[Bug 1836912] Re: ipv4: enable route flushing in network namespaces
This bug was fixed in the package linux - 5.0.0-32.34 --- linux (5.0.0-32.34) disco; urgency=medium * disco/linux: 5.0.0-32.34 -proposed tracker (LP: #1846097) * CVE-2019-14814 // CVE-2019-14815 // CVE-2019-14816 - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings * CVE-2019-15505 - media: technisat-usb2: break out of loop at end of buffer * CVE-2019-2181 - binder: check for overflow when alloc for security context * Support Hi1620 zip hw accelerator (LP: #1845355) - [Config] Enable HiSilicon QM/ZIP as modules - crypto: hisilicon - add queue management driver for HiSilicon QM module - crypto: hisilicon - add hardware SGL support - crypto: hisilicon - add HiSilicon ZIP accelerator support - crypto: hisilicon - add SRIOV support for ZIP - Documentation: Add debugfs doc for hisi_zip - crypto: hisilicon - add debugfs for ZIP and QM - MAINTAINERS: add maintainer for HiSilicon QM and ZIP controller driver - crypto: hisilicon - fix kbuild warnings - crypto: hisilicon - add dependency for CRYPTO_DEV_HISI_ZIP - crypto: hisilicon - init curr_sgl_dma to fix compile warning - crypto: hisilicon - add missing single_release - crypto: hisilicon - fix error handle in hisi_zip_create_req_q - crypto: hisilicon - Fix warning on printing %p with dma_addr_t - crypto: hisilicon - Fix return value check in hisi_zip_acompress() - crypto: hisilicon - avoid unused function warning * xfrm interface: several kernel panic (LP: #1836261) - xfrm interface: fix memory leak on creation - xfrm interface: avoid corruption on changelink - xfrm interface: ifname may be wrong in logs - xfrm interface: fix list corruption for x-netns - xfrm interface: fix management of phydev * shiftfs: drop entries from cache on unlink (LP: #1841977) - SAUCE: shiftfs: fix buggy unlink logic * shiftfs: mark kmem_cache as reclaimable (LP: #1842059) - SAUCE: shiftfs: mark slab objects SLAB_RECLAIM_ACCOUNT * Suspend to RAM(S3) does not wake up for latest megaraid and mpt3sas adapters(SAS3.5 onwards) (LP: #1838751) - PCI: Restore Resizable BAR size bits correctly for 1MB BARs * No sound inputs from the external microphone and headset on a Dell machine (LP: #1842265) - ALSA: hda - Expand pin_match function to match upcoming new tbls - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family * Add -fcf-protection=none when using retpoline flags (LP: #1843291) - SAUCE: kbuild: add -fcf-protection=none when using retpoline flags * Disco update: upstream stable patchset 2019-09-25 (LP: #1845390) - bridge/mdb: remove wrong use of NLM_F_MULTI - cdc_ether: fix rndis support for Mediatek based smartphones - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' - isdn/capi: check message length in capi_write() - ixgbe: Fix secpath usage for IPsec TX offload. - net: Fix null de-reference of device refcount - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list - net: phylink: Fix flow control resolution - net: sched: fix reordering issues - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR - tipc: add NULL pointer check before calling kfree_rcu - tun: fix use-after-free when register netdev failed - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist - gpio: fix line flag validation in linehandle_create - Btrfs: fix assertion failure during fsync and use of stale transaction - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us - genirq: Prevent NULL pointer dereference in resend_irqs() - KVM: s390: kvm_s390_vm_start_migration: check dirty_bitmap before using it as target for memset() - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl - KVM: x86: work around leak of uninitialized stack contents - KVM: nVMX: handle page fault in vmread - x86/purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large to fix kexec relocation errors - powerpc: Add barrier_nospec to raw_copy_in_user() - drm/meson: Add support for XBGR & ABGR formats - clk: rockchip: Don't yell about bad mmc phases when getting - mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue - PCI: Always allow probing with driver_override - gpio: fix line flag validation in lineevent_create - ubifs: Correctly use tnc_next() in search_dh_cookie() - driver core: Fix use-after-free and double free on glue directory - crypto: talitos - check AES key size - crypto: talitos - fix CTR alg blocksize - crypto: talitos - ch
[Bug 1836912] Re: ipv4: enable route flushing in network namespaces
** Tags removed: verification-needed-disco ** Tags added: verification-done-disco ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Christian Brauner (cbrauner) ** Changed in: linux (Ubuntu Disco) Assignee: (unassigned) => Christian Brauner (cbrauner) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836912 Title: ipv4: enable route flushing in network namespaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836912/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836912] Re: ipv4: enable route flushing in network namespaces
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- disco' to 'verification-done-disco'. If the problem still exists, change the tag 'verification-needed-disco' to 'verification-failed-disco'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836912 Title: ipv4: enable route flushing in network namespaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836912/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836912] Re: ipv4: enable route flushing in network namespaces
** Changed in: linux (Ubuntu) Status: Confirmed => Fix Released ** Changed in: linux (Ubuntu Disco) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836912 Title: ipv4: enable route flushing in network namespaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836912/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836912] Re: ipv4: enable route flushing in network namespaces
** Also affects: linux (Ubuntu Disco) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Disco) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Disco) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836912 Title: ipv4: enable route flushing in network namespaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836912/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836912] Re: ipv4: enable route flushing in network namespaces
https://lists.ubuntu.com/archives/kernel-team/2019-September/103672.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836912 Title: ipv4: enable route flushing in network namespaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836912/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836912] Re: ipv4: enable route flushing in network namespaces
See https://lists.ubuntu.com/archives/kernel-team/2019-September/103670.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836912 Title: ipv4: enable route flushing in network namespaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836912/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836912] Re: ipv4: enable route flushing in network namespaces
** Description changed: - Tools such as vpnc try to flush routes when run inside network - namespaces by writing 1 into /proc/sys/net/ipv4/route/flush. This - currently does not work because flush is not enabled in non-initial - network namespaces. - Since routes are per network namespace it is safe to enable + SRU Justification + + Impact: Tools such as vpnc try to flush routes when run inside network namespaces by writing 1 into /proc/sys/net/ipv4/route/flush. This + currently does not work because flush is not enabled in non-initial network namespaces. Users have complained about this at various times (cf. Link: https://github.com/lxc/lxd/issues/4257). + + Fix: Enable /proc/sys/net/ipv4/route/flush inside non-initial network + namespaces. + + Regression Potential: None, since this didn't use to work before. Since + routes are per network namespace it is safe to enable /proc/sys/net/ipv4/route/flush in there. - This has been reported against LXD a few times before + Test Case: Tested with LXD on a kernel with the patch applied and by + running vpnc successfully. - Link: https://github.com/lxc/lxd/issues/4257 + Target Kernels: All LTS kernels starting from 4.15. Kernel 5.3 has the + patchset upstream. - Please backport this to our LTS kernels. :) + Patches: + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5cdda5f1d6adde02da591ca2196f20289977dc56 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836912 Title: ipv4: enable route flushing in network namespaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836912/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1836912] Re: ipv4: enable route flushing in network namespaces
Relevant upstream commit is: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5cdda5f1d6adde02da591ca2196f20289977dc56 ** Changed in: linux (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836912 Title: ipv4: enable route flushing in network namespaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836912/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs