From patchwork Wed Sep 21 15:08:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Phelan, Michael" X-Patchwork-Id: 1680747 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256 header.s=Intel header.b=XGcLBIwi; dkim-atps=neutral Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MXhdq3vBFz1ypX for ; Thu, 22 Sep 2022 01:09:18 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id C99BF81852; Wed, 21 Sep 2022 15:09:15 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org C99BF81852 Authentication-Results: smtp1.osuosl.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=intel.com header.i=@intel.com header.a=rsa-sha256 header.s=Intel header.b=XGcLBIwi X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22USb3CKQjhR; Wed, 21 Sep 2022 15:09:14 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp1.osuosl.org (Postfix) with ESMTPS id C372281456; Wed, 21 Sep 2022 15:09:13 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org C372281456 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id A5B26C0033; Wed, 21 Sep 2022 15:09:13 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id B9DCEC002D for ; Wed, 21 Sep 2022 15:09:12 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 5C40140B9F for ; Wed, 21 Sep 2022 15:09:12 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 5C40140B9F Authentication-Results: smtp2.osuosl.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.a=rsa-sha256 header.s=Intel header.b=XGcLBIwi X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LKBXaMHJ_tCW for ; Wed, 21 Sep 2022 15:09:11 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 251044055E Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by smtp2.osuosl.org (Postfix) with ESMTPS id 251044055E for ; Wed, 21 Sep 2022 15:09:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1663772951; x=1695308951; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=PuaXFvm4QIK6zWQueDBwcf2RWy6iaIBQCsdUMIUM9Ls=; b=XGcLBIwi82MvwWnAYR7AXHq2DeWgPKhKXYqsmTJ6By7OuWLq6gW+cFEU AesEKfABZOkKCkmNGo4MH0Xl/wkNbkIt/KYLt6FcUZ6n9buyEUod5ALeo iBab7FVQWWJl0TZbn+50klxIBIkrt/IDZNfEYHPyB0rxIGYCPnBZjyvfZ zas8qocoi2Ib3jUbWLYZ7eWqdlRGp1jE7aYEy7XZc1W2vwdfjRtJu8faw 1eswLANi1j50GBEVxqCmBHW3nw8lytJqcI4MnmwAw3GuXENY8WZvQvTMi 5ajqZIiXmp8h7Hj5M4Uhi6EZoprQ76J6+cL5q+rF6X9civ2gpx+/8PCzf A==; X-IronPort-AV: E=McAfee;i="6500,9779,10477"; a="287101294" X-IronPort-AV: E=Sophos;i="5.93,333,1654585200"; d="scan'208";a="287101294" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Sep 2022 08:09:09 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,333,1654585200"; d="scan'208";a="570576303" Received: from silpixa00401063.ir.intel.com (HELO silpixa00401063.ger.corp.intel.com) ([10.237.223.107]) by orsmga003.jf.intel.com with ESMTP; 21 Sep 2022 08:09:07 -0700 From: Michael Phelan To: dev@openvswitch.org Date: Wed, 21 Sep 2022 15:08:47 +0000 Message-Id: <20220921150847.1312091-1-michael.phelan@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220916142321.960856-1-michael.phelan@intel.com> References: <20220916142321.960856-1-michael.phelan@intel.com> MIME-Version: 1.0 Cc: maxime.coquelin@redhat.com, i.maximets@ovn.org Subject: [ovs-dev] [v3] dpdk: Use DPDK 21.11.2 release. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Update OVS CLI and relevant documentation to use DPDK 21.11.2. DPDK 21.11.2 contains fixes for the CVEs listed below: CVE-2022-28199 [1] CVE-2022-2132 [2] A bug was introduced in DPDK 21.11.1 by the commit 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications"). This bug can cause a deadlock when vIOMMU is enabled and NUMA reallocation of the virtqueues happen. A fix [3] has been posted and pushed to the DPDK 21.11 branch. If a user wishes to avoid the issue then it is recommended to use DPDK 21.11.0 until the release of DPDK 21.11.3. It should be noted that DPDK 21.11.0 does not benefit from the numerous bug and CVE fixes addressed since its release. If a user wishes to benefit from these fixes it is recommended to use DPDK 21.11.2. [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 [2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 [3] https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/ Signed-off-by: Michael Phelan Acked-by: Kevin Traynor --- v2: - Update recommended DPDK version for older OvS versions in Documentation. --- --- .ci/linux-build.sh | 2 +- Documentation/faq/releases.rst | 12 ++++++------ Documentation/intro/install/dpdk.rst | 8 ++++---- NEWS | 18 ++++++++++++++++++ 4 files changed, 29 insertions(+), 11 deletions(-) diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh index 509314a07..23c8bbb7a 100755 --- a/.ci/linux-build.sh +++ b/.ci/linux-build.sh @@ -228,7 +228,7 @@ fi if [ "$DPDK" ] || [ "$DPDK_SHARED" ]; then if [ -z "$DPDK_VER" ]; then - DPDK_VER="21.11.1" + DPDK_VER="21.11.2" fi install_dpdk $DPDK_VER fi diff --git a/Documentation/faq/releases.rst b/Documentation/faq/releases.rst index 607a23499..ac0001cd5 100644 --- a/Documentation/faq/releases.rst +++ b/Documentation/faq/releases.rst @@ -211,12 +211,12 @@ Q: What DPDK version does each Open vSwitch release work with? 2.10.x 17.11.10 2.11.x 18.11.9 2.12.x 18.11.9 - 2.13.x 19.11.10 - 2.14.x 19.11.10 - 2.15.x 20.11.4 - 2.16.x 20.11.4 - 2.17.x 21.11.1 - 3.0.x 21.11.1 + 2.13.x 19.11.13 + 2.14.x 19.11.13 + 2.15.x 20.11.6 + 2.16.x 20.11.6 + 2.17.x 21.11.2 + 3.0.x 21.11.2 ============ ======== Q: Are all the DPDK releases that OVS versions work with maintained? diff --git a/Documentation/intro/install/dpdk.rst b/Documentation/intro/install/dpdk.rst index 0f3712c79..a284e6851 100644 --- a/Documentation/intro/install/dpdk.rst +++ b/Documentation/intro/install/dpdk.rst @@ -42,7 +42,7 @@ Build requirements In addition to the requirements described in :doc:`general`, building Open vSwitch with DPDK will require the following: -- DPDK 21.11.1 +- DPDK 21.11.2 - A `DPDK supported NIC`_ @@ -73,9 +73,9 @@ Install DPDK #. Download the `DPDK sources`_, extract the file and set ``DPDK_DIR``:: $ cd /usr/src/ - $ wget https://fast.dpdk.org/rel/dpdk-21.11.1.tar.xz - $ tar xf dpdk-21.11.1.tar.xz - $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.1 + $ wget https://fast.dpdk.org/rel/dpdk-21.11.2.tar.xz + $ tar xf dpdk-21.11.2.tar.xz + $ export DPDK_DIR=/usr/src/dpdk-stable-21.11.2 $ cd $DPDK_DIR #. Configure and install DPDK using Meson diff --git a/NEWS b/NEWS index d5ec09813..ff77ee404 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,24 @@ Post-v3.0.0 "--names" option. - Windows: * Conntrack IPv6 fragment support. + - DPDK: + * OVS validated with DPDK 21.11.2. + DPDK 21.11.2 contains fixes for the following CVEs: + CVE-2022-28199 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28199 + CVE-2022-2132 cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2132 + A bug was introduced in DPDK 21.11.1 by the commit + 01e3dee29c02 ("vhost: fix unsafe vring addresses modifications"). + This bug can cause a deadlock when vIOMMU is enabled and NUMA + reallocation of the virtqueues happen. + A fix has been posted and pushed to the DPDK 21.11 branch. + It can be found here: + https://patches.dpdk.org/project/dpdk/patch/20220725203206.427083-2-david.marchand@redhat.com/. + If a user wishes to avoid the issue then it is recommended to use + DPDK 21.11.0 until the release of DPDK 21.11.3. + It should be noted that DPDK 21.11.0 does not benefit from the numerous + bug and CVE fixes addressed since its release. + If a user wishes to benefit from these fixes it is recommended to use + DPDK 21.11.2. v3.0.0 - 15 Aug 2022