netns: unable to follow an interface that moves to another netns

Bug #1774225 reported by Nicolas Dichtel on 2018-05-30
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Joseph Salisbury
Xenial
Medium
Unassigned
Bionic
Medium
Joseph Salisbury

Bug Description

== SRU Justification ==
6Wind is requesting these three patches. The patches fix a bug that prevents a user
from following an interface that moves to another netns.

These commits are also needed in Xenial. However, they will be sent in
a separate SRU request due to additional prereq commits being needed for
Xenial.

== Fixes ==
b2d3bcfa26a7 ("net: core: Expose number of link up/down transitions")
c36ac8e23073 ("dev: always advertise the new nsid when the netns iface changes")
38e01b30563a ("dev: advertise the new ifindex when the netns iface changes")

== Regression Potential ==
Medium due to three patches needed and the changes to core networking.

== Test Case ==
A test kernel was built with these patches and tested by the original bug reporter.
The bug reporter states the test kernel resolved the bug.

The following upstream patches are missing (v4.16):

6621dd29eb9b ("dev: advertise the new nsid when the netns iface changes")
c36ac8e23073 ("dev: always advertise the new nsid when the netns iface changes")
38e01b30563a ("dev: advertise the new ifindex when the netns iface changes")

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6621dd29eb9b
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c36ac8e23073
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=38e01b30563a

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1774225

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in linux (Ubuntu):
importance: Undecided → Medium
status: Incomplete → Triaged
tags: added: bionic kernel-da-key
Changed in linux (Ubuntu Bionic):
status: New → Triaged
importance: Undecided → Medium
Changed in linux (Ubuntu Bionic):
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu):
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Bionic):
status: Triaged → In Progress
Changed in linux (Ubuntu):
status: Triaged → In Progress
Joseph Salisbury (jsalisbury) wrote :

Commit 6621dd29eb9b is already in Bionic. Are this commits only needed in Bionic?

I built a Bionic test kernel with the other two commits. The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1774225

Can you test this kernel and see if it resolves this bug?

Note about installing test kernels:
• If the test kernel is prior to 4.15(Bionic) you need to install the linux-image and linux-image-extra .deb packages.
• If the test kernel is 4.15(Bionic) or newer, you need to install the linux-modules, linux-modules-extra and linux-image-unsigned .deb packages.

Thanks in advance!

Hi Joseph,

we also expect to have those commits in xenial.

The test fails with the patched kernel, only IFLA_NEW_NETNSID seems there.

With the head of the iproute2 (patches to display those attributes have been merged this week-end):

root@ubuntu1604:~# ./iproute2/ip/ip monitor link&
[1] 859
root@ubuntu1604:~# ip netns add foo
root@ubuntu1604:~# ip l a type dummy
root@ubuntu1604:~# 3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
    link/ether 5e:cb:ae:4a:69:f8 brd ff:ff:ff:ff:ff:ff
4: dummy1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
    link/ether 06:de:2b:94:20:78 brd ff:ff:ff:ff:ff:ff

root@ubuntu1604:~# ip l s dummy1 netns foo
Deleted 4: dummy1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
    link/ether 06:de:2b:94:20:78 brd ff:ff:ff:ff:ff:ff new-nsid 0
=> only new-nsid is displayed.

With an upstream kernel, you have:
Deleted 5: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
    link/ether 72:33:30:ba:4c:eb brd ff:ff:ff:ff:ff:ff new-nsid 0 new-ifindex 5
'new-ifindex' is also displayed

Changed in linux (Ubuntu Xenial):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Joseph Salisbury (jsalisbury)
Joseph Salisbury (jsalisbury) wrote :

I built one more test kernel using the Bionic master-next repository. I confirmed the test kernel has the following two commits:

38e01b30563a ("dev: advertise the new ifindex when the netns iface changes")
c36ac8e23073 ("dev: always advertise the new nsid when the netns iface changes")

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1774225

Can you test this kernel and see if it resolves this bug?

Note about installing test kernels:
• If the test kernel is prior to 4.15(Bionic) you need to install the linux-image and linux-image-extra .deb packages.
• If the test kernel is 4.15(Bionic) or newer, you need to install the linux-modules, linux-modules-extra and linux-image-unsigned .deb packages.

The test fails because the attribute IFLA_CARRIER_UP_COUNT and IFLA_CARRIER_DOWN_COUNT are not declared in this kernel. In this kernel, IFLA_NEW_IFINDEX has the numeric value of IFLA_CARRIER_UP_COUNT in an upstream kernel (if I patch iproute2 to use IFLA_CARRIER_UP_COUNT instead of IFLA_NEW_IFINDEX, I can get the new ifindex).
iproute2 (like a lot of others tools) has a local copy of linux uapi headers, thus the numeric value of netlink attributes must be the same than upstream.

Joseph Salisbury (jsalisbury) wrote :

It looks like mainline commit b2d3bcfa26a7a is also needed.

I built another test kernel which has the following three commits:

b2d3bcfa26a7 ("net: core: Expose number of link up/down transitions")
38e01b30563a ("dev: advertise the new ifindex when the netns iface changes")
c36ac8e23073 ("dev: always advertise the new nsid when the netns iface changes")

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1774225

Can you test this kernel and see if it resolves this bug?

It works for me, thanks!

Joseph Salisbury (jsalisbury) wrote :

Bionic SRU request submitted:
https://lists.ubuntu.com/archives/kernel-team/2018-June/093495.html

I should have a Xenial test kernel available for testing shortly. It requires some backporting of the patches.

Joseph Salisbury (jsalisbury) wrote :

Xenial appears to have some prereq commits necessary and requires backporting of commits. Is it possible to use the HWE kernel with Xenial instead of backporting the commits to 4.4?

Well, it could be a workaround but it would be great to have it in the 4.4 if it's not too complicated for you. What do you think?

Joseph Salisbury (jsalisbury) wrote :

I'll see what is involved to backport to Xenial/4.4

Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
description: updated
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
tags: added: verification-done-bionic
removed: verification-needed-bionic
Launchpad Janitor (janitor) wrote :
Download full text (35.6 KiB)

This bug was fixed in the package linux - 4.15.0-33.36

---------------
linux (4.15.0-33.36) bionic; urgency=medium

  * linux: 4.15.0-33.36 -proposed tracker (LP: #1787149)

  * RTNL assertion failure on ipvlan (LP: #1776927)
    - ipvlan: drop ipv6 dependency
    - ipvlan: use per device spinlock to protect addrs list updates
    - SAUCE: fix warning from "ipvlan: drop ipv6 dependency"

  * ubuntu_bpf_jit test failed on Bionic s390x systems (LP: #1753941)
    - test_bpf: flag tests that cannot be jited on s390

  * HDMI/DP audio can't work on the laptop of Dell Latitude 5495 (LP: #1782689)
    - drm/nouveau: fix nouveau_dsm_get_client_id()'s return type
    - drm/radeon: fix radeon_atpx_get_client_id()'s return type
    - drm/amdgpu: fix amdgpu_atpx_get_client_id()'s return type
    - platform/x86: apple-gmux: fix gmux_get_client_id()'s return type
    - ALSA: hda: use PCI_BASE_CLASS_DISPLAY to replace PCI_CLASS_DISPLAY_VGA
    - vga_switcheroo: set audio client id according to bound GPU id

  * locking sockets broken due to missing AppArmor socket mediation patches
    (LP: #1780227)
    - UBUNTU SAUCE: apparmor: fix apparmor mediating locking non-fs, unix sockets

  * Update2 for ocxl driver (LP: #1781436)
    - ocxl: Fix page fault handler in case of fault on dying process

  * netns: unable to follow an interface that moves to another netns
    (LP: #1774225)
    - net: core: Expose number of link up/down transitions
    - dev: always advertise the new nsid when the netns iface changes
    - dev: advertise the new ifindex when the netns iface changes

  * [Bionic] Disk IO hangs when using BFQ as io scheduler (LP: #1780066)
    - block, bfq: fix occurrences of request finish method's old name
    - block, bfq: remove batches of confusing ifdefs
    - block, bfq: add requeue-request hook

  * HP ProBook 455 G5 needs mute-led-gpio fixup (LP: #1781763)
    - ALSA: hda: add mute led support for HP ProBook 455 G5

  * [Bionic] bug fixes to improve stability of the ThunderX2 i2c driver
    (LP: #1781476)
    - i2c: xlp9xx: Fix issue seen when updating receive length
    - i2c: xlp9xx: Make sure the transfer size is not more than
      I2C_SMBUS_BLOCK_SIZE

  * x86/kvm: fix LAPIC timer drift when guest uses periodic mode (LP: #1778486)
    - x86/kvm: fix LAPIC timer drift when guest uses periodic mode

  * Please include ax88179_178a and r8152 modules in d-i udeb (LP: #1771823)
    - [Config:] d-i: Add ax88179_178a and r8152 to nic-modules

  * Nvidia fails after switching its mode (LP: #1778658)
    - PCI: Restore config space on runtime resume despite being unbound

  * Kernel error "task zfs:pid blocked for more than 120 seconds" (LP: #1781364)
    - SAUCE: (noup) zfs to 0.7.5-1ubuntu16.3

  * CVE-2018-12232
    - PATCH 1/1] socket: close race condition between sock_close() and
      sockfs_setattr()

  * CVE-2018-10323
    - xfs: set format back to extents if xfs_bmap_extents_to_btree

  * change front mic location for more lenovo m7/8/9xx machines (LP: #1781316)
    - ALSA: hda/realtek - Fix the problem of two front mics on more machines
    - ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION

  * Cephfs + fscache: unab...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Xenial):
status: In Progress → Confirmed
Changed in linux (Ubuntu):
status: In Progress → Fix Released
Changed in linux (Ubuntu Xenial):
assignee: Joseph Salisbury (jsalisbury) → nobody
Brad Figg (brad-figg) on 2019-07-24
tags: added: cscc
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers