mirror of
git://git.yoctoproject.org/meta-dpdk.git
synced 2025-07-19 12:59:03 +02:00
68dec754fd
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset. References: https://nvd.nist.gov/vuln/detail/CVE-2024-11614 https://security-tracker.debian.org/tracker/CVE-2024-11614 Upstream-patch: https://git.dpdk.org/dpdk/commit/?id=4dc4e33ffa108e945fc8a1e2bbc7819791faa61e Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
79 lines
1.9 KiB
BlitzBasic
79 lines
1.9 KiB
BlitzBasic
include dpdk.inc
|
|
|
|
SRC_URI += " \
|
|
file://0001-meson.build-march-and-mcpu-already-passed-by-Yocto-21.11.patch \
|
|
file://CVE-2024-11614.patch \
|
|
"
|
|
|
|
STABLE = "-stable"
|
|
BRANCH = "21.11"
|
|
SRCREV = "49b2102bf9fea000d36860353016a5c6ddf993a9"
|
|
S = "${WORKDIR}/git"
|
|
|
|
# CVE-2021-3839 has been fixed by commit 4c40d30d2b in 21.11.1
|
|
# NVD database is incomplete
|
|
# CVE-2022-0669 has been fixed by commit 6cb68162e4 in 21.11.1
|
|
# NVD database is incomplete
|
|
CVE_CHECK_IGNORE += "\
|
|
CVE-2021-3839 \
|
|
CVE-2022-0669 \
|
|
"
|
|
|
|
# kernel module is provide by dpdk-module recipe, so disable here
|
|
EXTRA_OEMESON = " -Denable_kmods=false \
|
|
-Dexamples=all \
|
|
"
|
|
|
|
COMPATIBLE_MACHINE = "null"
|
|
COMPATIBLE_HOST:libc-musl:class-target = "null"
|
|
COMPATIBLE_HOST:linux-gnux32 = "null"
|
|
|
|
PACKAGECONFIG ??= " "
|
|
PACKAGECONFIG[afxdp] = ",,libbpf xdp-tools"
|
|
PACKAGECONFIG[libvirt] = ",,libvirt"
|
|
|
|
RDEPENDS:${PN} += "pciutils python3-core"
|
|
RDEPENDS:${PN}-examples += "bash"
|
|
DEPENDS = "numactl python3-pyelftools-native"
|
|
|
|
inherit meson pkgconfig
|
|
|
|
INSTALL_PATH = "${prefix}/share/dpdk"
|
|
|
|
do_install:append(){
|
|
# remove source files
|
|
rm -rf ${D}/${INSTALL_PATH}/examples/*
|
|
|
|
# Install examples
|
|
install -m 0755 -d ${D}/${INSTALL_PATH}/examples/
|
|
for dirname in ${B}/examples/dpdk-*
|
|
do
|
|
if [ ! -d ${dirname} ] && [ -x ${dirname} ]; then
|
|
install -m 0755 ${dirname} ${D}/${INSTALL_PATH}/examples/
|
|
fi
|
|
done
|
|
|
|
}
|
|
|
|
PACKAGES =+ "${PN}-examples ${PN}-tools"
|
|
|
|
FILES:${PN} += " ${bindir}/dpdk-testpmd \
|
|
${bindir}/dpdk-proc-info \
|
|
${libdir}/*.so* \
|
|
${libdir}/dpdk/pmds-22.0/*.so* \
|
|
"
|
|
FILES:${PN}-examples = " \
|
|
${prefix}/share/dpdk/examples/* \
|
|
"
|
|
|
|
FILES:${PN}-tools = " \
|
|
${bindir}/dpdk-pdump \
|
|
${bindir}/dpdk-test \
|
|
${bindir}/dpdk-test-* \
|
|
${bindir}/dpdk-*.py \
|
|
"
|
|
|
|
CVE_PRODUCT = "data_plane_development_kit"
|
|
|
|
INSANE_SKIP:${PN} = "dev-so"
|