Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[security] Upgrade kernel to 3.16.57-2 on 201803 branch #2116

Merged
merged 7 commits into from
Oct 11, 2018

Conversation

zhenggen-xu
Copy link
Collaborator

@zhenggen-xu zhenggen-xu commented Oct 4, 2018

- What I did
Upgrade kernel to 3.16.57-2 on 201803 branch
to fix security issues like:
https://www.debian.org/security/2018/dsa-4120
https://www.debian.org/security/2018/dsa-4179
https://www.debian.org/security/2018/dsa-4187
https://www.debian.org/security/2018/dsa-4188
https://www.debian.org/security/2018/dsa-4196

and more.

- How I did it
Use the code in sonic-linux-kernel PR:
sonic-net/sonic-linux-kernel#68

Fix all modules that rely on kernel modules at sonic-buildimage

- How to verify it
Built opennsl module locally with the sonic-linux-kernel code 3.16.57-2, point the mk file to that module.

Build onie image and loaded to the box with BRCM chip:

sonic:~$uname -a
Linux lnos-x1-a-asw03 3.16.0-6-amd64 #1 SMP Debian 3.16.57-2 (2015-12-19) x86_64 GNU/Linux

sonic:~$ show interfaces status
Interface Lanes Speed MTU Alias Oper Admin


Ethernet0 65 10G 9100 Eth1/1 down up
Ethernet1 66 10G 9100 Eth1/2 down up
Ethernet2 67 10G 9100 Eth1/3 down up
Ethernet3 68 10G 9100 Eth1/4 down up
Ethernet4 69 10G 9100 Eth2/1 down up
Ethernet5 70 10G 9100 Eth2/2 down up
Ethernet6 71 10G 9100 Eth2/3 down up
Ethernet7 72 10G 9100 Eth2/4 down up
Ethernet8 73 10G 9100 Eth3/1 up up
Ethernet9 74 10G 9100 Eth3/2 up up
Ethernet10 75 10G 9100 Eth3/3 down up

Note: The opennsl module should be updated to MSFT official one before merge. Other ASIC vendors binary links need to be updated as well.

Test:

show ver
SONiC Software Version: SONiC.HEAD.3000-0a5337f
Distribution: Debian 8.11
Kernel: 3.16.0-6-amd64
Build commit: 0a5337f
Build date: Fri Oct 5 19:56:19 UTC 2018
Built by: johnar@jenkins-worker-1


Summary:

TestSuite: acl Pass: 276 Fail: 0
TestSuite: arp Pass: 98 Fail: 0
TestSuite: bgp_fact Pass: 59 Fail: 0
TestSuite: continuous_reboot Pass: 112 Fail: 0
TestSuite: everflow_testbed Pass: 493 Fail: 0
TestSuite: fib Pass: 67 Fail: 0
TestSuite: lldp Pass: 62 Fail: 0
TestSuite: link_flap Pass: 564 Fail: 0
TestSuite: mem_check Pass: 56 Fail: 0
TestSuite: mtu Pass: 62 Fail: 0
TestSuite: port_toggle Pass: 61 Fail: 0
TestSuite: reboot Pass: 69 Fail: 0
TestSuite: repeat_harness Pass: 61 Fail: 0
TestSuite: restart_swss Pass: 53 Fail: 0
TestSuite: restart_swss_service Pass: 69 Fail: 0
TestSuite: sensors Pass: 59 Fail: 0
TestSuite: syslog Pass: 79 Fail: 0


Total Pass: 2300 Total Fail: 0

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

@lguohan
Copy link
Collaborator

lguohan commented Oct 4, 2018

can you update the kernel submodule

@zhenggen-xu
Copy link
Collaborator Author

can you update the kernel submodule

It is done after the sonic-linux-kernel was merged.

zzhiyuan and others added 4 commits October 4, 2018 14:31
- Correct lane map in broadcom configuration
- Add writes to txdisable bits for SFPs in hwsku-init
- Add correct hwsku-init implementation for 201803 branch
…-xu/sonic-buildimage into zhenggen-xu-201803-k-upgrade-upstream
Signed-off-by: Guohan Lu <gulv@microsoft.com>
@lguohan
Copy link
Collaborator

lguohan commented Oct 9, 2018

retest this please

1 similar comment
@lguohan
Copy link
Collaborator

lguohan commented Oct 10, 2018

retest this please

@lguohan lguohan merged commit 773ed99 into sonic-net:201803 Oct 11, 2018
@zhenggen-xu zhenggen-xu deleted the 201803-k-upgrade-upstream branch June 7, 2019 19:37
stephenxs added a commit to stephenxs/sonic-buildimage that referenced this pull request Mar 9, 2022
29d5d8d Use abort instead of exit in case calling SAI API failure (sonic-net#2170)
12f980c Fix issue config qos reload causing orchagent aborted via tracking dependencies among QoS tables (sonic-net#2116)
6e5ed1c [chassis][syncd][sai] Adjusting response timeout during syncd init (sonic-net#2159)
0a99f54 Try get port operational speed from STATE DB (sonic-net#2119)
828cccf [crm] Use sai_object_type_get_availability() API to get counters (sonic-net#2098)
18c73a1 Allow IPv4 link-local nexthops (sonic-net#1903)

Signed-off-by: Stephen Sun <stephens@nvidia.com>
liat-grozovik pushed a commit that referenced this pull request Mar 15, 2022
Update sonic-swss with the following changes:

29d5d8d Use abort instead of exit in case calling SAI API failure (#2170)
12f980c Fix issue config qos reload causing orchagent aborted via tracking dependencies among QoS tables (#2116)
6e5ed1c [chassis][syncd][sai] Adjusting response timeout during syncd init (#2159)
0a99f54 Try get port operational speed from STATE DB (#2119)
828cccf [crm] Use sai_object_type_get_availability() API to get counters (#2098)
18c73a1 Allow IPv4 link-local nexthops (#1903)

Signed-off-by: Stephen Sun <stephens@nvidia.com>
judyjoseph added a commit that referenced this pull request Mar 20, 2022
6a6b711 (HEAD -> 202111, origin/202111) Fix issue: sometimes PFC WD unable to create zero buffer pool (#2164)
459aee0 Use abort instead of exit in case calling SAI API failure (#2170)
e767137 Fix issue config qos reload causing orchagent aborted via tracking dependencies among QoS tables (#2116)
Ndancejic pushed a commit to Ndancejic/sonic-buildimage that referenced this pull request May 3, 2022
…pendencies among QoS tables (sonic-net#2116)

- What I did
Fix issue config qos reload causing orchagent aborted via tracking dependencies among QoS tables

1. Track dependencies among QoS tables.
2. Won't call SAI remove API for an object if it is still referenced.
3. Support removing/replacing one field in PORT_QOS_MAP and QUEUE tables.
4. Optimize logic to handle QUEUE table.
5. Remove switch level DSCP_TO_TC map before the map is removed.
6. Add mock test

- Why I did it
Fix issue.

- How I verified it
Manually test and mock test.

Signed-off-by: Stephen Sun <stephens@nvidia.com>
dprital added a commit to dprital/sonic-buildimage that referenced this pull request May 25, 2022
Update sonic-utilities submodule pointer to include the following:
* [GCU] Handling type1 lists ([sonic-net#2171](sonic-net/sonic-utilities#2171))
* [yang] extend ConfigMgmt constructor to pass YANG options ([sonic-net#2118](sonic-net/sonic-utilities#2118))
* [dump] implement ACL modules ([sonic-net#2153](sonic-net/sonic-utilities#2153))
* show commands for SYSTEM READY ([sonic-net#1851](sonic-net/sonic-utilities#1851))
* [GCU] Handling non-compliant leaf-list with string values ([sonic-net#2174](sonic-net/sonic-utilities#2174))
* Add sonic-delayed.target to Application Extension .timer file generator ([sonic-net#2176](sonic-net/sonic-utilities#2176))
* [portconfig] Allow to configure interface mtu for physical ports ([#l](https://github.com/Azure/sonic-utilities/pull/l))
* Broadcast Unknown-multicast and Unknown-unicast Storm-control  ([sonic-net#928](sonic-net/sonic-utilities#928))
* sonic-utils: initial support for link-training ([sonic-net#2071](sonic-net/sonic-utilities#2071))
* [portchannel] Added ACL/PBH binding checks to the port before getting added to portchannel ([sonic-net#2151](sonic-net/sonic-utilities#2151))
* Modify override testcase to cover PORT admin_status ([sonic-net#2165](sonic-net/sonic-utilities#2165))
* [GCU] Validate peer_group_range ip_range are correct ([sonic-net#2145](sonic-net/sonic-utilities#2145))
* [auto-ts] add memory check ([sonic-net#2116](sonic-net/sonic-utilities#2116))
* support new interface types CR8/SR8/KR8/LR8 which are brougnt by SAI V.1.10.2 ([sonic-net#2167](sonic-net/sonic-utilities#2167))
* [scripts/fast-reboot] Add option to include ssd-upgrader-part boot option with SONiC partition ([sonic-net#2150](sonic-net/sonic-utilities#2150))
* [config reload] Fix invalid rstrip. ([sonic-net#2157](sonic-net/sonic-utilities#2157))
* Accept 0 for queue and dscp ([sonic-net#2162](sonic-net/sonic-utilities#2162))

Signed-off-by: dprital <drorp@nvidia.com>
stepanblyschak added a commit to stepanblyschak/sonic-buildimage that referenced this pull request May 27, 2022
```
3d3c89b fix for non-coherent cmis modules (sonic-net#2163)
2054680 [subinterface] Fix route add command to accept subinterface as dev (sonic-net#2180)
5383e92 [subinterface]Avoid removing the subinterface when last configured ip is removed (sonic-net#2181)
f5af780 [GCU] Handling type1 lists (sonic-net#2171)
4516179 [yang] extend ConfigMgmt constructor to pass YANG options (sonic-net#2118)
2f53bd4 [dump] implement ACL modules (sonic-net#2153)
494dd62 show commands for SYSTEM READY (sonic-net#1851)
4fc09b1 [GCU] Handling non-compliant leaf-list with string values (sonic-net#2174)
675c7b6 Add sonic-delayed.target to Application Extension .timer file generator (sonic-net#2176)
c587933 [portconfig] Allow to configure interface mtu for physical ports only
9881f3e Broadcast Unknown-multicast and Unknown-unicast Storm-control  (sonic-net#928)
88286cb sonic-utils: initial support for link-training (sonic-net#2071)
29503ab [portchannel] Added ACL/PBH binding checks to the port before getting added to portchannel (sonic-net#2151)
ac89489 Modify override testcase to cover PORT admin_status (sonic-net#2165)
d7953d2 [GCU] Validate peer_group_range ip_range are correct (sonic-net#2145)
aa81b97 [auto-ts] add memory check (sonic-net#2116)
b370290 support new interface types CR8/SR8/KR8/LR8 which are brougnt by SAI V.1.10.2 (sonic-net#2167)
87fc0a4 [scripts/fast-reboot] Add option to include ssd-upgrader-part boot option with SONiC partition (sonic-net#2150)
90abc07 [config reload] Fix invalid rstrip. (sonic-net#2157)
fac1769 Accept 0 for queue and dscp (sonic-net#2162)
```

Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
wen587 added a commit that referenced this pull request Jun 13, 2022
29503ab [portchannel] Added ACL/PBH binding checks to the port before getting added to portchannel (#2151)
ac89489 Modify override testcase to cover PORT admin_status (#2165)
d7953d2 [GCU] Validate peer_group_range ip_range are correct (#2145)
aa81b97 [auto-ts] add memory check (#2116)
b370290 support new interface types CR8/SR8/KR8/LR8 which are brougnt by SAI V.1.10.2 (#2167)
87fc0a4 [scripts/fast-reboot] Add option to include ssd-upgrader-part boot option with SONiC partition (#2150)
90abc07 [config reload] Fix invalid rstrip. (#2157)
fac1769 Accept 0 for queue and dscp (#2162)
volodymyrsamotiy added a commit to volodymyrsamotiy/sonic-buildimage that referenced this pull request Oct 3, 2022
* be7da6b [sonic-installer] use host docker startup arguments when running dockerd in chroot (sonic-net#2179) (sonic-net#2407)
* d112f7c [202205][auto-ts] add memory check (sonic-net#2116) (sonic-net#2413)

Signed-off-by: Volodymyr Samotiy <volodymyrs@nvidia.com>
dgsudharsan added a commit to dgsudharsan/sonic-buildimage that referenced this pull request Oct 3, 2022
To get following fixes:

be7da6b [sonic-installer] use host docker startup arguments when running dockerd in chroot (sonic-net#2179) (sonic-net#2407)
d112f7c [202205][auto-ts] add memory check (sonic-net#2116) (sonic-net#2413)
vivekrnv added a commit to vivekrnv/sonic-buildimage that referenced this pull request Oct 4, 2022
be7da6b [sonic-installer] use host docker startup arguments when running dockerd in chroot (sonic-net#2179) (sonic-net#2407)
d112f7c [202205][auto-ts] add memory check (sonic-net#2116) (sonic-net#2413)

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
stepanblyschak added a commit to stepanblyschak/sonic-buildimage that referenced this pull request Oct 5, 2022
```
99425a8 (HEAD -> 202205, origin/202205) [actions] Support Semgrep by Github Actions (sonic-net#2417)
f41e4d1 Fix for show vxlan tunnel command display issue sonic-net#11902 (sonic-net#2391)
e1d827e [VxLAN]Fix Vxlan delete command to throw error when there are references (sonic-net#2404)
d77acf8 [doc] add documentation on automatic techsupport based on memory (sonic-net#2411)
2cfc75a [doc] update "config feature" section with "--block" option (sonic-net#2409)
9dc8471 [Vxlanmgrd] [CPA] Update the vxlan_tunnel name len to be under IFNAMIZ to overcome netdev creation failure (sonic-net#2398)
342589e Added cisco config platform commands (sonic-net#2242) (sonic-net#2418)
be7da6b [sonic-installer] use host docker startup arguments when running dockerd in chroot (sonic-net#2179) (sonic-net#2407)
d112f7c [202205][auto-ts] add memory check (sonic-net#2116) (sonic-net#2413)
```

Signed-off-by: Stepan Blyschak <stepanb@nvidia.com>
liat-grozovik pushed a commit that referenced this pull request Oct 6, 2022
To get following fixes:

be7da6b [sonic-installer] use host docker startup arguments when running dockerd in chroot (#2179) (#2407)
d112f7c [202205][auto-ts] add memory check (#2116) (#2413)
yxieca pushed a commit that referenced this pull request Oct 6, 2022
be7da6b [sonic-installer] use host docker startup arguments when running dockerd in chroot (#2179) (#2407)
d112f7c [202205][auto-ts] add memory check (#2116) (#2413)

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>

Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants