[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#950488: buster-pu: package kronosnet/1.8-2

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Dear Stable Release Team,

I'v got a bold request: please let me update Kronosnet in buster from
1.8-2 to 1.13-something to fix #946222.  During the buster freeze
period, upstream released 1.9 and 1.10, but those didn't bring important
fixes, so I didn't request freeze exceptions for them.  However, when
Proxmox VE 6.0 got released (based on Debian buster), their users
reported lots of intertwined bugs, and the developers iterated through
1.11, 1.12 and 1.13 in quick succession to fix them, see the linked
https://forum.proxmox.com/threads/pve-5-4-11-corosync-3-x-major-issues.56124.
>From the announcements:

1.9, May 2019:
(https://lists.kronosnet.org/pipermail/devel/2019-May/000077.html)
1.10, Jun 2019:
(https://lists.kronosnet.org/pipermail/devel/2019-June/000078.html)

1.11, Aug 2019:
  Major bug fixes in the PMTUd code. MTU was not calculated correctly
  when using crypto and PMTUd would fail due to timeouts when using
  crypto and systems are overloaded. Thanks to the proxmox community for
  reporting the issues and testing pre-fixes.
  (https://lists.kronosnet.org/pipermail/devel/2019-August/000079.html)

1.12, Sep 2019:
* IMPORTANT: any version prior to 1.12 has a memory corruption bug that
  could cause knet to crash or hung when the network is not stable for a
  long period of time. Please see
  https://github.com/kronosnet/kronosnet/issues/255 for details.
  If you are unable to upgrade to 1.12, please make sure to cherry pick
  https://github.com/kronosnet/kronosnet/commit/6a92361c7554c2aa7222d6f868e43704694683c7
  (stable branch) into your distribution as soon as possible.

1.13, Oct 2019:
* IMPORTANT/URGENT: fix defrag buffer reclaim logic that could lead knet
   to deliver corrupted data to the application (corosync or alike).
* IMPORTANT/URGENT: fix MTU boundary check on links with very high
   packet loss and avoid delivering corrupted (short) data to the
   application.
(https://lists.kronosnet.org/pipermail/devel/2019-October/000081.html)

Since Proxmox upgraded Kronosnet to 1.13, things settled and seem to
work reliably.  But Debian stable users were left out in the cold, I had
to recommend installing Kronosnet for bullseye, which worked for some
time but isn't optimal, so eventually #946222 was filed.  Backports
would certainly be a possibility, but given that Kronosnet 1.8 in buster
isn't really usable for anything serious, I decided to ask for a stable
update first.  Of course this would include some unnecessary (but good)
changes as well; while it would be possible to cherry pick the relevant
commits only, that involves quite some back-and-forth stuff muddying the
waters and would result in a misleading version number as well.  Since
the only package depending on Kronosnet is Corosync, which is also under
the HA Team umbrella, I find the risk acceptable (and the pieces would
fall back on me after all).

Some upstream communication about cherry-picking possibilities:

https://github.com/kronosnet/kronosnet/pull/242
"the big fat PMTU patch is a very serious bug. [...] The previous patch
set was less invasive but still wrong [...] The last patch, while
invasive in the look, makes the code a lot simpler and functional"

https://github.com/kronosnet/kronosnet/pull/257#issuecomment-533054215
"please make sure to cherry pick this fix ASAP, also for Debian stable.
It's a bad crash and memory corrupter. [...] coverity scan fixes will
hit stable release in 1.12, I would wait to push them into a stable
update for Debian, they are super nice, but nothing critical enough to
force it.  For #242 I still strongly recommend to take the big patch.
It's been tested a lot now"
-- 
Looking forward to hearing your advice,
Feri.
Reply to: