Re: [qubes-users] Re: [PATCH v5.10] drm/i915/userptr: detect un-GUP-able pages early
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 1/31/21 10:28 AM, donoban wrote: > On 1/29/21 4:35 PM, Jinoh Kang wrote: >> You can collect panic and oops logs with a kernel that has >> CONFIG_EFI_VARS_PSTORE enabled. If you don't already have one, you may >> build qubes-linux-kernel via qubes-builder with the following line >> added to `config-qubes`: >> >> CONFIG_EFI_VARS_PSTORE=y >> >> After booting the kernel, subsequent panic and oops will be recorded >> in EFI variables, which will then appear as /sys/fs/pstore/dmesg-efi-* >> at the next boot. Also note that the logs may be split into multiple >> parts that are numbered in a reversed order. For more information, see >> https://www.kernel.org/doc/html/latest/admin-guide/pstore-blk.html > > Hi, after booting again 5.10.8 kernel (with 5.10.11 I can't start any VM > but I think Marek is already aware) I can see the dmesg-efi "files". > > Here is the concatenation of all files (probably in reverse or wrong order): > blob:https://share.riseup.net/3360675c-292f-4114-a109-c410e2518295 > That's a wrong URL (blob:). Maybe copy it again? - -- Sincerely, Jinoh Kang -BEGIN PGP SIGNATURE- iQJMBAEBCAA2FiEEzGktrvc/U3kFXd9AGlqQRGyEq/UFAmAXX6kYHGppbm9oLmth bmcua3JAZ21haWwuY29tAAoJEBpakERshKv17/cQAJT4RXGKz/Ag8fTsmPA7/ha0 cN31JpPBHuKHV2+jq/Yf7lAKMnufNnAjw8tq7lC/JYISnElmZgppQtSH1nRepqZZ r67ZPY9L4cP3uWIVqd5usVDK6MvfEv6JWVCA0cEzI9fW0VIjwYRX800XYnw5ae5N PSF5T3DphIH8hwpBNcD9VswJYn9CJsrwlsdRDLudKmRpRqCFTIPqx319kApZvIK9 FrILahkLH70wibcu/74gYz8rOi1+cmn1B682HGpgkbxah5VdgoJ5vsb3ubbtXmL7 V7RsgDiueQSc2WnlZR+Jvh3nOKKKSGeAvzV0Wx7J3NxwqDbEHVSTn9sd3S5tjz2O hdQ4ck7gA5RcDDoGqBwA5vsV4Okk8/6heTskl52aW4YTFmziuwAivyceDQa4Qs6/ cIQXhHa8YHd1DdALRx4JmUeef1t3uGEeYp0nT+fLYHDAlbOJd/2/rXQvy/0JMR28 xAP6kj8wOwErJKhVci1kW5tPjoO3qio2yBO2klQ5bQ8cCIYeI0LeJsuFDIbm8kB3 xUpHcxcCirm3ReQ2uR2PfIgXVqNqUye478iAbGsTSe7tOCXPJODbMhXNHNZe+zKP opWyNN6RVr4IvMx3PCoo4VE1paky+h+n7r79T8lAiAAFKCwEMCk+0SA9sWDpG/R7 SNmQAkqW6Hb1eRfO9XYk =XlUF -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2f6c6fe0-3ed4-bde2-3fad-2f17c39b2b8e%40gmail.com.
Re: [qubes-users] Re: VT-d on XPS 9310
Ok, my BIOS wasn't updated. That solved the VT-d problem. Everything seems to work aside of wifi. I have a Killer AX500, which is currently supported only in kernel 5.10+. For what I understand, in Qubes Fedora comes with Kernel 5.4.something at the moment. I've found some tutorials to update a generic Fedora kernel to 5.10, but I suppose the kernel I'm running now is customized to be ran within a qubes environment. If I try to compile and update sys-net to kernel 5.10 how likely it is that I'll make a mess? Fab On Sunday, January 31, 2021 at 9:05:07 PM UTC+1 awokd wrote: > donoban: > > On 1/31/21 6:26 PM, Fabrizio Romano Genovese wrote: > >> Ok, I found something: Running `xl dmesg` there's a line that says: > >> (XEN) Failed to parse ACPI DMAR. Disabling VT-d. > > > > I only think to try updating BIOS or using Qubes R4.1 which has newer > > Xen version (although is pretty unstable yet). It will help to know if a > > newer Xen version runs ok. > > > Try donoban's suggestions for sure, but if that still doesn't help you > might get more pointers in the log from messages just prior to the one > quoted above. Disabling onboard/PCIe devices such as USB > controllers/network cards might let you work around the problem as well. > > -- > - don't top post > Mailing list etiquette: > - trim quoted reply to only relevant portions > - when possible, copy and paste text instead of screenshots > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/78d15468-9d35-408f-8f29-9db18ef3f000n%40googlegroups.com.
[qubes-users] How to forward UPnP/1900 multicast to AppVM?
I have a service on LAN multicasting UPnP, port 1900. Other devices on LAN discover the service without problems. My AppVM does not detect it. Packets from the server looks like "protocol: UDP, port: 1900, source ip: $SERVER_LAN-IP, destination ip: 239.255.255.250" How do I make the UPnP multicast reach an AppVM, i.e. how do I forward the traffic on port 1900 to the relevant VM? I have played around with https://www.qubes-os.org/doc/firewall/#port-forwarding-to-a-qube-from-the-outside-world but without success. I am not completely new to IPTABLES, but somehow I lost a point somewhere. When should I use 239.255.255.250 as destination in iptables commands and should I use the IP of sys-firewall/app-vm. (this is quite a replica of https://groups.google.com/g/qubes-users/c/BrbVe6s0aqE/m/ZsGKsMruCAAJ that didn't receive a follow-up answer) Best regards, Jo -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4f82341a5b0249a9d70b46afe9fc2b68%40riseup.net.
Re: [qubes-users] Re: VT-d on XPS 9310
donoban: On 1/31/21 6:26 PM, Fabrizio Romano Genovese wrote: Ok, I found something: Running `xl dmesg` there's a line that says: (XEN) Failed to parse ACPI DMAR. Disabling VT-d. I only think to try updating BIOS or using Qubes R4.1 which has newer Xen version (although is pretty unstable yet). It will help to know if a newer Xen version runs ok. Try donoban's suggestions for sure, but if that still doesn't help you might get more pointers in the log from messages just prior to the one quoted above. Disabling onboard/PCIe devices such as USB controllers/network cards might let you work around the problem as well. -- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/358b9be3-110f-eb9d-0090-e6b4c7fce3f6%40danwin1210.me.
Re: [qubes-users] Re: VT-d on XPS 9310
On 1/31/21 6:26 PM, Fabrizio Romano Genovese wrote: > Ok, I found something: Running `xl dmesg` there's a line that says: > (XEN) Failed to parse ACPI DMAR. Disabling VT-d. I only think to try updating BIOS or using Qubes R4.1 which has newer Xen version (although is pretty unstable yet). It will help to know if a newer Xen version runs ok. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d6d7e75-165e-80fc-c0cf-5d972df84eb9%40riseup.net. OpenPGP_signature Description: OpenPGP digital signature
[qubes-users] Re: VT-d on XPS 9310
Ok, I found something: Running `xl dmesg` there's a line that says: (XEN) Failed to parse ACPI DMAR. Disabling VT-d. The output of `dmesg` looks very technical and is unreadable to me if I don't know what I'm looking for. ...I guess VT-x is enabled as well. In bios I have only the options to enable VT and VT-d. I guess the former refers to VT-x? Fab On Sunday, January 31, 2021 at 5:46:30 PM UTC+1 qubesth...@gmail.com wrote: > > Probably a dumb question, but is VT-x also enabled? > On Sunday, January 31, 2021 at 10:16:38 AM UTC-6 Fabrizio Romano Genovese > wrote: > >> >> Hello all, >> >> My problem is quite simple: I tried to install qubes 4.0.4-rc2. During >> the installation procedure, it says that I don't have IOMMU/VT-d. >> Accordingly, I cannot even start sys-net once the installation completes >> because of lack of VT-d. >> The problem is that my computer supports VT-d (CPU is intel i7 1165G7). >> VT-d is moreover enabled in my bios. Any clue about what the problem could >> be? >> >> Fab >> > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a008af07-9a1a-4d13-9180-638bc03bad45n%40googlegroups.com.
[qubes-users] Re: VT-d on XPS 9310
Probably a dumb question, but is VT-x also enabled? On Sunday, January 31, 2021 at 10:16:38 AM UTC-6 Fabrizio Romano Genovese wrote: > > Hello all, > > My problem is quite simple: I tried to install qubes 4.0.4-rc2. During the > installation procedure, it says that I don't have IOMMU/VT-d. Accordingly, > I cannot even start sys-net once the installation completes because of lack > of VT-d. > The problem is that my computer supports VT-d (CPU is intel i7 1165G7). > VT-d is moreover enabled in my bios. Any clue about what the problem could > be? > > Fab > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f2b4c00c-5326-4516-9566-db1df2803366n%40googlegroups.com.
Re: [qubes-users] VT-d on XPS 9310
On 1/31/21 5:37 PM, donoban wrote: > Maybe dom0 'dmesg' and 'xml dmesg' help. Also try to upgrade your BIOS. Wops, I meant 'xl dmesg'. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9f2ff95f-b056-5f00-adf4-98ffdff6cf8b%40riseup.net. OpenPGP_signature Description: OpenPGP digital signature
Re: [qubes-users] VT-d on XPS 9310
On 1/31/21 5:16 PM, Fabrizio Romano Genovese wrote: > > Hello all, > > My problem is quite simple: I tried to install qubes 4.0.4-rc2. During > the installation procedure, it says that I don't have IOMMU/VT-d. > Accordingly, I cannot even start sys-net once the installation completes > because of lack of VT-d. > The problem is that my computer supports VT-d (CPU is intel i7 1165G7). > VT-d is moreover enabled in my bios. Any clue about what the problem > could be? > > Fab > Maybe dom0 'dmesg' and 'xml dmesg' help. Also try to upgrade your BIOS. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6cc31997-e085-0a72-53e1-c030361f3347%40riseup.net. OpenPGP_signature Description: OpenPGP digital signature
[qubes-users] VT-d on XPS 9310
Hello all, My problem is quite simple: I tried to install qubes 4.0.4-rc2. During the installation procedure, it says that I don't have IOMMU/VT-d. Accordingly, I cannot even start sys-net once the installation completes because of lack of VT-d. The problem is that my computer supports VT-d (CPU is intel i7 1165G7). VT-d is moreover enabled in my bios. Any clue about what the problem could be? Fab -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f1120e83-96c2-4acc-82ac-34bee3c9b6abn%40googlegroups.com.
Re: [qubes-users] cryptsetup concerns
On Sun, Jan 31, 2021 at 09:07:07AM -0600, Mason wrote:
> Hi,
>
> Anyone know why cryptsetup isn't updated to 2.3? I asked Andrew, and it
> appears that Qubes 4.1 is using 1.7..5 cryptsetup.. 2.2 cryptsetup has a
> vulnerability in it.
> https://nvd.nist.gov/vuln/detail/CVE-2020-14382#match-5995976 .
>
> https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions
> Though, since 1.7 the default hash is SHA256 ("LUKS1 used SHA1 (since
> version 1.7.0 it uses SHA256)".
>
> Andrew suggested I post this in the mailing list.
>
> Thanks,
> Mason
>
I think you are wrong here - 4.1 will use Fedora 32 in dom0, and that
*will* have cryptsetup-2.3.4-1.fc32.(Available as security update in
32 since Sept 2020)
Qubes 4.0 which uses Fedora 25 in dom0 does have the older version.
In any case, this will only bite, I think, if you allow an attacker
to attach a crafted image to dom0 - in that case you are hosed in any
case imo.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20210131153452.GB572%40thirdeyesecurity.org.
Re: [qubes-users] Re: Someone should port this RDP Windows windower thing for Qubes
Some Reddit users are claiming RDP is working perfectly for them in Qubes: https://www.reddit.com/r/Qubes/comments/l1myt8/how_good_is_windows_vm_performance/gk1e15i?utm_source=share&utm_medium=web2x&context=3 On Tuesday, December 8, 2020 at 5:52:42 AM UTC-6 evado...@gmail.com wrote: > :-( thanks for your research anyway > >> Chances we get seamless windows apps anytime soon are slim. >> > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bff21311-8f15-4fef-859b-ac22bb356de4n%40googlegroups.com.
[qubes-users] cryptsetup concerns
Hi,
Anyone know why cryptsetup isn't updated to 2.3? I asked Andrew, and it
appears that Qubes 4.1 is using 1.7..5 cryptsetup.. 2.2 cryptsetup has a
vulnerability in it.
https://nvd.nist.gov/vuln/detail/CVE-2020-14382#match-5995976 .
https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions
Though, since 1.7 the default hash is SHA256 ("LUKS1 used SHA1 (since
version 1.7.0 it uses SHA256)".
Andrew suggested I post this in the mailing list.
Thanks,
Mason
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/CAOebxSS%3Dh%2B6kfpxiHSYfoWoFUQ3nZv7ZbqytizKYUPDJ1vRKnw%40mail.gmail.com.
SOLVED. Re: Aw: Re: [qubes-users] HELP! after update dom0 "no bootable device found"
It seems it ignores your mountpoint, you pass directly the hard disk and EFI partition number (which should be the first) so in: efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d /dev/sda -p 1 "placeholder /mapbs /noexitboot" You only have to worry about /dev/sda - Thank you very much Donoban. I tried: root@debian:~# efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d /dev/nvme0n1 -p 1 "placeholder /mapbs /noexitboot" efibootmgr: ** Warning ** : Boot0002 has same label Qubes BootCurrent: 0001 Timeout: 0 seconds BootOrder: ,0001 Boot0001* UEFI: KingstonDataTraveler 2.0PMAP, Partition 1 PciRoot(0x0)/Pci(0x14,0x0)/USB(8,0)/HD(1,MBR,0x51f9fa69,0x630,0x1700) Boot0002* Qubes HD(1,GPT,13cfa870-22a0-4035-8a48-d3cb09dcfb92,0x800,0x64000)/File(\EFI\qubes\xen.efi)placeholder /mapbs /noexitboot Boot0006* CD/DVD/CD-RW Drive BBS(CDROM,CD/DVD/CD-RW Drive,0x0) Boot0007* Onboard NIC BBS(Network,IBA CL Slot 00FE v0112,0x0) Boot* Qubes HD(1,GPT,13cfa870-22a0-4035-8a48-d3cb09dcfb92,0x800,0x64000)/File(\EFI\qubes\xen.efi)placeholder /mapbs /noexitboot what you see is that Qubes was still in the UEFI "line" now at position 0002. I will have to try a reboot - don't like it, because it is a pain in the neck to re-install wireless on debian; I hope that I downloaded all packages I need on /boot of my life system ... otherwise I will become silent for a while! Cheers I tried a reboot after an extra-emergeny backup (luks-by-hand training:) and your efibootmgr command worked. qubes is back! Thank you so much. Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d127edb5-6ecc-e4cf-814d-dbf602c30907%40web.de.
[qubes-users] Wifi driver needs to be blacklisted to be reloaded on suspend/resume since one of the last updates
Hi all, After one of the recent updates (in January 2021 maybe?), after resuming from suspend the wifi is not reconnected as it previously were. This was also seen by somebody else in below (invalid) bug report: https://github.com/QubesOS/qubes-issues/issues/6370 I just want to mention that the proposed solution is working for me: https://www.qubes-os.org/doc/suspend-resume-troubleshooting/#drivers-do-not-reload-automatically-on-suspendresume Putting "iwlwifi" in /rw/config/suspend-module-blacklist of sys-net resolved the issue. Cheers, Markus -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/825615c7-de17-8600-dbfe-7ee2c884e7f1%40xn--kils-soa.se.
Re: [qubes-users] Re: [PATCH v5.10] drm/i915/userptr: detect un-GUP-able pages early
On 1/29/21 4:35 PM, Jinoh Kang wrote: > You can collect panic and oops logs with a kernel that has > CONFIG_EFI_VARS_PSTORE enabled. If you don't already have one, you may > build qubes-linux-kernel via qubes-builder with the following line > added to `config-qubes`: > > CONFIG_EFI_VARS_PSTORE=y > > After booting the kernel, subsequent panic and oops will be recorded > in EFI variables, which will then appear as /sys/fs/pstore/dmesg-efi-* > at the next boot. Also note that the logs may be split into multiple > parts that are numbered in a reversed order. For more information, see > https://www.kernel.org/doc/html/latest/admin-guide/pstore-blk.html Hi, after booting again 5.10.8 kernel (with 5.10.11 I can't start any VM but I think Marek is already aware) I can see the dmesg-efi "files". Here is the concatenation of all files (probably in reverse or wrong order): blob:https://share.riseup.net/3360675c-292f-4114-a109-c410e2518295 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d2e2e8b-d1e0-7d56-6948-9de7c363dc54%40riseup.net. OpenPGP_signature Description: OpenPGP digital signature
[qubes-users] Audio / Video in Q4 Windows 10 HVM via USB possible?
Hello, I have installed Windows 10 Pro in a Qubes 4 HVM and was very satisfied, that the Installation was very easy (compared to the hazzle I had ~ 2 years ago). I just followed the "official" Qubes documentation and was also able to get Qubes Windows Tools running. Working for an IT solution provider and because of the Covid-19 situation I need Audio within Windows. Because it is not possible to pass USB devices via sys-usb to the Windows HVM, what are best practises to do so? My ideas so far: 1) buy a PCMCIA Express USB card and pass it over to the Windows Qube 2) pass the internal USB Controller (PCI device) to the Windows Qube (which would also remove some other internal devices from sys-usb) I could then connect my USB Headset to USB ports which are terminated in the Windows Qubes. Has anyone being able to get Audio working and are there any other approach doing this? Unified Communication/Audio is the only reason why I am not using Qubes as my main OS for business use. Regards -799 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2uSavSqbU7tWCn34ZLtRu8Jhq-Vx2GhvVycqH%3Dnti2CyQ%40mail.gmail.com.
