| Message ID | 20220916142321.960856-1-michael.phelan@intel.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [ovs-dev,v2] dpdk: Use DPDK 21.11.2 release. | expand |
| Context | Check | Description |
|---|---|---|
| ovsrobot/github-robot-_Build_and_Test | success | github build: passed |
| ovsrobot/intel-ovs-compilation | success | test: success |
Bleep bloop. Greetings Michael Phelan, I am a robot and I have tried out your patch.
Thanks for your contribution.
I encountered some error that I wasn't expecting. See the details below.
checkpatch:
WARNING: Line is 102 characters long (recommended limit is 79)
#113 FILE: NEWS:19:
https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/.
Lines checked: 126, Warnings: 1, Errors: 0
Please check this out. If you feel there has been an error, please email aconole@redhat.com
Thanks,
0-day Robot
On 9/16/22 16:23, Michael Phelan wrote: > Update OVS CLI and relevant documentation to use DPDK 21.11.2. > > DPDK 21.11.2 contains fixes for the CVEs listed below: > CVE-2022-28199 [1] > CVE-2022-2132 [2] > > A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications"). > This bug can cause a deadlock when vIOMMU is enabled and NUMA reallocation of the virtqueues happen. > A fix [3] has been posted and is due to be included in the 21.11.3 release in December 2022. > If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0 until the release of DPDK 21.11.3. > It should be noted that DPDK 21.11.0 does not benefit from the numerous bug and CVE fixes addressed since its release. > If a user wishes to benefit from these fixes it is recommended to use DPDK 21.11.2. > > [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 > [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 > [3] https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/ > Signed-off-by: Michael Phelan <michael.phelan@intel.com> > > --- > v2: > - Update recommended DPDK version for older OvS versions in Documentation. > > --- > --- > .ci/linux-build.sh | 2 +- > Documentation/faq/releases.rst | 12 ++++++------ > Documentation/intro/install/dpdk.rst | 8 ++++---- > NEWS | 20 ++++++++++++++++++++ > 4 files changed, 31 insertions(+), 11 deletions(-) > > diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh > index 509314a07..23c8bbb7a 100755 > --- a/.ci/linux-build.sh > +++ b/.ci/linux-build.sh > @@ -228,7 +228,7 @@ fi > > if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then > if [ -z "$DPDK_VER" ]; then > - DPDK_VER="21.11.1" > + DPDK_VER="21.11.2" > fi > install_dpdk $DPDK_VER > fi > diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst > index 1bc22a6ba..6ce0b4cd5 100644 > --- a/Documentation/faq/releases.rst > +++ b/Documentation/faq/releases.rst > @@ -210,12 +210,12 @@ Q: What DPDK version does each Open vSwitch release work with? > 2.10.x 17.11.10 > 2.11.x 18.11.9 > 2.12.x 18.11.9 > - 2.13.x 19.11.10 > - 2.14.x 19.11.10 > - 2.15.x 20.11.4 > - 2.16.x 20.11.4 > - 2.17.x 21.11.1 > - 3.0.x 21.11.1 > + 2.13.x 19.11.13 > + 2.14.x 19.11.13 > + 2.15.x 20.11.6 > + 2.16.x 20.11.6 > + 2.17.x 21.11.2 > + 3.0.x 21.11.2 > ============ ======== > > Q: Are all the DPDK releases that OVS versions work with maintained? > diff --git a/Documentation/intro/install/dpdk.rst b/Documentation/intro/install/dpdk.rst > index 0f3712c79..a284e6851 100644 > --- a/Documentation/intro/install/dpdk.rst > +++ b/Documentation/intro/install/dpdk.rst > @@ -42,7 +42,7 @@ Build requirements > In addition to the requirements described in :doc:`general`, building Open > vSwitch with DPDK will require the following: > > -- DPDK 21.11.1 > +- DPDK 21.11.2 > > - A `DPDK supported NIC`_ > > @@ -73,9 +73,9 @@ Install DPDK > #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``:: > > $ cd /usr/src/ > - $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz > - $ tar xf dpdk-21.11.1.tar.xz > - $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.1 > + $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz > + $ tar xf dpdk-21.11.2.tar.xz > + $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2 > $ cd $DPDK_DIR > > #. Configure and install DPDK using Meson > diff --git a/NEWS b/NEWS > index 843abc7ac..f4e9ad0a2 100644 > --- a/NEWS > +++ b/NEWS > @@ -3,6 +3,26 @@ Post-v3.0.0 > - ovs-appctl: > * "ovs-appctl ofproto/trace" command can now display port names with the > "--names" option. > +- DPDK: > + * OVS validated with DPDK 21.11.2. It is recommended to use this version > + until further releases. > + DPDK 21.11.2 contains fixes for the following CVEs: > + CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 > + CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 > + A bug was introduced in DPDK 21.11.1 by the commit > + 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications"). > + This bug can cause a deadlock when vIOMMU is enabled and NUMA > + reallocation of the virtqueues happen. > + A fix has been posted and is due to be included in the DPDK 21.11.3 > + release. > + It can be found here: > + https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/. > + If a user wishes to avoid the issue then it is recommended to use > + DPDK 21.11.0 until the release of DPDK 21.11.3. > + It should be noted that DPDK 21.11.0 does not benefit from the numerous > + bug and CVE fixes addressed since its release. > + If a user wishes to benefit from these fixes it is recommended to use > + DPDK 21.11.2. > > > v3.0.0 - 15 Aug 2022 Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> Thanks for having added the discovered issue, Maxime
> -----Original Message----- > From: Maxime Coquelin <maxime.coquelin@redhat.com> > Sent: Monday 19 September 2022 12:39 > To: Phelan, Michael <michael.phelan@intel.com>; dev@openvswitch.org > Cc: i.maximets@ovn.org > Subject: Re: [ovs-dev] [v2] dpdk: Use DPDK 21.11.2 release. > > > > On 9/16/22 16:23, Michael Phelan wrote: > > Update OVS CLI and relevant documentation to use DPDK 21.11.2. > > > > DPDK 21.11.2 contains fixes for the CVEs listed below: > > CVE-2022-28199 [1] > > CVE-2022-2132 [2] > > > > A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: > fix unsafe vring addresses modifications"). > > This bug can cause a deadlock when vIOMMU is enabled and NUMA > reallocation of the virtqueues happen. > > A fix [3] has been posted and is due to be included in the 21.11.3 release in > December 2022. > > If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0 > until the release of DPDK 21.11.3. > > It should be noted that DPDK 21.11.0 does not benefit from the numerous bug > and CVE fixes addressed since its release. > > If a user wishes to benefit from these fixes it is recommended to use DPDK > 21.11.2. > > > > [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 > > [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 > > [3] > > https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-da > > vid.marchand@redhat.com/ > > Signed-off-by: Michael Phelan <michael.phelan@intel.com> > > > > --- > > v2: > > - Update recommended DPDK version for older OvS versions in > Documentation. > > > > --- > > --- > > .ci/linux-build.sh | 2 +- > > Documentation/faq/releases.rst | 12 ++++++------ > > Documentation/intro/install/dpdk.rst | 8 ++++---- > > NEWS | 20 ++++++++++++++++++++ > > 4 files changed, 31 insertions(+), 11 deletions(-) > > > > diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh index > > 509314a07..23c8bbb7a 100755 > > --- a/.ci/linux-build.sh > > +++ b/.ci/linux-build.sh > > @@ -228,7 +228,7 @@ fi > > > > if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then > > if [ -z "$DPDK_VER" ]; then > > - DPDK_VER="21.11.1" > > + DPDK_VER="21.11.2" > > fi > > install_dpdk $DPDK_VER > > fi > > diff --git a/Documentation/faq/releases.rst > > b/Documentation/faq/releases.rst index 1bc22a6ba..6ce0b4cd5 100644 > > --- a/Documentation/faq/releases.rst > > +++ b/Documentation/faq/releases.rst > > @@ -210,12 +210,12 @@ Q: What DPDK version does each Open vSwitch > release work with? > > 2.10.x 17.11.10 > > 2.11.x 18.11.9 > > 2.12.x 18.11.9 > > - 2.13.x 19.11.10 > > - 2.14.x 19.11.10 > > - 2.15.x 20.11.4 > > - 2.16.x 20.11.4 > > - 2.17.x 21.11.1 > > - 3.0.x 21.11.1 > > + 2.13.x 19.11.13 > > + 2.14.x 19.11.13 > > + 2.15.x 20.11.6 > > + 2.16.x 20.11.6 > > + 2.17.x 21.11.2 > > + 3.0.x 21.11.2 > > ============ ======== > > > > Q: Are all the DPDK releases that OVS versions work with maintained? > > diff --git a/Documentation/intro/install/dpdk.rst > > b/Documentation/intro/install/dpdk.rst > > index 0f3712c79..a284e6851 100644 > > --- a/Documentation/intro/install/dpdk.rst > > +++ b/Documentation/intro/install/dpdk.rst > > @@ -42,7 +42,7 @@ Build requirements > > In addition to the requirements described in :doc:`general`, building Open > > vSwitch with DPDK will require the following: > > > > -- DPDK 21.11.1 > > +- DPDK 21.11.2 > > > > - A `DPDK supported NIC`_ > > > > @@ -73,9 +73,9 @@ Install DPDK > > #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``:: > > > > $ cd /usr/src/ > > - $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz > > - $ tar xf dpdk-21.11.1.tar.xz > > - $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.1 > > + $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz > > + $ tar xf dpdk-21.11.2.tar.xz > > + $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2 > > $ cd $DPDK_DIR > > > > #. Configure and install DPDK using Meson diff --git a/NEWS b/NEWS > > index 843abc7ac..f4e9ad0a2 100644 > > --- a/NEWS > > +++ b/NEWS > > @@ -3,6 +3,26 @@ Post-v3.0.0 > > - ovs-appctl: > > * "ovs-appctl ofproto/trace" command can now display port names with > the > > "--names" option. > > +- DPDK: > > + * OVS validated with DPDK 21.11.2. It is recommended to use this version > > + until further releases. > > + DPDK 21.11.2 contains fixes for the following CVEs: > > + CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022- > 28199 > > + CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022- > 2132 > > + A bug was introduced in DPDK 21.11.1 by the commit > > + 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications"). > > + This bug can cause a deadlock when vIOMMU is enabled and NUMA > > + reallocation of the virtqueues happen. > > + A fix has been posted and is due to be included in the DPDK 21.11.3 > > + release. > > + It can be found here: > > + https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083- > 2-david.marchand@redhat.com/. > > + If a user wishes to avoid the issue then it is recommended to use > > + DPDK 21.11.0 until the release of DPDK 21.11.3. > > + It should be noted that DPDK 21.11.0 does not benefit from the numerous > > + bug and CVE fixes addressed since its release. > > + If a user wishes to benefit from these fixes it is recommended to use > > + DPDK 21.11.2. > > > > > > v3.0.0 - 15 Aug 2022 > > Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> > > Thanks for having added the discovered issue, Maxime Thanks for the review Maxime. Kevin/Ilya do you have any other feedback before I begin generating the patches for the other branches?
On 9/20/22 11:28, Phelan, Michael wrote: >> -----Original Message----- >> From: Maxime Coquelin <maxime.coquelin@redhat.com> >> Sent: Monday 19 September 2022 12:39 >> To: Phelan, Michael <michael.phelan@intel.com>; dev@openvswitch.org >> Cc: i.maximets@ovn.org >> Subject: Re: [ovs-dev] [v2] dpdk: Use DPDK 21.11.2 release. >> >> >> >> On 9/16/22 16:23, Michael Phelan wrote: >>> Update OVS CLI and relevant documentation to use DPDK 21.11.2. >>> >>> DPDK 21.11.2 contains fixes for the CVEs listed below: >>> CVE-2022-28199 [1] >>> CVE-2022-2132 [2] >>> >>> A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: >> fix unsafe vring addresses modifications"). >>> This bug can cause a deadlock when vIOMMU is enabled and NUMA >> reallocation of the virtqueues happen. >>> A fix [3] has been posted and is due to be included in the 21.11.3 release in >> December 2022. >>> If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0 >> until the release of DPDK 21.11.3. >>> It should be noted that DPDK 21.11.0 does not benefit from the numerous bug >> and CVE fixes addressed since its release. >>> If a user wishes to benefit from these fixes it is recommended to use DPDK >> 21.11.2. >>> >>> [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 >>> [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 >>> [3] >>> https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-da >>> vid.marchand@redhat.com/ >>> Signed-off-by: Michael Phelan <michael.phelan@intel.com> >>> >>> --- >>> v2: >>> - Update recommended DPDK version for older OvS versions in >> Documentation. >>> >>> --- >>> --- >>> .ci/linux-build.sh | 2 +- >>> Documentation/faq/releases.rst | 12 ++++++------ >>> Documentation/intro/install/dpdk.rst | 8 ++++---- >>> NEWS | 20 ++++++++++++++++++++ >>> 4 files changed, 31 insertions(+), 11 deletions(-) >>> >>> diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh index >>> 509314a07..23c8bbb7a 100755 >>> --- a/.ci/linux-build.sh >>> +++ b/.ci/linux-build.sh >>> @@ -228,7 +228,7 @@ fi >>> >>> if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then >>> if [ -z "$DPDK_VER" ]; then >>> - DPDK_VER="21.11.1" >>> + DPDK_VER="21.11.2" >>> fi >>> install_dpdk $DPDK_VER >>> fi >>> diff --git a/Documentation/faq/releases.rst >>> b/Documentation/faq/releases.rst index 1bc22a6ba..6ce0b4cd5 100644 >>> --- a/Documentation/faq/releases.rst >>> +++ b/Documentation/faq/releases.rst >>> @@ -210,12 +210,12 @@ Q: What DPDK version does each Open vSwitch >> release work with? >>> 2.10.x 17.11.10 >>> 2.11.x 18.11.9 >>> 2.12.x 18.11.9 >>> - 2.13.x 19.11.10 >>> - 2.14.x 19.11.10 >>> - 2.15.x 20.11.4 >>> - 2.16.x 20.11.4 >>> - 2.17.x 21.11.1 >>> - 3.0.x 21.11.1 >>> + 2.13.x 19.11.13 >>> + 2.14.x 19.11.13 >>> + 2.15.x 20.11.6 >>> + 2.16.x 20.11.6 >>> + 2.17.x 21.11.2 >>> + 3.0.x 21.11.2 >>> ============ ======== >>> >>> Q: Are all the DPDK releases that OVS versions work with maintained? >>> diff --git a/Documentation/intro/install/dpdk.rst >>> b/Documentation/intro/install/dpdk.rst >>> index 0f3712c79..a284e6851 100644 >>> --- a/Documentation/intro/install/dpdk.rst >>> +++ b/Documentation/intro/install/dpdk.rst >>> @@ -42,7 +42,7 @@ Build requirements >>> In addition to the requirements described in :doc:`general`, building Open >>> vSwitch with DPDK will require the following: >>> >>> -- DPDK 21.11.1 >>> +- DPDK 21.11.2 >>> >>> - A `DPDK supported NIC`_ >>> >>> @@ -73,9 +73,9 @@ Install DPDK >>> #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``:: >>> >>> $ cd /usr/src/ >>> - $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz >>> - $ tar xf dpdk-21.11.1.tar.xz >>> - $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.1 >>> + $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz >>> + $ tar xf dpdk-21.11.2.tar.xz >>> + $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2 >>> $ cd $DPDK_DIR >>> >>> #. Configure and install DPDK using Meson diff --git a/NEWS b/NEWS >>> index 843abc7ac..f4e9ad0a2 100644 >>> --- a/NEWS >>> +++ b/NEWS >>> @@ -3,6 +3,26 @@ Post-v3.0.0 >>> - ovs-appctl: >>> * "ovs-appctl ofproto/trace" command can now display port names with >> the >>> "--names" option. >>> +- DPDK: >>> + * OVS validated with DPDK 21.11.2. It is recommended to use this version >>> + until further releases. >>> + DPDK 21.11.2 contains fixes for the following CVEs: >>> + CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022- >> 28199 >>> + CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022- >> 2132 >>> + A bug was introduced in DPDK 21.11.1 by the commit >>> + 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications"). >>> + This bug can cause a deadlock when vIOMMU is enabled and NUMA >>> + reallocation of the virtqueues happen. >>> + A fix has been posted and is due to be included in the DPDK 21.11.3 >>> + release. >>> + It can be found here: >>> + https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083- >> 2-david.marchand@redhat.com/. >>> + If a user wishes to avoid the issue then it is recommended to use >>> + DPDK 21.11.0 until the release of DPDK 21.11.3. >>> + It should be noted that DPDK 21.11.0 does not benefit from the numerous >>> + bug and CVE fixes addressed since its release. >>> + If a user wishes to benefit from these fixes it is recommended to use >>> + DPDK 21.11.2. >>> >>> >>> v3.0.0 - 15 Aug 2022 >> >> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> >> >> Thanks for having added the discovered issue, Maxime > Thanks for the review Maxime. > > Kevin/Ilya do you have any other feedback before I begin generating the patches for the other branches? Kevin suggested the fix to be backported early to the DPDK stable branches, I just sent a mail to the LTS maintainers requesting so. If they agree, it might be a good idea to mention it in the paragraph you added documenting the issue? Thanks, Maxime
On 20/09/2022 10:28, Phelan, Michael wrote: >> -----Original Message----- >> From: Maxime Coquelin <maxime.coquelin@redhat.com> >> Sent: Monday 19 September 2022 12:39 >> To: Phelan, Michael <michael.phelan@intel.com>; dev@openvswitch.org >> Cc: i.maximets@ovn.org >> Subject: Re: [ovs-dev] [v2] dpdk: Use DPDK 21.11.2 release. >> >> >> >> On 9/16/22 16:23, Michael Phelan wrote: >>> Update OVS CLI and relevant documentation to use DPDK 21.11.2. >>> >>> DPDK 21.11.2 contains fixes for the CVEs listed below: >>> CVE-2022-28199 [1] >>> CVE-2022-2132 [2] >>> >>> A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: >> fix unsafe vring addresses modifications"). >>> This bug can cause a deadlock when vIOMMU is enabled and NUMA >> reallocation of the virtqueues happen. >>> A fix [3] has been posted and is due to be included in the 21.11.3 release in >> December 2022. >>> If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0 >> until the release of DPDK 21.11.3. >>> It should be noted that DPDK 21.11.0 does not benefit from the numerous bug >> and CVE fixes addressed since its release. >>> If a user wishes to benefit from these fixes it is recommended to use DPDK >> 21.11.2. >>> >>> [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 >>> [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 >>> [3] >>> https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-da >>> vid.marchand@redhat.com/ >>> Signed-off-by: Michael Phelan <michael.phelan@intel.com> >>> >>> --- >>> v2: >>> - Update recommended DPDK version for older OvS versions in >> Documentation. >>> >>> --- >>> --- >>> .ci/linux-build.sh | 2 +- >>> Documentation/faq/releases.rst | 12 ++++++------ >>> Documentation/intro/install/dpdk.rst | 8 ++++---- >>> NEWS | 20 ++++++++++++++++++++ >>> 4 files changed, 31 insertions(+), 11 deletions(-) >>> >>> diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh index >>> 509314a07..23c8bbb7a 100755 >>> --- a/.ci/linux-build.sh >>> +++ b/.ci/linux-build.sh >>> @@ -228,7 +228,7 @@ fi >>> >>> if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then >>> if [ -z "$DPDK_VER" ]; then >>> - DPDK_VER="21.11.1" >>> + DPDK_VER="21.11.2" >>> fi >>> install_dpdk $DPDK_VER >>> fi >>> diff --git a/Documentation/faq/releases.rst >>> b/Documentation/faq/releases.rst index 1bc22a6ba..6ce0b4cd5 100644 >>> --- a/Documentation/faq/releases.rst >>> +++ b/Documentation/faq/releases.rst >>> @@ -210,12 +210,12 @@ Q: What DPDK version does each Open vSwitch >> release work with? >>> 2.10.x 17.11.10 >>> 2.11.x 18.11.9 >>> 2.12.x 18.11.9 >>> - 2.13.x 19.11.10 >>> - 2.14.x 19.11.10 >>> - 2.15.x 20.11.4 >>> - 2.16.x 20.11.4 >>> - 2.17.x 21.11.1 >>> - 3.0.x 21.11.1 >>> + 2.13.x 19.11.13 >>> + 2.14.x 19.11.13 >>> + 2.15.x 20.11.6 >>> + 2.16.x 20.11.6 >>> + 2.17.x 21.11.2 >>> + 3.0.x 21.11.2 >>> ============ ======== >>> >>> Q: Are all the DPDK releases that OVS versions work with maintained? >>> diff --git a/Documentation/intro/install/dpdk.rst >>> b/Documentation/intro/install/dpdk.rst >>> index 0f3712c79..a284e6851 100644 >>> --- a/Documentation/intro/install/dpdk.rst >>> +++ b/Documentation/intro/install/dpdk.rst >>> @@ -42,7 +42,7 @@ Build requirements >>> In addition to the requirements described in :doc:`general`, building Open >>> vSwitch with DPDK will require the following: >>> >>> -- DPDK 21.11.1 >>> +- DPDK 21.11.2 >>> >>> - A `DPDK supported NIC`_ >>> >>> @@ -73,9 +73,9 @@ Install DPDK >>> #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``:: >>> >>> $ cd /usr/src/ >>> - $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz >>> - $ tar xf dpdk-21.11.1.tar.xz >>> - $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.1 >>> + $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz >>> + $ tar xf dpdk-21.11.2.tar.xz >>> + $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2 >>> $ cd $DPDK_DIR >>> >>> #. Configure and install DPDK using Meson diff --git a/NEWS b/NEWS >>> index 843abc7ac..f4e9ad0a2 100644 >>> --- a/NEWS >>> +++ b/NEWS >>> @@ -3,6 +3,26 @@ Post-v3.0.0 >>> - ovs-appctl: >>> * "ovs-appctl ofproto/trace" command can now display port names with >> the >>> "--names" option. >>> +- DPDK: >>> + * OVS validated with DPDK 21.11.2. It is recommended to use this version >>> + until further releases. You can probably drop this "It is recommended.." sentence as there's more detailed recommendations below. >>> + DPDK 21.11.2 contains fixes for the following CVEs: >>> + CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022- >> 28199 >>> + CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022- >> 2132 >>> + A bug was introduced in DPDK 21.11.1 by the commit >>> + 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications"). >>> + This bug can cause a deadlock when vIOMMU is enabled and NUMA >>> + reallocation of the virtqueues happen. >>> + A fix has been posted and is due to be included in the DPDK 21.11.3 >>> + release. >>> + It can be found here: >>> + https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083- >> 2-david.marchand@redhat.com/. >>> + If a user wishes to avoid the issue then it is recommended to use >>> + DPDK 21.11.0 until the release of DPDK 21.11.3. >>> + It should be noted that DPDK 21.11.0 does not benefit from the numerous >>> + bug and CVE fixes addressed since its release. >>> + If a user wishes to benefit from these fixes it is recommended to use >>> + DPDK 21.11.2. >>> >>> >>> v3.0.0 - 15 Aug 2022 >> >> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> >> >> Thanks for having added the discovered issue, Maxime > Thanks for the review Maxime. > > Kevin/Ilya do you have any other feedback before I begin generating the patches for the other branches? Hi Michael, looks good (NEWS file needs a small rebase). Just one suggestion above. thanks, Kevin.
On 20/09/2022 10:38, Maxime Coquelin wrote: > > > On 9/20/22 11:28, Phelan, Michael wrote: >>> -----Original Message----- >>> From: Maxime Coquelin <maxime.coquelin@redhat.com> >>> Sent: Monday 19 September 2022 12:39 >>> To: Phelan, Michael <michael.phelan@intel.com>; dev@openvswitch.org >>> Cc: i.maximets@ovn.org >>> Subject: Re: [ovs-dev] [v2] dpdk: Use DPDK 21.11.2 release. >>> >>> >>> >>> On 9/16/22 16:23, Michael Phelan wrote: >>>> Update OVS CLI and relevant documentation to use DPDK 21.11.2. >>>> >>>> DPDK 21.11.2 contains fixes for the CVEs listed below: >>>> CVE-2022-28199 [1] >>>> CVE-2022-2132 [2] >>>> >>>> A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: >>> fix unsafe vring addresses modifications"). >>>> This bug can cause a deadlock when vIOMMU is enabled and NUMA >>> reallocation of the virtqueues happen. >>>> A fix [3] has been posted and is due to be included in the 21.11.3 release in >>> December 2022. >>>> If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0 >>> until the release of DPDK 21.11.3. >>>> It should be noted that DPDK 21.11.0 does not benefit from the numerous bug >>> and CVE fixes addressed since its release. >>>> If a user wishes to benefit from these fixes it is recommended to use DPDK >>> 21.11.2. >>>> >>>> [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 >>>> [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 >>>> [3] >>>> https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-da >>>> vid.marchand@redhat.com/ >>>> Signed-off-by: Michael Phelan <michael.phelan@intel.com> >>>> >>>> --- >>>> v2: >>>> - Update recommended DPDK version for older OvS versions in >>> Documentation. >>>> >>>> --- >>>> --- >>>> .ci/linux-build.sh | 2 +- >>>> Documentation/faq/releases.rst | 12 ++++++------ >>>> Documentation/intro/install/dpdk.rst | 8 ++++---- >>>> NEWS | 20 ++++++++++++++++++++ >>>> 4 files changed, 31 insertions(+), 11 deletions(-) >>>> >>>> diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh index >>>> 509314a07..23c8bbb7a 100755 >>>> --- a/.ci/linux-build.sh >>>> +++ b/.ci/linux-build.sh >>>> @@ -228,7 +228,7 @@ fi >>>> >>>> if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then >>>> if [ -z "$DPDK_VER" ]; then >>>> - DPDK_VER="21.11.1" >>>> + DPDK_VER="21.11.2" >>>> fi >>>> install_dpdk $DPDK_VER >>>> fi >>>> diff --git a/Documentation/faq/releases.rst >>>> b/Documentation/faq/releases.rst index 1bc22a6ba..6ce0b4cd5 100644 >>>> --- a/Documentation/faq/releases.rst >>>> +++ b/Documentation/faq/releases.rst >>>> @@ -210,12 +210,12 @@ Q: What DPDK version does each Open vSwitch >>> release work with? >>>> 2.10.x 17.11.10 >>>> 2.11.x 18.11.9 >>>> 2.12.x 18.11.9 >>>> - 2.13.x 19.11.10 >>>> - 2.14.x 19.11.10 >>>> - 2.15.x 20.11.4 >>>> - 2.16.x 20.11.4 >>>> - 2.17.x 21.11.1 >>>> - 3.0.x 21.11.1 >>>> + 2.13.x 19.11.13 >>>> + 2.14.x 19.11.13 >>>> + 2.15.x 20.11.6 >>>> + 2.16.x 20.11.6 >>>> + 2.17.x 21.11.2 >>>> + 3.0.x 21.11.2 >>>> ============ ======== >>>> >>>> Q: Are all the DPDK releases that OVS versions work with maintained? >>>> diff --git a/Documentation/intro/install/dpdk.rst >>>> b/Documentation/intro/install/dpdk.rst >>>> index 0f3712c79..a284e6851 100644 >>>> --- a/Documentation/intro/install/dpdk.rst >>>> +++ b/Documentation/intro/install/dpdk.rst >>>> @@ -42,7 +42,7 @@ Build requirements >>>> In addition to the requirements described in :doc:`general`, building Open >>>> vSwitch with DPDK will require the following: >>>> >>>> -- DPDK 21.11.1 >>>> +- DPDK 21.11.2 >>>> >>>> - A `DPDK supported NIC`_ >>>> >>>> @@ -73,9 +73,9 @@ Install DPDK >>>> #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``:: >>>> >>>> $ cd /usr/src/ >>>> - $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz >>>> - $ tar xf dpdk-21.11.1.tar.xz >>>> - $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.1 >>>> + $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz >>>> + $ tar xf dpdk-21.11.2.tar.xz >>>> + $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2 >>>> $ cd $DPDK_DIR >>>> >>>> #. Configure and install DPDK using Meson diff --git a/NEWS b/NEWS >>>> index 843abc7ac..f4e9ad0a2 100644 >>>> --- a/NEWS >>>> +++ b/NEWS >>>> @@ -3,6 +3,26 @@ Post-v3.0.0 >>>> - ovs-appctl: >>>> * "ovs-appctl ofproto/trace" command can now display port names with >>> the >>>> "--names" option. >>>> +- DPDK: >>>> + * OVS validated with DPDK 21.11.2. It is recommended to use this version >>>> + until further releases. >>>> + DPDK 21.11.2 contains fixes for the following CVEs: >>>> + CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022- >>> 28199 >>>> + CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022- >>> 2132 >>>> + A bug was introduced in DPDK 21.11.1 by the commit >>>> + 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications"). >>>> + This bug can cause a deadlock when vIOMMU is enabled and NUMA >>>> + reallocation of the virtqueues happen. >>>> + A fix has been posted and is due to be included in the DPDK 21.11.3 >>>> + release. >>>> + It can be found here: >>>> + https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083- >>> 2-david.marchand@redhat.com/. >>>> + If a user wishes to avoid the issue then it is recommended to use >>>> + DPDK 21.11.0 until the release of DPDK 21.11.3. >>>> + It should be noted that DPDK 21.11.0 does not benefit from the numerous >>>> + bug and CVE fixes addressed since its release. >>>> + If a user wishes to benefit from these fixes it is recommended to use >>>> + DPDK 21.11.2. >>>> >>>> >>>> v3.0.0 - 15 Aug 2022 >>> >>> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> >>> >>> Thanks for having added the discovered issue, Maxime >> Thanks for the review Maxime. >> >> Kevin/Ilya do you have any other feedback before I begin generating the patches for the other branches? > > Kevin suggested the fix to be backported early to the DPDK stable > branches, I just sent a mail to the LTS maintainers requesting so. > Thanks for that. This was just to make it easier for OVS (or other) users so they could pull the latest DPDK LTS branch and have everything they need, without having to apply patches themselves. > If they agree, it might be a good idea to mention it in the paragraph > you added documenting the issue? > If it's done before these merge then we could add something as info, but I wouldn't block these patches on it. Some of the CI can be slow, and I'm not sure if other LTS maintainers are available etc. thanks, Kevin. > Thanks, > Maxime > >
On 20/09/2022 11:47, Kevin Traynor wrote: > On 20/09/2022 10:38, Maxime Coquelin wrote: >> >> >> On 9/20/22 11:28, Phelan, Michael wrote: >>>> -----Original Message----- >>>> From: Maxime Coquelin <maxime.coquelin@redhat.com> >>>> Sent: Monday 19 September 2022 12:39 >>>> To: Phelan, Michael <michael.phelan@intel.com>; dev@openvswitch.org >>>> Cc: i.maximets@ovn.org >>>> Subject: Re: [ovs-dev] [v2] dpdk: Use DPDK 21.11.2 release. >>>> >>>> >>>> >>>> On 9/16/22 16:23, Michael Phelan wrote: >>>>> Update OVS CLI and relevant documentation to use DPDK 21.11.2. >>>>> >>>>> DPDK 21.11.2 contains fixes for the CVEs listed below: >>>>> CVE-2022-28199 [1] >>>>> CVE-2022-2132 [2] >>>>> >>>>> A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: >>>> fix unsafe vring addresses modifications"). >>>>> This bug can cause a deadlock when vIOMMU is enabled and NUMA >>>> reallocation of the virtqueues happen. >>>>> A fix [3] has been posted and is due to be included in the 21.11.3 release in >>>> December 2022. >>>>> If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0 >>>> until the release of DPDK 21.11.3. >>>>> It should be noted that DPDK 21.11.0 does not benefit from the numerous bug >>>> and CVE fixes addressed since its release. >>>>> If a user wishes to benefit from these fixes it is recommended to use DPDK >>>> 21.11.2. >>>>> >>>>> [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 >>>>> [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 >>>>> [3] >>>>> https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-da >>>>> vid.marchand@redhat.com/ >>>>> Signed-off-by: Michael Phelan <michael.phelan@intel.com> >>>>> >>>>> --- >>>>> v2: >>>>> - Update recommended DPDK version for older OvS versions in >>>> Documentation. >>>>> >>>>> --- >>>>> --- >>>>> .ci/linux-build.sh | 2 +- >>>>> Documentation/faq/releases.rst | 12 ++++++------ >>>>> Documentation/intro/install/dpdk.rst | 8 ++++---- >>>>> NEWS | 20 ++++++++++++++++++++ >>>>> 4 files changed, 31 insertions(+), 11 deletions(-) >>>>> >>>>> diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh index >>>>> 509314a07..23c8bbb7a 100755 >>>>> --- a/.ci/linux-build.sh >>>>> +++ b/.ci/linux-build.sh >>>>> @@ -228,7 +228,7 @@ fi >>>>> >>>>> if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then >>>>> if [ -z "$DPDK_VER" ]; then >>>>> - DPDK_VER="21.11.1" >>>>> + DPDK_VER="21.11.2" >>>>> fi >>>>> install_dpdk $DPDK_VER >>>>> fi >>>>> diff --git a/Documentation/faq/releases.rst >>>>> b/Documentation/faq/releases.rst index 1bc22a6ba..6ce0b4cd5 100644 >>>>> --- a/Documentation/faq/releases.rst >>>>> +++ b/Documentation/faq/releases.rst >>>>> @@ -210,12 +210,12 @@ Q: What DPDK version does each Open vSwitch >>>> release work with? >>>>> 2.10.x 17.11.10 >>>>> 2.11.x 18.11.9 >>>>> 2.12.x 18.11.9 >>>>> - 2.13.x 19.11.10 >>>>> - 2.14.x 19.11.10 >>>>> - 2.15.x 20.11.4 >>>>> - 2.16.x 20.11.4 >>>>> - 2.17.x 21.11.1 >>>>> - 3.0.x 21.11.1 >>>>> + 2.13.x 19.11.13 >>>>> + 2.14.x 19.11.13 >>>>> + 2.15.x 20.11.6 >>>>> + 2.16.x 20.11.6 >>>>> + 2.17.x 21.11.2 >>>>> + 3.0.x 21.11.2 >>>>> ============ ======== >>>>> >>>>> Q: Are all the DPDK releases that OVS versions work with maintained? >>>>> diff --git a/Documentation/intro/install/dpdk.rst >>>>> b/Documentation/intro/install/dpdk.rst >>>>> index 0f3712c79..a284e6851 100644 >>>>> --- a/Documentation/intro/install/dpdk.rst >>>>> +++ b/Documentation/intro/install/dpdk.rst >>>>> @@ -42,7 +42,7 @@ Build requirements >>>>> In addition to the requirements described in :doc:`general`, building Open >>>>> vSwitch with DPDK will require the following: >>>>> >>>>> -- DPDK 21.11.1 >>>>> +- DPDK 21.11.2 >>>>> >>>>> - A `DPDK supported NIC`_ >>>>> >>>>> @@ -73,9 +73,9 @@ Install DPDK >>>>> #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``:: >>>>> >>>>> $ cd /usr/src/ >>>>> - $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz >>>>> - $ tar xf dpdk-21.11.1.tar.xz >>>>> - $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.1 >>>>> + $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz >>>>> + $ tar xf dpdk-21.11.2.tar.xz >>>>> + $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2 >>>>> $ cd $DPDK_DIR >>>>> >>>>> #. Configure and install DPDK using Meson diff --git a/NEWS b/NEWS >>>>> index 843abc7ac..f4e9ad0a2 100644 >>>>> --- a/NEWS >>>>> +++ b/NEWS >>>>> @@ -3,6 +3,26 @@ Post-v3.0.0 >>>>> - ovs-appctl: >>>>> * "ovs-appctl ofproto/trace" command can now display port names with >>>> the >>>>> "--names" option. >>>>> +- DPDK: >>>>> + * OVS validated with DPDK 21.11.2. It is recommended to use this version >>>>> + until further releases. >>>>> + DPDK 21.11.2 contains fixes for the following CVEs: >>>>> + CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022- >>>> 28199 >>>>> + CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022- >>>> 2132 >>>>> + A bug was introduced in DPDK 21.11.1 by the commit >>>>> + 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications"). >>>>> + This bug can cause a deadlock when vIOMMU is enabled and NUMA >>>>> + reallocation of the virtqueues happen. >>>>> + A fix has been posted and is due to be included in the DPDK 21.11.3 >>>>> + release. >>>>> + It can be found here: >>>>> + https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083- >>>> 2-david.marchand@redhat.com/. >>>>> + If a user wishes to avoid the issue then it is recommended to use >>>>> + DPDK 21.11.0 until the release of DPDK 21.11.3. >>>>> + It should be noted that DPDK 21.11.0 does not benefit from the numerous >>>>> + bug and CVE fixes addressed since its release. >>>>> + If a user wishes to benefit from these fixes it is recommended to use >>>>> + DPDK 21.11.2. >>>>> >>>>> >>>>> v3.0.0 - 15 Aug 2022 >>>> >>>> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> >>>> >>>> Thanks for having added the discovered issue, Maxime >>> Thanks for the review Maxime. >>> >>> Kevin/Ilya do you have any other feedback before I begin generating the patches for the other branches? >> >> Kevin suggested the fix to be backported early to the DPDK stable >> branches, I just sent a mail to the LTS maintainers requesting so. >> > > Thanks for that. This was just to make it easier for OVS (or other) > users so they could pull the latest DPDK LTS branch and have everything > they need, without having to apply patches themselves. > >> If they agree, it might be a good idea to mention it in the paragraph >> you added documenting the issue? >> > > If it's done before these merge then we could add something as info, but > I wouldn't block these patches on it. Some of the CI can be slow, and > I'm not sure if other LTS maintainers are available etc. > fyi - I pushed the fix to the DPDK 21.11 and 20.11 branches. Will push to 19.11 branch when I get the go ahead from the 19.11 maintainer. > thanks, > Kevin. > >> Thanks, >> Maxime >> >> >
> -----Original Message----- > From: Kevin Traynor <ktraynor@redhat.com> > Sent: Tuesday 20 September 2022 13:36 > To: Maxime Coquelin <maxime.coquelin@redhat.com>; Phelan, Michael > <michael.phelan@intel.com>; dev@openvswitch.org > Cc: i.maximets@ovn.org; Stokes, Ian <ian.stokes@intel.com> > Subject: Re: [ovs-dev] [v2] dpdk: Use DPDK 21.11.2 release. > > On 20/09/2022 11:47, Kevin Traynor wrote: > > On 20/09/2022 10:38, Maxime Coquelin wrote: > >> > >> > >> On 9/20/22 11:28, Phelan, Michael wrote: > >>>> -----Original Message----- > >>>> From: Maxime Coquelin <maxime.coquelin@redhat.com> > >>>> Sent: Monday 19 September 2022 12:39 > >>>> To: Phelan, Michael <michael.phelan@intel.com>; > dev@openvswitch.org > >>>> Cc: i.maximets@ovn.org > >>>> Subject: Re: [ovs-dev] [v2] dpdk: Use DPDK 21.11.2 release. > >>>> > >>>> > >>>> > >>>> On 9/16/22 16:23, Michael Phelan wrote: > >>>>> Update OVS CLI and relevant documentation to use DPDK 21.11.2. > >>>>> > >>>>> DPDK 21.11.2 contains fixes for the CVEs listed below: > >>>>> CVE-2022-28199 [1] > >>>>> CVE-2022-2132 [2] > >>>>> > >>>>> A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 > ("vhost: > >>>> fix unsafe vring addresses modifications"). > >>>>> This bug can cause a deadlock when vIOMMU is enabled and NUMA > >>>> reallocation of the virtqueues happen. > >>>>> A fix [3] has been posted and is due to be included in the 21.11.3 > >>>>> release in > >>>> December 2022. > >>>>> If a user wishes to avoid the issue then it is recommended to use > >>>>> DPDK 21.11.0 > >>>> until the release of DPDK 21.11.3. > >>>>> It should be noted that DPDK 21.11.0 does not benefit from the > >>>>> numerous bug > >>>> and CVE fixes addressed since its release. > >>>>> If a user wishes to benefit from these fixes it is recommended to > >>>>> use DPDK > >>>> 21.11.2. > >>>>> > >>>>> [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 > >>>>> [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 > >>>>> [3] > >>>>> > https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083- > >>>>> 2-da > >>>>> vid.marchand@redhat.com/ > >>>>> Signed-off-by: Michael Phelan <michael.phelan@intel.com> > >>>>> > >>>>> --- > >>>>> v2: > >>>>> - Update recommended DPDK version for older OvS versions in > >>>> Documentation. > >>>>> > >>>>> --- > >>>>> --- > >>>>> .ci/linux-build.sh | 2 +- > >>>>> Documentation/faq/releases.rst | 12 ++++++------ > >>>>> Documentation/intro/install/dpdk.rst | 8 ++++---- > >>>>> NEWS | 20 ++++++++++++++++++++ > >>>>> 4 files changed, 31 insertions(+), 11 deletions(-) > >>>>> > >>>>> diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh index > >>>>> 509314a07..23c8bbb7a 100755 > >>>>> --- a/.ci/linux-build.sh > >>>>> +++ b/.ci/linux-build.sh > >>>>> @@ -228,7 +228,7 @@ fi > >>>>> > >>>>> if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then > >>>>> if [ -z "$DPDK_VER" ]; then > >>>>> - DPDK_VER="21.11.1" > >>>>> + DPDK_VER="21.11.2" > >>>>> fi > >>>>> install_dpdk $DPDK_VER > >>>>> fi > >>>>> diff --git a/Documentation/faq/releases.rst > >>>>> b/Documentation/faq/releases.rst index 1bc22a6ba..6ce0b4cd5 > 100644 > >>>>> --- a/Documentation/faq/releases.rst > >>>>> +++ b/Documentation/faq/releases.rst > >>>>> @@ -210,12 +210,12 @@ Q: What DPDK version does each Open > vSwitch > >>>> release work with? > >>>>> 2.10.x 17.11.10 > >>>>> 2.11.x 18.11.9 > >>>>> 2.12.x 18.11.9 > >>>>> - 2.13.x 19.11.10 > >>>>> - 2.14.x 19.11.10 > >>>>> - 2.15.x 20.11.4 > >>>>> - 2.16.x 20.11.4 > >>>>> - 2.17.x 21.11.1 > >>>>> - 3.0.x 21.11.1 > >>>>> + 2.13.x 19.11.13 > >>>>> + 2.14.x 19.11.13 > >>>>> + 2.15.x 20.11.6 > >>>>> + 2.16.x 20.11.6 > >>>>> + 2.17.x 21.11.2 > >>>>> + 3.0.x 21.11.2 > >>>>> ============ ======== > >>>>> > >>>>> Q: Are all the DPDK releases that OVS versions work with > maintained? > >>>>> diff --git a/Documentation/intro/install/dpdk.rst > >>>>> b/Documentation/intro/install/dpdk.rst > >>>>> index 0f3712c79..a284e6851 100644 > >>>>> --- a/Documentation/intro/install/dpdk.rst > >>>>> +++ b/Documentation/intro/install/dpdk.rst > >>>>> @@ -42,7 +42,7 @@ Build requirements > >>>>> In addition to the requirements described in :doc:`general`, building > Open > >>>>> vSwitch with DPDK will require the following: > >>>>> > >>>>> -- DPDK 21.11.1 > >>>>> +- DPDK 21.11.2 > >>>>> > >>>>> - A `DPDK supported NIC`_ > >>>>> > >>>>> @@ -73,9 +73,9 @@ Install DPDK > >>>>> #. Download the `DPDK sources`_, extract the file and set > ``DPDK_DIR``:: > >>>>> > >>>>> $ cd /usr/src/ > >>>>> - $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz > >>>>> - $ tar xf dpdk-21.11.1.tar.xz > >>>>> - $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.1 > >>>>> + $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz > >>>>> + $ tar xf dpdk-21.11.2.tar.xz > >>>>> + $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2 > >>>>> $ cd $DPDK_DIR > >>>>> > >>>>> #. Configure and install DPDK using Meson diff --git a/NEWS > >>>>> b/NEWS index 843abc7ac..f4e9ad0a2 100644 > >>>>> --- a/NEWS > >>>>> +++ b/NEWS > >>>>> @@ -3,6 +3,26 @@ Post-v3.0.0 > >>>>> - ovs-appctl: > >>>>> * "ovs-appctl ofproto/trace" command can now display > >>>>> port names with > >>>> the > >>>>> "--names" option. > >>>>> +- DPDK: > >>>>> + * OVS validated with DPDK 21.11.2. It is recommended to use this > version > >>>>> + until further releases. > >>>>> + DPDK 21.11.2 contains fixes for the following CVEs: > >>>>> + CVE-2022-28199 > >>>>> +cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022- > >>>> 28199 > >>>>> + CVE-2022-2132 > >>>>> + cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022- > >>>> 2132 > >>>>> + A bug was introduced in DPDK 21.11.1 by the commit > >>>>> + 01e3dee29c02 ("vhost: fix unsafe vring addresses > modifications"). > >>>>> + This bug can cause a deadlock when vIOMMU is enabled and > NUMA > >>>>> + reallocation of the virtqueues happen. > >>>>> + A fix has been posted and is due to be included in the DPDK > 21.11.3 > >>>>> + release. > >>>>> + It can be found here: > >>>>> + > >>>>> + > https://patches.dpdk.org/project/dpdk/patch/20220725203206.42708 > >>>>> + 3- > >>>> 2-david.marchand@redhat.com/. > >>>>> + If a user wishes to avoid the issue then it is recommended to use > >>>>> + DPDK 21.11.0 until the release of DPDK 21.11.3. > >>>>> + It should be noted that DPDK 21.11.0 does not benefit from the > numerous > >>>>> + bug and CVE fixes addressed since its release. > >>>>> + If a user wishes to benefit from these fixes it is recommended to > use > >>>>> + DPDK 21.11.2. > >>>>> > >>>>> > >>>>> v3.0.0 - 15 Aug 2022 > >>>> > >>>> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> > >>>> > >>>> Thanks for having added the discovered issue, Maxime > >>> Thanks for the review Maxime. > >>> > >>> Kevin/Ilya do you have any other feedback before I begin generating the > patches for the other branches? > >> > >> Kevin suggested the fix to be backported early to the DPDK stable > >> branches, I just sent a mail to the LTS maintainers requesting so. > >> > > > > Thanks for that. This was just to make it easier for OVS (or other) > > users so they could pull the latest DPDK LTS branch and have > > everything they need, without having to apply patches themselves. > > > >> If they agree, it might be a good idea to mention it in the paragraph > >> you added documenting the issue? > >> > > > > If it's done before these merge then we could add something as info, > > but I wouldn't block these patches on it. Some of the CI can be slow, > > and I'm not sure if other LTS maintainers are available etc. > > > > fyi - I pushed the fix to the DPDK 21.11 and 20.11 branches. Will push to 19.11 > branch when I get the go ahead from the 19.11 maintainer. Thanks for the update Kevin. I will add a line to explain that the fix has been backported to the relevant branches and generate and send out a v3 for feedback. Thanks, Michael. > > > thanks, > > Kevin. > > > >> Thanks, > >> Maxime > >> > >> > >
diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh index 509314a07..23c8bbb7a 100755 --- a/.ci/linux-build.sh +++ b/.ci/linux-build.sh @@ -228,7 +228,7 @@ fi if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then if [ -z "$DPDK_VER" ]; then - DPDK_VER="21.11.1" + DPDK_VER="21.11.2" fi install_dpdk $DPDK_VER fi diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst index 1bc22a6ba..6ce0b4cd5 100644 --- a/Documentation/faq/releases.rst +++ b/Documentation/faq/releases.rst @@ -210,12 +210,12 @@ Q: What DPDK version does each Open vSwitch release work with? 2.10.x 17.11.10 2.11.x 18.11.9 2.12.x 18.11.9 - 2.13.x 19.11.10 - 2.14.x 19.11.10 - 2.15.x 20.11.4 - 2.16.x 20.11.4 - 2.17.x 21.11.1 - 3.0.x 21.11.1 + 2.13.x 19.11.13 + 2.14.x 19.11.13 + 2.15.x 20.11.6 + 2.16.x 20.11.6 + 2.17.x 21.11.2 + 3.0.x 21.11.2 ============ ======== Q: Are all the DPDK releases that OVS versions work with maintained? diff --git a/Documentation/intro/install/dpdk.rst b/Documentation/intro/install/dpdk.rst index 0f3712c79..a284e6851 100644 --- a/Documentation/intro/install/dpdk.rst +++ b/Documentation/intro/install/dpdk.rst @@ -42,7 +42,7 @@ Build requirements In addition to the requirements described in :doc:`general`, building Open vSwitch with DPDK will require the following: -- DPDK 21.11.1 +- DPDK 21.11.2 - A `DPDK supported NIC`_ @@ -73,9 +73,9 @@ Install DPDK #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``:: $ cd /usr/src/ - $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz - $ tar xf dpdk-21.11.1.tar.xz - $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.1 + $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz + $ tar xf dpdk-21.11.2.tar.xz + $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2 $ cd $DPDK_DIR #. Configure and install DPDK using Meson diff --git a/NEWS b/NEWS index 843abc7ac..f4e9ad0a2 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,26 @@ Post-v3.0.0 - ovs-appctl: * "ovs-appctl ofproto/trace" command can now display port names with the "--names" option. +- DPDK: + * OVS validated with DPDK 21.11.2. It is recommended to use this version + until further releases. + DPDK 21.11.2 contains fixes for the following CVEs: + CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 + CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 + A bug was introduced in DPDK 21.11.1 by the commit + 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications"). + This bug can cause a deadlock when vIOMMU is enabled and NUMA + reallocation of the virtqueues happen. + A fix has been posted and is due to be included in the DPDK 21.11.3 + release. + It can be found here: + https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/. + If a user wishes to avoid the issue then it is recommended to use + DPDK 21.11.0 until the release of DPDK 21.11.3. + It should be noted that DPDK 21.11.0 does not benefit from the numerous + bug and CVE fixes addressed since its release. + If a user wishes to benefit from these fixes it is recommended to use + DPDK 21.11.2. v3.0.0 - 15 Aug 2022
Update OVS CLI and relevant documentation to use DPDK 21.11.2. DPDK 21.11.2 contains fixes for the CVEs listed below: CVE-2022-28199 [1] CVE-2022-2132 [2] A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications"). This bug can cause a deadlock when vIOMMU is enabled and NUMA reallocation of the virtqueues happen. A fix [3] has been posted and is due to be included in the 21.11.3 release in December 2022. If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0 until the release of DPDK 21.11.3. It should be noted that DPDK 21.11.0 does not benefit from the numerous bug and CVE fixes addressed since its release. If a user wishes to benefit from these fixes it is recommended to use DPDK 21.11.2. [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 [3] https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/ Signed-off-by: Michael Phelan <michael.phelan@intel.com> --- v2: - Update recommended DPDK version for older OvS versions in Documentation. --- --- .ci/linux-build.sh | 2 +- Documentation/faq/releases.rst | 12 ++++++------ Documentation/intro/install/dpdk.rst | 8 ++++---- NEWS | 20 ++++++++++++++++++++ 4 files changed, 31 insertions(+), 11 deletions(-)