ipv6: restore correct ECN handling on TCP xmit

Bug #872179 reported by Tim Gardner on 2011-10-11
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
nero
Lucid
Undecided
Tim Gardner
Maverick
Undecided
Tim Gardner
Natty
Undecided
Tim Gardner
Oneiric
Undecided
Unassigned

Bug Description

    Since commit e9df2e8fd8fbc9 (Use appropriate sock tclass setting for
    routing lookup) we lost ability to properly add ECN codemarks to ipv6
    TCP frames.

    It seems like TCP_ECN_send() calls INET_ECN_xmit(), which only sets the
    ECN bit in the IPv4 ToS field (inet_sk(sk)->tos), but after the patch,
    what's checked is inet6_sk(sk)->tclass, which is a completely different
    field.

    Close bug https://bugzilla.kernel.org/show_bug.cgi?id=34322

    [Eric Dumazet] : added the INET_ECN_dontxmit() fix and replace macros
    by inline functions for clarity.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 872179

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Changed in linux (Ubuntu Natty):
status: New → Incomplete
Tim Gardner (timg-tpi) on 2011-10-11
Changed in linux (Ubuntu Natty):
status: Incomplete → In Progress
assignee: nobody → Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Oneiric):
status: Incomplete → Fix Released
Tim Gardner (timg-tpi) on 2011-10-11
Changed in linux (Ubuntu Lucid):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Changed in linux (Ubuntu Maverick):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Tim Gardner (timg-tpi) on 2011-10-11
Changed in linux (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Natty):
status: In Progress → Fix Committed
Herton R. Krzesinski (herton) wrote :

This bug is awaiting verification that the kernels for Lucid/Maverick/Natty in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved on the tested series, change the tag 'verification-needed-<seriesname>' to 'verification-done-<seriesname>'

If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-lucid verification-needed-maverick verification-needed-natty
Tim Gardner (timg-tpi) wrote :

This patch is a backport from upstream commit ca06707022d6ba4744198a8ebbe4994786b0c613 which should have gone to stable. Therefore I'm marking all releases verification-done.

tags: added: verification-done-lucid verification-done-maverick verification-done-natty
removed: verification-needed-lucid verification-needed-maverick verification-needed-natty
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.35-31.62

---------------
linux (2.6.35-31.62) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #887378

  [ Upstream Kernel Changes ]

  * ipv6: restore correct ECN handling on TCP xmit
    - LP: #872179
  * nl80211: fix overflow in ssid_len - CVE-2011-2517
    - LP: #869245
    - CVE-2011-2517
  * vm: fix vm_pgoff wrap in stack expansion - CVE-2011-2496
    - LP: #869243
    - CVE-2011-2496
  * vm: fix vm_pgoff wrap in upward expansion - CVE-2011-2496
    - LP: #869243
    - CVE-2011-2496
  * ksm: fix NULL pointer dereference in scan_get_next_rmap_item() -
    CVE-2011-2183
    - LP: #869227
    - CVE-2011-2183
  * NLM: Don't hang forever on NLM unlock requests - CVE-2011-2491
    - LP: #869237
    - CVE-2011-2491
  * cifs: clean up cifs_find_smb_ses (try #2), CVE-2011-1585
    - LP: #869208
    - CVE-2011-1585
  * cifs: fix NULL pointer dereference in cifs_find_smb_ses, CVE-2011-1585
    - LP: #869208
    - CVE-2011-1585
  * cifs: check for NULL session password, CVE-2011-1585
    - LP: #869208
    - CVE-2011-1585
 -- Herton Ronaldo Krzesinski <email address hidden> Mon, 07 Nov 2011 21:56:31 -0200

Changed in linux (Ubuntu Maverick):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.38-13.52

---------------
linux (2.6.38-13.52) natty-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #887379

  [ Konrad Rzeszutek Wilk ]

  * SAUCE: x86/paravirt: Partially revert "remove lazy mode in interrupts"
    - LP: #854050

  [ Ming Lei ]

  * SAUCE: [media] uvcvideo: Set alternate setting 0 on resume if the bus
    has been reset
    - LP: #816484

  [ Seth Forshee ]

  * SAUCE: acer-wmi: Add wireless quirk for Lenovo 3000 N200
    - LP: #857297

  [ Upstream Kernel Changes ]

  * Make TASKSTATS require root access, CVE-2011-2494
    - LP: #866021
    - CVE-2011-2494
  * proc: restrict access to /proc/PID/io, CVE-2011-2495
    - LP: #866025
    - CVE-2011-2495
  * proc: fix a race in do_io_accounting(), CVE-2011-2495
    - LP: #866025
    - CVE-2011-2495
  * staging: comedi: fix infoleak to userspace, CVE-2011-2909
    - LP: #869261
    - CVE-2011-2909
  * perf tools: do not look at ./config for configuration, CVE-2011-2905
    - LP: #869259
    - CVE-2011-2905
  * e1000e: workaround for packet drop on 82579 at 100Mbps
    - LP: #870127
  * eCryptfs: Remove unnecessary grow_file() function
    - LP: #745836
  * eCryptfs: Remove ECRYPTFS_NEW_FILE crypt stat flag
    - LP: #745836
  * block: blkdev_get() should access ->bd_disk only after success
    - LP: #857170
  * ipv6: restore correct ECN handling on TCP xmit
    - LP: #872179
  * nl80211: fix overflow in ssid_len - CVE-2011-2517
    - LP: #869245
    - CVE-2011-2517
  * ksm: fix NULL pointer dereference in scan_get_next_rmap_item() -
    CVE-2011-2183
    - LP: #869227
    - CVE-2011-2183
  * NLM: Don't hang forever on NLM unlock requests - CVE-2011-2491
    - LP: #869237
    - CVE-2011-2491
  * KVM: fix kvmclock regression due to missing clock update
    - LP: #795717
  * drm/i915: don't enable plane, pipe and PLL prematurely
    - LP: #812638
  * drm/i915: add pipe/plane enable/disable functions
    - LP: #812638
 -- Herton Ronaldo Krzesinski <email address hidden> Mon, 07 Nov 2011 22:11:51 -0200

Changed in linux (Ubuntu Natty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-36.79

---------------
linux (2.6.32-36.79) lucid-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #887727

  [ Upstream Kernel Changes ]

  * net_sched: Fix qdisc_notify() - CVE-2011-2525
    - LP: #869250
    - CVE-2011-2525
  * ipv6: restore correct ECN handling on TCP xmit
    - LP: #872179
  * nl80211: fix overflow in ssid_len - CVE-2011-2517
    - LP: #869245
    - CVE-2011-2517
  * vm: fix vm_pgoff wrap in stack expansion - CVE-2011-2496
    - LP: #869243
    - CVE-2011-2496
  * vm: fix vm_pgoff wrap in upward expansion - CVE-2011-2496
    - LP: #869243
    - CVE-2011-2496
  * drm: mm: fix range restricted allocations
    - LP: #873130
  * NLM: Don't hang forever on NLM unlock requests - CVE-2011-2491
    - LP: #869237
    - CVE-2011-2491
 -- Herton Ronaldo Krzesinski <email address hidden> Tue, 08 Nov 2011 17:20:39 -0200

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
nero (lwariiri) on 2011-12-02
Changed in linux (Ubuntu):
assignee: nobody → nero (lwariiri)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers