kernel/bonding: wrong netlink messages when deleting a bonding interface

Bug #1525324 reported by Nicolas Dichtel
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
High
Unassigned
Trusty
Fix Released
High
Unassigned

Bug Description

Here is the bug:

root@ubuntu1404:~# modprobe bonding
root@ubuntu1404:~# modprobe dummy
root@ubuntu1404:~# ip link set dummy0 master bond0
root@ubuntu1404:~# ip monitor link&
[1] 1065
root@ubuntu1404:~# ip link del bond0
Deleted 6: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN group default
    link/ether c2:46:53:08:ee:50 brd ff:ff:ff:ff:ff:ff
7: dummy0: <BROADCAST,NOARP,SLAVE,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
    link/ether c2:46:53:08:ee:50 brd ff:ff:ff:ff:ff:ff
7: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
    link/ether c2:46:53:08:ee:50 brd ff:ff:ff:ff:ff:ff
6: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN group default
    link/ether e6:49:16:3b:17:fe brd ff:ff:ff:ff:ff:ff
6: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN group default
root@ubuntu1404:~# link/ether e6:49:16:3b:17:fe brd ff:ff:ff:ff:ff:ff
7: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether c2:46:53:08:ee:50 brd ff:ff:ff:ff:ff:ff
7: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether c2:46:53:08:ee:50 brd ff:ff:ff:ff:ff:ff
^C
root@ubuntu1404:~# uname -a
Linux ubuntu1404 3.13.0-71-generic #114-Ubuntu SMP Tue Dec 1 02:34:22 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu1404:~#

A netlink message advertise that bond0 is deleted and after that two netlink messages are sent telling that bond0 exists again.

This bug has been fixed by these upstream commits:
56bfa7ee7c88 unregister_netdevice : move RTM_DELLINK to until after ndo_uninit
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=56bfa7ee7c88
395eea6ccf2b rtnetlink: delay RTM_DELLINK notification until after ndo_uninit()
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=395eea6ccf2b

CVE References

Revision history for this message
Nicolas Dichtel (nicolas-dichtel) wrote :

Any news on this?

Revision history for this message
Nicolas Dichtel (nicolas-dichtel) wrote :

Should I do something to complete this bug?

Revision history for this message
penalvch (penalvch) wrote :

Nicolas Dichtel, thank you for taking the time to report this bug and helping to make Ubuntu better. Please execute the following command only once, as it will automatically gather debugging information, in a terminal:
apport-collect 1525324

affects: linux-lts-trusty (Ubuntu) → linux (Ubuntu)
Changed in linux (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Nicolas Dichtel (nicolas-dichtel) wrote :

I fail to use this tool. The kernel version was provided in the bug description. This bug affects all architectures.
The patches needed to fix this issue are also public upstream patches.
What kind of information do you need?

FYI, here is the screen shot. Note that the browser was successfully launched and the credentials for the applications were ok, but after that, I get a "connection timed out":

root@ubuntu1404:~# apport-collect 1525324
The authorization page:
 (https://launchpad.net/+authorize-token?oauth_token=0wSQ8nk9BZ02dfGL50PV&allow_permission=DESKTOP_INTEGRATION)
should be opening in your browser. Use your browser to authorize
this program to access Launchpad on your behalf.
Press any key to continue or wait (5) seconds...
Waiting to hear from Launchpad about your decision...

(x-www-browser:4944): Gtk-WARNING **: Could not find the icon 'process-working'. The 'hicolor' theme
was not found either, perhaps you need to install it.
You can get a copy from:
 http://icon-theme.freedesktop.org/releases

(x-www-browser:4944): Gtk-WARNING **: Error loading theme icon 'stock_new-tab' for stock: Icon 'stock_new-tab' not present in theme

(x-www-browser:4944): Gtk-WARNING **: Error loading theme icon 'gtk-add' for stock: Icon 'gtk-add' not present in theme

(x-www-browser:4944): Gtk-WARNING **: Error loading theme icon 'bookmark-new' for stock: Icon 'bookmark-new' not present in theme

(x-www-browser:4944): Gtk-WARNING **: Error loading theme icon 'stock_add-bookmark' for stock: Icon 'stock_add-bookmark' not present in theme

(x-www-browser:4944): Gtk-WARNING **: Error loading theme icon 'gnome-stock-trash' for stock: Icon 'gnome-stock-trash' not present in theme

(x-www-browser:4944): Gtk-WARNING **: Error loading theme icon 'gtk-undo-ltr' for stock: Icon 'gtk-undo-ltr' not present in theme

(x-www-browser:4944): GLib-CRITICAL **: Source ID 9797 was not found when attempting to remove it
ERROR: connecting to Launchpad failed: [Errno 110] Connection timed out
You can reset the credentials by removing the file "/root/.cache/apport/launchpad.credentials"

Revision history for this message
penalvch (penalvch) wrote :

Nicolas Dichtel, could you please attach the requested information as outlined in https://help.ubuntu.com/community/ReportingBugs#Filing_bugs_when_offline_or_using_a_headless_setup ?

Revision history for this message
Nicolas Dichtel (nicolas-dichtel) wrote :

Here it is.

penalvch (penalvch)
tags: added: cherry-pick
removed: 6wind
Changed in linux (Ubuntu):
importance: Low → High
status: Incomplete → Triaged
Revision history for this message
Nicolas Dichtel (nicolas-dichtel) wrote :

Christopher, I just saw that you have removed the tag '6wind'.
I'm not sure how this field should be used, but it was useful to tag bugs opened by our company with that tag ('6wind') to be able to find them easily. Is there a way to found all bugs opened by someone and/or a company? For example all bugs reported by someone with an email that ends with '@6wind.com'?

Thank you,
Nicolas

Revision history for this message
penalvch (penalvch) wrote :

Nicolas Dichtel, the Tags system is predefined as outlined in https://wiki.ubuntu.com/Bugs/Tags .

However, one quick way to find the bugs you reported personally is to consult:
https://bugs.launchpad.net/~nicolas-dichtel/+reportedbugs

That would be much faster, both from a compute standpoint, and efficiency.

Revision history for this message
Nicolas Dichtel (nicolas-dichtel) wrote :

Thank you for your quick answer Christopher.

In fact, the last link, only shows opened bugs.

tags: added: 6wind kernel-da-key
Changed in linux (Ubuntu):
status: Triaged → In Progress
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Trusty):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux-lts-utopic (Ubuntu):
status: New → In Progress
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → In Progress
Changed in linux-lts-utopic (Ubuntu):
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu):
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux-lts-utopic (Ubuntu Trusty):
assignee: nobody → Joseph Salisbury (jsalisbury)
Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

Those two commits have been in the Ubuntu kernel prior to the Vivid release:

git describe --contains 56bfa7ee7c88
v3.16-rc1~27^2~281

git describe --contains 395eea6ccf2b
v3.19-rc1~118^2~64

So this bug should not exist in Vivid, Wily or Xenial. Can you confirm that?

I built a Trusty test kernel with these two commits. It can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1525324/

Can you test this kernel and confirm it resolves this bug? If it does, I'll submit a SRU request for those two commits to be added to Trusty.

Revision history for this message
Nicolas Dichtel (nicolas-dichtel) wrote :

> git describe --contains 395eea6ccf2b
> v3.19-rc1~118^2~64

> So this bug should not exist in Vivid, Wily or Xenial. Can you confirm that?
Kernel >= 3.19 are ok.

> I built a Trusty test kernel with these two commits. It can be downloaded from:
> http://kernel.ubuntu.com/~jsalisbury/lp1525324/

> Can you test this kernel and confirm it resolves this bug? If it does, I'll submit a SRU request for those two commits to be added to Trusty.

I confirm that this kernel does not have this issue.

no longer affects: linux-lts-utopic (Ubuntu)
no longer affects: linux-lts-utopic (Ubuntu Trusty)
Brad Figg (brad-figg)
Changed in linux (Ubuntu Trusty):
status: In Progress → Fix Committed
Changed in linux (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-trusty
Revision history for this message
Nicolas Dichtel (nicolas-dichtel) wrote :

Tests succeeded for us.

tags: added: verification-done-trusty
removed: verification-needed-trusty
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (9.5 KiB)

This bug was fixed in the package linux - 3.13.0-79.123

---------------
linux (3.13.0-79.123) trusty; urgency=low

  [ Seth Forshee ]

  * SAUCE: cred: Add clone_cred() interface
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Use mounter's credentials instead of full kernel
    credentials
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.*
    xattrs
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Be more careful about copying up sxid files
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Propogate nosuid from lower and upper mounts
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576

linux (3.13.0-78.122) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1540559

  [ Eric Dumazet ]

  * SAUCE: (no-up) udp: properly support MSG_PEEK with truncated buffers
    - LP: #1527902

  [ J. R. Okajima ]

  * SAUCE: ubuntu: aufs: tiny, extract a new func xino_fwrite_wkq()
    - LP: #1533043
  * SAUCE: ubuntu: aufs: for 4.3, XINO handles EINTR from the dying process
    - LP: #1533043

  [ Upstream Kernel Changes ]

  * Revert "[stable-only] net: add length argument to
    skb_copy_and_csum_datagram_iovec"
    - LP: #1538756
  * unregister_netdevice : move RTM_DELLINK to until after ndo_uninit
    - LP: #1525324
  * rtnetlink: delay RTM_DELLINK notification until after ndo_uninit()
    - LP: #1525324
  * Drivers: hv: Eliminate the channel spinlock in the callback path
    - LP: #1519897
  * Drivers: hv: vmbus: Implement per-CPU mapping of relid to channel
    - LP: #1519897
  * Drivers: hv: vmbus: Suport an API to send pagebuffers with additional
    control
    - LP: #1519897
  * Drivers: hv: vmbus: Suport an API to send packet with additional
    control
    - LP: #1519897
  * Drivers: hv: vmbus: Export the vmbus_sendpacket_pagebuffer_ctl()
    - LP: #1519897
  * Drivers: hv: vmbus: Fix a siganlling host signalling issue
    - LP: #1519897
  * Drivers: hv: vmbus: Fix a Host signaling bug
    - LP: #1519897
  * ARC: Fix silly typo in MAINTAINERS file
    - LP: #1538756
  * ip6mr: call del_timer_sync() in ip6mr_free_table()
    - LP: #1538756
  * gre6: allow to update all parameters via rtnl
    - LP: #1538756
  * atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation
    - LP: #1538756
  * sctp: use the same clock as if sock source timestamps were on
    - LP: #1538756
  * sctp: update the netstamp_needed counter when copying sockets
    - LP: #1538756
  * ipv6: sctp: clone options to avoid use after free
    - LP: #1538756
  * net: add validation for the socket syscall protocol argument
    - LP: #1538756
  * sh_eth: fix kernel oops in skb_put()
    - LP: #1538756
  * pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
    - LP: #1538756
  * bluetooth: Validate socket address length in sco_sock_bind().
    - LP: #1538756
  * af_unix: Revert 'lock_interruptible' in stream receive code
    - LP: #1538756
  * KEYS: Fix race between read and revoke
    - LP: #1538756
  * tools: Add a "make all" rule
    - LP: #1538...

Read more...

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.