[Kernel-packages] [Bug 1881346] Re: linux-kvm should support nftables
This bug was fixed in the package linux-kvm - 5.4.0-1021.21 --- linux-kvm (5.4.0-1021.21) focal; urgency=medium * focal/linux-kvm: 5.4.0-1021.21 -proposed tracker (LP: #1890740) * Focal update: v5.4.53 upstream stable release (LP: #1888560) - [Config] updateconfigs for BLK_DEV_SR_VENDOR * Focal update: v5.4.51 upstream stable release (LP: #1886995) - [Config] updateconfigs for EFI_CUSTOM_SSDT_OVERLAYS * Packaging resync (LP: #1786013) - [Packaging] update variants - [Packaging] update update.conf * linux-kvm should support nftables (LP: #1881346) - [Config] kvm: enable nftables (and modules) [ Ubuntu: 5.4.0-44.48 ] * focal/linux: 5.4.0-44.48 -proposed tracker (LP: #1891049) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * ipsec: policy priority management is broken (LP: #1890796) - xfrm: policy: match with both mark and mask on user interfaces [ Ubuntu: 5.4.0-43.47 ] * focal/linux: 5.4.0-43.47 -proposed tracker (LP: #1890746) * Packaging resync (LP: #1786013) - update dkms package versions * Devlink - add RoCE disable kernel support (LP: #1877270) - devlink: Add new "enable_roce" generic device param - net/mlx5: Document flow_steering_mode devlink param - net/mlx5: Handle "enable_roce" devlink param - IB/mlx5: Rename profile and init methods - IB/mlx5: Load profile according to RoCE enablement state - net/mlx5: Remove unneeded variable in mlx5_unload_one - net/mlx5: Add devlink reload - IB/mlx5: Do reverse sequence during device removal * msg_zerocopy.sh in net from ubuntu_kernel_selftests failed (LP: #1812620) - selftests/net: relax cpu affinity requirement in msg_zerocopy test * Enlarge hisi_sec2 capability (LP: #1890222) - Revert "UBUNTU: [Config] Disable hisi_sec2 temporarily" - crypto: hisilicon - update SEC driver module parameter * Fix missing HDMI/DP Audio on an HP Desktop (LP: #1890441) - ALSA: hda/hdmi: Add quirk to force connectivity * Fix IOMMU error on AMD Radeon Pro W5700 (LP: #1890306) - PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken * ASoC:amd:renoir: the dmic can't record sound after suspend and resume (LP: #1890220) - SAUCE: ASoC: amd: renoir: restore two more registers during resume * No sound, Dummy output on Acer Swift 3 SF314-57G with Ice Lake core-i7 CPU (LP: #1877757) - ASoC: SOF: Intel: hda: fix generic hda codec support * Fix right speaker of HP laptop (LP: #1889375) - SAUCE: hda/realtek: Fix right speaker of HP laptop * blk_update_request error when mount nvme partition (LP: #1872383) - SAUCE: nvme-pci: prevent SK hynix PC400 from using Write Zeroes command * soc/amd/renoir: detect dmic from acpi table (LP: #1887734) - ASoC: amd: add logic to check dmic hardware runtime - ASoC: amd: add ACPI dependency check - ASoC: amd: fixed kernel warnings * soc/amd/renoir: change the module name to make it work with ucm3 (LP: #1888166) - AsoC: amd: add missing snd- module prefix to the acp3x-rn driver kernel module - SAUCE: remove a kernel module since its name is changed * Focal update: v5.4.55 upstream stable release (LP: #1890343) - AX.25: Fix out-of-bounds read in ax25_connect() - AX.25: Prevent out-of-bounds read in ax25_sendmsg() - dev: Defer free of skbs in flush_backlog - drivers/net/wan/x25_asy: Fix to make it work - ip6_gre: fix null-ptr-deref in ip6gre_init_net() - net-sysfs: add a newline when printing 'tx_timeout' by sysfs - net: udp: Fix wrong clean up for IS_UDPLITE macro - qrtr: orphan socket in qrtr_release() - rtnetlink: Fix memory(net_device) leak when ->newlink fails - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA - tcp: allow at most one TLP probe per flight - AX.25: Prevent integer overflows in connect and sendmsg - sctp: shrink stream outq only when new outcnt < old outcnt - sctp: shrink stream outq when fails to do addstream reconf - udp: Copy has_conns in reuseport_grow(). - udp: Improve load balancing for SO_REUSEPORT. - regmap: debugfs: check count when read regmap file - PM: wakeup: Show statistics for deleted wakeup sources again - Revert "dpaa_eth: fix usage as DSA master, try 3" - Linux 5.4.55 * Add support for Atlantic NIC firmware v4 (LP: #1886908) - net: atlantic: simplify hw_get_fw_version() usage - net: atlantic: align return value of ver_match function with function name - net: atlantic: add support for FW 4.x * perf vendor events s390: Add new deflate counters for IBM z15 (LP: #1888551) - perf vendor events s390: Add new deflate counters for IBM z15 * Focal update: v5.4.54 upstream stable release (LP: #1889669) - soc: qcom: rpmh: Dirt can only make you dirtier, not cleaner - gpio: arizona: handle pm_runtime_get_sync failure case - gpio: arizona: put pm_runtime in case of failure -
[Kernel-packages] [Bug 1881346] Re: linux-kvm should support nftables
** Changed in: linux-kvm (Ubuntu Focal) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1881346 Title: linux-kvm should support nftables Status in linux-kvm package in Ubuntu: Invalid Status in linux-kvm source package in Focal: Fix Committed Bug description: [Impact] LXD can't use nftables on the latest Focal/linux-kvm kernel, since nftables support is off (contrary to generic, where nftables is enabled). [Fix] Apply the attached config change [Regression potential] Low, we are enabling CONFIG_NF* options widely used in generic since a while. Boot performance wise, the config change has been tested on a isolated KVM instance, iterating over 100 reboots and we didn't notice any evident regression: 5.4.0-1018-kvm 20.04 focal (CPUS=1): kernel: 2.16371, user: 7.58647, total: 9.75018 kernel_std: .03405, user_std: .33445, total_std: .33524 5.4.0-1018-kvm~nft 20.04 focal (CPUS=1): kernel: 2.15961, user: 7.63694, total: 9.79655 kernel_std: .03420, user_std: .36585, total_std: .37049 --- LXD can't use nftables on the latest linux-kvm kernels for eoan, focal, and groovy: - groovy: 5.4.0.1009.9 - focal: 5.4.0-1011.11 - eoan: 5.3.0.1017.19 LXD detects that nft tools are available, and nft tables can be listed; however, trying to create a new table or rule fails. Because of this, LXD has to fall back on xtables, which is a legacy package. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-kvm/+bug/1881346/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1881346] Re: linux-kvm should support nftables
** Also affects: linux-kvm (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: linux-kvm (Ubuntu Focal) Importance: Undecided => Low ** Changed in: linux-kvm (Ubuntu Focal) Status: New => Triaged ** Changed in: linux-kvm (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1881346 Title: linux-kvm should support nftables Status in linux-kvm package in Ubuntu: Invalid Status in linux-kvm source package in Focal: Triaged Bug description: [Impact] LXD can't use nftables on the latest Focal/linux-kvm kernel, since nftables support is off (contrary to generic, where nftables is enabled). [Fix] Apply the attached config change [Regression potential] Low, we are enabling CONFIG_NF* options widely used in generic since a while. Boot performance wise, the config change has been tested on a isolated KVM instance, iterating over 100 reboots and we didn't notice any evident regression: 5.4.0-1018-kvm 20.04 focal (CPUS=1): kernel: 2.16371, user: 7.58647, total: 9.75018 kernel_std: .03405, user_std: .33445, total_std: .33524 5.4.0-1018-kvm~nft 20.04 focal (CPUS=1): kernel: 2.15961, user: 7.63694, total: 9.79655 kernel_std: .03420, user_std: .36585, total_std: .37049 --- LXD can't use nftables on the latest linux-kvm kernels for eoan, focal, and groovy: - groovy: 5.4.0.1009.9 - focal: 5.4.0-1011.11 - eoan: 5.3.0.1017.19 LXD detects that nft tools are available, and nft tables can be listed; however, trying to create a new table or rule fails. Because of this, LXD has to fall back on xtables, which is a legacy package. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-kvm/+bug/1881346/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1881346] Re: linux-kvm should support nftables
** Description changed: - LXD can't use nftables on the latest linux-kvm kernels for eoan, focal, - and groovy: + [Impact] + + LXD can't use nftables on the latest linux-kvm kernels for Eoan and + Focal, since nftables support is off in those kernels (contrary to + generic, where nftables is enabled). + + [Fix] + + Apply the attached config change + + [Regression potential] + + Low, we are enabling new CONFIG_NF* options widely used in generic since + a while. + + Boot performance wise, the config change has been tested on a isolated + KVM instance, iterating over 100 reboots and we didn't notice any + evident regression: + + 5.4.0-1018-kvm 20.04 focal (CPUS=1): + + kernel: 2.16371, user: 7.58647, total: 9.75018 + kernel_std: .03405, user_std: .33445, total_std: .33524 + + 5.4.0-1018-kvm~nft 20.04 focal (CPUS=1): + + kernel: 2.15961, user: 7.63694, total: 9.79655 + kernel_std: .03420, user_std: .36585, total_std: .37049 + + + --- + LXD can't use nftables on the latest linux-kvm kernels for eoan, focal, and groovy: - groovy: 5.4.0.1009.9 - focal: 5.4.0-1011.11 - eoan: 5.3.0.1017.19 LXD detects that nft tools are available, and nft tables can be listed; however, trying to create a new table or rule fails. Because of this, LXD has to fall back on xtables, which is a legacy package. ** Description changed: [Impact] - LXD can't use nftables on the latest linux-kvm kernels for Eoan and - Focal, since nftables support is off in those kernels (contrary to - generic, where nftables is enabled). + LXD can't use nftables on the latest Focal/linux-kvm kernel, since + nftables support is off (contrary to generic, where nftables is + enabled). [Fix] Apply the attached config change [Regression potential] - Low, we are enabling new CONFIG_NF* options widely used in generic since - a while. + Low, we are enabling CONFIG_NF* options widely used in generic since a + while. Boot performance wise, the config change has been tested on a isolated KVM instance, iterating over 100 reboots and we didn't notice any evident regression: 5.4.0-1018-kvm 20.04 focal (CPUS=1): kernel: 2.16371, user: 7.58647, total: 9.75018 kernel_std: .03405, user_std: .33445, total_std: .33524 5.4.0-1018-kvm~nft 20.04 focal (CPUS=1): kernel: 2.15961, user: 7.63694, total: 9.79655 kernel_std: .03420, user_std: .36585, total_std: .37049 - --- LXD can't use nftables on the latest linux-kvm kernels for eoan, focal, and groovy: - groovy: 5.4.0.1009.9 - focal: 5.4.0-1011.11 - eoan: 5.3.0.1017.19 LXD detects that nft tools are available, and nft tables can be listed; however, trying to create a new table or rule fails. Because of this, LXD has to fall back on xtables, which is a legacy package. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1881346 Title: linux-kvm should support nftables Status in linux-kvm package in Ubuntu: New Bug description: [Impact] LXD can't use nftables on the latest Focal/linux-kvm kernel, since nftables support is off (contrary to generic, where nftables is enabled). [Fix] Apply the attached config change [Regression potential] Low, we are enabling CONFIG_NF* options widely used in generic since a while. Boot performance wise, the config change has been tested on a isolated KVM instance, iterating over 100 reboots and we didn't notice any evident regression: 5.4.0-1018-kvm 20.04 focal (CPUS=1): kernel: 2.16371, user: 7.58647, total: 9.75018 kernel_std: .03405, user_std: .33445, total_std: .33524 5.4.0-1018-kvm~nft 20.04 focal (CPUS=1): kernel: 2.15961, user: 7.63694, total: 9.79655 kernel_std: .03420, user_std: .36585, total_std: .37049 --- LXD can't use nftables on the latest linux-kvm kernels for eoan, focal, and groovy: - groovy: 5.4.0.1009.9 - focal: 5.4.0-1011.11 - eoan: 5.3.0.1017.19 LXD detects that nft tools are available, and nft tables can be listed; however, trying to create a new table or rule fails. Because of this, LXD has to fall back on xtables, which is a legacy package. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-kvm/+bug/1881346/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1881346] Re: linux-kvm should support nftables
Right, I've sent a tweak to LXD upstream to detect such kernel setup and fallback to xtables, but that's obviously not a situation we'd like to rely on. nftables is the current supported way of doing firewalling and is what Ubuntu uses by default (through shim packages) as of 20.04, so we need to ensure that all our kernels support it. Easy fix would be to align CONFIG_NFT* to what we have in generic. If that increases size too much, then I guess we can look at trimming things a bit to only include the usually bits we need (ipv4, ipv6, nat, mangling, mac filtering, ...). -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1881346 Title: linux-kvm should support nftables Status in linux-kvm package in Ubuntu: New Bug description: LXD can't use nftables on the latest linux-kvm kernels for eoan, focal, and groovy: - groovy: 5.4.0.1009.9 - focal: 5.4.0-1011.11 - eoan: 5.3.0.1017.19 LXD detects that nft tools are available, and nft tables can be listed; however, trying to create a new table or rule fails. Because of this, LXD has to fall back on xtables, which is a legacy package. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-kvm/+bug/1881346/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
