I don't understand which kernel should be tested on xenial. The kernel 4.15.0-112-generic does not have the bug.
** Tags removed: verification-needed-bionic verification-needed-focal ** Tags added: verification-done-bionic verification-done-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-oem-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1890796 Title: ipsec: policy priority management is broken Status in linux package in Ubuntu: Fix Released Status in linux-hwe package in Ubuntu: Invalid Status in linux-oem-5.6 package in Ubuntu: Invalid Status in linux source package in Xenial: Fix Committed Status in linux-hwe source package in Xenial: Invalid Status in linux-oem-5.6 source package in Xenial: Invalid Status in linux source package in Bionic: Fix Committed Status in linux-hwe source package in Bionic: Fix Committed Status in linux-oem-5.6 source package in Bionic: Invalid Status in linux source package in Focal: Fix Committed Status in linux-hwe source package in Focal: Invalid Status in linux-oem-5.6 source package in Focal: Confirmed Bug description: [Impact] When the user tries to update the priority field of a SP, the SP is not updated *AND* a new SP is created. This results to a broken IPsec configuration. This problem has been fixed in the upstream commit 4f47e8ab6ab7 ("xfrm: policy: match with both mark and mask on user interfaces"): https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f47e8ab6ab7 [Test Case] root@dut-vm:~# uname -a Linux dut-vm 5.4.0-42-generic #46~18.04.1-Ubuntu SMP Fri Jul 10 07:21:24 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux root@dut-vm:~# ip xfrm policy flush root@dut-vm:~# ip xfrm policy root@dut-vm:~# ip xfrm policy add src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp dir in action allow priority 9 tmpl src 3.3.3.3 dst 4.4.4.4 proto esp mode tunnel reqid 1 root@dut-vm:~# ip xfrm policy src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp dir in priority 9 tmpl src 3.3.3.3 dst 4.4.4.4 proto esp reqid 1 mode tunnel root@dut-vm:~# ip xfrm policy update src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp dir in priority 5 tmpl src 3.3.3.3 dst 4.4.4.4 proto esp mode tunnel reqid 1 root@dut-vm:~# ip xfrm policy src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp dir in priority 5 tmpl src 3.3.3.3 dst 4.4.4.4 proto esp reqid 1 mode tunnel src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp dir in priority 9 tmpl src 3.3.3.3 dst 4.4.4.4 proto esp reqid 1 mode tunnel root@dut-vm:~# => Now, there is 2 SP instead of 1. [Regression Potential] The patch affects the xfrm stack only. Thus, the potential regressions are limited to this area. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1890796/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
