Update OVS CLI and relevant documentation to use DPDK 21.11.2.
DPDK 21.11.2 contains fixes for the CVEs listed below:
CVE-2022-28199 [1]
CVE-2022-2132 [2]
A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: fix
unsafe vring addresses modifications").
This bug can cause a deadlock when vIOMMU is enabled and NUMA reallocation of
the virtqueues happen.
A fix [3] has been posted and pushed to the DPDK 21.11 branch.
If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0
until the release of DPDK 21.11.3.
It should be noted that DPDK 21.11.0 does not benefit from the numerous bug and
CVE fixes addressed since its release.
If a user wishes to benefit from these fixes it is recommended to use DPDK
21.11.2.
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
[3]
https://patches.dpdk.org/project/dpdk/patch/[email protected]/
Signed-off-by: Michael Phelan <[email protected]>
---
v2:
- Update recommended DPDK version for older OvS versions in Documentation.
---
---
.ci/linux-build.sh | 2 +-
Documentation/faq/releases.rst | 10 +++++-----
Documentation/intro/install/dpdk.rst | 8 ++++----
NEWS | 18 ++++++++++++++++++
4 files changed, 28 insertions(+), 10 deletions(-)
diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh
index 2dabd3d0a..392c7ee79 100755
--- a/.ci/linux-build.sh
+++ b/.ci/linux-build.sh
@@ -220,7 +220,7 @@ fi
if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then
if [ -z "$DPDK_VER" ]; then
- DPDK_VER="21.11.1"
+ DPDK_VER="21.11.2"
fi
install_dpdk $DPDK_VER
fi
diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
index 33a0d5d2d..49895c595 100644
--- a/Documentation/faq/releases.rst
+++ b/Documentation/faq/releases.rst
@@ -206,11 +206,11 @@ Q: What DPDK version does each Open vSwitch release work
with?
2.10.x 17.11.10
2.11.x 18.11.9
2.12.x 18.11.9
- 2.13.x 19.11.10
- 2.14.x 19.11.10
- 2.15.x 20.11.4
- 2.16.x 20.11.4
- 2.17.x 21.11.1
+ 2.13.x 19.11.13
+ 2.14.x 19.11.13
+ 2.15.x 20.11.6
+ 2.16.x 20.11.6
+ 2.17.x 21.11.2
============ ========
Q: Are all the DPDK releases that OVS versions work with maintained?
diff --git a/Documentation/intro/install/dpdk.rst
b/Documentation/intro/install/dpdk.rst
index f8f01bfad..a284e6851 100644
--- a/Documentation/intro/install/dpdk.rst
+++ b/Documentation/intro/install/dpdk.rst
@@ -42,7 +42,7 @@ Build requirements
In addition to the requirements described in :doc:`general`, building Open
vSwitch with DPDK will require the following:
-- DPDK 21.11.1
+- DPDK 21.11.2
- A `DPDK supported NIC`_
@@ -73,9 +73,9 @@ Install DPDK
#. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``::
$ cd /usr/src/
- $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz
- $ tar xf dpdk-21.11.1.tar.xz
- $ export DPDK_DIR=/usr/src/dpdk-stable-21.11
+ $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz
+ $ tar xf dpdk-21.11.2.tar.xz
+ $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2
$ cd $DPDK_DIR
#. Configure and install DPDK using Meson
diff --git a/NEWS b/NEWS
index 7c71284f9..36fcbb874 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,24 @@ v2.17.3 - xx xxx xxxx
configuration in a clustered databse independently for each server.
E.g. for listening on unique addresses. See the ovsdb.local-config.5
manpage for schema details.
+ - DPDK:
+ * OVS validated with DPDK 21.11.2.
+ DPDK 21.11.2 contains fixes for the following CVEs:
+ CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
+ CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
+ A bug was introduced in DPDK 21.11.1 by the commit
+ 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications").
+ This bug can cause a deadlock when vIOMMU is enabled and NUMA
+ reallocation of the virtqueues happen.
+ A fix has been posted and pushed to the DPDK 21.11 branch.
+ It can be found here:
+
https://patches.dpdk.org/project/dpdk/patch/[email protected]/.
+ If a user wishes to avoid the issue then it is recommended to use
+ DPDK 21.11.0 until the release of DPDK 21.11.3.
+ It should be noted that DPDK 21.11.0 does not benefit from the numerous
+ bug and CVE fixes addressed since its release.
+ If a user wishes to benefit from these fixes it is recommended to use
+ DPDK 21.11.2.
v2.17.2 - 15 Jun 2022
---------------------
--
2.25.1
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
