bonded interfaces in bridge do not have LRO turned off

Bug #1547680 reported by Dan Streetman on 2016-02-19
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Dan Streetman
Trusty
Undecided
Dan Streetman
linux-lts-utopic (Ubuntu)
Undecided
Unassigned
Trusty
Undecided
Unassigned

Bug Description

The "large receive offload" functionality of some NICs is not compatible with packet forwarding, because it modifies incoming packets in an irreversible way so the packets can't be correctly forwarded across the bridge. When an interface is added to a bridge, the kernel automatically disables LRO via dev_disable_lro(), however in trusty this only works for normal interfaces (or vlan/macvlan) added to a bridge. When interfaces belong to a bond, and the bond is added to a bridge, the interfaces' LRO is not disabled, and (some) incoming packets are modified by LRO and then lost when passing through the bridge.

Commit fbe168ba91f7c327856f205699404284c2f09e36 updates dev_disable_lro() to work for all types of interfaces, including bonds.

Tags: sts Edit Tag help

CVE References

Dan Streetman (ddstreet) on 2016-02-19
Changed in linux (Ubuntu):
assignee: nobody → Dan Streetman (ddstreet)
status: New → Fix Released
status: Fix Released → In Progress
Dan Streetman (ddstreet) on 2016-02-19
Changed in linux (Ubuntu Trusty):
assignee: nobody → Dan Streetman (ddstreet)
status: New → In Progress
Changed in linux (Ubuntu):
status: In Progress → Fix Released
Dan Streetman (ddstreet) wrote :

This can be reproduced on any system with a nic that supports lro. For example:

$ sudo ethtool -k eth5 | grep large-receive-offload
large-receive-offload: on

$ sudo modprobe bonding
$ sudo ifenslave bond0 eth5
$ sudo brctl addbr br0
$ sudo brctl addif br0 bond0

without the patch, lro will still be on:

$ sudo ethtool -k eth5 | grep large-receive-offload
large-receive-offload: on

with the patch, lro will automatically get disabled when the bond is added to the bridge:

$ sudo ethtool -k eth5 | grep large-receive-offload
large-receive-offload: off

Doug (k-doug) wrote :

I have been able to reproduce this issue, and the fix/patch provided results in LRO being disabled automatically as described in post #1 above.

Dan Streetman (ddstreet) wrote :

The result of this bug is, some VMs on an affected host system will receive some packets, but not all, so in the VM it appears that the network doesn't work. This was specifically seen on Windows guests, in this case.

Changed in linux (Ubuntu Trusty):
status: In Progress → Fix Committed
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (14.5 KiB)

This bug was fixed in the package linux - 3.13.0-83.127

---------------
linux (3.13.0-83.127) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1555839

  [ Florian Westphal ]

  * SAUCE: [nf,v2] netfilter: x_tables: don't rely on well-behaving
    userspace
    - LP: #1555338

linux (3.13.0-82.126) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1554732

  [ Upstream Kernel Changes ]

  * Revert "drm/radeon: call hpd_irq_event on resume"
    - LP: #1554608
  * net: generic dev_disable_lro() stacked device handling
    - LP: #1547680

linux (3.13.0-81.125) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1552316

  [ Upstream Kernel Changes ]

  * Revert "firmware: dmi_scan: Fix UUID endianness for SMBIOS >= 2.6"
    - LP: #1551419
  * bcache: Fix a lockdep splat in an error path
    - LP: #1551327

linux (3.13.0-80.124) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1548519

  [ Andy Whitcroft ]

  * [Debian] hv: hv_set_ifconfig -- convert to python3
    - LP: #1506521
  * [Debian] hv: hv_set_ifconfig -- switch to approved indentation
    - LP: #1540586
  * [Debian] hv: hv_set_ifconfig -- fix numerous parameter handling issues
    - LP: #1540586

  [ Dan Streetman ]

  * SAUCE: nbd: ratelimit error msgs after socket close
    - LP: #1505564

  [ Upstream Kernel Changes ]

  * Revert "workqueue: make sure delayed work run in local cpu"
    - LP: #1546320
  * [media] gspca: ov534/topro: prevent a division by 0
    - LP: #1542497
  * [media] media: dvb-core: Don't force CAN_INVERSION_AUTO in oneshot mode
    - LP: #1542497
  * tools lib traceevent: Fix output of %llu for 64 bit values read on 32
    bit machines
    - LP: #1542497
  * KVM: x86: correctly print #AC in traces
    - LP: #1542497
  * drm/radeon: call hpd_irq_event on resume
    - LP: #1542497
  * xhci: refuse loading if nousb is used
    - LP: #1542497
  * arm64: Clear out any singlestep state on a ptrace detach operation
    - LP: #1542497
  * time: Avoid signed overflow in timekeeping_get_ns()
    - LP: #1542497
  * rtlwifi: fix memory leak for USB device
    - LP: #1542497
  * wlcore/wl12xx: spi: fix oops on firmware load
    - LP: #1542497
  * EDAC, mc_sysfs: Fix freeing bus' name
    - LP: #1542497
  * EDAC: Don't try to cancel workqueue when it's never setup
    - LP: #1542497
  * EDAC: Robustify workqueues destruction
    - LP: #1542497
  * powerpc: Make value-returning atomics fully ordered
    - LP: #1542497
  * powerpc: Make {cmp}xchg* and their atomic_ versions fully ordered
    - LP: #1542497
  * dm space map metadata: remove unused variable in brb_pop()
    - LP: #1542497
  * dm thin: fix race condition when destroying thin pool workqueue
    - LP: #1542497
  * futex: Drop refcount if requeue_pi() acquired the rtmutex
    - LP: #1542497
  * drm/radeon: clean up fujitsu quirks
    - LP: #1542497
  * mmc: sdio: Fix invalid vdd in voltage switch power cycle
    - LP: #1542497
  * mmc: sdhci: Fix sdhci_runtime_pm_bus_on/off()
    - LP: #1542497
  * udf: limit the maximum number of indirect extents in a row
    - LP: #1542497
  * nfs: Fix race in __update_open_stateid...

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (10.4 KiB)

This bug was fixed in the package linux-lts-utopic - 3.16.0-69.89~14.04.1

---------------
linux-lts-utopic (3.16.0-69.89~14.04.1) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1558760

  [ Upstream Kernel Changes ]

  * Revert "Revert "af_unix: Revert 'lock_interruptible' in stream receive
    code""

linux-lts-utopic (3.16.0-68.88~14.04.1) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1558092

  [ Upstream Kernel Changes ]

  * Revert "ALSA: hda - Fix noise on Gigabyte Z170X mobo"
    - LP: #1552180
  * Revert "af_unix: Revert 'lock_interruptible' in stream receive code"
    - LP: #1540731
  * [media] usbvision fix overflow of interfaces array
    - LP: #1552180
  * [media] usbvision: fix leak of usb_dev on failure paths in
    usbvision_probe()
    - LP: #1552180
  * [media] usbvision: fix crash on detecting device with invalid
    configuration
    - LP: #1552180
  * tty: Fix unsafe ldisc reference via ioctl(TIOCGETD)
    - LP: #1552180
  * USB: serial: visor: fix crash on detecting device without write_urbs
    - LP: #1552180
  * ASN.1: Fix non-match detection failure on data overrun
    - LP: #1552180
  * iw_cxgb3: Fix incorrectly returning error on success
    - LP: #1552180
  * EVM: Use crypto_memneq() for digest comparisons
    - LP: #1552180
  * iio: adis_buffer: Fix out-of-bounds memory access
    - LP: #1552180
  * KVM: PPC: Fix emulation of H_SET_DABR/X on POWER8
    - LP: #1552180
  * x86/irq: Call chip->irq_set_affinity in proper context
    - LP: #1552180
  * ACPI / PCI / hotplug: unlock in error path in acpiphp_enable_slot()
    - LP: #1552180
  * usb: cdc-acm: handle unlinked urb in acm read callback
    - LP: #1552180
  * usb: cdc-acm: send zero packet for intel 7260 modem
    - LP: #1552180
  * cdc-acm:exclude Samsung phone 04e8:685d
    - LP: #1552180
  * usb: hub: do not clear BOS field during reset device
    - LP: #1552180
  * USB: cp210x: add ID for IAI USB to RS485 adaptor
    - LP: #1552180
  * USB: visor: fix null-deref at probe
    - LP: #1552180
  * USB: serial: option: Adding support for Telit LE922
    - LP: #1552180
  * ALSA: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup()
    - LP: #1552180
  * ALSA: seq: Degrade the error message for too many opens
    - LP: #1552180
  * USB: serial: ftdi_sio: add support for Yaesu SCU-18 cable
    - LP: #1552180
  * USB: option: fix Cinterion AHxx enumeration
    - LP: #1552180
  * ALSA: compress: Disable GET_CODEC_CAPS ioctl for some architectures
    - LP: #1552180
  * ALSA: usb-audio: Fix TEAC UD-501/UD-503/NT-503 usb delay
    - LP: #1552180
  * virtio_pci: fix use after free on release
    - LP: #1552180
  * ALSA: bebob: Use a signed return type for get_formation_index
    - LP: #1552180
  * arm64: errata: Add -mpc-relative-literal-loads to build flags
    - LP: #1533009, #1552180
  * powerpc/eeh: Fix PE location code
    - LP: #1552180
  * SCSI: fix crashes in sd and sr runtime PM
    - LP: #1552180
  * n_tty: Fix unsafe reference to "other" ldisc
    - LP: #1552180
  * staging/speakup: Use tty_ldisc_ref() for paste kworker
    - LP: #1552180
  * ALSA: dummy: Disable switching timer backend via sys...

Changed in linux-lts-utopic (Ubuntu Trusty):
status: Fix Committed → Fix Released
Dan Streetman (ddstreet) on 2019-04-07
Changed in linux-lts-utopic (Ubuntu):
status: New → Won't Fix
status: Won't Fix → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers