FDB table grows out of control

Bug #1568969 reported by Daniel on 2016-04-11
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Trusty
Undecided
Tim Gardner
Vivid
Undecided
Unassigned
Wily
Undecided
Unassigned
Xenial
Undecided
Unassigned
Yakkety
Medium
Unassigned

Bug Description

The forwarding database (FDB) grows out of control after too many broadcast entries are entered under the same interface.
I've written a test script to reproduce the bug here using virtual box:
https://github.com/dlevy-ibm/fdb_bug

Also filed here: https://bugzilla.kernel.org/show_bug.cgi?id=116141

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.13.0-83-generic 3.13.0-83.127
ProcVersionSignature: Ubuntu 3.13.0-83.127-generic 3.13.11-ckt35
Uname: Linux 3.13.0-83-generic x86_64
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 Apr 11 16:36 seq
 crw-rw---- 1 root audio 116, 33 Apr 11 16:36 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.14.1-0ubuntu3.19
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: [Errno 2] No such file or directory: 'iw'
Date: Mon Apr 11 16:45:55 2016
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
Lsusb: Error: command ['lsusb'] failed with exit code 1: unable to initialize libusb: -99
MachineType: innotek GmbH VirtualBox
PciMultimedia:

ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcFB:

ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-83-generic root=UUID=a742ba82-8430-4d30-b747-99c9c9af3168 ro console=tty1 console=ttyS0
RelatedPackageVersions:
 linux-restricted-modules-3.13.0-83-generic N/A
 linux-backports-modules-3.13.0-83-generic N/A
 linux-firmware N/A
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 12/01/2006
dmi.bios.vendor: innotek GmbH
dmi.bios.version: VirtualBox
dmi.board.name: VirtualBox
dmi.board.vendor: Oracle Corporation
dmi.board.version: 1.2
dmi.chassis.type: 1
dmi.chassis.vendor: Oracle Corporation
dmi.modalias: dmi:bvninnotekGmbH:bvrVirtualBox:bd12/01/2006:svninnotekGmbH:pnVirtualBox:pvr1.2:rvnOracleCorporation:rnVirtualBox:rvr1.2:cvnOracleCorporation:ct1:cvr:
dmi.product.name: VirtualBox
dmi.product.version: 1.2
dmi.sys.vendor: innotek GmbH

Daniel (dlevy) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux (Ubuntu):
status: New → Confirmed
Joseph Salisbury (jsalisbury) wrote :

Did this issue start happening after an update/upgrade? Was there a prior kernel version where you were not having this particular problem?

Would it be possible for you to test the latest upstream kernel? Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Please test the latest v4.6 kernel[0].

If this bug is fixed in the mainline kernel, please add the following tag 'kernel-fixed-upstream'.

If the mainline kernel does not fix this bug, please add the tag: 'kernel-bug-exists-upstream'.

Once testing of the upstream kernel is complete, please mark this bug as "Confirmed".

Thanks in advance.

[0] http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.6-rc4-wily/

Changed in linux (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Incomplete
Daniel (dlevy) wrote :

@Joseph It was fixed in the upstream kernel. I have added tags and changed the status.

tags: added: kernel-fixed-upstream
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Perry (panxia6679) wrote :

This problem affects us. I have identified that the change 9063e21fb026c4966fc93261c18322214f9835eb is able to resolve it after merging it to v3.13 kernel. Can we add the patch to new ubuntu v3.13 patch? Any suggestion? Thanks.

Tim Gardner (timg-tpi) wrote :

git describe --contains 9063e21fb026c4966fc93261c18322214f9835eb
v3.15-rc1~113^2~198

Changed in linux (Ubuntu Yakkety):
status: Confirmed → Fix Released
Changed in linux (Ubuntu Xenial):
status: New → Fix Released
Changed in linux (Ubuntu Wily):
status: New → Fix Released
Changed in linux (Ubuntu Vivid):
status: New → Fix Released
Changed in linux (Ubuntu Trusty):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Perry (panxia6679) wrote :

Hi Tim,

Can we add the patch into new v3.13 maintenance patch? It affects many people and we really needs this. Please suggest. Otherwise we have to build custom kernel and we don't prefer custom kernel. Thanks.

btw, I checked out Ubuntu-3.13.0-87.133 which has the problem. And after cherry-picking 9063e21fb026c4966fc93261c18322214f9835eb, the problem is gone.

Perry

Tim Gardner (timg-tpi) wrote :

Perry - this patch has been proposed for review on the kernel team mailing list: https://lists.ubuntu.com/archives/kernel-team/2016-May/077818.html

Perry (panxia6679) wrote :

I see that the patch has gotten two ACKs. Looks the coming cycle is from 03-Jun through 25-Jun, and it is 03-Jun as last day for kernel commits. Please let me know if you need my support. Thanks.

Changed in linux (Ubuntu Trusty):
status: In Progress → Fix Committed
Kamal Mostafa (kamalmostafa) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-trusty
Perry (panxia6679) wrote :

The defect has been fixed in kernel3.13.0-89-generic with the test approach in https://github.com/dlevy-ibm/fdb_bug.

------
Adding FDB entry for IP: 123.123.123.1
...
Adding FDB entry for IP: 123.123.123.74
79
Linux vmtotest 3.13.0-89-generic #136-Ubuntu SMP Fri Jun 10 19:19:24 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

summary: - FDB table grows out of control
+ FDB table grows out of control
tags: added: verification-done-trusty
tags: removed: verification-needed-trusty
Launchpad Janitor (janitor) wrote :
Download full text (4.0 KiB)

This bug was fixed in the package linux - 3.13.0-91.138

---------------
linux (3.13.0-91.138) trusty; urgency=medium

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1595991

  [ Upstream Kernel Changes ]

  * netfilter: x_tables: validate e->target_offset early
    - LP: #1555338
    - CVE-2016-3134
  * netfilter: x_tables: make sure e->next_offset covers remaining blob
    size
    - LP: #1555338
    - CVE-2016-3134
  * netfilter: x_tables: fix unconditional helper
    - LP: #1555338
    - CVE-2016-3134
  * netfilter: x_tables: don't move to non-existent next rule
    - LP: #1595350
  * netfilter: x_tables: validate targets of jumps
    - LP: #1595350
  * netfilter: x_tables: add and use xt_check_entry_offsets
    - LP: #1595350
  * netfilter: x_tables: kill check_entry helper
    - LP: #1595350
  * netfilter: x_tables: assert minimum target size
    - LP: #1595350
  * netfilter: x_tables: add compat version of xt_check_entry_offsets
    - LP: #1595350
  * netfilter: x_tables: check standard target size too
    - LP: #1595350
  * netfilter: x_tables: check for bogus target offset
    - LP: #1595350
  * netfilter: x_tables: validate all offsets and sizes in a rule
    - LP: #1595350
  * netfilter: x_tables: don't reject valid target size on some
    architectures
    - LP: #1595350
  * netfilter: arp_tables: simplify translate_compat_table args
    - LP: #1595350
  * netfilter: ip_tables: simplify translate_compat_table args
    - LP: #1595350
  * netfilter: ip6_tables: simplify translate_compat_table args
    - LP: #1595350
  * netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
    - LP: #1595350
  * netfilter: x_tables: do compat validation via translate_table
    - LP: #1595350
  * netfilter: x_tables: introduce and use xt_copy_counters_from_user
    - LP: #1595350

linux (3.13.0-90.137) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1595693

  [ Serge Hallyn ]

  * SAUCE: add a sysctl to disable unprivileged user namespace unsharing
    - LP: #1555338, #1595350

linux (3.13.0-89.136) trusty; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1591315

  [ Kamal Mostafa ]

  * [debian] getabis: Only git add $abidir if running in local repo
    - LP: #1584890
  * [debian] getabis: Fix inconsistent compiler versions check
    - LP: #1584890

  [ Stefan Bader ]

  * SAUCE: powerpc/powernv: Fix incomplete backport of 8117ac6
    - LP: #1589910

  [ Tim Gardner ]

  * [Config] Remove arc4 from nic-modules
    - LP: #1582991

  [ Upstream Kernel Changes ]

  * KVM: x86: move steal time initialization to vcpu entry time
    - LP: #1494350
  * lpfc: Fix premature release of rpi bit in bitmask
    - LP: #1580560
  * lpfc: Correct loss of target discovery after cable swap.
    - LP: #1580560
  * mm/balloon_compaction: redesign ballooned pages management
    - LP: #1572562
  * mm/balloon_compaction: fix deflation when compaction is disabled
    - LP: #1572562
  * bridge: Fix the way to find old local fdb entries in br_fdb_changeaddr
    - LP: #1581585
  * bridge: notify user space after fdb update
    - LP: #1581585
  * ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
   ...

Read more...

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers