IPv6 multicast broken in kernel

Bug #1332420 reported by Radek Zajic on 2014-06-20
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Trusty
Medium
Tim Gardner
Utopic
Medium
Unassigned

Bug Description

Dear all,

a regression has been introduced in Linux Kernels by patch https://github.com/torvalds/linux/commit/efe4208f47f907

The regression behaves in a way that when there are multiple IPv6 sockets created with multicast/link-local addresses on the same interface, handling of the packets is broken. (Reported e. g. on http://www.spinics.net/lists/netdev/msg286344.html)

This can be reproduced by
1. installing Ubuntu 14.04 with default kernel
2. installing dibbler-server and configuring with basic dhcpv6 settings (hand out one subnet), for example:
/etc/dibbler/server.conf:
log-level 8
preference 0
iface <IFACE> {
 t1 1800-2000
 t2 2700-3000
 prefered-lifetime 3600
 valid-lifetime 7200
 subnet 2001:db8:abcd::/64
 class {
    pool 2001:db8:abcd::1000-2001:db8:abcd::1fff
 }
 ta-class {
    pool 2001:db8:abcd::2000-2001:db8:abcd::2fff
 }
 option dns-server 2001:db8:abcd::1
}

3. get a DHCPv6 client and request addresses from the server
4. view the packets on the interface affected, use e.g.: tcpdump -i <IFACE> '(udp port 546)||(udp port 547)' -n
There will be multicast DHCPv6 solicits, however no DHCPv6 responses, as Dibbler creates two sockets on the same interface (multicast socket first, link-local socket next).

There is a patch available in the upstream, that will be probably merged to 3.15.2 kernel (it is not present in current 3.15.1 vanilla kernel) - http://patchwork.ozlabs.org/patch/352246/

When applying this patch to trusty-proposed linux-image-3.13.0-30-generic_3.13.0-30.54 from Git repositories at git clone git://kernel.ubuntu.com/ubuntu/ubuntu-trusty.git and recompiling the kernel, everything starts to work as expected.

Please apply this patch ASAP to fix IPv6 multicast, there is more and more IPv6 in the wild and this bug is a serious one.
---
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
DistroRelease: Ubuntu 14.04
InstallationDate: Installed on 2012-04-24 (786 days ago)
InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Beta amd64 (20120327)
MachineType: Gigabyte Technology Co., Ltd. To be filled by O.E.M.
Package: linux (not installed)
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-30-generic root=/dev/md1 ro nosplash nosplash nomdmonddf nomdmonisw
ProcVersionSignature: Ubuntu 3.13.0-30.54-generic 3.13.11.2
PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon.
RelatedPackageVersions:
 linux-restricted-modules-3.13.0-30-generic N/A
 linux-backports-modules-3.13.0-30-generic N/A
 linux-firmware 1.127.2
RfKill:
 0: hci0: Bluetooth
  Soft blocked: no
  Hard blocked: no
Tags: trusty
Uname: Linux 3.13.0-30-generic x86_64
UpgradeStatus: Upgraded to trusty on 2014-04-24 (56 days ago)
UserGroups:

_MarkForUpload: True
dmi.bios.date: 08/23/2012
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: F2
dmi.board.asset.tag: To be filled by O.E.M.
dmi.board.name: H77N-WIFI
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.board.version: x.x
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 3
dmi.chassis.vendor: Gigabyte Technology Co., Ltd.
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrF2:bd08/23/2012:svnGigabyteTechnologyCo.,Ltd.:pnTobefilledbyO.E.M.:pvrTobefilledbyO.E.M.:rvnGigabyteTechnologyCo.,Ltd.:rnH77N-WIFI:rvrx.x:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvrToBeFilledByO.E.M.:
dmi.product.name: To be filled by O.E.M.
dmi.product.version: To be filled by O.E.M.
dmi.sys.vendor: Gigabyte Technology Co., Ltd.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1332420

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: trusty
Radek Zajic (radek-zajic) wrote :

Unfortunately, links browser does not present me with a "Log in" button during apport-collect authorization, therefore I cannot add the details to this bug. Therefore changing the status of the bug to 'Confirmed' as suggested.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
tags: added: apport-collected
description: updated

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

Tim Gardner (timg-tpi) wrote :
Changed in linux (Ubuntu Utopic):
status: Confirmed → Fix Released
Changed in linux (Ubuntu Trusty):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Tim Gardner (timg-tpi) on 2014-06-20
Changed in linux (Ubuntu Trusty):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux (Ubuntu Utopic):
importance: Undecided → Medium
Luis Henriques (henrix) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-trusty
Radek Zajic (radek-zajic) wrote :

Dear all,

thanks for fixing the issue. After installing the latest kernel (3.13.0-32.56) from -proposed, I have verified that the issue is now fixed.

As confirmed by the tcpdump:
root@ubuntu1404:~# tcpdump -n -i eth0 '(ip6)&&((udp port 546)||(udp port 547))'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

17:37:31.335849 IP6 fe80::5054:ff:fe8a:ebd8.546 > ff02::1:2.547: dhcp6 solicit
17:37:32.273181 IP6 fe80::5db7:61bc:4714:1899.546 > ff02::1:2.547: dhcp6 renew
17:37:34.625153 IP6 fe80::8049:8ef0:8637:6924.546 > ff02::1:2.547: dhcp6 renew
17:37:42.273485 IP6 fe80::5db7:61bc:4714:1899.546 > ff02::1:2.547: dhcp6 renew
17:37:42.369194 IP6 fe80::e48a:3505:cf50:bb27.546 > ff02::1:2.547: dhcp6 solicit
17:37:42.370918 IP6 fe80::5054:ff:fe8a:ebd8.547 > fe80::e48a:3505:cf50:bb27.546: dhcp6 advertise
17:37:42.428535 IP6 fe80::e48a:3505:cf50:bb27.546 > ff02::1:2.547: dhcp6 solicit
17:37:42.429915 IP6 fe80::5054:ff:fe8a:ebd8.547 > fe80::e48a:3505:cf50:bb27.546: dhcp6 advertise
17:37:43.443381 IP6 fe80::e48a:3505:cf50:bb27.546 > ff02::1:2.547: dhcp6 solicit
17:37:43.445060 IP6 fe80::5054:ff:fe8a:ebd8.547 > fe80::e48a:3505:cf50:bb27.546: dhcp6 advertise
17:37:45.458971 IP6 fe80::e48a:3505:cf50:bb27.546 > ff02::1:2.547: dhcp6 solicit
17:37:45.460225 IP6 fe80::5054:ff:fe8a:ebd8.547 > fe80::e48a:3505:cf50:bb27.546: dhcp6 advertise
17:37:49.459003 IP6 fe80::e48a:3505:cf50:bb27.546 > ff02::1:2.547: dhcp6 solicit
17:37:49.459348 IP6 fe80::5054:ff:fe8a:ebd8.547 > fe80::e48a:3505:cf50:bb27.546: dhcp6 advertise
^C
14 packets captured
14 packets received by filter
0 packets dropped by kernel

root@ubuntu1404:~# dpkg --list|grep 0.32
ii linux-headers-3.13.0-32 3.13.0-32.56 all Header files related to Linux kernel version 3.13.0
ii linux-headers-3.13.0-32-generic 3.13.0-32.56 amd64 Linux kernel headers for version 3.13.0 on 64 bit x86 SMP
ii linux-image-3.13.0-32-generic 3.13.0-32.56 amd64 Linux kernel image for version 3.13.0 on 64 bit x86 SMP
ii linux-image-extra-3.13.0-32-generic 3.13.0-32.56 amd64 Linux kernel extra modules for version 3.13.0 on 64 bit x86 SMP

The bug can be closed now.

Luis Henriques (henrix) wrote :

Thanks for testing Radek! As per comment #19 I'm tagging this bug as verified.

tags: added: verification-done-trusty
removed: verification-needed-trusty
Launchpad Janitor (janitor) wrote :
Download full text (35.8 KiB)

This bug was fixed in the package linux - 3.13.0-32.57

---------------
linux (3.13.0-32.57) trusty; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux (3.13.0-32.56) trusty; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-3.13.0-30.55 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338524

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699
  * hpsa: add new Smart Array PCI IDs (May 2014)
    - LP: #1337516

linux (3.13.0-31.55) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1336278

  [ Andy Whitcroft ]

  * [Config] switch hyper-keyboard to virtual
    - LP: #1325306
  * [Packaging] linux-udeb-flavour -- standardise on linux prefix

  [ dann frazier ]

  * [Config] CONFIG_GPIO_DWAPB=m
    - LP: #1334823

  [ Feng Kan ]

  * SAUCE: (no-up) arm64: dts: Add Designware GPIO dts binding to APM
    X-Gene platform
    - LP: #1334823

  [ John Johansen ]

  * SAUCE: (no-up) apparmor: fix apparmor spams log with warning message
    - LP: #1308761

  [ Kamal Mostafa ]

  * [Config] updateconfigs ACPI_PROCFS_POWER=y after v3.13.11.4 rebase

  [ Loc Ho ]

  * SAUCE: (no-up) phy-xgene: Use correct tuning for Mustang
    - LP: #1335636

  [ Michael Ellerman ]

  * SAUCE: (no-up) powerpc/perf: Ensure all EBB register state is cleared
    on fork()
    - LP: #1328914

  [ Ming Lei ]

  * Revert "SAUCE: (no-up) rtc: Add X-Gene SoC Real Time Clock Driver"
    - LP: #1274305

  [ Suman Tripathi ]

  * SAUCE: (no-up) libahci: Implement the function ahci_restart_engine to
    restart the port dma engine.
    - LP: #1335645
  * SAUCE: (no-up) ata: Fix the dma state machine lockup for the IDENTIFY
    DEVICE PIO mode command.
    - LP: #1335645

  [ Tim Gardner ]

  * [Config] CONFIG_POWERNV_CPUFREQ=y for powerpc, ppc64el
    - LP: #1324571
  * [Debian] Add UTS_UBUNTU_RELEASE_ABI to utsrelease.h
    - LP: #1327619
  * [Config] CONFIG_HAVE_MEMORYLESS_NODES=y
    - LP: #1332063
  * [Config] CONFIG_HID_RMI=m
    - LP: #1305522

  [ Upstream Kernel Changes ]

  * Revert "offb: Add palette hack for little endian"
    - LP: #1333430
  * Revert "net: mvneta: fix usage as a module on RGMII configurations"
    - LP: #1333837
  * Revert "USB: serial: add usbid for dell wwan card to sierra.c"
    - LP: #1333837
  * Revert "macvlan : fix checksums error when we are in bridge mode"
    - LP: #1333838
  * serial: uart: add hw flow control support configuration
    - LP: #1328295
  * mm/numa: Remove BUG_ON() in __handle_mm_fault()
    - LP: #1323165
  * Tools: hv: Handle the case when the target file exists correctly
    - LP: #1306215
  * Documentation/devicetree/bindings: add documentation for the APM X-Gene
    SoC RTC DTS binding
    - LP: #1274305
  * drivers/rtc: add APM X-Gene SoC RTC driver
    - LP: #1274305
  * arm64: add APM X-Gene SoC RTC DTS entry
    - LP: #1274305
  * powerpc/perf: Add Power8 cache & TLB events
    - LP: #1328914
  * powerpc/perf: Configure BH...

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers