Your message dated Wed, 16 Jan 2019 15:55:57 +0000
with message-id <e1gjnxp-0001wv...@fasolo.debian.org>
and subject line Bug#892277: fixed in bridge-utils 1.6-1
has caused the Debian Bug report #892277,
regarding bridge-utils: hotplugging interferes with ifupdown resulting in
unpredictable behavior
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
892277: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892277
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: bridge-utils
Version: 1.5-11
Severity: serious
TL;DR: If you're using bridges, bonds and VLANs together, set
BRIDGE_HOTPLUG=no in /etc/default/bridge-utils.
Dear Maintainer,
There are some rather serious race conditions arising from the fact that
bridge-utils handles udev events triggered by ifupdown actions and
messes with the state of various interfaces while ifupdown is still
running. To illustrate why this is happening, take the following e/n/i
configuration as an example:
auto bond0
iface bond0 inet manual
bond-slaves eth0 eth1
bond-mode active-backup
bond-miimon 100
up ip link set $IFACE mtu 9000
auto dmz
iface dmz inet manual
bridge_ports bond0.200
bridge_fd 0
bridge_stp off
bridge_maxwait 0
up ip link set $IFACE up
This straightforward configuration worked fine in Jessie, but produces
unexpected results on boot since Stretch, which - among others -
include:
- not setting the bond mode to active-backup, but to round-robin
- creating bond0.200 with MTU 1500 instead of 9000
We have been hit by the above issues on production systems dist-upgraded
to Stretch, and it all comes down to the races introduced by the
bridge-utils hotplug support (which is now enabled by default).
So, what is actually happening is the following:
1. On boot, networking.service calls `ifup --allow=auto -a`. This
starts off by creating bond0. As soon as the ifenslave hooks create
the interface, a udev "add" event for bond0 is triggered, *while
ifup is still configuring bond0*.
2. /lib/udev/bridge-network-interface is called, with $INTERFACE set to
bond0. The script will run `ifquery --list --allow auto` and will
look for any interface containing bond0 or bond0.* in its
bridge_ports, matching "dmz" in our case. It will then go on to:
a) create_vlan_port: this will run `ip link set bond0 up` and then
create the vlan sub-interface on bond0
b) call `ifup dmz` once the vlan port has been created
All of the above - for all we know - happen while `ifup -a` is
*still* configuring bond0 on its own.
Step 2 is especially troublesome for the following reasons:
i) create_vlan_port messes with the interface state while ifup is still
configuring it. Bonding interfaces - for instance - need to be down
to have their mode configured, and create_vlan_port explicitly sets
the bond interface up. This causes the bond interface to potentially
come up with the default mode (round-robin), making the system
unreachable in case e.g. 802.3ad was requested.
ii) create_vlan_port creates the VLAN sub-interface while the
underlying device is still being configured. This means that the
VLAN interface may be inherit the wrong MTU value, if ifup has not
yet set the parent interface's MTU to the desired value at the time
the VLAN interface is created.
iii) dmz is brought up whenever bond0 is brought up, although this has
not been necessarily requested.
iv) dmz is configured twice (once because of `ifup -a` and once because
of bridge-utils setting it up).
Note that high-cpu-count SMP systems seem more prone to the races i) and
ii).
To be completely honest, I don't know what the hotplugging code is
trying to achieve here, especially when it comes to short-circuiting
ifupdown's internals. At a bare minimum, it should neither bring up
"auto" interfaces that happen to be down, nor touch any interface while
ifup might be still configuring it.
Regards,
Apollon
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500,
'testing'), (500, 'stable'), (90, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages bridge-utils depends on:
ii libc6 2.25-5
bridge-utils recommends no packages.
Versions of packages bridge-utils suggests:
ii ifupdown 0.8.29
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: bridge-utils
Source-Version: 1.6-1
We believe that the bug you reported is fixed in the latest version of
bridge-utils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 892...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Santiago Garcia Mantinan <ma...@debian.org> (supplier of updated bridge-utils
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 15 Jan 2019 13:18:33 +0100
Source: bridge-utils
Binary: bridge-utils
Architecture: source amd64
Version: 1.6-1
Distribution: unstable
Urgency: low
Maintainer: Santiago Garcia Mantinan <ma...@debian.org>
Changed-By: Santiago Garcia Mantinan <ma...@debian.org>
Description:
bridge-utils - Utilities for configuring the Linux Ethernet bridge
Closes: 661711 892277
Changes:
bridge-utils (1.6-1) unstable; urgency=low
.
* New upstream version.
* Change default back to not hotplug. Closes: #892277.
* Allow mtu to be set on the bridge by propagating it to the bridged
interfaces. Closes: #661711.
* Remove kernel headers from the package.
Checksums-Sha1:
1fec6f9b6884cbd597c4d199fd735129579144ea 1740 bridge-utils_1.6-1.dsc
6ada895d78cadf5ba22f5dbc628e76750dbdfc51 29904 bridge-utils_1.6.orig.tar.xz
a4273ebb7f53fdea2e5bf2836cb18ef75e8d6350 12868 bridge-utils_1.6-1.debian.tar.xz
07f5e6f5b8f5371c466256b5f10b1033cac370a5 24652
bridge-utils-dbgsym_1.6-1_amd64.deb
3a3eb3b169459cb2a1fc57d19c47285f1bc74517 6024
bridge-utils_1.6-1_amd64.buildinfo
b026069a32ca0fd62d6a03e57eb7a10317174a19 34512 bridge-utils_1.6-1_amd64.deb
Checksums-Sha256:
d662b6b8cdd0d136d5b3969fd229754bc8b8fad046d039bdc58122625cc7f86c 1740
bridge-utils_1.6-1.dsc
cc67efb5d5fb8928a6569b3fade2b4042ec17da04678dab127d96b46489e26c8 29904
bridge-utils_1.6.orig.tar.xz
8dfa4855693146233fc41540f3c51b2b983acbe96e7d542cd9ed99d091272cda 12868
bridge-utils_1.6-1.debian.tar.xz
7ba1f699becff54c921edfd24ceca92f9510c5682b4d55cede604c72b7568a57 24652
bridge-utils-dbgsym_1.6-1_amd64.deb
7c48f861b595400c5fb73d38316471c9043383c7d1b4a5ce38960dcced03f8bb 6024
bridge-utils_1.6-1_amd64.buildinfo
3dc1caf7f75dcd9f84a84f6937f9a6c3aee5d7e4b7c208579790c23f65b8e306 34512
bridge-utils_1.6-1_amd64.deb
Files:
ea399a72c351f1350cf467945fcdc8c3 1740 net optional bridge-utils_1.6-1.dsc
541ae1c50cc268056693608920e6c908 29904 net optional
bridge-utils_1.6.orig.tar.xz
ac8d5d360bf9585ba9c11492ffcad831 12868 net optional
bridge-utils_1.6-1.debian.tar.xz
3d193b35676941784dcea9e19c58fbae 24652 debug optional
bridge-utils-dbgsym_1.6-1_amd64.deb
f6b310877dd2f199d1ec73eeb8dce8a4 6024 net optional
bridge-utils_1.6-1_amd64.buildinfo
6e68e95d5f3563b9d38e8a40d056f0de 34512 net optional
bridge-utils_1.6-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBqPldg9hG0uxqQ5ouGiMo9h21aMFAlw/T44ACgkQuGiMo9h2
1aNM9A//Ytg+x0G9qB/dOFkHxGEAk5+kKPQ5rVZvh5S7VYAQtC+MxUS5y0b840qW
/fDMb2jSffzpq045u+2Kl0EcJ6Unj1P1nT3rjWXerGmhyGr1qz8kjLub0Q3DkwQT
G4FmFUFpBd6nPDERj5yuF8AKjzD1KXD6mx7ORMNdOtvh1tArCNU3T9G7SZFeHMLF
v1HKFeD1Pp5RTRB92W3vZxk59lUaH/kai8ag8DQDPbm9xdrCh5mP2wo/IJADOMsD
tFdw/i/d6/MA3WBEwT5F9iNzDXc8LWFEQAfzI0knb994OlnyAem+e3OzqiHbZh24
VxhHoznaADoX7XsDPqZh4btEs1X+vpxh6NiLXPF+eGOP+WyyYcdYqtIlOuv8nGmW
EzxM+jB+563BqtXJGD8v7PL3bEv7WGv1Fq/GIk2/B9utBa33g+PzVzH4Ey7Wg/Yy
VXSF+u8TS85TzFN4JVSf5IbpoKNPCpbS54zBL76moFDwYesq6U8q15cSWyNmAY/G
Rh9jfqBRpd6D/t6OOTbLid4DfpAWyM+HeBMzO6cq7FW/sWNaY76Xn1FK+O98eIvb
QW7NW3fS0gqYOH+JJD+KZ4PilcrytdnYPRgxOPn9qpaea1Bk8+QqKQ/NKWCEk16X
PXHLXYbhE1v5gvCbueM5SburDc0qQKKERXMgGIBNSYGhySc1kF0=
=/Wlr
-----END PGP SIGNATURE-----
--- End Message ---