Bug 2080270

Summary: [22.D RHEL-8] Fast Datapath Release
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Timothy Redaelli <tredaelli>
Component: openvswitch2.13Assignee: Timothy Redaelli <tredaelli>
Status: CLOSED ERRATA QA Contact: Hekai Wang <hewang>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: FDP 22.DCC: ctrautma, hewang, jhsiao, ralongi
Target Milestone: ---   
Target Release: FDP 22.D   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openvswitch2.13-2.13.0-180.el8fdp Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-27 18:14:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Timothy Redaelli 2022-04-29 12:20:39 UTC 
commit 727183c8a94d36d9dfbc7cd6e158776e93a4066d
Author: Chenbo Xia <chenbo.xia>
Date:   Mon Feb 14 16:32:37 2022 +0800

    vhost: fix queue number check when setting inflight FD
    
    [ upstream commit 6442c329b9d2ded0f44b27d2016aaba8ba5844c5 ]
    
    In function vhost_user_set_inflight_fd, queue number in inflight
    message is used to access virtqueue. However, queue number could
    be larger than VHOST_MAX_VRING and cause write OOB as this number
    will be used to write inflight info in virtqueue structure. This
    patch checks the queue number to avoid the issue and also make
    sure virtqueues are allocated before setting inflight information.
    
    Fixes: ad0a4ae491fe ("vhost: checkout resubmit inflight information")
    Cc: stable
    
    Reported-by: Wenxiang Qian <leonwxqian>
    Signed-off-by: Chenbo Xia <chenbo.xia>
    Reviewed-by: Maxime Coquelin <maxime.coquelin>

commit b953f26898313eefa596bc76213006034237abae
Author: David Marchand <david.marchand>
Date:   Tue Jan 18 15:53:30 2022 +0100

    vhost: fix FD leak with inflight messages
    
    [ upstream commit af74f7db384ed149fe42b21dbd7975f8a54ef227 ]
    
    Even if unlikely, a buggy vhost-user master might attach fds to inflight
    messages. Add checks like for other types of vhost-user messages.
    
    Fixes: d87f1a1cb7b6 ("vhost: support inflight info sharing")
    Cc: stable

commit f370310000ba7516fd54811df60a250df745d7ae
Merge: a22f82dd3 f771ef680
Author: Open vSwitch CI <ovs-ci>
Date:   Wed Apr 27 17:59:46 2022 -0400

    Merging upstream branch-2.13
    
    Commit list:
    f771ef6803 ofproto-dpif-xlate: Clear out vlan flow fields while processing native tunnel. (#393566
    2060552)

commit a22f82dd3de9edee25a7208ae735742a6abd2998
Merge: 7093aaf1b 123f0f834
Author: Open vSwitch CI <ovs-ci>
Date:   Tue Apr 26 18:45:36 2022 -0400

    Merging upstream branch-2.13
    
    Commit list:
    123f0f8346 ofproto-xlate: Fix crash when forwarding packet between legacy_l3 tunnels.
    1011545b5a system-traffic: Fix fragment reassembly with L3 L4 protocol information.

commit 7093aaf1b683ade1151716600d53b1b28481e06b
Merge: a1e511ab9 fdca6491a
Author: Open vSwitch CI <ovs-ci>
Date:   Mon Apr 18 13:50:42 2022 -0400

    Merging upstream branch-2.13
    
    Commit list:
    fdca6491ae cirrus: Update FreeBSD versions.

commit a1e511ab9fb76440fab03b41920a0312a8a0c852
Merge: 2dcca0604 7c7e87464
Author: Open vSwitch CI <ovs-ci>
Date:   Fri Apr 8 12:14:36 2022 -0400

    Merging upstream branch-2.13
    
    Commit list:
    7c7e874649 Prepare for 2.13.8.
    3512f8f56a Set release date for 2.13.7.

commit 2dcca06045f5ac26ad7bdb62009620029d499d54
Merge: 25feb8508 6f351968d
Author: Open vSwitch CI <ovs-ci>
Date:   Fri Apr 8 10:00:53 2022 -0400

    Merging upstream branch-2.13
    
    Commit list:
    6f351968df NEWS: Highlight libopenvswitch API change caused by UB fixes.

commit 25feb85087c7ce16515443ef40913095ce41650e
Merge: c9fd039a8 3f6beb3d5
Author: Open vSwitch CI <ovs-ci>
Date:   Wed Apr 6 10:15:46 2022 -0400

    Merging upstream branch-2.13
    
    Commit list:
    3f6beb3d50 netdev-offload-tc: Check for ct_state flag combinations that are not offloadable.

commit c9fd039a8d320f664238e368163c1d1258f337eb
Merge: 776326629 6919581c4
Author: Open vSwitch CI <ovs-ci>
Date:   Tue Apr 5 13:22:44 2022 -0400

    Merging upstream branch-2.13
    
    Commit list:
    6919581c46 dpif-netdev: Fix dp_netdev_get_pmd() function getting correct core_id.
    9746203388 ofproto-dpif-xlate: Fix NULL pointer dereference in xlate_normal().
Comment 5 errata-xmlrpc 2022-05-27 18:14:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: openvswitch2.13 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:4786