Update OVS CLI and relevant documentation to use DPDK 21.11.2.
DPDK 21.11.2 contains fixes for the CVEs listed below:
CVE-2022-28199 [1]
CVE-2022-2132 [2]
A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: fix
unsafe vring addresses modifications").
This bug can cause a deadlock when vIOMMU is enabled and NUMA reallocation of
the virtqueues happen.
A fix [3] has been posted and is due to be included in the 21.11.3 release in
December 2022.
If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0
until the release of DPDK 21.11.3.
It should be noted that DPDK 21.11.0 does not benefit from the numerous bug and
CVE fixes addressed since its release.
If a user wishes to benefit from these fixes it is recommended to use DPDK
21.11.2.
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
[3]
https://patches.dpdk.org/project/dpdk/patch/[email protected]/
Signed-off-by: Michael Phelan <[email protected]>
---
v2:
- Update recommended DPDK version for older OvS versions in Documentation.
---
---
.ci/linux-build.sh | 2 +-
Documentation/faq/releases.rst | 12 ++++++------
Documentation/intro/install/dpdk.rst | 8 ++++----
NEWS | 20 ++++++++++++++++++++
4 files changed, 31 insertions(+), 11 deletions(-)
diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh
index 509314a07..23c8bbb7a 100755
--- a/.ci/linux-build.sh
+++ b/.ci/linux-build.sh
@@ -228,7 +228,7 @@ fi
if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then
if [ -z "$DPDK_VER" ]; then
- DPDK_VER="21.11.1"
+ DPDK_VER="21.11.2"
fi
install_dpdk $DPDK_VER
fi
diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
index 1bc22a6ba..6ce0b4cd5 100644
--- a/Documentation/faq/releases.rst
+++ b/Documentation/faq/releases.rst
@@ -210,12 +210,12 @@ Q: What DPDK version does each Open vSwitch release work
with?
2.10.x 17.11.10
2.11.x 18.11.9
2.12.x 18.11.9
- 2.13.x 19.11.10
- 2.14.x 19.11.10
- 2.15.x 20.11.4
- 2.16.x 20.11.4
- 2.17.x 21.11.1
- 3.0.x 21.11.1
+ 2.13.x 19.11.13
+ 2.14.x 19.11.13
+ 2.15.x 20.11.6
+ 2.16.x 20.11.6
+ 2.17.x 21.11.2
+ 3.0.x 21.11.2
============ ========
Q: Are all the DPDK releases that OVS versions work with maintained?
diff --git a/Documentation/intro/install/dpdk.rst
b/Documentation/intro/install/dpdk.rst
index 0f3712c79..a284e6851 100644
--- a/Documentation/intro/install/dpdk.rst
+++ b/Documentation/intro/install/dpdk.rst
@@ -42,7 +42,7 @@ Build requirements
In addition to the requirements described in :doc:`general`, building Open
vSwitch with DPDK will require the following:
-- DPDK 21.11.1
+- DPDK 21.11.2
- A `DPDK supported NIC`_
@@ -73,9 +73,9 @@ Install DPDK
#. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``::
$ cd /usr/src/
- $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz
- $ tar xf dpdk-21.11.1.tar.xz
- $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.1
+ $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz
+ $ tar xf dpdk-21.11.2.tar.xz
+ $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2
$ cd $DPDK_DIR
#. Configure and install DPDK using Meson
diff --git a/NEWS b/NEWS
index 843abc7ac..f4e9ad0a2 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,26 @@ Post-v3.0.0
- ovs-appctl:
* "ovs-appctl ofproto/trace" command can now display port names with the
"--names" option.
+- DPDK:
+ * OVS validated with DPDK 21.11.2. It is recommended to use this version
+ until further releases.
+ DPDK 21.11.2 contains fixes for the following CVEs:
+ CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
+ CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
+ A bug was introduced in DPDK 21.11.1 by the commit
+ 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications").
+ This bug can cause a deadlock when vIOMMU is enabled and NUMA
+ reallocation of the virtqueues happen.
+ A fix has been posted and is due to be included in the DPDK 21.11.3
+ release.
+ It can be found here:
+
https://patches.dpdk.org/project/dpdk/patch/[email protected]/.
+ If a user wishes to avoid the issue then it is recommended to use
+ DPDK 21.11.0 until the release of DPDK 21.11.3.
+ It should be noted that DPDK 21.11.0 does not benefit from the numerous
+ bug and CVE fixes addressed since its release.
+ If a user wishes to benefit from these fixes it is recommended to use
+ DPDK 21.11.2.
v3.0.0 - 15 Aug 2022
--
2.25.1
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
