Closed zx2c4 closed 4 years ago
I have a sacrificial box I am willing to test on if someone can throw me the updated binary for our the Edgerouter X or the 6P.
On Wed, 6 May 2020 at 12:57, Jason A. Donenfeld notifications@github.com wrote:
https://github.com/WireGuard/wireguard-vyatta-ubnt/blob/c5f2656854ea5b50d5a24d1ee11a9656907822f6/disable_kmalloc.patch exists because of this old issue thread: Lochnair/vyatta-wireguard#97
I never did get around to dusting off the hardware to fix that or to see if there was a compiler bug or similar. But I wonder if it's no longer necessary.
It might be worthwhile to test this out without the patch and see if things are now fixed.
cc @paulg1981 @Dr-Escher @phillipmcmahon @NimlothPL @Lochnair @evenfowler @aswild @dlpwx @coreyhines @dc361 @dampfklon @acejacek @jmturner @benklop who all participated on the old thread.
@FossoresLP - want to try this out?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
-- Use this contact page to send me encrypted messages and files
https://flowcrypt.com/me/phillipmcmahon
P.S. Drowning in email? Try SaneBox and take back control: http://sanebox.com/t/old3m. I love it.
Here are some .debs to try out. You might want to uninstall the current package before installing the new package, since they share the same version number:
https://gitlab.com/FossoresLP/wireguard-vyatta-ubnt/-/jobs/540627806/artifacts/file/e50-v1-v1.0.20200429-v1.0.20200319.deb https://gitlab.com/FossoresLP/wireguard-vyatta-ubnt/-/jobs/540627807/artifacts/file/e50-v2-v1.0.20200429-v1.0.20200319.deb https://gitlab.com/FossoresLP/wireguard-vyatta-ubnt/-/jobs/540627808/artifacts/file/e100-v1-v1.0.20200429-v1.0.20200319.deb https://gitlab.com/FossoresLP/wireguard-vyatta-ubnt/-/jobs/540627809/artifacts/file/e100-v2-v1.0.20200429-v1.0.20200319.deb https://gitlab.com/FossoresLP/wireguard-vyatta-ubnt/-/jobs/540627810/artifacts/file/e200-v1-v1.0.20200429-v1.0.20200319.deb https://gitlab.com/FossoresLP/wireguard-vyatta-ubnt/-/jobs/540627811/artifacts/file/e200-v2-v1.0.20200429-v1.0.20200319.deb https://gitlab.com/FossoresLP/wireguard-vyatta-ubnt/-/jobs/540627812/artifacts/file/e300-v1-v1.0.20200429-v1.0.20200319.deb https://gitlab.com/FossoresLP/wireguard-vyatta-ubnt/-/jobs/540627813/artifacts/file/e300-v2-v1.0.20200429-v1.0.20200319.deb https://gitlab.com/FossoresLP/wireguard-vyatta-ubnt/-/jobs/540627814/artifacts/file/e1000-v1-v1.0.20200429-v1.0.20200319.deb https://gitlab.com/FossoresLP/wireguard-vyatta-ubnt/-/jobs/540627815/artifacts/file/e1000-v2-v1.0.20200429-v1.0.20200319.deb https://gitlab.com/FossoresLP/wireguard-vyatta-ubnt/-/jobs/540627817/artifacts/file/ugw3-v1-v1.0.20200429-v1.0.20200319.deb https://gitlab.com/FossoresLP/wireguard-vyatta-ubnt/-/jobs/540627818/artifacts/file/ugw4-v1-v1.0.20200429-v1.0.20200319.deb https://gitlab.com/FossoresLP/wireguard-vyatta-ubnt/-/jobs/540627819/artifacts/file/ugwxg-v1-v1.0.20200429-v1.0.20200319.deb
Great, that is good information to know.
Will test this afternoon/evening on both boxes and get back to this thread.
On Wed, 6 May 2020 at 13:12, Jason A. Donenfeld notifications@github.com wrote:
To grab a .deb to try out, follow these instructions:
At some point https://gitlab.com/FossoresLP/wireguard-vyatta-ubnt/pipelines/143280230 will be complete. At that point, click on one of the packages:
Then press "Download" under "Job Artifacts":
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
-- Use this contact page to send me encrypted messages and files
https://flowcrypt.com/me/phillipmcmahon
P.S. Drowning in email? Try SaneBox and take back control: http://sanebox.com/t/old3m. I love it.
Apologies forgot to add, I will test on both v1 and v2 firmware builds.
On Wed, 6 May 2020 at 13:15, Phillip McMahon phillip.mcmahon@gmail.com wrote:
Great, that is good information to know.
Will test this afternoon/evening on both boxes and get back to this thread.
On Wed, 6 May 2020 at 13:12, Jason A. Donenfeld notifications@github.com wrote:
To grab a .deb to try out, follow these instructions:
At some point https://gitlab.com/FossoresLP/wireguard-vyatta-ubnt/pipelines/143280230 will be complete. At that point, click on one of the packages:
Then press "Download" under "Job Artifacts":
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
-- Use this contact page to send me encrypted messages and files
https://flowcrypt.com/me/phillipmcmahon
P.S. Drowning in email? Try SaneBox and take back control: http://sanebox.com/t/old3m. I love it.
-- Use this contact page to send me encrypted messages and files
https://flowcrypt.com/me/phillipmcmahon
P.S. Drowning in email? Try SaneBox and take back control: http://sanebox.com/t/old3m. I love it.
I'm going to try this on my ER-8-Pro though I don't have time to test v1 firmware right now.
Disassembling a few of these at random, things look better than last time:
__get_free_pages
is called on the v1/3.10 kernels.kmalloc_order
is getting called on the v2/4.9 kernelsHopefully kmalloc_order
won't jump to kmem_cache_alloc
with the null argument, a result of reading the null out of kmalloc_caches+0x78
, like it did before.
Last year's issue kernel on a v2 e300:
Current issue kernel on a v2 e300:
This is looking promising.
Interestingly, I don't see anything different in the kernel source related to this between then and now. However the assembly is clearly different. I wonder if this is a bug with an older compiler that @Lochnair was using on his build infra?
Waiting to hear back from you all (@phillipmcmahon @FossoresLP and others who are interested).
Just finished up at work. Will crack out the 6p and get testing done.
On Wed, 6 May 2020 at 22:26, Jason A. Donenfeld notifications@github.com wrote:
Interestingly, I don't see anything different in the kernel source related to this between then and now. However the assembly is clearly different. I wonder if this is a bug with an older compiler that @Lochnair https://github.com/Lochnair was using on his build infra?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/WireGuard/wireguard-vyatta-ubnt/issues/10#issuecomment-624871916, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAONZR45BM4PG6P5CVGJ6GLRQHBYXANCNFSM4M2K3LHA .
-- Use this contact page to send me encrypted messages and files
https://flowcrypt.com/me/phillipmcmahon
P.S. Drowning in email? Try SaneBox and take back control: http://sanebox.com/t/old3m. I love it.
@zx2c4 It shouldn't be. AFAICS the new CI uses the same script as I used to build the toolchain, so there shouldn't be any differences there.
Huh, well that's very very very weird then. It looks like in slab.h, if (size > KMALLOC_MAX_CACHE_SIZE)
was incorrectly evaluating to false at compile time on the old builds. On the new builds it evaluates correctly to true at compile time.
Actually, your old CI shows Copied 1 artifact from "Ubiquiti » E300 kernels » v2.0.0/master" build number 1
. However, I'm only able to find v2.0.1 on Ubnt's main site and in your kernel archives. I wonder if this was some beta source?
Edit: found it by messing with the URLs. Downloading and investigating now.
Between v2.0.0 and v2.0.1 there don't seem to be any relevant changes either. So, my best guess at the moment remains: compiler bug.
@Lochnair You are correct, the CI is currently still using mostly the same build scripts you created. @zx2c4 On the v2 firmware on my ER-8-Pro I am not experiencing any kernel panics so far. I might have to work out some issues with my testing environment (Windows is just not great for this stuff) before I can run a proper stress test.
I'm running de-patched e100-v1 on my LITE-3 and all seems to work smoothly. No kernel panic so far.
I might have to work out some issues with my testing environment (Windows is just not great for this stuff) before I can run a proper stress test.
No "stress test" needed. If you can ip link add wg0 type wireguard
without crashing, it means we're all set.
I'm running de-patched e100-v1 on my LITE-3 and all seems to work smoothly. Ko kernel panic so far.
Excellent, thanks for reporting.
@Lochnair Any chance you still have an old Octeon toolkit lying around? Maybe Marvell fixed something there? Edit: Nvm, the last time anything in there changed was in mid 2018.
Tested on an Edgerouter 6P (e300) device on both v1 and v2 firmware.
Working fine, no kernel panic and multiple wg interfaces up.
Yet to test on the Edgerouter X, forget this has no console port and a kernel panic is a different story to recover from. Will tackle that tomorrow.
On Wed, 6 May 2020 at 22:29, Phillip McMahon phillip.mcmahon@gmail.com wrote:
Just finished up at work. Will crack out the 6p and get testing done.
On Wed, 6 May 2020 at 22:26, Jason A. Donenfeld notifications@github.com wrote:
Interestingly, I don't see anything different in the kernel source related to this between then and now. However the assembly is clearly different. I wonder if this is a bug with an older compiler that @Lochnair https://github.com/Lochnair was using on his build infra?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/WireGuard/wireguard-vyatta-ubnt/issues/10#issuecomment-624871916, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAONZR45BM4PG6P5CVGJ6GLRQHBYXANCNFSM4M2K3LHA .
-- Use this contact page to send me encrypted messages and files
https://flowcrypt.com/me/phillipmcmahon
P.S. Drowning in email? Try SaneBox and take back control: http://sanebox.com/t/old3m. I love it.
-- Use this contact page to send me encrypted messages and files
https://flowcrypt.com/me/phillipmcmahon
P.S. Drowning in email? Try SaneBox and take back control: http://sanebox.com/t/old3m. I love it.
@phillipmcmahon Thanks for testing. ER-X will still be interesting as it uses a different build infrastructure. Hoping it works well, too.
@FossoresLP If you need it, I have a copy of the pre-built Octeon toolchain hosted at https://vyatta-wireguard-build.s3.amazonaws.com/OCTEON-SDK-5.1-tools.tar.xz
After the Cavium -> Marvell switch, they stopped hosting the prebuilt toolchains and now only release the source tarballs.
This toolchain was able to reproduce the kvmalloc bug back during debugging the old repo's issue. I haven't re-tested new wireguard versions without the kmalloc patch yet.
Test on the Edgerouter X (e50) on both v1 and v2 firmware.
No issues, no kernel panic on multiple reboots and an active wg interface.
On Wed, 6 May 2020 at 23:44, Pascal Vorwerk notifications@github.com wrote:
@phillipmcmahon https://github.com/phillipmcmahon Thanks for testing. ER-X will still be interesting as it uses a different build infrastructure. Hoping it works well, too.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/WireGuard/wireguard-vyatta-ubnt/issues/10#issuecomment-624907329, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAONZRY2H3R5YFPM27SLCCLRQHK3PANCNFSM4M2K3LHA .
-- Use this contact page to send me encrypted messages and files
https://flowcrypt.com/me/phillipmcmahon
P.S. Drowning in email? Try SaneBox and take back control: http://sanebox.com/t/old3m. I love it.
That's excellent news. Thank you for reporting. I think we can close this issue.
I just released a new snapshot -- https://lists.zx2c4.com/pipermail/wireguard/2020-May/005408.html -- so when @FossoresLP bumps the binaries next, they won't have the patch.
Great -- late to the game but works well on one of my ER-Xs as well.. thanks all.
disable_kmalloc.patch exists because of this old issue thread: https://github.com/Lochnair/vyatta-wireguard/issues/97 , which reported a crash with this stacktrace:
I never did get around to dusting off the hardware to fix that or to see if there was a compiler bug or similar. But I wonder if it's no longer necessary.
It might be worthwhile to test out a build without the patch to see if things are now fixed.
cc @paulg1981 @Dr-Escher @phillipmcmahon @NimlothPL @Lochnair @evenfowler @aswild @dlpwx @coreyhines @dc361 @dampfklon @acejacek @jmturner @benklop who all participated on the old thread.
@FossoresLP - want to try this out?