[00:00] vps doesnt [00:00] lets see, enrico, are you areound? [00:00] app-103:~# vserver dnscache1 stop [00:00] Stopping the virtual server dnscache1 [00:00] Error: /proc must be mounted [00:00] To mount /proc at boot you need an /etc/fstab line like: [00:00] /proc /proc proc defaults [00:00] In the meantime, mount /proc /proc -t proc [00:00] Server dnscache1 is not running [00:01] Action: Bertl prods enrico ... [00:03] hmm, seems he's not here atm ... [00:03] what does the vserver enter do? [00:05] Bert, is there any documentation on using per context quotas? (q0.12, cq-tools-0.06) [00:06] yes, there is, but it's not up to date .. [00:06] Bertl: hm maybe it's a packaging issue because i had vserver installed before i tried enricos [00:06] *cleaning* [00:06] WSU: do you want to use shared partition quota or just quota on separate partitions? [00:07] shared partition [00:08] disk limits too, or just quota? [00:08] Tamama (Pluh@a62-216-20-152.adsl.cistron.nl) joined #vserver. [00:08] oy [00:09] hey, that was fast! [00:09] well i had to put in some extra memory and reroute some wires.. heh [00:09] WSU: if you are now thinking: heck what's the difference? I can explain ;) [00:10] hmm, I will tell you what I want, you tell me what I need. I have one partition with all the vservers in /vservers [00:10] I want to be able to limit how large those can grow [00:10] looks familiar [00:10] yeah, that is called 'per context disk limits' [00:11] because it limits the (virtual) disk size ... [00:11] I really don't care about quotas for individual users in the vservrs [00:11] ok [00:11] that's it [00:11] http://vserver.13thfloor.at/Linux2.6/index.php?page=Per+Context+Disk+Limits [00:11] basically this is how to do it .. it's a little outdated .. but it should work [00:13] Do I have to have a seperate partition for /vservers or can I mount my system partition with the tagctx option? [00:13] Bertl: http://www.codernaut.org/problem1.txt [00:13] WSU: you can, but it will render your vserver setup useless in a few minutes after starting the vservers [00:14] -k- [00:15] ensc (~ircensc@ultra.csn.tu-chemnitz.de) left irc: Ping timeout: 492 seconds [00:15] the reason is simple, the current script writes from within a context into the /var/run/vserver .. directories, which get changed to that context if tagging is enabled ... [00:15] and I would not suggest to have only one partition on a server anyways ... [00:16] Yep [00:16] hm [00:16] ensc (~ircensc@ultra.csn.tu-chemnitz.de) joined #vserver. [00:16] hi ensc :) [00:16] This is my test machine [00:16] so I will rebuild :-) [00:16] good setup includes /, /usr, /var (tmp), /vservers [00:16] you can resize and add a new vserver partition ... [00:17] thanks [00:17] rmoriz: ahh okay, you are testing the patch, right? [00:18] the 1.2.2.2 patch? [00:19] no [00:19] 1.3.x.x [00:19] my config is on that problem1.txt [00:19] => bottom [00:19] hmm, okay what does chcontext --ctx 100 ls /proc return? [00:20] app-103:/# chcontext --ctx 100 ls /proc [00:20] New security context is 100 [00:20] 1 5992 self [00:20] app-103:/# [00:20] yes, that is the proc fix, good, okay .. [00:21] which pretty much explains why your vserver start doesn't work ;) [00:21] so this is a fix that disables nearly all procfs things until there is time for a real fix? [00:21] nope, that _is_ the real fix! [00:21] we just have to find _all_ proc entries _required_ in a vserver ... [00:22] and that is where you (can) help ... [00:22] how? :) [00:22] straceing? [00:22] for example ... [00:23] when I know what entries you need, I'll add them to the default setup ... [00:23] is there a way for me to add them myself? (just to play around) [00:24] well, yes, but you have to modify the kernel, atm ... [00:24] but if you give me a few minutes, I'll add an userspace interface ... [00:28] Bertl, hmm box just went down good and quick with just killer [00:28] open("/proc/cpuinfo", O_RDONLY) = -1 ENOENT (No such file or directory) [00:28] open("/proc/uptime", O_RDONLY) = -1 ENOENT (No such file or directory) [00:28] for "ps aux" inside ctx [00:29] :) [00:29] yay berts patch is working :) [00:29] nathan_: that's bad, 1.22 + fix? [00:29] Bertl, nod [00:29] Bertl, didnt even get a chance to stress proc before it was dead [00:29] hmm, any oops? [00:29] Bertl, i was confident that it was going to work so i didnt bother with netconsole :) [00:29] rebooting now :) [00:29] damn confidence [00:30] well, I must have missed something, because killer should not take it down ... [00:30] Bertl, this killer also attacked the ipv4root [00:30] is it something there? [00:30] hmm could be, didn't care about that ... actually ... [00:31] then we may have pinpointed the problem :) [00:31] heh [00:31] hmm, let's not jump to conclusions right now ... [00:31] yea im waiting for it to reboot [00:31] i'm booting now with patched kernel [00:33] Tamama: what is the issue with your networking on boot? [00:34] hmm box isnt coming back [00:39] hmm, didnt you raise the timeout to something high last time? [00:40] hmm but i thought i did that by hand [00:41] its back, had it manually rebooted [00:41] panic=10 [00:41] Action: nathan_ shrugs [00:41] wasnt responding to pings either [00:41] hmm, so probably no panic then ... [00:41] could be a 'simple' solid lock ;) [00:41] yay :) [00:41] maybe even a deadly embrace 8-) [00:42] let me try just hitting the ctx and no ip for now [00:42] yes, please do that ... [00:53] damn [00:53] box got blown away just building the kernel [00:53] while running 1.22+fix [00:53] Action: nathan_ scratches head [00:53] NMI watchdog caught it [00:53] <4>kernel BUG at /usr/src/berttry/linux-2.4.24/include/asm/s NMI Watchdog detected LOCKUP on CPU3, eip c010acc0, registers: [00:54] okay ksymoops? [00:54] hang on im rebuilding it with -g [00:54] the last build was kinda mangled [01:00] hm [01:03] i think net on reboot might have something to do with the gigabit port.. putting it on eth1 (10/100 mbit) [01:05] mmm gigabit [01:05] i was at staples yesterday and 1000 cards are only like $40 now [01:06] its onboard :D [01:06] but too bad that wasnt the problem [01:07] it's like it forgets to boot rc.inet1 heh [01:08] hm no.. seems to have a . in the config file all of a sudden [01:11] or hm.. guess they are supposed to be there.. [01:11] weird [01:11] what does : . /some/program do in a shell script? [01:11] source it ... [01:11] read and execute ... [01:12] source it? [01:12] well that is what it does ... [01:12] . is equal to source [01:12] Tamama, current shells parses it and runs it as opposed to executing a new shell to run it. [01:12] vat (~vat@pD9E3712F.dip0.t-ipconnect.de) joined #vserver. [01:12] re. [01:12] ok [01:12] :) [01:12] hm, herb? click? [01:13] !click, herb! [01:13] :P [01:13] is it possible that there is a definition of max processes in a vserver of 256? [01:13] Tamama, /some/program would create a new pid/shell to run it in, source /some/program or . /some/program just asks the shell to parse it in the current env :) [01:13] if that makes sense [01:13] so more efficient (and keeps environmental changes) [01:14] better to say - if they are more then f.e. 256 processes, vserver got a fork: resource temp. unavailable. [01:14] can this have to do this that? [01:14] Tamama, yep [01:14] what patches do you use? [01:15] let me have a look at the output from http://vserver.13thfloor.at/Stuff/testme.sh [01:15] Action: johnny needs a good patchset for 2.4 or 2.6 .. [01:16] hmm didn't I suggest the patchset on my page, well and you can use ck1 too for experimental ... [01:17] strange.. [01:17] Bertl, isnt dying with just killer right now [01:17] no ipv4root [01:17] i want a real patchset .. [01:17] not just this [01:17] /etc/rc.d/rc.inet1 should be called.. but isnt [01:18] nathan_: kay, didn't attack ipv4root stuff in 1.2.2.2 [01:18] Bertl, ok but i havent hit proc yet, gonna try now. [01:18] but 1.3.4.2 should address ipv4 too ... [01:19] how experimental are the patches for 2.6 ? [01:19] NMI Watchdog detected LOCKUP on CPU0, eip c010832c, registers: [01:20] got a partial oops [01:20] hmm, okay, so I probably missied something (a lock is held) [01:21] did you enable spinlock debugging? [01:21] hmm i think it was enabled, ill check when the box is back [01:21] Bertl, will it break ? [01:22] hmm, guess they won't break, they 'jsut' won't work in some aspects ... [01:22] that's how experimental they are? [01:22] hm.. in what log are the boot messages supposed to be (containing the output from the startup scripts...) [01:22] Bert, what does [201]# failed. mean in your testme? [01:23] Tamama: /var/log/boot.log ;) [01:23] doesnt exist [01:23] WSU: that means that fakeinit is broken with static contexts ... [01:23] /var/log/messages ends right after the gigabit driver did something [01:23] heh [01:23] no!!! [01:23] uggh [01:23] WSU (it is broken on all stable versions) [01:23] Bertl, normail for 1.22, right? [01:24] -k- [01:24] sigh manual reboot again [01:25] hmm, maybe you should disable the nmi again? [01:25] obviously the nmi watchdog _is_ broken ... [01:26] what aspects wont they work in Bertl? [01:27] well, latest patches lack some virtualization (like the hostname), the reboot and vroot stuff as well as the iunlink things ... ah and context quota/disk limits arent ported yet ... [01:28] vat (~vat@pD9E3712F.dip0.t-ipconnect.de) left irc: Quit: Leaving [01:31] well that sucks.. [01:31] the first part is the worst :( [01:32] well, get your favorite editor up and running, and start porting?! [01:32] open your wallet or your brain =) [01:33] porting... yeah right... like i know any C>.. [01:33] well _that_ sucks! ;) [01:33] there are some really great books out there [01:39] rmoriz: still with us? [01:40] just updated from 2.4.22-c17f to 2.4.24-vs1.22 now one vserver refuses to start... Can't set the ipv4 root (Unknown error 4294967274) [01:40] what tools? what config? [01:40] util-vserver 0.26 [01:40] http://vserver.13thfloor.at/Stuff/testme.sh [01:41] (does this return success for everything except 201) [01:41] yes [01:42] the vserver has 16 ips, may that cause this problem? [01:42] i remember some setting in a header file [01:42] but iirc 16 was the default limit [01:42] hmm, 16 .. that's quite a lot ... [01:43] try to reduce to 15 just for a test ... [01:44] works [01:44] Action: Doener could have tried this on his own... [01:45] hm i just noticed something [01:45] my last boot.log was from before the patched kernel [01:46] afterwards, no boot.log [01:48] Doener: well, if it worked on c17f (unpatched) it's a regression, if you editited the kernel, well it's your fault ;) [01:50] i don't remember any editing, but i'll have a look if you could refresh my memory about the header file that defines the limit for the number of ips assigned to a single vserver [01:50] for c17f I guess, right? [01:50] yes [01:51] /usr/src/linux-2.4.22-c17f/include/linux/sched.h:#define NB_IPV4ROOT16 [01:51] /usr/src/linux-2.4.22-c17f/include/linux/sched.h:__u32 ipv4[NB_IPV4ROOT];/* Process can only bind to these IPs *//usr/src/linux-2.4.22-c17f/include/linux/sched.h:__u32 mask[NB_IPV4ROOT];/* Netmask for each ipv4 */ [01:53] no changes have been made [01:55] and the current kernel also has #define NB_IPV4ROOT 16 [02:07] ok, i'll go to bed now, i'll try to investigate that tomorrow [02:07] night [02:07] night [02:07] Doener (~doener@pD9E12CCB.dip.t-dialin.net) left irc: Quit: Leaving [02:07] hmm did it work with 15 ips? [02:11] Bertl, do you have any idea why i would not have a boot.log? :) [02:11] Bertl, yea he said it did [02:12] >>EIP; c010832c <__read_lock_failed+8/14> <===== [02:12] >>eax; c03db2b4 [02:12] >>ebx; f7184000 <_end+36cc4bfc/38377c5c> [02:12] >>edi; f6aee000 <_end+3662ebfc/38377c5c> [02:12] >>ebp; f6aefb40 <_end+3663073c/38377c5c> [02:12] >>esp; f6aefb34 <_end+36630730/38377c5c> [02:16] JonB (~jon@129.142.112.33.ip.tele2adsl.dk) left irc: Quit: zzzz [02:16] hmm nathan_ we need a little more ... of the stack backtrace ... [02:25] thats all it caught [02:25] hmm any suggestions on getting this thing to reboot on its own? [02:27] did you enable spinlock debugging this time? [02:28] I ahve the feeling it's something simple like a lock which isn't released properly ... [02:29] yepit was on [02:30] okay, please search the logs ... [02:30] nothing got sync'd to disk :/ [02:31] hmm, nothing via the netconsole either? [02:31] only the oops i got [02:31] and that hasn't more than 6 stack entries ... [02:32] ds: 0018 es: 0018 ss: 0018 [02:32] Process killer (pid: 30061, stackpage=f6aef000)Stack: c011dea3 00000004 00000000 f6aefb80 c011bbd6 f7184000 00000000 f781db34 [02:32] ffffffff [02:32] c045acc4 00000000 [] [] [] [] []f0 ff [02:32] its mangled [02:32] that's bad, was nmi disabled this time? [02:33] no, it was on [02:33] hmm, couly you try once again with nmi disabled? [02:33] yea one sec [02:36] this is so weird.. now i recompile .. and i get 1 processor [02:36] instead of 2 :) [02:37] hmm, maybe you disabled HT support, or maybe NR_CPUS isn't hight enough? [02:37] no i enabled High Memory Support [02:38] Tamama, vanilla+vs? [02:38] well no i changed a bt around to enable SMP :) [02:38] but since the last version the only difference is the high memory support [02:38] try disabling it again :) [02:39] what is mutli-node numa? [02:46] ozan (~ozan@dsl81-215-18517.adsl.ttnet.net.tr) joined #vserver. [02:58] i just did :P [03:05] now i have 2 cpus again [03:05] lo [03:05] Tamama, disabling it enabled the cpus? [03:06] disabling HM gave me 2 cpu's again (there is only 1 physical cpu, hyperthreading) [03:06] hmm interesting [03:07] so you are running the patched version? [03:07] yes [03:07] try to blow it up :) [03:07] run a bunch of killers [03:07] i was able to blow it up without even touching proc [03:16] hm [03:16] true enough [03:16] only had to run for a sec or 2 [03:16] heh [03:16] hmm, okay any useable symoops so far? [03:18] Bertl, no i did it again and box just died, no nc output. [03:18] maybe tamama will have better luck [03:19] hopefully ... [03:19] its rebooting.. [03:19] Tamama, meaning it crashed or you are booting it up? [03:20] it hung like an eliphant in heat [03:20] so i had to walk over there and push the reset button :) [03:20] ah [03:20] anything on the screen? [03:20] nope [03:20] ugh [03:20] i'm booting with the old kernel now [03:21] how can i unpatch? :P [03:21] patch -R or just start with vanilla again [03:25] Bertl, do you have any other ideas on how i may be able to debug this? [03:27] hmm .. let me think ... [03:29] in the meantime im trying the devel with a million patches that will probably make the box terribly unstable [03:30] hmm, could you try the 1.3.4.x version? [03:30] yea i am with fix01 [03:30] just to make sure that this issue is there too, maybe I messed up 1.22 only ... [03:30] but its not vanilla [03:31] may not even boot :) [03:31] 1.3.4.2 should include the 'same' fixes ... [03:31] Linux plain.rackshack.net 2.4.24-ck1-vs1.3.4-grsec-nc-uv1 #11 SMP Fri Jan 9 19:26:04 EST 2004 i686 i686 i386 GNU/Linux [03:31] well it booted :) [03:31] heh [03:31] well i cant revert the patch back [03:32] Tamama, you didnt apply that much, just go vanilla and repatch :) [03:32] it complained that one had to use the -p or --strip option [03:32] i'm remaking the vanilla again [03:32] good think i keep a backup of my .config files :D [03:33] you can use a .config from a bad kernel :) [03:33] i know, but i always just remove the dir :P [03:34] proc patch works well [03:34] Tamama, dont do that :) [03:35] 19:36:41 up 4 min, 2 users, load average: 308.13, 87.39, 29.95 [03:35] 304 processes: 46 sleeping, 258 running, 0 zombie, 0 stopped [03:35] CPU0 states: 3.0% user 96.1% system 0.0% nice 0.0% iowait 0.0% idle [03:35] CPU1 states: 3.0% user 96.1% system 0.0% nice 0.0% iowait 0.0% idle [03:35] CPU2 states: 2.0% user 97.1% system 0.0% nice 0.0% iowait 0.0% idle [03:35] CPU3 states: 3.1% user 96.0% system 0.0% nice 0.0% iowait 0.0% idle [03:35] Bertl, i think 1.2.2 would be dead by now [03:35] heh [03:35] lets throw proc stressing into the equation [03:36] go ahead ... [03:36] 30 cat loops going [03:36] have i ever said how much i love SCHED_RR? [03:37] Bertl, seems solid [03:37] heh [03:37] that was what I thought ... [03:37] Bertl, ipv4root is supposedly safe in this right? [03:37] yup [03:37] k gonna change killer [03:37] hehe [03:38] so now the quest to find the diff between the new and the old :) [03:38] na, this is devel that was stable [03:38] bert probably has an idea though [03:38] devel used to be terribly unstable too but this is nice and solid so far [03:39] okay, kick it! [03:39] kick what? :) [03:39] ip seems to be holding up [03:40] now to stress the entire thing [03:40] Action: nathan_ thinks he found a nice new stable kernel [03:41] to what kernel does that 1.3.4.2 apply to? the numbers are a bit weird ;) [03:41] 2.4.23+ [03:41] well, the 1.2.2.2 must be some transcription error then ;) [03:41] oh that reminds me, i was going to get 2.4.24 :P [03:41] yes you might want to :) [03:42] Tamama: 1.3.4.2 is a prerelease to 1.3.5 ... [03:42] and 1.3.5 will apply to 2.4.24 and 2.4.24-ck [03:42] after all the work i had to do to get these patches to meld i think im going to take the 1.3.5 diff to 1.3.4.2 :) [03:45] what happened to the versions between 1.22 and 1.3? :) [03:45] Tamama, they slowly chase each other, thats how devel and stable trees work :) [03:45] think 2.4, 2.5 and 2.6 :) [03:45] Tamama: there is no inbetween ... do you know the kernel numbering scheme? [03:45] all i know is that 2.uneven is pretty unstable usually lol [03:46] yeah, that's the same with vserver 8-) [03:46] Bertl, usually! :) [03:46] so 1.3 is pretty unstable? ;) [03:46] Tamama, solid for me, may not be for you. [03:46] im gonna put it into production if this holds up overnight. [03:47] well nathan_ I would suggest to wait for 1.3.5, because of the proc stuff .. but that will be soon, I guess ... [03:48] anyone know a workaround for "missing boundary check" ? i cant upgrade kernel now... [03:49] Bertl, proc stuff being visible of entries? [03:49] visibility even [03:49] yup [03:49] i was just gonna hack in the general stuff myself [03:49] ozan: missing boundary check? where do you get that? [03:50] Action: Tamama becomes better and better at patching... somehow :) [03:51] http://www.debian.org/security/2004/dsa-413 [03:51] hmm that is fixed in 2.4.24, right? [03:52] there is also exploits for this on packetstorm.. [03:52] okay, and what is your problem with that? [03:52] yes it is fixed on 2.4.24 but i dont want to upgrade now .. [03:52] affected package, 2.4.18.. *cough* [03:53] ozan: hmm, and how are we supposed to help you? [03:53] ozan, you cannot fix that without changing the kernel [03:53] ahhh now I understand, sorry, didn't get this ... [03:54] ok lets see how compiling the ethernet drivers as non-modules work [03:54] just asked if there is a work around for it .. [03:55] yeah sorry, didn't coprehend ... my fault ... [03:55] may be echo 0xFFFCFFFF > /proc/sys/kernel/cap-bound this will work? [03:55] disabling some caps ... ? [03:55] hm Bertl, what are the mayor differences between 1.22 and 3.3.5 ? [03:56] changes that affect me as a user, not changes in the source that it now uses a different structure for this or that :) [03:57] Tamama: whmm, let me look in the logs ... [03:57] i see some fixes on the list [03:58] but other than that... messa not see [03:59] user space helper, uptime virtualization, with ck1: XFS, O(1) scheduler, Preemption, LowLat [03:59] which means...? :) [04:00] maja (maharaja@is.the.one.who.rules.at) left irc: Quit: leaving [04:00] mhm, somehow i fix to fail my /usr/include/ext2fs/ext2fs.h [04:00] can someone post me his line 980? [04:01] uptime virtualisation, i can understand.. but didnt vsercer-stat already do something like that? [04:01] i fail to successfully apply this step: [04:01] | _INLINE_ errcode_t ext2fs_resize_mem(unsigned long old_size EXT2FS_ATTR((unused)), [04:01] Moving the EXT2FS_ATTR _before_ 'old_size' makes it work like a charm. [04:03] hm i dont even have that dir :) [04:04] you need the ext2fs.h to successfully build the current util-vserver from enrico [04:04] hm no i didnt.. well i dont have a current possibly.. [04:04] or can you paste me your interpretation of the "Moving the ..." line? [04:05] encrico posted this bug report, but i fail to understand what he means: EXT2FS_ATTR [04:05] encrico posted this bug report, but i fail to understand what he means: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112448 [04:06] _INLINE_ errcode_t ext2fs_resize_mem(unsigned long old_size EXT2FS_ATTR((unused)), [04:06] =====> [04:06] _INLINE_ errcode_t ext2fs_resize_mem(unsigned long EXT2FS_ATTR((unused) old_size), [04:07] hm missed a ) in my replace [04:07] _INLINE_ errcode_t ext2fs_resize_mem(unsigned long EXT2FS_ATTR((unused)) old_size, [04:07] ah [04:07] thank you [04:07] :) [04:07] works now [04:08] np [04:11] 1.3.4 is running like a champ [04:11] Action: nathan_ excited [04:11] well 1.22 unpatched was working pretty fine too (if you didnt look in dmesg ;) [04:11] my dmesg is nice and clean :) [04:12] i run 1.1.6 [04:12] currently, i'm in progress of upgrading the server [04:12] i run ctx17 currently [04:13] on 2.4.20 *ducks* [04:15] hm [04:15] i just made a kernel on 2.4.24 [04:15] applied vs1.22 patch [04:15] kernel-image-2.4.24-ck1-xfs-vs1.3.4_rb1_i386.deb is my choice :) [04:15] and after modules_install there is only a 2.4.24 dig in /lib/modules [04:16] first time using shutdown in a vserver [04:16] mhm [04:16] how do i shutdown a vserver? [04:16] the right way [04:16] vserver $name stop [04:16] vserver name stop [04:17] and that does all the init stuff? [04:17] maharaja, id like grsec or pax in there :) [04:17] maharaja, yes [04:17] if your vserver config is correct.. [04:17] thnx [04:17] i had to make my own [04:17] heh [04:17] mhm [04:17] No directory for this vserver: /vservers/yule1 [04:17] hard to close down then :) [04:19] i've got it under /data/vserverok [04:19] mhm [04:19] ln -s helps [04:19] ;) [04:19] Unmounting local filesystems... umount: devpts: not found [04:19] umount: /dev/pts: must be superuser to umount [04:19] umount: /dev/hdv1: not found [04:19] umount: /: not mounted [04:20] hm, what makes a kernel change its name? eg 2.4.24 to 2.4.24-vs1.22 [04:20] at make time? [04:20] Tamama, EXTRA_FLAGS i believe is the name [04:20] or EXTRA_VERSION [04:20] maharaja, thats fine [04:21] hm well just wondering why after patching i dont have that vs1.22 extension.. [04:21] i think its EXTRA_VERSION [04:21] Tamama: did you receive a Makefile.rej? [04:21] hm i do have a Makefile~ [04:21] but no .rej [04:21] Tamama, look at Makefile [04:21] see if its in there [04:22] hm i do have a rej [04:22] heh [04:22] thats why :) [04:22] prob used the 2.4.23 patch on 2.4.24 [04:22] and the only reject is that vsersion number lol [04:22] only change is the EXTRA_VERSION iirc so dont worry [04:22] gah [04:22] ok, it is back up [04:23] yeah [04:23] Linux yule 2.4.24-ck1-xfs-vs1.3.4 [04:23] ok added -vs1.22 myself :P [04:23] Tamama, programming master :) [04:24] oh yeah ;) [04:24] hehe [04:24] well i hate to have the wrong name.. confusing [04:24] Action: Bertl notes Tamama is faking his kernel versions ... [04:24] Bertl: i am running linux 6.4.3-vs0.01-Tamslongschlong1.0 [04:24] Action: Tamama rolls eyes [04:25] Tamama, you are a special boy :) [04:25] i'd prefer 'different' :D [04:25] okay, nathan_ what is the outcome? 1.3.4.2 is rock solid? [04:27] Bertl, yep [04:27] 20:29:18 up 56 min, 5 users, load average: 575.75, 565.97, 545.54 [04:27] so we have to look for differences between 1.2.2.2 and 1.3.4.2 regarding the ctx lock, right? [04:28] lol [04:28] stressing for almost an hour now [04:28] Bertl, seems that way [04:28] any ideas on your side? [04:28] do those cquota work on 1.3.4.2 ? [04:28] i havent looked at the diffs, let me look [04:28] Tamama: yes [04:28] 0.9? [04:29] http://vserver.13thfloor.at/Experimental/delta-2.4.24-vs1.22-vs1.2.2.2.diff and http://vserver.13thfloor.at/Experimental/delta-2.4.24-vs1.3.4.1-vs1.3.4.2.diff right? [04:29] yes [04:30] hmm 1.3.4.2 is the proc changes it seems [04:30] hmm, let me check ... [04:30] maybe you should do a diff on your host ... [04:31] diff -NurpP --minimal linux-2.4.24-vs1.22 linux-2.4.24-vs1.2.2.2 [04:31] and [04:31] diff -NurpP --minimal linux-2.4.24-vs1.3.4 linux-2.4.24-vs1.3.4.2 [04:31] hmm ill have to setup those directories [04:31] after you made a copy of all of them (cp -la) [04:31] and did a make mrproper in each of them [04:32] do you have those setup? could you post the diffs? [04:32] yes, I have, but maybe your's is somewhat modified ... [04:33] the one i am stressing right now is a million patches , let me try to see what it all stems from [04:34] just make a diff, we sort out the 'million other patches later ... [04:35] a diff between what i have and linux-2.4.24-vs1.3.4? [04:35] yup, and more important for 1.22 and 1.2.2.2 (which fails) [04:35] wasnt the locking fixed in 1.3.3? [04:36] hmm, maybe we should look at the entire patch, relative to the vanilla kernel ... [04:37] for some reason i think .3 had the proc fixes and .4 had minor changes for some xfs stuff [04:37] but IIRC you crashed the 1.3.4 very happily some days ago ... [04:37] Bertl, no i dont think i ever did, i was rock solid and then i discovered the proc security issue which we pursued for a while instead of the races. [04:37] least thats what i remember [04:38] and actually, i did blow it away, but it was on /proc/virtual, but we agreed to stop stressing that [04:38] then i started poking around proc and found the security issue. [04:38] i think the fixes for status and such were in .3 [04:39] after following the conversation, am i right that 1.3.4 is not that stable? [04:39] heh [04:39] well guess you are right, 1.3.4 includes all locking changes ... [04:39] well it is uneven :P [04:39] :) [04:39] maharaja: atm it seems that 1.3.4 is _more_ stable than 1.22 [04:39] right.. heh [04:39] bertl: good to know [04:40] my testing has shown 1.3.4 to be far more stable than 1.22 currently [04:40] but that is in SMP mode [04:40] yes, true. [04:40] in single processor no such probs [04:40] uni, non-preemtive, you are prob fine with either. [04:40] okay, so we are looking at vs1.22-vs1.2.2.2 and 1.3.3-1.3.4 right? [04:40] another thing i would like to know is, wether bugs usually affect the vservers, or the whole kernel [04:40] Bertl, im almost thinking 1.3.2->1.3.3 but lets take a looksee [04:41] maharaja: which and whos? [04:41] bertl: i only want to know from your experience, if your changes usually hang the whole system, or simply affect the vserver instances [04:42] or produce strange effects on the system [04:42] hm this time it hung my system [04:42] nathan's too.. but it seems to be fixed now.. [04:42] maharaja: my changes usually hurt everyone equally ... [04:42] Tamama, no mine isnt fixed, i can still reproduce the same crash you could. thats what we are tracking down :) [04:43] okay to make that more clear: [04:43] nathan: in 1.3.4? [04:43] and is that the crash, or the hang? ;) [04:43] Bertl, delta-2.4.23-vs1.3.2-vs1.3.3.diff is what we need to look at [04:43] maharaja: kernel modifications usually affect userspace <-> kernel interactions [04:44] so as every program (if it isn't only crunching numbers) has to talk to the kernel ... [04:45] if there is a really bad bug (or some race/locking issue on SMP) in the kernel, you whole machine goes down ... [04:45] nathan_: yeah, right 1.3.3-1.3.4 is userspace helper and iunlink [04:45] Bertl, yep [04:46] http://www.13thfloor.at/vserver/d_release/delta/delta-2.4.23-vs1.3.2-vs1.3.3.diff.asc [04:46] Bertl, 1.3.4 no longer uses the global ctx_ref_lock? [04:46] Bertl, [04:46] this doesnt seem like an exact backport? [04:47] bertl: thnx for clearing things for me :) [04:47] hmm, well probably not ... [04:47] maharaja: userspace issues usually only affect the vservers [04:47] Bertl, 1.2 still seems to be access the structure directly and 1.3.4 you had abstracted it out to functions which do the locking [04:47] so there seems like this is plenty of room for error there [04:48] well kind of 'mental' abstraction and backporting there then ... [04:48] yea [04:48] I'm pretty confident I 'just' overlooked something ... [04:48] Action: Tamama peeks [04:48] my first guess would be an escape from inside a locked part [04:49] or maybe a jump into a block which unlocks at the end? [04:50] we are confident it is ctx_ref_lock right? [04:50] yeah you had this in your oops, rmemeber? [04:50] yea [04:51] proc_pid_status() looks clean to me ... [04:51] nothing which could sleep between read_lock and read_unlock() [04:52] hmm i dont see it [04:52] what? [04:52] hello there [04:52] just typing outloud [04:52] Bertl, i dont think its a proc issue [04:52] okay, keep going ;) [04:52] Bertl, easily goes dead before even touching proc by hand [04:53] and i dont think cron got a ps in that caused it, not that likely. [04:53] hm why is this not done atomic: vxi->virt.nr_threads++; [04:53] so maybe fork or exit [04:53] herbert: that fix for the resource temporarily unavailable bug worked [04:53] Tamama, is the block synchronized? [04:54] dont know [04:54] Tamama: good question, but why isn't nr_threads++ done atomic? [04:54] look at surrounding code :) [04:54] the line below it is: atomic_inc(&vxi->limit.res[RLIMIT_NPROC]); [04:54] that is why i asked.. [04:54] kestrel: thought so, was a minor bug in my patch ... [04:55] Tamama: yeah, I decided to do all the limit.res counter atomic ... [04:55] Tamama, the block is locked on tasklist_lock [04:56] it also holds a vx_info lock [04:56] looks safe [04:56] was just wondering :) [04:57] i'm just scanning the diff, not comparing complete source :) [04:57] ah [04:58] +int vx_proc_create(struct vx_info *vxi) [04:58] okay, lets think about it ... [04:58] +  if (!entry) [04:58] +    goto no_entry; [04:58] extra check [04:58] killer-01.c gets it down? [04:59] http://vserver.13thfloor.at/Experimental/killer-01.c [04:59] Bertl, yes, what i use is very close to that. [04:59] that and that alone will take it out for me. [04:59] sched.c, exit.c, fork.c [04:59] okay, could you upload/provide your source? [05:00] sure [05:00] http://0x00.org/hidden/killer.c [05:00] i run about 20 of those, will be dead real quick. [05:00] hmm, looks _much_ nicer ... [05:00] i did it without the ip code [05:01] are there any issues with binding vserver iproots to the loopback? [05:01] eg. lo:blah => 10.0.0.1 [05:01] kestrel, not that i know of, are you having issues? [05:01] nope [05:01] kestrel, ok then it should be fine unless you discover otherwise :) [05:01] it works perfectly, i just wanted to make sure there were no security issues or anything [05:02] hehe [05:02] ipv4root code is interface/device independent afaik [05:02] kestrel: they all use a 'shared' network ... [05:02] loopback is special, and it isn't virtualized yet ... [05:02] Action: nathan_ thinks he just ate his own words [05:03] ah [05:03] hmm, nathan_ okay, and what was the 'actual' minimal version which brought vs1.2.2.2 down? [05:04] Bertl, minimal version of killer.c? [05:04] so apart from using a real interface, are there any options other than loopback? [05:04] yup [05:04] kestrel: what do you want to accomplish? [05:04] 46-50 comment out [05:04] sweet [05:05] it boots correctly now with the network drivers NOT as modules [05:05] just the sys_vserver(VCMD_new_s_context was the only code needed in start_ctx to bring it down [05:05] i noticed it actually started the drivers _after_ calling the init code for the network.. doh [05:05] Tamama, you still running 1.2.2.2? [05:05] nathan: no i just reverted back and upgraded kernel to 2.4.24 [05:05] http://vserver.13thfloor.at/Experimental/killer-nathan-01.c [05:05] Tamama, hmm might wanna try /etc/modules.conf [05:05] Tamama, ah [05:05] Bertl, yep [05:06] Tamama, still have 1.2.2.2 binaries? :) [05:06] my constraint is that i have only been allocated one real ip address, so i need a "virtual" network of vservers [05:06] currently accomplished by putting them on lo [05:06] what about dummy0? [05:07] should work perfectly ... [05:07] righto, cool, i'll give that a go :) [05:07] still, no highmem now... [05:07] nathan: i probably do... [05:07] kestrel: well, test it ... and post the results ... [05:07] which ones do you need? lol [05:07] btw, the imap/pop3 multiplexer perdition is perfect for vservers with a single frontend [05:08] shall do [05:08] Tamama, whatever was broken last, try to boot it and run killer-nathan-01.c just to make sure there is an issue with the codeim blaiming [05:08] claiming even [05:08] that would be useful, right ... [05:08] is that the killer-01 i got from Bertl? [05:09] where -02 was just a fork limit change ? [05:09] http://vserver.13thfloor.at/Experimental/killer-nathan-01.c [05:09] or [05:09] Tamama, compiled its really about the same, but just give the nathan one a spin for the hell of it [05:09] http://vserver.13thfloor.at/Experimental/killer-01.c [05:09] both should bring it down ... [05:09] well 02 did... [05:09] kestrel, curiosity...imap/pop3 multiplexer perdition? [05:09] that was my _hang_ [05:10] http://www.vergenet.net/linux/perdition/ [05:10] but ok lets try.. i might have another kernel though (higmmemory change etc) [05:10] it forwards pop3/imap/pop3s/imaps on from a single point [05:10] i played around a bit :P [05:10] it's meant for load balancing [05:11] ok starting buggy kernel again.. heh [05:11] kestrel, gotcha [05:11] Tamama, id do the test but i want to get a solid few hours stressing this devel release [05:11] beautiful thing about it is that it handles all ssl negotiation and forwards cleartext on to the vservers so the server doesn't have to do ssl three times [05:11] oh Bertl, in your diff patches, oculd you also add an extra EXTRA for say vs1.22-2.2.2.2 or something? [05:12] because i dont keep track of it all heh [05:12] Action: Tamama lazy ;) [05:12] I could, but for sure, I would forget to update it ;) [05:12] but ok i just killed all vservers [05:12] reboottime and a walk to my living room [05:12] Action: Bertl is lazy too :( [05:12] why are old .com multi processor machines so damn expensive to ship on ebay [05:12] i want a local smp box [05:13] someone in boston must have a dual they want to give me [05:13] maybe a dual parisc would be a solution? [05:13] it's got network console too ... [05:13] via telnet ... [05:14] hmm [05:14] and you can reboot/reset it from remote ... [05:14] what do those run? [05:14] $ i mean [05:14] Action: nathan_ checks ebay [05:14] look for HP 8000 A400 / A500 [05:14] or HP 9500 A180 A400 [05:14] http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=3069676493&category=11221 [05:14] too bad its not a dual [05:15] its huge i could use it as a dinner table [05:15] yeah, or for ironing ... [05:15] or was 8500 ? [05:16] let me check ... [05:16] ok running killer1 now [05:16] not much happening though [05:16] ie it doesnt hang [05:16] i spoke toosone [05:16] too soon :P [05:16] works perfectly herbert [05:16] cpu family: PA-RISC 2.0 [05:16] cpu: PA8500 (PCX-W) [05:16] nice hang no [05:16] w [05:17] Tamama, no messages? [05:17] perfect ... what message? [05:17] lets see.. *hobbles to the living room* [05:17] dummy0 works perfectly... [05:17] good choice then ;) [05:17] Bertl, these boxes are far from inexpensive [05:18] least the ones im looking at [05:18] last time I checked, they where around 100 $ on ebay ... [05:18] hmm i must be looking too high end [05:18] $500 for rather recent units [05:18] server or workstation class? [05:18] no messages [05:19] http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=3069961968&category=51231 [05:19] ok i'm retagging that kernel in lilo as 'hang me now' [05:19] anyone want to donate some $? [05:19] need about 35k [05:19] will give ssh access [05:19] lol [05:19] will pose and send pictures [05:20] naked? [05:20] yea why not [05:20] hpux dual doesnt turn up much under 500 [05:20] bert help me with ebay here, i guess im sucking [05:21] it seems I'm sucking too atm (with ebay) .. but a few month ago, they where there and really cheap ... [05:22] well that 2.2.2.2 thing did the elephant thing again.. happy? :) [05:22] hmm, did you get a message? [05:22] all that was being accessed was killer1 [05:22] Tamama, not as happy as we would have been if there was a message on the console :) [05:22] no message [05:22] sans de message [05:22] :P [05:22] hmm, okay, this was which kilelr exactly ;) [05:23] killer1.c [05:23] killer-01.c actually [05:23] but i like to abbr. :P [05:23] okay, from 13thfloor? [05:23] http://vserver.13thfloor.at/Experimental/killer-01.c [05:23] (that one) [05:23] yes the one you gave me earlier today [05:24] Bertl, seems to me that this should probably be reproducable uniprocessor? [05:24] okay, probably that one ... [05:24] well it wasn't but I try again ... [05:26] Tamama: this killer outputs some messages, while it's doing it's destructive work ... [05:26] yes [05:26] a lot of the same [05:26] context x jada jada [05:26] hmm the same? [05:26] heh [05:26] well different x :) [05:26] okay, do you remember the last number? [05:26] ctx: 49780 [05:26] etc [05:26] well no.. [05:27] must have been at 50+K [05:27] does it matter? [05:27] it ran for maybe 10 seconds :) [05:27] hmm, not really, just looking for hints ... [05:28] hm, 9542 bogomips... [05:28] Action: Tamama looks at his old noname miata alpha 166 [05:28] Action: Tamama cries [05:30] hmm Tamama could you run another crash test? [05:30] lol [05:30] sure [05:30] same killer? [05:30] okay, I would like you to compile a vs1.22 without the modifications ... [05:30] ruhoh :) [05:31] no need to compile then [05:31] i dont overwrite kernels [05:31] okay, and use the same killer ... [05:31] ;) [05:31] IIRC, jonathan's tests (original killer) where included in 1.22 [05:31] I eman the fixes ... [05:31] brabel [05:31] oh i fixed the uncleanly mounted problem.. :) [05:32] 'shut down the vservers before you reboot' :) [05:32] lol [05:32] I mean: the proper fixes for killer issues should be in 1.22 [05:32] Tamama: that is what the vserver service is for ;) [05:36] well hard to use it if the install didnt install them ;) [05:36] well killer1 crashed [05:36] ctx==52K [05:36] okay, so we didn't fix that one ... now I'm confused ... [05:37] but the kernel might actually be the patched one.. but i doubt it [05:37] the other kernels arent SMP compiled... [05:38] Bertl: and what does the vserver service do exactly? :) [05:39] starting and stopping the vserver ... [05:39] vserver web stop :P [05:39] either in foreground or in background ... [05:39] well i just made a small script that says: 'kill 4 vservers' but then in vserver speak :) [05:40] works too [05:40] sysvinit doesnt do much [06:06] Nick change: surriel -> riel [06:18] nathan_ (~nathan@209-6-130-26.c3-0.sbo-ubr1.sbo-ubr.ma.cable.rcn.com) left irc: Ping timeout: 499 seconds [07:24] hmm Tamama still here/awake? [07:28] bit [07:29] watching animes [07:29] hehe ... I was trying to find the 1.22 issues ... [07:29] are you sure that killer crashed 1.22? [07:30] I mean that it was the killer-01.c and vs1.22 with no other patches? [07:30] well it crashed something and i doubt i made 2 2.2.2 kernels when the first one didnt work... [07:31] hmm .. [07:32] i have 7 versions now, 3 with smp, 2.4.24 and 2.4.23, so one has to ne 2.2.2 of those [07:32] hmm, maybe you could try once again with a newly compiled vs1.22? [07:33] maybe tomorrow.. its 6am and i am almost asleep heh [07:34] okay, thanks anyway ... your help is appreciated ... [07:35] it only takes a few mins to compile a kernel .. so not that much work [07:35] anyway, sleep [07:35] Nick change: Tamama -> TamBed [07:41] okay, night everyone ... [07:41] Nick change: Bertl -> Bertl_zZ [07:54] nathan_ (~nathan@209-6-130-26.c3-0.sbo-ubr1.sbo-ubr.ma.cable.rcn.com) joined #vserver. [08:45] vat (vat@pD9E3712F.dip0.t-ipconnect.de) joined #vserver. [08:45] re. [08:45] hm. got one vserver, that does not use swap, but uses full ram.. [08:45] what can that be? [08:46] really important :/ [09:04] Simon (~sgarner@apollo.quattro.net.nz) joined #vserver. [09:10] vat, i doubt that has anything to do with vserver [09:10] since afaik the only memory management a vserver does is limits [09:17] hm. [09:18] vserver uses 1 GB ram ;) [09:18] but makes no swap.. swapoff/swapon does not fixx it [09:23] vat_ (vat@pD9E37375.dip0.t-ipconnect.de) joined #vserver. [09:23] argh, damn 24hrs disc. [09:28] vat (vat@pD9E3712F.dip0.t-ipconnect.de) left irc: Ping timeout: 480 seconds [09:58] ah, fixxed it :) [10:07] Simon (~sgarner@apollo.quattro.net.nz) left irc: Quit: so long, and thanks for all the fish [10:22] what was it vat? [10:29] ensc (~ircensc@ultra.csn.tu-chemnitz.de) left irc: Ping timeout: 499 seconds [10:33] kestrel, there was a nod in the /dev of the vserver [10:33] this was also the name of the nod of the hostsystem's swap ;p [10:33] therefore it was swapping to the mars ;) [11:13] suhcoolbro (~Suh@63-224-250-137.ptld.qwest.net) left irc: Quit: NO CARRIER [11:15] ah :) [11:30] serving (~serving@213.186.190.94) left irc: Read error: Connection reset by peer [12:18] JonB (~jon@129.142.112.33.ip.tele2adsl.dk) joined #vserver. [12:47] serving (~serving@213.186.191.116) joined #vserver. [13:14] re [13:36] re [13:41] ccooke (~ccooke@80.1.164.238) got netsplit. [13:41] kestrel (athomas@dialup51.optus.net.au) got netsplit. [13:41] lp (~lpressl@interner.SerNet.DE) got netsplit. [13:41] Zoiah (Zoiah@matryoshka.zoiah.net) got netsplit. [13:41] maharaja (maharaja@ipax.tk) got netsplit. [13:41] Bertl_zZ (~herbert@MAIL.13thfloor.at) got netsplit. [13:41] Medivh (ck@62.93.217.199) got netsplit. [13:41] sladen (paul@starsky.19inch.net) got netsplit. [13:41] WSU (~Josh@ny.webpipe.net) got netsplit. [13:41] MedivhWrk (ck@netops.multimedia-centrum.de) got netsplit. [13:41] virtuoso (~shisha@ip114-115.adsl.wplus.ru) got netsplit. [13:41] MrBawb (abob@swordfish.drown.org) got netsplit. [13:41] riel (~riel@riel.netop.oftc.net) got netsplit. [13:41] MrBawb (abob@swordfish.drown.org) returned to #vserver. [13:41] ccooke (~ccooke@80.1.164.238) returned to #vserver. [13:41] sladen (paul@starsky.19inch.net) returned to #vserver. [13:41] Bertl_zZ (~herbert@MAIL.13thfloor.at) returned to #vserver. [13:41] Medivh (ck@62.93.217.199) returned to #vserver. [13:41] kestrel (athomas@dialup51.optus.net.au) returned to #vserver. [13:41] maharaja (maharaja@ipax.tk) returned to #vserver. [13:41] Zoiah (Zoiah@matryoshka.zoiah.net) returned to #vserver. [13:41] virtuoso (~shisha@ip114-115.adsl.wplus.ru) returned to #vserver. [13:41] MedivhWrk (ck@netops.multimedia-centrum.de) returned to #vserver. [13:41] riel (~riel@imladris.surriel.com) returned to #vserver. [13:41] WSU (~Josh@ny.webpipe.net) returned to #vserver. [13:52] lp (~lpressl@interner.SerNet.DE) got lost in the net-split. [13:58] ozan (~ozan@dsl81-215-18517.adsl.ttnet.net.tr) left irc: Quit: My damn controlling terminal disappeared! [14:05] where is that remote reset thingy ? [14:21] noel (~noel@pD9FFAF83.dip.t-dialin.net) joined #vserver. [16:24] vat_ (vat@pD9E37375.dip0.t-ipconnect.de) left irc: Quit: Leaving [16:24] Doener (~doener@pD9588CB6.dip.t-dialin.net) joined #vserver. [16:57] JonB (~jon@129.142.112.33.ip.tele2adsl.dk) left irc: Quit: Client exiting [17:19] Nick change: Bertl_zZ -> Bertl [17:19] hi everyone! [17:21] hi bertl [17:22] so did you try with 15 ips? [17:29] Doener: did you try to reduce the amount of ips to 15? [17:29] told you last night ;) [17:29] works with 15 ips [17:29] okay, didn't get the message ... [17:30] or overlooked it .. [17:30] good, and the old one worked with 16, right? [17:30] yes [17:31] NB_IPV4ROOT is the same for both and no changes to the source have been made [17:31] this was the stable release, or devel? [17:31] old was c17f current is vs1.22 [17:31] old:2.4.22 current:2.4.24 [17:32] you didn't try with 1.00 I guess ... [17:32] don't try now ;) no need to [17:35] maybe i still have a 1.00 machine floating around... [17:36] no... [17:42] Nick change: TamBed -> Tamama [17:42] morning Tamama! [17:43] afternoon :) [17:43] i'm making vanilla 2.4.23-vs1.22-q0.9 [17:43] q0.9 is what? [17:44] per context quotas [17:44] hmm, isn't that q0.12 ? [17:44] hm.. you're right :P [17:44] hm where did i get the 0.9 from then.. hn,.. oh well [17:47] image= /boot/vs1.22-crash [17:47] root=/dev/sda1 [17:47] read-only [17:47] label=vs1.22 crash test [17:47] there we go [17:48] great! [17:49] and please recompile the killer, starting with killer-02.c, then killer-01.c then killer-nathan-01.c ... [17:49] why should i recompile them... [17:52] maybe because the source changed .. redownload them too ... [17:52] http://vserver.13thfloor.at/Experimental/killer-02.c [17:52] http://vserver.13thfloor.at/Experimental/killer-nathan-01.c [17:52] http://vserver.13thfloor.at/Experimental/killer-01.c [18:11] hmkay [18:11] have to wait a bit though, collegue is installing something in a vserver [18:11] and i've been bugging him for well over a week to do it ;) [18:12] np, have to leave now, but will be back in about 100 minutes ... [18:12] Nick change: Bertl -> Bertl_oO [19:44] kestrel (athomas@dialup51.optus.net.au) left irc: Ping timeout: 480 seconds [20:25] JonB (~jonbendts@129.142.112.33.ip.tele2adsl.dk) joined #vserver. [20:26] does the latest stable work with 2.4.24 [20:33] Nick change: Bertl_oO -> Bertl [20:34] hey bertl [20:34] JonB: hmm, why not? [20:34] i found the patch [20:35] the linux-vserver-1.22-tar.bz2 ... i failed to understand it contained for more than one kernel [20:35] and? or where you asking if there is such a patch? [20:35] i'm recompiling [20:35] ah ok, so everything is fine now, right? [20:35] are there any things i must turn on in the confg ?' [20:36] i thought i wanted to play with quota [20:36] for quota you'll need: quota, v0, vroot [20:37] where are they? [20:37] are there other stuff i can turn on ?' [20:37] if you want 'per context quota' on a shared partition, you also need 'context tagging' [20:37] i do [20:37] where are they? [20:38] how do you configure the kernel? [20:38] menu, but i found the vroot [20:38] I'll probably add a vserver menu entry soon ... [20:39] where were the other entries ? [20:39] I have to look ... [20:39] okay [20:41] [*] Quota support VFS v0 quota format support [*] Quota support [20:41] in filesystems ... [20:41] make that <*> not [20:42] and the first option should be the context tagging ... [20:42] spunk (~spunk@c173134.adsl.hansenet.de) joined #vserver. [20:43] hi spunk! [20:43] Hi [20:43] I'm trying to get vserver to work. [20:43] bertl: context tagging ? [20:44] but wehen i want to start ster server it say: [20:44] Starting the virtual server vs1 [20:44] Server vs1 is not running [20:44] Can't set the ipv4 root (Bad address) [20:45] can somebody please tell me what i'm doing wrong? [20:45] Bertl, ok 20 hours of solid stress testing and the box is awesome [20:46] spunk: http://vserver.13thfloor.at/Stuff/testme.sh [20:46] kernel 2.4.23-vs1.22 [20:46] let me know what it returns ... [20:46] ok thanks [20:46] nathan_: fine, I hope you will be able to do some vs1.22 testing too?! [20:47] but it's great to hear that it is finally stable ... [20:47] bertl: i have not found context tagging [20:47] Bertl, i can do a little right now, but im going to have to put this box into production in the next few days so i wont be able to test with it anymore. [20:47] bertl: i do have quota and v0 [20:47] JonB: I'm on it ... [20:47] bertl: thanks :) [20:48] nathan_: well, then please, please do some testing ;) [20:48] Bertl, do you have new patches or are we still trying to track down that lockup? [20:48] starting with vs1.22 which should not die on killer-01.c [20:48] http://vserver.13thfloor.at/Experimental/killer-01.c [20:48] Bertl: root@deepthought:~# sh testme.sh [20:48] Linux-VServer Test [V0.06] (C) 2003-2004 H.Poetzl [20:48] Can't set the new security context [20:48] : Function not implemented [20:48] chcontext failed! [20:48] Can't set the ipv4 root (Bad address) [20:48] chbind failed! [20:48] Linux 2.4.23-vs1.22 i586/chcontext 0.23/chbind 0.23 [J] [20:49] okay, you need newer tools ... [20:49] where did you get vs1.22 from? [20:49] 13thfloor [20:50] and which tools where suggested on that download page? [20:50] i don't know but i can take a look [20:50] be so kind [20:51] JonB: as I said, just verified it, first option in filesystems: [20:51] comment 'File systems' [20:51] [20:51] +choice 'Persistent Context ID for files' \ [20:51] + "Disabled CONFIG_INOXID_NONE \ [20:51] + UID32/GID16 CONFIG_INOXID_GID16 \ [20:51] + UID24/GID24 CONFIG_INOXID_GID24 \ [20:51] + UID32/GID32 CONFIG_INOXID_GID32" Disabled [20:51] Bertl: util-vserver-0.26 [20:52] which version do you use? [20:52] i installed a backport for debian woody [20:53] fwell, that is probably an old (very old) version ... [20:53] okay i'll install the new tool [20:53] and try again [20:53] do that, and it will work ... [20:53] thx for your help :) [20:54] in my 2.4.24 the first option in filesystems is quota, the next is a sub option for quota, called "VFS v0 quota format support" [20:54] then you didn't patch q0.12 yet ;) [20:55] i thought it was included in patch-2.4.24-vs1.22.diff [20:56] funny, most people do, don't know why ... [20:58] bertl: the quota only has vs1.20 [20:58] not vs1.22' [20:58] and not for 2.4.24 either [20:58] yes, that is because 1.22 is a bugfix release of 1.20 (so the quota patch still works) [20:58] there is 22 and 23 [20:59] is vroot still an add on? [21:00] nope, but most people think that too ... [21:00] probably nobody reads the changelogs ;) [21:00] no, we dont [21:06] bertl: got it [21:06] bertl: but what now, which of the 3 options on context ? [21:07] which do you prefer? [21:07] Bertl: i installed the new tools but it still gives me the same answer. [21:07] i dont know the meaning of the choices [21:07] read the help [21:07] Bertl: but the testme.sh give a different output [21:07] show me ... [21:07] Linux-VServer Test [V0.06] (C) 2003-2004 H.Poetzl [21:07] chcontext is working. [21:07] chbind is working. [21:07] Linux 2.4.23-vs1.22 i586/chcontext 0.26/chbind 0.26 [E] [21:07] --- [21:08] [001]# succeeded. [21:08] [011]# succeeded. [21:08] [031]# succeeded. [21:08] [101]# succeeded. [21:08] bertl: cool, kerlen people usualy dont write help options for experimental stuff [21:08] [102]# succeeded. [21:08] [201]# failed. [21:08] [202]# succeeded. [21:08] that looks fine ... [21:08] it means that your kernel/core tools stuff is now working [21:08] but what does [201]# failed. [21:08] mean [21:10] it means that --fakeinit with static contexts doesn't work [21:10] (which is normal for _all_ stable patches) [21:10] okay but why can't i start my vs1 [21:11] do i need 2 create a new one after installing the new tools? [21:11] lets see what it outputs now [21:11] Starting the virtual server vs1 [21:11] Server vs1 is not running [21:11] Can't set the ipv4 root (Bad address) [21:11] same output as before [21:12] okay, what is in your vs1.conf file in the line with IPROOT=? [21:12] or could you upload the whole config somewhere? [21:13] i can [21:13] nathan_: any results for vs1.22 yet? [21:14] http://deepthought.servebeer.com/vs1.conf [21:15] hmm, seems I get a timeout on that url ... [21:16] http://213.39.173.134/vs1.conf too ;) [21:16] ;) [21:16] strange [21:17] server is prolly drunk [21:17] maybe [21:17] bertl: http://www.linux-vserver.org/index.php?page=Step-by-Step+Guide [21:17] i up it somewherer else just a moment [21:18] Bertl, just finished building it [21:18] sorry doing a few other things [21:18] JonB: ahh good, now I have something to read in the evening ;) [21:18] nathan_: hey np, it's your life ;) many thanks anyway [21:19] JonB: what is the idea behind pointing me to that url? [21:19] Bertl: http://62.216.180.231/vs1.conf [21:19] ahh, much better! [21:19] bertl: next time someone asks how to configure the kernel you can point them there [21:20] hmm my kernel never seems to link when i use -j >1 [21:20] JonB: hmm, don't see any kernel configuring stuff there, do you? [21:20] nathan_: which gcc version? [21:20] 3.2.2 [21:21] bertl: yes, i just edited it in [21:21] argh i forgot -g again, lets hope it doesnt crash [21:21] bertl: maybe a reload ? [21:21] ah yeah, thanks ... that worked ;) [21:21] bertl: heh [21:22] spunk: what does your ifconfig look like? [21:22] spunk: I assume that config is an editied version of a debian? default config? [21:23] bertl: do you have a dual screen setup ? [21:24] yes .. at some places [21:24] bertl: some places? [21:24] http://deepthought.servebeer.com/ifconfig [21:24] ups [21:24] Bertl: http://62.216.180.231/ifconfig [21:24] JonB: I have one at the hospital, and I had one at home ... [21:25] spunk: hmm, that one is empty? [21:25] argh [21:25] what happened to the home part ? [21:25] moment please [21:25] JonB: my second monitor died ... [21:26] well, it's still a dual screen setup, with one monitor :( [21:26] bertl: what size ? [21:26] Bertl, 1.2.2 is staying up [21:26] 30 instances of killer [21:27] nathan_: thought so ... [21:27] not touching proc [21:27] JonB: 19" Belinea but only about 18" or less useable ... [21:27] bertl: okay [21:28] Bertl: now it's there [21:28] Bertl, any other ideas that will help debug? [21:28] not empty anymore ;) [21:29] okay, nathan_ this info is useful, 1.2.2 is stable without proc access, now try to throw the proc access in .. and crash it [21:29] spunk: hmm, there is a eth0:vs1 with that ip ... [21:30] so it looks to me like something was done ... [21:30] yes [21:30] try to 'stop' that server and restart it again [21:30] looks like there is a v but ivant enter or start it [21:31] try to down the interface (ifconfig eth0:vs1 down) [21:31] i stopped it and the interface disappeared [21:32] good ... now restart? [21:32] doesnt work [21:32] the messages? [21:32] interface appears again but i cant start the server [21:33] the same: bad address [21:33] noel (~noel@pD9FFAF83.dip.t-dialin.net) left irc: Quit: Client exiting [21:34] spunk: okay, comment out the IPROOTDEV="eth0" (with a #) [21:34] and add a S after the -H in ULIMIT= so ULIMIT="-HS -u 256 -n 1024" [21:35] what is the S for/ [21:35] setting the 'soft' limits ... which is actually required since 2.4.23 ;) [21:36] hmm i did that but nothing changed [21:36] shuri (~shushushu@vserver.electronicbox.net) joined #vserver. [21:36] well, the interface should not be created now?! [21:37] kestrel (athomas@dialup51.optus.net.au) joined #vserver. [21:37] strangely the interface has the old ip even with comented IP4 line [21:37] Nick change: shuri -> _shuri [21:37] it is created [21:37] hmm, what did you comment out? [21:37] oh sorry [21:39] spunk: are you aware of what your nick means in english slang ? [21:39] okay now the interface is not created but i cant start the v [21:39] JonB no i'm not [21:40] it's some kind of sweets here in germany [21:40] spunk: okay, it should be a slang for sperm [21:40] oh nice [21:40] it is candy in denmark as well [21:40] didn't know that [21:40] okay [21:41] spunk: okay the interface is not created now, right? [21:41] yes [21:41] and you get the same error, right? [21:41] it doesn't appear in ifconfig [21:41] bertl: i found a opto coupler, but it wasnt part of a kit, just the device, so i need some heat source, som tin, and do it myself :/ [21:42] but i can't start or enter the v [21:42] spunk: could it be that there are remaining files of the vserver tools (not util-vserver) from a previous kernel? [21:42] JonB: the right tool is called 'soldering iron' ;) [21:42] had the same problem some days ago... [21:43] ahh good idea, maybe some remains ... [21:43] Doener: that might be... [21:43] since they go in different locations some funny effects can appear [21:43] bertl: i didnt know the english word [21:44] but no.. [21:44] Bertl, hmm its not dying as of right now :-/ [21:44] i didnt install vserver tools before [21:44] nathan_: check for SMP, version, killer ;) [21:45] Bertl, all good [21:45] hmm, well I can live with that ;) [21:45] i cant :( [21:45] i crashed it before [21:45] didnt i? [21:45] thats how we met [21:46] I'm not sure anymore 8-) [21:46] but hey, we fixed 1.3.x, is that nothing? [21:46] true [21:46] or wasn't it fixed? [21:47] spunk: [18:55] Linux 2.4.23-vs1.22 i586/chcontext 0.23/chbind 0.23 [J] [21:47] to me that looks live vserver0.23 [21:47] s/live/like/ [21:47] Bertl, its fixed for me [21:47] hmm spunk, yes, those are the old tools?! [21:47] i wish 1.2.2 would die [21:48] spunk: probably there _is_ a mix of the tools installed now .. [21:48] okay [21:48] try to remove _all_ tools ... make a quick check in /usr/lib/{util-,}vserver [21:48] spunk: are you using the script in /etc/init.d that came with vserver0.23 [21:49] ? [21:49] Bertl: ok i'll remove them [21:49] those need to get adjusted to work with util-vserver [21:50] Doener: yes i think so [21:50] change the paths in those files... iirc old is: /usr/lib/vserver and should be /usr/local/lib/util-vserver now [21:52] and if you encounter /usr/sbin change it to /usr/local/sbin ;) [21:52] well, for me it looks like the debian people are doing a bad job, the packages 'should' ease installation, but instead, they only cause trouble ... [21:53] Ola seems to prefer the broken and incompatible versions over stable and working ones ... [21:53] Bertl: are you referring to spunk's problem? [21:53] not in particular ... [21:54] I'm in the blame everybody mood today, it seems, so naturally I bitch about debian packages ;) [21:54] hehe [21:54] I cant find that paths in the file [21:55] i ask because i see the lack of a remove feature in vserver0.xx as the source of his problem ;) [21:55] well, rpm -e vserver works fine here ;) [21:55] spunk: line 6 in /etc/init.d/vservers change /usr/sbin to /usr/local/sbin/ [21:55] hm what version is nathan using now? 1.3.5 / [21:56] currently vs1.22 ;) [21:56] and he is trying to bring it down ... [21:56] nah the version that apperantly worked :) [21:57] bertl: yeah, but the source package lacks it ;) [21:57] you mean a 'make uninstall' or something like that? [21:58] yes [21:58] iirc only util-vserver has this option... [21:58] s/has/provides/ [21:58] hmm, well a 'package' system should work around that, right? anyway bug Jack *G* [21:59] by the way, are there no bug reports regarding 0.27/0.28/0.29? or where they sent to Jack directly? [22:00] or did I just miss them? [22:00] i changed that line but nothing seems to happen [22:00] hmm i'm going to get myself some food [22:00] spunk you now cleaned out all versions of vserver/util-vserver? [22:00] and try later with cleaning out [22:00] <-- hungry [22:00] ok, cu [22:01] thx for your help [22:01] cu [22:01] hmm, nathan_ still no success crashing vs1.22? [22:17] Tamama: he was using a 1.3.5 prerelease ... [22:33] hmm anybody still here? [23:09] yes, me [23:09] hey, cool, got some food? [23:09] i finally got the vserver to run [23:10] and how? [23:10] yes i ate a doener ;) [23:10] cleaning out /usr/sbin [23:10] ah, that's why he didn't answer ;) [23:10] and re-installing the utils [23:10] hehe yes maybe.. its very silent in my stomach [23:11] always the same... trying to help and people start to bite me... hehe ;) [23:11] hehe [23:15] where would you look for a linux-vserver entry in the kernel config menu? [23:16] under network or something? [23:16] netrose (john877@CC3-24.171.21.47.charter-stl.com) left irc: Ping timeout: 480 seconds [23:16] it died! [23:16] just got home and its dead [23:16] hmm... lemme have a look at the menu... [23:16] oh wait [23:17] no it didnt [23:17] damnit [23:17] SOFTDOG: Initiating system reboot. [23:17] hehe [23:17] i have a new problem now... [23:17] Bertl, i mean isnt it obvious in 1.22 that it SHOULD crash on smp? [23:17] from inside the v i can ping 213.231.33.100 [23:17] hmm, well, actually no, we fixed it ... [23:17] but i cant ping google.de [23:18] Bertl, oh [23:18] spunk: nameservices? [23:18] Bertl, what did i originally test with when i first came along? [23:18] resolve.conf is correct [23:18] wasnt it 1.22? [23:18] JonB (~jonbendts@129.142.112.33.ip.tele2adsl.dk) left irc: Ping timeout: 480 seconds [23:18] from the host system ping google.de works fine [23:18] proc_pid_status has the: [23:18] + if (task->s_info) { [23:18] + int i; [23:18] + [23:18] nathan_: well, that _is_ the problem I have ... I think it was vs1.22 but I didn't understand why you could break it ... [23:19] this is the original one i tested [23:19] there was no locking or checking done in proc_pid_status [23:19] this SHOULD break no? [23:19] okay let me take a look at vs1.22 again ... sec [23:19] spunk: look into /etc/resolv.conf [23:20] Bertl: resolv.conf is correct [23:20] what do you mean by 'correct' [23:20] same entrys as on the hostsystem and there it works fine [23:20] http://list.linux-vserver.org/archive/vserver/msg05630.html [23:20] okay, try to ping the nameserver [23:21] nathan_: ahh, good somebody was smart enough to look into the mail ;) [23:22] Bertl: ping on nameserver works [23:22] ifconfig [23:22] from inside? [23:22] ups [23:22] jepp from inside [23:22] okay, what do you get on the ping www.google.com ? [23:23] Bertl: some feeling is telling me to put vserver in the "General Setup" part of the menu... but i can't figure out any reason for that ;) [23:23] a 'new' main menu would be an option for you too? [23:23] Bertl: i get: unknown host [23:24] okay, try with strace -fF -s 10000 ping -c 1 www.google.com >ping.strace 2>&1 [23:24] strace -fF -s 10000 ping -c 1 www.google.com [23:24] and upload the file somewhere ... [23:26] nathan_: well, now that I look at it ... [23:26] okay i ave to install strace inside the v first [23:26] the basic question is, can the task be released _while_ this is running (proc_pid_status()) [23:28] hmm [23:28] let's backtrace it ... [23:28] proc_pid_status is set as the inode fops ... [23:29] the inode is created in proc_pid_make_inode() [23:29] get_task_struct(task); [23:29] so the task is reflocked ... which doesn't mean much :( [23:30] Bertl, but what if the deletion of the proc entry is deferred because it is in use but the task is still freed? can this happen? [23:30] I'm currently checking that ... [23:31] Bertl: probably... but i have no idea where to place it in the main menu... maybe after after "General Setup" or before "Kernel Hacking" would make sense to me... [23:31] s/after after/after/ [23:31] okay, thanks for the opinion ... [23:32] JonB (~jonbendts@129.142.112.33.ip.tele2adsl.dk) joined #vserver. [23:33] hmm, nathan_ I would suggest the following test: [23:34] output atomic_read(&virt_to_page(task)->count) [23:34] if it is greater than 1 on [23:35] kernel/exit.c:70 [23:35] just before vx_release_info(p); [23:35] just a little printk? [23:35] yeah, but only if > 1 .. [23:36] right [23:36] this means that somebody is 'holding' the task struct, and might dereference the task->vx_info [23:36] yea [23:36] and in that case, has to be locked against spin_lock (&ctx_ref_lock); [23:37] where is count decremented? should it be >=1? [23:37] Bertl: http://62.216.180.231/ping.strace [23:39] I hate to ask such questions, but, could it be that some firewall/iptable setup is blocking the nameserver reply? [23:40] nathan_: that is part of the 'original' reason for this race, the task_stuct uses the memory page reference count :( [23:41] so it is released when the last reference to the page in memory is removed ... [23:42] Bertl: no ip-tables script running here i stopped it when i began the installation [23:42] and from the hostsystem everything works fine [23:43] okay try chbind --ip dig www.google.com [23:45] from inside the v? [23:45] no, on the host ... [23:45] hmm on the hostsystem it gives this output: [23:45] root@deepthought:~# chbind --ip 192.168.0.20 dig www.google.com [23:45] ipv4root is now 192.168.0.20 [23:45] ; <<>> DiG 9.2.1 <<>> www.google.com [23:45] ;; global options: printcmd [23:45] ;; connection timed out; no servers could be reached [23:46] or ping -I [23:46] so it looks like the response isn't coming back ... [23:46] which seems understandable, as you seem to use a local ip?! [23:47] yes i do [23:47] and is this masqueraded properly? [23:47] ah [23:47] or handled by your router or whatever? [23:47] hi dan! [23:48] i have to forward the nameserver respomse to the vserver [23:48] hello :) [23:48] ups ;) [23:48] no, you have to masquerade the request ... [23:49] my hostsaystem is also the router [23:49] well, do whatever is required to make that chbind .. dig work ;) [23:49] okay i think i understand where i have to look [23:49] thx :) [00:00] sTask had reference!!!! f7516000 2 [00:00] --- Sun Jan 11 2004