Ubuntu
linux package

mlx5 EN driver wrongly enables sets VLAN filtering under promiscuous mode

Bug #1514861 reported by Talat Batheesh
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Medium
Unassigned
Wily
Fix Released
Medium
Tim Gardner
Xenial
Fix Released
Medium
Unassigned

Bug Description

Description of problem: The mlx5 Ethernet driver doesn't allow packets marked with all possible VLAN tags to be accepted under promiscuous mode. This is wrong and disallows Open-Stack to properly function in Para-Virtual configuration.

How reproducible:

 just put the NIC to promiscuous mode and send packet from another node tagged any vlan which was not previously configured on the NIC vlan filter, it will not be accepted.

Actual results:
ARP packets sent on vlan 52 packets are dropped

Expected results:
packets should received

Host info:
#uname -a
Linux dev-h-vrt-006 4.2.0-16-generic #19-Ubuntu SMP Thu Oct 8 15:35:06 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

#lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 15.10
Release: 15.10
Codename: wily

The following upstream commit fix it:

commit c07543431e9f3d126d083808efa0e76461d8833b
Author: Achiad Shochat <email address hidden>
Date: Thu Oct 8 15:26:18 2015 +0300

    net/mlx5e: Disable VLAN filter in promiscuous mode

    When the device was set to promiscuous mode, we didn't disable
    VLAN filtering, which is wrong behaviour, fix that.

    Now when the device is set to promiscuous mode RX packets
    sent over any VLAN (or no VLAN tag at all) will be accepted.

    Signed-off-by: Achiad Shochat <email address hidden>
    Signed-off-by: Or Gerlitz <email address hidden>
    Signed-off-by: David S. Miller <email address hidden>

I backported it to Ubuntu 15.10 (please see the attached patch). This issue need to be fix also in Ubuntu 14.04.4 not only 15.10.

Revision history for this message
Talat Batheesh (talat-b87) wrote :
Revision history for this message
Brad Figg (brad-figg) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1514861

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Tim Gardner (timg-tpi) wrote :

Talat - I assume you have had positive test results with your backport patch ?

Changed in linux (Ubuntu Xenial):
status: Incomplete → Fix Released
Changed in linux (Ubuntu Wily):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Wily):
importance: Undecided → Medium
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
Revision history for this message
Talat Batheesh (talat-b87) wrote :

Hi Tim,
You are right - I tested this patch, it's working and fix this issue.

Revision history for this message
Talat Batheesh (talat-b87) wrote :

Hi,

could you please add this fix to Ubuntu 14.04.4 ?

Thanks,
Talat

Revision history for this message
Tim Gardner (timg-tpi) wrote :

This patch will also be included in the LTS Wily kernel.

Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Wily):
status: In Progress → Fix Committed
Revision history for this message
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-wily' to 'verification-done-wily'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-wily
Revision history for this message
Talat Batheesh (talat-b87) wrote :

Hi Brad,

i verified this bug and it's fix the issue please don't drop this fix and move it to verification-done-wily.
if needed a canonical verification of this bug i'll ask someone to do it.

thanks,
Talat

Tim Gardner (timg-tpi)
tags: added: verification-done-wily
removed: verification-needed-wily
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 4.2.0-21.25

---------------
linux (4.2.0-21.25) wily; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1522108

  [ Upstream Kernel Changes ]

  * staging/dgnc: fix info leak in ioctl
    - LP: #1509565
    - CVE-2015-7885
  * [media] media/vivid-osd: fix info leak in ioctl
    - LP: #1509564
    - CVE-2015-7884
  * KEYS: Fix race between key destruction and finding a keyring by name
    - LP: #1508856
    - CVE-2015-7872
  * KEYS: Fix crash when attempt to garbage collect an uninstantiated
    keyring
    - LP: #1508856
    - CVE-2015-7872
  * KEYS: Don't permit request_key() to construct a new keyring
    - LP: #1508856
    - CVE-2015-7872
  * isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
    - LP: #1508329
    - CVE-2015-7799
  * ppp, slip: Validate VJ compression slot parameters completely
    - LP: #1508329
    - CVE-2015-7799

linux (4.2.0-20.24) wily; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1521753

  [ Andy Whitcroft ]

  * [Tests] gcc-multilib does not exist on ppc64el
    - LP: #1515541

  [ Joseph Salisbury ]

  * SAUCE: scsi_sysfs: protect against double execution of
    __scsi_remove_device()
    - LP: #1509029

  [ Manoj Kumar ]

  * SAUCE: (noup) cxlflash: Fix to escalate LINK_RESET also on port 1
    - LP: #1513583

  [ Matthew R. Ochs ]

  * SAUCE: (noup) cxlflash: Fix to avoid virtual LUN failover failure
    - LP: #1513583

  [ Oren Givon ]

  * SAUCE: (noup) iwlwifi: Add new PCI IDs for the 8260 series
    - LP: #1517375

  [ Seth Forshee ]

  * [Config] CONFIG_DRM_AMDGPU_CIK=n
    - LP: #1510405

  [ Upstream Kernel Changes ]

  * net/mlx5e: Disable VLAN filter in promiscuous mode
    - LP: #1514861
  * drivers: net: xgene: fix RGMII 10/100Mb mode
    - LP: #1433290
  * HID: rmi: Disable scanning if the device is not a wake source
    - LP: #1515503
  * HID: rmi: Set F01 interrupt enable register when not set
    - LP: #1515503
  * net/mlx5e: Ethtool link speed setting fixes
    - LP: #1517919
  * scsi_scan: don't dump trace when scsi_prep_async_scan() is called twice
    - LP: #1517942
  * x86/ioapic: Disable interrupts when re-routing legacy IRQs
    - LP: #1508593
  * xhci: Workaround to get Intel xHCI reset working more reliably
  * megaraid_sas: Do not use PAGE_SIZE for max_sectors
    - LP: #1475166
  * net: usb: cdc_ether: add Dell DW5580 as a mobile broadband adapter
    - LP: #1513847
  * KVM: svm: unconditionally intercept #DB
    - LP: #1520184
    - CVE-2015-8104

 -- Luis Henriques <email address hidden> Wed, 02 Dec 2015 17:30:58 +0000

Changed in linux (Ubuntu Wily):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Patches

Remote bug watches

Bug watches keep track of this bug in other bug trackers.