Ubuntu
linux package

87cdf3148b11 was never backported to 4.15

Bug #1795653 reported by Boris Tomici
24
This bug affects 4 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Medium
Joseph Salisbury
Bionic
Fix Released
Medium
Joseph Salisbury

Bug Description

== SRU Justification ==
Commit 87cdf3148b11 fixes a regression introduced by commit
5efec5c655dd. However, it has not never landed in Bionic. Requesting
this commit in Bionic, so we don't have to wait for it to come down from
upstream stable.

== Fix ==
87cdf3148b11 ("xfrm: Verify MAC header exists before overwriting eth_hdr(skb)->h_proto")

== Regression Potential ==
Low. This commit fixes and existing regression by making sure teh MAC
header exists.

== Test Case ==
A test kernel was built with this patch and tested by the original bug reporter.
The bug reporter states the test kernel resolved the bug.

Hello,

After a few days of troubleshooting a problem with L2TP and IPSec a fellow from ServerFault pointed out that my problem is a known bug fixed by 87cdf3148b11 commit which wasn't backported on 4.15 kernel.

Ubuntu 4.15.0-36.39-generic 4.15.18

See original description
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1795653

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu):
status: Incomplete → In Progress
Changed in linux (Ubuntu Bionic):
status: New → In Progress
importance: Undecided → Medium
Changed in linux (Ubuntu):
importance: Undecided → Medium
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Bionic):
assignee: nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu):
status: In Progress → Fix Released
tags: added: bionic
Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

I built a test kernel with commit 87cdf3148b11. The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1795653

Can you test this kernel and see if it resolves this bug?

Note about installing test kernels:
• If the test kernel is prior to 4.15(Bionic) you need to install the linux-image and linux-image-extra .deb packages.
• If the test kernel is 4.15(Bionic) or newer, you need to install the linux-modules, linux-modules-extra and linux-image-unsigned .deb packages.

Thanks in advance!

Revision history for this message
Boris Tomici (xbrs1) wrote :

Hi Joseph,

Thank you for your fast response.
I will be able to test it only next week as I am out of office until Monday.

Bests,
Boris

Revision history for this message
Boris Tomici (xbrs1) wrote :

Hello Joseph,

I have checked with lp1795653 build and my problem is solved.
IPSec packets are not translated anymore when passing thru a L2 tunnel.

Thanks,
Boris

Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

Thanks for testing. I'll submit a Bionic SRU request to include that commit.

Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

SRU request submitted:
https://lists.ubuntu.com/archives/kernel-team/2018-October/095979.html

description: updated
Kleber Sacilotto de Souza (kleber-souza)
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Revision history for this message
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Revision history for this message
DigiAngel (jlay) wrote :

I've had this bug since upgrading to bionic:

Capturing on 'ppp0'
    1 2018-11-03 09:14:53.526438246 8.0.1.11 → 192.168.1.253 ICMP 100 Echo (ping) request id=0x0001, seq=192/49152, ttl=64
    2 2018-11-03 09:14:54.518831536 8.0.1.11 → 192.168.1.253 ICMP 100 Echo (ping) request id=0x0001, seq=193/49408, ttl=64
    3 2018-11-03 09:14:55.536100696 8.0.1.11 → 192.168.1.253 ICMP 100 Echo (ping) request id=0x0001, seq=194/49664, ttl=64
    4 2018-11-03 09:14:56.519409580 8.0.1.11 → 192.168.1.253 ICMP 100 Echo (ping) request id=0x0001, seq=195/49920, ttl=64

Linux gateway 4.15.0-38-generic #41-Ubuntu SMP Wed Oct 10 10:59:38 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

A fix can't come soon enough...thank you.

Revision history for this message
Boris Tomici (xbrs1) wrote :

I didn't had time to test again the kernel but a fast fix would be kernel upgrade to 4.17 or newer version.

Revision history for this message
Kleber Sacilotto de Souza (kleber-souza) wrote :

Hi @DigiAngel,

Could you please verify if the Bionic kernel currently in -proposed fixes your issue?

Thank you.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.4 KiB)

This bug was fixed in the package linux - 4.15.0-39.42

---------------
linux (4.15.0-39.42) bionic; urgency=medium

  * linux: 4.15.0-39.42 -proposed tracker (LP: #1799411)

  * Linux: insufficient shootdown for paging-structure caches (LP: #1798897)
    - mm: move tlb_table_flush to tlb_flush_mmu_free
    - mm/tlb: Remove tlb_remove_table() non-concurrent condition
    - mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE
    - [Config] CONFIG_HAVE_RCU_TABLE_INVALIDATE=y

  * Ubuntu18.04: GPU total memory is reduced (LP: #1792102)
    - Revert "powerpc/powernv: Increase memory block size to 1GB on radix"

  * arm64: snapdragon: reduce boot noise (LP: #1797154)
    - [Config] arm64: snapdragon: DRM_MSM=m
    - [Config] arm64: snapdragon: SND*=m
    - [Config] arm64: snapdragon: disable ARM_SDE_INTERFACE
    - [Config] arm64: snapdragon: disable DRM_I2C_ADV7511_CEC
    - [Config] arm64: snapdragon: disable VIDEO_ADV7511, VIDEO_COBALT

  * [Bionic] CPPC bug fixes (LP: #1796949)
    - ACPI / CPPC: Update all pr_(debug/err) messages to log the susbspace id
    - cpufreq: CPPC: Don't set transition_latency
    - ACPI / CPPC: Fix invalid PCC channel status errors

  * regression in 'ip --family bridge neigh' since linux v4.12 (LP: #1796748)
    - rtnetlink: fix rtnl_fdb_dump() for ndmsg header

  * screen displays abnormally on the lenovo M715 with the AMD GPU (Radeon Vega
    8 Mobile, rev ca, 1002:15dd) (LP: #1796786)
    - drm/amd/display: Fix takover from VGA mode
    - drm/amd/display: early return if not in vga mode in disable_vga
    - drm/amd/display: Refine disable VGA

  * arm64: snapdragon: WARNING: CPU: 0 PID: 1 arch/arm64/kernel/setup.c:271
    reserve_memblock_reserved_regions (LP: #1797139)
    - SAUCE: arm64: Fix /proc/iomem for reserved but not memory regions

  * The front MIC can't work on the Lenovo M715 (LP: #1797292)
    - ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715

  * Keyboard backlight sysfs sometimes is missing on Dell laptops (LP: #1797304)
    - platform/x86: dell-smbios: Correct some style warnings
    - platform/x86: dell-smbios: Rename dell-smbios source to dell-smbios-base
    - platform/x86: dell-smbios: Link all dell-smbios-* modules together
    - [Config] CONFIG_DELL_SMBIOS_SMM=y, CONFIG_DELL_SMBIOS_WMI=y

  * rpi3b+: ethernet not working (LP: #1797406)
    - lan78xx: Don't reset the interface on open

  * 87cdf3148b11 was never backported to 4.15 (LP: #1795653)
    - xfrm: Verify MAC header exists before overwriting eth_hdr(skb)->h_proto

  * [Ubuntu18.04][Power9][DD2.2]package installation segfaults inside debian
    chroot env in P9 KVM guest with HTM enabled (kvm) (LP: #1792501)
    - KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds

  * Provide mode where all vCPUs on a core must be the same VM (LP: #1792957)
    - KVM: PPC: Book3S HV: Provide mode where all vCPUs on a core must be the same
      VM

  * fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
    - SAUCE: fscache: Fix race in decrementing refcount of op->npages

  * CVE-2018-9363
    - Bluetooth: hidp: buffer overflow in hidp_process_report

  * CVE-20...

Read more...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Andy Whitcroft (apw)
tags: added: kernel-fixup-verification-needed-bionic
removed: verification-needed-bionic
Revision history for this message
Andy Whitcroft (apw) wrote :

This bug was erroneously marked for verification in bionic; verification is not required and verification-needed-bionic is being removed.

tags: added: verification-done-bionic
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.