From 0d592b6fb8dc6bfa9096a5d4b92ae76e16c125ad Mon Sep 17 00:00:00 2001 From: Open vSwitch CI Date: Sep 28 2022 07:40:46 +0000 Subject: Import openvswitch2.13-2.13.0-202 from Fast DataPath --- diff --git a/SOURCES/openvswitch-2.13.0.patch b/SOURCES/openvswitch-2.13.0.patch index a994ce0..c652b1a 100644 --- a/SOURCES/openvswitch-2.13.0.patch +++ b/SOURCES/openvswitch-2.13.0.patch @@ -111454,7 +111454,7 @@ index 684fddc30b..4f91715c33 100644 } diff --git a/dpdk/lib/librte_vhost/vhost_user.c b/dpdk/lib/librte_vhost/vhost_user.c -index 0cfb8b792b..af44d1e69c 100644 +index 0cfb8b792b..76ce6cb11a 100644 --- a/dpdk/lib/librte_vhost/vhost_user.c +++ b/dpdk/lib/librte_vhost/vhost_user.c @@ -97,8 +97,15 @@ close_msg_fds(struct VhostUserMsg *msg) @@ -112037,7 +112037,7 @@ index 0cfb8b792b..af44d1e69c 100644 return 0; } -@@ -2292,8 +2386,11 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg, +@@ -2292,8 +2386,12 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg, vhost_user_iotlb_cache_insert(vq, imsg->iova, vva, len, imsg->perm); @@ -112045,12 +112045,13 @@ index 0cfb8b792b..af44d1e69c 100644 + if (is_vring_iotlb(dev, vq, imsg)) { + rte_spinlock_lock(&vq->access_lock); *pdev = dev = translate_ring_addresses(dev, i); ++ vq = dev->virtqueue[i]; + rte_spinlock_unlock(&vq->access_lock); + } } break; case VHOST_IOTLB_INVALIDATE: -@@ -2303,8 +2400,11 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg, +@@ -2303,8 +2401,11 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg, vhost_user_iotlb_cache_remove(vq, imsg->iova, imsg->size); @@ -112063,7 +112064,7 @@ index 0cfb8b792b..af44d1e69c 100644 } break; default: -@@ -2440,8 +2540,13 @@ read_vhost_message(int sockfd, struct VhostUserMsg *msg) +@@ -2440,8 +2541,13 @@ read_vhost_message(int sockfd, struct VhostUserMsg *msg) ret = read_fd_message(sockfd, (char *)msg, VHOST_USER_HDR_SIZE, msg->fds, VHOST_MEMORY_MAX_NREGIONS, &msg->fd_num); @@ -112078,7 +112079,7 @@ index 0cfb8b792b..af44d1e69c 100644 if (msg->size) { if (msg->size > sizeof(msg->payload)) { -@@ -2508,7 +2613,7 @@ static int +@@ -2508,7 +2614,7 @@ static int vhost_user_check_and_alloc_queue_pair(struct virtio_net *dev, struct VhostUserMsg *msg) { @@ -112087,7 +112088,7 @@ index 0cfb8b792b..af44d1e69c 100644 switch (msg->request.master) { case VHOST_USER_SET_VRING_KICK: -@@ -2518,12 +2623,16 @@ vhost_user_check_and_alloc_queue_pair(struct virtio_net *dev, +@@ -2518,12 +2624,16 @@ vhost_user_check_and_alloc_queue_pair(struct virtio_net *dev, break; case VHOST_USER_SET_VRING_NUM: case VHOST_USER_SET_VRING_BASE: @@ -112104,7 +112105,7 @@ index 0cfb8b792b..af44d1e69c 100644 default: return 0; } -@@ -2758,7 +2867,7 @@ vhost_user_msg_handler(int vid, int fd) +@@ -2758,7 +2868,7 @@ vhost_user_msg_handler(int vid, int fd) return -1; } @@ -112113,7 +112114,7 @@ index 0cfb8b792b..af44d1e69c 100644 dev->flags |= VIRTIO_DEV_READY; if (!(dev->flags & VIRTIO_DEV_RUNNING)) { -@@ -2794,11 +2903,19 @@ static int process_slave_message_reply(struct virtio_net *dev, +@@ -2794,11 +2904,19 @@ static int process_slave_message_reply(struct virtio_net *dev, if ((msg->flags & VHOST_USER_NEED_REPLY) == 0) return 0; diff --git a/SPECS/openvswitch2.13.spec b/SPECS/openvswitch2.13.spec index 51262de..edb84fe 100644 --- a/SPECS/openvswitch2.13.spec +++ b/SPECS/openvswitch2.13.spec @@ -59,7 +59,7 @@ Summary: Open vSwitch Group: System Environment/Daemons daemon/database/utilities URL: http://www.openvswitch.org/ Version: 2.13.0 -Release: 201%{?commit0:.%{date}git%{shortcommit0}}%{?commit1:dpdk%{shortcommit1}}%{?dist} +Release: 202%{?commit0:.%{date}git%{shortcommit0}}%{?commit1:dpdk%{shortcommit1}}%{?dist} # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL @@ -715,6 +715,20 @@ exit 0 %endif %changelog +* Tue Sep 27 2022 Timothy Redaelli - 2.13.0-202 +- vhost: fix virtqueue use after free on NUMA reallocation [RH git: 9849aa79a5] + [ upstream commit 0b2a2ca35037d6a5168f0832c11d9858b8ae946a ] + + translate_ring_addresses (via numa_realloc) may change a virtio device and + virtio queue. + The virtqueue object must be refreshed before accessing the lock. + + Fixes: 04c27cb673b9 ("vhost: fix unsafe vring addresses modifications") + + Signed-off-by: David Marchand + Reviewed-by: Maxime Coquelin + + * Mon Sep 19 2022 Open vSwitch CI - 2.13.0-201 - Merging upstream branch-2.13 [RH git: 9e3e7fe271] Commit list: