TC filters are broken on Mellanox after upstream stable updates

Bug #1842502 reported by Chris Johnston on 2019-09-03
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Juerg Haefliger

Bug Description

[Impact]

Mellanox TC filters don't work for some key rules after the Bionic 4.15 stable patchset 2019-07-12 update (LP: #1836426). The offending commit is ("net/mlx5e: Set vlan masks for all offloaded TC rules").

This causes fatal network connectivity issues for projects that use the Mellanox ConnectX 5 NIC.

[Test Case]

TBD.

[Fix]

Backport the following upstream commit (which fixes the offending commit) and its prerequisites:
d3a80bb5a3ea ("net/mlx5e: Don't match on vlan non-existence if ethertype is wildcarded")

[Regression Potential]

Low. Changes are isolated and limited to the mlx5_core driver and all commits are in upstream stable v4.19.y.

[Original description]

The following upstream fix was missing from the latest upstream stable update (LP: # and LP1839376: #1839213):

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d3a80bb5a3eac311ddf28387402593977574460d

CVE References

Marcelo Cerri (mhcerri) on 2019-09-03
summary: - TC filters are broken on Mellanox with kernels -1030 and greater
+ TC filters are broken on Mellanox after upstream stable updates
description: updated
Changed in linux (Ubuntu Bionic):
status: New → In Progress
assignee: nobody → Marcelo Cerri (mhcerri)

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1842502

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Chris Johnston (cjohnston) wrote :

Setting back to new since this is a known upstream issue.

Changed in linux (Ubuntu):
status: Incomplete → New

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1842502

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: sts
Juerg Haefliger (juergh) on 2019-09-24
Changed in linux (Ubuntu Bionic):
assignee: Marcelo Cerri (mhcerri) → Juerg Haefliger (juergh)
Juerg Haefliger (juergh) on 2019-09-25
description: updated
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Juerg Haefliger (juergh) on 2019-10-03
tags: added: verification-done-bionic
removed: verification-needed-bionic
Launchpad Janitor (janitor) wrote :
Download full text (23.3 KiB)

This bug was fixed in the package linux - 4.15.0-66.75

---------------
linux (4.15.0-66.75) bionic; urgency=medium

  * bionic/linux: 4.15.0-66.75 -proposed tracker (LP: #1846131)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2018-21008
    - rsi: add fix for crash during assertions

  * ipv6: fix neighbour resolution with raw socket (LP: #1834465)
    - ipv6: constify rt6_nexthop()
    - ipv6: fix neighbour resolution with raw socket

  * run_netsocktests from net in ubuntu_kernel_selftests failed with X-4.15
    (LP: #1842023)
    - SAUCE: selftests: net: replace AF_MAX with INT_MAX in socket.c

  * No sound inputs from the external microphone and headset on a Dell machine
    (LP: #1842265)
    - ALSA: hda - Expand pin_match function to match upcoming new tbls
    - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family

  * Add -fcf-protection=none when using retpoline flags (LP: #1843291)
    - SAUCE: kbuild: add -fcf-protection=none when using retpoline flags

  * Enhanced Hardware Support - Finalize Naming (LP: #1842774)
    - s390: add support for IBM z15 machines

  * Bionic update: upstream stable patchset 2019-09-24 (LP: #1845266)
    - bridge/mdb: remove wrong use of NLM_F_MULTI
    - cdc_ether: fix rndis support for Mediatek based smartphones
    - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
    - isdn/capi: check message length in capi_write()
    - net: Fix null de-reference of device refcount
    - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having
      linear-headed frag_list
    - net: phylink: Fix flow control resolution
    - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
    - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
    - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
    - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
    - tipc: add NULL pointer check before calling kfree_rcu
    - tun: fix use-after-free when register netdev failed
    - btrfs: compression: add helper for type to string conversion
    - btrfs: correctly validate compression type
    - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
    - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist
    - gpio: fix line flag validation in linehandle_create
    - gpio: fix line flag validation in lineevent_create
    - Btrfs: fix assertion failure during fsync and use of stale transaction
    - genirq: Prevent NULL pointer dereference in resend_irqs()
    - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
    - KVM: x86: work around leak of uninitialized stack contents
    - KVM: nVMX: handle page fault in vmread
    - MIPS: VDSO: Prevent use of smp_processor_id()
    - MIPS: VDSO: Use same -m%-float cflag as the kernel proper
    - powerpc: Add barrier_nospec to raw_copy_in_user()
    - drm/meson: Add support for XBGR8888 & ABGR8888 formats
    - clk: rockchip: Don't yell about bad mmc phases when getting
    - mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue
    - PCI: Always allow probing with driver_override
    - ubifs: Cor...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers