Bug#855153: linux-image-4.9.0-1-amd64: kernel 4.9 does not check route protocol when deleting ipv6 routes
Package: src:linux
Version: 4.9.6-3
Severity: important
Tags: ipv6
Dear Debian Kernel Maintainers,
when trying to delete an IPv6 route with a specific route protocol field
in a kernel 4.9, the kernel does not actually check the protocol of the
route and just deletes all the routes that match the other attributes.
This leads to various issues with routing daemons, for example BIRD.
E.g. when a BGP withdraw update is being received with a prefix matching
a kernel route, both "proto bird" and "proto kernel" get deleted.
The only workaround is currently to maintain a manual blacklist in the
routing daemon, however a proper fix at kernel level would be definitely
appreciated. As a patch was already committed to the Linux Kernel Git
Repository, I recommend backporting into the Debian Stretch kernel, as
the patch is both overseeable and easy to implement.
The bug itself can be easily reproduced on any Linux running kernel
version 4.9 or lower by executing these commands:
~$ ip -6 route add ff::/64 dev eth0 proto kernel
~$ ip -6 route
(check the routing table, the newly added route is visible)
~$ ip -6 route del ff::/64 proto boot
~$ ip -6 route
(the route is gone, although it should still be there!)
A link to the Git commit fixing this specific issue can be found at the
following URL and was already merged into kernel 4.10 since rc1:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2ed1880fd61a998e3ce40254a99a2ad000f1a7d
-- Package-specific info:
** Version:
Linux version 4.9.0-1-amd64 (debian-kernel@lists.debian.org) (gcc version 6.3.0 20170124 (Debian 6.3.0-5) ) #1 SMP Debian 4.9.6-3 (2017-01-28)
** Command line:
BOOT_IMAGE=/vmlinuz-4.9.0-1-amd64 root=/dev/mapper/vg--main-lv--root ro quiet
** Not tainted
** Kernel log:
Unable to read kernel log; any relevant messages should be attached
** Model information
sys_vendor: QEMU
product_name: Standard PC (i440FX + PIIX, 1996)
product_version: pc-i440fx-2.7
chassis_vendor: QEMU
chassis_version: pc-i440fx-2.7
bios_vendor: SeaBIOS
bios_version: rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org
** Loaded modules:
binfmt_misc
nf_log_ipv6
ip6t_REJECT
nf_reject_ipv6
nf_conntrack_ipv6
nf_defrag_ipv6
ip6table_filter
ip6_tables
nf_log_ipv4
nf_log_common
xt_LOG
xt_limit
ipt_REJECT
nf_reject_ipv4
xt_tcpudp
nf_conntrack_ipv4
nf_defrag_ipv4
xt_multiport
xt_recent
xt_addrtype
xt_conntrack
nf_conntrack
iptable_filter
crct10dif_pclmul
crc32_pclmul
ghash_clmulni_intel
hid_generic
cirrus
ppdev
ttm
drm_kms_helper
usbhid
joydev
hid
evdev
serio_raw
pcspkr
sg
drm
virtio_balloon
shpchp
parport_pc
parport
acpi_cpufreq
tpm_tis
tpm_tis_core
tpm
button
nfsd
auth_rpcgss
nfs_acl
lockd
grace
sunrpc
ip_tables
x_tables
autofs4
ext4
crc16
jbd2
crc32c_generic
fscrypto
ecb
mbcache
sr_mod
cdrom
ata_generic
dm_mod
virtio_blk
virtio_net
crc32c_intel
aesni_intel
aes_x86_64
glue_helper
lrw
gf128mul
ablk_helper
cryptd
psmouse
ata_piix
uhci_hcd
libata
floppy
ehci_hcd
virtio_pci
virtio_ring
virtio
i2c_piix4
usbcore
usb_common
scsi_mod
** PCI devices:
00:00.0 Host bridge [0600]: Intel Corporation 440FX - 82441FX PMC [Natoma] [8086:1237] (rev 02)
Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
00:01.0 ISA bridge [0601]: Intel Corporation 82371SB PIIX3 ISA [Natoma/Triton II] [8086:7000]
Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100]
Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
00:01.1 IDE interface [0101]: Intel Corporation 82371SB PIIX3 IDE [Natoma/Triton II] [8086:7010] (prog-if 80 [Master])
Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Region 0: [virtual] Memory at 000001f0 (32-bit, non-prefetchable) [size=8]
Region 1: [virtual] Memory at 000003f0 (type 3, non-prefetchable)
Region 2: [virtual] Memory at 00000170 (32-bit, non-prefetchable) [size=8]
Region 3: [virtual] Memory at 00000370 (type 3, non-prefetchable)
Region 4: I/O ports at e0a0 [size=16]
Kernel driver in use: ata_piix
Kernel modules: ata_piix, ata_generic
00:01.2 USB controller [0c03]: Intel Corporation 82371SB PIIX3 USB [Natoma/Triton II] [8086:7020] (rev 01) (prog-if 00 [UHCI])
Subsystem: Red Hat, Inc QEMU Virtual Machine [1af4:1100]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin D routed to IRQ 11
Region 4: I/O ports at e040 [size=32]
Kernel driver in use: uhci_hcd
Kernel modules: uhci_hcd
00:01.3 Bridge [0680]: Intel Corporation 82371AB/EB/MB PIIX4 ACPI [8086:7113] (rev 03)
Subsystem: Red Hat, Inc Qemu virtual machine [1af4:1100]
Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Interrupt: pin A routed to IRQ 9
Kernel driver in use: piix4_smbus
Kernel modules: i2c_piix4
00:02.0 VGA compatible controller [0300]: Cirrus Logic GD 5446 [1013:00b8] (prog-if 00 [VGA controller])
Subsystem: Red Hat, Inc QEMU Virtual Machine [1af4:1100]
Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
Status: Cap- 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Region 0: Memory at fa000000 (32-bit, prefetchable) [size=32M]
Region 1: Memory at fea50000 (32-bit, non-prefetchable) [size=4K]
Expansion ROM at 000c0000 [disabled] [size=128K]
Kernel driver in use: cirrus
Kernel modules: cirrusfb, cirrus
00:03.0 Unclassified device [00ff]: Red Hat, Inc Virtio memory balloon [1af4:1002]
Subsystem: Red Hat, Inc Virtio memory balloon [1af4:0005]
Physical Slot: 3
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin A routed to IRQ 10
Region 0: I/O ports at e060 [size=32]
Region 4: Memory at fc000000 (64-bit, prefetchable) [size=8M]
Capabilities: <access denied>
Kernel driver in use: virtio-pci
Kernel modules: virtio_pci
00:0a.0 SCSI storage controller [0100]: Red Hat, Inc Virtio block device [1af4:1001]
Subsystem: Red Hat, Inc Virtio block device [1af4:0002]
Physical Slot: 10
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin A routed to IRQ 10
Region 0: I/O ports at e000 [size=64]
Region 1: Memory at fea51000 (32-bit, non-prefetchable) [size=4K]
Region 4: Memory at fc800000 (64-bit, prefetchable) [size=8M]
Capabilities: <access denied>
Kernel driver in use: virtio-pci
Kernel modules: virtio_pci
00:12.0 Ethernet controller [0200]: Red Hat, Inc Virtio network device [1af4:1000]
Subsystem: Red Hat, Inc Virtio network device [1af4:0001]
Physical Slot: 18
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin A routed to IRQ 10
Region 0: I/O ports at e080 [size=32]
Region 1: Memory at fea52000 (32-bit, non-prefetchable) [size=4K]
Region 4: Memory at fd000000 (64-bit, prefetchable) [size=8M]
Expansion ROM at fea00000 [disabled] [size=256K]
Capabilities: <access denied>
Kernel driver in use: virtio-pci
Kernel modules: virtio_pci
00:1e.0 PCI bridge [0604]: Red Hat, Inc. QEMU PCI-PCI bridge [1b36:0001] (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Interrupt: pin A routed to IRQ 10
Region 0: Memory at fea53000 (64-bit, non-prefetchable) [size=256]
Bus: primary=00, secondary=01, subordinate=01, sec-latency=0
I/O behind bridge: 0000d000-0000dfff
Memory behind bridge: fe800000-fe9fffff
Prefetchable memory behind bridge: 00000000fda00000-00000000fdbfffff
Secondary status: 66MHz+ FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: <access denied>
Kernel modules: shpchp
00:1f.0 PCI bridge [0604]: Red Hat, Inc. QEMU PCI-PCI bridge [1b36:0001] (prog-if 00 [Normal decode])
Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR+ FastB2B- DisINTx-
Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Interrupt: pin A routed to IRQ 11
Region 0: Memory at fea54000 (64-bit, non-prefetchable) [size=256]
Bus: primary=00, secondary=02, subordinate=02, sec-latency=0
I/O behind bridge: 0000c000-0000cfff
Memory behind bridge: fe600000-fe7fffff
Prefetchable memory behind bridge: 00000000fd800000-00000000fd9fffff
Secondary status: 66MHz+ FastB2B+ ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- <SERR- <PERR-
BridgeCtl: Parity- SERR+ NoISA- VGA- MAbort- >Reset- FastB2B-
PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn-
Capabilities: <access denied>
Kernel modules: shpchp
** USB devices:
Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages linux-image-4.9.0-1-amd64 depends on:
ii initramfs-tools [linux-initramfs-tool] 0.127
ii kmod 23-2
ii linux-base 4.5
Versions of packages linux-image-4.9.0-1-amd64 recommends:
ii firmware-linux-free 3.4
ii irqbalance 1.1.0-2.2
Versions of packages linux-image-4.9.0-1-amd64 suggests:
pn debian-kernel-handbook <none>
ii grub-pc 2.02~beta3-4
pn linux-doc-4.9 <none>
Versions of packages linux-image-4.9.0-1-amd64 is related to:
pn firmware-amd-graphics <none>
pn firmware-atheros <none>
pn firmware-bnx2 <none>
pn firmware-bnx2x <none>
pn firmware-brcm80211 <none>
pn firmware-cavium <none>
pn firmware-intel-sound <none>
pn firmware-intelwimax <none>
pn firmware-ipw2x00 <none>
pn firmware-ivtv <none>
pn firmware-iwlwifi <none>
pn firmware-libertas <none>
pn firmware-linux-nonfree <none>
pn firmware-misc-nonfree <none>
pn firmware-myricom <none>
pn firmware-netxen <none>
pn firmware-qlogic <none>
pn firmware-realtek <none>
pn firmware-samsung <none>
pn firmware-siano <none>
pn firmware-ti-connectivity <none>
pn xen-hypervisor <none>
-- no debconf information
Reply to: