> -----Original Message-----
> From: Maxime Coquelin <maxime.coque...@redhat.com>
> Sent: Monday 19 September 2022 12:39
> To: Phelan, Michael <michael.phe...@intel.com>; d...@openvswitch.org
> Cc: i.maxim...@ovn.org
> Subject: Re: [ovs-dev] [v2] dpdk: Use DPDK 21.11.2 release.
>
>
>
> On 9/16/22 16:23, Michael Phelan wrote:
> > Update OVS CLI and relevant documentation to use DPDK 21.11.2.
> >
> > DPDK 21.11.2 contains fixes for the CVEs listed below:
> > CVE-2022-28199 [1]
> > CVE-2022-2132 [2]
> >
> > A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost:
> fix unsafe vring addresses modifications").
> > This bug can cause a deadlock when vIOMMU is enabled and NUMA
> reallocation of the virtqueues happen.
> > A fix [3] has been posted and is due to be included in the 21.11.3 release
> > in
> December 2022.
> > If a user wishes to avoid the issue then it is recommended to use DPDK
> > 21.11.0
> until the release of DPDK 21.11.3.
> > It should be noted that DPDK 21.11.0 does not benefit from the numerous bug
> and CVE fixes addressed since its release.
> > If a user wishes to benefit from these fixes it is recommended to use DPDK
> 21.11.2.
> >
> > [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
> > [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
> > [3]
> > https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-da
> > vid.march...@redhat.com/
> > Signed-off-by: Michael Phelan <michael.phe...@intel.com>
> >
> > ---
> > v2:
> > - Update recommended DPDK version for older OvS versions in
> Documentation.
> >
> > ---
> > ---
> > .ci/linux-build.sh | 2 +-
> > Documentation/faq/releases.rst | 12 ++++++------
> > Documentation/intro/install/dpdk.rst | 8 ++++----
> > NEWS | 20 ++++++++++++++++++++
> > 4 files changed, 31 insertions(+), 11 deletions(-)
> >
> > diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh index
> > 509314a07..23c8bbb7a 100755
> > --- a/.ci/linux-build.sh
> > +++ b/.ci/linux-build.sh
> > @@ -228,7 +228,7 @@ fi
> >
> > if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then
> > if [ -z "$DPDK_VER" ]; then
> > - DPDK_VER="21.11.1"
> > + DPDK_VER="21.11.2"
> > fi
> > install_dpdk $DPDK_VER
> > fi
> > diff --git a/Documentation/faq/releases.rst
> > b/Documentation/faq/releases.rst index 1bc22a6ba..6ce0b4cd5 100644
> > --- a/Documentation/faq/releases.rst
> > +++ b/Documentation/faq/releases.rst
> > @@ -210,12 +210,12 @@ Q: What DPDK version does each Open vSwitch
> release work with?
> > 2.10.x 17.11.10
> > 2.11.x 18.11.9
> > 2.12.x 18.11.9
> > - 2.13.x 19.11.10
> > - 2.14.x 19.11.10
> > - 2.15.x 20.11.4
> > - 2.16.x 20.11.4
> > - 2.17.x 21.11.1
> > - 3.0.x 21.11.1
> > + 2.13.x 19.11.13
> > + 2.14.x 19.11.13
> > + 2.15.x 20.11.6
> > + 2.16.x 20.11.6
> > + 2.17.x 21.11.2
> > + 3.0.x 21.11.2
> > ============ ========
> >
> > Q: Are all the DPDK releases that OVS versions work with maintained?
> > diff --git a/Documentation/intro/install/dpdk.rst
> > b/Documentation/intro/install/dpdk.rst
> > index 0f3712c79..a284e6851 100644
> > --- a/Documentation/intro/install/dpdk.rst
> > +++ b/Documentation/intro/install/dpdk.rst
> > @@ -42,7 +42,7 @@ Build requirements
> > In addition to the requirements described in :doc:`general`, building Open
> > vSwitch with DPDK will require the following:
> >
> > -- DPDK 21.11.1
> > +- DPDK 21.11.2
> >
> > - A `DPDK supported NIC`_
> >
> > @@ -73,9 +73,9 @@ Install DPDK
> > #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``::
> >
> > $ cd /usr/src/
> > - $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz
> > - $ tar xf dpdk-21.11.1.tar.xz
> > - $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.1
> > + $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz
> > + $ tar xf dpdk-21.11.2.tar.xz
> > + $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2
> > $ cd $DPDK_DIR
> >
> > #. Configure and install DPDK using Meson diff --git a/NEWS b/NEWS
> > index 843abc7ac..f4e9ad0a2 100644
> > --- a/NEWS
> > +++ b/NEWS
> > @@ -3,6 +3,26 @@ Post-v3.0.0
> > - ovs-appctl:
> > * "ovs-appctl ofproto/trace" command can now display port names with
> the
> > "--names" option.
> > +- DPDK:
> > + * OVS validated with DPDK 21.11.2. It is recommended to use this
> > version
> > + until further releases.
> > + DPDK 21.11.2 contains fixes for the following CVEs:
> > + CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-
> 28199
> > + CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-
> 2132
> > + A bug was introduced in DPDK 21.11.1 by the commit
> > + 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications").
> > + This bug can cause a deadlock when vIOMMU is enabled and NUMA
> > + reallocation of the virtqueues happen.
> > + A fix has been posted and is due to be included in the DPDK 21.11.3
> > + release.
> > + It can be found here:
> > + https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-
> 2-david.march...@redhat.com/.
> > + If a user wishes to avoid the issue then it is recommended to use
> > + DPDK 21.11.0 until the release of DPDK 21.11.3.
> > + It should be noted that DPDK 21.11.0 does not benefit from the
> > numerous
> > + bug and CVE fixes addressed since its release.
> > + If a user wishes to benefit from these fixes it is recommended to
> > use
> > + DPDK 21.11.2.
> >
> >
> > v3.0.0 - 15 Aug 2022
>
> Reviewed-by: Maxime Coquelin <maxime.coque...@redhat.com>
>
> Thanks for having added the discovered issue, Maxime
Thanks for the review Maxime.
Kevin/Ilya do you have any other feedback before I begin generating the patches
for the other branches?
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
