Setting ipv6.disable=1 prevents both IPv4 and IPv6 socket opening for VXLAN tunnels

Bug #1771301 reported by Matt Rae on 2018-05-15
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Xenial
Medium
Eric Desrochers

Bug Description

[Impact]

When booting with ipv6.disable=1, vxlan tunnels will fail to initialize with the error "vxlan: Cannot bind port 4789, err=-97" which is EAFNOSUPPORT.

Expected result is that vxlan tunnels work when ipv6 is disabled.

# Tested on :
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Kernel : linux-image-4.4.0-124-generic

[Test Case]

Deploy two identical 14.04 nodes with the following configuration:

Add the following to /etc/default/grub then run 'sudo update-grub'
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1"

Reboot both nodes
sudo reboot

Set up a tunnel using the following commands on each node modifying remote_ip to be the ip of the other node. modify veth0 ip to be subnet using the tunnel 10.10.10.x/24

ovs-vsctl del-port br-int vx1
ovs-vsctl del-port br-int veth1
ip link del veth0

ovs-vsctl add-port br-int vx1 -- set interface vx1 type=vxlan options:remote_ip=192.168.122.161
# remote_ip should be the ip of the other node

ip link add type veth
ip link set veth0 up
ip link set veth1 up
ovs-vsctl add-port br-int veth1
ip addr add 10.10.10.2/24 dev veth0 # on the second node use 10.10.10.3/24

Expected result is once the tunnel is configured on each side, you should be able to ping the ip of veth0 on the remote side while ipv6 is disabled.

ping 10.10.10.2 or 10.10.10.3, whichever is the remote side.

[Regression Potential]

Regression Potential = Low.

This has been tested by more than one person (pre-SRU) and the patch provide the expected behaviour for this particular bug.

[Other Info]

* Upstream commit:
https://github.com/torvalds/linux/commit/d074bf9600443403aa24fbc12c1f18eadc90f5aa

* RHEL bug equivalent :
https://bugzilla.redhat.com/show_bug.cgi?id=1445054

[Original Description]

When booting with ipv6.disable=1, vxlan tunnels will fail to initialize with the error "vxlan: Cannot bind port 4789, err=-97" which is EAFNOSUPPORT.

Expected result is that vxlan tunnels work when ipv6 is disabled.

Description: Ubuntu 16.04.4 LTS
Release: 16.04

linux-image-4.4.0-124-generic

bug is fixed in RHEL in https://bugzilla.redhat.com/show_bug.cgi?id=1445054

Steps to reproduce:

Deploy two identical 14.04 nodes with the following configuration:

Add the following to /etc/default/grub then run 'sudo update-grub'
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1"

Reboot both nodes
sudo reboot

Set up a tunnel using the following commands on each node modifying remote_ip to be the ip of the other node. modify veth0 ip to be subnet using the tunnel 10.10.10.x/24

ovs-vsctl del-port br-int vx1
ovs-vsctl del-port br-int veth1
ip link del veth0

ovs-vsctl add-port br-int vx1 -- set interface vx1 type=vxlan options:remote_ip=192.168.122.161
# remote_ip should be the ip of the other node

ip link add type veth
ip link set veth0 up
ip link set veth1 up
ovs-vsctl add-port br-int veth1
ip addr add 10.10.10.2/24 dev veth0 # on the second node use 10.10.10.3/24

Expected result is once the tunnel is configured on each side, you should be able to ping the ip of veth0 on the remote side while ipv6 is disabled.

ping 10.10.10.2 or 10.10.10.3, whichever is the remote side.

CVE References

Matt Rae (mattrae) on 2018-05-15
description: updated
description: updated
tags: added: patch

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1771301

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: xenial
Changed in linux (Ubuntu):
status: Incomplete → Triaged
importance: Undecided → Medium
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
status: New → Triaged
tags: added: kernel-da-key
Eric Desrochers (slashd) on 2018-05-23
Changed in linux (Ubuntu):
status: Triaged → Fix Released
Changed in linux (Ubuntu Xenial):
status: Triaged → In Progress
assignee: nobody → Eric Desrochers (slashd)
Eric Desrochers (slashd) on 2018-05-23
description: updated
Juerg Haefliger (juergh) on 2018-06-07
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
Eric Desrochers (slashd) on 2018-06-15
tags: added: verification-done-xenial
removed: verification-needed-xenial
Launchpad Janitor (janitor) wrote :
Download full text (29.8 KiB)

This bug was fixed in the package linux - 4.4.0-130.156

---------------
linux (4.4.0-130.156) xenial; urgency=medium

  * linux: 4.4.0-130.156 -proposed tracker (LP: #1776822)

  * CVE-2018-3665 (x86)
    - x86/fpu: Fix early FPU command-line parsing
    - x86/fpu: Fix 'no387' regression
    - x86/fpu: Disable MPX when eagerfpu is off
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix FNSAVE usage in eagerfpu mode
    - x86/fpu: Fix math emulation in eager fpu mode
    - x86/fpu: Fix eager-FPU handling on legacy FPU machines

linux (4.4.0-129.155) xenial; urgency=medium

  * linux: 4.4.0-129.155 -proposed tracker (LP: #1776352)

  * Xenial update to 4.4.134 stable release (LP: #1775771)
    - MIPS: ptrace: Expose FIR register through FP regset
    - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
    - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
    - affs_lookup(): close a race with affs_remove_link()
    - aio: fix io_destroy(2) vs. lookup_ioctx() race
    - ALSA: timer: Fix pause event notification
    - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
    - libata: Blacklist some Sandisk SSDs for NCQ
    - libata: blacklist Micron 500IT SSD with MU01 firmware
    - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
    - Revert "ipc/shm: Fix shmat mmap nil-page protection"
    - ipc/shm: fix shmat() nil address after round-down when remapping
    - kasan: fix memory hotplug during boot
    - kernel/sys.c: fix potential Spectre v1 issue
    - kernel/signal.c: avoid undefined behaviour in kill_something_info
    - xfs: remove racy hasattr check from attr ops
    - do d_instantiate/unlock_new_inode combinations safely
    - firewire-ohci: work around oversized DMA reads on JMicron controllers
    - NFSv4: always set NFS_LOCK_LOST when a lock is lost.
    - ALSA: hda - Use IS_REACHABLE() for dependency on input
    - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
    - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
    - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into
      account
    - PCI: Add function 1 DMA alias quirk for Marvell 9128
    - tools lib traceevent: Simplify pointer print logic and fix %pF
    - perf callchain: Fix attr.sample_max_stack setting
    - tools lib traceevent: Fix get_field_str() for dynamic strings
    - dm thin: fix documentation relative to low water mark threshold
    - nfs: Do not convert nfs_idmap_cache_timeout to jiffies
    - watchdog: sp5100_tco: Fix watchdog disable bit
    - kconfig: Don't leak main menus during parsing
    - kconfig: Fix automatic menu creation mem leak
    - kconfig: Fix expr_free() E_NOT leak
    - ipmi/powernv: Fix error return code in ipmi_powernv_probe()
    - Btrfs: set plug for fsync
    - btrfs: Fix out of bounds access in btrfs_search_slot
    - Btrfs: fix scrub to repair raid6 corruption
    - scsi: fas216: fix sense buffer initialization
    - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
    - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
    - powerpc/numa: Use ibm,max-associativity-domains to discover possib...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers