← Back to team overview

desktop-packages team mailing list archive

[Bug 1511735] Re: libnl: fail to bind() netlink sockets

 

I've done some more verification tests by installing as many of the
reverse depends on libnl to see if any other package implodes like
Network-Manager did.

Sniff Check OK: Tested by install and invoke binaries.
batctl 
bmon 
ipvsadm 
keepalived 
libfsobasics3 
libnetcf1 
libnl-3-200-dbg 
libnl-3-dev 
libnl-cli-3-200 
libnl-genl-3-200 
libnl-nf-3-200 
libnl-route-3-200 
libnl-utils 
libnss-gw-name 
libvirt-bin 
libvirt0 
network-manager (with what's in proposed)
powertop 
quota 

SKIPPED: Packages that depended on wireless devices for testing 
crda 
hostapd 
iw 
kismet 
knemo 
lowpan-test-tools 
lowpan-tools 
neard 
neard-tools 
ntrack-module-libnl-0 
plainbox-provider-resource-generic 
sssd-common
wpasupplicant


** Changed in: libnl3 (Ubuntu Trusty)
     Assignee: Ryan Harper (raharper) => (unassigned)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libnl3 in Ubuntu.
https://bugs.launchpad.net/bugs/1511735

Title:
  libnl: fail to bind() netlink sockets

Status in libnl3 package in Ubuntu:
  Fix Released
Status in libnl3 source package in Trusty:
  Fix Committed
Status in libnl3 package in Debian:
  Fix Released

Bug description:
  [Triage Notes]

  The proposed fix for this bug in libnl3 caused a regression in trusty-
  proposed, tracked in bug 1539634. The regression is caused by a latent
  bug in Network Manager. We expect to fix this by landing a fix for the
  bug in Network Manager in trusty-updates at the same time as this fix.

  [Impact]

   * Applications in Trusty using libnl-3-200 which frequently open and
     close netlink sockets can easily fail when attempting to bind the
     local socket.  The problem happens when libnl choose a port id
     already used by another application and subsequently libnl fails
     instead of trying another port id.

     The original bug was discovered when attempting to start a virtual
     machine under libvirt, which is a user of this library.

   * Backporting fixes from upstream release fixes a real bug in the
     current version of the library in Trusty.  The alternative is for all
     applications to manually manage their local port allocation, or as
     upstream has accepted allowing libnl to attempt to try for other
     local ports.

   * All patches applied are already accepted upstream and newer Ubuntu
     releases are not affected.

  [Test Case]

   * On a Trusty 14.04 system
     1. sudo apt-get install libnl-3-200 libnl-3-dev libnl-3-dev \
                             libnl-genl-3-dev libnl-route-3-200 \
                             make gcc build-essential libnl1
     2. download and unpack attachment: lp_1511735_test.tar
     3. Run testcases:

      % if ./example.sh; then echo "libnl OK"; else echo "libnl FAILED"; fi
      gcc -o example -I/usr/include/libnl3 example.c -lnl-3 -lnl-genl-3
      set manually the local port to 6975 (pid: 6974)
      local port has been set by the libnl to 6975 (pid: 6975)
      ERROR: genl_connect(): Object exists (local port: 6975, pid: 6975)
      libnl FAILED
      % python libnl3-test-rh1249158.py a b c d
      ulimit(NOFILE) = (2048, 4096)
      Test: PID=6978
      TEST (a)...
      Traceback (most recent call last):
        File "libnl3-test-rh1249158.py", line 226, in <module>
          locals()["TEST_" + arg]()
        File "libnl3-test-rh1249158.py", line 140, in TEST_a
          sk = nl_get_socket()
        File "libnl3-test-rh1249158.py", line 115, in nl_get_socket
          raise IOError(-err, _nl_geterror())
      OSError: [Errno 6] b'Unspecific failure'

     4. After applying the updated packages:

      % if ./example.sh; then echo "libnl OK"; else echo "libnl FAILED"; fi
      gcc -o example -I/usr/include/libnl3 example.c -lnl-3 -lnl-genl-3
      set manually the local port to 11295 (pid: 11294)
      local port has been set by the libnl to 2894081055 (pid: 11295)
      libnl OK
      % python libnl3-test-rh1249158.py a b c d
      ulimit(NOFILE) = (2048, 4096)
      Test: PID=11296
      TEST (a)...
      ...done
      TEST (b)...
      ...done
      TEST (c)...
      ...done
      TEST (d)...
      ...done

  [Regression Potential]

   * There are quite a few high profile packages that depend on this package,
     notably libvirt and network-manager.  The complete list is here:

     # on Trusty
      % apt-rdepends -r libnl-3-200 | head -n 33
      libnl-3-200
        Reverse Depends: batctl (>= 2013.4.0-2)
        Reverse Depends: bmon (>= 1:3.1-1)
        Reverse Depends: crda (>= 1.1.2-1ubuntu2)
        Reverse Depends: hostapd (>= 1:2.1-0ubuntu1)
        Reverse Depends: ipvsadm (>= 1:1.26-2ubuntu1)
        Reverse Depends: iw (>= 3.4-1)
        Reverse Depends: keepalived (>= 1:1.2.7-1ubuntu1)
        Reverse Depends: kismet (>= 2013.03.R1b-3)
        Reverse Depends: knemo (>= 0.7.6-2)
        Reverse Depends: libfsobasics3 (>= 0.12.0-4)
        Reverse Depends: libnetcf1 (>= 1:0.2.3-4ubuntu1)
        Reverse Depends: libnl-3-200-dbg (= 3.2.21-1)
        Reverse Depends: libnl-3-dev (= 3.2.21-1)
        Reverse Depends: libnl-cli-3-200 (= 3.2.21-1)
        Reverse Depends: libnl-genl-3-200 (= 3.2.21-1)
        Reverse Depends: libnl-nf-3-200 (= 3.2.21-1)
        Reverse Depends: libnl-route-3-200 (= 3.2.21-1)
        Reverse Depends: libnl-utils (>= 3.2.21-1)
        Reverse Depends: libnss-gw-name (>= 0.3-2)
        Reverse Depends: libvirt-bin (>= 1.2.2-0ubuntu13)
        Reverse Depends: libvirt0 (>= 1.2.2-0ubuntu13)
        Reverse Depends: lowpan-test-tools (>= 0.3-1)
        Reverse Depends: lowpan-tools (>= 0.3-1)
        Reverse Depends: neard (>= 0.11-1)
        Reverse Depends: neard-tools (>= 0.11-1)
        Reverse Depends: network-manager (>= 0.9.8.8-0ubuntu7)
        Reverse Depends: ntrack-module-libnl-0 (>= 016-1.2ubuntu2)
        Reverse Depends: plainbox-provider-resource-generic (>= 0.3-1)
        Reverse Depends: powertop (>= 2.5-1ubuntu1)
        Reverse Depends: quota (>= 4.01-3)
        Reverse Depends: sssd-common (>= 1.11.5-1ubuntu3)
        Reverse Depends: wpasupplicant (>= 2.1-0ubuntu1)

   * This patch does change the default behavoir when asking libnl-3-200
     to generate local ports.  Applications (or libraries) may already
     have retry code in-place and it's not clear if those applications
     would break.

  [Original Description]
  The following upstream patches are needed in order to avoid failures when binding a netlink socket:

  1f734a8f892a lib/socket: randomize the generated local port
  http://git.infradead.org/users/tgr/libnl.git/commitdiff/1f734a8f892a

  4dd5fdd0af2c lib/socket: retry generate local port in nl_connect on ADDRINUSE
  http://git.infradead.org/users/tgr/libnl.git/commitdiff/4dd5fdd0af2c

  027157898708 lib/socket: don't fail if no more local ports can be assigned in nl_socket_alloc
  http://git.infradead.org/users/tgr/libnl.git/commitdiff/027157898708

  0fd510b3673f lib/socket: use proper typed constant UINT32_MAX for uint32_t typed port
  http://git.infradead.org/users/tgr/libnl.git/commitdiff/0fd510b3673f

  Without these patches, an application which opens and closes regularly
  netlink sockets can easily fails to bind them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnl3/+bug/1511735/+subscriptions