> -----Original Message----- > From: Maxime Coquelin <maxime.coque...@redhat.com> > Sent: Monday 19 September 2022 12:39 > To: Phelan, Michael <michael.phe...@intel.com>; d...@openvswitch.org > Cc: i.maxim...@ovn.org > Subject: Re: [ovs-dev] [v2] dpdk: Use DPDK 21.11.2 release. > > > > On 9/16/22 16:23, Michael Phelan wrote: > > Update OVS CLI and relevant documentation to use DPDK 21.11.2. > > > > DPDK 21.11.2 contains fixes for the CVEs listed below: > > CVE-2022-28199 [1] > > CVE-2022-2132 [2] > > > > A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: > fix unsafe vring addresses modifications"). > > This bug can cause a deadlock when vIOMMU is enabled and NUMA > reallocation of the virtqueues happen. > > A fix [3] has been posted and is due to be included in the 21.11.3 release > > in > December 2022. > > If a user wishes to avoid the issue then it is recommended to use DPDK > > 21.11.0 > until the release of DPDK 21.11.3. > > It should be noted that DPDK 21.11.0 does not benefit from the numerous bug > and CVE fixes addressed since its release. > > If a user wishes to benefit from these fixes it is recommended to use DPDK > 21.11.2. > > > > [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 > > [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 > > [3] > > https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-da > > vid.march...@redhat.com/ > > Signed-off-by: Michael Phelan <michael.phe...@intel.com> > > > > --- > > v2: > > - Update recommended DPDK version for older OvS versions in > Documentation. > > > > --- > > --- > > .ci/linux-build.sh | 2 +- > > Documentation/faq/releases.rst | 12 ++++++------ > > Documentation/intro/install/dpdk.rst | 8 ++++---- > > NEWS | 20 ++++++++++++++++++++ > > 4 files changed, 31 insertions(+), 11 deletions(-) > > > > diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh index > > 509314a07..23c8bbb7a 100755 > > --- a/.ci/linux-build.sh > > +++ b/.ci/linux-build.sh > > @@ -228,7 +228,7 @@ fi > > > > if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then > > if [ -z "$DPDK_VER" ]; then > > - DPDK_VER="21.11.1" > > + DPDK_VER="21.11.2" > > fi > > install_dpdk $DPDK_VER > > fi > > diff --git a/Documentation/faq/releases.rst > > b/Documentation/faq/releases.rst index 1bc22a6ba..6ce0b4cd5 100644 > > --- a/Documentation/faq/releases.rst > > +++ b/Documentation/faq/releases.rst > > @@ -210,12 +210,12 @@ Q: What DPDK version does each Open vSwitch > release work with? > > 2.10.x 17.11.10 > > 2.11.x 18.11.9 > > 2.12.x 18.11.9 > > - 2.13.x 19.11.10 > > - 2.14.x 19.11.10 > > - 2.15.x 20.11.4 > > - 2.16.x 20.11.4 > > - 2.17.x 21.11.1 > > - 3.0.x 21.11.1 > > + 2.13.x 19.11.13 > > + 2.14.x 19.11.13 > > + 2.15.x 20.11.6 > > + 2.16.x 20.11.6 > > + 2.17.x 21.11.2 > > + 3.0.x 21.11.2 > > ============ ======== > > > > Q: Are all the DPDK releases that OVS versions work with maintained? > > diff --git a/Documentation/intro/install/dpdk.rst > > b/Documentation/intro/install/dpdk.rst > > index 0f3712c79..a284e6851 100644 > > --- a/Documentation/intro/install/dpdk.rst > > +++ b/Documentation/intro/install/dpdk.rst > > @@ -42,7 +42,7 @@ Build requirements > > In addition to the requirements described in :doc:`general`, building Open > > vSwitch with DPDK will require the following: > > > > -- DPDK 21.11.1 > > +- DPDK 21.11.2 > > > > - A `DPDK supported NIC`_ > > > > @@ -73,9 +73,9 @@ Install DPDK > > #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``:: > > > > $ cd /usr/src/ > > - $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz > > - $ tar xf dpdk-21.11.1.tar.xz > > - $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.1 > > + $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz > > + $ tar xf dpdk-21.11.2.tar.xz > > + $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2 > > $ cd $DPDK_DIR > > > > #. Configure and install DPDK using Meson diff --git a/NEWS b/NEWS > > index 843abc7ac..f4e9ad0a2 100644 > > --- a/NEWS > > +++ b/NEWS > > @@ -3,6 +3,26 @@ Post-v3.0.0 > > - ovs-appctl: > > * "ovs-appctl ofproto/trace" command can now display port names with > the > > "--names" option. > > +- DPDK: > > + * OVS validated with DPDK 21.11.2. It is recommended to use this > > version > > + until further releases. > > + DPDK 21.11.2 contains fixes for the following CVEs: > > + CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022- > 28199 > > + CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022- > 2132 > > + A bug was introduced in DPDK 21.11.1 by the commit > > + 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications"). > > + This bug can cause a deadlock when vIOMMU is enabled and NUMA > > + reallocation of the virtqueues happen. > > + A fix has been posted and is due to be included in the DPDK 21.11.3 > > + release. > > + It can be found here: > > + https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083- > 2-david.march...@redhat.com/. > > + If a user wishes to avoid the issue then it is recommended to use > > + DPDK 21.11.0 until the release of DPDK 21.11.3. > > + It should be noted that DPDK 21.11.0 does not benefit from the > > numerous > > + bug and CVE fixes addressed since its release. > > + If a user wishes to benefit from these fixes it is recommended to > > use > > + DPDK 21.11.2. > > > > > > v3.0.0 - 15 Aug 2022 > > Reviewed-by: Maxime Coquelin <maxime.coque...@redhat.com> > > Thanks for having added the discovered issue, Maxime Thanks for the review Maxime.
Kevin/Ilya do you have any other feedback before I begin generating the patches for the other branches? _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev