diff --git a/.gitignore b/.gitignore index 5a78891..b4f8b1a 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,4 @@ /passt-1ee2ecade3f41e2a3e51c1e580b08cba977a7c8d.tar.xz /passt-57a21d2df1467302dee71ee9d5683a8b96e6ce7f.tar.xz /passt-ee36266a55478672ad2c5f4efbd6ca0bef3d37cd.tar.xz +/passt-238c69f9af458e41dea5ad8c988dbf65b05b5172.tar.xz diff --git a/0001-flow-Don-t-crash-if-guest-attempts-to-connect-to-por.patch b/0001-flow-Don-t-crash-if-guest-attempts-to-connect-to-por.patch deleted file mode 100644 index 343864f..0000000 --- a/0001-flow-Don-t-crash-if-guest-attempts-to-connect-to-por.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 002b2a23380d4df552bac7665d462ac4c7bced0b Mon Sep 17 00:00:00 2001 -From: David Gibson -Date: Wed, 14 Aug 2024 20:03:33 +1000 -Subject: [PATCH] flow: Don't crash if guest attempts to connect to port 0 - -Using a zero port on TCP or UDP is dubious, and we can't really deal with -forwarding such a flow within the constraints of the socket API. Hence -we ASSERT()ed that we had non-zero ports in flow_hash(). - -The intention was to make sure that the protocol code sanitizes such ports -before completing a flow entry. Unfortunately, flow_hash() is also called -on new packets to see if they have an existing flow, so the unsanitized -guest packet can crash passt with the assert. - -Correct this by moving the assert from flow_hash() to flow_sidx_hash() -which is only used on entries already in the table, not on unsanitized -data. - -Reported-by: Reported-by: Matt Hamilton -Signed-off-by: David Gibson -Signed-off-by: Stefano Brivio ---- - flow.c | 18 ++++++++++-------- - 1 file changed, 10 insertions(+), 8 deletions(-) - -diff --git a/flow.c b/flow.c -index 687e9fd..93b687d 100644 ---- a/flow.c -+++ b/flow.c -@@ -561,12 +561,6 @@ static uint64_t flow_hash(const struct ctx *c, uint8_t proto, uint8_t pif, - { - struct siphash_state state = SIPHASH_INIT(c->hash_secret); - -- /* For the hash table to work, we need complete endpoint information, -- * and at least a forwarding port. -- */ -- ASSERT(pif != PIF_NONE && !inany_is_unspecified(&side->eaddr) && -- side->eport != 0 && side->fport != 0); -- - inany_siphash_feed(&state, &side->faddr); - inany_siphash_feed(&state, &side->eaddr); - -@@ -586,8 +580,16 @@ static uint64_t flow_hash(const struct ctx *c, uint8_t proto, uint8_t pif, - static uint64_t flow_sidx_hash(const struct ctx *c, flow_sidx_t sidx) - { - const struct flow_common *f = &flow_at_sidx(sidx)->f; -- return flow_hash(c, FLOW_PROTO(f), -- f->pif[sidx.sidei], &f->side[sidx.sidei]); -+ const struct flowside *side = &f->side[sidx.sidei]; -+ uint8_t pif = f->pif[sidx.sidei]; -+ -+ /* For the hash table to work, entries must have complete endpoint -+ * information, and at least a forwarding port. -+ */ -+ ASSERT(pif != PIF_NONE && !inany_is_unspecified(&side->eaddr) && -+ side->eport != 0 && side->fport != 0); -+ -+ return flow_hash(c, FLOW_PROTO(f), pif, side); - } - - /** --- -2.43.0 - diff --git a/passt.spec b/passt.spec index a177783..5282cf2 100644 --- a/passt.spec +++ b/passt.spec @@ -7,20 +7,18 @@ # Copyright (c) 2022 Red Hat GmbH # Author: Stefano Brivio -%global git_hash ee36266a55478672ad2c5f4efbd6ca0bef3d37cd +%global git_hash 238c69f9af458e41dea5ad8c988dbf65b05b5172 %global selinuxtype targeted Name: passt -Version: 0^20240806.gee36266 -Release: 3%{?dist} +Version: 0^20241121.g238c69f +Release: 1%{?dist} Summary: User-mode networking daemons for virtual machines and namespaces License: GPL-2.0-or-later AND BSD-3-Clause Group: System Environment/Daemons URL: https://passt.top/ Source: https://passt.top/passt/snapshot/passt-%{git_hash}.tar.xz -Patch1: 0001-flow-Don-t-crash-if-guest-attempts-to-connect-to-por.patch - BuildRequires: gcc, make, git, checkpolicy, selinux-policy-devel Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype}) @@ -126,6 +124,9 @@ fi %{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp %changelog +* Thu Nov 21 2024 Stefano Brivio - 0^20241121.g238c69f-1 +- Resolves: RHEL-67556 + * Tue Oct 29 2024 Troy Dawson - 0^20240806.gee36266-3 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018 diff --git a/sources b/sources index 8ba9cf6..bb55ad6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (passt-ee36266a55478672ad2c5f4efbd6ca0bef3d37cd.tar.xz) = f3d6b8155ffdd58f7bf291c78ec0607e1acbc879880fc69aaa1a29d6ba96f80fef5a0c8bca6f0ddd3916eeae823d2d3a006f4598fce9f9a3b489413561c72727 +SHA512 (passt-238c69f9af458e41dea5ad8c988dbf65b05b5172.tar.xz) = c170bdeabe6d9752f5750a11f3292ea8f96562f9d971a3fdedcddb036334fda44b8491be362bbb0892312de8da575ab4ef1842232253ad66edcadae10ac8cd49