On 22/09/2022 10:35, Michael Phelan wrote:
Update OVS CLI and relevant documentation to use DPDK 21.11.2.
DPDK 21.11.2 contains fixes for the CVEs listed below:
CVE-2022-28199 [1]
CVE-2022-2132 [2]
A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: fix unsafe
vring addresses modifications").
This bug can cause a deadlock when vIOMMU is enabled and NUMA reallocation of
the virtqueues happen.
A fix [3] has been posted and pushed to the DPDK 21.11 branch.
If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0
until the release of DPDK 21.11.3.
It should be noted that DPDK 21.11.0 does not benefit from the numerous bug and
CVE fixes addressed since its release.
If a user wishes to benefit from these fixes it is recommended to use DPDK
21.11.2.
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
[3]
https://patches.dpdk.org/project/dpdk/patch/[email protected]/
Signed-off-by: Michael Phelan <[email protected]>
Hi Michael,
For all patches, I think Ian will need to shorten the commit description
line widths on commit as they are very long.
I didn't notice any copy and paste mistakes in the listing of DPDK
versions, previous versions, future versions or the different commit ids
with the different LTSs on OVS branches - you deserve a prize for that :-)
branch-3.0, reviewed, tested basic PVP and ran github actions.
Acked-by: Kevin Traynor <[email protected]>
---
v2:
- Update recommended DPDK version for older OvS versions in Documentation.
---
---
.ci/linux-build.sh | 2 +-
Documentation/faq/releases.rst | 12 ++++++------
Documentation/intro/install/dpdk.rst | 8 ++++----
NEWS | 18 ++++++++++++++++++
4 files changed, 29 insertions(+), 11 deletions(-)
diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh
index 509314a07..23c8bbb7a 100755
--- a/.ci/linux-build.sh
+++ b/.ci/linux-build.sh
@@ -228,7 +228,7 @@ fi
if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then
if [ -z "$DPDK_VER" ]; then
- DPDK_VER="21.11.1"
+ DPDK_VER="21.11.2"
fi
install_dpdk $DPDK_VER
fi
diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
index 1bc22a6ba..6ce0b4cd5 100644
--- a/Documentation/faq/releases.rst
+++ b/Documentation/faq/releases.rst
@@ -210,12 +210,12 @@ Q: What DPDK version does each Open vSwitch release work
with?
2.10.x 17.11.10
2.11.x 18.11.9
2.12.x 18.11.9
- 2.13.x 19.11.10
- 2.14.x 19.11.10
- 2.15.x 20.11.4
- 2.16.x 20.11.4
- 2.17.x 21.11.1
- 3.0.x 21.11.1
+ 2.13.x 19.11.13
+ 2.14.x 19.11.13
+ 2.15.x 20.11.6
+ 2.16.x 20.11.6
+ 2.17.x 21.11.2
+ 3.0.x 21.11.2
============ ========
Q: Are all the DPDK releases that OVS versions work with maintained?
diff --git a/Documentation/intro/install/dpdk.rst
b/Documentation/intro/install/dpdk.rst
index 0f3712c79..a284e6851 100644
--- a/Documentation/intro/install/dpdk.rst
+++ b/Documentation/intro/install/dpdk.rst
@@ -42,7 +42,7 @@ Build requirements
In addition to the requirements described in :doc:`general`, building Open
vSwitch with DPDK will require the following:
-- DPDK 21.11.1
+- DPDK 21.11.2
- A `DPDK supported NIC`_
@@ -73,9 +73,9 @@ Install DPDK
#. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``::
$ cd /usr/src/
- $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz
- $ tar xf dpdk-21.11.1.tar.xz
- $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.1
+ $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz
+ $ tar xf dpdk-21.11.2.tar.xz
+ $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2
$ cd $DPDK_DIR
#. Configure and install DPDK using Meson
diff --git a/NEWS b/NEWS
index b26590e49..ad5ba021d 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,23 @@
v3.0.1 - xx xxx xxxx
--------------------
+ - DPDK:
+ * OVS validated with DPDK 21.11.2.
+ DPDK 21.11.2 contains fixes for the following CVEs:
+ CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
+ CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
+ A bug was introduced in DPDK 21.11.1 by the commit
+ 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications").
+ This bug can cause a deadlock when vIOMMU is enabled and NUMA
+ reallocation of the virtqueues happen.
+ A fix has been posted and pushed to the DPDK 21.11 branch.
+ It can be found here:
+
https://patches.dpdk.org/project/dpdk/patch/[email protected]/.
+ If a user wishes to avoid the issue then it is recommended to use
+ DPDK 21.11.0 until the release of DPDK 21.11.3.
+ It should be noted that DPDK 21.11.0 does not benefit from the numerous
+ bug and CVE fixes addressed since its release.
+ If a user wishes to benefit from these fixes it is recommended to use
+ DPDK 21.11.2.
v3.0.0 - 15 Aug 2022
--------------------
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
