> Update OVS CLI and relevant documentation to use DPDK 21.11.2.
>
> DPDK 21.11.2 contains fixes for the CVEs listed below:
> CVE-2022-28199 [1]
> CVE-2022-2132 [2]
>
> A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: fix
> unsafe vring addresses modifications").
> This bug can cause a deadlock when vIOMMU is enabled and NUMA reallocation
> of the virtqueues happen.
> A fix [3] has been posted and pushed to the DPDK 21.11 branch.
> If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0
> until the release of DPDK 21.11.3.
> It should be noted that DPDK 21.11.0 does not benefit from the numerous bug
> and CVE fixes addressed since its release.
> If a user wishes to benefit from these fixes it is recommended to use DPDK
> 21.11.2.
>
> [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
> [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
> [3] https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-
> [email protected]/
>
> Signed-off-by: Michael Phelan <[email protected]>
Hi Michael, seeing MFEX errors on this patch in the Intel CI, specifically
compilation, can you check if this is s till the case?
Thanks
Ian
>
> ---
> v2:
> - Update recommended DPDK version for older OvS versions in Documentation.
>
> ---
> ---
> .ci/linux-build.sh | 2 +-
> Documentation/faq/releases.rst | 10 +++++-----
> Documentation/intro/install/dpdk.rst | 8 ++++----
> NEWS | 18 ++++++++++++++++++
> 4 files changed, 28 insertions(+), 10 deletions(-)
>
> diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh
> index 2dabd3d0a..392c7ee79 100755
> --- a/.ci/linux-build.sh
> +++ b/.ci/linux-build.sh
> @@ -220,7 +220,7 @@ fi
>
> if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then
> if [ -z "$DPDK_VER" ]; then
> - DPDK_VER="21.11.1"
> + DPDK_VER="21.11.2"
> fi
> install_dpdk $DPDK_VER
> fi
> diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
> index 33a0d5d2d..49895c595 100644
> --- a/Documentation/faq/releases.rst
> +++ b/Documentation/faq/releases.rst
> @@ -206,11 +206,11 @@ Q: What DPDK version does each Open vSwitch
> release work with?
> 2.10.x 17.11.10
> 2.11.x 18.11.9
> 2.12.x 18.11.9
> - 2.13.x 19.11.10
> - 2.14.x 19.11.10
> - 2.15.x 20.11.4
> - 2.16.x 20.11.4
> - 2.17.x 21.11.1
> + 2.13.x 19.11.13
> + 2.14.x 19.11.13
> + 2.15.x 20.11.6
> + 2.16.x 20.11.6
> + 2.17.x 21.11.2
> ============ ========
>
> Q: Are all the DPDK releases that OVS versions work with maintained?
> diff --git a/Documentation/intro/install/dpdk.rst
> b/Documentation/intro/install/dpdk.rst
> index f8f01bfad..a284e6851 100644
> --- a/Documentation/intro/install/dpdk.rst
> +++ b/Documentation/intro/install/dpdk.rst
> @@ -42,7 +42,7 @@ Build requirements
> In addition to the requirements described in :doc:`general`, building Open
> vSwitch with DPDK will require the following:
>
> -- DPDK 21.11.1
> +- DPDK 21.11.2
>
> - A `DPDK supported NIC`_
>
> @@ -73,9 +73,9 @@ Install DPDK
> #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``::
>
> $ cd /usr/src/
> - $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz
> - $ tar xf dpdk-21.11.1.tar.xz
> - $ export DPDK_DIR=/usr/src/dpdk-stable-21.11
> + $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz
> + $ tar xf dpdk-21.11.2.tar.xz
> + $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2
> $ cd $DPDK_DIR
>
> #. Configure and install DPDK using Meson
> diff --git a/NEWS b/NEWS
> index 7c71284f9..36fcbb874 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -5,6 +5,24 @@ v2.17.3 - xx xxx xxxx
> configuration in a clustered databse independently for each server.
> E.g. for listening on unique addresses. See the ovsdb.local-config.5
> manpage for schema details.
> + - DPDK:
> + * OVS validated with DPDK 21.11.2.
> + DPDK 21.11.2 contains fixes for the following CVEs:
> + CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-
> 28199
> + CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
> + A bug was introduced in DPDK 21.11.1 by the commit
> + 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications").
> + This bug can cause a deadlock when vIOMMU is enabled and NUMA
> + reallocation of the virtqueues happen.
> + A fix has been posted and pushed to the DPDK 21.11 branch.
> + It can be found here:
> + https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-
> [email protected]/.
> + If a user wishes to avoid the issue then it is recommended to use
> + DPDK 21.11.0 until the release of DPDK 21.11.3.
> + It should be noted that DPDK 21.11.0 does not benefit from the
> numerous
> + bug and CVE fixes addressed since its release.
> + If a user wishes to benefit from these fixes it is recommended to use
> + DPDK 21.11.2.
>
> v2.17.2 - 15 Jun 2022
> ---------------------
> --
> 2.25.1
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
