CONFIG options for (ipip, sit) should not be built-in to the KVM kernels
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-kvm (Ubuntu) |
Fix Released
|
Undecided
|
Khaled El Mously | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Groovy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
CONFIG_NET_IPIP and CONFIG_IPV6_SIT are set to =y in the -kvm kernels.
This means that they are always present in the kernel, and the virtual devices they created (tunl0 and sit0) are always present, even when not configured and not needed.
This is causing some issues for clouds that use the -kvm flavour, and there is no good reason for those configuration options to be =y anyway.
So they should be converted to =m instead.
[Regression potential]
- The only possible regression I can think of by compiling these as modules is the possibility that someone's boot setup somehow depended on IP tunneling. Such issues would need to be worked out by some initramfs means, etc.
- After this change, the modules (ipip.ko, sit.ko) are present in linux-modules.
- General consensus was that these options should have been =m all along.
CVE References
no longer affects: | cloud-images |
Changed in linux-kvm (Ubuntu): | |
assignee: | nobody → Khaled El Mously (kmously) |
description: | updated |
description: | updated |
Changed in linux-kvm (Ubuntu Xenial): | |
status: | New → Fix Committed |
Changed in linux-kvm (Ubuntu Bionic): | |
status: | New → Fix Committed |
Changed in linux-kvm (Ubuntu Focal): | |
status: | New → Fix Committed |
Changed in linux-kvm (Ubuntu Groovy): | |
status: | New → Fix Committed |
Changed in linux-kvm (Ubuntu): | |
status: | Confirmed → Fix Released |
SRU patches: https:/ /lists. ubuntu. com/archives/ kernel- team/2020- October/ 114076. html