Merge branch 'master' into mjean/DAOS-16167

Skip-unit-tests: true Skip-fault-injection-test: true Test-tag: soak_smoke Required-githooks: true Signed-off-by: Maureen Jean <maureen.jean@intel.com>
daos-stack · Aug 6, 2024 · 8acf486 · 8acf486
2 parents 04665e7 + 8abddad
commit 8acf486
Show file tree

Hide file tree

Showing 53 changed files with 2,354 additions and 1,909 deletions.
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -0,0 +1,67 @@
+name: Trivy scan
+
+on:
+  pull_request:
+    branches: ["master", "release/**"]
+
+# Declare default permissions as nothing.
+permissions: {}
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8  # 0.24.0
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          trivy-config: 'utils/trivy/trivy.yaml'
+
+      - name: Prepare the report to be uploaded to the GitHub artifact store
+        run: |
+          mkdir report
+          cp trivy-report-daos.txt report
+          cp utils/trivy/.trivyignore report/trivyignore.txt
+
+      - name: Upload the report to the GitHub artifact store
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808  # v4.3.3
+        with:
+          path: report/*
+          name: trivy-report-daos
+
+      - name: Adjust config file to use sarif format
+        run: |
+          sed -i 's/output: "trivy-report-daos.txt"/output: "trivy-results.sarif"/g' \
+            utils/trivy/trivy.yaml
+          sed -i 's/format: template/format: sarif/g' utils/trivy/trivy.yaml
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8  # 0.24.0
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          trivy-config: 'utils/trivy/trivy.yaml'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a
+        # 3.25.15 (v3)
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+      - name: Adjust config file to show and validate scan results
+        run: |
+          sed -i 's/output: "trivy-results.sarif"//g' utils/trivy/trivy.yaml
+          sed -i 's/format: sarif/format: table/g' utils/trivy/trivy.yaml
+          sed -i 's/exit-code: 0/exit-code: 1/g' utils/trivy/trivy.yaml
+
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8  # 0.24.0
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          trivy-config: 'utils/trivy/trivy.yaml'
diff --git a/src/cart/crt_context.c b/src/cart/crt_context.c
@@ -416,6 +416,9 @@ crt_iface_name2idx(const char *iface_name, int *idx)
 	for (i = 0; i < num_ifaces; i++) {
 		name = crt_provider_iface_str_get(true, crt_gdata.cg_primary_prov, i);
 
+		if (!name)
+			return -DER_INVAL;
+
 		if (strcmp(name, iface_name) == 0) {
 			*idx = i;
 			return DER_SUCCESS;

diff --git a/src/cart/crt_hg.c b/src/cart/crt_hg.c
@@ -1,5 +1,5 @@
 /*
- * (C) Copyright 2016-2023 Intel Corporation.
+ * (C) Copyright 2016-2024 Intel Corporation.
  *
  * SPDX-License-Identifier: BSD-2-Clause-Patent
  */
@@ -488,14 +488,6 @@ crt_provider_ctx0_port_get(bool primary, crt_provider_t provider)
 	return prov_data->cpg_na_config.noc_port;
 }
 
-static char*
-crt_provider_domain_get(bool primary, crt_provider_t provider)
-{
-	struct crt_prov_gdata *prov_data = crt_get_prov_gdata(primary, provider);
-
-	return prov_data->cpg_na_config.noc_domain;
-}
-
 static struct crt_na_dict *
 crt_get_na_dict_entry(crt_provider_t provider)
 {
@@ -518,6 +510,19 @@ crt_provider_name_get(crt_provider_t provider)
 	return entry ? entry->nad_str : NULL;
 }
 
+char *
+crt_provider_domain_str_get(bool primary, crt_provider_t provider, int idx)
+{
+	struct crt_prov_gdata *prov_data = crt_get_prov_gdata(primary, provider);
+
+	/* If the domain was not specified, return NULL */
+	if (prov_data->cpg_na_config.noc_domain == NULL)
+		return NULL;
+
+	D_ASSERTF(idx < prov_data->cpg_na_config.noc_domain_total, "Bad idx=%d\n", idx);
+	return prov_data->cpg_na_config.noc_domain_str[idx];
+}
+
 char*
 crt_provider_iface_str_get(bool primary, crt_provider_t provider, int iface_idx)
 {
@@ -527,16 +532,8 @@ crt_provider_iface_str_get(bool primary, crt_provider_t provider, int iface_idx)
 	if (prov_data->cpg_na_config.noc_interface == NULL)
 		return NULL;
 
-	/*
- 	 * CXI provider requires domain names instead of interfaces.
- 	 * Returning NULL here will cause crt_get_info_string() to use domain names instead
-	 * */
-	if (provider == CRT_PROV_OFI_CXI)
-		return NULL;
-
-	D_ASSERTF(iface_idx < prov_data->cpg_na_config.noc_iface_total,
-		  "Bad iface_idx=%d\n", iface_idx);
-
+	D_ASSERTF(iface_idx < prov_data->cpg_na_config.noc_iface_total, "Bad iface_idx=%d\n",
+		  iface_idx);
 	return prov_data->cpg_na_config.noc_iface_str[iface_idx];
 }
 
@@ -712,12 +709,18 @@ crt_get_info_string(bool primary, crt_provider_t provider, int iface_idx,
 	int	 start_port;
 	char	*domain_str;
 	char	*iface_str;
+	bool     no_iface, no_domain;
 	int	rc = 0;
 
 	provider_str = crt_provider_name_get(provider);
 	start_port = crt_provider_ctx0_port_get(primary, provider);
-	domain_str = crt_provider_domain_get(primary, provider);
-	iface_str = crt_provider_iface_str_get(primary, provider, iface_idx);
+	domain_str   = crt_provider_domain_str_get(primary, provider, iface_idx);
+
+	/* CXI provider uses domain names for info string */
+	if (provider == CRT_PROV_OFI_CXI)
+		iface_str = NULL;
+	else
+		iface_str = crt_provider_iface_str_get(primary, provider, iface_idx);
 
 	if (provider == CRT_PROV_SM) {
 		D_ASPRINTF(*string, "%s://", provider_str);
@@ -731,42 +734,45 @@ crt_get_info_string(bool primary, crt_provider_t provider, int iface_idx,
 		D_GOTO(out, rc);
 	}
 
+	/* treat not set and set to empty as the same */
+	no_iface  = (iface_str == NULL || *iface_str == '\0') ? true : false;
+	no_domain = (domain_str == NULL || *domain_str == '\0') ? true : false;
+
 	/* TODO: for now pass same info for all providers including CXI */
 	if (crt_provider_is_contig_ep(provider) && start_port != -1) {
-
-		if (iface_str == NULL) {
-			if (domain_str)
-				D_ASPRINTF(*string, "%s://%s:%d",
-					   provider_str, domain_str, start_port + ctx_idx);
+		if (no_iface) {
+			if (no_domain)
+				D_ASPRINTF(*string, "%s://:%d", provider_str, start_port + ctx_idx);
 			else
-				D_ASPRINTF(*string, "%s://:%d",
-					   provider_str, start_port + ctx_idx);
-		} else {
-			if (domain_str)
-				D_ASPRINTF(*string, "%s://%s/%s:%d",
-					   provider_str, domain_str, iface_str,
+				D_ASPRINTF(*string, "%s://%s:%d", provider_str, domain_str,
 					   start_port + ctx_idx);
-			else
+		} else {
+			if (no_domain)
 				D_ASPRINTF(*string, "%s://%s:%d",
 					   provider_str, iface_str,
 					   start_port + ctx_idx);
+			else
+				D_ASPRINTF(*string, "%s://%s/%s:%d", provider_str, domain_str,
+					   iface_str, start_port + ctx_idx);
 		}
 	} else {
-		if (iface_str == NULL) {
-			if (domain_str)
-				D_ASPRINTF(*string, "%s://%s",
-					   provider_str, domain_str);
-			else
+		if (no_iface) {
+			if (no_domain)
 				D_ASPRINTF(*string, "%s://", provider_str);
-		} else {
-			if (domain_str)
-				D_ASPRINTF(*string, "%s://%s/%s",
-					   provider_str, domain_str, iface_str);
 			else
+				D_ASPRINTF(*string, "%s://%s", provider_str, domain_str);
+		} else {
+			if (no_domain)
 				D_ASPRINTF(*string, "%s://%s", provider_str, iface_str);
+			else
+				D_ASPRINTF(*string, "%s://%s/%s", provider_str, domain_str,
+					   iface_str);
 		}
 	}
 
+	D_DEBUG(DB_ALL, "iface_idx:%d context:%d domain_str=%s iface_str=%s info_str=%s\n",
+		iface_idx, ctx_idx, domain_str ? domain_str : "none",
+		iface_str ? iface_str : "none", *string);
 out:
 	if (rc == DER_SUCCESS && *string == NULL)
 		return -DER_NOMEM;

diff --git a/src/cart/crt_init.c b/src/cart/crt_init.c
@@ -1076,19 +1076,9 @@ crt_na_config_init(bool primary, crt_provider_t provider,
 	}
 
 	if (interface) {
-		if (provider == CRT_PROV_OFI_CXI) {
-			D_INFO("Interface '%s' ignored for CXI. Using domain '%s' instead\n",
-			       interface, domain);
-
-			/* Note: crt_provider_iface_str_get() returns interface name  */
-			D_STRNDUP(na_cfg->noc_interface, domain, 64);
-			if (!na_cfg->noc_interface)
-				D_GOTO(out, rc = -DER_NOMEM);
-		} else {
-			D_STRNDUP(na_cfg->noc_interface, interface, 64);
-			if (!na_cfg->noc_interface)
-				D_GOTO(out, rc = -DER_NOMEM);
-		}
+		D_STRNDUP(na_cfg->noc_interface, interface, 64);
+		if (!na_cfg->noc_interface)
+			D_GOTO(out, rc = -DER_NOMEM);
 	}
 
 	if (domain) {
@@ -1120,20 +1110,53 @@ crt_na_config_init(bool primary, crt_provider_t provider,
 
 		/* store each interface name in the na_cfg->noc_iface_str[] array */
 		save_ptr = 0;
+		idx      = 0;
 		token = strtok_r(na_cfg->noc_interface, ",", &save_ptr);
 		while (token != NULL) {
-			D_DEBUG(DB_ALL, "Interface[%d] = %s\n", idx, token);
-
 			na_cfg->noc_iface_str[idx] = token;
 			token = strtok_r(NULL, ",", &save_ptr);
 			idx++;
 		}
 	} else {
 		count = 0;
 	}
-
 	na_cfg->noc_iface_total = count;
-	D_DEBUG(DB_ALL, "Total %d interfaces parsed from %s\n", count, interface);
+
+	count = 0;
+	if (na_cfg->noc_domain) {
+		/* count number of ','-separated domains */
+		count    = 1;
+		save_ptr = na_cfg->noc_domain;
+
+		while (*save_ptr != '\0') {
+			if (*save_ptr == ',')
+				count++;
+			save_ptr++;
+		}
+
+		D_ALLOC_ARRAY(na_cfg->noc_domain_str, count);
+		if (!na_cfg->noc_domain_str)
+			D_GOTO(out, rc = -DER_NOMEM);
+
+		/* store each domain name in the na_cfg->noc_domain_str[] array */
+		save_ptr = 0;
+		idx      = 0;
+		token    = strtok_r(na_cfg->noc_domain, ",", &save_ptr);
+		while (token != NULL) {
+			na_cfg->noc_domain_str[idx] = token;
+			token                       = strtok_r(NULL, ",", &save_ptr);
+			idx++;
+		}
+	} else {
+		count = 0;
+	}
+	na_cfg->noc_domain_total = count;
+
+	if (na_cfg->noc_domain_total > 0 && na_cfg->noc_domain_total != na_cfg->noc_iface_total) {
+		D_ERROR("Mismatched number of domains (%d) and interfaces (%d) specified\n",
+			na_cfg->noc_domain_total, na_cfg->noc_iface_total);
+		D_GOTO(out, rc = -DER_INVAL);
+	}
 
 	if (crt_is_service() && port_str != NULL && strlen(port_str) > 0) {
 		if (!is_integer_str(port_str)) {
@@ -1173,6 +1196,7 @@ crt_na_config_init(bool primary, crt_provider_t provider,
 		D_FREE(na_cfg->noc_domain);
 		D_FREE(na_cfg->noc_auth_key);
 		D_FREE(na_cfg->noc_iface_str);
+		D_FREE(na_cfg->noc_domain_str);
 	}
 	return rc;
 }
@@ -1186,6 +1210,8 @@ void crt_na_config_fini(bool primary, crt_provider_t provider)
 	D_FREE(na_cfg->noc_domain);
 	D_FREE(na_cfg->noc_auth_key);
 	D_FREE(na_cfg->noc_iface_str);
+	D_FREE(na_cfg->noc_domain_str);
 	na_cfg->noc_port = 0;
 	na_cfg->noc_iface_total = 0;
+	na_cfg->noc_domain_total = 0;
 }
diff --git a/src/cart/crt_internal_types.h b/src/cart/crt_internal_types.h
@@ -34,10 +34,12 @@ struct crt_grp_gdata;
 struct crt_na_config {
 	int32_t		 noc_port;
 	int		 noc_iface_total;
+	int               noc_domain_total;
 	char		*noc_interface;
 	char		*noc_domain;
 	char		*noc_auth_key;
 	char		**noc_iface_str; /* Array of interfaces */
+	char            **noc_domain_str; /* Array of domains */
 };
 
 struct crt_prov_gdata {

diff --git a/src/control/cmd/daos_agent/fabric.go b/src/control/cmd/daos_agent/fabric.go
@@ -74,6 +74,17 @@ type addrFI interface {
 // NUMAFabricMap is an iterable map type that maps from a NUMA node ID to a set of FabricInterfaces.
 type NUMAFabricMap map[int][]*FabricInterface
 
+// MaxNUMANode gets the maximum NUMA node ID in the map.
+func (nfm NUMAFabricMap) MaxNUMANode() int {
+	max := -1
+	for numa := range nfm {
+		if numa > max {
+			max = numa
+		}
+	}
+	return max
+}
+
 // NUMAFabric represents a set of fabric interfaces organized by NUMA node.
 type NUMAFabric struct {
 	log   logging.Logger
@@ -443,14 +454,11 @@ func fabricInterfacesFromHardware(fi *hardware.FabricInterface) []*FabricInterfa
 	for netIF := range fi.NetInterfaces {
 		newFI := &FabricInterface{
 			Name:        netIF,
+			Domain:      fi.Name,
 			NetDevClass: fi.DeviceClass,
 			hw:          fi,
 		}
 
-		if fi.Name != netIF {
-			newFI.Domain = fi.Name
-		}
-
 		fis = append(fis, newFI)
 	}
 
@@ -464,12 +472,15 @@ func NUMAFabricFromConfig(log logging.Logger, cfg []*NUMAFabricConfig) *NUMAFabr
 	for _, fc := range cfg {
 		node := fc.NUMANode
 		for _, fi := range fc.Interfaces {
-			fabric.numaMap[node] = append(fabric.numaMap[node],
-				&FabricInterface{
-					Name:        fi.Interface,
-					Domain:      fi.Domain,
-					NetDevClass: FabricDevClassManual,
-				})
+			newFI := &FabricInterface{
+				Name:        fi.Interface,
+				Domain:      fi.Domain,
+				NetDevClass: FabricDevClassManual,
+			}
+			if newFI.Domain == "" {
+				newFI.Domain = newFI.Name
+			}
+			fabric.numaMap[node] = append(fabric.numaMap[node], newFI)
 		}
 	}