This bug was fixed in the package linux - 4.8.0-52.55
---------------
linux (4.8.0-52.55) yakkety; urgency=low
* linux: 4.8.0-52.55 -proposed tracker (LP: #1686976)
* CVE-2017-7477: macsec: avoid heap overflow in skb_to_sgvec (LP: #1685892)
- macsec: avoid heap overflow in skb_to_sgvec
- macsec: dynamically allocate space for sglist
* net/ipv4: original ingress device index set as the loopback interface.
(LP: #1683982)
- net: fix incorrect original ingress device index in PKTINFO
* Touchpad not working correctly after kernel upgrade (LP: #1662589)
- Input: ALPS - fix V8+ protocol handling (73 03 28)
* ifup service of network device stay active after driver stop (LP: #1672144)
- net: use net->count to check whether a netns is alive or not
* [Hyper-V] mkfs regression in kernel 4.4+ (LP: #1682215)
- block: relax check on sg gap
* Potential memory corruption with capi adapters (LP: #1681469)
- powerpc/mm: Add missing global TLB invalidate if cxl is active
* [Hyper-V/Azure] Please include Mellanox OFED drivers in Azure kernel and
image (LP: #1650058)
- net/mlx4_en: Fix bad WQE issue
- net/mlx4_core: Fix racy CQ (Completion Queue) free
- net/mlx4_core: Fix when to save some qp context flags for dynamic VST to
VGT
transitions
- net/mlx4_core: Avoid command timeouts during VF driver device shutdown
-- Stefan Bader <stefan.ba...@canonical.com> Fri, 28 Apr 2017 12:17:12
+0200
** Changed in: linux (Ubuntu Yakkety)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-7477
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1683982
Title:
net/ipv4: original ingress device index set as the loopback interface.
Status in kolla:
New
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Yakkety:
Fix Released
Status in linux source package in Zesty:
Fix Released
Bug description:
[Environment]
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Codename: xenial
# uname -a
Linux juju-niedbalski-xenial-machine-12 4.8.0-46-generic
#49~16.04.1-Ubuntu SMP Fri Mar 31 14:51:03 UTC 2017 x86_64 x86_64
x86_64 GNU/Linux
[Description]
We identified a bug in one of the utilities provided by dnsmasq, the
'dhcp_release' utility which
is executed as part of the DHCP lease cleanup mechanism by Neutron once a
network resource is freed.
We noticed that some packets were discarded by the DHCP server (dnsmasq) in
Ubuntu systems
running a kernel >= 4.7. The reason was the ipi_ifindex field on the pktinfo
was incorrectly assumed to be 1 (loopback),
this causes the message to be ignored by the dnsmasq daemon since isn't the
interface on which dnsmasq is bind to.
(gdb) p *p.p
$4 = {
ipi_ifindex = 1,
ipi_spec_dst = {
s_addr = 34973888
},
ipi_addr = {
s_addr = 34973888
}
}
(gdb) p ifr
$8 = {ifr_ifrn = {ifrn_name = "lo", '\000' <repeats 13 times>},
[Fix]
Upstream commit:
https://github.com/torvalds/linux/commit/f0c16ba8933ed217c2688b277410b2a37ba81591
[Test Case]
1) Configure a dnsmasq instance to server DHCP
(Example):
$ sudo dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo
--pid-file=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/pid
--dhcp-hostsfile=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/host
-
-addn-hosts=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/addn_hosts
--dhcp-optsfile=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/opts
--dhcp-leasefile=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942
518dca/leases --dhcp-match=set:ipxe,175 --bind-interfaces
--interface=ns-1cb1b7c7-c0 --dhcp-range=set:tag0,192.168.21.0,static,86400s
--dhcp-option-force=option:mtu,1458 --dhcp-lease-max=256
--conf-file=/etc/neutron/dnsmasq.conf --
domain=openstacklocal
2) Boot a VM or container on the bridge/interface on which dnsmasq is bind to.
2) Use the dhcp_release utility to release the lease.
(Example):
$ sudo dhcp_release ns-1cb1b7c7-c0 192.168.21.8 fa:16:3e:f3:b2:fe
The expected result: The lease is freed.
Current results: dnsmasq ignored the DHCP Release message.
[Fix]
When we send a packet for our own local address on a non-loopback
interface (e.g. eth0), due to the change had been introduced from
commit 0b922b7 ("net: original ingress device index in PKTINFO"), the
original ingress device index would be set as the loopback interface.
*
https://github.com/torvalds/linux/commit/f0c16ba8933ed217c2688b277410b2a37ba81591
To manage notifications about this bug go to:
https://bugs.launchpad.net/kolla/+bug/1683982/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
