Adds tx_queues and rx_queues non-null judgment before free tx or
rx resources, because some app may set tx_queues or rx_queues to
be null before call free resource interfaces, which may cause
a segfault.
Fixes: 64727024d2 ("net/hinic: add device initialization")
Cc: stable@dpdk.org
Signed-off-by: Xiaoyun Wang <cloud.wangxiaoyun@huawei.com>
The VMXNet3 protocol has a start-of-packet (SOP) and end-of-packet (EOP)
marker. If there was a bug where mbuf arrived without SOP the code that
chains the mbuf would dereference a null pointer.
Also, record any mbuf's dropped in statistics.
Although did the initial code no longer have access to VMware.
Compile tested only!
Coverity issue: 124563
Fixes: 8ee787ce80 ("vmxnet3: remove asserts that confuse coverity")
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Yong Wang <yongwang@vmware.com>
Removing the current limitation for TSO over VM
due to the fact that mlx5 currently support it.
Signed-off-by: Raslan Darawsheh <rasland@mellanox.com>
Acked-by: Asaf Penso <asafp@mellanox.com>
Previous patch added support of VLAN item without VLAN ID value,
i.e. using wildcard VLAN item, to match VLAN with any VLAN ID.
The implication on VLAN actions was not taken into consideration.
VLAN actions (e.g. push vlan) use the VLAN ID value in the VLAN item,
and expect it to be valid.
This patch updates function flow_dev_get_vlan_info_from_items() to
check the VLAN item contents before trying to use it.
Fixes: 92818d839e ("net/mlx5: fix match on empty VLAN item in DV mode")
Cc: stable@dpdk.org
Signed-off-by: Dekel Peled <dekelp@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
The design of counter container resize used double buffer algorithm in
order to synchronize between the query thread to the control thread.
When the control thread detected resize need, it created new bigger
buffer for the counter pools in a new container and change the container
index atomically.
In case the query thread had not detect the previous resize before a new
one need was detected by the control thread, the control thread returned
EAGAIN to the flow creation API used a COUNT action.
The rte_flow API doesn't allow unblocked commands and doesn't expect to
get EAGAIN error type.
So, when a lot of flows were created between 2 different periodic
queries, 2 different resizes might try to be created and caused EAGAIN
error.
This behavior may blame flow creations.
Change the synchronization way to use lock instead of double buffer
algorithm.
The critical section of this lock is very small, so flow insertion
rate should not be decreased.
Fixes: ebbac312e4 ("net/mlx5: resize a full counter container")
Cc: stable@dpdk.org
Signed-off-by: Matan Azrad <matan@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
If running DPDK as non-root, some extra capabilities may be required.
The Mellanox devices, using a bifurcated model with Linux drivers,
have some specific requirements summarized in mlx5 PMD guide.
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Reviewed-by: Raslan Darawsheh <rasland@mellanox.com>
Move link state enable/disable to dev_start() and dev_stop()
respectively. This will ensure when devices are stopped,
link status will be appropriately shown as down.
Fixes: dd28bc8c6e ("net/qede: fix VF port creation sequence")
Cc: stable@dpdk.org
Signed-off-by: Shahed Shaikh <shshaikh@marvell.com>
Signed-off-by: Rasesh Mody <rmody@marvell.com>
Signed-off-by: Igor Russkikh <irusskikh@marvell.com>
This patch fixes the issue that failed to create an RSS rule with type
L2-payload.
Fixes: feaae285b3 ("net/i40e: support hash configuration in RSS flow")
Signed-off-by: Shougang Wang <shougangx.wang@intel.com>
Tested-by: Hailin Xu <hailinx.xu@intel.com>
Reviewed-by: Jeff Guo <jia.guo@intel.com>
When configure RSS rule, the etherdev rss hash function type should be
mapped to the corresponding virtchnl rss algorithm type.
Fixes: 7be10c3004 ("net/iavf: add RSS configuration for VF")
Signed-off-by: Jeff Guo <jia.guo@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>
A typo need to be fixed for Simple XOR algorithm configuration.
Fixes: 57094d5943 ("common/iavf: support advanced RSS input set change")
Signed-off-by: Jeff Guo <jia.guo@intel.com>
Acked-by: Xiaolong Ye <xiaolong.ye@intel.com>
When the driver is loaded on a 200G NIC, the port speed is not
displayed correctly. Parse the 200G speed before displaying it.
Signed-off-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
Reviewed-by: Somnath Kotur <somnath.kotur@broadcom.com>
Reviewed-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
Relaxed ordering is a PCI optimization that enables reordering
reads/writes in order to improve performance.
Relaxed ordering was enabled for all processors causing
a degradation in performance in Haswell and Broadwell processors
that don't support this optimization.
In order to avoid that we check if the processor is Haswell
or Broadwell and if so we disable relaxed ordering.
Signed-off-by: Shiri Kuzin <shirik@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
In order to improve performance relaxed ordering was enabled
when creating count object using Devx.
Currently rte enables this optimization by default when using
Devx.
This causes an issue when using firmware that does not have this
capability causing a count object failure.
In order to fix this issue a check of firmware capabilities was
added before enabling relaxed ordering.
Fixes: 53ac93f71a ("net/mlx5: create relaxed ordering memory regions")
Signed-off-by: Shiri Kuzin <shirik@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
Relaxed ordering is a PCI optimization that allows reordering
of reads/writes in order to improve performance.
In order to enable this optimization only when relaxed ordering
is supported, it is checked if IBV_ACCESS_RELAXED_ORDERING is
defined in verbs.h.
Since IBV_ACCESS_RELAXED_ORDERING is an enum and not
defined relaxed ordering wasn't enabled even when supported.
This issue is fixed by using AUTOCONF to check if relaxed
ordering is supported and disabling only if it isn't.
Fixes: 53ac93f71a ("net/mlx5: create relaxed ordering memory regions")
Signed-off-by: Shiri Kuzin <shirik@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
This patch fixes the issue that the flow which both source MAC mask
and destination MAC mask are all zeros can not be created.
Fixes: ea0c22fd82 ("net/i40e: enable MAC address as flow director input set")
Signed-off-by: Shougang Wang <shougangx.wang@intel.com>
Tested-by: Hailin Xu <hailinx.xu@intel.com>
Reviewed-by: Jeff Guo <jia.guo@intel.com>
The register autoneg can't be updated synchronously with flow control
mode setting in the state of port start, so NIC statistics error occurs.
AUTO_NEG Advt register should be updated by ixgbe_setup_fc() when
enabling flow control.
The patch fixes the issue.
Fixes: a524f550da ("net/ixgbe: fix flow control mode setting")
Cc: stable@dpdk.org
Signed-off-by: Guinan Sun <guinanx.sun@intel.com>
Reviewed-by: Wei Zhao <wei.zhao1@intel.com>
The value MLX5_WQE_BUF_ALIGNMENT is defined as 512.
In some cases this alignment size is not adequate, which results in
memory registration that is not accepted by FW.
The result error can be "page_offset is not aligned to page_size/64,
bad umem_offset" (syndrome 0x357275).
This patch updates the definition to match the running system.
Fixes: 18a68e046b ("net/mlx5: fix DevX Rx queue memory alignment")
Cc: stable@dpdk.org
Signed-off-by: Dekel Peled <dekelp@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
Currently, DevX API is used to create Rx objects (RQ, RQT, TIR) only
if LRO or hairpin features are enabled on this RQ.
This patch uses DevX API by default, if DevX is supported and can be
used. Otherwise, Verbs API is used.
Signed-off-by: Dekel Peled <dekelp@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
File mlx5_devx_cmds.c should contain pure DevX calls. It must be OS
agnostic and not include any references to ibv or dv structs (defined in
ibverbs and rdma-core linux libraries). This commit replaces all ibv
and dv references with 'void *'. Specifically, the following struct
were replaced:
1. struct ibv_context *
2. struct ibv_qp *
3. struct mlx5dv_devx_cmd_comp *
Signed-off-by: Ophir Munk <ophirmu@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
Move mlx5 symbols in the map file to the INTERNAL section and add
__internal tags to their definitions.
Those symbols were exported in 20.02 and now (20.05) they are removed.
Avoid ABI comparison issues between 20.05/20.08 and 20.02 by adding the
suppress_file directive to libabigail.abignore file. This directive will
prevent loading mlx5 common symbols and no comparison will be performed.
In addition move symbols from the EXPERIMENTAL section to the INTERNAL
section.
Fixes: 7b4f1e6bd3 ("common/mlx5: introduce common library")
Signed-off-by: Ophir Munk <ophirmu@mellanox.com>
Acked-by: Matan Azrad <matan@mellanox.com>
Multicast MAC filter flag means device ops set_mc_addr_list support
or not. This patch fixes the wrong flag value in Intel driver's document.
Fixes: 9db3f52126 ("doc: generate NIC overview table from ini files")
Fixes: cb25d4323f ("net/avf: enable MAC VLAN and promisc ops")
Fixes: 26e8873433 ("net/ice: support MAC ops")
Cc: stable@dpdk.org
Signed-off-by: Qiming Yang <qiming.yang@intel.com>
Acked-by: Xiaolong Ye <xiaolong.ye@intel.com>
Fix coverity defects of unused value.
Coverity issue: 357745, 357769
Fixes: b8b4c54ef9 ("net/iavf: support flexible Rx descriptor in normal path")
Signed-off-by: Leyi Rong <leyi.rong@intel.com>
Acked-by: Xiaolong Ye <xiaolong.ye@intel.com>
Fix some out-of-bounds memory issues, they may lead to wrong results
or affect application stability.
Coverity issue: 357759, 357713
Fixes: bd3fcf0d0f ("net/igc: support RSS")
Signed-off-by: Alvin Zhang <alvinx.zhang@intel.com>
Reviewed-by: Jeff Guo <jia.guo@intel.com>
Compiling a C++ application that includes directly or indirectly
rte_common.h will cause a warning:
include/rte_common.h:350:37: warning: ISO C++17 does not allow
‘register’ storage class specifier [-Wregister]
rte_combine32ms1b(register uint32_t x)
C++ is pickier than standard C and flags this antique usage.
The register keyword is an old K&R legacy and should be removed
everywhere in DPDK. For now, fix it where it hurts.
Fixes: 08f683174e ("eal: add functions for previous power of 2 alignment")
Cc: stable@dpdk.org
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
On v20.02 some APIs matured and symbols moved from EXPERIMENTAL to
DPDK_20.0.1 block.
This had the affect of breaking the applications that were using these
APIs on v19.11. Although there is no modification of the APIs and the
action is positive and matures the APIs, the affect can be negative to
applications.
When a maintainer is promoting an API to become part of the next major
ABI version by removing the experimental tag. The maintainer may
choose to offer an alias to the experimental tag, to prevent these
breakages in future.
The following changes are made to enabling aliasing:
Updated to the ABI policy and ABI versioning documents.
Created VERSION_SYMBOL_EXPERIMENTAL helper macro.
Updated the 'check-symbols.sh' tool, which was complaining that the
symbol is in EXPERIMENTAL tag in .map file but it is not in the
.experimental section (__rte_experimental tag is missing).
Updated tool in a way it won't complain if the symbol in the
EXPERIMENTAL tag duplicated in some other block in .map file (versioned)
Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com>
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
The document abi_versioning.rst incorrectly instructs the developer to
add BIND_DEFAULT_SYMBOL to the public header, not the source file. This
commit fixes the issue and adds some clarifications.
The commit also clarifies the use of use_function_versioning in the
meson/ninja build system, and does some minor re-organization of the
document.
Fixes: f1ef9794f9 ("doc: add ABI guidelines")
Cc: stable@dpdk.org
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Clarify the reasons behind the three part version numbering scheme.
Documents the fixes made in f26c2b3.
Fixes: f26c2b39b2 ("build: fix soname info for 19.11 compatibility")
Cc: stable@dpdk.org
Signed-off-by: Ray Kinsella <mdr@ashroe.eu>
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
The documentation says that CONFIG_ENABLE_LTO enables LTO during the
build, but the correct value actually is CONFIG_RTE_ENABLE_LTO.
Fixes: 098cc0fea3 ("build: add option to enable LTO")
Cc: stable@dpdk.org
Signed-off-by: Matteo Croce <mcroce@redhat.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Acked-by: Andrzej Ostruszka <aostruszka@marvell.com>
Move the internal symbols to INTERNAL sections so that any
change in them is not reported as ABI breakage.
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Signed-off-by: David Marchand <david.marchand@redhat.com>
Move the internal symbols to INTERNAL sections so that any
change in them is not reported as ABI breakage.
Signed-off-by: Pavan Nikhilesh <pbhagavatula@marvell.com>
Acked-by: Ray Kinsella <mdr@ashroe.eu>
Signed-off-by: David Marchand <david.marchand@redhat.com>
Vhost will create temporary file when receiving VHOST_USER_GET_INFLIGHT_FD
message. Malicious guest can send endless this message to drain out the
resource of host.
When receiving VHOST_USER_GET_INFLIGHT_FD message repeatedly, closing the
file created during the last handling of this message.
CVE-2020-10726
Fixes: d87f1a1cb7 ("vhost: support inflight info sharing")
Cc: stable@dpdk.org
Signed-off-by: Xuan Ding <xuan.ding@intel.com>
Signed-off-by: Xiaolong Ye <xiaolong.ye@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
A malicious container which has direct access to the vhost-user socket
can keep sending VHOST_USER_GET_INFLIGHT_FD messages which may cause
leaking resources until resulting a DOS. Fix it by unmapping the
dev->inflight_info->addr before assigning new mapped addr to it.
CVE-2020-10726
Fixes: d87f1a1cb7 ("vhost: support inflight info sharing")
Cc: stable@dpdk.org
Signed-off-by: Xiaolong Ye <xiaolong.ye@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Malicious guest can construct desc with invalid address and zero buffer
length. That will request vhost to check both translated address and
translated data length. This patch will add missed address check.
CVE-2020-10725
Fixes: 75ed516978 ("vhost: add packed ring batch dequeue")
Fixes: ef861692c3 ("vhost: add packed ring batch enqueue")
Cc: stable@dpdk.org
Signed-off-by: Marvin Liu <yong.liu@intel.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
transform_cipher_param() and transform_chain_param() handle
the payload data for the VHOST_USER_CRYPTO_CREATE_SESS
message. These payloads have to be validated, since it
could come from untrusted sources.
Two buffers and their lengths are defined in this payload,
one the the auth key and one for the cipher key. But above
functions do not validate the key length inputs, which could
lead to read out of bounds, as buffers have static sizes of
64 bytes for the cipher key and 512 bytes for the auth key.
This patch adds necessary checks on the key length field
before being used.
CVE-2020-10724
Fixes: e80a987081 ("vhost/crypto: add session message handler")
Cc: stable@dpdk.org
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>
Reviewed-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
vhost_user_check_and_alloc_queue_pair() is used to extract
a vring index from a payload. This function validates the
index and is called early on in when performing message
handling. Most message handlers depend on it correctly
validating the vring index.
Depending on the message type the vring index is in
different parts of the payload. The function contains a
switch/case for each type and copies the index. This is
stored in a uint16. This index is then validated. Depending
on the message, the source index is an unsigned int. If
integer truncation occurs (uint->uint16) the top 16 bits
of the index are never validated.
When they are used later on (e.g. in
vhost_user_set_vring_num() or vhost_user_set_vring_addr())
it can lead to out of bound indexing. The out of bound
indexed data gets written to, and hence this can cause
memory corruption.
This patch fixes this vulnerability by declaring vring
index as an unsigned int in
vhost_user_check_and_alloc_queue_pair().
CVE-2020-10723
Fixes: 160cbc815b ("vhost: remove a hack on queue allocation")
Cc: stable@dpdk.org
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>
Reviewed-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
vhost_user_set_log_base() is a message handler that is
called to handle the VHOST_USER_SET_LOG_BASE message.
Its payload contains a 64 bit size and offset. Both are
added up and used as a size when calling mmap().
There is no integer overflow check. If an integer overflow
occurs a smaller memory map would be created than
requested. Since the returned mapping is mapped as writable
and used for logging, a memory corruption could occur.
CVE-2020-10722
Fixes: fbc4d248b1 ("vhost: fix offset while mmaping log base address")
Cc: stable@dpdk.org
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Reviewed-by: Xiaolong Ye <xiaolong.ye@intel.com>
Reviewed-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
gcc 10 issues warnings about the use of rearm_data marker
from struct rte_mbuf.
e.g.
../drivers/net/enic/enic_rxtx_vec_avx2.c: In function ‘rx_one’:
../drivers/net/enic/enic_rxtx_vec_avx2.c:21:2:
warning:
array subscript 0 is outside the bounds of an interior zero-length array
‘RTE_MARKER64’ {aka ‘long unsigned int[0]’} [-Wzero-length-bounds]
21 | *(uint64_t *)&mb->rearm_data = enic->mbuf_initializer;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../lib/librte_mbuf/rte_mbuf.h:45,
from ../drivers/net/enic/enic_rxtx_vec_avx2.c:6:
../lib/librte_mbuf/rte_mbuf_core.h:484:15:
note: while referencing ‘rearm_data’
484 | RTE_MARKER64 rearm_data;
|
Disable this warning for gcc 10 in order to allow v20.05 to build
without changes to struct rte_mbuf.
Bugzilla ID: 396
Cc: stable@dpdk.org
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
gcc 10.1.1 reports a warning for the ext_bkt_id variable:
../lib/librte_hash/rte_cuckoo_hash.c:
In function ‘__rte_hash_add_key_with_hash’:
../lib/librte_hash/rte_cuckoo_hash.c:1104:29:
warning: ‘ext_bkt_id’ may be used uninitialized in this function
[-Wmaybe-uninitialized]
1104 | (h->buckets_ext[ext_bkt_id - 1]).sig_current[0] = short_sig;
| ~~~~~~~~~~~^~~
The return value of rte_ring_sc_dequeue_elem() is already checked,
but also initialize ext_bkt_id to zero (invalid value) and check
that it also overwritten.
Fixes: fbfe568103 ("hash: use 32-bit elements rings to save memory")
Cc: stable@dpdk.org
Signed-off-by: Kevin Traynor <ktraynor@redhat.com>
Acked-by: Yipeng Wang <yipeng1.wang@intel.com>
Since it will check the feature mask before running out-of-place
test cases and the virtio-crypto device supports OOP_LB_IN_LB_OUT mode.
Signed-off-by: Jay Zhou <jianjay.zhou@huawei.com>
Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
The OCTEON TX crypto PMD supports non-byte aligned data as
input for SNOW and ZUC algos. Adding the same to the feature list.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Session configure should return -ENOTSUP in case of unsupported xform
requests. Moving the validation of combinations out of cpt, as the
feature support will not be same across OCTEON TX and OCTEON TX2.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
The OCTEON TX2 crypto PMD supports non-byte aligned data as
input for SNOW and ZUC algos. Adding the same to the feature list.
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Update max packet length supported by Inline IPsec Rx to
NIX_MAX_FRS
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
The caam_jr_enable_irqs() and caam_jr_disable_irqs() methods maybe return a
negative error. So use int instead of uint32_t int the functions.
Fixes: e7a45f3cc2 ("crypto/caam_jr: add UIO specific operations")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Gagandeep Singh <g.singh@nxp.com>
Zero is a valid fd. It will fail to check the fd if the fd is zero.
The "job_ring->uio_fd" is an fd, so define it as "int".
Fixes: e7a45f3cc2 ("crypto/caam_jr: add UIO specific operations")
Fixes: a5e1018d5e ("crypto/caam_jr: add routines to configure HW")
Cc: stable@dpdk.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Acked-by: Gagandeep Singh <g.singh@nxp.com>
