diff options
| author | jmbills <jason.m.bills@intel.com> | 2022-01-28 19:43:05 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-28 19:43:05 +0300 |
| commit | 98abe31b448669001c21516eb3b2d4af76031321 (patch) | |
| tree | 0f51257a1ef79405a4be114acbb914ed7131a4a1 | |
| parent | e16509b7e5d85df763b642a7be55c8c8ec104597 (diff) | |
| parent | 2af2c470828b4b3bbcd44215d6a68c8d01cd74db (diff) | |
| download | openbmc-98abe31b448669001c21516eb3b2d4af76031321.tar.xz | |
Merge pull request #78 from Intel-BMC/update
Update to internal 1.01-61
25 files changed, 758 insertions, 406 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-connectivity/avahi/avahi/0001-Fix-NULL-pointer-crashes-CVE-2021-36217.patch b/meta-openbmc-mods/meta-common/recipes-connectivity/avahi/avahi/0001-Fix-NULL-pointer-crashes-CVE-2021-36217.patch new file mode 100644 index 000000000..7b0449a2e --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-connectivity/avahi/avahi/0001-Fix-NULL-pointer-crashes-CVE-2021-36217.patch @@ -0,0 +1,148 @@ +From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001 +From: Tommi Rantala <tommi.t.rantala@nokia.com> +Date: Mon, 8 Feb 2021 11:04:43 +0200 +Subject: [PATCH] Fix NULL pointer crashes from #175 + +avahi-daemon is crashing when running "ping .local". +The crash is due to failing assertion from NULL pointer. +Add missing NULL pointer checks to fix it. + +Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd +--- + avahi-core/browse-dns-server.c | 5 ++++- + avahi-core/browse-domain.c | 5 ++++- + avahi-core/browse-service-type.c | 3 +++ + avahi-core/browse-service.c | 3 +++ + avahi-core/browse.c | 3 +++ + avahi-core/resolve-address.c | 5 ++++- + avahi-core/resolve-host-name.c | 5 ++++- + avahi-core/resolve-service.c | 5 ++++- + 8 files changed, 29 insertions(+), 5 deletions(-) + +diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c +index 049752e9..c2d914fa 100644 +--- a/avahi-core/browse-dns-server.c ++++ b/avahi-core/browse-dns-server.c +@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new( + AvahiSDNSServerBrowser* b; + + b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_dns_server_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c +index f145d56a..06fa70c0 100644 +--- a/avahi-core/browse-domain.c ++++ b/avahi-core/browse-domain.c +@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new( + AvahiSDomainBrowser *b; + + b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_domain_browser_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c +index fdd22dcd..b1fc7af8 100644 +--- a/avahi-core/browse-service-type.c ++++ b/avahi-core/browse-service-type.c +@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new( + AvahiSServiceTypeBrowser *b; + + b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_type_browser_start(b); + + return b; +diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c +index 5531360c..63e0275a 100644 +--- a/avahi-core/browse-service.c ++++ b/avahi-core/browse-service.c +@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new( + AvahiSServiceBrowser *b; + + b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_browser_start(b); + + return b; +diff --git a/avahi-core/browse.c b/avahi-core/browse.c +index 2941e579..e8a915e9 100644 +--- a/avahi-core/browse.c ++++ b/avahi-core/browse.c +@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new( + AvahiSRecordBrowser *b; + + b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_record_browser_start_query(b); + + return b; +diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c +index ac0b29b1..e61dd242 100644 +--- a/avahi-core/resolve-address.c ++++ b/avahi-core/resolve-address.c +@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new( + AvahiSAddressResolver *b; + + b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_address_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c +index 808b0e72..4e8e5973 100644 +--- a/avahi-core/resolve-host-name.c ++++ b/avahi-core/resolve-host-name.c +@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new( + AvahiSHostNameResolver *b; + + b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_host_name_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} +diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c +index 66bf3cae..43771763 100644 +--- a/avahi-core/resolve-service.c ++++ b/avahi-core/resolve-service.c +@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new( + AvahiSServiceResolver *b; + + b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata); ++ if (!b) ++ return NULL; ++ + avahi_s_service_resolver_start(b); + + return b; +-} +\ No newline at end of file ++} diff --git a/meta-openbmc-mods/meta-common/recipes-connectivity/avahi/avahi/0002-handle-hup-CVE-2021-3468.patch b/meta-openbmc-mods/meta-common/recipes-connectivity/avahi/avahi/0002-handle-hup-CVE-2021-3468.patch new file mode 100644 index 000000000..26632e544 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-connectivity/avahi/avahi/0002-handle-hup-CVE-2021-3468.patch @@ -0,0 +1,41 @@ +CVE: CVE-2021-3468 +Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/330] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001 +From: Riccardo Schirone <sirmy15@gmail.com> +Date: Fri, 26 Mar 2021 11:50:24 +0100 +Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in + client_work + +If a client fills the input buffer, client_work() disables the +AVAHI_WATCH_IN event, thus preventing the function from executing the +`read` syscall the next times it is called. However, if the client then +terminates the connection, the socket file descriptor receives a HUP +event, which is not handled, thus the kernel keeps marking the HUP event +as occurring. While iterating over the file descriptors that triggered +an event, the client file descriptor will keep having the HUP event and +the client_work() function is always called with AVAHI_WATCH_HUP but +without nothing being done, thus entering an infinite loop. + +See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938 +--- + avahi-daemon/simple-protocol.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c +index 3e0ebb11..6c0274d6 100644 +--- a/avahi-daemon/simple-protocol.c ++++ b/avahi-daemon/simple-protocol.c +@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv + } + } + ++ if (events & AVAHI_WATCH_HUP) { ++ client_free(c); ++ return; ++ } ++ + c->server->poll_api->watch_update( + watch, + (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) | diff --git a/meta-openbmc-mods/meta-common/recipes-connectivity/avahi/avahi_%.bbappend b/meta-openbmc-mods/meta-common/recipes-connectivity/avahi/avahi_%.bbappend new file mode 100644 index 000000000..ba6b7b554 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-connectivity/avahi/avahi_%.bbappend @@ -0,0 +1,6 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI += " \ + file://0001-Fix-NULL-pointer-crashes-CVE-2021-36217.patch \ + file://0002-handle-hup-CVE-2021-3468.patch \ + " diff --git a/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1k.bb b/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1l.bb index 034cc610d..87325162b 100644 --- a/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1k.bb +++ b/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1l.bb @@ -23,7 +23,7 @@ SRC_URI_append_class-nativesdk = " \ file://environment.d-openssl.sh \ " -SRC_URI[sha256sum] = "892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5" +SRC_URI[sha256sum] = "0b7a3e5e59c34827fe0c3a74b7ec8baef302b98fa80088d7f9153aa16fa76bd1" inherit lib_package multilib_header multilib_script ptest MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" diff --git a/meta-openbmc-mods/meta-common/recipes-core/crashdump/crashdump_git.bb b/meta-openbmc-mods/meta-common/recipes-core/crashdump/crashdump_git.bb index adcdc6011..bb6d54807 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/crashdump/crashdump_git.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/crashdump/crashdump_git.bb @@ -13,7 +13,7 @@ LICENSE = "Proprietary" LIC_FILES_CHKSUM = "file://LICENSE;md5=43c09494f6b77f344027eea0a1c22830" SRC_URI = "git://github.com/Intel-BMC/crashdump;protocol=git" -SRCREV = "wht-1.0.6" +SRCREV = "wht-1.0.7" S = "${WORKDIR}/git" diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0038-CVE-2021-38604-fix-NULL-pointer-dereference-bug-28213.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0038-CVE-2021-38604-fix-NULL-pointer-dereference-bug-28213.patch new file mode 100644 index 000000000..3dca8cc6c --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0038-CVE-2021-38604-fix-NULL-pointer-dereference-bug-28213.patch @@ -0,0 +1,39 @@ +From b805aebd42364fe696e417808a700fdb9800c9e8 Mon Sep 17 00:00:00 2001 +From: Nikita Popov <npv1310@gmail.com> +Date: Mon, 9 Aug 2021 20:17:34 +0530 +Subject: [PATCH] librt: fix NULL pointer dereference (bug 28213) + +Helper thread frees copied attribute on NOTIFY_REMOVED message +received from the OS kernel. Unfortunately, it fails to check whether +copied attribute actually exists (data.attr != NULL). This worked +earlier because free() checks passed pointer before actually +attempting to release corresponding memory. But +__pthread_attr_destroy assumes pointer is not NULL. + +So passing NULL pointer to __pthread_attr_destroy will result in +segmentation fault. This scenario is possible if +notification->sigev_notify_attributes == NULL (which means default +thread attributes should be used). + +Signed-off-by: Nikita Popov <npv1310@gmail.com> +Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> +--- + sysdeps/unix/sysv/linux/mq_notify.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c +index 9799dcdaa4..eccae2e4c6 100644 +--- a/sysdeps/unix/sysv/linux/mq_notify.c ++++ b/sysdeps/unix/sysv/linux/mq_notify.c +@@ -131,7 +131,7 @@ helper_thread (void *arg) + to wait until it is done with it. */ + (void) __pthread_barrier_wait (¬ify_barrier); + } +- else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED) ++ else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED && data.attr != NULL) + { + /* The only state we keep is the copy of the thread attributes. */ + __pthread_attr_destroy (data.attr); +-- +2.27.0 + diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0039-CVE-2021-35942-handle-overflow-in-positional-parameter-number-bug-28011.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0039-CVE-2021-35942-handle-overflow-in-positional-parameter-number-bug-28011.patch new file mode 100644 index 000000000..4ad5da6da --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0039-CVE-2021-35942-handle-overflow-in-positional-parameter-number-bug-28011.patch @@ -0,0 +1,40 @@ +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001 +From: Andreas Schwab <schwab@linux-m68k.org> +Date: Fri, 25 Jun 2021 15:02:47 +0200 +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug + 28011) + +Use strtoul instead of atoi so that overflow can be detected. +--- + posix/wordexp-test.c | 1 + + posix/wordexp.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c +index f93a546d7e..9df02dbbb3 100644 +--- a/posix/wordexp-test.c ++++ b/posix/wordexp-test.c +@@ -183,6 +183,7 @@ struct test_case_struct + { 0, NULL, "$var", 0, 0, { NULL, }, IFS }, + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS }, + { 0, NULL, "", 0, 0, { NULL, }, IFS }, ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS }, + + /* Flags not already covered (testit() has special handling for these) */ + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS }, +diff --git a/posix/wordexp.c b/posix/wordexp.c +index bcbe96e48d..1f3b09f721 100644 +--- a/posix/wordexp.c ++++ b/posix/wordexp.c +@@ -1399,7 +1399,7 @@ envsubst: + /* Is it a numeric parameter? */ + else if (isdigit (env[0])) + { +- int n = atoi (env); ++ unsigned long n = strtoul (env, NULL, 10); + + if (n >= __libc_argc) + /* Substitute NULL. */ +-- +2.27.0 + diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_2.33.bb b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_2.33.bb index 5c4d944b0..b46782499 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_2.33.bb +++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_2.33.bb @@ -51,6 +51,8 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0035-Fix-build-error.patch \ file://0036-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch \ file://0037-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch \ + file://0038-CVE-2021-38604-fix-NULL-pointer-dereference-bug-28213.patch \ + file://0039-CVE-2021-35942-handle-overflow-in-positional-parameter-number-bug-28011.patch \ " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}" diff --git a/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem/0006-Update-Product-ID-for-EEPROM-FRU-platforms.patch b/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem/0006-Update-Product-ID-for-EEPROM-FRU-platforms.patch index 93dcc1c33..28b8f8a4e 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem/0006-Update-Product-ID-for-EEPROM-FRU-platforms.patch +++ b/meta-openbmc-mods/meta-common/recipes-core/ipmi/intel-ipmi-oem/0006-Update-Product-ID-for-EEPROM-FRU-platforms.patch @@ -1,4 +1,4 @@ -From a9899d878d49c5d37810f2d97a68ae9d1de1a390 Mon Sep 17 00:00:00 2001 +From e3324be962eae4f42d6262998b413e4b6e51991d Mon Sep 17 00:00:00 2001 From: Anoop S <anoopx.s@intel.com> Date: Fri, 2 Oct 2020 13:32:05 +0000 Subject: [PATCH] Update Product ID for EEPROM FRU platforms. @@ -32,12 +32,14 @@ Tested-by: Signed-off-by: Anoop S <anoopx.s@intel.com> Signed-off-by: Saravanan Palanisamy <saravanan.palanisamy@linux.intel.com> + +%% original patch: 0006-Update-Product-ID-for-EEPROM-FRU-platforms.patch --- - src/appcommands.cpp | 137 ++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 131 insertions(+), 6 deletions(-) + src/appcommands.cpp | 142 ++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 136 insertions(+), 6 deletions(-) diff --git a/src/appcommands.cpp b/src/appcommands.cpp -index 10e3d13..d5b5c50 100644 +index 10e3d13..6e3df64 100644 --- a/src/appcommands.cpp +++ b/src/appcommands.cpp @@ -16,6 +16,7 @@ @@ -60,47 +62,8 @@ index 10e3d13..d5b5c50 100644 int initBMCDeviceState(ipmi::Context::ptr ctx) { -@@ -286,7 +292,6 @@ RspType<uint8_t, // Device ID - static bool devIdInitialized = false; - static bool bmcStateInitialized = false; - const char* filename = "/usr/share/ipmi-providers/dev_id.json"; -- const char* prodIdFilename = "/var/cache/private/prodID"; - if (!fwVerInitialized) - { - std::string versionString; -@@ -351,13 +356,13 @@ RspType<uint8_t, // Device ID - // boot time. Avoid using DBus to get the Product ID. The Product ID is - // stored in a non-volatile file now. The /usr/bin/checkFru.sh script, - // run during bootup, will populate the productIdFile. -- std::fstream prodIdFile(prodIdFilename); -+ std::fstream prodIdFile(prodIdFilename, std::ios::in); - if (prodIdFile.is_open()) - { -- std::string id = "0x00"; -- char* end; -- prodIdFile.getline(&id[0], id.size() + 1); -- devId.prodId = std::strtol(&id[0], &end, 0); -+ uint16_t id = 0x00; -+ // id will become 0xFFFF (Reserved) if prodIdFile has invalid data. -+ prodIdFile >> std::hex >> id; -+ devId.prodId = id; - devIdInitialized = true; - } - else -@@ -377,17 +382,137 @@ RspType<uint8_t, // Device ID - } - } - -+ // Update the productId, if required. -+ if (!devId.prodId && productId) -+ { -+ devId.prodId = productId; -+ baseBoardUpdatedSignal.reset(); -+ } - return ipmi::responseSuccess(devId.id, devId.revision, devId.fwMajor, - bmcDeviceBusy, devId.fwMinor, devId.ipmiVer, - devId.addnDevSupport, devId.manufId, - devId.prodId, devId.aux); +@@ -256,6 +262,118 @@ std::optional<MetaRevision> convertIntelVersion(std::string& s) + return std::nullopt; } +static void getProductId(const std::string& baseboardObjPath) @@ -215,8 +178,55 @@ index 10e3d13..d5b5c50 100644 + return; +} + - static void registerAPPFunctions(void) - { + RspType<uint8_t, // Device ID + uint8_t, // Device Revision + uint7_t, // Firmware Revision Major +@@ -286,7 +404,6 @@ RspType<uint8_t, // Device ID + static bool devIdInitialized = false; + static bool bmcStateInitialized = false; + const char* filename = "/usr/share/ipmi-providers/dev_id.json"; +- const char* prodIdFilename = "/var/cache/private/prodID"; + if (!fwVerInitialized) + { + std::string versionString; +@@ -351,13 +468,13 @@ RspType<uint8_t, // Device ID + // boot time. Avoid using DBus to get the Product ID. The Product ID is + // stored in a non-volatile file now. The /usr/bin/checkFru.sh script, + // run during bootup, will populate the productIdFile. +- std::fstream prodIdFile(prodIdFilename); ++ std::fstream prodIdFile(prodIdFilename, std::ios::in); + if (prodIdFile.is_open()) + { +- std::string id = "0x00"; +- char* end; +- prodIdFile.getline(&id[0], id.size() + 1); +- devId.prodId = std::strtol(&id[0], &end, 0); ++ uint16_t id = 0x00; ++ // id will become 0xFFFF (Reserved) if prodIdFile has invalid data. ++ prodIdFile >> std::hex >> id; ++ devId.prodId = id; + devIdInitialized = true; + } + else +@@ -377,6 +494,17 @@ RspType<uint8_t, // Device ID + } + } + ++ if (!devId.prodId) ++ { ++ baseBoardUpdatedSignal.reset(); ++ getProductIdFromBoard(); ++ } ++ // Update the productId, if required. ++ if (!devId.prodId && productId) ++ { ++ devId.prodId = productId; ++ baseBoardUpdatedSignal.reset(); ++ } + return ipmi::responseSuccess(devId.id, devId.revision, devId.fwMajor, + bmcDeviceBusy, devId.fwMinor, devId.ipmiVer, + devId.addnDevSupport, devId.manufId, +@@ -388,6 +516,8 @@ static void registerAPPFunctions(void) // <Get Device ID> registerHandler(prioOemBase, netFnApp, app::cmdGetDeviceId, Privilege::User, ipmiAppGetDeviceId); diff --git a/meta-openbmc-mods/meta-common/recipes-core/nv-sync/nv-sync/nv-syncd b/meta-openbmc-mods/meta-common/recipes-core/nv-sync/nv-sync/nv-syncd index e2bb4bb0c..538c96875 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/nv-sync/nv-sync/nv-syncd +++ b/meta-openbmc-mods/meta-common/recipes-core/nv-sync/nv-sync/nv-syncd @@ -3,8 +3,12 @@ NVMP=/tmp/.rwfs SOMP=/var/sofs +clean_var_volatile_tmp() { + rm -rf $NVMP/.overlay/var/volatile/tmp/* || : +} + do_sync() { - rsync -a --delete /tmp/.overlay/ $NVMP/.overlay + rsync -a --delete --exclude='**/var/volatile/tmp/**' /tmp/.overlay/ $NVMP/.overlay sync $NVMP/.overlay } @@ -25,6 +29,8 @@ trap stop_nv EXIT mount -o remount,rw $NVMP mount -o remount,rw $SOMP +clean_var_volatile_tmp + # Run rsync periodically to sync the overlay to NV storage while true; do do_sync diff --git a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0003-CVE-2021-33910-basic-unit-name-do-not-use-strdupa-on-a-path.patch b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0003-CVE-2021-33910-basic-unit-name-do-not-use-strdupa-on-a-path.patch new file mode 100644 index 000000000..a240d63d4 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0003-CVE-2021-33910-basic-unit-name-do-not-use-strdupa-on-a-path.patch @@ -0,0 +1,64 @@ +From 4a1c5f34bd3e1daed4490e9d97918e504d19733b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 23 Jun 2021 11:46:41 +0200 +Subject: [PATCH] basic/unit-name: do not use strdupa() on a path + +The path may have unbounded length, for example through a fuse mount. + +CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and +ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo +and each mountpoint is passed to mount_setup_unit(), which calls +unit_name_path_escape() underneath. A local attacker who is able to mount a +filesystem with a very long path can crash systemd and the whole system. + +https://bugzilla.redhat.com/show_bug.cgi?id=1970887 + +The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we +can't easily check the length after simplification before doing the +simplification, which in turns uses a copy of the string we can write to. +So we can't reject paths that are too long before doing the duplication. +Hence the most obvious solution is to switch back to strdup(), as before +7410616cd9dbbec97cf98d75324da5cda2b2f7a2. + +(cherry picked from commit 441e0115646d54f080e5c3bb0ba477c892861ab9) +(cherry picked from commit 764b74113e36ac5219a4b82a05f311b5a92136ce) +--- + src/basic/unit-name.c | 13 +++++-------- + 1 file changed, 5 insertions(+), 8 deletions(-) + +diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c +index 85dcba6cb7..46b24f2d9e 100644 +--- a/src/basic/unit-name.c ++++ b/src/basic/unit-name.c +@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) { + } + + int unit_name_path_escape(const char *f, char **ret) { +- char *p, *s; ++ _cleanup_free_ char *p = NULL; ++ char *s; + + assert(f); + assert(ret); + +- p = strdupa(f); ++ p = strdup(f); + if (!p) + return -ENOMEM; + +@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) { + if (!path_is_normalized(p)) + return -EINVAL; + +- /* Truncate trailing slashes */ ++ /* Truncate trailing slashes and skip leading slashes */ + delete_trailing_chars(p, "/"); +- +- /* Truncate leading slashes */ +- p = skip_leading_chars(p, "/"); +- +- s = unit_name_escape(p); ++ s = unit_name_escape(skip_leading_chars(p, "/")); + } + if (!s) + return -ENOMEM; diff --git a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend index e6df605aa..ecb27d416 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend @@ -7,6 +7,7 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" SRC_URI += "file://0001-Modfiy-system.conf-DefaultTimeoutStopSec.patch \ file://0002-Disable-LLMNR-port-5355.patch \ file://systemd-time-wait-sync.service \ + file://0003-CVE-2021-33910-basic-unit-name-do-not-use-strdupa-on-a-path.patch \ " USERADD_PACKAGES_remove = "${PN}-journal-gateway ${PN}-journal-upload ${PN}-journal-remote" diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/CVE-2021-37600/0001-sys-utils-ipcutils-be-careful-when-call-calloc-for-u.patch b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/CVE-2021-37600/0001-sys-utils-ipcutils-be-careful-when-call-calloc-for-u.patch new file mode 100644 index 000000000..bdb58d032 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux/CVE-2021-37600/0001-sys-utils-ipcutils-be-careful-when-call-calloc-for-u.patch @@ -0,0 +1,28 @@ +From 1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c Mon Sep 17 00:00:00 2001 +From: Karel Zak <kzak@redhat.com> +Date: Tue, 27 Jul 2021 11:58:31 +0200 +Subject: [PATCH] sys-utils/ipcutils: be careful when call calloc() for uint64 + nmembs + +Fix: https://github.com/karelzak/util-linux/issues/1395 +Signed-off-by: Karel Zak <kzak@redhat.com> +--- + sys-utils/ipcutils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c +index e784c4dcb9c0..18868cfd3885 100644 +--- a/sys-utils/ipcutils.c ++++ b/sys-utils/ipcutils.c +@@ -218,7 +218,7 @@ static void get_sem_elements(struct sem_data *p) + { + size_t i; + +- if (!p || !p->sem_nsems || p->sem_perm.id < 0) ++ if (!p || !p->sem_nsems || p->sem_nsems > SIZE_MAX || p->sem_perm.id < 0) + return; + + p->elements = xcalloc(p->sem_nsems, sizeof(struct sem_elem)); +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_%.bbappend new file mode 100644 index 000000000..5178ce553 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/util-linux/util-linux_%.bbappend @@ -0,0 +1,6 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2021-37600:" +SRC_URI += " \ + file://0001-sys-utils-ipcutils-be-careful-when-call-calloc-for-u.patch \ + " diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-21781/0001-ARM-ensure-the-signal-page-contains-defined-contents.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-21781/0001-ARM-ensure-the-signal-page-contains-defined-contents.patch new file mode 100644 index 000000000..98597243e --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-21781/0001-ARM-ensure-the-signal-page-contains-defined-contents.patch @@ -0,0 +1,52 @@ +From f49bff85b6dbb60a410c7f7dc53b52ee1dc22470 Mon Sep 17 00:00:00 2001 +From: Russell King <rmk+kernel@armlinux.org.uk> +Date: Fri, 29 Jan 2021 10:19:07 +0000 +Subject: [PATCH] ARM: ensure the signal page contains defined contents + +[ Upstream commit 9c698bff66ab4914bb3d71da7dc6112519bde23e ] + +Ensure that the signal page contains our poison instruction to increase +the protection against ROP attacks and also contains well defined +contents. + +Acked-by: Will Deacon <will@kernel.org> +Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk> +Signed-off-by: Sasha Levin <sashal@kernel.org> +--- + arch/arm/kernel/signal.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c +index ab2568996ddb..c01f76cd0242 100644 +--- a/arch/arm/kernel/signal.c ++++ b/arch/arm/kernel/signal.c +@@ -694,18 +694,20 @@ struct page *get_signal_page(void) + + addr = page_address(page); + ++ /* Poison the entire page */ ++ memset32(addr, __opcode_to_mem_arm(0xe7fddef1), ++ PAGE_SIZE / sizeof(u32)); ++ + /* Give the signal return code some randomness */ + offset = 0x200 + (get_random_int() & 0x7fc); + signal_return_offset = offset; + +- /* +- * Copy signal return handlers into the vector page, and +- * set sigreturn to be a pointer to these. +- */ ++ /* Copy signal return handlers into the page */ + memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes)); + +- ptr = (unsigned long)addr + offset; +- flush_icache_range(ptr, ptr + sizeof(sigreturn_codes)); ++ /* Flush out all instructions in this page */ ++ ptr = (unsigned long)addr; ++ flush_icache_range(ptr, ptr + PAGE_SIZE); + + return page; + } +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-22555/0001-netfilter-x_tables-fix-compat-match-target-pad-out-o.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-22555/0001-netfilter-x_tables-fix-compat-match-target-pad-out-o.patch new file mode 100644 index 000000000..7c5363462 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-22555/0001-netfilter-x_tables-fix-compat-match-target-pad-out-o.patch @@ -0,0 +1,107 @@ +From b29c457a6511435960115c0f548c4360d5f4801d Mon Sep 17 00:00:00 2001 +From: Florian Westphal <fw@strlen.de> +Date: Wed, 7 Apr 2021 21:38:57 +0200 +Subject: [PATCH] netfilter: x_tables: fix compat match/target pad out-of-bound + write + +xt_compat_match/target_from_user doesn't check that zeroing the area +to start of next rule won't write past end of allocated ruleset blob. + +Remove this code and zero the entire blob beforehand. + +Reported-by: syzbot+cfc0247ac173f597aaaa@syzkaller.appspotmail.com +Reported-by: Andy Nguyen <theflow@google.com> +Fixes: 9fa492cdc160c ("[NETFILTER]: x_tables: simplify compat API") +Signed-off-by: Florian Westphal <fw@strlen.de> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + net/ipv4/netfilter/arp_tables.c | 2 ++ + net/ipv4/netfilter/ip_tables.c | 2 ++ + net/ipv6/netfilter/ip6_tables.c | 2 ++ + net/netfilter/x_tables.c | 10 ++-------- + 4 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c +index 6c26533480dd..d6d45d820d79 100644 +--- a/net/ipv4/netfilter/arp_tables.c ++++ b/net/ipv4/netfilter/arp_tables.c +@@ -1193,6 +1193,8 @@ static int translate_compat_table(struct net *net, + if (!newinfo) + goto out_unlock; + ++ memset(newinfo->entries, 0, size); ++ + newinfo->number = compatr->num_entries; + for (i = 0; i < NF_ARP_NUMHOOKS; i++) { + newinfo->hook_entry[i] = compatr->hook_entry[i]; +diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c +index f15bc21d7301..f77ea0dbe656 100644 +--- a/net/ipv4/netfilter/ip_tables.c ++++ b/net/ipv4/netfilter/ip_tables.c +@@ -1428,6 +1428,8 @@ translate_compat_table(struct net *net, + if (!newinfo) + goto out_unlock; + ++ memset(newinfo->entries, 0, size); ++ + newinfo->number = compatr->num_entries; + for (i = 0; i < NF_INET_NUMHOOKS; i++) { + newinfo->hook_entry[i] = compatr->hook_entry[i]; +diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c +index 2e2119bfcf13..eb2b5404806c 100644 +--- a/net/ipv6/netfilter/ip6_tables.c ++++ b/net/ipv6/netfilter/ip6_tables.c +@@ -1443,6 +1443,8 @@ translate_compat_table(struct net *net, + if (!newinfo) + goto out_unlock; + ++ memset(newinfo->entries, 0, size); ++ + newinfo->number = compatr->num_entries; + for (i = 0; i < NF_INET_NUMHOOKS; i++) { + newinfo->hook_entry[i] = compatr->hook_entry[i]; +diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c +index 6bd31a7a27fc..92e9d4ebc5e8 100644 +--- a/net/netfilter/x_tables.c ++++ b/net/netfilter/x_tables.c +@@ -733,7 +733,7 @@ void xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr, + { + const struct xt_match *match = m->u.kernel.match; + struct compat_xt_entry_match *cm = (struct compat_xt_entry_match *)m; +- int pad, off = xt_compat_match_offset(match); ++ int off = xt_compat_match_offset(match); + u_int16_t msize = cm->u.user.match_size; + char name[sizeof(m->u.user.name)]; + +@@ -743,9 +743,6 @@ void xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr, + match->compat_from_user(m->data, cm->data); + else + memcpy(m->data, cm->data, msize - sizeof(*cm)); +- pad = XT_ALIGN(match->matchsize) - match->matchsize; +- if (pad > 0) +- memset(m->data + match->matchsize, 0, pad); + + msize += off; + m->u.user.match_size = msize; +@@ -1116,7 +1113,7 @@ void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr, + { + const struct xt_target *target = t->u.kernel.target; + struct compat_xt_entry_target *ct = (struct compat_xt_entry_target *)t; +- int pad, off = xt_compat_target_offset(target); ++ int off = xt_compat_target_offset(target); + u_int16_t tsize = ct->u.user.target_size; + char name[sizeof(t->u.user.name)]; + +@@ -1126,9 +1123,6 @@ void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr, + target->compat_from_user(t->data, ct->data); + else + memcpy(t->data, ct->data, tsize - sizeof(*ct)); +- pad = XT_ALIGN(target->targetsize) - target->targetsize; +- if (pad > 0) +- memset(t->data + target->targetsize, 0, pad); + + tsize += off; + t->u.user.target_size = tsize; +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3679/0001-tracing-Fix-bug-in-rb_per_cpu_empty-that-might-cause.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3679/0001-tracing-Fix-bug-in-rb_per_cpu_empty-that-might-cause.patch new file mode 100644 index 000000000..4ed034ac2 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3679/0001-tracing-Fix-bug-in-rb_per_cpu_empty-that-might-cause.patch @@ -0,0 +1,106 @@ +From f899f24d34d964593b16122a774c192a78e2ca56 Mon Sep 17 00:00:00 2001 +From: Haoran Luo <www@aegistudio.net> +Date: Wed, 21 Jul 2021 14:12:07 +0000 +Subject: [PATCH] tracing: Fix bug in rb_per_cpu_empty() that might cause + deadloop. + +commit 67f0d6d9883c13174669f88adac4f0ee656cc16a upstream. + +The "rb_per_cpu_empty()" misinterpret the condition (as not-empty) when +"head_page" and "commit_page" of "struct ring_buffer_per_cpu" points to +the same buffer page, whose "buffer_data_page" is empty and "read" field +is non-zero. + +An error scenario could be constructed as followed (kernel perspective): + +1. All pages in the buffer has been accessed by reader(s) so that all of +them will have non-zero "read" field. + +2. Read and clear all buffer pages so that "rb_num_of_entries()" will +return 0 rendering there's no more data to read. It is also required +that the "read_page", "commit_page" and "tail_page" points to the same +page, while "head_page" is the next page of them. + +3. Invoke "ring_buffer_lock_reserve()" with large enough "length" +so that it shot pass the end of current tail buffer page. Now the +"head_page", "commit_page" and "tail_page" points to the same page. + +4. Discard current event with "ring_buffer_discard_commit()", so that +"head_page", "commit_page" and "tail_page" points to a page whose buffer +data page is now empty. + +When the error scenario has been constructed, "tracing_read_pipe" will +be trapped inside a deadloop: "trace_empty()" returns 0 since +"rb_per_cpu_empty()" returns 0 when it hits the CPU containing such +constructed ring buffer. Then "trace_find_next_entry_inc()" always +return NULL since "rb_num_of_entries()" reports there's no more entry +to read. Finally "trace_seq_to_user()" returns "-EBUSY" spanking +"tracing_read_pipe" back to the start of the "waitagain" loop. + +I've also written a proof-of-concept script to construct the scenario +and trigger the bug automatically, you can use it to trace and validate +my reasoning above: + + https://github.com/aegistudio/RingBufferDetonator.git + +Tests has been carried out on linux kernel 5.14-rc2 +(2734d6c1b1a089fb593ef6a23d4b70903526fe0c), my fixed version +of kernel (for testing whether my update fixes the bug) and +some older kernels (for range of affected kernels). Test result is +also attached to the proof-of-concept repository. + +Link: https://lore.kernel.org/linux-trace-devel/YPaNxsIlb2yjSi5Y@aegistudio/ +Link: https://lore.kernel.org/linux-trace-devel/YPgrN85WL9VyrZ55@aegistudio + +Cc: stable@vger.kernel.org +Fixes: bf41a158cacba ("ring-buffer: make reentrant") +Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org> +Signed-off-by: Haoran Luo <www@aegistudio.net> +Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + kernel/trace/ring_buffer.c | 28 ++++++++++++++++++++++++---- + 1 file changed, 24 insertions(+), 4 deletions(-) + +diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c +index 728374166653..5e1b9f6e77f3 100644 +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -3221,10 +3221,30 @@ static bool rb_per_cpu_empty(struct ring_buffer_per_cpu *cpu_buffer) + if (unlikely(!head)) + return true; + +- return reader->read == rb_page_commit(reader) && +- (commit == reader || +- (commit == head && +- head->read == rb_page_commit(commit))); ++ /* Reader should exhaust content in reader page */ ++ if (reader->read != rb_page_commit(reader)) ++ return false; ++ ++ /* ++ * If writers are committing on the reader page, knowing all ++ * committed content has been read, the ring buffer is empty. ++ */ ++ if (commit == reader) ++ return true; ++ ++ /* ++ * If writers are committing on a page other than reader page ++ * and head page, there should always be content to read. ++ */ ++ if (commit != head) ++ return false; ++ ++ /* ++ * Writers are committing on the head page, we just need ++ * to care about there're committed data, and the reader will ++ * swap reader page with head page when it is to read data. ++ */ ++ return rb_page_commit(commit) == 0; + } + + /** +-- +2.17.1 + diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/intel.cfg b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/intel.cfg index 9c08d590f..ef07b6b13 100644 --- a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/intel.cfg +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/intel.cfg @@ -90,4 +90,6 @@ CONFIG_USB_EHCI_HCD_PLATFORM=n CONFIG_IPMB_DEVICE_INTERFACE=y CONFIG_BPF_SYSCALL=n CONFIG_IO_URING=n - +CONFIG_EXT2_FS=n +CONFIG_EXT3_FS=n +CONFIG_EXT4_FS=n diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend index 467578d85..e9916f101 100644 --- a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend @@ -264,5 +264,23 @@ SRC_URI += " \ file://0001-dm-ioctl-fix-out-of-bounds-array-access-when-no-devi.patch \ " +# CVE-2021-22555 vulnerability fix +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2021-22555:" +SRC_URI += " \ + file://0001-netfilter-x_tables-fix-compat-match-target-pad-out-o.patch \ + " + +# CVE-2021-3679 vulnerability fix +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2021-3679:" +SRC_URI += " \ + file://0001-tracing-Fix-bug-in-rb_per_cpu_empty-that-might-cause.patch \ + " + +# CVE-2020-21781 vulnerability fix +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2020-21781:" +SRC_URI += " \ + file://0001-ARM-ensure-the-signal-page-contains-defined-contents.patch \ + " + SRC_URI += "${@bb.utils.contains('IMAGE_FSTYPES', 'intel-pfr', 'file://0005-128MB-flashmap-for-PFR.patch', '', d)}" SRC_URI += "${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tweaks', 'file://debug.cfg', '', d)}" diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net/0009-Add-dbus-interface-for-sol-commands.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net/0009-Add-dbus-interface-for-sol-commands.patch deleted file mode 100644 index 5f749af45..000000000 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net/0009-Add-dbus-interface-for-sol-commands.patch +++ /dev/null @@ -1,317 +0,0 @@ -From e5ab844259f569656e95f5324f7428229dd811a7 Mon Sep 17 00:00:00 2001 -From: Cheng C Yang <cheng.c.yang@intel.com> -Date: Wed, 3 Jul 2019 07:39:47 +0800 -Subject: [PATCH] Add dbus interface for sol commands - -Add dbus interface for sol config parameters so that after move set/get -sol config parameter command from net-ipmid to host-ipmid, the command -can send config parameters to net-ipmid sol service through the dbus -interface. - -Tested by: -busctl introspect xyz.openbmc_project.Settings /xyz/openbmc_project -/network/host0/sol can show correct dbus properties of sol parameters. -ipmitool -I lanplus -H x -U x -P x raw 0x0c 0x21 0x0e 0x00 0x01 -ipmitool -I lanplus -H x -U x -P x raw 0x0c 0x21 0x0e 0x01 0x00 -ipmitool -I lanplus -H x -U x -P x raw 0x0c 0x21 0x0e 0x02 0x83 -ipmitool -I lanplus -H x -U x -P x raw 0x0c 0x21 0x0e 0x03 0x5 0x03 -ipmitool -I lanplus -H x -U x -P x raw 0x0c 0x21 0x0e 0x04 0x5 0x03 -all these commands can change the dbus properties as the value in -above commands. -Before and after run these commands, ipmitool -I lanplus -H x -U x --P x sol activate can start sol session correctly. -After reboot BMC, "Progress" property in dbus interface change back -to 0 and other properties will not reset to default value. - -Signed-off-by: Cheng C Yang <cheng.c.yang@intel.com> ---- - command/payload_cmds.cpp | 3 + - command/sol_cmds.cpp | 84 -------------------------- - sol/sol_manager.cpp | 124 +++++++++++++++++++++++++++++++++++++++ - sol/sol_manager.hpp | 1 + - sol_module.cpp | 6 -- - 5 files changed, 128 insertions(+), 90 deletions(-) - -diff --git a/command/payload_cmds.cpp b/command/payload_cmds.cpp -index c8e682e..bc987c5 100644 ---- a/command/payload_cmds.cpp -+++ b/command/payload_cmds.cpp -@@ -41,6 +41,9 @@ std::vector<uint8_t> activatePayload(const std::vector<uint8_t>& inPayload, - return outPayload; - } - -+ std::get<sol::Manager&>(singletonPool) -+ .updateSOLParameter(ipmi::convertCurrentChannelNum( -+ ipmi::currentChNum, getInterfaceIndex())); - if (!std::get<sol::Manager&>(singletonPool).enable) - { - response->completionCode = IPMI_CC_PAYLOAD_TYPE_DISABLED; -diff --git a/command/sol_cmds.cpp b/command/sol_cmds.cpp -index fda3e91..a1e820f 100644 ---- a/command/sol_cmds.cpp -+++ b/command/sol_cmds.cpp -@@ -71,90 +71,6 @@ void activating(uint8_t payloadInstance, uint32_t sessionID) - outPayload); - } - --std::vector<uint8_t> setConfParams(const std::vector<uint8_t>& inPayload, -- const message::Handler& handler) --{ -- std::vector<uint8_t> outPayload(sizeof(SetConfParamsResponse)); -- auto request = -- reinterpret_cast<const SetConfParamsRequest*>(inPayload.data()); -- auto response = reinterpret_cast<SetConfParamsResponse*>(outPayload.data()); -- response->completionCode = IPMI_CC_OK; -- -- switch (static_cast<Parameter>(request->paramSelector)) -- { -- case Parameter::PROGRESS: -- { -- uint8_t progress = request->value & progressMask; -- std::get<sol::Manager&>(singletonPool).progress = progress; -- break; -- } -- case Parameter::ENABLE: -- { -- bool enable = request->value & enableMask; -- std::get<sol::Manager&>(singletonPool).enable = enable; -- break; -- } -- case Parameter::AUTHENTICATION: -- { -- if (!request->auth.auth || !request->auth.encrypt) -- { -- response->completionCode = ipmiCCWriteReadParameter; -- } -- else if (request->auth.privilege < -- static_cast<uint8_t>(session::Privilege::USER) || -- request->auth.privilege > -- static_cast<uint8_t>(session::Privilege::OEM)) -- { -- response->completionCode = IPMI_CC_INVALID_FIELD_REQUEST; -- } -- else -- { -- std::get<sol::Manager&>(singletonPool).solMinPrivilege = -- static_cast<session::Privilege>(request->auth.privilege); -- } -- break; -- } -- case Parameter::ACCUMULATE: -- { -- using namespace std::chrono_literals; -- -- if (request->acc.threshold == 0) -- { -- response->completionCode = IPMI_CC_INVALID_FIELD_REQUEST; -- break; -- } -- -- std::get<sol::Manager&>(singletonPool).accumulateInterval = -- request->acc.interval * sol::accIntervalFactor * 1ms; -- std::get<sol::Manager&>(singletonPool).sendThreshold = -- request->acc.threshold; -- break; -- } -- case Parameter::RETRY: -- { -- using namespace std::chrono_literals; -- -- std::get<sol::Manager&>(singletonPool).retryCount = -- request->retry.count; -- std::get<sol::Manager&>(singletonPool).retryInterval = -- request->retry.interval * sol::retryIntervalFactor * 1ms; -- break; -- } -- case Parameter::PORT: -- { -- response->completionCode = ipmiCCWriteReadParameter; -- break; -- } -- case Parameter::NVBITRATE: -- case Parameter::VBITRATE: -- case Parameter::CHANNEL: -- default: -- response->completionCode = ipmiCCParamNotSupported; -- } -- -- return outPayload; --} -- - std::vector<uint8_t> getConfParams(const std::vector<uint8_t>& inPayload, - const message::Handler& handler) - { -diff --git a/sol/sol_manager.cpp b/sol/sol_manager.cpp -index a118457..55d269a 100644 ---- a/sol/sol_manager.cpp -+++ b/sol/sol_manager.cpp -@@ -14,6 +14,11 @@ - #include <cmath> - #include <ipmid/utils.hpp> - #include <phosphor-logging/log.hpp> -+#include <sdbusplus/message/types.hpp> -+ -+constexpr const char* solInterface = "xyz.openbmc_project.Ipmi.SOL"; -+constexpr const char* solPath = "/xyz/openbmc_project/ipmi/sol/"; -+constexpr const char* PROP_INTF = "org.freedesktop.DBus.Properties"; - - namespace sol - { -@@ -103,6 +108,125 @@ void Manager::stopHostConsole() - } - } - -+std::string getService(sdbusplus::bus::bus& bus, const std::string& intf, -+ const std::string& path) -+{ -+ auto mapperCall = -+ bus.new_method_call("xyz.openbmc_project.ObjectMapper", -+ "/xyz/openbmc_project/object_mapper", -+ "xyz.openbmc_project.ObjectMapper", "GetObject"); -+ -+ mapperCall.append(path); -+ mapperCall.append(std::vector<std::string>({intf})); -+ -+ std::map<std::string, std::vector<std::string>> mapperResponse; -+ -+ try -+ { -+ auto mapperResponseMsg = bus.call(mapperCall); -+ mapperResponseMsg.read(mapperResponse); -+ } -+ catch (sdbusplus::exception_t&) -+ { -+ throw std::runtime_error("ERROR in mapper call"); -+ } -+ -+ if (mapperResponse.begin() == mapperResponse.end()) -+ { -+ throw std::runtime_error("ERROR in reading the mapper response"); -+ } -+ -+ return mapperResponse.begin()->first; -+} -+ -+ipmi::PropertyMap getAllDbusProperties(sdbusplus::bus::bus& bus, -+ const std::string& service, -+ const std::string& objPath, -+ const std::string& interface) -+{ -+ ipmi::PropertyMap properties; -+ -+ sdbusplus::message::message method = bus.new_method_call( -+ service.c_str(), objPath.c_str(), PROP_INTF, "GetAll"); -+ -+ method.append(interface); -+ -+ try -+ { -+ sdbusplus::message::message reply = bus.call(method); -+ reply.read(properties); -+ } -+ catch (sdbusplus::exception_t&) -+ { -+ phosphor::logging::log<phosphor::logging::level::ERR>( -+ "Failed to get all properties", -+ phosphor::logging::entry("PATH=%s", objPath.c_str()), -+ phosphor::logging::entry("INTERFACE=%s", interface.c_str())); -+ throw std::runtime_error("ERROR in reading proerties"); -+ } -+ -+ return properties; -+} -+ -+void Manager::updateSOLParameter(uint8_t channelNum) -+{ -+ std::variant<uint8_t, bool> value; -+ sdbusplus::bus::bus dbus(ipmid_get_sd_bus_connection()); -+ static std::string solService{}; -+ ipmi::PropertyMap properties; -+ std::string ethdevice = ipmi::getChannelName(channelNum); -+ std::string solPathWitheEthName = solPath + ethdevice; -+ if (solService.empty()) -+ { -+ try -+ { -+ solService = getService(dbus, solInterface, solPathWitheEthName); -+ } -+ catch (const std::runtime_error& e) -+ { -+ solService.clear(); -+ phosphor::logging::log<phosphor::logging::level::ERR>( -+ "Error: get SOL service failed"); -+ return; -+ } -+ } -+ try -+ { -+ properties = getAllDbusProperties(dbus, solService, solPathWitheEthName, -+ solInterface); -+ } -+ catch (const std::runtime_error&) -+ { -+ phosphor::logging::log<phosphor::logging::level::ERR>( -+ "Error setting sol parameter"); -+ return; -+ } -+ -+ progress = std::get<uint8_t>(properties["Progress"]); -+ -+ enable = std::get<bool>(properties["Enable"]); -+ -+ forceEncrypt = std::get<bool>(properties["ForceEncryption"]); -+ -+ forceAuth = std::get<bool>(properties["ForceAuthentication"]); -+ -+ solMinPrivilege = static_cast<session::Privilege>( -+ std::get<uint8_t>(properties["Privilege"])); -+ -+ accumulateInterval = -+ std::get<uint8_t>((properties["AccumulateIntervalMS"])) * -+ sol::accIntervalFactor * 1ms; -+ -+ sendThreshold = std::get<uint8_t>(properties["Threshold"]); -+ -+ retryCount = std::get<uint8_t>(properties["RetryCount"]); -+ -+ retryInterval = std::get<uint8_t>(properties["RetryIntervalMS"]) * -+ sol::retryIntervalFactor * 1ms; -+ -+ return; -+} -+ - void Manager::startPayloadInstance(uint8_t payloadInstance, - session::SessionID sessionID) - { -diff --git a/sol/sol_manager.hpp b/sol/sol_manager.hpp -index 5b48add..4e797d4 100644 ---- a/sol/sol_manager.hpp -+++ b/sol/sol_manager.hpp -@@ -252,6 +252,7 @@ class Manager - * @return 0 on success and errno on failure. - */ - int writeConsoleSocket(const std::vector<uint8_t>& input) const; -+ void updateSOLParameter(uint8_t channelNum); - - private: - SOLPayloadMap payloadMap; -diff --git a/sol_module.cpp b/sol_module.cpp -index 8200e74..2b1fb46 100644 ---- a/sol_module.cpp -+++ b/sol_module.cpp -@@ -42,12 +42,6 @@ void registerCommands() - &getPayloadInfo, - session::Privilege::USER, - false}, -- // Set SOL Configuration Parameters -- {{(static_cast<uint32_t>(message::PayloadType::IPMI) << 16) | -- static_cast<uint16_t>(::command::NetFns::TRANSPORT) | 0x21}, -- &setConfParams, -- session::Privilege::ADMIN, -- false}, - // Get SOL Configuration Parameters - {{(static_cast<uint32_t>(message::PayloadType::IPMI) << 16) | - static_cast<uint16_t>(::command::NetFns::TRANSPORT) | 0x22}, --- -2.17.1 - diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net/0011-Remove-Get-SOL-Config-Command-from-Netipmid.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net/0011-Remove-Get-SOL-Config-Command-from-Netipmid.patch index da173704b..7b690998f 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net/0011-Remove-Get-SOL-Config-Command-from-Netipmid.patch +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net/0011-Remove-Get-SOL-Config-Command-from-Netipmid.patch @@ -1,4 +1,4 @@ -From a36f181163974b2da0a954fc97a89fb2cdbd7287 Mon Sep 17 00:00:00 2001 +From adabdfa46aa0db56f40030c7077f991ba1987b04 Mon Sep 17 00:00:00 2001 From: Cheng C Yang <cheng.c.yang@intel.com> Date: Tue, 30 Apr 2019 05:35:31 +0800 Subject: [PATCH] Remove Get SOL Config Command from Netipmid @@ -28,21 +28,21 @@ Payload Port : 623 Signed-off-by: Cheng C Yang <cheng.c.yang@intel.com> --- - command/sol_cmds.cpp | 91 ---------------------------- - command/sol_cmds.hpp | 168 --------------------------------------------------- + command/sol_cmds.cpp | 86 ---------------------- + command/sol_cmds.hpp | 168 ------------------------------------------- sol_module.cpp | 6 -- - 3 files changed, 265 deletions(-) + 3 files changed, 260 deletions(-) diff --git a/command/sol_cmds.cpp b/command/sol_cmds.cpp -index 804b5ea..8b2d041 100644 +index 81dfc993236c..be2cc81fc9cc 100644 --- a/command/sol_cmds.cpp +++ b/command/sol_cmds.cpp -@@ -65,97 +65,6 @@ void activating(uint8_t payloadInstance, uint32_t sessionID) +@@ -69,92 +69,6 @@ void activating(uint8_t payloadInstance, uint32_t sessionID) outPayload); } -std::vector<uint8_t> getConfParams(const std::vector<uint8_t>& inPayload, -- const message::Handler& handler) +- std::shared_ptr<message::Handler>& handler) -{ - std::vector<uint8_t> outPayload(sizeof(GetConfParamsResponse)); - auto request = @@ -60,23 +60,22 @@ index 804b5ea..8b2d041 100644 - { - case Parameter::PROGRESS: - { -- outPayload.push_back( -- std::get<sol::Manager&>(singletonPool).progress); +- outPayload.push_back(sol::Manager::get().progress); - break; - } - case Parameter::ENABLE: - { -- outPayload.push_back(std::get<sol::Manager&>(singletonPool).enable); +- outPayload.push_back(sol::Manager::get().enable); - break; - } - case Parameter::AUTHENTICATION: - { - Auth value{0}; - -- value.encrypt = std::get<sol::Manager&>(singletonPool).forceEncrypt; -- value.auth = std::get<sol::Manager&>(singletonPool).forceAuth; -- value.privilege = static_cast<uint8_t>( -- std::get<sol::Manager&>(singletonPool).solMinPrivilege); +- value.encrypt = sol::Manager::get().forceEncrypt; +- value.auth = sol::Manager::get().forceAuth; +- value.privilege = +- static_cast<uint8_t>(sol::Manager::get().solMinPrivilege); - auto buffer = reinterpret_cast<const uint8_t*>(&value); - - std::copy_n(buffer, sizeof(value), std::back_inserter(outPayload)); @@ -86,11 +85,9 @@ index 804b5ea..8b2d041 100644 - { - Accumulate value{0}; - -- value.interval = std::get<sol::Manager&>(singletonPool) -- .accumulateInterval.count() / +- value.interval = sol::Manager::get().accumulateInterval.count() / - sol::accIntervalFactor; -- value.threshold = -- std::get<sol::Manager&>(singletonPool).sendThreshold; +- value.threshold = sol::Manager::get().sendThreshold; - auto buffer = reinterpret_cast<const uint8_t*>(&value); - - std::copy_n(buffer, sizeof(value), std::back_inserter(outPayload)); @@ -100,10 +97,9 @@ index 804b5ea..8b2d041 100644 - { - Retry value{0}; - -- value.count = std::get<sol::Manager&>(singletonPool).retryCount; -- value.interval = -- std::get<sol::Manager&>(singletonPool).retryInterval.count() / -- sol::retryIntervalFactor; +- value.count = sol::Manager::get().retryCount; +- value.interval = sol::Manager::get().retryInterval.count() / +- sol::retryIntervalFactor; - auto buffer = reinterpret_cast<const uint8_t*>(&value); - - std::copy_n(buffer, sizeof(value), std::back_inserter(outPayload)); @@ -119,8 +115,7 @@ index 804b5ea..8b2d041 100644 - } - case Parameter::CHANNEL: - { -- outPayload.push_back( -- std::get<sol::Manager&>(singletonPool).channel); +- outPayload.push_back(sol::Manager::get().channel); - break; - } - case Parameter::NVBITRATE: @@ -136,7 +131,7 @@ index 804b5ea..8b2d041 100644 } // namespace sol diff --git a/command/sol_cmds.hpp b/command/sol_cmds.hpp -index 182b73e..10cbf25 100644 +index 3e05e0fc035f..9aedfddf0d39 100644 --- a/command/sol_cmds.hpp +++ b/command/sol_cmds.hpp @@ -62,174 +62,6 @@ struct ActivatingRequest @@ -266,7 +261,7 @@ index 182b73e..10cbf25 100644 - * @return Response data for the command. - */ -std::vector<uint8_t> setConfParams(const std::vector<uint8_t>& inPayload, -- const message::Handler& handler); +- std::shared_ptr<message::Handler>& handler); - -/** @struct GetConfParamsRequest - * @@ -309,16 +304,16 @@ index 182b73e..10cbf25 100644 - * @return Response data for the command. - */ -std::vector<uint8_t> getConfParams(const std::vector<uint8_t>& inPayload, -- const message::Handler& handler); +- std::shared_ptr<message::Handler>& handler); - } // namespace command } // namespace sol diff --git a/sol_module.cpp b/sol_module.cpp -index 2b1fb46..6da82c0 100644 +index d9a9a7c9551f..21196d8a2cbf 100644 --- a/sol_module.cpp +++ b/sol_module.cpp -@@ -42,12 +42,6 @@ void registerCommands() +@@ -41,12 +41,6 @@ void registerCommands() &getPayloadInfo, session::Privilege::USER, false}, @@ -332,5 +327,5 @@ index 2b1fb46..6da82c0 100644 for (const auto& iter : commands) -- -2.7.4 +2.17.1 diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend index f10bb6ef4..86b8873f1 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend @@ -3,7 +3,7 @@ inherit useradd # TODO: This should be removed, once up-stream bump up # issue is resolved SRC_URI += "git://github.com/openbmc/phosphor-net-ipmid" -SRCREV = "2b1edef0b1e395591dcf751d7ccf45a85bb58d4c" +SRCREV = "60d6e4ed2b74c88621f43081951d86956557baa0" USERADD_PACKAGES = "${PN}" # add a group called ipmi @@ -21,7 +21,6 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" SRC_URI += " file://10-nice-rules.conf \ file://0006-Modify-dbus-namespace-of-chassis-control-for-guid.patch \ - file://0009-Add-dbus-interface-for-sol-commands.patch \ file://0011-Remove-Get-SOL-Config-Command-from-Netipmid.patch \ file://0012-crypt_algo-Null-check-on-Cipher-context.patch \ " diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/webui/phosphor-webui_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/webui/phosphor-webui_%.bbappend index 36b155fe9..6b6793914 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/webui/phosphor-webui_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/webui/phosphor-webui_%.bbappend @@ -1,4 +1,4 @@ SRC_URI = "git://github.com/Intel-BMC/phosphor-webui;protocol=ssh;branch=intel2" FILESEXTRAPATHS_prepend_intel := "${THISDIR}/${PN}:" -SRCREV = "2397c142c0d75c7705757a52848945b00928232d" +SRCREV = "3e7346c1ea86c08ff2fafeee8f05c0937ffef731" diff --git a/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.77.0.bb b/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.78.0.bb index 9a5a40ec7..ce2f1e8be 100644 --- a/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.77.0.bb +++ b/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.78.0.bb @@ -9,8 +9,8 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ file://0001-replace-krb5-config-with-pkg-config.patch \ " -SRC_URI[md5sum] = "045d28029679dabb6b20a814934671ad" -SRC_URI[sha256sum] = "6c0c28868cb82593859fc43b9c8fdb769314c855c05cf1b56b023acf855df8ea" +SRC_URI[md5sum] = "9a57717210a0bb0b6becda1497f0f2b5" +SRC_URI[sha256sum] = "98530b317dc95ccb324bbe4f834f07bb642fbc393b794ddf3434f246a71ea44a" CVE_PRODUCT = "curl libcurl" inherit autotools pkgconfig binconfig multilib_header @@ -55,7 +55,6 @@ EXTRA_OECONF = " \ --disable-ntlm-wb \ --enable-crypto-auth \ --with-ca-bundle=${sysconfdir}/ssl/certs/ca-certificates.crt \ - --without-libmetalink \ --without-libpsl \ " diff --git a/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle_3.7.2.bb b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle_3.7.3.bb index 320a9048b..fd50ead17 100644 --- a/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle_3.7.2.bb +++ b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle_3.7.3.bb @@ -23,8 +23,8 @@ SRC_URI_append_class-target = "\ file://dlopen-test.patch \ " -SRC_URI[md5sum] = "22849db27ed563ebbc829273f0c97e35" -SRC_URI[sha256sum] = "8d2a604ef1cde4cd5fb77e422531ea25ad064679ff0adf956e78b3352e0ef162" +SRC_URI[md5sum] = "a60273d0fab9c808646fcf5e9edc2e8f" +SRC_URI[sha256sum] = "661f5eb03f048a3b924c3a8ad2515d4068e40f67e774e8a26827658007e3bcf0" UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar" |