* Issue, WireGuard on a PaX kernel
@ 2017-04-23 14:53 saeidscorp
2017-04-23 19:19 ` Samuel Holland
0 siblings, 1 reply; 4+ messages in thread
From: saeidscorp @ 2017-04-23 14:53 UTC (permalink / raw)
To: wireguard
[-- Attachment #1: Type: text/plain, Size: 715 bytes --]
Hi everybody,
I've been having troubles using WireGuard on Gentoo hardened/PaX kernel. I have set up WireGuard on regular kernels several times, but on a PaX kernel it causes the kernel to panic.
All steps of inetrface addition and configuration using wg tool work well, but as soon as the first packet goes through the interface, it crashes the whole system.
I tried adding wireguard to the kernel tree, both as built-in and as a module, enabled verbose messages in kconfig, but don't know where to actually look for its log output! (No evidence of wireguard messages in dmesg or syslog)
Could you please point me in the right direction?!
FYI, It's running inside a VMware VPS and PaX is using slow UDEREF.
Thanks.
[-- Attachment #2: Type: text/html, Size: 971 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Issue, WireGuard on a PaX kernel
2017-04-23 14:53 Issue, WireGuard on a PaX kernel saeidscorp
@ 2017-04-23 19:19 ` Samuel Holland
0 siblings, 0 replies; 4+ messages in thread
From: Samuel Holland @ 2017-04-23 19:19 UTC (permalink / raw)
To: saeidscorp, wireguard
Hello,
On 04/23/17 09:53, saeidscorp wrote:
> I've been having troubles using WireGuard on Gentoo hardened/PaX
> kernel. I have set up WireGuard on regular kernels several times, but
> on a PaX kernel it causes the kernel to panic.
>
> All steps of interface addition and configuration using wg tool work
> well, but as soon as the first packet goes through the interface, it
> crashes the whole system.
You didn't mention your kernel version, so I assume you're using the
latest stable hardened-sources. The panic is a known issue for 4.8,
caused by a combination of bugs in the upstream kernel and the
grsecurity patch. You can resolve it by either downgrading to 4.7 or
upgrading to 4.9.
See this thread[0] for more information.
Regards,
Samuel
[0] https://www.mail-archive.com/wireguard@lists.zx2c4.com/msg00385.html
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Issue, WireGuard on a PaX kernel
@ 2017-04-24 8:21 saeidscorp
0 siblings, 0 replies; 4+ messages in thread
From: saeidscorp @ 2017-04-24 8:21 UTC (permalink / raw)
To: Samuel Holland, wireguard
[-- Attachment #1: Type: text/plain, Size: 663 bytes --]
Sorry I didn't noticed your link. ):
-------- Original message --------From: saeidscorp <saeidscorp@yahoo.com> Date: 24/04/2017 12:31 (GMT+03:30) To: Samuel Holland <samuel@sholland.org>, wireguard@lists.zx2c4.com Subject: Re: Issue, WireGuard on a PaX kernel
Thanks for answering!
Yes, I was using the 4.8 hardened-sources. I tried both upgrading to 4.9 and downgrading to 4.7.Still the kernel panics.
However I copied my .config file from previous 4.8 kernel to these sources' install directories.Can you point me to related issues of Grsecurity patches causing the problem? I couldn't find the search capability in mailing list archives.
Thanks in advance.
[-- Attachment #2: Type: text/html, Size: 1113 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Issue, WireGuard on a PaX kernel
@ 2017-04-24 8:01 saeidscorp
0 siblings, 0 replies; 4+ messages in thread
From: saeidscorp @ 2017-04-24 8:01 UTC (permalink / raw)
To: Samuel Holland, wireguard
[-- Attachment #1: Type: text/plain, Size: 1452 bytes --]
Thanks for answering!
Yes, I was using the 4.8 hardened-sources. I tried both upgrading to 4.9 and downgrading to 4.7.Still the kernel panics.
However I copied my .config file from previous 4.8 kernel to these sources' install directories.Can you point me to related issues of Grsecurity patches causing the problem? I couldn't find the search capability in mailing list archives.
Thanks in advance.
-------- Original message --------From: Samuel Holland <samuel@sholland.org> Date: 23/04/2017 23:49 (GMT+03:30) To: saeidscorp <saeidscorp@yahoo.com>, wireguard@lists.zx2c4.com Subject: Re: Issue, WireGuard on a PaX kernel
Hello,
On 04/23/17 09:53, saeidscorp wrote:
> I've been having troubles using WireGuard on Gentoo hardened/PaX
> kernel. I have set up WireGuard on regular kernels several times, but
> on a PaX kernel it causes the kernel to panic.
>
> All steps of interface addition and configuration using wg tool work
> well, but as soon as the first packet goes through the interface, it
> crashes the whole system.
You didn't mention your kernel version, so I assume you're using the
latest stable hardened-sources. The panic is a known issue for 4.8,
caused by a combination of bugs in the upstream kernel and the
grsecurity patch. You can resolve it by either downgrading to 4.7 or
upgrading to 4.9.
See this thread[0] for more information.
Regards,
Samuel
[0] https://www.mail-archive.com/wireguard@lists.zx2c4.com/msg00385.html
[-- Attachment #2: Type: text/html, Size: 1978 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-04-24 8:13 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-23 14:53 Issue, WireGuard on a PaX kernel saeidscorp
2017-04-23 19:19 ` Samuel Holland
2017-04-24 8:01 saeidscorp
2017-04-24 8:21 saeidscorp
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).