[linux-azure] IP forwarding issue in netvsc
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-azure (Ubuntu) |
Fix Released
|
Undecided
|
Marcelo Cerri | ||
Bionic |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Marcelo Cerri | ||
linux-azure-4.15 (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Marcelo Cerri | ||
Focal |
Invalid
|
Undecided
|
Unassigned |
Bug Description
[Impact]
We identified an issue with the Linux netvsc driver when used in IP forwarding mode. The problem is that the RSS hash value is not propagated to the outgoing packet, and so such packets go out on channel 0. This produces an imbalance across outgoing channels, and a possible overload on the single host-side CPU that is processing channel 0. The problem does not occur when Accelerated Networking is used because the packets go out through the Mellanox driver. Because it is tied to IP forwarding, the problem is presumably most likely to be visible in a virtual appliance device that is doing network load balancing or other kinds of packet filtering and redirection.
We would like to request fixes to this issue in 16.04, 18.04 and 20.04.
Two fixes are already in the upstream v5.5+, so they’re already in 5.8.0-1011.11.
For 5.4.0-1031.32, the 2 fixes can apply cleanly:
https:/
https:/
For 5.0.0-1036.38, we need 1 more patch applied first, so the list is:
https:/
https:/
https:/
For 4.15.0-
https:/
https:/
(The 2 patches are on the branch https:/
[Test Case]
As described in https:/
[Where problems could occur]
A potential regression would affect Azure instance using netvsc without accelerated networking.
CVE References
Changed in linux-azure (Ubuntu): | |
assignee: | nobody → Marcelo Cerri (mhcerri) |
Changed in linux-azure (Ubuntu Bionic): | |
status: | New → Invalid |
Changed in linux-azure-4.15 (Ubuntu Focal): | |
status: | New → Invalid |
Changed in linux-azure (Ubuntu Focal): | |
status: | New → In Progress |
Changed in linux-azure-4.15 (Ubuntu Bionic): | |
status: | New → In Progress |
assignee: | nobody → Marcelo Cerri (mhcerri) |
Changed in linux-azure (Ubuntu Focal): | |
assignee: | nobody → Marcelo Cerri (mhcerri) |
description: | updated |
Changed in linux-azure (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Changed in linux-azure-4.15 (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Thanks for reporting the issue and for providing the back ported fixes.
Do you have any instructions that we can use to reproduce and test the problem?