From patchwork Thu Sep 22 09:39:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Phelan, Michael" X-Patchwork-Id: 1681010 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256 header.s=Intel header.b=KLKM2iQG; dkim-atps=neutral Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MY9Gj5wxfz1yqW for ; Thu, 22 Sep 2022 19:39:25 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 83EE241992; Thu, 22 Sep 2022 09:39:23 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 83EE241992 Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=intel.com header.i=@intel.com header.a=rsa-sha256 header.s=Intel header.b=KLKM2iQG X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nn-lWKOmUJCl; Thu, 22 Sep 2022 09:39:22 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id 2BF6241690; Thu, 22 Sep 2022 09:39:21 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 2BF6241690 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id F0921C0033; Thu, 22 Sep 2022 09:39:20 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 95147C0032 for ; Thu, 22 Sep 2022 09:39:19 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 609F741697 for ; Thu, 22 Sep 2022 09:39:19 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 609F741697 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3O1RG2iu9-vW for ; Thu, 22 Sep 2022 09:39:18 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org DC81741690 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by smtp4.osuosl.org (Postfix) with ESMTPS id DC81741690 for ; Thu, 22 Sep 2022 09:39:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1663839558; x=1695375558; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=uJ+ZJClN+cbz8/ZH8w9mS2Ovaim5rSe6ks0r/u8/Xs4=; b=KLKM2iQGm8w0SchGyle1wqlIVZRQK1avEIRajV2twG2D0oLga0/LhNS3 wyweiNVOPRjDB+2ljh9F6YehUEN52oGKc/G7m+zPYMwSC1GjgNgAlawUb KJs9Fm5nUeE4IAQwn9c9MvoqKGGCogfvPVPyBNRUo2QgQOkQnJ7AcBTxF ZfWPGzrgI2QMcHVH0nJv1DdcjVwGLhofQ74+miL7H1e4SU+1cvk+8H80O 9ocIqA5vAWS601xstJvJRgvg3MFPbpHq6CB7JIA1U7HCYAGw09dK9bjVP IGVkij5SSkQVt56TL+2Y7Seq8V/rZFwJdhQ1+mXk+zXqs5l5BFOC6Yqr+ g==; X-IronPort-AV: E=McAfee;i="6500,9779,10477"; a="298968451" X-IronPort-AV: E=Sophos;i="5.93,335,1654585200"; d="scan'208";a="298968451" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Sep 2022 02:39:07 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,335,1654585200"; d="scan'208";a="615144389" Received: from silpixa00401063.ir.intel.com (HELO silpixa00401063.ger.corp.intel.com) ([10.237.223.107]) by orsmga007.jf.intel.com with ESMTP; 22 Sep 2022 02:39:05 -0700 From: Michael Phelan To: dev@openvswitch.org Date: Thu, 22 Sep 2022 09:39:00 +0000 Message-Id: <20220922093900.1337044-1-michael.phelan@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220908105812.687190-1-michael.phelan@intel.com> References: <20220908105812.687190-1-michael.phelan@intel.com> MIME-Version: 1.0 Cc: maxime.coquelin@redhat.com, i.maximets@ovn.org Subject: [ovs-dev] [branch-2.17, v2] dpdk: Use DPDK 21.11.2 release. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Update OVS CLI and relevant documentation to use DPDK 21.11.2. DPDK 21.11.2 contains fixes for the CVEs listed below: CVE-2022-28199 [1] CVE-2022-2132 [2] A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications"). This bug can cause a deadlock when vIOMMU is enabled and NUMA reallocation of the virtqueues happen. A fix [3] has been posted and pushed to the DPDK 21.11 branch. If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0 until the release of DPDK 21.11.3. It should be noted that DPDK 21.11.0 does not benefit from the numerous bug and CVE fixes addressed since its release. If a user wishes to benefit from these fixes it is recommended to use DPDK 21.11.2. [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 [3] https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/ Signed-off-by: Michael Phelan Acked-by: Kevin Traynor --- v2: - Update recommended DPDK version for older OvS versions in Documentation. --- --- .ci/linux-build.sh | 2 +- Documentation/faq/releases.rst | 10 +++++----- Documentation/intro/install/dpdk.rst | 8 ++++---- NEWS | 18 ++++++++++++++++++ 4 files changed, 28 insertions(+), 10 deletions(-) diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh index 2dabd3d0a..392c7ee79 100755 --- a/.ci/linux-build.sh +++ b/.ci/linux-build.sh @@ -220,7 +220,7 @@ fi if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then if [ -z "$DPDK_VER" ]; then - DPDK_VER="21.11.1" + DPDK_VER="21.11.2" fi install_dpdk $DPDK_VER fi diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst index 33a0d5d2d..49895c595 100644 --- a/Documentation/faq/releases.rst +++ b/Documentation/faq/releases.rst @@ -206,11 +206,11 @@ Q: What DPDK version does each Open vSwitch release work with? 2.10.x 17.11.10 2.11.x 18.11.9 2.12.x 18.11.9 - 2.13.x 19.11.10 - 2.14.x 19.11.10 - 2.15.x 20.11.4 - 2.16.x 20.11.4 - 2.17.x 21.11.1 + 2.13.x 19.11.13 + 2.14.x 19.11.13 + 2.15.x 20.11.6 + 2.16.x 20.11.6 + 2.17.x 21.11.2 ============ ======== Q: Are all the DPDK releases that OVS versions work with maintained? diff --git a/Documentation/intro/install/dpdk.rst b/Documentation/intro/install/dpdk.rst index f8f01bfad..a284e6851 100644 --- a/Documentation/intro/install/dpdk.rst +++ b/Documentation/intro/install/dpdk.rst @@ -42,7 +42,7 @@ Build requirements In addition to the requirements described in :doc:`general`, building Open vSwitch with DPDK will require the following: -- DPDK 21.11.1 +- DPDK 21.11.2 - A `DPDK supported NIC`_ @@ -73,9 +73,9 @@ Install DPDK #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``:: $ cd /usr/src/ - $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz - $ tar xf dpdk-21.11.1.tar.xz - $ export DPDK_DIR=/usr/src/dpdk-stable-21.11 + $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz + $ tar xf dpdk-21.11.2.tar.xz + $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2 $ cd $DPDK_DIR #. Configure and install DPDK using Meson diff --git a/NEWS b/NEWS index 7c71284f9..36fcbb874 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,24 @@ v2.17.3 - xx xxx xxxx configuration in a clustered databse independently for each server. E.g. for listening on unique addresses. See the ovsdb.local-config.5 manpage for schema details. + - DPDK: + * OVS validated with DPDK 21.11.2. + DPDK 21.11.2 contains fixes for the following CVEs: + CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 + CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 + A bug was introduced in DPDK 21.11.1 by the commit + 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications"). + This bug can cause a deadlock when vIOMMU is enabled and NUMA + reallocation of the virtqueues happen. + A fix has been posted and pushed to the DPDK 21.11 branch. + It can be found here: + https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/. + If a user wishes to avoid the issue then it is recommended to use + DPDK 21.11.0 until the release of DPDK 21.11.3. + It should be noted that DPDK 21.11.0 does not benefit from the numerous + bug and CVE fixes addressed since its release. + If a user wishes to benefit from these fixes it is recommended to use + DPDK 21.11.2. v2.17.2 - 15 Jun 2022 ---------------------