From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E43B4C433E0 for ; Thu, 18 Jun 2020 00:46:20 +0000 (UTC) Received: from krantz.zx2c4.com (krantz.zx2c4.com [192.95.5.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 882432168B for ; Thu, 18 Jun 2020 00:46:20 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Ezl2jAVz" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 882432168B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=wireguard-bounces@lists.zx2c4.com Received: by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id dfad24e2; Thu, 18 Jun 2020 00:27:49 +0000 (UTC) Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [2a00:1450:4864:20::22f]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTPS id af9a0fa5 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for ; Thu, 18 Jun 2020 00:27:46 +0000 (UTC) Received: by mail-lj1-x22f.google.com with SMTP id n23so5138461ljh.7 for ; Wed, 17 Jun 2020 17:45:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:autocrypt:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=pQn7tm2wbFbPnX6f7z8INawT3eyttbn40Mba1M1NDOg=; b=Ezl2jAVz/3e6Djbk9jmAR0GHr9ZvtzxAZNf2iS5SRNMtCmFRoDLS0WrWPpN7OSilF8 HekBrl2Dx8N8XjpC6geg6/Lo0V5kCXppExN+DAwAWjSYXcRI0SZfWrAKjl4ALgTW1woQ zksS+OFYYjx9aIfZAu+eDlXP3+LKcG1kr7+TyNzEMm7qEmW3Ns+gKFppUgnFT9E4+/gG +/OoaXEC2okuZ6F4s2tmP8T9HfUAVWRR3b/mYF8rYGqum5t+sTmEEa6TbI+nLTFt+YPa Oi4Fpb0h5qDgjbL2k9G3rg25AkJzv5ND1c2CTUVSQ6DnUlctS/P/ukal/fuzuySkfaqp xkZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding:content-language; bh=pQn7tm2wbFbPnX6f7z8INawT3eyttbn40Mba1M1NDOg=; b=BJSmzKbKs592iKofIn82SGZKVd1F64ZF9ZmYqdV5i96wFoive6Xrq4vec4FuU8DPoA JwQe3IvqlzgWx6FBdpVfTu24A35N9DlajCGpcvdbB+xFgF2HyXHuQxD+Cl12tbIJ+5W8 UxmyTNhyOneb3mj2nteosHvrWlrJej0imDe52Ci46vwxga6NfOvI1vRKoCKf2v8OLf2s 1SREzoAo8HDAkCZpRrZ0fjv+ws666rnjUx3PfyPVxnE/j6ycx/A9hQMrVRniGsI2N6md nOkebc9Ol4X62kwsI5Hs421f/sVaELKytKv6SlBxgqUWnHWN6g7HFjbJzLLaJKA3upj3 +Zfw== X-Gm-Message-State: AOAM531L9Cw2I40ZSOb0vBmhHyGRAGfqn2Q68sbDgWjqUqv/a21+N0+1 TXbUcVr/wdmetuhaJHHCRRcAUTEda2s= X-Google-Smtp-Source: ABdhPJzG0s6Xkc+4o//J9cAreT6bGxj0wNB9mzDd9yUbQdf+hRrpvnhlYU2SM6Nf5lRUhrKKzdofXA== X-Received: by 2002:adf:df91:: with SMTP id z17mr7720277wrl.273.1592391794413; Wed, 17 Jun 2020 04:03:14 -0700 (PDT) Received: from [192.168.1.10] ([5.51.220.116]) by smtp.googlemail.com with ESMTPSA id s18sm40433850wra.85.2020.06.17.04.03.12 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 17 Jun 2020 04:03:13 -0700 (PDT) Subject: Re: Problems with Ubuntu 16.04 kernels and wireguard 1.0.20200611 To: "Jason A. Donenfeld" Cc: WireGuard mailing list , Andy Whitcroft , unit193@ubuntu.com, Ubuntu Kernel Team References: <56455548-76ff-1f8e-9aff-e0bd45d8daa3@gmail.com> From: Gregory ORIOL Autocrypt: addr=fortin81@gmail.com; keydata= mQINBFuuJB4BEADYwarUr0NGeUfNwvfuSsLnAUHPnPKHON9L2stl9ZNTUc7OmfThPR2hEM4I pYkdqai4u3Jxwqsv2Pxz8pGqZh20oLOiELjHIassRlrSGbaHKhGMtI6fjhsamR/H+KxvhmEk 4f5XA9WmhjUamaagPK8UhIeK56+lCu+3z1/2UV5Pgu8Kf2wb35Ib1G081O+Gp61AXTsabmbb Fl4hAk9YjqfjelfqQgNd78inyx88Qz0InphzeL64lOFKtHtulA4HMd9SwAi9SqWBN8D4LKhY CPP7R2weQiGY1eA2SAVquDLjNa1JXC2Yb1BzqbCqD27KRBUCQ2jzUkB7h+zcBlxz5U3v3lwH zGkHwXUQc38SvEJKlWCURHDD7hqTW5fsuEsEuwwEGeVFRV49bx4i2DhSga4REdvIfgOw7n9k Elvp4BUvfGoan94u+r4UWr/L64E+U++YT7vNYxtKC/DuVdObVlRXnYOrEWinQnG7DyQ9gzhU yYUYX+iqoyPKF6QlcUU66LA9wh5rz/o8b1jHg5OZh28tlozW4yQmn8+6VSy2KZxu6AznplTR kGlSWmtidKCb2EiSwFTWfPqHwvg6Bvfd1mWQPQm4x0od2FuAhoujqvpPcRgFys7NhltsGg5N 8h53isDLmXmCd2xYT/5FXztnTzgzaPe9pomZULXzNeKW4wUONQARAQABtB9HcmVnIE9SSU9M IDxncmVnQGdyZWdvcmlvbC5uZXQ+iQJOBBMBCAA4FiEEwd5cqO5naKLqsHv2C/6Hz1wTzfQF AluuJB4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQC/6Hz1wTzfSJRg//XDN25KnB Cp1y4Bw/pIQsCwnsAY8OPSmOQhu2PFvQ0Wq17CCR5uZFBL4o4V1Mifl4zQOrXTm6M4rcy7F7 P7dbPmgkThl/BGPzOB5KTP/gPmkPb/lJWdK2WeRRL5b0Pcg7y1+9FINhNMVBap1aJjMrI8p+ dhVk55RGTtyFoHERkjfrtckLEszbZ00fKZKQW+Oloioq5fUvf/pV6m0jvLvmt2jhtMaqMon9 uakEqI0RZzhjlHZwxSnuXXzYniUSkjGZaP7vKpYTsnii0pzYpqlj9VB29v82IOUcRDIodSts uy8PeTiq6iiv5G3R/+3OcGrE7v93aWtu2sY8oKSUZQAfjbxKLR6lSAq6L430AXhKeHxZuEiR iTEYhr2ZnEBelPQOyPRQRLTjNMD5pHgT4MSWGh3U8mDfZWe3DWQUR3zxGaSKg7Ja9+2ellur GRLdCuxbm2zhxhdM5V68hvxyFxOaYRlL7e87KpxdxCz3l61BltMTQNcrHF57jLaULSX56bUN nfw6yZS85qRoA9pUyccc3Hx7pCpuRW7yn0nOxZVnkBcLJOvmky1Psswx+2PIbtZBHo5+GQGw yx0/S5Wtlzwd9EuKcU1NZFabulgGgVsRy6uqxN3WgNe29rOMM9OHI+ujvQx/dRQebRQ6YHrZ HqxjQD6PL7hmYbw07RmbQ64vp7W5Ag0EW64kHgEQANPcs9On46O6aA4QDPOkddk1352l6mS5 l7Dhv7RaX3lYwJvhavxebN1s7w9QPrMhnLft2H1QX+DX5qx96d5HBZCMO4MH7YYO7BdiK2nJ stWahpBvvIX84lM1ruRQjaE7NWzBs/NvlHzllElYO8rgt+1jwVCNdtQ9SRIacnHgj3z0gU5w APx+UAvRdmo787pr7mxB3QtaAzmaU/SoBFJ2bGzN30cxwwy+tmnZYP0aeipSTXGpxM2XhmJW ZGtmRpEmNLgePl6V8vEEDo0FXVDg+EKD8Y+L6bf5TsIIgaU9KZV9/Jds6KzYIyGp+8kt0PUK bg1LWqdGJZ7TaaMVYZ1Rqebjw7EzYv9BOep0Am2InT5Ta/CjtXdKe9ILhhvZD7fPcKvZpjUi DHiA61BcapAjus+6yOOYlEcfPRBf0vSrMTgl6Q16fMkPVRFzN0kras1eFiMlPYcQXlFSNcgJ FiyiuALUP7i8Ir8ZdyoQQekBjVcphJwuwYymJ0d786V6AEdqzOMX9s6z/UA+7qzKnenHWaPX uRaNQS0WUTi5u7xot9INKromXru4sDTpgkli0cAdfmEvXWn8/b/khHO1R/8PZ8BiEQefiLXy CHNWt7n1nSnAnhonMzd5/6kaUWvLPc61SKs+y3KiCsePYWwC6G5+f3SdwbtS8OPHw54BTH9S yVLlABEBAAGJAjYEGAEIACAWIQTB3lyo7mdoouqwe/YL/ofPXBPN9AUCW64kHgIbDAAKCRAL /ofPXBPN9DfjEACshiHKpiEtphrKwT5V+E0F8mec7GcqVU1iXFVFB6TJT8Y7AwMEsVSP3wtZ G8R3fPmRm5KByq9FPOkO0TPGLtlTT3WLhTyZZYPSZ1HNp522X0TmUMW1hzkPEiC9jOITb+8P fkBEr8b+/H9XKxg2gGHgxc4UycqMD5FGa7uYSFQ2zLwyxszuhJdHzCrt2Vftn/I2cKvbwWDx rZrC/fVg+Oi0w3Iv7bpBCB35gtsrikduLOa+tl6T3/MuIuk60bsaLZn1G70L5KrqlsAx3Cbx URI0NyngLeoGVsPyqEsUFHX+85QTVjmEtjUvPtVBRi/c4zjSNoY4JuJQb85ll4CZFeQwZb5z I0sAQ0hj/85aXrOTCshy2vTLUy8kL0S2pTrfRX8i1ThW4Ojyb0AwUYjQUBWas51D/nmJ6POn H6lY9FwJ/THmwvg+zT9pdmIySl5A4Dz2wzTtaMFXo+fpkYBlLnh+hCCL4fWHMWY6cVwU6Ekc lShNXjP1Y4o2QzuZquGTYXGkbFHOKdTo5jXDtV8CckT9HNq4wRqTEEH0eDgn5gApT9aIWHC8 UEFEKVFVP9Z6mZk/MfKcUeZwkgyiCuM5Pszko8FUwiaWpHGLPR73PxlN5TvBQciXNUegYeuA NzYouuAqEQFwdANsYR53G+A8KCjNSprt0qxynw/wI0rYXmpVMg== Message-ID: <7dc02feb-41a0-37e2-3531-b3febfb5aeb8@gmail.com> Date: Wed, 17 Jun 2020 13:03:11 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:52.0) Gecko/20100101 PostboxApp/7.0.18 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US X-BeenThere: wireguard@lists.zx2c4.com X-Mailman-Version: 2.1.30rc1 Precedence: list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: wireguard-bounces@lists.zx2c4.com Sender: "WireGuard" Hi, Thanks for your feedback! Couldn't that issue be fixed by adapting the IF condition that has been changed in commit e24c9a9265af40781fa27b5de11dd5b78925c5be? I know it's not very practical to support/check this, plus it's not wireguard's fault, but that will likely cause trouble to other users too.= We could obviously wait a few weeks with a broken apt upgrade state until a new new kernel version is released and then switch to it, and remove the old ones, so then we will have an n-1 kernel -184 working and the new-new one as current. But that feels like a very unstable situation for our systems until then... Regards, Gregory Jason A. Donenfeld a =C3=A9crit le 17/06/2020 =C3=A0 10:13=C2=A0: > Hi Gregory, > > On Wed, Jun 17, 2020 at 2:01 AM Gregory ORIOL wrot= e: >> Since commit e24c9a9265af40781fa27b5de11dd5b78925c5be to >> wireguard-linux-compat with a fix for some Ubuntu versions, we are >> experiencing a problem with some older, but still LTS, versions of >> Ubuntu 16.04: older kernels 4.4.0-148, 4.4.0-166 fail to build with >> wireguard 1.0.20200611 >> >> So, any system running an (or still having an installed) "older" kerne= l >> and doing an apt upgrade to install wireguard 1.0.20200611 would fail >> during the wireguard dkms step, while trying to build wireguard for al= l >> the kernels available. >> >> The problem gets more problematic when a newer kernel 4.4.0-184 gets >> installed with the same apt upgrade: then, trying to downgrade wiregua= rd >> also fails; none of the 1.0.20200611 or 1.0.20200520 versions work >> anymore with this combination of old/new kernels... >> >> To recap : >> # wireguard 1.0.20200520 >> - ok with kernels 4.4.0-148, 4.4.0-166 >> - fails with kernel 4.4.0-184 >> # wireguard 1.0.20200611 >> - fails with kernels 4.4.0-148, 4.4.0-166 >> - ok with kernel 4.4.0-184 >> >> (nb: we see it now with -184 but it could have started with an earlier= >> version) >> >> We could partially fix this by manually getting each deb/src and doing= >> dkms install: >> dkms install wireguard/1.0.20200520 -k 4.4.0-148-generic >> dkms install wireguard/1.0.20200611 -k 4.4.0-184-generic >> ... >> But apt upgrade is still broken. >> >> While we could boot onto the newer kernel and remove the older ones to= >> get rid of the problem, this situation would prevent from having a >> "previous working" kernel on the system, which is not very safe. >> >> Could there be a fix for this made to wireguard-linux-compat for those= >> versions? > Unfortunately, I don't have a super good solution for you right now. > The wireguard-linux-compat repo is developed against the latest Ubuntu > kernels that they put out once every three weeks. You can see them > being tested at the bottom of > . The backport against > upstream mainline kernels is z-granular (for an x.y.z versioning > scheme), but Ubuntu's release cycle and versioning scheme is a bit too > chaotic to make it reasonable to try to manage all the differences > between their kernels every three weeks. So for distro kernels -- > Ubuntu, RHEL, Debian, etc -- we typically just develop against the > latest one, and try to make sure that we release it at the right time > so users aren't caught with no working version. This means, > unfortunately, that when there are badly breaking changes, like in > this last cycle, you have to uninstall the old kernels or mask them > from dkms, in order to get dkms to avoid building for them and only > building for the new kernel. There might be other more complicated > solutions that closely track version dependencies or do compile time > feature probing, but that comes with a maintenance burden far too > arduous for a distro frankenkernel. > > But there is hope! > > Canonical is adding WireGuard to 18.04 and 16.04, and this is coming > in two steps: > > Step 1) The wireguard-dkms and wireguard-tools packages will be added > to the package archives, so that you won't have to use the PPA. This > means that Canonical's kernel team will include wireguard-dkms in > their development tests, so that they won't accidentally ship kernels > with build breakage, like what you experienced last week. > > Step 2) The wireguard-dkms package will get built by Canonical, > signed, and shipped alongside the other modules, so that you won't > have to install wireguard-dkms, and it will just come out of the box > with the normal kernel updates. This is already the case with 20.04 > and 19.10. They're working on it now for 18.04, and I really really > hope to see that happen by the next cycle. And maybe if we ask apw > (CC'd) nicely, he'll even do it for 16.04 too. > > Regards, > Jason