From patchwork Thu Sep 22 14:51:27 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Phelan, Michael" <michael.phelan@intel.com>
X-Patchwork-Id: 1681175
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256
 header.s=Intel header.b=Br40u1Ey;
	dkim-atps=neutral
Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4MYJC61vWsz1yqW
	for <incoming@patchwork.ozlabs.org>; Fri, 23 Sep 2022 00:51:46 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp4.osuosl.org (Postfix) with ESMTP id E42D4408F6;
	Thu, 22 Sep 2022 14:51:42 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org E42D4408F6
Authentication-Results: smtp4.osuosl.org;
	dkim=fail reason="signature verification failed" (2048-bit key)
 header.d=intel.com header.i=@intel.com header.a=rsa-sha256 header.s=Intel
 header.b=Br40u1Ey
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp4.osuosl.org ([127.0.0.1])
	by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 5gkyVdkYbh0t; Thu, 22 Sep 2022 14:51:41 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
	by smtp4.osuosl.org (Postfix) with ESMTPS id 91381408D1;
	Thu, 22 Sep 2022 14:51:40 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 91381408D1
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 4E38EC0033;
	Thu, 22 Sep 2022 14:51:40 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])
 by lists.linuxfoundation.org (Postfix) with ESMTP id F03CFC0032
 for <dev@openvswitch.org>; Thu, 22 Sep 2022 14:51:38 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp4.osuosl.org (Postfix) with ESMTP id C9E484006C
 for <dev@openvswitch.org>; Thu, 22 Sep 2022 14:51:38 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org C9E484006C
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp4.osuosl.org ([127.0.0.1])
 by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id WVBTT_3LwNO8 for <dev@openvswitch.org>;
 Thu, 22 Sep 2022 14:51:37 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 2EE4B40072
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 by smtp4.osuosl.org (Postfix) with ESMTPS id 2EE4B40072
 for <dev@openvswitch.org>; Thu, 22 Sep 2022 14:51:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1663858297; x=1695394297;
 h=from:to:cc:subject:date:message-id:mime-version:
 content-transfer-encoding;
 bh=/upWPc2NEKcOMTlv4bf7iyvsIMlXfje/Bc/YvoaRGl4=;
 b=Br40u1EyZGSHMk/L0mhik5ayO2taWNACA10IwPZZFUhnqsw9pmOa1TGP
 Zdcss/SmtX0L3mab9O1DYro1XdFHl8e/V0obs2TLbc0hPIQllwp94VaFD
 q5UK0JlQYM+TVECJqwSb4gzKJ2T8rttG4z+jDg2rXRwW0+fS4blsMM9pD
 fnVwl8lknnHswyUEoG74q3devtkEEMQEomVBhD9g0Rj64SaMtGmQkTrr3
 SP/8VqC3Aam/hlbjCrPEgOpdMPjRbYRf2/mp7QMD9I/2AlZpavyxchIhq
 vUxBp72PnmeyZsmQmgLwHPpwhDjm+pc7zDFNUqN+rLQXquir+O20VE0pi Q==;
X-IronPort-AV: E=McAfee;i="6500,9779,10478"; a="283368821"
X-IronPort-AV: E=Sophos;i="5.93,335,1654585200"; d="scan'208";a="283368821"
Received: from orsmga002.jf.intel.com ([10.7.209.21])
 by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 22 Sep 2022 07:51:35 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.93,335,1654585200"; d="scan'208";a="619817775"
Received: from silpixa00401063.ir.intel.com (HELO
 silpixa00401063.ger.corp.intel.com) ([10.237.223.107])
 by orsmga002.jf.intel.com with ESMTP; 22 Sep 2022 07:51:33 -0700
From: Michael Phelan <michael.phelan@intel.com>
To: dev@openvswitch.org
Date: Thu, 22 Sep 2022 14:51:27 +0000
Message-Id: <20220922145127.1344749-1-michael.phelan@intel.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Cc: maxime.coquelin@redhat.com, i.maximets@ovn.org
Subject: [ovs-dev] [branch-2.13] dpdk: Use DPDK 19.11.13 release.
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

Update OVS CLI and relevant documentation to use DPDK 19.11.13.

DPDK 19.11.13 contains fixes for the CVEs listed below:
CVE-2022-28199 [1]
CVE-2022-2132 [2]

A bug was introduced in DPDK 19.11.12 by the commit 1e68fe334ff0 ("vhost: fix unsafe vring addresses modifications").
This bug can cause a deadlock when vIOMMU is enabled and NUMA reallocation of the virtqueues happen.
A fix [3] has been posted and is due to be included in the DPDK 19.11.14 release.
If a user wishes to avoid the issue then it is recommended to use DPDK 19.11.11 until the release of DPDK 19.11.14.
It should be noted that DPDK 19.11.11 does not benefit from the numerous bug and CVE fixes addressed since its release.
If a user wishes to benefit from these fixes it is recommended to use DPDK 19.11.13.

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
[3] https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/

Signed-off-by: Michael Phelan <michael.phelan@intel.com>
Acked-by: Kevin Traynor <ktraynor@redhat.com>
---
 .ci/linux-build.sh                   |  2 +-
 Documentation/faq/releases.rst       |  2 +-
 Documentation/intro/install/dpdk.rst |  8 ++++----
 NEWS                                 | 18 ++++++++++++++++++
 4 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh
index 17ce6961f..776148cfd 100755
--- a/.ci/linux-build.sh
+++ b/.ci/linux-build.sh
@@ -182,7 +182,7 @@ fi
 
 if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then
     if [ -z "$DPDK_VER" ]; then
-        DPDK_VER="19.11.10"
+        DPDK_VER="19.11.13"
     fi
     install_dpdk $DPDK_VER
     # Enable pdump support in OVS.
diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst
index 0df2e4163..73542a70b 100644
--- a/Documentation/faq/releases.rst
+++ b/Documentation/faq/releases.rst
@@ -192,7 +192,7 @@ Q: What DPDK version does each Open vSwitch release work with?
     2.10.x       17.11.10
     2.11.x       18.11.11
     2.12.x       18.11.11
-    2.13.x       19.11.10
+    2.13.x       19.11.13
     ============ ========
 
 Q: Are all the DPDK releases that OVS versions work with maintained?
diff --git a/Documentation/intro/install/dpdk.rst b/Documentation/intro/install/dpdk.rst
index 7acdaac06..4c63856b8 100644
--- a/Documentation/intro/install/dpdk.rst
+++ b/Documentation/intro/install/dpdk.rst
@@ -42,7 +42,7 @@ Build requirements
 In addition to the requirements described in :doc:`general`, building Open
 vSwitch with DPDK will require the following:
 
-- DPDK 19.11.10
+- DPDK 19.11.13
 
 - A `DPDK supported NIC`_
 
@@ -71,9 +71,9 @@ Install DPDK
 #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``::
 
        $ cd /usr/src/
-       $ wget https://fast.dpdk.org/rel/dpdk-19.11.10.tar.xz
-       $ tar xf dpdk-19.11.10.tar.xz
-       $ export DPDK_DIR=/usr/src/dpdk-stable-19.11.10
+       $ wget https://fast.dpdk.org/rel/dpdk-19.11.13.tar.xz
+       $ tar xf dpdk-19.11.13.tar.xz
+       $ export DPDK_DIR=/usr/src/dpdk-stable-19.11.13
        $ cd $DPDK_DIR
 
 #. (Optional) Configure DPDK as a shared library
diff --git a/NEWS b/NEWS
index a3b745fc7..8e2553901 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,23 @@
 v2.13.9 - xx xxx xxxx
 ---------------------
+   - DPDK:
+     * OVS validated with DPDK 19.11.13.
+       DPDK 19.11.13 contains fixes for the following CVEs:
+       CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199
+       CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132
+       A bug was introduced in DPDK 19.11.12 by the commit
+       1e68fe334ff0 ("vhost: fix unsafe vring addresses modifications").
+       This bug can cause a deadlock when vIOMMU is enabled and NUMA
+       reallocation of the virtqueues happen.
+       A fix has been posted and is due to be included in the DPDK 19.11.14 release.
+       It can be found here:
+       https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/.
+       If a user wishes to avoid the issue then it is recommended to use
+       DPDK 19.11.11 until the release of DPDK 19.11.14.
+       It should be noted that DPDK 19.11.11 does not benefit from the numerous
+       bug and CVE fixes addressed since its release.
+       If a user wishes to benefit from these fixes it is recommended to use
+       DPDK 19.11.13.
 
 v2.13.8 - 15 Jun 2022
 ---------------------