Commit Graph

5819 Commits

Author SHA1 Message Date
Jason Lyu
b023c29a1e
[redis] Upgrade redis version (#9757)
#### Why I did it

The current redis version of SONiC is `6.0.6`, which contains many high-risky security issues like CVEs that are fixed in the latest version. The Redis release notes also highly recommend to upgrade with SECURITY urgency.

```
================================================================================
Redis 6.0.16 Released Mon Oct 4 12:00:00 IDT 2021
================================================================================

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:
* (CVE-2021-41099) Integer to heap buffer overflow handling certain string
  commands and network payloads, when proto-max-bulk-len is manually configured
  to a non-default, very large value [reported by yiyuaner].
* (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and
  redis-sentinel parsing large multi-bulk replies on some older and less common
  platforms [reported by Microsoft Vulnerability Research].
* (CVE-2021-32687) Integer to heap buffer overflow with intsets, when
  set-max-intset-entries is manually configured to a non-default, very large
  value [reported by Pawel Wieczorkiewicz, AWS].
* (CVE-2021-32675) Denial Of Service when processing RESP request payloads with
  a large number of elements on many connections.
* (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by
  Meir Shpilraien].
* (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded
  data types, when configuring a large, non-default value for
  hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries
  or zset-max-ziplist-value [reported by sundb].
* (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when
  configuring a non-default, large value for proto-max-bulk-len and
  client-query-buffer-limit [reported by sundb].
* (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer
  overflow [reported by Meir Shpilraien].

Other bug fixes:
* Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue) (#9416)
* Fix the wrong mis-detection of sync_file_range system call, affecting performance (#9371)
* Fix replication issues when repl-diskless-load is used (#9280)
```

#### How I did it

Edit `Dockerfile.j2` file

#### How to verify it

Check redis version

#### Description for the changelog
This PR will upgrade redis-server version to `6.0.16`.
2022-02-15 16:43:01 -08:00
Myron Sosyak
125fe9907a
Bump Thrift version from 0.13.0 to 0.14.1 (#9881)
#### Why I did it
To bump the Thrift version to 0.14.1 
- To avoid [CVE-2020-13949](https://nvd.nist.gov/vuln/detail/CVE-2020-13949) 
- to fix some dependencies issues

#### How I did it
- rename `src/thrfit_0_13_0` to `src/thrift_2` to remove version number in the path. (`src/thrift` contains rules to build thrift 0.11.0  )
- Add thrift sources as submodule as there are no prepared debian packages for version >0.13.0 on [debian.org](https://packages.debian.org/search?searchon=sourcenames&keywords=thrift)
- Added patches with fixes for original thrift debian rules:(remove unneeded packages, fix multi job build)
#### How to verify it
```
BLDENV=buster make -f Makefile.work target/debs/buster/libthrift-dev_0.14.1_amd64.deb
```
2022-02-15 16:39:47 -08:00
Alexander Allen
9677401f4a
[pmon] Fix chassis_db_init exit not being expected (#9858)
- Why I did it
Error log was shown on switches during boot
pmon#supervisord 2021-12-22 04:27:16,709 INFO exited: chassis_db_init (exit status 0; not expected)

- How I did it
Add exit code zero as an expected exit code and also disable autorestart.

- How to verify it
Boot the switch and ensure the above log line does not appear.
2022-02-15 10:51:24 +02:00
Sudharsan Dhamal Gopalarathnam
1223a7baba
Update template pull_request_template.md (#9888)
Updating template description to include link to configuration schema for YANG module changes.

#### Why I did it
Updating template description to include link to configuration schema for YANG module changes. When reviewing yang models it becomes difficult to know the entire schema for the table for which yang is defined. Besides providing a clear picture, it will also help to document the config_db schema which is not upto date.

#### How I did it
Updating template file
2022-02-14 13:55:40 -08:00
Sudharsan Dhamal Gopalarathnam
0b59f0b641
[yang]YANG model for policer table (#9948)
#### Why I did it
Added yang model for policer table
Fixes https://github.com/Azure/sonic-buildimage/issues/9742 and https://github.com/Azure/sonic-buildimage/issues/9743
#### How I did it
Creating yang model for policer

#### How to verify it
Added UT to verify the yang model

The configuration schema for policer is added in the pull request https://github.com/Azure/sonic-swss/pull/2144
2022-02-14 13:00:58 -08:00
Dror Prital
cf1bc8dc65
[Mellanox] Upgrade ASIC FW tool to 4.18.1-16 (#9981)
- Why I did it
Update MFT to version 4.18.1-16 for bugs fixes and new SN2201 support

- How I did it
Advance to MFT tool version to 4.18.1-16

- How to verify it
Manually tested on all Mellanox platforms (ASIC FW Upgrade, link debug tools, CPLD upgrade, etc.)
2022-02-14 10:39:47 +02:00
byu343
155220be9b
Support multi-asic on macsec container (#9921)
This change enables the support of running multiple macsec containers, each for one ASIC.
2022-02-13 22:45:24 -08:00
SeanWu
7e89fad5d1
[AS4630-54TE] Fixes to sfp.py for sfputil usage (#8985)
* Fix KeyError exception while sfputil show eeprom.
* Implement reset/lpmode related APIs, which need PR8115's sysfs.
* Fix EEPROM byte offset in several APIs
* Fix typos
* Implement get_position_in_parent() and is_replaceable()

Signed-off-by: Sean Wu <sean_wu@edge-core.com>
2022-02-14 07:59:26 +05:30
Marty Y. Lok
aad27615e9
Update Nokia sonic-platform submodule (#9963)
ded0344 Return both 'vendor_rev' and 'hardware_rev' keys from get_transceiver_info to support both earlier and later versions of xcvrd
b3442cc Change log_error to log_info when transceiver module is transitioned
3d3a73c Fix problem introduced with new SFP caching paradigm
2915746 Add script to reboot all IMMs
17ad221 Fix the position_in_parent for the psu entity
207e731 No longer force read pages at SFP init time
b387921 Fixed the voltage and power with rounding to 2 digit decimals

Signed-off-by: mlok <marty.lok@nokia.com>
2022-02-13 17:18:39 -08:00
xumia
4d203fbf91
[Build]: Fix hundreds of thousands lines of logs printed in marvell-armhf (#9980)
[Build]: Fix hundreds of thousands lines of logs printed in marvell-armhf
It is caused by the bad format of the marvell sai package mrvllibsai_armhf_1.7.1-6.deb, increasing the waiting time to reduce the logs, and reduce the waste of the CPU.
2022-02-14 07:21:10 +08:00
Alexander Allen
675bceba4d
[submodule] Update linux-kernel submodule pointer (#9937)
Updates include the following changes in order to support new Mellanox platforms and drivers (Azure/sonic-linux-kernel#259)

10ef390 Update kconfig to support / enable newly backported mellanox patches.
6a949e1 Add backported patches for Mellanox hw-mgmt V.7.0020.1300
e1913f7 Rename and reformat patch headers
2022-02-13 17:13:48 +02:00
Kebo Liu
7af5fcf80e
update sonic-snmpagent submodule (#9935)
Update the sonic-snmpagemt submodule to pick up new changes:
Fix RFC2737 with update xcvr vendor version key name Azure/sonic-snmpagent@4ee573c
Fix Queue stat unavailable error seen during SNMP service start Azure/sonic-snmpagent@3013597
Modify path of python wheels to be installed Azure/sonic-snmpagent@b8ea609
[Voq][Inband] Support the Ethernet-IB port Azure/sonic-snmpagent@df615c4

Signed-off-by: Kebo Liu <kebol@nvidia.com>
2022-02-13 15:01:40 +02:00
Kebo Liu
129e9d1b25
fix MSN4410 chassis name in platform_components.json (#9939)
- Why I did it
The chassis name in MSN4410 platform_components.json is not correct

- How I did it
Fix the chassis name

- How to verify it
Run relevant platform API test

Signed-off-by: Kebo Liu <kebol@nvidia.com>
2022-02-13 15:01:09 +02:00
Andriy Yurkiv
dd87b948a5
[Mellanox][vxlan] remove old static config for VXLAN src port range feature (#9956)
- Why I did it
Need to remove old static configs from sai.profile files.
New implementation: Azure/sonic-swss#1959
New configuration: #9658

- How I did it
Remove SAI_VXLAN_SRCPORT_RANGE_ENABLE=1 lines from files per HWSKU

- How to verify it
When static config is removed following test will fail (src port will be in range 0-255)

py.test vxlan/test_vnet_vxlan.py --inventory "../ansible/inventory, ../ansible/veos" --host-pattern (testbed)-t0 --module-path ../ansible/library/ --testbed (testbed)-t0 --testbed_file ../ansible/testbed.csv --allow_recover --assert plain --log-cli-level info --show-capture=no -ra --showlocals --disable_loganalyzer --skip_sanity --upper_bound_udp_port 65535 --lower_bound_udp_port 64128
2022-02-13 14:55:59 +02:00
Stephen Sun
486e9b0c75
Fix issue: module id got from get_change_event is wrong (#9961)
Signed-off-by: Stephen Sun <stephens@nvidia.com>
2022-02-13 09:20:37 +05:30
Sudharsan Dhamal Gopalarathnam
b621dafff7
[yang] Adding not-provisioned to type field in DEVICE_METADATA table (#9951)
#### Why I did it
Fixing the issue https://github.com/Azure/sonic-buildimage/issues/9915

#### How I did it
Added 'not-provisioned' as a supported value for type field in DEVICE_METADATA type. This value is set during initial ZTP bring up

#### How to verify it
Added UT to verify it.
2022-02-10 11:59:25 -08:00
Aravind Mani
09b0cc2cce
DellEMC: Fix Z9332f thermalctld warning logs (#9943) 2022-02-10 09:16:58 -08:00
Travis Van Duyn
62934ad4c4
updated jinja template for snmp contact python2 vs python3 issue (#9949) 2022-02-10 09:01:46 -08:00
jostar-yang
519dcde939
[AS7712-32X] Add to support PDDF (#8040)
* [AS7712-32X] Add to support PDDF

Signed-off-by: Jostar Yang <jostar_yang@accton.com.tw>

* Fix LGTM alerts

* Fix AS7712-32X xcvrd busy issue

Co-authored-by: Jostar Yang <jostar_yang@accton.com.tw>
2022-02-10 22:09:50 +05:30
jostar-yang
f9a29ef056
[AS4630-54PE] Add to support PDDF (#8014)
* [AS4630-54PE] Add to support PDDF

Signed-off-by: Jostar Yang <jostar_yang@accton.com.tw>

* Fix LGTM alerts

* Fix LGTM alerts

* Fix  LGTM alerts

* Add post_device.sh to turn off stk led

* Add to support system_health

* Correct the wait and timeout mechanism for better CPU usage

* Add event.c to support port evt change

Co-authored-by: Jostar Yang <jostar_yang@accton.com.tw>
2022-02-10 22:09:05 +05:30
Jing Kan
914a8a1756
[sonic-config-engine]: Update minigraph parser to support enable DHCP server for BmcMgmtToRRouter (#9938)
Signed-off-by: Jing Kan jika@microsoft.com
2022-02-10 13:30:54 +08:00
Oleksandr Ivantsiv
25a0ce5eb1
[asan] Add address sanitizer support. (#9857)
Implement infrastructure that allows enabling address sanitizer
for docker containers. Enable address sanitizer for SWSS container.

- Why I did it
To add a possibility to compile SONiC applications with address sanitizer (ASAN).
ASAN is a memory error detector for C/C++. It finds:
1. Use after free (dangling pointer dereference)
2. Heap buffer overflow
3. Stack buffer overflow
4. Global buffer overflow
5. Use after return
6. Use after the scope
7. Initialization order bugs
8. Memory leaks

- How I did it
By adding new ENABLE_ASAN configuration option.

- How to verify it
By default ASAN is disabled and the SONiC image is not affected.
When ASAN is enabled it inspects all allocation, deallocation, and memory usage that the application does in run time. To verify whether the application has memory errors tests that trigger memory usage of the application should be run. Ideally, the whole regression tests should be run. Memory leaks reports will be placed in /var/log/asan/ directory of SONiC host OS.

Signed-off-by: Oleksandr Ivantsiv <oivantsiv@nvidia.com>
2022-02-09 13:29:18 +02:00
Junchao-Mellanox
05cc8f9df2
[Mellanox] Fix issue: SN4600C has 4 CPU core temperature sensors (#9930)
- Why I did it
platform.json of 4600C only has 2 CPU core thermal sensors, but there are 4 actually

- How I did it
Added thermal sensors for CPU core 2 and core 3.

- How to verify it
Build.
2022-02-09 13:26:40 +02:00
Dror Prital
4361224686
[Mellanox] Add platform.json file into sn4800 SIMx environment (#9931)
- Why I did it
There was a missing file of platform.json on SN4800 SIMx platform

- How I did it
Add symbolic link to platform.json file from the real SN4800 platform

- How to verify it
Run SN4800 SIMx and verify that platfrom.json file exist at the following folder:
/usr/share/sonic/device/x86_64-nvidia_sn4800_simx-r0
2022-02-09 12:51:08 +02:00
saksarav-nokia
d136a39524
[Nokia][platform] Modified Nokia device data to support midplane (#9914)
Added midplane_subnet in chassisdb.conf for interfaces-config.sh to create midplane interface in multi-asic namespaces.

Signed-off-by: Sakthivadivu Saravanaraj <sakthivadivu.saravanaraj@nokia.com>
2022-02-08 14:03:12 -08:00
abdosi
e44a40cc3b
Updated Internal BGP Templates for chassis packet (#9674)
Fixes: https://github.com/Azure/sonic-buildimage/issues/9610
2022-02-08 09:36:32 -08:00
Richard.Yu
49382d773e
[SAIServerV2] Build SAI Serverv2 docker (#9509)
Support saiserver v2 with python3 and thrift 0.13.0

add variables to support the saiserverv2
build different thrift in saithrift depends on saiserver version
build differernt versions of saiserver
make the saiserver and saiserver docker with version number

test done:
build two different versions of sasiserver in local build environment

add saiserver to buster

Co-authored-by: richard.yu <richard.yu@microsoft.comwq>
2022-02-08 02:56:34 -08:00
Andriy Kokhan
09b3efccc9
[BFN] Updated SDK to 20220127_sai_1.9.1 (#9870)
Signed-off-by: Andriy Kokhan <andriyx.kokhan@intel.com>
2022-02-08 02:36:07 -08:00
Shilong Liu
4f480ecf3d
[build] Add more dependencies to sonic-config-engine (#9894)
sonic-config-engine unit test always fails. let's restrict using cache in sonic-config-engine
2022-02-08 11:20:02 +08:00
Lawrence Lee
eff80f750f
[swss]: Reduce tunnel_packet_handler memory usage (#9762)
* Configure scapy to not store sniffed packets

Signed-off-by: Lawrence Lee <lawlee@microsoft.com>
2022-02-07 11:55:48 -08:00
gechiang
ddfe87a71a
[BRCMSAI 6.0.0.13-1] Fix Cancun file directory at new location causing TD3 platform boot issue (#9922) 2022-02-07 08:56:06 -08:00
jostar-yang
9c5f38b9f3
[AS7726-32X] Add to support mulit PSU SN in PDDF (#8164)
* [AS7726-32X] Add to support mulit PSU in PDDF

Signed-off-by: Jostar Yang <jostar_yang@accton.com.tw>

* Modify SN offset and include path

* Fix device_name to PSU2-EEPROM in PSU2

Co-authored-by: Jostar Yang <jostar_yang@accton.com.tw>
2022-02-07 22:03:11 +05:30
Dror Prital
cd77efa763
[submodule] Update sonic-utilities submodule (#9871)
Update submodule sonic-utilities that contains the following commits:

[build] allowPartiallySucceededBuilds: true (#2043)
[system-health] Remove booting stage in system health service (#2022)
[GCU] Mark children of bgp_neighbor as create-only (#2008)
[generic_config_updater] Minor update - No logical code change (#2028)
[generic-config-updater] Handle failed service restarts (#2020)
[debug dump] Missing Dict Key handled in the MatchOptimizer (#2014)
[Auto Techsupport] Added Event Driven TS to Command Reference (#1985)
2022-02-07 12:58:47 +02:00
Alexander Allen
0ae2906c06
[Mellanox] Update mellanox hw-mgmt submodule and versions to V.7.0020.1300 (#9860)
- Why I did it
New version of mellanox platform management code available adding support for new platforms and fixing bugs.

- How I did it
1. Updated the submodule
2. Updated makefile version references
3. Regenerated SONiC patches
2022-02-06 16:42:53 +02:00
Alexander Allen
e5ee501116
Remove redundant breakout mode for SN3800 (#9912) 2022-02-06 12:53:00 +05:30
Jing Zhang
7a4c58f118
[sonic-linkmgrd][master] submodule update (#9904)
[sonic-linkmgrd][master] submodule update

ef1f5eb Jing Zhang Feb 3 09:37:25 2022 [linkmgrd] linkmgrd subscribes MUX_CABLE_INFO table to handle peer OIR events (#17)
bcd74b4 Jing Zhang Feb 1 09:52:00 2022 Collect ICMP packet loss information (#14)

sign-off: Jing Zhang zhangjing@microsoft.com
2022-02-05 13:07:32 -08:00
Ashok Daparthi-Dell
0629e5b432
[yang] Fix for sonic-scheduler.yang name pattern (#9873)
#### Why I did it

PR9611 - sonic-scheduler.yang pattern issue

#### How I did it
Modified the scheduler name pattern string to accept any string 

#### How to verify it

Sonic yang tests
2022-02-04 16:47:56 -08:00
Vadym Hlushko
1357d10f07
[install.sh] Fixed the sed pattern to match the current image revision (#9813)
#### Why I did it
The test plan described in the `How to verify it` section caused an issue when 3 images (instead of 2) were present when executing `show boot` or `sonic-installer list` commands:
```
root@sonic:/home/admin# show boot
Current: SONiC-OS-master.0-dirty-20220118.165941
Next: SONiC-OS-master.0-dirty-20220118.165941
Available: 
SONiC-OS-master.0-dirty-20220118.165941
SONiC-OS-202012.201-a0376a6e5_Internal
SONiC-OS-202012.201-a0376a6e5_Internal_RPC
```
#### How I did it
Fixed the `sed` pattern to match the current image revision in the `install.sh` script.

#### How to verify it
Test plan:
1. Install the `imageA` by using ONIE
2. Install the `imageA-rpc` by using `sonic-installer`
3. Reboot the switch
4. Swap to the `imageA` - `sonic-installer set-default imageA`
5. Reboot the switch
6. Install  the `imageB` by using `sonic-installer`
7. Check an installed images - `show boot`
8. Reboot the switch
9. Check an installed images - `show boot`
2022-02-03 18:03:17 -08:00
Aravind Mani
c48e2488c5
[Dell S6100] Addition of 10G ports (#9906) 2022-02-02 17:30:55 +05:30
Vadym Yashchenko
256c47ac49
[BFN] Removed thermal manager for BMC-based platforms (#9883)
* Remove tm and all dependancies

Signed-off-by: Vadym Yashchenko <vadymx.yashchenko@intel.com>

* Removed line connected with thermal_manager

Signed-off-by: Vadym Yashchenko <vadymx.yashchenko@intel.com>
2022-02-02 17:28:58 +05:30
Samuel Angebault
7a3a433b8d
[Arista] Update platform submodules (#9895) 2022-02-02 16:23:45 +05:30
Prince George
ff14aebef9
Close console session due to user inactivity (#9890)
Signed-off-by: Prince George <prgeor@microsoft.com>
2022-02-02 09:41:21 +05:30
Christian Svensson
660c0cbe7b
docker-dhcp-relay: Fix test call to MockConfigDb (#9903)
*docker-dhcp-relay: Fix test call to MockConfigDb

Signed-off-by: Christian Svensson <blue@cmd.nu>
2022-02-01 18:52:52 -08:00
kellyyeh
bc88535b88
[dhcp6relay] Support relaying Relay-Forward message (#9887) 2022-02-01 11:36:48 -08:00
noaOrMlnx
adb87162c4
[submodule] Update sonic-swss submodule pointer (#9859)
53c630b [CoPP] Add always_enabled field to coppmgr logic ([minigraph]: Add PORTCHANNEL_MEMBER configurations #2034)
adcf69d [cbf] Fix cbf sync error ([aboot] add SWI_DEFAULT support in boot0 #2056)
69f9ee5 fix mclagsyncd out of order initialization ([submodules] update dbsyncd and snmpagent pointers for LLDP MIB support #2112)
2022-02-01 19:20:00 +02:00
tbgowda
4e32f85a31
Enable SAI_SWITCH_ATTR_UNINIT_DATA_PLANE_ON_REMOVAL attribute (#9419)
Why I did it
Fixes #8980 partly.

The corresponding changes in sonic-sairedis is here :
Azure/sonic-sairedis#975

How I did it
Include changes from both repos and build an image for verification.

How to verify it
Trigger fast-reboot with the changes, see the attribute SAI_SWITCH_ATTR_UNINIT_DATA_PLANE_ON_REMOVAL being set at the SAI level.

Signed-off-by: Thushar Gowda <24815472+tbgowda@users.noreply.github.com>
2022-02-01 08:44:17 -08:00
saksarav-nokia
e7877bf9df
[Nokia][platform] Modified the bcm config file for Nokia-IXR7250E-36x400G (#9622)
Why I did it
Updated the BCM config recommended by Broadcom for Nokia-IXR7250E-36x400G

How I did it
Updated the BCM config file

How to verify it
Verified running the image with this BCM config in Nokia-IXR7250E-36x400G and ensured that the syncd container was stable, ports were up and passing the traffic.

Signed-off-by: Sakthivadivu Saravanaraj <sakthivadivu.saravanaraj@nokia.com>
2022-01-31 09:53:07 -08:00
Andriy Yurkiv
cb3b9416a6
[Mellanox][VXLAN] add params to vxlan.json file in order to configure VXLAN src port range feature (#9658)
- Why I did it
Remove obsolete parameter that enables static VXLAN src port range
provide functionality no generate json config file according to appropriate parameter in config_db
Done for
SN3800:
• Mellanox-SN3800-D28C50
• Mellanox-SN3800-C64
• Mellanox-SN3800-D28C49S1 (New 10G SKU)

SN2700:
• Mellanox-SN2700-D48C8

- How I did it
Remove SAI_VXLAN_SRCPORT_RANGE_ENABLE=1 from appropriate sai.profile files
Created vxlan.json file and added few params that depends on DEVICE_METADATA.localhost.vxlan_port_range

- How to verify it
File /etc/swss/config.d/vxlan.json should be generated inside swss docker when it restart
[
    {
        "SWITCH_TABLE:switch": {
            "vxlan_src": "0xFF00",
            "vxlan_mask": "8"
        },
        "OP": "SET"
    }
]
Signed-off-by: Andriy Yurkiv <ayurkiv@nvidia.com>
2022-01-31 15:57:30 +02:00
Rajkumar-Marvell
a0df351869
[Marvell] Update armhf SAI deb version 1.9.1 (#9865)
Move marvell armhf SAI deb to 1.9.1 to address build failures.

Signed-off-by: Rajkumar Pennadam Ramamoorthy <rpennadamram@marvell.com>
2022-01-30 21:57:23 -08:00
Mohamed Ghoneim
f8fd2defb4
[yang] Fixing groupings when grouping is in the same module file (#9880)
#### Why I did it
If the grouping is in the same file in the module, fetching the grouping fails

#### How I did it
fixing the `uses_module_name` when the grouping is under the same file

#### How to verify it
Enabled a grouping under the same file which is `lldp`, there is a test in sonic-yang-mgmt that translates `sample-config-db` into yang format. This test passes with grouping in `lldp` used.

#### Which release branch to backport (provide reason below if selected)

<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->

- [ ] 201811
- [ ] 201911
- [ ] 202006
- [ ] 202012
- [ ] 202106

#### Description for the changelog
<!--
Write a short (one line) summary that describes the changes in this
pull request for inclusion in the changelog:
-->


#### A picture of a cute animal (not mandatory but encouraged)
2022-01-28 10:23:38 -08:00