no predictable names for platform (non-PCI) NICs

Bug #1686784 reported by dann frazier on 2017-04-27
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Zesty
Medium
Dimitri John Ledkov

Bug Description

[Impact]
Systems may have NICs attached to the "platform" bus. These are NICs that are onboard, but not attached to a PCI(-like) bus. Rather, they are described by firmware directly. None of the naming policies enabled by Ubuntu by default matches these NICs, so they end up having unpredictable names. In the case where other NICs are attached (e.g. PCIe cards), the ethN enumeration race occurs, making it impossible to have an interface name that is persistent across reboots. That is, if you do a network install over "eth0", on reboot that NIC now maybe "eth3", which causes it to fail to start the network on boot.

The HiSilicon D05 boards are an example of this. It has 4 onboard NICs that are described by ACPI directly, and may also have other PCIe NICs plugged in.

[Test Case]
Boot a system with the characteristics described above, and check to see if any "ethN" interfaces exist.

[Regression Risk]
Unless one fixed the names locally with .netlink / .rules files the interface names will change for the ACPI/platform bus network interfaces, from random ethX names to stable names named like enaVENDORMODELiX. Thus we should check that this update doesn't negatively break certified ARM64 platforms with: ARM, NVIDIA, HISILICON platform bus ethernet devices.

CVE References

dann frazier (dannf) on 2017-04-27
Changed in systemd (Ubuntu Xenial):
status: New → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 233-6ubuntu2

---------------
systemd (233-6ubuntu2) artful; urgency=medium

  [ Michael Biebl ]
  * basic/journal-importer: Fix unaligned access in get_data_size()
    (Closes: #862062)

  [ Dimitri John Ledkov ]
  * ubuntu: disable dnssec on any ubuntu releases (LP: #1690605)
  * Cherrypick upstream patch for vio predictable interface names.
  * Cherrypick upstream patch for platform predictable interface names.
    (LP: #1686784)

  [ Balint Reczey ]
  * Skip starting systemd-remount-fs.service in containers
    even when /etc/fstab is present.
    This allows entering fully running state even when /etc/fstab
    lists / to be mounted from a device which is not present in the
    container. (LP: #1576341)

 -- Dimitri John Ledkov <email address hidden> Wed, 17 May 2017 19:24:03 +0100

Changed in systemd (Ubuntu):
status: New → Fix Released
description: updated
Changed in systemd (Ubuntu Zesty):
status: New → Fix Committed
importance: Undecided → Medium
assignee: nobody → Dimitri John Ledkov (xnox)
milestone: none → zesty-updates
Changed in systemd (Ubuntu Zesty):
status: Fix Committed → In Progress

Hello dann, or anyone else affected,

Accepted systemd into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/232-21ubuntu4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in systemd (Ubuntu Zesty):
status: In Progress → Fix Committed
tags: added: verification-needed
dann frazier (dannf) wrote :

I built a d-i image against zesty-proposed, and verified that the installer showed predictable names for the onboard interfaces on a HiSilicon D05 server (see enahisi* in the attached screenshot). I used one of these interfaces for the install, and the system retained the configuration upon reboot.

tags: added: verification-done-zesty
removed: verification-needed
tags: added: verification-done
Dimitri John Ledkov (xnox) wrote :

Thank you for verifying this, also opening a bug report against netconfig to not call those interface names as "unknown" but call them platform interfaces, or some such.

dann frazier (dannf) wrote :

I also tested this on a Qualcomm QDF2400 server, and the onboard platform device was renamed to "enaqcom8070i0".

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 232-21ubuntu4

---------------
systemd (232-21ubuntu4) zesty; urgency=medium

  * Cherrypick upstream commit to enable system use kernel maximum limit for
    RLIMIT_NOFILE isntead of hard-coded (low) limit of 65536. (LP: #1686361)
  * debian/tests/root-unittests: disable execute and seccomp tests on arm
    test-seccomp and test-execute fail on arm64 kernels. Marking both tests as
    expected failures. An upstream bug report is filed to resolve these.
    (LP: #1672499)
  * Cherrypick upstream patch for platform predictable interface names.
    (LP: #1686784)
  * resolved: fix null pointer dereference crash (LP: #1621396)
  * Cherrypick core/timer downgrade message about random time addition
    (LP: #1692136)

 -- Dimitri John Ledkov <email address hidden> Wed, 24 May 2017 16:26:16 +0100

Changed in systemd (Ubuntu Zesty):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for systemd has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Changed in systemd (Ubuntu Xenial):
milestone: none → ubuntu-16.04.3
Changed in systemd (Ubuntu Yakkety):
status: New → In Progress

Hello dann, or anyone else affected,

Accepted systemd into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu18 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in systemd (Ubuntu Xenial):
status: Confirmed → Fix Committed
tags: added: verification-needed verification-needed-xenial
removed: verification-done
dann frazier (dannf) wrote :

I upgraded systemd to 229-4ubuntu18 and removed /etc/udev/rules.d/70-persistent-net.rules, and found that my onboard NICs are now using predictable names:

ubuntu@d05-2:~$ ls /sys/class/net/
enahisic2i0 enahisic2i3 enP2p233s0f0 enP2p233s0f3 lo
enahisic2i1 enP10p17s0f0 enP2p233s0f1 enP5p113s0f0
enahisic2i2 enP10p17s0f1 enP2p233s0f2 enP5p113s0f1

tags: added: verification-done-xenial
removed: verification-needed-xenial
tags: added: verification-done
removed: verification-needed
Adam Conrad (adconrad) wrote :

Hello dann, or anyone else affected,

Accepted systemd into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu19 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed verification-needed-xenial
removed: verification-done verification-done-xenial
dann frazier (dannf) wrote :

Verified w/ 229-4ubuntu19. I rebuilt d-i against this update and verified that the enahisi style names were used at boot.

I also upgraded a system with 229-4ubuntu18 to 229-4ubuntu19 where the non-PCI platform NIC is my primary NIC. After reboot, everything came back up as expected.

tags: added: verification-done verification-done-xenial
removed: verification-needed verification-needed-xenial
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 229-4ubuntu19

---------------
systemd (229-4ubuntu19) xenial; urgency=medium

  * debian/extra/units/systemd-resolved.service.d/resolvconf.conf: partially
    revert, by removing ExecStart|StopPost lines, as these are not needed on
    xenial and generate warnings in the journal. (LP: #1704677)

systemd (229-4ubuntu18) xenial; urgency=medium

  * debian/extra/units/systemd-resolved.service.d/resolvconf.conf: if resolved
    is going to be started, make sure this blocks network-online.target.
    (LP: #1673860)
  * networkd: cherry-pick support for setting bridge port's priority
    (LP: #1668347)
  * Cherrypick upstream commit to enable system use kernel maximum limit for
    RLIMIT_NOFILE isntead of hard-coded (low) limit of 65536. (LP: #1686361)
  * Cherrypick upstream patch for platform predictable interface names.
    (LP: #1686784)
  * resolved: fix null pointer dereference crash (LP: #1621396)
  * Cherrypick core/timer downgrade message about random time addition
    (LP: #1692136)
  * SECURITY UPDATE: Out-of-bounds write in systemd-resolved (LP: #1695546)
    - CVE-2017-9445
  * Cherry-pick subset of patches to introduce infinity value in logind.conf
    for UserTasksMax (LP: #1651518)

 -- Dimitri John Ledkov <email address hidden> Mon, 17 Jul 2017 17:00:42 +0100

Changed in systemd (Ubuntu Xenial):
status: Fix Committed → Fix Released
no longer affects: systemd (Ubuntu Yakkety)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments