This bug was fixed in the package linux - 4.8.0-52.55 --------------- linux (4.8.0-52.55) yakkety; urgency=low
* linux: 4.8.0-52.55 -proposed tracker (LP: #1686976) * CVE-2017-7477: macsec: avoid heap overflow in skb_to_sgvec (LP: #1685892) - macsec: avoid heap overflow in skb_to_sgvec - macsec: dynamically allocate space for sglist * net/ipv4: original ingress device index set as the loopback interface. (LP: #1683982) - net: fix incorrect original ingress device index in PKTINFO * Touchpad not working correctly after kernel upgrade (LP: #1662589) - Input: ALPS - fix V8+ protocol handling (73 03 28) * ifup service of network device stay active after driver stop (LP: #1672144) - net: use net->count to check whether a netns is alive or not * [Hyper-V] mkfs regression in kernel 4.4+ (LP: #1682215) - block: relax check on sg gap * Potential memory corruption with capi adapters (LP: #1681469) - powerpc/mm: Add missing global TLB invalidate if cxl is active * [Hyper-V/Azure] Please include Mellanox OFED drivers in Azure kernel and image (LP: #1650058) - net/mlx4_en: Fix bad WQE issue - net/mlx4_core: Fix racy CQ (Completion Queue) free - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions - net/mlx4_core: Avoid command timeouts during VF driver device shutdown -- Stefan Bader <stefan.ba...@canonical.com> Fri, 28 Apr 2017 12:17:12 +0200 ** Changed in: linux (Ubuntu Yakkety) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-7477 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1683982 Title: net/ipv4: original ingress device index set as the loopback interface. Status in kolla: New Status in linux package in Ubuntu: Fix Released Status in linux source package in Yakkety: Fix Released Status in linux source package in Zesty: Fix Released Bug description: [Environment] # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04.2 LTS Release: 16.04 Codename: xenial # uname -a Linux juju-niedbalski-xenial-machine-12 4.8.0-46-generic #49~16.04.1-Ubuntu SMP Fri Mar 31 14:51:03 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux [Description] We identified a bug in one of the utilities provided by dnsmasq, the 'dhcp_release' utility which is executed as part of the DHCP lease cleanup mechanism by Neutron once a network resource is freed. We noticed that some packets were discarded by the DHCP server (dnsmasq) in Ubuntu systems running a kernel >= 4.7. The reason was the ipi_ifindex field on the pktinfo was incorrectly assumed to be 1 (loopback), this causes the message to be ignored by the dnsmasq daemon since isn't the interface on which dnsmasq is bind to. (gdb) p *p.p $4 = { ipi_ifindex = 1, ipi_spec_dst = { s_addr = 34973888 }, ipi_addr = { s_addr = 34973888 } } (gdb) p ifr $8 = {ifr_ifrn = {ifrn_name = "lo", '\000' <repeats 13 times>}, [Fix] Upstream commit: https://github.com/torvalds/linux/commit/f0c16ba8933ed217c2688b277410b2a37ba81591 [Test Case] 1) Configure a dnsmasq instance to server DHCP (Example): $ sudo dnsmasq --no-hosts --no-resolv --strict-order --except-interface=lo --pid-file=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/host - -addn-hosts=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942518dca/opts --dhcp-leasefile=/var/lib/neutron/dhcp/860b0cbb-37c3-4bcb-8345-52b942 518dca/leases --dhcp-match=set:ipxe,175 --bind-interfaces --interface=ns-1cb1b7c7-c0 --dhcp-range=set:tag0,192.168.21.0,static,86400s --dhcp-option-force=option:mtu,1458 --dhcp-lease-max=256 --conf-file=/etc/neutron/dnsmasq.conf -- domain=openstacklocal 2) Boot a VM or container on the bridge/interface on which dnsmasq is bind to. 2) Use the dhcp_release utility to release the lease. (Example): $ sudo dhcp_release ns-1cb1b7c7-c0 192.168.21.8 fa:16:3e:f3:b2:fe The expected result: The lease is freed. Current results: dnsmasq ignored the DHCP Release message. [Fix] When we send a packet for our own local address on a non-loopback interface (e.g. eth0), due to the change had been introduced from commit 0b922b7 ("net: original ingress device index in PKTINFO"), the original ingress device index would be set as the loopback interface. * https://github.com/torvalds/linux/commit/f0c16ba8933ed217c2688b277410b2a37ba81591 To manage notifications about this bug go to: https://bugs.launchpad.net/kolla/+bug/1683982/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp