> -----Original Message----- > From: Kevin Traynor <[email protected]> > Sent: Tuesday 20 September 2022 13:36 > To: Maxime Coquelin <[email protected]>; Phelan, Michael > <[email protected]>; [email protected] > Cc: [email protected]; Stokes, Ian <[email protected]> > Subject: Re: [ovs-dev] [v2] dpdk: Use DPDK 21.11.2 release. > > On 20/09/2022 11:47, Kevin Traynor wrote: > > On 20/09/2022 10:38, Maxime Coquelin wrote: > >> > >> > >> On 9/20/22 11:28, Phelan, Michael wrote: > >>>> -----Original Message----- > >>>> From: Maxime Coquelin <[email protected]> > >>>> Sent: Monday 19 September 2022 12:39 > >>>> To: Phelan, Michael <[email protected]>; > [email protected] > >>>> Cc: [email protected] > >>>> Subject: Re: [ovs-dev] [v2] dpdk: Use DPDK 21.11.2 release. > >>>> > >>>> > >>>> > >>>> On 9/16/22 16:23, Michael Phelan wrote: > >>>>> Update OVS CLI and relevant documentation to use DPDK 21.11.2. > >>>>> > >>>>> DPDK 21.11.2 contains fixes for the CVEs listed below: > >>>>> CVE-2022-28199 [1] > >>>>> CVE-2022-2132 [2] > >>>>> > >>>>> A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 > ("vhost: > >>>> fix unsafe vring addresses modifications"). > >>>>> This bug can cause a deadlock when vIOMMU is enabled and NUMA > >>>> reallocation of the virtqueues happen. > >>>>> A fix [3] has been posted and is due to be included in the 21.11.3 > >>>>> release in > >>>> December 2022. > >>>>> If a user wishes to avoid the issue then it is recommended to use > >>>>> DPDK 21.11.0 > >>>> until the release of DPDK 21.11.3. > >>>>> It should be noted that DPDK 21.11.0 does not benefit from the > >>>>> numerous bug > >>>> and CVE fixes addressed since its release. > >>>>> If a user wishes to benefit from these fixes it is recommended to > >>>>> use DPDK > >>>> 21.11.2. > >>>>> > >>>>> [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 > >>>>> [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 > >>>>> [3] > >>>>> > https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083- > >>>>> 2-da > >>>>> [email protected]/ > >>>>> Signed-off-by: Michael Phelan <[email protected]> > >>>>> > >>>>> --- > >>>>> v2: > >>>>> - Update recommended DPDK version for older OvS versions in > >>>> Documentation. > >>>>> > >>>>> --- > >>>>> --- > >>>>> .ci/linux-build.sh | 2 +- > >>>>> Documentation/faq/releases.rst | 12 ++++++------ > >>>>> Documentation/intro/install/dpdk.rst | 8 ++++---- > >>>>> NEWS | 20 ++++++++++++++++++++ > >>>>> 4 files changed, 31 insertions(+), 11 deletions(-) > >>>>> > >>>>> diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh index > >>>>> 509314a07..23c8bbb7a 100755 > >>>>> --- a/.ci/linux-build.sh > >>>>> +++ b/.ci/linux-build.sh > >>>>> @@ -228,7 +228,7 @@ fi > >>>>> > >>>>> if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then > >>>>> if [ -z "$DPDK_VER" ]; then > >>>>> - DPDK_VER="21.11.1" > >>>>> + DPDK_VER="21.11.2" > >>>>> fi > >>>>> install_dpdk $DPDK_VER > >>>>> fi > >>>>> diff --git a/Documentation/faq/releases.rst > >>>>> b/Documentation/faq/releases.rst index 1bc22a6ba..6ce0b4cd5 > 100644 > >>>>> --- a/Documentation/faq/releases.rst > >>>>> +++ b/Documentation/faq/releases.rst > >>>>> @@ -210,12 +210,12 @@ Q: What DPDK version does each Open > vSwitch > >>>> release work with? > >>>>> 2.10.x 17.11.10 > >>>>> 2.11.x 18.11.9 > >>>>> 2.12.x 18.11.9 > >>>>> - 2.13.x 19.11.10 > >>>>> - 2.14.x 19.11.10 > >>>>> - 2.15.x 20.11.4 > >>>>> - 2.16.x 20.11.4 > >>>>> - 2.17.x 21.11.1 > >>>>> - 3.0.x 21.11.1 > >>>>> + 2.13.x 19.11.13 > >>>>> + 2.14.x 19.11.13 > >>>>> + 2.15.x 20.11.6 > >>>>> + 2.16.x 20.11.6 > >>>>> + 2.17.x 21.11.2 > >>>>> + 3.0.x 21.11.2 > >>>>> ============ ======== > >>>>> > >>>>> Q: Are all the DPDK releases that OVS versions work with > maintained? > >>>>> diff --git a/Documentation/intro/install/dpdk.rst > >>>>> b/Documentation/intro/install/dpdk.rst > >>>>> index 0f3712c79..a284e6851 100644 > >>>>> --- a/Documentation/intro/install/dpdk.rst > >>>>> +++ b/Documentation/intro/install/dpdk.rst > >>>>> @@ -42,7 +42,7 @@ Build requirements > >>>>> In addition to the requirements described in :doc:`general`, > >>>>> building > Open > >>>>> vSwitch with DPDK will require the following: > >>>>> > >>>>> -- DPDK 21.11.1 > >>>>> +- DPDK 21.11.2 > >>>>> > >>>>> - A `DPDK supported NIC`_ > >>>>> > >>>>> @@ -73,9 +73,9 @@ Install DPDK > >>>>> #. Download the `DPDK sources`_, extract the file and set > ``DPDK_DIR``:: > >>>>> > >>>>> $ cd /usr/src/ > >>>>> - $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz > >>>>> - $ tar xf dpdk-21.11.1.tar.xz > >>>>> - $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.1 > >>>>> + $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz > >>>>> + $ tar xf dpdk-21.11.2.tar.xz > >>>>> + $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2 > >>>>> $ cd $DPDK_DIR > >>>>> > >>>>> #. Configure and install DPDK using Meson diff --git a/NEWS > >>>>> b/NEWS index 843abc7ac..f4e9ad0a2 100644 > >>>>> --- a/NEWS > >>>>> +++ b/NEWS > >>>>> @@ -3,6 +3,26 @@ Post-v3.0.0 > >>>>> - ovs-appctl: > >>>>> * "ovs-appctl ofproto/trace" command can now display > >>>>> port names with > >>>> the > >>>>> "--names" option. > >>>>> +- DPDK: > >>>>> + * OVS validated with DPDK 21.11.2. It is recommended to use this > version > >>>>> + until further releases. > >>>>> + DPDK 21.11.2 contains fixes for the following CVEs: > >>>>> + CVE-2022-28199 > >>>>> +cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022- > >>>> 28199 > >>>>> + CVE-2022-2132 > >>>>> + cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022- > >>>> 2132 > >>>>> + A bug was introduced in DPDK 21.11.1 by the commit > >>>>> + 01e3dee29c02 ("vhost: fix unsafe vring addresses > modifications"). > >>>>> + This bug can cause a deadlock when vIOMMU is enabled and > NUMA > >>>>> + reallocation of the virtqueues happen. > >>>>> + A fix has been posted and is due to be included in the DPDK > 21.11.3 > >>>>> + release. > >>>>> + It can be found here: > >>>>> + > >>>>> + > https://patches.dpdk.org/project/dpdk/patch/20220725203206.42708 > >>>>> + 3- > >>>> [email protected]/. > >>>>> + If a user wishes to avoid the issue then it is recommended to > >>>>> use > >>>>> + DPDK 21.11.0 until the release of DPDK 21.11.3. > >>>>> + It should be noted that DPDK 21.11.0 does not benefit from the > numerous > >>>>> + bug and CVE fixes addressed since its release. > >>>>> + If a user wishes to benefit from these fixes it is recommended > >>>>> to > use > >>>>> + DPDK 21.11.2. > >>>>> > >>>>> > >>>>> v3.0.0 - 15 Aug 2022 > >>>> > >>>> Reviewed-by: Maxime Coquelin <[email protected]> > >>>> > >>>> Thanks for having added the discovered issue, Maxime > >>> Thanks for the review Maxime. > >>> > >>> Kevin/Ilya do you have any other feedback before I begin generating the > patches for the other branches? > >> > >> Kevin suggested the fix to be backported early to the DPDK stable > >> branches, I just sent a mail to the LTS maintainers requesting so. > >> > > > > Thanks for that. This was just to make it easier for OVS (or other) > > users so they could pull the latest DPDK LTS branch and have > > everything they need, without having to apply patches themselves. > > > >> If they agree, it might be a good idea to mention it in the paragraph > >> you added documenting the issue? > >> > > > > If it's done before these merge then we could add something as info, > > but I wouldn't block these patches on it. Some of the CI can be slow, > > and I'm not sure if other LTS maintainers are available etc. > > > > fyi - I pushed the fix to the DPDK 21.11 and 20.11 branches. Will push to > 19.11 > branch when I get the go ahead from the 19.11 maintainer.
Thanks for the update Kevin. I will add a line to explain that the fix has been backported to the relevant branches and generate and send out a v3 for feedback. Thanks, Michael. > > > thanks, > > Kevin. > > > >> Thanks, > >> Maxime > >> > >> > > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
