From 5908de100260bf7168e2a90cd32b19b494c86588 Mon Sep 17 00:00:00 2001 From: Open vSwitch CI Date: Sep 22 2022 21:55:33 +0000 Subject: Import openvswitch2.15-2.15.0-122 from Fast DataPath --- diff --git a/SOURCES/openvswitch-2.15.0.patch b/SOURCES/openvswitch-2.15.0.patch index 2a32faa..5238c2b 100644 --- a/SOURCES/openvswitch-2.15.0.patch +++ b/SOURCES/openvswitch-2.15.0.patch @@ -96510,7 +96510,7 @@ index 6689c52df2..7d1d6a1861 100644 if (old_vq && (vq != old_vq)) return vq; diff --git a/dpdk/lib/librte_vhost/vhost_user.c b/dpdk/lib/librte_vhost/vhost_user.c -index 45c8ac09da..25ebc0c37c 100644 +index 45c8ac09da..da04a37867 100644 --- a/dpdk/lib/librte_vhost/vhost_user.c +++ b/dpdk/lib/librte_vhost/vhost_user.c @@ -474,8 +474,8 @@ vhost_user_set_vring_num(struct virtio_net **pdev, @@ -96705,7 +96705,7 @@ index 45c8ac09da..25ebc0c37c 100644 vring_invalidate(dev, vq); return RTE_VHOST_MSG_RESULT_REPLY; -@@ -2346,8 +2385,11 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg, +@@ -2346,8 +2385,12 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg, vhost_user_iotlb_cache_insert(vq, imsg->iova, vva, len, imsg->perm); @@ -96713,12 +96713,13 @@ index 45c8ac09da..25ebc0c37c 100644 + if (is_vring_iotlb(dev, vq, imsg)) { + rte_spinlock_lock(&vq->access_lock); *pdev = dev = translate_ring_addresses(dev, i); ++ vq = dev->virtqueue[i]; + rte_spinlock_unlock(&vq->access_lock); + } } break; case VHOST_IOTLB_INVALIDATE: -@@ -2360,8 +2402,11 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg, +@@ -2360,8 +2403,11 @@ vhost_user_iotlb_msg(struct virtio_net **pdev, struct VhostUserMsg *msg, vhost_user_iotlb_cache_remove(vq, imsg->iova, imsg->size); @@ -96731,7 +96732,7 @@ index 45c8ac09da..25ebc0c37c 100644 } break; default: -@@ -2646,12 +2691,16 @@ vhost_user_check_and_alloc_queue_pair(struct virtio_net *dev, +@@ -2646,12 +2692,16 @@ vhost_user_check_and_alloc_queue_pair(struct virtio_net *dev, break; case VHOST_USER_SET_VRING_NUM: case VHOST_USER_SET_VRING_BASE: @@ -96748,7 +96749,7 @@ index 45c8ac09da..25ebc0c37c 100644 default: return 0; } -@@ -2740,7 +2789,6 @@ vhost_user_msg_handler(int vid, int fd) +@@ -2740,7 +2790,6 @@ vhost_user_msg_handler(int vid, int fd) return -1; } @@ -96756,7 +96757,7 @@ index 45c8ac09da..25ebc0c37c 100644 request = msg.request.master; if (request > VHOST_USER_NONE && request < VHOST_USER_MAX && vhost_message_str[request]) { -@@ -2861,9 +2909,6 @@ vhost_user_msg_handler(int vid, int fd) +@@ -2861,9 +2910,6 @@ vhost_user_msg_handler(int vid, int fd) } } @@ -96766,7 +96767,7 @@ index 45c8ac09da..25ebc0c37c 100644 /* If message was not handled at this stage, treat it as an error */ if (!handled) { VHOST_LOG_CONFIG(ERR, -@@ -2885,9 +2930,11 @@ vhost_user_msg_handler(int vid, int fd) +@@ -2885,9 +2931,11 @@ vhost_user_msg_handler(int vid, int fd) } else if (ret == RTE_VHOST_MSG_RESULT_ERR) { VHOST_LOG_CONFIG(ERR, "vhost message handling failed.\n"); @@ -96779,7 +96780,7 @@ index 45c8ac09da..25ebc0c37c 100644 for (i = 0; i < dev->nr_vring; i++) { struct vhost_virtqueue *vq = dev->virtqueue[i]; bool cur_ready = vq_is_ready(dev, vq); -@@ -2898,8 +2945,11 @@ vhost_user_msg_handler(int vid, int fd) +@@ -2898,8 +2946,11 @@ vhost_user_msg_handler(int vid, int fd) } } @@ -96792,7 +96793,7 @@ index 45c8ac09da..25ebc0c37c 100644 goto out; /* -@@ -2926,7 +2976,7 @@ vhost_user_msg_handler(int vid, int fd) +@@ -2926,7 +2977,7 @@ vhost_user_msg_handler(int vid, int fd) } out: diff --git a/SPECS/openvswitch2.15.spec b/SPECS/openvswitch2.15.spec index f921b60..3611bde 100644 --- a/SPECS/openvswitch2.15.spec +++ b/SPECS/openvswitch2.15.spec @@ -57,7 +57,7 @@ Summary: Open vSwitch Group: System Environment/Daemons daemon/database/utilities URL: http://www.openvswitch.org/ Version: 2.15.0 -Release: 121%{?dist} +Release: 122%{?dist} # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL @@ -702,6 +702,20 @@ exit 0 %endif %changelog +* Wed Sep 21 2022 Timothy Redaelli - 2.15.0-122 +- vhost: fix virtqueue use after free on NUMA reallocation [RH git: ce74a8c364] + [ upstream commit 0b2a2ca35037d6a5168f0832c11d9858b8ae946a ] + + translate_ring_addresses (via numa_realloc) may change a virtio device and + virtio queue. + The virtqueue object must be refreshed before accessing the lock. + + Fixes: 04c27cb673b9 ("vhost: fix unsafe vring addresses modifications") + + Signed-off-by: David Marchand + Reviewed-by: Maxime Coquelin + + * Mon Sep 19 2022 Open vSwitch CI - 2.15.0-121 - Merging upstream branch-2.15 [RH git: 6af245093e] Commit list: