diff mbox series

[ovs-dev,branch-2.17,v2] dpdk: Use DPDK 21.11.2 release.

Message ID 20220922093900.1337044-1-michael.phelan@intel.com
State Accepted
Headers show
Series [ovs-dev,branch-2.17,v2] dpdk: Use DPDK 21.11.2 release. | expand

Checks

Context Check Description
ovsrobot/github-robot-_Build_and_Test success github build: passed
ovsrobot/intel-ovs-compilation fail test: fail

Commit Message

Phelan, Michael Sept. 22, 2022, 9:39 a.m. UTC 
Update OVS CLI and relevant documentation to use DPDK 21.11.2.

DPDK 21.11.2 contains fixes for the CVEs listed below:
CVE-2022-28199 [1]
CVE-2022-2132 [2]

A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications").
This bug can cause a deadlock when vIOMMU is enabled and NUMA reallocation of the virtqueues happen.
A fix [3] has been posted and pushed to the DPDK 21.11 branch.
If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0 until the release of DPDK 21.11.3.
It should be noted that DPDK 21.11.0 does not benefit from the numerous bug and CVE fixes addressed since its release.
If a user wishes to benefit from these fixes it is recommended to use DPDK 21.11.2.

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
[3] https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/

Signed-off-by: Michael Phelan <michael.phelan@intel.com>

---
v2:
  - Update recommended DPDK version for older OvS versions in Documentation.

---
---
 .ci/linux-build.sh                   |  2 +-
 Documentation/faq/releases.rst       | 10 +++++-----
 Documentation/intro/install/dpdk.rst |  8 ++++----
 NEWS                                 | 18 ++++++++++++++++++
 4 files changed, 28 insertions(+), 10 deletions(-)

Comments

0-day Robot Sept. 22, 2022, 10:11 a.m. UTC | #1 
Bleep bloop.  Greetings Michael Phelan, I am a robot and I have tried out your patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


checkpatch:
WARNING: Line is 102 characters long (recommended limit is 79)
#110 FILE: NEWS:19:
       https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/.

Lines checked: 123, Warnings: 1, Errors: 0


Please check this out.  If you feel there has been an error, please email aconole@redhat.com

Thanks,
0-day Robot
Kevin Traynor Sept. 23, 2022, 10:42 a.m. UTC | #2 
On 22/09/2022 10:39, Michael Phelan wrote:
> Update OVS CLI and relevant documentation to use DPDK 21.11.2.
> 
> DPDK 21.11.2 contains fixes for the CVEs listed below:
> CVE-2022-28199 [1]
> CVE-2022-2132 [2]
> 
> A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications").
> This bug can cause a deadlock when vIOMMU is enabled and NUMA reallocation of the virtqueues happen.
> A fix [3] has been posted and pushed to the DPDK 21.11 branch.
> If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0 until the release of DPDK 21.11.3.
> It should be noted that DPDK 21.11.0 does not benefit from the numerous bug and CVE fixes addressed since its release.
> If a user wishes to benefit from these fixes it is recommended to use DPDK 21.11.2.
> 
> [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
> [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
> [3] https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/
> 
> Signed-off-by: Michael Phelan <michael.phelan@intel.com>
> 

branch-2.17, reviewed, tested basic PVP and ran github actions.

Acked-by: Kevin Traynor <ktraynor@redhat.com>

> ---
> v2:
>    - Update recommended DPDK version for older OvS versions in Documentation.
> 
> ---
> ---
>   .ci/linux-build.sh                   |  2 +-
>   Documentation/faq/releases.rst       | 10 +++++-----
>   Documentation/intro/install/dpdk.rst |  8 ++++----
>   NEWS                                 | 18 ++++++++++++++++++
>   4 files changed, 28 insertions(+), 10 deletions(-)
> 
> diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh
> index 2dabd3d0a..392c7ee79 100755
> --- a/.ci/linux-build.sh
> +++ b/.ci/linux-build.sh
> @@ -220,7 +220,7 @@ fi
>   
>   if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then
>       if [ -z "$DPDK_VER" ]; then
> -        DPDK_VER="21.11.1"
> +        DPDK_VER="21.11.2"
>       fi
>       install_dpdk $DPDK_VER
>   fi
> diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
> index 33a0d5d2d..49895c595 100644
> --- a/Documentation/faq/releases.rst
> +++ b/Documentation/faq/releases.rst
> @@ -206,11 +206,11 @@ Q: What DPDK version does each Open vSwitch release work with?
>       2.10.x       17.11.10
>       2.11.x       18.11.9
>       2.12.x       18.11.9
> -    2.13.x       19.11.10
> -    2.14.x       19.11.10
> -    2.15.x       20.11.4
> -    2.16.x       20.11.4
> -    2.17.x       21.11.1
> +    2.13.x       19.11.13
> +    2.14.x       19.11.13
> +    2.15.x       20.11.6
> +    2.16.x       20.11.6
> +    2.17.x       21.11.2
>       ============ ========
>   
>   Q: Are all the DPDK releases that OVS versions work with maintained?
> diff --git a/Documentation/intro/install/dpdk.rst b/Documentation/intro/install/dpdk.rst
> index f8f01bfad..a284e6851 100644
> --- a/Documentation/intro/install/dpdk.rst
> +++ b/Documentation/intro/install/dpdk.rst
> @@ -42,7 +42,7 @@ Build requirements
>   In addition to the requirements described in :doc:`general`, building Open
>   vSwitch with DPDK will require the following:
>   
> -- DPDK 21.11.1
> +- DPDK 21.11.2
>   
>   - A `DPDK supported NIC`_
>   
> @@ -73,9 +73,9 @@ Install DPDK
>   #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``::
>   
>          $ cd /usr/src/
> -       $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz
> -       $ tar xf dpdk-21.11.1.tar.xz
> -       $ export DPDK_DIR=/usr/src/dpdk-stable-21.11
> +       $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz
> +       $ tar xf dpdk-21.11.2.tar.xz
> +       $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2
>          $ cd $DPDK_DIR
>   
>   #. Configure and install DPDK using Meson
> diff --git a/NEWS b/NEWS
> index 7c71284f9..36fcbb874 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -5,6 +5,24 @@ v2.17.3 - xx xxx xxxx
>          configuration in a clustered databse independently for each server.
>          E.g. for listening on unique addresses.  See the ovsdb.local-config.5
>          manpage for schema details.
> +   - DPDK:
> +     * OVS validated with DPDK 21.11.2.
> +       DPDK 21.11.2 contains fixes for the following CVEs:
> +       CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
> +       CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
> +       A bug was introduced in DPDK 21.11.1 by the commit
> +       01e3dee29c02 ("vhost: fix unsafe vring addresses modifications").
> +       This bug can cause a deadlock when vIOMMU is enabled and NUMA
> +       reallocation of the virtqueues happen.
> +       A fix has been posted and pushed to the DPDK 21.11 branch.
> +       It can be found here:
> +       https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/.
> +       If a user wishes to avoid the issue then it is recommended to use
> +       DPDK 21.11.0 until the release of DPDK 21.11.3.
> +       It should be noted that DPDK 21.11.0 does not benefit from the numerous
> +       bug and CVE fixes addressed since its release.
> +       If a user wishes to benefit from these fixes it is recommended to use
> +       DPDK 21.11.2.
>   
>   v2.17.2 - 15 Jun 2022
>   ---------------------
Stokes, Ian Oct. 3, 2022, 5:11 p.m. UTC | #3 
> Update OVS CLI and relevant documentation to use DPDK 21.11.2.
> 
> DPDK 21.11.2 contains fixes for the CVEs listed below:
> CVE-2022-28199 [1]
> CVE-2022-2132 [2]
> 
> A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: fix
> unsafe vring addresses modifications").
> This bug can cause a deadlock when vIOMMU is enabled and NUMA reallocation
> of the virtqueues happen.
> A fix [3] has been posted and pushed to the DPDK 21.11 branch.
> If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0
> until the release of DPDK 21.11.3.
> It should be noted that DPDK 21.11.0 does not benefit from the numerous bug
> and CVE fixes addressed since its release.
> If a user wishes to benefit from these fixes it is recommended to use DPDK
> 21.11.2.
> 
> [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
> [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
> [3] https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-
> david.marchand@redhat.com/
> 
> Signed-off-by: Michael Phelan <michael.phelan@intel.com>

Hi Michael, seeing MFEX errors on this patch in the Intel CI, specifically compilation, can you check if this is s till the case?

Thanks
Ian
> 
> ---
> v2:
>   - Update recommended DPDK version for older OvS versions in Documentation.
> 
> ---
> ---
>  .ci/linux-build.sh                   |  2 +-
>  Documentation/faq/releases.rst       | 10 +++++-----
>  Documentation/intro/install/dpdk.rst |  8 ++++----
>  NEWS                                 | 18 ++++++++++++++++++
>  4 files changed, 28 insertions(+), 10 deletions(-)
> 
> diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh
> index 2dabd3d0a..392c7ee79 100755
> --- a/.ci/linux-build.sh
> +++ b/.ci/linux-build.sh
> @@ -220,7 +220,7 @@ fi
> 
>  if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then
>      if [ -z "$DPDK_VER" ]; then
> -        DPDK_VER="21.11.1"
> +        DPDK_VER="21.11.2"
>      fi
>      install_dpdk $DPDK_VER
>  fi
> diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
> index 33a0d5d2d..49895c595 100644
> --- a/Documentation/faq/releases.rst
> +++ b/Documentation/faq/releases.rst
> @@ -206,11 +206,11 @@ Q: What DPDK version does each Open vSwitch
> release work with?
>      2.10.x       17.11.10
>      2.11.x       18.11.9
>      2.12.x       18.11.9
> -    2.13.x       19.11.10
> -    2.14.x       19.11.10
> -    2.15.x       20.11.4
> -    2.16.x       20.11.4
> -    2.17.x       21.11.1
> +    2.13.x       19.11.13
> +    2.14.x       19.11.13
> +    2.15.x       20.11.6
> +    2.16.x       20.11.6
> +    2.17.x       21.11.2
>      ============ ========
> 
>  Q: Are all the DPDK releases that OVS versions work with maintained?
> diff --git a/Documentation/intro/install/dpdk.rst
> b/Documentation/intro/install/dpdk.rst
> index f8f01bfad..a284e6851 100644
> --- a/Documentation/intro/install/dpdk.rst
> +++ b/Documentation/intro/install/dpdk.rst
> @@ -42,7 +42,7 @@ Build requirements
>  In addition to the requirements described in :doc:`general`, building Open
>  vSwitch with DPDK will require the following:
> 
> -- DPDK 21.11.1
> +- DPDK 21.11.2
> 
>  - A `DPDK supported NIC`_
> 
> @@ -73,9 +73,9 @@ Install DPDK
>  #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``::
> 
>         $ cd /usr/src/
> -       $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz
> -       $ tar xf dpdk-21.11.1.tar.xz
> -       $ export DPDK_DIR=/usr/src/dpdk-stable-21.11
> +       $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz
> +       $ tar xf dpdk-21.11.2.tar.xz
> +       $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2
>         $ cd $DPDK_DIR
> 
>  #. Configure and install DPDK using Meson
> diff --git a/NEWS b/NEWS
> index 7c71284f9..36fcbb874 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -5,6 +5,24 @@ v2.17.3 - xx xxx xxxx
>         configuration in a clustered databse independently for each server.
>         E.g. for listening on unique addresses.  See the ovsdb.local-config.5
>         manpage for schema details.
> +   - DPDK:
> +     * OVS validated with DPDK 21.11.2.
> +       DPDK 21.11.2 contains fixes for the following CVEs:
> +       CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-
> 28199
> +       CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
> +       A bug was introduced in DPDK 21.11.1 by the commit
> +       01e3dee29c02 ("vhost: fix unsafe vring addresses modifications").
> +       This bug can cause a deadlock when vIOMMU is enabled and NUMA
> +       reallocation of the virtqueues happen.
> +       A fix has been posted and pushed to the DPDK 21.11 branch.
> +       It can be found here:
> +       https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-
> david.marchand@redhat.com/.
> +       If a user wishes to avoid the issue then it is recommended to use
> +       DPDK 21.11.0 until the release of DPDK 21.11.3.
> +       It should be noted that DPDK 21.11.0 does not benefit from the numerous
> +       bug and CVE fixes addressed since its release.
> +       If a user wishes to benefit from these fixes it is recommended to use
> +       DPDK 21.11.2.
> 
>  v2.17.2 - 15 Jun 2022
>  ---------------------
> --
> 2.25.1
Phelan, Michael Oct. 4, 2022, 9:32 a.m. UTC | #4 
> -----Original Message-----
> From: Stokes, Ian <ian.stokes@intel.com>
> Sent: Monday 3 October 2022 18:12
> To: Phelan, Michael <michael.phelan@intel.com>; dev@openvswitch.org
> Cc: ktraynor@redhat.com; i.maximets@ovn.org;
> maxime.coquelin@redhat.com
> Subject: RE: [branch-2.17, v2] dpdk: Use DPDK 21.11.2 release.
> 
> > Update OVS CLI and relevant documentation to use DPDK 21.11.2.
> >
> > DPDK 21.11.2 contains fixes for the CVEs listed below:
> > CVE-2022-28199 [1]
> > CVE-2022-2132 [2]
> >
> > A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02
> > ("vhost: fix unsafe vring addresses modifications").
> > This bug can cause a deadlock when vIOMMU is enabled and NUMA
> > reallocation of the virtqueues happen.
> > A fix [3] has been posted and pushed to the DPDK 21.11 branch.
> > If a user wishes to avoid the issue then it is recommended to use DPDK
> > 21.11.0 until the release of DPDK 21.11.3.
> > It should be noted that DPDK 21.11.0 does not benefit from the
> > numerous bug and CVE fixes addressed since its release.
> > If a user wishes to benefit from these fixes it is recommended to use
> > DPDK 21.11.2.
> >
> > [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
> > [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
> > [3]
> > https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-
> > david.marchand@redhat.com/
> >
> > Signed-off-by: Michael Phelan <michael.phelan@intel.com>
> 
> Hi Michael, seeing MFEX errors on this patch in the Intel CI, specifically
> compilation, can you check if this is s till the case?

Hey Ian,
The tests were run with the wrong config on the Intel CI which caused the failures. I've reran and all tests passed without issue.

Thanks,
Michael.
> 
> Thanks
> Ian
> >
> > ---
> > v2:
> >   - Update recommended DPDK version for older OvS versions in
> Documentation.
> >
> > ---
> > ---
> >  .ci/linux-build.sh                   |  2 +-
> >  Documentation/faq/releases.rst       | 10 +++++-----
> >  Documentation/intro/install/dpdk.rst |  8 ++++----
> >  NEWS                                 | 18 ++++++++++++++++++
> >  4 files changed, 28 insertions(+), 10 deletions(-)
> >
> > diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh index
> > 2dabd3d0a..392c7ee79 100755
> > --- a/.ci/linux-build.sh
> > +++ b/.ci/linux-build.sh
> > @@ -220,7 +220,7 @@ fi
> >
> >  if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then
> >      if [ -z "$DPDK_VER" ]; then
> > -        DPDK_VER="21.11.1"
> > +        DPDK_VER="21.11.2"
> >      fi
> >      install_dpdk $DPDK_VER
> >  fi
> > diff --git a/Documentation/faq/releases.rst
> > b/Documentation/faq/releases.rst index 33a0d5d2d..49895c595 100644
> > --- a/Documentation/faq/releases.rst
> > +++ b/Documentation/faq/releases.rst
> > @@ -206,11 +206,11 @@ Q: What DPDK version does each Open vSwitch
> > release work with?
> >      2.10.x       17.11.10
> >      2.11.x       18.11.9
> >      2.12.x       18.11.9
> > -    2.13.x       19.11.10
> > -    2.14.x       19.11.10
> > -    2.15.x       20.11.4
> > -    2.16.x       20.11.4
> > -    2.17.x       21.11.1
> > +    2.13.x       19.11.13
> > +    2.14.x       19.11.13
> > +    2.15.x       20.11.6
> > +    2.16.x       20.11.6
> > +    2.17.x       21.11.2
> >      ============ ========
> >
> >  Q: Are all the DPDK releases that OVS versions work with maintained?
> > diff --git a/Documentation/intro/install/dpdk.rst
> > b/Documentation/intro/install/dpdk.rst
> > index f8f01bfad..a284e6851 100644
> > --- a/Documentation/intro/install/dpdk.rst
> > +++ b/Documentation/intro/install/dpdk.rst
> > @@ -42,7 +42,7 @@ Build requirements
> >  In addition to the requirements described in :doc:`general`, building
> > Open  vSwitch with DPDK will require the following:
> >
> > -- DPDK 21.11.1
> > +- DPDK 21.11.2
> >
> >  - A `DPDK supported NIC`_
> >
> > @@ -73,9 +73,9 @@ Install DPDK
> >  #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``::
> >
> >         $ cd /usr/src/
> > -       $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz
> > -       $ tar xf dpdk-21.11.1.tar.xz
> > -       $ export DPDK_DIR=/usr/src/dpdk-stable-21.11
> > +       $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz
> > +       $ tar xf dpdk-21.11.2.tar.xz
> > +       $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2
> >         $ cd $DPDK_DIR
> >
> >  #. Configure and install DPDK using Meson diff --git a/NEWS b/NEWS
> > index 7c71284f9..36fcbb874 100644
> > --- a/NEWS
> > +++ b/NEWS
> > @@ -5,6 +5,24 @@ v2.17.3 - xx xxx xxxx
> >         configuration in a clustered databse independently for each server.
> >         E.g. for listening on unique addresses.  See the ovsdb.local-config.5
> >         manpage for schema details.
> > +   - DPDK:
> > +     * OVS validated with DPDK 21.11.2.
> > +       DPDK 21.11.2 contains fixes for the following CVEs:
> > +       CVE-2022-28199
> > + cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-
> > 28199
> > +       CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-
> 2132
> > +       A bug was introduced in DPDK 21.11.1 by the commit
> > +       01e3dee29c02 ("vhost: fix unsafe vring addresses modifications").
> > +       This bug can cause a deadlock when vIOMMU is enabled and NUMA
> > +       reallocation of the virtqueues happen.
> > +       A fix has been posted and pushed to the DPDK 21.11 branch.
> > +       It can be found here:
> > +
> > + https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-
> 2-
> > david.marchand@redhat.com/.
> > +       If a user wishes to avoid the issue then it is recommended to use
> > +       DPDK 21.11.0 until the release of DPDK 21.11.3.
> > +       It should be noted that DPDK 21.11.0 does not benefit from the
> numerous
> > +       bug and CVE fixes addressed since its release.
> > +       If a user wishes to benefit from these fixes it is recommended to use
> > +       DPDK 21.11.2.
> >
> >  v2.17.2 - 15 Jun 2022
> >  ---------------------
> > --
> > 2.25.1
Stokes, Ian Oct. 4, 2022, 10:28 a.m. UTC | #5 
> > -----Original Message-----
> > From: Stokes, Ian <ian.stokes@intel.com>
> > Sent: Monday 3 October 2022 18:12
> > To: Phelan, Michael <michael.phelan@intel.com>; dev@openvswitch.org
> > Cc: ktraynor@redhat.com; i.maximets@ovn.org;
> > maxime.coquelin@redhat.com
> > Subject: RE: [branch-2.17, v2] dpdk: Use DPDK 21.11.2 release.
> >
> > > Update OVS CLI and relevant documentation to use DPDK 21.11.2.
> > >
> > > DPDK 21.11.2 contains fixes for the CVEs listed below:
> > > CVE-2022-28199 [1]
> > > CVE-2022-2132 [2]
> > >
> > > A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02
> > > ("vhost: fix unsafe vring addresses modifications").
> > > This bug can cause a deadlock when vIOMMU is enabled and NUMA
> > > reallocation of the virtqueues happen.
> > > A fix [3] has been posted and pushed to the DPDK 21.11 branch.
> > > If a user wishes to avoid the issue then it is recommended to use DPDK
> > > 21.11.0 until the release of DPDK 21.11.3.
> > > It should be noted that DPDK 21.11.0 does not benefit from the
> > > numerous bug and CVE fixes addressed since its release.
> > > If a user wishes to benefit from these fixes it is recommended to use
> > > DPDK 21.11.2.
> > >
> > > [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
> > > [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
> > > [3]
> > > https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-
> > > david.marchand@redhat.com/
> > >
> > > Signed-off-by: Michael Phelan <michael.phelan@intel.com>
> >
> > Hi Michael, seeing MFEX errors on this patch in the Intel CI, specifically
> > compilation, can you check if this is s till the case?
> 
> Hey Ian,
> The tests were run with the wrong config on the Intel CI which caused the
> failures. I've reran and all tests passed without issue.
> 
> Thanks,
> Michael.

Thanks Michael, I've applied this and the similar patches to 3.0 and master as well.

Thanks
Ian

> >
> > Thanks
> > Ian
> > >
> > > ---
> > > v2:
> > >   - Update recommended DPDK version for older OvS versions in
> > Documentation.
> > >
> > > ---
> > > ---
> > >  .ci/linux-build.sh                   |  2 +-
> > >  Documentation/faq/releases.rst       | 10 +++++-----
> > >  Documentation/intro/install/dpdk.rst |  8 ++++----
> > >  NEWS                                 | 18 ++++++++++++++++++
> > >  4 files changed, 28 insertions(+), 10 deletions(-)
> > >
> > > diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh index
> > > 2dabd3d0a..392c7ee79 100755
> > > --- a/.ci/linux-build.sh
> > > +++ b/.ci/linux-build.sh
> > > @@ -220,7 +220,7 @@ fi
> > >
> > >  if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then
> > >      if [ -z "$DPDK_VER" ]; then
> > > -        DPDK_VER="21.11.1"
> > > +        DPDK_VER="21.11.2"
> > >      fi
> > >      install_dpdk $DPDK_VER
> > >  fi
> > > diff --git a/Documentation/faq/releases.rst
> > > b/Documentation/faq/releases.rst index 33a0d5d2d..49895c595 100644
> > > --- a/Documentation/faq/releases.rst
> > > +++ b/Documentation/faq/releases.rst
> > > @@ -206,11 +206,11 @@ Q: What DPDK version does each Open vSwitch
> > > release work with?
> > >      2.10.x       17.11.10
> > >      2.11.x       18.11.9
> > >      2.12.x       18.11.9
> > > -    2.13.x       19.11.10
> > > -    2.14.x       19.11.10
> > > -    2.15.x       20.11.4
> > > -    2.16.x       20.11.4
> > > -    2.17.x       21.11.1
> > > +    2.13.x       19.11.13
> > > +    2.14.x       19.11.13
> > > +    2.15.x       20.11.6
> > > +    2.16.x       20.11.6
> > > +    2.17.x       21.11.2
> > >      ============ ========
> > >
> > >  Q: Are all the DPDK releases that OVS versions work with maintained?
> > > diff --git a/Documentation/intro/install/dpdk.rst
> > > b/Documentation/intro/install/dpdk.rst
> > > index f8f01bfad..a284e6851 100644
> > > --- a/Documentation/intro/install/dpdk.rst
> > > +++ b/Documentation/intro/install/dpdk.rst
> > > @@ -42,7 +42,7 @@ Build requirements
> > >  In addition to the requirements described in :doc:`general`, building
> > > Open  vSwitch with DPDK will require the following:
> > >
> > > -- DPDK 21.11.1
> > > +- DPDK 21.11.2
> > >
> > >  - A `DPDK supported NIC`_
> > >
> > > @@ -73,9 +73,9 @@ Install DPDK
> > >  #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``::
> > >
> > >         $ cd /usr/src/
> > > -       $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz
> > > -       $ tar xf dpdk-21.11.1.tar.xz
> > > -       $ export DPDK_DIR=/usr/src/dpdk-stable-21.11
> > > +       $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz
> > > +       $ tar xf dpdk-21.11.2.tar.xz
> > > +       $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2
> > >         $ cd $DPDK_DIR
> > >
> > >  #. Configure and install DPDK using Meson diff --git a/NEWS b/NEWS
> > > index 7c71284f9..36fcbb874 100644
> > > --- a/NEWS
> > > +++ b/NEWS
> > > @@ -5,6 +5,24 @@ v2.17.3 - xx xxx xxxx
> > >         configuration in a clustered databse independently for each server.
> > >         E.g. for listening on unique addresses.  See the ovsdb.local-config.5
> > >         manpage for schema details.
> > > +   - DPDK:
> > > +     * OVS validated with DPDK 21.11.2.
> > > +       DPDK 21.11.2 contains fixes for the following CVEs:
> > > +       CVE-2022-28199
> > > + cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-
> > > 28199
> > > +       CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-
> > 2132
> > > +       A bug was introduced in DPDK 21.11.1 by the commit
> > > +       01e3dee29c02 ("vhost: fix unsafe vring addresses modifications").
> > > +       This bug can cause a deadlock when vIOMMU is enabled and NUMA
> > > +       reallocation of the virtqueues happen.
> > > +       A fix has been posted and pushed to the DPDK 21.11 branch.
> > > +       It can be found here:
> > > +
> > > + https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-
> > 2-
> > > david.marchand@redhat.com/.
> > > +       If a user wishes to avoid the issue then it is recommended to use
> > > +       DPDK 21.11.0 until the release of DPDK 21.11.3.
> > > +       It should be noted that DPDK 21.11.0 does not benefit from the
> > numerous
> > > +       bug and CVE fixes addressed since its release.
> > > +       If a user wishes to benefit from these fixes it is recommended to use
> > > +       DPDK 21.11.2.
> > >
> > >  v2.17.2 - 15 Jun 2022
> > >  ---------------------
> > > --
> > > 2.25.1
diff mbox series

Patch

diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh
index 2dabd3d0a..392c7ee79 100755
--- a/.ci/linux-build.sh
+++ b/.ci/linux-build.sh
@@ -220,7 +220,7 @@  fi
 
 if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then
     if [ -z "$DPDK_VER" ]; then
-        DPDK_VER="21.11.1"
+        DPDK_VER="21.11.2"
     fi
     install_dpdk $DPDK_VER
 fi
diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
index 33a0d5d2d..49895c595 100644
--- a/Documentation/faq/releases.rst
+++ b/Documentation/faq/releases.rst
@@ -206,11 +206,11 @@  Q: What DPDK version does each Open vSwitch release work with?
     2.10.x       17.11.10
     2.11.x       18.11.9
     2.12.x       18.11.9
-    2.13.x       19.11.10
-    2.14.x       19.11.10
-    2.15.x       20.11.4
-    2.16.x       20.11.4
-    2.17.x       21.11.1
+    2.13.x       19.11.13
+    2.14.x       19.11.13
+    2.15.x       20.11.6
+    2.16.x       20.11.6
+    2.17.x       21.11.2
     ============ ========
 
 Q: Are all the DPDK releases that OVS versions work with maintained?
diff --git a/Documentation/intro/install/dpdk.rst b/Documentation/intro/install/dpdk.rst
index f8f01bfad..a284e6851 100644
--- a/Documentation/intro/install/dpdk.rst
+++ b/Documentation/intro/install/dpdk.rst
@@ -42,7 +42,7 @@  Build requirements
 In addition to the requirements described in :doc:`general`, building Open
 vSwitch with DPDK will require the following:
 
-- DPDK 21.11.1
+- DPDK 21.11.2
 
 - A `DPDK supported NIC`_
 
@@ -73,9 +73,9 @@  Install DPDK
 #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``::
 
        $ cd /usr/src/
-       $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz
-       $ tar xf dpdk-21.11.1.tar.xz
-       $ export DPDK_DIR=/usr/src/dpdk-stable-21.11
+       $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz
+       $ tar xf dpdk-21.11.2.tar.xz
+       $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2
        $ cd $DPDK_DIR
 
 #. Configure and install DPDK using Meson
diff --git a/NEWS b/NEWS
index 7c71284f9..36fcbb874 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,24 @@  v2.17.3 - xx xxx xxxx
        configuration in a clustered databse independently for each server.
        E.g. for listening on unique addresses.  See the ovsdb.local-config.5
        manpage for schema details.
+   - DPDK:
+     * OVS validated with DPDK 21.11.2.
+       DPDK 21.11.2 contains fixes for the following CVEs:
+       CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
+       CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
+       A bug was introduced in DPDK 21.11.1 by the commit
+       01e3dee29c02 ("vhost: fix unsafe vring addresses modifications").
+       This bug can cause a deadlock when vIOMMU is enabled and NUMA
+       reallocation of the virtqueues happen.
+       A fix has been posted and pushed to the DPDK 21.11 branch.
+       It can be found here:
+       https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/.
+       If a user wishes to avoid the issue then it is recommended to use
+       DPDK 21.11.0 until the release of DPDK 21.11.3.
+       It should be noted that DPDK 21.11.0 does not benefit from the numerous
+       bug and CVE fixes addressed since its release.
+       If a user wishes to benefit from these fixes it is recommended to use
+       DPDK 21.11.2.
 
 v2.17.2 - 15 Jun 2022
 ---------------------