Re: [qubes-users] Re: Unable to get network adapter working

2019-06-28 Thread Chris
> Do remember to run backups, though. EXT3 on thin LVM is not
> as resilient as NTFS, for example.

Thanks for the reminder!

> For a canonical answer, you might try the qubes-devel mailing list since
> they get more in-depth.

Will try to ask over there.

Thanks much!
Case closed

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f90b3ad-af50-4913-83cb-7d444a0ba9d0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Unable to get network adapter working

2019-06-28 Thread 'awokd' via qubes-users
Chris:
>> I will do a fresh install and confirm again that disabling msi does the 
>> trick.
> 
> Confirmed. I tweaked the command a bit because it removed the default kernel 
> options.

Depending on hardware, getting Qubes up and running can sometimes be the
hardest part of using it. In comparison, the rest should be smooth
sailing. :) Do remember to run backups, though. EXT3 on thin LVM is not
as resilient as NTFS, for example.

>> qvm-prefs sys-net kernelopts "nopat iommu=soft swiotlb=8192 pci=nomsi"
> 
> Any idea if this would introduce any security vulnerabilities?
> 
I've looked at the Xen/Qubes PCI virtualization code when
troubleshooting a similar issue with interrupts on one of my systems.
IIRC, MSI and standard interrupts get handled the same way and processed
through the same code base, so I don't see any difference in exposure.
For a canonical answer, you might try the qubes-devel mailing list since
they get more in-depth.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3826c678-f998-1a7d-f0ee-b8a75243cf98%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Unable to get network adapter working

2019-06-28 Thread Chris
> I will do a fresh install and confirm again that disabling msi does the trick.

Confirmed. I tweaked the command a bit because it removed the default kernel 
options.

> qvm-prefs sys-net kernelopts "nopat iommu=soft swiotlb=8192 pci=nomsi"

Any idea if this would introduce any security vulnerabilities?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ddc16187-b4b6-4b21-96cc-620cb523a6c4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Unable to get network adapter working

2019-06-27 Thread Chris
> You fooled me with the cogent problem description and troubleshooting
> approach.

(~_^) I am a professional Googler and I might have found a solution.

Rmb the dmesg logs above where qubes show
[ 4.742826] igb :00:06.0: Using MSI interrupts. 1 rx queue(s), 1 tx queue(s)

while Ubuntu show
[13.700337] igb :01:00.0: Using MSI interrupts. 2 rx queue(s), 2 tx queue(s)

Apparently since 2013, the Intel note for igb drivers contains a 
troubleshooting section. The latest note:

> Some systems have trouble supporting MSI and/or MSI-X interrupts. If your
> system needs to disable this style of interrupt, the driver can be built and
> installed with the command:
> make CFLAGS_EXTRA=-DDISABLE_PCI_MSI install

> Normally the driver will generate an interrupt every two seconds. If you're no
> longer getting interrupts in cat /proc/interrupts for the ethX igb device,
> then this workaround may be necessary.

Couldn't figure out how to build the drivers (no network to install kernel 
headers) so more Googling pointed to a kernel option to disable msi.

I used to command 'qvm-prefs sys-net kernelopts "pci=nomsi"' in dom0 and 
rebooted sys-net. Lo and behold, the interface has gotten an IP address!!! Ping 
is good and so far no network drop.

Kinda lost track of how many changes I have made so I will do a fresh install 
and confirm again that disabling msi does the trick.

> I'd find new
> hardware if it was me.

I would have did that if Qubes had some certified hardware. But I also wanted 
something small just for secure work and leave my larger desktop PC for more 
resource intensive apps and Windows stuff. This thing is literally the size of 
my hand.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac02804f-b0df-42c3-8514-b98428d566a0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Unable to get network adapter working

2019-06-27 Thread 'awokd' via qubes-users

Jon deps:

On 6/27/19 1:10 AM, Chris wrote:



I tried the Debian template but it still doesn't work. Same symptoms


https://www.qubes-os.org/doc/pci-devices/#pci-passthrough-issues attach
options.


I need some help here. Couldn't find the configuration file mentioned 
(/var/lib/qubes/servicevms/ is empty) to insert pci_permissive=1. I am 
not very good with Linux.


You fooled me with the cogent problem description and troubleshooting 
approach. There's no config. file. Look below "Additional Attach 
Options" in the link I sent. Use qvm-pci options when you re-attach your 
NIC to sys-net. However:


I'd find new 
hardware if it was me.


With the additional info you provided in your other reply of the NIC 
repeatedly resetting even without sys-net running, I second this. Single 
port NICs are cheap. If you still want to troubleshoot further, check 
journalctl and xl dmesg in a dom0 terminal to hopefully see why it's 
resetting.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/86cc5112-1307-e930-73a1-f666ff5fc42a%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Unable to get network adapter working

2019-06-26 Thread Jon deps

On 6/27/19 1:10 AM, Chris wrote:

Quickest thing to try is to switch sys-net's template to Debian. Also,
experiment with


I tried the Debian template but it still doesn't work. Same symptoms


https://www.qubes-os.org/doc/pci-devices/#pci-passthrough-issues attach
options.


I need some help here. Couldn't find the configuration file mentioned 
(/var/lib/qubes/servicevms/ is empty) to insert pci_permissive=1. I am not very 
good with Linux.




fedora-30 is the newer qubes template , maybe it will have some support 
for your device, that older OS doesn't , seems logical to me


in dom0:

$ sudo qubes-dom0-update qubes-template-fedora-30


IMO: you shouldn't have to get into the  config files,  I'd find new 
hardware if it was me.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d8bf8265-9fe7-ee69-a3db-7c7c6da38894%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Unable to get network adapter working

2019-06-26 Thread Chris
> I don't think you said  which template you are using for sys-net  did you?

The default was Fedora-29.

And some observations..

When I shutdown sys-net, the physical LED of the network adapter is still going 
through the blinking and off cycle. This probably means that it has nothing to 
do with the vm but with xen itself.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/79f13cca-c707-4437-82f6-23344126c5e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Unable to get network adapter working

2019-06-26 Thread Jon deps

On 6/26/19 1:33 PM, Chris Laprise wrote:

On 6/26/19 7:56 AM, 'awokd' via qubes-users wrote:

Chris:

Hi all!


Welcome!


Successfully booted into Qubes but couldn't get network working.

1. Physically, port LEDs go off and start blinking after awhile. 
Keeps repeating.

2. Network icon on top right is red and shows 'loading animation'
3. Network adapter can negotiate speed and duplex but cannot get IP 
address from DHCP server
4. Changing of network cable and connecting to another switch gives 
the same results

5. dmesg shows adapter in reset cycle
6. Network adapter works perfect when boot into Live Ubuntu using 
same hardware


Quickest thing to try is to switch sys-net's template to Debian. Also, 
experiment with 
https://www.qubes-os.org/doc/pci-devices/#pci-passthrough-issues 
attach options.




Debian can be a good sys-net distro, but unfortunately the template 
doesn't have all the wifi drivers pre-installed... I have to manually 
install 'firmware-iwlwifi' to get Intel cards working.




I don't think you said  which template you are using for sys-net  did you?

IMO  use Fedora-30   as last I checked using Debian-9  is likely to mess 
up your dom0 clock , which matters for updates


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/59829b75-3f4d-e297-338c-ad4b0f069d8f%40riseup.net.
For more options, visit https://groups.google.com/d/optout.