* [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller than min mtu @ 2019-04-05 0:18 Captain Wiggum 2019-04-05 4:50 ` Greg Kroah-Hartman 0 siblings, 1 reply; 14+ messages in thread From: Captain Wiggum @ 2019-04-05 0:18 UTC (permalink / raw) To: Greg Kroah-Hartman Cc: Florian Westphal, Eric Dumazet, Peter Oskolkov, netdev, stable Hi Greg, A previous bad patch breaks 18 test cases for IPv6 fragment headers. This has already been un-done in upstream, but not in any of the LTS. However two upstream patches are first needed to cover a DoS vulnerability. For background, there are two mail threads in [netdev] on this subject: 1) Subject: TAHI testing fails for IPv6 Fragments in Kernel 4.9 (from captwiggum) 2) Subject: Please merge IPv6 fix for drop fragment smaller than MTU (from captwiggum) Two patches from upstream needed first to cover the DoS: commit d4289fcc9b16b89619ee1c54f829e05e56de8b9a net: IP6 defrag: use rbtrees for IPv6 defrag commit 997dd96471641e147cb2c33ad54284000d0f5e35 net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c One undo-patch to fix the IPv6 fragment headers: ipv6: defrag: drop non-last frags smaller than min mtu UN-DO: commit a8444b1ccb20339774af58e40ad42296074fb484 Thanks! --John Masinter (captwiggum) ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller than min mtu 2019-04-05 0:18 [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller than min mtu Captain Wiggum @ 2019-04-05 4:50 ` Greg Kroah-Hartman 2019-04-05 16:22 ` Captain Wiggum 0 siblings, 1 reply; 14+ messages in thread From: Greg Kroah-Hartman @ 2019-04-05 4:50 UTC (permalink / raw) To: Captain Wiggum Cc: Florian Westphal, Eric Dumazet, Peter Oskolkov, netdev, stable On Thu, Apr 04, 2019 at 06:18:30PM -0600, Captain Wiggum wrote: > Hi Greg, > > A previous bad patch breaks 18 test cases for IPv6 fragment headers. > This has already been un-done in upstream, but not in any of the LTS. > However two upstream patches are first needed to cover a DoS vulnerability. > > For background, there are two mail threads in [netdev] on this subject: > 1) Subject: TAHI testing fails for IPv6 Fragments in Kernel 4.9 (from > captwiggum) > 2) Subject: Please merge IPv6 fix for drop fragment smaller than MTU > (from captwiggum) > > Two patches from upstream needed first to cover the DoS: > > commit d4289fcc9b16b89619ee1c54f829e05e56de8b9a > net: IP6 defrag: use rbtrees for IPv6 defrag > > commit 997dd96471641e147cb2c33ad54284000d0f5e35 > net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c > > One undo-patch to fix the IPv6 fragment headers: > > ipv6: defrag: drop non-last frags smaller than min mtu > UN-DO: commit a8444b1ccb20339774af58e40ad42296074fb484 For what kernel version(s) do these patches need to be applied? thanks, greg k-h ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller than min mtu 2019-04-05 4:50 ` Greg Kroah-Hartman @ 2019-04-05 16:22 ` Captain Wiggum 2019-04-06 14:15 ` Sasha Levin 0 siblings, 1 reply; 14+ messages in thread From: Captain Wiggum @ 2019-04-05 16:22 UTC (permalink / raw) To: Greg Kroah-Hartman Cc: Florian Westphal, Eric Dumazet, Peter Oskolkov, netdev, stable I know it affects 4.9, 4.14, 4.19. I have not tested the older LTS kernels. But any LTS kernel that previously received this commit is affected: ... commit a8444b1ccb20339774af58e40ad42296074fb484 ... ipv6: defrag: drop non-last frags smaller than min mtu On Thu, Apr 4, 2019 at 10:50 PM Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote: > > On Thu, Apr 04, 2019 at 06:18:30PM -0600, Captain Wiggum wrote: > > Hi Greg, > > > > A previous bad patch breaks 18 test cases for IPv6 fragment headers. > > This has already been un-done in upstream, but not in any of the LTS. > > However two upstream patches are first needed to cover a DoS vulnerability. > > > > For background, there are two mail threads in [netdev] on this subject: > > 1) Subject: TAHI testing fails for IPv6 Fragments in Kernel 4.9 (from > > captwiggum) > > 2) Subject: Please merge IPv6 fix for drop fragment smaller than MTU > > (from captwiggum) > > > > Two patches from upstream needed first to cover the DoS: > > > > commit d4289fcc9b16b89619ee1c54f829e05e56de8b9a > > net: IP6 defrag: use rbtrees for IPv6 defrag > > > > commit 997dd96471641e147cb2c33ad54284000d0f5e35 > > net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c > > > > One undo-patch to fix the IPv6 fragment headers: > > > > ipv6: defrag: drop non-last frags smaller than min mtu > > UN-DO: commit a8444b1ccb20339774af58e40ad42296074fb484 > > For what kernel version(s) do these patches need to be applied? > > thanks, > > greg k-h ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller than min mtu 2019-04-05 16:22 ` Captain Wiggum @ 2019-04-06 14:15 ` Sasha Levin 2019-04-06 16:34 ` Florian Westphal 2019-04-08 14:49 ` Captain Wiggum 0 siblings, 2 replies; 14+ messages in thread From: Sasha Levin @ 2019-04-06 14:15 UTC (permalink / raw) To: Captain Wiggum, davem Cc: Greg Kroah-Hartman, Florian Westphal, Eric Dumazet, Peter Oskolkov, netdev, stable On Fri, Apr 05, 2019 at 10:22:51AM -0600, Captain Wiggum wrote: >I know it affects 4.9, 4.14, 4.19. >I have not tested the older LTS kernels. >But any LTS kernel that previously received this commit is affected: >... commit a8444b1ccb20339774af58e40ad42296074fb484 >... ipv6: defrag: drop non-last frags smaller than min mtu > > > >On Thu, Apr 4, 2019 at 10:50 PM Greg Kroah-Hartman ><gregkh@linuxfoundation.org> wrote: >> >> On Thu, Apr 04, 2019 at 06:18:30PM -0600, Captain Wiggum wrote: >> > Hi Greg, >> > >> > A previous bad patch breaks 18 test cases for IPv6 fragment headers. >> > This has already been un-done in upstream, but not in any of the LTS. >> > However two upstream patches are first needed to cover a DoS vulnerability. >> > >> > For background, there are two mail threads in [netdev] on this subject: >> > 1) Subject: TAHI testing fails for IPv6 Fragments in Kernel 4.9 (from >> > captwiggum) >> > 2) Subject: Please merge IPv6 fix for drop fragment smaller than MTU >> > (from captwiggum) >> > >> > Two patches from upstream needed first to cover the DoS: >> > >> > commit d4289fcc9b16b89619ee1c54f829e05e56de8b9a >> > net: IP6 defrag: use rbtrees for IPv6 defrag >> > >> > commit 997dd96471641e147cb2c33ad54284000d0f5e35 >> > net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c >> > >> > One undo-patch to fix the IPv6 fragment headers: >> > >> > ipv6: defrag: drop non-last frags smaller than min mtu >> > UN-DO: commit a8444b1ccb20339774af58e40ad42296074fb484 >> >> For what kernel version(s) do these patches need to be applied? >> >> thanks, >> >> greg k-h I see that 0ed4229b08c1 ("ipv6: defrag: drop non-last frags smaller than min mtu") wasn't reverted upstream, why is a revert needed on the stable trees? David, could you ack these requests? -- Thanks, Sasha ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller than min mtu 2019-04-06 14:15 ` Sasha Levin @ 2019-04-06 16:34 ` Florian Westphal 2019-04-08 14:49 ` Captain Wiggum 1 sibling, 0 replies; 14+ messages in thread From: Florian Westphal @ 2019-04-06 16:34 UTC (permalink / raw) To: Sasha Levin Cc: Captain Wiggum, davem, Greg Kroah-Hartman, Florian Westphal, Eric Dumazet, Peter Oskolkov, netdev, stable Sasha Levin <sashal@kernel.org> wrote: > > > > Two patches from upstream needed first to cover the DoS: > > > > > > > > commit d4289fcc9b16b89619ee1c54f829e05e56de8b9a > > > > net: IP6 defrag: use rbtrees for IPv6 defrag > > > > > > > > commit 997dd96471641e147cb2c33ad54284000d0f5e35 > > > > net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c [..] > I see that 0ed4229b08c1 ("ipv6: defrag: drop non-last frags smaller than > min mtu") wasn't reverted upstream, why is a revert needed on the stable > trees? As I already mentioned, reverting it brings back the DoS problem. The "drop < minmtu" restriction is removed in the two rbtree conversion patches quoted above. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller than min mtu 2019-04-06 14:15 ` Sasha Levin 2019-04-06 16:34 ` Florian Westphal @ 2019-04-08 14:49 ` Captain Wiggum 2019-04-08 14:54 ` Eric Dumazet 2019-04-08 15:51 ` Sasha Levin 1 sibling, 2 replies; 14+ messages in thread From: Captain Wiggum @ 2019-04-08 14:49 UTC (permalink / raw) To: Sasha Levin Cc: davem, Greg Kroah-Hartman, Florian Westphal, Eric Dumazet, Peter Oskolkov, netdev, stable Hi Sasha, This patch cannot be applied to upstream, the code is significantly different. Therefore, this un-do patch would not be seen in the upstream git log. It was solved there by coding a better solution, not by the un-do patch. Please consider this: Upstream passes the TAHI IPv6 protocol tests. All the LTS kernels do NOT. This is the patch that causes the failure in 4.9, 4.14, 4.19 LTS kernels. And this patch has been in place with 4.9.134, a long time. It is not right that "Linux" can not pass the IPv6 protocol test. My executive are asking me why "Linux" is not fit for IPv6 deployments. --John Masinter On Sat, Apr 6, 2019 at 8:15 AM Sasha Levin <sashal@kernel.org> wrote: > > On Fri, Apr 05, 2019 at 10:22:51AM -0600, Captain Wiggum wrote: > >I know it affects 4.9, 4.14, 4.19. > >I have not tested the older LTS kernels. > >But any LTS kernel that previously received this commit is affected: > >... commit a8444b1ccb20339774af58e40ad42296074fb484 > >... ipv6: defrag: drop non-last frags smaller than min mtu > > > > > > > >On Thu, Apr 4, 2019 at 10:50 PM Greg Kroah-Hartman > ><gregkh@linuxfoundation.org> wrote: > >> > >> On Thu, Apr 04, 2019 at 06:18:30PM -0600, Captain Wiggum wrote: > >> > Hi Greg, > >> > > >> > A previous bad patch breaks 18 test cases for IPv6 fragment headers. > >> > This has already been un-done in upstream, but not in any of the LTS. > >> > However two upstream patches are first needed to cover a DoS vulnerability. > >> > > >> > For background, there are two mail threads in [netdev] on this subject: > >> > 1) Subject: TAHI testing fails for IPv6 Fragments in Kernel 4.9 (from > >> > captwiggum) > >> > 2) Subject: Please merge IPv6 fix for drop fragment smaller than MTU > >> > (from captwiggum) > >> > > >> > Two patches from upstream needed first to cover the DoS: > >> > > >> > commit d4289fcc9b16b89619ee1c54f829e05e56de8b9a > >> > net: IP6 defrag: use rbtrees for IPv6 defrag > >> > > >> > commit 997dd96471641e147cb2c33ad54284000d0f5e35 > >> > net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c > >> > > >> > One undo-patch to fix the IPv6 fragment headers: > >> > > >> > ipv6: defrag: drop non-last frags smaller than min mtu > >> > UN-DO: commit a8444b1ccb20339774af58e40ad42296074fb484 > >> > >> For what kernel version(s) do these patches need to be applied? > >> > >> thanks, > >> > >> greg k-h > > I see that 0ed4229b08c1 ("ipv6: defrag: drop non-last frags smaller than > min mtu") wasn't reverted upstream, why is a revert needed on the stable > trees? > > David, could you ack these requests? > > -- > Thanks, > Sasha ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller than min mtu 2019-04-08 14:49 ` Captain Wiggum @ 2019-04-08 14:54 ` Eric Dumazet 2019-04-08 15:09 ` Captain Wiggum 2019-04-08 15:51 ` Sasha Levin 1 sibling, 1 reply; 14+ messages in thread From: Eric Dumazet @ 2019-04-08 14:54 UTC (permalink / raw) To: Captain Wiggum Cc: Sasha Levin, David Miller, Greg Kroah-Hartman, Florian Westphal, Peter Oskolkov, netdev, stable On Mon, Apr 8, 2019 at 7:50 AM Captain Wiggum <captwiggum@gmail.com> wrote: > > Hi Sasha, > > This patch cannot be applied to upstream, the code is significantly different. > Therefore, this un-do patch would not be seen in the upstream git log. > It was solved there by coding a better solution, not by the un-do patch. > > Please consider this: > Upstream passes the TAHI IPv6 protocol tests. All the LTS kernels do NOT. > This is the patch that causes the failure in 4.9, 4.14, 4.19 LTS kernels. > > And this patch has been in place with 4.9.134, a long time. > It is not right that "Linux" can not pass the IPv6 protocol test. > My executive are asking me why "Linux" is not fit for IPv6 deployments. > Security comes first. Your managers should be able to understand this very simple fact. Please provide a proper list of patches to backport instead of complaining. Upstream has been fixed, this is now a matter of helping stable teams, instead of ranting. Thanks. > --John Masinter > > On Sat, Apr 6, 2019 at 8:15 AM Sasha Levin <sashal@kernel.org> wrote: > > > > On Fri, Apr 05, 2019 at 10:22:51AM -0600, Captain Wiggum wrote: > > >I know it affects 4.9, 4.14, 4.19. > > >I have not tested the older LTS kernels. > > >But any LTS kernel that previously received this commit is affected: > > >... commit a8444b1ccb20339774af58e40ad42296074fb484 > > >... ipv6: defrag: drop non-last frags smaller than min mtu > > > > > > > > > > > >On Thu, Apr 4, 2019 at 10:50 PM Greg Kroah-Hartman > > ><gregkh@linuxfoundation.org> wrote: > > >> > > >> On Thu, Apr 04, 2019 at 06:18:30PM -0600, Captain Wiggum wrote: > > >> > Hi Greg, > > >> > > > >> > A previous bad patch breaks 18 test cases for IPv6 fragment headers. > > >> > This has already been un-done in upstream, but not in any of the LTS. > > >> > However two upstream patches are first needed to cover a DoS vulnerability. > > >> > > > >> > For background, there are two mail threads in [netdev] on this subject: > > >> > 1) Subject: TAHI testing fails for IPv6 Fragments in Kernel 4.9 (from > > >> > captwiggum) > > >> > 2) Subject: Please merge IPv6 fix for drop fragment smaller than MTU > > >> > (from captwiggum) > > >> > > > >> > Two patches from upstream needed first to cover the DoS: > > >> > > > >> > commit d4289fcc9b16b89619ee1c54f829e05e56de8b9a > > >> > net: IP6 defrag: use rbtrees for IPv6 defrag > > >> > > > >> > commit 997dd96471641e147cb2c33ad54284000d0f5e35 > > >> > net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c > > >> > > > >> > One undo-patch to fix the IPv6 fragment headers: > > >> > > > >> > ipv6: defrag: drop non-last frags smaller than min mtu > > >> > UN-DO: commit a8444b1ccb20339774af58e40ad42296074fb484 > > >> > > >> For what kernel version(s) do these patches need to be applied? > > >> > > >> thanks, > > >> > > >> greg k-h > > > > I see that 0ed4229b08c1 ("ipv6: defrag: drop non-last frags smaller than > > min mtu") wasn't reverted upstream, why is a revert needed on the stable > > trees? > > > > David, could you ack these requests? > > > > -- > > Thanks, > > Sasha ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller than min mtu 2019-04-08 14:54 ` Eric Dumazet @ 2019-04-08 15:09 ` Captain Wiggum 0 siblings, 0 replies; 14+ messages in thread From: Captain Wiggum @ 2019-04-08 15:09 UTC (permalink / raw) To: Eric Dumazet Cc: Sasha Levin, David Miller, Greg Kroah-Hartman, Florian Westphal, Peter Oskolkov, netdev, stable HI Eric, Sorry if I sound like I am complaining. I did indeed supply the list of needed patches to fix both the DoS issue and the IPv6 issue. You were on that email. In fact, it is this very email thread. Look to the top please. ;-) On Mon, Apr 8, 2019 at 8:54 AM Eric Dumazet <edumazet@google.com> wrote: > > On Mon, Apr 8, 2019 at 7:50 AM Captain Wiggum <captwiggum@gmail.com> wrote: > > > > Hi Sasha, > > > > This patch cannot be applied to upstream, the code is significantly different. > > Therefore, this un-do patch would not be seen in the upstream git log. > > It was solved there by coding a better solution, not by the un-do patch. > > > > Please consider this: > > Upstream passes the TAHI IPv6 protocol tests. All the LTS kernels do NOT. > > This is the patch that causes the failure in 4.9, 4.14, 4.19 LTS kernels. > > > > And this patch has been in place with 4.9.134, a long time. > > It is not right that "Linux" can not pass the IPv6 protocol test. > > My executive are asking me why "Linux" is not fit for IPv6 deployments. > > > > Security comes first. Your managers should be able to understand this > very simple fact. > > Please provide a proper list of patches to backport instead of complaining. > > Upstream has been fixed, this is now a matter of helping stable teams, > instead of ranting. > > Thanks. > > > > --John Masinter > > > > On Sat, Apr 6, 2019 at 8:15 AM Sasha Levin <sashal@kernel.org> wrote: > > > > > > On Fri, Apr 05, 2019 at 10:22:51AM -0600, Captain Wiggum wrote: > > > >I know it affects 4.9, 4.14, 4.19. > > > >I have not tested the older LTS kernels. > > > >But any LTS kernel that previously received this commit is affected: > > > >... commit a8444b1ccb20339774af58e40ad42296074fb484 > > > >... ipv6: defrag: drop non-last frags smaller than min mtu > > > > > > > > > > > > > > > >On Thu, Apr 4, 2019 at 10:50 PM Greg Kroah-Hartman > > > ><gregkh@linuxfoundation.org> wrote: > > > >> > > > >> On Thu, Apr 04, 2019 at 06:18:30PM -0600, Captain Wiggum wrote: > > > >> > Hi Greg, > > > >> > > > > >> > A previous bad patch breaks 18 test cases for IPv6 fragment headers. > > > >> > This has already been un-done in upstream, but not in any of the LTS. > > > >> > However two upstream patches are first needed to cover a DoS vulnerability. > > > >> > > > > >> > For background, there are two mail threads in [netdev] on this subject: > > > >> > 1) Subject: TAHI testing fails for IPv6 Fragments in Kernel 4.9 (from > > > >> > captwiggum) > > > >> > 2) Subject: Please merge IPv6 fix for drop fragment smaller than MTU > > > >> > (from captwiggum) > > > >> > > > > >> > Two patches from upstream needed first to cover the DoS: > > > >> > > > > >> > commit d4289fcc9b16b89619ee1c54f829e05e56de8b9a > > > >> > net: IP6 defrag: use rbtrees for IPv6 defrag > > > >> > > > > >> > commit 997dd96471641e147cb2c33ad54284000d0f5e35 > > > >> > net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c > > > >> > > > > >> > One undo-patch to fix the IPv6 fragment headers: > > > >> > > > > >> > ipv6: defrag: drop non-last frags smaller than min mtu > > > >> > UN-DO: commit a8444b1ccb20339774af58e40ad42296074fb484 > > > >> > > > >> For what kernel version(s) do these patches need to be applied? > > > >> > > > >> thanks, > > > >> > > > >> greg k-h > > > > > > I see that 0ed4229b08c1 ("ipv6: defrag: drop non-last frags smaller than > > > min mtu") wasn't reverted upstream, why is a revert needed on the stable > > > trees? > > > > > > David, could you ack these requests? > > > > > > -- > > > Thanks, > > > Sasha ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller than min mtu 2019-04-08 14:49 ` Captain Wiggum 2019-04-08 14:54 ` Eric Dumazet @ 2019-04-08 15:51 ` Sasha Levin 2019-04-08 15:59 ` Peter Oskolkov 1 sibling, 1 reply; 14+ messages in thread From: Sasha Levin @ 2019-04-08 15:51 UTC (permalink / raw) To: Captain Wiggum Cc: davem, Greg Kroah-Hartman, Florian Westphal, Eric Dumazet, Peter Oskolkov, netdev, stable On Mon, Apr 08, 2019 at 08:49:52AM -0600, Captain Wiggum wrote: >Hi Sasha, > >This patch cannot be applied to upstream, the code is significantly different. >Therefore, this un-do patch would not be seen in the upstream git log. >It was solved there by coding a better solution, not by the un-do patch. Okay, so this is effectively a request to diverge the -stable tree from upstream in a non-trivial way, which is why I asked David Miller to ack this act explcitly (or to send me patches, or whatever else he thinks is appropriate here). >Please consider this: >Upstream passes the TAHI IPv6 protocol tests. All the LTS kernels do NOT. >This is the patch that causes the failure in 4.9, 4.14, 4.19 LTS kernels. I very much agree that this should get fixed. My concerns are not with the bug but are with the proposed fix as it applies to -stable trees. >And this patch has been in place with 4.9.134, a long time. >It is not right that "Linux" can not pass the IPv6 protocol test. >My executive are asking me why "Linux" is not fit for IPv6 deployments. Arguments such as this carry no weight in a more technical discussion such as this. Yes, some tests are currently broken, but we will not take shortcuts just because "executives are unhappy". -- Thanks, Sasha ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller than min mtu 2019-04-08 15:51 ` Sasha Levin @ 2019-04-08 15:59 ` Peter Oskolkov 2019-04-08 16:29 ` Captain Wiggum 0 siblings, 1 reply; 14+ messages in thread From: Peter Oskolkov @ 2019-04-08 15:59 UTC (permalink / raw) To: Sasha Levin Cc: Captain Wiggum, davem, Greg Kroah-Hartman, Florian Westphal, Eric Dumazet, Peter Oskolkov, netdev, stable On Mon, Apr 8, 2019 at 8:51 AM Sasha Levin <sashal@kernel.org> wrote: > > On Mon, Apr 08, 2019 at 08:49:52AM -0600, Captain Wiggum wrote: > >Hi Sasha, > > > >This patch cannot be applied to upstream, the code is significantly different. > >Therefore, this un-do patch would not be seen in the upstream git log. > >It was solved there by coding a better solution, not by the un-do patch. > > Okay, so this is effectively a request to diverge the -stable tree from > upstream in a non-trivial way, which is why I asked David Miller to ack > this act explcitly (or to send me patches, or whatever else he thinks is > appropriate here). I believe that applying this patch series: https://patchwork.ozlabs.org/cover/1029418/ from upstream will achieve the desired outcome (assuming it applies cleanly). > > >Please consider this: > >Upstream passes the TAHI IPv6 protocol tests. All the LTS kernels do NOT. > >This is the patch that causes the failure in 4.9, 4.14, 4.19 LTS kernels. > > I very much agree that this should get fixed. My concerns are not with > the bug but are with the proposed fix as it applies to -stable trees. > > >And this patch has been in place with 4.9.134, a long time. > >It is not right that "Linux" can not pass the IPv6 protocol test. > >My executive are asking me why "Linux" is not fit for IPv6 deployments. > > Arguments such as this carry no weight in a more technical discussion > such as this. Yes, some tests are currently broken, but we will not take > shortcuts just because "executives are unhappy". > > -- > Thanks, > Sasha ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller than min mtu 2019-04-08 15:59 ` Peter Oskolkov @ 2019-04-08 16:29 ` Captain Wiggum 2019-04-08 17:13 ` Peter Oskolkov 0 siblings, 1 reply; 14+ messages in thread From: Captain Wiggum @ 2019-04-08 16:29 UTC (permalink / raw) To: Peter Oskolkov Cc: Sasha Levin, davem, Greg Kroah-Hartman, Florian Westphal, Eric Dumazet, Peter Oskolkov, netdev, stable Thank you Peter! I tried the patch on 4.9.167 & 4.19.32. It's out of sync with upstream. Looks like a little different work needed for each LTS kernel. Is someone is familiar with it, and is available to patch it? If not, I'd be happy to do this and propose a patch for at least 4.9, 4.14, 4.19. I look forward to your feedback. ----- patch against 4.9.167: include/net/inet_frag.h: 1 out of 2 hunks FAILED net/ipv4/ip_fragment.c: 4 out of 9 hunks FAILED can't find file to patch at input line 796: Not found: include/net/ipv6_frag.h ----- patch against 4.19.32: net/ipv4/ip_fragment.c: 3 out of 9 hunks FAILED net/ipv6/reassembly.c: 2 out of 8 hunks FAILED can't find file to patch: tools/testing/selftests/net/ip_defrag.c --John Masinter On Mon, Apr 8, 2019 at 9:59 AM Peter Oskolkov <posk@posk.io> wrote: > > On Mon, Apr 8, 2019 at 8:51 AM Sasha Levin <sashal@kernel.org> wrote: > > > > On Mon, Apr 08, 2019 at 08:49:52AM -0600, Captain Wiggum wrote: > > >Hi Sasha, > > > > > >This patch cannot be applied to upstream, the code is significantly different. > > >Therefore, this un-do patch would not be seen in the upstream git log. > > >It was solved there by coding a better solution, not by the un-do patch. > > > > Okay, so this is effectively a request to diverge the -stable tree from > > upstream in a non-trivial way, which is why I asked David Miller to ack > > this act explcitly (or to send me patches, or whatever else he thinks is > > appropriate here). > > I believe that applying this patch series: > https://patchwork.ozlabs.org/cover/1029418/ > from upstream will achieve the desired outcome (assuming it applies cleanly). > > > > > >Please consider this: > > >Upstream passes the TAHI IPv6 protocol tests. All the LTS kernels do NOT. > > >This is the patch that causes the failure in 4.9, 4.14, 4.19 LTS kernels. > > > > I very much agree that this should get fixed. My concerns are not with > > the bug but are with the proposed fix as it applies to -stable trees. > > > > >And this patch has been in place with 4.9.134, a long time. > > >It is not right that "Linux" can not pass the IPv6 protocol test. > > >My executive are asking me why "Linux" is not fit for IPv6 deployments. > > > > Arguments such as this carry no weight in a more technical discussion > > such as this. Yes, some tests are currently broken, but we will not take > > shortcuts just because "executives are unhappy". > > > > -- > > Thanks, > > Sasha ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller than min mtu 2019-04-08 16:29 ` Captain Wiggum @ 2019-04-08 17:13 ` Peter Oskolkov 2019-04-08 23:15 ` Sasha Levin 0 siblings, 1 reply; 14+ messages in thread From: Peter Oskolkov @ 2019-04-08 17:13 UTC (permalink / raw) To: Captain Wiggum Cc: Sasha Levin, davem, Greg Kroah-Hartman, Florian Westphal, Eric Dumazet, Peter Oskolkov, netdev, stable On Mon, Apr 8, 2019 at 9:29 AM Captain Wiggum <captwiggum@gmail.com> wrote: > > Thank you Peter! > > I tried the patch on 4.9.167 & 4.19.32. It's out of sync with upstream. > Looks like a little different work needed for each LTS kernel. > Is someone is familiar with it, and is available to patch it? I'll try to backport the patchset to 4.9 and send it out for review. If it is accepted (this will be my first stable backport attempt), I'll do the same for 4.14 and 4.19. Thanks, Peter > If not, I'd be happy to do this and propose a patch for at least 4.9, > 4.14, 4.19. > I look forward to your feedback. > ----- > patch against 4.9.167: > include/net/inet_frag.h: 1 out of 2 hunks FAILED > net/ipv4/ip_fragment.c: 4 out of 9 hunks FAILED > can't find file to patch at input line 796: Not found: include/net/ipv6_frag.h > ----- > patch against 4.19.32: > net/ipv4/ip_fragment.c: 3 out of 9 hunks FAILED > net/ipv6/reassembly.c: 2 out of 8 hunks FAILED > can't find file to patch: tools/testing/selftests/net/ip_defrag.c > > --John Masinter > > On Mon, Apr 8, 2019 at 9:59 AM Peter Oskolkov <posk@posk.io> wrote: > > > > On Mon, Apr 8, 2019 at 8:51 AM Sasha Levin <sashal@kernel.org> wrote: > > > > > > On Mon, Apr 08, 2019 at 08:49:52AM -0600, Captain Wiggum wrote: > > > >Hi Sasha, > > > > > > > >This patch cannot be applied to upstream, the code is significantly different. > > > >Therefore, this un-do patch would not be seen in the upstream git log. > > > >It was solved there by coding a better solution, not by the un-do patch. > > > > > > Okay, so this is effectively a request to diverge the -stable tree from > > > upstream in a non-trivial way, which is why I asked David Miller to ack > > > this act explcitly (or to send me patches, or whatever else he thinks is > > > appropriate here). > > > > I believe that applying this patch series: > > https://patchwork.ozlabs.org/cover/1029418/ > > from upstream will achieve the desired outcome (assuming it applies cleanly). > > > > > > > > >Please consider this: > > > >Upstream passes the TAHI IPv6 protocol tests. All the LTS kernels do NOT. > > > >This is the patch that causes the failure in 4.9, 4.14, 4.19 LTS kernels. > > > > > > I very much agree that this should get fixed. My concerns are not with > > > the bug but are with the proposed fix as it applies to -stable trees. > > > > > > >And this patch has been in place with 4.9.134, a long time. > > > >It is not right that "Linux" can not pass the IPv6 protocol test. > > > >My executive are asking me why "Linux" is not fit for IPv6 deployments. > > > > > > Arguments such as this carry no weight in a more technical discussion > > > such as this. Yes, some tests are currently broken, but we will not take > > > shortcuts just because "executives are unhappy". > > > > > > -- > > > Thanks, > > > Sasha ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller than min mtu 2019-04-08 17:13 ` Peter Oskolkov @ 2019-04-08 23:15 ` Sasha Levin 2019-04-08 23:38 ` Peter Oskolkov 0 siblings, 1 reply; 14+ messages in thread From: Sasha Levin @ 2019-04-08 23:15 UTC (permalink / raw) To: Peter Oskolkov Cc: Captain Wiggum, davem, Greg Kroah-Hartman, Florian Westphal, Eric Dumazet, Peter Oskolkov, netdev, stable On Mon, Apr 08, 2019 at 10:13:57AM -0700, Peter Oskolkov wrote: >On Mon, Apr 8, 2019 at 9:29 AM Captain Wiggum <captwiggum@gmail.com> wrote: >> >> Thank you Peter! >> >> I tried the patch on 4.9.167 & 4.19.32. It's out of sync with upstream. >> Looks like a little different work needed for each LTS kernel. >> Is someone is familiar with it, and is available to patch it? > >I'll try to backport the patchset to 4.9 and send it out for review. >If it is accepted (this >will be my first stable backport attempt), I'll do the same for 4.14 and 4.19. Please start with 4.19 and work backwards for two reasons: 1. If we fix something in 4.9, and the user upgrades to a broken 4.14/4.19 he'll be very upset. 2. It'll make the backporting process much easier for you as the differences between 4.19 and 5.0 are much smaller than 4.9 and 5.0. -- Thanks, Sasha ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller than min mtu 2019-04-08 23:15 ` Sasha Levin @ 2019-04-08 23:38 ` Peter Oskolkov 0 siblings, 0 replies; 14+ messages in thread From: Peter Oskolkov @ 2019-04-08 23:38 UTC (permalink / raw) To: Sasha Levin Cc: Captain Wiggum, davem, Greg Kroah-Hartman, Florian Westphal, Eric Dumazet, Peter Oskolkov, netdev, stable On Mon, Apr 8, 2019 at 4:15 PM Sasha Levin <sashal@kernel.org> wrote: > > On Mon, Apr 08, 2019 at 10:13:57AM -0700, Peter Oskolkov wrote: > >On Mon, Apr 8, 2019 at 9:29 AM Captain Wiggum <captwiggum@gmail.com> wrote: > >> > >> Thank you Peter! > >> > >> I tried the patch on 4.9.167 & 4.19.32. It's out of sync with upstream. > >> Looks like a little different work needed for each LTS kernel. > >> Is someone is familiar with it, and is available to patch it? > > > >I'll try to backport the patchset to 4.9 and send it out for review. > >If it is accepted (this > >will be my first stable backport attempt), I'll do the same for 4.14 and 4.19. > > Please start with 4.19 and work backwards for two reasons: > > 1. If we fix something in 4.9, and the user upgrades to a broken > 4.14/4.19 he'll be very upset. > > 2. It'll make the backporting process much easier for you as the > differences between 4.19 and 5.0 are much smaller than 4.9 and 5.0. > Thanks, Sasha - it is indeed much easier to backport to 4.19. I'll send the patchset for review shortly. > > -- > Thanks, > Sasha ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2019-04-08 23:39 UTC | newest] Thread overview: 14+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-04-05 0:18 [PATCH net] ipv6: un-do: defrag: drop non-last frags smaller than min mtu Captain Wiggum 2019-04-05 4:50 ` Greg Kroah-Hartman 2019-04-05 16:22 ` Captain Wiggum 2019-04-06 14:15 ` Sasha Levin 2019-04-06 16:34 ` Florian Westphal 2019-04-08 14:49 ` Captain Wiggum 2019-04-08 14:54 ` Eric Dumazet 2019-04-08 15:09 ` Captain Wiggum 2019-04-08 15:51 ` Sasha Levin 2019-04-08 15:59 ` Peter Oskolkov 2019-04-08 16:29 ` Captain Wiggum 2019-04-08 17:13 ` Peter Oskolkov 2019-04-08 23:15 ` Sasha Levin 2019-04-08 23:38 ` Peter Oskolkov
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).