Compare commits
No commits in common. "c9s-20240326.g4988e2b-1" and "c9-beta" have entirely different histories.
c9s-202403
...
c9-beta
6
.gitignore
vendored
6
.gitignore
vendored
@ -1,5 +1 @@
|
|||||||
/passt-4129764ecaebf05a33e22d8d95bb3d8deaa14c14.tar.xz
|
SOURCES/passt-ee36266a55478672ad2c5f4efbd6ca0bef3d37cd.tar.xz
|
||||||
/passt-4663ccc89a7fcbf9d901a80730ee925fc7f64c59.tar.xz
|
|
||||||
/passt-4ddbcb9c0c555838b123c018a9ebc9b7e14a87e5.tar.xz
|
|
||||||
/passt-0af928eaa020c1062fdc91598dfdc533966e2afe.tar.xz
|
|
||||||
/passt-b86afe3559c0bd3d24bc6fed7c60466cf141224c.tar.xz
|
|
||||||
|
1
.passt.metadata
Normal file
1
.passt.metadata
Normal file
@ -0,0 +1 @@
|
|||||||
|
421a821e193faa31035a158c913c70d7fc13bf68 SOURCES/passt-ee36266a55478672ad2c5f4efbd6ca0bef3d37cd.tar.xz
|
@ -0,0 +1,64 @@
|
|||||||
|
From 002b2a23380d4df552bac7665d462ac4c7bced0b Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Gibson <david@gibson.dropbear.id.au>
|
||||||
|
Date: Wed, 14 Aug 2024 20:03:33 +1000
|
||||||
|
Subject: [PATCH] flow: Don't crash if guest attempts to connect to port 0
|
||||||
|
|
||||||
|
Using a zero port on TCP or UDP is dubious, and we can't really deal with
|
||||||
|
forwarding such a flow within the constraints of the socket API. Hence
|
||||||
|
we ASSERT()ed that we had non-zero ports in flow_hash().
|
||||||
|
|
||||||
|
The intention was to make sure that the protocol code sanitizes such ports
|
||||||
|
before completing a flow entry. Unfortunately, flow_hash() is also called
|
||||||
|
on new packets to see if they have an existing flow, so the unsanitized
|
||||||
|
guest packet can crash passt with the assert.
|
||||||
|
|
||||||
|
Correct this by moving the assert from flow_hash() to flow_sidx_hash()
|
||||||
|
which is only used on entries already in the table, not on unsanitized
|
||||||
|
data.
|
||||||
|
|
||||||
|
Reported-by: Matt Hamilton <matt@thmail.io>
|
||||||
|
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
||||||
|
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
|
||||||
|
---
|
||||||
|
flow.c | 18 ++++++++++--------
|
||||||
|
1 file changed, 10 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/flow.c b/flow.c
|
||||||
|
index 687e9fd..93b687d 100644
|
||||||
|
--- a/flow.c
|
||||||
|
+++ b/flow.c
|
||||||
|
@@ -561,12 +561,6 @@ static uint64_t flow_hash(const struct ctx *c, uint8_t proto, uint8_t pif,
|
||||||
|
{
|
||||||
|
struct siphash_state state = SIPHASH_INIT(c->hash_secret);
|
||||||
|
|
||||||
|
- /* For the hash table to work, we need complete endpoint information,
|
||||||
|
- * and at least a forwarding port.
|
||||||
|
- */
|
||||||
|
- ASSERT(pif != PIF_NONE && !inany_is_unspecified(&side->eaddr) &&
|
||||||
|
- side->eport != 0 && side->fport != 0);
|
||||||
|
-
|
||||||
|
inany_siphash_feed(&state, &side->faddr);
|
||||||
|
inany_siphash_feed(&state, &side->eaddr);
|
||||||
|
|
||||||
|
@@ -586,8 +580,16 @@ static uint64_t flow_hash(const struct ctx *c, uint8_t proto, uint8_t pif,
|
||||||
|
static uint64_t flow_sidx_hash(const struct ctx *c, flow_sidx_t sidx)
|
||||||
|
{
|
||||||
|
const struct flow_common *f = &flow_at_sidx(sidx)->f;
|
||||||
|
- return flow_hash(c, FLOW_PROTO(f),
|
||||||
|
- f->pif[sidx.sidei], &f->side[sidx.sidei]);
|
||||||
|
+ const struct flowside *side = &f->side[sidx.sidei];
|
||||||
|
+ uint8_t pif = f->pif[sidx.sidei];
|
||||||
|
+
|
||||||
|
+ /* For the hash table to work, entries must have complete endpoint
|
||||||
|
+ * information, and at least a forwarding port.
|
||||||
|
+ */
|
||||||
|
+ ASSERT(pif != PIF_NONE && !inany_is_unspecified(&side->eaddr) &&
|
||||||
|
+ side->eport != 0 && side->fport != 0);
|
||||||
|
+
|
||||||
|
+ return flow_hash(c, FLOW_PROTO(f), pif, side);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
@ -7,19 +7,20 @@
|
|||||||
# Copyright (c) 2022 Red Hat GmbH
|
# Copyright (c) 2022 Red Hat GmbH
|
||||||
# Author: Stefano Brivio <sbrivio@redhat.com>
|
# Author: Stefano Brivio <sbrivio@redhat.com>
|
||||||
|
|
||||||
%global git_hash 4988e2b406313c579836dc31867d793cfe77535c
|
%global git_hash ee36266a55478672ad2c5f4efbd6ca0bef3d37cd
|
||||||
%global selinuxtype targeted
|
%global selinuxtype targeted
|
||||||
|
|
||||||
Name: passt
|
Name: passt
|
||||||
Version: 0^20240326.g4988e2b
|
Version: 0^20240806.gee36266
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Summary: User-mode networking daemons for virtual machines and namespaces
|
Summary: User-mode networking daemons for virtual machines and namespaces
|
||||||
License: GPLv2+ and BSD
|
License: GPL-2.0-or-later AND BSD-3-Clause
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
URL: https://passt.top/
|
URL: https://passt.top/
|
||||||
Source: https://passt.top/passt/snapshot/passt-%{git_hash}.tar.xz
|
Source: https://passt.top/passt/snapshot/passt-%{git_hash}.tar.xz
|
||||||
|
|
||||||
Patch1: 0001-selinux-Drop-user_namespace-create-allow-rules.patch
|
Patch1: 0001-selinux-Drop-user_namespace-create-allow-rules.patch
|
||||||
|
Patch2: 0002-flow-Don-t-crash-if-guest-attempts-to-connect-to-por.patch
|
||||||
|
|
||||||
BuildRequires: gcc, make, git, checkpolicy, selinux-policy-devel
|
BuildRequires: gcc, make, git, checkpolicy, selinux-policy-devel
|
||||||
Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
|
Requires: (%{name}-selinux = %{version}-%{release} if selinux-policy-%{selinuxtype})
|
||||||
@ -126,7 +127,19 @@ fi
|
|||||||
%{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp
|
%{_datadir}/selinux/packages/%{selinuxtype}/pasta.pp
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue May 21 2024 Marcel Haerri <mharri@redhat.com> - 0^20240326.g4988e2b-1
|
* Wed Aug 14 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240806-gee36266-2
|
||||||
|
- Resolves: RHEL-54268
|
||||||
|
|
||||||
|
* Wed Aug 7 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240806.gee36266-1
|
||||||
|
- Resolves: RHEL-53189
|
||||||
|
|
||||||
|
* Fri Aug 2 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240726.g57a21d2-1
|
||||||
|
- Resolves: RHEL-52638
|
||||||
|
|
||||||
|
* Mon Jun 24 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240624.g1ee2eca-1
|
||||||
|
- Resolves: RHEL-44837
|
||||||
|
|
||||||
|
* Wed May 22 2024 Stefano Brivio <sbrivio@redhat.com> - 0^20240510.g7288448-1
|
||||||
- Resolves: RHEL-37647
|
- Resolves: RHEL-37647
|
||||||
|
|
||||||
* Fri Dec 15 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231204.gb86afe3-1
|
* Fri Dec 15 2023 Stefano Brivio <sbrivio@redhat.com> - 0^20231204.gb86afe3-1
|
@ -1,7 +0,0 @@
|
|||||||
--- !Policy
|
|
||||||
product_versions:
|
|
||||||
- rhel-9
|
|
||||||
decision_context: osci_compose_gate
|
|
||||||
rules:
|
|
||||||
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
|
|
||||||
- !PassingTestCaseRule {test_case_name: kvm-ci.passt.x86_64.brew-build.gating.tier1.functional}
|
|
Loading…
Reference in New Issue
Block a user