
 %endif
 BuildRequires: gcc, zlib-devel, numactl-devel, libarchive-devel
 BuildRequires: doxygen, python3-sphinx
-%ifarch x86_64
+%ifarch aarch64 x86_64
-BuildRequires: rdma-core-devel >= 15
+BuildRequires: rdma-core-devel >= 44
 %endif
 %description
@ -150,16 +149,15 @@ ENABLED_DRIVERS=(
 %ifarch x86_64
 ENABLED_DRIVERS+=(
    baseband/acc
    bus/auxiliary
    bus/vmbus
    common/iavf
    common/mlx5
    common/nfp
    net/bnxt
    net/ena
    net/enic
    net/iavf
    net/ice
-    net/mlx5
+    net/mana
    net/netvsc
    net/nfp
    net/qede
@ -169,8 +167,11 @@ ENABLED_DRIVERS+=(
 %ifarch aarch64 x86_64
 ENABLED_DRIVERS+=(
    bus/auxiliary
    common/mlx5
    net/e1000
    net/ixgbe
    net/mlx5
 )
 %endif
@ -199,6 +200,7 @@ ENABLED_LIBS=(
    pdump
    security
    stack
    timer
    vhost
 )
@ -288,20 +290,52 @@ find %{buildroot}%{_datadir}/man/ -type f -a ! -iname "*rte_*" -exec rm {} \;
 %endif
 %changelog
 * Tue Aug 19 2025 David Marchand <david.marchand@redhat.com> - 24.11.2-3
 - Enable net/mlx5 driver for ARM (RHEL-109612)
 * Thu Jun 26 2025 Maxime Coquelin <maxime.coquelin@redhat.com> - 24.11.2-2
 - Avoid requiring NET_ADMIN with mlx5 (RHEL-93856)
 * Mon Jun 23 2025 Kevin Traynor <ktraynor@redhat.com> - 24.11.2-1
 - Rebase to 24.11.2 (RHEL-96848)
 * Mon Jan 13 2025 David Marchand <david.marchand@redhat.com> - 24.11.1-2
 - Enable net/ena and net/mana drivers (RHEL-23843)
 * Wed Dec 18 2024 David Marchand <david.marchand@redhat.com> - 24.11.1-1
 - Rebase to 24.11.1 (RHEL-71133)
 * Tue Dec 17 2024 Kevin Traynor <ktraynor@redhat.com> - 23.11-2
- Backport fixes for CVE-2024-11614 (RHEL-68600)
+- Backport fixes for CVE-2024-11614 (RHEL-68605)
 * Fri Dec 15 2023 David Marchand <david.marchand@redhat.com> - 23.11-1
- Rebase to 23.11 (RHEL-19584)
+- Rebase to 23.11 (RHEL-19571)
-* Fri Dec 23 2022 Timothy Redaelli <tredaelli@redhat.com> - 21.11-3
+* Tue Apr 11 2023 David Marchand <david.marchand@redhat.com> - 22.11-4
- Version bump just to be sure it's updated from dpdk-21.11-2.el8_7
+- Fix MTU regression for net/i40e (#2182799)
-* Wed Oct 26 2022 Timothy Redaelli <tredaelli@redhat.com> - 21.11-2
+* Thu Mar 23 2023 Timothy Redaelli <tredaelli@redhat.com> - 22.11-3
- Backport fixes for CVE-2022-2132 (#2107171)
+- Add support to load compressed firmware (#2179024)
 * Fri Mar 03 2023 Maxime Coquelin <maxime.coquelin@redhat.com> - 22.11-2
 - Add ACC100/ACC200 and related test-bbdev application (#2106526, #2138398)
 * Mon Jan 23 2023 Timothy Redaelli <tredaelli@redhat.com> - 22.11-1
 - Rebase to 22.11 (#2129066)
 * Mon Sep 12 2022 Timothy Redaelli <tredaelli@redhat.com> - 21.11.2-1
 - Rebase to 21.11.2 (#2126159)
 - Includes fixes for CVE-2022-2132 (#2107173) and CVE-2022-28199 (#2123616)
 * Wed Jul 13 2022 Timothy Redaelli <tredaelli@redhat.com> - 21.11.1-1
 - Rebase to 21.11.1 (#2106856)
 - Includes fix for CVE-2021-3839 (#2026642)
 * Tue Nov 23 2021 David Marchand <david.marchand@redhat.com> - 21.11-1
- Rebase to 21.11 (#2029497)
+- Rebase to 21.11 (#2030616)
 * Fri Nov 19 2021 Timothy Redaelli <tredaelli@redhat.com> - 20.11.1-1
 - Rebase to 20.11.1 (#2024994)
 * Tue Feb 16 2021 Timothy Redaelli <tredaelli@redhat.com> - 20.11-3
 - Fix gating since on DPDK 20.11 testpmd is called dpdk-testpmd
`@ -1,2 +1,2 @@`
	`061198752d3d8b64d33113b7c8c1e272c973403d SOURCES/dpdk-23.11.tar.xz`	`fe6fdabe7e50094219e5f8ef925c0e96ead5f062 SOURCES/dpdk-24.11.2.tar.xz`
	`3cc45b133677fbff08e89e65a2120be52ebb27a5 SOURCES/pyelftools-0.27.tar.gz`	`3cc45b133677fbff08e89e65a2120be52ebb27a5 SOURCES/pyelftools-0.27.tar.gz`
`@ -1,2 +1,2 @@`
	`SOURCES/dpdk-23.11.tar.xz`	`SOURCES/dpdk-24.11.2.tar.xz`
	`SOURCES/pyelftools-0.27.tar.gz`	`SOURCES/pyelftools-0.27.tar.gz`