canonical-ubuntu-qa team mailing list archive
-
canonical-ubuntu-qa team
-
Mailing list archive
-
Message #06532
[Bug 2096976] Re: ipsec_offload in rtnetlink.sh from ubunsu_kselftests_net fails on O/J
This bug was fixed in the package linux - 5.15.0-138.148
---------------
linux (5.15.0-138.148) jammy; urgency=medium
* jammy/linux: 5.15.0-138.148 -proposed tracker (LP: #2102587)
* ipsec_offload in rtnetlink.sh from ubunsu_kselftests_net fails on O/J
(LP: #2096976)
- SAUCE: selftest: netfilter: fix null IP field in kci_test_ipsec_offload
* CVE-2025-21756
- vsock: Keep the binding until socket destruction
- vsock: Orphan socket after transport release
* CVE-2024-50256
- netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
* CVE-2025-21702
- pfifo_tail_enqueue: Drop new packet when sch->limit == 0
* CVE-2025-21703
- netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
* CVE-2025-21700
- net: sched: Disallow replacing of child qdisc from one parent to another
* CVE-2024-46826
- ELF: fix kernel.randomize_va_space double read
* CVE-2024-56651
- can: hi311x: hi3110_can_ist(): fix potential use-after-free
* iBFT iSCSI out-of-bounds shift UBSAN warning (LP: #2097824)
- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
* CVE-2024-50248
- ntfs3: Add bounds checking to mi_enum_attr()
- fs/ntfs3: Sequential field availability check in mi_enum_attr()
* CVE-2022-0995
- watch_queue: Use the bitmap API when applicable
* CVE-2024-26837
- net: bridge: switchdev: Skip MDB replays of deferred events on offload
* CVE-2025-21701
- net: avoid race between device unregistration and ethnl ops
* CVE-2024-57798
- drm/dp_mst: Skip CSN if topology probing is not done yet
- drm/dp_mst: Ensure mst_primary pointer is valid in
drm_dp_mst_handle_up_req()
* CVE-2024-56658
- net: defer final 'struct net' free in netns dismantle
* CVE-2024-35864
- smb: client: fix potential UAF in smb2_is_valid_lease_break()
* CVE-2024-35864/CVE-2024-26928
- smb: client: fix potential UAF in cifs_debug_files_proc_show()
-- Stefan Bader <stefan.bader@xxxxxxxxxxxxx> Fri, 14 Mar 2025 15:32:05
+0100
--
You received this bug notification because you are a member of Canonical
Platform QA Team, which is subscribed to ubuntu-kernel-tests.
https://bugs.launchpad.net/bugs/2096976
Title:
ipsec_offload in rtnetlink.sh from ubunsu_kselftests_net fails on O/J
Status in ubuntu-kernel-tests:
New
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Jammy:
Fix Released
Status in linux source package in Oracular:
Fix Released
Bug description:
[ Impact ]
selftest: netfilter: after upstream commit 2cf567f421dbfe7e53b7e5ddee9400da10efb75d
ipsec_offload test needs its source ip written into the expected value, however the
complete patchset https://lore.kernel.org/lkml/20241010040027.21440-1-liuhangbin@xxxxxxxxx/
has a more comprehensive modification so this only fixes the test for the
current status (only patch 2/3 of the patchset applied).
Found on Oracular 6.11.0-17.17 and should be found on its derivatives /
backports.
Log output:
# selftests: net: rtnetlink.sh
# PASS: policy routing
---(snip)---
# PASS: ipsec
# FAIL: ipsec_offload incorrect driver data
# FAIL: ipsec_offload
# PASS: bridge fdb get
Verbose output should be like:
COMMAND: modprobe -q netdevsim
COMMAND: ip x p add dir out src 192.168.123.3/24 dst 192.168.123.4/24 tmpl
proto esp src 192.168.123.3 dst 192.168.123.4 spi 9 mode transport reqid 42
COMMAND: ip x p add dir in src 192.168.123.4/24 dst 192.168.123.3/24 tmpl
proto esp src 192.168.123.4 dst 192.168.123.3 spi 9 mode transport reqid 42
COMMAND: ip x s add proto esp src 192.168.123.3 dst 192.168.123.4 spi 9 mode
transport reqid 42 aead rfc4106(gcm(aes))
0x3132333435363738393031323334353664636261 128 sel src 192.168.123.3/24 dst
192.168.123.4/24 offload dev eni0np1 dir out
COMMAND: ip x s add proto esp src 192.168.123.4 dst 192.168.123.3 spi 9 mode
transport reqid 42 aead rfc4106(gcm(aes))
0x3132333435363738393031323334353664636261 128 sel src 192.168.123.4/24 dst
192.168.123.3/24 offload dev eni0np1 dir in
COMMAND: diff /sys/kernel/debug/netdevsim/netdevsim0/ports/0//ipsec -
2c2
< sa[0] tx ipaddr=0x00000000 00000000 00000000 047ba8c0
---
> sa[0] tx ipaddr=0x00000000 00000000 00000000 00000000
FAIL: ipsec_offload incorrect driver data
[ Fix ]
Oracular: fixed separately
Jammy: fixed separately
[ Test Plan ]
Compiled, boot tested and auto-tested on amd64.
[ Where Problems Could Occur ]
The fix affects only the failing ipsec_offload of the netfilter test.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/2096976/+subscriptions
References