| Message ID | cover.1538067073.git.joseph.salisbury@canonical.com |
|---|---|
| Headers | show |
| Series | Fixes for LP:1793753 | expand |
On 27/09/18 19:01, Joseph Salisbury wrote: > BugLink: https://bugs.launchpad.net/bugs/1793753 > > == SRU Justification == > A regression was introduced in Xenial, even prior to v4.4 Final. I did > not test prior to this kernel once I found the bug was fixed in > mainline. The bug reporter experienced crashes on machines running > iptables using ipsets. He could get a trace from the console on one of > them which is attached to the bug report. > > On these machines, some ipset commands are automatically run to update the > sets, and/or to dump them (ipset restore, swap, delete ... / ipset save). > > I was able to reproduce this bug as was cking. This bug was found to be > fixed by mainline commits 596cf3fe5854 and e5173418ac59. > > > == Fixes == > 596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and delete") > e5173418ac59 ("netfilter: ipset: Fix race between dump and swap") > > == Regression Potential == > Low. This fixes a regression and is limited to netfilter. > > == Test Case == > A test kernel was built with these patches and tested by myself and cking. > > > Ross Lagerwall (1): > netfilter: ipset: Fix race between dump and swap > > Vishwanath Pai (1): > netfilter: ipset: fix race condition in ipset save, swap and delete > > include/linux/netfilter/ipset/ip_set.h | 4 ++++ > net/netfilter/ipset/ip_set_bitmap_gen.h | 2 +- > net/netfilter/ipset/ip_set_core.c | 38 +++++++++++++++++++++++++++------ > net/netfilter/ipset/ip_set_hash_gen.h | 2 +- > net/netfilter/ipset/ip_set_list_set.c | 2 +- > 5 files changed, 39 insertions(+), 9 deletions(-) > Clean upstream cherry picks. I can vouch that these commits fix the issue when I soak tested these. BTW, Do we need these fixes for other releases? Acked-by: Colin Ian King <colin.king@canonical.com>
On 09/27/2018 02:06 PM, Colin Ian King wrote: > On 27/09/18 19:01, Joseph Salisbury wrote: >> BugLink: https://bugs.launchpad.net/bugs/1793753 >> >> == SRU Justification == >> A regression was introduced in Xenial, even prior to v4.4 Final. I did >> not test prior to this kernel once I found the bug was fixed in >> mainline. The bug reporter experienced crashes on machines running >> iptables using ipsets. He could get a trace from the console on one of >> them which is attached to the bug report. >> >> On these machines, some ipset commands are automatically run to update the >> sets, and/or to dump them (ipset restore, swap, delete ... / ipset save). >> >> I was able to reproduce this bug as was cking. This bug was found to be >> fixed by mainline commits 596cf3fe5854 and e5173418ac59. >> >> >> == Fixes == >> 596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and delete") >> e5173418ac59 ("netfilter: ipset: Fix race between dump and swap") >> >> == Regression Potential == >> Low. This fixes a regression and is limited to netfilter. >> >> == Test Case == >> A test kernel was built with these patches and tested by myself and cking. >> >> >> Ross Lagerwall (1): >> netfilter: ipset: Fix race between dump and swap >> >> Vishwanath Pai (1): >> netfilter: ipset: fix race condition in ipset save, swap and delete >> >> include/linux/netfilter/ipset/ip_set.h | 4 ++++ >> net/netfilter/ipset/ip_set_bitmap_gen.h | 2 +- >> net/netfilter/ipset/ip_set_core.c | 38 +++++++++++++++++++++++++++------ >> net/netfilter/ipset/ip_set_hash_gen.h | 2 +- >> net/netfilter/ipset/ip_set_list_set.c | 2 +- >> 5 files changed, 39 insertions(+), 9 deletions(-) >> > Clean upstream cherry picks. I can vouch that these commits fix the > issue when I soak tested these. > > BTW, Do we need these fixes for other releases? We don't need them for Bionic or newer. I'll have to test for Trusty and Precise. > > Acked-by: Colin Ian King <colin.king@canonical.com> > >
Acked-by: Kamal Mostafa <kamal@canonical.com> On Thu, Sep 27, 2018 at 02:01:51PM -0400, Joseph Salisbury wrote: > BugLink: https://bugs.launchpad.net/bugs/1793753 > > == SRU Justification == > A regression was introduced in Xenial, even prior to v4.4 Final. I did > not test prior to this kernel once I found the bug was fixed in > mainline. The bug reporter experienced crashes on machines running > iptables using ipsets. He could get a trace from the console on one of > them which is attached to the bug report. > > On these machines, some ipset commands are automatically run to update the > sets, and/or to dump them (ipset restore, swap, delete ... / ipset save). > > I was able to reproduce this bug as was cking. This bug was found to be > fixed by mainline commits 596cf3fe5854 and e5173418ac59. > > > == Fixes == > 596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and delete") > e5173418ac59 ("netfilter: ipset: Fix race between dump and swap") > > == Regression Potential == > Low. This fixes a regression and is limited to netfilter. > > == Test Case == > A test kernel was built with these patches and tested by myself and cking. > > > Ross Lagerwall (1): > netfilter: ipset: Fix race between dump and swap > > Vishwanath Pai (1): > netfilter: ipset: fix race condition in ipset save, swap and delete > > include/linux/netfilter/ipset/ip_set.h | 4 ++++ > net/netfilter/ipset/ip_set_bitmap_gen.h | 2 +- > net/netfilter/ipset/ip_set_core.c | 38 +++++++++++++++++++++++++++------ > net/netfilter/ipset/ip_set_hash_gen.h | 2 +- > net/netfilter/ipset/ip_set_list_set.c | 2 +- > 5 files changed, 39 insertions(+), 9 deletions(-) > > -- > 2.7.4 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
Applied to xenial/master-next. On Thu, Sep 27, 2018 at 02:01:51PM -0400, Joseph Salisbury wrote: > BugLink: https://bugs.launchpad.net/bugs/1793753 > > == SRU Justification == > A regression was introduced in Xenial, even prior to v4.4 Final. I did > not test prior to this kernel once I found the bug was fixed in > mainline. The bug reporter experienced crashes on machines running > iptables using ipsets. He could get a trace from the console on one of > them which is attached to the bug report. > > On these machines, some ipset commands are automatically run to update the > sets, and/or to dump them (ipset restore, swap, delete ... / ipset save). > > I was able to reproduce this bug as was cking. This bug was found to be > fixed by mainline commits 596cf3fe5854 and e5173418ac59. > > > == Fixes == > 596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and delete") > e5173418ac59 ("netfilter: ipset: Fix race between dump and swap") > > == Regression Potential == > Low. This fixes a regression and is limited to netfilter. > > == Test Case == > A test kernel was built with these patches and tested by myself and cking. > > > Ross Lagerwall (1): > netfilter: ipset: Fix race between dump and swap > > Vishwanath Pai (1): > netfilter: ipset: fix race condition in ipset save, swap and delete > > include/linux/netfilter/ipset/ip_set.h | 4 ++++ > net/netfilter/ipset/ip_set_bitmap_gen.h | 2 +- > net/netfilter/ipset/ip_set_core.c | 38 +++++++++++++++++++++++++++------ > net/netfilter/ipset/ip_set_hash_gen.h | 2 +- > net/netfilter/ipset/ip_set_list_set.c | 2 +- > 5 files changed, 39 insertions(+), 9 deletions(-) > > -- > 2.7.4 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
BugLink: https://bugs.launchpad.net/bugs/1793753 == SRU Justification == A regression was introduced in Xenial, even prior to v4.4 Final. I did not test prior to this kernel once I found the bug was fixed in mainline. The bug reporter experienced crashes on machines running iptables using ipsets. He could get a trace from the console on one of them which is attached to the bug report. On these machines, some ipset commands are automatically run to update the sets, and/or to dump them (ipset restore, swap, delete ... / ipset save). I was able to reproduce this bug as was cking. This bug was found to be fixed by mainline commits 596cf3fe5854 and e5173418ac59. == Fixes == 596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and delete") e5173418ac59 ("netfilter: ipset: Fix race between dump and swap") == Regression Potential == Low. This fixes a regression and is limited to netfilter. == Test Case == A test kernel was built with these patches and tested by myself and cking. Ross Lagerwall (1): netfilter: ipset: Fix race between dump and swap Vishwanath Pai (1): netfilter: ipset: fix race condition in ipset save, swap and delete include/linux/netfilter/ipset/ip_set.h | 4 ++++ net/netfilter/ipset/ip_set_bitmap_gen.h | 2 +- net/netfilter/ipset/ip_set_core.c | 38 +++++++++++++++++++++++++++------ net/netfilter/ipset/ip_set_hash_gen.h | 2 +- net/netfilter/ipset/ip_set_list_set.c | 2 +- 5 files changed, 39 insertions(+), 9 deletions(-)