MIRRORS/meta-virtualization
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-07-19 20:59:41 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

ovs: update to 2.15.1

Browse Source 
We drop a previously backported patch, and bump to version v2.15.1-30-gf8274b78c, which comprises the following commits:

    f8274b78c datapath-windows:adjust Offset when processing packet in POP_VLAN action
    a2f860aa2 cirrus: Reduce memory requirements for FreeBSD VMs.
    7788f1579 netdev-linux: Fix a null pointer dereference in netdev_linux_notify_sock().
    dd32deba6 pcap-file: Fix memory leak in ovs_pcap_open().
    9f2f66c8e odp-util: Fix a null pointer dereference in odp_flow_format().
    02b0c265c odp-util: Fix a null pointer dereference in odp_nsh_key_from_attr__().
    031eff456 netdev-dpdk: Fix RSS configuration for virtio.
    09cd9570d ipf: Fix only nat the first fragment in the reass process.
    ef8ca3e19 dpif-netdev: Fix crash when PACKET_OUT is metered.
    d3ff41d60 tc: Set action flags for tunnel_key release.
    079a4de72 netlink-socket: Replace error with txn->error when logging nacked transactions.
    f8cc5aa35 dynamic-string: Fix a crash in ds_clone().
    64d1bba91 dpif-netdev: fix memory leak in dpcls subtable set command
    90b219275 dpif-netdev: Do not flush PMD offloads on reload.
    b29b04f85 dpif-netdev: Fix offloads of modified flows.
    1d0b89ea7 dpif-netdev: Fix flow modification after failure.
    8d84a4b16 netdev-offload-dpdk: Fix IPv6 rewrite cast-align warning.
    f3f7849cb daemon-unix: Fix leak of a fork error message.
    8aa0f0374 ovsdb-cs: Perform forced reconnects without a backoff.
    ee4e034dc datapath-windows:Correct checksum for DNAT action
    72132a940 bond: Fix broken rebalancing after link state changes.
    aa84cfe25 dpif-netlink: Fix report_loss() message.
    aec05f7cd ovsdb-server: Fix memleak when failing to read storage.
    05bdf11fc conntrack: Init hash basis first at creation.
    94e3b9d9c netdev-linux: Ignore TSO packets when TSO is not enabled for userspace.
    842bfb899 conntrack: Handle already natted packets.
    ab873c1af conntrack: Document all-zero IP SNAT behavior and add a test case.
    86d6a9ee1 python: Fix Idl.run change_seqno update.
    1ba0c8365 bridge: Use correct (legacy) role names in database.
    7e5293ea5 Prepare for 2.15.2.
    b855bbc32 Set release date for 2.15.1.
    007a4f48f dpif-netdev: Apply subtable-lookup-prio-set on any datapath.
    c93358a56 netlink: removed incorrect optimization
    31626579f ovs-actions.xml: Add missing bracket.
    30596ec27 netdev-offload-tc: Use nl_msg_put_flag for OVS_TUNNEL_KEY_ATTR_CSUM.
    728980291 conntrack: Increment coverage counter for all bad checksum cases.
    881d71ea2 datapath-windows: Specify external include paths
    934668c29 Remove Python 2 leftovers.
    aaa596705 ipf: Fix a use-after-free error, and remove the 'do_not_steal' flag.
    bc0aa785a ovsdb-idl: Fix the database update signaling if it has never been connected.
    559426d2b ofproto: Fix potential NULL dereference in ofproto_ct_*_zone_timeout_policy().
    f31070e27 ofproto: Fix potential NULL dereference in ofproto_get_datapath_cap().
    8995d5311 dpif-netlink: Fix send of uninitialized memory in ct limit requests.
    0c056891c ofproto-dpif: Fix use of uninitialized attributes of timeout policy.
    121a67cad netdev-linux: Fix use of uninitialized LAG master name.
    5f27ff1cf ofp_actions: Fix set_mpls_tc formatting.
    e87adce83 dpif-netdev: Remove meter rate from the bucket size calculation.
    a3ee3258e ovs-ofctl: Fix coredump when using "add-groups" command.
    c5d2a6275 raft: Transfer leadership before creating snapshots.
    553d52392 ovsdb-cs: Consider all tables when computing expected cond seqno.
    8d0aebcc4 dpdk: Use DPDK 20.11.1 release.
    21452722b github: Fix up malformed /etc/hosts.
    90d1984b9 doc: automake: Add support for sphinx 4.0.
    38a8bed70 cirrus: Look up existing versions of python dependencies.
    255c38c74 ofp-group: Use big-enough buffer in ofputil_format_group().
    f2c0744d2 ofproto/ofproto-dpif-sflow: Check sflow agent in case of race
    ab157ef34 dpif: Fix use of uninitialized execute hash.
    b1fded020 odp-util: Fix use of uninitialized erspan metadata.
    f473ee568 dpif-netlink: Fix using uninitialized info.tc_modify_flow_deleted in out label.
    2721606bd netdev-offload-tc: Probe for support for any of the ct_state flags.
    091bc48d9 compat: Add ct_state flags definitions.
    1307e90e3 Add test cases for ingress_policing parameters
    d184c6ce6 netdev-linux: correct unit of burst parameter
    cab998e50 ipsec: Fix IPv6 default route support for Libreswan.
    b9ab7827e ovsdb-idl: Mark arc sources as updated when destination is deleted.
    c82d2e3fb ovsdb-idl: Preserve references for deleted rows.
    9a24ecbc2 ovsdb-idl.at: Make test outputs more predictable.
    8d71feb1b ovs-ofctl: Fix segfault due to bad meter n_bands.
    3a716b1d9 dpif-netdev: Refactor and fix the buckets calculation.
    73ece9c87 dpif-netdev: Fix the meter buckets overflow.
    d5dc16670 python: Send notifications after the transaction ends.
    556e65e17 ovs-ctl: Allow recording hostname separately.
    3982aee45 dpif-netdev: Fix crash when add dp flow without in_port field.
    02096f1b3 Documentation: Fix DPDK qos example.
    8f1dda316 raft: Report disconnected in cluster/status if candidate retries election.
    79e9749da raft: Reintroduce jsonrpc inactivity probes.
    2e84a4adb ovsdb-cs: Fix use-after-free for the request id.
    d2c311dce connmgr: Check nullptr inside ofmonitor_report().
    7307af690 ovsdb-client: Fix needs-conversion when SERVER is explicitly specified.
    2a7a63571 windows, tests: Modify service test.
    9b48549c6 netdev-linux: Fix indentation.
    861a9f3b4 ofproto-dpif-upcall: Fix ukey leak on udpif destroy.
    339044c3c ci: Use parallel build for distcheck.
    38744b1bc ofp-actions: Fix use-after-free while decoding RAW_ENCAP.
    33abe6c05 Prepare for 2.15.1.
    8dc1733ea Set release date for 2.15.0.

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
This commit is contained in:
Bruce Ashfield 2021-09-30 22:34:03 -04:00
parent 1a9f6d9cf6
commit d5c5ad4fe8
2 changed files with 2 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
recipes-networking/openvswitch/files/0001-ofp-actions-Fix-use-after-free-while-decoding-RAW_EN.patch
View File

@ -1,99 +0,0 @@
From 77cccc74deede443e8b9102299efc869a52b65b2 Mon Sep 17 00:00:00 2001
From: Ilya Maximets <i.maximets@ovn.org>
Date: Tue, 16 Feb 2021 23:27:30 +0100
Subject: [PATCH] ofp-actions: Fix use-after-free while decoding RAW_ENCAP.
While decoding RAW_ENCAP action, decode_ed_prop() might re-allocate
ofpbuf if there is no enough space left. However, function
'decode_NXAST_RAW_ENCAP' continues to use old pointer to 'encap'
structure leading to write-after-free and incorrect decoding.
==3549105==ERROR: AddressSanitizer: heap-use-after-free on address
0x60600000011a at pc 0x0000005f6cc6 bp 0x7ffc3a2d4410 sp 0x7ffc3a2d4408
WRITE of size 2 at 0x60600000011a thread T0
#0 0x5f6cc5 in decode_NXAST_RAW_ENCAP lib/ofp-actions.c:4461:20
#1 0x5f0551 in ofpact_decode ./lib/ofp-actions.inc2:4777:16
#2 0x5ed17c in ofpacts_decode lib/ofp-actions.c:7752:21
#3 0x5eba9a in ofpacts_pull_openflow_actions__ lib/ofp-actions.c:7791:13
#4 0x5eb9fc in ofpacts_pull_openflow_actions lib/ofp-actions.c:7835:12
#5 0x64bb8b in ofputil_decode_packet_out lib/ofp-packet.c:1113:17
#6 0x65b6f4 in ofp_print_packet_out lib/ofp-print.c:148:13
#7 0x659e3f in ofp_to_string__ lib/ofp-print.c:1029:16
#8 0x659b24 in ofp_to_string lib/ofp-print.c:1244:21
#9 0x65a28c in ofp_print lib/ofp-print.c:1288:28
#10 0x540d11 in ofctl_ofp_parse utilities/ovs-ofctl.c:2814:9
#11 0x564228 in ovs_cmdl_run_command__ lib/command-line.c:247:17
#12 0x56408a in ovs_cmdl_run_command lib/command-line.c:278:5
#13 0x5391ae in main utilities/ovs-ofctl.c:179:9
#14 0x7f6911ce9081 in __libc_start_main (/lib64/libc.so.6+0x27081)
#15 0x461fed in _start (utilities/ovs-ofctl+0x461fed)
Fix that by getting a new pointer before using.
Credit to OSS-Fuzz.
Fuzzer regression test will fail only with AddressSanitizer enabled.
Upstream-status: Backport
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851
Fixes: f839892a206a ("OF support and translation of generic encap and decap")
Acked-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
---
lib/ofp-actions.c | 2 ++
tests/automake.mk | 3 ++-
tests/fuzz-regression-list.at | 1 +
tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 | 0
4 files changed, 5 insertions(+), 1 deletion(-)
create mode 100644 tests/fuzz-regression/ofp_print_fuzzer-6540965472632832
diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c
index e2e829772..0342a228b 100644
--- a/lib/ofp-actions.c
+++ b/lib/ofp-actions.c
@@ -4431,6 +4431,7 @@ decode_NXAST_RAW_ENCAP(const struct nx_action_encap *nae,
{
struct ofpact_encap *encap;
const struct ofp_ed_prop_header *ofp_prop;
+ const size_t encap_ofs = out->size;
size_t props_len;
uint16_t n_props = 0;
int err;
@@ -4458,6 +4459,7 @@ decode_NXAST_RAW_ENCAP(const struct nx_action_encap *nae,
}
n_props++;
}
+ encap = ofpbuf_at_assert(out, encap_ofs, sizeof *encap);
encap->n_props = n_props;
out->header = &encap->ofpact;
ofpact_finish_ENCAP(out, &encap);
diff --git a/tests/automake.mk b/tests/automake.mk
index 677b99a6b..fc80e027d 100644
--- a/tests/automake.mk
+++ b/tests/automake.mk
@@ -134,7 +134,8 @@ FUZZ_REGRESSION_TESTS = \
tests/fuzz-regression/ofp_print_fuzzer-5722747668791296 \
tests/fuzz-regression/ofp_print_fuzzer-6285128790704128 \
tests/fuzz-regression/ofp_print_fuzzer-6470117922701312 \
- tests/fuzz-regression/ofp_print_fuzzer-6502620041576448
+ tests/fuzz-regression/ofp_print_fuzzer-6502620041576448 \
+ tests/fuzz-regression/ofp_print_fuzzer-6540965472632832
$(srcdir)/tests/fuzz-regression-list.at: tests/automake.mk
$(AM_V_GEN)for name in $(FUZZ_REGRESSION_TESTS); do \
basename=`echo $$name | sed 's,^.*/,,'`; \
diff --git a/tests/fuzz-regression-list.at b/tests/fuzz-regression-list.at
index e3173fb88..2347c690e 100644
--- a/tests/fuzz-regression-list.at
+++ b/tests/fuzz-regression-list.at
@@ -21,3 +21,4 @@ TEST_FUZZ_REGRESSION([ofp_print_fuzzer-5722747668791296])
TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6285128790704128])
TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6470117922701312])
TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6502620041576448])
+TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6540965472632832])
diff --git a/tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 b/tests/fuzz-regression/ofp_print_fuzzer-6540965472632832
new file mode 100644
index 000000000..e69de29bb
--
2.17.1

5
recipes-networking/openvswitch/openvswitch_git.bb
View File

@ -14,12 +14,12 @@ RDEPENDS:${PN}-ptest += "\
"
S = "${WORKDIR}/git"
PV = "2.15+${SRCPV}"
PV = "2.15.1+${SRCPV}"
CVE_VERSION = "2.13.0"
FILESEXTRAPATHS:append := "${THISDIR}/${PN}-git:"
SRCREV = "8dc1733eaea866dce033b3c44853e1b09bf59fc7"
SRCREV = "f8274b78c3403591e84f3c2bbacf8c86920d68ba"
SRC_URI += "git://github.com/openvswitch/ovs.git;protocol=git;branch=branch-2.15 \
file://openvswitch-add-ptest-71d553b995d0bd527d3ab1e9fbaf5a2ae34de2f3.patch \
file://run-ptest \
@ -28,7 +28,6 @@ SRC_URI += "git://github.com/openvswitch/ovs.git;protocol=git;branch=branch-2.15
file://systemd-update-tool-paths.patch \
file://systemd-create-runtime-dirs.patch \
file://0001-ovs-use-run-instead-of-var-run-for-in-systemd-units.patch \
file://0001-ofp-actions-Fix-use-after-free-while-decoding-RAW_EN.patch \
"
LIC_FILES_CHKSUM = "file://LICENSE;md5=1ce5d23a6429dff345518758f13aaeab"