Commit Graph

915 Commits

Author SHA1 Message Date
Mai Bui
6f67a3ac6a
[device/quanta] Mitigation for security vulnerability (#11867)
Signed-off-by: maipbui <maibui@microsoft.com>
Dependency: [https://github.com/sonic-net/sonic-buildimage/pull/12065](https://github.com/sonic-net/sonic-buildimage/pull/12065)
#### Why I did it
`shell=True` is dangerous because this call will spawn the command using a shell process
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content.
#### How I did it
`os` - use with `subprocess`
Use `shell=False` with shell features
- redirection: [https://stackoverflow.com/questions/4965159/how-to-redirect-output-with-subprocess-in-python/6482200#6482200?newreg=53afb91b3ebd47c5930be627fcdf2930](https://stackoverflow.com/questions/4965159/how-to-redirect-output-with-subprocess-in-python/6482200#6482200?newreg=53afb91b3ebd47c5930be627fcdf2930)
- `|` operator: [https://docs.python.org/2/library/subprocess.html#replacing-shell-pipeline](https://docs.python.org/2/library/subprocess.html#replacing-shell-pipeline)
2022-10-19 10:05:36 -04:00
vmittal-msft
dc2cc9d507
Updated BRCM SAI to version 7.1.10.4 (#12423) 2022-10-17 15:22:53 -07:00
Mai Bui
92d25be08f
[inventec] Replace os.system and remove subprocess with shell=True (#12108)
Signed-off-by: maipbui <maibui@microsoft.com>
Dependency: [https://github.com/sonic-net/sonic-buildimage/pull/12065](https://github.com/sonic-net/sonic-buildimage/pull/12065)
#### Why I did it
1. `getstatusoutput` is used without a static string and it uses `shell=True`
2. `subprocess()` - when using with `shell=True` is dangerous. Using subprocess function without a static string can lead to command injection.
3. `os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content.
#### How I did it
1. use `getstatusoutput` without shell=True
2. `subprocess()` - use `shell=False` instead. use an array string. Ref: [https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigation](https://semgrep.dev/docs/cheat-sheets/python-command-injection/#mitigation)
3. `os` - use with `subprocess`
2022-10-14 10:21:44 -04:00
Marty Y. Lok
fc99265fd2
[Nokia] Update the nokia platform submodule for Nokia-IXR7250E platform (#12305)
Signed-off-by: mlok <marty.lok@nokia.com>
2022-10-10 18:49:51 -07:00
Mai Bui
94c998965c
[broadcom] Replace popen function (#12106)
Signed-off-by: maipbui <maibui@microsoft.com>
#### Why I did it
`os` - not secure against maliciously constructed input and dangerous if used to evaluate dynamic content.
#### How I did it
`os` - use with `subprocess`
#### How to verify it
2022-10-10 10:12:26 -04:00
Samuel Angebault
18850e4e28
[Arista] Update platform submodules (#12225)
Implement input power psu API
Report DC power output via API
Add bootloader Component in API
Fix issue where naming was not unique for Component
2022-09-30 16:03:40 +08:00
Xichen96
8af369a7c9
Enable swap for haliburton device. (#11746)
Signed-off-by: Xichen Lin <lukelin0907@gmail.com>

Signed-off-by: Xichen Lin <lukelin0907@gmail.com>
2022-09-22 13:57:52 +08:00
juntseng62
23de13feeb
[Alphanetworks] Add new platform BES2348T (#11196)
* Add BES2348T

Signed-off-by: juntseng62 <juntseng62@gmail.com>

* add get_serial_number

Signed-off-by: juntseng62 <juntseng62@gmail.com>

Signed-off-by: juntseng62 <juntseng62@gmail.com>
2022-09-15 21:34:52 -07:00
Samuel Angebault
055fbf5aaa
[Arista] Update platform submodules (#12020) 2022-09-13 19:39:49 -07:00
arunlk-dell
f82c1fd8ae
Z9432F kernel dependency of platform module (#11941)
Why I did it
Z9432F Update the kernel dependency of platform module

How I did it
Modified the kernel version to current latest 5.10.0-12-2
2022-09-01 16:55:41 -07:00
Arun Saravanan Balachandran
092e0394b5
DellEMC: Z9332f - Graceful platform reboot (#10240)
Why I did it
To gracefully unmount filesystems and stop containers while performing a cold reboot.
Unmount ONIE-BOOT if mounted during fast/soft/warm reboot
How I did it
Override systemd-reboot service to perform a cold reboot.
Unmount ONIE-BOOT if mounted using fast/soft/warm-reboot plugins.
How to verify it
On reboot, verify that the container stop and filesystem unmount services have completed execution before the platform reboot.
2022-08-30 11:23:52 -07:00
Samuel Angebault
8ccae96bfe
[Arista] Update platform submodule (#11853) 2022-08-26 09:38:45 -07:00
Richard.Yu
a1eae940d5
[SAIServer] support saiserver v2 in bullseye (#11849)
Upgrade libboost-atomic1.71 to libboost-atomic1.74

Signed-off-by: richardyu-ms <richard.yu@microsoft.com>

Signed-off-by: richardyu-ms <richard.yu@microsoft.com>
2022-08-25 22:51:53 -07:00
arunlk-dell
13bd63e73a
DellEMC: S5296F Platform API 2.0 changes (#11162)
Why I did it
S5296F - Platform API 2.0 changes

How I did it
Implemented the functional API's needed for Platform API 2.0

How to verify it
Used the API 2.0 test suite to validate the test cases.
2022-08-25 17:07:23 -07:00
roberthong-qct
234b4973cd
[Quanta] Update files for Bullseye and kernel 5.10 with enhancements (#11755)
* [Quanta][device][platform] Update files for IX7

Signed-off-by: roberthong-qct <10606901@qcttw.com>

* [Quanta][device][platform] Update files for IX7_BDE

Signed-off-by: roberthong-qct <10606901@qcttw.com>

* [Quanta][device][platform] Update files for IX8

Signed-off-by: roberthong-qct <10606901@qcttw.com>

* [Quanta][device][platform] Update files for IX8A_BDE

Signed-off-by: roberthong-qct <10606901@qcttw.com>

* [Quanta][device][platform] Update files for IX8C

Signed-off-by: roberthong-qct <10606901@qcttw.com>

* [Quanta][device][platform] Update files for IX9

Signed-off-by: roberthong-qct <10606901@qcttw.com>

Signed-off-by: roberthong-qct <10606901@qcttw.com>
2022-08-23 10:10:08 -07:00
Junhua Zhai
fb774dd46a
[gbsyncd] Build docker-gbsyncd-broncos image (#11748)
The libsaibroncos debian package is published at $(LIBSAI_BRONCOS)_URL. Enable building docker-gbsyncd-broncos image on PLATFORM broadcom.
2022-08-23 12:38:08 +08:00
Junhua Zhai
770cb80017
[BRCM SAI 7.1.7.2] catch up CS00012257483 patch (#11768)
Why I did it
It solves a swss orchagent crash issue on PikeZ device, due to link-training setting of external PHY port.

How I did it
Catch up the fix for CS00012257483 in version 7.1.7.2.
2022-08-23 12:34:04 +08:00
jerseyang
ca546ddec3
Sync platform-modules-belgite deb's kernel version 5.10.0-8-2 with master runtime kernel version 5.10.0-12-2 (#10946)
# Why I did it
platform-modules-belgite's deb requests linux-image-5.10.0-8-2-amd64-unsigned, which does not match the runtime kernel version

# How I did it
update the belgite's deb configuration in deb's control

# How to verify it
check the firsttime boot log in belgite platform

Co-authored-by: nicwu-cel <nicwu@celestica.com>
2022-08-18 12:56:04 +08:00
Michael Li
055b7d5fad
Update BRCM KNET modules to support new psample definitions from sflow… (#11709)
* Update BRCM KNET module to support new psample definitions from sflow dropmon feature

* Update BRCM KNET module to support new psample definitions from sflow dropmon feature

* Advance saibcm-modules-dnx
2022-08-16 11:46:03 -07:00
Samuel Angebault
02fd3c520c
[Arista] Update platform library (#11703)
- Add Watchdog remaining time API
 - Add support for non-swappable fans via a FixedDrawer 
 - Add ASIC voltage tweaks for PikeZ product
 - Add better pylint support
 - Fix reboot-cause decision issue for future products
 - Fix thermal issue for RJ45 ports
 - Deprecate Catalina prototype support
2022-08-11 10:47:20 -07:00
gechiang
6f06fee2e9
[BRCM SAI 7.1.7.1] catch up on all pending fix patches for REL_7.0/7.1 (#11693) 2022-08-11 09:07:39 -07:00
Saikrishna Arcot
c953168a87
Update Broadcom SAI to 7.1.0.0-9 (#11612)
This brings in a SAI library that is compiled on Bullseye.

Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2022-08-09 09:41:07 -07:00
judyjoseph
1fb853614d
Update the DNX SAI to 7.1.0.0-7 and this don't have macsec support (#11529) 2022-08-08 10:04:57 -07:00
Santhosh Kumar T
847a29088b
[DellEMC] S6100 Platform Service optimization porting in master (#11330)
To reduce rc.local script execution time. Porting changes from [DellEMC] S6100 Platform Service optimization #10989
Changes:
Moving platform-modules-s6100.service and s6100-lpc-monitor.service asynchronous to rc.local script.
2022-08-02 09:56:17 -07:00
zitingguo-ms
ae0d8a2740
[bcm sai] upgrade Broadcom XGS SAI to 7.1.0.0-8 (#11568)
this upgrade contains two changes:

1. Add the following MacSec Initialization Condition:
- When MacSec feature is not included MacSec block should not be brought out of reset irrespective of the value of the newly added config variable.
- When included its initialization is controlled by the newly added config variable.

2. DNX buf fix: increase _BRCM_SAI_MAX_ACL_TABLES to 128

Signed-off-by: zitingguo <zitingguo@microsoft.com>
2022-07-28 10:30:03 -07:00
Samuel Angebault
0703f3175f
[Arista] Update platform library (#11439)
Fix an issue with front panel port led introduced in previous PR
Implement status led for linecards
Implement full power cycle for linecards
Improve reboot cause reporting for Ucd devices
Add fan support for PikeZ
Miscellaneous fixes and improvements
2022-07-20 11:38:10 +08:00
zitingguo-ms
228853bb57
[bcm sai]upgrade Broadcom SAI to 7.1.0.0-6 (#11410)
- Default Not to report Single bit ECC correctable events to avoid the need to set SOC porperties.

Signed-off-by: zitingguo <zitingguo@microsoft.com>
2022-07-18 21:39:14 -07:00
andywongarista
88d0ce5ce8
Add gbsyncd container for broncos (#11154)
* Add docker-gbsyncd-broncos support
* Address review comments
* Add socket to gbsyncd
* Upgrade gbsyncd-broncos to bullseye
2022-07-18 10:57:27 +08:00
賓少鈺
f92aca837d
PDE migration to bullseye (#10836)
#### Why I did it
Upgrade docker-pde to bullseye

#### How to verify it
Check Azp status
2022-07-13 11:58:47 -07:00
Samuel Angebault
8791a32ca1
[Arista] Update platform library submodules (#11375) 2022-07-12 14:30:17 -07:00
Arun Saravanan Balachandran
d974ffd707
DellEMC Z9332f: 'update_firmware' component API return False if firmware image not found (#10797)
Why I did it
To return 'False' in update_firmware component API in DellEMC Z9332f platform, if the firmware image is not present in the provided image path.

How I did it
Updated 'update_firmware' in component.py to return False if image is not found in location provided by 'image_path'

How to verify it
Verified that the API returns False when an invalid image path is specified.
2022-06-29 09:30:58 -07:00
Senthil Kumar Guruswamy
b756e2971c
Upgrade broadcom platform containers(syncd/ saiserver/ syncd-rpc/ syncd-dnx-rpc) to bullseye (#10864) 2022-06-27 13:54:08 -07:00
Ying Xie
d30d84b4c6
[bcm sai] upgrade Broadcom SAI to 7.1.0.0-5 (#11236)
* [bcm sai] upgrade Broadcom SAI to 7.1.0.0-5

- Enable Microsoft AN/LT patch
- Create infrastructure to allow upgrading DNX/XGS SAI independently.

Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2022-06-23 15:34:51 -07:00
saksarav-nokia
875e20f99c
Update platform/broadcom/sonic-platform-modules-nokia (#11107) 2022-06-18 10:47:13 -07:00
Santhosh Kumar T
faecf38417
[DellEMC] S5212F and S5224F 2.0 API changes (#10315)
Why I did it
S5212F - Platform API 2.0 changes
S5224F - Platform API 2.0 changes
How I did it
Implemented the functional API's needed for Platform API 2.0
Added media_settings.json, pcie.yaml, platform.json, system_health_monitoring_config.json files.
How to verify it
Used the API 2.0 test suite to validate the test cases.
2022-06-16 16:50:11 -07:00
arunlk-dell
756de913cb
DellEMC: Initial commit for Z9432F platform (#10640)
Why I did it
Added support for the device Z9432F

How I did it
Implemented the support for the platform Z9432F

Switch Vendor: DellEMC
Switch SKU: Z9432F-ON
ASIC Vendor: Broadcom
SONiC Image: sonic-broadcom.bin
2022-06-15 09:39:41 -07:00
Aravind Mani
a07765ffea
[DellEMC] Fix S5248f platform issues (#11076)
* [DellEMC] Fix S5248f platform issues

* update files

Co-authored-by: Aravind Mani <aravind.m1@dell.com>
2022-06-09 09:38:13 -07:00
Samuel Angebault
299e67a318
[Arista] Update platform library (#10922)
- Implement Pcie plugin for chassis
- Implement set_admin_status for chassis modules
- Fix phy declaration for phy-credo
2022-05-31 13:59:35 -07:00
Eric Zhu
8c1ded61b0
[SONiC-CEL]: fix platform fancontrol testcase failure issue (#10934) 2022-05-31 10:54:55 +08:00
jerseyang
c92bfe0728
Add belgite support (#9511)
Why I did it
add celestica belgite platform

How I did it
add belgite platform in celestica

Co-authored-by: nicwu-cel <nicwu@celestica.com>
Co-authored-by: anjian <anjian@celestica.com>
Co-authored-by: sandycelestica <sandyli@celestica.com>
2022-05-23 18:45:37 -07:00
Samuel Angebault
70e2727b02
[Arista] Update platform submodules (#10800)
This update has following changes
Refactor pci topology logic for chassis (fixes some chassis commands and chassisd on linecard)
Introduce new cooling algorithm
Fix linecard poweroff logic when supervisor is going down
Fix linecard status led leading to system-health crashing
Misc fixes
2022-05-23 13:28:13 -07:00
vmittal-msft
f7882b3885
Fix for libsaithrift build for BRCM image (#10852)
Updated libsaibcm to fix libsaithrift compile issue on BRCM image
2022-05-19 11:15:34 -07:00
Arun Saravanan Balachandran
942bef4475
DellEMC: S6100, Z9332f - Include ONIE version in 'show platform firmware status' (#10493)
Why I did it
To include ONIE version in show platform firmware status command output in DellEMC S6100 and Z9332f platforms.

How I did it
Include ‘ONIE’ in the list of components provided by platform APIs in DellEMC S6100 and Z9332f.
Unmount ONIE-BOOT if mounted using fast/soft/warm-reboot plugins in DellEMC S6100.
2022-05-12 09:24:06 -07:00
Saikrishna Arcot
949e76a00f
Update Linux kernel from 5.10.46 to 5.10.103 (#10634)
Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2022-05-10 13:46:31 -07:00
FuzailBrcm
f579f61e4c
Fix for Accton platform build failure when doing incremental build (#10541) 2022-05-09 12:17:38 -07:00
vmittal-msft
9ae17e66a3
[sonic-sairedis update] Support for SAI header v1.10.2 with BRCM SAI v7.1.0.0 and MLNX SAI v1.21.1.0 (#10583) 2022-05-05 20:27:29 -07:00
Kalimuthu-Velappan
bc30528341
Parallel building of sonic dockers using native dockerd(dood). (#10352)
Currently, the build dockers are created as a user dockers(docker-base-stretch-<user>, etc) that are
specific to each user. But the sonic dockers (docker-database, docker-swss, etc) are
created with a fixed docker name and common to all the users.

    docker-database:latest
    docker-swss:latest

When multiple builds are triggered on the same build server that creates parallel building issue because
all the build jobs are trying to create the same docker with latest tag.
This happens only when sonic dockers are built using native host dockerd for sonic docker image creation.

This patch creates all sonic dockers as user sonic dockers and then, while
saving and loading the user sonic dockers, it rename the user sonic
dockers into correct sonic dockers with tag as latest.

	docker-database:latest <== SAVE/LOAD ==> docker-database-<user>:tag

The user sonic docker names are derived from 'DOCKER_USERNAME and DOCKER_USERTAG' make env
variable and using Jinja template, it replaces the FROM docker name with correct user sonic docker name for
loading and saving the docker image.
2022-04-28 08:39:37 +08:00
Eric Zhu
869ac1d1f2
sonic-platform-modules-cel dx010: speed up dx010 platform init script (#10313)
* Optimize dx010 sonic platform init script to speed up init process
* Merge issue #10152: [warm-upgrade][202012] Slow Celestica platform init
in rc.local causes lacp-teardown fix into master branch

Signed-off-by: Eric Zhu <erzhu@celestica.com>
2022-04-22 20:36:17 +08:00
Samuel Angebault
ea38864235
[Arista] Update platform submodules (#10561)
Update PikeZ platform definition
Improve powercycle behavior on chassis
2022-04-21 13:14:59 -07:00
brandonchuang
2116f62978
[AS9716-32D] Support i2c mux reset (#10492)
Why I did it
    Prevent from i2c bus to get locked.

How I did it
    Add sysfs driver to access ioport.
    Command to reset i2c mux:
    echo 1 > /sys/devices/platform/as9716_32d_ioport/i2c_mux_rst
    Command to bring i2c mux out of reset:
    echo 0 > /sys/devices/platform/as9716_32d_ioport/i2c_mux_rst

Signed-off-by: Brandon Chuang <brandon_chuang@edge-core.com>
2022-04-09 10:51:49 -07:00