[Kernel-packages] [Bug 1935040] Re: dev_forward_skb: do not scrub skb mark within the same name space

Wed, 15 Sep 2021 12:21:23 -0700 

This bug was fixed in the package linux - 5.13.0-16.16

---------------
linux (5.13.0-16.16) impish; urgency=medium

  * impish/linux: 5.13.0-16.16 -proposed tracker (LP: #1942611)

  * Miscellaneous Ubuntu changes
    - [Config] update toolchain in configs

  * Miscellaneous upstream changes
    - Revert "UBUNTU: [Config] Enable CONFIG_UBSAN_BOUNDS"

 -- Andrea Righi <[email protected]>  Fri, 03 Sep 2021 16:21:14
+0200

** Changed in: linux (Ubuntu Impish)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1935040

Title:
  dev_forward_skb: do not scrub skb mark within the same name space

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Focal:
  Fix Released
Status in linux source package in Hirsute:
  Fix Released
Status in linux source package in Impish:
  Fix Released

Bug description:
  [Impact]

  The ebpf function 'bpf_redirect' reset the mark when used with the flag 
BPF_F_INGRESS.
  There are two main problems with that:
   - it's not consistent between legacy tunnels and ebpf;
   - it's not consistent between ingress and egress.

  In fact, the eBPF program can easily reset the mark, but it cannot
  preserve it.

  This kind of patch was already done in the past, see commit
  963a88b31ddb ("tunnels: harmonize cleanup done on skb on xmit path"),
  commit ea23192e8e57 ("tunnels: harmonize cleanup done on skb on rx
  path") and commit 213dd74aee76 ("skbuff: Do not scrub skb mark within
  the same name space").

  This is fixed upstream with commit ff70202b2d1a ("dev_forward_skb: do
  not scrub skb mark within the same name space").

  
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff70202b2d1a

  [Test Case]

  Mark a packet in the POSTROUTING hook, redirect it to another
  interface and display it with a netfilter log rule to check the mark.

  [Regression Potential]

  A user could expect that the mark is reset after a call to
  bpf_redirect(BPF_F_INGRESS), but he could easily reset it in the eBPF
  program himself.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1935040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to