Package: release.debian.org Severity: normal Tags: bullseye User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: pyrou...@packages.debian.org Control: affects -1 + src:pyroute2
Hi team! [ Reason ] Since the last (security) update of the Linux kernel, Bullseye is affected by this bug: https://bugs.launchpad.net/nova/+bug/2048097 Concretly, if one tries to (cold) migrate an OpenStack VM from one compute node to another, Nova fails to unplug the VM's port bridge(s) after the cold migration, when doing: "openstack resize confirm <vm-uuid>" This is due to this Kernel patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a6cec0bcd34264be8887791594be793b3f12719f This was patch later in pyroute2 upstream with this patch: https://github.com/svinota/pyroute2/commit/1eb08312de30a083bcfddfaa9c1d5e124b6368df#diff-e412e6093798df68279c3c7a0887cd91baef4d17a58c2bcfe10263f1e1c29ef0R803 that I have backported to pyroute2 0.5.14 (see attachment). [ Impact ] If one tries to migrate an OpenStack VM, it fails, and the OpenStack compute node falls into a very bad state that is hardly recoverable: one needs to upgrade to the version of pyroute2 that I'm hereby proposing, manually delete all qbr bridges and TAP interface manually (otherwise, nova-compute refuses to start). This is very hard to find out, as nova doesn't produce any log in this situation. [ Tests ] We've put the new version of pyroute2 that I'm proposing in production, and we've been able to do (cold) migrations. [ Risks ] I have to admit I don't really understand what's going on bellow, though we're back to a working production system, so I believe the fix is working. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Backport of the upstream fix as per attachment. Since the kernel is already available, and our users may upgrade to it and fall into this bad situation, it's IMO important that we proceed with this fix ASAP. Cheers, Thomas Goirand (zigo)
diff -Nru pyroute2-0.5.14/debian/changelog pyroute2-0.5.14/debian/changelog --- pyroute2-0.5.14/debian/changelog 2020-10-13 14:31:06.000000000 +0200 +++ pyroute2-0.5.14/debian/changelog 2024-06-07 12:06:04.000000000 +0200 @@ -1,3 +1,9 @@ +pyroute2 (0.5.14-2+deb11u1) bullseye; urgency=medium + + * Add iproute-linux_try-to-improve-flags-when-sending-del-messages.patch. + + -- Thomas Goirand <z...@debian.org> Fri, 07 Jun 2024 12:06:04 +0200 + pyroute2 (0.5.14-2) unstable; urgency=medium * Uploading to unstable. diff -Nru pyroute2-0.5.14/debian/patches/iproute-linux_try-to-improve-flags-when-sending-del-messages.patch pyroute2-0.5.14/debian/patches/iproute-linux_try-to-improve-flags-when-sending-del-messages.patch --- pyroute2-0.5.14/debian/patches/iproute-linux_try-to-improve-flags-when-sending-del-messages.patch 1970-01-01 01:00:00.000000000 +0100 +++ pyroute2-0.5.14/debian/patches/iproute-linux_try-to-improve-flags-when-sending-del-messages.patch 2024-06-07 12:06:04.000000000 +0200 @@ -0,0 +1,116 @@ +Description: iproute/linux: try to improve flags when sending del messages + This is a backport of this patch: + https://github.com/svinota/pyroute2/commit/1eb08312de30a083bcfddfaa9c1d5e124b6368df#diff-e412e6093798df68279c3c7a0887cd91baef4d17a58c2bcfe10263f1e1c29ef0R803 + to version 0.5.14 of pyroute2. +Author: Thomas Goirand <z...@debian.org> +Origin: upstream, https://github.com/svinota/pyroute2/commit/1eb08312de30a083bcfddfaa9c1d5e124b6368df#diff-e412e6093798df68279c3c7a0887cd91baef4d17a58c2bcfe10263f1e1c29ef0R803 +Last-Update: 2024-06-07 + +--- pyroute2-0.5.14.orig/pyroute2/iproute/linux.py ++++ pyroute2-0.5.14/pyroute2/iproute/linux.py +@@ -561,7 +561,7 @@ class RTNL_API(object): + # flush all addresses with IFA_LABEL='eth0': + ipr.flush_addr(label='eth0') + ''' +- flags = NLM_F_CREATE | NLM_F_EXCL | NLM_F_REQUEST ++ flags = NLM_F_CREATE | NLM_F_REQUEST + ret = [] + for addr in self.get_addr(*argv, **kwarg): + self.put(addr, msg_type=RTM_DELADDR, msg_flags=flags) +@@ -582,7 +582,7 @@ class RTNL_API(object): + # flush all IPv6 rules that point to table 250: + ipr.flush_rules(family=socket.AF_INET6, table=250) + ''' +- flags = NLM_F_CREATE | NLM_F_EXCL | NLM_F_REQUEST ++ flags = NLM_F_CREATE | NLM_F_REQUEST + ret = [] + for rule in self.get_rules(*argv, **kwarg): + self.put(rule, msg_type=RTM_DELRULE, msg_flags=flags) +@@ -936,9 +936,9 @@ class RTNL_API(object): + 'set': (RTM_NEWNEIGH, flags_replace), + 'replace': (RTM_NEWNEIGH, flags_replace), + 'change': (RTM_NEWNEIGH, flags_change), +- 'del': (RTM_DELNEIGH, flags_make), +- 'remove': (RTM_DELNEIGH, flags_make), +- 'delete': (RTM_DELNEIGH, flags_make), ++ 'del': (RTM_DELNEIGH, flags_base), ++ 'remove': (RTM_DELNEIGH, flags_base), ++ 'delete': (RTM_DELNEIGH, flags_base), + 'dump': (RTM_GETNEIGH, flags_dump), + 'get': (RTM_GETNEIGH, flags_base), + 'append': (RTM_NEWNEIGH, flags_append)} +@@ -1305,9 +1305,9 @@ class RTNL_API(object): + commands = {'set': (RTM_NEWLINK, flags_req), + 'update': (RTM_SETLINK, flags_create), + 'add': (RTM_NEWLINK, flags_create), +- 'del': (RTM_DELLINK, flags_create), +- 'remove': (RTM_DELLINK, flags_create), +- 'delete': (RTM_DELLINK, flags_create), ++ 'del': (RTM_DELLINK, flags_req), ++ 'remove': (RTM_DELLINK, flags_req), ++ 'delete': (RTM_DELLINK, flags_req), + 'dump': (RTM_GETLINK, flags_dump), + 'get': (RTM_GETLINK, NLM_F_REQUEST)} + +@@ -1423,9 +1423,9 @@ class RTNL_API(object): + flags_create = flags_base | NLM_F_CREATE | NLM_F_EXCL + flags_replace = flags_base | NLM_F_REPLACE | NLM_F_CREATE + commands = {'add': (RTM_NEWADDR, flags_create), +- 'del': (RTM_DELADDR, flags_create), +- 'remove': (RTM_DELADDR, flags_create), +- 'delete': (RTM_DELADDR, flags_create), ++ 'del': (RTM_DELADDR, flags_base), ++ 'remove': (RTM_DELADDR, flags_base), ++ 'delete': (RTM_DELADDR, flags_base), + 'replace': (RTM_NEWADDR, flags_replace), + 'dump': (RTM_GETADDR, flags_dump)} + (command, flags) = commands.get(command, command) +@@ -1566,17 +1566,17 @@ class RTNL_API(object): + flags_replace = flags_change | NLM_F_CREATE + + commands = {'add': (RTM_NEWQDISC, flags_make), +- 'del': (RTM_DELQDISC, flags_make), +- 'remove': (RTM_DELQDISC, flags_make), +- 'delete': (RTM_DELQDISC, flags_make), ++ 'del': (RTM_DELQDISC, flags_base), ++ 'remove': (RTM_DELQDISC, flags_base), ++ 'delete': (RTM_DELQDISC, flags_base), + 'change': (RTM_NEWQDISC, flags_change), + 'replace': (RTM_NEWQDISC, flags_replace), + 'add-class': (RTM_NEWTCLASS, flags_make), +- 'del-class': (RTM_DELTCLASS, flags_make), ++ 'del-class': (RTM_DELTCLASS, flags_base), + 'change-class': (RTM_NEWTCLASS, flags_change), + 'replace-class': (RTM_NEWTCLASS, flags_replace), + 'add-filter': (RTM_NEWTFILTER, flags_make), +- 'del-filter': (RTM_DELTFILTER, flags_make), ++ 'del-filter': (RTM_DELTFILTER, flags_base), + 'change-filter': (RTM_NEWTFILTER, flags_change), + 'replace-filter': (RTM_NEWTFILTER, flags_replace)} + if isinstance(command, int): +@@ -1856,9 +1856,9 @@ class RTNL_API(object): + 'replace': (RTM_NEWROUTE, flags_replace), + 'change': (RTM_NEWROUTE, flags_change), + 'append': (RTM_NEWROUTE, flags_append), +- 'del': (RTM_DELROUTE, flags_make), +- 'remove': (RTM_DELROUTE, flags_make), +- 'delete': (RTM_DELROUTE, flags_make), ++ 'del': (RTM_DELROUTE, flags_base), ++ 'remove': (RTM_DELROUTE, flags_base), ++ 'delete': (RTM_DELROUTE, flags_base), + 'get': (RTM_GETROUTE, NLM_F_REQUEST), + 'show': (RTM_GETROUTE, flags_dump), + 'dump': (RTM_GETROUTE, flags_dump)} +@@ -1993,9 +1993,9 @@ class RTNL_API(object): + flags_dump = NLM_F_REQUEST | NLM_F_ROOT | NLM_F_ATOMIC + + commands = {'add': (RTM_NEWRULE, flags_make), +- 'del': (RTM_DELRULE, flags_make), +- 'remove': (RTM_DELRULE, flags_make), +- 'delete': (RTM_DELRULE, flags_make), ++ 'del': (RTM_DELRULE, flags_base), ++ 'remove': (RTM_DELRULE, flags_base), ++ 'delete': (RTM_DELRULE, flags_base), + 'dump': (RTM_GETRULE, flags_dump)} + if isinstance(command, int): + command = (command, flags_make) diff -Nru pyroute2-0.5.14/debian/patches/series pyroute2-0.5.14/debian/patches/series --- pyroute2-0.5.14/debian/patches/series 2020-10-13 14:31:06.000000000 +0200 +++ pyroute2-0.5.14/debian/patches/series 2024-06-07 12:06:04.000000000 +0200 @@ -1 +1,2 @@ remove-google-annalytics-from-docs.patch +iproute-linux_try-to-improve-flags-when-sending-del-messages.patch
