Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1566410 - cannot remove macsec module
Summary: cannot remove macsec module
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 28
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1578839
TreeView+ depends on / blocked
 
Reported: 2018-04-12 09:15 UTC by Vladimir Benes
Modified: 2018-05-16 13:09 UTC (History)
17 users (show)

Fixed In Version: kernel-4.16.3-300.fc28
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1578839 (view as bug list)
Environment:
Last Closed: 2018-04-27 04:09:51 UTC
Type: Bug


Attachments (Terms of Use)

Description Vladimir Benes 2018-04-12 09:15:56 UTC
Description of problem:
I am runnign some NetworkManager tests for macsec..

reproducer:

# Setup
modprobe macsec
ip netns add macsec_ns
ip link add macsec_veth type veth peer name macsec_vethp
ip link set macsec_vethp netns macsec_ns
ip link set macsec_veth up
ip netns exec macsec_ns ip link set macsec_vethp up


echo 'eapol_version=3' > /tmp/wpa_supplicant.conf
echo 'ap_scan=0' >> /tmp/wpa_supplicant.conf
echo 'network={' >> /tmp/wpa_supplicant.conf
echo '  key_mgmt=NONE' >> /tmp/wpa_supplicant.conf
echo '  eapol_flags=0' >> /tmp/wpa_supplicant.conf
echo '  macsec_policy=1' >> /tmp/wpa_supplicant.conf
echo '  mka_cak=00112233445566778899001122334455' >> /tmp/wpa_supplicant.conf
echo '  mka_ckn=5544332211009988776655443322110055443322110099887766554433221100' >> /tmp/wpa_supplicant.conf
echo '}' >> /tmp/wpa_supplicant.conf
ip netns exec macsec_ns wpa_supplicant  -c /tmp/wpa_supplicant.conf \
                                        -i macsec_vethp \
                                        -B \
                                        -D macsec_linux \
                                        -P /tmp/wpa_supplicant_ms.pid

sleep 6
ip netns exec macsec_ns ip link show macsec0
ip netns exec macsec_ns ip link set macsec0 up
ip netns exec macsec_ns ip addr add 172.16.10.1/24 dev macsec0
ip netns exec macsec_ns dnsmasq --pid-file=/tmp/dnsmasq_ms.pid \
                                --dhcp-range=172.16.10.10,172.16.10.254,60m  \
                                --interface=macsec0 \
                                --bind-interfaces

# Test
nmcli con add type ethernet con-name test-macsec-base ifname macsec_veth ipv4.method disabled ipv6.method ignore
nmcli con add type macsec con-name test-macsec ifname macsec0 autoconnect no macsec.parent macsec_veth macsec.mode psk macsec.mka-cak 00112233445566778899001122334455 macsec.mka-ckn 5544332211009988776655443322110055443322110099887766554433221100
nmcli con up test-macsec-base
nmcli con up test-macsec

ping -c 2 172.16.10.1

# Clean up
kill $(cat /tmp/wpa_supplicant_ms.pid)
kill $(cat /tmp/dnsmasq_ms.pid)
ip link del macsec_vethp
ip netns delete macsec_ns
nmcli connection delete test-macsec test-macsec-base
modprobe -r macsec


if I run just first phase:
modprobe macsec
ip netns add macsec_ns
ip link add macsec_veth type veth peer name macsec_vethp
ip link set macsec_vethp netns macsec_ns
ip link set macsec_veth up
ip netns exec macsec_ns ip link set macsec_vethp up
ip link del macsec_vethp
ip netns delete macsec_ns
nmcli connection delete test-macsec test-macsec-base
modprobe -r macsec

everything works well

Version-Release number of selected component (if applicable):
kernel-4.16.0-300
NetworkManager-1.10.6-1.fc28.x86_64
wpa_supplicant-2.6-4.el7.x86_64
dnsmasq-2.76-2.el7.x86_64


How reproducible:
always

Steps to Reproduce:
1. see above



Actual results:
stalled modprobe, error in logs, unusable modprobe from this point forward

Expected results:
should clean after correctly

Additional info:

Comment 1 Vladimir Benes 2018-04-12 09:17:18 UTC
it all works on F27

Comment 2 Laura Abbott 2018-04-12 15:01:42 UTC
If you boot an older 4.15.x kernel does it work?

Comment 3 Vladimir Benes 2018-04-13 14:49:42 UTC
(In reply to Laura Abbott from comment #2)
> If you boot an older 4.15.x kernel does it work?

it works with Linux 4.15.0-1.fc28.x86_64 #1 SMP Mon Jan 29 10:12:16 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Comment 4 Laura Abbott 2018-04-16 17:18:06 UTC
Bisected and reported upstream, reverted a bad patch. I'll pull the revert into appropriate branches.

Comment 5 Fedora Update System 2018-04-20 13:31:19 UTC
kernel-4.16.3-300.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-7b851cd56d

Comment 6 Fedora Update System 2018-04-21 18:37:46 UTC
kernel-4.16.3-300.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-7b851cd56d

Comment 7 Fedora Update System 2018-04-27 04:09:51 UTC
kernel-4.16.3-300.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.