From patchwork Thu Sep 22 09:35:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Phelan, Michael" X-Patchwork-Id: 1681008 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256 header.s=Intel header.b=nU+STtLv; dkim-atps=neutral Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MY9C70PXzz1yqW for ; Thu, 22 Sep 2022 19:36:18 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id AC6B4419DC; Thu, 22 Sep 2022 09:36:12 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org AC6B4419DC Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=intel.com header.i=@intel.com header.a=rsa-sha256 header.s=Intel header.b=nU+STtLv X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qdJYIHEWhwor; Thu, 22 Sep 2022 09:36:11 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id 30BEB419C4; Thu, 22 Sep 2022 09:36:10 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 30BEB419C4 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id E32FDC0033; Thu, 22 Sep 2022 09:36:09 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 02429C0032 for ; Thu, 22 Sep 2022 09:36:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id D0BBB832EA for ; Thu, 22 Sep 2022 09:36:07 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org D0BBB832EA Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.a=rsa-sha256 header.s=Intel header.b=nU+STtLv X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6SOu4N6CurIv for ; Thu, 22 Sep 2022 09:36:04 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 0ADA6832E8 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by smtp1.osuosl.org (Postfix) with ESMTPS id 0ADA6832E8 for ; Thu, 22 Sep 2022 09:36:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1663839364; x=1695375364; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ZerZKvEF9Biy952akI5uIssV/njoZ/1Fg81E3SIek5Y=; b=nU+STtLvqIX45O2MJqe6d+3hW3rHRBoLzKrTV6bBf2cU9R/soxP+CKTq cNT6A7uHmDxlz3hmVuDS6XjDKr0LsxoRAlf27rBi5u6UlEEM8chKvF/OV 6PzzThGZalaFm6DpbXkiKD9TA5xxazftF/p6xIOU5boyO9r7LYrM3autG GCoXrvWysSEXZDF0Nq7SL/EbaqvyL2FQSrqqlt6J/El/XJrcDp4s4GdXI wJYuD2Ldep+AxgAefEciFRx0JsacNI5Y4SwF0aaCbkZ0UZ5m3shmYyXGB UNcAf9jMKLNlJffs07QbDHWERRHRguU5D5531ZkksLxGbzeRmhwJxsv/4 w==; X-IronPort-AV: E=McAfee;i="6500,9779,10477"; a="298967950" X-IronPort-AV: E=Sophos;i="5.93,335,1654585200"; d="scan'208";a="298967950" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Sep 2022 02:36:03 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,335,1654585200"; d="scan'208";a="864789080" Received: from silpixa00401063.ir.intel.com (HELO silpixa00401063.ger.corp.intel.com) ([10.237.223.107]) by fmsmga006.fm.intel.com with ESMTP; 22 Sep 2022 02:36:01 -0700 From: Michael Phelan To: dev@openvswitch.org Date: Thu, 22 Sep 2022 09:35:58 +0000 Message-Id: <20220922093558.1336761-1-michael.phelan@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220908103725.686558-1-michael.phelan@intel.com> References: <20220908103725.686558-1-michael.phelan@intel.com> MIME-Version: 1.0 Cc: maxime.coquelin@redhat.com, i.maximets@ovn.org Subject: [ovs-dev] [branch-3.0, v2] dpdk: Use DPDK 21.11.2 release. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Update OVS CLI and relevant documentation to use DPDK 21.11.2. DPDK 21.11.2 contains fixes for the CVEs listed below: CVE-2022-28199 [1] CVE-2022-2132 [2] A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications"). This bug can cause a deadlock when vIOMMU is enabled and NUMA reallocation of the virtqueues happen. A fix [3] has been posted and pushed to the DPDK 21.11 branch. If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0 until the release of DPDK 21.11.3. It should be noted that DPDK 21.11.0 does not benefit from the numerous bug and CVE fixes addressed since its release. If a user wishes to benefit from these fixes it is recommended to use DPDK 21.11.2. [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 [3] https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/ Signed-off-by: Michael Phelan Acked-by: Kevin Traynor --- v2: - Update recommended DPDK version for older OvS versions in Documentation. --- --- .ci/linux-build.sh | 2 +- Documentation/faq/releases.rst | 12 ++++++------ Documentation/intro/install/dpdk.rst | 8 ++++---- NEWS | 18 ++++++++++++++++++ 4 files changed, 29 insertions(+), 11 deletions(-) diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh index 509314a07..23c8bbb7a 100755 --- a/.ci/linux-build.sh +++ b/.ci/linux-build.sh @@ -228,7 +228,7 @@ fi if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then if [ -z "$DPDK_VER" ]; then - DPDK_VER="21.11.1" + DPDK_VER="21.11.2" fi install_dpdk $DPDK_VER fi diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst index 1bc22a6ba..6ce0b4cd5 100644 --- a/Documentation/faq/releases.rst +++ b/Documentation/faq/releases.rst @@ -210,12 +210,12 @@ Q: What DPDK version does each Open vSwitch release work with? 2.10.x 17.11.10 2.11.x 18.11.9 2.12.x 18.11.9 - 2.13.x 19.11.10 - 2.14.x 19.11.10 - 2.15.x 20.11.4 - 2.16.x 20.11.4 - 2.17.x 21.11.1 - 3.0.x 21.11.1 + 2.13.x 19.11.13 + 2.14.x 19.11.13 + 2.15.x 20.11.6 + 2.16.x 20.11.6 + 2.17.x 21.11.2 + 3.0.x 21.11.2 ============ ======== Q: Are all the DPDK releases that OVS versions work with maintained? diff --git a/Documentation/intro/install/dpdk.rst b/Documentation/intro/install/dpdk.rst index 0f3712c79..a284e6851 100644 --- a/Documentation/intro/install/dpdk.rst +++ b/Documentation/intro/install/dpdk.rst @@ -42,7 +42,7 @@ Build requirements In addition to the requirements described in :doc:`general`, building Open vSwitch with DPDK will require the following: -- DPDK 21.11.1 +- DPDK 21.11.2 - A `DPDK supported NIC`_ @@ -73,9 +73,9 @@ Install DPDK #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``:: $ cd /usr/src/ - $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz - $ tar xf dpdk-21.11.1.tar.xz - $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.1 + $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz + $ tar xf dpdk-21.11.2.tar.xz + $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2 $ cd $DPDK_DIR #. Configure and install DPDK using Meson diff --git a/NEWS b/NEWS index b26590e49..ad5ba021d 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,23 @@ v3.0.1 - xx xxx xxxx -------------------- + - DPDK: + * OVS validated with DPDK 21.11.2. + DPDK 21.11.2 contains fixes for the following CVEs: + CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 + CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 + A bug was introduced in DPDK 21.11.1 by the commit + 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications"). + This bug can cause a deadlock when vIOMMU is enabled and NUMA + reallocation of the virtqueues happen. + A fix has been posted and pushed to the DPDK 21.11 branch. + It can be found here: + https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/. + If a user wishes to avoid the issue then it is recommended to use + DPDK 21.11.0 until the release of DPDK 21.11.3. + It should be noted that DPDK 21.11.0 does not benefit from the numerous + bug and CVE fixes addressed since its release. + If a user wishes to benefit from these fixes it is recommended to use + DPDK 21.11.2. v3.0.0 - 15 Aug 2022 --------------------