Bug#892277: marked as done (bridge-utils: hotplugging interferes with ifupdown resulting in unpredictable behavior)

Wed, 16 Jan 2019 09:15:55 -0800 

Your message dated Wed, 16 Jan 2019 15:55:57 +0000
with message-id <e1gjnxp-0001wv...@fasolo.debian.org>
and subject line Bug#892277: fixed in bridge-utils 1.6-1
has caused the Debian Bug report #892277,
regarding bridge-utils: hotplugging interferes with ifupdown resulting in 
unpredictable behavior
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
892277: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892277
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: bridge-utils
Version: 1.5-11
Severity: serious

TL;DR: If you're using bridges, bonds and VLANs together, set 
       BRIDGE_HOTPLUG=no in /etc/default/bridge-utils.

Dear Maintainer,

There are some rather serious race conditions arising from the fact that 
bridge-utils handles udev events triggered by ifupdown actions and  
messes with the state of various interfaces while ifupdown is still 
running. To illustrate why this is happening, take the following e/n/i 
configuration as an example:

auto bond0
iface bond0 inet manual
  bond-slaves eth0 eth1
  bond-mode   active-backup
  bond-miimon 100
  up ip link set $IFACE mtu 9000

auto dmz
iface dmz inet manual
  bridge_ports  bond0.200
  bridge_fd       0
  bridge_stp      off
  bridge_maxwait  0
  up ip link set $IFACE up

This straightforward configuration worked fine in Jessie, but produces 
unexpected results on boot since Stretch, which - among others - 
include:

 - not setting the bond mode to active-backup, but to round-robin
 - creating bond0.200 with MTU 1500 instead of 9000

We have been hit by the above issues on production systems dist-upgraded 
to Stretch, and it all comes down to the races introduced by the 
bridge-utils hotplug support (which is now enabled by default).

So, what is actually happening is the following:

 1. On boot, networking.service calls `ifup --allow=auto -a`. This 
    starts off by creating bond0. As soon as the ifenslave hooks create 
    the interface, a udev "add" event for bond0 is triggered, *while 
    ifup is still configuring bond0*.

 2. /lib/udev/bridge-network-interface is called, with $INTERFACE set to 
    bond0. The script will run `ifquery --list --allow auto` and will 
    look for any interface containing bond0 or bond0.* in its 
    bridge_ports, matching "dmz" in our case. It will then go on to:
     a) create_vlan_port: this will run `ip link set bond0 up` and then 
        create the vlan sub-interface on bond0
     b) call `ifup dmz` once the vlan port has been created

    All of the above - for all we know - happen while `ifup -a` is 
    *still* configuring bond0 on its own.

Step 2 is especially troublesome for the following reasons:

 i) create_vlan_port messes with the interface state while ifup is still 
    configuring it. Bonding interfaces - for instance - need to be down 
    to have their mode configured, and create_vlan_port explicitly sets 
    the bond interface up. This causes the bond interface to potentially 
    come up with the default mode (round-robin), making the system 
    unreachable in case e.g. 802.3ad was requested.

 ii) create_vlan_port creates the VLAN sub-interface while the 
     underlying device is still being configured. This means that the 
     VLAN interface may be inherit the wrong MTU value, if ifup has not 
     yet set the parent interface's MTU to the desired value at the time 
     the VLAN interface is created.

 iii) dmz is brought up whenever bond0 is brought up, although this has 
      not been necessarily requested.

 iv) dmz is configured twice (once because of `ifup -a` and once because 
     of bridge-utils setting it up).

Note that high-cpu-count SMP systems seem more prone to the races i) and 
ii).

To be completely honest, I don't know what the hotplugging code is 
trying to achieve here, especially when it comes to short-circuiting 
ifupdown's internals. At a bare minimum, it should neither bring up 
"auto" interfaces that happen to be down, nor touch any interface while 
ifup might be still configuring it.

Regards,
Apollon

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'testing'), (500, 'stable'), (90, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages bridge-utils depends on:
ii  libc6  2.25-5

bridge-utils recommends no packages.

Versions of packages bridge-utils suggests:
ii  ifupdown  0.8.29

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: bridge-utils
Source-Version: 1.6-1

We believe that the bug you reported is fixed in the latest version of
bridge-utils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 892...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Santiago Garcia Mantinan <ma...@debian.org> (supplier of updated bridge-utils 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 15 Jan 2019 13:18:33 +0100
Source: bridge-utils
Binary: bridge-utils
Architecture: source amd64
Version: 1.6-1
Distribution: unstable
Urgency: low
Maintainer: Santiago Garcia Mantinan <ma...@debian.org>
Changed-By: Santiago Garcia Mantinan <ma...@debian.org>
Description:
 bridge-utils - Utilities for configuring the Linux Ethernet bridge
Closes: 661711 892277
Changes:
 bridge-utils (1.6-1) unstable; urgency=low
 .
   * New upstream version.
   * Change default back to not hotplug. Closes: #892277.
   * Allow mtu to be set on the bridge by propagating it to the bridged
     interfaces. Closes: #661711.
   * Remove kernel headers from the package.
Checksums-Sha1:
 1fec6f9b6884cbd597c4d199fd735129579144ea 1740 bridge-utils_1.6-1.dsc
 6ada895d78cadf5ba22f5dbc628e76750dbdfc51 29904 bridge-utils_1.6.orig.tar.xz
 a4273ebb7f53fdea2e5bf2836cb18ef75e8d6350 12868 bridge-utils_1.6-1.debian.tar.xz
 07f5e6f5b8f5371c466256b5f10b1033cac370a5 24652 
bridge-utils-dbgsym_1.6-1_amd64.deb
 3a3eb3b169459cb2a1fc57d19c47285f1bc74517 6024 
bridge-utils_1.6-1_amd64.buildinfo
 b026069a32ca0fd62d6a03e57eb7a10317174a19 34512 bridge-utils_1.6-1_amd64.deb
Checksums-Sha256:
 d662b6b8cdd0d136d5b3969fd229754bc8b8fad046d039bdc58122625cc7f86c 1740 
bridge-utils_1.6-1.dsc
 cc67efb5d5fb8928a6569b3fade2b4042ec17da04678dab127d96b46489e26c8 29904 
bridge-utils_1.6.orig.tar.xz
 8dfa4855693146233fc41540f3c51b2b983acbe96e7d542cd9ed99d091272cda 12868 
bridge-utils_1.6-1.debian.tar.xz
 7ba1f699becff54c921edfd24ceca92f9510c5682b4d55cede604c72b7568a57 24652 
bridge-utils-dbgsym_1.6-1_amd64.deb
 7c48f861b595400c5fb73d38316471c9043383c7d1b4a5ce38960dcced03f8bb 6024 
bridge-utils_1.6-1_amd64.buildinfo
 3dc1caf7f75dcd9f84a84f6937f9a6c3aee5d7e4b7c208579790c23f65b8e306 34512 
bridge-utils_1.6-1_amd64.deb
Files:
 ea399a72c351f1350cf467945fcdc8c3 1740 net optional bridge-utils_1.6-1.dsc
 541ae1c50cc268056693608920e6c908 29904 net optional 
bridge-utils_1.6.orig.tar.xz
 ac8d5d360bf9585ba9c11492ffcad831 12868 net optional 
bridge-utils_1.6-1.debian.tar.xz
 3d193b35676941784dcea9e19c58fbae 24652 debug optional 
bridge-utils-dbgsym_1.6-1_amd64.deb
 f6b310877dd2f199d1ec73eeb8dce8a4 6024 net optional 
bridge-utils_1.6-1_amd64.buildinfo
 6e68e95d5f3563b9d38e8a40d056f0de 34512 net optional 
bridge-utils_1.6-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBqPldg9hG0uxqQ5ouGiMo9h21aMFAlw/T44ACgkQuGiMo9h2
1aNM9A//Ytg+x0G9qB/dOFkHxGEAk5+kKPQ5rVZvh5S7VYAQtC+MxUS5y0b840qW
/fDMb2jSffzpq045u+2Kl0EcJ6Unj1P1nT3rjWXerGmhyGr1qz8kjLub0Q3DkwQT
G4FmFUFpBd6nPDERj5yuF8AKjzD1KXD6mx7ORMNdOtvh1tArCNU3T9G7SZFeHMLF
v1HKFeD1Pp5RTRB92W3vZxk59lUaH/kai8ag8DQDPbm9xdrCh5mP2wo/IJADOMsD
tFdw/i/d6/MA3WBEwT5F9iNzDXc8LWFEQAfzI0knb994OlnyAem+e3OzqiHbZh24
VxhHoznaADoX7XsDPqZh4btEs1X+vpxh6NiLXPF+eGOP+WyyYcdYqtIlOuv8nGmW
EzxM+jB+563BqtXJGD8v7PL3bEv7WGv1Fq/GIk2/B9utBa33g+PzVzH4Ey7Wg/Yy
VXSF+u8TS85TzFN4JVSf5IbpoKNPCpbS54zBL76moFDwYesq6U8q15cSWyNmAY/G
Rh9jfqBRpd6D/t6OOTbLid4DfpAWyM+HeBMzO6cq7FW/sWNaY76Xn1FK+O98eIvb
QW7NW3fS0gqYOH+JJD+KZ4PilcrytdnYPRgxOPn9qpaea1Bk8+QqKQ/NKWCEk16X
PXHLXYbhE1v5gvCbueM5SburDc0qQKKERXMgGIBNSYGhySc1kF0=
=/Wlr
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to